OLD | NEW |
| (Empty) |
1 <!DOCTYPE html> | |
2 <html> | |
3 <head> | |
4 <script src="../../resources/js-test.js"></script> | |
5 <script src="resources/common.js"></script> | |
6 </head> | |
7 <body> | |
8 <p id="description"></p> | |
9 <div id="console"></div> | |
10 | |
11 <script> | |
12 description("Tests deriveKey() using ECDH to make AES keys"); | |
13 | |
14 jsTestIsAsync = true; | |
15 | |
16 // The test data uses a public key and private key (from different key pairs) fo
r the P-521 curve. | |
17 var privateKeyJwk = { | |
18 "kty":"EC", | |
19 "crv":"P-521", | |
20 "d":"AI_Zu5xisuK-IIz85dTSoqaQSTxN1I88l05myJJ0ZYFMdQ2VmjFOIUTonKGG97yOGmikyi
d-6F48d7iI1zF6VRk7", | |
21 "x":"ACw6DX7wqwHVO-JzyOet0B-r10YVLv5R5q_IfiWCzclg0u_x57NCtOcFCFpM2ZnS22tyYj
Zb0gBHGcgUE_I-h-6s", | |
22 "y":"Actm2tCHBPOKLZMpJV3DaVOluln9zBsE2I0g6iV73I4M-liqA1rLSJN8q-vcSQtZF0Jvzw
uvGkGuTbvT_DaRQ2pf" | |
23 }; | |
24 | |
25 var publicKeyJwk = { | |
26 "kty":"EC", | |
27 "crv":"P-521", | |
28 "x":"ADRllQ0B7icrnJ7ib2r-CXvymGFiC_3f6_o0SzLMBIggM8ndQm9l768SToMy1hUo64JsofGS
Q37P4CRqT_QeivBD", | |
29 "y":"ALKEzew1Xe4Sv86lZVqb2xxZ0l7WrE3DPJ93fUtSPih5iH8jg0GPDKMVoA5ffFmqPwbdgS2B
K18PBFIT7QDGb2Zx" | |
30 }; | |
31 | |
32 // This is the full 528 bits of key data derived by ECDH using the above keys | |
33 // (only part of it will be used for these tests). In practice it wouldn't be a | |
34 // good idea to make a key directly from ECDH | |
35 // output without first going through a KDF, but this is just testing the API. | |
36 var fullDerivedBytesHex = "0117D54D84379D0FD385BE068455A77A5366AB534FF172AB0A121
F37D180DCCD19607ABB0C41CB9F6F12B01303AC4A69DC2D1D05180181FD496D9769B46BFFEC3425" | |
37 | |
38 function importEcKeys() { | |
39 var keys = {}; | |
40 | |
41 debug("Importing the private key...\n"); | |
42 | |
43 return crypto.subtle.importKey("jwk", privateKeyJwk, {name: 'ECDH', namedCur
ve: "P-521"}, false, ["deriveKey"]).then(function(result) { | |
44 keys.private = result; | |
45 | |
46 debug("Importing the public key...\n"); | |
47 return crypto.subtle.importKey("jwk", publicKeyJwk, {name: 'ECDH', named
Curve: "P-521"}, false, []); | |
48 }).then(function(result) { | |
49 keys.public = result; | |
50 return keys; | |
51 }); | |
52 } | |
53 | |
54 var ecKeys = null; | |
55 | |
56 importEcKeys().then(function(result) { | |
57 ecKeys = result; | |
58 | |
59 // Derive an AES-CBC 128 bit key having the 'encrypt' usage. | |
60 debug("Deriving an AES 128 bit key...\n"); | |
61 var algorithm = {name: 'ecdh', public: ecKeys.public}; | |
62 var derivedAlgorithm = {name: 'aes-cbc', length: 128}; | |
63 var extractable = true; | |
64 var usages = ['encrypt']; | |
65 | |
66 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
67 }).then(function(result) { | |
68 key = result; | |
69 | |
70 // Verify the key's properties. | |
71 shouldEvaluateAs("key.type", "secret"); | |
72 shouldEvaluateAs("key.extractable", true); | |
73 shouldEvaluateAs("key.algorithm.name", "AES-CBC"); | |
74 shouldEvaluateAs("key.algorithm.length", 128); | |
75 shouldEvaluateAs("key.usages.join(',')", "encrypt"); | |
76 | |
77 // Export the key and check its bytes. | |
78 return crypto.subtle.exportKey("raw", key); | |
79 }).then(function(result) { | |
80 bytesShouldMatchHexString("Derived Bytes", fullDerivedBytesHex.substr(0, 32)
, result); | |
81 | |
82 // Derive an AES-CBC 256 bit key having the 'encrypt, decrypt' usage. | |
83 debug("Deriving an AES 256 bit key...\n"); | |
84 var algorithm = {name: 'ecdh', public: ecKeys.public}; | |
85 var derivedAlgorithm = {name: 'aes-cbc', length: 256}; | |
86 var extractable = true; | |
87 var usages = ['encrypt', 'decrypt']; | |
88 | |
89 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
90 }).then(function(result) { | |
91 key = result; | |
92 | |
93 // Verify the key's properties. | |
94 shouldEvaluateAs("key.type", "secret"); | |
95 shouldEvaluateAs("key.extractable", true); | |
96 shouldEvaluateAs("key.algorithm.name", "AES-CBC"); | |
97 shouldEvaluateAs("key.algorithm.length", 256); | |
98 shouldEvaluateAs("key.usages.join(',')", "encrypt,decrypt"); | |
99 | |
100 // Export the key and check its bytes. | |
101 return crypto.subtle.exportKey("raw", key); | |
102 }).then(function(result) { | |
103 bytesShouldMatchHexString("Derived Bytes", fullDerivedBytesHex.substr(0, 64)
, result); | |
104 | |
105 // Derive an AES-CBC 256 bit key having the 'decrypt' usage and non-extracta
ble | |
106 debug("Deriving an AES 256 bit key...\n"); | |
107 var algorithm = {name: 'ecdh', public: ecKeys.public}; | |
108 var derivedAlgorithm = {name: 'aes-cbc', length: 256}; | |
109 var extractable = false; | |
110 var usages = ['decrypt']; | |
111 | |
112 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
113 }).then(function(result) { | |
114 key = result; | |
115 | |
116 // Verify the key's properties. | |
117 shouldEvaluateAs("key.type", "secret"); | |
118 shouldEvaluateAs("key.extractable", false); | |
119 shouldEvaluateAs("key.algorithm.name", "AES-CBC"); | |
120 shouldEvaluateAs("key.algorithm.length", 256); | |
121 shouldEvaluateAs("key.usages.join(',')", "decrypt"); | |
122 }).then(finishJSTest, failAndFinishJSTest); | |
123 | |
124 </script> | |
125 | |
126 </body> | |
127 </html> | |
OLD | NEW |