For crypto.subtle.* operations, check key.algorithm.name BEFORE checking key.usages |
||
Issue descriptionFor instance step 8 and 9 of decrypt() state: https://w3c.github.io/webcrypto/Overview.html#dfn-SubtleCrypto-method-decrypt 8. If the name member of normalizedAlgorithm is not equal to the name attribute of the [[algorithm]] internal slot of key then throw an InvalidAccessError. 9. If the [[usages]] internal slot of key does not contain an entry that is "decrypt", then throw an InvalidAccessError. Chrome does the checks in the opposite order. .... technically the result is still spec-compliant since in both cases an InvalidAccessError is returned, however the error message will contradict the presumed ordering.
,
Jul 19 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3619ed60b052c505736abc9cf601c08199189883 commit 3619ed60b052c505736abc9cf601c08199189883 Author: eroman <eroman@chromium.org> Date: Tue Jul 19 19:24:21 2016 Change the error message in WebCrypto when using a key that has BOTH the wrong algorithm name AND usages. BUG= 628423 Review-Url: https://codereview.chromium.org/2165713002 Cr-Commit-Position: refs/heads/master@{#406347} [modify] https://crrev.com/3619ed60b052c505736abc9cf601c08199189883/third_party/WebKit/LayoutTests/crypto/subtle/aes-cbc/wrong-key-class-expected.txt [modify] https://crrev.com/3619ed60b052c505736abc9cf601c08199189883/third_party/WebKit/LayoutTests/crypto/subtle/aes-cbc/wrong-key-class.html [modify] https://crrev.com/3619ed60b052c505736abc9cf601c08199189883/third_party/WebKit/LayoutTests/crypto/subtle/rsa-oaep/key-manipulation-expected.txt [modify] https://crrev.com/3619ed60b052c505736abc9cf601c08199189883/third_party/WebKit/LayoutTests/crypto/subtle/rsa-oaep/key-manipulation.html [modify] https://crrev.com/3619ed60b052c505736abc9cf601c08199189883/third_party/WebKit/Source/modules/crypto/CryptoKey.cpp
,
Jul 19 2016
|
||
►
Sign in to add a comment |
||
Comment 1 by eroman@chromium.org
, Jul 19 2016Status: Assigned (was: Available)