diff options
author | Tobias Nießen <tniessen@tnie.de> | 2019-03-16 23:51:26 +0100 |
---|---|---|
committer | Daniel Bevenius <daniel.bevenius@gmail.com> | 2019-04-08 09:22:32 +0200 |
commit | 969bd1eb7b56fda3573ad3d41745a491f2b06dde (patch) | |
tree | eb6a429995c6bc99105ab944a72cc0b85c463043 /test/parallel/test-crypto-keygen.js | |
parent | d834275a48bc1f85e2289bf7e52a5035a4d97f7e (diff) | |
download | android-node-v8-969bd1eb7b56fda3573ad3d41745a491f2b06dde.tar.gz android-node-v8-969bd1eb7b56fda3573ad3d41745a491f2b06dde.tar.bz2 android-node-v8-969bd1eb7b56fda3573ad3d41745a491f2b06dde.zip |
crypto: add support for RSA-PSS keys
This commit adds support for RSA-PSS keys, including
- KeyObjects of type rsa-pss,
- key pair generation for RSA-PSS, and
- signing and verification using RSA-PSS keys.
PR-URL: https://github.com/nodejs/node/pull/26960
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Diffstat (limited to 'test/parallel/test-crypto-keygen.js')
-rw-r--r-- | test/parallel/test-crypto-keygen.js | 71 |
1 files changed, 60 insertions, 11 deletions
diff --git a/test/parallel/test-crypto-keygen.js b/test/parallel/test-crypto-keygen.js index 66840dd43d..d327c7a078 100644 --- a/test/parallel/test-crypto-keygen.js +++ b/test/parallel/test-crypto-keygen.js @@ -6,12 +6,15 @@ if (!common.hasCrypto) const assert = require('assert'); const { + constants, createSign, createVerify, generateKeyPair, generateKeyPairSync, publicEncrypt, - privateDecrypt + privateDecrypt, + sign, + verify } = require('crypto'); const { promisify } = require('util'); @@ -40,13 +43,24 @@ function testEncryptDecrypt(publicKey, privateKey) { // Tests that a key pair can be used for signing / verification. function testSignVerify(publicKey, privateKey) { - const message = 'Hello Node.js world!'; - const signature = createSign('SHA256').update(message) - .sign(privateKey, 'hex'); - for (const key of [publicKey, privateKey]) { - const okay = createVerify('SHA256').update(message) - .verify(key, signature, 'hex'); - assert(okay); + const message = Buffer.from('Hello Node.js world!'); + + function oldSign(algo, data, key) { + return createSign(algo).update(data).sign(key); + } + + function oldVerify(algo, data, key, signature) { + return createVerify(algo).update(data).verify(key, signature); + } + + for (const signFn of [sign, oldSign]) { + const signature = signFn('SHA256', message, privateKey); + for (const verifyFn of [verify, oldVerify]) { + for (const key of [publicKey, privateKey]) { + const okay = verifyFn('SHA256', message, key, signature); + assert(okay); + } + } } } @@ -252,6 +266,43 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher); } { + // Test RSA-PSS. + generateKeyPair('rsa-pss', { + modulusLength: 512, + saltLength: 16, + hash: 'sha256', + mgf1Hash: 'sha256' + }, common.mustCall((err, publicKey, privateKey) => { + assert.ifError(err); + + assert.strictEqual(publicKey.type, 'public'); + assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss'); + + assert.strictEqual(privateKey.type, 'private'); + assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss'); + + // Unlike RSA, RSA-PSS does not allow encryption. + assert.throws(() => { + testEncryptDecrypt(publicKey, privateKey); + }, /operation not supported for this keytype/); + + // RSA-PSS also does not permit signing with PKCS1 padding. + assert.throws(() => { + testSignVerify({ + key: publicKey, + padding: constants.RSA_PKCS1_PADDING + }, { + key: privateKey, + padding: constants.RSA_PKCS1_PADDING + }); + }, /illegal or unsupported padding mode/); + + // The padding should correctly default to RSA_PKCS1_PSS_PADDING now. + testSignVerify(publicKey, privateKey); + })); +} + +{ const privateKeyEncoding = { type: 'pkcs8', format: 'der' @@ -440,9 +491,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher); common.expectsError(() => generateKeyPairSync('rsa2', {}), { type: TypeError, code: 'ERR_INVALID_ARG_VALUE', - message: "The argument 'type' must be one of " + - "'rsa', 'dsa', 'ec', 'ed25519', 'ed448'," + - " 'x25519', 'x448'. Received 'rsa2'" + message: "The argument 'type' must be a supported key type. Received 'rsa2'" }); } |