[WebCrypto] Add PKCS#8 import test that covers `parameters` and `publicKey` values...
authorzandobersek@gmail.com <zandobersek@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 1 Aug 2017 19:18:11 +0000 (19:18 +0000)
committerzandobersek@gmail.com <zandobersek@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 1 Aug 2017 19:18:11 +0000 (19:18 +0000)
https://bugs.webkit.org/show_bug.cgi?id=174420

Reviewed by Darin Adler.

Add test cases that cover testing of the optional ECParameters and publicKey bit string
attributes in the ECPrivateKey ASN.1 structure that's embedded in the PKCS#8 PrivateKeyInfo
ASN.1 structure.

Per the spec, if the ECParameters attribute in the ECPrivateKey structure is present, the
relevant curve object identifier should match the same curve identifier that's used in the
ECParameters attribute of the AlgorithmIdentifier structure in PrivateKeyInfo. Both of these
should of course match the curve that was specified for the import operation.

For the publicKey bit string, the data contained there should be properly formatted for
the specific curve, meaning it should be of proper curve-specific size and that it should
use 0x04 as the leading byte, signalling an uncompressed EC point. On top of that the public
key should have a valid value that positions it on the specified elliptic curve.

These cases are covered for PKCS#8 key imports for P-256 and P-384 curves and for both ECDH
and ECDSA algorithms in the newly-introduced tests. They are skipped on all platforms since
no implementation in WebKit can pass them yet.

* TestExpectations:
* crypto/subtle/ecdh-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey-expected.txt: Added.
* crypto/subtle/ecdh-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey.html: Added.
* crypto/subtle/ecdh-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey-expected.txt: Added.
* crypto/subtle/ecdh-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey.html: Added.
* crypto/subtle/ecdsa-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey-expected.txt: Added.
* crypto/subtle/ecdsa-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey.html: Added.
* crypto/subtle/ecdsa-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey-expected.txt: Added.
* crypto/subtle/ecdsa-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@220108 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/TestExpectations
LayoutTests/crypto/subtle/ecdh-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey-expected.txt [new file with mode: 0644]
LayoutTests/crypto/subtle/ecdh-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey.html [new file with mode: 0644]
LayoutTests/crypto/subtle/ecdh-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey-expected.txt [new file with mode: 0644]
LayoutTests/crypto/subtle/ecdh-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey.html [new file with mode: 0644]
LayoutTests/crypto/subtle/ecdsa-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey-expected.txt [new file with mode: 0644]
LayoutTests/crypto/subtle/ecdsa-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey.html [new file with mode: 0644]
LayoutTests/crypto/subtle/ecdsa-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey-expected.txt [new file with mode: 0644]
LayoutTests/crypto/subtle/ecdsa-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey.html [new file with mode: 0644]

index 3c0f0ab..7c96930 100644 (file)
@@ -1,3 +1,38 @@
+2017-08-01  Zan Dobersek  <zdobersek@igalia.com>
+
+        [WebCrypto] Add PKCS#8 import test that covers `parameters` and `publicKey` values in ECPrivateKey
+        https://bugs.webkit.org/show_bug.cgi?id=174420
+
+        Reviewed by Darin Adler.
+
+        Add test cases that cover testing of the optional ECParameters and publicKey bit string
+        attributes in the ECPrivateKey ASN.1 structure that's embedded in the PKCS#8 PrivateKeyInfo
+        ASN.1 structure.
+
+        Per the spec, if the ECParameters attribute in the ECPrivateKey structure is present, the
+        relevant curve object identifier should match the same curve identifier that's used in the
+        ECParameters attribute of the AlgorithmIdentifier structure in PrivateKeyInfo. Both of these
+        should of course match the curve that was specified for the import operation.
+
+        For the publicKey bit string, the data contained there should be properly formatted for
+        the specific curve, meaning it should be of proper curve-specific size and that it should
+        use 0x04 as the leading byte, signalling an uncompressed EC point. On top of that the public
+        key should have a valid value that positions it on the specified elliptic curve.
+
+        These cases are covered for PKCS#8 key imports for P-256 and P-384 curves and for both ECDH
+        and ECDSA algorithms in the newly-introduced tests. They are skipped on all platforms since
+        no implementation in WebKit can pass them yet.
+
+        * TestExpectations:
+        * crypto/subtle/ecdh-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey-expected.txt: Added.
+        * crypto/subtle/ecdh-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey.html: Added.
+        * crypto/subtle/ecdh-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey-expected.txt: Added.
+        * crypto/subtle/ecdh-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey.html: Added.
+        * crypto/subtle/ecdsa-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey-expected.txt: Added.
+        * crypto/subtle/ecdsa-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey.html: Added.
+        * crypto/subtle/ecdsa-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey-expected.txt: Added.
+        * crypto/subtle/ecdsa-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey.html: Added.
+
 2017-08-01  Ms2ger  <Ms2ger@igalia.com>
 
         [GTK] Layout test fast/forms/content-with-margins-inside-button.html is failing
index 65bbeb1..a36f9a0 100644 (file)
@@ -1046,6 +1046,10 @@ imported/w3c/web-platform-tests/WebCryptoAPI/import_export/test_rsa_importKey.ht
 
 # WebCryptoAPI features that haven't been enabled for current OS
 imported/w3c/web-platform-tests/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey.worker.html [ Skip ]
+crypto/subtle/ecdh-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey.html [ Skip ]
+crypto/subtle/ecdh-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey.html [ Skip ]
+crypto/subtle/ecdsa-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey.html [ Skip ]
+crypto/subtle/ecdsa-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey.html [ Skip ]
 crypto/subtle/ecdh-import-spki-key-ecdh-identifier.html [ Skip ]
 crypto/subtle/rsa-pss-generate-export-key-jwk-sha1.html [ Skip ]
 crypto/subtle/rsa-pss-generate-export-key-jwk-sha224.html [ Skip ]
diff --git a/LayoutTests/crypto/subtle/ecdh-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey-expected.txt b/LayoutTests/crypto/subtle/ecdh-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey-expected.txt
new file mode 100644 (file)
index 0000000..8edf983
--- /dev/null
@@ -0,0 +1,19 @@
+Test that importing P-256 EC keys for the ECDH algorithm through PKCS#8 fails in case of incorrect curve identifier or public key used in the ECPrivateKey structure
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+ECDH: importing P-256 key that uses matching curve identifiers and valid public key in ECParameters structures in PKCS#8 ...
+PASS Successfully imported a P-256 key.
+ECDH: importing P-256 key whose curve identifiers in ECParameters structures in PKCS#8 don't match ...
+PASS importKey(pkcs8P256KeyMismatchedCurveIdentifiers) rejected promise  with DataError: Data provided to an operation does not meet requirements.
+ECDH: importing P-256 key that has a public key in PKCS#8 of invalid length ...
+PASS importKey(pkcs8P256KeyInvalidPublicKeyLength) rejected promise  with DataError: Data provided to an operation does not meet requirements.
+ECDH: importing P-256 key that has a public key in PKCS#8 of invalid EC point format ...
+PASS importKey(pkcs8P256KeyInvalidPublicKeyECPointFormat) rejected promise  with DataError: Data provided to an operation does not meet requirements.
+ECDH: importing P-256 key that has an invalid public key in PKCS#8 ...
+PASS importKey(pkcs8P256KeyInvalidPublicKey) rejected promise  with DataError: Data provided to an operation does not meet requirements.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/crypto/subtle/ecdh-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey.html b/LayoutTests/crypto/subtle/ecdh-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey.html
new file mode 100644 (file)
index 0000000..ef1d37d
--- /dev/null
@@ -0,0 +1,62 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test.js"></script>
+<script src="../resources/common.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+
+<script>
+description("Test that importing P-256 EC keys for the ECDH algorithm through PKCS#8 fails in case of incorrect curve identifier or public key used in the ECPrivateKey structure");
+
+jsTestIsAsync = true;
+
+// Valid P-256 key that has matching named curve identifiers in ECParameters structures under
+// both AlgorithmIdentifier parameters and under ECPrivateKey parameters in the PKCS#8 structure,
+// as well as a valid public key under ECPrivateKey.
+var pkcs8P256ValidKey = hexStringToUint8Array("308193020100301306072a8648ce3d020106082a8648ce3d0301070479307702010104203595fbf4dbf7ae788c5eae2f91c32a056dc2e8b37188edd50b2042bd767a97fba00a06082a8648ce3d030107a144034200040c6fc54db9cd81005b53fd7871b496712341531d1a2a0952b2f5ee192a560988563c3527d69bcf156c6eef098d3db3564ee77b6ecffb9f61486c8be7434fe4e2");
+
+// Invalid P-256 key that has mismatched named curve identifiers in the mentioned ECParameters structures.
+var pkcs8P256KeyMismatchedCurveIdentifiers = hexStringToUint8Array("308190020100301306072a8648ce3d020106082a8648ce3d0301070476307402010104203595fbf4dbf7ae788c5eae2f91c32a056dc2e8b37188edd50b2042bd767a97fba00706052b81040022a144034200040c6fc54db9cd81005b53fd7871b496712341531d1a2a0952b2f5ee192a560988563c3527d69bcf156c6eef098d3db3564ee77b6ecffb9f61486c8be7434fe4e2");
+
+// Invalid P-256 key that has a public key of invalid length (its last byte is clipped).
+var pkcs8P256KeyInvalidPublicKeyLength = hexStringToUint8Array("308186020100301306072a8648ce3d020106082a8648ce3d030107046c306a02010104203595fbf4dbf7ae788c5eae2f91c32a056dc2e8b37188edd50b2042bd767a97fba143034100040c6fc54db9cd81005b53fd7871b496712341531d1a2a0952b2f5ee192a560988563c3527d69bcf156c6eef098d3db3564ee77b6ecffb9f61486c8be7434fe4e2");
+
+// Invalid P-256 key that has a public key of invalid EC point format (leading 0x05 byte instead of 0x04).
+var pkcs8P256KeyInvalidPublicKeyECPointFormat= hexStringToUint8Array("308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b02010104203595fbf4dbf7ae788c5eae2f91c32a056dc2e8b37188edd50b2042bd767a97fba144034200050c6fc54db9cd81005b53fd7871b496712341531d1a2a0952b2f5ee192a560988563c3527d69bcf156c6eef098d3db3564ee77b6ecffb9f61486c8be7434fe4e2");
+
+// Invalid P-256 key that has a public key of invalid value (0xabad1dea).
+var pkcs8P256KeyInvalidPublicKey = hexStringToUint8Array("308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b02010104203595fbf4dbf7ae788c5eae2f91c32a056dc2e8b37188edd50b2042bd767a97fba14403420004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000abad1dea");
+
+function importKey(keyData)
+{
+    return crypto.subtle.importKey("pkcs8", keyData, { name: "ECDH", namedCurve: "P-256" }, true, [ "deriveKey", "deriveBits" ]);
+}
+
+Promise.resolve().then(function(result) {
+    debug("ECDH: importing P-256 key that uses matching curve identifiers and valid public key in ECParameters structures in PKCS#8 ...");
+    return importKey(pkcs8P256ValidKey);
+}).then(function(result) {
+    testPassed("Successfully imported a P-256 key.");
+
+    debug("ECDH: importing P-256 key whose curve identifiers in ECParameters structures in PKCS#8 don't match ...");
+    return shouldReject('importKey(pkcs8P256KeyMismatchedCurveIdentifiers)');
+}).then(function(result) {
+    debug("ECDH: importing P-256 key that has a public key in PKCS#8 of invalid length ...");
+    return shouldReject('importKey(pkcs8P256KeyInvalidPublicKeyLength)');
+}).then(function(result) {
+    debug("ECDH: importing P-256 key that has a public key in PKCS#8 of invalid EC point format ...");
+    return shouldReject('importKey(pkcs8P256KeyInvalidPublicKeyECPointFormat)');
+}).then(function(result) {
+    debug("ECDH: importing P-256 key that has an invalid public key in PKCS#8 ...");
+    return shouldReject('importKey(pkcs8P256KeyInvalidPublicKey)');
+}).then(function(result) {
+    finishJSTest();
+});;
+
+</script>
+
+</body>
+</html>
diff --git a/LayoutTests/crypto/subtle/ecdh-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey-expected.txt b/LayoutTests/crypto/subtle/ecdh-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey-expected.txt
new file mode 100644 (file)
index 0000000..61296c8
--- /dev/null
@@ -0,0 +1,19 @@
+Test that importing P-384 EC keys for the ECDH algorithm through PKCS#8 fails in case of incorrect curve identifier or public key used in the ECPrivateKey structure
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+ECDH: importing P-384 key that uses matching curve identifiers and valid public key in ECParameters structures in PKCS#8 ...
+PASS Successfully imported a P-384 key.
+ECDH: importing P-384 key whose curve identifiers in ECParameters structures in PKCS#8 don't match ...
+PASS importKey(pkcs8P384KeyMismatchedCurveIdentifiers) rejected promise  with DataError: Data provided to an operation does not meet requirements.
+ECDH: importing P-384 key that has a public key in PKCS#8 of invalid length ...
+PASS importKey(pkcs8P384KeyInvalidPublicKeyLength) rejected promise  with DataError: Data provided to an operation does not meet requirements.
+ECDH: importing P-384 key that has a public key in PKCS#8 of invalid EC point format ...
+PASS importKey(pkcs8P384KeyInvalidPublicKeyECPointFormat) rejected promise  with DataError: Data provided to an operation does not meet requirements.
+ECDH: importing P-384 key that has an invalid public key in PKCS#8 ...
+PASS importKey(pkcs8P384KeyInvalidPublicKey) rejected promise  with DataError: Data provided to an operation does not meet requirements.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/crypto/subtle/ecdh-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey.html b/LayoutTests/crypto/subtle/ecdh-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey.html
new file mode 100644 (file)
index 0000000..3d540e4
--- /dev/null
@@ -0,0 +1,62 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test.js"></script>
+<script src="../resources/common.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+
+<script>
+description("Test that importing P-384 EC keys for the ECDH algorithm through PKCS#8 fails in case of incorrect curve identifier or public key used in the ECPrivateKey structure");
+
+jsTestIsAsync = true;
+
+// Valid P-384 key that has matching named curve identifiers in ECParameters structures under
+// both AlgorithmIdentifier parameters and under ECPrivateKey parameters in the PKCS#8 structure,
+// as well as a valid public key under ECPrivateKey.
+var pkcs8P384ValidKey = hexStringToUint8Array("3081bf020100301006072a8648ce3d020106052b810400220481a73081a402010104305710bb8ab960e7efc1d211febba928d7f895ebc804c4d49171b1f2e7fda2a4ae12be81035d5dfdc8320b739e3022eaaca00706052b81040022a16403620004e8dcc7339c61b04dbb28df9aa8944daf3fcb6cad7826190920e2898060d592266762ca8674bb283547d41fd5305e3c965cda6b7bfb9c297a30768f023fae7244300b206ccd8cf9ff491a21ec4cde5be93518bf4f20d0613c8da16151a75086d3");
+
+// Invalid P-384 key that has mismatched named curve identifiers in the mentioned ECParameters structures.
+var pkcs8P384KeyMismatchedCurveIdentifiers = hexStringToUint8Array("3081c2020100301006072a8648ce3d020106052b810400220481aa3081a702010104305710bb8ab960e7efc1d211febba928d7f895ebc804c4d49171b1f2e7fda2a4ae12be81035d5dfdc8320b739e3022eaaca00a06082a8648ce3d030107a16403620004e8dcc7339c61b04dbb28df9aa8944daf3fcb6cad7826190920e2898060d592266762ca8674bb283547d41fd5305e3c965cda6b7bfb9c297a30768f023fae7244300b206ccd8cf9ff491a21ec4cde5be93518bf4f20d0613c8da16151a75086d3");
+
+// Invalid P-384 key that has a public key of invalid length (its last byte is clipped).
+var pkcs8P384KeyInvalidPublicKeyLength = hexStringToUint8Array("3081b5020100301006072a8648ce3d020106052b8104002204819d30819a02010104305710bb8ab960e7efc1d211febba928d7f895ebc804c4d49171b1f2e7fda2a4ae12be81035d5dfdc8320b739e3022eaaca16303610004e8dcc7339c61b04dbb28df9aa8944daf3fcb6cad7826190920e2898060d592266762ca8674bb283547d41fd5305e3c965cda6b7bfb9c297a30768f023fae7244300b206ccd8cf9ff491a21ec4cde5be93518bf4f20d0613c8da16151a75086");
+
+// Invalid P-384 key that has a public key of invalid EC point format (leading 0x05 byte instead of 0x04).
+var pkcs8P384KeyInvalidPublicKeyECPointFormat = hexStringToUint8Array("3081b6020100301006072a8648ce3d020106052b8104002204819e30819b02010104305710bb8ab960e7efc1d211febba928d7f895ebc804c4d49171b1f2e7fda2a4ae12be81035d5dfdc8320b739e3022eaaca16403620005e8dcc7339c61b04dbb28df9aa8944daf3fcb6cad7826190920e2898060d592266762ca8674bb283547d41fd5305e3c965cda6b7bfb9c297a30768f023fae7244300b206ccd8cf9ff491a21ec4cde5be93518bf4f20d0613c8da16151a75086d3");
+
+// Invalid P-384 key that has a public key of invalid value (0xabad1dea).
+var pkcs8P384KeyInvalidPublicKey = hexStringToUint8Array("3081b6020100301006072a8648ce3d020106052b8104002204819e30819b02010104305710bb8ab960e7efc1d211febba928d7f895ebc804c4d49171b1f2e7fda2a4ae12be81035d5dfdc8320b739e3022eaaca164036200040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000abad1dea");
+
+function importKey(keyData, curve)
+{
+    return crypto.subtle.importKey("pkcs8", keyData, { name: "ECDH", namedCurve: "P-384" }, true, [ "deriveKey", "deriveBits" ]);
+}
+
+Promise.resolve().then(function(result) {
+    debug("ECDH: importing P-384 key that uses matching curve identifiers and valid public key in ECParameters structures in PKCS#8 ...");
+    return importKey(pkcs8P384ValidKey);
+}).then(function(result) {
+    testPassed("Successfully imported a P-384 key.");
+
+    debug("ECDH: importing P-384 key whose curve identifiers in ECParameters structures in PKCS#8 don't match ...");
+    return shouldReject('importKey(pkcs8P384KeyMismatchedCurveIdentifiers)');
+}).then(function(result) {
+    debug("ECDH: importing P-384 key that has a public key in PKCS#8 of invalid length ...");
+    return shouldReject('importKey(pkcs8P384KeyInvalidPublicKeyLength)');
+}).then(function(result) {
+    debug("ECDH: importing P-384 key that has a public key in PKCS#8 of invalid EC point format ...");
+    return shouldReject('importKey(pkcs8P384KeyInvalidPublicKeyECPointFormat)');
+}).then(function(result) {
+    debug("ECDH: importing P-384 key that has an invalid public key in PKCS#8 ...");
+    return shouldReject('importKey(pkcs8P384KeyInvalidPublicKey)');
+}).then(function(result) {
+    finishJSTest();
+});;
+
+</script>
+
+</body>
+</html>
diff --git a/LayoutTests/crypto/subtle/ecdsa-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey-expected.txt b/LayoutTests/crypto/subtle/ecdsa-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey-expected.txt
new file mode 100644 (file)
index 0000000..6b65484
--- /dev/null
@@ -0,0 +1,19 @@
+Test that importing P-256 EC keys for the ECDSA algorithm through PKCS#8 fails in case of incorrect curve identifier or public key used in the ECPrivateKey structure
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+ECDSA: importing P-256 key that uses matching curve identifiers and valid public key in ECParameters structures in PKCS#8 ...
+PASS Successfully imported a P-256 key.
+ECDSA: importing P-256 key whose curve identifiers in ECParameters structures in PKCS#8 don't match ...
+PASS importKey(pkcs8P256KeyMismatchedCurveIdentifiers) rejected promise  with DataError: Data provided to an operation does not meet requirements.
+ECDSA: importing P-256 key that has a public key in PKCS#8 of invalid length ...
+PASS importKey(pkcs8P256KeyInvalidPublicKeyLength) rejected promise  with DataError: Data provided to an operation does not meet requirements.
+ECDSA: importing P-256 key that has a public key in PKCS#8 of invalid EC point format ...
+PASS importKey(pkcs8P256KeyInvalidPublicKeyECPointFormat) rejected promise  with DataError: Data provided to an operation does not meet requirements.
+ECDSA: importing P-256 key that has an invalid public key in PKCS#8 ...
+PASS importKey(pkcs8P256KeyInvalidPublicKey) rejected promise  with DataError: Data provided to an operation does not meet requirements.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/crypto/subtle/ecdsa-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey.html b/LayoutTests/crypto/subtle/ecdsa-import-pkcs8-key-p256-validate-ecprivatekey-parameters-publickey.html
new file mode 100644 (file)
index 0000000..f4c2ad2
--- /dev/null
@@ -0,0 +1,62 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test.js"></script>
+<script src="../resources/common.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+
+<script>
+description("Test that importing P-256 EC keys for the ECDSA algorithm through PKCS#8 fails in case of incorrect curve identifier or public key used in the ECPrivateKey structure");
+
+jsTestIsAsync = true;
+
+// Valid P-256 key that has matching named curve identifiers in ECParameters structures under
+// both AlgorithmIdentifier parameters and under ECPrivateKey parameters in the PKCS#8 structure,
+// as well as a valid public key under ECPrivateKey.
+var pkcs8P256ValidKey = hexStringToUint8Array("308193020100301306072a8648ce3d020106082a8648ce3d0301070479307702010104203595fbf4dbf7ae788c5eae2f91c32a056dc2e8b37188edd50b2042bd767a97fba00a06082a8648ce3d030107a144034200040c6fc54db9cd81005b53fd7871b496712341531d1a2a0952b2f5ee192a560988563c3527d69bcf156c6eef098d3db3564ee77b6ecffb9f61486c8be7434fe4e2");
+
+// Invalid P-256 key that has mismatched named curve identifiers in the mentioned ECParameters structures.
+var pkcs8P256KeyMismatchedCurveIdentifiers = hexStringToUint8Array("308190020100301306072a8648ce3d020106082a8648ce3d0301070476307402010104203595fbf4dbf7ae788c5eae2f91c32a056dc2e8b37188edd50b2042bd767a97fba00706052b81040022a144034200040c6fc54db9cd81005b53fd7871b496712341531d1a2a0952b2f5ee192a560988563c3527d69bcf156c6eef098d3db3564ee77b6ecffb9f61486c8be7434fe4e2");
+
+// Invalid P-256 key that has a public key of invalid length (its last byte is clipped).
+var pkcs8P256KeyInvalidPublicKeyLength = hexStringToUint8Array("308186020100301306072a8648ce3d020106082a8648ce3d030107046c306a02010104203595fbf4dbf7ae788c5eae2f91c32a056dc2e8b37188edd50b2042bd767a97fba143034100040c6fc54db9cd81005b53fd7871b496712341531d1a2a0952b2f5ee192a560988563c3527d69bcf156c6eef098d3db3564ee77b6ecffb9f61486c8be7434fe4e2");
+
+// Invalid P-256 key that has a public key of invalid EC point format (leading 0x05 byte instead of 0x04).
+var pkcs8P256KeyInvalidPublicKeyECPointFormat= hexStringToUint8Array("308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b02010104203595fbf4dbf7ae788c5eae2f91c32a056dc2e8b37188edd50b2042bd767a97fba144034200050c6fc54db9cd81005b53fd7871b496712341531d1a2a0952b2f5ee192a560988563c3527d69bcf156c6eef098d3db3564ee77b6ecffb9f61486c8be7434fe4e2");
+
+// Invalid P-256 key that has a public key of invalid value (0xabad1dea).
+var pkcs8P256KeyInvalidPublicKey = hexStringToUint8Array("308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b02010104203595fbf4dbf7ae788c5eae2f91c32a056dc2e8b37188edd50b2042bd767a97fba14403420004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000abad1dea");
+
+function importKey(keyData)
+{
+    return crypto.subtle.importKey("pkcs8", keyData, { name: "ECDSA", namedCurve: "P-256" }, true, [ "sign" ]);
+}
+
+Promise.resolve().then(function(result) {
+    debug("ECDSA: importing P-256 key that uses matching curve identifiers and valid public key in ECParameters structures in PKCS#8 ...");
+    return importKey(pkcs8P256ValidKey);
+}).then(function(result) {
+    testPassed("Successfully imported a P-256 key.");
+
+    debug("ECDSA: importing P-256 key whose curve identifiers in ECParameters structures in PKCS#8 don't match ...");
+    return shouldReject('importKey(pkcs8P256KeyMismatchedCurveIdentifiers)');
+}).then(function(result) {
+    debug("ECDSA: importing P-256 key that has a public key in PKCS#8 of invalid length ...");
+    return shouldReject('importKey(pkcs8P256KeyInvalidPublicKeyLength)');
+}).then(function(result) {
+    debug("ECDSA: importing P-256 key that has a public key in PKCS#8 of invalid EC point format ...");
+    return shouldReject('importKey(pkcs8P256KeyInvalidPublicKeyECPointFormat)');
+}).then(function(result) {
+    debug("ECDSA: importing P-256 key that has an invalid public key in PKCS#8 ...");
+    return shouldReject('importKey(pkcs8P256KeyInvalidPublicKey)');
+}).then(function(result) {
+    finishJSTest();
+});;
+
+</script>
+
+</body>
+</html>
diff --git a/LayoutTests/crypto/subtle/ecdsa-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey-expected.txt b/LayoutTests/crypto/subtle/ecdsa-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey-expected.txt
new file mode 100644 (file)
index 0000000..799a9a2
--- /dev/null
@@ -0,0 +1,19 @@
+Test that importing P-384 EC keys for the ECDSA algorithm through PKCS#8 fails in case of incorrect curve identifier or public key used in the ECPrivateKey structure
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+ECDSA: importing P-384 key that uses matching curve identifiers and valid public key in ECParameters structures in PKCS#8 ...
+PASS Successfully imported a P-384 key.
+ECDSA: importing P-384 key whose curve identifiers in ECParameters structures in PKCS#8 don't match ...
+PASS importKey(pkcs8P384KeyMismatchedCurveIdentifiers) rejected promise  with DataError: Data provided to an operation does not meet requirements.
+ECDSA: importing P-384 key that has a public key in PKCS#8 of invalid length ...
+PASS importKey(pkcs8P384KeyInvalidPublicKeyLength) rejected promise  with DataError: Data provided to an operation does not meet requirements.
+ECDSA: importing P-384 key that has a public key in PKCS#8 of invalid EC point format ...
+PASS importKey(pkcs8P384KeyInvalidPublicKeyECPointFormat) rejected promise  with DataError: Data provided to an operation does not meet requirements.
+ECDSA: importing P-384 key that has an invalid public key in PKCS#8 ...
+PASS importKey(pkcs8P384KeyInvalidPublicKey) rejected promise  with DataError: Data provided to an operation does not meet requirements.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/crypto/subtle/ecdsa-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey.html b/LayoutTests/crypto/subtle/ecdsa-import-pkcs8-key-p384-validate-ecprivatekey-parameters-publickey.html
new file mode 100644 (file)
index 0000000..8a43b82
--- /dev/null
@@ -0,0 +1,62 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test.js"></script>
+<script src="../resources/common.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+
+<script>
+description("Test that importing P-384 EC keys for the ECDSA algorithm through PKCS#8 fails in case of incorrect curve identifier or public key used in the ECPrivateKey structure");
+
+jsTestIsAsync = true;
+
+// Valid P-384 key that has matching named curve identifiers in ECParameters structures under
+// both AlgorithmIdentifier parameters and under ECPrivateKey parameters in the PKCS#8 structure,
+// as well as a valid public key under ECPrivateKey.
+var pkcs8P384ValidKey = hexStringToUint8Array("3081bf020100301006072a8648ce3d020106052b810400220481a73081a402010104305710bb8ab960e7efc1d211febba928d7f895ebc804c4d49171b1f2e7fda2a4ae12be81035d5dfdc8320b739e3022eaaca00706052b81040022a16403620004e8dcc7339c61b04dbb28df9aa8944daf3fcb6cad7826190920e2898060d592266762ca8674bb283547d41fd5305e3c965cda6b7bfb9c297a30768f023fae7244300b206ccd8cf9ff491a21ec4cde5be93518bf4f20d0613c8da16151a75086d3");
+
+// Invalid P-384 key that has mismatched named curve identifiers in the mentioned ECParameters structures.
+var pkcs8P384KeyMismatchedCurveIdentifiers = hexStringToUint8Array("3081c2020100301006072a8648ce3d020106052b810400220481aa3081a702010104305710bb8ab960e7efc1d211febba928d7f895ebc804c4d49171b1f2e7fda2a4ae12be81035d5dfdc8320b739e3022eaaca00a06082a8648ce3d030107a16403620004e8dcc7339c61b04dbb28df9aa8944daf3fcb6cad7826190920e2898060d592266762ca8674bb283547d41fd5305e3c965cda6b7bfb9c297a30768f023fae7244300b206ccd8cf9ff491a21ec4cde5be93518bf4f20d0613c8da16151a75086d3");
+
+// Invalid P-384 key that has a public key of invalid length (its last byte is clipped).
+var pkcs8P384KeyInvalidPublicKeyLength = hexStringToUint8Array("3081b5020100301006072a8648ce3d020106052b8104002204819d30819a02010104305710bb8ab960e7efc1d211febba928d7f895ebc804c4d49171b1f2e7fda2a4ae12be81035d5dfdc8320b739e3022eaaca16303610004e8dcc7339c61b04dbb28df9aa8944daf3fcb6cad7826190920e2898060d592266762ca8674bb283547d41fd5305e3c965cda6b7bfb9c297a30768f023fae7244300b206ccd8cf9ff491a21ec4cde5be93518bf4f20d0613c8da16151a75086");
+
+// Invalid P-384 key that has a public key of invalid EC point format (leading 0x05 byte instead of 0x04).
+var pkcs8P384KeyInvalidPublicKeyECPointFormat = hexStringToUint8Array("3081b6020100301006072a8648ce3d020106052b8104002204819e30819b02010104305710bb8ab960e7efc1d211febba928d7f895ebc804c4d49171b1f2e7fda2a4ae12be81035d5dfdc8320b739e3022eaaca16403620005e8dcc7339c61b04dbb28df9aa8944daf3fcb6cad7826190920e2898060d592266762ca8674bb283547d41fd5305e3c965cda6b7bfb9c297a30768f023fae7244300b206ccd8cf9ff491a21ec4cde5be93518bf4f20d0613c8da16151a75086d3");
+
+// Invalid P-384 key that has a public key of invalid value (0xabad1dea).
+var pkcs8P384KeyInvalidPublicKey = hexStringToUint8Array("3081b6020100301006072a8648ce3d020106052b8104002204819e30819b02010104305710bb8ab960e7efc1d211febba928d7f895ebc804c4d49171b1f2e7fda2a4ae12be81035d5dfdc8320b739e3022eaaca164036200040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000abad1dea");
+
+function importKey(keyData, curve)
+{
+    return crypto.subtle.importKey("pkcs8", keyData, { name: "ECDSA", namedCurve: "P-384" }, true, [ "sign" ]);
+}
+
+Promise.resolve().then(function(result) {
+    debug("ECDSA: importing P-384 key that uses matching curve identifiers and valid public key in ECParameters structures in PKCS#8 ...");
+    return importKey(pkcs8P384ValidKey);
+}).then(function(result) {
+    testPassed("Successfully imported a P-384 key.");
+
+    debug("ECDSA: importing P-384 key whose curve identifiers in ECParameters structures in PKCS#8 don't match ...");
+    return shouldReject('importKey(pkcs8P384KeyMismatchedCurveIdentifiers)');
+}).then(function(result) {
+    debug("ECDSA: importing P-384 key that has a public key in PKCS#8 of invalid length ...");
+    return shouldReject('importKey(pkcs8P384KeyInvalidPublicKeyLength)');
+}).then(function(result) {
+    debug("ECDSA: importing P-384 key that has a public key in PKCS#8 of invalid EC point format ...");
+    return shouldReject('importKey(pkcs8P384KeyInvalidPublicKeyECPointFormat)');
+}).then(function(result) {
+    debug("ECDSA: importing P-384 key that has an invalid public key in PKCS#8 ...");
+    return shouldReject('importKey(pkcs8P384KeyInvalidPublicKey)');
+}).then(function(result) {
+    finishJSTest();
+});;
+
+</script>
+
+</body>
+</html>