Bug 210910

Summary:

crypto.subtle.decrypt generates garbage instead of an error on invalid key

Product:

WebKit

Reporter:

Henning Stummer <henning>

Component:

WebKit Misc.

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED INVALID

Severity:

Normal

CC:

henning, jiewen_tan, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

Safari 13

Hardware:

iPhone / iPad

OS:

iOS 13

Attachments:

Description	Flags
Test file to reproduce decryption error	none

Henning Stummer

Reported 2020-04-23 05:55:34 PDT

Created attachment 397334 [details] Test file to reproduce decryption error When you try to decrypt a file/string with an invalid key, the method returns an error - but mobile Safari just generates a garbage file/string. You can reproduce it with the attached file: - Load the attached HTML in a browser (or use this fiddle: https://jsfiddle.net/1pxwjo5d/ ) - Enter any text to be encrypted/decrypted - Enter any passphrase - Click on "Encrypt" encrypts the text - Click on "Decrypt" decrypts the text (or displays an error if the passphrase is changed) When you use an invalid passphrase for decryption, you'll see an error below the buttons. But on mobile Safari, there's no error, but instead you will get some garbage text. Programatically you can't see any difference if the decryption was successful or not. Reproduced on: Safari 13.1, iOS 13.4, WebKit 605.1.15

Attachments
Test file to reproduce decryption error (2.79 KB, text/html) 2020-04-23 05:55 PDT, Henning Stummer	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2020-04-25 17:43:01 PDT

<rdar://problem/62378262>

Jiewen Tan

Comment 2 2020-04-27 11:44:33 PDT

That's by design to produce garbage. Otherwise, attackers can blindly attack the algorithm.

Note You need to log in before you can comment on or make changes to this bug.