crypto: Fix 192-bit checks for AES-GCM encrypt/decrypt (#34333)

* Fix 192-bit key length check for AES-GCM encrypt/decrypt Signed-off-by: Daniel Adams <msub2official@gmail.com> * Update expectations - Regenerated legacy ones as they had outdated expectations Signed-off-by: Daniel Adams <msub2official@gmail.com> * Add missed expectations Signed-off-by: Daniel Adams <msub2official@gmail.com> --------- Signed-off-by: Daniel Adams <msub2official@gmail.com>
2025-06-06 16:45:39 +00:00 · 2024-11-21 12:50:32 -10:00 · 2024-11-21 12:50:32 -10:00 · bd9843405a
commit bd9843405a
parent 108e316aa6
5 changed files with 294 additions and 3702 deletions
--- a/components/script/dom/subtlecrypto.rs
+++ b/components/script/dom/subtlecrypto.rs
@ -1873,7 +1873,7 @@ impl SubtleCrypto {
                    .expect("key length did not match")
                    .encrypt_in_place_detached(nonce, additional_data, &mut ciphertext)
            },
-            (20, 12) => {
+            (24, 12) => {
                let nonce = GenericArray::from_slice(&params.iv);
                <Aes192Gcm96Iv>::new_from_slice(key_bytes)
                    .expect("key length did not match")
@ -1891,7 +1891,7 @@ impl SubtleCrypto {
                    .expect("key length did not match")
                    .encrypt_in_place_detached(nonce, additional_data, &mut ciphertext)
            },
-            (20, 32) => {
+            (24, 32) => {
                let nonce = GenericArray::from_slice(&params.iv);
                <Aes192Gcm256Iv>::new_from_slice(key_bytes)
                    .expect("key length did not match")
@ -1992,7 +1992,7 @@ impl SubtleCrypto {
                    .expect("key length did not match")
                    .decrypt_in_place(nonce, additional_data, &mut plaintext)
            },
-            (20, 12) => {
+            (24, 12) => {
                let nonce = GenericArray::from_slice(&params.iv);
                <Aes192Gcm96Iv>::new_from_slice(key_bytes)
                    .expect("key length did not match")
@ -2010,7 +2010,7 @@ impl SubtleCrypto {
                    .expect("key length did not match")
                    .decrypt_in_place(nonce, additional_data, &mut plaintext)
            },
-            (20, 32) => {
+            (24, 32) => {
                let nonce = GenericArray::from_slice(&params.iv);
                <Aes192Gcm256Iv>::new_from_slice(key_bytes)
                    .expect("key length did not match")
--- a/tests/wpt/meta-legacy-layout/WebCryptoAPI/encrypt_decrypt/aes_gcm.https.any.js.ini
+++ b/tests/wpt/meta-legacy-layout/WebCryptoAPI/encrypt_decrypt/aes_gcm.https.any.js.ini
--- a/tests/wpt/meta-legacy-layout/WebCryptoAPI/encrypt_decrypt/aes_gcm_256_iv.https.any.js.ini
+++ b/tests/wpt/meta-legacy-layout/WebCryptoAPI/encrypt_decrypt/aes_gcm_256_iv.https.any.js.ini
--- a/tests/wpt/meta/WebCryptoAPI/encrypt_decrypt/aes_gcm.https.any.js.ini
+++ b/tests/wpt/meta/WebCryptoAPI/encrypt_decrypt/aes_gcm.https.any.js.ini
@ -1,88 +1,4 @@
 [aes_gcm.https.any.html]
-  [AES-GCM 192-bit key, 32-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 32-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 64-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 64-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 96-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 96-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 104-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 104-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 112-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 112-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 120-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 120-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 128-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 128-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 32-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 32-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 64-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 64-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 96-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 96-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 104-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 104-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 112-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 112-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 120-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 120-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 128-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 128-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
  [AES-GCM 128-bit key, 32-bit tag, 96-bit iv decryption]
    expected: FAIL

@ -155,12 +71,6 @@
  [AES-GCM 192-bit key, no additional data, 120-bit tag, 96-bit iv decryption]
    expected: FAIL

-  [AES-GCM 192-bit key, 128-bit tag, 96-bit iv decryption]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 128-bit tag, 96-bit iv decryption]
-    expected: FAIL
-
  [AES-GCM 256-bit key, 32-bit tag, 96-bit iv decryption]
    expected: FAIL

@ -269,12 +179,6 @@
  [AES-GCM 192-bit key, no additional data, 120-bit tag, 96-bit iv decryption with altered ciphertext]
    expected: FAIL

-  [AES-GCM 192-bit key, 128-bit tag, 96-bit iv decryption with altered ciphertext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 128-bit tag, 96-bit iv decryption with altered ciphertext]
-    expected: FAIL
-
  [AES-GCM 256-bit key, 32-bit tag, 96-bit iv decryption with altered ciphertext]
    expected: FAIL

@ -313,90 +217,6 @@


 [aes_gcm.https.any.worker.html]
-  [AES-GCM 192-bit key, 32-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 32-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 64-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 64-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 96-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 96-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 104-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 104-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 112-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 112-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 120-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 120-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 128-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 128-bit tag, 96-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 32-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 32-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 64-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 64-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 96-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 96-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 104-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 104-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 112-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 112-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 120-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 120-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 128-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 128-bit tag, 96-bit iv with altered plaintext]
-    expected: FAIL
-
  [AES-GCM 128-bit key, 32-bit tag, 96-bit iv decryption]
    expected: FAIL

@ -469,12 +289,6 @@
  [AES-GCM 192-bit key, no additional data, 120-bit tag, 96-bit iv decryption]
    expected: FAIL

-  [AES-GCM 192-bit key, 128-bit tag, 96-bit iv decryption]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 128-bit tag, 96-bit iv decryption]
-    expected: FAIL
-
  [AES-GCM 256-bit key, 32-bit tag, 96-bit iv decryption]
    expected: FAIL

@ -583,12 +397,6 @@
  [AES-GCM 192-bit key, no additional data, 120-bit tag, 96-bit iv decryption with altered ciphertext]
    expected: FAIL

-  [AES-GCM 192-bit key, 128-bit tag, 96-bit iv decryption with altered ciphertext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 128-bit tag, 96-bit iv decryption with altered ciphertext]
-    expected: FAIL
-
  [AES-GCM 256-bit key, 32-bit tag, 96-bit iv decryption with altered ciphertext]
    expected: FAIL

--- a/tests/wpt/meta/WebCryptoAPI/encrypt_decrypt/aes_gcm_256_iv.https.any.js.ini
+++ b/tests/wpt/meta/WebCryptoAPI/encrypt_decrypt/aes_gcm_256_iv.https.any.js.ini
@ -1,88 +1,4 @@
 [aes_gcm_256_iv.https.any.worker.html]
-  [AES-GCM 192-bit key, 32-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 32-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 64-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 64-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 96-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 96-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 104-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 104-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 112-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 112-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 120-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 120-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 128-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 128-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 32-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 32-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 64-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 64-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 96-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 96-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 104-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 104-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 112-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 112-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 120-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 120-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 128-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 128-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
  [AES-GCM 128-bit key, 32-bit tag, 256-bit iv decryption]
    expected: FAIL

@ -155,12 +71,6 @@
  [AES-GCM 192-bit key, no additional data, 120-bit tag, 256-bit iv decryption]
    expected: FAIL

-  [AES-GCM 192-bit key, 128-bit tag, 256-bit iv decryption]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 128-bit tag, 256-bit iv decryption]
-    expected: FAIL
-
  [AES-GCM 256-bit key, 32-bit tag, 256-bit iv decryption]
    expected: FAIL

@ -269,12 +179,6 @@
  [AES-GCM 192-bit key, no additional data, 120-bit tag, 256-bit iv decryption with altered ciphertext]
    expected: FAIL

-  [AES-GCM 192-bit key, 128-bit tag, 256-bit iv decryption with altered ciphertext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 128-bit tag, 256-bit iv decryption with altered ciphertext]
-    expected: FAIL
-
  [AES-GCM 256-bit key, 32-bit tag, 256-bit iv decryption with altered ciphertext]
    expected: FAIL

@ -313,90 +217,6 @@


 [aes_gcm_256_iv.https.any.html]
-  [AES-GCM 192-bit key, 32-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 32-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 64-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 64-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 96-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 96-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 104-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 104-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 112-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 112-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 120-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 120-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 128-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 128-bit tag, 256-bit iv]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 32-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 32-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 64-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 64-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 96-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 96-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 104-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 104-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 112-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 112-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 120-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 120-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, 128-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 128-bit tag, 256-bit iv with altered plaintext]
-    expected: FAIL
-
  [AES-GCM 128-bit key, 32-bit tag, 256-bit iv decryption]
    expected: FAIL

@ -469,12 +289,6 @@
  [AES-GCM 192-bit key, no additional data, 120-bit tag, 256-bit iv decryption]
    expected: FAIL

-  [AES-GCM 192-bit key, 128-bit tag, 256-bit iv decryption]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 128-bit tag, 256-bit iv decryption]
-    expected: FAIL
-
  [AES-GCM 256-bit key, 32-bit tag, 256-bit iv decryption]
    expected: FAIL

@ -583,12 +397,6 @@
  [AES-GCM 192-bit key, no additional data, 120-bit tag, 256-bit iv decryption with altered ciphertext]
    expected: FAIL

-  [AES-GCM 192-bit key, 128-bit tag, 256-bit iv decryption with altered ciphertext]
-    expected: FAIL
-
-  [AES-GCM 192-bit key, no additional data, 128-bit tag, 256-bit iv decryption with altered ciphertext]
-    expected: FAIL
-
  [AES-GCM 256-bit key, 32-bit tag, 256-bit iv decryption with altered ciphertext]
    expected: FAIL