fix: A192CBC-HS384 and A256CBC-HS512 direct encryption key derivation

panva · May 12, 2020 · ead23a7 · ead23a7
1 parent 9270b61
commit ead23a7
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/lib/models/client.js b/lib/models/client.js
@@ -191,7 +191,12 @@ const clientKeyStoreAdditions = {
 };
 
 function deriveKey(secret, length) {
-  const derived = crypto.createHash('sha256')
+  const digest = length <= 32 ? 'sha256' : length <= 48 ? 'sha384' : length <= 64 ? 'sha512' : false; // eslint-disable-line no-nested-ternary
+  /* istanbul ignore if */
+  if (!digest) {
+    throw new Error('unsupported symmetric encryption key derivation');
+  }
+  const derived = crypto.createHash(digest)
     .update(secret)
     .digest()
     .slice(0, length);