From 9d8cd83028da9f0f3717afa21055e1490f0907d8 Mon Sep 17 00:00:00 2001 From: Tete17 Date: Sun, 12 Apr 2026 22:38:05 +0200 Subject: [PATCH 1/3] LibWeb: Fix Ed448 raw key length check in importKey Ed448 public keys are 57 bytes (456 bits), not 56 bytes (448 bits). The curve is named "Ed448" after its 448-bit prime field, but per RFC 8032 Section 5.2.5, the parameter b=456 and both private and public keys are 57 bytes. This caused importKey to reject valid raw Ed448 public keys with a DataError. Note: The spec incorrectly says "not 448" for this check. See https://github.com/w3c/webcrypto/pull/425#discussion_r3070135408 --- Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp | 4 +- ...kp_importKey_Ed448.tentative.https.any.txt | 77 +++++++++++++++++++ ...p_importKey_Ed448.tentative.https.any.html | 18 +++++ ...okp_importKey_Ed448.tentative.https.any.js | 9 +++ 4 files changed, 107 insertions(+), 1 deletion(-) create mode 100644 Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_Ed448.tentative.https.any.txt create mode 100644 Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/import_export/okp_importKey_Ed448.tentative.https.any.html create mode 100644 Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/import_export/okp_importKey_Ed448.tentative.https.any.js diff --git a/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp b/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp index d633ffe2c3308..6f420abad2107 100644 --- a/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp +++ b/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp @@ -6665,7 +6665,9 @@ WebIDL::ExceptionOr> ED448::import_key( auto data = move(key_data.get()); // 3. If the length in bits of data is not 448 then throw a DataError. - if (data.size() * 8 != 448) + // AD-HOC: The spec has a typo with the size of the key length + // See spec comment: https://github.com/w3c/webcrypto/pull/425#discussion_r3070135408 + if (data.size() * 8 != 456) return WebIDL::DataError::create(m_realm, "Invalid key length"_utf16); // 4. Let algorithm be a new KeyAlgorithm object. diff --git a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_Ed448.tentative.https.any.txt b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_Ed448.tentative.https.any.txt new file mode 100644 index 0000000000000..65417e50f7704 --- /dev/null +++ b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_Ed448.tentative.https.any.txt @@ -0,0 +1,77 @@ +Harness status: OK + +Found 72 tests + +72 Pass +Pass Good parameters: Ed448 bits (spki, buffer(69), {name: Ed448}, true, [verify]) +Pass Good parameters: Ed448 bits (spki, buffer(69), Ed448, true, [verify]) +Pass Good parameters: Ed448 bits (jwk, object(kty, crv, x), {name: Ed448}, true, [verify]) +Pass Good parameters: Ed448 bits (jwk, object(kty, crv, x), Ed448, true, [verify]) +Pass Good parameters with JWK alg Ed448: Ed448 (jwk, object(kty, crv, x), {name: Ed448}, true, [verify]) +Pass Good parameters with JWK alg EdDSA: Ed448 (jwk, object(kty, crv, x), {name: Ed448}, true, [verify]) +Pass Good parameters with JWK alg Ed448: Ed448 (jwk, object(kty, crv, x), Ed448, true, [verify]) +Pass Good parameters with JWK alg EdDSA: Ed448 (jwk, object(kty, crv, x), Ed448, true, [verify]) +Pass Good parameters: Ed448 bits (raw, buffer(57), {name: Ed448}, true, [verify]) +Pass Good parameters: Ed448 bits (raw, buffer(57), Ed448, true, [verify]) +Pass Good parameters: Ed448 bits (spki, buffer(69), {name: Ed448}, true, []) +Pass Good parameters: Ed448 bits (spki, buffer(69), Ed448, true, []) +Pass Good parameters: Ed448 bits (jwk, object(kty, crv, x), {name: Ed448}, true, []) +Pass Good parameters: Ed448 bits (jwk, object(kty, crv, x), Ed448, true, []) +Pass Good parameters with JWK alg Ed448: Ed448 (jwk, object(kty, crv, x), {name: Ed448}, true, []) +Pass Good parameters with JWK alg EdDSA: Ed448 (jwk, object(kty, crv, x), {name: Ed448}, true, []) +Pass Good parameters with JWK alg Ed448: Ed448 (jwk, object(kty, crv, x), Ed448, true, []) +Pass Good parameters with JWK alg EdDSA: Ed448 (jwk, object(kty, crv, x), Ed448, true, []) +Pass Good parameters: Ed448 bits (raw, buffer(57), {name: Ed448}, true, []) +Pass Good parameters: Ed448 bits (raw, buffer(57), Ed448, true, []) +Pass Good parameters: Ed448 bits (spki, buffer(69), {name: Ed448}, true, [verify, verify]) +Pass Good parameters: Ed448 bits (spki, buffer(69), Ed448, true, [verify, verify]) +Pass Good parameters: Ed448 bits (jwk, object(kty, crv, x), {name: Ed448}, true, [verify, verify]) +Pass Good parameters: Ed448 bits (jwk, object(kty, crv, x), Ed448, true, [verify, verify]) +Pass Good parameters with JWK alg Ed448: Ed448 (jwk, object(kty, crv, x), {name: Ed448}, true, [verify, verify]) +Pass Good parameters with JWK alg EdDSA: Ed448 (jwk, object(kty, crv, x), {name: Ed448}, true, [verify, verify]) +Pass Good parameters with JWK alg Ed448: Ed448 (jwk, object(kty, crv, x), Ed448, true, [verify, verify]) +Pass Good parameters with JWK alg EdDSA: Ed448 (jwk, object(kty, crv, x), Ed448, true, [verify, verify]) +Pass Good parameters: Ed448 bits (raw, buffer(57), {name: Ed448}, true, [verify, verify]) +Pass Good parameters: Ed448 bits (raw, buffer(57), Ed448, true, [verify, verify]) +Pass Good parameters: Ed448 bits (pkcs8, buffer(73), {name: Ed448}, true, [sign]) +Pass Good parameters: Ed448 bits (pkcs8, buffer(73), Ed448, true, [sign]) +Pass Good parameters: Ed448 bits (jwk, object(crv, d, x, kty), {name: Ed448}, true, [sign]) +Pass Good parameters: Ed448 bits (jwk, object(crv, d, x, kty), Ed448, true, [sign]) +Pass Good parameters with JWK alg Ed448: Ed448 (jwk, object(crv, d, x, kty), {name: Ed448}, true, [sign]) +Pass Good parameters with JWK alg EdDSA: Ed448 (jwk, object(crv, d, x, kty), {name: Ed448}, true, [sign]) +Pass Good parameters with JWK alg Ed448: Ed448 (jwk, object(crv, d, x, kty), Ed448, true, [sign]) +Pass Good parameters with JWK alg EdDSA: Ed448 (jwk, object(crv, d, x, kty), Ed448, true, [sign]) +Pass Good parameters: Ed448 bits (pkcs8, buffer(73), {name: Ed448}, true, [sign, sign]) +Pass Good parameters: Ed448 bits (pkcs8, buffer(73), Ed448, true, [sign, sign]) +Pass Good parameters: Ed448 bits (jwk, object(crv, d, x, kty), {name: Ed448}, true, [sign, sign]) +Pass Good parameters: Ed448 bits (jwk, object(crv, d, x, kty), Ed448, true, [sign, sign]) +Pass Good parameters with JWK alg Ed448: Ed448 (jwk, object(crv, d, x, kty), {name: Ed448}, true, [sign, sign]) +Pass Good parameters with JWK alg EdDSA: Ed448 (jwk, object(crv, d, x, kty), {name: Ed448}, true, [sign, sign]) +Pass Good parameters with JWK alg Ed448: Ed448 (jwk, object(crv, d, x, kty), Ed448, true, [sign, sign]) +Pass Good parameters with JWK alg EdDSA: Ed448 (jwk, object(crv, d, x, kty), Ed448, true, [sign, sign]) +Pass Good parameters: Ed448 bits (spki, buffer(69), {name: Ed448}, false, [verify]) +Pass Good parameters: Ed448 bits (spki, buffer(69), Ed448, false, [verify]) +Pass Good parameters: Ed448 bits (jwk, object(kty, crv, x), {name: Ed448}, false, [verify]) +Pass Good parameters: Ed448 bits (jwk, object(kty, crv, x), Ed448, false, [verify]) +Pass Good parameters: Ed448 bits (raw, buffer(57), {name: Ed448}, false, [verify]) +Pass Good parameters: Ed448 bits (raw, buffer(57), Ed448, false, [verify]) +Pass Good parameters: Ed448 bits (spki, buffer(69), {name: Ed448}, false, []) +Pass Good parameters: Ed448 bits (spki, buffer(69), Ed448, false, []) +Pass Good parameters: Ed448 bits (jwk, object(kty, crv, x), {name: Ed448}, false, []) +Pass Good parameters: Ed448 bits (jwk, object(kty, crv, x), Ed448, false, []) +Pass Good parameters: Ed448 bits (raw, buffer(57), {name: Ed448}, false, []) +Pass Good parameters: Ed448 bits (raw, buffer(57), Ed448, false, []) +Pass Good parameters: Ed448 bits (spki, buffer(69), {name: Ed448}, false, [verify, verify]) +Pass Good parameters: Ed448 bits (spki, buffer(69), Ed448, false, [verify, verify]) +Pass Good parameters: Ed448 bits (jwk, object(kty, crv, x), {name: Ed448}, false, [verify, verify]) +Pass Good parameters: Ed448 bits (jwk, object(kty, crv, x), Ed448, false, [verify, verify]) +Pass Good parameters: Ed448 bits (raw, buffer(57), {name: Ed448}, false, [verify, verify]) +Pass Good parameters: Ed448 bits (raw, buffer(57), Ed448, false, [verify, verify]) +Pass Good parameters: Ed448 bits (pkcs8, buffer(73), {name: Ed448}, false, [sign]) +Pass Good parameters: Ed448 bits (pkcs8, buffer(73), Ed448, false, [sign]) +Pass Good parameters: Ed448 bits (jwk, object(crv, d, x, kty), {name: Ed448}, false, [sign]) +Pass Good parameters: Ed448 bits (jwk, object(crv, d, x, kty), Ed448, false, [sign]) +Pass Good parameters: Ed448 bits (pkcs8, buffer(73), {name: Ed448}, false, [sign, sign]) +Pass Good parameters: Ed448 bits (pkcs8, buffer(73), Ed448, false, [sign, sign]) +Pass Good parameters: Ed448 bits (jwk, object(crv, d, x, kty), {name: Ed448}, false, [sign, sign]) +Pass Good parameters: Ed448 bits (jwk, object(crv, d, x, kty), Ed448, false, [sign, sign]) \ No newline at end of file diff --git a/Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/import_export/okp_importKey_Ed448.tentative.https.any.html b/Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/import_export/okp_importKey_Ed448.tentative.https.any.html new file mode 100644 index 0000000000000..a93f68fb57d58 --- /dev/null +++ b/Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/import_export/okp_importKey_Ed448.tentative.https.any.html @@ -0,0 +1,18 @@ + + +WebCryptoAPI: importKey() for OKP keys + + + + + + + +
+ diff --git a/Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/import_export/okp_importKey_Ed448.tentative.https.any.js b/Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/import_export/okp_importKey_Ed448.tentative.https.any.js new file mode 100644 index 0000000000000..5bb7460c1fbc9 --- /dev/null +++ b/Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/import_export/okp_importKey_Ed448.tentative.https.any.js @@ -0,0 +1,9 @@ +// META: title=WebCryptoAPI: importKey() for OKP keys +// META: timeout=long +// META: script=../util/helpers.js +// META: script=okp_importKey_fixtures.js +// META: script=okp_importKey.js + + +// Test importKey and exportKey for OKP algorithms. +runTests("Ed448"); From c1d01770d1195a35a43ddd49c12f9ef784eb7da2 Mon Sep 17 00:00:00 2001 From: Tete17 Date: Sun, 12 Apr 2026 23:16:09 +0200 Subject: [PATCH 2/3] LibWeb: Validate JWK key length for OKP importKey After base64url-decoding the x and d fields during JWK import, verify the decoded byte length matches the expected key size for the curve (32 for Ed25519/X25519, 57 for Ed448, 56 for X448). A truncated value does not "contain the public/private key" as required by RFC 8037 Section 2. --- Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp | 89 ++- ...p_importKey_failures_Ed25519.https.any.txt | 38 +- ...Key_failures_Ed448.tentative.https.any.txt | 536 ++++++++++++++++++ ...kp_importKey_failures_X25519.https.any.txt | 46 +- ...tKey_failures_X448.tentative.https.any.txt | 59 +- ...ey_failures_Ed448.tentative.https.any.html | 18 + ...tKey_failures_Ed448.tentative.https.any.js | 8 + 7 files changed, 671 insertions(+), 123 deletions(-) create mode 100644 Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed448.tentative.https.any.txt create mode 100644 Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed448.tentative.https.any.html create mode 100644 Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed448.tentative.https.any.js diff --git a/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp b/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp index 6f420abad2107..15df129abebe6 100644 --- a/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp +++ b/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp @@ -6082,19 +6082,19 @@ WebIDL::ExceptionOr> ED25519::import_key( // o The parameter "x" MUST be present and contain the public key encoded using the base64url [RFC4648] encoding. if (!jwk.x.has_value()) return WebIDL::DataError::create(m_realm, "Missing x field"_utf16); + auto public_key = TRY(base64_url_bytes_decode(m_realm, jwk.x.value())); + if (public_key.size() != 32) + return WebIDL::DataError::create(m_realm, "Invalid key length"_utf16); // o The parameter "d" MUST be present for private keys and contain the private key encoded using the base64url encoding. // This parameter MUST NOT be present for public keys. if (!jwk.d.has_value()) return WebIDL::DataError::create(m_realm, "Present d field"_utf16); + auto private_key = TRY(base64_url_bytes_decode(m_realm, jwk.d.value())); + if (private_key.size() != 32) + return WebIDL::DataError::create(m_realm, "Invalid key length"_utf16); // 2. Let key be a new CryptoKey object that represents the Ed25519 private key identified by interpreting jwk according to Section 2 of [RFC8037]. - auto private_key_base_64 = jwk.d.value(); - auto private_key_or_error = decode_base64url(private_key_base_64); - if (private_key_or_error.is_error()) { - return WebIDL::DataError::create(m_realm, "Failed to decode base64"_utf16); - } - auto private_key = private_key_or_error.release_value(); key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { private_key }); // 3. Set the [[type]] internal slot of Key to "private". @@ -6115,6 +6115,9 @@ WebIDL::ExceptionOr> ED25519::import_key( // o The parameter "x" MUST be present and contain the public key encoded using the base64url [RFC4648] encoding. if (!jwk.x.has_value()) return WebIDL::DataError::create(m_realm, "Missing x field"_utf16); + auto public_key = TRY(base64_url_bytes_decode(m_realm, jwk.x.value())); + if (public_key.size() != 32) + return WebIDL::DataError::create(m_realm, "Invalid key length"_utf16); // o The parameter "d" MUST be present for private keys and contain the private key encoded using the base64url encoding. // This parameter MUST NOT be present for public keys. @@ -6122,12 +6125,6 @@ WebIDL::ExceptionOr> ED25519::import_key( return WebIDL::DataError::create(m_realm, "Present d field"_utf16); // 2. Let key be a new CryptoKey object that represents the Ed25519 public key identified by interpreting jwk according to Section 2 of [RFC8037]. - auto public_key_base_64 = jwk.x.value(); - auto public_key_or_error = decode_base64url(public_key_base_64); - if (public_key_or_error.is_error()) { - return WebIDL::DataError::create(m_realm, "Failed to decode base64"_utf16); - } - auto public_key = public_key_or_error.release_value(); key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { public_key }); // 3. Set the [[type]] internal slot of Key to "public". @@ -6590,19 +6587,19 @@ WebIDL::ExceptionOr> ED448::import_key( // o The parameter "x" MUST be present and contain the public key encoded using the base64url [RFC4648] encoding. if (!jwk.x.has_value()) return WebIDL::DataError::create(m_realm, "Missing x field"_utf16); + auto public_key = TRY(base64_url_bytes_decode(m_realm, jwk.x.value())); + if (public_key.size() != 57) + return WebIDL::DataError::create(m_realm, "Invalid key length"_utf16); // o The parameter "d" MUST be present for private keys and contain the private key encoded using the base64url encoding. // This parameter MUST NOT be present for public keys. if (!jwk.d.has_value()) return WebIDL::DataError::create(m_realm, "Present d field"_utf16); + auto private_key = TRY(base64_url_bytes_decode(m_realm, jwk.d.value())); + if (private_key.size() != 57) + return WebIDL::DataError::create(m_realm, "Invalid key length"_utf16); // 2. Let key be a new CryptoKey object that represents the Ed448 private key identified by interpreting jwk according to Section 2 of [RFC8037]. - auto private_key_base_64 = jwk.d.value(); - auto private_key_or_error = decode_base64url(private_key_base_64); - if (private_key_or_error.is_error()) { - return WebIDL::DataError::create(m_realm, "Failed to decode base64"_utf16); - } - auto private_key = private_key_or_error.release_value(); key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { private_key }); // 3. Set the [[type]] internal slot of Key to "private". @@ -6623,6 +6620,9 @@ WebIDL::ExceptionOr> ED448::import_key( // o The parameter "x" MUST be present and contain the public key encoded using the base64url [RFC4648] encoding. if (!jwk.x.has_value()) return WebIDL::DataError::create(m_realm, "Missing x field"_utf16); + auto public_key = TRY(base64_url_bytes_decode(m_realm, jwk.x.value())); + if (public_key.size() != 57) + return WebIDL::DataError::create(m_realm, "Invalid key length"_utf16); // o The parameter "d" MUST be present for private keys and contain the private key encoded using the base64url encoding. // This parameter MUST NOT be present for public keys. @@ -6630,12 +6630,6 @@ WebIDL::ExceptionOr> ED448::import_key( return WebIDL::DataError::create(m_realm, "Present d field"_utf16); // 2. Let key be a new CryptoKey object that represents the Ed448 public key identified by interpreting jwk according to Section 2 of [RFC8037]. - auto public_key_base_64 = jwk.x.value(); - auto public_key_or_error = decode_base64url(public_key_base_64); - if (public_key_or_error.is_error()) { - return WebIDL::DataError::create(m_realm, "Failed to decode base64"_utf16); - } - auto public_key = public_key_or_error.release_value(); key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { public_key }); // 3. Set the [[type]] internal slot of Key to "public". @@ -7321,19 +7315,19 @@ WebIDL::ExceptionOr> X25519::import_key([[maybe_unused]] Web: // o The parameter "x" MUST be present and contain the public key encoded using the base64url [RFC4648] encoding. if (!jwk.x.has_value()) return WebIDL::DataError::create(m_realm, "Missing x field"_utf16); + auto public_key = TRY(base64_url_bytes_decode(m_realm, jwk.x.value())); + if (public_key.size() != 32) + return WebIDL::DataError::create(m_realm, "Invalid key length"_utf16); // o The parameter "d" MUST be present for private keys and contain the private key encoded using the base64url encoding. // This parameter MUST NOT be present for public keys. if (!jwk.d.has_value()) return WebIDL::DataError::create(m_realm, "Missing d field"_utf16); + auto private_key = TRY(base64_url_bytes_decode(m_realm, jwk.d.value())); + if (private_key.size() != 32) + return WebIDL::DataError::create(m_realm, "Invalid key length"_utf16); // 2. Let key be a new CryptoKey object that represents the X25519 private key identified by interpreting jwk according to Section 2 of [RFC8037]. - auto private_key_base_64 = jwk.d.value(); - auto private_key_or_error = decode_base64url(private_key_base_64); - if (private_key_or_error.is_error()) { - return WebIDL::DataError::create(m_realm, "Failed to decode base64"_utf16); - } - auto private_key = private_key_or_error.release_value(); key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { private_key }); // 3. Set the [[type]] internal slot of Key to "private". @@ -7354,19 +7348,15 @@ WebIDL::ExceptionOr> X25519::import_key([[maybe_unused]] Web: // o The parameter "x" MUST be present and contain the public key encoded using the base64url [RFC4648] encoding. if (!jwk.x.has_value()) return WebIDL::DataError::create(m_realm, "Missing x field"_utf16); + auto public_key = TRY(base64_url_bytes_decode(m_realm, jwk.x.value())); + if (public_key.size() != 32) + return WebIDL::DataError::create(m_realm, "Invalid key length"_utf16); // o The parameter "d" MUST be present for private keys and contain the private key encoded using the base64url encoding. // This parameter MUST NOT be present for public keys. if (jwk.d.has_value()) return WebIDL::DataError::create(m_realm, "Present d field"_utf16); - // 2. Let key be a new CryptoKey object that represents the X25519 public key identified by interpreting jwk according to Section 2 of [RFC8037]. - auto public_key_base_64 = jwk.x.value(); - auto public_key_or_error = decode_base64url(public_key_base_64); - if (public_key_or_error.is_error()) { - return WebIDL::DataError::create(m_realm, "Failed to decode base64"_utf16); - } - auto public_key = public_key_or_error.release_value(); key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { public_key }); // 3. Set the [[type]] internal slot of Key to "public". @@ -7938,19 +7928,19 @@ WebIDL::ExceptionOr> X448::import_key( // o The parameter "x" MUST be present and contain the public key encoded using the base64url [RFC4648] encoding. if (!jwk.x.has_value()) return WebIDL::DataError::create(m_realm, "Missing x field"_utf16); + auto public_key = TRY(base64_url_bytes_decode(m_realm, jwk.x.value())); + if (public_key.size() != 56) + return WebIDL::DataError::create(m_realm, "Invalid key length"_utf16); // o The parameter "d" MUST be present for private keys and contain the private key encoded using the base64url encoding. // This parameter MUST NOT be present for public keys. if (!jwk.d.has_value()) return WebIDL::DataError::create(m_realm, "Missing d field"_utf16); + auto private_key = TRY(base64_url_bytes_decode(m_realm, jwk.d.value())); + if (private_key.size() != 56) + return WebIDL::DataError::create(m_realm, "Invalid key length"_utf16); - // 2. Let key be a new CryptoKey object that represents the X25519 private key identified by interpreting jwk according to Section 2 of [RFC8037]. - auto private_key_base_64 = jwk.d.value(); - auto private_key_or_error = decode_base64url(private_key_base_64); - if (private_key_or_error.is_error()) { - return WebIDL::DataError::create(m_realm, "Failed to decode base64"_utf16); - } - auto private_key = private_key_or_error.release_value(); + // 2. Let key be a new CryptoKey object that represents the X448 private key identified by interpreting jwk according to Section 2 of [RFC8037]. key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { private_key }); // 3. Set the [[type]] internal slot of Key to "private". @@ -7971,19 +7961,16 @@ WebIDL::ExceptionOr> X448::import_key( // o The parameter "x" MUST be present and contain the public key encoded using the base64url [RFC4648] encoding. if (!jwk.x.has_value()) return WebIDL::DataError::create(m_realm, "Missing x field"_utf16); + auto public_key = TRY(base64_url_bytes_decode(m_realm, jwk.x.value())); + if (public_key.size() != 56) + return WebIDL::DataError::create(m_realm, "Invalid key length"_utf16); // o The parameter "d" MUST be present for private keys and contain the private key encoded using the base64url encoding. // This parameter MUST NOT be present for public keys. if (jwk.d.has_value()) return WebIDL::DataError::create(m_realm, "Present d field"_utf16); - // 2. Let key be a new CryptoKey object that represents the Ed25519 public key identified by interpreting jwk according to Section 2 of [RFC8037]. - auto public_key_base_64 = jwk.x.value(); - auto public_key_or_error = decode_base64url(public_key_base_64); - if (public_key_or_error.is_error()) { - return WebIDL::DataError::create(m_realm, "Failed to decode base64"_utf16); - } - auto public_key = public_key_or_error.release_value(); + // 2. Let key be a new CryptoKey object that represents the X448 public key identified by interpreting jwk according to Section 2 of [RFC8037]. key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { public_key }); // 3. Set the [[type]] internal slot of Key to "public". diff --git a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed25519.https.any.txt b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed25519.https.any.txt index 53335ac115296..c43911ed42a4d 100644 --- a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed25519.https.any.txt +++ b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed25519.https.any.txt @@ -2,8 +2,8 @@ Harness status: OK Found 530 tests -510 Pass -20 Fail +526 Pass +4 Fail Pass Bad usages: importKey(spki, Ed25519, true, [encrypt]) Pass Bad usages: importKey(spki, Ed25519, false, [encrypt]) Pass Bad usages: importKey(spki, Ed25519, true, [verify, encrypt]) @@ -444,14 +444,14 @@ Pass Bad key length: importKey(raw, Ed25519, true, [verify]) Pass Bad key length: importKey(raw, Ed25519, false, [verify]) Pass Bad key length: importKey(raw, Ed25519, true, [verify, verify]) Pass Bad key length: importKey(raw, Ed25519, false, [verify, verify]) -Fail Bad key length: importKey(jwk(private), Ed25519, true, [sign]) -Fail Bad key length: importKey(jwk(private), Ed25519, false, [sign]) -Fail Bad key length: importKey(jwk(private), Ed25519, true, [sign, sign]) -Fail Bad key length: importKey(jwk(private), Ed25519, false, [sign, sign]) -Fail Bad key length: importKey(jwk (public) , Ed25519, true, [verify]) -Fail Bad key length: importKey(jwk (public) , Ed25519, false, [verify]) -Fail Bad key length: importKey(jwk (public) , Ed25519, true, [verify, verify]) -Fail Bad key length: importKey(jwk (public) , Ed25519, false, [verify, verify]) +Pass Bad key length: importKey(jwk(private), Ed25519, true, [sign]) +Pass Bad key length: importKey(jwk(private), Ed25519, false, [sign]) +Pass Bad key length: importKey(jwk(private), Ed25519, true, [sign, sign]) +Pass Bad key length: importKey(jwk(private), Ed25519, false, [sign, sign]) +Pass Bad key length: importKey(jwk (public) , Ed25519, true, [verify]) +Pass Bad key length: importKey(jwk (public) , Ed25519, false, [verify]) +Pass Bad key length: importKey(jwk (public) , Ed25519, true, [verify, verify]) +Pass Bad key length: importKey(jwk (public) , Ed25519, false, [verify, verify]) Pass Bad key length: importKey(spki, {name: Ed25519}, true, [verify]) Pass Bad key length: importKey(spki, {name: Ed25519}, false, [verify]) Pass Bad key length: importKey(spki, {name: Ed25519}, true, [verify, verify]) @@ -464,14 +464,14 @@ Pass Bad key length: importKey(raw, {name: Ed25519}, true, [verify]) Pass Bad key length: importKey(raw, {name: Ed25519}, false, [verify]) Pass Bad key length: importKey(raw, {name: Ed25519}, true, [verify, verify]) Pass Bad key length: importKey(raw, {name: Ed25519}, false, [verify, verify]) -Fail Bad key length: importKey(jwk(private), {name: Ed25519}, true, [sign]) -Fail Bad key length: importKey(jwk(private), {name: Ed25519}, false, [sign]) -Fail Bad key length: importKey(jwk(private), {name: Ed25519}, true, [sign, sign]) -Fail Bad key length: importKey(jwk(private), {name: Ed25519}, false, [sign, sign]) -Fail Bad key length: importKey(jwk (public) , {name: Ed25519}, true, [verify]) -Fail Bad key length: importKey(jwk (public) , {name: Ed25519}, false, [verify]) -Fail Bad key length: importKey(jwk (public) , {name: Ed25519}, true, [verify, verify]) -Fail Bad key length: importKey(jwk (public) , {name: Ed25519}, false, [verify, verify]) +Pass Bad key length: importKey(jwk(private), {name: Ed25519}, true, [sign]) +Pass Bad key length: importKey(jwk(private), {name: Ed25519}, false, [sign]) +Pass Bad key length: importKey(jwk(private), {name: Ed25519}, true, [sign, sign]) +Pass Bad key length: importKey(jwk(private), {name: Ed25519}, false, [sign, sign]) +Pass Bad key length: importKey(jwk (public) , {name: Ed25519}, true, [verify]) +Pass Bad key length: importKey(jwk (public) , {name: Ed25519}, false, [verify]) +Pass Bad key length: importKey(jwk (public) , {name: Ed25519}, true, [verify, verify]) +Pass Bad key length: importKey(jwk (public) , {name: Ed25519}, false, [verify, verify]) Pass Missing JWK 'x' parameter: importKey(jwk(private), Ed25519, true, [sign]) Pass Missing JWK 'x' parameter: importKey(jwk(private), Ed25519, false, [sign]) Pass Missing JWK 'x' parameter: importKey(jwk(private), Ed25519, true, [sign, sign]) @@ -533,4 +533,4 @@ Pass Invalid 'alg' field 'ED25519': importKey(jwk (public) , Ed25519, true, [ver Pass Invalid 'alg' field 'ed25519': importKey(jwk(private), {name: Ed25519}, true, [sign]) Pass Invalid 'alg' field 'ED25519': importKey(jwk(private), {name: Ed25519}, true, [sign]) Pass Invalid 'alg' field 'ed25519': importKey(jwk (public) , {name: Ed25519}, true, [verify]) -Pass Invalid 'alg' field 'ED25519': importKey(jwk (public) , {name: Ed25519}, true, [verify]) +Pass Invalid 'alg' field 'ED25519': importKey(jwk (public) , {name: Ed25519}, true, [verify]) \ No newline at end of file diff --git a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed448.tentative.https.any.txt b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed448.tentative.https.any.txt new file mode 100644 index 0000000000000..a53af2af8cb3b --- /dev/null +++ b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed448.tentative.https.any.txt @@ -0,0 +1,536 @@ +Harness status: OK + +Found 530 tests + +526 Pass +4 Fail +Pass Bad usages: importKey(spki, Ed448, true, [encrypt]) +Pass Bad usages: importKey(spki, Ed448, false, [encrypt]) +Pass Bad usages: importKey(spki, Ed448, true, [verify, encrypt]) +Pass Bad usages: importKey(spki, Ed448, false, [verify, encrypt]) +Pass Bad usages: importKey(spki, Ed448, true, [verify, verify, encrypt]) +Pass Bad usages: importKey(spki, Ed448, false, [verify, verify, encrypt]) +Pass Bad usages: importKey(spki, Ed448, true, [decrypt]) +Pass Bad usages: importKey(spki, Ed448, false, [decrypt]) +Pass Bad usages: importKey(spki, Ed448, true, [verify, decrypt]) +Pass Bad usages: importKey(spki, Ed448, false, [verify, decrypt]) +Pass Bad usages: importKey(spki, Ed448, true, [verify, verify, decrypt]) +Pass Bad usages: importKey(spki, Ed448, false, [verify, verify, decrypt]) +Pass Bad usages: importKey(spki, Ed448, true, [sign]) +Pass Bad usages: importKey(spki, Ed448, false, [sign]) +Pass Bad usages: importKey(spki, Ed448, true, [verify, sign]) +Pass Bad usages: importKey(spki, Ed448, false, [verify, sign]) +Pass Bad usages: importKey(spki, Ed448, true, [verify, verify, sign]) +Pass Bad usages: importKey(spki, Ed448, false, [verify, verify, sign]) +Pass Bad usages: importKey(spki, Ed448, true, [wrapKey]) +Pass Bad usages: importKey(spki, Ed448, false, [wrapKey]) +Pass Bad usages: importKey(spki, Ed448, true, [verify, wrapKey]) +Pass Bad usages: importKey(spki, Ed448, false, [verify, wrapKey]) +Pass Bad usages: importKey(spki, Ed448, true, [verify, verify, wrapKey]) +Pass Bad usages: importKey(spki, Ed448, false, [verify, verify, wrapKey]) +Pass Bad usages: importKey(spki, Ed448, true, [unwrapKey]) +Pass Bad usages: importKey(spki, Ed448, false, [unwrapKey]) +Pass Bad usages: importKey(spki, Ed448, true, [verify, unwrapKey]) +Pass Bad usages: importKey(spki, Ed448, false, [verify, unwrapKey]) +Pass Bad usages: importKey(spki, Ed448, true, [verify, verify, unwrapKey]) +Pass Bad usages: importKey(spki, Ed448, false, [verify, verify, unwrapKey]) +Pass Bad usages: importKey(spki, Ed448, true, [deriveKey]) +Pass Bad usages: importKey(spki, Ed448, false, [deriveKey]) +Pass Bad usages: importKey(spki, Ed448, true, [verify, deriveKey]) +Pass Bad usages: importKey(spki, Ed448, false, [verify, deriveKey]) +Pass Bad usages: importKey(spki, Ed448, true, [verify, verify, deriveKey]) +Pass Bad usages: importKey(spki, Ed448, false, [verify, verify, deriveKey]) +Pass Bad usages: importKey(spki, Ed448, true, [deriveBits]) +Pass Bad usages: importKey(spki, Ed448, false, [deriveBits]) +Pass Bad usages: importKey(spki, Ed448, true, [verify, deriveBits]) +Pass Bad usages: importKey(spki, Ed448, false, [verify, deriveBits]) +Pass Bad usages: importKey(spki, Ed448, true, [verify, verify, deriveBits]) +Pass Bad usages: importKey(spki, Ed448, false, [verify, verify, deriveBits]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [encrypt]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [encrypt]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [sign, encrypt]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [sign, encrypt]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [sign, sign, encrypt]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [sign, sign, encrypt]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [decrypt]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [decrypt]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [sign, decrypt]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [sign, decrypt]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [sign, sign, decrypt]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [sign, sign, decrypt]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [verify]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [verify]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [sign, verify]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [sign, verify]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [sign, sign, verify]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [sign, sign, verify]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [wrapKey]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [wrapKey]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [sign, wrapKey]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [sign, wrapKey]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [sign, sign, wrapKey]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [sign, sign, wrapKey]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [unwrapKey]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [unwrapKey]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [sign, unwrapKey]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [sign, unwrapKey]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [sign, sign, unwrapKey]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [sign, sign, unwrapKey]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [deriveKey]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [deriveKey]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [sign, deriveKey]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [sign, deriveKey]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [sign, sign, deriveKey]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [sign, sign, deriveKey]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [deriveBits]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [deriveBits]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [sign, deriveBits]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [sign, deriveBits]) +Pass Bad usages: importKey(pkcs8, Ed448, true, [sign, sign, deriveBits]) +Pass Bad usages: importKey(pkcs8, Ed448, false, [sign, sign, deriveBits]) +Pass Bad usages: importKey(raw, Ed448, true, [encrypt]) +Pass Bad usages: importKey(raw, Ed448, false, [encrypt]) +Pass Bad usages: importKey(raw, Ed448, true, [verify, encrypt]) +Pass Bad usages: importKey(raw, Ed448, false, [verify, encrypt]) +Pass Bad usages: importKey(raw, Ed448, true, [verify, verify, encrypt]) +Pass Bad usages: importKey(raw, Ed448, false, [verify, verify, encrypt]) +Pass Bad usages: importKey(raw, Ed448, true, [decrypt]) +Pass Bad usages: importKey(raw, Ed448, false, [decrypt]) +Pass Bad usages: importKey(raw, Ed448, true, [verify, decrypt]) +Pass Bad usages: importKey(raw, Ed448, false, [verify, decrypt]) +Pass Bad usages: importKey(raw, Ed448, true, [verify, verify, decrypt]) +Pass Bad usages: importKey(raw, Ed448, false, [verify, verify, decrypt]) +Pass Bad usages: importKey(raw, Ed448, true, [sign]) +Pass Bad usages: importKey(raw, Ed448, false, [sign]) +Pass Bad usages: importKey(raw, Ed448, true, [verify, sign]) +Pass Bad usages: importKey(raw, Ed448, false, [verify, sign]) +Pass Bad usages: importKey(raw, Ed448, true, [verify, verify, sign]) +Pass Bad usages: importKey(raw, Ed448, false, [verify, verify, sign]) +Pass Bad usages: importKey(raw, Ed448, true, [wrapKey]) +Pass Bad usages: importKey(raw, Ed448, false, [wrapKey]) +Pass Bad usages: importKey(raw, Ed448, true, [verify, wrapKey]) +Pass Bad usages: importKey(raw, Ed448, false, [verify, wrapKey]) +Pass Bad usages: importKey(raw, Ed448, true, [verify, verify, wrapKey]) +Pass Bad usages: importKey(raw, Ed448, false, [verify, verify, wrapKey]) +Pass Bad usages: importKey(raw, Ed448, true, [unwrapKey]) +Pass Bad usages: importKey(raw, Ed448, false, [unwrapKey]) +Pass Bad usages: importKey(raw, Ed448, true, [verify, unwrapKey]) +Pass Bad usages: importKey(raw, Ed448, false, [verify, unwrapKey]) +Pass Bad usages: importKey(raw, Ed448, true, [verify, verify, unwrapKey]) +Pass Bad usages: importKey(raw, Ed448, false, [verify, verify, unwrapKey]) +Pass Bad usages: importKey(raw, Ed448, true, [deriveKey]) +Pass Bad usages: importKey(raw, Ed448, false, [deriveKey]) +Pass Bad usages: importKey(raw, Ed448, true, [verify, deriveKey]) +Pass Bad usages: importKey(raw, Ed448, false, [verify, deriveKey]) +Pass Bad usages: importKey(raw, Ed448, true, [verify, verify, deriveKey]) +Pass Bad usages: importKey(raw, Ed448, false, [verify, verify, deriveKey]) +Pass Bad usages: importKey(raw, Ed448, true, [deriveBits]) +Pass Bad usages: importKey(raw, Ed448, false, [deriveBits]) +Pass Bad usages: importKey(raw, Ed448, true, [verify, deriveBits]) +Pass Bad usages: importKey(raw, Ed448, false, [verify, deriveBits]) +Pass Bad usages: importKey(raw, Ed448, true, [verify, verify, deriveBits]) +Pass Bad usages: importKey(raw, Ed448, false, [verify, verify, deriveBits]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [encrypt]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [encrypt]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [sign, encrypt]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [sign, encrypt]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [sign, sign, encrypt]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [sign, sign, encrypt]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [decrypt]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [decrypt]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [sign, decrypt]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [sign, decrypt]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [sign, sign, decrypt]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [sign, sign, decrypt]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [verify]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [verify]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [sign, verify]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [sign, verify]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [sign, sign, verify]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [sign, sign, verify]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [wrapKey]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [wrapKey]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [sign, wrapKey]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [sign, wrapKey]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [sign, sign, wrapKey]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [sign, sign, wrapKey]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [unwrapKey]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [unwrapKey]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [sign, unwrapKey]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [sign, unwrapKey]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [sign, sign, unwrapKey]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [sign, sign, unwrapKey]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [deriveKey]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [deriveKey]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [sign, deriveKey]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [sign, deriveKey]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [sign, sign, deriveKey]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [sign, sign, deriveKey]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [deriveBits]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [deriveBits]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [sign, deriveBits]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [sign, deriveBits]) +Pass Bad usages: importKey(jwk(private), Ed448, true, [sign, sign, deriveBits]) +Pass Bad usages: importKey(jwk(private), Ed448, false, [sign, sign, deriveBits]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [encrypt]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [encrypt]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [verify, encrypt]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [verify, encrypt]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [verify, verify, encrypt]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [verify, verify, encrypt]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [decrypt]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [decrypt]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [verify, decrypt]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [verify, decrypt]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [verify, verify, decrypt]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [verify, verify, decrypt]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [sign]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [sign]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [verify, sign]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [verify, sign]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [verify, verify, sign]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [verify, verify, sign]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [wrapKey]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [wrapKey]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [verify, wrapKey]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [verify, wrapKey]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [verify, verify, wrapKey]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [verify, verify, wrapKey]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [unwrapKey]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [unwrapKey]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [verify, unwrapKey]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [verify, unwrapKey]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [verify, verify, unwrapKey]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [verify, verify, unwrapKey]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [deriveKey]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [deriveKey]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [verify, deriveKey]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [verify, deriveKey]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [verify, verify, deriveKey]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [verify, verify, deriveKey]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [deriveBits]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [deriveBits]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [verify, deriveBits]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [verify, deriveBits]) +Pass Bad usages: importKey(jwk (public) , Ed448, true, [verify, verify, deriveBits]) +Pass Bad usages: importKey(jwk (public) , Ed448, false, [verify, verify, deriveBits]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [encrypt]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [encrypt]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [verify, encrypt]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [verify, encrypt]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [verify, verify, encrypt]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [verify, verify, encrypt]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [decrypt]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [decrypt]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [verify, decrypt]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [verify, decrypt]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [verify, verify, decrypt]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [verify, verify, decrypt]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [sign]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [sign]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [verify, sign]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [verify, sign]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [verify, verify, sign]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [verify, verify, sign]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [wrapKey]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [wrapKey]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [verify, wrapKey]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [verify, wrapKey]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [verify, verify, wrapKey]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [verify, verify, wrapKey]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [unwrapKey]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [unwrapKey]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [verify, unwrapKey]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [verify, unwrapKey]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [verify, verify, unwrapKey]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [verify, verify, unwrapKey]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [deriveKey]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [deriveKey]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [verify, deriveKey]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [verify, deriveKey]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [verify, verify, deriveKey]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [verify, verify, deriveKey]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [deriveBits]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [deriveBits]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [verify, deriveBits]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [verify, deriveBits]) +Pass Bad usages: importKey(spki, {name: Ed448}, true, [verify, verify, deriveBits]) +Pass Bad usages: importKey(spki, {name: Ed448}, false, [verify, verify, deriveBits]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [encrypt]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [encrypt]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [sign, encrypt]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [sign, encrypt]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [sign, sign, encrypt]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [sign, sign, encrypt]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [decrypt]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [decrypt]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [sign, decrypt]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [sign, decrypt]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [sign, sign, decrypt]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [sign, sign, decrypt]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [verify]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [verify]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [sign, verify]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [sign, verify]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [sign, sign, verify]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [sign, sign, verify]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [wrapKey]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [wrapKey]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [sign, wrapKey]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [sign, wrapKey]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [sign, sign, wrapKey]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [sign, sign, wrapKey]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [unwrapKey]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [unwrapKey]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [sign, unwrapKey]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [sign, unwrapKey]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [sign, sign, unwrapKey]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [sign, sign, unwrapKey]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [deriveKey]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [deriveKey]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [sign, deriveKey]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [sign, deriveKey]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [sign, sign, deriveKey]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [sign, sign, deriveKey]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [deriveBits]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [deriveBits]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [sign, deriveBits]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [sign, deriveBits]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, true, [sign, sign, deriveBits]) +Pass Bad usages: importKey(pkcs8, {name: Ed448}, false, [sign, sign, deriveBits]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [encrypt]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [encrypt]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [verify, encrypt]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [verify, encrypt]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [verify, verify, encrypt]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [verify, verify, encrypt]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [decrypt]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [decrypt]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [verify, decrypt]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [verify, decrypt]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [verify, verify, decrypt]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [verify, verify, decrypt]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [sign]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [sign]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [verify, sign]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [verify, sign]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [verify, verify, sign]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [verify, verify, sign]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [wrapKey]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [wrapKey]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [verify, wrapKey]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [verify, wrapKey]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [verify, verify, wrapKey]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [verify, verify, wrapKey]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [unwrapKey]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [unwrapKey]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [verify, unwrapKey]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [verify, unwrapKey]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [verify, verify, unwrapKey]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [verify, verify, unwrapKey]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [deriveKey]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [deriveKey]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [verify, deriveKey]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [verify, deriveKey]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [verify, verify, deriveKey]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [verify, verify, deriveKey]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [deriveBits]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [deriveBits]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [verify, deriveBits]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [verify, deriveBits]) +Pass Bad usages: importKey(raw, {name: Ed448}, true, [verify, verify, deriveBits]) +Pass Bad usages: importKey(raw, {name: Ed448}, false, [verify, verify, deriveBits]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [encrypt]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [encrypt]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [sign, encrypt]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [sign, encrypt]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [sign, sign, encrypt]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [sign, sign, encrypt]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [decrypt]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [decrypt]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [sign, decrypt]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [sign, decrypt]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [sign, sign, decrypt]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [sign, sign, decrypt]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [verify]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [verify]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [sign, verify]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [sign, verify]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [sign, sign, verify]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [sign, sign, verify]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [wrapKey]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [wrapKey]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [sign, wrapKey]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [sign, wrapKey]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [sign, sign, wrapKey]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [sign, sign, wrapKey]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [unwrapKey]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [unwrapKey]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [sign, unwrapKey]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [sign, unwrapKey]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [sign, sign, unwrapKey]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [sign, sign, unwrapKey]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [deriveKey]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [deriveKey]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [sign, deriveKey]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [sign, deriveKey]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [sign, sign, deriveKey]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [sign, sign, deriveKey]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [deriveBits]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [deriveBits]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [sign, deriveBits]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [sign, deriveBits]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, true, [sign, sign, deriveBits]) +Pass Bad usages: importKey(jwk(private), {name: Ed448}, false, [sign, sign, deriveBits]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [encrypt]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [encrypt]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [verify, encrypt]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [verify, encrypt]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [verify, verify, encrypt]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [verify, verify, encrypt]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [decrypt]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [decrypt]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [verify, decrypt]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [verify, decrypt]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [verify, verify, decrypt]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [verify, verify, decrypt]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [sign]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [sign]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [verify, sign]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [verify, sign]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [verify, verify, sign]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [verify, verify, sign]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [wrapKey]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [wrapKey]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [verify, wrapKey]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [verify, wrapKey]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [verify, verify, wrapKey]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [verify, verify, wrapKey]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [unwrapKey]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [unwrapKey]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [verify, unwrapKey]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [verify, unwrapKey]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [verify, verify, unwrapKey]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [verify, verify, unwrapKey]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [deriveKey]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [deriveKey]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [verify, deriveKey]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [verify, deriveKey]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [verify, verify, deriveKey]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [verify, verify, deriveKey]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [deriveBits]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [deriveBits]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [verify, deriveBits]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [verify, deriveBits]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, true, [verify, verify, deriveBits]) +Pass Bad usages: importKey(jwk (public) , {name: Ed448}, false, [verify, verify, deriveBits]) +Pass Empty usages: importKey(pkcs8, Ed448, true, []) +Pass Empty usages: importKey(pkcs8, Ed448, false, []) +Pass Empty usages: importKey(jwk(private), Ed448, true, []) +Pass Empty usages: importKey(jwk(private), Ed448, false, []) +Pass Empty usages: importKey(pkcs8, {name: Ed448}, true, []) +Pass Empty usages: importKey(pkcs8, {name: Ed448}, false, []) +Pass Empty usages: importKey(jwk(private), {name: Ed448}, true, []) +Pass Empty usages: importKey(jwk(private), {name: Ed448}, false, []) +Pass Bad key length: importKey(spki, Ed448, true, [verify]) +Pass Bad key length: importKey(spki, Ed448, false, [verify]) +Pass Bad key length: importKey(spki, Ed448, true, [verify, verify]) +Pass Bad key length: importKey(spki, Ed448, false, [verify, verify]) +Pass Bad key length: importKey(pkcs8, Ed448, true, [sign]) +Pass Bad key length: importKey(pkcs8, Ed448, false, [sign]) +Pass Bad key length: importKey(pkcs8, Ed448, true, [sign, sign]) +Pass Bad key length: importKey(pkcs8, Ed448, false, [sign, sign]) +Pass Bad key length: importKey(raw, Ed448, true, [verify]) +Pass Bad key length: importKey(raw, Ed448, false, [verify]) +Pass Bad key length: importKey(raw, Ed448, true, [verify, verify]) +Pass Bad key length: importKey(raw, Ed448, false, [verify, verify]) +Pass Bad key length: importKey(jwk(private), Ed448, true, [sign]) +Pass Bad key length: importKey(jwk(private), Ed448, false, [sign]) +Pass Bad key length: importKey(jwk(private), Ed448, true, [sign, sign]) +Pass Bad key length: importKey(jwk(private), Ed448, false, [sign, sign]) +Pass Bad key length: importKey(jwk (public) , Ed448, true, [verify]) +Pass Bad key length: importKey(jwk (public) , Ed448, false, [verify]) +Pass Bad key length: importKey(jwk (public) , Ed448, true, [verify, verify]) +Pass Bad key length: importKey(jwk (public) , Ed448, false, [verify, verify]) +Pass Bad key length: importKey(spki, {name: Ed448}, true, [verify]) +Pass Bad key length: importKey(spki, {name: Ed448}, false, [verify]) +Pass Bad key length: importKey(spki, {name: Ed448}, true, [verify, verify]) +Pass Bad key length: importKey(spki, {name: Ed448}, false, [verify, verify]) +Pass Bad key length: importKey(pkcs8, {name: Ed448}, true, [sign]) +Pass Bad key length: importKey(pkcs8, {name: Ed448}, false, [sign]) +Pass Bad key length: importKey(pkcs8, {name: Ed448}, true, [sign, sign]) +Pass Bad key length: importKey(pkcs8, {name: Ed448}, false, [sign, sign]) +Pass Bad key length: importKey(raw, {name: Ed448}, true, [verify]) +Pass Bad key length: importKey(raw, {name: Ed448}, false, [verify]) +Pass Bad key length: importKey(raw, {name: Ed448}, true, [verify, verify]) +Pass Bad key length: importKey(raw, {name: Ed448}, false, [verify, verify]) +Pass Bad key length: importKey(jwk(private), {name: Ed448}, true, [sign]) +Pass Bad key length: importKey(jwk(private), {name: Ed448}, false, [sign]) +Pass Bad key length: importKey(jwk(private), {name: Ed448}, true, [sign, sign]) +Pass Bad key length: importKey(jwk(private), {name: Ed448}, false, [sign, sign]) +Pass Bad key length: importKey(jwk (public) , {name: Ed448}, true, [verify]) +Pass Bad key length: importKey(jwk (public) , {name: Ed448}, false, [verify]) +Pass Bad key length: importKey(jwk (public) , {name: Ed448}, true, [verify, verify]) +Pass Bad key length: importKey(jwk (public) , {name: Ed448}, false, [verify, verify]) +Pass Missing JWK 'x' parameter: importKey(jwk(private), Ed448, true, [sign]) +Pass Missing JWK 'x' parameter: importKey(jwk(private), Ed448, false, [sign]) +Pass Missing JWK 'x' parameter: importKey(jwk(private), Ed448, true, [sign, sign]) +Pass Missing JWK 'x' parameter: importKey(jwk(private), Ed448, false, [sign, sign]) +Pass Missing JWK 'kty' parameter: importKey(jwk(private), Ed448, true, [sign]) +Pass Missing JWK 'kty' parameter: importKey(jwk(private), Ed448, false, [sign]) +Pass Missing JWK 'kty' parameter: importKey(jwk(private), Ed448, true, [sign, sign]) +Pass Missing JWK 'kty' parameter: importKey(jwk(private), Ed448, false, [sign, sign]) +Pass Missing JWK 'crv' parameter: importKey(jwk(private), Ed448, true, [sign]) +Pass Missing JWK 'crv' parameter: importKey(jwk(private), Ed448, false, [sign]) +Pass Missing JWK 'crv' parameter: importKey(jwk(private), Ed448, true, [sign, sign]) +Pass Missing JWK 'crv' parameter: importKey(jwk(private), Ed448, false, [sign, sign]) +Pass Missing JWK 'x' parameter: importKey(jwk(private), {name: Ed448}, true, [sign]) +Pass Missing JWK 'x' parameter: importKey(jwk(private), {name: Ed448}, false, [sign]) +Pass Missing JWK 'x' parameter: importKey(jwk(private), {name: Ed448}, true, [sign, sign]) +Pass Missing JWK 'x' parameter: importKey(jwk(private), {name: Ed448}, false, [sign, sign]) +Pass Missing JWK 'kty' parameter: importKey(jwk(private), {name: Ed448}, true, [sign]) +Pass Missing JWK 'kty' parameter: importKey(jwk(private), {name: Ed448}, false, [sign]) +Pass Missing JWK 'kty' parameter: importKey(jwk(private), {name: Ed448}, true, [sign, sign]) +Pass Missing JWK 'kty' parameter: importKey(jwk(private), {name: Ed448}, false, [sign, sign]) +Pass Missing JWK 'crv' parameter: importKey(jwk(private), {name: Ed448}, true, [sign]) +Pass Missing JWK 'crv' parameter: importKey(jwk(private), {name: Ed448}, false, [sign]) +Pass Missing JWK 'crv' parameter: importKey(jwk(private), {name: Ed448}, true, [sign, sign]) +Pass Missing JWK 'crv' parameter: importKey(jwk(private), {name: Ed448}, false, [sign, sign]) +Fail Invalid key pair: importKey(jwk(private), Ed448, true, [sign]) +Fail Invalid key pair: importKey(jwk(private), Ed448, true, [sign, sign]) +Fail Invalid key pair: importKey(jwk(private), {name: Ed448}, true, [sign]) +Fail Invalid key pair: importKey(jwk(private), {name: Ed448}, true, [sign, sign]) +Pass Missing algorithm name: importKey(spki, {}, true, verify) +Pass Missing algorithm name: importKey(spki, {}, false, verify) +Pass Missing algorithm name: importKey(pkcs8, {}, true, sign) +Pass Missing algorithm name: importKey(pkcs8, {}, false, sign) +Pass Missing algorithm name: importKey(raw, {}, true, verify) +Pass Missing algorithm name: importKey(raw, {}, false, verify) +Pass Missing algorithm name: importKey(jwk(private), {}, true, sign) +Pass Missing algorithm name: importKey(jwk(private), {}, false, sign) +Pass Missing algorithm name: importKey(jwk (public) , {}, true, verify) +Pass Missing algorithm name: importKey(jwk (public) , {}, false, verify) +Pass Invalid 'kty' field: importKey(jwk(private), Ed448, true, [sign]) +Pass Invalid 'kty' field: importKey(jwk (public) , Ed448, true, [verify]) +Pass Invalid 'kty' field: importKey(jwk(private), {name: Ed448}, true, [sign]) +Pass Invalid 'kty' field: importKey(jwk (public) , {name: Ed448}, true, [verify]) +Pass Import from a non-extractable: importKey(jwk(private), Ed448, true, [sign]) +Pass Import from a non-extractable: importKey(jwk (public) , Ed448, true, [verify]) +Pass Import from a non-extractable: importKey(jwk(private), {name: Ed448}, true, [sign]) +Pass Import from a non-extractable: importKey(jwk (public) , {name: Ed448}, true, [verify]) +Pass Invalid 'use' field: importKey(jwk(private), Ed448, true, [sign]) +Pass Invalid 'use' field: importKey(jwk (public) , Ed448, true, [verify]) +Pass Invalid 'use' field: importKey(jwk(private), {name: Ed448}, true, [sign]) +Pass Invalid 'use' field: importKey(jwk (public) , {name: Ed448}, true, [verify]) +Pass Invalid 'crv' field: importKey(jwk(private), Ed448, true, [sign]) +Pass Invalid 'crv' field: importKey(jwk (public) , Ed448, true, [verify]) +Pass Invalid 'crv' field: importKey(jwk(private), {name: Ed448}, true, [sign]) +Pass Invalid 'crv' field: importKey(jwk (public) , {name: Ed448}, true, [verify]) +Pass Invalid 'alg' field 'ed448': importKey(jwk(private), Ed448, true, [sign]) +Pass Invalid 'alg' field 'ED448': importKey(jwk(private), Ed448, true, [sign]) +Pass Invalid 'alg' field 'ed448': importKey(jwk (public) , Ed448, true, [verify]) +Pass Invalid 'alg' field 'ED448': importKey(jwk (public) , Ed448, true, [verify]) +Pass Invalid 'alg' field 'ed448': importKey(jwk(private), {name: Ed448}, true, [sign]) +Pass Invalid 'alg' field 'ED448': importKey(jwk(private), {name: Ed448}, true, [sign]) +Pass Invalid 'alg' field 'ed448': importKey(jwk (public) , {name: Ed448}, true, [verify]) +Pass Invalid 'alg' field 'ED448': importKey(jwk (public) , {name: Ed448}, true, [verify]) \ No newline at end of file diff --git a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_X25519.https.any.txt b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_X25519.https.any.txt index f2a3935024faa..218fddd58b365 100644 --- a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_X25519.https.any.txt +++ b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_X25519.https.any.txt @@ -2,8 +2,8 @@ Harness status: OK Found 454 tests -426 Pass -28 Fail +446 Pass +8 Fail Pass Bad usages: importKey(spki, X25519, true, [encrypt]) Pass Bad usages: importKey(spki, X25519, false, [encrypt]) Pass Bad usages: importKey(spki, X25519, true, [decrypt]) @@ -360,16 +360,16 @@ Pass Bad key length: importKey(pkcs8, X25519, true, [deriveKey, deriveBits, deri Pass Bad key length: importKey(pkcs8, X25519, false, [deriveKey, deriveBits, deriveKey, deriveBits]) Pass Bad key length: importKey(raw, X25519, true, []) Pass Bad key length: importKey(raw, X25519, false, []) -Fail Bad key length: importKey(jwk (public) , X25519, true, []) -Fail Bad key length: importKey(jwk (public) , X25519, false, []) -Fail Bad key length: importKey(jwk(private), X25519, true, [deriveKey]) -Fail Bad key length: importKey(jwk(private), X25519, false, [deriveKey]) -Fail Bad key length: importKey(jwk(private), X25519, true, [deriveBits, deriveKey]) -Fail Bad key length: importKey(jwk(private), X25519, false, [deriveBits, deriveKey]) -Fail Bad key length: importKey(jwk(private), X25519, true, [deriveBits]) -Fail Bad key length: importKey(jwk(private), X25519, false, [deriveBits]) -Fail Bad key length: importKey(jwk(private), X25519, true, [deriveKey, deriveBits, deriveKey, deriveBits]) -Fail Bad key length: importKey(jwk(private), X25519, false, [deriveKey, deriveBits, deriveKey, deriveBits]) +Pass Bad key length: importKey(jwk (public) , X25519, true, []) +Pass Bad key length: importKey(jwk (public) , X25519, false, []) +Pass Bad key length: importKey(jwk(private), X25519, true, [deriveKey]) +Pass Bad key length: importKey(jwk(private), X25519, false, [deriveKey]) +Pass Bad key length: importKey(jwk(private), X25519, true, [deriveBits, deriveKey]) +Pass Bad key length: importKey(jwk(private), X25519, false, [deriveBits, deriveKey]) +Pass Bad key length: importKey(jwk(private), X25519, true, [deriveBits]) +Pass Bad key length: importKey(jwk(private), X25519, false, [deriveBits]) +Pass Bad key length: importKey(jwk(private), X25519, true, [deriveKey, deriveBits, deriveKey, deriveBits]) +Pass Bad key length: importKey(jwk(private), X25519, false, [deriveKey, deriveBits, deriveKey, deriveBits]) Pass Bad key length: importKey(spki, {name: X25519}, true, []) Pass Bad key length: importKey(spki, {name: X25519}, false, []) Pass Bad key length: importKey(pkcs8, {name: X25519}, true, [deriveKey]) @@ -382,16 +382,16 @@ Pass Bad key length: importKey(pkcs8, {name: X25519}, true, [deriveKey, deriveBi Pass Bad key length: importKey(pkcs8, {name: X25519}, false, [deriveKey, deriveBits, deriveKey, deriveBits]) Pass Bad key length: importKey(raw, {name: X25519}, true, []) Pass Bad key length: importKey(raw, {name: X25519}, false, []) -Fail Bad key length: importKey(jwk (public) , {name: X25519}, true, []) -Fail Bad key length: importKey(jwk (public) , {name: X25519}, false, []) -Fail Bad key length: importKey(jwk(private), {name: X25519}, true, [deriveKey]) -Fail Bad key length: importKey(jwk(private), {name: X25519}, false, [deriveKey]) -Fail Bad key length: importKey(jwk(private), {name: X25519}, true, [deriveBits, deriveKey]) -Fail Bad key length: importKey(jwk(private), {name: X25519}, false, [deriveBits, deriveKey]) -Fail Bad key length: importKey(jwk(private), {name: X25519}, true, [deriveBits]) -Fail Bad key length: importKey(jwk(private), {name: X25519}, false, [deriveBits]) -Fail Bad key length: importKey(jwk(private), {name: X25519}, true, [deriveKey, deriveBits, deriveKey, deriveBits]) -Fail Bad key length: importKey(jwk(private), {name: X25519}, false, [deriveKey, deriveBits, deriveKey, deriveBits]) +Pass Bad key length: importKey(jwk (public) , {name: X25519}, true, []) +Pass Bad key length: importKey(jwk (public) , {name: X25519}, false, []) +Pass Bad key length: importKey(jwk(private), {name: X25519}, true, [deriveKey]) +Pass Bad key length: importKey(jwk(private), {name: X25519}, false, [deriveKey]) +Pass Bad key length: importKey(jwk(private), {name: X25519}, true, [deriveBits, deriveKey]) +Pass Bad key length: importKey(jwk(private), {name: X25519}, false, [deriveBits, deriveKey]) +Pass Bad key length: importKey(jwk(private), {name: X25519}, true, [deriveBits]) +Pass Bad key length: importKey(jwk(private), {name: X25519}, false, [deriveBits]) +Pass Bad key length: importKey(jwk(private), {name: X25519}, true, [deriveKey, deriveBits, deriveKey, deriveBits]) +Pass Bad key length: importKey(jwk(private), {name: X25519}, false, [deriveKey, deriveBits, deriveKey, deriveBits]) Pass Missing JWK 'x' parameter: importKey(jwk(private), X25519, true, [deriveKey]) Pass Missing JWK 'x' parameter: importKey(jwk(private), X25519, false, [deriveKey]) Pass Missing JWK 'x' parameter: importKey(jwk(private), X25519, true, [deriveBits, deriveKey]) @@ -457,4 +457,4 @@ Pass Invalid 'use' field: importKey(jwk(private), {name: X25519}, true, [deriveK Pass Invalid 'crv' field: importKey(jwk(private), X25519, true, [deriveKey, deriveBits]) Pass Invalid 'crv' field: importKey(jwk (public) , X25519, true, []) Pass Invalid 'crv' field: importKey(jwk(private), {name: X25519}, true, [deriveKey, deriveBits]) -Pass Invalid 'crv' field: importKey(jwk (public) , {name: X25519}, true, []) +Pass Invalid 'crv' field: importKey(jwk (public) , {name: X25519}, true, []) \ No newline at end of file diff --git a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_X448.tentative.https.any.txt b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_X448.tentative.https.any.txt index 7c72d2abf9e65..ef50dd3ba0b44 100644 --- a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_X448.tentative.https.any.txt +++ b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_X448.tentative.https.any.txt @@ -2,8 +2,7 @@ Harness status: OK Found 454 tests -426 Pass -28 Fail +454 Pass Pass Bad usages: importKey(spki, X448, true, [encrypt]) Pass Bad usages: importKey(spki, X448, false, [encrypt]) Pass Bad usages: importKey(spki, X448, true, [decrypt]) @@ -360,16 +359,16 @@ Pass Bad key length: importKey(pkcs8, X448, true, [deriveKey, deriveBits, derive Pass Bad key length: importKey(pkcs8, X448, false, [deriveKey, deriveBits, deriveKey, deriveBits]) Pass Bad key length: importKey(raw, X448, true, []) Pass Bad key length: importKey(raw, X448, false, []) -Fail Bad key length: importKey(jwk(private), X448, true, [deriveKey]) -Fail Bad key length: importKey(jwk(private), X448, false, [deriveKey]) -Fail Bad key length: importKey(jwk(private), X448, true, [deriveBits, deriveKey]) -Fail Bad key length: importKey(jwk(private), X448, false, [deriveBits, deriveKey]) -Fail Bad key length: importKey(jwk(private), X448, true, [deriveBits]) -Fail Bad key length: importKey(jwk(private), X448, false, [deriveBits]) -Fail Bad key length: importKey(jwk(private), X448, true, [deriveKey, deriveBits, deriveKey, deriveBits]) -Fail Bad key length: importKey(jwk(private), X448, false, [deriveKey, deriveBits, deriveKey, deriveBits]) -Fail Bad key length: importKey(jwk (public) , X448, true, []) -Fail Bad key length: importKey(jwk (public) , X448, false, []) +Pass Bad key length: importKey(jwk(private), X448, true, [deriveKey]) +Pass Bad key length: importKey(jwk(private), X448, false, [deriveKey]) +Pass Bad key length: importKey(jwk(private), X448, true, [deriveBits, deriveKey]) +Pass Bad key length: importKey(jwk(private), X448, false, [deriveBits, deriveKey]) +Pass Bad key length: importKey(jwk(private), X448, true, [deriveBits]) +Pass Bad key length: importKey(jwk(private), X448, false, [deriveBits]) +Pass Bad key length: importKey(jwk(private), X448, true, [deriveKey, deriveBits, deriveKey, deriveBits]) +Pass Bad key length: importKey(jwk(private), X448, false, [deriveKey, deriveBits, deriveKey, deriveBits]) +Pass Bad key length: importKey(jwk (public) , X448, true, []) +Pass Bad key length: importKey(jwk (public) , X448, false, []) Pass Bad key length: importKey(spki, {name: X448}, true, []) Pass Bad key length: importKey(spki, {name: X448}, false, []) Pass Bad key length: importKey(pkcs8, {name: X448}, true, [deriveKey]) @@ -382,16 +381,16 @@ Pass Bad key length: importKey(pkcs8, {name: X448}, true, [deriveKey, deriveBits Pass Bad key length: importKey(pkcs8, {name: X448}, false, [deriveKey, deriveBits, deriveKey, deriveBits]) Pass Bad key length: importKey(raw, {name: X448}, true, []) Pass Bad key length: importKey(raw, {name: X448}, false, []) -Fail Bad key length: importKey(jwk(private), {name: X448}, true, [deriveKey]) -Fail Bad key length: importKey(jwk(private), {name: X448}, false, [deriveKey]) -Fail Bad key length: importKey(jwk(private), {name: X448}, true, [deriveBits, deriveKey]) -Fail Bad key length: importKey(jwk(private), {name: X448}, false, [deriveBits, deriveKey]) -Fail Bad key length: importKey(jwk(private), {name: X448}, true, [deriveBits]) -Fail Bad key length: importKey(jwk(private), {name: X448}, false, [deriveBits]) -Fail Bad key length: importKey(jwk(private), {name: X448}, true, [deriveKey, deriveBits, deriveKey, deriveBits]) -Fail Bad key length: importKey(jwk(private), {name: X448}, false, [deriveKey, deriveBits, deriveKey, deriveBits]) -Fail Bad key length: importKey(jwk (public) , {name: X448}, true, []) -Fail Bad key length: importKey(jwk (public) , {name: X448}, false, []) +Pass Bad key length: importKey(jwk(private), {name: X448}, true, [deriveKey]) +Pass Bad key length: importKey(jwk(private), {name: X448}, false, [deriveKey]) +Pass Bad key length: importKey(jwk(private), {name: X448}, true, [deriveBits, deriveKey]) +Pass Bad key length: importKey(jwk(private), {name: X448}, false, [deriveBits, deriveKey]) +Pass Bad key length: importKey(jwk(private), {name: X448}, true, [deriveBits]) +Pass Bad key length: importKey(jwk(private), {name: X448}, false, [deriveBits]) +Pass Bad key length: importKey(jwk(private), {name: X448}, true, [deriveKey, deriveBits, deriveKey, deriveBits]) +Pass Bad key length: importKey(jwk(private), {name: X448}, false, [deriveKey, deriveBits, deriveKey, deriveBits]) +Pass Bad key length: importKey(jwk (public) , {name: X448}, true, []) +Pass Bad key length: importKey(jwk (public) , {name: X448}, false, []) Pass Missing JWK 'x' parameter: importKey(jwk(private), X448, true, [deriveKey]) Pass Missing JWK 'x' parameter: importKey(jwk(private), X448, false, [deriveKey]) Pass Missing JWK 'x' parameter: importKey(jwk(private), X448, true, [deriveBits, deriveKey]) @@ -428,14 +427,14 @@ Pass Missing JWK 'kty' parameter: importKey(jwk(private), {name: X448}, true, [d Pass Missing JWK 'kty' parameter: importKey(jwk(private), {name: X448}, false, [deriveKey, deriveBits, deriveKey, deriveBits]) Pass Missing JWK 'crv' parameter: importKey(jwk (public) , {name: X448}, true, []) Pass Missing JWK 'crv' parameter: importKey(jwk (public) , {name: X448}, false, []) -Fail Invalid key pair: importKey(jwk(private), X448, true, [deriveKey]) -Fail Invalid key pair: importKey(jwk(private), X448, true, [deriveBits, deriveKey]) -Fail Invalid key pair: importKey(jwk(private), X448, true, [deriveBits]) -Fail Invalid key pair: importKey(jwk(private), X448, true, [deriveKey, deriveBits, deriveKey, deriveBits]) -Fail Invalid key pair: importKey(jwk(private), {name: X448}, true, [deriveKey]) -Fail Invalid key pair: importKey(jwk(private), {name: X448}, true, [deriveBits, deriveKey]) -Fail Invalid key pair: importKey(jwk(private), {name: X448}, true, [deriveBits]) -Fail Invalid key pair: importKey(jwk(private), {name: X448}, true, [deriveKey, deriveBits, deriveKey, deriveBits]) +Pass Invalid key pair: importKey(jwk(private), X448, true, [deriveKey]) +Pass Invalid key pair: importKey(jwk(private), X448, true, [deriveBits, deriveKey]) +Pass Invalid key pair: importKey(jwk(private), X448, true, [deriveBits]) +Pass Invalid key pair: importKey(jwk(private), X448, true, [deriveKey, deriveBits, deriveKey, deriveBits]) +Pass Invalid key pair: importKey(jwk(private), {name: X448}, true, [deriveKey]) +Pass Invalid key pair: importKey(jwk(private), {name: X448}, true, [deriveBits, deriveKey]) +Pass Invalid key pair: importKey(jwk(private), {name: X448}, true, [deriveBits]) +Pass Invalid key pair: importKey(jwk(private), {name: X448}, true, [deriveKey, deriveBits, deriveKey, deriveBits]) Pass Missing algorithm name: importKey(pkcs8, {}, true, deriveKey) Pass Missing algorithm name: importKey(pkcs8, {}, false, deriveKey) Pass Missing algorithm name: importKey(pkcs8, {}, true, deriveBits) diff --git a/Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed448.tentative.https.any.html b/Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed448.tentative.https.any.html new file mode 100644 index 0000000000000..18b0984d085cc --- /dev/null +++ b/Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed448.tentative.https.any.html @@ -0,0 +1,18 @@ + + +WebCryptoAPI: importKey() for Failures + + + + + + + +
+ diff --git a/Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed448.tentative.https.any.js b/Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed448.tentative.https.any.js new file mode 100644 index 0000000000000..8ff3de5c79d3a --- /dev/null +++ b/Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed448.tentative.https.any.js @@ -0,0 +1,8 @@ +// META: title=WebCryptoAPI: importKey() for Failures +// META: timeout=long +// META: script=../util/helpers.js +// META: script=okp_importKey_failures_fixtures.js +// META: script=importKey_failures.js + + +run_test(["Ed448"]); From 5496e6e8e3ed409de7757bb0295ff79e27d16715 Mon Sep 17 00:00:00 2001 From: Tete17 Date: Sun, 12 Apr 2026 23:19:04 +0200 Subject: [PATCH 3/3] LibWeb: Validate JWK key pair consistency for OKP importKey For private key JWK imports, after decoding both d and x, derive the public key from d and verify it matches x. A private key that doesn't correspond to the provided public key doesn't "contain the private key" as required by RFC 8037 Section 2. --- Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp | 20 +++++++++++++++++++ ...p_importKey_failures_Ed25519.https.any.txt | 11 +++++----- ...Key_failures_Ed448.tentative.https.any.txt | 11 +++++----- ...kp_importKey_failures_X25519.https.any.txt | 19 +++++++++--------- 4 files changed, 39 insertions(+), 22 deletions(-) diff --git a/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp b/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp index 15df129abebe6..31c4a340f47f1 100644 --- a/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp +++ b/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp @@ -6094,6 +6094,11 @@ WebIDL::ExceptionOr> ED25519::import_key( if (private_key.size() != 32) return WebIDL::DataError::create(m_realm, "Invalid key length"_utf16); + ::Crypto::Curves::Ed25519 curve; + auto derived_public_key = TRY_OR_THROW_OOM(m_realm->vm(), curve.generate_public_key(private_key)); + if (derived_public_key != public_key) + return WebIDL::DataError::create(m_realm, "Invalid key pair"_utf16); + // 2. Let key be a new CryptoKey object that represents the Ed25519 private key identified by interpreting jwk according to Section 2 of [RFC8037]. key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { private_key }); @@ -6599,6 +6604,11 @@ WebIDL::ExceptionOr> ED448::import_key( if (private_key.size() != 57) return WebIDL::DataError::create(m_realm, "Invalid key length"_utf16); + ::Crypto::Curves::Ed448 curve; + auto derived_public_key = TRY_OR_THROW_OOM(m_realm->vm(), curve.generate_public_key(private_key)); + if (derived_public_key != public_key) + return WebIDL::DataError::create(m_realm, "Invalid key pair"_utf16); + // 2. Let key be a new CryptoKey object that represents the Ed448 private key identified by interpreting jwk according to Section 2 of [RFC8037]. key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { private_key }); @@ -7327,6 +7337,11 @@ WebIDL::ExceptionOr> X25519::import_key([[maybe_unused]] Web: if (private_key.size() != 32) return WebIDL::DataError::create(m_realm, "Invalid key length"_utf16); + ::Crypto::Curves::X25519 curve; + auto derived_public_key = TRY_OR_THROW_OOM(m_realm->vm(), curve.generate_public_key(private_key)); + if (derived_public_key != public_key) + return WebIDL::DataError::create(m_realm, "Invalid key pair"_utf16); + // 2. Let key be a new CryptoKey object that represents the X25519 private key identified by interpreting jwk according to Section 2 of [RFC8037]. key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { private_key }); @@ -7940,6 +7955,11 @@ WebIDL::ExceptionOr> X448::import_key( if (private_key.size() != 56) return WebIDL::DataError::create(m_realm, "Invalid key length"_utf16); + ::Crypto::Curves::X448 curve; + auto derived_public_key = TRY_OR_THROW_OOM(m_realm->vm(), curve.generate_public_key(private_key)); + if (derived_public_key != public_key) + return WebIDL::DataError::create(m_realm, "Invalid key pair"_utf16); + // 2. Let key be a new CryptoKey object that represents the X448 private key identified by interpreting jwk according to Section 2 of [RFC8037]. key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { private_key }); diff --git a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed25519.https.any.txt b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed25519.https.any.txt index c43911ed42a4d..517987a91ddf5 100644 --- a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed25519.https.any.txt +++ b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed25519.https.any.txt @@ -2,8 +2,7 @@ Harness status: OK Found 530 tests -526 Pass -4 Fail +530 Pass Pass Bad usages: importKey(spki, Ed25519, true, [encrypt]) Pass Bad usages: importKey(spki, Ed25519, false, [encrypt]) Pass Bad usages: importKey(spki, Ed25519, true, [verify, encrypt]) @@ -496,10 +495,10 @@ Pass Missing JWK 'crv' parameter: importKey(jwk (public) , {name: Ed25519}, true Pass Missing JWK 'crv' parameter: importKey(jwk (public) , {name: Ed25519}, false, [verify]) Pass Missing JWK 'crv' parameter: importKey(jwk (public) , {name: Ed25519}, true, [verify, verify]) Pass Missing JWK 'crv' parameter: importKey(jwk (public) , {name: Ed25519}, false, [verify, verify]) -Fail Invalid key pair: importKey(jwk(private), Ed25519, true, [sign]) -Fail Invalid key pair: importKey(jwk(private), Ed25519, true, [sign, sign]) -Fail Invalid key pair: importKey(jwk(private), {name: Ed25519}, true, [sign]) -Fail Invalid key pair: importKey(jwk(private), {name: Ed25519}, true, [sign, sign]) +Pass Invalid key pair: importKey(jwk(private), Ed25519, true, [sign]) +Pass Invalid key pair: importKey(jwk(private), Ed25519, true, [sign, sign]) +Pass Invalid key pair: importKey(jwk(private), {name: Ed25519}, true, [sign]) +Pass Invalid key pair: importKey(jwk(private), {name: Ed25519}, true, [sign, sign]) Pass Missing algorithm name: importKey(spki, {}, true, verify) Pass Missing algorithm name: importKey(spki, {}, false, verify) Pass Missing algorithm name: importKey(pkcs8, {}, true, sign) diff --git a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed448.tentative.https.any.txt b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed448.tentative.https.any.txt index a53af2af8cb3b..e3887f4c3f81a 100644 --- a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed448.tentative.https.any.txt +++ b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_Ed448.tentative.https.any.txt @@ -2,8 +2,7 @@ Harness status: OK Found 530 tests -526 Pass -4 Fail +530 Pass Pass Bad usages: importKey(spki, Ed448, true, [encrypt]) Pass Bad usages: importKey(spki, Ed448, false, [encrypt]) Pass Bad usages: importKey(spki, Ed448, true, [verify, encrypt]) @@ -496,10 +495,10 @@ Pass Missing JWK 'crv' parameter: importKey(jwk(private), {name: Ed448}, true, [ Pass Missing JWK 'crv' parameter: importKey(jwk(private), {name: Ed448}, false, [sign]) Pass Missing JWK 'crv' parameter: importKey(jwk(private), {name: Ed448}, true, [sign, sign]) Pass Missing JWK 'crv' parameter: importKey(jwk(private), {name: Ed448}, false, [sign, sign]) -Fail Invalid key pair: importKey(jwk(private), Ed448, true, [sign]) -Fail Invalid key pair: importKey(jwk(private), Ed448, true, [sign, sign]) -Fail Invalid key pair: importKey(jwk(private), {name: Ed448}, true, [sign]) -Fail Invalid key pair: importKey(jwk(private), {name: Ed448}, true, [sign, sign]) +Pass Invalid key pair: importKey(jwk(private), Ed448, true, [sign]) +Pass Invalid key pair: importKey(jwk(private), Ed448, true, [sign, sign]) +Pass Invalid key pair: importKey(jwk(private), {name: Ed448}, true, [sign]) +Pass Invalid key pair: importKey(jwk(private), {name: Ed448}, true, [sign, sign]) Pass Missing algorithm name: importKey(spki, {}, true, verify) Pass Missing algorithm name: importKey(spki, {}, false, verify) Pass Missing algorithm name: importKey(pkcs8, {}, true, sign) diff --git a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_X25519.https.any.txt b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_X25519.https.any.txt index 218fddd58b365..1b752ea38f530 100644 --- a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_X25519.https.any.txt +++ b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_failures_X25519.https.any.txt @@ -2,8 +2,7 @@ Harness status: OK Found 454 tests -446 Pass -8 Fail +454 Pass Pass Bad usages: importKey(spki, X25519, true, [encrypt]) Pass Bad usages: importKey(spki, X25519, false, [encrypt]) Pass Bad usages: importKey(spki, X25519, true, [decrypt]) @@ -428,14 +427,14 @@ Pass Missing JWK 'kty' parameter: importKey(jwk(private), {name: X25519}, true, Pass Missing JWK 'kty' parameter: importKey(jwk(private), {name: X25519}, false, [deriveKey, deriveBits, deriveKey, deriveBits]) Pass Missing JWK 'crv' parameter: importKey(jwk (public) , {name: X25519}, true, []) Pass Missing JWK 'crv' parameter: importKey(jwk (public) , {name: X25519}, false, []) -Fail Invalid key pair: importKey(jwk(private), X25519, true, [deriveKey]) -Fail Invalid key pair: importKey(jwk(private), X25519, true, [deriveBits, deriveKey]) -Fail Invalid key pair: importKey(jwk(private), X25519, true, [deriveBits]) -Fail Invalid key pair: importKey(jwk(private), X25519, true, [deriveKey, deriveBits, deriveKey, deriveBits]) -Fail Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveKey]) -Fail Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveBits, deriveKey]) -Fail Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveBits]) -Fail Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveKey, deriveBits, deriveKey, deriveBits]) +Pass Invalid key pair: importKey(jwk(private), X25519, true, [deriveKey]) +Pass Invalid key pair: importKey(jwk(private), X25519, true, [deriveBits, deriveKey]) +Pass Invalid key pair: importKey(jwk(private), X25519, true, [deriveBits]) +Pass Invalid key pair: importKey(jwk(private), X25519, true, [deriveKey, deriveBits, deriveKey, deriveBits]) +Pass Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveKey]) +Pass Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveBits, deriveKey]) +Pass Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveBits]) +Pass Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveKey, deriveBits, deriveKey, deriveBits]) Pass Missing algorithm name: importKey(pkcs8, {}, true, deriveKey) Pass Missing algorithm name: importKey(pkcs8, {}, false, deriveKey) Pass Missing algorithm name: importKey(pkcs8, {}, true, deriveBits)