QuickJS: added WebCrypto import tests forgotten in 75ca26f.

xeioex · xeioex · commit ea5e7f9e211b · 2025-02-12T19:50:54.000-08:00
diff --git a/external/qjs_webcrypto_module.c b/external/qjs_webcrypto_module.c
@@ -4167,20 +4167,7 @@ qjs_webcrypto_key_algorithm(JSContext *cx, JSValueConst this_val)
             return JS_EXCEPTION;
         }
 
-        ret = JS_NewObject(cx);
-        if (JS_IsException(ret)) {
-            JS_FreeValue(cx, obj);
-            return JS_EXCEPTION;
-        }
-
-        if (JS_DefinePropertyValueStr(cx, ret, "name", hash, JS_PROP_C_W_E)
-            < 0)
-        {
-            JS_FreeValue(cx, obj);
-            return JS_EXCEPTION;
-        }
-
-        if (JS_DefinePropertyValueStr(cx, obj, "hash", ret, JS_PROP_C_W_E)
+        if (JS_DefinePropertyValueStr(cx, obj, "hash", hash, JS_PROP_C_W_E)
             < 0)
         {
             JS_FreeValue(cx, obj);
@@ -4377,7 +4364,7 @@ qjs_jwk_kty(JSContext *cx, JSValueConst value)
         }
     }
 
-    JS_ThrowTypeError(cx, "invalid JWK key type: %s", kty.start);
+    JS_ThrowTypeError(cx, "invalid JWK key type: \"%s\"", kty.start);
     JS_FreeCString(cx, (char *) kty.start);
 
     return QJS_KEY_JWK_KTY_UNKNOWN;
diff --git a/test/webcrypto/import.t.mjs b/test/webcrypto/import.t.mjs
@@ -0,0 +1,334 @@
+/*---
+includes: [compatNjs.js, compatFs.js, compatWebcrypto.js, runTsuite.js, webCryptoUtils.js, compareArray.js]
+flags: [async]
+---*/
+
+async function test(params) {
+    let key = await crypto.subtle.importKey(params.key.fmt,
+                                            params.key.key,
+                                            params.key.alg,
+                                            params.key.extractable,
+                                            params.key.usage);
+
+    if (params.expected && !validate_key(key, params)) {
+        throw Error(`failed validate`);
+    }
+
+    return 'SUCCESS';
+}
+
+function p(args, default_opts) {
+    let key, pem;
+    let params = merge({}, default_opts);
+    params = merge(params, args);
+
+    switch (params.key.fmt) {
+    case "spki":
+        pem = fs.readFileSync(`test/webcrypto/${params.key.key}`);
+        key = pem_to_der(pem, "PUBLIC");
+        break;
+    case "pkcs8":
+        pem = fs.readFileSync(`test/webcrypto/${params.key.key}`);
+        key = pem_to_der(pem, "PRIVATE");
+        break;
+    case "jwk":
+        key = load_jwk(params.key.key);
+        break;
+    case "raw":
+        key = Buffer.from(params.key.key, "base64url");
+        break;
+    default:
+        throw Error("Unknown encoding key format");
+    }
+
+    params.key.key = key;
+
+    return params;
+}
+
+function validate_key(key, params) {
+    let expected = params.expected;
+    if (expected.algorithm) {
+        if (!key.algorithm) {
+            throw Error(`missing import key algorithm`);
+        }
+
+        if (expected.algorithm.name !== key.algorithm.name) {
+            throw Error(`unexpected import key algorithm name: ${key.algorithm.name} != ${expected.algorithm.name}`);
+        }
+
+        if (has_njs()
+            && expected.algorithm.name == "HMAC"
+            && (expected.algorithm.hash !== key.algorithm.hash))
+        {
+            throw Error(`unexpected import key algorithm hash: ${JSON.stringify(key.algorithm.hash)} != ${expected.algorithm.hash}`);
+        }
+    }
+
+    if (expected.type !== key.type) {
+        throw Error(`unexpected import key type: ${key.type} != ${expected.type}`);
+    }
+
+    if (expected.extractable !== key.extractable) {
+        throw Error(`unexpected import key extractable: ${key.extractable} != ${expected.extractable}`);
+    }
+
+    if (expected.usages && !compareArray(expected.usages, key.usages)) {
+        throw Error(`unexpected import key usages: ${key.usages} != ${expected.usages}`);
+    }
+
+    return true;
+}
+
+let aes_tsuite = {
+    name: "AES importing",
+    skip: () => (!has_webcrypto()),
+    T: test,
+    prepare_args: p,
+    opts: {},
+
+    tests: [
+      { key: { fmt: "jwk",
+               key: { alg: 'A128CBC', ext: true, k: 'AAAAAAAAAAAAAAAAAAAAAA', key_ops: [ 'decrypt', 'encrypt' ], kty: 'oct'},
+               alg: { name: "AES-CBC" },
+               extractable: true,
+               usage: [ "decrypt", "encrypt" ] },
+        expected: { algorithm: { name: "AES-CBC" },
+                    extractable: true,
+                    type: "secret",
+                    usages: [ "decrypt", "encrypt" ] } },
+      { key: { fmt: "jwk",
+               key: { alg: 'A128CBC', ext: true, k: 'AAAAAAAAAAAAAAAAAAAAAA', key_ops: [ 'encrypt' ], kty: 'oct' },
+               alg: { name: "AES-CBC" },
+               extractable: true,
+               usage: [ "encrypt" ] },
+        expected: { algorithm: { name: "AES-CBC" },
+                    extractable: true,
+                    type: "secret",
+                    usages: [ "encrypt" ] } },
+      { key: { fmt: "jwk",
+               key: { alg: 'A128CBC', ext: true, k: 'AAAAAAAAAAAAAAAAAAAAAA', kty: 'oct' },
+               alg: { name: "AES-CBC" },
+               extractable: true,
+               usage: [ "encrypt" ] },
+        expected: { algorithm: { name: "AES-CBC" },
+                    extractable: true,
+                    type: "secret",
+                    usages: [ "encrypt" ] } },
+      { key: { fmt: "jwk",
+               key: { alg: 'A128CBC', k: 'AAAAAAAAAAAAAAAAAAAAAA', kty: 'oct' },
+               alg: { name: "AES-CBC" },
+               extractable: true,
+               usage: [ "encrypt" ] },
+        expected: { algorithm: { name: "AES-CBC" },
+                    extractable: true,
+                    type: "secret",
+                    usages: [ "encrypt" ] } },
+      { key: { fmt: "jwk",
+               key: { alg: 'A128CBC', ext: true, k: 'AA', key_ops: [ 'encrypt', 'decrypt' ], kty: 'oct' },
+               alg: { name: "AES-CBC" },
+               usage: [ "encrypt", "decrypt" ] },
+        exception: "TypeError: key size and \"alg\" value \"A128CBC\" mismatch" },
+      { key: { fmt: "jwk",
+               key: { alg: 'A129CBC', ext: true, k: 'AA', key_ops: [ 'encrypt', 'decrypt' ], kty: 'oct' },
+               alg: { name: "AES-CBC" },
+               usage: [ "encrypt", "decrypt" ] },
+        exception: "TypeError: unexpected \"alg\" value \"A129CBC\" for JWK key" },
+      { key: { fmt: "jwk",
+               key: { alg: 'A128CBC', ext: false, k: 'AAAAAAAAAAAAAAAAAAAAAA', kty: 'oct' },
+               alg: { name: "AES-CBC" },
+               extractable: true,
+               usage: [ "encrypt" ] },
+        exception: "TypeError: JWK oct is not extractable" },
+      { key: { fmt: "jwk",
+               key: { alg: 1, ext: true, k: 'AA', key_ops: ['encrypt', 'decrypt'], kty: 'oct' },
+               alg: { name: "AES-CBC" },
+               usage: [ "encrypt", "decrypt" ] },
+        exception: "TypeError: Invalid JWK oct alg" },
+]};
+
+let ec_tsuite = {
+    name: "EC importing",
+    skip: () => (!has_webcrypto()),
+    T: test,
+    prepare_args: p,
+    opts: {},
+
+    tests: [
+      { key: { fmt: "jwk",
+               key: "ec.jwk",
+               alg: { name: "ECDSA", namedCurve: "P-256" },
+               extractable: true,
+               usage: [ "sign" ] },
+        expected: { algorithm: { name: "ECDSA", namedCurve: "SHA-256" },
+                    extractable: true,
+                    type: "private",
+                    usages: [ "sign" ] } },
+      { key: { fmt: "spki",
+               key: "ec.spki",
+               alg: { name: "ECDSA", namedCurve: "P-256" },
+               extractable: true,
+               usage: [ "verify" ] },
+        expected: { algorithm: { name: "ECDSA", namedCurve: "SHA-256" },
+                    extractable: true,
+                    type: "public",
+                    usages: [ "verify" ] } },
+      { key: { fmt: "pkcs8",
+               key: "ec.pkcs8",
+               alg: { name: "ECDSA", namedCurve: "P-256" },
+               extractable: true,
+               usage: [ "sign" ] },
+        expected: { algorithm: { name: "ECDSA", namedCurve: "SHA-256" },
+                    extractable: true,
+                    type: "private",
+                    usages: [ "sign" ] } },
+      { key: { fmt: "raw",
+               key: "BHFFLGURrlWEXhok0JfTKke4q-nWSIMPvKTPhdKYSVnc4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI",
+               alg: { name: "ECDSA", namedCurve: "P-256" },
+               extractable: true,
+               usage: [ "verify" ] },
+        expected: { algorithm: { name: "ECDSA", namedCurve: "SHA-256" },
+                    extractable: true,
+                    type: "public",
+                    usages: [ "verify" ] } },
+
+      { key: { fmt: "pkcs8",
+               key: "ec.pkcs8",
+               alg: { name: "ECDSA", namedCurve: "unknown_named_curve" },
+               extractable: true,
+               usage: [ "sign" ] },
+        exception: "TypeError: unknown namedCurve: \"unknown_named_curve\"" },
+      { key: { fmt: "spki",
+               key: "rsa.spki",
+               alg: { name: "ECDSA", namedCurve: "P-256" },
+               extractable: true,
+               usage: [ "verify" ] },
+        exception: "TypeError: EC key is not found" },
+      { key: { fmt: "spki",
+               key: "ec.spki",
+               alg: { name: "ECDSA", namedCurve: "P-384" },
+               extractable: true,
+               usage: [ "verify" ] },
+        exception: "TypeError: name curve mismatch" },
+      { key: { fmt: "raw",
+               key: "CHFFLGURrlWEXhok0JfTKke4q-nWSIMPvKTPhdKYSVnc4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI",
+               alg: { name: "ECDSA", namedCurve: "P-256" },
+               extractable: true,
+               usage: [ "verify" ] },
+        exception: "TypeError: EC_POINT_oct2point()" },
+]};
+
+let hmac_tsuite = {
+    name: "HMAC importing",
+    skip: () => (!has_webcrypto()),
+    T: test,
+    prepare_args: p,
+    opts: {},
+
+    tests: [
+      { key: { fmt: "raw",
+               key: "AA",
+               alg: { name: "HMAC", hash: "SHA-256" },
+               extractable: true,
+               usage: [ "sign", "verify" ] },
+        expected: { algorithm: { name: "HMAC", hash: "SHA-256" },
+                    extractable: true,
+                    type: "secret",
+                    usages: [ "sign", "verify" ] } },
+      { key: { fmt: "raw",
+               key: "AA",
+               alg: { name: "HMAC", hash: "SHA-384" },
+               extractable: true,
+               usage: [ "sign", "verify" ] },
+        expected: { algorithm: { name: "HMAC", hash: "SHA-384" },
+                    extractable: true,
+                    type: "secret",
+                    usages: [ "sign", "verify" ] } },
+      { key: { fmt: "raw",
+               key: "AA",
+               alg: { name: "HMAC", hash: "SHA-384" },
+               extractable: false,
+               usage: [ "sign", "verify" ] },
+        expected: { algorithm: { name: "HMAC", hash: "SHA-384" },
+                    extractable: false,
+                    type: "secret",
+                    usages: [ "sign", "verify" ] } },
+
+      { key: { fmt: "raw",
+               key: "AA",
+               alg: { name: "HMAC", hash: "SHA-385" },
+               extractable: true,
+               usage: [ "sign", "verify" ] },
+        exception: "TypeError: unknown hash name: \"SHA-385\"" },
+      { key: { fmt: "spki",
+               key: "ec.spki",
+               alg: { name: "HMAC" },
+               extractable: true,
+               usage: [ "sign" ] },
+        exception: "TypeError: unsupported key fmt \"spki\" for \"HMAC\" key" },
+      { key: { fmt: "raw",
+               key: "AA",
+               alg: { name: "HMAC", hash: "SHA-384" },
+               extractable: true,
+               usage: [ "encrypt" ] },
+        exception: "TypeError: unsupported key usage for \"HMAC\" key" },
+      { key: { fmt: "raw",
+               key: "AA",
+               alg: { name: "HMAC", hash: "SHA-384" },
+               extractable: true,
+               usage: [ "invalid_usage" ] },
+        exception: "TypeError: unknown key usage: \"invalid_usage\"" },
+
+      { key: { fmt: "jwk",
+               key: { alg: 'HS384', ext: true, k: 'AA', key_ops: [ 'sign', 'verify' ], kty: 'oct' },
+               alg: { name: "HMAC", hash: "SHA-384" },
+               extractable: true,
+               usage: [ "sign", "verify" ] },
+        expected: { algorithm: { name: "HMAC", hash: "SHA-384" },
+                    extractable: true,
+                    type: "secret",
+                    usages: [ "sign", "verify" ] } },
+      { key: { fmt: "jwk",
+               key: { alg: 'HS256', ext: true, k: 'AA', key_ops: [ 'sign' ], kty: 'oct' },
+               alg: { name: "HMAC", hash: "SHA-256" },
+               extractable: true,
+               usage: [ "sign" ]},
+        expected: { algorithm: { name: "HMAC", hash: "SHA-256" },
+                    extractable: true,
+                    type: "secret",
+                    usages: [ "sign" ] } },
+      { key: { fmt: "jwk",
+               key: { alg: 'HS256', k: 'AA', kty: 'oct' },
+               alg: { name: "HMAC", hash: "SHA-256" },
+               extractable: true,
+               usage: [ "sign" ]},
+        expected: { algorithm: { name: "HMAC", hash: "SHA-256" },
+                    extractable: true,
+                    type: "secret",
+                    usages: [ "sign" ] } },
+      { key: { fmt: "jwk",
+               key: { alg: 'HS385', ext: true, k: 'AA', key_ops: [ 'sign', 'verify' ], kty: 'oct' },
+               alg: { name: "HMAC", hash: "SHA-385" },
+               extractable: true,
+               usage: [ "sign", "verify" ] },
+        exception: "TypeError: unexpected \"alg\" value \"HS385\" for JWK key" },
+      { key: { fmt: "jwk",
+               key: { alg: 'HS384', ext: true, k: 'AA', key_ops: [ 'sign', 'verify' ], kty: 'invalid_kty' },
+               alg: { name: "HMAC", hash: "SHA-384" },
+               extractable: true,
+               usage: [ "sign", "verify" ] },
+        exception: "TypeError: invalid JWK key type: \"invalid_kty\"" },
+      { key: { fmt: "jwk",
+               key: { alg: 'HS256', ext: true, key_ops: [ 'sign' ], kty: 'oct' },
+               alg: { name: "HMAC", hash: "SHA-256" },
+               extractable: true,
+               usage: [ "sign" ]},
+        exception: "TypeError: Invalid JWK oct key" },
+]};
+
+run([
+    aes_tsuite,
+    ec_tsuite,
+    hmac_tsuite,
+])
+.then($DONE, $DONE);
diff --git a/test/webcrypto/rsa.pkcs8.broken2 b/test/webcrypto/rsa.pkcs8.broken2
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGAAMlJsaCQvFQDOYcm
+GWvl1AWYNTdcsBTD1KVrBdZGkhnnffD911ID84F/NMKcs3eanRrgC6p39pTHOzvD
+6xgbTuWK70JSPejV9I1KOW3OcM9ttKG9wFAnkJ038flBajOKQsI6A0qNj5aYSXVo
+BWMphgWgQiYJxDUC/R9Tf/P8jYjfAgMBAAECgYEAj06DQyCopFujYoASi0oWmGEU
+SjUYO8BsrdSzVCnsLLsuZBwlZ4Peouyw4Hl2IIoYniCyzYwZJzVtC5Dh2MjgcrJT
+G5nX3FfheuabGl4in0583C51ZYWlVpDvBWw8kJTfXjiKH4z6ZA9dWdT5Y3aH/kOf
++znUc7eTvuzISs61x/kCQQD0BJvbLDlvx3u6esW47LLgQNw9ufMSlu5UYBJ4c+qQ
+5HAeyp4Zt/AaWENhJitjQcLBSxIFIVw7dIN67RnTNK8VAkEA0yvzzgHo/PGYSlVj
++M3965AwQF2wTXz82MZHv6EfcCHKuBfCSecr+igqLHhzfynAQjjf39VrXuPuRL23
+REF1IwJBAKVFydo0peJTljXDmc+aYb0JsSINo9jfaSS0vU3gFOt2DYqNaW+56WGu
+jlRqadCcZbBNjDL1WWbbj4HevTMT59ECQEWaKgzPolykwN5XUNE0DCp1ZwIAH1kb
+Bjfo+sMVt0f9S1TsN9SmBl+4l1X7CY5zU3RATMH5FR+8ns83fM1ZieMCQQDZEQ+d
+FAhouzJrnCXAXDTCHA9oBtNmnaN+C6G2DmCi79iu7sLHP9vzdgU+CgjrG4YTU5ex
+aRFNOhLwW4hYKs0F
+-----END PRIVATE KEY-----
diff --git a/test/webcrypto/rsa_decoding.t.mjs b/test/webcrypto/rsa_decoding.t.mjs
@@ -35,6 +35,7 @@ let rsa_tsuite = {
         { pem: "rsa.pkcs8", src: "text.base64.rsa-oaep.enc", expected: "WAKAWAKA" },
         { pem: "ec.pkcs8", src: "text.base64.rsa-oaep.enc", exception: "Error: RSA key is not found" },
         { pem: "rsa.pkcs8.broken", src: "text.base64.rsa-oaep.enc", exception: "Error: d2i_PKCS8_PRIV_KEY_INFO_bio() failed" },
+        { pem: "rsa.pkcs8.broken2", src: "text.base64.rsa-oaep.enc", exception: "TypeError: EVP_PKCS82PKEY() failed" },
 ]};
 
 run([rsa_tsuite])
diff --git a/test/webcrypto/sign.t.mjs b/test/webcrypto/sign.t.mjs
@@ -422,8 +422,6 @@ let ecdsa_tsuite = {
         { verify: true, import_alg: { hash: "SHA-512" }, expected: true },
         { verify: true, import_alg: { hash: "SHA-1" }, expected: true },
         { verify: true, verify_key: { key: "ec2.spki" }, expected: false },
-        { verify: true, verify_key: { key: "rsa.spki" }, exception: "Error: EC key is not found" },
-        { verify: true, import_alg: { namedCurve: "P-384" }, exception: "Error: name curve mismatch" },
 
         { verify: true,
           verify_key: { key: "BHFFLGURrlWEXhok0JfTKke4q-nWSIMPvKTPhdKYSVnc4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI",
