gecko-dev/dom/crypto/test/test_WebCrypto_HKDF.html

356 строки
9.4 KiB
HTML

<!DOCTYPE html>
<html>
<head>
<title>WebCrypto Test Suite</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<link rel="stylesheet" href="./test_WebCrypto.css"/>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<!-- Utilities for manipulating ABVs -->
<script src="util.js"></script>
<!-- A simple wrapper around IndexedDB -->
<script src="simpledb.js"></script>
<!-- Test vectors drawn from the literature -->
<script src="./test-vectors.js"></script>
<!-- General testing framework -->
<script src="./test-array.js"></script>
<script>/* <![CDATA[*/
"use strict";
// -----------------------------------------------------------------------------
TestArray.addTest(
"Deriving zero bits should fail",
function() {
var that = this;
var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
var alg = {
name: "HKDF",
hash: "SHA-256",
salt: new Uint8Array(),
info: new Uint8Array(),
};
crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"])
.then(x => crypto.subtle.deriveBits(alg, x, 0), error(that))
.then(error(that), complete(that));
}
);
// -----------------------------------------------------------------------------
TestArray.addTest(
"Derive four bits with HKDF, no salt or info given",
function() {
var that = this;
var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
var alg = {
name: "HKDF",
hash: "SHA-256",
salt: new Uint8Array(),
info: new Uint8Array(),
};
crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"])
.then(x => crypto.subtle.deriveBits(alg, x, 4))
// The last 4 bits should be zeroes (1000 1101 => 1000 0000).
.then(memcmp_complete(that, new Uint8Array([0x80])))
.catch(error(that));
}
);
// -----------------------------------------------------------------------------
TestArray.addTest(
"Deriving too many bits should fail",
function() {
var that = this;
var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
var alg = {
name: "HKDF",
hash: "SHA-256",
salt: new Uint8Array(),
info: new Uint8Array(),
};
function deriveBits(x) {
// The maximum length (in bytes) of output material for HKDF is 255 times
// the digest length. In this case, the digest length (in bytes) of
// SHA-256 is 32; 32*255 = 8160. deriveBits expects the length to be in
// bits, so 8160*8=65280 and add 1 to exceed the maximum length.
return crypto.subtle.deriveBits(alg, x, 65281);
}
crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"])
.then(deriveBits, error(that))
.then(error(that), complete(that));
}
);
// -----------------------------------------------------------------------------
TestArray.addTest(
"Deriving with an unsupported PRF should fail",
function() {
var that = this;
var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
var alg = {
name: "HKDF",
hash: "HMAC",
salt: new Uint8Array(),
info: new Uint8Array(),
};
function deriveBits(x) {
return crypto.subtle.deriveBits(alg, x, 4);
}
crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"])
.then(deriveBits, error(that))
.then(error(that), complete(that));
}
);
// -----------------------------------------------------------------------------
TestArray.addTest(
"Deriving with a non-HKDF key should fail",
function() {
var that = this;
var alg = {
name: "HKDF",
hash: "HMAC",
salt: new Uint8Array(),
info: new Uint8Array(),
};
function deriveBits(x) {
return crypto.subtle.deriveBits(alg, x, 4);
}
var ecAlg = {name: "ECDH", namedCurve: "P-256"};
crypto.subtle.generateKey(ecAlg, false, ["deriveBits"])
.then(deriveBits, error(that))
.then(error(that), complete(that));
}
);
// -----------------------------------------------------------------------------
TestArray.addTest(
"Derive known values from test vectors (SHA-1 and SHA-256)",
function() {
var that = this;
var tests = tv.hkdf.slice();
if (!tests.length) {
error(that)("No tests found");
return;
}
function next() {
if (!tests.length) {
return Promise.resolve();
}
var test = tests.shift();
var {key} = test;
return crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveBits"])
.then(function(baseKey) {
return crypto.subtle.deriveBits({
name: "HKDF",
hash: test.prf,
salt: test.salt,
info: test.info,
}, baseKey, test.data.byteLength * 8);
})
.then(function(data) {
if (!util.memcmp(data, test.data)) {
throw new Error("derived bits don't match expected value");
}
// Next test vector.
return next();
});
}
next().then(complete(that), error(that));
}
);
// -----------------------------------------------------------------------------
TestArray.addTest(
"Derive known values from test vectors (JWK, SHA-256)",
function() {
var that = this;
var test = tv.hkdf[0];
var alg = {
name: "HKDF",
hash: test.prf,
salt: test.salt,
info: test.info,
};
crypto.subtle.importKey("jwk", test.jwk, "HKDF", false, ["deriveBits"])
.then(x => crypto.subtle.deriveBits(alg, x, test.data.byteLength * 8))
.then(memcmp_complete(that, test.data), error(that));
}
);
// -----------------------------------------------------------------------------
TestArray.addTest(
"Test wrapping/unwrapping an HKDF key",
function() {
var that = this;
var hkdfKey = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
var alg = {name: "AES-GCM", length: 256, iv: new Uint8Array(16)};
var wrappingKey;
function wrap(x) {
wrappingKey = x;
return crypto.subtle.encrypt(alg, wrappingKey, hkdfKey);
}
function unwrap(wrappedKey) {
return crypto.subtle.unwrapKey(
"raw", wrappedKey, wrappingKey, alg, "HKDF", false, ["deriveBits"])
.then(rawKey => {
return crypto.subtle.deriveBits({
name: "HKDF",
hash: "SHA-256",
salt: new Uint8Array(),
info: new Uint8Array(),
}, rawKey, 4);
})
.then(derivedBits => {
if (!util.memcmp(derivedBits, new Uint8Array([0x80]))) {
throw new Error("deriving bits failed");
}
// Forward to reuse.
return wrappedKey;
});
}
crypto.subtle.generateKey(alg, false, ["encrypt", "unwrapKey"])
.then(wrap)
.then(unwrap)
.then(complete(that), error(that));
}
);
// -----------------------------------------------------------------------------
TestArray.addTest(
"Unwrapping an HKDF key in PKCS8 format should fail",
function() {
var that = this;
var hkdfKey = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
var alg = {name: "AES-GCM", length: 256, iv: new Uint8Array(16)};
var wrappingKey;
function wrap(x) {
wrappingKey = x;
return crypto.subtle.encrypt(alg, wrappingKey, hkdfKey);
}
function unwrap(x) {
return crypto.subtle.unwrapKey(
"pkcs8", x, wrappingKey, alg, "HKDF", false, ["deriveBits"]);
}
crypto.subtle.generateKey(alg, false, ["encrypt", "unwrapKey"])
.then(wrap, error(that))
.then(unwrap, error(that))
.then(error(that), complete(that));
}
);
// -----------------------------------------------------------------------------
TestArray.addTest(
"Derive an AES key using with HKDF",
function() {
var that = this;
var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
var alg = {
name: "HKDF",
hash: "SHA-256",
salt: new Uint8Array(),
info: new Uint8Array(),
};
function deriveKey(x) {
var targetAlg = {name: "AES-GCM", length: 256};
return crypto.subtle.deriveKey(alg, x, targetAlg, false, ["encrypt"]);
}
crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveKey"])
.then(deriveKey)
.then(complete(that), error(that));
}
);
// -----------------------------------------------------------------------------
TestArray.addTest(
"Deriving an HKDF key with HKDF should fail",
function() {
var that = this;
var key = util.hex2abv("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
var alg = {
name: "HKDF",
hash: "SHA-256",
salt: new Uint8Array(),
info: new Uint8Array(),
};
function deriveKey(x) {
return crypto.subtle.deriveKey(alg, x, "HKDF", false, ["deriveBits"]);
}
crypto.subtle.importKey("raw", key, "HKDF", false, ["deriveKey"])
.then(deriveKey)
.then(error(that), complete(that));
}
);
/* ]]>*/</script>
</head>
<body>
<div id="content">
<div id="head">
<b>Web</b>Crypto<br>
</div>
<div id="start" onclick="start();">RUN ALL</div>
<div id="resultDiv" class="content">
Summary:
<span class="pass"><span id="passN">0</span> passed, </span>
<span class="fail"><span id="failN">0</span> failed, </span>
<span class="pending"><span id="pendingN">0</span> pending.</span>
<br/>
<br/>
<table id="results">
<tr>
<th>Test</th>
<th>Result</th>
<th>Time</th>
</tr>
</table>
</div>
<div id="foot"></div>
</div>
</body>
</html>