Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 7565a75

Browse filesBrowse files
panvadanielleadams
panva
authored and
danielleadams
committed
crypto: remove webcrypto HKDF and PBKDF2 default-applied lengths
PR-URL: #44945 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
1 parent 631421e commit 7565a75
Copy full SHA for 7565a75

File tree

Expand file treeCollapse file tree

4 files changed

+47
-48
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

4 files changed

+47
-48
lines changed
Open diff view settings
Collapse file

‎lib/internal/crypto/hkdf.js‎

Copy file name to clipboardExpand all lines: lib/internal/crypto/hkdf.js
+19-27Lines changed: 19 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@
22

33
const {
44
FunctionPrototypeCall,
5-
Promise,
65
} = primordials;
76

87
const {
@@ -15,7 +14,6 @@ const {
1514
validateFunction,
1615
validateInteger,
1716
validateString,
18-
validateUint32,
1917
} = require('internal/validators');
2018

2119
const { kMaxLength } = require('buffer');
@@ -35,6 +33,7 @@ const {
3533

3634
const {
3735
lazyDOMException,
36+
promisify,
3837
} = require('internal/util');
3938

4039
const {
@@ -139,40 +138,33 @@ function hkdfSync(hash, key, salt, info, length) {
139138
return bits;
140139
}
141140

141+
const hkdfPromise = promisify(hkdf);
142142
async function hkdfDeriveBits(algorithm, baseKey, length) {
143143
const { hash } = algorithm;
144144
const salt = getArrayBufferOrView(algorithm.salt, 'algorithm.salt');
145145
const info = getArrayBufferOrView(algorithm.info, 'algorithm.info');
146146
if (hash === undefined)
147147
throw new ERR_MISSING_OPTION('algorithm.hash');
148148

149-
let byteLength = 512 / 8;
150-
if (length !== undefined) {
151-
if (length === 0)
152-
throw lazyDOMException('length cannot be zero', 'OperationError');
153-
if (length === null)
154-
throw lazyDOMException('length cannot be null', 'OperationError');
155-
validateUint32(length, 'length');
156-
if (length % 8) {
157-
throw lazyDOMException(
158-
'length must be a multiple of 8',
159-
'OperationError');
160-
}
161-
byteLength = length / 8;
149+
if (length === 0)
150+
throw lazyDOMException('length cannot be zero', 'OperationError');
151+
if (length === null)
152+
throw lazyDOMException('length cannot be null', 'OperationError');
153+
if (length % 8) {
154+
throw lazyDOMException(
155+
'length must be a multiple of 8',
156+
'OperationError');
162157
}
163158

164-
return new Promise((resolve, reject) => {
165-
hkdf(
166-
normalizeHashName(hash.name),
167-
baseKey[kKeyObject],
168-
salt,
169-
info,
170-
byteLength,
171-
(err, bits) => {
172-
if (err) return reject(err);
173-
resolve(bits);
174-
});
175-
});
159+
try {
160+
return await hkdfPromise(
161+
normalizeHashName(hash.name), baseKey[kKeyObject], salt, info, length / 8,
162+
);
163+
} catch (err) {
164+
throw lazyDOMException(
165+
'The operation failed for an operation-specific reason',
166+
{ name: 'OperationError', cause: err });
167+
}
176168
}
177169

178170
module.exports = {
Collapse file

‎lib/internal/crypto/pbkdf2.js‎

Copy file name to clipboardExpand all lines: lib/internal/crypto/pbkdf2.js
+20-21Lines changed: 20 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@
22

33
const {
44
FunctionPrototypeCall,
5-
Promise,
65
} = primordials;
76

87
const { Buffer } = require('buffer');
@@ -18,7 +17,6 @@ const {
1817
validateInt32,
1918
validateInteger,
2019
validateString,
21-
validateUint32,
2220
} = require('internal/validators');
2321

2422
const { ERR_MISSING_OPTION } = require('internal/errors').codes;
@@ -32,6 +30,7 @@ const {
3230

3331
const {
3432
lazyDOMException,
33+
promisify,
3534
} = require('internal/util');
3635

3736
function pbkdf2(password, salt, iterations, keylen, digest, callback) {
@@ -100,6 +99,7 @@ function check(password, salt, iterations, keylen, digest) {
10099
return { password, salt, iterations, keylen, digest };
101100
}
102101

102+
const pbkdf2Promise = promisify(pbkdf2);
103103
async function pbkdf2DeriveBits(algorithm, baseKey, length) {
104104
const { iterations } = algorithm;
105105
let { hash } = algorithm;
@@ -116,27 +116,26 @@ async function pbkdf2DeriveBits(algorithm, baseKey, length) {
116116

117117
const raw = baseKey[kKeyObject].export();
118118

119-
let byteLength = 64; // the default
120-
if (length !== undefined) {
121-
if (length === 0)
122-
throw lazyDOMException('length cannot be zero', 'OperationError');
123-
if (length === null)
124-
throw lazyDOMException('length cannot be null', 'OperationError');
125-
validateUint32(length, 'length');
126-
if (length % 8) {
127-
throw lazyDOMException(
128-
'length must be a multiple of 8',
129-
'OperationError');
130-
}
131-
byteLength = length / 8;
119+
if (length === 0)
120+
throw lazyDOMException('length cannot be zero', 'OperationError');
121+
if (length === null)
122+
throw lazyDOMException('length cannot be null', 'OperationError');
123+
if (length % 8) {
124+
throw lazyDOMException(
125+
'length must be a multiple of 8',
126+
'OperationError');
127+
}
128+
129+
let result;
130+
try {
131+
result = await pbkdf2Promise(raw, salt, iterations, length / 8, hash);
132+
} catch (err) {
133+
throw lazyDOMException(
134+
'The operation failed for an operation-specific reason',
135+
{ name: 'OperationError', cause: err });
132136
}
133137

134-
return new Promise((resolve, reject) => {
135-
pbkdf2(raw, salt, iterations, byteLength, hash, (err, result) => {
136-
if (err) return reject(err);
137-
resolve(result.buffer);
138-
});
139-
});
138+
return result.buffer;
140139
}
141140

142141
module.exports = {
Collapse file

‎test/parallel/test-webcrypto-derivebits-hkdf.js‎

Copy file name to clipboardExpand all lines: test/parallel/test-webcrypto-derivebits-hkdf.js
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -257,6 +257,10 @@ async function testDeriveBitsBadLengths(
257257
};
258258

259259
return Promise.all([
260+
assert.rejects(
261+
subtle.deriveBits(algorithm, baseKeys[size], undefined), {
262+
name: 'OperationError',
263+
}),
260264
assert.rejects(
261265
subtle.deriveBits(algorithm, baseKeys[size], 0), {
262266
message: /length cannot be zero/,
Collapse file

‎test/pummel/test-webcrypto-derivebits-pbkdf2.js‎

Copy file name to clipboardExpand all lines: test/pummel/test-webcrypto-derivebits-pbkdf2.js
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -445,6 +445,10 @@ async function testDeriveBitsBadLengths(
445445
};
446446

447447
return Promise.all([
448+
assert.rejects(
449+
subtle.deriveBits(algorithm, baseKeys[size], undefined), {
450+
name: 'OperationError',
451+
}),
448452
assert.rejects(
449453
subtle.deriveBits(algorithm, baseKeys[size], 0), {
450454
message: /length cannot be zero/,

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.