test: update WPT for WebCryptoAPI to edd42c005c

PR-URL: #57365
Backport-PR-URL: #58589
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jason Zhang <xzha4350@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

Author: nodejs-github-bot

lib/internal/crypto/cfrg.js

@@ -274,6 +274,14 @@ async function cfrgImportKey(
           'DataError');
       }
 
+      if (keyData.alg !== undefined && (name === 'Ed25519' || name === 'Ed448')) {
+        if (keyData.alg !== name && keyData.alg !== 'EdDSA') {
+          throw lazyDOMException(
+            'JWK "alg" does not match the requested algorithm',
+            'DataError');
+        }
+      }
+
       if (!isPublic && typeof keyData.x !== 'string') {
         throw lazyDOMException('Invalid JWK', 'DataError');
       }

lib/internal/crypto/webcrypto.js

@@ -475,6 +475,7 @@ async function exportKeyJWK(key) {
       // Fall through
     case 'Ed448':
       jwk.crv ||= key.algorithm.name;
+      jwk.alg = key.algorithm.name;
       return jwk;
     case 'AES-CTR':
       // Fall through

test/fixtures/wpt/README.md

@@ -31,7 +31,7 @@ Last update:
 - user-timing: https://github.com/web-platform-tests/wpt/tree/5ae85bf826/user-timing
 - wasm/jsapi: https://github.com/web-platform-tests/wpt/tree/cde25e7e3c/wasm/jsapi
 - wasm/webapi: https://github.com/web-platform-tests/wpt/tree/fd1b23eeaa/wasm/webapi
-- WebCryptoAPI: https://github.com/web-platform-tests/wpt/tree/b81831169b/WebCryptoAPI
+- WebCryptoAPI: https://github.com/web-platform-tests/wpt/tree/edd42c005c/WebCryptoAPI
 - webidl/ecmascript-binding/es-exceptions: https://github.com/web-platform-tests/wpt/tree/a370aad338/webidl/ecmascript-binding/es-exceptions
 - webmessaging/broadcastchannel: https://github.com/web-platform-tests/wpt/tree/e97fac4791/webmessaging/broadcastchannel
 

test/fixtures/wpt/WebCryptoAPI/crypto_key_cached_slots.https.any.js

@@ -0,0 +1,44 @@
+// META: title=WebCryptoAPI: CryptoKey cached ECMAScript objects
+
+// https://w3c.github.io/webcrypto/#dom-cryptokey-algorithm
+// https://github.com/servo/servo/issues/33908
+
+promise_test(function() {
+    return self.crypto.subtle.generateKey(
+        {
+          name: "AES-CTR",
+          length: 256,
+        },
+        true,
+        ["encrypt"],
+      ).then(
+        function(key) {
+          let a = key.algorithm;
+          let b = key.algorithm;
+          assert_true(a === b);
+        },
+        function(err) {
+            assert_unreached("generateKey threw an unexpected error: " + err.toString());
+        }
+    );
+}, "CryptoKey.algorithm getter returns cached object");
+
+promise_test(function() {
+    return self.crypto.subtle.generateKey(
+        {
+          name: "AES-CTR",
+          length: 256,
+        },
+        true,
+        ["encrypt"],
+      ).then(
+        function(key) {
+          let a = key.usages;
+          let b = key.usages;
+          assert_true(a === b);
+        },
+        function(err) {
+            assert_unreached("generateKey threw an unexpected error: " + err.toString());
+        }
+    );
+}, "CryptoKey.usages getter returns cached object");

test/fixtures/wpt/WebCryptoAPI/cryptokey_algorithm_returns_cached_object.https.any.js

@@ -118,6 +118,20 @@
         });
     });
 
+    // Call digest() with empty algorithm object
+    Object.keys(sourceData).forEach(function(size) {
+        promise_test(function(test) {
+            var promise = subtle.digest({}, sourceData[size])
+            .then(function(result) {
+                assert_unreached("digest() with missing algorithm name should have thrown a TypeError");
+            }, function(err) {
+                assert_equals(err.name, "TypeError", "Missing algorithm name should cause TypeError")
+            });
+
+            return promise;
+        }, "empty algorithm object with " + size);
+    });
+
 
     done();
 

test/fixtures/wpt/WebCryptoAPI/digest/digest.https.any.js

@@ -166,6 +166,14 @@ function run_test(algorithmNames) {
         });
     });
 
+    // Empty algorithm should fail with TypeError
+    allValidUsages(["decrypt", "sign", "deriveBits"], true, []) // Small search space, shouldn't matter because should fail before used
+        .forEach(function(usages) {
+            [false, true, "RED", 7].forEach(function(extractable){
+                testError({}, extractable, usages, "TypeError", "Empty algorithm");
+            });
+        });
+
 
     // Algorithms normalize okay, but usages bad (though not empty).
     // It shouldn't matter what other extractable is. Should fail

test/fixtures/wpt/WebCryptoAPI/generateKey/failures.js

@@ -19,6 +19,14 @@ function getMismatchedJWKKeyData(algorithm) {
     return [];
 }
 
+function getMismatchedKtyField(algorithm) {
+    return mismatchedKtyField[algorithm.name];
+}
+
+function getMismatchedCrvField(algorithm) {
+    return mismatchedCrvField[algorithm.name];
+}
+
 var validKeyData = {
     "P-521": [
         {
@@ -201,3 +209,17 @@ var missingJWKFieldKeyData = {
         }
     ]
 };
+
+// The 'kty' field doesn't match the key algorithm.
+var mismatchedKtyField =  {
+    "P-521": "OKP",
+    "P-256": "OKP",
+    "P-384": "OKP",
+}
+
+// The 'kty' field doesn't match the key algorithm.
+var mismatchedCrvField =  {
+    "P-521": "P-256",
+    "P-256": "P-384",
+    "P-384": "P-521",
+}

test/fixtures/wpt/WebCryptoAPI/import_export/ec_importKey_failures_fixtures.js

@@ -192,4 +192,79 @@ function run_test(algorithmNames) {
             });
         });
     });
+
+    // Missing mandatory "name" field on algorithm
+    testVectors.forEach(function(vector) {
+        var name = vector.name;
+        // We just need *some* valid keydata, so pick the first available algorithm.
+        var algorithm = allAlgorithmSpecifiersFor(name)[0];
+        getValidKeyData(algorithm).forEach(function(test) {
+            validUsages(vector, test.format, test.data).forEach(function(usages) {
+                [true, false].forEach(function(extractable) {
+                    testError(test.format, {}, test.data, name, usages, extractable, "TypeError", "Missing algorithm name");
+                });
+            });
+        });
+    });
+
+    // The 'kty' field is not correct.
+    testVectors.forEach(function(vector) {
+        var name = vector.name;
+        allAlgorithmSpecifiersFor(name).forEach(function(algorithm) {
+            getValidKeyData(algorithm).forEach(function(test) {
+                if (test.format === "jwk") {
+                    var data = {crv: test.data.crv, kty: test.data.kty, d: test.data.d, x: test.data.x, d: test.data.d};
+                    data.kty = getMismatchedKtyField(algorithm);
+                    var usages =  validUsages(vector, 'jwk', test.data);
+                    testError('jwk', algorithm, data, name, usages, true, "DataError", "Invalid 'kty' field");
+                }
+            });
+        });
+    });
+
+    // The 'ext' field is not correct.
+    testVectors.forEach(function(vector) {
+        var name = vector.name;
+        allAlgorithmSpecifiersFor(name).forEach(function(algorithm) {
+            getValidKeyData(algorithm).forEach(function(test) {
+                if (test.format === "jwk") {
+                    var data = {crv: test.data.crv, kty: test.data.kty, d: test.data.d, x: test.data.x, d: test.data.d};
+                    data.ext = false;
+                    var usages =  validUsages(vector, 'jwk', test.data);
+                    testError('jwk', algorithm, data, name, usages, true, "DataError", "Import from a non-extractable");
+                }
+            });
+        });
+    });
+
+    // The 'use' field is incorrect.
+    testVectors.forEach(function(vector) {
+        var name = vector.name;
+        allAlgorithmSpecifiersFor(name).forEach(function(algorithm) {
+            getValidKeyData(algorithm).forEach(function(test) {
+                if (test.format === "jwk") {
+                    var data = {crv: test.data.crv, kty: test.data.kty, d: test.data.d, x: test.data.x, d: test.data.d};
+                    data.use = "invalid";
+                    var usages =  validUsages(vector, 'jwk', test.data);
+                    if (usages.length !== 0)
+                        testError('jwk', algorithm, data, name, usages, true, "DataError", "Invalid 'use' field");
+                }
+            });
+        });
+    });
+
+    // The 'crv' field is incorrect.
+    testVectors.forEach(function(vector) {
+        var name = vector.name;
+        allAlgorithmSpecifiersFor(name).forEach(function(algorithm) {
+            getValidKeyData(algorithm).forEach(function(test) {
+                if (test.format === "jwk") {
+                    var data = {crv: test.data.crv, kty: test.data.kty, d: test.data.d, x: test.data.x, d: test.data.d};
+                    data.crv = getMismatchedCrvField(algorithm)
+                    var usages =  validUsages(vector, 'jwk', test.data);
+                    testError('jwk', algorithm, data, name, usages, true, "DataError", "Invalid 'crv' field");
+                }
+            });
+        });
+    });
 }

test/fixtures/wpt/WebCryptoAPI/import_export/importKey_failures.js

@@ -11,7 +11,7 @@ function runTests(algorithmName) {
             ['spki', 'jwk', 'raw'].forEach(function(format) {
                 if (format === "jwk") { // Not all fields used for public keys
                     testFormat(format, algorithm, jwkData, algorithmName, usages, extractable);
-                    // Test for https://github.com/WICG/webcrypto-secure-curves/pull/24
+                    // Test for https://github.com/w3c/webcrypto/pull/401
                     if (extractable) {
                         testJwkAlgBehaviours(algorithm, jwkData.jwk, algorithmName, usages);
                     }
@@ -27,7 +27,7 @@ function runTests(algorithmName) {
             ['pkcs8', 'jwk'].forEach(function(format) {
                 testFormat(format, algorithm, data, algorithmName, usages, extractable);
 
-                // Test for https://github.com/WICG/webcrypto-secure-curves/pull/24
+                // Test for https://github.com/w3c/webcrypto/pull/401
                 if (format === "jwk" && extractable) {
                     testJwkAlgBehaviours(algorithm, data.jwk, algorithmName, usages);
                 }
@@ -67,27 +67,34 @@ function testFormat(format, algorithm, keyData, keySize, usages, extractable) {
     });
 }
 
-// Test importKey/exportKey "alg" behaviours, alg is ignored upon import and alg is missing for Ed25519 and Ed448 JWK export
-// https://github.com/WICG/webcrypto-secure-curves/pull/24
+// Test importKey/exportKey "alg" behaviours (https://github.com/w3c/webcrypto/pull/401)
+// - alg is ignored for ECDH import
+// - TODO: alg is checked to be the algorithm.name or EdDSA for Ed25519 and Ed448 import
+// - alg is missing for ECDH export
+// - alg is the algorithm name for Ed25519 and Ed448 export
 function testJwkAlgBehaviours(algorithm, keyData, crv, usages) {
     [algorithm, algorithm.name].forEach((alg) => {
-        promise_test(function(test) {
-            return subtle.importKey('jwk', { ...keyData, alg: 'this is ignored' }, alg, true, usages).
-                then(function(key) {
-                    assert_equals(key.constructor, CryptoKey, "Imported a CryptoKey object");
-
-                    return subtle.exportKey('jwk', key).
-                        then(function(result) {
-                            assert_equals(Object.keys(result).length, keyData.d ? 6 : 5, "Correct number of JWK members");
-                            assert_equals(result.alg, undefined, 'No JWK "alg" member is present');
-                            assert_true(equalJwk(keyData, result), "Round trip works");
-                        }, function(err) {
+        (crv.startsWith('Ed') ? [algorithm.name, 'EdDSA'] : ['this is ignored']).forEach((jwkAlg) => {
+            promise_test(function(test) {
+                return subtle.importKey('jwk', { ...keyData, alg: jwkAlg }, alg, true, usages).
+                    then(function(key) {
+                        assert_equals(key.constructor, CryptoKey, "Imported a CryptoKey object");
+
+                        return subtle.exportKey('jwk', key).
+                            then(function(result) {
+                                let expectedKeys = crv.startsWith('Ed') ? 6 : 5
+                                if (keyData.d) expectedKeys++
+                                assert_equals(Object.keys(result).length, expectedKeys, "Correct number of JWK members");
+                                assert_equals(result.alg, crv.startsWith('Ed') ? algorithm.name : undefined, 'Expected JWK "alg" member');
+                                assert_true(equalJwk(keyData, result), "Round trip works");
+                            }, function(err) {
+                            assert_unreached("Threw an unexpected error: " + err.toString());
+                            });
+                    }, function(err) {
                         assert_unreached("Threw an unexpected error: " + err.toString());
-                        });
-                }, function(err) {
-                    assert_unreached("Threw an unexpected error: " + err.toString());
-                });
-        }, "Good parameters with ignored JWK alg: " + crv.toString() + " " + parameterString('jwk', keyData, alg, true, usages));
+                    });
+            }, 'Good parameters with JWK alg' + (crv.startsWith('Ed') ? ` ${jwkAlg}: ` : ': ') + crv.toString() + " " + parameterString('jwk', keyData, alg, true, usages, jwkAlg));
+        });
     });
 }
 

test/fixtures/wpt/WebCryptoAPI/import_export/okp_importKey.js

@@ -17,6 +17,14 @@ function getMismatchedJWKKeyData(algorithm) {
     return mismatchedJWKKeyData[algorithm.name];
 }
 
+function getMismatchedKtyField(algorithm) {
+    return mismatchedKtyField[algorithm.name];
+}
+
+function getMismatchedCrvField(algorithm) {
+    return mismatchedCrvField[algorithm.name];
+}
+
 var validKeyData = {
     "Ed25519": [
         {
@@ -412,3 +420,19 @@ var mismatchedJWKKeyData =  {
         },
     ],
 }
+
+// The 'kty' field doesn't match the key algorithm.
+var mismatchedKtyField =  {
+    "Ed25519": "EC",
+    "X25519": "EC",
+    "Ed448": "EC",
+    "X448": "EC",
+}
+
+// The 'kty' field doesn't match the key algorithm.
+var mismatchedCrvField =  {
+    "Ed25519": "X25519",
+    "X25519": "Ed448",
+    "Ed448": "X25519",
+    "X448": "Ed25519",
+}