- From: Eric Roman <ericroman@google.com>
- Date: Thu, 2 Jun 2016 12:02:41 -0700
- To: Charles Engelke <w3c@engelke.com>
- Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <CAFswn4kxmYD4-60403iFf4QypPS5vAj2zDD4zOs9eQb_JDvqPg@mail.gmail.com>
This approach SGTM. On Thu, Jun 2, 2016 at 11:56 AM, Charles Engelke <w3c@engelke.com> wrote: > Thanks for both suggestions. Unless I hear objections, I'm going to go > with testing via roundtripping in the browser, plus the extra checks > Eric has mentioned. That avoid opening a whole can of worms with > external programs or trying to compile OpenSSL into JavaScript. > > I'll also be writing decrypt tests, which won't have this kind of > problem. That will help assure that roundtripping is a valid way to > check. > > Charlie > > On Thu, Jun 2, 2016 at 2:47 PM, Eric Roman <ericroman@google.com> wrote: > > On Thu, Jun 2, 2016 at 10:44 AM, Charles Engelke <w3c@engelke.com> > wrote: > >> > >> I think I'm done testing encrypt for the various AES modes, and just > >> have RSA-OAEP to go. But I'm running into a problem: RSA-OAEP injects > >> randomness when encrypting, so the only way to check that encryption > >> worked is to see if the result can be decrypted. > >> > >> I see three options: > >> > >> - assume that if encrypt doesn't throw and exception, it passes > >> > >> - check the result of encrypt by using subtleCrypto decrypt to see if > >> you get the same plaintext back (note that decrypt can be tested with > >> sample ciphertext so we can tell if it's working separately) > > > > > > I think this second option of round-tripping through decrypt is > reasonable. > > > > We should also do some basic checks on the "shape" of the ciphertext -- > > namely verify its length, and that repeated encryptions yield randomized > > ciphertext. > > > >> > >> - check the result of encrypt by using an external program to decrypt > its > >> result > >> > >> The third option seems to be the best in a perfect world. But it would > >> require the test framework to have an external program that can do > > > > > > If you choose to go this route, you can compile a C implementation used > for > > verification (say OpenSSL) down to Javascript using emsripten, and then > call > > into that as part of the javascript test. > > > > That said, I think the simplicity of roundtrip testing above is a good > place > > to start. > > > > The interesting compatibility cases are surely going to lie in failure > > cases, not success cases, hence focusing attention there will yield more > > fruit IMO, and keep the framework simpler. > > > > For instance with OAEP encryption there is interesting interaction > between > > the key size, message size, and hash size to test. > > > >> RSA-OAEP decryption with all the options subtleCrypto is supposed to > >> to have: any of the four supported hash functions, and with and > >> without the optional label. OpenSSL, for example, seems to only > >> support SHA-1 and no label. > >> > >> > >> I'd appreciate any suggestions on how to proceed (and would also > >> appreciate pointers on how to extend the framework to use an external > >> program if that's the needed solution). > >> > >> Thanks, > >> > >> Charlie > >> > > >
Received on Thursday, 2 June 2016 19:03:10 UTC