diff options
author | Tobias Nießen <tniessen@tnie.de> | 2017-12-09 13:23:18 +0100 |
---|---|---|
committer | Tobias Nießen <tniessen@tnie.de> | 2017-12-22 15:50:06 +0100 |
commit | 1a396bbd6b60297bc6132a63ca69743ae1e37850 (patch) | |
tree | fbc805273c8c37b748a01dbc4c846043f42112aa /test/parallel/test-crypto-authenticated.js | |
parent | e56553451045674bf2d5d70da7b32314551f5f6f (diff) | |
download | android-node-v8-1a396bbd6b60297bc6132a63ca69743ae1e37850.tar.gz android-node-v8-1a396bbd6b60297bc6132a63ca69743ae1e37850.tar.bz2 android-node-v8-1a396bbd6b60297bc6132a63ca69743ae1e37850.zip |
crypto: warn on invalid authentication tag length
PR-URL: https://github.com/nodejs/node/pull/17566
Refs: https://github.com/nodejs/node/issues/17523
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'test/parallel/test-crypto-authenticated.js')
-rw-r--r-- | test/parallel/test-crypto-authenticated.js | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js index c03aa0efce..df6b431639 100644 --- a/test/parallel/test-crypto-authenticated.js +++ b/test/parallel/test-crypto-authenticated.js @@ -335,6 +335,14 @@ const errMessages = { const ciphers = crypto.getCiphers(); +common.expectWarning('Warning', (common.hasFipsCrypto ? [] : [ + 'Use Cipheriv for counter mode of aes-192-gcm' +]).concat( + [0, 1, 2, 6, 9, 10, 11, 17] + .map((i) => `Permitting authentication tag lengths of ${i} bytes is ` + + 'deprecated. Valid GCM tag lengths are 4, 8, 12, 13, 14, 15, 16.') +)); + for (const i in TEST_CASES) { const test = TEST_CASES[i]; @@ -476,3 +484,14 @@ for (const i in TEST_CASES) { assert.throws(() => encrypt.setAAD(Buffer.from('123', 'ascii')), errMessages.state); } + +// GCM only supports specific authentication tag lengths, invalid lengths should +// produce warnings. +{ + for (const length of [0, 1, 2, 4, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17]) { + const decrypt = crypto.createDecipheriv('aes-256-gcm', + 'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8', + 'qkuZpJWCewa6Szih'); + decrypt.setAuthTag(Buffer.from('1'.repeat(length))); + } +} |