| |
| function run_test() { |
| var subtle = self.crypto.subtle; // Change to test prefixed implementations |
| |
| // When are all these tests really done? When all the promises they use have resolved. |
| var all_promises = []; |
| |
| // Source file rsa_vectors.js provides the getTestVectors method |
| // for the RSA-OAEP algorithm that drives these tests. |
| var vectors = getTestVectors(); |
| var passingVectors = vectors.passing; |
| var failingVectors = vectors.failing; |
| |
| // Test decryption, first, because encryption tests rely on that working |
| passingVectors.forEach(function(vector) { |
| var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"]) |
| .then(function(vectors) { |
| // Get a one byte longer plaintext to encrypt |
| if (!("ciphertext" in vector)) { |
| return; |
| } |
| |
| promise_test(function(test) { |
| return subtle.decrypt(vector.algorithm, vector.privateKey, vector.ciphertext) |
| .then(function(plaintext) { |
| assert_true(equalBuffers(plaintext, vector.plaintext, "Decryption works")); |
| }, function(err) { |
| assert_unreached("Decryption should not throw error " + vector.name + ": " + err.message + "'"); |
| }); |
| }, vector.name + " decryption"); |
| |
| }, function(err) { |
| // We need a failed test if the importVectorKey operation fails, so |
| // we know we never tested encryption |
| promise_test(function(test) { |
| assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); |
| }, "importVectorKeys step: " + vector.name + " decryption"); |
| }); |
| |
| all_promises.push(promise); |
| }); |
| |
| // Test decryption with an altered buffer |
| passingVectors.forEach(function(vector) { |
| var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"]) |
| .then(function(vectors) { |
| // Get a one byte longer plaintext to encrypt |
| if (!("ciphertext" in vector)) { |
| return; |
| } |
| |
| promise_test(function(test) { |
| var ciphertext = copyBuffer(vector.ciphertext); |
| var operation = subtle.decrypt(vector.algorithm, vector.privateKey, ciphertext) |
| .then(function(plaintext) { |
| assert_true(equalBuffers(plaintext, vector.plaintext, "Decryption works")); |
| }, function(err) { |
| assert_unreached("Decryption should not throw error " + vector.name + ": " + err.message + "'"); |
| }); |
| ciphertext[0] = 255 - ciphertext[0]; |
| return operation; |
| }, vector.name + " decryption with altered ciphertext"); |
| |
| }, function(err) { |
| // We need a failed test if the importVectorKey operation fails, so |
| // we know we never tested encryption |
| promise_test(function(test) { |
| assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); |
| }, "importVectorKeys step: " + vector.name + " decryption with altered ciphertext"); |
| }); |
| |
| all_promises.push(promise); |
| }); |
| |
| // Check for failures due to using publicKey to decrypt. |
| passingVectors.forEach(function(vector) { |
| var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"]) |
| .then(function(vectors) { |
| promise_test(function(test) { |
| return subtle.decrypt(vector.algorithm, vector.publicKey, vector.ciphertext) |
| .then(function(plaintext) { |
| assert_unreached("Should have thrown error for using publicKey to decrypt in " + vector.name + ": " + err.message + "'"); |
| }, function(err) { |
| assert_equals(err.name, "InvalidAccessError", "Should throw InvalidAccessError instead of " + err.message); |
| }); |
| }, vector.name + " using publicKey to decrypt"); |
| |
| }, function(err) { |
| // We need a failed test if the importVectorKey operation fails, so |
| // we know we never tested encryption |
| promise_test(function(test) { |
| assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); |
| }, "importVectorKeys step: " + vector.name + " using publicKey to decrypt"); |
| }); |
| |
| all_promises.push(promise); |
| }); |
| |
| |
| // Check for failures due to no "decrypt" usage. |
| passingVectors.forEach(function(originalVector) { |
| var vector = Object.assign({}, originalVector); |
| |
| var promise = importVectorKeys(vector, ["encrypt"], ["unwrapKey"]) |
| .then(function(vectors) { |
| // Get a one byte longer plaintext to encrypt |
| promise_test(function(test) { |
| return subtle.decrypt(vector.algorithm, vector.publicKey, vector.ciphertext) |
| .then(function(plaintext) { |
| assert_unreached("Should have thrown error for no decrypt usage in " + vector.name + ": " + err.message + "'"); |
| }, function(err) { |
| assert_equals(err.name, "InvalidAccessError", "Should throw InvalidAccessError instead of " + err.message); |
| }); |
| }, vector.name + " no decrypt usage"); |
| |
| }, function(err) { |
| // We need a failed test if the importVectorKey operation fails, so |
| // we know we never tested encryption |
| promise_test(function(test) { |
| assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); |
| }, "importVectorKeys step: " + vector.name + " no decrypt usage"); |
| }); |
| |
| all_promises.push(promise); |
| }); |
| |
| |
| // Check for successful encryption even if plaintext is altered after call. |
| passingVectors.forEach(function(vector) { |
| var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"]) |
| .then(function(vectors) { |
| promise_test(function(test) { |
| var plaintext = copyBuffer(vector.plaintext); |
| var operation = subtle.encrypt(vector.algorithm, vector.publicKey, plaintext) |
| .then(function(ciphertext) { |
| assert_equals(ciphertext.byteLength * 8, vector.privateKey.algorithm.modulusLength, "Ciphertext length matches modulus length"); |
| // Can we get the original plaintext back via decrypt? |
| return subtle.decrypt(vector.algorithm, vector.privateKey, ciphertext) |
| .then(function(result) { |
| assert_true(equalBuffers(result, vector.plaintext), "Round trip returns original plaintext"); |
| return ciphertext; |
| }, function(err) { |
| assert_unreached("decrypt error for test " + vector.name + ": " + err.message + "'"); |
| }); |
| }) |
| .then(function(priorCiphertext) { |
| // Will a second encrypt give us different ciphertext, as it should? |
| return subtle.encrypt(vector.algorithm, vector.publicKey, vector.plaintext) |
| .then(function(ciphertext) { |
| assert_false(equalBuffers(priorCiphertext, ciphertext), "Two encrypts give different results") |
| }, function(err) { |
| assert_unreached("second time encrypt error for test " + vector.name + ": '" + err.message + "'"); |
| }); |
| }, function(err) { |
| assert_unreached("decrypt error for test " + vector.name + ": '" + err.message + "'"); |
| }); |
| |
| plaintext[0] = 255 - plaintext[0]; |
| return operation; |
| }, vector.name + " with altered plaintext"); |
| |
| }, function(err) { |
| // We need a failed test if the importVectorKey operation fails, so |
| // we know we never tested encryption |
| promise_test(function(test) { |
| assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); |
| }, "importVectorKeys step: " + vector.name + " with altered plaintext"); |
| }); |
| |
| all_promises.push(promise); |
| }); |
| |
| // Check for successful encryption. |
| passingVectors.forEach(function(vector) { |
| var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"]) |
| .then(function(vectors) { |
| promise_test(function(test) { |
| return subtle.encrypt(vector.algorithm, vector.publicKey, vector.plaintext) |
| .then(function(ciphertext) { |
| assert_equals(ciphertext.byteLength * 8, vector.privateKey.algorithm.modulusLength, "Ciphertext length matches modulus length"); |
| |
| // Can we get the original plaintext back via decrypt? |
| return subtle.decrypt(vector.algorithm, vector.privateKey, ciphertext) |
| .then(function(result) { |
| assert_true(equalBuffers(result, vector.plaintext), "Round trip returns original plaintext"); |
| return ciphertext; |
| }, function(err) { |
| assert_unreached("decrypt error for test " + vector.name + ": " + err.message + "'"); |
| }); |
| }) |
| .then(function(priorCiphertext) { |
| // Will a second encrypt give us different ciphertext, as it should? |
| return subtle.encrypt(vector.algorithm, vector.publicKey, vector.plaintext) |
| .then(function(ciphertext) { |
| assert_false(equalBuffers(priorCiphertext, ciphertext), "Two encrypts give different results") |
| }, function(err) { |
| assert_unreached("second time encrypt error for test " + vector.name + ": '" + err.message + "'"); |
| }); |
| }, function(err) { |
| assert_unreached("decrypt error for test " + vector.name + ": '" + err.message + "'"); |
| }); |
| }, vector.name); |
| |
| }, function(err) { |
| // We need a failed test if the importVectorKey operation fails, so |
| // we know we never tested encryption |
| promise_test(function(test) { |
| assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); |
| }, "importVectorKeys step: " + vector.name); |
| }); |
| |
| all_promises.push(promise); |
| }); |
| |
| // Check for failures due to too long plaintext. |
| passingVectors.forEach(function(vector) { |
| var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"]) |
| .then(function(vectors) { |
| // Get a one byte longer plaintext to encrypt |
| var plaintext = new Uint8Array(vector.plaintext.byteLength + 1); |
| plaintext.set(plaintext, 0); |
| plaintext.set(new Uint8Array([32]), vector.plaintext.byteLength); |
| promise_test(function(test) { |
| return subtle.encrypt(vector.algorithm, vector.publicKey, plaintext) |
| .then(function(ciphertext) { |
| assert_unreached("Should have thrown error for too long plaintext in " + vector.name + ": " + err.message + "'"); |
| }, function(err) { |
| assert_equals(err.name, "OperationError", "Should throw OperationError instead of " + err.message); |
| }); |
| }, vector.name + " too long plaintext"); |
| |
| }, function(err) { |
| // We need a failed test if the importVectorKey operation fails, so |
| // we know we never tested encryption |
| promise_test(function(test) { |
| assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); |
| }, "importVectorKeys step: " + vector.name + " too long plaintext"); |
| }); |
| |
| all_promises.push(promise); |
| }); |
| |
| |
| // Check for failures due to using privateKey to encrypt. |
| passingVectors.forEach(function(vector) { |
| var promise = importVectorKeys(vector, ["encrypt"], ["decrypt"]) |
| .then(function(vectors) { |
| promise_test(function(test) { |
| return subtle.encrypt(vector.algorithm, vector.privateKey, vector.plaintext) |
| .then(function(ciphertext) { |
| assert_unreached("Should have thrown error for using privateKey to encrypt in " + vector.name + ": " + err.message + "'"); |
| }, function(err) { |
| assert_equals(err.name, "InvalidAccessError", "Should throw InvalidAccessError instead of " + err.message); |
| }); |
| }, vector.name + " using privateKey to encrypt"); |
| |
| }, function(err) { |
| // We need a failed test if the importVectorKey operation fails, so |
| // we know we never tested encryption |
| promise_test(function(test) { |
| assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); |
| }, "importVectorKeys step: " + vector.name + " using privateKey to encrypt"); |
| }); |
| |
| all_promises.push(promise); |
| }); |
| |
| |
| // Check for failures due to no "encrypt usage". |
| passingVectors.forEach(function(originalVector) { |
| var vector = Object.assign({}, originalVector); |
| |
| var promise = importVectorKeys(vector, [], ["decrypt"]) |
| .then(function(vectors) { |
| // Get a one byte longer plaintext to encrypt |
| promise_test(function(test) { |
| return subtle.encrypt(vector.algorithm, vector.publicKey, vector.plaintext) |
| .then(function(ciphertext) { |
| assert_unreached("Should have thrown error for no encrypt usage in " + vector.name + ": " + err.message + "'"); |
| }, function(err) { |
| assert_equals(err.name, "InvalidAccessError", "Should throw InvalidAccessError instead of " + err.message); |
| }); |
| }, vector.name + " no encrypt usage"); |
| |
| }, function(err) { |
| // We need a failed test if the importVectorKey operation fails, so |
| // we know we never tested encryption |
| promise_test(function(test) { |
| assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); |
| }, "importVectorKeys step: " + vector.name + " no encrypt usage"); |
| }); |
| |
| all_promises.push(promise); |
| }); |
| |
| Promise.all(all_promises) |
| .then(function() {done();}) |
| .catch(function() {done();}) |
| |
| // A test vector has all needed fields for encryption, EXCEPT that the |
| // key field may be null. This function replaces that null with the Correct |
| // CryptoKey object. |
| // |
| // Returns a Promise that yields an updated vector on success. |
| function importVectorKeys(vector, publicKeyUsages, privateKeyUsages) { |
| var publicPromise, privatePromise; |
| |
| if (vector.publicKey !== null) { |
| publicPromise = new Promise(function(resolve, reject) { |
| resolve(vector); |
| }); |
| } else { |
| publicPromise = subtle.importKey(vector.publicKeyFormat, vector.publicKeyBuffer, {name: vector.algorithm.name, hash: vector.hash}, false, publicKeyUsages) |
| .then(function(key) { |
| vector.publicKey = key; |
| return vector; |
| }); // Returns a copy of the sourceBuffer it is sent. |
| function copyBuffer(sourceBuffer) { |
| var source = new Uint8Array(sourceBuffer); |
| var copy = new Uint8Array(sourceBuffer.byteLength) |
| |
| for (var i=0; i<source.byteLength; i++) { |
| copy[i] = source[i]; |
| } |
| |
| return copy; |
| } |
| |
| } |
| |
| if (vector.privateKey !== null) { |
| privatePromise = new Promise(function(resolve, reject) { |
| resolve(vector); |
| }); |
| } else { |
| privatePromise = subtle.importKey(vector.privateKeyFormat, vector.privateKeyBuffer, {name: vector.algorithm.name, hash: vector.hash}, false, privateKeyUsages) |
| .then(function(key) { |
| vector.privateKey = key; |
| return vector; |
| }); |
| } |
| |
| return Promise.all([publicPromise, privatePromise]); |
| } |
| |
| // Returns a copy of the sourceBuffer it is sent. |
| function copyBuffer(sourceBuffer) { |
| var source = new Uint8Array(sourceBuffer); |
| var copy = new Uint8Array(sourceBuffer.byteLength) |
| |
| for (var i=0; i<source.byteLength; i++) { |
| copy[i] = source[i]; |
| } |
| |
| return copy; |
| } |
| |
| function equalBuffers(a, b) { |
| if (a.byteLength !== b.byteLength) { |
| return false; |
| } |
| |
| var aBytes = new Uint8Array(a); |
| var bBytes = new Uint8Array(b); |
| |
| for (var i=0; i<a.byteLength; i++) { |
| if (aBytes[i] !== bBytes[i]) { |
| return false; |
| } |
| } |
| |
| return true; |
| } |
| |
| return; |
| } |