Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't let AES-KW to wrap/unwrap JWK #6102

Conversation

@alanwaketan
Copy link

alanwaketan commented May 30, 2017

No description provided.

@jimsch
Copy link
Contributor

jimsch commented May 31, 2017

Yes, it appears that this requirement was lost in the spec at some point. It is currently open as w3c/crypto#187. In the event that the document is changed then this should be fixed.

@jimsch
jimsch approved these changes May 31, 2017
Copy link
Contributor

jimsch left a comment

This is an error that was lost in the document. Orignally everything was returned that way.

@w3c-bots
Copy link

w3c-bots commented May 31, 2017

*This report has been truncated because the total content is 129172 characters in length, which is in excess of GitHub.com's limit for comments (65536 characters).

View the complete job log.

Firefox (nightly)

Testing web-platform-tests at revision ecb20b2
Using browser at version BuildID 20170530100155; SourceStamp 286f71223256cbb3a769432fd860f563c4886e81
Starting 10 test iterations

Unstable results

Test Subtest Results Messages
/WebCryptoAPI/wrapKey_unwrapKey/test_wrapKey_unwrapKey.https.html Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-KW PASS: 1/10, MISSING: 9/10
/WebCryptoAPI/wrapKey_unwrapKey/test_wrapKey_unwrapKey.https.html Can wrap and unwrap RSA-PSS private key keys as non-extractable using pkcs8 and AES-KW PASS: 1/10, MISSING: 9/10

All results

2 tests ran
/WebCryptoAPI/wrapKey_unwrapKey/test_wrapKey_unwrapKey.https.html
Subtest Results Messages
OK
Can wrap and unwrap RSA-PSS public key keys using spki and AES-CTR PASS
Can wrap and unwrap RSA-PSS public key keys using jwk and AES-CTR PASS
Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-CTR PASS
Can wrap and unwrap RSA-PSS private key keys as non-extractable using pkcs8 and AES-CTR PASS
Can wrap and unwrap RSA-PSS private key keys using jwk and AES-CTR PASS
Can wrap and unwrap RSA-PSS private key keys as non-extractable using jwk and AES-CTR PASS
Can unwrap RSA-PSS private key non-extractable keys using jwk and AES-CTR PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using spki and AES-CTR PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using jwk and AES-CTR PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using pkcs8 and AES-CTR PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using pkcs8 and AES-CTR PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using jwk and AES-CTR PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using jwk and AES-CTR PASS
Can unwrap RSASSA-PKCS1-v1_5 private key non-extractable keys using jwk and AES-CTR PASS
Can wrap and unwrap AES-CTR keys using raw and AES-CTR PASS
Can wrap and unwrap AES-CTR keys as non-extractable using raw and AES-CTR PASS
Can wrap and unwrap AES-CTR keys using jwk and AES-CTR PASS
Can wrap and unwrap AES-CTR keys as non-extractable using jwk and AES-CTR PASS
Can unwrap AES-CTR non-extractable keys using jwk and AES-CTR PASS
Can wrap and unwrap AES-CBC keys using raw and AES-CTR PASS
Can wrap and unwrap AES-CBC keys as non-extractable using raw and AES-CTR PASS
Can wrap and unwrap AES-CBC keys using jwk and AES-CTR PASS
Can wrap and unwrap AES-CBC keys as non-extractable using jwk and AES-CTR PASS
Can unwrap AES-CBC non-extractable keys using jwk and AES-CTR PASS
Can wrap and unwrap AES-GCM keys using raw and AES-CTR PASS
Can wrap and unwrap AES-GCM keys as non-extractable using raw and AES-CTR PASS
Can wrap and unwrap AES-GCM keys using jwk and AES-CTR PASS
Can wrap and unwrap AES-GCM keys as non-extractable using jwk and AES-CTR PASS
Can unwrap AES-GCM non-extractable keys using jwk and AES-CTR PASS
Can wrap and unwrap AES-KW keys using raw and AES-CTR FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap AES-KW keys as non-extractable using raw and AES-CTR FAIL assert_unreached: Round trip for key unwrapped non-extractable threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap AES-KW keys using jwk and AES-CTR FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap AES-KW keys as non-extractable using jwk and AES-CTR FAIL assert_unreached: Round trip for key unwrapped non-extractable threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can unwrap AES-KW non-extractable keys using jwk and AES-CTR FAIL assert_equals: Unwrapping a non-extractable JWK as extractable fails with DataError expected "DataError" but got "Error"
Can wrap and unwrap HMAC keys using raw and AES-CTR PASS
Can wrap and unwrap HMAC keys as non-extractable using raw and AES-CTR PASS
Can wrap and unwrap HMAC keys using jwk and AES-CTR PASS
Can wrap and unwrap HMAC keys as non-extractable using jwk and AES-CTR PASS
Can unwrap HMAC non-extractable keys using jwk and AES-CTR PASS
Can wrap and unwrap RSA-OAEP public key keys using spki and AES-CTR PASS
Can wrap and unwrap RSA-OAEP public key keys using jwk and AES-CTR PASS
Can wrap and unwrap RSA-OAEP private key keys using pkcs8 and AES-CTR PASS
Can wrap and unwrap RSA-OAEP private key keys as non-extractable using pkcs8 and AES-CTR PASS
Can wrap and unwrap RSA-OAEP private key keys using jwk and AES-CTR PASS
Can wrap and unwrap RSA-OAEP private key keys as non-extractable using jwk and AES-CTR PASS
Can unwrap RSA-OAEP private key non-extractable keys using jwk and AES-CTR PASS
Can wrap and unwrap ECDSA public key keys using spki and AES-CTR FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDSA public key keys using jwk and AES-CTR FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Could not run all tests FAIL assert_unreached: A test failed to run: NotSupportedError: Operation is not supported Reached unreachable code
Can wrap and unwrap ECDSA private key keys using jwk and AES-CTR FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDSA private key keys as non-extractable using jwk and AES-CTR FAIL assert_unreached: Round trip for key unwrapped non-extractable threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can unwrap ECDSA private key non-extractable keys using jwk and AES-CTR FAIL assert_equals: Unwrapping a non-extractable JWK as extractable fails with DataError expected "DataError" but got "Error"
Can wrap and unwrap ECDH public key keys using spki and AES-CTR FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDH public key keys using jwk and AES-CTR FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDH private key keys using jwk and AES-CTR FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDH private key keys as non-extractable using jwk and AES-CTR FAIL assert_unreached: Round trip for key unwrapped non-extractable threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can unwrap ECDH private key non-extractable keys using jwk and AES-CTR FAIL assert_equals: Unwrapping a non-extractable JWK as extractable fails with DataError expected "DataError" but got "Error"
Can wrap and unwrap AES-CTR keys using raw and AES-KW PASS
Can wrap and unwrap AES-CTR keys as non-extractable using raw and AES-KW PASS
Can wrap and unwrap AES-CBC keys using raw and AES-KW PASS
Can wrap and unwrap AES-CBC keys as non-extractable using raw and AES-KW PASS
Can wrap and unwrap AES-GCM keys using raw and AES-KW PASS
Can wrap and unwrap AES-GCM keys as non-extractable using raw and AES-KW PASS
Can wrap and unwrap AES-KW keys using raw and AES-KW FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap AES-KW keys as non-extractable using raw and AES-KW FAIL assert_unreached: Round trip for key unwrapped non-extractable threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap HMAC keys using raw and AES-KW PASS
Can wrap and unwrap HMAC keys as non-extractable using raw and AES-KW PASS
Can wrap and unwrap ECDSA public key keys using spki and AES-KW FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDH public key keys using spki and AES-KW FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap RSA-PSS public key keys using spki and RSA-OAEP PASS
Can wrap and unwrap RSA-PSS public key keys using jwk and RSA-OAEP PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using spki and RSA-OAEP PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using jwk and RSA-OAEP PASS
Can wrap and unwrap AES-CTR keys using raw and RSA-OAEP PASS
Can wrap and unwrap AES-CTR keys as non-extractable using raw and RSA-OAEP PASS
Can wrap and unwrap AES-CTR keys using jwk and RSA-OAEP PASS
Can wrap and unwrap AES-CTR keys as non-extractable using jwk and RSA-OAEP PASS
Can unwrap AES-CTR non-extractable keys using jwk and RSA-OAEP PASS
Can wrap and unwrap AES-CBC keys using raw and RSA-OAEP PASS
Can wrap and unwrap AES-CBC keys as non-extractable using raw and RSA-OAEP PASS
Can wrap and unwrap AES-CBC keys using jwk and RSA-OAEP PASS
Can wrap and unwrap AES-CBC keys as non-extractable using jwk and RSA-OAEP PASS
Can unwrap AES-CBC non-extractable keys using jwk and RSA-OAEP PASS
Can wrap and unwrap AES-GCM keys using raw and RSA-OAEP PASS
Can wrap and unwrap AES-GCM keys as non-extractable using raw and RSA-OAEP PASS
Can wrap and unwrap AES-GCM keys using jwk and RSA-OAEP PASS
Can wrap and unwrap AES-GCM keys as non-extractable using jwk and RSA-OAEP PASS
Can unwrap AES-GCM non-extractable keys using jwk and RSA-OAEP PASS
Can wrap and unwrap AES-KW keys using raw and RSA-OAEP FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap AES-KW keys as non-extractable using raw and RSA-OAEP FAIL assert_unreached: Round trip for key unwrapped non-extractable threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap AES-KW keys using jwk and RSA-OAEP FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap AES-KW keys as non-extractable using jwk and RSA-OAEP FAIL assert_unreached: Round trip for key unwrapped non-extractable threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can unwrap AES-KW non-extractable keys using jwk and RSA-OAEP FAIL assert_equals: Unwrapping a non-extractable JWK as extractable fails with DataError expected "DataError" but got "Error"
Can wrap and unwrap HMAC keys using raw and RSA-OAEP PASS
Can wrap and unwrap HMAC keys as non-extractable using raw and RSA-OAEP PASS
Can wrap and unwrap HMAC keys using jwk and RSA-OAEP PASS
Can wrap and unwrap HMAC keys as non-extractable using jwk and RSA-OAEP PASS
Can unwrap HMAC non-extractable keys using jwk and RSA-OAEP PASS
Can wrap and unwrap RSA-OAEP public key keys using spki and RSA-OAEP PASS
Can wrap and unwrap RSA-OAEP public key keys using jwk and RSA-OAEP PASS
Can wrap and unwrap ECDSA public key keys using spki and RSA-OAEP FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDSA public key keys using jwk and RSA-OAEP FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDSA private key keys using jwk and RSA-OAEP FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDSA private key keys as non-extractable using jwk and RSA-OAEP FAIL assert_unreached: Round trip for key unwrapped non-extractable threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can unwrap ECDSA private key non-extractable keys using jwk and RSA-OAEP FAIL assert_equals: Unwrapping a non-extractable JWK as extractable fails with DataError expected "DataError" but got "Error"
Can wrap and unwrap ECDH public key keys using spki and RSA-OAEP FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDH public key keys using jwk and RSA-OAEP FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDH private key keys using jwk and RSA-OAEP FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDH private key keys as non-extractable using jwk and RSA-OAEP FAIL assert_unreached: Round trip for key unwrapped non-extractable threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can unwrap ECDH private key non-extractable keys using jwk and RSA-OAEP FAIL assert_equals: Unwrapping a non-extractable JWK as extractable fails with DataError expected "DataError" but got "Error"
Can wrap and unwrap RSA-PSS public key keys using spki and AES-GCM PASS
Can wrap and unwrap RSA-PSS public key keys using jwk and AES-GCM PASS
Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-GCM PASS
Can wrap and unwrap RSA-PSS private key keys as non-extractable using pkcs8 and AES-GCM PASS
Can wrap and unwrap RSA-PSS private key keys using jwk and AES-GCM PASS
Can wrap and unwrap RSA-PSS private key keys as non-extractable using jwk and AES-GCM PASS
Can unwrap RSA-PSS private key non-extractable keys using jwk and AES-GCM PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using spki and AES-GCM PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using jwk and AES-GCM PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using pkcs8 and AES-GCM PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using pkcs8 and AES-GCM PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using jwk and AES-GCM PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using jwk and AES-GCM PASS
Can unwrap RSASSA-PKCS1-v1_5 private key non-extractable keys using jwk and AES-GCM PASS
Can wrap and unwrap AES-CTR keys using raw and AES-GCM PASS
Can wrap and unwrap AES-CTR keys as non-extractable using raw and AES-GCM PASS
Can wrap and unwrap AES-CTR keys using jwk and AES-GCM PASS
Can wrap and unwrap AES-CTR keys as non-extractable using jwk and AES-GCM PASS
Can unwrap AES-CTR non-extractable keys using jwk and AES-GCM PASS
Can wrap and unwrap AES-CBC keys using raw and AES-GCM PASS
Can wrap and unwrap AES-CBC keys as non-extractable using raw and AES-GCM PASS
Can wrap and unwrap AES-CBC keys using jwk and AES-GCM PASS
Can wrap and unwrap AES-CBC keys as non-extractable using jwk and AES-GCM PASS
Can unwrap AES-CBC non-extractable keys using jwk and AES-GCM PASS
Can wrap and unwrap AES-GCM keys using raw and AES-GCM PASS
Can wrap and unwrap AES-GCM keys as non-extractable using raw and AES-GCM PASS
Can wrap and unwrap AES-GCM keys using jwk and AES-GCM PASS
Can wrap and unwrap AES-GCM keys as non-extractable using jwk and AES-GCM PASS
Can unwrap AES-GCM non-extractable keys using jwk and AES-GCM PASS
Can wrap and unwrap AES-KW keys using raw and AES-GCM FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap AES-KW keys as non-extractable using raw and AES-GCM FAIL assert_unreached: Round trip for key unwrapped non-extractable threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap AES-KW keys using jwk and AES-GCM FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap AES-KW keys as non-extractable using jwk and AES-GCM FAIL assert_unreached: Round trip for key unwrapped non-extractable threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can unwrap AES-KW non-extractable keys using jwk and AES-GCM FAIL assert_equals: Unwrapping a non-extractable JWK as extractable fails with DataError expected "DataError" but got "Error"
Can wrap and unwrap HMAC keys using raw and AES-GCM PASS
Can wrap and unwrap HMAC keys as non-extractable using raw and AES-GCM PASS
Can wrap and unwrap HMAC keys using jwk and AES-GCM PASS
Can wrap and unwrap HMAC keys as non-extractable using jwk and AES-GCM PASS
Can unwrap HMAC non-extractable keys using jwk and AES-GCM PASS
Can wrap and unwrap RSA-OAEP public key keys using spki and AES-GCM PASS
Can wrap and unwrap RSA-OAEP public key keys using jwk and AES-GCM PASS
Can wrap and unwrap RSA-OAEP private key keys using pkcs8 and AES-GCM PASS
Can wrap and unwrap RSA-OAEP private key keys as non-extractable using pkcs8 and AES-GCM PASS
Can wrap and unwrap RSA-OAEP private key keys using jwk and AES-GCM PASS
Can wrap and unwrap RSA-OAEP private key keys as non-extractable using jwk and AES-GCM PASS
Can unwrap RSA-OAEP private key non-extractable keys using jwk and AES-GCM PASS
Can wrap and unwrap ECDSA public key keys using spki and AES-GCM FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDSA public key keys using jwk and AES-GCM FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDSA private key keys using jwk and AES-GCM FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDSA private key keys as non-extractable using jwk and AES-GCM FAIL assert_unreached: Round trip for key unwrapped non-extractable threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can unwrap ECDSA private key non-extractable keys using jwk and AES-GCM FAIL assert_equals: Unwrapping a non-extractable JWK as extractable fails with DataError expected "DataError" but got "Error"
Can wrap and unwrap ECDH public key keys using spki and AES-GCM FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDH public key keys using jwk and AES-GCM FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDH private key keys using jwk and AES-GCM FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDH private key keys as non-extractable using jwk and AES-GCM FAIL assert_unreached: Round trip for key unwrapped non-extractable threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can unwrap ECDH private key non-extractable keys using jwk and AES-GCM FAIL assert_equals: Unwrapping a non-extractable JWK as extractable fails with DataError expected "DataError" but got "Error"
Can wrap and unwrap RSA-PSS public key keys using spki and AES-CBC PASS
Can wrap and unwrap RSA-PSS public key keys using jwk and AES-CBC PASS
Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-CBC PASS
Can wrap and unwrap RSA-PSS private key keys as non-extractable using pkcs8 and AES-CBC PASS
Can wrap and unwrap RSA-PSS private key keys using jwk and AES-CBC PASS
Can wrap and unwrap RSA-PSS private key keys as non-extractable using jwk and AES-CBC PASS
Can unwrap RSA-PSS private key non-extractable keys using jwk and AES-CBC PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using spki and AES-CBC PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using jwk and AES-CBC PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using pkcs8 and AES-CBC PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using pkcs8 and AES-CBC PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using jwk and AES-CBC PASS
Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using jwk and AES-CBC PASS
Can unwrap RSASSA-PKCS1-v1_5 private key non-extractable keys using jwk and AES-CBC PASS
Can wrap and unwrap AES-CTR keys using raw and AES-CBC PASS
Can wrap and unwrap AES-CTR keys as non-extractable using raw and AES-CBC PASS
Can wrap and unwrap AES-CTR keys using jwk and AES-CBC PASS
Can wrap and unwrap AES-CTR keys as non-extractable using jwk and AES-CBC PASS
Can unwrap AES-CTR non-extractable keys using jwk and AES-CBC PASS
Can wrap and unwrap AES-CBC keys using raw and AES-CBC PASS
Can wrap and unwrap AES-CBC keys as non-extractable using raw and AES-CBC PASS
Can wrap and unwrap AES-CBC keys using jwk and AES-CBC PASS
Can wrap and unwrap AES-CBC keys as non-extractable using jwk and AES-CBC PASS
Can unwrap AES-CBC non-extractable keys using jwk and AES-CBC PASS
Can wrap and unwrap AES-GCM keys using raw and AES-CBC PASS
Can wrap and unwrap AES-GCM keys as non-extractable using raw and AES-CBC PASS
Can wrap and unwrap AES-GCM keys using jwk and AES-CBC PASS
Can wrap and unwrap AES-GCM keys as non-extractable using jwk and AES-CBC PASS
Can unwrap AES-GCM non-extractable keys using jwk and AES-CBC PASS
Can wrap and unwrap AES-KW keys using raw and AES-CBC FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap AES-KW keys as non-extractable using raw and AES-CBC FAIL assert_unreached: Round trip for key unwrapped non-extractable threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap AES-KW keys using jwk and AES-CBC FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap AES-KW keys as non-extractable using jwk and AES-CBC FAIL assert_unreached: Round trip for key unwrapped non-extractable threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can unwrap AES-KW non-extractable keys using jwk and AES-CBC FAIL assert_equals: Unwrapping a non-extractable JWK as extractable fails with DataError expected "DataError" but got "Error"
Can wrap and unwrap HMAC keys using raw and AES-CBC PASS
Can wrap and unwrap HMAC keys as non-extractable using raw and AES-CBC PASS
Can wrap and unwrap HMAC keys using jwk and AES-CBC PASS
Can wrap and unwrap HMAC keys as non-extractable using jwk and AES-CBC PASS
Can unwrap HMAC non-extractable keys using jwk and AES-CBC PASS
Can wrap and unwrap RSA-OAEP public key keys using spki and AES-CBC PASS
Can wrap and unwrap RSA-OAEP public key keys using jwk and AES-CBC PASS
Can wrap and unwrap RSA-OAEP private key keys using pkcs8 and AES-CBC PASS
Can wrap and unwrap RSA-OAEP private key keys as non-extractable using pkcs8 and AES-CBC PASS
Can wrap and unwrap RSA-OAEP private key keys using jwk and AES-CBC PASS
Can wrap and unwrap RSA-OAEP private key keys as non-extractable using jwk and AES-CBC PASS
Can unwrap RSA-OAEP private key non-extractable keys using jwk and AES-CBC PASS
Can wrap and unwrap ECDSA public key keys using spki and AES-CBC FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDSA public key keys using jwk and AES-CBC FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
Can wrap and unwrap ECDSA private key keys using jwk and AES-CBC FAIL assert_unreached: Round trip for extractable key threw an error - NotSupportedError: "Operation is not supported" Reached unreachable code
`Can wrap and unwrap ECDSA private key keys as n
@w3c-bots
Copy link

w3c-bots commented May 31, 2017

View the complete job log.

Sauce (safari)

Testing web-platform-tests at revision ecb20b2
Using browser at version 10.0
Starting 10 test iterations
All results were stable

All results

2 tests ran
/WebCryptoAPI/wrapKey_unwrapKey/test_wrapKey_unwrapKey.https.html
Subtest Results Messages
OK
WebCryptoAPI: wrapKey() and unwrapKey() FAIL TypeError: undefined is not an object (evaluating 'subtle.generateKey')
/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey.worker.html
Subtest Results Messages
OK
Untitled FAIL TypeError: undefined is not an object (evaluating 'self.crypto.subtle')
@w3c-bots
Copy link

w3c-bots commented May 31, 2017

View the complete job log.

Chrome (unstable)

Testing web-platform-tests at revision ecb20b2

@w3c-bots
Copy link

w3c-bots commented May 31, 2017

View the complete job log.

Sauce (MicrosoftEdge)

Testing web-platform-tests at revision ecb20b2
Using browser at version 14.14393
Starting 10 test iterations

@alanwaketan
Copy link
Author

alanwaketan commented Jun 1, 2017

Thanks @jimsch for approving my PR. I am quite confused of what the check fail is. Do you know how should I proceed and fix that? Sorry for troubling you with this as this is my first PR to web-platform-tests.

@jimsch
Copy link
Contributor

jimsch commented Jun 1, 2017

You need to find out what failed in the firefox build. It may be that it always failed in the past but it could also be your changes.

@alanwaketan
Copy link
Author

alanwaketan commented Jun 1, 2017

Firefox fails as usual. Is that enough to merge this PR?

@sideshowbarker
Copy link
Member

sideshowbarker commented Jun 30, 2017

What is this waiting on?

@jimsch
Copy link
Contributor

jimsch commented Jun 30, 2017

@sideshowbarker I am unsure of what the correct procedure should be for this. It is still failing a test, but it is claimed that this is what it does before the changes. Given my position as that of an interested bystander who does not do anything at all with browsers, it is not clear to me that I really should be the one to merge such a change into the test suite.

@zcorpan
Copy link
Member

zcorpan commented Oct 1, 2018

@alanwaketan can you rebase this to rerun the bots?

@wpt-pr-bot wpt-pr-bot removed the request for review from engelke Oct 1, 2018
@foolip
Copy link
Member

foolip commented Dec 3, 2019

@alanwaketan if you rebase this and it then passes all the CI, I can merge it. Or you can, I've added you to the reviewers team so you have write access. Please see https://github.com/orgs/web-platform-tests/teams/reviewers/discussions for things you may have to do to avoid excessive GitHub email.

@stephenmcgruer
Copy link
Contributor

stephenmcgruer commented Jan 14, 2020

I rebased this in #21149 to see what would happen.

Safari overall improves in % of tests passed (https://wpt.fyi/results/WebCryptoAPI/wrapKey_unwrapKey?diff&filter=ADC&run_id=389460003&run_id=406580004), but there are three tests in test_wrapKey_unwrapKey.https.html that go from PASS -> FAIL.

There are no (easily extractable) Chrome/Firefox results because it fails the stability checks on both:

Chrome:

 0:59.42 INFO ## Unstable results ##
 0:59.42 INFO |                                  Test                                 |                                         Subtest                                          |            Results            | Messages |
 0:59.42 INFO |-----------------------------------------------------------------------|------------------------------------------------------------------------------------------|-------------------------------|----------|
 0:59.42 INFO | `/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey.https.worker.html` | `Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-KW`                    | **PASS: 1/10, MISSING: 9/10** |          |
 0:59.42 INFO | `/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey.https.worker.html` | `Can wrap and unwrap RSA-PSS private key keys as non-extractable using pkcs8 and AES-KW` | **PASS: 1/10, MISSING: 9/10** |          |
 0:59.42 INFO 

Firefox:

11:33.69 INFO ## Unstable results ##
11:33.69 INFO |                                  Test                                 |                                         Subtest                                          |            Results            | Messages |
11:33.69 INFO |-----------------------------------------------------------------------|------------------------------------------------------------------------------------------|-------------------------------|----------|
11:33.69 INFO | `/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey.https.worker.html` | `Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-KW`                    | **PASS: 1/10, MISSING: 9/10** |          |
11:33.69 INFO | `/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey.https.worker.html` | `Can wrap and unwrap RSA-PSS private key keys as non-extractable using pkcs8 and AES-KW` | **PASS: 1/10, MISSING: 9/10** |          |
11:33.69 INFO 

I don't know if those are pre-existing flakes or not.

@stephenmcgruer
Copy link
Contributor

stephenmcgruer commented Jan 14, 2020

From #21149, @jimsch said:

As I read the spec now, it appears that there is a way to get bytes from the JWK in the specification. I think therefore that this is probably a dead change and should be closed.

@alanwaketan if you disagree, please feel free to re-open this PR to discuss :)

@sideshowbarker
Copy link
Member

sideshowbarker commented Jan 22, 2020

Reopening per #6102 (comment)

@alanwaketan
Copy link
Author

alanwaketan commented Jan 22, 2020

Also, from the spec:
"The key wrapping operations for some algorithms place constraints on the payload size. For example AES-KW requires the payload to be a multiple of 8 bytes in length and RSA-OAEP places a restriction on the length. For key formats that offer flexibility in serialization of a given key (for example JWK), implementations may choose to adapt the serialization to the constraints of the wrapping algorithm. This is why JSON.stringify is not normatively required, as otherwise it would prohibit implementations from introducing added padding."

For implementations that don't want to add padding to address the constraints of AES-KW. The operations may well fail. Therefore, excluding AES-KW in the test seems better.

@jimsch
Copy link
Contributor

jimsch commented Jan 22, 2020

I would agree that there is no guaranteed order of how the fields of a JWK are serialized. I don't understand why you believe that this matters. The output from the encryption process is hopefully going to be different in most cases for symmetric keys because of different IVs. It is going to be different for an RSA key because of the random bytes that are put into the padding.

@alanwaketan
Copy link
Author

alanwaketan commented Jan 22, 2020

@jimsch Sorry for leaving misleading comments. See my last comment, that's my reason to not include AES-KW in the wrapping/unwrapping tests.

@jimsch
Copy link
Contributor

jimsch commented Jan 22, 2020

But the test already has a check for the case of the exported key not being a multiple of 8 already.

@alanwaketan
Copy link
Author

alanwaketan commented Jan 22, 2020

But the test already has a check for the case of the exported key not being a multiple of 8 already.

I believe that check is for other binary output formats. Also, JWK doesn't have the field "byteLength".

@jimsch
Copy link
Contributor

jimsch commented Jan 22, 2020

so, instead adding a check for "JSON.stringify(exportedKey).length % 8 == 0" would be the same. The only issue would be if stringify is not used.

@alanwaketan
Copy link
Author

alanwaketan commented Jan 22, 2020

so, instead adding a check for "JSON.stringify(exportedKey).length % 8 == 0" would be the same. The only issue would be if stringify is not used.

I'm fine with that as WebKit uses stringify.

@jimsch
Copy link
Contributor

jimsch commented Jan 22, 2020

Go ahead and mke the change and I will approve that.

@alanwaketan alanwaketan force-pushed the alanwaketan:WebCryptoAPI_wrapKey_unwrapKey branch from 2c7cc34 to 7306f19 Jan 23, 2020
@jimsch
Copy link
Contributor

jimsch commented Jan 23, 2020

@sideshowbarker - I don't know how to check if the failures are because of this change. The only thing that should have changed is that a set of tests are no longer run. The specification allows for the removed tests to be successful if a custom JSON to string function is used, but I do not know of any way to check this.

@sideshowbarker
Copy link
Member

sideshowbarker commented Jan 23, 2020

@sideshowbarker - I don't know how to check if the failures are because of this change

I'll check and then post a comment after I've looked into it

@sideshowbarker
Copy link
Member

sideshowbarker commented Jan 23, 2020

OK, looking at the Taskcluster log, it seems there’s an actual problem in the test that was touched in this change (rather than, say, some unrelated failures elsewhere). Specifically, I see the failure seems to be due to a test that has accurately been identified as flaky — with both Firefox and Chrome:

https://community-tc.services.mozilla.com/tasks/IAKREmxISs-1xPaQHbU6BA/runs/0/logs/https%3A%2F%2Fcommunity-tc.services.mozilla.com%2Fapi%2Fqueue%2Fv1%2Ftask%2FIAKREmxISs-1xPaQHbU6BA%2Fruns%2F0%2Fartifacts%2Fpublic%2Flogs%2Flive.log#1121

Chrome

 0:57.42 INFO ## Unstable results ##
 0:57.42 INFO |                                 Test                                |                                          Subtest                                          |            Results            | Messages |
 0:57.42 INFO |---------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-------------------------------|----------|
 0:57.42 INFO | `/WebCryptoAPI/wrapKey_unwrapKey/test_wrapKey_unwrapKey.https.html` | `Can wrap and unwrap RSA-OAEP private key keys using pkcs8 and AES-KW`                    | **PASS: 1/10, MISSING: 9/10** |          |
 0:57.42 INFO | `/WebCryptoAPI/wrapKey_unwrapKey/test_wrapKey_unwrapKey.https.html` | `Can wrap and unwrap RSA-OAEP private key keys as non-extractable using pkcs8 and AES-KW` | **PASS: 1/10, MISSING: 9/10** |          |
 0:57.42 INFO 
 0:57.42 INFO ::: Running tests in a loop 10 times : FAIL
 0:57.42 INFO :::
 0:57.42 ERROR ::: Test verification FAIL

Chrome

https://community-tc.services.mozilla.com/tasks/J9j5RWrJSritXyEQVV7hWA/runs/0/logs/https%3A%2F%2Fcommunity-tc.services.mozilla.com%2Fapi%2Fqueue%2Fv1%2Ftask%2FJ9j5RWrJSritXyEQVV7hWA%2Fruns%2F0%2Fartifacts%2Fpublic%2Flogs%2Flive.log#L122816### Firefox

11:40.93 INFO ## Unstable results ##
11:40.93 INFO |                                  Test                                 |                                          Subtest                                          |            Results            | Messages |
11:40.93 INFO |-----------------------------------------------------------------------|-------------------------------------------------------------------------------------------|-------------------------------|----------|
11:40.93 INFO | `/WebCryptoAPI/wrapKey_unwrapKey/test_wrapKey_unwrapKey.https.html`   | `Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-KW`                     | **PASS: 1/10, MISSING: 9/10** |          |
11:40.93 INFO | `/WebCryptoAPI/wrapKey_unwrapKey/test_wrapKey_unwrapKey.https.html`   | `Can wrap and unwrap RSA-PSS private key keys as non-extractable using pkcs8 and AES-KW`  | **PASS: 1/10, MISSING: 9/10** |          |
11:40.93 INFO | `/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey.https.worker.html` | `Can wrap and unwrap RSA-OAEP private key keys using pkcs8 and AES-KW`                    | **PASS: 1/10, MISSING: 9/10** |          |
11:40.93 INFO | `/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey.https.worker.html` | `Can wrap and unwrap RSA-OAEP private key keys as non-extractable using pkcs8 and AES-KW` | **PASS: 1/10, MISSING: 9/10** |          |
11:40.93 INFO 
11:40.93 INFO ::: Running tests in a loop 10 times : FAIL
11:40.93 INFO :::
11:40.93 ERROR ::: Test verification FAIL

Now, I don’t know whether that test was already flaky before the change in this PR — but, regardless, I think the flakiness needs to be investigated and resolved before this can be merged.

@sideshowbarker
Copy link
Member

sideshowbarker commented Jan 23, 2020

The only thing that should have changed is that a set of tests are no longer run.

When I look at the actual patch, I see what was added is this:

if ("kty" in exportedKey && algorithmName === "AES-KW") {
return JSON.stringify(exportedKey).length % 8 == 0;
}

…so when you say, “The only thing that should have changed is that a set of tests are no longer run”, I guess you mean that change adds an early return that has the effect of causing some tests to be run that would be run otherwise if that early return weren’t there?

@sideshowbarker
Copy link
Member

sideshowbarker commented Jan 23, 2020

Now, I don’t know whether that test was already flaky before the change in this PR — but, regardless, I think the flakiness needs to be investigated and resolved before this can be merged.

I’ve zero specific domain knowledge about the underlying functionality here, but looking at this:

if ("kty" in exportedKey && algorithmName === "AES-KW") {
return JSON.stringify(exportedKey).length % 8 == 0;
}

…it doesn’t at all look to me at least that part would be a potential cause for flakiness, so I suspect the test was already flaky prior to the change in this PR…

@alanwaketan
Copy link
Author

alanwaketan commented Jan 24, 2020

…it doesn’t at all look to me at least that part would be a potential cause for flakiness, so I suspect the test was already flaky prior to the change in this PR…

The test is flaky without my change. I thought my change will improve its stability. Anyway, I think we should land my change and not wait another 3 years. Then if we have time, we should make another attempt to improve the test.

@sideshowbarker
Copy link
Member

sideshowbarker commented Jan 24, 2020

OK, merging per #6102 (comment)

@sideshowbarker sideshowbarker merged commit fbc8a58 into web-platform-tests:master Jan 24, 2020
9 of 10 checks passed
9 of 10 checks passed
Community-TC (pull_request) TaskGroup: failure
Details
wpt.fyi - safari[experimental] Safari results
Details
Azure Pipelines Build #20200123.7 succeeded
Details
Azure Pipelines (./wpt test-jobs) ./wpt test-jobs succeeded
Details
Azure Pipelines (affected tests without changes: Safari Technology Preview) affected tests without changes: Safari Technology Preview succeeded
Details
Azure Pipelines (affected tests: Safari Technology Preview) affected tests: Safari Technology Preview succeeded
Details
Azure Pipelines (wpt.fyi hook: safari-preview-affected-tests) wpt.fyi hook: safari-preview-affected-tests succeeded
Details
Azure Pipelines (wpt.fyi hook: safari-preview-affected-tests-without-changes) wpt.fyi hook: safari-preview-affected-tests-without-changes succeeded
Details
wpt.fyi - chrome[experimental] Chrome results
Details
wpt.fyi - firefox[experimental] Firefox results
Details
@alanwaketan
Copy link
Author

alanwaketan commented Jan 24, 2020

Thank you all! @jimsch @sideshowbarker

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

8 participants
You can’t perform that action at this time.