Commit 2cf24dad authored by ap@apple.com's avatar ap@apple.com

WebCrypto HMAC doesn't check key algorithm's hash

https://bugs.webkit.org/show_bug.cgi?id=125114

Reviewed by Anders Carlsson.

Source/WebCore: 

Test: crypto/subtle/hmac-check-algorithm.html

* crypto/algorithms/CryptoAlgorithmHMAC.cpp:
(WebCore::CryptoAlgorithmHMAC::keyAlgorithmMatches): Check it.

LayoutTests: 

* crypto/subtle/hmac-check-algorithm-expected.txt: Added.
* crypto/subtle/hmac-check-algorithm.html: Added.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159975 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 08fec9a9
2013-12-02 Alexey Proskuryakov <ap@apple.com>
WebCrypto HMAC doesn't check key algorithm's hash
https://bugs.webkit.org/show_bug.cgi?id=125114
Reviewed by Anders Carlsson.
* crypto/subtle/hmac-check-algorithm-expected.txt: Added.
* crypto/subtle/hmac-check-algorithm.html: Added.
2013-12-02 Zoltan Horvath <zoltan@webkit.org>
[CSS Shapes] Support inset parsing
......
Test that HMAC operations only work when hash functions match between invocation and key.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
Importing a raw HMAC SHA-1 key from string literal...
PASS crypto.subtle.sign({name: 'hmac', hash: {name: 'sha-256'}}, key, asciiToUint8Array('foo')) threw exception Error: NotSupportedError: DOM Exception 9.
PASS crypto.subtle.verify({name: 'hmac', hash: {name: 'sha-256'}}, key, asciiToUint8Array('fake signature'), asciiToUint8Array('foo')) threw exception Error: NotSupportedError: DOM Exception 9.
PASS successfullyParsed is true
TEST COMPLETE
<!DOCTYPE html>
<html>
<head>
<script src="../../resources/js-test-pre.js"></script>
<script src="resources/common.js"></script>
</head>
<body>
<p id="description"></p>
<div id="console"></div>
<script>
description("Test that HMAC operations only work when hash functions match between invocation and key.");
jsTestIsAsync = true;
var hmacKey = asciiToUint8Array('a');
var extractable = true;
debug("Importing a raw HMAC SHA-1 key from string literal...");
crypto.subtle.importKey("raw", hmacKey, {name: 'hmac', hash: {name: 'sha-1'}}, extractable, ["sign", "verify"]).then(function(result) {
debug("Done");
key = result;
shouldNotThrow("crypto.subtle.sign({name: 'hmac', hash: {name: 'sha-1'}}, key, asciiToUint8Array('foo'))");
shouldThrow("crypto.subtle.sign({name: 'hmac', hash: {name: 'sha-256'}}, key, asciiToUint8Array('foo'))");
shouldNotThrow("crypto.subtle.verify({name: 'hmac', hash: {name: 'sha-1'}}, key, asciiToUint8Array('fake signature'), asciiToUint8Array('foo'))");
shouldThrow("crypto.subtle.verify({name: 'hmac', hash: {name: 'sha-256'}}, key, asciiToUint8Array('fake signature'), asciiToUint8Array('foo'))");
finishJSTest();
});
</script>
<script src="../../resources/js-test-post.js"></script>
</body>
</html>
2013-12-02 Alexey Proskuryakov <ap@apple.com>
WebCrypto HMAC doesn't check key algorithm's hash
https://bugs.webkit.org/show_bug.cgi?id=125114
Reviewed by Anders Carlsson.
Test: crypto/subtle/hmac-check-algorithm.html
* crypto/algorithms/CryptoAlgorithmHMAC.cpp:
(WebCore::CryptoAlgorithmHMAC::keyAlgorithmMatches): Check it.
2013-12-02 Brady Eidson <beidson@apple.com>
Possible crash in ProgressTracker::progressHeartbeatTimerFired(Timer<ProgressTracker>*)
......@@ -56,12 +56,15 @@ CryptoAlgorithmIdentifier CryptoAlgorithmHMAC::identifier() const
return s_identifier;
}
bool CryptoAlgorithmHMAC::keyAlgorithmMatches(const CryptoAlgorithmHmacParams&, const CryptoKey& key) const
bool CryptoAlgorithmHMAC::keyAlgorithmMatches(const CryptoAlgorithmHmacParams& parameters, const CryptoKey& key) const
{
if (key.algorithmIdentifier() != s_identifier)
return false;
ASSERT(isCryptoKeyHMAC(key));
if (toCryptoKeyHMAC(key).hashAlgorithmIdentifier() != parameters.hash)
return false;
return true;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment