[webcrypto] Add parameter parsing for AES-GCM.

LayoutTests/crypto/encrypt-decrypt.html

 <!DOCTYPE html>
 <html>
 <head>
 <script src="../resources/js-test.js"></script>
 <script src="resources/common.js"></script>
 </head>
 <body>
 <p id="description"></p>
 <div id="console"></div>
 
 <script>
 description("Tests cypto.subtle.encrypt and crypto.subtle.decrypt");
 
 jsTestIsAsync = true;
 
 // A list of Promises for every test to run.
 var allTests = [];
 
 // -------------------------------------------------
 // Successful encryption/decryption
 // -------------------------------------------------
 
 // Test vectors marked with [1] were copied from:
 //   http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
 //
 // The NIST tests do not have a padding block. To match the WebCrypto
 // expectations, a PKCS#5 padding block has been added.
 
-var kSuccessTestVectors = [
+var kAesCbcSuccessVectors = [
   // 128-bit key with plaintext that is an exact multiple of block size.
   // Derived from [1] F.2.1 (CBC-AES128.Encrypt), by adding padding block.
   {
     key: "2b7e151628aed2a6abf7158809cf4f3c",
     iv: "000102030405060708090a0b0c0d0e0f",
     plainText: "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
     cipherText: "7649abac8119b246cee98e9b12e9197d5086cb9b507219ee95db113a917678b273bed6b8e3c1743b7116e69e222295163ff1caa1681fac09120eca307586e1a7" +
                 // Padding block.
                 "8cb82807230e1321d3fae00d18cc2012"
   },
@@ skipping 23 matching lines @@
   // 128-bit key, with empty plaintext.
   // Derived from Chromium's EncryptorTest.EmptyEncrypt() (encryptor_unittest.cc)
   {
     key: "3132383d5369787465656e4279746573",
     iv: "5377656574205369787465656e204956",
     plainText: "",
     cipherText: "8518b8878d34e7185e300d0fcc426396"
   },
 ];
 
-function runSuccessTestCase(testCase)
+// These tests come from the NIST GCM test vectors:
+// http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip
+//
+// Both encryption and decryption are expected to work.
+var kAesGcmSuccessVectors =
+[
+  // [Keylen = 128]
+  // [IVlen = 96]
+  // [PTlen = 0]
+  // [AADlen = 0]
+  // [Taglen = 128]
+  {
+    "key": "cf063a34d4a9a76c2c86787d3f96db71",
+    "iv": "113b9785971864c83b01c787",
+    "plainText": "",
+    "cipherText": "",
+    "additionalData": "",
+    "authenticationTag": "72ac8493e3a5228b5d130a69d2510e42"
+  },
+
+  // [Keylen = 128]
+  // [IVlen = 96]
+  // [PTlen = 0]
+  // [AADlen = 128]
+  // [Taglen = 120]
+  {
+    "key": "6dfa1a07c14f978020ace450ad663d18",
+    "iv": "34edfa462a14c6969a680ec1",
+    "plainText": "",
+    "cipherText": "",
+    "additionalData": "2a35c7f5f8578e919a581c60500c04f6",
+    "authenticationTag": "751f3098d59cf4ea1d2fb0853bde1c"
+  },
+
+  // [Keylen = 128]
+  // [IVlen = 96]
+  // [PTlen = 128]
+  // [AADlen = 128]
+  // [Taglen = 112]
+  {
+    "key": "ed6cd876ceba555706674445c229c12d",
+    "iv": "92ecbf74b765bc486383ca2e",
+    "plainText": "bfaaaea3880d72d4378561e2597a9b35",
+    "cipherText": "bdd2ed6c66fa087dce617d7fd1ff6d93",
+    "additionalData": "95bd10d77dbe0e87fb34217f1a2e5efe",
+    "authenticationTag": "ba82e49c55a22ed02ca67da4ec6f"
+  },
+
+  // [Keylen = 192]
+  // [IVlen = 96]
+  // [PTlen = 128]
+  // [AADlen = 384]
+  // [Taglen = 112]
+  {
+    "key": "ae7972c025d7f2ca3dd37dcc3d41c506671765087c6b61b8",
+    "iv": "984c1379e6ba961c828d792d",
+    "plainText": "d30b02c343487105219d6fa080acc743",
+    "cipherText": "c4489fa64a6edf80e7e6a3b8855bc37c",
+    "additionalData": "edd8f630f9bbc31b0acf122998f15589d6e6e3e1a3ec89e0c6a6ece751610ebbf57fdfb9d82028ff1d9faebe37a268c1",
+    "authenticationTag": "772ee7de0f91a981c36c93a35c88"
+  }
+];
+
+function runAesCbcSuccessTestCase(testCase)
 {
     var algorithm = {name: 'aes-cbc', iv: hexStringToUint8Array(testCase.iv)};
 
     var key = null;
     var keyData = hexStringToUint8Array(testCase.key);
     var usages = ['encrypt', 'decrypt'];
     var extractable = false;
 
     // (1) Import the key
     return crypto.subtle.importKey('raw', keyData, algorithm, extractable, usages).then(function(result) {
@@ skipping 11 matching lines @@
     }).then(function(result) {
         bytesShouldMatchHexString("Encryption", testCase.cipherText, result);
 
         // (3) Decrypt
         return crypto.subtle.decrypt(algorithm, key, hexStringToUint8Array(testCase.cipherText));
     }).then(function(result) {
         bytesShouldMatchHexString("Decryption", testCase.plainText, result);
     });
 }
 
+function runAesGcmSuccessTestCase(testCase)
+{
+    var key = null;
+    var keyData = hexStringToUint8Array(testCase.key);
+    var iv = hexStringToUint8Array(testCase.iv);
+    var additionalData = hexStringToUint8Array(testCase.additionalData);
+    var tag = hexStringToUint8Array(testCase.authenticationTag);
+    var usages = ['encrypt', 'decrypt'];
+    var extractable = false;
+
+    var tagLengthBits = tag.byteLength * 8;
+
+    var algorithm = {name: 'aes-gcm', iv: iv, additionalData: additionalData, tagLength: tagLengthBits};
+
+    // (1) Import the key
+    return crypto.subtle.importKey('raw', keyData, algorithm, extractable, usages).then(function(result) {
+        key = result;
+        
+        // shouldBe() can only resolve variables in global context.
+        tmpKey = key;
+        shouldBe("tmpKey.type", "'secret'");
+        shouldBe("tmpKey.extractable", "false");
+        shouldBe("tmpKey.algorithm.name", "'AES-GCM'");
+        shouldBe("tmpKey.usages.join(',')", "'decrypt,encrypt'");
+
+        // (2) Encrypt.
+        return crypto.subtle.encrypt(algorithm, key, hexStringToUint8Array(testCase.plainText));
+    }).then(function(result) {
+        bytesShouldMatchHexString("Encryption", testCase.cipherText + testCase.authenticationTag, result);
+
+        // (3) Decrypt
+        return crypto.subtle.decrypt(algorithm, key, hexStringToUint8Array(testCase.cipherText + testCase.authenticationTag));
+    }).then(function(result) {
+        bytesShouldMatchHexString("Decryption", testCase.plainText, result);
+    });
+}
+  
 // Add all of the tests defined above.
-for (var i = 0; i < kSuccessTestVectors.length; ++i) {
-    addTask(runSuccessTestCase(kSuccessTestVectors[i]));
+for (var i = 0; i < kAesCbcSuccessVectors.length; ++i) {
+    addTask(runAesCbcSuccessTestCase(kAesCbcSuccessVectors[i]));
+}
+
+// Add all of the tests defined above.
+for (var i = 0; i < kAesGcmSuccessVectors.length; ++i) {
+    addTask(runAesGcmSuccessTestCase(kAesGcmSuccessVectors[i]));
 }
 
 // -------------------------------------------------
 // Failed key import.
 // -------------------------------------------------
 
 // Supported key lengths are 16 (128-bit), 32 (256-bit), 24 (192-bit),
 // Try key lengths that are off by 1 from the supported ones.
 var kUnsupportedKeyLengths = [
     0, 1, 15, 17, 31, 33, 23, 25, 64
@@ skipping 15 matching lines @@
 }
 
 for (var i = 0; i < kUnsupportedKeyLengths.length; ++i) {
     addTask(testInvalidKeyImport(kUnsupportedKeyLengths[i]));
 }
 
 // -------------------------------------------------
 // Invalid cipher texts
 // -------------------------------------------------
 
-function testInvalidDecryptions()
+function testInvalidAesCbcDecryptions()
 {
     // 128-bit key with plaintext that is an exact multiple of block size.
     // Derived from [1] F.2.1 (CBC-AES128.Encrypt), by adding padding block.
     var iv = hexStringToUint8Array("000102030405060708090a0b0c0d0e0f");
     var keyData = hexStringToUint8Array("2b7e151628aed2a6abf7158809cf4f3c");
     var cipherText = hexStringToUint8Array("7649abac8119b246cee98e9b12e9197d5086cb9b507219ee95db113a917678b273bed6b8e3c1743b7116e69e222295163ff1caa1681fac09120eca307586e1a78cb82807230e1321d3fae00d18cc2012");
 
     var key = null;
     var usages = ['encrypt', 'decrypt'];
     var extractable = false;
@@ skipping 28 matching lines @@
           // padding error.
           verifyDecryptionFails(cipherText.byteLength - 16),
           verifyDecryptionFails(1),
           verifyDecryptionFails(15),
           verifyDecryptionFails(16),
           verifyDecryptionFails(17),
       ]);
     });
 }
 
-addTask(testInvalidDecryptions());
+addTask(testInvalidAesCbcDecryptions());
 
 function testNormalizationFailures(importedKeys)
 {
     keys = importedKeys;
 
     data = asciiToUint8Array("hello");
 
     // ---------------------------------------------------
     // AES-CBC normalization failures (AesCbcParams)
     // ---------------------------------------------------
 
     shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CBC', iv: null}, keys.aesCbc, data)");
     shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CBC'}, keys.aesCbc, data)");
     shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CBC', iv: 3}, keys.aesCbc, data)");
     shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CBC', iv: new Uint8Array(0)}, keys.aesCbc, data)");
 
     // ---------------------------------------------------
     // AES-CTR normalization failures (AesCtrParams)
     // ---------------------------------------------------
 
     shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter: null}, keys.aesCtr, data)");
     shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR'}, keys.aesCtr, data)");
     shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter: new Uint8Array(0)}, keys.aesCtr, data)");
     shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter: new Uint8Array(16), length: 0}, keys.aesCtr, data)");
     shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter: new Uint8Array(16), length: 18}, keys.aesCtr, data)");
     shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter: new Uint8Array(16), length: 256}, keys.aesCtr, data)");
     shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter: new Uint8Array(16), length: -3}, keys.aesCtr, data)");
     shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter: new Uint8Array(16), length: Infinity}, keys.aesCtr, data)");
 
+    // ---------------------------------------------------
+    // AES-CBC normalization failures (AesGcmParams)
+    // ---------------------------------------------------
+
+    shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm'}, keys.aesGcm, data)");
+    shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm', iv: 3}, keys.aesGcm, data)");
+    shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm', iv: 'foo'}, keys.aesGcm, data)");
+    shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm', iv: new Uint8Array(16), additionalData: '5'}, keys.aesGcm, data)");
+    shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm', iv: new Uint8Array(16), additionalData: new Uint8Array(1), tagLength: 'foo'}, keys.aesGcm, data)");
+    shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm', iv: new Uint8Array(16), additionalData: new Uint8Array(1), tagLength: -1}, keys.aesGcm, data)");
+    shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm', iv: new Uint8Array(16), additionalData: new Uint8Array(1), tagLength: 8000}, keys.aesGcm, data)");
+
     // Try calling with the wrong key type.
     aesCbc = {name: 'AES-CBC', iv: new Uint8Array([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])};
     shouldRejectPromiseWithNull("crypto.subtle.encrypt(aesCbc, keys.hmacSha1, data)");
 
     // Key doesn't support encrypt.
     shouldRejectPromiseWithNull("crypto.subtle.encrypt(aesCbc, keys.aesCbcJustDecrypt, data)");
 
     // If no key was specified AND the algorithm was bogus, should complain
     // about the missing key first.
     shouldThrow("crypto.subtle.encrypt({name: 'bogus'}, null, data)");
 }
 
 addTask(importTestKeys().then(testNormalizationFailures));
 
 completeTestWhenAllTasksDone();
 
 </script>
 
 </body>