test: update WPT for WebCryptoAPI to edd42c005c

lib/internal/crypto/cfrg.js

@@ -279,6 +279,14 @@ function cfrgImportKey(
           'DataError');
       }
 
+      if (keyData.alg !== undefined && (name === 'Ed25519' || name === 'Ed448')) {
+        if (keyData.alg !== name && keyData.alg !== 'EdDSA') {
+          throw lazyDOMException(
+            'JWK "alg" does not match the requested algorithm',
+            'DataError');
+        }
+      }
+
       if (!isPublic && typeof keyData.x !== 'string') {
         throw lazyDOMException('Invalid JWK', 'DataError');
       }

lib/internal/crypto/webcrypto.js

@@ -467,6 +467,7 @@ async function exportKeyJWK(key) {
       // Fall through
     case 'Ed448':
       jwk.crv ||= key.algorithm.name;
+      jwk.alg = key.algorithm.name;
       return jwk;
     case 'AES-CTR':
       // Fall through

test/fixtures/wpt/README.md

@@ -33,7 +33,7 @@ Last update:
 - user-timing: https://github.com/web-platform-tests/wpt/tree/5ae85bf826/user-timing
 - wasm/jsapi: https://github.com/web-platform-tests/wpt/tree/cde25e7e3c/wasm/jsapi
 - wasm/webapi: https://github.com/web-platform-tests/wpt/tree/fd1b23eeaa/wasm/webapi
-- WebCryptoAPI: https://github.com/web-platform-tests/wpt/tree/3e3374efde/WebCryptoAPI
+- WebCryptoAPI: https://github.com/web-platform-tests/wpt/tree/edd42c005c/WebCryptoAPI
 - webidl/ecmascript-binding/es-exceptions: https://github.com/web-platform-tests/wpt/tree/a370aad338/webidl/ecmascript-binding/es-exceptions
 - webmessaging/broadcastchannel: https://github.com/web-platform-tests/wpt/tree/6495c91853/webmessaging/broadcastchannel
 - webstorage: https://github.com/web-platform-tests/wpt/tree/1291340aaa/webstorage

test/fixtures/wpt/WebCryptoAPI/import_export/okp_importKey.js

@@ -11,7 +11,7 @@ function runTests(algorithmName) {
             ['spki', 'jwk', 'raw'].forEach(function(format) {
                 if (format === "jwk") { // Not all fields used for public keys
                     testFormat(format, algorithm, jwkData, algorithmName, usages, extractable);
-                    // Test for https://github.com/WICG/webcrypto-secure-curves/pull/24
+                    // Test for https://github.com/w3c/webcrypto/pull/401
                     if (extractable) {
                         testJwkAlgBehaviours(algorithm, jwkData.jwk, algorithmName, usages);
                     }
@@ -27,7 +27,7 @@ function runTests(algorithmName) {
             ['pkcs8', 'jwk'].forEach(function(format) {
                 testFormat(format, algorithm, data, algorithmName, usages, extractable);
 
-                // Test for https://github.com/WICG/webcrypto-secure-curves/pull/24
+                // Test for https://github.com/w3c/webcrypto/pull/401
                 if (format === "jwk" && extractable) {
                     testJwkAlgBehaviours(algorithm, data.jwk, algorithmName, usages);
                 }
@@ -67,27 +67,34 @@ function testFormat(format, algorithm, keyData, keySize, usages, extractable) {
     });
 }
 
-// Test importKey/exportKey "alg" behaviours, alg is ignored upon import and alg is missing for Ed25519 and Ed448 JWK export
-// https://github.com/WICG/webcrypto-secure-curves/pull/24
+// Test importKey/exportKey "alg" behaviours (https://github.com/w3c/webcrypto/pull/401)
+// - alg is ignored for ECDH import
+// - TODO: alg is checked to be the algorithm.name or EdDSA for Ed25519 and Ed448 import
+// - alg is missing for ECDH export
+// - alg is the algorithm name for Ed25519 and Ed448 export
 function testJwkAlgBehaviours(algorithm, keyData, crv, usages) {
     [algorithm, algorithm.name].forEach((alg) => {
-        promise_test(function(test) {
-            return subtle.importKey('jwk', { ...keyData, alg: 'this is ignored' }, alg, true, usages).
-                then(function(key) {
-                    assert_equals(key.constructor, CryptoKey, "Imported a CryptoKey object");
-
-                    return subtle.exportKey('jwk', key).
-                        then(function(result) {
-                            assert_equals(Object.keys(result).length, keyData.d ? 6 : 5, "Correct number of JWK members");
-                            assert_equals(result.alg, undefined, 'No JWK "alg" member is present');
-                            assert_true(equalJwk(keyData, result), "Round trip works");
-                        }, function(err) {
+        (crv.startsWith('Ed') ? [algorithm.name, 'EdDSA'] : ['this is ignored']).forEach((jwkAlg) => {
+            promise_test(function(test) {
+                return subtle.importKey('jwk', { ...keyData, alg: jwkAlg }, alg, true, usages).
+                    then(function(key) {
+                        assert_equals(key.constructor, CryptoKey, "Imported a CryptoKey object");
+
+                        return subtle.exportKey('jwk', key).
+                            then(function(result) {
+                                let expectedKeys = crv.startsWith('Ed') ? 6 : 5
+                                if (keyData.d) expectedKeys++
+                                assert_equals(Object.keys(result).length, expectedKeys, "Correct number of JWK members");
+                                assert_equals(result.alg, crv.startsWith('Ed') ? algorithm.name : undefined, 'Expected JWK "alg" member');
+                                assert_true(equalJwk(keyData, result), "Round trip works");
+                            }, function(err) {
+                            assert_unreached("Threw an unexpected error: " + err.toString());
+                            });
+                    }, function(err) {
                         assert_unreached("Threw an unexpected error: " + err.toString());
-                        });
-                }, function(err) {
-                    assert_unreached("Threw an unexpected error: " + err.toString());
-                });
-        }, "Good parameters with ignored JWK alg: " + crv.toString() + " " + parameterString('jwk', keyData, alg, true, usages));
+                    });
+            }, 'Good parameters with JWK alg' + (crv.startsWith('Ed') ? ` ${jwkAlg}: ` : ': ') + crv.toString() + " " + parameterString('jwk', keyData, alg, true, usages, jwkAlg));
+        });
     });
 }
 

test/fixtures/wpt/versions.json

@@ -92,7 +92,7 @@
     "path": "wasm/webapi"
   },
   "WebCryptoAPI": {
-    "commit": "3e3374efde7ce73d551ea908d52d0afab046971a",
+    "commit": "edd42c005cf8192fbae41ec061c14342e7bcac15",
     "path": "WebCryptoAPI"
   },
   "webidl/ecmascript-binding/es-exceptions": {

test/parallel/test-webcrypto-export-import-cfrg.js

@@ -12,7 +12,7 @@ const { subtle } = globalThis.crypto;
 
 const keyData = {
   'Ed25519': {
-    jwsAlg: 'EdDSA',
+    jwsAlg: 'Ed25519',
     spki: Buffer.from(
       '302a300506032b6570032100a054b618c12b26c8d43595a5c38dd2b0140b944a' +
       '151f75003278c2b6c58ec08f', 'hex'),
@@ -27,7 +27,7 @@ const keyData = {
     }
   },
   'Ed448': {
-    jwsAlg: 'EdDSA',
+    jwsAlg: 'Ed448',
     spki: Buffer.from(
       '3043300506032b6571033a0008cc38160c85bca5656ac4924af7ea97a9161b20' +
       '2528273dcb84afd2eeb99ac912a401b34ef15ef4d9486406a6eecc31e5909219' +
@@ -183,10 +183,7 @@ async function testImportJwk({ name, publicUsages, privateUsages }, extractable)
 
   const jwk = keyData[name].jwk;
 
-  const [
-    publicKey,
-    privateKey,
-  ] = await Promise.all([
+  const tests = [
     subtle.importKey(
       'jwk',
       {
@@ -221,7 +218,37 @@ async function testImportJwk({ name, publicUsages, privateUsages }, extractable)
       { name },
       extractable,
       privateUsages),
-  ]);
+  ];
+
+  // Test the deprecated "alg" value
+  if (keyData[name].jwsAlg?.startsWith('Ed')) {
+    tests.push(
+      subtle.importKey(
+        'jwk',
+        {
+          alg: 'EdDSA',
+          kty: jwk.kty,
+          crv: jwk.crv,
+          x: jwk.x,
+        },
+        { name },
+        extractable, publicUsages),
+      subtle.importKey(
+        'jwk',
+        {
+          ...jwk,
+          alg: 'EdDSA',
+        },
+        { name },
+        extractable,
+        privateUsages),
+    );
+  }
+
+  const [
+    publicKey,
+    privateKey,
+  ] = await Promise.all(tests);
 
   assert.strictEqual(publicKey.type, 'public');
   assert.strictEqual(privateKey.type, 'private');
@@ -259,8 +286,13 @@ async function testImportJwk({ name, publicUsages, privateUsages }, extractable)
     assert.strictEqual(pvtJwk.crv, jwk.crv);
     assert.strictEqual(pvtJwk.d, jwk.d);
 
-    assert.strictEqual(pubJwk.alg, undefined);
-    assert.strictEqual(pvtJwk.alg, undefined);
+    if (jwk.crv.startsWith('Ed')) {
+      assert.strictEqual(pubJwk.alg, jwk.crv);
+      assert.strictEqual(pvtJwk.alg, jwk.crv);
+    } else {
+      assert.strictEqual(pubJwk.alg, undefined);
+      assert.strictEqual(pvtJwk.alg, undefined);
+    }
   } else {
     await assert.rejects(
       subtle.exportKey('jwk', publicKey), {
@@ -284,22 +316,24 @@ async function testImportJwk({ name, publicUsages, privateUsages }, extractable)
       { message: 'Invalid JWK "use" Parameter' });
   }
 
-  // The JWK alg member is ignored
-  // https://github.com/WICG/webcrypto-secure-curves/pull/24
   if (name.startsWith('Ed')) {
-    await subtle.importKey(
-      'jwk',
-      { kty: jwk.kty, x: jwk.x, crv: jwk.crv, alg: 'foo' },
-      { name },
-      extractable,
-      publicUsages);
+    await assert.rejects(
+      subtle.importKey(
+        'jwk',
+        { kty: jwk.kty, x: jwk.x, crv: jwk.crv, alg: 'foo' },
+        { name },
+        extractable,
+        publicUsages),
+      { message: 'JWK "alg" does not match the requested algorithm' });
 
-    await subtle.importKey(
-      'jwk',
-      { ...jwk, alg: 'foo' },
-      { name },
-      extractable,
-      privateUsages);
+    await assert.rejects(
+      subtle.importKey(
+        'jwk',
+        { ...jwk, alg: 'foo' },
+        { name },
+        extractable,
+        privateUsages),
+      { message: 'JWK "alg" does not match the requested algorithm' });
   }
 
   for (const crv of [undefined, name === 'Ed25519' ? 'Ed448' : 'Ed25519']) {