crypto: warn on invalid authentication tag length

PR-URL: https://github.com/nodejs/node/pull/17566
Refs: https://github.com/nodejs/node/issues/17523
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>

1 files changed, 19 insertions, 0 deletions

diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js
index c03aa0efce..df6b431639 100644
--- a/test/parallel/test-crypto-authenticated.js
+++ b/test/parallel/test-crypto-authenticated.js
@@ -335,6 +335,14 @@ const errMessages = {
 
 const ciphers = crypto.getCiphers();
 
+common.expectWarning('Warning', (common.hasFipsCrypto ? [] : [
+  'Use Cipheriv for counter mode of aes-192-gcm'
+]).concat(
+  [0, 1, 2, 6, 9, 10, 11, 17]
+  .map((i) => `Permitting authentication tag lengths of ${i} bytes is ` +
+            'deprecated. Valid GCM tag lengths are 4, 8, 12, 13, 14, 15, 16.')
+));
+
 for (const i in TEST_CASES) {
   const test = TEST_CASES[i];
 
@@ -476,3 +484,14 @@ for (const i in TEST_CASES) {
   assert.throws(() => encrypt.setAAD(Buffer.from('123', 'ascii')),
                 errMessages.state);
 }
+
+// GCM only supports specific authentication tag lengths, invalid lengths should
+// produce warnings.
+{
+  for (const length of [0, 1, 2, 4, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17]) {
+    const decrypt = crypto.createDecipheriv('aes-256-gcm',
+                                            'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
+                                            'qkuZpJWCewa6Szih');
+    decrypt.setAuthTag(Buffer.from('1'.repeat(length)));
+  }
+}