2 files changed, 204 insertions, 0 deletions

diff --git a/cli/tests/node_compat/config.json b/cli/tests/node_compat/config.json
index e314c1958..fc9a8d131 100644
--- a/cli/tests/node_compat/config.json
+++ b/cli/tests/node_compat/config.json
@@ -228,6 +228,7 @@
       "test-console-sync-write-error.js",
       "test-console-table.js",
       "test-console-tty-colors.js",
+      "test-crypto-hkdf.js",
       "test-crypto-hmac.js",
       "test-crypto-prime.js",
       "test-crypto-secret-keygen.js",
diff --git a/cli/tests/node_compat/test/parallel/test-crypto-hkdf.js b/cli/tests/node_compat/test/parallel/test-crypto-hkdf.js
new file mode 100644
index 000000000..b5b35e3ce
--- /dev/null
+++ b/cli/tests/node_compat/test/parallel/test-crypto-hkdf.js
@@ -0,0 +1,203 @@
+// deno-fmt-ignore-file
+// deno-lint-ignore-file
+
+// Copyright Joyent and Node contributors. All rights reserved. MIT license.
+
+'use strict';
+
+const common = require('../common');
+
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const { kMaxLength } = require('buffer');
+const assert = require('assert');
+const {
+  createSecretKey,
+  hkdf,
+  hkdfSync
+} = require('crypto');
+
+{
+  assert.throws(() => hkdf(), {
+    code: 'ERR_INVALID_ARG_TYPE',
+    message: /The "digest" argument must be of type string/
+  });
+
+  [1, {}, [], false, Infinity].forEach((i) => {
+    assert.throws(() => hkdf(i, 'a'), {
+      code: 'ERR_INVALID_ARG_TYPE',
+      message: /^The "digest" argument must be of type string/
+    });
+    assert.throws(() => hkdfSync(i, 'a'), {
+      code: 'ERR_INVALID_ARG_TYPE',
+      message: /^The "digest" argument must be of type string/
+    });
+  });
+
+  [1, {}, [], false, Infinity].forEach((i) => {
+    assert.throws(() => hkdf('sha256', i), {
+      code: 'ERR_INVALID_ARG_TYPE',
+      message: /^The "ikm" argument must be /
+    });
+    assert.throws(() => hkdfSync('sha256', i), {
+      code: 'ERR_INVALID_ARG_TYPE',
+      message: /^The "ikm" argument must be /
+    });
+  });
+
+  [1, {}, [], false, Infinity].forEach((i) => {
+    assert.throws(() => hkdf('sha256', 'secret', i), {
+      code: 'ERR_INVALID_ARG_TYPE',
+      message: /^The "salt" argument must be /
+    });
+    assert.throws(() => hkdfSync('sha256', 'secret', i), {
+      code: 'ERR_INVALID_ARG_TYPE',
+      message: /^The "salt" argument must be /
+    });
+  });
+
+  [1, {}, [], false, Infinity].forEach((i) => {
+    assert.throws(() => hkdf('sha256', 'secret', 'salt', i), {
+      code: 'ERR_INVALID_ARG_TYPE',
+      message: /^The "info" argument must be /
+    });
+    assert.throws(() => hkdfSync('sha256', 'secret', 'salt', i), {
+      code: 'ERR_INVALID_ARG_TYPE',
+      message: /^The "info" argument must be /
+    });
+  });
+
+  ['test', {}, [], false].forEach((i) => {
+    assert.throws(() => hkdf('sha256', 'secret', 'salt', 'info', i), {
+      code: 'ERR_INVALID_ARG_TYPE',
+      message: /^The "length" argument must be of type number/
+    });
+    assert.throws(() => hkdfSync('sha256', 'secret', 'salt', 'info', i), {
+      code: 'ERR_INVALID_ARG_TYPE',
+      message: /^The "length" argument must be of type number/
+    });
+  });
+
+  assert.throws(() => hkdf('sha256', 'secret', 'salt', 'info', -1), {
+    code: 'ERR_OUT_OF_RANGE'
+  });
+  assert.throws(() => hkdfSync('sha256', 'secret', 'salt', 'info', -1), {
+    code: 'ERR_OUT_OF_RANGE'
+  });
+  assert.throws(() => hkdf('sha256', 'secret', 'salt', 'info',
+                           kMaxLength + 1), {
+    code: 'ERR_OUT_OF_RANGE'
+  });
+  assert.throws(() => hkdfSync('sha256', 'secret', 'salt', 'info',
+                               kMaxLength + 1), {
+    code: 'ERR_OUT_OF_RANGE'
+  });
+
+  assert.throws(() => hkdfSync('unknown', 'a', '', '', 10), {
+    code: 'ERR_CRYPTO_INVALID_DIGEST'
+  });
+
+  assert.throws(() => hkdf('unknown', 'a', '', Buffer.alloc(1025), 10,
+                           common.mustNotCall()), {
+    code: 'ERR_OUT_OF_RANGE'
+  });
+
+  assert.throws(() => hkdfSync('unknown', 'a', '', Buffer.alloc(1025), 10), {
+    code: 'ERR_OUT_OF_RANGE'
+  });
+}
+
+const algorithms = [
+  ['sha256', 'secret', 'salt', 'info', 10],
+  ['sha256', '', '', '', 10],
+  ['sha256', '', 'salt', '', 10],
+  ['sha512', 'secret', 'salt', '', 15],
+];
+
+algorithms.forEach(([ hash, secret, salt, info, length ]) => {
+  {
+    const syncResult = hkdfSync(hash, secret, salt, info, length);
+    assert(syncResult instanceof ArrayBuffer);
+    let is_async = false;
+    hkdf(hash, secret, salt, info, length,
+         common.mustSucceed((asyncResult) => {
+           assert(is_async);
+           assert(asyncResult instanceof ArrayBuffer);
+           assert.deepStrictEqual(syncResult, asyncResult);
+         }));
+    // Keep this after the hkdf call above. This verifies
+    // that the callback is invoked asynchronously.
+    is_async = true;
+  }
+
+  {
+    const buf_secret = Buffer.from(secret);
+    const buf_salt = Buffer.from(salt);
+    const buf_info = Buffer.from(info);
+
+    const syncResult = hkdfSync(hash, buf_secret, buf_salt, buf_info, length);
+    hkdf(hash, buf_secret, buf_salt, buf_info, length,
+         common.mustSucceed((asyncResult) => {
+           assert.deepStrictEqual(syncResult, asyncResult);
+         }));
+  }
+
+  {
+    const key_secret = createSecretKey(Buffer.from(secret));
+    const buf_salt = Buffer.from(salt);
+    const buf_info = Buffer.from(info);
+
+    const syncResult = hkdfSync(hash, key_secret, buf_salt, buf_info, length);
+    hkdf(hash, key_secret, buf_salt, buf_info, length,
+         common.mustSucceed((asyncResult) => {
+           assert.deepStrictEqual(syncResult, asyncResult);
+         }));
+  }
+
+  {
+    const ta_secret = new Uint8Array(Buffer.from(secret));
+    const ta_salt = new Uint16Array(Buffer.from(salt));
+    const ta_info = new Uint32Array(Buffer.from(info));
+
+    const syncResult = hkdfSync(hash, ta_secret, ta_salt, ta_info, length);
+    hkdf(hash, ta_secret, ta_salt, ta_info, length,
+         common.mustSucceed((asyncResult) => {
+           assert.deepStrictEqual(syncResult, asyncResult);
+         }));
+  }
+
+  {
+    const ta_secret = new Uint8Array(Buffer.from(secret));
+    const ta_salt = new Uint16Array(Buffer.from(salt));
+    const ta_info = new Uint32Array(Buffer.from(info));
+
+    const syncResult = hkdfSync(
+      hash,
+      ta_secret.buffer,
+      ta_salt.buffer,
+      ta_info.buffer,
+      length);
+    hkdf(hash, ta_secret, ta_salt, ta_info, length,
+         common.mustSucceed((asyncResult) => {
+           assert.deepStrictEqual(syncResult, asyncResult);
+         }));
+  }
+
+  {
+    const ta_secret = new Uint8Array(Buffer.from(secret));
+    const sa_salt = new ArrayBuffer(0);
+    const sa_info = new ArrayBuffer(1);
+
+    const syncResult = hkdfSync(
+      hash,
+      ta_secret.buffer,
+      sa_salt,
+      sa_info,
+      length);
+    hkdf(hash, ta_secret, sa_salt, sa_info, length,
+         common.mustSucceed((asyncResult) => {
+           assert.deepStrictEqual(syncResult, asyncResult);
+         }));
+  }
+});