npm - @hive-p2p/browser - Versions diffs - 1.0.69 → 1.0.71 - Mend

@hive-p2p/browser 1.0.69 → 1.0.71

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/core/config.mjs CHANGED Viewed

@@ -158,6 +158,10 @@ export const UNICAST = { // MARKERS RANGE: 0-127
 		'2': 'signal_answer',
 		signal_offer: 3,
 		'3': 'signal_offer',
+		privacy: 4,
+		'4': 'privacy',
+		private_message: 5,
+		'5': 'private_message',
 	},
 }

package/core/crypto-codex.mjs CHANGED Viewed

@@ -3,7 +3,8 @@ import { SIMULATION, NODE, IDENTITY, GOSSIP, UNICAST, LOG_CSS } from './config.m
 import { GossipMessage } from './gossip.mjs';
 import { DirectMessage, ReroutedDirectMessage } from './unicast.mjs';
 import { Converter } from '../services/converter.mjs';
-import { ed25519, Argon2Unified } from '../services/cryptos.mjs'; // now exposed in full and browser builds
+import { ed25519, x25519, chacha20poly1305, randomBytes , Argon2Unified } from '../services/cryptos.mjs'; // now exposed in full and browser builds
+import { concatBytes } from '@noble/ciphers/utils.js';
 export class CryptoCodex {
 	argon2 = new Argon2Unified();
@@ -52,6 +53,7 @@ export class CryptoCodex {
 		const { bitsString } = await this.argon2.hash(publicKey, 'HiveP2P', IDENTITY.ARGON2_MEM) || {};
 		if (bitsString && bitsString.startsWith('0'.repeat(IDENTITY.DIFFICULTY))) return true;
 	}
+	/** @param {Uint8Array} publicKey */
 	#idFromPublicKey(publicKey) {
 		if (IDENTITY.ARE_IDS_HEX) return this.converter.bytesToHex(publicKey.slice(0, this.idLength), IDENTITY.ID_LENGTH);
 		return this.converter.bytesToString(publicKey.slice(0, IDENTITY.ID_LENGTH));
@@ -74,7 +76,32 @@ export class CryptoCodex {
 		if (this.verbose > 0) console.log(`%cFAILED to generate id after ${maxIterations} iterations. Try lowering the difficulty.`, LOG_CSS.CRYPTO_CODEX);
 	}
-	// MESSSAGE CREATION (SERIALIZATION AND SIGNATURE INCLUDED)
+	// PRIVACY
+	generateEphemeralX25519Keypair() {
+		const { secretKey, publicKey } = x25519.keygen();
+		return { myPub: publicKey, myPriv: secretKey };
+	}
+	computeX25519SharedSecret(secret, pub) {
+		return x25519.getSharedSecret(secret, pub);
+	}
+	/** @param {Uint8Array} data @param {Uint8Array} sharedSecret */
+	encryptData(data, sharedSecret) {
+		if (!sharedSecret) throw new Error('Cannot encrypt data without shared secret.');
+		const nonce = randomBytes(12);
+		const cipher = chacha20poly1305(sharedSecret, nonce);
+		const encrypted = cipher.encrypt(data);
+		return concatBytes(nonce, encrypted);
+	}
+	/** @param {Uint8Array} encryptedData @param {Uint8Array} sharedSecret */
+	decryptData(encryptedData, sharedSecret) {
+		if (!sharedSecret) throw new Error('Cannot decrypt data without shared secret.');
+		const nonce = encryptedData.slice(0, 12);
+		const cipher = chacha20poly1305(sharedSecret, nonce);
+		const decrypted = cipher.decrypt(encryptedData.slice(12));
+		return decrypted;
+	}
+	// MESSAGE CREATION (SERIALIZATION AND SIGNATURE INCLUDED)
 	/** @param {Uint8Array} bufferView @param {Uint8Array} privateKey @param {number} [signaturePosition] */
 	signBufferViewAndAppendSignature(bufferView, privateKey, signaturePosition = bufferView.length - IDENTITY.SIGNATURE_LENGTH) {
 		if (this.AVOID_CRYPTO) return;
@@ -107,8 +134,8 @@ export class CryptoCodex {
 		clone[serializedMessage.length - 1] = Math.max(0, hops - 1);
 		return clone;
 	}
-	/** @param {string} type @param {string | Uint8Array | Object} data @param {string[]} route @param {string[]} [neighbors] */
-	createUnicastMessage(type, data, route, neighbors = [], timestamp = CLOCK.time) {
+	/** @param {string} type @param {string | Uint8Array | Object} data @param {string[]} route @param {string[]} [neighbors] @param {Uint8Array} [encryptionKey] @param {number} [timestamp] */
+	createUnicastMessage(type, data, route, neighbors = [], encryptionKey, timestamp = CLOCK.time) {
 		const MARKER = UNICAST.MARKERS_BYTES[type];
 		if (MARKER === undefined) throw new Error(`Failed to create unicast message: unknown type '${type}'.`);
 		if (route.length < 2) throw new Error('Failed to create unicast message: route must have at least 2 nodes (next hop and target).');
@@ -116,15 +143,16 @@ export class CryptoCodex {
 		const neighborsBytes = this.#idsToBytes(neighbors);
 		const { dataCode, dataBytes } = this.#dataToBytes(data);
+		const dBytes = encryptionKey ? this.encryptData(dataBytes, encryptionKey) : dataBytes;
 		const routeBytes = this.#idsToBytes(route);
-		const totalBytes = 1 + 1 + 1 + 8 + 4 + 32 + neighborsBytes.length + 1 + routeBytes.length + dataBytes.length + IDENTITY.SIGNATURE_LENGTH;
+		const totalBytes = 1 + 1 + 1 + 8 + 4 + 32 + neighborsBytes.length + 1 + routeBytes.length + dBytes.length + IDENTITY.SIGNATURE_LENGTH;
 		const buffer = new ArrayBuffer(totalBytes);
 		const bufferView = new Uint8Array(buffer);
-		this.#setBufferHeader(bufferView, MARKER, dataCode, neighbors.length, timestamp, dataBytes, this.publicKey);
+		this.#setBufferHeader(bufferView, MARKER, dataCode, neighbors.length, timestamp, dBytes, this.publicKey);
-		const NDBL = neighborsBytes.length + dataBytes.length;
+		const NDBL = neighborsBytes.length + dBytes.length;
 		bufferView.set(neighborsBytes, 47); 					// X bytes for neighbors
-		bufferView.set(dataBytes, 47 + neighborsBytes.length); 	// X bytes for data
+		bufferView.set(dBytes, 47 + neighborsBytes.length); 	// X bytes for data
 		bufferView.set([route.length], 47 + NDBL);				// 1 byte for route length
 		bufferView.set(routeBytes, 47 + 1 + NDBL);				// X bytes for route
@@ -210,8 +238,8 @@ export class CryptoCodex {
 		} catch (error) { if (this.verbose > 1) console.warn(`Error deserializing ${topic || 'unknown'} gossip message:`, error.stack); }
 		return null;
 	}
-	/** @param {Uint8Array | ArrayBuffer} serialized @return {DirectMessage | ReroutedDirectMessage | null} */
-	readUnicastMessage(serialized) {
+	/** @param {Uint8Array | ArrayBuffer} serialized @param {import('./peer-store.mjs').PeerStore} peerStore @return {DirectMessage | ReroutedDirectMessage | null} */
+	readUnicastMessage(serialized, peerStore) {
 		if (this.verbose > 3) console.log(`%creadUnicastMessage ${serialized.byteLength} bytes`, LOG_CSS.CRYPTO_CODEX);
 		if (this.verbose > 4) console.log(`%c${serialized}`, LOG_CSS.CRYPTO_CODEX);
 		try { // 1, 1, 1, 8, 4, 32, X, 1, X, 64
@@ -220,12 +248,18 @@ export class CryptoCodex {
 			if (type === undefined) throw new Error(`Failed to deserialize unicast message: unknown marker byte ${d[0]}.`);
 			const NDBL = neighLength + dataLength;
 			const neighbors = this.#bytesToIds(serialized.slice(47, 47 + neighLength));
-			const deserializedData = this.#bytesToData(dataCode, serialized.slice(47 + neighLength, 47 + NDBL));
 			const routeLength = serialized[47 + NDBL];
 			const routeBytesLength = routeLength * this.idLength;
 			const signatureStart = 47 + NDBL + 1 + routeBytesLength;
 			const routeBytes = serialized.slice(47 + NDBL + 1, signatureStart);
 			const route = this.#bytesToIds(routeBytes);
+			const destId = route[route.length - 1];
+			const d = type === 'private_message' && this.id === destId
+			? this.decryptData(serialized.slice(47 + neighLength, 47 + NDBL), peerStore.privacy[this.#idFromPublicKey(pubkey)]?.sharedSecret)
+			: serialized.slice(47 + neighLength, 47 + NDBL);
+			const deserializedData = this.id === destId ? this.#bytesToData(dataCode, d) : d;
 			const initialMessageEnd = signatureStart + IDENTITY.SIGNATURE_LENGTH;
 			const signature = serialized.slice(signatureStart, initialMessageEnd);
 			const isPatched = (serialized.length > initialMessageEnd);
@@ -243,7 +277,8 @@ export class CryptoCodex {
 	#bytesToIds(serialized) {
 		const ids = [];
 		const idLength = this.idLength;
-		if (serialized.length % idLength !== 0) throw new Error('Failed to parse ids: invalid serialized length.');
+		if (serialized.length % idLength !== 0)
+			throw new Error('Failed to parse ids: invalid serialized length.');
 		for (let i = 0; i < serialized.length / idLength; i++) {
 			const idBytes = serialized.slice(i * idLength, (i + 1) * idLength);

package/core/node.mjs CHANGED Viewed

@@ -17,9 +17,9 @@ import { NodeServices } from './node-services.mjs';
  * @param {string} [options.domain] If provided, the node will operate as a public node and start necessary services (e.g., WebSocket server)
  * @param {number} [options.port] If provided, the node will listen on this port (default: SERVICE.PORT)
  * @param {number} [options.verbose] Verbosity level for logging (default: NODE.DEFAULT_VERBOSE) */
-export async function createPublicNode(options) {
+export async function createPublicNode(options = {}) {
 	const verbose = options.verbose !== undefined ? options.verbose : NODE.DEFAULT_VERBOSE;
-	const domain = options.domain || undefined;
+	const domain = options.domain || "localhost";
 	const codex = options.cryptoCodex || new CryptoCodex(undefined, verbose);
 	const clockSync = CLOCK.sync(verbose);
 	if (!codex.publicKey) await codex.generate(domain ? true : false);
@@ -82,7 +82,7 @@ export class Node {
 		const { arbiter, peerStore, messager, gossip, topologist } = this;
 		// SETUP TRANSPORTS LISTENERS
-		peerStore.on('signal', (peerId, data) => this.sendMessage(peerId, data, 'signal_answer')); // answer created => send it to offerer
+		peerStore.on('signal', (peerId, data) => this.sendMessage(peerId, data, { type: 'signal_answer' })); // answer created => send it to offerer
 		peerStore.on('connect', (peerId, direction) => this.#onConnect(peerId, direction));
 		peerStore.on('disconnect', (peerId, direction) => this.#onDisconnect(peerId, direction));
 		peerStore.on('data', (peerId, data) => this.#onData(peerId, data));
@@ -90,6 +90,7 @@ export class Node {
 		// UNICAST LISTENERS
 		messager.on('signal_answer', (senderId, data) => topologist.handleIncomingSignal(senderId, data));
 		messager.on('signal_offer', (senderId, data) => topologist.handleIncomingSignal(senderId, data));
+		messager.on('privacy', (senderId, data) => this.#handlePrivacy(senderId, data));
 		// GOSSIP LISTENERS
 		gossip.on('signal_offer', (senderId, data, HOPS) => topologist.handleIncomingSignal(senderId, data, HOPS));
@@ -108,9 +109,9 @@ export class Node {
 		const isHoverNeighbored = this.peerStore.neighborsList.length >= DISCOVERY.TARGET_NEIGHBORS_COUNT + this.halfTarget;
 		const dispatchEvents = () => {
-			//this.sendMessage(peerId, this.id, 'handshake'); // send it in both case, no doubt...
+			//this.sendMessage(peerId, this.id, { type: 'handshake' }); // send it in both case, no doubt...
 			if (DISCOVERY.ON_CONNECT_DISPATCH.OVER_NEIGHBORED && isHoverNeighbored)
-				this.broadcast([], 'over_neighbored'); // inform my neighbors that I am over neighbored
+				this.broadcast([], { type: 'over_neighbored' }); // inform my neighbors that I am over neighbored
 			if (DISCOVERY.ON_CONNECT_DISPATCH.SHARE_HISTORY)
 				if (this.peerStore.getUpdatedPeerConnectionsCount(peerId) <= 1) this.gossip.sendGossipHistoryToPeer(peerId);
 		};
@@ -160,12 +161,69 @@ export class Node {
 	}
 	/** Broadcast a message to all connected peers or to a specified peer
-	 * @param {string | Uint8Array | Object} data @param {string} topic default: 'gossip' @param {string} [targetId] default: broadcast to all
-	 * @param {number} [timestamp] default: CLOCK.time @param {number} [HOPS] default: GOSSIP.HOPS[topic] || GOSSIP.HOPS.default */
-	broadcast(data, topic, HOPS) { return this.gossip.broadcastToAll(data, topic, HOPS); }
+	 * @param {string | Uint8Array | Object} data @param {string} [targetId] default: broadcast to all
+	 * @param {number} [timestamp] default: CLOCK.time
+	 * @param {Object} [options]
+	 * @param {string} [options.topic] default: 'gossip'
+	 * @param {number} [options.HOPS] default: GOSSIP.HOPS[topic] || GOSSIP.HOPS.default */
+	broadcast(data, options = {}) {
+		const { topic, HOPS } = options;
+		return this.gossip.broadcastToAll(data, topic, HOPS);
+	}
-	/** @param {string} remoteId @param {string | Uint8Array | Object} data @param {string} type */
-	sendMessage(remoteId, data, type, spread = 1) { return this.messager.sendUnicast(remoteId, data, type, spread); }
+	/** Send a unicast message to a specific peer
+	 * @param {string} remoteId @param {string | Uint8Array | Object} data
+	 * @param {Object} [options]
+	 * @param {'message' | 'private_message'} [options.type] default: 'message'
+	 * @param {number} [options.spread=1] Number of neighbors used to relay the message */
+	async sendMessage(remoteId, data, options = {}) {
+		const { type, spread } = options;
+		const privacy = type === 'private_message' ? await this.getPeerPrivacy(remoteId) : null;
+		if (privacy && !privacy?.sharedSecret) {
+			this.verbose > 1 ? console.warn(`Cannot send encrypted message to ${remoteId} as shared secret could not be established.`) : null;
+			return false;
+		}
+		return this.messager.sendUnicast(remoteId, data, type, spread);
+	}
+	/** Send a private message to a specific peer, ensuring shared secret is established
+	 * @param {string} remoteId @param {string | Uint8Array | Object} data
+	 * @param {Object} [options]
+	 * @param {number} [options.spread=1] Number of neighbors used to relay the message */
+	async sendPrivateMessage(remoteId, data, options = {}) {
+		const o = { ...options, type: 'private_message' };
+		return this.sendMessage(remoteId, data, o);
+	}
+	// Building this function, she can be moved to another class later
+	async getPeerPrivacy(peerId, retry = 20) {
+		let p = this.peerStore.privacy[peerId];
+		if (!p) {
+			this.peerStore.privacy[peerId] = this.cryptoCodex.generateEphemeralX25519Keypair();
+			p = this.peerStore.privacy[peerId];
+		}
+		let nextMessageIn = 1;
+		while (!p?.sharedSecret && retry-- > 0) {
+			if (nextMessageIn-- <= 0) {
+				this.messager.sendUnicast(peerId, p.myPub, 'privacy');
+				nextMessageIn = 5;
+			}
+			await new Promise(r => setTimeout(r, 100));
+			p = this.peerStore.privacy[peerId];
+		}
+		return p;
+	}
+	/** @param {string} senderId @param {Uint8Array} peerPub */
+	#handlePrivacy(senderId, peerPub) {
+		if (this.peerStore.privacy[senderId]?.sharedSecret) return; // already have shared secret
+		if (!this.peerStore.privacy[senderId])
+			this.peerStore.privacy[senderId] = this.cryptoCodex.generateEphemeralX25519Keypair();
+		this.peerStore.privacy[senderId].peerPub = peerPub;
+		this.peerStore.privacy[senderId].sharedSecret = this.cryptoCodex.computeX25519SharedSecret(this.peerStore.privacy[senderId].myPriv, peerPub);
+		this.messager.sendUnicast(senderId, this.peerStore.privacy[senderId].myPub, 'privacy');
+	}
 	/** Send a connection request to a peer */
 	async tryConnectToPeer(targetId = 'toto', retry = 10) {
@@ -174,7 +232,7 @@ export class Node {
 			const { offerHash, readyOffer } = this.peerStore.offerManager.bestReadyOffer(100, false);
 			if (!offerHash || !readyOffer) await new Promise(r => setTimeout(r, 1000)); // build in progress...
 			else {
-				this.messager.sendUnicast(targetId, { signal: readyOffer.signal, offerHash }, 'signal_offer', 1);
+				this.messager.sendUnicast(targetId, { signal: readyOffer.signal, offerHash }, 'signal_offer');
 				return;
 			}
 		} while (retry-- > 0);
@@ -201,7 +259,14 @@ export class Node {
 	/** Triggered when a new message is received.
 	 *  @param {function} callback can use arguments: (senderId:string, data:any) */
-	onMessageData(callback) { this.messager.on('message', callback); }
+	onMessageData(callback, includesPrivate = true) {
+		this.messager.on('message', callback);
+		if (includesPrivate) this.messager.on('private_message', callback);
+	}
+	/** Triggered when a new private message is received.
+	 * @param {function} callback can use arguments: (senderId:string, data:any) */
+	onPrivateMessageData(callback) { this.messager.on('private_message', callback); }
 	/** Triggered when a new gossip message is received.
 	 * @param {function} callback can use arguments: (senderId:string, data:any, HOPS:number) */

package/core/peer-store.mjs CHANGED Viewed

@@ -20,6 +20,13 @@ export class KnownPeer { // known peer, not necessarily connected
 	}
 }
+class Privacy {
+	/** @type {Uint8Array} */ 	sharedSecret;
+	/** @type {Uint8Array} */ 	myPub;
+	/** @type {Uint8Array} */ 	myPriv;
+	/** @type {Uint8Array} */	peerPub;
+}
 export class PeerConnection { // WebSocket or WebRTC connection wrapper
 	peerId; transportInstance; isWebSocket; direction; pendingUntil; connStartTime;
@@ -46,6 +53,7 @@ export class PeerStore { // Manages all peers informations and connections (WebS
 	/** @type {Record<string, PeerConnection>} */ 	connected = {};
 	/** @type {Record<string, KnownPeer>} */ 	  	known = {}; // known peers store
 	/** @type {number} */							knownCount = 0;
+	/** @type {Record<string, Privacy>} */ 			privacy = {}; // peerId, Privacy settings
 	/** @type {Record<string, number>} */ 			kick = {}; // peerId, timestamp until kick expires
 	/** @type {Record<string, Function[]>} */ 		callbacks = {
 		'connect': [(peerId, direction) => this.#handleConnect(peerId, direction)],

package/core/topologist.mjs CHANGED Viewed

@@ -252,7 +252,7 @@ export class Topologist {
 			if (sentTo.has(peerId)) continue;
 			if (sentTo.size === 0) readyOffer.sentCounter++;
 			sentTo.set(peerId, true);
-			this.messager.sendUnicast(peerId, { signal: readyOffer.signal, offerHash }, 'signal_offer', 1);
+			this.messager.sendUnicast(peerId, { signal: readyOffer.signal, offerHash }, 'signal_offer');
 			if (sentTo.size >= 12) break; // limit to 12 unicast max
 		}
 	}

package/core/unicast.mjs CHANGED Viewed

@@ -75,14 +75,14 @@ export class UnicastMessager {
 	}
 	/** Send unicast message to a target
 	 * @param {string} remoteId @param {string | Uint8Array | Object} data @param {string} type
-	 * @param {number} [spread] Max neighbors used to relay the message, default: 1 */
+	 * @param {number} [spread] *Optional* Max neighbors used to relay the message, default: 1 */
 	sendUnicast(remoteId, data, type = 'message', spread = 1) {
 		if (remoteId === this.id) return false;
 		const builtResult = this.pathFinder.buildRoutes(remoteId, this.maxRoutes, this.maxHops, this.maxNodes, true);
 		if (!builtResult.success) return false;
-		// Caution: re-routing usage who can involve insane results
+		const encryptionKey = type === 'private_message' ? this.peerStore.privacy[remoteId]?.sharedSecret : undefined;
 		const finalSpread = builtResult.success === 'blind' ? 1 : spread; // Spread only if re-routing is false
 		for (let i = 0; i < Math.min(finalSpread, builtResult.routes.length); i++) {
 			const route = builtResult.routes[i].path;
@@ -91,7 +91,8 @@ export class UnicastMessager {
 				continue; // too long route
 			}
-			this.#sendMessageToPeer(route[1], this.cryptoCodex.createUnicastMessage(type, data, route, this.peerStore.neighborsList));
+			const msg = this.cryptoCodex.createUnicastMessage(type, data, route, this.peerStore.neighborsList, encryptionKey);
+			this.#sendMessageToPeer(route[1], msg);
 		}
 		return true;
 	}
@@ -112,7 +113,7 @@ export class UnicastMessager {
 		if (this.arbiter.isBanished(from)) return this.verbose >= 3 ? console.info(`%cReceived direct message from banned peer ${from}, ignoring.`, 'color: red;') : null;
 		if (!this.arbiter.countMessageBytes(from, serialized.byteLength, 'unicast')) return; // ignore if flooding/banished
-		const message = this.cryptoCodex.readUnicastMessage(serialized);
+		const message = this.cryptoCodex.readUnicastMessage(serialized, this.peerStore);
 		if (!message) return this.arbiter.countPeerAction(from, 'WRONG_SERIALIZATION');
 		const isOk = await this.arbiter.digestMessage(from, message, serialized);
 		if (!isOk) return; // invalid message or from banished peer
@@ -148,7 +149,7 @@ export class UnicastMessager {
 				return; // too long route
 			}
-			const patchedMessage = await this.cryptoCodex.createReroutedUnicastMessage(serialized, newRoute);
+			const patchedMessage = this.cryptoCodex.createReroutedUnicastMessage(serialized, newRoute);
 			const nextPeerId = newRoute[selfPosition + 1];
 			this.#sendMessageToPeer(nextPeerId, patchedMessage);
 		}