microsoft
diff --git a/‎gulpfile.js‎
Lines changed: 2 additions & 1 deletion b/‎gulpfile.js‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎lib/msrcrypto.js‎
Lines changed: 147 additions & 70 deletions b/‎lib/msrcrypto.js‎
Lines changed: 147 additions & 70 deletions
diff --git a/‎lib/msrcrypto.min.js‎
Lines changed: 1 addition & 1 deletion b/‎lib/msrcrypto.min.js‎
Lines changed: 1 addition & 1 deletion
@@ -52,9 +52,10 @@ const fullBuild = [
     "scripts/rsa-pkcs1.js",
     "scripts/rsa-pss.js",
     "scripts/rsa.js",
-    "scripts/kdf.js",
+     "scripts/concat.js",
     "scripts/pbkdf2.js",
     "scripts/hkdf.js",
+    "scripts/hkdf-ctr.js",
     "scripts/ecdh.js",
     "scripts/ecdsa.js",
     "scripts/subtle.js",
 
@@ -17,7 +17,7 @@
 //*******************************************************************************
 "use strict";
 
-var msrCryptoVersion = "1.6.3";
+var msrCryptoVersion = "1.6.4";
 
 (function(root, factory) {
 
@@ -7236,106 +7236,76 @@ var msrCryptoVersion = "1.6.3";
             operations.register("generateKey", "RSA-PSS", msrcryptoRsa.generateKeyPair);
         }
 
-        var msrcryptoKdf = function(hashFunction) {
+        var msrcryptoConcatKdf = (function() {
 
-            var utils = msrcryptoUtilities;
+            function deriveBits(p) {
+
+                var hashName = p.algorithm.hash.name,
+                    hashFunction = msrcryptoHashFunctions[hashName.toUpperCase()](),
+                    alg = p.algorithm;
+
+                var otherInfo =
+                    utils.toArray(alg.algorithmId).concat(
+                        utils.toArray(alg.partyUInfo),
+                        utils.toArray(alg.partyVInfo),
+                        utils.toArray(alg.publicInfo) || [],
+                        utils.toArray(alg.privateInfo) || []);
 
-            function deriveKey(secretBytes, otherInfo, keyOutputLength) {
-                var reps = Math.ceil(keyOutputLength / (hashFunction.hashLen / 8)),
+                var reps = Math.ceil(p.length / hashFunction.hashLen),
                     counter = 1,
-                    digest = secretBytes.concat(otherInfo),
+                    digest = p.keyData.concat(otherInfo),
                     output = [];
 
                 for (var i = 0; i < reps; i++) {
-
                     var data = utils.int32ToBytes(counter++).concat(digest);
-
                     var h = hashFunction.computeHash(data);
-
                     output = output.concat(h);
                 }
 
-                return output.slice(0, keyOutputLength);
+                return output.slice(0, p.length / 8);
+
             }
 
             return {
-
-                deriveKey: deriveKey
-
+                deriveBits: deriveBits
             };
 
-        };
+        }());
 
-        var msrcryptoKdfInstance = null;
+        var msrcryptoConcatKdfInstance = null;
 
         if (typeof operations !== "undefined") {
 
-            msrcryptoKdf.deriveKey = function(p) {
-
-                var utils = msrcryptoUtilities;
-
-                var hashName = p.algorithm.hash.name;
-
-                var hashFunction = msrcryptoHashFunctions[hashName.toUpperCase()]();
-
-                msrcryptoKdfInstance = msrcryptoKdf(hashFunction);
-
-                var alg = p.algorithm;
-
-                var otherInfo =
-                    utils.toArray(alg.algorithmId).concat(
-                        utils.toArray(alg.partyUInfo),
-                        utils.toArray(alg.partyVInfo),
-                        utils.toArray(alg.publicInfo),
-                        utils.toArray(alg.privateInfo));
+            msrcryptoConcatKdf.importKey = function(p) {
+                var keyData;
 
-                var result =
-                    msrcryptoKdfInstance.deriveKey(p.keyData, otherInfo, p.derivedKeyType.length);
+                if (p.format === "raw") {
+                    keyData = msrcryptoUtilities.toArray(p.keyData);
+                } else {
+                    throw new Error("unsupported import format");
+                }
 
-                msrcryptoKdfInstance = null;
+                if (p.extractable !== false) {
+                    throw new Error("only extractable=false is supported.");
+                }
 
                 return {
-                    type: "keyDerive",
-                    keyData: result,
+                    type: "keyImport",
+                    keyData: keyData,
                     keyHandle: {
-                        algorithm: p.derivedKeyType,
-                        extractable: p.extractable,
-                        usages: null || p.usages,
+                        algorithm: {
+                            name: "CONCAT"
+                        },
+                        extractable: false,
+                        usages: p.usages,
                         type: "secret"
                     }
                 };
 
             };
 
-            msrcryptoKdf.deriveBits = function(p) {
-
-                var hashName = p.algorithm.hash.name;
-
-                var hashFunction = msrcryptoHashFunctions[hashName.toUpperCase()]();
-
-                msrcryptoKdfInstance = msrcryptoKdf(hashFunction);
-
-                var alg = p.algorithm;
-
-                var otherInfo =
-                    alg.algorithmId.concat(
-                        alg.partyUInfo,
-                        alg.partyVInfo,
-                        alg.publicInfo || [],
-                        alg.privateInfo || []);
-
-                var result =
-                    msrcryptoKdfInstance.deriveKey(p.keyData, otherInfo, p.length);
-
-                msrcryptoKdfInstance = null;
-
-                return result;
-
-            };
-
-            operations.register("deriveKey", "concat", msrcryptoKdf.deriveKey);
-            operations.register("deriveBits", "concat", msrcryptoKdf.deriveBits);
-
+            operations.register("deriveBits", "CONCAT", msrcryptoConcatKdf.deriveBits);
+            operations.register("importKey", "CONCAT", msrcryptoConcatKdf.importKey);
         }
 
         var msrcryptoPbkdf2 = (function() {
@@ -7574,6 +7544,113 @@ var msrCryptoVersion = "1.6.3";
             operations.register("importKey", "HKDF", msrcryptoHkdf.importKey);
         }
 
+        var msrcryptoHkdfCtr = (function() {
+
+            function deriveBits(p) {
+
+                var algorithm = p.algorithm,
+                    keyBytes = p.keyData,
+                    bits = p.length,
+                    labelBytes = algorithm.label,
+                    contextBytes = algorithm.context,
+                    byteLen = Math.ceil(bits / 8),
+                    hLen,
+                    output = [],
+                    i,
+                    hmacContext;
+
+                switch (algorithm.hash.name.toUpperCase()) {
+                    case "SHA-1":
+                        hLen = 20;
+                        break;
+                    case "SHA-256":
+                        hLen = 32;
+                        break;
+                    case "SHA-384":
+                        hLen = 48;
+                        break;
+                    case "SHA-512":
+                        hLen = 64;
+                        break;
+                    default:
+                        throw new Error("Unsupported hash algorithm.");
+                }
+
+                if (algorithm.label == null) {
+                    throw new Error("HkdfCtrParams: label: Missing required property.");
+                }
+
+                if (algorithm.context == null) {
+                    throw new Error("HkdfCtrParams: context: Missing required property.");
+                }
+
+                if (bits % 8 !== 0) {
+                    throw new Error("The length provided for HKDF-CTR is not a multiple of 8 bits.");
+                }
+
+                if (byteLen > 255 * hLen) {
+                    throw new Error("The length provided for HKDF-CTR is too large.");
+                }
+
+                hmacContext = {
+                    workerid: 0,
+                    keyHandle: {
+                        algorithm: algorithm
+                    },
+                    keyData: keyBytes,
+                    buffer: keyBytes
+                };
+
+                var fixed = labelBytes.concat([0], contextBytes, utils.int32ToBytes(bits));
+
+                for (i = 1; i <= Math.ceil(byteLen / hLen); i++) {
+                    hmacContext.buffer = utils.int32ToBytes(i).concat(fixed);
+                    output = output.concat(msrcryptoHmac.signHmac(hmacContext));
+                }
+
+                return output.slice(0, byteLen);
+            }
+
+            return {
+                deriveBits: deriveBits
+            };
+
+        }());
+
+        if (typeof operations !== "undefined") {
+
+            msrcryptoHkdfCtr.importKey = function(p) {
+                var keyData;
+
+                if (p.format === "raw") {
+                    keyData = msrcryptoUtilities.toArray(p.keyData);
+                } else {
+                    throw new Error("unsupported import format");
+                }
+
+                if (p.extractable !== false) {
+                    throw new Error("only extractable=false is supported.");
+                }
+
+                return {
+                    type: "keyImport",
+                    keyData: keyData,
+                    keyHandle: {
+                        algorithm: {
+                            name: "HKDF-CTR"
+                        },
+                        extractable: false,
+                        usages: p.usages,
+                        type: "secret"
+                    }
+                };
+
+            };
+
+            operations.register("deriveBits", "HKDF-CTR", msrcryptoHkdfCtr.deriveBits);
+            operations.register("importKey", "HKDF-CTR", msrcryptoHkdfCtr.importKey);
+        }
+
         var msrcryptoEcdh = function(curve) {
 
             var btd = cryptoMath.bytesToDigits,