fixup! crypto: add WebCrypto CryptoJob mode

Signed-off-by: Filip Skokan <panva.ip@gmail.com>

Author: panva

src/crypto/crypto_kem.cc

@@ -176,16 +176,16 @@ MaybeLocal<Value> KEMEncapsulateTraits::EncodeOutput(
 
   if (params.job_mode == kCryptoJobWebCrypto) {
     Local<Object> result = Object::New(env->isolate());
-    if (result
-            ->Set(env->context(),
-                  OneByteString(env->isolate(), "sharedKey"),
-                  shared_key_obj.As<ArrayBufferView>()->Buffer())
-            .IsNothing() ||
-        result
-            ->Set(env->context(),
-                  OneByteString(env->isolate(), "ciphertext"),
-                  ciphertext_obj.As<ArrayBufferView>()->Buffer())
-            .IsNothing()) {
+    if (!result
+             ->DefineOwnProperty(env->context(),
+                                 OneByteString(env->isolate(), "sharedKey"),
+                                 shared_key_obj.As<ArrayBufferView>()->Buffer())
+             .FromMaybe(false) ||
+        !result
+             ->DefineOwnProperty(env->context(),
+                                 OneByteString(env->isolate(), "ciphertext"),
+                                 ciphertext_obj.As<ArrayBufferView>()->Buffer())
+             .FromMaybe(false)) {
       return MaybeLocal<Value>();
     }
     return result;

src/crypto/crypto_keygen.h

@@ -184,14 +184,14 @@ class KeyGenJob final : public CryptoJob<KeyGenTraits> {
       }
 
       v8::Local<v8::Object> ret = v8::Object::New(isolate);
-      if (ret->Set(env->context(),
-                   OneByteString(isolate, "publicKey"),
-                   public_key)
-              .IsNothing() ||
-          ret->Set(env->context(),
-                   OneByteString(isolate, "privateKey"),
-                   private_key)
-              .IsNothing()) {
+      if (!ret->DefineOwnProperty(env->context(),
+                                  OneByteString(isolate, "publicKey"),
+                                  public_key)
+               .FromMaybe(false) ||
+          !ret->DefineOwnProperty(env->context(),
+                                  OneByteString(isolate, "privateKey"),
+                                  private_key)
+               .FromMaybe(false)) {
         return {};
       }
       return ret;

src/crypto/crypto_util.cc

@@ -735,13 +735,15 @@ MaybeLocal<Value> CreateWebCryptoJobError(Environment* env,
   CHECK(domexception_ctor->IsFunction());
 
   Local<Object> options = Object::New(isolate);
-  if (options
-          ->Set(context,
-                FIXED_ONE_BYTE_STRING(isolate, "name"),
-                FIXED_ONE_BYTE_STRING(isolate, "OperationError"))
-          .IsNothing() ||
-      options->Set(context, FIXED_ONE_BYTE_STRING(isolate, "cause"), cause)
-          .IsNothing()) {
+  if (!options
+           ->DefineOwnProperty(context,
+                               FIXED_ONE_BYTE_STRING(isolate, "name"),
+                               FIXED_ONE_BYTE_STRING(isolate, "OperationError"))
+           .FromMaybe(false) ||
+      !options
+           ->DefineOwnProperty(
+               context, FIXED_ONE_BYTE_STRING(isolate, "cause"), cause)
+           .FromMaybe(false)) {
     return {};
   }
 

test/parallel/test-webcrypto-crypto-job-mode.js

@@ -7,6 +7,7 @@ if (!common.hasCrypto)
   common.skip('missing crypto');
 
 const assert = require('assert');
+const { hasOpenSSL } = require('../common/crypto');
 const { types: { isCryptoKey } } = require('util');
 const { internalBinding } = require('internal/test/binding');
 const {
@@ -31,6 +32,34 @@ const {
 
 const { subtle } = globalThis.crypto;
 
+// Defines Object.prototype setters that fail the test if native result object
+// creation uses [[Set]] instead of creating own data properties.
+async function withObjectPrototypeSetters(names, fn) {
+  const descriptors = new Map();
+  for (const name of names) {
+    descriptors.set(name, Object.getOwnPropertyDescriptor(Object.prototype, name));
+    Object.defineProperty(Object.prototype, name, {
+      __proto__: null,
+      configurable: true,
+      get: common.mustNotCall(`Object.prototype.${name} getter`),
+      set: common.mustNotCall(`Object.prototype.${name} setter`),
+    });
+  }
+
+  try {
+    return await fn();
+  } finally {
+    for (const name of names) {
+      const descriptor = descriptors.get(name);
+      if (descriptor === undefined) {
+        delete Object.prototype[name];
+      } else {
+        Object.defineProperty(Object.prototype, name, descriptor);
+      }
+    }
+  }
+}
+
 (async function() {
   {
     const promise = new HashJob(
@@ -67,14 +96,16 @@ const { subtle } = globalThis.crypto;
   }
 
   {
-    const pair = await new EcKeyPairGenJob(
-      kCryptoJobWebCrypto,
-      'P-256',
-      undefined,
-      { name: 'ECDSA', namedCurve: 'P-256' },
-      getUsagesMask(new Set(['verify'])),
-      getUsagesMask(new Set(['sign'])),
-      true).run();
+    const pair = await withObjectPrototypeSetters(
+      ['publicKey', 'privateKey'],
+      () => new EcKeyPairGenJob(
+        kCryptoJobWebCrypto,
+        'P-256',
+        undefined,
+        { name: 'ECDSA', namedCurve: 'P-256' },
+        getUsagesMask(new Set(['verify'])),
+        getUsagesMask(new Set(['sign'])),
+        true).run());
 
     assert.strictEqual(Object.getPrototypeOf(pair), Object.prototype);
     assert(isCryptoKey(pair.publicKey));
@@ -120,6 +151,33 @@ const { subtle } = globalThis.crypto;
     });
   }
 
+  {
+    const key = await subtle.generateKey(
+      { name: 'AES-CBC', length: 128 },
+      false,
+      ['encrypt', 'decrypt']);
+    const iv = crypto.getRandomValues(new Uint8Array(16));
+    const ciphertext = new Uint8Array(await subtle.encrypt(
+      { name: 'AES-CBC', iv },
+      key,
+      Buffer.alloc(16)));
+    ciphertext[ciphertext.length - 1] ^= 0xff;
+
+    await assert.rejects(
+      withObjectPrototypeSetters(['cause'], () =>
+        subtle.decrypt({ name: 'AES-CBC', iv }, key, ciphertext)),
+      (err) => {
+        assert.strictEqual(err.name, 'OperationError');
+        assert.strictEqual(
+          err.message,
+          'The operation failed for an operation-specific reason');
+        assert(err.cause);
+        assert.strictEqual(typeof err.cause.message, 'string');
+        assert.notStrictEqual(err.cause.message, '');
+        return true;
+      });
+  }
+
   {
     const key = await subtle.generateKey(
       { name: 'HMAC', hash: 'SHA-256' },
@@ -151,4 +209,18 @@ const { subtle } = globalThis.crypto;
       delete CryptoKey.prototype.then;
     }
   }
+
+  if (hasOpenSSL(3, 5)) {
+    const pair = await subtle.generateKey(
+      { name: 'ML-KEM-768' },
+      true,
+      ['encapsulateBits', 'decapsulateBits']);
+    const result = await withObjectPrototypeSetters(
+      ['sharedKey', 'ciphertext'],
+      () => subtle.encapsulateBits({ name: 'ML-KEM-768' }, pair.publicKey));
+
+    assert.strictEqual(Object.getPrototypeOf(result), Object.prototype);
+    assert(result.sharedKey instanceof ArrayBuffer);
+    assert(result.ciphertext instanceof ArrayBuffer);
+  }
 })().then(common.mustCall());