natty
/
fox-send
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #472 from mozilla/remove-hash-tests 

removed references to checksums in frontend tests
This commit is contained in:
Danny Coates 2017-08-07 15:36:29 -07:00 committed by GitHub
parent 5844a9a03c 60eda64c8d
commit 5200928d5c
4 changed files with 295 additions and 2130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2200
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

2
test/frontend/driver.js
View File

@ -6,7 +6,7 @@ const driver = new webdriver.Builder().forBrowser('firefox').build();
driver.get(path.join('file:///', __dirname, '/frontend.test.html')); driver.get(path.join('file:///', __dirname, '/frontend.test.html'));
driver.wait(until.titleIs('Mocha Tests')); driver.wait(until.titleIs('Mocha Tests'));
driver.wait(until.titleMatches(/^[0-1]$/)); driver.wait(until.titleMatches(/^[0-9]$/));
driver.getTitle().then(title => { driver.getTitle().then(title => {
driver.quit().then(() => { driver.quit().then(() => {

154
test/frontend/frontend.test.js
View File

@ -4,12 +4,10 @@ const FakeFile = window.FakeFile;
const assert = window.assert; const assert = window.assert;
const server = window.server; const server = window.server;
const hexToArray = window.hexToArray; const hexToArray = window.hexToArray;
const arrayToHex = window.arrayToHex;
const sinon = window.sinon; const sinon = window.sinon;
let file; let file;
let encryptedIV; let encryptedIV;
let fileHash;
let secretKey; let secretKey;
let originalBlob; let originalBlob;
@ -59,28 +57,6 @@ describe('File Sender', function() {
}); });
}); });
it('Should get a hashing event emission', function() {
const file = new FakeFile('hello_world.txt', ['This is some data.']);
const fs = new FileSender(file);
let testHashing = true;
fs.on('hashing', isStillHashing => {
assert(!(!testHashing && isStillHashing));
testHashing = isStillHashing;
});
return fs
.upload()
.then(info => {
assert(info);
assert(!testHashing);
})
.catch(err => {
console.log(err, err.stack);
assert.fail();
});
});
it('Should get a encrypting event emission', function() { it('Should get a encrypting event emission', function() {
const file = new FakeFile('hello_world.txt', ['This is some data.']); const file = new FakeFile('hello_world.txt', ['This is some data.']);
const fs = new FileSender(file); const fs = new FileSender(file);
@ -116,9 +92,6 @@ describe('File Sender', function() {
readRaw.onload = function(event) { readRaw.onload = function(event) {
const rawArray = new Uint8Array(this.result); const rawArray = new Uint8Array(this.result);
originalBlob = rawArray; originalBlob = rawArray;
window.crypto.subtle.digest('SHA-256', rawArray).then(hash => {
fileHash = hash;
window.crypto.subtle window.crypto.subtle
.importKey( .importKey(
'jwk', 'jwk',
@ -140,7 +113,6 @@ describe('File Sender', function() {
{ {
name: 'AES-GCM', name: 'AES-GCM',
iv: hexToArray(IV), iv: hexToArray(IV),
additionalData: hash,
tagLength: 128 tagLength: 128
}, },
cryptoKey, cryptoKey,
@ -154,7 +126,6 @@ describe('File Sender', function() {
done(); done();
}); });
}); });
});
}; };
readRaw.readAsArrayBuffer(newFile); readRaw.readAsArrayBuffer(newFile);
@ -179,7 +150,6 @@ describe('File Receiver', function() {
FakeXHR.prototype.getResponseHeader = function() { FakeXHR.prototype.getResponseHeader = function() {
return JSON.stringify({ return JSON.stringify({
aad: arrayToHex(new Uint8Array(fileHash)),
filename: 'hello_world.txt', filename: 'hello_world.txt',
id: encryptedIV id: encryptedIV
}); });
@ -198,7 +168,6 @@ describe('File Receiver', function() {
if ( if (
file === undefined || file === undefined ||
encryptedIV === undefined || encryptedIV === undefined ||
fileHash === undefined ||
secretKey === undefined secretKey === undefined
) { ) {
assert.fail( assert.fail(
@ -246,10 +215,6 @@ describe('File Receiver', function() {
testDecrypting = isStillDecrypting; testDecrypting = isStillDecrypting;
}); });
fr.on('safe', isSafe => {
assert(isSafe);
});
return fr return fr
.download() .download()
.then(([decrypted, name]) => { .then(([decrypted, name]) => {
@ -262,123 +227,4 @@ describe('File Receiver', function() {
assert.fail(); assert.fail();
}); });
}); });
it('Should emit hashing events', function() {
const fr = new FileReceiver();
location.hash = secretKey;
let testHashing = true;
fr.on('hashing', isStillHashing => {
assert(!(!testHashing && isStillHashing));
testHashing = isStillHashing;
});
fr.on('safe', isSafe => {
assert(isSafe);
});
return fr
.download()
.then(([decrypted, name]) => {
assert(decrypted);
assert(name);
assert(!testHashing);
})
.catch(err => {
assert.fail();
});
});
it('Should catch fraudulent checksums', function(done) {
// Use the secret key and file hash of the previous file to encrypt,
// which has a different hash than this one (different strings).
const newFile = new FakeFile('hello_world.txt', [
'This is some data, with a changed hash.'
]);
const readRaw = new FileReader();
readRaw.onload = function(event) {
const plaintext = new Uint8Array(this.result);
window.crypto.subtle
.importKey(
'jwk',
{
kty: 'oct',
k: secretKey,
alg: 'A128GCM',
ext: true
},
{
name: 'AES-GCM'
},
true,
['encrypt', 'decrypt']
)
.then(key => {
// The file hash used here is the hash of the fake
// file from the previous test; it's a phony checksum.
return window.crypto.subtle.encrypt(
{
name: 'AES-GCM',
iv: hexToArray(encryptedIV),
additionalData: fileHash,
tagLength: 128
},
key,
plaintext
);
})
.then(encrypted => {
file = encrypted;
const fr = new FileReceiver();
location.hash = secretKey;
fr.on('unsafe', isUnsafe => {
assert(isUnsafe);
});
fr.on('safe', () => {
// This event should not be emitted.
assert.fail();
});
fr
.download()
.then(() => {
assert.fail();
done();
})
.catch(err => {
assert(1);
done();
});
});
};
readRaw.readAsArrayBuffer(newFile);
});
it('Should not decrypt with an incorrect checksum', function() {
FakeXHR.prototype.getResponseHeader = function() {
return JSON.stringify({
aad: 'some_bad_hashz',
filename: 'hello_world.txt',
id: encryptedIV
});
};
const fr = new FileReceiver();
location.hash = secretKey;
return fr
.download()
.then(([decrypted, name]) => {
assert(decrypted);
assert(name);
assert.fail();
})
.catch(err => {
assert(1);
});
});
}); });

1
test/server/server.test.js
View File

@ -46,7 +46,6 @@ describe('Server integration tests', function() {
.set( .set(
'X-File-Metadata', 'X-File-Metadata',
JSON.stringify({ JSON.stringify({
aad: '11111',
id: '111111111111111111111111', id: '111111111111111111111111',
filename: 'test_upload.txt' filename: 'test_upload.txt'
}) })