test/common/tls.js - external/github.com/v8/node - Git at Google

 /* eslint-disable node-core/crypto-check */

 'use strict';
 const crypto = require('crypto');
 const net = require('net');

 exports.ccs = Buffer.from('140303000101', 'hex');

 class TestTLSSocket extends net.Socket {
   constructor(server_cert) {
     super();
     this.server_cert = server_cert;
     this.version = Buffer.from('0303', 'hex');
     this.handshake_list = [];
     // AES128-GCM-SHA256
     this.ciphers = Buffer.from('000002009c0', 'hex');
     this.pre_primary_secret =
       Buffer.concat([this.version, crypto.randomBytes(46)]);
     this.primary_secret = null;
     this.write_seq = 0;
     this.client_random = crypto.randomBytes(32);

     this.on('handshake', (msg) => {
       this.handshake_list.push(msg);
     });

     this.on('server_random', (server_random) => {
       this.primary_secret = PRF12('sha256', this.pre_primary_secret,
                                   'primary secret',
                                   Buffer.concat([this.client_random,
                                                  server_random]),
                                   48);
       const key_block = PRF12('sha256', this.primary_secret,
                               'key expansion',
                               Buffer.concat([server_random,
                                              this.client_random]),
                               40);
       this.client_writeKey = key_block.slice(0, 16);
       this.client_writeIV = key_block.slice(32, 36);
     });
   }

   createClientHello() {
     const compressions = Buffer.from('0100', 'hex'); // null
     const msg = addHandshakeHeader(0x01, Buffer.concat([
       this.version, this.client_random, this.ciphers, compressions,
     ]));
     this.emit('handshake', msg);
     return addRecordHeader(0x16, msg);
   }

   createClientKeyExchange() {
     const encrypted_pre_primary_secret = crypto.publicEncrypt({
       key: this.server_cert,
       padding: crypto.constants.RSA_PKCS1_PADDING
     }, this.pre_primary_secret);
     const length = Buffer.alloc(2);
     length.writeUIntBE(encrypted_pre_primary_secret.length, 0, 2);
     const msg = addHandshakeHeader(0x10, Buffer.concat([
       length, encrypted_pre_primary_secret]));
     this.emit('handshake', msg);
     return addRecordHeader(0x16, msg);
   }

   createFinished() {
     const shasum = crypto.createHash('sha256');
     shasum.update(Buffer.concat(this.handshake_list));
     const message_hash = shasum.digest();
     const r = PRF12('sha256', this.primary_secret,
                     'client finished', message_hash, 12);
     const msg = addHandshakeHeader(0x14, r);
     this.emit('handshake', msg);
     return addRecordHeader(0x16, msg);
   }

   createIllegalHandshake() {
     const illegal_handshake = Buffer.alloc(5);
     return addRecordHeader(0x16, illegal_handshake);
   }

   parseTLSFrame(buf) {
     let offset = 0;
     const record = buf.slice(offset, 5);
     const type = record[0];
     const length = record.slice(3, 5).readUInt16BE(0);
     offset += 5;
     let remaining = buf.slice(offset, offset + length);
     if (type === 0x16) {
       do {
         remaining = this.parseTLSHandshake(remaining);
       } while (remaining.length > 0);
     }
     offset += length;
     return buf.slice(offset);
   }

   parseTLSHandshake(buf) {
     let offset = 0;
     const handshake_type = buf[offset];
     if (handshake_type === 0x02) {
       const server_random = buf.slice(6, 6 + 32);
       this.emit('server_random', server_random);
     }
     offset += 1;
     const length = buf.readUIntBE(offset, 3);
     offset += 3;
     const handshake = buf.slice(0, offset + length);
     this.emit('handshake', handshake);
     offset += length;
     const remaining = buf.slice(offset);
     return remaining;
   }

   encrypt(plain) {
     const type = plain.slice(0, 1);
     const version = plain.slice(1, 3);
     const nonce = crypto.randomBytes(8);
     const iv = Buffer.concat([this.client_writeIV.slice(0, 4), nonce]);
     const bob = crypto.createCipheriv('aes-128-gcm', this.client_writeKey, iv);
     const write_seq = Buffer.alloc(8);
     write_seq.writeUInt32BE(this.write_seq++, 4);
     const aad = Buffer.concat([write_seq, plain.slice(0, 5)]);
     bob.setAAD(aad);
     const encrypted1 = bob.update(plain.slice(5));
     const encrypted = Buffer.concat([encrypted1, bob.final()]);
     const tag = bob.getAuthTag();
     const length = Buffer.alloc(2);
     length.writeUInt16BE(nonce.length + encrypted.length + tag.length, 0);
     return Buffer.concat([type, version, length, nonce, encrypted, tag]);
   }
 }

 function addRecordHeader(type, frame) {
   const record_layer = Buffer.from('0003030000', 'hex');
   record_layer[0] = type;
   record_layer.writeUInt16BE(frame.length, 3);
   return Buffer.concat([record_layer, frame]);
 }

 function addHandshakeHeader(type, msg) {
   const handshake_header = Buffer.alloc(4);
   handshake_header[0] = type;
   handshake_header.writeUIntBE(msg.length, 1, 3);
   return Buffer.concat([handshake_header, msg]);
 }

 function PRF12(algo, secret, label, seed, size) {
   const newSeed = Buffer.concat([Buffer.from(label, 'utf8'), seed]);
   return P_hash(algo, secret, newSeed, size);
 }

 function P_hash(algo, secret, seed, size) {
   const result = Buffer.alloc(size);
   let hmac = crypto.createHmac(algo, secret);
   hmac.update(seed);
   let a = hmac.digest();
   let j = 0;
   while (j < size) {
     hmac = crypto.createHmac(algo, secret);
     hmac.update(a);
     hmac.update(seed);
     const b = hmac.digest();
     let todo = b.length;
     if (j + todo > size) {
       todo = size - j;
     }
     b.copy(result, j, 0, todo);
     j += todo;
     hmac = crypto.createHmac(algo, secret);
     hmac.update(a);
     a = hmac.digest();
   }
   return result;
 }

 exports.TestTLSSocket = TestTLSSocket;
	/* eslint-disable node-core/crypto-check */

	'use strict';
	const crypto = require('crypto');
	const net = require('net');

	exports.ccs = Buffer.from('140303000101', 'hex');

	class TestTLSSocket extends net.Socket {
	constructor(server_cert) {
	super();
	this.server_cert = server_cert;
	this.version = Buffer.from('0303', 'hex');
	this.handshake_list = [];
	// AES128-GCM-SHA256
	this.ciphers = Buffer.from('000002009c0', 'hex');
	this.pre_primary_secret =
	Buffer.concat([this.version, crypto.randomBytes(46)]);
	this.primary_secret = null;
	this.write_seq = 0;
	this.client_random = crypto.randomBytes(32);

	this.on('handshake', (msg) => {
	this.handshake_list.push(msg);
	});

	this.on('server_random', (server_random) => {
	this.primary_secret = PRF12('sha256', this.pre_primary_secret,
	'primary secret',
	Buffer.concat([this.client_random,
	server_random]),
	48);
	const key_block = PRF12('sha256', this.primary_secret,
	'key expansion',
	Buffer.concat([server_random,
	this.client_random]),
	40);
	this.client_writeKey = key_block.slice(0, 16);
	this.client_writeIV = key_block.slice(32, 36);
	});
	}

	createClientHello() {
	const compressions = Buffer.from('0100', 'hex'); // null
	const msg = addHandshakeHeader(0x01, Buffer.concat([
	this.version, this.client_random, this.ciphers, compressions,
	]));
	this.emit('handshake', msg);
	return addRecordHeader(0x16, msg);
	}

	createClientKeyExchange() {
	const encrypted_pre_primary_secret = crypto.publicEncrypt({
	key: this.server_cert,
	padding: crypto.constants.RSA_PKCS1_PADDING
	}, this.pre_primary_secret);
	const length = Buffer.alloc(2);
	length.writeUIntBE(encrypted_pre_primary_secret.length, 0, 2);
	const msg = addHandshakeHeader(0x10, Buffer.concat([
	length, encrypted_pre_primary_secret]));
	this.emit('handshake', msg);
	return addRecordHeader(0x16, msg);
	}

	createFinished() {
	const shasum = crypto.createHash('sha256');
	shasum.update(Buffer.concat(this.handshake_list));
	const message_hash = shasum.digest();
	const r = PRF12('sha256', this.primary_secret,
	'client finished', message_hash, 12);
	const msg = addHandshakeHeader(0x14, r);
	this.emit('handshake', msg);
	return addRecordHeader(0x16, msg);
	}

	createIllegalHandshake() {
	const illegal_handshake = Buffer.alloc(5);
	return addRecordHeader(0x16, illegal_handshake);
	}

	parseTLSFrame(buf) {
	let offset = 0;
	const record = buf.slice(offset, 5);
	const type = record[0];
	const length = record.slice(3, 5).readUInt16BE(0);
	offset += 5;
	let remaining = buf.slice(offset, offset + length);
	if (type === 0x16) {
	do {
	remaining = this.parseTLSHandshake(remaining);
	} while (remaining.length > 0);
	}
	offset += length;
	return buf.slice(offset);
	}

	parseTLSHandshake(buf) {
	let offset = 0;
	const handshake_type = buf[offset];
	if (handshake_type === 0x02) {
	const server_random = buf.slice(6, 6 + 32);
	this.emit('server_random', server_random);
	}
	offset += 1;
	const length = buf.readUIntBE(offset, 3);
	offset += 3;
	const handshake = buf.slice(0, offset + length);
	this.emit('handshake', handshake);
	offset += length;
	const remaining = buf.slice(offset);
	return remaining;
	}

	encrypt(plain) {
	const type = plain.slice(0, 1);
	const version = plain.slice(1, 3);
	const nonce = crypto.randomBytes(8);
	const iv = Buffer.concat([this.client_writeIV.slice(0, 4), nonce]);
	const bob = crypto.createCipheriv('aes-128-gcm', this.client_writeKey, iv);
	const write_seq = Buffer.alloc(8);
	write_seq.writeUInt32BE(this.write_seq++, 4);
	const aad = Buffer.concat([write_seq, plain.slice(0, 5)]);
	bob.setAAD(aad);
	const encrypted1 = bob.update(plain.slice(5));
	const encrypted = Buffer.concat([encrypted1, bob.final()]);
	const tag = bob.getAuthTag();
	const length = Buffer.alloc(2);
	length.writeUInt16BE(nonce.length + encrypted.length + tag.length, 0);
	return Buffer.concat([type, version, length, nonce, encrypted, tag]);
	}
	}

	function addRecordHeader(type, frame) {
	const record_layer = Buffer.from('0003030000', 'hex');
	record_layer[0] = type;
	record_layer.writeUInt16BE(frame.length, 3);
	return Buffer.concat([record_layer, frame]);
	}

	function addHandshakeHeader(type, msg) {
	const handshake_header = Buffer.alloc(4);
	handshake_header[0] = type;
	handshake_header.writeUIntBE(msg.length, 1, 3);
	return Buffer.concat([handshake_header, msg]);
	}

	function PRF12(algo, secret, label, seed, size) {
	const newSeed = Buffer.concat([Buffer.from(label, 'utf8'), seed]);
	return P_hash(algo, secret, newSeed, size);
	}

	function P_hash(algo, secret, seed, size) {
	const result = Buffer.alloc(size);
	let hmac = crypto.createHmac(algo, secret);
	hmac.update(seed);
	let a = hmac.digest();
	let j = 0;
	while (j < size) {
	hmac = crypto.createHmac(algo, secret);
	hmac.update(a);
	hmac.update(seed);
	const b = hmac.digest();
	let todo = b.length;
	if (j + todo > size) {
	todo = size - j;
	}
	b.copy(result, j, 0, todo);
	j += todo;
	hmac = crypto.createHmac(algo, secret);
	hmac.update(a);
	a = hmac.digest();
	}
	return result;
	}

	exports.TestTLSSocket = TestTLSSocket;