Skip to content

Commit

Permalink
LibWeb: Fix bogus AesGcm and AesCtr key import length validation
Browse files Browse the repository at this point in the history 
The validation of the key size and specified algorithm was out of spec.
It is now implemented correctly like in `AesCbc`.

The issue was discovered while implementing `wrapKey` and `unwrapKey` in
the next commits.
  • Loading branch information
@devgianlu @awesomekling
devgianlu authored and awesomekling committed Dec 16, 2024
1 parent 2174e5d commit 1e98fa9
Showing 1 changed file with 18 additions and 12 deletions.
30 changes: 18 additions & 12 deletions Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1573,12 +1573,15 @@ WebIDL::ExceptionOr<GC::Ref<CryptoKey>> AesCtr::import_key(AlgorithmParams const
// throw a DataError.
auto data_bits = data.size() * 8;
auto const& alg = jwk.alg;
if (data_bits == 128 && alg != "A128CTR") {
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 128 bits, but alg specifies non-128-bit algorithm"_string);
} else if (data_bits == 192 && alg != "A192CTR") {
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 192 bits, but alg specifies non-192-bit algorithm"_string);
} else if (data_bits == 256 && alg != "A256CTR") {
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 256 bits, but alg specifies non-256-bit algorithm"_string);
if (data_bits == 128) {
if (alg.has_value() && alg != "A128CTR")
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 128 bits, but alg specifies non-128-bit algorithm"_string);
} else if (data_bits == 192) {
if (alg.has_value() && alg != "A192CTR")
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 192 bits, but alg specifies non-192-bit algorithm"_string);
} else if (data_bits == 256) {
if (alg.has_value() && alg != "A256CTR")
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 256 bits, but alg specifies non-256-bit algorithm"_string);
} else {
return WebIDL::DataError::create(m_realm, MUST(String::formatted("Invalid key size: {} bits", data_bits)));
}
Expand Down Expand Up @@ -1890,12 +1893,15 @@ WebIDL::ExceptionOr<GC::Ref<CryptoKey>> AesGcm::import_key(AlgorithmParams const
// throw a DataError.
auto data_bits = data.size() * 8;
auto const& alg = jwk.alg;
if (data_bits == 128 && alg != "A128GCM") {
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 128 bits, but alg specifies non-128-bit algorithm"_string);
} else if (data_bits == 192 && alg != "A192GCM") {
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 192 bits, but alg specifies non-192-bit algorithm"_string);
} else if (data_bits == 256 && alg != "A256GCM") {
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 256 bits, but alg specifies non-256-bit algorithm"_string);
if (data_bits == 128) {
if (alg.has_value() && alg != "A128GCM")
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 128 bits, but alg specifies non-128-bit algorithm"_string);
} else if (data_bits == 192) {
if (alg.has_value() && alg != "A192GCM")
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 192 bits, but alg specifies non-192-bit algorithm"_string);
} else if (data_bits == 256) {
if (alg.has_value() && alg != "A256GCM")
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 256 bits, but alg specifies non-256-bit algorithm"_string);
} else {
return WebIDL::DataError::create(m_realm, MUST(String::formatted("Invalid key size: {} bits", data_bits)));
}
Expand Down

0 comments on commit 1e98fa9

Please sign in to comment.