Diff
Modified: trunk/Source/WebCore/ChangeLog (270318 => 270319)
--- trunk/Source/WebCore/ChangeLog 2020-12-01 19:08:41 UTC (rev 270318)
+++ trunk/Source/WebCore/ChangeLog 2020-12-01 19:14:00 UTC (rev 270319)
@@ -1,3 +1,29 @@
+2020-12-01 Youenn Fablet <[email protected]>
+
+ Update SFrame transformation implementation according post-commit review
+ https://bugs.webkit.org/show_bug.cgi?id=218981
+
+ Reviewed by Geoffrey Garen.
+
+ Add an ASSERT that salt key size is 16 or above so that IV computation is safe.
+ Move HMAC SHA 256 Cocoa implementation to CryptoUtilitiesCocoa.cpp.
+ A follow-up patch should move CryptoUtilitiesCocoa.cpp to platform or PAL.
+
+ No change of behavior.
+
+ * Modules/mediastream/RTCRtpSFrameTransformer.cpp:
+ (WebCore::RTCRtpSFrameTransformer::setEncryptionKey):
+ * Modules/mediastream/RTCRtpSFrameTransformerCocoa.cpp:
+ (WebCore::RTCRtpSFrameTransformer::computeEncryptedDataSignature):
+ * crypto/mac/CryptoAlgorithmHMACMac.cpp:
+ (WebCore::CryptoAlgorithmHMAC::platformSign):
+ (WebCore::CryptoAlgorithmHMAC::platformVerify):
+ (WebCore::calculateSignature): Deleted.
+ * crypto/mac/CryptoUtilitiesCocoa.cpp:
+ (WebCore::calculateHMACSignature):
+ (WebCore::calculateSHA256Signature):
+ * crypto/mac/CryptoUtilitiesCocoa.h:
+
2020-12-01 Lauro Moura <[email protected]>
Unreviewed. Fix the reaches end of non-void function warning since r270294.
Modified: trunk/Source/WebCore/Modules/mediastream/RTCRtpSFrameTransformer.cpp (270318 => 270319)
--- trunk/Source/WebCore/Modules/mediastream/RTCRtpSFrameTransformer.cpp 2020-12-01 19:08:41 UTC (rev 270318)
+++ trunk/Source/WebCore/Modules/mediastream/RTCRtpSFrameTransformer.cpp 2020-12-01 19:14:00 UTC (rev 270319)
@@ -150,6 +150,8 @@
if (saltKeyResult.hasException())
return saltKeyResult.releaseException();
+ ASSERT(saltKeyResult.returnValue().size() >= 16);
+
auto authenticationKeyResult = computeAuthenticationKey(rawKey);
if (authenticationKeyResult.hasException())
return authenticationKeyResult.releaseException();
Modified: trunk/Source/WebCore/Modules/mediastream/RTCRtpSFrameTransformerCocoa.cpp (270318 => 270319)
--- trunk/Source/WebCore/Modules/mediastream/RTCRtpSFrameTransformerCocoa.cpp 2020-12-01 19:08:41 UTC (rev 270318)
+++ trunk/Source/WebCore/Modules/mediastream/RTCRtpSFrameTransformerCocoa.cpp 2020-12-01 19:14:00 UTC (rev 270319)
@@ -63,9 +63,7 @@
Vector<uint8_t> RTCRtpSFrameTransformer::computeEncryptedDataSignature(const uint8_t* data, size_t size, const Vector<uint8_t>& key)
{
- Vector<uint8_t> result(CC_SHA256_DIGEST_LENGTH);
- CCHmac(kCCHmacAlgSHA256, key.data(), key.size(), data, size, result.data());
- return result;
+ return calculateSHA256Signature(key, data, size);
}
void RTCRtpSFrameTransformer::updateAuthenticationSize()
Modified: trunk/Source/WebCore/crypto/mac/CryptoAlgorithmHMACMac.cpp (270318 => 270319)
--- trunk/Source/WebCore/crypto/mac/CryptoAlgorithmHMACMac.cpp 2020-12-01 19:08:41 UTC (rev 270318)
+++ trunk/Source/WebCore/crypto/mac/CryptoAlgorithmHMACMac.cpp 2020-12-01 19:14:00 UTC (rev 270319)
@@ -29,6 +29,7 @@
#if ENABLE(WEB_CRYPTO)
#include "CryptoKeyHMAC.h"
+#include "CryptoUtilitiesCocoa.h"
#include <CommonCrypto/CommonHMAC.h>
#include <wtf/CryptographicUtilities.h>
@@ -52,35 +53,6 @@
}
}
-static Vector<uint8_t> calculateSignature(CCHmacAlgorithm algorithm, const Vector<uint8_t>& key, const Vector<uint8_t>& data)
-{
- size_t digestLength;
- switch (algorithm) {
- case kCCHmacAlgSHA1:
- digestLength = CC_SHA1_DIGEST_LENGTH;
- break;
- case kCCHmacAlgSHA224:
- digestLength = CC_SHA224_DIGEST_LENGTH;
- break;
- case kCCHmacAlgSHA256:
- digestLength = CC_SHA256_DIGEST_LENGTH;
- break;
- case kCCHmacAlgSHA384:
- digestLength = CC_SHA384_DIGEST_LENGTH;
- break;
- case kCCHmacAlgSHA512:
- digestLength = CC_SHA512_DIGEST_LENGTH;
- break;
- default:
- ASSERT_NOT_REACHED();
- return Vector<uint8_t>();
- }
-
- Vector<uint8_t> result(digestLength);
- CCHmac(algorithm, key.data(), key.size(), data.data(), data.size(), result.data());
- return result;
-}
-
ExceptionOr<Vector<uint8_t>> CryptoAlgorithmHMAC::platformSign(const CryptoKeyHMAC& key, const Vector<uint8_t>& data)
{
auto algorithm = commonCryptoHMACAlgorithm(key.hashAlgorithmIdentifier());
@@ -87,7 +59,7 @@
if (!algorithm)
return Exception { OperationError };
- return calculateSignature(*algorithm, key.key(), data);
+ return calculateHMACSignature(*algorithm, key.key(), data.data(), data.size());
}
ExceptionOr<bool> CryptoAlgorithmHMAC::platformVerify(const CryptoKeyHMAC& key, const Vector<uint8_t>& signature, const Vector<uint8_t>& data)
@@ -96,7 +68,7 @@
if (!algorithm)
return Exception { OperationError };
- auto expectedSignature = calculateSignature(*algorithm, key.key(), data);
+ auto expectedSignature = calculateHMACSignature(*algorithm, key.key(), data.data(), data.size());
// Using a constant time comparison to prevent timing attacks.
return signature.size() == expectedSignature.size() && !constantTimeMemcmp(expectedSignature.data(), signature.data(), expectedSignature.size());
}
Modified: trunk/Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.cpp (270318 => 270319)
--- trunk/Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.cpp 2020-12-01 19:08:41 UTC (rev 270318)
+++ trunk/Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.cpp 2020-12-01 19:14:00 UTC (rev 270319)
@@ -130,6 +130,40 @@
return deriveHDKFBits(kCCDigestSHA256, key, keySize, salt, saltSize, info, infoSize, length);
}
+Vector<uint8_t> calculateHMACSignature(CCHmacAlgorithm algorithm, const Vector<uint8_t>& key, const uint8_t* data, size_t size)
+{
+ size_t digestLength;
+ switch (algorithm) {
+ case kCCHmacAlgSHA1:
+ digestLength = CC_SHA1_DIGEST_LENGTH;
+ break;
+ case kCCHmacAlgSHA224:
+ digestLength = CC_SHA224_DIGEST_LENGTH;
+ break;
+ case kCCHmacAlgSHA256:
+ digestLength = CC_SHA256_DIGEST_LENGTH;
+ break;
+ case kCCHmacAlgSHA384:
+ digestLength = CC_SHA384_DIGEST_LENGTH;
+ break;
+ case kCCHmacAlgSHA512:
+ digestLength = CC_SHA512_DIGEST_LENGTH;
+ break;
+ default:
+ ASSERT_NOT_REACHED();
+ return Vector<uint8_t>();
+ }
+
+ Vector<uint8_t> result(digestLength);
+ CCHmac(algorithm, key.data(), key.size(), data, size, result.data());
+ return result;
+}
+
+Vector<uint8_t> calculateSHA256Signature(const Vector<uint8_t>& key, const uint8_t* data, size_t size)
+{
+ return calculateHMACSignature(kCCHmacAlgSHA256, key, data, size);
+}
+
} // namespace WebCore
#endif // ENABLE(WEB_CRYPTO)
Modified: trunk/Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.h (270318 => 270319)
--- trunk/Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.h 2020-12-01 19:08:41 UTC (rev 270318)
+++ trunk/Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.h 2020-12-01 19:14:00 UTC (rev 270319)
@@ -31,6 +31,7 @@
#include <wtf/Vector.h>
typedef uint32_t CCDigestAlgorithm;
+typedef uint32_t CCHmacAlgorithm;
typedef uint32_t CCOperation;
namespace WebCore {
@@ -38,6 +39,8 @@
ExceptionOr<Vector<uint8_t>> transformAES_CTR(CCOperation, const Vector<uint8_t>& counter, size_t counterLength, const Vector<uint8_t>& key, const uint8_t* data, size_t dataSize);
ExceptionOr<Vector<uint8_t>> deriveHDKFBits(CCDigestAlgorithm, const uint8_t* key, size_t keySize, const uint8_t* salt, size_t saltSize, const uint8_t* info, size_t infoSize, size_t length);
ExceptionOr<Vector<uint8_t>> deriveHDKFSHA256Bits(const uint8_t* key, size_t keySize, const uint8_t* salt, size_t saltSize, const uint8_t* info, size_t infoSize, size_t length);
+Vector<uint8_t> calculateHMACSignature(CCHmacAlgorithm, const Vector<uint8_t>& key, const uint8_t* data, size_t);
+Vector<uint8_t> calculateSHA256Signature(const Vector<uint8_t>& key, const uint8_t* data, size_t);
} // namespace WebCore
