11cb0ef41Sopenharmony_ci'use strict'; 21cb0ef41Sopenharmony_ci 31cb0ef41Sopenharmony_ciconst common = require('../common'); 41cb0ef41Sopenharmony_ci 51cb0ef41Sopenharmony_ciif (!common.hasCrypto) 61cb0ef41Sopenharmony_ci common.skip('missing crypto'); 71cb0ef41Sopenharmony_ci 81cb0ef41Sopenharmony_ciconst assert = require('assert'); 91cb0ef41Sopenharmony_ciconst { subtle } = require('crypto').webcrypto; 101cb0ef41Sopenharmony_ci 111cb0ef41Sopenharmony_ciconst rsa_pkcs = require('../fixtures/crypto/rsa_pkcs'); 121cb0ef41Sopenharmony_ciconst rsa_pss = require('../fixtures/crypto/rsa_pss'); 131cb0ef41Sopenharmony_ci 141cb0ef41Sopenharmony_ciasync function testVerify({ 151cb0ef41Sopenharmony_ci algorithm, 161cb0ef41Sopenharmony_ci hash, 171cb0ef41Sopenharmony_ci publicKeyBuffer, 181cb0ef41Sopenharmony_ci privateKeyBuffer, 191cb0ef41Sopenharmony_ci signature, 201cb0ef41Sopenharmony_ci plaintext, 211cb0ef41Sopenharmony_ci}) { 221cb0ef41Sopenharmony_ci const [ 231cb0ef41Sopenharmony_ci publicKey, 241cb0ef41Sopenharmony_ci noVerifyPublicKey, 251cb0ef41Sopenharmony_ci privateKey, 261cb0ef41Sopenharmony_ci hmacKey, 271cb0ef41Sopenharmony_ci ecdsaKeys, 281cb0ef41Sopenharmony_ci ] = await Promise.all([ 291cb0ef41Sopenharmony_ci subtle.importKey( 301cb0ef41Sopenharmony_ci 'spki', 311cb0ef41Sopenharmony_ci publicKeyBuffer, 321cb0ef41Sopenharmony_ci { name: algorithm.name, hash }, 331cb0ef41Sopenharmony_ci false, 341cb0ef41Sopenharmony_ci ['verify']), 351cb0ef41Sopenharmony_ci subtle.importKey( 361cb0ef41Sopenharmony_ci 'spki', 371cb0ef41Sopenharmony_ci publicKeyBuffer, 381cb0ef41Sopenharmony_ci { name: algorithm.name, hash }, 391cb0ef41Sopenharmony_ci false, 401cb0ef41Sopenharmony_ci [ /* No usages */ ]), 411cb0ef41Sopenharmony_ci subtle.importKey( 421cb0ef41Sopenharmony_ci 'pkcs8', 431cb0ef41Sopenharmony_ci privateKeyBuffer, 441cb0ef41Sopenharmony_ci { name: algorithm.name, hash }, 451cb0ef41Sopenharmony_ci false, 461cb0ef41Sopenharmony_ci ['sign']), 471cb0ef41Sopenharmony_ci subtle.generateKey( 481cb0ef41Sopenharmony_ci { name: 'HMAC', hash: 'SHA-256' }, 491cb0ef41Sopenharmony_ci false, 501cb0ef41Sopenharmony_ci ['sign']), 511cb0ef41Sopenharmony_ci subtle.generateKey( 521cb0ef41Sopenharmony_ci { 531cb0ef41Sopenharmony_ci name: 'ECDSA', 541cb0ef41Sopenharmony_ci namedCurve: 'P-521', 551cb0ef41Sopenharmony_ci hash: 'SHA-256', 561cb0ef41Sopenharmony_ci }, 571cb0ef41Sopenharmony_ci false, 581cb0ef41Sopenharmony_ci ['sign']), 591cb0ef41Sopenharmony_ci ]); 601cb0ef41Sopenharmony_ci 611cb0ef41Sopenharmony_ci assert(await subtle.verify(algorithm, publicKey, signature, plaintext)); 621cb0ef41Sopenharmony_ci 631cb0ef41Sopenharmony_ci // Test verification with altered buffers 641cb0ef41Sopenharmony_ci const copy = Buffer.from(plaintext); 651cb0ef41Sopenharmony_ci const sigcopy = Buffer.from(signature); 661cb0ef41Sopenharmony_ci const p = subtle.verify(algorithm, publicKey, sigcopy, copy); 671cb0ef41Sopenharmony_ci copy[0] = 255 - copy[0]; 681cb0ef41Sopenharmony_ci sigcopy[0] = 255 - sigcopy[0]; 691cb0ef41Sopenharmony_ci assert(await p); 701cb0ef41Sopenharmony_ci 711cb0ef41Sopenharmony_ci // Test failure when using wrong key 721cb0ef41Sopenharmony_ci await assert.rejects( 731cb0ef41Sopenharmony_ci subtle.verify(algorithm, privateKey, signature, plaintext), { 741cb0ef41Sopenharmony_ci message: /Unable to use this key to verify/ 751cb0ef41Sopenharmony_ci }); 761cb0ef41Sopenharmony_ci 771cb0ef41Sopenharmony_ci await assert.rejects( 781cb0ef41Sopenharmony_ci subtle.verify(algorithm, noVerifyPublicKey, signature, plaintext), { 791cb0ef41Sopenharmony_ci message: /Unable to use this key to verify/ 801cb0ef41Sopenharmony_ci }); 811cb0ef41Sopenharmony_ci 821cb0ef41Sopenharmony_ci // Test failure when using the wrong algorithms 831cb0ef41Sopenharmony_ci await assert.rejects( 841cb0ef41Sopenharmony_ci subtle.verify(algorithm, hmacKey, signature, plaintext), { 851cb0ef41Sopenharmony_ci message: /Unable to use this key to verify/ 861cb0ef41Sopenharmony_ci }); 871cb0ef41Sopenharmony_ci 881cb0ef41Sopenharmony_ci await assert.rejects( 891cb0ef41Sopenharmony_ci subtle.verify(algorithm, ecdsaKeys.publicKey, signature, plaintext), { 901cb0ef41Sopenharmony_ci message: /Unable to use this key to verify/ 911cb0ef41Sopenharmony_ci }); 921cb0ef41Sopenharmony_ci 931cb0ef41Sopenharmony_ci // Test failure when signature is altered 941cb0ef41Sopenharmony_ci { 951cb0ef41Sopenharmony_ci const copy = Buffer.from(signature); 961cb0ef41Sopenharmony_ci copy[0] = 255 - copy[0]; 971cb0ef41Sopenharmony_ci assert(!(await subtle.verify(algorithm, publicKey, copy, plaintext))); 981cb0ef41Sopenharmony_ci assert(!(await subtle.verify( 991cb0ef41Sopenharmony_ci algorithm, 1001cb0ef41Sopenharmony_ci publicKey, 1011cb0ef41Sopenharmony_ci copy.slice(1), 1021cb0ef41Sopenharmony_ci plaintext))); 1031cb0ef41Sopenharmony_ci } 1041cb0ef41Sopenharmony_ci 1051cb0ef41Sopenharmony_ci // Test failure when data is altered 1061cb0ef41Sopenharmony_ci { 1071cb0ef41Sopenharmony_ci const copy = Buffer.from(plaintext); 1081cb0ef41Sopenharmony_ci copy[0] = 255 - copy[0]; 1091cb0ef41Sopenharmony_ci assert(!(await subtle.verify(algorithm, publicKey, signature, copy))); 1101cb0ef41Sopenharmony_ci } 1111cb0ef41Sopenharmony_ci 1121cb0ef41Sopenharmony_ci // Test failure when wrong hash is used 1131cb0ef41Sopenharmony_ci { 1141cb0ef41Sopenharmony_ci const otherhash = hash === 'SHA-1' ? 'SHA-256' : 'SHA-1'; 1151cb0ef41Sopenharmony_ci const keyWithOtherHash = await subtle.importKey( 1161cb0ef41Sopenharmony_ci 'spki', 1171cb0ef41Sopenharmony_ci publicKeyBuffer, 1181cb0ef41Sopenharmony_ci { name: algorithm.name, hash: otherhash }, 1191cb0ef41Sopenharmony_ci false, 1201cb0ef41Sopenharmony_ci ['verify']); 1211cb0ef41Sopenharmony_ci assert(!(await subtle.verify(algorithm, keyWithOtherHash, signature, plaintext))); 1221cb0ef41Sopenharmony_ci } 1231cb0ef41Sopenharmony_ci} 1241cb0ef41Sopenharmony_ci 1251cb0ef41Sopenharmony_ciasync function testSign({ 1261cb0ef41Sopenharmony_ci algorithm, 1271cb0ef41Sopenharmony_ci hash, 1281cb0ef41Sopenharmony_ci publicKeyBuffer, 1291cb0ef41Sopenharmony_ci privateKeyBuffer, 1301cb0ef41Sopenharmony_ci signature, 1311cb0ef41Sopenharmony_ci plaintext, 1321cb0ef41Sopenharmony_ci}) { 1331cb0ef41Sopenharmony_ci const [ 1341cb0ef41Sopenharmony_ci publicKey, 1351cb0ef41Sopenharmony_ci privateKey, 1361cb0ef41Sopenharmony_ci hmacKey, 1371cb0ef41Sopenharmony_ci ecdsaKeys, 1381cb0ef41Sopenharmony_ci ] = await Promise.all([ 1391cb0ef41Sopenharmony_ci subtle.importKey( 1401cb0ef41Sopenharmony_ci 'spki', 1411cb0ef41Sopenharmony_ci publicKeyBuffer, 1421cb0ef41Sopenharmony_ci { name: algorithm.name, hash }, 1431cb0ef41Sopenharmony_ci false, 1441cb0ef41Sopenharmony_ci ['verify']), 1451cb0ef41Sopenharmony_ci subtle.importKey( 1461cb0ef41Sopenharmony_ci 'pkcs8', 1471cb0ef41Sopenharmony_ci privateKeyBuffer, 1481cb0ef41Sopenharmony_ci { name: algorithm.name, hash }, 1491cb0ef41Sopenharmony_ci false, 1501cb0ef41Sopenharmony_ci ['sign']), 1511cb0ef41Sopenharmony_ci subtle.generateKey( 1521cb0ef41Sopenharmony_ci { name: 'HMAC', hash: 'SHA-256' }, 1531cb0ef41Sopenharmony_ci false, 1541cb0ef41Sopenharmony_ci ['sign']), 1551cb0ef41Sopenharmony_ci subtle.generateKey( 1561cb0ef41Sopenharmony_ci { 1571cb0ef41Sopenharmony_ci name: 'ECDSA', 1581cb0ef41Sopenharmony_ci namedCurve: 'P-521', 1591cb0ef41Sopenharmony_ci hash: 'SHA-256', 1601cb0ef41Sopenharmony_ci }, 1611cb0ef41Sopenharmony_ci false, 1621cb0ef41Sopenharmony_ci ['sign']), 1631cb0ef41Sopenharmony_ci ]); 1641cb0ef41Sopenharmony_ci 1651cb0ef41Sopenharmony_ci { 1661cb0ef41Sopenharmony_ci const sig = await subtle.sign(algorithm, privateKey, plaintext); 1671cb0ef41Sopenharmony_ci assert.strictEqual(sig.byteLength, signature.byteLength); 1681cb0ef41Sopenharmony_ci assert(await subtle.verify(algorithm, publicKey, sig, plaintext)); 1691cb0ef41Sopenharmony_ci } 1701cb0ef41Sopenharmony_ci 1711cb0ef41Sopenharmony_ci { 1721cb0ef41Sopenharmony_ci const copy = Buffer.from(plaintext); 1731cb0ef41Sopenharmony_ci const p = subtle.sign(algorithm, privateKey, copy); 1741cb0ef41Sopenharmony_ci copy[0] = 255 - copy[0]; 1751cb0ef41Sopenharmony_ci const sig = await p; 1761cb0ef41Sopenharmony_ci assert(await subtle.verify(algorithm, publicKey, sig, plaintext)); 1771cb0ef41Sopenharmony_ci } 1781cb0ef41Sopenharmony_ci 1791cb0ef41Sopenharmony_ci // Test failure when using wrong key 1801cb0ef41Sopenharmony_ci await assert.rejects( 1811cb0ef41Sopenharmony_ci subtle.sign(algorithm, publicKey, plaintext), { 1821cb0ef41Sopenharmony_ci message: /Unable to use this key to sign/ 1831cb0ef41Sopenharmony_ci }); 1841cb0ef41Sopenharmony_ci 1851cb0ef41Sopenharmony_ci // Test failure when using the wrong algorithms 1861cb0ef41Sopenharmony_ci await assert.rejects( 1871cb0ef41Sopenharmony_ci subtle.sign(algorithm, hmacKey, plaintext), { 1881cb0ef41Sopenharmony_ci message: /Unable to use this key to sign/ 1891cb0ef41Sopenharmony_ci }); 1901cb0ef41Sopenharmony_ci 1911cb0ef41Sopenharmony_ci await assert.rejects( 1921cb0ef41Sopenharmony_ci subtle.sign(algorithm, ecdsaKeys.privateKey, plaintext), { 1931cb0ef41Sopenharmony_ci message: /Unable to use this key to sign/ 1941cb0ef41Sopenharmony_ci }); 1951cb0ef41Sopenharmony_ci} 1961cb0ef41Sopenharmony_ci 1971cb0ef41Sopenharmony_ci(async function() { 1981cb0ef41Sopenharmony_ci const variations = []; 1991cb0ef41Sopenharmony_ci 2001cb0ef41Sopenharmony_ci rsa_pkcs().forEach((vector) => { 2011cb0ef41Sopenharmony_ci variations.push(testVerify(vector)); 2021cb0ef41Sopenharmony_ci variations.push(testSign(vector)); 2031cb0ef41Sopenharmony_ci }); 2041cb0ef41Sopenharmony_ci rsa_pss().forEach((vector) => { 2051cb0ef41Sopenharmony_ci variations.push(testVerify(vector)); 2061cb0ef41Sopenharmony_ci variations.push(testSign(vector)); 2071cb0ef41Sopenharmony_ci }); 2081cb0ef41Sopenharmony_ci 2091cb0ef41Sopenharmony_ci await Promise.all(variations); 2101cb0ef41Sopenharmony_ci})().then(common.mustCall()); 211