@decentnetwork/peer 0.1.0

package/dist/compat/tox-dht-crypto.js

@@ -0,0 +1,69 @@
+import nacl from "tweetnacl";
+import { concatBytes, randomBytes } from "../utils/bytes.js";
+export const NET_PACKET_CRYPTO = 0x20;
+export const CRYPTO_PACKET_FRIEND_REQ = 32;
+export const CRYPTO_PACKET_DHTPK = 156;
+export const CRYPTO_PACKET_NAT_PING = 254;
+const PUBLIC_KEY_SIZE = 32;
+const NONCE_SIZE = 24;
+const MAC_SIZE = 16;
+const MAX_CRYPTO_REQUEST_SIZE = 1024;
+export function createToxDhtCryptoRequest(opts) {
+    if (opts.receiverPublicKey.length !== PUBLIC_KEY_SIZE) {
+        throw new Error(`receiver public key must be ${PUBLIC_KEY_SIZE} bytes`);
+    }
+    if (!Number.isInteger(opts.requestId) || opts.requestId < 0 || opts.requestId > 0xff) {
+        throw new Error("tox DHT crypto request id must be a uint8");
+    }
+    if (opts.data.length + 1 + MAC_SIZE > MAX_CRYPTO_REQUEST_SIZE) {
+        throw new Error("tox DHT crypto request data is too large");
+    }
+    const nonce = randomBytes(NONCE_SIZE);
+    const plain = concatBytes([Uint8Array.of(opts.requestId), opts.data]);
+    const encrypted = nacl.box(plain, nonce, opts.receiverPublicKey, opts.sender.secretKey);
+    return concatBytes([
+        Uint8Array.of(NET_PACKET_CRYPTO),
+        opts.receiverPublicKey,
+        opts.sender.publicKey,
+        nonce,
+        encrypted
+    ]);
+}
+export function openToxDhtCryptoRequest(packet, self) {
+    if (packet.length <= 1 + PUBLIC_KEY_SIZE * 2 + NONCE_SIZE + MAC_SIZE) {
+        return undefined;
+    }
+    if (packet.length > MAX_CRYPTO_REQUEST_SIZE + MAC_SIZE) {
+        return undefined;
+    }
+    if (packet[0] !== NET_PACKET_CRYPTO) {
+        return undefined;
+    }
+    const receiverPublicKey = packet.slice(1, 1 + PUBLIC_KEY_SIZE);
+    if (!bytesEqual(receiverPublicKey, self.publicKey)) {
+        return undefined;
+    }
+    const senderPublicKey = packet.slice(1 + PUBLIC_KEY_SIZE, 1 + PUBLIC_KEY_SIZE * 2);
+    const nonce = packet.slice(1 + PUBLIC_KEY_SIZE * 2, 1 + PUBLIC_KEY_SIZE * 2 + NONCE_SIZE);
+    const encrypted = packet.slice(1 + PUBLIC_KEY_SIZE * 2 + NONCE_SIZE);
+    const plain = nacl.box.open(encrypted, nonce, senderPublicKey, self.secretKey);
+    if (!plain || plain.length === 0) {
+        return undefined;
+    }
+    return {
+        receiverPublicKey,
+        senderPublicKey,
+        requestId: plain[0],
+        data: plain.slice(1)
+    };
+}
+function bytesEqual(a, b) {
+    if (a.length !== b.length) {
+        return false;
+    }
+    let diff = 0;
+    for (let i = 0; i < a.length; i++) {
+        diff |= a[i] ^ b[i];
+    }
+    return diff === 0;
+}

package/dist/compat/tox-onion.d.ts

@@ -0,0 +1,66 @@
+export declare const NET_PACKET_ONION_ANNOUNCE_REQUEST = 131;
+export declare const NET_PACKET_ONION_ANNOUNCE_RESPONSE = 132;
+export declare const NET_PACKET_ONION_DATA_REQUEST = 133;
+export declare const NET_PACKET_ONION_DATA_RESPONSE = 134;
+export declare const ONION_FRIEND_REQUEST_ID = 32;
+export declare const NET_PACKET_ONION_REQUEST_0 = 128;
+export type OnionAnnounceResponse = {
+    sendBack: Uint8Array;
+    isStored: number;
+    pingOrDataPublicKey: Uint8Array;
+    nodes: Uint8Array;
+};
+export declare function createOnionAnnounceRequest(opts: {
+    senderPublicKey: Uint8Array;
+    senderSecretKey: Uint8Array;
+    nodePublicKey: Uint8Array;
+    pingId: Uint8Array;
+    searchPublicKey: Uint8Array;
+    dataPublicKey: Uint8Array;
+    sendBack: Uint8Array;
+}): Uint8Array;
+export declare function openOnionAnnounceResponse(packet: Uint8Array, opts: {
+    requesterSecretKey: Uint8Array;
+    nodePublicKey: Uint8Array;
+}): OnionAnnounceResponse | undefined;
+export declare function createOnionDataRequest(opts: {
+    destinationPublicKey: Uint8Array;
+    routePublicKey: Uint8Array;
+    nonce: Uint8Array;
+    onionDataPacket: Uint8Array;
+}): Uint8Array;
+export declare function createOnionDataPacket(opts: {
+    senderPublicKey: Uint8Array;
+    senderSecretKey: Uint8Array;
+    receiverPublicKey: Uint8Array;
+    nonce: Uint8Array;
+    innerPacketId: number;
+    innerPayload: Uint8Array;
+}): Uint8Array;
+export declare function createOnionRequest0(opts: {
+    nodeAPublicKey: Uint8Array;
+    nodeBHost: string;
+    nodeBPort: number;
+    nodeBPublicKey: Uint8Array;
+    nodeCHost: string;
+    nodeCPort: number;
+    nodeCPublicKey: Uint8Array;
+    nodeDHost: string;
+    nodeDPort: number;
+    payloadForNodeD: Uint8Array;
+}): Uint8Array;
+export declare function openOnionDataResponse(packet: Uint8Array, opts: {
+    dataSecretKey: Uint8Array;
+}): {
+    nonce: Uint8Array;
+    sourceTempPublicKey: Uint8Array;
+    payload: Uint8Array;
+} | undefined;
+export declare function openOnionDataPacket(payload: Uint8Array, opts: {
+    receiverSecretKey: Uint8Array;
+    nonce: Uint8Array;
+}): {
+    senderPublicKey: Uint8Array;
+    innerPacketId: number;
+    innerPayload: Uint8Array;
+} | undefined;

package/dist/compat/tox-onion.js

@@ -0,0 +1,172 @@
+import nacl from "tweetnacl";
+import { concatBytes, randomBytes } from "../utils/bytes.js";
+export const NET_PACKET_ONION_ANNOUNCE_REQUEST = 0x83;
+export const NET_PACKET_ONION_ANNOUNCE_RESPONSE = 0x84;
+export const NET_PACKET_ONION_DATA_REQUEST = 0x85;
+export const NET_PACKET_ONION_DATA_RESPONSE = 0x86;
+export const ONION_FRIEND_REQUEST_ID = 32;
+export const NET_PACKET_ONION_REQUEST_0 = 0x80;
+const KEY_SIZE = 32;
+const NONCE_SIZE = 24;
+const SEND_BACK_SIZE = 8;
+const PACKED_IP_PORT_SIZE = 19;
+export function createOnionAnnounceRequest(opts) {
+    ensureLen(opts.senderPublicKey, KEY_SIZE, "sender public key");
+    ensureLen(opts.senderSecretKey, KEY_SIZE, "sender secret key");
+    ensureLen(opts.nodePublicKey, KEY_SIZE, "node public key");
+    ensureLen(opts.pingId, KEY_SIZE, "ping id");
+    ensureLen(opts.searchPublicKey, KEY_SIZE, "search public key");
+    ensureLen(opts.dataPublicKey, KEY_SIZE, "data public key");
+    ensureLen(opts.sendBack, SEND_BACK_SIZE, "sendback");
+    const nonce = randomBytes(NONCE_SIZE);
+    const plain = concatBytes([
+        opts.pingId,
+        opts.searchPublicKey,
+        opts.dataPublicKey,
+        opts.sendBack
+    ]);
+    const encrypted = nacl.box(plain, nonce, opts.nodePublicKey, opts.senderSecretKey);
+    return concatBytes([
+        Uint8Array.of(NET_PACKET_ONION_ANNOUNCE_REQUEST),
+        nonce,
+        opts.senderPublicKey,
+        encrypted
+    ]);
+}
+export function openOnionAnnounceResponse(packet, opts) {
+    if (packet.length < 1 + SEND_BACK_SIZE + NONCE_SIZE + 1 + KEY_SIZE + 16) {
+        return undefined;
+    }
+    if (packet[0] !== NET_PACKET_ONION_ANNOUNCE_RESPONSE) {
+        return undefined;
+    }
+    const sendBack = packet.slice(1, 1 + SEND_BACK_SIZE);
+    const nonce = packet.slice(1 + SEND_BACK_SIZE, 1 + SEND_BACK_SIZE + NONCE_SIZE);
+    const encrypted = packet.slice(1 + SEND_BACK_SIZE + NONCE_SIZE);
+    const plain = nacl.box.open(encrypted, nonce, opts.nodePublicKey, opts.requesterSecretKey);
+    if (!plain || plain.length < 1 + KEY_SIZE) {
+        return undefined;
+    }
+    return {
+        sendBack,
+        isStored: plain[0],
+        pingOrDataPublicKey: plain.slice(1, 1 + KEY_SIZE),
+        nodes: plain.slice(1 + KEY_SIZE)
+    };
+}
+export function createOnionDataRequest(opts) {
+    ensureLen(opts.destinationPublicKey, KEY_SIZE, "destination public key");
+    ensureLen(opts.routePublicKey, KEY_SIZE, "route public key");
+    ensureLen(opts.nonce, NONCE_SIZE, "nonce");
+    if (opts.onionDataPacket.length === 0) {
+        throw new Error("onion data payload must not be empty");
+    }
+    const temp = nacl.box.keyPair();
+    const encrypted = nacl.box(opts.onionDataPacket, opts.nonce, opts.routePublicKey, temp.secretKey);
+    return concatBytes([
+        Uint8Array.of(NET_PACKET_ONION_DATA_REQUEST),
+        opts.destinationPublicKey,
+        opts.nonce,
+        temp.publicKey,
+        encrypted
+    ]);
+}
+export function createOnionDataPacket(opts) {
+    ensureLen(opts.senderPublicKey, KEY_SIZE, "sender public key");
+    ensureLen(opts.senderSecretKey, KEY_SIZE, "sender secret key");
+    ensureLen(opts.receiverPublicKey, KEY_SIZE, "receiver public key");
+    ensureLen(opts.nonce, NONCE_SIZE, "nonce");
+    if (!Number.isInteger(opts.innerPacketId) || opts.innerPacketId < 0 || opts.innerPacketId > 0xff) {
+        throw new Error("inner packet id must be uint8");
+    }
+    const plain = concatBytes([Uint8Array.of(opts.innerPacketId), opts.innerPayload]);
+    const encrypted = nacl.box(plain, opts.nonce, opts.receiverPublicKey, opts.senderSecretKey);
+    return concatBytes([opts.senderPublicKey, encrypted]);
+}
+export function createOnionRequest0(opts) {
+    ensureLen(opts.nodeAPublicKey, KEY_SIZE, "node A public key");
+    ensureLen(opts.nodeBPublicKey, KEY_SIZE, "node B public key");
+    ensureLen(opts.nodeCPublicKey, KEY_SIZE, "node C public key");
+    const nonce = randomBytes(NONCE_SIZE);
+    const dPart = concatBytes([packIpPort(opts.nodeDHost, opts.nodeDPort), opts.payloadForNodeD]);
+    const key2 = nacl.box.keyPair();
+    const cEncrypted = nacl.box(dPart, nonce, opts.nodeCPublicKey, key2.secretKey);
+    const cPart = concatBytes([
+        packIpPort(opts.nodeCHost, opts.nodeCPort),
+        key2.publicKey,
+        cEncrypted
+    ]);
+    const key1 = nacl.box.keyPair();
+    const bEncrypted = nacl.box(cPart, nonce, opts.nodeBPublicKey, key1.secretKey);
+    const bPart = concatBytes([
+        packIpPort(opts.nodeBHost, opts.nodeBPort),
+        key1.publicKey,
+        bEncrypted
+    ]);
+    const key0 = nacl.box.keyPair();
+    const aEncrypted = nacl.box(bPart, nonce, opts.nodeAPublicKey, key0.secretKey);
+    return concatBytes([
+        Uint8Array.of(NET_PACKET_ONION_REQUEST_0),
+        nonce,
+        key0.publicKey,
+        aEncrypted
+    ]);
+}
+export function openOnionDataResponse(packet, opts) {
+    if (packet.length < 1 + NONCE_SIZE + KEY_SIZE + 16) {
+        return undefined;
+    }
+    if (packet[0] !== NET_PACKET_ONION_DATA_RESPONSE) {
+        return undefined;
+    }
+    const nonce = packet.slice(1, 1 + NONCE_SIZE);
+    const sourceTempPublicKey = packet.slice(1 + NONCE_SIZE, 1 + NONCE_SIZE + KEY_SIZE);
+    const encrypted = packet.slice(1 + NONCE_SIZE + KEY_SIZE);
+    const plain = nacl.box.open(encrypted, nonce, sourceTempPublicKey, opts.dataSecretKey);
+    if (!plain || plain.length < KEY_SIZE + 16) {
+        return undefined;
+    }
+    return { nonce, sourceTempPublicKey, payload: plain };
+}
+export function openOnionDataPacket(payload, opts) {
+    if (payload.length < KEY_SIZE + 16 + 1) {
+        return undefined;
+    }
+    const senderPublicKey = payload.slice(0, KEY_SIZE);
+    const encrypted = payload.slice(KEY_SIZE);
+    const plain = nacl.box.open(encrypted, opts.nonce, senderPublicKey, opts.receiverSecretKey);
+    if (!plain || plain.length === 0) {
+        return undefined;
+    }
+    return {
+        senderPublicKey,
+        innerPacketId: plain[0],
+        innerPayload: plain.slice(1)
+    };
+}
+function ensureLen(bytes, len, name) {
+    if (bytes.length !== len) {
+        throw new Error(`${name} must be ${len} bytes`);
+    }
+}
+function packIpPort(host, port) {
+    if (!Number.isInteger(port) || port < 1 || port > 65535) {
+        throw new Error("invalid port");
+    }
+    const out = new Uint8Array(PACKED_IP_PORT_SIZE);
+    const ipv4 = host.split(".");
+    if (ipv4.length !== 4) {
+        throw new Error("only IPv4 onion path packing is currently supported");
+    }
+    out[0] = 2;
+    for (let i = 0; i < 4; i++) {
+        const n = Number.parseInt(ipv4[i] ?? "", 10);
+        if (!Number.isInteger(n) || n < 0 || n > 255) {
+            throw new Error("invalid IPv4 host");
+        }
+        out[1 + i] = n;
+    }
+    out[17] = (port >>> 8) & 0xff;
+    out[18] = port & 0xff;
+    return out;
+}

package/dist/crypto/box.d.ts

@@ -0,0 +1 @@
+export declare function sealBox(_payload: Uint8Array): Promise<never>;

package/dist/crypto/box.js

@@ -0,0 +1,3 @@
+export async function sealBox(_payload) {
+    throw new Error("Legacy-compatible box encryption is not implemented yet");
+}

package/dist/crypto/keypair.d.ts

@@ -0,0 +1,5 @@
+export type KeyPair = {
+    publicKey: Uint8Array;
+    secretKey: Uint8Array;
+};
+export declare function loadOrCreateKeyPair(path: string): Promise<KeyPair>;

package/dist/crypto/keypair.js

@@ -0,0 +1,37 @@
+import { mkdir, readFile, writeFile } from "node:fs/promises";
+import { dirname } from "node:path";
+import nacl from "tweetnacl";
+import { bytesToHex, hexToBytes } from "../utils/bytes.js";
+export async function loadOrCreateKeyPair(path) {
+    try {
+        const parsed = JSON.parse(await readFile(path, "utf8"));
+        if (parsed.format !== "decent-peer-tox-keypair-v1") {
+            throw new Error(`unsupported key file format: ${parsed.format}`);
+        }
+        const publicKey = hexToBytes(parsed.publicKey);
+        const secretKey = hexToBytes(parsed.secretKey);
+        if (publicKey.length !== nacl.box.publicKeyLength || secretKey.length !== nacl.box.secretKeyLength) {
+            throw new Error("invalid key file key length");
+        }
+        return { publicKey, secretKey };
+    }
+    catch (error) {
+        const nodeError = error;
+        if (nodeError.code && nodeError.code !== "ENOENT") {
+            throw error;
+        }
+    }
+    const generated = nacl.box.keyPair();
+    const keyPair = {
+        publicKey: generated.publicKey,
+        secretKey: generated.secretKey
+    };
+    await mkdir(dirname(path), { recursive: true });
+    const stored = {
+        format: "decent-peer-tox-keypair-v1",
+        publicKey: bytesToHex(keyPair.publicKey),
+        secretKey: bytesToHex(keyPair.secretKey)
+    };
+    await writeFile(path, `${JSON.stringify(stored, null, 2)}\n`);
+    return keyPair;
+}

package/dist/crypto/nonce.d.ts

@@ -0,0 +1 @@
+export type Nonce = Uint8Array;

package/dist/crypto/nonce.js

@@ -0,0 +1 @@
+export {};

package/dist/crypto/sign.d.ts

@@ -0,0 +1 @@
+export declare function signDetached(_payload: Uint8Array): Promise<never>;

package/dist/crypto/sign.js

@@ -0,0 +1,3 @@
+export async function signDetached(_payload) {
+    throw new Error("Legacy-compatible signing is not implemented yet");
+}

package/dist/index.d.ts

@@ -0,0 +1,10 @@
+export { Peer } from "./peer.js";
+export { CARRIER_ADDRESS_SIZE, CARRIER_PUBLIC_KEY_SIZE, carrierAddressFromPublicKey, carrierIdFromAddress, carrierIdFromPublicKey, parseCarrierAddress } from "./compat/address.js";
+export { PACKET_TYPE_FRIEND_REQUEST, PACKET_TYPE_MESSAGE, decodeCarrierPacket, encodeFriendMessagePacket, encodeFriendRequestPacket } from "./compat/packet.js";
+export { CRYPTO_PACKET_DHTPK, CRYPTO_PACKET_FRIEND_REQ, CRYPTO_PACKET_NAT_PING, NET_PACKET_CRYPTO, createToxDhtCryptoRequest, openToxDhtCryptoRequest } from "./compat/tox-dht-crypto.js";
+export { NET_PACKET_ONION_ANNOUNCE_REQUEST, NET_PACKET_ONION_ANNOUNCE_RESPONSE, NET_PACKET_ONION_DATA_REQUEST, NET_PACKET_ONION_DATA_RESPONSE, ONION_FRIEND_REQUEST_ID } from "./compat/tox-onion.js";
+export { LegacyProtocolNotImplementedError } from "./runtime/errors.js";
+export type { CarrierPacket, FriendMessagePacket, FriendRequestPacket } from "./compat/packet.js";
+export type { ToxDhtCryptoRequest } from "./compat/tox-dht-crypto.js";
+export type { CarrierAddressParts } from "./compat/address.js";
+export type { CompatibilityMode, FriendConnectionEvent, FriendConnectionStatus, FriendInfoEvent, FriendRequest, LookupResult, NetworkNode, PeerOptions, TextMessage } from "./types/peer.js";

package/dist/index.js

@@ -0,0 +1,6 @@
+export { Peer } from "./peer.js";
+export { CARRIER_ADDRESS_SIZE, CARRIER_PUBLIC_KEY_SIZE, carrierAddressFromPublicKey, carrierIdFromAddress, carrierIdFromPublicKey, parseCarrierAddress } from "./compat/address.js";
+export { PACKET_TYPE_FRIEND_REQUEST, PACKET_TYPE_MESSAGE, decodeCarrierPacket, encodeFriendMessagePacket, encodeFriendRequestPacket } from "./compat/packet.js";
+export { CRYPTO_PACKET_DHTPK, CRYPTO_PACKET_FRIEND_REQ, CRYPTO_PACKET_NAT_PING, NET_PACKET_CRYPTO, createToxDhtCryptoRequest, openToxDhtCryptoRequest } from "./compat/tox-dht-crypto.js";
+export { NET_PACKET_ONION_ANNOUNCE_REQUEST, NET_PACKET_ONION_ANNOUNCE_RESPONSE, NET_PACKET_ONION_DATA_REQUEST, NET_PACKET_ONION_DATA_RESPONSE, ONION_FRIEND_REQUEST_ID } from "./compat/tox-onion.js";
+export { LegacyProtocolNotImplementedError } from "./runtime/errors.js";

package/dist/peer.d.ts

@@ -0,0 +1,45 @@
+import { type BootstrapResult } from "./compat/bootstrap.js";
+import type { FriendRecord } from "./store/friends.js";
+import type { FriendConnectionEvent, FriendRequest, FriendInfoEvent, LookupResult, NetworkNode, PeerOptions, TextMessage } from "./types/peer.js";
+export declare class Peer {
+    #private;
+    private constructor();
+    static create(opts: PeerOptions): Promise<Peer>;
+    start(): Promise<void>;
+    stop(): Promise<void>;
+    pubkey(): string;
+    userid(): string;
+    address(): string;
+    joinNetwork(): Promise<BootstrapResult>;
+    lookup(pubkey: string): Promise<LookupResult>;
+    announceSelf(timeoutMs?: number): Promise<NetworkNode[]>;
+    addKnownNodes(nodes: NetworkNode[]): void;
+    knownNodes(): NetworkNode[];
+    sendFriendRequest(pubkey: string, hello?: string): Promise<void>;
+    lastFriendRequestDispatch(): {
+        transport: "onion" | "direct";
+        routes: number;
+        targets: number;
+    } | undefined;
+    acceptFriendRequest(pubkey: string): Promise<void>;
+    rejectFriendRequest(pubkey: string): void;
+    /**
+     * Drop a friend entirely: tear down any active net_crypto session, forget
+     * their cached endpoint, clear retry/backoff bookkeeping, and persist the
+     * shrunk friend list to disk. Use this to remove stale persisted entries
+     * (e.g. an old simulator pubkey) that are still hogging the friend
+     * connection loop with cookie requests no peer is going to answer.
+     *
+     * `pubkey` accepts either the friend's userid (base58 of the real public
+     * key) or full Carrier address — both resolve to the same friendId.
+     */
+    removeFriend(pubkey: string): boolean;
+    sendText(pubkey: string, text: string): Promise<void>;
+    waitForFriendConnected(pubkey: string, timeoutMs?: number): Promise<boolean>;
+    onFriendRequest(cb: (req: FriendRequest) => void): void;
+    onText(cb: (msg: TextMessage) => void): void;
+    onFriendConnection(cb: (ev: FriendConnectionEvent) => void): void;
+    onFriendInfo(cb: (ev: FriendInfoEvent) => void): void;
+    friends(): FriendRecord[];
+    waitForFriendRequest(timeoutMs?: number): Promise<FriendRequest>;
+}