diff options
author | Tobias Nießen <tniessen@tnie.de> | 2019-08-21 00:05:55 +0200 |
---|---|---|
committer | Tobias Nießen <tniessen@tnie.de> | 2019-11-20 12:55:47 -0400 |
commit | c63af4fea041673eb7c33f6df3c474d4537fe5eb (patch) | |
tree | 73e1942eb0ca50d5414fbe4619099c49d0666494 /test/parallel/test-crypto-sign-verify.js | |
parent | 80efb80f3f9dffb412aa1a41ab36c843c90c60e5 (diff) | |
download | android-node-v8-c63af4fea041673eb7c33f6df3c474d4537fe5eb.tar.gz android-node-v8-c63af4fea041673eb7c33f6df3c474d4537fe5eb.tar.bz2 android-node-v8-c63af4fea041673eb7c33f6df3c474d4537fe5eb.zip |
crypto: add support for IEEE-P1363 DSA signatures
PR-URL: https://github.com/nodejs/node/pull/29292
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'test/parallel/test-crypto-sign-verify.js')
-rw-r--r-- | test/parallel/test-crypto-sign-verify.js | 90 |
1 files changed, 80 insertions, 10 deletions
diff --git a/test/parallel/test-crypto-sign-verify.js b/test/parallel/test-crypto-sign-verify.js index 66c7ac7d80..a16d25f540 100644 --- a/test/parallel/test-crypto-sign-verify.js +++ b/test/parallel/test-crypto-sign-verify.js @@ -500,21 +500,91 @@ common.expectsError( }); { - const privKey = fixtures.readKey('ec-key.pem'); const data = Buffer.from('Hello world'); - [ - crypto.createSign('sha1').update(data).sign(privKey), - crypto.sign('sha1', data, privKey) - ].forEach((sig) => { - // Signature length variability due to DER encoding - assert.strictEqual(sig.length >= 68, true); + const keys = [['ec-key.pem', 64], ['dsa_private_1025.pem', 40]]; + + for (const [file, length] of keys) { + const privKey = fixtures.readKey(file); + [ + crypto.createSign('sha1').update(data).sign(privKey), + crypto.sign('sha1', data, privKey), + crypto.sign('sha1', data, { key: privKey, dsaEncoding: 'der' }) + ].forEach((sig) => { + // Signature length variability due to DER encoding + assert(sig.length >= length + 4 && sig.length <= length + 8); + + assert.strictEqual( + crypto.createVerify('sha1').update(data).verify(privKey, sig), + true + ); + assert.strictEqual(crypto.verify('sha1', data, privKey, sig), true); + }); + // Test (EC)DSA signature conversion. + const opts = { key: privKey, dsaEncoding: 'ieee-p1363' }; + let sig = crypto.sign('sha1', data, opts); + // Unlike DER signatures, IEEE P1363 signatures have a predictable length. + assert.strictEqual(sig.length, length); + assert.strictEqual(crypto.verify('sha1', data, opts, sig), true); + + // Test invalid signature lengths. + for (const i of [-2, -1, 1, 2, 4, 8]) { + sig = crypto.randomBytes(length + i); + common.expectsError(() => { + crypto.verify('sha1', data, opts, sig); + }, { + message: 'Malformed signature' + }); + } + } + + // Test verifying externally signed messages. + const extSig = Buffer.from('494c18ab5c8a62a72aea5041966902bcfa229821af2bf65' + + '0b5b4870d1fe6aebeaed9460c62210693b5b0a300033823' + + '33d9529c8abd8c5948940af944828be16c', 'hex'); + for (const ok of [true, false]) { assert.strictEqual( - crypto.createVerify('sha1').update(data).verify(privKey, sig), - true + crypto.verify('sha256', data, { + key: fixtures.readKey('ec-key.pem'), + dsaEncoding: 'ieee-p1363' + }, extSig), + ok ); - assert.strictEqual(crypto.verify('sha1', data, privKey, sig), true); + + extSig[Math.floor(Math.random() * extSig.length)] ^= 1; + } + + // Non-(EC)DSA keys should ignore the option. + const sig = crypto.sign('sha1', data, { + key: keyPem, + dsaEncoding: 'ieee-p1363' }); + assert.strictEqual(crypto.verify('sha1', data, certPem, sig), true); + assert.strictEqual( + crypto.verify('sha1', data, { + key: certPem, + dsaEncoding: 'ieee-p1363' + }, sig), + true + ); + assert.strictEqual( + crypto.verify('sha1', data, { + key: certPem, + dsaEncoding: 'der' + }, sig), + true + ); + + for (const dsaEncoding of ['foo', null, {}, 5, true, NaN]) { + common.expectsError(() => { + crypto.sign('sha1', data, { + key: certPem, + dsaEncoding + }); + }, { + code: 'ERR_INVALID_OPT_VALUE' + }); + } } |