• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1'use strict';
2
3// Test return value of tlsSocket.exportKeyingMaterial
4
5const common = require('../common');
6
7if (!common.hasCrypto)
8  common.skip('missing crypto');
9
10const assert = require('assert');
11const net = require('net');
12const tls = require('tls');
13const fixtures = require('../common/fixtures');
14
15const key = fixtures.readKey('agent1-key.pem');
16const cert = fixtures.readKey('agent1-cert.pem');
17
18const server = net.createServer(common.mustCall((s) => {
19  const tlsSocket = new tls.TLSSocket(s, {
20    isServer: true,
21    server: server,
22    secureContext: tls.createSecureContext({ key, cert })
23  });
24
25  assert.throws(() => {
26    tlsSocket.exportKeyingMaterial(128, 'label');
27  }, {
28    name: 'Error',
29    message: 'TLS socket connection must be securely established',
30    code: 'ERR_TLS_INVALID_STATE'
31  });
32
33  tlsSocket.on('secure', common.mustCall(() => {
34    const label = 'client finished';
35
36    const validKeyingMaterial = tlsSocket.exportKeyingMaterial(128, label);
37    assert.strictEqual(validKeyingMaterial.length, 128);
38
39    const validKeyingMaterialWithContext = tlsSocket
40      .exportKeyingMaterial(128, label, Buffer.from([0, 1, 2, 3]));
41    assert.strictEqual(validKeyingMaterialWithContext.length, 128);
42
43    // Ensure providing a context results in a different key than without
44    assert.notStrictEqual(validKeyingMaterial, validKeyingMaterialWithContext);
45
46    const validKeyingMaterialWithEmptyContext = tlsSocket
47      .exportKeyingMaterial(128, label, Buffer.from([]));
48    assert.strictEqual(validKeyingMaterialWithEmptyContext.length, 128);
49
50    assert.throws(() => {
51      tlsSocket.exportKeyingMaterial(128, label, 'stringAsContextNotSupported');
52    }, {
53      name: 'TypeError',
54      code: 'ERR_INVALID_ARG_TYPE'
55    });
56
57    assert.throws(() => {
58      tlsSocket.exportKeyingMaterial(128, label, 1234);
59    }, {
60      name: 'TypeError',
61      code: 'ERR_INVALID_ARG_TYPE'
62    });
63
64    assert.throws(() => {
65      tlsSocket.exportKeyingMaterial(10, null);
66    }, {
67      name: 'TypeError',
68      code: 'ERR_INVALID_ARG_TYPE'
69    });
70
71    assert.throws(() => {
72      tlsSocket.exportKeyingMaterial('length', 1234);
73    }, {
74      name: 'TypeError',
75      code: 'ERR_INVALID_ARG_TYPE'
76    });
77
78    assert.throws(() => {
79      tlsSocket.exportKeyingMaterial(-3, 'a');
80    }, {
81      name: 'RangeError',
82      code: 'ERR_OUT_OF_RANGE'
83    });
84
85    assert.throws(() => {
86      tlsSocket.exportKeyingMaterial(0, 'a');
87    }, {
88      name: 'RangeError',
89      code: 'ERR_OUT_OF_RANGE'
90    });
91
92    tlsSocket.end();
93    server.close();
94  }));
95})).listen(0, () => {
96  const opts = {
97    port: server.address().port,
98    rejectUnauthorized: false
99  };
100
101  tls.connect(opts, common.mustCall(function() { this.end(); }));
102});
103