services/sync/tests/unit/test_records_crypto.js@6474c204b198
services/sync/tests/unit/test_records_crypto.js
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 /* Any copyright is dedicated to the Public Domain.
2 * http://creativecommons.org/publicdomain/zero/1.0/ */
4 Cu.import("resource://gre/modules/Log.jsm");
5 Cu.import("resource://services-sync/constants.js");
6 Cu.import("resource://services-sync/keys.js");
7 Cu.import("resource://services-sync/record.js");
8 Cu.import("resource://services-sync/resource.js");
9 Cu.import("resource://services-sync/service.js");
10 Cu.import("resource://services-sync/util.js");
11 Cu.import("resource://testing-common/services/sync/utils.js");
13 let cryptoWrap;
15 function crypted_resource_handler(metadata, response) {
16 let obj = {id: "resource",
17 modified: cryptoWrap.modified,
18 payload: JSON.stringify(cryptoWrap.payload)};
19 return httpd_basic_auth_handler(JSON.stringify(obj), metadata, response);
20 }
22 function prepareCryptoWrap(collection, id) {
23 let w = new CryptoWrapper();
24 w.cleartext.stuff = "my payload here";
25 w.collection = collection;
26 w.id = id;
27 return w;
28 }
30 function run_test() {
31 let server;
32 do_test_pending();
34 ensureLegacyIdentityManager();
35 Service.identity.username = "john@example.com";
36 Service.identity.syncKey = "a-abcde-abcde-abcde-abcde-abcde";
37 let keyBundle = Service.identity.syncKeyBundle;
39 try {
40 let log = Log.repository.getLogger("Test");
41 Log.repository.rootLogger.addAppender(new Log.DumpAppender());
43 log.info("Setting up server and authenticator");
45 server = httpd_setup({"/steam/resource": crypted_resource_handler});
47 log.info("Creating a record");
49 let cryptoUri = "http://localhost:8080/crypto/steam";
50 cryptoWrap = prepareCryptoWrap("steam", "resource");
52 log.info("cryptoWrap: " + cryptoWrap.toString());
54 log.info("Encrypting a record");
56 cryptoWrap.encrypt(keyBundle);
57 log.info("Ciphertext is " + cryptoWrap.ciphertext);
58 do_check_true(cryptoWrap.ciphertext != null);
60 let firstIV = cryptoWrap.IV;
62 log.info("Decrypting the record");
64 let payload = cryptoWrap.decrypt(keyBundle);
65 do_check_eq(payload.stuff, "my payload here");
66 do_check_neq(payload, cryptoWrap.payload); // wrap.data.payload is the encrypted one
68 log.info("Make sure multiple decrypts cause failures");
69 let error = "";
70 try {
71 payload = cryptoWrap.decrypt(keyBundle);
72 }
73 catch(ex) {
74 error = ex;
75 }
76 do_check_eq(error, "No ciphertext: nothing to decrypt?");
78 log.info("Re-encrypting the record with alternate payload");
80 cryptoWrap.cleartext.stuff = "another payload";
81 cryptoWrap.encrypt(keyBundle);
82 let secondIV = cryptoWrap.IV;
83 payload = cryptoWrap.decrypt(keyBundle);
84 do_check_eq(payload.stuff, "another payload");
86 log.info("Make sure multiple encrypts use different IVs");
87 do_check_neq(firstIV, secondIV);
89 log.info("Make sure differing ids cause failures");
90 cryptoWrap.encrypt(keyBundle);
91 cryptoWrap.data.id = "other";
92 error = "";
93 try {
94 cryptoWrap.decrypt(keyBundle);
95 }
96 catch(ex) {
97 error = ex;
98 }
99 do_check_eq(error, "Record id mismatch: resource != other");
101 log.info("Make sure wrong hmacs cause failures");
102 cryptoWrap.encrypt(keyBundle);
103 cryptoWrap.hmac = "foo";
104 error = "";
105 try {
106 cryptoWrap.decrypt(keyBundle);
107 }
108 catch(ex) {
109 error = ex;
110 }
111 do_check_eq(error.substr(0, 42), "Record SHA256 HMAC mismatch: should be foo");
113 // Checking per-collection keys and default key handling.
115 generateNewKeys(Service.collectionKeys);
116 let bu = "http://localhost:8080/storage/bookmarks/foo";
117 let bookmarkItem = prepareCryptoWrap("bookmarks", "foo");
118 bookmarkItem.encrypt(Service.collectionKeys.keyForCollection("bookmarks"));
119 log.info("Ciphertext is " + bookmarkItem.ciphertext);
120 do_check_true(bookmarkItem.ciphertext != null);
121 log.info("Decrypting the record explicitly with the default key.");
122 do_check_eq(bookmarkItem.decrypt(Service.collectionKeys._default).stuff, "my payload here");
124 // Per-collection keys.
125 // Generate a key for "bookmarks".
126 generateNewKeys(Service.collectionKeys, ["bookmarks"]);
127 bookmarkItem = prepareCryptoWrap("bookmarks", "foo");
128 do_check_eq(bookmarkItem.collection, "bookmarks");
130 // Encrypt. This'll use the "bookmarks" encryption key, because we have a
131 // special key for it. The same key will need to be used for decryption.
132 bookmarkItem.encrypt(Service.collectionKeys.keyForCollection("bookmarks"));
133 do_check_true(bookmarkItem.ciphertext != null);
135 // Attempt to use the default key, because this is a collision that could
136 // conceivably occur in the real world. Decryption will error, because
137 // it's not the bookmarks key.
138 let err;
139 try {
140 bookmarkItem.decrypt(Service.collectionKeys._default);
141 } catch (ex) {
142 err = ex;
143 }
144 do_check_eq("Record SHA256 HMAC mismatch", err.substr(0, 27));
146 // Explicitly check that it's using the bookmarks key.
147 // This should succeed.
148 do_check_eq(bookmarkItem.decrypt(Service.collectionKeys.keyForCollection("bookmarks")).stuff,
149 "my payload here");
151 log.info("Done!");
152 }
153 finally {
154 server.stop(do_test_finished);
155 }
156 }
