Skip to content

test: increase crypto strength for FIPS standard#3758

Closed
stefanmb wants to merge 1 commit intonodejs:masterfrom
stefanmb:fips-cs7-increase-arbitrary-crypto-strength
Closed

test: increase crypto strength for FIPS standard#3758
stefanmb wants to merge 1 commit intonodejs:masterfrom
stefanmb:fips-cs7-increase-arbitrary-crypto-strength

Conversation

@stefanmb
Copy link
Contributor

@stefanmb stefanmb commented Nov 10, 2015

In many test cases arbitrary crypto is chosen, for example a key length of 256 bits may be selected, or a prime number of 768 bits length. Some of these choices are not compatible with FIPS, in these cases I’ve opted to boost the cryptography level to a minimum supported level in FIPS. For a discussion on “equivalent” crypto strength across different algorithms see Section 5.6.1 of SP 800-57.

@mscdex mscdex added crypto Issues and PRs related to the crypto subsystem. test Issues and PRs related to the tests. labels Nov 11, 2015
@stefanmb stefanmb mentioned this pull request Nov 11, 2015
Closed
indutny
indutny reviewed Nov 11, 2015
View reviewed changes
test/common.js Outdated
Copy link
Member

@indutny indutny Nov 11, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Single quotes.

@indutny
Copy link
Member

indutny commented Nov 11, 2015

No need to start Increase with a capital letter in commit message. What do you think about running make lint?

shigeki
shigeki reviewed Nov 12, 2015
View reviewed changes
test/parallel/test-crypto.js Outdated
Copy link
Contributor

@shigeki shigeki Nov 12, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this enough to check /:digest too big for rsa key/ ?

@stefanmb stefanmb force-pushed the fips-cs7-increase-arbitrary-crypto-strength branch from c25a4ae to d04aa4b Compare November 12, 2015 22:33
@stefanmb stefanmb changed the title test: Increase crypto strength for FIPS standard test: increase crypto strength for FIPS standard Nov 13, 2015
@stefanmb stefanmb force-pushed the fips-cs7-increase-arbitrary-crypto-strength branch from d04aa4b to 8fe3e9b Compare November 13, 2015 20:54
@jasnell
Copy link
Member

jasnell commented Nov 14, 2015

LGTM. @shigeki @mhdawson ... any thoughts?

@shigeki
Copy link
Contributor

shigeki commented Nov 14, 2015

LGTM

@jasnell
Copy link
Member

jasnell commented Nov 14, 2015

@stefanmb ... this patch, for some reason, is not applying cleanly on master. Can you take a look and rebase/update if necessary. It appears to be having a problem with the changes to common.js

@stefanmb
test: increase crypto strength for FIPS standard
390f571 
Use stronger crypto (larger keys, etc.) for arbitrary tests so
they will pass in both FIPS and non-FIPS mode without altering
the original intent of the test cases.
@stefanmb stefanmb force-pushed the fips-cs7-increase-arbitrary-crypto-strength branch from 8fe3e9b to 390f571 Compare November 14, 2015 17:02
@stefanmb
Copy link
Contributor Author

stefanmb commented Nov 14, 2015

@jasnell I think it should be fixed now, please confirm. I included the commit for common.js in several PRs, but once it landed in the first one it's no longer needed in the others. Thanks!

@jasnell
Copy link
Member

jasnell commented Nov 14, 2015

Ok. In the future, when you have one commit that may be need by several others, it would likely be best to separate that out into a separate pull request and referenced from the other PRs that depend on it. Doing so helps keep changes isolated and the dependencies visible.

jasnell pushed a commit that referenced this pull request Nov 14, 2015
@stefanmb @jasnell
test: increase crypto strength for FIPS standard
11ad744 
Use stronger crypto (larger keys, etc.) for arbitrary tests so
they will pass in both FIPS and non-FIPS mode without altering
the original intent of the test cases.

PR-URL: #3758
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@jasnell
Copy link
Member

jasnell commented Nov 14, 2015

Landed in 11ad744

@jasnell jasnell closed this Nov 14, 2015
Fishrock123 pushed a commit that referenced this pull request Nov 17, 2015
@stefanmb @Fishrock123
test: increase crypto strength for FIPS standard
413ca53 
Use stronger crypto (larger keys, etc.) for arbitrary tests so
they will pass in both FIPS and non-FIPS mode without altering
the original intent of the test cases.

PR-URL: #3758
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@MylesBorins MylesBorins mentioned this pull request Nov 17, 2015
Closed
@evanlucas evanlucas mentioned this pull request Nov 18, 2015
Closed
@Fishrock123
Copy link
Contributor

Fishrock123 commented Nov 18, 2015

CI wasn't run for this and seems to be causing #3881, fwiw.

@jasnell
Copy link
Member

jasnell commented Nov 18, 2015

Hmm... ok. At the time CI itself was flaky at best so landing was done optimistically after testing locally on osx and ubuntu.

I've been considering working the new node-stress-single-test into my workflow for every PR that lands a significant test change. Or perhaps a variation that merges node-stress-single-test and node-test-pull-request might be worthwhile. It would certainly help us to identify the flaky tests earlier now that CI is relatively stable again.

@evanlucas
Copy link
Contributor

evanlucas commented Nov 18, 2015

Ah good point. I forgot about that. I like your idea regarding the node-stress-single-test though.

@jasnell jasnell mentioned this pull request Nov 18, 2015
Closed
@stefanmb
Copy link
Contributor Author

stefanmb commented Nov 18, 2015

@Fishrock123 This follow up PR should alleviate the rpi perf issues #3902.

MylesBorins pushed a commit that referenced this pull request Nov 30, 2015
@stefanmb
test: increase crypto strength for FIPS standard
823b8ba 
Use stronger crypto (larger keys, etc.) for arbitrary tests so
they will pass in both FIPS and non-FIPS mode without altering
the original intent of the test cases.

PR-URL: #3758
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: James M Snell <[email protected]>
rvagg pushed a commit that referenced this pull request Dec 4, 2015
@stefanmb @rvagg
test: increase crypto strength for FIPS standard
dd475dc 
Use stronger crypto (larger keys, etc.) for arbitrary tests so
they will pass in both FIPS and non-FIPS mode without altering
the original intent of the test cases.

PR-URL: #3758
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@jasnell jasnell mentioned this pull request Dec 17, 2015
Closed
jasnell pushed a commit that referenced this pull request Dec 17, 2015
@stefanmb @jasnell
test: increase crypto strength for FIPS standard
1f83eeb 
Use stronger crypto (larger keys, etc.) for arbitrary tests so
they will pass in both FIPS and non-FIPS mode without altering
the original intent of the test cases.

PR-URL: #3758
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: James M Snell <[email protected]>
jasnell pushed a commit that referenced this pull request Dec 23, 2015
@stefanmb @jasnell
test: increase crypto strength for FIPS standard
9837387 
Use stronger crypto (larger keys, etc.) for arbitrary tests so
they will pass in both FIPS and non-FIPS mode without altering
the original intent of the test cases.

PR-URL: #3758
Reviewed-By: Shigeki Ohtsu <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@Clemens-git76 Clemens-git76 mentioned this pull request Apr 16, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

crypto Issues and PRs related to the crypto subsystem. test Issues and PRs related to the tests.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@stefanmb @indutny @jasnell @shigeki @Fishrock123 @evanlucas @mscdex @MylesBorins