From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 19 Apr 2024 02:47:55 +0200
Subject: Adding upstream version 124.0.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../tests/WebCryptoAPI/encrypt_decrypt/aes.js      | 325 ++++++++++++++++++
 .../encrypt_decrypt/aes_cbc.https.any.js           |   6 +
 .../encrypt_decrypt/aes_cbc_vectors.js             | 261 ++++++++++++++
 .../encrypt_decrypt/aes_ctr.https.any.js           |   6 +
 .../encrypt_decrypt/aes_ctr_vectors.js             | 123 +++++++
 .../encrypt_decrypt/aes_gcm.https.any.js           |   7 +
 .../encrypt_decrypt/aes_gcm_256_iv.https.any.js    |   7 +
 .../encrypt_decrypt/aes_gcm_256_iv_fixtures.js     | 210 ++++++++++++
 .../encrypt_decrypt/aes_gcm_96_iv_fixtures.js      | 209 ++++++++++++
 .../encrypt_decrypt/aes_gcm_vectors.js             |  76 +++++
 .../tests/WebCryptoAPI/encrypt_decrypt/rsa.js      | 378 +++++++++++++++++++++
 .../encrypt_decrypt/rsa_oaep.https.any.js          |   6 +
 .../WebCryptoAPI/encrypt_decrypt/rsa_vectors.js    | 204 +++++++++++
 13 files changed, 1818 insertions(+)
 create mode 100644 testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes.js
 create mode 100644 testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_cbc.https.any.js
 create mode 100644 testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_cbc_vectors.js
 create mode 100644 testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_ctr.https.any.js
 create mode 100644 testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_ctr_vectors.js
 create mode 100644 testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm.https.any.js
 create mode 100644 testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm_256_iv.https.any.js
 create mode 100644 testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm_256_iv_fixtures.js
 create mode 100644 testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm_96_iv_fixtures.js
 create mode 100644 testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm_vectors.js
 create mode 100644 testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/rsa.js
 create mode 100644 testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/rsa_oaep.https.any.js
 create mode 100644 testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/rsa_vectors.js

(limited to 'testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt')

diff --git a/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes.js b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes.js
new file mode 100644
index 0000000000..fdeb7963f7
--- /dev/null
+++ b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes.js
@@ -0,0 +1,325 @@
+
+function run_test() {
+    var subtle = self.crypto.subtle; // Change to test prefixed implementations
+
+    // When are all these tests really done? When all the promises they use have resolved.
+    var all_promises = [];
+
+    // Source file aes_XXX_vectors.js provides the getTestVectors method
+    // for the AES-XXX algorithm that drives these tests.
+    var vectors = getTestVectors();
+    var passingVectors = vectors.passing;
+    var failingVectors = vectors.failing;
+    var decryptionFailingVectors = vectors.decryptionFailing;
+
+    // Check for successful encryption.
+    passingVectors.forEach(function(vector) {
+        var promise = importVectorKey(vector, ["encrypt", "decrypt"])
+        .then(function(vector) {
+            promise_test(function(test) {
+                return subtle.encrypt(vector.algorithm, vector.key, vector.plaintext)
+                .then(function(result) {
+                    assert_true(equalBuffers(result, vector.result), "Should return expected result");
+                }, function(err) {
+                    assert_unreached("encrypt error for test " + vector.name + ": " + err.message);
+                });
+            }, vector.name);
+        }, function(err) {
+            // We need a failed test if the importVectorKey operation fails, so
+            // we know we never tested encryption
+            promise_test(function(test) {
+                assert_unreached("importKey failed for " + vector.name);
+            }, "importKey step: " + vector.name);
+        });
+
+        all_promises.push(promise);
+    });
+
+    // Check for successful encryption even if the buffer is changed after calling encrypt.
+    passingVectors.forEach(function(vector) {
+        var plaintext = copyBuffer(vector.plaintext);
+        var promise = importVectorKey(vector, ["encrypt", "decrypt"])
+        .then(function(vector) {
+            promise_test(function(test) {
+                var operation = subtle.encrypt(vector.algorithm, vector.key, plaintext)
+                .then(function(result) {
+                    assert_true(equalBuffers(result, vector.result), "Should return expected result");
+                }, function(err) {
+                    assert_unreached("encrypt error for test " + vector.name + ": " + err.message);
+                });
+                plaintext[0] = 255 - plaintext[0];
+                return operation;
+            }, vector.name + " with altered plaintext");
+        }, function(err) {
+            // We need a failed test if the importVectorKey operation fails, so
+            // we know we never tested encryption
+            promise_test(function(test) {
+                assert_unreached("importKey failed for " + vector.name);
+            }, "importKey step: " + vector.name + " with altered plaintext");
+        });
+
+        all_promises.push(promise);
+    });
+
+    // Check for successful decryption.
+    passingVectors.forEach(function(vector) {
+        var promise = importVectorKey(vector, ["encrypt", "decrypt"])
+        .then(function(vector) {
+            promise_test(function(test) {
+                return subtle.decrypt(vector.algorithm, vector.key, vector.result)
+                .then(function(result) {
+                    assert_true(equalBuffers(result, vector.plaintext), "Should return expected result");
+                }, function(err) {
+                    assert_unreached("decrypt error for test " + vector.name + ": " + err.message);
+                });
+            }, vector.name + " decryption");
+        }, function(err) {
+            // We need a failed test if the importVectorKey operation fails, so
+            // we know we never tested encryption
+            promise_test(function(test) {
+                assert_unreached("importKey failed for " + vector.name);
+            }, "importKey step for decryption: " + vector.name);
+        });
+
+        all_promises.push(promise);
+    });
+
+    // Check for successful decryption even if ciphertext is altered.
+    passingVectors.forEach(function(vector) {
+        var ciphertext = copyBuffer(vector.result);
+        var promise = importVectorKey(vector, ["encrypt", "decrypt"])
+        .then(function(vector) {
+            promise_test(function(test) {
+                var operation = subtle.decrypt(vector.algorithm, vector.key, ciphertext)
+                .then(function(result) {
+                    assert_true(equalBuffers(result, vector.plaintext), "Should return expected result");
+                }, function(err) {
+                    assert_unreached("decrypt error for test " + vector.name + ": " + err.message);
+                });
+                ciphertext[0] = 255 - ciphertext[0];
+                return operation;
+            }, vector.name + " decryption with altered ciphertext");
+        }, function(err) {
+            // We need a failed test if the importVectorKey operation fails, so
+            // we know we never tested encryption
+            promise_test(function(test) {
+                assert_unreached("importKey failed for " + vector.name);
+            }, "importKey step for decryption: " + vector.name + " with altered ciphertext");
+        });
+
+        all_promises.push(promise);
+    });
+
+    // Everything that succeeded should fail if no "encrypt" usage.
+    passingVectors.forEach(function(vector) {
+        // Don't want to overwrite key being used for success tests!
+        var badVector = Object.assign({}, vector);
+        badVector.key = null;
+
+        var promise = importVectorKey(badVector, ["decrypt"])
+        .then(function(vector) {
+            promise_test(function(test) {
+                return subtle.encrypt(vector.algorithm, vector.key, vector.plaintext)
+                .then(function(result) {
+                    assert_unreached("should have thrown exception for test " + vector.name);
+                }, function(err) {
+                    assert_equals(err.name, "InvalidAccessError", "Should throw an InvalidAccessError instead of " + err.message)
+                });
+            }, vector.name + " without encrypt usage");
+        }, function(err) {
+            // We need a failed test if the importVectorKey operation fails, so
+            // we know we never tested encryption
+            promise_test(function(test) {
+                assert_unreached("importKey failed for " + vector.name);
+            }, "importKey step: " + vector.name + " without encrypt usage");
+        });
+
+        all_promises.push(promise);
+    });
+
+    // Encryption should fail if algorithm of key doesn't match algorithm of function call.
+    passingVectors.forEach(function(vector) {
+        var algorithm = Object.assign({}, vector.algorithm);
+        if (algorithm.name === "AES-CBC") {
+            algorithm.name = "AES-CTR";
+            algorithm.counter = new Uint8Array(16);
+            algorithm.length = 64;
+        } else {
+            algorithm.name = "AES-CBC";
+            algorithm.iv = new Uint8Array(16); // Need syntactically valid parameter to get to error being checked.
+        }
+
+        var promise = importVectorKey(vector, ["encrypt", "decrypt"])
+        .then(function(vector) {
+            promise_test(function(test) {
+                return subtle.encrypt(algorithm, vector.key, vector.plaintext)
+                .then(function(result) {
+                    assert_unreached("encrypt succeeded despite mismatch " + vector.name + ": " + err.message);
+                }, function(err) {
+                    assert_equals(err.name, "InvalidAccessError", "Mismatch should cause InvalidAccessError instead of " + err.message);
+                });
+            }, vector.name + " with mismatched key and algorithm");
+        }, function(err) {
+            // We need a failed test if the importVectorKey operation fails, so
+            // we know we never tested encryption
+            promise_test(function(test) {
+                assert_unreached("importKey failed for " + vector.name);
+            }, "importKey step: " + vector.name + " with mismatched key and algorithm");
+        });
+
+        all_promises.push(promise);
+    });
+
+    // Everything that succeeded decrypting should fail if no "decrypt" usage.
+    passingVectors.forEach(function(vector) {
+        // Don't want to overwrite key being used for success tests!
+        var badVector = Object.assign({}, vector);
+        badVector.key = null;
+
+        var promise = importVectorKey(badVector, ["encrypt"])
+        .then(function(vector) {
+            promise_test(function(test) {
+                return subtle.decrypt(vector.algorithm, vector.key, vector.result)
+                .then(function(result) {
+                    assert_unreached("should have thrown exception for test " + vector.name);
+                }, function(err) {
+                    assert_equals(err.name, "InvalidAccessError", "Should throw an InvalidAccessError instead of " + err.message)
+                });
+            }, vector.name + " without decrypt usage");
+        }, function(err) {
+            // We need a failed test if the importVectorKey operation fails, so
+            // we know we never tested encryption
+            promise_test(function(test) {
+                assert_unreached("importKey failed for " + vector.name);
+            }, "importKey step: " + vector.name + " without decrypt usage");
+        });
+
+        all_promises.push(promise);
+    });
+
+    // Check for OperationError due to data lengths.
+    failingVectors.forEach(function(vector) {
+        var promise = importVectorKey(vector, ["encrypt", "decrypt"])
+        .then(function(vector) {
+            promise_test(function(test) {
+                return subtle.encrypt(vector.algorithm, vector.key, vector.plaintext)
+                .then(function(result) {
+                    assert_unreached("should have thrown exception for test " + vector.name);
+                }, function(err) {
+                    assert_equals(err.name, "OperationError", "Should throw an OperationError instead of " + err.message)
+                });
+            }, vector.name);
+        }, function(err) {
+            // We need a failed test if the importVectorKey operation fails, so
+            // we know we never tested encryption
+            promise_test(function(test) {
+                assert_unreached("importKey failed for " + vector.name);
+            }, "importKey step: " + vector.name);
+        });
+
+        all_promises.push(promise);
+    });
+
+    // Check for OperationError due to data lengths for decryption, too.
+    failingVectors.forEach(function(vector) {
+        var promise = importVectorKey(vector, ["encrypt", "decrypt"])
+        .then(function(vector) {
+            promise_test(function(test) {
+                return subtle.decrypt(vector.algorithm, vector.key, vector.result)
+                .then(function(result) {
+                    assert_unreached("should have thrown exception for test " + vector.name);
+                }, function(err) {
+                    assert_equals(err.name, "OperationError", "Should throw an OperationError instead of " + err.message)
+                });
+            }, vector.name + " decryption");
+        }, function(err) {
+            // We need a failed test if the importVectorKey operation fails, so
+            // we know we never tested encryption
+            promise_test(function(test) {
+                assert_unreached("importKey failed for " + vector.name);
+            }, "importKey step: decryption " + vector.name);
+        });
+
+        all_promises.push(promise);
+    });
+
+    // Check for decryption failing for algorithm-specific reasons (such as bad
+    // padding for AES-CBC).
+    decryptionFailingVectors.forEach(function(vector) {
+        var promise = importVectorKey(vector, ["encrypt", "decrypt"])
+        .then(function(vector) {
+            promise_test(function(test) {
+                return subtle.decrypt(vector.algorithm, vector.key, vector.result)
+                .then(function(result) {
+                    assert_unreached("should have thrown exception for test " + vector.name);
+                }, function(err) {
+                    assert_equals(err.name, "OperationError", "Should throw an OperationError instead of " + err.message)
+                });
+            }, vector.name);
+        }, function(err) {
+            // We need a failed test if the importVectorKey operation fails, so
+            // we know we never tested encryption
+            promise_test(function(test) {
+                assert_unreached("importKey failed for " + vector.name);
+            }, "importKey step: decryption " + vector.name);
+        });
+
+        all_promises.push(promise);
+    });
+
+    promise_test(function() {
+        return Promise.all(all_promises)
+            .then(function() {done();})
+            .catch(function() {done();})
+    }, "setup");
+
+    // A test vector has all needed fields for encryption, EXCEPT that the
+    // key field may be null. This function replaces that null with the Correct
+    // CryptoKey object.
+    //
+    // Returns a Promise that yields an updated vector on success.
+    function importVectorKey(vector, usages) {
+        if (vector.key !== null) {
+            return new Promise(function(resolve, reject) {
+                resolve(vector);
+            });
+        } else {
+            return subtle.importKey("raw", vector.keyBuffer, {name: vector.algorithm.name}, false, usages)
+            .then(function(key) {
+                vector.key = key;
+                return vector;
+            });
+        }
+    }
+
+    // Returns a copy of the sourceBuffer it is sent.
+    function copyBuffer(sourceBuffer) {
+        var source = new Uint8Array(sourceBuffer);
+        var copy = new Uint8Array(sourceBuffer.byteLength)
+
+        for (var i=0; i<source.byteLength; i++) {
+            copy[i] = source[i];
+        }
+
+        return copy;
+    }
+
+    function equalBuffers(a, b) {
+        if (a.byteLength !== b.byteLength) {
+            return false;
+        }
+
+        var aBytes = new Uint8Array(a);
+        var bBytes = new Uint8Array(b);
+
+        for (var i=0; i<a.byteLength; i++) {
+            if (aBytes[i] !== bBytes[i]) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    return;
+}
diff --git a/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_cbc.https.any.js b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_cbc.https.any.js
new file mode 100644
index 0000000000..35637a46af
--- /dev/null
+++ b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_cbc.https.any.js
@@ -0,0 +1,6 @@
+// META: title=WebCryptoAPI: encrypt() Using AES-CBC
+// META: script=aes_cbc_vectors.js
+// META: script=aes.js
+// META: timeout=long
+
+run_test();
diff --git a/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_cbc_vectors.js b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_cbc_vectors.js
new file mode 100644
index 0000000000..96445a9632
--- /dev/null
+++ b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_cbc_vectors.js
@@ -0,0 +1,261 @@
+
+// aes_cbc_vectors.js
+
+// The following function returns an array of test vectors
+// for the subtleCrypto encrypt method.
+//
+// Each test vector has the following fields:
+//     name - a unique name for this vector
+//     keyBuffer - an arrayBuffer with the key data in raw form
+//     key - a CryptoKey object for the keyBuffer. INITIALLY null! You must fill this in first to use it!
+//     algorithm - the value of the AlgorithmIdentifier parameter to provide to encrypt
+//     plaintext - the text to encrypt
+//     result - the expected result (usually just ciphertext, sometimes with added authentication)
+function getTestVectors() {
+    // Before we can really start, we need to fill a bunch of buffers with data
+    var plaintext = new Uint8Array([84, 104, 105, 115, 32, 115,
+        112, 101, 99, 105, 102, 105, 99, 97, 116, 105, 111, 110,
+        32, 100, 101, 115, 99, 114, 105, 98, 101, 115, 32, 97, 32,
+        74, 97, 118, 97, 83, 99, 114, 105, 112, 116, 32, 65, 80,
+        73, 32, 102, 111, 114, 32, 112, 101, 114, 102, 111, 114,
+        109, 105, 110, 103, 32, 98, 97, 115, 105, 99, 32, 99, 114,
+        121, 112, 116, 111, 103, 114, 97, 112, 104, 105, 99, 32,
+        111, 112, 101, 114, 97, 116, 105, 111, 110, 115, 32, 105,
+        110, 32, 119, 101, 98, 32, 97, 112, 112, 108, 105, 99, 97,
+        116, 105, 111, 110, 115, 44, 32, 115, 117, 99, 104, 32, 97,
+        115, 32, 104, 97, 115, 104, 105, 110, 103, 44, 32, 115,
+        105, 103, 110, 97, 116, 117, 114, 101, 32, 103, 101, 110,
+        101, 114, 97, 116, 105, 111, 110, 32, 97, 110, 100, 32,
+        118, 101, 114, 105, 102, 105, 99, 97, 116, 105, 111, 110,
+        44, 32, 97, 110, 100, 32, 101, 110, 99, 114, 121, 112,
+        116, 105, 111, 110, 32, 97, 110, 100, 32, 100, 101, 99,
+        114, 121, 112, 116, 105, 111, 110, 46, 32, 65, 100, 100,
+        105, 116, 105, 111, 110, 97, 108, 108, 121, 44, 32, 105,
+        116, 32, 100, 101, 115, 99, 114, 105, 98, 101, 115, 32, 97,
+        110, 32, 65, 80, 73, 32, 102, 111, 114, 32, 97, 112, 112,
+        108, 105, 99, 97, 116, 105, 111, 110, 115, 32, 116, 111,
+        32, 103, 101, 110, 101, 114, 97, 116, 101, 32, 97, 110,
+        100, 47, 111, 114, 32, 109, 97, 110, 97, 103, 101, 32, 116,
+        104, 101, 32, 107, 101, 121, 105, 110, 103, 32, 109, 97,
+        116, 101, 114, 105, 97, 108, 32, 110, 101, 99, 101, 115,
+        115, 97, 114, 121, 32, 116, 111, 32, 112, 101, 114, 102,
+        111, 114, 109, 32, 116, 104, 101, 115, 101, 32, 111, 112,
+        101, 114, 97, 116, 105, 111, 110, 115, 46, 32, 85, 115,
+        101, 115, 32, 102, 111, 114, 32, 116, 104, 105, 115, 32,
+        65, 80, 73, 32, 114, 97, 110, 103, 101, 32, 102, 114, 111,
+        109, 32, 117, 115, 101, 114, 32, 111, 114, 32, 115, 101,
+        114, 118, 105, 99, 101, 32, 97, 117, 116, 104, 101, 110,
+        116, 105, 99, 97, 116, 105, 111, 110, 44, 32, 100, 111,
+        99, 117, 109, 101, 110, 116, 32, 111, 114, 32, 99, 111,
+        100, 101, 32, 115, 105, 103, 110, 105, 110, 103, 44, 32,
+        97, 110, 100, 32, 116, 104, 101, 32, 99, 111, 110, 102,
+        105, 100, 101, 110, 116, 105, 97, 108, 105, 116, 121, 32,
+        97, 110, 100, 32, 105, 110, 116, 101, 103, 114, 105, 116,
+        121, 32, 111, 102, 32, 99, 111, 109, 109, 117, 110, 105,
+        99, 97, 116, 105, 111, 110, 115, 46]);
+
+    // We want some random key bytes of various sizes.
+    // These were randomly generated from a script.
+    var keyBytes = {
+        128: new Uint8Array([222, 192, 212, 252, 191, 60, 71,
+            65, 200, 146, 218, 189, 28, 212, 192, 78]),
+        192: new Uint8Array([208, 238, 131, 65, 63, 68, 196, 63, 186, 208,
+            61, 207, 166, 18, 99, 152, 29, 109, 221, 95, 240, 30, 28, 246]),
+        256: new Uint8Array([103, 105, 56, 35, 251, 29, 88, 7, 63, 145, 236,
+            233, 204, 58, 249, 16, 229, 83, 38, 22, 164, 210, 123, 19, 235, 123, 116,
+            216, 0, 11, 191, 48])
+    }
+
+    // AES-CBC needs a 16 byte (128 bit) IV.
+    var iv = new Uint8Array([85, 170, 248, 155, 168, 148, 19, 213, 78, 167, 39,
+        167, 108, 39, 162, 132]);
+
+
+    // Results. These were created using the Python cryptography module.
+
+    // AES-CBC produces ciphertext
+    var ciphertext = {
+        128: new Uint8Array([35, 127, 3, 254, 231, 8, 114, 231, 143, 174, 193,
+            72, 221, 189, 1, 189, 119, 203, 150, 227, 56, 30, 244, 236, 226, 175,
+            234, 23, 167, 175, 211, 124, 203, 228, 97, 223, 156, 77, 88, 174,
+            166, 187, 186, 225, 176, 92, 250, 177, 225, 41, 135, 124, 215, 86,
+            198, 134, 124, 49, 154, 60, 224, 93, 165, 12, 190, 245, 241, 164,
+            247, 220, 227, 69, 242, 105, 208, 108, 222, 193, 223, 0, 226, 217,
+            39, 160, 78, 147, 191, 38, 153, 232, 206, 221, 254, 25, 185, 249, 7,
+            181, 215, 104, 98, 163, 194, 161, 103, 161, 237, 167, 10, 242, 37,
+            80, 2, 255, 173, 96, 20, 106, 170, 110, 80, 38, 136, 127, 16, 85,
+            244, 78, 172, 56, 106, 3, 115, 130, 58, 186, 129, 236, 255, 251,
+            178, 112, 24, 159, 82, 252, 1, 178, 132, 92, 40, 125, 18, 135, 116,
+            64, 178, 31, 174, 87, 114, 114, 218, 78, 111, 0, 239, 252, 79, 63,
+            119, 58, 118, 78, 55, 249, 36, 130, 225, 205, 13, 76, 97, 214, 250,
+            174, 232, 67, 103, 211, 178, 206, 32, 129, 188, 243, 100, 71, 63,
+            154, 159, 200, 125, 34, 138, 39, 73, 130, 75, 97, 203, 204, 111,
+            244, 75, 186, 181, 43, 207, 175, 146, 98, 207, 27, 23, 90, 144, 161,
+            19, 235, 199, 93, 98, 238, 72, 134, 157, 220, 207, 66, 167, 236, 94,
+            57, 0, 3, 202, 250, 55, 26, 163, 20, 133, 191, 67, 20, 63, 150, 203,
+            87, 216, 44, 57, 188, 236, 64, 80, 111, 68, 26, 12, 10, 163, 82, 3,
+            191, 19, 71, 186, 196, 177, 84, 244, 7, 78, 41, 172, 203, 27, 225,
+            231, 108, 206, 141, 221, 253, 204, 220, 134, 20, 130, 54, 113, 81,
+            127, 197, 27, 101, 121, 159, 223, 193, 115, 190, 12, 153, 174, 231,
+            196, 92, 142, 156, 61, 189, 3, 18, 153, 206, 190, 58, 255, 154, 115,
+            66, 23, 107, 94, 220, 156, 220, 228, 241, 66, 6, 184, 44, 238, 249,
+            51, 240, 109, 142, 208, 189, 11, 117, 70, 170, 217, 170, 216, 66,
+            231, 18, 175, 121, 221, 16, 29, 139, 55, 103, 91, 239, 111, 29, 108,
+            94, 179, 138, 134, 73, 130, 29, 69, 182, 192, 249, 150, 165, 79, 47,
+            91, 203, 226, 63, 87, 52, 60, 172, 191, 190, 179, 171, 155, 205, 88,
+            172, 111, 59, 40, 198, 250, 209, 148, 177, 115, 200, 40, 43, 165,
+            167, 67, 116, 64, 159, 240, 81, 253, 235, 137, 132, 49, 223, 214,
+            172, 53, 7, 47, 184, 223, 120, 59, 51, 33, 124, 147, 221, 27, 60,
+            16, 254, 24, 115, 115, 214, 75, 73, 97, 136, 214, 209, 177, 106, 71,
+            254, 211, 94, 57, 104, 170, 168, 35, 37, 93, 203, 199, 38, 28, 84]),
+
+        192: new Uint8Array([131, 160, 2, 14, 214, 229, 41, 230, 47, 99, 83,
+            193, 62, 133, 172, 195, 127, 61, 247, 80, 71, 167, 37, 184, 230,
+            207, 168, 163, 139, 145, 18, 225, 205, 134, 87, 138, 80, 247, 166,
+            176, 177, 18, 71, 88, 193, 56, 45, 96, 36, 78, 134, 212, 9, 250, 217,
+            24, 207, 215, 111, 72, 114, 203, 27, 188, 122, 34, 212, 191, 88, 72,
+            22, 194, 224, 217, 236, 201, 191, 236, 214, 231, 90, 244, 100, 153,
+            211, 35, 182, 205, 128, 84, 79, 161, 53, 166, 236, 196, 181, 163,
+            140, 255, 80, 59, 49, 71, 170, 118, 14, 100, 40, 105, 184, 187, 41,
+            198, 180, 135, 69, 211, 69, 74, 132, 243, 76, 144, 102, 90, 155,
+            243, 125, 140, 190, 20, 9, 232, 188, 198, 221, 148, 13, 53, 155, 91,
+            34, 235, 24, 121, 109, 48, 242, 142, 8, 160, 223, 242, 163, 98, 198,
+            131, 164, 160, 79, 27, 210, 216, 192, 228, 27, 4, 254, 222, 195, 14,
+            77, 72, 225, 151, 114, 38, 130, 143, 6, 17, 138, 229, 193, 114, 169,
+            2, 108, 225, 35, 37, 232, 200, 167, 147, 251, 210, 138, 243, 44, 48,
+            12, 84, 192, 169, 108, 0, 113, 77, 160, 218, 96, 4, 138, 171, 207,
+            20, 189, 146, 255, 206, 68, 160, 87, 127, 3, 83, 182, 203, 116, 59,
+            24, 186, 79, 68, 220, 161, 85, 227, 29, 118, 134, 128, 187, 29, 128,
+            121, 120, 64, 211, 30, 255, 52, 187, 185, 216, 151, 30, 10, 165,
+            203, 148, 39, 224, 14, 173, 199, 57, 0, 194, 79, 115, 206, 159, 43,
+            13, 36, 169, 97, 144, 32, 0, 207, 230, 16, 162, 156, 166, 34, 150,
+            12, 93, 141, 164, 181, 194, 10, 47, 139, 82, 75, 42, 23, 224, 3, 92,
+            151, 154, 249, 170, 57, 141, 113, 32, 52, 158, 218, 49, 242, 134,
+            65, 69, 203, 71, 19, 133, 125, 117, 1, 207, 210, 224, 130, 45, 37,
+            42, 181, 139, 34, 85, 8, 67, 165, 249, 180, 89, 3, 60, 152, 1, 231,
+            49, 1, 124, 243, 81, 44, 72, 232, 239, 129, 75, 108, 4, 169, 132,
+            73, 183, 21, 29, 46, 94, 138, 83, 190, 131, 146, 65, 104, 107, 251,
+            218, 95, 227, 94, 145, 70, 0, 2, 252, 59, 188, 58, 150, 203, 148,
+            100, 219, 36, 182, 81, 237, 138, 160, 83, 151, 119, 11, 216, 122,
+            134, 189, 246, 251, 192, 41, 158, 125, 247, 190, 32, 173, 104, 9,
+            58, 223, 97, 212, 48, 62, 3, 112, 21, 74, 206, 87, 182, 110, 197,
+            67, 68, 155, 189, 223, 136, 2, 239, 137, 151, 138, 252, 162, 141,
+            255, 209, 25, 4, 146, 24, 221, 43, 148, 120, 26, 228, 208, 200, 198,
+            192, 4, 96, 70, 227, 237, 104, 17, 67, 9, 211]),
+
+        256: new Uint8Array([41, 213, 121, 140, 181, 227, 200, 97, 100, 133, 58,
+            227, 106, 115, 25, 63, 77, 51, 26, 57, 238, 140, 99, 63, 71, 211,
+            128, 84, 115, 26, 236, 52, 103, 81, 145, 14, 101, 161, 181, 58, 135,
+            193, 56, 167, 214, 220, 5, 52, 85, 222, 183, 27, 101, 134, 86, 155,
+            64, 148, 124, 212, 219, 251, 65, 42, 32, 44, 128, 2, 50, 128, 221,
+            22, 238, 56, 189, 83, 28, 122, 121, 157, 215, 135, 151, 128, 233,
+            193, 65, 190, 86, 148, 191, 140, 196, 120, 8, 172, 100, 166, 254,
+            41, 245, 75, 56, 6, 166, 244, 178, 111, 234, 23, 4, 107, 6, 22, 132,
+            187, 230, 17, 71, 172, 113, 238, 73, 4, 180, 90, 103, 77, 37, 51,
+            118, 112, 129, 238, 199, 7, 222, 122, 173, 30, 232, 178, 233, 234,
+            144, 98, 14, 234, 112, 77, 68, 62, 62, 159, 230, 101, 98, 43, 2,
+            204, 69, 156, 86, 104, 128, 34, 128, 7, 173, 90, 120, 33, 104, 59,
+            45, 251, 93, 51, 240, 232, 60, 94, 189, 134, 90, 20, 184, 122, 29,
+            225, 85, 213, 38, 116, 159, 80, 69, 106, 168, 236, 201, 69, 140, 98,
+            240, 45, 160, 133, 225, 106, 45, 245, 212, 160, 176, 128, 27, 114,
+            153, 182, 144, 145, 214, 72, 196, 138, 183, 87, 61, 245, 150, 56,
+            82, 158, 224, 50, 114, 125, 122, 172, 161, 129, 234, 70, 63, 245,
+            136, 30, 136, 9, 128, 220, 229, 157, 222, 195, 149, 189, 70, 8, 71,
+            40, 195, 93, 27, 7, 234, 164, 175, 102, 201, 149, 115, 248, 179,
+            125, 66, 122, 194, 26, 61, 218, 198, 181, 152, 140, 199, 48, 148,
+            31, 14, 241, 197, 3, 70, 128, 239, 32, 86, 15, 215, 86, 245, 190,
+            95, 141, 41, 111, 0, 232, 28, 152, 67, 87, 197, 255, 118, 13, 251,
+            71, 84, 22, 231, 134, 188, 175, 115, 138, 37, 199, 5, 238, 199, 2,
+            99, 203, 75, 62, 231, 21, 150, 239, 94, 201, 185, 219, 58, 210, 228,
+            151, 131, 76, 148, 104, 60, 74, 82, 6, 168, 49, 251, 182, 3, 232,
+            173, 210, 201, 19, 101, 166, 7, 94, 11, 194, 211, 146, 229, 75, 241,
+            15, 50, 187, 36, 175, 78, 227, 98, 224, 3, 95, 209, 93, 126, 112,
+            178, 29, 18, 108, 241, 232, 79, 210, 41, 2, 238, 208, 190, 171, 134,
+            147, 188, 191, 229, 122, 32, 209, 166, 118, 129, 223, 130, 214, 195,
+            89, 67, 94, 218, 155, 185, 0, 144, 255, 132, 213, 25, 59, 83, 242,
+            57, 69, 148, 109, 133, 61, 163, 30, 214, 254, 54, 169, 3, 217, 77,
+            66, 123, 193, 204, 199, 109, 123, 49, 186, 223, 229, 8, 230, 164,
+            171, 196, 145, 225, 10, 111, 248, 111, 164, 216, 54, 225, 253])
+    };
+
+    // Replace the last block of each ciphertext with bad padding below for decryption errors
+    var badPadding = {
+        128: {
+            "zeroPadChar": new Uint8Array([238, 27, 248, 169, 218, 138, 164, 86, 207, 102, 36, 223, 6, 166, 77, 14]),
+            "bigPadChar": new Uint8Array([91, 67, 119, 104, 252, 238, 175, 144, 17, 75, 12, 163, 212, 52, 46, 51]),
+            "inconsistentPadChars": new Uint8Array([135, 101, 112, 208, 3, 106, 226, 20, 25, 219, 79, 94, 58, 212, 242, 192])
+        },
+        192: {
+            "zeroPadChar": new Uint8Array([22, 158, 50, 15, 168, 47, 19, 194, 182, 133, 184, 65, 36, 43, 177, 254]),
+            "bigPadChar": new Uint8Array([207, 110, 28, 160, 165, 213, 48, 213, 163, 242, 15, 78, 96, 117, 106, 87]),
+            "inconsistentPadChars": new Uint8Array([143, 227, 12, 112, 216, 207, 136, 167, 78, 137, 93, 30, 50, 75, 102, 101])
+        },
+        256: {
+            "zeroPadChar": new Uint8Array([1, 253, 141, 214, 30, 193, 254, 68, 140, 200, 157, 110, 200, 89, 177, 129]),
+            "bigPadChar": new Uint8Array([88, 7, 110, 221, 74, 34, 97, 109, 99, 25, 189, 222, 94, 90, 27, 60]),
+            "inconsistentPadChars": new Uint8Array([152, 54, 60, 148, 59, 136, 193, 21, 77, 140, 170, 67, 120, 74, 106, 62])
+        }
+    };
+
+    var keyLengths = [128, 192, 256];
+
+    // All the scenarios that should succeed, if the key has "encrypt" usage
+    var passing = [];
+    keyLengths.forEach(function(keyLength) {
+        passing.push({
+            name: "AES-CBC " + keyLength.toString() + "-bit key",
+            keyBuffer: keyBytes[keyLength],
+            key: null,
+            algorithm: {name: "AES-CBC", iv: iv},
+            plaintext: plaintext,
+            result: ciphertext[keyLength]
+        });
+    });
+
+    // Scenarios that should fail because of a bad iv length, causing an OperationError
+    var failing = [];
+    keyLengths.forEach(function(keyLength) {
+        var shortIv = iv.slice(0, 8);
+        failing.push({
+            name: "AES-CBC " + keyLength.toString() + "-bit key, 64-bit IV",
+            keyBuffer: keyBytes[keyLength],
+            key: null,
+            algorithm: {name: "AES-CBC", iv: shortIv},
+            plaintext: plaintext,
+            result: ciphertext[keyLength]
+        });
+
+        var longIv = new Uint8Array(24);
+        longIv.set(iv, 0);
+        longIv.set(iv.slice(0, 8), 16);
+        failing.push({
+            name: "AES-CBC " + keyLength.toString() + "-bit key, 192-bit IV",
+            keyBuffer: keyBytes[keyLength],
+            key: null,
+            algorithm: {name: "AES-CBC", iv: longIv},
+            plaintext: plaintext,
+            result: ciphertext[keyLength]
+        });
+    });
+
+    // Scenarios that should fail decryption because of bad padding
+    var decryptionFailing = [];
+    keyLengths.forEach(function(keyLength) {
+        ["zeroPadChar", "bigPadChar", "inconsistentPadChars"].forEach(function(paddingProblem) {
+            var badCiphertext = new Uint8Array(ciphertext[keyLength].byteLength);
+            badCiphertext.set(ciphertext[keyLength].slice(0, ciphertext[keyLength].byteLength - 16));
+            badCiphertext.set(badPadding[keyLength][paddingProblem]);
+
+            decryptionFailing.push({
+                name: "AES-CBC " + keyLength.toString() + "-bit key, " + paddingProblem,
+                keyBuffer: keyBytes[keyLength],
+                key: null,
+                algorithm: {name: "AES-CBC", iv: iv},
+                plaintext: plaintext,
+                result: badCiphertext
+            });
+        });
+    });
+
+    return {passing: passing, failing: failing, decryptionFailing: decryptionFailing};
+}
diff --git a/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_ctr.https.any.js b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_ctr.https.any.js
new file mode 100644
index 0000000000..9f0c66900e
--- /dev/null
+++ b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_ctr.https.any.js
@@ -0,0 +1,6 @@
+// META: title=WebCryptoAPI: encrypt() Using AES-CTR
+// META: script=aes_ctr_vectors.js
+// META: script=aes.js
+// META: timeout=long
+
+run_test();
diff --git a/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_ctr_vectors.js b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_ctr_vectors.js
new file mode 100644
index 0000000000..201dff83ce
--- /dev/null
+++ b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_ctr_vectors.js
@@ -0,0 +1,123 @@
+
+// aes_ctr_vectors.js
+
+// The following function returns an array of test vectors
+// for the subtleCrypto encrypt method.
+//
+// Each test vector has the following fields:
+//     name - a unique name for this vector
+//     keyBuffer - an arrayBuffer with the key data in raw form
+//     key - a CryptoKey object for the keyBuffer. INITIALLY null! You must fill this in first to use it!
+//     algorithm - the value of the AlgorithmIdentifier parameter to provide to encrypt
+//     plaintext - the text to encrypt
+//     result - the expected result (usually just ciphertext, sometimes with added authentication)
+function getTestVectors() {
+    // Before we can really start, we need to fill a bunch of buffers with data
+    var plaintext = new Uint8Array([84, 104, 105, 115, 32, 115,
+        112, 101, 99, 105, 102, 105, 99, 97, 116, 105, 111, 110,
+        32, 100, 101, 115, 99, 114, 105, 98, 101, 115, 32, 97, 32,
+        74, 97, 118, 97, 83, 99, 114, 105, 112, 116, 32, 65, 80,
+        73, 32, 102, 111, 114, 32, 112, 101, 114, 102, 111, 114,
+        109, 105, 110, 103, 32, 98, 97, 115, 105, 99, 32, 99, 114,
+        121, 112, 116, 111, 103, 114, 97, 112, 104, 105, 99, 32,
+        111, 112, 101, 114, 97, 116, 105, 111, 110, 115, 32, 105,
+        110, 32, 119, 101, 98, 32, 97, 112, 112, 108, 105, 99, 97,
+        116, 105, 111, 110, 115, 44, 32, 115, 117, 99, 104, 32, 97,
+        115, 32, 104, 97, 115, 104, 105, 110, 103, 44, 32, 115,
+        105, 103, 110, 97, 116, 117, 114, 101, 32, 103, 101, 110,
+        101, 114, 97, 116, 105, 111, 110, 32, 97, 110, 100, 32,
+        118, 101, 114, 105, 102, 105, 99, 97, 116, 105, 111, 110,
+        44, 32, 97, 110, 100, 32, 101, 110, 99, 114, 121, 112,
+        116, 105, 111, 110, 32, 97, 110, 100, 32, 100, 101, 99,
+        114, 121, 112, 116, 105, 111, 110, 46, 32, 65, 100, 100,
+        105, 116, 105, 111, 110, 97, 108, 108, 121, 44, 32, 105,
+        116, 32, 100, 101, 115, 99, 114, 105, 98, 101, 115, 32, 97,
+        110, 32, 65, 80, 73, 32, 102, 111, 114, 32, 97, 112, 112,
+        108, 105, 99, 97, 116, 105, 111, 110, 115, 32, 116, 111,
+        32, 103, 101, 110, 101, 114, 97, 116, 101, 32, 97, 110,
+        100, 47, 111, 114, 32, 109, 97, 110, 97, 103, 101, 32, 116,
+        104, 101, 32, 107, 101, 121, 105, 110, 103, 32, 109, 97,
+        116, 101, 114, 105, 97, 108, 32, 110, 101, 99, 101, 115,
+        115, 97, 114, 121, 32, 116, 111, 32, 112, 101, 114, 102,
+        111, 114, 109, 32, 116, 104, 101, 115, 101, 32, 111, 112,
+        101, 114, 97, 116, 105, 111, 110, 115, 46, 32, 85, 115,
+        101, 115, 32, 102, 111, 114, 32, 116, 104, 105, 115, 32,
+        65, 80, 73, 32, 114, 97, 110, 103, 101, 32, 102, 114, 111,
+        109, 32, 117, 115, 101, 114, 32, 111, 114, 32, 115, 101,
+        114, 118, 105, 99, 101, 32, 97, 117, 116, 104, 101, 110,
+        116, 105, 99, 97, 116, 105, 111, 110, 44, 32, 100, 111,
+        99, 117, 109, 101, 110, 116, 32, 111, 114, 32, 99, 111,
+        100, 101, 32, 115, 105, 103, 110, 105, 110, 103, 44, 32,
+        97, 110, 100, 32, 116, 104, 101, 32, 99, 111, 110, 102,
+        105, 100, 101, 110, 116, 105, 97, 108, 105, 116, 121, 32,
+        97, 110, 100, 32, 105, 110, 116, 101, 103, 114, 105, 116,
+        121, 32, 111, 102, 32, 99, 111, 109, 109, 117, 110, 105,
+        99, 97, 116, 105, 111, 110, 115, 46]);
+
+    // We want some random key bytes of various sizes.
+    // These were randomly generated from a script.
+    var keyBytes = {
+        128: new Uint8Array([222, 192, 212, 252, 191, 60, 71,
+            65, 200, 146, 218, 189, 28, 212, 192, 78]),
+        192: new Uint8Array([208, 238, 131, 65, 63, 68, 196, 63, 186, 208,
+            61, 207, 166, 18, 99, 152, 29, 109, 221, 95, 240, 30, 28, 246]),
+        256: new Uint8Array([103, 105, 56, 35, 251, 29, 88, 7, 63, 145, 236,
+            233, 204, 58, 249, 16, 229, 83, 38, 22, 164, 210, 123, 19, 235, 123, 116,
+            216, 0, 11, 191, 48])
+    }
+
+    // AES-CTR needs a 16 byte (128 bit) counter.
+    var counter = new Uint8Array([85, 170, 248, 155, 168, 148, 19, 213, 78, 167, 39,
+        167, 108, 39, 162, 132]);
+
+
+    // Results. These were created using the Python cryptography module.
+
+    // AES-CTR produces ciphertext
+    var ciphertext = {
+        128: new Uint8Array([233, 17, 117, 253, 164, 245, 234, 87, 197, 43, 13, 0, 11, 190, 152, 175, 104, 192, 165, 144, 88, 174, 237, 138, 181, 183, 6, 53, 3, 161, 206, 71, 13, 121, 218, 209, 116, 249, 10, 170, 250, 165, 68, 157, 132, 141, 200, 178, 197, 87, 209, 231, 250, 75, 154, 65, 162, 251, 30, 159, 234, 20, 20, 181, 147, 218, 180, 12, 4, 241, 75, 79, 129, 64, 15, 228, 60, 147, 153, 1, 129, 176, 150, 161, 85, 97, 22, 154, 234, 23, 127, 16, 4, 22, 226, 11, 104, 16, 176, 14, 225, 176, 79, 239, 103, 243, 190, 222, 40, 186, 244, 212, 29, 57, 125, 175, 21, 17, 233, 2, 13, 119, 102, 233, 230, 4, 16, 222, 56, 225, 67, 45, 191, 250, 15, 153, 45, 193, 240, 212, 117, 101, 68, 232, 199, 101, 175, 125, 247, 6, 249, 14, 0, 157, 185, 56, 76, 51, 228, 77, 234, 84, 60, 42, 119, 187, 213, 32, 34, 222, 65, 231, 215, 26, 73, 141, 231, 254, 185, 118, 14, 180, 126, 80, 51, 102, 200, 141, 204, 45, 26, 56, 119, 136, 222, 45, 143, 120, 231, 44, 43, 221, 136, 21, 188, 138, 84, 232, 208, 238, 226, 117, 104, 60, 165, 4, 18, 144, 240, 49, 173, 90, 68, 84, 239, 161, 124, 196, 144, 119, 24, 243, 239, 75, 117, 254, 219, 209, 53, 131, 37, 79, 68, 26, 21, 168, 163, 50, 59, 18, 244, 11, 143, 190, 188, 129, 108, 249, 180, 104, 216, 215, 165, 160, 251, 84, 132, 152, 195, 154, 110, 216, 70, 21, 248, 148, 146, 152, 56, 174, 248, 227, 1, 102, 15, 118, 182, 50, 73, 63, 35, 112, 159, 237, 253, 94, 16, 127, 120, 38, 127, 51, 27, 96, 163, 140, 20, 111, 151, 16, 72, 74, 74, 205, 239, 241, 16, 179, 183, 116, 95, 248, 58, 168, 203, 93, 233, 225, 91, 17, 226, 10, 120, 85, 114, 4, 31, 40, 82, 161, 152, 17, 86, 237, 207, 7, 228, 110, 182, 65, 68, 68, 156, 206, 116, 185, 204, 148, 22, 58, 111, 218, 138, 225, 146, 25, 114, 29, 96, 183, 87, 181, 181, 236, 113, 141, 171, 213, 9, 84, 182, 230, 163, 147, 246, 86, 246, 52, 111, 64, 34, 157, 12, 80, 224, 28, 21, 112, 31, 42, 79, 229, 210, 90, 23, 78, 223, 155, 144, 238, 12, 14, 191, 158, 6, 181, 254, 0, 85, 134, 56, 161, 234, 55, 129, 64, 59, 12, 146, 6, 217, 232, 20, 214, 167, 159, 183, 165, 96, 96, 225, 199, 23, 106, 243, 108, 106, 26, 214, 53, 152, 26, 155, 253, 128, 7, 216, 207, 109, 159, 147, 240, 232, 226, 43, 147, 169, 162, 204, 215, 9, 10, 177, 223, 99, 206, 163, 240, 64]),
+
+        192: new Uint8Array([98, 123, 235, 65, 14, 86, 80, 133, 88, 104, 244, 125, 165, 185, 163, 4, 3, 230, 62, 58, 113, 222, 46, 210, 17, 155, 95, 19, 125, 125, 70, 234, 105, 54, 23, 246, 114, 9, 237, 191, 9, 194, 34, 254, 156, 11, 50, 216, 80, 178, 185, 221, 132, 154, 27, 85, 82, 49, 241, 123, 23, 106, 119, 134, 203, 0, 151, 66, 149, 218, 124, 247, 227, 233, 236, 184, 88, 234, 174, 250, 83, 168, 33, 15, 122, 26, 96, 213, 210, 4, 52, 92, 20, 12, 64, 12, 209, 197, 69, 100, 15, 56, 60, 63, 241, 52, 18, 189, 93, 146, 47, 60, 33, 200, 218, 243, 43, 169, 17, 108, 19, 199, 174, 33, 107, 186, 57, 95, 167, 138, 180, 187, 53, 113, 208, 148, 190, 48, 167, 53, 209, 52, 153, 184, 231, 63, 168, 54, 179, 238, 93, 130, 125, 3, 149, 119, 60, 25, 142, 150, 183, 193, 29, 18, 3, 219, 235, 219, 26, 116, 217, 196, 108, 6, 96, 103, 212, 48, 227, 91, 124, 77, 181, 169, 18, 111, 123, 83, 26, 169, 230, 88, 103, 185, 153, 93, 143, 152, 142, 231, 41, 226, 226, 156, 179, 206, 212, 67, 18, 193, 187, 53, 252, 214, 15, 228, 246, 131, 170, 101, 134, 212, 100, 170, 146, 47, 57, 125, 50, 230, 51, 246, 74, 175, 129, 196, 178, 206, 176, 52, 153, 39, 77, 24, 186, 99, 137, 83, 105, 111, 168, 35, 176, 24, 29, 170, 223, 74, 160, 138, 247, 12, 102, 233, 136, 59, 172, 228, 242, 84, 13, 34, 155, 80, 80, 87, 180, 143, 129, 61, 213, 54, 41, 8, 183, 102, 126, 179, 127, 77, 55, 176, 152, 41, 131, 85, 86, 225, 87, 216, 139, 226, 196, 195, 210, 34, 33, 161, 249, 153, 205, 197, 128, 41, 28, 121, 6, 159, 25, 211, 168, 137, 26, 217, 249, 113, 81, 141, 18, 1, 250, 228, 68, 238, 74, 54, 99, 167, 236, 176, 199, 148, 161, 143, 156, 51, 189, 204, 59, 240, 151, 170, 85, 63, 23, 38, 152, 199, 12, 81, 217, 244, 178, 231, 249, 159, 224, 107, 214, 58, 127, 116, 143, 219, 155, 80, 55, 213, 171, 80, 127, 235, 20, 247, 12, 104, 228, 147, 202, 124, 143, 110, 223, 76, 221, 154, 175, 143, 185, 237, 222, 189, 104, 218, 72, 244, 55, 253, 138, 183, 92, 231, 68, 176, 239, 171, 100, 10, 63, 61, 194, 228, 15, 133, 216, 45, 60, 135, 203, 142, 127, 153, 172, 223, 213, 230, 220, 189, 223, 234, 156, 134, 238, 220, 251, 104, 209, 117, 175, 47, 46, 148, 6, 61, 216, 215, 39, 30, 116, 212, 45, 112, 202, 227, 198, 98, 253, 97, 177, 120, 74, 238, 68, 99, 240, 96, 43, 88, 166]),
+
+        256: new Uint8Array([55, 82, 154, 67, 47, 80, 186, 78, 83, 56, 95, 130, 102, 236, 61, 236, 204, 236, 234, 222, 122, 226, 147, 149, 233, 41, 16, 118, 201, 91, 185, 162, 79, 71, 146, 252, 221, 110, 165, 137, 75, 129, 94, 219, 93, 94, 64, 34, 250, 190, 5, 90, 6, 177, 167, 224, 25, 121, 85, 91, 87, 152, 56, 100, 191, 35, 1, 156, 177, 179, 127, 253, 173, 176, 87, 247, 40, 207, 178, 175, 10, 51, 209, 70, 52, 76, 251, 160, 172, 203, 77, 191, 97, 58, 123, 238, 82, 60, 166, 214, 134, 14, 71, 74, 156, 15, 77, 6, 141, 76, 10, 205, 148, 204, 85, 203, 242, 30, 66, 133, 202, 21, 17, 108, 151, 2, 15, 44, 51, 180, 88, 80, 8, 248, 254, 151, 201, 226, 156, 6, 39, 197, 212, 124, 72, 217, 75, 232, 139, 155, 22, 199, 242, 223, 116, 10, 141, 42, 7, 85, 99, 5, 184, 43, 145, 159, 122, 135, 202, 46, 209, 157, 178, 114, 98, 194, 119, 194, 19, 242, 167, 236, 162, 94, 90, 106, 219, 234, 67, 11, 162, 225, 6, 17, 152, 23, 16, 84, 40, 90, 255, 158, 8, 105, 198, 56, 220, 213, 36, 203, 241, 242, 85, 218, 103, 90, 202, 214, 215, 134, 121, 169, 149, 139, 122, 143, 155, 178, 29, 217, 197, 128, 173, 25, 111, 154, 14, 76, 106, 101, 0, 215, 187, 33, 223, 116, 205, 89, 52, 206, 60, 77, 141, 31, 57, 211, 74, 42, 219, 88, 210, 36, 196, 128, 151, 136, 124, 222, 157, 59, 225, 70, 163, 234, 59, 173, 228, 198, 134, 76, 249, 228, 69, 181, 196, 194, 179, 239, 78, 43, 143, 94, 234, 10, 177, 192, 185, 171, 231, 164, 254, 91, 44, 11, 29, 148, 223, 107, 18, 149, 61, 50, 115, 38, 14, 128, 189, 9, 77, 236, 151, 163, 23, 122, 156, 236, 11, 80, 66, 190, 24, 4, 4, 12, 148, 57, 64, 59, 143, 114, 247, 66, 111, 167, 86, 173, 98, 102, 207, 44, 134, 89, 231, 64, 50, 157, 208, 210, 79, 159, 133, 73, 118, 98, 202, 215, 57, 247, 29, 97, 116, 1, 28, 119, 248, 243, 31, 180, 66, 38, 40, 141, 251, 134, 129, 126, 241, 113, 22, 50, 28, 113, 187, 158, 217, 125, 182, 233, 144, 246, 32, 88, 88, 15, 0, 102, 131, 67, 31, 34, 150, 98, 241, 213, 227, 205, 175, 254, 3, 53, 70, 124, 167, 38, 53, 104, 140, 147, 158, 200, 179, 45, 100, 101, 246, 81, 166, 53, 247, 60, 10, 78, 127, 10, 173, 176, 232, 31, 91, 203, 250, 236, 38, 113, 172, 151, 253, 194, 253, 50, 242, 76, 148, 23, 117, 195, 122, 104, 16, 212, 177, 113, 188, 138, 186, 144, 168, 102, 3])
+    };
+
+    var keyLengths = [128, 192, 256];
+
+    // All the scenarios that should succeed, if the key has "encrypt" usage
+    var passing = [];
+    keyLengths.forEach(function(keyLength) {
+        passing.push({
+            name: "AES-CTR " + keyLength.toString() + "-bit key",
+            keyBuffer: keyBytes[keyLength],
+            key: null,
+            algorithm: {name: "AES-CTR", counter: counter, length: 64},
+            plaintext: plaintext,
+            result: ciphertext[keyLength]
+        });
+    });
+
+    // Scenarios that should fail because of a bad length parameter, causing an OperationError
+    var failing = [];
+    keyLengths.forEach(function(keyLength) {
+        failing.push({
+            name: "AES-CTR " + keyLength.toString() + "-bit key, 0-bit counter",
+            keyBuffer: keyBytes[keyLength],
+            key: null,
+            algorithm: {name: "AES-CTR", counter: counter, length: 0},
+            plaintext: plaintext,
+            result: ciphertext[keyLength]
+        });
+
+        failing.push({
+            name: "AES-CTR " + keyLength.toString() + "-bit key, 129-bit counter",
+            keyBuffer: keyBytes[keyLength],
+            key: null,
+            algorithm: {name: "AES-CTR", counter: counter, length: 129},
+            plaintext: plaintext,
+            result: ciphertext[keyLength]
+        });
+    });
+
+    return {passing: passing, failing: failing, decryptionFailing: []};
+}
diff --git a/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm.https.any.js b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm.https.any.js
new file mode 100644
index 0000000000..6e3a6efb12
--- /dev/null
+++ b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm.https.any.js
@@ -0,0 +1,7 @@
+// META: title=WebCryptoAPI: encrypt() Using AES-GCM w/ 96-bit iv
+// META: script=aes_gcm_96_iv_fixtures.js
+// META: script=aes_gcm_vectors.js
+// META: script=aes.js
+// META: timeout=long
+
+run_test();
diff --git a/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm_256_iv.https.any.js b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm_256_iv.https.any.js
new file mode 100644
index 0000000000..92900fb13a
--- /dev/null
+++ b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm_256_iv.https.any.js
@@ -0,0 +1,7 @@
+// META: title=WebCryptoAPI: encrypt() Using AES-GCM w/ 256-bit iv
+// META: script=aes_gcm_256_iv_fixtures.js
+// META: script=aes_gcm_vectors.js
+// META: script=aes.js
+// META: timeout=long
+
+run_test();
diff --git a/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm_256_iv_fixtures.js b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm_256_iv_fixtures.js
new file mode 100644
index 0000000000..9cdbbbb790
--- /dev/null
+++ b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm_256_iv_fixtures.js
@@ -0,0 +1,210 @@
+function getFixtures() {
+  // Before we can really start, we need to fill a bunch of buffers with data
+  var plaintext = new Uint8Array([
+    84, 104, 105, 115, 32, 115, 112, 101, 99, 105, 102, 105, 99, 97, 116, 105,
+    111, 110, 32, 100, 101, 115, 99, 114, 105, 98, 101, 115, 32, 97, 32, 74, 97,
+    118, 97, 83, 99, 114, 105, 112, 116, 32, 65, 80, 73, 32, 102, 111, 114, 32,
+    112, 101, 114, 102, 111, 114, 109, 105, 110, 103, 32, 98, 97, 115, 105, 99,
+    32, 99, 114, 121, 112, 116, 111, 103, 114, 97, 112, 104, 105, 99, 32, 111,
+    112, 101, 114, 97, 116, 105, 111, 110, 115, 32, 105, 110, 32, 119, 101, 98,
+    32, 97, 112, 112, 108, 105, 99, 97, 116, 105, 111, 110, 115, 44, 32, 115,
+    117, 99, 104, 32, 97, 115, 32, 104, 97, 115, 104, 105, 110, 103, 44, 32,
+    115, 105, 103, 110, 97, 116, 117, 114, 101, 32, 103, 101, 110, 101, 114, 97,
+    116, 105, 111, 110, 32, 97, 110, 100, 32, 118, 101, 114, 105, 102, 105, 99,
+    97, 116, 105, 111, 110, 44, 32, 97, 110, 100, 32, 101, 110, 99, 114, 121,
+    112, 116, 105, 111, 110, 32, 97, 110, 100, 32, 100, 101, 99, 114, 121, 112,
+    116, 105, 111, 110, 46, 32, 65, 100, 100, 105, 116, 105, 111, 110, 97, 108,
+    108, 121, 44, 32, 105, 116, 32, 100, 101, 115, 99, 114, 105, 98, 101, 115,
+    32, 97, 110, 32, 65, 80, 73, 32, 102, 111, 114, 32, 97, 112, 112, 108, 105,
+    99, 97, 116, 105, 111, 110, 115, 32, 116, 111, 32, 103, 101, 110, 101, 114,
+    97, 116, 101, 32, 97, 110, 100, 47, 111, 114, 32, 109, 97, 110, 97, 103,
+    101, 32, 116, 104, 101, 32, 107, 101, 121, 105, 110, 103, 32, 109, 97, 116,
+    101, 114, 105, 97, 108, 32, 110, 101, 99, 101, 115, 115, 97, 114, 121, 32,
+    116, 111, 32, 112, 101, 114, 102, 111, 114, 109, 32, 116, 104, 101, 115,
+    101, 32, 111, 112, 101, 114, 97, 116, 105, 111, 110, 115, 46, 32, 85, 115,
+    101, 115, 32, 102, 111, 114, 32, 116, 104, 105, 115, 32, 65, 80, 73, 32,
+    114, 97, 110, 103, 101, 32, 102, 114, 111, 109, 32, 117, 115, 101, 114, 32,
+    111, 114, 32, 115, 101, 114, 118, 105, 99, 101, 32, 97, 117, 116, 104, 101,
+    110, 116, 105, 99, 97, 116, 105, 111, 110, 44, 32, 100, 111, 99, 117, 109,
+    101, 110, 116, 32, 111, 114, 32, 99, 111, 100, 101, 32, 115, 105, 103, 110,
+    105, 110, 103, 44, 32, 97, 110, 100, 32, 116, 104, 101, 32, 99, 111, 110,
+    102, 105, 100, 101, 110, 116, 105, 97, 108, 105, 116, 121, 32, 97, 110, 100,
+    32, 105, 110, 116, 101, 103, 114, 105, 116, 121, 32, 111, 102, 32, 99, 111,
+    109, 109, 117, 110, 105, 99, 97, 116, 105, 111, 110, 115, 46,
+  ]);
+
+  // We want some random key bytes of various sizes.
+  // These were randomly generated from a script.
+  var keyBytes = {
+    128: new Uint8Array([
+      222, 192, 212, 252, 191, 60, 71, 65, 200, 146, 218, 189, 28, 212, 192, 78,
+    ]),
+    192: new Uint8Array([
+      208, 238, 131, 65, 63, 68, 196, 63, 186, 208, 61, 207, 166, 18, 99, 152,
+      29, 109, 221, 95, 240, 30, 28, 246,
+    ]),
+    256: new Uint8Array([
+      103, 105, 56, 35, 251, 29, 88, 7, 63, 145, 236, 233, 204, 58, 249, 16,
+      229, 83, 38, 22, 164, 210, 123, 19, 235, 123, 116, 216, 0, 11, 191, 48,
+    ]),
+  };
+
+  // AES-GCM needs an IV of no more than 2^64 - 1 bytes. Arbitrary 32 bytes is okay then.
+  var iv = new Uint8Array([
+    58, 146, 115, 42, 166, 234, 57, 191, 57, 134, 224, 199, 63, 169, 32, 0, 32,
+    33, 117, 56, 94, 248, 173, 234, 194, 200, 115, 53, 235, 146, 141, 212,
+  ]);
+
+  // Authenticated encryption via AES-GCM requires additional data that
+  // will be checked. We use the ASCII encoded Editorial Note
+  // following the Abstract of the Web Cryptography API recommendation.
+  var additionalData = new Uint8Array([
+    84, 104, 101, 114, 101, 32, 97, 114, 101, 32, 55, 32, 102, 117, 114, 116,
+    104, 101, 114, 32, 101, 100, 105, 116, 111, 114, 105, 97, 108, 32, 110, 111,
+    116, 101, 115, 32, 105, 110, 32, 116, 104, 101, 32, 100, 111, 99, 117, 109,
+    101, 110, 116, 46,
+  ]);
+
+  //  The length of the tag defaults to 16 bytes (128 bit).
+  var tag = {
+    128: new Uint8Array([
+      194, 226, 198, 253, 239, 28, 197, 240, 123, 216, 176, 151, 239, 200, 184,
+      183,
+    ]),
+    192: new Uint8Array([
+      183, 57, 32, 144, 164, 76, 121, 77, 58, 86, 62, 132, 53, 130, 96, 225,
+    ]),
+    256: new Uint8Array([
+      188, 239, 241, 48, 159, 21, 213, 0, 241, 42, 85, 76, 194, 28, 49, 60,
+    ]),
+  };
+
+  var tag_with_empty_ad = {
+    128: new Uint8Array([
+      222, 51, 11, 23, 36, 222, 250, 248, 27, 98, 30, 81, 150, 35, 220, 198,
+    ]),
+    192: new Uint8Array([
+      243, 11, 130, 112, 169, 239, 114, 238, 185, 219, 93, 1, 95, 108, 184, 183,
+    ]),
+    256: new Uint8Array([
+      244, 186, 86, 203, 154, 37, 191, 248, 246, 57, 139, 130, 224, 47, 217,
+      238,
+    ]),
+  };
+
+  // Results. These were created using the Python cryptography module.
+
+  // AES-GCM produces ciphertext and a tag.
+  var ciphertext = {
+    128: new Uint8Array([
+      180, 241, 40, 183, 105, 52, 147, 238, 224, 175, 175, 236, 168, 244, 241,
+      121, 9, 202, 225, 237, 56, 216, 253, 254, 186, 102, 111, 207, 228, 190,
+      130, 177, 159, 246, 6, 53, 249, 113, 228, 254, 81, 126, 253, 191, 100, 43,
+      251, 147, 107, 91, 166, 231, 201, 241, 180, 214, 112, 47, 123, 164, 186,
+      134, 54, 65, 22, 181, 201, 82, 236, 59, 52, 139, 172, 39, 41, 89, 123, 62,
+      102, 167, 82, 150, 250, 93, 96, 169, 135, 89, 245, 255, 164, 192, 169,
+      159, 25, 16, 139, 145, 76, 4, 144, 131, 148, 197, 204, 46, 23, 110, 193,
+      228, 127, 120, 242, 24, 54, 240, 181, 162, 98, 244, 249, 68, 134, 122,
+      126, 151, 38, 108, 116, 68, 150, 109, 38, 194, 21, 159, 140, 205, 183, 35,
+      97, 151, 186, 120, 145, 22, 235, 22, 210, 223, 187, 143, 162, 183, 93,
+      196, 104, 51, 96, 53, 234, 250, 184, 76, 237, 157, 37, 203, 226, 87, 222,
+      75, 240, 95, 218, 222, 64, 81, 165, 75, 201, 216, 190, 13, 116, 217, 69,
+      66, 47, 161, 68, 247, 74, 253, 157, 181, 162, 121, 53, 32, 91, 124, 230,
+      105, 224, 17, 187, 50, 61, 77, 103, 79, 71, 57, 163, 116, 234, 149, 27,
+      105, 24, 31, 159, 3, 128, 130, 42, 94, 125, 200, 142, 251, 148, 201, 17,
+      149, 232, 84, 50, 17, 18, 203, 186, 226, 164, 227, 202, 76, 65, 16, 163,
+      224, 132, 52, 31, 101, 129, 72, 171, 159, 42, 177, 253, 98, 86, 201, 95,
+      117, 62, 12, 205, 78, 36, 126, 196, 121, 89, 185, 37, 161, 66, 181, 117,
+      186, 71, 124, 132, 110, 120, 27, 246, 163, 18, 13, 90, 200, 127, 82, 209,
+      241, 170, 73, 247, 137, 96, 244, 254, 251, 119, 71, 156, 27, 107, 53, 33,
+      45, 22, 0, 144, 48, 32, 11, 116, 21, 125, 246, 217, 171, 158, 224, 142,
+      234, 141, 242, 168, 89, 154, 66, 227, 161, 182, 96, 1, 88, 78, 12, 7, 239,
+      30, 206, 31, 89, 111, 107, 42, 37, 241, 148, 232, 1, 8, 251, 117, 146,
+      183, 9, 48, 39, 94, 59, 70, 230, 26, 165, 97, 156, 140, 141, 31, 62, 10,
+      206, 55, 48, 207, 0, 197, 202, 197, 108, 133, 175, 80, 4, 16, 154, 223,
+      255, 4, 196, 188, 178, 240, 29, 13, 120, 5, 225, 202, 3, 35, 225, 158, 92,
+      152, 73, 205, 107, 157, 224, 245, 99, 194, 171, 156, 245, 247, 183, 165,
+      40, 62, 200, 110, 29, 151, 206, 100, 175, 88, 36, 242, 90, 4, 82, 73, 250,
+      140, 245, 217, 9, 153, 35, 242, 206, 78, 197, 121, 115, 15, 80, 128, 101,
+      191, 240, 91, 151, 249, 62, 62, 244, 18, 3, 17, 135, 222, 210, 93, 149,
+      123,
+    ]),
+
+    192: new Uint8Array([
+      126, 160, 166, 112, 227, 212, 106, 186, 175, 70, 24, 28, 86, 149, 31, 154,
+      156, 190, 244, 132, 44, 61, 149, 242, 105, 67, 17, 136, 7, 146, 153, 170,
+      200, 214, 142, 205, 170, 225, 85, 44, 241, 159, 255, 234, 10, 13, 37, 48,
+      255, 21, 141, 176, 60, 117, 73, 130, 247, 204, 144, 102, 167, 89, 203,
+      235, 229, 129, 122, 253, 124, 179, 115, 118, 163, 157, 67, 141, 122, 146,
+      209, 11, 112, 5, 230, 117, 123, 184, 243, 99, 83, 10, 31, 166, 96, 1, 121,
+      44, 10, 241, 24, 43, 184, 187, 25, 239, 246, 176, 108, 230, 127, 25, 42,
+      67, 202, 140, 179, 104, 159, 75, 103, 43, 248, 98, 166, 179, 67, 0, 163,
+      227, 84, 40, 129, 227, 198, 205, 7, 156, 16, 185, 24, 166, 59, 218, 197,
+      114, 74, 34, 126, 22, 226, 226, 85, 212, 69, 83, 163, 185, 68, 109, 182,
+      54, 209, 237, 96, 184, 32, 53, 127, 175, 13, 146, 141, 115, 164, 184, 98,
+      245, 174, 223, 46, 32, 167, 39, 103, 19, 210, 80, 131, 254, 103, 249, 247,
+      29, 120, 31, 105, 241, 103, 169, 249, 93, 153, 74, 56, 53, 239, 157, 132,
+      236, 169, 246, 242, 24, 113, 97, 128, 238, 152, 148, 31, 84, 8, 52, 105,
+      198, 116, 103, 132, 48, 199, 23, 90, 24, 29, 63, 41, 117, 191, 57, 31,
+      209, 128, 60, 119, 175, 84, 141, 177, 165, 169, 195, 35, 163, 105, 146,
+      157, 209, 93, 149, 105, 160, 93, 231, 78, 201, 92, 235, 200, 89, 37, 50,
+      181, 30, 213, 242, 59, 156, 219, 19, 158, 17, 224, 81, 108, 52, 87, 248,
+      101, 23, 39, 107, 67, 151, 103, 230, 126, 202, 184, 118, 226, 18, 29, 93,
+      37, 208, 40, 82, 113, 35, 157, 145, 152, 50, 253, 140, 47, 141, 192, 1,
+      148, 114, 40, 10, 112, 79, 227, 16, 105, 247, 31, 49, 102, 195, 75, 183,
+      172, 254, 188, 42, 89, 77, 38, 104, 1, 180, 106, 61, 71, 70, 35, 160, 103,
+      101, 244, 26, 226, 37, 159, 155, 4, 107, 222, 219, 136, 37, 24, 246, 44,
+      23, 44, 248, 132, 108, 59, 179, 99, 145, 132, 82, 53, 203, 111, 150, 55,
+      123, 51, 214, 165, 108, 124, 179, 131, 174, 139, 224, 114, 96, 218, 181,
+      243, 128, 198, 98, 115, 92, 95, 165, 23, 229, 108, 146, 14, 244, 162, 37,
+      85, 201, 33, 44, 92, 106, 112, 185, 16, 189, 42, 114, 109, 59, 124, 131,
+      16, 211, 31, 97, 29, 135, 61, 150, 75, 250, 207, 129, 38, 205, 187, 186,
+      55, 207, 232, 24, 48, 232, 49, 226, 16, 12, 27, 70, 31, 124, 128, 218,
+      100, 91, 200, 184, 78, 252, 100, 235, 62, 43, 69, 214, 163, 65, 14, 44,
+      180,
+    ]),
+
+    256: new Uint8Array([
+      8, 97, 235, 113, 70, 32, 135, 131, 210, 209, 124, 160, 255, 182, 9, 29,
+      125, 193, 27, 240, 129, 46, 2, 137, 169, 142, 61, 7, 145, 54, 170, 207,
+      159, 111, 39, 95, 87, 63, 162, 27, 6, 18, 219, 215, 116, 34, 90, 57, 114,
+      244, 102, 145, 67, 6, 51, 152, 247, 165, 242, 116, 100, 219, 177, 72, 177,
+      17, 110, 67, 93, 219, 100, 217, 20, 207, 89, 154, 45, 37, 105, 83, 67,
+      162, 140, 235, 129, 40, 177, 202, 174, 54, 148, 55, 156, 193, 232, 249,
+      134, 163, 195, 51, 114, 116, 65, 38, 73, 99, 96, 249, 224, 69, 17, 119,
+      186, 188, 181, 43, 78, 156, 76, 138, 226, 63, 5, 248, 9, 94, 26, 1, 2,
+      235, 39, 174, 74, 47, 183, 22, 40, 47, 47, 13, 100, 119, 12, 67, 178, 184,
+      56, 167, 238, 143, 13, 44, 208, 185, 151, 108, 6, 17, 52, 122, 182, 210,
+      207, 42, 219, 37, 74, 94, 126, 36, 249, 37, 32, 4, 218, 44, 238, 69, 56,
+      219, 31, 77, 173, 46, 187, 103, 36, 112, 213, 252, 40, 87, 164, 240, 163,
+      159, 32, 129, 125, 178, 108, 47, 28, 31, 36, 42, 115, 36, 14, 145, 195,
+      156, 191, 46, 163, 249, 181, 31, 90, 73, 30, 72, 57, 223, 63, 60, 79, 140,
+      14, 117, 31, 145, 222, 156, 121, 237, 32, 145, 143, 96, 12, 254, 35, 21,
+      21, 59, 168, 171, 154, 217, 0, 59, 202, 175, 103, 214, 192, 175, 26, 18,
+      43, 54, 176, 222, 75, 22, 7, 122, 253, 224, 145, 61, 42, 208, 73, 237, 84,
+      141, 209, 213, 228, 46, 244, 59, 9, 68, 6, 35, 88, 189, 10, 62, 9, 85, 28,
+      44, 82, 19, 153, 160, 178, 240, 56, 160, 244, 201, 173, 77, 61, 20, 227,
+      30, 180, 167, 16, 105, 185, 193, 95, 207, 41, 23, 134, 78, 198, 182, 93,
+      24, 89, 247, 231, 75, 233, 194, 137, 242, 114, 194, 190, 130, 138, 238,
+      94, 137, 193, 194, 115, 137, 190, 207, 169, 83, 155, 14, 210, 160, 129,
+      195, 161, 234, 221, 255, 114, 67, 98, 12, 93, 41, 65, 183, 244, 103, 247,
+      101, 82, 246, 125, 87, 125, 78, 21, 186, 102, 205, 20, 40, 32, 201, 174,
+      15, 52, 240, 217, 180, 162, 108, 6, 211, 41, 18, 135, 232, 184, 18, 188,
+      169, 157, 190, 76, 166, 75, 176, 127, 39, 251, 22, 203, 153, 80, 49, 241,
+      124, 137, 151, 123, 204, 43, 159, 190, 177, 196, 18, 117, 169, 46, 152,
+      251, 45, 25, 164, 27, 145, 214, 228, 55, 15, 2, 131, 216, 80, 255, 204,
+      175, 100, 59, 145, 15, 103, 40, 33, 45, 255, 200, 254, 172, 138, 20, 58,
+      87, 182, 192, 148, 219, 41, 88, 230, 229, 70, 249,
+    ]),
+  };
+
+  return {
+    plaintext,
+    keyBytes,
+    iv,
+    additionalData,
+    tag,
+    tag_with_empty_ad,
+    ciphertext,
+  };
+}
diff --git a/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm_96_iv_fixtures.js b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm_96_iv_fixtures.js
new file mode 100644
index 0000000000..bb00e2d7dd
--- /dev/null
+++ b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm_96_iv_fixtures.js
@@ -0,0 +1,209 @@
+function getFixtures() {
+  // Before we can really start, we need to fill a bunch of buffers with data
+  var plaintext = new Uint8Array([
+    84, 104, 105, 115, 32, 115, 112, 101, 99, 105, 102, 105, 99, 97, 116, 105,
+    111, 110, 32, 100, 101, 115, 99, 114, 105, 98, 101, 115, 32, 97, 32, 74, 97,
+    118, 97, 83, 99, 114, 105, 112, 116, 32, 65, 80, 73, 32, 102, 111, 114, 32,
+    112, 101, 114, 102, 111, 114, 109, 105, 110, 103, 32, 98, 97, 115, 105, 99,
+    32, 99, 114, 121, 112, 116, 111, 103, 114, 97, 112, 104, 105, 99, 32, 111,
+    112, 101, 114, 97, 116, 105, 111, 110, 115, 32, 105, 110, 32, 119, 101, 98,
+    32, 97, 112, 112, 108, 105, 99, 97, 116, 105, 111, 110, 115, 44, 32, 115,
+    117, 99, 104, 32, 97, 115, 32, 104, 97, 115, 104, 105, 110, 103, 44, 32,
+    115, 105, 103, 110, 97, 116, 117, 114, 101, 32, 103, 101, 110, 101, 114, 97,
+    116, 105, 111, 110, 32, 97, 110, 100, 32, 118, 101, 114, 105, 102, 105, 99,
+    97, 116, 105, 111, 110, 44, 32, 97, 110, 100, 32, 101, 110, 99, 114, 121,
+    112, 116, 105, 111, 110, 32, 97, 110, 100, 32, 100, 101, 99, 114, 121, 112,
+    116, 105, 111, 110, 46, 32, 65, 100, 100, 105, 116, 105, 111, 110, 97, 108,
+    108, 121, 44, 32, 105, 116, 32, 100, 101, 115, 99, 114, 105, 98, 101, 115,
+    32, 97, 110, 32, 65, 80, 73, 32, 102, 111, 114, 32, 97, 112, 112, 108, 105,
+    99, 97, 116, 105, 111, 110, 115, 32, 116, 111, 32, 103, 101, 110, 101, 114,
+    97, 116, 101, 32, 97, 110, 100, 47, 111, 114, 32, 109, 97, 110, 97, 103,
+    101, 32, 116, 104, 101, 32, 107, 101, 121, 105, 110, 103, 32, 109, 97, 116,
+    101, 114, 105, 97, 108, 32, 110, 101, 99, 101, 115, 115, 97, 114, 121, 32,
+    116, 111, 32, 112, 101, 114, 102, 111, 114, 109, 32, 116, 104, 101, 115,
+    101, 32, 111, 112, 101, 114, 97, 116, 105, 111, 110, 115, 46, 32, 85, 115,
+    101, 115, 32, 102, 111, 114, 32, 116, 104, 105, 115, 32, 65, 80, 73, 32,
+    114, 97, 110, 103, 101, 32, 102, 114, 111, 109, 32, 117, 115, 101, 114, 32,
+    111, 114, 32, 115, 101, 114, 118, 105, 99, 101, 32, 97, 117, 116, 104, 101,
+    110, 116, 105, 99, 97, 116, 105, 111, 110, 44, 32, 100, 111, 99, 117, 109,
+    101, 110, 116, 32, 111, 114, 32, 99, 111, 100, 101, 32, 115, 105, 103, 110,
+    105, 110, 103, 44, 32, 97, 110, 100, 32, 116, 104, 101, 32, 99, 111, 110,
+    102, 105, 100, 101, 110, 116, 105, 97, 108, 105, 116, 121, 32, 97, 110, 100,
+    32, 105, 110, 116, 101, 103, 114, 105, 116, 121, 32, 111, 102, 32, 99, 111,
+    109, 109, 117, 110, 105, 99, 97, 116, 105, 111, 110, 115, 46,
+  ]);
+
+  // We want some random key bytes of various sizes.
+  // These were randomly generated from a script.
+  var keyBytes = {
+    128: new Uint8Array([
+      222, 192, 212, 252, 191, 60, 71, 65, 200, 146, 218, 189, 28, 212, 192, 78,
+    ]),
+    192: new Uint8Array([
+      208, 238, 131, 65, 63, 68, 196, 63, 186, 208, 61, 207, 166, 18, 99, 152,
+      29, 109, 221, 95, 240, 30, 28, 246,
+    ]),
+    256: new Uint8Array([
+      103, 105, 56, 35, 251, 29, 88, 7, 63, 145, 236, 233, 204, 58, 249, 16,
+      229, 83, 38, 22, 164, 210, 123, 19, 235, 123, 116, 216, 0, 11, 191, 48,
+    ]),
+  };
+
+  // AES-GCM specification recommends that the IV should be 96 bits long.
+  var iv = new Uint8Array([
+    58, 146, 115, 42, 166, 234, 57, 191, 57, 134, 224, 199,
+  ]);
+
+  // Authenticated encryption via AES-GCM requires additional data that
+  // will be checked. We use the ASCII encoded Editorial Note
+  // following the Abstract of the Web Cryptography API recommendation.
+  var additionalData = new Uint8Array([
+    84, 104, 101, 114, 101, 32, 97, 114, 101, 32, 55, 32, 102, 117, 114, 116,
+    104, 101, 114, 32, 101, 100, 105, 116, 111, 114, 105, 97, 108, 32, 110, 111,
+    116, 101, 115, 32, 105, 110, 32, 116, 104, 101, 32, 100, 111, 99, 117, 109,
+    101, 110, 116, 46,
+  ]);
+
+  //  The length of the tag defaults to 16 bytes (128 bit).
+  var tag = {
+    128: new Uint8Array([
+      180, 165, 14, 180, 121, 113, 220, 168, 254, 117, 18, 66, 110, 98, 146,
+      240,
+    ]),
+    192: new Uint8Array([
+      43, 102, 63, 121, 1, 120, 252, 2, 95, 149, 99, 207, 161, 10, 139, 159,
+    ]),
+    256: new Uint8Array([
+      53, 0, 70, 11, 217, 64, 250, 241, 175, 160, 37, 78, 92, 160, 107, 38,
+    ]),
+  };
+
+  var tag_with_empty_ad = {
+    128: new Uint8Array([
+      168, 116, 195, 94, 178, 179, 227, 160, 158, 207, 188, 132, 23, 137, 246,
+      129,
+    ]),
+    192: new Uint8Array([
+      111, 84, 157, 153, 12, 219, 247, 161, 220, 24, 0, 74, 203, 228, 83, 201,
+    ]),
+    256: new Uint8Array([
+      125, 85, 225, 240, 220, 112, 144, 9, 168, 179, 251, 128, 126, 147, 131,
+      244,
+    ]),
+  };
+
+  // Results. These were created using OpenSSL.
+
+  // AES-GCM produces ciphertext and a tag.
+  var ciphertext = {
+    128: new Uint8Array([
+      46, 244, 139, 198, 120, 180, 9, 39, 83, 58, 203, 107, 69, 71, 8, 165, 132,
+      200, 94, 31, 228, 120, 170, 81, 241, 29, 38, 175, 99, 215, 241, 157, 144,
+      97, 35, 42, 36, 231, 2, 94, 214, 140, 67, 48, 189, 242, 21, 208, 110, 179,
+      30, 90, 181, 105, 242, 17, 244, 42, 42, 36, 125, 228, 82, 250, 87, 199,
+      95, 168, 210, 57, 174, 20, 220, 188, 107, 65, 242, 43, 217, 122, 145, 160,
+      100, 139, 54, 135, 175, 139, 115, 89, 15, 236, 234, 83, 2, 135, 51, 125,
+      63, 168, 184, 235, 148, 68, 132, 124, 166, 171, 53, 68, 94, 187, 31, 68,
+      119, 47, 252, 73, 63, 138, 154, 84, 167, 0, 54, 33, 11, 200, 22, 91, 245,
+      62, 64, 192, 7, 180, 210, 52, 233, 23, 24, 181, 50, 230, 63, 118, 228, 24,
+      1, 242, 75, 62, 196, 222, 122, 154, 227, 125, 89, 73, 112, 100, 154, 249,
+      61, 141, 126, 145, 46, 247, 102, 242, 62, 148, 94, 172, 128, 181, 110, 6,
+      7, 209, 58, 222, 51, 169, 83, 189, 200, 47, 22, 80, 49, 169, 227, 245,
+      165, 24, 96, 152, 228, 14, 252, 199, 193, 148, 46, 84, 49, 248, 198, 7, 0,
+      134, 255, 174, 151, 103, 48, 154, 178, 198, 103, 45, 226, 118, 19, 41, 85,
+      2, 55, 71, 7, 6, 0, 24, 150, 145, 227, 162, 126, 102, 248, 134, 116, 174,
+      215, 217, 166, 160, 140, 129, 21, 220, 131, 110, 242, 94, 249, 103, 151,
+      154, 81, 225, 35, 111, 131, 129, 111, 172, 214, 168, 30, 169, 71, 210, 64,
+      68, 56, 228, 223, 248, 233, 234, 140, 86, 145, 121, 29, 232, 55, 165, 61,
+      175, 147, 66, 33, 92, 6, 209, 241, 149, 73, 77, 9, 104, 2, 154, 247, 92,
+      87, 159, 191, 113, 82, 122, 148, 89, 28, 122, 111, 93, 110, 60, 42, 34,
+      70, 161, 14, 50, 153, 238, 189, 173, 99, 10, 118, 252, 1, 28, 67, 151,
+      114, 46, 78, 181, 78, 233, 183, 6, 254, 57, 29, 53, 118, 175, 80, 97, 156,
+      237, 219, 196, 71, 80, 161, 248, 139, 96, 124, 181, 154, 124, 149, 219,
+      47, 90, 11, 98, 63, 21, 64, 144, 77, 161, 204, 127, 209, 209, 7, 86, 65,
+      39, 142, 251, 183, 43, 227, 120, 155, 72, 70, 204, 89, 227, 199, 203, 28,
+      128, 23, 104, 188, 215, 32, 190, 18, 156, 57, 105, 7, 179, 155, 136, 236,
+      82, 173, 156, 170, 124, 210, 22, 11, 27, 182, 236, 109, 200, 172, 227, 72,
+      37, 1, 175, 9, 214, 227, 23, 141, 169, 215, 77, 134, 76, 229, 169, 241,
+      116, 222, 157, 77, 158, 213, 118, 223, 17, 31, 212, 97, 21, 237, 83, 2,
+      218, 239, 59, 147, 30, 169, 97, 12,
+    ]),
+
+    192: new Uint8Array([
+      129, 16, 61, 38, 99, 56, 226, 139, 71, 251, 211, 15, 91, 152, 159, 219,
+      112, 147, 210, 73, 97, 204, 203, 240, 183, 243, 104, 241, 37, 67, 169,
+      198, 56, 76, 96, 202, 250, 212, 177, 157, 93, 115, 247, 176, 19, 3, 229,
+      102, 75, 200, 252, 222, 197, 58, 31, 44, 123, 151, 9, 191, 88, 123, 35,
+      48, 47, 25, 149, 35, 191, 219, 223, 94, 251, 152, 109, 171, 225, 31, 236,
+      252, 223, 174, 128, 238, 173, 32, 32, 79, 22, 100, 112, 215, 153, 128, 63,
+      158, 247, 18, 215, 81, 247, 208, 91, 28, 223, 222, 170, 9, 135, 210, 143,
+      47, 247, 132, 183, 252, 84, 19, 78, 85, 17, 215, 20, 51, 32, 124, 149,
+      172, 129, 202, 161, 217, 207, 24, 45, 177, 11, 106, 17, 108, 17, 12, 6,
+      62, 90, 132, 2, 54, 96, 90, 30, 239, 216, 173, 76, 67, 7, 221, 62, 124,
+      228, 156, 243, 31, 111, 160, 192, 188, 87, 107, 182, 138, 95, 122, 152,
+      202, 51, 118, 100, 124, 67, 220, 116, 52, 99, 15, 39, 2, 14, 209, 173,
+      119, 88, 6, 174, 106, 236, 150, 28, 189, 112, 161, 224, 186, 58, 110, 91,
+      54, 211, 132, 149, 7, 188, 77, 232, 118, 197, 43, 107, 101, 179, 44, 195,
+      159, 4, 124, 5, 30, 48, 227, 251, 199, 72, 98, 177, 206, 234, 228, 58,
+      191, 150, 28, 211, 29, 182, 138, 141, 249, 152, 142, 244, 203, 210, 128,
+      143, 244, 44, 187, 251, 221, 101, 152, 31, 119, 194, 51, 27, 167, 215,
+      122, 244, 193, 224, 191, 198, 210, 2, 143, 185, 207, 145, 228, 193, 153,
+      207, 119, 167, 75, 145, 43, 17, 1, 42, 146, 164, 21, 15, 164, 221, 216,
+      140, 122, 248, 49, 19, 246, 84, 214, 176, 226, 118, 140, 130, 123, 163,
+      217, 61, 198, 243, 182, 217, 52, 127, 190, 127, 135, 18, 239, 163, 195,
+      102, 136, 227, 128, 38, 244, 49, 208, 229, 249, 126, 157, 100, 72, 246,
+      10, 102, 163, 241, 155, 112, 165, 95, 32, 61, 66, 24, 233, 123, 236, 190,
+      124, 214, 65, 135, 114, 118, 122, 222, 196, 47, 120, 120, 64, 117, 253,
+      165, 28, 17, 152, 104, 119, 10, 53, 140, 109, 79, 246, 246, 28, 104, 228,
+      175, 102, 71, 246, 183, 79, 30, 31, 186, 32, 64, 146, 72, 228, 1, 175,
+      252, 115, 254, 95, 66, 87, 196, 134, 41, 115, 165, 206, 253, 245, 147,
+      137, 163, 230, 235, 238, 77, 218, 74, 157, 65, 97, 43, 198, 130, 190, 195,
+      142, 22, 166, 4, 179, 184, 167, 254, 156, 243, 38, 46, 66, 68, 252, 252,
+      161, 209, 83, 177, 128, 115, 92, 158, 182, 177, 185, 23, 39, 138, 245, 29,
+      216, 17, 178, 142, 225, 135, 8, 115,
+    ]),
+
+    256: new Uint8Array([
+      191, 72, 167, 1, 122, 218, 148, 218, 15, 239, 202, 129, 96, 108, 229, 157,
+      138, 161, 232, 71, 80, 188, 118, 61, 75, 105, 120, 201, 14, 102, 102, 240,
+      111, 131, 180, 83, 95, 73, 2, 138, 205, 56, 9, 137, 227, 235, 73, 71, 200,
+      62, 246, 0, 223, 209, 3, 255, 113, 112, 63, 103, 41, 154, 77, 13, 149, 89,
+      94, 79, 132, 193, 114, 40, 158, 33, 55, 242, 130, 109, 136, 69, 124, 130,
+      150, 40, 69, 211, 224, 154, 209, 243, 65, 58, 230, 253, 31, 21, 72, 102,
+      18, 250, 139, 230, 235, 11, 108, 184, 133, 108, 181, 138, 188, 189, 91,
+      91, 115, 216, 68, 9, 229, 30, 154, 132, 118, 219, 183, 235, 177, 197, 221,
+      58, 13, 90, 126, 198, 74, 87, 162, 226, 7, 51, 184, 15, 209, 81, 86, 138,
+      169, 154, 12, 206, 58, 187, 228, 177, 68, 65, 62, 68, 141, 93, 241, 105,
+      29, 239, 20, 102, 222, 49, 209, 18, 162, 247, 200, 240, 122, 244, 204,
+      148, 67, 58, 118, 164, 95, 230, 68, 242, 203, 138, 145, 132, 6, 224, 206,
+      234, 131, 183, 137, 249, 2, 11, 254, 123, 235, 70, 14, 136, 207, 76, 57,
+      22, 38, 49, 197, 219, 123, 43, 241, 191, 64, 211, 152, 178, 140, 165, 1,
+      189, 52, 79, 184, 213, 56, 215, 182, 27, 27, 70, 243, 101, 255, 50, 108,
+      210, 105, 13, 22, 218, 176, 238, 36, 113, 251, 18, 218, 138, 214, 193, 21,
+      122, 224, 125, 118, 134, 161, 174, 130, 86, 233, 149, 151, 33, 31, 88, 63,
+      91, 63, 209, 145, 158, 109, 42, 176, 43, 23, 151, 49, 101, 199, 35, 101,
+      158, 139, 198, 219, 209, 125, 221, 205, 99, 69, 142, 165, 139, 110, 220,
+      184, 226, 238, 149, 161, 175, 171, 167, 170, 65, 19, 156, 166, 219, 231,
+      87, 20, 226, 58, 210, 134, 110, 160, 176, 118, 250, 73, 86, 213, 116, 53,
+      114, 24, 101, 34, 185, 59, 237, 47, 39, 206, 67, 12, 74, 236, 130, 7, 249,
+      217, 203, 245, 122, 14, 230, 53, 203, 126, 93, 131, 51, 2, 0, 231, 161,
+      111, 42, 126, 173, 121, 80, 179, 59, 186, 133, 236, 252, 188, 149, 99,
+      221, 182, 55, 5, 38, 83, 132, 43, 123, 233, 174, 208, 140, 165, 77, 1,
+      202, 46, 6, 183, 207, 246, 125, 37, 110, 226, 61, 155, 194, 198, 153, 107,
+      1, 8, 0, 23, 124, 18, 4, 144, 235, 146, 77, 220, 123, 152, 114, 219, 127,
+      59, 126, 10, 79, 106, 198, 11, 27, 111, 11, 155, 1, 137, 38, 74, 3, 248,
+      225, 221, 203, 86, 4, 148, 25, 88, 144, 185, 38, 114, 139, 48, 74, 82,
+      172, 36, 115, 193, 223, 220, 144, 69, 91, 5, 83, 56, 138, 63,
+    ]),
+  };
+
+  return {
+    plaintext,
+    keyBytes,
+    iv,
+    additionalData,
+    tag,
+    tag_with_empty_ad,
+    ciphertext,
+  };
+}
diff --git a/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm_vectors.js b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm_vectors.js
new file mode 100644
index 0000000000..965fe9564d
--- /dev/null
+++ b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/aes_gcm_vectors.js
@@ -0,0 +1,76 @@
+// aes_gcm_vectors.js
+
+// The following function returns an array of test vectors
+// for the subtleCrypto encrypt method.
+//
+// Each test vector has the following fields:
+//     name - a unique name for this vector
+//     keyBuffer - an arrayBuffer with the key data in raw form
+//     key - a CryptoKey object for the keyBuffer. INITIALLY null! You must fill this in first to use it!
+//     algorithm - the value of the AlgorithmIdentifier parameter to provide to encrypt
+//     plaintext - the text to encrypt
+//     result - the expected result (usually just ciphertext, sometimes with added authentication)
+function getTestVectors() {
+    const {
+      plaintext,
+      keyBytes,
+      iv,
+      additionalData,
+      tag,
+      tag_with_empty_ad,
+      ciphertext,
+    } = getFixtures();
+
+    var keyLengths = [128, 192, 256];
+    var tagLengths = [32, 64, 96, 104, 112, 120, 128];
+
+    // All the scenarios that should succeed, if the key has "encrypt" usage
+    var passing = [];
+    keyLengths.forEach(function(keyLength) {
+        tagLengths.forEach(function(tagLength) {
+            var byteCount = tagLength / 8;
+
+            var result = new Uint8Array(ciphertext[keyLength].byteLength + byteCount);
+            result.set(ciphertext[keyLength], 0);
+            result.set(tag[keyLength].slice(0, byteCount), ciphertext[keyLength].byteLength);
+            passing.push({
+                    name: "AES-GCM " + keyLength.toString() + "-bit key, " + tagLength.toString() + "-bit tag, " + (iv.byteLength << 3).toString() + "-bit iv",
+                    keyBuffer: keyBytes[keyLength],
+                    key: null,
+                    algorithm: {name: "AES-GCM", iv: iv, additionalData: additionalData, tagLength: tagLength},
+                    plaintext: plaintext,
+                    result: result
+            });
+
+            var noadresult = new Uint8Array(ciphertext[keyLength].byteLength + byteCount);
+            noadresult.set(ciphertext[keyLength], 0);
+            noadresult.set(tag_with_empty_ad[keyLength].slice(0, byteCount), ciphertext[keyLength].byteLength);
+            passing.push({
+                    name: "AES-GCM " + keyLength.toString() + "-bit key, no additional data, " + tagLength.toString() + "-bit tag, " + (iv.byteLength << 3).toString() + "-bit iv",
+                    keyBuffer: keyBytes[keyLength],
+                    key: null,
+                    algorithm: {name: "AES-GCM", iv: iv, tagLength: tagLength},
+                    plaintext: plaintext,
+                    result: noadresult
+            });
+        });
+    });
+
+    // Scenarios that should fail because of a bad tag length, causing an OperationError
+    var failing = [];
+    keyLengths.forEach(function(keyLength) {
+        // First, make some tests for bad tag lengths
+        [24, 48, 72, 95, 129].forEach(function(badTagLength) {
+            failing.push({
+                name: "AES-GCM " + keyLength.toString() + "-bit key, " + (iv.byteLength << 3).toString() + "-bit iv, " + "illegal tag length " + badTagLength.toString() + "-bits",
+                keyBuffer: keyBytes[keyLength],
+                key: null,
+                algorithm: {name: "AES-GCM", iv: iv, additionalData: additionalData, tagLength: badTagLength},
+                plaintext: plaintext,
+                result: ciphertext[keyLength]
+            });
+        });
+    });
+
+    return {passing: passing, failing: failing, decryptionFailing: []};
+}
diff --git a/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/rsa.js b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/rsa.js
new file mode 100644
index 0000000000..5eae06e474
--- /dev/null
+++ b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/rsa.js
@@ -0,0 +1,378 @@
+
+function run_test() {
+    var subtle = self.crypto.subtle; // Change to test prefixed implementations
+
+    // When are all these tests really done? When all the promises they use have resolved.
+    var all_promises = [];
+
+    // Source file rsa_vectors.js provides the getTestVectors method
+    // for the RSA-OAEP algorithm that drives these tests.
+    var vectors = getTestVectors();
+    var passingVectors = vectors.passing;
+    var failingVectors = vectors.failing;
+
+    // Test decryption, first, because encryption tests rely on that working
+    passingVectors.forEach(function(vector) {
+        var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"])
+        .then(function(vectors) {
+            // Get a one byte longer plaintext to encrypt
+            if (!("ciphertext" in vector)) {
+                return;
+            }
+
+            promise_test(function(test) {
+                return subtle.decrypt(vector.algorithm, vector.privateKey, vector.ciphertext)
+                .then(function(plaintext) {
+                    assert_true(equalBuffers(plaintext, vector.plaintext, "Decryption works"));
+                }, function(err) {
+                    assert_unreached("Decryption should not throw error " + vector.name + ": " + err.message + "'");
+                });
+            }, vector.name + " decryption");
+
+        }, function(err) {
+            // We need a failed test if the importVectorKey operation fails, so
+            // we know we never tested encryption
+            promise_test(function(test) {
+                assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
+            }, "importVectorKeys step: " + vector.name + " decryption");
+        });
+
+        all_promises.push(promise);
+    });
+
+    // Test decryption with an altered buffer
+    passingVectors.forEach(function(vector) {
+        var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"])
+        .then(function(vectors) {
+            // Get a one byte longer plaintext to encrypt
+            if (!("ciphertext" in vector)) {
+                return;
+            }
+
+            promise_test(function(test) {
+                var ciphertext = copyBuffer(vector.ciphertext);
+                var operation = subtle.decrypt(vector.algorithm, vector.privateKey, ciphertext)
+                .then(function(plaintext) {
+                    assert_true(equalBuffers(plaintext, vector.plaintext, "Decryption works"));
+                }, function(err) {
+                    assert_unreached("Decryption should not throw error " + vector.name + ": " + err.message + "'");
+                });
+                ciphertext[0] = 255 - ciphertext[0];
+                return operation;
+            }, vector.name + " decryption with altered ciphertext");
+
+        }, function(err) {
+            // We need a failed test if the importVectorKey operation fails, so
+            // we know we never tested encryption
+            promise_test(function(test) {
+                assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
+            }, "importVectorKeys step: " + vector.name + " decryption with altered ciphertext");
+        });
+
+        all_promises.push(promise);
+    });
+
+    // Check for failures due to using publicKey to decrypt.
+    passingVectors.forEach(function(vector) {
+        var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"])
+        .then(function(vectors) {
+            promise_test(function(test) {
+                return subtle.decrypt(vector.algorithm, vector.publicKey, vector.ciphertext)
+                .then(function(plaintext) {
+                    assert_unreached("Should have thrown error for using publicKey to decrypt in " + vector.name + ": " + err.message + "'");
+                }, function(err) {
+                    assert_equals(err.name, "InvalidAccessError", "Should throw InvalidAccessError instead of " + err.message);
+                });
+            }, vector.name + " using publicKey to decrypt");
+
+        }, function(err) {
+            // We need a failed test if the importVectorKey operation fails, so
+            // we know we never tested encryption
+            promise_test(function(test) {
+                assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
+            }, "importVectorKeys step: " + vector.name + " using publicKey to decrypt");
+        });
+
+        all_promises.push(promise);
+    });
+
+
+    // Check for failures due to no "decrypt" usage.
+    passingVectors.forEach(function(originalVector) {
+        var vector = Object.assign({}, originalVector);
+
+        var promise = importVectorKeys(vector, ["encrypt"], ["unwrapKey"])
+        .then(function(vectors) {
+            // Get a one byte longer plaintext to encrypt
+            promise_test(function(test) {
+                return subtle.decrypt(vector.algorithm, vector.publicKey, vector.ciphertext)
+                .then(function(plaintext) {
+                    assert_unreached("Should have thrown error for no decrypt usage in " + vector.name + ": " + err.message + "'");
+                }, function(err) {
+                    assert_equals(err.name, "InvalidAccessError", "Should throw InvalidAccessError instead of " + err.message);
+                });
+            }, vector.name + " no decrypt usage");
+
+        }, function(err) {
+            // We need a failed test if the importVectorKey operation fails, so
+            // we know we never tested encryption
+            promise_test(function(test) {
+                assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
+            }, "importVectorKeys step: " + vector.name + " no decrypt usage");
+        });
+
+        all_promises.push(promise);
+    });
+
+
+    // Check for successful encryption even if plaintext is altered after call.
+    passingVectors.forEach(function(vector) {
+        var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"])
+        .then(function(vectors) {
+            promise_test(function(test) {
+                var plaintext = copyBuffer(vector.plaintext);
+                var operation = subtle.encrypt(vector.algorithm, vector.publicKey, plaintext)
+                .then(function(ciphertext) {
+                    assert_equals(ciphertext.byteLength * 8, vector.privateKey.algorithm.modulusLength, "Ciphertext length matches modulus length");
+                    // Can we get the original plaintext back via decrypt?
+                    return subtle.decrypt(vector.algorithm, vector.privateKey, ciphertext)
+                    .then(function(result) {
+                        assert_true(equalBuffers(result, vector.plaintext), "Round trip returns original plaintext");
+                        return ciphertext;
+                    }, function(err) {
+                        assert_unreached("decrypt error for test " + vector.name + ": " + err.message + "'");
+                    });
+                })
+                .then(function(priorCiphertext) {
+                    // Will a second encrypt give us different ciphertext, as it should?
+                    return subtle.encrypt(vector.algorithm, vector.publicKey, vector.plaintext)
+                    .then(function(ciphertext) {
+                        assert_false(equalBuffers(priorCiphertext, ciphertext), "Two encrypts give different results")
+                    }, function(err) {
+                        assert_unreached("second time encrypt error for test " + vector.name + ": '" + err.message + "'");
+                    });
+                }, function(err) {
+                    assert_unreached("decrypt error for test " + vector.name + ": '" + err.message + "'");
+                });
+
+                plaintext[0] = 255 - plaintext[0];
+                return operation;
+            }, vector.name + " with altered plaintext");
+
+        }, function(err) {
+            // We need a failed test if the importVectorKey operation fails, so
+            // we know we never tested encryption
+            promise_test(function(test) {
+                assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
+            }, "importVectorKeys step: " + vector.name + " with altered plaintext");
+        });
+
+        all_promises.push(promise);
+    });
+
+    // Check for successful encryption.
+    passingVectors.forEach(function(vector) {
+        var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"])
+        .then(function(vectors) {
+            promise_test(function(test) {
+                return subtle.encrypt(vector.algorithm, vector.publicKey, vector.plaintext)
+                .then(function(ciphertext) {
+                    assert_equals(ciphertext.byteLength * 8, vector.privateKey.algorithm.modulusLength, "Ciphertext length matches modulus length");
+
+                    // Can we get the original plaintext back via decrypt?
+                    return subtle.decrypt(vector.algorithm, vector.privateKey, ciphertext)
+                    .then(function(result) {
+                        assert_true(equalBuffers(result, vector.plaintext), "Round trip returns original plaintext");
+                        return ciphertext;
+                    }, function(err) {
+                        assert_unreached("decrypt error for test " + vector.name + ": " + err.message + "'");
+                    });
+                })
+                .then(function(priorCiphertext) {
+                    // Will a second encrypt give us different ciphertext, as it should?
+                    return subtle.encrypt(vector.algorithm, vector.publicKey, vector.plaintext)
+                    .then(function(ciphertext) {
+                        assert_false(equalBuffers(priorCiphertext, ciphertext), "Two encrypts give different results")
+                    }, function(err) {
+                        assert_unreached("second time encrypt error for test " + vector.name + ": '" + err.message + "'");
+                    });
+                }, function(err) {
+                    assert_unreached("decrypt error for test " + vector.name + ": '" + err.message + "'");
+                });
+            }, vector.name);
+
+        }, function(err) {
+            // We need a failed test if the importVectorKey operation fails, so
+            // we know we never tested encryption
+            promise_test(function(test) {
+                assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
+            }, "importVectorKeys step: " + vector.name);
+        });
+
+        all_promises.push(promise);
+    });
+
+    // Check for failures due to too long plaintext.
+    passingVectors.forEach(function(vector) {
+        var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"])
+        .then(function(vectors) {
+            // Get a one byte longer plaintext to encrypt
+            var plaintext = new Uint8Array(vector.plaintext.byteLength + 1);
+            plaintext.set(plaintext, 0);
+            plaintext.set(new Uint8Array([32]), vector.plaintext.byteLength);
+            promise_test(function(test) {
+                return subtle.encrypt(vector.algorithm, vector.publicKey, plaintext)
+                .then(function(ciphertext) {
+                    assert_unreached("Should have thrown error for too long plaintext in " + vector.name + ": " + err.message + "'");
+                }, function(err) {
+                    assert_equals(err.name, "OperationError", "Should throw OperationError instead of " + err.message);
+                });
+            }, vector.name + " too long plaintext");
+
+        }, function(err) {
+            // We need a failed test if the importVectorKey operation fails, so
+            // we know we never tested encryption
+            promise_test(function(test) {
+                assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
+            }, "importVectorKeys step: " + vector.name + " too long plaintext");
+        });
+
+        all_promises.push(promise);
+    });
+
+
+    // Check for failures due to using privateKey to encrypt.
+    passingVectors.forEach(function(vector) {
+        var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"])
+        .then(function(vectors) {
+            promise_test(function(test) {
+                return subtle.encrypt(vector.algorithm, vector.privateKey, vector.plaintext)
+                .then(function(ciphertext) {
+                    assert_unreached("Should have thrown error for using privateKey to encrypt in " + vector.name + ": " + err.message + "'");
+                }, function(err) {
+                    assert_equals(err.name, "InvalidAccessError", "Should throw InvalidAccessError instead of " + err.message);
+                });
+            }, vector.name + " using privateKey to encrypt");
+
+        }, function(err) {
+            // We need a failed test if the importVectorKey operation fails, so
+            // we know we never tested encryption
+            promise_test(function(test) {
+                assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
+            }, "importVectorKeys step: " + vector.name + " using privateKey to encrypt");
+        });
+
+        all_promises.push(promise);
+    });
+
+
+    // Check for failures due to no "encrypt usage".
+    passingVectors.forEach(function(originalVector) {
+        var vector = Object.assign({}, originalVector);
+
+        var promise = importVectorKeys(vector, [], ["decrypt"])
+        .then(function(vectors) {
+            // Get a one byte longer plaintext to encrypt
+            promise_test(function(test) {
+                return subtle.encrypt(vector.algorithm, vector.publicKey, vector.plaintext)
+                .then(function(ciphertext) {
+                    assert_unreached("Should have thrown error for no encrypt usage in " + vector.name + ": " + err.message + "'");
+                }, function(err) {
+                    assert_equals(err.name, "InvalidAccessError", "Should throw InvalidAccessError instead of " + err.message);
+                });
+            }, vector.name + " no encrypt usage");
+
+        }, function(err) {
+            // We need a failed test if the importVectorKey operation fails, so
+            // we know we never tested encryption
+            promise_test(function(test) {
+                assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
+            }, "importVectorKeys step: " + vector.name + " no encrypt usage");
+        });
+
+        all_promises.push(promise);
+    });
+
+    promise_test(function() {
+        return Promise.all(all_promises)
+            .then(function() {done();})
+            .catch(function() {done();})
+    }, "setup");
+
+    // A test vector has all needed fields for encryption, EXCEPT that the
+    // key field may be null. This function replaces that null with the Correct
+    // CryptoKey object.
+    //
+    // Returns a Promise that yields an updated vector on success.
+    function importVectorKeys(vector, publicKeyUsages, privateKeyUsages) {
+        var publicPromise, privatePromise;
+
+        if (vector.publicKey !== null) {
+            publicPromise = new Promise(function(resolve, reject) {
+                resolve(vector);
+            });
+        } else {
+            publicPromise = subtle.importKey(vector.publicKeyFormat, vector.publicKeyBuffer, {name: vector.algorithm.name, hash: vector.hash}, false, publicKeyUsages)
+            .then(function(key) {
+                vector.publicKey = key;
+                return vector;
+            });        // Returns a copy of the sourceBuffer it is sent.
+        function copyBuffer(sourceBuffer) {
+            var source = new Uint8Array(sourceBuffer);
+            var copy = new Uint8Array(sourceBuffer.byteLength)
+
+            for (var i=0; i<source.byteLength; i++) {
+                copy[i] = source[i];
+            }
+
+            return copy;
+        }
+
+        }
+
+        if (vector.privateKey !== null) {
+            privatePromise = new Promise(function(resolve, reject) {
+                resolve(vector);
+            });
+        } else {
+            privatePromise = subtle.importKey(vector.privateKeyFormat, vector.privateKeyBuffer, {name: vector.algorithm.name, hash: vector.hash}, false, privateKeyUsages)
+            .then(function(key) {
+                vector.privateKey = key;
+                return vector;
+            });
+        }
+
+        return Promise.all([publicPromise, privatePromise]);
+    }
+
+    // Returns a copy of the sourceBuffer it is sent.
+    function copyBuffer(sourceBuffer) {
+        var source = new Uint8Array(sourceBuffer);
+        var copy = new Uint8Array(sourceBuffer.byteLength)
+
+        for (var i=0; i<source.byteLength; i++) {
+            copy[i] = source[i];
+        }
+
+        return copy;
+    }
+
+    function equalBuffers(a, b) {
+        if (a.byteLength !== b.byteLength) {
+            return false;
+        }
+
+        var aBytes = new Uint8Array(a);
+        var bBytes = new Uint8Array(b);
+
+        for (var i=0; i<a.byteLength; i++) {
+            if (aBytes[i] !== bBytes[i]) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    return;
+}
diff --git a/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/rsa_oaep.https.any.js b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/rsa_oaep.https.any.js
new file mode 100644
index 0000000000..20fd17c571
--- /dev/null
+++ b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/rsa_oaep.https.any.js
@@ -0,0 +1,6 @@
+// META: title=WebCryptoAPI: encrypt() Using RSA-OAEP
+// META: script=rsa_vectors.js
+// META: script=rsa.js
+// META: timeout=long
+
+run_test();
diff --git a/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/rsa_vectors.js b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/rsa_vectors.js
new file mode 100644
index 0000000000..fcc732eddc
--- /dev/null
+++ b/testing/web-platform/tests/WebCryptoAPI/encrypt_decrypt/rsa_vectors.js
@@ -0,0 +1,204 @@
+
+// rsa_vectors.js
+
+// Data for testing RSA-OAEP with a 2048-bit modulus and 65537 public exponent.
+
+// The following function returns an array of test vectors
+// for the subtleCrypto encrypt method.
+//
+// Each test vector has the following fields:
+//     name - a unique name for this vector
+//     publicKeyBuffer - an arrayBuffer with the key data
+//     publicKeyFormat - "spki" "jwk"
+//     publicKey - a CryptoKey object for the keyBuffer. INITIALLY null! You must fill this in first to use it!
+//     privateKeyBuffer - an arrayBuffer with the key data
+//     privateKeyFormat - "pkcs8" or "jwk"
+//     privateKey - a CryptoKey object for the keyBuffer. INITIALLY null! You must fill this in first to use it!
+//     algorithm - the value of the AlgorithmIdentifier parameter to provide to encrypt
+//     plaintext - the text to encrypt
+//     result - the expected result (usually just ciphertext, sometimes with added authentication)
+function getTestVectors() {
+    var pkcs8 = new Uint8Array([48, 130, 4, 191, 2, 1, 0, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 4, 130, 4, 169, 48, 130, 4, 165, 2, 1, 0, 2, 130, 1, 1, 0, 211, 87, 96, 146, 230, 41, 87, 54, 69, 68, 231, 228, 35, 59, 123, 219, 41, 61, 178, 8, 81, 34, 196, 121, 50, 133, 70, 249, 240, 247, 18, 246, 87, 196, 177, 120, 104, 201, 48, 144, 140, 197, 148, 247, 237, 0, 192, 20, 66, 193, 175, 4, 194, 246, 120, 164, 139, 162, 200, 15, 209, 113, 62, 48, 181, 172, 80, 120, 122, 195, 81, 101, 137, 241, 113, 150, 127, 99, 134, 173, 163, 73, 0, 166, 187, 4, 238, 206, 164, 43, 240, 67, 206, 217, 160, 249, 77, 12, 192, 158, 145, 155, 157, 113, 102, 192, 138, 182, 206, 32, 70, 64, 174, 164, 196, 146, 13, 182, 216, 110, 185, 22, 208, 220, 192, 244, 52, 26, 16, 56, 4, 41, 231, 225, 3, 33, 68, 234, 148, 157, 232, 246, 192, 204, 191, 149, 250, 142, 146, 141, 112, 216, 163, 140, 225, 104, 219, 69, 246, 241, 52, 102, 61, 111, 101, 111, 92, 234, 188, 114, 93, 168, 192, 42, 171, 234, 170, 19, 172, 54, 167, 92, 192, 186, 225, 53, 223, 49, 20, 182, 101, 137, 199, 237, 60, 182, 21, 89, 174, 90, 56, 79, 22, 43, 250, 128, 219, 228, 97, 127, 134, 195, 241, 208, 16, 201, 79, 226, 201, 191, 1, 154, 110, 99, 179, 239, 192, 40, 212, 60, 238, 97, 28, 133, 236, 38, 60, 144, 108, 70, 55, 114, 198, 145, 27, 25, 238, 192, 150, 202, 118, 236, 94, 49, 225, 227, 2, 3, 1, 0, 1, 2, 130, 1, 1, 0, 139, 55, 92, 203, 135, 200, 37, 197, 255, 61, 83, 208, 9, 145, 110, 150, 65, 5, 126, 24, 82, 114, 39, 160, 122, 178, 38, 190, 16, 136, 129, 58, 59, 56, 187, 123, 72, 243, 119, 5, 81, 101, 250, 42, 147, 57, 210, 77, 198, 103, 213, 197, 186, 52, 39, 230, 164, 129, 23, 110, 172, 21, 255, 212, 144, 104, 49, 30, 28, 40, 59, 159, 58, 142, 12, 184, 9, 180, 99, 12, 80, 170, 143, 62, 69, 166, 11, 53, 158, 25, 191, 140, 187, 94, 202, 214, 78, 118, 31, 16, 149, 116, 63, 243, 106, 175, 92, 240, 236, 185, 127, 237, 173, 221, 166, 11, 91, 243, 93, 129, 26, 117, 184, 34, 35, 12, 250, 160, 25, 47, 173, 64, 84, 126, 39, 84, 72, 170, 51, 22, 191, 142, 43, 76, 224, 133, 79, 199, 112, 139, 83, 123, 162, 45, 19, 33, 11, 9, 174, 195, 122, 39, 89, 239, 192, 130, 161, 83, 27, 35, 169, 23, 48, 3, 125, 222, 78, 242, 107, 95, 150, 239, 220, 195, 159, 211, 76, 52, 90, 213, 28, 187, 228, 79, 229, 139, 138, 59, 78, 201, 151, 134, 108, 8, 109, 255, 27, 136, 49, 239, 10, 31, 234, 38, 60, 247, 218, 205, 3, 192, 76, 188, 194, 178, 121, 229, 127, 165, 185, 83, 153, 107, 251, 29, 214, 136, 23, 175, 127, 180, 44, 222, 247, 165, 41, 74, 87, 250, 194, 184, 173, 115, 159, 27, 2, 153, 2, 129, 129, 0, 251, 248, 51, 194, 198, 49, 201, 112, 36, 12, 142, 116, 133, 240, 106, 62, 162, 168, 72, 34, 81, 26, 134, 39, 221, 70, 78, 248, 175, 175, 113, 72, 209, 164, 37, 182, 184, 101, 125, 221, 82, 70, 131, 43, 142, 83, 48, 32, 197, 187, 181, 104, 133, 90, 106, 236, 62, 66, 33, 215, 147, 241, 220, 91, 47, 37, 132, 226, 65, 94, 72, 233, 162, 189, 41, 43, 19, 64, 49, 249, 156, 142, 180, 47, 192, 188, 208, 68, 155, 242, 44, 230, 222, 201, 112, 20, 239, 229, 172, 147, 235, 232, 53, 135, 118, 86, 37, 44, 187, 177, 108, 65, 91, 103, 177, 132, 210, 40, 69, 104, 162, 119, 213, 147, 53, 88, 92, 253, 2, 129, 129, 0, 214, 184, 206, 39, 199, 41, 93, 93, 22, 252, 53, 112, 237, 100, 200, 218, 147, 3, 250, 210, 148, 136, 193, 166, 94, 154, 215, 17, 249, 3, 112, 24, 125, 187, 253, 129, 49, 109, 105, 100, 139, 200, 140, 197, 200, 53, 81, 175, 255, 69, 222, 186, 207, 182, 17, 5, 247, 9, 228, 195, 8, 9, 185, 0, 49, 235, 214, 134, 36, 68, 150, 198, 246, 158, 105, 46, 189, 200, 20, 246, 66, 57, 244, 173, 21, 117, 110, 203, 120, 197, 165, 176, 153, 49, 219, 24, 48, 119, 197, 70, 163, 140, 76, 116, 56, 137, 173, 61, 62, 208, 121, 181, 98, 46, 208, 18, 15, 160, 225, 249, 59, 89, 61, 183, 216, 82, 224, 95, 2, 129, 128, 56, 135, 75, 157, 131, 247, 129, 120, 206, 45, 158, 252, 23, 92, 131, 137, 127, 214, 127, 48, 107, 191, 166, 159, 100, 238, 52, 35, 104, 206, 212, 124, 128, 195, 241, 206, 23, 122, 117, 141, 100, 186, 251, 12, 151, 134, 164, 66, 133, 250, 1, 205, 236, 53, 7, 205, 238, 125, 201, 183, 226, 178, 29, 60, 187, 204, 16, 14, 238, 153, 103, 132, 59, 5, 115, 41, 253, 204, 166, 41, 152, 237, 15, 17, 179, 140, 232, 176, 171, 199, 222, 57, 1, 124, 113, 207, 208, 174, 87, 84, 108, 85, 145, 68, 205, 208, 175, 208, 100, 95, 126, 168, 255, 7, 185, 116, 209, 237, 68, 253, 31, 142, 0, 245, 96, 191, 109, 69, 2, 129, 129, 0, 133, 41, 239, 144, 115, 207, 143, 123, 95, 249, 226, 26, 186, 223, 58, 65, 115, 211, 144, 6, 112, 223, 175, 89, 66, 106, 188, 223, 4, 147, 193, 61, 47, 29, 27, 70, 184, 36, 166, 172, 24, 148, 179, 217, 37, 37, 12, 24, 30, 52, 114, 193, 96, 120, 5, 110, 177, 154, 141, 40, 247, 31, 48, 128, 146, 117, 52, 129, 212, 148, 68, 253, 247, 140, 158, 166, 194, 68, 7, 220, 1, 142, 119, 211, 175, 239, 56, 91, 47, 247, 67, 158, 150, 35, 121, 65, 51, 45, 212, 70, 206, 190, 255, 219, 68, 4, 254, 79, 113, 89, 81, 97, 208, 22, 64, 44, 51, 77, 15, 87, 198, 26, 190, 79, 249, 244, 203, 249, 2, 129, 129, 0, 135, 216, 119, 8, 212, 103, 99, 228, 204, 190, 178, 209, 233, 113, 46, 91, 240, 33, 109, 112, 222, 148, 32, 165, 178, 6, 155, 116, 89, 185, 159, 93, 159, 127, 47, 173, 124, 215, 154, 174, 230, 122, 127, 154, 52, 67, 126, 60, 121, 168, 74, 240, 205, 141, 233, 223, 242, 104, 235, 12, 71, 147, 245, 1, 249, 136, 213, 64, 246, 211, 71, 92, 32, 121, 184, 34, 122, 35, 217, 104, 222, 196, 227, 198, 101, 3, 24, 113, 147, 69, 150, 48, 71, 43, 253, 182, 186, 29, 231, 134, 199, 151, 250, 111, 78, 166, 90, 42, 132, 25, 38, 47, 41, 103, 136, 86, 203, 115, 201, 189, 75, 200, 155, 94, 4, 27, 34, 119]);
+    var spki = new Uint8Array([48, 130, 1, 34, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 1, 15, 0, 48, 130, 1, 10, 2, 130, 1, 1, 0, 211, 87, 96, 146, 230, 41, 87, 54, 69, 68, 231, 228, 35, 59, 123, 219, 41, 61, 178, 8, 81, 34, 196, 121, 50, 133, 70, 249, 240, 247, 18, 246, 87, 196, 177, 120, 104, 201, 48, 144, 140, 197, 148, 247, 237, 0, 192, 20, 66, 193, 175, 4, 194, 246, 120, 164, 139, 162, 200, 15, 209, 113, 62, 48, 181, 172, 80, 120, 122, 195, 81, 101, 137, 241, 113, 150, 127, 99, 134, 173, 163, 73, 0, 166, 187, 4, 238, 206, 164, 43, 240, 67, 206, 217, 160, 249, 77, 12, 192, 158, 145, 155, 157, 113, 102, 192, 138, 182, 206, 32, 70, 64, 174, 164, 196, 146, 13, 182, 216, 110, 185, 22, 208, 220, 192, 244, 52, 26, 16, 56, 4, 41, 231, 225, 3, 33, 68, 234, 148, 157, 232, 246, 192, 204, 191, 149, 250, 142, 146, 141, 112, 216, 163, 140, 225, 104, 219, 69, 246, 241, 52, 102, 61, 111, 101, 111, 92, 234, 188, 114, 93, 168, 192, 42, 171, 234, 170, 19, 172, 54, 167, 92, 192, 186, 225, 53, 223, 49, 20, 182, 101, 137, 199, 237, 60, 182, 21, 89, 174, 90, 56, 79, 22, 43, 250, 128, 219, 228, 97, 127, 134, 195, 241, 208, 16, 201, 79, 226, 201, 191, 1, 154, 110, 99, 179, 239, 192, 40, 212, 60, 238, 97, 28, 133, 236, 38, 60, 144, 108, 70, 55, 114, 198, 145, 27, 25, 238, 192, 150, 202, 118, 236, 94, 49, 225, 227, 2, 3, 1, 0, 1]);
+
+    // Can optionally provide a label for encryption. We use the ASCII-encoded
+    // abstract from the candidate recommendation.
+    var label = new Uint8Array([84, 104, 101, 114, 101, 32, 97, 114, 101, 32, 55, 32, 102, 117, 114, 116, 104, 101, 114, 32, 101, 100, 105, 116, 111, 114, 105, 97, 108, 32, 110, 111, 116, 101, 115, 32, 105, 110, 32, 116, 104, 101, 32, 100, 111, 99, 117, 109, 101, 110, 116, 46]);
+
+    // overlong plaintext for RSA-OAEP
+    var plaintext = new Uint8Array([95, 77, 186, 79, 50, 12, 12, 232, 118, 114, 90, 252, 229, 251, 210, 91, 248, 62, 90, 113, 37, 160, 140, 175, 231, 60, 62, 186, 196, 33, 119, 157, 249, 213, 93, 24, 12, 58, 233, 148, 38, 69, 225, 216, 47, 238, 140, 157, 41, 75, 60, 177, 160, 138, 153, 49, 32, 27, 60, 14, 129, 252, 71, 202, 207, 131, 21, 162, 175, 102, 50, 65, 19, 195, 182, 98, 48, 195, 70, 8, 196, 244, 89, 54, 52, 206, 2, 178, 103, 54, 34, 119, 240, 168, 64, 202, 116, 188, 61, 26, 98, 54, 149, 44, 94, 215, 170, 248, 168, 254, 203, 221, 250, 117, 132, 230, 151, 140, 234, 93, 42, 91, 159, 183, 241, 180, 140, 139, 11, 229, 138, 48, 82, 2, 117, 77, 131, 118, 16, 115, 116, 121, 60, 240, 38, 170, 238, 83, 0, 114, 125, 131, 108, 215, 30, 113, 179, 69, 221, 178, 228, 68, 70, 255, 197, 185, 1, 99, 84, 19, 137, 13, 145, 14, 163, 128, 152, 74, 144, 25, 16, 49, 50, 63, 22, 219, 204, 157, 107, 225, 104, 184, 72, 133, 56, 76, 160, 62, 18, 96, 10, 193, 194, 72, 2, 138, 243, 114, 108, 201, 52, 99, 136, 46, 168, 192, 42, 171]);
+
+    var ciphertext = {
+        "sha-1, no label": new Uint8Array([144, 30, 240, 156, 187, 254, 154, 73, 57, 185, 169, 196, 60, 207, 34, 51, 158, 21, 117, 247, 199, 67, 36, 73, 64, 117, 193, 146, 196, 11, 104, 153, 110, 176, 224, 77, 123, 21, 23, 116, 255, 247, 192, 11, 102, 23, 74, 36, 159, 195, 209, 166, 18, 60, 112, 166, 111, 214, 27, 103, 203, 84, 246, 131, 254, 1, 4, 158, 74, 68, 165, 147, 126, 53, 202, 225, 183, 61, 206, 18, 174, 160, 156, 208, 28, 76, 72, 144, 15, 175, 221, 117, 58, 196, 1, 86, 96, 118, 185, 184, 99, 128, 124, 241, 65, 166, 48, 68, 134, 94, 12, 188, 66, 185, 149, 251, 99, 159, 233, 153, 78, 148, 192, 227, 129, 64, 74, 225, 181, 84, 205, 178, 117, 21, 240, 151, 152, 220, 90, 7, 166, 11, 22, 43, 241, 47, 140, 239, 124, 225, 102, 49, 77, 148, 45, 128, 254, 67, 208, 223, 31, 176, 215, 233, 81, 78, 247, 41, 220, 108, 132, 85, 131, 247, 74, 178, 195, 109, 150, 132, 212, 59, 113, 150, 42, 24, 255, 14, 43, 19, 206, 116, 245, 55, 251, 58, 11, 0, 237, 227, 41, 231, 124, 17, 144, 10, 7, 14, 32, 248, 109, 192, 124, 172, 181, 111, 120, 33, 208, 36, 146, 52, 16, 108, 110, 11, 77, 218, 130, 224, 254, 189, 178, 2, 239, 12, 123, 16, 213, 96, 240, 186, 253, 199, 143, 6, 36, 24, 87, 131, 181, 34, 131, 202, 20, 161]),
+        "sha-256, no label": new Uint8Array([5, 49, 234, 235, 75, 140, 239, 142, 183, 125, 215, 54, 208, 150, 182, 220, 232, 64, 209, 100, 233, 117, 31, 134, 168, 213, 206, 208, 153, 153, 80, 111, 250, 240, 0, 235, 97, 83, 247, 69, 111, 49, 26, 233, 158, 71, 241, 32, 113, 80, 235, 151, 242, 152, 45, 183, 115, 190, 158, 153, 14, 138, 18, 152, 90, 95, 17, 90, 249, 6, 239, 12, 135, 14, 239, 60, 159, 202, 28, 91, 77, 94, 153, 4, 153, 182, 125, 0, 148, 173, 175, 141, 235, 223, 154, 93, 114, 51, 91, 84, 179, 209, 202, 38, 234, 9, 87, 214, 62, 6, 76, 233, 105, 213, 46, 83, 189, 96, 92, 143, 169, 50, 13, 158, 171, 226, 57, 238, 244, 112, 153, 85, 92, 25, 77, 27, 184, 223, 239, 254, 173, 107, 79, 215, 248, 242, 137, 144, 53, 92, 200, 238, 34, 163, 108, 72, 103, 240, 172, 234, 215, 244, 165, 2, 95, 21, 23, 247, 82, 167, 232, 192, 147, 83, 61, 12, 214, 89, 173, 96, 167, 220, 5, 4, 66, 32, 1, 152, 135, 1, 100, 55, 220, 201, 76, 111, 158, 130, 2, 176, 59, 201, 85, 235, 44, 121, 13, 63, 183, 199, 231, 126, 38, 18, 255, 165, 33, 218, 244, 103, 246, 64, 167, 73, 233, 225, 25, 21, 116, 190, 118, 226, 213, 92, 60, 254, 122, 147, 85, 26, 124, 40, 221, 178, 186, 107, 38, 195, 58, 48, 194, 55, 28, 216, 151, 77]),
+        "sha-384, no label": new Uint8Array([12, 35, 146, 227, 15, 146, 241, 244, 228, 172, 209, 180, 166, 253, 153, 249, 131, 198, 29, 202, 243, 155, 221, 222, 71, 178, 158, 173, 58, 221, 16, 74, 122, 134, 223, 31, 112, 153, 243, 104, 60, 101, 175, 254, 50, 157, 43, 202, 185, 80, 53, 236, 150, 193, 61, 171, 154, 12, 180, 185, 89, 96, 254, 224, 138, 165, 131, 85, 102, 161, 181, 125, 223, 84, 90, 201, 80, 80, 145, 52, 206, 208, 2, 115, 158, 166, 255, 62, 61, 228, 132, 31, 159, 169, 6, 22, 96, 236, 241, 5, 51, 233, 245, 12, 165, 22, 79, 50, 73, 68, 204, 123, 142, 58, 236, 105, 152, 163, 102, 249, 12, 250, 238, 121, 119, 101, 26, 13, 30, 141, 25, 75, 205, 28, 42, 0, 135, 41, 170, 1, 26, 157, 13, 140, 162, 113, 249, 142, 1, 91, 244, 102, 188, 217, 156, 217, 118, 134, 181, 146, 246, 111, 177, 54, 159, 84, 163, 88, 147, 122, 188, 249, 23, 223, 111, 57, 186, 220, 111, 95, 246, 48, 199, 172, 115, 185, 47, 173, 186, 221, 12, 41, 252, 224, 76, 167, 214, 42, 171, 82, 178, 100, 229, 162, 130, 188, 191, 2, 114, 28, 17, 158, 40, 233, 66, 108, 217, 150, 179, 121, 25, 115, 216, 162, 172, 244, 58, 44, 47, 103, 255, 136, 76, 26, 119, 184, 63, 195, 38, 140, 100, 12, 171, 65, 67, 54, 195, 31, 122, 105, 119, 228, 149, 16, 49, 212]),
+        "sha-512, no label": new Uint8Array([6, 38, 211, 70, 213, 37, 49, 19, 221, 192, 248, 206, 209, 145, 141, 136, 235, 240, 8, 105, 248, 128, 175, 137, 197, 230, 123, 179, 121, 75, 181, 138, 155, 246, 25, 229, 165, 89, 9, 65, 143, 108, 126, 20, 168, 88, 160, 197, 48, 66, 117, 2, 219, 122, 254, 96, 36, 147, 170, 111, 123, 168, 57, 151, 25, 139, 10, 233, 125, 219, 141, 58, 125, 174, 89, 38, 220, 25, 15, 5, 135, 69, 33, 5, 10, 49, 28, 253, 148, 251, 213, 53, 223, 8, 184, 64, 185, 94, 249, 211, 64, 53, 131, 136, 32, 2, 163, 61, 76, 9, 162, 189, 80, 71, 109, 237, 147, 9, 11, 147, 61, 254, 1, 185, 208, 228, 44, 219, 17, 163, 239, 184, 212, 197, 229, 210, 35, 236, 4, 117, 37, 187, 169, 26, 248, 95, 160, 165, 252, 21, 102, 253, 73, 115, 145, 124, 88, 143, 121, 128, 236, 70, 144, 101, 181, 54, 179, 64, 57, 232, 153, 72, 158, 96, 241, 79, 255, 90, 67, 16, 110, 43, 234, 153, 20, 57, 75, 83, 23, 184, 216, 25, 215, 52, 9, 241, 114, 21, 223, 184, 177, 247, 66, 98, 13, 15, 175, 204, 82, 81, 205, 22, 15, 92, 28, 99, 186, 234, 241, 33, 37, 210, 15, 8, 197, 30, 208, 97, 7, 42, 51, 173, 213, 171, 59, 154, 71, 53, 78, 88, 244, 50, 157, 33, 111, 143, 185, 61, 91, 118, 237, 245, 93, 91, 156, 36]),
+        "sha-1, with label": new Uint8Array([69, 12, 147, 43, 219, 95, 34, 61, 29, 64, 218, 190, 133, 69, 125, 35, 8, 73, 73, 154, 87, 194, 91, 201, 130, 111, 243, 86, 90, 124, 254, 130, 187, 133, 158, 32, 159, 234, 150, 98, 91, 246, 120, 166, 57, 233, 98, 7, 160, 58, 125, 113, 53, 79, 2, 202, 208, 104, 123, 195, 27, 84, 250, 98, 8, 169, 83, 207, 94, 31, 97, 31, 81, 0, 247, 153, 208, 99, 64, 185, 244, 213, 194, 62, 200, 171, 78, 245, 10, 62, 144, 176, 206, 94, 104, 172, 45, 57, 114, 196, 243, 166, 34, 67, 137, 41, 77, 6, 32, 225, 9, 234, 183, 32, 38, 40, 26, 93, 230, 191, 27, 192, 183, 67, 224, 156, 64, 189, 36, 27, 216, 57, 58, 164, 48, 164, 74, 218, 167, 196, 208, 221, 79, 102, 118, 23, 123, 26, 227, 53, 185, 196, 14, 233, 154, 6, 140, 233, 204, 153, 109, 163, 164, 226, 170, 207, 79, 123, 26, 188, 129, 124, 98, 82, 255, 95, 142, 71, 26, 5, 215, 198, 129, 179, 110, 130, 251, 222, 140, 210, 226, 37, 200, 117, 100, 172, 26, 138, 97, 11, 87, 161, 104, 210, 68, 117, 46, 87, 74, 250, 152, 86, 194, 42, 117, 122, 254, 235, 202, 150, 249, 63, 110, 109, 23, 197, 32, 81, 89, 39, 217, 156, 163, 78, 237, 253, 25, 188, 227, 31, 35, 174, 190, 21, 157, 160, 37, 60, 39, 193, 11, 92, 15, 251, 125, 151]),
+        "sha-256, with label": new Uint8Array([180, 212, 109, 8, 118, 130, 24, 5, 96, 121, 113, 102, 114, 157, 149, 31, 234, 5, 95, 138, 184, 10, 16, 249, 49, 78, 85, 222, 225, 47, 172, 108, 33, 36, 206, 47, 211, 159, 202, 241, 52, 172, 221, 28, 99, 1, 176, 51, 82, 146, 190, 137, 163, 202, 212, 74, 150, 204, 58, 26, 43, 54, 135, 91, 246, 201, 59, 106, 181, 9, 10, 118, 191, 106, 122, 102, 175, 114, 2, 182, 146, 169, 55, 124, 84, 187, 254, 237, 225, 252, 32, 197, 79, 97, 219, 250, 54, 81, 52, 121, 146, 194, 13, 196, 88, 212, 7, 146, 237, 232, 31, 113, 215, 200, 42, 158, 239, 180, 51, 152, 214, 145, 106, 11, 115, 160, 21, 71, 171, 190, 45, 25, 229, 19, 130, 210, 52, 58, 14, 55, 82, 250, 215, 193, 110, 178, 143, 101, 163, 63, 149, 216, 176, 163, 145, 66, 239, 62, 204, 195, 102, 14, 157, 2, 155, 114, 230, 225, 55, 121, 167, 172, 182, 187, 75, 149, 49, 213, 104, 144, 202, 230, 111, 125, 119, 236, 213, 155, 131, 122, 43, 55, 245, 183, 60, 140, 103, 88, 45, 84, 157, 247, 67, 243, 169, 102, 176, 225, 192, 181, 154, 252, 90, 95, 17, 161, 112, 96, 196, 105, 104, 55, 6, 92, 212, 18, 127, 85, 190, 12, 105, 123, 219, 110, 130, 111, 179, 32, 183, 81, 246, 240, 135, 59, 5, 210, 173, 15, 102, 215, 87, 95, 136, 136, 238, 12]),
+        "sha-384, with label": new Uint8Array([204, 60, 188, 131, 15, 114, 86, 246, 190, 155, 206, 62, 68, 249, 98, 63, 178, 144, 1, 244, 42, 248, 47, 9, 253, 8, 139, 186, 215, 180, 191, 92, 247, 19, 146, 242, 65, 195, 105, 211, 136, 84, 225, 236, 75, 202, 243, 148, 197, 68, 115, 51, 135, 65, 180, 62, 123, 91, 27, 67, 133, 14, 183, 65, 49, 1, 6, 94, 114, 249, 66, 36, 250, 189, 73, 218, 155, 213, 204, 240, 103, 185, 206, 189, 80, 60, 249, 1, 127, 190, 28, 196, 167, 67, 123, 222, 203, 124, 205, 153, 251, 242, 77, 151, 213, 215, 162, 189, 31, 28, 244, 1, 167, 58, 3, 169, 93, 143, 27, 40, 167, 86, 225, 85, 59, 93, 176, 82, 209, 224, 144, 21, 35, 252, 182, 97, 115, 200, 70, 117, 109, 240, 175, 102, 208, 100, 124, 230, 180, 232, 159, 77, 176, 75, 139, 58, 57, 254, 13, 183, 25, 27, 246, 182, 51, 171, 197, 226, 26, 7, 105, 225, 238, 147, 61, 68, 102, 97, 247, 149, 39, 8, 68, 70, 215, 220, 205, 74, 195, 183, 112, 152, 91, 70, 122, 163, 30, 66, 51, 52, 190, 204, 209, 223, 111, 67, 44, 18, 14, 108, 156, 62, 165, 221, 6, 246, 148, 233, 148, 50, 217, 248, 44, 99, 233, 118, 235, 248, 78, 45, 202, 61, 211, 220, 193, 74, 6, 229, 203, 212, 114, 116, 242, 214, 85, 165, 199, 114, 125, 53, 5, 87, 238, 208, 145, 184]),
+        "sha-512, with label": new Uint8Array([134, 151, 181, 94, 239, 91, 13, 83, 17, 57, 138, 21, 242, 206, 24, 86, 184, 239, 238, 57, 231, 116, 113, 139, 12, 128, 104, 100, 147, 57, 228, 183, 167, 225, 41, 180, 247, 133, 141, 0, 121, 193, 235, 168, 184, 248, 107, 34, 34, 233, 97, 215, 247, 240, 20, 245, 14, 0, 167, 17, 235, 204, 81, 97, 52, 81, 9, 136, 91, 59, 122, 200, 249, 74, 63, 68, 10, 18, 162, 243, 10, 190, 118, 60, 24, 74, 231, 92, 98, 179, 221, 150, 5, 66, 78, 93, 200, 212, 29, 76, 50, 246, 190, 84, 7, 245, 176, 148, 97, 5, 16, 22, 222, 173, 165, 200, 169, 93, 58, 8, 123, 229, 124, 220, 66, 123, 34, 69, 49, 33, 25, 107, 32, 250, 98, 61, 41, 222, 108, 112, 37, 42, 178, 163, 81, 157, 28, 160, 3, 121, 88, 10, 249, 25, 25, 22, 66, 0, 36, 187, 176, 199, 154, 122, 138, 43, 72, 217, 90, 43, 119, 50, 210, 166, 202, 2, 121, 172, 24, 172, 51, 74, 161, 45, 107, 150, 187, 89, 9, 89, 183, 233, 169, 149, 78, 145, 228, 156, 138, 215, 232, 219, 33, 33, 224, 178, 174, 16, 6, 72, 185, 214, 34, 204, 159, 161, 154, 11, 151, 142, 39, 244, 74, 75, 243, 191, 123, 231, 32, 54, 118, 235, 12, 19, 200, 165, 252, 161, 87, 46, 99, 51, 248, 146, 180, 122, 44, 210, 103, 237, 169, 50, 28, 210, 121, 136])
+    };
+
+    var passing = [
+        {
+            name: "RSA-OAEP with SHA-1 and no label",
+            publicKeyBuffer: spki,
+            publicKeyFormat: "spki",
+            privateKey: null,
+            privateKeyBuffer: pkcs8,
+            privateKeyFormat: "pkcs8",
+            publicKey: null,
+            algorithm: {name: "RSA-OAEP"},
+            hash: "SHA-1",
+            plaintext: plaintext.slice(0, 214),
+            ciphertext: ciphertext["sha-1, no label"]
+        },
+        {
+            name: "RSA-OAEP with SHA-256 and no label",
+            publicKeyBuffer: spki,
+            publicKeyFormat: "spki",
+            privateKey: null,
+            privateKeyBuffer: pkcs8,
+            privateKeyFormat: "pkcs8",
+            publicKey: null,
+            algorithm: {name: "RSA-OAEP"},
+            hash: "SHA-256",
+            plaintext: plaintext.slice(0, 190),
+            ciphertext: ciphertext["sha-256, no label"]
+        },
+        {
+            name: "RSA-OAEP with SHA-384 and no label",
+            publicKeyBuffer: spki,
+            publicKeyFormat: "spki",
+            privateKey: null,
+            privateKeyBuffer: pkcs8,
+            privateKeyFormat: "pkcs8",
+            publicKey: null,
+            algorithm: {name: "RSA-OAEP"},
+            hash: "SHA-384",
+            plaintext: plaintext.slice(0, 158),
+            ciphertext: ciphertext["sha-384, no label"]
+        },
+        {
+            name: "RSA-OAEP with SHA-512 and no label",
+            publicKeyBuffer: spki,
+            publicKeyFormat: "spki",
+            privateKey: null,
+            privateKeyBuffer: pkcs8,
+            privateKeyFormat: "pkcs8",
+            publicKey: null,
+            algorithm: {name: "RSA-OAEP"},
+            hash: "SHA-512",
+            plaintext: plaintext.slice(0, 126),
+            ciphertext: ciphertext["sha-512, no label"]
+        },
+        {
+            name: "RSA-OAEP with SHA-1 and empty label",
+            publicKeyBuffer: spki,
+            publicKeyFormat: "spki",
+            privateKey: null,
+            privateKeyBuffer: pkcs8,
+            privateKeyFormat: "pkcs8",
+            publicKey: null,
+            algorithm: {name: "RSA-OAEP", label: new Uint8Array([])},
+            hash: "SHA-1",
+            plaintext: plaintext.slice(0, 214),
+            ciphertext: ciphertext["sha-1, no label"]
+        },
+        {
+            name: "RSA-OAEP with SHA-256 and empty label",
+            publicKeyBuffer: spki,
+            publicKeyFormat: "spki",
+            privateKey: null,
+            privateKeyBuffer: pkcs8,
+            privateKeyFormat: "pkcs8",
+            publicKey: null,
+            algorithm: {name: "RSA-OAEP", label: new Uint8Array([])},
+            hash: "SHA-256",
+            plaintext: plaintext.slice(0, 190),
+            ciphertext: ciphertext["sha-256, no label"]
+        },
+        {
+            name: "RSA-OAEP with SHA-384 and empty label",
+            publicKeyBuffer: spki,
+            publicKeyFormat: "spki",
+            privateKey: null,
+            privateKeyBuffer: pkcs8,
+            privateKeyFormat: "pkcs8",
+            publicKey: null,
+            algorithm: {name: "RSA-OAEP", label: new Uint8Array([])},
+            hash: "SHA-384",
+            plaintext: plaintext.slice(0, 158),
+            ciphertext: ciphertext["sha-384, no label"]
+        },
+        {
+            name: "RSA-OAEP with SHA-512 and empty label",
+            publicKeyBuffer: spki,
+            publicKeyFormat: "spki",
+            privateKey: null,
+            privateKeyBuffer: pkcs8,
+            privateKeyFormat: "pkcs8",
+            publicKey: null,
+            algorithm: {name: "RSA-OAEP", label: new Uint8Array([])},
+            hash: "SHA-512",
+            plaintext: plaintext.slice(0, 126),
+            ciphertext: ciphertext["sha-512, no label"]
+        },
+        {
+            name: "RSA-OAEP with SHA-1 and a label",
+            publicKeyBuffer: spki,
+            publicKeyFormat: "spki",
+            privateKey: null,
+            privateKeyBuffer: pkcs8,
+            privateKeyFormat: "pkcs8",
+            publicKey: null,
+            algorithm: {name: "RSA-OAEP", label: label},
+            hash: "SHA-1",
+            plaintext: plaintext.slice(0, 214),
+            ciphertext: ciphertext["sha-1, with label"]
+        },
+        {
+            name: "RSA-OAEP with SHA-256 and a label",
+            publicKeyBuffer: spki,
+            publicKeyFormat: "spki",
+            privateKey: null,
+            privateKeyBuffer: pkcs8,
+            privateKeyFormat: "pkcs8",
+            publicKey: null,
+            algorithm: {name: "RSA-OAEP", label: label},
+            hash: "SHA-256",
+            plaintext: plaintext.slice(0, 190),
+            ciphertext: ciphertext["sha-256, with label"]
+        },
+        {
+            name: "RSA-OAEP with SHA-384 and a label",
+            publicKeyBuffer: spki,
+            publicKeyFormat: "spki",
+            privateKey: null,
+            privateKeyBuffer: pkcs8,
+            privateKeyFormat: "pkcs8",
+            publicKey: null,
+            algorithm: {name: "RSA-OAEP", label: label},
+            hash: "SHA-384",
+            plaintext: plaintext.slice(0, 158),
+            ciphertext: ciphertext["sha-384, with label"]
+        },
+        {
+            name: "RSA-OAEP with SHA-512 and a label",
+            publicKeyBuffer: spki,
+            publicKeyFormat: "spki",
+            privateKey: null,
+            privateKeyBuffer: pkcs8,
+            privateKeyFormat: "pkcs8",
+            publicKey: null,
+            algorithm: {name: "RSA-OAEP", label: label},
+            hash: "SHA-512",
+            plaintext: plaintext.slice(0, 126),
+            ciphertext: ciphertext["sha-512, with label"]
+        }
+    ];
+
+    var failing = [];
+
+    return {passing: passing, failing: failing};
+}
-- 
cgit v1.2.3