2022-09-05 16:57:11 -04:00
|
|
|
import assert from "assert";
|
2022-10-01 01:34:06 -04:00
|
|
|
import { lock, computeHmac, keccak256, ripemd160, sha256, sha512, pbkdf2, scrypt, scryptSync, randomBytes } from "../index.js";
|
2022-09-05 16:57:11 -04:00
|
|
|
describe("test registration", function () {
|
|
|
|
let hijack = "";
|
|
|
|
function getHijack(algo) {
|
|
|
|
return function (...args) {
|
|
|
|
hijack = `hijacked ${algo}: ${JSON.stringify(args)}`;
|
|
|
|
return "0x42";
|
|
|
|
};
|
|
|
|
}
|
|
|
|
const tests = [
|
|
|
|
{
|
|
|
|
name: "keccak256",
|
|
|
|
params: ["0x"],
|
|
|
|
hijackTag: 'hijacked keccak256: [{}]',
|
|
|
|
algorithm: keccak256
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "sha256",
|
|
|
|
params: ["0x"],
|
|
|
|
hijackTag: 'hijacked sha256: [{}]',
|
|
|
|
algorithm: sha256
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "sha512",
|
|
|
|
params: ["0x"],
|
|
|
|
hijackTag: 'hijacked sha512: [{}]',
|
|
|
|
algorithm: sha512
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "ripemd160",
|
|
|
|
params: ["0x"],
|
|
|
|
hijackTag: 'hijacked ripemd160: [{}]',
|
|
|
|
algorithm: ripemd160
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "pbkdf2",
|
|
|
|
params: ["0x", "0x", 1024, 32, "sha256"],
|
|
|
|
hijackTag: 'hijacked pbkdf2: [{},{},1024,32,"sha256"]',
|
|
|
|
algorithm: pbkdf2
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "scryptSync",
|
|
|
|
params: ["0x", "0x", 1024, 8, 1, 32],
|
|
|
|
hijackTag: 'hijacked scryptSync: [{},{},1024,8,1,32]',
|
|
|
|
algorithm: scryptSync
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "scrypt",
|
|
|
|
params: ["0x", "0x", 1024, 8, 1, 32],
|
|
|
|
hijackTag: 'hijacked scrypt: [{},{},1024,8,1,32,null]',
|
|
|
|
algorithm: scrypt
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "computeHmac",
|
|
|
|
params: ["sha256", "0x", "0x"],
|
|
|
|
hijackTag: 'hijacked computeHmac: ["sha256",{},{}]',
|
|
|
|
algorithm: computeHmac
|
|
|
|
},
|
2022-10-01 01:34:06 -04:00
|
|
|
{
|
|
|
|
name: "randomBytes",
|
|
|
|
params: [32],
|
|
|
|
hijackTag: "hijacked randomBytes: [32]",
|
|
|
|
algorithm: randomBytes,
|
|
|
|
postCheck: (value) => {
|
|
|
|
return (value instanceof Uint8Array && value.length === 32);
|
|
|
|
}
|
|
|
|
}
|
2022-09-05 16:57:11 -04:00
|
|
|
];
|
2022-10-01 01:34:06 -04:00
|
|
|
tests.forEach(({ name, params, hijackTag, algorithm, postCheck }) => {
|
2022-09-05 16:57:11 -04:00
|
|
|
it(`swaps in hijacked callback: ${name}`, async function () {
|
|
|
|
const initial = await algorithm(...params);
|
|
|
|
algorithm.register(getHijack(name));
|
|
|
|
assert.equal(await algorithm(...params), "0x42");
|
|
|
|
assert.equal(hijack, hijackTag);
|
|
|
|
algorithm.register(algorithm._);
|
2022-10-01 01:34:06 -04:00
|
|
|
if (postCheck) {
|
|
|
|
assert.ok(postCheck(await algorithm(...params)));
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
assert.equal(await algorithm(...params), initial);
|
|
|
|
}
|
2022-09-05 16:57:11 -04:00
|
|
|
});
|
|
|
|
});
|
|
|
|
it("prevents swapping after locked", function () {
|
|
|
|
lock();
|
|
|
|
tests.forEach(({ name, params, hijackTag, algorithm }) => {
|
|
|
|
assert.throws(function () {
|
|
|
|
algorithm.register(getHijack("test"));
|
|
|
|
}, function (error) {
|
|
|
|
return (error.message === `${name} is locked`);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
//# sourceMappingURL=test-crypto-algoswap.js.map
|