Bug 1919532 - WebCrypto operations to throw SyntaxError exception on invalid usages/Update publicKey usage for ECDH to empty set r=jfernandez,keeler

Differential Revision: https://phabricator.services.mozilla.com/D222647
2024-11-26 22:32:46 +00:00 · 2024-10-17 07:33:55 +00:00 · 2024-10-17 07:33:55 +00:00 · 15b5be119b
commit 15b5be119b
parent acf5a0ffd1
7 changed files with 22 additions and 5788 deletions
--- a/dom/crypto/WebCryptoTask.cpp
+++ b/dom/crypto/WebCryptoTask.cpp
@ -1599,12 +1599,12 @@ class ImportSymmetricKeyTask : public ImportKeyTask {
        mAlgName.EqualsLiteral(WEBCRYPTO_ALG_AES_KW)) {
      if (mKey->HasUsageOtherThan(CryptoKey::ENCRYPT | CryptoKey::DECRYPT |
                                  CryptoKey::WRAPKEY | CryptoKey::UNWRAPKEY)) {
-        return NS_ERROR_DOM_DATA_ERR;
+        return NS_ERROR_DOM_SYNTAX_ERR;
      }

      if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_AES_KW) &&
          mKey->HasUsageOtherThan(CryptoKey::WRAPKEY | CryptoKey::UNWRAPKEY)) {
-        return NS_ERROR_DOM_DATA_ERR;
+        return NS_ERROR_DOM_SYNTAX_ERR;
      }

      if ((length != 128) && (length != 192) && (length != 256)) {
@ -1620,7 +1620,7 @@ class ImportSymmetricKeyTask : public ImportKeyTask {
               mAlgName.EqualsLiteral(WEBCRYPTO_ALG_PBKDF2)) {
      if (mKey->HasUsageOtherThan(CryptoKey::DERIVEKEY |
                                  CryptoKey::DERIVEBITS)) {
-        return NS_ERROR_DOM_DATA_ERR;
+        return NS_ERROR_DOM_SYNTAX_ERR;
      }
      mKey->Algorithm().MakeKDF(mAlgName);

@ -1630,7 +1630,7 @@ class ImportSymmetricKeyTask : public ImportKeyTask {
      };
    } else if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_HMAC)) {
      if (mKey->HasUsageOtherThan(CryptoKey::SIGN | CryptoKey::VERIFY)) {
-        return NS_ERROR_DOM_DATA_ERR;
+        return NS_ERROR_DOM_SYNTAX_ERR;
      }

      mKey->Algorithm().MakeHmac(length, mHashName);
@ -1808,7 +1808,7 @@ class ImportRsaKeyTask : public ImportKeyTask {
          (mKey->GetKeyType() == CryptoKey::PRIVATE &&
           mKey->HasUsageOtherThan(CryptoKey::DECRYPT |
                                   CryptoKey::UNWRAPKEY))) {
-        return NS_ERROR_DOM_DATA_ERR;
+        return NS_ERROR_DOM_SYNTAX_ERR;
      }
    } else if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1) ||
               mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSA_PSS)) {
@ -1816,7 +1816,7 @@ class ImportRsaKeyTask : public ImportKeyTask {
           mKey->HasUsageOtherThan(CryptoKey::VERIFY)) ||
          (mKey->GetKeyType() == CryptoKey::PRIVATE &&
           mKey->HasUsageOtherThan(CryptoKey::SIGN))) {
-        return NS_ERROR_DOM_DATA_ERR;
+        return NS_ERROR_DOM_SYNTAX_ERR;
      }
    }

@ -2000,7 +2000,7 @@ class ImportEcKeyTask : public ImportKeyTask {
    uint32_t privateAllowedUsages = 0, publicAllowedUsages = 0;
    if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_ECDH)) {
      privateAllowedUsages = CryptoKey::DERIVEBITS | CryptoKey::DERIVEKEY;
-      publicAllowedUsages = CryptoKey::DERIVEBITS | CryptoKey::DERIVEKEY;
+      publicAllowedUsages = 0;
    } else if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_ECDSA)) {
      privateAllowedUsages = CryptoKey::SIGN;
      publicAllowedUsages = CryptoKey::VERIFY;
@ -2011,7 +2011,7 @@ class ImportEcKeyTask : public ImportKeyTask {
         mKey->HasUsageOtherThan(privateAllowedUsages)) ||
        (mKey->GetKeyType() == CryptoKey::PUBLIC &&
         mKey->HasUsageOtherThan(publicAllowedUsages))) {
-      return NS_ERROR_DOM_DATA_ERR;
+      return NS_ERROR_DOM_SYNTAX_ERR;
    }

    if (mKey->GetKeyType() == CryptoKey::PRIVATE && !mKey->HasAnyUsage()) {
--- a/dom/crypto/test/test_WebCrypto_ECDH.html
+++ b/dom/crypto/test/test_WebCrypto_ECDH.html
@ -182,7 +182,7 @@ TestArray.addTest(
    Promise.all([
      crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveBits"])
        .then(setPriv, error(that)),
-      crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, false, ["deriveBits"])
+      crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, false, [])
        .then(setPub, error(that)),
    ]).then(doDerive, error(that))
      .then(memcmp_complete(that, tv.ecdh_p256.secret), error(that));
@ -207,7 +207,7 @@ TestArray.addTest(
    Promise.all([
      crypto.subtle.importKey("jwk", tv.ecdh_p384.jwk_priv, alg, false, ["deriveBits"])
        .then(setPriv, error(that)),
-      crypto.subtle.importKey("jwk", tv.ecdh_p384.jwk_pub, alg, false, ["deriveBits"])
+      crypto.subtle.importKey("jwk", tv.ecdh_p384.jwk_pub, alg, false, [])
        .then(setPub, error(that)),
    ]).then(doDerive, error(that))
      .then(memcmp_complete(that, tv.ecdh_p384.secret), error(that));
@ -232,7 +232,7 @@ TestArray.addTest(
    Promise.all([
      crypto.subtle.importKey("jwk", tv.ecdh_p521.jwk_priv, alg, false, ["deriveBits"])
        .then(setPriv, error(that)),
-      crypto.subtle.importKey("jwk", tv.ecdh_p521.jwk_pub, alg, false, ["deriveBits"])
+      crypto.subtle.importKey("jwk", tv.ecdh_p521.jwk_pub, alg, false, [])
        .then(setPub, error(that)),
    ]).then(doDerive, error(that))
      .then(memcmp_complete(that, tv.ecdh_p521.secret), error(that));
@ -260,7 +260,7 @@ TestArray.addTest(
    Promise.all([
      crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, true, ["deriveBits"])
        .then(setPriv, error(that)),
-      crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, true, ["deriveBits"])
+      crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, true, [])
        .then(setPub, error(that)),
    ]).then(doExportPub, error(that))
      .then(function(x) {
@ -396,7 +396,7 @@ TestArray.addTest(
    Promise.all([
      crypto.subtle.importKey("jwk", tv.ecdh_p521.jwk_priv, alg, false, ["deriveKey"])
        .then(setPriv),
-      crypto.subtle.importKey("jwk", tv.ecdh_p521.jwk_pub, alg, false, ["deriveKey"])
+      crypto.subtle.importKey("jwk", tv.ecdh_p521.jwk_pub, alg, false, [])
        .then(setPub),
    ]).then(doDerive)
      .then(doSignAndVerify)
@ -435,7 +435,7 @@ TestArray.addTest(
    var keys = ["spki", "spki_id_ecpk"];

    function doImport(key) {
-      return crypto.subtle.importKey("spki", tv.ecdh_p256[key], alg, true, ["deriveBits"]);
+      return crypto.subtle.importKey("spki", tv.ecdh_p256[key], alg, true, []);
    }

    function doExport(x) {
@ -479,7 +479,7 @@ TestArray.addTest(
    }

    Promise.all([
-      crypto.subtle.importKey("spki", tv.ecdh_p256.spki, alg, false, ["deriveBits"])
+      crypto.subtle.importKey("spki", tv.ecdh_p256.spki, alg, false, [])
        .then(setPub),
      crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveBits"])
        .then(setPriv),
@ -499,7 +499,7 @@ TestArray.addTest(
      return crypto.subtle.exportKey("raw", x);
    }

-    crypto.subtle.importKey("raw", tv.ecdh_p256.raw, alg, true, ["deriveBits"])
+    crypto.subtle.importKey("raw", tv.ecdh_p256.raw, alg, true, [])
      .then(doExport)
      .then(memcmp_complete(that, tv.ecdh_p256.raw), error(that));
  }
@ -581,7 +581,7 @@ TestArray.addTest(
    }

    Promise.all([
-      crypto.subtle.importKey("raw", tv.ecdh_p256.raw, alg, false, ["deriveBits"])
+      crypto.subtle.importKey("raw", tv.ecdh_p256.raw, alg, false, [])
        .then(setPub),
      crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveBits"])
        .then(setPriv),
--- a/dom/push/PushCrypto.sys.mjs
+++ b/dom/push/PushCrypto.sys.mjs
@ -371,9 +371,7 @@ class Decoder {
   */
  async computeSharedSecret() {
    let [appServerKey, subscriptionPrivateKey] = await Promise.all([
-      crypto.subtle.importKey("raw", this.senderKey, ECDH_KEY, false, [
-        "deriveBits",
-      ]),
+      crypto.subtle.importKey("raw", this.senderKey, ECDH_KEY, false, []),
      crypto.subtle.importKey("jwk", this.privateKey, ECDH_KEY, false, [
        "deriveBits",
      ]),
@ -868,7 +866,7 @@ class aes128gcmEncoder {
      receiverPublicKey,
      ECDH_KEY,
      false,
-      ["deriveBits"]
+      []
    );

    return crypto.subtle.deriveBits(
--- a/dom/push/test/webpush.js
+++ b/dom/push/test/webpush.js
@ -145,7 +145,7 @@

  function encrypt(localKey, remoteShare, salt, data) {
    return webCrypto
-      .importKey("raw", remoteShare, P256DH, false, ["deriveBits"])
+      .importKey("raw", remoteShare, P256DH, false, [])
      .then(remoteKey =>
        webCrypto.deriveBits(
          { name: P256DH.name, public: remoteKey },
--- a/services/crypto/modules/jwcrypto.sys.mjs
+++ b/services/crypto/modules/jwcrypto.sys.mjs
@ -51,7 +51,7 @@ class JWCrypto {
      key,
      ECDH_PARAMS,
      false,
-      ["deriveKey"]
+      []
    );
    if (key.hasOwnProperty("kid")) {
      header.kid = key.kid;
@ -129,7 +129,7 @@ class JWCrypto {
      header.epk,
      ECDH_PARAMS,
      false,
-      ["deriveKey"]
+      []
    );
    // Do ECDH agreement to get the content encryption key.
    const contentKey = await deriveECDHSharedAESKey(key, peerPublicKey, [
--- a/testing/web-platform/meta/WebCryptoAPI/import_export/ec_importKey_failures_ECDH.https.any.js.ini
+++ b/testing/web-platform/meta/WebCryptoAPI/import_export/ec_importKey_failures_ECDH.https.any.js.ini
--- a/testing/web-platform/meta/WebCryptoAPI/import_export/ec_importKey_failures_ECDSA.https.any.js.ini
+++ b/testing/web-platform/meta/WebCryptoAPI/import_export/ec_importKey_failures_ECDSA.https.any.js.ini