How to ensure secure socket communication using Chrome Packaged App

Question

I am developing a Chrome Packaged App which is a client app sending data to an external tcp server via TCP.

How can I ensure the socket I connect to uses TLS? At what point in the client connection do I need to add a parameter to enable this? How/where are certificates stored? Do I need to handle this manually or does Chrome do this for me?

Here a sample of my code:

chrome.app.runtime.onLaunched.addListener(function(launchData){
    chrome.sockets.tcp.create({persistent: false, name: 'my_socket'}, function(createInfo) {
        var socketId = createInfo.socketId;
        chrome.storage.local.set({socketId: socketId}, function(){
            chrome.sockets.tcp.connect(socketId, IP_ADDRESS, PORT, function(result){
                if (result < 0){
                    // There was an error.
                } else {
                    chrome.sockets.tcp.setKeepAlive(socketId, true, 60, function(result){
                        if (result < 0){
                            // There was an error.
                        } else {
                            chrome.sockets.tcp.send(socketId, myData, function(sendInfo){
                                if (!sendInfo || sendInfo.resultCode < 0){
                                    // There was an error.
                                } else {
                                    // Data Sent, await response in chrome.sockets.tcp.onReceive
                                }
                            });
                        }
                    });
                }
            });
        });
    });
});

Answer 1

chrome.socket doesn't provide built-in SSL support (yet anyways, see http://crbug.com/132896), you need to add the SSL encoding / decoding in your application. Once the TCP connection is established you can begin the SSL negotiation (i.e. after chrome.sockets.tcp.connect calls your callback function).

I recently added SSL support to CIRC using the forge javascript library which implements SSL in JS. You can see the complete wrapping of a chrome socket connection in CIRC here: https://github.com/flackr/circ/blob/master/package/bin/net/ssl_socket.js

Note, that I haven't actually added identity verification, see verify: options.verify || function() { return true }, but this could be replaced with an appropriate verification function.