You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
HmacImportParams has an optional "hash" attribute. This is inconsistent with how import works for other algorithms, whereby algorithm parameters need to be fully specified during import.
In particular, HMAC import from JWK allows the "hash" attribute on the import algorithm to be unspecified, and it is filled in using the JWK's "alg" (if one was specified).
By contrast when importing an RSA key the "hash" attribute is required, even though it could similarly be inferred from the JWK's "alg". Another example is the namedCurve attribute when importing EC keys. WebCrypto requires it to be specified even though it could similarly be inferred from the JWK's "crv" member.
I believe HmacImportParams should make "hash" required to match other algorithms. This also means one less failure case for HMAC's "get key length" operation (since if length is unspecified then at least the hash is guaranteed to be present).
The text was updated successfully, but these errors were encountered:
mwatson2
added a commit
to mwatson2/webcrypto
that referenced
this issue
May 24, 2016
Bug 27448 from Bugzilla:
HmacImportParams has an optional "hash" attribute. This is inconsistent with how import works for other algorithms, whereby algorithm parameters need to be fully specified during import.
In particular, HMAC import from JWK allows the "hash" attribute on the import algorithm to be unspecified, and it is filled in using the JWK's "alg" (if one was specified).
By contrast when importing an RSA key the "hash" attribute is required, even though it could similarly be inferred from the JWK's "alg". Another example is the namedCurve attribute when importing EC keys. WebCrypto requires it to be specified even though it could similarly be inferred from the JWK's "crv" member.
I believe HmacImportParams should make "hash" required to match other algorithms. This also means one less failure case for HMAC's "get key length" operation (since if length is unspecified then at least the hash is guaranteed to be present).
The text was updated successfully, but these errors were encountered: