aes_ocb_vectors.js (4233B)
1 // aes_ocb_vectors.js 2 3 // The following function returns an array of test vectors 4 // for the subtleCrypto encrypt method. 5 // 6 // Each test vector has the following fields: 7 // name - a unique name for this vector 8 // keyBuffer - an arrayBuffer with the key data in raw form 9 // key - a CryptoKey object for the keyBuffer. INITIALLY null! You must fill this in first to use it! 10 // algorithm - the value of the AlgorithmIdentifier parameter to provide to encrypt 11 // plaintext - the text to encrypt 12 // result - the expected result (usually just ciphertext, sometimes with added authentication) 13 function getTestVectors() { 14 const { 15 plaintext, 16 keyBytes, 17 iv, 18 additionalData, 19 tag, 20 tag_with_empty_ad, 21 ciphertext, 22 } = getFixtures(); 23 24 var keyLengths = [128, 192, 256]; 25 var tagLengths = [64, 96, 128]; 26 27 // All the scenarios that should succeed, if the key has "encrypt" usage 28 var passing = []; 29 keyLengths.forEach(function (keyLength) { 30 tagLengths.forEach(function (tagLength) { 31 var byteCount = tagLength / 8; 32 33 var result = new Uint8Array( 34 ciphertext[keyLength][tagLength].byteLength + byteCount 35 ); 36 result.set(ciphertext[keyLength][tagLength], 0); 37 result.set( 38 tag[keyLength][tagLength].slice(0, byteCount), 39 ciphertext[keyLength][tagLength].byteLength 40 ); 41 passing.push({ 42 name: 43 'AES-OCB ' + 44 keyLength.toString() + 45 '-bit key, ' + 46 tagLength.toString() + 47 '-bit tag, ' + 48 (iv.byteLength << 3).toString() + 49 '-bit iv', 50 keyBuffer: keyBytes[keyLength], 51 key: null, 52 algorithm: { 53 name: 'AES-OCB', 54 iv: iv, 55 additionalData: additionalData, 56 tagLength: tagLength, 57 }, 58 plaintext: plaintext, 59 result: result, 60 }); 61 62 var noadresult = new Uint8Array( 63 ciphertext[keyLength][tagLength].byteLength + byteCount 64 ); 65 noadresult.set(ciphertext[keyLength][tagLength], 0); 66 noadresult.set( 67 tag_with_empty_ad[keyLength][tagLength].slice(0, byteCount), 68 ciphertext[keyLength][tagLength].byteLength 69 ); 70 passing.push({ 71 name: 72 'AES-OCB ' + 73 keyLength.toString() + 74 '-bit key, no additional data, ' + 75 tagLength.toString() + 76 '-bit tag, ' + 77 (iv.byteLength << 3).toString() + 78 '-bit iv', 79 keyBuffer: keyBytes[keyLength], 80 key: null, 81 algorithm: { name: 'AES-OCB', iv: iv, tagLength: tagLength }, 82 plaintext: plaintext, 83 result: noadresult, 84 }); 85 }); 86 }); 87 88 // Scenarios that should fail because of a bad tag length, causing an OperationError 89 var failing = []; 90 keyLengths.forEach(function (keyLength) { 91 // First, make some tests for bad tag lengths 92 [24, 48, 72, 95, 129].forEach(function (badTagLength) { 93 failing.push({ 94 name: 95 'AES-OCB ' + 96 keyLength.toString() + 97 '-bit key, ' + 98 (iv.byteLength << 3).toString() + 99 '-bit iv, ' + 100 'illegal tag length ' + 101 badTagLength.toString() + 102 '-bits', 103 keyBuffer: keyBytes[keyLength], 104 key: null, 105 algorithm: { 106 name: 'AES-OCB', 107 iv: iv, 108 additionalData: additionalData, 109 tagLength: badTagLength, 110 }, 111 plaintext: plaintext, 112 result: ciphertext[keyLength][128], 113 }); 114 }); 115 116 // Add tests for bad IV lengths 117 [0, 16].forEach(function (badIvLength) { 118 var badIv = new Uint8Array(badIvLength); 119 failing.push({ 120 name: 121 'AES-OCB ' + 122 keyLength.toString() + 123 '-bit key, ' + 124 'illegal iv length ' + 125 (badIvLength << 3).toString() + 126 '-bits', 127 keyBuffer: keyBytes[keyLength], 128 key: null, 129 algorithm: { 130 name: 'AES-OCB', 131 iv: badIv, 132 additionalData: additionalData, 133 tagLength: 128, 134 }, 135 plaintext: plaintext, 136 result: ciphertext[keyLength][128], 137 }); 138 }); 139 }); 140 141 return { passing: passing, failing: failing, decryptionFailing: [] }; 142 }