Bug 210910 - crypto.subtle.decrypt generates garbage instead of an error on invalid key
Summary: crypto.subtle.decrypt generates garbage instead of an error on invalid key
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: Safari 13
Hardware: iPhone / iPad iOS 13
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-04-23 05:55 PDT by Henning Stummer
Modified: 2020-04-27 11:44 PDT (History)
3 users (show)

See Also:

Attachments
Test file to reproduce decryption error (2.79 KB, text/html)
2020-04-23 05:55 PDT, Henning Stummer 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Henning Stummer 2020-04-23 05:55:34 PDT 
Created attachment 397334 [details]
Test file to reproduce decryption error

When you try to decrypt a file/string with an invalid key, the method returns an error - but mobile Safari just generates a garbage file/string.

You can reproduce it with the attached file:
- Load the attached HTML in a browser (or use this fiddle: https://jsfiddle.net/1pxwjo5d/ )
- Enter any text to be encrypted/decrypted
- Enter any passphrase
- Click on "Encrypt" encrypts the text
- Click on "Decrypt" decrypts the text (or displays an error if the passphrase is changed)

When you use an invalid passphrase for decryption, you'll see an error below the buttons. But on mobile Safari, there's no error, but instead you will get some garbage text. Programatically you can't see any difference if the decryption was successful or not.

Reproduced on: Safari 13.1, iOS 13.4, WebKit 605.1.15
Comment 1 Radar WebKit Bug Importer 2020-04-25 17:43:01 PDT 
<rdar://problem/62378262>
Comment 2 Jiewen Tan 2020-04-27 11:44:33 PDT 
That's by design to produce garbage. Otherwise, attackers can blindly attack the algorithm.