crypto: deduplicate and canonicalize CryptoKey usages

panva · aduh95 · commit 8752b604ec97 · 2026-05-09T09:27:32.000+02:00
Fixes: #62899 Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: #62902 Backport-PR-URL: #63173 Fixes: #62899 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
diff --git a/lib/internal/crypto/aes.js b/lib/internal/crypto/aes.js
@@ -1,7 +1,6 @@
 'use strict';
 
 const {
-  ArrayFrom,
   ArrayPrototypePush,
   SafeSet,
 } = primordials;
@@ -205,7 +204,7 @@ async function aesGenerateKey(algorithm, extractable, keyUsages) {
   return new InternalCryptoKey(
     key,
     { name, length },
-    ArrayFrom(usagesSet),
+    usagesSet,
     extractable);
 }
 
@@ -300,7 +299,7 @@ function aesImportKey(
   return new InternalCryptoKey(
     keyObject,
     { name, length },
-    keyUsages,
+    usagesSet,
     extractable);
 }
 
diff --git a/lib/internal/crypto/cfrg.js b/lib/internal/crypto/cfrg.js
@@ -171,7 +171,7 @@ async function cfrgGenerateKey(algorithm, extractable, keyUsages) {
     case 'X25519':
       // Fall through
     case 'X448':
-      publicUsages = [];
+      publicUsages = new SafeSet();
       privateUsages = getUsagesUnion(usageSet, 'deriveKey', 'deriveBits');
       break;
   }
@@ -340,7 +340,7 @@ function cfrgImportKey(
   return new InternalCryptoKey(
     keyObject,
     { name },
-    keyUsages,
+    usagesSet,
     extractable);
 }
 
diff --git a/lib/internal/crypto/chacha20_poly1305.js b/lib/internal/crypto/chacha20_poly1305.js
@@ -1,7 +1,6 @@
 'use strict';
 
 const {
-  ArrayFrom,
   SafeSet,
 } = primordials;
 
@@ -76,7 +75,7 @@ async function c20pGenerateKey(algorithm, extractable, keyUsages) {
   return new InternalCryptoKey(
     createSecretKey(keyData),
     { name },
-    ArrayFrom(usagesSet),
+    usagesSet,
     extractable);
 }
 
@@ -155,7 +154,7 @@ function c20pImportKey(
   return new InternalCryptoKey(
     keyObject,
     { name },
-    keyUsages,
+    usagesSet,
     extractable);
 }
 
diff --git a/lib/internal/crypto/ec.js b/lib/internal/crypto/ec.js
@@ -114,7 +114,7 @@ async function ecGenerateKey(algorithm, extractable, keyUsages) {
       privateUsages = getUsagesUnion(usageSet, 'sign');
       break;
     case 'ECDH':
-      publicUsages = [];
+      publicUsages = new SafeSet();
       privateUsages = getUsagesUnion(usageSet, 'deriveKey', 'deriveBits');
       break;
   }
@@ -280,7 +280,7 @@ function ecImportKey(
   return new InternalCryptoKey(
     keyObject,
     { name, namedCurve },
-    keyUsages,
+    usagesSet,
     extractable);
 }
 
diff --git a/lib/internal/crypto/keys.js b/lib/internal/crypto/keys.js
@@ -62,6 +62,7 @@ const {
   bigIntArrayToUnsignedBigInt,
   normalizeAlgorithm,
   hasAnyNotIn,
+  getSortedUsages,
 } = require('internal/crypto/util');
 
 const {
@@ -1094,7 +1095,7 @@ class InternalCryptoKey {
         keyObject,
         algorithm,
         extractable,
-        keyUsages,
+        getSortedUsages(new SafeSet(keyUsages)),
       );
     }
   }
@@ -1160,7 +1161,7 @@ function importGenericSecretKey(
       return undefined;
   }
 
-  return new InternalCryptoKey(keyObject, { name }, keyUsages, false);
+  return new InternalCryptoKey(keyObject, { name }, usagesSet, false);
 }
 
 module.exports = {
diff --git a/lib/internal/crypto/mac.js b/lib/internal/crypto/mac.js
@@ -1,7 +1,6 @@
 'use strict';
 
 const {
-  ArrayFrom,
   SafeSet,
   StringPrototypeSubstring,
 } = primordials;
@@ -76,7 +75,7 @@ async function hmacGenerateKey(algorithm, extractable, keyUsages) {
   return new InternalCryptoKey(
     key,
     { name, length, hash },
-    ArrayFrom(usageSet),
+    usageSet,
     extractable);
 }
 
@@ -110,7 +109,7 @@ async function kmacGenerateKey(algorithm, extractable, keyUsages) {
   return new InternalCryptoKey(
     createSecretKey(keyData),
     { name, length },
-    ArrayFrom(usageSet),
+    usageSet,
     extractable);
 }
 
@@ -211,7 +210,7 @@ function macImportKey(
   return new InternalCryptoKey(
     keyObject,
     algorithmObject,
-    keyUsages,
+    usagesSet,
     extractable);
 }
 
diff --git a/lib/internal/crypto/ml_dsa.js b/lib/internal/crypto/ml_dsa.js
@@ -297,7 +297,7 @@ function mlDsaImportKey(
   return new InternalCryptoKey(
     keyObject,
     { name },
-    keyUsages,
+    usagesSet,
     extractable);
 }
 
diff --git a/lib/internal/crypto/ml_kem.js b/lib/internal/crypto/ml_kem.js
@@ -69,8 +69,8 @@ async function mlKemGenerateKey(algorithm, extractable, keyUsages) {
       { name: 'OperationError', cause: err });
   }
 
-  const publicUsages = getUsagesUnion(usageSet, 'encapsulateBits', 'encapsulateKey');
-  const privateUsages = getUsagesUnion(usageSet, 'decapsulateBits', 'decapsulateKey');
+  const publicUsages = getUsagesUnion(usageSet, 'encapsulateKey', 'encapsulateBits');
+  const privateUsages = getUsagesUnion(usageSet, 'decapsulateKey', 'decapsulateBits');
 
   const keyAlgorithm = { name };
 
@@ -230,7 +230,7 @@ function mlKemImportKey(
   return new InternalCryptoKey(
     keyObject,
     { name },
-    keyUsages,
+    usagesSet,
     extractable);
 }
 
diff --git a/lib/internal/crypto/rsa.js b/lib/internal/crypto/rsa.js
@@ -327,7 +327,7 @@ function rsaImportKey(
     modulusLength,
     publicExponent: new Uint8Array(publicExponent),
     hash: algorithm.hash,
-  }, keyUsages, extractable);
+  }, usagesSet, extractable);
 }
 
 async function rsaSignVerify(key, data, { saltLength }, signature) {
diff --git a/lib/internal/crypto/util.js b/lib/internal/crypto/util.js
@@ -3,6 +3,7 @@
 const {
   ArrayBufferIsView,
   ArrayBufferPrototypeGetByteLength,
+  ArrayFrom,
   ArrayPrototypeIncludes,
   ArrayPrototypePush,
   BigInt,
@@ -16,6 +17,7 @@ const {
   ObjectKeys,
   ObjectPrototypeHasOwnProperty,
   PromiseWithResolvers,
+  SafeSet,
   StringPrototypeToUpperCase,
   Symbol,
   TypedArrayPrototypeGetBuffer,
@@ -706,14 +708,40 @@ function getStringOption(options, key) {
 }
 
 function getUsagesUnion(usageSet, ...usages) {
-  const newset = [];
+  const newset = new SafeSet();
   for (let n = 0; n < usages.length; n++) {
     if (usageSet.has(usages[n]))
-      ArrayPrototypePush(newset, usages[n]);
+      newset.add(usages[n]);
   }
   return newset;
 }
 
+const kCanonicalUsageOrder = new SafeSet([
+  'encrypt', 'decrypt',
+  'sign', 'verify',
+  'deriveKey', 'deriveBits',
+  'wrapKey', 'unwrapKey',
+  'encapsulateKey', 'encapsulateBits',
+  'decapsulateKey', 'decapsulateBits',
+]);
+
+/**
+ * Returns the usages from `usageSet` as an array in the canonical order
+ * defined by {@link kCanonicalUsageOrder}.
+ * @param {SafeSet<string>} usageSet
+ * @returns {string[]}
+ */
+function getSortedUsages(usageSet) {
+  if (usageSet.size <= 1) {
+    return ArrayFrom(usageSet);
+  }
+  const result = [];
+  for (const usage of kCanonicalUsageOrder) {
+    if (usageSet.has(usage)) ArrayPrototypePush(result, usage);
+  }
+  return result;
+}
+
 function getBlockSize(name) {
   switch (name) {
     case 'SHA-1':
@@ -830,6 +858,7 @@ module.exports = {
   getDigestSizeInBytes,
   getStringOption,
   getUsagesUnion,
+  getSortedUsages,
   secureHeapUsed,
   getCachedHashId,
   getHashCache,
diff --git a/test/parallel/test-webcrypto-deduplicate-usages.js b/test/parallel/test-webcrypto-deduplicate-usages.js
diff --git a/test/parallel/test-webcrypto-keygen.js b/test/parallel/test-webcrypto-keygen.js

Original file line number	Diff line number	Diff line change
`@@ -62,6 +62,7 @@ const {`
`62`	`62`	`bigIntArrayToUnsignedBigInt,`
`63`	`63`	`normalizeAlgorithm,`
`64`	`64`	`hasAnyNotIn,`
	`65`	`+ getSortedUsages,`
`65`	`66`	`} = require('internal/crypto/util');`
`66`	`67`
`67`	`68`	`const {`
`@@ -1094,7 +1095,7 @@ class InternalCryptoKey {`
`1094`	`1095`	`keyObject,`
`1095`	`1096`	`algorithm,`
`1096`	`1097`	`extractable,`
`1097`		`- keyUsages,`
	`1098`	`+ getSortedUsages(new SafeSet(keyUsages)),`
`1098`	`1099`	`);`
`1099`	`1100`	`}`
`1100`	`1101`	`}`
`@@ -1160,7 +1161,7 @@ function importGenericSecretKey(`
`1160`	`1161`	`return undefined;`
`1161`	`1162`	`}`
`1162`	`1163`
`1163`		`- return new InternalCryptoKey(keyObject, { name }, keyUsages, false);`
	`1164`	`+ return new InternalCryptoKey(keyObject, { name }, usagesSet, false);`
`1164`	`1165`	`}`
`1165`	`1166`
`1166`	`1167`	`module.exports = {`
Original file line number	Diff line number	Diff line change
`@@ -297,7 +297,7 @@ function mlDsaImportKey(`
`297`	`297`	`return new InternalCryptoKey(`
`298`	`298`	`keyObject,`
`299`	`299`	`{ name },`
`300`		`- keyUsages,`
	`300`	`+ usagesSet,`
`301`	`301`	`extractable);`
`302`	`302`	`}`
`303`	`303`
Original file line number	Diff line number	Diff line change
`@@ -327,7 +327,7 @@ function rsaImportKey(`
`327`	`327`	`modulusLength,`
`328`	`328`	`publicExponent: new Uint8Array(publicExponent),`
`329`	`329`	`hash: algorithm.hash,`
`330`		`- }, keyUsages, extractable);`
	`330`	`+ }, usagesSet, extractable);`
`331`	`331`	`}`
`332`	`332`
`333`	`333`	`async function rsaSignVerify(key, data, { saltLength }, signature) {`