11cb0ef41Sopenharmony_ci'use strict'; 21cb0ef41Sopenharmony_ciconst common = require('../common'); 31cb0ef41Sopenharmony_ciif (!common.hasCrypto) 41cb0ef41Sopenharmony_ci common.skip('missing crypto'); 51cb0ef41Sopenharmony_ci 61cb0ef41Sopenharmony_ciconst assert = require('assert'); 71cb0ef41Sopenharmony_ciconst tls = require('tls'); 81cb0ef41Sopenharmony_ciconst fixtures = require('../common/fixtures'); 91cb0ef41Sopenharmony_ci 101cb0ef41Sopenharmony_ciconst key = fixtures.readKey('agent2-key.pem'); 111cb0ef41Sopenharmony_ciconst cert = fixtures.readKey('agent2-cert.pem'); 121cb0ef41Sopenharmony_ci 131cb0ef41Sopenharmony_cilet nsuccess = 0; 141cb0ef41Sopenharmony_cilet nerror = 0; 151cb0ef41Sopenharmony_ci 161cb0ef41Sopenharmony_cifunction loadDHParam(n) { 171cb0ef41Sopenharmony_ci return fixtures.readKey(`dh${n}.pem`); 181cb0ef41Sopenharmony_ci} 191cb0ef41Sopenharmony_ci 201cb0ef41Sopenharmony_cifunction test(size, err, next) { 211cb0ef41Sopenharmony_ci const options = { 221cb0ef41Sopenharmony_ci key: key, 231cb0ef41Sopenharmony_ci cert: cert, 241cb0ef41Sopenharmony_ci dhparam: loadDHParam(size), 251cb0ef41Sopenharmony_ci ciphers: 'DHE-RSA-AES128-GCM-SHA256' 261cb0ef41Sopenharmony_ci }; 271cb0ef41Sopenharmony_ci 281cb0ef41Sopenharmony_ci const server = tls.createServer(options, function(conn) { 291cb0ef41Sopenharmony_ci conn.end(); 301cb0ef41Sopenharmony_ci }); 311cb0ef41Sopenharmony_ci 321cb0ef41Sopenharmony_ci server.on('close', function(isException) { 331cb0ef41Sopenharmony_ci assert(!isException); 341cb0ef41Sopenharmony_ci if (next) next(); 351cb0ef41Sopenharmony_ci }); 361cb0ef41Sopenharmony_ci 371cb0ef41Sopenharmony_ci server.listen(0, function() { 381cb0ef41Sopenharmony_ci // Client set minimum DH parameter size to 2048 bits so that 391cb0ef41Sopenharmony_ci // it fails when it make a connection to the tls server where 401cb0ef41Sopenharmony_ci // dhparams is 1024 bits 411cb0ef41Sopenharmony_ci const client = tls.connect({ 421cb0ef41Sopenharmony_ci minDHSize: 2048, 431cb0ef41Sopenharmony_ci port: this.address().port, 441cb0ef41Sopenharmony_ci rejectUnauthorized: false, 451cb0ef41Sopenharmony_ci maxVersion: 'TLSv1.2', 461cb0ef41Sopenharmony_ci }, function() { 471cb0ef41Sopenharmony_ci nsuccess++; 481cb0ef41Sopenharmony_ci server.close(); 491cb0ef41Sopenharmony_ci }); 501cb0ef41Sopenharmony_ci if (err) { 511cb0ef41Sopenharmony_ci client.on('error', function(e) { 521cb0ef41Sopenharmony_ci nerror++; 531cb0ef41Sopenharmony_ci assert.strictEqual(e.code, 'ERR_TLS_DH_PARAM_SIZE'); 541cb0ef41Sopenharmony_ci server.close(); 551cb0ef41Sopenharmony_ci }); 561cb0ef41Sopenharmony_ci } 571cb0ef41Sopenharmony_ci }); 581cb0ef41Sopenharmony_ci} 591cb0ef41Sopenharmony_ci 601cb0ef41Sopenharmony_ci// A client connection fails with an error when a client has an 611cb0ef41Sopenharmony_ci// 2048 bits minDHSize option and a server has 1024 bits dhparam 621cb0ef41Sopenharmony_cifunction testDHE1024() { 631cb0ef41Sopenharmony_ci test(1024, true, testDHE2048); 641cb0ef41Sopenharmony_ci} 651cb0ef41Sopenharmony_ci 661cb0ef41Sopenharmony_ci// A client connection successes when a client has an 671cb0ef41Sopenharmony_ci// 2048 bits minDHSize option and a server has 2048 bits dhparam 681cb0ef41Sopenharmony_cifunction testDHE2048() { 691cb0ef41Sopenharmony_ci test(2048, false, null); 701cb0ef41Sopenharmony_ci} 711cb0ef41Sopenharmony_ci 721cb0ef41Sopenharmony_citestDHE1024(); 731cb0ef41Sopenharmony_ci 741cb0ef41Sopenharmony_ciassert.throws(() => test(512, true, common.mustNotCall()), 751cb0ef41Sopenharmony_ci /DH parameter is less than 1024 bits/); 761cb0ef41Sopenharmony_ci 771cb0ef41Sopenharmony_cilet errMessage = /minDHSize is not a positive number/; 781cb0ef41Sopenharmony_ci[0, -1, -Infinity, NaN].forEach((minDHSize) => { 791cb0ef41Sopenharmony_ci assert.throws(() => tls.connect({ minDHSize }), 801cb0ef41Sopenharmony_ci errMessage); 811cb0ef41Sopenharmony_ci}); 821cb0ef41Sopenharmony_ci 831cb0ef41Sopenharmony_cierrMessage = /minDHSize is not a number/; 841cb0ef41Sopenharmony_ci[true, false, null, undefined, {}, [], '', '1'].forEach((minDHSize) => { 851cb0ef41Sopenharmony_ci assert.throws(() => tls.connect({ minDHSize }), errMessage); 861cb0ef41Sopenharmony_ci}); 871cb0ef41Sopenharmony_ci 881cb0ef41Sopenharmony_ciprocess.on('exit', function() { 891cb0ef41Sopenharmony_ci assert.strictEqual(nsuccess, 1); 901cb0ef41Sopenharmony_ci assert.strictEqual(nerror, 1); 911cb0ef41Sopenharmony_ci}); 92