chromium/third_party/blink/web_tests/crypto/subtle/aes-cbc/decrypt-failures.html

<!DOCTYPE html>
<html>
<head>
<script src="../../../resources/js-test.js"></script>
<script src="../resources/common.js"></script>
<script src="../resources/keys.js"></script>
</head>
<body>
<p id="description"></p>
<div id="console"></div>

<script>
description("Decrypting truncated AES-CBC ciphertext should fail");

jsTestIsAsync = true;

// 128-bit key with plaintext that is an exact multiple of block size.
// Derived from [1] F.2.1 (CBC-AES128.Encrypt), by adding padding block.
var iv = hexStringToUint8Array("000102030405060708090a0b0c0d0e0f");
var keyData = hexStringToUint8Array("2b7e151628aed2a6abf7158809cf4f3c");
var cipherText = hexStringToUint8Array("7649abac8119b246cee98e9b12e9197d5086cb9b507219ee95db113a917678b273bed6b8e3c1743b7116e69e222295163ff1caa1681fac09120eca307586e1a78cb82807230e1321d3fae00d18cc2012");

var key = null;
var usages = ['encrypt', 'decrypt'];
var extractable = false;
var algorithm = {name: 'aes-cbc', iv: iv};

function verifyDecryptionFails(newCipherTextLength)
{
    var newCipherText = cipherText.subarray(0, newCipherTextLength);

    var description = "ciphertext length: " + newCipherText.byteLength;
    return crypto.subtle.decrypt(algorithm, key, newCipherText).then(function(result) {
        debug("FAIL: decrypting succeeded. " + description);
    }, function(result) {
        logError(result);
        debug("PASS: decrypting failed. " + description);
    });
}

crypto.subtle.importKey('raw', keyData, algorithm, extractable, usages).then(function(result) {
    key = result;

    // Verify that decryption works with the original ciphertext.
    return crypto.subtle.decrypt(algorithm, key, cipherText);
}).then(function(result) {
    debug("PASS: Decryption succeeded");

    // Try a number of bad ciphertexts.
    var badLengths = [
        0,
        cipherText.byteLength - 1,

        // Stripped a whole block. This new final block will result in a
        // padding error.
        cipherText.byteLength - 16,
        1,
        15,
        16,
        17
    ];

    var lastPromise = Promise.resolve(null);
    badLengths.forEach(function(badLength) {
        lastPromise = lastPromise.then(verifyDecryptionFails.bind(null, badLength));
    });
    return lastPromise;
}).then(finishJSTest, failAndFinishJSTest);

</script>

</body>
</html>