fixup! crypto: add TurboSHAKE and KangarooTwelve Web Cryptography algorithms

Author: panva

lib/internal/crypto/webidl.js

@@ -903,8 +903,8 @@ converters.KangarooTwelveParams = createDictionaryConverter(
       converter: (V, opts) =>
         converters['unsigned long'](V, { ...opts, enforceRange: true }),
       validator: (V, opts) => {
-        if (V % 8)
-          throw lazyDOMException('Unsupported KangarooTwelveParams outputLength', 'NotSupportedError');
+        if (V === 0 || V % 8)
+          throw lazyDOMException('Invalid KangarooTwelveParams outputLength', 'OperationError');
       },
       required: true,
     },
@@ -922,8 +922,8 @@ converters.TurboShakeParams = createDictionaryConverter(
       converter: (V, opts) =>
         converters['unsigned long'](V, { ...opts, enforceRange: true }),
       validator: (V, opts) => {
-        if (V % 8)
-          throw lazyDOMException('Unsupported TurboShakeParams outputLength', 'NotSupportedError');
+        if (V === 0 || V % 8)
+          throw lazyDOMException('Invalid TurboShakeParams outputLength', 'OperationError');
       },
       required: true,
     },

src/crypto/crypto_turboshake.cc

@@ -449,6 +449,8 @@ Maybe<void> TurboShakeTraits::AdditionalConfig(
   CHECK(args[offset + 1]->IsUint32());
   params->domain_separation =
       static_cast<uint8_t>(args[offset + 1].As<Uint32>()->Value());
+  CHECK_GE(params->domain_separation, 0x01);
+  CHECK_LE(params->domain_separation, 0x7F);
 
   // args[offset + 2] = output length in bytes (uint32)
   CHECK(args[offset + 2]->IsUint32());
@@ -469,11 +471,7 @@ bool TurboShakeTraits::DeriveBits(Environment* env,
                                   const TurboShakeConfig& params,
                                   ByteSource* out,
                                   CryptoJobMode mode) {
-  if (params.output_length == 0) {
-    *out = ByteSource();
-    return true;
-  }
-
+  CHECK_GT(params.output_length, 0);
   char* buf = MallocOpenSSL<char>(params.output_length);
 
   const uint8_t* input = reinterpret_cast<const uint8_t*>(params.data.data());
@@ -585,11 +583,7 @@ bool KangarooTwelveTraits::DeriveBits(Environment* env,
                                       const KangarooTwelveConfig& params,
                                       ByteSource* out,
                                       CryptoJobMode mode) {
-  if (params.output_length == 0) {
-    *out = ByteSource();
-    return true;
-  }
-
+  CHECK_GT(params.output_length, 0);
   char* buf = MallocOpenSSL<char>(params.output_length);
 
   const uint8_t* input = reinterpret_cast<const uint8_t*>(params.data.data());

test/fixtures/webcrypto/supports-modern-algorithms.mjs

@@ -31,22 +31,26 @@ export const vectors = {
     [false, 'TurboSHAKE128'],
     [true, { name: 'TurboSHAKE128', outputLength: 128 }],
     [true, { name: 'TurboSHAKE128', outputLength: 128, domainSeparation: 0x07 }],
+    [false, { name: 'TurboSHAKE128', outputLength: 0 }],
     [false, { name: 'TurboSHAKE128', outputLength: 127 }],
     [false, { name: 'TurboSHAKE128', outputLength: 128, domainSeparation: 0x00 }],
     [false, { name: 'TurboSHAKE128', outputLength: 128, domainSeparation: 0x80 }],
     [false, 'TurboSHAKE256'],
     [true, { name: 'TurboSHAKE256', outputLength: 256 }],
     [true, { name: 'TurboSHAKE256', outputLength: 256, domainSeparation: 0x07 }],
+    [false, { name: 'TurboSHAKE256', outputLength: 0 }],
     [false, { name: 'TurboSHAKE256', outputLength: 255 }],
     [false, { name: 'TurboSHAKE256', outputLength: 256, domainSeparation: 0x00 }],
     [false, { name: 'TurboSHAKE256', outputLength: 256, domainSeparation: 0x80 }],
     [false, 'KT128'],
     [true, { name: 'KT128', outputLength: 128 }],
     [true, { name: 'KT128', outputLength: 128, customization: Buffer.alloc(0) }],
+    [false, { name: 'KT128', outputLength: 0 }],
     [false, { name: 'KT128', outputLength: 127 }],
     [false, 'KT256'],
     [true, { name: 'KT256', outputLength: 256 }],
     [true, { name: 'KT256', outputLength: 256, customization: Buffer.alloc(0) }],
+    [false, { name: 'KT256', outputLength: 0 }],
     [false, { name: 'KT256', outputLength: 255 }],
   ],
   'sign': [

test/parallel/test-webcrypto-digest-turboshake.js

@@ -98,37 +98,37 @@ async function testDigest(size, alg) {
   await Promise.all(variations);
 })().then(common.mustCall());
 
-// Edge cases: zero-length output
+// Edge cases: zero-length output rejects
 (async () => {
-  assert.deepStrictEqual(
-    new Uint8Array(await subtle.digest(
-      { name: 'TurboSHAKE128', outputLength: 0 },
-      Buffer.alloc(1))),
-    new Uint8Array(0),
-  );
-
-  assert.deepStrictEqual(
-    new Uint8Array(await subtle.digest(
-      { name: 'KT128', outputLength: 0 },
-      Buffer.alloc(1))),
-    new Uint8Array(0),
-  );
+  await assert.rejects(
+    subtle.digest({ name: 'TurboSHAKE128', outputLength: 0 }, Buffer.alloc(1)),
+    {
+      name: 'OperationError',
+      message: 'Invalid TurboShakeParams outputLength',
+    });
+
+  await assert.rejects(
+    subtle.digest({ name: 'KT128', outputLength: 0 }, Buffer.alloc(1)),
+    {
+      name: 'OperationError',
+      message: 'Invalid KangarooTwelveParams outputLength',
+    });
 })().then(common.mustCall());
 
 // Edge case: non-byte-aligned outputLength rejects
 (async () => {
   await assert.rejects(
     subtle.digest({ name: 'TurboSHAKE128', outputLength: 7 }, Buffer.alloc(1)),
     {
-      name: 'NotSupportedError',
-      message: 'Unsupported TurboShakeParams outputLength',
+      name: 'OperationError',
+      message: 'Invalid TurboShakeParams outputLength',
     });
 
   await assert.rejects(
     subtle.digest({ name: 'KT128', outputLength: 7 }, Buffer.alloc(1)),
     {
-      name: 'NotSupportedError',
-      message: 'Unsupported KangarooTwelveParams outputLength',
+      name: 'OperationError',
+      message: 'Invalid KangarooTwelveParams outputLength',
     });
 })().then(common.mustCall());