From 5d69c3ac85fbd20618d9a248aceb97960edd8879 Mon Sep 17 00:00:00 2001
From: Chris Veness <chrisv@movable-type.co.uk>
Date: Wed, 19 Oct 2016 22:37:19 +0100
Subject: [PATCH] Add range check for 'N' parameter

Colin Percival has a 'sanity check' that 0 < logN < 256: see
https://github.com/Tarsnap/scrypt/blob/484dc1fb/lib/scryptenc/scryptenc.c#L206.

Since the 'N' parameter in node-scrypt is the canonical scrypt logN, it is
useful to trap the canonical 'N' being passed as early as possible, and to
report it more helpfully than 'error computing derived key'.

Following this commit, if a call is erroneously made to
    scrypt.kdf('abc', { N: 65536, r: 8, p: 1 })
it will immediately have a RangeError thrown.
---
 index.js              | 4 ++++
 tests/scrypt-tests.js | 8 +++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/index.js b/index.js
index 7b13a79..095eb08 100644
--- a/index.js
+++ b/index.js
@@ -63,6 +63,10 @@ var checkScryptParametersObject = function(params) {
     var error = new TypeError("Scrypt params object 'N' property is not an integer");
   }
 
+  if (!error && !((params.N > 0) && (params.N < 256))) {
+    var error = new RangeError("Scrypt params object 'N' property is out of range");
+  }
+
   if (!error && !params.hasOwnProperty("r")) {
     var error = new TypeError("Scrypt params object does not have 'r' property present");
   }
diff --git a/tests/scrypt-tests.js b/tests/scrypt-tests.js
index 1ca10b7..737b9e9 100644
--- a/tests/scrypt-tests.js
+++ b/tests/scrypt-tests.js
@@ -239,11 +239,17 @@ describe("Scrypt Node Module Tests", function() {
           .to.match(/^TypeError: Key type is incorrect: It can only be of type string or Buffer$/);
       })
 
-      it("Will throw a TypeError if the Scrypt params object is incorrect", function() {
+      it("Will throw a TypeError if the Scrypt params object is missing 'r' property", function() {
         expect(function(){scrypt.kdfSync("password", {N:1, p:1})})
           .to.throw(TypeError)
           .to.match(/^TypeError: Scrypt params object does not have 'r' property present$/);
       })
+
+      it("Will throw a TypeError if the Scrypt params object has 'N' property out of range", function() {
+        expect(function(){scrypt.kdfSync("password", {N:65536, r:1, p:1})})
+          .to.throw(RangeError)
+          .to.match(/^RangeError: Scrypt params object 'N' property is out of range$/);
+      })
     });
 
     describe("Synchronous functionality with correct arguments", function() {