crypto: make deriveBits length parameter optional and nullable

PR-URL: https://github.com/nodejs/node/pull/53601 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
2024-11-21 10:59:27 +00:00 · 2024-06-29 00:21:29 +02:00 · 2024-06-29 00:21:29 +02:00 · d65b17082b
commit d65b17082b
parent 0062d5a076
7 changed files with 51 additions and 9 deletions
--- a/doc/api/webcrypto.md
+++ b/doc/api/webcrypto.md
@ -569,11 +569,15 @@ The algorithms currently supported include:
 * `'AES-CBC'`
 * `'AES-GCM`'
-### `subtle.deriveBits(algorithm, baseKey, length)`
+### `subtle.deriveBits(algorithm, baseKey[, length])`
 <!-- YAML
 added: v15.0.0
 changes:
  - version: REPLACEME
    pr-url: https://github.com/nodejs/node/pull/53601
    description: The length parameter is now optional for `'ECDH'`, `'X25519'`,
                 and `'X448'`.
  - version:
    - v18.4.0
    - v16.17.0
@ -585,7 +589,7 @@ changes:
 * `algorithm`: {AlgorithmIdentifier|EcdhKeyDeriveParams|HkdfParams|Pbkdf2Params}
 * `baseKey`: {CryptoKey}
-* `length`: {number|null}
+* `length`: {number|null} **Default:** `null`
 * Returns: {Promise} Fulfills with an {ArrayBuffer}
 <!--lint enable maximum-line-length remark-lint-->
@ -594,12 +598,12 @@ Using the method and parameters specified in `algorithm` and the keying
 material provided by `baseKey`, `subtle.deriveBits()` attempts to generate
 `length` bits.
-The Node.js implementation requires that when `length` is a
+The Node.js implementation requires that `length`, when a number, is a multiple
-number it must be multiple of `8`.
+of `8`.
-When `length` is `null` the maximum number of bits for a given algorithm is
+When `length` is not provided or `null` the maximum number of bits for a given
-generated. This is allowed for the `'ECDH'`, `'X25519'`, and `'X448'`
+algorithm is generated. This is allowed for the `'ECDH'`, `'X25519'`, and `'X448'`
-algorithms.
+algorithms, for other algorithms `length` is required to be a number.
 If successful, the returned promise will be resolved with an {ArrayBuffer}
 containing the generated data.
--- a/lib/internal/crypto/webcrypto.js
+++ b/lib/internal/crypto/webcrypto.js
@ -173,12 +173,12 @@ async function generateKey(
  return result;
 }
-async function deriveBits(algorithm, baseKey, length) {
+async function deriveBits(algorithm, baseKey, length = null) {
  if (this !== subtle) throw new ERR_INVALID_THIS('SubtleCrypto');
  webidl ??= require('internal/crypto/webidl');
  const prefix = "Failed to execute 'deriveBits' on 'SubtleCrypto'";
-  webidl.requiredArguments(arguments.length, 3, { prefix });
+  webidl.requiredArguments(arguments.length, 2, { prefix });
  algorithm = webidl.converters.AlgorithmIdentifier(algorithm, {
    prefix,
    context: '1st argument',
--- a/test/parallel/test-webcrypto-derivebits-cfrg.js
+++ b/test/parallel/test-webcrypto-derivebits-cfrg.js
@ -101,6 +101,16 @@ async function prepareKeys() {
        assert.strictEqual(Buffer.from(bits).toString('hex'), result);
      }
      {
        // Default length
        const bits = await subtle.deriveBits({
          name,
          public: publicKey
        }, privateKey);
        assert.strictEqual(Buffer.from(bits).toString('hex'), result);
      }
      {
        // Short Result
        const bits = await subtle.deriveBits({
--- a/test/parallel/test-webcrypto-derivebits-ecdh.js
+++ b/test/parallel/test-webcrypto-derivebits-ecdh.js
@ -122,6 +122,16 @@ async function prepareKeys() {
        assert.strictEqual(Buffer.from(bits).toString('hex'), result);
      }
      {
        // Default length
        const bits = await subtle.deriveBits({
          name: 'ECDH',
          public: publicKey
        }, privateKey);
        assert.strictEqual(Buffer.from(bits).toString('hex'), result);
      }
      {
        // Short Result
        const bits = await subtle.deriveBits({
--- a/test/parallel/test-webcrypto-derivebits-hkdf.js
+++ b/test/parallel/test-webcrypto-derivebits-hkdf.js
@ -271,6 +271,11 @@ async function testDeriveBitsBadLengths(
        message: 'length cannot be null',
        name: 'OperationError',
      }),
    assert.rejects(
      subtle.deriveBits(algorithm, baseKeys[size]), {
        message: 'length cannot be null',
        name: 'OperationError',
      }),
    assert.rejects(
      subtle.deriveBits(algorithm, baseKeys[size], 15), {
        message: /length must be a multiple of 8/,
--- a/test/pummel/test-webcrypto-derivebits-pbkdf2.js
+++ b/test/pummel/test-webcrypto-derivebits-pbkdf2.js
@ -459,6 +459,11 @@ async function testDeriveBitsBadLengths(
        message: 'length cannot be null',
        name: 'OperationError',
      }),
    assert.rejects(
      subtle.deriveBits(algorithm, baseKeys[size]), {
        message: 'length cannot be null',
        name: 'OperationError',
      }),
    assert.rejects(
      subtle.deriveBits(algorithm, baseKeys[size], 15), {
        message: /length must be a multiple of 8/,
--- a/test/wpt/status/WebCryptoAPI.json
+++ b/test/wpt/status/WebCryptoAPI.json
@ -4,5 +4,13 @@
  },
  "historical.any.js": {
    "skip": "Not relevant in Node.js context"
  },
  "idlharness.https.any.js": {
    "fail": {
      "note": "WPT not updated for https://github.com/w3c/webcrypto/pull/345 yet",
      "expected": [
        "SubtleCrypto interface: operation deriveBits(AlgorithmIdentifier, CryptoKey, unsigned long)"
      ]
    }
  }
 }