Diff
Modified: trunk/LayoutTests/ChangeLog (159974 => 159975)
--- trunk/LayoutTests/ChangeLog 2013-12-02 23:30:53 UTC (rev 159974)
+++ trunk/LayoutTests/ChangeLog 2013-12-02 23:43:01 UTC (rev 159975)
@@ -1,3 +1,13 @@
+2013-12-02 Alexey Proskuryakov <[email protected]>
+
+ WebCrypto HMAC doesn't check key algorithm's hash
+ https://bugs.webkit.org/show_bug.cgi?id=125114
+
+ Reviewed by Anders Carlsson.
+
+ * crypto/subtle/hmac-check-algorithm-expected.txt: Added.
+ * crypto/subtle/hmac-check-algorithm.html: Added.
+
2013-12-02 Zoltan Horvath <[email protected]>
[CSS Shapes] Support inset parsing
Added: trunk/LayoutTests/crypto/subtle/hmac-check-algorithm-expected.txt (0 => 159975)
--- trunk/LayoutTests/crypto/subtle/hmac-check-algorithm-expected.txt (rev 0)
+++ trunk/LayoutTests/crypto/subtle/hmac-check-algorithm-expected.txt 2013-12-02 23:43:01 UTC (rev 159975)
@@ -0,0 +1,12 @@
+Test that HMAC operations only work when hash functions match between invocation and key.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+Importing a raw HMAC SHA-1 key from string literal...
+PASS crypto.subtle.sign({name: 'hmac', hash: {name: 'sha-256'}}, key, asciiToUint8Array('foo')) threw exception Error: NotSupportedError: DOM Exception 9.
+PASS crypto.subtle.verify({name: 'hmac', hash: {name: 'sha-256'}}, key, asciiToUint8Array('fake signature'), asciiToUint8Array('foo')) threw exception Error: NotSupportedError: DOM Exception 9.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Property changes on: trunk/LayoutTests/crypto/subtle/hmac-check-algorithm-expected.txt
___________________________________________________________________
Added: svn:mime-type
Added: svn:eol-style
Added: trunk/LayoutTests/crypto/subtle/hmac-check-algorithm.html (0 => 159975)
--- trunk/LayoutTests/crypto/subtle/hmac-check-algorithm.html (rev 0)
+++ trunk/LayoutTests/crypto/subtle/hmac-check-algorithm.html 2013-12-02 23:43:01 UTC (rev 159975)
@@ -0,0 +1,36 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+<script src=""
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+
+<script>
+description("Test that HMAC operations only work when hash functions match between invocation and key.");
+
+jsTestIsAsync = true;
+
+var hmacKey = asciiToUint8Array('a');
+var extractable = true;
+
+debug("Importing a raw HMAC SHA-1 key from string literal...");
+crypto.subtle.importKey("raw", hmacKey, {name: 'hmac', hash: {name: 'sha-1'}}, extractable, ["sign", "verify"]).then(function(result) {
+ debug("Done");
+ key = result;
+
+ shouldNotThrow("crypto.subtle.sign({name: 'hmac', hash: {name: 'sha-1'}}, key, asciiToUint8Array('foo'))");
+ shouldThrow("crypto.subtle.sign({name: 'hmac', hash: {name: 'sha-256'}}, key, asciiToUint8Array('foo'))");
+
+ shouldNotThrow("crypto.subtle.verify({name: 'hmac', hash: {name: 'sha-1'}}, key, asciiToUint8Array('fake signature'), asciiToUint8Array('foo'))");
+ shouldThrow("crypto.subtle.verify({name: 'hmac', hash: {name: 'sha-256'}}, key, asciiToUint8Array('fake signature'), asciiToUint8Array('foo'))");
+
+ finishJSTest();
+});
+</script>
+
+<script src=""
+</body>
+</html>
Property changes on: trunk/LayoutTests/crypto/subtle/hmac-check-algorithm.html
___________________________________________________________________
Added: svn:mime-type
Modified: trunk/Source/WebCore/ChangeLog (159974 => 159975)
--- trunk/Source/WebCore/ChangeLog 2013-12-02 23:30:53 UTC (rev 159974)
+++ trunk/Source/WebCore/ChangeLog 2013-12-02 23:43:01 UTC (rev 159975)
@@ -1,3 +1,15 @@
+2013-12-02 Alexey Proskuryakov <[email protected]>
+
+ WebCrypto HMAC doesn't check key algorithm's hash
+ https://bugs.webkit.org/show_bug.cgi?id=125114
+
+ Reviewed by Anders Carlsson.
+
+ Test: crypto/subtle/hmac-check-algorithm.html
+
+ * crypto/algorithms/CryptoAlgorithmHMAC.cpp:
+ (WebCore::CryptoAlgorithmHMAC::keyAlgorithmMatches): Check it.
+
2013-12-02 Brady Eidson <[email protected]>
Possible crash in ProgressTracker::progressHeartbeatTimerFired(Timer<ProgressTracker>*)
Modified: trunk/Source/WebCore/crypto/algorithms/CryptoAlgorithmHMAC.cpp (159974 => 159975)
--- trunk/Source/WebCore/crypto/algorithms/CryptoAlgorithmHMAC.cpp 2013-12-02 23:30:53 UTC (rev 159974)
+++ trunk/Source/WebCore/crypto/algorithms/CryptoAlgorithmHMAC.cpp 2013-12-02 23:43:01 UTC (rev 159975)
@@ -56,12 +56,15 @@
return s_identifier;
}
-bool CryptoAlgorithmHMAC::keyAlgorithmMatches(const CryptoAlgorithmHmacParams&, const CryptoKey& key) const
+bool CryptoAlgorithmHMAC::keyAlgorithmMatches(const CryptoAlgorithmHmacParams& parameters, const CryptoKey& key) const
{
if (key.algorithmIdentifier() != s_identifier)
return false;
ASSERT(isCryptoKeyHMAC(key));
+ if (toCryptoKeyHMAC(key).hashAlgorithmIdentifier() != parameters.hash)
+ return false;
+
return true;
}
