22596 2013-07-08 18:02:45 +0000 Does verify fulfill or reject when a MAC/Signature does not verify 2013-07-22 19:19:37 +0000 1 1 1 Unclassified Web Cryptography Web Cryptography API Document unspecified PC Windows NT RESOLVED FIXED P2 normal --- 1 sleevi sleevi ietf oldest_to_newest 90426 0 sleevi 2013-07-08 18:02:45 +0000 Raised by Jim Schaad as http://www.w3.org/2012/webcrypto/track/issues/48 It is not explicitly stated if verify returns true/false as the result or something else. The correct answer for decrypt using AE algorithms would be a reject if the tags don't match as the result returned is an ArrayBuffer. However verify is currently stated to return a boolean and thus false would seem to be an appropriate response. 91083 1 sleevi 2013-07-22 19:18:23 +0000 Resolved in https://dvcs.w3.org/hg/webcrypto-api/rev/1ab461fb0e57 As described in the commit message, each algorithm is responsible for defining it's behaviour for the steps of 'process data'. An example of this can be seen in the ECDSA case. As specified in https://dvcs.w3.org/hg/webcrypto-api/raw-file/1ab461fb0e57/spec/Overview.html#ecdsa-operations , Steps 9-11 describe that value is initialized to a boolean indicating success or failure, and that's returned from the verify operation. As described in https://dvcs.w3.org/hg/webcrypto-api/raw-file/1ab461fb0e57/spec/Overview.html#dfn-CryptoOperation-process-data and https://dvcs.w3.org/hg/webcrypto-api/raw-file/1ab461fb0e57/spec/Overview.html#CryptoOperation-method-finish , the result of the underlying algorithm is passed to the associated resolver's resolve() algorithm. Thus, a mismatched signature would resolve(false), while a matching signature would be resolve(true), and an unrelated failure would be reject(null) (12.1.2.4)