DiffieHellman doesn’t generate keys after setting a key
const dh = crypto.createDiffieHellman(1024);
//set private key to 2
dh.setPrivateKey(Buffer.from("02", 'hex'));
//outputs 02 (as expected)
console.log(dh.getPrivateKey().toString('hex'));
//generate random private key
dh.generateKeys();
//outputs 02: zero day.
console.log(dh.getPrivateKey().toString('hex'));
OpenSSL (https://github.com/majek/openssl/blob/master/crypto/dh/dh_key.c) doesn’t generate keys when they’re already instantiated:
if (dh->priv_key == NULL)
{
priv_key=BN_new();
if (priv_key == NULL) goto err;
generate_new_key=1;
}
else
priv_key=dh->priv_key;
if (dh->pub_key == NULL)
{
pub_key=BN_new();
if (pub_key == NULL) goto err;
}
else
pub_key=dh->pub_key;
node:crypto should use OpenSSL correctly. Method generateKeys()
should re-instantiate OpenSSL before requesting a key, thereby avoiding the above.
A nonce must be used just once; using a nonce more than once is a security vulnerability. As concrete examples: Forward secrecy of TLS and IND-CPA of ElGamal would be trivially lost if Node.js’s DH were used as a building block.
This vulnerability is devastating to any developers that have used nodejs in accordance with documentation. Developers have chosen to fix documentation rather than code, unfortunately, nodejs is potentially introducing gaping security holes to anyone using code as original directed.