Conversation
Implement KMAC (Keccak Message Authentication Code) per NIST SP 800-185, completing WebCrypto subtle coverage for generateKey, sign, and verify. - Add HybridKmac C++ native module using OpenSSL EVP_MAC API - Support KMAC128 and KMAC256 algorithms with optional customization string - Wire into subtle.generateKey(), sign(), verify(), importKey(), exportKey() - Support raw, raw-secret, and JWK key formats (K128/K256 alg identifiers) - Add NIST SP 800-185 test vectors (6 vectors) plus round-trip tests - Update coverage tracking
… sign/verify - Replace JS XOR loop with native timingSafeEqual (CRYPTO_memcmp) in kmacSignVerify and hmacSignVerify for constant-time MAC comparison - Add output length % 8 validation in kmacSignVerify - Convert raw EVP_MAC_CTX* to unique_ptr with custom deleter (RAII) - Reset context after EVP_MAC_final to prevent use-after-finalize UB - Remove ~50 lines of inline HMAC/KMAC handling from Subtle.sign/verify, route all algorithms through the signVerify() dispatcher - hmacSignVerify() is now reachable (was dead code due to inline intercept)
Move tests from standalone kmac.ts into sign_verify.ts and import_export.ts, organized by WebCrypto operation rather than algorithm. Delete kmac.ts and remove its import.
Contributor
🤖 End-to-End Test Results - AndroidStatus: ✅ Passed 📸 Final Test ScreenshotScreenshot automatically captured from End-to-End tests and will expire in 30 days This comment is automatically updated on each test run. |
Contributor
🤖 End-to-End Test Results - iOSStatus: ✅ Passed 📸 Final Test ScreenshotScreenshot automatically captured from End-to-End tests and will expire in 30 days This comment is automatically updated on each test run. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds KMAC128 and KMAC256 (Keccak Message Authentication Code, NIST SP 800-185) to the WebCrypto
subtleAPI, with review fixes and test reorganization.Changes
KMAC Implementation (
490e1da)subtle.sign()/subtle.verify()with KMAC128/KMAC256subtle.generateKey()for KMAC symmetric keyssubtle.importKey()/subtle.exportKey()(raw + JWK formats)HybridKmacNitro Module using OpenSSL 3.6+ EVP_MAC APIalgorithm.customizationalgorithm.length(in bits)Review Fixes (
b260212)timingSafeEqual(CRYPTO_memcmp) in bothkmacSignVerifyandhmacSignVerifyfor constant-time MAC comparison% 8validation inkmacSignVerifyEVP_MAC_CTX*tounique_ptrwith custom deleter (RAII)EVP_MAC_finalto prevent use-after-finalize UBSubtle.sign()/Subtle.verify()— remove ~50 lines of inline HMAC/KMAC interception, route all algorithms through thesignVerify()dispatcher (also fixes pre-existing HMAC timing-unsafe comparison)Test Reorganization (
a613f66)kmac.tsinto operation-based files (sign_verify.ts,import_export.ts)kmac.tsTesting
Closes #938