From 1e98fa96d741e0ff024aaa583a7d98f42690d287 Mon Sep 17 00:00:00 2001 From: devgianlu Date: Fri, 13 Dec 2024 21:22:16 +0100 Subject: [PATCH] LibWeb: Fix bogus `AesGcm` and `AesCtr` key import length validation The validation of the key size and specified algorithm was out of spec. It is now implemented correctly like in `AesCbc`. The issue was discovered while implementing `wrapKey` and `unwrapKey` in the next commits. --- Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp | 30 ++++++++++++-------- 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp b/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp index 63fb0271454..620efd8786a 100644 --- a/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp +++ b/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp @@ -1573,12 +1573,15 @@ WebIDL::ExceptionOr> AesCtr::import_key(AlgorithmParams const // throw a DataError. auto data_bits = data.size() * 8; auto const& alg = jwk.alg; - if (data_bits == 128 && alg != "A128CTR") { - return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 128 bits, but alg specifies non-128-bit algorithm"_string); - } else if (data_bits == 192 && alg != "A192CTR") { - return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 192 bits, but alg specifies non-192-bit algorithm"_string); - } else if (data_bits == 256 && alg != "A256CTR") { - return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 256 bits, but alg specifies non-256-bit algorithm"_string); + if (data_bits == 128) { + if (alg.has_value() && alg != "A128CTR") + return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 128 bits, but alg specifies non-128-bit algorithm"_string); + } else if (data_bits == 192) { + if (alg.has_value() && alg != "A192CTR") + return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 192 bits, but alg specifies non-192-bit algorithm"_string); + } else if (data_bits == 256) { + if (alg.has_value() && alg != "A256CTR") + return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 256 bits, but alg specifies non-256-bit algorithm"_string); } else { return WebIDL::DataError::create(m_realm, MUST(String::formatted("Invalid key size: {} bits", data_bits))); } @@ -1890,12 +1893,15 @@ WebIDL::ExceptionOr> AesGcm::import_key(AlgorithmParams const // throw a DataError. auto data_bits = data.size() * 8; auto const& alg = jwk.alg; - if (data_bits == 128 && alg != "A128GCM") { - return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 128 bits, but alg specifies non-128-bit algorithm"_string); - } else if (data_bits == 192 && alg != "A192GCM") { - return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 192 bits, but alg specifies non-192-bit algorithm"_string); - } else if (data_bits == 256 && alg != "A256GCM") { - return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 256 bits, but alg specifies non-256-bit algorithm"_string); + if (data_bits == 128) { + if (alg.has_value() && alg != "A128GCM") + return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 128 bits, but alg specifies non-128-bit algorithm"_string); + } else if (data_bits == 192) { + if (alg.has_value() && alg != "A192GCM") + return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 192 bits, but alg specifies non-192-bit algorithm"_string); + } else if (data_bits == 256) { + if (alg.has_value() && alg != "A256GCM") + return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 256 bits, but alg specifies non-256-bit algorithm"_string); } else { return WebIDL::DataError::create(m_realm, MUST(String::formatted("Invalid key size: {} bits", data_bits))); }