Skip to content

Commit

Permalink
test: use stronger curves for keygen
Browse files Browse the repository at this point in the history
This commit updates the named curves P-192 (prime192v1), and secp192k1
to 256 bit versions.

The motivation for this is that in Red Hat Enterprise Linux (RHEL) all
ECC curves < 224 bits are removed from OpenSSL provided by the system.
I'm not sure if other distributions do this but these 256 bit curves are
availalbe in OpenSSL 1.1.0j (current version on master) and OpenSSL
1.1.1 so as far as I can tell it should be safe change to make.

PR-URL: #25564
Reviewed-By: Sam Roberts <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
  • Loading branch information
danbev authored and addaleax committed Jan 23, 2019
1 parent 3dcdf27 commit efe089e
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions test/parallel/test-crypto-keygen.js
Original file line number Diff line number Diff line change
Expand Up @@ -283,7 +283,7 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
// Test async elliptic curve key generation, e.g. for ECDSA, with an encrypted
// private key.
generateKeyPair('ec', {
namedCurve: 'P-192',
namedCurve: 'P-256',
paramEncoding: 'named',
publicKeyEncoding: {
type: 'spki',
Expand Down Expand Up @@ -691,15 +691,15 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);

// It should recognize both NIST and standard curve names.
generateKeyPair('ec', {
namedCurve: 'P-192',
namedCurve: 'P-256',
publicKeyEncoding: { type: 'spki', format: 'pem' },
privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
}, common.mustCall((err, publicKey, privateKey) => {
assert.ifError(err);
}));

generateKeyPair('ec', {
namedCurve: 'secp192k1',
namedCurve: 'secp256k1',
publicKeyEncoding: { type: 'spki', format: 'pem' },
privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
}, common.mustCall((err, publicKey, privateKey) => {
Expand Down

0 comments on commit efe089e

Please sign in to comment.