diff options
| -rw-r--r-- | cli/tests/unit/webcrypto_test.ts | 66 | ||||
| -rw-r--r-- | ext/crypto/00_crypto.js | 22 | ||||
| -rw-r--r-- | tools/wpt/expectation.json | 50 |
3 files changed, 117 insertions, 21 deletions
diff --git a/cli/tests/unit/webcrypto_test.ts b/cli/tests/unit/webcrypto_test.ts index c522bf1e6..ee4fc71b9 100644 --- a/cli/tests/unit/webcrypto_test.ts +++ b/cli/tests/unit/webcrypto_test.ts @@ -1343,13 +1343,13 @@ Deno.test(async function testImportExportEcDsaJwk() { assert(equalJwk(publicJWK, expPublicKeyJWK as JWK)); const signatureECDSA = await subtle.sign( - { name: "ECDSA", hash: "SHA-256" }, + { name: "ECDSA", hash: `SHA-${keyData.size}` }, privateKeyECDSA, new Uint8Array([1, 2, 3, 4]), ); const verifyECDSA = await subtle.verify( - { name: "ECDSA", hash: "SHA-256" }, + { name: "ECDSA", hash: `SHA-${keyData.size}` }, publicKeyECDSA, signatureECDSA, new Uint8Array([1, 2, 3, 4]), @@ -1421,6 +1421,7 @@ const ecTestKeys = [ { size: 256, namedCurve: "P-256", + signatureLength: 64, // deno-fmt-ignore raw: new Uint8Array([ 4, 210, 16, 176, 166, 249, 217, 240, 18, 134, 128, 88, 180, 63, 164, 244, @@ -1454,6 +1455,7 @@ const ecTestKeys = [ { size: 384, namedCurve: "P-384", + signatureLength: 96, // deno-fmt-ignore raw: new Uint8Array([ 4, 118, 64, 176, 165, 100, 177, 112, 49, 254, 58, 53, 158, 63, 73, 200, @@ -1498,7 +1500,7 @@ Deno.test(async function testImportEcSpkiPkcs8() { assert(subtle); for ( - const { namedCurve, raw, spki, pkcs8 } of ecTestKeys + const { namedCurve, raw, spki, pkcs8, signatureLength } of ecTestKeys ) { const rawPublicKeyECDSA = await subtle.importKey( "raw", @@ -1560,28 +1562,50 @@ Deno.test(async function testImportEcSpkiPkcs8() { assertEquals(expPublicKeyJWK.crv, namedCurve); for ( - const hash of [/*"SHA-1", */ "SHA-256", "SHA-384" /*"SHA-512"*/] + const hash of ["SHA-1", "SHA-256", "SHA-384", "SHA-512"] ) { if ( - (hash == "SHA-256" && namedCurve != "P-256") || - (hash == "SHA-384" && namedCurve != "P-384") + (hash == "SHA-256" && namedCurve == "P-256") || + (hash == "SHA-384" && namedCurve == "P-384") ) { - continue; + const signatureECDSA = await subtle.sign( + { name: "ECDSA", hash }, + privateKeyECDSA, + new Uint8Array([1, 2, 3, 4]), + ); + + const verifyECDSA = await subtle.verify( + { name: "ECDSA", hash }, + publicKeyECDSA, + signatureECDSA, + new Uint8Array([1, 2, 3, 4]), + ); + assert(verifyECDSA); + } else { + await assertRejects( + async () => { + await subtle.sign( + { name: "ECDSA", hash }, + privateKeyECDSA, + new Uint8Array([1, 2, 3, 4]), + ); + }, + DOMException, + "Not implemented", + ); + await assertRejects( + async () => { + await subtle.verify( + { name: "ECDSA", hash }, + publicKeyECDSA, + new Uint8Array(signatureLength), + new Uint8Array([1, 2, 3, 4]), + ); + }, + DOMException, + "Not implemented", + ); } - - const signatureECDSA = await subtle.sign( - { name: "ECDSA", hash }, - privateKeyECDSA, - new Uint8Array([1, 2, 3, 4]), - ); - - const verifyECDSA = await subtle.verify( - { name: "ECDSA", hash }, - publicKeyECDSA, - signatureECDSA, - new Uint8Array([1, 2, 3, 4]), - ); - assert(verifyECDSA); } } }); diff --git a/ext/crypto/00_crypto.js b/ext/crypto/00_crypto.js index 7bc62714f..417281068 100644 --- a/ext/crypto/00_crypto.js +++ b/ext/crypto/00_crypto.js @@ -827,6 +827,18 @@ class SubtleCrypto { throw new DOMException("Curve not supported", "NotSupportedError"); } + if ( + (key[_algorithm].namedCurve === "P-256" && + hashAlgorithm !== "SHA-256") || + (key[_algorithm].namedCurve === "P-384" && + hashAlgorithm !== "SHA-384") + ) { + throw new DOMException( + "Not implemented", + "NotSupportedError", + ); + } + const signature = await core.opAsync("op_crypto_sign_key", { key: keyData, algorithm: "ECDSA", @@ -1331,6 +1343,16 @@ class SubtleCrypto { // 2. const hash = normalizedAlgorithm.hash.name; + if ( + (key[_algorithm].namedCurve === "P-256" && hash !== "SHA-256") || + (key[_algorithm].namedCurve === "P-384" && hash !== "SHA-384") + ) { + throw new DOMException( + "Not implemented", + "NotSupportedError", + ); + } + // 3-8. return await core.opAsync("op_crypto_verify_key", { key: keyData, diff --git a/tools/wpt/expectation.json b/tools/wpt/expectation.json index e9ee8e05e..52011ec1e 100644 --- a/tools/wpt/expectation.json +++ b/tools/wpt/expectation.json @@ -881,19 +881,32 @@ "importVectorKeys step: ECDSA P-521 with SHA-384 no verify usage", "importVectorKeys step: ECDSA P-521 with SHA-512 no verify usage", "ECDSA P-256 with SHA-1 round trip", + "ECDSA P-256 with SHA-384 round trip", "ECDSA P-256 with SHA-512 round trip", "ECDSA P-384 with SHA-1 round trip", + "ECDSA P-384 with SHA-256 round trip", "ECDSA P-384 with SHA-512 round trip", "importVectorKeys step: ECDSA P-521 with SHA-1 round trip", "importVectorKeys step: ECDSA P-521 with SHA-256 round trip", "importVectorKeys step: ECDSA P-521 with SHA-384 round trip", "importVectorKeys step: ECDSA P-521 with SHA-512 round trip", + "ECDSA P-256 with SHA-1 verification failure due to altered signature", + "ECDSA P-256 with SHA-384 verification failure due to altered signature", + "ECDSA P-256 with SHA-512 verification failure due to altered signature", + "ECDSA P-384 with SHA-1 verification failure due to altered signature", + "ECDSA P-384 with SHA-256 verification failure due to altered signature", + "ECDSA P-384 with SHA-512 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to altered signature", "ECDSA P-256 with SHA-256 verification failure due to wrong hash", + "ECDSA P-256 with SHA-384 verification failure due to wrong hash", + "ECDSA P-256 with SHA-512 verification failure due to wrong hash", + "ECDSA P-384 with SHA-1 verification failure due to wrong hash", + "ECDSA P-384 with SHA-256 verification failure due to wrong hash", "ECDSA P-384 with SHA-384 verification failure due to wrong hash", + "ECDSA P-384 with SHA-512 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to wrong hash", @@ -902,10 +915,22 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to bad hash name", + "ECDSA P-256 with SHA-1 verification failure due to shortened signature", + "ECDSA P-256 with SHA-384 verification failure due to shortened signature", + "ECDSA P-256 with SHA-512 verification failure due to shortened signature", + "ECDSA P-384 with SHA-1 verification failure due to shortened signature", + "ECDSA P-384 with SHA-256 verification failure due to shortened signature", + "ECDSA P-384 with SHA-512 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to shortened signature", + "ECDSA P-256 with SHA-1 verification failure due to altered plaintext", + "ECDSA P-256 with SHA-384 verification failure due to altered plaintext", + "ECDSA P-256 with SHA-512 verification failure due to altered plaintext", + "ECDSA P-384 with SHA-1 verification failure due to altered plaintext", + "ECDSA P-384 with SHA-256 verification failure due to altered plaintext", + "ECDSA P-384 with SHA-512 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered plaintext", @@ -963,19 +988,32 @@ "importVectorKeys step: ECDSA P-521 with SHA-384 no verify usage", "importVectorKeys step: ECDSA P-521 with SHA-512 no verify usage", "ECDSA P-256 with SHA-1 round trip", + "ECDSA P-256 with SHA-384 round trip", "ECDSA P-256 with SHA-512 round trip", "ECDSA P-384 with SHA-1 round trip", + "ECDSA P-384 with SHA-256 round trip", "ECDSA P-384 with SHA-512 round trip", "importVectorKeys step: ECDSA P-521 with SHA-1 round trip", "importVectorKeys step: ECDSA P-521 with SHA-256 round trip", "importVectorKeys step: ECDSA P-521 with SHA-384 round trip", "importVectorKeys step: ECDSA P-521 with SHA-512 round trip", + "ECDSA P-256 with SHA-1 verification failure due to altered signature", + "ECDSA P-256 with SHA-384 verification failure due to altered signature", + "ECDSA P-256 with SHA-512 verification failure due to altered signature", + "ECDSA P-384 with SHA-1 verification failure due to altered signature", + "ECDSA P-384 with SHA-256 verification failure due to altered signature", + "ECDSA P-384 with SHA-512 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to altered signature", "ECDSA P-256 with SHA-256 verification failure due to wrong hash", + "ECDSA P-256 with SHA-384 verification failure due to wrong hash", + "ECDSA P-256 with SHA-512 verification failure due to wrong hash", + "ECDSA P-384 with SHA-1 verification failure due to wrong hash", + "ECDSA P-384 with SHA-256 verification failure due to wrong hash", "ECDSA P-384 with SHA-384 verification failure due to wrong hash", + "ECDSA P-384 with SHA-512 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to wrong hash", @@ -984,10 +1022,22 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to bad hash name", + "ECDSA P-256 with SHA-1 verification failure due to shortened signature", + "ECDSA P-256 with SHA-384 verification failure due to shortened signature", + "ECDSA P-256 with SHA-512 verification failure due to shortened signature", + "ECDSA P-384 with SHA-1 verification failure due to shortened signature", + "ECDSA P-384 with SHA-256 verification failure due to shortened signature", + "ECDSA P-384 with SHA-512 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to shortened signature", + "ECDSA P-256 with SHA-1 verification failure due to altered plaintext", + "ECDSA P-256 with SHA-384 verification failure due to altered plaintext", + "ECDSA P-256 with SHA-512 verification failure due to altered plaintext", + "ECDSA P-384 with SHA-1 verification failure due to altered plaintext", + "ECDSA P-384 with SHA-256 verification failure due to altered plaintext", + "ECDSA P-384 with SHA-512 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered plaintext", |