Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

simple-handshake

Package Overview
Dependencies
Maintainers
1
Versions
10
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

simple-handshake

Simple Noise handshake state machine

  • 1.3.0
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
1K
increased by250.69%
Maintainers
1
Weekly downloads
 
Created
Source

simple-handshake

Build Status

Simple Noise handshake state machine

Usage

var simpleHandshake = require('simple-handshake')

// Generate static keys. Ideally these are saved as the represent either party's
// identity
var clientKeys = simpleHandshake.keygen()
var serverKeys = simpleHandshake.keygen()

// Make a client/server pair. These are also known as initiator/responder
var client = simpleHandshake(true, {
  pattern: 'XX',
  staticKeyPair: clientKeys
})

var server = simpleHandshake(false, {
  pattern: 'XX',
  staticKeyPair: serverKeys
})

// Use a simple Round trip function to do the back and forth.
// In practise this would go over a network
rtt(client, server, function (err) {
  if (err) throw err

  // Now both parties have arrived at the same shared secrets
  // client.tx === server.rx and server.tx === client.rx
  console.log(client.split, server.split)
})

function rtt (from, to, cb) {
  // waiting === true means waiting to receive data, hence it should be false
  // if we're ready to send data!
  if (from.waiting !== false) return cb(new Error('Not ready to send data'))

  from.send(null, function (err, buf) {
    if (err) return cb(err)

    to.recv(buf, function (err) {
      if (err) return cb(err)

      // Keep going until from is finished
      if (from.finished === true) return cb()

      // recurse until finished
      return rtt(to, from, cb)
    })
  })
}

API

var hs = simpleHandshake(isInitiator, [opts])

Options include:

{
  pattern: 'XX', // Noise handshake pattern. XX transmits the keys
  prologue: Buffer.alloc(0), // Defaults to empty Buffer
  staticKeyPair: {publicKey, secretKey}, // Local static key pair
  remoteStaticKey: Buffer, // Remote public key for other patterns eg. KK

  // Callback when receiving a ephemeral public key from a remote peer.
  onephemeralkey(remoteEphemeralKey, cb),

  // Callback when receiving a static public key from a remote peer.
  // Can be used to validate the key against certificates, CRL etc.
  onstatickey(remoteStaticKey, cb),

  // Callback when handshaking has finished.
  // Can be used to access the handshakeHash or other state data, before it is
  // cleared
  onhandshake(state, cb),

  // Normally not set, but may be if upgrading from another pattern.
  ephemeralKeyPair: {publicKey, secretKey},
  remoteEphemeralKey: Buffer
}

hs.waiting

Flag indicating whether this instance is waiting for remote data, ie. hs.recv should be called next. If false hs.send should be called next.

hs.finished

Flag indicating whether the handshake is finished. If an error occurs this flag will also be set true, as the instance is no longer usable.

hs.split

A Noise split containing a {rx, tx} object of Buffers which are 32 byte shared secret | 8 byte nonce (a Noise CipherState). rx at the initiator matches tx at the responder.

hs.handshakeHash

Channel binding handshake hash, available after the handshake has completed and a split has occurred. See the Noise Specification for details

hs.send(payload, cb(err, message))

Encode a message with a payload (which if null defaults to an empty buffer), for sending to the other party. Message is written in a preallocated Buffer, meaning that the backing Buffer is reused at the next call to .send.

hs.recv(message, cb(err, payload))

Decode a message with a payload (which may be an empty buffer). payload is written in a preallocated Buffer, meaning that the backing Buffer for is reused at the next call to .recv, so you must copy the payload if you need it for longer. If a static key is received and onstatickey is set, this function is called between parsing and cb.

hs.destroy()

Destroy internal state in case you need to terminate the handshake before it has completed.

SimpleHandshake.keygen()

Generate a key pair for use with the staticKeyPair option

Install

npm install simple-handshake

License

ISC

FAQs

Package last updated on 23 Jul 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc