mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

chore: shrink RSA-PSS BoringSSL patch (#20713)

Browse source
This commit is contained in:
Shelley Vohr 2019-10-24 13:32:43 -07:00 committed by GitHub
parent e196a397ad
commit 0e0d4fe990
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 58 additions and 913 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
patches/boringssl/.patches
View file

@ -1,2 +1,3 @@
expose_ripemd160.patch
expose_aes-cfb.patch
fix_add_RSA-PSS_keygen_functions.patch

57
patches/boringssl/fix_add_RSA-PSS_keygen_functions.patch Normal file
View file

@ -0,0 +1,57 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Shelley Vohr <shelley.vohr@gmail.com>
Date: Wed, 23 Oct 2019 12:54:32 -0700
Subject: fix: add RSA-PSS keygen functions
This adds support for missing RSA_PSS key generation functions.
Refs https://github.com/nodejs/node/pull/26960.
Upstreamed at https://boringssl-review.googlesource.com/c/boringssl/+/38524.
diff --git a/crypto/evp/p_rsa.c b/crypto/evp/p_rsa.c
index 865b36af9b830302fb1068c4965133213c1507dc..71b342f13db5f446aa15f070b6e4aef9b8c25939 100644
--- a/crypto/evp/p_rsa.c
+++ b/crypto/evp/p_rsa.c
@@ -569,6 +569,19 @@ int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *out_padding) {
0, out_padding);
}
+int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) {
+ return 0;
+}
+
+int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *ctx, int salt_len) {
+ return 0;
+}
+
+int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *ctx,
+ const EVP_MD *md) {
+ return 0;
+}
+
int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int salt_len) {
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA,
(EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY),
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index ad9c05e052756715e3fe67bf9517863ede027d5b..d1729cfc8beefd2cb20abf05043fed43e566a312 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -723,6 +723,18 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int padding);
OPENSSL_EXPORT int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx,
int *out_padding);
+// EVP_PKEY_CTX_set_rsa_pss_keygen_md() always returns 0.
+OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *ctx,
+ const EVP_MD *md);
+
+// EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen() always returns 0.
+OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *ctx,
+ int salt_len);
+
+// EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md() always returns 0.
+OPENSSL_EXPORT int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *ctx,
+ const EVP_MD *md);
+
// EVP_PKEY_CTX_set_rsa_pss_saltlen sets the length of the salt in a PSS-padded
// signature. A value of -1 cause the salt to be the same length as the digest
// in the signature. A value of -2 causes the salt to be the maximum length

1
patches/node/.patches
View file

@ -27,7 +27,6 @@ refactor_allow_embedder_overriding_of_internal_fs_calls.patch
chore_prevent_warn_non_context-aware_native_modules_being_loaded.patch
chore_allow_the_node_entrypoint_to_be_a_builtin_module.patch
inherit_electron_crashpad_pipe_name_in_child_process.patch
fixme_revert_crypto_add_support_for_rsa-pss_keys.patch
fix_extern_the_nativemoduleenv_and_options_parser_for_debug_builds.patch
chore_read_nobrowserglobals_from_global_not_process.patch
chore_split_createenvironment_into_createenvironment_and.patch

912
patches/node/fixme_revert_crypto_add_support_for_rsa-pss_keys.patch
View file

@ -1,912 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Samuel Attard <sattard@slack-corp.com>
Date: Fri, 28 Jun 2019 16:52:24 -0700
Subject: fixme: Revert "crypto: add support for RSA-PSS keys"
This reverts commit 969bd1eb7b56fda3573ad3d41745a491f2b06dde.
diff --git a/lib/internal/crypto/keygen.js b/lib/internal/crypto/keygen.js
index 0a4bde77fa369b788bd7e2976441358254b13955..37835db411f7577d39e5e2af10590b6fa1b13489 100644
--- a/lib/internal/crypto/keygen.js
+++ b/lib/internal/crypto/keygen.js
@@ -5,7 +5,6 @@ const { Object } = primordials;
const { AsyncWrap, Providers } = internalBinding('async_wrap');
const {
generateKeyPairRSA,
- generateKeyPairRSAPSS,
generateKeyPairDSA,
generateKeyPairEC,
generateKeyPairNid,
@@ -143,7 +142,6 @@ function check(type, options, callback) {
let impl;
switch (type) {
case 'rsa':
- case 'rsa-pss':
{
const { modulusLength } = needOptions();
if (!isUint32(modulusLength))
@@ -156,27 +154,10 @@ function check(type, options, callback) {
throw new ERR_INVALID_OPT_VALUE('publicExponent', publicExponent);
}
- if (type === 'rsa') {
- impl = (wrap) => generateKeyPairRSA(modulusLength, publicExponent,
- publicFormat, publicType,
- privateFormat, privateType,
- cipher, passphrase, wrap);
- break;
- }
-
- const { hash, mgf1Hash, saltLength } = options;
- if (hash !== undefined && typeof hash !== 'string')
- throw new ERR_INVALID_OPT_VALUE('hash', hash);
- if (mgf1Hash !== undefined && typeof mgf1Hash !== 'string')
- throw new ERR_INVALID_OPT_VALUE('mgf1Hash', mgf1Hash);
- if (saltLength !== undefined && !isUint32(saltLength))
- throw new ERR_INVALID_OPT_VALUE('saltLength', saltLength);
-
- impl = (wrap) => generateKeyPairRSAPSS(modulusLength, publicExponent,
- hash, mgf1Hash, saltLength,
- publicFormat, publicType,
- privateFormat, privateType,
- cipher, passphrase, wrap);
+ impl = (wrap) => generateKeyPairRSA(modulusLength, publicExponent,
+ publicFormat, publicType,
+ privateFormat, privateType,
+ cipher, passphrase, wrap);
}
break;
case 'dsa':
@@ -245,7 +226,8 @@ function check(type, options, callback) {
break;
default:
throw new ERR_INVALID_ARG_VALUE('type', type,
- 'must be a supported key type');
+ "must be one of 'rsa', 'dsa', 'ec', " +
+ "'ed25519', 'ed448', 'x25519', 'x448'");
}
if (options) {
diff --git a/lib/internal/crypto/sig.js b/lib/internal/crypto/sig.js
index b6a3376e735094f970ef61a52ef9bb6d6101647a..bb70c2305fd44cfea46a8df5e65d1af5a86d40db 100644
--- a/lib/internal/crypto/sig.js
+++ b/lib/internal/crypto/sig.js
@@ -14,6 +14,10 @@ const {
signOneShot: _signOneShot,
verifyOneShot: _verifyOneShot
} = internalBinding('crypto');
+const {
+ RSA_PSS_SALTLEN_AUTO,
+ RSA_PKCS1_PADDING
+} = internalBinding('constants').crypto;
const {
getDefaultEncoding,
kHandle,
@@ -54,14 +58,14 @@ Sign.prototype.update = function update(data, encoding) {
};
function getPadding(options) {
- return getIntOption('padding', options);
+ return getIntOption('padding', RSA_PKCS1_PADDING, options);
}
function getSaltLength(options) {
- return getIntOption('saltLength', options);
+ return getIntOption('saltLength', RSA_PSS_SALTLEN_AUTO, options);
}
-function getIntOption(name, options) {
+function getIntOption(name, defaultValue, options) {
const value = options[name];
if (value !== undefined) {
if (value === value >> 0) {
@@ -70,7 +74,7 @@ function getIntOption(name, options) {
throw new ERR_INVALID_OPT_VALUE(name, value);
}
}
- return undefined;
+ return defaultValue;
}
Sign.prototype.sign = function sign(options, encoding) {
diff --git a/src/env.h b/src/env.h
index ecb845803776f5ff6e7eec712ec7a5ebea2e8d0a..1516d77be8514ce55d8d21b78a7cd85ead2cb95f 100644
--- a/src/env.h
+++ b/src/env.h
@@ -173,7 +173,6 @@ constexpr size_t kFsStatsBufferLength = kFsStatsFieldsNumber * 2;
V(crypto_x25519_string, "x25519") \
V(crypto_x448_string, "x448") \
V(crypto_rsa_string, "rsa") \
- V(crypto_rsa_pss_string, "rsa-pss") \
V(cwd_string, "cwd") \
V(data_string, "data") \
V(dest_string, "dest") \
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 1cc2372fe2e385e9a9db27e38f0da61d62de2e81..cd09cdb3f2244825f6631891b94e61eeb6bc60bf 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -3727,8 +3727,6 @@ Local<Value> KeyObject::GetAsymmetricKeyType() const {
switch (EVP_PKEY_id(this->asymmetric_key_.get())) {
case EVP_PKEY_RSA:
return env()->crypto_rsa_string();
- case EVP_PKEY_RSA_PSS:
- return env()->crypto_rsa_pss_string();
case EVP_PKEY_DSA:
return env()->crypto_dsa_string();
case EVP_PKEY_EC:
@@ -4775,14 +4773,13 @@ void SignBase::CheckThrow(SignBase::Error error) {
static bool ApplyRSAOptions(const ManagedEVPPKey& pkey,
EVP_PKEY_CTX* pkctx,
int padding,
- const Maybe<int>& salt_len) {
+ int salt_len) {
if (EVP_PKEY_id(pkey.get()) == EVP_PKEY_RSA ||
- EVP_PKEY_id(pkey.get()) == EVP_PKEY_RSA2 ||
- EVP_PKEY_id(pkey.get()) == EVP_PKEY_RSA_PSS) {
+ EVP_PKEY_id(pkey.get()) == EVP_PKEY_RSA2) {
if (EVP_PKEY_CTX_set_rsa_padding(pkctx, padding) <= 0)
return false;
- if (padding == RSA_PKCS1_PSS_PADDING && salt_len.IsJust()) {
- if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, salt_len.FromJust()) <= 0)
+ if (padding == RSA_PKCS1_PSS_PADDING) {
+ if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, salt_len) <= 0)
return false;
}
}
@@ -4833,16 +4830,11 @@ void Sign::SignUpdate(const FunctionCallbackInfo<Value>& args) {
sign->CheckThrow(err);
}
-static int GetDefaultSignPadding(const ManagedEVPPKey& key) {
- return EVP_PKEY_id(key.get()) == EVP_PKEY_RSA_PSS ? RSA_PKCS1_PSS_PADDING :
- RSA_PKCS1_PADDING;
-}
-
static AllocatedBuffer Node_SignFinal(Environment* env,
EVPMDPointer&& mdctx,
const ManagedEVPPKey& pkey,
int padding,
- Maybe<int> pss_salt_len) {
+ int pss_salt_len) {
unsigned char m[EVP_MAX_MD_SIZE];
unsigned int m_len;
@@ -4875,7 +4867,7 @@ static AllocatedBuffer Node_SignFinal(Environment* env,
Sign::SignResult Sign::SignFinal(
const ManagedEVPPKey& pkey,
int padding,
- const Maybe<int>& salt_len) {
+ int salt_len) {
if (!mdctx_)
return SignResult(kSignNotInitialised);
@@ -4926,17 +4918,11 @@ void Sign::SignFinal(const FunctionCallbackInfo<Value>& args) {
if (!key)
return;
- int padding = GetDefaultSignPadding(key);
- if (!args[offset]->IsUndefined()) {
- CHECK(args[offset]->IsInt32());
- padding = args[offset].As<Int32>()->Value();
- }
+ CHECK(args[offset]->IsInt32());
+ int padding = args[offset].As<Int32>()->Value();
- Maybe<int> salt_len = Nothing<int>();
- if (!args[offset + 1]->IsUndefined()) {
- CHECK(args[offset + 1]->IsInt32());
- salt_len = Just<int>(args[offset + 1].As<Int32>()->Value());
- }
+ CHECK(args[offset + 1]->IsInt32());
+ int salt_len = args[offset + 1].As<Int32>()->Value();
SignResult ret = sign->SignFinal(
key,
@@ -4997,17 +4983,11 @@ void SignOneShot(const FunctionCallbackInfo<Value>& args) {
return CheckThrow(env, SignBase::Error::kSignUnknownDigest);
}
- int rsa_padding = GetDefaultSignPadding(key);
- if (!args[offset + 2]->IsUndefined()) {
- CHECK(args[offset + 2]->IsInt32());
- rsa_padding = args[offset + 2].As<Int32>()->Value();
- }
+ CHECK(args[offset + 2]->IsInt32());
+ int rsa_padding = args[offset + 2].As<Int32>()->Value();
- Maybe<int> rsa_salt_len = Nothing<int>();
- if (!args[offset + 3]->IsUndefined()) {
- CHECK(args[offset + 3]->IsInt32());
- rsa_salt_len = Just<int>(args[offset + 3].As<Int32>()->Value());
- }
+ CHECK(args[offset + 3]->IsInt32());
+ int rsa_salt_len = args[offset + 3].As<Int32>()->Value();
EVP_PKEY_CTX* pkctx = nullptr;
EVPMDPointer mdctx(EVP_MD_CTX_new());
@@ -5085,7 +5065,7 @@ SignBase::Error Verify::VerifyFinal(const ManagedEVPPKey& pkey,
const char* sig,
int siglen,
int padding,
- const Maybe<int>& saltlen,
+ int saltlen,
bool* verify_result) {
if (!mdctx_)
return kSignNotInitialised;
@@ -5129,17 +5109,11 @@ void Verify::VerifyFinal(const FunctionCallbackInfo<Value>& args) {
ArrayBufferViewContents<char> hbuf(args[offset]);
- int padding = GetDefaultSignPadding(pkey);
- if (!args[offset + 1]->IsUndefined()) {
- CHECK(args[offset + 1]->IsInt32());
- padding = args[offset + 1].As<Int32>()->Value();
- }
+ CHECK(args[offset + 1]->IsInt32());
+ int padding = args[offset + 1].As<Int32>()->Value();
- Maybe<int> salt_len = Nothing<int>();
- if (!args[offset + 2]->IsUndefined()) {
- CHECK(args[offset + 2]->IsInt32());
- salt_len = Just<int>(args[offset + 2].As<Int32>()->Value());
- }
+ CHECK(args[offset + 2]->IsInt32());
+ int salt_len = args[offset + 2].As<Int32>()->Value();
bool verify_result;
Error err = verify->VerifyFinal(pkey, hbuf.data(), hbuf.length(), padding,
@@ -5172,17 +5146,11 @@ void VerifyOneShot(const FunctionCallbackInfo<Value>& args) {
return CheckThrow(env, SignBase::Error::kSignUnknownDigest);
}
- int rsa_padding = GetDefaultSignPadding(key);
- if (!args[offset + 3]->IsUndefined()) {
- CHECK(args[offset + 3]->IsInt32());
- rsa_padding = args[offset + 3].As<Int32>()->Value();
- }
+ CHECK(args[offset + 3]->IsInt32());
+ int rsa_padding = args[offset + 3].As<Int32>()->Value();
- Maybe<int> rsa_salt_len = Nothing<int>();
- if (!args[offset + 4]->IsUndefined()) {
- CHECK(args[offset + 4]->IsInt32());
- rsa_salt_len = Just<int>(args[offset + 4].As<Int32>()->Value());
- }
+ CHECK(args[offset + 4]->IsInt32());
+ int rsa_salt_len = args[offset + 4].As<Int32>()->Value();
EVP_PKEY_CTX* pkctx = nullptr;
EVPMDPointer mdctx(EVP_MD_CTX_new());
@@ -6181,48 +6149,6 @@ class RSAKeyPairGenerationConfig : public KeyPairGenerationConfig {
const unsigned int exponent_;
};
-class RSAPSSKeyPairGenerationConfig : public RSAKeyPairGenerationConfig {
- public:
- RSAPSSKeyPairGenerationConfig(unsigned int modulus_bits,
- unsigned int exponent,
- const EVP_MD* md,
- const EVP_MD* mgf1_md,
- int saltlen)
- : RSAKeyPairGenerationConfig(modulus_bits, exponent),
- md_(md), mgf1_md_(mgf1_md), saltlen_(saltlen) {}
-
- EVPKeyCtxPointer Setup() override {
- return EVPKeyCtxPointer(EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, nullptr));
- }
-
- bool Configure(const EVPKeyCtxPointer& ctx) override {
- if (!RSAKeyPairGenerationConfig::Configure(ctx))
- return false;
-
- if (md_ != nullptr) {
- if (EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx.get(), md_) <= 0)
- return false;
- }
-
- if (mgf1_md_ != nullptr) {
- if (EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx.get(), mgf1_md_) <= 0)
- return false;
- }
-
- if (saltlen_ >= 0) {
- if (EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx.get(), saltlen_) <= 0)
- return false;
- }
-
- return true;
- }
-
- private:
- const EVP_MD* md_;
- const EVP_MD* mgf1_md_;
- const int saltlen_;
-};
-
class DSAKeyPairGenerationConfig : public KeyPairGenerationConfig {
public:
DSAKeyPairGenerationConfig(unsigned int modulus_bits, int divisor_bits)
@@ -6456,44 +6382,6 @@ void GenerateKeyPairRSA(const FunctionCallbackInfo<Value>& args) {
GenerateKeyPair(args, 2, std::move(config));
}
-void GenerateKeyPairRSAPSS(const FunctionCallbackInfo<Value>& args) {
- Environment* env = Environment::GetCurrent(args);
-
- CHECK(args[0]->IsUint32());
- const uint32_t modulus_bits = args[0].As<Uint32>()->Value();
- CHECK(args[1]->IsUint32());
- const uint32_t exponent = args[1].As<Uint32>()->Value();
-
- const EVP_MD* md = nullptr;
- if (!args[2]->IsUndefined()) {
- CHECK(args[2]->IsString());
- String::Utf8Value md_name(env->isolate(), args[2].As<String>());
- md = EVP_get_digestbyname(*md_name);
- if (md == nullptr)
- return env->ThrowTypeError("Digest method not supported");
- }
-
- const EVP_MD* mgf1_md = nullptr;
- if (!args[3]->IsUndefined()) {
- CHECK(args[3]->IsString());
- String::Utf8Value mgf1_md_name(env->isolate(), args[3].As<String>());
- mgf1_md = EVP_get_digestbyname(*mgf1_md_name);
- if (mgf1_md == nullptr)
- return env->ThrowTypeError("Digest method not supported");
- }
-
- int saltlen = -1;
- if (!args[4]->IsUndefined()) {
- CHECK(args[4]->IsInt32());
- saltlen = args[4].As<Int32>()->Value();
- }
-
- std::unique_ptr<KeyPairGenerationConfig> config(
- new RSAPSSKeyPairGenerationConfig(modulus_bits, exponent,
- md, mgf1_md, saltlen));
- GenerateKeyPair(args, 5, std::move(config));
-}
-
void GenerateKeyPairDSA(const FunctionCallbackInfo<Value>& args) {
CHECK(args[0]->IsUint32());
const uint32_t modulus_bits = args[0].As<Uint32>()->Value();
@@ -6945,7 +6833,6 @@ void Initialize(Local<Object> target,
env->SetMethod(target, "pbkdf2", PBKDF2);
env->SetMethod(target, "generateKeyPairRSA", GenerateKeyPairRSA);
- env->SetMethod(target, "generateKeyPairRSAPSS", GenerateKeyPairRSAPSS);
env->SetMethod(target, "generateKeyPairDSA", GenerateKeyPairDSA);
env->SetMethod(target, "generateKeyPairEC", GenerateKeyPairEC);
env->SetMethod(target, "generateKeyPairNid", GenerateKeyPairNid);
diff --git a/src/node_crypto.h b/src/node_crypto.h
index 07ca412e8f7fc6281553ca90a4c3c8c18726c526..04a06affce1de8c567034d084c43b1a016076353 100644
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@@ -660,7 +660,7 @@ class Sign : public SignBase {
SignResult SignFinal(
const ManagedEVPPKey& pkey,
int padding,
- const v8::Maybe<int>& saltlen);
+ int saltlen);
protected:
static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
@@ -681,7 +681,7 @@ class Verify : public SignBase {
const char* sig,
int siglen,
int padding,
- const v8::Maybe<int>& saltlen,
+ int saltlen,
bool* verify_result);
protected:
diff --git a/test/fixtures/keys/Makefile b/test/fixtures/keys/Makefile
index 824704c7241b0ae58f5b4f2768b429f465aafb9b..28afa6685955b1ad57901c776c268cd3aef7d508 100644
--- a/test/fixtures/keys/Makefile
+++ b/test/fixtures/keys/Makefile
@@ -61,12 +61,6 @@ all: \
rsa_public_1024.pem \
rsa_public_2048.pem \
rsa_public_4096.pem \
- rsa_pss_private_2048.pem \
- rsa_pss_private_2048_sha256_sha256_16.pem \
- rsa_pss_private_2048_sha512_sha256_20.pem \
- rsa_pss_public_2048.pem \
- rsa_pss_public_2048_sha256_sha256_16.pem \
- rsa_pss_public_2048_sha512_sha256_20.pem \
ed25519_private.pem \
ed25519_public.pem \
x25519_private.pem \
@@ -691,24 +685,6 @@ rsa_public_2048.pem: rsa_private_2048.pem
rsa_public_4096.pem: rsa_private_4096.pem
openssl rsa -in rsa_private_4096.pem -pubout -out rsa_public_4096.pem
-rsa_pss_private_2048.pem:
- openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out rsa_pss_private_2048.pem
-
-rsa_pss_private_2048_sha256_sha256_16.pem:
- openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:16 -out rsa_pss_private_2048_sha256_sha256_16.pem
-
-rsa_pss_private_2048_sha512_sha256_20.pem:
- openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha512 -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:20 -out rsa_pss_private_2048_sha512_sha256_20.pem
-
-rsa_pss_public_2048.pem: rsa_pss_private_2048.pem
- openssl pkey -in rsa_pss_private_2048.pem -pubout -out rsa_pss_public_2048.pem
-
-rsa_pss_public_2048_sha256_sha256_16.pem: rsa_pss_private_2048_sha256_sha256_16.pem
- openssl pkey -in rsa_pss_private_2048_sha256_sha256_16.pem -pubout -out rsa_pss_public_2048_sha256_sha256_16.pem
-
-rsa_pss_public_2048_sha512_sha256_20.pem: rsa_pss_private_2048_sha512_sha256_20.pem
- openssl pkey -in rsa_pss_private_2048_sha512_sha256_20.pem -pubout -out rsa_pss_public_2048_sha512_sha256_20.pem
-
ed25519_private.pem:
openssl genpkey -algorithm ED25519 -out ed25519_private.pem
diff --git a/test/fixtures/keys/rsa_pss_private_2048.pem b/test/fixtures/keys/rsa_pss_private_2048.pem
deleted file mode 100644
index ffca137a71219fb6a801c7a905f6607672acb168..0000000000000000000000000000000000000000
--- a/test/fixtures/keys/rsa_pss_private_2048.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvAIBADALBgkqhkiG9w0BAQoEggSoMIIEpAIBAAKCAQEAy4OMdS84PlgI5CRL
-bdbud9Ru7vprFr2YNNUmdT7D3YgApiv8CjzKXLiVDnbMET+lwmtag/EcZsxVCKov
-su30pYASBriHOiMVYui9+ZaJoQ9yI6lOjG1RbuUBJXNSjHBJxqBqmcgZOb1mdRr/
-eXzpAMWJ3hfuLojU2+zUSJ3/rvepepcLFG2q9nA0+PJskJ7Pnh3L0ydnv3U3hduM
-n5OVfm/Jx1FPyZpD184tJff+N+MY3s3hIcfuOnL9Pl4RPGeaTC4T1o460NaG6bG7
-c2Whg6NOaVgaFIaiNbrTTNCpVjeTyalsTXYlQQ3hiKjst0Q7pfFEkJDo8qiqLad1
-Msl59wIDAQABAoIBAQC6G8aqs0/f02nuGDLSc6cH9kCsUlz0ItW6GuJcfdVoFSNi
-0v5d7lGwkSveWk0ryOSw8rOHzUqHx3xLvDZ6jpkXcBMMClu/kq3QEb8JK90YaKOc
-cQvf52h83Pc7ZEatH1KYTcKudwp6fvXfSZ0vYEdD6WG2tHOgIollxSIsdjCHs1qi
-7baNHdK9T4DveuEZNcZ+LraZ1haHmFeqIPcy+KvpGuTaLCg5FPhH2jsIkw9apr7i
-iFLi+IJ7S5Bn/8XShmJWk4hPyx0jtIkC5r2iJnHf4x+XYWZfdo7oew3Dg6Pa7T6r
-I164Nnaw0u0LvO4gQdvYaJ/j9A602nHTp7Tsq8chAoGBAOtVHgIqpmdzwR5KjotW
-LuGXDdO9X6Xfge9ca2MlWH1jOj+zqEV7JtrjnZAzzOgP2kgqzpIR71Njs8wkaxTJ
-Tle0Ke6R/ghU9YOQgRByKjqJfQXHZnYFPsMg0diNYLroJ4SG8LO4+2SygTYZ4eKL
-qU0bda3QvQ7FL+rTNQBy01b9AoGBAN1jEQI80JxCT7AMvXE6nObIhbkASHte4yOE
-1CBwcOuBEGcuvMOvQVMzKITgea6+kgsu4ids4dM5PTPapQgpKqIIQ2/eSesaf56g
-73clGGSTPHJP0v+EfKg4+GYJf8o2swT0xDHkgWLgjjdsncB9hATc2j6DvHeau18d
-pgCLz9kDAoGAXl/SGvhTp2UqayVnKMW1I07agrGNLA4II5+iiS4u4InskCNSNhr/
-KATj6TJ82AuTdCGGmdmLapuvPQzVzI42VsGvlzcA8wJvOwW2XIwMF1GPy8N9eZL8
-6m+89+Uqh4oWXvVmjgx+9JEJdFLI3Xs4t+1tMfll+AhoAPoWZUmnK1kCgYAvEBxR
-iXQfg8lE97BeHcO1G/OxfGnsMCPBLT+bFcwrhGhkRv9B6kPM2BdJCB9WEpUhY3oY
-P4FSUdy85UIoFfhGMdOEOJEmNZ/jrPq7LVueJd63vlhwkU2exV2o82QDLNWpvA7p
-PFZ1Gp+hEKoIfaZPElQi7gZmtrIWaksb2pz42QKBgQCct9NP2qJfqeS4206RDnfv
-M238/O2lNhLWdSwY0g+tcN+I1sGs3+4vvrm95cxwAmXZyIM11wjdMcAPNxibodY7
-vufsebPHDBA0j0yuTjGkXefUKd1GdO88i5fppzxB7prDX9//DsWWrFhIMMRNYe0Q
-aeHd/NPuHcjZKcnaVBgukQ==
------END PRIVATE KEY-----
diff --git a/test/fixtures/keys/rsa_pss_private_2048_sha256_sha256_16.pem b/test/fixtures/keys/rsa_pss_private_2048_sha256_sha256_16.pem
deleted file mode 100644
index ea4597015401d52dcfdf23c73ee9403b1a0dbbaf..0000000000000000000000000000000000000000
--- a/test/fixtures/keys/rsa_pss_private_2048_sha256_sha256_16.pem
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIE7wIBADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3
-DQEBCDALBglghkgBZQMEAgGiAwIBEASCBKkwggSlAgEAAoIBAQDfqNM4C+QtD73i
-ILqOkqfV8ha3O19jpX8UujIk1Z72bbbuwEzh0+sBw0dD0N8CgkXnePOEEd6q7HNm
-byCNqRpDK6NDvaCMDWgEaD/PlHkRntvKh81IXSMC5imjRfOcZIE/Gnw7h8tanab0
-n75+ODvLJrmEWUG2q79Im1mWMx7Spod+Np6XEY+7I7nAUUWivr35Yx5DeyxY8rxF
-GpsLtGsi7JNQO4aHyeBpj8tz0Fhv23uPywE2nGmPHfnkXWbrTcHGbzYBgEbeSH9K
-UkRwczqDXNOPhtfaEHEFTm0MoeKCnJe1VOjSywev77dV1KZfpVh3Kh0ZRQIe9YOV
-Jhj4lMx3AgMBAAECggEBAIc+IgK5Bg/NfgeXvNdrjPuM+PlxeHvb3h1dfebSGd5v
-d3elZpgDug6F07kJO2Db/4M5mx7YY2m9swZU2j1u7MeDQqU6rDMkBCruEu/lmtPx
-2Hv+ZD6Gux4MqU7mhKmkCJds34Rr16aCwCsZ0WmnfViZoQKLqnXYIsG31pNBdDjx
-gke0HhX1LkA9yTVwlk8xOaHPqI4KfsFAyoiiHzyttGDexzb1PzmM0pybAPDMhpN/
-wXp2kLjyzmUmPe2Y2yva69WVWo7qS6joKjY75MQ1t20HYgEL69IApvCPu4CANfi9
-j3FAaV/+WrnhKCi6QyUi5PCI/+AJLsjNQmqTXIdBEoECgYEA+XsgFbeZ6+ZzEHa7
-HyFH6kiyBLd0q7w+ZLPsoOmEApDaP3yXSC7eJU7M/tPUPj8VQMMSK2D6fgmUDwhb
-3mEXFZxf67UlPFsFjweYcBihwy4r8QKBwury6dEbHPSUq4mXFJF5XRQdGqRGkr/F
-8OLZ0MwmHLUzczA67PxP/wF8TsECgYEA5YD4RxxJJYfAk1rFbqHRhNB8UeYVL+Wo
-wsRET1JeFg+S5grLGUga+KBB8Jn7Ahaip7MVE0Iud1cgaDi4WBEJsbJ6oJTlHJEg
-Jq7QAaBafwjeSCSnaEsVBVNvriy2WF7uAomLSKmW6uSUOBBFFt4+G+akG56EfOPc
-7YKBfsf5ITcCgYBvjVZzX307tfeNTQmuibsWTxsKcN2CTNG5RZpw+PlGDG8KJDOg
-2xQJqoqPBzjH/H0MUC03qE1ZPf8uGZa6gL9JsnpRctYLfselhMfsl5b9JxAO3AgZ
-l+S2GAH/mH1BlmwvjjyuGehJmVrVE1r2sviiHCaOf5dZ0h8HCGrco1VqAQKBgQCf
-fYkMofOTSUvjG2mpAHuCOQCsSaDfsFIfSBXQqgUIf7ouc8HAyAM2VOh+NAPj56cR
-s7opsAxqkvnKc+BoEy8Rdl8RyWeO+qvFNicHelBph9gxeod8SvFIyjsKZ7gwoYf1
-63AIBxMCGeeHLodU5Q10hkv1hau8vv2BcPhdCstu8QKBgQDgO4Rr36Pa5rjbNbGN
-PsJqALjthTeU0yaU8hdC7Hc7B/T6npEIhw3s1eNq7e0eeDltqz7tDnY8qysazbQZ
-p1cV5TJ8+gtwGmDoADBnU1NXqX4Squfml6OhNEucpTdjux7JdLVmmQFraOT2Eu5f
-9uuNtA+d8uhBEXhskuvEC552ug==
------END PRIVATE KEY-----
diff --git a/test/fixtures/keys/rsa_pss_private_2048_sha512_sha256_20.pem b/test/fixtures/keys/rsa_pss_private_2048_sha512_sha256_20.pem
deleted file mode 100644
index f8e898980ad25fd03dda0401fe4f18a148d7fb9f..0000000000000000000000000000000000000000
--- a/test/fixtures/keys/rsa_pss_private_2048_sha512_sha256_20.pem
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIE5wIBADA4BgkqhkiG9w0BAQowK6ANMAsGCWCGSAFlAwQCA6EaMBgGCSqGSIb3
-DQEBCDALBglghkgBZQMEAgEEggSmMIIEogIBAAKCAQEAvM9NgMCDqy5dqj5Ua2cZ
-cc4zVr+fCF34bZn63OBeYG8RTJKM3j36lO/yamtfDctDhb87b45CS6ipEr8J57I9
-WF55TNngsn6GNpXgwAe0eFXUnKonuqnGEC7x8r3vkAg99PBKhAtFc5oTaaZDAFKM
-zc5dIC/J0Y+kxhqjCPNI0ydQgZmKBrmYjM9cvbOYgRQL10GrWeJ+XHk2E33endaF
-+4dwjgyrzInt/l6OTkiCL8F59J/htk1GPru9BT6w5yOS/vH6q6FD6uizULVznytd
-lHjgnrVaHJmsqVjrYQa9OAZj9GBrTelBWvQ9b6+FBHUFHBp8HSp82lWCZThPrcZ/
-QwIDAQABAoIBADDzUfWic8CKuc/sbviVdzxRKHBCJ9oEeub3d9mR9gXsZcDDcfAg
-g3nfp6q9gZxS6YOga6llaXyyEnuAufGu/UaO38Xz6tR8BxHZ07YViU11ezTOzJQR
-df82HJZBdf2SlXWOYtNPFMd+16+ZYl+QB19INE6m9Rz2r9KIj2I/qM7NPPVhDRF0
-G4O0Yf2vaPhjoIaewn7xtQ6wmX7pAGcd8dmYEIGGkBi8aY3BVwrRK1X4AmD+oSmE
-wXqR6MQIzD4KdypL4UD1Cb4GoFeVRclXvegOG+EKl0iD+mjTodB4yjoJh98NYe3+
-GtpR/2u3Ltq8RqWpIg8ryShQk/MIqGJ5KpkCgYEA80uNEYWlBt6QGNvVIYrhnw+V
-2nLJWedioKV4H1sr9OLF/7WFOUfsaflpVybnmwfNV15lEyHb/m/sCM9jTrNk1t/q
-qhRnvtmy3kntxWBeoA2o0TRg/XZKWjabZsr/4UE/Ztws2opOvl9x05IYeZlU+PbZ
-B1lX2e+vtMOpllvRr28CgYEAxqtfrYv8brp/fAUqGu/MtdHxQdU1+vE+auN17gam
-ZM6ojIeasX4k2z0Rd/+8Dga9wPgO7hjtFZ2NWD5UwfBiw5U2PVZ6bp3iKSBPGHEh
-RsIR+nw8pFIgsQKoYnVK58tEnfQ31GSupKpYybHbaL5SdId+mfXU86SbKX/MefZX
-g20CgYBjn8hAKI2O5ovy4fHALnJ9A5DFRsOUgN8uERPDIz44pLOXJelLr1vreSnd
-ehzUqrk20Xxp/S9sXMA2S1XK4EKmikI5KungiJxp0bP/Yprcxzsdj2k34LxJfJrd
-2Lo2rtUbdYUYaBIeek7N58EF6feVit8L11XV9APq7UQAQdD3GQKBgBmxuGIdpLw9
-apeDo3pwYS1yxZ0aEi0uXkA8wtfSDFslTy89qogiJGomb8fxT0URIiF+849fseoF
-wm4TQasDiAJ7ndQ5BwSfbsya3R/wIbmhB+o5fy5RYOED0vtI6DMqWumC2GWjz+KE
-FY+gbRwS4V8o1vrajHwmYdrwKGXtskvRAoGADe/EdlCj98r6Zle9giF1C0GDIDTx
-8bR2m+Ogh9ZO218GpDMNaQ/WmbYVPDYMbRSOEA7y2gVkd1OeYhJMF6aYffp3aWhN
-t9g0uojLY0jfEpWBLBQdlYOTl7hOnLWRRcOAKTlHVg+OuD/O/GmdQ2Rg2H/hAWlI
-muuTQPuQTCV1aTc=
------END PRIVATE KEY-----
diff --git a/test/fixtures/keys/rsa_pss_public_2048.pem b/test/fixtures/keys/rsa_pss_public_2048.pem
deleted file mode 100644
index ade38f20a44353a88a28cee53fcdb3e13d25f5f7..0000000000000000000000000000000000000000
--- a/test/fixtures/keys/rsa_pss_public_2048.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIIBIDALBgkqhkiG9w0BAQoDggEPADCCAQoCggEBAMuDjHUvOD5YCOQkS23W7nfU
-bu76axa9mDTVJnU+w92IAKYr/Ao8yly4lQ52zBE/pcJrWoPxHGbMVQiqL7Lt9KWA
-Ega4hzojFWLovfmWiaEPciOpToxtUW7lASVzUoxwScagapnIGTm9ZnUa/3l86QDF
-id4X7i6I1Nvs1Eid/673qXqXCxRtqvZwNPjybJCez54dy9MnZ791N4XbjJ+TlX5v
-ycdRT8maQ9fOLSX3/jfjGN7N4SHH7jpy/T5eETxnmkwuE9aOOtDWhumxu3NloYOj
-TmlYGhSGojW600zQqVY3k8mpbE12JUEN4Yio7LdEO6XxRJCQ6PKoqi2ndTLJefcC
-AwEAAQ==
------END PUBLIC KEY-----
diff --git a/test/fixtures/keys/rsa_pss_public_2048_sha256_sha256_16.pem b/test/fixtures/keys/rsa_pss_public_2048_sha256_sha256_16.pem
deleted file mode 100644
index 9f8e15bbe0f8f1805c8cc62239a73d390df41b2a..0000000000000000000000000000000000000000
--- a/test/fixtures/keys/rsa_pss_public_2048_sha256_sha256_16.pem
+++ /dev/null
@@ -1,10 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEB
-CDALBglghkgBZQMEAgGiAwIBEAOCAQ8AMIIBCgKCAQEA36jTOAvkLQ+94iC6jpKn
-1fIWtztfY6V/FLoyJNWe9m227sBM4dPrAcNHQ9DfAoJF53jzhBHequxzZm8gjaka
-QyujQ72gjA1oBGg/z5R5EZ7byofNSF0jAuYpo0XznGSBPxp8O4fLWp2m9J++fjg7
-yya5hFlBtqu/SJtZljMe0qaHfjaelxGPuyO5wFFFor69+WMeQ3ssWPK8RRqbC7Rr
-IuyTUDuGh8ngaY/Lc9BYb9t7j8sBNpxpjx355F1m603Bxm82AYBG3kh/SlJEcHM6
-g1zTj4bX2hBxBU5tDKHigpyXtVTo0ssHr++3VdSmX6VYdyodGUUCHvWDlSYY+JTM
-dwIDAQAB
------END PUBLIC KEY-----
diff --git a/test/fixtures/keys/rsa_pss_public_2048_sha512_sha256_20.pem b/test/fixtures/keys/rsa_pss_public_2048_sha512_sha256_20.pem
deleted file mode 100644
index 9ace7d6d2db7945fbe7ad78a059da0fdc7d9b365..0000000000000000000000000000000000000000
--- a/test/fixtures/keys/rsa_pss_public_2048_sha512_sha256_20.pem
+++ /dev/null
@@ -1,10 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIIBTTA4BgkqhkiG9w0BAQowK6ANMAsGCWCGSAFlAwQCA6EaMBgGCSqGSIb3DQEB
-CDALBglghkgBZQMEAgEDggEPADCCAQoCggEBALzPTYDAg6suXao+VGtnGXHOM1a/
-nwhd+G2Z+tzgXmBvEUySjN49+pTv8mprXw3LQ4W/O2+OQkuoqRK/CeeyPVheeUzZ
-4LJ+hjaV4MAHtHhV1JyqJ7qpxhAu8fK975AIPfTwSoQLRXOaE2mmQwBSjM3OXSAv
-ydGPpMYaowjzSNMnUIGZiga5mIzPXL2zmIEUC9dBq1niflx5NhN93p3WhfuHcI4M
-q8yJ7f5ejk5Igi/BefSf4bZNRj67vQU+sOcjkv7x+quhQ+ros1C1c58rXZR44J61
-WhyZrKlY62EGvTgGY/Rga03pQVr0PW+vhQR1BRwafB0qfNpVgmU4T63Gf0MCAwEA
-AQ==
------END PUBLIC KEY-----
diff --git a/test/fixtures/test_unknown_privkey.pem b/test/fixtures/test_unknown_privkey.pem
new file mode 100644
index 0000000000000000000000000000000000000000..4e8e46f04133422128eea2b88a8f378f8b8f842d
--- /dev/null
+++ b/test/fixtures/test_unknown_privkey.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEugIBADALBgkqhkiG9w0BAQoEggSmMIIEogIBAAKCAQEAwMSNbT9SbSHvXmPt
+j1x2Ipk1tUM06301UD91xGcA0232zrIQcKjsPM7bE6YXN0zRxfLJUqalewCk80Ct
+6V+E5XtMHUFQt1Ne8HW9U930KnfnQEyU8UwRPoWWeZQhs+sa8ZfggtfN7gq4/wiS
+KFNNtSJb24NKoLis31P0nILGC4/JewgE0QaFUoOL+Oc3dMhwWg9/H64sSjhI/SGW
+9Sv3M6WcSn7vQCe8oM2vslf3Xm8rHNqZMlXujs7zhRtcr5alKz9BwMJIoGouQrk9
+9cgupdYsddgNh2bC4TQR9BMKHj8tV5Uf3Pbf4EoZOFffCbyBZxmKtsYsmhh2FDLA
+RzNhKwIDAQABAoIBAHBRlj4ziSmBfmG3Q/ImY8chEkQ9lpYn7GqHr2zyv25yQj6J
+Tj72jj+YH9pBCoH0Rr5aCqgX5Y/X/kSmSS8TsvGrd9wL9KX88/KUB+7YAq7EEoBK
+nvZB5kJRwC2y/DhDIv3mCrDyYVDz+nrPWaoZb8u861zqEQ+4yzGNT5fqMs8Ewm8A
+hxg3GA2R6FC2CymZO884XOxlVac6SNURfA+U+xrcMIXbXpok2Z5eh/kMOeIKwmL0
+QEO0U6DEnZm4rJjywu8fEkKbX00YfaDQaiGzRZfvmzkTPIQemXPWARdIvFtJU8Fx
+OWWeMumJD1KiU9ISW4e76l7F8UOviT6jEg9rxFECgYEA96WCEIB+O4aO7+s56kOv
+vQkEXn959lz7e++S9AV3R19PpBCh50l5v9NSjGQlA4FU4AdBB5EmiX/bLZRHFwHI
+KLDsMFuq9id3OPHYIzFP4YjVHTGRPZToJHwy4ePIdZEaeJHY39EEz8oHsSSJlLdm
+o0417RsFAfApW2VN63c3JFcCgYEAx0Um/ATsT4ELguVQ+XlquLQdS12XS7zjcwWv
+PL8UyooSxcjcbLcJB6DRWXM0NOry7KPUCIF4m3KSjIZypV/v2KVFPCfD3vxZcdB7
+xgccqXJMUx7MSs9AMZXTtv5hG7RS5z+ig7Yi/6nzBm21jKYKbFDbqfq8MSfiR6cT
+KjR+RU0CgYAm/iFnlcPKfZpd/mylDTlLi3Lrqii6+NMEJam+0GmCjGhOzeugLjqE
+ULLLtiz5y1Bg4eOEXH9z4PTSzWkQH1Czz3+w8Y4OqhIknjfI+se4HEJqEVbsGlke
+/YtJdAMpN8qyN0ytmQyn5wilBLrA9surZPIqvjlgn77zTBUjwSamiwKBgAqIVS8s
+83CgWYNpq4YELOfmXUYGhGC0czE5M7H6R5cNBUD/BOeaJRgKIAaiWDgT0xM+9Y4d
+icptm+Fhmd2z3HGPCsHLOEco/3FMm74z0ggCypX6IsIxgiscyDv75hYYyej/LA/a
+KK9qxDWqxtXQUOy4uWOapSfT+9ndst2gOKxhAoGAVFcfedCLxummgTtZE91n59pL
+TWTk4GgYpWyv6XbHjYrFW2y18qmn0hmEpO+440So0NmGGDtNnPYNUKY/MPjHScwC
+FoZMFqqnkmshXz0uDx3gMQK2JDmdF+s3VwZq4Rtb3NJ9v4/WMgWftxaUpAm1/aRC
+IHc67mAAez4i8fg2wTQ=
+-----END PRIVATE KEY-----
diff --git a/test/parallel/test-crypto-key-objects.js b/test/parallel/test-crypto-key-objects.js
index 558f7dc1f4b67331629a92cbdd8b1734fdfc5980..a47083b3ace5bb6c27b71adcf65b3769c63994e7 100644
--- a/test/parallel/test-crypto-key-objects.js
+++ b/test/parallel/test-crypto-key-objects.js
@@ -8,8 +8,6 @@ const assert = require('assert');
const {
createCipheriv,
createDecipheriv,
- createSign,
- createVerify,
createSecretKey,
createPublicKey,
createPrivateKey,
@@ -202,6 +200,13 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
});
}
+{
+ // This should not cause a crash: https://github.com/nodejs/node/pull/26786
+ const pem = fixtures.readSync('test_unknown_privkey.pem', 'ascii');
+ const key = createPrivateKey(pem);
+ assert.strictEqual(key.asymmetricKeyType, undefined);
+}
+
[
{ private: fixtures.readKey('ed25519_private.pem', 'ascii'),
public: fixtures.readKey('ed25519_public.pem', 'ascii'),
@@ -281,146 +286,6 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
assert.strictEqual(privateKey.type, 'private');
assert.strictEqual(privateKey.asymmetricKeyType, 'dsa');
assert.strictEqual(privateKey.symmetricKeySize, undefined);
-
-}
-
-{
- // Test RSA-PSS.
- {
- // This key pair does not restrict the message digest algorithm or salt
- // length.
- const publicPem = fixtures.readKey('rsa_pss_public_2048.pem');
- const privatePem = fixtures.readKey('rsa_pss_private_2048.pem');
-
- const publicKey = createPublicKey(publicPem);
- const privateKey = createPrivateKey(privatePem);
-
- assert.strictEqual(publicKey.type, 'public');
- assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
-
- assert.strictEqual(privateKey.type, 'private');
- assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
-
- for (const key of [privatePem, privateKey]) {
- // Any algorithm should work.
- for (const algo of ['sha1', 'sha256']) {
- // Any salt length should work.
- for (const saltLength of [undefined, 8, 10, 12, 16, 18, 20]) {
- const signature = createSign(algo)
- .update('foo')
- .sign({ key, saltLength });
-
- for (const pkey of [key, publicKey, publicPem]) {
- const okay = createVerify(algo)
- .update('foo')
- .verify({ key: pkey, saltLength }, signature);
-
- assert.ok(okay);
- }
- }
- }
- }
-
- // Exporting the key using PKCS#1 should not work since this would discard
- // any algorithm restrictions.
- common.expectsError(() => {
- publicKey.export({ format: 'pem', type: 'pkcs1' });
- }, {
- code: 'ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS'
- });
- }
-
- {
- // This key pair enforces sha256 as the message digest and the MGF1
- // message digest and a salt length of at least 16 bytes.
- const publicPem =
- fixtures.readKey('rsa_pss_public_2048_sha256_sha256_16.pem');
- const privatePem =
- fixtures.readKey('rsa_pss_private_2048_sha256_sha256_16.pem');
-
- const publicKey = createPublicKey(publicPem);
- const privateKey = createPrivateKey(privatePem);
-
- assert.strictEqual(publicKey.type, 'public');
- assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
-
- assert.strictEqual(privateKey.type, 'private');
- assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
-
- for (const key of [privatePem, privateKey]) {
- // Signing with anything other than sha256 should fail.
- assert.throws(() => {
- createSign('sha1').sign(key);
- }, /digest not allowed/);
-
- // Signing with salt lengths less than 16 bytes should fail.
- for (const saltLength of [8, 10, 12]) {
- assert.throws(() => {
- createSign('sha1').sign({ key, saltLength });
- }, /pss saltlen too small/);
- }
-
- // Signing with sha256 and appropriate salt lengths should work.
- for (const saltLength of [undefined, 16, 18, 20]) {
- const signature = createSign('sha256')
- .update('foo')
- .sign({ key, saltLength });
-
- for (const pkey of [key, publicKey, publicPem]) {
- const okay = createVerify('sha256')
- .update('foo')
- .verify({ key: pkey, saltLength }, signature);
-
- assert.ok(okay);
- }
- }
- }
- }
-
- {
- // This key enforces sha512 as the message digest and sha256 as the MGF1
- // message digest.
- const publicPem =
- fixtures.readKey('rsa_pss_public_2048_sha512_sha256_20.pem');
- const privatePem =
- fixtures.readKey('rsa_pss_private_2048_sha512_sha256_20.pem');
-
- const publicKey = createPublicKey(publicPem);
- const privateKey = createPrivateKey(privatePem);
-
- assert.strictEqual(publicKey.type, 'public');
- assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
-
- assert.strictEqual(privateKey.type, 'private');
- assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
-
- // Node.js usually uses the same hash function for the message and for MGF1.
- // However, when a different MGF1 message digest algorithm has been
- // specified as part of the key, it should automatically switch to that.
- // This behavior is required by sections 3.1 and 3.3 of RFC4055.
- for (const key of [privatePem, privateKey]) {
- // sha256 matches the MGF1 hash function and should be used internally,
- // but it should not be permitted as the main message digest algorithm.
- for (const algo of ['sha1', 'sha256']) {
- assert.throws(() => {
- createSign(algo).sign(key);
- }, /digest not allowed/);
- }
-
- // sha512 should produce a valid signature.
- const signature = createSign('sha512')
- .update('foo')
- .sign(key);
-
- for (const pkey of [key, publicKey, publicPem]) {
- const okay = createVerify('sha512')
- .update('foo')
- .verify(pkey, signature);
-
- assert.ok(okay);
- }
- }
- }
}
{
diff --git a/test/parallel/test-crypto-keygen.js b/test/parallel/test-crypto-keygen.js
index 8c3432e06cb6471b0fa0f042cfb0efdedab603f5..ab86c10ef1ea7e4b582db683b90a375ba6e5d2fc 100644
--- a/test/parallel/test-crypto-keygen.js
+++ b/test/parallel/test-crypto-keygen.js
@@ -6,15 +6,12 @@ if (!common.hasCrypto)
const assert = require('assert');
const {
- constants,
createSign,
createVerify,
generateKeyPair,
generateKeyPairSync,
publicEncrypt,
- privateDecrypt,
- sign,
- verify
+ privateDecrypt
} = require('crypto');
const { promisify } = require('util');
@@ -43,24 +40,13 @@ function testEncryptDecrypt(publicKey, privateKey) {
// Tests that a key pair can be used for signing / verification.
function testSignVerify(publicKey, privateKey) {
- const message = Buffer.from('Hello Node.js world!');
-
- function oldSign(algo, data, key) {
- return createSign(algo).update(data).sign(key);
- }
-
- function oldVerify(algo, data, key, signature) {
- return createVerify(algo).update(data).verify(key, signature);
- }
-
- for (const signFn of [sign, oldSign]) {
- const signature = signFn('SHA256', message, privateKey);
- for (const verifyFn of [verify, oldVerify]) {
- for (const key of [publicKey, privateKey]) {
- const okay = verifyFn('SHA256', message, key, signature);
- assert(okay);
- }
- }
+ const message = 'Hello Node.js world!';
+ const signature = createSign('SHA256').update(message)
+ .sign(privateKey, 'hex');
+ for (const key of [publicKey, privateKey]) {
+ const okay = createVerify('SHA256').update(message)
+ .verify(key, signature, 'hex');
+ assert(okay);
}
}
@@ -265,43 +251,6 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
}));
}
-{
- // Test RSA-PSS.
- generateKeyPair('rsa-pss', {
- modulusLength: 512,
- saltLength: 16,
- hash: 'sha256',
- mgf1Hash: 'sha256'
- }, common.mustCall((err, publicKey, privateKey) => {
- assert.ifError(err);
-
- assert.strictEqual(publicKey.type, 'public');
- assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss');
-
- assert.strictEqual(privateKey.type, 'private');
- assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss');
-
- // Unlike RSA, RSA-PSS does not allow encryption.
- assert.throws(() => {
- testEncryptDecrypt(publicKey, privateKey);
- }, /operation not supported for this keytype/);
-
- // RSA-PSS also does not permit signing with PKCS1 padding.
- assert.throws(() => {
- testSignVerify({
- key: publicKey,
- padding: constants.RSA_PKCS1_PADDING
- }, {
- key: privateKey,
- padding: constants.RSA_PKCS1_PADDING
- });
- }, /illegal or unsupported padding mode/);
-
- // The padding should correctly default to RSA_PKCS1_PSS_PADDING now.
- testSignVerify(publicKey, privateKey);
- }));
-}
-
{
const privateKeyEncoding = {
type: 'pkcs8',
@@ -606,7 +555,9 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
common.expectsError(() => generateKeyPairSync('rsa2', {}), {
type: TypeError,
code: 'ERR_INVALID_ARG_VALUE',
- message: "The argument 'type' must be a supported key type. Received 'rsa2'"
+ message: "The argument 'type' must be one of " +
+ "'rsa', 'dsa', 'ec', 'ed25519', 'ed448'," +
+ " 'x25519', 'x448'. Received 'rsa2'"
});
}