27448 – HmacImportParams having a non-required hash is inconsistent with other algorithms

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 27448 - HmacImportParams having a non-required hash is inconsistent with other algorithms

Summary: HmacImportParams having a non-required hash is inconsistent with other algori...

Status:	RESOLVED MOVED

Alias:	None

Product:	Web Cryptography
Classification:	Unclassified
Component:	Web Cryptography API Document (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P2 normal
Target Milestone:	---
Assignee:	Ryan Sleevi
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-11-26 19:24 UTC by Eric Roman
Modified:	2016-05-23 23:40 UTC (History)
CC List:	2 users (show)

See Also:

Attachments

Description Eric Roman 2014-11-26 19:24:09 UTC

HmacImportParams has an optional "hash" attribute. This is inconsistent with how import works for other algorithms, whereby algorithm parameters need to be fully specified during import.

In particular, HMAC import from JWK allows the "hash" attribute on the import algorithm to be unspecified, and it is filled in using the JWK's "alg" (if one was specified).

By contrast when importing an RSA key the "hash" attribute is required, even though it could similarly be inferred from the JWK's "alg". Another example is the namedCurve attribute when importing EC keys. WebCrypto requires it to be specified even though it could similarly be inferred from the JWK's "crv" member.

I believe HmacImportParams should make "hash" required to match other algorithms. This also means one less failure case for HMAC's "get key length" operation (since if length is unspecified then at least the hash is guaranteed to be present).

Comment 1 Mark Watson 2016-05-23 23:40:15 UTC

Moved to https://github.com/w3c/webcrypto/issues/37