From 7669912cb7d1326b2f0455d4abaf45442b13143f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20Fern=C3=A1ndez=20Garc=C3=ADa-Boente?= Date: Thu, 7 Nov 2024 15:49:39 -0800 Subject: [PATCH] PBKDF2 allows zero length and returns and empty string This CL adapts our implementation to the spec change described in the PR#380 [1]. Instead of trowing an OperationError exception, we allow now zero as value for the 'length' parameter. Given that the deriveBits operation must result in an empty string, this change early returns to avoid the unnecessary computation of the bits derivation. The specific WTP defined for this case are modified in this CL as well, so no additional test cases are needed. [1] https://github.com/w3c/webcrypto/pull/380 Bug: 376493194 Change-Id: If685c349a0a9d134a8e8f7c902e8aac342945226 --- .../derive_bits_keys/derived_bits_length_testcases.js | 4 ++-- WebCryptoAPI/derive_bits_keys/pbkdf2.js | 10 ---------- 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/WebCryptoAPI/derive_bits_keys/derived_bits_length_testcases.js b/WebCryptoAPI/derive_bits_keys/derived_bits_length_testcases.js index 518c781d9f15b4..2679fa79e2a044 100644 --- a/WebCryptoAPI/derive_bits_keys/derived_bits_length_testcases.js +++ b/WebCryptoAPI/derive_bits_keys/derived_bits_length_testcases.js @@ -3,7 +3,7 @@ var testCases = { {length: 256, expected: algorithms["HKDF"].derivation}, {length: 384, expected: algorithms["HKDF"].derivation384}, {length: 230, expected: undefined}, // should throw an exception, not multiple of 8 - {length: 0, expected: undefined}, // explicitly disallowed, so should throw + {length: 0, expected: emptyArray}, {length: null, expected: undefined }, // should throw an exception {length: undefined, expected: undefined }, // should throw an exception {length: "omitted", expected: undefined }, // default value is null, so should throw @@ -12,7 +12,7 @@ var testCases = { {length: 256, expected: algorithms["PBKDF2"].derivation}, {length: 384, expected: algorithms["PBKDF2"].derivation384}, {length: 230, expected: undefined}, // should throw an exception, not multiple of 8 - {length: 0, expected: undefined}, // explicitly disallowed, so should throw + {length: 0, expected: emptyArray}, {length: null, expected: undefined }, // should throw an exception {length: undefined, expected: undefined }, // should throw an exception {length: "omitted", expected: undefined }, // default value is null, so should throw diff --git a/WebCryptoAPI/derive_bits_keys/pbkdf2.js b/WebCryptoAPI/derive_bits_keys/pbkdf2.js index 090806ceb6b3ea..7b5edb3e387180 100644 --- a/WebCryptoAPI/derive_bits_keys/pbkdf2.js +++ b/WebCryptoAPI/derive_bits_keys/pbkdf2.js @@ -103,16 +103,6 @@ function define_tests() { }); - // 0 length (OperationError) - subsetTest(promise_test, function(test) { - return subtle.deriveBits({name: "PBKDF2", salt: salts[saltSize], hash: hashName, iterations: parseInt(iterations)}, baseKeys[passwordSize], 0) - .then(function(derivation) { - assert_unreached("0 length should have thrown an OperationError"); - }, function(err) { - assert_equals(err.name, "OperationError", "deriveBits with 0 length correctly threw OperationError: " + err.message); - }); - }, testName + " with 0 length"); - // length not multiple of 8 (OperationError) subsetTest(promise_test, function(test) { return subtle.deriveBits({name: "PBKDF2", salt: salts[saltSize], hash: hashName, iterations: parseInt(iterations)}, baseKeys[passwordSize], 44)