OLD | NEW |
1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
2 <html> | 2 <html> |
3 <head> | 3 <head> |
4 <script src="../resources/js-test.js"></script> | 4 <script src="../resources/js-test.js"></script> |
5 <script src="resources/common.js"></script> | 5 <script src="resources/common.js"></script> |
6 </head> | 6 </head> |
7 <body> | 7 <body> |
8 <p id="description"></p> | 8 <p id="description"></p> |
9 <div id="console"></div> | 9 <div id="console"></div> |
10 | 10 |
11 <script> | 11 <script> |
12 description("Tests cypto.subtle.encrypt and crypto.subtle.decrypt"); | 12 description("Tests encrypt/decrypt for AES-GCM"); |
13 | 13 |
14 jsTestIsAsync = true; | 14 jsTestIsAsync = true; |
15 | 15 |
16 // A list of Promises for every test to run. | |
17 var allTests = []; | |
18 | |
19 // ------------------------------------------------- | |
20 // Successful encryption/decryption | |
21 // ------------------------------------------------- | |
22 | |
23 // Test vectors marked with [1] were copied from: | |
24 // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf | |
25 // | |
26 // The NIST tests do not have a padding block. To match the WebCrypto | |
27 // expectations, a PKCS#5 padding block has been added. | |
28 | |
29 var kAesCbcSuccessVectors = [ | |
30 // 128-bit key with plaintext that is an exact multiple of block size. | |
31 // Derived from [1] F.2.1 (CBC-AES128.Encrypt), by adding padding block. | |
32 { | |
33 key: "2b7e151628aed2a6abf7158809cf4f3c", | |
34 iv: "000102030405060708090a0b0c0d0e0f", | |
35 plainText: "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51
30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710", | |
36 cipherText: "7649abac8119b246cee98e9b12e9197d5086cb9b507219ee95db113a917678b
273bed6b8e3c1743b7116e69e222295163ff1caa1681fac09120eca307586e1a7" + | |
37 // Padding block. | |
38 "8cb82807230e1321d3fae00d18cc2012" | |
39 }, | |
40 | |
41 // 192-bit key, where final block of plaintext has to pad by 15. | |
42 // Derived from [1] F.2.3 (CBC-AES192.Encrypt), by stripping 15 bytes off | |
43 // plaintext and adding padding block. | |
44 { | |
45 key: "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b", | |
46 iv: "000102030405060708090a0b0c0d0e0f", | |
47 plainText: "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51
30c81c46a35ce411e5fbc1191a0a52eff6", | |
48 cipherText: "4f021db243bc633d7178183a9fa071e8b4d9ada9ad7dedf4e5e738763f69145
a571b242012fb7ae07fa9baac3df102e0" + | |
49 // Padding block. | |
50 "288c6f9ec554652e50ab55e121f099ae" | |
51 }, | |
52 | |
53 // 256-bit key, where final block of plaintext has to pad by 3. | |
54 // Derived from [1] F.2.6 CBC-AES256.Decrypt, by stripping 3 bytes off | |
55 // plaintext and adding padding block. | |
56 { | |
57 key: "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4", | |
58 iv: "000102030405060708090a0b0c0d0e0f", | |
59 plainText: "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51
30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be6", | |
60 cipherText: "f58c4c04d6e5f1ba779eabfb5f7bfbd69cfc4e967edb808d679f777bc6702c7
d39f23369a9d9bacfa530e26304231461c9aaf02a6a54e9e242ccbf48c59daca6" | |
61 }, | |
62 | |
63 // 128-bit key, with empty plaintext. | |
64 // Derived from Chromium's EncryptorTest.EmptyEncrypt() (encryptor_unittest.cc
) | |
65 { | |
66 key: "3132383d5369787465656e4279746573", | |
67 iv: "5377656574205369787465656e204956", | |
68 plainText: "", | |
69 cipherText: "8518b8878d34e7185e300d0fcc426396" | |
70 }, | |
71 ]; | |
72 | |
73 // These tests come from the NIST GCM test vectors: | 16 // These tests come from the NIST GCM test vectors: |
74 // http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip | 17 // http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip |
75 // | 18 // |
76 // Both encryption and decryption are expected to work. | 19 // Both encryption and decryption are expected to work. |
77 var kAesGcmSuccessVectors = | 20 var kAesGcmSuccessVectors = |
78 [ | 21 [ |
79 // [Keylen = 128] | 22 // [Keylen = 128] |
80 // [IVlen = 96] | 23 // [IVlen = 96] |
81 // [PTlen = 0] | 24 // [PTlen = 0] |
82 // [AADlen = 0] | 25 // [AADlen = 0] |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
126 { | 69 { |
127 "key": "ae7972c025d7f2ca3dd37dcc3d41c506671765087c6b61b8", | 70 "key": "ae7972c025d7f2ca3dd37dcc3d41c506671765087c6b61b8", |
128 "iv": "984c1379e6ba961c828d792d", | 71 "iv": "984c1379e6ba961c828d792d", |
129 "plainText": "d30b02c343487105219d6fa080acc743", | 72 "plainText": "d30b02c343487105219d6fa080acc743", |
130 "cipherText": "c4489fa64a6edf80e7e6a3b8855bc37c", | 73 "cipherText": "c4489fa64a6edf80e7e6a3b8855bc37c", |
131 "additionalData": "edd8f630f9bbc31b0acf122998f15589d6e6e3e1a3ec89e0c6a6ece75
1610ebbf57fdfb9d82028ff1d9faebe37a268c1", | 74 "additionalData": "edd8f630f9bbc31b0acf122998f15589d6e6e3e1a3ec89e0c6a6ece75
1610ebbf57fdfb9d82028ff1d9faebe37a268c1", |
132 "authenticationTag": "772ee7de0f91a981c36c93a35c88" | 75 "authenticationTag": "772ee7de0f91a981c36c93a35c88" |
133 } | 76 } |
134 ]; | 77 ]; |
135 | 78 |
136 function runAesCbcSuccessTestCase(testCase) | |
137 { | |
138 var algorithm = {name: 'aes-cbc', iv: hexStringToUint8Array(testCase.iv)}; | |
139 | |
140 var key = null; | |
141 var keyData = hexStringToUint8Array(testCase.key); | |
142 var usages = ['encrypt', 'decrypt']; | |
143 var extractable = false; | |
144 | |
145 // (1) Import the key | |
146 return crypto.subtle.importKey('raw', keyData, algorithm, extractable, usage
s).then(function(result) { | |
147 key = result; | |
148 | |
149 // shouldBe() can only resolve variables in global context. | |
150 tmpKey = key; | |
151 shouldBe("tmpKey.type", "'secret'"); | |
152 shouldBe("tmpKey.extractable", "false"); | |
153 shouldBe("tmpKey.algorithm.name", "'AES-CBC'"); | |
154 shouldBe("tmpKey.algorithm.length", (keyData.byteLength * 8).toString())
; | |
155 shouldBe("tmpKey.usages.join(',')", "'encrypt,decrypt'"); | |
156 | |
157 // (2) Encrypt. | |
158 return crypto.subtle.encrypt(algorithm, key, hexStringToUint8Array(testC
ase.plainText)); | |
159 }).then(function(result) { | |
160 bytesShouldMatchHexString("Encryption", testCase.cipherText, result); | |
161 | |
162 // (3) Decrypt | |
163 return crypto.subtle.decrypt(algorithm, key, hexStringToUint8Array(testC
ase.cipherText)); | |
164 }).then(function(result) { | |
165 bytesShouldMatchHexString("Decryption", testCase.plainText, result); | |
166 }); | |
167 } | |
168 | |
169 function runAesGcmSuccessTestCase(testCase) | 79 function runAesGcmSuccessTestCase(testCase) |
170 { | 80 { |
171 var key = null; | 81 var key = null; |
172 var keyData = hexStringToUint8Array(testCase.key); | 82 var keyData = hexStringToUint8Array(testCase.key); |
173 var iv = hexStringToUint8Array(testCase.iv); | 83 var iv = hexStringToUint8Array(testCase.iv); |
174 var additionalData = hexStringToUint8Array(testCase.additionalData); | 84 var additionalData = hexStringToUint8Array(testCase.additionalData); |
175 var tag = hexStringToUint8Array(testCase.authenticationTag); | 85 var tag = hexStringToUint8Array(testCase.authenticationTag); |
176 var usages = ['encrypt', 'decrypt']; | 86 var usages = ['encrypt', 'decrypt']; |
177 var extractable = false; | 87 var extractable = false; |
178 | 88 |
179 var tagLengthBits = tag.byteLength * 8; | 89 var tagLengthBits = tag.byteLength * 8; |
180 | 90 |
181 var algorithm = {name: 'aes-gcm', iv: iv, additionalData: additionalData, ta
gLength: tagLengthBits}; | 91 var algorithm = {name: 'aes-gcm', iv: iv, additionalData: additionalData, ta
gLength: tagLengthBits}; |
182 | 92 |
183 // (1) Import the key | 93 // (1) Import the key |
184 return crypto.subtle.importKey('raw', keyData, algorithm, extractable, usage
s).then(function(result) { | 94 return crypto.subtle.importKey('raw', keyData, algorithm, extractable, usage
s).then(function(result) { |
185 key = result; | 95 key = result; |
186 | 96 |
187 // shouldBe() can only resolve variables in global context. | 97 // shouldBe() can only resolve variables in global context. |
188 tmpKey = key; | 98 tmpKey = key; |
189 shouldBe("tmpKey.type", "'secret'"); | 99 shouldEvaluateAs("tmpKey.type", "secret"); |
190 shouldBe("tmpKey.extractable", "false"); | 100 shouldEvaluateAs("tmpKey.extractable", false); |
191 shouldBe("tmpKey.algorithm.name", "'AES-GCM'"); | 101 shouldEvaluateAs("tmpKey.algorithm.name", "AES-GCM"); |
192 shouldBe("tmpKey.usages.join(',')", "'encrypt,decrypt'"); | 102 shouldEvaluateAs("tmpKey.usages.join(',')", "encrypt,decrypt"); |
193 | 103 |
194 // (2) Encrypt. | 104 // (2) Encrypt. |
195 return crypto.subtle.encrypt(algorithm, key, hexStringToUint8Array(testC
ase.plainText)); | 105 return crypto.subtle.encrypt(algorithm, key, hexStringToUint8Array(testC
ase.plainText)); |
196 }).then(function(result) { | 106 }).then(function(result) { |
197 bytesShouldMatchHexString("Encryption", testCase.cipherText + testCase.a
uthenticationTag, result); | 107 bytesShouldMatchHexString("Encryption", testCase.cipherText + testCase.a
uthenticationTag, result); |
198 | 108 |
199 // (3) Decrypt | 109 // (3) Decrypt |
200 return crypto.subtle.decrypt(algorithm, key, hexStringToUint8Array(testC
ase.cipherText + testCase.authenticationTag)); | 110 return crypto.subtle.decrypt(algorithm, key, hexStringToUint8Array(testC
ase.cipherText + testCase.authenticationTag)); |
201 }).then(function(result) { | 111 }).then(function(result) { |
202 bytesShouldMatchHexString("Decryption", testCase.plainText, result); | 112 bytesShouldMatchHexString("Decryption", testCase.plainText, result); |
203 }); | 113 }); |
204 } | 114 } |
205 | 115 |
206 // Add all of the tests defined above. | 116 var lastPromise = Promise.resolve(null); |
207 for (var i = 0; i < kAesCbcSuccessVectors.length; ++i) { | |
208 addTask(runAesCbcSuccessTestCase(kAesCbcSuccessVectors[i])); | |
209 } | |
210 | 117 |
211 // Add all of the tests defined above. | 118 kAesGcmSuccessVectors.forEach(function(test) { |
212 for (var i = 0; i < kAesGcmSuccessVectors.length; ++i) { | 119 lastPromise = lastPromise.then(runAesGcmSuccessTestCase.bind(null, test)); |
213 addTask(runAesGcmSuccessTestCase(kAesGcmSuccessVectors[i])); | 120 }); |
214 } | |
215 | 121 |
216 // ------------------------------------------------- | 122 lastPromise.then(finishJSTest, failAndFinishJSTest); |
217 // Failed key import. | |
218 // ------------------------------------------------- | |
219 | |
220 // Supported key lengths are 16 (128-bit), 32 (256-bit), 24 (192-bit), | |
221 // Try key lengths that are off by 1 from the supported ones. | |
222 var kUnsupportedKeyLengths = [ | |
223 0, 1, 15, 17, 31, 33, 23, 25, 64 | |
224 ]; | |
225 | |
226 function testInvalidKeyImport(keyLengthBytes) | |
227 { | |
228 var algorithm = {name: 'aes-cbc'}; | |
229 var keyData = new Uint8Array(keyLengthBytes); | |
230 | |
231 var usages = ['encrypt', 'decrypt']; | |
232 var extractable = false; | |
233 | |
234 return crypto.subtle.importKey('raw', keyData, algorithm, extractable, usage
s).then(function(result) { | |
235 debug("FAIL: Successfully import key of length " + keyData.byteLength +
" bytes"); | |
236 }, function(result) { | |
237 debug("PASS: Failed to import key of length " + keyData.byteLength + " b
ytes"); | |
238 }); | |
239 } | |
240 | |
241 for (var i = 0; i < kUnsupportedKeyLengths.length; ++i) { | |
242 addTask(testInvalidKeyImport(kUnsupportedKeyLengths[i])); | |
243 } | |
244 | |
245 // ------------------------------------------------- | |
246 // Invalid cipher texts | |
247 // ------------------------------------------------- | |
248 | |
249 function testInvalidAesCbcDecryptions() | |
250 { | |
251 // 128-bit key with plaintext that is an exact multiple of block size. | |
252 // Derived from [1] F.2.1 (CBC-AES128.Encrypt), by adding padding block. | |
253 var iv = hexStringToUint8Array("000102030405060708090a0b0c0d0e0f"); | |
254 var keyData = hexStringToUint8Array("2b7e151628aed2a6abf7158809cf4f3c"); | |
255 var cipherText = hexStringToUint8Array("7649abac8119b246cee98e9b12e9197d5086
cb9b507219ee95db113a917678b273bed6b8e3c1743b7116e69e222295163ff1caa1681fac09120e
ca307586e1a78cb82807230e1321d3fae00d18cc2012"); | |
256 | |
257 var key = null; | |
258 var usages = ['encrypt', 'decrypt']; | |
259 var extractable = false; | |
260 var algorithm = {name: 'aes-cbc', iv: iv}; | |
261 | |
262 function verifyDecryptionFails(newCipherTextLength) | |
263 { | |
264 var newCipherText = cipherText.subarray(0, newCipherTextLength); | |
265 | |
266 var description = "ciphertext length: " + newCipherText.byteLength; | |
267 return crypto.subtle.decrypt(algorithm, key, newCipherText).then(functio
n(result) { | |
268 debug("FAIL: decrypting succeeded. " + description); | |
269 }, function(result) { | |
270 debug("PASS: decrypting failed. " + description); | |
271 }); | |
272 } | |
273 | |
274 return crypto.subtle.importKey('raw', keyData, algorithm, extractable, usage
s).then(function(result) { | |
275 key = result; | |
276 | |
277 // Verify that decryption works with the original ciphertext. | |
278 return crypto.subtle.decrypt(algorithm, key, cipherText); | |
279 }).then(function(result) { | |
280 debug("PASS: Decryption succeeded"); | |
281 | |
282 // Try a number of bad ciphertexts. | |
283 return Promise.all([ | |
284 verifyDecryptionFails(0), | |
285 verifyDecryptionFails(cipherText.byteLength - 1), | |
286 | |
287 // Stripped a whole block. This new final block will result in a | |
288 // padding error. | |
289 verifyDecryptionFails(cipherText.byteLength - 16), | |
290 verifyDecryptionFails(1), | |
291 verifyDecryptionFails(15), | |
292 verifyDecryptionFails(16), | |
293 verifyDecryptionFails(17), | |
294 ]); | |
295 }); | |
296 } | |
297 | |
298 addTask(testInvalidAesCbcDecryptions()); | |
299 | |
300 function testNormalizationFailures(importedKeys) | |
301 { | |
302 keys = importedKeys; | |
303 | |
304 data = asciiToUint8Array("hello"); | |
305 | |
306 // --------------------------------------------------- | |
307 // AES-CBC normalization failures (AesCbcParams) | |
308 // --------------------------------------------------- | |
309 | |
310 shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CBC', iv: nul
l}, keys.aesCbc, data)"); | |
311 shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CBC'}, keys.a
esCbc, data)"); | |
312 shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CBC', iv: 3},
keys.aesCbc, data)"); | |
313 shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CBC', iv: new
Uint8Array(0)}, keys.aesCbc, data)"); | |
314 | |
315 // --------------------------------------------------- | |
316 // AES-CTR normalization failures (AesCtrParams) | |
317 // --------------------------------------------------- | |
318 | |
319 shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter
: null}, keys.aesCtr, data)"); | |
320 shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR'}, keys.a
esCtr, data)"); | |
321 shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter
: new Uint8Array(0)}, keys.aesCtr, data)"); | |
322 shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter
: new Uint8Array(16), length: 0}, keys.aesCtr, data)"); | |
323 shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter
: new Uint8Array(16), length: 18}, keys.aesCtr, data)"); | |
324 shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter
: new Uint8Array(16), length: 256}, keys.aesCtr, data)"); | |
325 shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter
: new Uint8Array(16), length: -3}, keys.aesCtr, data)"); | |
326 shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter
: new Uint8Array(16), length: Infinity}, keys.aesCtr, data)"); | |
327 | |
328 // --------------------------------------------------- | |
329 // AES-CBC normalization failures (AesGcmParams) | |
330 // --------------------------------------------------- | |
331 | |
332 shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm'}, keys.a
esGcm, data)"); | |
333 shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm', iv: 3},
keys.aesGcm, data)"); | |
334 shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm', iv: 'fo
o'}, keys.aesGcm, data)"); | |
335 shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm', iv: new
Uint8Array(16), additionalData: '5'}, keys.aesGcm, data)"); | |
336 shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm', iv: new
Uint8Array(16), additionalData: new Uint8Array(1), tagLength: 'foo'}, keys.aesG
cm, data)"); | |
337 shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm', iv: new
Uint8Array(16), additionalData: new Uint8Array(1), tagLength: -1}, keys.aesGcm,
data)"); | |
338 shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-gcm', iv: new
Uint8Array(16), additionalData: new Uint8Array(1), tagLength: 8000}, keys.aesGc
m, data)"); | |
339 | |
340 // Try calling with the wrong key type. | |
341 aesCbc = {name: 'AES-CBC', iv: new Uint8Array([0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
10, 11, 12, 13, 14, 15])}; | |
342 shouldRejectPromiseWithNull("crypto.subtle.encrypt(aesCbc, keys.hmacSha1, da
ta)"); | |
343 | |
344 // Key doesn't support encrypt. | |
345 shouldRejectPromiseWithNull("crypto.subtle.encrypt(aesCbc, keys.aesCbcJustDe
crypt, data)"); | |
346 | |
347 // If no key was specified AND the algorithm was bogus, should complain | |
348 // about the missing key first. | |
349 shouldThrow("crypto.subtle.encrypt({name: 'bogus'}, null, data)"); | |
350 } | |
351 | |
352 addTask(importTestKeys().then(testNormalizationFailures)); | |
353 | |
354 completeTestWhenAllTasksDone(); | |
355 | 123 |
356 </script> | 124 </script> |
357 | 125 |
358 </body> | 126 </body> |
| 127 </html> |
OLD | NEW |