| Index: LayoutTests/crypto/encrypt-decrypt.html
|
| diff --git a/LayoutTests/crypto/encrypt-decrypt.html b/LayoutTests/crypto/encrypt-decrypt.html
|
| index 89923ea1b7c3e2ac2b2c56c4234b71280c91287e..b2120d1c5f5e3c347109f2a50813a27663b1bf7c 100644
|
| --- a/LayoutTests/crypto/encrypt-decrypt.html
|
| +++ b/LayoutTests/crypto/encrypt-decrypt.html
|
| @@ -26,7 +26,7 @@ var allTests = [];
|
| // The NIST tests do not have a padding block. To match the WebCrypto
|
| // expectations, a PKCS#5 padding block has been added.
|
|
|
| -var kSuccessTestVectors = [
|
| +var kAesCbcSuccessVectors = [
|
| // 128-bit key with plaintext that is an exact multiple of block size.
|
| // Derived from [1] F.2.1 (CBC-AES128.Encrypt), by adding padding block.
|
| {
|
| @@ -70,7 +70,70 @@ var kSuccessTestVectors = [
|
| },
|
| ];
|
|
|
| -function runSuccessTestCase(testCase)
|
| +// These tests come from the NIST GCM test vectors:
|
| +// http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip
|
| +//
|
| +// Both encryption and decryption are expected to work.
|
| +var kAesGcmSuccessVectors =
|
| +[
|
| + // [Keylen = 128]
|
| + // [IVlen = 96]
|
| + // [PTlen = 0]
|
| + // [AADlen = 0]
|
| + // [Taglen = 128]
|
| + {
|
| + "key": "cf063a34d4a9a76c2c86787d3f96db71",
|
| + "iv": "113b9785971864c83b01c787",
|
| + "plainText": "",
|
| + "cipherText": "",
|
| + "additionalData": "",
|
| + "authenticationTag": "72ac8493e3a5228b5d130a69d2510e42"
|
| + },
|
| +
|
| + // [Keylen = 128]
|
| + // [IVlen = 96]
|
| + // [PTlen = 0]
|
| + // [AADlen = 128]
|
| + // [Taglen = 120]
|
| + {
|
| + "key": "6dfa1a07c14f978020ace450ad663d18",
|
| + "iv": "34edfa462a14c6969a680ec1",
|
| + "plainText": "",
|
| + "cipherText": "",
|
| + "additionalData": "2a35c7f5f8578e919a581c60500c04f6",
|
| + "authenticationTag": "751f3098d59cf4ea1d2fb0853bde1c"
|
| + },
|
| +
|
| + // [Keylen = 128]
|
| + // [IVlen = 96]
|
| + // [PTlen = 128]
|
| + // [AADlen = 128]
|
| + // [Taglen = 112]
|
| + {
|
| + "key": "ed6cd876ceba555706674445c229c12d",
|
| + "iv": "92ecbf74b765bc486383ca2e",
|
| + "plainText": "bfaaaea3880d72d4378561e2597a9b35",
|
| + "cipherText": "bdd2ed6c66fa087dce617d7fd1ff6d93",
|
| + "additionalData": "95bd10d77dbe0e87fb34217f1a2e5efe",
|
| + "authenticationTag": "ba82e49c55a22ed02ca67da4ec6f"
|
| + },
|
| +
|
| + // [Keylen = 192]
|
| + // [IVlen = 96]
|
| + // [PTlen = 128]
|
| + // [AADlen = 384]
|
| + // [Taglen = 112]
|
| + {
|
| + "key": "ae7972c025d7f2ca3dd37dcc3d41c506671765087c6b61b8",
|
| + "iv": "984c1379e6ba961c828d792d",
|
| + "plainText": "d30b02c343487105219d6fa080acc743",
|
| + "cipherText": "c4489fa64a6edf80e7e6a3b8855bc37c",
|
| + "additionalData": "edd8f630f9bbc31b0acf122998f15589d6e6e3e1a3ec89e0c6a6ece751610ebbf57fdfb9d82028ff1d9faebe37a268c1",
|
| + "authenticationTag": "772ee7de0f91a981c36c93a35c88"
|
| + }
|
| +];
|
| +
|
| +function runAesCbcSuccessTestCase(testCase)
|
| {
|
| var algorithm = {name: 'aes-cbc', iv: hexStringToUint8Array(testCase.iv)};
|
|
|
| @@ -102,9 +165,51 @@ function runSuccessTestCase(testCase)
|
| });
|
| }
|
|
|
| +function runAesGcmSuccessTestCase(testCase)
|
| +{
|
| + var key = null;
|
| + var keyData = hexStringToUint8Array(testCase.key);
|
| + var iv = hexStringToUint8Array(testCase.iv);
|
| + var additionalData = hexStringToUint8Array(testCase.additionalData);
|
| + var tag = hexStringToUint8Array(testCase.authenticationTag);
|
| + var usages = ['encrypt', 'decrypt'];
|
| + var extractable = false;
|
| +
|
| + var tagLengthBits = tag.byteLength * 8;
|
| +
|
| + var algorithm = {name: 'aes-gcm', iv: iv, additionalData: additionalData, tagLength: tagLengthBits};
|
| +
|
| + // (1) Import the key
|
| + return crypto.subtle.importKey('raw', keyData, algorithm, extractable, usages).then(function(result) {
|
| + key = result;
|
| +
|
| + // shouldBe() can only resolve variables in global context.
|
| + tmpKey = key;
|
| + shouldBe("tmpKey.type", "'secret'");
|
| + shouldBe("tmpKey.extractable", "false");
|
| + shouldBe("tmpKey.algorithm.name", "'AES-GCM'");
|
| + shouldBe("tmpKey.usages.join(',')", "'decrypt,encrypt'");
|
| +
|
| + // (2) Encrypt.
|
| + return crypto.subtle.encrypt(algorithm, key, hexStringToUint8Array(testCase.plainText));
|
| + }).then(function(result) {
|
| + bytesShouldMatchHexString("Encryption", testCase.cipherText + testCase.authenticationTag, result);
|
| +
|
| + // (3) Decrypt
|
| + return crypto.subtle.decrypt(algorithm, key, hexStringToUint8Array(testCase.cipherText + testCase.authenticationTag));
|
| + }).then(function(result) {
|
| + bytesShouldMatchHexString("Decryption", testCase.plainText, result);
|
| + });
|
| +}
|
| +
|
| // Add all of the tests defined above.
|
| -for (var i = 0; i < kSuccessTestVectors.length; ++i) {
|
| - addTask(runSuccessTestCase(kSuccessTestVectors[i]));
|
| +for (var i = 0; i < kAesCbcSuccessVectors.length; ++i) {
|
| + addTask(runAesCbcSuccessTestCase(kAesCbcSuccessVectors[i]));
|
| +}
|
| +
|
| +// Add all of the tests defined above.
|
| +for (var i = 0; i < kAesGcmSuccessVectors.length; ++i) {
|
| + addTask(runAesGcmSuccessTestCase(kAesGcmSuccessVectors[i]));
|
| }
|
|
|
| // -------------------------------------------------
|
| @@ -140,7 +245,7 @@ for (var i = 0; i < kUnsupportedKeyLengths.length; ++i) {
|
| // Invalid cipher texts
|
| // -------------------------------------------------
|
|
|
| -function testInvalidDecryptions()
|
| +function testInvalidAesCbcDecryptions()
|
| {
|
| // 128-bit key with plaintext that is an exact multiple of block size.
|
| // Derived from [1] F.2.1 (CBC-AES128.Encrypt), by adding padding block.
|
| @@ -189,7 +294,7 @@ function testInvalidDecryptions()
|
| });
|
| }
|
|
|
| -addTask(testInvalidDecryptions());
|
| +addTask(testInvalidAesCbcDecryptions());
|
|
|
| function testNormalizationFailures(importedKeys)
|
| {
|
| @@ -219,6 +324,18 @@ function testNormalizationFailures(importedKeys)
|
| shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter: new Uint8Array(16), length: -3}, keys.aesCtr, data)");
|
| shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter: new Uint8Array(16), length: Infinity}, keys.aesCtr, data)");
|
|
|
| + // ---------------------------------------------------
|
| + // AES-CBC normalization failures (AesGcmParams)
|
| + // ---------------------------------------------------
|
| +
|
| + shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm'}, keys.aesGcm, data)");
|
| + shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm', iv: 3}, keys.aesGcm, data)");
|
| + shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm', iv: 'foo'}, keys.aesGcm, data)");
|
| + shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm', iv: new Uint8Array(16), additionalData: '5'}, keys.aesGcm, data)");
|
| + shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm', iv: new Uint8Array(16), additionalData: new Uint8Array(1), tagLength: 'foo'}, keys.aesGcm, data)");
|
| + shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm', iv: new Uint8Array(16), additionalData: new Uint8Array(1), tagLength: -1}, keys.aesGcm, data)");
|
| + shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm', iv: new Uint8Array(16), additionalData: new Uint8Array(1), tagLength: 8000}, keys.aesGcm, data)");
|
| +
|
| // Try calling with the wrong key type.
|
| aesCbc = {name: 'AES-CBC', iv: new Uint8Array([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])};
|
| shouldRejectPromiseWithNull("crypto.subtle.encrypt(aesCbc, keys.hmacSha1, data)");
|
|
|
Chromium Code Reviews
Issue 180323002:
[webcrypto] Add parameter parsing for AES-GCM. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk