Bug 228879 - Add console logging to encourage the use of authenticated encryption in WebCrypto
Summary: Add console logging to encourage the use of authenticated encryption in WebCr...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Kate Cheney
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-08-06 15:55 PDT by Kate Cheney
Modified: 2021-08-09 15:09 PDT (History)
5 users (show)

See Also:

Attachments
Patch (37.76 KB, patch)
2021-08-06 15:59 PDT, Kate Cheney 		no flags Details | Formatted Diff | Diff
Patch (38.42 KB, patch)
2021-08-06 16:31 PDT, Kate Cheney 		no flags Details | Formatted Diff | Diff
Patch (39.91 KB, patch)
2021-08-09 10:01 PDT, Kate Cheney 		no flags Details | Formatted Diff | Diff
Patch (40.33 KB, patch)
2021-08-09 10:55 PDT, Kate Cheney 		ews-feeder: commit-queue-
Details | Formatted Diff | Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kate Cheney 2021-08-06 15:55:47 PDT 
Add console logging to encourage the use of authenticated encryption in WebCrypto
Comment 1 Kate Cheney 2021-08-06 15:59:53 PDT 
Created attachment 435096 [details]
Patch
Comment 2 Kate Cheney 2021-08-06 16:00:16 PDT 
rdar://80655397
Comment 3 Brent Fulgham 2021-08-06 16:09:22 PDT 
Comment on attachment 435096 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=435096&action=review

r=me

> Source/WebCore/crypto/SubtleCrypto.cpp:538
> +        scriptExecutionContext()->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "AES-CBC and AES-CTR do not provide authentication by default, and implementing it manually can result in minor, but serious mistakes. We recommended using authenticated encryption like GCM to protect against chosen-ciphertext attacks.");

This might be better as a separate function:

void SubtleCrypto::addAuthenticatedEncryptionWarningIfNecessary()
{
    if (key.algorithmIdentifier() == CryptoAlgorithmIdentifier::AES_CBC || key.algorithmIdentifier() == CryptoAlgorithmIdentifier::AES_CTR)
        scriptExecutionContext()->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "AES-CBC and AES-CTR do not provide authentication by default, and implementing it manually can result in minor, but serious mistakes. We recommended using authenticated encryption like GCM to protect against chosen-ciphertext attacks.");
}

Then the two implementations would always be consistent in language and format, and if we want to warn about more things we could just add them in one place.

> Source/WebCore/crypto/SubtleCrypto.cpp:579
> +        scriptExecutionContext()->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "AES-CBC and AES-CTR do not provide authentication by default, and implementing it manually can result in minor, but serious mistakes. We recommended using authenticated encryption like GCM to protect against chosen-ciphertext attacks.");

... and this could just be replaced with:

addAuthenticatedEncryptionWarningIfNecessary();
Comment 4 Kate Cheney 2021-08-06 16:18:25 PDT 
(In reply to Brent Fulgham from comment #3)
> Comment on attachment 435096 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=435096&action=review
> 
> r=me
> 
> > Source/WebCore/crypto/SubtleCrypto.cpp:538
> > +        scriptExecutionContext()->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "AES-CBC and AES-CTR do not provide authentication by default, and implementing it manually can result in minor, but serious mistakes. We recommended using authenticated encryption like GCM to protect against chosen-ciphertext attacks.");
> 
> This might be better as a separate function:
> 
> void SubtleCrypto::addAuthenticatedEncryptionWarningIfNecessary()
> {
>     if (key.algorithmIdentifier() == CryptoAlgorithmIdentifier::AES_CBC ||
> key.algorithmIdentifier() == CryptoAlgorithmIdentifier::AES_CTR)
>         scriptExecutionContext()->addConsoleMessage(MessageSource::Security,
> MessageLevel::Warning, "AES-CBC and AES-CTR do not provide authentication by
> default, and implementing it manually can result in minor, but serious
> mistakes. We recommended using authenticated encryption like GCM to protect
> against chosen-ciphertext attacks.");
> }
> 
> Then the two implementations would always be consistent in language and
> format, and if we want to warn about more things we could just add them in
> one place.
> 
> > Source/WebCore/crypto/SubtleCrypto.cpp:579
> > +        scriptExecutionContext()->addConsoleMessage(MessageSource::Security, MessageLevel::Warning, "AES-CBC and AES-CTR do not provide authentication by default, and implementing it manually can result in minor, but serious mistakes. We recommended using authenticated encryption like GCM to protect against chosen-ciphertext attacks.");
> 
> ... and this could just be replaced with:
> 
> addAuthenticatedEncryptionWarningIfNecessary();

Good idea, will change.
Comment 5 Kate Cheney 2021-08-06 16:31:12 PDT 
Created attachment 435097 [details]
Patch
Comment 6 Kate Cheney 2021-08-06 16:31:27 PDT 
Will land after EWS is green.
Comment 7 Kate Cheney 2021-08-09 10:01:21 PDT 
Created attachment 435188 [details]
Patch
Comment 8 Kate Cheney 2021-08-09 10:03:53 PDT 
Updated test expectations for imported tests to avoid logging console output to stdout. Also some tests called encrypt/decrypt up to 1000 times to test for crashing. To avoid 1000 lines of console logging in test expectations I also marked these with the "DumpJSConsoleLogInStdErr" expectation. Awaiting green bots.
Comment 9 Kate Cheney 2021-08-09 10:55:55 PDT 
Created attachment 435195 [details]
Patch
Comment 10 EWS 2021-08-09 13:06:38 PDT 
Committed r280790 (240369@main): <https://commits.webkit.org/240369@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 435195 [details].