22
33var Buffer = require ( 'safe-buffer' ) . Buffer ;
44var asn1 = require ( 'parse-asn1/asn1' ) ;
5- var test = require ( 'tape' ) . test ;
5+ var test = require ( 'tape' ) ;
66var nCrypto = require ( 'crypto' ) ;
77var semver = require ( 'semver' ) ;
88var BN = require ( 'bn.js' ) ;
@@ -13,56 +13,60 @@ var fixtures = require('./fixtures');
1313
1414var supportsPassphrases = semver . satisfies ( process . versions . node , '>= 0.11.8' ) ;
1515
16- fixtures . valid . rsa . forEach ( function ( f ) {
17- var message = Buffer . from ( f . message ) ;
18- var pub = Buffer . from ( f [ 'public' ] , 'base64' ) ;
19- var priv ;
20-
21- if ( f . passphrase ) {
22- if ( ! supportsPassphrases ) {
23- console . info ( 'skipping passphrase test on a node version that lacks support for it' ) ;
24- return ;
25- }
26- priv = {
27- key : Buffer . from ( f [ 'private' ] , 'base64' ) ,
28- passphrase : f . passphrase
29- } ;
30- } else {
31- priv = Buffer . from ( f [ 'private' ] , 'base64' ) ;
32- }
33-
34- ( nCrypto . getHashes ( ) . indexOf ( f . scheme ) >= 0 ? test : test . skip ) ( f . message , function ( t ) {
35- var bSign ;
36- try {
37- bSign = bCrypto . createSign ( f . scheme ) ;
38- } catch ( e ) {
39- console . info ( 'skipping unsupported browserify-sign scheme' , f . scheme ) ;
40- t . end ( ) ;
41- return ;
42- }
43-
44- try {
45- var nSign = nCrypto . createSign ( f . scheme ) ;
46- } catch ( e ) {
47- console . info ( 'skipping unsupported node scheme' , f . scheme ) ;
48- t . end ( ) ;
49- return ;
50- }
51-
52- var bSig = bSign . update ( message ) . sign ( priv ) ;
53- var nSig = nSign . update ( message ) . sign ( priv ) ;
54-
55- t . equals ( bSig . length , nSig . length , 'correct length' ) ;
56- t . equals ( bSig . toString ( 'hex' ) , nSig . toString ( 'hex' ) , 'equal sigs' ) ;
57- t . equals ( bSig . toString ( 'hex' ) , f . signature , 'compare to known' ) ;
58-
59- t . ok ( nCrypto . createVerify ( f . scheme ) . update ( message ) . verify ( pub , nSig ) , 'node validate node sig' ) ;
60- t . ok ( nCrypto . createVerify ( f . scheme ) . update ( message ) . verify ( pub , bSig ) , 'node validate browser sig' ) ;
61-
62- t . ok ( bCrypto . createVerify ( f . scheme ) . update ( message ) . verify ( pub , nSig ) , 'browser validate node sig' ) ;
63- t . ok ( bCrypto . createVerify ( f . scheme ) . update ( message ) . verify ( pub , bSig ) , 'browser validate browser sig' ) ;
16+ test ( 'valid RSA fixtures' , function ( t ) {
17+ fixtures . valid . rsa . forEach ( function ( f ) {
18+ var message = Buffer . from ( f . message ) ;
19+ var pub = Buffer . from ( f [ 'public' ] , 'base64' ) ;
6420
65- t . end ( ) ;
21+ t . test ( 'fixture: ' + f . message , { skip : ! ( nCrypto . getHashes ( ) . indexOf ( f . scheme ) >= 0 ) } , function ( st ) {
22+ var priv ;
23+
24+ if ( f . passphrase ) {
25+ if ( ! supportsPassphrases ) {
26+ st . comment ( 'SKIP skipping passphrase test on a node version that lacks support for it' ) ;
27+ st . end ( ) ;
28+ return ;
29+ }
30+ priv = {
31+ key : Buffer . from ( f [ 'private' ] , 'base64' ) ,
32+ passphrase : f . passphrase
33+ } ;
34+ } else {
35+ priv = Buffer . from ( f [ 'private' ] , 'base64' ) ;
36+ }
37+
38+ var bSign ;
39+ try {
40+ bSign = bCrypto . createSign ( f . scheme ) ;
41+ } catch ( e ) {
42+ st . comment ( 'SKIP skipping unsupported browserify-sign scheme ' + f . scheme ) ;
43+ st . end ( ) ;
44+ return ;
45+ }
46+
47+ try {
48+ var nSign = nCrypto . createSign ( f . scheme ) ;
49+ } catch ( e ) {
50+ st . comment ( 'SKIP skipping unsupported node scheme ' + f . scheme ) ;
51+ st . end ( ) ;
52+ return ;
53+ }
54+
55+ var bSig = bSign . update ( message ) . sign ( priv ) ;
56+ var nSig = nSign . update ( message ) . sign ( priv ) ;
57+
58+ st . equals ( bSig . length , nSig . length , 'correct length' ) ;
59+ st . equals ( bSig . toString ( 'hex' ) , nSig . toString ( 'hex' ) , 'equal sigs' ) ;
60+ st . equals ( bSig . toString ( 'hex' ) , f . signature , 'compare to known' ) ;
61+
62+ st . ok ( nCrypto . createVerify ( f . scheme ) . update ( message ) . verify ( pub , nSig ) , 'node validate node sig' ) ;
63+ st . ok ( nCrypto . createVerify ( f . scheme ) . update ( message ) . verify ( pub , bSig ) , 'node validate browser sig' ) ;
64+
65+ st . ok ( bCrypto . createVerify ( f . scheme ) . update ( message ) . verify ( pub , nSig ) , 'browser validate node sig' ) ;
66+ st . ok ( bCrypto . createVerify ( f . scheme ) . update ( message ) . verify ( pub , bSig ) , 'browser validate browser sig' ) ;
67+
68+ st . end ( ) ;
69+ } ) ;
6670 } ) ;
6771} ) ;
6872
@@ -96,106 +100,110 @@ fixtures.valid.rsa.forEach(function (f) {
96100 t . end ( ) ;
97101} ) ;
98102
99- fixtures . valid . ec . forEach ( function ( f ) {
100- var message = Buffer . from ( f . message ) ;
101- var pub = Buffer . from ( f [ 'public' ] , 'base64' ) ;
102- var priv ;
103-
104- if ( f . passphrase ) {
105- if ( ! supportsPassphrases ) {
106- console . info ( 'skipping passphrase test on a node version that lacks support for it' ) ;
107- return ;
108- }
109- priv = {
110- key : Buffer . from ( f [ 'private' ] , 'base64' ) ,
111- passphrase : f . passphrase
112- } ;
113- } else {
114- priv = Buffer . from ( f [ 'private' ] , 'base64' ) ;
115- }
116-
117- ( nCrypto . getHashes ( ) . indexOf ( f . scheme ) >= 0 ? test : test . skip ) ( f . message , function ( t ) {
118- var nSign ;
119- try {
120- nSign = nCrypto . createSign ( f . scheme ) ;
121- } catch ( e ) {
122- console . info ( 'skipping unsupported browserify-sign scheme' , f . scheme ) ;
123- t . end ( ) ;
124- return ;
125- }
126-
127- var bSign ;
128- try {
129- bSign = bCrypto . createSign ( f . scheme ) ;
130- } catch ( e ) {
131- console . info ( 'skipping unsupported node scheme' , f . scheme ) ;
132- t . end ( ) ;
133- return ;
134- }
135-
136- var bSig = bSign . update ( message ) . sign ( priv ) ;
137- var nSig = nSign . update ( message ) . sign ( priv ) ;
138- t . notEqual ( bSig . toString ( 'hex' ) , nSig . toString ( 'hex' ) , 'not equal sigs' ) ;
139- t . equals ( bSig . toString ( 'hex' ) , f . signature , 'sig is determanistic' ) ;
140-
141- var nVer = nCrypto . createVerify ( f . scheme ) ;
142- t . ok ( nVer . update ( message ) . verify ( pub , bSig ) , 'node validate browser sig' ) ;
143-
144- var bVer = bCrypto . createVerify ( f . scheme ) ;
145- t . ok ( bVer . update ( message ) . verify ( pub , nSig ) , 'browser validate node sig' ) ;
103+ test ( 'valid EC fixtures' , function ( t ) {
104+ fixtures . valid . ec . forEach ( function ( f ) {
105+ var message = Buffer . from ( f . message ) ;
106+ var pub = Buffer . from ( f [ 'public' ] , 'base64' ) ;
146107
147- t . end ( ) ;
148- } ) ;
108+ t . test ( 'fixture: ' + f . message , { skip : ! ( nCrypto . getHashes ( ) . indexOf ( f . scheme ) >= 0 ) } , function ( st ) {
109+ var priv ;
110+
111+ if ( f . passphrase ) {
112+ if ( ! supportsPassphrases ) {
113+ st . comment ( 'SKIP skipping passphrase test on a node version that lacks support for it' ) ;
114+ st . end ( ) ;
115+ return ;
116+ }
117+ priv = {
118+ key : Buffer . from ( f [ 'private' ] , 'base64' ) ,
119+ passphrase : f . passphrase
120+ } ;
121+ } else {
122+ priv = Buffer . from ( f [ 'private' ] , 'base64' ) ;
123+ }
124+
125+ var nSign ;
126+ try {
127+ nSign = nCrypto . createSign ( f . scheme ) ;
128+ } catch ( e ) {
129+ st . comment ( 'SKIP skipping unsupported browserify-sign scheme' , f . scheme ) ;
130+ st . end ( ) ;
131+ return ;
132+ }
149133
150- if ( f . scheme !== 'DSA' && f . scheme . toLowerCase ( ) . indexOf ( 'dsa' ) === - 1 ) {
151- test ( f . message + ' named rsa through' , function ( t ) {
152- var scheme = 'RSA-' + f . scheme . toUpperCase ( ) ;
153- var nSign = nCrypto . createSign ( scheme ) ;
154- var bSign = bCrypto . createSign ( scheme ) ;
134+ var bSign ;
135+ try {
136+ bSign = bCrypto . createSign ( f . scheme ) ;
137+ } catch ( e ) {
138+ st . comment ( 'SKIP skipping unsupported node scheme' , f . scheme ) ;
139+ st . end ( ) ;
140+ return ;
141+ }
155142
156143 var bSig = bSign . update ( message ) . sign ( priv ) ;
157144 var nSig = nSign . update ( message ) . sign ( priv ) ;
158- t . notEqual ( bSig . toString ( 'hex' ) , nSig . toString ( 'hex' ) , 'not equal sigs' ) ;
159- t . equals ( bSig . toString ( 'hex' ) , f . signature , 'sig is determanistic' ) ;
145+ st . notEqual ( bSig . toString ( 'hex' ) , nSig . toString ( 'hex' ) , 'not equal sigs' ) ;
146+ st . equals ( bSig . toString ( 'hex' ) , f . signature , 'sig is determanistic' ) ;
160147
161148 var nVer = nCrypto . createVerify ( f . scheme ) ;
162- t . ok ( nVer . update ( message ) . verify ( pub , bSig ) , 'node validate browser sig' ) ;
149+ st . ok ( nVer . update ( message ) . verify ( pub , bSig ) , 'node validate browser sig' ) ;
163150
164151 var bVer = bCrypto . createVerify ( f . scheme ) ;
165- t . ok ( bVer . update ( message ) . verify ( pub , nSig ) , 'browser validate node sig' ) ;
152+ st . ok ( bVer . update ( message ) . verify ( pub , nSig ) , 'browser validate node sig' ) ;
166153
167- t . end ( ) ;
168- } ) ;
169- }
154+ if ( f . scheme !== 'DSA' && f . scheme . toLowerCase ( ) . indexOf ( 'dsa' ) === - 1 ) {
155+ st . test ( f . message + ' named rsa through' , function ( s2t ) {
156+ var scheme = 'RSA-' + f . scheme . toUpperCase ( ) ;
157+ var nSign2 = nCrypto . createSign ( scheme ) ;
158+ var bSign2 = bCrypto . createSign ( scheme ) ;
170159
171- var s = parseKeys ( pub ) . data . q ;
172- test (
173- f . message + ' against a fake signature' ,
174- { skip : ! s || '(this test only applies to DSA signatures and not EC signatures, this is ' + f . scheme + ')' } ,
175- function ( t ) {
176- var messageBase64 = Buffer . from ( f . message , 'base64' ) ;
160+ var bSig2 = bSign2 . update ( message ) . sign ( priv ) ;
161+ var nSig2 = nSign2 . update ( message ) . sign ( priv ) ;
162+ s2t . notEqual ( bSig2 . toString ( 'hex' ) , nSig2 . toString ( 'hex' ) , 'not equal sigs' ) ;
163+ s2t . equals ( bSig2 . toString ( 'hex' ) , f . signature , 'sig is determanistic' ) ;
177164
178- // forge a fake signature
179- var r = new BN ( '1 ') ;
165+ var nVer2 = nCrypto . createVerify ( f . scheme ) ;
166+ s2t . ok ( nVer2 . update ( message ) . verify ( pub , bSig2 ) , 'node validate browser sig ') ;
180167
181- try {
182- var fakeSig = asn1 . signature . encode ( { r : r , s : s } , 'der' ) ;
183- } catch ( e ) {
184- t . ifError ( e ) ;
185- t . end ( ) ;
186- return ;
168+ var bVer2 = bCrypto . createVerify ( f . scheme ) ;
169+ s2t . ok ( bVer2 . update ( message ) . verify ( pub , nSig2 ) , 'browser validate node sig' ) ;
170+
171+ s2t . end ( ) ;
172+ } ) ;
187173 }
188174
189- var bVer = bCrypto . createVerify ( f . scheme ) ;
190- t [ 'throws' ] (
191- function ( ) { bVer . update ( messageBase64 ) . verify ( pub , fakeSig ) ; } ,
192- Error ,
193- 'fake signature is invalid'
194- ) ;
195-
196- t . end ( ) ;
197- }
198- ) ;
175+ st . end ( ) ;
176+ } ) ;
177+
178+ var s = parseKeys ( pub ) . data . q ;
179+ t . test (
180+ f . message + ' against a fake signature' ,
181+ { skip : ! s || '(this test only applies to DSA signatures and not EC signatures, this is ' + f . scheme + ')' } ,
182+ function ( st ) {
183+ var messageBase64 = Buffer . from ( f . message , 'base64' ) ;
184+
185+ // forge a fake signature
186+ var r = new BN ( '1' ) ;
187+
188+ try {
189+ var fakeSig = asn1 . signature . encode ( { r : r , s : s } , 'der' ) ;
190+ } catch ( e ) {
191+ st . ifError ( e ) ;
192+ st . end ( ) ;
193+ return ;
194+ }
195+
196+ var bVer = bCrypto . createVerify ( f . scheme ) ;
197+ st [ 'throws' ] (
198+ function ( ) { bVer . update ( messageBase64 ) . verify ( pub , fakeSig ) ; } ,
199+ Error ,
200+ 'fake signature is invalid'
201+ ) ;
202+
203+ st . end ( ) ;
204+ }
205+ ) ;
206+ } ) ;
199207} ) ;
200208
201209fixtures . valid . kvectors . forEach ( function ( f ) {
0 commit comments