michael@0: Cu.import("resource://services-crypto/WeaveCrypto.js"); michael@0: Cu.import("resource://services-sync/util.js"); michael@0: michael@0: let cryptoSvc = new WeaveCrypto(); michael@0: michael@0: function run_test() { michael@0: if (this.gczeal) { michael@0: _("Running deriveKey tests with gczeal(2)."); michael@0: gczeal(2); michael@0: } else { michael@0: _("Running deriveKey tests with default gczeal."); michael@0: } michael@0: michael@0: var iv = cryptoSvc.generateRandomIV(); michael@0: var der_passphrase = "secret phrase"; michael@0: var der_salt = "RE5YUHpQcGl3bg=="; // btoa("DNXPzPpiwn") michael@0: michael@0: _("Testing deriveKeyFromPassphrase. Input is \"" + der_passphrase + "\", \"" + der_salt + "\" (base64-encoded)."); michael@0: michael@0: // Test friendly-ing. michael@0: do_check_eq("abcdefghijk8mn9pqrstuvwxyz234567", michael@0: Utils.base32ToFriendly("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567")); michael@0: do_check_eq("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567", michael@0: Utils.base32FromFriendly( michael@0: Utils.base32ToFriendly("ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"))); michael@0: michael@0: // Test translation. michael@0: do_check_false(Utils.isPassphrase("o-5wmnu-o5tqc-7lz2h-amkbw-izqzi")); // Wrong charset. michael@0: do_check_false(Utils.isPassphrase("O-5WMNU-O5TQC-7LZ2H-AMKBW-IZQZI")); // Wrong charset. michael@0: do_check_true(Utils.isPassphrase("9-5wmnu-95tqc-78z2h-amkbw-izqzi")); michael@0: do_check_true(Utils.isPassphrase("9-5WMNU-95TQC-78Z2H-AMKBW-IZQZI")); // isPassphrase normalizes. michael@0: do_check_true(Utils.isPassphrase( michael@0: Utils.normalizePassphrase("9-5WMNU-95TQC-78Z2H-AMKBW-IZQZI"))); michael@0: michael@0: // Base64. We don't actually use this in anger, particularly not with a 32-byte key. michael@0: var der_key = Utils.deriveEncodedKeyFromPassphrase(der_passphrase, der_salt); michael@0: _("Derived key in base64: " + der_key); michael@0: do_check_eq(cryptoSvc.decrypt(cryptoSvc.encrypt("bacon", der_key, iv), der_key, iv), "bacon"); michael@0: michael@0: // Base64, 16-byte output. michael@0: var der_key = Utils.deriveEncodedKeyFromPassphrase(der_passphrase, der_salt, 16); michael@0: _("Derived key in base64: " + der_key); michael@0: do_check_eq("d2zG0d2cBfXnRwMUGyMwyg==", der_key); michael@0: do_check_eq(cryptoSvc.decrypt(cryptoSvc.encrypt("bacon", der_key, iv), der_key, iv), "bacon"); michael@0: michael@0: // Base32. Again, specify '16' to avoid it generating a 256-bit key string. michael@0: var b32key = Utils.derivePresentableKeyFromPassphrase(der_passphrase, der_salt, 16); michael@0: var hyphenated = Utils.hyphenatePassphrase(b32key); michael@0: do_check_true(Utils.isPassphrase(b32key)); michael@0: michael@0: _("Derived key in base32: " + b32key); michael@0: do_check_eq(b32key.length, 26); michael@0: do_check_eq(hyphenated.length, 31); // 1 char, plus 5 groups of 5, hyphenated = 5 + (5*5) + 1 = 31. michael@0: do_check_eq(hyphenated, "9-5wmnu-95tqc-78z2h-amkbw-izqzi"); michael@0: michael@0: if (this.gczeal) michael@0: gczeal(0); michael@0: michael@0: // Test the equivalence of our NSS and JS versions. michael@0: // Will only work on FF4, of course. michael@0: // Note that we don't add gczeal here: the pure-JS implementation is michael@0: // astonishingly slow, and this check takes five minutes to run. michael@0: do_check_eq( michael@0: Utils.deriveEncodedKeyFromPassphrase(der_passphrase, der_salt, 16, false), michael@0: Utils.deriveEncodedKeyFromPassphrase(der_passphrase, der_salt, 16, true)); michael@0: }