details: https://github.com/nginx/njs/commit/37b4c07719e12363f33de8a591a7a61815122c91 branches: master commit: 37b4c07719e12363f33de8a591a7a61815122c91 user: Dmitry Volyntsev <xei...@nginx.com> date: Wed, 7 May 2025 20:49:21 -0700 description: WebCrypto: fixed extractable handling for crypto.subtle.deriveKey().
--- external/njs_webcrypto_module.c | 1 + external/qjs_webcrypto_module.c | 1 + test/webcrypto/derive.t.mjs | 8 +++++++- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/external/njs_webcrypto_module.c b/external/njs_webcrypto_module.c index 6f4b49e1..dcca91ce 100644 --- a/external/njs_webcrypto_module.c +++ b/external/njs_webcrypto_module.c @@ -1722,6 +1722,7 @@ free: } } + dkey->extractable = njs_value_bool(njs_arg(args, nargs, 4)); dkey->u.s.raw.start = k; dkey->u.s.raw.length = length; diff --git a/external/qjs_webcrypto_module.c b/external/qjs_webcrypto_module.c index 29aea329..937f96c3 100644 --- a/external/qjs_webcrypto_module.c +++ b/external/qjs_webcrypto_module.c @@ -1948,6 +1948,7 @@ free: } } + dkey->extractable = JS_ToBool(cx, argv[3]); dkey->u.s.raw.start = k; dkey->u.s.raw.length = length; diff --git a/test/webcrypto/derive.t.mjs b/test/webcrypto/derive.t.mjs index 4d865da3..e9a2aac1 100644 --- a/test/webcrypto/derive.t.mjs +++ b/test/webcrypto/derive.t.mjs @@ -22,7 +22,11 @@ async function test(params) { if (params.derive === "key") { let key = await crypto.subtle.deriveKey(params.algorithm, keyMaterial, params.derivedAlgorithm, - true, params.usage); + params.extractable, params.usage); + + if (key.extractable !== params.extractable) { + throw Error(`${params.algorithm.name} failed extractable ${params.extractable} vs ${key.extractable}`); + } if (has_usage(params.usage, "encrypt")) { r = await crypto.subtle.encrypt(params.derivedAlgorithm, key, @@ -81,11 +85,13 @@ let derive_tsuite = { length: 256, iv: "55667788556677885566778855667788" }, + extractable: true, usage: [ "encrypt", "decrypt" ] }, tests: [ { expected: "e7b55c9f9fda69b87648585f76c58109174aaa400cfa" }, + { extractable: false, expected: "e7b55c9f9fda69b87648585f76c58109174aaa400cfa" }, { pass: "pass2", expected: "e87d1787f2807ea0e1f7e1cb265b23004c575cf2ad7e" }, { algorithm: { iterations: 10000 }, expected: "5add0059931ed1db1ca24c26dbe4de5719c43ed18a54" }, { algorithm: { hash: "SHA-512" }, expected: "544d64e5e246fdd2ba290ea932b2d80ef411c76139f4" }, _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel