foster/denoland-deno
1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-12 00:54:02 -05:00
Code Issues Packages 1 Wiki Activity

feat(ext/crypto): import RSA pkcs#8 keys (#11891)

Browse source
This commit is contained in:
Divy Srivastava 2021-09-14 18:51:20 +05:30 committed by GitHub
parent d36b01ff69
commit c41460ecc4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 1091 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
cli/tests/testdata/webcrypto/id_rsaEncryption.pem vendored Normal file
View file

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDYKBqT674QjFgP
LciOxf8UNtfIligtwGc+RjuNRdzT2z7sduGPqxfW7y6MYm/tP92GjUKNf2/XzLkI
Ay5pPtHKv21YTAH4GOFqNJL3FzYVJtf8zZmvFhXY2BVIhu6JFkaFCBYC4+Is5nMM
kP12FZvf6LbTTVQVMRV5wyRXP1gzQ16fHE9c115mhzJSVkohtqHw5mFfEV/I7DEB
QRTn+hvv5r4gGc7qn9gewwmlOh+6ow1lc7WNWNn7kigsW9hgLGsGZvkaUge0jOLs
QPzEWSdzmiOnpMxYLK1XjC73G3+0OHUjtRdG9q3cr7/yqKO5uI0Ays1q40t2UZrH
rMBeFSi/AgMBAAECggEAE7NMANFKiE2SNQfyMHkBL4F0FzcAQHM5taZHBTAp2TEx
QfHvyt1IFfHEp0zNcK0SbpHvT+AefGePMZjAoRz1l+nseFCtGUSDPt+9yUFXT4Qz
yTmf2SJFKXdAMVUC5oGeOb+r6eWFFpyGPc31G88KXtTh3M4+bJQFpgxQApemXT2K
vvkUppWr/LKIrLQ9TboBAWOOMtuZ0+nDbCzFwdRvQ1itR/Jbq4swt4+PTXKkWrHN
gXoxCoMXaS/QW4BxzlnCAFelEvguF95VKPFgzf6AvHp7mun4tHYgePxugsG4xpRR
U3fCBIqHp8LunG8TpCIY4jeUE4vfNgxWgJ/E+oSOWQKBgQDundzft515Ul2k+wb2
HaQbaVafYyDmwK/Ji8tthFVJqYPo7eWFbIsedAEGUBzxYd8WRJS59/jyV/MQ3mGS
Y2leCOVo/oGIxqugJNQl0NSnUYleXeweTWMeUhbbMPGutMHLe9hGByzOBwE4G1Oj
Yb8bu41WMzT9T1YBm8cuBQS02wKBgQDn5145sxlMDezj0kcOU+gQLXJfsIPhVIsf
aiLlH78BLDOTH3J+INMYnI869r1bCOlUjNjf3bdBgPA+YQQIPExmhQARAPk1riEp
x7O9egpcxlYzE7yNtR5LeEh5kW+nlSr6EcPPONJlHYgyv9DGxjhnA3lI93rBcqYy
0xSFF41O7QKBgQCiW2deEWFkm1Z8WxFxhNmUjSgTay+H0rPJPwU7jz84z86hPr1c
+23tWqEX2orW8vEIBcHsh30r6AvK/oUFRf77rLHrrsAUgJlmbair0lvfPOtq+h0e
wSkgCFrk6XiIlxUFj06o11j1Fm8N7goKsQeHpyWT8WOst76deZEdDu0U4QKBgEs/
HqrYO0AbUJ9HrriubyE4reDwtIob1ZyW4sW3vFFUF1QIoyzb18Mnoa3/O8fbJ2LA
5OoW1gySGuIStq05a4zkYPYje7l4S9hzrRWxEMWzsWqXX9oXR8IzQEj58OHOnAhS
VVfa1yHqKDRXWxX0YX7DeMo9Sv6UBet95C2fS8GtAoGALvUAEM/LEj/NY+J0542F
+b8FyXtosQ1mSKBV03JmmglDfQW/+O0Illuy8CmfIuqftLwHyc15u5cAIDd5a8jm
S8l+7/KYETXYGCA1mwB/Dr/LJwbVEQ/mw1ne6FrJ4MORd/2GWuvzrqTKrwRcJ+O9
mZ3aPB+XECOydno9s4rsxII=
-----END PRIVATE KEY-----

29
cli/tests/testdata/webcrypto/id_rsassaPss.pem vendored Normal file
View file

@ -0,0 +1,29 @@
-----BEGIN PRIVATE KEY-----
MIIE7gIBADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3
DQEBCDALBglghkgBZQMEAgGiAwIBHgSCBKgwggSkAgEAAoIBAQClbSUIKRfpCk0W
WuKv4vzTnAW98n1LDwSbU0larwckrBe19waFaCrh1jiIaSzTjCR9UtHDMDaUuOu3
0Z33Yrsa3U/t6vVl+JVsSeqXTBbGXTZ1iXuCk1DywIAiBwrZJ4IH00p7zMJ7dN0B
peQ6oirGAiaEBGonq6cdAvE0WpDkEQ1lZ3YjSWggwMpkOv24dl1SwbANQzvX4s66
WD70LhmS2MwC9EyUz3ddV3Ha5S3pZrGis8CJ5kBMR65BMYwsaDEWjDkNd7fNFC2D
HiINO8GUm3Tb7FSqzqVCcrOPQYcb/3gBQIIFrGS5zk9KXIcJ6382iomN+f9EGhDQ
S9FQRgF9AgMBAAECggEAIt3HQVoP7RE7wCt1veaUrTEkUK2sVMacjPRX8KIVWlhf
Qv4GxNV4vFK/ZZjtVsUh57wt8/rUdjInlH280qhfkUD2GMo94LktHT7TEAJ8hmCd
GtbYTmQoWpHSL9nWIoDeOjIBb+hvUUAHWNKTMPx/EW7gmVCo4yWdulKlbghso3TR
1M4jbryhplLDzElPPUhmahT2De64CAt9OkDZV8b+47E6CU33qrlFCBOgurQGiIVK
GgmrIxu0efR9n9Df5BqLHTI5v9nqyugrnWYN6vdk/YWZK+RsHo1iqEhge5CPrI48
M6XIES1EQeSF2cdJaob9gsmyzszODw/w8smT5DgNwQKBgQDVZuvgqR9zcpIpMjtI
gFQvBIrHFyO6C48lQ37hlGpSjcKsWevTVRMw6Ywrm6Ls1AlKQ02tMETA9rcnOgj5
lHwOB1Neb41XsBkNgqwelqSAZkxmIKESN4/EBdVX89hdv6lLZ58IniWYfzEAZKoc
oZKelrU+wuk58ny4H7WwdBQjEQKBgQDGcpzdf/Hw60KWdq5fydlG0OwzK6t9TIfB
AZsxcEpHjckfe8/WJLcSZ4zD6kBSiBuLJ4G0l/rMYiF3I6dFfta+2tv8GuQ6n6ji
G859GMBJvqwLbHFFZb56PCtTtoYuI94Qiv1i0CjAfpR9uajLFJ/4aBmKBP04higM
mOQkDTdfrQKBgQDFedZxMU+/X5hNswQVFVvRnpxlm84dzbCLRShWyyaQekpZf2Sx
TZrSumxRtlZQXe6y4BEzYOVew2+9RwEjI/qgaLsHOqdLK9QjInbwX2qevwuXvj4P
Q4cwWE2SdD4WktOwyZTrPp1/vsOzn3OjxwiM5N2X1HpKe1Baek2BmglAYQKBgDOe
Zm07NZycJVLsBgmGgIzqFTZuOoo6GOm8WDjw43FfURxuYS5rmG8iHjxrt1WAb+Gv
Yg6upZ76O4g47u6lwogcd7JI8GrLUuuVng1uHb5Q6YGDMKeDgptbAU4iIR7pV37o
GGbWjHMdudRGMcC5Wa8MrO/4wkEsrEgykM1L3sZ1AoGBAMUtQvrtTDIQml38V+O5
2j3VFv/hmhE/+XMKd2DXl9aRiG6QMe3BVWcLP/rq2ZaxwRjAZg5TO0S9Dptn9eX+
0yASf6VghLGs+wVnWGseyZRcYHRv2O6+I8zzpGd4uSaB7uoBMFsEEp+lUTRe52EW
gFHhVC1yOzlseecZ7wWszDeO
-----END PRIVATE KEY-----

43
cli/tests/unit/webcrypto_test.ts
View file

@ -357,6 +357,49 @@ unitTest(async function subtleCryptoHmacImportExport() {
assertEquals(exportedKey2, jwk); assertEquals(exportedKey2, jwk);
}); });
// 2048-bits publicExponent=65537
const pkcs8TestVectors = [
// rsaEncryption
"cli/tests/testdata/webcrypto/id_rsaEncryption.pem",
// id-RSASSA-PSS
"cli/tests/testdata/webcrypto/id_rsassaPss.pem",
];
unitTest({ perms: { read: true } }, async function importRsaPkcs8() {
const pemHeader = "-----BEGIN PRIVATE KEY-----";
const pemFooter = "-----END PRIVATE KEY-----";
for (const keyFile of pkcs8TestVectors) {
const pem = await Deno.readTextFile(keyFile);
const pemContents = pem.substring(
pemHeader.length,
pem.length - pemFooter.length,
);
const binaryDerString = atob(pemContents);
const binaryDer = new Uint8Array(binaryDerString.length);
for (let i = 0; i < binaryDerString.length; i++) {
binaryDer[i] = binaryDerString.charCodeAt(i);
}
const key = await crypto.subtle.importKey(
"pkcs8",
binaryDer,
{ name: "RSA-PSS", hash: "SHA-256" },
true,
["sign"],
);
assert(key);
assertEquals(key.type, "private");
assertEquals(key.extractable, true);
assertEquals(key.usages, ["sign"]);
const algorithm = key.algorithm as RsaHashedKeyAlgorithm;
assertEquals(algorithm.name, "RSA-PSS");
assertEquals(algorithm.hash.name, "SHA-256");
assertEquals(algorithm.modulusLength, 2048);
assertEquals(algorithm.publicExponent, new Uint8Array([1, 0, 1]));
}
});
// deno-fmt-ignore // deno-fmt-ignore
const asn1AlgorithmIdentifier = new Uint8Array([ const asn1AlgorithmIdentifier = new Uint8Array([
0x02, 0x01, 0x00, // INTEGER 0x02, 0x01, 0x00, // INTEGER

181
ext/crypto/00_crypto.js
View file

@ -68,6 +68,7 @@
}, },
Pbkdf2Params: { hash: "HashAlgorithmIdentifier", salt: "BufferSource" }, Pbkdf2Params: { hash: "HashAlgorithmIdentifier", salt: "BufferSource" },
RsaOaepParams: { label: "BufferSource" }, RsaOaepParams: { label: "BufferSource" },
RsaHashedImportParams: { hash: "HashAlgorithmIdentifier" },
}; };
const supportedAlgorithms = { const supportedAlgorithms = {
@ -102,6 +103,9 @@
"HMAC": null, "HMAC": null,
}, },
"importKey": { "importKey": {
"RSASSA-PKCS1-v1_5": "RsaHashedImportParams",
"RSA-PSS": "RsaHashedImportParams",
"RSA-OAEP": "RsaHashedImportParams",
"HMAC": "HmacImportParams", "HMAC": "HmacImportParams",
"HKDF": null, "HKDF": null,
"PBKDF2": null, "PBKDF2": null,
@ -664,7 +668,6 @@
* @param {KeyUsages[]} keyUsages * @param {KeyUsages[]} keyUsages
* @returns {Promise<any>} * @returns {Promise<any>}
*/ */
// deno-lint-ignore require-await
async importKey(format, keyData, algorithm, extractable, keyUsages) { async importKey(format, keyData, algorithm, extractable, keyUsages) {
webidl.assertBranded(this, SubtleCrypto); webidl.assertBranded(this, SubtleCrypto);
const prefix = "Failed to execute 'importKey' on 'SubtleCrypto'"; const prefix = "Failed to execute 'importKey' on 'SubtleCrypto'";
@ -898,8 +901,180 @@
return key; return key;
} }
// TODO(@littledivy): RSASSA-PKCS1-v1_5 case "RSASSA-PKCS1-v1_5": {
// TODO(@littledivy): RSA-PSS switch (format) {
case "pkcs8": {
// 1.
if (
ArrayPrototypeFind(
keyUsages,
(u) => !ArrayPrototypeIncludes(["sign"], u),
) !== undefined
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
if (keyUsages.length == 0) {
throw new DOMException("Key usage is empty", "SyntaxError");
}
// 2-9.
const { modulusLength, publicExponent, data } = await core
.opAsync(
"op_crypto_import_key",
{
algorithm: "RSASSA-PKCS1-v1_5",
format: "pkcs8",
// Needed to perform step 7 without normalization.
hash: normalizedAlgorithm.hash.name,
},
keyData,
);
const handle = {};
WeakMapPrototypeSet(KEY_STORE, handle, {
// PKCS#1 for RSA
type: "raw",
data,
});
const algorithm = {
name: "RSASSA-PKCS1-v1_5",
modulusLength,
publicExponent,
hash: normalizedAlgorithm.hash,
};
const key = constructKey(
"private",
extractable,
usageIntersection(keyUsages, recognisedUsages),
algorithm,
handle,
);
return key;
}
default:
throw new DOMException("Not implemented", "NotSupportedError");
}
}
case "RSA-PSS": {
switch (format) {
case "pkcs8": {
// 1.
if (
ArrayPrototypeFind(
keyUsages,
(u) => !ArrayPrototypeIncludes(["sign"], u),
) !== undefined
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
if (keyUsages.length == 0) {
throw new DOMException("Key usage is empty", "SyntaxError");
}
// 2-9.
const { modulusLength, publicExponent, data } = await core
.opAsync(
"op_crypto_import_key",
{
algorithm: "RSA-PSS",
format: "pkcs8",
// Needed to perform step 7 without normalization.
hash: normalizedAlgorithm.hash.name,
},
keyData,
);
const handle = {};
WeakMapPrototypeSet(KEY_STORE, handle, {
// PKCS#1 for RSA
type: "raw",
data,
});
const algorithm = {
name: "RSA-PSS",
modulusLength,
publicExponent,
hash: normalizedAlgorithm.hash,
};
const key = constructKey(
"private",
extractable,
usageIntersection(keyUsages, recognisedUsages),
algorithm,
handle,
);
return key;
}
default:
throw new DOMException("Not implemented", "NotSupportedError");
}
}
case "RSA-OAEP": {
switch (format) {
case "pkcs8": {
// 1.
if (
ArrayPrototypeFind(
keyUsages,
(u) => !ArrayPrototypeIncludes(["decrypt", "unwrapKey"], u),
) !== undefined
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
if (keyUsages.length == 0) {
throw new DOMException("Key usage is empty", "SyntaxError");
}
// 2-9.
const { modulusLength, publicExponent, data } = await core
.opAsync(
"op_crypto_import_key",
{
algorithm: "RSA-OAEP",
format: "pkcs8",
// Needed to perform step 7 without normalization.
hash: normalizedAlgorithm.hash.name,
},
keyData,
);
const handle = {};
WeakMapPrototypeSet(KEY_STORE, handle, {
// PKCS#1 for RSA
type: "raw",
data,
});
const algorithm = {
name: "RSA-OAEP",
modulusLength,
publicExponent,
hash: normalizedAlgorithm.hash,
};
const key = constructKey(
"private",
extractable,
usageIntersection(keyUsages, recognisedUsages),
algorithm,
handle,
);
return key;
}
default:
throw new DOMException("Not implemented", "NotSupportedError");
}
}
// TODO(@littledivy): ECDSA // TODO(@littledivy): ECDSA
case "HKDF": { case "HKDF": {
if (format !== "raw") { if (format !== "raw") {

13
ext/crypto/01_webidl.js
View file

@ -103,6 +103,19 @@
dictRsaHashedKeyGenParams, dictRsaHashedKeyGenParams,
); );
const dictRsaHashedImportParams = [
...dictAlgorithm,
{
key: "hash",
converter: webidl.converters.HashAlgorithmIdentifier,
required: true,
},
];
webidl.converters.RsaHashedImportParams = webidl.createDictionaryConverter(
"RsaHashedImportParams",
dictRsaHashedImportParams,
);
webidl.converters.NamedCurve = webidl.converters.DOMString; webidl.converters.NamedCurve = webidl.converters.DOMString;
const dictEcKeyGenParams = [ const dictEcKeyGenParams = [

2
ext/crypto/key.rs
View file

@ -17,7 +17,7 @@ pub enum KeyType {
Secret, Secret,
} }
#[derive(Serialize, Deserialize, Copy, Clone)] #[derive(Serialize, Deserialize, Copy, Clone, PartialEq)]
pub enum CryptoHash { pub enum CryptoHash {
#[serde(rename = "SHA-1")] #[serde(rename = "SHA-1")]
Sha1, Sha1,

8
ext/crypto/lib.deno_crypto.d.ts vendored
View file

@ -69,6 +69,10 @@ interface EcdsaParams extends Algorithm {
hash: HashAlgorithmIdentifier; hash: HashAlgorithmIdentifier;
} }
interface RsaHashedImportParams extends Algorithm {
hash: HashAlgorithmIdentifier;
}
interface RsaHashedKeyGenParams extends RsaKeyGenParams { interface RsaHashedKeyGenParams extends RsaKeyGenParams {
hash: HashAlgorithmIdentifier; hash: HashAlgorithmIdentifier;
} }
@ -170,9 +174,9 @@ interface SubtleCrypto {
keyUsages: KeyUsage[], keyUsages: KeyUsage[],
): Promise<CryptoKey>; ): Promise<CryptoKey>;
importKey( importKey(
format: "raw", format: Exclude<KeyFormat, "jwk">,
keyData: BufferSource, keyData: BufferSource,
algorithm: AlgorithmIdentifier | HmacImportParams, algorithm: AlgorithmIdentifier | HmacImportParams | RsaHashedImportParams,
extractable: boolean, extractable: boolean,
keyUsages: KeyUsage[], keyUsages: KeyUsage[],
): Promise<CryptoKey>; ): Promise<CryptoKey>;

430
ext/crypto/lib.rs
View file

@ -12,8 +12,10 @@ use deno_core::Extension;
use deno_core::OpState; use deno_core::OpState;
use deno_core::ZeroCopyBuf; use deno_core::ZeroCopyBuf;
use serde::Deserialize; use serde::Deserialize;
use serde::Serialize;
use std::cell::RefCell; use std::cell::RefCell;
use std::convert::TryFrom;
use std::convert::TryInto; use std::convert::TryInto;
use std::num::NonZeroU32; use std::num::NonZeroU32;
use std::rc::Rc; use std::rc::Rc;
@ -37,6 +39,8 @@ use ring::signature::EcdsaSigningAlgorithm;
use ring::signature::EcdsaVerificationAlgorithm; use ring::signature::EcdsaVerificationAlgorithm;
use ring::signature::KeyPair; use ring::signature::KeyPair;
use rsa::padding::PaddingScheme; use rsa::padding::PaddingScheme;
use rsa::pkcs1::der::Decodable;
use rsa::pkcs1::der::Encodable;
use rsa::pkcs1::FromRsaPrivateKey; use rsa::pkcs1::FromRsaPrivateKey;
use rsa::pkcs1::ToRsaPrivateKey; use rsa::pkcs1::ToRsaPrivateKey;
use rsa::pkcs8::der::asn1; use rsa::pkcs8::der::asn1;
@ -66,6 +70,31 @@ lazy_static! {
static ref PUB_EXPONENT_2: BigUint = BigUint::from_u64(65537).unwrap(); static ref PUB_EXPONENT_2: BigUint = BigUint::from_u64(65537).unwrap();
} }
const RSA_ENCRYPTION_OID: rsa::pkcs8::ObjectIdentifier =
rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.1");
const SHA1_RSA_ENCRYPTION_OID: rsa::pkcs8::ObjectIdentifier =
rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.5");
const SHA256_RSA_ENCRYPTION_OID: rsa::pkcs8::ObjectIdentifier =
rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.11");
const SHA384_RSA_ENCRYPTION_OID: rsa::pkcs8::ObjectIdentifier =
rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.12");
const SHA512_RSA_ENCRYPTION_OID: rsa::pkcs8::ObjectIdentifier =
rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.13");
const RSASSA_PSS_OID: rsa::pkcs8::ObjectIdentifier =
rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.10");
const ID_SHA1_OID: rsa::pkcs8::ObjectIdentifier =
rsa::pkcs8::ObjectIdentifier::new("1.3.14.3.2.26");
const ID_SHA256_OID: rsa::pkcs8::ObjectIdentifier =
rsa::pkcs8::ObjectIdentifier::new("2.16.840.1.101.3.4.2.1");
const ID_SHA384_OID: rsa::pkcs8::ObjectIdentifier =
rsa::pkcs8::ObjectIdentifier::new("2.16.840.1.101.3.4.2.2");
const ID_SHA512_OID: rsa::pkcs8::ObjectIdentifier =
rsa::pkcs8::ObjectIdentifier::new("2.16.840.1.101.3.4.2.3");
const ID_MFG1: rsa::pkcs8::ObjectIdentifier =
rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.8");
const RSAES_OAEP_OID: rsa::pkcs8::ObjectIdentifier =
rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.7");
pub fn init(maybe_seed: Option<u64>) -> Extension { pub fn init(maybe_seed: Option<u64>) -> Extension {
Extension::builder() Extension::builder()
.js(include_js_files!( .js(include_js_files!(
@ -82,6 +111,7 @@ pub fn init(maybe_seed: Option<u64>) -> Extension {
("op_crypto_sign_key", op_async(op_crypto_sign_key)), ("op_crypto_sign_key", op_async(op_crypto_sign_key)),
("op_crypto_verify_key", op_async(op_crypto_verify_key)), ("op_crypto_verify_key", op_async(op_crypto_verify_key)),
("op_crypto_derive_bits", op_async(op_crypto_derive_bits)), ("op_crypto_derive_bits", op_async(op_crypto_derive_bits)),
("op_crypto_import_key", op_async(op_crypto_import_key)),
("op_crypto_export_key", op_async(op_crypto_export_key)), ("op_crypto_export_key", op_async(op_crypto_export_key)),
("op_crypto_encrypt_key", op_async(op_crypto_encrypt_key)), ("op_crypto_encrypt_key", op_async(op_crypto_encrypt_key)),
("op_crypto_decrypt_key", op_async(op_crypto_decrypt_key)), ("op_crypto_decrypt_key", op_async(op_crypto_decrypt_key)),
@ -817,6 +847,406 @@ pub async fn op_crypto_encrypt_key(
} }
} }
// The parameters field associated with OID id-RSASSA-PSS
// Defined in RFC 3447, section A.2.3
//
// RSASSA-PSS-params ::= SEQUENCE {
// hashAlgorithm [0] HashAlgorithm DEFAULT sha1,
// maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
// saltLength [2] INTEGER DEFAULT 20,
// trailerField [3] TrailerField DEFAULT trailerFieldBC
// }
pub struct PssPrivateKeyParameters<'a> {
pub hash_algorithm: rsa::pkcs8::AlgorithmIdentifier<'a>,
pub mask_gen_algorithm: rsa::pkcs8::AlgorithmIdentifier<'a>,
pub salt_length: u32,
}
// Context-specific tag number for hashAlgorithm.
const HASH_ALGORITHM_TAG: rsa::pkcs8::der::TagNumber =
rsa::pkcs8::der::TagNumber::new(0);
// Context-specific tag number for maskGenAlgorithm.
const MASK_GEN_ALGORITHM_TAG: rsa::pkcs8::der::TagNumber =
rsa::pkcs8::der::TagNumber::new(1);
// Context-specific tag number for saltLength.
const SALT_LENGTH_TAG: rsa::pkcs8::der::TagNumber =
rsa::pkcs8::der::TagNumber::new(2);
impl<'a> TryFrom<rsa::pkcs8::der::asn1::Any<'a>>
for PssPrivateKeyParameters<'a>
{
type Error = rsa::pkcs8::der::Error;
fn try_from(
any: rsa::pkcs8::der::asn1::Any<'a>,
) -> rsa::pkcs8::der::Result<PssPrivateKeyParameters> {
any.sequence(|decoder| {
let hash_algorithm = decoder
.context_specific(HASH_ALGORITHM_TAG)?
.map(TryInto::try_into)
.transpose()?
.unwrap();
let mask_gen_algorithm = decoder
.context_specific(MASK_GEN_ALGORITHM_TAG)?
.map(TryInto::try_into)
.transpose()?
.unwrap();
let salt_length = decoder
.context_specific(SALT_LENGTH_TAG)?
.map(TryInto::try_into)
.transpose()?
.unwrap_or(20);
Ok(Self {
hash_algorithm,
mask_gen_algorithm,
salt_length,
})
})
}
}
// The parameters field associated with OID id-RSAES-OAEP
// Defined in RFC 3447, section A.2.1
//
// RSAES-OAEP-params ::= SEQUENCE {
// hashAlgorithm [0] HashAlgorithm DEFAULT sha1,
// maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
// pSourceAlgorithm [2] PSourceAlgorithm DEFAULT pSpecifiedEmpty
// }
pub struct OaepPrivateKeyParameters<'a> {
pub hash_algorithm: rsa::pkcs8::AlgorithmIdentifier<'a>,
pub mask_gen_algorithm: rsa::pkcs8::AlgorithmIdentifier<'a>,
pub p_source_algorithm: rsa::pkcs8::AlgorithmIdentifier<'a>,
}
impl<'a> TryFrom<rsa::pkcs8::der::asn1::Any<'a>>
for OaepPrivateKeyParameters<'a>
{
type Error = rsa::pkcs8::der::Error;
fn try_from(
any: rsa::pkcs8::der::asn1::Any<'a>,
) -> rsa::pkcs8::der::Result<OaepPrivateKeyParameters> {
any.sequence(|decoder| {
let hash_algorithm = decoder.decode()?;
let mask_gen_algorithm = decoder.decode()?;
let p_source_algorithm = decoder.decode()?;
Ok(Self {
hash_algorithm,
mask_gen_algorithm,
p_source_algorithm,
})
})
}
}
#[derive(Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct ImportKeyArg {
algorithm: Algorithm,
format: KeyFormat,
// RSASSA-PKCS1-v1_5
hash: Option<CryptoHash>,
}
#[derive(Serialize)]
#[serde(rename_all = "camelCase")]
pub struct ImportKeyResult {
data: ZeroCopyBuf,
// RSASSA-PKCS1-v1_5
public_exponent: Option<ZeroCopyBuf>,
modulus_length: Option<usize>,
}
pub async fn op_crypto_import_key(
_state: Rc<RefCell<OpState>>,
args: ImportKeyArg,
zero_copy: Option<ZeroCopyBuf>,
) -> Result<ImportKeyResult, AnyError> {
let zero_copy = zero_copy.ok_or_else(null_opbuf)?;
let data = &*zero_copy;
let algorithm = args.algorithm;
match algorithm {
Algorithm::RsassaPkcs1v15 => {
match args.format {
KeyFormat::Pkcs8 => {
let hash = args
.hash
.ok_or_else(|| type_error("Missing argument hash".to_string()))?;
// 2-3.
let pk_info =
rsa::pkcs8::PrivateKeyInfo::from_der(data).map_err(|e| {
custom_error("DOMExceptionOperationError", e.to_string())
})?;
// 4-5.
let alg = pk_info.algorithm.oid;
// 6.
let pk_hash = match alg {
// rsaEncryption
RSA_ENCRYPTION_OID => None,
// sha1WithRSAEncryption
SHA1_RSA_ENCRYPTION_OID => Some(CryptoHash::Sha1),
// sha256WithRSAEncryption
SHA256_RSA_ENCRYPTION_OID => Some(CryptoHash::Sha256),
// sha384WithRSAEncryption
SHA384_RSA_ENCRYPTION_OID => Some(CryptoHash::Sha384),
// sha512WithRSAEncryption
SHA512_RSA_ENCRYPTION_OID => Some(CryptoHash::Sha512),
_ => return Err(type_error("Unsupported algorithm".to_string())),
};
// 7.
if let Some(pk_hash) = pk_hash {
if pk_hash != hash {
// TODO(@littledivy): DataError
return Err(type_error("Hash mismatch".to_string()));
}
}
// 8-9.
let private_key =
rsa::pkcs1::RsaPrivateKey::from_der(pk_info.private_key).map_err(
|e| custom_error("DOMExceptionOperationError", e.to_string()),
)?;
let bytes_consumed = private_key.encoded_len().map_err(|e| {
// TODO(@littledivy): DataError
custom_error("DOMExceptionOperationError", e.to_string())
})?;
if bytes_consumed
!= rsa::pkcs1::der::Length::new(pk_info.private_key.len() as u16)
{
// TODO(@littledivy): DataError
return Err(type_error("Some bytes were not consumed".to_string()));
}
Ok(ImportKeyResult {
data: pk_info.private_key.to_vec().into(),
public_exponent: Some(
private_key.public_exponent.as_bytes().to_vec().into(),
),
modulus_length: Some(private_key.modulus.as_bytes().len() * 8),
})
}
// TODO(@littledivy): spki
// TODO(@littledivy): jwk
_ => Err(type_error("Unsupported format".to_string())),
}
}
Algorithm::RsaPss => {
match args.format {
KeyFormat::Pkcs8 => {
let hash = args
.hash
.ok_or_else(|| type_error("Missing argument hash".to_string()))?;
// 2-3.
let pk_info =
rsa::pkcs8::PrivateKeyInfo::from_der(data).map_err(|e| {
custom_error("DOMExceptionOperationError", e.to_string())
})?;
// 4-5.
let alg = pk_info.algorithm.oid;
// 6.
let pk_hash = match alg {
// rsaEncryption
RSA_ENCRYPTION_OID => None,
// id-RSASSA-PSS
RSASSA_PSS_OID => {
// TODO(@littledivy): NotSupported error
let params = PssPrivateKeyParameters::try_from(
pk_info.algorithm.parameters.ok_or_else(|| {
type_error("Malformed parameters".to_string())
})?,
)
.map_err(|_| type_error("Malformed parameters".to_string()))?;
let hash_alg = params.hash_algorithm;
let hash = match hash_alg.oid {
// id-sha1
ID_SHA1_OID => Some(CryptoHash::Sha1),
// id-sha256
ID_SHA256_OID => Some(CryptoHash::Sha256),
// id-sha384
ID_SHA384_OID => Some(CryptoHash::Sha384),
// id-sha256
ID_SHA512_OID => Some(CryptoHash::Sha512),
// TODO(@littledivy): DataError
_ => {
return Err(type_error(
"Unsupported hash algorithm".to_string(),
))
}
};
if params.mask_gen_algorithm.oid != ID_MFG1 {
// TODO(@littledivy): NotSupportedError
return Err(type_error(
"Unsupported hash algorithm".to_string(),
));
}
hash
}
// TODO(@littledivy): DataError
_ => return Err(type_error("Unsupported algorithm".to_string())),
};
// 7.
if let Some(pk_hash) = pk_hash {
if pk_hash != hash {
// TODO(@littledivy): DataError
return Err(type_error("Hash mismatch".to_string()));
}
}
// 8-9.
let private_key =
rsa::pkcs1::RsaPrivateKey::from_der(pk_info.private_key).map_err(
|e| custom_error("DOMExceptionOperationError", e.to_string()),
)?;
let bytes_consumed = private_key.encoded_len().map_err(|e| {
// TODO(@littledivy): DataError
custom_error("DOMExceptionOperationError", e.to_string())
})?;
if bytes_consumed
!= rsa::pkcs1::der::Length::new(pk_info.private_key.len() as u16)
{
// TODO(@littledivy): DataError
return Err(type_error("Some bytes were not consumed".to_string()));
}
Ok(ImportKeyResult {
data: pk_info.private_key.to_vec().into(),
public_exponent: Some(
private_key.public_exponent.as_bytes().to_vec().into(),
),
modulus_length: Some(private_key.modulus.as_bytes().len() * 8),
})
}
// TODO(@littledivy): spki
// TODO(@littledivy): jwk
_ => Err(type_error("Unsupported format".to_string())),
}
}
Algorithm::RsaOaep => {
match args.format {
KeyFormat::Pkcs8 => {
let hash = args
.hash
.ok_or_else(|| type_error("Missing argument hash".to_string()))?;
// 2-3.
let pk_info =
rsa::pkcs8::PrivateKeyInfo::from_der(data).map_err(|e| {
custom_error("DOMExceptionOperationError", e.to_string())
})?;
// 4-5.
let alg = pk_info.algorithm.oid;
// 6.
let pk_hash = match alg {
// rsaEncryption
RSA_ENCRYPTION_OID => None,
// id-RSAES-OAEP
RSAES_OAEP_OID => {
// TODO(@littledivy): NotSupported error
let params = OaepPrivateKeyParameters::try_from(
pk_info.algorithm.parameters.ok_or_else(|| {
type_error("Malformed parameters".to_string())
})?,
)
.map_err(|_| type_error("Malformed parameters".to_string()))?;
let hash_alg = params.hash_algorithm;
let hash = match hash_alg.oid {
// id-sha1
ID_SHA1_OID => Some(CryptoHash::Sha1),
// id-sha256
ID_SHA256_OID => Some(CryptoHash::Sha256),
// id-sha384
ID_SHA384_OID => Some(CryptoHash::Sha384),
// id-sha256
ID_SHA512_OID => Some(CryptoHash::Sha512),
// TODO(@littledivy): DataError
_ => {
return Err(type_error(
"Unsupported hash algorithm".to_string(),
))
}
};
if params.mask_gen_algorithm.oid != ID_MFG1 {
// TODO(@littledivy): NotSupportedError
return Err(type_error(
"Unsupported hash algorithm".to_string(),
));
}
hash
}
// TODO(@littledivy): DataError
_ => return Err(type_error("Unsupported algorithm".to_string())),
};
// 7.
if let Some(pk_hash) = pk_hash {
if pk_hash != hash {
// TODO(@littledivy): DataError
return Err(type_error("Hash mismatch".to_string()));
}
}
// 8-9.
let private_key =
rsa::pkcs1::RsaPrivateKey::from_der(pk_info.private_key).map_err(
|e| custom_error("DOMExceptionOperationError", e.to_string()),
)?;
let bytes_consumed = private_key.encoded_len().map_err(|e| {
// TODO(@littledivy): DataError
custom_error("DOMExceptionOperationError", e.to_string())
})?;
if bytes_consumed
!= rsa::pkcs1::der::Length::new(pk_info.private_key.len() as u16)
{
// TODO(@littledivy): DataError
return Err(type_error("Some bytes were not consumed".to_string()));
}
Ok(ImportKeyResult {
data: pk_info.private_key.to_vec().into(),
public_exponent: Some(
private_key.public_exponent.as_bytes().to_vec().into(),
),
modulus_length: Some(private_key.modulus.as_bytes().len() * 8),
})
}
// TODO(@littledivy): spki
// TODO(@littledivy): jwk
_ => Err(type_error("Unsupported format".to_string())),
}
}
_ => Err(type_error("Unsupported algorithm".to_string())),
}
}
#[derive(Deserialize)] #[derive(Deserialize)]
#[serde(rename_all = "camelCase")] #[serde(rename_all = "camelCase")]
pub struct DecryptArg { pub struct DecryptArg {

363
tools/wpt/expectation.json
View file

@ -12172,7 +12172,368 @@
], ],
"import_export": { "import_export": {
"ec_importKey.https.any.html": false, "ec_importKey.https.any.html": false,
"rsa_importKey.https.any.html": false, "rsa_importKey.https.any.html": [
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-1, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-1, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-1, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-OAEP}, true, [decrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-OAEP}, true, [unwrapKey, decrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-OAEP}, true, [unwrapKey])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-1, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-1, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-1, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-OAEP}, false, [decrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-OAEP}, false, [unwrapKey, decrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-OAEP}, false, [unwrapKey])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-256, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-256, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-256, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-OAEP}, true, [decrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-OAEP}, true, [unwrapKey, decrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-OAEP}, true, [unwrapKey])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-256, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-256, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-256, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-OAEP}, false, [decrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-OAEP}, false, [unwrapKey, decrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-OAEP}, false, [unwrapKey])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-384, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-384, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-384, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-OAEP}, true, [decrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-OAEP}, true, [unwrapKey, decrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-OAEP}, true, [unwrapKey])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-384, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-384, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-384, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-OAEP}, false, [decrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-OAEP}, false, [unwrapKey, decrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-OAEP}, false, [unwrapKey])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-512, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-512, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-512, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-OAEP}, true, [decrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-OAEP}, true, [unwrapKey, decrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-OAEP}, true, [unwrapKey])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-512, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-512, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-512, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-OAEP}, false, [decrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-OAEP}, false, [unwrapKey, decrypt])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-OAEP}, false, [unwrapKey])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-1, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-1, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-1, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-OAEP}, true, [decrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-OAEP}, true, [unwrapKey, decrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-OAEP}, true, [unwrapKey])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-1, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-1, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-1, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-OAEP}, false, [decrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-OAEP}, false, [unwrapKey, decrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-OAEP}, false, [unwrapKey])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-256, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-256, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-256, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-OAEP}, true, [decrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-OAEP}, true, [unwrapKey, decrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-OAEP}, true, [unwrapKey])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-256, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-256, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-256, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-OAEP}, false, [decrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-OAEP}, false, [unwrapKey, decrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-OAEP}, false, [unwrapKey])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-384, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-384, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-384, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-OAEP}, true, [decrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-OAEP}, true, [unwrapKey, decrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-OAEP}, true, [unwrapKey])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-384, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-384, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-384, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-OAEP}, false, [decrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-OAEP}, false, [unwrapKey, decrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-OAEP}, false, [unwrapKey])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-512, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-512, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-512, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-OAEP}, true, [decrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-OAEP}, true, [unwrapKey, decrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-OAEP}, true, [unwrapKey])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-512, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-512, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-512, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-OAEP}, false, [decrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-OAEP}, false, [unwrapKey, decrypt])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-OAEP}, false, [unwrapKey])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-1, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-1, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-1, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-OAEP}, true, [decrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-OAEP}, true, [unwrapKey, decrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-OAEP}, true, [unwrapKey])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-1, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-1, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-1, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-OAEP}, false, [decrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-OAEP}, false, [unwrapKey, decrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-OAEP}, false, [unwrapKey])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-256, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-256, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-256, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-OAEP}, true, [decrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-OAEP}, true, [unwrapKey, decrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-OAEP}, true, [unwrapKey])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-256, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-256, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-256, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-OAEP}, false, [decrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-OAEP}, false, [unwrapKey, decrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-OAEP}, false, [unwrapKey])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-384, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-384, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-384, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-OAEP}, true, [decrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-OAEP}, true, [unwrapKey, decrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-OAEP}, true, [unwrapKey])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-384, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-384, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-384, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-OAEP}, false, [decrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-OAEP}, false, [unwrapKey, decrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-OAEP}, false, [unwrapKey])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-512, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-OAEP}, true, [encrypt])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-512, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-OAEP}, true, [wrapKey, encrypt])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-512, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-OAEP}, true, [wrapKey])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-OAEP}, true, [decrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-OAEP}, true, [unwrapKey, decrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-OAEP}, true, [unwrapKey])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-512, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-OAEP}, false, [encrypt])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-512, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-OAEP}, false, [wrapKey, encrypt])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-512, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-OAEP}, false, [wrapKey])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-OAEP}, false, [decrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-OAEP}, false, [unwrapKey, decrypt])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-OAEP}, false, [unwrapKey])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-1, name: RSA-PSS}, true, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-PSS}, true, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-PSS}, true, [sign])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-1, name: RSA-PSS}, false, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-PSS}, false, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-PSS}, false, [sign])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-256, name: RSA-PSS}, true, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-PSS}, true, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-PSS}, true, [sign])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-256, name: RSA-PSS}, false, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-PSS}, false, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-PSS}, false, [sign])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-384, name: RSA-PSS}, true, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-PSS}, true, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-PSS}, true, [sign])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-384, name: RSA-PSS}, false, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-PSS}, false, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-PSS}, false, [sign])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-512, name: RSA-PSS}, true, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-PSS}, true, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-PSS}, true, [sign])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-512, name: RSA-PSS}, false, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-PSS}, false, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-PSS}, false, [sign])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-1, name: RSA-PSS}, true, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-PSS}, true, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-PSS}, true, [sign])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-1, name: RSA-PSS}, false, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-PSS}, false, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-PSS}, false, [sign])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-256, name: RSA-PSS}, true, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-PSS}, true, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-PSS}, true, [sign])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-256, name: RSA-PSS}, false, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-PSS}, false, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-PSS}, false, [sign])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-384, name: RSA-PSS}, true, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-PSS}, true, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-PSS}, true, [sign])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-384, name: RSA-PSS}, false, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-PSS}, false, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-PSS}, false, [sign])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-512, name: RSA-PSS}, true, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-PSS}, true, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-PSS}, true, [sign])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-512, name: RSA-PSS}, false, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-PSS}, false, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-PSS}, false, [sign])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-1, name: RSA-PSS}, true, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-PSS}, true, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-PSS}, true, [sign])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-1, name: RSA-PSS}, false, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSA-PSS}, false, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSA-PSS}, false, [sign])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-256, name: RSA-PSS}, true, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-PSS}, true, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-PSS}, true, [sign])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-256, name: RSA-PSS}, false, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSA-PSS}, false, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSA-PSS}, false, [sign])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-384, name: RSA-PSS}, true, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-PSS}, true, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-PSS}, true, [sign])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-384, name: RSA-PSS}, false, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSA-PSS}, false, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSA-PSS}, false, [sign])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-512, name: RSA-PSS}, true, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-PSS}, true, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-PSS}, true, [sign])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-512, name: RSA-PSS}, false, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSA-PSS}, false, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSA-PSS}, false, [sign])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-1, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSASSA-PKCS1-v1_5}, true, [sign])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-1, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSASSA-PKCS1-v1_5}, false, [sign])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-256, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSASSA-PKCS1-v1_5}, true, [sign])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-256, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSASSA-PKCS1-v1_5}, false, [sign])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-384, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSASSA-PKCS1-v1_5}, true, [sign])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-384, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSASSA-PKCS1-v1_5}, false, [sign])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-512, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSASSA-PKCS1-v1_5}, true, [sign])",
"Good parameters: 1024 bits (spki, buffer(162), {hash: SHA-512, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 1024 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSASSA-PKCS1-v1_5}, false, [sign])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-1, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSASSA-PKCS1-v1_5}, true, [sign])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-1, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSASSA-PKCS1-v1_5}, false, [sign])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-256, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSASSA-PKCS1-v1_5}, true, [sign])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-256, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSASSA-PKCS1-v1_5}, false, [sign])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-384, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSASSA-PKCS1-v1_5}, true, [sign])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-384, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSASSA-PKCS1-v1_5}, false, [sign])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-512, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSASSA-PKCS1-v1_5}, true, [sign])",
"Good parameters: 2048 bits (spki, buffer(294), {hash: SHA-512, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 2048 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSASSA-PKCS1-v1_5}, false, [sign])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-1, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSASSA-PKCS1-v1_5}, true, [sign])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-1, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-1, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-1, name: RSASSA-PKCS1-v1_5}, false, [sign])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-256, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSASSA-PKCS1-v1_5}, true, [sign])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-256, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-256, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-256, name: RSASSA-PKCS1-v1_5}, false, [sign])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-384, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSASSA-PKCS1-v1_5}, true, [sign])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-384, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-384, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-384, name: RSASSA-PKCS1-v1_5}, false, [sign])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-512, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSASSA-PKCS1-v1_5}, true, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSASSA-PKCS1-v1_5}, true, [sign])",
"Good parameters: 4096 bits (spki, buffer(550), {hash: SHA-512, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e), {hash: SHA-512, name: RSASSA-PKCS1-v1_5}, false, [verify])",
"Good parameters: 4096 bits (jwk, object(kty, n, e, d, p, q, dp, dq, qi), {hash: SHA-512, name: RSASSA-PKCS1-v1_5}, false, [sign])"
],
"symmetric_importKey.https.any.html": [ "symmetric_importKey.https.any.html": [
"Good parameters: 128 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 2: 3, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: AES-CTR}, true, [encrypt])", "Good parameters: 128 bits (raw, {0: 1, 1: 2, 10: 11, 11: 12, 12: 13, 13: 14, 14: 15, 15: 16, 2: 3, 3: 4, 4: 5, 5: 6, 6: 7, 7: 8, 8: 9, 9: 10}, {name: AES-CTR}, true, [encrypt])",
"Good parameters: 128 bits (jwk, {alg: A128CTR, k: AQIDBAUGBwgJCgsMDQ4PEA, kty: oct}, {name: AES-CTR}, true, [encrypt])", "Good parameters: 128 bits (jwk, {alg: A128CTR, k: AQIDBAUGBwgJCgsMDQ4PEA, kty: oct}, {name: AES-CTR}, true, [encrypt])",