crypto: improve accuracy of SubtleCrypto.supports

panva · panva · commit 5710d4e9e161 · 2026-05-04T01:00:23.000+02:00
Signed-off-by: Filip Skokan &lt;panva.ip@gmail.com&gt;
diff --git a/lib/internal/crypto/webcrypto.js b/lib/internal/crypto/webcrypto.js
@@ -1658,7 +1658,11 @@ class SubtleCrypto {
       }
     }
 
-    return check(operation, algorithm, length);
+    try {
+      return check(operation, algorithm, length);
+    } catch {
+      return false;
+    }
   }
 }
 
@@ -1701,25 +1705,35 @@ function check(op, alg, length) {
       return true;
     case 'deriveBits': {
       if (normalizedAlgorithm.name === 'HKDF') {
-        try {
-          require('internal/crypto/hkdf').validateHkdfDeriveBitsLength(length);
-        } catch {
-          return false;
-        }
+        require('internal/crypto/hkdf').validateHkdfDeriveBitsLength(length);
       }
 
       if (normalizedAlgorithm.name === 'PBKDF2') {
-        try {
-          require('internal/crypto/pbkdf2').validatePbkdf2DeriveBitsLength(length);
-        } catch {
-          return false;
-        }
+        require('internal/crypto/pbkdf2').validatePbkdf2DeriveBitsLength(length);
       }
 
       if (StringPrototypeStartsWith(normalizedAlgorithm.name, 'Argon2')) {
-        try {
-          require('internal/crypto/argon2').validateArgon2DeriveBitsLength(length);
-        } catch {
+        require('internal/crypto/argon2').validateArgon2DeriveBitsLength(length);
+      }
+
+      if (normalizedAlgorithm.name === 'X25519' && length > 256) {
+        return false;
+      }
+
+      if (normalizedAlgorithm.name === 'X448' && length > 448) {
+        return false;
+      }
+
+      if (normalizedAlgorithm.name === 'ECDH') {
+        const namedCurve = getCryptoKeyAlgorithm(normalizedAlgorithm.public).namedCurve;
+        const maxLength = {
+          '__proto__': null,
+          'P-256': 256,
+          'P-384': 384,
+          'P-521': 528,
+        }[namedCurve];
+
+        if (length > maxLength) {
           return false;
         }
       }
diff --git a/test/fixtures/webcrypto/supports-level-2.mjs b/test/fixtures/webcrypto/supports-level-2.mjs
@@ -103,18 +103,30 @@ export const vectors = {
     [true,
      { name: 'X25519', public: X25519.publicKey },
      { name: 'AES-CBC', length: 128 }],
-    [true,
+    [false,
      { name: 'X25519', public: X25519.publicKey },
      { name: 'HMAC', hash: 'SHA-256' }],
+    [true,
+     { name: 'X25519', public: X25519.publicKey },
+     { name: 'HMAC', hash: 'SHA-256', length: 256 }],
+    [false,
+     { name: 'X25519', public: X25519.publicKey },
+     { name: 'HMAC', hash: 'SHA-256', length: 257 }],
     [true,
      { name: 'X25519', public: X25519.publicKey },
      'HKDF'],
     [true,
      { name: 'ECDH', public: ECDH.publicKey },
      { name: 'AES-CBC', length: 128 }],
-    [true,
+    [false,
      { name: 'ECDH', public: ECDH.publicKey },
      { name: 'HMAC', hash: 'SHA-256' }],
+    [true,
+     { name: 'ECDH', public: ECDH.publicKey },
+     { name: 'HMAC', hash: 'SHA-256', length: 256 }],
+    [false,
+     { name: 'ECDH', public: ECDH.publicKey },
+     { name: 'HMAC', hash: 'SHA-256', length: 257 }],
     [true,
      { name: 'ECDH', public: ECDH.publicKey },
      'HKDF'],
@@ -143,10 +155,16 @@ export const vectors = {
 
     [true,
      { name: 'ECDH', public: ECDH.publicKey }],
+    [true,
+     { name: 'ECDH', public: ECDH.publicKey }, 256],
+    [false,
+     { name: 'ECDH', public: ECDH.publicKey }, 257],
     [false, { name: 'ECDH', public: ECDH.privateKey }],
     [false, 'ECDH'],
 
     [true, { name: 'X25519', public: X25519.publicKey }],
+    [true, { name: 'X25519', public: X25519.publicKey }, 256],
+    [false, { name: 'X25519', public: X25519.publicKey }, 257],
     [false, { name: 'X25519', public: X25519.privateKey }],
     [false, 'X25519'],
   ],
diff --git a/test/fixtures/webcrypto/supports-secure-curves.mjs b/test/fixtures/webcrypto/supports-secure-curves.mjs
@@ -28,15 +28,23 @@ export const vectors = {
     [!boringSSL,
      { name: 'X448', public: X448?.publicKey },
      { name: 'AES-CBC', length: 128 }],
-    [!boringSSL,
+    [false,
      { name: 'X448', public: X448?.publicKey },
      { name: 'HMAC', hash: 'SHA-256' }],
+    [!boringSSL,
+     { name: 'X448', public: X448?.publicKey },
+     { name: 'HMAC', hash: 'SHA-256', length: 448 }],
+    [false,
+     { name: 'X448', public: X448?.publicKey },
+     { name: 'HMAC', hash: 'SHA-256', length: 449 }],
     [!boringSSL,
      { name: 'X448', public: X448?.publicKey },
      'HKDF'],
   ],
   'deriveBits': [
     [!boringSSL, { name: 'X448', public: X448?.publicKey }],
+    [!boringSSL, { name: 'X448', public: X448?.publicKey }, 448],
+    [false, { name: 'X448', public: X448?.publicKey }, 449],
     [false, { name: 'X448', public: X25519.publicKey }],
     [false, { name: 'X448', public: X448?.privateKey }],
     [false, 'X448'],
