cubyz-node-client 1.1.0 → 1.3.0

package/dist/secureChannel.d.ts

@@ -0,0 +1,91 @@
+import { Buffer } from "node:buffer";
+import type dgram from "node:dgram";
+export declare function encodeMsbVarInt(value: number): Buffer;
+interface FramedMessage {
+    protocolId: number;
+    payload: Buffer;
+}
+/**
+ * SecureChannelHandler drives a manual TLS 1.3 handshake over the Cubyz
+ * UDP channel 1 (SECURE).
+ *
+ * We implement TLS 1.3 ourselves because the Cubyz server generates a
+ * self-signed RSA-PSS certificate with an empty serialNumber (ASN.1
+ * INTEGER of length 0), which OpenSSL 3 rejects even with
+ * `rejectUnauthorized: false` — the error fires during record parsing,
+ * not during certificate verification.
+ *
+ * We only support TLS_AES_256_GCM_SHA384 with X25519 key exchange, which
+ * is what mbedTLS 3.x negotiates.  We do not validate the server
+ * certificate at all (MITM is mitigated by the application-level
+ * signature exchange that follows).
+ *
+ * verificationData = all bytes received from the server on channel 1
+ * BEFORE `secureConnect` fires (i.e. every byte pushed via feedRawBytes
+ * before the handshake completes).  This matches the Zig server's
+ * definition on the client side.
+ */
+export declare class SecureChannelHandler {
+    private readonly udpSocket;
+    private readonly host;
+    private readonly port;
+    private readonly channelId;
+    private readonly mtu;
+    private sendSeq;
+    private state;
+    private readonly recordParser;
+    private readonly decoder;
+    private transcript;
+    private serverHandshakeKey;
+    private serverHandshakeIv;
+    private serverHandshakeSeq;
+    private clientHandshakeKey;
+    private clientHandshakeIv;
+    private clientHandshakeSeq;
+    private serverAppKey;
+    private serverAppIv;
+    private serverAppSeq;
+    private clientAppKey;
+    private clientAppIv;
+    private clientAppSeq;
+    private verificationDataBufs;
+    private collectingVerificationData;
+    private readonly clientX25519PrivKey;
+    private readonly clientX25519PubKeyBytes;
+    private readonly clientRandom;
+    onMessage: ((msg: FramedMessage) => void) | null;
+    onSecureConnect: ((verificationData: Buffer) => void) | null;
+    onError: ((err: Error) => void) | null;
+    verificationDataBuffer: Buffer | undefined;
+    constructor(options: {
+        socket: dgram.Socket;
+        host: string;
+        port: number;
+        channelId: number;
+        mtu: number;
+        initialSendSeq: number;
+    });
+    /**
+     * Trigger the TLS handshake.  Must be called after the UDP init-ACK packet
+     * has been handed to the OS send queue so the server is guaranteed to be in
+     * the .connected state before it receives the TLS ClientHello.
+     */
+    startHandshake(): void;
+    feedRawBytes(data: Buffer): void;
+    private handleRecord;
+    private handlePlaintextHandshake;
+    private deriveHandshakeKeys;
+    private _handshakeSecret;
+    private _clientHsSecret;
+    private _serverHsSecret;
+    private deriveApplicationKeys;
+    private handleEncryptedRecord;
+    private handleDecryptedHandshakeMsg;
+    private processServerFinished;
+    private computeFinishedVerifyData;
+    private sendClientFinished;
+    sendMessage(protocolId: number, payload: Buffer): void;
+    private sendRawTlsRecord;
+    private fail;
+}
+export {};