1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
"use strict";
// Tests that the SDR implementation is able to decrypt strings encrypted using
// a preexisting NSS key database. Creating the database is straight-forward:
// simply run Firefox (or xpcshell) and encrypt something using
// nsISecretDecoderRing (e.g. by saving a password or directly using the
// interface). The resulting key4.db file (in the profile directory) now
// contains the private key used to encrypt the data.
function run_test() {
const keyDBName = "key4.db";
let profile = do_get_profile();
let keyDBFile = do_get_file(`test_sdr_preexisting/${keyDBName}`);
keyDBFile.copyTo(profile, keyDBName);
let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
Ci.nsISecretDecoderRing
);
let testcases = [
// a full padding block
{
ciphertext:
"MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECGeDHwVfyFqzBBAYvqMq/kDMsrARVNdC1C8d",
plaintext: "password",
},
// 7 bytes of padding
{
ciphertext:
"MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECCAzLDVmYG2/BAh3IoIsMmT8dQ==",
plaintext: "a",
},
// 6 bytes of padding
{
ciphertext:
"MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECPN8zlZzn8FdBAiu2acpT8UHsg==",
plaintext: "bb",
},
// 1 byte of padding
{
ciphertext:
"MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECD5px1eMKkJQBAgUPp35GlrDvQ==",
plaintext: "!seven!",
},
// 2 bytes of padding
{
ciphertext:
"MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECMh0hLtKDyUdBAixw9UZsMt+vA==",
plaintext: "sixsix",
},
// long plaintext requiring more than two blocks
{
ciphertext:
"MFoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECDRX1qi+/FX1BDATFIcIneQjvBuq3wdFxzllJt2VtUD69ACdOKAXH3eA87oHDvuHqOeCDwRy4UzoG5s=",
plaintext: "thisismuchlongerandsotakesupmultipleblocks",
},
// this differs from the previous ciphertext by one bit and demonstrates
// that this implementation does not enforce message integrity
{
ciphertext:
"MFoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECDRX1qi+/FX1BDAbFIcIneQjvBuq3wdFxzllJt2VtUD69ACdOKAXH3eA87oHDvuHqOeCDwRy4UzoG5s=",
plaintext: "nnLbuwLRkhlongerandsotakesupmultipleblocks",
},
];
for (let testcase of testcases) {
let decrypted = sdr.decryptString(testcase.ciphertext);
equal(
decrypted,
testcase.plaintext,
"decrypted ciphertext should match expected plaintext"
);
}
}
|
