chromium/src/third_party/blink/web_tests/crypto/subtle/ecdh/deriveKey-hmac.html - manifest_repos/chromium_src - Git at Google

 <!DOCTYPE html>
 <html>
 <head>
 <script src="../../../resources/js-test.js"></script>
 <script src="../resources/common.js"></script>
 </head>
 <body>
 <p id="description"></p>
 <div id="console"></div>

 <script>
 description("Tests deriveKey() using ECDH to make HMAC keys");

 jsTestIsAsync = true;

 // The test data uses a public key and private key (from different key pairs) for the P-521 curve.
 var privateKeyJwk = {
      "kty":"EC",
      "crv":"P-521",
      "d":"AI_Zu5xisuK-IIz85dTSoqaQSTxN1I88l05myJJ0ZYFMdQ2VmjFOIUTonKGG97yOGmikyid-6F48d7iI1zF6VRk7",
      "x":"ACw6DX7wqwHVO-JzyOet0B-r10YVLv5R5q_IfiWCzclg0u_x57NCtOcFCFpM2ZnS22tyYjZb0gBHGcgUE_I-h-6s",
      "y":"Actm2tCHBPOKLZMpJV3DaVOluln9zBsE2I0g6iV73I4M-liqA1rLSJN8q-vcSQtZF0JvzwuvGkGuTbvT_DaRQ2pf"
  };

 var publicKeyJwk = {
    "kty":"EC",
    "crv":"P-521",
    "x":"ADRllQ0B7icrnJ7ib2r-CXvymGFiC_3f6_o0SzLMBIggM8ndQm9l768SToMy1hUo64JsofGSQ37P4CRqT_QeivBD",
    "y":"ALKEzew1Xe4Sv86lZVqb2xxZ0l7WrE3DPJ93fUtSPih5iH8jg0GPDKMVoA5ffFmqPwbdgS2BK18PBFIT7QDGb2Zx"
 };

 // This is the full 528 bits of key data derived by ECDH using the above keys
 // (only part of it will be used for these tests). In practice it wouldn't be a
 // good idea to make a key directly from ECDH
 // output without first going through a KDF, but this is just testing the API.
 var fullDerivedBytesHex = "0117D54D84379D0FD385BE068455A77A5366AB534FF172AB0A121F37D180DCCD19607ABB0C41CB9F6F12B01303AC4A69DC2D1D05180181FD496D9769B46BFFEC3425"

 function importEcKeys() {
     var keys = {};

     debug("Importing the private key...\n");

     return crypto.subtle.importKey("jwk", privateKeyJwk, {name: 'ECDH', namedCurve: "P-521"}, false, ["deriveKey"]).then(function(result) {
         keys.private = result;

         debug("Importing the public key...\n");
         return crypto.subtle.importKey("jwk", publicKeyJwk, {name: 'ECDH', namedCurve: "P-521"}, false, []);
     }).then(function(result) {
         keys.public = result;
         return keys;
     });
 }

 var ecKeys = null;

 importEcKeys().then(function(result) {
     ecKeys = result;

     // Derive an HMAC SHA-1 128-bit key having the 'sign' usage.
     debug("Deriving an HMAC 136 bit key...\n");
     var algorithm = {name: 'ecdh', public: ecKeys.public};
     var derivedAlgorithm = {name: 'hmac', hash: "sha-1", length: 136};
     var extractable = true;
     var usages = ['sign'];

     return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
 }).then(function(result) {
     key = result;

     // Verify the key's properties.
     shouldEvaluateAs("key.type", "secret");
     shouldEvaluateAs("key.extractable", true);
     shouldEvaluateAs("key.algorithm.name", "HMAC");
     shouldEvaluateAs("key.algorithm.hash.name", "SHA-1");
     shouldEvaluateAs("key.algorithm.length", 136);
     shouldEvaluateAs("key.usages.join(',')", "sign");

     // Export the key and check its bytes.
     return crypto.subtle.exportKey("raw", key);
 }).then(function(result) {
     bytesShouldMatchHexString("Derived Bytes", fullDerivedBytesHex.substr(0, 34), result);

     // Derive an HMAC SHA-256 key having the 'sign, verify' usage. Use default length.
     debug("Deriving an HMAC 256 bit key...\n");
     var algorithm = {name: 'ecdh', public: ecKeys.public};
     var derivedAlgorithm = {name: 'hmac', hash: "sha-256"}
     var extractable = true;
     var usages = ['sign', 'verify'];

     return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
 }).then(function(result) {
     key = result;

     // Verify the key's properties.
     shouldEvaluateAs("key.type", "secret");
     shouldEvaluateAs("key.extractable", true);
     shouldEvaluateAs("key.algorithm.name", "HMAC");
     shouldEvaluateAs("key.algorithm.hash.name", "SHA-256");
     shouldEvaluateAs("key.algorithm.length", 512);
     shouldEvaluateAs("key.usages.join(',')", "sign,verify");

     // Export the key and check its bytes.
     return crypto.subtle.exportKey("raw", key);
 }).then(function(result) {
     bytesShouldMatchHexString("Derived Bytes", fullDerivedBytesHex.substr(0, 128), result);

     // Derive an HMAC 256 bit key having the 'verify' usage and non-extractable
     debug("Deriving an HMAC 256 bit key...\n");
     var algorithm = {name: 'ecdh', public: ecKeys.public};
     var derivedAlgorithm = {name: 'HMAC', hash: 'sha-256', length: 256}
     var extractable = false;
     var usages = ['verify'];

     return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
 }).then(function(result) {
     key = result;

     // Verify the key's properties.
     shouldEvaluateAs("key.type", "secret");
     shouldEvaluateAs("key.extractable", false);
     shouldEvaluateAs("key.algorithm.name", "HMAC");
     shouldEvaluateAs("key.algorithm.hash.name", "SHA-256");
     shouldEvaluateAs("key.algorithm.length", 256);
     shouldEvaluateAs("key.usages.join(',')", "verify");
 }).then(finishJSTest, failAndFinishJSTest);

 </script>

 </body>
 </html>
	<!DOCTYPE html>
	<html>
	<head>
	<script src="../../../resources/js-test.js"></script>
	<script src="../resources/common.js"></script>
	</head>
	<body>
	<p id="description"></p>
	<div id="console"></div>

	<script>
	description("Tests deriveKey() using ECDH to make HMAC keys");

	jsTestIsAsync = true;

	// The test data uses a public key and private key (from different key pairs) for the P-521 curve.
	var privateKeyJwk = {
	"kty":"EC",
	"crv":"P-521",
	"d":"AI_Zu5xisuK-IIz85dTSoqaQSTxN1I88l05myJJ0ZYFMdQ2VmjFOIUTonKGG97yOGmikyid-6F48d7iI1zF6VRk7",
	"x":"ACw6DX7wqwHVO-JzyOet0B-r10YVLv5R5q_IfiWCzclg0u_x57NCtOcFCFpM2ZnS22tyYjZb0gBHGcgUE_I-h-6s",
	"y":"Actm2tCHBPOKLZMpJV3DaVOluln9zBsE2I0g6iV73I4M-liqA1rLSJN8q-vcSQtZF0JvzwuvGkGuTbvT_DaRQ2pf"
	};

	var publicKeyJwk = {
	"kty":"EC",
	"crv":"P-521",
	"x":"ADRllQ0B7icrnJ7ib2r-CXvymGFiC_3f6_o0SzLMBIggM8ndQm9l768SToMy1hUo64JsofGSQ37P4CRqT_QeivBD",
	"y":"ALKEzew1Xe4Sv86lZVqb2xxZ0l7WrE3DPJ93fUtSPih5iH8jg0GPDKMVoA5ffFmqPwbdgS2BK18PBFIT7QDGb2Zx"
	};

	// This is the full 528 bits of key data derived by ECDH using the above keys
	// (only part of it will be used for these tests). In practice it wouldn't be a
	// good idea to make a key directly from ECDH
	// output without first going through a KDF, but this is just testing the API.
	var fullDerivedBytesHex = "0117D54D84379D0FD385BE068455A77A5366AB534FF172AB0A121F37D180DCCD19607ABB0C41CB9F6F12B01303AC4A69DC2D1D05180181FD496D9769B46BFFEC3425"

	function importEcKeys() {
	var keys = {};

	debug("Importing the private key...\n");

	return crypto.subtle.importKey("jwk", privateKeyJwk, {name: 'ECDH', namedCurve: "P-521"}, false, ["deriveKey"]).then(function(result) {
	keys.private = result;

	debug("Importing the public key...\n");
	return crypto.subtle.importKey("jwk", publicKeyJwk, {name: 'ECDH', namedCurve: "P-521"}, false, []);
	}).then(function(result) {
	keys.public = result;
	return keys;
	});
	}

	var ecKeys = null;

	importEcKeys().then(function(result) {
	ecKeys = result;

	// Derive an HMAC SHA-1 128-bit key having the 'sign' usage.
	debug("Deriving an HMAC 136 bit key...\n");
	var algorithm = {name: 'ecdh', public: ecKeys.public};
	var derivedAlgorithm = {name: 'hmac', hash: "sha-1", length: 136};
	var extractable = true;
	var usages = ['sign'];

	return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
	}).then(function(result) {
	key = result;

	// Verify the key's properties.
	shouldEvaluateAs("key.type", "secret");
	shouldEvaluateAs("key.extractable", true);
	shouldEvaluateAs("key.algorithm.name", "HMAC");
	shouldEvaluateAs("key.algorithm.hash.name", "SHA-1");
	shouldEvaluateAs("key.algorithm.length", 136);
	shouldEvaluateAs("key.usages.join(',')", "sign");

	// Export the key and check its bytes.
	return crypto.subtle.exportKey("raw", key);
	}).then(function(result) {
	bytesShouldMatchHexString("Derived Bytes", fullDerivedBytesHex.substr(0, 34), result);

	// Derive an HMAC SHA-256 key having the 'sign, verify' usage. Use default length.
	debug("Deriving an HMAC 256 bit key...\n");
	var algorithm = {name: 'ecdh', public: ecKeys.public};
	var derivedAlgorithm = {name: 'hmac', hash: "sha-256"}
	var extractable = true;
	var usages = ['sign', 'verify'];

	return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
	}).then(function(result) {
	key = result;

	// Verify the key's properties.
	shouldEvaluateAs("key.type", "secret");
	shouldEvaluateAs("key.extractable", true);
	shouldEvaluateAs("key.algorithm.name", "HMAC");
	shouldEvaluateAs("key.algorithm.hash.name", "SHA-256");
	shouldEvaluateAs("key.algorithm.length", 512);
	shouldEvaluateAs("key.usages.join(',')", "sign,verify");

	// Export the key and check its bytes.
	return crypto.subtle.exportKey("raw", key);
	}).then(function(result) {
	bytesShouldMatchHexString("Derived Bytes", fullDerivedBytesHex.substr(0, 128), result);

	// Derive an HMAC 256 bit key having the 'verify' usage and non-extractable
	debug("Deriving an HMAC 256 bit key...\n");
	var algorithm = {name: 'ecdh', public: ecKeys.public};
	var derivedAlgorithm = {name: 'HMAC', hash: 'sha-256', length: 256}
	var extractable = false;
	var usages = ['verify'];

	return crypto.subtle.deriveKey(algorithm, ecKeys.private, derivedAlgorithm, extractable, usages);
	}).then(function(result) {
	key = result;

	// Verify the key's properties.
	shouldEvaluateAs("key.type", "secret");
	shouldEvaluateAs("key.extractable", false);
	shouldEvaluateAs("key.algorithm.name", "HMAC");
	shouldEvaluateAs("key.algorithm.hash.name", "SHA-256");
	shouldEvaluateAs("key.algorithm.length", 256);
	shouldEvaluateAs("key.usages.join(',')", "verify");
	}).then(finishJSTest, failAndFinishJSTest);

	</script>

	</body>
	</html>