Closed
Bug 1270599
Opened 8 years ago
Closed 4 years ago
crypto.subtle.generateKey throws wrong exception for bad algorithm argument
Categories
(Core :: DOM: Security, defect, P3)
Tracking
()
RESOLVED
FIXED
mozilla80
Tracking | Status | |
---|---|---|
firefox80 | --- | fixed |
People
(Reporter: bugzilla, Assigned: rmf)
Details
(Whiteboard: [domsecurity-backlog2])
Attachments
(2 files, 2 obsolete files)
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36
Steps to reproduce:
Open the developer console and enter the following code:
window.crypto.subtle.generateKey({name: "AES", length: 128}, true, ["encrypt", "decrypt"]).then(function(key) {console.log("It should not have worked.");}).catch(function(err) {console.log("Error is " + err.name);})
Actual results:
"Error is SyntaxError" is displayed.
Expected results:
"Error is NotSupportedError" should have been displayed.
The Web Cryptography API specification section "14.3.6 generateKey" has "normalize an algorithm" as step 2. Section "18.4.4. Normalizing an algorithm" starts by finding the algorithm name in the list of registered algorithm names ("AES" is not in that list). If it is not found, the specification says "Return a new NotSupportedError and terminate this algorithm.".
Comment 1•8 years ago
|
||
Looks to me like GetAlgorithmName() in WebCryptoTask.cpp should be returning NS_ERROR_DOM_NOT_SUPPORTED_ERR if NormalizeToken() returns false. The other callers of NormalizeToken seem to do that. Tim, can you take a look?
Flags: needinfo?(ttaubert)
Updated•8 years ago
|
Status: UNCONFIRMED → NEW
Component: Untriaged → DOM: Security
Ever confirmed: true
Product: Firefox → Core
Updated•8 years ago
|
Component: DOM: Security → Security
Comment 2•8 years ago
|
||
(In reply to Boris Zbarsky [:bz] from comment #1)
> Looks to me like GetAlgorithmName() in WebCryptoTask.cpp should be returning
> NS_ERROR_DOM_NOT_SUPPORTED_ERR if NormalizeToken() returns false. The other
> callers of NormalizeToken seem to do that. Tim, can you take a look?
Yes, we should do that.
Assignee: nobody → ttaubert
Status: NEW → ASSIGNED
Flags: needinfo?(ttaubert)
Comment 3•8 years ago
|
||
Attachment #8754404 -
Flags: review?(dkeeler)
Comment 4•8 years ago
|
||
Comment on attachment 8754404 [details] [diff] [review]
0001-Bug-1270599-Return-a-NotSupportedError-when-encounte.patch
Review of attachment 8754404 [details] [diff] [review]:
-----------------------------------------------------------------
This looks good, but there are a few places in WebCryptoTask.cpp where a failing return value from GetAlgorithmName is converted to NS_ERROR_DOM_SYNTAX_ERR or NS_ERROR_DOM_DATA_ERR. Are these correct?
Attachment #8754404 -
Flags: review?(dkeeler) → review+
Comment 5•8 years ago
|
||
(In reply to David Keeler [:keeler] (use needinfo?) from comment #4)
> This looks good, but there are a few places in WebCryptoTask.cpp where a
> failing return value from GetAlgorithmName is converted to
> NS_ERROR_DOM_SYNTAX_ERR or NS_ERROR_DOM_DATA_ERR. Are these correct?
Good point, this should cover everything now.
Attachment #8754404 -
Attachment is obsolete: true
Attachment #8754828 -
Flags: review?(dkeeler)
Comment 6•8 years ago
|
||
Comment on attachment 8754828 [details] [diff] [review]
0001-Bug-1270599-Return-a-NotSupportedError-when-encounte.patch, v2
Review of attachment 8754828 [details] [diff] [review]:
-----------------------------------------------------------------
Cool - this makes more sense. Just a couple of questions and some suggestions for a few more testcases.
::: dom/crypto/WebCryptoTask.cpp
@@ +1117,5 @@
> }
>
> mEarlyRv = GetAlgorithmName(aCx, params.mHash, hashAlgName);
> if (NS_FAILED(mEarlyRv)) {
> + mEarlyRv = NS_ERROR_DOM_NOT_SUPPORTED_ERR;
Do we even want to change mEarlyRv here? What if it's a failure unrelated to whether or not it's a known algorithm?
@@ +1256,5 @@
> nsString algName;
> mEarlyRv = GetAlgorithmName(aCx, aAlgorithm, algName);
> if (NS_FAILED(mEarlyRv)) {
> + MOZ_ASSERT(false); // This shouldn't happen.
> + mEarlyRv = NS_ERROR_DOM_NOT_SUPPORTED_ERR;
Same question for all of these, really. (Although for the ones where we assert false, are we sure GetAlgorithmName can't fail for reasons like OOM?)
::: dom/crypto/test/test_WebCrypto_Errors.html
@@ +23,5 @@
> +"use strict";
> +
> +// -----------------------------------------------------------------------------
> +TestArray.addTest(
> + "generateKey() should return NotSupportedError for unknown algorithms",
We should probably test deriveKey as well, right?
@@ +144,5 @@
> +);
> +
> +// -----------------------------------------------------------------------------
> +TestArray.addTest(
> + "ECDSA sign should return NotSupportedError for unknown hash algorithms",
Should we also have a case where crypto.subtle.sign is given some alg = { name: "SomeAlgorithm" }? (Same with verify)
Attachment #8754828 -
Flags: review?(dkeeler) → review+
Updated•8 years ago
|
Component: Security → DOM: Security
Updated•8 years ago
|
Priority: -- → P3
Whiteboard: [domsecurity-backlog2]
Updated•6 years ago
|
Assignee: ttaubert → nobody
Status: ASSIGNED → NEW
Assignee | ||
Comment 7•4 years ago
|
||
Depends on D79510
Updated•4 years ago
|
Assignee: nobody → bugs
Status: NEW → ASSIGNED
Assignee | ||
Comment 8•4 years ago
|
||
Depends on D79455
Updated•4 years ago
|
Attachment #9156336 -
Attachment is obsolete: true
Pushed by rmaries@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2ae604119d7b
add test to ensure generateKey returns the correct error given an invalid algorithm argument r=keeler
Comment 10•4 years ago
|
||
Backed out for perma failures.
Comment 11•4 years ago
|
||
Pushed by btara@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c97c21a56392
add test to ensure generateKey returns the correct error given an invalid algorithm argument r=keeler
Comment 12•4 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox80:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla80
You need to log in
before you can comment on or make changes to this bug.
Description
•