Skip to content

Commit

Permalink
test,crypto: update WebCryptoAPI WPT
Browse files Browse the repository at this point in the history
  • Loading branch information
panva committed Feb 16, 2023
1 parent 1b87cb6 commit 64ebca5
Show file tree
Hide file tree
Showing 10 changed files with 125 additions and 62 deletions.
2 changes: 1 addition & 1 deletion test/fixtures/wpt/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ Last update:
- user-timing: https://github.com/web-platform-tests/wpt/tree/df24fb604e/user-timing
- wasm/jsapi: https://github.com/web-platform-tests/wpt/tree/d8dbe6990b/wasm/jsapi
- wasm/webapi: https://github.com/web-platform-tests/wpt/tree/fd1b23eeaa/wasm/webapi
- WebCryptoAPI: https://github.com/web-platform-tests/wpt/tree/450f829d25/WebCryptoAPI
- WebCryptoAPI: https://github.com/web-platform-tests/wpt/tree/238d9d9bac/WebCryptoAPI
- webidl/ecmascript-binding/es-exceptions: https://github.com/web-platform-tests/wpt/tree/a370aad338/webidl/ecmascript-binding/es-exceptions

[Web Platform Tests]: https://github.com/web-platform-tests/wpt
Expand Down
2 changes: 1 addition & 1 deletion test/fixtures/wpt/WebCryptoAPI/generateKey/successes.js
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ function run_test(algorithmNames, slowTest) {
.then(function(result) {
if (resultType === "CryptoKeyPair") {
assert_goodCryptoKey(result.privateKey, algorithm, extractable, usages, "private");
assert_goodCryptoKey(result.publicKey, algorithm, extractable, usages, "public");
assert_goodCryptoKey(result.publicKey, algorithm, true, usages, "public");
} else {
assert_goodCryptoKey(result, algorithm, extractable, usages, "secret");
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
// META: title=WebCryptoAPI: importKey() for EC keys
// META: timeout=long
// META: script=../util/helpers.js

// Test importKey and exportKey for EC algorithms. Only "happy paths" are
// currently tested - those where the operation should succeed.
Expand Down Expand Up @@ -110,6 +111,7 @@
return subtle.importKey(format, keyData, algorithm, extractable, usages).
then(function(key) {
assert_equals(key.constructor, CryptoKey, "Imported a CryptoKey object");
assert_goodCryptoKey(key, algorithm, extractable, usages, (format === 'pkcs8' || (format === 'jwk' && keyData.d)) ? 'private' : 'public');
if (!extractable) {
return;
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
// META: title=WebCryptoAPI: importKey() for OKP keys
// META: timeout=long
// META: script=../util/helpers.js

// Test importKey and exportKey for OKP algorithms. Only "happy paths" are
// currently tested - those where the operation should succeed.
Expand Down Expand Up @@ -104,6 +105,7 @@
return subtle.importKey(format, keyData[format], algorithm, extractable, usages).
then(function(key) {
assert_equals(key.constructor, CryptoKey, "Imported a CryptoKey object");
assert_goodCryptoKey(key, algorithm, extractable, usages, (format === 'pkcs8' || (format === 'jwk' && keyData[format].d)) ? 'private' : 'public');
if (!extractable) {
return;
}
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
// META: title=WebCryptoAPI: importKey() for symmetric keys
// META: timeout=long
// META: script=../util/helpers.js

// Test importKey and exportKey for non-PKC algorithms. Only "happy paths" are
// currently tested - those where the operation should succeed.
Expand Down Expand Up @@ -57,13 +58,18 @@
});
});

function hasLength(algorithm) {
return algorithm.name === 'HMAC' || algorithm.name.startsWith('AES');
}

// Test importKey with a given key format and other parameters. If
// extrable is true, export the key and verify that it matches the input.
function testFormat(format, algorithm, keyData, keySize, usages, extractable) {
promise_test(function(test) {
return subtle.importKey(format, keyData, algorithm, extractable, usages).
then(function(key) {
assert_equals(key.constructor, CryptoKey, "Imported a CryptoKey object");
assert_goodCryptoKey(key, hasLength(key.algorithm) ? { length: keySize, ...algorithm } : algorithm, extractable, usages, 'secret');
if (!extractable) {
return;
}
Expand Down
29 changes: 29 additions & 0 deletions test/fixtures/wpt/WebCryptoAPI/sign_verify/rsa.js
Original file line number Diff line number Diff line change
Expand Up @@ -306,6 +306,35 @@ function run_test() {
all_promises.push(promise);
});

// [RSA-PSS] Verification should fail with wrong saltLength
testVectors.forEach(function(vector) {
if (vector.algorithm.name === "RSA-PSS") {
var promise = importVectorKeys(vector, ["verify"], ["sign"])
.then(function(vectors) {
promise_test(function(test) {
const saltLength = vector.algorithm.saltLength === 32 ? 48 : 32;
var operation = subtle.verify({ ...vector.algorithm, saltLength }, vector.publicKey, vector.signature, vector.plaintext)
.then(function(is_verified) {
assert_false(is_verified, "Signature NOT verified");
}, function(err) {
assert_unreached("Verification should not throw error " + vector.name + ": " + err.message + "'");
});

return operation;
}, vector.name + " verification failure with wrong saltLength");

}, function(err) {
// We need a failed test if the importVectorKey operation fails, so
// we know we never tested verification.
promise_test(function(test) {
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
}, "importVectorKeys step: " + vector.name + " verification failure with wrong saltLength");
});

all_promises.push(promise);
}
});

// Verification should fail with wrong plaintext
testVectors.forEach(function(vector) {
var promise = importVectorKeys(vector, ["verify"], ["sign"])
Expand Down
9 changes: 5 additions & 4 deletions test/fixtures/wpt/WebCryptoAPI/util/helpers.js
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ var registeredAlgorithmNames = [
"SHA-256",
"SHA-384",
"SHA-512",
"HKDF-CTR",
"HKDF",
"PBKDF2",
"Ed25519",
"Ed448",
Expand Down Expand Up @@ -104,9 +104,6 @@ function assert_goodCryptoKey(key, algorithm, extractable, usages, kind) {

assert_equals(key.constructor, CryptoKey, "Is a CryptoKey");
assert_equals(key.type, kind, "Is a " + kind + " key");
if (key.type === "public") {
extractable = true; // public keys are always extractable
}
assert_equals(key.extractable, extractable, "Extractability is correct");

assert_equals(key.algorithm.name, registeredAlgorithmName, "Correct algorithm name");
Expand All @@ -130,6 +127,10 @@ function assert_goodCryptoKey(key, algorithm, extractable, usages, kind) {
assert_equals(key.algorithm.hash.name.toUpperCase(), algorithm.hash.toUpperCase(), "Correct hash function");
}

if (/^(?:Ed|X)(?:25519|448)$/.test(key.algorithm.name)) {
assert_false('namedCurve' in key.algorithm, "Does not have a namedCurve property");
}

// usages is expected to be provided for a key pair, but we are checking
// only a single key. The publicKey and privateKey portions of a key pair
// recognize only some of the usages appropriate for a key pair.
Expand Down
Loading

0 comments on commit 64ebca5

Please sign in to comment.