| <!DOCTYPE html> |
| <html> |
| <head> |
| <script src="../../../resources/js-test.js"></script> |
| <script src="../resources/common.js"></script> |
| <script src="../resources/keys.js"></script> |
| </head> |
| <body> |
| <p id="description"></p> |
| <div id="console"></div> |
| |
| <script> |
| description("Decrypting truncated AES-CBC ciphertext should fail"); |
| |
| jsTestIsAsync = true; |
| |
| // 128-bit key with plaintext that is an exact multiple of block size. |
| // Derived from [1] F.2.1 (CBC-AES128.Encrypt), by adding padding block. |
| var iv = hexStringToUint8Array("000102030405060708090a0b0c0d0e0f"); |
| var keyData = hexStringToUint8Array("2b7e151628aed2a6abf7158809cf4f3c"); |
| var cipherText = hexStringToUint8Array("7649abac8119b246cee98e9b12e9197d5086cb9b507219ee95db113a917678b273bed6b8e3c1743b7116e69e222295163ff1caa1681fac09120eca307586e1a78cb82807230e1321d3fae00d18cc2012"); |
| |
| var key = null; |
| var usages = ['encrypt', 'decrypt']; |
| var extractable = false; |
| var algorithm = {name: 'aes-cbc', iv: iv}; |
| |
| function verifyDecryptionFails(newCipherTextLength) |
| { |
| var newCipherText = cipherText.subarray(0, newCipherTextLength); |
| |
| var description = "ciphertext length: " + newCipherText.byteLength; |
| return crypto.subtle.decrypt(algorithm, key, newCipherText).then(function(result) { |
| debug("FAIL: decrypting succeeded. " + description); |
| }, function(result) { |
| logError(result); |
| debug("PASS: decrypting failed. " + description); |
| }); |
| } |
| |
| crypto.subtle.importKey('raw', keyData, algorithm, extractable, usages).then(function(result) { |
| key = result; |
| |
| // Verify that decryption works with the original ciphertext. |
| return crypto.subtle.decrypt(algorithm, key, cipherText); |
| }).then(function(result) { |
| debug("PASS: Decryption succeeded"); |
| |
| // Try a number of bad ciphertexts. |
| var badLengths = [ |
| 0, |
| cipherText.byteLength - 1, |
| |
| // Stripped a whole block. This new final block will result in a |
| // padding error. |
| cipherText.byteLength - 16, |
| 1, |
| 15, |
| 16, |
| 17 |
| ]; |
| |
| var lastPromise = Promise.resolve(null); |
| badLengths.forEach(function(badLength) { |
| lastPromise = lastPromise.then(verifyDecryptionFails.bind(null, badLength)); |
| }); |
| return lastPromise; |
| }).then(finishJSTest, failAndFinishJSTest); |
| |
| </script> |
| |
| </body> |
| </html> |