From 4df7bc5cb019a44ed3fdc817be58f9d0f76b9fea Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 14 Jun 2022 15:07:50 +0200 Subject: [PATCH 1/6] crypto: fix webcrypto deriveBits for non-byte lengths --- lib/internal/crypto/diffiehellman.js | 8 ++++---- test/parallel/test-webcrypto-derivebits-cfrg.js | 2 +- test/parallel/test-webcrypto-derivebits-ecdh.js | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/internal/crypto/diffiehellman.js b/lib/internal/crypto/diffiehellman.js index 85f2be16007c74..036f661fad6be2 100644 --- a/lib/internal/crypto/diffiehellman.js +++ b/lib/internal/crypto/diffiehellman.js @@ -3,7 +3,7 @@ const { ArrayBufferPrototypeSlice, FunctionPrototypeCall, - MathFloor, + MathCeil, ObjectDefineProperty, Promise, SafeSet, @@ -386,9 +386,9 @@ async function asyncDeriveBitsECDH(algorithm, baseKey, length) { if (length === null) return bits; - // If the length is not a multiple of 8, it will be truncated - // down to the nearest multiple of 8. - length = MathFloor(length / 8); + // If the length is not a multiple of 8 the nearest ceiled + // multiple of 8 is sliced. + length = MathCeil(length / 8); const { byteLength } = bits; // If the length is larger than the derived secret, throw. diff --git a/test/parallel/test-webcrypto-derivebits-cfrg.js b/test/parallel/test-webcrypto-derivebits-cfrg.js index ff3e4ef7de5470..2233d1a2d274c7 100644 --- a/test/parallel/test-webcrypto-derivebits-cfrg.js +++ b/test/parallel/test-webcrypto-derivebits-cfrg.js @@ -133,7 +133,7 @@ async function prepareKeys() { assert.strictEqual( Buffer.from(bits).toString('hex'), - result.slice(0, -4)); + result.slice(0, -2)); } })); diff --git a/test/parallel/test-webcrypto-derivebits-ecdh.js b/test/parallel/test-webcrypto-derivebits-ecdh.js index de19ac1cd4e415..826b591d37ca65 100644 --- a/test/parallel/test-webcrypto-derivebits-ecdh.js +++ b/test/parallel/test-webcrypto-derivebits-ecdh.js @@ -154,7 +154,7 @@ async function prepareKeys() { assert.strictEqual( Buffer.from(bits).toString('hex'), - result.slice(0, -4)); + result.slice(0, -2)); } })); From 7bb49887a55744ca4ed96a79611c8c3b8859dd1d Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 14 Jun 2022 16:26:28 +0200 Subject: [PATCH 2/6] crypto: fix webcrypto AES-KW keys accepting encrypt/decrypt usages --- lib/internal/crypto/aes.js | 10 +++++++--- test/parallel/test-webcrypto-keygen.js | 18 ++++++++++-------- 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/lib/internal/crypto/aes.js b/lib/internal/crypto/aes.js index 2c74a49139a70a..324662e1f8b1b4 100644 --- a/lib/internal/crypto/aes.js +++ b/lib/internal/crypto/aes.js @@ -230,13 +230,17 @@ async function aesGenerateKey(algorithm, extractable, keyUsages) { validateInteger(length, 'algorithm.length'); validateOneOf(length, 'algorithm.length', kAesKeyLengths); - const usageSet = new SafeSet(keyUsages); + const checkUsages = ['wrapKey', 'unwrapKey']; + if (name !== 'AES-KW') + ArrayPrototypePush(checkUsages, 'encrypt', 'decrypt'); - if (hasAnyNotIn(usageSet, ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey'])) { + const usagesSet = new SafeSet(keyUsages); + if (hasAnyNotIn(usagesSet, checkUsages)) { throw lazyDOMException( 'Unsupported key usage for an AES key', 'SyntaxError'); } + return new Promise((resolve, reject) => { generateKey('aes', { length }, (err, key) => { if (err) { @@ -249,7 +253,7 @@ async function aesGenerateKey(algorithm, extractable, keyUsages) { resolve(new InternalCryptoKey( key, { name, length }, - ArrayFrom(usageSet), + ArrayFrom(usagesSet), extractable)); }); }); diff --git a/test/parallel/test-webcrypto-keygen.js b/test/parallel/test-webcrypto-keygen.js index 948c755a9114bc..c3429af99e66a7 100644 --- a/test/parallel/test-webcrypto-keygen.js +++ b/test/parallel/test-webcrypto-keygen.js @@ -211,14 +211,16 @@ const vectors = { if (!vectors[name].usages.includes(usage)) invalidUsages.push(usage); }); - return assert.rejects( - subtle.generateKey( - { - name, ...vectors[name].algorithm - }, - true, - invalidUsages), - { message: /Unsupported key usage/ }); + for (const invalidUsage of invalidUsages) { + await assert.rejects( + subtle.generateKey( + { + name, ...vectors[name].algorithm + }, + true, + [...vectors[name].usages, invalidUsage]), + { message: /Unsupported key usage/ }); + } } const tests = Object.keys(vectors).map(test); From 514e8a5ecffdf5aa7cad432c9dea6856774aabb5 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 14 Jun 2022 14:17:21 +0200 Subject: [PATCH 3/6] crypto: fix webcrypto RSA generateKey() use of publicExponent --- lib/internal/crypto/rsa.js | 2 +- test/parallel/test-webcrypto-keygen.js | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/lib/internal/crypto/rsa.js b/lib/internal/crypto/rsa.js index 27b5803db4f77d..728e4bd951cdc5 100644 --- a/lib/internal/crypto/rsa.js +++ b/lib/internal/crypto/rsa.js @@ -176,7 +176,7 @@ async function rsaKeyGenerate( return new Promise((resolve, reject) => { generateKeyPair('rsa', { modulusLength, - publicExponentConverted, + publicExponent: publicExponentConverted, }, (err, pubKey, privKey) => { if (err) { return reject(lazyDOMException( diff --git a/test/parallel/test-webcrypto-keygen.js b/test/parallel/test-webcrypto-keygen.js index c3429af99e66a7..32e8fc39ee6d15 100644 --- a/test/parallel/test-webcrypto-keygen.js +++ b/test/parallel/test-webcrypto-keygen.js @@ -1,3 +1,4 @@ +// Flags: --expose-internals 'use strict'; const common = require('../common'); @@ -10,8 +11,11 @@ const { types: { isCryptoKey } } = require('util'); const { webcrypto: { subtle, CryptoKey }, createSecretKey, + KeyObject, } = require('crypto'); +const { bigIntArrayToUnsignedBigInt } = require('internal/crypto/util'); + const allUsages = [ 'encrypt', 'decrypt', @@ -264,10 +268,16 @@ const vectors = { assert.strictEqual(publicKey.algorithm.name, name); assert.strictEqual(publicKey.algorithm.modulusLength, modulusLength); assert.deepStrictEqual(publicKey.algorithm.publicExponent, publicExponent); + assert.strictEqual( + KeyObject.from(publicKey).asymmetricKeyDetails.publicExponent, + bigIntArrayToUnsignedBigInt(publicExponent)); assert.strictEqual(publicKey.algorithm.hash.name, hash); assert.strictEqual(privateKey.algorithm.name, name); assert.strictEqual(privateKey.algorithm.modulusLength, modulusLength); assert.deepStrictEqual(privateKey.algorithm.publicExponent, publicExponent); + assert.strictEqual( + KeyObject.from(privateKey).asymmetricKeyDetails.publicExponent, + bigIntArrayToUnsignedBigInt(publicExponent)); assert.strictEqual(privateKey.algorithm.hash.name, hash); // Missing parameters @@ -344,6 +354,17 @@ const vectors = { code: 'ERR_INVALID_ARG_TYPE' }); })); + + await Promise.all([[1], [1, 0, 0]].map((publicExponent) => { + return assert.rejects(subtle.generateKey({ + name, + modulusLength, + publicExponent: new Uint8Array(publicExponent), + hash + }, true, usages), { + name: 'OperationError', + }); + })); } const kTests = [ From 55be639273c0577d9de5a427fa469b45e3a1317d Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 14 Jun 2022 21:28:59 +0200 Subject: [PATCH 4/6] crypto: fix webcrypto digest() invalid algorithm --- lib/internal/crypto/hash.js | 25 ++++++++++++++++++++----- test/parallel/test-webcrypto-digest.js | 6 ++++++ 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/lib/internal/crypto/hash.js b/lib/internal/crypto/hash.js index 6c502f52b66503..956053af0a8c2c 100644 --- a/lib/internal/crypto/hash.js +++ b/lib/internal/crypto/hash.js @@ -28,6 +28,10 @@ const { prepareSecretKey, } = require('internal/crypto/keys'); +const { + lazyDOMException, +} = require('internal/util'); + const { Buffer, } = require('buffer'); @@ -171,11 +175,22 @@ async function asyncDigest(algorithm, data) { if (algorithm.length !== undefined) validateUint32(algorithm.length, 'algorithm.length'); - return jobPromise(new HashJob( - kCryptoJobAsync, - normalizeHashName(algorithm.name), - data, - algorithm.length)); + switch (algorithm.name) { + case 'SHA-1': + // Fall through + case 'SHA-256': + // Fall through + case 'SHA-384': + // Fall through + case 'SHA-512': + return jobPromise(new HashJob( + kCryptoJobAsync, + normalizeHashName(algorithm.name), + data, + algorithm.length)); + } + + throw lazyDOMException('Unrecognized name.', 'NotSupportedError'); } module.exports = { diff --git a/test/parallel/test-webcrypto-digest.js b/test/parallel/test-webcrypto-digest.js index 78b12ea6a5574c..b8680564d1a1a3 100644 --- a/test/parallel/test-webcrypto-digest.js +++ b/test/parallel/test-webcrypto-digest.js @@ -168,3 +168,9 @@ async function testDigest(size, name) { await Promise.all(variations); })().then(common.mustCall()); + +(async () => { + await assert.rejects(subtle.digest('RSA-OAEP', Buffer.alloc(1)), { + name: 'NotSupportedError', + }); +})().then(common.mustCall()); From 6de6ec9e996ff78a8b70770aed4755cd1267fa6c Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 14 Jun 2022 21:29:17 +0200 Subject: [PATCH 5/6] crypto: fix webcrypto generateKey() with empty usages --- lib/internal/crypto/webcrypto.js | 5 +++++ test/parallel/test-webcrypto-keygen.js | 9 +++++++++ test/parallel/test-webcrypto-sign-verify-hmac.js | 2 +- 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/lib/internal/crypto/webcrypto.js b/lib/internal/crypto/webcrypto.js index a5f442b0e57cfb..dc2e94aae7770e 100644 --- a/lib/internal/crypto/webcrypto.js +++ b/lib/internal/crypto/webcrypto.js @@ -89,6 +89,11 @@ async function generateKey( algorithm = normalizeAlgorithm(algorithm); validateBoolean(extractable, 'extractable'); validateArray(keyUsages, 'keyUsages'); + if (keyUsages.length === 0) { + throw lazyDOMException( + 'Usages cannot be empty when creating a key', + 'SyntaxError'); + } switch (algorithm.name) { case 'RSASSA-PKCS1-v1_5': // Fall through diff --git a/test/parallel/test-webcrypto-keygen.js b/test/parallel/test-webcrypto-keygen.js index 32e8fc39ee6d15..5d039fdf036344 100644 --- a/test/parallel/test-webcrypto-keygen.js +++ b/test/parallel/test-webcrypto-keygen.js @@ -210,6 +210,15 @@ const vectors = { // Test bad usages { async function test(name) { + await assert.rejects( + subtle.generateKey( + { + name, ...vectors[name].algorithm + }, + true, + []), + { message: /Usages cannot be empty/ }); + const invalidUsages = []; allUsages.forEach((usage) => { if (!vectors[name].usages.includes(usage)) diff --git a/test/parallel/test-webcrypto-sign-verify-hmac.js b/test/parallel/test-webcrypto-sign-verify-hmac.js index 3028816054ca76..0962773b132768 100644 --- a/test/parallel/test-webcrypto-sign-verify-hmac.js +++ b/test/parallel/test-webcrypto-sign-verify-hmac.js @@ -153,7 +153,7 @@ async function testSign({ hash, } await assert.rejects( - subtle.generateKey({ name }, false, []), { + subtle.generateKey({ name }, false, ['sign', 'verify']), { name: 'TypeError', code: 'ERR_MISSING_OPTION', message: 'algorithm.hash is required' From 8d56d28df323d72f469efceb620391caea990151 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 14 Jun 2022 11:33:33 +0200 Subject: [PATCH 6/6] crypto: update webcrypto WPT [skip ci] --- test/fixtures/wpt/README.md | 2 +- ...algorithm-discards-context.https.window.js | 213 +++++++++ .../cfrg_curves_bits.https.any.js | 9 + .../derive_bits_keys/cfrg_curves_bits.js | 245 ++++++++++ .../cfrg_curves_keys.https.any.js | 9 + .../derive_bits_keys/cfrg_curves_keys.js | 213 +++++++++ .../wpt/WebCryptoAPI/generateKey/failures.js | 6 +- .../generateKey/failures_Ed25519.https.any.js | 5 + .../generateKey/failures_Ed448.https.any.js | 5 + .../generateKey/failures_X25519.https.any.js | 5 + .../generateKey/failures_X448.https.any.js | 5 + .../wpt/WebCryptoAPI/generateKey/successes.js | 6 +- .../successes_Ed25519.https.any.js | 6 + .../generateKey/successes_Ed448.https.any.js | 6 + .../generateKey/successes_X25519.https.any.js | 6 + .../generateKey/successes_X448.https.any.js | 6 + .../wpt/WebCryptoAPI/getRandomValues.any.js | 18 +- .../import_export/okp_importKey.https.any.js | 282 ++++++++++++ .../wpt/WebCryptoAPI/randomUUID.https.any.js | 2 +- .../sign_verify/eddsa.https.any.js | 6 + .../wpt/WebCryptoAPI/sign_verify/eddsa.js | 422 ++++++++++++++++++ .../WebCryptoAPI/sign_verify/eddsa_vectors.js | 58 +++ .../fixtures/wpt/WebCryptoAPI/util/helpers.js | 13 +- test/fixtures/wpt/versions.json | 4 +- test/wpt/status/WebCryptoAPI.json | 170 ++++--- test/wpt/test-webcrypto.js | 4 + 26 files changed, 1648 insertions(+), 78 deletions(-) create mode 100644 test/fixtures/wpt/WebCryptoAPI/algorithm-discards-context.https.window.js create mode 100644 test/fixtures/wpt/WebCryptoAPI/derive_bits_keys/cfrg_curves_bits.https.any.js create mode 100644 test/fixtures/wpt/WebCryptoAPI/derive_bits_keys/cfrg_curves_bits.js create mode 100644 test/fixtures/wpt/WebCryptoAPI/derive_bits_keys/cfrg_curves_keys.https.any.js create mode 100644 test/fixtures/wpt/WebCryptoAPI/derive_bits_keys/cfrg_curves_keys.js create mode 100644 test/fixtures/wpt/WebCryptoAPI/generateKey/failures_Ed25519.https.any.js create mode 100644 test/fixtures/wpt/WebCryptoAPI/generateKey/failures_Ed448.https.any.js create mode 100644 test/fixtures/wpt/WebCryptoAPI/generateKey/failures_X25519.https.any.js create mode 100644 test/fixtures/wpt/WebCryptoAPI/generateKey/failures_X448.https.any.js create mode 100644 test/fixtures/wpt/WebCryptoAPI/generateKey/successes_Ed25519.https.any.js create mode 100644 test/fixtures/wpt/WebCryptoAPI/generateKey/successes_Ed448.https.any.js create mode 100644 test/fixtures/wpt/WebCryptoAPI/generateKey/successes_X25519.https.any.js create mode 100644 test/fixtures/wpt/WebCryptoAPI/generateKey/successes_X448.https.any.js create mode 100644 test/fixtures/wpt/WebCryptoAPI/import_export/okp_importKey.https.any.js create mode 100644 test/fixtures/wpt/WebCryptoAPI/sign_verify/eddsa.https.any.js create mode 100644 test/fixtures/wpt/WebCryptoAPI/sign_verify/eddsa.js create mode 100644 test/fixtures/wpt/WebCryptoAPI/sign_verify/eddsa_vectors.js diff --git a/test/fixtures/wpt/README.md b/test/fixtures/wpt/README.md index 927a8a6f80fb58..d326eb045eacf5 100644 --- a/test/fixtures/wpt/README.md +++ b/test/fixtures/wpt/README.md @@ -28,7 +28,7 @@ Last update: - user-timing: https://github.com/web-platform-tests/wpt/tree/df24fb604e/user-timing - wasm/jsapi: https://github.com/web-platform-tests/wpt/tree/1dd414c796/wasm/jsapi - wasm/webapi: https://github.com/web-platform-tests/wpt/tree/fd1b23eeaa/wasm/webapi -- WebCryptoAPI: https://github.com/web-platform-tests/wpt/tree/cdd0f03df4/WebCryptoAPI +- WebCryptoAPI: https://github.com/web-platform-tests/wpt/tree/edca84af42/WebCryptoAPI - webidl/ecmascript-binding/es-exceptions: https://github.com/web-platform-tests/wpt/tree/a370aad338/webidl/ecmascript-binding/es-exceptions [Web Platform Tests]: https://github.com/web-platform-tests/wpt diff --git a/test/fixtures/wpt/WebCryptoAPI/algorithm-discards-context.https.window.js b/test/fixtures/wpt/WebCryptoAPI/algorithm-discards-context.https.window.js new file mode 100644 index 00000000000000..e648bc2f230f0c --- /dev/null +++ b/test/fixtures/wpt/WebCryptoAPI/algorithm-discards-context.https.window.js @@ -0,0 +1,213 @@ +// META: title=WebCryptoAPI: Properties discard the context in algorithm normalization + +let nextTest = 0; +let tests = {}; +function closeChild(testId) { + if (tests[testId]) { + let {child, t} = tests[testId]; + delete tests[testId]; + document.body.removeChild(child); + t.done(); + } +} + +function runInChild(t, childScript) { + let testId = nextTest++; + const preamble = ` +let testId = ${testId}; +function closeChildOnAccess(obj, key) { + const oldValue = obj[key]; + Object.defineProperty(obj, key, {get: () => { + top.closeChild(testId); + return oldValue; + }}); +} +`; + childScript = preamble + childScript; + + let child = document.createElement("iframe"); + tests[testId] = {t, child}; + document.body.appendChild(child); + let script = document.createElement("script"); + script.textContent = childScript; + child.contentDocument.body.appendChild(script); +} + +async_test((t) => { + const childScript = ` +let algorithm = {name: "AES-GCM", length: 128}; +closeChildOnAccess(algorithm, "name"); +crypto.subtle.generateKey(algorithm, true, ["encrypt", "decrypt"]);`; + runInChild(t, childScript); +}, "Context is discarded in generateKey"); + +async_test((t) => { + const childScript = ` +let algorithm = {name: "AES-GCM"}; +closeChildOnAccess(algorithm, "name"); +crypto.subtle.importKey("raw", new Uint8Array(16), algorithm, true, + ["encrypt", "decrypt"]);`; + runInChild(t, childScript); +}, "Context is discarded in importKey"); + +async_test((t) => { + const childScript = ` +(async () => { + let key = await crypto.subtle.generateKey( + {name: "AES-GCM", length: 128}, true, ["encrypt", "decrypt"]); + let algorithm = {name: "AES-GCM", iv: new Uint8Array(12)}; + closeChildOnAccess(algorithm, "name"); + crypto.subtle.encrypt(algorithm, key, new Uint8Array()); +})();`; + runInChild(t, childScript); +}, "Context is discarded in encrypt"); + +async_test((t) => { + const childScript = ` +(async () => { + let key = await crypto.subtle.generateKey( + {name: "AES-GCM", length: 128}, true, ["encrypt", "decrypt"]); + let algorithm = {name: "AES-GCM", iv: new Uint8Array(12)}; + let encrypted = await crypto.subtle.encrypt(algorithm, key, new Uint8Array()); + closeChildOnAccess(algorithm, "name"); + crypto.subtle.decrypt(algorithm, key, encrypted); +})();`; + runInChild(t, childScript); +}, "Context is discarded in decrypt"); + +async_test((t) => { + const childScript = ` +let algorithm = {name: "SHA-256"}; +closeChildOnAccess(algorithm, "name"); +crypto.subtle.digest(algorithm, new Uint8Array());`; + runInChild(t, childScript); +}, "Context is discarded in digest"); + +async_test((t) => { + const childScript = ` +(async () => { + let key = await crypto.subtle.generateKey( + {name: "ECDSA", namedCurve: "P-256"}, true, ["sign", "verify"]); + let algorithm = {name: "ECDSA", hash: "SHA-256"}; + closeChildOnAccess(algorithm, "name"); + crypto.subtle.sign(algorithm, key.privateKey, new Uint8Array()); +})();`; + runInChild(t, childScript); +}, "Context is discarded in sign"); + +async_test((t) => { + const childScript = ` +(async () => { + let key = await crypto.subtle.generateKey( + {name: "ECDSA", namedCurve: "P-256"}, true, ["sign", "verify"]); + let algorithm = {name: "ECDSA", hash: "SHA-256"}; + let data = new Uint8Array(); + let signature = await crypto.subtle.sign(algorithm, key.privateKey, data); + closeChildOnAccess(algorithm, "name"); + crypto.subtle.verify(algorithm, key.publicKey, signature, data); +})();`; + runInChild(t, childScript); +}, "Context is discarded in verify"); + +async_test((t) => { + const childScript = ` +(async () => { + let key = await crypto.subtle.importKey( + "raw", new Uint8Array(16), "HKDF", false, ["deriveBits"]); + let algorithm = { + name: "HKDF", + hash: "SHA-256", + salt: new Uint8Array(), + info: new Uint8Array(), + }; + closeChildOnAccess(algorithm, "name"); + crypto.subtle.deriveBits(algorithm, key, 16); +})();`; + runInChild(t, childScript); +}, "Context is discarded in deriveBits"); + +async_test((t) => { + const childScript = ` +(async () => { + let key = await crypto.subtle.importKey( + "raw", new Uint8Array(16), "HKDF", false, ["deriveKey"]); + let algorithm = { + name: "HKDF", + hash: "SHA-256", + salt: new Uint8Array(), + info: new Uint8Array(), + }; + let derivedAlgorithm = {name: "AES-GCM", length: 128}; + closeChildOnAccess(algorithm, "name"); + crypto.subtle.deriveKey(algorithm, key, derivedAlgorithm, true, + ["encrypt", "decrypt"]); +})();`; + runInChild(t, childScript); +}, "Context is discarded in deriveKey"); + +async_test((t) => { + const childScript = ` +(async () => { + let key = await crypto.subtle.importKey( + "raw", new Uint8Array(16), "HKDF", false, ["deriveKey"]); + let algorithm = { + name: "HKDF", + hash: "SHA-256", + salt: new Uint8Array(), + info: new Uint8Array(), + }; + let derivedAlgorithm = {name: "AES-GCM", length: 128}; + closeChildOnAccess(derivedAlgorithm, "name"); + crypto.subtle.deriveKey(algorithm, key, derivedAlgorithm, true, + ["encrypt", "decrypt"]); +})();`; + runInChild(t, childScript); +}, "Context is discarded in deriveKey (2)"); + +async_test((t) => { + const childScript = ` +(async () => { + let wrapKey = await crypto.subtle.generateKey( + {name: "AES-GCM", length: 128}, true, ["wrapKey", "unwrapKey"]); + let key = await crypto.subtle.generateKey( + {name: "AES-GCM", length: 128}, true, ["encrypt", "decrypt"]); + let wrapAlgorithm = {name: "AES-GCM", iv: new Uint8Array(12)}; + closeChildOnAccess(wrapAlgorithm, "name"); + crypto.subtle.wrapKey("raw", key, wrapKey, wrapAlgorithm); +})();`; + runInChild(t, childScript); +}, "Context is discarded in wrapKey"); + +async_test((t) => { + const childScript = ` +(async () => { + let wrapKey = await crypto.subtle.generateKey( + {name: "AES-GCM", length: 128}, true, ["wrapKey", "unwrapKey"]); + let keyAlgorithm = {name: "AES-GCM", length: 128}; + let keyUsages = ["encrypt", "decrypt"]; + let key = await crypto.subtle.generateKey(keyAlgorithm, true, keyUsages); + let wrapAlgorithm = {name: "AES-GCM", iv: new Uint8Array(12)}; + let wrapped = await crypto.subtle.wrapKey("raw", key, wrapKey, wrapAlgorithm); + closeChildOnAccess(wrapAlgorithm, "name"); + crypto.subtle.unwrapKey( + "raw", wrapped, wrapKey, wrapAlgorithm, keyAlgorithm, true, keyUsages); +})();`; + runInChild(t, childScript); +}, "Context is discarded in unwrapKey"); + +async_test((t) => { + const childScript = ` +(async () => { + let wrapKey = await crypto.subtle.generateKey( + {name: "AES-GCM", length: 128}, true, ["wrapKey", "unwrapKey"]); + let keyAlgorithm = {name: "AES-GCM", length: 128}; + let keyUsages = ["encrypt", "decrypt"]; + let key = await crypto.subtle.generateKey(keyAlgorithm, true, keyUsages); + let wrapAlgorithm = {name: "AES-GCM", iv: new Uint8Array(12)}; + let wrapped = await crypto.subtle.wrapKey("raw", key, wrapKey, wrapAlgorithm); + closeChildOnAccess(keyAlgorithm, "name"); + crypto.subtle.unwrapKey( + "raw", wrapped, wrapKey, wrapAlgorithm, keyAlgorithm, true, keyUsages); +})();`; + runInChild(t, childScript); +}, "Context is discarded in unwrapKey (2)"); diff --git a/test/fixtures/wpt/WebCryptoAPI/derive_bits_keys/cfrg_curves_bits.https.any.js b/test/fixtures/wpt/WebCryptoAPI/derive_bits_keys/cfrg_curves_bits.https.any.js new file mode 100644 index 00000000000000..afa7db845faaee --- /dev/null +++ b/test/fixtures/wpt/WebCryptoAPI/derive_bits_keys/cfrg_curves_bits.https.any.js @@ -0,0 +1,9 @@ +// META: title=WebCryptoAPI: deriveBits() Using ECDH with CFRG Elliptic Curves +// META: script=cfrg_curves_bits.js + +// Define subtests from a `promise_test` to ensure the harness does not +// complete before the subtests are available. `explicit_done` cannot be used +// for this purpose because the global `done` function is automatically invoked +// by the WPT infrastructure in dedicated worker tests defined using the +// "multi-global" pattern. +promise_test(define_tests, 'setup - define tests'); diff --git a/test/fixtures/wpt/WebCryptoAPI/derive_bits_keys/cfrg_curves_bits.js b/test/fixtures/wpt/WebCryptoAPI/derive_bits_keys/cfrg_curves_bits.js new file mode 100644 index 00000000000000..f467bc858cbba9 --- /dev/null +++ b/test/fixtures/wpt/WebCryptoAPI/derive_bits_keys/cfrg_curves_bits.js @@ -0,0 +1,245 @@ + +function define_tests() { + // May want to test prefixed implementations. + var subtle = self.crypto.subtle; + + var pkcs8 = { + "X25519": new Uint8Array([48, 46, 2, 1, 0, 48, 5, 6, 3, 43, 101, 110, 4, 34, 4, 32, 200, 131, 142, 118, 208, 87, 223, 183, 216, 201, 90, 105, 225, 56, 22, 10, 221, 99, 115, 253, 113, 164, 210, 118, 187, 86, 227, 168, 27, 100, 255, 97]), + "X448": new Uint8Array([48, 70, 2, 1, 0, 48, 5, 6, 3, 43, 101, 111, 4, 58, 4, 56, 88, 199, 210, 154, 62, 181, 25, 178, 157, 0, 207, 177, 145, 187, 100, 252, 109, 138, 66, 216, 241, 113, 118, 39, 43, 137, 242, 39, 45, 24, 25, 41, 92, 101, 37, 192, 130, 150, 113, 176, 82, 239, 7, 39, 83, 15, 24, 142, 49, 208, 204, 83, 191, 38, 146, 158]) + }; + + var spki = { + "X25519": new Uint8Array([48, 42, 48, 5, 6, 3, 43, 101, 110, 3, 33, 0, 28, 242, 177, 230, 2, 46, 197, 55, 55, 30, 215, 245, 62, 84, 250, 17, 84, 216, 62, 152, 235, 100, 234, 81, 250, 229, 179, 48, 124, 254, 151, 6]), + "X448": new Uint8Array([48, 66, 48, 5, 6, 3, 43, 101, 111, 3, 57, 0, 182, 4, 161, 209, 165, 205, 29, 148, 38, 213, 97, 239, 99, 10, 158, 177, 108, 190, 105, 213, 185, 202, 97, 94, 220, 83, 99, 62, 251, 82, 234, 49, 230, 230, 160, 161, 219, 172, 198, 231, 108, 188, 230, 72, 45, 126, 75, 163, 213, 93, 158, 128, 39, 101, 206, 111]) + }; + + var sizes = { + "X25519": 32, + "X448": 56 + }; + + var derivations = { + "X25519": new Uint8Array([39, 104, 64, 157, 250, 185, 158, 194, 59, 140, 137, 185, 63, 245, 136, 2, 149, 247, 97, 118, 8, 143, 137, 228, 61, 254, 190, 126, 161, 149, 0, 8]), + "X448": new Uint8Array([240, 246, 197, 241, 127, 148, 244, 41, 30, 171, 113, 120, 134, 109, 55, 236, 137, 6, 221, 108, 81, 65, 67, 220, 133, 190, 124, 242, 141, 239, 243, 155, 114, 110, 15, 109, 207, 129, 14, 181, 148, 220, 169, 123, 72, 130, 189, 68, 196, 62, 167, 220, 103, 244, 154, 78]) + }; + + return importKeys(pkcs8, spki, sizes) + .then(function(results) { + publicKeys = results.publicKeys; + privateKeys = results.privateKeys; + noDeriveBitsKeys = results.noDeriveBitsKeys; + + Object.keys(sizes).forEach(function(algorithmName) { + // Basic success case + promise_test(function(test) { + return subtle.deriveBits({name: algorithmName, public: publicKeys[algorithmName]}, privateKeys[algorithmName], 8 * sizes[algorithmName]) + .then(function(derivation) { + assert_true(equalBuffers(derivation, derivations[algorithmName]), "Derived correct bits"); + }, function(err) { + assert_unreached("deriveBits failed with error " + err.name + ": " + err.message); + }); + }, algorithmName + " good parameters"); + + // Case insensitivity check + promise_test(function(test) { + return subtle.deriveBits({name: algorithmName.toLowerCase(), public: publicKeys[algorithmName]}, privateKeys[algorithmName], 8 * sizes[algorithmName]) + .then(function(derivation) { + assert_true(equalBuffers(derivation, derivations[algorithmName]), "Derived correct bits"); + }, function(err) { + assert_unreached("deriveBits failed with error " + err.name + ": " + err.message); + }); + }, algorithmName + " mixed case parameters"); + + // Null length + promise_test(function(test) { + return subtle.deriveBits({name: algorithmName, public: publicKeys[algorithmName]}, privateKeys[algorithmName], null) + .then(function(derivation) { + assert_true(equalBuffers(derivation, derivations[algorithmName]), "Derived correct bits"); + }, function(err) { + assert_unreached("deriveBits failed with error " + err.name + ": " + err.message); + }); + }, algorithmName + " with null length"); + + // Shorter than entire derivation per algorithm + promise_test(function(test) { + return subtle.deriveBits({name: algorithmName, public: publicKeys[algorithmName]}, privateKeys[algorithmName], 8 * sizes[algorithmName] - 32) + .then(function(derivation) { + assert_true(equalBuffers(derivation, derivations[algorithmName], 8 * sizes[algorithmName] - 32), "Derived correct bits"); + }, function(err) { + assert_unreached("deriveBits failed with error " + err.name + ": " + err.message); + }); + }, algorithmName + " short result"); + + // Non-multiple of 8 + promise_test(function(test) { + return subtle.deriveBits({name: algorithmName, public: publicKeys[algorithmName]}, privateKeys[algorithmName], 8 * sizes[algorithmName] - 11) + .then(function(derivation) { + assert_true(equalBuffers(derivation, derivations[algorithmName], 8 * sizes[algorithmName] - 11), "Derived correct bits"); + }, function(err) { + assert_unreached("deriveBits failed with error " + err.name + ": " + err.message); + }); + }, algorithmName + " non-multiple of 8 bits"); + + // Errors to test: + + // - missing public property TypeError + promise_test(function(test) { + return subtle.deriveBits({name: algorithmName}, privateKeys[algorithmName], 8 * sizes[algorithmName]) + .then(function(derivation) { + assert_unreached("deriveBits succeeded but should have failed with TypeError"); + }, function(err) { + assert_equals(err.name, "TypeError", "Should throw correct error, not " + err.name + ": " + err.message); + }); + }, algorithmName + " missing public property"); + + // - Non CryptoKey public property TypeError + promise_test(function(test) { + return subtle.deriveBits({name: algorithmName, public: {message: "Not a CryptoKey"}}, privateKeys[algorithmName], 8 * sizes[algorithmName]) + .then(function(derivation) { + assert_unreached("deriveBits succeeded but should have failed with TypeError"); + }, function(err) { + assert_equals(err.name, "TypeError", "Should throw correct error, not " + err.name + ": " + err.message); + }); + }, algorithmName + " public property of algorithm is not a CryptoKey"); + + // - wrong algorithm + promise_test(function(test) { + publicKey = publicKeys["X25519"]; + if (algorithmName === "X25519") { + publicKey = publicKeys["X448"]; + } + return subtle.deriveBits({name: algorithmName, public: publicKey}, privateKeys[algorithmName], 8 * sizes[algorithmName]) + .then(function(derivation) { + assert_unreached("deriveBits succeeded but should have failed with InvalidAccessError"); + }, function(err) { + assert_equals(err.name, "InvalidAccessError", "Should throw correct error, not " + err.name + ": " + err.message); + }); + }, algorithmName + " mismatched algorithms"); + + // - No deriveBits usage in baseKey InvalidAccessError + promise_test(function(test) { + return subtle.deriveBits({name: algorithmName, public: publicKeys[algorithmName]}, noDeriveBitsKeys[algorithmName], 8 * sizes[algorithmName]) + .then(function(derivation) { + assert_unreached("deriveBits succeeded but should have failed with InvalidAccessError"); + }, function(err) { + assert_equals(err.name, "InvalidAccessError", "Should throw correct error, not " + err.name + ": " + err.message); + }); + }, algorithmName + " no deriveBits usage for base key"); + + // - Use public key for baseKey InvalidAccessError + promise_test(function(test) { + return subtle.deriveBits({name: algorithmName, public: publicKeys[algorithmName]}, publicKeys[algorithmName], 8 * sizes[algorithmName]) + .then(function(derivation) { + assert_unreached("deriveBits succeeded but should have failed with InvalidAccessError"); + }, function(err) { + assert_equals(err.name, "InvalidAccessError", "Should throw correct error, not " + err.name + ": " + err.message); + }); + }, algorithmName + " base key is not a private key"); + + // - Use private key for public property InvalidAccessError + promise_test(function(test) { + return subtle.deriveBits({name: algorithmName, public: privateKeys[algorithmName]}, privateKeys[algorithmName], 8 * sizes[algorithmName]) + .then(function(derivation) { + assert_unreached("deriveBits succeeded but should have failed with InvalidAccessError"); + }, function(err) { + assert_equals(err.name, "InvalidAccessError", "Should throw correct error, not " + err.name + ": " + err.message); + }); + }, algorithmName + " public property value is a private key"); + + // - Use secret key for public property InvalidAccessError + promise_test(function(test) { + return subtle.generateKey({name: "AES-CBC", length: 128}, true, ["encrypt", "decrypt"]) + .then(function(secretKey) { + subtle.deriveBits({name: algorithmName, public: secretKey}, privateKeys[algorithmName], 8 * sizes[algorithmName]) + .then(function(derivation) { + assert_unreached("deriveBits succeeded but should have failed with InvalidAccessError"); + }, function(err) { + assert_equals(err.name, "InvalidAccessError", "Should throw correct error, not " + err.name + ": " + err.message); + }); + }); + }, algorithmName + " public property value is a secret key"); + + // - Length greater than possible for particular curves OperationError + promise_test(function(test) { + return subtle.deriveBits({name: algorithmName, public: publicKeys[algorithmName]}, privateKeys[algorithmName], 8 * sizes[algorithmName] + 8) + .then(function(derivation) { + assert_unreached("deriveBits succeeded but should have failed with OperationError"); + }, function(err) { + assert_equals(err.name, "OperationError", "Should throw correct error, not " + err.name + ": " + err.message); + }); + }, algorithmName + " asking for too many bits"); + }); + }); + + function importKeys(pkcs8, spki, sizes) { + var privateKeys = {}; + var publicKeys = {}; + var noDeriveBitsKeys = {}; + + var promises = []; + Object.keys(pkcs8).forEach(function(algorithmName) { + var operation = subtle.importKey("pkcs8", pkcs8[algorithmName], + {name: algorithmName}, + false, ["deriveBits", "deriveKey"]) + .then(function(key) { + privateKeys[algorithmName] = key; + }); + promises.push(operation); + }); + Object.keys(pkcs8).forEach(function(algorithmName) { + var operation = subtle.importKey("pkcs8", pkcs8[algorithmName], + {name: algorithmName}, + false, ["deriveKey"]) + .then(function(key) { + noDeriveBitsKeys[algorithmName] = key; + }); + promises.push(operation); + }); + Object.keys(spki).forEach(function(algorithmName) { + var operation = subtle.importKey("spki", spki[algorithmName], + {name: algorithmName}, + false, []) + .then(function(key) { + publicKeys[algorithmName] = key; + }); + promises.push(operation); + }); + + return Promise.all(promises) + .then(function(results) {return {privateKeys: privateKeys, publicKeys: publicKeys, noDeriveBitsKeys: noDeriveBitsKeys}}); + } + + // Compares two ArrayBuffer or ArrayBufferView objects. If bitCount is + // omitted, the two values must be the same length and have the same contents + // in every byte. If bitCount is included, only that leading number of bits + // have to match. + function equalBuffers(a, b, bitCount) { + var remainder; + + if (typeof bitCount === "undefined" && a.byteLength !== b.byteLength) { + return false; + } + + var aBytes = new Uint8Array(a); + var bBytes = new Uint8Array(b); + + var length = a.byteLength; + if (typeof bitCount !== "undefined") { + length = Math.floor(bitCount / 8); + } + + for (var i=0; i> (8 - remainder) === bBytes[length] >> (8 - remainder); + } + + return true; + } + +} diff --git a/test/fixtures/wpt/WebCryptoAPI/derive_bits_keys/cfrg_curves_keys.https.any.js b/test/fixtures/wpt/WebCryptoAPI/derive_bits_keys/cfrg_curves_keys.https.any.js new file mode 100644 index 00000000000000..71fe87d9a874b7 --- /dev/null +++ b/test/fixtures/wpt/WebCryptoAPI/derive_bits_keys/cfrg_curves_keys.https.any.js @@ -0,0 +1,9 @@ +// META: title=WebCryptoAPI: deriveKey() Using ECDH with CFRG Elliptic Curves +// META: script=cfrg_curves_keys.js + +// Define subtests from a `promise_test` to ensure the harness does not +// complete before the subtests are available. `explicit_done` cannot be used +// for this purpose because the global `done` function is automatically invoked +// by the WPT infrastructure in dedicated worker tests defined using the +// "multi-global" pattern. +promise_test(define_tests, 'setup - define tests'); diff --git a/test/fixtures/wpt/WebCryptoAPI/derive_bits_keys/cfrg_curves_keys.js b/test/fixtures/wpt/WebCryptoAPI/derive_bits_keys/cfrg_curves_keys.js new file mode 100644 index 00000000000000..7819ae0bf83b64 --- /dev/null +++ b/test/fixtures/wpt/WebCryptoAPI/derive_bits_keys/cfrg_curves_keys.js @@ -0,0 +1,213 @@ + +function define_tests() { + // May want to test prefixed implementations. + var subtle = self.crypto.subtle; + + var pkcs8 = { + "X25519": new Uint8Array([48, 46, 2, 1, 0, 48, 5, 6, 3, 43, 101, 110, 4, 34, 4, 32, 200, 131, 142, 118, 208, 87, 223, 183, 216, 201, 90, 105, 225, 56, 22, 10, 221, 99, 115, 253, 113, 164, 210, 118, 187, 86, 227, 168, 27, 100, 255, 97]), + "X448": new Uint8Array([48, 70, 2, 1, 0, 48, 5, 6, 3, 43, 101, 111, 4, 58, 4, 56, 88, 199, 210, 154, 62, 181, 25, 178, 157, 0, 207, 177, 145, 187, 100, 252, 109, 138, 66, 216, 241, 113, 118, 39, 43, 137, 242, 39, 45, 24, 25, 41, 92, 101, 37, 192, 130, 150, 113, 176, 82, 239, 7, 39, 83, 15, 24, 142, 49, 208, 204, 83, 191, 38, 146, 158]) + }; + + var spki = { + "X25519": new Uint8Array([48, 42, 48, 5, 6, 3, 43, 101, 110, 3, 33, 0, 28, 242, 177, 230, 2, 46, 197, 55, 55, 30, 215, 245, 62, 84, 250, 17, 84, 216, 62, 152, 235, 100, 234, 81, 250, 229, 179, 48, 124, 254, 151, 6]), + "X448": new Uint8Array([48, 66, 48, 5, 6, 3, 43, 101, 111, 3, 57, 0, 182, 4, 161, 209, 165, 205, 29, 148, 38, 213, 97, 239, 99, 10, 158, 177, 108, 190, 105, 213, 185, 202, 97, 94, 220, 83, 99, 62, 251, 82, 234, 49, 230, 230, 160, 161, 219, 172, 198, 231, 108, 188, 230, 72, 45, 126, 75, 163, 213, 93, 158, 128, 39, 101, 206, 111]) + }; + + var sizes = { + "X25519": 32, + "X448": 56 + }; + + var derivations = { + "X25519": new Uint8Array([39, 104, 64, 157, 250, 185, 158, 194, 59, 140, 137, 185, 63, 245, 136, 2, 149, 247, 97, 118, 8, 143, 137, 228, 61, 254, 190, 126, 161, 149, 0, 8]), + "X448": new Uint8Array([240, 246, 197, 241, 127, 148, 244, 41, 30, 171, 113, 120, 134, 109, 55, 236, 137, 6, 221, 108, 81, 65, 67, 220, 133, 190, 124, 242, 141, 239, 243, 155, 114, 110, 15, 109, 207, 129, 14, 181, 148, 220, 169, 123, 72, 130, 189, 68, 196, 62, 167, 220, 103, 244, 154, 78]) + }; + + return importKeys(pkcs8, spki, sizes) + .then(function(results) { + publicKeys = results.publicKeys; + privateKeys = results.privateKeys; + noDeriveKeyKeys = results.noDeriveKeyKeys; + + Object.keys(sizes).forEach(function(algorithmName) { + // Basic success case + promise_test(function(test) { + return subtle.deriveKey({name: algorithmName, public: publicKeys[algorithmName]}, privateKeys[algorithmName], {name: "HMAC", hash: "SHA-256", length: 256}, true, ["sign", "verify"]) + .then(function(key) {return crypto.subtle.exportKey("raw", key);}) + .then(function(exportedKey) { + assert_true(equalBuffers(exportedKey, derivations[algorithmName], 8 * exportedKey.length), "Derived correct key"); + }, function(err) { + assert_unreached("deriveKey failed with error " + err.name + ": " + err.message); + }); + }, algorithmName + " good parameters"); + + // Case insensitivity check + promise_test(function(test) { + return subtle.deriveKey({name: algorithmName.toLowerCase(), public: publicKeys[algorithmName]}, privateKeys[algorithmName], {name: "HMAC", hash: "SHA-256", length: 256}, true, ["sign", "verify"]) + .then(function(key) {return crypto.subtle.exportKey("raw", key);}) + .then(function(exportedKey) { + assert_true(equalBuffers(exportedKey, derivations[algorithmName], 8 * exportedKey.length), "Derived correct key"); + }, function(err) { + assert_unreached("deriveKey failed with error " + err.name + ": " + err.message); + }); + }, algorithmName + " mixed case parameters"); + // Errors to test: + + // - missing public property TypeError + promise_test(function(test) { + return subtle.deriveKey({name: algorithmName}, privateKeys[algorithmName], {name: "HMAC", hash: "SHA-256", length: 256}, true, ["sign", "verify"]) + .then(function(key) {return crypto.subtle.exportKey("raw", key);}) + .then(function(exportedKey) { + assert_unreached("deriveKey succeeded but should have failed with TypeError"); + }, function(err) { + assert_equals(err.name, "TypeError", "Should throw correct error, not " + err.name + ": " + err.message); + }); + }, algorithmName + " missing public property"); + + // - Non CryptoKey public property TypeError + promise_test(function(test) { + return subtle.deriveKey({name: algorithmName, public: {message: "Not a CryptoKey"}}, privateKeys[algorithmName], {name: "HMAC", hash: "SHA-256", length: 256}, true, ["sign", "verify"]) + .then(function(key) {return crypto.subtle.exportKey("raw", key);}) + .then(function(exportedKey) { + assert_unreached("deriveKey succeeded but should have failed with TypeError"); + }, function(err) { + assert_equals(err.name, "TypeError", "Should throw correct error, not " + err.name + ": " + err.message); + }); + }, algorithmName + " public property of algorithm is not a CryptoKey"); + + // - wrong algorithm + promise_test(function(test) { + publicKey = publicKeys["X25519"]; + if (algorithmName === "X25519") { + publicKey = publicKeys["X448"]; + } + return subtle.deriveKey({name: algorithmName, public: publicKey}, privateKeys[algorithmName], {name: "HMAC", hash: "SHA-256", length: 256}, true, ["sign", "verify"]) + .then(function(key) {return crypto.subtle.exportKey("raw", key);}) + .then(function(exportedKey) { + assert_unreached("deriveKey succeeded but should have failed with InvalidAccessError"); + }, function(err) { + assert_equals(err.name, "InvalidAccessError", "Should throw correct error, not " + err.name + ": " + err.message); + }); + }, algorithmName + " mismatched algorithms"); + + // - No deriveKey usage in baseKey InvalidAccessError + promise_test(function(test) { + return subtle.deriveKey({name: algorithmName, public: publicKeys[algorithmName]}, noDeriveKeyKeys[algorithmName], {name: "HMAC", hash: "SHA-256", length: 256}, true, ["sign", "verify"]) + .then(function(key) {return crypto.subtle.exportKey("raw", key);}) + .then(function(exportedKey) { + assert_unreached("deriveKey succeeded but should have failed with InvalidAccessError"); + }, function(err) { + assert_equals(err.name, "InvalidAccessError", "Should throw correct error, not " + err.name + ": " + err.message); + }); + }, algorithmName + " no deriveKey usage for base key"); + + // - Use public key for baseKey InvalidAccessError + promise_test(function(test) { + return subtle.deriveKey({name: algorithmName, public: publicKeys[algorithmName]}, publicKeys[algorithmName], {name: "HMAC", hash: "SHA-256", length: 256}, true, ["sign", "verify"]) + .then(function(key) {return crypto.subtle.exportKey("raw", key);}) + .then(function(exportedKey) { + assert_unreached("deriveKey succeeded but should have failed with InvalidAccessError"); + }, function(err) { + assert_equals(err.name, "InvalidAccessError", "Should throw correct error, not " + err.name + ": " + err.message); + }); + }, algorithmName + " base key is not a private key"); + + // - Use private key for public property InvalidAccessError + promise_test(function(test) { + return subtle.deriveKey({name: algorithmName, public: privateKeys[algorithmName]}, privateKeys[algorithmName], {name: "HMAC", hash: "SHA-256", length: 256}, true, ["sign", "verify"]) + .then(function(key) {return crypto.subtle.exportKey("raw", key);}) + .then(function(exportedKey) { + assert_unreached("deriveKey succeeded but should have failed with InvalidAccessError"); + }, function(err) { + assert_equals(err.name, "InvalidAccessError", "Should throw correct error, not " + err.name + ": " + err.message); + }); + }, algorithmName + " public property value is a private key"); + + // - Use secret key for public property InvalidAccessError + promise_test(function(test) { + return subtle.generateKey({name: "HMAC", hash: "SHA-256", length: 256}, true, ["sign", "verify"]) + .then(function(secretKey) { + subtle.deriveKey({name: algorithmName, public: secretKey}, privateKeys[algorithmName], {name: "AES-CBC", length: 256}, true, ["sign", "verify"]) + .then(function(key) {return crypto.subtle.exportKey("raw", key);}) + .then(function(exportedKey) { + assert_unreached("deriveKey succeeded but should have failed with InvalidAccessError"); + }, function(err) { + assert_equals(err.name, "InvalidAccessError", "Should throw correct error, not " + err.name + ": " + err.message); + }); + }); + }, algorithmName + " public property value is a secret key"); + }); + }); + + function importKeys(pkcs8, spki, sizes) { + var privateKeys = {}; + var publicKeys = {}; + var noDeriveKeyKeys = {}; + + var promises = []; + Object.keys(pkcs8).forEach(function(algorithmName) { + var operation = subtle.importKey("pkcs8", pkcs8[algorithmName], + {name: algorithmName}, + false, ["deriveBits", "deriveKey"]) + .then(function(key) { + privateKeys[algorithmName] = key; + }); + promises.push(operation); + }); + Object.keys(pkcs8).forEach(function(algorithmName) { + var operation = subtle.importKey("pkcs8", pkcs8[algorithmName], + {name: algorithmName}, + false, ["deriveBits"]) + .then(function(key) { + noDeriveKeyKeys[algorithmName] = key; + }); + promises.push(operation); + }); + Object.keys(spki).forEach(function(algorithmName) { + var operation = subtle.importKey("spki", spki[algorithmName], + {name: algorithmName}, + false, []) + .then(function(key) { + publicKeys[algorithmName] = key; + }); + promises.push(operation); + }); + + return Promise.all(promises) + .then(function(results) {return {privateKeys: privateKeys, publicKeys: publicKeys, noDeriveKeyKeys: noDeriveKeyKeys}}); + } + + // Compares two ArrayBuffer or ArrayBufferView objects. If bitCount is + // omitted, the two values must be the same length and have the same contents + // in every byte. If bitCount is included, only that leading number of bits + // have to match. + function equalBuffers(a, b, bitCount) { + var remainder; + + if (typeof bitCount === "undefined" && a.byteLength !== b.byteLength) { + return false; + } + + var aBytes = new Uint8Array(a); + var bBytes = new Uint8Array(b); + + var length = a.byteLength; + if (typeof bitCount !== "undefined") { + length = Math.floor(bitCount / 8); + } + + for (var i=0; i> (8 - remainder) === bBytes[length] >> (8 - remainder); + } + + return true; + } + +} diff --git a/test/fixtures/wpt/WebCryptoAPI/generateKey/failures.js b/test/fixtures/wpt/WebCryptoAPI/generateKey/failures.js index 23fb280182a040..c39e4d211cbdf4 100644 --- a/test/fixtures/wpt/WebCryptoAPI/generateKey/failures.js +++ b/test/fixtures/wpt/WebCryptoAPI/generateKey/failures.js @@ -31,7 +31,11 @@ function run_test(algorithmNames) { {name: "RSA-PSS", resultType: "CryptoKeyPair", usages: ["sign", "verify"], mandatoryUsages: ["sign"]}, {name: "RSA-OAEP", resultType: "CryptoKeyPair", usages: ["encrypt", "decrypt", "wrapKey", "unwrapKey"], mandatoryUsages: ["decrypt", "unwrapKey"]}, {name: "ECDSA", resultType: "CryptoKeyPair", usages: ["sign", "verify"], mandatoryUsages: ["sign"]}, - {name: "ECDH", resultType: "CryptoKeyPair", usages: ["deriveKey", "deriveBits"], mandatoryUsages: ["deriveKey", "deriveBits"]} + {name: "ECDH", resultType: "CryptoKeyPair", usages: ["deriveKey", "deriveBits"], mandatoryUsages: ["deriveKey", "deriveBits"]}, + {name: "Ed25519", resultType: "CryptoKeyPair", usages: ["sign", "verify"], mandatoryUsages: ["sign"]}, + {name: "Ed448", resultType: "CryptoKeyPair", usages: ["sign", "verify"], mandatoryUsages: ["sign"]}, + {name: "X25519", resultType: "CryptoKeyPair", usages: ["deriveKey", "deriveBits"], mandatoryUsages: ["deriveKey", "deriveBits"]}, + {name: "X448", resultType: "CryptoKeyPair", usages: ["deriveKey", "deriveBits"], mandatoryUsages: ["deriveKey", "deriveBits"]}, ]; var testVectors = []; diff --git a/test/fixtures/wpt/WebCryptoAPI/generateKey/failures_Ed25519.https.any.js b/test/fixtures/wpt/WebCryptoAPI/generateKey/failures_Ed25519.https.any.js new file mode 100644 index 00000000000000..8f18fb1efe0950 --- /dev/null +++ b/test/fixtures/wpt/WebCryptoAPI/generateKey/failures_Ed25519.https.any.js @@ -0,0 +1,5 @@ +// META: title=WebCryptoAPI: generateKey() for Failures +// META: timeout=long +// META: script=../util/helpers.js +// META: script=failures.js +run_test(["Ed25519"]); diff --git a/test/fixtures/wpt/WebCryptoAPI/generateKey/failures_Ed448.https.any.js b/test/fixtures/wpt/WebCryptoAPI/generateKey/failures_Ed448.https.any.js new file mode 100644 index 00000000000000..b25dcd14909410 --- /dev/null +++ b/test/fixtures/wpt/WebCryptoAPI/generateKey/failures_Ed448.https.any.js @@ -0,0 +1,5 @@ +// META: title=WebCryptoAPI: generateKey() for Failures +// META: timeout=long +// META: script=../util/helpers.js +// META: script=failures.js +run_test(["Ed448"]); diff --git a/test/fixtures/wpt/WebCryptoAPI/generateKey/failures_X25519.https.any.js b/test/fixtures/wpt/WebCryptoAPI/generateKey/failures_X25519.https.any.js new file mode 100644 index 00000000000000..2662d8697a9a6f --- /dev/null +++ b/test/fixtures/wpt/WebCryptoAPI/generateKey/failures_X25519.https.any.js @@ -0,0 +1,5 @@ +// META: title=WebCryptoAPI: generateKey() for Failures +// META: timeout=long +// META: script=../util/helpers.js +// META: script=failures.js +run_test(["X25519"]); diff --git a/test/fixtures/wpt/WebCryptoAPI/generateKey/failures_X448.https.any.js b/test/fixtures/wpt/WebCryptoAPI/generateKey/failures_X448.https.any.js new file mode 100644 index 00000000000000..455e260d1fe920 --- /dev/null +++ b/test/fixtures/wpt/WebCryptoAPI/generateKey/failures_X448.https.any.js @@ -0,0 +1,5 @@ +// META: title=WebCryptoAPI: generateKey() for Failures +// META: timeout=long +// META: script=../util/helpers.js +// META: script=failures.js +run_test(["X448"]); diff --git a/test/fixtures/wpt/WebCryptoAPI/generateKey/successes.js b/test/fixtures/wpt/WebCryptoAPI/generateKey/successes.js index b99e44d66d40f8..4a047aa0609d7a 100644 --- a/test/fixtures/wpt/WebCryptoAPI/generateKey/successes.js +++ b/test/fixtures/wpt/WebCryptoAPI/generateKey/successes.js @@ -26,7 +26,11 @@ function run_test(algorithmNames, slowTest) { {name: "RSA-PSS", resultType: "CryptoKeyPair", usages: ["sign", "verify"], mandatoryUsages: ["sign"]}, {name: "RSA-OAEP", resultType: "CryptoKeyPair", usages: ["encrypt", "decrypt", "wrapKey", "unwrapKey"], mandatoryUsages: ["decrypt", "unwrapKey"]}, {name: "ECDSA", resultType: "CryptoKeyPair", usages: ["sign", "verify"], mandatoryUsages: ["sign"]}, - {name: "ECDH", resultType: "CryptoKeyPair", usages: ["deriveKey", "deriveBits"], mandatoryUsages: ["deriveKey", "deriveBits"]} + {name: "ECDH", resultType: "CryptoKeyPair", usages: ["deriveKey", "deriveBits"], mandatoryUsages: ["deriveKey", "deriveBits"]}, + {name: "Ed25519", resultType: "CryptoKeyPair", usages: ["sign", "verify"], mandatoryUsages: ["sign"]}, + {name: "Ed448", resultType: "CryptoKeyPair", usages: ["sign", "verify"], mandatoryUsages: ["sign"]}, + {name: "X25519", resultType: "CryptoKeyPair", usages: ["deriveKey", "deriveBits"], mandatoryUsages: ["deriveKey", "deriveBits"]}, + {name: "X448", resultType: "CryptoKeyPair", usages: ["deriveKey", "deriveBits"], mandatoryUsages: ["deriveKey", "deriveBits"]}, ]; var testVectors = []; diff --git a/test/fixtures/wpt/WebCryptoAPI/generateKey/successes_Ed25519.https.any.js b/test/fixtures/wpt/WebCryptoAPI/generateKey/successes_Ed25519.https.any.js new file mode 100644 index 00000000000000..6b3bc460f60f2f --- /dev/null +++ b/test/fixtures/wpt/WebCryptoAPI/generateKey/successes_Ed25519.https.any.js @@ -0,0 +1,6 @@ +// META: title=WebCryptoAPI: generateKey() Successful Calls +// META: timeout=long +// META: script=../util/helpers.js +// META: script=/common/subset-tests.js +// META: script=successes.js +run_test(["Ed25519"]); diff --git a/test/fixtures/wpt/WebCryptoAPI/generateKey/successes_Ed448.https.any.js b/test/fixtures/wpt/WebCryptoAPI/generateKey/successes_Ed448.https.any.js new file mode 100644 index 00000000000000..8e37f57b244b58 --- /dev/null +++ b/test/fixtures/wpt/WebCryptoAPI/generateKey/successes_Ed448.https.any.js @@ -0,0 +1,6 @@ +// META: title=WebCryptoAPI: generateKey() Successful Calls +// META: timeout=long +// META: script=../util/helpers.js +// META: script=/common/subset-tests.js +// META: script=successes.js +run_test(["Ed448"]); diff --git a/test/fixtures/wpt/WebCryptoAPI/generateKey/successes_X25519.https.any.js b/test/fixtures/wpt/WebCryptoAPI/generateKey/successes_X25519.https.any.js new file mode 100644 index 00000000000000..0e87cf50108e69 --- /dev/null +++ b/test/fixtures/wpt/WebCryptoAPI/generateKey/successes_X25519.https.any.js @@ -0,0 +1,6 @@ +// META: title=WebCryptoAPI: generateKey() Successful Calls +// META: timeout=long +// META: script=../util/helpers.js +// META: script=/common/subset-tests.js +// META: script=successes.js +run_test(["X25519"]); diff --git a/test/fixtures/wpt/WebCryptoAPI/generateKey/successes_X448.https.any.js b/test/fixtures/wpt/WebCryptoAPI/generateKey/successes_X448.https.any.js new file mode 100644 index 00000000000000..e7dbe32696d8fe --- /dev/null +++ b/test/fixtures/wpt/WebCryptoAPI/generateKey/successes_X448.https.any.js @@ -0,0 +1,6 @@ +// META: title=WebCryptoAPI: generateKey() Successful Calls +// META: timeout=long +// META: script=../util/helpers.js +// META: script=/common/subset-tests.js +// META: script=successes.js +run_test(["X448"]); diff --git a/test/fixtures/wpt/WebCryptoAPI/getRandomValues.any.js b/test/fixtures/wpt/WebCryptoAPI/getRandomValues.any.js index a6762353798f43..1a3370ea13d2c0 100644 --- a/test/fixtures/wpt/WebCryptoAPI/getRandomValues.any.js +++ b/test/fixtures/wpt/WebCryptoAPI/getRandomValues.any.js @@ -8,12 +8,24 @@ test(function() { }, "Float64Array") assert_throws_dom("TypeMismatchError", function() { - self.crypto.getRandomValues(new Float32Array(65537)) + const len = 65536 / Float32Array.BYTES_PER_ELEMENT + 1; + self.crypto.getRandomValues(new Float32Array(len)); }, "Float32Array (too long)") assert_throws_dom("TypeMismatchError", function() { - self.crypto.getRandomValues(new Float64Array(65537)) + const len = 65536 / Float64Array.BYTES_PER_ELEMENT + 1; + self.crypto.getRandomValues(new Float64Array(len)) }, "Float64Array (too long)") -}, "Float arrays") +}, "Float arrays"); + +test(function() { + assert_throws_dom("TypeMismatchError", function() { + self.crypto.getRandomValues(new DataView(new ArrayBuffer(6))) + }, "DataView") + + assert_throws_dom("TypeMismatchError", function() { + self.crypto.getRandomValues(new DataView(new ArrayBuffer(65536 + 1))) + }, "DataView (too long)") +}, "DataView"); const arrays = [ 'Int8Array', diff --git a/test/fixtures/wpt/WebCryptoAPI/import_export/okp_importKey.https.any.js b/test/fixtures/wpt/WebCryptoAPI/import_export/okp_importKey.https.any.js new file mode 100644 index 00000000000000..836d6eaa305710 --- /dev/null +++ b/test/fixtures/wpt/WebCryptoAPI/import_export/okp_importKey.https.any.js @@ -0,0 +1,282 @@ +// META: title=WebCryptoAPI: importKey() for OKP keys +// META: timeout=long + +// Test importKey and exportKey for OKP algorithms. Only "happy paths" are +// currently tested - those where the operation should succeed. + + var subtle = crypto.subtle; + + var keyData = { + "Ed25519": { + spki: new Uint8Array([48, 42, 48, 5, 6, 3, 43, 101, 112, 3, 33, 0, 216, 225, 137, 99, 216, 9, 212, 135, 217, 84, 154, 204, 174, 198, 116, 46, 126, 235, 162, 77, 138, 13, 59, 20, 183, 227, 202, 234, 6, 137, 61, 204]), + pkcs8: new Uint8Array([48, 46, 2, 1, 0, 48, 5, 6, 3, 43, 101, 112, 4, 34, 4, 32, 243, 200, 244, 196, 141, 248, 120, 20, 110, 140, 211, 191, 109, 244, 229, 14, 56, 155, 167, 7, 78, 21, 194, 53, 45, 205, 93, 48, 141, 76, 168, 31]), + jwk: { + crv: "Ed25519", + d: "88j0xI34eBRujNO_bfTlDjibpwdOFcI1Lc1dMI1MqB8", + x: "2OGJY9gJ1IfZVJrMrsZ0Ln7rok2KDTsUt-PK6gaJPcw", + kty: "OKP" + } + }, + + "Ed448": { + spki: new Uint8Array([48, 67, 48, 5, 6, 3, 43, 101, 113, 3, 58, 0, 171, 75, 184, 133, 253, 125, 44, 90, 242, 78, 131, 113, 12, 255, 160, 199, 74, 87, 226, 116, 128, 29, 178, 5, 123, 11, 220, 94, 160, 50, 182, 254, 107, 199, 139, 128, 69, 54, 90, 235, 38, 232, 110, 31, 20, 253, 52, 157, 7, 196, 132, 149, 245, 164, 106, 90, 128]), + pkcs8: new Uint8Array([48, 71, 2, 1, 0, 48, 5, 6, 3, 43, 101, 113, 4, 59, 4, 57, 14, 255, 3, 69, 140, 40, 224, 23, 156, 82, 29, 227, 18, 201, 105, 183, 131, 67, 72, 236, 171, 153, 26, 96, 227, 178, 233, 167, 158, 76, 217, 228, 128, 239, 41, 23, 18, 210, 200, 61, 4, 114, 114, 213, 201, 244, 40, 102, 79, 105, 109, 38, 112, 69, 143, 29, 46]), + jwk: { + crv: "Ed448", + d: "Dv8DRYwo4BecUh3jEslpt4NDSOyrmRpg47Lpp55M2eSA7ykXEtLIPQRyctXJ9ChmT2ltJnBFjx0u", + x: "q0u4hf19LFryToNxDP-gx0pX4nSAHbIFewvcXqAytv5rx4uARTZa6ybobh8U_TSdB8SElfWkalqA", + kty: "OKP" + } + }, + + "X25519": { + spki: new Uint8Array([48, 42, 48, 5, 6, 3, 43, 101, 110, 3, 33, 0, 28, 242, 177, 230, 2, 46, 197, 55, 55, 30, 215, 245, 62, 84, 250, 17, 84, 216, 62, 152, 235, 100, 234, 81, 250, 229, 179, 48, 124, 254, 151, 6]), + pkcs8: new Uint8Array([48, 46, 2, 1, 0, 48, 5, 6, 3, 43, 101, 110, 4, 34, 4, 32, 200, 131, 142, 118, 208, 87, 223, 183, 216, 201, 90, 105, 225, 56, 22, 10, 221, 99, 115, 253, 113, 164, 210, 118, 187, 86, 227, 168, 27, 100, 255, 97]), + jwk: { + crv: "X25519", + d: "yIOOdtBX37fYyVpp4TgWCt1jc_1xpNJ2u1bjqBtk_2E", + x: "HPKx5gIuxTc3Htf1PlT6EVTYPpjrZOpR-uWzMHz-lwY", + kty: "OKP" + } + }, + + "X448": { + spki: new Uint8Array([48, 66, 48, 5, 6, 3, 43, 101, 111, 3, 57, 0, 182, 4, 161, 209, 165, 205, 29, 148, 38, 213, 97, 239, 99, 10, 158, 177, 108, 190, 105, 213, 185, 202, 97, 94, 220, 83, 99, 62, 251, 82, 234, 49, 230, 230, 160, 161, 219, 172, 198, 231, 108, 188, 230, 72, 45, 126, 75, 163, 213, 93, 158, 128, 39, 101, 206, 111]), + pkcs8: new Uint8Array([48, 70, 2, 1, 0, 48, 5, 6, 3, 43, 101, 111, 4, 58, 4, 56, 88, 199, 210, 154, 62, 181, 25, 178, 157, 0, 207, 177, 145, 187, 100, 252, 109, 138, 66, 216, 241, 113, 118, 39, 43, 137, 242, 39, 45, 24, 25, 41, 92, 101, 37, 192, 130, 150, 113, 176, 82, 239, 7, 39, 83, 15, 24, 142, 49, 208, 204, 83, 191, 38, 146, 158]), + jwk: { + crv: "X448", + d: "WMfSmj61GbKdAM-xkbtk_G2KQtjxcXYnK4nyJy0YGSlcZSXAgpZxsFLvBydTDxiOMdDMU78mkp4", + x: "tgSh0aXNHZQm1WHvYwqesWy-adW5ymFe3FNjPvtS6jHm5qCh26zG52y85kgtfkuj1V2egCdlzm8", + kty: "OKP" + } + }, + + }; + + // combinations to test + var testVectors = [ + {name: "Ed25519", privateUsages: ["sign"], publicUsages: ["verify"]}, + {name: "Ed448", privateUsages: ["sign"], publicUsages: ["verify"]}, + {name: "X25519", privateUsages: ["deriveKey", "deriveBits"], publicUsages: []}, + {name: "X448", privateUsages: ["deriveKey", "deriveBits"], publicUsages: []}, + ]; + + // TESTS ARE HERE: + // Test every test vector, along with all available key data + testVectors.forEach(function(vector) { + [true, false].forEach(function(extractable) { + + // Test public keys first + [[]].forEach(function(usages) { // Only valid usages argument is empty array + ['spki', 'jwk'].forEach(function(format) { + var algorithm = {name: vector.name}; + var data = keyData[vector.name]; + if (format === "jwk") { // Not all fields used for public keys + data = {jwk: {kty: keyData[vector.name].jwk.kty, crv: keyData[vector.name].jwk.crv, x: keyData[vector.name].jwk.x}}; + } + + testFormat(format, algorithm, data, vector.name, usages, extractable); + }); + + }); + + // Next, test private keys + allValidUsages(vector.privateUsages, []).forEach(function(usages) { + ['pkcs8', 'jwk'].forEach(function(format) { + var algorithm = {name: vector.name}; + var data = keyData[vector.name]; + + testFormat(format, algorithm, data, vector.name, usages, extractable); + }); + }); + }); + }); + + + // Test importKey with a given key format and other parameters. If + // extrable is true, export the key and verify that it matches the input. + function testFormat(format, algorithm, keyData, keySize, usages, extractable) { + promise_test(function(test) { + return subtle.importKey(format, keyData[format], algorithm, extractable, usages). + then(function(key) { + assert_equals(key.constructor, CryptoKey, "Imported a CryptoKey object"); + if (!extractable) { + return; + } + + return subtle.exportKey(format, key). + then(function(result) { + if (format !== "jwk") { + assert_true(equalBuffers(keyData[format], result), "Round trip works"); + } else { + assert_true(equalJwk(keyData[format], result), "Round trip works"); + } + }, function(err) { + assert_unreached("Threw an unexpected error: " + err.toString()); + }); + }, function(err) { + assert_unreached("Threw an unexpected error: " + err.toString()); + }); + }, "Good parameters: " + keySize.toString() + " bits " + parameterString(format, keyData[format], algorithm, extractable, usages)); + } + + + + // Helper methods follow: + + // Are two array buffers the same? + function equalBuffers(a, b) { + if (a.byteLength !== b.byteLength) { + return false; + } + + var aBytes = new Uint8Array(a); + var bBytes = new Uint8Array(b); + + for (var i=0; i 0) { + allNonemptySubsetsOf(remainingElements).forEach(function(combination) { + combination.push(firstElement); + results.push(combination); + }); + } + } + + return results; + } + + // Return a list of all valid usage combinations, given the possible ones + // and the ones that are required for a particular operation. + function allValidUsages(possibleUsages, requiredUsages) { + var allUsages = []; + + allNonemptySubsetsOf(possibleUsages).forEach(function(usage) { + for (var i=0; i= 1 && <= 9007199254740991. Received 0 expected \"OperationError\" but got \"RangeError\"", + "assert_equals: derivekey with 0 iterations correctly threw OperationError: The value of \"algorithm.iterations\" is out of range. It must be >= 1 && <= 9007199254740991. Received 0 expected \"OperationError\" but got \"RangeError\"", + "assert_unreached: deriveBits failed with error TypeError: The \"baseKey\" argument must be an instance of CryptoKey. Received null Reached unreachable code", + "assert_unreached: deriveKey failed with error TypeError: The \"baseKey\" argument must be an instance of CryptoKey. Received null Reached unreachable code", + "assert_equals: deriveKey with missing deriveKey usage correctly threw InvalidAccessError: The \"baseKey\" argument must be an instance of CryptoKey. Received null expected \"InvalidAccessError\" but got \"TypeError\"", + "assert_equals: deriveBits with null length correctly threw OperationError: The \"baseKey\" argument must be an instance of CryptoKey. Received null expected \"OperationError\" but got \"TypeError\"", + "assert_equals: deriveBits with 0 length correctly threw OperationError: The \"baseKey\" argument must be an instance of CryptoKey. Received null expected \"OperationError\" but got \"TypeError\"", + "assert_equals: deriveBits with non-multiple of 8 length correctly threw OperationError: The \"baseKey\" argument must be an instance of CryptoKey. Received null expected \"OperationError\" but got \"TypeError\"", + "assert_equals: deriveBits with missing deriveBits usage correctly threw InvalidAccessError: The \"baseKey\" argument must be an instance of CryptoKey. Received null expected \"InvalidAccessError\" but got \"TypeError\"", + "assert_equals: deriveBits with 0 iterations correctly threw OperationError: The \"baseKey\" argument must be an instance of CryptoKey. Received null expected \"OperationError\" but got \"TypeError\"", + "assert_equals: derivekey with 0 iterations correctly threw OperationError: The \"baseKey\" argument must be an instance of CryptoKey. Received null expected \"OperationError\" but got \"TypeError\"" + ] + } }, - "historical.any.js": { - "fail": "expected (undefined) undefined but got..." + "generateKey/failures_RSA-OAEP.https.any.js": { + "fail": { + "expected": [ + "assert_equals: Bad algorithm property not supported expected \"OperationError\" but got \"SyntaxError\"" + ] + } }, - "idlharness.https.any.js": { - "fail": "Various non-IDL-compliant things" + "encrypt_decrypt/rsa_oaep.https.any.js": { + "fail": { + "expected": [ + "assert_equals: Should throw OperationError instead of error:0200006E:rsa routines::data too large for key size expected \"OperationError\" but got \"Error\"" + ] + } } } - diff --git a/test/wpt/test-webcrypto.js b/test/wpt/test-webcrypto.js index c1ee6402c5a75c..f90ffa9ad5316b 100644 --- a/test/wpt/test-webcrypto.js +++ b/test/wpt/test-webcrypto.js @@ -11,4 +11,8 @@ const runner = new WPTRunner('WebCryptoAPI'); // Set Node.js flags required for the tests. runner.setFlags(['--experimental-global-webcrypto']); +runner.setInitScript(` + global.location = {}; +`); + runner.runJsTests();