Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / components / test / data / webcrypto / ecdh.json
blob8b8406cb648210d79133b167891958bf7501cea3
1 // TODO(eroman): Use known test vectors. The samples I used here I generated myself.
3   // Test key derivation using ECDH (P-256), using a public and private key from
4   // different key pairs.
5   {
6     "public_key": {
7       "crv": "P-256",
8       "kty":"EC",
9       "x":"u6dWhaRHrvFF0CiFVuUUFafU6ixveQf9trHDXJ8hgV8",
10       "y":"thSm4LIY35vDD-5LE454eB7TShn919DVVGZ_7tWdjTE"
11     },
13     "private_key": {
14       "kty":"EC",
15       "crv":"P-256",
16       "d":"uN2YSQvxuxhQQ9Y1XXjYi1vr2ZTdzuoDX18PYu4LU-0",
17       "x":"S2S3tjygMB0DkM-N9jYUgGLt_9_H6km5P9V6V_KS4_4",
18       "y":"03j8Tyqgrc4R4FAUV2C7-im96yMmfmO_5Om6Kr8YP3o"
19     },
21     // This is the maximum length for P-256.
22     "length_bits": 256,
23     "derived_bytes": "163FAA3FC4815D47345C8E959F707B2F1D3537E7B2EA1DAEC23CA8D0A242CFF3"
24   },
26   // Same as the test above, but in reverse (choosing public/private from the
27   // opposite keypair).
28   {
29     "private_key": {
30       "kty":"EC",
31       "crv":"P-256",
32       "x":"u6dWhaRHrvFF0CiFVuUUFafU6ixveQf9trHDXJ8hgV8",
33       "y":"thSm4LIY35vDD-5LE454eB7TShn919DVVGZ_7tWdjTE",
34       "d":"CQ8uF_-zB1NftLO6ytwKM3Cnuol64PQw5qOuCzQJeFU"
35     },
36     "public_key": {
37       "kty":"EC",
38       "crv":"P-256",
39       "x":"S2S3tjygMB0DkM-N9jYUgGLt_9_H6km5P9V6V_KS4_4",
40       "y":"03j8Tyqgrc4R4FAUV2C7-im96yMmfmO_5Om6Kr8YP3o"
41     },
43     // This is the maximum length for P-256.
44     "length_bits": 256,
45     "derived_bytes": "163FAA3FC4815D47345C8E959F707B2F1D3537E7B2EA1DAEC23CA8D0A242CFF3"
46   },
48   // This is the same test as above, however the length is 2 bytes shorter.
49   {
50     "private_key": {
51       "kty":"EC",
52       "crv":"P-256",
53       "x":"u6dWhaRHrvFF0CiFVuUUFafU6ixveQf9trHDXJ8hgV8",
54       "y":"thSm4LIY35vDD-5LE454eB7TShn919DVVGZ_7tWdjTE",
55       "d":"CQ8uF_-zB1NftLO6ytwKM3Cnuol64PQw5qOuCzQJeFU"
56     },
57     "public_key": {
58       "kty":"EC",
59       "crv":"P-256",
60       "x":"S2S3tjygMB0DkM-N9jYUgGLt_9_H6km5P9V6V_KS4_4",
61       "y":"03j8Tyqgrc4R4FAUV2C7-im96yMmfmO_5Om6Kr8YP3o"
62     },
64     // This is the maximum length for P-256.
65     "length_bits": 240,
66     "derived_bytes": "163FAA3FC4815D47345C8E959F707B2F1D3537E7B2EA1DAEC23CA8D0A242"
67   },
69   // Try deriving zero bits.
70   {
71     "private_key": {
72       "kty":"EC",
73       "crv":"P-256",
74       "x":"u6dWhaRHrvFF0CiFVuUUFafU6ixveQf9trHDXJ8hgV8",
75       "y":"thSm4LIY35vDD-5LE454eB7TShn919DVVGZ_7tWdjTE",
76       "d":"CQ8uF_-zB1NftLO6ytwKM3Cnuol64PQw5qOuCzQJeFU"
77     },
78     "public_key": {
79       "kty":"EC",
80       "crv":"P-256",
81       "x":"S2S3tjygMB0DkM-N9jYUgGLt_9_H6km5P9V6V_KS4_4",
82       "y":"03j8Tyqgrc4R4FAUV2C7-im96yMmfmO_5Om6Kr8YP3o"
83     },
85     "length_bits": 0,
86     "derived_bytes": ""
87   },
89   // Try deriving a single bit.
90   // Note that the full byte would be 0x16, however the remaining bits in the
91   // byte will be zero-ed.
92   {
93     "private_key": {
94       "kty":"EC",
95       "crv":"P-256",
96       "x":"u6dWhaRHrvFF0CiFVuUUFafU6ixveQf9trHDXJ8hgV8",
97       "y":"thSm4LIY35vDD-5LE454eB7TShn919DVVGZ_7tWdjTE",
98       "d":"CQ8uF_-zB1NftLO6ytwKM3Cnuol64PQw5qOuCzQJeFU"
99     },
100     "public_key": {
101       "kty":"EC",
102       "crv":"P-256",
103       "x":"S2S3tjygMB0DkM-N9jYUgGLt_9_H6km5P9V6V_KS4_4",
104       "y":"03j8Tyqgrc4R4FAUV2C7-im96yMmfmO_5Om6Kr8YP3o"
105     },
107     "length_bits": 1,
108     "derived_bytes": "00"
109   },
111   // This is the same as an earlier test, however 253 bits instead of 256.
112   // Notice how the last byte went from 0xF3 --> 0xF0, because the unused bits
113   // have been zeroed.
114   {
115     "private_key": {
116       "kty":"EC",
117       "crv":"P-256",
118       "x":"u6dWhaRHrvFF0CiFVuUUFafU6ixveQf9trHDXJ8hgV8",
119       "y":"thSm4LIY35vDD-5LE454eB7TShn919DVVGZ_7tWdjTE",
120       "d":"CQ8uF_-zB1NftLO6ytwKM3Cnuol64PQw5qOuCzQJeFU"
121     },
122     "public_key": {
123       "kty":"EC",
124       "crv":"P-256",
125       "x":"S2S3tjygMB0DkM-N9jYUgGLt_9_H6km5P9V6V_KS4_4",
126       "y":"03j8Tyqgrc4R4FAUV2C7-im96yMmfmO_5Om6Kr8YP3o"
127     },
129     "length_bits": 253,
130     "derived_bytes": "163FAA3FC4815D47345C8E959F707B2F1D3537E7B2EA1DAEC23CA8D0A242CFF0"
131   },
134   // A test using P-521.
135   {
136     "private_key": {
137       "crv":"P-521",
138       "d":"AI_Zu5xisuK-IIz85dTSoqaQSTxN1I88l05myJJ0ZYFMdQ2VmjFOIUTonKGG97yOGmikyid-6F48d7iI1zF6VRk7",
139       "kty":"EC",
140       "x":"ACw6DX7wqwHVO-JzyOet0B-r10YVLv5R5q_IfiWCzclg0u_x57NCtOcFCFpM2ZnS22tyYjZb0gBHGcgUE_I-h-6s",
141       "y":"Actm2tCHBPOKLZMpJV3DaVOluln9zBsE2I0g6iV73I4M-liqA1rLSJN8q-vcSQtZF0JvzwuvGkGuTbvT_DaRQ2pf"
142     },
144     "public_key": {
145       "crv":"P-521",
146       "kty":"EC",
147       "x":"ADRllQ0B7icrnJ7ib2r-CXvymGFiC_3f6_o0SzLMBIggM8ndQm9l768SToMy1hUo64JsofGSQ37P4CRqT_QeivBD",
148       "y":"ALKEzew1Xe4Sv86lZVqb2xxZ0l7WrE3DPJ93fUtSPih5iH8jg0GPDKMVoA5ffFmqPwbdgS2BK18PBFIT7QDGb2Zx"
149     },
151     "length_bits": 521,
152     "derived_bytes": "0117D54D84379D0FD385BE068455A77A5366AB534FF172AB0A121F37D180DCCD19607ABB0C41CB9F6F12B01303AC4A69DC2D1D05180181FD496D9769B46BFFEC3400",
153     "valid_p521_keys": true // Special variable use by ecdh_unittest.cc::LoadTestKeys
154   },
156   // Same as above but with the public/private switched.
157   {
158     "public_key": {
159       "crv":"P-521",
160       "kty":"EC",
161       "x":"ACw6DX7wqwHVO-JzyOet0B-r10YVLv5R5q_IfiWCzclg0u_x57NCtOcFCFpM2ZnS22tyYjZb0gBHGcgUE_I-h-6s",
162       "y":"Actm2tCHBPOKLZMpJV3DaVOluln9zBsE2I0g6iV73I4M-liqA1rLSJN8q-vcSQtZF0JvzwuvGkGuTbvT_DaRQ2pf"
163     },
165     "private_key": {
166       "crv":"P-521",
167       "kty":"EC",
168       "d":"AU3LVJK4dtlbOEFb018ry-D-kYF7J7oQxXLpXcnQXbTh42FORGGGtySTA83gT_GiHJ0tnvgVrDdUMK1muJBGPrRf",
169       "x":"ADRllQ0B7icrnJ7ib2r-CXvymGFiC_3f6_o0SzLMBIggM8ndQm9l768SToMy1hUo64JsofGSQ37P4CRqT_QeivBD",
170       "y":"ALKEzew1Xe4Sv86lZVqb2xxZ0l7WrE3DPJ93fUtSPih5iH8jg0GPDKMVoA5ffFmqPwbdgS2BK18PBFIT7QDGb2Zx"
171     },
173     "length_bits": 521,
174     "derived_bytes": "0117D54D84379D0FD385BE068455A77A5366AB534FF172AB0A121F37D180DCCD19607ABB0C41CB9F6F12B01303AC4A69DC2D1D05180181FD496D9769B46BFFEC3400"
175   },
177   {
178     "public_key": {
179       "crv":"P-521",
180       "kty":"EC",
181       "x":"ACw6DX7wqwHVO-JzyOet0B-r10YVLv5R5q_IfiWCzclg0u_x57NCtOcFCFpM2ZnS22tyYjZb0gBHGcgUE_I-h-6s",
182       "y":"Actm2tCHBPOKLZMpJV3DaVOluln9zBsE2I0g6iV73I4M-liqA1rLSJN8q-vcSQtZF0JvzwuvGkGuTbvT_DaRQ2pf"
183     },
185     "private_key": {
186       "crv":"P-521",
187       "kty":"EC",
188       "d":"AU3LVJK4dtlbOEFb018ry-D-kYF7J7oQxXLpXcnQXbTh42FORGGGtySTA83gT_GiHJ0tnvgVrDdUMK1muJBGPrRf",
189       "x":"ADRllQ0B7icrnJ7ib2r-CXvymGFiC_3f6_o0SzLMBIggM8ndQm9l768SToMy1hUo64JsofGSQ37P4CRqT_QeivBD",
190       "y":"ALKEzew1Xe4Sv86lZVqb2xxZ0l7WrE3DPJ93fUtSPih5iH8jg0GPDKMVoA5ffFmqPwbdgS2BK18PBFIT7QDGb2Zx"
191     },
193     "length_bits": 522,
194     "derived_bytes": "0117D54D84379D0FD385BE068455A77A5366AB534FF172AB0A121F37D180DCCD19607ABB0C41CB9F6F12B01303AC4A69DC2D1D05180181FD496D9769B46BFFEC3400"
195   },
197   // Ask for 528 bits using P-521, which is the rounded up byte length of the
198   // field size.
199   {
200     "public_key": {
201       "crv":"P-521",
202       "kty":"EC",
203       "x":"ACw6DX7wqwHVO-JzyOet0B-r10YVLv5R5q_IfiWCzclg0u_x57NCtOcFCFpM2ZnS22tyYjZb0gBHGcgUE_I-h-6s",
204       "y":"Actm2tCHBPOKLZMpJV3DaVOluln9zBsE2I0g6iV73I4M-liqA1rLSJN8q-vcSQtZF0JvzwuvGkGuTbvT_DaRQ2pf"
205     },
207     "private_key": {
208       "crv":"P-521",
209       "kty":"EC",
210       "d":"AU3LVJK4dtlbOEFb018ry-D-kYF7J7oQxXLpXcnQXbTh42FORGGGtySTA83gT_GiHJ0tnvgVrDdUMK1muJBGPrRf",
211       "x":"ADRllQ0B7icrnJ7ib2r-CXvymGFiC_3f6_o0SzLMBIggM8ndQm9l768SToMy1hUo64JsofGSQ37P4CRqT_QeivBD",
212       "y":"ALKEzew1Xe4Sv86lZVqb2xxZ0l7WrE3DPJ93fUtSPih5iH8jg0GPDKMVoA5ffFmqPwbdgS2BK18PBFIT7QDGb2Zx"
213     },
215     "length_bits": 528,
216     "derived_bytes": "0117D54D84379D0FD385BE068455A77A5366AB534FF172AB0A121F37D180DCCD19607ABB0C41CB9F6F12B01303AC4A69DC2D1D05180181FD496D9769B46BFFEC3425"
217   },
219   // The first 7 bits for P-521 will always be zero.
220   {
221     "public_key": {
222       "crv":"P-521",
223       "kty":"EC",
224       "x":"ACw6DX7wqwHVO-JzyOet0B-r10YVLv5R5q_IfiWCzclg0u_x57NCtOcFCFpM2ZnS22tyYjZb0gBHGcgUE_I-h-6s",
225       "y":"Actm2tCHBPOKLZMpJV3DaVOluln9zBsE2I0g6iV73I4M-liqA1rLSJN8q-vcSQtZF0JvzwuvGkGuTbvT_DaRQ2pf"
226     },
228     "private_key": {
229       "crv":"P-521",
230       "kty":"EC",
231       "d":"AU3LVJK4dtlbOEFb018ry-D-kYF7J7oQxXLpXcnQXbTh42FORGGGtySTA83gT_GiHJ0tnvgVrDdUMK1muJBGPrRf",
232       "x":"ADRllQ0B7icrnJ7ib2r-CXvymGFiC_3f6_o0SzLMBIggM8ndQm9l768SToMy1hUo64JsofGSQ37P4CRqT_QeivBD",
233       "y":"ALKEzew1Xe4Sv86lZVqb2xxZ0l7WrE3DPJ93fUtSPih5iH8jg0GPDKMVoA5ffFmqPwbdgS2BK18PBFIT7QDGb2Zx"
234     },
236     "length_bits": 7,
237     "derived_bytes": "00"
238   },
240   // Using different key pairs, verify again that the first 7 bits are zero.
241   {
242     "public_key": {
243       "crv":"P-521",
244       "kty":"EC",
245       "x":"ACw6DX7wqwHVO-JzyOet0B-r10YVLv5R5q_IfiWCzclg0u_x57NCtOcFCFpM2ZnS22tyYjZb0gBHGcgUE_I-h-6s",
246       "y":"Actm2tCHBPOKLZMpJV3DaVOluln9zBsE2I0g6iV73I4M-liqA1rLSJN8q-vcSQtZF0JvzwuvGkGuTbvT_DaRQ2pf"
247     },
249     "private_key": {
250       "kty": "EC",
251       "crv": "P-521",
252       "d": "Ab1WvRBhGO2iRhVb1DtCuOE_Cm4l3TuzdgJvq03JK2FXvG3-wtFd09DPKjmqaElAQq9IupYBEY2oLG8hCKOiA610",
253       "x": "AS-8rv-mpR8-5NPStRxd7G18cmyjU_wBTqK_fPu5uRDTLL-moA_jm2zbiUbyJ3U5iy4jPAzxRNeMindCtceju10j",
254       "y": "AJze-CPde_mnnozOrNLkUnwjHQrllnrwlY6THX3czygFo-YY3DA5_sn-u9MwUv5MD-6Y8DMQYGSYLYj04DVJ1KZN"
255     },
257     "length_bits": 7,
258     "derived_bytes": "00"
259   },
261   // Same as an earlier test, however the public key specifies the extraneous
262   // {"use": "sig"}. This doesn't make sense for ECDH; however, it is allowed
263   // by the implementation. This is not spec compliant, see:
264   // https://www.w3.org/Bugs/Public/show_bug.cgi?id=27601
265   {
266     "private_key": {
267       "kty":"EC",
268       "crv":"P-256",
269       "x":"u6dWhaRHrvFF0CiFVuUUFafU6ixveQf9trHDXJ8hgV8",
270       "y":"thSm4LIY35vDD-5LE454eB7TShn919DVVGZ_7tWdjTE",
271       "d":"CQ8uF_-zB1NftLO6ytwKM3Cnuol64PQw5qOuCzQJeFU"
272     },
273     "public_key": {
274       "kty":"EC",
275       "crv":"P-256",
276       "x":"S2S3tjygMB0DkM-N9jYUgGLt_9_H6km5P9V6V_KS4_4",
277       "y":"03j8Tyqgrc4R4FAUV2C7-im96yMmfmO_5Om6Kr8YP3o",
278       "use": "sig"
279     },
281     "length_bits": 0,
282     "derived_bytes": ""
283   },
285   // Same test as above, but instead of "use" it uses "key_ops" with bogus
286   // values for ECDH
287   {
288     "private_key": {
289       "kty":"EC",
290       "crv":"P-256",
291       "x":"u6dWhaRHrvFF0CiFVuUUFafU6ixveQf9trHDXJ8hgV8",
292       "y":"thSm4LIY35vDD-5LE454eB7TShn919DVVGZ_7tWdjTE",
293       "d":"CQ8uF_-zB1NftLO6ytwKM3Cnuol64PQw5qOuCzQJeFU"
294     },
295     "public_key": {
296       "kty":"EC",
297       "crv":"P-256",
298       "x":"S2S3tjygMB0DkM-N9jYUgGLt_9_H6km5P9V6V_KS4_4",
299       "y":"03j8Tyqgrc4R4FAUV2C7-im96yMmfmO_5Om6Kr8YP3o",
300       "key_ops": ["encrypt", "decrypt"]
301     },
303     "length_bits": 0,
304     "derived_bytes": ""
305   },
307   // -----------------------------------------
308   // Errors
309   // -----------------------------------------
311   // The length is too long, by 1 bit
312   {
313     "private_key": {
314       "kty":"EC",
315       "crv":"P-256",
316       "x":"u6dWhaRHrvFF0CiFVuUUFafU6ixveQf9trHDXJ8hgV8",
317       "y":"thSm4LIY35vDD-5LE454eB7TShn919DVVGZ_7tWdjTE",
318       "d":"CQ8uF_-zB1NftLO6ytwKM3Cnuol64PQw5qOuCzQJeFU"
319     },
320     "public_key": {
321       "kty":"EC",
322       "crv":"P-256",
323       "x":"S2S3tjygMB0DkM-N9jYUgGLt_9_H6km5P9V6V_KS4_4",
324       "y":"03j8Tyqgrc4R4FAUV2C7-im96yMmfmO_5Om6Kr8YP3o"
325     },
327     "length_bits": 257,
328     "error": "OperationError: Length specified for ECDH key derivation is too large. Maximum allowed is 256 bits"
329   },
331   // The length is too long, by 1 byte
332   {
333     "private_key": {
334       "kty":"EC",
335       "crv":"P-256",
336       "x":"u6dWhaRHrvFF0CiFVuUUFafU6ixveQf9trHDXJ8hgV8",
337       "y":"thSm4LIY35vDD-5LE454eB7TShn919DVVGZ_7tWdjTE",
338       "d":"CQ8uF_-zB1NftLO6ytwKM3Cnuol64PQw5qOuCzQJeFU"
339     },
340     "public_key": {
341       "kty":"EC",
342       "crv":"P-256",
343       "x":"S2S3tjygMB0DkM-N9jYUgGLt_9_H6km5P9V6V_KS4_4",
344       "y":"03j8Tyqgrc4R4FAUV2C7-im96yMmfmO_5Om6Kr8YP3o"
345     },
347     "length_bits": 264,
348     "error": "OperationError: Length specified for ECDH key derivation is too large. Maximum allowed is 256 bits"
349   },
351   // Curve mismatch (public key is for P-521 however private key was for P-256).
352   {
353     "private_key": {
354       "kty":"EC",
355       "crv":"P-256",
356       "x":"u6dWhaRHrvFF0CiFVuUUFafU6ixveQf9trHDXJ8hgV8",
357       "y":"thSm4LIY35vDD-5LE454eB7TShn919DVVGZ_7tWdjTE",
358       "d":"CQ8uF_-zB1NftLO6ytwKM3Cnuol64PQw5qOuCzQJeFU"
359     },
361     "public_key": {
362       "crv":"P-521",
363       "kty":"EC",
364       "x":"ACw6DX7wqwHVO-JzyOet0B-r10YVLv5R5q_IfiWCzclg0u_x57NCtOcFCFpM2ZnS22tyYjZb0gBHGcgUE_I-h-6s",
365       "y":"Actm2tCHBPOKLZMpJV3DaVOluln9zBsE2I0g6iV73I4M-liqA1rLSJN8q-vcSQtZF0JvzwuvGkGuTbvT_DaRQ2pf"
366     },
368     "length_bits": 256,
369     "error": "InvalidAccess: The public parameter for ECDH key derivation is for a different named curve"
370   },
372   // Ask for 529 bits using P-521, which is too much.
373   {
374     "public_key": {
375       "crv":"P-521",
376       "kty":"EC",
377       "x":"ACw6DX7wqwHVO-JzyOet0B-r10YVLv5R5q_IfiWCzclg0u_x57NCtOcFCFpM2ZnS22tyYjZb0gBHGcgUE_I-h-6s",
378       "y":"Actm2tCHBPOKLZMpJV3DaVOluln9zBsE2I0g6iV73I4M-liqA1rLSJN8q-vcSQtZF0JvzwuvGkGuTbvT_DaRQ2pf"
379     },
381     "private_key": {
382       "crv":"P-521",
383       "kty":"EC",
384       "d":"AU3LVJK4dtlbOEFb018ry-D-kYF7J7oQxXLpXcnQXbTh42FORGGGtySTA83gT_GiHJ0tnvgVrDdUMK1muJBGPrRf",
385       "x":"ADRllQ0B7icrnJ7ib2r-CXvymGFiC_3f6_o0SzLMBIggM8ndQm9l768SToMy1hUo64JsofGSQ37P4CRqT_QeivBD",
386       "y":"ALKEzew1Xe4Sv86lZVqb2xxZ0l7WrE3DPJ93fUtSPih5iH8jg0GPDKMVoA5ffFmqPwbdgS2BK18PBFIT7QDGb2Zx"
387     },
389     "length_bits": 529,
390     "error": "OperationError: Length specified for ECDH key derivation is too large. Maximum allowed is 528 bits"
391   },
393   // The JWK has wrong usages (enc)
394   {
395     "public_key": {
396       "crv": "P-256",
397       "kty":"EC",
398       "x":"u6dWhaRHrvFF0CiFVuUUFafU6ixveQf9trHDXJ8hgV8",
399       "y":"thSm4LIY35vDD-5LE454eB7TShn919DVVGZ_7tWdjTE"
400     },
402     "private_key": {
403       "kty":"EC",
404       "crv":"P-256",
405       "d":"uN2YSQvxuxhQQ9Y1XXjYi1vr2ZTdzuoDX18PYu4LU-0",
406       "x":"S2S3tjygMB0DkM-N9jYUgGLt_9_H6km5P9V6V_KS4_4",
407       "y":"03j8Tyqgrc4R4FAUV2C7-im96yMmfmO_5Om6Kr8YP3o",
408       "use": "enc"
409     },
411     "private_key_error": "DataError: The JWK \"use\" member was inconsistent with that specified by the Web Crypto call. The JWK usage must be a superset of those requested"
412   }