test: split test-crypto-keygen.js

To avoid timing out on ARM machines in the CI. PR-URL: #49221 Refs: #49202 Refs: #41206 Reviewed-By: Luigi Pinca <[email protected]>

Author: joyeecheung

test/common/crypto.js

@@ -6,6 +6,14 @@ if (!common.hasCrypto)
 
 constassert=require('assert');
 constcrypto=require('crypto');
+const{
+ createSign,
+ createVerify,
+ publicEncrypt,
+ privateDecrypt,
+ sign,
+ verify,
+}=crypto;
 
 // The values below (modp2/modp2buf) are for a 1024 bits long prime from
 // RFC 2412 E.2, see https://tools.ietf.org/html/rfc2412. */
@@ -42,7 +50,83 @@ function testDH({publicKey: alicePublicKey, privateKey: alicePrivateKey },
 assert.deepStrictEqual(buf1,expectedValue);
 }
 
+// Asserts that the size of the given key (in chars or bytes) is within 10% of
+// the expected size.
+functionassertApproximateSize(key,expectedSize){
+constu=typeofkey==='string' ? 'chars' : 'bytes';
+constmin=Math.floor(0.9*expectedSize);
+constmax=Math.ceil(1.1*expectedSize);
+assert(key.length>=min,
+`Key (${key.length}${u}) is shorter than expected (${min}${u})`);
+assert(key.length<=max,
+`Key (${key.length}${u}) is longer than expected (${max}${u})`);
+}
+
+// Tests that a key pair can be used for encryption / decryption.
+functiontestEncryptDecrypt(publicKey,privateKey){
+constmessage='Hello Node.js world!';
+constplaintext=Buffer.from(message,'utf8');
+for(constkeyof[publicKey,privateKey]){
+constciphertext=publicEncrypt(key,plaintext);
+constreceived=privateDecrypt(privateKey,ciphertext);
+assert.strictEqual(received.toString('utf8'),message);
+}
+}
+
+// Tests that a key pair can be used for signing / verification.
+functiontestSignVerify(publicKey,privateKey){
+constmessage=Buffer.from('Hello Node.js world!');
+
+functionoldSign(algo,data,key){
+returncreateSign(algo).update(data).sign(key);
+}
+
+functionoldVerify(algo,data,key,signature){
+returncreateVerify(algo).update(data).verify(key,signature);
+}
+
+for(constsignFnof[sign,oldSign]){
+constsignature=signFn('SHA256',message,privateKey);
+for(constverifyFnof[verify,oldVerify]){
+for(constkeyof[publicKey,privateKey]){
+constokay=verifyFn('SHA256',message,key,signature);
+assert(okay);
+}
+}
+}
+}
+
+// Constructs a regular expression for a PEM-encoded key with the given label.
+functiongetRegExpForPEM(label,cipher){
+consthead=`\\-\\-\\-\\-\\-BEGIN ${label}\\-\\-\\-\\-\\-`;
+constrfc1421Header=cipher==null ? '' :
+`\nProc-Type: 4,ENCRYPTED\nDEK-Info: ${cipher},[^\n]+\n`;
+constbody='([a-zA-Z0-9\\+/=]{64}\n)*[a-zA-Z0-9\\+/=]{1,64}';
+constend=`\\-\\-\\-\\-\\-END ${label}\\-\\-\\-\\-\\-`;
+returnnewRegExp(`^${head}${rfc1421Header}\n${body}\n${end}\n$`);
+}
+
+constpkcs1PubExp=getRegExpForPEM('RSA PUBLIC KEY');
+constpkcs1PrivExp=getRegExpForPEM('RSA PRIVATE KEY');
+constpkcs1EncExp=(cipher)=>getRegExpForPEM('RSA PRIVATE KEY',cipher);
+constspkiExp=getRegExpForPEM('PUBLIC KEY');
+constpkcs8Exp=getRegExpForPEM('PRIVATE KEY');
+constpkcs8EncExp=getRegExpForPEM('ENCRYPTED PRIVATE KEY');
+constsec1Exp=getRegExpForPEM('EC PRIVATE KEY');
+constsec1EncExp=(cipher)=>getRegExpForPEM('EC PRIVATE KEY',cipher);
+
 module.exports={
  modp2buf,
  testDH,
+ assertApproximateSize,
+ testEncryptDecrypt,
+ testSignVerify,
+ pkcs1PubExp,
+ pkcs1PrivExp,
+ pkcs1EncExp,// used once
+ spkiExp,
+ pkcs8Exp,// used once
+ pkcs8EncExp,// used once
+ sec1Exp,
+ sec1EncExp,
 };

test/parallel/test-crypto-keygen-async-dsa-key-object.js

@@ -0,0 +1,32 @@
+'use strict';
+
+constcommon=require('../common');
+if(!common.hasCrypto)
+common.skip('missing crypto');
+
+constassert=require('assert');
+const{
+ generateKeyPair,
+}=require('crypto');
+
+// Test async DSA key object generation.
+{
+generateKeyPair('dsa',{
+modulusLength: common.hasOpenSSL3 ? 2048 : 512,
+divisorLength: 256
+},common.mustSucceed((publicKey,privateKey)=>{
+assert.strictEqual(publicKey.type,'public');
+assert.strictEqual(publicKey.asymmetricKeyType,'dsa');
+assert.deepStrictEqual(publicKey.asymmetricKeyDetails,{
+modulusLength: common.hasOpenSSL3 ? 2048 : 512,
+divisorLength: 256
+});
+
+assert.strictEqual(privateKey.type,'private');
+assert.strictEqual(privateKey.asymmetricKeyType,'dsa');
+assert.deepStrictEqual(privateKey.asymmetricKeyDetails,{
+modulusLength: common.hasOpenSSL3 ? 2048 : 512,
+divisorLength: 256
+});
+}));
+}

test/parallel/test-crypto-keygen-async-dsa.js

@@ -0,0 +1,64 @@
+'use strict';
+
+constcommon=require('../common');
+if(!common.hasCrypto)
+common.skip('missing crypto');
+
+constassert=require('assert');
+const{
+ generateKeyPair,
+}=require('crypto');
+const{
+ assertApproximateSize,
+ testSignVerify,
+ spkiExp,
+}=require('../common/crypto');
+
+// Test async DSA key generation.
+{
+constprivateKeyEncoding={
+type: 'pkcs8',
+format: 'der'
+};
+
+generateKeyPair('dsa',{
+modulusLength: common.hasOpenSSL3 ? 2048 : 512,
+divisorLength: 256,
+publicKeyEncoding: {
+type: 'spki',
+format: 'pem'
+},
+privateKeyEncoding: {
+cipher: 'aes-128-cbc',
+passphrase: 'secret',
+ ...privateKeyEncoding
+}
+},common.mustSucceed((publicKey,privateKeyDER)=>{
+assert.strictEqual(typeofpublicKey,'string');
+assert.match(publicKey,spkiExp);
+// The private key is DER-encoded.
+assert(Buffer.isBuffer(privateKeyDER));
+
+assertApproximateSize(publicKey,common.hasOpenSSL3 ? 1194 : 440);
+assertApproximateSize(privateKeyDER,common.hasOpenSSL3 ? 721 : 336);
+
+// Since the private key is encrypted, signing shouldn't work anymore.
+assert.throws(()=>{
+returntestSignVerify(publicKey,{
+key: privateKeyDER,
+ ...privateKeyEncoding
+});
+},{
+name: 'TypeError',
+code: 'ERR_MISSING_PASSPHRASE',
+message: 'Passphrase required for encrypted key'
+});
+
+// Signing should work with the correct password.
+testSignVerify(publicKey,{
+key: privateKeyDER,
+ ...privateKeyEncoding,
+passphrase: 'secret'
+});
+}));
+}

test/parallel/test-crypto-keygen-async-elliptic-curve-jwk.js

@@ -0,0 +1,100 @@
+'use strict';
+
+constcommon=require('../common');
+if(!common.hasCrypto)
+common.skip('missing crypto');
+
+constassert=require('assert');
+const{
+ generateKeyPair,
+}=require('crypto');
+
+// Test async elliptic curve key generation with 'jwk' encoding
+{
+[
+['ec',['P-384','P-256','P-521','secp256k1']],
+['rsa'],
+['ed25519'],
+['ed448'],
+['x25519'],
+['x448'],
+].forEach((types)=>{
+const[type,options]=types;
+switch(type){
+case'ec': {
+returnoptions.forEach((curve)=>{
+generateKeyPair(type,{
+namedCurve: curve,
+publicKeyEncoding: {
+format: 'jwk'
+},
+privateKeyEncoding: {
+format: 'jwk'
+}
+},common.mustSucceed((publicKey,privateKey)=>{
+assert.strictEqual(typeofpublicKey,'object');
+assert.strictEqual(typeofprivateKey,'object');
+assert.strictEqual(publicKey.x,privateKey.x);
+assert.strictEqual(publicKey.y,privateKey.y);
+assert(!publicKey.d);
+assert(privateKey.d);
+assert.strictEqual(publicKey.kty,'EC');
+assert.strictEqual(publicKey.kty,privateKey.kty);
+assert.strictEqual(publicKey.crv,curve);
+assert.strictEqual(publicKey.crv,privateKey.crv);
+}));
+});
+}
+case'rsa': {
+returngenerateKeyPair(type,{
+modulusLength: 4096,
+publicKeyEncoding: {
+format: 'jwk'
+},
+privateKeyEncoding: {
+format: 'jwk'
+}
+},common.mustSucceed((publicKey,privateKey)=>{
+assert.strictEqual(typeofpublicKey,'object');
+assert.strictEqual(typeofprivateKey,'object');
+assert.strictEqual(publicKey.kty,'RSA');
+assert.strictEqual(publicKey.kty,privateKey.kty);
+assert.strictEqual(typeofpublicKey.n,'string');
+assert.strictEqual(publicKey.n,privateKey.n);
+assert.strictEqual(typeofpublicKey.e,'string');
+assert.strictEqual(publicKey.e,privateKey.e);
+assert.strictEqual(typeofprivateKey.d,'string');
+assert.strictEqual(typeofprivateKey.p,'string');
+assert.strictEqual(typeofprivateKey.q,'string');
+assert.strictEqual(typeofprivateKey.dp,'string');
+assert.strictEqual(typeofprivateKey.dq,'string');
+assert.strictEqual(typeofprivateKey.qi,'string');
+}));
+}
+case'ed25519':
+case'ed448':
+case'x25519':
+case'x448': {
+generateKeyPair(type,{
+publicKeyEncoding: {
+format: 'jwk'
+},
+privateKeyEncoding: {
+format: 'jwk'
+}
+},common.mustSucceed((publicKey,privateKey)=>{
+assert.strictEqual(typeofpublicKey,'object');
+assert.strictEqual(typeofprivateKey,'object');
+assert.strictEqual(publicKey.x,privateKey.x);
+assert(!publicKey.d);
+assert(privateKey.d);
+assert.strictEqual(publicKey.kty,'OKP');
+assert.strictEqual(publicKey.kty,privateKey.kty);
+constexpectedCrv=`${type.charAt(0).toUpperCase()}${type.slice(1)}`;
+assert.strictEqual(publicKey.crv,expectedCrv);
+assert.strictEqual(publicKey.crv,privateKey.crv);
+}));
+}
+}
+});
+}

test/parallel/test-crypto-keygen-async-encrypted-private-key-der.js

@@ -0,0 +1,50 @@
+'use strict';
+
+constcommon=require('../common');
+if(!common.hasCrypto)
+common.skip('missing crypto');
+
+constassert=require('assert');
+const{
+ generateKeyPair,
+}=require('crypto');
+const{
+ assertApproximateSize,
+ testEncryptDecrypt,
+ testSignVerify,
+}=require('../common/crypto');
+
+// Test async RSA key generation with an encrypted private key, but encoded as DER.
+{
+generateKeyPair('rsa',{
+publicExponent: 0x10001,
+modulusLength: 512,
+publicKeyEncoding: {
+type: 'pkcs1',
+format: 'der'
+},
+privateKeyEncoding: {
+type: 'pkcs8',
+format: 'der'
+}
+},common.mustSucceed((publicKeyDER,privateKeyDER)=>{
+assert(Buffer.isBuffer(publicKeyDER));
+assertApproximateSize(publicKeyDER,74);
+
+assert(Buffer.isBuffer(privateKeyDER));
+
+constpublicKey={
+key: publicKeyDER,
+type: 'pkcs1',
+format: 'der',
+};
+constprivateKey={
+key: privateKeyDER,
+format: 'der',
+type: 'pkcs8',
+passphrase: 'secret'
+};
+testEncryptDecrypt(publicKey,privateKey);
+testSignVerify(publicKey,privateKey);
+}));
+}