/
test-crypto-async-sign-verify.js
146 lines (125 loc) Β· 4.42 KB
/
test-crypto-async-sign-verify.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
'use strict';
const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
if (common.hasOpenSSL3)
common.skip('temporarily skipping for OpenSSL 3.0-alpha15');
const assert = require('assert');
const util = require('util');
const crypto = require('crypto');
const fixtures = require('../common/fixtures');
function test(
publicFixture,
privateFixture,
algorithm,
deterministic,
options
) {
let publicPem = fixtures.readKey(publicFixture);
let privatePem = fixtures.readKey(privateFixture);
let privateKey = crypto.createPrivateKey(privatePem);
let publicKey = crypto.createPublicKey(publicPem);
const privateDer = {
key: privateKey.export({ format: 'der', type: 'pkcs8' }),
format: 'der',
type: 'pkcs8',
...options
};
const publicDer = {
key: publicKey.export({ format: 'der', type: 'spki' }),
format: 'der',
type: 'spki',
...options
};
if (options) {
publicPem = { ...options, key: publicPem };
privatePem = { ...options, key: privatePem };
privateKey = { ...options, key: privateKey };
publicKey = { ...options, key: publicKey };
}
const data = Buffer.from('Hello world');
const expected = crypto.sign(algorithm, data, privateKey);
for (const key of [privatePem, privateKey, privateDer]) {
crypto.sign(algorithm, data, key, common.mustSucceed((actual) => {
if (deterministic) {
assert.deepStrictEqual(actual, expected);
}
assert.strictEqual(
crypto.verify(algorithm, data, key, actual), true);
}));
}
const verifyInputs = [
publicPem, publicKey, publicDer, privatePem, privateKey, privateDer];
for (const key of verifyInputs) {
crypto.verify(algorithm, data, key, expected, common.mustSucceed(
(verified) => assert.strictEqual(verified, true)));
crypto.verify(algorithm, data, key, Buffer.from(''), common.mustSucceed(
(verified) => assert.strictEqual(verified, false)));
}
}
// RSA w/ default padding
test('rsa_public.pem', 'rsa_private.pem', 'sha256', true);
test('rsa_public.pem', 'rsa_private.pem', 'sha256', true,
{ padding: crypto.constants.RSA_PKCS1_PADDING });
// RSA w/ PSS_PADDING and default saltLength
test('rsa_public.pem', 'rsa_private.pem', 'sha256', false,
{ padding: crypto.constants.RSA_PKCS1_PSS_PADDING });
test('rsa_public.pem', 'rsa_private.pem', 'sha256', false,
{
padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
saltLength: crypto.constants.RSA_PSS_SALTLEN_MAX_SIGN
});
// RSA w/ PSS_PADDING and PSS_SALTLEN_DIGEST
test('rsa_public.pem', 'rsa_private.pem', 'sha256', false,
{
padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST
});
// ED25519
test('ed25519_public.pem', 'ed25519_private.pem', undefined, true);
// ED448
test('ed448_public.pem', 'ed448_private.pem', undefined, true);
// ECDSA w/ der signature encoding
test('ec_secp256k1_public.pem', 'ec_secp256k1_private.pem', 'sha384',
false);
test('ec_secp256k1_public.pem', 'ec_secp256k1_private.pem', 'sha384',
false, { dsaEncoding: 'der' });
// ECDSA w/ ieee-p1363 signature encoding
test('ec_secp256k1_public.pem', 'ec_secp256k1_private.pem', 'sha384', false,
{ dsaEncoding: 'ieee-p1363' });
// DSA w/ der signature encoding
test('dsa_public.pem', 'dsa_private.pem', 'sha256',
false);
test('dsa_public.pem', 'dsa_private.pem', 'sha256',
false, { dsaEncoding: 'der' });
// DSA w/ ieee-p1363 signature encoding
test('dsa_public.pem', 'dsa_private.pem', 'sha256', false,
{ dsaEncoding: 'ieee-p1363' });
// Test Parallel Execution w/ KeyObject is threadsafe in openssl3
{
const publicKey = {
key: crypto.createPublicKey(
fixtures.readKey('ec_p256_public.pem')),
dsaEncoding: 'ieee-p1363',
};
const privateKey = {
key: crypto.createPrivateKey(
fixtures.readKey('ec_p256_private.pem')),
dsaEncoding: 'ieee-p1363',
};
const sign = util.promisify(crypto.sign);
const verify = util.promisify(crypto.verify);
const data = Buffer.from('hello world');
Promise.all([
sign('sha256', data, privateKey),
sign('sha256', data, privateKey),
sign('sha256', data, privateKey),
]).then(([signature]) => {
return Promise.all([
verify('sha256', data, publicKey, signature),
verify('sha256', data, publicKey, signature),
verify('sha256', data, publicKey, signature),
]).then(common.mustCall());
})
.catch(common.mustNotCall());
}