test: increase crypto strength for FIPS standard

Use stronger crypto (larger keys, etc.) for arbitrary tests so
they will pass in both FIPS and non-FIPS mode without altering
the original intent of the test cases.

PR-URL: https://github.com/nodejs/node/pull/3758
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: James M Snell <jasnell@gmail.com>

1 files changed, 37 insertions, 32 deletions

diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js
index dfb912c0a4..d93c53e399 100644
--- a/test/parallel/test-crypto-dh.js
+++ b/test/parallel/test-crypto-dh.js
@@ -11,7 +11,7 @@ var crypto = require('crypto');
 
 // Test Diffie-Hellman with two parties sharing a secret,
 // using various encodings as we go along
-var dh1 = crypto.createDiffieHellman(256);
+var dh1 = crypto.createDiffieHellman(1024);
 var p1 = dh1.getPrime('buffer');
 var dh2 = crypto.createDiffieHellman(p1, 'buffer');
 var key1 = dh1.generateKeys();
@@ -82,9 +82,11 @@ assert.equal(aSecret, bSecret);
 assert.equal(alice.verifyError, constants.DH_NOT_SUITABLE_GENERATOR);
 assert.equal(bob.verifyError, constants.DH_NOT_SUITABLE_GENERATOR);
 
-// Ensure specific generator (buffer) works as expected.
-var modp1 = crypto.createDiffieHellmanGroup('modp1');
-var modp1buf = new Buffer([
+/* Ensure specific generator (buffer) works as expected.
+ * The values below (modp2/modp2buf) are for a 1024 bits long prime from
+ * RFC 2412 E.2, see https://tools.ietf.org/html/rfc2412. */
+var modp2 = crypto.createDiffieHellmanGroup('modp2');
+var modp2buf = new Buffer([
   0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc9, 0x0f,
   0xda, 0xa2, 0x21, 0x68, 0xc2, 0x34, 0xc4, 0xc6, 0x62, 0x8b,
   0x80, 0xdc, 0x1c, 0xd1, 0x29, 0x02, 0x4e, 0x08, 0x8a, 0x67,
@@ -93,47 +95,50 @@ var modp1buf = new Buffer([
   0x19, 0xb3, 0xcd, 0x3a, 0x43, 0x1b, 0x30, 0x2b, 0x0a, 0x6d,
   0xf2, 0x5f, 0x14, 0x37, 0x4f, 0xe1, 0x35, 0x6d, 0x6d, 0x51,
   0xc2, 0x45, 0xe4, 0x85, 0xb5, 0x76, 0x62, 0x5e, 0x7e, 0xc6,
-  0xf4, 0x4c, 0x42, 0xe9, 0xa6, 0x3a, 0x36, 0x20, 0xff, 0xff,
-  0xff, 0xff, 0xff, 0xff, 0xff, 0xff
+  0xf4, 0x4c, 0x42, 0xe9, 0xa6, 0x37, 0xed, 0x6b, 0x0b, 0xff,
+  0x5c, 0xb6, 0xf4, 0x06, 0xb7, 0xed, 0xee, 0x38, 0x6b, 0xfb,
+  0x5a, 0x89, 0x9f, 0xa5, 0xae, 0x9f, 0x24, 0x11, 0x7c, 0x4b,
+  0x1f, 0xe6, 0x49, 0x28, 0x66, 0x51, 0xec, 0xe6, 0x53, 0x81,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
 ]);
-var exmodp1 = crypto.createDiffieHellman(modp1buf, new Buffer([2]));
-modp1.generateKeys();
-exmodp1.generateKeys();
-var modp1Secret = modp1.computeSecret(exmodp1.getPublicKey()).toString('hex');
-var exmodp1Secret = exmodp1.computeSecret(modp1.getPublicKey()).toString('hex');
-assert.equal(modp1Secret, exmodp1Secret);
-assert.equal(modp1.verifyError, constants.DH_NOT_SUITABLE_GENERATOR);
-assert.equal(exmodp1.verifyError, constants.DH_NOT_SUITABLE_GENERATOR);
+var exmodp2 = crypto.createDiffieHellman(modp2buf, new Buffer([2]));
+modp2.generateKeys();
+exmodp2.generateKeys();
+var modp2Secret = modp2.computeSecret(exmodp2.getPublicKey()).toString('hex');
+var exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey()).toString('hex');
+assert.equal(modp2Secret, exmodp2Secret);
+assert.equal(modp2.verifyError, constants.DH_NOT_SUITABLE_GENERATOR);
+assert.equal(exmodp2.verifyError, constants.DH_NOT_SUITABLE_GENERATOR);
 
 
 // Ensure specific generator (string with encoding) works as expected.
-var exmodp1_2 = crypto.createDiffieHellman(modp1buf, '02', 'hex');
-exmodp1_2.generateKeys();
-modp1Secret = modp1.computeSecret(exmodp1_2.getPublicKey()).toString('hex');
-var exmodp1_2Secret = exmodp1_2.computeSecret(modp1.getPublicKey())
+var exmodp2_2 = crypto.createDiffieHellman(modp2buf, '02', 'hex');
+exmodp2_2.generateKeys();
+modp2Secret = modp2.computeSecret(exmodp2_2.getPublicKey()).toString('hex');
+var exmodp2_2Secret = exmodp2_2.computeSecret(modp2.getPublicKey())
                                .toString('hex');
-assert.equal(modp1Secret, exmodp1_2Secret);
-assert.equal(exmodp1_2.verifyError, constants.DH_NOT_SUITABLE_GENERATOR);
+assert.equal(modp2Secret, exmodp2_2Secret);
+assert.equal(exmodp2_2.verifyError, constants.DH_NOT_SUITABLE_GENERATOR);
 
 
 // Ensure specific generator (string without encoding) works as expected.
-var exmodp1_3 = crypto.createDiffieHellman(modp1buf, '\x02');
-exmodp1_3.generateKeys();
-modp1Secret = modp1.computeSecret(exmodp1_3.getPublicKey()).toString('hex');
-var exmodp1_3Secret = exmodp1_3.computeSecret(modp1.getPublicKey())
+var exmodp2_3 = crypto.createDiffieHellman(modp2buf, '\x02');
+exmodp2_3.generateKeys();
+modp2Secret = modp2.computeSecret(exmodp2_3.getPublicKey()).toString('hex');
+var exmodp2_3Secret = exmodp2_3.computeSecret(modp2.getPublicKey())
                                .toString('hex');
-assert.equal(modp1Secret, exmodp1_3Secret);
-assert.equal(exmodp1_3.verifyError, constants.DH_NOT_SUITABLE_GENERATOR);
+assert.equal(modp2Secret, exmodp2_3Secret);
+assert.equal(exmodp2_3.verifyError, constants.DH_NOT_SUITABLE_GENERATOR);
 
 
 // Ensure specific generator (numeric) works as expected.
-var exmodp1_4 = crypto.createDiffieHellman(modp1buf, 2);
-exmodp1_4.generateKeys();
-modp1Secret = modp1.computeSecret(exmodp1_4.getPublicKey()).toString('hex');
-var exmodp1_4Secret = exmodp1_4.computeSecret(modp1.getPublicKey())
+var exmodp2_4 = crypto.createDiffieHellman(modp2buf, 2);
+exmodp2_4.generateKeys();
+modp2Secret = modp2.computeSecret(exmodp2_4.getPublicKey()).toString('hex');
+var exmodp2_4Secret = exmodp2_4.computeSecret(modp2.getPublicKey())
                                .toString('hex');
-assert.equal(modp1Secret, exmodp1_4Secret);
-assert.equal(exmodp1_4.verifyError, constants.DH_NOT_SUITABLE_GENERATOR);
+assert.equal(modp2Secret, exmodp2_4Secret);
+assert.equal(exmodp2_4.verifyError, constants.DH_NOT_SUITABLE_GENERATOR);
 
 
 var p = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' +