<!DOCTYPE html>
<html>

<head>
<title>WebCrypto Test Suite</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<link rel="stylesheet" href="./test_WebCrypto.css"/>
<script src="/tests/SimpleTest/SimpleTest.js"></script>

<!-- Utilities for manipulating ABVs -->
<script src="util.js"></script>

<!-- A simple wrapper around IndexedDB -->
<script src="simpledb.js"></script>

<!-- Test vectors drawn from the literature -->
<script src="./test-vectors.js"></script>

<!-- General testing framework -->
<script src="./test-array.js"></script>

<script>/*<![CDATA[*/
"use strict";

// -----------------------------------------------------------------------------
TestArray.addTest(
  "Deriving zero bits should fail",
  function() {
    var that = this;
    var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");

    var alg = {
      name: "HKDF",
      hash: "SHA-256",
      salt: new Uint8Array(),
      info: new Uint8Array()
    };

    crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"])
      .then(x => crypto.subtle.deriveBits(alg, x, 0), error(that))
      .then(error(that), complete(that));
  }
);

// -----------------------------------------------------------------------------
TestArray.addTest(
  "Derive four bits with HKDF, no salt or info given",
  function() {
    var that = this;
    var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");

    var alg = {
      name: "HKDF",
      hash: "SHA-256",
      salt: new Uint8Array(),
      info: new Uint8Array()
    };

    crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"])
      .then(x => crypto.subtle.deriveBits(alg, x, 4))
      // The last 4 bits should be zeroes (1000 1101 => 1000 0000).
      .then(memcmp_complete(that, new Uint8Array([0x80])))
      .catch(error(that));
  }
);

// -----------------------------------------------------------------------------
TestArray.addTest(
  "Deriving too many bits should fail",
  function() {
    var that = this;
    var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");

    var alg = {
      name: "HKDF",
      hash: "SHA-256",
      salt: new Uint8Array(),
      info: new Uint8Array()
    };

    function deriveBits(x) {
      // The maximum length (in bytes) of output material for HKDF is 255 times
      // the digest length. In this case, the digest length (in bytes) of
      // SHA-256 is 32; 32*255 = 8160. deriveBits expects the length to be in
      // bits, so 8160*8=65280 and add 1 to exceed the maximum length.
      return crypto.subtle.deriveBits(alg, x, 65281);
    }

    crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"])
      .then(deriveBits, error(that))
      .then(error(that), complete(that));
  }
);

// -----------------------------------------------------------------------------
TestArray.addTest(
  "Deriving with an unsupported PRF should fail",
  function() {
    var that = this;
    var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");

    var alg = {
      name: "HKDF",
      hash: "HMAC",
      salt: new Uint8Array(),
      info: new Uint8Array()
    };

    function deriveBits(x) {
      return crypto.subtle.deriveBits(alg, x, 4);
    }

    crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"])
      .then(deriveBits, error(that))
      .then(error(that), complete(that));
  }
);

// -----------------------------------------------------------------------------
TestArray.addTest(
  "Deriving with a non-HKDF key should fail",
  function() {
    var that = this;

    var alg = {
      name: "HKDF",
      hash: "HMAC",
      salt: new Uint8Array(),
      info: new Uint8Array()
    };

    function deriveBits(x) {
      return crypto.subtle.deriveBits(alg, x, 4);
    }

    var ecAlg = {name: "ECDH", namedCurve: "P-256"};
    crypto.subtle.generateKey(ecAlg, false, ["deriveBits"])
      .then(deriveBits, error(that))
      .then(error(that), complete(that));
  }
);

// -----------------------------------------------------------------------------
TestArray.addTest(
  "Derive known values from test vectors (SHA-1 and SHA-256)",
  function() {
    var that = this;
    var tests = tv.hkdf.slice();

    function next() {
      if (!tests.length) {
        return;
      }

      var test = tests.shift();
      var {key, data} = test;

      return crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"])
        .then(function (key) {
          return crypto.subtle.deriveBits({
            name: "HKDF",
            hash: test.prf,
            salt: test.salt,
            info: test.info
          }, key, test.data.byteLength * 8);
        })
        .then(function (data) {
          if (!util.memcmp(data, test.data)) {
            throw new Error("derived bits don't match expected value");
          }

          // Next test vector.
          return next();
        });
    }

    next().then(complete(that), error(that));
  }
);

// -----------------------------------------------------------------------------
TestArray.addTest(
  "Derive known values from test vectors (JWK, SHA-256)",
  function() {
    var that = this;
    var test = tv.hkdf[0];
    var alg = {
      name: "HKDF",
      hash: test.prf,
      salt: test.salt,
      info: test.info
    };

    crypto.subtle.importKey("jwk", test.jwk, "HKDF", false, ["deriveBits"])
      .then(x => crypto.subtle.deriveBits(alg, x, test.data.byteLength * 8))
      .then(memcmp_complete(that, test.data), error(that));
  }
);

// -----------------------------------------------------------------------------
TestArray.addTest(
  "Test wrapping/unwrapping an HKDF key",
  function() {
    var that = this;
    var hkdfKey = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
    var alg = {name: "AES-GCM", length: 256, iv: new Uint8Array(16)};
    var wrappingKey;

    function wrap(x) {
      wrappingKey = x;
      return crypto.subtle.encrypt(alg, wrappingKey, hkdfKey);
    }

    function unwrap(wrappedKey) {
      return crypto.subtle.unwrapKey(
        "raw", wrappedKey, wrappingKey, alg, "HKDF", false, ["deriveBits"])
        .then(rawKey => {
          return crypto.subtle.deriveBits({
            name: "HKDF",
            hash: "SHA-256",
            salt: new Uint8Array(),
            info: new Uint8Array()
          }, rawKey, 4);
        })
        .then(derivedBits => {
          if (!util.memcmp(derivedBits, new Uint8Array([0x80]))) {
            throw new Error("deriving bits failed");
          }

          // Forward to reuse.
          return wrappedKey;
        });
    }

    crypto.subtle.generateKey(alg, false, ["encrypt", "unwrapKey"])
      .then(wrap)
      .then(unwrap)
      .then(complete(that), error(that));
  }
);

// -----------------------------------------------------------------------------
TestArray.addTest(
  "Unwrapping an HKDF key in PKCS8 format should fail",
  function() {
    var that = this;
    var hkdfKey = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
    var alg = {name: "AES-GCM", length: 256, iv: new Uint8Array(16)};
    var wrappingKey;

    function wrap(x) {
      wrappingKey = x;
      return crypto.subtle.encrypt(alg, wrappingKey, hkdfKey);
    }

    function unwrap(x) {
      return crypto.subtle.unwrapKey(
        "pkcs8", x, wrappingKey, alg, "HKDF", false, ["deriveBits"]);
    }

    crypto.subtle.generateKey(alg, false, ["encrypt", "unwrapKey"])
      .then(wrap, error(that))
      .then(unwrap, error(that))
      .then(error(that), complete(that));
  }
);

// -----------------------------------------------------------------------------
TestArray.addTest(
  "Derive an AES key using with HKDF",
  function() {
    var that = this;
    var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");

    var alg = {
      name: "HKDF",
      hash: "SHA-256",
      salt: new Uint8Array(),
      info: new Uint8Array()
    };

    function deriveKey(x) {
      var targetAlg = {name: "AES-GCM", length: 256};
      return crypto.subtle.deriveKey(alg, x, targetAlg, false, ["encrypt"]);
    }

    crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveKey"])
      .then(deriveKey)
      .then(complete(that), error(that))
  }
);

// -----------------------------------------------------------------------------
TestArray.addTest(
  "Deriving an HKDF key with HKDF should fail",
  function() {
    var that = this;
    var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");

    var alg = {
      name: "HKDF",
      hash: "SHA-256",
      salt: new Uint8Array(),
      info: new Uint8Array()
    };

    function deriveKey(x) {
      return crypto.subtle.deriveKey(alg, x, "HKDF", false, ["deriveBits"]);
    }

    crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveKey"])
      .then(deriveKey)
      .then(error(that), complete(that))
  }
);

/*]]>*/</script>
</head>

<body>

<div id="content">
	<div id="head">
		<b>Web</b>Crypto<br>
	</div>

    <div id="start" onclick="start();">RUN ALL</div>

    <div id="resultDiv" class="content">
    Summary:
    <span class="pass"><span id="passN">0</span> passed, </span>
    <span class="fail"><span id="failN">0</span> failed, </span>
    <span class="pending"><span id="pendingN">0</span> pending.</span>
    <br/>
    <br/>

    <table id="results">
        <tr>
            <th>Test</th>
            <th>Result</th>
            <th>Time</th>
        </tr>
    </table>

    </div>

    <div id="foot"></div>
</div>

</body>
</html>