286 lines
12 KiB
JavaScript
286 lines
12 KiB
JavaScript
/* eslint-disable camelcase */
|
|
const test = require('brittle')
|
|
const b4a = require('b4a')
|
|
const sodium = require('..')
|
|
|
|
test('constants', function (t) {
|
|
t.is(typeof sodium.crypto_aead_chacha20poly1305_ietf_ABYTES, 'number')
|
|
t.is(typeof sodium.crypto_aead_chacha20poly1305_ietf_KEYBYTES, 'number')
|
|
t.is(typeof sodium.crypto_aead_chacha20poly1305_ietf_NPUBBYTES, 'number')
|
|
t.is(typeof sodium.crypto_aead_chacha20poly1305_ietf_NSECBYTES, 'number')
|
|
t.is(sodium.crypto_aead_chacha20poly1305_ietf_NSECBYTES, 0)
|
|
t.is(typeof sodium.crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX, 'number')
|
|
t.is(sodium.crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX, Number.MAX_SAFE_INTEGER) // to make sure, see note in binding.cc
|
|
})
|
|
|
|
test('ported from libsodium', function (t) {
|
|
const mlen = 114
|
|
const adlen = 12
|
|
const clen = mlen + sodium.crypto_aead_chacha20poly1305_ietf_ABYTES
|
|
|
|
const firstkey = b4a.from([
|
|
0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
|
|
0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
|
|
0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
|
|
0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
|
|
])
|
|
|
|
const message = b4a.from('Ladies and Gentlemen of the class of \'99: If I could offer you only one tip for the future, sunscreen would be it.')
|
|
|
|
const m = sodium.sodium_malloc(mlen)
|
|
const nonce = b4a.from([
|
|
0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
|
|
0x44, 0x45, 0x46, 0x47
|
|
])
|
|
t.is(nonce.length, sodium.crypto_aead_chacha20poly1305_ietf_NPUBBYTES)
|
|
|
|
const ad = b4a.from([
|
|
0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
|
|
0xc4, 0xc5, 0xc6, 0xc7
|
|
])
|
|
t.is(ad.length, adlen)
|
|
|
|
const c = sodium.sodium_malloc(clen)
|
|
const detachedc = sodium.sodium_malloc(mlen)
|
|
|
|
const mac = sodium.sodium_malloc(sodium.crypto_aead_chacha20poly1305_ietf_ABYTES)
|
|
|
|
const m2 = sodium.sodium_malloc(mlen)
|
|
|
|
let foundclen = 0
|
|
let foundmaclen = 0
|
|
let m2len = 0
|
|
|
|
let i = 0
|
|
|
|
t.is(message.length, mlen)
|
|
b4a.copy(message, m)
|
|
|
|
foundclen = sodium.crypto_aead_chacha20poly1305_ietf_encrypt(c, m, ad, null, nonce, firstkey)
|
|
t.is(foundclen, mlen + sodium.crypto_aead_chacha20poly1305_ietf_ABYTES)
|
|
|
|
const exp1 = new Uint8Array([
|
|
0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc,
|
|
0x53, 0xef, 0x7e, 0xc2, 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
|
|
0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, 0x3d, 0xbe, 0xa4, 0x5e,
|
|
0x8c, 0xa9, 0x67, 0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
|
|
0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6,
|
|
0x7e, 0xcd, 0x3b, 0x36, 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
|
|
0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, 0xfa, 0xb3, 0x24, 0xe4,
|
|
0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
|
|
0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, 0xe5, 0x76, 0xd2, 0x65,
|
|
0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16, 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09,
|
|
0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
|
|
])
|
|
|
|
t.alike(c, exp1)
|
|
|
|
foundmaclen = sodium.crypto_aead_chacha20poly1305_ietf_encrypt_detached(detachedc, mac, m, ad, null, nonce, firstkey)
|
|
|
|
t.is(foundmaclen, sodium.crypto_aead_chacha20poly1305_ietf_ABYTES)
|
|
const exp0 = c.slice(0, mlen)
|
|
|
|
t.alike(detachedc, exp0)
|
|
|
|
m2len = sodium.crypto_aead_chacha20poly1305_ietf_decrypt(m2, null, c, ad, nonce, firstkey)
|
|
t.is(m2len, mlen)
|
|
|
|
t.alike(m, m2)
|
|
|
|
m2.fill(0)
|
|
sodium.crypto_aead_chacha20poly1305_ietf_decrypt_detached(m2, null, c.slice(0, mlen), mac, ad, nonce, firstkey)
|
|
|
|
t.alike(m, m2)
|
|
|
|
for (i = 0; i < clen; i++) {
|
|
c[i] ^= (i + 1)
|
|
t.exception.all(_ => sodium.crypto_aead_chacha20poly1305_ietf_decrypt(m2, null, c, ad, nonce, firstkey))
|
|
if (b4a.equals(m, m2)) t.fail()
|
|
c[i] ^= (i + 1)
|
|
}
|
|
|
|
foundclen = sodium.crypto_aead_chacha20poly1305_ietf_encrypt(c, m, null, null, nonce, firstkey)
|
|
t.is(foundclen, clen)
|
|
|
|
const exp2 = new Uint8Array([
|
|
0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc,
|
|
0x53, 0xef, 0x7e, 0xc2, 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
|
|
0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, 0x3d, 0xbe, 0xa4, 0x5e,
|
|
0x8c, 0xa9, 0x67, 0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
|
|
0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6,
|
|
0x7e, 0xcd, 0x3b, 0x36, 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
|
|
0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, 0xfa, 0xb3, 0x24, 0xe4,
|
|
0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
|
|
0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, 0xe5, 0x76, 0xd2, 0x65,
|
|
0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16, 0x6a, 0x23, 0xa4, 0x68, 0x1f, 0xd5,
|
|
0x94, 0x56, 0xae, 0xa1, 0xd2, 0x9f, 0x82, 0x47, 0x72, 0x16
|
|
])
|
|
|
|
t.alike(c, exp2)
|
|
|
|
m2len = sodium.crypto_aead_chacha20poly1305_ietf_decrypt(m2, null, c, null, nonce, firstkey)
|
|
t.is(m2len, mlen)
|
|
|
|
t.alike(m2, m)
|
|
|
|
b4a.copy(m, c)
|
|
|
|
foundclen = sodium.crypto_aead_chacha20poly1305_ietf_encrypt(c, c.slice(0, mlen), null, null, nonce, firstkey)
|
|
|
|
t.is(foundclen, clen, 'clen is properly set (adlen=0)')
|
|
|
|
const exp3 = new Uint8Array([
|
|
0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc,
|
|
0x53, 0xef, 0x7e, 0xc2, 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
|
|
0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, 0x3d, 0xbe, 0xa4, 0x5e,
|
|
0x8c, 0xa9, 0x67, 0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
|
|
0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6,
|
|
0x7e, 0xcd, 0x3b, 0x36, 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
|
|
0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, 0xfa, 0xb3, 0x24, 0xe4,
|
|
0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
|
|
0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, 0xe5, 0x76, 0xd2, 0x65,
|
|
0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16, 0x6a, 0x23, 0xa4, 0x68, 0x1f, 0xd5,
|
|
0x94, 0x56, 0xae, 0xa1, 0xd2, 0x9f, 0x82, 0x47, 0x72, 0x16
|
|
])
|
|
|
|
t.alike(c, exp3)
|
|
|
|
const decrypted = sodium.sodium_malloc(c.byteLength - sodium.crypto_aead_chacha20poly1305_ietf_ABYTES)
|
|
m2len = sodium.crypto_aead_chacha20poly1305_ietf_decrypt(decrypted, null, c, null, nonce, firstkey)
|
|
t.is(m2len, mlen, 'm2len is properly set (adlen=0)')
|
|
|
|
t.alike(m, decrypted, 'm == c (adlen=0)')
|
|
})
|
|
|
|
test.skip('keygen', function (t) {
|
|
const key1 = sodium.sodium_malloc(sodium.crypto_aead_chacha20poly1305_ietf_KEYBYTES)
|
|
const key2 = sodium.sodium_malloc(sodium.crypto_aead_chacha20poly1305_ietf_KEYBYTES)
|
|
|
|
sodium.crypto_aead_chacha20poly1305_ietf_keygen(key1)
|
|
sodium.crypto_aead_chacha20poly1305_ietf_keygen(key2)
|
|
|
|
t.unlike(key1, key2)
|
|
})
|
|
|
|
test.skip('different keys', function (t) {
|
|
const m = b4a.from('Ladies and Gentlemen of the class of \'99: If I could offer you only one tip for the future, sunscreen would be it.')
|
|
|
|
const key1 = sodium.sodium_malloc(sodium.crypto_aead_chacha20poly1305_ietf_KEYBYTES)
|
|
const key2 = sodium.sodium_malloc(sodium.crypto_aead_chacha20poly1305_ietf_KEYBYTES)
|
|
sodium.crypto_aead_chacha20poly1305_ietf_keygen(key1)
|
|
sodium.crypto_aead_chacha20poly1305_ietf_keygen(key2)
|
|
|
|
const nonce = sodium.sodium_malloc(sodium.crypto_aead_chacha20poly1305_ietf_NPUBBYTES)
|
|
sodium.randombytes_buf(nonce)
|
|
|
|
const clen = m.byteLength + sodium.crypto_aead_chacha20poly1305_ietf_ABYTES
|
|
const c1 = sodium.sodium_malloc(clen)
|
|
const c2 = sodium.sodium_malloc(clen)
|
|
|
|
const m1 = sodium.sodium_malloc(m.byteLength)
|
|
const m2 = sodium.sodium_malloc(m.byteLength)
|
|
|
|
t.is(sodium.crypto_aead_chacha20poly1305_ietf_encrypt(c1, m, null, null, nonce, key1), clen)
|
|
t.absent(c1.equals(c2))
|
|
t.absent(c1.equals(m))
|
|
t.is(sodium.crypto_aead_chacha20poly1305_ietf_encrypt(c2, m, null, null, nonce, key2), clen)
|
|
t.absent(c1.equals(c2))
|
|
t.absent(c2.equals(m))
|
|
|
|
t.exception.all(_ => sodium.crypto_aead_chacha20poly1305_ietf_decrypt(m1, null, c1, null, nonce, key2))
|
|
t.exception.all(_ => sodium.crypto_aead_chacha20poly1305_ietf_decrypt(m2, null, c2, null, nonce, key1))
|
|
|
|
t.is(sodium.crypto_aead_chacha20poly1305_ietf_decrypt(m1, null, c1, null, nonce, key1), m.byteLength)
|
|
t.ok(m.equals(m1))
|
|
t.is(sodium.crypto_aead_chacha20poly1305_ietf_decrypt(m2, null, c2, null, nonce, key2), m.byteLength)
|
|
t.ok(m.equals(m2))
|
|
})
|
|
|
|
test.skip('different nonce', function (t) {
|
|
const m = b4a.from('Ladies and Gentlemen of the class of \'99: If I could offer you only one tip for the future, sunscreen would be it.')
|
|
|
|
const key = sodium.sodium_malloc(sodium.crypto_aead_chacha20poly1305_ietf_KEYBYTES)
|
|
sodium.crypto_aead_chacha20poly1305_ietf_keygen(key)
|
|
|
|
const n1 = sodium.sodium_malloc(sodium.crypto_aead_chacha20poly1305_ietf_NPUBBYTES)
|
|
const n2 = sodium.sodium_malloc(sodium.crypto_aead_chacha20poly1305_ietf_NPUBBYTES)
|
|
sodium.randombytes_buf(n1)
|
|
sodium.randombytes_buf(n2)
|
|
|
|
const clen = m.byteLength + sodium.crypto_aead_chacha20poly1305_ietf_ABYTES
|
|
const c1 = sodium.sodium_malloc(clen)
|
|
const c2 = sodium.sodium_malloc(clen)
|
|
|
|
const m1 = sodium.sodium_malloc(m.byteLength)
|
|
const m2 = sodium.sodium_malloc(m.byteLength)
|
|
|
|
t.is(sodium.crypto_aead_chacha20poly1305_ietf_encrypt(c1, m, null, null, n1, key), clen)
|
|
t.absent(c1.equals(c2))
|
|
t.absent(c1.equals(m))
|
|
t.is(sodium.crypto_aead_chacha20poly1305_ietf_encrypt(c2, m, null, null, n2, key), clen)
|
|
t.absent(c1.equals(c2))
|
|
t.absent(c2.equals(m))
|
|
|
|
t.exception.all(_ => sodium.crypto_aead_chacha20poly1305_ietf_decrypt(m1, null, c1, null, n2, key))
|
|
t.exception.all(_ => sodium.crypto_aead_chacha20poly1305_ietf_decrypt(m2, null, c2, null, n1, key))
|
|
|
|
t.is(sodium.crypto_aead_chacha20poly1305_ietf_decrypt(m1, null, c1, null, n1, key), m.byteLength)
|
|
t.ok(m.equals(m1))
|
|
t.is(sodium.crypto_aead_chacha20poly1305_ietf_decrypt(m2, null, c2, null, n2, key), m.byteLength)
|
|
t.ok(m.equals(m2))
|
|
})
|
|
|
|
test.skip('detached -> non-detached', function (t) {
|
|
const m = b4a.from('Ladies and Gentlemen of the class of \'99: If I could offer you only one tip for the future, sunscreen would be it.')
|
|
m.secure = true
|
|
|
|
const key = sodium.sodium_malloc(sodium.crypto_aead_chacha20poly1305_ietf_KEYBYTES)
|
|
sodium.crypto_aead_chacha20poly1305_ietf_keygen(key)
|
|
|
|
const nonce = sodium.sodium_malloc(sodium.crypto_aead_chacha20poly1305_ietf_NPUBBYTES)
|
|
sodium.randombytes_buf(nonce)
|
|
|
|
const mac = sodium.sodium_malloc(sodium.crypto_aead_chacha20poly1305_ietf_ABYTES)
|
|
const clen = m.byteLength
|
|
const c = sodium.sodium_malloc(clen)
|
|
|
|
t.is(sodium.crypto_aead_chacha20poly1305_ietf_encrypt_detached(c, mac, m, null, null, nonce, key), mac.byteLength)
|
|
|
|
const m1 = sodium.sodium_malloc(m.byteLength)
|
|
t.is(sodium.crypto_aead_chacha20poly1305_ietf_decrypt(m1, null, b4a.concat([c, mac]), null, nonce, key), m.byteLength)
|
|
|
|
t.alike(m, m1)
|
|
})
|
|
|
|
test.skip('non-detached -> detached', function (t) {
|
|
const m = b4a.from('Ladies and Gentlemen of the class of \'99: If I could offer you only one tip for the future, sunscreen would be it.')
|
|
m.secure = true
|
|
|
|
const key = sodium.sodium_malloc(sodium.crypto_aead_chacha20poly1305_ietf_KEYBYTES)
|
|
sodium.crypto_aead_chacha20poly1305_ietf_keygen(key)
|
|
|
|
const nonce = sodium.sodium_malloc(sodium.crypto_aead_chacha20poly1305_ietf_NPUBBYTES)
|
|
sodium.randombytes_buf(nonce)
|
|
|
|
const clen = m.byteLength + sodium.crypto_aead_chacha20poly1305_ietf_ABYTES
|
|
const c = sodium.sodium_malloc(clen)
|
|
|
|
t.is(sodium.crypto_aead_chacha20poly1305_ietf_encrypt(c, m, null, null, nonce, key), c.byteLength)
|
|
|
|
const m1 = sodium.sodium_malloc(m.byteLength)
|
|
const csub = c.subarray(0, clen - sodium.crypto_aead_chacha20poly1305_ietf_ABYTES)
|
|
const macsub = c.subarray(csub.byteLength)
|
|
sodium.crypto_aead_chacha20poly1305_ietf_decrypt_detached(m1, null, csub, macsub, null, nonce, key)
|
|
|
|
t.alike(m, m1)
|
|
})
|
|
|
|
/**
|
|
* Need to test in-place encryption
|
|
* detach can talk to non detach
|
|
* encrypt - decrypt
|
|
* different nonce
|
|
* different key
|
|
* return values
|
|
*/
|