├── .github └── workflows │ └── test-node.yml ├── .gitignore ├── LICENSE ├── NOTICE ├── README.md ├── index.js ├── lib ├── bridge.js └── handshake.js ├── package.json └── test.js /.github/workflows/test-node.yml: -------------------------------------------------------------------------------- 1 | name: Build Status 2 | on: 3 | push: 4 | branches: 5 | - main 6 | tags: # To trigger the canary 7 | - '*' 8 | pull_request: 9 | branches: 10 | - main 11 | jobs: 12 | build: 13 | if: ${{ !startsWith(github.ref, 'refs/tags/')}} # Already runs for the push of the commit, no need to run again for the tag 14 | strategy: 15 | matrix: 16 | node-version: [lts/*] 17 | os: [ubuntu-latest, macos-latest, windows-latest] 18 | runs-on: ${{ matrix.os }} 19 | steps: 20 | - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 https://github.com/actions/checkout/releases/tag/v4.1.1 21 | - name: Use Node.js ${{ matrix.node-version }} 22 | uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2 https://github.com/actions/setup-node/releases/tag/v3.8.2 23 | with: 24 | node-version: ${{ matrix.node-version }} 25 | - run: npm install 26 | - run: npm test 27 | 28 | trigger_canary: 29 | if: startsWith(github.ref, 'refs/tags/') # Only run when a new package is published (detects when a new tag is pushed) 30 | runs-on: ubuntu-latest 31 | steps: 32 | - name: trigger canary 33 | run: | 34 | curl -L -X POST \ 35 | -H "Accept: application/vnd.github+json" \ 36 | -H "Authorization: Bearer ${{ secrets.CANARY_DISPATCH_PAT }}" \ 37 | -H "X-GitHub-Api-Version: 2022-11-28" \ 38 | https://api.github.com/repos/holepunchto/canary-tests/dispatches \ 39 | -d '{"event_type":"triggered-by-${{ github.event.repository.name }}-${{ github.ref_name }}"}' 40 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | package-lock.json 3 | sandbox.js 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Copyright 2023 Contributors 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # @hyperswarm/secret-stream 2 | 3 | ### [See the full API docs at docs.holepunch.to](https://docs.holepunch.to/building-blocks/hyperswarm#secretstream) 4 | 5 | Secret stream backed by Noise and libsodium's secretstream 6 | 7 | ``` 8 | npm install @hyperswarm/secret-stream 9 | ``` 10 | 11 | ## Usage 12 | 13 | You can either make a secret stream from an existing transport stream. 14 | 15 | ``` js 16 | const SecretStream = require('@hyperswarm/secret-stream') 17 | 18 | const a = new SecretStream(true, tcpClientStream) 19 | const b = new SecretStream(false, tcpServerStream) 20 | 21 | // pipe the underlying rawstreams together 22 | 23 | a.write(Buffer.from('hello encrypted!')) 24 | 25 | b.on('data', function (data) { 26 | console.log(data) // 27 | }) 28 | ``` 29 | 30 | Or by making your own pipeline 31 | 32 | ``` js 33 | const a = new SecretStream(true) 34 | const b = new SecretStream(false) 35 | 36 | // pipe the underlying rawstreams together 37 | a.rawStream.pipe(b.rawStream).pipe(a.rawStream) 38 | 39 | a.write(Buffer.from('hello encrypted!')) 40 | 41 | b.on('data', function (data) { 42 | console.log(data) // 43 | }) 44 | ``` 45 | 46 | ## API 47 | 48 | #### `const s = new SecretStream(isInitiator, [rawStream], [options])` 49 | 50 | Make a new stream. `isInitiator` is a boolean indication whether you are the client or the server. 51 | `rawStream` can be set to an underlying transport stream you want to run the noise stream over. 52 | 53 | Options include: 54 | 55 | ```js 56 | { 57 | pattern: 'XX', // which noise pattern to use 58 | remotePublicKey, // set if your handshake requires it 59 | keyPair: { publicKey, secretKey }, 60 | handshake: { // if you want to use an handshake performed elsewhere pass it here 61 | tx, 62 | rx, 63 | hash, 64 | publicKey, 65 | remotePublicKey 66 | }, 67 | enableSend: true // (advanced) set false to disable the send API 68 | } 69 | ``` 70 | 71 | The SecretStream returned is a Duplex stream that you use as as normal stream, to write/read data from, 72 | except it's payloads are encrypted using the libsodium secretstream. 73 | 74 | Note that this uses ed25519 for the handshakes per default. 75 | 76 | If need to load the key pair asynchronously, then secret-stream also supports passing in a promise 77 | instead of the keypair that later resolves to `{ publicKey, secretKey }`. The stream lifecycle will wait 78 | for the resolution and auto destroy the stream if the promise errors. 79 | 80 | #### `s.start(rawStream, [options])` 81 | 82 | Start a SecretStream from a rawStream asynchrously. 83 | 84 | ``` js 85 | const s = new SecretStream({ 86 | autoStart: false // call start manually 87 | }) 88 | 89 | // ... do async stuff or destroy the stream 90 | 91 | s.start(rawStream, { 92 | ... options from above 93 | }) 94 | ``` 95 | 96 | #### `s.setTimeout(ms)` 97 | 98 | Set the stream timeout. If no data is received within a `ms` window, 99 | the stream is auto destroyed. 100 | 101 | #### `s.setKeepAlive(ms)` 102 | 103 | Send a heartbeat (empty message) every time the socket is idle for `ms` milliseconds. **Note:** If one side calls `s.setKeepAlive()` and the other does not, then the empty messages will be passed through to the piped stream. 104 | 105 | #### `s.publicKey` 106 | 107 | Get the local public key. 108 | 109 | #### `s.remotePublicKey` 110 | 111 | Get the remote's public key. 112 | Populated after `open` is emitted. 113 | 114 | #### `s.handshakeHash` 115 | 116 | Get the unique hash of this handshake. 117 | Populated after `open` is emitted. 118 | 119 | #### `s.keepAlive` 120 | 121 | Get the interval (in milliseconds) at which keep-alive messages are sent (0 means none are sent). 122 | 123 | #### `s.sendKeepAlive()` 124 | 125 | A convenience method that sends an empty message. 126 | 127 | #### `s.rawBytesWritten` 128 | 129 | The number of bytes (measured after encryption) written. 130 | 131 | #### `s.rawBytesRead` 132 | 133 | The number of bytes (measured before decryption) received. 134 | 135 | #### `s.on('connect', onconnect)` 136 | 137 | Emitted when the handshake is fully done. 138 | It is safe to write to the stream immediately though, as data is buffered 139 | internally before the handshake has been completed. 140 | 141 | #### `await s.send(buffer)` 142 | Sends an encrypted unordered message, see [udx-native](https://github.com/holepunchto/udx-native/tree/main?tab=readme-ov-file#await-streamsendbuffer) for details. 143 | This method with silently fail if called before handshake is complete or if the underlying rawStream is not an UDX-stream (not capable of UDP). 144 | 145 | #### `s.trySend(buffer)` 146 | Same as `send(buffer)` but does not return a promise. 147 | 148 | #### `s.on('message', onmessage)` 149 | Emmitted when an unordered message is received 150 | 151 | #### `keyPair = SecretStream.keyPair([seed])` 152 | 153 | Generate a ed25519 key pair. 154 | 155 | ## License 156 | 157 | Apache-2.0 158 | -------------------------------------------------------------------------------- /index.js: -------------------------------------------------------------------------------- 1 | const { Pull, Push, HEADERBYTES, KEYBYTES, ABYTES } = require('sodium-secretstream') 2 | const sodium = require('sodium-universal') 3 | const crypto = require('hypercore-crypto') 4 | const { Duplex, Writable, getStreamError } = require('streamx') 5 | const b4a = require('b4a') 6 | const Timeout = require('timeout-refresh') 7 | const unslab = require('unslab') 8 | const Bridge = require('./lib/bridge') 9 | const Handshake = require('./lib/handshake') 10 | 11 | const IDHEADERBYTES = HEADERBYTES + 32 12 | const [NS_INITIATOR, NS_RESPONDER, NS_SEND] = crypto.namespace('hyperswarm/secret-stream', 3) 13 | const MAX_ATOMIC_WRITE = 256 * 256 * 256 - 1 14 | 15 | module.exports = class NoiseSecretStream extends Duplex { 16 | constructor (isInitiator, rawStream, opts = {}) { 17 | super({ mapWritable: toBuffer }) 18 | 19 | if (typeof isInitiator !== 'boolean') { 20 | throw new Error('isInitiator should be a boolean') 21 | } 22 | 23 | this.noiseStream = this 24 | this.isInitiator = isInitiator 25 | this.rawStream = null 26 | 27 | this.publicKey = opts.publicKey || null 28 | this.remotePublicKey = opts.remotePublicKey || null 29 | this.handshakeHash = null 30 | this.connected = false 31 | this.keepAlive = opts.keepAlive || 0 32 | this.timeout = 0 33 | this.enableSend = opts.enableSend !== false 34 | 35 | // pointer for upstream to set data here if they want 36 | this.userData = null 37 | 38 | let openedDone = null 39 | this.opened = new Promise((resolve) => { openedDone = resolve }) 40 | 41 | this.rawBytesWritten = 0 42 | this.rawBytesRead = 0 43 | 44 | // metadata used by 'hyperdht' 45 | this.relay = null 46 | this.puncher = null 47 | 48 | // unwrapped raw stream 49 | this._rawStream = null 50 | 51 | // handshake state 52 | this._handshake = null 53 | this._handshakePattern = opts.pattern || null 54 | this._handshakeDone = null 55 | 56 | // message parsing state 57 | this._state = 0 58 | this._len = 0 59 | this._tmp = 1 60 | this._message = null 61 | 62 | this._openedDone = openedDone 63 | this._startDone = null 64 | this._drainDone = null 65 | this._outgoingPlain = null 66 | this._outgoingWrapped = null 67 | this._utp = null 68 | this._setup = true 69 | this._ended = 2 70 | this._encrypt = null 71 | this._decrypt = null 72 | this._timeoutTimer = null 73 | this._keepAliveTimer = null 74 | this._sendState = null 75 | 76 | if (opts.autoStart !== false) this.start(rawStream, opts) 77 | 78 | // wiggle it to trigger open immediately (TODO add streamx option for this) 79 | this.resume() 80 | this.pause() 81 | } 82 | 83 | static keyPair (seed) { 84 | return Handshake.keyPair(seed) 85 | } 86 | 87 | static id (handshakeHash, isInitiator, id) { 88 | return streamId(handshakeHash, isInitiator, id) 89 | } 90 | 91 | setTimeout (ms) { 92 | if (!ms) ms = 0 93 | 94 | this._clearTimeout() 95 | this.timeout = ms 96 | 97 | if (!ms || this.rawStream === null) return 98 | 99 | this._timeoutTimer = Timeout.once(ms, destroyTimeout, this) 100 | this._timeoutTimer.unref() 101 | } 102 | 103 | setKeepAlive (ms) { 104 | if (!ms) ms = 0 105 | 106 | this._clearKeepAlive() 107 | 108 | this.keepAlive = ms 109 | 110 | if (!ms || this.rawStream === null) return 111 | 112 | this._keepAliveTimer = Timeout.on(ms, sendKeepAlive, this) 113 | this._keepAliveTimer.unref() 114 | } 115 | 116 | sendKeepAlive () { 117 | const empty = this.alloc(0) 118 | this.write(empty) 119 | } 120 | 121 | start (rawStream, opts = {}) { 122 | if (rawStream) { 123 | this.rawStream = rawStream 124 | this._rawStream = rawStream 125 | if (typeof this.rawStream.setContentSize === 'function') { 126 | this._utp = rawStream 127 | } 128 | } else { 129 | this.rawStream = new Bridge(this) 130 | this._rawStream = this.rawStream.reverse 131 | } 132 | 133 | this.rawStream.on('error', this._onrawerror.bind(this)) 134 | this.rawStream.on('close', this._onrawclose.bind(this)) 135 | 136 | this._startHandshake(opts.handshake, opts.keyPair || null) 137 | this._continueOpen(null) 138 | 139 | if (this.destroying) return 140 | 141 | if (opts.data) this._onrawdata(opts.data) 142 | if (opts.ended) this._onrawend() 143 | 144 | if (this.keepAlive > 0 && this._keepAliveTimer === null) { 145 | this.setKeepAlive(this.keepAlive) 146 | } 147 | 148 | if (this.timeout > 0 && this._timeoutTimer === null) { 149 | this.setTimeout(this.timeout) 150 | } 151 | } 152 | 153 | async flush () { 154 | if ((await this.opened) === false) return false 155 | if ((await Writable.drained(this)) === false) return false 156 | if (this.destroying) return false 157 | 158 | if (this.rawStream !== null && this.rawStream.flush) { 159 | return await this.rawStream.flush() 160 | } 161 | 162 | return true 163 | } 164 | 165 | _continueOpen (err) { 166 | if (err) this.destroy(err) 167 | if (this._startDone === null) return 168 | const done = this._startDone 169 | this._startDone = null 170 | this._open(done) 171 | } 172 | 173 | _onkeypairpromise (p) { 174 | const self = this 175 | const cont = this._continueOpen.bind(this) 176 | 177 | p.then(onkeypair, cont) 178 | 179 | function onkeypair (kp) { 180 | self._onkeypair(kp) 181 | cont(null) 182 | } 183 | } 184 | 185 | _onkeypair (keyPair) { 186 | const pattern = this._handshakePattern || 'XX' 187 | const remotePublicKey = this.remotePublicKey 188 | 189 | this._handshake = new Handshake(this.isInitiator, keyPair, remotePublicKey, pattern) 190 | this.publicKey = this._handshake.keyPair.publicKey 191 | } 192 | 193 | _startHandshake (handshake, keyPair) { 194 | if (handshake) { 195 | const { tx, rx, hash, publicKey, remotePublicKey } = handshake 196 | this._setupSecretStream(tx, rx, hash, publicKey, remotePublicKey) 197 | return 198 | } 199 | 200 | if (!keyPair) keyPair = Handshake.keyPair() 201 | 202 | if (typeof keyPair.then === 'function') { 203 | this._onkeypairpromise(keyPair) 204 | } else { 205 | this._onkeypair(keyPair) 206 | } 207 | } 208 | 209 | _onrawerror (err) { 210 | this.destroy(err) 211 | } 212 | 213 | _onrawclose () { 214 | if (this._ended !== 0) this.destroy() 215 | } 216 | 217 | _onrawdata (data) { 218 | let offset = 0 219 | 220 | if (this._timeoutTimer !== null) { 221 | this._timeoutTimer.refresh() 222 | } 223 | 224 | do { 225 | switch (this._state) { 226 | case 0: { 227 | while (this._tmp !== 0x1000000 && offset < data.byteLength) { 228 | const v = data[offset++] 229 | this._len += this._tmp * v 230 | this._tmp *= 256 231 | } 232 | 233 | if (this._tmp === 0x1000000) { 234 | this._tmp = 0 235 | this._state = 1 236 | const unprocessed = data.byteLength - offset 237 | if (unprocessed < this._len && this._utp !== null) this._utp.setContentSize(this._len - unprocessed) 238 | } 239 | 240 | break 241 | } 242 | 243 | case 1: { 244 | const missing = this._len - this._tmp 245 | const end = missing + offset 246 | 247 | if (this._message === null && end <= data.byteLength) { 248 | this._message = data.subarray(offset, end) 249 | offset += missing 250 | this._incoming() 251 | break 252 | } 253 | 254 | const unprocessed = data.byteLength - offset 255 | 256 | if (this._message === null) { 257 | this._message = b4a.allocUnsafe(this._len) 258 | } 259 | 260 | b4a.copy(data, this._message, this._tmp, offset) 261 | this._tmp += unprocessed 262 | 263 | if (end <= data.byteLength) { 264 | offset += missing 265 | this._incoming() 266 | } else { 267 | offset += unprocessed 268 | } 269 | 270 | break 271 | } 272 | } 273 | } while (offset < data.byteLength && !this.destroying) 274 | } 275 | 276 | _onrawend () { 277 | this._ended-- 278 | this.push(null) 279 | } 280 | 281 | _onrawdrain () { 282 | const drain = this._drainDone 283 | if (drain === null) return 284 | this._drainDone = null 285 | drain() 286 | } 287 | 288 | _read (cb) { 289 | this.rawStream.resume() 290 | cb(null) 291 | } 292 | 293 | _incoming () { 294 | const message = this._message 295 | 296 | this._state = 0 297 | this._len = 0 298 | this._tmp = 1 299 | this._message = null 300 | 301 | if (this._setup === true) { 302 | if (this._handshake) { 303 | this._onhandshakert(this._handshake.recv(message)) 304 | } else { 305 | if (message.byteLength !== IDHEADERBYTES) { 306 | this.destroy(new Error('Invalid header message received')) 307 | return 308 | } 309 | 310 | const remoteId = message.subarray(0, 32) 311 | const expectedId = streamId(this.handshakeHash, !this.isInitiator) 312 | const header = message.subarray(32) 313 | 314 | if (!b4a.equals(expectedId, remoteId)) { 315 | this.destroy(new Error('Invalid header received')) 316 | return 317 | } 318 | 319 | this._decrypt.init(header) 320 | this._setup = false // setup is now done 321 | } 322 | return 323 | } 324 | 325 | if (message.byteLength < ABYTES) { 326 | this.destroy(new Error('Invalid message received')) 327 | return 328 | } 329 | 330 | this.rawBytesRead += message.byteLength 331 | 332 | const plain = message.subarray(1, message.byteLength - ABYTES + 1) 333 | 334 | try { 335 | this._decrypt.next(message, plain) 336 | } catch (err) { 337 | this.destroy(err) 338 | return 339 | } 340 | 341 | // If keep alive is selective, eat the empty buffers (ie assume the other side has it enabled also) 342 | if (plain.byteLength === 0 && this.keepAlive !== 0) return 343 | 344 | if (this.push(plain) === false) { 345 | this.rawStream.pause() 346 | } 347 | } 348 | 349 | _onhandshakert (h) { 350 | if (this._handshakeDone === null) return 351 | 352 | if (h !== null) { 353 | if (h.data) this._rawStream.write(h.data) 354 | if (!h.tx) return 355 | } 356 | 357 | const done = this._handshakeDone 358 | const publicKey = this._handshake.keyPair.publicKey 359 | 360 | this._handshakeDone = null 361 | this._handshake = null 362 | 363 | if (h === null) return done(new Error('Noise handshake failed')) 364 | 365 | this._setupSecretStream(h.tx, h.rx, h.hash, publicKey, h.remotePublicKey) 366 | this._resolveOpened(true) 367 | done(null) 368 | } 369 | 370 | _setupSecretStream (tx, rx, handshakeHash, publicKey, remotePublicKey) { 371 | const buf = b4a.allocUnsafeSlow(3 + IDHEADERBYTES) 372 | writeUint24le(IDHEADERBYTES, buf) 373 | 374 | this._encrypt = new Push(unslab(tx.subarray(0, KEYBYTES)), undefined, buf.subarray(3 + 32)) 375 | this._decrypt = new Pull(unslab(rx.subarray(0, KEYBYTES))) 376 | 377 | this.publicKey = publicKey 378 | this.remotePublicKey = remotePublicKey 379 | this.handshakeHash = handshakeHash 380 | 381 | const id = buf.subarray(3, 3 + 32) 382 | streamId(handshakeHash, this.isInitiator, id) 383 | 384 | // initialize secretbox state for unordered messages 385 | this._setupSecretSend(handshakeHash) 386 | 387 | this.emit('handshake') 388 | // if rawStream is a bridge, also emit it there 389 | if (this.rawStream !== this._rawStream) this.rawStream.emit('handshake') 390 | 391 | if (this.destroying) return 392 | 393 | this._rawStream.write(buf) 394 | } 395 | 396 | _setupSecretSend (handshakeHash) { 397 | this._sendState = b4a.allocUnsafeSlow(32 + 32 + 8 + 8) 398 | const encrypt = this._sendState.subarray(0, 32) // secrets 399 | const decrypt = this._sendState.subarray(32, 64) 400 | const counter = this._sendState.subarray(64, 72) // nonce 401 | const initial = this._sendState.subarray(72) 402 | 403 | const inputs = this.isInitiator 404 | ? [[NS_INITIATOR, NS_SEND], [NS_RESPONDER, NS_SEND]] 405 | : [[NS_RESPONDER, NS_SEND], [NS_INITIATOR, NS_SEND]] 406 | 407 | sodium.crypto_generichash_batch(encrypt, inputs[0], handshakeHash) 408 | sodium.crypto_generichash_batch(decrypt, inputs[1], handshakeHash) 409 | 410 | sodium.randombytes_buf(initial) 411 | counter.set(initial) 412 | } 413 | 414 | _open (cb) { 415 | // no autostart or no handshake yet 416 | if (this._rawStream === null || (this._handshake === null && this._encrypt === null)) { 417 | this._startDone = cb 418 | return 419 | } 420 | 421 | this._rawStream.on('data', this._onrawdata.bind(this)) 422 | this._rawStream.on('end', this._onrawend.bind(this)) 423 | this._rawStream.on('drain', this._onrawdrain.bind(this)) 424 | 425 | if (this.enableSend) this._rawStream.on('message', this._onmessage.bind(this)) 426 | 427 | if (this._encrypt !== null) { 428 | this._resolveOpened(true) 429 | return cb(null) 430 | } 431 | 432 | this._handshakeDone = cb 433 | 434 | if (this.isInitiator) this._onhandshakert(this._handshake.send()) 435 | } 436 | 437 | _predestroy () { 438 | if (this.rawStream) { 439 | const error = getStreamError(this) 440 | this.rawStream.destroy(error) 441 | } 442 | 443 | if (this._startDone !== null) { 444 | const done = this._startDone 445 | this._startDone = null 446 | done(new Error('Stream destroyed')) 447 | } 448 | 449 | if (this._handshakeDone !== null) { 450 | const done = this._handshakeDone 451 | this._handshakeDone = null 452 | done(new Error('Stream destroyed')) 453 | } 454 | 455 | if (this._drainDone !== null) { 456 | const done = this._drainDone 457 | this._drainDone = null 458 | done(new Error('Stream destroyed')) 459 | } 460 | } 461 | 462 | _write (data, cb) { 463 | let wrapped = this._outgoingWrapped 464 | 465 | if (data !== this._outgoingPlain) { 466 | wrapped = b4a.allocUnsafe(data.byteLength + 3 + ABYTES) 467 | wrapped.set(data, 4) 468 | } else { 469 | this._outgoingWrapped = this._outgoingPlain = null 470 | } 471 | 472 | if (wrapped.byteLength - 3 > MAX_ATOMIC_WRITE) { 473 | return cb(new Error('Message is too large for an atomic write. Max size is ' + MAX_ATOMIC_WRITE + ' bytes.')) 474 | } 475 | this.rawBytesWritten += wrapped.byteLength 476 | 477 | writeUint24le(wrapped.byteLength - 3, wrapped) 478 | // offset 4 so we can do it in-place 479 | this._encrypt.next(wrapped.subarray(4, 4 + data.byteLength), wrapped.subarray(3)) 480 | 481 | if (this._keepAliveTimer !== null) this._keepAliveTimer.refresh() 482 | 483 | if (this._rawStream.write(wrapped) === false) { 484 | this._drainDone = cb 485 | } else { 486 | cb(null) 487 | } 488 | } 489 | 490 | _final (cb) { 491 | this._clearKeepAlive() 492 | this._ended-- 493 | this._rawStream.end() 494 | cb(null) 495 | } 496 | 497 | _resolveOpened (val) { 498 | if (this._openedDone === null) return 499 | const opened = this._openedDone 500 | this._openedDone = null 501 | opened(val) 502 | if (!val) return 503 | this.connected = true 504 | this.emit('connect') 505 | } 506 | 507 | _clearTimeout () { 508 | if (this._timeoutTimer === null) return 509 | this._timeoutTimer.destroy() 510 | this._timeoutTimer = null 511 | this.timeout = 0 512 | } 513 | 514 | _clearKeepAlive () { 515 | if (this._keepAliveTimer === null) return 516 | this._keepAliveTimer.destroy() 517 | this._keepAliveTimer = null 518 | this.keepAlive = 0 519 | } 520 | 521 | _destroy (cb) { 522 | this._clearKeepAlive() 523 | this._clearTimeout() 524 | this._resolveOpened(false) 525 | cb(null) 526 | } 527 | 528 | _boxMessage (buffer) { 529 | const MB = sodium.crypto_secretbox_MACBYTES // 16 530 | const NB = sodium.crypto_secretbox_NONCEBYTES // 24 531 | 532 | const counter = this._sendState.subarray(64, 72) 533 | sodium.sodium_increment(counter) 534 | if (b4a.equals(counter, this._sendState.subarray(72))) { 535 | this.destroy(new Error('udp send nonce exchausted')) 536 | return 537 | } 538 | 539 | const secret = this._sendState.subarray(0, 32) 540 | const envelope = b4a.allocUnsafe(8 + MB + buffer.byteLength) 541 | const nonce = envelope.subarray(0, NB) 542 | const ciphertext = envelope.subarray(8) 543 | 544 | b4a.fill(nonce, 0) // pad suffix 545 | nonce.set(counter) 546 | 547 | sodium.crypto_secretbox_easy(ciphertext, buffer, nonce, secret) 548 | return envelope 549 | } 550 | 551 | send (buffer) { 552 | if (!this._sendState) return 553 | if (!this.rawStream?.send) return // udx-stream expected 554 | 555 | const message = this._boxMessage(buffer) 556 | return this.rawStream.send(message) 557 | } 558 | 559 | trySend (buffer) { 560 | if (!this._sendState) return 561 | if (!this.rawStream?.trySend) return // udx-stream expected 562 | 563 | const message = this._boxMessage(buffer) 564 | this.rawStream.trySend(message) 565 | } 566 | 567 | _onmessage (buffer) { 568 | if (!this._sendState) return // messages before handshake are dropped 569 | 570 | const MB = sodium.crypto_secretbox_MACBYTES // 16 571 | const NB = sodium.crypto_secretbox_NONCEBYTES // 24 572 | 573 | if (buffer.byteLength < NB) return // Invalid message 574 | 575 | const nonce = b4a.allocUnsafe(NB) 576 | b4a.fill(nonce, 0) 577 | nonce.set(buffer.subarray(0, 8)) 578 | 579 | const secret = this._sendState.subarray(32, 64) 580 | const ciphertext = buffer.subarray(8) 581 | const plain = buffer.subarray(8, buffer.byteLength - MB) 582 | 583 | if (ciphertext.byteLength < MB) return // invalid message 584 | 585 | const success = sodium.crypto_secretbox_open_easy(plain, ciphertext, nonce, secret) 586 | 587 | if (success) this.emit('message', plain) 588 | } 589 | 590 | alloc (len) { 591 | const buf = b4a.allocUnsafe(len + 3 + ABYTES) 592 | this._outgoingWrapped = buf 593 | this._outgoingPlain = buf.subarray(4, buf.byteLength - ABYTES + 1) 594 | return this._outgoingPlain 595 | } 596 | 597 | toJSON () { 598 | return { 599 | isInitiator: this.isInitiator, 600 | publicKey: this.publicKey && b4a.toString(this.publicKey, 'hex'), 601 | remotePublicKey: this.remotePublicKey && b4a.toString(this.remotePublicKey, 'hex'), 602 | connected: this.connected, 603 | destroying: this.destroying, 604 | destroyed: this.destroyed, 605 | rawStream: this.rawStream && this.rawStream.toJSON ? this.rawStream.toJSON() : null 606 | } 607 | } 608 | } 609 | 610 | function writeUint24le (n, buf) { 611 | buf[0] = (n & 255) 612 | buf[1] = (n >>> 8) & 255 613 | buf[2] = (n >>> 16) & 255 614 | } 615 | 616 | function streamId (handshakeHash, isInitiator, out = b4a.allocUnsafe(32)) { 617 | sodium.crypto_generichash(out, isInitiator ? NS_INITIATOR : NS_RESPONDER, handshakeHash) 618 | return out 619 | } 620 | 621 | function toBuffer (data) { 622 | return typeof data === 'string' ? b4a.from(data) : data 623 | } 624 | 625 | function destroyTimeout () { 626 | this.destroy(new Error('Stream timed out')) 627 | } 628 | 629 | function sendKeepAlive () { 630 | const empty = this.alloc(0) 631 | this.write(empty) 632 | } 633 | -------------------------------------------------------------------------------- /lib/bridge.js: -------------------------------------------------------------------------------- 1 | const { Duplex, Writable } = require('streamx') 2 | 3 | class ReversePassThrough extends Duplex { 4 | constructor (s) { 5 | super() 6 | this._stream = s 7 | this._ondrain = null 8 | } 9 | 10 | _write (data, cb) { 11 | if (this._stream.push(data) === false) { 12 | this._stream._ondrain = cb 13 | } else { 14 | cb(null) 15 | } 16 | } 17 | 18 | _final (cb) { 19 | this._stream.push(null) 20 | cb(null) 21 | } 22 | 23 | _read (cb) { 24 | const ondrain = this._ondrain 25 | this._ondrain = null 26 | if (ondrain) ondrain() 27 | cb(null) 28 | } 29 | } 30 | 31 | module.exports = class Bridge extends Duplex { 32 | constructor (noiseStream) { 33 | super() 34 | 35 | this.noiseStream = noiseStream 36 | 37 | this._ondrain = null 38 | this.reverse = new ReversePassThrough(this) 39 | } 40 | 41 | get publicKey () { 42 | return this.noiseStream.publicKey 43 | } 44 | 45 | get remotePublicKey () { 46 | return this.noiseStream.remotePublicKey 47 | } 48 | 49 | get handshakeHash () { 50 | return this.noiseStream.handshakeHash 51 | } 52 | 53 | flush () { 54 | return Writable.drained(this) 55 | } 56 | 57 | _read (cb) { 58 | const ondrain = this._ondrain 59 | this._ondrain = null 60 | if (ondrain) ondrain() 61 | cb(null) 62 | } 63 | 64 | _write (data, cb) { 65 | if (this.reverse.push(data) === false) { 66 | this.reverse._ondrain = cb 67 | } else { 68 | cb(null) 69 | } 70 | } 71 | 72 | _final (cb) { 73 | this.reverse.push(null) 74 | cb(null) 75 | } 76 | } 77 | -------------------------------------------------------------------------------- /lib/handshake.js: -------------------------------------------------------------------------------- 1 | const sodium = require('sodium-universal') 2 | const curve = require('noise-curve-ed') 3 | const Noise = require('noise-handshake') 4 | const b4a = require('b4a') 5 | 6 | const EMPTY = b4a.alloc(0) 7 | 8 | module.exports = class Handshake { 9 | constructor (isInitiator, keyPair, remotePublicKey, pattern) { 10 | this.isInitiator = isInitiator 11 | this.keyPair = keyPair 12 | this.noise = new Noise(pattern, isInitiator, keyPair, { curve }) 13 | this.noise.initialise(EMPTY, remotePublicKey) 14 | this.destroyed = false 15 | } 16 | 17 | static keyPair (seed) { 18 | const publicKey = b4a.alloc(32) 19 | const secretKey = b4a.alloc(64) 20 | if (seed) sodium.crypto_sign_seed_keypair(publicKey, secretKey, seed) 21 | else sodium.crypto_sign_keypair(publicKey, secretKey) 22 | return { publicKey, secretKey } 23 | } 24 | 25 | recv (data) { 26 | try { 27 | this.noise.recv(data) 28 | if (this.noise.complete) return this._return(null) 29 | return this.send() 30 | } catch { 31 | this.destroy() 32 | return null 33 | } 34 | } 35 | 36 | // note that the data returned here is framed so we don't have to do an extra copy 37 | // when sending it... 38 | send () { 39 | try { 40 | const data = this.noise.send() 41 | const wrap = b4a.allocUnsafe(data.byteLength + 3) 42 | 43 | writeUint24le(data.byteLength, wrap) 44 | wrap.set(data, 3) 45 | 46 | return this._return(wrap) 47 | } catch { 48 | this.destroy() 49 | return null 50 | } 51 | } 52 | 53 | destroy () { 54 | if (this.destroyed) return 55 | this.destroyed = true 56 | } 57 | 58 | _return (data) { 59 | const tx = this.noise.complete ? b4a.toBuffer(this.noise.tx) : null 60 | const rx = this.noise.complete ? b4a.toBuffer(this.noise.rx) : null 61 | const hash = this.noise.complete ? b4a.toBuffer(this.noise.hash) : null 62 | const remotePublicKey = this.noise.complete ? b4a.toBuffer(this.noise.rs) : null 63 | 64 | return { 65 | data, 66 | remotePublicKey, 67 | hash, 68 | tx, 69 | rx 70 | } 71 | } 72 | } 73 | 74 | function writeUint24le (n, buf) { 75 | buf[0] = (n & 255) 76 | buf[1] = (n >>> 8) & 255 77 | buf[2] = (n >>> 16) & 255 78 | } 79 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@hyperswarm/secret-stream", 3 | "version": "6.8.1", 4 | "description": "Secret stream backed by Noise and libsodium's secretstream", 5 | "main": "index.js", 6 | "files": [ 7 | "index.js", 8 | "lib/**.js" 9 | ], 10 | "dependencies": { 11 | "b4a": "^1.1.0", 12 | "hypercore-crypto": "^3.3.1", 13 | "noise-curve-ed": "^2.0.1", 14 | "noise-handshake": "^4.0.0", 15 | "sodium-secretstream": "^1.1.0", 16 | "sodium-universal": "^5.0.0", 17 | "streamx": "^2.14.0", 18 | "timeout-refresh": "^2.0.0", 19 | "unslab": "^1.3.0" 20 | }, 21 | "devDependencies": { 22 | "brittle": "^3.3.0", 23 | "standard": "^17.1.0", 24 | "udx-native": "^1.13.2" 25 | }, 26 | "scripts": { 27 | "test": "standard && brittle test.js" 28 | }, 29 | "repository": { 30 | "type": "git", 31 | "url": "https://github.com/holepunchto/hyperswarm-secret-stream.git" 32 | }, 33 | "author": "Mathias Buus (@mafintosh)", 34 | "license": "Apache-2.0", 35 | "bugs": { 36 | "url": "https://github.com/holepunchto/hyperswarm-secret-stream/issues" 37 | }, 38 | "homepage": "https://github.com/holepunchto/hyperswarm-secret-stream" 39 | } 40 | -------------------------------------------------------------------------------- /test.js: -------------------------------------------------------------------------------- 1 | const test = require('brittle') 2 | const net = require('net') 3 | const Events = require('events') 4 | const crypto = require('crypto') 5 | const { Readable, Duplex } = require('streamx') 6 | const NoiseStream = require('./') 7 | const UDX = require('udx-native') 8 | const sodium = require('sodium-native') 9 | 10 | test('basic', function (t) { 11 | t.plan(2) 12 | 13 | const a = new NoiseStream(true) 14 | const b = new NoiseStream(false) 15 | 16 | a.rawStream.pipe(b.rawStream).pipe(a.rawStream) 17 | 18 | a.on('open', function () { 19 | t.alike(a.remotePublicKey, b.publicKey) 20 | }) 21 | 22 | b.on('open', function () { 23 | t.alike(a.publicKey, b.remotePublicKey) 24 | }) 25 | }) 26 | 27 | test('data looks encrypted', function (t) { 28 | t.plan(2) 29 | 30 | const a = new NoiseStream(true) 31 | const b = new NoiseStream(false) 32 | 33 | a.rawStream.pipe(b.rawStream).pipe(a.rawStream) 34 | 35 | a.write(Buffer.from('plaintext')) 36 | 37 | const buf = [] 38 | 39 | a.rawStream.on('data', function (data) { 40 | buf.push(Buffer.from(data)) 41 | }) 42 | 43 | b.on('data', function (data) { 44 | t.alike(data, Buffer.from('plaintext')) 45 | t.ok(Buffer.concat(buf).indexOf(Buffer.from('plaintext')) === -1) 46 | }) 47 | }) 48 | 49 | test('works with external streams', function (t) { 50 | t.plan(2) 51 | 52 | const server = net.createServer(function (socket) { 53 | const s = new NoiseStream(false, socket) 54 | 55 | s.on('data', function (data) { 56 | s.destroy() 57 | t.alike(data, Buffer.from('encrypted!')) 58 | }) 59 | }) 60 | 61 | server.listen(0, function () { 62 | const socket = net.connect(server.address().port) 63 | const s = new NoiseStream(true, socket) 64 | 65 | s.write(Buffer.from('encrypted!')) 66 | s.on('close', function () { 67 | server.close() 68 | }) 69 | }) 70 | 71 | server.on('close', function () { 72 | t.pass() 73 | }) 74 | }) 75 | 76 | test('works with tiny chunks', function (t) { 77 | t.plan(2) 78 | 79 | const a = new NoiseStream(true) 80 | const b = new NoiseStream(false) 81 | 82 | const tmp = crypto.randomBytes(40000) 83 | 84 | a.write(Buffer.from('hello world')) 85 | a.write(tmp) 86 | 87 | a.rawStream.on('data', function (data) { 88 | for (let i = 0; i < data.byteLength; i++) { 89 | b.rawStream.write(data.subarray(i, i + 1)) 90 | } 91 | }) 92 | 93 | b.rawStream.on('data', function (data) { 94 | for (let i = 0; i < data.byteLength; i++) { 95 | a.rawStream.write(data.subarray(i, i + 1)) 96 | } 97 | }) 98 | 99 | b.once('data', function (data) { 100 | t.alike(data, Buffer.from('hello world')) 101 | b.once('data', function (data) { 102 | t.alike(data, tmp) 103 | }) 104 | }) 105 | }) 106 | 107 | test('async creation', function (t) { 108 | t.plan(3) 109 | 110 | const server = net.createServer(function (socket) { 111 | const s = new NoiseStream(false, socket) 112 | 113 | s.on('data', function (data) { 114 | s.destroy() 115 | t.alike(data, Buffer.from('encrypted!')) 116 | }) 117 | }) 118 | 119 | server.listen(0, function () { 120 | const s = new NoiseStream(true, null, { 121 | autoStart: false 122 | }) 123 | 124 | t.absent(s.rawStream, 'not started') 125 | 126 | const socket = net.connect(server.address().port) 127 | socket.on('connect', function () { 128 | s.start(socket) 129 | }) 130 | 131 | s.write(Buffer.from('encrypted!')) 132 | s.on('close', function () { 133 | server.close() 134 | }) 135 | }) 136 | 137 | server.on('close', function () { 138 | t.pass() 139 | }) 140 | }) 141 | 142 | test('send and recv lots of data', function (t) { 143 | t.plan(3) 144 | 145 | const a = new NoiseStream(true) 146 | const b = new NoiseStream(false) 147 | 148 | a.rawStream.pipe(b.rawStream).pipe(a.rawStream) 149 | 150 | const buf = crypto.randomBytes(65536) 151 | let size = 1024 * 1024 * 1024 // 1gb 152 | 153 | const r = new Readable({ 154 | read (cb) { 155 | this.push(buf) 156 | size -= buf.byteLength 157 | if (size <= 0) this.push(null) 158 | cb(null) 159 | } 160 | }) 161 | 162 | r.pipe(a) 163 | 164 | const then = Date.now() 165 | let recv = 0 166 | let same = true 167 | 168 | b.on('data', function (data) { 169 | if (same) same = data.equals(buf) 170 | recv += data.byteLength 171 | }) 172 | b.on('end', function () { 173 | t.is(recv, 1024 * 1024 * 1024) 174 | t.ok(same, 'data was the same') 175 | t.pass('1gb transfer took ' + (Date.now() - then) + 'ms') 176 | }) 177 | }) 178 | 179 | test('send garbage handshake data', function (t) { 180 | t.plan(2) 181 | 182 | check(Buffer.alloc(65536)) 183 | check(Buffer.from('\x10\x00\x00garbagegarbagegarbage')) 184 | 185 | function check (buf) { 186 | const a = new NoiseStream(true) 187 | 188 | a.on('error', function () { 189 | t.pass('handshake errored') 190 | }) 191 | 192 | a.rawStream.write(buf) 193 | } 194 | }) 195 | 196 | test('send garbage secretstream header data', function (t) { 197 | t.plan(2) 198 | 199 | const a = new NoiseStream(true) 200 | const b = new NoiseStream(false) 201 | 202 | b.on('error', () => {}) 203 | 204 | a.rawStream.pipe(b.rawStream).pipe(a.rawStream) 205 | 206 | a.on('error', function () { 207 | t.pass('header errored') 208 | }) 209 | 210 | a.on('open', function () { 211 | t.pass('opened') 212 | a.rawStream.write(Buffer.from([0xff, 0, 0])) 213 | a.rawStream.write(crypto.randomBytes(0xff)) 214 | }) 215 | }) 216 | 217 | test('send garbage secretstream payload data', function (t) { 218 | t.plan(2) 219 | 220 | const a = new NoiseStream(true) 221 | const b = new NoiseStream(false) 222 | 223 | b.on('error', () => {}) 224 | b.write(Buffer.from('hi')) 225 | 226 | b.on('data', function (data) { 227 | t.fail('b should not recv messages') 228 | }) 229 | 230 | a.rawStream.pipe(b.rawStream).pipe(a.rawStream) 231 | 232 | a.on('error', function () { 233 | t.pass('payload errored') 234 | }) 235 | 236 | a.once('data', function () { 237 | t.pass('a got initial message') 238 | a.rawStream.write(Buffer.from([0xff, 0, 0])) 239 | a.rawStream.write(crypto.randomBytes(0xff)) 240 | }) 241 | }) 242 | 243 | test('handshake outside', async function (t) { 244 | t.plan(1) 245 | 246 | const hs = await createHandshake() 247 | 248 | const a = new NoiseStream(true, null, { 249 | handshake: hs[0] 250 | }) 251 | 252 | const b = new NoiseStream(false, null, { 253 | handshake: hs[1] 254 | }) 255 | 256 | a.rawStream.pipe(b.rawStream).pipe(a.rawStream) 257 | 258 | a.write('test') 259 | 260 | const [data] = await Events.once(b, 'data') 261 | t.alike(data, Buffer.from('test')) 262 | }) 263 | 264 | test('pass in head buffer', async function (t) { 265 | t.plan(3) 266 | 267 | const hs = await createHandshake() 268 | 269 | const a = new NoiseStream(true, null, { 270 | handshake: hs[0] 271 | }) 272 | 273 | const b = new NoiseStream(false, null, { 274 | autoStart: false 275 | }) 276 | 277 | a.write('test1') 278 | a.write('test2') 279 | 280 | const expected = [Buffer.from('test1'), Buffer.from('test2'), Buffer.from('test3')] 281 | 282 | let done 283 | const promise = new Promise((resolve) => { done = resolve }) 284 | 285 | b.on('data', function (data) { 286 | t.alike(data, expected.shift()) 287 | if (expected.length === 0) done() 288 | }) 289 | 290 | const buf = [] 291 | a.rawStream.on('data', function ondata (head) { 292 | buf.push(head) 293 | if (buf.length === 2) { 294 | a.rawStream.removeListener('data', ondata) 295 | 296 | b.start(null, { 297 | handshake: hs[1], 298 | data: Buffer.concat(buf) 299 | }) 300 | 301 | a.rawStream.pipe(b.rawStream).pipe(a.rawStream) 302 | a.write('test3') 303 | } 304 | }) 305 | 306 | return promise 307 | }) 308 | 309 | test('errors are forwarded', async function (t) { 310 | t.plan(4) 311 | 312 | let same 313 | 314 | const promise = new Promise((resolve) => { 315 | let plan = 4 316 | 317 | same = (a, b, m) => { 318 | t.alike(a, b, m) 319 | if (--plan <= 0) resolve() 320 | } 321 | }) 322 | 323 | const a = new NoiseStream(true) 324 | const b = new NoiseStream(false) 325 | 326 | a.rawStream.pipe(b.rawStream).pipe(a.rawStream) 327 | 328 | await new Promise((resolve) => a.on('handshake', resolve)) 329 | 330 | const error = new Error('hello') 331 | 332 | a.destroy(error) 333 | b.destroy(error) 334 | 335 | a.rawStream.on('error', (err) => same(err, error)) 336 | b.rawStream.on('error', (err) => same(err, error)) 337 | 338 | a.on('error', (err) => same(err, error)) 339 | b.on('error', (err) => same(err, error)) 340 | 341 | return promise 342 | }) 343 | 344 | test('can destroy in the first tick', function (t) { 345 | t.plan(1) 346 | 347 | const stream = new Duplex() 348 | const a = new NoiseStream(true, stream) 349 | 350 | a.on('error', function (err) { 351 | t.alike(err, new Error('stop')) 352 | }) 353 | 354 | // hackish destroy to force it in the first tick 355 | stream.emit('error', new Error('stop')) 356 | }) 357 | 358 | test('keypair can be a promise', function (t) { 359 | t.plan(2) 360 | 361 | const kp = NoiseStream.keyPair() 362 | 363 | const a = new NoiseStream(true, null, { 364 | keyPair: new Promise((resolve) => { 365 | setImmediate(() => resolve(kp)) 366 | }) 367 | }) 368 | 369 | const b = new NoiseStream(false) 370 | 371 | a.rawStream.pipe(b.rawStream).pipe(a.rawStream) 372 | 373 | a.on('connect', function () { 374 | t.alike(kp.publicKey, a.publicKey) 375 | }) 376 | 377 | b.on('connect', function () { 378 | t.alike(kp.publicKey, b.remotePublicKey) 379 | }) 380 | }) 381 | 382 | test('keypair can be a promise that rejects', function (t) { 383 | t.plan(4) 384 | 385 | const a = new NoiseStream(true, null, { 386 | keyPair: new Promise((resolve, reject) => { 387 | reject(new Error('stop')) 388 | }) 389 | }) 390 | 391 | const b = new NoiseStream(false) 392 | 393 | a.rawStream.pipe(b.rawStream).pipe(a.rawStream) 394 | 395 | a.rawStream.on('error', function (err) { 396 | t.alike(err, new Error('stop')) 397 | }) 398 | 399 | a.on('error', function (err) { 400 | t.alike(err, new Error('stop')) 401 | }) 402 | 403 | b.rawStream.on('error', function (err) { 404 | t.alike(err, new Error('stop')) 405 | }) 406 | 407 | b.on('error', function (err) { 408 | t.alike(err, new Error('stop')) 409 | }) 410 | }) 411 | 412 | test('drains data after both streams end', function (t) { 413 | t.plan(1) 414 | 415 | const a = new NoiseStream(true) 416 | const b = new NoiseStream(false) 417 | 418 | a.rawStream.pipe(b.rawStream).pipe(a.rawStream) 419 | 420 | b.end() 421 | a.end(Buffer.from('hello world')) 422 | 423 | b.once('data', function (data) { 424 | t.alike(data, Buffer.from('hello world')) 425 | }) 426 | }) 427 | 428 | test('can timeout', function (t) { 429 | t.plan(1) 430 | 431 | const a = new NoiseStream(true) 432 | const b = new NoiseStream(false) 433 | 434 | let i = 0 435 | 436 | a.setTimeout(200) 437 | a.resume() 438 | a.on('error', function () { 439 | clearTimeout(interval) 440 | t.ok(i >= 10) 441 | }) 442 | 443 | b.on('error', () => {}) 444 | a.rawStream.pipe(b.rawStream).pipe(a.rawStream) 445 | 446 | const interval = setInterval(tick, 50) 447 | 448 | function tick () { 449 | i++ 450 | if (i < 10) b.write('hi') 451 | } 452 | }) 453 | 454 | test('keep alive', function (t) { 455 | t.plan(2) 456 | 457 | const a = new NoiseStream(true) 458 | const b = new NoiseStream(false) 459 | 460 | let i = 0 461 | 462 | a.setKeepAlive(500) 463 | b.setKeepAlive(500) 464 | t.is(a.keepAlive, 500) 465 | 466 | a.resume() 467 | 468 | a.rawStream.pipe(b.rawStream).pipe(a.rawStream) 469 | b.rawStream.on('data', function (data) { 470 | if (data.byteLength === 20) { // empty message 471 | clearInterval(interval) 472 | t.ok(i > 10, 'keep alive when idle') 473 | a.end() 474 | b.end() 475 | } 476 | }) 477 | 478 | const interval = setInterval(tick, 100) 479 | 480 | function tick () { 481 | i++ 482 | if (i < 10) { 483 | b.write('hi') 484 | } 485 | } 486 | }) 487 | 488 | test('set keep alive multiple times (no mem leak)', function (t) { 489 | t.plan(4) 490 | 491 | const a = new NoiseStream(true) 492 | const b = new NoiseStream(false) 493 | 494 | let i = 0 495 | 496 | a.setKeepAlive(500) 497 | b.setKeepAlive(500) 498 | t.is(a.keepAlive, 500, 'sanity check') 499 | 500 | // Needs access to internals to test for fixed memleak 501 | const initTimer = a._keepAliveTimer 502 | 503 | a.setKeepAlive(600) 504 | t.is(a.keepAlive, 600) 505 | t.is(initTimer.done, true, 'prev timer destroyed') 506 | a.resume() 507 | 508 | const interval = setInterval(tick, 100) 509 | 510 | a.rawStream.pipe(b.rawStream).pipe(a.rawStream) 511 | b.rawStream.on('data', function (data) { 512 | if (data.byteLength === 20) { // empty message 513 | clearInterval(interval) 514 | t.ok(i > 10, 'keep alive when idle') 515 | a.end() 516 | b.end() 517 | } 518 | }) 519 | 520 | function tick () { 521 | i++ 522 | if (i < 10) { 523 | b.write('hi') 524 | } 525 | } 526 | }) 527 | 528 | test('setting keep alive before the stream starts works', function (t) { 529 | t.plan(2) 530 | 531 | const a = new NoiseStream(true, null, { autoStart: false }) 532 | const b = new NoiseStream(false, null, { autoStart: false }) 533 | 534 | let i = 0 535 | 536 | a.setKeepAlive(500) 537 | b.setKeepAlive(500) 538 | t.is(a.keepAlive, 500) 539 | 540 | a.start() 541 | b.start() 542 | 543 | a.rawStream.pipe(b.rawStream).pipe(a.rawStream) 544 | b.rawStream.on('data', function (data) { 545 | if (data.byteLength === 20) { // empty message 546 | clearInterval(interval) 547 | t.ok(i > 10, 'keep alive when idle') 548 | a.end() 549 | b.end() 550 | } 551 | }) 552 | 553 | const interval = setInterval(tick, 100) 554 | 555 | function tick () { 556 | i++ 557 | if (i < 10) { 558 | b.write('hi') 559 | } 560 | } 561 | }) 562 | 563 | test('message is too large', function (t) { 564 | t.plan(2) 565 | 566 | const a = new NoiseStream(true) 567 | const b = new NoiseStream(false) 568 | 569 | a.rawStream.pipe(b.rawStream).pipe(a.rawStream) 570 | 571 | a.on('error', () => t.pass('should error')) 572 | b.on('error', () => t.pass('should error')) 573 | 574 | a.write(Buffer.alloc(32 * 1024 * 1024)) 575 | }) 576 | 577 | function createHandshake () { 578 | return new Promise((resolve, reject) => { 579 | const a = new NoiseStream(true) 580 | const b = new NoiseStream(false) 581 | 582 | let missing = 2 583 | 584 | a.on('handshake', onhandshake) 585 | b.on('handshake', onhandshake) 586 | 587 | a.rawStream.pipe(b.rawStream).pipe(a.rawStream) 588 | 589 | function onhandshake () { 590 | if (--missing === 0) { 591 | a.destroy() 592 | b.destroy() 593 | resolve([{ 594 | publicKey: a.publicKey, 595 | remotePublicKey: a.remotePublicKey, 596 | hash: a.handshakeHash, 597 | tx: a._encrypt.key, 598 | rx: a._decrypt.key 599 | }, { 600 | publicKey: b.publicKey, 601 | remotePublicKey: b.remotePublicKey, 602 | hash: b.handshakeHash, 603 | tx: b._encrypt.key, 604 | rx: b._decrypt.key 605 | }]) 606 | } 607 | } 608 | }) 609 | } 610 | 611 | test('basic - unslab checks', function (t) { 612 | t.plan(10) 613 | 614 | const a = new NoiseStream(true) 615 | const b = new NoiseStream(false) 616 | 617 | a.rawStream.pipe(b.rawStream).pipe(a.rawStream) 618 | 619 | a.on('open', function () { 620 | const push = a._encrypt 621 | const pull = a._decrypt 622 | 623 | t.ok(push.key.buffer.byteLength < 100, 'push.key.buffer no slab') 624 | t.ok(push.state.buffer.byteLength < 100, 'push.state.buffer no slab') 625 | t.ok(push.header.buffer.byteLength < 100, 'push.header.buffer no slab') 626 | 627 | t.ok(pull.key.buffer.byteLength < 100, 'pull.key.buffer no slab') 628 | t.ok(pull.state.buffer.byteLength < 100, 'pull.state.buffer no slab') 629 | }) 630 | 631 | b.on('open', function () { 632 | const push = a._encrypt 633 | const pull = a._decrypt 634 | 635 | t.ok(push.key.buffer.byteLength < 100, 'push.key.buffer no slab') 636 | t.ok(push.state.buffer.byteLength < 100, 'push.state.buffer no slab') 637 | t.ok(push.header.buffer.byteLength < 100, 'push.header.buffer no slab') 638 | 639 | t.ok(pull.key.buffer.byteLength < 100, 'pull.key.buffer no slab') 640 | t.ok(pull.state.buffer.byteLength < 100, 'pull.state.buffer no slab') 641 | }) 642 | }) 643 | 644 | function udxPair (getOpts = () => ({})) { 645 | const u = new UDX() 646 | const socket1 = u.createSocket() 647 | const socket2 = u.createSocket() 648 | for (const s of [socket1, socket2]) s.bind(0, '0.0.0.0') 649 | 650 | const stream1 = u.createStream(1) 651 | const stream2 = u.createStream(2) 652 | stream1.connect(socket1, stream2.id, socket2.address().port, '127.0.0.1') 653 | stream2.connect(socket2, stream1.id, socket1.address().port, '127.0.0.1') 654 | 655 | return [ 656 | new NoiseStream(true, stream1, getOpts(0)), 657 | new NoiseStream(false, stream2, getOpts(1)), 658 | destroyPair 659 | ] 660 | 661 | async function destroyPair () { 662 | for (const stream of [stream1, stream2]) { 663 | stream.destroy() 664 | await streamClosed(stream) 665 | } 666 | 667 | await socket1.close() 668 | await socket2.close() 669 | } 670 | 671 | async function streamClosed (stream) { 672 | if (stream.destroyed) return 673 | return new Promise(resolve => stream.once('close', resolve)) 674 | } 675 | } 676 | 677 | test('encrypted unordered message', async function (t) { 678 | const [a, b, destroy] = udxPair() 679 | const message = Buffer.from('plaintext', 'utf8') 680 | 681 | const transmission1 = new Promise(resolve => b.once('message', resolve)) 682 | 683 | await a.opened 684 | await b.opened 685 | 686 | await a.send(message) 687 | 688 | const m0 = await transmission1 689 | t.ok(m0.equals(message), 'send(): received & decrypted') 690 | 691 | const transmission2 = new Promise(resolve => a.once('message', resolve)) 692 | 693 | b.trySend(message) 694 | 695 | const m1 = await transmission2 696 | t.ok(m1.equals(message), 'trySend(): received & decrypted') 697 | 698 | await destroy() 699 | }) 700 | 701 | test('too short messages are ignored', async function (t) { 702 | const [a, b, destroy] = udxPair() 703 | const message = Buffer.from('plaintext', 'utf8') 704 | 705 | const transmission1 = new Promise(resolve => b.once('message', resolve)) 706 | 707 | await a.opened 708 | await b.opened 709 | 710 | await a.send(message) 711 | 712 | const m0 = await transmission1 713 | t.ok(m0.equals(message), 'send(): received & decrypted', 'sanity check') 714 | 715 | b.once('message', () => t.fail('invalid messages should not bubble up')) 716 | 717 | // invalid nonce 718 | a.rawStream.send(Buffer.from('a'.repeat(sodium.crypto_secretbox_NONCEBYTES - 1))) 719 | 720 | // invalid cipher text 721 | a.rawStream.send(Buffer.from('a'.repeat(sodium.crypto_secretbox_NONCEBYTES + 1))) 722 | 723 | // In case errors take a tick to trigger 724 | await new Promise(resolve => setImmediate(resolve)) 725 | 726 | await destroy() 727 | }) 728 | 729 | test('enableSend opt', async function (t) { 730 | t.plan(1) 731 | 732 | const [a, b, destroy] = udxPair((n) => ({ enableSend: n !== 0 })) 733 | 734 | a.once('message', () => t.fail('should not have registered message handler')) 735 | b.once('message', async () => { 736 | await destroy() 737 | t.pass('by default the message handler is set') 738 | }) 739 | 740 | await a.opened 741 | await b.opened 742 | 743 | await b.send(Buffer.from('b-message which does not bubble up at a')) 744 | await a.send(Buffer.from('a-message which bubbles up at b')) 745 | }) 746 | --------------------------------------------------------------------------------