crypto: add SHAKE Web Cryptography digest algorithms · nodejs/node@247d017
@@ -192,6 +192,16 @@ converters.object = (V, opts) => {
192192193193const isNonSharedArrayBuffer = isArrayBuffer;
194194195+function ensureSHA(V, label) {
196+if (
197+typeof V === 'string' ?
198+!V.toLowerCase().startsWith('sha') :
199+V.name?.toLowerCase?.().startsWith('sha') === false
200+)
201+throw lazyDOMException(
202+`Only SHA hashes are supported in ${label}`, 'NotSupportedError');
203+}
204+195205converters.Uint8Array = (V, opts = kEmptyObject) => {
196206if (!ArrayBufferIsView(V) ||
197207TypedArrayPrototypeGetSymbolToStringTag(V) !== 'Uint8Array') {
@@ -393,6 +403,7 @@ converters.RsaHashedKeyGenParams = createDictionaryConverter(
393403{
394404key: 'hash',
395405converter: converters.HashAlgorithmIdentifier,
406+validator: (V, dict) => ensureSHA(V, 'RsaHashedKeyGenParams'),
396407required: true,
397408},
398409]);
@@ -403,6 +414,7 @@ converters.RsaHashedImportParams = createDictionaryConverter(
403414{
404415key: 'hash',
405416converter: converters.HashAlgorithmIdentifier,
417+validator: (V, dict) => ensureSHA(V, 'RsaHashedImportParams'),
406418required: true,
407419},
408420]);
@@ -449,6 +461,7 @@ converters.HmacKeyGenParams = createDictionaryConverter(
449461{
450462key: 'hash',
451463converter: converters.HashAlgorithmIdentifier,
464+validator: (V, dict) => ensureSHA(V, 'HmacKeyGenParams'),
452465required: true,
453466},
454467{
@@ -503,6 +516,7 @@ converters.EcdsaParams = createDictionaryConverter(
503516{
504517key: 'hash',
505518converter: converters.HashAlgorithmIdentifier,
519+validator: (V, dict) => ensureSHA(V, 'EcdsaParams'),
506520required: true,
507521},
508522]);
@@ -513,6 +527,7 @@ converters.HmacImportParams = createDictionaryConverter(
513527{
514528key: 'hash',
515529converter: converters.HashAlgorithmIdentifier,
530+validator: (V, dict) => ensureSHA(V, 'HmacImportParams'),
516531required: true,
517532},
518533{
@@ -573,6 +588,7 @@ converters.HkdfParams = createDictionaryConverter(
573588{
574589key: 'hash',
575590converter: converters.HashAlgorithmIdentifier,
591+validator: (V, dict) => ensureSHA(V, 'HkdfParams'),
576592required: true,
577593},
578594{
@@ -587,12 +603,40 @@ converters.HkdfParams = createDictionaryConverter(
587603},
588604]);
589605606+converters.CShakeParams = createDictionaryConverter(
607+'CShakeParams', [
608+ ...new SafeArrayIterator(dictAlgorithm),
609+{
610+key: 'length',
611+converter: (V, opts) =>
612+converters['unsigned long'](V, { ...opts, enforceRange: true }),
613+validator: (V, opts) => {
614+// The Web Crypto spec allows for SHAKE output length that are not multiples of
615+// 8. We don't.
616+if (V % 8)
617+throw lazyDOMException('Unsupported CShakeParams length', 'NotSupportedError');
618+},
619+required: true,
620+},
621+{
622+key: 'functionName',
623+converter: converters.BufferSource,
624+validator: validateZeroLength('CShakeParams.functionName'),
625+},
626+{
627+key: 'customization',
628+converter: converters.BufferSource,
629+validator: validateZeroLength('CShakeParams.customization'),
630+},
631+]);
632+590633converters.Pbkdf2Params = createDictionaryConverter(
591634'Pbkdf2Params', [
592635 ...new SafeArrayIterator(dictAlgorithm),
593636{
594637key: 'hash',
595638converter: converters.HashAlgorithmIdentifier,
639+validator: (V, dict) => ensureSHA(V, 'Pbkdf2Params'),
596640required: true,
597641},
598642{