'use strict';
describe("SignalProtocolStore", function() {
before(function(done) {
storage.put('registrationId', 1337);
storage.put('identityKey', identityKey);
storage.fetch().then(done, done);
});
var store = textsecure.storage.protocol;
var identifier = '+5558675309';
var identityKey = {
pubKey: libsignal.crypto.getRandomBytes(33),
privKey: libsignal.crypto.getRandomBytes(32),
};
var testKey = {
pubKey: libsignal.crypto.getRandomBytes(33),
privKey: libsignal.crypto.getRandomBytes(32),
};
describe('getLocalRegistrationId', function() {
it('retrieves my registration id', function(done) {
store.getLocalRegistrationId().then(function(reg) {
assert.strictEqual(reg, 1337);
}).then(done, done);
});
});
describe('getIdentityKeyPair', function() {
it('retrieves my identity key', function(done) {
store.getIdentityKeyPair().then(function(key) {
assertEqualArrayBuffers(key.pubKey, identityKey.pubKey);
assertEqualArrayBuffers(key.privKey, identityKey.privKey);
}).then(done,done);
});
});
var IdentityKeyRecord = Backbone.Model.extend({
database: Whisper.Database,
storeName: 'identityKeys'
});
describe('saveIdentity', function() {
var record = new IdentityKeyRecord({id: identifier});
var address = new libsignal.SignalProtocolAddress(identifier, 1);
it('stores identity keys', function(done) {
store.saveIdentity(address.toString(), testKey.pubKey).then(function() {
return store.loadIdentityKey(identifier).then(function(key) {
assertEqualArrayBuffers(key, testKey.pubKey);
});
}).then(done,done);
});
it('allows key changes', function(done) {
var newIdentity = libsignal.crypto.getRandomBytes(33);
store.saveIdentity(address.toString(), testKey.pubKey).then(function() {
store.saveIdentity(address.toString(), newIdentity).then(function() {
done();
});
}).catch(done);
});
describe('When there is no existing key (first use)', function() {
before(function(done) {
store.removeIdentityKey(identifier).then(function() {
store.saveIdentity(address.toString(), testKey.pubKey).then(function() {
record.fetch().then(function() { done(); });
});
});
});
it('marks the key firstUse', function() {
assert(record.get('firstUse'));
});
it('sets the timestamp', function() {
assert(record.get('timestamp'));
});
it('sets the verified status to DEFAULT', function() {
assert.strictEqual(record.get('verified'), store.VerifiedStatus.DEFAULT);
});
});
describe('When there is a different existing key (non first use)', function() {
var newIdentity = libsignal.crypto.getRandomBytes(33);
var oldTimestamp = Date.now();
before(function(done) {
record.save({
publicKey : testKey.pubKey,
firstUse : true,
timestamp : oldTimestamp,
nonblockingApproval : false,
verified : store.VerifiedStatus.DEFAULT
}).then(function() {
store.saveIdentity(address.toString(), newIdentity).then(function() {
record.fetch().then(function() { done(); });
});
});
});
it('marks the key not firstUse', function() {
assert(!record.get('firstUse'));
});
it('updates the timestamp', function() {
assert.notEqual(record.get('timestamp'), oldTimestamp);
});
describe('The previous verified status was DEFAULT', function() {
before(function(done) {
record.save({
publicKey : testKey.pubKey,
firstUse : true,
timestamp : oldTimestamp,
nonblockingApproval : false,
verified : store.VerifiedStatus.DEFAULT
}).then(function() {
store.saveIdentity(address.toString(), newIdentity).then(function() {
record.fetch().then(function() { done(); });
});
});
});
it('sets the new key to unverified', function() {
assert.strictEqual(record.get('verified'), store.VerifiedStatus.DEFAULT);
});
});
describe('The previous verified status was VERIFIED', function() {
before(function(done) {
record.save({
publicKey : testKey.pubKey,
firstUse : true,
timestamp : oldTimestamp,
nonblockingApproval : false,
verified : store.VerifiedStatus.VERIFIED
}).then(function() {
store.saveIdentity(address.toString(), newIdentity).then(function() {
record.fetch().then(function() { done(); });
});
});
});
it('sets the new key to unverified', function() {
assert.strictEqual(record.get('verified'), store.VerifiedStatus.UNVERIFIED);
});
});
describe('The previous verified status was UNVERIFIED', function() {
before(function(done) {
record.save({
publicKey : testKey.pubKey,
firstUse : true,
timestamp : oldTimestamp,
nonblockingApproval : false,
verified : store.VerifiedStatus.UNVERIFIED
}).then(function() {
store.saveIdentity(address.toString(), newIdentity).then(function() {
record.fetch().then(function() { done(); });
});
});
});
it('sets the new key to unverified', function() {
assert.strictEqual(record.get('verified'), store.VerifiedStatus.UNVERIFIED);
});
});
});
describe('When the key has not changed', function() {
var oldTimestamp = Date.now();
before(function(done) {
record.save({
publicKey : testKey.pubKey,
timestamp : oldTimestamp,
nonblockingApproval : false,
verified : store.VerifiedStatus.DEFAULT
}).then(function() { done(); });
});
describe('If it is marked firstUse', function() {
before(function(done) {
record.save({ firstUse: true }).then(function() { done(); });
});
it('nothing changes', function(done) {
store.saveIdentity(address.toString(), testKey.pubKey, true).then(function() {
record.fetch().then(function() {
assert(!record.get('nonblockingApproval'));
assert.strictEqual(record.get('timestamp'), oldTimestamp);
done();
});
});
});
});
describe('If it is not marked firstUse', function() {
before(function(done) {
record.save({ firstUse: false }).then(function() { done(); });
});
describe('If nonblocking approval is required', function() {
var now = Date.now();
before(function(done) {
record.save({ timestamp: now }).then(function() { done(); });
});
it('sets non-blocking approval', function(done) {
store.saveIdentity(address.toString(), testKey.pubKey, true).then(function() {
record.fetch().then(function() {
assert.strictEqual(record.get('nonblockingApproval'), true);
assert.strictEqual(record.get('timestamp'), now);
assert.strictEqual(record.get('firstUse'), false);
done();
});
});
});
});
});
});
});
describe('saveIdentityWithAttributes', function() {
var now = Date.now();
var record = new IdentityKeyRecord({id: identifier});
var validAttributes = {
publicKey : testKey.pubKey,
firstUse : true,
timestamp : now,
verified : store.VerifiedStatus.VERIFIED,
nonblockingApproval : false
};
before(function(done) {
store.removeIdentityKey(identifier).then(function() { done(); });
});
describe('with valid attributes', function() {
before(function(done) {
store.saveIdentityWithAttributes(identifier, validAttributes).then(function() {
return new Promise(function(resolve) {
record.fetch().then(resolve);
});
}).then(done, done);
});
it('publicKey is saved', function() {
assertEqualArrayBuffers(record.get('publicKey'), testKey.pubKey);
});
it('firstUse is saved', function() {
assert.strictEqual(record.get('firstUse'), true);
});
it('timestamp is saved', function() {
assert.strictEqual(record.get('timestamp'), now);
});
it('verified is saved', function() {
assert.strictEqual(record.get('verified'), store.VerifiedStatus.VERIFIED);
});
it('nonblockingApproval is saved', function() {
assert.strictEqual(record.get('nonblockingApproval'), false);
});
});
describe('with invalid attributes', function() {
var attributes;
beforeEach(function() {
attributes = _.clone(validAttributes);
});
function testInvalidAttributes(done) {
store.saveIdentityWithAttributes(identifier, attributes).then(function() {
done(new Error("saveIdentityWithAttributes should have failed"));
}, function() {
done(); // good. we expect to fail with invalid attributes.
});
}
it('rejects an invalid publicKey', function(done) {
attributes.publicKey = 'a string';
testInvalidAttributes(done);
});
it('rejects invalid firstUse', function(done) {
attributes.firstUse = 0;
testInvalidAttributes(done);
});
it('rejects invalid timestamp', function(done) {
attributes.timestamp = NaN;
testInvalidAttributes(done);
});
it('rejects invalid verified', function(done) {
attributes.verified = null;
testInvalidAttributes(done);
});
it('rejects invalid nonblockingApproval', function(done) {
attributes.nonblockingApproval = 0;
testInvalidAttributes(done);
});
});
});
describe('setApproval', function() {
var record = new IdentityKeyRecord({id: identifier});
function fetchRecord() {
return new Promise(function(resolve) {
record.fetch().then(resolve);
});
}
it ('sets nonblockingApproval', function(done) {
store.setApproval(identifier, true).then(fetchRecord).then(function() {
assert.strictEqual(record.get('nonblockingApproval'), true);
}).then(done, done);
});
});
describe('setVerified', function() {
var record;
function saveRecordDefault() {
record = new IdentityKeyRecord({
id : identifier,
publicKey : testKey.pubKey,
firstUse : true,
timestamp : Date.now(),
verified : store.VerifiedStatus.DEFAULT,
nonblockingApproval : false
});
return new Promise(function(resolve, reject) {
record.save().then(resolve, reject);
});
}
function fetchRecord() {
return new Promise(function(resolve, reject) {
record.fetch().then(resolve, reject);
});
}
describe('with no public key argument', function() {
before(saveRecordDefault);
it ('updates the verified status', function() {
return store.setVerified(
identifier, store.VerifiedStatus.VERIFIED
).then(fetchRecord).then(function() {
assert.strictEqual(record.get('verified'), store.VerifiedStatus.VERIFIED);
assertEqualArrayBuffers(record.get('publicKey'), testKey.pubKey);
});
});
});
describe('with the current public key', function() {
before(saveRecordDefault);
it ('updates the verified status', function() {
return store.setVerified(
identifier, store.VerifiedStatus.VERIFIED, testKey.pubKey
).then(fetchRecord).then(function() {
assert.strictEqual(record.get('verified'), store.VerifiedStatus.VERIFIED);
assertEqualArrayBuffers(record.get('publicKey'), testKey.pubKey);
});
});
});
describe('with a mismatching public key', function() {
var newIdentity = libsignal.crypto.getRandomBytes(33);
before(saveRecordDefault);
it ('does not change the record.', function() {
return store.setVerified(
identifier, store.VerifiedStatus.VERIFIED, newIdentity
).then(fetchRecord).then(function() {
assert.strictEqual(record.get('verified'), store.VerifiedStatus.DEFAULT);
assertEqualArrayBuffers(record.get('publicKey'), testKey.pubKey);
});
});
});
});
describe('processVerifiedMessage', function() {
var record;
var newIdentity = libsignal.crypto.getRandomBytes(33);
function fetchRecord() {
return new Promise(function(resolve, reject) {
record.fetch().then(resolve, reject);
});
}
describe('when the new verified status is DEFAULT', function() {
describe('when there is no existing record', function() {
var keychangeTriggered;
before(function() {
keychangeTriggered = 0;
store.bind('keychange', function() {
keychangeTriggered++;
});
record = new IdentityKeyRecord({ id: identifier });
return new Promise(function(resolve, reject) {
record.destroy().then(resolve, reject);
});
});
after(function() {
store.unbind('keychange');
});
it ('does nothing', function() {
return store.processVerifiedMessage(
identifier, store.VerifiedStatus.DEFAULT, newIdentity
).then(fetchRecord).then(function() {
// fetchRecord resolved so there is a record.
// Bad.
throw new Error("processVerifiedMessage should not save new records");
}, function() {
assert.strictEqual(keychangeTriggered, 0);
return;
});
});
});
describe('when the record exists and is not DEFAULT and the key matches', function() {
var keychangeTriggered;
before(function() {
keychangeTriggered = 0;
store.bind('keychange', function() {
keychangeTriggered++;
});
record = new IdentityKeyRecord({
id : identifier,
publicKey : testKey.pubKey,
firstUse : true,
timestamp : Date.now(),
verified : store.VerifiedStatus.VERIFIED,
nonblockingApproval : false
});
return new Promise(function(resolve, reject) {
record.save().then(resolve, reject);
});
});
after(function() {
store.unbind('keychange');
});
it ('updates the verified status', function() {
return store.processVerifiedMessage(
identifier, store.VerifiedStatus.DEFAULT, testKey.pubKey
).then(fetchRecord).then(function() {
assert.strictEqual(record.get('verified'), store.VerifiedStatus.DEFAULT);
assertEqualArrayBuffers(record.get('publicKey'), testKey.pubKey);
assert.strictEqual(keychangeTriggered, 0);
});
});
});
});
describe('when the new verified status is VERIFIED', function() {
describe('when there is no existing record', function() {
var keychangeTriggered;
before(function() {
keychangeTriggered = 0;
store.bind('keychange', function() {
keychangeTriggered++;
});
record = new IdentityKeyRecord({ id: identifier });
return new Promise(function(resolve, reject) {
record.destroy().then(resolve, reject);
});
});
after(function() {
store.unbind('keychange');
});
it ('saves the new identity and marks it verified', function() {
return store.processVerifiedMessage(
identifier, store.VerifiedStatus.VERIFIED, newIdentity
).then(fetchRecord).then(function() {
assert.strictEqual(record.get('verified'), store.VerifiedStatus.VERIFIED);
assertEqualArrayBuffers(record.get('publicKey'), newIdentity);
assert.strictEqual(keychangeTriggered, 1);
});
});
});
describe('when the record exists', function() {
describe('when the existing key is different', function() {
var keychangeTriggered;
before(function() {
keychangeTriggered = 0;
store.bind('keychange', function() {
keychangeTriggered++;
});
record = new IdentityKeyRecord({
id : identifier,
publicKey : testKey.pubKey,
firstUse : true,
timestamp : Date.now(),
verified : store.VerifiedStatus.VERIFIED,
nonblockingApproval : false
});
return new Promise(function(resolve, reject) {
record.save().then(resolve, reject);
});
});
after(function() {
store.unbind('keychange');
});
it ('saves the new identity and marks it verified', function() {
return store.processVerifiedMessage(
identifier, store.VerifiedStatus.VERIFIED, newIdentity
).then(fetchRecord).then(function() {
assert.strictEqual(record.get('verified'), store.VerifiedStatus.VERIFIED);
assertEqualArrayBuffers(record.get('publicKey'), newIdentity);
assert.strictEqual(keychangeTriggered, 1);
});
});
});
describe('when the existing key is the same and not verified', function() {
var keychangeTriggered;
before(function() {
keychangeTriggered = 0;
store.bind('keychange', function() {
keychangeTriggered++;
});
record = new IdentityKeyRecord({
id : identifier,
publicKey : testKey.pubKey,
firstUse : true,
timestamp : Date.now(),
verified : store.VerifiedStatus.UNVERIFIED,
nonblockingApproval : false
});
return new Promise(function(resolve, reject) {
record.save().then(resolve, reject);
});
});
after(function() {
store.unbind('keychange');
});
it ('saves the identity and marks it verified', function() {
return store.processVerifiedMessage(
identifier, store.VerifiedStatus.VERIFIED, testKey.pubKey
).then(fetchRecord).then(function() {
assert.strictEqual(record.get('verified'), store.VerifiedStatus.VERIFIED);
assertEqualArrayBuffers(record.get('publicKey'), testKey.pubKey);
assert.strictEqual(keychangeTriggered, 0);
});
});
});
});
});
});
describe('getVerified', function() {
before(function(done) {
store.setVerified(identifier, store.VerifiedStatus.VERIFIED).then(done, done);
});
it ('resolves to the verified status', function(done) {
store.getVerified(identifier).then(function(result) {
assert.strictEqual(result, store.VerifiedStatus.VERIFIED);
}).then(done, done);
});
});
describe('isTrustedIdentity', function() {
var address = new libsignal.SignalProtocolAddress(identifier, 1);
describe('When invalid direction is given', function(done) {
it('should fail', function(done) {
store.isTrustedIdentity(identifier, testKey.pubKey).then(function() {
done(new Error('isTrustedIdentity should have failed'));
}).catch(function(e) {
done();
});
});
});
describe('When direction is RECEIVING', function() {
it('always returns true', function(done) {
var newIdentity = libsignal.crypto.getRandomBytes(33);
store.saveIdentity(address.toString(), testKey.pubKey).then(function() {
store.isTrustedIdentity(identifier, newIdentity, store.Direction.RECEIVING).then(function(trusted) {
if (trusted) {
done();
} else {
done(new Error('isTrusted returned false when receiving'));
}
}).catch(done);
});
});
});
describe('When direction is SENDING', function() {
describe('When there is no existing key (first use)', function() {
before(function(done) {
store.removeIdentityKey(identifier).then(function() {
done();
});
});
it('returns true', function(done) {
var newIdentity = libsignal.crypto.getRandomBytes(33);
store.isTrustedIdentity(identifier, newIdentity, store.Direction.SENDING).then(function(trusted) {
if (trusted) {
done();
} else {
done(new Error('isTrusted returned false on first use'));
}
}).catch(done);
});
});
describe('When there is an existing key', function() {
before(function(done) {
store.saveIdentity(address.toString(), testKey.pubKey).then(function() {
done();
});
});
describe('When the existing key is different', function() {
it('returns false', function(done) {
var newIdentity = libsignal.crypto.getRandomBytes(33);
store.isTrustedIdentity(identifier, newIdentity, store.Direction.SENDING).then(function(trusted) {
if (trusted) {
done(new Error('isTrusted returned true on untrusted key'));
} else {
done();
}
}).catch(done);
});
});
describe('When the existing key matches the new key', function() {
var newIdentity = libsignal.crypto.getRandomBytes(33);
before(function(done) {
store.saveIdentity(address.toString(), newIdentity).then(function() {
done();
});
});
it('returns false if blocking approval is required', function(done) {
storage.put('safety-numbers-approval', true);
store.isTrustedIdentity(identifier, newIdentity, store.Direction.SENDING).then(function(trusted) {
if (trusted) {
done(new Error('isTrusted returned true on untrusted key'));
} else {
done();
}
}).catch(done);
});
it('returns false if keys match but nonblocking approval is required', function(done) {
storage.put('safety-numbers-approval', false);
store.isTrustedIdentity(identifier, newIdentity, store.Direction.SENDING).then(function(trusted) {
if (trusted) {
done(new Error('isTrusted returned true on untrusted key'));
} else {
done();
}
}).catch(done);
});
it('returns true if neither blocking nor nonblocking approval is required', function(done) {
storage.put('safety-numbers-approval', false);
store.saveIdentity(address.toString(), newIdentity, true).then(function() {
store.isTrustedIdentity(identifier, newIdentity, store.Direction.SENDING).then(function(trusted) {
if (trusted) {
done();
} else {
done(new Error('isTrusted returned false on an approved key'));
}
}).catch(done);
});
});
});
});
});
});
describe('storePreKey', function() {
it('stores prekeys', function(done) {
store.storePreKey(1, testKey).then(function() {
return store.loadPreKey(1).then(function(key) {
assertEqualArrayBuffers(key.pubKey, testKey.pubKey);
assertEqualArrayBuffers(key.privKey, testKey.privKey);
});
}).then(done,done);
});
});
describe('removePreKey', function() {
before(function(done) {
store.storePreKey(2, testKey).then(done);
});
it('deletes prekeys', function(done) {
store.removePreKey(2, testKey).then(function() {
return store.loadPreKey(2).then(function(key) {
assert.isUndefined(key);
});
}).then(done,done);
});
});
describe('storeSignedPreKey', function() {
it('stores signed prekeys', function(done) {
store.storeSignedPreKey(3, testKey).then(function() {
return store.loadSignedPreKey(3).then(function(key) {
assertEqualArrayBuffers(key.pubKey, testKey.pubKey);
assertEqualArrayBuffers(key.privKey, testKey.privKey);
});
}).then(done,done);
});
});
describe('removeSignedPreKey', function() {
before(function(done) {
store.storeSignedPreKey(4, testKey).then(done);
});
it('deletes signed prekeys', function(done) {
store.removeSignedPreKey(4, testKey).then(function() {
return store.loadSignedPreKey(4).then(function(key) {
assert.isUndefined(key);
});
}).then(done,done);
});
});
describe('storeSession', function() {
it('stores sessions', function(done) {
var testRecord = "an opaque string";
store.storeSession(identifier + '.1', testRecord).then(function() {
return store.loadSession(identifier + '.1').then(function(record) {
assert.deepEqual(record, testRecord);
});
}).then(done,done);
});
});
describe('removeAllSessions', function() {
it('removes all sessions for a number', function(done) {
var testRecord = "an opaque string";
var devices = [1, 2, 3].map(function(deviceId) {
return [identifier, deviceId].join('.');
});
var promise = Promise.resolve();
devices.forEach(function(encodedNumber) {
promise = promise.then(function() {
return store.storeSession(encodedNumber, testRecord + encodedNumber);
});
});
promise.then(function() {
return store.removeAllSessions(identifier).then(function(record) {
return Promise.all(devices.map(store.loadSession.bind(store))).then(function(records) {
for (var i in records) {
assert.isUndefined(records[i]);
};
});
});
}).then(done,done);
});
});
describe('clearSessionStore', function() {
it ('clears the session store', function(done) {
var testRecord = "an opaque string";
store.storeSession(identifier + '.1', testRecord).then(function() {
return store.clearSessionStore().then(function() {
return store.loadSession(identifier + '.1').then(function(record) {
assert.isUndefined(record);
});
});
}).then(done,done);
});
});
describe('getDeviceIds', function() {
it('returns deviceIds for a number', function(done) {
var testRecord = "an opaque string";
var devices = [1, 2, 3].map(function(deviceId) {
return [identifier, deviceId].join('.');
});
var promise = Promise.resolve();
devices.forEach(function(encodedNumber) {
promise = promise.then(function() {
return store.storeSession(encodedNumber, testRecord + encodedNumber);
});
});
promise.then(function() {
return store.getDeviceIds(identifier).then(function(deviceIds) {
assert.sameMembers(deviceIds, [1, 2, 3]);
});
}).then(done,done);
});
it('returns empty array for a number with no device ids', function(done) {
return store.getDeviceIds('foo').then(function(deviceIds) {
assert.sameMembers(deviceIds,[]);
}).then(done,done);
});
});
});