nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
fune/security/manager/ssl/tests/unit/test_broken_fips.js
Victor Porof 858f3b554b Bug 1561435 - Format security/, a=automatic-formatting 
# ignore-this-changeset

Differential Revision: https://phabricator.services.mozilla.com/D35928

--HG--
extra : source : 4e926f91b17c2b13cdaf13e017629286275dbc00
2019-07-05 10:57:28 +02:00

47 lines
1.6 KiB
JavaScript
Raw Blame History

// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
"use strict";
// Tests that if Firefox attempts and fails to load a PKCS#11 module DB that was
// in FIPS mode, Firefox can still make use of keys in the key database.
// secomd.db can be created via `certutil -N -d <dir>`. Putting it in FIPS mode
// involves running `modutil -fips true -dbdir <dir>`. key3.db is from
// test_sdr_preexisting/key3.db.
function run_test() {
let profile = do_get_profile();
let keyDBName = "key3.db";
let keyDBFile = do_get_file(`test_broken_fips/${keyDBName}`);
keyDBFile.copyTo(profile, keyDBName);
let secmodDBName = "secmod.db";
let secmodDBFile = do_get_file(`test_broken_fips/${secmodDBName}`);
secmodDBFile.copyTo(profile, secmodDBName);
let moduleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(
Ci.nsIPKCS11ModuleDB
);
ok(!moduleDB.isFIPSEnabled, "FIPS should not be enabled");
let sdr = Cc["@mozilla.org/security/sdr;1"].getService(
Ci.nsISecretDecoderRing
);
const encrypted =
"MDoEEPgAAAAAAAAAAAAAAAAAAAEwFAYIKoZIhvcNAwcECGeDHwVfyFqzBBAYvqMq/kDMsrARVNdC1C8d";
const expectedResult = "password";
let decrypted = sdr.decryptString(encrypted);
equal(
decrypted,
expectedResult,
"decrypted ciphertext should match expected plaintext"
);
let secmodDBFileFIPS = do_get_profile();
secmodDBFileFIPS.append(`${secmodDBName}.fips`);
ok(secmodDBFileFIPS.exists(), "backed-up PKCS#11 module db should now exist");
}
View git blame Copy permalink