WebCrypto: fixed extractable handling for crypto.subtle.deriveKey().

author Dmitry Volyntsev <xeioex@nginx.com>

Thu, 8 May 2025 03:49:21 +0000 (20:49 -0700)

committer Dmitry Volyntsev <xeioexception@gmail.com>

Thu, 8 May 2025 16:30:06 +0000 (09:30 -0700)
author Dmitry Volyntsev <xeioex@nginx.com>
Thu, 8 May 2025 03:49:21 +0000 (20:49 -0700)
committer Dmitry Volyntsev <xeioexception@gmail.com>
Thu, 8 May 2025 16:30:06 +0000 (09:30 -0700)
diff --git a/external/njs_webcrypto_module.c b/external/njs_webcrypto_module.c

index 6f4b49e1004107f4e971b607a574c45d9934ef0a..dcca91cee90425d963404a551828e52ca97cad26 100644 (file)
--- a/external/njs_webcrypto_module.c
+++ b/external/njs_webcrypto_module.c
@@ -1722,6 +1722,7 @@ free:
              }
          }
  
+        dkey->extractable = njs_value_bool(njs_arg(args, nargs, 4));
          dkey->u.s.raw.start = k;
          dkey->u.s.raw.length = length;
  
diff --git a/external/qjs_webcrypto_module.c b/external/qjs_webcrypto_module.c

index 29aea329115b25ee31d2dd442a3c2258055bd69e..937f96c3ca579065380a584df68084ffaebd479c 100644 (file)
--- a/external/qjs_webcrypto_module.c
+++ b/external/qjs_webcrypto_module.c
@@ -1948,6 +1948,7 @@ free:
              }
          }
  
+        dkey->extractable = JS_ToBool(cx, argv[3]);
          dkey->u.s.raw.start = k;
          dkey->u.s.raw.length = length;
  
diff --git a/test/webcrypto/derive.t.mjs b/test/webcrypto/derive.t.mjs

index 4d865da397fe4967c98d50e128cfc71880326772..e9a2aac103165428b11b2cf933ebb5d6e9be73d1 100644 (file)
--- a/test/webcrypto/derive.t.mjs
+++ b/test/webcrypto/derive.t.mjs
@@ -22,7 +22,11 @@ async function test(params) {
      if (params.derive === "key") {
          let key = await crypto.subtle.deriveKey(params.algorithm, keyMaterial,
                                                  params.derivedAlgorithm,
-                                                true, params.usage);
+                                                params.extractable, params.usage);
+
+        if (key.extractable !== params.extractable) {
+            throw Error(`${params.algorithm.name} failed extractable ${params.extractable} vs ${key.extractable}`);
+        }
  
          if (has_usage(params.usage, "encrypt")) {
              r = await crypto.subtle.encrypt(params.derivedAlgorithm, key,
@@ -81,11 +85,13 @@ let derive_tsuite = {
            length: 256,
            iv: "55667788556677885566778855667788"
          },
+        extractable: true,
          usage: [ "encrypt", "decrypt" ]
      },
  
      tests: [
          { expected: "e7b55c9f9fda69b87648585f76c58109174aaa400cfa" },
+        { extractable: false, expected: "e7b55c9f9fda69b87648585f76c58109174aaa400cfa" },
          { pass: "pass2", expected: "e87d1787f2807ea0e1f7e1cb265b23004c575cf2ad7e" },
          { algorithm: { iterations: 10000 }, expected: "5add0059931ed1db1ca24c26dbe4de5719c43ed18a54" },
          { algorithm: { hash: "SHA-512" }, expected: "544d64e5e246fdd2ba290ea932b2d80ef411c76139f4" },
author	Dmitry Volyntsev <xeioex@nginx.com>
	Thu, 8 May 2025 03:49:21 +0000 (20:49 -0700)
committer	Dmitry Volyntsev <xeioexception@gmail.com>
	Thu, 8 May 2025 16:30:06 +0000 (09:30 -0700)
external/njs_webcrypto_module.c		patch \| blob \| history
external/qjs_webcrypto_module.c		patch \| blob \| history
test/webcrypto/derive.t.mjs		patch \| blob \| history