aes_gcm_vectors.js (3438B)
1 // aes_gcm_vectors.js 2 3 // The following function returns an array of test vectors 4 // for the subtleCrypto encrypt method. 5 // 6 // Each test vector has the following fields: 7 // name - a unique name for this vector 8 // keyBuffer - an arrayBuffer with the key data in raw form 9 // key - a CryptoKey object for the keyBuffer. INITIALLY null! You must fill this in first to use it! 10 // algorithm - the value of the AlgorithmIdentifier parameter to provide to encrypt 11 // plaintext - the text to encrypt 12 // result - the expected result (usually just ciphertext, sometimes with added authentication) 13 function getTestVectors() { 14 const { 15 plaintext, 16 keyBytes, 17 iv, 18 additionalData, 19 tag, 20 tag_with_empty_ad, 21 ciphertext, 22 } = getFixtures(); 23 24 var keyLengths = [128, 192, 256]; 25 var tagLengths = [32, 64, 96, 104, 112, 120, 128]; 26 27 // All the scenarios that should succeed, if the key has "encrypt" usage 28 var passing = []; 29 keyLengths.forEach(function(keyLength) { 30 tagLengths.forEach(function(tagLength) { 31 var byteCount = tagLength / 8; 32 33 var result = new Uint8Array(ciphertext[keyLength].byteLength + byteCount); 34 result.set(ciphertext[keyLength], 0); 35 result.set(tag[keyLength].slice(0, byteCount), ciphertext[keyLength].byteLength); 36 passing.push({ 37 name: "AES-GCM " + keyLength.toString() + "-bit key, " + tagLength.toString() + "-bit tag, " + (iv.byteLength << 3).toString() + "-bit iv", 38 keyBuffer: keyBytes[keyLength], 39 key: null, 40 algorithm: {name: "AES-GCM", iv: iv, additionalData: additionalData, tagLength: tagLength}, 41 plaintext: plaintext, 42 result: result 43 }); 44 45 var noadresult = new Uint8Array(ciphertext[keyLength].byteLength + byteCount); 46 noadresult.set(ciphertext[keyLength], 0); 47 noadresult.set(tag_with_empty_ad[keyLength].slice(0, byteCount), ciphertext[keyLength].byteLength); 48 passing.push({ 49 name: "AES-GCM " + keyLength.toString() + "-bit key, no additional data, " + tagLength.toString() + "-bit tag, " + (iv.byteLength << 3).toString() + "-bit iv", 50 keyBuffer: keyBytes[keyLength], 51 key: null, 52 algorithm: {name: "AES-GCM", iv: iv, tagLength: tagLength}, 53 plaintext: plaintext, 54 result: noadresult 55 }); 56 }); 57 }); 58 59 // Scenarios that should fail because of a bad tag length, causing an OperationError 60 var failing = []; 61 keyLengths.forEach(function(keyLength) { 62 // First, make some tests for bad tag lengths 63 [24, 48, 72, 95, 129].forEach(function(badTagLength) { 64 failing.push({ 65 name: "AES-GCM " + keyLength.toString() + "-bit key, " + (iv.byteLength << 3).toString() + "-bit iv, " + "illegal tag length " + badTagLength.toString() + "-bits", 66 keyBuffer: keyBytes[keyLength], 67 key: null, 68 algorithm: {name: "AES-GCM", iv: iv, additionalData: additionalData, tagLength: badTagLength}, 69 plaintext: plaintext, 70 result: ciphertext[keyLength] 71 }); 72 }); 73 }); 74 75 return {passing: passing, failing: failing, decryptionFailing: []}; 76 }