fixup! test: add CryptoKey class regression tests

Signed-off-by: Filip Skokan <panva.ip@gmail.com>

Author: panva

test/parallel/test-webcrypto-cryptokey-brand-check.js

@@ -86,6 +86,12 @@ const { subtle } = globalThis.crypto;
   Object.setPrototypeOf(spoofed, Object.getPrototypeOf(key));
   assert.strictEqual(spoofed instanceof CryptoKey, true);
   assert.strictEqual(isCryptoKey(spoofed), false);
+  await assert.rejects(
+    subtle.sign('HMAC', spoofed, Buffer.from('payload')),
+    invalidThis);
+  await assert.rejects(
+    subtle.exportKey('jwk', spoofed),
+    invalidThis);
 
   // Subvert `instanceof CryptoKey` via Symbol.hasInstance, then
   // invoke the native getters on a forged object. The C++ tag

test/parallel/test-webcrypto-cryptokey-clone-transfer.js

@@ -22,12 +22,34 @@ const { once } = require('node:events');
 const { Worker, MessageChannel } = require('node:worker_threads');
 const { subtle } = globalThis.crypto;
 
+function assertNoOwnReflection(key) {
+  assert.deepStrictEqual(Object.getOwnPropertySymbols(key), []);
+  assert.deepStrictEqual(Object.getOwnPropertyNames(key), []);
+  assert.deepStrictEqual(Reflect.ownKeys(key), []);
+}
+
+function describeKey(key) {
+  const algorithm = { ...key.algorithm };
+  if (algorithm.hash !== undefined)
+    algorithm.hash = { ...algorithm.hash };
+  if (algorithm.publicExponent !== undefined)
+    algorithm.publicExponent = Array.from(algorithm.publicExponent);
+  return {
+    type: key.type,
+    extractable: key.extractable,
+    algorithm,
+    usages: [...key.usages].sort(),
+  };
+}
+
 function assertSameCryptoKey(a, b) {
   assert.notStrictEqual(a, b);
   assert.strictEqual(a.type, b.type);
   assert.strictEqual(a.extractable, b.extractable);
   assert.deepStrictEqual(a.algorithm, b.algorithm);
   assert.deepStrictEqual([...a.usages].sort(), [...b.usages].sort());
+  assertNoOwnReflection(a);
+  assertNoOwnReflection(b);
   // util.inspect reads native internal slots directly, so a clone's
   // rendered form must match the original's.
   assert.strictEqual(inspect(a, { depth: 4 }), inspect(b, { depth: 4 }));
@@ -191,6 +213,83 @@ async function checkTransferToWorker(key) {
     true);
 }
 
+async function checkRsaPssTransferToWorker({ publicKey, privateKey }) {
+  const data = Buffer.from('rsa-pss worker payload');
+  const algorithm = { name: 'RSA-PSS', saltLength: 32 };
+  const parentSignature = Buffer.from(
+    await subtle.sign(algorithm, privateKey, data));
+
+  const worker = new Worker(`
+    'use strict';
+    const assert = require('node:assert');
+    const { parentPort } = require('node:worker_threads');
+    const { subtle } = globalThis.crypto;
+
+    function describeKey(key) {
+      const algorithm = { ...key.algorithm };
+      if (algorithm.hash !== undefined)
+        algorithm.hash = { ...algorithm.hash };
+      if (algorithm.publicExponent !== undefined)
+        algorithm.publicExponent = Array.from(algorithm.publicExponent);
+      return {
+        type: key.type,
+        extractable: key.extractable,
+        algorithm,
+        usages: [...key.usages].sort(),
+      };
+    }
+
+    parentPort.once('message', async (message) => {
+      try {
+        const {
+          publicKey,
+          privateKey,
+          expectedPublic,
+          expectedPrivate,
+          signature,
+          data,
+        } = message;
+        assert.deepStrictEqual(describeKey(publicKey), expectedPublic);
+        assert.deepStrictEqual(describeKey(privateKey), expectedPrivate);
+
+        const algorithm = { name: 'RSA-PSS', saltLength: 32 };
+        const verified = await subtle.verify(
+          algorithm, publicKey, signature, data);
+        const workerSignature = Buffer.from(
+          await subtle.sign(algorithm, privateKey, data));
+
+        parentPort.postMessage({
+          publicKey,
+          privateKey,
+          verified,
+          signature: workerSignature,
+        });
+      } catch (err) {
+        parentPort.postMessage({ error: err.stack || err.message });
+      }
+    });
+  `, { eval: true });
+
+  worker.postMessage({
+    publicKey,
+    privateKey,
+    expectedPublic: describeKey(publicKey),
+    expectedPrivate: describeKey(privateKey),
+    signature: parentSignature,
+    data,
+  });
+  const [msg] = await once(worker, 'message');
+  await worker.terminate();
+
+  assert.strictEqual(msg.error, undefined, msg.error);
+  assert.strictEqual(msg.verified, true);
+  assertSameCryptoKey(publicKey, msg.publicKey);
+  assertSameCryptoKey(privateKey, msg.privateKey);
+  assert.strictEqual(
+    await subtle.verify(algorithm, publicKey, msg.signature, data),
+    true);
+}
+
 (async () => {
   // Extractable HMAC (secret)
   const hmacExtractable = await subtle.importKey(
@@ -248,4 +347,17 @@ async function checkTransferToWorker(key) {
     true,
     ['sign', 'verify']);
   await checkAsymmetricKeyPair(ecKeypairExtractable);
+
+  // RSA-PSS keypair through a Worker (covers public/private native key
+  // handles and cloning of the publicExponent algorithm member).
+  const rsaPssKeypair = await subtle.generateKey(
+    {
+      name: 'RSA-PSS',
+      modulusLength: 2048,
+      publicExponent: new Uint8Array([1, 0, 1]),
+      hash: 'SHA-256',
+    },
+    false,
+    ['sign', 'verify']);
+  await checkRsaPssTransferToWorker(rsaPssKeypair);
 })().then(common.mustCall());

test/parallel/test-webcrypto-cryptokey-hidden-slots.js

@@ -11,24 +11,42 @@
 //
 //   1. util.inspect() shows the real internal values, unaffected by
 //      the replacement getters.
-//   2. Internal operations (export) that receive the mutated CryptoKey
-//      still succeed and observe the real internal state, not the
-//      replaced one.
+//   2. Internal Web Crypto and Node.js crypto bridge operations that
+//      receive the mutated CryptoKey still succeed and observe the real
+//      internal state, not the replaced one.
 
 const common = require('../common');
 if (!common.hasCrypto)
   common.skip('missing crypto');
 
 const assert = require('node:assert');
+const {
+  createHmac,
+  KeyObject,
+  sign: cryptoSign,
+  verify: cryptoVerify,
+} = require('node:crypto');
 const { inspect } = require('node:util');
 const { subtle } = globalThis.crypto;
 
+common.expectWarning({
+  DeprecationWarning: {
+    DEP0203: 'Passing a CryptoKey to node:crypto functions is deprecated.',
+  },
+});
+
 (async () => {
   const key = await subtle.generateKey(
     { name: 'HMAC', hash: 'SHA-256' },
     true,
     ['sign', 'verify'],
   );
+  const { publicKey: ecPublicKey, privateKey: ecPrivateKey } =
+    await subtle.generateKey(
+      { name: 'ECDSA', namedCurve: 'P-256' },
+      false,
+      ['sign', 'verify'],
+    );
 
   // Snapshot the real values BEFORE tampering.
   const realType = key.type;
@@ -99,7 +117,25 @@ const { subtle } = globalThis.crypto;
     assert.strictEqual(jwk.ext, true);
     assert.deepStrictEqual(jwk.key_ops.sort(), ['sign', 'verify']);
 
-    // 4) Importing back from the exported JWK must yield an equivalent
+    // 4) The Node.js crypto bridge must also read the real native
+    //    slots directly, both for KeyObject.from() and for deprecated
+    //    direct CryptoKey consumption.
+    const keyObject = KeyObject.from(key);
+    assert.strictEqual(keyObject.type, 'secret');
+    assert.deepStrictEqual(keyObject.export(), Buffer.from(jwk.k, 'base64url'));
+
+    const payload = Buffer.from('payload');
+    const digest = createHmac('sha256', key).update(payload).digest('hex');
+    const expectedDigest =
+      createHmac('sha256', keyObject).update(payload).digest('hex');
+    assert.strictEqual(digest, expectedDigest);
+
+    const signature = cryptoSign('sha256', payload, ecPrivateKey);
+    assert.strictEqual(
+      cryptoVerify('sha256', payload, ecPublicKey, signature),
+      true);
+
+    // 5) Importing back from the exported JWK must yield an equivalent
     //    key, i.e. the real algorithm and usages round-trip.
     const reimported = await subtle.importKey('jwk', jwk,
                                               { name: 'HMAC', hash: 'SHA-256' },

test/parallel/test-webcrypto-cryptokey-no-own-symbols.js

@@ -2,10 +2,10 @@
 
 // CryptoKey instances must not expose any own Symbol-keyed properties
 // to user code. The internal slots backing the public getters are
-// kept off-instance (in a module-local WeakMap) so that reflection
-// APIs such as Object.getOwnPropertySymbols() and Reflect.ownKeys()
-// cannot enumerate them, even after the public getters have been
-// invoked and their per-instance caches populated.
+// kept in native internal fields, with JS-side caches in private fields,
+// so that reflection APIs such as Object.getOwnPropertySymbols() and
+// Reflect.ownKeys() cannot enumerate them, even after the public getters
+// have been invoked and their per-instance caches populated.
 
 const common = require('../common');
 if (!common.hasCrypto)

test/parallel/test-webcrypto-export-import-rsa.js

@@ -600,6 +600,20 @@ async function testImportJwk(
       extractable,
       publicUsages),
     { name: 'DataError', message: 'Invalid keyData' });
+
+  for (const field of ['p', 'q', 'dp', 'dq', 'qi']) {
+    const jwkMissingCrtField = { ...jwk };
+    delete jwkMissingCrtField[field];
+    await assert.rejects(
+      subtle.importKey(
+        'jwk',
+        jwkMissingCrtField,
+        { name, hash },
+        extractable,
+        privateUsages),
+      { name: 'DataError', message: 'Invalid keyData' },
+      `missing private JWK CRT field ${field}`);
+  }
 }
 
 // combinations to test