Skip to content
/ node Public
forked from nodejs/node

Commit

Permalink
crypto: fix webcrypto deriveBits validations
Browse files Browse the repository at this point in the history
PR-URL: nodejs#44173
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
  • Loading branch information
panva committed Oct 3, 2022
1 parent ed04bc2 commit 81305f4
Show file tree
Hide file tree
Showing 5 changed files with 23 additions and 521 deletions.
4 changes: 3 additions & 1 deletion lib/internal/crypto/hkdf.js
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,6 @@ function hkdfSync(hash, key, salt, info, length) {
}

async function hkdfDeriveBits(algorithm, baseKey, length) {
validateUint32(length, 'length');
const { hash } = algorithm;
const salt = getArrayBufferOrView(algorithm.salt, 'algorithm.salt');
const info = getArrayBufferOrView(algorithm.info, 'algorithm.info');
Expand All @@ -153,6 +152,9 @@ async function hkdfDeriveBits(algorithm, baseKey, length) {
if (length !== undefined) {
if (length === 0)
throw lazyDOMException('length cannot be zero', 'OperationError');
if (length === null)
throw lazyDOMException('length cannot be null', 'OperationError');
validateUint32(length, 'length');
if (length % 8) {
throw lazyDOMException(
'length must be a multiple of 8',
Expand Down
10 changes: 8 additions & 2 deletions lib/internal/crypto/pbkdf2.js
Original file line number Diff line number Diff line change
Expand Up @@ -98,13 +98,16 @@ function check(password, salt, iterations, keylen, digest) {
}

async function pbkdf2DeriveBits(algorithm, baseKey, length) {
validateUint32(length, 'length');
const { iterations } = algorithm;
let { hash } = algorithm;
const salt = getArrayBufferOrView(algorithm.salt, 'algorithm.salt');
if (hash === undefined)
throw new ERR_MISSING_OPTION('algorithm.hash');
validateInteger(iterations, 'algorithm.iterations', 1);
validateInteger(iterations, 'algorithm.iterations');
if (iterations === 0)
throw lazyDOMException(
'iterations cannot be zero',
'OperationError');

hash = normalizeHashName(hash.name);

Expand All @@ -114,6 +117,9 @@ async function pbkdf2DeriveBits(algorithm, baseKey, length) {
if (length !== undefined) {
if (length === 0)
throw lazyDOMException('length cannot be zero', 'OperationError');
if (length === null)
throw lazyDOMException('length cannot be null', 'OperationError');
validateUint32(length, 'length');
if (length % 8) {
throw lazyDOMException(
'length must be a multiple of 8',
Expand Down
9 changes: 6 additions & 3 deletions test/parallel/test-webcrypto-derivebits-hkdf.js
Original file line number Diff line number Diff line change
Expand Up @@ -259,15 +259,18 @@ async function testDeriveBitsBadLengths(
return Promise.all([
assert.rejects(
subtle.deriveBits(algorithm, baseKeys[size], 0), {
message: /length cannot be zero/
message: /length cannot be zero/,
name: 'OperationError',
}),
assert.rejects(
subtle.deriveBits(algorithm, baseKeys[size], null), {
code: 'ERR_INVALID_ARG_TYPE'
message: 'length cannot be null',
name: 'OperationError',
}),
assert.rejects(
subtle.deriveBits(algorithm, baseKeys[size], 15), {
message: /length must be a multiple of 8/
message: /length must be a multiple of 8/,
name: 'OperationError',
}),
]);
}
Expand Down
9 changes: 6 additions & 3 deletions test/pummel/test-webcrypto-derivebits-pbkdf2.js
Original file line number Diff line number Diff line change
Expand Up @@ -448,15 +448,18 @@ async function testDeriveBitsBadLengths(
return Promise.all([
assert.rejects(
subtle.deriveBits(algorithm, baseKeys[size], 0), {
message: /length cannot be zero/
message: /length cannot be zero/,
name: 'OperationError',
}),
assert.rejects(
subtle.deriveBits(algorithm, baseKeys[size], null), {
code: 'ERR_INVALID_ARG_TYPE'
message: 'length cannot be null',
name: 'OperationError',
}),
assert.rejects(
subtle.deriveBits(algorithm, baseKeys[size], 15), {
message: /length must be a multiple of 8/
message: /length must be a multiple of 8/,
name: 'OperationError',
}),
]);
}
Expand Down
Loading

0 comments on commit 81305f4

Please sign in to comment.