diff options
Diffstat (limited to 'extensions')
| -rw-r--r-- | extensions/crypto/00_crypto.js | 10 | ||||
| -rw-r--r-- | extensions/crypto/lib.rs | 5 |
2 files changed, 15 insertions, 0 deletions
diff --git a/extensions/crypto/00_crypto.js b/extensions/crypto/00_crypto.js index a21469a81..449946295 100644 --- a/extensions/crypto/00_crypto.js +++ b/extensions/crypto/00_crypto.js @@ -80,6 +80,7 @@ "verify": { "RSASSA-PKCS1-v1_5": null, "RSA-PSS": "RsaPssParams", + "HMAC": null, }, "importKey": { "HMAC": "HmacImportParams", @@ -690,6 +691,15 @@ signature, }, data); } + case "HMAC": { + const hash = key[_algorithm].hash.name; + return await core.opAsync("op_crypto_verify_key", { + key: keyData, + algorithm: "HMAC", + hash, + signature, + }, data); + } } throw new TypeError("unreachable"); diff --git a/extensions/crypto/lib.rs b/extensions/crypto/lib.rs index 09f237fa6..d1908120d 100644 --- a/extensions/crypto/lib.rs +++ b/extensions/crypto/lib.rs @@ -505,6 +505,11 @@ pub async fn op_crypto_verify_key( .verify(padding, &hashed, &*args.signature) .is_ok() } + Algorithm::Hmac => { + let hash: HmacAlgorithm = args.hash.ok_or_else(not_supported)?.into(); + let key = HmacKey::new(hash, &*args.key.data); + ring::hmac::verify(&key, data, &*args.signature).is_ok() + } _ => return Err(type_error("Unsupported algorithm".to_string())), }; |