11cb0ef41Sopenharmony_ci'use strict'; 21cb0ef41Sopenharmony_ciconst common = require('../common'); 31cb0ef41Sopenharmony_ci 41cb0ef41Sopenharmony_ci// This test ensures that ecdhCurve option of TLS server supports colon 51cb0ef41Sopenharmony_ci// separated ECDH curve names as value. 61cb0ef41Sopenharmony_ci 71cb0ef41Sopenharmony_ciif (!common.hasCrypto) 81cb0ef41Sopenharmony_ci common.skip('missing crypto'); 91cb0ef41Sopenharmony_ci 101cb0ef41Sopenharmony_ciif (!common.opensslCli) 111cb0ef41Sopenharmony_ci common.skip('missing openssl-cli'); 121cb0ef41Sopenharmony_ci 131cb0ef41Sopenharmony_ciconst assert = require('assert'); 141cb0ef41Sopenharmony_ciconst tls = require('tls'); 151cb0ef41Sopenharmony_ciconst { execFile } = require('child_process'); 161cb0ef41Sopenharmony_ciconst fixtures = require('../common/fixtures'); 171cb0ef41Sopenharmony_ci 181cb0ef41Sopenharmony_cifunction loadPEM(n) { 191cb0ef41Sopenharmony_ci return fixtures.readKey(`${n}.pem`); 201cb0ef41Sopenharmony_ci} 211cb0ef41Sopenharmony_ci 221cb0ef41Sopenharmony_ciconst options = { 231cb0ef41Sopenharmony_ci key: loadPEM('agent2-key'), 241cb0ef41Sopenharmony_ci cert: loadPEM('agent2-cert'), 251cb0ef41Sopenharmony_ci ciphers: '-ALL:ECDHE-RSA-AES128-SHA256', 261cb0ef41Sopenharmony_ci ecdhCurve: 'secp256k1:prime256v1:secp521r1', 271cb0ef41Sopenharmony_ci maxVersion: 'TLSv1.2', 281cb0ef41Sopenharmony_ci}; 291cb0ef41Sopenharmony_ci 301cb0ef41Sopenharmony_ciconst reply = 'I AM THE WALRUS'; // Something recognizable 311cb0ef41Sopenharmony_ci 321cb0ef41Sopenharmony_ciconst server = tls.createServer(options, (conn) => { 331cb0ef41Sopenharmony_ci conn.end(reply); 341cb0ef41Sopenharmony_ci}).listen(0, common.mustCall(() => { 351cb0ef41Sopenharmony_ci const args = ['s_client', 361cb0ef41Sopenharmony_ci '-cipher', `${options.ciphers}`, 371cb0ef41Sopenharmony_ci '-connect', `127.0.0.1:${server.address().port}`]; 381cb0ef41Sopenharmony_ci 391cb0ef41Sopenharmony_ci execFile(common.opensslCli, args, common.mustSucceed((stdout) => { 401cb0ef41Sopenharmony_ci assert(stdout.includes(reply)); 411cb0ef41Sopenharmony_ci server.close(); 421cb0ef41Sopenharmony_ci })); 431cb0ef41Sopenharmony_ci})); 441cb0ef41Sopenharmony_ci 451cb0ef41Sopenharmony_ci{ 461cb0ef41Sopenharmony_ci // Some unsupported curves. 471cb0ef41Sopenharmony_ci const unsupportedCurves = [ 481cb0ef41Sopenharmony_ci 'wap-wsg-idm-ecid-wtls1', 491cb0ef41Sopenharmony_ci 'c2pnb163v1', 501cb0ef41Sopenharmony_ci 'prime192v3', 511cb0ef41Sopenharmony_ci ]; 521cb0ef41Sopenharmony_ci 531cb0ef41Sopenharmony_ci // Brainpool is not supported in FIPS mode. 541cb0ef41Sopenharmony_ci if (common.hasFipsCrypto) 551cb0ef41Sopenharmony_ci unsupportedCurves.push('brainpoolP256r1'); 561cb0ef41Sopenharmony_ci 571cb0ef41Sopenharmony_ci unsupportedCurves.forEach((ecdhCurve) => { 581cb0ef41Sopenharmony_ci assert.throws(() => tls.createServer({ ecdhCurve }), 591cb0ef41Sopenharmony_ci /Error: Failed to set ECDH curve/); 601cb0ef41Sopenharmony_ci }); 611cb0ef41Sopenharmony_ci} 62