crypto: disable crypto.createCipher in FIPS mode

FIPS 140-2 disallows use of MD5, which is used to derive the initialization vector and key for createCipher(). Modify all tests to expect exceptions in FIPS mode when disallowed API is used, or to avoid testing such API in FIPS Mode. PR-URL: #3754 Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]> Reviewed-By: James M Snell <[email protected]>

Author: stefanmb

src/node_crypto.cc

@@ -3054,6 +3054,11 @@ void CipherBase::Init(const char* cipher_type,
 int key_buf_len){
  HandleScope scope(env()->isolate());
 
+#ifdef NODE_FIPS_MODE
+returnenv()->ThrowError(
+"crypto.createCipher() is not supported in FIPS mode.");
+#endif// NODE_FIPS_MODE
+
 CHECK_EQ(cipher_, nullptr);
  cipher_ = EVP_get_cipherbyname(cipher_type);
 if (cipher_ == nullptr){

test/parallel/test-crypto-authenticated.js

@@ -93,32 +93,44 @@ for (var i in TEST_CASES){
 
 (function(){
 if(!test.password)return;
-varencrypt=crypto.createCipher(test.algo,test.password);
-if(test.aad)
-encrypt.setAAD(newBuffer(test.aad,'hex'));
-varhex=encrypt.update(test.plain,'ascii','hex');
-hex+=encrypt.final('hex');
-varauth_tag=encrypt.getAuthTag();
-// only test basic encryption run if output is marked as tampered.
-if(!test.tampered){
-assert.equal(hex.toUpperCase(),test.ct);
-assert.equal(auth_tag.toString('hex').toUpperCase(),test.tag);
+if(common.hasFipsCrypto){
+assert.throws(function()
+{crypto.createCipher(test.algo,test.password);},
+/notsupportedinFIPSmode/);
+}else{
+varencrypt=crypto.createCipher(test.algo,test.password);
+if(test.aad)
+encrypt.setAAD(newBuffer(test.aad,'hex'));
+varhex=encrypt.update(test.plain,'ascii','hex');
+hex+=encrypt.final('hex');
+varauth_tag=encrypt.getAuthTag();
+// only test basic encryption run if output is marked as tampered.
+if(!test.tampered){
+assert.equal(hex.toUpperCase(),test.ct);
+assert.equal(auth_tag.toString('hex').toUpperCase(),test.tag);
+}
 }
 })();
 
 (function(){
 if(!test.password)return;
-vardecrypt=crypto.createDecipher(test.algo,test.password);
-decrypt.setAuthTag(newBuffer(test.tag,'hex'));
-if(test.aad)
-decrypt.setAAD(newBuffer(test.aad,'hex'));
-varmsg=decrypt.update(test.ct,'hex','ascii');
-if(!test.tampered){
-msg+=decrypt.final('ascii');
-assert.equal(msg,test.plain);
+if(common.hasFipsCrypto){
+assert.throws(function()
+{crypto.createDecipher(test.algo,test.password);},
+/notsupportedinFIPSmode/);
 }else{
-// assert that final throws if input data could not be verified!
-assert.throws(function(){decrypt.final('ascii');},/auth/);
+vardecrypt=crypto.createDecipher(test.algo,test.password);
+decrypt.setAuthTag(newBuffer(test.tag,'hex'));
+if(test.aad)
+decrypt.setAAD(newBuffer(test.aad,'hex'));
+varmsg=decrypt.update(test.ct,'hex','ascii');
+if(!test.tampered){
+msg+=decrypt.final('ascii');
+assert.equal(msg,test.plain);
+}else{
+// assert that final throws if input data could not be verified!
+assert.throws(function(){decrypt.final('ascii');},/auth/);
+}
 }
 })();
 

test/parallel/test-crypto-binary-default.js

@@ -496,12 +496,13 @@ function testCipher4(key, iv){
 assert.equal(txt,plaintext,'encryption and decryption with key and iv');
 }
 
+if(!common.hasFipsCrypto){
+testCipher1('MySecretKey123');
+testCipher1(newBuffer('MySecretKey123'));
 
-testCipher1('MySecretKey123');
-testCipher1(newBuffer('MySecretKey123'));
-
-testCipher2('0123456789abcdef');
-testCipher2(newBuffer('0123456789abcdef'));
+testCipher2('0123456789abcdef');
+testCipher2(newBuffer('0123456789abcdef'));
+}
 
 testCipher3('0123456789abcd0123456789','12345678');
 testCipher3('0123456789abcd0123456789',newBuffer('12345678'));

test/parallel/test-crypto-cipher-decipher.js

@@ -6,6 +6,10 @@ if (!common.hasCrypto){
 console.log('1..0 # Skipped: missing crypto');
 return;
 }
+if(common.hasFipsCrypto){
+console.log('1..0 # Skipped: not supported in FIPS mode');
+return;
+}
 varcrypto=require('crypto');
 
 functiontestCipher1(key){
@@ -62,71 +66,12 @@ function testCipher2(key){
 assert.equal(txt,plaintext,'encryption and decryption with Base64');
 }
 
-
-functiontestCipher3(key,iv){
-// Test encyrption and decryption with explicit key and iv
-varplaintext=
-'32|RmVZZkFUVmpRRkp0TmJaUm56ZU9qcnJkaXNNWVNpTTU*|iXmckfRWZBGWWELw'+
-'eCBsThSsfUHLeRe0KCsK8ooHgxie0zOINpXxfZi/oNG7uq9JWFVCk70gfzQH8ZUJ'+
-'jAfaFg**';
-varcipher=crypto.createCipheriv('des-ede3-cbc',key,iv);
-varciph=cipher.update(plaintext,'utf8','hex');
-ciph+=cipher.final('hex');
-
-vardecipher=crypto.createDecipheriv('des-ede3-cbc',key,iv);
-vartxt=decipher.update(ciph,'hex','utf8');
-txt+=decipher.final('utf8');
-
-assert.equal(txt,plaintext,'encryption and decryption with key and iv');
-
-// streaming cipher interface
-// NB: In real life, it's not guaranteed that you can get all of it
-// in a single read() like this. But in this case, we know it's
-// quite small, so there's no harm.
-varcStream=crypto.createCipheriv('des-ede3-cbc',key,iv);
-cStream.end(plaintext);
-ciph=cStream.read();
-
-vardStream=crypto.createDecipheriv('des-ede3-cbc',key,iv);
-dStream.end(ciph);
-txt=dStream.read().toString('utf8');
-
-assert.equal(txt,plaintext,'streaming cipher iv');
-}
-
-
-functiontestCipher4(key,iv){
-// Test encyrption and decryption with explicit key and iv
-varplaintext=
-'32|RmVZZkFUVmpRRkp0TmJaUm56ZU9qcnJkaXNNWVNpTTU*|iXmckfRWZBGWWELw'+
-'eCBsThSsfUHLeRe0KCsK8ooHgxie0zOINpXxfZi/oNG7uq9JWFVCk70gfzQH8ZUJ'+
-'jAfaFg**';
-varcipher=crypto.createCipheriv('des-ede3-cbc',key,iv);
-varciph=cipher.update(plaintext,'utf8','buffer');
-ciph=Buffer.concat([ciph,cipher.final('buffer')]);
-
-vardecipher=crypto.createDecipheriv('des-ede3-cbc',key,iv);
-vartxt=decipher.update(ciph,'buffer','utf8');
-txt+=decipher.final('utf8');
-
-assert.equal(txt,plaintext,'encryption and decryption with key and iv');
-}
-
-
 testCipher1('MySecretKey123');
 testCipher1(newBuffer('MySecretKey123'));
 
 testCipher2('0123456789abcdef');
 testCipher2(newBuffer('0123456789abcdef'));
 
-testCipher3('0123456789abcd0123456789','12345678');
-testCipher3('0123456789abcd0123456789',newBuffer('12345678'));
-testCipher3(newBuffer('0123456789abcd0123456789'),'12345678');
-testCipher3(newBuffer('0123456789abcd0123456789'),newBuffer('12345678'));
-
-testCipher4(newBuffer('0123456789abcd0123456789'),newBuffer('12345678'));
-
-
 // Base64 padding regression test, see #4837.
 (function(){
 varc=crypto.createCipher('aes-256-cbc','secret');

test/parallel/test-crypto-cipheriv-decipheriv.js

@@ -0,0 +1,65 @@
+'use strict';
+varcommon=require('../common');
+varassert=require('assert');
+
+if(!common.hasCrypto){
+console.log('1..0 # Skipped: missing crypto');
+return;
+}
+varcrypto=require('crypto');
+
+functiontestCipher1(key,iv){
+// Test encyrption and decryption with explicit key and iv
+varplaintext=
+'32|RmVZZkFUVmpRRkp0TmJaUm56ZU9qcnJkaXNNWVNpTTU*|iXmckfRWZBGWWELw'+
+'eCBsThSsfUHLeRe0KCsK8ooHgxie0zOINpXxfZi/oNG7uq9JWFVCk70gfzQH8ZUJ'+
+'jAfaFg**';
+varcipher=crypto.createCipheriv('des-ede3-cbc',key,iv);
+varciph=cipher.update(plaintext,'utf8','hex');
+ciph+=cipher.final('hex');
+
+vardecipher=crypto.createDecipheriv('des-ede3-cbc',key,iv);
+vartxt=decipher.update(ciph,'hex','utf8');
+txt+=decipher.final('utf8');
+
+assert.equal(txt,plaintext,'encryption and decryption with key and iv');
+
+// streaming cipher interface
+// NB: In real life, it's not guaranteed that you can get all of it
+// in a single read() like this. But in this case, we know it's
+// quite small, so there's no harm.
+varcStream=crypto.createCipheriv('des-ede3-cbc',key,iv);
+cStream.end(plaintext);
+ciph=cStream.read();
+
+vardStream=crypto.createDecipheriv('des-ede3-cbc',key,iv);
+dStream.end(ciph);
+txt=dStream.read().toString('utf8');
+
+assert.equal(txt,plaintext,'streaming cipher iv');
+}
+
+
+functiontestCipher2(key,iv){
+// Test encyrption and decryption with explicit key and iv
+varplaintext=
+'32|RmVZZkFUVmpRRkp0TmJaUm56ZU9qcnJkaXNNWVNpTTU*|iXmckfRWZBGWWELw'+
+'eCBsThSsfUHLeRe0KCsK8ooHgxie0zOINpXxfZi/oNG7uq9JWFVCk70gfzQH8ZUJ'+
+'jAfaFg**';
+varcipher=crypto.createCipheriv('des-ede3-cbc',key,iv);
+varciph=cipher.update(plaintext,'utf8','buffer');
+ciph=Buffer.concat([ciph,cipher.final('buffer')]);
+
+vardecipher=crypto.createDecipheriv('des-ede3-cbc',key,iv);
+vartxt=decipher.update(ciph,'buffer','utf8');
+txt+=decipher.final('utf8');
+
+assert.equal(txt,plaintext,'encryption and decryption with key and iv');
+}
+
+testCipher1('0123456789abcd0123456789','12345678');
+testCipher1('0123456789abcd0123456789',newBuffer('12345678'));
+testCipher1(newBuffer('0123456789abcd0123456789'),'12345678');
+testCipher1(newBuffer('0123456789abcd0123456789'),newBuffer('12345678'));
+
+testCipher2(newBuffer('0123456789abcd0123456789'),newBuffer('12345678'));

test/parallel/test-crypto-dh.js

@@ -58,7 +58,7 @@ assert.equal(secret1, secret3);
 
 // Run this one twice to make sure that the dh3 clears its error properly
 (function(){
-varc=crypto.createDecipher('aes-128-ecb','');
+varc=crypto.createDecipheriv('aes-128-ecb',crypto.randomBytes(16),'');
 assert.throws(function(){c.final('utf8');},/wrongfinalblocklength/);
 })();
 
@@ -67,7 +67,7 @@ assert.throws(function(){
 },/keyistoosmall/i);
 
 (function(){
-varc=crypto.createDecipher('aes-128-ecb','');
+varc=crypto.createDecipheriv('aes-128-ecb',crypto.randomBytes(16),'');
 assert.throws(function(){c.final('utf8');},/wrongfinalblocklength/);
 })();
 

test/parallel/test-crypto.js

@@ -93,11 +93,11 @@ assertSorted(crypto.getCurves());
 // throw, not assert in C++ land.
 assert.throws(function(){
 crypto.createCipher('aes192','test').update('0','hex');
-},/Badinputstring/);
+},common.hasFipsCrypto ? /notsupportedinFIPSmode/ : /Badinputstring/);
 
 assert.throws(function(){
 crypto.createDecipher('aes192','test').update('0','hex');
-},/Badinputstring/);
+},common.hasFipsCrypto ? /notsupportedinFIPSmode/ : /Badinputstring/);
 
 assert.throws(function(){
 crypto.createHash('sha1').update('0','hex');