fix(ext/crypto): check extractable in exportKey (#14222)

author: EduM22 <38257387+EduM22@users.noreply.github.com> 2022-04-07 14:58:56 +0200
committer: GitHub <noreply@github.com> 2022-04-07 18:28:56 +0530
commit: 181e378032757938be88d8a02d6f87be191b47e2 (patch)
tree: 88ca10d6f72821536db7956e444a7b45ef7c5901
parent: b8d66a683a72e6d3b48e44d08fcdae433e4fb755 (diff)
2 files changed, 39 insertions, 4 deletions
diff --git a/cli/tests/unit/webcrypto_test.ts b/cli/tests/unit/webcrypto_test.ts
index 94f011bae..63adaddc7 100644
--- a/cli/tests/unit/webcrypto_test.ts
+++ b/cli/tests/unit/webcrypto_test.ts
@@ -1750,3 +1750,23 @@ Deno.test(async function importJwkWithUse() {
 
   assert(key instanceof CryptoKey);
 });
+
+// https://github.com/denoland/deno/issues/14215
+Deno.test(async function exportKeyNotExtractable() {
+  const key = await crypto.subtle.generateKey(
+    {
+      name: "HMAC",
+      hash: "SHA-512",
+    },
+    false,
+    ["sign", "verify"],
+  );
+
+  assert(key);
+  assertEquals(key.extractable, false);
+
+  await assertRejects(async () => {
+    // Should fail
+    await crypto.subtle.exportKey("raw", key);
+  }, DOMException);
+});
diff --git a/ext/crypto/00_crypto.js b/ext/crypto/00_crypto.js
index 5387544e8..c825089e7 100644
--- a/ext/crypto/00_crypto.js
+++ b/ext/crypto/00_crypto.js
@@ -984,28 +984,43 @@
 
       const algorithmName = key[_algorithm].name;
 
+      let result;
+
       switch (algorithmName) {
         case "HMAC": {
-          return exportKeyHMAC(format, key, innerKey);
+          result = exportKeyHMAC(format, key, innerKey);
+          break;
         }
         case "RSASSA-PKCS1-v1_5":
         case "RSA-PSS":
         case "RSA-OAEP": {
-          return exportKeyRSA(format, key, innerKey);
+          result = exportKeyRSA(format, key, innerKey);
+          break;
         }
         case "ECDH":
         case "ECDSA": {
-          return exportKeyEC(format, key, innerKey);
+          result = exportKeyEC(format, key, innerKey);
+          break;
         }
         case "AES-CTR":
         case "AES-CBC":
         case "AES-GCM":
         case "AES-KW": {
-          return exportKeyAES(format, key, innerKey);
+          result = exportKeyAES(format, key, innerKey);
+          break;
         }
         default:
           throw new DOMException("Not implemented", "NotSupportedError");
       }
+
+      if (key.extractable === false) {
+        throw new DOMException(
+          "Key is not extractable",
+          "InvalidAccessError",
+        );
+      }
+
+      return result;
     }
 
     /**
author	EduM22 <38257387+EduM22@users.noreply.github.com>	2022-04-07 14:58:56 +0200
committer	GitHub <noreply@github.com>	2022-04-07 18:28:56 +0530
commit	181e378032757938be88d8a02d6f87be191b47e2 (patch)
tree	88ca10d6f72821536db7956e444a7b45ef7c5901
parent	b8d66a683a72e6d3b48e44d08fcdae433e4fb755 (diff)