UNPKG

@nfen/webcrypto-ts

Version:

Enforced Webcrypto wrapper

github.com/nealfennimore/webcrypto-ts

nealfennimore/webcrypto-ts

136 lines (126 loc) 5.14 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
import { Alg as AES } from "../../aes/shared.js"; import { Alg as Authentication } from "../../hmac/index.js"; import * as params from "../../params.js"; import * as Random from "../../random.js"; import { Alg as SHA } from "../../sha/shared.js"; import * as KDF from "../index.js"; import { Pbkdf2KeyMaterial, Pbkdf2ProxiedKeyMaterial } from "../shared.js"; const { PBKDF2 } = KDF; describe("PBKDF2", () => { describe("Original", () => { let proxiedKeyMaterial: Pbkdf2ProxiedKeyMaterial, keyMaterial: Pbkdf2KeyMaterial, salt: Uint8Array; beforeEach(async () => { proxiedKeyMaterial = await PBKDF2.generateKeyMaterial( "raw", new TextEncoder().encode("password") ); keyMaterial = proxiedKeyMaterial.self; salt = await Random.Salt.generate(); }); it("should derive bits", async () => { const bits = await PBKDF2.deriveBits( { salt, hash: SHA.Variant.SHA_512 }, keyMaterial, 512 ); expect(bits.byteLength).toEqual(64); await expect( PBKDF2.deriveBits( { salt, hash: SHA.Variant.SHA_512 }, keyMaterial, 511 ) ).rejects.toThrowError(RangeError); }); it("should derive keys", async () => { for (const [aesKey, aesVal] of Object.entries(AES.Mode)) { for (const [shaKey, shaVal] of Object.entries(SHA.Variant)) { for (const aesLength of [128, 192, 256]) { const aesParams: params.EnforcedAesKeyGenParams = { name: aesVal, length: aesLength as any, }; try { let key = await PBKDF2.deriveKey( { salt, hash: shaVal }, keyMaterial, aesParams ); expect(key).toMatchSnapshot( `${aesKey}_${aesLength}_${shaKey}` ); } catch (e) { console.log(`${aesKey}_${aesLength}_${shaKey}`); } } } } const hmacParams: params.EnforcedHmacKeyGenParams = { name: Authentication.Code.HMAC, hash: SHA.Variant.SHA_512, length: 512, }; let key = await PBKDF2.deriveKey( { salt, hash: SHA.Variant.SHA_512 }, keyMaterial, hmacParams ); expect(key).toMatchSnapshot("HMAC_SHA_512"); }); }); describe("Proxied", () => { let keyMaterial: Pbkdf2ProxiedKeyMaterial, salt: Uint8Array; beforeEach(async () => { keyMaterial = await PBKDF2.generateKeyMaterial( "raw", new TextEncoder().encode("password") ); salt = await Random.Salt.generate(); }); it("should derive bits", async () => { const bits = await keyMaterial.deriveBits( { salt, hash: SHA.Variant.SHA_512 }, 512 ); expect(bits.byteLength).toEqual(64); await expect( keyMaterial.deriveBits({ salt, hash: SHA.Variant.SHA_512 }, 511) ).rejects.toThrowError(RangeError); }); it("should derive keys", async () => { for (const [aesKey, aesVal] of Object.entries(AES.Mode)) { for (const [shaKey, shaVal] of Object.entries(SHA.Variant)) { for (const aesLength of [128, 192, 256]) { const aesParams: params.EnforcedAesKeyGenParams = { name: aesVal, length: aesLength as any, }; try { let key = await keyMaterial.deriveKey( { salt, hash: shaVal }, aesParams ); expect(key).toMatchSnapshot( `${aesKey}_${aesLength}_${shaKey}` ); } catch (e) { console.log(`${aesKey}_${aesLength}_${shaKey}`); } } } } const hmacParams: params.EnforcedHmacKeyGenParams = { name: Authentication.Code.HMAC, hash: SHA.Variant.SHA_512, length: 512, }; let key = await keyMaterial.deriveKey( { salt, hash: SHA.Variant.SHA_512 }, hmacParams ); expect(key).toMatchSnapshot("HMAC_SHA_512"); }); }); });