node-rtc-connection 2.0.4 → 2.0.5

package/src/dtls/prf.ts

@@ -1,62 +0,0 @@
-/**
- * @file prf.ts
- * @description TLS 1.2 pseudo-random function (RFC 5246 §5) with SHA-256.
- * @module dtls/prf
- *
- * The cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uses P_SHA256 for
- * the PRF. This module also exposes the underlying HMAC-based P_hash.
- */
-
-'use strict';
-
-import * as crypto from 'crypto';
-
-/**
- * P_hash(secret, seed) expanded to `length` bytes (RFC 5246 §5).
- *   A(0) = seed
- *   A(i) = HMAC(secret, A(i-1))
- *   P_hash = HMAC(secret, A(1)+seed) | HMAC(secret, A(2)+seed) | ...
- *
- * @param hashAlg - Node hash name, e.g. 'sha256'.
- * @param secret
- * @param seed
- * @param length
- */
-export function pHash(
-  hashAlg: string,
-  secret: Buffer,
-  seed: Buffer,
-  length: number
-): Buffer {
-  const out: Buffer[] = [];
-  let total = 0;
-  let a = seed; // A(0)
-  while (total < length) {
-    a = crypto.createHmac(hashAlg, secret).update(a).digest(); // A(i)
-    const chunk = crypto
-      .createHmac(hashAlg, secret)
-      .update(Buffer.concat([a, seed]))
-      .digest();
-    out.push(chunk);
-    total += chunk.length;
-  }
-  return Buffer.concat(out).slice(0, length);
-}
-
-/**
- * TLS 1.2 PRF = P_SHA256(secret, label + seed).
- *
- * @param secret
- * @param label - ASCII label, e.g. "master secret".
- * @param seed
- * @param length
- */
-export function prf(
-  secret: Buffer,
-  label: string,
-  seed: Buffer,
-  length: number
-): Buffer {
-  const labelAndSeed = Buffer.concat([Buffer.from(label, 'ascii'), seed]);
-  return pHash('sha256', secret, labelAndSeed, length);
-}

package/src/dtls/protocol.ts

@@ -1,204 +0,0 @@
-/**
- * @file protocol.ts
- * @description DTLS 1.2 wire-format constants and TLV/vector encoders.
- * @module dtls/protocol
- *
- * Covers exactly what WebRTC's data channel needs:
- *   cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xC02B)
- *   curve secp256r1, signature scheme ecdsa_secp256r1_sha256.
- *
- * References: RFC 6347 (DTLS 1.2), RFC 5246 (TLS 1.2), RFC 8422 (ECC).
- */
-
-'use strict';
-
-// DTLS 1.2 on the wire is version 0xFEFD (i.e. ~1.2).
-export const DTLS_1_2 = 0xfefd;
-
-export const CONTENT_TYPE = Object.freeze({
-  CHANGE_CIPHER_SPEC: 20,
-  ALERT: 21,
-  HANDSHAKE: 22,
-  APPLICATION_DATA: 23,
-});
-
-export const HANDSHAKE_TYPE = Object.freeze({
-  HELLO_REQUEST: 0,
-  CLIENT_HELLO: 1,
-  SERVER_HELLO: 2,
-  HELLO_VERIFY_REQUEST: 3,
-  CERTIFICATE: 11,
-  SERVER_KEY_EXCHANGE: 12,
-  CERTIFICATE_REQUEST: 13,
-  SERVER_HELLO_DONE: 14,
-  CERTIFICATE_VERIFY: 15,
-  CLIENT_KEY_EXCHANGE: 16,
-  FINISHED: 20,
-});
-
-export const ALERT_LEVEL = Object.freeze({ WARNING: 1, FATAL: 2 });
-export const ALERT_DESC = Object.freeze({
-  CLOSE_NOTIFY: 0,
-  HANDSHAKE_FAILURE: 40,
-  BAD_CERTIFICATE: 42,
-  DECRYPT_ERROR: 51,
-  INTERNAL_ERROR: 80,
-});
-
-// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-export const CIPHER_SUITE = 0xc02b;
-
-export const NAMED_GROUP = Object.freeze({ secp256r1: 0x0017 });
-export const EC_POINT_FORMAT = Object.freeze({ uncompressed: 0 });
-
-// SignatureAndHashAlgorithm
-export const HASH_ALG = Object.freeze({ sha256: 4, sha384: 5, sha512: 6 });
-export const SIG_ALG = Object.freeze({ rsa: 1, ecdsa: 3 });
-
-// ClientCertificateType
-export const CERT_TYPE = Object.freeze({ ecdsa_sign: 64, rsa_sign: 1 });
-
-export const EXTENSION = Object.freeze({
-  SUPPORTED_GROUPS: 10,
-  EC_POINT_FORMATS: 11,
-  SIGNATURE_ALGORITHMS: 13,
-  EXTENDED_MASTER_SECRET: 23,
-  RENEGOTIATION_INFO: 0xff01,
-});
-
-export const FINISHED_LABEL = Object.freeze({
-  CLIENT: 'client finished',
-  SERVER: 'server finished',
-});
-
-/** A parsed DTLS record from {@link parseRecords}. */
-export interface Record {
-  type: number;
-  version: number;
-  epoch: number;
-  seq: number;
-  fragment: Buffer;
-}
-
-/** A parsed handshake message header from {@link parseHandshake}. */
-export interface Handshake {
-  msgType: number;
-  length: number;
-  messageSeq: number;
-  fragmentOffset: number;
-  fragmentLength: number;
-  body: Buffer;
-}
-
-// ---- Vector / integer encoders -------------------------------------------
-
-/** Encode a uint24 (3 bytes, big-endian). */
-export function uint24(n: number): Buffer {
-  return Buffer.from([(n >> 16) & 0xff, (n >> 8) & 0xff, n & 0xff]);
-}
-
-/** Read a uint24 at offset. */
-export function readUint24(buf: Buffer, off: number): number {
-  return (buf[off]! << 16) | (buf[off + 1]! << 8) | buf[off + 2]!;
-}
-
-/** Length-prefixed vector with a 1-byte length. */
-export function vec8(body: Buffer): Buffer {
-  return Buffer.concat([Buffer.from([body.length]), body]);
-}
-
-/** Length-prefixed vector with a 2-byte length. */
-export function vec16(body: Buffer): Buffer {
-  const len = Buffer.alloc(2);
-  len.writeUInt16BE(body.length, 0);
-  return Buffer.concat([len, body]);
-}
-
-/** Length-prefixed vector with a 3-byte length. */
-export function vec24(body: Buffer): Buffer {
-  return Buffer.concat([uint24(body.length), body]);
-}
-
-// ---- Record layer ---------------------------------------------------------
-
-/**
- * Encode a DTLS record (13-byte header + fragment).
- * @param type - CONTENT_TYPE
- * @param epoch
- * @param seq - 48-bit sequence number
- * @param fragment
- * @param version
- */
-export function encodeRecord(
-  type: number,
-  epoch: number,
-  seq: number,
-  fragment: Buffer,
-  version: number = DTLS_1_2
-): Buffer {
-  const header = Buffer.alloc(13);
-  header.writeUInt8(type, 0);
-  header.writeUInt16BE(version, 1);
-  header.writeUInt16BE(epoch, 3);
-  header.writeUIntBE(seq, 5, 6);
-  header.writeUInt16BE(fragment.length, 11);
-  return Buffer.concat([header, fragment]);
-}
-
-/**
- * Parse one or more DTLS records from a datagram. Multiple records may be
- * packed into a single UDP packet.
- * @param packet
- */
-export function parseRecords(packet: Buffer): Record[] {
-  const records: Record[] = [];
-  let off = 0;
-  while (off + 13 <= packet.length) {
-    const type = packet.readUInt8(off);
-    const version = packet.readUInt16BE(off + 1);
-    const epoch = packet.readUInt16BE(off + 3);
-    const seq = packet.readUIntBE(off + 5, 6);
-    const length = packet.readUInt16BE(off + 11);
-    const start = off + 13;
-    if (start + length > packet.length) break;
-    records.push({ type, version, epoch, seq, fragment: packet.slice(start, start + length) });
-    off = start + length;
-  }
-  return records;
-}
-
-// ---- Handshake layer -------------------------------------------------------
-
-/**
- * Encode a DTLS handshake message header + body (unfragmented).
- * @param msgType - HANDSHAKE_TYPE
- * @param messageSeq
- * @param body
- */
-export function encodeHandshake(
-  msgType: number,
-  messageSeq: number,
-  body: Buffer
-): Buffer {
-  const header = Buffer.alloc(12);
-  header.writeUInt8(msgType, 0);
-  uint24(body.length).copy(header, 1); // length
-  header.writeUInt16BE(messageSeq, 4); // message_seq
-  uint24(0).copy(header, 6); // fragment_offset
-  uint24(body.length).copy(header, 9); // fragment_length
-  return Buffer.concat([header, body]);
-}
-
-/**
- * Parse a handshake message header.
- * @param buf - starts at the handshake header
- */
-export function parseHandshake(buf: Buffer): Handshake {
-  const msgType = buf.readUInt8(0);
-  const length = readUint24(buf, 1);
-  const messageSeq = buf.readUInt16BE(4);
-  const fragmentOffset = readUint24(buf, 6);
-  const fragmentLength = readUint24(buf, 9);
-  const body = buf.slice(12, 12 + fragmentLength);
-  return { msgType, length, messageSeq, fragmentOffset, fragmentLength, body };
-}

package/src/foundation/ByteBufferQueue.ts

@@ -1,237 +0,0 @@
-/**
- * @file ByteBufferQueue - Efficient byte buffer with O(1) append and O(n) read.
- *
- * This class provides efficient management of byte buffers with O(1) append operations
- * and O(n) read operations. Clients can append entire buffers then copy data out across
- * buffer boundaries.
- *
- * @license MIT
- * @author nmhung1210
- */
-
-'use strict';
-
-/**
- * A ByteBufferQueue manages a queue of byte buffers with efficient operations.
- *
- * Invariants maintained:
- * - size_ = sum of all buffer sizes - frontBufferOffset_
- * - No buffer in the queue is empty
- * - If queue is empty, frontBufferOffset_ = 0
- * - Otherwise, frontBufferOffset_ < front buffer size
- */
-class ByteBufferQueue {
-  /**
-   * Total number of bytes available to read.
-   * @private {number}
-   */
-  #size: number;
-
-  /**
-   * Double-ended queue of byte buffers.
-   * Append() pushes to the back, ReadInto() consumes from the front.
-   * @private {Buffer[]}
-   */
-  #buffers: Buffer[];
-
-  /**
-   * Offset from which to start reading the front buffer.
-   * @private {number}
-   */
-  #frontBufferOffset: number;
-
-  constructor() {
-    this.#size = 0;
-    this.#buffers = [];
-    this.#frontBufferOffset = 0;
-  }
-
-  /**
-   * Number of bytes that can be read.
-   * @returns {number}
-   */
-  get size(): number {
-    return this.#size;
-  }
-
-  /**
-   * Returns true if no bytes are available to read.
-   * @returns {boolean}
-   */
-  get empty(): boolean {
-    return this.#size === 0;
-  }
-
-  /**
-   * Copies data into the given buffer. Consumes bytes from the queue.
-   * Returns the number of bytes written to bufferOut.
-   *
-   * @param {Buffer} bufferOut - Destination buffer to read into
-   * @returns {number} Number of bytes actually read
-   * @throws {TypeError} If bufferOut is not a Buffer
-   */
-  readInto(bufferOut: Buffer): number {
-    if (!Buffer.isBuffer(bufferOut)) {
-      throw new TypeError('bufferOut must be a Buffer');
-    }
-
-    let readAmount = 0;
-    let outputOffset = 0;
-
-    while (outputOffset < bufferOut.length && this.#buffers.length > 0) {
-      const frontBuffer = this.#buffers[0]!;
-      const availableInFront = frontBuffer.length - this.#frontBufferOffset;
-      const remainingOutput = bufferOut.length - outputOffset;
-      const toCopy = Math.min(availableInFront, remainingOutput);
-
-      // Copy data from front buffer to output
-      frontBuffer.copy(
-        bufferOut,
-        outputOffset,
-        this.#frontBufferOffset,
-        this.#frontBufferOffset + toCopy
-      );
-
-      readAmount += toCopy;
-      outputOffset += toCopy;
-
-      if (toCopy < availableInFront) {
-        // Partial read, update offset
-        this.#frontBufferOffset += toCopy;
-      } else {
-        // Consumed entire front buffer, remove it
-        this.#buffers.shift();
-        this.#frontBufferOffset = 0;
-      }
-    }
-
-    this.#size -= readAmount;
-    this.#checkInvariants();
-    return readAmount;
-  }
-
-  /**
-   * Appends a buffer to the queue. Takes ownership of the buffer.
-   * Empty buffers are ignored.
-   *
-   * @param {Buffer} buffer - Buffer to append
-   * @throws {TypeError} If buffer is not a Buffer
-   */
-  append(buffer: Buffer): void {
-    if (!Buffer.isBuffer(buffer)) {
-      throw new TypeError('buffer must be a Buffer');
-    }
-
-    if (buffer.length === 0) {
-      return; // Ignore empty buffers
-    }
-
-    this.#size += buffer.length;
-    this.#buffers.push(buffer);
-    this.#checkInvariants();
-  }
-
-  /**
-   * Clears all stored buffers.
-   */
-  clear(): void {
-    this.#buffers = [];
-    this.#frontBufferOffset = 0;
-    this.#size = 0;
-    this.#checkInvariants();
-  }
-
-  /**
-   * Reads and consumes exactly n bytes.
-   *
-   * @param {number} n - Number of bytes to read
-   * @returns {Buffer} Buffer containing exactly n bytes
-   * @throws {RangeError} If fewer than n bytes are available
-   */
-  read(n: number): Buffer {
-    if (n > this.#size) {
-      throw new RangeError(`Cannot read ${n} bytes, only ${this.#size} available`);
-    }
-    if (n === 0) {
-      return Buffer.allocUnsafe(0);
-    }
-
-    const result = Buffer.allocUnsafe(n);
-    const bytesRead = this.readInto(result);
-
-    if (bytesRead !== n) {
-      throw new Error(`Internal error: read ${bytesRead} bytes, expected ${n}`);
-    }
-
-    return result;
-  }
-
-  /**
-   * Peeks at data without consuming it.
-   *
-   * @param {number} [n=this.#size] - Number of bytes to peek
-   * @returns {Buffer} Buffer containing up to n bytes (not consumed)
-   */
-  peek(n: number = this.#size): Buffer {
-    const peekAmount = Math.min(n, this.#size);
-    if (peekAmount === 0) {
-      return Buffer.allocUnsafe(0);
-    }
-
-    const result = Buffer.allocUnsafe(peekAmount);
-    let written = 0;
-    let bufferIndex = 0;
-    let offset = this.#frontBufferOffset;
-
-    while (written < peekAmount && bufferIndex < this.#buffers.length) {
-      const buffer = this.#buffers[bufferIndex]!;
-      const available = buffer.length - offset;
-      const toCopy = Math.min(available, peekAmount - written);
-
-      buffer.copy(result, written, offset, offset + toCopy);
-      written += toCopy;
-
-      bufferIndex++;
-      offset = 0; // Reset offset for subsequent buffers
-    }
-
-    return result;
-  }
-
-  /**
-   * Checks internal invariants (development mode only).
-   * @private
-   * @throws {Error} If invariants are violated
-   */
-  #checkInvariants(): void {
-    if (process.env.NODE_ENV !== 'production') {
-      let bufferSizeSum = 0;
-      for (const buffer of this.#buffers) {
-        if (buffer.length === 0) {
-          throw new Error('Invariant violation: empty buffer in queue');
-        }
-        bufferSizeSum += buffer.length;
-      }
-
-      const expectedSize = bufferSizeSum - this.#frontBufferOffset;
-      if (this.#size !== expectedSize) {
-        throw new Error(
-          `Invariant violation: size=${this.#size}, expected=${expectedSize}`
-        );
-      }
-
-      if (this.#buffers.length === 0) {
-        if (this.#frontBufferOffset !== 0) {
-          throw new Error('Invariant violation: offset non-zero with empty queue');
-        }
-      } else {
-        if (this.#frontBufferOffset >= this.#buffers[0]!.length) {
-          throw new Error('Invariant violation: offset >= front buffer size');
-        }
-      }
-    }
-  }
-}
-
-export default ByteBufferQueue;
-export { ByteBufferQueue };