diff options
author | Stefan Budeanu <stefan@budeanu.com> | 2015-11-10 16:33:25 -0500 |
---|---|---|
committer | James M Snell <jasnell@gmail.com> | 2015-11-14 09:13:56 -0800 |
commit | 11ad744a92374ad71730cbfb7abea71fda0abb74 (patch) | |
tree | bc5a7bd6348294548e9231ec609f0b64618ecf24 /test/parallel/test-crypto-dh.js | |
parent | a49b3af00b06dfd0e9301115cf077cc00a99a1c3 (diff) | |
download | android-node-v8-11ad744a92374ad71730cbfb7abea71fda0abb74.tar.gz android-node-v8-11ad744a92374ad71730cbfb7abea71fda0abb74.tar.bz2 android-node-v8-11ad744a92374ad71730cbfb7abea71fda0abb74.zip |
test: increase crypto strength for FIPS standard
Use stronger crypto (larger keys, etc.) for arbitrary tests so
they will pass in both FIPS and non-FIPS mode without altering
the original intent of the test cases.
PR-URL: https://github.com/nodejs/node/pull/3758
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'test/parallel/test-crypto-dh.js')
-rw-r--r-- | test/parallel/test-crypto-dh.js | 69 |
1 files changed, 37 insertions, 32 deletions
diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js index dfb912c0a4..d93c53e399 100644 --- a/test/parallel/test-crypto-dh.js +++ b/test/parallel/test-crypto-dh.js @@ -11,7 +11,7 @@ var crypto = require('crypto'); // Test Diffie-Hellman with two parties sharing a secret, // using various encodings as we go along -var dh1 = crypto.createDiffieHellman(256); +var dh1 = crypto.createDiffieHellman(1024); var p1 = dh1.getPrime('buffer'); var dh2 = crypto.createDiffieHellman(p1, 'buffer'); var key1 = dh1.generateKeys(); @@ -82,9 +82,11 @@ assert.equal(aSecret, bSecret); assert.equal(alice.verifyError, constants.DH_NOT_SUITABLE_GENERATOR); assert.equal(bob.verifyError, constants.DH_NOT_SUITABLE_GENERATOR); -// Ensure specific generator (buffer) works as expected. -var modp1 = crypto.createDiffieHellmanGroup('modp1'); -var modp1buf = new Buffer([ +/* Ensure specific generator (buffer) works as expected. + * The values below (modp2/modp2buf) are for a 1024 bits long prime from + * RFC 2412 E.2, see https://tools.ietf.org/html/rfc2412. */ +var modp2 = crypto.createDiffieHellmanGroup('modp2'); +var modp2buf = new Buffer([ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc9, 0x0f, 0xda, 0xa2, 0x21, 0x68, 0xc2, 0x34, 0xc4, 0xc6, 0x62, 0x8b, 0x80, 0xdc, 0x1c, 0xd1, 0x29, 0x02, 0x4e, 0x08, 0x8a, 0x67, @@ -93,47 +95,50 @@ var modp1buf = new Buffer([ 0x19, 0xb3, 0xcd, 0x3a, 0x43, 0x1b, 0x30, 0x2b, 0x0a, 0x6d, 0xf2, 0x5f, 0x14, 0x37, 0x4f, 0xe1, 0x35, 0x6d, 0x6d, 0x51, 0xc2, 0x45, 0xe4, 0x85, 0xb5, 0x76, 0x62, 0x5e, 0x7e, 0xc6, - 0xf4, 0x4c, 0x42, 0xe9, 0xa6, 0x3a, 0x36, 0x20, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff + 0xf4, 0x4c, 0x42, 0xe9, 0xa6, 0x37, 0xed, 0x6b, 0x0b, 0xff, + 0x5c, 0xb6, 0xf4, 0x06, 0xb7, 0xed, 0xee, 0x38, 0x6b, 0xfb, + 0x5a, 0x89, 0x9f, 0xa5, 0xae, 0x9f, 0x24, 0x11, 0x7c, 0x4b, + 0x1f, 0xe6, 0x49, 0x28, 0x66, 0x51, 0xec, 0xe6, 0x53, 0x81, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff ]); -var exmodp1 = crypto.createDiffieHellman(modp1buf, new Buffer([2])); -modp1.generateKeys(); -exmodp1.generateKeys(); -var modp1Secret = modp1.computeSecret(exmodp1.getPublicKey()).toString('hex'); -var exmodp1Secret = exmodp1.computeSecret(modp1.getPublicKey()).toString('hex'); -assert.equal(modp1Secret, exmodp1Secret); -assert.equal(modp1.verifyError, constants.DH_NOT_SUITABLE_GENERATOR); -assert.equal(exmodp1.verifyError, constants.DH_NOT_SUITABLE_GENERATOR); +var exmodp2 = crypto.createDiffieHellman(modp2buf, new Buffer([2])); +modp2.generateKeys(); +exmodp2.generateKeys(); +var modp2Secret = modp2.computeSecret(exmodp2.getPublicKey()).toString('hex'); +var exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey()).toString('hex'); +assert.equal(modp2Secret, exmodp2Secret); +assert.equal(modp2.verifyError, constants.DH_NOT_SUITABLE_GENERATOR); +assert.equal(exmodp2.verifyError, constants.DH_NOT_SUITABLE_GENERATOR); // Ensure specific generator (string with encoding) works as expected. -var exmodp1_2 = crypto.createDiffieHellman(modp1buf, '02', 'hex'); -exmodp1_2.generateKeys(); -modp1Secret = modp1.computeSecret(exmodp1_2.getPublicKey()).toString('hex'); -var exmodp1_2Secret = exmodp1_2.computeSecret(modp1.getPublicKey()) +var exmodp2_2 = crypto.createDiffieHellman(modp2buf, '02', 'hex'); +exmodp2_2.generateKeys(); +modp2Secret = modp2.computeSecret(exmodp2_2.getPublicKey()).toString('hex'); +var exmodp2_2Secret = exmodp2_2.computeSecret(modp2.getPublicKey()) .toString('hex'); -assert.equal(modp1Secret, exmodp1_2Secret); -assert.equal(exmodp1_2.verifyError, constants.DH_NOT_SUITABLE_GENERATOR); +assert.equal(modp2Secret, exmodp2_2Secret); +assert.equal(exmodp2_2.verifyError, constants.DH_NOT_SUITABLE_GENERATOR); // Ensure specific generator (string without encoding) works as expected. -var exmodp1_3 = crypto.createDiffieHellman(modp1buf, '\x02'); -exmodp1_3.generateKeys(); -modp1Secret = modp1.computeSecret(exmodp1_3.getPublicKey()).toString('hex'); -var exmodp1_3Secret = exmodp1_3.computeSecret(modp1.getPublicKey()) +var exmodp2_3 = crypto.createDiffieHellman(modp2buf, '\x02'); +exmodp2_3.generateKeys(); +modp2Secret = modp2.computeSecret(exmodp2_3.getPublicKey()).toString('hex'); +var exmodp2_3Secret = exmodp2_3.computeSecret(modp2.getPublicKey()) .toString('hex'); -assert.equal(modp1Secret, exmodp1_3Secret); -assert.equal(exmodp1_3.verifyError, constants.DH_NOT_SUITABLE_GENERATOR); +assert.equal(modp2Secret, exmodp2_3Secret); +assert.equal(exmodp2_3.verifyError, constants.DH_NOT_SUITABLE_GENERATOR); // Ensure specific generator (numeric) works as expected. -var exmodp1_4 = crypto.createDiffieHellman(modp1buf, 2); -exmodp1_4.generateKeys(); -modp1Secret = modp1.computeSecret(exmodp1_4.getPublicKey()).toString('hex'); -var exmodp1_4Secret = exmodp1_4.computeSecret(modp1.getPublicKey()) +var exmodp2_4 = crypto.createDiffieHellman(modp2buf, 2); +exmodp2_4.generateKeys(); +modp2Secret = modp2.computeSecret(exmodp2_4.getPublicKey()).toString('hex'); +var exmodp2_4Secret = exmodp2_4.computeSecret(modp2.getPublicKey()) .toString('hex'); -assert.equal(modp1Secret, exmodp1_4Secret); -assert.equal(exmodp1_4.verifyError, constants.DH_NOT_SUITABLE_GENERATOR); +assert.equal(modp2Secret, exmodp2_4Secret); +assert.equal(exmodp2_4.verifyError, constants.DH_NOT_SUITABLE_GENERATOR); var p = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' + |