Have all overloads of...

Have all overloads of webcrypto::AlgorithmImplementation::DeserializeKeyForClone check the params type. Presently neither this nor the calling code checks that the algorithm ID and key params type correspond correctly. This code already knows what the expected value is, so it seems a reasonable place to check. BUG=669649 Review-Url: https://codereview.chromium.org/2544533002 Cr-Commit-Position: refs/heads/master@{#435528}

Have all overloads of...
Have all overloads of webcrypto::AlgorithmImplementation::DeserializeKeyForClone check the params type. Presently neither this nor the calling code checks that the algorithm ID and key params type correspond correctly. This code already knows what the expected value is, so it seems a reasonable place to check. BUG=669649 Review-Url: https://codereview.chromium.org/2544533002 Cr-Commit-Position: refs/heads/master@{#435528}
2e33aac2 · jbroman · Commit bot · ba3f0989 · 2e33aac2 · 2e33aac2
Commit 2e33aac2 authored Nov 30, 2016 by jbroman Committed by Commit bot Dec 01, 2016
7 changed files
--- a/components/webcrypto/algorithms/aes.cc
+++ b/components/webcrypto/algorithms/aes.cc
@@ -199,6 +199,10 @@ Status AesAlgorithm::DeserializeKeyForClone(
    blink::WebCryptoKeyUsageMask usages,
    const CryptoData& key_data,
    blink::WebCryptoKey* key) const {
+  if (algorithm.paramsType() != blink::WebCryptoKeyAlgorithmParamsTypeAes ||
+      type != blink::WebCryptoKeyTypeSecret)
+    return Status::ErrorUnexpected();
  return ImportKeyRaw(key_data, SynthesizeImportAlgorithmForClone(algorithm),
                      extractable, usages, key);
 }

--- a/components/webcrypto/algorithms/ec.cc
+++ b/components/webcrypto/algorithms/ec.cc
@@ -656,6 +656,9 @@ Status EcAlgorithm::DeserializeKeyForClone(
    blink::WebCryptoKeyUsageMask usages,
    const CryptoData& key_data,
    blink::WebCryptoKey* key) const {
+  if (algorithm.paramsType() != blink::WebCryptoKeyAlgorithmParamsTypeEc)
+    return Status::ErrorUnexpected();
  blink::WebCryptoAlgorithm import_algorithm =
      SynthesizeImportAlgorithmForClone(algorithm);

--- a/components/webcrypto/algorithms/hkdf.cc
+++ b/components/webcrypto/algorithms/hkdf.cc
@@ -105,6 +105,10 @@ class HkdfImplementation : public AlgorithmImplementation {
                                blink::WebCryptoKeyUsageMask usages,
                                const CryptoData& key_data,
                                blink::WebCryptoKey* key) const override {
+    if (algorithm.paramsType() != blink::WebCryptoKeyAlgorithmParamsTypeNone ||
+        type != blink::WebCryptoKeyTypeSecret)
+      return Status::ErrorUnexpected();
    // NOTE: Unlike ImportKeyRaw(), this does not enforce extractable==false.
    // This is intentional. Although keys cannot currently be created with
    // extractable==true, earlier implementations permitted this, so

--- a/components/webcrypto/algorithms/hmac.cc
+++ b/components/webcrypto/algorithms/hmac.cc
@@ -291,6 +291,10 @@ class HmacImplementation : public AlgorithmImplementation {
                                blink::WebCryptoKeyUsageMask usages,
                                const CryptoData& key_data,
                                blink::WebCryptoKey* key) const override {
+    if (algorithm.paramsType() != blink::WebCryptoKeyAlgorithmParamsTypeHmac ||
+        type != blink::WebCryptoKeyTypeSecret)
+      return Status::ErrorUnexpected();
    return CreateWebCryptoSecretKey(key_data, algorithm, extractable, usages,
                                    key);
  }

--- a/components/webcrypto/algorithms/pbkdf2.cc
+++ b/components/webcrypto/algorithms/pbkdf2.cc
@@ -110,6 +110,10 @@ class Pbkdf2Implementation : public AlgorithmImplementation {
                                blink::WebCryptoKeyUsageMask usages,
                                const CryptoData& key_data,
                                blink::WebCryptoKey* key) const override {
+    if (algorithm.paramsType() != blink::WebCryptoKeyAlgorithmParamsTypeNone ||
+        type != blink::WebCryptoKeyTypeSecret)
+      return Status::ErrorUnexpected();
    // NOTE: Unlike ImportKeyRaw(), this does not enforce extractable==false.
    // This is intentional. Although keys cannot currently be created with
    // extractable==true, earlier implementations permitted this, so

--- a/components/webcrypto/algorithms/rsa.cc
+++ b/components/webcrypto/algorithms/rsa.cc
@@ -532,6 +532,9 @@ Status RsaHashedAlgorithm::DeserializeKeyForClone(
    blink::WebCryptoKeyUsageMask usages,
    const CryptoData& key_data,
    blink::WebCryptoKey* key) const {
+  if (algorithm.paramsType() != blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed)
+    return Status::ErrorUnexpected();
  blink::WebCryptoAlgorithm import_algorithm =
      SynthesizeImportAlgorithmForClone(algorithm);

--- a/third_party/WebKit/Source/bindings/modules/v8/serialization/V8ScriptValueSerializerForModulesTest.cpp
+++ b/third_party/WebKit/Source/bindings/modules/v8/serialization/V8ScriptValueSerializerForModulesTest.cpp
@@ -795,6 +795,16 @@ TEST(V8ScriptValueSerializerForModulesTest, DecodeCryptoKeyInvalid) {
                  .deserialize()
                  ->IsNull());
+  // Algorithm ID / params type mismatch (AES params, RSA-OEAP ID).
+  EXPECT_TRUE(
+      V8ScriptValueDeserializerForModules(
+          scriptState,
+          serializedValue({0xff, 0x09, 0x3f, 0x00, 0x4b, 0x01, 0x0a, 0x10, 0x04,
+                           0x10, 0x7e, 0x25, 0xb2, 0xe8, 0x62, 0x3e, 0xd7, 0x83,
+                           0x70, 0xa2, 0xae, 0x98, 0x79, 0x1b, 0xc5, 0xf7}))
+          .deserialize()
+          ->IsNull());
  // Invalid asymmetric key type.
  EXPECT_TRUE(
      V8ScriptValueDeserializerForModules(