Title: [270319] trunk/Source/WebCore
Revision
270319
Author
[email protected]
Date
2020-12-01 11:14:00 -0800 (Tue, 01 Dec 2020)

Log Message

Update SFrame transformation implementation according post-commit review
https://bugs.webkit.org/show_bug.cgi?id=218981

Reviewed by Geoffrey Garen.

Add an ASSERT that salt key size is 16 or above so that IV computation is safe.
Move HMAC SHA 256 Cocoa implementation to CryptoUtilitiesCocoa.cpp.
A follow-up patch should move CryptoUtilitiesCocoa.cpp to platform or PAL.

No change of behavior.

* Modules/mediastream/RTCRtpSFrameTransformer.cpp:
(WebCore::RTCRtpSFrameTransformer::setEncryptionKey):
* Modules/mediastream/RTCRtpSFrameTransformerCocoa.cpp:
(WebCore::RTCRtpSFrameTransformer::computeEncryptedDataSignature):
* crypto/mac/CryptoAlgorithmHMACMac.cpp:
(WebCore::CryptoAlgorithmHMAC::platformSign):
(WebCore::CryptoAlgorithmHMAC::platformVerify):
(WebCore::calculateSignature): Deleted.
* crypto/mac/CryptoUtilitiesCocoa.cpp:
(WebCore::calculateHMACSignature):
(WebCore::calculateSHA256Signature):
* crypto/mac/CryptoUtilitiesCocoa.h:

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (270318 => 270319)


--- trunk/Source/WebCore/ChangeLog	2020-12-01 19:08:41 UTC (rev 270318)
+++ trunk/Source/WebCore/ChangeLog	2020-12-01 19:14:00 UTC (rev 270319)
@@ -1,3 +1,29 @@
+2020-12-01  Youenn Fablet  <[email protected]>
+
+        Update SFrame transformation implementation according post-commit review
+        https://bugs.webkit.org/show_bug.cgi?id=218981
+
+        Reviewed by Geoffrey Garen.
+
+        Add an ASSERT that salt key size is 16 or above so that IV computation is safe.
+        Move HMAC SHA 256 Cocoa implementation to CryptoUtilitiesCocoa.cpp.
+        A follow-up patch should move CryptoUtilitiesCocoa.cpp to platform or PAL.
+
+        No change of behavior.
+
+        * Modules/mediastream/RTCRtpSFrameTransformer.cpp:
+        (WebCore::RTCRtpSFrameTransformer::setEncryptionKey):
+        * Modules/mediastream/RTCRtpSFrameTransformerCocoa.cpp:
+        (WebCore::RTCRtpSFrameTransformer::computeEncryptedDataSignature):
+        * crypto/mac/CryptoAlgorithmHMACMac.cpp:
+        (WebCore::CryptoAlgorithmHMAC::platformSign):
+        (WebCore::CryptoAlgorithmHMAC::platformVerify):
+        (WebCore::calculateSignature): Deleted.
+        * crypto/mac/CryptoUtilitiesCocoa.cpp:
+        (WebCore::calculateHMACSignature):
+        (WebCore::calculateSHA256Signature):
+        * crypto/mac/CryptoUtilitiesCocoa.h:
+
 2020-12-01  Lauro Moura  <[email protected]>
 
         Unreviewed. Fix the reaches end of non-void function warning since r270294.

Modified: trunk/Source/WebCore/Modules/mediastream/RTCRtpSFrameTransformer.cpp (270318 => 270319)


--- trunk/Source/WebCore/Modules/mediastream/RTCRtpSFrameTransformer.cpp	2020-12-01 19:08:41 UTC (rev 270318)
+++ trunk/Source/WebCore/Modules/mediastream/RTCRtpSFrameTransformer.cpp	2020-12-01 19:14:00 UTC (rev 270319)
@@ -150,6 +150,8 @@
     if (saltKeyResult.hasException())
         return saltKeyResult.releaseException();
 
+    ASSERT(saltKeyResult.returnValue().size() >= 16);
+
     auto authenticationKeyResult = computeAuthenticationKey(rawKey);
     if (authenticationKeyResult.hasException())
         return authenticationKeyResult.releaseException();

Modified: trunk/Source/WebCore/Modules/mediastream/RTCRtpSFrameTransformerCocoa.cpp (270318 => 270319)


--- trunk/Source/WebCore/Modules/mediastream/RTCRtpSFrameTransformerCocoa.cpp	2020-12-01 19:08:41 UTC (rev 270318)
+++ trunk/Source/WebCore/Modules/mediastream/RTCRtpSFrameTransformerCocoa.cpp	2020-12-01 19:14:00 UTC (rev 270319)
@@ -63,9 +63,7 @@
 
 Vector<uint8_t> RTCRtpSFrameTransformer::computeEncryptedDataSignature(const uint8_t* data, size_t size, const Vector<uint8_t>& key)
 {
-    Vector<uint8_t> result(CC_SHA256_DIGEST_LENGTH);
-    CCHmac(kCCHmacAlgSHA256, key.data(), key.size(), data, size, result.data());
-    return result;
+    return calculateSHA256Signature(key, data, size);
 }
 
 void RTCRtpSFrameTransformer::updateAuthenticationSize()

Modified: trunk/Source/WebCore/crypto/mac/CryptoAlgorithmHMACMac.cpp (270318 => 270319)


--- trunk/Source/WebCore/crypto/mac/CryptoAlgorithmHMACMac.cpp	2020-12-01 19:08:41 UTC (rev 270318)
+++ trunk/Source/WebCore/crypto/mac/CryptoAlgorithmHMACMac.cpp	2020-12-01 19:14:00 UTC (rev 270319)
@@ -29,6 +29,7 @@
 #if ENABLE(WEB_CRYPTO)
 
 #include "CryptoKeyHMAC.h"
+#include "CryptoUtilitiesCocoa.h"
 #include <CommonCrypto/CommonHMAC.h>
 #include <wtf/CryptographicUtilities.h>
 
@@ -52,35 +53,6 @@
     }
 }
 
-static Vector<uint8_t> calculateSignature(CCHmacAlgorithm algorithm, const Vector<uint8_t>& key, const Vector<uint8_t>& data)
-{
-    size_t digestLength;
-    switch (algorithm) {
-    case kCCHmacAlgSHA1:
-        digestLength = CC_SHA1_DIGEST_LENGTH;
-        break;
-    case kCCHmacAlgSHA224:
-        digestLength = CC_SHA224_DIGEST_LENGTH;
-        break;
-    case kCCHmacAlgSHA256:
-        digestLength = CC_SHA256_DIGEST_LENGTH;
-        break;
-    case kCCHmacAlgSHA384:
-        digestLength = CC_SHA384_DIGEST_LENGTH;
-        break;
-    case kCCHmacAlgSHA512:
-        digestLength = CC_SHA512_DIGEST_LENGTH;
-        break;
-    default:
-        ASSERT_NOT_REACHED();
-        return Vector<uint8_t>();
-    }
-
-    Vector<uint8_t> result(digestLength);
-    CCHmac(algorithm, key.data(), key.size(), data.data(), data.size(), result.data());
-    return result;
-}
-
 ExceptionOr<Vector<uint8_t>> CryptoAlgorithmHMAC::platformSign(const CryptoKeyHMAC& key, const Vector<uint8_t>& data)
 {
     auto algorithm = commonCryptoHMACAlgorithm(key.hashAlgorithmIdentifier());
@@ -87,7 +59,7 @@
     if (!algorithm)
         return Exception { OperationError };
 
-    return calculateSignature(*algorithm, key.key(), data);
+    return calculateHMACSignature(*algorithm, key.key(), data.data(), data.size());
 }
 
 ExceptionOr<bool> CryptoAlgorithmHMAC::platformVerify(const CryptoKeyHMAC& key, const Vector<uint8_t>& signature, const Vector<uint8_t>& data)
@@ -96,7 +68,7 @@
     if (!algorithm)
         return Exception { OperationError };
 
-    auto expectedSignature = calculateSignature(*algorithm, key.key(), data);
+    auto expectedSignature = calculateHMACSignature(*algorithm, key.key(), data.data(), data.size());
     // Using a constant time comparison to prevent timing attacks.
     return signature.size() == expectedSignature.size() && !constantTimeMemcmp(expectedSignature.data(), signature.data(), expectedSignature.size());
 }

Modified: trunk/Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.cpp (270318 => 270319)


--- trunk/Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.cpp	2020-12-01 19:08:41 UTC (rev 270318)
+++ trunk/Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.cpp	2020-12-01 19:14:00 UTC (rev 270319)
@@ -130,6 +130,40 @@
     return deriveHDKFBits(kCCDigestSHA256, key, keySize, salt, saltSize, info, infoSize, length);
 }
 
+Vector<uint8_t> calculateHMACSignature(CCHmacAlgorithm algorithm, const Vector<uint8_t>& key, const uint8_t* data, size_t size)
+{
+    size_t digestLength;
+    switch (algorithm) {
+    case kCCHmacAlgSHA1:
+        digestLength = CC_SHA1_DIGEST_LENGTH;
+        break;
+    case kCCHmacAlgSHA224:
+        digestLength = CC_SHA224_DIGEST_LENGTH;
+        break;
+    case kCCHmacAlgSHA256:
+        digestLength = CC_SHA256_DIGEST_LENGTH;
+        break;
+    case kCCHmacAlgSHA384:
+        digestLength = CC_SHA384_DIGEST_LENGTH;
+        break;
+    case kCCHmacAlgSHA512:
+        digestLength = CC_SHA512_DIGEST_LENGTH;
+        break;
+    default:
+        ASSERT_NOT_REACHED();
+        return Vector<uint8_t>();
+    }
+
+    Vector<uint8_t> result(digestLength);
+    CCHmac(algorithm, key.data(), key.size(), data, size, result.data());
+    return result;
+}
+
+Vector<uint8_t> calculateSHA256Signature(const Vector<uint8_t>& key, const uint8_t* data, size_t size)
+{
+    return calculateHMACSignature(kCCHmacAlgSHA256, key, data, size);
+}
+
 } // namespace WebCore
 
 #endif // ENABLE(WEB_CRYPTO)

Modified: trunk/Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.h (270318 => 270319)


--- trunk/Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.h	2020-12-01 19:08:41 UTC (rev 270318)
+++ trunk/Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.h	2020-12-01 19:14:00 UTC (rev 270319)
@@ -31,6 +31,7 @@
 #include <wtf/Vector.h>
 
 typedef uint32_t CCDigestAlgorithm;
+typedef uint32_t CCHmacAlgorithm;
 typedef uint32_t CCOperation;
 
 namespace WebCore {
@@ -38,6 +39,8 @@
 ExceptionOr<Vector<uint8_t>> transformAES_CTR(CCOperation, const Vector<uint8_t>& counter, size_t counterLength, const Vector<uint8_t>& key, const uint8_t* data, size_t dataSize);
 ExceptionOr<Vector<uint8_t>> deriveHDKFBits(CCDigestAlgorithm, const uint8_t* key, size_t keySize, const uint8_t* salt, size_t saltSize, const uint8_t* info, size_t infoSize, size_t length);
 ExceptionOr<Vector<uint8_t>> deriveHDKFSHA256Bits(const uint8_t* key, size_t keySize, const uint8_t* salt, size_t saltSize, const uint8_t* info, size_t infoSize, size_t length);
+Vector<uint8_t> calculateHMACSignature(CCHmacAlgorithm, const Vector<uint8_t>& key, const uint8_t* data, size_t);
+Vector<uint8_t> calculateSHA256Signature(const Vector<uint8_t>& key, const uint8_t* data, size_t);
 
 } // namespace WebCore
 
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to