const assert = require('assert');
const sinon = require('sinon'); // eslint-disable-line node/no-unpublished-require
const MysteryBox = require('../../lib/mystery-box');
-const stubLogger = require('../stub-logger');
+const { MysteryBoxError } = require('../../lib/errors');
+const crypto = require('crypto');
+
+function _verbose(mb) {
+ if (process.env.VERBOSE_TESTS) {
+ mb.on('statistics', (...args) => console.log(...args));
+ }
+}
describe('MysteryBox', function () {
- const noExpectedException = 'did not get expected exception';
let mb, options, object;
beforeEach(function () {
options = {
describe('constructor', function () {
it('needs a secret', async function () {
options = {};
- try {
- mb = new MysteryBox(stubLogger, options);
- assert.fail(noExpectedException);
- } catch (e) {
- assert.strictEqual(e.message, 'missing encryption secret', noExpectedException);
- }
+ assert.rejects(() => new MysteryBox(options));
+ });
+
+ it('accepts multiple secrets', async function () {
+ this.slow(500);
+ options = {
+ encryptionSecret: ['first poor secret', 'second poor secret'],
+ };
+ mb = new MysteryBox(options);
+ _verbose(mb);
+ object = {
+ foo: 'bar',
+ baz: 'quux',
+ flarp: 13,
+ };
+ const encryptedResult = await mb.pack(object);
+ const decryptedResult = await mb.unpack(encryptedResult);
+ assert.deepStrictEqual(decryptedResult, object);
});
it('covers options', function () {
- try {
- mb = new MysteryBox(stubLogger);
- assert.fail(noExpectedException);
- } catch (e) {
- assert.strictEqual(e.message, 'missing encryption secret', noExpectedException);
- }
+ assert.rejects(() => new MysteryBox());
});
it('covers bad flags', function () {
options.defaultFlags = 300;
- try {
- mb = new MysteryBox(stubLogger, options);
- assert.fail(noExpectedException);
- } catch (e) {
- assert(e instanceof RangeError, noExpectedException);
- }
+ assert.rejects(() => new MysteryBox(options), MysteryBoxError);
});
it('covers missing ciphers', function () {
- sinon.stub(MysteryBox._test.crypto, 'getCiphers').returns(['rot13']);
- try {
- mb = new MysteryBox(stubLogger, options);
- assert.fail(noExpectedException);
- } catch (e) {
- assert.strictEqual(e.message, 'no supported versions available', noExpectedException);
- }
+ sinon.stub(crypto, 'getCiphers').returns(['rot13']);
+ assert.rejects(() => new MysteryBox(options));
});
}); // constructor
+ describe('_ensureArray', function () {
+ it('returns empty array for no data', function () {
+ const result = MysteryBox._ensureArray();
+ assert.deepStrictEqual(result, []);
+ });
+ it('returns same array passed in', function () {
+ const expected = [1, 2, 3, 'foo'];
+ const result = MysteryBox._ensureArray(expected);
+ assert.deepStrictEqual(result, expected);
+ });
+ it('returns array containing non-array data', function () {
+ const data = 'bar';
+ const result = MysteryBox._ensureArray(data);
+ assert.deepStrictEqual(result, [data]);
+ });
+ }); // _ensureArray
+
+ describe('_keyFromSecret', function () {
+ it('covers invalid', async function () {
+ assert.rejects(() => MysteryBox._keyFromSecret('unknown deriver', 'secret', 'salt', 32), MysteryBoxError);
+ });
+ }); // _keyFromSecret
+
+ describe('_versionHeaderDecode', function () {
+ function _check(firstByte, numBytes, value) {
+ const result = MysteryBox._versionHeaderDecode(firstByte);
+ assert.strictEqual(result.numBytes, numBytes);
+ assert.strictEqual(result.firstByte, value);
+ }
+ it('decodes single byte, min', function () {
+ _check(0x00, 1, 0x00);
+ });
+ it('decodes single byte, max', function () {
+ _check(0x7f, 1, 0x7f);
+ });
+ it('decodes double byte, min', function () {
+ _check(0x80, 2, 0x00);
+ });
+ it('decodes double byte, max', function () {
+ _check(0xbf, 2, 0x3f);
+ });
+ it('decodes triple byte, min', function () {
+ _check(0xc0, 3, 0x00);
+ });
+ it('decodes triple byte, max', function () {
+ _check(0xdf, 3, 0x1f);
+ });
+ it('decodes quadruple byte, min', function () {
+ _check(0xe0, 4, 0x00);
+ });
+ it('decodes quadruple byte, max', function () {
+ _check(0xef, 4, 0x0f);
+ });
+ it('decodes quintuple byte, min', function () {
+ _check(0xf0, 5, 0x00);
+ });
+ it('decodes quintuple byte, max', function () {
+ _check(0xf7, 5, 0x07);
+ });
+ it('decodes sextuple byte, min', function () {
+ _check(0xf8, 6, 0x00);
+ });
+ it('decodes sextuple byte, max', function () {
+ _check(0xfb, 6, 0x03);
+ });
+ it('decodes septuple byte, min', function () {
+ _check(0xfc, 7, 0x00);
+ });
+ it('decodes septuple byte, max', function () {
+ _check(0xfd, 7, 0x01);
+ });
+ it('decodes double byte, min', function () {
+ _check(0xfe, 8, 0x00);
+ });
+ it('decodes double byte, max', function () {
+ _check(0xfe, 8, 0x00);
+ });
+ it('covers unsupported', function () {
+ assert.throws(() => MysteryBox._versionHeaderDecode(0xff), MysteryBoxError);
+ });
+ }); // _versionHeaderDecode
+
+ describe('_versionDecode', function () {
+ function _checkDecodeRange(start, end, numBytes, headerByte) {
+ const headerMask = ((0xff << (8 - numBytes)) & 0xff) >>> 0;
+ const hByte = ((0xff << (8 - numBytes + 1)) & 0xff) >>> 0;
+ assert.strictEqual(hByte, headerByte, `TEST ERROR: unexpected header for length, computed: ${hByte.toString(16)} passed: ${headerByte.toString(16)}`);
+ for (let v = start; v <= end; v++) {
+ const buffer = Buffer.alloc(numBytes);
+ buffer.writeUIntBE(v, 0, numBytes);
+ assert((buffer[0] & headerMask) === 0, `TEST ERROR: version ${v} encroached on headerByte 0x${headerByte.toString(16)} (${headerByte.toString(2)} & ${buffer[0].toString(2)})`);
+ buffer[0] = (buffer[0] | headerByte) >>> 0;
+ const { version, versionBytes } = MysteryBox._versionDecode(buffer);
+ assert.strictEqual(versionBytes, numBytes);
+ assert.strictEqual(version, v);
+ }
+ }
+ it('covers single-byte versions', function () {
+ _checkDecodeRange(0, 127, 1, 0x00);
+ });
+ it('covers double-byte versions', function () {
+ _checkDecodeRange(128, 136, 2, 0x80);
+ // ...
+ _checkDecodeRange(16375, 16383, 2, 0x80);
+ });
+ it('covers triple-byte versions', function () {
+ _checkDecodeRange(16384, 16390, 3, 0xc0);
+ // ...
+ _checkDecodeRange(2097145, 2097151, 3, 0xc0);
+ });
+ it('covers quadruple-byte versions', function () {
+ _checkDecodeRange(2097151, 2097160, 4, 0xe0);
+ // ...
+ _checkDecodeRange(268435445, 268435455, 4, 0xe0);
+ });
+ it('covers quintuple-byte versions', function () {
+ _checkDecodeRange(268435445, 268435445, 5, 0xf0);
+ // ...
+ _checkDecodeRange(34359738360, 34359738367, 5, 0xf0);
+ });
+ it('covers sextuple-byte versions', function () {
+ _checkDecodeRange(34359738367, 34359738375, 6, 0xf8);
+ // ...
+ _checkDecodeRange(4398046511093, 4398046511103, 6, 0xf8);
+ });
+ it('covers too big', function () {
+ const buffer = Buffer.from([0xfc, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]);
+ assert.throws(() => MysteryBox._versionDecode(buffer), MysteryBoxError);
+ });
+ }); // _versionDecode
+
+ describe('_versionEncode', function () {
+ function _checkEncodeRange(start, end, bytes, headerBits) {
+ for (let version = start; version <= end; version++) {
+ const expected = Buffer.alloc(bytes);
+ expected.writeUIntBE(version, 0, bytes);
+ expected[0] = (expected[0] | headerBits) >>> 0;
+
+ const { buffer, versionBytes } = MysteryBox._versionEncode(version);
+ assert.deepStrictEqual(versionBytes, bytes, `version ${version} has ${versionBytes} bytes instead of expected ${bytes}`);
+ assert.deepStrictEqual(buffer, expected, `version ${version} buffer not expected: ${JSON.stringify(buffer)} vs ${JSON.stringify(expected)}`);
+ }
+ }
+ function _cheeckReciprical(version) {
+ const { buffer, versionBytes: encVB } = MysteryBox._versionEncode(version);
+ const { version: decV, versionBytes: decVB } = MysteryBox._versionDecode(buffer);
+ assert.strictEqual(encVB, decVB, `differing lengths for ${version}: enc:${encVB} dec:${decVB}`);
+ assert.strictEqual(decV, version, `failed for ${version}: ${JSON.stringify({ buffer, versionBytes: encVB })}`);
+ }
+ it('covers single-byte-packable versions', function () {
+ _checkEncodeRange(0, 127, 1, 0x00);
+ });
+ it('covers double-byte-packable versions', function () {
+ _checkEncodeRange(128, 200, 2, 0x80);
+ /* ... */
+ _checkEncodeRange(16380, 16383, 2, 0x80);
+ });
+ it('covers triple-byte-packable versions', function () {
+ _checkEncodeRange(16384, 16390, 3, 0xc0);
+ /* ... */
+ _checkEncodeRange(2097141, 2097151, 3, 0xc0);
+ });
+ it('covers quadruple-byte-packable versions', function () {
+ _checkEncodeRange(2097152, 2097161, 4, 0xe0);
+ /* ... */
+ _checkEncodeRange(268435445, 268435455, 4, 0xe0);
+ });
+ it('covers quintuple-byte-packable versions', function () {
+ _checkEncodeRange(268435456, 268435465, 5, 0xf0)
+ /* ... */
+ _checkEncodeRange(4294967294, 4294967296, 5, 0xf0)
+ /* ... */
+ _checkEncodeRange(34359738360, 34359738367, 5, 0xf0)
+ });
+ it('covers sextuple-byte-packable versions', function () {
+ _checkEncodeRange(34359738368, 34359738377, 6, 0xf8)
+ /* ... */
+ _checkEncodeRange(4398046511093, 4398046511103, 6, 0xf8)
+ });
+ it('covers too large', function () {
+ const version = 277076930199552;
+ assert.rejects(() => MysteryBox._versionEncode(version), MysteryBoxError);
+ });
+ it('recipricates', function () {
+ [
+ 0, 127,
+ 128, 16383,
+ 16384, 2097151,
+ 2097152, 268435455,
+ 268435456, 34359738367,
+ 34359738368, 4398046511103,
+ ].forEach((v) => _cheeckReciprical(v));
+ });
+ }); // _versionEncode
+
describe('pack, unpack', function () {
beforeEach(function () {
- mb = new MysteryBox(stubLogger, options);
+ mb = new MysteryBox(options);
+ _verbose(mb);
});
it('covers packing unsupported version', async function () {
- try {
- await mb.pack({}, 0);
- assert.fail(noExpectedException);
- } catch (e) {
- assert(e instanceof RangeError, noExpectedException);
- }
+ assert.rejects(() => mb.pack({}, 0), MysteryBoxError);
});
it('covers unpacking unsupported version', async function () {
const badBuffer = Buffer.alloc(128);
badBuffer.writeUInt8(0, 0); // No such thing as version 0
- const badPayload = badBuffer.toString('base64');
- try {
- await mb.unpack(badPayload);
- assert.fail(noExpectedException);
- } catch (e) {
- assert(e instanceof RangeError, noExpectedException);
- }
+ const badPayload = badBuffer.toString('base64url');
+ assert.rejects(() => mb.unpack(badPayload), MysteryBoxError);
});
it('encrypts and decrypts default version', async function () {
assert.deepStrictEqual(decryptedResult, object);
});
- it('encrypts and decrypts all available versions +brotli', async function () {
+ it('encrypts and decrypts default version, coerced buffer contents', async function () {
+ this.slow(500);
+ object = 'a string a string';
+ const encryptedResult = await mb.pack(object, undefined, mb.Flags.BufferPayload | mb.defaultFlags);
+ const decryptedResult = await mb.unpack(encryptedResult);
+ assert.deepStrictEqual(decryptedResult, Buffer.from(object));
+ });
+
+ it('decrypts secondary (older) secret', async function () {
+ this.slow(500);
+ const oldmb = new MysteryBox({ encryptionSecret: 'old secret' });
+ _verbose(oldmb);
+ const newmb = new MysteryBox({ encryptionSecret: ['new secret', 'old secret'] });
+ _verbose(newmb);
+ object = {
+ foo: 'bar',
+ baz: 'quux',
+ flarp: 13,
+ };
+ const oldEncrypted = await oldmb.pack(object);
+ const newDecrypted = await newmb.unpack(oldEncrypted);
+ assert.deepStrictEqual(newDecrypted, object);
+ });
+
+ it('fails to decrypt invalid secret', async function () {
+ this.slow(500);
+ const oldmb = new MysteryBox({ encryptionSecret: 'very old secret' });
+ _verbose(oldmb);
+ const newmb = new MysteryBox({ encryptionSecret: ['new secret', 'old secret'] });
+ _verbose(newmb);
+ object = {
+ foo: 'bar',
+ baz: 'quux',
+ flarp: 13,
+ };
+ const oldEncrypted = await oldmb.pack(object);
+ assert.rejects(() => newmb.unpack(oldEncrypted));
+ });
+
+ it('encrypts and decrypts all available versions no compression', async function () {
Object.keys(mb.versionParameters).map((v) => Number(v)).forEach(async (version) => {
object = {
foo: 'bar',
});
});
+ it('encrypts and decrypts all available versions +brotli', async function () {
+ Object.keys(mb.versionParameters).map((v) => Number(v)).forEach(async (version) => {
+ object = {
+ foo: 'bar',
+ baz: 'quux',
+ flarp: 13,
+ };
+ const encryptedResult = await mb.pack(object, version, mb.Flags.Brotli);
+ const decryptedResult = await mb.unpack(encryptedResult);
+ assert.deepStrictEqual(decryptedResult, object, `${version} results not symmetric`);
+ });
+ });
+
it('encrypts and decrypts all available versions +flate', async function () {
Object.keys(mb.versionParameters).map((v) => Number(v)).forEach(async (version) => {
object = {
baz: 'quux',
flarp: 13,
};
- const encryptedResult = await mb.pack(object, version, 0x01);
+ const encryptedResult = await mb.pack(object, version, mb.Flags.Flate);
const decryptedResult = await mb.unpack(encryptedResult);
assert.deepStrictEqual(decryptedResult, object, `${version} results not symmetric`);
});
object = {
longProperty: 'x'.repeat(384 * 1024).split('').map(() => String.fromCharCode(rnd())).join(''),
};
- const encryptedResult = await mb.pack(object, mb.bestVersion, 0x00);
+ const encryptedResult = await mb.pack(object, mb.bestVersion, mb.Flags.Brotli);
const decryptedResult = await mb.unpack(encryptedResult);
assert.deepStrictEqual(decryptedResult, object);
});
object = {
longProperty: 'x'.repeat(384 * 1024).split('').map(() => String.fromCharCode(rnd())).join(''),
};
- const encryptedResult = await mb.pack(object, mb.bestVersion, 0x01);
+ const encryptedResult = await mb.pack(object, mb.bestVersion, mb.Flags.Flate);
const decryptedResult = await mb.unpack(encryptedResult);
assert.deepStrictEqual(decryptedResult, object);
});
+
+ it('handles undefined', async function () {
+ assert.rejects(() => mb.unpack(), MysteryBoxError);
+ });
+
+ it('handles incomplete', async function () {
+ this.slow(500);
+ const encryptedResult = await mb.pack({ foo: 'bar' });
+ assert.rejects(() => mb.unpack(encryptedResult.slice(0, 6)), MysteryBoxError);
+ });
+
+ it('covers internal error, incorrect version byte size, pack', async function () {
+ this.slow(500);
+ const version = 1;
+ sinon.stub(mb.versionParameters[version], 'versionBytes').value(10);
+ assert.rejects(() => mb.pack({}, version), Error);
+ });
+
+ it('covers internal error, incorrect version byte size, unpack', async function () {
+ this.slow(500);
+ const version = 1;
+ const encryptedResult = await mb.pack({}, version);
+ sinon.stub(mb.versionParameters[version], 'versionBytes').value(10);
+ assert.rejects(() => mb.unpack(encryptedResult), Error);
+ });
+
}); // pack, unpack
}); // MysteryBox
\ No newline at end of file