diff options
Diffstat (limited to 'dom/crypto/test')
23 files changed, 6641 insertions, 0 deletions
diff --git a/dom/crypto/test/file_indexedDB.html b/dom/crypto/test/file_indexedDB.html new file mode 100644 index 000000000..09e95b18f --- /dev/null +++ b/dom/crypto/test/file_indexedDB.html @@ -0,0 +1,82 @@ +<!DOCTYPE html> +<html> +<head> + <meta charset="utf-8"> + <title>Bug 1188750 - WebCrypto must ensure NSS is initialized before deserializing</title> +</head> +<body> + <script type="application/javascript;version=1.8"> + let db; + + function err(resolve) { + return e => resolve(e.target.error.message); + } + + function openDatabase() { + return new Promise((resolve, reject) => { + let request = indexedDB.open("keystore", 1); + + request.onerror = err(reject); + request.onsuccess = function (event) { + db = event.target.result; + resolve(); + }; + + request.onupgradeneeded = function(event) { + db = event.target.result; + let objectStore = db.createObjectStore("keys", {autoIncrement: true}); + objectStore.transaction.oncomplete = resolve; + }; + }); + } + + function storeKey(key) { + return new Promise((resolve, reject) => { + let transaction = db.transaction("keys", "readwrite"); + transaction.objectStore("keys").put(key, key.type); + + transaction.onabort = err(reject); + transaction.onerror = err(reject); + + transaction.oncomplete = function () { + resolve(key); + }; + }); + }; + + function retrieveKey() { + return new Promise((resolve, reject) => { + let transaction = db.transaction("keys", "readonly"); + let cursor = transaction.objectStore("keys").openCursor(); + + cursor.onerror = err(reject); + cursor.onabort = err(reject); + + cursor.onsuccess = function (event) { + try { + let result = event.target.result; + resolve(result && result.value); + } catch (e) { + reject(e.message); + } + }; + }); + } + + function generateKey() { + let algorithm = { + name: "RSASSA-PKCS1-v1_5", + hash: "SHA-256", + modulusLength: 1024, + publicExponent: new Uint8Array([0x01, 0x00, 0x01]) + }; + + return crypto.subtle.generateKey(algorithm, true, ["sign", "verify"]); + } + + openDatabase() + .then(retrieveKey).then(generateKey).then(storeKey) + .then(() => alert("ok")).catch(alert); + </script> +</body> +</html> diff --git a/dom/crypto/test/mochitest.ini b/dom/crypto/test/mochitest.ini new file mode 100644 index 000000000..a30fe4fcc --- /dev/null +++ b/dom/crypto/test/mochitest.ini @@ -0,0 +1,26 @@ +[DEFAULT] +support-files = + file_indexedDB.html + test-array.js + test-vectors.js + test-worker.js + test_WebCrypto.css + util.js + +[test_indexedDB.html] +skip-if = toolkit == 'android' # bug 1200570 +[test_WebCrypto.html] +[test_WebCrypto_DH.html] +[test_WebCrypto_ECDH.html] +[test_WebCrypto_ECDSA.html] +[test_WebCrypto_HKDF.html] +[test_WebCrypto_Import_Multiple_Identical_Keys.html] +[test_WebCrypto_JWK.html] +[test_WebCrypto_Normalize.html] +[test_WebCrypto_PBKDF2.html] +[test_WebCrypto_Reject_Generating_Keys_Without_Usages.html] +[test_WebCrypto_RSA_OAEP.html] +[test_WebCrypto_RSA_PSS.html] +[test_WebCrypto_Structured_Cloning.html] +[test_WebCrypto_Workers.html] +[test_WebCrypto_Wrap_Unwrap.html] diff --git a/dom/crypto/test/test-array.js b/dom/crypto/test/test-array.js new file mode 100644 index 000000000..1297f8eb8 --- /dev/null +++ b/dom/crypto/test/test-array.js @@ -0,0 +1,242 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +var MOCHITEST = false; + +function Test(name, test) { + this.name = name; + this.startTime = null; + this.endTime = null; + this.result = null; + this.row = null; + + this.run = function() { + // Note the start time + this.startTime = new Date(); + // Run the test + try { + test.call(this); + } catch (e) { + console.log(e); + console.log(e.stack); + this.complete(false); + } + }; + + this.memcmp_complete = function(x, y) { + var passfail = util.memcmp(x, y); + if (!passfail) { + console.log("expected: " + util.abv2hex(x)); + console.log(" got: " + util.abv2hex(y)); + } + this.complete(passfail); + }; + + this.complete = function(result) { + if (MOCHITEST) { ok(result, this.name); } + + // Note the end time + this.endTime = new Date(); + // Set result + this.result = result; + // Re-draw the row + this.draw(); + this.next(); + }; + + this.next = function() { + if (this.oncomplete) { + this.oncomplete(); + } + }; + + this.setRow = function(id) { + this.row = document.getElementById(id).getElementsByTagName("td"); + }; + + this.draw = function() { + if (!this.row) return; + + // Print the name of the test + if (this.name) { + this.row[0].innerHTML = this.name; + var that = this; + this.row[0].onclick = function() { that.run(); } + } else { + this.row[0] = ""; + } + + // Print the result of the test + if (this.result == true) { + this.row[1].className = "pass"; + this.row[1].innerHTML = "PASS"; + } else if (this.result == false) { + this.row[1].className = "fail"; + this.row[1].innerHTML = "FAIL"; + } else { + //this.row[1].innerHTML = ""; + this.row[1].innerHTML = this.result; + } + + // Print the elapsed time, if known + if (this.startTime && this.endTime) { + this.row[2].innerHTML = (this.endTime - this.startTime) + " ms"; + } else { + this.row[2].innerHTML = ""; + } + }; +} + +function WorkerTest(worker, name, test) { + this.name = `${name} (Worker)`; + this.startTime = null; + this.endTime = null; + this.result = null; + this.row = null; + + this.run = function() { + // Note the start time + this.startTime = new Date(); + + // Send the test code to the worker. + worker.postMessage(test.toSource()); + + // We expect only boolean responses from the worker script. + worker.onmessage = e => this.complete(e.data); + worker.onerror = e => this.complete(false); + }; + + var base = new Test(name, test); + + // Inherit what we need from the |Test| class. We can't simply use its + // prototype as Test is just a function that can be used like a constructor. + for (var method of ["draw", "setRow", "next", "complete"]) { + this[method] = base[method].bind(this); + } +} + +var TestArray = { + tests: [], + table: null, + passSpan: null, + failSpan: null, + pendingSpan: null, + pass: 0, + fail: 0, + pending: 0, + currTest: 0, + worker: new Worker("test-worker.js"), + + addTest: function(name, testFn) { + // Give it a reference to the array + var test = new Test(name, testFn); + test.ta = this; + + // Add test to tests + this.tests.push(test); + + // Run the test in a worker too. + this.tests.push(new WorkerTest(this.worker, name, testFn)); + }, + + updateSummary: function() { + this.pass = this.fail = this.pending = 0; + for (var i=0; i<this.tests.length; ++i) { + if (this.tests[i].result == true) this.pass++; + if (this.tests[i].result == false) this.fail++; + if (this.tests[i].result == null) this.pending++; + } + this.passSpan.innerHTML = this.pass; + this.failSpan.innerHTML = this.fail; + this.pendingSpan.innerHTML = this.pending; + }, + + load: function() { + // Grab reference to table and summary numbers + this.table = document.getElementById("results"); + this.passSpan = document.getElementById("passN"); + this.failSpan = document.getElementById("failN"); + this.pendingSpan = document.getElementById("pendingN"); + + // Populate everything initially + this.updateSummary(); + for (var i=0; i<this.tests.length; ++i) { + var tr = document.createElement("tr"); + tr.id = "test" + i; + tr.appendChild(document.createElement("td")); + tr.appendChild(document.createElement("td")); + tr.appendChild(document.createElement("td")); + this.table.appendChild(tr); + this.tests[i].setRow(tr.id); + this.tests[i].draw(); + } + }, + + run: function() { + this.currTest = 0; + this.runNextTest(); + }, + + runNextTest: function() { + this.updateSummary(); + var i = this.currTest++; + if (i >= this.tests.length) { + if (MOCHITEST) { SimpleTest.finish(); } + return; + } + + var self = this; + this.tests[i].oncomplete = function() { + self.runNextTest(); + } + this.tests[i].run(); + } +} + +if (window.addEventListener) { + window.addEventListener("load", function() { TestArray.load(); } ); +} else { + window.attachEvent("onload", function() { TestArray.load(); } ); +} + +function start() { + TestArray.run(); +} + +MOCHITEST = ("SimpleTest" in window); +if (MOCHITEST) { + SimpleTest.waitForExplicitFinish(); + SimpleTest.requestLongerTimeout(2); + window.addEventListener("load", function() { + SimpleTest.waitForFocus(start); + }); +} + +function error(test) { + return function(x) { + console.log("ERROR :: " + x); + test.complete(false); + throw x; + } +} + +function complete(test, valid) { + return function(x) { + console.log("COMPLETE") + console.log(x); + if (valid) { + test.complete(valid(x)); + } else { + test.complete(true); + } + } +} + +function memcmp_complete(test, value) { + return function(x) { + console.log("COMPLETE") + console.log(x); + test.memcmp_complete(value, x); + } +} diff --git a/dom/crypto/test/test-vectors.js b/dom/crypto/test/test-vectors.js new file mode 100644 index 000000000..dd6d2ba33 --- /dev/null +++ b/dom/crypto/test/test-vectors.js @@ -0,0 +1,1052 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +tv = { + raw: util.hex2abv("f3095c4fe5e299477643c2310b44f0aa"), + + // this key had an inappropriate length (18 octets) + negative_raw: util.hex2abv("f3095c4fe5e299477643c2310b44f0aabbcc"), + + // openssl genrsa 512 | openssl pkcs8 -topk8 -nocrypt + pkcs8: util.hex2abv( + "30820154020100300d06092a864886f70d01010105000482013e3082013a0201" + + "00024100a240ceb54e70dc14825b587d2f5dfd463c4b8250b696004a1acaafe4" + + "9bcf384a46aa9fb4d9c7ee88e9ef0a315f53868f63680b58347249baedd93415" + + "16c4cab70203010001024034e6dc7ed0ec8b55448b73f69d1310196e5f5045f0" + + "c247a5e1c664432d6a0af7e7da40b83af047dd01f5e0a90e47c224d7b5133a35" + + "4d11aa5003b3e8546c9901022100cdb2d7a7435bcb45e50e86f6c14e97ed781f" + + "0956cd26e6f75ed9fc88125f8407022100c9ee30af6cb95ac9c1149ed84b3338" + + "481741359409f369c497be177d950fb7d10221008b0ef98d611320639b0b6c20" + + "4ae4a7fee8f30a6c3cfaacafd4d6c74af228d26702206b0e1dbf935bbd774327" + + "2483b572a53f0b1d2643a2f6eab7305fb6627cf9855102203d2263156b324146" + + "4478b713eb854c4f6b3ef052f0463b65d8217daec0099834" + ), + + // Truncated form of the PKCS#8 stucture above + negative_pkcs8: util.hex2abv("30820154020100300d06092a864886f70d010"), + + // Extracted from a cert via http://lapo.it/asn1js/ + spki: util.hex2abv( + "30819F300D06092A864886F70D010101050003818D0030818902818100895309" + + "7086EE6147C5F4D5FFAF1B498A3D11EC5518E964DC52126B2614F743883F64CA" + + "51377ABB530DFD20464A48BD67CD27E7B29AEC685C5D10825E605C056E4AB8EE" + + "A460FA27E55AA62C498B02D7247A249838A12ECDF37C6011CF4F0EDEA9CEE687" + + "C1CB4A51C6AE62B2EFDB000723A01C99D6C23F834880BA8B42D5414E6F020301" + + "0001" + ), + + // Truncated form of the PKCS#8 stucture above + negative_spki: util.hex2abv("30819F300D06092A864886F70D010101050003"), + + // From the NESSIE project + // https://www.cosic.esat.kuleuven.be/nessie/testvectors/hash + // /sha/Sha-2-256.unverified.test-vectors + // Set 1, vector# 5 + sha256: { + data: util.hex2abv("616263646263646563646566646566676566676866676" + + "8696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c" + + "6d6e6f6d6e6f706e6f7071"), + result: util.hex2abv("248D6A61D20638B8E5C026930C3E6039A33CE45964F" + + "F2167F6ECEDD419DB06C1"), + }, + + // Test vector 2 from: + // <https://github.com/geertj/bluepass/blob/master/tests/vectors/aes-cbc-pkcs7.txt> + aes_cbc_enc: { + /* + key: util.hex2abv("893123f2d57b6e2c39e2f10d3ff818d1"), + iv: util.hex2abv("64be1b06ea7453ed2df9a79319d5edc5"), + data: util.hex2abv("44afb9a64ac896c2"), + result: util.hex2abv("7067c4cb6dfc69df949c2f39903c9310"), + */ + key: util.hex2abv("893123f2d57b6e2c39e2f10d3ff818d1"), + iv: util.hex2abv("64be1b06ea7453ed2df9a79319d5edc5"), + data: util.hex2abv("44afb9a64ac896c2"), + result: util.hex2abv("7067c4cb6dfc69df949c2f39903c9310"), + }, + + // Test vector 11 from: + // <https://github.com/geertj/bluepass/blob/master/tests/vectors/aes-cbc-pkcs7.txt> + aes_cbc_dec: { + key: util.hex2abv("04952c3fcf497a4d449c41e8730c5d9a"), + iv: util.hex2abv("53549bf7d5553b727458c1abaf0ba167"), + data: util.hex2abv("7fa290322ca7a1a04b61a1147ff20fe6" + + "6fde58510a1d0289d11c0ddf6f4decfd"), + result: util.hex2abv("c9a44f6f75e98ddbca7332167f5c45e3"), + }, + + // Test vector 2 from: + // <http://tools.ietf.org/html/rfc3686#section-6> + aes_ctr_enc: { + key: util.hex2abv("7E24067817FAE0D743D6CE1F32539163"), + iv: util.hex2abv("006CB6DBC0543B59DA48D90B00000001"), + data: util.hex2abv("000102030405060708090A0B0C0D0E0F" + + "101112131415161718191A1B1C1D1E1F"), + result: util.hex2abv("5104A106168A72D9790D41EE8EDAD3" + + "88EB2E1EFC46DA57C8FCE630DF9141BE28"), + }, + + // Test vector 3 from: + // <http://tools.ietf.org/html/rfc3686#section-6> + aes_ctr_dec: { + key: util.hex2abv("7691BE035E5020A8AC6E618529F9A0DC"), + iv: util.hex2abv("00E0017B27777F3F4A1786F000000001"), + data: util.hex2abv("000102030405060708090A0B0C0D0E0F" + + "101112131415161718191A1B1C1D1E1F20212223"), + result: util.hex2abv("C1CF48A89F2FFDD9CF4652E9EFDB72D7" + + "4540A42BDE6D7836D59A5CEAAEF3105325B2072F"), + }, + + // Test case #18 from McGrew and Viega + // <http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf> + aes_gcm_enc: { + key: util.hex2abv("feffe9928665731c6d6a8f9467308308" + + "feffe9928665731c6d6a8f9467308308"), + key_jwk: { + kty: "oct", + k: "_v_pkoZlcxxtao-UZzCDCP7_6ZKGZXMcbWqPlGcwgwg" + }, + iv: util.hex2abv("9313225df88406e555909c5aff5269aa" + + "6a7a9538534f7da1e4c303d2a318a728" + + "c3c0c95156809539fcf0e2429a6b5254" + + "16aedbf5a0de6a57a637b39b"), + adata: util.hex2abv("feedfacedeadbeeffeedfacedeadbeefabaddad2"), + data: util.hex2abv("d9313225f88406e5a55909c5aff5269a" + + "86a7a9531534f7da2e4c303d8a318a72" + + "1c3c0c95956809532fcf0e2449a6b525" + + "b16aedf5aa0de657ba637b39"), + result: util.hex2abv("5a8def2f0c9e53f1f75d7853659e2a20" + + "eeb2b22aafde6419a058ab4f6f746bf4" + + "0fc0c3b780f244452da3ebf1c5d82cde" + + "a2418997200ef82e44ae7e3f" + + "a44a8266ee1c8eb0c8b5d4cf5ae9f19a"), + }, + + + // Test case #17 from McGrew and Viega + // <http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf> + aes_gcm_dec: { + key: util.hex2abv("feffe9928665731c6d6a8f9467308308" + + "feffe9928665731c6d6a8f9467308308"), + iv: util.hex2abv("cafebabefacedbad"), + adata: util.hex2abv("feedfacedeadbeeffeedfacedeadbeefabaddad2"), + data: util.hex2abv("c3762df1ca787d32ae47c13bf19844cb" + + "af1ae14d0b976afac52ff7d79bba9de0" + + "feb582d33934a4f0954cc2363bc73f78" + + "62ac430e64abe499f47c9b1f" + + "3a337dbf46a792c45e454913fe2ea8f2"), + result: util.hex2abv("d9313225f88406e5a55909c5aff5269a" + + "86a7a9531534f7da2e4c303d8a318a72" + + "1c3c0c95956809532fcf0e2449a6b525" + + "b16aedf5aa0de657ba637b39"), + }, + + // Test case #17 from McGrew and Viega + // ... but with part of the authentication tag zeroed + // <http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf> + aes_gcm_dec_fail: { + key: util.hex2abv("feffe9928665731c6d6a8f9467308308" + + "feffe9928665731c6d6a8f9467308308"), + iv: util.hex2abv("cafebabefacedbad"), + adata: util.hex2abv("feedfacedeadbeeffeedfacedeadbeefabaddad2"), + data: util.hex2abv("c3762df1ca787d32ae47c13bf19844cb" + + "af1ae14d0b976afac52ff7d79bba9de0" + + "feb582d33934a4f0954cc2363bc73f78" + + "62ac430e64abe499f47c9b1f" + + "00000000000000005e454913fe2ea8f2"), + result: util.hex2abv("d9313225f88406e5a55909c5aff5269a" + + "86a7a9531534f7da2e4c303d8a318a72" + + "1c3c0c95956809532fcf0e2449a6b525" + + "b16aedf5aa0de657ba637b39"), + }, + + // RFC 4231 <http://tools.ietf.org/html/rfc4231>, Test Case 7 + hmac_sign: { + key: util.hex2abv("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + + "aaaaaa"), + data: util.hex2abv("54686973206973206120746573742075" + + "73696e672061206c6172676572207468" + + "616e20626c6f636b2d73697a65206b65" + + "7920616e642061206c61726765722074" + + "68616e20626c6f636b2d73697a652064" + + "6174612e20546865206b6579206e6565" + + "647320746f2062652068617368656420" + + "6265666f7265206265696e6720757365" + + "642062792074686520484d414320616c" + + "676f726974686d2e"), + result: util.hex2abv("9b09ffa71b942fcb27635fbcd5b0e944" + + "bfdc63644f0713938a7f51535c3a35e2"), + }, + + // RFC 4231 <http://tools.ietf.org/html/rfc4231>, Test Case 6 + hmac_verify: { + key: util.hex2abv("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + + "aaaaaa"), + data: util.hex2abv("54657374205573696e67204c61726765" + + "72205468616e20426c6f636b2d53697a" + + "65204b6579202d2048617368204b6579" + + "204669727374"), + sig: util.hex2abv("60e431591ee0b67f0d8a26aacbf5b77f" + + "8e0bc6213728c5140546040f0ee37f54"), + sig_fail: util.hex2abv("000000001ee0b67f0d8a26aacbf5b77f" + + "8e0bc6213728c5140546040f0ee37f54"), + }, + + // RSA test vectors, Example 1.3 + // <ftp://ftp.rsa.com/pub/rsalabs/tmp/pkcs1v15crypt-vectors.txt> + rsaes: { + pkcs8: util.hex2abv( + "30820276020100300d06092a864886f70d0101010500048202603082025c0201" + + "0002818100a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae" + + "4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630" + + "f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fa" + + "b9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de" + + "88d39f16fb020301000102818053339cfdb79fc8466a655c7316aca85c55fd8f" + + "6dd898fdaf119517ef4f52e8fd8e258df93fee180fa0e4ab29693cd83b152a55" + + "3d4ac4d1812b8b9fa5af0e7f55fe7304df41570926f3311f15c4d65a732c4831" + + "16ee3d3d2d0af3549ad9bf7cbfb78ad884f84d5beb04724dc7369b31def37d0c" + + "f539e9cfcdd3de653729ead5d1024100d32737e7267ffe1341b2d5c0d150a81b" + + "586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1" + + "c11c520c2f26a471dcad212eac7ca39d024100cc8853d1d54da630fac004f471" + + "f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0d" + + "d852be2419b2af72bfe9a030e860b0288b5d7702400e12bf1718e9cef5599ba1" + + "c3882fe8046a90874eefce8f2ccc20e4f2741fb0a33a3848aec9c9305fbecbd2" + + "d76819967d4671acc6431e4037968db37878e695c102410095297b0f95a2fa67" + + "d00707d609dfd4fc05c89dafc2ef6d6ea55bec771ea333734d9251e79082ecda" + + "866efef13c459e1a631386b7e354c899f5f112ca85d7158302404f456c502493" + + "bdc0ed2ab756a3a6ed4d67352a697d4216e93212b127a63d5411ce6fa98d5dbe" + + "fd73263e3728142743818166ed7dd63687dd2a8ca1d2f4fbd8e1" + ), + spki: util.hex2abv( + "30819f300d06092a864886f70d010101050003818d0030818902818100a8b3b2" + + "84af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0" + + "b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae8" + + "33c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef739" + + "2dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb020301" + + "0001" + ), + data: util.hex2abv( + "d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c245" + + "1fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051" + ), + result: util.hex2abv( + "709c7d2d4598c96065b6588da2f89fa87f062d7241ef6595898f637ada57eae9" + + "0173f0fb4bf6a91ebd96506907c853dacf208494be94d313a04185d474a90741" + + "2effc3e024d07e4d09aa245fbcb130219bfa5de02d4f7e2ec9e62e8ad32dee5f" + + "f4d8e4cfecbc5033a1c2c61c5233ae16192a481d0075bfc7ce028212cd27bebe" + ), + }, + + // RSA test vectors, Example 1.3 (sig256 generated with PyCrypto) + // <ftp://ftp.rsa.com/pub/rsalabs/tmp/pkcs1v15sign-vectors.txt> + rsassa: { + pkcs8: util.hex2abv( + "30820275020100300d06092a864886f70d01010105000482025f3082025b0201" + + "0002818100a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1" + + "e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ce" + + "abfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e" + + "6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb22" + + "49bd9a2137020301000102818033a5042a90b27d4f5451ca9bbbd0b44771a101" + + "af884340aef9885f2a4bbe92e894a724ac3c568c8f97853ad07c0266c8c6a3ca" + + "0929f1e8f11231884429fc4d9ae55fee896a10ce707c3ed7e734e44727a39574" + + "501a532683109c2abacaba283c31b4bd2f53c3ee37e352cee34f9e503bd80c06" + + "22ad79c6dcee883547c6a3b325024100e7e8942720a877517273a356053ea2a1" + + "bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1" + + "535bd9b3cc34160b3b6dcd3eda8e6443024100b69dca1cf7d4d7ec81e75b90fc" + + "ca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542" + + "cd20dc723e6963364a1f9425452b269a6799fd024028fa13938655be1f8a159c" + + "baca5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8d" + + "d3ede2448328f385d81b30e8e43b2fffa02786197902401a8b38f398fa712049" + + "898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd48be455e" + + "aeb6e1678255827580a8e4e8e14151d1510a82a3f2e729024027156aba4126d2" + + "4a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319584b8e22fdde1e5a" + + "2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24a79f4d" + ), + jwk_priv: { + kty: "RSA", + n: "pW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW_-2xYrTA8oOhK" + + "oijlN_1JqtykcuzB86r_OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm" + + "_4nRnxBazC0_DLNfKSgOE4a29kxO8i4eHyDQzoz_siSb2aITc", + e: "AQAB", + d: "M6UEKpCyfU9UUcqbu9C0R3GhAa-IQ0Cu-YhfKku-kuiUpySsPFaMj5eFOtB8A" + + "mbIxqPKCSnx6PESMYhEKfxNmuVf7olqEM5wfD7X5zTkRyejlXRQGlMmgxCcKr" + + "rKuig8MbS9L1PD7jfjUs7jT55QO9gMBiKtecbc7og1R8ajsyU", + p: "5-iUJyCod1Fyc6NWBT6iobwMlKpy1VxuhilrLfyWeUjApyy8zKfqyzVwbgmh31W" + + "hU1vZs8w0Fgs7bc0-2o5kQw", + q: "tp3KHPfU1-yB51uQ_MqHSrzeEj_ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCz" + + "SDccj5pYzZKH5QlRSsmmmeZ_Q", + dp: "KPoTk4ZVvh-KFZy6ylpy6hkMMAieGc0nSlVvNsT24Z9VSzTAd3kEJ7vdjdPt4" + + "kSDKPOF2Bsw6OQ7L_-gJ4YZeQ", + dq: "Gos485j6cSBJiY1_t57gp3ZoeRKZzfoJ78DlB6yyHtdDAe9b_Ui-RV6utuFng" + + "lWCdYCo5OjhQVHRUQqCo_LnKQ", + qi: "JxVqukEm0kqB86Uoy_sn9WiG-ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2" + + "FhBlOshkKz4MrhH8To9JKefTQ" + }, + spki: util.hex2abv( + "30819f300d06092a864886f70d010101050003818d0030818902818100a56e4a" + + "0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c510" + + "56ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd95" + + "08096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2" + + "d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137020301" + + "0001" + ), + jwk_pub: { + kty: "RSA", + n: "pW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW_-2xYrTA8oOhK" + + "oijlN_1JqtykcuzB86r_OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm" + + "_4nRnxBazC0_DLNfKSgOE4a29kxO8i4eHyDQzoz_siSb2aITc", + e: "AQAB", + }, + data: util.hex2abv( + "a4b159941761c40c6a82f2b80d1b94f5aa2654fd17e12d588864679b54cd04ef" + + "8bd03012be8dc37f4b83af7963faff0dfa225477437c48017ff2be8191cf3955" + + "fc07356eab3f322f7f620e21d254e5db4324279fe067e0910e2e81ca2cab31c7" + + "45e67a54058eb50d993cdb9ed0b4d029c06d21a94ca661c3ce27fae1d6cb20f4" + + "564d66ce4767583d0e5f060215b59017be85ea848939127bd8c9c4d47b51056c" + + "031cf336f17c9980f3b8f5b9b6878e8b797aa43b882684333e17893fe9caa6aa" + + "299f7ed1a18ee2c54864b7b2b99b72618fb02574d139ef50f019c9eef4169713" + + "38e7d470" + ), + sig1: util.hex2abv( + "0b1f2e5180e5c7b4b5e672929f664c4896e50c35134b6de4d5a934252a3a245f" + + "f48340920e1034b7d5a5b524eb0e1cf12befef49b27b732d2c19e1c43217d6e1" + + "417381111a1d36de6375cf455b3c9812639dbc27600c751994fb61799ecf7da6" + + "bcf51540afd0174db4033188556675b1d763360af46feeca5b60f882829ee7b2" + ), + sig256: util.hex2abv( + "558af496a9900ec497a51723a0bf1be167a3fdd0e40c95764575bcc93d35d415" + + "94aef08cd8d339272387339fe5faa5635a1c4ad6c9b622f8c38edce6b26d9b76" + + "e3fec5b567e5b996624c4aeef74191c4349e5ac9e29b848c54bcfa538fec58d5" + + "9368253f0ff9a7ba0637918dd16b2c95f8c73ad7484482ba4387655f2f7d4b00" + ), + sig_fail: util.hex2abv( + "8000000080e5c7b4b5e672929f664c4896e50c35134b6de4d5a934252a3a245f" + + "f48340920e1034b7d5a5b524eb0e1cf12befef49b27b732d2c19e1c43217d6e1" + + "417381111a1d36de6375cf455b3c9812639dbc27600c751994fb61799ecf7da6" + + "bcf51540afd0174db4033188556675b1d763360af46feeca5b60f882829ee7b2" + ), + // This RSA private key has p < q + jwk_priv_pLTq: { + kty: "RSA", + n: "p0HwS3l58WCcN5MPJ3TDu2fMRFZdAFhItiuGMvfDGj0myIM2BhJixSsDleu0h" + + "x8mSL4CP9c63-zTFdMjwHluYJ_ugK_jV5c4igfyyD2yQ9IAbaBtSh2GV_PrgM" + + "l9XCMobLQonC0ktHcMojYMTNSmLBc1kXLxKq1PnY8ja8oNoNKmDzJt3Hx_KlJ" + + "mORwrchrrVzKdrRuj37PmMKKl6MCNThrFFn4PtZ6e59cxgwSAWoOqvvTewCdI" + + "H4uGuoEnafBcPsuMOLD-oS0CTml_AK3Wgwt-zJ9BSFSial_PSTg0hpUp8pqWv" + + "1NZaxG1HiY3gS-8JHSqTVeoGznFmod3FqRG_Q", + e: "AQAB", + d: "SrxoBxGMr5KfuyV3DAZcv4yt9Ysxm0nXk673FCcpgrv4bHhU13m3sKp7u63Ky" + + "OXeUXq1vpkJsa081O-3dfXMoFhWViJBz42-sc7DaT5IPY3EqzeYHhn7Qam4fZ" + + "-K6HS9R3VpAAAb-peHiaPk8x_B8MmeIhPeN1ehz6F6DlwGoulDPOI3EMLoOCL" + + "V_cus8AV8il5FaJxwuuo2xc4oEbwT24AN2hXVZekTgPkNSGXBMhagu82lDlx8" + + "y7awiC1bchWMUJ88BLqgScbl4bpTLqos0fRXDugY957diwF_zRHdr2jsj8Dm_" + + "0J1XdgaIeycIApU61PSUy8ZLZbDQ9mlajRlgQ", + p: "uQKh1mjslzbWrDBgqAWcCCPpV9tvA5AAotKuyDRe8ohj-WbKcClwQEXTLqT3Z" + + "uirrHrqrmronElxdN22ukpmf_Kk301Kz1HU5qJZKTOzwiO8JSJ7wtLDDWkoyV" + + "3Zj6On2N8ZX69cvwbo-S5trIv3iDjfsb0ZvmuGjEn-4dcYUxk", + q: "52957s9n0wOBwe5sCtttd_R-h-IX03mZ3Jie4K2GugCZy6H2Rs0hPoylOn0X9" + + "eI7atHiP3laaHyEwTOQhdC_RUCLsS-ZMa8p0EaewF_Lk6eCL0pDmHpTZiGjeB" + + "EwvftzoO_cEpbkRkF-OxjRs6ejppm3MKkgZZJT2-R5iSaQU4U", + dp: "ijDlIXoN_oT_pG4eRGKsQYhRa0aEjWyqjPRBiVlU8mPeCRQ2ccECD4AYVebyx" + + "PNWB-doFA_W36YcEObq7gtUtI1RiVn6XxEIrZzmbFgqFQEML9CqEMPM3d-Gj6" + + "KCN0BOxzcdhNM_u5A1xKphUVja8-1HaUOOTyWRwogi0h4QFUE", + dq: "KN1yNkzBFG1mGAw1X6VnKuss_Glbs6ehF2aLhzictXMttNsgVVgbKqRC-JTmC" + + "jCsNSxiOrr-z7xM5KBqQHafj2baQ6sX7cH0LCaMGYPQun21aww960qON1ZxOt" + + "4uMR2ZSS2ROmcSX6Vo2J6FSKetKdmykxEJ-2VfEVDCdQkuKtE", + qi: "pDhm0DZADZiGIsjYMmpoDo4EmYHari-VfxjAqCgcec5nPfNt5BSKQow3_E_v0" + + "Yik1qa-AGWuC8vTh8vUFsQ0rE1lVSgXYPalMTjLFNY_hCBXmsDfMS5vcsL0-G" + + "Y8F2U_XRY3WEaoNPb9UZqzgp7xl6_XM__2U47LIoUpCgcN9RA", + }, + }, + + // RSA test vectors, oaep-vect.txt, Example 1.1: A 1024-bit RSA Key Pair + // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip> + rsaoaep: { + pkcs8: util.hex2abv( + "30820276020100300d06092a864886f70d0101010500048202603082025c0201" + + "0002818100a8b3b284af8eb50b387034a860f146c4919f318763cd6c5598c8ae" + + "4811a1e0abc4c7e0b082d693a5e7fced675cf4668512772c0cbc64a742c6c630" + + "f533c8cc72f62ae833c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fa" + + "b9845cb5148ef7392dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de" + + "88d39f16fb020301000102818053339cfdb79fc8466a655c7316aca85c55fd8f" + + "6dd898fdaf119517ef4f52e8fd8e258df93fee180fa0e4ab29693cd83b152a55" + + "3d4ac4d1812b8b9fa5af0e7f55fe7304df41570926f3311f15c4d65a732c4831" + + "16ee3d3d2d0af3549ad9bf7cbfb78ad884f84d5beb04724dc7369b31def37d0c" + + "f539e9cfcdd3de653729ead5d1024100d32737e7267ffe1341b2d5c0d150a81b" + + "586fb3132bed2f8d5262864a9cb9f30af38be448598d413a172efb802c21acf1" + + "c11c520c2f26a471dcad212eac7ca39d024100cc8853d1d54da630fac004f471" + + "f281c7b8982d8224a490edbeb33d3e3d5cc93c4765703d1dd791642f1f116a0d" + + "d852be2419b2af72bfe9a030e860b0288b5d7702400e12bf1718e9cef5599ba1" + + "c3882fe8046a90874eefce8f2ccc20e4f2741fb0a33a3848aec9c9305fbecbd2" + + "d76819967d4671acc6431e4037968db37878e695c102410095297b0f95a2fa67" + + "d00707d609dfd4fc05c89dafc2ef6d6ea55bec771ea333734d9251e79082ecda" + + "866efef13c459e1a631386b7e354c899f5f112ca85d7158302404f456c502493" + + "bdc0ed2ab756a3a6ed4d67352a697d4216e93212b127a63d5411ce6fa98d5dbe" + + "fd73263e3728142743818166ed7dd63687dd2a8ca1d2f4fbd8e1" + ), + spki: util.hex2abv( + "30819f300d06092a864886f70d010101050003818d0030818902818100a8b3b2" + + "84af8eb50b387034a860f146c4919f318763cd6c5598c8ae4811a1e0abc4c7e0" + + "b082d693a5e7fced675cf4668512772c0cbc64a742c6c630f533c8cc72f62ae8" + + "33c40bf25842e984bb78bdbf97c0107d55bdb662f5c4e0fab9845cb5148ef739" + + "2dd3aaff93ae1e6b667bb3d4247616d4f5ba10d4cfd226de88d39f16fb020301" + + "0001" + ), + data: util.hex2abv( + "6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34" + ), + result: util.hex2abv( + "354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb" + + "21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535f" + + "a9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426" + + "d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a" + ), + }, + + // [pss-vect.txt] Example 1.1 from + // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip> + rsapss: { + pkcs8: util.hex2abv( + "30820275020100300d06092a864886f70d01010105000482025f3082025b0201" + + "0002818100a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1" + + "e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ce" + + "abfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e" + + "6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb22" + + "49bd9a2137020301000102818033a5042a90b27d4f5451ca9bbbd0b44771a101" + + "af884340aef9885f2a4bbe92e894a724ac3c568c8f97853ad07c0266c8c6a3ca" + + "0929f1e8f11231884429fc4d9ae55fee896a10ce707c3ed7e734e44727a39574" + + "501a532683109c2abacaba283c31b4bd2f53c3ee37e352cee34f9e503bd80c06" + + "22ad79c6dcee883547c6a3b325024100e7e8942720a877517273a356053ea2a1" + + "bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1" + + "535bd9b3cc34160b3b6dcd3eda8e6443024100b69dca1cf7d4d7ec81e75b90fc" + + "ca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542" + + "cd20dc723e6963364a1f9425452b269a6799fd024028fa13938655be1f8a159c" + + "baca5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8d" + + "d3ede2448328f385d81b30e8e43b2fffa02786197902401a8b38f398fa712049" + + "898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd48be455e" + + "aeb6e1678255827580a8e4e8e14151d1510a82a3f2e729024027156aba4126d2" + + "4a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319584b8e22fdde1e5a" + + "2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24a79f4d" + ), + spki: util.hex2abv( + "30819f300d06092a864886f70d010101050003818d0030818902818100a56e4a" + + "0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c510" + + "56ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd95" + + "08096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2" + + "d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137020301" + + "0001" + ), + data: util.hex2abv( + "cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b6" + + "2371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb76" + + "9757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb0" + + "61a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d61" + + "93c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c" + + "296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16" + + "be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0" + ), + sig: util.hex2abv( + "9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887" + + "e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215" + + "df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65" + + "984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c" + ), + saltLength: 20, + jwk_priv: { + kty: "RSA", + n: "pW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW_-2xYrTA8oOhK" + + "oijlN_1JqtykcuzB86r_OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm" + + "_4nRnxBazC0_DLNfKSgOE4a29kxO8i4eHyDQzoz_siSb2aITc", + e: "AQAB", + d: "M6UEKpCyfU9UUcqbu9C0R3GhAa-IQ0Cu-YhfKku-kuiUpySsPFaMj5eFOtB8A" + + "mbIxqPKCSnx6PESMYhEKfxNmuVf7olqEM5wfD7X5zTkRyejlXRQGlMmgxCcKr" + + "rKuig8MbS9L1PD7jfjUs7jT55QO9gMBiKtecbc7og1R8ajsyU", + p: "5-iUJyCod1Fyc6NWBT6iobwMlKpy1VxuhilrLfyWeUjApyy8zKfqyzVwbgmh3" + + "1WhU1vZs8w0Fgs7bc0-2o5kQw", + q: "tp3KHPfU1-yB51uQ_MqHSrzeEj_ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCz" + + "SDccj5pYzZKH5QlRSsmmmeZ_Q", + dp: "KPoTk4ZVvh-KFZy6ylpy6hkMMAieGc0nSlVvNsT24Z9VSzTAd3kEJ7vdjdPt" + + "4kSDKPOF2Bsw6OQ7L_-gJ4YZeQ", + dq: "Gos485j6cSBJiY1_t57gp3ZoeRKZzfoJ78DlB6yyHtdDAe9b_Ui-RV6utuFn" + + "glWCdYCo5OjhQVHRUQqCo_LnKQ", + qi: "JxVqukEm0kqB86Uoy_sn9WiG-ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo" + + "2FhBlOshkKz4MrhH8To9JKefTQ", + }, + jwk_pub: { + kty: "RSA", + n: "pW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW_-2xYrTA8oOhK" + + "oijlN_1JqtykcuzB86r_OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm" + + "_4nRnxBazC0_DLNfKSgOE4a29kxO8i4eHyDQzoz_siSb2aITc", + e: "AQAB", + }, + }, + + // [pss-vect.txt] Example 1.4 from + // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip> + rsapss2: { + spki: util.hex2abv( + "30819f300d06092a864886f70d010101050003818d0030818902818100a56e4a" + + "0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c510" + + "56ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd95" + + "08096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2" + + "d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137020301" + + "0001" + ), + data: util.hex2abv( + "bc656747fa9eafb3f0" + ), + sig: util.hex2abv( + "4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c" + + "178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad" + + "8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e18" + + "33b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87" + ), + saltLength: 20 + }, + + // [SigVerPSS_186-3.rsp] from + // <http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-2rsatestvectors.zip> + rsapss3: { + spki: util.hex2abv( + "30819d300d06092a864886f70d010101050003818b0030818702818100be499b" + + "5e7f06c83fa0293e31465c8eb6b58af920bae52a7b5b9bfeb7aa72db1264112e" + + "b3fd431d31a2a7e50941566929494a0e891ed5613918b4b51b0d1fb97783b26a" + + "cf7d0f384cfb35f4d2824f5dd380623a26bf180b63961c619dcdb20cae406f22" + + "f6e276c80a37259490cfeb72c1a71a84f1846d330877ba3e3101ec9c7b020111" + ), + data: util.hex2abv( + "c7f5270fca725f9bd19f519a8d7cca3cc5c079024029f3bae510f9b02140fe23" + + "8908e4f6c18f07a89c687c8684669b1f1db2baf9251a3c829faccb493084e16e" + + "c9e28d58868074a5d6221667dd6e528d16fe2c9f3db4cfaf6c4dce8c8439af38" + + "ceaaaa9ce2ecae7bc8f4a5a55e3bf96df9cd575c4f9cb327951b8cdfe4087168" + ), + sig: util.hex2abv( + "11e169f2fd40b07641b9768a2ab19965fb6c27f10fcf0323fcc6d12eb4f1c06b" + + "330ddaa1ea504407afa29de9ebe0374fe9d1e7d0ffbd5fc1cf3a3446e4145415" + + "d2ab24f789b3464c5c43a256bbc1d692cf7f04801dac5bb401a4a03ab7d5728a" + + "860c19e1a4dc797ca542c8203cec2e601eb0c51f567f2eda022b0b9ebddeeefa" + ), + saltLength: 10 + }, + + // [SigVerPSS_186-3.rsp] from + // <http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-2rsatestvectors.zip> + rsapss4: { + spki: util.hex2abv( + "30819d300d06092a864886f70d010101050003818b0030818702818100be499b" + + "5e7f06c83fa0293e31465c8eb6b58af920bae52a7b5b9bfeb7aa72db1264112e" + + "b3fd431d31a2a7e50941566929494a0e891ed5613918b4b51b0d1fb97783b26a" + + "cf7d0f384cfb35f4d2824f5dd380623a26bf180b63961c619dcdb20cae406f22" + + "f6e276c80a37259490cfeb72c1a71a84f1846d330877ba3e3101ec9c7b020111" + ), + data: util.hex2abv( + "c7f5270fca725f9bd19f519a8d7cca3cc5c079024029f3bae510f9b02140fe23" + + "8908e4f6c18f07a89c687c8684669b1f1db2baf9251a3c829faccb493084e16e" + + "c9e28d58868074a5d6221667dd6e528d16fe2c9f3db4cfaf6c4dce8c8439af38" + + "ceaaaa9ce2ecae7bc8f4a5a55e3bf96df9cd575c4f9cb327951b8cdfe4087168" + ), + sig: util.hex2abv( + "b281ad934b2775c0cba5fb10aa574d2ed85c7f99b942b78e49702480069362ed" + + "394baded55e56cfcbe7b0b8d2217a05a60e1acd725cb09060dfac585bc2132b9" + + "9b41cdbd530c69d17cdbc84bc6b9830fc7dc8e1b2412cfe06dcf8c1a0cc3453f" + + "93f25ebf10cb0c90334fac573f449138616e1a194c67f44efac34cc07a526267" + ), + saltLength: 10 + }, + + // [SigVerPSS_186-3.rsp] from + // <http://csrc.nist.gov/groups/STM/cavp/documents/dss/186-2rsatestvectors.zip> + rsapss5: { + spki: util.hex2abv( + "30819d300d06092a864886f70d010101050003818b0030818702818100be499b" + + "5e7f06c83fa0293e31465c8eb6b58af920bae52a7b5b9bfeb7aa72db1264112e" + + "b3fd431d31a2a7e50941566929494a0e891ed5613918b4b51b0d1fb97783b26a" + + "cf7d0f384cfb35f4d2824f5dd380623a26bf180b63961c619dcdb20cae406f22" + + "f6e276c80a37259490cfeb72c1a71a84f1846d330877ba3e3101ec9c7b020111" + ), + data: util.hex2abv( + "c7f5270fca725f9bd19f519a8d7cca3cc5c079024029f3bae510f9b02140fe23" + + "8908e4f6c18f07a89c687c8684669b1f1db2baf9251a3c829faccb493084e16e" + + "c9e28d58868074a5d6221667dd6e528d16fe2c9f3db4cfaf6c4dce8c8439af38" + + "ceaaaa9ce2ecae7bc8f4a5a55e3bf96df9cd575c4f9cb327951b8cdfe4087168" + ), + sig: util.hex2abv( + "8ffc38f9b820ef6b080fd2ec7de5626c658d79056f3edf610a295b7b0546f73e" + + "01ffdf4d0070ebf79c33fd86c2d608be9438b3d420d09535b97cd3d846ecaf8f" + + "6551cdf93197e9f8fb048044473ab41a801e9f7fc983c62b324361dade9f71a6" + + "5952bd35c59faaa4d6ff462f68a6c4ec0b428aa47336f2178aeb276136563b7d" + ), + saltLength: 10 + }, + + key_wrap_known_answer: { + key: util.hex2abv("0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a"), + wrapping_key: util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"), + wrapping_iv: util.hex2abv("0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c"), + wrapped_key: util.hex2abv("9ed0283a9a2b7e4292ebc5135e6342cc" + + "8a7f65802a1f6fd41bd3251c4da0c138") + }, + + // AES Key Wrap + // From RFC 3394, "Wrap 128 bits of Key Data with a 256-bit KEK" + // http://tools.ietf.org/html/rfc3394#section-4.3 + aes_kw: { + wrapping_key: { + kty: "oct", + alg: "A256KW", + k: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8" + }, + key: { + kty: "oct", + k: "ABEiM0RVZneImaq7zN3u_w" + }, + wrapped_key: util.hex2abv("64e8c3f9ce0f5ba263e9777905818a2a"+ + "93c8191e7d6e8ae7") + }, + + // RFC 6070 <http://tools.ietf.org/html/rfc6070> + pbkdf2_sha1: { + password: new TextEncoder("utf-8").encode("passwordPASSWORDpassword"), + salt: new TextEncoder("utf-8").encode("saltSALTsaltSALTsaltSALTsaltSALTsalt"), + iterations: 4096, + length: 25 * 8, + + derived: util.hex2abv( + "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038" + ), + + jwk: { + kty: "oct", + k: "cGFzc3dvcmRQQVNTV09SRHBhc3N3b3Jk" + } + }, + + // https://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors + pbkdf2_sha256: { + password: new TextEncoder("utf-8").encode("passwordPASSWORDpassword"), + salt: new TextEncoder("utf-8").encode("saltSALTsaltSALTsaltSALTsaltSALTsalt"), + iterations: 4096, + length: 40 * 8, + + derived: util.hex2abv( + "348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1" + + "c635518c7dac47e9" + ) + }, + + pbkdf2_sha256_no_salt: { + password: util.hex2abv( + "9c13a23bc58a52be8bb4fa1a2cbdff01747265736f7269745f64625f7265636f72645f6964"), + length: 32 * 8, + iterations: 1, + + derived: util.hex2abv( + "ef29dd382fa66a83a95be7ccfb71f1ccfee494977855a4c260d90c2f8c91e062") + }, + + broken_pkcs8: { + // A DH key with parameters p and g, and a private value. + // This currently fails the key import due to the missing public value. + // <https://stackoverflow.com/questions/6032675/diffie-hellman-test-vectors> + dh: util.hex2abv( + "308201340201003082011506072a8648ce3e02013082010802818100da3a8085" + + "d372437805de95b88b675122f575df976610c6a844de99f1df82a06848bf7a42" + + "f18895c97402e81118e01a00d0855d51922f434c022350861d58ddf60d65bc69" + + "41fc6064b147071a4c30426d82fc90d888f94990267c64beef8c304a4b2b26fb" + + "93724d6a9472fa16bc50c5b9b8b59afb62cfe9ea3ba042c73a6ade3502818100" + + "a51883e9ac0539859df3d25c716437008bb4bd8ec4786eb4bc643299daef5e3e" + + "5af5863a6ac40a597b83a27583f6a658d408825105b16d31b6ed088fc623f648" + + "fd6d95e9cefcb0745763cddf564c87bcf4ba7928e74fd6a3080481f588d535e4" + + "c026b58a21e1e5ec412ff241b436043e29173f1dc6cb943c09742de989547288" + + "0416021442c6ee70beb7465928a1efe692d2281b8f7b53d6" + ) + }, + + // KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_init.fax [EC] + // <http://csrc.nist.gov/groups/STM/cavp/documents/keymgmt/kastestvectors.zip> + ecdh_p256: { + jwk_pub: { + kty: "EC", + crv: "P-256", + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8" + }, + + jwk_priv: { + kty: "EC", + crv: "P-256", + d: "qq_LEzeJpR00KM5DQvL2MNtJcbi0KcGVcoPIHNnwm2A", + x: "FNwJHA-FwnSx5tKXFV_iLN408gbKUHRV06WnQlzTdN4", + y: "is9pWAaneK4RdxmdLfsq5IwizDmUS2w8OGS99sKm3ek" + }, + + // vector with algorithm = id-ecDH + spki: util.hex2abv( + "3056301006042b81047006082a8648ce3d030107034200045ce7b86e3b326604" + + "03e63712ef0998deae1027faec3c1be9f76f934dfeb58e98f4cf075b39405dd1" + + "f1adeb090107edcfb2b4963739d87679e3056cb0557d0adf" + ), + + // vector with algorithm = id-ecPublicKey + spki_id_ecpk: util.hex2abv( + "3059301306072a8648ce3d020106082a8648ce3d030107034200045ce7b86e3b" + + "32660403e63712ef0998deae1027faec3c1be9f76f934dfeb58e98f4cf075b39" + + "405dd1f1adeb090107edcfb2b4963739d87679e3056cb0557d0adf" + ), + + raw: util.hex2abv( + "045ce7b86e3b32660403e63712ef0998deae1027faec3c1be9f76f934dfeb58e" + + "98f4cf075b39405dd1f1adeb090107edcfb2b4963739d87679e3056cb0557d0adf" + ), + + secret: util.hex2abv( + "35669cd5c244ba6c1ea89b8802c3d1db815cd769979072e6556eb98548c65f7d" + ) + }, + + // KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_init.fax [ED] + // <http://csrc.nist.gov/groups/STM/cavp/documents/keymgmt/kastestvectors.zip> + ecdh_p384: { + jwk_pub: { + kty: "EC", + crv: "P-384", + x: "YoV6fhCph4kyt7sUkqiZOtbRs0rF6etPqlnrn1nzSB95NElaw4uTK7Pn2nlFFqqH", + y: "bf3tRz6icq3-W6hhmoqDTBKjdOQUJ5xHr5kX4X-h5MZk_P_nCrG3IUVl1SAbhWDw" + }, + + jwk_priv: { + kty: "EC", + crv: "P-384", + d: "RT8f0pRw4CL1Tgk4rwuNnNbFoQBNTTBkr7WVLLm4fDA3boYZpNB_t-rbMVLx0CRp", + x: "_XwhXRnOzEfCsWIRCz3QLClaDkigQFvXmqYNdh_7vJdADykPbfGi1VgAu3XJdXoD", + y: "S1P_FBCXYGE-5VPvTCRnFT7bPIPmUPV9qKTM24TQFYEUgIDfzCLsyGCWK-rhP6jU" + }, + + secret: util.hex2abv( + "a3d28aa18f905a48a5f166b4ddbf5f6b499e43858ccdd80b869946aba2c5d461" + + "db6a1e5b1137687801878ff0f8d9a7b3" + ) + }, + + // KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_init.fax [EE] + // <http://csrc.nist.gov/groups/STM/cavp/documents/keymgmt/kastestvectors.zip> + ecdh_p521: { + jwk_pub: { + kty: "EC", + crv: "P-521", + x: "AeCLgRZ-BPqfhq4jt409-E26VHW5l29q74cHbIbQiS_-Gcqdo-087jHdPXUksGpr" + + "Nyp_RcTZd94t3peXzQziQIqo", + y: "AZIAp8QVnU9hBOkLScv0dy540uGtBWHkWj4DGh-Exh4iWZ0E-YBS8-HVx2eB-nfG" + + "AGEy4-BzfpFFlfidOS1Tg77J" + }, + + jwk_priv: { + kty: "EC", + crv: "P-521", + d: "ABtsfkDGFarQU4kb7e2gPszGCTT8GLDaaJbFQenFZce3qp_dh0qZarXHKBZ-BVic" + + "NeIW5Sk661UoNfwykSvmh77S", + x: "AcD_6Eb4A-8QdUM70c6F0WthN1kvV4fohS8QHbod6B4y1ZDU54mQuCR-3IBjcV1c" + + "oh18uxbyUn5szMuCgjZUiD0y", + y: "AU3WKJffztkhAQetBXaLvUSIHa87HMn8vZFB04lWipH-SrsrAu_4N-6iam0OD4EJ" + + "0kOMH8iEh7yuivaKsFRzm2-m" + }, + + secret: util.hex2abv( + "00561eb17d856552c21b8cbe7d3d60d1ea0db738b77d4050fa2dbd0773edc395" + + "09854d9e30e843964ed3fd303339e338f31289120a38f94e9dc9ff7d4b3ea8f2" + + "5e01" + ) + }, + + // Some test vectors that we should fail to import. + ecdh_p256_negative: { + // The given curve doesn't exist / isn't supported. + jwk_bad_crv: { + kty: "EC", + crv: "P-123", + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8" + }, + + // The crv parameter is missing. + jwk_missing_crv: { + kty: "EC", + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8" + }, + + // The X coordinate is missing. + jwk_missing_x: { + kty: "EC", + crv: "P-256", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8" + }, + + // The Y coordinate is missing. + jwk_missing_y: { + kty: "EC", + crv: "P-256", + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + }, + + // Public point with Y not on the curve. + raw_bad: util.hex2abv( + "045ce7b86e3b32660403e63712ef0998deae1027faec3c1be9f76f934dfeb58e" + + "98f4cf075b39405dd1f1adeb090106edcfb2b4963739d87679e3056cb0557d0adf" + ), + + // Public point with Y a little too short. + raw_short: util.hex2abv( + "045ce7b86e3b32660403e63712ef0998deae1027faec3c1be9f76f934dfeb58e" + + "98f4cf075b39405dd1f1adeb090107edcfb2b4963739d87679e3056cb0557d0a" + ), + + // Public point with Y a little too long. + raw_long: util.hex2abv( + "045ce7b86e3b32660403e63712ef0998deae1027faec3c1be9f76f934dfeb58e" + + "98f4cf075b39405dd1f1adeb090107edcfb2b4963739d87679e3056cb0557d0adfff" + ), + + // Public point with EC_POINT_FORM_COMPRESSED_Y0. + raw_compressed: util.hex2abv( + "025ce7b86e3b32660403e63712ef0998deae1027faec3c1be9f76f934dfeb58e" + + "98f4cf075b39405dd1f1adeb090107edcfb2b4963739d87679e3056cb0557d0adf" + ) + }, + + // NIST ECDSA test vectors + // http://csrc.nist.gov/groups/STM/cavp/index.html + ecdsa_verify: { + pub_jwk: { + "kty": "EC", + "crv": "P-521", + + // 0061387fd6b95914e885f912edfbb5fb274655027f216c4091ca83e19336740fd8 + // 1aedfe047f51b42bdf68161121013e0d55b117a14e4303f926c8debb77a7fdaad1 + "x": "AGE4f9a5WRTohfkS7fu1-ydGVQJ_IWxAkcqD4ZM2dA_Y" + + "Gu3-BH9RtCvfaBYRIQE-DVWxF6FOQwP5Jsjeu3en_arR", + // 00e7d0c75c38626e895ca21526b9f9fdf84dcecb93f2b233390550d2b1463b7ee3 + // f58df7346435ff0434199583c97c665a97f12f706f2357da4b40288def888e59e6 + "y": "AOfQx1w4Ym6JXKIVJrn5_fhNzsuT8rIzOQVQ0rFGO37j" + + "9Y33NGQ1_wQ0GZWDyXxmWpfxL3BvI1faS0Aoje-Ijlnm", + }, + + raw: util.hex2abv( + "040061387fd6b95914e885f912edfbb5fb274655027f216c4091ca83e19336740fd" + + "81aedfe047f51b42bdf68161121013e0d55b117a14e4303f926c8debb77a7fdaad1" + + "00e7d0c75c38626e895ca21526b9f9fdf84dcecb93f2b233390550d2b1463b7ee3f" + + "58df7346435ff0434199583c97c665a97f12f706f2357da4b40288def888e59e6" + ), + + "data": util.hex2abv( + "9ecd500c60e701404922e58ab20cc002651fdee7cbc9336adda33e4c1088fab1" + + "964ecb7904dc6856865d6c8e15041ccf2d5ac302e99d346ff2f686531d255216" + + "78d4fd3f76bbf2c893d246cb4d7693792fe18172108146853103a51f824acc62" + + "1cb7311d2463c3361ea707254f2b052bc22cb8012873dcbb95bf1a5cc53ab89f" + ), + "sig": util.hex2abv( + "004de826ea704ad10bc0f7538af8a3843f284f55c8b946af9235af5af74f2b76e0" + + "99e4bc72fd79d28a380f8d4b4c919ac290d248c37983ba05aea42e2dd79fdd33e8" + + "0087488c859a96fea266ea13bf6d114c429b163be97a57559086edb64aed4a1859" + + "4b46fb9efc7fd25d8b2de8f09ca0587f54bd287299f47b2ff124aac566e8ee3b43" + ), + + // Same as "sig", but with the last few octets set to 0 + "sig_tampered": util.hex2abv( + "004de826ea704ad10bc0f7538af8a3843f284f55c8b946af9235af5af74f2b76e0" + + "99e4bc72fd79d28a380f8d4b4c919ac290d248c37983ba05aea42e2dd79fdd33e8" + + "0087488c859a96fea266ea13bf6d114c429b163be97a57559086edb64aed4a1859" + + "4b46fb9efc7fd25d8b2de8f09ca0587f54bd287299f47b2ff124aac56600000000" + ) + }, + + ecdsa_bad: { + pub_jwk: { + "kty": "EC", + "crv": "P-521", + "x": "BhOH_WuVkU6IX5Eu37tfsnRlUCfyFsQJHKg-GTNnQP2B" + + "rt_gR_UbQr32gWESEBPg1VsRehTkMD-SbI3rt3p_2q0B", + "y": "AUNouOdGgHsraPNhXNeNdhpGTd15GPyN9R0iWWL98ePc" + + "JD4mUQD/DsEzNZ4zLkTdSa/Y5fOP6GEzVzQy0zwC+goD" + } + }, + + // RFC 2409 <http://tools.ietf.org/html/rfc2409#section-6.2> + dh: { + prime: util.hex2abv( + "ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74" + + "020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f1437" + + "4fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7ed" + + "ee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381ffffffffffffffff" + ), + + prime2: util.hex2abv( + "8b79f180cbd3f282de92e8b8f2d092674ffda61f01ed961f8ef04a1b7a3709ff" + + "748c2abf6226cf0c4538e48838193da456e92ee530ef7aa703e741585e475b26" + + "cd64fa97819181cef27de2449cd385c49c9b030f89873b5b7eaf063a788f00db" + + "3cb670c73846bc4f76af062d672bde8f29806b81548411ab48b99aebfd9c2d09" + ), + }, + + // KASValidityTest_FFCStatic_NOKC_ZZOnly_resp.fax [FA] + // <http://csrc.nist.gov/groups/STM/cavp/documents/keymgmt/kastestvectors.zip> + dh_nist: { + prime: util.hex2abv( + "8b79f180cbd3f282de92e8b8f2d092674ffda61f01ed961f8ef04a1b7a3709ff" + + "748c2abf6226cf0c4538e48838193da456e92ee530ef7aa703e741585e475b26" + + "cd64fa97819181cef27de2449cd385c49c9b030f89873b5b7eaf063a788f00db" + + "3cb670c73846bc4f76af062d672bde8f29806b81548411ab48b99aebfd9c2d09" + ), + + gen: util.hex2abv( + "029843c81d0ea285c41a49b1a2f8e11a56a4b39040dfbc5ec040150c16f72f87" + + "4152f9c44c659d86f7717b2425b62597e9a453b13da327a31cde2cced6009152" + + "52d30262d1e54f4f864ace0e484f98abdbb37ebb0ba4106af5f0935b744677fa" + + "2f7f3826dcef3a1586956105ebea805d871f34c46c25bc30fc66b2db26cb0a93" + ), + + raw: util.hex2abv( + "4fc9904887ac7fabff87f054003547c2d9458c1f6f584c140d7271f8b266bb39" + + "0af7e3f625a629bec9c6a057a4cbe1a556d5e3eb2ff1c6ff677a08b0c7c50911" + + "0b9e7c6dbc961ca4360362d3dbcffc5bf2bb7207e0a5922f77cf5464b316aa49" + + "fb62b338ebcdb30bf573d07b663bb7777b69d6317df0a4f636ba3d9acbf9e8ac" + ), + + spki: util.hex2abv( + "308201a33082011806092a864886f70d01030130820109028181008b79f180cb" + + "d3f282de92e8b8f2d092674ffda61f01ed961f8ef04a1b7a3709ff748c2abf62" + + "26cf0c4538e48838193da456e92ee530ef7aa703e741585e475b26cd64fa9781" + + "9181cef27de2449cd385c49c9b030f89873b5b7eaf063a788f00db3cb670c738" + + "46bc4f76af062d672bde8f29806b81548411ab48b99aebfd9c2d090281800298" + + "43c81d0ea285c41a49b1a2f8e11a56a4b39040dfbc5ec040150c16f72f874152" + + "f9c44c659d86f7717b2425b62597e9a453b13da327a31cde2cced600915252d3" + + "0262d1e54f4f864ace0e484f98abdbb37ebb0ba4106af5f0935b744677fa2f7f" + + "3826dcef3a1586956105ebea805d871f34c46c25bc30fc66b2db26cb0a930000" + + "038184000281804fc9904887ac7fabff87f054003547c2d9458c1f6f584c140d" + + "7271f8b266bb390af7e3f625a629bec9c6a057a4cbe1a556d5e3eb2ff1c6ff67" + + "7a08b0c7c509110b9e7c6dbc961ca4360362d3dbcffc5bf2bb7207e0a5922f77" + + "cf5464b316aa49fb62b338ebcdb30bf573d07b663bb7777b69d6317df0a4f636" + + "ba3d9acbf9e8ac" + ) + }, + + // Taken from appendix A of RFC 5869. + // <https://tools.ietf.org/html/rfc5869> + hkdf: [ + { + prf: "SHA-256", + key: util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"), + salt: util.hex2abv("000102030405060708090a0b0c"), + info: util.hex2abv("f0f1f2f3f4f5f6f7f8f9"), + data: util.hex2abv( + "3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf" + + "34007208d5b887185865" + ), + jwk: { + kty: "oct", + k: "CwsLCwsLCwsLCwsLCwsLCwsLCwsLCw" + } + }, + { + prf: "SHA-256", + key: util.hex2abv( + "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" + + "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f" + + "404142434445464748494a4b4c4d4e4f" + ), + salt: util.hex2abv( + "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f" + + "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f" + + "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf" + ), + info: util.hex2abv( + "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf" + + "d0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef" + + "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff" + ), + data: util.hex2abv( + "b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c" + + "59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71" + + "cc30c58179ec3e87c14c01d5c1f3434f1d87" + ) + }, + { + prf: "SHA-256", + key: util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"), + salt: util.hex2abv(""), + info: util.hex2abv(""), + data: util.hex2abv( + "8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d" + + "9d201395faa4b61a96c8" + ) + }, + { + prf: "SHA-1", + key: util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b"), + salt: util.hex2abv("000102030405060708090a0b0c"), + info: util.hex2abv("f0f1f2f3f4f5f6f7f8f9"), + data: util.hex2abv( + "085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2" + + "c22e422478d305f3f896" + ) + }, + { + prf: "SHA-1", + key: util.hex2abv( + "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" + + "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f" + + "404142434445464748494a4b4c4d4e4f" + ), + salt: util.hex2abv( + "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f" + + "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f" + + "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf" + ), + info: util.hex2abv( + "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf" + + "d0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef" + + "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff" + ), + data: util.hex2abv( + "0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe" + + "8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e" + + "927336d0441f4c4300e2cff0d0900b52d3b4" + ) + }, + { + prf: "SHA-1", + key: util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"), + salt: util.hex2abv(""), + info: util.hex2abv(""), + data: util.hex2abv( + "0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0" + + "ea00033de03984d34918" + ) + }, + { + prf: "SHA-1", + key: util.hex2abv("0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c"), + salt: util.hex2abv(""), + info: util.hex2abv(""), + data: util.hex2abv( + "2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5" + + "673a081d70cce7acfc48" + ) + } + ] +} diff --git a/dom/crypto/test/test-worker.js b/dom/crypto/test/test-worker.js new file mode 100644 index 000000000..02f248fae --- /dev/null +++ b/dom/crypto/test/test-worker.js @@ -0,0 +1,44 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +importScripts("util.js"); +importScripts("test-vectors.js"); + +var window = this; + +function finish(result) { + postMessage(result); +} + +function complete(test, valid) { + return function(x) { + if (valid) { + finish(valid(x)); + } else { + finish(true); + } + }; +} + +function memcmp_complete(test, value) { + return function (x) { + finish(util.memcmp(x, value)); + }; +} + +function error(test) { + return function (x) { + throw x; + }; +} + +onmessage = function (msg) { + var test = eval("(" + msg.data + ")"); + + try { + test.call({complete: finish}); + } catch (err) { + error(`Failed to run worker test: ${err}\n`); + } +}; diff --git a/dom/crypto/test/test_WebCrypto.css b/dom/crypto/test/test_WebCrypto.css new file mode 100644 index 000000000..ab84d1b1a --- /dev/null +++ b/dom/crypto/test/test_WebCrypto.css @@ -0,0 +1,86 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +body { + font-family: Helvetica Neue, Helvetica, Trebuchet MS, Sans-serif; + font-size: 12pt; + text-align: center; +} + +a { + color: #FF9500; + text-decoration: none; +} + +a:hover { + text-decoration: underline; +} + +#content { + width: 50em; + margin-left: auto; + margin-right: auto; + text-align: left; +} + +#head { + font-family: Helvetica Neue, Helvetica, Trebuchet MS, Sans-serif; + font-size: 300%; + font-weight: lighter; + padding: .2ex; + padding-bottom: 0ex; + margin-bottom: .5ex; + border-bottom: 10px solid #FF9500; +} +#head b { + font-weight: bold; + color: #FF9500; +} + +div.content { + font-family: Helvetica Neue, Helvetica, Trebuchet MS, Sans-serif; + color: #000; + margin: 2ex; +} + +#foot { + border-bottom: 1ex solid #FF9500; + margin-top: 2ex; +} + +/*------------------------------------------*/ + +#start { + background: #FF9500; + color: #fff; + text-align: center; + font-weight: bold; + padding: 1em 0 1em 0; + width: 50em; + cursor: pointer; +} + + +#results { + text-align: left; + width: 48em; + border: 1px solid black; +} + +.pass { + font-weight: bold; + color: #00539F; +} + +.fail { + font-weight: bold; + color: #FF9500; +} + +.pending { + font-weight: bold; + color: #666; +} + + diff --git a/dom/crypto/test/test_WebCrypto.html b/dom/crypto/test/test_WebCrypto.html new file mode 100644 index 000000000..6dd22d88f --- /dev/null +++ b/dom/crypto/test/test_WebCrypto.html @@ -0,0 +1,1077 @@ +<!DOCTYPE html> +<html> + +<head> +<title>WebCrypto Test Suite</title> +<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> +<link rel="stylesheet" href="./test_WebCrypto.css"/> +<script src="/tests/SimpleTest/SimpleTest.js"></script> + +<!-- Utilities for manipulating ABVs --> +<script src="util.js"></script> + +<!-- A simple wrapper around IndexedDB --> +<script src="simpledb.js"></script> + +<!-- Test vectors drawn from the literature --> +<script src="./test-vectors.js"></script> + +<!-- General testing framework --> +<script src="./test-array.js"></script> + +<script>/*<![CDATA[*/ +"use strict"; + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Test for presence of WebCrypto API methods", + function() { + var that = this; + this.complete( + exists(window.crypto.subtle) && + exists(window.crypto.subtle.encrypt) && + exists(window.crypto.subtle.decrypt) && + exists(window.crypto.subtle.sign) && + exists(window.crypto.subtle.verify) && + exists(window.crypto.subtle.digest) && + exists(window.crypto.subtle.importKey) && + exists(window.crypto.subtle.exportKey) && + exists(window.crypto.subtle.generateKey) && + exists(window.crypto.subtle.deriveKey) && + exists(window.crypto.subtle.deriveBits) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Clean failure on a mal-formed algorithm", + function() { + var that = this; + var alg = { + get name() { + throw "Oh no, no name!"; + } + }; + + crypto.subtle.importKey("raw", tv.raw, alg, true, ["encrypt"]) + .then( + error(that), + complete(that, function(x) { return true; }) + ); + } +) + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Import / export round-trip with 'raw'", + function() { + var that = this; + var alg = "AES-GCM"; + + function doExport(x) { + if (!hasKeyFields(x)) { + throw "Invalid key; missing field(s)"; + } else if ((x.algorithm.name != alg) || + (x.algorithm.length != 8 * tv.raw.length) || + (x.type != "secret") || + (!x.extractable) || + (x.usages.length != 1) || + (x.usages[0] != 'encrypt')){ + throw "Invalid key: incorrect key data"; + } + return crypto.subtle.exportKey("raw", x); + } + + crypto.subtle.importKey("raw", tv.raw, alg, true, ["encrypt"]) + .then(doExport) + .then( + memcmp_complete(that, tv.raw), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Import failure with format 'raw'", + function() { + var that = this; + var alg = "AES-GCM"; + + crypto.subtle.importKey("raw", tv.negative_raw, alg, true, ["encrypt"]) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Proper handling of an ABV representing part of a buffer", + function() { + var that = this; + var alg = "AES-GCM"; + + var u8 = new Uint8Array([0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f]); + var u32 = new Uint32Array(u8.buffer, 8, 4); + var out = u8.subarray(8, 24) + + function doExport(x) { + return crypto.subtle.exportKey("raw", x); + } + + crypto.subtle.importKey("raw", u32, alg, true, ["encrypt"]) + .then(doExport, error(that)) + .then(memcmp_complete(that, out), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Import / export round-trip with 'pkcs8'", + function() { + var that = this; + var alg = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-1" }; + + function doExport(x) { + if (!hasKeyFields(x)) { + throw "Invalid key; missing field(s)"; + } else if ((x.algorithm.name != alg.name) || + (x.algorithm.hash.name != alg.hash) || + (x.algorithm.modulusLength != 512) || + (x.algorithm.publicExponent.byteLength != 3) || + (x.type != "private") || + (!x.extractable) || + (x.usages.length != 1) || + (x.usages[0] != 'sign')){ + throw "Invalid key: incorrect key data"; + } + return crypto.subtle.exportKey("pkcs8", x); + } + + crypto.subtle.importKey("pkcs8", tv.pkcs8, alg, true, ["sign"]) + .then(doExport) + .then( + memcmp_complete(that, tv.pkcs8), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Import failure with format 'pkcs8'", + function() { + var that = this; + var alg = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-1" }; + + crypto.subtle.importKey("pkcs8", tv.negative_pkcs8, alg, true, ["encrypt"]) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Import / export round-trip with 'spki'", + function() { + var that = this; + var alg = { + name: "RSASSA-PKCS1-v1_5", + hash: "SHA-256" + }; + + function doExport(x) { + if (!hasKeyFields(x)) { + throw "Invalid key; missing field(s)"; + } else if ((x.algorithm.name != alg.name) || + (x.algorithm.modulusLength != 1024) || + (x.algorithm.publicExponent.byteLength != 3) || + (x.type != "public") || + (!x.extractable) || + (x.usages.length != 1) || + (x.usages[0] != 'verify')){ + throw "Invalid key: incorrect key data"; + } + return crypto.subtle.exportKey("spki", x); + } + + crypto.subtle.importKey("spki", tv.spki, alg, true, ["verify"]) + .then(doExport, error(that)) + .then( + memcmp_complete(that, tv.spki), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Import failure with format 'spki'", + function() { + var that = this; + var alg = { + name: "RSASSA-PKCS1-v1_5", + hash: "SHA-256" + }; + + crypto.subtle.importKey("spki", tv.negative_spki, alg, true, ["encrypt"]) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Refuse to export non-extractable key", + function() { + var that = this; + var alg = "AES-GCM"; + + function doExport(x) { + return crypto.subtle.exportKey("raw", x); + } + + crypto.subtle.importKey("raw", tv.raw, alg, false, ["encrypt"]) + .then(doExport, error(that)) + .then( + error(that), + complete(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "IndexedDB store / retrieve round-trip", + function() { + var that = this; + var alg = "AES-GCM"; + var importedKey; + var dbname = "keyDB"; + var dbstore = "keystore"; + var dbversion = 1; + var dbkey = 0; + var db; + + function doIndexedDB(x) { + importedKey = x; + var req = indexedDB.deleteDatabase(dbname); + req.onerror = error(that); + req.onsuccess = doCreateDB; + } + + function doCreateDB() { + var req = indexedDB.open(dbname, dbversion); + req.onerror = error(that); + req.onupgradeneeded = function(e) { + db = e.target.result; + db.createObjectStore(dbstore, {keyPath: "id"}); + } + + req.onsuccess = doPut; + } + + function doPut() { + var req = db.transaction([dbstore], "readwrite") + .objectStore(dbstore) + .add({id: dbkey, val: importedKey}); + req.onerror = error(that); + req.onsuccess = doGet; + } + + function doGet() { + var req = db.transaction([dbstore], "readwrite") + .objectStore(dbstore) + .get(dbkey); + req.onerror = error(that); + req.onsuccess = complete(that, function(e) { + db.close(); + return hasKeyFields(e.target.result.val); + }); + } + + crypto.subtle.importKey("raw", tv.raw, alg, false, ['encrypt']) + .then(doIndexedDB, error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Generate a 256-bit HMAC-SHA-256 key", + function() { + var that = this; + var alg = { name: "HMAC", length: 256, hash: {name: "SHA-256"} }; + crypto.subtle.generateKey(alg, true, ["sign", "verify"]).then( + complete(that, function(x) { + return hasKeyFields(x) && x.algorithm.length == 256; + }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Generate a 256-bit HMAC-SHA-256 key without specifying a key length", + function() { + var that = this; + var alg = { name: "HMAC", hash: {name: "SHA-256"} }; + crypto.subtle.generateKey(alg, true, ["sign", "verify"]).then( + complete(that, function(x) { + return hasKeyFields(x) && x.algorithm.length == 512; + }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Generate a 256-bit HMAC-SHA-512 key without specifying a key length", + function() { + var that = this; + var alg = { name: "HMAC", hash: {name: "SHA-512"} }; + crypto.subtle.generateKey(alg, true, ["sign", "verify"]).then( + complete(that, function(x) { + return hasKeyFields(x) && x.algorithm.length == 1024; + }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Fail generating an HMAC key when specifying an invalid hash algorithm", + function() { + var that = this; + var alg = { name: "HMAC", hash: {name: "SHA-123"} }; + crypto.subtle.generateKey(alg, true, ["sign", "verify"]).then( + error(that), + complete(that, function() { return true; }) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Fail generating an HMAC key when specifying a zero length", + function() { + var that = this; + var alg = { name: "HMAC", hash: {name: "SHA-256"}, length: 0 }; + crypto.subtle.generateKey(alg, true, ["sign", "verify"]).then( + error(that), + complete(that, function() { return true; }) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Generate a 192-bit AES key", + function() { + var that = this; + var alg = { name: "AES-GCM", length: 192 }; + crypto.subtle.generateKey(alg, true, ["encrypt"]).then( + complete(that, function(x) { + return hasKeyFields(x); + }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Generate a 1024-bit RSA key", + function() { + var that = this; + var alg = { + name: "RSASSA-PKCS1-v1_5", + hash: "SHA-256", + modulusLength: 1024, + publicExponent: new Uint8Array([0x01, 0x00, 0x01]) + }; + crypto.subtle.generateKey(alg, false, ["sign", "verify"]).then( + complete(that, function(x) { + return exists(x.publicKey) && + (x.publicKey.algorithm.name == alg.name) && + (x.publicKey.algorithm.modulusLength == alg.modulusLength) && + (x.publicKey.type == "public") && + x.publicKey.extractable && + (x.publicKey.usages.length == 1) && + (x.publicKey.usages[0] == "verify") && + exists(x.privateKey) && + (x.privateKey.algorithm.name == alg.name) && + (x.privateKey.algorithm.modulusLength == alg.modulusLength) && + (x.privateKey.type == "private") && + !x.privateKey.extractable && + (x.privateKey.usages.length == 1) && + (x.privateKey.usages[0] == "sign"); + }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Fail cleanly when NSS refuses to generate a key pair", + function() { + var that = this; + var alg = { + name: "RSASSA-PKCS1-v1_5", + hash: "SHA-256", + modulusLength: 2299, // NSS does not like this key length + publicExponent: new Uint8Array([0x01, 0x00, 0x01]) + }; + + crypto.subtle.generateKey(alg, false, ["sign"]) + .then( error(that), complete(that) ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "SHA-256 digest", + function() { + var that = this; + crypto.subtle.digest("SHA-256", tv.sha256.data).then( + memcmp_complete(that, tv.sha256.result), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Fail cleanly on unknown hash algorithm", + function() { + var that = this; + crypto.subtle.digest("GOST-34_311-95", tv.sha256.data).then( + error(that), + complete(that, function() { return true; }) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "AES-CBC encrypt", + function () { + var that = this; + + function doEncrypt(x) { + return crypto.subtle.encrypt( + { name: "AES-CBC", iv: tv.aes_cbc_enc.iv }, + x, tv.aes_cbc_enc.data); + } + + crypto.subtle.importKey("raw", tv.aes_cbc_enc.key, "AES-CBC", false, ['encrypt']) + .then(doEncrypt) + .then( + memcmp_complete(that, tv.aes_cbc_enc.result), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "AES-CBC encrypt with wrong IV size", + function () { + var that = this; + + function encrypt(x, iv) { + return crypto.subtle.encrypt( + { name: "AES-CBC", iv: iv }, + x, tv.aes_cbc_enc.data); + } + + function doEncrypt(x) { + return encrypt(x, new Uint8Array(15)) + .then( + null, + function () { return encrypt(new Uint8Array(17)); } + ); + } + + crypto.subtle.importKey("raw", tv.aes_cbc_enc.key, "AES-CBC", false, ['encrypt']) + .then(doEncrypt) + .then( + error(that), + complete(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "AES-CBC decrypt", + function () { + var that = this; + + function doDecrypt(x) { + return crypto.subtle.decrypt( + { name: "AES-CBC", iv: tv.aes_cbc_dec.iv }, + x, tv.aes_cbc_dec.data); + } + + crypto.subtle.importKey("raw", tv.aes_cbc_dec.key, "AES-CBC", false, ['decrypt']) + .then(doDecrypt) + .then( + memcmp_complete(that, tv.aes_cbc_dec.result), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "AES-CBC decrypt with wrong IV size", + function () { + var that = this; + + function decrypt(x, iv) { + return crypto.subtle.decrypt( + { name: "AES-CBC", iv: iv }, + x, tv.aes_cbc_dec.data); + } + + function doDecrypt(x) { + return decrypt(x, new Uint8Array(15)) + .then( + null, + function () { return decrypt(x, new Uint8Array(17)); } + ); + } + + crypto.subtle.importKey("raw", tv.aes_cbc_dec.key, "AES-CBC", false, ['decrypt']) + .then(doDecrypt) + .then( + error(that), + complete(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "AES-CTR encryption", + function () { + var that = this; + + function doEncrypt(x) { + return crypto.subtle.encrypt( + { name: "AES-CTR", counter: tv.aes_ctr_enc.iv, length: 32 }, + x, tv.aes_ctr_enc.data); + } + + crypto.subtle.importKey("raw", tv.aes_ctr_enc.key, "AES-CTR", false, ['encrypt']) + .then(doEncrypt) + .then( + memcmp_complete(that, tv.aes_ctr_enc.result), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "AES-CTR encryption with wrong IV size", + function () { + var that = this; + + function encrypt(x, iv) { + return crypto.subtle.encrypt( + { name: "AES-CTR", counter: iv, length: 32 }, + x, tv.aes_ctr_enc.data); + } + + function doEncrypt(x) { + return encrypt(x, new Uint8Array(15)) + .then( + null, + function () { return encrypt(x, new Uint8Array(17)); } + ); + } + + crypto.subtle.importKey("raw", tv.aes_ctr_enc.key, "AES-CTR", false, ['encrypt']) + .then(doEncrypt) + .then( + error(that), + complete(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "AES-CTR decryption", + function () { + var that = this; + + function doDecrypt(x) { + return crypto.subtle.decrypt( + { name: "AES-CTR", counter: tv.aes_ctr_dec.iv, length: 32 }, + x, tv.aes_ctr_dec.data); + } + + crypto.subtle.importKey("raw", tv.aes_ctr_dec.key, "AES-CTR", false, ['decrypt']) + .then(doDecrypt) + .then( + memcmp_complete(that, tv.aes_ctr_dec.result), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "AES-CTR decryption with wrong IV size", + function () { + var that = this; + + function doDecrypt(x, iv) { + return crypto.subtle.decrypt( + { name: "AES-CTR", counter: iv, length: 32 }, + x, tv.aes_ctr_dec.data); + } + + function decrypt(x) { + return decrypt(x, new Uint8Array(15)) + .then( + null, + function () { return decrypt(x, new Uint8Array(17)); } + ); + } + + crypto.subtle.importKey("raw", tv.aes_ctr_dec.key, "AES-CTR", false, ['decrypt']) + .then(doDecrypt) + .then( + error(that), + complete(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "AES-GCM encryption", + function () { + var that = this; + + function doEncrypt(x) { + return crypto.subtle.encrypt( + { + name: "AES-GCM", + iv: tv.aes_gcm_enc.iv, + additionalData: tv.aes_gcm_enc.adata, + tagLength: 128 + }, + x, tv.aes_gcm_enc.data); + } + + crypto.subtle.importKey("raw", tv.aes_gcm_enc.key, "AES-GCM", false, ['encrypt']) + .then(doEncrypt) + .then( + memcmp_complete(that, tv.aes_gcm_enc.result), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "AES-GCM decryption", + function () { + var that = this; + + function doDecrypt(x) { + return crypto.subtle.decrypt( + { + name: "AES-GCM", + iv: tv.aes_gcm_dec.iv, + additionalData: tv.aes_gcm_dec.adata, + tagLength: 128 + }, + x, tv.aes_gcm_dec.data); + } + + crypto.subtle.importKey("raw", tv.aes_gcm_dec.key, "AES-GCM", false, ['decrypt']) + .then(doDecrypt) + .then( + memcmp_complete(that, tv.aes_gcm_dec.result), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "AES-GCM decryption, failing authentication check", + function () { + var that = this; + + function doDecrypt(x) { + return crypto.subtle.decrypt( + { + name: "AES-GCM", + iv: tv.aes_gcm_dec_fail.iv, + additionalData: tv.aes_gcm_dec_fail.adata, + tagLength: 128 + }, + x, tv.aes_gcm_dec_fail.data); + } + + crypto.subtle.importKey("raw", tv.aes_gcm_dec_fail.key, "AES-GCM", false, ['decrypt']) + .then(doDecrypt) + .then( + error(that), + complete(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "HMAC SHA-256 sign", + function() { + var that = this; + var alg = { + name: "HMAC", + hash: "SHA-256" + } + + function doSign(x) { + return crypto.subtle.sign("HMAC", x, tv.hmac_sign.data); + } + + crypto.subtle.importKey("raw", tv.hmac_sign.key, alg, false, ['sign']) + .then(doSign) + .then( + memcmp_complete(that, tv.hmac_sign.result), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "HMAC SHA-256 verify", + function() { + var that = this; + var alg = { + name: "HMAC", + hash: "SHA-256" + } + + function doVerify(x) { + return crypto.subtle.verify("HMAC", x, tv.hmac_verify.sig, tv.hmac_verify.data); + } + + crypto.subtle.importKey("raw", tv.hmac_verify.key, alg, false, ['verify']) + .then(doVerify) + .then( + complete(that, function(x) { return !!x; }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "HMAC SHA-256, failing verification due to bad signature", + function() { + var that = this; + var alg = { + name: "HMAC", + hash: "SHA-256" + } + + function doVerify(x) { + return crypto.subtle.verify("HMAC", x, tv.hmac_verify.sig_fail, + tv.hmac_verify.data); + } + + crypto.subtle.importKey("raw", tv.hmac_verify.key, alg, false, ['verify']) + .then(doVerify) + .then( + complete(that, function(x) { return !x; }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "HMAC SHA-256, failing verification due to key usage restriction", + function() { + var that = this; + var alg = { + name: "HMAC", + hash: "SHA-256" + } + + function doVerify(x) { + return crypto.subtle.verify("HMAC", x, tv.hmac_verify.sig, + tv.hmac_verify.data); + } + + crypto.subtle.importKey("raw", tv.hmac_verify.key, alg, false, ['encrypt']) + .then(doVerify) + .then( + error(that), + complete(that, function(x) { return true; }) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSASSA/SHA-1 signature", + function () { + var that = this; + var alg = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-1" }; + + function doSign(x) { + return crypto.subtle.sign(alg.name, x, tv.rsassa.data); + } + + crypto.subtle.importKey("pkcs8", tv.rsassa.pkcs8, alg, false, ['sign']) + .then( doSign ) + .then( memcmp_complete(that, tv.rsassa.sig1), error(that) ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSASSA verification (SHA-1)", + function () { + var that = this; + var alg = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-1" }; + + function doVerify(x) { + return crypto.subtle.verify(alg.name, x, tv.rsassa.sig1, tv.rsassa.data); + } + + crypto.subtle.importKey("spki", tv.rsassa.spki, alg, false, ['verify']) + .then( doVerify ) + .then( + complete(that, function(x) { return x; }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSASSA verification (SHA-1), failing verification", + function () { + var that = this; + var alg = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-1" }; + + function doVerify(x) { + return crypto.subtle.verify(alg.name, x, tv.rsassa.sig_fail, tv.rsassa.data); + } + + crypto.subtle.importKey("spki", tv.rsassa.spki, alg, false, ['verify']) + .then( doVerify ) + .then( + complete(that, function(x) { return !x; }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSASSA/SHA-256 signature", + function () { + var that = this; + var alg = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }; + + function doSign(x) { + return crypto.subtle.sign(alg.name, x, tv.rsassa.data); + } + + crypto.subtle.importKey("pkcs8", tv.rsassa.pkcs8, alg, false, ['sign']) + .then( doSign ) + .then( memcmp_complete(that, tv.rsassa.sig256), error(that) ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSASSA verification (SHA-256)", + function () { + var that = this; + var alg = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }; + + function doVerify(x) { + return crypto.subtle.verify(alg.name, x, tv.rsassa.sig256, tv.rsassa.data); + } + + crypto.subtle.importKey("spki", tv.rsassa.spki, alg, false, ['verify']) + .then( doVerify ) + .then( + complete(that, function(x) { return x; }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSASSA verification (SHA-256), failing verification", + function () { + var that = this; + var alg = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }; + var use = ['sign', 'verify']; + + function doVerify(x) { + return crypto.subtle.verify(alg.name, x, tv.rsassa.sig_fail, tv.rsassa.data); + } + + crypto.subtle.importKey("spki", tv.rsassa.spki, alg, false, ['verify']) + .then( doVerify ) + .then( + complete(that, function(x) { return !x; }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Test that we return ArrayBuffers not ArrayBufferViews", + function() { + var that = this; + + crypto.subtle.digest("SHA-256", tv.sha256.data) + .then(complete(that, function (x) { + return x instanceof ArrayBuffer; + }), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Ensure that importing an invalid key doesn't crash", + function () { + var that = this; + // TODO Change the algorithm to "DH" once we support it. + var alg = {name: "RSA-OAEP", hash: "SHA-1"}; + + crypto.subtle.importKey("pkcs8", tv.broken_pkcs8.dh, alg, false, ["decrypt"]) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Test that we check keys before using them for encryption/signatures", + function() { + var that = this; + + function doCheckRSASSA() { + var alg = {name: "HMAC", hash: {name: "SHA-1"}}; + + function doSign(x) { + return crypto.subtle.sign("RSASSA-PKCS1-v1_5", x, new Uint8Array()); + } + + return crypto.subtle.generateKey(alg, false, ["sign"]).then(doSign); + } + + doCheckRSASSA().then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Test that we're using the right globals when creating objects", + function() { + // This test isn't supported in workers. + if (window.importScripts) { + return this.complete(true); + } + + var that = this; + var data = crypto.getRandomValues(new Uint8Array(10)); + var hmacAlg = {name: "HMAC", length: 256, hash: "SHA-1"}; + + var rsaAlg = { + name: "RSA-PSS", + hash: "SHA-1", + modulusLength: 1024, + publicExponent: new Uint8Array([0x01, 0x00, 0x01]) + }; + + function checkPrototypes(obj, type) { + return obj.__proto__ != window[type].prototype && + obj.__proto__ == frames[0][type].prototype + } + + var p1 = crypto.subtle.importKey.call( + frames[0].crypto.subtle, "raw", data, hmacAlg, false, ["sign", "verify"]); + var p2 = crypto.subtle.generateKey.call( + frames[0].crypto.subtle, hmacAlg, false, ["sign", "verify"]); + var p3 = crypto.subtle.generateKey.call( + frames[0].crypto.subtle, rsaAlg, false, ["sign", "verify"]); + + if (!checkPrototypes(p1, "Promise") || + !checkPrototypes(p2, "Promise") || + !checkPrototypes(p3, "Promise")) { + error(that)(); + } + + Promise.all([p1, p2, p3]).then(complete(that, keys => { + return keys.every(key => { + if (key instanceof CryptoKey) { + return checkPrototypes(key, "CryptoKey"); + } + + return checkPrototypes(key.publicKey, "CryptoKey") && + checkPrototypes(key.privateKey, "CryptoKey"); + }); + }), error(that)); + } +); +/*]]>*/</script> +</head> + +<body> + +<div id="content"> + <div id="head"> + <b>Web</b>Crypto<br> + </div> + + <iframe style="display: none;"></iframe> + <div id="start" onclick="start();">RUN ALL</div> + + <div id="resultDiv" class="content"> + Summary: + <span class="pass"><span id="passN">0</span> passed, </span> + <span class="fail"><span id="failN">0</span> failed, </span> + <span class="pending"><span id="pendingN">0</span> pending.</span> + <br/> + <br/> + + <table id="results"> + <tr> + <th>Test</th> + <th>Result</th> + <th>Time</th> + </tr> + </table> + + </div> + + <div id="foot"></div> +</div> + +</body> +</html> diff --git a/dom/crypto/test/test_WebCrypto_DH.html b/dom/crypto/test/test_WebCrypto_DH.html new file mode 100644 index 000000000..55d83e15c --- /dev/null +++ b/dom/crypto/test/test_WebCrypto_DH.html @@ -0,0 +1,284 @@ +<!DOCTYPE html> +<html> + +<head> +<title>WebCrypto Test Suite</title> +<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> +<link rel="stylesheet" href="./test_WebCrypto.css"/> +<script src="/tests/SimpleTest/SimpleTest.js"></script> + +<!-- Utilities for manipulating ABVs --> +<script src="util.js"></script> + +<!-- A simple wrapper around IndexedDB --> +<script src="simpledb.js"></script> + +<!-- Test vectors drawn from the literature --> +<script src="./test-vectors.js"></script> + +<!-- General testing framework --> +<script src="./test-array.js"></script> + +<script>/*<![CDATA[*/ +"use strict"; + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Generate a DH key", + function() { + var that = this; + var alg = { + name: "DH", + prime: tv.dh.prime, + generator: new Uint8Array([0x02]) + }; + crypto.subtle.generateKey(alg, false, ["deriveKey", "deriveBits"]).then( + complete(that, function(x) { + return exists(x.publicKey) && + (x.publicKey.algorithm.name == alg.name) && + util.memcmp(x.publicKey.algorithm.prime, alg.prime) && + util.memcmp(x.publicKey.algorithm.generator, alg.generator) && + (x.publicKey.type == "public") && + x.publicKey.extractable && + (x.publicKey.usages.length == 0) && + exists(x.privateKey) && + (x.privateKey.algorithm.name == alg.name) && + util.memcmp(x.privateKey.algorithm.prime, alg.prime) && + util.memcmp(x.privateKey.algorithm.generator, alg.generator) && + (x.privateKey.type == "private") && + !x.privateKey.extractable && + (x.privateKey.usages.length == 2) && + (x.privateKey.usages[0] == "deriveKey") && + (x.privateKey.usages[1] == "deriveBits"); + }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Derive bits from a DH key", + function() { + var that = this; + var alg = { + name: "DH", + prime: tv.dh.prime, + generator: new Uint8Array([0x02]) + }; + + function doDerive(x) { + var alg = { + name: "DH", + public: x.publicKey + }; + return crypto.subtle.deriveBits(alg, x.privateKey, 128); + } + + crypto.subtle.generateKey(alg, false, ["deriveBits"]) + .then(doDerive, error(that)) + .then(complete(that, function (x) { + return x.byteLength == 16; + }), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Test that DH deriveBits() fails when the public key is not a DH key", + function() { + var that = this; + var pubKey, privKey; + function setPub(x) { pubKey = x.publicKey; } + function setPriv(x) { privKey = x.privateKey; } + + function doGenerateDH() { + var alg = { + name: "DH", + prime: tv.dh.prime, + generator: new Uint8Array([0x02]) + }; + return crypto.subtle.generateKey(alg, false, ["deriveBits"]); + } + + function doGenerateRSA() { + var alg = { + name: "RSA-OAEP", + hash: "SHA-256", + modulusLength: 2048, + publicExponent: new Uint8Array([0x01, 0x00, 0x01]) + }; + return crypto.subtle.generateKey(alg, false, ["encrypt"]) + } + + function doDerive() { + var alg = {name: "DH", public: pubKey}; + return crypto.subtle.deriveBits(alg, privKey, 128); + } + + doGenerateDH() + .then(setPriv, error(that)) + .then(doGenerateRSA, error(that)) + .then(setPub, error(that)) + .then(doDerive, error(that)) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Test that DH deriveBits() fails when the given keys' primes or bases don't match", + function() { + var that = this; + var pubKey, privKey; + function setPub(x) { pubKey = x.publicKey; } + function setPriv(x) { privKey = x.privateKey; } + + function doGenerateDH() { + var alg = { + name: "DH", + prime: tv.dh.prime, + generator: new Uint8Array([0x02]) + }; + return crypto.subtle.generateKey(alg, false, ["deriveBits"]); + } + + function doGenerateDH2() { + var alg = { + name: "DH", + prime: tv.dh.prime2, + generator: new Uint8Array([0x02]) + }; + return crypto.subtle.generateKey(alg, false, ["deriveBits"]); + } + + function doGenerateDH3() { + var alg = { + name: "DH", + prime: tv.dh.prime, + generator: new Uint8Array([0x03]) + }; + return crypto.subtle.generateKey(alg, false, ["deriveBits"]); + } + + function doDerive() { + var alg = {name: "DH", public: pubKey}; + return crypto.subtle.deriveBits(alg, privKey, 128); + } + + doGenerateDH() + .then(setPriv, error(that)) + .then(doGenerateDH2, error(that)) + .then(setPub, error(that)) + .then(doDerive, error(that)) + .then(error(that), doGenerateDH3) + .then(setPub, error(that)) + .then(doDerive, error(that)) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Raw import/export of a public DH key", + function () { + var that = this; + var alg = { + name: "DH", + prime: tv.dh_nist.prime, + generator: tv.dh_nist.gen + }; + + function doExport(x) { + return crypto.subtle.exportKey("raw", x); + } + + crypto.subtle.importKey("raw", tv.dh_nist.raw, alg, true, ["deriveBits"]) + .then(doExport) + .then(memcmp_complete(that, tv.dh_nist.raw), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Derive bits from an imported public and a generated private DH key", + function() { + var that = this; + var alg = { + name: "DH", + prime: tv.dh_nist.prime, + generator: tv.dh_nist.gen + }; + + var privKey; + function setPriv(x) { privKey = x.privateKey; } + + function doImport() { + return crypto.subtle.importKey("raw", tv.dh_nist.raw, alg, true, ["deriveBits"]); + } + + function doDerive(pubKey) { + var alg = {name: "DH", public: pubKey}; + return crypto.subtle.deriveBits(alg, privKey, 128); + } + + crypto.subtle.generateKey(alg, false, ["deriveBits"]) + .then(setPriv, error(that)) + .then(doImport, error(that)) + .then(doDerive, error(that)) + .then(complete(that, function (x) { + return x.byteLength == 16; + }), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "SPKI import/export of a public DH key", + function() { + var that = this; + + function doExport(x) { + return crypto.subtle.exportKey("spki", x); + } + + crypto.subtle.importKey("spki", tv.dh_nist.spki, "DH", true, ["deriveBits"]) + .then(doExport, error(that)) + .then(memcmp_complete(that, tv.dh_nist.spki), error(that)); + } +); +/*]]>*/</script> +</head> + +<body> + +<div id="content"> + <div id="head"> + <b>Web</b>Crypto<br> + </div> + + <div id="start" onclick="start();">RUN ALL</div> + + <div id="resultDiv" class="content"> + Summary: + <span class="pass"><span id="passN">0</span> passed, </span> + <span class="fail"><span id="failN">0</span> failed, </span> + <span class="pending"><span id="pendingN">0</span> pending.</span> + <br/> + <br/> + + <table id="results"> + <tr> + <th>Test</th> + <th>Result</th> + <th>Time</th> + </tr> + </table> + + </div> + + <div id="foot"></div> +</div> + +</body> +</html> diff --git a/dom/crypto/test/test_WebCrypto_ECDH.html b/dom/crypto/test/test_WebCrypto_ECDH.html new file mode 100644 index 000000000..671c7c693 --- /dev/null +++ b/dom/crypto/test/test_WebCrypto_ECDH.html @@ -0,0 +1,583 @@ +<!DOCTYPE html> +<html> + +<head> +<title>WebCrypto Test Suite</title> +<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> +<link rel="stylesheet" href="./test_WebCrypto.css"/> +<script src="/tests/SimpleTest/SimpleTest.js"></script> + +<!-- Utilities for manipulating ABVs --> +<script src="util.js"></script> + +<!-- A simple wrapper around IndexedDB --> +<script src="simpledb.js"></script> + +<!-- Test vectors drawn from the literature --> +<script src="./test-vectors.js"></script> + +<!-- General testing framework --> +<script src="./test-array.js"></script> + +<script>/*<![CDATA[*/ +"use strict"; + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Generate an ECDH key for named curve P-256", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; + crypto.subtle.generateKey(alg, false, ["deriveKey", "deriveBits"]).then( + complete(that, function(x) { + return exists(x.publicKey) && + (x.publicKey.algorithm.name == alg.name) && + (x.publicKey.algorithm.namedCurve == alg.namedCurve) && + (x.publicKey.type == "public") && + x.publicKey.extractable && + (x.publicKey.usages.length == 0) && + exists(x.privateKey) && + (x.privateKey.algorithm.name == alg.name) && + (x.privateKey.algorithm.namedCurve == alg.namedCurve) && + (x.privateKey.type == "private") && + !x.privateKey.extractable && + (x.privateKey.usages.length == 2) && + (x.privateKey.usages[0] == "deriveKey") && + (x.privateKey.usages[1] == "deriveBits"); + }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Generate an ECDH key and derive some bits", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; + + var pair; + function setKeyPair(x) { pair = x; } + + function doDerive(n) { + return function (x) { + var alg = { name: "ECDH", public: pair.publicKey }; + return crypto.subtle.deriveBits(alg, pair.privateKey, n * 8); + } + } + + crypto.subtle.generateKey(alg, false, ["deriveBits"]) + .then(setKeyPair, error(that)) + .then(doDerive(2), error(that)) + .then(function (x) { + // Deriving less bytes works. + if (x.byteLength != 2) { + throw "should have derived two bytes"; + } + }) + // Deriving more than the curve yields doesn't. + .then(doDerive(33), error(that)) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Test that ECDH deriveBits() fails when the public key is not an ECDH key", + function() { + var that = this; + var pubKey, privKey; + function setPub(x) { pubKey = x.publicKey; } + function setPriv(x) { privKey = x.privateKey; } + + function doGenerateP256() { + var alg = { name: "ECDH", namedCurve: "P-256" }; + return crypto.subtle.generateKey(alg, false, ["deriveBits"]); + } + + function doGenerateRSA() { + var alg = { + name: "RSA-OAEP", + hash: "SHA-256", + modulusLength: 2048, + publicExponent: new Uint8Array([0x01, 0x00, 0x01]) + }; + return crypto.subtle.generateKey(alg, false, ["encrypt", "decrypt"]) + } + + function doDerive() { + var alg = { name: "ECDH", public: pubKey }; + return crypto.subtle.deriveBits(alg, privKey, 16); + } + + doGenerateP256() + .then(setPriv, error(that)) + .then(doGenerateRSA, error(that)) + .then(setPub, error(that)) + .then(doDerive, error(that)) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Test that ECDH deriveBits() fails when the given keys' curves don't match", + function() { + var that = this; + var pubKey, privKey; + function setPub(x) { pubKey = x.publicKey; } + function setPriv(x) { privKey = x.privateKey; } + + function doGenerateP256() { + var alg = { name: "ECDH", namedCurve: "P-256" }; + return crypto.subtle.generateKey(alg, false, ["deriveBits"]); + } + + function doGenerateP384() { + var alg = { name: "ECDH", namedCurve: "P-384" }; + return crypto.subtle.generateKey(alg, false, ["deriveBits"]); + } + + function doDerive() { + var alg = { name: "ECDH", public: pubKey }; + return crypto.subtle.deriveBits(alg, privKey, 16); + } + + doGenerateP256() + .then(setPriv, error(that)) + .then(doGenerateP384, error(that)) + .then(setPub, error(that)) + .then(doDerive, error(that)) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "JWK import an ECDH public and private key and derive bits (P-256)", + function () { + var that = this; + var alg = { name: "ECDH" }; + + var pubKey, privKey; + function setPub(x) { pubKey = x; } + function setPriv(x) { privKey = x; } + + function doDerive() { + var alg = { name: "ECDH", public: pubKey }; + return crypto.subtle.deriveBits(alg, privKey, tv.ecdh_p256.secret.byteLength * 8); + } + + Promise.all([ + crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveBits"]) + .then(setPriv, error(that)), + crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, false, ["deriveBits"]) + .then(setPub, error(that)) + ]).then(doDerive, error(that)) + .then(memcmp_complete(that, tv.ecdh_p256.secret), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "JWK import an ECDH public and private key and derive bits (P-384)", + function () { + var that = this; + var alg = { name: "ECDH" }; + + var pubKey, privKey; + function setPub(x) { pubKey = x; } + function setPriv(x) { privKey = x; } + + function doDerive() { + var alg = { name: "ECDH", public: pubKey }; + return crypto.subtle.deriveBits(alg, privKey, tv.ecdh_p384.secret.byteLength * 8); + } + + Promise.all([ + crypto.subtle.importKey("jwk", tv.ecdh_p384.jwk_priv, alg, false, ["deriveBits"]) + .then(setPriv, error(that)), + crypto.subtle.importKey("jwk", tv.ecdh_p384.jwk_pub, alg, false, ["deriveBits"]) + .then(setPub, error(that)) + ]).then(doDerive, error(that)) + .then(memcmp_complete(that, tv.ecdh_p384.secret), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "JWK import an ECDH public and private key and derive bits (P-521)", + function () { + var that = this; + var alg = { name: "ECDH" }; + + var pubKey, privKey; + function setPub(x) { pubKey = x; } + function setPriv(x) { privKey = x; } + + function doDerive() { + var alg = { name: "ECDH", public: pubKey }; + return crypto.subtle.deriveBits(alg, privKey, tv.ecdh_p521.secret.byteLength * 8); + } + + Promise.all([ + crypto.subtle.importKey("jwk", tv.ecdh_p521.jwk_priv, alg, false, ["deriveBits"]) + .then(setPriv, error(that)), + crypto.subtle.importKey("jwk", tv.ecdh_p521.jwk_pub, alg, false, ["deriveBits"]) + .then(setPub, error(that)) + ]).then(doDerive, error(that)) + .then(memcmp_complete(that, tv.ecdh_p521.secret), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "JWK import/export roundtrip with ECDH (P-256)", + function () { + var that = this; + var alg = { name: "ECDH" }; + + var pubKey, privKey; + function setPub(x) { pubKey = x; } + function setPriv(x) { privKey = x; } + + function doExportPub() { + return crypto.subtle.exportKey("jwk", pubKey); + } + function doExportPriv() { + return crypto.subtle.exportKey("jwk", privKey); + } + + Promise.all([ + crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, true, ["deriveBits"]) + .then(setPriv, error(that)), + crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, true, ["deriveBits"]) + .then(setPub, error(that)) + ]).then(doExportPub, error(that)) + .then(function (x) { + var tp = tv.ecdh_p256.jwk_pub; + if ((tp.kty != x.kty) && + (tp.crv != x.crv) && + (tp.x != x.x) && + (tp.y != x.y)) { + throw "exported public key doesn't match"; + } + }, error(that)) + .then(doExportPriv, error(that)) + .then(complete(that, function (x) { + var tp = tv.ecdh_p256.jwk_priv; + return (tp.kty == x.kty) && + (tp.crv == x.crv) && + (tp.d == x.d) && + (tp.x == x.x) && + (tp.y == x.y); + }), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Test that importing bad JWKs fails", + function () { + var that = this; + var alg = { name: "ECDH" }; + var tvs = tv.ecdh_p256_negative; + + function doTryImport(jwk) { + return function () { + return crypto.subtle.importKey("jwk", jwk, alg, false, ["deriveBits"]); + } + } + + doTryImport(tvs.jwk_bad_crv)() + .then(error(that), doTryImport(tvs.jwk_missing_crv)) + .then(error(that), doTryImport(tvs.jwk_missing_x)) + .then(error(that), doTryImport(tvs.jwk_missing_y)) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "JWK export of a newly generated ECDH private key", + function () { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; + var reBase64URL = /^[a-zA-Z0-9_-]+$/; + + function doExportToJWK(x) { + return crypto.subtle.exportKey("jwk", x.privateKey) + } + + crypto.subtle.generateKey(alg, true, ["deriveKey", "deriveBits"]) + .then(doExportToJWK) + .then( + complete(that, function(x) { + return x.ext && + x.kty == 'EC' && + x.crv == 'P-256' && + reBase64URL.test(x.x) && + reBase64URL.test(x.y) && + reBase64URL.test(x.d) && + x.x.length == 43 && // 32 octets, base64-encoded + x.y.length == 43 && // 32 octets, base64-encoded + shallowArrayEquals(x.key_ops, ['deriveKey', 'deriveBits']); + }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Derive an HMAC key from two ECDH keys and test sign/verify", + function() { + var that = this; + var alg = { name: "ECDH" }; + var algDerived = { name: "HMAC", hash: {name: "SHA-1"} }; + + var pubKey, privKey; + function setPub(x) { pubKey = x; } + function setPriv(x) { privKey = x; } + + function doDerive() { + var alg = { name: "ECDH", public: pubKey }; + return crypto.subtle.deriveKey(alg, privKey, algDerived, false, ["sign", "verify"]) + .then(function (x) { + if (!hasKeyFields(x)) { + throw "Invalid key; missing field(s)"; + } + + // 512 bit is the default for HMAC-SHA1. + if (x.algorithm.length != 512) { + throw "Invalid key; incorrect length"; + } + + return x; + }); + } + + function doSignAndVerify(x) { + var data = crypto.getRandomValues(new Uint8Array(1024)); + return crypto.subtle.sign("HMAC", x, data) + .then(function (sig) { + return crypto.subtle.verify("HMAC", x, sig, data); + }); + } + + Promise.all([ + crypto.subtle.importKey("jwk", tv.ecdh_p521.jwk_priv, alg, false, ["deriveKey"]) + .then(setPriv), + crypto.subtle.importKey("jwk", tv.ecdh_p521.jwk_pub, alg, false, ["deriveKey"]) + .then(setPub) + ]).then(doDerive) + .then(doSignAndVerify) + .then(complete(that, x => x), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "SPKI import/export of public ECDH keys (P-256)", + function () { + var that = this; + var alg = { name: "ECDH" }; + var keys = ["spki", "spki_id_ecpk"]; + + function doImport(key) { + return crypto.subtle.importKey("spki", tv.ecdh_p256[key], alg, true, ["deriveBits"]); + } + + function doExport(x) { + return crypto.subtle.exportKey("spki", x); + } + + function nextKey() { + var key = keys.shift(); + var imported = doImport(key); + var derived = imported.then(doExport); + + return derived.then(function (x) { + if (!util.memcmp(x, tv.ecdh_p256.spki)) { + throw "exported key is invalid"; + } + + if (keys.length) { + return nextKey(); + } + }); + } + + nextKey().then(complete(that), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "SPKI/JWK import ECDH keys (P-256) and derive a known secret", + function () { + var that = this; + var alg = { name: "ECDH" }; + + var pubKey, privKey; + function setPub(x) { pubKey = x; } + function setPriv(x) { privKey = x; } + + function doDerive() { + var alg = { name: "ECDH", public: pubKey }; + return crypto.subtle.deriveBits(alg, privKey, tv.ecdh_p256.secret.byteLength * 8); + } + + Promise.all([ + crypto.subtle.importKey("spki", tv.ecdh_p256.spki, alg, false, ["deriveBits"]) + .then(setPub), + crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveBits"]) + .then(setPriv) + ]).then(doDerive) + .then(memcmp_complete(that, tv.ecdh_p256.secret), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Raw import/export of a public ECDH key (P-256)", + function () { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; + + function doExport(x) { + return crypto.subtle.exportKey("raw", x); + } + + crypto.subtle.importKey("raw", tv.ecdh_p256.raw, alg, true, ["deriveBits"]) + .then(doExport) + .then(memcmp_complete(that, tv.ecdh_p256.raw), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Test that importing bad raw ECDH keys fails", + function () { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; + var tvs = tv.ecdh_p256_negative.raw_bad; + + crypto.subtle.importKey("raw", tv, alg, false, ["deriveBits"]) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Test that importing ECDH keys with an unknown format fails", + function () { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; + var tvs = tv.ecdh_p256.raw; + + crypto.subtle.importKey("unknown", tv, alg, false, ["deriveBits"]) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Test that importing too short raw ECDH keys fails", + function () { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; + var tvs = tv.ecdh_p256_negative.raw_short; + + crypto.subtle.importKey("raw", tv, alg, false, ["deriveBits"]) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Test that importing too long raw ECDH keys fails", + function () { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; + var tvs = tv.ecdh_p256_negative.raw_long; + + crypto.subtle.importKey("raw", tv, alg, false, ["deriveBits"]) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Test that importing compressed raw ECDH keys fails", + function () { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; + var tvs = tv.ecdh_p256_negative.raw_compressed; + + crypto.subtle.importKey("raw", tv, alg, false, ["deriveBits"]) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RAW/JWK import ECDH keys (P-256) and derive a known secret", + function () { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; + + var pubKey, privKey; + function setPub(x) { pubKey = x; } + function setPriv(x) { privKey = x; } + + function doDerive() { + var alg = { name: "ECDH", public: pubKey }; + return crypto.subtle.deriveBits(alg, privKey, tv.ecdh_p256.secret.byteLength * 8); + } + + Promise.all([ + crypto.subtle.importKey("raw", tv.ecdh_p256.raw, alg, false, ["deriveBits"]) + .then(setPub), + crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveBits"]) + .then(setPriv) + ]).then(doDerive) + .then(memcmp_complete(that, tv.ecdh_p256.secret), error(that)); + } +); +/*]]>*/</script> +</head> + +<body> + +<div id="content"> + <div id="head"> + <b>Web</b>Crypto<br> + </div> + + <div id="start" onclick="start();">RUN ALL</div> + + <div id="resultDiv" class="content"> + Summary: + <span class="pass"><span id="passN">0</span> passed, </span> + <span class="fail"><span id="failN">0</span> failed, </span> + <span class="pending"><span id="pendingN">0</span> pending.</span> + <br/> + <br/> + + <table id="results"> + <tr> + <th>Test</th> + <th>Result</th> + <th>Time</th> + </tr> + </table> + + </div> + + <div id="foot"></div> +</div> + +</body> +</html> diff --git a/dom/crypto/test/test_WebCrypto_ECDSA.html b/dom/crypto/test/test_WebCrypto_ECDSA.html new file mode 100644 index 000000000..bc9bf1a3f --- /dev/null +++ b/dom/crypto/test/test_WebCrypto_ECDSA.html @@ -0,0 +1,215 @@ +<!DOCTYPE html> +<html> + +<head> +<title>WebCrypto Test Suite</title> +<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> +<link rel="stylesheet" href="./test_WebCrypto.css"/> +<script src="/tests/SimpleTest/SimpleTest.js"></script> + +<!-- Utilities for manipulating ABVs --> +<script src="util.js"></script> + +<!-- A simple wrapper around IndexedDB --> +<script src="simpledb.js"></script> + +<!-- Test vectors drawn from the literature --> +<script src="./test-vectors.js"></script> + +<!-- General testing framework --> +<script src="./test-array.js"></script> + +<script>/*<![CDATA[*/ +"use strict"; + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Generate an ECDSA key for named curve P-256", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-256" }; + crypto.subtle.generateKey(alg, false, ["sign", "verify"]).then( + complete(that, function(x) { + return exists(x.publicKey) && + (x.publicKey.algorithm.name == alg.name) && + (x.publicKey.algorithm.namedCurve == alg.namedCurve) && + (x.publicKey.type == "public") && + x.publicKey.extractable && + (x.publicKey.usages.length == 1) && + (x.publicKey.usages[0] == "verify") && + exists(x.privateKey) && + (x.privateKey.algorithm.name == alg.name) && + (x.privateKey.algorithm.namedCurve == alg.namedCurve) && + (x.privateKey.type == "private") && + !x.privateKey.extractable && + (x.privateKey.usages.length == 1) && + (x.privateKey.usages[0] == "sign") + }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "ECDSA JWK import and verify a known-good signature", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; + + function doVerify(x) { + return crypto.subtle.verify(alg, x, tv.ecdsa_verify.sig, tv.ecdsa_verify.data); + } + + crypto.subtle.importKey("jwk", tv.ecdsa_verify.pub_jwk, alg, true, ["verify"]) + .then(doVerify) + .then(complete(that, x => x), error(that)) + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "ECDSA key generation with public key export", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-256", hash: "SHA-256" }; + var msg = Uint8Array.from([1]); + + crypto.subtle.generateKey(alg, false, ["sign", "verify"]) + .then(pair => Promise.all([ + crypto.subtle.sign(alg, pair.privateKey, msg), + crypto.subtle.exportKey("spki", pair.publicKey) + .then(spki => crypto.subtle.importKey("spki", spki, alg, false, ["verify"])) + ])) + .then(sigAndKey => crypto.subtle.verify(alg, sigAndKey[1], sigAndKey[0], msg)) + .then(complete(that, x => x), error(that)) + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "ECDSA JWK import and reject a known-bad signature", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-256", hash: "SHA-256" }; + + function doVerify(x) { + return crypto.subtle.verify(alg, x, tv.ecdsa_verify.sig_tampered, + tv.ecdsa_verify.data); + } + + crypto.subtle.importKey("jwk", tv.ecdsa_verify.pub_jwk, alg, true, ["verify"]) + .then(doVerify) + .then(complete(that, x => !x), error(that)) + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "ECDSA sign/verify round-trip", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; + var pubKey; + + + function doSign(keyPair) { + pubKey = keyPair.publicKey; + return crypto.subtle.sign(alg, keyPair.privateKey, tv.ecdsa_verify.data); + } + function doVerify(sig) { + return crypto.subtle.verify(alg, pubKey, sig, tv.ecdsa_verify.data); + } + + crypto.subtle.generateKey(alg, true, ["sign", "verify"]) + .then(doSign) + .then(doVerify) + .then(complete(that, x => x), error(that)) + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDSA import fails with a known-bad public key", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-256", hash: "SHA-256" }; + + function doVerify(x) { + return crypto.subtle.verify(alg, x, tv.ecdsa_verify.sig, tv.ecdsa_verify.data); + } + + crypto.subtle.importKey("jwk", tv.ecdsa_bad.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)) + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Raw import/export of a public ECDSA key (P-521)", + function () { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; + + function doExport(x) { + return crypto.subtle.exportKey("raw", x); + } + + crypto.subtle.importKey("raw", tv.ecdsa_verify.raw, alg, true, ["verify"]) + .then(doExport) + .then(memcmp_complete(that, tv.ecdsa_verify.raw), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "ECDSA raw import and verify a known-good signature", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; + + function doVerify(x) { + return crypto.subtle.verify(alg, x, tv.ecdsa_verify.sig, tv.ecdsa_verify.data); + } + + crypto.subtle.importKey("raw", tv.ecdsa_verify.raw, alg, true, ["verify"]) + .then(doVerify) + .then(complete(that, x => x), error(that)) + } +); + +/*]]>*/</script> +</head> + +<body> + +<div id="content"> + <div id="head"> + <b>Web</b>Crypto<br> + </div> + + <div id="start" onclick="start();">RUN ALL</div> + + <div id="resultDiv" class="content"> + Summary: + <span class="pass"><span id="passN">0</span> passed, </span> + <span class="fail"><span id="failN">0</span> failed, </span> + <span class="pending"><span id="pendingN">0</span> pending.</span> + <br/> + <br/> + + <table id="results"> + <tr> + <th>Test</th> + <th>Result</th> + <th>Time</th> + </tr> + </table> + + </div> + + <div id="foot"></div> +</div> + +</body> +</html> diff --git a/dom/crypto/test/test_WebCrypto_HKDF.html b/dom/crypto/test/test_WebCrypto_HKDF.html new file mode 100644 index 000000000..dcc871ffa --- /dev/null +++ b/dom/crypto/test/test_WebCrypto_HKDF.html @@ -0,0 +1,351 @@ +<!DOCTYPE html> +<html> + +<head> +<title>WebCrypto Test Suite</title> +<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> +<link rel="stylesheet" href="./test_WebCrypto.css"/> +<script src="/tests/SimpleTest/SimpleTest.js"></script> + +<!-- Utilities for manipulating ABVs --> +<script src="util.js"></script> + +<!-- A simple wrapper around IndexedDB --> +<script src="simpledb.js"></script> + +<!-- Test vectors drawn from the literature --> +<script src="./test-vectors.js"></script> + +<!-- General testing framework --> +<script src="./test-array.js"></script> + +<script>/*<![CDATA[*/ +"use strict"; + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Deriving zero bits should fail", + function() { + var that = this; + var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"); + + var alg = { + name: "HKDF", + hash: "SHA-256", + salt: new Uint8Array(), + info: new Uint8Array() + }; + + crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"]) + .then(x => crypto.subtle.deriveBits(alg, x, 0), error(that)) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Derive four bits with HKDF, no salt or info given", + function() { + var that = this; + var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"); + + var alg = { + name: "HKDF", + hash: "SHA-256", + salt: new Uint8Array(), + info: new Uint8Array() + }; + + crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"]) + .then(x => crypto.subtle.deriveBits(alg, x, 4)) + // The last 4 bits should be zeroes (1000 1101 => 1000 0000). + .then(memcmp_complete(that, new Uint8Array([0x80]))) + .catch(error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Deriving too many bits should fail", + function() { + var that = this; + var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"); + + var alg = { + name: "HKDF", + hash: "SHA-256", + salt: new Uint8Array(), + info: new Uint8Array() + }; + + function deriveBits(x) { + // The maximum length (in bytes) of output material for HKDF is 255 times + // the digest length. In this case, the digest length (in bytes) of + // SHA-256 is 32; 32*255 = 8160. deriveBits expects the length to be in + // bits, so 8160*8=65280 and add 1 to exceed the maximum length. + return crypto.subtle.deriveBits(alg, x, 65281); + } + + crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"]) + .then(deriveBits, error(that)) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Deriving with an unsupported PRF should fail", + function() { + var that = this; + var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"); + + var alg = { + name: "HKDF", + hash: "HMAC", + salt: new Uint8Array(), + info: new Uint8Array() + }; + + function deriveBits(x) { + return crypto.subtle.deriveBits(alg, x, 4); + } + + crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"]) + .then(deriveBits, error(that)) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Deriving with a non-HKDF key should fail", + function() { + var that = this; + + var alg = { + name: "HKDF", + hash: "HMAC", + salt: new Uint8Array(), + info: new Uint8Array() + }; + + function deriveBits(x) { + return crypto.subtle.deriveBits(alg, x, 4); + } + + var ecAlg = {name: "ECDH", namedCurve: "P-256"}; + crypto.subtle.generateKey(ecAlg, false, ["deriveBits"]) + .then(deriveBits, error(that)) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Derive known values from test vectors (SHA-1 and SHA-256)", + function() { + var that = this; + var tests = tv.hkdf.slice(); + + function next() { + if (!tests.length) { + return; + } + + var test = tests.shift(); + var {key, data} = test; + + return crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"]) + .then(function (key) { + return crypto.subtle.deriveBits({ + name: "HKDF", + hash: test.prf, + salt: test.salt, + info: test.info + }, key, test.data.byteLength * 8); + }) + .then(function (data) { + if (!util.memcmp(data, test.data)) { + throw new Error("derived bits don't match expected value"); + } + + // Next test vector. + return next(); + }); + } + + next().then(complete(that), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Derive known values from test vectors (JWK, SHA-256)", + function() { + var that = this; + var test = tv.hkdf[0]; + var alg = { + name: "HKDF", + hash: test.prf, + salt: test.salt, + info: test.info + }; + + crypto.subtle.importKey("jwk", test.jwk, "HKDF", false, ["deriveBits"]) + .then(x => crypto.subtle.deriveBits(alg, x, test.data.byteLength * 8)) + .then(memcmp_complete(that, test.data), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Test wrapping/unwrapping an HKDF key", + function() { + var that = this; + var hkdfKey = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"); + var alg = {name: "AES-GCM", length: 256, iv: new Uint8Array(16)}; + var wrappingKey; + + function wrap(x) { + wrappingKey = x; + return crypto.subtle.encrypt(alg, wrappingKey, hkdfKey); + } + + function unwrap(wrappedKey) { + return crypto.subtle.unwrapKey( + "raw", wrappedKey, wrappingKey, alg, "HKDF", false, ["deriveBits"]) + .then(rawKey => { + return crypto.subtle.deriveBits({ + name: "HKDF", + hash: "SHA-256", + salt: new Uint8Array(), + info: new Uint8Array() + }, rawKey, 4); + }) + .then(derivedBits => { + if (!util.memcmp(derivedBits, new Uint8Array([0x80]))) { + throw new Error("deriving bits failed"); + } + + // Forward to reuse. + return wrappedKey; + }); + } + + crypto.subtle.generateKey(alg, false, ["encrypt", "unwrapKey"]) + .then(wrap) + .then(unwrap) + .then(complete(that), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Unwrapping an HKDF key in PKCS8 format should fail", + function() { + var that = this; + var hkdfKey = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"); + var alg = {name: "AES-GCM", length: 256, iv: new Uint8Array(16)}; + var wrappingKey; + + function wrap(x) { + wrappingKey = x; + return crypto.subtle.encrypt(alg, wrappingKey, hkdfKey); + } + + function unwrap(x) { + return crypto.subtle.unwrapKey( + "pkcs8", x, wrappingKey, alg, "HKDF", false, ["deriveBits"]); + } + + crypto.subtle.generateKey(alg, false, ["encrypt", "unwrapKey"]) + .then(wrap, error(that)) + .then(unwrap, error(that)) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Derive an AES key using with HKDF", + function() { + var that = this; + var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"); + + var alg = { + name: "HKDF", + hash: "SHA-256", + salt: new Uint8Array(), + info: new Uint8Array() + }; + + function deriveKey(x) { + var targetAlg = {name: "AES-GCM", length: 256}; + return crypto.subtle.deriveKey(alg, x, targetAlg, false, ["encrypt"]); + } + + crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveKey"]) + .then(deriveKey) + .then(complete(that), error(that)) + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Deriving an HKDF key with HKDF should fail", + function() { + var that = this; + var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"); + + var alg = { + name: "HKDF", + hash: "SHA-256", + salt: new Uint8Array(), + info: new Uint8Array() + }; + + function deriveKey(x) { + return crypto.subtle.deriveKey(alg, x, "HKDF", false, ["deriveBits"]); + } + + crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveKey"]) + .then(deriveKey) + .then(error(that), complete(that)) + } +); + +/*]]>*/</script> +</head> + +<body> + +<div id="content"> + <div id="head"> + <b>Web</b>Crypto<br> + </div> + + <div id="start" onclick="start();">RUN ALL</div> + + <div id="resultDiv" class="content"> + Summary: + <span class="pass"><span id="passN">0</span> passed, </span> + <span class="fail"><span id="failN">0</span> failed, </span> + <span class="pending"><span id="pendingN">0</span> pending.</span> + <br/> + <br/> + + <table id="results"> + <tr> + <th>Test</th> + <th>Result</th> + <th>Time</th> + </tr> + </table> + + </div> + + <div id="foot"></div> +</div> + +</body> +</html> diff --git a/dom/crypto/test/test_WebCrypto_Import_Multiple_Identical_Keys.html b/dom/crypto/test/test_WebCrypto_Import_Multiple_Identical_Keys.html new file mode 100644 index 000000000..6913bb78e --- /dev/null +++ b/dom/crypto/test/test_WebCrypto_Import_Multiple_Identical_Keys.html @@ -0,0 +1,119 @@ +<!DOCTYPE html> +<html> + +<head> +<title>WebCrypto Test Suite</title> +<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> +<link rel="stylesheet" href="./test_WebCrypto.css"/> +<script src="/tests/SimpleTest/SimpleTest.js"></script> + +<!-- General testing framework --> +<script src="./test-array.js"></script> + +<script>/*<![CDATA[*/ +"use strict"; + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Import the same ECDSA key multiple times and ensure that it can be used.", + function () { + var alg = { name: "ECDSA", namedCurve: "P-256", hash: "SHA-256" }; + crypto.subtle.generateKey(alg, true, ["sign", "verify"]) + .then(function(keyPair) { + return crypto.subtle.exportKey("jwk", keyPair.privateKey); + }) + .then(function(exportedKey) { + let keyImportPromises = []; + for (let i = 0; i < 20; i++) { + keyImportPromises.push( + crypto.subtle.importKey("jwk", exportedKey, alg, false, ["sign"])); + } + return Promise.all(keyImportPromises); + }) + .then(function(importedKeys) { + let signPromises = []; + let data = crypto.getRandomValues(new Uint8Array(32)); + for (let key of importedKeys) { + signPromises.push(crypto.subtle.sign(alg, key, data)); + } + return Promise.all(signPromises); + }) + .then(complete(this, function(signatures) { + return signatures.length == 20; + }), error(this)); + } +); + +// ----------------------------------------------------------------------------- +// This is the same test, but with an RSA key. This test framework stringifies +// each test so it can be sent to and ran in a worker, which unfortunately +// means we can't factor out common code here. +TestArray.addTest( + "Import the same RSA key multiple times and ensure that it can be used.", + function () { + var alg = { + name: "RSASSA-PKCS1-v1_5", + modulusLength: 2048, + publicExponent: new Uint8Array([0x01, 0x00, 0x01]), + hash: "SHA-256" + }; + crypto.subtle.generateKey(alg, true, ["sign", "verify"]) + .then(function(keyPair) { + return crypto.subtle.exportKey("jwk", keyPair.privateKey); + }) + .then(function(exportedKey) { + let keyImportPromises = []; + for (let i = 0; i < 20; i++) { + keyImportPromises.push( + crypto.subtle.importKey("jwk", exportedKey, alg, false, ["sign"])); + } + return Promise.all(keyImportPromises); + }) + .then(function(importedKeys) { + let signPromises = []; + let data = crypto.getRandomValues(new Uint8Array(32)); + for (let key of importedKeys) { + signPromises.push(crypto.subtle.sign(alg, key, data)); + } + return Promise.all(signPromises); + }) + .then(complete(this, function(signatures) { + return signatures.length == 20; + }), error(this)); + } +); +/*]]>*/</script> +</head> + +<body> + +<div id="content"> + <div id="head"> + <b>Web</b>Crypto<br> + </div> + + <div id="start" onclick="start();">RUN ALL</div> + + <div id="resultDiv" class="content"> + Summary: + <span class="pass"><span id="passN">0</span> passed, </span> + <span class="fail"><span id="failN">0</span> failed, </span> + <span class="pending"><span id="pendingN">0</span> pending.</span> + <br/> + <br/> + + <table id="results"> + <tr> + <th>Test</th> + <th>Result</th> + <th>Time</th> + </tr> + </table> + + </div> + + <div id="foot"></div> +</div> + +</body> +</html> diff --git a/dom/crypto/test/test_WebCrypto_JWK.html b/dom/crypto/test/test_WebCrypto_JWK.html new file mode 100644 index 000000000..f9916f5f2 --- /dev/null +++ b/dom/crypto/test/test_WebCrypto_JWK.html @@ -0,0 +1,369 @@ +<!DOCTYPE html> +<html> + +<head> +<title>WebCrypto Test Suite</title> +<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> +<link rel="stylesheet" href="./test_WebCrypto.css"/> +<script src="/tests/SimpleTest/SimpleTest.js"></script> + +<!-- Utilities for manipulating ABVs --> +<script src="util.js"></script> + +<!-- A simple wrapper around IndexedDB --> +<script src="simpledb.js"></script> + +<!-- Test vectors drawn from the literature --> +<script src="./test-vectors.js"></script> + +<!-- General testing framework --> +<script src="./test-array.js"></script> + +<script>/*<![CDATA[*/ +"use strict"; + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "JWK import and use of an AES-GCM key", + function () { + var that = this; + + function doEncrypt(x) { + return crypto.subtle.encrypt( + { + name: "AES-GCM", + iv: tv.aes_gcm_enc.iv, + additionalData: tv.aes_gcm_enc.adata, + tagLength: 128 + }, + x, tv.aes_gcm_enc.data); + } + + crypto.subtle.importKey("jwk", tv.aes_gcm_enc.key_jwk, "AES-GCM", false, ['encrypt']) + .then(doEncrypt) + .then( + memcmp_complete(that, tv.aes_gcm_enc.result), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "JWK import and use of an RSASSA-PKCS1-v1_5 private key", + function () { + var that = this; + var alg = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }; + + function doSign(x) { + return crypto.subtle.sign(alg.name, x, tv.rsassa.data); + } + function fail(x) { console.log(x); error(that); } + + crypto.subtle.importKey("jwk", tv.rsassa.jwk_priv, alg, false, ['sign']) + .then( doSign, fail ) + .then( memcmp_complete(that, tv.rsassa.sig256), fail ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "JWK import and use of an RSASSA-PKCS1-v1_5 public key", + function () { + var that = this; + var alg = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }; + + function doVerify(x) { + return crypto.subtle.verify(alg.name, x, tv.rsassa.sig256, tv.rsassa.data); + } + function fail(x) { error(that); } + + crypto.subtle.importKey("jwk", tv.rsassa.jwk_pub, alg, false, ['verify']) + .then( doVerify, fail ) + .then( + complete(that, function(x) { return x; }), + fail + ); + }); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "JWK import failure on incomplete RSA private key (missing 'qi')", + function () { + var that = this; + var alg = { name: "RSA-OAEP", hash: "SHA-256" }; + var jwk = { + kty: "RSA", + n: tv.rsassa.jwk_priv.n, + e: tv.rsassa.jwk_priv.e, + d: tv.rsassa.jwk_priv.d, + p: tv.rsassa.jwk_priv.p, + q: tv.rsassa.jwk_priv.q, + dp: tv.rsassa.jwk_priv.dp, + dq: tv.rsassa.jwk_priv.dq, + }; + + crypto.subtle.importKey("jwk", jwk, alg, true, ['encrypt', 'decrypt']) + .then( error(that), complete(that) ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "JWK import failure on algorithm mismatch", + function () { + var that = this; + var alg = "AES-GCM"; + var jwk = { k: "c2l4dGVlbiBieXRlIGtleQ", alg: "A256GCM" }; + + crypto.subtle.importKey("jwk", jwk, alg, true, ['encrypt', 'decrypt']) + .then( error(that), complete(that) ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "JWK import failure on usages mismatch", + function () { + var that = this; + var alg = "AES-GCM"; + var jwk = { k: "c2l4dGVlbiBieXRlIGtleQ", key_ops: ['encrypt'] }; + + crypto.subtle.importKey("jwk", jwk, alg, true, ['encrypt', 'decrypt']) + .then( error(that), complete(that) ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "JWK import failure on extractable mismatch", + function () { + var that = this; + var alg = "AES-GCM"; + var jwk = { k: "c2l4dGVlbiBieXRlIGtleQ", ext: false }; + + crypto.subtle.importKey("jwk", jwk, alg, true, ['encrypt']) + .then( error(that), complete(that) ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "JWK export of a symmetric key", + function () { + var that = this; + var alg = "AES-GCM"; + var jwk = { k: "c2l4dGVlbiBieXRlIGtleQ", kty: "oct" }; + + function doExport(k) { + return crypto.subtle.exportKey("jwk", k); + } + + crypto.subtle.importKey("jwk", jwk, alg, true, ['encrypt', 'decrypt']) + .then(doExport) + .then( + complete(that, function(x) { + return hasBaseJwkFields(x) && + hasFields(x, ['k']) && + x.kty == 'oct' && + x.alg == 'A128GCM' && + x.ext && + shallowArrayEquals(x.key_ops, ['encrypt','decrypt']) && + x.k == jwk.k + }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "JWK import/export of an RSA private key", + function () { + var jwk = tv.rsassa.jwk_priv; + + var that = this; + var alg = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }; + + function doExport(k) { + return crypto.subtle.exportKey("jwk", k); + } + + crypto.subtle.importKey("jwk", jwk, alg, true, ['sign']) + .then(doExport) + .then( + complete(that, function(x) { + return hasBaseJwkFields(x) && + hasFields(x, ['n', 'e', 'd', 'p', 'q', 'dp', 'dq', 'qi']) && + x.kty == 'RSA' && + x.alg == 'RS256' && + x.ext && + shallowArrayEquals(x.key_ops, ['sign']) && + x.n == jwk.n && + x.e == jwk.e && + x.d == jwk.d && + x.p == jwk.p && + x.q == jwk.q && + x.dp == jwk.dp && + x.dq == jwk.dq && + x.qi == jwk.qi; + }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "JWK import/export of an RSA private key where p < q", + function () { + var jwk = tv.rsassa.jwk_priv_pLTq; + + var that = this; + var alg = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }; + + function doExport(k) { + return crypto.subtle.exportKey("jwk", k); + } + + crypto.subtle.importKey("jwk", jwk, alg, true, ['sign']) + .then(doExport) + .then( + complete(that, function(x) { + return hasBaseJwkFields(x) && + hasFields(x, ['n', 'e', 'd', 'p', 'q', 'dp', 'dq', 'qi']) && + x.kty == 'RSA' && + x.alg == 'RS256' && + x.ext && + shallowArrayEquals(x.key_ops, ['sign']) && + x.n == jwk.n && + x.e == jwk.e && + x.d == jwk.d && + x.p == jwk.p && + x.q == jwk.q && + x.dp == jwk.dp && + x.dq == jwk.dq && + x.qi == jwk.qi; + }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "JWK export of an RSA public key", + function () { + var that = this; + var alg = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }; + var jwk = tv.rsassa.jwk_pub; + + function doExport(k) { + return crypto.subtle.exportKey("jwk", k); + } + + crypto.subtle.importKey("jwk", jwk, alg, true, ['verify']) + .then(doExport) + .then( + complete(that, function(x) { + window.jwk_pub = x; + return hasBaseJwkFields(x) && + hasFields(x, ['n', 'e']) && + x.kty == 'RSA' && + x.alg == 'RS256' && + x.ext && + shallowArrayEquals(x.key_ops, ['verify']) && + x.n == jwk.n && + x.e == jwk.e; + }), + error(that) + ); + } +); + +// -------- +TestArray.addTest( + "Check JWK parameters on generated ECDSA key pair", + function() { + crypto.subtle.generateKey({name: 'ECDSA', namedCurve: 'P-256'}, true, ['sign', 'verify']) + .then(pair => Promise.all([ + crypto.subtle.exportKey('jwk', pair.privateKey), + crypto.subtle.exportKey('jwk', pair.publicKey) + ])) + .then( + complete(this, function(x) { + var priv = x[0]; + var pub = x[1]; + var pubIsSubsetOfPriv = Object.keys(pub) + .filter(k => k !== 'key_ops') // key_ops is the only complex attr + .reduce((all, k) => all && pub[k] === priv[k], true); + // Can't use hasBaseJwkFields() because EC keys don't get "alg": + // "alg" matches curve to hash, but WebCrypto keys are more flexible. + return hasFields(pub, ['kty', 'crv', 'key_ops', 'ext']) && + pub.kty === 'EC' && + pub.crv === 'P-256' && + pub.ext && + typeof(pub.x) === 'string' && + typeof(pub.y) === 'string' && + shallowArrayEquals(pub.key_ops, ['verify']) && + pubIsSubsetOfPriv && + shallowArrayEquals(priv.key_ops, ['sign']) && + typeof(priv.d) === 'string'; + }), + error(this)); + } +); + +// -------- +TestArray.addTest( + "Check key_ops parameter on an unusable RSA public key", + function() { + var parameters = { + name: 'RSASSA-PKCS1-v1_5', + modulusLength: 1024, + publicExponent: new Uint8Array([1, 0, 1]), + hash: 'SHA-256' + }; + // The public key generated here will have no usages and will therefore + // have an empty key_ops list. + crypto.subtle.generateKey(parameters, true, ['sign']) + .then(pair => crypto.subtle.exportKey('jwk', pair.publicKey)) + .then(complete(this, x => x.key_ops.length === 0), + error(this)); + } +); +/*]]>*/</script> +</head> + +<body> + +<div id="content"> + <div id="head"> + <b>Web</b>Crypto<br> + </div> + + <div id="start" onclick="start();">RUN ALL</div> + + <div id="resultDiv" class="content"> + Summary: + <span class="pass"><span id="passN">0</span> passed, </span> + <span class="fail"><span id="failN">0</span> failed, </span> + <span class="pending"><span id="pendingN">0</span> pending.</span> + <br/> + <br/> + + <table id="results"> + <tr> + <th>Test</th> + <th>Result</th> + <th>Time</th> + </tr> + </table> + + </div> + + <div id="foot"></div> +</div> + +</body> +</html> diff --git a/dom/crypto/test/test_WebCrypto_Normalize.html b/dom/crypto/test/test_WebCrypto_Normalize.html new file mode 100644 index 000000000..f293c0980 --- /dev/null +++ b/dom/crypto/test/test_WebCrypto_Normalize.html @@ -0,0 +1,93 @@ +<!DOCTYPE html> +<html> + +<head> +<title>WebCrypto Test Suite</title> +<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> +<link rel="stylesheet" href="./test_WebCrypto.css"/> +<script src="/tests/SimpleTest/SimpleTest.js"></script> + +<!-- Utilities for manipulating ABVs --> +<script src="util.js"></script> + +<!-- A simple wrapper around IndexedDB --> +<script src="simpledb.js"></script> + +<!-- Test vectors drawn from the literature --> +<script src="./test-vectors.js"></script> + +<!-- General testing framework --> +<script src="./test-array.js"></script> + +<script>/*<![CDATA[*/ +"use strict"; + +TestArray.addTest( + "Test that we properly normalize algorithm names", + function() { + var that = this; + var alg = { name: "hmac", hash: {name: "sHa-256"} }; + + function doGenerateAesKey() { + var alg = { name: "AES-gcm", length: 192 }; + return crypto.subtle.generateKey(alg, false, ["encrypt"]); + } + + function doGenerateRsaOaepKey() { + var alg = { + name: "rsa-OAEP", + hash: "sha-1", + modulusLength: 2048, + publicExponent: new Uint8Array([0x01, 0x00, 0x01]) + }; + return crypto.subtle.generateKey(alg, false, ["encrypt", "decrypt"]); + } + + function doGenerateRsaSsaPkcs1Key() { + var alg = { name: "RSASSA-pkcs1-V1_5", hash: "SHA-1" }; + return crypto.subtle.importKey("pkcs8", tv.pkcs8, alg, true, ["sign"]); + } + + crypto.subtle.generateKey(alg, false, ["sign"]) + .then(doGenerateAesKey) + .then(doGenerateRsaOaepKey) + .then(doGenerateRsaSsaPkcs1Key) + .then(complete(that), error(that)); + } +); + +/*]]>*/</script> +</head> + +<body> + +<div id="content"> + <div id="head"> + <b>Web</b>Crypto<br> + </div> + + <div id="start" onclick="start();">RUN ALL</div> + + <div id="resultDiv" class="content"> + Summary: + <span class="pass"><span id="passN">0</span> passed, </span> + <span class="fail"><span id="failN">0</span> failed, </span> + <span class="pending"><span id="pendingN">0</span> pending.</span> + <br/> + <br/> + + <table id="results"> + <tr> + <th>Test</th> + <th>Result</th> + <th>Time</th> + </tr> + </table> + + </div> + + <div id="foot"></div> +</div> + +</body> +</html> diff --git a/dom/crypto/test/test_WebCrypto_PBKDF2.html b/dom/crypto/test/test_WebCrypto_PBKDF2.html new file mode 100644 index 000000000..cba93ceb1 --- /dev/null +++ b/dom/crypto/test/test_WebCrypto_PBKDF2.html @@ -0,0 +1,298 @@ +<!DOCTYPE html> +<html> + +<head> +<title>WebCrypto Test Suite</title> +<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> +<link rel="stylesheet" href="./test_WebCrypto.css"/> +<script src="/tests/SimpleTest/SimpleTest.js"></script> + +<!-- Utilities for manipulating ABVs --> +<script src="util.js"></script> + +<!-- A simple wrapper around IndexedDB --> +<script src="simpledb.js"></script> + +<!-- Test vectors drawn from the literature --> +<script src="./test-vectors.js"></script> + +<!-- General testing framework --> +<script src="./test-array.js"></script> + +<script>/*<![CDATA[*/ +"use strict"; + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Import raw PBKDF2 key", + function() { + var that = this; + var alg = "PBKDF2"; + var key = new TextEncoder("utf-8").encode("password"); + + crypto.subtle.importKey("raw", key, alg, false, ["deriveKey"]).then( + complete(that, hasKeyFields), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Unwrapping a PBKDF2 key in PKCS8 format should fail", + function() { + var that = this; + var pbkdf2Key = new TextEncoder("utf-8").encode("password"); + var alg = {name: "AES-GCM", length: 256, iv: new Uint8Array(16)}; + var wrappingKey; + + function wrap(x) { + wrappingKey = x; + return crypto.subtle.encrypt(alg, wrappingKey, pbkdf2Key); + } + + function unwrap(x) { + return crypto.subtle.unwrapKey( + "pkcs8", x, wrappingKey, alg, "PBKDF2", false, ["deriveBits"]); + } + + crypto.subtle.generateKey(alg, false, ["encrypt", "unwrapKey"]) + .then(wrap, error(that)) + .then(unwrap, error(that)) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Import raw PBKDF2 key and derive bits using HMAC-SHA-1", + function() { + var that = this; + var alg = "PBKDF2"; + var key = tv.pbkdf2_sha1.password; + + function doDerive(x) { + if (!hasKeyFields(x)) { + throw "Invalid key; missing field(s)"; + } + + var alg = { + name: "PBKDF2", + hash: "SHA-1", + salt: tv.pbkdf2_sha1.salt, + iterations: tv.pbkdf2_sha1.iterations + }; + return crypto.subtle.deriveBits(alg, x, tv.pbkdf2_sha1.length); + } + function fail(x) { console.log("failing"); error(that)(x); } + + crypto.subtle.importKey("raw", key, alg, false, ["deriveBits"]) + .then( doDerive, fail ) + .then( memcmp_complete(that, tv.pbkdf2_sha1.derived), fail ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Import a PBKDF2 key in JWK format and derive bits using HMAC-SHA-1", + function() { + var that = this; + var alg = "PBKDF2"; + + function doDerive(x) { + if (!hasKeyFields(x)) { + throw "Invalid key; missing field(s)"; + } + + var alg = { + name: "PBKDF2", + hash: "SHA-1", + salt: tv.pbkdf2_sha1.salt, + iterations: tv.pbkdf2_sha1.iterations + }; + return crypto.subtle.deriveBits(alg, x, tv.pbkdf2_sha1.length); + } + function fail(x) { console.log("failing"); error(that)(x); } + + crypto.subtle.importKey("jwk", tv.pbkdf2_sha1.jwk, alg, false, ["deriveBits"]) + .then( doDerive, fail ) + .then( memcmp_complete(that, tv.pbkdf2_sha1.derived), fail ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Import raw PBKDF2 key and derive a new key using HMAC-SHA-1", + function() { + var that = this; + var alg = "PBKDF2"; + var key = tv.pbkdf2_sha1.password; + + function doDerive(x) { + if (!hasKeyFields(x)) { + throw "Invalid key; missing field(s)"; + } + + var alg = { + name: "PBKDF2", + hash: "SHA-1", + salt: tv.pbkdf2_sha1.salt, + iterations: tv.pbkdf2_sha1.iterations + }; + + var algDerived = { + name: "HMAC", + hash: {name: "SHA-1"} + }; + + return crypto.subtle.deriveKey(alg, x, algDerived, false, ["sign", "verify"]) + .then(function (x) { + if (!hasKeyFields(x)) { + throw "Invalid key; missing field(s)"; + } + + if (x.algorithm.length != 512) { + throw "Invalid key; incorrect length"; + } + + return x; + }); + } + + function doSignAndVerify(x) { + var data = new Uint8Array(1024); + + return crypto.subtle.sign("HMAC", x, data) + .then(function (sig) { + return crypto.subtle.verify("HMAC", x, sig, data); + }); + } + + function fail(x) { console.log("failing"); error(that)(x); } + + crypto.subtle.importKey("raw", key, alg, false, ["deriveKey"]) + .then( doDerive, fail ) + .then( doSignAndVerify, fail ) + .then( complete(that, x => x), fail ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Import raw PBKDF2 key and derive a new key using HMAC-SHA-1 with custom length", + function() { + var that = this; + + function doDerive(x) { + var alg = { + name: "PBKDF2", + hash: "SHA-1", + salt: tv.pbkdf2_sha1.salt, + iterations: tv.pbkdf2_sha1.iterations + }; + + var algDerived = {name: "HMAC", hash: "SHA-1", length: 128}; + return crypto.subtle.deriveKey(alg, x, algDerived, false, ["sign"]); + } + + var password = crypto.getRandomValues(new Uint8Array(8)); + crypto.subtle.importKey("raw", password, "PBKDF2", false, ["deriveKey"]) + .then(doDerive) + .then(complete(that, function (x) { + return hasKeyFields(x) && x.algorithm.length == 128; + }), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Import raw PBKDF2 key and derive bits using HMAC-SHA-256", + function() { + var that = this; + var alg = "PBKDF2"; + var key = tv.pbkdf2_sha256.password; + + function doDerive(x) { + if (!hasKeyFields(x)) { + throw "Invalid key; missing field(s)"; + } + + var alg = { + name: "PBKDF2", + hash: "SHA-256", + salt: tv.pbkdf2_sha256.salt, + iterations: tv.pbkdf2_sha256.iterations + }; + return crypto.subtle.deriveBits(alg, x, tv.pbkdf2_sha256.length); + } + function fail(x) { console.log("failing"); error(that)(x); } + + crypto.subtle.importKey("raw", key, alg, false, ["deriveBits"]) + .then( doDerive, fail ) + .then( memcmp_complete(that, tv.pbkdf2_sha256.derived), fail ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Import raw PBKDF2 key and derive bits using HMAC-SHA-256 with zero-length salt", + function() { + var that = this; + var importAlg = { name: "PBKDF2", hash: "SHA-256" }; + var key = tv.pbkdf2_sha256_no_salt.password; + + function doDerive(x) { + if (!hasKeyFields(x)) { + throw "Invalid key; missing field(s)"; + } + + var deriveAlg = { + name: "PBKDF2", + hash: "SHA-256", + salt: new Uint8Array(0), + iterations: tv.pbkdf2_sha256_no_salt.iterations + }; + return crypto.subtle.deriveBits(deriveAlg, x, tv.pbkdf2_sha256_no_salt.length); + } + function fail(x) { console.log("failing"); error(that)(x); } + + crypto.subtle.importKey("raw", key, importAlg, false, ["deriveBits"]) + .then( doDerive, fail ) + .then( memcmp_complete(that, tv.pbkdf2_sha256_no_salt.derived), fail ); + } +); +/*]]>*/</script> +</head> + +<body> + +<div id="content"> + <div id="head"> + <b>Web</b>Crypto<br> + </div> + + <div id="start" onclick="start();">RUN ALL</div> + + <div id="resultDiv" class="content"> + Summary: + <span class="pass"><span id="passN">0</span> passed, </span> + <span class="fail"><span id="failN">0</span> failed, </span> + <span class="pending"><span id="pendingN">0</span> pending.</span> + <br/> + <br/> + + <table id="results"> + <tr> + <th>Test</th> + <th>Result</th> + <th>Time</th> + </tr> + </table> + + </div> + + <div id="foot"></div> +</div> + +</body> +</html> diff --git a/dom/crypto/test/test_WebCrypto_RSA_OAEP.html b/dom/crypto/test/test_WebCrypto_RSA_OAEP.html new file mode 100644 index 000000000..d2a49caf2 --- /dev/null +++ b/dom/crypto/test/test_WebCrypto_RSA_OAEP.html @@ -0,0 +1,214 @@ +<!DOCTYPE html> +<html> + +<head> +<title>WebCrypto Test Suite</title> +<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> +<link rel="stylesheet" href="./test_WebCrypto.css"/> +<script src="/tests/SimpleTest/SimpleTest.js"></script> + +<!-- Utilities for manipulating ABVs --> +<script src="util.js"></script> + +<!-- A simple wrapper around IndexedDB --> +<script src="simpledb.js"></script> + +<!-- Test vectors drawn from the literature --> +<script src="./test-vectors.js"></script> + +<!-- General testing framework --> +<script src="./test-array.js"></script> + +<script>/*<![CDATA[*/ +"use strict"; + +// Generating 2048-bit keys takes some time. +SimpleTest.requestLongerTimeout(2); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSA-OAEP encrypt/decrypt round-trip", + function () { + var that = this; + var privKey, pubKey; + var alg = {name: "RSA-OAEP", hash: "SHA-1"}; + + var privKey, pubKey; + function setPriv(x) { privKey = x; } + function setPub(x) { pubKey = x; } + function doEncrypt() { + return crypto.subtle.encrypt(alg, pubKey, tv.rsaoaep.data); + } + function doDecrypt(x) { + return crypto.subtle.decrypt(alg, privKey, x); + } + + Promise.all([ + crypto.subtle.importKey("pkcs8", tv.rsaoaep.pkcs8, alg, false, ['decrypt']) + .then(setPriv, error(that)), + crypto.subtle.importKey("spki", tv.rsaoaep.spki, alg, false, ['encrypt']) + .then(setPub, error(that)) + ]).then(doEncrypt, error(that)) + .then(doDecrypt, error(that)) + .then( + memcmp_complete(that, tv.rsaoaep.data), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSA-OAEP key generation and encrypt/decrypt round-trip (SHA-256)", + function () { + var that = this; + var alg = { + name: "RSA-OAEP", + hash: "SHA-256", + modulusLength: 2048, + publicExponent: new Uint8Array([0x01, 0x00, 0x01]) + }; + + var privKey, pubKey, data = crypto.getRandomValues(new Uint8Array(128)); + function setKey(x) { pubKey = x.publicKey; privKey = x.privateKey; } + function doEncrypt() { + return crypto.subtle.encrypt(alg, pubKey, data); + } + function doDecrypt(x) { + return crypto.subtle.decrypt(alg, privKey, x); + } + + crypto.subtle.generateKey(alg, false, ['encrypt', 'decrypt']) + .then(setKey, error(that)) + .then(doEncrypt, error(that)) + .then(doDecrypt, error(that)) + .then( + memcmp_complete(that, data), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSA-OAEP decryption known answer", + function () { + var that = this; + var alg = {name: "RSA-OAEP", hash: "SHA-1"}; + + function doDecrypt(x) { + return crypto.subtle.decrypt(alg, x, tv.rsaoaep.result); + } + function fail() { error(that); } + + crypto.subtle.importKey("pkcs8", tv.rsaoaep.pkcs8, alg, false, ['decrypt']) + .then( doDecrypt, fail ) + .then( memcmp_complete(that, tv.rsaoaep.data), fail ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSA-OAEP input data length checks (2048-bit key)", + function () { + var that = this; + var privKey, pubKey; + var alg = { + name: "RSA-OAEP", + hash: "SHA-1", + modulusLength: 2048, + publicExponent: new Uint8Array([0x01, 0x00, 0x01]) + }; + + var privKey, pubKey; + function setKey(x) { pubKey = x.publicKey; privKey = x.privateKey; } + function doEncrypt(n) { + console.log("entered encrypt("+ n +")"); + return function () { + return crypto.subtle.encrypt(alg, pubKey, new Uint8Array(n)); + } + } + + crypto.subtle.generateKey(alg, false, ['encrypt', 'decrypt']) + .then(setKey, error(that)) + .then(doEncrypt(214), error(that)) + .then(doEncrypt(215), error(that)) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSA-OAEP key import with invalid hash", + function () { + var that = this; + var alg = {name: "RSA-OAEP", hash: "SHA-123"}; + + crypto.subtle.importKey("pkcs8", tv.rsaoaep.pkcs8, alg, false, ['decrypt']) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Test that RSA-OAEP encrypt/decrypt accepts strings as AlgorithmIdentifiers", + function () { + var that = this; + var alg = { + name: "RSA-OAEP", + hash: "SHA-256", + modulusLength: 2048, + publicExponent: new Uint8Array([0x01, 0x00, 0x01]) + }; + + var privKey, pubKey, data = crypto.getRandomValues(new Uint8Array(128)); + function setKey(x) { pubKey = x.publicKey; privKey = x.privateKey; } + function doEncrypt() { + return crypto.subtle.encrypt("RSA-OAEP", pubKey, data); + } + function doDecrypt(x) { + return crypto.subtle.decrypt("RSA-OAEP", privKey, x); + } + + crypto.subtle.generateKey(alg, false, ["encrypt", "decrypt"]) + .then(setKey) + .then(doEncrypt) + .then(doDecrypt) + .then(memcmp_complete(that, data), error(that)); + } +); +/*]]>*/</script> +</head> + +<body> + +<div id="content"> + <div id="head"> + <b>Web</b>Crypto<br> + </div> + + <div id="start" onclick="start();">RUN ALL</div> + + <div id="resultDiv" class="content"> + Summary: + <span class="pass"><span id="passN">0</span> passed, </span> + <span class="fail"><span id="failN">0</span> failed, </span> + <span class="pending"><span id="pendingN">0</span> pending.</span> + <br/> + <br/> + + <table id="results"> + <tr> + <th>Test</th> + <th>Result</th> + <th>Time</th> + </tr> + </table> + + </div> + + <div id="foot"></div> +</div> + +</body> +</html> diff --git a/dom/crypto/test/test_WebCrypto_RSA_PSS.html b/dom/crypto/test/test_WebCrypto_RSA_PSS.html new file mode 100644 index 000000000..5c3975140 --- /dev/null +++ b/dom/crypto/test/test_WebCrypto_RSA_PSS.html @@ -0,0 +1,404 @@ +<!DOCTYPE html> +<html> + +<head> +<title>WebCrypto Test Suite</title> +<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> +<link rel="stylesheet" href="./test_WebCrypto.css"/> +<script src="/tests/SimpleTest/SimpleTest.js"></script> + +<!-- Utilities for manipulating ABVs --> +<script src="util.js"></script> + +<!-- A simple wrapper around IndexedDB --> +<script src="simpledb.js"></script> + +<!-- Test vectors drawn from the literature --> +<script src="./test-vectors.js"></script> + +<!-- General testing framework --> +<script src="./test-array.js"></script> + +<script>/*<![CDATA[*/ +"use strict"; + +// Generating 2048-bit keys takes some time. +SimpleTest.requestLongerTimeout(2); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSA-PSS key generation (SHA-1, 1024-bit)", + function () { + var that = this; + var alg = { + name: "RSA-PSS", + hash: "SHA-1", + modulusLength: 1024, + publicExponent: new Uint8Array([0x01, 0x00, 0x01]) + }; + + crypto.subtle.generateKey(alg, false, ["sign", "verify"]) + .then(complete(that), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSA-PSS key generation and sign/verify round-trip (SHA-256, 2048-bit)", + function () { + var that = this; + var alg = { + name: "RSA-PSS", + hash: "SHA-256", + modulusLength: 2048, + publicExponent: new Uint8Array([0x01, 0x00, 0x01]) + }; + + var privKey, pubKey; + var data = crypto.getRandomValues(new Uint8Array(128)); + function setKey(x) { pubKey = x.publicKey; privKey = x.privateKey; } + function doSign() { + var alg = {name: "RSA-PSS", saltLength: 32}; + return crypto.subtle.sign(alg, privKey, data); + } + function doVerify(x) { + var alg = {name: "RSA-PSS", saltLength: 32}; + return crypto.subtle.verify(alg, pubKey, x, data); + } + + crypto.subtle.generateKey(alg, false, ["sign", "verify"]) + .then(setKey, error(that)) + .then(doSign, error(that)) + .then(doVerify, error(that)) + .then(complete(that, x => x), error(that)) + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSA-PSS verify known signature (SHA-1, 1024-bit)", + function () { + var that = this; + var alg = {name: "RSA-PSS", hash: "SHA-1"}; + var vec = tv.rsapss; + + function doVerify(x) { + var alg = {name: "RSA-PSS", saltLength: vec.saltLength}; + return crypto.subtle.verify(alg, x, vec.sig, vec.data); + } + + crypto.subtle.importKey("spki", vec.spki, alg, false, ["verify"]) + .then(doVerify, error(that)) + .then(complete(that, x => x), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Test invalid RSA-PSS signatures", + function () { + var that = this; + var alg = {name: "RSA-PSS", hash: "SHA-1"}; + var vec = tv.rsapss; + + function doVerify(x) { + var alg = {name: "RSA-PSS", saltLength: vec.saltLength}; + var clone1 = new Uint8Array(vec.data); + var clone2 = new Uint8Array(vec.data); + clone1[clone1.byteLength - 1] ^= 1; + clone2[0] ^= 1; + + return Promise.all([ + crypto.subtle.verify(alg, x, vec.sig, clone1), + crypto.subtle.verify(alg, x, vec.sig, clone2), + crypto.subtle.verify(alg, x, vec.sig, vec.data.slice(1)), + crypto.subtle.verify(alg, x, vec.sig, vec.data.slice(0, vec.data.byteLength - 1)), + ]); + } + + crypto.subtle.importKey("spki", vec.spki, alg, false, ["verify"]) + .then(doVerify, error(that)) + .then(results => results.every(x => !x)) + .then(complete(that, x => x), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSA-PSS verify known signature (SHA-1, 1024-bit, JWK)", + function () { + var that = this; + var alg = {name: "RSA-PSS", hash: "SHA-1"}; + + function doVerify(x) { + var alg = {name: "RSA-PSS", saltLength: tv.rsapss.saltLength}; + return crypto.subtle.verify(alg, x, tv.rsapss.sig, tv.rsapss.data); + } + + crypto.subtle.importKey("jwk", tv.rsapss.jwk_pub, alg, false, ["verify"]) + .then(doVerify, error(that)) + .then(complete(that, x => x), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSA-PSS verify known signatures (SHA-1 to SHA-512, 1024-bit)", + function () { + var that = this; + + function verifyCase(hash, tv) { + var alg = {name: "RSA-PSS", hash, saltLength: tv.saltLength}; + return crypto.subtle.importKey("spki", tv.spki, alg, false, ["verify"]) + .then(x => crypto.subtle.verify(alg, x, tv.sig, tv.data)); + } + + Promise.all([ + verifyCase("SHA-1", tv.rsapss2), + verifyCase("SHA-256", tv.rsapss3), + verifyCase("SHA-384", tv.rsapss4), + verifyCase("SHA-512", tv.rsapss5), + ]).then(complete(that, x => x.every(y => y)), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSA-PSS import SPKI/PKCS#8 keys and sign/verify (SHA-1, 1024-bit)", + function () { + var that = this; + var alg = {name: "RSA-PSS", hash: "SHA-1"}; + + var privKey, pubKey; + function setKeys([pub, priv]) { pubKey = pub; privKey = priv; } + function doSign() { + var alg = {name: "RSA-PSS", saltLength: tv.rsapss.saltLength}; + return crypto.subtle.sign(alg, privKey, tv.rsapss.data); + } + function doVerify(x) { + var alg = {name: "RSA-PSS", saltLength: tv.rsapss.saltLength}; + return crypto.subtle.verify(alg, pubKey, x, tv.rsapss.data); + } + + var spki = + crypto.subtle.importKey("spki", tv.rsapss.spki, alg, false, ["verify"]); + var pkcs8 = + crypto.subtle.importKey("pkcs8", tv.rsapss.pkcs8, alg, false, ["sign"]); + + Promise.all([spki, pkcs8]) + .then(setKeys, error(that)) + .then(doSign, error(that)) + .then(doVerify, error(that)) + .then(complete(that, x => x), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSA-PSS import JWK keys and sign/verify (SHA-1, 1024-bit)", + function () { + var that = this; + var alg = {name: "RSA-PSS", hash: "SHA-1"}; + + var privKey, pubKey; + function setKeys([pub, priv]) { pubKey = pub; privKey = priv; } + function doSign() { + var alg = {name: "RSA-PSS", saltLength: tv.rsapss.saltLength}; + return crypto.subtle.sign(alg, privKey, tv.rsapss.data); + } + function doVerify(x) { + var alg = {name: "RSA-PSS", saltLength: tv.rsapss.saltLength}; + return crypto.subtle.verify(alg, pubKey, x, tv.rsapss.data); + } + + var spki = + crypto.subtle.importKey("jwk", tv.rsapss.jwk_pub, alg, false, ["verify"]); + var pkcs8 = + crypto.subtle.importKey("jwk", tv.rsapss.jwk_priv, alg, false, ["sign"]); + + Promise.all([spki, pkcs8]) + .then(setKeys, error(that)) + .then(doSign, error(that)) + .then(doVerify, error(that)) + .then(complete(that, x => x), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSA-PSS SPKI import/export (SHA-1, 1024-bit)", + function () { + var that = this; + var alg = {name: "RSA-PSS", hash: "SHA-1"}; + + function doExport(x) { + return crypto.subtle.exportKey("spki", x); + } + + crypto.subtle.importKey("spki", tv.rsapss.spki, alg, true, ["verify"]) + .then(doExport, error(that)) + .then(memcmp_complete(that, tv.rsapss.spki), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSA-PSS PKCS#8 import/export (SHA-1, 1024-bit)", + function () { + var that = this; + var alg = {name: "RSA-PSS", hash: "SHA-1"}; + + function doExport(x) { + return crypto.subtle.exportKey("pkcs8", x); + } + + crypto.subtle.importKey("pkcs8", tv.rsapss.pkcs8, alg, true, ["sign"]) + .then(doExport, error(that)) + .then(memcmp_complete(that, tv.rsapss.pkcs8), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSA-PSS JWK export a public key", + function () { + var that = this; + var alg = {name: "RSA-PSS", hash: "SHA-1"}; + var jwk = tv.rsapss.jwk_pub; + + function doExport(x) { + return crypto.subtle.exportKey("jwk", x); + } + + crypto.subtle.importKey("jwk", jwk, alg, true, ["verify"]) + .then(doExport) + .then( + complete(that, function(x) { + return hasBaseJwkFields(x) && + hasFields(x, ["n", "e"]) && + x.kty == "RSA" && + x.alg == "PS1" && + x.ext && + shallowArrayEquals(x.key_ops, ["verify"]) && + x.n == jwk.n && + x.e == jwk.e; + }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "RSA-PSS JWK export a private key", + function () { + var that = this; + var alg = {name: "RSA-PSS", hash: "SHA-1"}; + var jwk = tv.rsapss.jwk_priv; + + function doExport(x) { + return crypto.subtle.exportKey("jwk", x); + } + + crypto.subtle.importKey("jwk", jwk, alg, true, ["sign"]) + .then(doExport) + .then( + complete(that, function(x) { + return hasBaseJwkFields(x) && + hasFields(x, ["n", "e", "d", "p", "q", "dp", "dq", "qi"]) && + x.kty == "RSA" && + x.alg == "PS1" && + x.ext && + shallowArrayEquals(x.key_ops, ["sign"]) && + x.n == jwk.n && + x.e == jwk.e && + x.d == jwk.d && + x.p == jwk.p && + x.q == jwk.q && + x.dp == jwk.dp && + x.dq == jwk.dq && + x.qi == jwk.qi; + }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Deterministic RSA-PSS signatures with saltLength=0 (SHA-256, 2048-bit)", + function () { + var that = this; + var alg = { + name: "RSA-PSS", + hash: "SHA-256", + modulusLength: 2048, + publicExponent: new Uint8Array([0x01, 0x00, 0x01]) + }; + + var privKey, pubKey; + var data = crypto.getRandomValues(new Uint8Array(128)); + function setKey(x) { pubKey = x.publicKey; privKey = x.privateKey; } + + function doSignTwice() { + var alg = {name: "RSA-PSS", saltLength: 0}; + return Promise.all([ + crypto.subtle.sign(alg, privKey, data), + crypto.subtle.sign(alg, privKey, data) + ]); + } + + function doVerify(x) { + var alg = {name: "RSA-PSS", saltLength: 0}; + return crypto.subtle.verify(alg, pubKey, x, data); + } + + crypto.subtle.generateKey(alg, false, ["sign", "verify"]) + .then(setKey, error(that)) + .then(doSignTwice, error(that)) + .then(([sig1, sig2]) => { + if (!util.memcmp(sig1, sig2)) { + throw new Error("sig1 must be equal to sig2"); + } + + return sig1; + }, error(that)) + .then(doVerify, error(that)) + .then(complete(that, x => x), error(that)) + } +); +/*]]>*/</script> +</head> + +<body> + +<div id="content"> + <div id="head"> + <b>Web</b>Crypto<br> + </div> + + <div id="start" onclick="start();">RUN ALL</div> + + <div id="resultDiv" class="content"> + Summary: + <span class="pass"><span id="passN">0</span> passed, </span> + <span class="fail"><span id="failN">0</span> failed, </span> + <span class="pending"><span id="pendingN">0</span> pending.</span> + <br/> + <br/> + + <table id="results"> + <tr> + <th>Test</th> + <th>Result</th> + <th>Time</th> + </tr> + </table> + + </div> + + <div id="foot"></div> +</div> + +</body> +</html> diff --git a/dom/crypto/test/test_WebCrypto_Reject_Generating_Keys_Without_Usages.html b/dom/crypto/test/test_WebCrypto_Reject_Generating_Keys_Without_Usages.html new file mode 100644 index 000000000..d252ed2da --- /dev/null +++ b/dom/crypto/test/test_WebCrypto_Reject_Generating_Keys_Without_Usages.html @@ -0,0 +1,86 @@ +<!DOCTYPE html> +<html> + +<head> +<title>WebCrypto Test Suite</title> +<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> +<link rel="stylesheet" href="./test_WebCrypto.css"/> +<script src="/tests/SimpleTest/SimpleTest.js"></script> + +<!-- Utilities for manipulating ABVs --> +<script src="util.js"></script> + +<!-- A simple wrapper around IndexedDB --> +<script src="simpledb.js"></script> + +<!-- Test vectors drawn from the literature --> +<script src="./test-vectors.js"></script> + +<!-- General testing framework --> +<script src="./test-array.js"></script> + +<script>/*<![CDATA[*/ +"use strict"; + +// Generating 2048-bit keys takes some time. +SimpleTest.requestLongerTimeout(2); + +TestArray.addTest( + "Test that we reject generating keys without any usage", + function() { + var that = this; + var alg = { + name: "RSA-OAEP", + hash: "SHA-256", + modulusLength: 2048, + publicExponent: new Uint8Array([0x01, 0x00, 0x01]) + }; + + function generateKey(usages) { + return crypto.subtle.generateKey(alg, false, usages); + } + + generateKey(["encrypt", "decrypt"]).then(function () { + return generateKey(["encrypt"]); + }).then(function () { + return generateKey(["decrypt"]); + }).then(function () { + return generateKey(["sign"]) + }, error(that)).then(error(that), complete(that)); + } +); +/*]]>*/</script> +</head> + +<body> + +<div id="content"> + <div id="head"> + <b>Web</b>Crypto<br> + </div> + + <div id="start" onclick="start();">RUN ALL</div> + + <div id="resultDiv" class="content"> + Summary: + <span class="pass"><span id="passN">0</span> passed, </span> + <span class="fail"><span id="failN">0</span> failed, </span> + <span class="pending"><span id="pendingN">0</span> pending.</span> + <br/> + <br/> + + <table id="results"> + <tr> + <th>Test</th> + <th>Result</th> + <th>Time</th> + </tr> + </table> + + </div> + + <div id="foot"></div> +</div> + +</body> +</html> diff --git a/dom/crypto/test/test_WebCrypto_Structured_Cloning.html b/dom/crypto/test/test_WebCrypto_Structured_Cloning.html new file mode 100644 index 000000000..3275c5466 --- /dev/null +++ b/dom/crypto/test/test_WebCrypto_Structured_Cloning.html @@ -0,0 +1,305 @@ +<!DOCTYPE html> +<html> + +<head> +<title>WebCrypto Test Suite</title> +<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> +<link rel="stylesheet" href="./test_WebCrypto.css"/> +<script src="/tests/SimpleTest/SimpleTest.js"></script> + +<!-- Utilities for manipulating ABVs --> +<script src="util.js"></script> + +<!-- A simple wrapper around IndexedDB --> +<script src="simpledb.js"></script> + +<!-- Test vectors drawn from the literature --> +<script src="./test-vectors.js"></script> + +<!-- General testing framework --> +<script src="./test-array.js"></script> + +<script>/*<![CDATA[*/ +"use strict"; + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Structured Cloning: AES-CTR", + function() { + var that = this; + var data = crypto.getRandomValues(new Uint8Array(128)); + var iv = crypto.getRandomValues(new Uint8Array(16)); + var alg = {name: "AES-CTR", length: 128, iv}; + + var counter = new Uint8Array(16); + var algEncrypt = {name: "AES-CTR", length: 128, counter}; + + crypto.subtle.generateKey(alg, true, ["encrypt"]) + .then(util.cloneExportCompareKeys) + .then(x => crypto.subtle.encrypt(algEncrypt, x, data)) + .then(complete(that), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Structured Cloning: AES-CBC", + function() { + var that = this; + var data = crypto.getRandomValues(new Uint8Array(128)); + var iv = crypto.getRandomValues(new Uint8Array(16)); + var alg = {name: "AES-CBC", length: 128, iv}; + + crypto.subtle.generateKey(alg, true, ["encrypt"]) + .then(util.cloneExportCompareKeys) + .then(x => crypto.subtle.encrypt(alg, x, data)) + .then(complete(that), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Structured Cloning: AES-GCM", + function() { + var that = this; + var data = crypto.getRandomValues(new Uint8Array(128)); + var iv = crypto.getRandomValues(new Uint8Array(16)); + var alg = {name: "AES-GCM", length: 128, iv}; + + crypto.subtle.generateKey(alg, true, ["encrypt"]) + .then(util.cloneExportCompareKeys) + .then(x => crypto.subtle.encrypt(alg, x, data)) + .then(complete(that), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Structured Cloning: AES-KW", + function() { + var that = this; + var alg = {name: "AES-KW", length: 128}; + + crypto.subtle.generateKey(alg, true, ["wrapKey"]) + .then(util.cloneExportCompareKeys) + .then(x => crypto.subtle.wrapKey("raw", x, x, "AES-KW")) + .then(complete(that), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Structured Cloning: HMAC", + function() { + var that = this; + var data = crypto.getRandomValues(new Uint8Array(128)); + var alg = {name: "HMAC", length: 256, hash: "SHA-256"}; + + crypto.subtle.generateKey(alg, true, ["sign", "verify"]) + .then(util.cloneExportCompareKeys) + .then(x => crypto.subtle.sign("HMAC", x, data)) + .then(complete(that), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Structured Cloning: PBKDF2", + function() { + var that = this; + var key = new TextEncoder("utf-8").encode("password"); + + var alg = { + name: "PBKDF2", + hash: "SHA-1", + salt: crypto.getRandomValues(new Uint8Array(8)), + iterations: 4096 + }; + + crypto.subtle.importKey("raw", key, "PBKDF2", true, ["deriveBits"]) + .then(util.cloneExportCompareKeys) + .then(x => crypto.subtle.deriveBits(alg, x, 160)) + .then(complete(that), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Structured Cloning: HKDF", + function() { + var that = this; + var key = new TextEncoder("utf-8").encode("password"); + + var alg = { + name: "HKDF", + hash: "SHA-256", + salt: new Uint8Array(), + info: new Uint8Array() + }; + + crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"]) + .then(util.clone) + .then(x => crypto.subtle.deriveBits(alg, x, 16)) + .then(complete(that), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Structured Cloning: RSA-OAEP", + function() { + var that = this; + var data = crypto.getRandomValues(new Uint8Array(128)); + + var alg = { + name: "RSA-OAEP", + hash: "SHA-256", + modulusLength: 2048, + publicExponent: new Uint8Array([1, 0, 1]) + }; + + crypto.subtle.generateKey(alg, true, ["encrypt", "decrypt"]) + .then(util.cloneExportCompareKeys) + .then(x => { + return crypto.subtle.encrypt(alg, x.publicKey, data) + .then(ct => crypto.subtle.decrypt(alg, x.privateKey, ct)); + }) + .then(complete(that), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Structured Cloning: RSASSA-PKCS1-v1_5", + function() { + var that = this; + var data = crypto.getRandomValues(new Uint8Array(128)); + + var alg = { + name: "RSASSA-PKCS1-v1_5", + hash: "SHA-256", + modulusLength: 2048, + publicExponent: new Uint8Array([1, 0, 1]) + }; + + crypto.subtle.generateKey(alg, true, ["sign", "verify"]) + .then(util.cloneExportCompareKeys) + .then(x => { + return crypto.subtle.sign(alg, x.privateKey, data) + .then(sig => crypto.subtle.verify(alg, x.publicKey, sig, data)); + }) + .then(complete(that, x => x), error(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Structured Cloning: RSA-PSS", + function() { + var that = this; + var data = crypto.getRandomValues(new Uint8Array(128)); + + var alg = { + name: "RSA-PSS", + hash: "SHA-256", + modulusLength: 2048, + publicExponent: new Uint8Array([1, 0, 1]), + saltLength: 20 + }; + + crypto.subtle.generateKey(alg, true, ["sign", "verify"]) + .then(util.cloneExportCompareKeys) + .then(x => { + return crypto.subtle.sign(alg, x.privateKey, data) + .then(sig => crypto.subtle.verify(alg, x.publicKey, sig, data)); + }) + .then(complete(that, x => x), error(that)); + } +); + +// ----------------------------------------------------------------------------- +/*TestArray.addTest( + "Structured Cloning: DH", + function() { + var that = this; + var alg = {name: "DH", prime: tv.dh.prime, generator: new Uint8Array([2])}; + + crypto.subtle.generateKey(alg, true, ["deriveBits"]) + .then(util.cloneExportCompareKeys) + .then(x => { + var alg = {name: "DH", public: x.publicKey}; + return crypto.subtle.deriveBits(alg, x.privateKey, 16); + }) + .then(complete(that), error(that)); + } +);*/ + +// ----------------------------------------------------------------------------- +/*TestArray.addTest( + "Structured Cloning: ECDH", + function() { + var that = this; + var alg = {name: "ECDH", namedCurve: "P-256"}; + + crypto.subtle.generateKey(alg, true, ["deriveBits"]) + .then(util.cloneExportCompareKeys) + .then(x => { + var alg = {name: "ECDH", public: x.publicKey}; + return crypto.subtle.deriveBits(alg, x.privateKey, 16); + }) + .then(complete(that), error(that)); + } +);*/ + +// ----------------------------------------------------------------------------- +/*TestArray.addTest( + "Structured Cloning: ECDSA", + function() { + var that = this; + var data = crypto.getRandomValues(new Uint8Array(128)); + var alg = {name: "ECDSA", namedCurve: "P-256", hash: "SHA-256"}; + + crypto.subtle.generateKey(alg, true, ["sign", "verify"]) + .then(util.cloneExportCompareKeys) + .then(x => { + return crypto.subtle.sign(alg, x.privateKey, data) + .then(sig => crypto.subtle.verify(alg, x.publicKey, sig, data)); + }) + .then(complete(that), error(that)); + } +);*/ +/*]]>*/</script> +</head> + +<body> + +<div id="content"> + <div id="head"> + <b>Web</b>Crypto<br> + </div> + + <div id="start" onclick="start();">RUN ALL</div> + + <div id="resultDiv" class="content"> + Summary: + <span class="pass"><span id="passN">0</span> passed, </span> + <span class="fail"><span id="failN">0</span> failed, </span> + <span class="pending"><span id="pendingN">0</span> pending.</span> + <br/> + <br/> + + <table id="results"> + <tr> + <th>Test</th> + <th>Result</th> + <th>Time</th> + </tr> + </table> + + </div> + + <div id="foot"></div> +</div> + +</body> +</html> diff --git a/dom/crypto/test/test_WebCrypto_Workers.html b/dom/crypto/test/test_WebCrypto_Workers.html new file mode 100644 index 000000000..d92f6169f --- /dev/null +++ b/dom/crypto/test/test_WebCrypto_Workers.html @@ -0,0 +1,159 @@ +<!DOCTYPE html> +<html> + +<head> +<title>WebCrypto Test Suite</title> +<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> +<link rel="stylesheet" href="./test_WebCrypto.css"/> +<script src="/tests/SimpleTest/SimpleTest.js"></script> + +<!-- Utilities for manipulating ABVs --> +<script src="util.js"></script> + +<!-- A simple wrapper around IndexedDB --> +<script src="simpledb.js"></script> + +<!-- Test vectors drawn from the literature --> +<script src="./test-vectors.js"></script> + +<!-- General testing framework --> +<script src="./test-array.js"></script> + +<script>/*<![CDATA[*/ +"use strict"; + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Send a CryptoKey to a Worker and use it to encrypt data", + function () { + var worker = new Worker(`data:text/plain, + onmessage = ({data: {key, data, nonce}}) => { + var alg = { name: "AES-GCM", iv: nonce }; + crypto.subtle.encrypt(alg, key, data).then(postMessage); + }; + `); + + var data = crypto.getRandomValues(new Uint8Array(128)); + var nonce = crypto.getRandomValues(new Uint8Array(16)); + var alg = { name: "AES-GCM", length: 128 }; + var that = this; + + // Generate a new AES key. + crypto.subtle.generateKey(alg, false, ["encrypt", "decrypt"]).then(key => { + // Wait for ciphertext, check and decrypt. + worker.addEventListener("message", ({data: ciphertext}) => { + var alg = { name: "AES-GCM", iv: nonce }; + crypto.subtle.decrypt(alg, key, ciphertext) + .then(memcmp_complete(that, data), error(that)); + }); + + // Send it to the worker. + worker.postMessage({key, data, nonce}); + }); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Get a CryptoKey from a Worker and encrypt/decrypt data", + function () { + var worker = new Worker(`data:text/plain, + var alg = { name: "AES-GCM", length: 128 }; + crypto.subtle.generateKey(alg, false, ["encrypt", "decrypt"]) + .then(postMessage); + `); + + var data = crypto.getRandomValues(new Uint8Array(128)); + var nonce = crypto.getRandomValues(new Uint8Array(16)); + var alg = { name: "AES-GCM", iv: nonce }; + var that = this; + + // Wait for the key from the worker. + worker.addEventListener("message", ({data: key}) => { + // Encrypt some data with the key. + crypto.subtle.encrypt(alg, key, data).then(ciphertext => { + // Verify and decrypt. + crypto.subtle.decrypt(alg, key, ciphertext) + .then(memcmp_complete(that, data), error(that)); + }); + }); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Web crypto in terminating Worker", + function () { + var worker = new Worker(`data:text/plain, + function infiniteEncrypt(key, data, nonce) { + var alg = { name: "AES-GCM", iv: nonce }; + return crypto.subtle.encrypt(alg, key, data).then(_ => { + infiniteEncrypt(key, data, nonce); + }); + } + onmessage = ({data: {key, data, nonce}}) => { + infiniteEncrypt(key, data, nonce); + postMessage("started"); + }; + `); + + var data = crypto.getRandomValues(new Uint8Array(128)); + var nonce = crypto.getRandomValues(new Uint8Array(16)); + var alg = { name: "AES-GCM", length: 128 }; + var that = this; + + // Generate a new AES key. + crypto.subtle.generateKey(alg, false, ["encrypt", "decrypt"]).then(key => { + worker.addEventListener("message", ({data: msg}) => { + if (msg === "started") { + // Terminate the worker while its busy doing crypto work + worker.terminate(); + worker = null; + + // Just end the test immediate since we can't receive any + // more messages from the worker after calling terminate(). + // If we haven't crashed, then the test is a success. + that.complete(true); + } + }); + + // Send it to the worker. + worker.postMessage({key, data, nonce}); + }); + } +); +/*]]>*/</script> +</head> + +<body> + +<div id="content"> + <div id="head"> + <b>Web</b>Crypto<br> + </div> + + <div id="start" onclick="start();">RUN ALL</div> + + <div id="resultDiv" class="content"> + Summary: + <span class="pass"><span id="passN">0</span> passed, </span> + <span class="fail"><span id="failN">0</span> failed, </span> + <span class="pending"><span id="pendingN">0</span> pending.</span> + <br/> + <br/> + + <table id="results"> + <tr> + <th>Test</th> + <th>Result</th> + <th>Time</th> + </tr> + </table> + + </div> + + <div id="foot"></div> +</div> + +</body> +</html> diff --git a/dom/crypto/test/test_WebCrypto_Wrap_Unwrap.html b/dom/crypto/test/test_WebCrypto_Wrap_Unwrap.html new file mode 100644 index 000000000..c2c7e57e6 --- /dev/null +++ b/dom/crypto/test/test_WebCrypto_Wrap_Unwrap.html @@ -0,0 +1,376 @@ +<!DOCTYPE html> +<html> + +<head> +<title>WebCrypto Test Suite</title> +<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> +<link rel="stylesheet" href="./test_WebCrypto.css"/> +<script src="/tests/SimpleTest/SimpleTest.js"></script> + +<!-- Utilities for manipulating ABVs --> +<script src="util.js"></script> + +<!-- A simple wrapper around IndexedDB --> +<script src="simpledb.js"></script> + +<!-- Test vectors drawn from the literature --> +<script src="./test-vectors.js"></script> + +<!-- General testing framework --> +<script src="./test-array.js"></script> + +<script>/*<![CDATA[*/ +"use strict"; + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Key wrap known answer, using AES-GCM", + function () { + var that = this; + var alg = { + name: "AES-GCM", + iv: tv.key_wrap_known_answer.wrapping_iv, + tagLength: 128 + }; + var key, wrappingKey; + + function doImport(k) { + wrappingKey = k; + return crypto.subtle.importKey("raw", tv.key_wrap_known_answer.key, + alg, true, ['encrypt', 'decrypt']); + } + function doWrap(k) { + key = k; + return crypto.subtle.wrapKey("raw", key, wrappingKey, alg); + } + + crypto.subtle.importKey("raw", tv.key_wrap_known_answer.wrapping_key, + alg, false, ['wrapKey']) + .then(doImport, error(that)) + .then(doWrap, error(that)) + .then( + memcmp_complete(that, tv.key_wrap_known_answer.wrapped_key), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Key wrap failing on non-extractable key", + function () { + var that = this; + var alg = { + name: "AES-GCM", + iv: tv.key_wrap_known_answer.wrapping_iv, + tagLength: 128 + }; + var key, wrappingKey; + + function doImport(k) { + wrappingKey = k; + return crypto.subtle.importKey("raw", tv.key_wrap_known_answer.key, + alg, false, ['encrypt', 'decrypt']); + } + function doWrap(k) { + key = k; + return crypto.subtle.wrapKey("raw", key, wrappingKey, alg); + } + + crypto.subtle.importKey("raw", tv.key_wrap_known_answer.wrapping_key, + alg, false, ['wrapKey']) + .then(doImport, error(that)) + .then(doWrap, error(that)) + .then( + error(that), + complete(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Key unwrap known answer, using AES-GCM", + function () { + var that = this; + var alg = { + name: "AES-GCM", + iv: tv.key_wrap_known_answer.wrapping_iv, + tagLength: 128 + }; + var key, wrappingKey; + + function doUnwrap(k) { + wrappingKey = k; + return crypto.subtle.unwrapKey( + "raw", tv.key_wrap_known_answer.wrapped_key, + wrappingKey, alg, + "AES-GCM", true, ['encrypt', 'decrypt'] + ); + } + function doExport(k) { + return crypto.subtle.exportKey("raw", k); + } + + crypto.subtle.importKey("raw", tv.key_wrap_known_answer.wrapping_key, + alg, false, ['unwrapKey']) + .then(doUnwrap, error(that)) + .then(doExport, error(that)) + .then( + memcmp_complete(that, tv.key_wrap_known_answer.key), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Key wrap/unwrap round-trip, using RSA-OAEP", + function () { + var that = this; + var oaep = { + name: "RSA-OAEP", + hash: "SHA-256" + }; + var gcm = { + name: "AES-GCM", + iv: tv.aes_gcm_enc.iv, + additionalData: tv.aes_gcm_enc.adata, + tagLength: 128 + }; + var unwrapKey; + + function doWrap(keys) { + var originalKey = keys[0]; + var wrapKey = keys[1]; + unwrapKey = keys[2]; + return crypto.subtle.wrapKey("raw", originalKey, wrapKey, oaep); + } + function doUnwrap(wrappedKey) { + return crypto.subtle.unwrapKey("raw", wrappedKey, unwrapKey, oaep, + gcm, false, ['encrypt']); + } + function doEncrypt(aesKey) { + return crypto.subtle.encrypt(gcm, aesKey, tv.aes_gcm_enc.data); + } + + // 1.Import: + // -> HMAC key + // -> OAEP wrap key (public) + // -> OAEP unwrap key (private) + // 2. Wrap the HMAC key + // 3. Unwrap it + // 4. Compute HMAC + // 5. Check HMAC value + Promise.all([ + crypto.subtle.importKey("raw", tv.aes_gcm_enc.key, gcm, true, ['encrypt']), + crypto.subtle.importKey("spki", tv.rsaoaep.spki, oaep, true, ['wrapKey']), + crypto.subtle.importKey("pkcs8", tv.rsaoaep.pkcs8, oaep, false, ['unwrapKey']) + ]) + .then(doWrap, error(that)) + .then(doUnwrap, error(that)) + .then(doEncrypt, error(that)) + .then( + memcmp_complete(that, tv.aes_gcm_enc.result), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "JWK wrap/unwrap round-trip, with AES-GCM", + function () { + var that = this; + var genAlg = { name: "HMAC", hash: "SHA-384", length: 512 }; + var wrapAlg = { name: "AES-GCM", iv: tv.aes_gcm_enc.iv }; + var wrapKey, originalKey, originalKeyJwk; + + function doExport(k) { + return crypto.subtle.exportKey("jwk", k); + } + function doWrap() { + return crypto.subtle.wrapKey("jwk", originalKey, wrapKey, wrapAlg); + } + function doUnwrap(wrappedKey) { + return crypto.subtle.unwrapKey("jwk", wrappedKey, wrapKey, wrapAlg, + { name: "HMAC", hash: "SHA-384"}, + true, ['sign', 'verify']); + } + + Promise.all([ + crypto.subtle.importKey("jwk", tv.aes_gcm_enc.key_jwk, + "AES-GCM", false, ['wrapKey','unwrapKey']) + .then(function(x) { wrapKey = x; }), + crypto.subtle.generateKey(genAlg, true, ['sign', 'verify']) + .then(function(x) { originalKey = x; return x; }) + .then(doExport) + .then(function(x) { originalKeyJwk = x; }) + ]) + .then(doWrap) + .then(doUnwrap) + .then(doExport) + .then( + complete(that, function(x) { + return exists(x.k) && x.k == originalKeyJwk.k; + }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "AES-KW known answer", + function () { + var that = this; + + function doWrap(keys) { + var wrapKey = keys[0]; + var originalKey = keys[1]; + return crypto.subtle.wrapKey("raw", originalKey, wrapKey, "AES-KW"); + } + + Promise.all([ + crypto.subtle.importKey("jwk", tv.aes_kw.wrapping_key, + "AES-KW", false, ['wrapKey']), + crypto.subtle.importKey("jwk", tv.aes_kw.key, + "AES-GCM", true, ['encrypt']) + ]) + .then(doWrap) + .then( + memcmp_complete(that, tv.aes_kw.wrapped_key), + error(that) + ); + + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "AES-KW unwrap failure on tampered key data", + function () { + var that = this; + var tamperedWrappedKey = new Uint8Array(tv.aes_kw.wrapped_key); + tamperedWrappedKey[5] ^= 0xFF; + + function doUnwrap(wrapKey) { + return crypto.subtle.unwrapKey("raw", tamperedWrappedKey, wrapKey, + "AES-KW", "AES-GCM", + true, ['encrypt', 'decrypt']); + } + + crypto.subtle.importKey("jwk", tv.aes_kw.wrapping_key, + "AES-KW", false, ['unwrapKey']) + .then(doUnwrap) + .then(error(that), complete(that)); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "AES-KW wrap/unwrap round-trip", + function () { + var that = this; + var genAlg = { name: "HMAC", hash: "SHA-384", length: 512 }; + var wrapKey, originalKey, originalKeyJwk; + + function doExport(k) { + return crypto.subtle.exportKey("jwk", k); + } + function doWrap() { + return crypto.subtle.wrapKey("raw", originalKey, wrapKey, "AES-KW"); + } + function doUnwrap(wrappedKey) { + return crypto.subtle.unwrapKey("raw", wrappedKey, wrapKey, + "AES-KW", { name: "HMAC", hash: "SHA-384"}, + true, ['sign', 'verify']); + } + + Promise.all([ + crypto.subtle.importKey("jwk", tv.aes_kw.wrapping_key, + "AES-KW", false, ['wrapKey','unwrapKey']) + .then(function(x) { wrapKey = x; }), + crypto.subtle.generateKey(genAlg, true, ['sign']) + .then(function(x) { originalKey = x; return x; }) + .then(doExport) + .then(function(x) { originalKeyJwk = x; }) + ]) + .then(doWrap) + .then(doUnwrap) + .then(doExport) + .then( + complete(that, function(x) { + return exists(x.k) && x.k == originalKeyJwk.k; + }), + error(that) + ); + } +); + +// ----------------------------------------------------------------------------- +TestArray.addTest( + "JWK unwrap attempt on bogus data should error out", + function () { + // Largely cribbed from the "JWK wrap/unwrap round-trip, with AES-GCM" test + var that = this; + var wrapAlg = { name: "AES-GCM", iv: tv.aes_gcm_enc.iv }; + var wrapKey; + + function doBogusWrap() { + var abv = new TextEncoder("utf-8").encode("I am so not JSON"); + return crypto.subtle.encrypt(wrapAlg, wrapKey, abv); + } + function doUnwrap(wrappedKey) { + return crypto.subtle.unwrapKey("jwk", wrappedKey, wrapKey, wrapAlg, + {name: "HMAC", hash: "SHA-384"}, + true, ['sign', 'verify']); + } + + crypto.subtle.importKey("jwk", tv.aes_gcm_enc.key_jwk, + "AES-GCM", false, ['encrypt','unwrapKey']) + .then(function(x) { wrapKey = x; }) + .then(doBogusWrap, error(that)) + .then(doUnwrap, error(that)) + .then( + error(that), + complete(that) + ); + } +); + +/*]]>*/</script> +</head> + +<body> + +<div id="content"> + <div id="head"> + <b>Web</b>Crypto<br> + </div> + + <div id="start" onclick="start();">RUN ALL</div> + + <div id="resultDiv" class="content"> + Summary: + <span class="pass"><span id="passN">0</span> passed, </span> + <span class="fail"><span id="failN">0</span> failed, </span> + <span class="pending"><span id="pendingN">0</span> pending.</span> + <br/> + <br/> + + <table id="results"> + <tr> + <th>Test</th> + <th>Result</th> + <th>Time</th> + </tr> + </table> + + </div> + + <div id="foot"></div> +</div> + +</body> +</html> diff --git a/dom/crypto/test/test_indexedDB.html b/dom/crypto/test/test_indexedDB.html new file mode 100644 index 000000000..630c16e0e --- /dev/null +++ b/dom/crypto/test/test_indexedDB.html @@ -0,0 +1,61 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Bug 1188750 - WebCrypto must ensure NSS is initialized before deserializing</title> + <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"?> +</head> +<body> + <script type="application/javascript;version=1.8"> + /* + * Bug 1188750 - The WebCrypto API must ensure that NSS was initialized + * for the current process before trying to deserialize objects like + * CryptoKeys from e.g. IndexedDB. + */ + "use strict"; + + const TEST_URI = "http://www.example.com/tests/" + + "dom/crypto/test/file_indexedDB.html"; + + SimpleTest.waitForExplicitFinish(); + + function createMozBrowserFrame(cb) { + let frame = document.createElement("iframe"); + SpecialPowers.wrap(frame).mozbrowser = true; + frame.src = TEST_URI; + + frame.addEventListener("mozbrowsershowmodalprompt", function onPrompt(e) { + frame.removeEventListener("mozbrowsershowmodalprompt", onPrompt); + cb(frame, e.detail.message); + }); + + document.body.appendChild(frame); + } + + function runTest() { + // Load the test app once, to generate and store keys. + createMozBrowserFrame((frame, result) => { + is(result, "ok", "stored keys successfully"); + frame.remove(); + + // Load the test app again to retrieve stored keys. + createMozBrowserFrame((frame, result) => { + is(result, "ok", "retrieved keys successfully"); + frame.remove(); + SimpleTest.finish(); + }); + }); + } + + addEventListener("load", function () { + SpecialPowers.addPermission("browser", true, document); + SpecialPowers.pushPrefEnv({set: [ + ["dom.ipc.browser_frames.oop_by_default", true], + ["dom.mozBrowserFramesEnabled", true], + ["network.disable.ipc.security", true] + ]}, runTest); + }); + </script> +</body> +</html> diff --git a/dom/crypto/test/util.js b/dom/crypto/test/util.js new file mode 100644 index 000000000..f7b4c260f --- /dev/null +++ b/dom/crypto/test/util.js @@ -0,0 +1,115 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +var util = { + // Compare the contents of two ArrayBuffer(View)s + memcmp: function util_memcmp(x, y) { + if (!x || !y) { return false; } + + var xb = new Uint8Array(x); + var yb = new Uint8Array(y); + if (x.byteLength !== y.byteLength) { return false; } + + for (var i=0; i<xb.byteLength; ++i) { + if (xb[i] !== yb[i]) { + return false; + } + } + return true; + }, + + // Convert an ArrayBufferView to a hex string + abv2hex: function util_abv2hex(abv) { + var b = new Uint8Array(abv); + var hex = ""; + for (var i=0; i <b.length; ++i) { + var zeropad = (b[i] < 0x10) ? "0" : ""; + hex += zeropad + b[i].toString(16); + } + return hex; + }, + + // Convert a hex string to an ArrayBufferView + hex2abv: function util_hex2abv(hex) { + if (hex.length % 2 !== 0) { + hex = "0" + hex; + } + + var abv = new Uint8Array(hex.length / 2); + for (var i=0; i<abv.length; ++i) { + abv[i] = parseInt(hex.substr(2*i, 2), 16); + } + return abv; + }, + + clone: function (obj) { + return new Promise(resolve => { + let {port1, port2} = new MessageChannel(); + + // Wait for the cloned object to arrive. + port1.onmessage = msg => resolve(msg.data); + + // Clone the object. + port2.postMessage(obj); + }); + }, + + cloneExportCompareKeys: function (key) { + return util.clone(key).then(clone => { + var exports = []; + + if (key instanceof CryptoKey) { + exports.push(crypto.subtle.exportKey("raw", key)); + exports.push(crypto.subtle.exportKey("raw", clone)); + } else { + exports.push(crypto.subtle.exportKey("spki", key.publicKey)); + exports.push(crypto.subtle.exportKey("spki", clone.publicKey)); + exports.push(crypto.subtle.exportKey("pkcs8", key.privateKey)); + exports.push(crypto.subtle.exportKey("pkcs8", clone.privateKey)); + } + + return Promise.all(exports).then(pairs => { + for (var i = 0; i < pairs.length; i += 2) { + if (!util.memcmp(pairs[i], pairs[i + 1])) { + throw new Error("keys don't match"); + } + } + + return clone; + }); + }); + } +}; + +function exists(x) { + return (x !== undefined); +} + +function hasFields(object, fields) { + return fields + .map(x => exists(object[x])) + .reduce((x,y) => (x && y)); +} + +function hasKeyFields(x) { + return hasFields(x, ["algorithm", "extractable", "type", "usages"]); +} + +function hasBaseJwkFields(x) { + return hasFields(x, ["kty", "alg", "ext", "key_ops"]); +} + +function shallowArrayEquals(x, y) { + if (x.length != y.length) { + return false; + } + + for (i in x) { + if (x[i] != y[i]) { + return false; + } + } + + return true; +} |