@@ -6,6 +6,10 @@ if (!common.hasCrypto)
66const assert = require ( 'assert' ) ;
77const crypto = require ( 'crypto' ) ;
88const { hasOpenSSL } = require ( '../common/crypto' ) ;
9+ const {
10+ DH_CHECK_P_NOT_PRIME ,
11+ DH_CHECK_P_NOT_SAFE_PRIME ,
12+ } = crypto . constants ;
913
1014// Second OAKLEY group, see
1115// https://github.com/nodejs/node-v0.x-archive/issues/2338 and
@@ -16,6 +20,47 @@ const p = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' +
1620 'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF' ;
1721crypto . createDiffieHellman ( p , 'hex' ) ;
1822
23+ if ( ! process . features . openssl_is_boringssl ) {
24+ const notPrime = Buffer . from ( p , 'hex' ) ;
25+ notPrime [ notPrime . length - 1 ] = 0xfd ;
26+ assert . strictEqual (
27+ crypto . createDiffieHellman ( notPrime , Buffer . from ( [ 2 ] ) ) . verifyError ,
28+ DH_CHECK_P_NOT_PRIME ) ;
29+
30+ const notSafePrime = Buffer . from (
31+ 'd2d6d13e1c1e0bbb63c742199dee010411f089ac74f0f7213348388280700fd6' +
32+ '0ef9c1e7b096a4257dcbce61c544a5d1d23db4c49c63ce302f63be5cf5804327' ,
33+ 'hex' ) ;
34+ assert . strictEqual (
35+ crypto . createDiffieHellman ( notSafePrime , Buffer . from ( [ 2 ] ) ) . verifyError ,
36+ DH_CHECK_P_NOT_SAFE_PRIME ) ;
37+
38+ const group = crypto . getDiffieHellman ( 'modp14' ) ;
39+ const alice = crypto . createDiffieHellman (
40+ group . getPrime ( ) , group . getGenerator ( ) ) ;
41+ alice . generateKeys ( ) ;
42+ const groupPrime = BigInt ( `0x${ group . getPrime ( 'hex' ) } ` ) ;
43+ assert . throws (
44+ ( ) => alice . computeSecret ( Buffer . from ( [ 1 ] ) ) ,
45+ {
46+ code : 'ERR_CRYPTO_INVALID_KEYLEN' ,
47+ message : 'Supplied key is too small'
48+ } ) ;
49+ assert . throws (
50+ ( ) => alice . computeSecret ( group . getPrime ( ) ) ,
51+ {
52+ code : 'ERR_CRYPTO_INVALID_KEYLEN' ,
53+ message : 'Supplied key is too large'
54+ } ) ;
55+ assert . throws (
56+ ( ) => alice . computeSecret (
57+ Buffer . from ( ( groupPrime - 1n ) . toString ( 16 ) , 'hex' ) ) ,
58+ {
59+ code : 'ERR_CRYPTO_INVALID_KEYLEN' ,
60+ message : 'Supplied key is too large'
61+ } ) ;
62+ }
63+
1964// Confirm DH_check() results are exposed for optional examination.
2065const bad_dh = process . features . openssl_is_boringssl ?
2166 crypto . createDiffieHellman ( 'abcd' , 'hex' , 0 ) :
@@ -26,6 +71,11 @@ if (hasOpenSSL(3)) {
2671 const smallSafePrime = crypto . createDiffieHellman (
2772 Buffer . from ( [ 23 ] ) , Buffer . from ( [ 2 ] ) ) ;
2873 assert . notStrictEqual ( smallSafePrime . verifyError , 0 ) ;
74+
75+ assert . throws (
76+ ( ) => crypto . createDiffieHellman ( Buffer . from ( p , 'hex' ) ,
77+ Buffer . from ( p , 'hex' ) ) ,
78+ { code : 'ERR_OSSL_DH_BAD_GENERATOR' } ) ;
2979}
3080
3181const availableCurves = new Set ( crypto . getCurves ( ) ) ;
0 commit comments