HKDF: Expand and DeriveKey throw invalid exceptions when outputLength is negative

[andreimilto]

Methods Expand and DeriveKey of the System.Security.Cryptography.HKDF class throw invalid exceptions when the argument outputLength has negative value.

In this example Expand throws ArgumentOutOfRangeException with the message Output keying material length can be at most 8160 bytes (255 * hash length).:

HKDF.Expand(HashAlgorithmName.SHA256, prk: new byte[32], outputLength: -1);

Instead the exception message should say that outputLength can't be negative (or that it must be positive - depends on whether 0 is considered a valid input).

Here DeriveKey throws OverflowException with the message Arithmetic operation resulted in an overflow.:

HKDF.DeriveKey(HashAlgorithmName.SHA256, ikm: new byte[32], outputLength: -1);

Instead the type of exception should be ArgumentOutOfRangeException and the message should say that the outputLength can't be negative (or that it must be positive - depends on whether 0 is considered a valid input).

Windows 10 x64 Pro, dotnet 5.0.0-preview.8.

Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @jeffhandley
See info in area-owners.md if you want to be subscribed.

[krwq]

It's not blocking release but I think we should fix at least fix OverflowException to correctly throw ArgumentOutOfRangeException for 5.0 (the call if it will be included in 5.0 doesn't belong to me but will make a patch and see what happens)

[bartonjs]

Zero doesn't really make sense, I'm fine with making it throw AOORE.

[jeffhandley]

I did a preemptive bar check on this and determined it won't meet the bar for 5.0.0 (since there are workarounds); moving to 6.0.0. Thanks for reporting this, @andreimilto!

[andreimilto]

You're welcome, @jeffhandley!