From 91399851809b2c1585b318d496e81f9683cd270b Mon Sep 17 00:00:00 2001 From: Sean Michael Wykes <8363933+SeanWykes@users.noreply.github.com> Date: Wed, 19 Jan 2022 03:44:35 -0300 Subject: [PATCH] feat(ext/crypto): implement pkcs8/JWK for P-384 curves (#13154) --- cli/tests/unit/webcrypto_test.ts | 20 ++-- ext/crypto/ec_key.rs | 2 - ext/crypto/import_key.rs | 161 +++++++++++++---------------- tools/wpt/expectation.json | 170 +++++-------------------------- 4 files changed, 106 insertions(+), 247 deletions(-) diff --git a/cli/tests/unit/webcrypto_test.ts b/cli/tests/unit/webcrypto_test.ts index a318e730d2..84cf7d4ca0 100644 --- a/cli/tests/unit/webcrypto_test.ts +++ b/cli/tests/unit/webcrypto_test.ts @@ -1200,10 +1200,7 @@ Deno.test(async function testImportExportEcDsaJwk() { for ( const [_key, keyData] of Object.entries(jwtECKeys) ) { - const { size, publicJWK, privateJWK, algo } = keyData; - if (size != 256) { - continue; - } + const { publicJWK, privateJWK, algo } = keyData; // 1. Test import EcDsa const privateKeyECDSA = await subtle.importKey( @@ -1268,9 +1265,6 @@ Deno.test(async function testImportEcDhJwk() { const [_key, jwkData] of Object.entries(jwtECKeys) ) { const { size, publicJWK, privateJWK } = jwkData; - if (size != 256) { - continue; - } // 1. Test import EcDsa const privateKeyECDH = await subtle.importKey( @@ -1308,6 +1302,11 @@ Deno.test(async function testImportEcDhJwk() { ); assert(equalJwk(publicJWK, expPublicKeyJWK as JWK)); + // deriveBits still not implemented for P384 + if (size != 256) { + continue; + } + const derivedKey = await subtle.deriveBits( { name: "ECDH", @@ -1406,6 +1405,13 @@ Deno.test(async function testImportEcSpkiPkcs8() { for ( const hash of [/*"SHA-1", */ "SHA-256", "SHA-384" /*"SHA-512"*/] ) { + if ( + (hash == "SHA-256" && namedCurve != "P-256") || + (hash == "SHA-384" && namedCurve != "P-384") + ) { + continue; + } + const signatureECDSA = await subtle.sign( { name: "ECDSA", hash }, privateKeyECDSA, diff --git a/ext/crypto/ec_key.rs b/ext/crypto/ec_key.rs index 3509f0aef5..8302bb55d8 100644 --- a/ext/crypto/ec_key.rs +++ b/ext/crypto/ec_key.rs @@ -28,8 +28,6 @@ pub struct ECPrivateKey<'a, C: elliptic_curve::Curve> { pub encoded_point: &'a [u8], } -#[allow(dead_code)] -///todo(@sean) - to be removed in #13154 impl<'a, C> ECPrivateKey<'a, C> where C: elliptic_curve::Curve + AlgorithmParameters, diff --git a/ext/crypto/import_key.rs b/ext/crypto/import_key.rs index 56fbfa111a..6d6b11c52d 100644 --- a/ext/crypto/import_key.rs +++ b/ext/crypto/import_key.rs @@ -3,14 +3,14 @@ use deno_core::OpState; use deno_core::ZeroCopyBuf; use elliptic_curve::pkcs8::der::Decodable as Pkcs8Decodable; use elliptic_curve::pkcs8::PrivateKeyInfo; -use elliptic_curve::sec1::ToEncodedPoint; -use p256::pkcs8::FromPrivateKey; -use p256::pkcs8::ToPrivateKey; +use ring::signature::EcdsaKeyPair; use rsa::pkcs1::UIntBytes; use serde::Deserialize; use serde::Serialize; use spki::der::Encodable; +use crate::ec_key::ECPrivateKey; +use crate::key::CryptoNamedCurve; use crate::shared::*; use crate::OaepPrivateKeyParameters; use crate::PssPrivateKeyParameters; @@ -721,68 +721,65 @@ fn import_key_ec_jwk( let point_bytes = import_key_ec_jwk_to_point(x, y, named_curve)?; Ok(ImportKeyResult::Ec { - raw_data: RawKeyData::Public(point_bytes.to_vec().into()), + raw_data: RawKeyData::Public(point_bytes.into()), }) } KeyData::JwkPrivateEc { d, x, y } => { let point_bytes = import_key_ec_jwk_to_point(x, y, named_curve)?; - let secret_key_der = match named_curve { + jwt_b64_int_or_err!(private_d, &d, "invalid JWK private key"); + + let pkcs8_der = match named_curve { EcNamedCurve::P256 => { let d = decode_b64url_to_field_bytes::(&d)?; - let secret_key = p256::SecretKey::from_bytes(&d)?; - ToPrivateKey::to_pkcs8_der(&secret_key).unwrap() - } - //@todo(sean) - build p384 secret key from jwk, when crate implements to_pkcs8_der - //Problem: p384 crate does not implement ProjectiveArithmetic - /*EcNamedCurve::P384 => { - let secret_key = p384::SecretKey::from_be_bytes(&d)?; - secret_key.to_pkcs8_der().unwrap() - }*/ - _ => return Err(not_supported_error("Unsupported named curve")), + let pk = + ECPrivateKey::::from_private_and_public_bytes( + d, + &point_bytes, + ); + + pk.to_pkcs8_der()? + } + EcNamedCurve::P384 => { + let d = decode_b64url_to_field_bytes::(&d)?; + + let pk = + ECPrivateKey::::from_private_and_public_bytes( + d, + &point_bytes, + ); + + pk.to_pkcs8_der()? + } + EcNamedCurve::P521 => { + return Err(data_error("Unsupported named curve")) + } }; - let oid = - ::OID; + // Import using ring, to validate key + let key_alg = match named_curve { + EcNamedCurve::P256 => CryptoNamedCurve::P256.try_into()?, + EcNamedCurve::P384 => CryptoNamedCurve::P256.try_into()?, + EcNamedCurve::P521 => { + return Err(data_error("Unsupported named curve")) + } + }; - let pki = p256::pkcs8::PrivateKeyInfo::new( - p256::pkcs8::AlgorithmIdentifier { - oid, - parameters: None, - }, - secret_key_der.as_ref(), + let _key_pair = EcdsaKeyPair::from_private_key_and_public_key( + key_alg, + private_d.as_bytes(), + point_bytes.as_ref(), ); - let pki = p256::pkcs8::PrivateKeyInfo { - public_key: Some(&point_bytes), - ..pki - }; - Ok(ImportKeyResult::Ec { - raw_data: RawKeyData::Private(pki.private_key.to_vec().into()), + raw_data: RawKeyData::Private(pkcs8_der.as_ref().to_vec().into()), }) } _ => unreachable!(), } } -pub struct ECParametersPkcs8 { - pub named_curve_alg: p256::pkcs8::der::asn1::ObjectIdentifier, -} - -impl<'a> TryFrom> for ECParametersPkcs8 { - type Error = p256::pkcs8::der::Error; - - fn try_from( - any: p256::pkcs8::der::asn1::Any<'a>, - ) -> p256::pkcs8::der::Result { - let x = any.oid()?; - - Ok(Self { named_curve_alg: x }) - } -} - pub struct ECParametersSpki { pub named_curve_alg: spki::der::asn1::ObjectIdentifier, } @@ -833,70 +830,48 @@ fn import_key_ec( }) } KeyData::Pkcs8(data) => { - // 2-3. - let pk_info = PrivateKeyInfo::from_der(&data) - .map_err(|e| data_error(e.to_string()))?; + // 2-7 + // Deserialize PKCS8 - validate structure, extracts named_curve + let named_curve_alg = match named_curve { + EcNamedCurve::P256 => { + let pk = ECPrivateKey::::try_from(data.as_ref())?; - // 4-5. - let alg = pk_info.algorithm.oid; - // id-ecPublicKey - if alg != elliptic_curve::ALGORITHM_OID { - return Err(data_error("unsupported algorithm")); - } + pk.named_curve_oid().unwrap() + } + EcNamedCurve::P384 => { + let pk = ECPrivateKey::::try_from(data.as_ref())?; - // 5-7. - let params = ECParametersPkcs8::try_from( - pk_info - .algorithm - .parameters - .ok_or_else(|| data_error("malformed parameters"))?, - ) - .map_err(|_| data_error("malformed parameters"))?; + pk.named_curve_oid().unwrap() + } + EcNamedCurve::P521 => { + return Err(data_error("Unsupported named curve")) + } + }; // 8-9. - let pk_named_curve = match params.named_curve_alg { + let pk_named_curve = match named_curve_alg { // id-secp256r1 ID_SECP256R1_OID => Some(EcNamedCurve::P256), // id-secp384r1 ID_SECP384R1_OID => Some(EcNamedCurve::P384), - // id-secp384r1 + // id-secp521r1 ID_SECP521R1_OID => Some(EcNamedCurve::P521), _ => None, }; // 10. if let Some(pk_named_curve) = pk_named_curve { - match pk_named_curve { - EcNamedCurve::P256 => { - let secret_key = - p256::SecretKey::from_pkcs8_der(&data).map_err(|_| { - data_error("invalid P-256 elliptic curve PKCS8 data") - })?; - - let point = - secret_key.public_key().as_affine().to_encoded_point(false); - - // 12 - not sure if this is correct. - if point.is_identity() { - return Err(data_error("Invalid key data")); - } + let signing_alg = match pk_named_curve { + EcNamedCurve::P256 => CryptoNamedCurve::P256.try_into()?, + EcNamedCurve::P384 => CryptoNamedCurve::P384.try_into()?, + EcNamedCurve::P521 => { + return Err(data_error("Unsupported named curve")) } - //@todo(sean) Validate P384 secret-key on import(pkcs8) - //Problem: Nist384 Curve from p384 crate does not implement ProjectiveArithmetic - //so cannot extract PublicKey from SecretKey. - /*EcNamedCurve::P384 => { - let secret_key = - p384::SecretKey::from_pkcs8_der(&data).unwrap(); + }; + + // deserialize pkcs8 using ring crate, to VALIDATE public key + let _private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &data)?; - let point = - secret_key.public_key().as_affine().to_encoded_point(false); - // 3. - if point.is_identity() { - return Err(type_error("Invalid key data".to_string())); - } - }*/ - _ => return Err(data_error("Unsupported named curve")), - } // 11. if named_curve != pk_named_curve { return Err(data_error("curve mismatch")); diff --git a/tools/wpt/expectation.json b/tools/wpt/expectation.json index a5cfd31447..0ad2ba2c96 100644 --- a/tools/wpt/expectation.json +++ b/tools/wpt/expectation.json @@ -616,10 +616,6 @@ ], "import_export": { "ec_importKey.https.any.html": [ - "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, true, [sign])", - "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-384}, true, [sign])", - "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, false, [sign])", - "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-384}, false, [sign])", "Good parameters: P-521 bits (spki, buffer(158), {name: ECDSA, namedCurve: P-521}, true, [])", "Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-521}, true, [])", "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDSA, namedCurve: P-521}, true, [sign])", @@ -630,18 +626,6 @@ "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, false, [sign])", "Good parameters: P-256 bits (spki, buffer(91), {name: ECDH, namedCurve: P-256}, true, [])", "Good parameters: P-384 bits (spki, buffer(120), {name: ECDH, namedCurve: P-384}, true, [])", - "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveKey])", - "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveKey])", - "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey])", - "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey])", - "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits])", - "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits])", - "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveKey])", - "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveKey])", - "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey])", - "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey])", - "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits])", - "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits])", "Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, true, [])", "Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-521}, true, [])", "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveKey])", @@ -660,10 +644,6 @@ "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveBits])" ], "ec_importKey.https.any.worker.html": [ - "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, true, [sign])", - "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-384}, true, [sign])", - "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, false, [sign])", - "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-384}, false, [sign])", "Good parameters: P-521 bits (spki, buffer(158), {name: ECDSA, namedCurve: P-521}, true, [])", "Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-521}, true, [])", "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDSA, namedCurve: P-521}, true, [sign])", @@ -674,18 +654,6 @@ "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, false, [sign])", "Good parameters: P-256 bits (spki, buffer(91), {name: ECDH, namedCurve: P-256}, true, [])", "Good parameters: P-384 bits (spki, buffer(120), {name: ECDH, namedCurve: P-384}, true, [])", - "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveKey])", - "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveKey])", - "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey])", - "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey])", - "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits])", - "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits])", - "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveKey])", - "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveKey])", - "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey])", - "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey])", - "Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits])", - "Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits])", "Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, true, [])", "Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-521}, true, [])", "Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveKey])", @@ -715,10 +683,9 @@ "ECDSA P-256 with SHA-1 verification", "ECDSA P-256 with SHA-384 verification", "ECDSA P-256 with SHA-512 verification", - "importVectorKeys step: ECDSA P-384 with SHA-1 verification", - "importVectorKeys step: ECDSA P-384 with SHA-256 verification", - "importVectorKeys step: ECDSA P-384 with SHA-384 verification", - "importVectorKeys step: ECDSA P-384 with SHA-512 verification", + "ECDSA P-384 with SHA-1 verification", + "ECDSA P-384 with SHA-256 verification", + "ECDSA P-384 with SHA-512 verification", "importVectorKeys step: ECDSA P-521 with SHA-1 verification", "importVectorKeys step: ECDSA P-521 with SHA-256 verification", "importVectorKeys step: ECDSA P-521 with SHA-384 verification", @@ -726,10 +693,9 @@ "ECDSA P-256 with SHA-1 verification with altered signature after call", "ECDSA P-256 with SHA-384 verification with altered signature after call", "ECDSA P-256 with SHA-512 verification with altered signature after call", - "importVectorKeys step: ECDSA P-384 with SHA-1 verification with altered signature after call", - "importVectorKeys step: ECDSA P-384 with SHA-256 verification with altered signature after call", - "importVectorKeys step: ECDSA P-384 with SHA-384 verification with altered signature after call", - "importVectorKeys step: ECDSA P-384 with SHA-512 verification with altered signature after call", + "ECDSA P-384 with SHA-1 verification with altered signature after call", + "ECDSA P-384 with SHA-256 verification with altered signature after call", + "ECDSA P-384 with SHA-512 verification with altered signature after call", "importVectorKeys step: ECDSA P-521 with SHA-1 verification with altered signature after call", "importVectorKeys step: ECDSA P-521 with SHA-256 verification with altered signature after call", "importVectorKeys step: ECDSA P-521 with SHA-384 verification with altered signature after call", @@ -737,101 +703,59 @@ "ECDSA P-256 with SHA-1 with altered plaintext after call", "ECDSA P-256 with SHA-384 with altered plaintext after call", "ECDSA P-256 with SHA-512 with altered plaintext after call", - "importVectorKeys step: ECDSA P-384 with SHA-1 with altered plaintext after call", - "importVectorKeys step: ECDSA P-384 with SHA-256 with altered plaintext after call", - "importVectorKeys step: ECDSA P-384 with SHA-384 with altered plaintext after call", - "importVectorKeys step: ECDSA P-384 with SHA-512 with altered plaintext after call", + "ECDSA P-384 with SHA-1 with altered plaintext after call", + "ECDSA P-384 with SHA-256 with altered plaintext after call", + "ECDSA P-384 with SHA-512 with altered plaintext after call", "importVectorKeys step: ECDSA P-521 with SHA-1 with altered plaintext after call", "importVectorKeys step: ECDSA P-521 with SHA-256 with altered plaintext after call", "importVectorKeys step: ECDSA P-521 with SHA-384 with altered plaintext after call", "importVectorKeys step: ECDSA P-521 with SHA-512 with altered plaintext after call", - "importVectorKeys step: ECDSA P-384 with SHA-1 using privateKey to verify", - "importVectorKeys step: ECDSA P-384 with SHA-256 using privateKey to verify", - "importVectorKeys step: ECDSA P-384 with SHA-384 using privateKey to verify", - "importVectorKeys step: ECDSA P-384 with SHA-512 using privateKey to verify", "importVectorKeys step: ECDSA P-521 with SHA-1 using privateKey to verify", "importVectorKeys step: ECDSA P-521 with SHA-256 using privateKey to verify", "importVectorKeys step: ECDSA P-521 with SHA-384 using privateKey to verify", "importVectorKeys step: ECDSA P-521 with SHA-512 using privateKey to verify", - "importVectorKeys step: ECDSA P-384 with SHA-1 using publicKey to sign", - "importVectorKeys step: ECDSA P-384 with SHA-256 using publicKey to sign", - "importVectorKeys step: ECDSA P-384 with SHA-384 using publicKey to sign", - "importVectorKeys step: ECDSA P-384 with SHA-512 using publicKey to sign", "importVectorKeys step: ECDSA P-521 with SHA-1 using publicKey to sign", "importVectorKeys step: ECDSA P-521 with SHA-256 using publicKey to sign", "importVectorKeys step: ECDSA P-521 with SHA-384 using publicKey to sign", "importVectorKeys step: ECDSA P-521 with SHA-512 using publicKey to sign", - "importVectorKeys step: ECDSA P-384 with SHA-1 no verify usage", - "importVectorKeys step: ECDSA P-384 with SHA-256 no verify usage", - "importVectorKeys step: ECDSA P-384 with SHA-384 no verify usage", - "importVectorKeys step: ECDSA P-384 with SHA-512 no verify usage", "importVectorKeys step: ECDSA P-521 with SHA-1 no verify usage", "importVectorKeys step: ECDSA P-521 with SHA-256 no verify usage", "importVectorKeys step: ECDSA P-521 with SHA-384 no verify usage", "importVectorKeys step: ECDSA P-521 with SHA-512 no verify usage", "ECDSA P-256 with SHA-1 round trip", "ECDSA P-256 with SHA-512 round trip", - "importVectorKeys step: ECDSA P-384 with SHA-1 round trip", - "importVectorKeys step: ECDSA P-384 with SHA-256 round trip", - "importVectorKeys step: ECDSA P-384 with SHA-384 round trip", - "importVectorKeys step: ECDSA P-384 with SHA-512 round trip", + "ECDSA P-384 with SHA-1 round trip", + "ECDSA P-384 with SHA-512 round trip", "importVectorKeys step: ECDSA P-521 with SHA-1 round trip", "importVectorKeys step: ECDSA P-521 with SHA-256 round trip", "importVectorKeys step: ECDSA P-521 with SHA-384 round trip", "importVectorKeys step: ECDSA P-521 with SHA-512 round trip", - "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to altered signature", - "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to altered signature", - "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to altered signature", - "importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to altered signature", "ECDSA P-256 with SHA-256 verification failure due to wrong hash", - "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to wrong hash", - "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to wrong hash", - "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to wrong hash", - "importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to wrong hash", + "ECDSA P-384 with SHA-384 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to wrong hash", - "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to bad hash name", - "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to bad hash name", - "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to bad hash name", - "importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to bad hash name", - "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to shortened signature", - "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to shortened signature", - "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to shortened signature", - "importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to shortened signature", - "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to altered plaintext", - "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to altered plaintext", - "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to altered plaintext", - "importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to altered plaintext", - "importVectorKeys step: ECDSA P-384 with SHA-1 signing with wrong algorithm name", - "importVectorKeys step: ECDSA P-384 with SHA-256 signing with wrong algorithm name", - "importVectorKeys step: ECDSA P-384 with SHA-384 signing with wrong algorithm name", - "importVectorKeys step: ECDSA P-384 with SHA-512 signing with wrong algorithm name", "importVectorKeys step: ECDSA P-521 with SHA-1 signing with wrong algorithm name", "importVectorKeys step: ECDSA P-521 with SHA-256 signing with wrong algorithm name", "importVectorKeys step: ECDSA P-521 with SHA-384 signing with wrong algorithm name", "importVectorKeys step: ECDSA P-521 with SHA-512 signing with wrong algorithm name", - "importVectorKeys step: ECDSA P-384 with SHA-1 verifying with wrong algorithm name", - "importVectorKeys step: ECDSA P-384 with SHA-256 verifying with wrong algorithm name", - "importVectorKeys step: ECDSA P-384 with SHA-384 verifying with wrong algorithm name", - "importVectorKeys step: ECDSA P-384 with SHA-512 verifying with wrong algorithm name", "importVectorKeys step: ECDSA P-521 with SHA-1 verifying with wrong algorithm name", "importVectorKeys step: ECDSA P-521 with SHA-256 verifying with wrong algorithm name", "importVectorKeys step: ECDSA P-521 with SHA-384 verifying with wrong algorithm name", @@ -841,10 +765,9 @@ "ECDSA P-256 with SHA-1 verification", "ECDSA P-256 with SHA-384 verification", "ECDSA P-256 with SHA-512 verification", - "importVectorKeys step: ECDSA P-384 with SHA-1 verification", - "importVectorKeys step: ECDSA P-384 with SHA-256 verification", - "importVectorKeys step: ECDSA P-384 with SHA-384 verification", - "importVectorKeys step: ECDSA P-384 with SHA-512 verification", + "ECDSA P-384 with SHA-1 verification", + "ECDSA P-384 with SHA-256 verification", + "ECDSA P-384 with SHA-512 verification", "importVectorKeys step: ECDSA P-521 with SHA-1 verification", "importVectorKeys step: ECDSA P-521 with SHA-256 verification", "importVectorKeys step: ECDSA P-521 with SHA-384 verification", @@ -852,10 +775,9 @@ "ECDSA P-256 with SHA-1 verification with altered signature after call", "ECDSA P-256 with SHA-384 verification with altered signature after call", "ECDSA P-256 with SHA-512 verification with altered signature after call", - "importVectorKeys step: ECDSA P-384 with SHA-1 verification with altered signature after call", - "importVectorKeys step: ECDSA P-384 with SHA-256 verification with altered signature after call", - "importVectorKeys step: ECDSA P-384 with SHA-384 verification with altered signature after call", - "importVectorKeys step: ECDSA P-384 with SHA-512 verification with altered signature after call", + "ECDSA P-384 with SHA-1 verification with altered signature after call", + "ECDSA P-384 with SHA-256 verification with altered signature after call", + "ECDSA P-384 with SHA-512 verification with altered signature after call", "importVectorKeys step: ECDSA P-521 with SHA-1 verification with altered signature after call", "importVectorKeys step: ECDSA P-521 with SHA-256 verification with altered signature after call", "importVectorKeys step: ECDSA P-521 with SHA-384 verification with altered signature after call", @@ -863,101 +785,59 @@ "ECDSA P-256 with SHA-1 with altered plaintext after call", "ECDSA P-256 with SHA-384 with altered plaintext after call", "ECDSA P-256 with SHA-512 with altered plaintext after call", - "importVectorKeys step: ECDSA P-384 with SHA-1 with altered plaintext after call", - "importVectorKeys step: ECDSA P-384 with SHA-256 with altered plaintext after call", - "importVectorKeys step: ECDSA P-384 with SHA-384 with altered plaintext after call", - "importVectorKeys step: ECDSA P-384 with SHA-512 with altered plaintext after call", + "ECDSA P-384 with SHA-1 with altered plaintext after call", + "ECDSA P-384 with SHA-256 with altered plaintext after call", + "ECDSA P-384 with SHA-512 with altered plaintext after call", "importVectorKeys step: ECDSA P-521 with SHA-1 with altered plaintext after call", "importVectorKeys step: ECDSA P-521 with SHA-256 with altered plaintext after call", "importVectorKeys step: ECDSA P-521 with SHA-384 with altered plaintext after call", "importVectorKeys step: ECDSA P-521 with SHA-512 with altered plaintext after call", - "importVectorKeys step: ECDSA P-384 with SHA-1 using privateKey to verify", - "importVectorKeys step: ECDSA P-384 with SHA-256 using privateKey to verify", - "importVectorKeys step: ECDSA P-384 with SHA-384 using privateKey to verify", - "importVectorKeys step: ECDSA P-384 with SHA-512 using privateKey to verify", "importVectorKeys step: ECDSA P-521 with SHA-1 using privateKey to verify", "importVectorKeys step: ECDSA P-521 with SHA-256 using privateKey to verify", "importVectorKeys step: ECDSA P-521 with SHA-384 using privateKey to verify", "importVectorKeys step: ECDSA P-521 with SHA-512 using privateKey to verify", - "importVectorKeys step: ECDSA P-384 with SHA-1 using publicKey to sign", - "importVectorKeys step: ECDSA P-384 with SHA-256 using publicKey to sign", - "importVectorKeys step: ECDSA P-384 with SHA-384 using publicKey to sign", - "importVectorKeys step: ECDSA P-384 with SHA-512 using publicKey to sign", "importVectorKeys step: ECDSA P-521 with SHA-1 using publicKey to sign", "importVectorKeys step: ECDSA P-521 with SHA-256 using publicKey to sign", "importVectorKeys step: ECDSA P-521 with SHA-384 using publicKey to sign", "importVectorKeys step: ECDSA P-521 with SHA-512 using publicKey to sign", - "importVectorKeys step: ECDSA P-384 with SHA-1 no verify usage", - "importVectorKeys step: ECDSA P-384 with SHA-256 no verify usage", - "importVectorKeys step: ECDSA P-384 with SHA-384 no verify usage", - "importVectorKeys step: ECDSA P-384 with SHA-512 no verify usage", "importVectorKeys step: ECDSA P-521 with SHA-1 no verify usage", "importVectorKeys step: ECDSA P-521 with SHA-256 no verify usage", "importVectorKeys step: ECDSA P-521 with SHA-384 no verify usage", "importVectorKeys step: ECDSA P-521 with SHA-512 no verify usage", "ECDSA P-256 with SHA-1 round trip", "ECDSA P-256 with SHA-512 round trip", - "importVectorKeys step: ECDSA P-384 with SHA-1 round trip", - "importVectorKeys step: ECDSA P-384 with SHA-256 round trip", - "importVectorKeys step: ECDSA P-384 with SHA-384 round trip", - "importVectorKeys step: ECDSA P-384 with SHA-512 round trip", + "ECDSA P-384 with SHA-1 round trip", + "ECDSA P-384 with SHA-512 round trip", "importVectorKeys step: ECDSA P-521 with SHA-1 round trip", "importVectorKeys step: ECDSA P-521 with SHA-256 round trip", "importVectorKeys step: ECDSA P-521 with SHA-384 round trip", "importVectorKeys step: ECDSA P-521 with SHA-512 round trip", - "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to altered signature", - "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to altered signature", - "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to altered signature", - "importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered signature", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to altered signature", "ECDSA P-256 with SHA-256 verification failure due to wrong hash", - "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to wrong hash", - "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to wrong hash", - "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to wrong hash", - "importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to wrong hash", + "ECDSA P-384 with SHA-384 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to wrong hash", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to wrong hash", - "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to bad hash name", - "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to bad hash name", - "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to bad hash name", - "importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to bad hash name", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to bad hash name", - "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to shortened signature", - "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to shortened signature", - "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to shortened signature", - "importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to shortened signature", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to shortened signature", - "importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to altered plaintext", - "importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to altered plaintext", - "importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to altered plaintext", - "importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered plaintext", "importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to altered plaintext", - "importVectorKeys step: ECDSA P-384 with SHA-1 signing with wrong algorithm name", - "importVectorKeys step: ECDSA P-384 with SHA-256 signing with wrong algorithm name", - "importVectorKeys step: ECDSA P-384 with SHA-384 signing with wrong algorithm name", - "importVectorKeys step: ECDSA P-384 with SHA-512 signing with wrong algorithm name", "importVectorKeys step: ECDSA P-521 with SHA-1 signing with wrong algorithm name", "importVectorKeys step: ECDSA P-521 with SHA-256 signing with wrong algorithm name", "importVectorKeys step: ECDSA P-521 with SHA-384 signing with wrong algorithm name", "importVectorKeys step: ECDSA P-521 with SHA-512 signing with wrong algorithm name", - "importVectorKeys step: ECDSA P-384 with SHA-1 verifying with wrong algorithm name", - "importVectorKeys step: ECDSA P-384 with SHA-256 verifying with wrong algorithm name", - "importVectorKeys step: ECDSA P-384 with SHA-384 verifying with wrong algorithm name", - "importVectorKeys step: ECDSA P-384 with SHA-512 verifying with wrong algorithm name", "importVectorKeys step: ECDSA P-521 with SHA-1 verifying with wrong algorithm name", "importVectorKeys step: ECDSA P-521 with SHA-256 verifying with wrong algorithm name", "importVectorKeys step: ECDSA P-521 with SHA-384 verifying with wrong algorithm name", @@ -4143,4 +4023,4 @@ "Pattern: [{\"pathname\":\"*//*\"}] Inputs: [{\"pathname\":\"foo/bar\"}]" ] } -} +} \ No newline at end of file