Deno/deno
1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-11-22 04:51:22 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

fix(ext/crypto): don't panic on decryption failure (#12840)

Browse Source
This commit is contained in:
Luca Casonato 2021-11-22 23:58:21 +01:00 committed by GitHub
parent 3cc724c9ba
commit 71ceca0ffc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 43 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
cli/tests/unit/webcrypto_test.ts
View File

@ -690,3 +690,26 @@ unitTest(async function testAesKeyGen() {
assertEquals(algorithm.name, "AES-GCM");
assertEquals(algorithm.length, 256);
});
unitTest(async function testDecryptWithInvalidIntializationVector() {
const data = new Uint8Array([42, 42, 42, 42]);
const key = await crypto.subtle.generateKey(
{ name: "AES-CBC", length: 256 },
true,
["encrypt", "decrypt"],
);
const initVector = crypto.getRandomValues(new Uint8Array(16));
const encrypted = await crypto.subtle.encrypt(
{ name: "AES-CBC", iv: initVector },
key,
data,
);
const initVector2 = crypto.getRandomValues(new Uint8Array(16));
assertRejects(async () => {
await crypto.subtle.decrypt(
{ name: "AES-CBC", iv: initVector2 },
key,
encrypted,
);
}, DOMException);
});

21
ext/crypto/lib.rs
View File

@ -1603,7 +1603,12 @@ pub async fn op_crypto_decrypt_key(
block_modes::Cbc<aes::Aes128, block_modes::block_padding::Pkcs7>;
let cipher = Aes128Cbc::new_from_slices(key, &iv)?;
cipher.decrypt_vec(data)?
cipher.decrypt_vec(data).map_err(|_| {
custom_error(
"DOMExceptionOperationError",
"Decryption failed".to_string(),
)
})?
}
192 => {
// Section 10.3 Step 2 of RFC 2315 https://www.rfc-editor.org/rfc/rfc2315
@ -1611,7 +1616,12 @@ pub async fn op_crypto_decrypt_key(
block_modes::Cbc<aes::Aes192, block_modes::block_padding::Pkcs7>;
let cipher = Aes192Cbc::new_from_slices(key, &iv)?;
cipher.decrypt_vec(data)?
cipher.decrypt_vec(data).map_err(|_| {
custom_error(
"DOMExceptionOperationError",
"Decryption failed".to_string(),
)
})?
}
256 => {
// Section 10.3 Step 2 of RFC 2315 https://www.rfc-editor.org/rfc/rfc2315
@ -1619,7 +1629,12 @@ pub async fn op_crypto_decrypt_key(
block_modes::Cbc<aes::Aes256, block_modes::block_padding::Pkcs7>;
let cipher = Aes256Cbc::new_from_slices(key, &iv)?;
cipher.decrypt_vec(data)?
cipher.decrypt_vec(data).map_err(|_| {
custom_error(
"DOMExceptionOperationError",
"Decryption failed".to_string(),
)
})?
}
_ => unreachable!(),
};

22
tools/wpt/expectation.json
View File

@ -3098,16 +3098,7 @@
"AES-CBC 256-bit key with mismatched key and algorithm",
"AES-CBC 128-bit key without decrypt usage",
"AES-CBC 192-bit key without decrypt usage",
"AES-CBC 256-bit key without decrypt usage",
"AES-CBC 128-bit key, zeroPadChar",
"AES-CBC 128-bit key, bigPadChar",
"AES-CBC 128-bit key, inconsistentPadChars",
"AES-CBC 192-bit key, zeroPadChar",
"AES-CBC 192-bit key, bigPadChar",
"AES-CBC 192-bit key, inconsistentPadChars",
"AES-CBC 256-bit key, zeroPadChar",
"AES-CBC 256-bit key, bigPadChar",
"AES-CBC 256-bit key, inconsistentPadChars"
"AES-CBC 256-bit key without decrypt usage"
],
"aes_cbc.https.any.worker.html": [
"AES-CBC 128-bit key without encrypt usage",
@ -3118,16 +3109,7 @@
"AES-CBC 256-bit key with mismatched key and algorithm",
"AES-CBC 128-bit key without decrypt usage",
"AES-CBC 192-bit key without decrypt usage",
"AES-CBC 256-bit key without decrypt usage",
"AES-CBC 128-bit key, zeroPadChar",
"AES-CBC 128-bit key, bigPadChar",
"AES-CBC 128-bit key, inconsistentPadChars",
"AES-CBC 192-bit key, zeroPadChar",
"AES-CBC 192-bit key, bigPadChar",
"AES-CBC 192-bit key, inconsistentPadChars",
"AES-CBC 256-bit key, zeroPadChar",
"AES-CBC 256-bit key, bigPadChar",
"AES-CBC 256-bit key, inconsistentPadChars"
"AES-CBC 256-bit key without decrypt usage"
],
"aes_ctr.https.any.html": [
"AES-CTR 128-bit key",