Skip to content

Commit a60ae67

Browse files
panvadanielleadams
panva
authored and
danielleadams
committed
crypto: fix webcrypto generateKey() AES key length validation error
PR-URL: #44170 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
1 parent 90f3c5e commit a60ae67

File tree

3 files changed

+7
-681
lines changed

3 files changed

+7
-681
lines changed

lib/internal/crypto/aes.js

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -60,11 +60,6 @@ const {
6060
generateKey: _generateKey,
6161
} = require('internal/crypto/keygen');
6262

63-
const {
64-
validateInteger,
65-
validateOneOf,
66-
} = require('internal/validators');
67-
6863
const kMaxCounterLength = 128;
6964
const kTagLengths = [32, 64, 96, 104, 112, 120, 128];
7065
const generateKey = promisify(_generateKey);
@@ -228,8 +223,11 @@ function aesCipher(mode, key, data, algorithm) {
228223

229224
async function aesGenerateKey(algorithm, extractable, keyUsages) {
230225
const { name, length } = algorithm;
231-
validateInteger(length, 'algorithm.length');
232-
validateOneOf(length, 'algorithm.length', kAesKeyLengths);
226+
if (!ArrayPrototypeIncludes(kAesKeyLengths, length)) {
227+
throw lazyDOMException(
228+
'AES key length must be 128, 192, or 256 bits',
229+
'OperationError');
230+
}
233231

234232
const checkUsages = ['wrapKey', 'unwrapKey'];
235233
if (name !== 'AES-KW')

test/parallel/test-webcrypto-keygen.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -512,14 +512,14 @@ const vectors = {
512512
[1, 100, 257].forEach(async (length) => {
513513
await assert.rejects(
514514
subtle.generateKey({ name, length }, true, usages), {
515-
code: 'ERR_INVALID_ARG_VALUE'
515+
name: 'OperationError'
516516
});
517517
});
518518

519519
['', {}, [], false, null, undefined].forEach(async (length) => {
520520
await assert.rejects(
521521
subtle.generateKey({ name, length }, true, usages), {
522-
code: 'ERR_INVALID_ARG_TYPE'
522+
name: 'OperationError',
523523
});
524524
});
525525
}

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy