tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_broken_fips.js (2212B)

      1 // -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
      2 // This Source Code Form is subject to the terms of the Mozilla Public
      3 // License, v. 2.0. If a copy of the MPL was not distributed with this
      4 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
      5 
      6 "use strict";
      7 
      8 // Tests that if Firefox attempts and fails to load a PKCS#11 module DB that was
      9 // in FIPS mode, Firefox can still make use of keys in the key database.
     10 // secomd.db can be created via `certutil -N -d <dir>`. Putting it in FIPS mode
     11 // involves running `modutil -fips true -dbdir <dir>`. key4.db is from
     12 // test_sdr_preexisting/key4.db.
     13 
     14 function run_test() {
     15  // Append a single quote and non-ASCII characters to the profile path.
     16  let profd = Services.env.get("XPCSHELL_TEST_PROFILE_DIR");
     17  let file = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsIFile);
     18  file.initWithPath(profd);
     19  file.append("'รท1");
     20  Services.env.set("XPCSHELL_TEST_PROFILE_DIR", file.path);
     21 
     22  let profile = do_get_profile(); // must be called before getting nsIX509CertDB
     23  Assert.ok(
     24    /[^\x20-\x7f]/.test(profile.path),
     25    "the profile path should contain a non-ASCII character"
     26  );
     27 
     28  let keyDBName = "key4.db";
     29  let keyDBFile = do_get_file(`test_broken_fips/${keyDBName}`);
     30  keyDBFile.copyTo(profile, keyDBName);
     31 
     32  let pkcs11modDBName = "pkcs11.txt";
     33  let pkcs11modDBFile = do_get_file(`test_broken_fips/${pkcs11modDBName}`);
     34  pkcs11modDBFile.copyTo(profile, pkcs11modDBName);
     35 
     36  let moduleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(
     37    Ci.nsIPKCS11ModuleDB
     38  );
     39  ok(!moduleDB.isFIPSEnabled, "FIPS should not be enabled");
     40 
     41  let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
     42    Ci.nsISecretDecoderRing
     43  );
     44 
     45  const encrypted =
     46    "MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECGeDHwVfyFqzBBAYvqMq/kDMsrARVNdC1C8d";
     47  const expectedResult = "password";
     48  let decrypted = sdr.decryptString(encrypted);
     49  equal(
     50    decrypted,
     51    expectedResult,
     52    "decrypted ciphertext should match expected plaintext"
     53  );
     54 
     55  let pkcs11modDBFileFIPS = do_get_profile();
     56  pkcs11modDBFileFIPS.append(`${pkcs11modDBName}.fips`);
     57  ok(
     58    pkcs11modDBFileFIPS.exists(),
     59    "backed-up PKCS#11 module db should now exist"
     60  );
     61 }