test,crypto: update WebCryptoAPI WPT

PR-URL: #46575
Reviewed-By: Yagiz Nizipli <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Mohammed Keyvanzadeh <[email protected]>
Reviewed-By: James M Snell <[email protected]>

test/fixtures/wpt/README.md

@@ -32,7 +32,7 @@ Last update:
 - user-timing: https://github.com/web-platform-tests/wpt/tree/df24fb604e/user-timing
 - wasm/jsapi: https://github.com/web-platform-tests/wpt/tree/d8dbe6990b/wasm/jsapi
 - wasm/webapi: https://github.com/web-platform-tests/wpt/tree/fd1b23eeaa/wasm/webapi
-- WebCryptoAPI: https://github.com/web-platform-tests/wpt/tree/450f829d25/WebCryptoAPI
+- WebCryptoAPI: https://github.com/web-platform-tests/wpt/tree/238d9d9bac/WebCryptoAPI
 - webidl/ecmascript-binding/es-exceptions: https://github.com/web-platform-tests/wpt/tree/a370aad338/webidl/ecmascript-binding/es-exceptions
 
 [Web Platform Tests]: https://github.com/web-platform-tests/wpt

test/fixtures/wpt/WebCryptoAPI/generateKey/successes.js

@@ -64,7 +64,7 @@ function run_test(algorithmNames, slowTest) {
             .then(function(result) {
                 if (resultType === "CryptoKeyPair") {
                     assert_goodCryptoKey(result.privateKey, algorithm, extractable, usages, "private");
-                    assert_goodCryptoKey(result.publicKey, algorithm, extractable, usages, "public");
+                    assert_goodCryptoKey(result.publicKey, algorithm, true, usages, "public");
                 } else {
                     assert_goodCryptoKey(result, algorithm, extractable, usages, "secret");
                 }

test/fixtures/wpt/WebCryptoAPI/import_export/ec_importKey.https.any.js

@@ -1,5 +1,6 @@
 // META: title=WebCryptoAPI: importKey() for EC keys
 // META: timeout=long
+// META: script=../util/helpers.js
 
 // Test importKey and exportKey for EC algorithms. Only "happy paths" are
 // currently tested - those where the operation should succeed.
@@ -110,6 +111,7 @@
             return subtle.importKey(format, keyData, algorithm, extractable, usages).
             then(function(key) {
                 assert_equals(key.constructor, CryptoKey, "Imported a CryptoKey object");
+                assert_goodCryptoKey(key, algorithm, extractable, usages, (format === 'pkcs8' || (format === 'jwk' && keyData.d)) ? 'private' : 'public');
                 if (!extractable) {
                     return;
                 }

test/fixtures/wpt/WebCryptoAPI/import_export/okp_importKey.https.any.js

@@ -1,5 +1,6 @@
 // META: title=WebCryptoAPI: importKey() for OKP keys
 // META: timeout=long
+// META: script=../util/helpers.js
 
 // Test importKey and exportKey for OKP algorithms. Only "happy paths" are
 // currently tested - those where the operation should succeed.
@@ -104,6 +105,7 @@
             return subtle.importKey(format, keyData[format], algorithm, extractable, usages).
             then(function(key) {
                 assert_equals(key.constructor, CryptoKey, "Imported a CryptoKey object");
+                assert_goodCryptoKey(key, algorithm, extractable, usages, (format === 'pkcs8' || (format === 'jwk' && keyData[format].d)) ? 'private' : 'public');
                 if (!extractable) {
                     return;
                 }

test/fixtures/wpt/WebCryptoAPI/import_export/symmetric_importKey.https.any.js

@@ -1,5 +1,6 @@
 // META: title=WebCryptoAPI: importKey() for symmetric keys
 // META: timeout=long
+// META: script=../util/helpers.js
 
 // Test importKey and exportKey for non-PKC algorithms. Only "happy paths" are
 // currently tested - those where the operation should succeed.
@@ -57,13 +58,18 @@
         });
     });
 
+    function hasLength(algorithm) {
+        return algorithm.name === 'HMAC' || algorithm.name.startsWith('AES');
+    }
+
     // Test importKey with a given key format and other parameters. If
     // extrable is true, export the key and verify that it matches the input.
     function testFormat(format, algorithm, keyData, keySize, usages, extractable) {
         promise_test(function(test) {
             return subtle.importKey(format, keyData, algorithm, extractable, usages).
             then(function(key) {
                 assert_equals(key.constructor, CryptoKey, "Imported a CryptoKey object");
+                assert_goodCryptoKey(key, hasLength(key.algorithm) ? { length: keySize, ...algorithm } : algorithm, extractable, usages, 'secret');
                 if (!extractable) {
                     return;
                 }

test/fixtures/wpt/WebCryptoAPI/sign_verify/rsa.js

@@ -306,6 +306,35 @@ function run_test() {
         all_promises.push(promise);
     });
 
+    // [RSA-PSS] Verification should fail with wrong saltLength
+    testVectors.forEach(function(vector) {
+        if (vector.algorithm.name === "RSA-PSS") {
+            var promise = importVectorKeys(vector, ["verify"], ["sign"])
+            .then(function(vectors) {
+                promise_test(function(test) {
+                    const saltLength = vector.algorithm.saltLength === 32 ? 48 : 32;
+                    var operation = subtle.verify({ ...vector.algorithm, saltLength }, vector.publicKey, vector.signature, vector.plaintext)
+                    .then(function(is_verified) {
+                        assert_false(is_verified, "Signature NOT verified");
+                    }, function(err) {
+                        assert_unreached("Verification should not throw error " + vector.name + ": " + err.message + "'");
+                    });
+
+                    return operation;
+                }, vector.name + " verification failure with wrong saltLength");
+
+            }, function(err) {
+                // We need a failed test if the importVectorKey operation fails, so
+                // we know we never tested verification.
+                promise_test(function(test) {
+                    assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
+                }, "importVectorKeys step: " + vector.name + " verification failure with wrong saltLength");
+            });
+
+            all_promises.push(promise);
+        }
+    });
+
     // Verification should fail with wrong plaintext
     testVectors.forEach(function(vector) {
         var promise = importVectorKeys(vector, ["verify"], ["sign"])

test/fixtures/wpt/WebCryptoAPI/util/helpers.js

@@ -19,7 +19,7 @@ var registeredAlgorithmNames = [
     "SHA-256",
     "SHA-384",
     "SHA-512",
-    "HKDF-CTR",
+    "HKDF",
     "PBKDF2",
     "Ed25519",
     "Ed448",
@@ -104,9 +104,6 @@ function assert_goodCryptoKey(key, algorithm, extractable, usages, kind) {
 
     assert_equals(key.constructor, CryptoKey, "Is a CryptoKey");
     assert_equals(key.type, kind, "Is a " + kind + " key");
-    if (key.type === "public") {
-        extractable = true; // public keys are always extractable
-    }
     assert_equals(key.extractable, extractable, "Extractability is correct");
 
     assert_equals(key.algorithm.name, registeredAlgorithmName, "Correct algorithm name");
@@ -130,6 +127,10 @@ function assert_goodCryptoKey(key, algorithm, extractable, usages, kind) {
         assert_equals(key.algorithm.hash.name.toUpperCase(), algorithm.hash.toUpperCase(), "Correct hash function");
     }
 
+    if (/^(?:Ed|X)(?:25519|448)$/.test(key.algorithm.name)) {
+        assert_false('namedCurve' in key.algorithm, "Does not have a namedCurve property");
+    }
+
     // usages is expected to be provided for a key pair, but we are checking
     // only a single key. The publicKey and privateKey portions of a key pair
     // recognize only some of the usages appropriate for a key pair.