diff options
author | Filip Skokan <panva.ip@gmail.com> | 2022-04-02 17:54:35 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-04-02 17:54:35 +0300 |
commit | 18bd02f245ca34bcde8c707f1e5b1ed3813c7926 (patch) | |
tree | 72c663b5f0eb72cbcf9951a927913b2976389e95 /lib | |
parent | 53da438ab8b5595999546b482bd3cd7be15281a9 (diff) |
crypto: fix webcrypto derive key lengths
PR-URL: https://github.com/nodejs/node/pull/42542
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/internal/crypto/webcrypto.js | 37 |
1 files changed, 36 insertions, 1 deletions
diff --git a/lib/internal/crypto/webcrypto.js b/lib/internal/crypto/webcrypto.js index 63dd03bd00e..a7916e6ac34 100644 --- a/lib/internal/crypto/webcrypto.js +++ b/lib/internal/crypto/webcrypto.js @@ -153,6 +153,41 @@ async function deriveBits(algorithm, baseKey, length) { throw lazyDOMException('Unrecognized name.'); } +function getKeyLength({ name, length, hash }) { + switch (name) { + case 'AES-CTR': + case 'AES-CBC': + case 'AES-GCM': + case 'AES-KW': + if (length !== 128 && length !== 192 && length !== 256) + throw lazyDOMException('Invalid key length', 'OperationError'); + + return length; + case 'HMAC': + if (length === undefined) { + switch (hash?.name) { + case 'SHA-1': + return 160; + case 'SHA-256': + return 256; + case 'SHA-384': + return 384; + case 'SHA-512': + return 512; + } + } + + if (typeof length === 'number' && length !== 0) { + return length; + } + + throw lazyDOMException('Invalid key length', 'OperationError'); + case 'HKDF': + case 'PBKDF2': + return null; + } +} + async function deriveKey( algorithm, baseKey, @@ -176,7 +211,7 @@ async function deriveKey( validateBoolean(extractable, 'extractable'); validateArray(keyUsages, 'keyUsages'); - const { length } = derivedKeyAlgorithm; + const length = getKeyLength(derivedKeyAlgorithm); let bits; switch (algorithm.name) { case 'ECDH': |