Bug 210910

Summary:

crypto.subtle.decrypt generates garbage instead of an error on invalid key

Product:

WebKit

Reporter:

Henning Stummer <henning>

Component:

WebKit Misc.

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED INVALID

Severity:

Normal

CC:

henning, jiewen_tan, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

Safari 13

Hardware:

iPhone / iPad

OS:

iOS 13

Attachments:

Description	Flags
Test file to reproduce decryption error	none

Description Henning Stummer 2020-04-23 05:55:34 PDT

Created attachment 397334 [details]
Test file to reproduce decryption error

When you try to decrypt a file/string with an invalid key, the method returns an error - but mobile Safari just generates a garbage file/string.

You can reproduce it with the attached file:
- Load the attached HTML in a browser (or use this fiddle: https://jsfiddle.net/1pxwjo5d/ )
- Enter any text to be encrypted/decrypted
- Enter any passphrase
- Click on "Encrypt" encrypts the text
- Click on "Decrypt" decrypts the text (or displays an error if the passphrase is changed)

When you use an invalid passphrase for decryption, you'll see an error below the buttons. But on mobile Safari, there's no error, but instead you will get some garbage text. Programatically you can't see any difference if the decryption was successful or not.

Reproduced on: Safari 13.1, iOS 13.4, WebKit 605.1.15

Comment 1 Radar WebKit Bug Importer 2020-04-25 17:43:01 PDT

<rdar://problem/62378262>

Comment 2 Jiewen Tan 2020-04-27 11:44:33 PDT

That's by design to produce garbage. Otherwise, attackers can blindly attack the algorithm.