Create secure connection

package.json

@@ -54,8 +54,11 @@
     "bcrypto": "^4.2.3",
     "bn.js": "^5.0.0",
     "buffer": "^5.4.3",
+    "it-buffer": "^0.1.1",
+    "it-length-prefixed": "^3.0.0",
     "it-pair": "^1.0.0",
     "it-pb-rpc": "^0.1.3",
+    "it-pipe": "^1.1.0",
     "protobufjs": "~6.8.8"
   }
 }

src/crypto.ts

@@ -18,7 +18,7 @@ export function encryptStream(handshake: Handshake, session: NoiseSession) : IRe
 
 
 // Decrypt received payload to the user
-export function decryptStreams(handshake: Handshake, session: NoiseSession) : IReturnEncryptionWrapper {
+export function decryptStream(handshake: Handshake, session: NoiseSession) : IReturnEncryptionWrapper {
   return async function * (source) {
     for await (const chunk of source) {
       const decrypted = await handshake.decrypt(chunk, session);

src/noise.ts

@@ -1,6 +1,11 @@
 import { x25519 } from 'bcrypto';
 import { Buffer } from "buffer";
 import Wrap from 'it-pb-rpc';
+import DuplexPair from 'it-pair/duplex';
+import ensureBuffer from 'it-buffer';
+import pipe from 'it-pipe';
+import lp from 'it-length-prefixed';
+const { int16BEEncode, int16BEDecode } = lp;
 
 import { Handshake } from "./handshake";
 import { generateKeypair } from "./utils";
@@ -80,7 +85,22 @@ export class Noise implements NoiseConnection {
     await handshake.finish(session);
 
     // Create encryption box/unbox wrapper
-    return await encryptStream(handshake, session);
+    const [secure, user] = DuplexPair();
+    const network = connection.unwrap();
+
+    pipe(
+      secure, // write to wrapper
+      ensureBuffer, // ensure any type of data is converted to buffer
+      encryptStream(handshake, session), // data is encrypted
+      lp.encode({ lengthEncoder: int16BEEncode }), // prefix with message length
+      network, // send to the remote peer
+      lp.decode({ lengthDecoder: int16BEDecode }), // read message length prefix
+      ensureBuffer, // ensure any type of data is converted to buffer
+      decryptStream(handshake, session), // decrypt the incoming data
+      secure // pipe to the wrapper
+    );
+
+    return user;
   }
 
 

yarn.lock

@@ -2429,6 +2429,13 @@ isobject@^3.0.0, isobject@^3.0.1:
   resolved "https://registry.yarnpkg.com/isobject/-/isobject-3.0.1.tgz#4e431e92b11a9731636aa1f9c8d1ccbcfdab78df"
   integrity sha1-TkMekrEalzFjaqH5yNHMvP2reN8=
 
+it-buffer@^0.1.1:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/it-buffer/-/it-buffer-0.1.1.tgz#64981e3e5e8a316df6b7305c8e0639603527d322"
+  integrity sha512-yydimO5mqeejnvFY8LE0ugEqVDq6S2wpNM1lXsEeHoKwUuKpTJXmnngOMiPFTPhNYdPqZrNwdx+6+ZayzcHn+g==
+  dependencies:
+    bl "^4.0.0"
+
 it-handshake@^1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/it-handshake/-/it-handshake-1.0.1.tgz#ed37a5622fcb82cfcb1e7eaebcf4872361cabe11"
@@ -2462,6 +2469,11 @@ it-pb-rpc@^0.1.3:
     it-handshake "^1.0.1"
     it-length-prefixed "^3.0.0"
 
+it-pipe@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/it-pipe/-/it-pipe-1.1.0.tgz#f5964c6bb785dd776f11a62d1e75964787ab95ce"
+  integrity sha512-lF0/3qTVeth13TOnHVs0BTFaziwQF7m5Gg+E6JV0BXcLKutC92YjSi7bASgkPOXaLEb+YvNZrPorGMBIJvZfxg==
+
 it-pushable@^1.4.0:
   version "1.4.0"
   resolved "https://registry.yarnpkg.com/it-pushable/-/it-pushable-1.4.0.tgz#772d81b40ccab93c963a20420ab1ef2ecfc9b97d"