OLD | NEW |
| (Empty) |
1 <!DOCTYPE html> | |
2 <html> | |
3 <head> | |
4 <script src="../../resources/js-test.js"></script> | |
5 <script src="resources/common.js"></script> | |
6 </head> | |
7 <body> | |
8 <p id="description"></p> | |
9 <div id="console"></div> | |
10 | |
11 <script> | |
12 description("Tests deriveKey() using ECDH to make HMAC keys"); | |
13 | |
14 jsTestIsAsync = true; | |
15 | |
16 // The test data uses a public key and private key (from different key pairs) fo
r the P-521 curve. | |
17 var privateKeyJwk = { | |
18 "kty":"EC", | |
19 "crv":"P-521", | |
20 "d":"AI_Zu5xisuK-IIz85dTSoqaQSTxN1I88l05myJJ0ZYFMdQ2VmjFOIUTonKGG97yOGmikyi
d-6F48d7iI1zF6VRk7", | |
21 "x":"ACw6DX7wqwHVO-JzyOet0B-r10YVLv5R5q_IfiWCzclg0u_x57NCtOcFCFpM2ZnS22tyYj
Zb0gBHGcgUE_I-h-6s", | |
22 "y":"Actm2tCHBPOKLZMpJV3DaVOluln9zBsE2I0g6iV73I4M-liqA1rLSJN8q-vcSQtZF0Jvzw
uvGkGuTbvT_DaRQ2pf" | |
23 }; | |
24 | |
25 var publicKeyJwk = { | |
26 "kty":"EC", | |
27 "crv":"P-521", | |
28 "x":"ADRllQ0B7icrnJ7ib2r-CXvymGFiC_3f6_o0SzLMBIggM8ndQm9l768SToMy1hUo64JsofGS
Q37P4CRqT_QeivBD", | |
29 "y":"ALKEzew1Xe4Sv86lZVqb2xxZ0l7WrE3DPJ93fUtSPih5iH8jg0GPDKMVoA5ffFmqPwbdgS2B
K18PBFIT7QDGb2Zx" | |
30 }; | |
31 | |
32 // This is the full 528 bits of key data derived by ECDH using the above keys | |
33 // (only part of it will be used for these tests). In practice it wouldn't be a | |
34 // good idea to make a key directly from ECDH | |
35 // output without first going through a KDF, but this is just testing the API. | |
36 var fullDerivedBytesHex = "0117D54D84379D0FD385BE068455A77A5366AB534FF172AB0A121
F37D180DCCD19607ABB0C41CB9F6F12B01303AC4A69DC2D1D05180181FD496D9769B46BFFEC3425" | |
37 | |
38 function importEcKeys() { | |
39 var keys = {}; | |
40 | |
41 debug("Importing the private key...\n"); | |
42 | |
43 return crypto.subtle.importKey("jwk", privateKeyJwk, {name: 'ECDH', namedCur
ve: "P-521"}, false, ["deriveKey"]).then(function(result) { | |
44 keys.private = result; | |
45 | |
46 debug("Importing the public key...\n"); | |
47 return crypto.subtle.importKey("jwk", publicKeyJwk, {name: 'ECDH', named
Curve: "P-521"}, false, []); | |
48 }).then(function(result) { | |
49 keys.public = result; | |
50 return keys; | |
51 }); | |
52 } | |
53 | |
54 var ecKeys = null; | |
55 | |
56 importEcKeys().then(function(result) { | |
57 ecKeys = result; | |
58 | |
59 // Derive an HMAC SHA-1 128-bit key having the 'sign' usage. | |
60 debug("Deriving an HMAC 136 bit key...\n"); | |
61 var algorithm = {name: 'ecdh', public: ecKeys.public}; | |
62 var derivedAlgorithm = {name: 'hmac', hash: "sha-1", length: 136}; | |
63 var extractable = true; | |
64 var usages = ['sign']; | |
65 | |
66 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
67 }).then(function(result) { | |
68 key = result; | |
69 | |
70 // Verify the key's properties. | |
71 shouldEvaluateAs("key.type", "secret"); | |
72 shouldEvaluateAs("key.extractable", true); | |
73 shouldEvaluateAs("key.algorithm.name", "HMAC"); | |
74 shouldEvaluateAs("key.algorithm.hash.name", "SHA-1"); | |
75 shouldEvaluateAs("key.algorithm.length", 136); | |
76 shouldEvaluateAs("key.usages.join(',')", "sign"); | |
77 | |
78 // Export the key and check its bytes. | |
79 return crypto.subtle.exportKey("raw", key); | |
80 }).then(function(result) { | |
81 bytesShouldMatchHexString("Derived Bytes", fullDerivedBytesHex.substr(0, 34)
, result); | |
82 | |
83 // Derive an HMAC SHA-256 key having the 'sign, verify' usage. Use default l
ength. | |
84 debug("Deriving an HMAC 256 bit key...\n"); | |
85 var algorithm = {name: 'ecdh', public: ecKeys.public}; | |
86 var derivedAlgorithm = {name: 'hmac', hash: "sha-256"} | |
87 var extractable = true; | |
88 var usages = ['sign', 'verify']; | |
89 | |
90 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
91 }).then(function(result) { | |
92 key = result; | |
93 | |
94 // Verify the key's properties. | |
95 shouldEvaluateAs("key.type", "secret"); | |
96 shouldEvaluateAs("key.extractable", true); | |
97 shouldEvaluateAs("key.algorithm.name", "HMAC"); | |
98 shouldEvaluateAs("key.algorithm.hash.name", "SHA-256"); | |
99 shouldEvaluateAs("key.algorithm.length", 512); | |
100 shouldEvaluateAs("key.usages.join(',')", "sign,verify"); | |
101 | |
102 // Export the key and check its bytes. | |
103 return crypto.subtle.exportKey("raw", key); | |
104 }).then(function(result) { | |
105 bytesShouldMatchHexString("Derived Bytes", fullDerivedBytesHex.substr(0, 128
), result); | |
106 | |
107 // Derive an HMAC 256 bit key having the 'verify' usage and non-extractable | |
108 debug("Deriving an HMAC 256 bit key...\n"); | |
109 var algorithm = {name: 'ecdh', public: ecKeys.public}; | |
110 var derivedAlgorithm = {name: 'HMAC', hash: 'sha-256', length: 256} | |
111 var extractable = false; | |
112 var usages = ['verify']; | |
113 | |
114 return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm,
extractable, usages); | |
115 }).then(function(result) { | |
116 key = result; | |
117 | |
118 // Verify the key's properties. | |
119 shouldEvaluateAs("key.type", "secret"); | |
120 shouldEvaluateAs("key.extractable", false); | |
121 shouldEvaluateAs("key.algorithm.name", "HMAC"); | |
122 shouldEvaluateAs("key.algorithm.hash.name", "SHA-256"); | |
123 shouldEvaluateAs("key.algorithm.length", 256); | |
124 shouldEvaluateAs("key.usages.join(',')", "verify"); | |
125 }).then(finishJSTest, failAndFinishJSTest); | |
126 | |
127 </script> | |
128 | |
129 </body> | |
130 </html> | |
OLD | NEW |