Add negative test for vaultFormat8 verfiy and recover

cryptomator · May 30, 2024 · ea77daf · ea77daf
1 parent b43a946
commit ea77daf
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 4 deletions.
diff --git a/frontend/src/common/vaultFormat8.ts b/frontend/src/common/vaultFormat8.ts
@@ -156,7 +156,7 @@ export class VaultFormat8 implements AccessTokenProducing, VaultTemplateProducin
     );
     const base64urlDigest = base64url.stringify(new Uint8Array(digest), { pad: false });
     if (!(signature === base64urlDigest)) {
-      throw new Error('Verification failed.');
+      throw new Error('Recovery key does not match vault file.');
     }
 
     return new VaultFormat8(key);

diff --git a/frontend/test/common/vaultFormat8.spec.ts b/frontend/test/common/vaultFormat8.spec.ts
@@ -87,7 +87,7 @@ describe('Vault Format 8', () => {
     ]);
   });
 
-  it('verifyAndRecover() succeeds for key and corresponding metadata', async () => {
+  it('verifyAndRecover() succeeds for valid and matching key-metadata-pair', async () => {
     const recoveryKey = `
       exotic ghost cooperate rain writing purple bicycle fixed first elite treaty friendly screen pull middle seventeen passport
       correctly bored remains give profound ultimate charm haunt retired viable ray delegate indicator race cause aluminium
@@ -96,8 +96,18 @@ describe('Vault Format 8', () => {
     const vaultMetadata = 'eyJraWQiOiJtYXN0ZXJrZXlmaWxlOm1hc3RlcmtleS5jcnlwdG9tYXRvciIsInR5cCI6IkpXVCIsImFsZyI6IkhTMjU2In0.eyJmb3JtYXQiOjgsInNob3J0ZW5pbmdUaHJlc2hvbGQiOjIyMCwianRpIjoiZmI0N2IyMDYtM2FjMS00Y2RkLThkNTMtYWE0OWM4NjY4Nzk5IiwiY2lwaGVyQ29tYm8iOiJTSVZfQ1RSTUFDIn0.oSMdTtcC6LtoC37knQpNoPo3biUNFCRfxownXIFf_GM';
 
     const recovered = await VaultFormat8.verifyAndRecover(vaultMetadata, recoveryKey);
-    const recoveredKey = await crypto.subtle.exportKey('jwk', recovered.masterKey);
-    //TODO: expect(recoveredKey.k).to.eq('VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3dw');
+  });
+
+  it('verifyAndRecover() fails for not-matching, but valid key-metadata-pair', async () => {
+    const recoveryKeyA = `
+      exotic ghost cooperate rain writing purple bicycle fixed first elite treaty friendly screen pull middle seventeen passport
+      correctly bored remains give profound ultimate charm haunt retired viable ray delegate indicator race cause aluminium
+      obesity site tactical root rumour theology glory consist comic terribly substance
+      `;
+    const vaultMetdataB = 'eyJraWQiOiJtYXN0ZXJrZXlmaWxlOm1hc3RlcmtleS5jcnlwdG9tYXRvciIsInR5cCI6IkpXVCIsImFsZyI6IkhTMjU2In0.eyJmb3JtYXQiOjgsInNob3J0ZW5pbmdUaHJlc2hvbGQiOjIyMCwianRpIjoiYzU2YmJlNTMtMTYxYS00YjRkLWEyYjktMzE0ODMxYzAxNWJjIiwiY2lwaGVyQ29tYm8iOiJTSVZfR0NNIn0.zPCDsnrBEOT1-X7MVmcMEuP2eqOiqS63V9oM_CcNppg';
+    const keyDoesNotCorrespondToSignature = VaultFormat8.verifyAndRecover(vaultMetdataB, recoveryKeyA);
+
+    expect(keyDoesNotCorrespondToSignature).to.be.rejectedWith(Error, /Recovery key does not match vault file/);
   });
 
   it('encryptForUser()', async () => {