Webcrypto: add layout tests for HKDF algorithm

LayoutTests/crypto/subtle/hkdf-deriveBits-failures.html

+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../resources/js-test.js"></script>
+<script src="resources/common.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+
+<script>
+description("Test bad inputs to HKDF deriveBits()");
+
+jsTestIsAsync = true;
+
+kHkdfKey = "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b";
+
+var extractable = true;
+Promise.resolve(null).then(function(result) {
+  // set up the test by creating an HKDF key and an RSA key

[eroman, 2014/12/23 23:29:39]

This comment is incorrect

[nharper, 2015/01/06 23:51:59]

Done.

+  return crypto.subtle.importKey("raw", hexStringToUint8Array(kHkdfKey), {name: "HKDF"}, extractable, ['deriveKey', 'deriveBits']);

[eroman, 2014/12/23 23:29:39]

4 space indentation throughout

[nharper, 2015/01/06 23:51:59]

Done.

+}).then(function(result) {
+  hkdfKey = result;
+
+  return crypto.subtle.generateKey({name: "ECDH", namedCurve: "P-256"}, true, ['deriveBits']);
+}).then(function(result) {
+  ecdhKey = result;
+
+  // Should throw a NotSupportedError if hash does not describe a recognized
+  // algorithm that supports the digest operation.
+  debug("\nderiveBits() with an unsupported hash...");
+  return crypto.subtle.deriveBits({name: "HKDF", hash: "HMAC", salt: new Uint8Array(), info: new Uint8Array()}, hkdfKey, 8);
+}).then(failAndFinishJSTest, function(result) {
+  logError(result);
+
+  // Should throw an InvalidAccessError if key doesn't match the algorithm
+  debug("\nderiveBits() with a key that doesn't match the algorithm...");
+  return crypto.subtle.deriveBits({name: "HKDF", hash: "SHA-256", salt: new Uint8Array(), info: new Uint8Array()}, ecdhKey.privateKey, 8);
+}).then(failAndFinishJSTest, function(result) {
+  logError(result);
+
+  // Should throw an OperationError if the key derivation operation fails.
+  // The key derivation operation will fail here because the length is too long.
+  //
+  // The maximum length (in bytes) of output material for HKDF is 255 times the
+  // digest length. In this case, the digest length (in bytes) of SHA-256 is 32;
+  // 32*255 = 8160. deriveBits expects the length to be in bits, so 8160*8=65280
+  // and add 1 to exceed the maximum length.
+  debug("\nderiveBits() with requested length too long...");
+  return crypto.subtle.deriveBits({name: "HKDF", hash: "SHA-256", salt: new Uint8Array(), info: new Uint8Array()}, hkdfKey, 65281);
+}).then(failAndFinishJSTest, function(result) {
+  logError(result);
+
+  // TODO: move this out of this file

[eroman, 2014/12/23 23:29:39]

(1) WebKit uses FIXME: style.
(2) This seems like it should be addressed now. This is not a failure.

[nharper, 2015/01/06 23:51:59]

Done.

+  // Create a key with only deriveKey usages.
+  return crypto.subtle.importKey("raw", hexStringToUint8Array(kHkdfKey), {name: "HKDF"}, extractable, ['deriveKey']);
+}).then(function(result) {
+  derivingKey = result;
+
+  return crypto.subtle.deriveKey({name: "HKDF", hash: "SHA-256", salt: new Uint8Array(), info: new Uint8Array()}, derivingKey, {name: "AES-GCM", length: 256}, extractable, ['encrypt']);
+}).then(function(result) {
+  derivedKey = result;
+
+  shouldEvaluateAs("derivedKey.type", "secret");
+  shouldEvaluateAs("derivedKey.extractable", true);
+  shouldEvaluateAs("derivedKey.algorithm.name", "AES-GCM");
+  shouldEvaluateAs("derivedKey.usages.join(',')", "encrypt");
+}).then(finishJSTest, failAndFinishJSTest);
+
+</script>
+
+</body>
+</html>