X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=test%2Flib%2Fmystery-box.js;h=510362bd06c8ab3a7884909e41404e0350d40494;hb=7cb82c875071fede55262be31ed5ed771c0b25c5;hp=c71f6ff0fe8081cb22ef4f95399ffe099224b4e1;hpb=1cbcff24343426923a4329a1d1ecb797050fee9c;p=squeep-mystery-box diff --git a/test/lib/mystery-box.js b/test/lib/mystery-box.js index c71f6ff..510362b 100644 --- a/test/lib/mystery-box.js +++ b/test/lib/mystery-box.js @@ -5,7 +5,14 @@ const assert = require('assert'); const sinon = require('sinon'); // eslint-disable-line node/no-unpublished-require const MysteryBox = require('../../lib/mystery-box'); -const stubLogger = require('../stub-logger'); +const { MysteryBoxError } = require('../../lib/errors'); +const crypto = require('crypto'); + +function _verbose(mb) { + if (process.env.VERBOSE_TESTS) { + mb.on('statistics', (...args) => console.log(...args)); + } +} describe('MysteryBox', function () { let mb, options, object; @@ -21,7 +28,7 @@ describe('MysteryBox', function () { describe('constructor', function () { it('needs a secret', async function () { options = {}; - assert.rejects(() => new MysteryBox(stubLogger, options)); + assert.rejects(() => new MysteryBox(options)); }); it('accepts multiple secrets', async function () { @@ -29,7 +36,8 @@ describe('MysteryBox', function () { options = { encryptionSecret: ['first poor secret', 'second poor secret'], }; - mb = new MysteryBox(stubLogger, options); + mb = new MysteryBox(options); + _verbose(mb); object = { foo: 'bar', baz: 'quux', @@ -41,40 +49,230 @@ describe('MysteryBox', function () { }); it('covers options', function () { - assert.rejects(() => new MysteryBox(stubLogger)); + assert.rejects(() => new MysteryBox()); }); it('covers bad flags', function () { options.defaultFlags = 300; - assert.rejects(() => new MysteryBox(stubLogger, options), RangeError); + assert.rejects(() => new MysteryBox(options), MysteryBoxError); }); it('covers missing ciphers', function () { - sinon.stub(MysteryBox._test.crypto, 'getCiphers').returns(['rot13']); - assert.rejects(() => new MysteryBox(stubLogger, options)); + sinon.stub(crypto, 'getCiphers').returns(['rot13']); + assert.rejects(() => new MysteryBox(options)); }); }); // constructor + describe('_ensureArray', function () { + it('returns empty array for no data', function () { + const result = MysteryBox._ensureArray(); + assert.deepStrictEqual(result, []); + }); + it('returns same array passed in', function () { + const expected = [1, 2, 3, 'foo']; + const result = MysteryBox._ensureArray(expected); + assert.deepStrictEqual(result, expected); + }); + it('returns array containing non-array data', function () { + const data = 'bar'; + const result = MysteryBox._ensureArray(data); + assert.deepStrictEqual(result, [data]); + }); + }); // _ensureArray + describe('_keyFromSecret', function () { it('covers invalid', async function () { - assert.rejects(() => MysteryBox._keyFromSecret('unknown deriver', 'secret', 'salt', 32), RangeError); + assert.rejects(() => MysteryBox._keyFromSecret('unknown deriver', 'secret', 'salt', 32), MysteryBoxError); }); }); // _keyFromSecret + describe('_versionHeaderDecode', function () { + function _check(firstByte, numBytes, value) { + const result = MysteryBox._versionHeaderDecode(firstByte); + assert.strictEqual(result.numBytes, numBytes); + assert.strictEqual(result.firstByte, value); + } + it('decodes single byte, min', function () { + _check(0x00, 1, 0x00); + }); + it('decodes single byte, max', function () { + _check(0x7f, 1, 0x7f); + }); + it('decodes double byte, min', function () { + _check(0x80, 2, 0x00); + }); + it('decodes double byte, max', function () { + _check(0xbf, 2, 0x3f); + }); + it('decodes triple byte, min', function () { + _check(0xc0, 3, 0x00); + }); + it('decodes triple byte, max', function () { + _check(0xdf, 3, 0x1f); + }); + it('decodes quadruple byte, min', function () { + _check(0xe0, 4, 0x00); + }); + it('decodes quadruple byte, max', function () { + _check(0xef, 4, 0x0f); + }); + it('decodes quintuple byte, min', function () { + _check(0xf0, 5, 0x00); + }); + it('decodes quintuple byte, max', function () { + _check(0xf7, 5, 0x07); + }); + it('decodes sextuple byte, min', function () { + _check(0xf8, 6, 0x00); + }); + it('decodes sextuple byte, max', function () { + _check(0xfb, 6, 0x03); + }); + it('decodes septuple byte, min', function () { + _check(0xfc, 7, 0x00); + }); + it('decodes septuple byte, max', function () { + _check(0xfd, 7, 0x01); + }); + it('decodes double byte, min', function () { + _check(0xfe, 8, 0x00); + }); + it('decodes double byte, max', function () { + _check(0xfe, 8, 0x00); + }); + it('covers unsupported', function () { + assert.throws(() => MysteryBox._versionHeaderDecode(0xff), MysteryBoxError); + }); + }); // _versionHeaderDecode + + describe('_versionDecode', function () { + function _checkDecodeRange(start, end, numBytes, headerByte) { + const headerMask = ((0xff << (8 - numBytes)) & 0xff) >>> 0; + const hByte = ((0xff << (8 - numBytes + 1)) & 0xff) >>> 0; + assert.strictEqual(hByte, headerByte, `TEST ERROR: unexpected header for length, computed: ${hByte.toString(16)} passed: ${headerByte.toString(16)}`); + for (let v = start; v <= end; v++) { + const buffer = Buffer.alloc(numBytes); + buffer.writeUIntBE(v, 0, numBytes); + assert((buffer[0] & headerMask) === 0, `TEST ERROR: version ${v} encroached on headerByte 0x${headerByte.toString(16)} (${headerByte.toString(2)} & ${buffer[0].toString(2)})`); + buffer[0] = (buffer[0] | headerByte) >>> 0; + const { version, versionBytes } = MysteryBox._versionDecode(buffer); + assert.strictEqual(versionBytes, numBytes); + assert.strictEqual(version, v); + } + } + it('covers single-byte versions', function () { + _checkDecodeRange(0, 127, 1, 0x00); + }); + it('covers double-byte versions', function () { + _checkDecodeRange(128, 136, 2, 0x80); + // ... + _checkDecodeRange(16375, 16383, 2, 0x80); + }); + it('covers triple-byte versions', function () { + _checkDecodeRange(16384, 16390, 3, 0xc0); + // ... + _checkDecodeRange(2097145, 2097151, 3, 0xc0); + }); + it('covers quadruple-byte versions', function () { + _checkDecodeRange(2097151, 2097160, 4, 0xe0); + // ... + _checkDecodeRange(268435445, 268435455, 4, 0xe0); + }); + it('covers quintuple-byte versions', function () { + _checkDecodeRange(268435445, 268435445, 5, 0xf0); + // ... + _checkDecodeRange(34359738360, 34359738367, 5, 0xf0); + }); + it('covers sextuple-byte versions', function () { + _checkDecodeRange(34359738367, 34359738375, 6, 0xf8); + // ... + _checkDecodeRange(4398046511093, 4398046511103, 6, 0xf8); + }); + it('covers too big', function () { + const buffer = Buffer.from([0xfc, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]); + assert.throws(() => MysteryBox._versionDecode(buffer), MysteryBoxError); + }); + }); // _versionDecode + + describe('_versionEncode', function () { + function _checkEncodeRange(start, end, bytes, headerBits) { + for (let version = start; version <= end; version++) { + const expected = Buffer.alloc(bytes); + expected.writeUIntBE(version, 0, bytes); + expected[0] = (expected[0] | headerBits) >>> 0; + + const { buffer, versionBytes } = MysteryBox._versionEncode(version); + assert.deepStrictEqual(versionBytes, bytes, `version ${version} has ${versionBytes} bytes instead of expected ${bytes}`); + assert.deepStrictEqual(buffer, expected, `version ${version} buffer not expected: ${JSON.stringify(buffer)} vs ${JSON.stringify(expected)}`); + } + } + function _cheeckReciprical(version) { + const { buffer, versionBytes: encVB } = MysteryBox._versionEncode(version); + const { version: decV, versionBytes: decVB } = MysteryBox._versionDecode(buffer); + assert.strictEqual(encVB, decVB, `differing lengths for ${version}: enc:${encVB} dec:${decVB}`); + assert.strictEqual(decV, version, `failed for ${version}: ${JSON.stringify({ buffer, versionBytes: encVB })}`); + } + it('covers single-byte-packable versions', function () { + _checkEncodeRange(0, 127, 1, 0x00); + }); + it('covers double-byte-packable versions', function () { + _checkEncodeRange(128, 200, 2, 0x80); + /* ... */ + _checkEncodeRange(16380, 16383, 2, 0x80); + }); + it('covers triple-byte-packable versions', function () { + _checkEncodeRange(16384, 16390, 3, 0xc0); + /* ... */ + _checkEncodeRange(2097141, 2097151, 3, 0xc0); + }); + it('covers quadruple-byte-packable versions', function () { + _checkEncodeRange(2097152, 2097161, 4, 0xe0); + /* ... */ + _checkEncodeRange(268435445, 268435455, 4, 0xe0); + }); + it('covers quintuple-byte-packable versions', function () { + _checkEncodeRange(268435456, 268435465, 5, 0xf0) + /* ... */ + _checkEncodeRange(4294967294, 4294967296, 5, 0xf0) + /* ... */ + _checkEncodeRange(34359738360, 34359738367, 5, 0xf0) + }); + it('covers sextuple-byte-packable versions', function () { + _checkEncodeRange(34359738368, 34359738377, 6, 0xf8) + /* ... */ + _checkEncodeRange(4398046511093, 4398046511103, 6, 0xf8) + }); + it('covers too large', function () { + const version = 277076930199552; + assert.rejects(() => MysteryBox._versionEncode(version), MysteryBoxError); + }); + it('recipricates', function () { + [ + 0, 127, + 128, 16383, + 16384, 2097151, + 2097152, 268435455, + 268435456, 34359738367, + 34359738368, 4398046511103, + ].forEach((v) => _cheeckReciprical(v)); + }); + }); // _versionEncode + describe('pack, unpack', function () { beforeEach(function () { - mb = new MysteryBox(stubLogger, options); + mb = new MysteryBox(options); + _verbose(mb); }); it('covers packing unsupported version', async function () { - assert.rejects(() => mb.pack({}, 0), RangeError); + assert.rejects(() => mb.pack({}, 0), MysteryBoxError); }); it('covers unpacking unsupported version', async function () { const badBuffer = Buffer.alloc(128); badBuffer.writeUInt8(0, 0); // No such thing as version 0 const badPayload = badBuffer.toString('base64url'); - assert.rejects(() => mb.unpack(badPayload), RangeError); + assert.rejects(() => mb.unpack(badPayload), MysteryBoxError); }); it('encrypts and decrypts default version', async function () { @@ -97,10 +295,20 @@ describe('MysteryBox', function () { assert.deepStrictEqual(decryptedResult, object); }); + it('encrypts and decrypts default version, coerced buffer contents', async function () { + this.slow(500); + object = 'a string a string'; + const encryptedResult = await mb.pack(object, undefined, mb.Flags.BufferPayload | mb.defaultFlags); + const decryptedResult = await mb.unpack(encryptedResult); + assert.deepStrictEqual(decryptedResult, Buffer.from(object)); + }); + it('decrypts secondary (older) secret', async function () { this.slow(500); - const oldmb = new MysteryBox(stubLogger, { encryptionSecret: 'old secret' }); - const newmb = new MysteryBox(stubLogger, { encryptionSecret: ['new secret', 'old secret'] }); + const oldmb = new MysteryBox({ encryptionSecret: 'old secret' }); + _verbose(oldmb); + const newmb = new MysteryBox({ encryptionSecret: ['new secret', 'old secret'] }); + _verbose(newmb); object = { foo: 'bar', baz: 'quux', @@ -113,8 +321,10 @@ describe('MysteryBox', function () { it('fails to decrypt invalid secret', async function () { this.slow(500); - const oldmb = new MysteryBox(stubLogger, { encryptionSecret: 'very old secret' }); - const newmb = new MysteryBox(stubLogger, { encryptionSecret: ['new secret', 'old secret'] }); + const oldmb = new MysteryBox({ encryptionSecret: 'very old secret' }); + _verbose(oldmb); + const newmb = new MysteryBox({ encryptionSecret: ['new secret', 'old secret'] }); + _verbose(newmb); object = { foo: 'bar', baz: 'quux', @@ -124,7 +334,7 @@ describe('MysteryBox', function () { assert.rejects(() => newmb.unpack(oldEncrypted)); }); - it('encrypts and decrypts all available versions +brotli', async function () { + it('encrypts and decrypts all available versions no compression', async function () { Object.keys(mb.versionParameters).map((v) => Number(v)).forEach(async (version) => { object = { foo: 'bar', @@ -137,6 +347,19 @@ describe('MysteryBox', function () { }); }); + it('encrypts and decrypts all available versions +brotli', async function () { + Object.keys(mb.versionParameters).map((v) => Number(v)).forEach(async (version) => { + object = { + foo: 'bar', + baz: 'quux', + flarp: 13, + }; + const encryptedResult = await mb.pack(object, version, mb.Flags.Brotli); + const decryptedResult = await mb.unpack(encryptedResult); + assert.deepStrictEqual(decryptedResult, object, `${version} results not symmetric`); + }); + }); + it('encrypts and decrypts all available versions +flate', async function () { Object.keys(mb.versionParameters).map((v) => Number(v)).forEach(async (version) => { object = { @@ -144,7 +367,7 @@ describe('MysteryBox', function () { baz: 'quux', flarp: 13, }; - const encryptedResult = await mb.pack(object, version, 0x01); + const encryptedResult = await mb.pack(object, version, mb.Flags.Flate); const decryptedResult = await mb.unpack(encryptedResult); assert.deepStrictEqual(decryptedResult, object, `${version} results not symmetric`); }); @@ -160,7 +383,7 @@ describe('MysteryBox', function () { object = { longProperty: 'x'.repeat(384 * 1024).split('').map(() => String.fromCharCode(rnd())).join(''), }; - const encryptedResult = await mb.pack(object, mb.bestVersion, 0x00); + const encryptedResult = await mb.pack(object, mb.bestVersion, mb.Flags.Brotli); const decryptedResult = await mb.unpack(encryptedResult); assert.deepStrictEqual(decryptedResult, object); }); @@ -175,19 +398,34 @@ describe('MysteryBox', function () { object = { longProperty: 'x'.repeat(384 * 1024).split('').map(() => String.fromCharCode(rnd())).join(''), }; - const encryptedResult = await mb.pack(object, mb.bestVersion, 0x01); + const encryptedResult = await mb.pack(object, mb.bestVersion, mb.Flags.Flate); const decryptedResult = await mb.unpack(encryptedResult); assert.deepStrictEqual(decryptedResult, object); }); it('handles undefined', async function () { - assert.rejects(() => mb.unpack(), RangeError); + assert.rejects(() => mb.unpack(), MysteryBoxError); }); it('handles incomplete', async function () { this.slow(500); const encryptedResult = await mb.pack({ foo: 'bar' }); - assert.rejects(() => mb.unpack(encryptedResult.slice(0, 6)), RangeError); + assert.rejects(() => mb.unpack(encryptedResult.slice(0, 6)), MysteryBoxError); + }); + + it('covers internal error, incorrect version byte size, pack', async function () { + this.slow(500); + const version = 1; + sinon.stub(mb.versionParameters[version], 'versionBytes').value(10); + assert.rejects(() => mb.pack({}, version), Error); + }); + + it('covers internal error, incorrect version byte size, unpack', async function () { + this.slow(500); + const version = 1; + const encryptedResult = await mb.pack({}, version); + sinon.stub(mb.versionParameters[version], 'versionBytes').value(10); + assert.rejects(() => mb.unpack(encryptedResult), Error); }); }); // pack, unpack