services/crypto/component/tests/unit/test_jpake.js@6474c204b198 (annotated)
services/crypto/component/tests/unit/test_jpake.js
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
| michael@0 | 1 | const Cc = Components.classes; |
| michael@0 | 2 | const Ci = Components.interfaces; |
| michael@0 | 3 | |
| michael@0 | 4 | // Ensure PSM is initialized. |
| michael@0 | 5 | Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports); |
| michael@0 | 6 | |
| michael@0 | 7 | function do_check_throws(func) { |
| michael@0 | 8 | let have_error = false; |
| michael@0 | 9 | try { |
| michael@0 | 10 | func(); |
| michael@0 | 11 | } catch(ex) { |
| michael@0 | 12 | dump("Was expecting an exception. Caught: " + ex + "\n"); |
| michael@0 | 13 | have_error = true; |
| michael@0 | 14 | } |
| michael@0 | 15 | do_check_true(have_error); |
| michael@0 | 16 | } |
| michael@0 | 17 | |
| michael@0 | 18 | function test_success() { |
| michael@0 | 19 | let a = Cc["@mozilla.org/services-crypto/sync-jpake;1"] |
| michael@0 | 20 | .createInstance(Ci.nsISyncJPAKE); |
| michael@0 | 21 | let b = Cc["@mozilla.org/services-crypto/sync-jpake;1"] |
| michael@0 | 22 | .createInstance(Ci.nsISyncJPAKE); |
| michael@0 | 23 | |
| michael@0 | 24 | let a_gx1 = {}; |
| michael@0 | 25 | let a_gv1 = {}; |
| michael@0 | 26 | let a_r1 = {}; |
| michael@0 | 27 | let a_gx2 = {}; |
| michael@0 | 28 | let a_gv2 = {}; |
| michael@0 | 29 | let a_r2 = {}; |
| michael@0 | 30 | |
| michael@0 | 31 | let b_gx1 = {}; |
| michael@0 | 32 | let b_gv1 = {}; |
| michael@0 | 33 | let b_r1 = {}; |
| michael@0 | 34 | let b_gx2 = {}; |
| michael@0 | 35 | let b_gv2 = {}; |
| michael@0 | 36 | let b_r2 = {}; |
| michael@0 | 37 | |
| michael@0 | 38 | a.round1("alice", a_gx1, a_gv1, a_r1, a_gx2, a_gv2, a_r2); |
| michael@0 | 39 | b.round1("bob", b_gx1, b_gv1, b_r1, b_gx2, b_gv2, b_r2); |
| michael@0 | 40 | |
| michael@0 | 41 | let a_A = {}; |
| michael@0 | 42 | let a_gva = {}; |
| michael@0 | 43 | let a_ra = {}; |
| michael@0 | 44 | |
| michael@0 | 45 | let b_A = {}; |
| michael@0 | 46 | let b_gva = {}; |
| michael@0 | 47 | let b_ra = {}; |
| michael@0 | 48 | |
| michael@0 | 49 | a.round2("bob", "sekrit", b_gx1.value, b_gv1.value, b_r1.value, |
| michael@0 | 50 | b_gx2.value, b_gv2.value, b_r2.value, a_A, a_gva, a_ra); |
| michael@0 | 51 | b.round2("alice", "sekrit", a_gx1.value, a_gv1.value, a_r1.value, |
| michael@0 | 52 | a_gx2.value, a_gv2.value, a_r2.value, b_A, b_gva, b_ra); |
| michael@0 | 53 | |
| michael@0 | 54 | let a_aes = {}; |
| michael@0 | 55 | let a_hmac = {}; |
| michael@0 | 56 | let b_aes = {}; |
| michael@0 | 57 | let b_hmac = {}; |
| michael@0 | 58 | |
| michael@0 | 59 | a.final(b_A.value, b_gva.value, b_ra.value, "ohai", a_aes, a_hmac); |
| michael@0 | 60 | b.final(a_A.value, a_gva.value, a_ra.value, "ohai", b_aes, b_hmac); |
| michael@0 | 61 | |
| michael@0 | 62 | do_check_eq(a_aes.value, b_aes.value); |
| michael@0 | 63 | do_check_eq(a_hmac.value, b_hmac.value); |
| michael@0 | 64 | } |
| michael@0 | 65 | |
| michael@0 | 66 | function test_failure(modlen) { |
| michael@0 | 67 | let a = Cc["@mozilla.org/services-crypto/sync-jpake;1"] |
| michael@0 | 68 | .createInstance(Ci.nsISyncJPAKE); |
| michael@0 | 69 | let b = Cc["@mozilla.org/services-crypto/sync-jpake;1"] |
| michael@0 | 70 | .createInstance(Ci.nsISyncJPAKE); |
| michael@0 | 71 | |
| michael@0 | 72 | let a_gx1 = {}; |
| michael@0 | 73 | let a_gv1 = {}; |
| michael@0 | 74 | let a_r1 = {}; |
| michael@0 | 75 | let a_gx2 = {}; |
| michael@0 | 76 | let a_gv2 = {}; |
| michael@0 | 77 | let a_r2 = {}; |
| michael@0 | 78 | |
| michael@0 | 79 | let b_gx1 = {}; |
| michael@0 | 80 | let b_gv1 = {}; |
| michael@0 | 81 | let b_r1 = {}; |
| michael@0 | 82 | let b_gx2 = {}; |
| michael@0 | 83 | let b_gv2 = {}; |
| michael@0 | 84 | let b_r2 = {}; |
| michael@0 | 85 | |
| michael@0 | 86 | a.round1("alice", a_gx1, a_gv1, a_r1, a_gx2, a_gv2, a_r2); |
| michael@0 | 87 | b.round1("bob", b_gx1, b_gv1, b_r1, b_gx2, b_gv2, b_r2); |
| michael@0 | 88 | |
| michael@0 | 89 | let a_A = {}; |
| michael@0 | 90 | let a_gva = {}; |
| michael@0 | 91 | let a_ra = {}; |
| michael@0 | 92 | |
| michael@0 | 93 | let b_A = {}; |
| michael@0 | 94 | let b_gva = {}; |
| michael@0 | 95 | let b_ra = {}; |
| michael@0 | 96 | |
| michael@0 | 97 | // Note how the PINs are different (secret vs. sekrit) |
| michael@0 | 98 | a.round2("bob", "secret", b_gx1.value, b_gv1.value, b_r1.value, |
| michael@0 | 99 | b_gx2.value, b_gv2.value, b_r2.value, a_A, a_gva, a_ra); |
| michael@0 | 100 | b.round2("alice", "sekrit", a_gx1.value, a_gv1.value, a_r1.value, |
| michael@0 | 101 | a_gx2.value, a_gv2.value, a_r2.value, b_A, b_gva, b_ra); |
| michael@0 | 102 | |
| michael@0 | 103 | let a_aes = {}; |
| michael@0 | 104 | let a_hmac = {}; |
| michael@0 | 105 | let b_aes = {}; |
| michael@0 | 106 | let b_hmac = {}; |
| michael@0 | 107 | |
| michael@0 | 108 | a.final(b_A.value, b_gva.value, b_ra.value, "ohai", a_aes, a_hmac); |
| michael@0 | 109 | b.final(a_A.value, a_gva.value, a_ra.value, "ohai", b_aes, b_hmac); |
| michael@0 | 110 | |
| michael@0 | 111 | do_check_neq(a_aes.value, b_aes.value); |
| michael@0 | 112 | do_check_neq(a_hmac.value, b_hmac.value); |
| michael@0 | 113 | } |
| michael@0 | 114 | |
| michael@0 | 115 | function test_same_signerids() { |
| michael@0 | 116 | let a = Cc["@mozilla.org/services-crypto/sync-jpake;1"] |
| michael@0 | 117 | .createInstance(Ci.nsISyncJPAKE); |
| michael@0 | 118 | let b = Cc["@mozilla.org/services-crypto/sync-jpake;1"] |
| michael@0 | 119 | .createInstance(Ci.nsISyncJPAKE); |
| michael@0 | 120 | |
| michael@0 | 121 | let gx1 = {}; |
| michael@0 | 122 | let gv1 = {}; |
| michael@0 | 123 | let r1 = {}; |
| michael@0 | 124 | let gx2 = {}; |
| michael@0 | 125 | let gv2 = {}; |
| michael@0 | 126 | let r2 = {}; |
| michael@0 | 127 | |
| michael@0 | 128 | a.round1("alice", {}, {}, {}, {}, {}, {}); |
| michael@0 | 129 | b.round1("alice", gx1, gv1, r1, gx2, gv2, r2); |
| michael@0 | 130 | do_check_throws(function() { |
| michael@0 | 131 | a.round2("alice", "sekrit", gx1.value, gv1.value, r1.value, |
| michael@0 | 132 | gx2.value, gv2.value, r2.value, {}, {}, {}); |
| michael@0 | 133 | }); |
| michael@0 | 134 | } |
| michael@0 | 135 | |
| michael@0 | 136 | function test_bad_zkp() { |
| michael@0 | 137 | let a = Cc["@mozilla.org/services-crypto/sync-jpake;1"] |
| michael@0 | 138 | .createInstance(Ci.nsISyncJPAKE); |
| michael@0 | 139 | let b = Cc["@mozilla.org/services-crypto/sync-jpake;1"] |
| michael@0 | 140 | .createInstance(Ci.nsISyncJPAKE); |
| michael@0 | 141 | |
| michael@0 | 142 | let gx1 = {}; |
| michael@0 | 143 | let gv1 = {}; |
| michael@0 | 144 | let r1 = {}; |
| michael@0 | 145 | let gx2 = {}; |
| michael@0 | 146 | let gv2 = {}; |
| michael@0 | 147 | let r2 = {}; |
| michael@0 | 148 | |
| michael@0 | 149 | a.round1("alice", {}, {}, {}, {}, {}, {}); |
| michael@0 | 150 | b.round1("bob", gx1, gv1, r1, gx2, gv2, r2); |
| michael@0 | 151 | do_check_throws(function() { |
| michael@0 | 152 | a.round2("invalid", "sekrit", gx1.value, gv1.value, r1.value, |
| michael@0 | 153 | gx2.value, gv2.value, r2.value, {}, {}, {}); |
| michael@0 | 154 | }); |
| michael@0 | 155 | } |
| michael@0 | 156 | |
| michael@0 | 157 | function test_x4_zero() { |
| michael@0 | 158 | // The PKCS#11 API for J-PAKE does not allow us to choose any of the nonces. |
| michael@0 | 159 | // In order to test the defence against x4 (mod p) == 1, we had to generate |
| michael@0 | 160 | // our own signed nonces using a the FreeBL JPAKE_Sign function directly. |
| michael@0 | 161 | // To verify the signatures are accurate, pass the given value of R as the |
| michael@0 | 162 | // "testRandom" parameter to FreeBL's JPAKE_Sign, along with the given values |
| michael@0 | 163 | // for X and GX, using signerID "alice". Then verify that each GV returned |
| michael@0 | 164 | // from JPAKE_Sign matches the value specified here. |
| michael@0 | 165 | let test = function(badGX, badX_GV, badX_R) { |
| michael@0 | 166 | let a = Cc["@mozilla.org/services-crypto/sync-jpake;1"] |
| michael@0 | 167 | .createInstance(Ci.nsISyncJPAKE); |
| michael@0 | 168 | let b = Cc["@mozilla.org/services-crypto/sync-jpake;1"] |
| michael@0 | 169 | .createInstance(Ci.nsISyncJPAKE); |
| michael@0 | 170 | |
| michael@0 | 171 | let a_gx1 = {}; |
| michael@0 | 172 | let a_gv1 = {}; |
| michael@0 | 173 | let a_r1 = {}; |
| michael@0 | 174 | let a_gx2 = {}; |
| michael@0 | 175 | let a_gv2 = {}; |
| michael@0 | 176 | let a_r2 = {}; |
| michael@0 | 177 | |
| michael@0 | 178 | let b_gx1 = {}; |
| michael@0 | 179 | let b_gv1 = {}; |
| michael@0 | 180 | let b_r1 = {}; |
| michael@0 | 181 | let b_gx2 = {}; |
| michael@0 | 182 | let b_gv2 = {}; |
| michael@0 | 183 | let b_r2 = {}; |
| michael@0 | 184 | |
| michael@0 | 185 | a.round1("alice", a_gx1, a_gv1, a_r1, a_gx2, a_gv2, a_r2); |
| michael@0 | 186 | b.round1("bob", b_gx1, b_gv1, b_r1, b_gx2, b_gv2, b_r2); |
| michael@0 | 187 | |
| michael@0 | 188 | // Replace the g^x2 generated by A with the given illegal value. |
| michael@0 | 189 | a_gx2.value = badGX; |
| michael@0 | 190 | a_gv2.value = badX_GV; |
| michael@0 | 191 | a_r2.value = badX_R; |
| michael@0 | 192 | |
| michael@0 | 193 | let b_A = {}; |
| michael@0 | 194 | let b_gva = {}; |
| michael@0 | 195 | let b_ra = {}; |
| michael@0 | 196 | |
| michael@0 | 197 | do_check_throws(function() { |
| michael@0 | 198 | b.round2("alice", "secret", a_gx1.value, a_gv1.value, a_r1.value, |
| michael@0 | 199 | a_gx2.value, a_gv2.value, a_r2.value, b_A, b_gva, b_ra); |
| michael@0 | 200 | }); |
| michael@0 | 201 | }; |
| michael@0 | 202 | |
| michael@0 | 203 | // g^x is NIST 3072's p + 1, (p + 1) mod p == 1, x == 0 |
| michael@0 | 204 | test("90066455B5CFC38F9CAA4A48B4281F292C260FEEF01FD61037E56258A7795A1C" |
| michael@0 | 205 | + "7AD46076982CE6BB956936C6AB4DCFE05E6784586940CA544B9B2140E1EB523F" |
| michael@0 | 206 | + "009D20A7E7880E4E5BFA690F1B9004A27811CD9904AF70420EEFD6EA11EF7DA1" |
| michael@0 | 207 | + "29F58835FF56B89FAA637BC9AC2EFAAB903402229F491D8D3485261CD068699B" |
| michael@0 | 208 | + "6BA58A1DDBBEF6DB51E8FE34E8A78E542D7BA351C21EA8D8F1D29F5D5D159394" |
| michael@0 | 209 | + "87E27F4416B0CA632C59EFD1B1EB66511A5A0FBF615B766C5862D0BD8A3FE7A0" |
| michael@0 | 210 | + "E0DA0FB2FE1FCB19E8F9996A8EA0FCCDE538175238FC8B0EE6F29AF7F642773E" |
| michael@0 | 211 | + "BE8CD5402415A01451A840476B2FCEB0E388D30D4B376C37FE401C2A2C2F941D" |
| michael@0 | 212 | + "AD179C540C1C8CE030D460C4D983BE9AB0B20F69144C1AE13F9383EA1C08504F" |
| michael@0 | 213 | + "B0BF321503EFE43488310DD8DC77EC5B8349B8BFE97C2C560EA878DE87C11E3D" |
| michael@0 | 214 | + "597F1FEA742D73EEC7F37BE43949EF1A0D15C3F3E3FC0A8335617055AC91328E" |
| michael@0 | 215 | + "C22B50FC15B941D3D1624CD88BC25F3E941FDDC6200689581BFEC416B4B2CB74", |
| michael@0 | 216 | "5386107A0DD4A96ECF8D9BCF864BDE23AAEF13351F5550D777A32C1FEC165ED67AE51" |
| michael@0 | 217 | + "66C3876AABC1FED1A0993754F3AEE256530F529548F8FE010BC0D070175569845" |
| michael@0 | 218 | + "CF009AD24BC897A9CA1F18E1A9CE421DD54FD93AB528BC2594B47791713165276" |
| michael@0 | 219 | + "7B76903190C3DCD2076FEC1E61FFFC32D1B07273B06EA2889E66FCBFD41FE8984" |
| michael@0 | 220 | + "5FCE36056B09D1F20E58BB6BAA07A32796F11998BEF0AB3D387E2FB4FE3073FEB" |
| michael@0 | 221 | + "634BA91709010A70DA29C06F8F92D638C4F158680EAFEB5E0E323BD7DACB671C0" |
| michael@0 | 222 | + "BA3EDEEAB5CAA243CABAB28E7205AC9A0AAEAFE132635DAC7FE001C19F880A96E" |
| michael@0 | 223 | + "395C42536D694F81B4F44DC66D7D6FBE933C56ABF585837291D8751C18EB1F3FB" |
| michael@0 | 224 | + "620582E6A7B795D699E38C270863A289583CB9D07651E6BA3B82BC656B49BD09B" |
| michael@0 | 225 | + "6B8C27F370120C7CB89D0829BE51D56356EA836012E9204FF4D1CA8B1B7F9C768" |
| michael@0 | 226 | + "4BB2B0F226FD4042EEBAD931FDBD4F81F8425B305752F5E37FFA2B73BB5A034EC" |
| michael@0 | 227 | + "7EEF5AAC92EA212897E3A2B8961D2147710ECCE127B942AB2", |
| michael@0 | 228 | "05CC4DF005FE006C11111624E14806E4A904A4D1D6A53E795AC7867A960CD4FD"); |
| michael@0 | 229 | |
| michael@0 | 230 | // x == 0 implies g^x == 1 |
| michael@0 | 231 | test("01", |
| michael@0 | 232 | "488759644532FA7C53E5239F2A365D4B9189582BDD2967A1852FE56568382B65" |
| michael@0 | 233 | + "C66BDFCD9B581EAEF4BB497CAF1290ECDFA47A1D1658DC5DC9248D9A4135" |
| michael@0 | 234 | + "DC70B6A8497CDF117236841FA18500DC696A92EEF5000ABE68E9C75B37BC" |
| michael@0 | 235 | + "6A722126BE728163AA90A6B03D5585994D3403557EEF08E819C72D143BBC" |
| michael@0 | 236 | + "CDF74559645066CB3607E1B0430365356389FC8FB3D66FD2B6E2E834EC23" |
| michael@0 | 237 | + "0B0234956752D07F983C918488C8E5A124B062D50B44C5E6FB36BCB03E39" |
| michael@0 | 238 | + "0385B17CF8062B6688371E6AF5915C2B1AAA31C9294943CC6DC1B994FC09" |
| michael@0 | 239 | + "49CA31828B83F3D6DFB081B26045DFD9F10092588B63F1D6E68881A06522" |
| michael@0 | 240 | + "5A417CA9555B036DE89D349AC794A43EB28FE320F9A321F06A9364C88B54" |
| michael@0 | 241 | + "99EEF4816375B119824ACC9AA56D1340B6A49D05F855DE699B351012028C" |
| michael@0 | 242 | + "CA43001F708CC61E71CA3849935BEEBABC0D268CD41B8D2B8DCA705FDFF8" |
| michael@0 | 243 | + "1DAA772DA96EDEA0B291FD5C0C1B8EFE5318D37EBC1BFF53A9DDEC4171A6" |
| michael@0 | 244 | + "479E341438970058E25C8F2BCDA6166C8BF1B065C174", |
| michael@0 | 245 | "8B2BACE575179D762F6F2FFDBFF00B497C07766AB3EED9961447CF6F43D06A97"); |
| michael@0 | 246 | } |
| michael@0 | 247 | |
| michael@0 | 248 | function test_invalid_input_round2() { |
| michael@0 | 249 | let a = Cc["@mozilla.org/services-crypto/sync-jpake;1"] |
| michael@0 | 250 | .createInstance(Ci.nsISyncJPAKE); |
| michael@0 | 251 | |
| michael@0 | 252 | a.round1("alice", {}, {}, {}, {}, {}, {}); |
| michael@0 | 253 | do_check_throws(function() { |
| michael@0 | 254 | a.round2("invalid", "sekrit", "some", "real", "garbage", |
| michael@0 | 255 | "even", "more", "garbage", {}, {}, {}); |
| michael@0 | 256 | }); |
| michael@0 | 257 | } |
| michael@0 | 258 | |
| michael@0 | 259 | function test_invalid_input_final() { |
| michael@0 | 260 | let a = Cc["@mozilla.org/services-crypto/sync-jpake;1"] |
| michael@0 | 261 | .createInstance(Ci.nsISyncJPAKE); |
| michael@0 | 262 | let b = Cc["@mozilla.org/services-crypto/sync-jpake;1"] |
| michael@0 | 263 | .createInstance(Ci.nsISyncJPAKE); |
| michael@0 | 264 | |
| michael@0 | 265 | let gx1 = {}; |
| michael@0 | 266 | let gv1 = {}; |
| michael@0 | 267 | let r1 = {}; |
| michael@0 | 268 | let gx2 = {}; |
| michael@0 | 269 | let gv2 = {}; |
| michael@0 | 270 | let r2 = {}; |
| michael@0 | 271 | |
| michael@0 | 272 | a.round1("alice", {}, {}, {}, {}, {}, {}); |
| michael@0 | 273 | b.round1("bob", gx1, gv1, r1, gx2, gv2, r2); |
| michael@0 | 274 | a.round2("bob", "sekrit", gx1.value, gv1.value, r1.value, |
| michael@0 | 275 | gx2.value, gv2.value, r2.value, {}, {}, {}); |
| michael@0 | 276 | do_check_throws(function() { |
| michael@0 | 277 | a.final("some", "garbage", "alright", "foobar-info", {}, {}); |
| michael@0 | 278 | }); |
| michael@0 | 279 | } |
| michael@0 | 280 | |
| michael@0 | 281 | function run_test() { |
| michael@0 | 282 | test_x4_zero(); |
| michael@0 | 283 | test_success(); |
| michael@0 | 284 | test_failure(); |
| michael@0 | 285 | test_same_signerids(); |
| michael@0 | 286 | test_bad_zkp(); |
| michael@0 | 287 | test_invalid_input_round2(); |
| michael@0 | 288 | test_invalid_input_final(); |
| michael@0 | 289 | } |
