refactor: crypto and pnet (#469)

* feat: add initial plaintext 2 module * refactor: initial refactor of pnet * chore: fix lint * fix: update plaintext api usage * test: use plaintext for test crypto * chore: update deps test: update dialer suite scope * feat: add connection protection to the upgrader * refactor: cleanup and lint fix * chore: remove unncessary transforms * chore: temporarily disable bundlesize * chore: add missing dep * fix: use it-handshake to prevent overreading * chore(fix): PR feedback updates * chore: apply suggestions from code review Co-Authored-By: Vasco Santos <vasco.santos@moxy.studio>
2025-06-20 04:26:31 +00:00 · 2019-11-04 14:05:58 +01:00
parent 5e1dbc21a2
commit fe2a8eddbb
19 changed files with 577 additions and 309 deletions
--- a/src/pnet/index.js
+++ b/src/pnet/index.js
@ -1,12 +1,17 @@
 'use strict'

-const pull = require('pull-stream')
-const { Connection } = require('libp2p-interfaces/src/connection')
+const pipe = require('it-pipe')
 const assert = require('assert')
-
+const duplexPair = require('it-pair/duplex')
+const crypto = require('libp2p-crypto')
 const Errors = require('./errors')
-const State = require('./state')
-const decodeV1PSK = require('./crypto').decodeV1PSK
+const {
+  createBoxStream,
+  createUnboxStream,
+  decodeV1PSK
+} = require('./crypto')
+const handshake = require('it-handshake')
+const { NONCE_LENGTH } = require('./key-generator')
 const debug = require('debug')
 const log = debug('libp2p:pnet')
 log.err = debug('libp2p:pnet:err')
@ -27,41 +32,41 @@ class Protector {
  }

  /**
-   * Takes a given Connection and creates a privaste encryption stream
+   * Takes a given Connection and creates a private encryption stream
   * between its two peers from the PSK the Protector instance was
   * created with.
   *
   * @param {Connection} connection The connection to protect
-   * @param {function(Error)} callback
-   * @returns {Connection} The protected connection
+   * @returns {*} A protected duplex iterable
   */
-  protect (connection, callback) {
+  async protect (connection) {
    assert(connection, Errors.NO_HANDSHAKE_CONNECTION)

-    const protectedConnection = new Connection(undefined, connection)
-    const state = new State(this.psk)
-
+    // Exchange nonces
    log('protecting the connection')
+    const localNonce = crypto.randomBytes(NONCE_LENGTH)

-    // Run the connection through an encryptor
-    pull(
-      connection,
-      state.encrypt((err, encryptedOuterStream) => {
-        if (err) {
-          log.err('There was an error attempting to protect the connection', err)
-          return callback(err)
-        }
+    const shake = handshake(connection)
+    shake.write(localNonce)

-        connection.getPeerInfo(() => {
-          protectedConnection.setInnerConn(new Connection(encryptedOuterStream, connection))
-          log('the connection has been successfully wrapped by the protector')
-          callback()
-        })
-      }),
-      connection
+    const result = await shake.reader.next(NONCE_LENGTH)
+    const remoteNonce = result.value.slice()
+    shake.rest()
+
+    // Create the boxing/unboxing pipe
+    log('exchanged nonces')
+    const [internal, external] = duplexPair()
+    pipe(
+      external,
+      // Encrypt all outbound traffic
+      createBoxStream(localNonce, this.psk),
+      shake.stream,
+      // Decrypt all inbound traffic
+      createUnboxStream(remoteNonce, this.psk),
+      external
    )

-    return protectedConnection
+    return internal
  }
 }