1 files changed, 204 insertions, 0 deletions

diff --git a/cli/tests/unit_node/crypto/crypto_key_test.ts b/cli/tests/unit_node/crypto/crypto_key_test.ts
new file mode 100644
index 000000000..672c9fa7f
--- /dev/null
+++ b/cli/tests/unit_node/crypto/crypto_key_test.ts
@@ -0,0 +1,204 @@
+// deno-lint-ignore-file no-explicit-any
+
+// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
+import {
+  createSecretKey,
+  generateKeyPair,
+  generateKeyPairSync,
+  KeyObject,
+  randomBytes,
+} from "node:crypto";
+import { promisify } from "node:util";
+import { Buffer } from "node:buffer";
+import {
+  assertEquals,
+  assertThrows,
+} from "../../../../test_util/std/testing/asserts.ts";
+import { createHmac } from "node:crypto";
+
+const generateKeyPairAsync = promisify(
+  (
+    type: any,
+    options: any,
+    callback: (
+      err: Error | null,
+      key: { publicKey: KeyObject; privateKey: KeyObject },
+    ) => void,
+  ) =>
+    generateKeyPair(
+      type,
+      options,
+      (err: Error | null, publicKey: KeyObject, privateKey: KeyObject) => {
+        callback(err, { publicKey, privateKey });
+      },
+    ),
+);
+
+Deno.test({
+  name: "create secret key",
+  fn() {
+    const key = createSecretKey(Buffer.alloc(0));
+    assertEquals(key.type, "secret");
+    assertEquals(key.asymmetricKeyType, undefined);
+    assertEquals(key.symmetricKeySize, 0);
+  },
+});
+
+Deno.test({
+  name: "export secret key",
+  fn() {
+    const material = Buffer.from(randomBytes(32));
+    const key = createSecretKey(material);
+    assertEquals(Buffer.from(key.export()), material);
+  },
+});
+
+Deno.test({
+  name: "export jwk secret key",
+  fn() {
+    const material = Buffer.from("secret");
+    const key = createSecretKey(material);
+    assertEquals(key.export({ format: "jwk" }), {
+      kty: "oct",
+      k: "c2VjcmV0",
+    });
+  },
+});
+
+Deno.test({
+  name: "createHmac with secret key",
+  fn() {
+    const key = createSecretKey(Buffer.from("secret"));
+    assertEquals(
+      createHmac("sha256", key).update("hello").digest().toString("hex"),
+      "88aab3ede8d3adf94d26ab90d3bafd4a2083070c3bcce9c014ee04a443847c0b",
+    );
+  },
+});
+
+for (const type of ["rsa", "rsa-pss", "dsa"]) {
+  for (const modulusLength of [2048, 3072]) {
+    Deno.test({
+      name: `generate ${type} key`,
+      fn() {
+        const { publicKey, privateKey } = generateKeyPairSync(type as any, {
+          modulusLength,
+        });
+
+        assertEquals(publicKey.type, "public");
+        assertEquals(privateKey.type, "private");
+      },
+    });
+
+    Deno.test({
+      name: `generate ${type} key async`,
+      async fn() {
+        const x = await generateKeyPairAsync(type as any, {
+          modulusLength,
+        });
+        const { publicKey, privateKey } = x;
+        assertEquals(publicKey.type, "public");
+        assertEquals(privateKey.type, "private");
+      },
+    });
+  }
+}
+
+for (const namedCurve of ["P-384", "P-256"]) {
+  Deno.test({
+    name: `generate ec key ${namedCurve}`,
+    fn() {
+      const { publicKey, privateKey } = generateKeyPairSync("ec", {
+        namedCurve,
+      });
+
+      assertEquals(publicKey.type, "public");
+      assertEquals(privateKey.type, "private");
+    },
+  });
+
+  Deno.test({
+    name: `generate ec key ${namedCurve} async`,
+    async fn() {
+      const { publicKey, privateKey } = await generateKeyPairAsync("ec", {
+        namedCurve,
+      });
+
+      assertEquals(publicKey.type, "public");
+      assertEquals(privateKey.type, "private");
+    },
+  });
+
+  Deno.test({
+    name: `generate ec key ${namedCurve} paramEncoding=explicit fails`,
+    fn() {
+      assertThrows(() => {
+        // @ts-ignore: @types/node is broken?
+        generateKeyPairSync("ec", {
+          namedCurve,
+          paramEncoding: "explicit",
+        });
+      });
+    },
+  });
+}
+
+for (
+  const groupName of ["modp5", "modp14", "modp15", "modp16", "modp17", "modp18"]
+) {
+  Deno.test({
+    name: `generate dh key ${groupName}`,
+    fn() {
+      // @ts-ignore: @types/node is broken?
+      const { publicKey, privateKey } = generateKeyPairSync("dh", {
+        group: groupName,
+      });
+
+      assertEquals(publicKey.type, "public");
+      assertEquals(privateKey.type, "private");
+    },
+  });
+
+  Deno.test({
+    name: `generate dh key ${groupName} async`,
+    async fn() {
+      // @ts-ignore: @types/node is broken?
+      const { publicKey, privateKey } = await generateKeyPairAsync("dh", {
+        group: groupName,
+      });
+
+      assertEquals(publicKey.type, "public");
+      assertEquals(privateKey.type, "private");
+    },
+  });
+}
+
+for (const primeLength of [1024, 2048, 4096]) {
+  Deno.test({
+    name: `generate dh key ${primeLength}`,
+    fn() {
+      // @ts-ignore: @types/node is broken?
+      const { publicKey, privateKey } = generateKeyPairSync("dh", {
+        primeLength,
+        generator: 2,
+      });
+
+      assertEquals(publicKey.type, "public");
+      assertEquals(privateKey.type, "private");
+    },
+  });
+
+  Deno.test({
+    name: `generate dh key ${primeLength} async`,
+    async fn() {
+      // @ts-ignore: @types/node is broken?
+      const { publicKey, privateKey } = await generateKeyPairAsync("dh", {
+        primeLength,
+        generator: 2,
+      });
+
+      assertEquals(publicKey.type, "public");
+      assertEquals(privateKey.type, "private");
+    },
+  });
+}