From f72e178a78950b38e6149148d88d2853f780f7f9 Mon Sep 17 00:00:00 2001 From: Shigeki Ohtsu Date: Fri, 22 May 2015 18:21:54 +0900 Subject: [PATCH] tls: add minDHSize option to tls.connect() Add a new option to specifiy a minimum size of an ephemeral DH parameter to accept a tls connection. Default is 1024 bit. PR-URL: https://github.com/nodejs/node/pull/1831 Reviewed-By: indutny - Fedor Indutny Reviewed-By: bnoordhuis - Ben Noordhuis --- doc/api/tls.markdown | 5 ++ lib/_tls_wrap.js | 19 ++++- test/parallel/test-tls-client-mindhsize.js | 81 ++++++++++++++++++++++ 3 files changed, 104 insertions(+), 1 deletion(-) create mode 100644 test/parallel/test-tls-client-mindhsize.js diff --git a/doc/api/tls.markdown b/doc/api/tls.markdown index e4827dbd1b2f33..d8ce9381a65cac 100644 --- a/doc/api/tls.markdown +++ b/doc/api/tls.markdown @@ -388,6 +388,11 @@ Creates a new client connection to the given `port` and `host` (old API) or - `session`: A `Buffer` instance, containing TLS session. + - `minDHSize`: Minimum size of DH parameter in bits to accept a TLS + connection. When a server offers DH parameter with a size less + than this, the TLS connection is destroyed and throws an + error. Default: 1024. + The `callback` parameter will be added as a listener for the ['secureConnect'][] event. diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index da2de9814de936..6a1c295ce31034 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -945,7 +945,8 @@ exports.connect = function(/* [port, host], options, cb */) { var defaults = { rejectUnauthorized: '0' !== process.env.NODE_TLS_REJECT_UNAUTHORIZED, ciphers: tls.DEFAULT_CIPHERS, - checkServerIdentity: tls.checkServerIdentity + checkServerIdentity: tls.checkServerIdentity, + minDHSize: 1024 }; options = util._extend(defaults, options || {}); @@ -953,6 +954,11 @@ exports.connect = function(/* [port, host], options, cb */) { options.singleUse = true; assert(typeof options.checkServerIdentity === 'function'); + assert(typeof options.minDHSize === 'number', + 'options.minDHSize is not a number: ' + options.minDHSize); + assert(options.minDHSize > 0, + 'options.minDHSize is not a posivie number: ' + + options.minDHSize); var hostname = options.servername || options.host || @@ -1004,6 +1010,17 @@ exports.connect = function(/* [port, host], options, cb */) { socket._start(); socket.on('secure', function() { + // Check the size of DHE parameter above minimum requirement + // specified in options. + var ekeyinfo = socket.getEphemeralKeyInfo(); + if (ekeyinfo.type === 'DH' && ekeyinfo.size < options.minDHSize) { + var err = new Error('DH parameter size ' + ekeyinfo.size + + ' is less than ' + options.minDHSize); + socket.emit('error', err); + socket.destroy(); + return; + } + var verifyError = socket._handle.verifyError(); // Verify that server's identity matches it's certificate's names diff --git a/test/parallel/test-tls-client-mindhsize.js b/test/parallel/test-tls-client-mindhsize.js new file mode 100644 index 00000000000000..fde3de512cdc26 --- /dev/null +++ b/test/parallel/test-tls-client-mindhsize.js @@ -0,0 +1,81 @@ +'use strict'; +var common = require('../common'); +var assert = require('assert'); + +if (!common.hasCrypto) { + console.log('1..0 # Skipped: missing crypto'); + process.exit(); +} +var tls = require('tls'); + +var fs = require('fs'); +var key = fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'); +var cert = fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem'); + +var nsuccess = 0; +var nerror = 0; + +function loadDHParam(n) { + var path = common.fixturesDir; + if (n !== 'error') path += '/keys'; + return fs.readFileSync(path + '/dh' + n + '.pem'); +} + +function test(size, err, next) { + var options = { + key: key, + cert: cert, + dhparam: loadDHParam(size), + ciphers: 'DHE-RSA-AES128-GCM-SHA256' + }; + + var server = tls.createServer(options, function(conn) { + conn.end(); + }); + + server.on('close', function(isException) { + assert(!isException); + if (next) next(); + }); + + server.listen(common.PORT, '127.0.0.1', function() { + // client set minimum DH parameter size to 2048 bits so that + // it fails when it make a connection to the tls server where + // dhparams is 1024 bits + var client = tls.connect({ + minDHSize: 2048, + port: common.PORT, + rejectUnauthorized: false + }, function() { + nsuccess++; + server.close(); + }); + if (err) { + client.on('error', function(e) { + nerror++; + assert.strictEqual(e.message, 'DH parameter size 1024 is less' + + ' than 2048'); + server.close(); + }); + } + }); +} + +// A client connection fails with an error when a client has an +// 2048 bits minDHSize option and a server has 1024 bits dhparam +function testDHE1024() { + test(1024, true, testDHE2048); +} + +// A client connection successes when a client has an +// 2048 bits minDHSize option and a server has 2048 bits dhparam +function testDHE2048() { + test(2048, false, null); +} + +testDHE1024(); + +process.on('exit', function() { + assert.equal(nsuccess, 1); + assert.equal(nerror, 1); +});