1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
'use strict';
// Test return value of tlsSocket.exportKeyingMaterial
const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');
const assert = require('assert');
const net = require('net');
const tls = require('tls');
const fixtures = require('../common/fixtures');
const key = fixtures.readKey('agent1-key.pem');
const cert = fixtures.readKey('agent1-cert.pem');
const server = net.createServer(common.mustCall((s) => {
const tlsSocket = new tls.TLSSocket(s, {
isServer: true,
server: server,
secureContext: tls.createSecureContext({ key, cert })
});
assert.throws(() => {
tlsSocket.exportKeyingMaterial(128, 'label');
}, {
name: 'Error',
message: 'TLS socket connection must be securely established',
code: 'ERR_TLS_INVALID_STATE'
});
tlsSocket.on('secure', common.mustCall(() => {
const label = 'client finished';
const validKeyingMaterial = tlsSocket.exportKeyingMaterial(128, label);
assert.strictEqual(validKeyingMaterial.length, 128);
const validKeyingMaterialWithContext = tlsSocket
.exportKeyingMaterial(128, label, Buffer.from([0, 1, 2, 3]));
assert.strictEqual(validKeyingMaterialWithContext.length, 128);
// Ensure providing a context results in a different key than without
assert.notStrictEqual(validKeyingMaterial, validKeyingMaterialWithContext);
const validKeyingMaterialWithEmptyContext = tlsSocket
.exportKeyingMaterial(128, label, Buffer.from([]));
assert.strictEqual(validKeyingMaterialWithEmptyContext.length, 128);
assert.throws(() => {
tlsSocket.exportKeyingMaterial(128, label, 'stringAsContextNotSupported');
}, {
name: 'TypeError',
code: 'ERR_INVALID_ARG_TYPE'
});
assert.throws(() => {
tlsSocket.exportKeyingMaterial(128, label, 1234);
}, {
name: 'TypeError',
code: 'ERR_INVALID_ARG_TYPE'
});
assert.throws(() => {
tlsSocket.exportKeyingMaterial(10, null);
}, {
name: 'TypeError',
code: 'ERR_INVALID_ARG_TYPE'
});
assert.throws(() => {
tlsSocket.exportKeyingMaterial('length', 1234);
}, {
name: 'TypeError',
code: 'ERR_INVALID_ARG_TYPE'
});
assert.throws(() => {
tlsSocket.exportKeyingMaterial(-3, 'a');
}, {
name: 'RangeError',
code: 'ERR_OUT_OF_RANGE'
});
assert.throws(() => {
tlsSocket.exportKeyingMaterial(0, 'a');
}, {
name: 'RangeError',
code: 'ERR_OUT_OF_RANGE'
});
tlsSocket.end();
server.close();
}));
})).listen(0, () => {
const opts = {
port: server.address().port,
rejectUnauthorized: false
};
tls.connect(opts, common.mustCall(function() { this.end(); }));
});
|
