crypto: add test case for AES key wrapping

Add test cases for AES key wrapping and only detect output length in cipher case. The reason being is the returned output length is insufficient in AES key unwrapping case. Backport-PR-URL: #20706 PR-URL: #20587 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
nodejs · May 14, 2018 · cecec46 · cecec46
1 parent 40fb885
commit cecec46
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 1 deletion.
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
@@ -3007,7 +3007,7 @@ CipherBase::UpdateResult CipherBase::Update(const char* data,
   int buff_len = len + EVP_CIPHER_CTX_block_size(ctx_.get());
   // For key wrapping algorithms, get output size by calling
   // EVP_CipherUpdate() with null output.
-  if (mode == EVP_CIPH_WRAP_MODE &&
+  if (kind_ == kCipher && mode == EVP_CIPH_WRAP_MODE &&
       EVP_CipherUpdate(ctx_.get(),
                        nullptr,
                        &buff_len,

diff --git a/test/parallel/test-crypto-aes-wrap.js b/test/parallel/test-crypto-aes-wrap.js
@@ -0,0 +1,62 @@
+'use strict';
+const common = require('../common');
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const assert = require('assert');
+const crypto = require('crypto');
+
+const test = [
+  {
+    algorithm: 'aes128-wrap',
+    key: 'b26f309fbe57e9b3bb6ae5ef31d54450',
+    iv: '3fd838af4093d749',
+    text: '12345678123456781234567812345678'
+  },
+  {
+    algorithm: 'id-aes128-wrap-pad',
+    key: 'b26f309fbe57e9b3bb6ae5ef31d54450',
+    iv: '3fd838af',
+    text: '12345678123456781234567812345678123'
+  },
+  {
+    algorithm: 'aes192-wrap',
+    key: '40978085d68091f7dfca0d7dfc7a5ee76d2cc7f2f345a304',
+    iv: '3fd838af4093d749',
+    text: '12345678123456781234567812345678'
+  },
+  {
+    algorithm: 'id-aes192-wrap-pad',
+    key: '40978085d68091f7dfca0d7dfc7a5ee76d2cc7f2f345a304',
+    iv: '3fd838af',
+    text: '12345678123456781234567812345678123'
+  },
+  {
+    algorithm: 'aes256-wrap',
+    key: '29c9eab5ed5ad44134a1437fe2e673b4d88a5b7c72e68454fea08721392b7323',
+    iv: '3fd838af4093d749',
+    text: '12345678123456781234567812345678'
+  },
+  {
+    algorithm: 'id-aes256-wrap-pad',
+    key: '29c9eab5ed5ad44134a1437fe2e673b4d88a5b7c72e68454fea08721392b7323',
+    iv: '3fd838af',
+    text: '12345678123456781234567812345678123'
+  },
+];
+
+test.forEach((data) => {
+  const cipher = crypto.createCipheriv(
+    data.algorithm,
+    Buffer.from(data.key, 'hex'),
+    Buffer.from(data.iv, 'hex'));
+  const ciphertext = cipher.update(data.text, 'utf8');
+
+  const decipher = crypto.createDecipheriv(
+    data.algorithm,
+    Buffer.from(data.key, 'hex'),
+    Buffer.from(data.iv, 'hex'));
+  const msg = decipher.update(ciphertext, 'buffer', 'utf8');
+
+  assert.strictEqual(msg, data.text, `${data.algorithm} test case failed`);
+});