feat(ext/crypto): implement importKey (jwk) for RSA-PSS , RSA-OAEP and RSA-PKCS1-v1_5

cli/tests/unit/webcrypto_test.ts

@@ -467,3 +467,203 @@ unitTest(async function testHkdfDeriveBits() {
   );
   assertEquals(result.byteLength, 128 / 8);
 });
+
+const jwtRSAKeys = {
+  "2048": {
+    size: 2048,
+    publicJWK: {
+      kty: "RSA",
+      // unpadded base64 for rawKey.
+      n: "09eVwAhT9SPBxdEN-74BBeEANGaVGwqH-YglIc4VV7jfhR2by5ivzVq8NCeQ1_ACDIlTDY8CTMQ5E1c1SEXmo_T7q84XUGXf8U9mx6uRg46sV7fF-hkwJR80BFVsvWxp4ahPlVJYj__94ft7rIVvchb5tyalOjrYFCJoFnSgq-i3ZjU06csI9XnO5klINucD_Qq0vUhO23_Add2HSYoRjab8YiJJR_Eths7Pq6HHd2RSXmwYp5foRnwe0_U75XmesHWDJlJUHYbwCZo0kP9G8g4QbucwU-MSNBkZOO2x2ZtZNexpHd0ThkATbnNlpVG_z2AGNORp_Ve3rlXwrGIXXw",
+      e: "AQAB",
+    },
+    privateJWK: {
+      kty: "RSA",
+      // unpadded base64 for rawKey.
+      n: "09eVwAhT9SPBxdEN-74BBeEANGaVGwqH-YglIc4VV7jfhR2by5ivzVq8NCeQ1_ACDIlTDY8CTMQ5E1c1SEXmo_T7q84XUGXf8U9mx6uRg46sV7fF-hkwJR80BFVsvWxp4ahPlVJYj__94ft7rIVvchb5tyalOjrYFCJoFnSgq-i3ZjU06csI9XnO5klINucD_Qq0vUhO23_Add2HSYoRjab8YiJJR_Eths7Pq6HHd2RSXmwYp5foRnwe0_U75XmesHWDJlJUHYbwCZo0kP9G8g4QbucwU-MSNBkZOO2x2ZtZNexpHd0ThkATbnNlpVG_z2AGNORp_Ve3rlXwrGIXXw",
+      e: "AQAB",
+      d: "H4xboN2co0VP9kXL71G8lUOM5EDis8Q9u8uqu_4U75t4rjpamVeD1vFMVfgOehokM_m_hKVnkkcmuNqj9L90ObaiRFPM5QxG7YkFpXbHlPAKeoXD1hsqMF0VQg_2wb8DhberInHA_rEA_kaVhHvavQLu7Xez45gf1d_J4I4931vjlCB6cupbLL0H5hHsxbMsX_5nnmAJdL_U3gD-U7ZdQheUPhDBJR2KeGzvnTm3KVKpOnwn-1Cd45MU4-KDdP0FcBVEuBsSrsQHliTaciBgkbyj__BangPj3edDxTkb-fKkEvhkXRjAoJs1ixt8nfSGDce9cM_GqAX9XGb4s2QkAQ",
+      dp:
+        "mM82RBwzGzi9LAqjGbi-badLtHRRBoH9sfMrJuOtzxRnmwBFccg_lwy-qAhUTqnN9kvD0H1FzXWzoFPFJbyi-AOmumYGpWm_PvzQGldne5CPJ02pYaeg-t1BePsT3OpIq0Am8E2Kjf9polpRJwIjO7Kx8UJKkhg5bISnsy0V8wE",
+      dq:
+        "ZlM4AvrWIpXwqsH_5Q-6BsLJdbnN_GypFCXoT9VXniXncSBZIWCkgDndBdWkSzyzIN65NiMRBfZaf9yduTFj4kvOPwb3ch3J0OxGJk0Ary4OGSlS1zNwMl93ALGal1FzpWUuiia9L9RraGqXAUr13L7TIIMRobRjpAV-z7M-ruM",
+      p: "7VwGt_tJcAFQHrmDw5dM1EBru6fidM45NDv6VVOEbxKuD5Sh2EfAHfm5c6oouA1gZqwvKH0sn_XpB1NsyYyHEQd3sBVdK0zRjTo-E9mRP-1s-LMd5YDXVq6HE339nxpXsmO25slQEF6zBrj1bSNNXBFc7fgDnlq-HIeleMvsY_E",
+      q: "5HqMHLzb4IgXhUl4pLz7E4kjY8PH2YGzaQfK805zJMbOXzmlZK0hizKo34Qqd2nB9xos7QgzOYQrNfSWheARwVsSQzAE0vGvw3zHIPP_lTtChBlCTPctQcURjw4dXcnK1oQ-IT321FNOW3EO-YTsyGcypJqJujlZrLbxYjOjQE8",
+      qi:
+        "OQXzi9gypDnpdHatIi0FaUGP8LSzfVH0AUugURJXs4BTJpvA9y4hcpBQLrcl7H_vq6kbGmvC49V-9I5HNVX_AuxGIXKuLZr5WOxPq8gLTqHV7X5ZJDtWIP_nq2NNgCQQyNNRrxebiWlwGK9GnX_unewT6jopI_oFhwp0Q13rBR0",
+    },
+  },
+};
+
+unitTest(async function testImportRsaJwk() {
+  const subtle = window.crypto.subtle;
+  assert(subtle);
+
+  for (
+    const [_key, jwkData] of Object.entries(jwtRSAKeys)
+  ) {
+    const { size, publicJWK, privateJWK } = jwkData;
+    if (size != 2048) {
+      continue;
+    }
+
+    // 1. Test import PSS
+    for (const hash of ["SHA-1", "SHA-256", "SHA-384", "SHA-512"]) {
+      const hashMapPSS: Record<string, string> = {
+        "SHA-1": "PS1",
+        "SHA-256": "PS256",
+        "SHA-384": "PS384",
+        "SHA-512": "PS512",
+      };
+
+      const privateKeyPSS = await crypto.subtle.importKey(
+        "jwk",
+        {
+          alg: hashMapPSS[hash],
+          ...privateJWK,
+          ext: true,
+          "key_ops": ["sign"],
+        },
+        { name: "RSA-PSS", hash },
+        true,
+        ["sign"],
+      );
+
+      const publicKeyPSS = await crypto.subtle.importKey(
+        "jwk",
+        {
+          alg: hashMapPSS[hash],
+          ...publicJWK,
+          ext: true,
+          "key_ops": ["verify"],
+        },
+        { name: "RSA-PSS", hash },
+        true,
+        ["verify"],
+      );
+
+      const signaturePSS = await crypto.subtle.sign(
+        { name: "RSA-PSS", saltLength: 32 },
+        privateKeyPSS,
+        new Uint8Array([1, 2, 3, 4]),
+      );
+
+      const verifyPSS = await crypto.subtle.verify(
+        { name: "RSA-PSS", saltLength: 32 },
+        publicKeyPSS,
+        signaturePSS,
+        new Uint8Array([1, 2, 3, 4]),
+      );
+      assert(verifyPSS);
+    }
+
+    // 2. Test import PKCS1
+    for (const hash of ["SHA-1", "SHA-256", "SHA-384", "SHA-512"]) {
+      const hashMapPKCS1: Record<string, string> = {
+        "SHA-1": "RS1",
+        "SHA-256": "RS256",
+        "SHA-384": "RS384",
+        "SHA-512": "RS512",
+      };
+
+      const privateKeyPKCS1 = await crypto.subtle.importKey(
+        "jwk",
+        {
+          alg: hashMapPKCS1[hash],
+          ...privateJWK,
+          ext: true,
+          "key_ops": ["sign"],
+        },
+        { name: "RSASSA-PKCS1-v1_5", hash },
+        true,
+        ["sign"],
+      );
+
+      const publicKeyPKCS1 = await crypto.subtle.importKey(
+        "jwk",
+        {
+          alg: hashMapPKCS1[hash],
+          ...publicJWK,
+          ext: true,
+          "key_ops": ["verify"],
+        },
+        { name: "RSASSA-PKCS1-v1_5", hash },
+        true,
+        ["verify"],
+      );
+
+      const signaturePKCS1 = await crypto.subtle.sign(
+        { name: "RSASSA-PKCS1-v1_5", saltLength: 32 },
+        privateKeyPKCS1,
+        new Uint8Array([1, 2, 3, 4]),
+      );
+
+      const verifyPKCS1 = await crypto.subtle.verify(
+        { name: "RSASSA-PKCS1-v1_5", saltLength: 32 },
+        publicKeyPKCS1,
+        signaturePKCS1,
+        new Uint8Array([1, 2, 3, 4]),
+      );
+      assert(verifyPKCS1);
+    }
+
+    // 3. Test import OAEP
+    for (
+      const { hash, plainText } of hashPlainTextVector
+    ) {
+      const encryptAlgorithm = { name: "RSA-OAEP" };
+
+      const hashMapOAEP: Record<string, string> = {
+        "SHA-1": "RSA-OAEP",
+        "SHA-256": "RSA-OAEP-256",
+        "SHA-384": "RSA-OAEP-384",
+        "SHA-512": "RSA-OAEP-512",
+      };
+
+      const privateKeyOAEP = await crypto.subtle.importKey(
+        "jwk",
+        {
+          alg: hashMapOAEP[hash],
+          ...privateJWK,
+          ext: true,
+          "key_ops": ["decrypt"],
+        },
+        { name: "RSA-OAEP", hash },
+        true,
+        ["decrypt"],
+      );
+
+      const publicKeyOAEP = await crypto.subtle.importKey(
+        "jwk",
+        {
+          alg: hashMapOAEP[hash],
+          ...publicJWK,
+          ext: true,
+          "key_ops": ["encrypt"],
+        },
+        { name: "RSA-OAEP", hash },
+        true,
+        ["encrypt"],
+      );
+      const cipherText = await subtle.encrypt(
+        encryptAlgorithm,
+        publicKeyOAEP,
+        plainText,
+      );
+
+      assert(cipherText);
+      assert(cipherText.byteLength > 0);
+      assertEquals(cipherText.byteLength * 8, 2048);
+      assert(cipherText instanceof ArrayBuffer);
+
+      const decrypted = await subtle.decrypt(
+        encryptAlgorithm,
+        privateKeyOAEP,
+        cipherText,
+      );
+      assert(decrypted);
+      assert(decrypted instanceof ArrayBuffer);
+      assertEquals(new Uint8Array(decrypted), plainText);
+    }
+  }
+});