Add bit for !identityKey and commit wip test-cases
This commit is contained in:
Matt Corallo
parent
244aa8df92
commit
d56c3e1051
3 changed files with 127 additions and 25 deletions
|
|
@ -446,7 +446,8 @@ function curve25519b32(a, b) {
|
|||
|
||||
function curve25519(f, c) {
|
||||
if (!c) { c = c255lbase(); }
|
||||
f[0] &= 0xFFF8;
|
||||
f[15] = (f[15] & 0x7FFF) | 0x4000;
|
||||
// The masking is done upstream (and not always done)
|
||||
//f[0] &= 0xFFF8;
|
||||
//f[15] = (f[15] & 0x7FFF) | 0x4000;
|
||||
return curve25519_raw(f, c);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -402,11 +402,11 @@ function getRandomBytes(size) {
|
|||
}
|
||||
}
|
||||
|
||||
// functions exposed for testing
|
||||
// functions exposed for replacement and direct calling in test code
|
||||
var crypto_tests = {};
|
||||
|
||||
(function(crypto, $, undefined) {
|
||||
crypto_tests.privToPub = function(privKey, callback) {
|
||||
crypto_tests.privToPub = function(privKey, isIdentity, callback) {
|
||||
if (privKey.byteLength != 32)
|
||||
throw "Invalid private key";
|
||||
|
||||
|
|
@ -423,28 +423,37 @@ var crypto_tests = {};
|
|||
if (USE_NACL) {
|
||||
postNaclMessage({command: "bytesToPriv", priv: privKey}, function(message) {
|
||||
var priv = message.res;
|
||||
if (!isIdentity)
|
||||
new Uint8Array(priv)[0] |= 0x01;
|
||||
postNaclMessage({command: "privToPub", priv: priv}, function(message) {
|
||||
callback({ pubKey: prependVersion(message.res), privKey: priv });
|
||||
});
|
||||
});
|
||||
} else {
|
||||
privKey = privKey.slice(0);
|
||||
var priv = new Uint16Array(privKey);
|
||||
priv[0] &= 0xFFF8;
|
||||
priv[15] = (priv[15] & 0x7FFF) | 0x4000;
|
||||
|
||||
if (!isIdentity)
|
||||
priv[0] |= 0x0001;
|
||||
|
||||
//TODO: fscking type conversion
|
||||
callback({ pubKey: prependVersion(toArrayBuffer(curve25519(priv))), privKey: privKey});
|
||||
}
|
||||
|
||||
}
|
||||
var privToPub = function(privKey, isIdentity, callback) { return crypto_tests.privToPub(privKey, isIdentity, callback); }
|
||||
|
||||
var createNewKeyPair = function(callback) {
|
||||
crypto_tests.privToPub(getRandomBytes(32), callback);
|
||||
crypto_tests.createNewKeyPair = function(isIdentity, callback) {
|
||||
return privToPub(getRandomBytes(32), isIdentity, callback);
|
||||
}
|
||||
var createNewKeyPair = function(isIdentity, callback) { return crypto_tests.createNewKeyPair(isIdentity, callback); }
|
||||
|
||||
var crypto_storage = {};
|
||||
|
||||
crypto_storage.getNewPubKeySTORINGPrivKey = function(keyName, callback) {
|
||||
createNewKeyPair(function(keyPair) {
|
||||
crypto_storage.getNewPubKeySTORINGPrivKey = function(keyName, isIdentity, callback) {
|
||||
createNewKeyPair(isIdentity, function(keyPair) {
|
||||
storage.putEncrypted("25519Key" + keyName, keyPair);
|
||||
callback(keyPair.pubKey);
|
||||
});
|
||||
|
|
@ -489,7 +498,7 @@ var crypto_tests = {};
|
|||
*****************************/
|
||||
//TODO: Think about replacing CryptoJS stuff with optional NaCL-based implementations
|
||||
// Probably means all of the low-level crypto stuff here needs pulled out into its own file
|
||||
var ECDHE = function(pubKey, privKey, callback) {
|
||||
crypto_tests.ECDHE = function(pubKey, privKey, callback) {
|
||||
if (privKey !== undefined) {
|
||||
privKey = toArrayBuffer(privKey);
|
||||
if (privKey.byteLength != 32)
|
||||
|
|
@ -517,7 +526,7 @@ var crypto_tests = {};
|
|||
callback(toArrayBuffer(curve25519(new Uint16Array(privKey), new Uint16Array(pubKey))));
|
||||
}
|
||||
}
|
||||
crypto_tests.ECDHE = ECDHE;
|
||||
var ECDHE = function(pubKey, privKey, callback) { return crypto_tests.ECDHE(pubKey, privKey, callback); }
|
||||
|
||||
var HMACSHA256 = function(input, key) {
|
||||
//TODO: Waaayyyy less type conversion here (probably just means replacing CryptoJS)
|
||||
|
|
@ -684,7 +693,7 @@ var crypto_tests = {};
|
|||
var masterKey = HKDF(sharedSecret, ratchet.rootKey, "WhisperRatchet");
|
||||
session[getString(remoteKey)] = { messageKeys: {}, chainKey: { counter: -1, key: masterKey[1] } };
|
||||
|
||||
createNewKeyPair(function(keyPair) {
|
||||
createNewKeyPair(false, function(keyPair) {
|
||||
ratchet.ephemeralKeyPair = keyPair;
|
||||
|
||||
ECDHE(remoteKey, ratchet.ephemeralKeyPair.privKey, function(sharedSecret) {
|
||||
|
|
@ -808,7 +817,7 @@ var crypto_tests = {};
|
|||
if (session === undefined) {
|
||||
var preKeyMsg = new PreKeyWhisperMessageProtobuf();
|
||||
preKeyMsg.identityKey = toArrayBuffer(crypto_storage.getStoredPubKey("identityKey"));
|
||||
createNewKeyPair(function(baseKey) {
|
||||
createNewKeyPair(false, function(baseKey) {
|
||||
preKeyMsg.baseKey = toArrayBuffer(baseKey.pubKey);
|
||||
preKeyMsg.preKeyId = deviceObject.preKeyId;
|
||||
initSession(true, baseKey, deviceObject.encodedNumber, deviceObject.identityKey, deviceObject.publicKey, function() {
|
||||
|
|
@ -844,14 +853,14 @@ var crypto_tests = {};
|
|||
keys.keys = [];
|
||||
var keysLeft = GENERATE_KEYS_KEYS_GENERATED;
|
||||
for (var i = firstKeyId; i < firstKeyId + GENERATE_KEYS_KEYS_GENERATED; i++) {
|
||||
crypto_storage.getNewPubKeySTORINGPrivKey("preKey" + i, function(pubKey) {
|
||||
crypto_storage.getNewPubKeySTORINGPrivKey("preKey" + i, false, function(pubKey) {
|
||||
keys.keys[i] = {keyId: i, publicKey: pubKey, identityKey: identityKey};
|
||||
keysLeft--;
|
||||
if (keysLeft == 0) {
|
||||
// 0xFFFFFF == 16777215
|
||||
keys.lastResortKey = {keyId: 16777215, publicKey: crypto_storage.getStoredPubKey("preKey16777215"), identityKey: identityKey};//TODO: Rotate lastResortKey
|
||||
if (keys.lastResortKey.publicKey === undefined) {
|
||||
crypto_storage.getNewPubKeySTORINGPrivKey("preKey16777215", function(pubKey) {
|
||||
crypto_storage.getNewPubKeySTORINGPrivKey("preKey16777215", false, function(pubKey) {
|
||||
keys.lastResortKey.publicKey = pubKey;
|
||||
callback(keys);
|
||||
});
|
||||
|
|
@ -862,7 +871,7 @@ var crypto_tests = {};
|
|||
}
|
||||
}
|
||||
if (identityKey === undefined)
|
||||
crypto_storage.getNewPubKeySTORINGPrivKey("identityKey", function(pubKey) { identityKeyCalculated(pubKey); });
|
||||
crypto_storage.getNewPubKeySTORINGPrivKey("identityKey", true, function(pubKey) { identityKeyCalculated(pubKey); });
|
||||
else
|
||||
identityKeyCalculated(identityKey);
|
||||
}
|
||||
|
|
|
|||
112
js/test.js
112
js/test.js
|
|
@ -58,6 +58,7 @@ function TEST(func, name, exclusive) {
|
|||
testsOutstanding[testIndex] = funcName;
|
||||
func(callback);
|
||||
} catch (e) {
|
||||
console.log(e.stack);
|
||||
testsdiv.append('<p style="color: red;">' + funcName + ' threw ' + e + '</p>');
|
||||
}
|
||||
}
|
||||
|
|
@ -124,7 +125,7 @@ registerOnLoadFunction(function() {
|
|||
var bob_pub = hexToArrayBuffer("05de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f");
|
||||
var shared_sec = hexToArrayBuffer("4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742");
|
||||
|
||||
crypto_tests.privToPub(alice_priv, function(aliceKeyPair) {
|
||||
crypto_tests.privToPub(alice_priv, true, function(aliceKeyPair) {
|
||||
var target = new Uint8Array(alice_priv.slice(0));
|
||||
target[0] &= 248;
|
||||
target[31] &= 127;
|
||||
|
|
@ -132,7 +133,7 @@ registerOnLoadFunction(function() {
|
|||
if (String.fromCharCode.apply(null, new Uint8Array(aliceKeyPair.privKey)) != String.fromCharCode.apply(null, target))
|
||||
callback(false);
|
||||
|
||||
crypto_tests.privToPub(bob_priv, function(bobKeyPair) {
|
||||
crypto_tests.privToPub(bob_priv, true, function(bobKeyPair) {
|
||||
var target = new Uint8Array(bob_priv.slice(0));
|
||||
target[0] &= 248;
|
||||
target[31] &= 127;
|
||||
|
|
@ -182,7 +183,8 @@ registerOnLoadFunction(function() {
|
|||
callback(getString(OKM[0]) == getString(T1) && getString(OKM[1]).substring(0, 10) == getString(T2));
|
||||
}, "HMAC RFC5869 Test vectors");*/
|
||||
|
||||
var axolotlTestVectors = {
|
||||
|
||||
var simpleAxolotlTestVectors = {
|
||||
aliceIdentityPriv: hexToArrayBuffer("08ebc1e1fdbbc88d1a833a9d8c287328d4f749b7b7eb20afda0957dc05efc258"),
|
||||
aliceIdentityPub: hexToArrayBuffer("05b9c152cb9fefb0a12df319ae50c728c7909a8a080fcf22d5e1842352186d3870"),
|
||||
bobIdentityPriv: hexToArrayBuffer("08491ea8a9aff03a724cfb44411502f3e974010e62b6db2703b9506a2e18554e"),
|
||||
|
|
@ -193,10 +195,10 @@ sessionKey: hexToArrayBuffer("3d71b56ab9763865905597a90c6746640a946bf3a11632b31a
|
|||
encryptedMessage: hexToArrayBuffer("415a326e6f457937756a6c5355785876342f6b5856346970342b6d45636f636c35424d396c4978364f525948696438634f4a68374c4e2f48534b776a4755556f304e73582f634255742b6a58464b6357697368364b363441315963316f5a47304168676466734e572b53484f313131306e664b6e6c47595445723661624e57556b394c515145706b6f52385746626c5952312b636a4b576d554d5131646f477a376b345955415055544e4d474b78413349694135797575706d6544453173545359552b736133575876366f5a7a624a614275486b5044345a4f3773416b34667558434135466e724e2f462f34445a61586952696f4a76744849413d3d"),
|
||||
};
|
||||
|
||||
function axolotlTestVectorsAsBob(v, callback) {
|
||||
function simpleAxolotlTestVectorsAsBob(v, callback) {
|
||||
localStorage.clear();
|
||||
storage.putEncrypted("25519KeyidentityKey", { pubKey: v.bobIdentityPub, privKey: v.bobIdentityPriv });
|
||||
crypto_tests.privToPub(v.bobPre0, function(keyPair) {
|
||||
crypto_tests.privToPub(v.bobPre0, true, function(keyPair) {
|
||||
storage.putEncrypted("25519KeypreKey0", { pubKey: keyPair.pubKey, privKey: keyPair.privKey });
|
||||
|
||||
if (v.sessionKey !== undefined) {
|
||||
|
|
@ -218,11 +220,11 @@ encryptedMessage: hexToArrayBuffer("415a326e6f457937756a6c5355785876342f6b585634
|
|||
|
||||
TEST(function(callback) {
|
||||
var v = {};
|
||||
for (key in axolotlTestVectors)
|
||||
v[key] = axolotlTestVectors[key];
|
||||
for (key in simpleAxolotlTestVectors)
|
||||
v[key] = simpleAxolotlTestVectors[key];
|
||||
|
||||
storage.putEncrypted("25519KeyidentityKey", { pubKey: v.aliceIdentityPub, privKey: v.aliceIdentityPriv });
|
||||
crypto_tests.privToPub(v.bobPre0, function(keyPair) {
|
||||
crypto_tests.privToPub(v.bobPre0, true, function(keyPair) {
|
||||
var bobsDevice = {encodedNumber: "BOB", identityKey: keyPair.privKey, publicKey: keyPair.pubKey, preKeyId: 0};
|
||||
saveDeviceObject = bobsDevice;
|
||||
|
||||
|
|
@ -237,15 +239,105 @@ encryptedMessage: hexToArrayBuffer("415a326e6f457937756a6c5355785876342f6b585634
|
|||
|
||||
delete v['sessionKey'];
|
||||
v.aliceToBob = getString(message.encode());
|
||||
axolotlTestVectorsAsBob(v, callback);
|
||||
simpleAxolotlTestVectorsAsBob(v, callback);
|
||||
});
|
||||
});
|
||||
}, "Axolotl test vectors as alice", true);
|
||||
}, "Simple Axolotl test vectors as Alice", true);
|
||||
|
||||
TEST(function(callback) {
|
||||
simpleAxolotlTestVectorsAsBob(simpleAxolotlTestVectors, callback);
|
||||
}, "Simple Axolotl test vectors as bob", true);
|
||||
|
||||
|
||||
var axolotlTwoPartyTestVectorsAlice = [
|
||||
["sendMessage",
|
||||
{
|
||||
smsText: "A",
|
||||
ourBaseKey: hexToArrayBuffer('91918ad75986b7fa7546dcf9f36baa4997c2ab4c5f0f0e3a1274907e06dd027d'),
|
||||
ourEphemeralKey: hexToArrayBuffer('11cd8695564c84153543ab4b47b7da6f89dca070249f734f08ab6f10062b857f'),
|
||||
ourIdentityKey: hexToArrayBuffer('0806209dfac61e8d4e99a855908f86bf1eb874851223902718eed7a54d672960'),
|
||||
theirPreKey: hexToArrayBuffer('05522fdfff7ded73e9006096be562eb2d99847fba6fb870300db82ccf9a557a534'),
|
||||
theirPreKeyId: 16728523,
|
||||
theirRegistrationId: 9072,//TODO: Figure out wtf this is for
|
||||
theirIdentityKey: hexToArrayBuffer('05ae90af12c5cb02daa6bc29ac95082d7e66c96bf60215b33215079f0231a00763'),
|
||||
//expectedPlaintext: hexToArrayBuffer('0a0e4120202020202020202020202020'),
|
||||
//expectedCounter: 0,
|
||||
expectedCiphertext: hexToArrayBuffer('2208cb83fd071221057f5f3adf3b11525967a6c7d9f4fb34df4c79f40b4827cced8d4cd9c0c85d7e601a210582d1fb7ab4f8f0ecfdea447de66a4e19cd2c3502f2b04b8829dd5bb36bd0d6242242220a21059f20776ec3d0975ebe54f8efaf847fdf227ffb2cc057de845c2e963984e5a878100018002210f5dd335e2d1ec1e7335a11c9e1c2a159a0f432040b064abe28f046'),
|
||||
}],
|
||||
/*["sendMessage",
|
||||
{
|
||||
smsText: "B",
|
||||
//expectedPlaintext: hexToArrayBuffer('0a0e4220202020202020202020202020'),
|
||||
//expectedCounter: 1,
|
||||
expectedCiphertext: hexToArrayBuffer('2208cb83fd071221057f5f3adf3b11525967a6c7d9f4fb34df4c79f40b4827cced8d4cd9c0c85d7e601a210582d1fb7ab4f8f0ecfdea447de66a4e19cd2c3502f2b04b8829dd5bb36bd0d6242242220a21059f20776ec3d0975ebe54f8efaf847fdf227ffb2cc057de845c2e963984e5a878100118002210efa08202abe3ad52828a9a782f3aa5fc18ea1a709fcc6e6828f046'),
|
||||
}],
|
||||
["receiveMessage",
|
||||
{
|
||||
message: hexToArrayBuffer('0801120c2b313333333333333333333328fec18dd4d3283239220a21051ac83687a0dc5acf4595e12411358fe7efeb068b7deb96f2ae6d25f2a4231f2e100018ffffffff0f220321deef7e214d158ebbd10c3801'),
|
||||
newEphemeralKey: hexToArrayBuffer('21ba1f11c4e9be34da2af78345cb7a04143c67dc084c37b6bd9c3dbc68c86a58'),
|
||||
//expectedPlaintext: hexToArrayBuffer('220a21051ac83687a0dc5acf4595e12411358fe7efeb068b7deb96f2ae6d25f2a4231f2e100018ffffffff0f220321deef7e214d158ebbd10c'),
|
||||
expectedSmsText: "C",
|
||||
}],
|
||||
["receiveMessage",
|
||||
{
|
||||
message: hexToArrayBuffer('0801120c2b313333333333333333333328b3da8dd4d3283239220a21051ac83687a0dc5acf4595e12411358fe7efeb068b7deb96f2ae6d25f2a4231f2e100118ffffffff0f220388e968d2d102a298b2c92a3801'),
|
||||
//expectedPlaintext: hexToArrayBuffer('220a21051ac83687a0dc5acf4595e12411358fe7efeb068b7deb96f2ae6d25f2a4231f2e100118ffffffff0f220388e968d2d102a298b2c92a'),
|
||||
expectedSmsText: "D",
|
||||
}],
|
||||
["sendMessage",
|
||||
{
|
||||
smsText: "E",
|
||||
//expectedPlaintext: hexToArrayBuffer('0a0145'),
|
||||
//expectedCounter: 0,
|
||||
expectedCiphertext: hexToArrayBuffer('220a2105f4465a6be68def783cb36b26fa4d2b6eb80b6fa7678a58181f0492121a760b48100018012203bf89479b777a890a700a36'),
|
||||
}],*/
|
||||
];
|
||||
|
||||
var axolotlTwoPartyTestVectorsBob = [
|
||||
["receiveMessage",
|
||||
{
|
||||
message: hexToArrayBuffer('0803120c2b313232323232323232323228b3e48cd4d3283293012208cb83fd071221057f5f3adf3b11525967a6c7d9f4fb34df4c79f40b4827cced8d4cd9c0c85d7e601a210582d1fb7ab4f8f0ecfdea447de66a4e19cd2c3502f2b04b8829dd5bb36bd0d6242242220a21059f20776ec3d0975ebe54f8efaf847fdf227ffb2cc057de845c2e963984e5a878100018002210f5dd335e2d1ec1e7335a11c9e1c2a159a0f432040b064abe28f0463801'),
|
||||
ourPreKey: hexToArrayBuffer('71f2d216192d22de45290135bb2cc9b140c864d9b92d8f238577f4fddb2fcb4d'),
|
||||
ourIdentityKey: hexToArrayBuffer('08b66c917e27319f8f9a69791d7571ce47175e7e3db5fc85a51e264b31cdf56b'),
|
||||
newEphemeralKey: hexToArrayBuffer('416f63ac4939c0bdd0d9e3b589e1ffde4906f54629742f189e6028c08a5d2666'),
|
||||
//expectedPlaintext: hexToArrayBuffer('220a21059f20776ec3d0975ebe54f8efaf847fdf227ffb2cc057de845c2e963984e5a878100018002210f5dd335e2d1ec1e7335a11c9e1c2a159a0f432040b064abe'),
|
||||
expectedSmsText: "A",
|
||||
}],
|
||||
["receiveMessage",
|
||||
{
|
||||
message: hexToArrayBuffer('0803120c2b313232323232323232323228e9898dd4d3283293012208cb83fd071221057f5f3adf3b11525967a6c7d9f4fb34df4c79f40b4827cced8d4cd9c0c85d7e601a210582d1fb7ab4f8f0ecfdea447de66a4e19cd2c3502f2b04b8829dd5bb36bd0d6242242220a21059f20776ec3d0975ebe54f8efaf847fdf227ffb2cc057de845c2e963984e5a878100118002210efa08202abe3ad52828a9a782f3aa5fc18ea1a709fcc6e6828f0463801'),
|
||||
//expectedPlaintext: hexToArrayBuffer('220a21059f20776ec3d0975ebe54f8efaf847fdf227ffb2cc057de845c2e963984e5a878100118002210efa08202abe3ad52828a9a782f3aa5fc18ea1a709fcc6e68'),
|
||||
expectedSmsText: "B",
|
||||
}],
|
||||
["sendMessage",
|
||||
{
|
||||
smsText: "C",
|
||||
//expectedPlaintext: hexToArrayBuffer('0a0143'),
|
||||
//expectedCounter: 0,
|
||||
expectedCiphertext: hexToArrayBuffer('220a21051ac83687a0dc5acf4595e12411358fe7efeb068b7deb96f2ae6d25f2a4231f2e100018ffffffff0f220321deef7e214d158ebbd10c'),
|
||||
}],
|
||||
["sendMessage",
|
||||
{
|
||||
smsText: "D",
|
||||
//expectedPlaintext: hexToArrayBuffer('0a0144'),
|
||||
//expectedCounter: 1,
|
||||
expectedCiphertext: hexToArrayBuffer('220a21051ac83687a0dc5acf4595e12411358fe7efeb068b7deb96f2ae6d25f2a4231f2e100118ffffffff0f220388e968d2d102a298b2c92a'),
|
||||
}],
|
||||
["receiveMessage",
|
||||
{
|
||||
message: hexToArrayBuffer('0801120c2b313232323232323232323228e1ad8ed4d3283235220a2105f4465a6be68def783cb36b26fa4d2b6eb80b6fa7678a58181f0492121a760b48100018012203bf89479b777a890a700a363801'),
|
||||
newEphemeralKey: hexToArrayBuffer('31a5281df2a88cf8ddea3f34eb4ac2c7c55eb91cdf052c5f87d788b4649bae47'),
|
||||
//expectedPlaintext: hexToArrayBuffer('220a2105f4465a6be68def783cb36b26fa4d2b6eb80b6fa7678a58181f0492121a760b48100018012203bf89479b777a890a700a36'),
|
||||
expectedSmsText: "E",
|
||||
}],
|
||||
];
|
||||
|
||||
TEST(function(callback) {
|
||||
axolotlTestVectorsAsBob(axolotlTestVectors, callback);
|
||||
}, "Axolotl test vectors as bob", true);
|
||||
|
||||
// Setup test timeouts (note that this will only work if things are actually
|
||||
// being run async, ie in the case of NaCL)
|
||||
window.setInterval(function() {
|
||||
for (var i = 0; i < maxTestId; i++) {
|
||||
if (testsOutstanding[i] !== undefined) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue