|
2 | 2 | Buffer, |
3 | 3 | getCiphers, |
4 | 4 | createCipheriv, |
| 5 | + createDecipheriv, |
5 | 6 | randomFillSync, |
6 | 7 | } from 'react-native-quick-crypto'; |
7 | 8 | import { expect } from 'chai'; |
@@ -133,3 +134,91 @@ test(SUITE, 'GCM getAuthTag', () => { |
133 | 134 | const tag = cipher.getAuthTag(); |
134 | 135 | expect(tag.length).to.equal(16); |
135 | 136 | }); |
| 137 | + |
| 138 | +// Issue #798: decipher.final() should throw on incorrect key for aes-256-gcm |
| 139 | +test(SUITE, 'GCM wrong key throws error (issue #798)', () => { |
| 140 | + const correctKey = Buffer.from('a'.repeat(64), 'hex'); // 32 bytes |
| 141 | + const wrongKey = Buffer.from('b'.repeat(64), 'hex'); // different 32 bytes |
| 142 | + const testIv = randomFillSync(new Uint8Array(12)); |
| 143 | + const testPlaintext = Buffer.from('test data for encryption'); |
| 144 | + const testAad = Buffer.from('additional data'); |
| 145 | + |
| 146 | + // Encrypt with correct key |
| 147 | + const cipher = createCipheriv('aes-256-gcm', correctKey, Buffer.from(testIv)); |
| 148 | + cipher.setAAD(testAad); |
| 149 | + const encrypted = Buffer.concat([ |
| 150 | + cipher.update(testPlaintext), |
| 151 | + cipher.final(), |
| 152 | + ]); |
| 153 | + const authTag = cipher.getAuthTag(); |
| 154 | + |
| 155 | + // Decrypt with wrong key - should throw on final() |
| 156 | + const decipher = createDecipheriv( |
| 157 | + 'aes-256-gcm', |
| 158 | + wrongKey, |
| 159 | + Buffer.from(testIv), |
| 160 | + ); |
| 161 | + decipher.setAAD(testAad); |
| 162 | + decipher.setAuthTag(authTag); |
| 163 | + decipher.update(encrypted); |
| 164 | + |
| 165 | + expect(() => decipher.final()).to.throw(); |
| 166 | +}); |
| 167 | + |
| 168 | +test(SUITE, 'GCM tampered ciphertext throws error', () => { |
| 169 | + const testKey = Buffer.from(randomFillSync(new Uint8Array(32))); |
| 170 | + const testIv = randomFillSync(new Uint8Array(12)); |
| 171 | + const testPlaintext = Buffer.from('test data'); |
| 172 | + const testAad = Buffer.from('additional data'); |
| 173 | + |
| 174 | + const cipher = createCipheriv('aes-256-gcm', testKey, Buffer.from(testIv)); |
| 175 | + cipher.setAAD(testAad); |
| 176 | + const encrypted = Buffer.concat([ |
| 177 | + cipher.update(testPlaintext), |
| 178 | + cipher.final(), |
| 179 | + ]); |
| 180 | + const authTag = cipher.getAuthTag(); |
| 181 | + |
| 182 | + // Tamper with ciphertext |
| 183 | + encrypted[0] = encrypted[0]! ^ 1; |
| 184 | + |
| 185 | + const decipher = createDecipheriv( |
| 186 | + 'aes-256-gcm', |
| 187 | + testKey, |
| 188 | + Buffer.from(testIv), |
| 189 | + ); |
| 190 | + decipher.setAAD(testAad); |
| 191 | + decipher.setAuthTag(authTag); |
| 192 | + decipher.update(encrypted); |
| 193 | + |
| 194 | + expect(() => decipher.final()).to.throw(); |
| 195 | +}); |
| 196 | + |
| 197 | +test(SUITE, 'GCM tampered auth tag throws error', () => { |
| 198 | + const testKey = Buffer.from(randomFillSync(new Uint8Array(32))); |
| 199 | + const testIv = randomFillSync(new Uint8Array(12)); |
| 200 | + const testPlaintext = Buffer.from('test data'); |
| 201 | + const testAad = Buffer.from('additional data'); |
| 202 | + |
| 203 | + const cipher = createCipheriv('aes-256-gcm', testKey, Buffer.from(testIv)); |
| 204 | + cipher.setAAD(testAad); |
| 205 | + const encrypted = Buffer.concat([ |
| 206 | + cipher.update(testPlaintext), |
| 207 | + cipher.final(), |
| 208 | + ]); |
| 209 | + const authTag = cipher.getAuthTag(); |
| 210 | + |
| 211 | + // Tamper with auth tag |
| 212 | + authTag[0] = authTag[0]! ^ 1; |
| 213 | + |
| 214 | + const decipher = createDecipheriv( |
| 215 | + 'aes-256-gcm', |
| 216 | + testKey, |
| 217 | + Buffer.from(testIv), |
| 218 | + ); |
| 219 | + decipher.setAAD(testAad); |
| 220 | + decipher.setAuthTag(authTag); |
| 221 | + decipher.update(encrypted); |
| 222 | + |
| 223 | + expect(() => decipher.final()).to.throw(); |
| 224 | +}); |
0 commit comments