blob: 89923ea1b7c3e2ac2b2c56c4234b71280c91287e [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<script src="../resources/js-test.js"></script>
<script src="resources/common.js"></script>
</head>
<body>
<p id="description"></p>
<div id="console"></div>
<script>
description("Tests cypto.subtle.encrypt and crypto.subtle.decrypt");
jsTestIsAsync = true;
// A list of Promises for every test to run.
var allTests = [];
// -------------------------------------------------
// Successful encryption/decryption
// -------------------------------------------------
// Test vectors marked with [1] were copied from:
// http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
//
// The NIST tests do not have a padding block. To match the WebCrypto
// expectations, a PKCS#5 padding block has been added.
var kSuccessTestVectors = [
// 128-bit key with plaintext that is an exact multiple of block size.
// Derived from [1] F.2.1 (CBC-AES128.Encrypt), by adding padding block.
{
key: "2b7e151628aed2a6abf7158809cf4f3c",
iv: "000102030405060708090a0b0c0d0e0f",
plainText: "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710",
cipherText: "7649abac8119b246cee98e9b12e9197d5086cb9b507219ee95db113a917678b273bed6b8e3c1743b7116e69e222295163ff1caa1681fac09120eca307586e1a7" +
// Padding block.
"8cb82807230e1321d3fae00d18cc2012"
},
// 192-bit key, where final block of plaintext has to pad by 15.
// Derived from [1] F.2.3 (CBC-AES192.Encrypt), by stripping 15 bytes off
// plaintext and adding padding block.
{
key: "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b",
iv: "000102030405060708090a0b0c0d0e0f",
plainText: "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff6",
cipherText: "4f021db243bc633d7178183a9fa071e8b4d9ada9ad7dedf4e5e738763f69145a571b242012fb7ae07fa9baac3df102e0" +
// Padding block.
"288c6f9ec554652e50ab55e121f099ae"
},
// 256-bit key, where final block of plaintext has to pad by 3.
// Derived from [1] F.2.6 CBC-AES256.Decrypt, by stripping 3 bytes off
// plaintext and adding padding block.
{
key: "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4",
iv: "000102030405060708090a0b0c0d0e0f",
plainText: "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be6",
cipherText: "f58c4c04d6e5f1ba779eabfb5f7bfbd69cfc4e967edb808d679f777bc6702c7d39f23369a9d9bacfa530e26304231461c9aaf02a6a54e9e242ccbf48c59daca6"
},
// 128-bit key, with empty plaintext.
// Derived from Chromium's EncryptorTest.EmptyEncrypt() (encryptor_unittest.cc)
{
key: "3132383d5369787465656e4279746573",
iv: "5377656574205369787465656e204956",
plainText: "",
cipherText: "8518b8878d34e7185e300d0fcc426396"
},
];
function runSuccessTestCase(testCase)
{
var algorithm = {name: 'aes-cbc', iv: hexStringToUint8Array(testCase.iv)};
var key = null;
var keyData = hexStringToUint8Array(testCase.key);
var usages = ['encrypt', 'decrypt'];
var extractable = false;
// (1) Import the key
return crypto.subtle.importKey('raw', keyData, algorithm, extractable, usages).then(function(result) {
key = result;
// shouldBe() can only resolve variables in global context.
tmpKey = key;
shouldBe("tmpKey.type", "'secret'");
shouldBe("tmpKey.extractable", "false");
shouldBe("tmpKey.algorithm.name", "'AES-CBC'");
shouldBe("tmpKey.usages.join(',')", "'decrypt,encrypt'");
// (2) Encrypt.
return crypto.subtle.encrypt(algorithm, key, hexStringToUint8Array(testCase.plainText));
}).then(function(result) {
bytesShouldMatchHexString("Encryption", testCase.cipherText, result);
// (3) Decrypt
return crypto.subtle.decrypt(algorithm, key, hexStringToUint8Array(testCase.cipherText));
}).then(function(result) {
bytesShouldMatchHexString("Decryption", testCase.plainText, result);
});
}
// Add all of the tests defined above.
for (var i = 0; i < kSuccessTestVectors.length; ++i) {
addTask(runSuccessTestCase(kSuccessTestVectors[i]));
}
// -------------------------------------------------
// Failed key import.
// -------------------------------------------------
// Supported key lengths are 16 (128-bit), 32 (256-bit), 24 (192-bit),
// Try key lengths that are off by 1 from the supported ones.
var kUnsupportedKeyLengths = [
0, 1, 15, 17, 31, 33, 23, 25, 64
];
function testInvalidKeyImport(keyLengthBytes)
{
var algorithm = {name: 'aes-cbc'};
var keyData = new Uint8Array(keyLengthBytes);
var usages = ['encrypt', 'decrypt'];
var extractable = false;
return crypto.subtle.importKey('raw', keyData, algorithm, extractable, usages).then(function(result) {
debug("FAIL: Successfully import key of length " + keyData.byteLength + " bytes");
}, function(result) {
debug("PASS: Failed to import key of length " + keyData.byteLength + " bytes");
});
}
for (var i = 0; i < kUnsupportedKeyLengths.length; ++i) {
addTask(testInvalidKeyImport(kUnsupportedKeyLengths[i]));
}
// -------------------------------------------------
// Invalid cipher texts
// -------------------------------------------------
function testInvalidDecryptions()
{
// 128-bit key with plaintext that is an exact multiple of block size.
// Derived from [1] F.2.1 (CBC-AES128.Encrypt), by adding padding block.
var iv = hexStringToUint8Array("000102030405060708090a0b0c0d0e0f");
var keyData = hexStringToUint8Array("2b7e151628aed2a6abf7158809cf4f3c");
var cipherText = hexStringToUint8Array("7649abac8119b246cee98e9b12e9197d5086cb9b507219ee95db113a917678b273bed6b8e3c1743b7116e69e222295163ff1caa1681fac09120eca307586e1a78cb82807230e1321d3fae00d18cc2012");
var key = null;
var usages = ['encrypt', 'decrypt'];
var extractable = false;
var algorithm = {name: 'aes-cbc', iv: iv};
function verifyDecryptionFails(newCipherTextLength)
{
var newCipherText = cipherText.subarray(0, newCipherTextLength);
var description = "ciphertext length: " + newCipherText.byteLength;
return crypto.subtle.decrypt(algorithm, key, newCipherText).then(function(result) {
debug("FAIL: decrypting succeeded. " + description);
}, function(result) {
debug("PASS: decrypting failed. " + description);
});
}
return crypto.subtle.importKey('raw', keyData, algorithm, extractable, usages).then(function(result) {
key = result;
// Verify that decryption works with the original ciphertext.
return crypto.subtle.decrypt(algorithm, key, cipherText);
}).then(function(result) {
debug("PASS: Decryption succeeded");
// Try a number of bad ciphertexts.
return Promise.all([
verifyDecryptionFails(0),
verifyDecryptionFails(cipherText.byteLength - 1),
// Stripped a whole block. This new final block will result in a
// padding error.
verifyDecryptionFails(cipherText.byteLength - 16),
verifyDecryptionFails(1),
verifyDecryptionFails(15),
verifyDecryptionFails(16),
verifyDecryptionFails(17),
]);
});
}
addTask(testInvalidDecryptions());
function testNormalizationFailures(importedKeys)
{
keys = importedKeys;
data = asciiToUint8Array("hello");
// ---------------------------------------------------
// AES-CBC normalization failures (AesCbcParams)
// ---------------------------------------------------
shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CBC', iv: null}, keys.aesCbc, data)");
shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CBC'}, keys.aesCbc, data)");
shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CBC', iv: 3}, keys.aesCbc, data)");
shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CBC', iv: new Uint8Array(0)}, keys.aesCbc, data)");
// ---------------------------------------------------
// AES-CTR normalization failures (AesCtrParams)
// ---------------------------------------------------
shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter: null}, keys.aesCtr, data)");
shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR'}, keys.aesCtr, data)");
shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter: new Uint8Array(0)}, keys.aesCtr, data)");
shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter: new Uint8Array(16), length: 0}, keys.aesCtr, data)");
shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter: new Uint8Array(16), length: 18}, keys.aesCtr, data)");
shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter: new Uint8Array(16), length: 256}, keys.aesCtr, data)");
shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter: new Uint8Array(16), length: -3}, keys.aesCtr, data)");
shouldRejectPromiseWithNull("crypto.subtle.encrypt({name: 'AES-CTR', counter: new Uint8Array(16), length: Infinity}, keys.aesCtr, data)");
// Try calling with the wrong key type.
aesCbc = {name: 'AES-CBC', iv: new Uint8Array([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])};
shouldRejectPromiseWithNull("crypto.subtle.encrypt(aesCbc, keys.hmacSha1, data)");
// Key doesn't support encrypt.
shouldRejectPromiseWithNull("crypto.subtle.encrypt(aesCbc, keys.aesCbcJustDecrypt, data)");
// If no key was specified AND the algorithm was bogus, should complain
// about the missing key first.
shouldThrow("crypto.subtle.encrypt({name: 'bogus'}, null, data)");
}
addTask(importTestKeys().then(testNormalizationFailures));
completeTestWhenAllTasksDone();
</script>
</body>