OSSForks/ladybird
1
0
Fork 0
mirror of https://github.com/zebrajr/ladybird.git synced 2025-12-06 00:19:53 +01:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

LibWeb: Fix bogus AesGcm and AesCtr key import length validation

Browse Source 
The validation of the key size and specified algorithm was out of spec.
It is now implemented correctly like in `AesCbc`.

The issue was discovered while implementing `wrapKey` and `unwrapKey` in
the next commits.
This commit is contained in:
devgianlu 2024-12-13 21:22:16 +01:00 committed by Andreas Kling
parent 2174e5dfcc
commit 1e98fa96d7
1 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp
View File

@ -1573,12 +1573,15 @@ WebIDL::ExceptionOr<GC::Ref<CryptoKey>> AesCtr::import_key(AlgorithmParams const
// throw a DataError.
auto data_bits = data.size() * 8;
auto const& alg = jwk.alg;
if (data_bits == 128 && alg != "A128CTR") {
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 128 bits, but alg specifies non-128-bit algorithm"_string);
} else if (data_bits == 192 && alg != "A192CTR") {
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 192 bits, but alg specifies non-192-bit algorithm"_string);
} else if (data_bits == 256 && alg != "A256CTR") {
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 256 bits, but alg specifies non-256-bit algorithm"_string);
if (data_bits == 128) {
if (alg.has_value() && alg != "A128CTR")
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 128 bits, but alg specifies non-128-bit algorithm"_string);
} else if (data_bits == 192) {
if (alg.has_value() && alg != "A192CTR")
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 192 bits, but alg specifies non-192-bit algorithm"_string);
} else if (data_bits == 256) {
if (alg.has_value() && alg != "A256CTR")
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 256 bits, but alg specifies non-256-bit algorithm"_string);
} else {
return WebIDL::DataError::create(m_realm, MUST(String::formatted("Invalid key size: {} bits", data_bits)));
}
@ -1890,12 +1893,15 @@ WebIDL::ExceptionOr<GC::Ref<CryptoKey>> AesGcm::import_key(AlgorithmParams const
// throw a DataError.
auto data_bits = data.size() * 8;
auto const& alg = jwk.alg;
if (data_bits == 128 && alg != "A128GCM") {
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 128 bits, but alg specifies non-128-bit algorithm"_string);
} else if (data_bits == 192 && alg != "A192GCM") {
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 192 bits, but alg specifies non-192-bit algorithm"_string);
} else if (data_bits == 256 && alg != "A256GCM") {
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 256 bits, but alg specifies non-256-bit algorithm"_string);
if (data_bits == 128) {
if (alg.has_value() && alg != "A128GCM")
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 128 bits, but alg specifies non-128-bit algorithm"_string);
} else if (data_bits == 192) {
if (alg.has_value() && alg != "A192GCM")
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 192 bits, but alg specifies non-192-bit algorithm"_string);
} else if (data_bits == 256) {
if (alg.has_value() && alg != "A256GCM")
return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 256 bits, but alg specifies non-256-bit algorithm"_string);
} else {
return WebIDL::DataError::create(m_realm, MUST(String::formatted("Invalid key size: {} bits", data_bits)));
}