crypto: fix webcrypto deriveBits validations

PR-URL: #44173 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Backport-PR-URL: #44872

Author: panva

lib/internal/crypto/hkdf.js

@@ -142,7 +142,6 @@ function hkdfSync(hash, key, salt, info, length){
 }
 
 asyncfunctionhkdfDeriveBits(algorithm,baseKey,length){
-validateUint32(length,'length');
 const{ hash }=algorithm;
 constsalt=getArrayBufferOrView(algorithm.salt,'algorithm.salt');
 constinfo=getArrayBufferOrView(algorithm.info,'algorithm.info');
@@ -153,6 +152,9 @@ async function hkdfDeriveBits(algorithm, baseKey, length){
 if(length!==undefined){
 if(length===0)
 throwlazyDOMException('length cannot be zero','OperationError');
+if(length===null)
+throwlazyDOMException('length cannot be null','OperationError');
+validateUint32(length,'length');
 if(length%8){
 throwlazyDOMException(
 'length must be a multiple of 8',

lib/internal/crypto/pbkdf2.js

@@ -101,13 +101,16 @@ function check(password, salt, iterations, keylen, digest){
 }
 
 asyncfunctionpbkdf2DeriveBits(algorithm,baseKey,length){
-validateUint32(length,'length');
 const{ iterations }=algorithm;
 let{ hash }=algorithm;
 constsalt=getArrayBufferOrView(algorithm.salt,'algorithm.salt');
 if(hash===undefined)
 thrownewERR_MISSING_OPTION('algorithm.hash');
-validateInteger(iterations,'algorithm.iterations',1);
+validateInteger(iterations,'algorithm.iterations');
+if(iterations===0)
+throwlazyDOMException(
+'iterations cannot be zero',
+'OperationError');
 
 hash=normalizeHashName(hash.name);
 
@@ -117,6 +120,9 @@ async function pbkdf2DeriveBits(algorithm, baseKey, length){
 if(length!==undefined){
 if(length===0)
 throwlazyDOMException('length cannot be zero','OperationError');
+if(length===null)
+throwlazyDOMException('length cannot be null','OperationError');
+validateUint32(length,'length');
 if(length%8){
 throwlazyDOMException(
 'length must be a multiple of 8',

test/parallel/test-webcrypto-derivebits-hkdf.js

@@ -259,15 +259,18 @@ async function testDeriveBitsBadLengths(
 returnPromise.all([
 assert.rejects(
 subtle.deriveBits(algorithm,baseKeys[size],0),{
-message: /lengthcannotbezero/
+message: /lengthcannotbezero/,
+name: 'OperationError',
 }),
 assert.rejects(
 subtle.deriveBits(algorithm,baseKeys[size],null),{
-code: 'ERR_INVALID_ARG_TYPE'
+message: 'length cannot be null',
+name: 'OperationError',
 }),
 assert.rejects(
 subtle.deriveBits(algorithm,baseKeys[size],15),{
-message: /lengthmustbeamultipleof8/
+message: /lengthmustbeamultipleof8/,
+name: 'OperationError',
 }),
 ]);
 }

test/pummel/test-webcrypto-derivebits-pbkdf2.js

@@ -448,15 +448,18 @@ async function testDeriveBitsBadLengths(
 returnPromise.all([
 assert.rejects(
 subtle.deriveBits(algorithm,baseKeys[size],0),{
-message: /lengthcannotbezero/
+message: /lengthcannotbezero/,
+name: 'OperationError',
 }),
 assert.rejects(
 subtle.deriveBits(algorithm,baseKeys[size],null),{
-code: 'ERR_INVALID_ARG_TYPE'
+message: 'length cannot be null',
+name: 'OperationError',
 }),
 assert.rejects(
 subtle.deriveBits(algorithm,baseKeys[size],15),{
-message: /lengthmustbeamultipleof8/
+message: /lengthmustbeamultipleof8/,
+name: 'OperationError',
 }),
 ]);
 }