diff --git a/Cargo.lock b/Cargo.lock index f60a4a24ef..d9abbec2b7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -226,6 +226,12 @@ version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd" +[[package]] +name = "base64ct" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6b4d9b1225d28d360ec6a231d65af1fd99a2a095154c8040689617290569c5c" + [[package]] name = "bencher" version = "0.1.5" @@ -2490,6 +2496,15 @@ dependencies = [ "winapi 0.3.9", ] +[[package]] +name = "pem-rfc7468" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "84e93a3b1cc0510b03020f33f21e62acdde3dcaef432edc95bea377fbd4c2cd4" +dependencies = [ + "base64ct", +] + [[package]] name = "percent-encoding" version = "2.1.0" @@ -2618,6 +2633,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ee3ef9b64d26bad0536099c816c6734379e45bbd5f14798def6809e5cc350447" dependencies = [ "der", + "pem-rfc7468", "pkcs1", "spki", "zeroize", diff --git a/cli/tests/unit/webcrypto_test.ts b/cli/tests/unit/webcrypto_test.ts index dab46465ae..fec412937b 100644 --- a/cli/tests/unit/webcrypto_test.ts +++ b/cli/tests/unit/webcrypto_test.ts @@ -1027,3 +1027,286 @@ Deno.test(async function testImportRsaJwk() { } } }); + +const jwtECKeys = { + "256": { + size: 256, + algo: "ES256", + publicJWK: { + kty: "EC", + crv: "P-256", + x: "0hCwpvnZ8BKGgFi0P6T0cQGFQ7ugDJJQ35JXwqyuXdE", + y: "zgN1UtSBRQzjm00QlXAbF1v6s0uObAmeGPHBmDWDYeg", + }, + privateJWK: { + kty: "EC", + crv: "P-256", + x: "0hCwpvnZ8BKGgFi0P6T0cQGFQ7ugDJJQ35JXwqyuXdE", + y: "zgN1UtSBRQzjm00QlXAbF1v6s0uObAmeGPHBmDWDYeg", + d: "E9M6LVq_nPnrsh_4YNSu_m5W53eQ9N7ptAiE69M1ROo", + }, + }, + "384": { + size: 384, + algo: "ES384", + publicJWK: { + kty: "EC", + crv: "P-384", + x: "IZwU1mYXs27G2IVrOFtzp000T9iude8EZDXdpU47RL1fvevR0I3Wni19wdwhjLQ1", + y: "vSgTjMd4M3qEL2vWGyQOdCSfJGZ8KlgQp2v8KOAzX4imUB3sAZdtqFr7AIactqzo", + }, + privateJWK: { + kty: "EC", + crv: "P-384", + x: "IZwU1mYXs27G2IVrOFtzp000T9iude8EZDXdpU47RL1fvevR0I3Wni19wdwhjLQ1", + y: "vSgTjMd4M3qEL2vWGyQOdCSfJGZ8KlgQp2v8KOAzX4imUB3sAZdtqFr7AIactqzo", + d: "RTe1mQeE08LSLpao-S-hqkku6HPldqQVguFEGDyYiNEOa560ztSyzEAS5KxeqEBz", + }, + }, +}; + +type JWK = Record; + +function _equalJwk(expected: JWK, got: JWK): boolean { + const fields = Object.keys(expected); + + for (let i = 0; i < fields.length; i++) { + const fieldName = fields[i]; + + if (!(fieldName in got)) { + return false; + } + if (expected[fieldName] !== got[fieldName]) { + return false; + } + } + + return true; +} + +Deno.test(async function testImportExportEcDsaJwk() { + const subtle = crypto.subtle; + assert(subtle); + + for ( + const [_key, keyData] of Object.entries(jwtECKeys) + ) { + const { size, publicJWK, privateJWK, algo } = keyData; + if (size != 256) { + continue; + } + + // 1. Test import EcDsa + const privateKeyECDSA = await subtle.importKey( + "jwk", + { + alg: algo, + ...privateJWK, + ext: true, + "key_ops": ["sign"], + }, + { name: "ECDSA", namedCurve: privateJWK.crv }, + true, + ["sign"], + ); + /*const expPrivateKeyJWK = await subtle.exportKey( + "jwk", + privateKeyECDSA, + ); + assert(equalJwk(privateJWK, expPrivateKeyJWK as JWK));*/ + + const publicKeyECDSA = await subtle.importKey( + "jwk", + { + alg: algo, + ...publicJWK, + ext: true, + "key_ops": ["verify"], + }, + { name: "ECDSA", namedCurve: publicJWK.crv }, + true, + ["verify"], + ); + + /*const expPublicKeyJWK = await subtle.exportKey( + "jwk", + publicKeyECDSA, + ); + + assert(equalJwk(publicJWK, expPublicKeyJWK as JWK));*/ + + const signatureECDSA = await subtle.sign( + { name: "ECDSA", hash: "SHA-256" }, + privateKeyECDSA, + new Uint8Array([1, 2, 3, 4]), + ); + + const verifyECDSA = await subtle.verify( + { name: "ECDSA", hash: "SHA-256" }, + publicKeyECDSA, + signatureECDSA, + new Uint8Array([1, 2, 3, 4]), + ); + assert(verifyECDSA); + } +}); + +Deno.test(async function testImportEcDhJwk() { + const subtle = crypto.subtle; + assert(subtle); + + for ( + const [_key, jwkData] of Object.entries(jwtECKeys) + ) { + const { size, publicJWK, privateJWK } = jwkData; + if (size != 256) { + continue; + } + + // 1. Test import EcDsa + const privateKeyECDH = await subtle.importKey( + "jwk", + { + ...privateJWK, + ext: true, + "key_ops": ["deriveBits"], + }, + { name: "ECDH", namedCurve: privateJWK.crv }, + true, + ["deriveBits"], + ); + + /* const expPrivateKeyJWK = await subtle.exportKey( + "jwk", + privateKeyECDH, + ); + assert(equalJwk(privateJWK, expPrivateKeyJWK as JWK));*/ + + const publicKeyECDH = await subtle.importKey( + "jwk", + { + ...publicJWK, + ext: true, + "key_ops": [], + }, + { name: "ECDH", namedCurve: publicJWK.crv }, + true, + [], + ); + /* const expPublicKeyJWK = await subtle.exportKey( + "jwk", + publicKeyECDH, + ); + assert(equalJwk(publicJWK, expPublicKeyJWK as JWK));*/ + + const derivedKey = await subtle.deriveBits( + { + name: "ECDH", + public: publicKeyECDH, + }, + privateKeyECDH, + 256, + ); + + assert(derivedKey instanceof ArrayBuffer); + assertEquals(derivedKey.byteLength, 256 / 8); + } +}); + +const ecTestKeys = { + "256": { + size: 256, + namedCurve: "P-256", + // deno-fmt-ignore + spki: new Uint8Array([ + 48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 134, 72, 206, + 61, 3, 1, 7, 3, 66, 0, 4, 210, 16, 176, 166, 249, 217, 240, 18, 134, 128, + 88, 180, 63, 164, 244, 113, 1, 133, 67, 187, 160, 12, 146, 80, 223, 146, + 87, 194, 172, 174, 93, 209, 206, 3, 117, 82, 212, 129, 69, 12, 227, 155, + 77, 16, 149, 112, 27, 23, 91, 250, 179, 75, 142, 108, 9, 158, 24, 241, + 193, 152, 53, 131, 97, 232, + ]), + // deno-fmt-ignore + pkcs8: new Uint8Array([ + 48, 129, 135, 2, 1, 0, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, + 134, 72, 206, 61, 3, 1, 7, 4, 109, 48, 107, 2, 1, 1, 4, 32, 19, 211, 58, + 45, 90, 191, 156, 249, 235, 178, 31, 248, 96, 212, 174, 254, 110, 86, 231, + 119, 144, 244, 222, 233, 180, 8, 132, 235, 211, 53, 68, 234, 161, 68, 3, + 66, 0, 4, 210, 16, 176, 166, 249, 217, 240, 18, 134, 128, 88, 180, 63, + 164, 244, 113, 1, 133, 67, 187, 160, 12, 146, 80, 223, 146, 87, 194, 172, + 174, 93, 209, 206, 3, 117, 82, 212, 129, 69, 12, 227, 155, 77, 16, 149, + 112, 27, 23, 91, 250, 179, 75, 142, 108, 9, 158, 24, 241, 193, 152, 53, + 131, 97, 232, + ]), + }, +}; + +Deno.test(async function testImportEcSpkiPkcs8() { + const subtle = window.crypto.subtle; + assert(subtle); + + for ( + const [_key, keyData] of Object.entries(ecTestKeys) + ) { + const { size, namedCurve, spki, pkcs8 } = keyData; + if (size != 256) { + continue; + } + + const privateKeyECDSA = await subtle.importKey( + "pkcs8", + pkcs8, + { name: "ECDSA", namedCurve }, + true, + ["sign"], + ); + + /*const expPrivateKeyPKCS8 = await subtle.exportKey( + "pkcs8", + privateKeyECDSA, + ); + + assertEquals(new Uint8Array(expPrivateKeyPKCS8), pkcs8);*/ + + const publicKeyECDSA = await subtle.importKey( + "spki", + spki, + { name: "ECDSA", namedCurve }, + true, + ["verify"], + ); + + for ( + const hash of [/*"SHA-1", */ "SHA-256" /*"SHA-384", "SHA-512"*/] + ) { + console.log(hash); + + const signatureECDSA = await subtle.sign( + { name: "ECDSA", hash }, + privateKeyECDSA, + new Uint8Array([1, 2, 3, 4]), + ); + + const verifyECDSA = await subtle.verify( + { name: "ECDSA", hash }, + publicKeyECDSA, + signatureECDSA, + new Uint8Array([1, 2, 3, 4]), + ); + assert(verifyECDSA); + } + + /*const expPublicKeySPKI = await subtle.exportKey( + "spki", + publicKeyECDSA, + ); + + assertEquals(new Uint8Array(expPublicKeySPKI), spki); + + /*const expPrivateKeySPKI = await subtle.exportKey( + "spki", + privateKeyECDSA, + ); + assertEquals(new Uint8Array(expPrivateKeySPKI), spki);*/ + } +}); diff --git a/ext/crypto/00_crypto.js b/ext/crypto/00_crypto.js index c8c7d9810a..f15238b3a8 100644 --- a/ext/crypto/00_crypto.js +++ b/ext/crypto/00_crypto.js @@ -108,6 +108,8 @@ "RSASSA-PKCS1-v1_5": "RsaHashedImportParams", "RSA-PSS": "RsaHashedImportParams", "RSA-OAEP": "RsaHashedImportParams", + "ECDSA": "EcImportParams", + "ECDH": "EcImportParams", "HMAC": "HmacImportParams", "HKDF": null, "PBKDF2": null, @@ -796,8 +798,9 @@ keyUsages, ); } + case "ECDH": case "ECDSA": { - return importKeyECDSA( + return importKeyEC( format, normalizedAlgorithm, keyData, @@ -1144,6 +1147,7 @@ } // 2. const hash = normalizedAlgorithm.hash.name; + // 3-8. return await core.opAsync("op_crypto_verify_key", { key: keyData, @@ -2195,13 +2199,28 @@ return key; } - function importKeyECDSA( + const SUPPORTED_EC_KEY_USAGES = { + "ECDSA": { + public: ["verify"], + private: ["sign"], + jwtUse: "sig", + }, + "ECDH": { + public: [], + private: ["deriveKey", "deriveBits"], + jwtUse: "enc", + }, + }; + + function importKeyEC( format, normalizedAlgorithm, keyData, extractable, keyUsages, ) { + const supportedUsages = SUPPORTED_EC_KEY_USAGES[normalizedAlgorithm.name]; + switch (format) { case "raw": { // 1. @@ -2221,7 +2240,7 @@ if ( ArrayPrototypeFind( keyUsages, - (u) => !ArrayPrototypeIncludes(["verify"], u), + (u) => !ArrayPrototypeIncludes(supportedUsages.public, u), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); @@ -2229,7 +2248,7 @@ // 3. const { rawData } = core.opSync("op_crypto_import_key", { - algorithm: "ECDSA", + algorithm: normalizedAlgorithm.name, namedCurve: normalizedAlgorithm.namedCurve, }, { raw: keyData }); @@ -2238,7 +2257,7 @@ // 4-5. const algorithm = { - name: "ECDSA", + name: normalizedAlgorithm.name, namedCurve: normalizedAlgorithm.namedCurve, }; @@ -2253,6 +2272,248 @@ return key; } + case "pkcs8": { + // 1. + if ( + ArrayPrototypeFind( + keyUsages, + (u) => !ArrayPrototypeIncludes(supportedUsages.private, u), + ) !== undefined + ) { + throw new DOMException("Invalid key usages", "SyntaxError"); + } + + // 2-9. + const { rawData } = core.opSync("op_crypto_import_key", { + algorithm: normalizedAlgorithm.name, + namedCurve: normalizedAlgorithm.namedCurve, + }, { pkcs8: keyData }); + + const handle = {}; + WeakMapPrototypeSet(KEY_STORE, handle, rawData); + + const algorithm = { + name: normalizedAlgorithm.name, + namedCurve: normalizedAlgorithm.namedCurve, + }; + + const key = constructKey( + "private", + extractable, + usageIntersection(keyUsages, recognisedUsages), + algorithm, + handle, + ); + + return key; + } + case "spki": { + // 1. + if (normalizedAlgorithm.name == "ECDSA") { + if ( + ArrayPrototypeFind( + keyUsages, + (u) => !ArrayPrototypeIncludes(supportedUsages.public, u), + ) !== undefined + ) { + throw new DOMException("Invalid key usages", "SyntaxError"); + } + } else if (keyUsages.length != 0) { + throw new DOMException("Key usage must be empty", "SyntaxError"); + } + + // 2-12 + const { rawData } = core.opSync("op_crypto_import_key", { + algorithm: normalizedAlgorithm.name, + namedCurve: normalizedAlgorithm.namedCurve, + }, { spki: keyData }); + + const handle = {}; + WeakMapPrototypeSet(KEY_STORE, handle, rawData); + + const algorithm = { + name: normalizedAlgorithm.name, + namedCurve: normalizedAlgorithm.namedCurve, + }; + + // 6-8. + const key = constructKey( + "public", + extractable, + usageIntersection(keyUsages, recognisedUsages), + algorithm, + handle, + ); + + return key; + } + case "jwk": { + const jwk = keyData; + + const keyType = (jwk.d !== undefined) ? "private" : "public"; + + // 2. + if ( + ArrayPrototypeFind( + keyUsages, + (u) => !ArrayPrototypeIncludes(supportedUsages[keyType], u), + ) !== undefined + ) { + throw new DOMException("Invalid key usages", "SyntaxError"); + } + + // 3. + if (jwk.kty !== "EC") { + throw new DOMException( + "'kty' property of JsonWebKey must be 'EC'", + "DataError", + ); + } + + // 4. + if ( + keyUsages.length > 0 && jwk.use !== undefined && + jwk.use !== supportedUsages.jwkUse + ) { + throw new DOMException( + `'use' property of JsonWebKey must be '${supportedUsages.jwkUse}'`, + "DataError", + ); + } + + // 5. + // Section 4.3 of RFC7517 + if (jwk.key_ops !== undefined) { + if ( + ArrayPrototypeFind( + jwk.key_ops, + (u) => !ArrayPrototypeIncludes(recognisedUsages, u), + ) !== undefined + ) { + throw new DOMException( + "'key_ops' member of JsonWebKey is invalid", + "DataError", + ); + } + + if ( + !ArrayPrototypeEvery( + jwk.key_ops, + (u) => ArrayPrototypeIncludes(keyUsages, u), + ) + ) { + throw new DOMException( + "'key_ops' member of JsonWebKey is invalid", + "DataError", + ); + } + } + + // 6. + if (jwk.ext === false && extractable === true) { + throw new DOMException( + "'ext' property of JsonWebKey must not be false if extractable is true", + "DataError", + ); + } + + // 9. + if (jwk.alg !== undefined && normalizedAlgorithm.name == "ECDSA") { + let algNamedCurve; + + switch (jwk.alg) { + case "ES256": { + algNamedCurve = "P-256"; + break; + } + case "ES384": { + algNamedCurve = "P-384"; + break; + } + case "ES512": { + algNamedCurve = "P-521"; + break; + } + default: + throw new DOMException( + "Curve algorithm not supported", + "DataError", + ); + } + + if (algNamedCurve) { + if (algNamedCurve !== normalizedAlgorithm.namedCurve) { + throw new DOMException( + "Mismatched curve algorithm", + "DataError", + ); + } + } + } + + // Validate that this is a valid public key. + if (jwk.x === undefined) { + throw new DOMException( + "'x' property of JsonWebKey is required for EC keys", + "DataError", + ); + } + if (jwk.y === undefined) { + throw new DOMException( + "'y' property of JsonWebKey is required for EC keys", + "DataError", + ); + } + + if (jwk.d !== undefined) { + // it's also a Private key + const { rawData } = core.opSync("op_crypto_import_key", { + algorithm: normalizedAlgorithm.name, + namedCurve: normalizedAlgorithm.namedCurve, + }, { jwkPrivateEc: jwk }); + + const handle = {}; + WeakMapPrototypeSet(KEY_STORE, handle, rawData); + + const algorithm = { + name: normalizedAlgorithm.name, + namedCurve: normalizedAlgorithm.namedCurve, + }; + + const key = constructKey( + "private", + extractable, + usageIntersection(keyUsages, recognisedUsages), + algorithm, + handle, + ); + + return key; + } else { + const { rawData } = core.opSync("op_crypto_import_key", { + algorithm: normalizedAlgorithm.name, + namedCurve: normalizedAlgorithm.namedCurve, + }, { jwkPublicEc: jwk }); + + const handle = {}; + WeakMapPrototypeSet(KEY_STORE, handle, rawData); + + const algorithm = { + name: normalizedAlgorithm.name, + namedCurve: normalizedAlgorithm.namedCurve, + }; + + const key = constructKey( + "public", + extractable, + usageIntersection(keyUsages, recognisedUsages), + algorithm, + handle, + ); + + return key; + } + } default: throw new DOMException("Not implemented", "NotSupportedError"); } diff --git a/ext/crypto/01_webidl.js b/ext/crypto/01_webidl.js index 7b1fc4e08c..a6470ce9e5 100644 --- a/ext/crypto/01_webidl.js +++ b/ext/crypto/01_webidl.js @@ -130,6 +130,18 @@ webidl.converters.EcKeyGenParams = webidl .createDictionaryConverter("EcKeyGenParams", dictEcKeyGenParams); + const dictEcImportParams = [ + ...dictAlgorithm, + { + key: "namedCurve", + converter: webidl.converters.NamedCurve, + required: true, + }, + ]; + + webidl.converters.EcImportParams = webidl + .createDictionaryConverter("EcImportParams", dictEcImportParams); + const dictAesKeyGenParams = [ ...dictAlgorithm, { diff --git a/ext/crypto/Cargo.toml b/ext/crypto/Cargo.toml index d5c2a1acbb..ced20fa7dd 100644 --- a/ext/crypto/Cargo.toml +++ b/ext/crypto/Cargo.toml @@ -19,7 +19,7 @@ base64 = "0.13.0" block-modes = "0.8.1" deno_core = { version = "0.110.0", path = "../../core" } deno_web = { version = "0.59.0", path = "../web" } -elliptic-curve = "0.10.6" +elliptic-curve = { version = "0.10.6", features = ["std", "pem"] } lazy_static = "1.4.0" num-traits = "0.2.14" p256 = { version = "0.9.0", features = ["ecdh"] } diff --git a/ext/crypto/generate_key.rs b/ext/crypto/generate_key.rs index 3f9df44a13..7ed8412973 100644 --- a/ext/crypto/generate_key.rs +++ b/ext/crypto/generate_key.rs @@ -87,6 +87,7 @@ fn generate_key_ec(named_curve: EcNamedCurve) -> Result, AnyError> { let curve = match named_curve { EcNamedCurve::P256 => &ring::signature::ECDSA_P256_SHA256_FIXED_SIGNING, EcNamedCurve::P384 => &ring::signature::ECDSA_P384_SHA384_FIXED_SIGNING, + _ => return Err(not_supported_error("Unsupported named curve")), }; let rng = ring::rand::SystemRandom::new(); diff --git a/ext/crypto/import_key.rs b/ext/crypto/import_key.rs index 5b5a707a69..c658d7c121 100644 --- a/ext/crypto/import_key.rs +++ b/ext/crypto/import_key.rs @@ -1,10 +1,14 @@ use deno_core::error::AnyError; use deno_core::OpState; use deno_core::ZeroCopyBuf; +use elliptic_curve::pkcs8::der::Decodable as Pkcs8Decodable; +use elliptic_curve::pkcs8::PrivateKeyInfo; +use elliptic_curve::sec1::ToEncodedPoint; +use p256::pkcs8::FromPrivateKey; +use p256::pkcs8::ToPrivateKey; use rsa::pkcs1::UIntBytes; use serde::Deserialize; use serde::Serialize; -use spki::der::Decodable; use spki::der::Encodable; use crate::shared::*; @@ -34,6 +38,15 @@ pub enum KeyData { dq: String, qi: String, }, + JwkPublicEc { + x: String, + y: String, + }, + JwkPrivateEc { + x: String, + y: String, + d: String, + }, } #[derive(Deserialize)] @@ -238,7 +251,7 @@ fn import_key_rsassa( } KeyData::Pkcs8(data) => { // 2-3. - let pk_info = rsa::pkcs8::PrivateKeyInfo::from_der(&data) + let pk_info = PrivateKeyInfo::from_der(&data) .map_err(|e| data_error(e.to_string()))?; // 4-5. @@ -389,7 +402,7 @@ fn import_key_rsapss( } KeyData::Pkcs8(data) => { // 2-3. - let pk_info = rsa::pkcs8::PrivateKeyInfo::from_der(&data) + let pk_info = PrivateKeyInfo::from_der(&data) .map_err(|e| data_error(e.to_string()))?; // 4-5. @@ -568,7 +581,7 @@ fn import_key_rsaoaep( } KeyData::Pkcs8(data) => { // 2-3. - let pk_info = rsa::pkcs8::PrivateKeyInfo::from_der(&data) + let pk_info = PrivateKeyInfo::from_der(&data) .map_err(|e| data_error(e.to_string()))?; // 4-5. @@ -657,11 +670,137 @@ fn import_key_rsaoaep( } } +fn decode_b64url_to_field_bytes( + b64: &str, +) -> Result, deno_core::anyhow::Error> { + jwt_b64_int_or_err!(val, b64, "invalid b64 coordinate"); + + let mut bytes = elliptic_curve::FieldBytes::::default(); + let val = val.as_bytes(); + if val.len() != bytes.len() { + return Err(data_error("invalid b64 coordinate")); + } + bytes.copy_from_slice(val); + + Ok(bytes) +} + +fn import_key_ec_jwk_to_point( + x: String, + y: String, + named_curve: EcNamedCurve, +) -> Result, deno_core::anyhow::Error> { + let point_bytes = match named_curve { + EcNamedCurve::P256 => { + let x = decode_b64url_to_field_bytes::(&x)?; + let y = decode_b64url_to_field_bytes::(&y)?; + + p256::EncodedPoint::from_affine_coordinates(&x, &y, false).to_bytes() + } + EcNamedCurve::P384 => { + let x = decode_b64url_to_field_bytes::(&x)?; + let y = decode_b64url_to_field_bytes::(&y)?; + + p384::EncodedPoint::from_affine_coordinates(&x, &y, false).to_bytes() + } + _ => return Err(not_supported_error("Unsupported named curve")), + }; + + Ok(point_bytes.to_vec()) +} + +fn import_key_ec_jwk( + key_data: KeyData, + named_curve: EcNamedCurve, +) -> Result { + match key_data { + KeyData::JwkPublicEc { x, y } => { + let point_bytes = import_key_ec_jwk_to_point(x, y, named_curve)?; + + Ok(ImportKeyResult::Ec { + raw_data: RawKeyData::Public(point_bytes.to_vec().into()), + }) + } + KeyData::JwkPrivateEc { d, x, y } => { + let point_bytes = import_key_ec_jwk_to_point(x, y, named_curve)?; + + let secret_key_der = match named_curve { + EcNamedCurve::P256 => { + let d = decode_b64url_to_field_bytes::(&d)?; + let secret_key = p256::SecretKey::from_bytes(&d)?; + ToPrivateKey::to_pkcs8_der(&secret_key).unwrap() + } + //@todo(sean) - build p384 secret key from jwk, when crate implements to_pkcs8_der + //Problem: p384 crate does not implement ProjectiveArithmetic + /*EcNamedCurve::P384 => { + let secret_key = p384::SecretKey::from_be_bytes(&d)?; + + secret_key.to_pkcs8_der().unwrap() + }*/ + _ => return Err(not_supported_error("Unsupported named curve")), + }; + + let oid = + ::OID; + + let pki = p256::pkcs8::PrivateKeyInfo::new( + p256::pkcs8::AlgorithmIdentifier { + oid, + parameters: None, + }, + secret_key_der.as_ref(), + ); + + let pki = p256::pkcs8::PrivateKeyInfo { + public_key: Some(&point_bytes), + ..pki + }; + + Ok(ImportKeyResult::Ec { + raw_data: RawKeyData::Private(pki.private_key.to_vec().into()), + }) + } + _ => unreachable!(), + } +} + +pub struct ECParametersPkcs8 { + pub named_curve_alg: p256::pkcs8::der::asn1::ObjectIdentifier, +} + +impl<'a> TryFrom> for ECParametersPkcs8 { + type Error = p256::pkcs8::der::Error; + + fn try_from( + any: p256::pkcs8::der::asn1::Any<'a>, + ) -> p256::pkcs8::der::Result { + let x = any.oid()?; + + Ok(Self { named_curve_alg: x }) + } +} + +pub struct ECParametersSpki { + pub named_curve_alg: spki::der::asn1::ObjectIdentifier, +} + +impl<'a> TryFrom> for ECParametersSpki { + type Error = spki::der::Error; + + fn try_from( + any: spki::der::asn1::Any<'a>, + ) -> spki::der::Result { + let x = any.oid()?; + + Ok(Self { named_curve_alg: x }) + } +} + fn import_key_ec( key_data: KeyData, named_curve: EcNamedCurve, ) -> Result { - Ok(match key_data { + match key_data { KeyData::Raw(data) => { // The point is parsed and validated, ultimately the original data is // returned though. @@ -684,13 +823,179 @@ fn import_key_ec( return Err(data_error("invalid P-384 eliptic curve point")); } } + _ => return Err(not_supported_error("Unsupported named curve")), }; - ImportKeyResult::Ec { + Ok(ImportKeyResult::Ec { raw_data: RawKeyData::Public(data), - } + }) } - _ => return Err(unsupported_format()), - }) + KeyData::Pkcs8(data) => { + // 2-3. + let pk_info = PrivateKeyInfo::from_der(&data) + .map_err(|e| data_error(e.to_string()))?; + + // 4-5. + let alg = pk_info.algorithm.oid; + // id-ecPublicKey + if alg != elliptic_curve::ALGORITHM_OID { + return Err(data_error("unsupported algorithm")); + } + + // 5-7. + let params = ECParametersPkcs8::try_from( + pk_info + .algorithm + .parameters + .ok_or_else(|| data_error("malformed parameters"))?, + ) + .map_err(|_| data_error("malformed parameters"))?; + + // 8-9. + let pk_named_curve = match params.named_curve_alg { + // id-secp256r1 + ID_SECP256R1_OID => Some(EcNamedCurve::P256), + // id-secp384r1 + ID_SECP384R1_OID => Some(EcNamedCurve::P384), + // id-secp384r1 + ID_SECP521R1_OID => Some(EcNamedCurve::P521), + _ => None, + }; + + // 10. + if let Some(pk_named_curve) = pk_named_curve { + match pk_named_curve { + EcNamedCurve::P256 => { + let secret_key = + p256::SecretKey::from_pkcs8_der(&data).map_err(|_| { + data_error("invalid P-256 elliptic curve PKCS8 data") + })?; + + let point = + secret_key.public_key().as_affine().to_encoded_point(false); + + // 12 - not sure if this is correct. + if point.is_identity() { + return Err(data_error("Invalid key data")); + } + } + //@todo(sean) Validate P384 secret-key on import(pkcs8) + //Problem: Nist384 Curve from p384 crate does not implement ProjectiveArithmetic + //so cannot extract PublicKey from SecretKey. + /*EcNamedCurve::P384 => { + let secret_key = + p384::SecretKey::from_pkcs8_der(&data).unwrap(); + + let point = + secret_key.public_key().as_affine().to_encoded_point(false); + // 3. + if point.is_identity() { + return Err(type_error("Invalid key data".to_string())); + } + }*/ + _ => return Err(data_error("Unsupported named curve")), + } + // 11. + if named_curve != pk_named_curve { + return Err(data_error("curve mismatch")); + } + } else { + return Err(data_error("Unsupported named curve")); + } + + Ok(ImportKeyResult::Ec { + raw_data: RawKeyData::Private(data), + }) + } + KeyData::Spki(data) => { + // 2-3. + let pk_info = spki::SubjectPublicKeyInfo::from_der(&data) + .map_err(|e| data_error(e.to_string()))?; + + // 4. + let alg = pk_info.algorithm.oid; + // id-ecPublicKey + if alg != elliptic_curve::ALGORITHM_OID { + return Err(data_error("unsupported algorithm")); + } + + // 5-7. + let params = ECParametersSpki::try_from( + pk_info + .algorithm + .parameters + .ok_or_else(|| data_error("malformed parameters"))?, + ) + .map_err(|_| data_error("malformed parameters"))?; + + // 8-9. + let named_curve_alg = params.named_curve_alg; + let pk_named_curve = match named_curve_alg { + // id-secp256r1 + ID_SECP256R1_OID => Some(EcNamedCurve::P256), + // id-secp384r1 + ID_SECP384R1_OID => Some(EcNamedCurve::P384), + // id-secp521r1 + ID_SECP521R1_OID => Some(EcNamedCurve::P521), + _ => None, + }; + + // 10. + let encoded_key; + + if let Some(pk_named_curve) = pk_named_curve { + let pk = pk_info.subject_public_key; + + encoded_key = pk.to_vec(); + + let bytes_consumed = match named_curve { + EcNamedCurve::P256 => { + let point = + p256::EncodedPoint::from_bytes(&*encoded_key).map_err(|_| { + data_error("invalid P-256 eliptic curve SPKI data") + })?; + + if point.is_identity() { + return Err(data_error("invalid P-256 eliptic curve point")); + } + + point.as_bytes().len() + } + EcNamedCurve::P384 => { + let point = + p384::EncodedPoint::from_bytes(&*encoded_key).map_err(|_| { + data_error("invalid P-384 eliptic curve SPKI data") + })?; + + if point.is_identity() { + return Err(data_error("invalid P-384 eliptic curve point")); + } + + point.as_bytes().len() + } + _ => return Err(not_supported_error("Unsupported named curve")), + }; + + if bytes_consumed != pk_info.subject_public_key.len() { + return Err(data_error("public key is invalid (too long)")); + } + + // 11. + if named_curve != pk_named_curve { + return Err(data_error("curve mismatch")); + } + } else { + return Err(data_error("Unsupported named curve")); + } + + Ok(ImportKeyResult::Ec { + raw_data: RawKeyData::Public(encoded_key.to_vec().into()), + }) + } + KeyData::JwkPublicEc { .. } | KeyData::JwkPrivateEc { .. } => { + import_key_ec_jwk(key_data, named_curve) + } + _ => Err(unsupported_format()), + } } fn import_key_aes(key_data: KeyData) -> Result { diff --git a/ext/crypto/lib.deno_crypto.d.ts b/ext/crypto/lib.deno_crypto.d.ts index 7681a56abe..6a32557454 100644 --- a/ext/crypto/lib.deno_crypto.d.ts +++ b/ext/crypto/lib.deno_crypto.d.ts @@ -71,6 +71,10 @@ interface EcKeyGenParams extends Algorithm { namedCurve: NamedCurve; } +interface EcImportParams extends Algorithm { + namedCurve: NamedCurve; +} + interface EcdsaParams extends Algorithm { hash: HashAlgorithmIdentifier; } @@ -195,14 +199,22 @@ interface SubtleCrypto { importKey( format: "jwk", keyData: JsonWebKey, - algorithm: AlgorithmIdentifier | HmacImportParams | RsaHashedImportParams, + algorithm: + | AlgorithmIdentifier + | HmacImportParams + | RsaHashedImportParams + | EcImportParams, extractable: boolean, keyUsages: KeyUsage[], ): Promise; importKey( format: Exclude, keyData: BufferSource, - algorithm: AlgorithmIdentifier | HmacImportParams | RsaHashedImportParams, + algorithm: + | AlgorithmIdentifier + | HmacImportParams + | RsaHashedImportParams + | EcImportParams, extractable: boolean, keyUsages: KeyUsage[], ): Promise; diff --git a/ext/crypto/lib.rs b/ext/crypto/lib.rs index bb7ad5f326..b46b27d741 100644 --- a/ext/crypto/lib.rs +++ b/ext/crypto/lib.rs @@ -19,6 +19,8 @@ use std::rc::Rc; use block_modes::BlockMode; use lazy_static::lazy_static; use num_traits::cast::FromPrimitive; +use p256::elliptic_curve::sec1::FromEncodedPoint; +use p256::pkcs8::FromPrivateKey; use rand::rngs::OsRng; use rand::rngs::StdRng; use rand::thread_rng; @@ -40,7 +42,6 @@ use rsa::pkcs1::der::Encodable; use rsa::pkcs1::FromRsaPrivateKey; use rsa::pkcs1::FromRsaPublicKey; use rsa::pkcs8::der::asn1; -use rsa::pkcs8::FromPrivateKey; use rsa::BigUint; use rsa::PublicKey; use rsa::RsaPrivateKey; @@ -443,8 +444,18 @@ pub async fn op_crypto_verify_key( let verify_alg: &EcdsaVerificationAlgorithm = args.named_curve.ok_or_else(not_supported)?.try_into()?; - let private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &*args.key.data)?; - let public_key_bytes = private_key.public_key().as_ref(); + let private_key; + + let public_key_bytes = match args.key.r#type { + KeyType::Private => { + private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &*args.key.data)?; + + private_key.public_key().as_ref() + } + KeyType::Public => &*args.key.data, + _ => return Err(type_error("Invalid Key format".to_string())), + }; + let public_key = ring::signature::UnparsedPublicKey::new(verify_alg, public_key_bytes); @@ -507,13 +518,40 @@ pub async fn op_crypto_derive_bits( let public_key = args .public_key - .ok_or_else(|| type_error("Missing argument publicKey".to_string()))?; + .ok_or_else(|| type_error("Missing argument publicKey"))?; match named_curve { CryptoNamedCurve::P256 => { - let secret_key = p256::SecretKey::from_pkcs8_der(&args.key.data)?; - let public_key = - p256::SecretKey::from_pkcs8_der(&public_key.data)?.public_key(); + let secret_key = p256::SecretKey::from_pkcs8_der(&args.key.data) + .map_err(|_| type_error("Unexpected error decoding private key"))?; + + let public_key = match public_key.r#type { + KeyType::Private => { + p256::SecretKey::from_pkcs8_der(&public_key.data) + .map_err(|_| { + type_error("Unexpected error decoding private key") + })? + .public_key() + } + KeyType::Public => { + let point = p256::EncodedPoint::from_bytes(public_key.data) + .map_err(|_| { + type_error("Unexpected error decoding private key") + })?; + + let pk: Option = + p256::PublicKey::from_encoded_point(&point); + + if let Some(pk) = pk { + pk + } else { + return Err(type_error( + "Unexpected error decoding private key", + )); + } + } + _ => unreachable!(), + }; let shared_secret = p256::elliptic_curve::ecdh::diffie_hellman( secret_key.to_secret_scalar(), diff --git a/ext/crypto/shared.rs b/ext/crypto/shared.rs index 1a0703b264..3b32bb2a2e 100644 --- a/ext/crypto/shared.rs +++ b/ext/crypto/shared.rs @@ -37,6 +37,13 @@ pub const RSAES_OAEP_OID: rsa::pkcs8::ObjectIdentifier = pub const ID_P_SPECIFIED: rsa::pkcs8::ObjectIdentifier = rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.9"); +pub const ID_SECP256R1_OID: rsa::pkcs8::ObjectIdentifier = + rsa::pkcs8::ObjectIdentifier::new("1.2.840.10045.3.1.7"); +pub const ID_SECP384R1_OID: rsa::pkcs8::ObjectIdentifier = + rsa::pkcs8::ObjectIdentifier::new("1.3.132.0.34"); +pub const ID_SECP521R1_OID: rsa::pkcs8::ObjectIdentifier = + rsa::pkcs8::ObjectIdentifier::new("1.3.132.0.35"); + #[derive(Serialize, Deserialize, Copy, Clone, PartialEq)] pub enum ShaHash { #[serde(rename = "SHA-1")] @@ -55,6 +62,8 @@ pub enum EcNamedCurve { P256, #[serde(rename = "P-384")] P384, + #[serde(rename = "P-521")] + P521, } #[derive(Serialize, Deserialize)] diff --git a/tools/wpt/expectation.json b/tools/wpt/expectation.json index dc5bb12a74..140b6d9af9 100644 --- a/tools/wpt/expectation.json +++ b/tools/wpt/expectation.json @@ -3939,8 +3939,122 @@ "WorkerGlobalScope interface: attribute crypto" ], "import_export": { - "ec_importKey.https.any.html": false, - "ec_importKey.https.any.worker.html": false, + "ec_importKey.https.any.html": [ + "Good parameters: P-256 bits (spki, buffer(91), {name: ECDSA, namedCurve: P-256}, true, [])", + "Good parameters: P-256 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-256}, true, [])", + "Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDSA, namedCurve: P-256}, true, [sign])", + "Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-256}, true, [sign])", + "Good parameters: P-384 bits (spki, buffer(120), {name: ECDSA, namedCurve: P-384}, true, [])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-384}, true, [])", + "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, true, [sign])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-384}, true, [sign])", + "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, false, [sign])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-384}, false, [sign])", + "Good parameters: P-521 bits (spki, buffer(158), {name: ECDSA, namedCurve: P-521}, true, [])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-521}, true, [])", + "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDSA, namedCurve: P-521}, true, [sign])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, true, [sign])", + "Good parameters: P-521 bits (spki, buffer(158), {name: ECDSA, namedCurve: P-521}, false, [])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-521}, false, [])", + "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDSA, namedCurve: P-521}, false, [sign])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, false, [sign])", + "Good parameters: P-256 bits (spki, buffer(91), {name: ECDH, namedCurve: P-256}, true, [])", + "Good parameters: P-256 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-256}, true, [])", + "Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveKey])", + "Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [deriveKey])", + "Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey])", + "Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey])", + "Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveBits])", + "Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [deriveBits])", + "Good parameters: P-384 bits (spki, buffer(120), {name: ECDH, namedCurve: P-384}, true, [])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-384}, true, [])", + "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveKey])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveKey])", + "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey])", + "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits])", + "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveKey])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveKey])", + "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey])", + "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits])", + "Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, true, [])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-521}, true, [])", + "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveKey])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, true, [deriveKey])", + "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey])", + "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveBits])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, true, [deriveBits])", + "Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, false, [])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-521}, false, [])", + "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveKey])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveKey])", + "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveBits, deriveKey])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveBits, deriveKey])", + "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveBits])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveBits])" + ], + "ec_importKey.https.any.worker.html": [ + "Good parameters: P-256 bits (spki, buffer(91), {name: ECDSA, namedCurve: P-256}, true, [])", + "Good parameters: P-256 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-256}, true, [])", + "Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDSA, namedCurve: P-256}, true, [sign])", + "Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-256}, true, [sign])", + "Good parameters: P-384 bits (spki, buffer(120), {name: ECDSA, namedCurve: P-384}, true, [])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-384}, true, [])", + "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, true, [sign])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-384}, true, [sign])", + "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, false, [sign])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-384}, false, [sign])", + "Good parameters: P-521 bits (spki, buffer(158), {name: ECDSA, namedCurve: P-521}, true, [])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-521}, true, [])", + "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDSA, namedCurve: P-521}, true, [sign])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, true, [sign])", + "Good parameters: P-521 bits (spki, buffer(158), {name: ECDSA, namedCurve: P-521}, false, [])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-521}, false, [])", + "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDSA, namedCurve: P-521}, false, [sign])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, false, [sign])", + "Good parameters: P-256 bits (spki, buffer(91), {name: ECDH, namedCurve: P-256}, true, [])", + "Good parameters: P-256 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-256}, true, [])", + "Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveKey])", + "Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [deriveKey])", + "Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey])", + "Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey])", + "Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveBits])", + "Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [deriveBits])", + "Good parameters: P-384 bits (spki, buffer(120), {name: ECDH, namedCurve: P-384}, true, [])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-384}, true, [])", + "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveKey])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveKey])", + "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey])", + "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits])", + "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveKey])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveKey])", + "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey])", + "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits])", + "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits])", + "Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, true, [])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-521}, true, [])", + "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveKey])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, true, [deriveKey])", + "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey])", + "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveBits])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, true, [deriveBits])", + "Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, false, [])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-521}, false, [])", + "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveKey])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveKey])", + "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveBits, deriveKey])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveBits, deriveKey])", + "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveBits])", + "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveBits])" + ], "rsa_importKey.https.any.html": true, "rsa_importKey.https.any.worker.html": true, "symmetric_importKey.https.any.html": true, @@ -3950,10 +4064,9 @@ "randomUUID.https.any.worker.html": true, "sign_verify": { "ecdsa.https.any.html": [ - "importVectorKeys step: ECDSA P-256 with SHA-1 verification", - "importVectorKeys step: ECDSA P-256 with SHA-256 verification", - "importVectorKeys step: ECDSA P-256 with SHA-384 verification", - "importVectorKeys step: ECDSA P-256 with SHA-512 verification", + "ECDSA P-256 with SHA-1 verification", + "ECDSA P-256 with SHA-384 verification", + "ECDSA P-256 with SHA-512 verification", "importVectorKeys step: ECDSA P-384 with SHA-1 verification", "importVectorKeys step: ECDSA P-384 with SHA-256 verification", "importVectorKeys step: ECDSA P-384 with SHA-384 verification", @@ -3962,10 +4075,9 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 verification", "importVectorKeys step: ECDSA P-521 with SHA-384 verification", "importVectorKeys step: ECDSA P-521 with SHA-512 verification", - "importVectorKeys step: ECDSA P-256 with SHA-1 verification with altered signature after call", - "importVectorKeys step: ECDSA P-256 with SHA-256 verification with altered signature after call", - "importVectorKeys step: ECDSA P-256 with SHA-384 verification with altered signature after call", - "importVectorKeys step: ECDSA P-256 with SHA-512 verification with altered signature after call", + "ECDSA P-256 with SHA-1 verification with altered signature after call", + "ECDSA P-256 with SHA-384 verification with altered signature after call", + "ECDSA P-256 with SHA-512 verification with altered signature after call", "importVectorKeys step: ECDSA P-384 with SHA-1 verification with altered signature after call", "importVectorKeys step: ECDSA P-384 with SHA-256 verification with altered signature after call", "importVectorKeys step: ECDSA P-384 with SHA-384 verification with altered signature after call", @@ -3974,10 +4086,9 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 verification with altered signature after call", "importVectorKeys step: ECDSA P-521 with SHA-384 verification with altered signature after call", "importVectorKeys step: ECDSA P-521 with SHA-512 verification with altered signature after call", - "importVectorKeys step: ECDSA P-256 with SHA-1 with altered plaintext after call", - "importVectorKeys step: ECDSA P-256 with SHA-256 with altered plaintext after call", - "importVectorKeys step: ECDSA P-256 with SHA-384 with altered plaintext after call", - "importVectorKeys step: ECDSA P-256 with SHA-512 with altered plaintext after call", + "ECDSA P-256 with SHA-1 with altered plaintext after call", + "ECDSA P-256 with SHA-384 with altered plaintext after call", + "ECDSA P-256 with SHA-512 with altered plaintext after call", "importVectorKeys step: ECDSA P-384 with SHA-1 with altered plaintext after call", "importVectorKeys step: ECDSA P-384 with SHA-256 with altered plaintext after call", "importVectorKeys step: ECDSA P-384 with SHA-384 with altered plaintext after call", @@ -3986,10 +4097,6 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 with altered plaintext after call", "importVectorKeys step: ECDSA P-521 with SHA-384 with altered plaintext after call", "importVectorKeys step: ECDSA P-521 with SHA-512 with altered plaintext after call", - "importVectorKeys step: ECDSA P-256 with SHA-1 using privateKey to verify", - "importVectorKeys step: ECDSA P-256 with SHA-256 using privateKey to verify", - "importVectorKeys step: ECDSA P-256 with SHA-384 using privateKey to verify", - "importVectorKeys step: ECDSA P-256 with SHA-512 using privateKey to verify", "importVectorKeys step: ECDSA P-384 with SHA-1 using privateKey to verify", "importVectorKeys step: ECDSA P-384 with SHA-256 using privateKey to verify", "importVectorKeys step: ECDSA P-384 with SHA-384 using privateKey to verify", @@ -3998,10 +4105,6 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 using privateKey to verify", "importVectorKeys step: ECDSA P-521 with SHA-384 using privateKey to verify", "importVectorKeys step: ECDSA P-521 with SHA-512 using privateKey to verify", - "importVectorKeys step: ECDSA P-256 with SHA-1 using publicKey to sign", - "importVectorKeys step: ECDSA P-256 with SHA-256 using publicKey to sign", - "importVectorKeys step: ECDSA P-256 with SHA-384 using publicKey to sign", - "importVectorKeys step: ECDSA P-256 with SHA-512 using publicKey to sign", "importVectorKeys step: ECDSA P-384 with SHA-1 using publicKey to sign", "importVectorKeys step: ECDSA P-384 with SHA-256 using publicKey to sign", "importVectorKeys step: ECDSA P-384 with SHA-384 using publicKey to sign", @@ -4010,10 +4113,6 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 using publicKey to sign", "importVectorKeys step: ECDSA P-521 with SHA-384 using publicKey to sign", "importVectorKeys step: ECDSA P-521 with SHA-512 using publicKey to sign", - "importVectorKeys step: ECDSA P-256 with SHA-1 no verify usage", - "importVectorKeys step: ECDSA P-256 with SHA-256 no verify usage", - "importVectorKeys step: ECDSA P-256 with SHA-384 no verify usage", - "importVectorKeys step: ECDSA P-256 with SHA-512 no verify usage", "importVectorKeys step: ECDSA P-384 with SHA-1 no verify usage", "importVectorKeys step: ECDSA P-384 with SHA-256 no verify usage", "importVectorKeys step: ECDSA P-384 with SHA-384 no verify usage", @@ -4022,10 +4121,8 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 no verify usage", "importVectorKeys step: ECDSA P-521 with SHA-384 no verify usage", "importVectorKeys step: ECDSA P-521 with SHA-512 no verify usage", - "importVectorKeys step: ECDSA P-256 with SHA-1 round trip", - "importVectorKeys step: ECDSA P-256 with SHA-256 round trip", - "importVectorKeys step: ECDSA P-256 with SHA-384 round trip", - "importVectorKeys step: ECDSA P-256 with SHA-512 round trip", + "ECDSA P-256 with SHA-1 round trip", + "ECDSA P-256 with SHA-512 round trip", "importVectorKeys step: ECDSA P-384 with SHA-1 round trip", "importVectorKeys step: ECDSA P-384 with SHA-256 round trip", "importVectorKeys step: ECDSA P-384 with SHA-384 round trip", @@ -4034,10 +4131,6 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 round trip", "importVectorKeys step: ECDSA P-521 with SHA-384 round trip", "importVectorKeys step: ECDSA P-521 with SHA-512 round trip", - "importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to altered signature", - "importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to altered signature", - "importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to altered signature", - "importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to altered signature", "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to altered signature", "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to altered signature", "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to altered signature", @@ -4046,10 +4139,7 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to altered signature", - "importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to wrong hash", - "importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to wrong hash", - "importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to wrong hash", - "importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to wrong hash", + "ECDSA P-256 with SHA-256 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to wrong hash", @@ -4058,10 +4148,6 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to wrong hash", - "importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to bad hash name", - "importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to bad hash name", - "importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to bad hash name", - "importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to bad hash name", @@ -4070,10 +4156,6 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to bad hash name", - "importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to shortened signature", - "importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to shortened signature", - "importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to shortened signature", - "importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to shortened signature", @@ -4082,10 +4164,6 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to shortened signature", - "importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to altered plaintext", - "importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to altered plaintext", - "importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to altered plaintext", - "importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to altered plaintext", @@ -4094,10 +4172,6 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to altered plaintext", - "importVectorKeys step: ECDSA P-256 with SHA-1 signing with wrong algorithm name", - "importVectorKeys step: ECDSA P-256 with SHA-256 signing with wrong algorithm name", - "importVectorKeys step: ECDSA P-256 with SHA-384 signing with wrong algorithm name", - "importVectorKeys step: ECDSA P-256 with SHA-512 signing with wrong algorithm name", "importVectorKeys step: ECDSA P-384 with SHA-1 signing with wrong algorithm name", "importVectorKeys step: ECDSA P-384 with SHA-256 signing with wrong algorithm name", "importVectorKeys step: ECDSA P-384 with SHA-384 signing with wrong algorithm name", @@ -4106,10 +4180,6 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 signing with wrong algorithm name", "importVectorKeys step: ECDSA P-521 with SHA-384 signing with wrong algorithm name", "importVectorKeys step: ECDSA P-521 with SHA-512 signing with wrong algorithm name", - "importVectorKeys step: ECDSA P-256 with SHA-1 verifying with wrong algorithm name", - "importVectorKeys step: ECDSA P-256 with SHA-256 verifying with wrong algorithm name", - "importVectorKeys step: ECDSA P-256 with SHA-384 verifying with wrong algorithm name", - "importVectorKeys step: ECDSA P-256 with SHA-512 verifying with wrong algorithm name", "importVectorKeys step: ECDSA P-384 with SHA-1 verifying with wrong algorithm name", "importVectorKeys step: ECDSA P-384 with SHA-256 verifying with wrong algorithm name", "importVectorKeys step: ECDSA P-384 with SHA-384 verifying with wrong algorithm name", @@ -4120,10 +4190,9 @@ "importVectorKeys step: ECDSA P-521 with SHA-512 verifying with wrong algorithm name" ], "ecdsa.https.any.worker.html": [ - "importVectorKeys step: ECDSA P-256 with SHA-1 verification", - "importVectorKeys step: ECDSA P-256 with SHA-256 verification", - "importVectorKeys step: ECDSA P-256 with SHA-384 verification", - "importVectorKeys step: ECDSA P-256 with SHA-512 verification", + "ECDSA P-256 with SHA-1 verification", + "ECDSA P-256 with SHA-384 verification", + "ECDSA P-256 with SHA-512 verification", "importVectorKeys step: ECDSA P-384 with SHA-1 verification", "importVectorKeys step: ECDSA P-384 with SHA-256 verification", "importVectorKeys step: ECDSA P-384 with SHA-384 verification", @@ -4132,10 +4201,9 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 verification", "importVectorKeys step: ECDSA P-521 with SHA-384 verification", "importVectorKeys step: ECDSA P-521 with SHA-512 verification", - "importVectorKeys step: ECDSA P-256 with SHA-1 verification with altered signature after call", - "importVectorKeys step: ECDSA P-256 with SHA-256 verification with altered signature after call", - "importVectorKeys step: ECDSA P-256 with SHA-384 verification with altered signature after call", - "importVectorKeys step: ECDSA P-256 with SHA-512 verification with altered signature after call", + "ECDSA P-256 with SHA-1 verification with altered signature after call", + "ECDSA P-256 with SHA-384 verification with altered signature after call", + "ECDSA P-256 with SHA-512 verification with altered signature after call", "importVectorKeys step: ECDSA P-384 with SHA-1 verification with altered signature after call", "importVectorKeys step: ECDSA P-384 with SHA-256 verification with altered signature after call", "importVectorKeys step: ECDSA P-384 with SHA-384 verification with altered signature after call", @@ -4144,10 +4212,9 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 verification with altered signature after call", "importVectorKeys step: ECDSA P-521 with SHA-384 verification with altered signature after call", "importVectorKeys step: ECDSA P-521 with SHA-512 verification with altered signature after call", - "importVectorKeys step: ECDSA P-256 with SHA-1 with altered plaintext after call", - "importVectorKeys step: ECDSA P-256 with SHA-256 with altered plaintext after call", - "importVectorKeys step: ECDSA P-256 with SHA-384 with altered plaintext after call", - "importVectorKeys step: ECDSA P-256 with SHA-512 with altered plaintext after call", + "ECDSA P-256 with SHA-1 with altered plaintext after call", + "ECDSA P-256 with SHA-384 with altered plaintext after call", + "ECDSA P-256 with SHA-512 with altered plaintext after call", "importVectorKeys step: ECDSA P-384 with SHA-1 with altered plaintext after call", "importVectorKeys step: ECDSA P-384 with SHA-256 with altered plaintext after call", "importVectorKeys step: ECDSA P-384 with SHA-384 with altered plaintext after call", @@ -4156,10 +4223,6 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 with altered plaintext after call", "importVectorKeys step: ECDSA P-521 with SHA-384 with altered plaintext after call", "importVectorKeys step: ECDSA P-521 with SHA-512 with altered plaintext after call", - "importVectorKeys step: ECDSA P-256 with SHA-1 using privateKey to verify", - "importVectorKeys step: ECDSA P-256 with SHA-256 using privateKey to verify", - "importVectorKeys step: ECDSA P-256 with SHA-384 using privateKey to verify", - "importVectorKeys step: ECDSA P-256 with SHA-512 using privateKey to verify", "importVectorKeys step: ECDSA P-384 with SHA-1 using privateKey to verify", "importVectorKeys step: ECDSA P-384 with SHA-256 using privateKey to verify", "importVectorKeys step: ECDSA P-384 with SHA-384 using privateKey to verify", @@ -4168,10 +4231,6 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 using privateKey to verify", "importVectorKeys step: ECDSA P-521 with SHA-384 using privateKey to verify", "importVectorKeys step: ECDSA P-521 with SHA-512 using privateKey to verify", - "importVectorKeys step: ECDSA P-256 with SHA-1 using publicKey to sign", - "importVectorKeys step: ECDSA P-256 with SHA-256 using publicKey to sign", - "importVectorKeys step: ECDSA P-256 with SHA-384 using publicKey to sign", - "importVectorKeys step: ECDSA P-256 with SHA-512 using publicKey to sign", "importVectorKeys step: ECDSA P-384 with SHA-1 using publicKey to sign", "importVectorKeys step: ECDSA P-384 with SHA-256 using publicKey to sign", "importVectorKeys step: ECDSA P-384 with SHA-384 using publicKey to sign", @@ -4180,10 +4239,6 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 using publicKey to sign", "importVectorKeys step: ECDSA P-521 with SHA-384 using publicKey to sign", "importVectorKeys step: ECDSA P-521 with SHA-512 using publicKey to sign", - "importVectorKeys step: ECDSA P-256 with SHA-1 no verify usage", - "importVectorKeys step: ECDSA P-256 with SHA-256 no verify usage", - "importVectorKeys step: ECDSA P-256 with SHA-384 no verify usage", - "importVectorKeys step: ECDSA P-256 with SHA-512 no verify usage", "importVectorKeys step: ECDSA P-384 with SHA-1 no verify usage", "importVectorKeys step: ECDSA P-384 with SHA-256 no verify usage", "importVectorKeys step: ECDSA P-384 with SHA-384 no verify usage", @@ -4192,10 +4247,8 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 no verify usage", "importVectorKeys step: ECDSA P-521 with SHA-384 no verify usage", "importVectorKeys step: ECDSA P-521 with SHA-512 no verify usage", - "importVectorKeys step: ECDSA P-256 with SHA-1 round trip", - "importVectorKeys step: ECDSA P-256 with SHA-256 round trip", - "importVectorKeys step: ECDSA P-256 with SHA-384 round trip", - "importVectorKeys step: ECDSA P-256 with SHA-512 round trip", + "ECDSA P-256 with SHA-1 round trip", + "ECDSA P-256 with SHA-512 round trip", "importVectorKeys step: ECDSA P-384 with SHA-1 round trip", "importVectorKeys step: ECDSA P-384 with SHA-256 round trip", "importVectorKeys step: ECDSA P-384 with SHA-384 round trip", @@ -4204,10 +4257,6 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 round trip", "importVectorKeys step: ECDSA P-521 with SHA-384 round trip", "importVectorKeys step: ECDSA P-521 with SHA-512 round trip", - "importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to altered signature", - "importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to altered signature", - "importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to altered signature", - "importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to altered signature", "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to altered signature", "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to altered signature", "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to altered signature", @@ -4216,10 +4265,7 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to altered signature", - "importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to wrong hash", - "importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to wrong hash", - "importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to wrong hash", - "importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to wrong hash", + "ECDSA P-256 with SHA-256 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to wrong hash", @@ -4228,10 +4274,6 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to wrong hash", - "importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to bad hash name", - "importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to bad hash name", - "importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to bad hash name", - "importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to bad hash name", @@ -4240,10 +4282,6 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to bad hash name", - "importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to shortened signature", - "importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to shortened signature", - "importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to shortened signature", - "importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to shortened signature", @@ -4252,10 +4290,6 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to shortened signature", - "importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to altered plaintext", - "importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to altered plaintext", - "importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to altered plaintext", - "importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to altered plaintext", @@ -4264,10 +4298,6 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to altered plaintext", - "importVectorKeys step: ECDSA P-256 with SHA-1 signing with wrong algorithm name", - "importVectorKeys step: ECDSA P-256 with SHA-256 signing with wrong algorithm name", - "importVectorKeys step: ECDSA P-256 with SHA-384 signing with wrong algorithm name", - "importVectorKeys step: ECDSA P-256 with SHA-512 signing with wrong algorithm name", "importVectorKeys step: ECDSA P-384 with SHA-1 signing with wrong algorithm name", "importVectorKeys step: ECDSA P-384 with SHA-256 signing with wrong algorithm name", "importVectorKeys step: ECDSA P-384 with SHA-384 signing with wrong algorithm name", @@ -4276,10 +4306,6 @@ "importVectorKeys step: ECDSA P-521 with SHA-256 signing with wrong algorithm name", "importVectorKeys step: ECDSA P-521 with SHA-384 signing with wrong algorithm name", "importVectorKeys step: ECDSA P-521 with SHA-512 signing with wrong algorithm name", - "importVectorKeys step: ECDSA P-256 with SHA-1 verifying with wrong algorithm name", - "importVectorKeys step: ECDSA P-256 with SHA-256 verifying with wrong algorithm name", - "importVectorKeys step: ECDSA P-256 with SHA-384 verifying with wrong algorithm name", - "importVectorKeys step: ECDSA P-256 with SHA-512 verifying with wrong algorithm name", "importVectorKeys step: ECDSA P-384 with SHA-1 verifying with wrong algorithm name", "importVectorKeys step: ECDSA P-384 with SHA-256 verifying with wrong algorithm name", "importVectorKeys step: ECDSA P-384 with SHA-384 verifying with wrong algorithm name",