js-libp2p-noise/src/noise.ts

import { x25519 } from 'bcrypto';
import { Buffer } from "buffer";
import Wrap from 'it-pb-rpc';
import DuplexPair from 'it-pair/duplex';
import ensureBuffer from 'it-buffer';
import pipe from 'it-pipe';
import lp from 'it-length-prefixed';

import { Handshake } from "./handshake-xx";
import { generateKeypair } from "./utils";
import { uint16BEDecode, uint16BEEncode } from "./encoder";
import { decryptStream, encryptStream } from "./crypto";
import { bytes } from "./@types/basic";
import { NoiseConnection, PeerId, KeyPair, SecureOutbound } from "./@types/libp2p";
import { Duplex } from "./@types/it-pair";

export type WrappedConnection = ReturnType<typeof Wrap>;

export class Noise implements NoiseConnection {
  public protocol = "/noise";

  private readonly privateKey: bytes;
  private readonly staticKeys: KeyPair;
  private readonly earlyData?: bytes;

  constructor(privateKey: bytes, staticNoiseKey?: bytes, earlyData?: bytes) {
    this.privateKey = privateKey;
    this.earlyData = earlyData || Buffer.alloc(0);

    if (staticNoiseKey) {
      const publicKey = x25519.publicKeyCreate(staticNoiseKey); // TODO: verify this
      this.staticKeys = {
        privateKey: staticNoiseKey,
        publicKey,
      }
    } else {
      this.staticKeys = generateKeypair();
    }
  }

  /**
   * Encrypt outgoing data to the remote party (handshake as initiator)
   * @param {PeerId} localPeer - PeerId of the receiving peer
   * @param connection - streaming iterable duplex that will be encrypted
   * @param {PeerId} remotePeer - PeerId of the remote peer. Used to validate the integrity of the remote peer.
   * @returns {Promise<SecureOutbound>}
   */
  public async secureOutbound(localPeer: PeerId, connection: any, remotePeer: PeerId): Promise<SecureOutbound> {
    const wrappedConnection = Wrap(connection);
    const libp2pPublicKey = localPeer.marshalPubKey();
    const handshake = await this.performXXHandshake(wrappedConnection, true, libp2pPublicKey, remotePeer);
    const conn = await this.createSecureConnection(wrappedConnection, handshake);

    return {
      conn,
      remotePeer,
    }
  }

  /**
   * Decrypt incoming data (handshake as responder).
   * @param {PeerId} localPeer - PeerId of the receiving peer.
   * @param connection - streaming iterable duplex that will be encryption.
   * @param {PeerId} remotePeer - optional PeerId of the initiating peer, if known. This may only exist during transport upgrades.
   * @returns {Promise<SecureOutbound>}
   */
  public async secureInbound(localPeer: PeerId, connection: any, remotePeer: PeerId): Promise<SecureOutbound> {
    const wrappedConnection = Wrap(connection);
    const libp2pPublicKey = localPeer.marshalPubKey();
    const handshake = await this.performXXHandshake(wrappedConnection, false, libp2pPublicKey, remotePeer);
    const conn = await this.createSecureConnection(wrappedConnection, handshake);

    return {
      conn,
      remotePeer,
    };
  }

  private async performXXHandshake(
    connection: WrappedConnection,
    isInitiator: boolean,
    libp2pPublicKey: bytes,
    remotePeer: PeerId,
  ): Promise<Handshake> {
    const prologue = Buffer.from(this.protocol);
    const handshake = new Handshake(isInitiator, this.privateKey, libp2pPublicKey, prologue, this.staticKeys, connection, remotePeer);

    try {
      await handshake.propose();
      await handshake.exchange();
      await handshake.finish(this.earlyData);
    } catch (e) {
      throw new Error(`Error occurred during handshake: ${e.message}`);
    }

    return handshake;
  }

  private async createSecureConnection(
    connection: WrappedConnection,
    handshake: Handshake,
  ): Promise<Duplex> {
    // Create encryption box/unbox wrapper
    const [secure, user] = DuplexPair();
    const network = connection.unwrap();

    pipe(
      secure, // write to wrapper
      ensureBuffer, // ensure any type of data is converted to buffer
      encryptStream(handshake), // data is encrypted
      lp.encode({ lengthEncoder: uint16BEEncode }), // prefix with message length
      network, // send to the remote peer
      lp.decode({ lengthDecoder: uint16BEDecode }), // read message length prefix
      ensureBuffer, // ensure any type of data is converted to buffer
      decryptStream(handshake), // decrypt the incoming data
      secure // pipe to the wrapper
    );

    return user;
  }


}
Expose noise class 2019-11-11 15:39:09 +01:00			`import { x25519 } from 'bcrypto';`
Create interface according to spec 2019-11-11 21:58:04 +01:00			`import { Buffer } from "buffer";`
Wrap connection 2019-11-20 15:21:53 +01:00			`import Wrap from 'it-pb-rpc';`
Create secure connection 2019-11-25 13:27:55 +01:00			`import DuplexPair from 'it-pair/duplex';`
			`import ensureBuffer from 'it-buffer';`
			`import pipe from 'it-pipe';`
			`import lp from 'it-length-prefixed';`
Create skeleton 2019-11-08 14:03:34 +01:00
Create handshake handler files 2020-01-03 14:53:14 +01:00			`import { Handshake } from "./handshake-xx";`
Split encoder functions from utils 2019-12-03 15:15:46 +01:00			`import { generateKeypair } from "./utils";`
Address PR comments 2019-12-29 18:23:43 +01:00			`import { uint16BEDecode, uint16BEEncode } from "./encoder";`
Write encryption generators 2019-11-25 13:09:40 +01:00			`import { decryptStream, encryptStream } from "./crypto";`
Wrap connection 2019-11-20 15:21:53 +01:00			`import { bytes } from "./@types/basic";`
			`import { NoiseConnection, PeerId, KeyPair, SecureOutbound } from "./@types/libp2p";`
			`import { Duplex } from "./@types/it-pair";`
Create interface according to spec 2019-11-11 21:58:04 +01:00
Write handshake test 2019-11-22 12:52:59 +01:00			`export type WrappedConnection = ReturnType<typeof Wrap>;`
Fix tslint 2019-11-21 14:43:12 +01:00
Create interface according to spec 2019-11-11 21:58:04 +01:00			`export class Noise implements NoiseConnection {`
Address PR comments 2019-11-20 13:23:36 +01:00			`public protocol = "/noise";`

Expose noise class 2019-11-11 15:39:09 +01:00			`private readonly privateKey: bytes;`
Fix tslint 2019-11-21 14:43:12 +01:00			`private readonly staticKeys: KeyPair;`
			`private readonly earlyData?: bytes;`
Expose noise class 2019-11-11 15:39:09 +01:00
Create skeleton 2019-11-08 14:03:34 +01:00			`constructor(privateKey: bytes, staticNoiseKey?: bytes, earlyData?: bytes) {`
Expose noise class 2019-11-11 15:39:09 +01:00			`this.privateKey = privateKey;`
Create test and prepare identity keys 2019-11-26 10:52:30 +01:00			`this.earlyData = earlyData \|\| Buffer.alloc(0);`
Create skeleton 2019-11-08 14:03:34 +01:00
Expose noise class 2019-11-11 15:39:09 +01:00			`if (staticNoiseKey) {`
Update handling keys, refactoring 2019-11-28 17:32:46 +01:00			`const publicKey = x25519.publicKeyCreate(staticNoiseKey); // TODO: verify this`
Expose noise class 2019-11-11 15:39:09 +01:00			`this.staticKeys = {`
			`privateKey: staticNoiseKey,`
			`publicKey,`
			`}`
Add types and encryption methods 2019-11-12 14:02:59 +01:00			`} else {`
Fix tslint 2019-11-21 14:43:12 +01:00			`this.staticKeys = generateKeypair();`
Expose noise class 2019-11-11 15:39:09 +01:00			`}`
Create skeleton 2019-11-08 14:03:34 +01:00			`}`

Address PR comments 2019-11-20 13:23:36 +01:00			`/**`
			`* Encrypt outgoing data to the remote party (handshake as initiator)`
			`* @param {PeerId} localPeer - PeerId of the receiving peer`
			`* @param connection - streaming iterable duplex that will be encrypted`
			`* @param {PeerId} remotePeer - PeerId of the remote peer. Used to validate the integrity of the remote peer.`
			`* @returns {Promise<SecureOutbound>}`
			`*/`
Fix eslint 2019-11-28 17:53:27 +01:00			`public async secureOutbound(localPeer: PeerId, connection: any, remotePeer: PeerId): Promise<SecureOutbound> {`
Wrap connection 2019-11-20 15:21:53 +01:00			`const wrappedConnection = Wrap(connection);`
Verify peer id 2019-12-03 13:39:33 +01:00			`const libp2pPublicKey = localPeer.marshalPubKey();`
Create handshake handler files 2020-01-03 14:53:14 +01:00			`const handshake = await this.performXXHandshake(wrappedConnection, true, libp2pPublicKey, remotePeer);`
Update handling keys, refactoring 2019-11-28 17:32:46 +01:00			`const conn = await this.createSecureConnection(wrappedConnection, handshake);`
Create interface according to spec 2019-11-11 21:58:04 +01:00
Address PR comments 2019-11-20 13:23:36 +01:00			`return {`
Fix reading peer id 2019-11-25 14:03:23 +01:00			`conn,`
Address PR comments 2019-11-20 13:23:36 +01:00			`remotePeer,`
Create interface according to spec 2019-11-11 21:58:04 +01:00			`}`
			`}`

Address PR comments 2019-11-20 13:23:36 +01:00			`/**`
			`* Decrypt incoming data (handshake as responder).`
			`* @param {PeerId} localPeer - PeerId of the receiving peer.`
			`* @param connection - streaming iterable duplex that will be encryption.`
			`* @param {PeerId} remotePeer - optional PeerId of the initiating peer, if known. This may only exist during transport upgrades.`
			`* @returns {Promise<SecureOutbound>}`
			`*/`
Fix eslint 2019-11-28 17:53:27 +01:00			`public async secureInbound(localPeer: PeerId, connection: any, remotePeer: PeerId): Promise<SecureOutbound> {`
Fix reading peer id 2019-11-25 14:03:23 +01:00			`const wrappedConnection = Wrap(connection);`
Verify peer id 2019-12-03 13:39:33 +01:00			`const libp2pPublicKey = localPeer.marshalPubKey();`
Create handshake handler files 2020-01-03 14:53:14 +01:00			`const handshake = await this.performXXHandshake(wrappedConnection, false, libp2pPublicKey, remotePeer);`
Update handling keys, refactoring 2019-11-28 17:32:46 +01:00			`const conn = await this.createSecureConnection(wrappedConnection, handshake);`
Fix reading peer id 2019-11-25 14:03:23 +01:00
Fix tslint 2019-11-21 14:43:12 +01:00			`return {`
Fix reading peer id 2019-11-25 14:03:23 +01:00			`conn,`
			`remotePeer,`
			`};`
Create interface according to spec 2019-11-11 21:58:04 +01:00			`}`

Create handshake handler files 2020-01-03 14:53:14 +01:00			`private async performXXHandshake(`
Fix tslint 2019-11-21 14:43:12 +01:00			`connection: WrappedConnection,`
Create interface according to spec 2019-11-11 21:58:04 +01:00			`isInitiator: boolean,`
Update handling keys, refactoring 2019-11-28 17:32:46 +01:00			`libp2pPublicKey: bytes,`
Verify payload in stage 1 2019-12-02 13:18:31 +01:00			`remotePeer: PeerId,`
Update handling keys, refactoring 2019-11-28 17:32:46 +01:00			`): Promise<Handshake> {`
Address PR comments 2019-11-20 13:23:36 +01:00			`const prologue = Buffer.from(this.protocol);`
Verify peer id 2019-12-03 13:39:33 +01:00			`const handshake = new Handshake(isInitiator, this.privateKey, libp2pPublicKey, prologue, this.staticKeys, connection, remotePeer);`
Written handshake exchange 2019-11-21 13:38:39 +01:00
Update timing of initiator payloading sending to verify that payload 2019-12-02 15:24:49 +01:00			`try {`
			`await handshake.propose();`
			`await handshake.exchange();`
			`await handshake.finish(this.earlyData);`
			`} catch (e) {`
			throw new Error(`Error occurred during handshake: ${e.message}`);
			`}`
Update handling keys, refactoring 2019-11-28 17:32:46 +01:00
			`return handshake;`
			`}`
Create interface according to spec 2019-11-11 21:58:04 +01:00
Update handling keys, refactoring 2019-11-28 17:32:46 +01:00			`private async createSecureConnection(`
			`connection: WrappedConnection,`
			`handshake: Handshake,`
Fix eslint 2019-11-28 17:53:27 +01:00			`): Promise<Duplex> {`
Write encryption generators 2019-11-25 13:09:40 +01:00			`// Create encryption box/unbox wrapper`
Create secure connection 2019-11-25 13:27:55 +01:00			`const [secure, user] = DuplexPair();`
			`const network = connection.unwrap();`

			`pipe(`
			`secure, // write to wrapper`
			`ensureBuffer, // ensure any type of data is converted to buffer`
Remove unused 2019-11-29 16:23:24 +01:00			`encryptStream(handshake), // data is encrypted`
Address PR comments 2019-12-29 18:23:43 +01:00			`lp.encode({ lengthEncoder: uint16BEEncode }), // prefix with message length`
Create secure connection 2019-11-25 13:27:55 +01:00			`network, // send to the remote peer`
Address PR comments 2019-12-29 18:23:43 +01:00			`lp.decode({ lengthDecoder: uint16BEDecode }), // read message length prefix`
Create secure connection 2019-11-25 13:27:55 +01:00			`ensureBuffer, // ensure any type of data is converted to buffer`
Remove unused 2019-11-29 16:23:24 +01:00			`decryptStream(handshake), // decrypt the incoming data`
Create secure connection 2019-11-25 13:27:55 +01:00			`secure // pipe to the wrapper`
			`);`

			`return user;`
Create skeleton 2019-11-08 14:03:34 +01:00			`}`

Create interface according to spec 2019-11-11 21:58:04 +01:00
Create skeleton 2019-11-08 14:03:34 +01:00			`}`