-
Notifications
You must be signed in to change notification settings - Fork 29.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
crypto: disable crypto.createCipher in FIPS mode
FIPS 140-2 disallows use of MD5, which is used to derive the initialization vector and key for createCipher(). Modify all tests to expect exceptions in FIPS mode when disallowed API is used, or to avoid testing such API in FIPS Mode. PR-URL: #3754 Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> Reviewed-By: James M Snell <jasnell@gmail.com>
- Loading branch information
Showing
7 changed files
with
116 additions
and
88 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
'use strict'; | ||
var common = require('../common'); | ||
var assert = require('assert'); | ||
|
||
if (!common.hasCrypto) { | ||
console.log('1..0 # Skipped: missing crypto'); | ||
return; | ||
} | ||
var crypto = require('crypto'); | ||
|
||
function testCipher1(key, iv) { | ||
// Test encyrption and decryption with explicit key and iv | ||
var plaintext = | ||
'32|RmVZZkFUVmpRRkp0TmJaUm56ZU9qcnJkaXNNWVNpTTU*|iXmckfRWZBGWWELw' + | ||
'eCBsThSsfUHLeRe0KCsK8ooHgxie0zOINpXxfZi/oNG7uq9JWFVCk70gfzQH8ZUJ' + | ||
'jAfaFg**'; | ||
var cipher = crypto.createCipheriv('des-ede3-cbc', key, iv); | ||
var ciph = cipher.update(plaintext, 'utf8', 'hex'); | ||
ciph += cipher.final('hex'); | ||
|
||
var decipher = crypto.createDecipheriv('des-ede3-cbc', key, iv); | ||
var txt = decipher.update(ciph, 'hex', 'utf8'); | ||
txt += decipher.final('utf8'); | ||
|
||
assert.equal(txt, plaintext, 'encryption and decryption with key and iv'); | ||
|
||
// streaming cipher interface | ||
// NB: In real life, it's not guaranteed that you can get all of it | ||
// in a single read() like this. But in this case, we know it's | ||
// quite small, so there's no harm. | ||
var cStream = crypto.createCipheriv('des-ede3-cbc', key, iv); | ||
cStream.end(plaintext); | ||
ciph = cStream.read(); | ||
|
||
var dStream = crypto.createDecipheriv('des-ede3-cbc', key, iv); | ||
dStream.end(ciph); | ||
txt = dStream.read().toString('utf8'); | ||
|
||
assert.equal(txt, plaintext, 'streaming cipher iv'); | ||
} | ||
|
||
|
||
function testCipher2(key, iv) { | ||
// Test encyrption and decryption with explicit key and iv | ||
var plaintext = | ||
'32|RmVZZkFUVmpRRkp0TmJaUm56ZU9qcnJkaXNNWVNpTTU*|iXmckfRWZBGWWELw' + | ||
'eCBsThSsfUHLeRe0KCsK8ooHgxie0zOINpXxfZi/oNG7uq9JWFVCk70gfzQH8ZUJ' + | ||
'jAfaFg**'; | ||
var cipher = crypto.createCipheriv('des-ede3-cbc', key, iv); | ||
var ciph = cipher.update(plaintext, 'utf8', 'buffer'); | ||
ciph = Buffer.concat([ciph, cipher.final('buffer')]); | ||
|
||
var decipher = crypto.createDecipheriv('des-ede3-cbc', key, iv); | ||
var txt = decipher.update(ciph, 'buffer', 'utf8'); | ||
txt += decipher.final('utf8'); | ||
|
||
assert.equal(txt, plaintext, 'encryption and decryption with key and iv'); | ||
} | ||
|
||
testCipher1('0123456789abcd0123456789', '12345678'); | ||
testCipher1('0123456789abcd0123456789', new Buffer('12345678')); | ||
testCipher1(new Buffer('0123456789abcd0123456789'), '12345678'); | ||
testCipher1(new Buffer('0123456789abcd0123456789'), new Buffer('12345678')); | ||
|
||
testCipher2(new Buffer('0123456789abcd0123456789'), new Buffer('12345678')); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters