From 1a317135c5d65fe519ad8fa335342272ea53ddbc Mon Sep 17 00:00:00 2001 From: Rhys Jones Date: Mon, 3 May 2010 23:37:49 +0100 Subject: [PATCH] Additional OpenSSL tests --- lib/crypto.js | 26 ++++++++++ src/node_crypto.cc | 2 +- test/simple/test-crypto.js | 72 +++++++++++++++++++++++++++ test/simple/test-http-tls.js | 10 ++-- test/simple/test-tcp-tls.js | 96 ++++++++++++++++++++++++++++++++++++ 5 files changed, 200 insertions(+), 6 deletions(-) create mode 100644 test/simple/test-crypto.js create mode 100644 test/simple/test-tcp-tls.js diff --git a/lib/crypto.js b/lib/crypto.js index f321215000..c43565e45d 100644 --- a/lib/crypto.js +++ b/lib/crypto.js @@ -3,7 +3,10 @@ try { var binding = process.binding('crypto'); var SecureContext = binding.SecureContext; var SecureStream = binding.SecureStream; + var Hmac = binding.Hmac; var Hash = binding.Hash; + var Cipher = binding.Cipher; + var Decipher = binding.Decipher; var Sign = binding.Sign; var Verify = binding.Verify; var crypto = true; @@ -41,6 +44,29 @@ exports.createHash = function(hash) { return (new Hash).init(hash); } +exports.Hmac = Hmac; +exports.createHmac = function(hmac, key) { + return (new Hmac).init(hmac, key); +} + +exports.Cipher = Cipher; +exports.createCipher = function(cipher, key) { + return (new Cipher).init(cipher, key); +} + +exports.createCipheriv = function(cipher, key, iv) { + return (new Cipher).initiv(cipher, key, iv); +} + +exports.Decipher = Decipher; +exports.createDecipher = function(cipher, key) { + return (new Decipher).init(cipher, key); +} + +exports.createDecipheriv = function(cipher, key, iv) { + return (new Decipher).initiv(cipher, key, iv); +} + exports.Sign = Sign; exports.createSign = function(algorithm) { return (new Sign).init(algorithm); diff --git a/src/node_crypto.cc b/src/node_crypto.cc index f925030179..0bfcfcca94 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -2530,7 +2530,7 @@ void InitCrypto(Handle target) { HandleScope scope; SSL_library_init(); - OpenSSL_add_ssl_algorithms(); + OpenSSL_add_all_algorithms(); OpenSSL_add_all_digests(); SSL_load_error_strings(); ERR_load_crypto_strings(); diff --git a/test/simple/test-crypto.js b/test/simple/test-crypto.js new file mode 100644 index 0000000000..7c712046ac --- /dev/null +++ b/test/simple/test-crypto.js @@ -0,0 +1,72 @@ +require("../common"); +var fs = require('fs'); +var sys = require('sys'); + +var have_openssl; +try { + var crypto = require('crypto'); + have_openssl=true; +} catch (e) { + have_openssl=false; + puts("Not compiled with OPENSSL support."); + process.exit(); +} + +var caPem = fs.readFileSync(fixturesDir+"/test_ca.pem"); +var certPem = fs.readFileSync(fixturesDir+"/test_cert.pem"); +var keyPem = fs.readFileSync(fixturesDir+"/test_key.pem"); + +var credentials = crypto.createCredentials({key:keyPem, cert:certPem, ca:caPem}); + +// Test HMAC +//var h1 = (new crypto.Hmac).init("sha1", "Node").update("some data").update("to hmac").digest("hex"); +var h1 = crypto.createHmac("sha1", "Node").update("some data").update("to hmac").digest("hex"); +assert.equal(h1, '19fd6e1ba73d9ed2224dd5094a71babe85d9a892', "test HMAC"); + +// Test hashing +var a0 = crypto.createHash("sha1").update("Test123").digest("hex"); +var a1 = crypto.createHash("md5").update("Test123").digest("binary"); +var a2= crypto.createHash("sha256").update("Test123").digest("base64"); +var a3 = crypto.createHash("sha512").update("Test123").digest(); // binary + +// Test multiple updates to same hash +var h1 = crypto.createHash("sha1").update("Test123").digest("hex"); +var h2 = (new crypto.Hash).init("sha1").update("Test").update("123").digest("hex"); +assert.equal(h1, h2, "multipled updates"); + + +// Test signing and verifying +var s1 = crypto.createSign("RSA-SHA1").update("Test123").sign(keyPem, "base64"); +var verified = crypto.createVerify("RSA-SHA1").update("Test").update("123").verify(certPem, s1, "base64"); +assert.ok(verified, "sign and verify (base 64)"); + +var s2 = crypto.createSign("RSA-SHA256").update("Test123").sign(keyPem); // binary +var verified = crypto.createVerify("RSA-SHA256").update("Test").update("123").verify(certPem, s2); // binary +assert.ok(verified, "sign and verify (binary)"); + +// Test encryption and decryption +var plaintext="Keep this a secret? No! Tell everyone about node.js!"; + +var cipher=crypto.createCipher("aes192", "MySecretKey123"); +var ciph=cipher.update(plaintext, 'utf8', 'hex'); // encrypt plaintext which is in utf8 format to a ciphertext which will be in hex +ciph+=cipher.final('hex'); // Only use binary or hex, not base64. + +var decipher=crypto.createDecipher("aes192", "MySecretKey123"); +var txt = decipher.update(ciph, 'hex', 'utf8'); +txt += decipher.final('utf8'); +assert.equal(txt, plaintext, "encryption and decryption"); + +// Test encyrption and decryption with explicit key and iv +var encryption_key='0123456789abcd0123456789'; +var iv = '12345678'; + +var cipher=crypto.createCipheriv("des-ede3-cbc", encryption_key, iv); + +var ciph=cipher.update(plaintext, 'utf8', 'hex'); +ciph+=cipher.final('hex'); + +var decipher=crypto.createDecipheriv("des-ede3-cbc",encryption_key,iv); +var txt = decipher.update(ciph, 'hex', 'utf8'); +txt += decipher.final('utf8'); +assert.equal(txt, plaintext, "encryption and decryption with key and iv"); + diff --git a/test/simple/test-http-tls.js b/test/simple/test-http-tls.js index 209e220f2c..f600dff888 100644 --- a/test/simple/test-http-tls.js +++ b/test/simple/test-http-tls.js @@ -32,10 +32,10 @@ var https_server = http.createServer(function (req, res) { res.id = request_number; req.id = request_number++; - var verified = c.verifyPeer(); - var peerDN = JSON.stringify(c.getPeerCertificate()); - assert.equal(verified, true); - assert.equal(peerDN, '{"subject":"/C=UK/ST=Acknack Ltd/L=Rhys Jones' + var verified = res.connection.verifyPeer(); + var peerDN = JSON.stringify(req.connection.getPeerCertificate()); + assert.equal(verified, true); + assert.equal(peerDN, '{"subject":"/C=UK/ST=Acknack Ltd/L=Rhys Jones' + '/O=node.js/OU=Test TLS Certificate/CN=localhost",' + '"issuer":"/C=UK/ST=Acknack Ltd/L=Rhys Jones/O=node.js' + '/OU=Test TLS Certificate/CN=localhost","valid_from":' @@ -84,7 +84,7 @@ c.addListener("connect", function () { c.addListener("secure", function () { var verified = c.verifyPeer(); var peerDN = JSON.stringify(c.getPeerCertificate()); - //assert.equal(verified, 1); + assert.equal(verified, true); assert.equal(peerDN, '{"subject":"/C=UK/ST=Acknack Ltd/L=Rhys Jones' + '/O=node.js/OU=Test TLS Certificate/CN=localhost",' + '"issuer":"/C=UK/ST=Acknack Ltd/L=Rhys Jones/O=node.js' diff --git a/test/simple/test-tcp-tls.js b/test/simple/test-tcp-tls.js new file mode 100644 index 0000000000..4368c39835 --- /dev/null +++ b/test/simple/test-tcp-tls.js @@ -0,0 +1,96 @@ +require("../common"); +var fs = require('fs'); +var sys = require('sys'); +var net = require('net'); + +var have_openssl; +try { + var crypto = require('crypto'); + have_openssl=true; +} catch (e) { + have_openssl=false; + puts("Not compiled with OPENSSL support."); + process.exit(); +} + +var caPem = fs.readFileSync(fixturesDir+"/test_ca.pem"); +var certPem = fs.readFileSync(fixturesDir+"/test_cert.pem"); +var keyPem = fs.readFileSync(fixturesDir+"/test_key.pem"); + +var credentials = crypto.createCredentials({key:keyPem, cert:certPem, ca:caPem}); + +var testData = "TEST123"; +var serverData = ''; +var clientData = ''; +var gotSecureServer = false; +var gotSecureClient = false; + +var secureServer = net.createServer(function (connection) { + var self = this; + connection.setSecure(credentials); + connection.setEncoding("UTF8"); + + connection.addListener("secure", function () { + gotSecureServer = true; + var verified = connection.verifyPeer(); + var peerDN = JSON.stringify(connection.getPeerCertificate()); + assert.equal(verified, true); + assert.equal(peerDN, '{"subject":"/C=UK/ST=Acknack Ltd/L=Rhys Jones' + + '/O=node.js/OU=Test TLS Certificate/CN=localhost",' + + '"issuer":"/C=UK/ST=Acknack Ltd/L=Rhys Jones/O=node.js' + + '/OU=Test TLS Certificate/CN=localhost","valid_from":' + + '"Nov 11 09:52:22 2009 GMT","valid_to":' + + '"Nov 6 09:52:22 2029 GMT"}'); + + }); + + connection.addListener("data", function (chunk) { + serverData += chunk; + connection.write(chunk); + }); + + connection.addListener("end", function () { + assert.equal(serverData, testData); + connection.end(); + self.close(); + }); +}); +secureServer.listen(PORT); + +var secureClient = net.createConnection(PORT); + +secureClient.setEncoding("UTF8"); +secureClient.addListener("connect", function () { + secureClient.setSecure(credentials); +}); + +secureClient.addListener("secure", function () { + gotSecureClient = true; + var verified = secureClient.verifyPeer(); + var peerDN = JSON.stringify(secureClient.getPeerCertificate()); + assert.equal(verified, true); + assert.equal(peerDN, '{"subject":"/C=UK/ST=Acknack Ltd/L=Rhys Jones' + + '/O=node.js/OU=Test TLS Certificate/CN=localhost",' + + '"issuer":"/C=UK/ST=Acknack Ltd/L=Rhys Jones/O=node.js' + + '/OU=Test TLS Certificate/CN=localhost","valid_from":' + + '"Nov 11 09:52:22 2009 GMT","valid_to":' + + '"Nov 6 09:52:22 2029 GMT"}'); + + secureClient.write(testData); + secureClient.end(); +}); + +secureClient.addListener("data", function (chunk) { + clientData += chunk; +}); + +secureClient.addListener("end", function () { + assert.equal(clientData, testData); +}); + +process.addListener("exit", function () { + assert.ok(gotSecureServer, "Did not get secure event for server"); + assert.ok(gotSecureClient, "Did not get secure event for clientr"); +}); + +