Create secure connection

2025-04-25 06:42:27 +00:00 · 2019-11-25 13:27:55 +01:00 · 2019-11-25 13:27:55 +01:00 · 4c5d5e0893
commit 4c5d5e0893
parent d51b40c986
4 changed files with 37 additions and 2 deletions
--- a/package.json
+++ b/package.json
@ -54,8 +54,11 @@
    "bcrypto": "^4.2.3",
    "bn.js": "^5.0.0",
    "buffer": "^5.4.3",
+    "it-buffer": "^0.1.1",
+    "it-length-prefixed": "^3.0.0",
    "it-pair": "^1.0.0",
    "it-pb-rpc": "^0.1.3",
+    "it-pipe": "^1.1.0",
    "protobufjs": "~6.8.8"
  }
 }
--- a/src/crypto.ts
+++ b/src/crypto.ts
@ -18,7 +18,7 @@ export function encryptStream(handshake: Handshake, session: NoiseSession) : IRe


 // Decrypt received payload to the user
-export function decryptStreams(handshake: Handshake, session: NoiseSession) : IReturnEncryptionWrapper {
+export function decryptStream(handshake: Handshake, session: NoiseSession) : IReturnEncryptionWrapper {
  return async function * (source) {
    for await (const chunk of source) {
      const decrypted = await handshake.decrypt(chunk, session);
--- a/src/noise.ts
+++ b/src/noise.ts
@ -1,6 +1,11 @@
 import { x25519 } from 'bcrypto';
 import { Buffer } from "buffer";
 import Wrap from 'it-pb-rpc';
+import DuplexPair from 'it-pair/duplex';
+import ensureBuffer from 'it-buffer';
+import pipe from 'it-pipe';
+import lp from 'it-length-prefixed';
+const { int16BEEncode, int16BEDecode } = lp;

 import { Handshake } from "./handshake";
 import { generateKeypair } from "./utils";
@ -80,7 +85,22 @@ export class Noise implements NoiseConnection {
    await handshake.finish(session);

    // Create encryption box/unbox wrapper
-    return await encryptStream(handshake, session);
+    const [secure, user] = DuplexPair();
+    const network = connection.unwrap();
+
+    pipe(
+      secure, // write to wrapper
+      ensureBuffer, // ensure any type of data is converted to buffer
+      encryptStream(handshake, session), // data is encrypted
+      lp.encode({ lengthEncoder: int16BEEncode }), // prefix with message length
+      network, // send to the remote peer
+      lp.decode({ lengthDecoder: int16BEDecode }), // read message length prefix
+      ensureBuffer, // ensure any type of data is converted to buffer
+      decryptStream(handshake, session), // decrypt the incoming data
+      secure // pipe to the wrapper
+    );
+
+    return user;
  }


--- a/yarn.lock
+++ b/yarn.lock
@ -2429,6 +2429,13 @@ isobject@^3.0.0, isobject@^3.0.1:
  resolved "https://registry.yarnpkg.com/isobject/-/isobject-3.0.1.tgz#4e431e92b11a9731636aa1f9c8d1ccbcfdab78df"
  integrity sha1-TkMekrEalzFjaqH5yNHMvP2reN8=

+it-buffer@^0.1.1:
+  version "0.1.1"
+  resolved "https://registry.yarnpkg.com/it-buffer/-/it-buffer-0.1.1.tgz#64981e3e5e8a316df6b7305c8e0639603527d322"
+  integrity sha512-yydimO5mqeejnvFY8LE0ugEqVDq6S2wpNM1lXsEeHoKwUuKpTJXmnngOMiPFTPhNYdPqZrNwdx+6+ZayzcHn+g==
+  dependencies:
+    bl "^4.0.0"
+
 it-handshake@^1.0.1:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/it-handshake/-/it-handshake-1.0.1.tgz#ed37a5622fcb82cfcb1e7eaebcf4872361cabe11"
@ -2462,6 +2469,11 @@ it-pb-rpc@^0.1.3:
    it-handshake "^1.0.1"
    it-length-prefixed "^3.0.0"

+it-pipe@^1.1.0:
+  version "1.1.0"
+  resolved "https://registry.yarnpkg.com/it-pipe/-/it-pipe-1.1.0.tgz#f5964c6bb785dd776f11a62d1e75964787ab95ce"
+  integrity sha512-lF0/3qTVeth13TOnHVs0BTFaziwQF7m5Gg+E6JV0BXcLKutC92YjSi7bASgkPOXaLEb+YvNZrPorGMBIJvZfxg==
+
 it-pushable@^1.4.0:
  version "1.4.0"
  resolved "https://registry.yarnpkg.com/it-pushable/-/it-pushable-1.4.0.tgz#772d81b40ccab93c963a20420ab1ef2ecfc9b97d"