crypto: remove Argon2 KDF derivation from its job setup · nodejs/node@28a7874
1+// Flags: --expose-internals --no-warnings
2+'use strict';
3+const common = require('../common');
4+if (!common.hasCrypto)
5+common.skip('missing crypto');
6+7+const { hasOpenSSL } = require('../common/crypto');
8+9+if (!hasOpenSSL(3, 2))
10+common.skip('requires OpenSSL >= 3.2');
11+12+// Exercises the native Argon2 job directly via internalBinding, bypassing
13+// the JS validators, to ensure that if invalid parameters ever reach the
14+// native layer they produce a clean error from the KDF rather than crashing,
15+// in both sync and async modes.
16+17+const assert = require('node:assert');
18+const { internalBinding } = require('internal/test/binding');
19+const {
20+ Argon2Job,
21+ kCryptoJobAsync,
22+ kCryptoJobSync,
23+ kTypeArgon2id,
24+} = internalBinding('crypto');
25+26+const pass = Buffer.from('password');
27+const salt = Buffer.alloc(16, 0x02);
28+const empty = Buffer.alloc(0);
29+30+// Parameters that OpenSSL's Argon2 KDF rejects.
31+const badParams = [
32+{ lanes: 0, keylen: 32, memcost: 16, iter: 1 }, // lanes < 1
33+{ lanes: 1, keylen: 32, memcost: 0, iter: 1 }, // memcost == 0
34+{ lanes: 1, keylen: 32, memcost: 16, iter: 0 }, // iter == 0
35+];
36+37+for (const { lanes, keylen, memcost, iter } of badParams) {
38+{
39+const job = new Argon2Job(
40+kCryptoJobSync, pass, salt, lanes, keylen, memcost, iter,
41+empty, empty, kTypeArgon2id);
42+const { 0: err, 1: result } = job.run();
43+assert.ok(err);
44+assert.match(err.message, /Deriving bits failed/);
45+assert.strictEqual(result, undefined);
46+}
47+48+{
49+const job = new Argon2Job(
50+kCryptoJobAsync, pass, salt, lanes, keylen, memcost, iter,
51+empty, empty, kTypeArgon2id);
52+job.ondone = common.mustCall((err, result) => {
53+assert.ok(err);
54+assert.match(err.message, /Deriving bits failed/);
55+assert.strictEqual(result, undefined);
56+});
57+job.run();
58+}
59+}