UNPKG

siphash24-stream

Version:

siphash24 mac signing and verification as streams

github.com/chiefbiiko/siphash24-stream

chiefbiiko/siphash24-stream

95 lines (60 loc) 3.2 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# siphash24-stream [![build status](http://img.shields.io/travis/chiefbiiko/siphash24-stream.svg?style=flat)](http://travis-ci.org/chiefbiiko/siphash24-stream) [![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/github/chiefbiiko/siphash24-stream?branch=master&svg=true)](https://ci.appveyor.com/project/chiefbiiko/siphash24-stream) [![Security Responsible Disclosure](https://img.shields.io/badge/Security-Responsible%20Disclosure-yellow.svg)](./security.md) **SipHash24** *sign* and *verify* streams powered by [a seedable keystream](https://github.com/chiefbiiko/seed-bytes). *** ## Get it! ``` npm install --save siphash24-stream ``` *** ## Usage Create both *signing* and *verifying* streams by supplying a variable-length symmetric key that is used for seeding an internal keystream. Run `node ./usage.js`: ``` js var crypto = require('crypto') var stream = require('stream') var sip = require('siphash24-stream') var DELIMITER = Buffer.from([ 0, 4, 1, 9, 4, 1, 9, 0 ]) var NSA = Buffer.concat([ // pac crypto.randomBytes(8), // bad mac Buffer.from('nsa pac'), // msg DELIMITER ]) var shared = '419' // shared secret, symmetric key var opts = { algo: 'alea', delimiter: DELIMITER } // default options var alice = sip.createSigningStream(shared, opts) // alice signs var bob = sip.createVerifyingStream(shared, opts) // bob verifies var thru = new stream.PassThrough() // some sort of socket function onpac (info, chunk) { console.log(info, chunk.toString()) } alice.pipe(thru).pipe(bob) // alice writes, bob reads thru.on('data', onpac.bind(null, 'bob input:')) bob.on('data', onpac.bind(null, 'bob ok:')) bob.on('dropping', onpac.bind(null, 'bob dropping:')) alice.write('push all dirty money overseas') thru.write(NSA) // being intercepted alice.end('and buy uzis') ``` Note that only legit msg packs pass thru the verifying end, in this case `bob`. *** ## API ### `var sign = sip.createSigningStream(init[, opts])` Create a transform stream that signs all its throughput with a SipHash24 mac. `init` is the seed for a random byte generator used as key stream. Options default to: ``` js { algo: 'alea', delimiter: Buffer.from([ 0, 4, 1, 9, 4, 1, 9, 0 ]) } ``` `opts.algo` indicates the algorithm to use for the internal random number generator. Check out [`seedrandom`](https://github.com/davidbau/seedrandom#other-fast-prng-algorithms) for a list of supported algorithms. `opts.delimiter` is the message delimiter, must be a buffer. ### `var verify = sip.createVerifyingStream(init[, opts])` Create a transform stream that verifies all its throughput against a SipHash24 mac. Bad chunks are rejected and not passed on, not pushed any further, but emitted with the `dropping` event. ### `var { sign, verify } = sip.createSipHash24Streams(init[, opts])` Create a SipHash24 *sign* and *verify* stream duplet. ### `verify.on('dropping', ondropping)` Emitted with every chunk that will not be pushed further. Use this if you wish to check dropouts. Calling back like `ondropping(chunk)`. *** ## License [MIT](./license.md)