Skip to content

Instantly share code, notes, and snippets.

@jas-

jas-/TLS-client.js

Last active December 27, 2015 01:48
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jas-/7247295 to your computer and use it in GitHub Desktop.
Save jas-/7247295 to your computer and use it in GitHub Desktop.
Download ZIP
Experimental server/client (TLS) w/ DH exchange (susceptable to MITM w/o pre-shared secret)
Raw
client.js
var ioc = require('socket.io-client'),
io = require('socket.io').listen(3001, {
log: true,
secure: true
}),
crypto = require('crypto')
crypto.DEFAULT_ENCODING = 'hex'
var dh = crypto.getDiffieHellman('modp18')
dh.generateKeys()
var pubKey = dh.getPublicKey(),
privKey = dh.getPrivateKey()
var sock = ioc.connect('wss://node.dev', {
port: 3000
})
sock.emit('ping', {
key: pubKey
})
io.sockets.on('connection', function(socket) {
socket.on('pong', function(data) {
global.sessionKey = data.key
global.secret = dh.computeSecret(data.key, 'hex', 'hex')
if (createDigest(global.secret, data.key) === data.digest) {
console.log(global.secret)
}
})
})
function createDigest(key, obj) {
return crypto.createHmac('sha512', new Buffer(key)).update(obj).digest('hex')
}
Raw
server.js
var ioc = require('socket.io-client'),
io = require('socket.io').listen(3000, {
log: true,
secure: true
}),
crypto = require('crypto')
crypto.DEFAULT_ENCODING = 'hex'
var dh = crypto.getDiffieHellman('modp18')
dh.generateKeys()
var pubKey = dh.getPublicKey(),
privKey = dh.getPrivateKey()
io.sockets.on('connection', function(socket) {
socket.on('ping', function(data) {
global.sessionKey = data.key
global.secret = dh.computeSecret(data.key, 'hex', 'hex')
console.log(global.secret)
var sock = ioc.connect('wss://node.dev', {
port: 3001
})
sock.emit('pong', {
key: pubKey,
digest: createDigest(global.secret, pubKey)
})
})
})
function createDigest(key, obj) {
return crypto.createHmac('sha512', key).update(obj).digest('hex')
}
Raw
TLS-client.js
var fs = require('fs')
var opts = {
host: 'node.dev',
port: 3000,
key: fs.readFileSync('certificate.key'),
cert: fs.readFileSync('certificate.crt'),
//ca: [fs.readFileSync('authority.cer')],
passphrase: 'password',
ciphers: 'ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH',
honorCipherOrder: true,
requestCert: true,
rejectUnauthorized: false
}
var tls = require('tls').createServer(opts, handler),
tlsClient = require('tls'),
crypto = require('crypto'),
os = require('os'),
secret = false,
data = '',
obj = false
crypto.DEFAULT_ENCODING = 'hex'
var dh = crypto.getDiffieHellman('modp18')
dh.generateKeys()
var pubKey = dh.getPublicKey(),
privKey = dh.getPrivateKey()
function handler(stream) {
stream.setEncoding('utf8')
stream.on('data', function(chunk) {
data += chunk
obj = checkBuffer(data)
if (obj) {
secret = createSharedSecret(dh, obj)
console.log('SECRET: '+secret)
stream.write(JSON.stringify({
key: pubKey,
digest: createDigest(privKey, pubKey)
}))
}
})
stream.on('error', function() {
console.log('An error occured')
})
stream.on('end', function() {
console.log('Client disconnected')
})
}
var conn = tlsClient.connect(opts, function() {
conn.write(JSON.stringify({
key: pubKey
}))
})
conn.on('data', function(chunk) {
data += chunk
obj = checkBuffer(data)
if (obj) {
secret = createSharedSecret(dh, obj)
var payload = encryptData(secret, JSON.stringify(getSystemStatistics()))
console.log(decryptData(secret, payload))
conn.write(payload)
}
})
function checkBuffer(data) {
try {
return JSON.parse(data)
} catch(e) {
return false
}
}
function createDigest(key, obj) {
return crypto.createHmac('sha512', key).update(obj).digest('hex')
}
function createSharedSecret(dh, data) {
return dh.computeSecret(data.key, 'hex', 'hex')
}
function encryptData(key, pt) {
var cipher = crypto.createCipher('aes256', key)
cipher.update(pt, 'utf8', 'hex')
var ct = cipher.final('hex')
return ct
}
function decryptData(key, pt) {
var cipher = crypto.createDecipher('aes256', key)
cipher.update(pt, 'utf8', 'hex')
var ct = cipher.final('utf8')
return ct
}
function getSystemStatistics() {
return {
hostname: os.hostname(),
system: os.platform(),
architecture: os.arch(),
release: os.release(),
uptime: os.uptime(),
loadavg: os.loadavg(),
memory: os.totalmem(),
freemem: os.freemem(),
cores: os.cpus(),
interfaces: os.networkInterfaces()
}
}
tls.listen(8000)
Raw
TLS-server.js
var fs = require('fs')
var opts = {
key: fs.readFileSync('certificate.key'),
cert: fs.readFileSync('certificate.crt'),
//ca: [fs.readFileSync('authority.cer')],
passphrase: 'password',
ciphers: 'ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH',
honorCipherOrder: true,
requestCert: true,
rejectUnauthorized: false
}
var tls = require('tls').createServer(opts, handler),
tlsClient = require('tls'),
crypto = require('crypto')
crypto.DEFAULT_ENCODING = 'hex'
var dh = crypto.getDiffieHellman('modp18')
dh.generateKeys()
var pubKey = dh.getPublicKey(),
privKey = dh.getPrivateKey(),
secret = false,
data = '',
obj = false
function handler(stream) {
stream.setEncoding('utf8')
stream.on('data', function(chunk) {
data += chunk
obj = checkBuffer(data)
if (obj) {
secret = createSharedSecret(dh, obj)
console.log('SECRET: '+secret)
stream.write(JSON.stringify({
key: pubKey,
digest: createDigest(privKey, pubKey)
}))
}
})
stream.on('error', function() {
console.log('An error occured')
})
stream.on('end', function() {
console.log('Client disconnected')
})
}
function checkBuffer(data) {
var result = false
try {
result = JSON.parse(data)
} catch(e) {
/* logging? */
}
return result
}
function createDigest(key, obj) {
return crypto.createHmac('sha512', key).update(obj).digest('hex')
}
function createSharedSecret(dh, data) {
return dh.computeSecret(data.key, 'hex', 'hex')
}
function getClientProperties(tls) {
/* DNS functionality? */
return {
address: tls.remoteAddress,
port: tls.remotePort
}
}
tls.listen(3000)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment