fix(crypto): handling large key length in HKDF (denoland#12692)

unibg-seclab · Nov 11, 2021 · e00bfec · e00bfec
1 parent a2c8f55
commit e00bfec
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 2 deletions.
diff --git a/cli/tests/unit/webcrypto_test.ts b/cli/tests/unit/webcrypto_test.ts
@@ -513,6 +513,31 @@ unitTest(async function testHkdfDeriveBits() {
  assertEquals(result.byteLength, 128 / 8);
 });
 
+unitTest(async function testHkdfDeriveBitsWithLargeKeySize() {
+ const key = await crypto.subtle.importKey(
+ "raw",
+ new Uint8Array([0x00]),
+ "HKDF",
+ false,
+ ["deriveBits"],
+ );
+ assertRejects(
+ () =>
+ crypto.subtle.deriveBits(
+ {
+ name: "HKDF",
+ hash: "SHA-1",
+ salt: new Uint8Array(),
+ info: new Uint8Array(),
+ },
+ key,
+ ((20 * 255) << 3) + 8,
+ ),
+ DOMException,
+ "The length provided for HKDF is too large",
+ );
+});
+
 unitTest(async function testDeriveKey() {
  // Test deriveKey
  const rawKey = await crypto.getRandomValues(new Uint8Array(16));

diff --git a/ext/crypto/lib.rs b/ext/crypto/lib.rs
@@ -876,10 +876,14 @@ pub async fn op_crypto_derive_bits(
  let salt = hkdf::Salt::new(algorithm, salt);
  let prk = salt.extract(&secret);
  let info = &[&*info];
- let okm = prk.expand(info, HkdfOutput(length))?;
+ let okm = prk.expand(info, HkdfOutput(length)).map_err(|_e| {
+ custom_error(
+ "DOMExceptionOperationError",
+ "The length provided for HKDF is too large",
+ )
+ })?;
  let mut r = vec![0u8; length];
  okm.fill(&mut r)?;
-
  Ok(r.into())
  }
  _ => Err(type_error("Unsupported algorithm".to_string())),