Merge 254308@main - Adding patch for correcting AES-CBC

https://bugs.webkit.org/show_bug.cgi?id=227804

Reviewed by Youenn Fablet

Validate and remove padding as per https://www.w3.org/TR/WebCryptoAPI/#aes-cbc-operations (Decrypt section) in CryptoAlgorithmAES_CBC::platformDecrypt

modified:   LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/encrypt_decrypt/aes_cbc.https.any-expected.txt
modified:   LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/encrypt_decrypt/aes_cbc.https.any.worker-expected.txt
modified:   Source/WebCore/crypto/mac/CryptoAlgorithmAES_CBCMac.cpp

Canonical link: https://commits.webkit.org/254308@main

(cherry picked from commit 0062d43)

LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/encrypt_decrypt/aes_cbc.https.any-expected.txt

@@ -33,13 +33,13 @@ PASS AES-CBC 192-bit key, 64-bit IV decryption
 PASS AES-CBC 192-bit key, 192-bit IV decryption
 PASS AES-CBC 256-bit key, 64-bit IV decryption
 PASS AES-CBC 256-bit key, 192-bit IV decryption
-FAIL AES-CBC 128-bit key, zeroPadChar assert_unreached: should have thrown exception for test AES-CBC 128-bit key, zeroPadChar Reached unreachable code
-FAIL AES-CBC 128-bit key, bigPadChar assert_unreached: should have thrown exception for test AES-CBC 128-bit key, bigPadChar Reached unreachable code
-FAIL AES-CBC 128-bit key, inconsistentPadChars assert_unreached: should have thrown exception for test AES-CBC 128-bit key, inconsistentPadChars Reached unreachable code
-FAIL AES-CBC 192-bit key, zeroPadChar assert_unreached: should have thrown exception for test AES-CBC 192-bit key, zeroPadChar Reached unreachable code
-FAIL AES-CBC 192-bit key, bigPadChar assert_unreached: should have thrown exception for test AES-CBC 192-bit key, bigPadChar Reached unreachable code
-FAIL AES-CBC 192-bit key, inconsistentPadChars assert_unreached: should have thrown exception for test AES-CBC 192-bit key, inconsistentPadChars Reached unreachable code
-FAIL AES-CBC 256-bit key, zeroPadChar assert_unreached: should have thrown exception for test AES-CBC 256-bit key, zeroPadChar Reached unreachable code
-FAIL AES-CBC 256-bit key, bigPadChar assert_unreached: should have thrown exception for test AES-CBC 256-bit key, bigPadChar Reached unreachable code
-FAIL AES-CBC 256-bit key, inconsistentPadChars assert_unreached: should have thrown exception for test AES-CBC 256-bit key, inconsistentPadChars Reached unreachable code
+PASS AES-CBC 128-bit key, zeroPadChar
+PASS AES-CBC 128-bit key, bigPadChar
+PASS AES-CBC 128-bit key, inconsistentPadChars
+PASS AES-CBC 192-bit key, zeroPadChar
+PASS AES-CBC 192-bit key, bigPadChar
+PASS AES-CBC 192-bit key, inconsistentPadChars
+PASS AES-CBC 256-bit key, zeroPadChar
+PASS AES-CBC 256-bit key, bigPadChar
+PASS AES-CBC 256-bit key, inconsistentPadChars
 

LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/encrypt_decrypt/aes_cbc.https.any.worker-expected.txt

@@ -33,13 +33,13 @@ PASS AES-CBC 192-bit key, 64-bit IV decryption
 PASS AES-CBC 192-bit key, 192-bit IV decryption
 PASS AES-CBC 256-bit key, 64-bit IV decryption
 PASS AES-CBC 256-bit key, 192-bit IV decryption
-FAIL AES-CBC 128-bit key, zeroPadChar assert_unreached: should have thrown exception for test AES-CBC 128-bit key, zeroPadChar Reached unreachable code
-FAIL AES-CBC 128-bit key, bigPadChar assert_unreached: should have thrown exception for test AES-CBC 128-bit key, bigPadChar Reached unreachable code
-FAIL AES-CBC 128-bit key, inconsistentPadChars assert_unreached: should have thrown exception for test AES-CBC 128-bit key, inconsistentPadChars Reached unreachable code
-FAIL AES-CBC 192-bit key, zeroPadChar assert_unreached: should have thrown exception for test AES-CBC 192-bit key, zeroPadChar Reached unreachable code
-FAIL AES-CBC 192-bit key, bigPadChar assert_unreached: should have thrown exception for test AES-CBC 192-bit key, bigPadChar Reached unreachable code
-FAIL AES-CBC 192-bit key, inconsistentPadChars assert_unreached: should have thrown exception for test AES-CBC 192-bit key, inconsistentPadChars Reached unreachable code
-FAIL AES-CBC 256-bit key, zeroPadChar assert_unreached: should have thrown exception for test AES-CBC 256-bit key, zeroPadChar Reached unreachable code
-FAIL AES-CBC 256-bit key, bigPadChar assert_unreached: should have thrown exception for test AES-CBC 256-bit key, bigPadChar Reached unreachable code
-FAIL AES-CBC 256-bit key, inconsistentPadChars assert_unreached: should have thrown exception for test AES-CBC 256-bit key, inconsistentPadChars Reached unreachable code
+PASS AES-CBC 128-bit key, zeroPadChar
+PASS AES-CBC 128-bit key, bigPadChar
+PASS AES-CBC 128-bit key, inconsistentPadChars
+PASS AES-CBC 192-bit key, zeroPadChar
+PASS AES-CBC 192-bit key, bigPadChar
+PASS AES-CBC 192-bit key, inconsistentPadChars
+PASS AES-CBC 256-bit key, zeroPadChar
+PASS AES-CBC 256-bit key, bigPadChar
+PASS AES-CBC 256-bit key, inconsistentPadChars
 

Source/WebCore/crypto/mac/CryptoAlgorithmAES_CBCMac.cpp

@@ -76,7 +76,23 @@ ExceptionOr<Vector<uint8_t>> CryptoAlgorithmAES_CBC::platformDecrypt(const Crypt
 {
     ASSERT(parameters.ivVector().size() == kCCBlockSizeAES128 || parameters.ivVector().isEmpty());
     ASSERT(padding == Padding::Yes || !(cipherText.size() % kCCBlockSizeAES128));
-    return transformAES_CBC(kCCDecrypt, parameters.ivVector(), key.key(), cipherText, padding);
+    auto result = transformAES_CBC(kCCDecrypt, parameters.ivVector(), key.key(), cipherText, Padding::No);
+    if (result.hasException())
+        return result.releaseException();
+
+    auto data = result.releaseReturnValue();
+    if (padding == Padding::Yes && !data.isEmpty()) {
+        // Validate and remove padding as per https://www.w3.org/TR/WebCryptoAPI/#aes-cbc-operations (Decrypt section).
+        auto paddingByte = data.last();
+        if (!paddingByte || paddingByte > 16 || paddingByte > data.size())
+            return Exception { OperationError };
+        for (size_t i = data.size() - paddingByte; i < data.size() - 1; ++i) {
+            if (data[i] != paddingByte)
+                return Exception { OperationError };
+        }
+        data.shrink(data.size() - paddingByte);
+    }
+    return data;
 }
 
 } // namespace WebCore