<!DOCTYPE html> <html> <head> <title>WebCrypto Test Suite</title> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <link rel="stylesheet" href="./test_WebCrypto.css"/> <script src="/tests/SimpleTest/SimpleTest.js"></script> <!-- Utilities for manipulating ABVs --> <script src="util.js"></script> <!-- A simple wrapper around IndexedDB --> <script src="simpledb.js"></script> <!-- Test vectors drawn from the literature --> <script src="./test-vectors.js"></script> <!-- General testing framework --> <script src="./test-array.js"></script> <script>/* <![CDATA[*/ "use strict"; // ----------------------------------------------------------------------------- TestArray.addTest( "Generate an ECDH key for named curve P-256", function() { var that = this; var alg = { name: "ECDH", namedCurve: "P-256" }; crypto.subtle.generateKey(alg, false, ["deriveKey", "deriveBits"]).then( complete(that, function(x) { return exists(x.publicKey) && (x.publicKey.algorithm.name == alg.name) && (x.publicKey.algorithm.namedCurve == alg.namedCurve) && (x.publicKey.type == "public") && x.publicKey.extractable && (!x.publicKey.usages.length) && exists(x.privateKey) && (x.privateKey.algorithm.name == alg.name) && (x.privateKey.algorithm.namedCurve == alg.namedCurve) && (x.privateKey.type == "private") && !x.privateKey.extractable && (x.privateKey.usages.length == 2) && (x.privateKey.usages[0] == "deriveKey") && (x.privateKey.usages[1] == "deriveBits"); }), error(that) ); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "Generate an ECDH key and derive some bits", function() { var that = this; var alg = { name: "ECDH", namedCurve: "P-256" }; var pair; function setKeyPair(x) { pair = x; } function doDerive(n) { return function(x) { return crypto.subtle.deriveBits({ name: "ECDH", public: pair.publicKey }, pair.privateKey, n * 8); }; } crypto.subtle.generateKey(alg, false, ["deriveBits"]) .then(setKeyPair, error(that)) .then(doDerive(2), error(that)) .then(function(x) { // Deriving less bytes works. if (x.byteLength != 2) { throw new Error("should have derived two bytes"); } }) // Deriving more than the curve yields doesn't. .then(doDerive(33), error(that)) .then(error(that), complete(that)); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "Test that ECDH deriveBits() fails when the public key is not an ECDH key", function() { var that = this; var pubKey, privKey; function setPub(x) { pubKey = x.publicKey; } function setPriv(x) { privKey = x.privateKey; } function doGenerateP256() { var alg = { name: "ECDH", namedCurve: "P-256" }; return crypto.subtle.generateKey(alg, false, ["deriveBits"]); } function doGenerateRSA() { var alg = { name: "RSA-OAEP", hash: "SHA-256", modulusLength: 2048, publicExponent: new Uint8Array([0x01, 0x00, 0x01]), }; return crypto.subtle.generateKey(alg, false, ["encrypt", "decrypt"]); } function doDerive() { var alg = { name: "ECDH", public: pubKey }; return crypto.subtle.deriveBits(alg, privKey, 16); } doGenerateP256() .then(setPriv, error(that)) .then(doGenerateRSA, error(that)) .then(setPub, error(that)) .then(doDerive, error(that)) .then(error(that), complete(that)); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "Test that ECDH deriveBits() fails when the given keys' curves don't match", function() { var that = this; var pubKey, privKey; function setPub(x) { pubKey = x.publicKey; } function setPriv(x) { privKey = x.privateKey; } function doGenerateP256() { var alg = { name: "ECDH", namedCurve: "P-256" }; return crypto.subtle.generateKey(alg, false, ["deriveBits"]); } function doGenerateP384() { var alg = { name: "ECDH", namedCurve: "P-384" }; return crypto.subtle.generateKey(alg, false, ["deriveBits"]); } function doDerive() { var alg = { name: "ECDH", public: pubKey }; return crypto.subtle.deriveBits(alg, privKey, 16); } doGenerateP256() .then(setPriv, error(that)) .then(doGenerateP384, error(that)) .then(setPub, error(that)) .then(doDerive, error(that)) .then(error(that), complete(that)); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-256)", function() { var that = this; var alg = { name: "ECDH" }; var pubKey, privKey; function setPub(x) { pubKey = x; } function setPriv(x) { privKey = x; } function doDerive() { return crypto.subtle.deriveBits({ name: "ECDH", public: pubKey }, privKey, tv.ecdh_p256.secret.byteLength * 8); } Promise.all([ crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveBits"]) .then(setPriv, error(that)), crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, false, ["deriveBits"]) .then(setPub, error(that)), ]).then(doDerive, error(that)) .then(memcmp_complete(that, tv.ecdh_p256.secret), error(that)); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-384)", function() { var that = this; var alg = { name: "ECDH" }; var pubKey, privKey; function setPub(x) { pubKey = x; } function setPriv(x) { privKey = x; } function doDerive() { return crypto.subtle.deriveBits({ name: "ECDH", public: pubKey }, privKey, tv.ecdh_p384.secret.byteLength * 8); } Promise.all([ crypto.subtle.importKey("jwk", tv.ecdh_p384.jwk_priv, alg, false, ["deriveBits"]) .then(setPriv, error(that)), crypto.subtle.importKey("jwk", tv.ecdh_p384.jwk_pub, alg, false, ["deriveBits"]) .then(setPub, error(that)), ]).then(doDerive, error(that)) .then(memcmp_complete(that, tv.ecdh_p384.secret), error(that)); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-521)", function() { var that = this; var alg = { name: "ECDH" }; var pubKey, privKey; function setPub(x) { pubKey = x; } function setPriv(x) { privKey = x; } function doDerive() { return crypto.subtle.deriveBits({ name: "ECDH", public: pubKey }, privKey, tv.ecdh_p521.secret.byteLength * 8); } Promise.all([ crypto.subtle.importKey("jwk", tv.ecdh_p521.jwk_priv, alg, false, ["deriveBits"]) .then(setPriv, error(that)), crypto.subtle.importKey("jwk", tv.ecdh_p521.jwk_pub, alg, false, ["deriveBits"]) .then(setPub, error(that)), ]).then(doDerive, error(that)) .then(memcmp_complete(that, tv.ecdh_p521.secret), error(that)); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "JWK import/export roundtrip with ECDH (P-256)", function() { var that = this; var alg = { name: "ECDH" }; var pubKey, privKey; function setPub(x) { pubKey = x; } function setPriv(x) { privKey = x; } function doExportPub() { return crypto.subtle.exportKey("jwk", pubKey); } function doExportPriv() { return crypto.subtle.exportKey("jwk", privKey); } Promise.all([ crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, true, ["deriveBits"]) .then(setPriv, error(that)), crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, true, ["deriveBits"]) .then(setPub, error(that)), ]).then(doExportPub, error(that)) .then(function(x) { var tp = tv.ecdh_p256.jwk_pub; if ((tp.kty != x.kty) && (tp.crv != x.crv) && (tp.x != x.x) && (tp.y != x.y)) { throw new Error("exported public key doesn't match"); } }, error(that)) .then(doExportPriv, error(that)) .then(complete(that, function(x) { var tp = tv.ecdh_p256.jwk_priv; return (tp.kty == x.kty) && (tp.crv == x.crv) && (tp.d == x.d) && (tp.x == x.x) && (tp.y == x.y); }), error(that)); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "PKCS8 import/export roundtrip with ECDH (P-256)", function() { var that = this; var alg = { name: "ECDH", namedCurve: "P-256" }; function doExportPriv(x) { return crypto.subtle.exportKey("pkcs8", x); } crypto.subtle.importKey("pkcs8", tv.ecdh_p256.pkcs8, alg, true, ["deriveBits"]) .then(doExportPriv, error(that)) .then(complete(that, function(x) { return util.memcmp(x, tv.ecdh_p256.pkcs8); }), error(that)); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "Test that importing bad JWKs fails", function() { var that = this; var alg = { name: "ECDH" }; var tvs = tv.ecdh_p256_negative; function doTryImport(jwk) { return function() { return crypto.subtle.importKey("jwk", jwk, alg, false, ["deriveBits"]); }; } doTryImport(tvs.jwk_bad_crv)() .then(error(that), doTryImport(tvs.jwk_missing_crv)) .then(error(that), doTryImport(tvs.jwk_missing_x)) .then(error(that), doTryImport(tvs.jwk_missing_y)) .then(error(that), complete(that)); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "JWK export of a newly generated ECDH private key", function() { var that = this; var alg = { name: "ECDH", namedCurve: "P-256" }; var reBase64URL = /^[a-zA-Z0-9_-]+$/; function doExportToJWK(x) { return crypto.subtle.exportKey("jwk", x.privateKey); } crypto.subtle.generateKey(alg, true, ["deriveKey", "deriveBits"]) .then(doExportToJWK) .then( complete(that, function(x) { return x.ext && x.kty == "EC" && x.crv == "P-256" && reBase64URL.test(x.x) && reBase64URL.test(x.y) && reBase64URL.test(x.d) && x.x.length == 43 && // 32 octets, base64-encoded x.y.length == 43 && // 32 octets, base64-encoded shallowArrayEquals(x.key_ops, ["deriveKey", "deriveBits"]); }), error(that) ); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "Derive an HMAC key from two ECDH keys and test sign/verify", function() { var that = this; var alg = { name: "ECDH" }; var algDerived = { name: "HMAC", hash: {name: "SHA-1"} }; var pubKey, privKey; function setPub(x) { pubKey = x; } function setPriv(x) { privKey = x; } function doDerive() { return crypto.subtle.deriveKey({ name: "ECDH", public: pubKey }, privKey, algDerived, false, ["sign", "verify"]) .then(function(x) { if (!hasKeyFields(x)) { throw new Error("Invalid key; missing field(s)"); } // 512 bit is the default for HMAC-SHA1. if (x.algorithm.length != 512) { throw new Error("Invalid key; incorrect length"); } return x; }); } function doSignAndVerify(x) { var data = crypto.getRandomValues(new Uint8Array(1024)); return crypto.subtle.sign("HMAC", x, data) .then(function(sig) { return crypto.subtle.verify("HMAC", x, sig, data); }); } Promise.all([ crypto.subtle.importKey("jwk", tv.ecdh_p521.jwk_priv, alg, false, ["deriveKey"]) .then(setPriv), crypto.subtle.importKey("jwk", tv.ecdh_p521.jwk_pub, alg, false, ["deriveKey"]) .then(setPub), ]).then(doDerive) .then(doSignAndVerify) .then(complete(that, x => x), error(that)); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "SPKI import/export of public ECDH keys (P-256)", function() { var that = this; var alg = { name: "ECDH" }; var keys = ["spki", "spki_id_ecpk"]; function doImport(key) { return crypto.subtle.importKey("spki", tv.ecdh_p256[key], alg, true, ["deriveBits"]); } function doExport(x) { return crypto.subtle.exportKey("spki", x); } function nextKey() { var key = keys.shift(); var imported = doImport(key); var derived = imported.then(doExport); return derived.then(function(x) { if (!util.memcmp(x, tv.ecdh_p256.spki_id_ecpk)) { throw new Error("exported key is invalid"); } if (keys.length) { return nextKey(); } return Promise.resolve(); }); } nextKey().then(complete(that), error(that)); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "SPKI/JWK import ECDH keys (P-256) and derive a known secret", function() { var that = this; var alg = { name: "ECDH" }; var pubKey, privKey; function setPub(x) { pubKey = x; } function setPriv(x) { privKey = x; } function doDerive() { return crypto.subtle.deriveBits({ name: "ECDH", public: pubKey }, privKey, tv.ecdh_p256.secret.byteLength * 8); } Promise.all([ crypto.subtle.importKey("spki", tv.ecdh_p256.spki, alg, false, ["deriveBits"]) .then(setPub), crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveBits"]) .then(setPriv), ]).then(doDerive) .then(memcmp_complete(that, tv.ecdh_p256.secret), error(that)); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "Raw import/export of a public ECDH key (P-256)", function() { var that = this; var alg = { name: "ECDH", namedCurve: "P-256" }; function doExport(x) { return crypto.subtle.exportKey("raw", x); } crypto.subtle.importKey("raw", tv.ecdh_p256.raw, alg, true, ["deriveBits"]) .then(doExport) .then(memcmp_complete(that, tv.ecdh_p256.raw), error(that)); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "Test that importing bad raw ECDH keys fails", function() { var that = this; var alg = { name: "ECDH", namedCurve: "P-256" }; crypto.subtle.importKey("raw", tv, alg, false, ["deriveBits"]) .then(error(that), complete(that)); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "Test that importing ECDH keys with an unknown format fails", function() { var that = this; var alg = { name: "ECDH", namedCurve: "P-256" }; crypto.subtle.importKey("unknown", tv, alg, false, ["deriveBits"]) .then(error(that), complete(that)); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "Test that importing too short raw ECDH keys fails", function() { var that = this; var alg = { name: "ECDH", namedCurve: "P-256" }; crypto.subtle.importKey("raw", tv, alg, false, ["deriveBits"]) .then(error(that), complete(that)); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "Test that importing too long raw ECDH keys fails", function() { var that = this; var alg = { name: "ECDH", namedCurve: "P-256" }; crypto.subtle.importKey("raw", tv, alg, false, ["deriveBits"]) .then(error(that), complete(that)); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "Test that importing compressed raw ECDH keys fails", function() { var that = this; var alg = { name: "ECDH", namedCurve: "P-256" }; crypto.subtle.importKey("raw", tv, alg, false, ["deriveBits"]) .then(error(that), complete(that)); } ); // ----------------------------------------------------------------------------- TestArray.addTest( "RAW/JWK import ECDH keys (P-256) and derive a known secret", function() { var that = this; var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } function setPriv(x) { privKey = x; } function doDerive() { return crypto.subtle.deriveBits({ name: "ECDH", public: pubKey }, privKey, tv.ecdh_p256.secret.byteLength * 8); } Promise.all([ crypto.subtle.importKey("raw", tv.ecdh_p256.raw, alg, false, ["deriveBits"]) .then(setPub), crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveBits"]) .then(setPriv), ]).then(doDerive) .then(memcmp_complete(that, tv.ecdh_p256.secret), error(that)); } ); /* ]]>*/</script> </head> <body> <div id="content"> <div id="head"> <b>Web</b>Crypto<br> </div> <div id="start" onclick="start();">RUN ALL</div> <div id="resultDiv" class="content"> Summary: <span class="pass"><span id="passN">0</span> passed, </span> <span class="fail"><span id="failN">0</span> failed, </span> <span class="pending"><span id="pendingN">0</span> pending.</span> <br/> <br/> <table id="results"> <tr> <th>Test</th> <th>Result</th> <th>Time</th> </tr> </table> </div> <div id="foot"></div> </div> </body> </html>