The Tor Browser / file comparison

comparison: services/sync/tests/unit/test_records_crypto.js

services/sync/tests/unit/test_records_crypto.js

branch
TOR_BUG_9701
changeset 15
b8a032363ba2
equal deleted inserted replaced
-1:000000000000 0:ec9c1a996779
1 /* Any copyright is dedicated to the Public Domain.
2 * http://creativecommons.org/publicdomain/zero/1.0/ */
3
4 Cu.import("resource://gre/modules/Log.jsm");
5 Cu.import("resource://services-sync/constants.js");
6 Cu.import("resource://services-sync/keys.js");
7 Cu.import("resource://services-sync/record.js");
8 Cu.import("resource://services-sync/resource.js");
9 Cu.import("resource://services-sync/service.js");
10 Cu.import("resource://services-sync/util.js");
11 Cu.import("resource://testing-common/services/sync/utils.js");
12
13 let cryptoWrap;
14
15 function crypted_resource_handler(metadata, response) {
16 let obj = {id: "resource",
17 modified: cryptoWrap.modified,
18 payload: JSON.stringify(cryptoWrap.payload)};
19 return httpd_basic_auth_handler(JSON.stringify(obj), metadata, response);
20 }
21
22 function prepareCryptoWrap(collection, id) {
23 let w = new CryptoWrapper();
24 w.cleartext.stuff = "my payload here";
25 w.collection = collection;
26 w.id = id;
27 return w;
28 }
29
30 function run_test() {
31 let server;
32 do_test_pending();
33
34 ensureLegacyIdentityManager();
35 Service.identity.username = "john@example.com";
36 Service.identity.syncKey = "a-abcde-abcde-abcde-abcde-abcde";
37 let keyBundle = Service.identity.syncKeyBundle;
38
39 try {
40 let log = Log.repository.getLogger("Test");
41 Log.repository.rootLogger.addAppender(new Log.DumpAppender());
42
43 log.info("Setting up server and authenticator");
44
45 server = httpd_setup({"/steam/resource": crypted_resource_handler});
46
47 log.info("Creating a record");
48
49 let cryptoUri = "http://localhost:8080/crypto/steam";
50 cryptoWrap = prepareCryptoWrap("steam", "resource");
51
52 log.info("cryptoWrap: " + cryptoWrap.toString());
53
54 log.info("Encrypting a record");
55
56 cryptoWrap.encrypt(keyBundle);
57 log.info("Ciphertext is " + cryptoWrap.ciphertext);
58 do_check_true(cryptoWrap.ciphertext != null);
59
60 let firstIV = cryptoWrap.IV;
61
62 log.info("Decrypting the record");
63
64 let payload = cryptoWrap.decrypt(keyBundle);
65 do_check_eq(payload.stuff, "my payload here");
66 do_check_neq(payload, cryptoWrap.payload); // wrap.data.payload is the encrypted one
67
68 log.info("Make sure multiple decrypts cause failures");
69 let error = "";
70 try {
71 payload = cryptoWrap.decrypt(keyBundle);
72 }
73 catch(ex) {
74 error = ex;
75 }
76 do_check_eq(error, "No ciphertext: nothing to decrypt?");
77
78 log.info("Re-encrypting the record with alternate payload");
79
80 cryptoWrap.cleartext.stuff = "another payload";
81 cryptoWrap.encrypt(keyBundle);
82 let secondIV = cryptoWrap.IV;
83 payload = cryptoWrap.decrypt(keyBundle);
84 do_check_eq(payload.stuff, "another payload");
85
86 log.info("Make sure multiple encrypts use different IVs");
87 do_check_neq(firstIV, secondIV);
88
89 log.info("Make sure differing ids cause failures");
90 cryptoWrap.encrypt(keyBundle);
91 cryptoWrap.data.id = "other";
92 error = "";
93 try {
94 cryptoWrap.decrypt(keyBundle);
95 }
96 catch(ex) {
97 error = ex;
98 }
99 do_check_eq(error, "Record id mismatch: resource != other");
100
101 log.info("Make sure wrong hmacs cause failures");
102 cryptoWrap.encrypt(keyBundle);
103 cryptoWrap.hmac = "foo";
104 error = "";
105 try {
106 cryptoWrap.decrypt(keyBundle);
107 }
108 catch(ex) {
109 error = ex;
110 }
111 do_check_eq(error.substr(0, 42), "Record SHA256 HMAC mismatch: should be foo");
112
113 // Checking per-collection keys and default key handling.
114
115 generateNewKeys(Service.collectionKeys);
116 let bu = "http://localhost:8080/storage/bookmarks/foo";
117 let bookmarkItem = prepareCryptoWrap("bookmarks", "foo");
118 bookmarkItem.encrypt(Service.collectionKeys.keyForCollection("bookmarks"));
119 log.info("Ciphertext is " + bookmarkItem.ciphertext);
120 do_check_true(bookmarkItem.ciphertext != null);
121 log.info("Decrypting the record explicitly with the default key.");
122 do_check_eq(bookmarkItem.decrypt(Service.collectionKeys._default).stuff, "my payload here");
123
124 // Per-collection keys.
125 // Generate a key for "bookmarks".
126 generateNewKeys(Service.collectionKeys, ["bookmarks"]);
127 bookmarkItem = prepareCryptoWrap("bookmarks", "foo");
128 do_check_eq(bookmarkItem.collection, "bookmarks");
129
130 // Encrypt. This'll use the "bookmarks" encryption key, because we have a
131 // special key for it. The same key will need to be used for decryption.
132 bookmarkItem.encrypt(Service.collectionKeys.keyForCollection("bookmarks"));
133 do_check_true(bookmarkItem.ciphertext != null);
134
135 // Attempt to use the default key, because this is a collision that could
136 // conceivably occur in the real world. Decryption will error, because
137 // it's not the bookmarks key.
138 let err;
139 try {
140 bookmarkItem.decrypt(Service.collectionKeys._default);
141 } catch (ex) {
142 err = ex;
143 }
144 do_check_eq("Record SHA256 HMAC mismatch", err.substr(0, 27));
145
146 // Explicitly check that it's using the bookmarks key.
147 // This should succeed.
148 do_check_eq(bookmarkItem.decrypt(Service.collectionKeys.keyForCollection("bookmarks")).stuff,
149 "my payload here");
150
151 log.info("Done!");
152 }
153 finally {
154 server.stop(do_test_finished);
155 }
156 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial