306 lines
12 KiB
JavaScript
306 lines
12 KiB
JavaScript
|
/* eslint-disable camelcase */
|
||
|
const test = require('brittle')
|
||
|
const sodium = require('..')
|
||
|
|
||
|
test('crypto_box_seed_keypair', function (t) {
|
||
|
const pk = Buffer.alloc(sodium.crypto_box_PUBLICKEYBYTES)
|
||
|
const sk = Buffer.alloc(sodium.crypto_box_SECRETKEYBYTES)
|
||
|
const seed = Buffer.alloc(sodium.crypto_box_SEEDBYTES, 'lo')
|
||
|
|
||
|
t.exception.all(function () {
|
||
|
sodium.crypto_box_seed_keypair()
|
||
|
}, 'should validate input')
|
||
|
|
||
|
t.exception.all(function () {
|
||
|
sodium.crypto_box_seed_keypair(Buffer.alloc(0), Buffer.alloc(0), Buffer.alloc(0))
|
||
|
}, 'should validate input length')
|
||
|
|
||
|
sodium.crypto_box_seed_keypair(pk, sk, seed)
|
||
|
|
||
|
const eSk = '8661a95d21b134adc02881022ad86d37f32a230d537b525b997bce27aa745afc'
|
||
|
const ePk = '425c5ba523e70411c77300bb48dd846562e6c1fcf0142d81d2567d650ce76c3b'
|
||
|
|
||
|
t.alike(pk.toString('hex'), ePk, 'seeded public key')
|
||
|
t.alike(sk.toString('hex'), eSk, 'seeded secret key')
|
||
|
})
|
||
|
|
||
|
test('crypto_box_keypair', function (t) {
|
||
|
const pk = Buffer.alloc(sodium.crypto_box_PUBLICKEYBYTES)
|
||
|
const sk = Buffer.alloc(sodium.crypto_box_SECRETKEYBYTES)
|
||
|
|
||
|
sodium.crypto_box_keypair(pk, sk)
|
||
|
|
||
|
t.not(pk, Buffer.alloc(pk.length), 'made public key')
|
||
|
t.not(sk, Buffer.alloc(sk.length), 'made secret key')
|
||
|
|
||
|
t.exception.all(function () {
|
||
|
sodium.crypto_box_keypair()
|
||
|
}, 'should validate input')
|
||
|
|
||
|
t.exception.all(function () {
|
||
|
sodium.crypto_box_keypair(Buffer.alloc(0), Buffer.alloc(0))
|
||
|
}, 'should validate input length')
|
||
|
})
|
||
|
|
||
|
test('crypto_box_detached', function (t) {
|
||
|
const pk = Buffer.alloc(sodium.crypto_box_PUBLICKEYBYTES)
|
||
|
const sk = Buffer.alloc(sodium.crypto_box_SECRETKEYBYTES)
|
||
|
const nonce = Buffer.alloc(sodium.crypto_box_NONCEBYTES)
|
||
|
|
||
|
sodium.crypto_box_keypair(pk, sk)
|
||
|
|
||
|
const message = Buffer.from('Hello, World!')
|
||
|
const mac = Buffer.alloc(sodium.crypto_box_MACBYTES)
|
||
|
const cipher = Buffer.alloc(message.length)
|
||
|
|
||
|
sodium.crypto_box_detached(cipher, mac, message, nonce, pk, sk)
|
||
|
|
||
|
t.not(cipher, Buffer.alloc(cipher.length), 'not blank')
|
||
|
|
||
|
const plain = Buffer.alloc(cipher.length)
|
||
|
t.absent(sodium.crypto_box_open_detached(plain, cipher, Buffer.alloc(mac.length), nonce, pk, sk), 'does not decrypt')
|
||
|
t.ok(sodium.crypto_box_open_detached(plain, cipher, mac, nonce, pk, sk), 'decrypts')
|
||
|
t.alike(plain, message, 'same message')
|
||
|
})
|
||
|
|
||
|
test('crypto_box_easy', function (t) {
|
||
|
const pk = Buffer.alloc(sodium.crypto_box_PUBLICKEYBYTES)
|
||
|
const sk = Buffer.alloc(sodium.crypto_box_SECRETKEYBYTES)
|
||
|
const nonce = Buffer.alloc(sodium.crypto_box_NONCEBYTES)
|
||
|
|
||
|
sodium.crypto_box_keypair(pk, sk)
|
||
|
|
||
|
const message = Buffer.from('Hello, World!')
|
||
|
const cipher = Buffer.alloc(message.length + sodium.crypto_box_MACBYTES)
|
||
|
|
||
|
sodium.crypto_box_easy(cipher, message, nonce, pk, sk)
|
||
|
|
||
|
t.not(cipher, Buffer.alloc(cipher.length), 'not blank')
|
||
|
|
||
|
const plain = Buffer.alloc(cipher.length - sodium.crypto_box_MACBYTES)
|
||
|
t.absent(sodium.crypto_box_open_easy(plain, Buffer.alloc(cipher.length), nonce, pk, sk), 'does not decrypt')
|
||
|
t.ok(sodium.crypto_box_open_easy(plain, cipher, nonce, pk, sk), 'decrypts')
|
||
|
t.alike(plain, message, 'same message')
|
||
|
})
|
||
|
|
||
|
test('crypto_box_seal', function (t) {
|
||
|
const pk = Buffer.alloc(sodium.crypto_box_PUBLICKEYBYTES)
|
||
|
const sk = Buffer.alloc(sodium.crypto_box_SECRETKEYBYTES)
|
||
|
|
||
|
sodium.crypto_box_keypair(pk, sk)
|
||
|
|
||
|
const pk2 = Buffer.alloc(sodium.crypto_box_PUBLICKEYBYTES)
|
||
|
const sk2 = Buffer.alloc(sodium.crypto_box_SECRETKEYBYTES)
|
||
|
|
||
|
sodium.crypto_box_keypair(pk2, sk2)
|
||
|
|
||
|
const message = Buffer.from('Hello, sealed World!')
|
||
|
const cipher = Buffer.alloc(message.length + sodium.crypto_box_SEALBYTES)
|
||
|
|
||
|
sodium.crypto_box_seal(cipher, message, pk)
|
||
|
t.not(cipher, message, 'did not encrypt!')
|
||
|
|
||
|
t.not(cipher, Buffer.alloc(cipher.length), 'not blank')
|
||
|
|
||
|
const plain = Buffer.alloc(cipher.length - sodium.crypto_box_SEALBYTES)
|
||
|
t.absent(sodium.crypto_box_seal_open(plain, cipher, pk2, sk2), 'does not decrypt')
|
||
|
t.ok(sodium.crypto_box_seal_open(plain, cipher, pk, sk), 'decrypts')
|
||
|
t.alike(plain, message, 'same message')
|
||
|
})
|
||
|
|
||
|
test('crypto_box_seal/crypto_box_seal_open self-decrypt', function (t) {
|
||
|
const pubKey = Buffer.alloc(sodium.crypto_box_PUBLICKEYBYTES)
|
||
|
const secret = Buffer.alloc(sodium.crypto_box_SECRETKEYBYTES)
|
||
|
|
||
|
sodium.crypto_box_keypair(pubKey, secret)
|
||
|
|
||
|
const msg = Buffer.from('hello world')
|
||
|
const cipher = Buffer.alloc(sodium.crypto_box_SEALBYTES + msg.length)
|
||
|
sodium.crypto_box_seal(cipher, msg, pubKey)
|
||
|
|
||
|
const out = Buffer.alloc(cipher.length - sodium.crypto_box_SEALBYTES)
|
||
|
sodium.crypto_box_seal_open(out, cipher, pubKey, secret)
|
||
|
t.alike(out.toString(), msg.toString())
|
||
|
t.end()
|
||
|
})
|
||
|
|
||
|
test('crypto_box_seal_open cross-decrypt', function (t) {
|
||
|
const pubKey = Buffer.from(
|
||
|
'e0bb844ae3f48bb04323c8dfe7c34cf86608db2e2112f927953060c80506287f', 'hex')
|
||
|
const secret = Buffer.from(
|
||
|
'036a9de1ecc9d152cf39fed1b3e15bf761ae39a299031adc011cc9809041abfa', 'hex')
|
||
|
const cipher = Buffer.from(
|
||
|
'249912e916ad8bcf96a3f9b750da2703' +
|
||
|
'2eccdf83b5cff0d6a59a8bbe0bcd5823' +
|
||
|
'5de9fbca55bd5416c754e5e0e0fe2f0c' +
|
||
|
'4e50df0cb302f1c4378f80', 'hex')
|
||
|
|
||
|
const out = Buffer.alloc(cipher.length - sodium.crypto_box_SEALBYTES)
|
||
|
sodium.crypto_box_seal_open(out, cipher, pubKey, secret)
|
||
|
t.alike(out.toString(), 'hello world')
|
||
|
t.end()
|
||
|
})
|
||
|
|
||
|
test('crypto_box_seed_keypair', function (t) {
|
||
|
const seed = Buffer.from([
|
||
|
0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5,
|
||
|
0x7d, 0x3c, 0x16, 0xc1, 0x72, 0x51, 0xb2,
|
||
|
0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb,
|
||
|
0xc0, 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5,
|
||
|
0x1d, 0xb9, 0x2c, 0x2a
|
||
|
])
|
||
|
|
||
|
const expPk = Buffer.from([
|
||
|
0xed, 0x77, 0x49, 0xb4, 0xd9, 0x89, 0xf6, 0x95,
|
||
|
0x7f, 0x3b, 0xfd, 0xe6, 0xc5, 0x67, 0x67, 0xe9,
|
||
|
0x88, 0xe2, 0x1c, 0x9f, 0x87, 0x84, 0xd9, 0x1d,
|
||
|
0x61, 0x00, 0x11, 0xcd, 0x55, 0x3f, 0x9b, 0x06
|
||
|
])
|
||
|
|
||
|
const expSk = Buffer.from([
|
||
|
0xac, 0xcd, 0x44, 0xeb, 0x8e, 0x93, 0x31, 0x9c,
|
||
|
0x05, 0x70, 0xbc, 0x11, 0x00, 0x5c, 0x0e, 0x01,
|
||
|
0x89, 0xd3, 0x4f, 0xf0, 0x2f, 0x6c, 0x17, 0x77,
|
||
|
0x34, 0x11, 0xad, 0x19, 0x12, 0x93, 0xc9, 0x8f
|
||
|
])
|
||
|
|
||
|
const sk = Buffer.alloc(32)
|
||
|
const pk = Buffer.alloc(32)
|
||
|
|
||
|
sodium.crypto_box_seed_keypair(pk, sk, seed)
|
||
|
|
||
|
t.alike(pk, expPk)
|
||
|
t.alike(sk, expSk)
|
||
|
|
||
|
t.end()
|
||
|
})
|
||
|
|
||
|
test('crypto_box_easy', (t) => {
|
||
|
const alicesk = new Uint8Array([
|
||
|
0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72,
|
||
|
0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a,
|
||
|
0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a
|
||
|
])
|
||
|
const bobpk = new Uint8Array([
|
||
|
0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, 0x5b, 0x61, 0xc2,
|
||
|
0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78, 0x67, 0x4d,
|
||
|
0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f
|
||
|
])
|
||
|
const nonce = new Uint8Array([
|
||
|
0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73, 0xcd, 0x62, 0xbd, 0xa8,
|
||
|
0x75, 0xfc, 0x73, 0xd6, 0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37
|
||
|
])
|
||
|
const m = new Uint8Array([
|
||
|
0xbe, 0x07, 0x5f, 0xc5, 0x3c, 0x81, 0xf2, 0xd5, 0xcf, 0x14, 0x13, 0x16,
|
||
|
0xeb, 0xeb, 0x0c, 0x7b, 0x52, 0x28, 0xc5, 0x2a, 0x4c, 0x62, 0xcb, 0xd4,
|
||
|
0x4b, 0x66, 0x84, 0x9b, 0x64, 0x24, 0x4f, 0xfc, 0xe5, 0xec, 0xba, 0xaf,
|
||
|
0x33, 0xbd, 0x75, 0x1a, 0x1a, 0xc7, 0x28, 0xd4, 0x5e, 0x6c, 0x61, 0x29,
|
||
|
0x6c, 0xdc, 0x3c, 0x01, 0x23, 0x35, 0x61, 0xf4, 0x1d, 0xb6, 0x6c, 0xce,
|
||
|
0x31, 0x4a, 0xdb, 0x31, 0x0e, 0x3b, 0xe8, 0x25, 0x0c, 0x46, 0xf0, 0x6d,
|
||
|
0xce, 0xea, 0x3a, 0x7f, 0xa1, 0x34, 0x80, 0x57, 0xe2, 0xf6, 0x55, 0x6a,
|
||
|
0xd6, 0xb1, 0x31, 0x8a, 0x02, 0x4a, 0x83, 0x8f, 0x21, 0xaf, 0x1f, 0xde,
|
||
|
0x04, 0x89, 0x77, 0xeb, 0x48, 0xf5, 0x9f, 0xfd, 0x49, 0x24, 0xca, 0x1c,
|
||
|
0x60, 0x90, 0x2e, 0x52, 0xf0, 0xa0, 0x89, 0xbc, 0x76, 0x89, 0x70, 0x40,
|
||
|
0xe0, 0x82, 0xf9, 0x37, 0x76, 0x38, 0x48, 0x64, 0x5e, 0x07, 0x05
|
||
|
])
|
||
|
|
||
|
const c = new Uint8Array(147)
|
||
|
sodium.crypto_box_easy(c, m, nonce, bobpk, alicesk)
|
||
|
|
||
|
const expected1 = new Uint8Array([
|
||
|
0xf3, 0xff, 0xc7, 0x70, 0x3f, 0x94, 0x00, 0xe5, 0x2a, 0x7d, 0xfb, 0x4b,
|
||
|
0x3d, 0x33, 0x05, 0xd9, 0x8e, 0x99, 0x3b, 0x9f, 0x48, 0x68, 0x12, 0x73,
|
||
|
0xc2, 0x96, 0x50, 0xba, 0x32, 0xfc, 0x76, 0xce, 0x48, 0x33, 0x2e, 0xa7,
|
||
|
0x16, 0x4d, 0x96, 0xa4, 0x47, 0x6f, 0xb8, 0xc5, 0x31, 0xa1, 0x18, 0x6a,
|
||
|
0xc0, 0xdf, 0xc1, 0x7c, 0x98, 0xdc, 0xe8, 0x7b, 0x4d, 0xa7, 0xf0, 0x11,
|
||
|
0xec, 0x48, 0xc9, 0x72, 0x71, 0xd2, 0xc2, 0x0f, 0x9b, 0x92, 0x8f, 0xe2,
|
||
|
0x27, 0x0d, 0x6f, 0xb8, 0x63, 0xd5, 0x17, 0x38, 0xb4, 0x8e, 0xee, 0xe3,
|
||
|
0x14, 0xa7, 0xcc, 0x8a, 0xb9, 0x32, 0x16, 0x45, 0x48, 0xe5, 0x26, 0xae,
|
||
|
0x90, 0x22, 0x43, 0x68, 0x51, 0x7a, 0xcf, 0xea, 0xbd, 0x6b, 0xb3, 0x73,
|
||
|
0x2b, 0xc0, 0xe9, 0xda, 0x99, 0x83, 0x2b, 0x61, 0xca, 0x01, 0xb6, 0xde,
|
||
|
0x56, 0x24, 0x4a, 0x9e, 0x88, 0xd5, 0xf9, 0xb3, 0x79, 0x73, 0xf6, 0x22,
|
||
|
0xa4, 0x3d, 0x14, 0xa6, 0x59, 0x9b, 0x1f, 0x65, 0x4c, 0xb4, 0x5a, 0x74,
|
||
|
0xe3, 0x55, 0xa5
|
||
|
])
|
||
|
|
||
|
t.alike(c, expected1, 'encrypts correctly')
|
||
|
|
||
|
// This test isn't found upstream, but it seems necessary to have at least
|
||
|
// one crypto_box_open_easy() working since the next test diverges.
|
||
|
const o = new Uint8Array(131)
|
||
|
t.ok(sodium.crypto_box_open_easy(o, expected1, nonce, bobpk, alicesk))
|
||
|
t.alike(o, m, 'decrypts correctly')
|
||
|
|
||
|
const guardPage = new Uint8Array(0)
|
||
|
|
||
|
t.execution(() => sodium.crypto_box_easy(
|
||
|
c.subarray(0, sodium.crypto_box_MACBYTES),
|
||
|
guardPage,
|
||
|
nonce,
|
||
|
bobpk,
|
||
|
alicesk
|
||
|
))
|
||
|
|
||
|
const expected2 = new Uint8Array([
|
||
|
0x25, 0x39, 0x12, 0x1d, 0x8e, 0x23, 0x4e, 0x65, 0x2d, 0x65, 0x1f, 0xa4,
|
||
|
0xc8, 0xcf, 0xf8, 0x80, 0x8e
|
||
|
])
|
||
|
|
||
|
t.alike(c.subarray(0, expected2.length), expected2)
|
||
|
|
||
|
t.ok(sodium.crypto_box_open_easy(
|
||
|
new Uint8Array(0),
|
||
|
c.subarray(0, sodium.crypto_box_MACBYTES),
|
||
|
nonce,
|
||
|
bobpk,
|
||
|
alicesk
|
||
|
))
|
||
|
|
||
|
c[Math.floor(Math.random() * sodium.crypto_box_MACBYTES)] += 1
|
||
|
|
||
|
t.absent(sodium.crypto_box_open_easy(new Uint8Array(0), c.subarray(0, sodium.crypto_box_MACBYTES), nonce, bobpk, alicesk))
|
||
|
|
||
|
t.end()
|
||
|
})
|
||
|
|
||
|
/* eslint-disable camelcase */
|
||
|
test('crypto_box_easy2', t => {
|
||
|
const alicepk = new Uint8Array(sodium.crypto_box_PUBLICKEYBYTES)
|
||
|
const alicesk = new Uint8Array(sodium.crypto_box_SECRETKEYBYTES)
|
||
|
const bobpk = new Uint8Array(sodium.crypto_box_PUBLICKEYBYTES)
|
||
|
const bobsk = new Uint8Array(sodium.crypto_box_SECRETKEYBYTES)
|
||
|
const nonce = new Uint8Array(sodium.crypto_box_NONCEBYTES)
|
||
|
const m_size = 7 + Math.floor(Math.random() * 1000)
|
||
|
const m = new Uint8Array(m_size)
|
||
|
const m2 = new Uint8Array(m_size)
|
||
|
const c = new Uint8Array(sodium.crypto_box_MACBYTES + m_size)
|
||
|
|
||
|
sodium.crypto_box_keypair(alicepk, alicesk)
|
||
|
sodium.crypto_box_keypair(bobpk, bobsk)
|
||
|
|
||
|
const mlen = Math.floor(Math.random() * m_size) + 1
|
||
|
sodium.randombytes_buf(m.subarray(0, mlen))
|
||
|
sodium.randombytes_buf(nonce.subarray(0, sodium.crypto_box_NONCEBYTES))
|
||
|
|
||
|
t.execution(() => sodium.crypto_box_easy(c.subarray(0, mlen + sodium.crypto_box_MACBYTES), m.subarray(0, mlen), nonce, bobpk, alicesk))
|
||
|
|
||
|
t.ok(sodium.crypto_box_open_easy(m2.subarray(0, mlen), c.subarray(0, mlen + sodium.crypto_box_MACBYTES), nonce, alicepk, bobsk))
|
||
|
t.alike(m.subarray(0, mlen), m2.subarray(0, mlen))
|
||
|
|
||
|
for (let i = sodium.crypto_box_MACBYTES; i < mlen + sodium.crypto_box_MACBYTES - 1; i++) {
|
||
|
if (sodium.crypto_box_open_easy(m2.subarray(0, i - sodium.crypto_box_MACBYTES), c.subarray(0, i), nonce, alicepk, bobsk)) {
|
||
|
t.fail('short open() should fail.')
|
||
|
}
|
||
|
}
|
||
|
|
||
|
c.set(m.subarray(0, mlen))
|
||
|
t.execution(() => sodium.crypto_box_easy(c.subarray(0, mlen + sodium.crypto_box_MACBYTES), c.subarray(0, mlen), nonce, bobpk, alicesk))
|
||
|
|
||
|
t.unlike(m.subarray(0, mlen), c.subarray(0, mlen))
|
||
|
t.unlike(m.subarray(0, mlen), c.subarray(sodium.crypto_box_MACBYTES, sodium.crypto_box_MACBYTES + mlen))
|
||
|
|
||
|
t.ok(sodium.crypto_box_open_easy(c.subarray(0, mlen), c.subarray(0, mlen + sodium.crypto_box_MACBYTES), nonce, alicepk, bobsk))
|
||
|
|
||
|
t.end()
|
||
|
})
|