node/test/pummel/test-tls-ci-reneg-attack.js

'use strict';
var common = require('../common');
var assert = require('assert');
var spawn = require('child_process').spawn;

if (!common.hasCrypto) {
  common.skip('missing crypto');
  return;
}
var tls = require('tls');

var fs = require('fs');

if (!common.opensslCli) {
  common.skip('node compiled without OpenSSL CLI.');
  return;
}

// renegotiation limits to test
var LIMITS = [0, 1, 2, 3, 5, 10, 16];

{
  let n = 0;
  function next() {
    if (n >= LIMITS.length) return;
    tls.CLIENT_RENEG_LIMIT = LIMITS[n++];
    test(next);
  }
  next();
}

function test(next) {
  var options = {
    cert: fs.readFileSync(common.fixturesDir + '/test_cert.pem'),
    key: fs.readFileSync(common.fixturesDir + '/test_key.pem')
  };

  var seenError = false;

  var server = tls.createServer(options, function(conn) {
    conn.on('error', function(err) {
      console.error('Caught exception: ' + err);
      assert(/TLS session renegotiation attack/.test(err));
      conn.destroy();
      seenError = true;
    });
    conn.pipe(conn);
  });

  server.listen(common.PORT, function() {
    var args = ('s_client -connect 127.0.0.1:' + common.PORT).split(' ');
    var child = spawn(common.opensslCli, args);

    //child.stdout.pipe(process.stdout);
    //child.stderr.pipe(process.stderr);

    child.stdout.resume();
    child.stderr.resume();

    // count handshakes, start the attack after the initial handshake is done
    var handshakes = 0;
    var renegs = 0;

    child.stderr.on('data', function(data) {
      if (seenError) return;
      handshakes += (('' + data).match(/verify return:1/g) || []).length;
      if (handshakes === 2) spam();
      renegs += (('' + data).match(/RENEGOTIATING/g) || []).length;
    });

    child.on('exit', function() {
      assert.equal(renegs, tls.CLIENT_RENEG_LIMIT + 1);
      server.close();
      process.nextTick(next);
    });

    var closed = false;
    child.stdin.on('error', function(err) {
      switch (err.code) {
        case 'ECONNRESET':
        case 'EPIPE':
          break;
        default:
          assert.equal(err.code, 'ECONNRESET');
          break;
      }
      closed = true;
    });
    child.stdin.on('close', function() {
      closed = true;
    });

    // simulate renegotiation attack
    function spam() {
      if (closed) return;
      child.stdin.write('R\n');
      setTimeout(spam, 50);
    }
  });
}
test: enable linting for tests Enable linting for the test directory. A number of changes was made so all tests conform the current rules used by lib and src directories. The only exception for tests is that unreachable (dead) code is allowed. test-fs-non-number-arguments-throw had to be excluded from the changes because of a weird issue on Windows CI. PR-URL: https://github.com/nodejs/io.js/pull/1721 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> 2015-05-19 19:00:06 +08:00			`'use strict';`
tls: mitigate session renegotiation attacks The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded. 2012-02-16 02:26:43 +08:00			`var common = require('../common');`
			`var assert = require('assert');`
			`var spawn = require('child_process').spawn;`
test: refactor all tests that depends on crypto we had a few ways versions of looking for support before executing a test. this commit unifies them as well as add the check for all tests that previously lacked them. found by running `./configure --without-ssl && make test`. also, produce tap skip output if the test is skipped. PR-URL: https://github.com/iojs/io.js/pull/1049 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2015-03-04 09:11:21 +08:00
			`if (!common.hasCrypto) {`
test: abstract skip functionality to common The tap skipping output is so prevalent yet obscure in nature that we ought to move it into it's own function in test/common.js PR-URL: https://github.com/nodejs/node/pull/6697 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> 2016-05-12 03:34:52 +08:00			`common.skip('missing crypto');`
test: changing process.exit to return while skipping tests This patch uses `return` statement to skip the test instead of using `process.exit` call. PR-URL: https://github.com/nodejs/io.js/pull/2109 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Johan Bergström <bugs@bergstroem.nu> 2015-07-07 23:25:55 +08:00			`return;`
test: refactor all tests that depends on crypto we had a few ways versions of looking for support before executing a test. this commit unifies them as well as add the check for all tests that previously lacked them. found by running `./configure --without-ssl && make test`. also, produce tap skip output if the test is skipped. PR-URL: https://github.com/iojs/io.js/pull/1049 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2015-03-04 09:11:21 +08:00			`}`
tls: mitigate session renegotiation attacks The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded. 2012-02-16 02:26:43 +08:00			`var tls = require('tls');`
test: refactor all tests that depends on crypto we had a few ways versions of looking for support before executing a test. this commit unifies them as well as add the check for all tests that previously lacked them. found by running `./configure --without-ssl && make test`. also, produce tap skip output if the test is skipped. PR-URL: https://github.com/iojs/io.js/pull/1049 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp> 2015-03-04 09:11:21 +08:00
tls: mitigate session renegotiation attacks The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded. 2012-02-16 02:26:43 +08:00			`var fs = require('fs');`

test: ignore tests when built without OpenSSL CLI fix #6880 2014-01-18 20:18:25 +08:00			`if (!common.opensslCli) {`
test: abstract skip functionality to common The tap skipping output is so prevalent yet obscure in nature that we ought to move it into it's own function in test/common.js PR-URL: https://github.com/nodejs/node/pull/6697 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> 2016-05-12 03:34:52 +08:00			`common.skip('node compiled without OpenSSL CLI.');`
test: changing process.exit to return while skipping tests This patch uses `return` statement to skip the test instead of using `process.exit` call. PR-URL: https://github.com/nodejs/io.js/pull/2109 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Johan Bergström <bugs@bergstroem.nu> 2015-07-07 23:25:55 +08:00			`return;`
test: ignore tests when built without OpenSSL CLI fix #6880 2014-01-18 20:18:25 +08:00			`}`

tls: mitigate session renegotiation attacks The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded. 2012-02-16 02:26:43 +08:00			`// renegotiation limits to test`
			`var LIMITS = [0, 1, 2, 3, 5, 10, 16];`

test: cleanup IIFE tests A number of test files use IIFEs to separate distinct tests from each other in the same file. The project has been moving toward using block scopes and let/const in favor of IIFEs. This commit moves IIFE tests to block scopes. Some additional cleanup such as use of strictEqual() and common.mustCall() is also included. PR-URL: https://github.com/nodejs/node/pull/7694 Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com> 2016-07-13 07:47:32 +08:00			`{`
			`let n = 0;`
tls: mitigate session renegotiation attacks The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded. 2012-02-16 02:26:43 +08:00			`function next() {`
			`if (n >= LIMITS.length) return;`
			`tls.CLIENT_RENEG_LIMIT = LIMITS[n++];`
			`test(next);`
			`}`
			`next();`
test: cleanup IIFE tests A number of test files use IIFEs to separate distinct tests from each other in the same file. The project has been moving toward using block scopes and let/const in favor of IIFEs. This commit moves IIFE tests to block scopes. Some additional cleanup such as use of strictEqual() and common.mustCall() is also included. PR-URL: https://github.com/nodejs/node/pull/7694 Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com> 2016-07-13 07:47:32 +08:00			`}`
tls: mitigate session renegotiation attacks The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded. 2012-02-16 02:26:43 +08:00
			`function test(next) {`
			`var options = {`
			`cert: fs.readFileSync(common.fixturesDir + '/test_cert.pem'),`
			`key: fs.readFileSync(common.fixturesDir + '/test_key.pem')`
			`};`

tls: fix off-by-one error in renegotiation check Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2 means the peer can renegotiate twice, not just once. Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing sensitive (and run faster) while we're at it. 2012-06-18 10:05:21 +08:00			`var seenError = false;`

tls: mitigate session renegotiation attacks The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded. 2012-02-16 02:26:43 +08:00			`var server = tls.createServer(options, function(conn) {`
			`conn.on('error', function(err) {`
			`console.error('Caught exception: ' + err);`
			`assert(/TLS session renegotiation attack/.test(err));`
			`conn.destroy();`
tls: fix off-by-one error in renegotiation check Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2 means the peer can renegotiate twice, not just once. Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing sensitive (and run faster) while we're at it. 2012-06-18 10:05:21 +08:00			`seenError = true;`
tls: mitigate session renegotiation attacks The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded. 2012-02-16 02:26:43 +08:00			`});`
			`conn.pipe(conn);`
			`});`

			`server.listen(common.PORT, function() {`
			`var args = ('s_client -connect 127.0.0.1:' + common.PORT).split(' ');`
gyp: build openssl-cli tool and use it in tests fix #6663 2013-12-12 01:20:17 +08:00			`var child = spawn(common.opensslCli, args);`
tls: mitigate session renegotiation attacks The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded. 2012-02-16 02:26:43 +08:00
test: pummel/ci-reneg handle EPIPE When calling out to the openssl client handle the child closing and returning EPIPE on writes 2014-02-25 10:38:41 +08:00			`//child.stdout.pipe(process.stdout);`
			`//child.stderr.pipe(process.stderr);`

			`child.stdout.resume();`
			`child.stderr.resume();`
tls: mitigate session renegotiation attacks The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded. 2012-02-16 02:26:43 +08:00
			`// count handshakes, start the attack after the initial handshake is done`
			`var handshakes = 0;`
tls: fix off-by-one error in renegotiation check Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2 means the peer can renegotiate twice, not just once. Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing sensitive (and run faster) while we're at it. 2012-06-18 10:05:21 +08:00			`var renegs = 0;`

tls: mitigate session renegotiation attacks The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded. 2012-02-16 02:26:43 +08:00			`child.stderr.on('data', function(data) {`
tls: fix off-by-one error in renegotiation check Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2 means the peer can renegotiate twice, not just once. Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing sensitive (and run faster) while we're at it. 2012-06-18 10:05:21 +08:00			`if (seenError) return;`
tls: mitigate session renegotiation attacks The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded. 2012-02-16 02:26:43 +08:00			`handshakes += (('' + data).match(/verify return:1/g) \|\| []).length;`
			`if (handshakes === 2) spam();`
tls: fix off-by-one error in renegotiation check Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2 means the peer can renegotiate twice, not just once. Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing sensitive (and run faster) while we're at it. 2012-06-18 10:05:21 +08:00			`renegs += (('' + data).match(/RENEGOTIATING/g) \|\| []).length;`
tls: mitigate session renegotiation attacks The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded. 2012-02-16 02:26:43 +08:00			`});`

			`child.on('exit', function() {`
tls: fix off-by-one error in renegotiation check Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2 means the peer can renegotiate twice, not just once. Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing sensitive (and run faster) while we're at it. 2012-06-18 10:05:21 +08:00			`assert.equal(renegs, tls.CLIENT_RENEG_LIMIT + 1);`
tls: mitigate session renegotiation attacks The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded. 2012-02-16 02:26:43 +08:00			`server.close();`
			`process.nextTick(next);`
			`});`

			`var closed = false;`
			`child.stdin.on('error', function(err) {`
test: pummel/ci-reneg handle EPIPE When calling out to the openssl client handle the child closing and returning EPIPE on writes 2014-02-25 10:38:41 +08:00			`switch (err.code) {`
			`case 'ECONNRESET':`
			`case 'EPIPE':`
			`break;`
			`default:`
			`assert.equal(err.code, 'ECONNRESET');`
			`break;`
			`}`
tls: mitigate session renegotiation attacks The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded. 2012-02-16 02:26:43 +08:00			`closed = true;`
			`});`
			`child.stdin.on('close', function() {`
			`closed = true;`
			`});`

			`// simulate renegotiation attack`
			`function spam() {`
			`if (closed) return;`
Lint all the JavaScripts. 2012-02-19 07:01:35 +08:00			`child.stdin.write('R\n');`
tls: fix off-by-one error in renegotiation check Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2 means the peer can renegotiate twice, not just once. Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing sensitive (and run faster) while we're at it. 2012-06-18 10:05:21 +08:00			`setTimeout(spam, 50);`
tls: mitigate session renegotiation attacks The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded. 2012-02-16 02:26:43 +08:00			`}`
			`});`
			`}`