crypto: fix webcrypto deriveBits for non-byte lengths

PR-URL: #43431
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Antoine du Hamel <[email protected]>

Author: panva

lib/internal/crypto/diffiehellman.js

@@ -3,7 +3,7 @@
 const {
   ArrayBufferPrototypeSlice,
   FunctionPrototypeCall,
-  MathFloor,
+  MathCeil,
   ObjectDefineProperty,
   Promise,
   SafeSet,
@@ -386,9 +386,9 @@ async function asyncDeriveBitsECDH(algorithm, baseKey, length) {
   if (length === null)
     return bits;
 
-  // If the length is not a multiple of 8, it will be truncated
-  // down to the nearest multiple of 8.
-  length = MathFloor(length / 8);
+  // If the length is not a multiple of 8 the nearest ceiled
+  // multiple of 8 is sliced.
+  length = MathCeil(length / 8);
   const { byteLength } = bits;
 
   // If the length is larger than the derived secret, throw.

test/parallel/test-webcrypto-derivebits-cfrg.js

@@ -133,7 +133,7 @@ async function prepareKeys() {
 
         assert.strictEqual(
           Buffer.from(bits).toString('hex'),
-          result.slice(0, -4));
+          result.slice(0, -2));
       }
     }));
 

test/parallel/test-webcrypto-derivebits-ecdh.js

@@ -154,7 +154,7 @@ async function prepareKeys() {
 
         assert.strictEqual(
           Buffer.from(bits).toString('hex'),
-          result.slice(0, -4));
+          result.slice(0, -2));
       }
     }));