From 2f8c426376250c7a3cbab3ff3583c023de5d139d Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Mon, 8 Aug 2022 12:28:39 +0200
Subject: [PATCH] crypto: fix webcrypto deriveBits validations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

PR-URL: https://github.com/nodejs/node/pull/44173
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Backport-PR-URL: https://github.com/nodejs/node/pull/44838
---
 lib/internal/crypto/hkdf.js                     |  4 +++-
 lib/internal/crypto/pbkdf2.js                   | 10 ++++++++--
 test/parallel/test-webcrypto-derivebits-hkdf.js |  9 ++++++---
 test/pummel/test-webcrypto-derivebits-pbkdf2.js |  9 ++++++---
 4 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/lib/internal/crypto/hkdf.js b/lib/internal/crypto/hkdf.js
index f47a2766e0cf53..9dd49d12dd328b 100644
--- a/lib/internal/crypto/hkdf.js
+++ b/lib/internal/crypto/hkdf.js
@@ -142,7 +142,6 @@ function hkdfSync(hash, key, salt, info, length) {
 }
 
 async function hkdfDeriveBits(algorithm, baseKey, length) {
-  validateUint32(length, 'length');
   const { hash } = algorithm;
   const salt = getArrayBufferOrView(algorithm.salt, 'algorithm.salt');
   const info = getArrayBufferOrView(algorithm.info, 'algorithm.info');
@@ -153,6 +152,9 @@ async function hkdfDeriveBits(algorithm, baseKey, length) {
   if (length !== undefined) {
     if (length === 0)
       throw lazyDOMException('length cannot be zero', 'OperationError');
+    if (length === null)
+      throw lazyDOMException('length cannot be null', 'OperationError');
+    validateUint32(length, 'length');
     if (length % 8) {
       throw lazyDOMException(
         'length must be a multiple of 8',
diff --git a/lib/internal/crypto/pbkdf2.js b/lib/internal/crypto/pbkdf2.js
index 753c4f2d9da597..755126283c9abc 100644
--- a/lib/internal/crypto/pbkdf2.js
+++ b/lib/internal/crypto/pbkdf2.js
@@ -98,13 +98,16 @@ function check(password, salt, iterations, keylen, digest) {
 }
 
 async function pbkdf2DeriveBits(algorithm, baseKey, length) {
-  validateUint32(length, 'length');
   const { iterations } = algorithm;
   let { hash } = algorithm;
   const salt = getArrayBufferOrView(algorithm.salt, 'algorithm.salt');
   if (hash === undefined)
     throw new ERR_MISSING_OPTION('algorithm.hash');
-  validateInteger(iterations, 'algorithm.iterations', 1);
+  validateInteger(iterations, 'algorithm.iterations');
+  if (iterations === 0)
+    throw lazyDOMException(
+      'iterations cannot be zero',
+      'OperationError');
 
   hash = normalizeHashName(hash.name);
 
@@ -114,6 +117,9 @@ async function pbkdf2DeriveBits(algorithm, baseKey, length) {
   if (length !== undefined) {
     if (length === 0)
       throw lazyDOMException('length cannot be zero', 'OperationError');
+    if (length === null)
+      throw lazyDOMException('length cannot be null', 'OperationError');
+    validateUint32(length, 'length');
     if (length % 8) {
       throw lazyDOMException(
         'length must be a multiple of 8',
diff --git a/test/parallel/test-webcrypto-derivebits-hkdf.js b/test/parallel/test-webcrypto-derivebits-hkdf.js
index 42d958e5f5f821..6c42c3b173123d 100644
--- a/test/parallel/test-webcrypto-derivebits-hkdf.js
+++ b/test/parallel/test-webcrypto-derivebits-hkdf.js
@@ -259,15 +259,18 @@ async function testDeriveBitsBadLengths(
   return Promise.all([
     assert.rejects(
       subtle.deriveBits(algorithm, baseKeys[size], 0), {
-        message: /length cannot be zero/
+        message: /length cannot be zero/,
+        name: 'OperationError',
       }),
     assert.rejects(
       subtle.deriveBits(algorithm, baseKeys[size], null), {
-        code: 'ERR_INVALID_ARG_TYPE'
+        message: 'length cannot be null',
+        name: 'OperationError',
       }),
     assert.rejects(
       subtle.deriveBits(algorithm, baseKeys[size], 15), {
-        message: /length must be a multiple of 8/
+        message: /length must be a multiple of 8/,
+        name: 'OperationError',
       }),
   ]);
 }
diff --git a/test/pummel/test-webcrypto-derivebits-pbkdf2.js b/test/pummel/test-webcrypto-derivebits-pbkdf2.js
index e7ed4f6bd646dd..a91c9545cd4d3a 100644
--- a/test/pummel/test-webcrypto-derivebits-pbkdf2.js
+++ b/test/pummel/test-webcrypto-derivebits-pbkdf2.js
@@ -448,15 +448,18 @@ async function testDeriveBitsBadLengths(
   return Promise.all([
     assert.rejects(
       subtle.deriveBits(algorithm, baseKeys[size], 0), {
-        message: /length cannot be zero/
+        message: /length cannot be zero/,
+        name: 'OperationError',
       }),
     assert.rejects(
       subtle.deriveBits(algorithm, baseKeys[size], null), {
-        code: 'ERR_INVALID_ARG_TYPE'
+        message: 'length cannot be null',
+        name: 'OperationError',
       }),
     assert.rejects(
       subtle.deriveBits(algorithm, baseKeys[size], 15), {
-        message: /length must be a multiple of 8/
+        message: /length must be a multiple of 8/,
+        name: 'OperationError',
       }),
   ]);
 }