diff options
| -rw-r--r-- | cli/tests/unit/webcrypto_test.ts | 20 | ||||
| -rw-r--r-- | ext/crypto/00_crypto.js | 23 |
2 files changed, 39 insertions, 4 deletions
diff --git a/cli/tests/unit/webcrypto_test.ts b/cli/tests/unit/webcrypto_test.ts index 94f011bae..63adaddc7 100644 --- a/cli/tests/unit/webcrypto_test.ts +++ b/cli/tests/unit/webcrypto_test.ts @@ -1750,3 +1750,23 @@ Deno.test(async function importJwkWithUse() { assert(key instanceof CryptoKey); }); + +// https://github.com/denoland/deno/issues/14215 +Deno.test(async function exportKeyNotExtractable() { + const key = await crypto.subtle.generateKey( + { + name: "HMAC", + hash: "SHA-512", + }, + false, + ["sign", "verify"], + ); + + assert(key); + assertEquals(key.extractable, false); + + await assertRejects(async () => { + // Should fail + await crypto.subtle.exportKey("raw", key); + }, DOMException); +}); diff --git a/ext/crypto/00_crypto.js b/ext/crypto/00_crypto.js index 5387544e8..c825089e7 100644 --- a/ext/crypto/00_crypto.js +++ b/ext/crypto/00_crypto.js @@ -984,28 +984,43 @@ const algorithmName = key[_algorithm].name; + let result; + switch (algorithmName) { case "HMAC": { - return exportKeyHMAC(format, key, innerKey); + result = exportKeyHMAC(format, key, innerKey); + break; } case "RSASSA-PKCS1-v1_5": case "RSA-PSS": case "RSA-OAEP": { - return exportKeyRSA(format, key, innerKey); + result = exportKeyRSA(format, key, innerKey); + break; } case "ECDH": case "ECDSA": { - return exportKeyEC(format, key, innerKey); + result = exportKeyEC(format, key, innerKey); + break; } case "AES-CTR": case "AES-CBC": case "AES-GCM": case "AES-KW": { - return exportKeyAES(format, key, innerKey); + result = exportKeyAES(format, key, innerKey); + break; } default: throw new DOMException("Not implemented", "NotSupportedError"); } + + if (key.extractable === false) { + throw new DOMException( + "Key is not extractable", + "InvalidAccessError", + ); + } + + return result; } /** |