From 3c603c72b4a5ae5a0a56569d2c9dc5479a6bc151 Mon Sep 17 00:00:00 2001
From: Matt Corallo <git@bluematt.me>
Date: Tue, 4 Mar 2014 21:31:15 -0400
Subject: [PATCH] Lots of updates post-test-cases

---
 js/helpers.js | 152 +++++++++++++++++++++++++++++++++------
 js/test.js    | 192 ++++++++++++++++++++++++++++++++++++++++++++++----
 2 files changed, 308 insertions(+), 36 deletions(-)

diff --git a/js/helpers.js b/js/helpers.js
index 6a85cfdd2..493658003 100644
--- a/js/helpers.js
+++ b/js/helpers.js
@@ -36,6 +36,43 @@ var taBytes = new Uint8Array(aBBytes);
   return aBBytes;
 }
 
+/* Base64 string to array encoding */
+
+function uint6ToB64 (nUint6) {
+
+  return nUint6 < 26 ?
+      nUint6 + 65
+    : nUint6 < 52 ?
+      nUint6 + 71
+    : nUint6 < 62 ?
+      nUint6 - 4
+    : nUint6 === 62 ?
+      43
+    : nUint6 === 63 ?
+      47
+    :
+      65;
+
+}
+
+function base64EncArr (aBytes) {
+
+  var nMod3, sB64Enc = "";
+
+  for (var nLen = aBytes.length, nUint24 = 0, nIdx = 0; nIdx < nLen; nIdx++) {
+    nMod3 = nIdx % 3;
+    //if (nIdx > 0 && (nIdx * 4 / 3) % 76 === 0) { sB64Enc += "\r\n"; }
+    nUint24 |= aBytes[nIdx] << (16 >>> nMod3 & 24);
+    if (nMod3 === 2 || aBytes.length - nIdx === 1) {
+      sB64Enc += String.fromCharCode(uint6ToB64(nUint24 >>> 18 & 63), uint6ToB64(nUint24 >>> 12 & 63), uint6ToB64(nUint24 >>> 6 & 63), uint6ToB64(nUint24 & 63));
+      nUint24 = 0;
+    }
+  }
+
+  return sB64Enc.replace(/A(?=A$|$)/g, "=");
+
+}
+
 /*********************************
  *** Type conversion utilities ***
  *********************************/
@@ -43,13 +80,55 @@ var taBytes = new Uint8Array(aBBytes);
 var StaticByteBufferProto = new dcodeIO.ByteBuffer().__proto__;
 var StaticArrayBufferProto = new ArrayBuffer().__proto__;
 function getString(thing) {
-	if (thing.__proto__ == StaticArrayBufferProto)
-		return String.fromCharCode.apply(null, thing);
-	if (thing != undefined && thing.__proto__ == StaticByteBufferProto)
-		return thing.toString("utf8");
+	if (thing === Object(thing) && thing.__proto__ == StaticArrayBufferProto)
+		return String.fromCharCode.apply(null, new Uint8Array(thing));
+	if (thing === Object(thing) && thing.__proto__ == StaticByteBufferProto)
+		return thing.toString("binary");
 	return thing;
 }
 
+function getStringable(thing) {
+	return (typeof thing == "string" || typeof thing == "number" ||
+			(thing === Object(thing) && thing.__proto__ == StaticArrayBufferProto) ||
+			(thing === Object(thing) && thing.__proto__ == StaticByteBufferProto));
+}
+
+function toArrayBuffer(thing) {
+	if (thing === undefined)
+		return undefined;
+	if (!getStringable(thing))
+		throw "Tried to convert a non-stringable thing of type " + typeof thing + " to an array buffer";
+	// This is usually very much overkill, but shorter code > efficient code here (crypto should dominate)
+	var str = getString(thing);
+	var res = new ArrayBuffer(str.length);
+	var uint = new Uint8Array(res);
+	for (var i = 0; i < str.length; i++)
+		uint[i] = str.charCodeAt(i);
+	return res;
+}
+
+function ensureStringed(thing) {
+	if (getStringable(thing))
+		return getString(thing);
+	else if (thing instanceof Array) {
+		var res = [];
+		for (var i = 0; i < thing.length; i++)
+			res[i] = ensureStringed(thing);
+		return res;
+	} else if (thing === Object(thing)) {
+		var res = {};
+		for (key in thing)
+			res[key] = ensureStringed(thing[key]);
+		return res;
+	}
+	throw "unsure of how to jsonify object of type " + typeof thing;
+
+}
+
+function jsonThing(thing) {
+	return JSON.stringify(ensureStringed(thing));
+}
+
 function getArrayBuffer(string) {
 	return base64DecToArr(btoa(string));
 }
@@ -134,7 +213,7 @@ storage.putEncrypted = function(key, value) {
 	//TODO
 	if (value === undefined)
 		throw "Tried to store undefined";
-	localStorage.setItem("e" + key, JSON.stringify(getString(value)));
+	localStorage.setItem("e" + key, jsonThing(value));
 }
 
 storage.getEncrypted = function(key, defaultValue) {
@@ -152,7 +231,7 @@ storage.removeEncrypted = function(key) {
 storage.putUnencrypted = function(key, value) {
 	if (value === undefined)
 		throw "Tried to store undefined";
-	localStorage.setItem("u" + key, JSON.stringify(getString(value)));
+	localStorage.setItem("u" + key, jsonThing(value));
 }
 
 storage.getUnencrypted = function(key, defaultValue) {
@@ -262,15 +341,32 @@ function moduleDidLoad() {
 }
 
 function handleMessage(message) {
-	console.log("Got message");
-	console.log(message);
 	naclMessageIdCallbackMap[message.data.call_id](message.data);
 }
 
 function postNaclMessage(message, callback) {
 	naclMessageIdCallbackMap[naclMessageNextId] = callback;
-	message.call_id = naclMessageNextId++;
-	common.naclModule.postMessage(message);
+	var pass = { command: message.command };
+	pass.call_id = naclMessageNextId++;
+	if (message["priv"] !== undefined) {
+		pass.priv = toArrayBuffer(message.priv);
+		if (pass.priv.byteLength != 32)
+			throw "Invalid NACL Message";
+	}
+	if (message["pub"] !== undefined) {
+		var pub = toArrayBuffer(message.pub);
+		var pubView = new Uint8Array(pub);
+		if (pub.byteLength == 33 && pubView[0] == 5) {
+			pass.pub = new ArrayBuffer(32);
+			var pubCopy = new Uint8Array(pass.pub);
+			for (var i = 0; i < 32; i++)
+				pubCopy[i] = pubView[i+1];
+		} else if (pub.byteLength == 32)
+			pass.pub = pub;
+		else
+			throw "Invalid NACL Message";
+	}
+	common.naclModule.postMessage(pass);
 }
 
 /*******************************************
@@ -291,10 +387,15 @@ function getRandomBytes(size) {
 
 (function(crypto, $, undefined) {
 	var createNewKeyPair = function(callback) {
-		//TODO
 		var privKey = getRandomBytes(32);
 		postNaclMessage({command: "bytesToPriv", priv: privKey}, function(message) {
 			postNaclMessage({command: "privToPub", priv: message.res}, function(message) {
+				var origPub = new Uint8Array(message.res);
+				var pub = new ArrayBuffer(33);
+				var pubWithPrefix = new Uint8Array(pub);
+				for (var i = 0; i < 32; i++)
+					pubWithPrefix[i+1] = origPub[i];
+				pubWithPrefix[0] = 5;
 				callback({ pubKey: message.res, privKey: privKey });
 			});
 		});
@@ -310,11 +411,14 @@ function getRandomBytes(size) {
 	}
 
 	crypto_storage.getStoredPubKey = function(keyName) {
-		return storage.getEncrypted("25519Key" + keyName, { pubKey: undefined }).pubKey;
+		return toArrayBuffer(storage.getEncrypted("25519Key" + keyName, { pubKey: undefined }).pubKey);
 	}
 
 	crypto_storage.getStoredKeyPair = function(keyName) {
-		return storage.getEncrypted("25519Key" + keyName);
+		var res = storage.getEncrypted("25519Key" + keyName);
+		if (res === undefined)
+			return undefined;
+		return { pubKey: toArrayBuffer(res.pubKey), privKey: toArrayBuffer(res.privKey) };
 	}
 
 	crypto_storage.getAndRemoveStoredKeyPair = function(keyName) {
@@ -408,7 +512,7 @@ function getRandomBytes(size) {
 	var initSessionFromPreKeyWhisperMessage = function(encodedNumber, message, callback) {
 		//TODO: Check remote identity key matches known-good key
 
-		var preKeyPair = crypto_storage.getAndRemovePreKeyPair(preKeyProto.preKeyId);
+		var preKeyPair = crypto_storage.getAndRemovePreKeyPair(message.preKeyId);
 		if (preKeyPair === undefined)
 			throw "Missing preKey for PreKeyWhisperMessage";
 
@@ -417,8 +521,8 @@ function getRandomBytes(size) {
 												lastRemoteEphemeralKey: message.baseKey },
 							oldRatchetList: []
 						};
-			session[preKeyPair.pubKey] = { messageKeys: {},  chainKey: { counter: 0, key: firstRatchet.chainKey } };
-			storage.saveSession(encodedNumber, session);
+			session[getString(preKeyPair.pubKey)] = { messageKeys: {},  chainKey: { counter: 0, key: firstRatchet.chainKey } };
+			crypto_storage.saveSession(encodedNumber, session);
 
 			callback();
 		});
@@ -436,15 +540,15 @@ function getRandomBytes(size) {
 	}
 
 	var maybeStepRatchet = function(session, remoteKey, previousCounter, callback) {
-		if (sesion[remoteKey] !== undefined) //TODO: null???
+		if (session[getString(remoteKey)] !== undefined) //TODO: null???
 			return;
 
 		var ratchet = session.currentRatchet;
 
-		var previousRatchet = session[ratchet.lastRemoteEphemeralKey];
+		var previousRatchet = session[getString(ratchet.lastRemoteEphemeralKey)];
 		fillMessageKeys(previousRatchet, previousCounter);
 		if (!objectContainsKeys(previousRatchet.messageKeys))
-			delete session[ratchet.lastRemoteEphemeralKey];
+			delete session[getString(ratchet.lastRemoteEphemeralKey)];
 		else
 			session.oldRatchetList[session.oldRatchetList.length] = { added: new Date().getTime(), ephemeralKey: ratchet.lastRemoteEphemeralKey };
 
@@ -452,14 +556,14 @@ function getRandomBytes(size) {
 
 		ECDHE(remoteKey, ratchet.ephemeralKeyPair.privKey, function(sharedSecret) {
 			var masterKey = HKDF(sharedSecret, ratchet.rootKey, "WhisperRatchet");
-			session[remoteKey] = { messageKeys: {}, chainKey: { counter: 0, key: masterKey.substring(32, 64) } };
+			session[getString(remoteKey)] = { messageKeys: {}, chainKey: { counter: 0, key: masterKey.substring(32, 64) } };
 
 			createNewKeyPair(function(keyPair) {
 				ratchet.ephemeralKeyPair = keyPair;
 
 				masterKey = HKDF(ECDHE(remoteKey, ratchet.ephemeralKeyPair.privKey), masterKey.substring(0, 32), "WhisperRatchet");
 				ratchet.rootKey = masterKey.substring(0, 32);
-				session[nextRatchet.ephemeralKeyPair.pubKey] = { messageKeys: {}, chainKey: { counter: 0, key: masterKey.substring(32, 64) } };
+				session[getString(nextRatchet.ephemeralKeyPair.pubKey)] = { messageKeys: {}, chainKey: { counter: 0, key: masterKey.substring(32, 64) } };
 
 				ratchet.lastRemoteEphemeralKey = remoteKey;
 				callback();
@@ -481,7 +585,7 @@ function getRandomBytes(size) {
 		if (session === undefined)
 			throw "No session currently open with " + encodedNumber;
 
-		if (messageBytes[0] != String.fromCharCode(1))
+		if (messageBytes[0] != String.fromCharCode((2 << 4) | 2))
 			throw "Bad version number on WhisperMessage";
 
 		var messageProto = messageBytes.substring(1, messageBytes.length - 8);
@@ -549,6 +653,8 @@ function getRandomBytes(size) {
 			decryptWhisperMessage(proto.source, getString(proto.message), function(result) { callback(result); });
 			break;
 		case 3: //TYPE_MESSAGE_PREKEY_BUNDLE
+			if (proto.message.readUint8() != (2 << 4 | 2))
+				throw "Bad version byte";
 			var preKeyProto = decodePreKeyWhisperMessageProtobuf(getString(proto.message));
 			initSessionFromPreKeyWhisperMessage(proto.source, preKeyProto, function() {
 				decryptWhisperMessage(proto.source, getString(preKeyProto.message), function(result) { callback(result); });
@@ -636,7 +742,7 @@ function doAjax(param) {
 	}
 	$.ajax(URL_BASE + URL_CALLS[param.call] + param.urlParameters, {
 		type: param.httpType,
-		data: JSON.stringify(param.jsonData),
+		data: jsonThing(param.jsonData),
 		contentType: 'application/json; charset=utf-8',
 		dataType: 'json',
 		beforeSend: function(xhr) {
diff --git a/js/test.js b/js/test.js
index 7c5165d63..7f3e1450a 100644
--- a/js/test.js
+++ b/js/test.js
@@ -1,22 +1,79 @@
 // Setup dumb test wrapper
 var testsdiv = $('#tests');
 var testsOutstanding = [];
-function TEST(func, name) {
+
+var exclusiveRunning = -1;
+var exclusiveTestsWaiting = [];
+
+var maxTestId = 0;
+
+function startNextExclusiveTest() {
+	for (var i = 0; i < maxTestId; i++) {
+		if (exclusiveTestsWaiting[i] !== undefined) {
+			exclusiveTestsWaiting[i]();
+			break;
+		}
+	}
+}
+
+function TEST(func, name, exclusive) {
+	if (exclusive == undefined)
+		exculsive = false;
+
 	var funcName = name === undefined ? func + "" : name;
-	var testIndex = testsOutstanding.length;
+	var testIndex = maxTestId;
+
+	var exclusiveIndex = -1;
+	if (exclusive && exclusiveRunning != -1)
+		exclusiveIndex = maxTestId;
+
+	maxTestId = maxTestId + 1;
+
 	function callback(result) {
-		if (result)
+		if (testsOutstanding[testIndex] == undefined)
+			testsdiv.append('<p style="color: red;">' + funcName + ' called back multiple times</p>');
+		else if (result)
 			testsdiv.append('<p style="color: green;">' + funcName + ' passed</p>');
 		else
 			testsdiv.append('<p style="color: red;">' + funcName + ' returned false</p>');
 		delete testsOutstanding[testIndex];
+
+		if (exclusive) {
+			exclusiveRunning = -1;
+			localStorage.clear();
+			if (exclusiveIndex != -1)
+				delete exclusiveTestsWaiting[exclusiveIndex];
+			startNextExclusiveTest();
+		}
 	}
-	try {
-		testsOutstanding[testIndex] = funcName;
-		func(callback);
-	} catch (e) {
+
+
+	var runFunc = function() {
+		if (exclusive) {
+			exclusiveRunning = testIndex;
+			localStorage.clear();
+		}
+
+		try {
+			testsOutstanding[testIndex] = funcName;
+			func(callback);
+		} catch (e) {
 			testsdiv.append('<p style="color: red;">' + funcName + ' threw ' + e + '</p>');
+		}
 	}
+
+	if (!exclusive || exclusiveRunning == -1)
+		runFunc();
+	else
+		exclusiveTestsWaiting[exclusiveIndex] = runFunc;
+}
+
+function hexToArrayBuffer(str) {
+	var ret = new ArrayBuffer(str.length / 2);
+	var array = new Uint8Array(ret);
+	for (var i = 0; i < str.length/2; i++)
+		array[i] = parseInt(str.substr(i*2, 2), 16);
+	return ret;
 }
 
 registerOnLoadFunction(function() {
@@ -27,6 +84,15 @@ registerOnLoadFunction(function() {
 	TEST(function(callback) { callback(objectContainsKeys({ a: undefined })); });
 	TEST(function(callback) { callback(objectContainsKeys({ a: null })); });
 
+	TEST(function(callback) {
+		var b = new ArrayBuffer(3);
+		var a = new Uint8Array(b);
+		a[0] = 0;
+		a[1] = 255;
+		a[2] = 128;
+		callback(getString(b) == "\x00\xff\x80");
+	}, "ArrayBuffer->String conversion");
+
 	// Basic sanity-checks on the crypto library
 	TEST(function(callback) {
 		var PushMessageProto = dcodeIO.ProtoBuf.loadProtoFile("protos/IncomingPushMessageSignal.proto").build("textsecure.PushMessageContent");
@@ -42,7 +108,7 @@ registerOnLoadFunction(function() {
 					message.attachments.length == text_message.attachments.length &&
 					text_message.attachments.length == 0);
 		});
-	}, 'Unencrypted PushMessageProto "decrypt"');
+	}, 'Unencrypted PushMessageProto "decrypt"', true);
 
 	TEST(function(callback) {
 		crypto.generateKeys(function() {
@@ -50,13 +116,113 @@ registerOnLoadFunction(function() {
 		});
 	}, "Test simple create key");
 
-	// TODO: Run through the test vectors for the axolotl ratchet
+	TEST(function(callback) {
+		// These are just some random curve25519 test vectors I found online
+		var alice_priv = hexToArrayBuffer("77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a");
+		var alice_pub  = hexToArrayBuffer("8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a");
+		var bob_priv   = hexToArrayBuffer("5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb");
+		var bob_pub    = hexToArrayBuffer("de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f");
+		var shared_sec = hexToArrayBuffer("4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742");
+
+		postNaclMessage({command: "bytesToPriv", priv: alice_priv}, function(message) {
+			var target = new Uint8Array(alice_priv.slice(0));
+			target[0] &= 248;
+			target[31] &= 127;
+			target[31] |= 64;
+			if (String.fromCharCode.apply(null, new Uint8Array(message.res)) != String.fromCharCode.apply(null, target))
+				callback(false);
+			var alice_calc_priv = message.res;
+
+			postNaclMessage({command: "bytesToPriv", priv: bob_priv}, function(message) {
+				var target = new Uint8Array(bob_priv.slice(0));
+				target[0] &= 248;
+				target[31] &= 127;
+				target[31] |= 64;
+				if (String.fromCharCode.apply(null, new Uint8Array(message.res)) != String.fromCharCode.apply(null, target))
+					callback(false);
+				var bob_calc_priv = message.res;
+
+				postNaclMessage({command: "privToPub", priv: alice_calc_priv}, function(message) {
+					if (String.fromCharCode.apply(null, new Uint16Array(message.res)) != String.fromCharCode.apply(null, new Uint16Array(alice_pub)))
+						callback(false);
+
+					postNaclMessage({command: "privToPub", priv: bob_calc_priv}, function(message) {
+						if (String.fromCharCode.apply(null, new Uint16Array(message.res)) != String.fromCharCode.apply(null, new Uint16Array(bob_pub)))
+							callback(false);
+
+						postNaclMessage({command: "ECDHE", priv: alice_calc_priv, pub: bob_pub}, function(message) {
+							if (String.fromCharCode.apply(null, new Uint16Array(message.res)) != String.fromCharCode.apply(null, new Uint16Array(shared_sec)))
+								callback(false);
+
+							postNaclMessage({command: "ECDHE", priv: bob_calc_priv, pub: alice_pub}, function(message) {
+								if (String.fromCharCode.apply(null, new Uint16Array(message.res)) != String.fromCharCode.apply(null, new Uint16Array(shared_sec)))
+									callback(false);
+								else
+									callback(true);
+							});
+						});
+					});
+				});
+			});
+		});
+	}, "Simple Curve25519 test vector");
 
-	window.setTimeout(function() {
-		for (var i = 0; i < testsOutstanding.length; i++)
-			if (testsOutstanding[i] !== undefined)
+	var axolotlTestVectors = {
+aliceIdentityPriv: hexToArrayBuffer("5087904a02ae0179650f03fc2936d8e34a2620f3b9949858d520617918f9e243"),
+aliceIdentityPub: hexToArrayBuffer("05a7aff211e3c2c0eb98f49be243a998c56bf68faa2e41ba28ac3d755f30418f0b"),
+bobIdentityPriv: hexToArrayBuffer("c840406d2f749b5e0529193f9b782acbc3b256d1bd425613e299ccc4c31cef4c"),
+bobIdentityPub: hexToArrayBuffer("05f48c076e6a9730fa430edcb1c36818197589ef5e41a5874fa90ce1d48c7e4b3e"),
+aliceLastResort: hexToArrayBuffer("f04babb890c02b64afddfbdc749c4412d48aebc9154de9542bd5430ad412b54f"),
+bobLastResort: hexToArrayBuffer("3857c27f00fb284e1841f42611c4919bb3a99ac45cb7696fbd37fbb5e63d8748"),
+alicePre0: hexToArrayBuffer("88e31d1796eaa4a2dd5da6515157904e921d0b578b4b5089c056e922ae6d2554"),
+alicePre1: hexToArrayBuffer("a8ad7da1d1bbdf2f5a4dd2ad801cb081a158c66e5c7346a1a8ba1d5c91ef3145"),
+bobPre0: hexToArrayBuffer("e0b3c8a483b0499404df078d82d4f13e47c0f201c1001602be422728043a0f43"),
+bobPre1: hexToArrayBuffer("f0b65e60a10652b4eb30705b048040d5a69b26640b9b5736ba187f909336df56"),
+aliceToBob: hexToArrayBuffer("08031205414c4943452203424f4228fd90aebfc62832860122080012210554a41389487db5b021f9bb7bfb3741cb4dd270e1a0b5a6c02e960c492eb5343c1a2105a7aff211e3c2c0eb98f49be243a998c56bf68faa2e41ba28ac3d755f30418f0b223b220a21056c2b1e63ad99214e72518331f30c69d7eb6b5c0cd8ba074ac2cf16252ca48f06100018012209b5ffc5e00bfd41f3a0e6619ee91abd5184"),
+plain: hexToArrayBuffer("0a07486920426f6221")
+	};
+
+	// Axolotl test vectors
+	TEST(function(callback) {
+		var v = axolotlTestVectors;
+		storage.putEncrypted("25519KeyidentityKey", { pubKey: v.aliceIdentityPub, privKey: v.aliceIdentityPriv });
+		callback(true);
+	}, "Axolotl test vectors as alice", true);
+
+	// Axolotl test vectors
+	TEST(function(callback) {
+		var v = axolotlTestVectors;
+		storage.putEncrypted("25519KeyidentityKey", { pubKey: v.bobIdentityPub, privKey: v.bobIdentityPriv });
+		postNaclMessage({command: "privToPub", priv: v.bobPre0}, function(message) {
+			storage.putEncrypted("25519KeypreKey0", { pubKey: message.res, privKey: v.bobPre0 });
+			postNaclMessage({command: "privToPub", priv: v.bobPre1}, function(message) {
+				storage.putEncrypted("25519KeypreKey1", { pubKey: message.res, privKey: v.bobPre1 });
+				postNaclMessage({command: "privToPub", priv: v.bobLastResort}, function(message) {
+					storage.putEncrypted("25519KeypreKey16777215", { pubKey: message.res, privKey: v.bobLastResort });
+					var b64 = base64EncArr(new Uint8Array(v.aliceToBob));
+					crypto.handleIncomingPushMessageProto(IncomingPushMessageProtobuf.decode(b64), function(decrypted_message) {
+						callback(decrypted_message == "Hi, Bob!");
+					});
+				});
+			});
+		});
+	}, "Axolotl test vectors as bob", true);
+
+
+	window.setInterval(function() {
+		for (var i = 0; i < maxTestId; i++) {
+			if (testsOutstanding[i] !== undefined) {
 				testsdiv.append('<p style="color: red;">' + testsOutstanding[i] + ' timed out</p>');
+				if (exclusiveRunning == i) {
+					testsdiv.append('<p style="color: red;">WARNING: exclusive test left running, further results may be unreliable.</p>');
+					delete exclusiveTestsWaiting[i];
+				}
+			}
+			delete testsOutstanding[i];
+		}
+
+		startNextExclusiveTest();
 
 		localStorage.clear();
-	}, 1000);
+	}, 250);
 });