Index: LayoutTests/crypto/aes-cbc-decrypt-failure.html |
diff --git a/LayoutTests/crypto/aes-cbc-decrypt-failure.html b/LayoutTests/crypto/aes-cbc-decrypt-failure.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..2e8f0102c09553a84d75b011c5b05cc6e5b46f14 |
--- /dev/null |
+++ b/LayoutTests/crypto/aes-cbc-decrypt-failure.html |
@@ -0,0 +1,72 @@ |
+<!DOCTYPE html> |
+<html> |
+<head> |
+<script src="../resources/js-test.js"></script> |
+<script src="resources/common.js"></script> |
+<script src="resources/keys.js"></script> |
+</head> |
+<body> |
+<p id="description"></p> |
+<div id="console"></div> |
+ |
+<script> |
+description("Decrypting truncated AES-CBC ciphertext should fail"); |
+ |
+jsTestIsAsync = true; |
+ |
+// 128-bit key with plaintext that is an exact multiple of block size. |
+// Derived from [1] F.2.1 (CBC-AES128.Encrypt), by adding padding block. |
+var iv = hexStringToUint8Array("000102030405060708090a0b0c0d0e0f"); |
+var keyData = hexStringToUint8Array("2b7e151628aed2a6abf7158809cf4f3c"); |
+var cipherText = hexStringToUint8Array("7649abac8119b246cee98e9b12e9197d5086cb9b507219ee95db113a917678b273bed6b8e3c1743b7116e69e222295163ff1caa1681fac09120eca307586e1a78cb82807230e1321d3fae00d18cc2012"); |
+ |
+var key = null; |
+var usages = ['encrypt', 'decrypt']; |
+var extractable = false; |
+var algorithm = {name: 'aes-cbc', iv: iv}; |
+ |
+function verifyDecryptionFails(newCipherTextLength) |
+{ |
+ var newCipherText = cipherText.subarray(0, newCipherTextLength); |
+ |
+ var description = "ciphertext length: " + newCipherText.byteLength; |
+ return crypto.subtle.decrypt(algorithm, key, newCipherText).then(function(result) { |
+ debug("FAIL: decrypting succeeded. " + description); |
+ }, function(result) { |
+ debug("PASS: decrypting failed. " + description); |
+ }); |
+} |
+ |
+crypto.subtle.importKey('raw', keyData, algorithm, extractable, usages).then(function(result) { |
+ key = result; |
+ |
+ // Verify that decryption works with the original ciphertext. |
+ return crypto.subtle.decrypt(algorithm, key, cipherText); |
+}).then(function(result) { |
+ debug("PASS: Decryption succeeded"); |
+ |
+ // Try a number of bad ciphertexts. |
+ var badLengths = [ |
+ 0, |
+ cipherText.byteLength - 1, |
+ |
+ // Stripped a whole block. This new final block will result in a |
+ // padding error. |
+ cipherText.byteLength - 16, |
+ 1, |
+ 15, |
+ 16, |
+ 17 |
+ ]; |
+ |
+ var lastPromise = Promise.resolve(null); |
+ badLengths.forEach(function(badLength) { |
+ lastPromise = lastPromise.then(verifyDecryptionFails.bind(null, badLength)); |
+ }); |
+ return lastPromise; |
+}).then(finishJSTest, failAndFinishJSTest); |
+ |
+</script> |
+ |
+</body> |
+</html> |