The Tor Browser / file comparison
comparison: services/crypto/component/tests/unit/test_jpake.js
services/crypto/component/tests/unit/test_jpake.js
- branch
- TOR_BUG_3246
- changeset 5
- 4ab42b5ab56c
equal
deleted
inserted
replaced
| -1:000000000000 | 0:ae21822b5bde |
|---|---|
| 1 const Cc = Components.classes; | |
| 2 const Ci = Components.interfaces; | |
| 3 | |
| 4 // Ensure PSM is initialized. | |
| 5 Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports); | |
| 6 | |
| 7 function do_check_throws(func) { | |
| 8 let have_error = false; | |
| 9 try { | |
| 10 func(); | |
| 11 } catch(ex) { | |
| 12 dump("Was expecting an exception. Caught: " + ex + "\n"); | |
| 13 have_error = true; | |
| 14 } | |
| 15 do_check_true(have_error); | |
| 16 } | |
| 17 | |
| 18 function test_success() { | |
| 19 let a = Cc["@mozilla.org/services-crypto/sync-jpake;1"] | |
| 20 .createInstance(Ci.nsISyncJPAKE); | |
| 21 let b = Cc["@mozilla.org/services-crypto/sync-jpake;1"] | |
| 22 .createInstance(Ci.nsISyncJPAKE); | |
| 23 | |
| 24 let a_gx1 = {}; | |
| 25 let a_gv1 = {}; | |
| 26 let a_r1 = {}; | |
| 27 let a_gx2 = {}; | |
| 28 let a_gv2 = {}; | |
| 29 let a_r2 = {}; | |
| 30 | |
| 31 let b_gx1 = {}; | |
| 32 let b_gv1 = {}; | |
| 33 let b_r1 = {}; | |
| 34 let b_gx2 = {}; | |
| 35 let b_gv2 = {}; | |
| 36 let b_r2 = {}; | |
| 37 | |
| 38 a.round1("alice", a_gx1, a_gv1, a_r1, a_gx2, a_gv2, a_r2); | |
| 39 b.round1("bob", b_gx1, b_gv1, b_r1, b_gx2, b_gv2, b_r2); | |
| 40 | |
| 41 let a_A = {}; | |
| 42 let a_gva = {}; | |
| 43 let a_ra = {}; | |
| 44 | |
| 45 let b_A = {}; | |
| 46 let b_gva = {}; | |
| 47 let b_ra = {}; | |
| 48 | |
| 49 a.round2("bob", "sekrit", b_gx1.value, b_gv1.value, b_r1.value, | |
| 50 b_gx2.value, b_gv2.value, b_r2.value, a_A, a_gva, a_ra); | |
| 51 b.round2("alice", "sekrit", a_gx1.value, a_gv1.value, a_r1.value, | |
| 52 a_gx2.value, a_gv2.value, a_r2.value, b_A, b_gva, b_ra); | |
| 53 | |
| 54 let a_aes = {}; | |
| 55 let a_hmac = {}; | |
| 56 let b_aes = {}; | |
| 57 let b_hmac = {}; | |
| 58 | |
| 59 a.final(b_A.value, b_gva.value, b_ra.value, "ohai", a_aes, a_hmac); | |
| 60 b.final(a_A.value, a_gva.value, a_ra.value, "ohai", b_aes, b_hmac); | |
| 61 | |
| 62 do_check_eq(a_aes.value, b_aes.value); | |
| 63 do_check_eq(a_hmac.value, b_hmac.value); | |
| 64 } | |
| 65 | |
| 66 function test_failure(modlen) { | |
| 67 let a = Cc["@mozilla.org/services-crypto/sync-jpake;1"] | |
| 68 .createInstance(Ci.nsISyncJPAKE); | |
| 69 let b = Cc["@mozilla.org/services-crypto/sync-jpake;1"] | |
| 70 .createInstance(Ci.nsISyncJPAKE); | |
| 71 | |
| 72 let a_gx1 = {}; | |
| 73 let a_gv1 = {}; | |
| 74 let a_r1 = {}; | |
| 75 let a_gx2 = {}; | |
| 76 let a_gv2 = {}; | |
| 77 let a_r2 = {}; | |
| 78 | |
| 79 let b_gx1 = {}; | |
| 80 let b_gv1 = {}; | |
| 81 let b_r1 = {}; | |
| 82 let b_gx2 = {}; | |
| 83 let b_gv2 = {}; | |
| 84 let b_r2 = {}; | |
| 85 | |
| 86 a.round1("alice", a_gx1, a_gv1, a_r1, a_gx2, a_gv2, a_r2); | |
| 87 b.round1("bob", b_gx1, b_gv1, b_r1, b_gx2, b_gv2, b_r2); | |
| 88 | |
| 89 let a_A = {}; | |
| 90 let a_gva = {}; | |
| 91 let a_ra = {}; | |
| 92 | |
| 93 let b_A = {}; | |
| 94 let b_gva = {}; | |
| 95 let b_ra = {}; | |
| 96 | |
| 97 // Note how the PINs are different (secret vs. sekrit) | |
| 98 a.round2("bob", "secret", b_gx1.value, b_gv1.value, b_r1.value, | |
| 99 b_gx2.value, b_gv2.value, b_r2.value, a_A, a_gva, a_ra); | |
| 100 b.round2("alice", "sekrit", a_gx1.value, a_gv1.value, a_r1.value, | |
| 101 a_gx2.value, a_gv2.value, a_r2.value, b_A, b_gva, b_ra); | |
| 102 | |
| 103 let a_aes = {}; | |
| 104 let a_hmac = {}; | |
| 105 let b_aes = {}; | |
| 106 let b_hmac = {}; | |
| 107 | |
| 108 a.final(b_A.value, b_gva.value, b_ra.value, "ohai", a_aes, a_hmac); | |
| 109 b.final(a_A.value, a_gva.value, a_ra.value, "ohai", b_aes, b_hmac); | |
| 110 | |
| 111 do_check_neq(a_aes.value, b_aes.value); | |
| 112 do_check_neq(a_hmac.value, b_hmac.value); | |
| 113 } | |
| 114 | |
| 115 function test_same_signerids() { | |
| 116 let a = Cc["@mozilla.org/services-crypto/sync-jpake;1"] | |
| 117 .createInstance(Ci.nsISyncJPAKE); | |
| 118 let b = Cc["@mozilla.org/services-crypto/sync-jpake;1"] | |
| 119 .createInstance(Ci.nsISyncJPAKE); | |
| 120 | |
| 121 let gx1 = {}; | |
| 122 let gv1 = {}; | |
| 123 let r1 = {}; | |
| 124 let gx2 = {}; | |
| 125 let gv2 = {}; | |
| 126 let r2 = {}; | |
| 127 | |
| 128 a.round1("alice", {}, {}, {}, {}, {}, {}); | |
| 129 b.round1("alice", gx1, gv1, r1, gx2, gv2, r2); | |
| 130 do_check_throws(function() { | |
| 131 a.round2("alice", "sekrit", gx1.value, gv1.value, r1.value, | |
| 132 gx2.value, gv2.value, r2.value, {}, {}, {}); | |
| 133 }); | |
| 134 } | |
| 135 | |
| 136 function test_bad_zkp() { | |
| 137 let a = Cc["@mozilla.org/services-crypto/sync-jpake;1"] | |
| 138 .createInstance(Ci.nsISyncJPAKE); | |
| 139 let b = Cc["@mozilla.org/services-crypto/sync-jpake;1"] | |
| 140 .createInstance(Ci.nsISyncJPAKE); | |
| 141 | |
| 142 let gx1 = {}; | |
| 143 let gv1 = {}; | |
| 144 let r1 = {}; | |
| 145 let gx2 = {}; | |
| 146 let gv2 = {}; | |
| 147 let r2 = {}; | |
| 148 | |
| 149 a.round1("alice", {}, {}, {}, {}, {}, {}); | |
| 150 b.round1("bob", gx1, gv1, r1, gx2, gv2, r2); | |
| 151 do_check_throws(function() { | |
| 152 a.round2("invalid", "sekrit", gx1.value, gv1.value, r1.value, | |
| 153 gx2.value, gv2.value, r2.value, {}, {}, {}); | |
| 154 }); | |
| 155 } | |
| 156 | |
| 157 function test_x4_zero() { | |
| 158 // The PKCS#11 API for J-PAKE does not allow us to choose any of the nonces. | |
| 159 // In order to test the defence against x4 (mod p) == 1, we had to generate | |
| 160 // our own signed nonces using a the FreeBL JPAKE_Sign function directly. | |
| 161 // To verify the signatures are accurate, pass the given value of R as the | |
| 162 // "testRandom" parameter to FreeBL's JPAKE_Sign, along with the given values | |
| 163 // for X and GX, using signerID "alice". Then verify that each GV returned | |
| 164 // from JPAKE_Sign matches the value specified here. | |
| 165 let test = function(badGX, badX_GV, badX_R) { | |
| 166 let a = Cc["@mozilla.org/services-crypto/sync-jpake;1"] | |
| 167 .createInstance(Ci.nsISyncJPAKE); | |
| 168 let b = Cc["@mozilla.org/services-crypto/sync-jpake;1"] | |
| 169 .createInstance(Ci.nsISyncJPAKE); | |
| 170 | |
| 171 let a_gx1 = {}; | |
| 172 let a_gv1 = {}; | |
| 173 let a_r1 = {}; | |
| 174 let a_gx2 = {}; | |
| 175 let a_gv2 = {}; | |
| 176 let a_r2 = {}; | |
| 177 | |
| 178 let b_gx1 = {}; | |
| 179 let b_gv1 = {}; | |
| 180 let b_r1 = {}; | |
| 181 let b_gx2 = {}; | |
| 182 let b_gv2 = {}; | |
| 183 let b_r2 = {}; | |
| 184 | |
| 185 a.round1("alice", a_gx1, a_gv1, a_r1, a_gx2, a_gv2, a_r2); | |
| 186 b.round1("bob", b_gx1, b_gv1, b_r1, b_gx2, b_gv2, b_r2); | |
| 187 | |
| 188 // Replace the g^x2 generated by A with the given illegal value. | |
| 189 a_gx2.value = badGX; | |
| 190 a_gv2.value = badX_GV; | |
| 191 a_r2.value = badX_R; | |
| 192 | |
| 193 let b_A = {}; | |
| 194 let b_gva = {}; | |
| 195 let b_ra = {}; | |
| 196 | |
| 197 do_check_throws(function() { | |
| 198 b.round2("alice", "secret", a_gx1.value, a_gv1.value, a_r1.value, | |
| 199 a_gx2.value, a_gv2.value, a_r2.value, b_A, b_gva, b_ra); | |
| 200 }); | |
| 201 }; | |
| 202 | |
| 203 // g^x is NIST 3072's p + 1, (p + 1) mod p == 1, x == 0 | |
| 204 test("90066455B5CFC38F9CAA4A48B4281F292C260FEEF01FD61037E56258A7795A1C" | |
| 205 + "7AD46076982CE6BB956936C6AB4DCFE05E6784586940CA544B9B2140E1EB523F" | |
| 206 + "009D20A7E7880E4E5BFA690F1B9004A27811CD9904AF70420EEFD6EA11EF7DA1" | |
| 207 + "29F58835FF56B89FAA637BC9AC2EFAAB903402229F491D8D3485261CD068699B" | |
| 208 + "6BA58A1DDBBEF6DB51E8FE34E8A78E542D7BA351C21EA8D8F1D29F5D5D159394" | |
| 209 + "87E27F4416B0CA632C59EFD1B1EB66511A5A0FBF615B766C5862D0BD8A3FE7A0" | |
| 210 + "E0DA0FB2FE1FCB19E8F9996A8EA0FCCDE538175238FC8B0EE6F29AF7F642773E" | |
| 211 + "BE8CD5402415A01451A840476B2FCEB0E388D30D4B376C37FE401C2A2C2F941D" | |
| 212 + "AD179C540C1C8CE030D460C4D983BE9AB0B20F69144C1AE13F9383EA1C08504F" | |
| 213 + "B0BF321503EFE43488310DD8DC77EC5B8349B8BFE97C2C560EA878DE87C11E3D" | |
| 214 + "597F1FEA742D73EEC7F37BE43949EF1A0D15C3F3E3FC0A8335617055AC91328E" | |
| 215 + "C22B50FC15B941D3D1624CD88BC25F3E941FDDC6200689581BFEC416B4B2CB74", | |
| 216 "5386107A0DD4A96ECF8D9BCF864BDE23AAEF13351F5550D777A32C1FEC165ED67AE51" | |
| 217 + "66C3876AABC1FED1A0993754F3AEE256530F529548F8FE010BC0D070175569845" | |
| 218 + "CF009AD24BC897A9CA1F18E1A9CE421DD54FD93AB528BC2594B47791713165276" | |
| 219 + "7B76903190C3DCD2076FEC1E61FFFC32D1B07273B06EA2889E66FCBFD41FE8984" | |
| 220 + "5FCE36056B09D1F20E58BB6BAA07A32796F11998BEF0AB3D387E2FB4FE3073FEB" | |
| 221 + "634BA91709010A70DA29C06F8F92D638C4F158680EAFEB5E0E323BD7DACB671C0" | |
| 222 + "BA3EDEEAB5CAA243CABAB28E7205AC9A0AAEAFE132635DAC7FE001C19F880A96E" | |
| 223 + "395C42536D694F81B4F44DC66D7D6FBE933C56ABF585837291D8751C18EB1F3FB" | |
| 224 + "620582E6A7B795D699E38C270863A289583CB9D07651E6BA3B82BC656B49BD09B" | |
| 225 + "6B8C27F370120C7CB89D0829BE51D56356EA836012E9204FF4D1CA8B1B7F9C768" | |
| 226 + "4BB2B0F226FD4042EEBAD931FDBD4F81F8425B305752F5E37FFA2B73BB5A034EC" | |
| 227 + "7EEF5AAC92EA212897E3A2B8961D2147710ECCE127B942AB2", | |
| 228 "05CC4DF005FE006C11111624E14806E4A904A4D1D6A53E795AC7867A960CD4FD"); | |
| 229 | |
| 230 // x == 0 implies g^x == 1 | |
| 231 test("01", | |
| 232 "488759644532FA7C53E5239F2A365D4B9189582BDD2967A1852FE56568382B65" | |
| 233 + "C66BDFCD9B581EAEF4BB497CAF1290ECDFA47A1D1658DC5DC9248D9A4135" | |
| 234 + "DC70B6A8497CDF117236841FA18500DC696A92EEF5000ABE68E9C75B37BC" | |
| 235 + "6A722126BE728163AA90A6B03D5585994D3403557EEF08E819C72D143BBC" | |
| 236 + "CDF74559645066CB3607E1B0430365356389FC8FB3D66FD2B6E2E834EC23" | |
| 237 + "0B0234956752D07F983C918488C8E5A124B062D50B44C5E6FB36BCB03E39" | |
| 238 + "0385B17CF8062B6688371E6AF5915C2B1AAA31C9294943CC6DC1B994FC09" | |
| 239 + "49CA31828B83F3D6DFB081B26045DFD9F10092588B63F1D6E68881A06522" | |
| 240 + "5A417CA9555B036DE89D349AC794A43EB28FE320F9A321F06A9364C88B54" | |
| 241 + "99EEF4816375B119824ACC9AA56D1340B6A49D05F855DE699B351012028C" | |
| 242 + "CA43001F708CC61E71CA3849935BEEBABC0D268CD41B8D2B8DCA705FDFF8" | |
| 243 + "1DAA772DA96EDEA0B291FD5C0C1B8EFE5318D37EBC1BFF53A9DDEC4171A6" | |
| 244 + "479E341438970058E25C8F2BCDA6166C8BF1B065C174", | |
| 245 "8B2BACE575179D762F6F2FFDBFF00B497C07766AB3EED9961447CF6F43D06A97"); | |
| 246 } | |
| 247 | |
| 248 function test_invalid_input_round2() { | |
| 249 let a = Cc["@mozilla.org/services-crypto/sync-jpake;1"] | |
| 250 .createInstance(Ci.nsISyncJPAKE); | |
| 251 | |
| 252 a.round1("alice", {}, {}, {}, {}, {}, {}); | |
| 253 do_check_throws(function() { | |
| 254 a.round2("invalid", "sekrit", "some", "real", "garbage", | |
| 255 "even", "more", "garbage", {}, {}, {}); | |
| 256 }); | |
| 257 } | |
| 258 | |
| 259 function test_invalid_input_final() { | |
| 260 let a = Cc["@mozilla.org/services-crypto/sync-jpake;1"] | |
| 261 .createInstance(Ci.nsISyncJPAKE); | |
| 262 let b = Cc["@mozilla.org/services-crypto/sync-jpake;1"] | |
| 263 .createInstance(Ci.nsISyncJPAKE); | |
| 264 | |
| 265 let gx1 = {}; | |
| 266 let gv1 = {}; | |
| 267 let r1 = {}; | |
| 268 let gx2 = {}; | |
| 269 let gv2 = {}; | |
| 270 let r2 = {}; | |
| 271 | |
| 272 a.round1("alice", {}, {}, {}, {}, {}, {}); | |
| 273 b.round1("bob", gx1, gv1, r1, gx2, gv2, r2); | |
| 274 a.round2("bob", "sekrit", gx1.value, gv1.value, r1.value, | |
| 275 gx2.value, gv2.value, r2.value, {}, {}, {}); | |
| 276 do_check_throws(function() { | |
| 277 a.final("some", "garbage", "alright", "foobar-info", {}, {}); | |
| 278 }); | |
| 279 } | |
| 280 | |
| 281 function run_test() { | |
| 282 test_x4_zero(); | |
| 283 test_success(); | |
| 284 test_failure(); | |
| 285 test_same_signerids(); | |
| 286 test_bad_zkp(); | |
| 287 test_invalid_input_round2(); | |
| 288 test_invalid_input_final(); | |
| 289 } |
