mirror of
https://github.com/servo/servo.git
synced 2025-06-25 17:44:33 +01:00
378 lines
17 KiB
JavaScript
378 lines
17 KiB
JavaScript
|
|
function run_test() {
|
|
var subtle = self.crypto.subtle; // Change to test prefixed implementations
|
|
|
|
// When are all these tests really done? When all the promises they use have resolved.
|
|
var all_promises = [];
|
|
|
|
// Source file rsa_vectors.js provides the getTestVectors method
|
|
// for the RSA-OAEP algorithm that drives these tests.
|
|
var vectors = getTestVectors();
|
|
var passingVectors = vectors.passing;
|
|
var failingVectors = vectors.failing;
|
|
|
|
// Test decryption, first, because encryption tests rely on that working
|
|
passingVectors.forEach(function(vector) {
|
|
var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"])
|
|
.then(function(vectors) {
|
|
// Get a one byte longer plaintext to encrypt
|
|
if (!("ciphertext" in vector)) {
|
|
return;
|
|
}
|
|
|
|
promise_test(function(test) {
|
|
return subtle.decrypt(vector.algorithm, vector.privateKey, vector.ciphertext)
|
|
.then(function(plaintext) {
|
|
assert_true(equalBuffers(plaintext, vector.plaintext, "Decryption works"));
|
|
}, function(err) {
|
|
assert_unreached("Decryption should not throw error " + vector.name + ": " + err.message + "'");
|
|
});
|
|
}, vector.name + " decryption");
|
|
|
|
}, function(err) {
|
|
// We need a failed test if the importVectorKey operation fails, so
|
|
// we know we never tested encryption
|
|
promise_test(function(test) {
|
|
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
|
|
}, "importVectorKeys step: " + vector.name + " decryption");
|
|
});
|
|
|
|
all_promises.push(promise);
|
|
});
|
|
|
|
// Test decryption with an altered buffer
|
|
passingVectors.forEach(function(vector) {
|
|
var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"])
|
|
.then(function(vectors) {
|
|
// Get a one byte longer plaintext to encrypt
|
|
if (!("ciphertext" in vector)) {
|
|
return;
|
|
}
|
|
|
|
promise_test(function(test) {
|
|
var ciphertext = copyBuffer(vector.ciphertext);
|
|
var operation = subtle.decrypt(vector.algorithm, vector.privateKey, ciphertext)
|
|
.then(function(plaintext) {
|
|
assert_true(equalBuffers(plaintext, vector.plaintext, "Decryption works"));
|
|
}, function(err) {
|
|
assert_unreached("Decryption should not throw error " + vector.name + ": " + err.message + "'");
|
|
});
|
|
ciphertext[0] = 255 - ciphertext[0];
|
|
return operation;
|
|
}, vector.name + " decryption with altered ciphertext");
|
|
|
|
}, function(err) {
|
|
// We need a failed test if the importVectorKey operation fails, so
|
|
// we know we never tested encryption
|
|
promise_test(function(test) {
|
|
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
|
|
}, "importVectorKeys step: " + vector.name + " decryption with altered ciphertext");
|
|
});
|
|
|
|
all_promises.push(promise);
|
|
});
|
|
|
|
// Check for failures due to using publicKey to decrypt.
|
|
passingVectors.forEach(function(vector) {
|
|
var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"])
|
|
.then(function(vectors) {
|
|
promise_test(function(test) {
|
|
return subtle.decrypt(vector.algorithm, vector.publicKey, vector.ciphertext)
|
|
.then(function(plaintext) {
|
|
assert_unreached("Should have thrown error for using publicKey to decrypt in " + vector.name + ": " + err.message + "'");
|
|
}, function(err) {
|
|
assert_equals(err.name, "InvalidAccessError", "Should throw InvalidAccessError instead of " + err.message);
|
|
});
|
|
}, vector.name + " using publicKey to decrypt");
|
|
|
|
}, function(err) {
|
|
// We need a failed test if the importVectorKey operation fails, so
|
|
// we know we never tested encryption
|
|
promise_test(function(test) {
|
|
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
|
|
}, "importVectorKeys step: " + vector.name + " using publicKey to decrypt");
|
|
});
|
|
|
|
all_promises.push(promise);
|
|
});
|
|
|
|
|
|
// Check for failures due to no "decrypt" usage.
|
|
passingVectors.forEach(function(originalVector) {
|
|
var vector = Object.assign({}, originalVector);
|
|
|
|
var promise = importVectorKeys(vector, ["encrypt"], ["unwrapKey"])
|
|
.then(function(vectors) {
|
|
// Get a one byte longer plaintext to encrypt
|
|
promise_test(function(test) {
|
|
return subtle.decrypt(vector.algorithm, vector.publicKey, vector.ciphertext)
|
|
.then(function(plaintext) {
|
|
assert_unreached("Should have thrown error for no decrypt usage in " + vector.name + ": " + err.message + "'");
|
|
}, function(err) {
|
|
assert_equals(err.name, "InvalidAccessError", "Should throw InvalidAccessError instead of " + err.message);
|
|
});
|
|
}, vector.name + " no decrypt usage");
|
|
|
|
}, function(err) {
|
|
// We need a failed test if the importVectorKey operation fails, so
|
|
// we know we never tested encryption
|
|
promise_test(function(test) {
|
|
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
|
|
}, "importVectorKeys step: " + vector.name + " no decrypt usage");
|
|
});
|
|
|
|
all_promises.push(promise);
|
|
});
|
|
|
|
|
|
// Check for successful encryption even if plaintext is altered after call.
|
|
passingVectors.forEach(function(vector) {
|
|
var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"])
|
|
.then(function(vectors) {
|
|
promise_test(function(test) {
|
|
var plaintext = copyBuffer(vector.plaintext);
|
|
var operation = subtle.encrypt(vector.algorithm, vector.publicKey, plaintext)
|
|
.then(function(ciphertext) {
|
|
assert_equals(ciphertext.byteLength * 8, vector.privateKey.algorithm.modulusLength, "Ciphertext length matches modulus length");
|
|
// Can we get the original plaintext back via decrypt?
|
|
return subtle.decrypt(vector.algorithm, vector.privateKey, ciphertext)
|
|
.then(function(result) {
|
|
assert_true(equalBuffers(result, vector.plaintext), "Round trip returns original plaintext");
|
|
return ciphertext;
|
|
}, function(err) {
|
|
assert_unreached("decrypt error for test " + vector.name + ": " + err.message + "'");
|
|
});
|
|
})
|
|
.then(function(priorCiphertext) {
|
|
// Will a second encrypt give us different ciphertext, as it should?
|
|
return subtle.encrypt(vector.algorithm, vector.publicKey, vector.plaintext)
|
|
.then(function(ciphertext) {
|
|
assert_false(equalBuffers(priorCiphertext, ciphertext), "Two encrypts give different results")
|
|
}, function(err) {
|
|
assert_unreached("second time encrypt error for test " + vector.name + ": '" + err.message + "'");
|
|
});
|
|
}, function(err) {
|
|
assert_unreached("decrypt error for test " + vector.name + ": '" + err.message + "'");
|
|
});
|
|
|
|
plaintext[0] = 255 - plaintext[0];
|
|
return operation;
|
|
}, vector.name + " with altered plaintext");
|
|
|
|
}, function(err) {
|
|
// We need a failed test if the importVectorKey operation fails, so
|
|
// we know we never tested encryption
|
|
promise_test(function(test) {
|
|
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
|
|
}, "importVectorKeys step: " + vector.name + " with altered plaintext");
|
|
});
|
|
|
|
all_promises.push(promise);
|
|
});
|
|
|
|
// Check for successful encryption.
|
|
passingVectors.forEach(function(vector) {
|
|
var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"])
|
|
.then(function(vectors) {
|
|
promise_test(function(test) {
|
|
return subtle.encrypt(vector.algorithm, vector.publicKey, vector.plaintext)
|
|
.then(function(ciphertext) {
|
|
assert_equals(ciphertext.byteLength * 8, vector.privateKey.algorithm.modulusLength, "Ciphertext length matches modulus length");
|
|
|
|
// Can we get the original plaintext back via decrypt?
|
|
return subtle.decrypt(vector.algorithm, vector.privateKey, ciphertext)
|
|
.then(function(result) {
|
|
assert_true(equalBuffers(result, vector.plaintext), "Round trip returns original plaintext");
|
|
return ciphertext;
|
|
}, function(err) {
|
|
assert_unreached("decrypt error for test " + vector.name + ": " + err.message + "'");
|
|
});
|
|
})
|
|
.then(function(priorCiphertext) {
|
|
// Will a second encrypt give us different ciphertext, as it should?
|
|
return subtle.encrypt(vector.algorithm, vector.publicKey, vector.plaintext)
|
|
.then(function(ciphertext) {
|
|
assert_false(equalBuffers(priorCiphertext, ciphertext), "Two encrypts give different results")
|
|
}, function(err) {
|
|
assert_unreached("second time encrypt error for test " + vector.name + ": '" + err.message + "'");
|
|
});
|
|
}, function(err) {
|
|
assert_unreached("decrypt error for test " + vector.name + ": '" + err.message + "'");
|
|
});
|
|
}, vector.name);
|
|
|
|
}, function(err) {
|
|
// We need a failed test if the importVectorKey operation fails, so
|
|
// we know we never tested encryption
|
|
promise_test(function(test) {
|
|
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
|
|
}, "importVectorKeys step: " + vector.name);
|
|
});
|
|
|
|
all_promises.push(promise);
|
|
});
|
|
|
|
// Check for failures due to too long plaintext.
|
|
passingVectors.forEach(function(vector) {
|
|
var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"])
|
|
.then(function(vectors) {
|
|
// Get a one byte longer plaintext to encrypt
|
|
var plaintext = new Uint8Array(vector.plaintext.byteLength + 1);
|
|
plaintext.set(plaintext, 0);
|
|
plaintext.set(new Uint8Array([32]), vector.plaintext.byteLength);
|
|
promise_test(function(test) {
|
|
return subtle.encrypt(vector.algorithm, vector.publicKey, plaintext)
|
|
.then(function(ciphertext) {
|
|
assert_unreached("Should have thrown error for too long plaintext in " + vector.name + ": " + err.message + "'");
|
|
}, function(err) {
|
|
assert_equals(err.name, "OperationError", "Should throw OperationError instead of " + err.message);
|
|
});
|
|
}, vector.name + " too long plaintext");
|
|
|
|
}, function(err) {
|
|
// We need a failed test if the importVectorKey operation fails, so
|
|
// we know we never tested encryption
|
|
promise_test(function(test) {
|
|
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
|
|
}, "importVectorKeys step: " + vector.name + " too long plaintext");
|
|
});
|
|
|
|
all_promises.push(promise);
|
|
});
|
|
|
|
|
|
// Check for failures due to using privateKey to encrypt.
|
|
passingVectors.forEach(function(vector) {
|
|
var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"])
|
|
.then(function(vectors) {
|
|
promise_test(function(test) {
|
|
return subtle.encrypt(vector.algorithm, vector.privateKey, vector.plaintext)
|
|
.then(function(ciphertext) {
|
|
assert_unreached("Should have thrown error for using privateKey to encrypt in " + vector.name + ": " + err.message + "'");
|
|
}, function(err) {
|
|
assert_equals(err.name, "InvalidAccessError", "Should throw InvalidAccessError instead of " + err.message);
|
|
});
|
|
}, vector.name + " using privateKey to encrypt");
|
|
|
|
}, function(err) {
|
|
// We need a failed test if the importVectorKey operation fails, so
|
|
// we know we never tested encryption
|
|
promise_test(function(test) {
|
|
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
|
|
}, "importVectorKeys step: " + vector.name + " using privateKey to encrypt");
|
|
});
|
|
|
|
all_promises.push(promise);
|
|
});
|
|
|
|
|
|
// Check for failures due to no "encrypt usage".
|
|
passingVectors.forEach(function(originalVector) {
|
|
var vector = Object.assign({}, originalVector);
|
|
|
|
var promise = importVectorKeys(vector, [], ["decrypt"])
|
|
.then(function(vectors) {
|
|
// Get a one byte longer plaintext to encrypt
|
|
promise_test(function(test) {
|
|
return subtle.encrypt(vector.algorithm, vector.publicKey, vector.plaintext)
|
|
.then(function(ciphertext) {
|
|
assert_unreached("Should have thrown error for no encrypt usage in " + vector.name + ": " + err.message + "'");
|
|
}, function(err) {
|
|
assert_equals(err.name, "InvalidAccessError", "Should throw InvalidAccessError instead of " + err.message);
|
|
});
|
|
}, vector.name + " no encrypt usage");
|
|
|
|
}, function(err) {
|
|
// We need a failed test if the importVectorKey operation fails, so
|
|
// we know we never tested encryption
|
|
promise_test(function(test) {
|
|
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
|
|
}, "importVectorKeys step: " + vector.name + " no encrypt usage");
|
|
});
|
|
|
|
all_promises.push(promise);
|
|
});
|
|
|
|
promise_test(function() {
|
|
return Promise.all(all_promises)
|
|
.then(function() {done();})
|
|
.catch(function() {done();})
|
|
}, "setup");
|
|
|
|
// A test vector has all needed fields for encryption, EXCEPT that the
|
|
// key field may be null. This function replaces that null with the Correct
|
|
// CryptoKey object.
|
|
//
|
|
// Returns a Promise that yields an updated vector on success.
|
|
function importVectorKeys(vector, publicKeyUsages, privateKeyUsages) {
|
|
var publicPromise, privatePromise;
|
|
|
|
if (vector.publicKey !== null) {
|
|
publicPromise = new Promise(function(resolve, reject) {
|
|
resolve(vector);
|
|
});
|
|
} else {
|
|
publicPromise = subtle.importKey(vector.publicKeyFormat, vector.publicKeyBuffer, {name: vector.algorithm.name, hash: vector.hash}, false, publicKeyUsages)
|
|
.then(function(key) {
|
|
vector.publicKey = key;
|
|
return vector;
|
|
}); // Returns a copy of the sourceBuffer it is sent.
|
|
function copyBuffer(sourceBuffer) {
|
|
var source = new Uint8Array(sourceBuffer);
|
|
var copy = new Uint8Array(sourceBuffer.byteLength)
|
|
|
|
for (var i=0; i<source.byteLength; i++) {
|
|
copy[i] = source[i];
|
|
}
|
|
|
|
return copy;
|
|
}
|
|
|
|
}
|
|
|
|
if (vector.privateKey !== null) {
|
|
privatePromise = new Promise(function(resolve, reject) {
|
|
resolve(vector);
|
|
});
|
|
} else {
|
|
privatePromise = subtle.importKey(vector.privateKeyFormat, vector.privateKeyBuffer, {name: vector.algorithm.name, hash: vector.hash}, false, privateKeyUsages)
|
|
.then(function(key) {
|
|
vector.privateKey = key;
|
|
return vector;
|
|
});
|
|
}
|
|
|
|
return Promise.all([publicPromise, privatePromise]);
|
|
}
|
|
|
|
// Returns a copy of the sourceBuffer it is sent.
|
|
function copyBuffer(sourceBuffer) {
|
|
var source = new Uint8Array(sourceBuffer);
|
|
var copy = new Uint8Array(sourceBuffer.byteLength)
|
|
|
|
for (var i=0; i<source.byteLength; i++) {
|
|
copy[i] = source[i];
|
|
}
|
|
|
|
return copy;
|
|
}
|
|
|
|
function equalBuffers(a, b) {
|
|
if (a.byteLength !== b.byteLength) {
|
|
return false;
|
|
}
|
|
|
|
var aBytes = new Uint8Array(a);
|
|
var bBytes = new Uint8Array(b);
|
|
|
|
for (var i=0; i<a.byteLength; i++) {
|
|
if (aBytes[i] !== bBytes[i]) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
return;
|
|
}
|