Mark CryptoKey and SubtleCrypto interfaces as SecureContext.

This matches the IDL from the spec, and resolves a bug whereby the Web Crypto API could be used from an insecure context. We were correctly blocking access to "self.crypto.subtle" from insecure contexts, however it was possible to access through its interface self.SubtleCrypto. Bug: 1038704 Change-Id: I425d602fda64c3f63ee87bcfed1711e508901c61 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2057098 Commit-Queue: Eric Roman <eroman@chromium.org> Reviewed-by: Philip Jägenstedt <foolip@chromium.org> Cr-Commit-Position: refs/heads/master@{#743242}

Mark CryptoKey and SubtleCrypto interfaces as SecureContext.
This matches the IDL from the spec, and resolves a bug whereby the Web Crypto API could be used from an insecure context. We were correctly blocking access to "self.crypto.subtle" from insecure contexts, however it was possible to access through its interface self.SubtleCrypto. Bug: 1038704 Change-Id: I425d602fda64c3f63ee87bcfed1711e508901c61 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2057098 Commit-Queue: Eric Roman <eroman@chromium.org> Reviewed-by: Philip Jägenstedt <foolip@chromium.org> Cr-Commit-Position: refs/heads/master@{#743242}
ddee1ddc · Eric Roman · Commit Bot · 9a1a151b · ddee1ddc · ddee1ddc
Commit ddee1ddc authored Feb 20, 2020 by Eric Roman Committed by Commit Bot Feb 20, 2020
5 changed files
--- a/third_party/blink/renderer/modules/crypto/crypto_key.idl
+++ b/third_party/blink/renderer/modules/crypto/crypto_key.idl
@@ -31,6 +31,7 @@
 // https://w3c.github.io/webcrypto/Overview.html#cryptokey-interface
 [
+    SecureContext,
    Exposed=(Window,Worker)
 ] interface CryptoKey {
    readonly attribute DOMString type;

--- a/third_party/blink/renderer/modules/crypto/subtle_crypto.idl
+++ b/third_party/blink/renderer/modules/crypto/subtle_crypto.idl
@@ -35,6 +35,7 @@ typedef DOMString KeyUsage;
 typedef (Dictionary or DOMString) AlgorithmIdentifier;
 [
+    SecureContext,
    Exposed=(Window,Worker)
 ] interface SubtleCrypto {
    [CallWith=ScriptState, MeasureAs=SubtleCryptoEncrypt] Promise<any> encrypt(AlgorithmIdentifier algorithm, CryptoKey key, BufferSource data);

--- a/third_party/blink/web_tests/external/wpt/WebCryptoAPI/historical.any-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/WebCryptoAPI/historical.any-expected.txt
-This is a testharness.js-based test.
-PASS Non-secure context window does not have access to crypto.subtle
-FAIL Non-secure context window does not have access to SubtleCrypto assert_equals: expected (undefined) undefined but got (function) function "function SubtleCrypto() { [native code] }"
-FAIL Non-secure context window does not have access to CryptoKey assert_equals: expected (undefined) undefined but got (function) function "function CryptoKey() { [native code] }"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/WebCryptoAPI/historical.any.sharedworker-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/WebCryptoAPI/historical.any.sharedworker-expected.txt
-This is a testharness.js-based test.
-PASS Non-secure context window does not have access to crypto.subtle
-FAIL Non-secure context window does not have access to SubtleCrypto assert_equals: expected (undefined) undefined but got (function) function "function SubtleCrypto() { [native code] }"
-FAIL Non-secure context window does not have access to CryptoKey assert_equals: expected (undefined) undefined but got (function) function "function CryptoKey() { [native code] }"
-Harness: the test ran to completion.
--- a/third_party/blink/web_tests/external/wpt/WebCryptoAPI/historical.any.worker-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/WebCryptoAPI/historical.any.worker-expected.txt
-This is a testharness.js-based test.
-PASS Non-secure context window does not have access to crypto.subtle
-FAIL Non-secure context window does not have access to SubtleCrypto assert_equals: expected (undefined) undefined but got (function) function "function SubtleCrypto() { [native code] }"
-FAIL Non-secure context window does not have access to CryptoKey assert_equals: expected (undefined) undefined but got (function) function "function CryptoKey() { [native code] }"
-Harness: the test ran to completion.