Skip to content

Commit

Permalink
crypto: remove webcrypto HKDF and PBKDF2 default-applied lengths
Browse files Browse the repository at this point in the history
  • Loading branch information
panva committed Oct 10, 2022
1 parent 4d94be3 commit a761f04
Show file tree
Hide file tree
Showing 4 changed files with 46 additions and 46 deletions.
47 changes: 21 additions & 26 deletions lib/internal/crypto/hkdf.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

const {
FunctionPrototypeCall,
Promise,
} = primordials;

const {
Expand All @@ -15,7 +14,6 @@ const {
validateFunction,
validateInteger,
validateString,
validateUint32,
} = require('internal/validators');

const { kMaxLength } = require('buffer');
Expand All @@ -35,6 +33,7 @@ const {

const {
lazyDOMException,
promisify,
} = require('internal/util');

const {
Expand Down Expand Up @@ -139,40 +138,36 @@ function hkdfSync(hash, key, salt, info, length) {
return bits;
}

const hkdfPromise = promisify(hkdf);
async function hkdfDeriveBits(algorithm, baseKey, length) {
const { hash } = algorithm;
const salt = getArrayBufferOrView(algorithm.salt, 'algorithm.salt');
const info = getArrayBufferOrView(algorithm.info, 'algorithm.info');
if (hash === undefined)
throw new ERR_MISSING_OPTION('algorithm.hash');

let byteLength = 512 / 8;
if (length !== undefined) {
if (length === 0)
throw lazyDOMException('length cannot be zero', 'OperationError');
if (length === null)
throw lazyDOMException('length cannot be null', 'OperationError');
validateUint32(length, 'length');
if (length % 8) {
throw lazyDOMException(
'length must be a multiple of 8',
'OperationError');
}
byteLength = length / 8;
if (length === 0)
throw lazyDOMException('length cannot be zero', 'OperationError');
if (length === null)
throw lazyDOMException('length cannot be null', 'OperationError');
if (length % 8) {
throw lazyDOMException(
'length must be a multiple of 8',
'OperationError');
}

return new Promise((resolve, reject) => {
hkdf(
normalizeHashName(hash.name),
baseKey[kKeyObject],
salt,
info,
byteLength,
(err, bits) => {
if (err) return reject(err);
resolve(bits);
});
const bits = await hkdfPromise(
normalizeHashName(hash.name),
baseKey[kKeyObject],
salt,
info,
length / 8
).catch((err) => {
throw lazyDOMException(
'The operation failed for an operation-specific reason',
{ name: 'OperationError', cause: err });
});
return bits;
}

module.exports = {
Expand Down
37 changes: 17 additions & 20 deletions lib/internal/crypto/pbkdf2.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

const {
FunctionPrototypeCall,
Promise,
} = primordials;

const { Buffer } = require('buffer');
Expand All @@ -18,7 +17,6 @@ const {
validateInt32,
validateInteger,
validateString,
validateUint32,
} = require('internal/validators');

const { ERR_MISSING_OPTION } = require('internal/errors').codes;
Expand All @@ -32,6 +30,7 @@ const {

const {
lazyDOMException,
promisify,
} = require('internal/util');

function pbkdf2(password, salt, iterations, keylen, digest, callback) {
Expand Down Expand Up @@ -100,6 +99,7 @@ function check(password, salt, iterations, keylen, digest) {
return { password, salt, iterations, keylen, digest };
}

const pbkdf2Promise = promisify(pbkdf2);
async function pbkdf2DeriveBits(algorithm, baseKey, length) {
const { iterations } = algorithm;
let { hash } = algorithm;
Expand All @@ -116,27 +116,24 @@ async function pbkdf2DeriveBits(algorithm, baseKey, length) {

const raw = baseKey[kKeyObject].export();

let byteLength = 64; // the default
if (length !== undefined) {
if (length === 0)
throw lazyDOMException('length cannot be zero', 'OperationError');
if (length === null)
throw lazyDOMException('length cannot be null', 'OperationError');
validateUint32(length, 'length');
if (length % 8) {
throw lazyDOMException(
'length must be a multiple of 8',
'OperationError');
}
byteLength = length / 8;
if (length === 0)
throw lazyDOMException('length cannot be zero', 'OperationError');
if (length === null)
throw lazyDOMException('length cannot be null', 'OperationError');
if (length % 8) {
throw lazyDOMException(
'length must be a multiple of 8',
'OperationError');
}

return new Promise((resolve, reject) => {
pbkdf2(raw, salt, iterations, byteLength, hash, (err, result) => {
if (err) return reject(err);
resolve(result.buffer);
});
const result = await pbkdf2Promise(
raw, salt, iterations, length / 8, hash
).catch((err) => {
throw lazyDOMException(
'The operation failed for an operation-specific reason',
{ name: 'OperationError', cause: err });
});
return result.buffer;
}

module.exports = {
Expand Down
4 changes: 4 additions & 0 deletions test/parallel/test-webcrypto-derivebits-hkdf.js
Original file line number Diff line number Diff line change
Expand Up @@ -257,6 +257,10 @@ async function testDeriveBitsBadLengths(
};

return Promise.all([
assert.rejects(
subtle.deriveBits(algorithm, baseKeys[size], undefined), {
name: 'OperationError',
}),
assert.rejects(
subtle.deriveBits(algorithm, baseKeys[size], 0), {
message: /length cannot be zero/,
Expand Down
4 changes: 4 additions & 0 deletions test/pummel/test-webcrypto-derivebits-pbkdf2.js
Original file line number Diff line number Diff line change
Expand Up @@ -445,6 +445,10 @@ async function testDeriveBitsBadLengths(
};

return Promise.all([
assert.rejects(
subtle.deriveBits(algorithm, baseKeys[size], undefined), {
name: 'OperationError',
}),
assert.rejects(
subtle.deriveBits(algorithm, baseKeys[size], 0), {
message: /length cannot be zero/,
Expand Down

0 comments on commit a761f04

Please sign in to comment.