From 31eba8f383f862813e1a10cfe202335850d10300 Mon Sep 17 00:00:00 2001 From: Dmitry Volyntsev Date: Tue, 11 Feb 2025 16:41:56 -0800 Subject: [PATCH 1/5] Fixed access to uninitialized alg in SubtleCrypto.import(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Found by GCC: In function ‘qjs_import_jwk_oct’, external/qjs_webcrypto_module.c:3116:13: error: ‘alg.start’ may be used uninitialized [-Werror=maybe-uninitialized] 3116 | JS_ThrowTypeError(cx, "key size and \"alg\" value \"%s\" mismatch", The similar place in the NJS module was also fixed. --- external/njs_webcrypto_module.c | 47 ++++++++++++++------------ external/qjs_webcrypto_module.c | 59 ++++++++++++++++----------------- 2 files changed, 54 insertions(+), 52 deletions(-) diff --git a/external/njs_webcrypto_module.c b/external/njs_webcrypto_module.c index d4725d89e..59d02c1dd 100644 --- a/external/njs_webcrypto_module.c +++ b/external/njs_webcrypto_module.c @@ -3207,37 +3207,40 @@ njs_import_jwk_oct(njs_vm_t *vm, njs_value_t *jwk, njs_webcrypto_key_t *key) njs_decode_base64url(&key->u.s.raw, &b64); - size = 16; - val = njs_vm_object_prop(vm, jwk, &string_alg, &value); - if (val != NULL && njs_value_is_string(val)) { - njs_value_string_get(val, &alg); + if (njs_slow_path(val == NULL || !njs_value_is_string(val))) { + njs_vm_type_error(vm, "Invalid JWK oct alg"); + return NJS_ERROR; + } - if (key->alg->type == NJS_ALGORITHM_HMAC) { - for (w = &hashes[0]; w->name.length != 0; w++) { - if (njs_strstr_eq(&alg, &w->name)) { - key->hash = w->value; - goto done; - } - } + njs_value_string_get(val, &alg); - } else { - type = key->alg->type; - a = &njs_webcrypto_alg_aes_name[type - NJS_ALGORITHM_AES_GCM][0]; - for (; a->length != 0; a++) { - if (njs_strstr_eq(&alg, a)) { - goto done; - } + size = 16; - size += 8; + if (key->alg->type == NJS_ALGORITHM_HMAC) { + for (w = &hashes[0]; w->name.length != 0; w++) { + if (njs_strstr_eq(&alg, &w->name)) { + key->hash = w->value; + goto done; } } - njs_vm_type_error(vm, "unexpected \"alg\" value \"%V\" for JWK key", - &alg); - return NJS_ERROR; + } else { + type = key->alg->type; + a = &njs_webcrypto_alg_aes_name[type - NJS_ALGORITHM_AES_GCM][0]; + for (; a->length != 0; a++) { + if (njs_strstr_eq(&alg, a)) { + goto done; + } + + size += 8; + } } + njs_vm_type_error(vm, "unexpected \"alg\" value \"%V\" for JWK key", + &alg); + return NJS_ERROR; + done: if (key->alg->type != NJS_ALGORITHM_HMAC) { diff --git a/external/qjs_webcrypto_module.c b/external/qjs_webcrypto_module.c index 22f5d1082..64098f4e1 100644 --- a/external/qjs_webcrypto_module.c +++ b/external/qjs_webcrypto_module.c @@ -3064,50 +3064,49 @@ qjs_import_jwk_oct(JSContext *cx, JSValue jwk, qjs_webcrypto_key_t *key) qjs_base64url_decode(cx, &b64, &key->u.s.raw); JS_FreeCString(cx, (char *) b64.start); - size = 16; - val = JS_GetPropertyStr(cx, jwk, "alg"); if (JS_IsException(val)) { return JS_EXCEPTION; } - if (JS_IsString(val)) { - alg.start = (u_char *) JS_ToCStringLen(cx, &alg.length, val); + if (!JS_IsString(val)) { JS_FreeValue(cx, val); - val = JS_UNDEFINED; - - if (alg.start == NULL) { - JS_ThrowOutOfMemory(cx); - return JS_EXCEPTION; - } + return JS_ThrowTypeError(cx, "Invalid JWK oct alg"); + } - if (key->alg->type == QJS_ALGORITHM_HMAC) { - for (w = &hashes[0]; w->name.length != 0; w++) { - if (njs_strstr_eq(&alg, &w->name)) { - key->hash = w->value; - goto done; - } - } + alg.start = (u_char *) JS_ToCStringLen(cx, &alg.length, val); + JS_FreeValue(cx, val); + if (alg.start == NULL) { + JS_ThrowOutOfMemory(cx); + return JS_EXCEPTION; + } - } else { - type = key->alg->type; - a = &qjs_webcrypto_alg_aes_name[type - QJS_ALGORITHM_AES_GCM][0]; - for (; a->length != 0; a++) { - if (njs_strstr_eq(&alg, a)) { - goto done; - } + size = 16; - size += 8; + if (key->alg->type == QJS_ALGORITHM_HMAC) { + for (w = &hashes[0]; w->name.length != 0; w++) { + if (njs_strstr_eq(&alg, &w->name)) { + key->hash = w->value; + goto done; } } - JS_ThrowTypeError(cx, "unexpected \"alg\" value \"%s\" for JWK key", - alg.start); - JS_FreeCString(cx, (char *) alg.start); - return JS_EXCEPTION; + } else { + type = key->alg->type; + a = &qjs_webcrypto_alg_aes_name[type - QJS_ALGORITHM_AES_GCM][0]; + for (; a->length != 0; a++) { + if (njs_strstr_eq(&alg, a)) { + goto done; + } + + size += 8; + } } - JS_FreeValue(cx, val); + JS_ThrowTypeError(cx, "unexpected \"alg\" value \"%s\" for JWK key", + alg.start); + JS_FreeCString(cx, (char *) alg.start); + return JS_EXCEPTION; done: From b596ceb406c3aef82e372e6f7c55ed8ffd574076 Mon Sep 17 00:00:00 2001 From: Dmitry Volyntsev Date: Wed, 12 Feb 2025 19:11:08 -0800 Subject: [PATCH 2/5] QuickJS: fixed non-NULL terminated strings formatting in exceptions. When "%*s" is specified, the first integer is interpreted as width. Width specifies *minimum* number of characters to output. The next string is expected to be NULL-terminated. When "%.*s" is specified, the first integer is interpreted as precision. Precision specifies *maximum* number of characters to output. --- external/njs_shell.c | 6 +++--- external/qjs_webcrypto_module.c | 2 +- nginx/ngx_js.c | 4 ++-- nginx/ngx_stream_js_module.c | 2 +- src/qjs_buffer.c | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/external/njs_shell.c b/external/njs_shell.c index 776c2536b..015c930f1 100644 --- a/external/njs_shell.c +++ b/external/njs_shell.c @@ -2590,7 +2590,7 @@ njs_qjs_module_loader(JSContext *ctx, const char *module_name, void *opaque) (void) close(info.fd); if (njs_slow_path(ret != NJS_OK)) { - JS_ThrowInternalError(ctx, "while reading \"%*s\" module", + JS_ThrowInternalError(ctx, "while reading \"%.*s\" module", (int) info.file.length, info.file.start); return NULL; } @@ -2599,7 +2599,7 @@ njs_qjs_module_loader(JSContext *ctx, const char *module_name, void *opaque) ret = njs_console_set_cwd(console, &info.file); if (njs_slow_path(ret != NJS_OK)) { - JS_ThrowInternalError(ctx, "while setting cwd for \"%*s\" module", + JS_ThrowInternalError(ctx, "while setting cwd for \"%.*s\" module", (int) info.file.length, info.file.start); return NULL; } @@ -2827,7 +2827,7 @@ njs_engine_qjs_unhandled_rejection(njs_engine_t *engine) return -1; } - JS_ThrowTypeError(ctx, "unhandled promise rejection: %*s", (int) len, str); + JS_ThrowTypeError(ctx, "unhandled promise rejection: %.*s", (int) len, str); JS_FreeCString(ctx, str); for (i = 0; i < console->rejected_promises->items; i++) { diff --git a/external/qjs_webcrypto_module.c b/external/qjs_webcrypto_module.c index 64098f4e1..cc654c0ac 100644 --- a/external/qjs_webcrypto_module.c +++ b/external/qjs_webcrypto_module.c @@ -4802,7 +4802,7 @@ qjs_webcrypto_error(JSContext *cx, const char *fmt, ...) } } - JS_ThrowTypeError(cx, "%*s", (int) (p - errstr), errstr); + JS_ThrowTypeError(cx, "%.*s", (int) (p - errstr), errstr); } diff --git a/nginx/ngx_js.c b/nginx/ngx_js.c index 5c2a44cb0..7f7b73622 100644 --- a/nginx/ngx_js.c +++ b/nginx/ngx_js.c @@ -1988,7 +1988,7 @@ ngx_qjs_module_loader(JSContext *cx, const char *module_name, void *opaque) (void) close(info.fd); if (ret != NJS_OK) { - JS_ThrowInternalError(cx, "while reading \"%*s\" module", + JS_ThrowInternalError(cx, "while reading \"%.*s\" module", (int) info.file.length, info.file.start); return NULL; } @@ -2057,7 +2057,7 @@ ngx_qjs_unhandled_rejection(ngx_js_ctx_t *ctx) return -1; } - JS_ThrowTypeError(cx, "unhandled promise rejection: %*s", (int) len, str); + JS_ThrowTypeError(cx, "unhandled promise rejection: %.*s", (int) len, str); JS_FreeCString(cx, str); for (i = 0; i < ctx->rejected_promises->items; i++) { diff --git a/nginx/ngx_stream_js_module.c b/nginx/ngx_stream_js_module.c index a7a923ad2..59a3e9d22 100644 --- a/nginx/ngx_stream_js_module.c +++ b/nginx/ngx_stream_js_module.c @@ -2126,7 +2126,7 @@ ngx_stream_qjs_event(ngx_stream_session_t *s, JSContext *cx, ngx_str_t *event) } if (i == n) { - (void) JS_ThrowInternalError(cx, "unknown event \"%*s\"", + (void) JS_ThrowInternalError(cx, "unknown event \"%.*s\"", (int) event->len, event->data); return NULL; } diff --git a/src/qjs_buffer.c b/src/qjs_buffer.c index 8fc296ad8..638d273c6 100644 --- a/src/qjs_buffer.c +++ b/src/qjs_buffer.c @@ -2099,7 +2099,7 @@ qjs_buffer_encoding(JSContext *ctx, JSValueConst value, JS_BOOL thrw) JS_FreeCString(ctx, (char *) name.start); if (thrw) { - JS_ThrowTypeError(ctx, "\"%*s\" encoding is not supported", + JS_ThrowTypeError(ctx, "\"%.*s\" encoding is not supported", (int) name.length, name.start); } From 4c86233be8f00dd63c4fed5cfaf8c46902ff5dcf Mon Sep 17 00:00:00 2001 From: Dmitry Volyntsev Date: Wed, 12 Feb 2025 18:12:38 -0800 Subject: [PATCH 3/5] QuickJS: fixed key usage processing with invalid values in WebCrypto. --- external/qjs_webcrypto_module.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/external/qjs_webcrypto_module.c b/external/qjs_webcrypto_module.c index cc654c0ac..6e820887f 100644 --- a/external/qjs_webcrypto_module.c +++ b/external/qjs_webcrypto_module.c @@ -4637,10 +4637,17 @@ qjs_key_usage(JSContext *cx, JSValue value, unsigned *mask) for (e = &qjs_webcrypto_usage[0]; e->name.length != 0; e++) { if (njs_strstr_eq(&s, &e->name)) { *mask |= e->value; - break; + goto done; } } + JS_ThrowTypeError(cx, "unknown key usage: \"%.*s\"", (int) s.length, + s.start); + JS_FreeCString(cx, (char *) s.start); + return JS_EXCEPTION; + +done: + JS_FreeCString(cx, (char *) s.start); } From 772f8d0c72a47bf876cdd7cbf56025cc54f2eb90 Mon Sep 17 00:00:00 2001 From: Dmitry Volyntsev Date: Wed, 12 Feb 2025 18:13:54 -0800 Subject: [PATCH 4/5] QuickJS: added missed OPENSSL context for errors in WebCrypto. --- external/qjs_webcrypto_module.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/external/qjs_webcrypto_module.c b/external/qjs_webcrypto_module.c index 6e820887f..3cb3d2b28 100644 --- a/external/qjs_webcrypto_module.c +++ b/external/qjs_webcrypto_module.c @@ -3242,14 +3242,14 @@ qjs_webcrypto_import_key(JSContext *cx, JSValueConst this_val, int argc, case QJS_KEY_FORMAT_PKCS8: bio = BIO_new_mem_buf(key_data.start, key_data.length); if (bio == NULL) { - JS_ThrowTypeError(cx, "BIO_new_mem_buf() failed"); + qjs_webcrypto_error(cx, "BIO_new_mem_buf() failed"); goto fail; } pkcs8 = d2i_PKCS8_PRIV_KEY_INFO_bio(bio, NULL); if (pkcs8 == NULL) { BIO_free(bio); - JS_ThrowTypeError(cx, "d2i_PKCS8_PRIV_KEY_INFO_bio() failed"); + qjs_webcrypto_error(cx, "d2i_PKCS8_PRIV_KEY_INFO_bio() failed"); goto fail; } @@ -3257,7 +3257,7 @@ qjs_webcrypto_import_key(JSContext *cx, JSValueConst this_val, int argc, if (pkey == NULL) { PKCS8_PRIV_KEY_INFO_free(pkcs8); BIO_free(bio); - JS_ThrowTypeError(cx, "EVP_PKCS82PKEY() failed"); + qjs_webcrypto_error(cx, "EVP_PKCS82PKEY() failed"); goto fail; } @@ -3272,7 +3272,7 @@ qjs_webcrypto_import_key(JSContext *cx, JSValueConst this_val, int argc, start = key_data.start; pkey = d2i_PUBKEY(NULL, &start, key_data.length); if (pkey == NULL) { - JS_ThrowTypeError(cx, "d2i_PUBKEY() failed"); + qjs_webcrypto_error(cx, "d2i_PUBKEY() failed"); goto fail; } @@ -3720,7 +3720,7 @@ qjs_convert_p1363_to_der(JSContext *cx, EVP_PKEY *pkey, u_char *p1363, if (len < 0) { js_free(cx, data); - JS_ThrowTypeError(cx, "i2d_ECDSA_SIG() failed"); + qjs_webcrypto_error(cx, "i2d_ECDSA_SIG() failed"); goto fail; } From aa1bdbe8ec7c529ccde96347a707be0cf1d459bb Mon Sep 17 00:00:00 2001 From: Dmitry Volyntsev Date: Wed, 12 Feb 2025 18:07:26 -0800 Subject: [PATCH 5/5] QuickJS: added WebCrypto import tests forgotten in 75ca26f. Import related tests are consolidated from other WebCrypto tests. --- external/qjs_webcrypto_module.c | 17 +- test/webcrypto/aes.t.mjs | 3 - test/webcrypto/import.t.mjs | 646 ++++++++++++++++++++++++++++++ test/webcrypto/rsa.pkcs8.broken2 | 16 + test/webcrypto/rsa.t.mjs | 2 - test/webcrypto/rsa_decoding.t.mjs | 2 - test/webcrypto/sign.t.mjs | 135 ------- 7 files changed, 664 insertions(+), 157 deletions(-) create mode 100644 test/webcrypto/import.t.mjs create mode 100644 test/webcrypto/rsa.pkcs8.broken2 diff --git a/external/qjs_webcrypto_module.c b/external/qjs_webcrypto_module.c index 3cb3d2b28..4816031c8 100644 --- a/external/qjs_webcrypto_module.c +++ b/external/qjs_webcrypto_module.c @@ -4167,20 +4167,7 @@ qjs_webcrypto_key_algorithm(JSContext *cx, JSValueConst this_val) return JS_EXCEPTION; } - ret = JS_NewObject(cx); - if (JS_IsException(ret)) { - JS_FreeValue(cx, obj); - return JS_EXCEPTION; - } - - if (JS_DefinePropertyValueStr(cx, ret, "name", hash, JS_PROP_C_W_E) - < 0) - { - JS_FreeValue(cx, obj); - return JS_EXCEPTION; - } - - if (JS_DefinePropertyValueStr(cx, obj, "hash", ret, JS_PROP_C_W_E) + if (JS_DefinePropertyValueStr(cx, obj, "hash", hash, JS_PROP_C_W_E) < 0) { JS_FreeValue(cx, obj); @@ -4377,7 +4364,7 @@ qjs_jwk_kty(JSContext *cx, JSValueConst value) } } - JS_ThrowTypeError(cx, "invalid JWK key type: %s", kty.start); + JS_ThrowTypeError(cx, "invalid JWK key type: \"%s\"", kty.start); JS_FreeCString(cx, (char *) kty.start); return QJS_KEY_JWK_KTY_UNKNOWN; diff --git a/test/webcrypto/aes.t.mjs b/test/webcrypto/aes.t.mjs index 80cddabb8..7c4825838 100644 --- a/test/webcrypto/aes.t.mjs +++ b/test/webcrypto/aes.t.mjs @@ -65,7 +65,6 @@ let aes_tsuite = { { name: "AES-GCM", data: "aabbcc", tagLength: 96 }, { name: "AES-GCM", data: "aabbcc", tagLength: 112 }, { name: "AES-GCM", data: "aabbcc", tagLength: 113, exception: "TypeError: AES-GCM Invalid tagLength" }, - { name: "AES-GCM", data: "aabbcc", key: "aabbcc", exception: "TypeError: Invalid key length" }, { name: "AES-GCM", data: "aabbcc", key: "001122330011223300112233001122330011223300112233" }, { name: "AES-GCM", data: "aabbccdd".repeat(4096) }, @@ -88,14 +87,12 @@ let aes_tsuite = { { name: "AES-CTR", data: "aabbcc", key: "001122330011223300112233001122330011223300112233" }, { name: "AES-CTR", data: "aabbccdd", length: 129, exception: "TypeError: AES-CTR algorithm.length must be between 1 and 128" }, - { name: "AES-CTR", data: "aabbcc", key: "aabbcc", exception: "TypeError: Invalid key length" }, { name: "AES-CBC", data: "aa" }, { name: "AES-CBC", data: "aabbccdd".repeat(4) }, { name: "AES-CBC", data: "aabbccdd".repeat(4096) }, { name: "AES-CBC", data: "aabbccdd".repeat(5), iv: "ffffffffffffffffffffffffffffffff" }, { name: "AES-CBC", data: "aabbcc", key: "001122330011223300112233001122330011223300112233" }, - { name: "AES-CBC", data: "aabbcc", key: "aabbcc", exception: "TypeError: Invalid key length" }, ]}; run([aes_tsuite]) diff --git a/test/webcrypto/import.t.mjs b/test/webcrypto/import.t.mjs new file mode 100644 index 000000000..1b8040061 --- /dev/null +++ b/test/webcrypto/import.t.mjs @@ -0,0 +1,646 @@ +/*--- +includes: [compatNjs.js, compatFs.js, compatWebcrypto.js, runTsuite.js, webCryptoUtils.js, compareArray.js] +flags: [async] +---*/ + +async function test(params) { + let key = await crypto.subtle.importKey(params.key.fmt, + params.key.key, + params.key.alg, + params.key.extractable, + params.key.usage); + + if (params.expected && !validate_key(key, params)) { + throw Error(`failed validate`); + } + + return 'SUCCESS'; +} + +function p(args, default_opts) { + let key, pem; + let params = merge({}, default_opts); + params = merge(params, args); + + switch (params.key.fmt) { + case "spki": + pem = fs.readFileSync(`test/webcrypto/${params.key.key}`); + key = pem_to_der(pem, "PUBLIC"); + break; + case "pkcs8": + pem = fs.readFileSync(`test/webcrypto/${params.key.key}`); + key = pem_to_der(pem, "PRIVATE"); + break; + case "jwk": + key = load_jwk(params.key.key); + break; + case "raw": + key = Buffer.from(params.key.key, "base64url"); + break; + default: + throw Error("Unknown encoding key format"); + } + + params.key.key = key; + + return params; +} + +function validate_key(key, params) { + let expected = params.expected; + if (expected.algorithm) { + if (!key.algorithm) { + throw Error(`missing import key algorithm`); + } + + if (expected.algorithm.name !== key.algorithm.name) { + throw Error(`unexpected import key algorithm name: ${key.algorithm.name} != ${expected.algorithm.name}`); + } + + if (has_njs() + && expected.algorithm.name == "HMAC" + && (expected.algorithm.hash !== key.algorithm.hash)) + { + throw Error(`unexpected import key algorithm hash: ${JSON.stringify(key.algorithm.hash)} != ${expected.algorithm.hash}`); + } + } + + if (expected.type !== key.type) { + throw Error(`unexpected import key type: ${key.type} != ${expected.type}`); + } + + if (expected.extractable !== key.extractable) { + throw Error(`unexpected import key extractable: ${key.extractable} != ${expected.extractable}`); + } + + if (expected.usages && !compareArray(expected.usages, key.usages)) { + throw Error(`unexpected import key usages: ${key.usages} != ${expected.usages}`); + } + + return true; +} + +let aes_tsuite = { + name: "AES importing", + skip: () => (!has_webcrypto()), + T: test, + prepare_args: p, + opts: {}, + + tests: [ + { key: { fmt: "jwk", + key: { alg: 'A128CBC', ext: true, k: 'AAAAAAAAAAAAAAAAAAAAAA', key_ops: [ 'decrypt', 'encrypt' ], kty: 'oct' }, + alg: { name: "AES-CBC" }, + extractable: true, + usage: [ "decrypt", "encrypt" ] }, + expected: { algorithm: { name: "AES-CBC" }, + extractable: true, + type: "secret", + usages: [ "decrypt", "encrypt" ] } }, + { key: { fmt: "jwk", + key: { alg: 'A128CBC', ext: true, k: 'AAAAAAAAAAAAAAAAAAAAAA', key_ops: [ 'encrypt' ], kty: 'oct' }, + alg: { name: "AES-CBC" }, + extractable: true, + usage: [ "encrypt" ] }, + expected: { algorithm: { name: "AES-CBC" }, + extractable: true, + type: "secret", + usages: [ "encrypt" ] } }, + { key: { fmt: "jwk", + key: { alg: 'A128CBC', ext: true, k: 'AAAAAAAAAAAAAAAAAAAAAA', kty: 'oct' }, + alg: { name: "AES-CBC" }, + extractable: true, + usage: [ "encrypt" ] }, + expected: { algorithm: { name: "AES-CBC" }, + extractable: true, + type: "secret", + usages: [ "encrypt" ] } }, + { key: { fmt: "jwk", + key: { alg: 'A128CBC', k: 'AAAAAAAAAAAAAAAAAAAAAA', kty: 'oct' }, + alg: { name: "AES-CBC" }, + extractable: true, + usage: [ "encrypt" ] }, + expected: { algorithm: { name: "AES-CBC" }, + extractable: true, + type: "secret", + usages: [ "encrypt" ] } }, + { key: { fmt: "raw", + key: 'AAAAAAAAAAAAAAAAAAAAAA', + alg: { name: "AES-CBC" }, + extractable: true, + usage: [ "decrypt", "encrypt" ] }, + expected: { algorithm: { name: "AES-CBC" }, + extractable: true, + type: "secret", + usages: [ "decrypt", "encrypt" ] } }, + { key: { fmt: "raw", + key: 'AAAAAAAAAAAAAAAAAAAAAA', + alg: { name: "AES-CTR" }, + extractable: false, + usage: [ "decrypt" ] }, + expected: { algorithm: { name: "AES-CTR" }, + extractable: false, + type: "secret", + usages: [ "decrypt" ] } }, + { key: { fmt: "raw", + key: 'AAAAAAAAAAAAAAAAAAAAAA', + alg: { name: "AES-GCM" }, + extractable: true, + usage: [ "decrypt", "encrypt" ] }, + expected: { algorithm: { name: "AES-GCM" }, + extractable: true, + type: "secret", + usages: [ "decrypt", "encrypt" ] } }, + + { key: { fmt: "raw", + key: 'AA', + alg: { name: "AES-CBC" }, + extractable: true, + usage: [ "decrypt", "encrypt" ] }, + exception: "TypeError: AES Invalid key length" }, + { key: { fmt: "jwk", + key: { alg: 'A128CBC', ext: true, k: 'AA', key_ops: [ 'encrypt', 'decrypt' ], kty: 'oct' }, + alg: { name: "AES-CBC" }, + usage: [ "encrypt", "decrypt" ] }, + exception: "TypeError: key size and \"alg\" value \"A128CBC\" mismatch" }, + { key: { fmt: "jwk", + key: { alg: 'A129CBC', ext: true, k: 'AA', key_ops: [ 'encrypt', 'decrypt' ], kty: 'oct' }, + alg: { name: "AES-CBC" }, + usage: [ "encrypt", "decrypt" ] }, + exception: "TypeError: unexpected \"alg\" value \"A129CBC\" for JWK key" }, + { key: { fmt: "jwk", + key: { alg: 'A128CBC', ext: false, k: 'AAAAAAAAAAAAAAAAAAAAAA', kty: 'oct' }, + alg: { name: "AES-CBC" }, + extractable: true, + usage: [ "encrypt" ] }, + exception: "TypeError: JWK oct is not extractable" }, + { key: { fmt: "jwk", + key: { alg: 1, ext: true, k: 'AA', key_ops: ['encrypt', 'decrypt'], kty: 'oct' }, + alg: { name: "AES-CBC" }, + usage: [ "encrypt", "decrypt" ] }, + exception: "TypeError: Invalid JWK oct alg" }, +]}; + +let ec_tsuite = { + name: "EC importing", + skip: () => (!has_webcrypto()), + T: test, + prepare_args: p, + opts: {}, + + tests: [ + { key: { fmt: "jwk", + key: "ec.jwk", + alg: { name: "ECDSA", namedCurve: "P-256" }, + extractable: true, + usage: [ "sign" ] }, + expected: { algorithm: { name: "ECDSA", namedCurve: "SHA-256" }, + extractable: true, + type: "private", + usages: [ "sign" ] } }, + { key: { fmt: "spki", + key: "ec.spki", + alg: { name: "ECDSA", namedCurve: "P-256" }, + extractable: true, + usage: [ "verify" ] }, + expected: { algorithm: { name: "ECDSA", namedCurve: "SHA-256" }, + extractable: true, + type: "public", + usages: [ "verify" ] } }, + { key: { fmt: "pkcs8", + key: "ec.pkcs8", + alg: { name: "ECDSA", namedCurve: "P-256" }, + extractable: true, + usage: [ "sign" ] }, + expected: { algorithm: { name: "ECDSA", namedCurve: "SHA-256" }, + extractable: true, + type: "private", + usages: [ "sign" ] } }, + { key: { fmt: "raw", + key: "BHFFLGURrlWEXhok0JfTKke4q-nWSIMPvKTPhdKYSVnc4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI", + alg: { name: "ECDSA", namedCurve: "P-256" }, + extractable: true, + usage: [ "verify" ] }, + expected: { algorithm: { name: "ECDSA", namedCurve: "SHA-256" }, + extractable: true, + type: "public", + usages: [ "verify" ] } }, + + { key: { fmt: "jwk", + key: "ec.jwk", + alg: { name: "ECDSA", namedCurve: "P-384" }, + extractable: true, + usage: [ "sign" ] }, + exception: "TypeError: Invalid JWK EC key" }, + { key: { fmt: "jwk", + key: 1, + alg: { name: "ECDSA", namedCurve: "P-256" }, + extractable: true, + usage: [ "sign" ] }, + exception: "TypeError: invalid JWK key data" }, + { key: { fmt: "jwk", + key: { kty: "EC" }, + alg: { name: "ECDSA", namedCurve: "P-256" }, + extractable: true, + usage: [ "sign" ] }, + exception: "TypeError: Invalid JWK EC key" }, + { key: { fmt: "jwk", + key: { kty: "EC", + x: "cUUsZRGuVYReGiTQl9MqR7ir6dZIgw-8pM-F0phJWdw" }, + alg: { name: "ECDSA", namedCurve: "P-256" }, + extractable: true, + usage: [ "sign" ] }, + exception: "TypeError: Invalid JWK EC key" }, + { key: { fmt: "jwk", + key: { kty: "EC", + x: "cUUsZRGuVYReGiTQl9MqR7ir6dZIgw-8pM-F0phJWdw", + y: "4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI" }, + alg: { name: "ECDSA", namedCurve: "P-256" }, + extractable: true, + usage: [ "sign" ] }, + exception: "TypeError: Invalid JWK EC key" }, + { key: { fmt: "jwk", + key: { kty: "EC", + x: "cUUsZRGuVYReGiTQl9MqR7ir6dZIgw-8pM-F0phJWdw", + y: "4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI", + d: "E2sW0_4a3QXaSTJ0JKbSUbieKTD1UFtr7i_2CuetP6A" }, + alg: { name: "ECDSA", namedCurve: "P-256" }, + extractable: true, + usage: [ "sign" ] }, + exception: "JWK EC curve mismatch" }, + { key: { fmt: "jwk", + key: { kty: "EC", + x: "cUUsZRGuVYReGiTQl9MqR7ir6dZIgw-8pM-F0phJWdw", + y: "4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI", + d: "E2sW0_4a3QXaSTJ0JKbSUbieKTD1UFtr7i_2CuetP6A", + crv: "P-384" }, + alg: { name: "ECDSA", namedCurve: "P-256" }, + extractable: true, + usage: [ "sign" ] }, + exception: "JWK EC curve mismatch" }, + { key: { fmt: "jwk", + key: { kty: "EC", + x: "_BROKEN_", + y: "4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI", + d: "E2sW0_4a3QXaSTJ0JKbSUbieKTD1UFtr7i_2CuetP6A", + crv: "P-256" }, + alg: { name: "ECDSA", namedCurve: "P-256" }, + extractable: true, + usage: [ "sign" ] }, + exception: "TypeError: EC_KEY_set_public_key_affine_coordinates()" }, + { key: { fmt: "jwk", + key: { kty: "EC", + x: "cUUsZRGuVYReGiTQl9MqR7ir6dZIgw-8pM-F0phJWdw", + y: "4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI", + d: "E2sW0_4a3QXaSTJ0JKbSUbieKTD1UFtr7i_2CuetP6A", + crv: "P-256", + key_ops: [ "verify" ] }, + alg: { name: "ECDSA", namedCurve: "P-256" }, + extractable: true, + usage: [ "sign" ] }, + exception: "TypeError: Key operations and usage mismatch" }, + { key: { fmt: "jwk", + key: { kty: "EC", + x: "cUUsZRGuVYReGiTQl9MqR7ir6dZIgw-8pM-F0phJWdw", + y: "4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI", + d: "E2sW0_4a3QXaSTJ0JKbSUbieKTD1UFtr7i_2CuetP6A", + ext: false }, + alg: { name: "ECDSA", namedCurve: "P-256" }, + extractable: true, + usage: [ "sign" ] }, + exception: "JWK EC is not extractable" }, + { key: { fmt: "jwk", + key: { kty: "EC", + x: "cUUsZRGuVYReGiTQl9MqR7ir6dZIgw-8pM-F0phJWdw", + y: "4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI", + d: "E2sW0_4a3QXaSTJ0JKbSUbieKTD1UFtr7i_2CuetP6A", + crv: "P-256" }, + alg: { name: "ECDSA", namedCurve: "P-256" }, + extractable: true, + usage: [ "sign", "verify" ] }, + exception: "TypeError: key usage mismatch for \"ECDSA\" key" }, + { key: { fmt: "pkcs8", + key: "ec.pkcs8", + alg: { name: "ECDSA", namedCurve: "unknown_named_curve" }, + extractable: true, + usage: [ "sign" ] }, + exception: "TypeError: unknown namedCurve: \"unknown_named_curve\"" }, + { key: { fmt: "spki", + key: "rsa.spki", + alg: { name: "ECDSA", namedCurve: "P-256" }, + extractable: true, + usage: [ "verify" ] }, + exception: "TypeError: EC key is not found" }, + { key: { fmt: "spki", + key: "ec.spki", + alg: { name: "ECDSA", namedCurve: "P-384" }, + extractable: true, + usage: [ "verify" ] }, + exception: "TypeError: name curve mismatch" }, + { key: { fmt: "raw", + key: "CHFFLGURrlWEXhok0JfTKke4q-nWSIMPvKTPhdKYSVnc4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI", + alg: { name: "ECDSA", namedCurve: "P-256" }, + extractable: true, + usage: [ "verify" ] }, + exception: "TypeError: EC_POINT_oct2point()" }, +]}; + +let hmac_tsuite = { + name: "HMAC importing", + skip: () => (!has_webcrypto()), + T: test, + prepare_args: p, + opts: {}, + + tests: [ + { key: { fmt: "raw", + key: "AA", + alg: { name: "HMAC", hash: "SHA-256" }, + extractable: true, + usage: [ "sign", "verify" ] }, + expected: { algorithm: { name: "HMAC", hash: "SHA-256" }, + extractable: true, + type: "secret", + usages: [ "sign", "verify" ] } }, + { key: { fmt: "raw", + key: "AA", + alg: { name: "HMAC", hash: "SHA-384" }, + extractable: true, + usage: [ "sign", "verify" ] }, + expected: { algorithm: { name: "HMAC", hash: "SHA-384" }, + extractable: true, + type: "secret", + usages: [ "sign", "verify" ] } }, + { key: { fmt: "raw", + key: "AA", + alg: { name: "HMAC", hash: "SHA-384" }, + extractable: false, + usage: [ "sign", "verify" ] }, + expected: { algorithm: { name: "HMAC", hash: "SHA-384" }, + extractable: false, + type: "secret", + usages: [ "sign", "verify" ] } }, + + { key: { fmt: "raw", + key: "AA", + alg: { name: "HMAC", hash: "SHA-385" }, + extractable: true, + usage: [ "sign", "verify" ] }, + exception: "TypeError: unknown hash name: \"SHA-385\"" }, + { key: { fmt: "spki", + key: "ec.spki", + alg: { name: "HMAC" }, + extractable: true, + usage: [ "sign" ] }, + exception: "TypeError: unsupported key fmt \"spki\" for \"HMAC\" key" }, + { key: { fmt: "raw", + key: "AA", + alg: { name: "HMAC", hash: "SHA-384" }, + extractable: true, + usage: [ "encrypt" ] }, + exception: "TypeError: unsupported key usage for \"HMAC\" key" }, + { key: { fmt: "raw", + key: "AA", + alg: { name: "HMAC", hash: "SHA-384" }, + extractable: true, + usage: [ "invalid_usage" ] }, + exception: "TypeError: unknown key usage: \"invalid_usage\"" }, + + { key: { fmt: "jwk", + key: { alg: 'HS384', ext: true, k: 'AA', key_ops: [ 'sign', 'verify' ], kty: 'oct' }, + alg: { name: "HMAC", hash: "SHA-384" }, + extractable: true, + usage: [ "sign", "verify" ] }, + expected: { algorithm: { name: "HMAC", hash: "SHA-384" }, + extractable: true, + type: "secret", + usages: [ "sign", "verify" ] } }, + { key: { fmt: "jwk", + key: { alg: 'HS256', ext: true, k: 'AA', key_ops: [ 'sign' ], kty: 'oct' }, + alg: { name: "HMAC", hash: "SHA-256" }, + extractable: true, + usage: [ "sign" ]}, + expected: { algorithm: { name: "HMAC", hash: "SHA-256" }, + extractable: true, + type: "secret", + usages: [ "sign" ] } }, + { key: { fmt: "jwk", + key: { alg: 'HS256', k: 'AA', kty: 'oct' }, + alg: { name: "HMAC", hash: "SHA-256" }, + extractable: true, + usage: [ "sign" ]}, + expected: { algorithm: { name: "HMAC", hash: "SHA-256" }, + extractable: true, + type: "secret", + usages: [ "sign" ] } }, + + { key: { fmt: "jwk", + key: { alg: 'HS385', ext: true, k: 'AA', key_ops: [ 'sign', 'verify' ], kty: 'oct' }, + alg: { name: "HMAC", hash: "SHA-385" }, + extractable: true, + usage: [ "sign", "verify" ] }, + exception: "TypeError: unexpected \"alg\" value \"HS385\" for JWK key" }, + { key: { fmt: "jwk", + key: { alg: 'HS384', ext: true, k: 'AA', key_ops: [ 'sign', 'verify' ], kty: 'invalid_kty' }, + alg: { name: "HMAC", hash: "SHA-384" }, + extractable: true, + usage: [ "sign", "verify" ] }, + exception: "TypeError: invalid JWK key type: \"invalid_kty\"" }, + { key: { fmt: "jwk", + key: { alg: 'HS256', ext: true, key_ops: [ 'sign' ], kty: 'oct' }, + alg: { name: "HMAC", hash: "SHA-256" }, + extractable: true, + usage: [ "sign" ]}, + exception: "TypeError: Invalid JWK oct key" }, + { key: { fmt: "jwk", + key: { alg: 'HS256', k: 'AA', key_ops: [ 'sign' ], kty: 'oct' }, + alg: { name: "HMAC", hash: "SHA-256" }, + extractable: true, + usage: [ "verify" ]}, + exception: "TypeError: Key operations and usage mismatch" }, +]}; + +let rsa_tsuite = { + name: "RSA importing", + skip: () => (!has_webcrypto()), + T: test, + prepare_args: p, + opts: {}, + + tests: [ + { key: { fmt: "jwk", + key: "rsa.jwk", + alg: { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, + extractable: true, + usage: [ "sign" ] }, + expected: { algorithm: { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, + extractable: true, + type: "private", + usages: [ "sign" ] } }, + { key: { fmt: "pkcs8", + key: "rsa.pkcs8", + alg: { name: "RSA-OAEP", hash: "SHA-1" }, + extractable: true, + usage: [ "decrypt" ] }, + expected: { algorithm: { name: "RSA-OAEP", hash: "SHA-1" }, + extractable: true, + type: "private", + usages: [ "decrypt" ] } }, + { key: { fmt: "spki", + key: "rsa.spki", + alg: { name: "RSA-OAEP", hash: "SHA-256" }, + extractable: true, + usage: [ "encrypt" ] }, + expected: { algorithm: { name: "RSA-OAEP", hash: "SHA-256" }, + extractable: true, + type: "public", + usages: [ "encrypt" ] } }, + + { key: { fmt: "jwk", + key: 1, + alg: { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, + extractable: true, + usage: [ "sign" ] }, + exception: "TypeError: invalid JWK key data" }, + { key: { fmt: "jwk", + key: "rsa.jwk", + alg: { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, + extractable: true, + usage: [ "verify" ] }, + exception: "TypeError: Key operations and usage mismatch" }, + { key: { fmt: "jwk", + key: "rsa.jwk", + alg: { name: "RSASSA-PKCS1-v1_5", hash: "SHA-384" }, + extractable: true, + usage: [ "sign" ] }, + exception: "TypeError: RSA JWK hash mismatch" }, + { key: { fmt: "jwk", + key: { kty: "RSA", + n: "yUmxoJC8VAM5hyYZa-XUBZg1N1ywFMPUpWsF1kaSGed98P3XUgPzgX80wpyzd5qdGuALqnf2lMc7O8PrGBtO5YrvQlI96NX0jUo5bc5wz220ob3AUCeQnTfx-UFqM4pCwjoDSo2PlphJdWgFYymGBaBCJgnENQL9H1N_8_yNiN8" }, + alg: { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, + extractable: true, + usage: [ "sign" ] }, + exception: "TypeError: Invalid JWK RSA key" }, + { key: { fmt: "jwk", + key: { kty: "RSA", + n: "yUmxoJC8VAM5hyYZa-XUBZg1N1ywFMPUpWsF1kaSGed98P3XUgPzgX80wpyzd5qdGuALqnf2lMc7O8PrGBtO5YrvQlI96NX0jUo5bc5wz220ob3AUCeQnTfx-UFqM4pCwjoDSo2PlphJdWgFYymGBaBCJgnENQL9H1N_8_yNiN8", + e: "AQAB" }, + alg: { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, + extractable: true, + usage: [ "sign" ] }, + exception: "TypeError: key usage mismatch for \"RSASSA-PKCS1-v1_5\" key" }, + { key: { fmt: "jwk", + key: { kty: "RSA", + n: "yUmxoJC8VAM5hyYZa-XUBZg1N1ywFMPUpWsF1kaSGed98P3XUgPzgX80wpyzd5qdGuALqnf2lMc7O8PrGBtO5YrvQlI96NX0jUo5bc5wz220ob3AUCeQnTfx-UFqM4pCwjoDSo2PlphJdWgFYymGBaBCJgnENQL9H1N_8_yNiN8", + e: "AQAB", + d: "j06DQyCopFujYoASi0oWmGEUSjUYO8BsrdSzVCnsLLsuZBwlZ4Peouyw4Hl2IIoYniCyzYwZJzVtC5Dh2MjgcrJTG5nX3FfheuabGl4in0583C51ZYWlVpDvBWw8kJTfXjiKH4z6ZA9dWdT5Y3aH_kOf-znUc7eTvuzISs61x_k" }, + alg: { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, + extractable: true, + usage: [ "sign" ] }, + exception: "TypeError: Invalid JWK RSA key" }, + { key: { fmt: "jwk", + key: { kty: "RSA", + n: "yUmxoJC8VAM5hyYZa-XUBZg1N1ywFMPUpWsF1kaSGed98P3XUgPzgX80wpyzd5qdGuALqnf2lMc7O8PrGBtO5YrvQlI96NX0jUo5bc5wz220ob3AUCeQnTfx-UFqM4pCwjoDSo2PlphJdWgFYymGBaBCJgnENQL9H1N_8_yNiN8", + e: "AQAB", + d: "j06DQyCopFujYoASi0oWmGEUSjUYO8BsrdSzVCnsLLsuZBwlZ4Peouyw4Hl2IIoYniCyzYwZJzVtC5Dh2MjgcrJTG5nX3FfheuabGl4in0583C51ZYWlVpDvBWw8kJTfXjiKH4z6ZA9dWdT5Y3aH_kOf-znUc7eTvuzISs61x_k", + p: "9ASb2yw5b8d7unrFuOyy4EDcPbnzEpbuVGASeHPqkORwHsqeGbfwGlhDYSYrY0HCwUsSBSFcO3SDeu0Z0zSvFQ" }, + alg: { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, + extractable: true, + usage: [ "sign" ] }, + exception: "TypeError: Invalid JWK RSA key" }, + { key: { fmt: "jwk", + key: { kty: "RSA", + n: "yUmxoJC8VAM5hyYZa-XUBZg1N1ywFMPUpWsF1kaSGed98P3XUgPzgX80wpyzd5qdGuALqnf2lMc7O8PrGBtO5YrvQlI96NX0jUo5bc5wz220ob3AUCeQnTfx-UFqM4pCwjoDSo2PlphJdWgFYymGBaBCJgnENQL9H1N_8_yNiN8", + e: "AQAB", + d: "j06DQyCopFujYoASi0oWmGEUSjUYO8BsrdSzVCnsLLsuZBwlZ4Peouyw4Hl2IIoYniCyzYwZJzVtC5Dh2MjgcrJTG5nX3FfheuabGl4in0583C51ZYWlVpDvBWw8kJTfXjiKH4z6ZA9dWdT5Y3aH_kOf-znUc7eTvuzISs61x_k", + p: "9ASb2yw5b8d7unrFuOyy4EDcPbnzEpbuVGASeHPqkORwHsqeGbfwGlhDYSYrY0HCwUsSBSFcO3SDeu0Z0zSvFQ", + q: "0yvzzgHo_PGYSlVj-M3965AwQF2wTXz82MZHv6EfcCHKuBfCSecr-igqLHhzfynAQjjf39VrXuPuRL23REF1Iw" }, + alg: { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, + extractable: true, + usage: [ "sign" ] }, + exception: "TypeError: Invalid JWK RSA key" }, + { key: { fmt: "jwk", + key: { kty: "RSA", + n: "yUmxoJC8VAM5hyYZa-XUBZg1N1ywFMPUpWsF1kaSGed98P3XUgPzgX80wpyzd5qdGuALqnf2lMc7O8PrGBtO5YrvQlI96NX0jUo5bc5wz220ob3AUCeQnTfx-UFqM4pCwjoDSo2PlphJdWgFYymGBaBCJgnENQL9H1N_8_yNiN8", + e: "AQAB", + d: "j06DQyCopFujYoASi0oWmGEUSjUYO8BsrdSzVCnsLLsuZBwlZ4Peouyw4Hl2IIoYniCyzYwZJzVtC5Dh2MjgcrJTG5nX3FfheuabGl4in0583C51ZYWlVpDvBWw8kJTfXjiKH4z6ZA9dWdT5Y3aH_kOf-znUc7eTvuzISs61x_k", + p: "9ASb2yw5b8d7unrFuOyy4EDcPbnzEpbuVGASeHPqkORwHsqeGbfwGlhDYSYrY0HCwUsSBSFcO3SDeu0Z0zSvFQ", + q: "0yvzzgHo_PGYSlVj-M3965AwQF2wTXz82MZHv6EfcCHKuBfCSecr-igqLHhzfynAQjjf39VrXuPuRL23REF1Iw", + dp: "pUXJ2jSl4lOWNcOZz5phvQmxIg2j2N9pJLS9TeAU63YNio1pb7npYa6OVGpp0JxlsE2MMvVZZtuPgd69MxPn0Q" }, + alg: { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, + extractable: true, + usage: [ "sign" ] }, + exception: "TypeError: Invalid JWK RSA key" }, + { key: { fmt: "jwk", + key: { kty: "RSA", + n: "yUmxoJC8VAM5hyYZa-XUBZg1N1ywFMPUpWsF1kaSGed98P3XUgPzgX80wpyzd5qdGuALqnf2lMc7O8PrGBtO5YrvQlI96NX0jUo5bc5wz220ob3AUCeQnTfx-UFqM4pCwjoDSo2PlphJdWgFYymGBaBCJgnENQL9H1N_8_yNiN8", + e: "AQAB", + d: "j06DQyCopFujYoASi0oWmGEUSjUYO8BsrdSzVCnsLLsuZBwlZ4Peouyw4Hl2IIoYniCyzYwZJzVtC5Dh2MjgcrJTG5nX3FfheuabGl4in0583C51ZYWlVpDvBWw8kJTfXjiKH4z6ZA9dWdT5Y3aH_kOf-znUc7eTvuzISs61x_k", + p: "9ASb2yw5b8d7unrFuOyy4EDcPbnzEpbuVGASeHPqkORwHsqeGbfwGlhDYSYrY0HCwUsSBSFcO3SDeu0Z0zSvFQ", + q: "0yvzzgHo_PGYSlVj-M3965AwQF2wTXz82MZHv6EfcCHKuBfCSecr-igqLHhzfynAQjjf39VrXuPuRL23REF1Iw", + dp: "pUXJ2jSl4lOWNcOZz5phvQmxIg2j2N9pJLS9TeAU63YNio1pb7npYa6OVGpp0JxlsE2MMvVZZtuPgd69MxPn0Q", + dq: "RZoqDM-iXKTA3ldQ0TQMKnVnAgAfWRsGN-j6wxW3R_1LVOw31KYGX7iXVfsJjnNTdEBMwfkVH7yezzd8zVmJ4w" }, + alg: { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, + extractable: true, + usage: [ "sign" ] }, + exception: "TypeError: Invalid JWK RSA key" }, + { key: { fmt: "jwk", + key: { kty: "RSA", + n: "yUmxoJC8VAM5hyYZa-XUBZg1N1ywFMPUpWsF1kaSGed98P3XUgPzgX80wpyzd5qdGuALqnf2lMc7O8PrGBtO5YrvQlI96NX0jUo5bc5wz220ob3AUCeQnTfx-UFqM4pCwjoDSo2PlphJdWgFYymGBaBCJgnENQL9H1N_8_yNiN8", + e: "AQAB", + d: "j06DQyCopFujYoASi0oWmGEUSjUYO8BsrdSzVCnsLLsuZBwlZ4Peouyw4Hl2IIoYniCyzYwZJzVtC5Dh2MjgcrJTG5nX3FfheuabGl4in0583C51ZYWlVpDvBWw8kJTfXjiKH4z6ZA9dWdT5Y3aH_kOf-znUc7eTvuzISs61x_k", + p: "9ASb2yw5b8d7unrFuOyy4EDcPbnzEpbuVGASeHPqkORwHsqeGbfwGlhDYSYrY0HCwUsSBSFcO3SDeu0Z0zSvFQ", + q: "0yvzzgHo_PGYSlVj-M3965AwQF2wTXz82MZHv6EfcCHKuBfCSecr-igqLHhzfynAQjjf39VrXuPuRL23REF1Iw", + dp: "pUXJ2jSl4lOWNcOZz5phvQmxIg2j2N9pJLS9TeAU63YNio1pb7npYa6OVGpp0JxlsE2MMvVZZtuPgd69MxPn0Q", + dq: "RZoqDM-iXKTA3ldQ0TQMKnVnAgAfWRsGN-j6wxW3R_1LVOw31KYGX7iXVfsJjnNTdEBMwfkVH7yezzd8zVmJ4w", + qi: "2REPnRQIaLsya5wlwFw0whwPaAbTZp2jfguhtg5gou_Yru7Cxz_b83YFPgoI6xuGE1OXsWkRTToS8FuIWCrNBQ", + ext: false }, + alg: { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, + extractable: true, + usage: [ "sign" ] }, + exception: "JWK RSA is not extractable" }, + { key: { fmt: "jwk", + key: { kty: "RSA" }, + alg: { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, + extractable: true, + usage: [ "sign" ] }, + exception: "TypeError: Invalid JWK RSA key" }, + { key: { fmt: "pkcs8", + key: "ec.pkcs8", + alg: { name: "RSA-OAEP", hash: "SHA-1" }, + extractable: true, + usage: [ "decrypt" ] }, + exception: "TypeError: RSA key is not found" }, + { key: { fmt: "pkcs8", + key: "rsa.pkcs8.broken", + alg: { name: "RSA-OAEP", hash: "SHA-1" }, + extractable: true, + usage: [ "decrypt" ] }, + exception: "TypeError: d2i_PKCS8_PRIV_KEY_INFO_bio() failed" }, + { key: { fmt: "pkcs8", + key: "rsa.pkcs8.broken2", + alg: { name: "RSA-OAEP", hash: "SHA-1" }, + extractable: true, + usage: [ "decrypt" ] }, + exception: "TypeError: EVP_PKCS82PKEY() failed" }, + { key: { fmt: "pkcs8", + key: "rsa.pkcs8", + alg: { name: "RSA-OAEP", hash: "XXX" }, + extractable: true, + usage: [ "decrypt" ] }, + exception: "TypeError: unknown hash name: \"XXX\"" }, + { key: { fmt: "spki", + key: "rsa.spki.broken", + alg: { name: "RSA-OAEP", hash: "SHA-256" }, + extractable: true, + usage: [ "encrypt" ] }, + exception: "TypeError: d2i_PUBKEY() failed" }, +]}; + +run([ + aes_tsuite, + ec_tsuite, + hmac_tsuite, + rsa_tsuite, +]) +.then($DONE, $DONE); diff --git a/test/webcrypto/rsa.pkcs8.broken2 b/test/webcrypto/rsa.pkcs8.broken2 new file mode 100644 index 000000000..1fdec72a5 --- /dev/null +++ b/test/webcrypto/rsa.pkcs8.broken2 @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGAAMlJsaCQvFQDOYcm +GWvl1AWYNTdcsBTD1KVrBdZGkhnnffD911ID84F/NMKcs3eanRrgC6p39pTHOzvD +6xgbTuWK70JSPejV9I1KOW3OcM9ttKG9wFAnkJ038flBajOKQsI6A0qNj5aYSXVo +BWMphgWgQiYJxDUC/R9Tf/P8jYjfAgMBAAECgYEAj06DQyCopFujYoASi0oWmGEU +SjUYO8BsrdSzVCnsLLsuZBwlZ4Peouyw4Hl2IIoYniCyzYwZJzVtC5Dh2MjgcrJT +G5nX3FfheuabGl4in0583C51ZYWlVpDvBWw8kJTfXjiKH4z6ZA9dWdT5Y3aH/kOf ++znUc7eTvuzISs61x/kCQQD0BJvbLDlvx3u6esW47LLgQNw9ufMSlu5UYBJ4c+qQ +5HAeyp4Zt/AaWENhJitjQcLBSxIFIVw7dIN67RnTNK8VAkEA0yvzzgHo/PGYSlVj ++M3965AwQF2wTXz82MZHv6EfcCHKuBfCSecr+igqLHhzfynAQjjf39VrXuPuRL23 +REF1IwJBAKVFydo0peJTljXDmc+aYb0JsSINo9jfaSS0vU3gFOt2DYqNaW+56WGu +jlRqadCcZbBNjDL1WWbbj4HevTMT59ECQEWaKgzPolykwN5XUNE0DCp1ZwIAH1kb +Bjfo+sMVt0f9S1TsN9SmBl+4l1X7CY5zU3RATMH5FR+8ns83fM1ZieMCQQDZEQ+d +FAhouzJrnCXAXDTCHA9oBtNmnaN+C6G2DmCi79iu7sLHP9vzdgU+CgjrG4YTU5ex +aRFNOhLwW4hYKs0F +-----END PRIVATE KEY----- diff --git a/test/webcrypto/rsa.t.mjs b/test/webcrypto/rsa.t.mjs index 977537e06..372535b1f 100644 --- a/test/webcrypto/rsa.t.mjs +++ b/test/webcrypto/rsa.t.mjs @@ -127,8 +127,6 @@ let rsa_tsuite = { { data: "aabbccdd".repeat(7), enc: { hash: "SHA-384" }, dec: { hash: "SHA-384" } }, { data: "aabbcc", enc: { hash: "SHA-256" }, dec: { hash: "SHA-384" }, exception: "Error: EVP_PKEY_decrypt() failed" }, - { data: "aabbcc", enc: { hash: "XXX" }, exception: "TypeError: unknown hash name: \"XXX\"" }, - { data: "aabbcc", dec: { key: "rsa.spki.broken" }, exception: "Error: d2i_PUBKEY() failed" }, { data: "aabbcc", dec: { key: "rsa2.spki" }, exception: "Error: EVP_PKEY_decrypt() failed" }, { data: "aabbcc", enc: { fmt: "jwk", key: "rsa.enc.pub.jwk" }, dec: { fmt: "jwk", key: "rsa.dec.jwk" } }, diff --git a/test/webcrypto/rsa_decoding.t.mjs b/test/webcrypto/rsa_decoding.t.mjs index 247332799..08874491c 100644 --- a/test/webcrypto/rsa_decoding.t.mjs +++ b/test/webcrypto/rsa_decoding.t.mjs @@ -33,8 +33,6 @@ let rsa_tsuite = { tests: [ { pem: "rsa.pkcs8", src: "text.base64.rsa-oaep.enc", expected: "WAKAWAKA" }, - { pem: "ec.pkcs8", src: "text.base64.rsa-oaep.enc", exception: "Error: RSA key is not found" }, - { pem: "rsa.pkcs8.broken", src: "text.base64.rsa-oaep.enc", exception: "Error: d2i_PKCS8_PRIV_KEY_INFO_bio() failed" }, ]}; run([rsa_tsuite]) diff --git a/test/webcrypto/sign.t.mjs b/test/webcrypto/sign.t.mjs index c2d52a6ff..2999569f5 100644 --- a/test/webcrypto/sign.t.mjs +++ b/test/webcrypto/sign.t.mjs @@ -194,12 +194,6 @@ let hmac_tsuite = { k: "c2VjcmV0S0VZ" } }, verify: true, expected: true }, - { sign_key: { fmt: "jwk", - key: { kty: "oct", - alg: "HS256", - key_ops: [ "verify" ], - k: "c2VjcmV0S0VZ" } }, - exception: "TypeError: Key operations and usage mismatch" }, { verify: true, expected: true }, { verify: true, import_alg: { hash: "SHA-384" }, expected: true }, @@ -250,59 +244,6 @@ let rsassa_pkcs1_v1_5_tsuite = { extractable: true, usage: [ "sign", "verify" ] }, expected: true }, - - { sign_key: { key: 1, fmt: "jwk" }, exception: "TypeError: invalid JWK key data" }, - { sign_key: { key: { kty: "RSA" }, fmt: "jwk" }, - exception: "TypeError: Invalid JWK RSA key" }, - { sign_key: { key: { kty: "RSA", - n: "yUmxoJC8VAM5hyYZa-XUBZg1N1ywFMPUpWsF1kaSGed98P3XUgPzgX80wpyzd5qdGuALqnf2lMc7O8PrGBtO5YrvQlI96NX0jUo5bc5wz220ob3AUCeQnTfx-UFqM4pCwjoDSo2PlphJdWgFYymGBaBCJgnENQL9H1N_8_yNiN8" }, - fmt: "jwk" }, - exception: "TypeError: Invalid JWK RSA key" }, - { sign_key: { key: { kty: "RSA", - n: "yUmxoJC8VAM5hyYZa-XUBZg1N1ywFMPUpWsF1kaSGed98P3XUgPzgX80wpyzd5qdGuALqnf2lMc7O8PrGBtO5YrvQlI96NX0jUo5bc5wz220ob3AUCeQnTfx-UFqM4pCwjoDSo2PlphJdWgFYymGBaBCJgnENQL9H1N_8_yNiN8", - e: "AQAB" }, - fmt: "jwk" }, - exception: "TypeError: key usage mismatch for a RSASSA-PKCS1-v1_5" }, - { sign_key: { key: { kty: "RSA", - n: "yUmxoJC8VAM5hyYZa-XUBZg1N1ywFMPUpWsF1kaSGed98P3XUgPzgX80wpyzd5qdGuALqnf2lMc7O8PrGBtO5YrvQlI96NX0jUo5bc5wz220ob3AUCeQnTfx-UFqM4pCwjoDSo2PlphJdWgFYymGBaBCJgnENQL9H1N_8_yNiN8", - e: "AQAB", - d: "j06DQyCopFujYoASi0oWmGEUSjUYO8BsrdSzVCnsLLsuZBwlZ4Peouyw4Hl2IIoYniCyzYwZJzVtC5Dh2MjgcrJTG5nX3FfheuabGl4in0583C51ZYWlVpDvBWw8kJTfXjiKH4z6ZA9dWdT5Y3aH_kOf-znUc7eTvuzISs61x_k" }, - fmt: "jwk" }, - exception: "TypeError: Invalid JWK RSA key" }, - { sign_key: { key: { kty: "RSA", - n: "yUmxoJC8VAM5hyYZa-XUBZg1N1ywFMPUpWsF1kaSGed98P3XUgPzgX80wpyzd5qdGuALqnf2lMc7O8PrGBtO5YrvQlI96NX0jUo5bc5wz220ob3AUCeQnTfx-UFqM4pCwjoDSo2PlphJdWgFYymGBaBCJgnENQL9H1N_8_yNiN8", - e: "AQAB", - d: "j06DQyCopFujYoASi0oWmGEUSjUYO8BsrdSzVCnsLLsuZBwlZ4Peouyw4Hl2IIoYniCyzYwZJzVtC5Dh2MjgcrJTG5nX3FfheuabGl4in0583C51ZYWlVpDvBWw8kJTfXjiKH4z6ZA9dWdT5Y3aH_kOf-znUc7eTvuzISs61x_k", - p: "9ASb2yw5b8d7unrFuOyy4EDcPbnzEpbuVGASeHPqkORwHsqeGbfwGlhDYSYrY0HCwUsSBSFcO3SDeu0Z0zSvFQ" }, - fmt: "jwk" }, - exception: "TypeError: Invalid JWK RSA key" }, - { sign_key: { key: { kty: "RSA", - n: "yUmxoJC8VAM5hyYZa-XUBZg1N1ywFMPUpWsF1kaSGed98P3XUgPzgX80wpyzd5qdGuALqnf2lMc7O8PrGBtO5YrvQlI96NX0jUo5bc5wz220ob3AUCeQnTfx-UFqM4pCwjoDSo2PlphJdWgFYymGBaBCJgnENQL9H1N_8_yNiN8", - e: "AQAB", - d: "j06DQyCopFujYoASi0oWmGEUSjUYO8BsrdSzVCnsLLsuZBwlZ4Peouyw4Hl2IIoYniCyzYwZJzVtC5Dh2MjgcrJTG5nX3FfheuabGl4in0583C51ZYWlVpDvBWw8kJTfXjiKH4z6ZA9dWdT5Y3aH_kOf-znUc7eTvuzISs61x_k", - p: "9ASb2yw5b8d7unrFuOyy4EDcPbnzEpbuVGASeHPqkORwHsqeGbfwGlhDYSYrY0HCwUsSBSFcO3SDeu0Z0zSvFQ", - q: "0yvzzgHo_PGYSlVj-M3965AwQF2wTXz82MZHv6EfcCHKuBfCSecr-igqLHhzfynAQjjf39VrXuPuRL23REF1Iw" }, - fmt: "jwk" }, - exception: "TypeError: Invalid JWK RSA key" }, - { sign_key: { key: { kty: "RSA", - n: "yUmxoJC8VAM5hyYZa-XUBZg1N1ywFMPUpWsF1kaSGed98P3XUgPzgX80wpyzd5qdGuALqnf2lMc7O8PrGBtO5YrvQlI96NX0jUo5bc5wz220ob3AUCeQnTfx-UFqM4pCwjoDSo2PlphJdWgFYymGBaBCJgnENQL9H1N_8_yNiN8", - e: "AQAB", - d: "j06DQyCopFujYoASi0oWmGEUSjUYO8BsrdSzVCnsLLsuZBwlZ4Peouyw4Hl2IIoYniCyzYwZJzVtC5Dh2MjgcrJTG5nX3FfheuabGl4in0583C51ZYWlVpDvBWw8kJTfXjiKH4z6ZA9dWdT5Y3aH_kOf-znUc7eTvuzISs61x_k", - p: "9ASb2yw5b8d7unrFuOyy4EDcPbnzEpbuVGASeHPqkORwHsqeGbfwGlhDYSYrY0HCwUsSBSFcO3SDeu0Z0zSvFQ", - q: "0yvzzgHo_PGYSlVj-M3965AwQF2wTXz82MZHv6EfcCHKuBfCSecr-igqLHhzfynAQjjf39VrXuPuRL23REF1Iw", - dp: "pUXJ2jSl4lOWNcOZz5phvQmxIg2j2N9pJLS9TeAU63YNio1pb7npYa6OVGpp0JxlsE2MMvVZZtuPgd69MxPn0Q" }, - fmt: "jwk" }, - exception: "TypeError: Invalid JWK RSA key" }, - { sign_key: { key: { kty: "RSA", - n: "yUmxoJC8VAM5hyYZa-XUBZg1N1ywFMPUpWsF1kaSGed98P3XUgPzgX80wpyzd5qdGuALqnf2lMc7O8PrGBtO5YrvQlI96NX0jUo5bc5wz220ob3AUCeQnTfx-UFqM4pCwjoDSo2PlphJdWgFYymGBaBCJgnENQL9H1N_8_yNiN8", - e: "AQAB", - d: "j06DQyCopFujYoASi0oWmGEUSjUYO8BsrdSzVCnsLLsuZBwlZ4Peouyw4Hl2IIoYniCyzYwZJzVtC5Dh2MjgcrJTG5nX3FfheuabGl4in0583C51ZYWlVpDvBWw8kJTfXjiKH4z6ZA9dWdT5Y3aH_kOf-znUc7eTvuzISs61x_k", - p: "9ASb2yw5b8d7unrFuOyy4EDcPbnzEpbuVGASeHPqkORwHsqeGbfwGlhDYSYrY0HCwUsSBSFcO3SDeu0Z0zSvFQ", - q: "0yvzzgHo_PGYSlVj-M3965AwQF2wTXz82MZHv6EfcCHKuBfCSecr-igqLHhzfynAQjjf39VrXuPuRL23REF1Iw", - dp: "pUXJ2jSl4lOWNcOZz5phvQmxIg2j2N9pJLS9TeAU63YNio1pb7npYa6OVGpp0JxlsE2MMvVZZtuPgd69MxPn0Q", - dq: "RZoqDM-iXKTA3ldQ0TQMKnVnAgAfWRsGN-j6wxW3R_1LVOw31KYGX7iXVfsJjnNTdEBMwfkVH7yezzd8zVmJ4w" }, - fmt: "jwk" }, - exception: "TypeError: Invalid JWK RSA key" }, { verify: true, sign_key: { key: { kty: "RSA", n: "yUmxoJC8VAM5hyYZa-XUBZg1N1ywFMPUpWsF1kaSGed98P3XUgPzgX80wpyzd5qdGuALqnf2lMc7O8PrGBtO5YrvQlI96NX0jUo5bc5wz220ob3AUCeQnTfx-UFqM4pCwjoDSo2PlphJdWgFYymGBaBCJgnENQL9H1N_8_yNiN8", @@ -315,43 +256,6 @@ let rsassa_pkcs1_v1_5_tsuite = { qi: "2REPnRQIaLsya5wlwFw0whwPaAbTZp2jfguhtg5gou_Yru7Cxz_b83YFPgoI6xuGE1OXsWkRTToS8FuIWCrNBQ" }, fmt: "jwk" }, expected: true }, - { sign_key: { key: { kty: "RSA", - n: "yUmxoJC8VAM5hyYZa-XUBZg1N1ywFMPUpWsF1kaSGed98P3XUgPzgX80wpyzd5qdGuALqnf2lMc7O8PrGBtO5YrvQlI96NX0jUo5bc5wz220ob3AUCeQnTfx-UFqM4pCwjoDSo2PlphJdWgFYymGBaBCJgnENQL9H1N_8_yNiN8", - e: "AQAB", - d: "j06DQyCopFujYoASi0oWmGEUSjUYO8BsrdSzVCnsLLsuZBwlZ4Peouyw4Hl2IIoYniCyzYwZJzVtC5Dh2MjgcrJTG5nX3FfheuabGl4in0583C51ZYWlVpDvBWw8kJTfXjiKH4z6ZA9dWdT5Y3aH_kOf-znUc7eTvuzISs61x_k", - p: "9ASb2yw5b8d7unrFuOyy4EDcPbnzEpbuVGASeHPqkORwHsqeGbfwGlhDYSYrY0HCwUsSBSFcO3SDeu0Z0zSvFQ", - q: "0yvzzgHo_PGYSlVj-M3965AwQF2wTXz82MZHv6EfcCHKuBfCSecr-igqLHhzfynAQjjf39VrXuPuRL23REF1Iw", - dp: "pUXJ2jSl4lOWNcOZz5phvQmxIg2j2N9pJLS9TeAU63YNio1pb7npYa6OVGpp0JxlsE2MMvVZZtuPgd69MxPn0Q", - dq: "RZoqDM-iXKTA3ldQ0TQMKnVnAgAfWRsGN-j6wxW3R_1LVOw31KYGX7iXVfsJjnNTdEBMwfkVH7yezzd8zVmJ4w", - qi: "2REPnRQIaLsya5wlwFw0whwPaAbTZp2jfguhtg5gou_Yru7Cxz_b83YFPgoI6xuGE1OXsWkRTToS8FuIWCrNBQ", - key_ops: [ "verify" ] }, - fmt: "jwk" }, - exception: "TypeError: Key operations and usage mismatch" }, - { sign_key: { key: { kty: "RSA", - n: "yUmxoJC8VAM5hyYZa-XUBZg1N1ywFMPUpWsF1kaSGed98P3XUgPzgX80wpyzd5qdGuALqnf2lMc7O8PrGBtO5YrvQlI96NX0jUo5bc5wz220ob3AUCeQnTfx-UFqM4pCwjoDSo2PlphJdWgFYymGBaBCJgnENQL9H1N_8_yNiN8", - e: "AQAB", - d: "j06DQyCopFujYoASi0oWmGEUSjUYO8BsrdSzVCnsLLsuZBwlZ4Peouyw4Hl2IIoYniCyzYwZJzVtC5Dh2MjgcrJTG5nX3FfheuabGl4in0583C51ZYWlVpDvBWw8kJTfXjiKH4z6ZA9dWdT5Y3aH_kOf-znUc7eTvuzISs61x_k", - p: "9ASb2yw5b8d7unrFuOyy4EDcPbnzEpbuVGASeHPqkORwHsqeGbfwGlhDYSYrY0HCwUsSBSFcO3SDeu0Z0zSvFQ", - q: "0yvzzgHo_PGYSlVj-M3965AwQF2wTXz82MZHv6EfcCHKuBfCSecr-igqLHhzfynAQjjf39VrXuPuRL23REF1Iw", - dp: "pUXJ2jSl4lOWNcOZz5phvQmxIg2j2N9pJLS9TeAU63YNio1pb7npYa6OVGpp0JxlsE2MMvVZZtuPgd69MxPn0Q", - dq: "RZoqDM-iXKTA3ldQ0TQMKnVnAgAfWRsGN-j6wxW3R_1LVOw31KYGX7iXVfsJjnNTdEBMwfkVH7yezzd8zVmJ4w", - qi: "2REPnRQIaLsya5wlwFw0whwPaAbTZp2jfguhtg5gou_Yru7Cxz_b83YFPgoI6xuGE1OXsWkRTToS8FuIWCrNBQ", - ext: false }, - fmt: "jwk", - extractable: true }, - exception: "TypeError: JWK RSA is not extractable" }, - { sign_key: { key: { kty: "RSA", - alg: "RS384", - n: "yUmxoJC8VAM5hyYZa-XUBZg1N1ywFMPUpWsF1kaSGed98P3XUgPzgX80wpyzd5qdGuALqnf2lMc7O8PrGBtO5YrvQlI96NX0jUo5bc5wz220ob3AUCeQnTfx-UFqM4pCwjoDSo2PlphJdWgFYymGBaBCJgnENQL9H1N_8_yNiN8", - e: "AQAB", - d: "j06DQyCopFujYoASi0oWmGEUSjUYO8BsrdSzVCnsLLsuZBwlZ4Peouyw4Hl2IIoYniCyzYwZJzVtC5Dh2MjgcrJTG5nX3FfheuabGl4in0583C51ZYWlVpDvBWw8kJTfXjiKH4z6ZA9dWdT5Y3aH_kOf-znUc7eTvuzISs61x_k", - p: "9ASb2yw5b8d7unrFuOyy4EDcPbnzEpbuVGASeHPqkORwHsqeGbfwGlhDYSYrY0HCwUsSBSFcO3SDeu0Z0zSvFQ", - q: "0yvzzgHo_PGYSlVj-M3965AwQF2wTXz82MZHv6EfcCHKuBfCSecr-igqLHhzfynAQjjf39VrXuPuRL23REF1Iw", - dp: "pUXJ2jSl4lOWNcOZz5phvQmxIg2j2N9pJLS9TeAU63YNio1pb7npYa6OVGpp0JxlsE2MMvVZZtuPgd69MxPn0Q", - dq: "RZoqDM-iXKTA3ldQ0TQMKnVnAgAfWRsGN-j6wxW3R_1LVOw31KYGX7iXVfsJjnNTdEBMwfkVH7yezzd8zVmJ4w", - qi: "2REPnRQIaLsya5wlwFw0whwPaAbTZp2jfguhtg5gou_Yru7Cxz_b83YFPgoI6xuGE1OXsWkRTToS8FuIWCrNBQ" }, - fmt: "jwk" }, - exception: "TypeError: JWK hash mismatch" }, ]}; let rsa_pss_tsuite = { @@ -422,8 +326,6 @@ let ecdsa_tsuite = { { verify: true, import_alg: { hash: "SHA-512" }, expected: true }, { verify: true, import_alg: { hash: "SHA-1" }, expected: true }, { verify: true, verify_key: { key: "ec2.spki" }, expected: false }, - { verify: true, verify_key: { key: "rsa.spki" }, exception: "Error: EC key is not found" }, - { verify: true, import_alg: { namedCurve: "P-384" }, exception: "Error: name curve mismatch" }, { verify: true, verify_key: { key: "BHFFLGURrlWEXhok0JfTKke4q-nWSIMPvKTPhdKYSVnc4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI", @@ -433,49 +335,12 @@ let ecdsa_tsuite = { { verify: true, sign_key: { key: "ec.jwk", fmt: "jwk" }, expected: true }, { verify: true, sign_key: { key: "ec.jwk", fmt: "jwk" }, verify_key: { key: "ec.pub.jwk", fmt: "jwk" }, expected: true }, - { verify: true, sign_key: { key: "ec.jwk", fmt: "jwk" }, - import_alg: { namedCurve: "P-384" }, exception: "Error: JWK EC curve mismatch" }, - { sign_key: { key: 1, fmt: "jwk" }, exception: "TypeError: Invalid JWK EC key" }, - { sign_key: { key: { kty: "EC" }, fmt: "jwk" }, exception: "TypeError: Invalid JWK EC key" }, - { sign_key: { key: { kty: "EC", x: "cUUsZRGuVYReGiTQl9MqR7ir6dZIgw-8pM-F0phJWdw"}, fmt: "jwk" }, - exception: "TypeError: Invalid JWK EC key" }, - { sign_key: { key: { kty: "EC", x: "cUUsZRGuVYReGiTQl9MqR7ir6dZIgw-8pM-F0phJWdw", - y: "4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI" }, - fmt: "jwk" }, - exception: "TypeError: Invalid JWK EC key" }, - { sign_key: { key: { kty: "EC", x: "cUUsZRGuVYReGiTQl9MqR7ir6dZIgw-8pM-F0phJWdw", - y: "4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI", - d: "E2sW0_4a3QXaSTJ0JKbSUbieKTD1UFtr7i_2CuetP6A" }, - fmt: "jwk" }, - exception: "TypeError: JWK EC curve mismatch" }, - { sign_key: { key: { kty: "EC", x: "cUUsZRGuVYReGiTQl9MqR7ir6dZIgw-8pM-F0phJWdw", - y: "4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI", - d: "E2sW0_4a3QXaSTJ0JKbSUbieKTD1UFtr7i_2CuetP6A", crv: "P-384" }, - fmt: "jwk" }, - exception: "TypeError: JWK EC curve mismatch" }, { verify: true, sign_key: { key: { kty: "EC", x: "cUUsZRGuVYReGiTQl9MqR7ir6dZIgw-8pM-F0phJWdw", y: "4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI", d: "E2sW0_4a3QXaSTJ0JKbSUbieKTD1UFtr7i_2CuetP6A", crv: "P-256" }, fmt: "jwk" }, expected: true }, - { sign_key: { key: { kty: "EC", x: "_BROKEN_", - y: "4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI", - d: "E2sW0_4a3QXaSTJ0JKbSUbieKTD1UFtr7i_2CuetP6A", crv: "P-256" }, - fmt: "jwk" }, - exception: "Error: EC_KEY_set_public_key_affine_coordinates() failed" }, - { sign_key: { key: { kty: "EC", x: "cUUsZRGuVYReGiTQl9MqR7ir6dZIgw-8pM-F0phJWdw", - y: "4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI", - d: "E2sW0_4a3QXaSTJ0JKbSUbieKTD1UFtr7i_2CuetP6A", crv: "P-256", - key_ops: [ "verify" ]}, - fmt: "jwk" }, - exception: "TypeError: Key operations and usage mismatch" }, - { sign_key: { key: { kty: "EC", x: "cUUsZRGuVYReGiTQl9MqR7ir6dZIgw-8pM-F0phJWdw", - y: "4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI", ext: false, - d: "E2sW0_4a3QXaSTJ0JKbSUbieKTD1UFtr7i_2CuetP6A", crv: "P-256" }, - extractable: true, - fmt: "jwk" }, - exception: "TypeError: JWK is not extractable" }, { sign_key: { key: { kty: "EC", x: "cUUsZRGuVYReGiTQl9MqR7ir6dZIgw-8pM-F0phJWdw", y: "4Nzn_7uNz0AA3U4fhpfVxSD4U5QciGyEoM4r3jC7bjI", d: "E2sW0_4a3QXaSTJ0JKbSUbieKTD1UFtr7i_2CuetP6A", crv: "P-256" },