Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proposal: crypto: Make the digest parameter required for pbkdf2. #3292

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions doc/api/crypto.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -618,11 +618,11 @@ Example (obtaining a shared secret):
/* alice_secret and bob_secret should be the same */
console.log(alice_secret == bob_secret);

## crypto.pbkdf2(password, salt, iterations, keylen[, digest], callback)
## crypto.pbkdf2(password, salt, iterations, keylen, digest, callback)

Asynchronous PBKDF2 function. Applies the selected HMAC digest function
(default: SHA1) to derive a key of the requested length from the password,
salt and number of iterations. The callback gets two arguments:
Asynchronous PBKDF2 function. Applies the selected HMAC digest function to
derive a key of the requested length from the password, salt and number of
iterations. The callback gets two arguments:
`(err, derivedKey)`.

Example:
Expand Down
6 changes: 3 additions & 3 deletions lib/crypto.js
Original file line number Diff line number Diff line change
Expand Up @@ -537,9 +537,9 @@ exports.pbkdf2 = function(password,
keylen,
digest,
callback) {
if (typeof digest === 'function') {
callback = digest;
digest = undefined;

if (typeof digest !== 'string') {
throw new Error('No digest provided to pbkdf2');
}

if (typeof callback !== 'function')
Expand Down
3 changes: 2 additions & 1 deletion src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -4831,7 +4831,8 @@ void PBKDF2(const FunctionCallbackInfo<Value>& args) {
}

if (digest == nullptr) {
digest = EVP_sha1();
type_error = "Bad digest name";
goto err;
}

obj = env->NewInternalFieldObject();
Expand Down
8 changes: 5 additions & 3 deletions test/parallel/test-crypto-binary-default.js
Original file line number Diff line number Diff line change
Expand Up @@ -627,12 +627,14 @@ assert.strictEqual(rsaVerify.verify(rsaPubPem, rsaSignature, 'hex'), true);
// Test PBKDF2 with RFC 6070 test vectors (except #4)
//
function testPBKDF2(password, salt, iterations, keylen, expected) {
var actual = crypto.pbkdf2Sync(password, salt, iterations, keylen);
var actual = crypto.pbkdf2Sync(password, salt, iterations, keylen, 'sha1');
assert.equal(actual, expected);

crypto.pbkdf2(password, salt, iterations, keylen, function(err, actual) {
function assertCb(err, actual) {
assert.equal(actual, expected);
});
}

crypto.pbkdf2(password, salt, iterations, keylen, 'sha1', assertCb);
}


Expand Down
2 changes: 1 addition & 1 deletion test/parallel/test-crypto-domains.js
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ d.run(function() {
one();

function one() {
crypto.pbkdf2('a', 'b', 1, 8, function() {
crypto.pbkdf2('a', 'b', 1, 8, 'sha1', function() {
two();
throw new Error('pbkdf2');
});
Expand Down
16 changes: 9 additions & 7 deletions test/parallel/test-crypto-pbkdf2.js
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,14 @@ var crypto = require('crypto');
// Test PBKDF2 with RFC 6070 test vectors (except #4)
//
function testPBKDF2(password, salt, iterations, keylen, expected) {
var actual = crypto.pbkdf2Sync(password, salt, iterations, keylen);
var actual = crypto.pbkdf2Sync(password, salt, iterations, keylen, 'sha1');
assert.equal(actual.toString('binary'), expected);

crypto.pbkdf2(password, salt, iterations, keylen, function(err, actual) {
function assertCb(err, actual) {
assert.equal(actual.toString('binary'), expected);
});
}

crypto.pbkdf2(password, salt, iterations, keylen, 'sha1', assertCb);
}


Expand Down Expand Up @@ -62,28 +64,28 @@ assert.throws(function() {

// Should not work with Infinity key length
assert.throws(function() {
crypto.pbkdf2('password', 'salt', 1, Infinity, assert.fail);
crypto.pbkdf2('password', 'salt', 1, Infinity, 'sha1', assert.fail);
}, function(err) {
return err instanceof Error && err.message === 'Bad key length';
});

// Should not work with negative Infinity key length
assert.throws(function() {
crypto.pbkdf2('password', 'salt', 1, -Infinity, assert.fail);
crypto.pbkdf2('password', 'salt', 1, -Infinity, 'sha1', assert.fail);
}, function(err) {
return err instanceof Error && err.message === 'Bad key length';
});

// Should not work with NaN key length
assert.throws(function() {
crypto.pbkdf2('password', 'salt', 1, NaN, assert.fail);
crypto.pbkdf2('password', 'salt', 1, NaN, 'sha1', assert.fail);
}, function(err) {
return err instanceof Error && err.message === 'Bad key length';
});

// Should not work with negative key length
assert.throws(function() {
crypto.pbkdf2('password', 'salt', 1, -1, assert.fail);
crypto.pbkdf2('password', 'salt', 1, -1, 'sha1', assert.fail);
}, function(err) {
return err instanceof Error && err.message === 'Bad key length';
});
2 changes: 1 addition & 1 deletion test/parallel/test-domain-crypto.js
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,4 @@ crypto.randomBytes(8);
crypto.randomBytes(8, function() {});
crypto.pseudoRandomBytes(8);
crypto.pseudoRandomBytes(8, function() {});
crypto.pbkdf2('password', 'salt', 8, 8, function() {});
crypto.pbkdf2('password', 'salt', 8, 8, 'sha1', function() {});