foster/denoland-deno
1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-12 00:54:02 -05:00
Code Issues Packages 1 Wiki Activity

feat(ext/crypto): AES-GCM support for 128bit IVs (#13805)

Browse source
This commit is contained in:
Divy Srivastava 2022-03-02 10:56:10 +05:30 committed by GitHub
parent b751e97a01
commit 8b2989c417
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 225 additions and 186 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
cli/tests/unit/webcrypto_test.ts
View file

@ -1438,8 +1438,54 @@ Deno.test(async function testAesGcmEncrypt() {
["encrypt", "decrypt"], ["encrypt", "decrypt"],
); );
// deno-fmt-ignore const nonces = [{
const iv = new Uint8Array([0,1,2,3,4,5,6,7,8,9,10,11]); iv: new Uint8Array([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11]),
ciphertext: new Uint8Array([
50,
223,
112,
178,
166,
156,
255,
110,
125,
138,
95,
141,
82,
47,
14,
164,
134,
247,
22,
]),
}, {
iv: new Uint8Array([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]),
ciphertext: new Uint8Array([
210,
101,
81,
216,
151,
9,
192,
197,
62,
254,
28,
132,
89,
106,
40,
29,
175,
232,
201,
]),
}];
for (const { iv, ciphertext: fixture } of nonces) {
const data = new Uint8Array([1, 2, 3]); const data = new Uint8Array([1, 2, 3]);
const cipherText = await crypto.subtle.encrypt( const cipherText = await crypto.subtle.encrypt(
@ -1452,8 +1498,7 @@ Deno.test(async function testAesGcmEncrypt() {
assertEquals(cipherText.byteLength, 19); assertEquals(cipherText.byteLength, 19);
assertEquals( assertEquals(
new Uint8Array(cipherText), new Uint8Array(cipherText),
// deno-fmt-ignore fixture,
new Uint8Array([50,223,112,178,166,156,255,110,125,138,95,141,82,47,14,164,134,247,22]),
); );
const plainText = await crypto.subtle.decrypt( const plainText = await crypto.subtle.decrypt(
@ -1464,6 +1509,7 @@ Deno.test(async function testAesGcmEncrypt() {
assert(plainText instanceof ArrayBuffer); assert(plainText instanceof ArrayBuffer);
assertEquals(plainText.byteLength, 3); assertEquals(plainText.byteLength, 3);
assertEquals(new Uint8Array(plainText), data); assertEquals(new Uint8Array(plainText), data);
}
}); });
async function roundTripSecretJwk( async function roundTripSecretJwk(

18
ext/crypto/00_crypto.js
View file

@ -664,8 +664,13 @@
); );
} }
// 3. We only support 96-bit nonce for now. // 3. We only support 96-bit and 128-bit nonce.
if (normalizedAlgorithm.iv.byteLength !== 12) { if (
ArrayPrototypeIncludes(
[12, 16],
normalizedAlgorithm.iv.byteLength,
) === undefined
) {
throw new DOMException( throw new DOMException(
"Initialization vector length not supported", "Initialization vector length not supported",
"NotSupportedError", "NotSupportedError",
@ -3782,8 +3787,13 @@
} }
// 2. // 2.
// We only support 96-bit nonce for now. // We only support 96-bit and 128-bit nonce.
if (normalizedAlgorithm.iv.byteLength !== 12) { if (
ArrayPrototypeIncludes(
[12, 16],
normalizedAlgorithm.iv.byteLength,
) === undefined
) {
throw new DOMException( throw new DOMException(
"Initialization vector length not supported", "Initialization vector length not supported",
"NotSupportedError", "NotSupportedError",

92
ext/crypto/decrypt.rs
View file

@ -2,14 +2,15 @@ use std::cell::RefCell;
use std::rc::Rc; use std::rc::Rc;
use crate::shared::*; use crate::shared::*;
use aes::cipher::generic_array::GenericArray;
use aes::Aes192;
use aes::BlockEncrypt; use aes::BlockEncrypt;
use aes::NewBlockCipher; use aes::NewBlockCipher;
use aes_gcm::AeadCore; use aes_gcm::aead::generic_array::typenum::U12;
use aes_gcm::aead::generic_array::typenum::U16;
use aes_gcm::aead::generic_array::ArrayLength;
use aes_gcm::aes::Aes128;
use aes_gcm::aes::Aes192;
use aes_gcm::aes::Aes256;
use aes_gcm::AeadInPlace; use aes_gcm::AeadInPlace;
use aes_gcm::Aes128Gcm;
use aes_gcm::Aes256Gcm;
use aes_gcm::NewAead; use aes_gcm::NewAead;
use aes_gcm::Nonce; use aes_gcm::Nonce;
use block_modes::BlockMode; use block_modes::BlockMode;
@ -25,7 +26,6 @@ use deno_core::error::type_error;
use deno_core::error::AnyError; use deno_core::error::AnyError;
use deno_core::OpState; use deno_core::OpState;
use deno_core::ZeroCopyBuf; use deno_core::ZeroCopyBuf;
use elliptic_curve::consts::U12;
use rsa::pkcs1::FromRsaPrivateKey; use rsa::pkcs1::FromRsaPrivateKey;
use rsa::PaddingScheme; use rsa::PaddingScheme;
use serde::Deserialize; use serde::Deserialize;
@ -76,8 +76,6 @@ pub enum DecryptAlgorithm {
}, },
} }
type Aes192Gcm = aes_gcm::AesGcm<Aes192, U12>;
pub async fn op_crypto_decrypt( pub async fn op_crypto_decrypt(
_state: Rc<RefCell<OpState>>, _state: Rc<RefCell<OpState>>,
opts: DecryptOptions, opts: DecryptOptions,
@ -221,18 +219,19 @@ where
Ok(plaintext) Ok(plaintext)
} }
fn decrypt_aes_gcm_gen<B>( fn decrypt_aes_gcm_gen<N: ArrayLength<u8>>(
key: &[u8], key: &[u8],
tag: &GenericArray<u8, <B as AeadCore>::TagSize>, tag: &aes_gcm::Tag,
nonce: &GenericArray<u8, <B as AeadCore>::NonceSize>, nonce: &[u8],
length: usize,
additional_data: Vec<u8>, additional_data: Vec<u8>,
plaintext: &mut [u8], plaintext: &mut [u8],
) -> Result<(), AnyError> ) -> Result<(), AnyError> {
where let nonce = Nonce::from_slice(nonce);
B: AeadInPlace + NewAead, match length {
{ 128 => {
let cipher = let cipher = aes_gcm::AesGcm::<Aes128, N>::new_from_slice(key)
B::new_from_slice(key).map_err(|_| operation_error("Decryption failed"))?; .map_err(|_| operation_error("Decryption failed"))?;
cipher cipher
.decrypt_in_place_detached( .decrypt_in_place_detached(
nonce, nonce,
@ -240,7 +239,34 @@ where
plaintext, plaintext,
tag, tag,
) )
.map_err(|_| operation_error("Decryption failed"))?
}
192 => {
let cipher = aes_gcm::AesGcm::<Aes192, N>::new_from_slice(key)
.map_err(|_| operation_error("Decryption failed"))?; .map_err(|_| operation_error("Decryption failed"))?;
cipher
.decrypt_in_place_detached(
nonce,
additional_data.as_slice(),
plaintext,
tag,
)
.map_err(|_| operation_error("Decryption failed"))?
}
256 => {
let cipher = aes_gcm::AesGcm::<Aes256, N>::new_from_slice(key)
.map_err(|_| operation_error("Decryption failed"))?;
cipher
.decrypt_in_place_detached(
nonce,
additional_data.as_slice(),
plaintext,
tag,
)
.map_err(|_| operation_error("Decryption failed"))?
}
_ => return Err(type_error("invalid length")),
};
Ok(()) Ok(())
} }
@ -290,11 +316,6 @@ fn decrypt_aes_gcm(
let key = key.as_secret_key()?; let key = key.as_secret_key()?;
let additional_data = additional_data.unwrap_or_default(); let additional_data = additional_data.unwrap_or_default();
// Fixed 96-bit nonce
if iv.len() != 12 {
return Err(type_error("iv length not equal to 12"));
}
// The `aes_gcm` crate only supports 128 bits tag length. // The `aes_gcm` crate only supports 128 bits tag length.
// //
// Note that encryption won't fail, it instead truncates the tag // Note that encryption won't fail, it instead truncates the tag
@ -303,37 +324,32 @@ fn decrypt_aes_gcm(
return Err(type_error("tag length not equal to 128")); return Err(type_error("tag length not equal to 128"));
} }
let nonce = Nonce::from_slice(&iv);
let sep = data.len() - (tag_length / 8); let sep = data.len() - (tag_length / 8);
let tag = &data[sep..]; let tag = &data[sep..];
// The actual ciphertext, called plaintext because it is reused in place. // The actual ciphertext, called plaintext because it is reused in place.
let mut plaintext = data[..sep].to_vec(); let mut plaintext = data[..sep].to_vec();
match length {
128 => decrypt_aes_gcm_gen::<Aes128Gcm>( // Fixed 96-bit or 128-bit nonce
match iv.len() {
12 => decrypt_aes_gcm_gen::<U12>(
key, key,
tag.into(), tag.into(),
nonce, &iv,
length,
additional_data, additional_data,
&mut plaintext, &mut plaintext,
)?, )?,
192 => decrypt_aes_gcm_gen::<Aes192Gcm>( 16 => decrypt_aes_gcm_gen::<U16>(
key, key,
tag.into(), tag.into(),
nonce, &iv,
length,
additional_data, additional_data,
&mut plaintext, &mut plaintext,
)?, )?,
256 => decrypt_aes_gcm_gen::<Aes256Gcm>( _ => return Err(type_error("iv length not equal to 12 or 16")),
key, }
tag.into(),
nonce,
additional_data,
&mut plaintext,
)?,
_ => return Err(type_error("invalid length")),
};
Ok(plaintext) Ok(plaintext)
} }

91
ext/crypto/encrypt.rs
View file

@ -7,10 +7,12 @@ use aes::cipher::NewCipher;
use aes::BlockEncrypt; use aes::BlockEncrypt;
use aes::NewBlockCipher; use aes::NewBlockCipher;
use aes_gcm::aead::generic_array::typenum::U12; use aes_gcm::aead::generic_array::typenum::U12;
use aes_gcm::aead::generic_array::typenum::U16;
use aes_gcm::aead::generic_array::ArrayLength;
use aes_gcm::aes::Aes128;
use aes_gcm::aes::Aes192; use aes_gcm::aes::Aes192;
use aes_gcm::aes::Aes256;
use aes_gcm::AeadInPlace; use aes_gcm::AeadInPlace;
use aes_gcm::Aes128Gcm;
use aes_gcm::Aes256Gcm;
use aes_gcm::NewAead; use aes_gcm::NewAead;
use aes_gcm::Nonce; use aes_gcm::Nonce;
use ctr::Ctr; use ctr::Ctr;
@ -183,6 +185,42 @@ fn encrypt_aes_cbc(
Ok(ciphertext) Ok(ciphertext)
} }
fn encrypt_aes_gcm_general<N: ArrayLength<u8>>(
key: &[u8],
iv: Vec<u8>,
length: usize,
ciphertext: &mut [u8],
additional_data: Vec<u8>,
) -> Result<aes_gcm::Tag, AnyError> {
let nonce = Nonce::<N>::from_slice(&iv);
let tag = match length {
128 => {
let cipher = aes_gcm::AesGcm::<Aes128, N>::new_from_slice(key)
.map_err(|_| operation_error("Encryption failed"))?;
cipher
.encrypt_in_place_detached(nonce, &additional_data, ciphertext)
.map_err(|_| operation_error("Encryption failed"))?
}
192 => {
let cipher = aes_gcm::AesGcm::<Aes192, N>::new_from_slice(key)
.map_err(|_| operation_error("Encryption failed"))?;
cipher
.encrypt_in_place_detached(nonce, &additional_data, ciphertext)
.map_err(|_| operation_error("Encryption failed"))?
}
256 => {
let cipher = aes_gcm::AesGcm::<Aes256, N>::new_from_slice(key)
.map_err(|_| operation_error("Encryption failed"))?;
cipher
.encrypt_in_place_detached(nonce, &additional_data, ciphertext)
.map_err(|_| operation_error("Encryption failed"))?
}
_ => return Err(type_error("invalid length")),
};
Ok(tag)
}
fn encrypt_aes_gcm( fn encrypt_aes_gcm(
key: RawKeyData, key: RawKeyData,
length: usize, length: usize,
@ -194,39 +232,24 @@ fn encrypt_aes_gcm(
let key = key.as_secret_key()?; let key = key.as_secret_key()?;
let additional_data = additional_data.unwrap_or_default(); let additional_data = additional_data.unwrap_or_default();
// Fixed 96-bit nonce
if iv.len() != 12 {
return Err(type_error("iv length not equal to 12"));
}
let nonce = Nonce::from_slice(&iv);
let mut ciphertext = data.to_vec(); let mut ciphertext = data.to_vec();
let tag = match length { // Fixed 96-bit OR 128-bit nonce
128 => { let tag = match iv.len() {
let cipher = Aes128Gcm::new_from_slice(key) 12 => encrypt_aes_gcm_general::<U12>(
.map_err(|_| operation_error("Encryption failed"))?; key,
cipher iv,
.encrypt_in_place_detached(nonce, &additional_data, &mut ciphertext) length,
.map_err(|_| operation_error("Encryption failed"))? &mut ciphertext,
} additional_data,
192 => { )?,
type Aes192Gcm = aes_gcm::AesGcm<Aes192, U12>; 16 => encrypt_aes_gcm_general::<U16>(
key,
let cipher = Aes192Gcm::new_from_slice(key) iv,
.map_err(|_| operation_error("Encryption failed"))?; length,
cipher &mut ciphertext,
.encrypt_in_place_detached(nonce, &additional_data, &mut ciphertext) additional_data,
.map_err(|_| operation_error("Encryption failed"))? )?,
} _ => return Err(type_error("iv length not equal to 12 or 16")),
256 => {
let cipher = Aes256Gcm::new_from_slice(key)
.map_err(|_| operation_error("Encryption failed"))?;
cipher
.encrypt_in_place_detached(nonce, &additional_data, &mut ciphertext)
.map_err(|_| operation_error("Encryption failed"))?
}
_ => return Err(type_error("invalid length")),
}; };
// Truncated tag to the specified tag length. // Truncated tag to the specified tag length.

102
tools/wpt/expectation.json
View file

@ -211,25 +211,7 @@
"AES-GCM 256-bit key, 120-bit tag decryption with altered ciphertext", "AES-GCM 256-bit key, 120-bit tag decryption with altered ciphertext",
"AES-GCM 256-bit key, no additional data, 120-bit tag decryption with altered ciphertext", "AES-GCM 256-bit key, no additional data, 120-bit tag decryption with altered ciphertext",
"AES-GCM 256-bit key, 128-bit tag decryption with altered ciphertext", "AES-GCM 256-bit key, 128-bit tag decryption with altered ciphertext",
"AES-GCM 256-bit key, no additional data, 128-bit tag decryption with altered ciphertext", "AES-GCM 256-bit key, no additional data, 128-bit tag decryption with altered ciphertext"
"AES-GCM 128-bit key, illegal tag length 24-bits",
"AES-GCM 128-bit key, illegal tag length 48-bits",
"AES-GCM 128-bit key, illegal tag length 72-bits",
"AES-GCM 128-bit key, illegal tag length 95-bits",
"AES-GCM 128-bit key, illegal tag length 129-bits",
"AES-GCM 128-bit key, illegal tag length 256-bits",
"AES-GCM 192-bit key, illegal tag length 24-bits",
"AES-GCM 192-bit key, illegal tag length 48-bits",
"AES-GCM 192-bit key, illegal tag length 72-bits",
"AES-GCM 192-bit key, illegal tag length 95-bits",
"AES-GCM 192-bit key, illegal tag length 129-bits",
"AES-GCM 192-bit key, illegal tag length 256-bits",
"AES-GCM 256-bit key, illegal tag length 24-bits",
"AES-GCM 256-bit key, illegal tag length 48-bits",
"AES-GCM 256-bit key, illegal tag length 72-bits",
"AES-GCM 256-bit key, illegal tag length 95-bits",
"AES-GCM 256-bit key, illegal tag length 129-bits",
"AES-GCM 256-bit key, illegal tag length 256-bits"
], ],
"aes_gcm.https.any.worker.html": [ "aes_gcm.https.any.worker.html": [
"AES-GCM 128-bit key, 32-bit tag", "AES-GCM 128-bit key, 32-bit tag",
@ -399,25 +381,7 @@
"AES-GCM 256-bit key, 120-bit tag decryption with altered ciphertext", "AES-GCM 256-bit key, 120-bit tag decryption with altered ciphertext",
"AES-GCM 256-bit key, no additional data, 120-bit tag decryption with altered ciphertext", "AES-GCM 256-bit key, no additional data, 120-bit tag decryption with altered ciphertext",
"AES-GCM 256-bit key, 128-bit tag decryption with altered ciphertext", "AES-GCM 256-bit key, 128-bit tag decryption with altered ciphertext",
"AES-GCM 256-bit key, no additional data, 128-bit tag decryption with altered ciphertext", "AES-GCM 256-bit key, no additional data, 128-bit tag decryption with altered ciphertext"
"AES-GCM 128-bit key, illegal tag length 24-bits",
"AES-GCM 128-bit key, illegal tag length 48-bits",
"AES-GCM 128-bit key, illegal tag length 72-bits",
"AES-GCM 128-bit key, illegal tag length 95-bits",
"AES-GCM 128-bit key, illegal tag length 129-bits",
"AES-GCM 128-bit key, illegal tag length 256-bits",
"AES-GCM 192-bit key, illegal tag length 24-bits",
"AES-GCM 192-bit key, illegal tag length 48-bits",
"AES-GCM 192-bit key, illegal tag length 72-bits",
"AES-GCM 192-bit key, illegal tag length 95-bits",
"AES-GCM 192-bit key, illegal tag length 129-bits",
"AES-GCM 192-bit key, illegal tag length 256-bits",
"AES-GCM 256-bit key, illegal tag length 24-bits",
"AES-GCM 256-bit key, illegal tag length 48-bits",
"AES-GCM 256-bit key, illegal tag length 72-bits",
"AES-GCM 256-bit key, illegal tag length 95-bits",
"AES-GCM 256-bit key, illegal tag length 129-bits",
"AES-GCM 256-bit key, illegal tag length 256-bits"
], ],
"rsa_oaep.https.any.html": true, "rsa_oaep.https.any.html": true,
"rsa_oaep.https.any.worker.html": true "rsa_oaep.https.any.worker.html": true
@ -853,20 +817,7 @@
"wrapKey_unwrapKey": { "wrapKey_unwrapKey": {
"wrapKey_unwrapKey.https.any.html": [ "wrapKey_unwrapKey.https.any.html": [
"Can wrap and unwrap ECDH public key keys using spki and AES-CTR", "Can wrap and unwrap ECDH public key keys using spki and AES-CTR",
"Can wrap and unwrap AES-GCM keys as non-extractable using raw and AES-CTR",
"Can wrap and unwrap AES-GCM keys as non-extractable using jwk and AES-CTR",
"Can unwrap AES-GCM non-extractable keys using jwk and AES-CTR",
"Can wrap and unwrap ECDH public key keys using spki and AES-CBC", "Can wrap and unwrap ECDH public key keys using spki and AES-CBC",
"Can wrap and unwrap AES-GCM keys as non-extractable using raw and AES-CBC",
"Can wrap and unwrap AES-GCM keys as non-extractable using jwk and AES-CBC",
"Can unwrap AES-GCM non-extractable keys using jwk and AES-CBC",
"Can wrap and unwrap ECDSA public key keys using spki and AES-GCM",
"Can wrap and unwrap ECDSA public key keys using jwk and AES-GCM",
"Can wrap and unwrap ECDSA private key keys using pkcs8 and AES-GCM",
"Can wrap and unwrap ECDSA private key keys as non-extractable using pkcs8 and AES-GCM",
"Can wrap and unwrap ECDSA private key keys using jwk and AES-GCM",
"Can wrap and unwrap ECDSA private key keys as non-extractable using jwk and AES-GCM",
"Can unwrap ECDSA private key non-extractable keys using jwk and AES-GCM",
"Can wrap and unwrap ECDH public key keys using spki and AES-GCM", "Can wrap and unwrap ECDH public key keys using spki and AES-GCM",
"Can wrap and unwrap ECDH public key keys using jwk and AES-GCM", "Can wrap and unwrap ECDH public key keys using jwk and AES-GCM",
"Can wrap and unwrap ECDH private key keys using pkcs8 and AES-GCM", "Can wrap and unwrap ECDH private key keys using pkcs8 and AES-GCM",
@ -874,6 +825,11 @@
"Can wrap and unwrap ECDH private key keys using jwk and AES-GCM", "Can wrap and unwrap ECDH private key keys using jwk and AES-GCM",
"Can wrap and unwrap ECDH private key keys as non-extractable using jwk and AES-GCM", "Can wrap and unwrap ECDH private key keys as non-extractable using jwk and AES-GCM",
"Can unwrap ECDH private key non-extractable keys using jwk and AES-GCM", "Can unwrap ECDH private key non-extractable keys using jwk and AES-GCM",
"Can wrap and unwrap HMAC keys using raw and AES-GCM",
"Can wrap and unwrap HMAC keys as non-extractable using raw and AES-GCM",
"Can wrap and unwrap HMAC keys using jwk and AES-GCM",
"Can wrap and unwrap HMAC keys as non-extractable using jwk and AES-GCM",
"Can unwrap HMAC non-extractable keys using jwk and AES-GCM",
"Can wrap and unwrap AES-CTR keys using raw and AES-GCM", "Can wrap and unwrap AES-CTR keys using raw and AES-GCM",
"Can wrap and unwrap AES-CTR keys as non-extractable using raw and AES-GCM", "Can wrap and unwrap AES-CTR keys as non-extractable using raw and AES-GCM",
"Can wrap and unwrap AES-CTR keys using jwk and AES-GCM", "Can wrap and unwrap AES-CTR keys using jwk and AES-GCM",
@ -894,11 +850,20 @@
"Can wrap and unwrap AES-KW keys using jwk and AES-GCM", "Can wrap and unwrap AES-KW keys using jwk and AES-GCM",
"Can wrap and unwrap AES-KW keys as non-extractable using jwk and AES-GCM", "Can wrap and unwrap AES-KW keys as non-extractable using jwk and AES-GCM",
"Can unwrap AES-KW non-extractable keys using jwk and AES-GCM", "Can unwrap AES-KW non-extractable keys using jwk and AES-GCM",
"Can wrap and unwrap HMAC keys using raw and AES-GCM", "Can wrap and unwrap ECDSA public key keys using spki and AES-GCM",
"Can wrap and unwrap HMAC keys as non-extractable using raw and AES-GCM", "Can wrap and unwrap ECDSA public key keys using jwk and AES-GCM",
"Can wrap and unwrap HMAC keys using jwk and AES-GCM", "Can wrap and unwrap ECDSA private key keys using pkcs8 and AES-GCM",
"Can wrap and unwrap HMAC keys as non-extractable using jwk and AES-GCM", "Can wrap and unwrap ECDSA private key keys as non-extractable using pkcs8 and AES-GCM",
"Can unwrap HMAC non-extractable keys using jwk and AES-GCM", "Can wrap and unwrap ECDSA private key keys using jwk and AES-GCM",
"Can wrap and unwrap ECDSA private key keys as non-extractable using jwk and AES-GCM",
"Can unwrap ECDSA private key non-extractable keys using jwk and AES-GCM",
"Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using spki and AES-GCM",
"Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using jwk and AES-GCM",
"Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using pkcs8 and AES-GCM",
"Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using pkcs8 and AES-GCM",
"Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using jwk and AES-GCM",
"Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using jwk and AES-GCM",
"Can unwrap RSASSA-PKCS1-v1_5 private key non-extractable keys using jwk and AES-GCM",
"Can wrap and unwrap RSA-PSS public key keys using spki and AES-GCM", "Can wrap and unwrap RSA-PSS public key keys using spki and AES-GCM",
"Can wrap and unwrap RSA-PSS public key keys using jwk and AES-GCM", "Can wrap and unwrap RSA-PSS public key keys using jwk and AES-GCM",
"Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-GCM", "Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-GCM",
@ -913,28 +878,11 @@
"Can wrap and unwrap RSA-OAEP private key keys using jwk and AES-GCM", "Can wrap and unwrap RSA-OAEP private key keys using jwk and AES-GCM",
"Can wrap and unwrap RSA-OAEP private key keys as non-extractable using jwk and AES-GCM", "Can wrap and unwrap RSA-OAEP private key keys as non-extractable using jwk and AES-GCM",
"Can unwrap RSA-OAEP private key non-extractable keys using jwk and AES-GCM", "Can unwrap RSA-OAEP private key non-extractable keys using jwk and AES-GCM",
"Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using spki and AES-GCM", "Can wrap and unwrap ECDH public key keys using spki and RSA-OAEP"
"Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using jwk and AES-GCM",
"Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using pkcs8 and AES-GCM",
"Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using pkcs8 and AES-GCM",
"Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using jwk and AES-GCM",
"Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using jwk and AES-GCM",
"Can unwrap RSASSA-PKCS1-v1_5 private key non-extractable keys using jwk and AES-GCM",
"Can wrap and unwrap AES-GCM keys as non-extractable using raw and AES-KW",
"Can wrap and unwrap ECDH public key keys using spki and RSA-OAEP",
"Can wrap and unwrap AES-GCM keys as non-extractable using raw and RSA-OAEP",
"Can wrap and unwrap AES-GCM keys as non-extractable using jwk and RSA-OAEP",
"Can unwrap AES-GCM non-extractable keys using jwk and RSA-OAEP"
], ],
"wrapKey_unwrapKey.https.any.worker.html": [ "wrapKey_unwrapKey.https.any.worker.html": [
"Can wrap and unwrap ECDH public key keys using spki and AES-CTR", "Can wrap and unwrap ECDH public key keys using spki and AES-CTR",
"Can wrap and unwrap AES-GCM keys as non-extractable using raw and AES-CTR",
"Can wrap and unwrap AES-GCM keys as non-extractable using jwk and AES-CTR",
"Can unwrap AES-GCM non-extractable keys using jwk and AES-CTR",
"Can wrap and unwrap ECDH public key keys using spki and AES-CBC", "Can wrap and unwrap ECDH public key keys using spki and AES-CBC",
"Can wrap and unwrap AES-GCM keys as non-extractable using raw and AES-CBC",
"Can wrap and unwrap AES-GCM keys as non-extractable using jwk and AES-CBC",
"Can unwrap AES-GCM non-extractable keys using jwk and AES-CBC",
"Can wrap and unwrap ECDSA public key keys using spki and AES-GCM", "Can wrap and unwrap ECDSA public key keys using spki and AES-GCM",
"Can wrap and unwrap ECDSA public key keys using jwk and AES-GCM", "Can wrap and unwrap ECDSA public key keys using jwk and AES-GCM",
"Can wrap and unwrap ECDSA private key keys using pkcs8 and AES-GCM", "Can wrap and unwrap ECDSA private key keys using pkcs8 and AES-GCM",
@ -995,11 +943,7 @@
"Can wrap and unwrap RSA-PSS private key keys using jwk and AES-GCM", "Can wrap and unwrap RSA-PSS private key keys using jwk and AES-GCM",
"Can wrap and unwrap RSA-PSS private key keys as non-extractable using jwk and AES-GCM", "Can wrap and unwrap RSA-PSS private key keys as non-extractable using jwk and AES-GCM",
"Can unwrap RSA-PSS private key non-extractable keys using jwk and AES-GCM", "Can unwrap RSA-PSS private key non-extractable keys using jwk and AES-GCM",
"Can wrap and unwrap AES-GCM keys as non-extractable using raw and AES-KW", "Can wrap and unwrap ECDH public key keys using spki and RSA-OAEP"
"Can wrap and unwrap ECDH public key keys using spki and RSA-OAEP",
"Can wrap and unwrap AES-GCM keys as non-extractable using raw and RSA-OAEP",
"Can wrap and unwrap AES-GCM keys as non-extractable using jwk and RSA-OAEP",
"Can unwrap AES-GCM non-extractable keys using jwk and RSA-OAEP"
] ]
} }
}, },