UNPKG

zeronet-crypto

Version:

Various cryptographic functions for ZeroNet

github.com/ZeroNetJS/zeronet-crypto

ZeroNetJS/zeronet-crypto

110 lines (99 loc) 2.94 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
'use strict' const tls = require('tls') const toPull = require('stream-to-pull-stream') const Connection = require('interface-connection').Connection const sslConfig = require('ssl-config')('modern') const gen = require('./gen') const debug = require('debug') const log = debug('zeronet:crypto:tls') const toSocket = require('pull-stream-to-net-socket') function basicCrypto (type, protocol, handler) { let cert let certq = [] gen[type]((err, _cert) => { if (err) throw err cert = _cert log('got cert for %s queue %s', type, certq.length) certq.forEach(c => c()) certq = null }) protocol.crypto.add('tls-' + type, (conn, opt, cb) => { log('tls init', type, opt) const final = (err, client) => { log('tls success?', err ? true : err) if (err) return cb(err) cb(null, new Connection(toPull.duplex(client), conn)) } if (opt.isServer) { const next = () => { toSocket(conn, { createServer: () => handler.server(cert), inverse: true, prefire: true }, final) } if (cert) next() else certq.push(next) } else { toSocket(conn, { createClient: dest => handler.client(dest), prefire: true }, final) } }) } module.exports = function TLSSupport (protocol) { module.exports.tls_rsa(protocol) // module.exports.tls_ecc(protocol) } module.exports.tls_rsa = (protocol) => { basicCrypto('rsa', protocol, { server: (cert) => tls.createServer({ key: cert.key, cert: cert.cert, ciphers: sslConfig.ciphers, honorCipherOrder: true, secureOptions: sslConfig.minimumTLSVersion }), client: (dest) => tls.connect(Object.assign(dest, { requestCert: true, rejectUnauthorized: false, ciphers: sslConfig.ciphers, honorCipherOrder: true, secureOptions: sslConfig.minimumTLSVersion })) }) } /* TODO: fix and rewrite module.exports.tls_ecc = (protocol) => { basicCrypto('ecc', protocol, (opt, host, port, cert, ready, cb) => { let stream if (opt.isServer) { stream = tls.connect({ host, port, isServer: true, key: cert.privkey, cert: cert.cert, requestCert: false, rejectUnauthorized: false, ciphers: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:AES128-GCM-SHA256:AES128-SHA256:HIGH:' + '!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK', honorCipherOrder: true, secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_SSLv2 }) } else { stream = tls.connect({ host, port, isServer: false, requestCert: true, rejectUnauthorized: false, secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_SSLv2 }, cb) } stream.on('secureConnect', () => cb(null, stream)) ready(null, stream) }) } */