From 3f7b1d518e5818da45930477c303280b9ee11648 Mon Sep 17 00:00:00 2001 From: Oleg Bespalov Date: Wed, 24 Apr 2024 16:24:41 +0200 Subject: [PATCH] deriveBits: document deriveBits limitation, and explicitly return an error --- README.md | 2 ++ webcrypto/subtle_crypto.go | 6 ++++++ webcrypto/tests/derive_bits_keys/ecdh_bits.js | 20 ++++++++++--------- 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 4ea8c89..4fb2d3f 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,8 @@ The current state of the project is that it is an experimental module of the Web | `crypto.subtle.deriveKey()` | ❌ | ❌ | ❌ | | `crypto.subtle.deriveBits()` | ✅ | ❌ | ❌ | +Note: `deriveBits` currently doesn't support length parameter non-multiple of 8. + ##### Key wrapping | API | AES-CBC | AES-GCM | AES-CTR | AES-KW | RSA-OAEP | diff --git a/webcrypto/subtle_crypto.go b/webcrypto/subtle_crypto.go index e381157..61a5ddd 100644 --- a/webcrypto/subtle_crypto.go +++ b/webcrypto/subtle_crypto.go @@ -703,6 +703,12 @@ func (sc *SubtleCrypto) DeriveBits( //nolint:funlen,gocognit // we have a lot of return NewError(InvalidAccessError, err.Error()) } + // currently we don't support lengths that are not multiples of 8 + // https://github.com/grafana/xk6-webcrypto/issues/80 + if length%8 != 0 { + return NewError(NotSupportedError, "currently only multiples of 8 are supported for length") + } + deriver, err = newBitsDeriver(normalizeAlgorithmName) if err != nil { return err diff --git a/webcrypto/tests/derive_bits_keys/ecdh_bits.js b/webcrypto/tests/derive_bits_keys/ecdh_bits.js index d21fd36..eb1b17b 100644 --- a/webcrypto/tests/derive_bits_keys/ecdh_bits.js +++ b/webcrypto/tests/derive_bits_keys/ecdh_bits.js @@ -87,15 +87,17 @@ function define_tests() { }); }, namedCurve + " short result"); - // Non-multiple of 8 - promise_test(function(test) { - return subtle.deriveBits({name: "ECDH", public: publicKeys[namedCurve]}, privateKeys[namedCurve], 8 * sizes[namedCurve] - 11) - .then(function(derivation) { - assert_true(equalBuffers(derivation, derivations[namedCurve], 8 * sizes[namedCurve] - 11), "Derived correct bits " + namedCurve + " size: " + 8 * sizes[namedCurve] + " derivation: " + JSON.stringify(derivation) + " expected: " + JSON.stringify(derivations[namedCurve]) ); - }, function(err) { - assert_unreached("deriveBits failed with error " + err.name + ": " + err.message); - }); - }, namedCurve + " non-multiple of 8 bits"); + // TODO: once we have support of lengths that are not a multiple of 8 bits, uncomment this test + // https://github.com/grafana/xk6-webcrypto/issues/80 + // // Non-multiple of 8 + // promise_test(function(test) { + // return subtle.deriveBits({name: "ECDH", public: publicKeys[namedCurve]}, privateKeys[namedCurve], 8 * sizes[namedCurve] - 11) + // .then(function(derivation) { + // assert_true(equalBuffers(derivation, derivations[namedCurve], 8 * sizes[namedCurve] - 11), "Derived correct bits " + namedCurve + " size: " + 8 * sizes[namedCurve] + " derivation: " + JSON.stringify(derivation) + " expected: " + JSON.stringify(derivations[namedCurve]) ); + // }, function(err) { + // assert_unreached("deriveBits failed with error " + err.name + ": " + err.message); + // }); + // }, namedCurve + " non-multiple of 8 bits"); // Errors to test: