Bug 228879

Summary: Add console logging to encourage the use of authenticated encryption in WebCrypto
Product: WebKit Reporter: Kate Cheney <katherine_cheney>
Component: New BugsAssignee: Kate Cheney <katherine_cheney>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, ews-watchlist, hi, jiewen_tan, mkwst
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch ews-feeder: commit-queue-

Kate Cheney
Reported 2021-08-06 15:55:47 PDT
Add console logging to encourage the use of authenticated encryption in WebCrypto
Attachments
Patch (37.76 KB, patch)
2021-08-06 15:59 PDT, Kate Cheney 		no flags
DetailsFormatted DiffDiff
Patch (38.42 KB, patch)
2021-08-06 16:31 PDT, Kate Cheney 		no flags
DetailsFormatted DiffDiff
Patch (39.91 KB, patch)
2021-08-09 10:01 PDT, Kate Cheney 		no flags
DetailsFormatted DiffDiff
Patch (40.33 KB, patch)
2021-08-09 10:55 PDT, Kate Cheney 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Kate Cheney
Comment 1 2021-08-06 15:59:53 PDT
Created attachment 435096 [details] Patch
Kate Cheney
Comment 2 2021-08-06 16:00:16 PDT
rdar://80655397
Brent Fulgham
Comment 3 2021-08-06 16:09:22 PDT
Comment on attachment 435096 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=435096&action=review r=me > Source/WebCore/crypto/SubtleCrypto.cpp:538 > + scriptExecutionContext()->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "AES-CBC and AES-CTR do not provide authentication by default, and implementing it manually can result in minor, but serious mistakes. We recommended using authenticated encryption like GCM to protect against chosen-ciphertext attacks."); This might be better as a separate function: void SubtleCrypto::addAuthenticatedEncryptionWarningIfNecessary() { if (key.algorithmIdentifier() == CryptoAlgorithmIdentifier::AES_CBC || key.algorithmIdentifier() == CryptoAlgorithmIdentifier::AES_CTR) scriptExecutionContext()->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "AES-CBC and AES-CTR do not provide authentication by default, and implementing it manually can result in minor, but serious mistakes. We recommended using authenticated encryption like GCM to protect against chosen-ciphertext attacks."); } Then the two implementations would always be consistent in language and format, and if we want to warn about more things we could just add them in one place. > Source/WebCore/crypto/SubtleCrypto.cpp:579 > + scriptExecutionContext()->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "AES-CBC and AES-CTR do not provide authentication by default, and implementing it manually can result in minor, but serious mistakes. We recommended using authenticated encryption like GCM to protect against chosen-ciphertext attacks."); ... and this could just be replaced with: addAuthenticatedEncryptionWarningIfNecessary();
Kate Cheney
Comment 4 2021-08-06 16:18:25 PDT
(In reply to Brent Fulgham from comment #3) > Comment on attachment 435096 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=435096&action=review > > r=me > > > Source/WebCore/crypto/SubtleCrypto.cpp:538 > > + scriptExecutionContext()->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "AES-CBC and AES-CTR do not provide authentication by default, and implementing it manually can result in minor, but serious mistakes. We recommended using authenticated encryption like GCM to protect against chosen-ciphertext attacks."); > > This might be better as a separate function: > > void SubtleCrypto::addAuthenticatedEncryptionWarningIfNecessary() > { > if (key.algorithmIdentifier() == CryptoAlgorithmIdentifier::AES_CBC || > key.algorithmIdentifier() == CryptoAlgorithmIdentifier::AES_CTR) > scriptExecutionContext()->addConsoleMessage(MessageSource::Security, > MessageLevel::Warning, "AES-CBC and AES-CTR do not provide authentication by > default, and implementing it manually can result in minor, but serious > mistakes. We recommended using authenticated encryption like GCM to protect > against chosen-ciphertext attacks."); > } > > Then the two implementations would always be consistent in language and > format, and if we want to warn about more things we could just add them in > one place. > > > Source/WebCore/crypto/SubtleCrypto.cpp:579 > > + scriptExecutionContext()->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "AES-CBC and AES-CTR do not provide authentication by default, and implementing it manually can result in minor, but serious mistakes. We recommended using authenticated encryption like GCM to protect against chosen-ciphertext attacks."); > > ... and this could just be replaced with: > > addAuthenticatedEncryptionWarningIfNecessary(); Good idea, will change.
Kate Cheney
Comment 5 2021-08-06 16:31:12 PDT
Created attachment 435097 [details] Patch
Kate Cheney
Comment 6 2021-08-06 16:31:27 PDT
Will land after EWS is green.
Kate Cheney
Comment 7 2021-08-09 10:01:21 PDT
Created attachment 435188 [details] Patch
Kate Cheney
Comment 8 2021-08-09 10:03:53 PDT
Updated test expectations for imported tests to avoid logging console output to stdout. Also some tests called encrypt/decrypt up to 1000 times to test for crashing. To avoid 1000 lines of console logging in test expectations I also marked these with the "DumpJSConsoleLogInStdErr" expectation. Awaiting green bots.
Kate Cheney
Comment 9 2021-08-09 10:55:55 PDT
Created attachment 435195 [details] Patch
EWS
Comment 10 2021-08-09 13:06:38 PDT
Committed r280790 (240369@main): <https://commits.webkit.org/240369@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 435195 [details].
Note You need to log in before you can comment on or make changes to this bug.