diff --git a/lib/internal/crypto/aes.js b/lib/internal/crypto/aes.js index 2c74a49139a70a..324662e1f8b1b4 100644 --- a/lib/internal/crypto/aes.js +++ b/lib/internal/crypto/aes.js @@ -230,13 +230,17 @@ async function aesGenerateKey(algorithm, extractable, keyUsages) { validateInteger(length, 'algorithm.length'); validateOneOf(length, 'algorithm.length', kAesKeyLengths); - const usageSet = new SafeSet(keyUsages); + const checkUsages = ['wrapKey', 'unwrapKey']; + if (name !== 'AES-KW') + ArrayPrototypePush(checkUsages, 'encrypt', 'decrypt'); - if (hasAnyNotIn(usageSet, ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey'])) { + const usagesSet = new SafeSet(keyUsages); + if (hasAnyNotIn(usagesSet, checkUsages)) { throw lazyDOMException( 'Unsupported key usage for an AES key', 'SyntaxError'); } + return new Promise((resolve, reject) => { generateKey('aes', { length }, (err, key) => { if (err) { @@ -249,7 +253,7 @@ async function aesGenerateKey(algorithm, extractable, keyUsages) { resolve(new InternalCryptoKey( key, { name, length }, - ArrayFrom(usageSet), + ArrayFrom(usagesSet), extractable)); }); }); diff --git a/test/parallel/test-webcrypto-keygen.js b/test/parallel/test-webcrypto-keygen.js index 948c755a9114bc..c3429af99e66a7 100644 --- a/test/parallel/test-webcrypto-keygen.js +++ b/test/parallel/test-webcrypto-keygen.js @@ -211,14 +211,16 @@ const vectors = { if (!vectors[name].usages.includes(usage)) invalidUsages.push(usage); }); - return assert.rejects( - subtle.generateKey( - { - name, ...vectors[name].algorithm - }, - true, - invalidUsages), - { message: /Unsupported key usage/ }); + for (const invalidUsage of invalidUsages) { + await assert.rejects( + subtle.generateKey( + { + name, ...vectors[name].algorithm + }, + true, + [...vectors[name].usages, invalidUsage]), + { message: /Unsupported key usage/ }); + } } const tests = Object.keys(vectors).map(test);