mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-12-03 18:47:53 +00:00
Backed out changeset 7d55de92c194 (bug 1594931) for failing xpcshell at test_sdr_preexisting.js on a CLOSED TREE
--HG-- rename : security/manager/ssl/tests/unit/test_broken_fips/key4.db => security/manager/ssl/tests/unit/test_sdr_preexisting/key4.db
This commit is contained in:
parent
39d7eb39ed
commit
1adff31cb1
@ -45,6 +45,10 @@ ifdef MOZ_SYSTEM_NSS
|
||||
DEFINES += -DMOZ_SYSTEM_NSS=1
|
||||
endif
|
||||
|
||||
ifdef NSS_DISABLE_DBM
|
||||
DEFINES += -DNSS_DISABLE_DBM=1
|
||||
endif
|
||||
|
||||
ifdef MOZ_ARTIFACT_BUILDS
|
||||
DEFINES += -DMOZ_ARTIFACT_BUILDS=1
|
||||
endif
|
||||
|
@ -361,6 +361,9 @@ bin/libfreebl_64int_3.so
|
||||
#endif
|
||||
@BINPATH@/@DLL_PREFIX@nss3@DLL_SUFFIX@
|
||||
@BINPATH@/@DLL_PREFIX@nssckbi@DLL_SUFFIX@
|
||||
#ifndef NSS_DISABLE_DBM
|
||||
@BINPATH@/@DLL_PREFIX@nssdbm3@DLL_SUFFIX@
|
||||
#endif
|
||||
#ifndef MOZ_FOLD_LIBS
|
||||
@BINPATH@/@DLL_PREFIX@nssutil3@DLL_SUFFIX@
|
||||
@BINPATH@/@DLL_PREFIX@smime3@DLL_SUFFIX@
|
||||
|
@ -30,6 +30,10 @@ DEFINES += \
|
||||
-DANDROID_CPU_ARCH=$(ANDROID_CPU_ARCH) \
|
||||
$(NULL)
|
||||
|
||||
ifdef NSS_DISABLE_DBM
|
||||
DEFINES += -DNSS_DISABLE_DBM=1
|
||||
endif
|
||||
|
||||
ifdef MOZ_DEBUG
|
||||
DEFINES += -DMOZ_DEBUG=1
|
||||
endif
|
||||
|
@ -71,6 +71,12 @@
|
||||
@BINPATH@/@DLL_PREFIX@freebl3.chk
|
||||
@BINPATH@/@DLL_PREFIX@softokn3.chk
|
||||
#endif
|
||||
#ifndef NSS_DISABLE_DBM
|
||||
@BINPATH@/@DLL_PREFIX@nssdbm3@DLL_SUFFIX@
|
||||
#ifndef CROSS_COMPILE
|
||||
@BINPATH@/@DLL_PREFIX@nssdbm3.chk
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef MOZ_FOLD_LIBS
|
||||
@BINPATH@/@DLL_PREFIX@mozsqlite3@DLL_SUFFIX@
|
||||
|
BIN
modules/libmar/tests/unit/data/cert8.db
Normal file
BIN
modules/libmar/tests/unit/data/cert8.db
Normal file
Binary file not shown.
Binary file not shown.
BIN
modules/libmar/tests/unit/data/key3.db
Normal file
BIN
modules/libmar/tests/unit/data/key3.db
Normal file
Binary file not shown.
Binary file not shown.
BIN
modules/libmar/tests/unit/data/secmod.db
Normal file
BIN
modules/libmar/tests/unit/data/secmod.db
Normal file
Binary file not shown.
@ -470,6 +470,7 @@ class MacArtifactJob(ArtifactJob):
|
||||
'libmozglue.dylib',
|
||||
'libnss3.dylib',
|
||||
'libnssckbi.dylib',
|
||||
'libnssdbm3.dylib',
|
||||
'libplugin_child_interpose.dylib',
|
||||
# 'libreplace_jemalloc.dylib',
|
||||
# 'libreplace_malloc.dylib',
|
||||
|
@ -228,6 +228,9 @@ GeneratedFile('nsSTSPreloadList.h',
|
||||
script='../../../xpcom/ds/tools/make_dafsa.py',
|
||||
inputs=['nsSTSPreloadList.inc'])
|
||||
|
||||
if CONFIG['NSS_DISABLE_DBM']:
|
||||
DEFINES['NSS_DISABLE_DBM'] = '1'
|
||||
|
||||
DEFINES['SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES'] = 'True'
|
||||
DEFINES['NSS_ENABLE_ECC'] = 'True'
|
||||
|
||||
|
@ -8,19 +8,19 @@
|
||||
// Tests that if Firefox attempts and fails to load a PKCS#11 module DB that was
|
||||
// in FIPS mode, Firefox can still make use of keys in the key database.
|
||||
// secomd.db can be created via `certutil -N -d <dir>`. Putting it in FIPS mode
|
||||
// involves running `modutil -fips true -dbdir <dir>`. key4.db is from
|
||||
// test_sdr_preexisting/key4.db.
|
||||
// involves running `modutil -fips true -dbdir <dir>`. key3.db is from
|
||||
// test_sdr_preexisting/key3.db.
|
||||
|
||||
function run_test() {
|
||||
let profile = do_get_profile();
|
||||
|
||||
let keyDBName = "key4.db";
|
||||
let keyDBName = "key3.db";
|
||||
let keyDBFile = do_get_file(`test_broken_fips/${keyDBName}`);
|
||||
keyDBFile.copyTo(profile, keyDBName);
|
||||
|
||||
let pkcs11modDBName = "pkcs11.txt";
|
||||
let pkcs11modDBFile = do_get_file(`test_broken_fips/${pkcs11modDBName}`);
|
||||
pkcs11modDBFile.copyTo(profile, pkcs11modDBName);
|
||||
let secmodDBName = "secmod.db";
|
||||
let secmodDBFile = do_get_file(`test_broken_fips/${secmodDBName}`);
|
||||
secmodDBFile.copyTo(profile, secmodDBName);
|
||||
|
||||
let moduleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(
|
||||
Ci.nsIPKCS11ModuleDB
|
||||
@ -41,10 +41,7 @@ function run_test() {
|
||||
"decrypted ciphertext should match expected plaintext"
|
||||
);
|
||||
|
||||
let pkcs11modDBFileFIPS = do_get_profile();
|
||||
pkcs11modDBFileFIPS.append(`${pkcs11modDBName}.fips`);
|
||||
ok(
|
||||
pkcs11modDBFileFIPS.exists(),
|
||||
"backed-up PKCS#11 module db should now exist"
|
||||
);
|
||||
let secmodDBFileFIPS = do_get_profile();
|
||||
secmodDBFileFIPS.append(`${secmodDBName}.fips`);
|
||||
ok(secmodDBFileFIPS.exists(), "backed-up PKCS#11 module db should now exist");
|
||||
}
|
||||
|
BIN
security/manager/ssl/tests/unit/test_broken_fips/key3.db
Normal file
BIN
security/manager/ssl/tests/unit/test_broken_fips/key3.db
Normal file
Binary file not shown.
@ -1,5 +0,0 @@
|
||||
library=
|
||||
name=NSS Internal FIPS PKCS #11 Module
|
||||
parameters=configdir='.' certPrefix='' keyPrefix='' secmod='' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
|
||||
NSS=slotParams={0x00000003=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,SHA256,SHA512,Camellia,SEED,RANDOM ] } Flags=internal,FIPS,critical
|
||||
|
BIN
security/manager/ssl/tests/unit/test_broken_fips/secmod.db
Normal file
BIN
security/manager/ssl/tests/unit/test_broken_fips/secmod.db
Normal file
Binary file not shown.
@ -17,7 +17,9 @@
|
||||
// `certutil -d . -A -n "Let's Encrypt Authority X1" -t ,, -a \
|
||||
// -i LetsEncrypt.pem`
|
||||
//
|
||||
// This should create the cert9.db and key4.db files.
|
||||
// This should create cert8.db and key3.db files for use on non-Android
|
||||
// platforms. Perform the same steps with "sql:." as the argument to the "-d"
|
||||
// flag to create cert9.db and key4.db for use with Android.
|
||||
//
|
||||
// (The crucial property of the first certificate is that it is a built-in trust
|
||||
// anchor, so any replacement must also have this property. The second
|
||||
@ -75,8 +77,9 @@
|
||||
"use strict";
|
||||
|
||||
function run_test() {
|
||||
const certDBName = "cert9.db";
|
||||
const keyDBName = "key4.db";
|
||||
const isAndroid = AppConstants.platform == "android";
|
||||
const certDBName = isAndroid ? "cert9.db" : "cert8.db";
|
||||
const keyDBName = isAndroid ? "key4.db" : "key3.db";
|
||||
let profile = do_get_profile();
|
||||
let certDBFile = do_get_file(`test_cert_isBuiltInRoot_reload/${certDBName}`);
|
||||
certDBFile.copyTo(profile, certDBName);
|
||||
|
Binary file not shown.
Binary file not shown.
@ -9,11 +9,171 @@
|
||||
// a preexisting NSS key database. Creating the database is straight-forward:
|
||||
// simply run Firefox (or xpcshell) and encrypt something using
|
||||
// nsISecretDecoderRing (e.g. by saving a password or directly using the
|
||||
// interface). The resulting key4.db file (in the profile directory) now
|
||||
// interface). The resulting key3.db file (in the profile directory) now
|
||||
// contains the private key used to encrypt the data.
|
||||
// "Upgrading" a key3.db with certutil to use on Android appears not to work.
|
||||
// Because the keys have to be the same for this test to work the way it does,
|
||||
// the key from key3.db must be extracted and added to a new key4.db. This can
|
||||
// be done with NSS' PK11_* APIs like so (although note that the following code
|
||||
// is not guaranteed to compile or work, but is more of a guideline for how to
|
||||
// do this in the future if necessary):
|
||||
//
|
||||
// #include <stdio.h>
|
||||
//
|
||||
// #include "nss.h"
|
||||
// #include "pk11pub.h"
|
||||
// #include "prerror.h"
|
||||
// #include "secerr.h"
|
||||
//
|
||||
// void printPRError(const char* message) {
|
||||
// fprintf(stderr, "%s: %s\n", message, PR_ErrorToString(PR_GetError(), 0));
|
||||
// }
|
||||
//
|
||||
// int main(int argc, char* argv[]) {
|
||||
// if (NSS_Initialize(".", "", "", "", NSS_INIT_NOMODDB | NSS_INIT_NOROOTINIT)
|
||||
// != SECSuccess) {
|
||||
// printPRError("NSS_Initialize failed");
|
||||
// return 1;
|
||||
// }
|
||||
//
|
||||
// PK11SlotInfo* slot = PK11_GetInternalKeySlot();
|
||||
// if (!slot) {
|
||||
// printPRError("PK11_GetInternalKeySlot failed");
|
||||
// return 1;
|
||||
// }
|
||||
//
|
||||
// // Create a key to wrap the SDR key to export it.
|
||||
// unsigned char wrappingKeyIDBytes[] = { 0 };
|
||||
// SECItem wrappingKeyID = {
|
||||
// siBuffer,
|
||||
// wrappingKeyIDBytes,
|
||||
// sizeof(wrappingKeyIDBytes)
|
||||
// };
|
||||
// PK11SymKey* wrappingKey = PK11_TokenKeyGen(slot, CKM_DES3_CBC, 0, 0,
|
||||
// &wrappingKeyID, PR_FALSE, NULL);
|
||||
// if (!wrappingKey) {
|
||||
// printPRError("PK11_TokenKeyGen failed");
|
||||
// return 1;
|
||||
// }
|
||||
//
|
||||
// // This is the magic identifier NSS uses for the SDR key.
|
||||
// unsigned char sdrKeyIDBytes[] = {
|
||||
// 0xF8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
// 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
|
||||
// };
|
||||
// SECItem sdrKeyID = { siBuffer, sdrKeyIDBytes, sizeof(sdrKeyIDBytes) };
|
||||
// PK11SymKey* sdrKey = PK11_FindFixedKey(slot, CKM_DES3_CBC, &sdrKeyID,
|
||||
// NULL);
|
||||
// if (!sdrKey) {
|
||||
// printPRError("PK11_FindFixedKey failed");
|
||||
// return 1;
|
||||
// }
|
||||
//
|
||||
// // Wrap the SDR key.
|
||||
// unsigned char wrappedKeyBuf[1024];
|
||||
// SECItem wrapped = { siBuffer, wrappedKeyBuf, sizeof(wrappedKeyBuf) };
|
||||
// if (PK11_WrapSymKey(CKM_DES3_ECB, NULL, wrappingKey, sdrKey, &wrapped)
|
||||
// != SECSuccess) {
|
||||
// printPRError("PK11_WrapSymKey failed");
|
||||
// return 1;
|
||||
// }
|
||||
//
|
||||
// // Unwrap the SDR key (NSS considers the SDR key "sensitive" and so won't
|
||||
// // just export it as raw key material - we have to export it and then
|
||||
// // re-import it as non-sensitive to get that data.
|
||||
// PK11SymKey* unwrapped = PK11_UnwrapSymKey(wrappingKey, CKM_DES3_ECB, NULL,
|
||||
// &wrapped, CKM_DES3_CBC,
|
||||
// CKA_ENCRYPT, 0);
|
||||
// if (!unwrapped) {
|
||||
// printPRError("PK11_UnwrapSymKey failed");
|
||||
// return 1;
|
||||
// }
|
||||
// if (PK11_ExtractKeyValue(unwrapped) != SECSuccess) {
|
||||
// printPRError("PK11_ExtractKeyValue failed");
|
||||
// return 1;
|
||||
// }
|
||||
// SECItem* keyData = PK11_GetKeyData(unwrapped);
|
||||
// if (!keyData) {
|
||||
// printPRError("PK11_GetKeyData failed");
|
||||
// return 1;
|
||||
// }
|
||||
// for (int i = 0; i < keyData->len; i++) {
|
||||
// printf("0x%02hhx, ", keyData->data[i]);
|
||||
// }
|
||||
// printf("\n");
|
||||
//
|
||||
// PK11_FreeSymKey(unwrapped);
|
||||
// PK11_FreeSymKey(sdrKey);
|
||||
// PK11_FreeSymKey(wrappingKey);
|
||||
// PK11_FreeSlot(slot);
|
||||
//
|
||||
// if (NSS_Shutdown() != SECSuccess) {
|
||||
// printPRError("NSS_Shutdown failed");
|
||||
// return 1;
|
||||
// }
|
||||
// return 0;
|
||||
// }
|
||||
//
|
||||
// The output of compiling and running the above should be the bytes of the SDR
|
||||
// key. Given that, create a key4.db with an empty password using
|
||||
// `certutil -N -d sql:.` and then compile and run the following:
|
||||
//
|
||||
// #include <stdio.h>
|
||||
//
|
||||
// #include "nss.h"
|
||||
// #include "pk11pub.h"
|
||||
// #include "prerror.h"
|
||||
// #include "secerr.h"
|
||||
// #include "secmod.h"
|
||||
//
|
||||
// void printPRError(const char* message) {
|
||||
// fprintf(stderr, "%s: %s\n", message, PR_ErrorToString(PR_GetError(), 0));
|
||||
// }
|
||||
//
|
||||
// int main(int argc, char* argv[]) {
|
||||
// if (NSS_Initialize("sql:.", "", "", "",
|
||||
// NSS_INIT_NOMODDB | NSS_INIT_NOROOTINIT) != SECSuccess) {
|
||||
// printPRError("NSS_Initialize failed");
|
||||
// return 1;
|
||||
// }
|
||||
//
|
||||
// PK11SlotInfo* slot = PK11_GetInternalKeySlot();
|
||||
// if (!slot) {
|
||||
// printPRError("PK11_GetInternalKeySlot failed");
|
||||
// return 1;
|
||||
// }
|
||||
//
|
||||
// // These are the bytes of the SDR key from the previous step:
|
||||
// unsigned char keyBytes[] = {
|
||||
// 0x70, 0xab, 0xea, 0x1f, 0x8f, 0xe3, 0x4a, 0x7a, 0xb5, 0xb0, 0x43, 0xe5,
|
||||
// 0x51, 0x83, 0x86, 0xe5, 0xb3, 0x43, 0xa8, 0x1f, 0xc1, 0x57, 0x86, 0x46
|
||||
// };
|
||||
// SECItem keyItem = { siBuffer, keyBytes, sizeof(keyBytes) };
|
||||
// PK11SymKey* key = PK11_ImportSymKey(slot, CKM_DES3_CBC, PK11_OriginUnwrap,
|
||||
// CKA_ENCRYPT, &keyItem, NULL);
|
||||
// if (!key) {
|
||||
// printPRError("PK11_ImportSymKey failed");
|
||||
// return 1;
|
||||
// }
|
||||
//
|
||||
// PK11_FreeSymKey(key);
|
||||
// PK11_FreeSlot(slot);
|
||||
//
|
||||
// if (NSS_Shutdown() != SECSuccess) {
|
||||
// printPRError("NSS_Shutdown failed");
|
||||
// return 1;
|
||||
// }
|
||||
// return 0;
|
||||
// }
|
||||
//
|
||||
// This should create a key4.db file with the SDR key. (Note however that this
|
||||
// does not set the magic key ID for the SDR key. Currently this is not a
|
||||
// problem because the NSS implementation that backs the SDR simply tries all
|
||||
// applicable keys it has when decrypting, so this still works.)
|
||||
|
||||
function run_test() {
|
||||
const keyDBName = "key4.db";
|
||||
const isAndroid = AppConstants.platform == "android";
|
||||
const keyDBName = isAndroid ? "key4.db" : "key3.db";
|
||||
let profile = do_get_profile();
|
||||
let keyDBFile = do_get_file(`test_sdr_preexisting/${keyDBName}`);
|
||||
keyDBFile.copyTo(profile, keyDBName);
|
||||
|
BIN
security/manager/ssl/tests/unit/test_sdr_preexisting/key3.db
Normal file
BIN
security/manager/ssl/tests/unit/test_sdr_preexisting/key3.db
Normal file
Binary file not shown.
Binary file not shown.
@ -58,8 +58,8 @@ function run_test() {
|
||||
});
|
||||
|
||||
let profile = do_get_profile();
|
||||
let keyDBFile = do_get_file("test_sdr_preexisting_with_password/key4.db");
|
||||
keyDBFile.copyTo(profile, "key4.db");
|
||||
let keyDBFile = do_get_file("test_sdr_preexisting_with_password/key3.db");
|
||||
keyDBFile.copyTo(profile, "key3.db");
|
||||
|
||||
let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
|
||||
Ci.nsISecretDecoderRing
|
||||
|
Binary file not shown.
Binary file not shown.
@ -0,0 +1,149 @@
|
||||
// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
|
||||
// This Source Code Form is subject to the terms of the Mozilla Public
|
||||
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
"use strict";
|
||||
|
||||
// Tests that the SDR implementation is able to decrypt strings encrypted using
|
||||
// a preexisting NSS key database that a) has a password and b) has already been
|
||||
// upgraded from the old dbm format in a previous run of Firefox.
|
||||
// To create such a database, run the xpcshell test
|
||||
// `test_sdr_preexisting_with_password.js` and locate the file `key4.db` created
|
||||
// in the xpcshell test profile directory.
|
||||
// This does not apply to Android as the dbm implementation was never enabled on
|
||||
// that platform.
|
||||
|
||||
var gMockPrompter = {
|
||||
passwordToTry: "password",
|
||||
numPrompts: 0,
|
||||
|
||||
// This intentionally does not use arrow function syntax to avoid an issue
|
||||
// where in the context of the arrow function, |this != gMockPrompter| due to
|
||||
// how objects get wrapped when going across xpcom boundaries.
|
||||
promptPassword(dialogTitle, text, password, checkMsg, checkValue) {
|
||||
this.numPrompts++;
|
||||
if (this.numPrompts > 1) {
|
||||
// don't keep retrying a bad password
|
||||
return false;
|
||||
}
|
||||
equal(
|
||||
text,
|
||||
"Please enter your master password.",
|
||||
"password prompt text should be as expected"
|
||||
);
|
||||
equal(checkMsg, null, "checkMsg should be null");
|
||||
ok(this.passwordToTry, "passwordToTry should be non-null");
|
||||
password.value = this.passwordToTry;
|
||||
return true;
|
||||
},
|
||||
|
||||
QueryInterface: ChromeUtils.generateQI([Ci.nsIPrompt]),
|
||||
};
|
||||
|
||||
// Mock nsIWindowWatcher. PSM calls getNewPrompter on this to get an nsIPrompt
|
||||
// to call promptPassword. We return the mock one, above.
|
||||
var gWindowWatcher = {
|
||||
getNewPrompter: () => gMockPrompter,
|
||||
QueryInterface: ChromeUtils.generateQI([Ci.nsIWindowWatcher]),
|
||||
};
|
||||
|
||||
function run_test() {
|
||||
let windowWatcherCID = MockRegistrar.register(
|
||||
"@mozilla.org/embedcomp/window-watcher;1",
|
||||
gWindowWatcher
|
||||
);
|
||||
registerCleanupFunction(() => {
|
||||
MockRegistrar.unregister(windowWatcherCID);
|
||||
});
|
||||
|
||||
let profile = do_get_profile();
|
||||
let key3DBFile = do_get_file("test_sdr_upgraded_with_password/key3.db");
|
||||
key3DBFile.copyTo(profile, "key3.db");
|
||||
let key4DBFile = do_get_file("test_sdr_upgraded_with_password/key4.db");
|
||||
key4DBFile.copyTo(profile, "key4.db");
|
||||
// Unfortunately we have to also copy the certificate databases as well.
|
||||
// Otherwise, NSS will think it has to create them, which will cause NSS to
|
||||
// think it has to also do a migration, which will open key3.db and not close
|
||||
// it until shutdown, which means that on Windows removing the file just after
|
||||
// startup fails. Luckily users profiles will have both key and certificate
|
||||
// databases anyway, so this is an accurate reflection of normal use.
|
||||
let cert8DBFile = do_get_file("test_sdr_upgraded_with_password/cert8.db");
|
||||
cert8DBFile.copyTo(profile, "cert8.db");
|
||||
let cert9DBFile = do_get_file("test_sdr_upgraded_with_password/cert9.db");
|
||||
cert9DBFile.copyTo(profile, "cert9.db");
|
||||
|
||||
let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
|
||||
Ci.nsISecretDecoderRing
|
||||
);
|
||||
|
||||
let testcases = [
|
||||
// a full padding block
|
||||
{
|
||||
ciphertext:
|
||||
"MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECGeDHwVfyFqzBBAYvqMq/kDMsrARVNdC1C8d",
|
||||
plaintext: "password",
|
||||
},
|
||||
// 7 bytes of padding
|
||||
{
|
||||
ciphertext:
|
||||
"MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECCAzLDVmYG2/BAh3IoIsMmT8dQ==",
|
||||
plaintext: "a",
|
||||
},
|
||||
// 6 bytes of padding
|
||||
{
|
||||
ciphertext:
|
||||
"MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECPN8zlZzn8FdBAiu2acpT8UHsg==",
|
||||
plaintext: "bb",
|
||||
},
|
||||
// 1 byte of padding
|
||||
{
|
||||
ciphertext:
|
||||
"MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECD5px1eMKkJQBAgUPp35GlrDvQ==",
|
||||
plaintext: "!seven!",
|
||||
},
|
||||
// 2 bytes of padding
|
||||
{
|
||||
ciphertext:
|
||||
"MDIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECMh0hLtKDyUdBAixw9UZsMt+vA==",
|
||||
plaintext: "sixsix",
|
||||
},
|
||||
// long plaintext requiring more than two blocks
|
||||
{
|
||||
ciphertext:
|
||||
"MFoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECDRX1qi+/FX1BDATFIcIneQjvBuq3wdFxzllJt2VtUD69ACdOKAXH3eA87oHDvuHqOeCDwRy4UzoG5s=",
|
||||
plaintext: "thisismuchlongerandsotakesupmultipleblocks",
|
||||
},
|
||||
// this differs from the previous ciphertext by one bit and demonstrates
|
||||
// that this implementation does not enforce message integrity
|
||||
{
|
||||
ciphertext:
|
||||
"MFoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECDRX1qi+/FX1BDAbFIcIneQjvBuq3wdFxzllJt2VtUD69ACdOKAXH3eA87oHDvuHqOeCDwRy4UzoG5s=",
|
||||
plaintext: "nnLbuwLRkhlongerandsotakesupmultipleblocks",
|
||||
},
|
||||
];
|
||||
|
||||
for (let testcase of testcases) {
|
||||
let decrypted = sdr.decryptString(testcase.ciphertext);
|
||||
equal(
|
||||
decrypted,
|
||||
testcase.plaintext,
|
||||
"decrypted ciphertext should match expected plaintext"
|
||||
);
|
||||
}
|
||||
equal(
|
||||
gMockPrompter.numPrompts,
|
||||
1,
|
||||
"Should have been prompted for a password once"
|
||||
);
|
||||
|
||||
// NSS does not close the old database when performing an upgrade. Thus, on
|
||||
// Windows, we can't delete the old database file on the run that we perform
|
||||
// an upgrade. However, we can delete it on subsequent runs.
|
||||
let key3DBInProfile = do_get_profile();
|
||||
key3DBInProfile.append("key3.db");
|
||||
ok(
|
||||
!key3DBInProfile.exists(),
|
||||
"key3.db should not exist after running with key4.db with a password"
|
||||
);
|
||||
}
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -39,6 +39,7 @@ support-files =
|
||||
test_sanctions/**
|
||||
test_sdr_preexisting/**
|
||||
test_sdr_preexisting_with_password/**
|
||||
test_sdr_upgraded_with_password/**
|
||||
test_self_signed_certs/**
|
||||
test_signed_apps/**
|
||||
test_startcom_wosign/**
|
||||
@ -192,6 +193,9 @@ run-sequentially = hardcoded ports
|
||||
[test_sdr_preexisting_with_password.js]
|
||||
# Not relevant to Android. See the comment in the test.
|
||||
skip-if = toolkit == 'android'
|
||||
[test_sdr_upgraded_with_password.js]
|
||||
# Not relevant to Android. See the comment in the test.
|
||||
skip-if = toolkit == 'android'
|
||||
[test_self_signed_certs.js]
|
||||
[test_session_resumption.js]
|
||||
run-sequentially = hardcoded ports
|
||||
|
@ -83,7 +83,8 @@ gyp_vars['nss_public_dist_dir'] = '$PRODUCT_DIR/dist'
|
||||
gyp_vars['nss_dist_obj_dir'] = '$PRODUCT_DIR/dist/bin'
|
||||
# We don't currently build NSS tests.
|
||||
gyp_vars['disable_tests'] = 1
|
||||
gyp_vars['disable_dbm'] = 1
|
||||
if CONFIG['NSS_DISABLE_DBM']:
|
||||
gyp_vars['disable_dbm'] = 1
|
||||
gyp_vars['disable_libpkix'] = 1
|
||||
gyp_vars['enable_sslkeylogfile'] = 1
|
||||
# pkg-config won't reliably find zlib on our builders, so just force it.
|
||||
|
BIN
toolkit/components/passwordmgr/test/unit/data/key3.db
Normal file
BIN
toolkit/components/passwordmgr/test/unit/data/key3.db
Normal file
Binary file not shown.
@ -80,7 +80,8 @@ add_task(async function test_common_initialize() {
|
||||
// Before initializing the service for the first time, we should copy the key
|
||||
// file required to decrypt the logins contained in the SQLite databases used
|
||||
// by migration tests. This file is not required for the other tests.
|
||||
const keyDBName = "key4.db";
|
||||
const isAndroid = AppConstants.platform == "android";
|
||||
const keyDBName = isAndroid ? "key4.db" : "key3.db";
|
||||
await OS.File.copy(
|
||||
do_get_file(`data/${keyDBName}`).path,
|
||||
OS.Path.join(OS.Constants.Path.profileDir, keyDBName)
|
||||
|
@ -67,6 +67,9 @@ with Files('moz.*'):
|
||||
with Files('toolkit.mozbuild'):
|
||||
BUG_COMPONENT = ('Firefox Build System', 'General')
|
||||
|
||||
with Files('nss.configure'):
|
||||
BUG_COMPONENT = ('Firefox Build System', 'General')
|
||||
|
||||
with Files('library/**'):
|
||||
BUG_COMPONENT = ('Firefox Build System', 'General')
|
||||
|
||||
|
@ -815,6 +815,8 @@ option('--enable-ipdl-tests', help='Enable expensive IPDL tests')
|
||||
set_config('MOZ_IPDL_TESTS',
|
||||
depends_if('--enable-ipdl-tests')(lambda _: True))
|
||||
|
||||
include('nss.configure')
|
||||
|
||||
# Graphics
|
||||
# ==============================================================
|
||||
option('--disable-skia', help='Disable use of Skia')
|
||||
|
17
toolkit/nss.configure
Normal file
17
toolkit/nss.configure
Normal file
@ -0,0 +1,17 @@
|
||||
# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
|
||||
# vim: set filetype=python:
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
|
||||
# DBM support in NSS
|
||||
# ==============================================================
|
||||
@depends(build_project)
|
||||
def dbm_default(build_project):
|
||||
return build_project != 'mobile/android'
|
||||
|
||||
option('--enable-dbm', default=dbm_default,
|
||||
help='{Enable|Disable} building DBM')
|
||||
|
||||
set_config('NSS_DISABLE_DBM', depends('--enable-dbm')(lambda x: not x))
|
Loading…
Reference in New Issue
Block a user