Skip to content

Commit

Permalink
WebCrypto: Unspoof correctness of AES-GSM encryption/decryption
Browse files Browse the repository at this point in the history
  • Loading branch information
BenWiederhake authored and gmta committed Dec 12, 2024
1 parent ccd5b5a commit 872a6a1
Showing 1 changed file with 7 additions and 6 deletions.
13 changes: 7 additions & 6 deletions Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -2056,12 +2056,13 @@ WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> AesGcm::encrypt(AlgorithmParams co
[[maybe_unused]] Bytes tag_span = tag.bytes();

// FIXME: cipher.encrypt(plaintext, ciphertext_span, normalized_algorithm.iv, additional_data, tag_span);
return WebIDL::NotSupportedError::create(m_realm, "AES GCM encryption not yet implemented"_string);

// 7. Let ciphertext be equal to C | T, where '|' denotes concatenation.
TRY_OR_THROW_OOM(m_realm->vm(), ciphertext.try_append(tag));
// TRY_OR_THROW_OOM(m_realm->vm(), ciphertext.try_append(tag));

// 8. Return the result of creating an ArrayBuffer containing ciphertext.
return JS::ArrayBuffer::create(m_realm, ciphertext);
// return JS::ArrayBuffer::create(m_realm, ciphertext);
}

WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> AesGcm::decrypt(AlgorithmParams const& params, GC::Ref<CryptoKey> key, ByteBuffer const& ciphertext)
Expand Down Expand Up @@ -2118,16 +2119,16 @@ WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> AesGcm::decrypt(AlgorithmParams co
[[maybe_unused]] Bytes tag_span = tag.bytes();

// FIXME: auto result = cipher.decrypt(ciphertext, plaintext_span, normalized_algorithm.iv, additional_data, tag_span);
auto result = ::Crypto::VerificationConsistency::Inconsistent;
return WebIDL::NotSupportedError::create(m_realm, "AES GCM decryption not yet implemented"_string);

// If the result of the algorithm is the indication of inauthenticity, "FAIL": throw an OperationError
if (result == ::Crypto::VerificationConsistency::Inconsistent)
return WebIDL::OperationError::create(m_realm, "Decryption failed"_string);
// if (result == ::Crypto::VerificationConsistency::Inconsistent)
// return WebIDL::OperationError::create(m_realm, "Decryption failed"_string);

// Otherwise: Let plaintext be the output P of the Authenticated Decryption Function.

// 9. Return the result of creating an ArrayBuffer containing plaintext.
return JS::ArrayBuffer::create(m_realm, plaintext);
// return JS::ArrayBuffer::create(m_realm, plaintext);
}

WebIDL::ExceptionOr<Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>>> AesGcm::generate_key(AlgorithmParams const& params, bool extractable, Vector<Bindings::KeyUsage> const& key_usages)
Expand Down

0 comments on commit 872a6a1

Please sign in to comment.