noise_protocol 0.1.1

  • Readme
  • Changelog
  • Example
  • Installing
  • 39

Pub Package Github Actions CI

Overview #

Noise framework is a secure handshake protocol, which has been analyzed by professional cryptographers. It has been adopted by products/companies such as WhatsApp (whitepaper) and Slack (blog post).

Important: this early version doesn't pass acceptance tests yet.

A short introduction #

Noise protocol defines 24 possible handshake patterns. You need to choose one that's relevant for your requirements. For example:

  • KK
    • A two-message handshake in which both parties know each other's static keys.
  • XX
    • A three-message handshake in which both parties lack any pre-existing knowledge about each other.
  • XXpsk3
    • A three-message handshake in which both parties know a symmetric secret.
  • IK
    • A two-message handshake in which initiator knows the responder's static key.
  • N
    • A one-message handshake in which initiator knows the responder's static key. Suitable for use cases such as file encryption.

You also need to choose a key exchange algorithm, a cipher, and a hash algorithm. This implementation supports:

  • Key exchange algorithms:
    • X25519
  • Ciphers:
    • AES-GCM
    • ChaCha20-Poly1305 AEAD
  • Hashes:
    • BLAKE2s
    • SHA2-256

Please remember that you also need to use of prologue and/or payload to prevent replay attacks and identity probing.

The output of a Noise handshake is two symmetric encryption keys: one for encrypting, one for decrypting.

Please read more at noiseprotocol.org.

0.1.1 #

  • Fixes version constraints.

0.1.0 #

  • Initial version

example/example.dart

// Copyright 2019 Gohilla Ltd (https://gohilla.com).
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

import 'package:cryptography/utils.dart';
import 'package:noise_protocol/noise_protocol.dart';

Future<void> main() async {
  final protocol = NoiseProtocol(
    handshakePattern: HandshakePattern.xx,
    keyExchangeAlgorithm: NoiseKeyExchangeAlgorithm.x25519,
    cipher: NoiseCipher.chachaPoly,
    hashAlgorithm: NoiseHashAlgorithm.blake2s,
  );

  // A buffer for messages
  final buffer = <int>[];

  // Handshake states
  final localHandshakeState = HandshakeState(
    protocol: protocol,
    authenticator: NoiseAuthenticator(
        // You can fix local/remote keys here
        ),
  );
  final remoteHandshakeState = HandshakeState(
    protocol: protocol,
    authenticator: NoiseAuthenticator(),
  );

  // Let's do a handshake with KK pattern
  await localHandshakeState.initialize(
    isInitiator: true,
  );
  await remoteHandshakeState.initialize(
    isInitiator: false,
  );

  // local --> remote
  await localHandshakeState.writeMessage(
    messageBuffer: buffer,
    payload: [1, 2, 3], // Should contain be unique to prevent replay attacks
  );
  await remoteHandshakeState.readMessage(
    message: buffer,
  );
  print('Local --> remote: ${hexFromBytes(buffer)}');
  buffer.clear();

  // local <-- remote
  await remoteHandshakeState.writeMessage(
    messageBuffer: buffer,
    payload: [4, 5, 6], // Should contain be unique to prevent replay attacks
  );
  await localHandshakeState.readMessage(
    message: buffer,
  );
  print('Local <-- remote: ${hexFromBytes(buffer)}');
  buffer.clear();

  // local --> remote
  final localState = await localHandshakeState.writeMessage(
    messageBuffer: buffer,
  );
  final remoteState = await remoteHandshakeState.readMessage(
    message: buffer,
  );

  print('Local --> remote: ${hexFromBytes(buffer)}');
  print('');
  buffer.clear();

  {
    final keyForSending = localState.encryptingState.secretKey.extractSync();
    final keyForReceiving = localState.decryptingState.secretKey.extractSync();
    print('Local keys:');
    print('  Sending: ${hexFromBytes(keyForSending)}');
    print('  Receiving: ${hexFromBytes(keyForReceiving)}');
  }
  {
    final keyForSending = remoteState.encryptingState.secretKey.extractSync();
    final keyForReceiving = remoteState.decryptingState.secretKey.extractSync();
    print('');
    print('Remote keys:');
    print('  Sending: ${hexFromBytes(keyForSending)}');
    print('  Receiving: ${hexFromBytes(keyForReceiving)}');
  }

  // Now both parties have:
  //   * A secret key for sending.
  //   * A secret key receiving.
}

Use this package as a library

1. Depend on it

Add this to your package's pubspec.yaml file:


dependencies:
  noise_protocol: ^0.1.1

2. Install it

You can install packages from the command line:

with pub:


$ pub get

Alternatively, your editor might support pub get. Check the docs for your editor to learn more.

3. Import it

Now in your Dart code, you can use:


import 'package:noise_protocol/noise_protocol.dart';
  
Popularity:
Describes how popular the package is relative to other packages. [more]
21
Health:
Code health derived from static analysis. [more]
42
Maintenance:
Reflects how tidy and up-to-date the package is. [more]
80
Overall:
Weighted score of the above. [more]
39
Learn more about scoring.

We analyzed this package on Jul 11, 2020, and provided a score, details, and suggestions below. Analysis was completed with status completed using:

  • Dart: 2.8.4
  • pana: 0.13.14

Health issues and suggestions

Fix lib/src/handshake_protocol.dart. (-43.75 points)

Analysis of lib/src/handshake_protocol.dart failed with 2 errors:

line 49 col 39: Undefined name 'uint32mask'.

line 50 col 27: Undefined name 'uint32mask'.

Fix lib/noise_protocol.dart. (-25 points)

Analysis of lib/noise_protocol.dart failed with 1 error:

line 26 col 8: Target of URI doesn't exist: 'package:cryptography/utils.dart'.

Maintenance issues and suggestions

No valid SDK. (-20 points)

The analysis could not detect a valid SDK that can use this package.

Dependencies

Package Constraint Resolved Available
Direct dependencies
Dart SDK >=2.5.0 <3.0.0
collection ^1.14.0 1.14.13 1.15.0-nullsafety
cryptography ^1.0.0 1.4.1
kms ^0.4.0 0.4.1
meta ^1.1.0 1.2.2 1.3.0-nullsafety
typed_data ^1.1.0 1.2.0 1.3.0-nullsafety
Transitive dependencies
charcode 1.1.3
convert 2.1.1
crypto 2.1.5
fixnum 0.10.11
js 0.6.2
Dev dependencies
pedantic ^1.9.0
test ^1.6.0