diff options
| author | Stefan Budeanu <stefan@budeanu.com> | 2015-11-09 00:00:56 -0500 |
|---|---|---|
| committer | James M Snell <jasnell@gmail.com> | 2015-11-20 09:35:58 -0800 |
| commit | 56a2b9a24680841c5abe5660764fde06e01bdddc (patch) | |
| tree | b36ac697df526b8c12ed8e3719a2b4d5ff9cc479 /test/parallel/test-crypto-authenticated.js | |
| parent | 6de82c69a00a1515dbf4019c4f27bb1f82c508e0 (diff) | |
| download | node-new-56a2b9a24680841c5abe5660764fde06e01bdddc.tar.gz | |
crypto: disable crypto.createCipher in FIPS mode
FIPS 140-2 disallows use of MD5, which is used to derive the
initialization vector and key for createCipher(). Modify
all tests to expect exceptions in FIPS mode when disallowed
API is used, or to avoid testing such API in FIPS Mode.
PR-URL: https://github.com/nodejs/node/pull/3754
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'test/parallel/test-crypto-authenticated.js')
| -rw-r--r-- | test/parallel/test-crypto-authenticated.js | 52 |
1 files changed, 32 insertions, 20 deletions
diff --git a/test/parallel/test-crypto-authenticated.js b/test/parallel/test-crypto-authenticated.js index 2cc3627833..fa9a78c26e 100644 --- a/test/parallel/test-crypto-authenticated.js +++ b/test/parallel/test-crypto-authenticated.js @@ -93,32 +93,44 @@ for (var i in TEST_CASES) { (function() { if (!test.password) return; - var encrypt = crypto.createCipher(test.algo, test.password); - if (test.aad) - encrypt.setAAD(new Buffer(test.aad, 'hex')); - var hex = encrypt.update(test.plain, 'ascii', 'hex'); - hex += encrypt.final('hex'); - var auth_tag = encrypt.getAuthTag(); - // only test basic encryption run if output is marked as tampered. - if (!test.tampered) { - assert.equal(hex.toUpperCase(), test.ct); - assert.equal(auth_tag.toString('hex').toUpperCase(), test.tag); + if (common.hasFipsCrypto) { + assert.throws(function() + { crypto.createCipher(test.algo, test.password); }, + /not supported in FIPS mode/); + } else { + var encrypt = crypto.createCipher(test.algo, test.password); + if (test.aad) + encrypt.setAAD(new Buffer(test.aad, 'hex')); + var hex = encrypt.update(test.plain, 'ascii', 'hex'); + hex += encrypt.final('hex'); + var auth_tag = encrypt.getAuthTag(); + // only test basic encryption run if output is marked as tampered. + if (!test.tampered) { + assert.equal(hex.toUpperCase(), test.ct); + assert.equal(auth_tag.toString('hex').toUpperCase(), test.tag); + } } })(); (function() { if (!test.password) return; - var decrypt = crypto.createDecipher(test.algo, test.password); - decrypt.setAuthTag(new Buffer(test.tag, 'hex')); - if (test.aad) - decrypt.setAAD(new Buffer(test.aad, 'hex')); - var msg = decrypt.update(test.ct, 'hex', 'ascii'); - if (!test.tampered) { - msg += decrypt.final('ascii'); - assert.equal(msg, test.plain); + if (common.hasFipsCrypto) { + assert.throws(function() + { crypto.createDecipher(test.algo, test.password); }, + /not supported in FIPS mode/); } else { - // assert that final throws if input data could not be verified! - assert.throws(function() { decrypt.final('ascii'); }, / auth/); + var decrypt = crypto.createDecipher(test.algo, test.password); + decrypt.setAuthTag(new Buffer(test.tag, 'hex')); + if (test.aad) + decrypt.setAAD(new Buffer(test.aad, 'hex')); + var msg = decrypt.update(test.ct, 'hex', 'ascii'); + if (!test.tampered) { + msg += decrypt.final('ascii'); + assert.equal(msg, test.plain); + } else { + // assert that final throws if input data could not be verified! + assert.throws(function() { decrypt.final('ascii'); }, / auth/); + } } })(); |