[webkit-changes] [WebKit/WebKit] c29b86: Make getKeyLength return an optional
Commit Queue
noreply at github.com
Mon Oct 28 10:25:19 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: c29b8687ec88543d82a462ace9b3eef38d71024f
https://github.com/WebKit/WebKit/commit/c29b8687ec88543d82a462ace9b3eef38d71024f
Author: Nitin Mahendru <nitinmahendru at apple.com>
Date: 2024-10-28 (Mon, 28 Oct 2024)
Changed paths:
A LayoutTests/crypto/subtle/derive-key-for-all-supported-algorithms-expected.txt
A LayoutTests/crypto/subtle/derive-key-for-all-supported-algorithms.html
M Source/WebCore/crypto/CryptoAlgorithm.cpp
M Source/WebCore/crypto/CryptoAlgorithm.h
M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCBC.cpp
M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCBC.h
M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCFB.cpp
M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCFB.h
M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCTR.cpp
M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCTR.h
M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESGCM.cpp
M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESGCM.h
M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESKW.cpp
M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESKW.h
M Source/WebCore/crypto/algorithms/CryptoAlgorithmHKDF.cpp
M Source/WebCore/crypto/algorithms/CryptoAlgorithmHKDF.h
M Source/WebCore/crypto/algorithms/CryptoAlgorithmHMAC.cpp
M Source/WebCore/crypto/algorithms/CryptoAlgorithmHMAC.h
M Source/WebCore/crypto/algorithms/CryptoAlgorithmPBKDF2.cpp
M Source/WebCore/crypto/algorithms/CryptoAlgorithmPBKDF2.h
M Source/WebCore/crypto/keys/CryptoKeyAES.cpp
M Source/WebCore/crypto/keys/CryptoKeyAES.h
M Source/WebCore/crypto/keys/CryptoKeyHMAC.cpp
M Source/WebCore/crypto/keys/CryptoKeyHMAC.h
Log Message:
-----------
Make getKeyLength return an optional
https://bugs.webkit.org/show_bug.cgi?id=282096
rdar://138656378
Reviewed by Matthew Finkel and David Kilzer.
WebKit's current implementation has no way to return `null` for getKeyLength.
It always returns a size_t which will always have a value.
But the ability to return an optional(no value meaning null) is needed for adherence to the spec for the below algorithms.
More details:
[1] https://w3c.github.io/webcrypto/#pbkdf2-operations
[2] https://w3c.github.io/webcrypto/#hkdf-operations
Also this is needed as a first step for re-landing https://commits.webkit.org/285383@main.
285383 at main exposed a problem wherein the deriveKey output changed without any change on client side code.
deriveKey calls getKeyLength internally and that is hardcoded to zero(seemingly for representing null) for HKDF/PBKDF2.
But that is fundamentally wrong.
With 285383 at main we started treating zero length as zero length for deriveBits.
deriveKey basically takes the deriveKeyAlgorithm and calls getKeylength on that.
Then it calls deriveBits using that length. Before 28583 at main our ECDH implementation
was returning the whole key on zero length for deriveBits, so deriveKey just worked fine.
But with 285383 at main, that length was "correctly" used by the internal deriveBits operation to truncate to zero
and the deriveKey output thus changed completely.
So any use of the derivedKey will also produce a "different" output.
The test added here expands the scope of deriveKey tests that we have so that the derivedKey is actually exercised
and a scenario where two parties are trying to derive the same key actually works.
* LayoutTests/crypto/subtle/derive-key-for-all-supported-algorithms-expected.txt: Added.
* LayoutTests/crypto/subtle/derive-key-for-all-supported-algorithms.html: Added.
* Source/WebCore/crypto/CryptoAlgorithm.cpp:
(WebCore::CryptoAlgorithm::getKeyLength):
* Source/WebCore/crypto/CryptoAlgorithm.h:
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCBC.cpp:
(WebCore::CryptoAlgorithmAESCBC::getKeyLength):
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCBC.h:
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCFB.cpp:
(WebCore::CryptoAlgorithmAESCFB::getKeyLength):
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCFB.h:
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCTR.cpp:
(WebCore::CryptoAlgorithmAESCTR::getKeyLength):
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCTR.h:
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESGCM.cpp:
(WebCore::CryptoAlgorithmAESGCM::getKeyLength):
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESGCM.h:
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESKW.cpp:
(WebCore::CryptoAlgorithmAESKW::getKeyLength):
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESKW.h:
* Source/WebCore/crypto/algorithms/CryptoAlgorithmHKDF.cpp:
(WebCore::CryptoAlgorithmHKDF::getKeyLength):
* Source/WebCore/crypto/algorithms/CryptoAlgorithmHKDF.h:
* Source/WebCore/crypto/algorithms/CryptoAlgorithmHMAC.cpp:
(WebCore::CryptoAlgorithmHMAC::getKeyLength):
* Source/WebCore/crypto/algorithms/CryptoAlgorithmHMAC.h:
* Source/WebCore/crypto/algorithms/CryptoAlgorithmPBKDF2.cpp:
(WebCore::CryptoAlgorithmPBKDF2::getKeyLength):
* Source/WebCore/crypto/algorithms/CryptoAlgorithmPBKDF2.h:
* Source/WebCore/crypto/keys/CryptoKeyAES.cpp:
(WebCore::CryptoKeyAES::getKeyLength):
* Source/WebCore/crypto/keys/CryptoKeyAES.h:
* Source/WebCore/crypto/keys/CryptoKeyHMAC.cpp:
(WebCore::getKeyLengthFromHash):
(WebCore::CryptoKeyHMAC::generate):
(WebCore::CryptoKeyHMAC::getKeyLength):
* Source/WebCore/crypto/keys/CryptoKeyHMAC.h:
Canonical link: https://commits.webkit.org/285769@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list