LayoutTests/crypto/subtle/pbkdf2-deriveBits.html - Issue 820523003: [webcrypto] Implement PBKDF2 (blink-side)

Side by Side Diff: LayoutTests/crypto/subtle/pbkdf2-deriveBits.html

Issue 820523003: [webcrypto] Implement PBKDF2 (blink-side) (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Add comments to the new tests in LayoutTests/crypto/subtle/pbkdf2-deriveBits.html Created 5 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« LayoutTests/crypto/subtle/clone-pbkdf2Key.html ('K') | « LayoutTests/crypto/subtle/clone-pbkdf2Key-expected.txt ('k') | LayoutTests/crypto/subtle/pbkdf2-deriveBits-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 <!DOCTYPE html>

	2 <html>

	3 <head>

	4 <script src="../../resources/js-test.js"></script>

	5 <script src="resources/common.js"></script>

	6 </head>

	7 <body>

	8 <p id="description"></p>

	9 <div id="console"></div>

	10

	11 <script>

	12 description("Tests importKey/deriveBits for PBKDF2");

	13

	14 jsTestIsAsync = true;

	15

	16 // -------------------------------------------------

	17 // Successful password import and bits derivation

	18 // -------------------------------------------------

	19

	20 // Test vectors were copied from:

	21 // https://tools.ietf.org/html/rfc6070
	eroman 2015/01/15 22:28:57 Not all of the test vectors are from here, please Not all of the test vectors are from here, please make the comment clearer on which tests are from rfc6070 xun.sun 2015/01/16 03:36:59 Done. Separated the tests into 2 files, one for rf Show quoted text On 2015/01/15 22:28:57, eroman wrote: > Not all of the test vectors are from here, please make the comment clearer on > which tests are from rfc6070 Done. Separated the tests into 2 files, one for rfc6070, and one for the others.
	22 //

	23

	24 var kPbkdf2SuccessVectors = [

	25 {

	26 password: "password",

	27 salt: "salt",

	28 c: 1,

	29 dkLen: 20,

	30 hash: "SHA-1",

	31 derived_key: "0c60c80f961f0e71f3a9b524af6012062fe037a6"

	32 },

	33

	34 {

	35 password: "password",

	36 salt: "salt",

	37 c: 2,

	38 dkLen: 20,

	39 hash: "SHA-1",

	40 derived_key: "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957"

	41 },

	42

	43 {

	44 password: "password",

	45 salt: "salt",

	46 c: 4096,

	47 dkLen: 20,

	48 hash: "SHA-1",

	49 derived_key: "4b007901b765489abead49d926f721d065a429c1"

	50 },

	51

	52 {

	53 password: "passwordPASSWORDpassword",

	54 salt: "saltSALTsaltSALTsaltSALTsaltSALTsalt",

	55 c: 4096,

	56 dkLen: 25,

	57 hash: "SHA-1",

	58 derived_key: "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038"

	59 },

	60

	61 {

	62 password: "pass\0word",

	63 salt: "sa\0lt",

	64 c: 4096,

	65 dkLen: 16,

	66 hash: "SHA-1",

	67 derived_key: "56fa6aa75548099dcc37d7f03425e0c3"

	68 },

	69

	70 // Non-ascii password
	eroman 2015/01/15 22:28:57 From here on the tests are not from rfc6070. Eith From here on the tests are not from rfc6070. Either indicate as such, or move the rfc6070 tests to their own file. HKDF tests use the naming scheme: hkdf-deriveBits-rfc5869-test-vectors.html So you could consider moving the rfc6070 tests to a similarly named file and then keep these ones here. xun.sun 2015/01/16 03:36:59 Done. Show quoted text On 2015/01/15 22:28:57, eroman wrote: > From here on the tests are not from rfc6070. > > Either indicate as such, or move the rfc6070 tests to their own file. > > HKDF tests use the naming scheme: > hkdf-deriveBits-rfc5869-test-vectors.html > > So you could consider moving the rfc6070 tests to a similarly named file and > then keep these ones here. Done.
	71 {

	72 password: [200, 201, 202, 203, 204, 205, 206, 207],

	73 salt: "salt",

	74 c: 20,

	75 dkLen: 16,

	76 hash: "SHA-1",

	77 derived_key: "a7950c143ec64e2b8d4bb1db8677188b"

	78 },

	79

	80 // Empty salt

	81 {

	82 password: "pass\0word",

	83 salt: "",

	84 c: 20,

	85 dkLen: 16,

	86 hash: "SHA-1",

	87 derived_key: "7deaf8b4a801011c1cd27f36e3bfc962"

	88 },

	89

	90 // SHA-256

	91 {

	92 password: "password",

	93 salt: "salt",

	94 c: 20,

	95 dkLen: 16,

	96 hash: "SHA-256",

	97 derived_key: "83eb100b6a3a975f0fe3ffcdc2419852"

	98 },

	99

	100 // SHA-512

	101 {

	102 password: "password",

	103 salt: "salt",

	104 c: 20,

	105 dkLen: 16,

	106 hash: "SHA-512",

	107 derived_key: "e4dfce3830983830c50c351a0b0f79e1"

	108 },
	eroman 2015/01/15 22:28:58 Please add the empty password case too. Please add the empty password case too. xun.sun 2015/01/16 03:36:59 Done. Added in pbkdf2-deriveBits-empty-password.ht Show quoted text On 2015/01/15 22:28:58, eroman wrote: > Please add the empty password case too. Done. Added in pbkdf2-deriveBits-empty-password.html. The keys derived from empty password turn out to be random. Is this known / expected? eroman 2015/01/16 04:05:23 Not expected, it looks like a bug in BoringSSL (wh Show quoted text On 2015/01/16 03:36:59, xun.sun wrote: > On 2015/01/15 22:28:58, eroman wrote: > > Please add the empty password case too. > > Done. Added in pbkdf2-deriveBits-empty-password.html. > > The keys derived from empty password turn out to be random. Is this known / > expected? Not expected, it looks like a bug in BoringSSL (which is precisely why I wanted this test :) I will follow-up on that bug.
	109 ];

	110

	111 function runPbkdf2SuccessTestCase(testCase)

	112 {

	113 var algorithm = {name: 'PBKDF2'};

	114

	115 var key = null;

	116 var password = null;

	117 if (typeof testCase.password === 'string')

	118 password = asciiToUint8Array(testCase.password);

	119 else if (Array.isArray(testCase.password))

	120 password = new Uint8Array(testCase.password);

	121

	122 var usages = ['deriveBits', 'deriveKey'];

	123 var extractable = false;

	124

	125 var params = {

	126 name: 'PBKDF2',

	127 salt: asciiToUint8Array(testCase.salt),

	128 iterations: testCase.c,

	129 hash: {name: testCase.hash}

	130 };

	131 // (1) Import the password

	132 return crypto.subtle.importKey('raw', password, algorithm, extractable, usag es).then(function(result) {

	133 key = result;

	134 // shouldBe() can only resolve variables in global context.

	135 tmpKey = key;

	136 shouldEvaluateAs("tmpKey.type", "secret");

	137 shouldEvaluateAs("tmpKey.extractable", false);

	138 shouldEvaluateAs("tmpKey.algorithm.name", "PBKDF2");

	139 shouldEvaluateAs("tmpKey.usages.join(',')", "deriveKey,deriveBits");

	140

	141 // (2) Derive bits

	142 return crypto.subtle.deriveBits(params, key, testCase.dkLen*8);

	143 }).then(function(result) {

	144 bytesShouldMatchHexString("deriveBits", testCase.derived_key, result);

	145 return crypto.subtle.deriveBits(params, key, 0);

	146 }).then(function(result) {

	147 derivedBits = result;

	148 shouldBe("derivedBits.byteLength", "0");

	149 });

	150 }

	151

	152 var lastPromise = Promise.resolve(null);

	153

	154 kPbkdf2SuccessVectors.forEach(function(test) {

	155 lastPromise = lastPromise.then(runPbkdf2SuccessTestCase.bind(null, test));

	156 });

	157

	158 lastPromise.then(finishJSTest, failAndFinishJSTest);

	159

	160 </script>

	161

	162 </body>

	163 </html>

OLD	NEW