/* vim: ts=4:sw=4 * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program. If not, see . */ 'use strict'; describe("ArrayBuffer->String conversion", function() { it('works', function() { var b = new ArrayBuffer(3); var a = new Uint8Array(b); a[0] = 0; a[1] = 255; a[2] = 128; assert.equal(getString(b), "\x00\xff\x80"); }); }); describe("Cryptographic primitives", function() { describe("Encrypt AES-CBC", function() { it('works', function(done) { var key = hexToArrayBuffer('603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4'); var iv = hexToArrayBuffer('000102030405060708090a0b0c0d0e0f'); var plaintext = hexToArrayBuffer('6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710'); var ciphertext = hexToArrayBuffer('f58c4c04d6e5f1ba779eabfb5f7bfbd69cfc4e967edb808d679f777bc6702c7d39f23369a9d9bacfa530e26304231461b2eb05e2c39be9fcda6c19078c6a9d1b3f461796d6b0d6b2e0c2a72b4d80e644'); window.textsecure.crypto.encrypt(key, plaintext, iv).then(function(result) { assert.strictEqual(getString(result), getString(ciphertext)); }).then(done).catch(done); }); }); describe("Decrypt AES-CBC", function() { it('works', function(done) { var key = hexToArrayBuffer('603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4'); var iv = hexToArrayBuffer('000102030405060708090a0b0c0d0e0f'); var plaintext = hexToArrayBuffer('6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710'); var ciphertext = hexToArrayBuffer('f58c4c04d6e5f1ba779eabfb5f7bfbd69cfc4e967edb808d679f777bc6702c7d39f23369a9d9bacfa530e26304231461b2eb05e2c39be9fcda6c19078c6a9d1b3f461796d6b0d6b2e0c2a72b4d80e644'); window.textsecure.crypto.decrypt(key, ciphertext, iv).then(function(result) { assert.strictEqual(getString(result), getString(plaintext)); }).then(done).catch(done); }); }); describe("HMAC SHA-256", function() { it("works", function(done) { var key = hexToArrayBuffer('6f35628d65813435534b5d67fbdb54cb33403d04e843103e6399f806cb5df95febbdd61236f33245'); var input = hexToArrayBuffer('752cff52e4b90768558e5369e75d97c69643509a5e5904e0a386cbe4d0970ef73f918f675945a9aefe26daea27587e8dc909dd56fd0468805f834039b345f855cfe19c44b55af241fff3ffcd8045cd5c288e6c4e284c3720570b58e4d47b8feeedc52fd1401f698a209fccfa3b4c0d9a797b046a2759f82a54c41ccd7b5f592b'); var mac = getString(hexToArrayBuffer('05d1243e6465ed9620c9aec1c351a186')); window.textsecure.crypto.sign(key, input).then(function(result) { assert.strictEqual(getString(result).substring(0, mac.length), mac); }).then(done).catch(done); }); }); describe("HMAC RFC5869 Test vectors", function() { it('works', function(done) { var IKM = new Uint8Array(new ArrayBuffer(22)); for (var i = 0; i < 22; i++) IKM[i] = 11; var salt = new Uint8Array(new ArrayBuffer(13)); for (var i = 0; i < 13; i++) salt[i] = i; var info = new Uint8Array(new ArrayBuffer(10)); for (var i = 0; i < 10; i++) info[i] = 240 + i; return textsecure.crypto.HKDF(IKM.buffer, salt.buffer, info.buffer).then(function(OKM){ var T1 = hexToArrayBuffer("3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf"); var T2 = hexToArrayBuffer("34007208d5b887185865"); assert.equal(getString(OKM[0]), getString(T1)); assert.equal(getString(OKM[1]).substring(0, 10), getString(T2)); }).then(done).catch(done); }); }); }); describe('Unencrypted PushMessageProto "decrypt"', function() { //exclusive it('works', function(done) { localStorage.clear(); var PushMessageProto = dcodeIO.ProtoBuf.loadProtoFile( "protos/IncomingPushMessageSignal.proto" ).build("textsecure.PushMessageContent"); var IncomingMessageProto = dcodeIO.ProtoBuf.loadProtoFile( "protos/IncomingPushMessageSignal.proto" ).build("textsecure.IncomingPushMessageSignal"); var text_message = new PushMessageProto(); text_message.body = "Hi Mom"; var server_message = { type: 4, // unencrypted source: "+19999999999", timestamp: 42, message: text_message.encode() }; return textsecure.protocol.handleIncomingPushMessageProto(server_message). then(function(message) { assert.equal(message.body, text_message.body); assert.equal(message.attachments.length, text_message.attachments.length); assert.equal(text_message.attachments.length, 0); }).then(done).catch(done); }); }); describe("Curve25519", function() { describe("Implementation", function() { // this is a just cute little trick to get a nice-looking note about // which curve25519 impl we're using. if (window.textsecure.NATIVE_CLIENT) { it("is Native Client", function(done) { done(); }); } else { it("is JavaScript", function(done) { done(); }); } }); describe("Simple Curve25519 test vectors", function() { it('works', function(done) { return textsecure.registerOnLoadFunction(function() { // These are just some random curve25519 test vectors I found online (with a version byte prepended to pubkeys) var alice_priv = hexToArrayBuffer("77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a"); var alice_pub = hexToArrayBuffer("058520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"); var bob_priv = hexToArrayBuffer("5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb"); var bob_pub = hexToArrayBuffer("05de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f"); var shared_sec = hexToArrayBuffer("4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742"); return textsecure.crypto.createKeyPair(alice_priv).then(function(aliceKeyPair) { var target = new Uint8Array(alice_priv.slice(0)); target[0] &= 248; target[31] &= 127; target[31] |= 64; assert.equal(getString(aliceKeyPair.pubKey), getString(alice_pub)); assert.equal(getString(aliceKeyPair.privKey), getString(target)); return textsecure.crypto.createKeyPair(bob_priv).then(function(bobKeyPair) { var target = new Uint8Array(bob_priv.slice(0)); target[0] &= 248; target[31] &= 127; target[31] |= 64; assert.equal(getString(bobKeyPair.privKey), getString(target)); assert.equal(getString(bobKeyPair.pubKey), getString(bob_pub)); return textsecure.crypto.ECDHE(bobKeyPair.pubKey, aliceKeyPair.privKey).then(function(ss) { assert.equal(getString(ss), getString(shared_sec)); return textsecure.crypto.ECDHE(aliceKeyPair.pubKey, bobKeyPair.privKey).then(function(ss) { assert.equal(getString(ss), getString(shared_sec)); }); }); }); }); }).then(done).catch(done); }); }); describe("Simple Ed25519 tests", function() { it('works', function(done) { return textsecure.registerOnLoadFunction(function() { // Some self-generated test vectors var priv = hexToArrayBuffer("48a8892cc4e49124b7b57d94fa15becfce071830d6449004685e387c62409973"); var pub = hexToArrayBuffer("0555f1bfede27b6a03e0dd389478ffb01462e5c52dbbac32cf870f00af1ed9af3a"); var msg = hexToArrayBuffer("617364666173646661736466"); var sig = hexToArrayBuffer("2bc06c745acb8bae10fbc607ee306084d0c28e2b3bb819133392473431291fd0"+ "dfa9c7f11479996cf520730d2901267387e08d85bbf2af941590e3035a545285"); return textsecure.crypto.createKeyPair(priv).then(function(pubCalc) { //if (getString(pub) != getString(pubCalc)) // return false; return textsecure.crypto.Ed25519Sign(priv, msg).then(function(sigCalc) { assert.equal(getString(sig), getString(sigCalc)); return textsecure.crypto.Ed25519Verify(pub, msg, sig); }); }); }).then(done).catch(done); }); }); describe("Identity and Pre Key Creation", function() { this.timeout(10000); before(function() { localStorage.clear(); }); after(function() { localStorage.clear(); }); it ('works', function(done) { localStorage.clear(); return textsecure.registerOnLoadFunction(function() { return textsecure.protocol.generateKeys().then(function() { assert.isDefined(textsecure.storage.getEncrypted("25519KeyidentityKey")); assert.isDefined(textsecure.storage.getEncrypted("25519KeysignedKey0")); for (var i = 0; i < 100; i++) { assert.isDefined(textsecure.storage.getEncrypted("25519KeypreKey" + i)); } var origIdentityKey = getString(textsecure.storage.getEncrypted("25519KeyidentityKey").privKey); return textsecure.protocol.generateKeys().then(function() { assert.isDefined(textsecure.storage.getEncrypted("25519KeyidentityKey")); assert.equal(getString(textsecure.storage.getEncrypted("25519KeyidentityKey").privKey), origIdentityKey); assert.isDefined(textsecure.storage.getEncrypted("25519KeysignedKey0")); assert.isDefined(textsecure.storage.getEncrypted("25519KeysignedKey1")); for (var i = 0; i < 200; i++) { assert.isDefined(textsecure.storage.getEncrypted("25519KeypreKey" + i)); } return textsecure.protocol.generateKeys().then(function() { assert.isDefined(textsecure.storage.getEncrypted("25519KeyidentityKey")); assert.equal(getString(textsecure.storage.getEncrypted("25519KeyidentityKey").privKey), origIdentityKey); assert.isUndefined(textsecure.storage.getEncrypted("25519KeysignedKey0")); assert.isDefined(textsecure.storage.getEncrypted("25519KeysignedKey1")); assert.isDefined(textsecure.storage.getEncrypted("25519KeysignedKey2")); for (var i = 0; i < 300; i++) { assert.isDefined(textsecure.storage.getEncrypted("25519KeypreKey" + i)); } }); }); }); }).then(done).catch(done); }); }); }); describe("Axolotl", function() { var runAxolotlTest = function(v) { var origCreateNewKeyPair = textsecure.crypto.testing_only.createNewKeyPair; var doStep; var stepDone; stepDone = function(res) { if (!res || privKeyQueue.length != 0 || Object.keys(getKeysForNumberMap).length != 0 || Object.keys(messagesSentMap).length != 0) { textsecure.crypto.testing_only.createNewKeyPair = origCreateNewKeyPair; return false; } else if (step == v.length) { textsecure.crypto.testing_only.createNewKeyPair = origCreateNewKeyPair; return true; } else return doStep().then(stepDone); } var privKeyQueue = []; textsecure.crypto.testing_only.createNewKeyPair = function(isIdentity) { if (privKeyQueue.length == 0 || isIdentity) throw new Error('Out of private keys'); else { var privKey = privKeyQueue.shift(); return textsecure.crypto.createKeyPair(privKey).then(function(keyPair) { var a = btoa(getString(keyPair.privKey)); var b = btoa(getString(privKey)); if (getString(keyPair.privKey) != getString(privKey)) throw new Error('Failed to rederive private key!'); else return keyPair; }); } } var step = 0; var doStep = function() { var data = v[step][1]; switch(v[step++][0]) { case "receiveMessage": var postLocalKeySetup = function() { if (data.newEphemeralKey !== undefined) privKeyQueue.push(data.newEphemeralKey); var message = new textsecure.protobuf.IncomingPushMessageSignal(); message.type = data.type; message.source = "SNOWDEN"; message.message = data.message; message.sourceDevice = 1; try { var proto = textsecure.protobuf.IncomingPushMessageSignal.decode(message.encode()); return textsecure.protocol.handleIncomingPushMessageProto(proto).then(function(res) { if (data.expectTerminateSession) return res.flags == textsecure.protobuf.PushMessageContent.Flags.END_SESSION; return res.body == data.expectedSmsText; }).catch(function(e) { if (data.expectException) return true; throw e; }); } catch(e) { if (data.expectException) return Promise.resolve(true); throw e; } } if (data.ourIdentityKey !== undefined) return textsecure.crypto.createKeyPair(data.ourIdentityKey).then(function(keyPair) { textsecure.storage.putEncrypted("25519KeyidentityKey", keyPair); return textsecure.crypto.createKeyPair(data.ourSignedPreKey).then(function(keyPair) { textsecure.storage.putEncrypted("25519KeysignedKey" + data.signedPreKeyId, keyPair); if (data.ourPreKey !== undefined) return textsecure.crypto.createKeyPair(data.ourPreKey).then(function(keyPair) { textsecure.storage.putEncrypted("25519KeypreKey" + data.preKeyId, keyPair); return postLocalKeySetup(); }); else return postLocalKeySetup(); }); }); else return postLocalKeySetup(); case "sendMessage": var postLocalKeySetup = function() { if (data.registrationId !== undefined) textsecure.storage.putUnencrypted("registrationId", data.registrationId); if (data.getKeys !== undefined) getKeysForNumberMap["SNOWDEN"] = data.getKeys; var checkMessage = function() { var msg = messagesSentMap["SNOWDEN.1"]; delete messagesSentMap["SNOWDEN.1"]; //XXX: This should be all we do: isEqual(data.expectedCiphertext, msg.body, false); if (msg.type == 1) { var expected = getString(data.expectedCiphertext); var decoded = textsecure.protobuf.WhisperMessage.decode(expected.substring(1, expected.length - 8), 'binary'); var result = getString(msg.body); return getString(decoded.encode()) == result.substring(1, result.length - 8); } else { var decoded = textsecure.protobuf.PreKeyWhisperMessage.decode(getString(data.expectedCiphertext).substr(1), 'binary'); var result = getString(msg.body).substring(1); return getString(decoded.encode()) == result; } } if (data.endSession) return textsecure.messaging.closeSession("SNOWDEN").then(checkMessage); else return textsecure.messaging.sendMessageToNumber("SNOWDEN", data.smsText, []).then(checkMessage); } if (data.ourBaseKey !== undefined) privKeyQueue.push(data.ourBaseKey); if (data.ourEphemeralKey !== undefined) privKeyQueue.push(data.ourEphemeralKey); if (data.ourIdentityKey !== undefined) return textsecure.crypto.createKeyPair(data.ourIdentityKey).then(function(keyPair) { textsecure.storage.putEncrypted("25519KeyidentityKey", keyPair); return postLocalKeySetup(); }); else return postLocalKeySetup(); default: return Promise.resolve(false); } } return doStep().then(stepDone); }; describe("test vectors", function() { _.each(axolotlTestVectors, function(t, i) { it(t.name, function(done) { localStorage.clear(); return textsecure.registerOnLoadFunction(function() { return runAxolotlTest(t.vectors).then(function(res) { assert(res); }); }).then(done).catch(done); }); }); }); }); if (window.mochaPhantomJS) mochaPhantomJS.run(); else mocha.run();