HMAC not implemented in crypto.subtle.deriveKey #905
Description
Describe the bug
deriveKey only accepts AES options for derivedKeyAlgorithm.
- The bug is reproducible with the latest version of njs.
- I minimized the code and NGINX configuration to the smallest
possible to reproduce the issue.
To reproduce
Steps to reproduce the behavior:
- JS script
async function main() {
const c = global.crypto;
const algorithm = {
name: "HKDF",
hash: "SHA-256",
salt: c.getRandomValues(new Int8Array(32)),
info: Buffer.alloc(1).buffer
};
const key = await global.crypto.subtle.importKey(
'raw',
c.getRandomValues(new Int8Array(32)),
'HKDF',
false,
['deriveKey']
);
const derivedKeyAlgorithm = {
name: "HMAC",
hash: "SHA-256",
length: 256
};
const keyUsages = ['sign', 'verify'];
c.subtle.deriveKey(algorithm, key, derivedKeyAlgorithm, false, keyUsages);
}
main();njsoutput
Error: unhandled promise rejection: InternalError: not implemented deriveKey: "HMAC"
- With optional
lengthproperty omitted:
Error: unhandled promise rejection: TypeError: derivedKeyAlgorithm.length is not provided
Expected behavior
Exit status 0, as when derivedKeyAlgorithm.name = "AES-GCM" and keyUsages = ['encrypt', 'decrypt'].
Your environment
nginx-module-njs.aarch64 1.28.0+0.8.10-1.amzn2023.ngx @nginx-stable
Additional context
njs/external/njs_webcrypto_module.c:1716-1719 is unreachable because of njs/external/njs_webcrypto_module.c:1522-1539.