diff options
| author | Shigeki Ohtsu <ohtsu@iij.ad.jp> | 2015-05-22 18:20:26 +0900 |
|---|---|---|
| committer | Shigeki Ohtsu <ohtsu@iij.ad.jp> | 2015-10-16 11:39:45 +0900 |
| commit | 6d92ebac11ba8a9988f08dda16c020d92e6e42a8 (patch) | |
| tree | b8916751c194b6c7cc19180d9a81b1baa73cdc19 /src | |
| parent | 503f279527e106c065a5435181bf3fc0b04f7140 (diff) | |
| download | node-new-6d92ebac11ba8a9988f08dda16c020d92e6e42a8.tar.gz | |
tls: add TLSSocket.getEphemeralKeyInfo()
Returns an object representing a type, name and size of an ephemeral
key exchange in a client connection. Currently only DHE and ECHE are
supported.
This api only works on on a client connection. When it is called on a
server connection, null is returned. When its key exchange is not
ephemeral, an empty object is returned.
PR-URL: https://github.com/nodejs/node/pull/1831
Reviewed-By: indutny - Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
Diffstat (limited to 'src')
| -rw-r--r-- | src/node_crypto.cc | 45 | ||||
| -rw-r--r-- | src/node_crypto.h | 2 |
2 files changed, 47 insertions, 0 deletions
diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 6d5403b563..6e4bf9e69f 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -1134,6 +1134,7 @@ void SSLWrap<Base>::AddMethods(Environment* env, Local<FunctionTemplate> t) { env->SetProtoMethod(t, "newSessionDone", NewSessionDone); env->SetProtoMethod(t, "setOCSPResponse", SetOCSPResponse); env->SetProtoMethod(t, "requestOCSP", RequestOCSP); + env->SetProtoMethod(t, "getEphemeralKeyInfo", GetEphemeralKeyInfo); #ifdef SSL_set_max_send_fragment env->SetProtoMethod(t, "setMaxSendFragment", SetMaxSendFragment); @@ -1744,6 +1745,50 @@ void SSLWrap<Base>::RequestOCSP( } +template <class Base> +void SSLWrap<Base>::GetEphemeralKeyInfo( + const v8::FunctionCallbackInfo<v8::Value>& args) { + Base* w = Unwrap<Base>(args.Holder()); + Environment* env = Environment::GetCurrent(args); + + CHECK_NE(w->ssl_, nullptr); + + // tmp key is available on only client + if (w->is_server()) + return args.GetReturnValue().SetNull(); + + Local<Object> info = Object::New(env->isolate()); + + EVP_PKEY* key; + + if (SSL_get_server_tmp_key(w->ssl_, &key)) { + switch (EVP_PKEY_id(key)) { + case EVP_PKEY_DH: + info->Set(env->type_string(), + FIXED_ONE_BYTE_STRING(env->isolate(), "DH")); + info->Set(env->size_string(), + Integer::New(env->isolate(), EVP_PKEY_bits(key))); + break; + case EVP_PKEY_EC: + { + EC_KEY* ec = EVP_PKEY_get1_EC_KEY(key); + int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + EC_KEY_free(ec); + info->Set(env->type_string(), + FIXED_ONE_BYTE_STRING(env->isolate(), "ECDH")); + info->Set(env->name_string(), + OneByteString(args.GetIsolate(), OBJ_nid2sn(nid))); + info->Set(env->size_string(), + Integer::New(env->isolate(), EVP_PKEY_bits(key))); + } + } + EVP_PKEY_free(key); + } + + return args.GetReturnValue().Set(info); +} + + #ifdef SSL_set_max_send_fragment template <class Base> void SSLWrap<Base>::SetMaxSendFragment( diff --git a/src/node_crypto.h b/src/node_crypto.h index 3bec02c38e..c276df0474 100644 --- a/src/node_crypto.h +++ b/src/node_crypto.h @@ -236,6 +236,8 @@ class SSLWrap { static void NewSessionDone(const v8::FunctionCallbackInfo<v8::Value>& args); static void SetOCSPResponse(const v8::FunctionCallbackInfo<v8::Value>& args); static void RequestOCSP(const v8::FunctionCallbackInfo<v8::Value>& args); + static void GetEphemeralKeyInfo( + const v8::FunctionCallbackInfo<v8::Value>& args); #ifdef SSL_set_max_send_fragment static void SetMaxSendFragment( |