0
0
mirror of https://github.com/nodejs/node.git synced 2024-12-01 16:10:02 +01:00
nodejs/test/sequential/test-tls-psk-client.js
Denys Otrishko f8d7e2216e
tls: add PSK support
Add the `pskCallback` client/server option, which resolves an identity
or identity hint to a pre-shared key.

Add the `pskIdentityHint` server option to set the identity hint for the
ServerKeyExchange message.

Co-authored-by: Chris Osborn <chris.osborn@sitelier.com>
Co-authored-by: stephank <gh@stephank.nl>
Co-authored-by: Taylor Zane Glaeser <tzglaeser@gmail.com>

PR-URL: https://github.com/nodejs/node/pull/23188
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
2019-12-25 12:24:42 +01:00

97 lines
2.1 KiB
JavaScript

'use strict';
const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
if (!common.opensslCli)
common.skip('missing openssl cli');
const assert = require('assert');
const tls = require('tls');
const net = require('net');
const { spawn } = require('child_process');
const CIPHERS = 'PSK+HIGH';
const KEY = 'd731ef57be09e5204f0b205b60627028';
const IDENTITY = 'Client_identity'; // Hardcoded by `openssl s_server`
const server = spawn(common.opensslCli, [
's_server',
'-accept', common.PORT,
'-cipher', CIPHERS,
'-psk', KEY,
'-psk_hint', IDENTITY,
'-nocert',
'-rev',
]);
const cleanUp = (err) => {
clearTimeout(timeout);
if (err)
console.log('Failed:', err);
server.kill();
process.exitCode = err ? 1 : 0;
};
const timeout = setTimeout(() => cleanUp('Timeouted'), 5000);
function waitForPort(port, cb) {
const socket = net.connect(common.PORT, () => {
socket.end();
socket.on('end', cb);
});
socket.on('error', (e) => {
if (e.code === 'ENOENT' || e.code === 'ECONNREFUSED') {
setTimeout(() => waitForPort(port, cb), 1000);
} else {
cb(e);
}
});
}
waitForPort(common.PORT, common.mustCall((err) => {
if (err) {
cleanUp(err);
return;
}
const message = 'hello';
const reverse = message.split('').reverse().join('');
runClient(message, common.mustCall((err, data) => {
try {
if (!err) assert.strictEqual(data.trim(), reverse);
} finally {
cleanUp(err);
}
}));
}));
function runClient(message, cb) {
const s = tls.connect(common.PORT, {
ciphers: CIPHERS,
checkServerIdentity: () => {},
pskCallback(hint) {
// 'hint' will be null in TLS1.3.
if (hint === null || hint === IDENTITY) {
return {
identity: IDENTITY,
psk: Buffer.from(KEY, 'hex')
};
}
}
});
s.on('secureConnect', common.mustCall(() => {
let data = '';
s.on('data', common.mustCallAtLeast((d) => {
data += d;
}));
s.on('end', common.mustCall(() => {
cb(null, data);
}));
s.end(message);
}));
s.on('error', (e) => {
cb(e);
});
}