mirror of
https://github.com/denoland/deno.git
synced 2024-12-23 15:49:44 -05:00
fix(ext/crypto): don't panic on decryption failure (#12840)
This commit is contained in:
parent
3cc724c9ba
commit
71ceca0ffc
3 changed files with 43 additions and 23 deletions
|
@ -690,3 +690,26 @@ unitTest(async function testAesKeyGen() {
|
|||
assertEquals(algorithm.name, "AES-GCM");
|
||||
assertEquals(algorithm.length, 256);
|
||||
});
|
||||
|
||||
unitTest(async function testDecryptWithInvalidIntializationVector() {
|
||||
const data = new Uint8Array([42, 42, 42, 42]);
|
||||
const key = await crypto.subtle.generateKey(
|
||||
{ name: "AES-CBC", length: 256 },
|
||||
true,
|
||||
["encrypt", "decrypt"],
|
||||
);
|
||||
const initVector = crypto.getRandomValues(new Uint8Array(16));
|
||||
const encrypted = await crypto.subtle.encrypt(
|
||||
{ name: "AES-CBC", iv: initVector },
|
||||
key,
|
||||
data,
|
||||
);
|
||||
const initVector2 = crypto.getRandomValues(new Uint8Array(16));
|
||||
assertRejects(async () => {
|
||||
await crypto.subtle.decrypt(
|
||||
{ name: "AES-CBC", iv: initVector2 },
|
||||
key,
|
||||
encrypted,
|
||||
);
|
||||
}, DOMException);
|
||||
});
|
||||
|
|
|
@ -1603,7 +1603,12 @@ pub async fn op_crypto_decrypt_key(
|
|||
block_modes::Cbc<aes::Aes128, block_modes::block_padding::Pkcs7>;
|
||||
let cipher = Aes128Cbc::new_from_slices(key, &iv)?;
|
||||
|
||||
cipher.decrypt_vec(data)?
|
||||
cipher.decrypt_vec(data).map_err(|_| {
|
||||
custom_error(
|
||||
"DOMExceptionOperationError",
|
||||
"Decryption failed".to_string(),
|
||||
)
|
||||
})?
|
||||
}
|
||||
192 => {
|
||||
// Section 10.3 Step 2 of RFC 2315 https://www.rfc-editor.org/rfc/rfc2315
|
||||
|
@ -1611,7 +1616,12 @@ pub async fn op_crypto_decrypt_key(
|
|||
block_modes::Cbc<aes::Aes192, block_modes::block_padding::Pkcs7>;
|
||||
let cipher = Aes192Cbc::new_from_slices(key, &iv)?;
|
||||
|
||||
cipher.decrypt_vec(data)?
|
||||
cipher.decrypt_vec(data).map_err(|_| {
|
||||
custom_error(
|
||||
"DOMExceptionOperationError",
|
||||
"Decryption failed".to_string(),
|
||||
)
|
||||
})?
|
||||
}
|
||||
256 => {
|
||||
// Section 10.3 Step 2 of RFC 2315 https://www.rfc-editor.org/rfc/rfc2315
|
||||
|
@ -1619,7 +1629,12 @@ pub async fn op_crypto_decrypt_key(
|
|||
block_modes::Cbc<aes::Aes256, block_modes::block_padding::Pkcs7>;
|
||||
let cipher = Aes256Cbc::new_from_slices(key, &iv)?;
|
||||
|
||||
cipher.decrypt_vec(data)?
|
||||
cipher.decrypt_vec(data).map_err(|_| {
|
||||
custom_error(
|
||||
"DOMExceptionOperationError",
|
||||
"Decryption failed".to_string(),
|
||||
)
|
||||
})?
|
||||
}
|
||||
_ => unreachable!(),
|
||||
};
|
||||
|
|
|
@ -3098,16 +3098,7 @@
|
|||
"AES-CBC 256-bit key with mismatched key and algorithm",
|
||||
"AES-CBC 128-bit key without decrypt usage",
|
||||
"AES-CBC 192-bit key without decrypt usage",
|
||||
"AES-CBC 256-bit key without decrypt usage",
|
||||
"AES-CBC 128-bit key, zeroPadChar",
|
||||
"AES-CBC 128-bit key, bigPadChar",
|
||||
"AES-CBC 128-bit key, inconsistentPadChars",
|
||||
"AES-CBC 192-bit key, zeroPadChar",
|
||||
"AES-CBC 192-bit key, bigPadChar",
|
||||
"AES-CBC 192-bit key, inconsistentPadChars",
|
||||
"AES-CBC 256-bit key, zeroPadChar",
|
||||
"AES-CBC 256-bit key, bigPadChar",
|
||||
"AES-CBC 256-bit key, inconsistentPadChars"
|
||||
"AES-CBC 256-bit key without decrypt usage"
|
||||
],
|
||||
"aes_cbc.https.any.worker.html": [
|
||||
"AES-CBC 128-bit key without encrypt usage",
|
||||
|
@ -3118,16 +3109,7 @@
|
|||
"AES-CBC 256-bit key with mismatched key and algorithm",
|
||||
"AES-CBC 128-bit key without decrypt usage",
|
||||
"AES-CBC 192-bit key without decrypt usage",
|
||||
"AES-CBC 256-bit key without decrypt usage",
|
||||
"AES-CBC 128-bit key, zeroPadChar",
|
||||
"AES-CBC 128-bit key, bigPadChar",
|
||||
"AES-CBC 128-bit key, inconsistentPadChars",
|
||||
"AES-CBC 192-bit key, zeroPadChar",
|
||||
"AES-CBC 192-bit key, bigPadChar",
|
||||
"AES-CBC 192-bit key, inconsistentPadChars",
|
||||
"AES-CBC 256-bit key, zeroPadChar",
|
||||
"AES-CBC 256-bit key, bigPadChar",
|
||||
"AES-CBC 256-bit key, inconsistentPadChars"
|
||||
"AES-CBC 256-bit key without decrypt usage"
|
||||
],
|
||||
"aes_ctr.https.any.html": [
|
||||
"AES-CTR 128-bit key",
|
||||
|
|
Loading…
Reference in a new issue