Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

curvecp

Package Overview
Dependencies
Maintainers
1
Versions
30
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

curvecp - npm Package Compare versions

Comparing version 1.0.2 to 1.1.0

examples/client.sh
examples/env.sh
examples/server.sh

73

examples/reference-test-client.js

@@ -1,51 +0,30 @@

var dgram = require('dgram')
var net = require('net-udp')
var PacketStream = require('../src/packet-stream.js')
var MessageStream = require('../src/message-stream.js')
var nacl = require('tweetnacl')
nacl.util = require('tweetnacl-util')
var events = require('events')
var inherits = require('inherits')
var winston = require('winston')
var winstonWrapper = require('winston-meta-wrapper')
var logger = new winston.Logger({
transports: [
new winston.transports.Console({
level: 'debug',
timestamp: true,
logstash: false
})
]
})
logger = winstonWrapper(logger)
var keypair = nacl.box.keyPair()
var connection = new net.Socket()
var UDPStream = function () {
var stream = this
this.socket = dgram.createSocket('udp4')
this.socket.bind(0)
this.socket.on('close', function () {
stream.emit('close')
})
this.socket.on('error', function (error) {
stream.emit('error', error)
})
this.socket.on('listening', function () {
console.log('listening')
messageStream.connect()
})
this.socket.on('message', function (msg, rinfo) {
stream.emit('data', msg)
})
events.EventEmitter.call(this)
}
inherits(UDPStream, events.EventEmitter)
UDPStream.prototype.destroy = function () {
this.socket.close()
}
UDPStream.prototype.write = function (buffer) {
var callback_ = function (err) {
console.log('callback')
console.log(err)
}
this.socket.send(buffer, 0, buffer.length, process.env.SERVER_PORT, process.env.SERVER_ADDRESS, callback_)
}
var connection = new UDPStream()
var packetStream = new PacketStream({
stream: connection,
logger: logger,
is_server: false,
serverName: process.env.SERVER_NAME,
serverPublicKey: nacl.util.decodeBase64(process.env.SERVER_KEY),
serverName: process.env.SERVER_HOSTNAME,
clientPublicKey: keypair.publicKey,

@@ -55,11 +34,13 @@ clientPrivateKey: keypair.secretKey

var messageStream = new MessageStream(packetStream)
var messageStream = new MessageStream({
stream: packetStream,
logger: logger
})
messageStream.on('connect', function () {
console.log('connected')
messageStream.write('test\n')
console.log('messagestream connected')
})
messageStream.on('data', function (data) {
console.log('data')
console.log(data)
console.log(data.toString())
})

@@ -75,1 +56,7 @@

})
var boxId = nacl.util.encodeBase64(new Uint8Array(new Buffer(process.env.SERVER_KEY, 'hex')))
messageStream.connect(boxId, {
addresses: [process.env.SERVER_IP],
port: parseInt(process.env.SERVER_PORT, 10)
})

2

package.json
{
"name": "curvecp",
"version": "1.0.2",
"version": "1.1.0",
"description": "Pure javascript CurveCP library",

@@ -5,0 +5,0 @@ "main": "src/index.js",

19

src/message-stream.js

@@ -47,4 +47,11 @@ var Chicago = require('./chicago.js')

this._stream.on('connect', function () {
self.__streamReady = true
self.emit('connect')
var message = new Message()
self._stream.write(message.toBuffer(), function (err) {
if (!err) {
self.__streamReady = true
self.emit('connect')
} else {
self.emit('error', err)
}
})
})

@@ -102,3 +109,8 @@ this._stream.on('lookup', function (err, address, family) {

var message = new Message()
message.fromBuffer(data)
try {
message.fromBuffer(data)
} catch (e) {
this._log.warn('Invalid message received')
return
}
this._incoming.push(message)

@@ -316,2 +328,3 @@ }

this._log.warn('error while sending CurveCP message')
this.emit('error', err)
}

@@ -318,0 +331,0 @@ }

20

src/message.js
var Uint64BE = require('int64-buffer').Uint64BE
var assert = require('assert')
var MAX_MESSAGE_SIZE = 1088
var MINIMAL_PADDING = 16
var HEADER_SIZE = 48
var MIN_MESSAGE_SIZE = MINIMAL_PADDING + HEADER_SIZE
var MAX_MESSAGE_SIZE = 1088
var MAX_BODY_SIZE = MAX_MESSAGE_SIZE - MIN_MESSAGE_SIZE
var STOP_SUCCESS = 2048

@@ -31,2 +34,5 @@ var STOP_FAILURE = 4096

Message.prototype.fromBuffer = function (buf) {
if (buf.length < MIN_MESSAGE_SIZE || buf.length > MAX_MESSAGE_SIZE) {
throw new Error('Invalid message size')
}
this.id = buf.readUInt32LE()

@@ -52,2 +58,5 @@ this.acknowledging_id = buf.readUInt32LE(4)

this.flags = buf.readUInt16LE(38)
if (!this._validFlags(this.flags)) {
throw new Error('Invalid flags')
}
this.offset = new Buffer(8)

@@ -63,5 +72,14 @@ buf.copy(this.offset, 0, 40)

this.failure = Boolean((this.flags - this.data_length) & STOP_FAILURE)
if (buf.length < MIN_MESSAGE_SIZE + this._data_length) {
throw new Error('Advertised data not included in message')
}
this.data = buf.slice(buf.length - this.data_length)
}
Message.prototype._validFlags = function (flags) {
return (flags >= 0 && flags <= MAX_BODY_SIZE) ||
(flags >= STOP_SUCCESS && flags <= STOP_SUCCESS + MAX_BODY_SIZE) ||
(flags >= STOP_FAILURE && flags <= STOP_FAILURE + MAX_BODY_SIZE)
}
Message.prototype.isAcknowledged = function (startByte, length) {

@@ -68,0 +86,0 @@ return this._inRange1(startByte, length) ||

77

src/packet-stream.js

@@ -71,5 +71,5 @@ 'use strict'

buffer.fill(0)
buffer.write(this.serverName)
this.serverName = buffer
// this.serverName = new Uint8Array(buffer)
buffer.write('0A', 'hex')
buffer.write(this.serverName, 1)
this.serverName = new Uint8Array(buffer)
}

@@ -158,3 +158,3 @@ if (!this.isServer) {

} else {
// TODO: Trigger resend of hello or initiate packet
curveStream.emit('error', new Error('Timeout expired to establish connection'))
}

@@ -186,10 +186,2 @@ }

}
if (!this._isEqual(this.clientExtension, message.subarray(8, 24))) {
this._log.warn('invalid clientExtension')
return
}
if (!this._isEqual(this.serverExtension, message.subarray(24, 40))) {
this._log.warn('invalid serverExtension')
return
}
var messageType = message.subarray(0, 8)

@@ -213,10 +205,2 @@ if (this._isEqual(messageType, COOKIE_MSG)) {

}
if (!this._isEqual(this.clientExtension, message.subarray(24, 40))) {
this._log.warn('invalid clientExtension')
return
}
if (!this._isEqual(this.serverExtension, message.subarray(8, 24))) {
this._log.warn('invalid serverExtension')
return
}
var messageType = message.subarray(0, 8)

@@ -407,2 +391,20 @@ if (this._isEqual(messageType, HELLO_MSG)) {

PacketStream.prototype._validExtensions = function (array) {
if (this.isServer) {
return this._validServerExtension(array.subarray(8, 8 + 16)) &&
this._validClientExtension(array.subarray(8 + 16, 8 + 16 + 16))
} else {
return this._validClientExtension(array.subarray(8, 8 + 16)) &&
this._validServerExtension(array.subarray(8 + 16, 8 + 16 + 16))
}
}
PacketStream.prototype._validServerExtension = function (extension) {
return this._isEqual(extension, this.serverExtension)
}
PacketStream.prototype._validClientExtension = function (extension) {
return this._isEqual(extension, this.clientExtension)
}
PacketStream.prototype._createNonceFromCounter = function (prefix) {

@@ -471,2 +473,7 @@ this._increaseCounter()

}
this.clientExtension = helloMessage.subarray(8 + 16, 8 + 16 + 16)
if (!this._validServerExtension(helloMessage.subarray(8, 8 + 16))) {
this._log.warn('Invalid server extension in hello message')
return
}
this.clientConnectionPublicKey = helloMessage.subarray(40, 40 + 32)

@@ -531,2 +538,6 @@ if (!this.__validNonce(helloMessage, 40 + 32 + 64)) {

}
if (!this._validExtensions(cookieMessage)) {
this._log.warn('Invalid extensions')
return
}
var boxData = this._decrypt(cookieMessage.subarray(40, 200), 'CurveCPK', this.serverPublicKey, this.clientConnectionPrivateKey)

@@ -585,2 +596,10 @@ if (boxData === undefined || !boxData) {

}
if (!this._isEqual(initiateMessage.subarray(40, 40 + 32), this.clientConnectionPublicKey)) {
this._log.warn('Invalid client connection key')
return
}
if (!this._validExtensions(initiateMessage)) {
this._log.warn('Invalid extensions')
return
}
if (!this.__validNonce(initiateMessage, 72 + 96)) {

@@ -609,2 +628,6 @@ this._log.warn('Invalid nonce received')

}
if (!this._isEqual(initiateBoxData.subarray(32 + 16 + 48, 32 + 16 + 48 + 256), this.serverName)) {
this._log.warn('Invalid server name')
return
}
this._setCanSend(true)

@@ -634,2 +657,6 @@ this.emit('connect')

}
if (!this._validExtensions(message)) {
this._log.warn('Invalid extensions')
return
}
if (!this.__validNonce(message, 40)) {

@@ -655,2 +682,3 @@ this._log.warn('Invalid nonce received')

result.set(CLIENT_MSG)
result.set(this.clientConnectionPublicKey, 40)
var nonce = this._createNonceFromCounter('CurveCP-client-M')

@@ -669,2 +697,10 @@ var messageBox = this._encryptShared(message, nonce, 16)

}
if (!this._validExtensions(message)) {
this._log.warn('Invalid extensions')
return
}
if (!this._isEqual(message.subarray(40, 40 + 32), this.clientConnectionPublicKey)) {
this._log.warn('Invalid client connection key')
return
}
if (!this.__validNonce(message, 40 + 32)) {

@@ -680,2 +716,3 @@ this._log.warn('Invalid nonce received')

var buffer = new Buffer(boxData)
this._setCanSend(true)
this.push(buffer)

@@ -682,0 +719,0 @@ }

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc