fluencelabs/js-libp2p-noise
1
0
Fork 0
mirror of https://github.com/fluencelabs/js-libp2p-noise synced 2025-04-25 16:32:27 +00:00
Code Issues Projects Releases Wiki Activity
js-libp2p-noise/src/noise.ts
morrigan e0806499ff Verify peer id
2019-12-03 13:39:33 +01:00

123 lines
4.3 KiB
TypeScript
Raw Blame History

import { x25519 } from 'bcrypto';
import { Buffer } from "buffer";
import Wrap from 'it-pb-rpc';
import DuplexPair from 'it-pair/duplex';
import ensureBuffer from 'it-buffer';
import pipe from 'it-pipe';
import lp from 'it-length-prefixed';
import { Handshake } from "./handshake";
import { generateKeypair, int16BEDecode, int16BEEncode } from "./utils";
import { decryptStream, encryptStream } from "./crypto";
import { bytes } from "./@types/basic";
import { NoiseConnection, PeerId, KeyPair, SecureOutbound } from "./@types/libp2p";
import { Duplex } from "./@types/it-pair";
export type WrappedConnection = ReturnType<typeof Wrap>;
export class Noise implements NoiseConnection {
public protocol = "/noise";
private readonly privateKey: bytes;
private readonly staticKeys: KeyPair;
private readonly earlyData?: bytes;
constructor(privateKey: bytes, staticNoiseKey?: bytes, earlyData?: bytes) {
this.privateKey = privateKey;
this.earlyData = earlyData || Buffer.alloc(0);
if (staticNoiseKey) {
const publicKey = x25519.publicKeyCreate(staticNoiseKey); // TODO: verify this
this.staticKeys = {
privateKey: staticNoiseKey,
publicKey,
}
} else {
this.staticKeys = generateKeypair();
}
}
/**
* Encrypt outgoing data to the remote party (handshake as initiator)
* @param {PeerId} localPeer - PeerId of the receiving peer
* @param connection - streaming iterable duplex that will be encrypted
* @param {PeerId} remotePeer - PeerId of the remote peer. Used to validate the integrity of the remote peer.
* @returns {Promise<SecureOutbound>}
*/
public async secureOutbound(localPeer: PeerId, connection: any, remotePeer: PeerId): Promise<SecureOutbound> {
const wrappedConnection = Wrap(connection);
const libp2pPublicKey = localPeer.marshalPubKey();
const handshake = await this.performHandshake(wrappedConnection, true, libp2pPublicKey, remotePeer);
const conn = await this.createSecureConnection(wrappedConnection, handshake);
return {
conn,
remotePeer,
}
}
/**
* Decrypt incoming data (handshake as responder).
* @param {PeerId} localPeer - PeerId of the receiving peer.
* @param connection - streaming iterable duplex that will be encryption.
* @param {PeerId} remotePeer - optional PeerId of the initiating peer, if known. This may only exist during transport upgrades.
* @returns {Promise<SecureOutbound>}
*/
public async secureInbound(localPeer: PeerId, connection: any, remotePeer: PeerId): Promise<SecureOutbound> {
const wrappedConnection = Wrap(connection);
const libp2pPublicKey = localPeer.marshalPubKey();
const handshake = await this.performHandshake(wrappedConnection, false, libp2pPublicKey, remotePeer);
const conn = await this.createSecureConnection(wrappedConnection, handshake);
return {
conn,
remotePeer,
};
}
private async performHandshake(
connection: WrappedConnection,
isInitiator: boolean,
libp2pPublicKey: bytes,
remotePeer: PeerId,
): Promise<Handshake> {
const prologue = Buffer.from(this.protocol);
const handshake = new Handshake(isInitiator, this.privateKey, libp2pPublicKey, prologue, this.staticKeys, connection, remotePeer);
try {
await handshake.propose();
await handshake.exchange();
await handshake.finish(this.earlyData);
} catch (e) {
throw new Error(`Error occurred during handshake: ${e.message}`);
}
return handshake;
}
private async createSecureConnection(
connection: WrappedConnection,
handshake: Handshake,
): Promise<Duplex> {
// Create encryption box/unbox wrapper
const [secure, user] = DuplexPair();
const network = connection.unwrap();
pipe(
secure, // write to wrapper
ensureBuffer, // ensure any type of data is converted to buffer
encryptStream(handshake), // data is encrypted
lp.encode({ lengthEncoder: int16BEEncode }), // prefix with message length
network, // send to the remote peer
lp.decode({ lengthDecoder: int16BEDecode }), // read message length prefix
ensureBuffer, // ensure any type of data is converted to buffer
decryptStream(handshake), // decrypt the incoming data
secure // pipe to the wrapper
);
return user;
}
}
Reference in New Issue View Git Blame Copy Permalink