Document and test maximum deriveBits length for ECDH curves#249
Document and test maximum deriveBits length for ECDH curves#249harrshita123 wants to merge 3 commits intogoogle:masterfrom
Conversation
Co-authored-by: HamdaanAliQuatil <96776914+HamdaanAliQuatil@users.noreply.github.com>
|
|
||
| expect( | ||
| aliceKeyPair.privateKey.deriveBits(257, bobKeyPair.publicKey), | ||
| throwsA(anyOf(isA<subtle.JSDomException>(), isA<Error>())), |
There was a problem hiding this comment.
Hmm, this implies a different kind of issue.
I think we are supposed to catch JSDomException and make it into an Exception or an Error.
There was a problem hiding this comment.
To be clear that is probably an orthogonal issue to this PR and should be fixed separately.
There was a problem hiding this comment.
since it’s kind of a separate thing, I will leave it out of this PR for now so this doesn’t get messy. I can open a new issue for the JSDomException part if needed.
|
Please rebase, I think CI mostly works on master branch now. |
…o issue-130-ecdh-derivebits-docs
I have rebased the branch onto the latest master so the CI tests can run properly. |
| }); | ||
| }); | ||
| group('ECDH deriveBits', () { | ||
| test('P-256 allows maximum deriveBits length', () async { |
There was a problem hiding this comment.
These tests should decidedly not live in test/crypto_subtle_test.dart --- this tests the subtle.window.crypto.subtle wrapper we have.
I suggest we put them in lib/src/testing/ecdh/derive_bits.dart or test/ecdh_derive_bits_test.dart (they won't be included in integration tests, but maybe that's okay -- we can always move them later, and getting coverage is probably better).
I don't mind these tests, but they could also be made much simpler.
final _cases = [
(
name: 'P-256',
curve: EllipticCurve.p256,
maxBits: 256,
),
...
];
void main() {
for (final c in _cases) {
test('${c.name} allows maximum deriveBits length', () async {
final aliceKeyPair = await EcdhPrivateKey.generateKey(c.curve);
final bobKeyPair = await EcdhPrivateKey.generateKey(c.curve);
final secret = await aliceKeyPair.privateKey.deriveBits(
c.maxBits,
bobKeyPair.publicKey,
);
expect(secret.length, equals(c.maxBits / 8));
});
test('${c.name} rejects deriveBits larger than maximum', () async {
final aliceKeyPair = await EcdhPrivateKey.generateKey(c.curve);
final bobKeyPair = await EcdhPrivateKey.generateKey(c.curve);
expect(
aliceKeyPair.privateKey.deriveBits(c.maxBits + 1, bobKeyPair.publicKey),
throwsA(anyOf(isA<subtle.JSDomException>(), isA<Error>())),
);
});
}
}3 participants
This PR adds documentation clarifying the maximum number of bits that can be derived using EcdhPrivateKey.deriveBits for each supported elliptic curve.
It also includes tests to ensure that deriving the maximum allowed length succeeds and that requests exceeding the limit are correctly rejected.
Fixes #130