fix: A192CBC-HS384 and A256CBC-HS512 direct encryption key derivation

Author: panva

lib/models/client.js

@@ -191,7 +191,12 @@ const clientKeyStoreAdditions = {
 };
 
 function deriveKey(secret, length) {
-  const derived = crypto.createHash('sha256')
+  const digest = length <= 32 ? 'sha256' : length <= 48 ? 'sha384' : length <= 64 ? 'sha512' : false; // eslint-disable-line no-nested-ternary
+  /* istanbul ignore if */
+  if (!digest) {
+    throw new Error('unsupported symmetric encryption key derivation');
+  }
+  const derived = crypto.createHash(digest)
     .update(secret)
     .digest()
     .slice(0, length);