HMAC sign/verify ignores algorithm param length

[microshine]

• Extend tests for different length (vectors/simple)

• Extend Hmac.sign and Hmac.verify functions

[microshine]

WebCrypto doesn't support this specification
W3 WebCryptoAPI HMAC

[YuryStrozhevsky]

We need to support the HMAC since Chrome and Firefox are supporting it. Also for PKIjs the algorithm is necessary for encryption cases.

[microshine]

@YuryStrozhevsky Could you review it?
https://github.com/PeculiarVentures/node-webcrypto-ossl/blob/master/lib/crypto/hmac.ts#L36

[witchent]

Is this still a problem after the core update? I think this might be the reason why I cannot get signal-desktop to run with this implementation

[microshine]

@witchent I published a new version of node-webcrypto-ossl. I fixed issues with a default length parameter for HMAC mechanism. Now it uses 512 length by default for all hash algorithms and sets length property to key algorithm

[microshine]

@witchent Please let me know if it fixes your issue for signal-desktop

[witchent]

Sadly it does not. I actually don't really know why anyway though, with your old version everything works fine, but with the new one I get a different mac calculated as the phone sends.

I am starting to believe that the problem lies somewhere else though, as I tested the HMAC mechanism and it did do exactly what I wanted it to. So maybe something happened to a different part in your library, but I don't know what yet. Will get back to you if I find out whats wrong.

Thanks again

[microshine]

@witchent I'm trying to find a difference between the previous and current versions. But I need your help with that. Can we have a chat via Skype or Hangouts? My email is microshine@mail.ru

[witchent]

I add you on skype

[microshine]

@witchent I updated the previous version of node-webcrypto-ossl@1.0.49. It fixes an issue with AES-CTR param.

Please try it and let me know if it fixes your problem.

To install prev version use

npm i node-webcrypto-ossl@^1

[witchent]

Yes, this one works fine. Still a bit sad that the new one does not, but it is way better than keeping a fork. Thanks a lot :)

[rmhrisk]

@witchent is this for the regular signal client or a personal project?

[witchent]

More of a personal project, but public accessible. It is a matrix <--> signal bridge. So v1 is good enough for the project, it's more that it is super weird that it does not work with v2 anymore.

[rmhrisk]

A matrix to signal bridge would be interesting. Yes, I am worried about the v1->v2 difference for sure. Just wanted to asses how much effort to put in once that's resolved ;)