This repository has been archived on 2023-04-04. You can view files and clone it, but cannot push or open issues or pull requests.
webcrypto/packages/pkcs11/test/subtle.spec.ts

89 lines
3.7 KiB
TypeScript
Raw Permalink Normal View History

2022-05-23 21:09:26 +00:00
import * as types from "@peculiar/webcrypto-types";
import * as assert from "assert";
import * as graphene from "graphene-pk11";
import { ID_DIGEST } from "../src/const";
import { CryptoKey } from "../src/key";
import { crypto } from "./config";
context("Subtle", () => {
async function getId(publicKey: types.CryptoKey) {
const raw = await crypto.subtle.exportKey("spki", publicKey);
const hash = await (await crypto.subtle.digest(ID_DIGEST, raw)).slice(0, 16);
return Buffer.from(hash).toString("hex");
}
context("key must have id equals to SHA-1 of public key raw", () => {
context("generate key", () => {
before(async () => {
crypto.keyStorage.clear();
});
after(async () => {
crypto.keyStorage.clear();
});
[
{ name: "RSA-PSS", hash: "SHA-256", publicExponent: new Uint8Array([1, 0, 1]), modulusLength: 1024 },
{ name: "ECDSA", namedCurve: "P-256" },
].map((alg) => {
it(alg.name, async () => {
const keys = await crypto.subtle.generateKey(alg, false, ["sign", "verify"]);
const id = await getId(keys.publicKey);
assert.strictEqual((keys.publicKey as CryptoKey).key.id.toString("hex"), id);
assert.strictEqual((keys.publicKey as CryptoKey).id.includes(id), true);
assert.strictEqual((keys.publicKey as CryptoKey).p11Object.token, false);
assert.strictEqual((keys.privateKey as CryptoKey).p11Object.token, false);
assert.strictEqual(((keys.privateKey as CryptoKey).p11Object as graphene.PrivateKey).sensitive, false);
});
});
context("pkcs11 attributes", () => {
[
{ name: "RSA-PSS", hash: "SHA-256", publicExponent: new Uint8Array([1, 0, 1]), modulusLength: 1024, token: true, sensitive: true, label: "RSA-PSS" },
{ name: "ECDSA", namedCurve: "P-256", token: true, sensitive: true, label: "ECDSA" },
].map((alg) => {
it(alg.name, async () => {
const keys = await crypto.subtle.generateKey(alg, false, ["sign", "verify"]);
const id = await getId(keys.publicKey);
assert.strictEqual((keys.publicKey as CryptoKey).key.id.toString("hex"), id);
assert.strictEqual((keys.publicKey as CryptoKey).id.includes(id), true);
assert.strictEqual((keys.publicKey as CryptoKey).p11Object.token, true);
assert.strictEqual((keys.publicKey as CryptoKey).p11Object.label, alg.name);
assert.strictEqual((keys.privateKey as CryptoKey).p11Object.token, true);
assert.strictEqual(((keys.privateKey as CryptoKey).p11Object as graphene.PrivateKey).sensitive, true);
assert.strictEqual((keys.privateKey as CryptoKey).p11Object.label, alg.name);
});
});
});
});
context("import key", () => {
const spki = Buffer.from("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoZMMqyfA16N6bvloFHmalk/SGMisr3zSXFZdR8F9UkaY7hF13hHiQtwp2YO+1zd7jwYi1Y7SMA9iUrC+ap2OCw==", "base64");
it("extractable public key", async () => {
const key = await crypto.subtle.importKey("spki", spki, { name: "ECDSA", namedCurve: "P-256" } as types.EcKeyImportParams, true, ["verify"]);
const id = await getId(key);
assert.strictEqual((key as CryptoKey).key.id.toString("hex"), id);
assert.strictEqual((key as CryptoKey).id.includes(id), true);
});
it("don't try to update id if key is not extractable", async () => {
const key = await crypto.subtle.importKey("spki", spki, { name: "ECDSA", namedCurve: "P-256" } as types.EcKeyImportParams, false, ["verify"]);
assert.notStrictEqual((key as CryptoKey).key.id.toString("hex"), "69e4556056c8d300eff3d4523fc6515d9f833fe6");
});
});
});
});