Skip to content

Commit

Permalink
crypto: adjust minimum length in generateKey('hmac', ...)
Browse files Browse the repository at this point in the history
Also affects generateKeySync('hmac', ...)

PR-URL: #42944
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
  • Loading branch information
LiviaMedeiros authored and juanarbol committed May 31, 2022
1 parent 3abaf4d commit 6a479d8
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 3 deletions.
4 changes: 2 additions & 2 deletions doc/api/crypto.md
Original file line number Diff line number Diff line change
Expand Up @@ -3600,7 +3600,7 @@ added: v15.0.0
* `options`: {Object}
* `length`: {number} The bit length of the key to generate. This must be a
value greater than 0.
* If `type` is `'hmac'`, the minimum is 1, and the maximum length is
* If `type` is `'hmac'`, the minimum is 8, and the maximum length is
2<sup>31</sup>-1. If the value is not a multiple of 8, the generated
key will be truncated to `Math.floor(length / 8)`.
* If `type` is `'aes'`, the length must be one of `128`, `192`, or `256`.
Expand Down Expand Up @@ -3867,7 +3867,7 @@ added: v15.0.0
accepted values are `'hmac'` and `'aes'`.
* `options`: {Object}
* `length`: {number} The bit length of the key to generate.
* If `type` is `'hmac'`, the minimum is 1, and the maximum length is
* If `type` is `'hmac'`, the minimum is 8, and the maximum length is
2<sup>31</sup>-1. If the value is not a multiple of 8, the generated
key will be truncated to `Math.floor(length / 8)`.
* If `type` is `'aes'`, the length must be one of `128`, `192`, or `256`.
Expand Down
2 changes: 1 addition & 1 deletion lib/internal/crypto/keygen.js
Original file line number Diff line number Diff line change
Expand Up @@ -356,7 +356,7 @@ function generateKeyJob(mode, keyType, options) {
const { length } = options;
switch (keyType) {
case 'hmac':
validateInteger(length, 'options.length', 1, 2 ** 31 - 1);
validateInteger(length, 'options.length', 8, 2 ** 31 - 1);
break;
case 'aes':
validateOneOf(length, 'options.length', kAesKeyLengths);
Expand Down
16 changes: 16 additions & 0 deletions test/parallel/test-crypto-secret-keygen.js
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,14 @@ assert.throws(() => generateKey('hmac', { length: -1 }, common.mustNotCall()), {
code: 'ERR_OUT_OF_RANGE'
});

assert.throws(() => generateKey('hmac', { length: 4 }, common.mustNotCall()), {
code: 'ERR_OUT_OF_RANGE'
});

assert.throws(() => generateKey('hmac', { length: 7 }, common.mustNotCall()), {
code: 'ERR_OUT_OF_RANGE'
});

assert.throws(
() => generateKey('hmac', { length: 2 ** 31 }, common.mustNotCall()), {
code: 'ERR_OUT_OF_RANGE'
Expand All @@ -60,6 +68,14 @@ assert.throws(() => generateKeySync('hmac', { length: -1 }), {
code: 'ERR_OUT_OF_RANGE'
});

assert.throws(() => generateKeySync('hmac', { length: 4 }), {
code: 'ERR_OUT_OF_RANGE'
});

assert.throws(() => generateKeySync('hmac', { length: 7 }), {
code: 'ERR_OUT_OF_RANGE'
});

assert.throws(
() => generateKeySync('hmac', { length: 2 ** 31 }), {
code: 'ERR_OUT_OF_RANGE'
Expand Down

0 comments on commit 6a479d8

Please sign in to comment.