1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-11 16:42:21 -05:00

feat(ext/crypto): implement pkcs8/JWK for P-384 curves (#13154)

This commit is contained in:
Sean Michael Wykes 2022-01-19 03:44:35 -03:00 committed by GitHub
parent 77e58fe7f9
commit 9139985180
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 106 additions and 247 deletions

View file

@ -1200,10 +1200,7 @@ Deno.test(async function testImportExportEcDsaJwk() {
for (
const [_key, keyData] of Object.entries(jwtECKeys)
) {
const { size, publicJWK, privateJWK, algo } = keyData;
if (size != 256) {
continue;
}
const { publicJWK, privateJWK, algo } = keyData;
// 1. Test import EcDsa
const privateKeyECDSA = await subtle.importKey(
@ -1268,9 +1265,6 @@ Deno.test(async function testImportEcDhJwk() {
const [_key, jwkData] of Object.entries(jwtECKeys)
) {
const { size, publicJWK, privateJWK } = jwkData;
if (size != 256) {
continue;
}
// 1. Test import EcDsa
const privateKeyECDH = await subtle.importKey(
@ -1308,6 +1302,11 @@ Deno.test(async function testImportEcDhJwk() {
);
assert(equalJwk(publicJWK, expPublicKeyJWK as JWK));
// deriveBits still not implemented for P384
if (size != 256) {
continue;
}
const derivedKey = await subtle.deriveBits(
{
name: "ECDH",
@ -1406,6 +1405,13 @@ Deno.test(async function testImportEcSpkiPkcs8() {
for (
const hash of [/*"SHA-1", */ "SHA-256", "SHA-384" /*"SHA-512"*/]
) {
if (
(hash == "SHA-256" && namedCurve != "P-256") ||
(hash == "SHA-384" && namedCurve != "P-384")
) {
continue;
}
const signatureECDSA = await subtle.sign(
{ name: "ECDSA", hash },
privateKeyECDSA,

View file

@ -28,8 +28,6 @@ pub struct ECPrivateKey<'a, C: elliptic_curve::Curve> {
pub encoded_point: &'a [u8],
}
#[allow(dead_code)]
///todo(@sean) - to be removed in #13154
impl<'a, C> ECPrivateKey<'a, C>
where
C: elliptic_curve::Curve + AlgorithmParameters,

View file

@ -3,14 +3,14 @@ use deno_core::OpState;
use deno_core::ZeroCopyBuf;
use elliptic_curve::pkcs8::der::Decodable as Pkcs8Decodable;
use elliptic_curve::pkcs8::PrivateKeyInfo;
use elliptic_curve::sec1::ToEncodedPoint;
use p256::pkcs8::FromPrivateKey;
use p256::pkcs8::ToPrivateKey;
use ring::signature::EcdsaKeyPair;
use rsa::pkcs1::UIntBytes;
use serde::Deserialize;
use serde::Serialize;
use spki::der::Encodable;
use crate::ec_key::ECPrivateKey;
use crate::key::CryptoNamedCurve;
use crate::shared::*;
use crate::OaepPrivateKeyParameters;
use crate::PssPrivateKeyParameters;
@ -721,68 +721,65 @@ fn import_key_ec_jwk(
let point_bytes = import_key_ec_jwk_to_point(x, y, named_curve)?;
Ok(ImportKeyResult::Ec {
raw_data: RawKeyData::Public(point_bytes.to_vec().into()),
raw_data: RawKeyData::Public(point_bytes.into()),
})
}
KeyData::JwkPrivateEc { d, x, y } => {
let point_bytes = import_key_ec_jwk_to_point(x, y, named_curve)?;
let secret_key_der = match named_curve {
jwt_b64_int_or_err!(private_d, &d, "invalid JWK private key");
let pkcs8_der = match named_curve {
EcNamedCurve::P256 => {
let d = decode_b64url_to_field_bytes::<p256::NistP256>(&d)?;
let secret_key = p256::SecretKey::from_bytes(&d)?;
ToPrivateKey::to_pkcs8_der(&secret_key).unwrap()
}
//@todo(sean) - build p384 secret key from jwk, when crate implements to_pkcs8_der
//Problem: p384 crate does not implement ProjectiveArithmetic
/*EcNamedCurve::P384 => {
let secret_key = p384::SecretKey::from_be_bytes(&d)?;
secret_key.to_pkcs8_der().unwrap()
}*/
_ => return Err(not_supported_error("Unsupported named curve")),
};
let oid =
<p256::NistP256 as p256::elliptic_curve::AlgorithmParameters>::OID;
let pki = p256::pkcs8::PrivateKeyInfo::new(
p256::pkcs8::AlgorithmIdentifier {
oid,
parameters: None,
},
secret_key_der.as_ref(),
let pk =
ECPrivateKey::<p256::NistP256>::from_private_and_public_bytes(
d,
&point_bytes,
);
let pki = p256::pkcs8::PrivateKeyInfo {
public_key: Some(&point_bytes),
..pki
pk.to_pkcs8_der()?
}
EcNamedCurve::P384 => {
let d = decode_b64url_to_field_bytes::<p384::NistP384>(&d)?;
let pk =
ECPrivateKey::<p384::NistP384>::from_private_and_public_bytes(
d,
&point_bytes,
);
pk.to_pkcs8_der()?
}
EcNamedCurve::P521 => {
return Err(data_error("Unsupported named curve"))
}
};
// Import using ring, to validate key
let key_alg = match named_curve {
EcNamedCurve::P256 => CryptoNamedCurve::P256.try_into()?,
EcNamedCurve::P384 => CryptoNamedCurve::P256.try_into()?,
EcNamedCurve::P521 => {
return Err(data_error("Unsupported named curve"))
}
};
let _key_pair = EcdsaKeyPair::from_private_key_and_public_key(
key_alg,
private_d.as_bytes(),
point_bytes.as_ref(),
);
Ok(ImportKeyResult::Ec {
raw_data: RawKeyData::Private(pki.private_key.to_vec().into()),
raw_data: RawKeyData::Private(pkcs8_der.as_ref().to_vec().into()),
})
}
_ => unreachable!(),
}
}
pub struct ECParametersPkcs8 {
pub named_curve_alg: p256::pkcs8::der::asn1::ObjectIdentifier,
}
impl<'a> TryFrom<p256::pkcs8::der::asn1::Any<'a>> for ECParametersPkcs8 {
type Error = p256::pkcs8::der::Error;
fn try_from(
any: p256::pkcs8::der::asn1::Any<'a>,
) -> p256::pkcs8::der::Result<ECParametersPkcs8> {
let x = any.oid()?;
Ok(Self { named_curve_alg: x })
}
}
pub struct ECParametersSpki {
pub named_curve_alg: spki::der::asn1::ObjectIdentifier,
}
@ -833,70 +830,48 @@ fn import_key_ec(
})
}
KeyData::Pkcs8(data) => {
// 2-3.
let pk_info = PrivateKeyInfo::from_der(&data)
.map_err(|e| data_error(e.to_string()))?;
// 2-7
// Deserialize PKCS8 - validate structure, extracts named_curve
let named_curve_alg = match named_curve {
EcNamedCurve::P256 => {
let pk = ECPrivateKey::<p256::NistP256>::try_from(data.as_ref())?;
// 4-5.
let alg = pk_info.algorithm.oid;
// id-ecPublicKey
if alg != elliptic_curve::ALGORITHM_OID {
return Err(data_error("unsupported algorithm"));
pk.named_curve_oid().unwrap()
}
EcNamedCurve::P384 => {
let pk = ECPrivateKey::<p384::NistP384>::try_from(data.as_ref())?;
// 5-7.
let params = ECParametersPkcs8::try_from(
pk_info
.algorithm
.parameters
.ok_or_else(|| data_error("malformed parameters"))?,
)
.map_err(|_| data_error("malformed parameters"))?;
pk.named_curve_oid().unwrap()
}
EcNamedCurve::P521 => {
return Err(data_error("Unsupported named curve"))
}
};
// 8-9.
let pk_named_curve = match params.named_curve_alg {
let pk_named_curve = match named_curve_alg {
// id-secp256r1
ID_SECP256R1_OID => Some(EcNamedCurve::P256),
// id-secp384r1
ID_SECP384R1_OID => Some(EcNamedCurve::P384),
// id-secp384r1
// id-secp521r1
ID_SECP521R1_OID => Some(EcNamedCurve::P521),
_ => None,
};
// 10.
if let Some(pk_named_curve) = pk_named_curve {
match pk_named_curve {
EcNamedCurve::P256 => {
let secret_key =
p256::SecretKey::from_pkcs8_der(&data).map_err(|_| {
data_error("invalid P-256 elliptic curve PKCS8 data")
})?;
let signing_alg = match pk_named_curve {
EcNamedCurve::P256 => CryptoNamedCurve::P256.try_into()?,
EcNamedCurve::P384 => CryptoNamedCurve::P384.try_into()?,
EcNamedCurve::P521 => {
return Err(data_error("Unsupported named curve"))
}
};
let point =
secret_key.public_key().as_affine().to_encoded_point(false);
// deserialize pkcs8 using ring crate, to VALIDATE public key
let _private_key = EcdsaKeyPair::from_pkcs8(signing_alg, &data)?;
// 12 - not sure if this is correct.
if point.is_identity() {
return Err(data_error("Invalid key data"));
}
}
//@todo(sean) Validate P384 secret-key on import(pkcs8)
//Problem: Nist384 Curve from p384 crate does not implement ProjectiveArithmetic
//so cannot extract PublicKey from SecretKey.
/*EcNamedCurve::P384 => {
let secret_key =
p384::SecretKey::from_pkcs8_der(&data).unwrap();
let point =
secret_key.public_key().as_affine().to_encoded_point(false);
// 3.
if point.is_identity() {
return Err(type_error("Invalid key data".to_string()));
}
}*/
_ => return Err(data_error("Unsupported named curve")),
}
// 11.
if named_curve != pk_named_curve {
return Err(data_error("curve mismatch"));

View file

@ -616,10 +616,6 @@
],
"import_export": {
"ec_importKey.https.any.html": [
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, true, [sign])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-384}, true, [sign])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, false, [sign])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-384}, false, [sign])",
"Good parameters: P-521 bits (spki, buffer(158), {name: ECDSA, namedCurve: P-521}, true, [])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-521}, true, [])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDSA, namedCurve: P-521}, true, [sign])",
@ -630,18 +626,6 @@
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, false, [sign])",
"Good parameters: P-256 bits (spki, buffer(91), {name: ECDH, namedCurve: P-256}, true, [])",
"Good parameters: P-384 bits (spki, buffer(120), {name: ECDH, namedCurve: P-384}, true, [])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveKey])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveKey])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveKey])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveKey])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits])",
"Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, true, [])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-521}, true, [])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveKey])",
@ -660,10 +644,6 @@
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveBits])"
],
"ec_importKey.https.any.worker.html": [
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, true, [sign])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-384}, true, [sign])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, false, [sign])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-384}, false, [sign])",
"Good parameters: P-521 bits (spki, buffer(158), {name: ECDSA, namedCurve: P-521}, true, [])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDSA, namedCurve: P-521}, true, [])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDSA, namedCurve: P-521}, true, [sign])",
@ -674,18 +654,6 @@
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, false, [sign])",
"Good parameters: P-256 bits (spki, buffer(91), {name: ECDH, namedCurve: P-256}, true, [])",
"Good parameters: P-384 bits (spki, buffer(120), {name: ECDH, namedCurve: P-384}, true, [])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveKey])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveKey])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveKey])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveKey])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey])",
"Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits])",
"Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits])",
"Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, true, [])",
"Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-521}, true, [])",
"Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveKey])",
@ -715,10 +683,9 @@
"ECDSA P-256 with SHA-1 verification",
"ECDSA P-256 with SHA-384 verification",
"ECDSA P-256 with SHA-512 verification",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification",
"importVectorKeys step: ECDSA P-384 with SHA-512 verification",
"ECDSA P-384 with SHA-1 verification",
"ECDSA P-384 with SHA-256 verification",
"ECDSA P-384 with SHA-512 verification",
"importVectorKeys step: ECDSA P-521 with SHA-1 verification",
"importVectorKeys step: ECDSA P-521 with SHA-256 verification",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification",
@ -726,10 +693,9 @@
"ECDSA P-256 with SHA-1 verification with altered signature after call",
"ECDSA P-256 with SHA-384 verification with altered signature after call",
"ECDSA P-256 with SHA-512 verification with altered signature after call",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification with altered signature after call",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification with altered signature after call",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification with altered signature after call",
"importVectorKeys step: ECDSA P-384 with SHA-512 verification with altered signature after call",
"ECDSA P-384 with SHA-1 verification with altered signature after call",
"ECDSA P-384 with SHA-256 verification with altered signature after call",
"ECDSA P-384 with SHA-512 verification with altered signature after call",
"importVectorKeys step: ECDSA P-521 with SHA-1 verification with altered signature after call",
"importVectorKeys step: ECDSA P-521 with SHA-256 verification with altered signature after call",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification with altered signature after call",
@ -737,101 +703,59 @@
"ECDSA P-256 with SHA-1 with altered plaintext after call",
"ECDSA P-256 with SHA-384 with altered plaintext after call",
"ECDSA P-256 with SHA-512 with altered plaintext after call",
"importVectorKeys step: ECDSA P-384 with SHA-1 with altered plaintext after call",
"importVectorKeys step: ECDSA P-384 with SHA-256 with altered plaintext after call",
"importVectorKeys step: ECDSA P-384 with SHA-384 with altered plaintext after call",
"importVectorKeys step: ECDSA P-384 with SHA-512 with altered plaintext after call",
"ECDSA P-384 with SHA-1 with altered plaintext after call",
"ECDSA P-384 with SHA-256 with altered plaintext after call",
"ECDSA P-384 with SHA-512 with altered plaintext after call",
"importVectorKeys step: ECDSA P-521 with SHA-1 with altered plaintext after call",
"importVectorKeys step: ECDSA P-521 with SHA-256 with altered plaintext after call",
"importVectorKeys step: ECDSA P-521 with SHA-384 with altered plaintext after call",
"importVectorKeys step: ECDSA P-521 with SHA-512 with altered plaintext after call",
"importVectorKeys step: ECDSA P-384 with SHA-1 using privateKey to verify",
"importVectorKeys step: ECDSA P-384 with SHA-256 using privateKey to verify",
"importVectorKeys step: ECDSA P-384 with SHA-384 using privateKey to verify",
"importVectorKeys step: ECDSA P-384 with SHA-512 using privateKey to verify",
"importVectorKeys step: ECDSA P-521 with SHA-1 using privateKey to verify",
"importVectorKeys step: ECDSA P-521 with SHA-256 using privateKey to verify",
"importVectorKeys step: ECDSA P-521 with SHA-384 using privateKey to verify",
"importVectorKeys step: ECDSA P-521 with SHA-512 using privateKey to verify",
"importVectorKeys step: ECDSA P-384 with SHA-1 using publicKey to sign",
"importVectorKeys step: ECDSA P-384 with SHA-256 using publicKey to sign",
"importVectorKeys step: ECDSA P-384 with SHA-384 using publicKey to sign",
"importVectorKeys step: ECDSA P-384 with SHA-512 using publicKey to sign",
"importVectorKeys step: ECDSA P-521 with SHA-1 using publicKey to sign",
"importVectorKeys step: ECDSA P-521 with SHA-256 using publicKey to sign",
"importVectorKeys step: ECDSA P-521 with SHA-384 using publicKey to sign",
"importVectorKeys step: ECDSA P-521 with SHA-512 using publicKey to sign",
"importVectorKeys step: ECDSA P-384 with SHA-1 no verify usage",
"importVectorKeys step: ECDSA P-384 with SHA-256 no verify usage",
"importVectorKeys step: ECDSA P-384 with SHA-384 no verify usage",
"importVectorKeys step: ECDSA P-384 with SHA-512 no verify usage",
"importVectorKeys step: ECDSA P-521 with SHA-1 no verify usage",
"importVectorKeys step: ECDSA P-521 with SHA-256 no verify usage",
"importVectorKeys step: ECDSA P-521 with SHA-384 no verify usage",
"importVectorKeys step: ECDSA P-521 with SHA-512 no verify usage",
"ECDSA P-256 with SHA-1 round trip",
"ECDSA P-256 with SHA-512 round trip",
"importVectorKeys step: ECDSA P-384 with SHA-1 round trip",
"importVectorKeys step: ECDSA P-384 with SHA-256 round trip",
"importVectorKeys step: ECDSA P-384 with SHA-384 round trip",
"importVectorKeys step: ECDSA P-384 with SHA-512 round trip",
"ECDSA P-384 with SHA-1 round trip",
"ECDSA P-384 with SHA-512 round trip",
"importVectorKeys step: ECDSA P-521 with SHA-1 round trip",
"importVectorKeys step: ECDSA P-521 with SHA-256 round trip",
"importVectorKeys step: ECDSA P-521 with SHA-384 round trip",
"importVectorKeys step: ECDSA P-521 with SHA-512 round trip",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to altered signature",
"ECDSA P-256 with SHA-256 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to wrong hash",
"ECDSA P-384 with SHA-384 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-384 with SHA-1 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-256 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-384 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-512 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-521 with SHA-1 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-521 with SHA-256 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-521 with SHA-384 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-521 with SHA-512 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-1 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-256 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-384 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-512 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-521 with SHA-1 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-521 with SHA-256 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-521 with SHA-384 verifying with wrong algorithm name",
@ -841,10 +765,9 @@
"ECDSA P-256 with SHA-1 verification",
"ECDSA P-256 with SHA-384 verification",
"ECDSA P-256 with SHA-512 verification",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification",
"importVectorKeys step: ECDSA P-384 with SHA-512 verification",
"ECDSA P-384 with SHA-1 verification",
"ECDSA P-384 with SHA-256 verification",
"ECDSA P-384 with SHA-512 verification",
"importVectorKeys step: ECDSA P-521 with SHA-1 verification",
"importVectorKeys step: ECDSA P-521 with SHA-256 verification",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification",
@ -852,10 +775,9 @@
"ECDSA P-256 with SHA-1 verification with altered signature after call",
"ECDSA P-256 with SHA-384 verification with altered signature after call",
"ECDSA P-256 with SHA-512 verification with altered signature after call",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification with altered signature after call",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification with altered signature after call",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification with altered signature after call",
"importVectorKeys step: ECDSA P-384 with SHA-512 verification with altered signature after call",
"ECDSA P-384 with SHA-1 verification with altered signature after call",
"ECDSA P-384 with SHA-256 verification with altered signature after call",
"ECDSA P-384 with SHA-512 verification with altered signature after call",
"importVectorKeys step: ECDSA P-521 with SHA-1 verification with altered signature after call",
"importVectorKeys step: ECDSA P-521 with SHA-256 verification with altered signature after call",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification with altered signature after call",
@ -863,101 +785,59 @@
"ECDSA P-256 with SHA-1 with altered plaintext after call",
"ECDSA P-256 with SHA-384 with altered plaintext after call",
"ECDSA P-256 with SHA-512 with altered plaintext after call",
"importVectorKeys step: ECDSA P-384 with SHA-1 with altered plaintext after call",
"importVectorKeys step: ECDSA P-384 with SHA-256 with altered plaintext after call",
"importVectorKeys step: ECDSA P-384 with SHA-384 with altered plaintext after call",
"importVectorKeys step: ECDSA P-384 with SHA-512 with altered plaintext after call",
"ECDSA P-384 with SHA-1 with altered plaintext after call",
"ECDSA P-384 with SHA-256 with altered plaintext after call",
"ECDSA P-384 with SHA-512 with altered plaintext after call",
"importVectorKeys step: ECDSA P-521 with SHA-1 with altered plaintext after call",
"importVectorKeys step: ECDSA P-521 with SHA-256 with altered plaintext after call",
"importVectorKeys step: ECDSA P-521 with SHA-384 with altered plaintext after call",
"importVectorKeys step: ECDSA P-521 with SHA-512 with altered plaintext after call",
"importVectorKeys step: ECDSA P-384 with SHA-1 using privateKey to verify",
"importVectorKeys step: ECDSA P-384 with SHA-256 using privateKey to verify",
"importVectorKeys step: ECDSA P-384 with SHA-384 using privateKey to verify",
"importVectorKeys step: ECDSA P-384 with SHA-512 using privateKey to verify",
"importVectorKeys step: ECDSA P-521 with SHA-1 using privateKey to verify",
"importVectorKeys step: ECDSA P-521 with SHA-256 using privateKey to verify",
"importVectorKeys step: ECDSA P-521 with SHA-384 using privateKey to verify",
"importVectorKeys step: ECDSA P-521 with SHA-512 using privateKey to verify",
"importVectorKeys step: ECDSA P-384 with SHA-1 using publicKey to sign",
"importVectorKeys step: ECDSA P-384 with SHA-256 using publicKey to sign",
"importVectorKeys step: ECDSA P-384 with SHA-384 using publicKey to sign",
"importVectorKeys step: ECDSA P-384 with SHA-512 using publicKey to sign",
"importVectorKeys step: ECDSA P-521 with SHA-1 using publicKey to sign",
"importVectorKeys step: ECDSA P-521 with SHA-256 using publicKey to sign",
"importVectorKeys step: ECDSA P-521 with SHA-384 using publicKey to sign",
"importVectorKeys step: ECDSA P-521 with SHA-512 using publicKey to sign",
"importVectorKeys step: ECDSA P-384 with SHA-1 no verify usage",
"importVectorKeys step: ECDSA P-384 with SHA-256 no verify usage",
"importVectorKeys step: ECDSA P-384 with SHA-384 no verify usage",
"importVectorKeys step: ECDSA P-384 with SHA-512 no verify usage",
"importVectorKeys step: ECDSA P-521 with SHA-1 no verify usage",
"importVectorKeys step: ECDSA P-521 with SHA-256 no verify usage",
"importVectorKeys step: ECDSA P-521 with SHA-384 no verify usage",
"importVectorKeys step: ECDSA P-521 with SHA-512 no verify usage",
"ECDSA P-256 with SHA-1 round trip",
"ECDSA P-256 with SHA-512 round trip",
"importVectorKeys step: ECDSA P-384 with SHA-1 round trip",
"importVectorKeys step: ECDSA P-384 with SHA-256 round trip",
"importVectorKeys step: ECDSA P-384 with SHA-384 round trip",
"importVectorKeys step: ECDSA P-384 with SHA-512 round trip",
"ECDSA P-384 with SHA-1 round trip",
"ECDSA P-384 with SHA-512 round trip",
"importVectorKeys step: ECDSA P-521 with SHA-1 round trip",
"importVectorKeys step: ECDSA P-521 with SHA-256 round trip",
"importVectorKeys step: ECDSA P-521 with SHA-384 round trip",
"importVectorKeys step: ECDSA P-521 with SHA-512 round trip",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered signature",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to altered signature",
"ECDSA P-256 with SHA-256 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to wrong hash",
"ECDSA P-384 with SHA-384 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to wrong hash",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to bad hash name",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to shortened signature",
"importVectorKeys step: ECDSA P-384 with SHA-1 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-384 with SHA-256 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-384 with SHA-384 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-384 with SHA-512 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-521 with SHA-1 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-521 with SHA-256 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-521 with SHA-384 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-521 with SHA-512 verification failure due to altered plaintext",
"importVectorKeys step: ECDSA P-384 with SHA-1 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-256 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-384 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-512 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-521 with SHA-1 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-521 with SHA-256 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-521 with SHA-384 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-521 with SHA-512 signing with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-1 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-256 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-384 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-384 with SHA-512 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-521 with SHA-1 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-521 with SHA-256 verifying with wrong algorithm name",
"importVectorKeys step: ECDSA P-521 with SHA-384 verifying with wrong algorithm name",