Changeset 173874 in webkit

Timestamp:

Sep 23, 2014 9:41:45 AM (10 years ago)

Author:

commit-queue@webkit.org

Message:

[GTK] Adds implementation of subtle crypto HMAC algorithm
​https://bugs.webkit.org/show_bug.cgi?id=133320

Patch by Eduardo Lima Mitev <​elima@igalia.com> on 2014-09-23
Reviewed by Philippe Normand.

Source/WebCore:

Tests are already in place under crypto/subtle/hmac-*.html

• crypto/gtk/CryptoAlgorithmHMACGtk.cpp:

(WebCore::getGnutlsDigestAlgorithm):
(WebCore::calculateSignature):
(WebCore::CryptoAlgorithmHMAC::platformSign):
(WebCore::CryptoAlgorithmHMAC::platformVerify):

LayoutTests:

• platform/gtk/TestExpectations: Whitelists HMAC related tests that are passing

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/platform/gtk/TestExpectations (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/crypto/gtk/CryptoAlgorithmHMACGtk.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2014-09-23  Eduardo Lima Mitev  <elima@igalia.com>
+
+        [GTK] Adds implementation of subtle crypto HMAC algorithm
+        https://bugs.webkit.org/show_bug.cgi?id=133320
+
+        Reviewed by Philippe Normand.
+
+        * platform/gtk/TestExpectations: Whitelists HMAC related tests that are passing
+
 2014-09-23  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
 

trunk/LayoutTests/platform/gtk/TestExpectations

@@ -364 +364 @@
 webkit.org/b/133319 crypto/subtle/sha-384.html [ Pass ]
 webkit.org/b/133319 crypto/subtle/sha-512.html [ Pass ]
+webkit.org/b/133320 crypto/subtle/hmac-check-algorithm.html [ Pass ]
+webkit.org/b/133320 crypto/subtle/hmac-export-key.html [ Pass ]
+webkit.org/b/133320 crypto/subtle/hmac-generate-key.html [ Pass ]
+webkit.org/b/133320 crypto/subtle/hmac-import-jwk.html [ Pass ]
+webkit.org/b/133320 crypto/subtle/hmac-sign-verify-empty-key.html [ Pass ]
+webkit.org/b/133320 crypto/subtle/hmac-sign-verify.html [ Pass ]
 
 # QuickTime plug-in not relevant to this port

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2014-09-23  Eduardo Lima Mitev  <elima@igalia.com>
+
+        [GTK] Adds implementation of subtle crypto HMAC algorithm
+        https://bugs.webkit.org/show_bug.cgi?id=133320
+
+        Reviewed by Philippe Normand.
+
+        Tests are already in place under crypto/subtle/hmac-*.html
+
+        * crypto/gtk/CryptoAlgorithmHMACGtk.cpp:
+        (WebCore::getGnutlsDigestAlgorithm):
+        (WebCore::calculateSignature):
+        (WebCore::CryptoAlgorithmHMAC::platformSign):
+        (WebCore::CryptoAlgorithmHMAC::platformVerify):
+
 2014-09-23  Eduardo Lima Mitev  <elima@igalia.com>
 

trunk/Source/WebCore/crypto/gtk/CryptoAlgorithmHMACGtk.cpp

@@ -32 +32 @@
 #include "CryptoKeyHMAC.h"
 #include "ExceptionCode.h"
-#include "NotImplemented.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+#include <wtf/CryptographicUtilities.h>
 
 namespace WebCore {
 
+static gnutls_mac_algorithm_t getGnutlsDigestAlgorithm(CryptoAlgorithmIdentifier hashFunction)
+{
+    switch (hashFunction) {
+    case CryptoAlgorithmIdentifier::SHA_1:
+        return GNUTLS_MAC_SHA1;
+    case CryptoAlgorithmIdentifier::SHA_224:
+        return GNUTLS_MAC_SHA224;
+    case CryptoAlgorithmIdentifier::SHA_256:
+        return GNUTLS_MAC_SHA256;
+    case CryptoAlgorithmIdentifier::SHA_384:
+        return GNUTLS_MAC_SHA384;
+    case CryptoAlgorithmIdentifier::SHA_512:
+        return GNUTLS_MAC_SHA512;
+    default:
+        return GNUTLS_MAC_UNKNOWN;
+    }
+}
+
+static Vector<uint8_t> calculateSignature(gnutls_mac_algorithm_t algorithm, const Vector<uint8_t>& key, const CryptoOperationData& data)
+{
+    size_t digestLength = gnutls_hmac_get_len(algorithm);
+
+    Vector<uint8_t> result(digestLength);
+    const void* keyData = key.data() ? key.data() : reinterpret_cast<const uint8_t*>("");
+    int ret = gnutls_hmac_fast(algorithm, keyData, key.size(), data.first, data.second, result.data());
+    ASSERT(ret == GNUTLS_E_SUCCESS);
+    UNUSED_PARAM(ret);
+
+    return result;
+}
+
 void CryptoAlgorithmHMAC::platformSign(const CryptoAlgorithmHmacParams& parameters, const CryptoKeyHMAC& key, const CryptoOperationData& data, VectorCallback callback, VoidCallback failureCallback, ExceptionCode& ec)
 {
-    notImplemented();
-    ec = NOT_SUPPORTED_ERR;
-    failureCallback();
+    gnutls_mac_algorithm_t algorithm = getGnutlsDigestAlgorithm(parameters.hash);
+    if (algorithm == GNUTLS_MAC_UNKNOWN) {
+        ec = NOT_SUPPORTED_ERR;
+        failureCallback();
+        return;
+    }
 
-    UNUSED_PARAM(parameters);
-    UNUSED_PARAM(key);
-    UNUSED_PARAM(data);
-    UNUSED_PARAM(callback);
-    UNUSED_PARAM(ec);
+    Vector<uint8_t> signature = calculateSignature(algorithm, key.key(), data);
+
+    callback(signature);
 }
 
 void CryptoAlgorithmHMAC::platformVerify(const CryptoAlgorithmHmacParams& parameters, const CryptoKeyHMAC& key, const CryptoOperationData& expectedSignature, const CryptoOperationData& data, BoolCallback callback, VoidCallback failureCallback, ExceptionCode& ec)
 {
-    notImplemented();
-    ec = NOT_SUPPORTED_ERR;
-    failureCallback();
+    gnutls_mac_algorithm_t algorithm = getGnutlsDigestAlgorithm(parameters.hash);
+    if (algorithm == GNUTLS_MAC_UNKNOWN) {
+        ec = NOT_SUPPORTED_ERR;
+        failureCallback();
+        return;
+    }
 
-    UNUSED_PARAM(parameters);
-    UNUSED_PARAM(key);
-    UNUSED_PARAM(expectedSignature);
-    UNUSED_PARAM(data);
-    UNUSED_PARAM(callback);
-    UNUSED_PARAM(ec);
+    Vector<uint8_t> signature = calculateSignature(algorithm, key.key(), data);
+
+    // Using a constant time comparison to prevent timing attacks.
+    bool result = signature.size() == expectedSignature.second && !constantTimeMemcmp(signature.data(), expectedSignature.first, signature.size());
+
+    callback(result);
 }