1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
|
// Test PushCrypto.encrypt()
"use strict";
const { PushCrypto } = ChromeUtils.importESModule(
"resource://gre/modules/PushCrypto.sys.mjs"
);
let from64 = v => {
// allow whitespace in the strings.
let stripped = v.replace(/ |\t|\r|\n/g, "");
return new Uint8Array(
ChromeUtils.base64URLDecode(stripped, { padding: "reject" })
);
};
let to64 = v => ChromeUtils.base64URLEncode(v, { pad: false });
// A helper function to take a public key (as a buffer containing a 65-byte
// buffer of uncompressed EC points) and a private key (32byte buffer) and
// return 2 crypto keys.
async function importKeyPair(publicKeyBuffer, privateKeyBuffer) {
let jwk = {
kty: "EC",
crv: "P-256",
x: to64(publicKeyBuffer.slice(1, 33)),
y: to64(publicKeyBuffer.slice(33, 65)),
ext: true,
};
let publicKey = await crypto.subtle.importKey(
"jwk",
jwk,
{ name: "ECDH", namedCurve: "P-256" },
true,
[]
);
jwk.d = to64(privateKeyBuffer);
let privateKey = await crypto.subtle.importKey(
"jwk",
jwk,
{ name: "ECDH", namedCurve: "P-256" },
true,
["deriveBits"]
);
return { publicKey, privateKey };
}
// The example from draft-ietf-webpush-encryption-09.
add_task(async function static_aes128gcm() {
let fixture = {
ciphertext:
from64(`DGv6ra1nlYgDCS1FRnbzlwAAEABBBP4z9KsN6nGRTbVYI_c7VJSPQTBtkgcy27ml
mlMoZIIgDll6e3vCYLocInmYWAmS6TlzAC8wEqKK6PBru3jl7A_yl95bQpu6cVPT
pK4Mqgkf1CXztLVBSt2Ks3oZwbuwXPXLWyouBWLVWGNWQexSgSxsj_Qulcy4a-fN`),
plaintext: new TextEncoder().encode(
"When I grow up, I want to be a watermelon"
),
authSecret: from64("BTBZMqHH6r4Tts7J_aSIgg"),
receiver: {
private: from64("q1dXpw3UpT5VOmu_cf_v6ih07Aems3njxI-JWgLcM94"),
public: from64(`BCVxsr7N_eNgVRqvHtD0zTZsEc6-VV-JvLexhqUzORcx
aOzi6-AYWXvTBHm4bjyPjs7Vd8pZGH6SRpkNtoIAiw4`),
},
sender: {
private: from64("yfWPiYE-n46HLnH0KqZOF1fJJU3MYrct3AELtAQ-oRw"),
public: from64(`BP4z9KsN6nGRTbVYI_c7VJSPQTBtkgcy27mlmlMoZIIg
Dll6e3vCYLocInmYWAmS6TlzAC8wEqKK6PBru3jl7A8`),
},
salt: from64("DGv6ra1nlYgDCS1FRnbzlw"),
};
let options = {
senderKeyPair: await importKeyPair(
fixture.sender.public,
fixture.sender.private
),
salt: fixture.salt,
};
let { ciphertext, encoding } = await PushCrypto.encrypt(
fixture.plaintext,
fixture.receiver.public,
fixture.authSecret,
options
);
Assert.deepEqual(ciphertext, fixture.ciphertext);
Assert.equal(encoding, "aes128gcm");
// and for fun, decrypt it and check the plaintext.
let recvKeyPair = await importKeyPair(
fixture.receiver.public,
fixture.receiver.private
);
let jwk = await crypto.subtle.exportKey("jwk", recvKeyPair.privateKey);
let plaintext = await PushCrypto.decrypt(
jwk,
fixture.receiver.public,
fixture.authSecret,
{ encoding: "aes128gcm" },
ciphertext
);
Assert.deepEqual(plaintext, fixture.plaintext);
});
// This is how we expect real code to interact with .encrypt.
add_task(async function aes128gcm_simple() {
let [recvPublicKey, recvPrivateKey] = await PushCrypto.generateKeys();
let message = new TextEncoder().encode("Fast for good.");
let authSecret = crypto.getRandomValues(new Uint8Array(16));
let { ciphertext, encoding } = await PushCrypto.encrypt(
message,
recvPublicKey,
authSecret
);
Assert.equal(encoding, "aes128gcm");
// and decrypt it.
let plaintext = await PushCrypto.decrypt(
recvPrivateKey,
recvPublicKey,
authSecret,
{ encoding },
ciphertext
);
deepEqual(message, plaintext);
});
// Variable record size tests
add_task(async function aes128gcm_rs() {
let [recvPublicKey, recvPrivateKey] = await PushCrypto.generateKeys();
for (let rs of [-1, 0, 1, 17]) {
let payload = "x".repeat(1024);
info(`testing expected failure with rs=${rs}`);
let message = new TextEncoder().encode(payload);
let authSecret = crypto.getRandomValues(new Uint8Array(16));
await Assert.rejects(
PushCrypto.encrypt(message, recvPublicKey, authSecret, { rs }),
/recordsize is too small/
);
}
for (let rs of [18, 50, 1024, 4096, 16384]) {
info(`testing expected success with rs=${rs}`);
let payload = "x".repeat(rs * 3);
let message = new TextEncoder().encode(payload);
let authSecret = crypto.getRandomValues(new Uint8Array(16));
let { ciphertext, encoding } = await PushCrypto.encrypt(
message,
recvPublicKey,
authSecret,
{ rs }
);
Assert.equal(encoding, "aes128gcm");
// and decrypt it.
let plaintext = await PushCrypto.decrypt(
recvPrivateKey,
recvPublicKey,
authSecret,
{ encoding },
ciphertext
);
deepEqual(message, plaintext);
}
});
// And try and hit some edge-cases.
add_task(async function aes128gcm_edgecases() {
let [recvPublicKey, recvPrivateKey] = await PushCrypto.generateKeys();
for (let size of [
0,
4096 - 16,
4096 - 16 - 1,
4096 - 16 + 1,
4095,
4096,
4097,
10240,
]) {
info(`testing encryption of ${size} byte payload`);
let message = new TextEncoder().encode("x".repeat(size));
let authSecret = crypto.getRandomValues(new Uint8Array(16));
let { ciphertext, encoding } = await PushCrypto.encrypt(
message,
recvPublicKey,
authSecret
);
Assert.equal(encoding, "aes128gcm");
// and decrypt it.
let plaintext = await PushCrypto.decrypt(
recvPrivateKey,
recvPublicKey,
authSecret,
{ encoding },
ciphertext
);
deepEqual(message, plaintext);
}
});
|
