eliott/servo
1
0
Fork 0
mirror of https://github.com/servo/servo synced 2026-05-12 09:56:50 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
2518f97dace2ba007e00d960b756b976f74ca921
servo/components/script/dom/subtlecrypto
History
Kingsley Yung 4d0c29c2c7 script: Require HMAC comparison to be constant time (#43773) 
We should compare HMAC signatures in constant time when validating
user-provided signatures, to prevent leaking timing information
proportional to the number of matching bytes. The WebCrypto
specification has also updated to require to use constant-time
comparison in HMAC signatures.

We update our implementation accordingly. Since we are still using the
`aws-lc-rs` crate for our HMAC implementation, we use the function
`verify_slices_are_equal` provided by `aws_lc_rs::constant_time` to
guarantees the comparison is constant-time.

Specification Update:
c962bc7ebb
Testing: Existing tests suffice.

Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
2026-03-31 18:18:05 +00:00
..
aes_cbc_operation.rs
script: Pass &mut JSContext to methods of SubtleCrypto (#42726)
2026-02-20 11:18:29 +00:00
aes_common.rs
script: Use CryptoAlgorithm in name fields of subtle dictionaries (#43055)
2026-03-06 07:14:49 +00:00
aes_ctr_operation.rs
script: Pass &mut JSContext to methods of SubtleCrypto (#42726)
2026-02-20 11:18:29 +00:00
aes_gcm_operation.rs
script: Pass &mut JSContext to methods of SubtleCrypto (#42726)
2026-02-20 11:18:29 +00:00
aes_kw_operation.rs
script: Pass &mut JSContext to methods of SubtleCrypto (#42726)
2026-02-20 11:18:29 +00:00
aes_ocb_operation.rs
script: Pass &mut JSContext to methods of SubtleCrypto (#42726)
2026-02-20 11:18:29 +00:00
argon2_operation.rs
script: Use CryptoAlgorithm in name fields of subtle dictionaries (#43055)
2026-03-06 07:14:49 +00:00
chacha20_poly1305_operation.rs
script: Use CryptoAlgorithm in name fields of subtle dictionaries (#43055)
2026-03-06 07:14:49 +00:00
cshake_operation.rs
script: Rename length parameter of cSHAKE to outputLength (#43533)
2026-03-22 06:28:53 +00:00
ec_common.rs
script: Implement "getPublicKey" operations of ECDSA and ECDH (#43106)
2026-03-09 12:01:27 +00:00
ecdh_operation.rs
script: Implement "getPublicKey" operations of ECDSA and ECDH (#43106)
2026-03-09 12:01:27 +00:00
ecdsa_operation.rs
script: Implement "getPublicKey" operations of ECDSA and ECDH (#43106)
2026-03-09 12:01:27 +00:00
ed25519_operation.rs
WebCryptoAPI: implement Ed25519 and split Handle::Ed25519 into Ed25519PrivateKey and Ed25519PublicKey (#43115)
2026-03-09 17:51:52 +00:00
hkdf_operation.rs
script: Use CryptoAlgorithm in name fields of subtle dictionaries (#43055)
2026-03-06 07:14:49 +00:00
hmac_operation.rs
script: Require HMAC comparison to be constant time (#43773)
2026-03-31 18:18:05 +00:00
ml_dsa_operation.rs
script: ML-KEM/ML-DSA PKCS8 keys in non-seed-only formats (#43315)
2026-03-16 14:02:33 +00:00
ml_kem_operation.rs
script: ML-KEM/ML-DSA PKCS8 keys in non-seed-only formats (#43315)
2026-03-16 14:02:33 +00:00
pbkdf2_operation.rs
script: Use CryptoAlgorithm in name fields of subtle dictionaries (#43055)
2026-03-06 07:14:49 +00:00
rsa_common.rs
script: Implement "getPublicKey" operations of RSA algorithms (#43093)
2026-03-08 17:36:02 +00:00
rsa_oaep_operation.rs
script: Implement "getPublicKey" operations of RSA algorithms (#43093)
2026-03-08 17:36:02 +00:00
rsa_pss_operation.rs
script: Implement "getPublicKey" operations of RSA algorithms (#43093)
2026-03-08 17:36:02 +00:00
rsassa_pkcs1_v1_5_operation.rs
script: Implement "getPublicKey" operations of RSA algorithms (#43093)
2026-03-08 17:36:02 +00:00
sha3_operation.rs
script: Use CryptoAlgorithm in name fields of subtle dictionaries (#43055)
2026-03-06 07:14:49 +00:00
sha_operation.rs
script: Use CryptoAlgorithm in name fields of subtle dictionaries (#43055)
2026-03-06 07:14:49 +00:00
turboshake_operation.rs
script: Implement TurboSHAKE algorithm in WebCrypto (#43551)
2026-03-23 06:22:46 +00:00
x25519_operation.rs
script: Guarantee constant-time all-zero check on X25519 secret (#43775)
2026-03-30 12:34:50 +00:00