kmac.js (19974B)
1 function run_test() { 2 setup({explicit_done: true}); 3 4 var subtle = self.crypto.subtle; // Change to test prefixed implementations 5 6 // When are all these tests really done? When all the promises they use have resolved. 7 var all_promises = []; 8 9 // Source file kmac_vectors.js provides the getTestVectors method 10 // for the algorithm that drives these tests. 11 var testVectors = getTestVectors(); 12 13 // Test verification first, because signing tests rely on that working 14 testVectors.forEach(function(vector) { 15 var promise = importVectorKeys(vector, ["verify", "sign"]) 16 .then(function(vector) { 17 promise_test(function(test) { 18 var algorithmParams = {name: vector.algorithm, length: vector.length}; 19 if (vector.customization !== undefined) { 20 algorithmParams.customization = vector.customization; 21 } 22 var operation = subtle.verify(algorithmParams, vector.key, vector.signature, vector.plaintext) 23 .then(function(is_verified) { 24 assert_true(is_verified, "Signature verified"); 25 }, function(err) { 26 assert_unreached("Verification should not throw error " + vector.name + ": " + err.message + "'"); 27 }); 28 29 return operation; 30 }, vector.name + " verification"); 31 32 }, function(err) { 33 // We need a failed test if the importVectorKey operation fails, so 34 // we know we never tested verification. 35 promise_test(function(test) { 36 assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); 37 }, "importVectorKeys step: " + vector.name + " verification"); 38 }); 39 40 all_promises.push(promise); 41 }); 42 43 // Test verification with an altered buffer after call 44 testVectors.forEach(function(vector) { 45 var promise = importVectorKeys(vector, ["verify", "sign"]) 46 .then(function(vector) { 47 promise_test(function(test) { 48 var signature = copyBuffer(vector.signature); 49 var algorithmParams = {name: vector.algorithm, length: vector.length}; 50 if (vector.customization !== undefined) { 51 algorithmParams.customization = vector.customization; 52 } 53 var operation = subtle.verify(algorithmParams, vector.key, signature, vector.plaintext) 54 .then(function(is_verified) { 55 assert_true(is_verified, "Signature is not verified"); 56 }, function(err) { 57 assert_unreached("Verification should not throw error " + vector.name + ": " + err.message + "'"); 58 }); 59 60 signature[0] = 255 - signature[0]; 61 return operation; 62 }, vector.name + " verification with altered signature after call"); 63 }, function(err) { 64 promise_test(function(test) { 65 assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); 66 }, "importVectorKeys step: " + vector.name + " verification with altered signature after call"); 67 }); 68 69 all_promises.push(promise); 70 }); 71 72 // Check for successful verification even if plaintext is altered after call. 73 testVectors.forEach(function(vector) { 74 var promise = importVectorKeys(vector, ["verify", "sign"]) 75 .then(function(vector) { 76 promise_test(function(test) { 77 var plaintext = copyBuffer(vector.plaintext); 78 var algorithmParams = {name: vector.algorithm, length: vector.length}; 79 if (vector.customization !== undefined) { 80 algorithmParams.customization = vector.customization; 81 } 82 var operation = subtle.verify(algorithmParams, vector.key, vector.signature, plaintext) 83 .then(function(is_verified) { 84 assert_true(is_verified, "Signature verified"); 85 }, function(err) { 86 assert_unreached("Verification should not throw error " + vector.name + ": " + err.message + "'"); 87 }); 88 89 plaintext[0] = 255 - plaintext[0]; 90 return operation; 91 }, vector.name + " with altered plaintext after call"); 92 }, function(err) { 93 promise_test(function(test) { 94 assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); 95 }, "importVectorKeys step: " + vector.name + " with altered plaintext"); 96 }); 97 98 all_promises.push(promise); 99 }); 100 101 // Check for failures due to no "verify" usage. 102 testVectors.forEach(function(originalVector) { 103 var vector = Object.assign({}, originalVector); 104 105 var promise = importVectorKeys(vector, ["sign"]) 106 .then(function(vector) { 107 promise_test(function(test) { 108 var algorithmParams = {name: vector.algorithm, length: vector.length}; 109 if (vector.customization !== undefined) { 110 algorithmParams.customization = vector.customization; 111 } 112 return subtle.verify(algorithmParams, vector.key, vector.signature, vector.plaintext) 113 .then(function(plaintext) { 114 assert_unreached("Should have thrown error for no verify usage in " + vector.name + ": " + err.message + "'"); 115 }, function(err) { 116 assert_equals(err.name, "InvalidAccessError", "Should throw InvalidAccessError instead of '" + err.message + "'"); 117 }); 118 }, vector.name + " no verify usage"); 119 }, function(err) { 120 promise_test(function(test) { 121 assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); 122 }, "importVectorKeys step: " + vector.name + " no verify usage"); 123 }); 124 125 all_promises.push(promise); 126 }); 127 128 // Check for successful signing and verification. 129 testVectors.forEach(function(vector) { 130 var promise = importVectorKeys(vector, ["verify", "sign"]) 131 .then(function(vectors) { 132 promise_test(function(test) { 133 var algorithmParams = {name: vector.algorithm, length: vector.length}; 134 if (vector.customization !== undefined) { 135 algorithmParams.customization = vector.customization; 136 } 137 return subtle.sign(algorithmParams, vector.key, vector.plaintext) 138 .then(function(signature) { 139 assert_true(equalBuffers(signature, vector.signature), "Signing did not give the expected output"); 140 // Can we get the verify the new signature? 141 return subtle.verify(algorithmParams, vector.key, signature, vector.plaintext) 142 .then(function(is_verified) { 143 assert_true(is_verified, "Round trip verifies"); 144 return signature; 145 }, function(err) { 146 assert_unreached("verify error for test " + vector.name + ": " + err.message + "'"); 147 }); 148 }); 149 }, vector.name + " round trip"); 150 151 }, function(err) { 152 // We need a failed test if the importVectorKey operation fails, so 153 // we know we never tested signing or verifying 154 promise_test(function(test) { 155 assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); 156 }, "importVectorKeys step: " + vector.name + " round trip"); 157 }); 158 159 all_promises.push(promise); 160 }); 161 162 // Test signing with the wrong algorithm 163 testVectors.forEach(function(vector) { 164 // Want to get the key for the wrong algorithm 165 var promise = subtle.generateKey({name: "ECDSA", namedCurve: "P-256", hash: "SHA-256"}, false, ["sign", "verify"]) 166 .then(function(wrongKey) { 167 return importVectorKeys(vector, ["verify", "sign"]) 168 .then(function(vectors) { 169 promise_test(function(test) { 170 var algorithmParams = {name: vector.algorithm, length: vector.length}; 171 if (vector.customization !== undefined) { 172 algorithmParams.customization = vector.customization; 173 } 174 var operation = subtle.sign(algorithmParams, wrongKey.privateKey, vector.plaintext) 175 .then(function(signature) { 176 assert_unreached("Signing should not have succeeded for " + vector.name); 177 }, function(err) { 178 assert_equals(err.name, "InvalidAccessError", "Should have thrown InvalidAccessError instead of '" + err.message + "'"); 179 }); 180 181 return operation; 182 }, vector.name + " signing with wrong algorithm name"); 183 184 }, function(err) { 185 // We need a failed test if the importVectorKey operation fails, so 186 // we know we never tested verification. 187 promise_test(function(test) { 188 assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); 189 }, "importVectorKeys step: " + vector.name + " signing with wrong algorithm name"); 190 }); 191 }, function(err) { 192 promise_test(function(test) { 193 assert_unreached("Generate wrong key for test " + vector.name + " failed: '" + err.message + "'"); 194 }, "generate wrong key step: " + vector.name + " signing with wrong algorithm name"); 195 }); 196 197 all_promises.push(promise); 198 }); 199 200 // Test verification with the wrong algorithm 201 testVectors.forEach(function(vector) { 202 // Want to get the key for the wrong algorithm 203 var promise = subtle.generateKey({name: "ECDSA", namedCurve: "P-256", hash: "SHA-256"}, false, ["sign", "verify"]) 204 .then(function(wrongKey) { 205 return importVectorKeys(vector, ["verify", "sign"]) 206 .then(function(vector) { 207 promise_test(function(test) { 208 var algorithmParams = {name: vector.algorithm, length: vector.length}; 209 if (vector.customization !== undefined) { 210 algorithmParams.customization = vector.customization; 211 } 212 var operation = subtle.verify(algorithmParams, wrongKey.publicKey, vector.signature, vector.plaintext) 213 .then(function(signature) { 214 assert_unreached("Verifying should not have succeeded for " + vector.name); 215 }, function(err) { 216 assert_equals(err.name, "InvalidAccessError", "Should have thrown InvalidAccessError instead of '" + err.message + "'"); 217 }); 218 219 return operation; 220 }, vector.name + " verifying with wrong algorithm name"); 221 222 }, function(err) { 223 // We need a failed test if the importVectorKey operation fails, so 224 // we know we never tested verification. 225 promise_test(function(test) { 226 assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); 227 }, "importVectorKeys step: " + vector.name + " verifying with wrong algorithm name"); 228 }); 229 }, function(err) { 230 promise_test(function(test) { 231 assert_unreached("Generate wrong key for test " + vector.name + " failed: '" + err.message + "'"); 232 }, "generate wrong key step: " + vector.name + " verifying with wrong algorithm name"); 233 }); 234 235 all_promises.push(promise); 236 }); 237 238 // Verification should fail if the plaintext is changed 239 testVectors.forEach(function(vector) { 240 var promise = importVectorKeys(vector, ["verify", "sign"]) 241 .then(function(vector) { 242 var plaintext = copyBuffer(vector.plaintext); 243 plaintext[0] = 255 - plaintext[0]; 244 promise_test(function(test) { 245 var algorithmParams = {name: vector.algorithm, length: vector.length}; 246 if (vector.customization !== undefined) { 247 algorithmParams.customization = vector.customization; 248 } 249 var operation = subtle.verify(algorithmParams, vector.key, vector.signature, plaintext) 250 .then(function(is_verified) { 251 assert_false(is_verified, "Signature is NOT verified"); 252 }, function(err) { 253 assert_unreached("Verification should not throw error " + vector.name + ": " + err.message + "'"); 254 }); 255 256 return operation; 257 }, vector.name + " verification failure due to wrong plaintext"); 258 259 }, function(err) { 260 // We need a failed test if the importVectorKey operation fails, so 261 // we know we never tested verification. 262 promise_test(function(test) { 263 assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); 264 }, "importVectorKeys step: " + vector.name + " verification failure due to wrong plaintext"); 265 }); 266 267 all_promises.push(promise); 268 }); 269 270 // Verification should fail if the signature is changed 271 testVectors.forEach(function(vector) { 272 var promise = importVectorKeys(vector, ["verify", "sign"]) 273 .then(function(vector) { 274 var signature = copyBuffer(vector.signature); 275 signature[0] = 255 - signature[0]; 276 promise_test(function(test) { 277 var algorithmParams = {name: vector.algorithm, length: vector.length}; 278 if (vector.customization !== undefined) { 279 algorithmParams.customization = vector.customization; 280 } 281 var operation = subtle.verify(algorithmParams, vector.key, signature, vector.plaintext) 282 .then(function(is_verified) { 283 assert_false(is_verified, "Signature is NOT verified"); 284 }, function(err) { 285 assert_unreached("Verification should not throw error " + vector.name + ": " + err.message + "'"); 286 }); 287 288 return operation; 289 }, vector.name + " verification failure due to wrong signature"); 290 291 }, function(err) { 292 // We need a failed test if the importVectorKey operation fails, so 293 // we know we never tested verification. 294 promise_test(function(test) { 295 assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); 296 }, "importVectorKeys step: " + vector.name + " verification failure due to wrong signature"); 297 }); 298 299 all_promises.push(promise); 300 }); 301 302 // Verification should fail if the signature is wrong length 303 testVectors.forEach(function(vector) { 304 var promise = importVectorKeys(vector, ["verify", "sign"]) 305 .then(function(vector) { 306 var signature = vector.signature.slice(1); // Drop first byte 307 promise_test(function(test) { 308 var algorithmParams = {name: vector.algorithm, length: vector.length}; 309 if (vector.customization !== undefined) { 310 algorithmParams.customization = vector.customization; 311 } 312 var operation = subtle.verify(algorithmParams, vector.key, signature, vector.plaintext) 313 .then(function(is_verified) { 314 assert_false(is_verified, "Signature is NOT verified"); 315 }, function(err) { 316 assert_unreached("Verification should not throw error " + vector.name + ": " + err.message + "'"); 317 }); 318 319 return operation; 320 }, vector.name + " verification failure due to short signature"); 321 322 }, function(err) { 323 // We need a failed test if the importVectorKey operation fails, so 324 // we know we never tested verification. 325 promise_test(function(test) { 326 assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); 327 }, "importVectorKeys step: " + vector.name + " verification failure due to short signature"); 328 }); 329 330 all_promises.push(promise); 331 }); 332 333 // Test verification failure due to wrong length parameter 334 testVectors.forEach(function(vector) { 335 var promise = importVectorKeys(vector, ["verify", "sign"]) 336 .then(function(vector) { 337 promise_test(function(test) { 338 var differentLength = vector.length === 256 ? 512 : 256; 339 var algorithmParams = {name: vector.algorithm, length: differentLength}; 340 if (vector.customization !== undefined) { 341 algorithmParams.customization = vector.customization; 342 } 343 var operation = subtle.verify(algorithmParams, vector.key, vector.signature, vector.plaintext) 344 .then(function(is_verified) { 345 assert_false(is_verified, "Signature is NOT verified with wrong length"); 346 }, function(err) { 347 assert_unreached("Verification should not throw error " + vector.name + ": " + err.message + "'"); 348 }); 349 350 return operation; 351 }, vector.name + " verification failure due to wrong length parameter"); 352 353 }, function(err) { 354 // We need a failed test if the importVectorKey operation fails, so 355 // we know we never tested verification. 356 promise_test(function(test) { 357 assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''"); 358 }, "importVectorKeys step: " + vector.name + " verification failure due to wrong length parameter"); 359 }); 360 361 all_promises.push(promise); 362 }); 363 364 promise_test(function() { 365 return Promise.all(all_promises) 366 .then(function() {done();}) 367 .catch(function() {done();}) 368 }, "setup"); 369 370 // A test vector has all needed fields for signing and verifying, EXCEPT that the 371 // key field may be null. This function replaces that null with the Correct 372 // CryptoKey object. 373 // 374 // Returns a Promise that yields an updated vector on success. 375 function importVectorKeys(vector, keyUsages) { 376 if (vector.key !== null) { 377 return new Promise(function(resolve, reject) { 378 resolve(vector); 379 }); 380 } else { 381 return subtle.importKey("raw-secret", vector.keyBuffer, {name: vector.algorithm}, false, keyUsages) 382 .then(function(key) { 383 vector.key = key; 384 return vector; 385 }); 386 } 387 } 388 389 // Returns a copy of the sourceBuffer it is sent. 390 function copyBuffer(sourceBuffer) { 391 var source = new Uint8Array(sourceBuffer); 392 var copy = new Uint8Array(sourceBuffer.byteLength) 393 394 for (var i=0; i<source.byteLength; i++) { 395 copy[i] = source[i]; 396 } 397 398 return copy; 399 } 400 401 function equalBuffers(a, b) { 402 if (a.byteLength !== b.byteLength) { 403 return false; 404 } 405 406 var aBytes = new Uint8Array(a); 407 var bBytes = new Uint8Array(b); 408 409 for (var i=0; i<a.byteLength; i++) { 410 if (aBytes[i] !== bBytes[i]) { 411 return false; 412 } 413 } 414 415 return true; 416 } 417 418 return; 419 }