[webkit-changes] [WebKit/WebKit] c29b86: Make getKeyLength return an optional

Commit Queue noreply at github.com
Mon Oct 28 10:25:19 PDT 2024


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: c29b8687ec88543d82a462ace9b3eef38d71024f
      https://github.com/WebKit/WebKit/commit/c29b8687ec88543d82a462ace9b3eef38d71024f
  Author: Nitin Mahendru <nitinmahendru at apple.com>
  Date:   2024-10-28 (Mon, 28 Oct 2024)

  Changed paths:
    A LayoutTests/crypto/subtle/derive-key-for-all-supported-algorithms-expected.txt
    A LayoutTests/crypto/subtle/derive-key-for-all-supported-algorithms.html
    M Source/WebCore/crypto/CryptoAlgorithm.cpp
    M Source/WebCore/crypto/CryptoAlgorithm.h
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCBC.cpp
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCBC.h
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCFB.cpp
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCFB.h
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCTR.cpp
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCTR.h
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESGCM.cpp
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESGCM.h
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESKW.cpp
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmAESKW.h
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmHKDF.cpp
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmHKDF.h
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmHMAC.cpp
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmHMAC.h
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmPBKDF2.cpp
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmPBKDF2.h
    M Source/WebCore/crypto/keys/CryptoKeyAES.cpp
    M Source/WebCore/crypto/keys/CryptoKeyAES.h
    M Source/WebCore/crypto/keys/CryptoKeyHMAC.cpp
    M Source/WebCore/crypto/keys/CryptoKeyHMAC.h

  Log Message:
  -----------
  Make getKeyLength return an optional
https://bugs.webkit.org/show_bug.cgi?id=282096
rdar://138656378

Reviewed by Matthew Finkel and David Kilzer.

WebKit's current implementation has no way to return `null` for getKeyLength.
It always returns a size_t which will always have a value.

But the ability to return an optional(no value meaning null) is needed for adherence to the spec for the below algorithms.
More details:
[1] https://w3c.github.io/webcrypto/#pbkdf2-operations
[2] https://w3c.github.io/webcrypto/#hkdf-operations

Also this is needed as a first step for re-landing https://commits.webkit.org/285383@main.
285383 at main exposed a problem wherein the deriveKey output changed without any change on client side code.
deriveKey calls getKeyLength internally and that is hardcoded to zero(seemingly for representing null) for HKDF/PBKDF2.
But that is fundamentally wrong.
With 285383 at main we started treating zero length as zero length for deriveBits.
deriveKey basically takes the deriveKeyAlgorithm and calls getKeylength on that.
Then it calls deriveBits using that length. Before 28583 at main our ECDH implementation
was returning the whole key on zero length for deriveBits, so deriveKey just worked fine.
But with 285383 at main, that length was "correctly" used by the internal deriveBits operation to truncate to zero
and the deriveKey output thus changed completely.
So any use of the derivedKey will also produce a "different" output.

The test added here expands the scope of deriveKey tests that we have so that the derivedKey is actually exercised
and a scenario where two parties are trying to derive the same key actually works.

* LayoutTests/crypto/subtle/derive-key-for-all-supported-algorithms-expected.txt: Added.
* LayoutTests/crypto/subtle/derive-key-for-all-supported-algorithms.html: Added.
* Source/WebCore/crypto/CryptoAlgorithm.cpp:
(WebCore::CryptoAlgorithm::getKeyLength):
* Source/WebCore/crypto/CryptoAlgorithm.h:
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCBC.cpp:
(WebCore::CryptoAlgorithmAESCBC::getKeyLength):
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCBC.h:
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCFB.cpp:
(WebCore::CryptoAlgorithmAESCFB::getKeyLength):
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCFB.h:
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCTR.cpp:
(WebCore::CryptoAlgorithmAESCTR::getKeyLength):
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESCTR.h:
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESGCM.cpp:
(WebCore::CryptoAlgorithmAESGCM::getKeyLength):
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESGCM.h:
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESKW.cpp:
(WebCore::CryptoAlgorithmAESKW::getKeyLength):
* Source/WebCore/crypto/algorithms/CryptoAlgorithmAESKW.h:
* Source/WebCore/crypto/algorithms/CryptoAlgorithmHKDF.cpp:
(WebCore::CryptoAlgorithmHKDF::getKeyLength):
* Source/WebCore/crypto/algorithms/CryptoAlgorithmHKDF.h:
* Source/WebCore/crypto/algorithms/CryptoAlgorithmHMAC.cpp:
(WebCore::CryptoAlgorithmHMAC::getKeyLength):
* Source/WebCore/crypto/algorithms/CryptoAlgorithmHMAC.h:
* Source/WebCore/crypto/algorithms/CryptoAlgorithmPBKDF2.cpp:
(WebCore::CryptoAlgorithmPBKDF2::getKeyLength):
* Source/WebCore/crypto/algorithms/CryptoAlgorithmPBKDF2.h:
* Source/WebCore/crypto/keys/CryptoKeyAES.cpp:
(WebCore::CryptoKeyAES::getKeyLength):
* Source/WebCore/crypto/keys/CryptoKeyAES.h:
* Source/WebCore/crypto/keys/CryptoKeyHMAC.cpp:
(WebCore::getKeyLengthFromHash):
(WebCore::CryptoKeyHMAC::generate):
(WebCore::CryptoKeyHMAC::getKeyLength):
* Source/WebCore/crypto/keys/CryptoKeyHMAC.h:

Canonical link: https://commits.webkit.org/285769@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications


More information about the webkit-changes mailing list