[webcrypto] Implement PBKDF2 (blink-side)

LayoutTests/crypto/subtle/pbkdf2-deriveBits.html

Index: LayoutTests/crypto/subtle/pbkdf2-deriveBits.html
diff --git a/LayoutTests/crypto/subtle/pbkdf2-deriveBits.html b/LayoutTests/crypto/subtle/pbkdf2-deriveBits.html
new file mode 100644
index 0000000000000000000000000000000000000000..d13993cb51f88ae9e0eb81f4213ac0a59f91d2e7
--- /dev/null
+++ b/LayoutTests/crypto/subtle/pbkdf2-deriveBits.html
@@ -0,0 +1,163 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test.js"></script>
+<script src="resources/common.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+
+<script>
+description("Tests importKey/deriveBits for PBKDF2");
+
+jsTestIsAsync = true;
+
+// -------------------------------------------------
+// Successful password import and bits derivation
+// -------------------------------------------------
+
+// Test vectors were copied from:
+//   https://tools.ietf.org/html/rfc6070

[eroman, 2015/01/15 22:28:57]

Not all of the test vectors are from here, please make the comment clearer on
which tests are from rfc6070

[xun.sun, 2015/01/16 03:36:59]

Done. Separated the tests into 2 files, one for rfc6070, and one for the others.

+//
+
+var kPbkdf2SuccessVectors = [
+  {
+    password: "password",
+    salt: "salt",
+    c: 1,
+    dkLen: 20,
+    hash: "SHA-1",
+    derived_key: "0c60c80f961f0e71f3a9b524af6012062fe037a6"
+  },
+
+  {
+    password: "password",
+    salt: "salt",
+    c: 2,
+    dkLen: 20,
+    hash: "SHA-1",
+    derived_key: "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957"
+  },
+
+  {
+    password: "password",
+    salt: "salt",
+    c: 4096,
+    dkLen: 20,
+    hash: "SHA-1",
+    derived_key: "4b007901b765489abead49d926f721d065a429c1"
+  },
+
+  {
+    password: "passwordPASSWORDpassword",
+    salt: "saltSALTsaltSALTsaltSALTsaltSALTsalt",
+    c: 4096,
+    dkLen: 25,
+    hash: "SHA-1",
+    derived_key: "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038"
+  },
+
+  {
+    password: "pass\0word",
+    salt: "sa\0lt",
+    c: 4096,
+    dkLen: 16,
+    hash: "SHA-1",
+    derived_key: "56fa6aa75548099dcc37d7f03425e0c3"
+  },
+
+  // Non-ascii password

[eroman, 2015/01/15 22:28:57]

From here on the tests are not from rfc6070.

Either indicate as such, or move the rfc6070 tests to their own file.

HKDF tests use the naming scheme:
  hkdf-deriveBits-rfc5869-test-vectors.html

So you could consider moving the rfc6070 tests to a similarly named file and
then keep these ones here.

[xun.sun, 2015/01/16 03:36:59]

Done.

+  {
+    password: [200, 201, 202, 203, 204, 205, 206, 207],
+    salt: "salt",
+    c: 20,
+    dkLen: 16,
+    hash: "SHA-1",
+    derived_key: "a7950c143ec64e2b8d4bb1db8677188b"
+  },
+
+  // Empty salt
+  {
+    password: "pass\0word",
+    salt: "",
+    c: 20,
+    dkLen: 16,
+    hash: "SHA-1",
+    derived_key: "7deaf8b4a801011c1cd27f36e3bfc962"
+  },
+
+  // SHA-256
+  {
+    password: "password",
+    salt: "salt",
+    c: 20,
+    dkLen: 16,
+    hash: "SHA-256",
+    derived_key: "83eb100b6a3a975f0fe3ffcdc2419852"
+  },
+
+  // SHA-512
+  {
+    password: "password",
+    salt: "salt",
+    c: 20,
+    dkLen: 16,
+    hash: "SHA-512",
+    derived_key: "e4dfce3830983830c50c351a0b0f79e1"
+  },

[eroman, 2015/01/15 22:28:58]

Please add the empty password case too.

[xun.sun, 2015/01/16 03:36:59]

Done. Added in pbkdf2-deriveBits-empty-password.html.

The keys derived from empty password turn out to be random. Is this known /
expected?

[eroman, 2015/01/16 04:05:23]

Not expected, it looks like a bug in BoringSSL (which is precisely why I wanted
this test :)
I will follow-up on that bug.

+];
+
+function runPbkdf2SuccessTestCase(testCase)
+{
+    var algorithm = {name: 'PBKDF2'};
+
+    var key = null;
+    var password = null;
+    if (typeof testCase.password === 'string')
+        password = asciiToUint8Array(testCase.password);
+    else if (Array.isArray(testCase.password))
+        password = new Uint8Array(testCase.password);
+
+    var usages = ['deriveBits', 'deriveKey'];
+    var extractable = false;
+
+    var params = {
+        name: 'PBKDF2',
+        salt: asciiToUint8Array(testCase.salt),
+        iterations: testCase.c,
+        hash: {name: testCase.hash}
+    };
+    // (1) Import the password
+    return crypto.subtle.importKey('raw', password, algorithm, extractable, usages).then(function(result) {
+        key = result;
+        // shouldBe() can only resolve variables in global context.
+        tmpKey = key;
+        shouldEvaluateAs("tmpKey.type", "secret");
+        shouldEvaluateAs("tmpKey.extractable", false);
+        shouldEvaluateAs("tmpKey.algorithm.name", "PBKDF2");
+        shouldEvaluateAs("tmpKey.usages.join(',')", "deriveKey,deriveBits");
+
+        // (2) Derive bits
+        return crypto.subtle.deriveBits(params, key, testCase.dkLen*8);
+    }).then(function(result) {
+        bytesShouldMatchHexString("deriveBits", testCase.derived_key, result);
+        return crypto.subtle.deriveBits(params, key, 0);
+    }).then(function(result) {
+        derivedBits = result;
+        shouldBe("derivedBits.byteLength", "0");
+    });
+}
+
+var lastPromise = Promise.resolve(null);
+
+kPbkdf2SuccessVectors.forEach(function(test) {
+    lastPromise = lastPromise.then(runPbkdf2SuccessTestCase.bind(null, test));
+});
+
+lastPromise.then(finishJSTest, failAndFinishJSTest);
+
+</script>
+
+</body>
+</html>