From 980f7502755e199e82814ae33554796a4b2f12bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20Fern=C3=A1ndez=20Garc=C3=ADa-Boente?= Date: Fri, 8 Nov 2024 01:11:16 +0100 Subject: [PATCH] HDKF and PBKDF2 returns an empty string when length is zero The PR#380 [1] changed the PBKDF2 deriveBits operation to allow zero length and introduced an additional step to return an empty string in that case. It also reversted the PR#275 [2] so that HKDF also handles the zero length in the same way. This PR updates the tests cases affecting this 2 algorithms on the cases where zero was passed in the length parameter. [1] https://github.com/w3c/webcrypto/pull/380 [2] https://github.com/w3c/webcrypto/pull/275 --- .../derived_bits_length_testcases.js | 4 ++-- WebCryptoAPI/derive_bits_keys/hkdf.js | 4 ++-- WebCryptoAPI/derive_bits_keys/pbkdf2.js | 20 +++++++++---------- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/WebCryptoAPI/derive_bits_keys/derived_bits_length_testcases.js b/WebCryptoAPI/derive_bits_keys/derived_bits_length_testcases.js index 518c781d9f15b4e..2679fa79e2a044d 100644 --- a/WebCryptoAPI/derive_bits_keys/derived_bits_length_testcases.js +++ b/WebCryptoAPI/derive_bits_keys/derived_bits_length_testcases.js @@ -3,7 +3,7 @@ var testCases = { {length: 256, expected: algorithms["HKDF"].derivation}, {length: 384, expected: algorithms["HKDF"].derivation384}, {length: 230, expected: undefined}, // should throw an exception, not multiple of 8 - {length: 0, expected: undefined}, // explicitly disallowed, so should throw + {length: 0, expected: emptyArray}, {length: null, expected: undefined }, // should throw an exception {length: undefined, expected: undefined }, // should throw an exception {length: "omitted", expected: undefined }, // default value is null, so should throw @@ -12,7 +12,7 @@ var testCases = { {length: 256, expected: algorithms["PBKDF2"].derivation}, {length: 384, expected: algorithms["PBKDF2"].derivation384}, {length: 230, expected: undefined}, // should throw an exception, not multiple of 8 - {length: 0, expected: undefined}, // explicitly disallowed, so should throw + {length: 0, expected: emptyArray}, {length: null, expected: undefined }, // should throw an exception {length: undefined, expected: undefined }, // should throw an exception {length: "omitted", expected: undefined }, // default value is null, so should throw diff --git a/WebCryptoAPI/derive_bits_keys/hkdf.js b/WebCryptoAPI/derive_bits_keys/hkdf.js index b2dfda0257bc81b..0384f88ec73e439 100644 --- a/WebCryptoAPI/derive_bits_keys/hkdf.js +++ b/WebCryptoAPI/derive_bits_keys/hkdf.js @@ -45,13 +45,13 @@ function define_tests() { }); }, testName); - // 0 length (OperationError) + // 0 length subsetTest(promise_test, function(test) { return subtle.deriveBits(algorithm, baseKeys[derivedKeySize], 0) .then(function(derivation) { assert_equals(derivation.byteLength, 0, "Derived correctly empty key"); }, function(err) { - assert_equals(err.name, "OperationError", "deriveBits with 0 length correctly threw OperationError: " + err.message); + assert_unreached("deriveBits failed with error " + err.name + ": " + err.message); }); }, testName + " with 0 length"); diff --git a/WebCryptoAPI/derive_bits_keys/pbkdf2.js b/WebCryptoAPI/derive_bits_keys/pbkdf2.js index 090806ceb6b3eaa..d576551c196d2f1 100644 --- a/WebCryptoAPI/derive_bits_keys/pbkdf2.js +++ b/WebCryptoAPI/derive_bits_keys/pbkdf2.js @@ -42,6 +42,16 @@ function define_tests() { }); }, testName); + // 0 length (OperationError) + subsetTest(promise_test, function(test) { + return subtle.deriveBits({name: "PBKDF2", salt: salts[saltSize], hash: hashName, iterations: parseInt(iterations)}, baseKeys[passwordSize], 0) + .then(function(derivation) { + assert_unreached("0 length should have thrown an OperationError"); + }, function(err) { + assert_unreached("deriveBits failed with error " + err.name + ": " + err.message); + }); + }, testName + " with 0 length"); + // Check for correct deriveKey results for every kind of // key that can be created by the deriveKeys operation. derivedKeyTypes.forEach(function(derivedKeyType) { @@ -103,16 +113,6 @@ function define_tests() { }); - // 0 length (OperationError) - subsetTest(promise_test, function(test) { - return subtle.deriveBits({name: "PBKDF2", salt: salts[saltSize], hash: hashName, iterations: parseInt(iterations)}, baseKeys[passwordSize], 0) - .then(function(derivation) { - assert_unreached("0 length should have thrown an OperationError"); - }, function(err) { - assert_equals(err.name, "OperationError", "deriveBits with 0 length correctly threw OperationError: " + err.message); - }); - }, testName + " with 0 length"); - // length not multiple of 8 (OperationError) subsetTest(promise_test, function(test) { return subtle.deriveBits({name: "PBKDF2", salt: salts[saltSize], hash: hashName, iterations: parseInt(iterations)}, baseKeys[passwordSize], 44)