Bug 289171
| Summary: | REGRESSION (Safari 18.2): crypto.subtle.encrypt broken for 'AES-GCM' : OperationError | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | kim.dunagan.78789 |
| Component: | WebCore Misc. | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Critical | CC: | ap, nitinmahendru, pascoe, webkit-bug-importer, wilander |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Safari 18 | ||
| Hardware: | Mac (Apple Silicon) | ||
| OS: | macOS 15 | ||
kim.dunagan.78789
crypto.subtle.encrypt fails to encrypt safari 18.2 on macOS. Error message is "The operation failed for an operation-specific reason"
AES-GCM encryption fails for the following steps. Tested in the dev console in safari on safari preview Release 209 (Safari 18.2, WebKit 19621.1.6)
var key = await crypto.subtle.generateKey(
{ name: 'AES-GCM', length: 256 },
true,
['encrypt', 'decrypt']
);
var iv = new TextEncoder()
.encode('hi friends! Happy day to you')
.slice(0, 11);
var data = new TextEncoder().encode(
'Some random text'
);
var failure = await crypto.subtle
.encrypt(
{ name: 'AES-GCM', iv: iv },
key,
data
);
Error message in dev console:
OperationError: The operation failed for an operation-specific reason
{ code: 0,
message: "The operation failed for an operation-specific reason",
name: "OperationError",
stack: ""
}
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Proskuryakov
Thank you for the report! Just to clarify, when you say that this is happening in Safari 18.2, do you mean that it worked as expected earlier, or that this was the only version tested?
kim.dunagan.78789
Versions tested
* Successful encryption: Safari Version 17.4 (19618.1.15.11.12) (my mac's safari) (My mac is on Sonoma )
* Successful encryption: Safari Version 18.1 on Sequoia (Used remote desktop safari on BrowserStack) (Unfortunately, I can't get the exact version due to browser stack restrictions. The navigator.useragent is 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Safari/605.1.15"'
* Failed Encryption: Safari 18.2, WebKit 19621.1.6
Radar WebKit Bug Importer
<rdar://problem/146395205>
Nitin Mahendru
Thank you for the report!
The problem is the iv length and the minimum length requirement was changed in 18.2 safari. Considering 18.2 has been out for some time and this is the first report we are hearing, I would request if you can use 12 byte or higher IVs ?
If you change your iv generation code to the below, it will work.
`var iv = new TextEncoder()
.encode('hi friends! Happy day to you')
.slice(0, 12);
`
As per the recommendation here https://developer.mozilla.org/en-US/docs/Web/API/AesGcmParams, you should use 12 bytes(96 bits) or higher.
kim.dunagan.78789
Thank you, and sorry for bothering you two. You're the best Nitin! Thank you as well Alexey! Have a wonderful day
kim.dunagan.78789
oh, I guess I should say that I just tested using 12 bytes and it worked as expected on safari 18.2
Nitin Mahendru
great to hear that!
Nitin Mahendru
Will make a change so that we also allow < 12 byte IV.
EWS
Committed 291981@main (07989805db41): <https://commits.webkit.org/291981@main>
Reviewed commits have been landed. Closing PR #42234 and removing active labels.
EWS
Committed 289651.270@safari-7621-branch (e7903dee80f9): <https://commits.webkit.org/289651.270@safari-7621-branch>
Reviewed commits have been landed. Closing PR #2786 and removing active labels.