summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/tests/unit/test_sdr_preexisting.js
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/tests/unit/test_sdr_preexisting.js')
-rw-r--r--security/manager/ssl/tests/unit/test_sdr_preexisting.js79
1 files changed, 79 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/unit/test_sdr_preexisting.js b/security/manager/ssl/tests/unit/test_sdr_preexisting.js
new file mode 100644
index 0000000000..69b5c194df
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sdr_preexisting.js
@@ -0,0 +1,79 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// Tests that the SDR implementation is able to decrypt strings encrypted using
+// a preexisting NSS key database. Creating the database is straight-forward:
+// simply run Firefox (or xpcshell) and encrypt something using
+// nsISecretDecoderRing (e.g. by saving a password or directly using the
+// interface). The resulting key4.db file (in the profile directory) now
+// contains the private key used to encrypt the data.
+
+function run_test() {
+ const keyDBName = "key4.db";
+ let profile = do_get_profile();
+ let keyDBFile = do_get_file(`test_sdr_preexisting/${keyDBName}`);
+ keyDBFile.copyTo(profile, keyDBName);
+
+ let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
+ Ci.nsISecretDecoderRing
+ );
+
+ let testcases = [
+ // a full padding block
+ {
+ ciphertext:
+ "MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECGeDHwVfyFqzBBAYvqMq/kDMsrARVNdC1C8d",
+ plaintext: "password",
+ },
+ // 7 bytes of padding
+ {
+ ciphertext:
+ "MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECCAzLDVmYG2/BAh3IoIsMmT8dQ==",
+ plaintext: "a",
+ },
+ // 6 bytes of padding
+ {
+ ciphertext:
+ "MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECPN8zlZzn8FdBAiu2acpT8UHsg==",
+ plaintext: "bb",
+ },
+ // 1 byte of padding
+ {
+ ciphertext:
+ "MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECD5px1eMKkJQBAgUPp35GlrDvQ==",
+ plaintext: "!seven!",
+ },
+ // 2 bytes of padding
+ {
+ ciphertext:
+ "MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECMh0hLtKDyUdBAixw9UZsMt+vA==",
+ plaintext: "sixsix",
+ },
+ // long plaintext requiring more than two blocks
+ {
+ ciphertext:
+ "MFoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECDRX1qi+/FX1BDATFIcIneQjvBuq3wdFxzllJt2VtUD69ACdOKAXH3eA87oHDvuHqOeCDwRy4UzoG5s=",
+ plaintext: "thisismuchlongerandsotakesupmultipleblocks",
+ },
+ // this differs from the previous ciphertext by one bit and demonstrates
+ // that this implementation does not enforce message integrity
+ {
+ ciphertext:
+ "MFoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECDRX1qi+/FX1BDAbFIcIneQjvBuq3wdFxzllJt2VtUD69ACdOKAXH3eA87oHDvuHqOeCDwRy4UzoG5s=",
+ plaintext: "nnLbuwLRkhlongerandsotakesupmultipleblocks",
+ },
+ ];
+
+ for (let testcase of testcases) {
+ let decrypted = sdr.decryptString(testcase.ciphertext);
+ equal(
+ decrypted,
+ testcase.plaintext,
+ "decrypted ciphertext should match expected plaintext"
+ );
+ }
+}