test_WebCrypto_Wrap_Unwrap.html

mozilla-central/dom/crypto/test/test_WebCrypto_Wrap_Unwrap.html

Enable keyboard shortcuts

Source code

File a bug in Core :: DOM: Security

Revision control

Copy as Markdown

Other Tools

Test Info:

Manifest: dom/crypto/test/mochitest.toml

<!DOCTYPE html>

<html>

<head>

<title>WebCrypto Test Suite</title>

<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />

<link rel="stylesheet" href="./test_WebCrypto.css"/>

<script src="/tests/SimpleTest/SimpleTest.js"></script>

<!-- Utilities for manipulating ABVs -->

<script src="util.js"></script>

<!-- A simple wrapper around IndexedDB -->

<script src="simpledb.js"></script>

<!-- Test vectors drawn from the literature -->

<script src="./test-vectors.js"></script>

<!-- General testing framework -->

<script src="./test-array.js"></script>

<script>/* <![CDATA[*/

"use strict";

// -----------------------------------------------------------------------------

TestArray.addTest(

  "Key wrap known answer, using AES-GCM",

  function() {

    var that = this;

    var alg = {

      name: "AES-GCM",

      iv: tv.key_wrap_known_answer.wrapping_iv,

      tagLength: 128,

};

    var key, wrappingKey;

    function doImport(k) {

      wrappingKey = k;

      return crypto.subtle.importKey("raw", tv.key_wrap_known_answer.key,

                                     alg, true, ["encrypt", "decrypt"]);

    function doWrap(k) {

      key = k;

      return crypto.subtle.wrapKey("raw", key, wrappingKey, alg);

    crypto.subtle.importKey("raw", tv.key_wrap_known_answer.wrapping_key,

                            alg, false, ["wrapKey"])

      .then(doImport, error(that))

      .then(doWrap, error(that))

      .then(

        memcmp_complete(that, tv.key_wrap_known_answer.wrapped_key),

        error(that)

);

);

// -----------------------------------------------------------------------------

TestArray.addTest(

  "Key wrap failing on non-extractable key",

  function() {

    var that = this;

    var alg = {

      name: "AES-GCM",

      iv: tv.key_wrap_known_answer.wrapping_iv,

      tagLength: 128,

};

    var key, wrappingKey;

    function doImport(k) {

      wrappingKey = k;

      return crypto.subtle.importKey("raw", tv.key_wrap_known_answer.key,

                                     alg, false, ["encrypt", "decrypt"]);

    function doWrap(k) {

      key = k;

      return crypto.subtle.wrapKey("raw", key, wrappingKey, alg);

    crypto.subtle.importKey("raw", tv.key_wrap_known_answer.wrapping_key,

                            alg, false, ["wrapKey"])

      .then(doImport, error(that))

      .then(doWrap, error(that))

      .then(

        error(that),

        complete(that)

);

);

// -----------------------------------------------------------------------------

TestArray.addTest(

  "Key unwrap known answer, using AES-GCM",

  function() {

    var that = this;

    var alg = {

      name: "AES-GCM",

      iv: tv.key_wrap_known_answer.wrapping_iv,

      tagLength: 128,

};

    var wrappingKey;

    function doUnwrap(k) {

      wrappingKey = k;

      return crypto.subtle.unwrapKey(

                "raw", tv.key_wrap_known_answer.wrapped_key,

                wrappingKey, alg,

                "AES-GCM", true, ["encrypt", "decrypt"]

);

    function doExport(k) {

      return crypto.subtle.exportKey("raw", k);

    crypto.subtle.importKey("raw", tv.key_wrap_known_answer.wrapping_key,

                            alg, false, ["unwrapKey"])

      .then(doUnwrap, error(that))

      .then(doExport, error(that))

      .then(

        memcmp_complete(that, tv.key_wrap_known_answer.key),

        error(that)

);

);

// -----------------------------------------------------------------------------

TestArray.addTest(

  "Key wrap/unwrap round-trip, using RSA-OAEP",

  function() {

    var that = this;

    var oaep = {

      name: "RSA-OAEP",

      hash: "SHA-256",

};

    var gcm = {

      name: "AES-GCM",

      iv: tv.aes_gcm_enc.iv,

      additionalData: tv.aes_gcm_enc.adata,

      tagLength: 128,

};

    var unwrapKey;

    function doWrap(keys) {

      var originalKey = keys[0];

      var wrapKey = keys[1];

      unwrapKey = keys[2];

      return crypto.subtle.wrapKey("raw", originalKey, wrapKey, oaep);

    function doUnwrap(wrappedKey) {

      return crypto.subtle.unwrapKey("raw", wrappedKey, unwrapKey, oaep,

                                     gcm, false, ["encrypt"]);

    function doEncrypt(aesKey) {

      return crypto.subtle.encrypt(gcm, aesKey, tv.aes_gcm_enc.data);

    // 1.Import:

    //  -> HMAC key

    //  -> OAEP wrap key (public)

    //  -> OAEP unwrap key (private)

    // 2. Wrap the HMAC key

    // 3. Unwrap it

    // 4. Compute HMAC

    // 5. Check HMAC value

    Promise.all([

      crypto.subtle.importKey("raw", tv.aes_gcm_enc.key, gcm, true, ["encrypt"]),

      crypto.subtle.importKey("spki", tv.rsaoaep.spki, oaep, true, ["wrapKey"]),

      crypto.subtle.importKey("pkcs8", tv.rsaoaep.pkcs8, oaep, false, ["unwrapKey"]),

])

      .then(doWrap, error(that))

      .then(doUnwrap, error(that))

      .then(doEncrypt, error(that))

      .then(

        memcmp_complete(that, tv.aes_gcm_enc.result),

        error(that)

);

);

// -----------------------------------------------------------------------------

TestArray.addTest(

  "HMAC JWK wrap/unwrap round-trip, with AES-GCM",

  function() {

    var that = this;

    var genAlg = { name: "HMAC", hash: "SHA-384", length: 512 };

    var wrapAlg = { name: "AES-GCM", iv: tv.aes_gcm_enc.iv };

    var wrapKey, originalKey, originalKeyJwk;

    function doExport(k) {

      return crypto.subtle.exportKey("jwk", k);

    function doWrap() {

      return crypto.subtle.wrapKey("jwk", originalKey, wrapKey, wrapAlg);

    function doUnwrap(wrappedKey) {

      return crypto.subtle.unwrapKey("jwk", wrappedKey, wrapKey, wrapAlg,

                                     { name: "HMAC", hash: "SHA-384"},

                                     true, ["sign", "verify"]);

    Promise.all([

      crypto.subtle.importKey("jwk", tv.aes_gcm_enc.key_jwk,

                              "AES-GCM", false, ["wrapKey", "unwrapKey"])

        .then(function(x) { wrapKey = x; }),

      crypto.subtle.generateKey(genAlg, true, ["sign", "verify"])

        .then(function(x) { originalKey = x; return x; })

        .then(doExport)

        .then(function(x) { originalKeyJwk = x; }),

])

      .then(doWrap)

      .then(doUnwrap)

      .then(doExport)

      .then(

        complete(that, function(x) {

          return exists(x.k) && x.k == originalKeyJwk.k;

}),

        error(that)

);

);

// -----------------------------------------------------------------------------

TestArray.addTest(

  "ECDSA private JWK wrap/unwrap round-trip, with AES-GCM",

  function() {

    var that = this;

    var genAlg = { name: "ECDSA", namedCurve: "P-256" };

    var wrapAlg = { name: "AES-GCM", iv: tv.aes_gcm_enc.iv };

    var wrapKey, originalKey, originalKeyJwk;

    function doExport(k) {

      return crypto.subtle.exportKey("jwk", k);

    function doWrap() {

      return crypto.subtle.wrapKey("jwk", originalKey, wrapKey, wrapAlg);

    function doUnwrap(wrappedKey) {

      return crypto.subtle.unwrapKey("jwk", wrappedKey, wrapKey, wrapAlg,

                                     genAlg, true, ["sign"]);

    Promise.all([

      crypto.subtle.importKey("jwk", tv.aes_gcm_enc.key_jwk,

                              "AES-GCM", false, ["wrapKey", "unwrapKey"])

        .then(function(x) { wrapKey = x; }),

      crypto.subtle.generateKey(genAlg, true, ["sign", "verify"])

        .then(function(x) { originalKey = x.privateKey; return x.privateKey; })

        .then(doExport)

        .then(function(x) { originalKeyJwk = x; }),

])

      .then(doWrap)

      .then(doUnwrap)

      .then(doExport)

      .then(

        complete(that, function(x) {

     return (x.kty == originalKeyJwk.kty) &&

            (x.crv == originalKeyJwk.crv) &&

            (x.d == originalKeyJwk.d) &&

            (x.x == originalKeyJwk.x) &&

            (x.y == originalKeyJwk.y);

}),

        error(that)

);

);

// -----------------------------------------------------------------------------

TestArray.addTest(

  "AES-KW known answer",

  function() {

    var that = this;

    function doWrap(keys) {

      var wrapKey = keys[0];

      var originalKey = keys[1];

      return crypto.subtle.wrapKey("raw", originalKey, wrapKey, "AES-KW");

    Promise.all([

      crypto.subtle.importKey("jwk", tv.aes_kw.wrapping_key,

                              "AES-KW", false, ["wrapKey"]),

      crypto.subtle.importKey("jwk", tv.aes_kw.key,

                              "AES-GCM", true, ["encrypt"]),

])

      .then(doWrap)

      .then(

        memcmp_complete(that, tv.aes_kw.wrapped_key),

        error(that)

);

);

// -----------------------------------------------------------------------------

TestArray.addTest(

  "AES-KW unwrap failure on tampered key data",

  function() {

    var that = this;

    var tamperedWrappedKey = new Uint8Array(tv.aes_kw.wrapped_key);

    tamperedWrappedKey[5] ^= 0xFF;

    function doUnwrap(wrapKey) {

      return crypto.subtle.unwrapKey("raw", tamperedWrappedKey, wrapKey,

                                     "AES-KW", "AES-GCM",

                                     true, ["encrypt", "decrypt"]);

    crypto.subtle.importKey("jwk", tv.aes_kw.wrapping_key,

                              "AES-KW", false, ["unwrapKey"])

      .then(doUnwrap)

      .then(error(that), complete(that));

);

// -----------------------------------------------------------------------------

TestArray.addTest(

  "AES-KW unwrap AES-KW key data",

  function() {

    var that = this;

    var wrappedKey = new Uint8Array(tv.aes_kw.wrapped_key);

    function doUnwrap(wrapKey) {

      return crypto.subtle.unwrapKey("raw", wrappedKey, wrapKey,

                                     "AES-KW", "AES-KW",

                                     true, ["wrapKey", "unwrapKey"]);

    crypto.subtle.importKey("jwk", tv.aes_kw.wrapping_key,

                              "AES-KW", false, ["unwrapKey"])

      .then(doUnwrap)

      .then(

        memcmp_complete(that, tv.aes_kw.key),

        error(that)

);

);

// -----------------------------------------------------------------------------

TestArray.addTest(

  "AES-KW wrap/unwrap round-trip",

  function() {

    var that = this;

    var genAlg = { name: "HMAC", hash: "SHA-384", length: 512 };

    var wrapKey, originalKey, originalKeyJwk;

    function doExport(k) {

      return crypto.subtle.exportKey("jwk", k);

    function doWrap() {

      return crypto.subtle.wrapKey("raw", originalKey, wrapKey, "AES-KW");

    function doUnwrap(wrappedKey) {

      return crypto.subtle.unwrapKey("raw", wrappedKey, wrapKey,

                                     "AES-KW", { name: "HMAC", hash: "SHA-384"},

                                     true, ["sign", "verify"]);

    Promise.all([

      crypto.subtle.importKey("jwk", tv.aes_kw.wrapping_key,

                              "AES-KW", false, ["wrapKey", "unwrapKey"])

        .then(function(x) { wrapKey = x; }),

      crypto.subtle.generateKey(genAlg, true, ["sign"])

        .then(function(x) { originalKey = x; return x; })

        .then(doExport)

        .then(function(x) { originalKeyJwk = x; }),

])

      .then(doWrap)

      .then(doUnwrap)

      .then(doExport)

      .then(

        complete(that, function(x) {

          return exists(x.k) && x.k == originalKeyJwk.k;

}),

        error(that)

);

);

// -----------------------------------------------------------------------------

TestArray.addTest(

  "JWK unwrap attempt on bogus data should error out",

  function() {

    // Largely cribbed from the "JWK wrap/unwrap round-trip, with AES-GCM" test

    var that = this;

    var wrapAlg = { name: "AES-GCM", iv: tv.aes_gcm_enc.iv };

    var wrapKey;

    function doBogusWrap() {

      var abv = new TextEncoder().encode("I am so not JSON");

      return crypto.subtle.encrypt(wrapAlg, wrapKey, abv);

    function doUnwrap(wrappedKey) {

      return crypto.subtle.unwrapKey("jwk", wrappedKey, wrapKey, wrapAlg,

                                     {name: "HMAC", hash: "SHA-384"},

                                     true, ["sign", "verify"]);

    crypto.subtle.importKey("jwk", tv.aes_gcm_enc.key_jwk,

                            "AES-GCM", false, ["encrypt", "unwrapKey"])

      .then(function(x) { wrapKey = x; })

      .then(doBogusWrap, error(that))

      .then(doUnwrap, error(that))

      .then(

        error(that),

        complete(that)

);

);

/* ]]>*/</script>

</head>

<body>

<div id="content">

	<div id="head">

		<b>Web</b>Crypto<br>

	</div>

    <div id="start" onclick="start();">RUN ALL</div>

    <div id="resultDiv" class="content">

    Summary:

    <span class="pass"><span id="passN">0</span> passed, </span>

    <span class="fail"><span id="failN">0</span> failed, </span>

    <span class="pending"><span id="pendingN">0</span> pending.</span>

    <br/>

    <br/>

    <table id="results">

        <tr>

            <th>Test</th>

            <th>Result</th>

            <th>Time</th>

        </tr>

    </table>

    </div>

    <div id="foot"></div>

</div>

</body>

</html>