From 79cef2874470d3943963c80e5a0337101130fc35 Mon Sep 17 00:00:00 2001 From: James M Snell Date: Tue, 24 Sep 2024 16:17:11 -0700 Subject: [PATCH 1/2] test: update test-crypto-aes-wrap to use node:test --- test/parallel/test-crypto-aes-wrap.js | 115 ++++++++++++++------------ 1 file changed, 61 insertions(+), 54 deletions(-) diff --git a/test/parallel/test-crypto-aes-wrap.js b/test/parallel/test-crypto-aes-wrap.js index 6fe35258f7d6b2..862cf8eeded9fc 100644 --- a/test/parallel/test-crypto-aes-wrap.js +++ b/test/parallel/test-crypto-aes-wrap.js @@ -1,62 +1,69 @@ 'use strict'; const common = require('../common'); -if (!common.hasCrypto) - common.skip('missing crypto'); +const { describe, it } = require('node:test'); -const assert = require('assert'); -const crypto = require('crypto'); +// Disabling the unnecessary lint rule here. We're testing the common.hasCrypto +// in the skip option of the describe block. +/* eslint-disable node-core/crypto-check */ -const test = [ - { - algorithm: 'aes128-wrap', - key: 'b26f309fbe57e9b3bb6ae5ef31d54450', - iv: '3fd838af4093d749', - text: '12345678123456781234567812345678' - }, - { - algorithm: 'id-aes128-wrap-pad', - key: 'b26f309fbe57e9b3bb6ae5ef31d54450', - iv: '3fd838af', - text: '12345678123456781234567812345678123' - }, - { - algorithm: 'aes192-wrap', - key: '40978085d68091f7dfca0d7dfc7a5ee76d2cc7f2f345a304', - iv: '3fd838af4093d749', - text: '12345678123456781234567812345678' - }, - { - algorithm: 'id-aes192-wrap-pad', - key: '40978085d68091f7dfca0d7dfc7a5ee76d2cc7f2f345a304', - iv: '3fd838af', - text: '12345678123456781234567812345678123' - }, - { - algorithm: 'aes256-wrap', - key: '29c9eab5ed5ad44134a1437fe2e673b4d88a5b7c72e68454fea08721392b7323', - iv: '3fd838af4093d749', - text: '12345678123456781234567812345678' - }, - { - algorithm: 'id-aes256-wrap-pad', - key: '29c9eab5ed5ad44134a1437fe2e673b4d88a5b7c72e68454fea08721392b7323', - iv: '3fd838af', - text: '12345678123456781234567812345678123' - }, -]; +describe('aes wrap', { skip: !common.hasCrypto }, () => { + const crypto = require('crypto'); + const test = [ + { + algorithm: 'aes128-wrap', + key: 'b26f309fbe57e9b3bb6ae5ef31d54450', + iv: '3fd838af4093d749', + text: '12345678123456781234567812345678' + }, + { + algorithm: 'id-aes128-wrap-pad', + key: 'b26f309fbe57e9b3bb6ae5ef31d54450', + iv: '3fd838af', + text: '12345678123456781234567812345678123' + }, + { + algorithm: 'aes192-wrap', + key: '40978085d68091f7dfca0d7dfc7a5ee76d2cc7f2f345a304', + iv: '3fd838af4093d749', + text: '12345678123456781234567812345678' + }, + { + algorithm: 'id-aes192-wrap-pad', + key: '40978085d68091f7dfca0d7dfc7a5ee76d2cc7f2f345a304', + iv: '3fd838af', + text: '12345678123456781234567812345678123' + }, + { + algorithm: 'aes256-wrap', + key: '29c9eab5ed5ad44134a1437fe2e673b4d88a5b7c72e68454fea08721392b7323', + iv: '3fd838af4093d749', + text: '12345678123456781234567812345678' + }, + { + algorithm: 'id-aes256-wrap-pad', + key: '29c9eab5ed5ad44134a1437fe2e673b4d88a5b7c72e68454fea08721392b7323', + iv: '3fd838af', + text: '12345678123456781234567812345678123' + }, + ]; -test.forEach((data) => { - const cipher = crypto.createCipheriv( - data.algorithm, - Buffer.from(data.key, 'hex'), - Buffer.from(data.iv, 'hex')); - const ciphertext = cipher.update(data.text, 'utf8'); + test.forEach((data) => { + it(`${data.algorithm}`, async (t) => { + const cipher = crypto.createCipheriv( + data.algorithm, + Buffer.from(data.key, 'hex'), + Buffer.from(data.iv, 'hex')); + const ciphertext = cipher.update(data.text, 'utf8'); - const decipher = crypto.createDecipheriv( - data.algorithm, - Buffer.from(data.key, 'hex'), - Buffer.from(data.iv, 'hex')); - const msg = decipher.update(ciphertext, 'buffer', 'utf8'); + const decipher = crypto.createDecipheriv( + data.algorithm, + Buffer.from(data.key, 'hex'), + Buffer.from(data.iv, 'hex')); + const msg = decipher.update(ciphertext, 'buffer', 'utf8'); - assert.strictEqual(msg, data.text, `${data.algorithm} test case failed`); + t.assert.strictEqual(msg, data.text); + }); + }); }); + +/* eslint-enable node-core/crypto-check */ From 9d261f7f2e4189d50ca6c9d8d2840df4744d71c5 Mon Sep 17 00:00:00 2001 From: James M Snell Date: Tue, 24 Sep 2024 16:31:54 -0700 Subject: [PATCH 2/2] test: update test-crypto-async-sign-verify to use node:test --- .../parallel/test-crypto-async-sign-verify.js | 294 +++++++++--------- 1 file changed, 155 insertions(+), 139 deletions(-) diff --git a/test/parallel/test-crypto-async-sign-verify.js b/test/parallel/test-crypto-async-sign-verify.js index 4e3c32fdcd23fb..4c7d40710ff199 100644 --- a/test/parallel/test-crypto-async-sign-verify.js +++ b/test/parallel/test-crypto-async-sign-verify.js @@ -1,143 +1,159 @@ 'use strict'; -const common = require('../common'); -if (!common.hasCrypto) - common.skip('missing crypto'); - -const assert = require('assert'); -const util = require('util'); -const crypto = require('crypto'); -const fixtures = require('../common/fixtures'); - -function test( - publicFixture, - privateFixture, - algorithm, - deterministic, - options -) { - let publicPem = fixtures.readKey(publicFixture); - let privatePem = fixtures.readKey(privateFixture); - let privateKey = crypto.createPrivateKey(privatePem); - let publicKey = crypto.createPublicKey(publicPem); - const privateDer = { - key: privateKey.export({ format: 'der', type: 'pkcs8' }), - format: 'der', - type: 'pkcs8', - ...options - }; - const publicDer = { - key: publicKey.export({ format: 'der', type: 'spki' }), - format: 'der', - type: 'spki', - ...options - }; - - if (options) { - publicPem = { ...options, key: publicPem }; - privatePem = { ...options, key: privatePem }; - privateKey = { ...options, key: privateKey }; - publicKey = { ...options, key: publicKey }; - } - - const data = Buffer.from('Hello world'); - const expected = crypto.sign(algorithm, data, privateKey); - - for (const key of [privatePem, privateKey, privateDer]) { - crypto.sign(algorithm, data, key, common.mustSucceed((actual) => { - if (deterministic) { - assert.deepStrictEqual(actual, expected); - } - assert.strictEqual( - crypto.verify(algorithm, data, key, actual), true); - })); +const common = require('../common'); +const { describe, it } = require('node:test'); + +// Disabling the unnecessary lint rule here. We're testing the common.hasCrypto +// in the skip option of the describe block. +/* eslint-disable node-core/crypto-check */ + +describe('async sign/verify...', { skip: !common.hasCrypto }, () => { + const assert = require('assert'); + const util = require('util'); + const crypto = require('crypto'); + const fixtures = require('../common/fixtures'); + + function test( + publicFixture, + privateFixture, + algorithm, + deterministic, + options + ) { + let publicPem = fixtures.readKey(publicFixture); + let privatePem = fixtures.readKey(privateFixture); + let privateKey = crypto.createPrivateKey(privatePem); + let publicKey = crypto.createPublicKey(publicPem); + const privateDer = { + key: privateKey.export({ format: 'der', type: 'pkcs8' }), + format: 'der', + type: 'pkcs8', + ...options + }; + const publicDer = { + key: publicKey.export({ format: 'der', type: 'spki' }), + format: 'der', + type: 'spki', + ...options + }; + + if (options) { + publicPem = { ...options, key: publicPem }; + privatePem = { ...options, key: privatePem }; + privateKey = { ...options, key: privateKey }; + publicKey = { ...options, key: publicKey }; + } + + const data = Buffer.from('Hello world'); + const expected = crypto.sign(algorithm, data, privateKey); + + for (const key of [privatePem, privateKey, privateDer]) { + crypto.sign(algorithm, data, key, common.mustSucceed((actual) => { + if (deterministic) { + assert.deepStrictEqual(actual, expected); + } + + assert.strictEqual( + crypto.verify(algorithm, data, key, actual), true); + })); + } + + const verifyInputs = [ + publicPem, publicKey, publicDer, privatePem, privateKey, privateDer]; + for (const key of verifyInputs) { + crypto.verify(algorithm, data, key, expected, common.mustSucceed( + (verified) => assert.strictEqual(verified, true))); + + crypto.verify(algorithm, data, key, Buffer.from(''), common.mustSucceed( + (verified) => assert.strictEqual(verified, false))); + } } - const verifyInputs = [ - publicPem, publicKey, publicDer, privatePem, privateKey, privateDer]; - for (const key of verifyInputs) { - crypto.verify(algorithm, data, key, expected, common.mustSucceed( - (verified) => assert.strictEqual(verified, true))); - - crypto.verify(algorithm, data, key, Buffer.from(''), common.mustSucceed( - (verified) => assert.strictEqual(verified, false))); - } -} - -// RSA w/ default padding -test('rsa_public.pem', 'rsa_private.pem', 'sha256', true); -test('rsa_public.pem', 'rsa_private.pem', 'sha256', true, - { padding: crypto.constants.RSA_PKCS1_PADDING }); - -// RSA w/ PSS_PADDING and default saltLength -test('rsa_public.pem', 'rsa_private.pem', 'sha256', false, - { padding: crypto.constants.RSA_PKCS1_PSS_PADDING }); -test('rsa_public.pem', 'rsa_private.pem', 'sha256', false, - { - padding: crypto.constants.RSA_PKCS1_PSS_PADDING, - saltLength: crypto.constants.RSA_PSS_SALTLEN_MAX_SIGN - }); - -// RSA w/ PSS_PADDING and PSS_SALTLEN_DIGEST -test('rsa_public.pem', 'rsa_private.pem', 'sha256', false, - { - padding: crypto.constants.RSA_PKCS1_PSS_PADDING, - saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST - }); - -// ED25519 -test('ed25519_public.pem', 'ed25519_private.pem', undefined, true); -// ED448 -test('ed448_public.pem', 'ed448_private.pem', undefined, true); - -// ECDSA w/ der signature encoding -test('ec_secp256k1_public.pem', 'ec_secp256k1_private.pem', 'sha384', - false); -test('ec_secp256k1_public.pem', 'ec_secp256k1_private.pem', 'sha384', - false, { dsaEncoding: 'der' }); - -// ECDSA w/ ieee-p1363 signature encoding -test('ec_secp256k1_public.pem', 'ec_secp256k1_private.pem', 'sha384', false, - { dsaEncoding: 'ieee-p1363' }); - -// DSA w/ der signature encoding -test('dsa_public.pem', 'dsa_private.pem', 'sha256', - false); -test('dsa_public.pem', 'dsa_private.pem', 'sha256', - false, { dsaEncoding: 'der' }); - -// DSA w/ ieee-p1363 signature encoding -test('dsa_public.pem', 'dsa_private.pem', 'sha256', false, - { dsaEncoding: 'ieee-p1363' }); - -// Test Parallel Execution w/ KeyObject is threadsafe in openssl3 -{ - const publicKey = { - key: crypto.createPublicKey( - fixtures.readKey('ec_p256_public.pem')), - dsaEncoding: 'ieee-p1363', - }; - const privateKey = { - key: crypto.createPrivateKey( - fixtures.readKey('ec_p256_private.pem')), - dsaEncoding: 'ieee-p1363', - }; - - const sign = util.promisify(crypto.sign); - const verify = util.promisify(crypto.verify); - - const data = Buffer.from('hello world'); - - Promise.all([ - sign('sha256', data, privateKey), - sign('sha256', data, privateKey), - sign('sha256', data, privateKey), - ]).then(([signature]) => { - return Promise.all([ - verify('sha256', data, publicKey, signature), - verify('sha256', data, publicKey, signature), - verify('sha256', data, publicKey, signature), - ]).then(common.mustCall()); - }) - .catch(common.mustNotCall()); -} + it('handles RSA with default padding', () => { + test('rsa_public.pem', 'rsa_private.pem', 'sha256', true); + test('rsa_public.pem', 'rsa_private.pem', 'sha256', true, + { padding: crypto.constants.RSA_PKCS1_PADDING }); + }); + + it('handles RSA with PSS padding', () => { + test('rsa_public.pem', 'rsa_private.pem', 'sha256', false, + { padding: crypto.constants.RSA_PKCS1_PSS_PADDING }); + test('rsa_public.pem', 'rsa_private.pem', 'sha256', false, + { + padding: crypto.constants.RSA_PKCS1_PSS_PADDING, + saltLength: crypto.constants.RSA_PSS_SALTLEN_MAX_SIGN + }); + }); + + it('handles RSA with PSS_PADDING and PSS_SALTLEN_DIGEST', () => { + test('rsa_public.pem', 'rsa_private.pem', 'sha256', false, + { + padding: crypto.constants.RSA_PKCS1_PSS_PADDING, + saltLength: crypto.constants.RSA_PSS_SALTLEN_DIGEST + }); + }); + + it('handles ED25519', () => { + test('ed25519_public.pem', 'ed25519_private.pem', undefined, true); + }); + + it('handles ED448', () => { + test('ed448_public.pem', 'ed448_private.pem', undefined, true); + }); + + it('handles ECDSA with der signature encoding', () => { + test('ec_secp256k1_public.pem', 'ec_secp256k1_private.pem', 'sha384', + false); + test('ec_secp256k1_public.pem', 'ec_secp256k1_private.pem', 'sha384', + false, { dsaEncoding: 'der' }); + }); + + it('handles ECDSA with ieee-p1363 signature encoding', () => { + test('ec_secp256k1_public.pem', 'ec_secp256k1_private.pem', 'sha384', false, + { dsaEncoding: 'ieee-p1363' }); + }); + + it('handles DSA with der signature encoding', () => { + test('dsa_public.pem', 'dsa_private.pem', 'sha256', false); + test('dsa_public.pem', 'dsa_private.pem', 'sha256', + false, { dsaEncoding: 'der' }); + }); + + it('handles DSA with ieee-p1363 signature encoding', () => { + test('dsa_public.pem', 'dsa_private.pem', 'sha256', false, + { dsaEncoding: 'ieee-p1363' }); + }); + + it('handles concurrency', async () => { + const publicKey = { + key: crypto.createPublicKey( + fixtures.readKey('ec_p256_public.pem')), + dsaEncoding: 'ieee-p1363', + }; + const privateKey = { + key: crypto.createPrivateKey( + fixtures.readKey('ec_p256_private.pem')), + dsaEncoding: 'ieee-p1363', + }; + + const sign = util.promisify(crypto.sign); + const verify = util.promisify(crypto.verify); + + const data = Buffer.from('hello world'); + + await Promise.all([ + sign('sha256', data, privateKey), + sign('sha256', data, privateKey), + sign('sha256', data, privateKey), + ]).then(([signature]) => { + return Promise.all([ + verify('sha256', data, publicKey, signature), + verify('sha256', data, publicKey, signature), + verify('sha256', data, publicKey, signature), + ]).then(common.mustCall()); + }) + .catch(common.mustNotCall()); + }); +}); + +/* eslint-enable node-core/crypto-check */