Rename internal function Crypto.hash to sha256

Author: emlun

webauthn-server-core/src/main/java/com/yubico/webauthn/AndroidSafetynetAttestationStatementVerifier.java

@@ -68,7 +68,7 @@ public boolean verifyAttestationSignature(
 
     ByteArray signedData =
         attestationObject.getAuthenticatorData().getBytes().concat(clientDataJsonHash);
-    ByteArray hashSignedData = Crypto.hash(signedData);
+    ByteArray hashSignedData = Crypto.sha256(signedData);
     ByteArray nonceByteArray = ByteArray.fromBase64(payload.get("nonce").textValue());
     ExceptionUtil.assure(
         hashSignedData.equals(nonceByteArray),

webauthn-server-core/src/main/java/com/yubico/webauthn/Crypto.java

@@ -137,12 +137,12 @@ public static boolean verifySignature(
     }
   }
 
-  public static ByteArray hash(ByteArray bytes) {
+  public static ByteArray sha256(ByteArray bytes) {
     //noinspection UnstableApiUsage
     return new ByteArray(Hashing.sha256().hashBytes(bytes.getBytes()).asBytes());
   }
 
-  public static ByteArray hash(String str) {
-    return hash(new ByteArray(str.getBytes(StandardCharsets.UTF_8)));
+  public static ByteArray sha256(String str) {
+    return sha256(new ByteArray(str.getBytes(StandardCharsets.UTF_8)));
   }
 }

webauthn-server-core/src/main/java/com/yubico/webauthn/FinishAssertionSteps.java

@@ -421,15 +421,15 @@ class Step11 implements Step<Step12> {
     public void validate() {
       try {
         assure(
-            Crypto.hash(rpId)
+            Crypto.sha256(rpId)
                 .equals(response.getResponse().getParsedAuthenticatorData().getRpIdHash()),
             "Wrong RP ID hash.");
       } catch (IllegalArgumentException e) {
         Optional<AppId> appid =
             request.getPublicKeyCredentialRequestOptions().getExtensions().getAppid();
         if (appid.isPresent()) {
           assure(
-              Crypto.hash(appid.get().getId())
+              Crypto.sha256(appid.get().getId())
                   .equals(response.getResponse().getParsedAuthenticatorData().getRpIdHash()),
               "Wrong RP ID hash.");
         } else {
@@ -537,7 +537,7 @@ public Step16 nextStep() {
     }
 
     public ByteArray clientDataJsonHash() {
-      return Crypto.hash(response.getResponse().getClientDataJSON());
+      return Crypto.sha256(response.getResponse().getClientDataJSON());
     }
   }
 

webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationSteps.java

@@ -259,7 +259,7 @@ public Step8 nextStep() {
     }
 
     public ByteArray clientDataJsonHash() {
-      return Crypto.hash(response.getResponse().getClientDataJSON());
+      return Crypto.sha256(response.getResponse().getClientDataJSON());
     }
   }
 
@@ -292,7 +292,7 @@ class Step9 implements Step<Step10> {
     @Override
     public void validate() {
       assure(
-          Crypto.hash(rpId)
+          Crypto.sha256(rpId)
               .equals(response.getResponse().getAttestation().getAuthenticatorData().getRpIdHash()),
           "Wrong RP ID hash.");
     }

webauthn-server-core/src/test/scala/com/yubico/webauthn/PackedAttestationStatementVerifierSpec.scala

@@ -82,7 +82,7 @@ class PackedAttestationStatementVerifierSpec
 
           val result = verifier.verifyAttestationSignature(
             credential.getResponse.getAttestation,
-            Crypto.hash(credential.getResponse.getClientDataJSON),
+            Crypto.sha256(credential.getResponse.getClientDataJSON),
           )
 
           key.getAlgorithm should be("EC")
@@ -100,7 +100,7 @@ class PackedAttestationStatementVerifierSpec
 
           val result = verifier.verifyAttestationSignature(
             credential.getResponse.getAttestation,
-            Crypto.hash(credential.getResponse.getClientDataJSON),
+            Crypto.sha256(credential.getResponse.getClientDataJSON),
           )
 
           key.getAlgorithm should be("RSA")

webauthn-server-core/src/test/scala/com/yubico/webauthn/RegistrationTestData.scala

@@ -510,7 +510,7 @@ case class RegistrationTestData(
   def clientDataJsonBytes: ByteArray =
     new ByteArray(clientDataJson.getBytes("UTF-8"))
   def clientData = new CollectedClientData(clientDataJsonBytes)
-  def clientDataJsonHash: ByteArray = Crypto.hash(clientDataJsonBytes)
+  def clientDataJsonHash: ByteArray = Crypto.sha256(clientDataJsonBytes)
   def aaguid: ByteArray =
     new AttestationObject(
       attestationObject

webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyAssertionSpec.scala

@@ -73,7 +73,7 @@ class RelyingPartyAssertionSpec
 
   private def jsonFactory: JsonNodeFactory = JsonNodeFactory.instance
 
-  private def sha256(bytes: ByteArray): ByteArray = Crypto.hash(bytes)
+  private def sha256(bytes: ByteArray): ByteArray = Crypto.sha256(bytes)
   private def sha256(data: String): ByteArray =
     sha256(new ByteArray(data.getBytes(Charset.forName("UTF-8"))))
 
@@ -1419,7 +1419,7 @@ class RelyingPartyAssertionSpec
 
           it("A test case with a different signed RP ID hash fails.") {
             val rpId = "ARGHABLARGHLER"
-            val rpIdHash: ByteArray = Crypto.hash(rpId)
+            val rpIdHash: ByteArray = Crypto.sha256(rpId)
             val steps = finishAssertion(
               authenticatorData = new ByteArray(
                 (rpIdHash.getBytes.toVector ++ Defaults.authenticatorData.getBytes.toVector
@@ -1499,7 +1499,7 @@ class RelyingPartyAssertionSpec
               )
               val signature = TestAuthenticator.makeAssertionSignature(
                 authenticatorData,
-                Crypto.hash(Defaults.clientDataJsonBytes),
+                Crypto.sha256(Defaults.clientDataJsonBytes),
                 Defaults.credentialKey.getPrivate,
               )
 

webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala

@@ -86,7 +86,7 @@ class RelyingPartyRegistrationSpec
   private def toJson(obj: Map[String, String]): JsonNode =
     toJsonObject(obj.view.mapValues(jsonFactory.textNode).toMap)
 
-  private def sha256(bytes: ByteArray): ByteArray = Crypto.hash(bytes)
+  private def sha256(bytes: ByteArray): ByteArray = Crypto.sha256(bytes)
 
   def flipByte(index: Int, bytes: ByteArray): ByteArray =
     editByte(bytes, index, b => (0xff ^ b).toByte)
@@ -1142,7 +1142,7 @@ class RelyingPartyRegistrationSpec
                 RegistrationTestData.FidoU2f.BasicAttestation
               )
               val step: FinishRegistrationSteps#Step14 = new steps.Step14(
-                Crypto.hash(
+                Crypto.sha256(
                   new ByteArray(
                     testData.clientDataJsonBytes.getBytes.updated(
                       20,
@@ -1169,7 +1169,7 @@ class RelyingPartyRegistrationSpec
                 credentialId = Some(new ByteArray(Array.fill(16)(0))),
               )
               val step: FinishRegistrationSteps#Step14 = new steps.Step14(
-                Crypto.hash(testData.clientDataJsonBytes),
+                Crypto.sha256(testData.clientDataJsonBytes),
                 new AttestationObject(testData.attestationObject),
                 Some(new FidoU2fAttestationStatementVerifier).asJava,
                 Nil.asJava,
@@ -1218,7 +1218,7 @@ class RelyingPartyRegistrationSpec
                 credentialId = Some(new ByteArray(Array.fill(16)(0))),
               )
               val step: FinishRegistrationSteps#Step14 = new steps.Step14(
-                Crypto.hash(testData.clientDataJsonBytes),
+                Crypto.sha256(testData.clientDataJsonBytes),
                 new AttestationObject(testData.attestationObject),
                 Some(new FidoU2fAttestationStatementVerifier).asJava,
                 Nil.asJava,
@@ -1268,7 +1268,7 @@ class RelyingPartyRegistrationSpec
                   new FidoU2fAttestationStatementVerifier()
                     .verifyAttestationSignature(
                       credential.getResponse.getAttestation,
-                      Crypto.hash(credential.getResponse.getClientDataJSON),
+                      Crypto.sha256(credential.getResponse.getClientDataJSON),
                     )
                 }
 
@@ -1320,7 +1320,7 @@ class RelyingPartyRegistrationSpec
                   new FidoU2fAttestationStatementVerifier()
                     .verifyAttestationSignature(
                       credential.getResponse.getAttestation,
-                      Crypto.hash(credential.getResponse.getClientDataJSON),
+                      Crypto.sha256(credential.getResponse.getClientDataJSON),
                     )
                 }
 
@@ -1372,7 +1372,7 @@ class RelyingPartyRegistrationSpec
 
                 val steps = finishRegistration(testData = testData)
                 val step: FinishRegistrationSteps#Step14 = new steps.Step14(
-                  Crypto.hash(testData.clientDataJsonBytes),
+                  Crypto.sha256(testData.clientDataJsonBytes),
                   new AttestationObject(testData.attestationObject),
                   Some(new NoneAttestationStatementVerifier).asJava,
                   Nil.asJava,

webauthn-server-core/src/test/scala/com/yubico/webauthn/TestAuthenticator.scala

@@ -579,7 +579,7 @@ object TestAuthenticator {
       .signature(
         makeAssertionSignature(
           authDataBytes,
-          Crypto.hash(clientDataJsonBytes),
+          Crypto.sha256(clientDataJsonBytes),
           credentialKey.getPrivate,
           alg,
         )
@@ -611,7 +611,7 @@ object TestAuthenticator {
       new ByteArray(
         (Vector[Byte](0)
           ++ rpIdHash.getBytes
-          ++ Crypto.hash(clientDataJson).getBytes
+          ++ Crypto.sha256(clientDataJson).getBytes
           ++ credentialId.getBytes
           ++ credentialPublicKeyRawBytes.getBytes).toArray
       )
@@ -655,7 +655,7 @@ object TestAuthenticator {
       signer: AttestationSigner,
   ): JsonNode = {
     val signedData = new ByteArray(
-      authDataBytes.getBytes ++ Crypto.hash(clientDataJson).getBytes
+      authDataBytes.getBytes ++ Crypto.sha256(clientDataJson).getBytes
     )
     val signature = signer match {
       case SelfAttestation(keypair, alg) =>
@@ -693,7 +693,8 @@ object TestAuthenticator {
       cert: AttestationCert,
       ctsProfileMatch: Boolean = true,
   ): JsonNode = {
-    val nonce = Crypto.hash(authDataBytes concat Crypto.hash(clientDataJson))
+    val nonce =
+      Crypto.sha256(authDataBytes concat Crypto.sha256(clientDataJson))
 
     val f = JsonNodeFactory.instance
 
@@ -722,11 +723,11 @@ object TestAuthenticator {
           "nonce" -> f.textNode(nonce.getBase64),
           "timestampMs" -> f.numberNode(Instant.now().toEpochMilli),
           "apkPackageName" -> f.textNode("com.yubico.webauthn.test"),
-          "apkDigestSha256" -> f.textNode(Crypto.hash("foo").getBase64),
+          "apkDigestSha256" -> f.textNode(Crypto.sha256("foo").getBase64),
           "ctsProfileMatch" -> f.booleanNode(ctsProfileMatch),
           "aplCertificateDigestSha256" -> f
             .arrayNode()
-            .add(f.textNode(Crypto.hash("foo").getBase64)),
+            .add(f.textNode(Crypto.sha256("foo").getBase64)),
           "basicIntegrity" -> f.booleanNode(true),
         ).asJava
       )

webauthn-server-demo/src/main/java/com/yubico/webauthn/U2fVerifier.java

@@ -44,9 +44,9 @@ public class U2fVerifier {
   public static boolean verify(
       AppId appId, RegistrationRequest request, U2fRegistrationResponse response)
       throws CertificateException, IOException, Base64UrlException {
-    final ByteArray appIdHash = Crypto.hash(appId.getId());
+    final ByteArray appIdHash = Crypto.sha256(appId.getId());
     final ByteArray clientDataHash =
-        Crypto.hash(response.getCredential().getU2fResponse().getClientDataJSON());
+        Crypto.sha256(response.getCredential().getU2fResponse().getClientDataJSON());
 
     final JsonNode clientData =
         JacksonCodecs.json()