diff options
Diffstat (limited to 'cli/tests')
| -rw-r--r-- | cli/tests/unit/webcrypto_test.ts | 66 |
1 files changed, 51 insertions, 15 deletions
diff --git a/cli/tests/unit/webcrypto_test.ts b/cli/tests/unit/webcrypto_test.ts index 38f183c11..48d7012db 100644 --- a/cli/tests/unit/webcrypto_test.ts +++ b/cli/tests/unit/webcrypto_test.ts @@ -383,21 +383,6 @@ Deno.test(async function generateImportHmacJwk() { const pkcs8TestVectors = [ // rsaEncryption { pem: "cli/tests/testdata/webcrypto/id_rsaEncryption.pem", hash: "SHA-256" }, - // id-RSASSA-PSS (sha256) - // `openssl genpkey -algorithm rsa-pss -pkeyopt rsa_pss_keygen_md:sha256 -out id_rsassaPss.pem` - { pem: "cli/tests/testdata/webcrypto/id_rsassaPss.pem", hash: "SHA-256" }, - // id-RSASSA-PSS (default parameters) - // `openssl genpkey -algorithm rsa-pss -out id_rsassaPss.pem` - { - pem: "cli/tests/testdata/webcrypto/id_rsassaPss_default.pem", - hash: "SHA-1", - }, - // id-RSASSA-PSS (default hash) - // `openssl genpkey -algorithm rsa-pss -pkeyopt rsa_pss_keygen_saltlen:30 -out rsaPss_saltLen_30.pem` - { - pem: "cli/tests/testdata/webcrypto/id_rsassaPss_saltLen_30.pem", - hash: "SHA-1", - }, ]; Deno.test({ permissions: { read: true } }, async function importRsaPkcs8() { @@ -435,6 +420,57 @@ Deno.test({ permissions: { read: true } }, async function importRsaPkcs8() { } }); +const nonInteroperableVectors = [ + // id-RSASSA-PSS (sha256) + // `openssl genpkey -algorithm rsa-pss -pkeyopt rsa_pss_keygen_md:sha256 -out id_rsassaPss.pem` + { pem: "cli/tests/testdata/webcrypto/id_rsassaPss.pem", hash: "SHA-256" }, + // id-RSASSA-PSS (default parameters) + // `openssl genpkey -algorithm rsa-pss -out id_rsassaPss.pem` + { + pem: "cli/tests/testdata/webcrypto/id_rsassaPss_default.pem", + hash: "SHA-1", + }, + // id-RSASSA-PSS (default hash) + // `openssl genpkey -algorithm rsa-pss -pkeyopt rsa_pss_keygen_saltlen:30 -out rsaPss_saltLen_30.pem` + { + pem: "cli/tests/testdata/webcrypto/id_rsassaPss_saltLen_30.pem", + hash: "SHA-1", + }, +]; + +Deno.test( + { permissions: { read: true } }, + async function importNonInteroperableRsaPkcs8() { + const pemHeader = "-----BEGIN PRIVATE KEY-----"; + const pemFooter = "-----END PRIVATE KEY-----"; + for (const { pem, hash } of nonInteroperableVectors) { + const keyFile = await Deno.readTextFile(pem); + const pemContents = keyFile.substring( + pemHeader.length, + keyFile.length - pemFooter.length, + ); + const binaryDerString = atob(pemContents); + const binaryDer = new Uint8Array(binaryDerString.length); + for (let i = 0; i < binaryDerString.length; i++) { + binaryDer[i] = binaryDerString.charCodeAt(i); + } + + await assertRejects( + () => + crypto.subtle.importKey( + "pkcs8", + binaryDer, + { name: "RSA-PSS", hash }, + true, + ["sign"], + ), + DOMException, + "unsupported algorithm", + ); + } + }, +); + // deno-fmt-ignore const asn1AlgorithmIdentifier = new Uint8Array([ 0x02, 0x01, 0x00, // INTEGER |