OLD | NEW |
| (Empty) |
1 <!DOCTYPE html> | |
2 <html> | |
3 <head> | |
4 <script src="../resources/js-test.js"></script> | |
5 <script src="resources/common.js"></script> | |
6 </head> | |
7 <body> | |
8 <p id="description"></p> | |
9 <div id="console"></div> | |
10 | |
11 <script> | |
12 description("Tests deriveKey() with various bad parameters for ECDH"); | |
13 | |
14 jsTestIsAsync = true; | |
15 | |
16 // The test data uses a public key and private key (from different key pairs) fo
r the P-521 curve. | |
17 var privateKeyJwk = { | |
18 "kty":"EC", | |
19 "crv":"P-521", | |
20 "d":"AI_Zu5xisuK-IIz85dTSoqaQSTxN1I88l05myJJ0ZYFMdQ2VmjFOIUTonKGG97yOGmikyi
d-6F48d7iI1zF6VRk7", | |
21 "x":"ACw6DX7wqwHVO-JzyOet0B-r10YVLv5R5q_IfiWCzclg0u_x57NCtOcFCFpM2ZnS22tyYj
Zb0gBHGcgUE_I-h-6s", | |
22 "y":"Actm2tCHBPOKLZMpJV3DaVOluln9zBsE2I0g6iV73I4M-liqA1rLSJN8q-vcSQtZF0Jvzw
uvGkGuTbvT_DaRQ2pf" | |
23 }; | |
24 | |
25 var publicKeyJwk = { | |
26 "kty":"EC", | |
27 "crv":"P-521", | |
28 "x":"ADRllQ0B7icrnJ7ib2r-CXvymGFiC_3f6_o0SzLMBIggM8ndQm9l768SToMy1hUo64JsofGS
Q37P4CRqT_QeivBD", | |
29 "y":"ALKEzew1Xe4Sv86lZVqb2xxZ0l7WrE3DPJ93fUtSPih5iH8jg0GPDKMVoA5ffFmqPwbdgS2B
K18PBFIT7QDGb2Zx" | |
30 }; | |
31 | |
32 var privateKey384Jwk = { | |
33 "kty": "EC", | |
34 "crv": "P-384", | |
35 "d": "pJLOj6kAhMIn4aMveXTTnp_2en6HBew0GbNftgdYK-vUYeCxUgrHbsLdTptj665x", | |
36 "x": "5V_ubEnY1SP1znv5wEJc5P9lBwi33lz7CVkBUjl5p_BCYC2zCFRzU2mBO1w_Xvho", | |
37 "y": "KPWcxdxQmJKpiNOKjiUZ3j0MT9D72wmT448YUGwXYGxeJCSSRvHOlJg6U2HFvpg-" | |
38 }; | |
39 | |
40 function importEcKeys() { | |
41 var keys = {}; | |
42 | |
43 debug("Importing the private key..."); | |
44 | |
45 return crypto.subtle.importKey("jwk", privateKeyJwk, {name: 'ECDH', namedCur
ve: "P-521"}, false, ["deriveKey"]).then(function(result) { | |
46 keys.private = result; | |
47 | |
48 debug("Importing the public key..."); | |
49 return crypto.subtle.importKey("jwk", publicKeyJwk, {name: 'ECDH', named
Curve: "P-521"}, false, []); | |
50 }).then(function(result) { | |
51 keys.public = result; | |
52 | |
53 // Same as keys.private but with deriveBits instead of deriveKey. | |
54 return crypto.subtle.importKey("jwk", privateKeyJwk, {name: 'ECDH', name
dCurve: "P-521"}, false, ["deriveBits"]); | |
55 }).then(function(result) { | |
56 keys.privateNoDeriveKey = result; | |
57 | |
58 // Import a P-384 private key. | |
59 return crypto.subtle.importKey("jwk", privateKey384Jwk, {name: 'ECDH', n
amedCurve: "P-384"}, false, ["deriveKey"]); | |
60 }).then(function(result) { | |
61 keys.private384 = result; | |
62 | |
63 // Import the private key as ECDSA. | |
64 return crypto.subtle.importKey("jwk", publicKeyJwk, {name: 'ECDSA', name
dCurve: "P-521"}, false, ["verify"]); | |
65 }).then(function(result) { | |
66 keys.publicEcdsa = result; | |
67 | |
68 // Import an AES key | |
69 return crypto.subtle.importKey("raw", new Uint8Array(16), "aes-cbc", tru
e, ["encrypt"]); | |
70 }).then(function(result) { | |
71 keys.aes = result; | |
72 | |
73 return keys; | |
74 }); | |
75 } | |
76 | |
77 var ecKeys = null; | |
78 | |
79 importEcKeys().then(function(result) { | |
80 ecKeys = result; | |
81 | |
82 debug("\nDeriving an AES key with no length..."); | |
83 var algorithm = {name: 'ecdh', public: ecKeys.public}; | |
84 var derivedAlgorithm = {name: 'aes-cbc'}; | |
85 var extractable = true; | |
86 var usages = ['encrypt']; | |
87 | |
88 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
89 }).then(failAndFinishJSTest, function(result) { | |
90 logError(result); | |
91 | |
92 debug("\nDeriving an AES key with bad length..."); | |
93 var algorithm = {name: 'ecdh', public: ecKeys.public}; | |
94 var derivedAlgorithm = {name: 'aes-cbc', length: 120}; | |
95 var extractable = true; | |
96 var usages = ['encrypt']; | |
97 | |
98 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
99 }).then(failAndFinishJSTest, function(result) { | |
100 logError(result); | |
101 | |
102 debug("\nDeriving an AES key with unsupported length..."); | |
103 var algorithm = {name: 'ecdh', public: ecKeys.public}; | |
104 var derivedAlgorithm = {name: 'aes-cbc', length: 192}; | |
105 var extractable = true; | |
106 var usages = ['encrypt']; | |
107 | |
108 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
109 }).then(function(failAndFinishJSTest, result) { | |
110 logError(result); | |
111 | |
112 debug("\nDeriving an AES-CBC key with unsupported usage (sign)..."); | |
113 var algorithm = {name: 'ecdh', public: ecKeys.public}; | |
114 var derivedAlgorithm = {name: 'aes-cbc', length: 128}; | |
115 var extractable = true; | |
116 var usages = ['sign']; // Not valid for AES-CBC. | |
117 | |
118 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
119 }).then(failAndFinishJSTest, function(result) { | |
120 logError(result); | |
121 | |
122 debug("\nDeriving using an ECDH key that has deriveBits but NOT deriveKey...
usage"); | |
123 var algorithm = {name: 'ecdh', public: ecKeys.public}; | |
124 var derivedAlgorithm = {name: 'aes-cbc', length: 128}; | |
125 var extractable = true; | |
126 var usages = ['encrypt']; | |
127 | |
128 return crypto.subtle.deriveKey(algorithm, ecKeys.privateNoDeriveKey, derived
Algorithm, extractable, usages); | |
129 }).then(failAndFinishJSTest, function(result) { | |
130 logError(result); | |
131 | |
132 debug("\nDeriving using public instead of private key..."); | |
133 var algorithm = {name: 'ecdh', public: ecKeys.public}; | |
134 var derivedAlgorithm = {name: 'aes-cbc', length: 128}; | |
135 var extractable = true; | |
136 var usages = ['encrypt']; | |
137 | |
138 return crypto.subtle.deriveKey(algorithm, ecKeys.public, derivedAlgorithm, e
xtractable, usages); | |
139 }).then(failAndFinishJSTest, function(result) { | |
140 logError(result); | |
141 | |
142 debug("\nDeriving using private instead of public key..."); | |
143 var algorithm = {name: 'ecdh', public: ecKeys.private}; | |
144 var derivedAlgorithm = {name: 'aes-cbc', length: 128}; | |
145 var extractable = true; | |
146 var usages = ['encrypt']; | |
147 | |
148 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
149 }).then(failAndFinishJSTest, function(result) { | |
150 logError(result); | |
151 | |
152 debug("\nDeriving a key larger than the field size of P-521..."); | |
153 var algorithm = {name: 'ecdh', public: ecKeys.public}; | |
154 var derivedAlgorithm = {name: 'HMAC', hash: "sha-1", length: 1024}; | |
155 var extractable = true; | |
156 var usages = ['sign']; | |
157 | |
158 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
159 }).then(failAndFinishJSTest, function(result) { | |
160 logError(result); | |
161 | |
162 debug("\nDeriving a zero-length HMAC key..."); | |
163 var algorithm = {name: 'ecdh', public: ecKeys.public}; | |
164 var derivedAlgorithm = {name: 'HMAC', hash: "sha-1", length: 0}; | |
165 var extractable = true; | |
166 var usages = ['sign']; | |
167 | |
168 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
169 }).then(failAndFinishJSTest, function(result) { | |
170 logError(result); | |
171 | |
172 debug("\nDeriving a key larger than field size of P-521, by requesting an HM
AC SHA-512 key with no length..."); | |
173 var algorithm = {name: 'ecdh', public: ecKeys.public}; | |
174 var derivedAlgorithm = {name: 'HMAC', hash: "sha-512"}; | |
175 var extractable = true; | |
176 var usages = ['sign']; | |
177 | |
178 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
179 }).then(failAndFinishJSTest, function(result) { | |
180 logError(result); | |
181 | |
182 debug("\nDeriving a key using mismatched curves on public/private keys..."); | |
183 var algorithm = {name: 'ecdh', public: ecKeys.public}; | |
184 var derivedAlgorithm = {name: 'HMAC', hash: "sha-1"}; | |
185 var extractable = true; | |
186 var usages = ['sign']; | |
187 | |
188 return crypto.subtle.deriveKey(algorithm, ecKeys.private384, derivedAlgorith
m, extractable, usages); | |
189 }).then(failAndFinishJSTest, function(result) { | |
190 logError(result); | |
191 | |
192 debug("\nDeriving a key using a public EC key for different algorithm (ECDSA
)..."); | |
193 var algorithm = {name: 'ecdh', public: ecKeys.publicEcdsa}; | |
194 var derivedAlgorithm = {name: 'HMAC', hash: "sha-1"}; | |
195 var extractable = true; | |
196 var usages = ['sign']; | |
197 | |
198 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
199 }).then(failAndFinishJSTest, function(result) { | |
200 logError(result); | |
201 | |
202 debug("\nDeriving a key using an AES key for public key..."); | |
203 var algorithm = {name: 'ecdh', public: ecKeys.aes}; | |
204 var derivedAlgorithm = {name: 'HMAC', hash: "sha-1"}; | |
205 var extractable = true; | |
206 var usages = ['sign']; | |
207 | |
208 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
209 }).then(failAndFinishJSTest, function(result) { | |
210 logError(result); | |
211 | |
212 debug("\nDeriving a key without specifying the \"public\" parameter..."); | |
213 var algorithm = {name: 'ecdh'}; | |
214 var derivedAlgorithm = {name: 'HMAC', hash: "sha-1"}; | |
215 var extractable = true; | |
216 var usages = ['sign']; | |
217 | |
218 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
219 }).then(failAndFinishJSTest, function(result) { | |
220 logError(result); | |
221 | |
222 debug("\nDeriving a key having specified a bogus \"public\" parameter..."); | |
223 var algorithm = {name: 'ecdh', public: -1}; | |
224 var derivedAlgorithm = {name: 'HMAC', hash: "sha-1"}; | |
225 var extractable = true; | |
226 var usages = ['sign']; | |
227 | |
228 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
229 }).then(failAndFinishJSTest, function(result) { | |
230 logError(result); | |
231 | |
232 debug("\nDeriving an ECDH key using ECDH..."); | |
233 var algorithm = {name: 'ecdh', public: ecKeys.public}; | |
234 var derivedAlgorithm = {name: 'ECDH', namedCurve: "P-256"}; | |
235 var extractable = true; | |
236 var usages = ['deriveBits']; | |
237 | |
238 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
239 }).then(failAndFinishJSTest, function(result) { | |
240 logError(result); | |
241 | |
242 debug("\nDeriving an RSA-OAEP key using ECDH..."); | |
243 var algorithm = {name: 'ecdh', public: ecKeys.public}; | |
244 var derivedAlgorithm = {name: 'RSA-OAEP', hash: "sha-1"}; | |
245 var extractable = true; | |
246 var usages = ['encrypt']; | |
247 | |
248 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
249 }).then(failAndFinishJSTest, function(result) { | |
250 logError(result); | |
251 | |
252 debug(""); | |
253 }).then(finishJSTest, failAndFinishJSTest); | |
254 | |
255 </script> | |
256 | |
257 </body> | |
258 </html> | |
OLD | NEW |