Closed Bug 1113599 Opened 10 years ago Closed 10 years ago

[FxOS] Loop/Hello uses SJCL when it could use WebCrypto instead (Hawk)

Categories

(Firefox OS Graveyard :: Gaia::Loop, defect)

Product:
Firefox OS Graveyard
Component:
Gaia::Loop
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: amac, Assigned: amac)

References

Details

(Keywords: sec-low, wsec-crypto)

Attachments

(1 file)

V1. Includes Freddy's previous comments
61 bytes, text/x-github-pull-request
jaoo
: review+
Details | Review
+++ This bug was initially created as a clone of Bug #1091005 +++ It is safer to use built-in WebAPIs for cryptography than those implemented in JavaScript. One argument would be side-channels for cryptography. Bug 1091005 took care of making use of Webcrypto if available (we cannot remove SJCL completely for 2.0). This bug is to do the same with the rest of the cryptographic functions used (at hawk.js) which funnily enough didn't even use the same JS library.
This is all over but the shouting. I can't do a PR though (well, I can but it'll be very ugly) since this actually depends on landing bug 1091005 and bug 1112515 first (it builds on top of that). In any case and if you want to take a look, the commit is at: https://github.com/AntonioMA/firefoxos-loop-client/commit/e6a3f8e820f81058ebe1f9df4c515d4bc3bc0f24
Flags: needinfo?(josea.olivera)
Flags: needinfo?(fbraun)
Flags: needinfo?(fbraun)
Summary: [FxOS] Loop/Hello uses SJCL when it could use WebCrypto instead → [FxOS] Loop/Hello uses SJCL when it could use WebCrypto instead (Hawk)
This looks good. I left a few comments on GitHub: > app/js/helpers/hawk.js >> L74: Let's use getRandomValues to make nonces unpredictable here. >> L81: This could be replaced with the built-in URL parser, hopefully >> https://developer.mozilla.org/en-US/docs/Web/API/URL >> L250: Nit: You may want to use Template Strings for improved readability. >> https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/template_strings >>
I guess you can do the pull request now ;).
Flags: needinfo?(josea.olivera)
Attachment #8547607 - Flags: review?(josea.olivera)
Assignee: nobody → amac.bug
Comment on attachment 8547607 [details] [review] V1. Includes Freddy's previous comments LGTM. r=me Left a few nits on the PR. Nothing crazy. Nice clean up BTW! Thanks Antonio.
Attachment #8547607 - Flags: review?(josea.olivera) → review+
master: https://github.com/mozilla-b2g/firefoxos-loop-client/commit/0fb3c65e2c9c11a9b2cc2987355a35d89f724241
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: