Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(crypto): handling large key length in HKDF #12692

Merged
merged 6 commits into from
Nov 11, 2021
Merged

fix(crypto): handling large key length in HKDF #12692

merged 6 commits into from
Nov 11, 2021

Conversation

upendra1997
Copy link
Contributor

test.js file contains content:

new Uint8Array(
  await globalThis.crypto.subtle.deriveBits(
    {
      name: "HKDF",
      hash: "SHA-1",
      salt: new Uint8Array(),
      info: new Uint8Array(),
    },
    await globalThis.crypto.subtle.importKey(
      "raw",
      new Uint8Array([0x00]),
      "HKDF",
      false,
      ["deriveBits"]
    ),
    ((20 * 255) << 3) + 8 // 20 is block size of sha1, 255 is the maximum number of iterations, + 1 byte
  )
);

by running cargo run < test.js

❯ cargo run < test.js       
    Finished dev [unoptimized + debuginfo] target(s) in 1.08s
     Running `target/debug/deno`
Deno 1.15.3
exit using ctrl+d or close()
Uncaught DOMException: The length provided for HKDF is too large

failing testcases before this fix:

failures:
    integration::compile::compile
    integration::compiler_api
    integration::js_unit_tests
    integration::run::_034_onload
    integration::run::_045_proxy
    integration::run::tls_connecttls
    integration::run::tls_starttls
    integration::test::allow_all
    integration::test::allow_none
    integration::test::steps_invalid_usage
    integration::test::steps_passing_steps
    integration::test::steps_passing_steps_concurrent
    integration::websocket
    integration::websocket_server_multi_field_connection_header
    integration::websocketstream
    integration::worker::workers

after the fix:

failures:
    integration::compile::compile
    integration::compiler_api
    integration::js_unit_tests
    integration::run::_034_onload
    integration::run::_045_proxy
    integration::run::tls_connecttls
    integration::run::tls_starttls
    integration::test::allow_all
    integration::test::allow_none
    integration::test::steps_invalid_usage
    integration::test::steps_passing_steps
    integration::test::steps_passing_steps_concurrent
    integration::websocket
    integration::websocket_server_multi_field_connection_header
    integration::websocketstream
    integration::worker::workers

this fixes issue #12589

@upendra1997 upendra1997 mentioned this pull request Nov 8, 2021
Closed
@bartlomieju
Copy link
Member

Thanks for the PR, can you provide a test case that exercise the change?

littledivy
littledivy requested changes Nov 9, 2021
View reviewed changes
ext/crypto/lib.rs Show resolved Hide resolved
@upendra1997
Copy link
Contributor Author

Thanks for the PR, can you provide a test case that exercise the change?

I have included the test in the pr description.

@bartlomieju
Copy link
Member

Thanks for the PR, can you provide a test case that exercise the change?

I have included the test in the pr description.

@upendra1997 the test case should be included as an automated test that can run in CI; you can add it to cli/tests/unit/webcrypto_test.ts

bartlomieju
bartlomieju requested changes Nov 10, 2021
View reviewed changes
cli/tests/unit/webcrypto_test.ts Outdated
false,
["deriveBits"],
);
assertThrowsAsync(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Prefer to use assertRejects

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,

Thank you for reviewing; please check new revision.

Thank you,
Upendra Upadhyay.

bartlomieju
bartlomieju approved these changes Nov 11, 2021
View reviewed changes
Copy link
Member

@bartlomieju bartlomieju left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you @upendra1997

@bartlomieju bartlomieju merged commit e00bfec into denoland:main Nov 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bartlomieju bartlomieju bartlomieju approved these changes

@littledivy littledivy littledivy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@upendra1997 @bartlomieju @littledivy @kitsonk