11cb0ef41Sopenharmony_ci'use strict'; 21cb0ef41Sopenharmony_ciconst common = require('../common'); 31cb0ef41Sopenharmony_ciif (!common.hasCrypto) 41cb0ef41Sopenharmony_ci common.skip('missing crypto'); 51cb0ef41Sopenharmony_ci 61cb0ef41Sopenharmony_ciconst fixtures = require('../common/fixtures'); 71cb0ef41Sopenharmony_ciconst { inspect } = require('util'); 81cb0ef41Sopenharmony_ci 91cb0ef41Sopenharmony_ci// Test cipher: option for TLS. 101cb0ef41Sopenharmony_ci 111cb0ef41Sopenharmony_ciconst { 121cb0ef41Sopenharmony_ci assert, connect, keys 131cb0ef41Sopenharmony_ci} = require(fixtures.path('tls-connect')); 141cb0ef41Sopenharmony_ci 151cb0ef41Sopenharmony_ci 161cb0ef41Sopenharmony_cifunction test(cciphers, sciphers, cipher, cerr, serr, options) { 171cb0ef41Sopenharmony_ci assert(cipher || cerr || serr, 'test missing any expectations'); 181cb0ef41Sopenharmony_ci const where = inspect(new Error()).split('\n')[2].replace(/[^(]*/, ''); 191cb0ef41Sopenharmony_ci 201cb0ef41Sopenharmony_ci const max_tls_ver = (ciphers, options) => { 211cb0ef41Sopenharmony_ci if (options instanceof Object && Object.hasOwn(options, 'maxVersion')) 221cb0ef41Sopenharmony_ci return options.maxVersion; 231cb0ef41Sopenharmony_ci if ((typeof ciphers === 'string' || ciphers instanceof String) && ciphers.length > 0 && !ciphers.includes('TLS_')) 241cb0ef41Sopenharmony_ci return 'TLSv1.2'; 251cb0ef41Sopenharmony_ci 261cb0ef41Sopenharmony_ci return 'TLSv1.3'; 271cb0ef41Sopenharmony_ci }; 281cb0ef41Sopenharmony_ci 291cb0ef41Sopenharmony_ci connect({ 301cb0ef41Sopenharmony_ci client: { 311cb0ef41Sopenharmony_ci checkServerIdentity: (servername, cert) => { }, 321cb0ef41Sopenharmony_ci ca: `${keys.agent1.cert}\n${keys.agent6.ca}`, 331cb0ef41Sopenharmony_ci ciphers: cciphers, 341cb0ef41Sopenharmony_ci maxVersion: max_tls_ver(cciphers, options), 351cb0ef41Sopenharmony_ci }, 361cb0ef41Sopenharmony_ci server: { 371cb0ef41Sopenharmony_ci cert: keys.agent6.cert, 381cb0ef41Sopenharmony_ci key: keys.agent6.key, 391cb0ef41Sopenharmony_ci ciphers: sciphers, 401cb0ef41Sopenharmony_ci maxVersion: max_tls_ver(sciphers, options), 411cb0ef41Sopenharmony_ci }, 421cb0ef41Sopenharmony_ci }, common.mustCall((err, pair, cleanup) => { 431cb0ef41Sopenharmony_ci function u(_) { return _ === undefined ? 'U' : _; } 441cb0ef41Sopenharmony_ci console.log('test:', u(cciphers), u(sciphers), 451cb0ef41Sopenharmony_ci 'expect', u(cipher), u(cerr), u(serr)); 461cb0ef41Sopenharmony_ci console.log(' ', where); 471cb0ef41Sopenharmony_ci if (!cipher) { 481cb0ef41Sopenharmony_ci console.log('client', pair.client.err ? pair.client.err.code : undefined); 491cb0ef41Sopenharmony_ci console.log('server', pair.server.err ? pair.server.err.code : undefined); 501cb0ef41Sopenharmony_ci if (cerr) { 511cb0ef41Sopenharmony_ci assert(pair.client.err); 521cb0ef41Sopenharmony_ci assert.strictEqual(pair.client.err.code, cerr); 531cb0ef41Sopenharmony_ci } 541cb0ef41Sopenharmony_ci if (serr) { 551cb0ef41Sopenharmony_ci assert(pair.server.err); 561cb0ef41Sopenharmony_ci assert.strictEqual(pair.server.err.code, serr); 571cb0ef41Sopenharmony_ci } 581cb0ef41Sopenharmony_ci return cleanup(); 591cb0ef41Sopenharmony_ci } 601cb0ef41Sopenharmony_ci 611cb0ef41Sopenharmony_ci const reply = 'So long and thanks for all the fish.'; 621cb0ef41Sopenharmony_ci 631cb0ef41Sopenharmony_ci assert.ifError(err); 641cb0ef41Sopenharmony_ci assert.ifError(pair.server.err); 651cb0ef41Sopenharmony_ci assert.ifError(pair.client.err); 661cb0ef41Sopenharmony_ci assert(pair.server.conn); 671cb0ef41Sopenharmony_ci assert(pair.client.conn); 681cb0ef41Sopenharmony_ci assert.strictEqual(pair.client.conn.getCipher().name, cipher); 691cb0ef41Sopenharmony_ci assert.strictEqual(pair.server.conn.getCipher().name, cipher); 701cb0ef41Sopenharmony_ci 711cb0ef41Sopenharmony_ci pair.server.conn.write(reply); 721cb0ef41Sopenharmony_ci 731cb0ef41Sopenharmony_ci pair.client.conn.on('data', common.mustCall((data) => { 741cb0ef41Sopenharmony_ci assert.strictEqual(data.toString(), reply); 751cb0ef41Sopenharmony_ci return cleanup(); 761cb0ef41Sopenharmony_ci })); 771cb0ef41Sopenharmony_ci })); 781cb0ef41Sopenharmony_ci} 791cb0ef41Sopenharmony_ci 801cb0ef41Sopenharmony_ciconst U = undefined; 811cb0ef41Sopenharmony_ci 821cb0ef41Sopenharmony_ci// Have shared ciphers. 831cb0ef41Sopenharmony_citest(U, 'AES256-SHA', 'AES256-SHA'); 841cb0ef41Sopenharmony_citest('AES256-SHA', U, 'AES256-SHA'); 851cb0ef41Sopenharmony_ci 861cb0ef41Sopenharmony_citest(U, 'TLS_AES_256_GCM_SHA384', 'TLS_AES_256_GCM_SHA384'); 871cb0ef41Sopenharmony_citest('TLS_AES_256_GCM_SHA384', U, 'TLS_AES_256_GCM_SHA384'); 881cb0ef41Sopenharmony_ci 891cb0ef41Sopenharmony_ci// Do not have shared ciphers. 901cb0ef41Sopenharmony_citest('TLS_AES_256_GCM_SHA384', 'TLS_CHACHA20_POLY1305_SHA256', 911cb0ef41Sopenharmony_ci U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER'); 921cb0ef41Sopenharmony_ci 931cb0ef41Sopenharmony_citest('AES128-SHA', 'AES256-SHA', U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 941cb0ef41Sopenharmony_ci 'ERR_SSL_NO_SHARED_CIPHER'); 951cb0ef41Sopenharmony_citest('AES128-SHA:TLS_AES_256_GCM_SHA384', 961cb0ef41Sopenharmony_ci 'TLS_CHACHA20_POLY1305_SHA256:AES256-SHA', 971cb0ef41Sopenharmony_ci U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER'); 981cb0ef41Sopenharmony_ci 991cb0ef41Sopenharmony_ci// Cipher order ignored, TLS1.3 chosen before TLS1.2. 1001cb0ef41Sopenharmony_citest('AES256-SHA:TLS_AES_256_GCM_SHA384', U, 'TLS_AES_256_GCM_SHA384'); 1011cb0ef41Sopenharmony_citest(U, 'AES256-SHA:TLS_AES_256_GCM_SHA384', 'TLS_AES_256_GCM_SHA384'); 1021cb0ef41Sopenharmony_ci 1031cb0ef41Sopenharmony_ci// Cipher order ignored, TLS1.3 before TLS1.2 and 1041cb0ef41Sopenharmony_ci// cipher suites are not disabled if TLS ciphers are set only 1051cb0ef41Sopenharmony_ci// TODO: maybe these tests should be reworked so maxVersion clamping 1061cb0ef41Sopenharmony_ci// is done explicitly and not implicitly in the test() function 1071cb0ef41Sopenharmony_citest('AES256-SHA', U, 'TLS_AES_256_GCM_SHA384', U, U, { maxVersion: 'TLSv1.3' }); 1081cb0ef41Sopenharmony_citest(U, 'AES256-SHA', 'TLS_AES_256_GCM_SHA384', U, U, { maxVersion: 'TLSv1.3' }); 1091cb0ef41Sopenharmony_ci 1101cb0ef41Sopenharmony_ci// TLS_AES_128_CCM_8_SHA256 & TLS_AES_128_CCM_SHA256 are not enabled by 1111cb0ef41Sopenharmony_ci// default, but work. 1121cb0ef41Sopenharmony_citest('TLS_AES_128_CCM_8_SHA256', U, 1131cb0ef41Sopenharmony_ci U, 'ERR_SSL_SSLV3_ALERT_HANDSHAKE_FAILURE', 'ERR_SSL_NO_SHARED_CIPHER'); 1141cb0ef41Sopenharmony_ci 1151cb0ef41Sopenharmony_citest('TLS_AES_128_CCM_8_SHA256', 'TLS_AES_128_CCM_8_SHA256', 1161cb0ef41Sopenharmony_ci 'TLS_AES_128_CCM_8_SHA256'); 1171cb0ef41Sopenharmony_ci 1181cb0ef41Sopenharmony_ci// Invalid cipher values 1191cb0ef41Sopenharmony_citest(9, 'AES256-SHA', U, 'ERR_INVALID_ARG_TYPE', U); 1201cb0ef41Sopenharmony_citest('AES256-SHA', 9, U, U, 'ERR_INVALID_ARG_TYPE'); 1211cb0ef41Sopenharmony_citest(':', 'AES256-SHA', U, 'ERR_INVALID_ARG_VALUE', U); 1221cb0ef41Sopenharmony_citest('AES256-SHA', ':', U, U, 'ERR_INVALID_ARG_VALUE'); 1231cb0ef41Sopenharmony_ci 1241cb0ef41Sopenharmony_ci// Using '' is synonymous for "use default ciphers" 1251cb0ef41Sopenharmony_citest('TLS_AES_256_GCM_SHA384', '', 'TLS_AES_256_GCM_SHA384'); 1261cb0ef41Sopenharmony_citest('', 'TLS_AES_256_GCM_SHA384', 'TLS_AES_256_GCM_SHA384'); 1271cb0ef41Sopenharmony_ci 1281cb0ef41Sopenharmony_ci// Using null should be treated the same as undefined. 1291cb0ef41Sopenharmony_citest(null, 'AES256-SHA', 'AES256-SHA'); 1301cb0ef41Sopenharmony_citest('AES256-SHA', null, 'AES256-SHA'); 131