summaryrefslogtreecommitdiffstats
path: root/dom/crypto/test/test_WebCrypto_HKDF.html
diff options
context:
space:
mode:
Diffstat (limited to 'dom/crypto/test/test_WebCrypto_HKDF.html')
-rw-r--r--dom/crypto/test/test_WebCrypto_HKDF.html351
1 files changed, 351 insertions, 0 deletions
diff --git a/dom/crypto/test/test_WebCrypto_HKDF.html b/dom/crypto/test/test_WebCrypto_HKDF.html
new file mode 100644
index 000000000..dcc871ffa
--- /dev/null
+++ b/dom/crypto/test/test_WebCrypto_HKDF.html
@@ -0,0 +1,351 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+<title>WebCrypto Test Suite</title>
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
+<link rel="stylesheet" href="./test_WebCrypto.css"/>
+<script src="/tests/SimpleTest/SimpleTest.js"></script>
+
+<!-- Utilities for manipulating ABVs -->
+<script src="util.js"></script>
+
+<!-- A simple wrapper around IndexedDB -->
+<script src="simpledb.js"></script>
+
+<!-- Test vectors drawn from the literature -->
+<script src="./test-vectors.js"></script>
+
+<!-- General testing framework -->
+<script src="./test-array.js"></script>
+
+<script>/*<![CDATA[*/
+"use strict";
+
+// -----------------------------------------------------------------------------
+TestArray.addTest(
+ "Deriving zero bits should fail",
+ function() {
+ var that = this;
+ var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
+
+ var alg = {
+ name: "HKDF",
+ hash: "SHA-256",
+ salt: new Uint8Array(),
+ info: new Uint8Array()
+ };
+
+ crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"])
+ .then(x => crypto.subtle.deriveBits(alg, x, 0), error(that))
+ .then(error(that), complete(that));
+ }
+);
+
+// -----------------------------------------------------------------------------
+TestArray.addTest(
+ "Derive four bits with HKDF, no salt or info given",
+ function() {
+ var that = this;
+ var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
+
+ var alg = {
+ name: "HKDF",
+ hash: "SHA-256",
+ salt: new Uint8Array(),
+ info: new Uint8Array()
+ };
+
+ crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"])
+ .then(x => crypto.subtle.deriveBits(alg, x, 4))
+ // The last 4 bits should be zeroes (1000 1101 => 1000 0000).
+ .then(memcmp_complete(that, new Uint8Array([0x80])))
+ .catch(error(that));
+ }
+);
+
+// -----------------------------------------------------------------------------
+TestArray.addTest(
+ "Deriving too many bits should fail",
+ function() {
+ var that = this;
+ var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
+
+ var alg = {
+ name: "HKDF",
+ hash: "SHA-256",
+ salt: new Uint8Array(),
+ info: new Uint8Array()
+ };
+
+ function deriveBits(x) {
+ // The maximum length (in bytes) of output material for HKDF is 255 times
+ // the digest length. In this case, the digest length (in bytes) of
+ // SHA-256 is 32; 32*255 = 8160. deriveBits expects the length to be in
+ // bits, so 8160*8=65280 and add 1 to exceed the maximum length.
+ return crypto.subtle.deriveBits(alg, x, 65281);
+ }
+
+ crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"])
+ .then(deriveBits, error(that))
+ .then(error(that), complete(that));
+ }
+);
+
+// -----------------------------------------------------------------------------
+TestArray.addTest(
+ "Deriving with an unsupported PRF should fail",
+ function() {
+ var that = this;
+ var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
+
+ var alg = {
+ name: "HKDF",
+ hash: "HMAC",
+ salt: new Uint8Array(),
+ info: new Uint8Array()
+ };
+
+ function deriveBits(x) {
+ return crypto.subtle.deriveBits(alg, x, 4);
+ }
+
+ crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"])
+ .then(deriveBits, error(that))
+ .then(error(that), complete(that));
+ }
+);
+
+// -----------------------------------------------------------------------------
+TestArray.addTest(
+ "Deriving with a non-HKDF key should fail",
+ function() {
+ var that = this;
+
+ var alg = {
+ name: "HKDF",
+ hash: "HMAC",
+ salt: new Uint8Array(),
+ info: new Uint8Array()
+ };
+
+ function deriveBits(x) {
+ return crypto.subtle.deriveBits(alg, x, 4);
+ }
+
+ var ecAlg = {name: "ECDH", namedCurve: "P-256"};
+ crypto.subtle.generateKey(ecAlg, false, ["deriveBits"])
+ .then(deriveBits, error(that))
+ .then(error(that), complete(that));
+ }
+);
+
+// -----------------------------------------------------------------------------
+TestArray.addTest(
+ "Derive known values from test vectors (SHA-1 and SHA-256)",
+ function() {
+ var that = this;
+ var tests = tv.hkdf.slice();
+
+ function next() {
+ if (!tests.length) {
+ return;
+ }
+
+ var test = tests.shift();
+ var {key, data} = test;
+
+ return crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"])
+ .then(function (key) {
+ return crypto.subtle.deriveBits({
+ name: "HKDF",
+ hash: test.prf,
+ salt: test.salt,
+ info: test.info
+ }, key, test.data.byteLength * 8);
+ })
+ .then(function (data) {
+ if (!util.memcmp(data, test.data)) {
+ throw new Error("derived bits don't match expected value");
+ }
+
+ // Next test vector.
+ return next();
+ });
+ }
+
+ next().then(complete(that), error(that));
+ }
+);
+
+// -----------------------------------------------------------------------------
+TestArray.addTest(
+ "Derive known values from test vectors (JWK, SHA-256)",
+ function() {
+ var that = this;
+ var test = tv.hkdf[0];
+ var alg = {
+ name: "HKDF",
+ hash: test.prf,
+ salt: test.salt,
+ info: test.info
+ };
+
+ crypto.subtle.importKey("jwk", test.jwk, "HKDF", false, ["deriveBits"])
+ .then(x => crypto.subtle.deriveBits(alg, x, test.data.byteLength * 8))
+ .then(memcmp_complete(that, test.data), error(that));
+ }
+);
+
+// -----------------------------------------------------------------------------
+TestArray.addTest(
+ "Test wrapping/unwrapping an HKDF key",
+ function() {
+ var that = this;
+ var hkdfKey = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
+ var alg = {name: "AES-GCM", length: 256, iv: new Uint8Array(16)};
+ var wrappingKey;
+
+ function wrap(x) {
+ wrappingKey = x;
+ return crypto.subtle.encrypt(alg, wrappingKey, hkdfKey);
+ }
+
+ function unwrap(wrappedKey) {
+ return crypto.subtle.unwrapKey(
+ "raw", wrappedKey, wrappingKey, alg, "HKDF", false, ["deriveBits"])
+ .then(rawKey => {
+ return crypto.subtle.deriveBits({
+ name: "HKDF",
+ hash: "SHA-256",
+ salt: new Uint8Array(),
+ info: new Uint8Array()
+ }, rawKey, 4);
+ })
+ .then(derivedBits => {
+ if (!util.memcmp(derivedBits, new Uint8Array([0x80]))) {
+ throw new Error("deriving bits failed");
+ }
+
+ // Forward to reuse.
+ return wrappedKey;
+ });
+ }
+
+ crypto.subtle.generateKey(alg, false, ["encrypt", "unwrapKey"])
+ .then(wrap)
+ .then(unwrap)
+ .then(complete(that), error(that));
+ }
+);
+
+// -----------------------------------------------------------------------------
+TestArray.addTest(
+ "Unwrapping an HKDF key in PKCS8 format should fail",
+ function() {
+ var that = this;
+ var hkdfKey = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
+ var alg = {name: "AES-GCM", length: 256, iv: new Uint8Array(16)};
+ var wrappingKey;
+
+ function wrap(x) {
+ wrappingKey = x;
+ return crypto.subtle.encrypt(alg, wrappingKey, hkdfKey);
+ }
+
+ function unwrap(x) {
+ return crypto.subtle.unwrapKey(
+ "pkcs8", x, wrappingKey, alg, "HKDF", false, ["deriveBits"]);
+ }
+
+ crypto.subtle.generateKey(alg, false, ["encrypt", "unwrapKey"])
+ .then(wrap, error(that))
+ .then(unwrap, error(that))
+ .then(error(that), complete(that));
+ }
+);
+
+// -----------------------------------------------------------------------------
+TestArray.addTest(
+ "Derive an AES key using with HKDF",
+ function() {
+ var that = this;
+ var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
+
+ var alg = {
+ name: "HKDF",
+ hash: "SHA-256",
+ salt: new Uint8Array(),
+ info: new Uint8Array()
+ };
+
+ function deriveKey(x) {
+ var targetAlg = {name: "AES-GCM", length: 256};
+ return crypto.subtle.deriveKey(alg, x, targetAlg, false, ["encrypt"]);
+ }
+
+ crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveKey"])
+ .then(deriveKey)
+ .then(complete(that), error(that))
+ }
+);
+
+// -----------------------------------------------------------------------------
+TestArray.addTest(
+ "Deriving an HKDF key with HKDF should fail",
+ function() {
+ var that = this;
+ var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
+
+ var alg = {
+ name: "HKDF",
+ hash: "SHA-256",
+ salt: new Uint8Array(),
+ info: new Uint8Array()
+ };
+
+ function deriveKey(x) {
+ return crypto.subtle.deriveKey(alg, x, "HKDF", false, ["deriveBits"]);
+ }
+
+ crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveKey"])
+ .then(deriveKey)
+ .then(error(that), complete(that))
+ }
+);
+
+/*]]>*/</script>
+</head>
+
+<body>
+
+<div id="content">
+ <div id="head">
+ <b>Web</b>Crypto<br>
+ </div>
+
+ <div id="start" onclick="start();">RUN ALL</div>
+
+ <div id="resultDiv" class="content">
+ Summary:
+ <span class="pass"><span id="passN">0</span> passed, </span>
+ <span class="fail"><span id="failN">0</span> failed, </span>
+ <span class="pending"><span id="pendingN">0</span> pending.</span>
+ <br/>
+ <br/>
+
+ <table id="results">
+ <tr>
+ <th>Test</th>
+ <th>Result</th>
+ <th>Time</th>
+ </tr>
+ </table>
+
+ </div>
+
+ <div id="foot"></div>
+</div>
+
+</body>
+</html>