holepunchto · telamon · Oct 21, 2024 · Oct 15, 2024 · Oct 16, 2024 · Oct 18, 2024
diff --git a/README.md b/README.md
@@ -137,6 +137,16 @@ Emitted when the handshake is fully done.
 It is safe to write to the stream immediately though, as data is buffered
 internally before the handshake has been completed.
 
+#### `await s.send(buffer)`
+Sends an encrypted unordered message, see [udx-native](https://github.com/holepunchto/udx-native/tree/main?tab=readme-ov-file#await-streamsendbuffer) for details.  
+This method with silently fail if called before handshake is complete or if the underlying rawStream is not an UDX-stream (not capable of UDP).
+
+#### `s.trySend(buffer)`
+Same as `send(buffer)` but does not return a promise.
+
+#### `s.on('message', onmessage)`
+Emmitted when an unordered message is received
+
 #### `keyPair = SecretStream.keyPair([seed])`
 
 Generate a ed25519 key pair.

diff --git a/index.js b/index.js
@@ -9,7 +9,7 @@ const Bridge = require('./lib/bridge')
 const Handshake = require('./lib/handshake')
 
 const IDHEADERBYTES = HEADERBYTES + 32
-const [NS_INITIATOR, NS_RESPONDER] = crypto.namespace('hyperswarm/secret-stream', 2)
+const [NS_INITIATOR, NS_RESPONDER, NS_BOX] = crypto.namespace('hyperswarm/secret-stream', 3)
 const MAX_ATOMIC_WRITE = 256 * 256 * 256 - 1
 
 module.exports = class NoiseSecretStream extends Duplex {
@@ -70,6 +70,7 @@ module.exports = class NoiseSecretStream extends Duplex {
     this._decrypt = null
     this._timeoutTimer = null
     this._keepAliveTimer = null
+    this._sendState = null
 
     if (opts.autoStart !== false) this.start(rawStream, opts)
 
@@ -379,6 +380,9 @@ module.exports = class NoiseSecretStream extends Duplex {
     const id = buf.subarray(3, 3 + 32)
     streamId(handshakeHash, this.isInitiator, id)
 
+    // initialize secretbox state for unordered messages
+    this._setupSecretSend(handshakeHash)
+
     this.emit('handshake')
     // if rawStream is a bridge, also emit it there
     if (this.rawStream !== this._rawStream) this.rawStream.emit('handshake')
@@ -388,6 +392,24 @@ module.exports = class NoiseSecretStream extends Duplex {
     this._rawStream.write(buf)
   }
 
+  _setupSecretSend (handshakeHash) {
+    this._sendState = b4a.allocUnsafeSlow(32 + 32 + 8 + 8)
+    const encrypt = this._sendState.subarray(0, 32) // secrets
+    const decrypt = this._sendState.subarray(32, 64)
+    const counter = this._sendState.subarray(64, 72) // nonce
+    const initial = this._sendState.subarray(72)
+
+    const inputs = this.isInitiator
+      ? [[NS_INITIATOR, NS_BOX], [NS_RESPONDER, NS_BOX]]
+      : [[NS_RESPONDER, NS_BOX], [NS_INITIATOR, NS_BOX]]
+
+    sodium.crypto_generichash_batch(encrypt, inputs[0], handshakeHash)
+    sodium.crypto_generichash_batch(decrypt, inputs[1], handshakeHash)
+
+    sodium.randombytes_buf(initial)
+    counter.set(initial)
+  }
+
   _open (cb) {
     // no autostart or no handshake yet
     if (this._rawStream === null || (this._handshake === null && this._encrypt === null)) {
@@ -398,6 +420,7 @@ module.exports = class NoiseSecretStream extends Duplex {
     this._rawStream.on('data', this._onrawdata.bind(this))
     this._rawStream.on('end', this._onrawend.bind(this))
     this._rawStream.on('drain', this._onrawdrain.bind(this))
+    this._rawStream.on('message', this._onmessage.bind(this))
 
     if (this._encrypt !== null) {
       this._resolveOpened(true)
@@ -500,6 +523,63 @@ module.exports = class NoiseSecretStream extends Duplex {
     cb(null)
   }
 
+  _boxMessage (buffer) {
+    const MB = sodium.crypto_secretbox_MACBYTES // 16
+    const NB = sodium.crypto_secretbox_NONCEBYTES // 24
+
+    const counter = this._sendState.subarray(64, 72)
+    sodium.sodium_increment(counter)
+    if (b4a.equals(counter, this._sendState.subarray(72))) {
+      this.destroy(new Error('udp send nonce exchausted'))
+    }
+
+    const secret = this._sendState.subarray(0, 32)
+    const envelope = b4a.allocUnsafe(8 + MB + buffer.length)
+    const nonce = envelope.subarray(0, NB)
+    const ciphertext = envelope.subarray(8)
+
+    b4a.fill(nonce, 0) // pad suffix
+    nonce.set(counter)
+
+    sodium.crypto_secretbox_easy(ciphertext, buffer, nonce, secret)
+    return envelope
+  }
+
+  send (buffer) {
+    if (!this._sendState) return
+    if (!this.rawStream?.send) return // udx-stream expected
+
+    const message = this._boxMessage(buffer)
+    return this.rawStream.send(message)
+  }
+
+  trySend (buffer) {
+    if (!this._sendState) return
+    if (!this.rawStream?.trySend) return // udx-stream expected
+
+    const message = this._boxMessage(buffer)
+    this.rawStream.trySend(message)
+  }
+
+  _onmessage (buffer) {
+    if (!this._sendState) return // messages before handshake are dropped
+
+    const MB = sodium.crypto_secretbox_MACBYTES // 16
+    const NB = sodium.crypto_secretbox_NONCEBYTES // 24
+
+    const nonce = b4a.allocUnsafe(NB)
+    b4a.fill(nonce, 0)
+    nonce.set(buffer.subarray(0, 8))
+
+    const secret = this._sendState.subarray(32, 64)
+    const ciphertext = buffer.subarray(8)
+    const plain = buffer.subarray(8, buffer.length - MB)
+
+    const success = sodium.crypto_secretbox_open_easy(plain, ciphertext, nonce, secret)
+
+    if (success) this.emit('message', plain)
+  }
+
   alloc (len) {
     const buf = b4a.allocUnsafe(len + 3 + ABYTES)
     this._outgoingWrapped = buf

diff --git a/package.json b/package.json
@@ -20,7 +20,8 @@
   },
   "devDependencies": {
     "brittle": "^3.3.0",
-    "standard": "^17.1.0"
+    "standard": "^17.1.0",
+    "udx-native": "^1.13.2"
   },
   "scripts": {
     "test": "standard && brittle test.js"

diff --git a/test.js b/test.js
@@ -4,6 +4,7 @@ const Events = require('events')
 const crypto = require('crypto')
 const { Readable, Duplex } = require('streamx')
 const NoiseStream = require('./')
+const UDX = require('udx-native')
 
 test('basic', function (t) {
   t.plan(2)
@@ -638,3 +639,50 @@ test('basic - unslab checks', function (t) {
     t.ok(pull.state.buffer.byteLength < 100, 'pull.state.buffer no slab')
   })
 })
+
+function udxPair () {
+  const u = new UDX()
+  const socket1 = u.createSocket()
+  const socket2 = u.createSocket()
+  for (const s of [socket1, socket2]) s.bind()
+
+  const stream1 = u.createStream(1)
+  const stream2 = u.createStream(2)
+  stream1.connect(socket1, stream2.id, socket2.address().port, '127.0.0.1')
+  stream2.connect(socket2, stream1.id, socket1.address().port, '127.0.0.1')
+
+  return [
+    new NoiseStream(true, stream1),
+    new NoiseStream(false, stream2),
+
+    async () => {
+      for (const stream of [stream1, stream2]) stream.end()
+      await socket1.close()
+      await socket2.close()
+    }
+  ]
+}
+
+test('encrypted unordered message', async function (t) {
+  const [a, b, destroy] = udxPair()
+  const message = Buffer.from('plaintext', 'utf8')
+
+  const transmission1 = new Promise(resolve => b.once('message', resolve))
+
+  await a.opened
+  await b.opened
+
+  await a.send(message)
+
+  const m0 = await transmission1
+  t.ok(m0.equals(message), 'send(): received & decrypted')
+
+  const transmission2 = new Promise(resolve => a.once('message', resolve))
+
+  b.trySend(message)
+
+  const m1 = await transmission2
+  t.ok(m1.equals(message), 'trySend(): received & decrypted')
+
+  await destroy()
+})