crypto: fix webcrypto AES-KW keys accepting encrypt/decrypt usages

PR-URL: #43431 Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]>

Author: panva

lib/internal/crypto/aes.js

@@ -230,13 +230,17 @@ async function aesGenerateKey(algorithm, extractable, keyUsages){
 validateInteger(length,'algorithm.length');
 validateOneOf(length,'algorithm.length',kAesKeyLengths);
 
-constusageSet=newSafeSet(keyUsages);
+constcheckUsages=['wrapKey','unwrapKey'];
+if(name!=='AES-KW')
+ArrayPrototypePush(checkUsages,'encrypt','decrypt');
 
-if(hasAnyNotIn(usageSet,['encrypt','decrypt','wrapKey','unwrapKey'])){
+constusagesSet=newSafeSet(keyUsages);
+if(hasAnyNotIn(usagesSet,checkUsages)){
 throwlazyDOMException(
 'Unsupported key usage for an AES key',
 'SyntaxError');
 }
+
 returnnewPromise((resolve,reject)=>{
 generateKey('aes',{ length },(err,key)=>{
 if(err){
@@ -249,7 +253,7 @@ async function aesGenerateKey(algorithm, extractable, keyUsages){
 resolve(newInternalCryptoKey(
 key,
 { name, length },
-ArrayFrom(usageSet),
+ArrayFrom(usagesSet),
 extractable));
 });
 });

test/parallel/test-webcrypto-keygen.js

@@ -211,14 +211,16 @@ const vectors ={
 if(!vectors[name].usages.includes(usage))
 invalidUsages.push(usage);
 });
-returnassert.rejects(
-subtle.generateKey(
-{
- name, ...vectors[name].algorithm
-},
-true,
-invalidUsages),
-{message: /Unsupportedkeyusage/});
+for(constinvalidUsageofinvalidUsages){
+awaitassert.rejects(
+subtle.generateKey(
+{
+ name, ...vectors[name].algorithm
+},
+true,
+[...vectors[name].usages,invalidUsage]),
+{message: /Unsupportedkeyusage/});
+}
 }
 
 consttests=Object.keys(vectors).map(test);