1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-12 09:03:42 -05:00

feat(ext/crypto): support importing ECSDA and ECDH (#13088)

Co-authored-by: Luca Casonato <hello@lcas.dev>
This commit is contained in:
Sean Michael Wykes 2021-12-16 13:28:43 -03:00 committed by GitHub
parent 8efe829fca
commit 60faf7a0ed
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 1101 additions and 138 deletions

16
Cargo.lock generated
View file

@ -226,6 +226,12 @@ version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd"
[[package]]
name = "base64ct"
version = "1.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e6b4d9b1225d28d360ec6a231d65af1fd99a2a095154c8040689617290569c5c"
[[package]]
name = "bencher"
version = "0.1.5"
@ -2490,6 +2496,15 @@ dependencies = [
"winapi 0.3.9",
]
[[package]]
name = "pem-rfc7468"
version = "0.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "84e93a3b1cc0510b03020f33f21e62acdde3dcaef432edc95bea377fbd4c2cd4"
dependencies = [
"base64ct",
]
[[package]]
name = "percent-encoding"
version = "2.1.0"
@ -2618,6 +2633,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ee3ef9b64d26bad0536099c816c6734379e45bbd5f14798def6809e5cc350447"
dependencies = [
"der",
"pem-rfc7468",
"pkcs1",
"spki",
"zeroize",

View file

@ -1027,3 +1027,286 @@ Deno.test(async function testImportRsaJwk() {
}
}
});
const jwtECKeys = {
"256": {
size: 256,
algo: "ES256",
publicJWK: {
kty: "EC",
crv: "P-256",
x: "0hCwpvnZ8BKGgFi0P6T0cQGFQ7ugDJJQ35JXwqyuXdE",
y: "zgN1UtSBRQzjm00QlXAbF1v6s0uObAmeGPHBmDWDYeg",
},
privateJWK: {
kty: "EC",
crv: "P-256",
x: "0hCwpvnZ8BKGgFi0P6T0cQGFQ7ugDJJQ35JXwqyuXdE",
y: "zgN1UtSBRQzjm00QlXAbF1v6s0uObAmeGPHBmDWDYeg",
d: "E9M6LVq_nPnrsh_4YNSu_m5W53eQ9N7ptAiE69M1ROo",
},
},
"384": {
size: 384,
algo: "ES384",
publicJWK: {
kty: "EC",
crv: "P-384",
x: "IZwU1mYXs27G2IVrOFtzp000T9iude8EZDXdpU47RL1fvevR0I3Wni19wdwhjLQ1",
y: "vSgTjMd4M3qEL2vWGyQOdCSfJGZ8KlgQp2v8KOAzX4imUB3sAZdtqFr7AIactqzo",
},
privateJWK: {
kty: "EC",
crv: "P-384",
x: "IZwU1mYXs27G2IVrOFtzp000T9iude8EZDXdpU47RL1fvevR0I3Wni19wdwhjLQ1",
y: "vSgTjMd4M3qEL2vWGyQOdCSfJGZ8KlgQp2v8KOAzX4imUB3sAZdtqFr7AIactqzo",
d: "RTe1mQeE08LSLpao-S-hqkku6HPldqQVguFEGDyYiNEOa560ztSyzEAS5KxeqEBz",
},
},
};
type JWK = Record<string, string>;
function _equalJwk(expected: JWK, got: JWK): boolean {
const fields = Object.keys(expected);
for (let i = 0; i < fields.length; i++) {
const fieldName = fields[i];
if (!(fieldName in got)) {
return false;
}
if (expected[fieldName] !== got[fieldName]) {
return false;
}
}
return true;
}
Deno.test(async function testImportExportEcDsaJwk() {
const subtle = crypto.subtle;
assert(subtle);
for (
const [_key, keyData] of Object.entries(jwtECKeys)
) {
const { size, publicJWK, privateJWK, algo } = keyData;
if (size != 256) {
continue;
}
// 1. Test import EcDsa
const privateKeyECDSA = await subtle.importKey(
"jwk",
{
alg: algo,
...privateJWK,
ext: true,
"key_ops": ["sign"],
},
{ name: "ECDSA", namedCurve: privateJWK.crv },
true,
["sign"],
);
/*const expPrivateKeyJWK = await subtle.exportKey(
"jwk",
privateKeyECDSA,
);
assert(equalJwk(privateJWK, expPrivateKeyJWK as JWK));*/
const publicKeyECDSA = await subtle.importKey(
"jwk",
{
alg: algo,
...publicJWK,
ext: true,
"key_ops": ["verify"],
},
{ name: "ECDSA", namedCurve: publicJWK.crv },
true,
["verify"],
);
/*const expPublicKeyJWK = await subtle.exportKey(
"jwk",
publicKeyECDSA,
);
assert(equalJwk(publicJWK, expPublicKeyJWK as JWK));*/
const signatureECDSA = await subtle.sign(
{ name: "ECDSA", hash: "SHA-256" },
privateKeyECDSA,
new Uint8Array([1, 2, 3, 4]),
);
const verifyECDSA = await subtle.verify(
{ name: "ECDSA", hash: "SHA-256" },
publicKeyECDSA,
signatureECDSA,
new Uint8Array([1, 2, 3, 4]),
);
assert(verifyECDSA);
}
});
Deno.test(async function testImportEcDhJwk() {
const subtle = crypto.subtle;
assert(subtle);
for (
const [_key, jwkData] of Object.entries(jwtECKeys)
) {
const { size, publicJWK, privateJWK } = jwkData;
if (size != 256) {
continue;
}
// 1. Test import EcDsa
const privateKeyECDH = await subtle.importKey(
"jwk",
{
...privateJWK,
ext: true,
"key_ops": ["deriveBits"],
},
{ name: "ECDH", namedCurve: privateJWK.crv },
true,
["deriveBits"],
);
/* const expPrivateKeyJWK = await subtle.exportKey(
"jwk",
privateKeyECDH,
);
assert(equalJwk(privateJWK, expPrivateKeyJWK as JWK));*/
const publicKeyECDH = await subtle.importKey(
"jwk",
{
...publicJWK,
ext: true,
"key_ops": [],
},
{ name: "ECDH", namedCurve: publicJWK.crv },
true,
[],
);
/* const expPublicKeyJWK = await subtle.exportKey(
"jwk",
publicKeyECDH,
);
assert(equalJwk(publicJWK, expPublicKeyJWK as JWK));*/
const derivedKey = await subtle.deriveBits(
{
name: "ECDH",
public: publicKeyECDH,
},
privateKeyECDH,
256,
);
assert(derivedKey instanceof ArrayBuffer);
assertEquals(derivedKey.byteLength, 256 / 8);
}
});
const ecTestKeys = {
"256": {
size: 256,
namedCurve: "P-256",
// deno-fmt-ignore
spki: new Uint8Array([
48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 134, 72, 206,
61, 3, 1, 7, 3, 66, 0, 4, 210, 16, 176, 166, 249, 217, 240, 18, 134, 128,
88, 180, 63, 164, 244, 113, 1, 133, 67, 187, 160, 12, 146, 80, 223, 146,
87, 194, 172, 174, 93, 209, 206, 3, 117, 82, 212, 129, 69, 12, 227, 155,
77, 16, 149, 112, 27, 23, 91, 250, 179, 75, 142, 108, 9, 158, 24, 241,
193, 152, 53, 131, 97, 232,
]),
// deno-fmt-ignore
pkcs8: new Uint8Array([
48, 129, 135, 2, 1, 0, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42,
134, 72, 206, 61, 3, 1, 7, 4, 109, 48, 107, 2, 1, 1, 4, 32, 19, 211, 58,
45, 90, 191, 156, 249, 235, 178, 31, 248, 96, 212, 174, 254, 110, 86, 231,
119, 144, 244, 222, 233, 180, 8, 132, 235, 211, 53, 68, 234, 161, 68, 3,
66, 0, 4, 210, 16, 176, 166, 249, 217, 240, 18, 134, 128, 88, 180, 63,
164, 244, 113, 1, 133, 67, 187, 160, 12, 146, 80, 223, 146, 87, 194, 172,
174, 93, 209, 206, 3, 117, 82, 212, 129, 69, 12, 227, 155, 77, 16, 149,
112, 27, 23, 91, 250, 179, 75, 142, 108, 9, 158, 24, 241, 193, 152, 53,
131, 97, 232,
]),
},
};
Deno.test(async function testImportEcSpkiPkcs8() {
const subtle = window.crypto.subtle;
assert(subtle);
for (
const [_key, keyData] of Object.entries(ecTestKeys)
) {
const { size, namedCurve, spki, pkcs8 } = keyData;
if (size != 256) {
continue;
}
const privateKeyECDSA = await subtle.importKey(
"pkcs8",
pkcs8,
{ name: "ECDSA", namedCurve },
true,
["sign"],
);
/*const expPrivateKeyPKCS8 = await subtle.exportKey(
"pkcs8",
privateKeyECDSA,
);
assertEquals(new Uint8Array(expPrivateKeyPKCS8), pkcs8);*/
const publicKeyECDSA = await subtle.importKey(
"spki",
spki,
{ name: "ECDSA", namedCurve },
true,
["verify"],
);
for (
const hash of [/*"SHA-1", */ "SHA-256" /*"SHA-384", "SHA-512"*/]
) {
console.log(hash);
const signatureECDSA = await subtle.sign(
{ name: "ECDSA", hash },
privateKeyECDSA,
new Uint8Array([1, 2, 3, 4]),
);
const verifyECDSA = await subtle.verify(
{ name: "ECDSA", hash },
publicKeyECDSA,
signatureECDSA,
new Uint8Array([1, 2, 3, 4]),
);
assert(verifyECDSA);
}
/*const expPublicKeySPKI = await subtle.exportKey(
"spki",
publicKeyECDSA,
);
assertEquals(new Uint8Array(expPublicKeySPKI), spki);
/*const expPrivateKeySPKI = await subtle.exportKey(
"spki",
privateKeyECDSA,
);
assertEquals(new Uint8Array(expPrivateKeySPKI), spki);*/
}
});

View file

@ -108,6 +108,8 @@
"RSASSA-PKCS1-v1_5": "RsaHashedImportParams",
"RSA-PSS": "RsaHashedImportParams",
"RSA-OAEP": "RsaHashedImportParams",
"ECDSA": "EcImportParams",
"ECDH": "EcImportParams",
"HMAC": "HmacImportParams",
"HKDF": null,
"PBKDF2": null,
@ -796,8 +798,9 @@
keyUsages,
);
}
case "ECDH":
case "ECDSA": {
return importKeyECDSA(
return importKeyEC(
format,
normalizedAlgorithm,
keyData,
@ -1144,6 +1147,7 @@
}
// 2.
const hash = normalizedAlgorithm.hash.name;
// 3-8.
return await core.opAsync("op_crypto_verify_key", {
key: keyData,
@ -2195,13 +2199,28 @@
return key;
}
function importKeyECDSA(
const SUPPORTED_EC_KEY_USAGES = {
"ECDSA": {
public: ["verify"],
private: ["sign"],
jwtUse: "sig",
},
"ECDH": {
public: [],
private: ["deriveKey", "deriveBits"],
jwtUse: "enc",
},
};
function importKeyEC(
format,
normalizedAlgorithm,
keyData,
extractable,
keyUsages,
) {
const supportedUsages = SUPPORTED_EC_KEY_USAGES[normalizedAlgorithm.name];
switch (format) {
case "raw": {
// 1.
@ -2221,7 +2240,7 @@
if (
ArrayPrototypeFind(
keyUsages,
(u) => !ArrayPrototypeIncludes(["verify"], u),
(u) => !ArrayPrototypeIncludes(supportedUsages.public, u),
) !== undefined
) {
throw new DOMException("Invalid key usages", "SyntaxError");
@ -2229,7 +2248,7 @@
// 3.
const { rawData } = core.opSync("op_crypto_import_key", {
algorithm: "ECDSA",
algorithm: normalizedAlgorithm.name,
namedCurve: normalizedAlgorithm.namedCurve,
}, { raw: keyData });
@ -2238,7 +2257,7 @@
// 4-5.
const algorithm = {
name: "ECDSA",
name: normalizedAlgorithm.name,
namedCurve: normalizedAlgorithm.namedCurve,
};
@ -2253,6 +2272,248 @@
return key;
}
case "pkcs8": {
// 1.
if (
ArrayPrototypeFind(
keyUsages,
(u) => !ArrayPrototypeIncludes(supportedUsages.private, u),
) !== undefined
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
// 2-9.
const { rawData } = core.opSync("op_crypto_import_key", {
algorithm: normalizedAlgorithm.name,
namedCurve: normalizedAlgorithm.namedCurve,
}, { pkcs8: keyData });
const handle = {};
WeakMapPrototypeSet(KEY_STORE, handle, rawData);
const algorithm = {
name: normalizedAlgorithm.name,
namedCurve: normalizedAlgorithm.namedCurve,
};
const key = constructKey(
"private",
extractable,
usageIntersection(keyUsages, recognisedUsages),
algorithm,
handle,
);
return key;
}
case "spki": {
// 1.
if (normalizedAlgorithm.name == "ECDSA") {
if (
ArrayPrototypeFind(
keyUsages,
(u) => !ArrayPrototypeIncludes(supportedUsages.public, u),
) !== undefined
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
} else if (keyUsages.length != 0) {
throw new DOMException("Key usage must be empty", "SyntaxError");
}
// 2-12
const { rawData } = core.opSync("op_crypto_import_key", {
algorithm: normalizedAlgorithm.name,
namedCurve: normalizedAlgorithm.namedCurve,
}, { spki: keyData });
const handle = {};
WeakMapPrototypeSet(KEY_STORE, handle, rawData);
const algorithm = {
name: normalizedAlgorithm.name,
namedCurve: normalizedAlgorithm.namedCurve,
};
// 6-8.
const key = constructKey(
"public",
extractable,
usageIntersection(keyUsages, recognisedUsages),
algorithm,
handle,
);
return key;
}
case "jwk": {
const jwk = keyData;
const keyType = (jwk.d !== undefined) ? "private" : "public";
// 2.
if (
ArrayPrototypeFind(
keyUsages,
(u) => !ArrayPrototypeIncludes(supportedUsages[keyType], u),
) !== undefined
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
// 3.
if (jwk.kty !== "EC") {
throw new DOMException(
"'kty' property of JsonWebKey must be 'EC'",
"DataError",
);
}
// 4.
if (
keyUsages.length > 0 && jwk.use !== undefined &&
jwk.use !== supportedUsages.jwkUse
) {
throw new DOMException(
`'use' property of JsonWebKey must be '${supportedUsages.jwkUse}'`,
"DataError",
);
}
// 5.
// Section 4.3 of RFC7517
if (jwk.key_ops !== undefined) {
if (
ArrayPrototypeFind(
jwk.key_ops,
(u) => !ArrayPrototypeIncludes(recognisedUsages, u),
) !== undefined
) {
throw new DOMException(
"'key_ops' member of JsonWebKey is invalid",
"DataError",
);
}
if (
!ArrayPrototypeEvery(
jwk.key_ops,
(u) => ArrayPrototypeIncludes(keyUsages, u),
)
) {
throw new DOMException(
"'key_ops' member of JsonWebKey is invalid",
"DataError",
);
}
}
// 6.
if (jwk.ext === false && extractable === true) {
throw new DOMException(
"'ext' property of JsonWebKey must not be false if extractable is true",
"DataError",
);
}
// 9.
if (jwk.alg !== undefined && normalizedAlgorithm.name == "ECDSA") {
let algNamedCurve;
switch (jwk.alg) {
case "ES256": {
algNamedCurve = "P-256";
break;
}
case "ES384": {
algNamedCurve = "P-384";
break;
}
case "ES512": {
algNamedCurve = "P-521";
break;
}
default:
throw new DOMException(
"Curve algorithm not supported",
"DataError",
);
}
if (algNamedCurve) {
if (algNamedCurve !== normalizedAlgorithm.namedCurve) {
throw new DOMException(
"Mismatched curve algorithm",
"DataError",
);
}
}
}
// Validate that this is a valid public key.
if (jwk.x === undefined) {
throw new DOMException(
"'x' property of JsonWebKey is required for EC keys",
"DataError",
);
}
if (jwk.y === undefined) {
throw new DOMException(
"'y' property of JsonWebKey is required for EC keys",
"DataError",
);
}
if (jwk.d !== undefined) {
// it's also a Private key
const { rawData } = core.opSync("op_crypto_import_key", {
algorithm: normalizedAlgorithm.name,
namedCurve: normalizedAlgorithm.namedCurve,
}, { jwkPrivateEc: jwk });
const handle = {};
WeakMapPrototypeSet(KEY_STORE, handle, rawData);
const algorithm = {
name: normalizedAlgorithm.name,
namedCurve: normalizedAlgorithm.namedCurve,
};
const key = constructKey(
"private",
extractable,
usageIntersection(keyUsages, recognisedUsages),
algorithm,
handle,
);
return key;
} else {
const { rawData } = core.opSync("op_crypto_import_key", {
algorithm: normalizedAlgorithm.name,
namedCurve: normalizedAlgorithm.namedCurve,
}, { jwkPublicEc: jwk });
const handle = {};
WeakMapPrototypeSet(KEY_STORE, handle, rawData);
const algorithm = {
name: normalizedAlgorithm.name,
namedCurve: normalizedAlgorithm.namedCurve,
};
const key = constructKey(
"public",
extractable,
usageIntersection(keyUsages, recognisedUsages),
algorithm,
handle,
);
return key;
}
}
default:
throw new DOMException("Not implemented", "NotSupportedError");
}

View file

@ -130,6 +130,18 @@
webidl.converters.EcKeyGenParams = webidl
.createDictionaryConverter("EcKeyGenParams", dictEcKeyGenParams);
const dictEcImportParams = [
...dictAlgorithm,
{
key: "namedCurve",
converter: webidl.converters.NamedCurve,
required: true,
},
];
webidl.converters.EcImportParams = webidl
.createDictionaryConverter("EcImportParams", dictEcImportParams);
const dictAesKeyGenParams = [
...dictAlgorithm,
{

View file

@ -19,7 +19,7 @@ base64 = "0.13.0"
block-modes = "0.8.1"
deno_core = { version = "0.110.0", path = "../../core" }
deno_web = { version = "0.59.0", path = "../web" }
elliptic-curve = "0.10.6"
elliptic-curve = { version = "0.10.6", features = ["std", "pem"] }
lazy_static = "1.4.0"
num-traits = "0.2.14"
p256 = { version = "0.9.0", features = ["ecdh"] }

View file

@ -87,6 +87,7 @@ fn generate_key_ec(named_curve: EcNamedCurve) -> Result<Vec<u8>, AnyError> {
let curve = match named_curve {
EcNamedCurve::P256 => &ring::signature::ECDSA_P256_SHA256_FIXED_SIGNING,
EcNamedCurve::P384 => &ring::signature::ECDSA_P384_SHA384_FIXED_SIGNING,
_ => return Err(not_supported_error("Unsupported named curve")),
};
let rng = ring::rand::SystemRandom::new();

View file

@ -1,10 +1,14 @@
use deno_core::error::AnyError;
use deno_core::OpState;
use deno_core::ZeroCopyBuf;
use elliptic_curve::pkcs8::der::Decodable as Pkcs8Decodable;
use elliptic_curve::pkcs8::PrivateKeyInfo;
use elliptic_curve::sec1::ToEncodedPoint;
use p256::pkcs8::FromPrivateKey;
use p256::pkcs8::ToPrivateKey;
use rsa::pkcs1::UIntBytes;
use serde::Deserialize;
use serde::Serialize;
use spki::der::Decodable;
use spki::der::Encodable;
use crate::shared::*;
@ -34,6 +38,15 @@ pub enum KeyData {
dq: String,
qi: String,
},
JwkPublicEc {
x: String,
y: String,
},
JwkPrivateEc {
x: String,
y: String,
d: String,
},
}
#[derive(Deserialize)]
@ -238,7 +251,7 @@ fn import_key_rsassa(
}
KeyData::Pkcs8(data) => {
// 2-3.
let pk_info = rsa::pkcs8::PrivateKeyInfo::from_der(&data)
let pk_info = PrivateKeyInfo::from_der(&data)
.map_err(|e| data_error(e.to_string()))?;
// 4-5.
@ -389,7 +402,7 @@ fn import_key_rsapss(
}
KeyData::Pkcs8(data) => {
// 2-3.
let pk_info = rsa::pkcs8::PrivateKeyInfo::from_der(&data)
let pk_info = PrivateKeyInfo::from_der(&data)
.map_err(|e| data_error(e.to_string()))?;
// 4-5.
@ -568,7 +581,7 @@ fn import_key_rsaoaep(
}
KeyData::Pkcs8(data) => {
// 2-3.
let pk_info = rsa::pkcs8::PrivateKeyInfo::from_der(&data)
let pk_info = PrivateKeyInfo::from_der(&data)
.map_err(|e| data_error(e.to_string()))?;
// 4-5.
@ -657,11 +670,137 @@ fn import_key_rsaoaep(
}
}
fn decode_b64url_to_field_bytes<C: elliptic_curve::Curve>(
b64: &str,
) -> Result<elliptic_curve::FieldBytes<C>, deno_core::anyhow::Error> {
jwt_b64_int_or_err!(val, b64, "invalid b64 coordinate");
let mut bytes = elliptic_curve::FieldBytes::<C>::default();
let val = val.as_bytes();
if val.len() != bytes.len() {
return Err(data_error("invalid b64 coordinate"));
}
bytes.copy_from_slice(val);
Ok(bytes)
}
fn import_key_ec_jwk_to_point(
x: String,
y: String,
named_curve: EcNamedCurve,
) -> Result<Vec<u8>, deno_core::anyhow::Error> {
let point_bytes = match named_curve {
EcNamedCurve::P256 => {
let x = decode_b64url_to_field_bytes::<p256::NistP256>(&x)?;
let y = decode_b64url_to_field_bytes::<p256::NistP256>(&y)?;
p256::EncodedPoint::from_affine_coordinates(&x, &y, false).to_bytes()
}
EcNamedCurve::P384 => {
let x = decode_b64url_to_field_bytes::<p384::NistP384>(&x)?;
let y = decode_b64url_to_field_bytes::<p384::NistP384>(&y)?;
p384::EncodedPoint::from_affine_coordinates(&x, &y, false).to_bytes()
}
_ => return Err(not_supported_error("Unsupported named curve")),
};
Ok(point_bytes.to_vec())
}
fn import_key_ec_jwk(
key_data: KeyData,
named_curve: EcNamedCurve,
) -> Result<ImportKeyResult, deno_core::anyhow::Error> {
match key_data {
KeyData::JwkPublicEc { x, y } => {
let point_bytes = import_key_ec_jwk_to_point(x, y, named_curve)?;
Ok(ImportKeyResult::Ec {
raw_data: RawKeyData::Public(point_bytes.to_vec().into()),
})
}
KeyData::JwkPrivateEc { d, x, y } => {
let point_bytes = import_key_ec_jwk_to_point(x, y, named_curve)?;
let secret_key_der = match named_curve {
EcNamedCurve::P256 => {
let d = decode_b64url_to_field_bytes::<p256::NistP256>(&d)?;
let secret_key = p256::SecretKey::from_bytes(&d)?;
ToPrivateKey::to_pkcs8_der(&secret_key).unwrap()
}
//@todo(sean) - build p384 secret key from jwk, when crate implements to_pkcs8_der
//Problem: p384 crate does not implement ProjectiveArithmetic
/*EcNamedCurve::P384 => {
let secret_key = p384::SecretKey::from_be_bytes(&d)?;
secret_key.to_pkcs8_der().unwrap()
}*/
_ => return Err(not_supported_error("Unsupported named curve")),
};
let oid =
<p256::NistP256 as p256::elliptic_curve::AlgorithmParameters>::OID;
let pki = p256::pkcs8::PrivateKeyInfo::new(
p256::pkcs8::AlgorithmIdentifier {
oid,
parameters: None,
},
secret_key_der.as_ref(),
);
let pki = p256::pkcs8::PrivateKeyInfo {
public_key: Some(&point_bytes),
..pki
};
Ok(ImportKeyResult::Ec {
raw_data: RawKeyData::Private(pki.private_key.to_vec().into()),
})
}
_ => unreachable!(),
}
}
pub struct ECParametersPkcs8 {
pub named_curve_alg: p256::pkcs8::der::asn1::ObjectIdentifier,
}
impl<'a> TryFrom<p256::pkcs8::der::asn1::Any<'a>> for ECParametersPkcs8 {
type Error = p256::pkcs8::der::Error;
fn try_from(
any: p256::pkcs8::der::asn1::Any<'a>,
) -> p256::pkcs8::der::Result<ECParametersPkcs8> {
let x = any.oid()?;
Ok(Self { named_curve_alg: x })
}
}
pub struct ECParametersSpki {
pub named_curve_alg: spki::der::asn1::ObjectIdentifier,
}
impl<'a> TryFrom<spki::der::asn1::Any<'a>> for ECParametersSpki {
type Error = spki::der::Error;
fn try_from(
any: spki::der::asn1::Any<'a>,
) -> spki::der::Result<ECParametersSpki> {
let x = any.oid()?;
Ok(Self { named_curve_alg: x })
}
}
fn import_key_ec(
key_data: KeyData,
named_curve: EcNamedCurve,
) -> Result<ImportKeyResult, AnyError> {
Ok(match key_data {
match key_data {
KeyData::Raw(data) => {
// The point is parsed and validated, ultimately the original data is
// returned though.
@ -684,14 +823,180 @@ fn import_key_ec(
return Err(data_error("invalid P-384 eliptic curve point"));
}
}
_ => return Err(not_supported_error("Unsupported named curve")),
};
ImportKeyResult::Ec {
Ok(ImportKeyResult::Ec {
raw_data: RawKeyData::Public(data),
}
}
_ => return Err(unsupported_format()),
})
}
KeyData::Pkcs8(data) => {
// 2-3.
let pk_info = PrivateKeyInfo::from_der(&data)
.map_err(|e| data_error(e.to_string()))?;
// 4-5.
let alg = pk_info.algorithm.oid;
// id-ecPublicKey
if alg != elliptic_curve::ALGORITHM_OID {
return Err(data_error("unsupported algorithm"));
}
// 5-7.
let params = ECParametersPkcs8::try_from(
pk_info
.algorithm
.parameters
.ok_or_else(|| data_error("malformed parameters"))?,
)
.map_err(|_| data_error("malformed parameters"))?;
// 8-9.
let pk_named_curve = match params.named_curve_alg {
// id-secp256r1
ID_SECP256R1_OID => Some(EcNamedCurve::P256),
// id-secp384r1
ID_SECP384R1_OID => Some(EcNamedCurve::P384),
// id-secp384r1
ID_SECP521R1_OID => Some(EcNamedCurve::P521),
_ => None,
};
// 10.
if let Some(pk_named_curve) = pk_named_curve {
match pk_named_curve {
EcNamedCurve::P256 => {
let secret_key =
p256::SecretKey::from_pkcs8_der(&data).map_err(|_| {
data_error("invalid P-256 elliptic curve PKCS8 data")
})?;
let point =
secret_key.public_key().as_affine().to_encoded_point(false);
// 12 - not sure if this is correct.
if point.is_identity() {
return Err(data_error("Invalid key data"));
}
}
//@todo(sean) Validate P384 secret-key on import(pkcs8)
//Problem: Nist384 Curve from p384 crate does not implement ProjectiveArithmetic
//so cannot extract PublicKey from SecretKey.
/*EcNamedCurve::P384 => {
let secret_key =
p384::SecretKey::from_pkcs8_der(&data).unwrap();
let point =
secret_key.public_key().as_affine().to_encoded_point(false);
// 3.
if point.is_identity() {
return Err(type_error("Invalid key data".to_string()));
}
}*/
_ => return Err(data_error("Unsupported named curve")),
}
// 11.
if named_curve != pk_named_curve {
return Err(data_error("curve mismatch"));
}
} else {
return Err(data_error("Unsupported named curve"));
}
Ok(ImportKeyResult::Ec {
raw_data: RawKeyData::Private(data),
})
}
KeyData::Spki(data) => {
// 2-3.
let pk_info = spki::SubjectPublicKeyInfo::from_der(&data)
.map_err(|e| data_error(e.to_string()))?;
// 4.
let alg = pk_info.algorithm.oid;
// id-ecPublicKey
if alg != elliptic_curve::ALGORITHM_OID {
return Err(data_error("unsupported algorithm"));
}
// 5-7.
let params = ECParametersSpki::try_from(
pk_info
.algorithm
.parameters
.ok_or_else(|| data_error("malformed parameters"))?,
)
.map_err(|_| data_error("malformed parameters"))?;
// 8-9.
let named_curve_alg = params.named_curve_alg;
let pk_named_curve = match named_curve_alg {
// id-secp256r1
ID_SECP256R1_OID => Some(EcNamedCurve::P256),
// id-secp384r1
ID_SECP384R1_OID => Some(EcNamedCurve::P384),
// id-secp521r1
ID_SECP521R1_OID => Some(EcNamedCurve::P521),
_ => None,
};
// 10.
let encoded_key;
if let Some(pk_named_curve) = pk_named_curve {
let pk = pk_info.subject_public_key;
encoded_key = pk.to_vec();
let bytes_consumed = match named_curve {
EcNamedCurve::P256 => {
let point =
p256::EncodedPoint::from_bytes(&*encoded_key).map_err(|_| {
data_error("invalid P-256 eliptic curve SPKI data")
})?;
if point.is_identity() {
return Err(data_error("invalid P-256 eliptic curve point"));
}
point.as_bytes().len()
}
EcNamedCurve::P384 => {
let point =
p384::EncodedPoint::from_bytes(&*encoded_key).map_err(|_| {
data_error("invalid P-384 eliptic curve SPKI data")
})?;
if point.is_identity() {
return Err(data_error("invalid P-384 eliptic curve point"));
}
point.as_bytes().len()
}
_ => return Err(not_supported_error("Unsupported named curve")),
};
if bytes_consumed != pk_info.subject_public_key.len() {
return Err(data_error("public key is invalid (too long)"));
}
// 11.
if named_curve != pk_named_curve {
return Err(data_error("curve mismatch"));
}
} else {
return Err(data_error("Unsupported named curve"));
}
Ok(ImportKeyResult::Ec {
raw_data: RawKeyData::Public(encoded_key.to_vec().into()),
})
}
KeyData::JwkPublicEc { .. } | KeyData::JwkPrivateEc { .. } => {
import_key_ec_jwk(key_data, named_curve)
}
_ => Err(unsupported_format()),
}
}
fn import_key_aes(key_data: KeyData) -> Result<ImportKeyResult, AnyError> {
Ok(match key_data {

View file

@ -71,6 +71,10 @@ interface EcKeyGenParams extends Algorithm {
namedCurve: NamedCurve;
}
interface EcImportParams extends Algorithm {
namedCurve: NamedCurve;
}
interface EcdsaParams extends Algorithm {
hash: HashAlgorithmIdentifier;
}
@ -195,14 +199,22 @@ interface SubtleCrypto {
importKey(
format: "jwk",
keyData: JsonWebKey,
algorithm: AlgorithmIdentifier | HmacImportParams | RsaHashedImportParams,
algorithm:
| AlgorithmIdentifier
| HmacImportParams
| RsaHashedImportParams
| EcImportParams,
extractable: boolean,
keyUsages: KeyUsage[],
): Promise<CryptoKey>;
importKey(
format: Exclude<KeyFormat, "jwk">,
keyData: BufferSource,
algorithm: AlgorithmIdentifier | HmacImportParams | RsaHashedImportParams,
algorithm:
| AlgorithmIdentifier
| HmacImportParams
| RsaHashedImportParams
| EcImportParams,
extractable: boolean,
keyUsages: KeyUsage[],
): Promise<CryptoKey>;

View file

@ -19,6 +19,8 @@ use std::rc::Rc;
use block_modes::BlockMode;
use lazy_static::lazy_static;
use num_traits::cast::FromPrimitive;
use p256::elliptic_curve::sec1::FromEncodedPoint;
use p256::pkcs8::FromPrivateKey;
use rand::rngs::OsRng;
use rand::rngs::StdRng;
use rand::thread_rng;
@ -40,7 +42,6 @@ use rsa::pkcs1::der::Encodable;
use rsa::pkcs1::FromRsaPrivateKey;
use rsa::pkcs1::FromRsaPublicKey;
use rsa::pkcs8::der::asn1;
use rsa::pkcs8::FromPrivateKey;
use rsa::BigUint;
use rsa::PublicKey;
use rsa::RsaPrivateKey;
@ -443,8 +444,18 @@ pub async fn op_crypto_verify_key(
let verify_alg: &EcdsaVerificationAlgorithm =
args.named_curve.ok_or_else(not_supported)?.try_into()?;
let private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &*args.key.data)?;
let public_key_bytes = private_key.public_key().as_ref();
let private_key;
let public_key_bytes = match args.key.r#type {
KeyType::Private => {
private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &*args.key.data)?;
private_key.public_key().as_ref()
}
KeyType::Public => &*args.key.data,
_ => return Err(type_error("Invalid Key format".to_string())),
};
let public_key =
ring::signature::UnparsedPublicKey::new(verify_alg, public_key_bytes);
@ -507,13 +518,40 @@ pub async fn op_crypto_derive_bits(
let public_key = args
.public_key
.ok_or_else(|| type_error("Missing argument publicKey".to_string()))?;
.ok_or_else(|| type_error("Missing argument publicKey"))?;
match named_curve {
CryptoNamedCurve::P256 => {
let secret_key = p256::SecretKey::from_pkcs8_der(&args.key.data)?;
let public_key =
p256::SecretKey::from_pkcs8_der(&public_key.data)?.public_key();
let secret_key = p256::SecretKey::from_pkcs8_der(&args.key.data)
.map_err(|_| type_error("Unexpected error decoding private key"))?;
let public_key = match public_key.r#type {
KeyType::Private => {
p256::SecretKey::from_pkcs8_der(&public_key.data)
.map_err(|_| {
type_error("Unexpected error decoding private key")
})?
.public_key()
}
KeyType::Public => {
let point = p256::EncodedPoint::from_bytes(public_key.data)
.map_err(|_| {
type_error("Unexpected error decoding private key")
})?;
let pk: Option<p256::PublicKey> =
p256::PublicKey::from_encoded_point(&point);
if let Some(pk) = pk {
pk
} else {
return Err(type_error(
"Unexpected error decoding private key",
));
}
}
_ => unreachable!(),
};
let shared_secret = p256::elliptic_curve::ecdh::diffie_hellman(
secret_key.to_secret_scalar(),

View file

@ -37,6 +37,13 @@ pub const RSAES_OAEP_OID: rsa::pkcs8::ObjectIdentifier =
pub const ID_P_SPECIFIED: rsa::pkcs8::ObjectIdentifier =
rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.9");
pub const ID_SECP256R1_OID: rsa::pkcs8::ObjectIdentifier =
rsa::pkcs8::ObjectIdentifier::new("1.2.840.10045.3.1.7");
pub const ID_SECP384R1_OID: rsa::pkcs8::ObjectIdentifier =
rsa::pkcs8::ObjectIdentifier::new("1.3.132.0.34");
pub const ID_SECP521R1_OID: rsa::pkcs8::ObjectIdentifier =
rsa::pkcs8::ObjectIdentifier::new("1.3.132.0.35");
#[derive(Serialize, Deserialize, Copy, Clone, PartialEq)]
pub enum ShaHash {
#[serde(rename = "SHA-1")]
@ -55,6 +62,8 @@ pub enum EcNamedCurve {
P256,
#[serde(rename = "P-384")]
P384,
#[serde(rename = "P-521")]
P521,
}
#[derive(Serialize, Deserialize)]

View file

@ -3939,8 +3939,122 @@
"WorkerGlobalScope interface: attribute crypto"
],
"import_export": {
"ec_importKey.https.any.html": false,
"ec_importKey.https.any.worker.html": false,
"ec_importKey.https.any.html": [
"Good parameters: P-256 bits (spki, buffer(91), {name: ECDSA, namedCurve: P-256}, true, [])",
"Good parameters: P-256 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-256}, true, [])",
"Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDSA, namedCurve: P-256}, true, [sign])",
"Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-256}, true, [sign])",
"Good parameters: P-384 bits (spki, buffer(120), {name: ECDSA, namedCurve: P-384}, true, [])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-384}, true, [])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, true, [sign])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-384}, true, [sign])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, false, [sign])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-384}, false, [sign])",
"Good parameters: P-521 bits (spki, buffer(158), {name: ECDSA, namedCurve: P-521}, true, [])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-521}, true, [])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDSA, namedCurve: P-521}, true, [sign])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, true, [sign])",
"Good parameters: P-521 bits (spki, buffer(158), {name: ECDSA, namedCurve: P-521}, false, [])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-521}, false, [])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDSA, namedCurve: P-521}, false, [sign])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, false, [sign])",
"Good parameters: P-256 bits (spki, buffer(91), {name: ECDH, namedCurve: P-256}, true, [])",
"Good parameters: P-256 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-256}, true, [])",
"Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveKey])",
"Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [deriveKey])",
"Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey])",
"Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey])",
"Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveBits])",
"Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [deriveBits])",
"Good parameters: P-384 bits (spki, buffer(120), {name: ECDH, namedCurve: P-384}, true, [])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-384}, true, [])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveKey])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveKey])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveKey])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveKey])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits])",
"Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, true, [])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-521}, true, [])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveKey])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, true, [deriveKey])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveBits])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, true, [deriveBits])",
"Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, false, [])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-521}, false, [])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveKey])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveKey])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveBits, deriveKey])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveBits, deriveKey])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveBits])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveBits])"
],
"ec_importKey.https.any.worker.html": [
"Good parameters: P-256 bits (spki, buffer(91), {name: ECDSA, namedCurve: P-256}, true, [])",
"Good parameters: P-256 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-256}, true, [])",
"Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDSA, namedCurve: P-256}, true, [sign])",
"Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-256}, true, [sign])",
"Good parameters: P-384 bits (spki, buffer(120), {name: ECDSA, namedCurve: P-384}, true, [])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-384}, true, [])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, true, [sign])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-384}, true, [sign])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, false, [sign])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-384}, false, [sign])",
"Good parameters: P-521 bits (spki, buffer(158), {name: ECDSA, namedCurve: P-521}, true, [])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-521}, true, [])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDSA, namedCurve: P-521}, true, [sign])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, true, [sign])",
"Good parameters: P-521 bits (spki, buffer(158), {name: ECDSA, namedCurve: P-521}, false, [])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-521}, false, [])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDSA, namedCurve: P-521}, false, [sign])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, false, [sign])",
"Good parameters: P-256 bits (spki, buffer(91), {name: ECDH, namedCurve: P-256}, true, [])",
"Good parameters: P-256 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-256}, true, [])",
"Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveKey])",
"Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [deriveKey])",
"Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey])",
"Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey])",
"Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveBits])",
"Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [deriveBits])",
"Good parameters: P-384 bits (spki, buffer(120), {name: ECDH, namedCurve: P-384}, true, [])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-384}, true, [])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveKey])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveKey])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveKey])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveKey])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits])",
"Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, true, [])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-521}, true, [])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveKey])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, true, [deriveKey])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveBits])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, true, [deriveBits])",
"Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, false, [])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-521}, false, [])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveKey])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveKey])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveBits, deriveKey])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveBits, deriveKey])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveBits])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveBits])"
],
"rsa_importKey.https.any.html": true,
"rsa_importKey.https.any.worker.html": true,
"symmetric_importKey.https.any.html": true,
@ -3950,10 +4064,9 @@
"randomUUID.https.any.worker.html": true,
"sign_verify": {
"ecdsa.https.any.html": [
"importVectorKeys step: ECDSA P-256 with SHA-1 verification",
"importVectorKeys step: ECDSA P-256 with SHA-256 verification",
"importVectorKeys step: ECDSA P-256 with SHA-384 verification",
"importVectorKeys step: ECDSA P-256 with SHA-512 verification",
"ECDSA P-256 with SHA-1 verification",
"ECDSA P-256 with SHA-384 verification",
"ECDSA P-256 with SHA-512 verification",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification",
@ -3962,10 +4075,9 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 verification",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification",
"importVectorKeys step: ECDSA P-256 with SHA-1 verification with altered signature after call",
"importVectorKeys step: ECDSA P-256 with SHA-256 verification with altered signature after call",
"importVectorKeys step: ECDSA P-256 with SHA-384 verification with altered signature after call",
"importVectorKeys step: ECDSA P-256 with SHA-512 verification with altered signature after call",
"ECDSA P-256 with SHA-1 verification with altered signature after call",
"ECDSA P-256 with SHA-384 verification with altered signature after call",
"ECDSA P-256 with SHA-512 verification with altered signature after call",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification with altered signature after call",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification with altered signature after call",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification with altered signature after call",
@ -3974,10 +4086,9 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 verification with altered signature after call",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification with altered signature after call",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification with altered signature after call",
"importVectorKeys step: ECDSA P-256 with SHA-1 with altered plaintext after call",
"importVectorKeys step: ECDSA P-256 with SHA-256 with altered plaintext after call",
"importVectorKeys step: ECDSA P-256 with SHA-384 with altered plaintext after call",
"importVectorKeys step: ECDSA P-256 with SHA-512 with altered plaintext after call",
"ECDSA P-256 with SHA-1 with altered plaintext after call",
"ECDSA P-256 with SHA-384 with altered plaintext after call",
"ECDSA P-256 with SHA-512 with altered plaintext after call",
"importVectorKeys step: ECDSA P-384 with SHA-1 with altered plaintext after call",
"importVectorKeys step: ECDSA P-384 with SHA-256 with altered plaintext after call",
"importVectorKeys step: ECDSA P-384 with SHA-384 with altered plaintext after call",
@ -3986,10 +4097,6 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 with altered plaintext after call",
"importVectorKeys step: ECDSA P-521 with SHA-384 with altered plaintext after call",
"importVectorKeys step: ECDSA P-521 with SHA-512 with altered plaintext after call",
"importVectorKeys step: ECDSA P-256 with SHA-1 using privateKey to verify",
"importVectorKeys step: ECDSA P-256 with SHA-256 using privateKey to verify",
"importVectorKeys step: ECDSA P-256 with SHA-384 using privateKey to verify",
"importVectorKeys step: ECDSA P-256 with SHA-512 using privateKey to verify",
"importVectorKeys step: ECDSA P-384 with SHA-1 using privateKey to verify",
"importVectorKeys step: ECDSA P-384 with SHA-256 using privateKey to verify",
"importVectorKeys step: ECDSA P-384 with SHA-384 using privateKey to verify",
@ -3998,10 +4105,6 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 using privateKey to verify",
"importVectorKeys step: ECDSA P-521 with SHA-384 using privateKey to verify",
"importVectorKeys step: ECDSA P-521 with SHA-512 using privateKey to verify",
"importVectorKeys step: ECDSA P-256 with SHA-1 using publicKey to sign",
"importVectorKeys step: ECDSA P-256 with SHA-256 using publicKey to sign",
"importVectorKeys step: ECDSA P-256 with SHA-384 using publicKey to sign",
"importVectorKeys step: ECDSA P-256 with SHA-512 using publicKey to sign",
"importVectorKeys step: ECDSA P-384 with SHA-1 using publicKey to sign",
"importVectorKeys step: ECDSA P-384 with SHA-256 using publicKey to sign",
"importVectorKeys step: ECDSA P-384 with SHA-384 using publicKey to sign",
@ -4010,10 +4113,6 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 using publicKey to sign",
"importVectorKeys step: ECDSA P-521 with SHA-384 using publicKey to sign",
"importVectorKeys step: ECDSA P-521 with SHA-512 using publicKey to sign",
"importVectorKeys step: ECDSA P-256 with SHA-1 no verify usage",
"importVectorKeys step: ECDSA P-256 with SHA-256 no verify usage",
"importVectorKeys step: ECDSA P-256 with SHA-384 no verify usage",
"importVectorKeys step: ECDSA P-256 with SHA-512 no verify usage",
"importVectorKeys step: ECDSA P-384 with SHA-1 no verify usage",
"importVectorKeys step: ECDSA P-384 with SHA-256 no verify usage",
"importVectorKeys step: ECDSA P-384 with SHA-384 no verify usage",
@ -4022,10 +4121,8 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 no verify usage",
"importVectorKeys step: ECDSA P-521 with SHA-384 no verify usage",
"importVectorKeys step: ECDSA P-521 with SHA-512 no verify usage",
"importVectorKeys step: ECDSA P-256 with SHA-1 round trip",
"importVectorKeys step: ECDSA P-256 with SHA-256 round trip",
"importVectorKeys step: ECDSA P-256 with SHA-384 round trip",
"importVectorKeys step: ECDSA P-256 with SHA-512 round trip",
"ECDSA P-256 with SHA-1 round trip",
"ECDSA P-256 with SHA-512 round trip",
"importVectorKeys step: ECDSA P-384 with SHA-1 round trip",
"importVectorKeys step: ECDSA P-384 with SHA-256 round trip",
"importVectorKeys step: ECDSA P-384 with SHA-384 round trip",
@ -4034,10 +4131,6 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 round trip",
"importVectorKeys step: ECDSA P-521 with SHA-384 round trip",
"importVectorKeys step: ECDSA P-521 with SHA-512 round trip",
"importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to altered signature",
@ -4046,10 +4139,7 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to wrong hash",
"ECDSA P-256 with SHA-256 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to wrong hash",
@ -4058,10 +4148,6 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to bad hash name",
@ -4070,10 +4156,6 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to shortened signature",
@ -4082,10 +4164,6 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to altered plaintext",
@ -4094,10 +4172,6 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-256 with SHA-1 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-256 with SHA-256 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-256 with SHA-384 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-256 with SHA-512 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-1 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-256 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-384 signing with wrong algorithm name",
@ -4106,10 +4180,6 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-521 with SHA-384 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-521 with SHA-512 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-256 with SHA-1 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-256 with SHA-256 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-256 with SHA-384 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-256 with SHA-512 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-1 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-256 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-384 verifying with wrong algorithm name",
@ -4120,10 +4190,9 @@
"importVectorKeys step: ECDSA P-521 with SHA-512 verifying with wrong algorithm name"
],
"ecdsa.https.any.worker.html": [
"importVectorKeys step: ECDSA P-256 with SHA-1 verification",
"importVectorKeys step: ECDSA P-256 with SHA-256 verification",
"importVectorKeys step: ECDSA P-256 with SHA-384 verification",
"importVectorKeys step: ECDSA P-256 with SHA-512 verification",
"ECDSA P-256 with SHA-1 verification",
"ECDSA P-256 with SHA-384 verification",
"ECDSA P-256 with SHA-512 verification",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification",
@ -4132,10 +4201,9 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 verification",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification",
"importVectorKeys step: ECDSA P-256 with SHA-1 verification with altered signature after call",
"importVectorKeys step: ECDSA P-256 with SHA-256 verification with altered signature after call",
"importVectorKeys step: ECDSA P-256 with SHA-384 verification with altered signature after call",
"importVectorKeys step: ECDSA P-256 with SHA-512 verification with altered signature after call",
"ECDSA P-256 with SHA-1 verification with altered signature after call",
"ECDSA P-256 with SHA-384 verification with altered signature after call",
"ECDSA P-256 with SHA-512 verification with altered signature after call",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification with altered signature after call",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification with altered signature after call",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification with altered signature after call",
@ -4144,10 +4212,9 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 verification with altered signature after call",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification with altered signature after call",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification with altered signature after call",
"importVectorKeys step: ECDSA P-256 with SHA-1 with altered plaintext after call",
"importVectorKeys step: ECDSA P-256 with SHA-256 with altered plaintext after call",
"importVectorKeys step: ECDSA P-256 with SHA-384 with altered plaintext after call",
"importVectorKeys step: ECDSA P-256 with SHA-512 with altered plaintext after call",
"ECDSA P-256 with SHA-1 with altered plaintext after call",
"ECDSA P-256 with SHA-384 with altered plaintext after call",
"ECDSA P-256 with SHA-512 with altered plaintext after call",
"importVectorKeys step: ECDSA P-384 with SHA-1 with altered plaintext after call",
"importVectorKeys step: ECDSA P-384 with SHA-256 with altered plaintext after call",
"importVectorKeys step: ECDSA P-384 with SHA-384 with altered plaintext after call",
@ -4156,10 +4223,6 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 with altered plaintext after call",
"importVectorKeys step: ECDSA P-521 with SHA-384 with altered plaintext after call",
"importVectorKeys step: ECDSA P-521 with SHA-512 with altered plaintext after call",
"importVectorKeys step: ECDSA P-256 with SHA-1 using privateKey to verify",
"importVectorKeys step: ECDSA P-256 with SHA-256 using privateKey to verify",
"importVectorKeys step: ECDSA P-256 with SHA-384 using privateKey to verify",
"importVectorKeys step: ECDSA P-256 with SHA-512 using privateKey to verify",
"importVectorKeys step: ECDSA P-384 with SHA-1 using privateKey to verify",
"importVectorKeys step: ECDSA P-384 with SHA-256 using privateKey to verify",
"importVectorKeys step: ECDSA P-384 with SHA-384 using privateKey to verify",
@ -4168,10 +4231,6 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 using privateKey to verify",
"importVectorKeys step: ECDSA P-521 with SHA-384 using privateKey to verify",
"importVectorKeys step: ECDSA P-521 with SHA-512 using privateKey to verify",
"importVectorKeys step: ECDSA P-256 with SHA-1 using publicKey to sign",
"importVectorKeys step: ECDSA P-256 with SHA-256 using publicKey to sign",
"importVectorKeys step: ECDSA P-256 with SHA-384 using publicKey to sign",
"importVectorKeys step: ECDSA P-256 with SHA-512 using publicKey to sign",
"importVectorKeys step: ECDSA P-384 with SHA-1 using publicKey to sign",
"importVectorKeys step: ECDSA P-384 with SHA-256 using publicKey to sign",
"importVectorKeys step: ECDSA P-384 with SHA-384 using publicKey to sign",
@ -4180,10 +4239,6 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 using publicKey to sign",
"importVectorKeys step: ECDSA P-521 with SHA-384 using publicKey to sign",
"importVectorKeys step: ECDSA P-521 with SHA-512 using publicKey to sign",
"importVectorKeys step: ECDSA P-256 with SHA-1 no verify usage",
"importVectorKeys step: ECDSA P-256 with SHA-256 no verify usage",
"importVectorKeys step: ECDSA P-256 with SHA-384 no verify usage",
"importVectorKeys step: ECDSA P-256 with SHA-512 no verify usage",
"importVectorKeys step: ECDSA P-384 with SHA-1 no verify usage",
"importVectorKeys step: ECDSA P-384 with SHA-256 no verify usage",
"importVectorKeys step: ECDSA P-384 with SHA-384 no verify usage",
@ -4192,10 +4247,8 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 no verify usage",
"importVectorKeys step: ECDSA P-521 with SHA-384 no verify usage",
"importVectorKeys step: ECDSA P-521 with SHA-512 no verify usage",
"importVectorKeys step: ECDSA P-256 with SHA-1 round trip",
"importVectorKeys step: ECDSA P-256 with SHA-256 round trip",
"importVectorKeys step: ECDSA P-256 with SHA-384 round trip",
"importVectorKeys step: ECDSA P-256 with SHA-512 round trip",
"ECDSA P-256 with SHA-1 round trip",
"ECDSA P-256 with SHA-512 round trip",
"importVectorKeys step: ECDSA P-384 with SHA-1 round trip",
"importVectorKeys step: ECDSA P-384 with SHA-256 round trip",
"importVectorKeys step: ECDSA P-384 with SHA-384 round trip",
@ -4204,10 +4257,6 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 round trip",
"importVectorKeys step: ECDSA P-521 with SHA-384 round trip",
"importVectorKeys step: ECDSA P-521 with SHA-512 round trip",
"importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to altered signature",
@ -4216,10 +4265,7 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to wrong hash",
"ECDSA P-256 with SHA-256 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to wrong hash",
@ -4228,10 +4274,6 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to bad hash name",
@ -4240,10 +4282,6 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to shortened signature",
@ -4252,10 +4290,6 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-256 with SHA-1 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-256 with SHA-256 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-256 with SHA-384 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-256 with SHA-512 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to altered plaintext",
@ -4264,10 +4298,6 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-256 with SHA-1 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-256 with SHA-256 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-256 with SHA-384 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-256 with SHA-512 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-1 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-256 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-384 signing with wrong algorithm name",
@ -4276,10 +4306,6 @@
"importVectorKeys step: ECDSA P-521 with SHA-256 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-521 with SHA-384 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-521 with SHA-512 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-256 with SHA-1 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-256 with SHA-256 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-256 with SHA-384 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-256 with SHA-512 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-1 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-256 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-384 verifying with wrong algorithm name",