-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 27603 - verify() can fail either by returning flase or rejecting with an error, inconsistent which is used #66
Comments
I think all three should consistently offer the possibility to throw an error. ECDSA doesn't have this at present. We should check whether the underlying crypto specifications are clear about what is an error and then we will see during testing whether implementations are compliant. |
Pull Request #102 |
I am not sure that I think this is a good idea. I believe that I would prefer to move in the opposite direction of just returning true/false as as result if there is an error in the operation. The ability for code to distinguish between an incorrect hash and a bad padding in RSA is a classic attack. For this reason I believe that the code should only return true/false. |
Any comments on @jimsch's suggestion ? |
Discussed on 7/11 call. Suggest making this change: always return false if the signature is not valid. |
I concur with @jimsch here, let's keep it true/false if the signature is rejected. |
…SA and ECDSA verify.
New PR #117 |
…SA and ECDSA verify.
Bug 27603:
There are two ways for crypto.subtle.verify() to fail verification:
(1) Resolve the promise with false
(2) Reject the promise with an error
There are inconsistencies between algorithms on which approach is chosen, and there are also implementation complexities that arise from the distinctions.
For instance:
I haven't run a full set of tests yet, however I am uncertain that the popular crypto libraries consistently distinguish errors for RSASSA-... and RSA-PSS in the manner required.
The text was updated successfully, but these errors were encountered: