2019-08-16 17:30:03 +02:00
|
|
|
'use strict'
|
|
|
|
|
|
2020-12-10 14:48:14 +01:00
|
|
|
const debug = require('debug')
|
|
|
|
|
const log = Object.assign(debug('libp2p:pnet'), {
|
|
|
|
|
error: debug('libp2p:pnet:err')
|
|
|
|
|
})
|
|
|
|
|
const { pipe } = require('it-pipe')
|
2020-02-14 13:42:23 +00:00
|
|
|
const errcode = require('err-code')
|
2021-04-15 09:40:02 +02:00
|
|
|
// @ts-ignore it-pair has no types exported
|
2019-11-04 14:05:58 +01:00
|
|
|
const duplexPair = require('it-pair/duplex')
|
|
|
|
|
const crypto = require('libp2p-crypto')
|
2019-08-16 17:30:03 +02:00
|
|
|
const Errors = require('./errors')
|
2020-02-14 13:42:23 +00:00
|
|
|
const {
|
2020-12-10 14:48:14 +01:00
|
|
|
codes: { ERR_INVALID_PARAMETERS }
|
2020-02-14 13:42:23 +00:00
|
|
|
} = require('../errors')
|
2019-11-04 14:05:58 +01:00
|
|
|
const {
|
|
|
|
|
createBoxStream,
|
|
|
|
|
createUnboxStream,
|
|
|
|
|
decodeV1PSK
|
|
|
|
|
} = require('./crypto')
|
2021-04-15 09:40:02 +02:00
|
|
|
// @ts-ignore it-handshake has no types exported
|
2019-11-04 14:05:58 +01:00
|
|
|
const handshake = require('it-handshake')
|
|
|
|
|
const { NONCE_LENGTH } = require('./key-generator')
|
2019-08-16 17:30:03 +02:00
|
|
|
|
|
|
|
|
/**
|
2020-12-10 14:48:14 +01:00
|
|
|
* @typedef {import('libp2p-interfaces/src/transport/types').MultiaddrConnection} MultiaddrConnection
|
2019-08-16 17:30:03 +02:00
|
|
|
*/
|
2020-12-10 14:48:14 +01:00
|
|
|
|
2019-08-16 17:30:03 +02:00
|
|
|
class Protector {
|
|
|
|
|
/**
|
2020-12-10 14:48:14 +01:00
|
|
|
* Takes a Private Shared Key (psk) and provides a `protect` method
|
|
|
|
|
* for wrapping existing connections in a private encryption stream.
|
|
|
|
|
*
|
2020-10-06 14:59:43 +02:00
|
|
|
* @param {Uint8Array} keyBuffer - The private shared key buffer
|
|
|
|
|
* @class
|
2019-08-16 17:30:03 +02:00
|
|
|
*/
|
|
|
|
|
constructor (keyBuffer) {
|
|
|
|
|
const decodedPSK = decodeV1PSK(keyBuffer)
|
|
|
|
|
this.psk = decodedPSK.psk
|
|
|
|
|
this.tag = decodedPSK.tag
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2019-11-04 14:05:58 +01:00
|
|
|
* Takes a given Connection and creates a private encryption stream
|
2019-08-16 17:30:03 +02:00
|
|
|
* between its two peers from the PSK the Protector instance was
|
|
|
|
|
* created with.
|
|
|
|
|
*
|
2020-12-10 14:48:14 +01:00
|
|
|
* @param {MultiaddrConnection} connection - The connection to protect
|
|
|
|
|
* @returns {Promise<MultiaddrConnection>} A protected duplex iterable
|
2019-08-16 17:30:03 +02:00
|
|
|
*/
|
2019-11-04 14:05:58 +01:00
|
|
|
async protect (connection) {
|
2020-02-14 13:42:23 +00:00
|
|
|
if (!connection) {
|
|
|
|
|
throw errcode(new Error(Errors.NO_HANDSHAKE_CONNECTION), ERR_INVALID_PARAMETERS)
|
|
|
|
|
}
|
2019-08-16 17:30:03 +02:00
|
|
|
|
2019-11-04 14:05:58 +01:00
|
|
|
// Exchange nonces
|
2019-08-16 17:30:03 +02:00
|
|
|
log('protecting the connection')
|
2019-11-04 14:05:58 +01:00
|
|
|
const localNonce = crypto.randomBytes(NONCE_LENGTH)
|
|
|
|
|
|
|
|
|
|
const shake = handshake(connection)
|
|
|
|
|
shake.write(localNonce)
|
2019-08-16 17:30:03 +02:00
|
|
|
|
2019-11-04 14:05:58 +01:00
|
|
|
const result = await shake.reader.next(NONCE_LENGTH)
|
|
|
|
|
const remoteNonce = result.value.slice()
|
|
|
|
|
shake.rest()
|
2019-08-16 17:30:03 +02:00
|
|
|
|
2019-11-04 14:05:58 +01:00
|
|
|
// Create the boxing/unboxing pipe
|
|
|
|
|
log('exchanged nonces')
|
|
|
|
|
const [internal, external] = duplexPair()
|
|
|
|
|
pipe(
|
|
|
|
|
external,
|
|
|
|
|
// Encrypt all outbound traffic
|
|
|
|
|
createBoxStream(localNonce, this.psk),
|
|
|
|
|
shake.stream,
|
|
|
|
|
// Decrypt all inbound traffic
|
|
|
|
|
createUnboxStream(remoteNonce, this.psk),
|
|
|
|
|
external
|
2020-06-18 15:33:08 +02:00
|
|
|
).catch(log.error)
|
2019-08-16 17:30:03 +02:00
|
|
|
|
2019-11-04 14:05:58 +01:00
|
|
|
return internal
|
2019-08-16 17:30:03 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
module.exports = Protector
|
|
|
|
|
module.exports.errors = Errors
|
|
|
|
|
module.exports.generate = require('./key-generator')
|
