mirror of
https://github.com/denoland/deno.git
synced 2025-01-21 21:50:00 -05:00
fix(crypto): handling large key length in HKDF (#12692)
This commit is contained in:
parent
a2c8f554c4
commit
e00bfecf96
2 changed files with 31 additions and 2 deletions
|
@ -513,6 +513,31 @@ unitTest(async function testHkdfDeriveBits() {
|
|||
assertEquals(result.byteLength, 128 / 8);
|
||||
});
|
||||
|
||||
unitTest(async function testHkdfDeriveBitsWithLargeKeySize() {
|
||||
const key = await crypto.subtle.importKey(
|
||||
"raw",
|
||||
new Uint8Array([0x00]),
|
||||
"HKDF",
|
||||
false,
|
||||
["deriveBits"],
|
||||
);
|
||||
assertRejects(
|
||||
() =>
|
||||
crypto.subtle.deriveBits(
|
||||
{
|
||||
name: "HKDF",
|
||||
hash: "SHA-1",
|
||||
salt: new Uint8Array(),
|
||||
info: new Uint8Array(),
|
||||
},
|
||||
key,
|
||||
((20 * 255) << 3) + 8,
|
||||
),
|
||||
DOMException,
|
||||
"The length provided for HKDF is too large",
|
||||
);
|
||||
});
|
||||
|
||||
unitTest(async function testDeriveKey() {
|
||||
// Test deriveKey
|
||||
const rawKey = await crypto.getRandomValues(new Uint8Array(16));
|
||||
|
|
|
@ -876,10 +876,14 @@ pub async fn op_crypto_derive_bits(
|
|||
let salt = hkdf::Salt::new(algorithm, salt);
|
||||
let prk = salt.extract(&secret);
|
||||
let info = &[&*info];
|
||||
let okm = prk.expand(info, HkdfOutput(length))?;
|
||||
let okm = prk.expand(info, HkdfOutput(length)).map_err(|_e| {
|
||||
custom_error(
|
||||
"DOMExceptionOperationError",
|
||||
"The length provided for HKDF is too large",
|
||||
)
|
||||
})?;
|
||||
let mut r = vec![0u8; length];
|
||||
okm.fill(&mut r)?;
|
||||
|
||||
Ok(r.into())
|
||||
}
|
||||
_ => Err(type_error("Unsupported algorithm".to_string())),
|
||||
|
|
Loading…
Add table
Reference in a new issue