Implement PBKDF

Closes #12
2024-05-15 12:12:33 +02:00
parent 0347f30bd0
commit b0e34f3716
3 changed files with 41 additions and 0 deletions
@@ -1,3 +1,4 @@
 export * as signature from 'signature'
 export * as boxes from 'boxes'
 export * as JWT from 'jwt'
+export {pbkdf} from './src/pbkdf'
@@ -0,0 +1,22 @@
+export async function pbkdf(password: string, salt: Uint8Array, usages: KeyUsage[]): Promise<CryptoKey> {
+    const keyMaterial = await window.crypto.subtle.importKey(
+        "raw",
+        new TextEncoder().encode(password),
+        "PBKDF2",
+        false,
+        ["deriveBits", "deriveKey"],
+    )
+
+    return crypto.subtle.deriveKey(
+        {
+            name: "PBKDF2",
+            iterations: 250_000,
+            hash: "SHA-512",
+            salt,
+        },
+        keyMaterial,
+        {name: "AES-GCM", length: 256},
+        false,
+        usages,
+    )
+}
@@ -0,0 +1,18 @@
+import {expect, test} from 'bun:test'
+
+import {pbkdf} from 'pbkdf'
+
+test('Fields are set correctly', async () => {
+    const pwd = 'password'
+    const salt = new TextEncoder().encode('salt')
+    const usages = ['unwrapKey', 'encrypt']
+
+    const k1 = await pbkdf(pwd, salt, usages)
+    expect(k1.extractable).toBeFalse()
+    expect(k1.type).toBe('secret')
+
+    expect(k1.usages.length).toBe(usages.length)
+    for (const usage of usages) {
+        expect(k1.usages).toContain(usage)
+    }
+})