[webcrypto] Implement PBKDF2 (blink-side)

LayoutTests/crypto/subtle/pbkdf2-deriveBits.html

Index: LayoutTests/crypto/subtle/pbkdf2-deriveBits.html
diff --git a/LayoutTests/crypto/subtle/pbkdf2-deriveBits.html b/LayoutTests/crypto/subtle/pbkdf2-deriveBits.html
new file mode 100644
index 0000000000000000000000000000000000000000..35ec60c51714a490e2adc896f2f596df4020c3b7
--- /dev/null
+++ b/LayoutTests/crypto/subtle/pbkdf2-deriveBits.html
@@ -0,0 +1,124 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test.js"></script>
+<script src="resources/common.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+
+<script>
+description("Tests importKey/deriveBits for PBKDF2");
+
+jsTestIsAsync = true;
+
+// -------------------------------------------------
+// Successful password import and bits derivation
+// -------------------------------------------------
+
+// Test vectors were copied from:
+//   https://tools.ietf.org/html/rfc6070
+//
+
+var kPbkdf2SuccessVectors = [
+  {
+    password: "password",
+    salt: "salt",
+    c: 1,
+    dkLen: 20,

[eroman, 2015/01/07 06:48:52]

What is the use of dkLen, it looks like it is always equal to
derived_key_full_length.length in these examples

[xun.sun, 2015/01/09 16:17:50]

It is used as key length input to deriveBits() and equal to
derived_key_full_length.length / 2. I think it is clearer to call out the length
than passing derived_key_full_length.length / 2 to deriveBits(). What do you
think?

+    hash: "SHA-1",
+    derived_key_full_length: "0c60c80f961f0e71f3a9b524af6012062fe037a6"
+  },
+
+  {
+    password: "password",
+    salt: "salt",
+    c: 2,
+    dkLen: 20,
+    hash: "SHA-1",
+    derived_key_full_length: "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957"
+  },
+
+  {
+    password: "password",
+    salt: "salt",
+    c: 4096,
+    dkLen: 20,
+    hash: "SHA-1",
+    derived_key_full_length: "4b007901b765489abead49d926f721d065a429c1"
+  },
+
+//  16777216 iterations would timeout
+//  {
+//   password: "password",
+//   salt: "salt",
+//   c: 16777216,
+//   dkLen: 20,
+//   hash: "SHA-1",
+//   derived_key_full_length: "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984"
+//  },
+
+  {
+    password: "passwordPASSWORDpassword",
+    salt: "saltSALTsaltSALTsaltSALTsaltSALTsalt",
+    c: 4096,
+    dkLen: 25,
+    hash: "SHA-1",
+    derived_key_full_length: "3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038"
+  },
+
+  {
+    password: "pass\0word",
+    salt: "sa\0lt",
+    c: 4096,
+    dkLen: 16,
+    hash: "SHA-1",
+    derived_key_full_length: "56fa6aa75548099dcc37d7f03425e0c3"
+  },
+];
+
+function runPbkdf2SuccessTestCase(testCase)
+{
+    var algorithm = {name: 'PBKDF2'};
+
+    var key = null;
+    var password = asciiToUint8Array(testCase.password);
+    var usages = ['deriveBits', 'deriveKey'];
+    var extractable = false;
+
+    var params = {
+        name: 'PBKDF2',
+        salt: asciiToUint8Array(testCase.salt),
+        iterations: testCase.c,
+        hash: {name: testCase.hash}
+    };
+    // (1) Import the password
+    return crypto.subtle.importKey('raw', password, algorithm, extractable, usages).then(function(result) {
+        key = result;
+        // shouldBe() can only resolve variables in global context.
+        tmpKey = key;
+        shouldEvaluateAs("tmpKey.type", "secret");
+        shouldEvaluateAs("tmpKey.extractable", false);
+        shouldEvaluateAs("tmpKey.algorithm.name", "PBKDF2");
+        shouldEvaluateAs("tmpKey.usages.join(',')", "deriveKey,deriveBits");
+
+        // (2) Derive bits
+        return crypto.subtle.deriveBits(params, key, testCase.dkLen*8);
+    }).then(function(result) {
+        bytesShouldMatchHexString("deriveBits", testCase.derived_key_full_length, result);
+    });
+}
+
+var lastPromise = Promise.resolve(null);
+
+kPbkdf2SuccessVectors.forEach(function(test) {
+    lastPromise = lastPromise.then(runPbkdf2SuccessTestCase.bind(null, test));
+});
+
+lastPromise.then(finishJSTest, failAndFinishJSTest);
+
+</script>
+
+</body>
+</html>