test,crypto: skip unsupported ciphers

PR-URL: https://github.com/nodejs/node/pull/59388
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>

test/parallel/test-crypto-aes-wrap.js

@@ -53,6 +53,11 @@ const key3 = Buffer.from('29c9eab5ed5ad44134a1437fe2e673b4d88a5b7c72e68454fea087
     text: '12345678123456781234567812345678123'
   },
 ].forEach(({ algorithm, key, iv, text }) => {
+  if (!crypto.getCiphers().includes(algorithm)) {
+    common.printSkipMessage(`Skipping unsupported ${algorithm} test case`);
+    return;
+  }
+
   const cipher = crypto.createCipheriv(algorithm, key, iv);
   const decipher = crypto.createDecipheriv(algorithm, key, iv);
   const msg = decipher.update(cipher.update(text, 'utf8'), 'buffer', 'utf8');

test/parallel/test-crypto-authenticated-stream.js

@@ -115,6 +115,11 @@ function fstream(config) {
 fstream.count = 0;
 
 function test(config) {
+  if (!crypto.getCiphers().includes(config.cipher)) {
+    common.printSkipMessage(`unsupported cipher: ${config.cipher}`);
+    return;
+  }
+
   direct(config);
   mstream(config);
   fstream(config);

test/parallel/test-crypto-authenticated.js

@@ -248,6 +248,9 @@ for (const test of TEST_CASES) {
 // Test that create(De|C)ipheriv throws if the mode is CCM and an invalid
 // authentication tag length has been specified.
 {
+  if (!ciphers.includes('aes-256-ccm')) {
+    common.printSkipMessage(`unsupported aes-256-ccm test`);
+  } else {
     for (const authTagLength of [-1, true, false, NaN, 5.5]) {
       assert.throws(() => {
         crypto.createCipheriv('aes-256-ccm',
@@ -301,12 +304,18 @@ for (const test of TEST_CASES) {
         }, errMessages.authTagLength);
       }
     }
+  }
 }
 
 // Test that create(De|C)ipheriv throws if the mode is CCM or OCB and no
 // authentication tag length has been specified.
 {
   for (const mode of ['ccm', 'ocb']) {
+    if (!ciphers.includes(`aes-256-${mode}`)) {
+      common.printSkipMessage(`unsupported aes-256-${mode} test`);
+      continue;
+    }
+
     assert.throws(() => {
       crypto.createCipheriv(`aes-256-${mode}`,
                             'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
@@ -330,6 +339,9 @@ for (const test of TEST_CASES) {
 
 // Test that setAAD throws if an invalid plaintext length has been specified.
 {
+  if (!ciphers.includes('aes-256-ccm')) {
+    common.printSkipMessage(`unsupported aes-256-ccm test`);
+  } else {
     const cipher = crypto.createCipheriv('aes-256-ccm',
                                          'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
                                          'qkuZpJWCewa6S',
@@ -347,10 +359,14 @@ for (const test of TEST_CASES) {
           `Received ${inspect(plaintextLength)}`
       });
     }
+  }
 }
 
 // Test that setAAD and update throw if the plaintext is too long.
 {
+  if (!ciphers.includes('aes-256-ccm')) {
+    common.printSkipMessage(`unsupported aes-256-ccm test`);
+  } else {
     for (const ivLength of [13, 12]) {
       const maxMessageSize = (1 << (8 * (15 - ivLength))) - 1;
       const key = 'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8';
@@ -377,11 +393,15 @@ for (const test of TEST_CASES) {
       });
       c.update(msg.slice(1));
     }
+  }
 }
 
 // Test that setAAD throws if the mode is CCM and the plaintext length has not
 // been specified.
 {
+  if (!ciphers.includes('aes-256-ccm')) {
+    common.printSkipMessage(`unsupported aes-256-ccm test`);
+  } else {
     assert.throws(() => {
       const cipher = crypto.createCipheriv('aes-256-ccm',
                                            'FxLKsqdmv0E9xrQhp0b1ZgI0K7JFZJM8',
@@ -403,11 +423,12 @@ for (const test of TEST_CASES) {
         cipher.setAAD(Buffer.from('0123456789', 'hex'));
       }, /options\.plaintextLength required for CCM mode with AAD/);
     }
+  }
 }
 
 // Test that final() throws in CCM mode when no authentication tag is provided.
 {
-  if (!isFipsEnabled) {
+  if (!isFipsEnabled && ciphers.includes('aes-128-ccm')) {
     const key = Buffer.from('1ed2233fa2223ef5d7df08546049406c', 'hex');
     const iv = Buffer.from('7305220bca40d4c90e1791e9', 'hex');
     const ct = Buffer.from('8beba09d4d4d861f957d51c0794f4abf8030848e', 'hex');
@@ -439,12 +460,16 @@ for (const test of TEST_CASES) {
 
 // Test that an IV length of 11 does not overflow max_message_size_.
 {
+  if (!ciphers.includes('aes-128-ccm')) {
+    common.printSkipMessage(`unsupported aes-128-ccm test`);
+  } else {
     const key = 'x'.repeat(16);
     const iv = Buffer.from('112233445566778899aabb', 'hex');
     const options = { authTagLength: 8 };
     const encrypt = crypto.createCipheriv('aes-128-ccm', key, iv, options);
     encrypt.update('boom');  // Should not throw 'Message exceeds maximum size'.
     encrypt.final();
+  }
 }
 
 // Test that the authentication tag can be set at any point before calling
@@ -499,6 +524,11 @@ for (const test of TEST_CASES) {
   }
 
   for (const alg of ['aes-256-gcm', 'aes-256-ocb', 'chacha20-poly1305']) {
+    if (!ciphers.includes(alg)) {
+      common.printSkipMessage(`unsupported ${alg} test`);
+      continue;
+    }
+
     for (const authTagLength of alg === 'aes-256-gcm' ? [undefined, 8] : [8]) {
       for (const [useAAD, useMessage] of [
         [false, false],  // No AAD, no update.
@@ -520,6 +550,11 @@ for (const test of TEST_CASES) {
   const opts = { authTagLength: 8 };
 
   for (const mode of ['gcm', 'ccm', 'ocb']) {
+    if (!ciphers.includes(`aes-128-${mode}`)) {
+      common.printSkipMessage(`unsupported aes-128-${mode} test`);
+      continue;
+    }
+
     const cipher = crypto.createCipheriv(`aes-128-${mode}`, key, iv, opts);
     const ciphertext = Buffer.concat([cipher.update(plain), cipher.final()]);
     const tag = cipher.getAuthTag();
@@ -563,6 +598,9 @@ for (const test of TEST_CASES) {
     tampered: false,
   };
 
+  if (!ciphers.includes(valid.algo)) {
+    common.printSkipMessage(`unsupported ${valid.algo} test`);
+  } else {
     // Invalid IV lengths should be detected:
     // - 12 and below are valid.
     // - 13-16 are not detected as invalid by some OpenSSL versions.
@@ -583,6 +621,7 @@ for (const test of TEST_CASES) {
 
       function H(length) { return '00'.repeat(length); }
     }
+  }
 }
 
 {

test/parallel/test-crypto-default-shake-lengths.js

@@ -4,6 +4,11 @@ const common = require('../common');
 if (!common.hasCrypto)
   common.skip('missing crypto');
 
+const crypto = require('crypto');
+if (!crypto.getHashes().includes('shake128')) {
+  common.skip('unsupported shake128 test');
+}
+
 const { createHash } = require('crypto');
 
 common.expectWarning({

test/parallel/test-crypto-des3-wrap.js

@@ -6,6 +6,10 @@ if (!common.hasCrypto)
 const assert = require('assert');
 const crypto = require('crypto');
 
+const ciphers = crypto.getCiphers();
+if (!ciphers.includes('des3-wrap'))
+  common.skip('des3-wrap cipher is not available');
+
 // Test case for des-ede3 wrap/unwrap. des3-wrap needs extra 2x blocksize
 // then plaintext to store ciphertext.
 const test = {

test/parallel/test-crypto-ecb.js

@@ -37,6 +37,10 @@ if (hasOpenSSL3) {
     'OpenSSl 3.x');
 }
 
+if (!crypto.getCiphers().includes('BF-ECB')) {
+  common.skip('BF-ECB cipher is not available');
+}
+
 const assert = require('assert');
 
 // Testing whether EVP_CipherInit_ex is functioning correctly.

test/parallel/test-crypto-padding-aes256.js

@@ -27,6 +27,9 @@ if (!common.hasCrypto)
 const assert = require('assert');
 const crypto = require('crypto');
 
+if (!crypto.getCiphers().includes('aes256'))
+  common.skip('aes256 cipher is not available');
+
 const iv = Buffer.from('00000000000000000000000000000000', 'hex');
 const key = Buffer.from('0123456789abcdef0123456789abcdef' +
                         '0123456789abcdef0123456789abcdef', 'hex');