test: add test cases for paramEncoding 'explicit'

oksemonenko · targos · commit 6f9aa3f722bb · 2019-05-31T08:46:55.000+02:00
PR-URL: #27900 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Rich Trott <rtrott@gmail.com>
diff --git a/test/parallel/test-crypto-keygen.js b/test/parallel/test-crypto-keygen.js
@@ -378,6 +378,30 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
     testSignVerify(publicKey, privateKey);
   }));
 
+  // Test async elliptic curve key generation, e.g. for ECDSA, with a SEC1
+  // private key with paramEncoding explicit.
+  generateKeyPair('ec', {
+    namedCurve: 'prime256v1',
+    paramEncoding: 'explicit',
+    publicKeyEncoding: {
+      type: 'spki',
+      format: 'pem'
+    },
+    privateKeyEncoding: {
+      type: 'sec1',
+      format: 'pem'
+    }
+  }, common.mustCall((err, publicKey, privateKey) => {
+    assert.ifError(err);
+
+    assert.strictEqual(typeof publicKey, 'string');
+    assert(spkiExp.test(publicKey));
+    assert.strictEqual(typeof privateKey, 'string');
+    assert(sec1Exp.test(privateKey));
+
+    testSignVerify(publicKey, privateKey);
+  }));
+
   // Do the same with an encrypted private key.
   generateKeyPair('ec', {
     namedCurve: 'prime256v1',
@@ -409,6 +433,38 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
 
     testSignVerify(publicKey, { key: privateKey, passphrase: 'secret' });
   }));
+
+  // Do the same with an encrypted private key with paramEncoding explicit.
+  generateKeyPair('ec', {
+    namedCurve: 'prime256v1',
+    paramEncoding: 'explicit',
+    publicKeyEncoding: {
+      type: 'spki',
+      format: 'pem'
+    },
+    privateKeyEncoding: {
+      type: 'sec1',
+      format: 'pem',
+      cipher: 'aes-128-cbc',
+      passphrase: 'secret'
+    }
+  }, common.mustCall((err, publicKey, privateKey) => {
+    assert.ifError(err);
+
+    assert.strictEqual(typeof publicKey, 'string');
+    assert(spkiExp.test(publicKey));
+    assert.strictEqual(typeof privateKey, 'string');
+    assert(sec1EncExp('AES-128-CBC').test(privateKey));
+
+    // Since the private key is encrypted, signing shouldn't work anymore.
+    common.expectsError(() => testSignVerify(publicKey, privateKey), {
+      type: TypeError,
+      code: 'ERR_MISSING_PASSPHRASE',
+      message: 'Passphrase required for encrypted key'
+    });
+
+    testSignVerify(publicKey, { key: privateKey, passphrase: 'secret' });
+  }));
 }
 
 {
@@ -447,6 +503,42 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
       passphrase: 'top secret'
     });
   }));
+
+  // Test async elliptic curve key generation, e.g. for ECDSA, with an encrypted
+  // private key with paramEncoding explicit.
+  generateKeyPair('ec', {
+    namedCurve: 'P-256',
+    paramEncoding: 'explicit',
+    publicKeyEncoding: {
+      type: 'spki',
+      format: 'pem'
+    },
+    privateKeyEncoding: {
+      type: 'pkcs8',
+      format: 'pem',
+      cipher: 'aes-128-cbc',
+      passphrase: 'top secret'
+    }
+  }, common.mustCall((err, publicKey, privateKey) => {
+    assert.ifError(err);
+
+    assert.strictEqual(typeof publicKey, 'string');
+    assert(spkiExp.test(publicKey));
+    assert.strictEqual(typeof privateKey, 'string');
+    assert(pkcs8EncExp.test(privateKey));
+
+    // Since the private key is encrypted, signing shouldn't work anymore.
+    common.expectsError(() => testSignVerify(publicKey, privateKey), {
+      type: TypeError,
+      code: 'ERR_MISSING_PASSPHRASE',
+      message: 'Passphrase required for encrypted key'
+    });
+
+    testSignVerify(publicKey, {
+      key: privateKey,
+      passphrase: 'top secret'
+    });
+  }));
 }
 
 // Test invalid parameter encoding.
