Merge pull request #107 from datapartyjs/pq-sockets

post quantum sockets

Author: sevenbitbyte

package.json

@@ -57,11 +57,13 @@
     "build-test": "node ./examples/party/example-build.js",
     "watch-test": "DEBUG=* nodemon --ignore service test/test-service-compile.js",
     "build-docs": "./scripts/build-docs.sh",
-    "generate-docs": "npx jsdoc --configure jsdoc.json --verbose"
+    "build-venue": "node ./src/venue/build.js",
+    "generate-docs": "npx jsdoc --configure jsdoc.json --verbose",
+    "mkssl": "openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem"
   },
   "dependencies": {
     "@dataparty/bouncer-db": "1.0.1",
-    "@dataparty/crypto": "git://github.com/datapartyjs/dataparty-crypto.git",
+    "@dataparty/crypto": "github:datapartyjs/dataparty-crypto#postquantum-bson",
     "@dataparty/tasker": "^0.0.3",
     "@diva.exchange/i2p-sam": "^4.1.8",
     "@markwylde/liferaft": "^1.3.4",
@@ -79,6 +81,7 @@
     "dom-storage": "^2.1.0",
     "eventemitter3": "^4.0.7",
     "express": "^4.17.1",
+    "express-ipfilter": "^1.3.2",
     "express-list-routes": "^1.1.9",
     "git-repo-info": "^2.1.1",
     "joi": "^17.9.1",

src/comms/host/host-protocol-scheme.js

@@ -19,7 +19,31 @@ const OP_HEADER = Joi.object().keys({
 const AUTH_OP = Joi.object().keys({
   id: ID_SCHEME.required(),
   op: Joi.string().valid('auth').required(),
-  session: Joi.string().required(), //Joi.objectId().required(),
+  session: Joi.string().required(),
+  offer: Joi.object().keys({
+    sender: Joi.object().keys({
+      id: Joi.string(),
+      key: Joi.object().keys({
+        type: Joi.string().required(),
+        hash: Joi.string().required(),
+        public: Joi.object().keys({
+          box: Joi.string().required(),
+          sign: Joi.string().required(),
+          pqkem: Joi.string().required(),
+          pqsign_ml: Joi.string().required(),
+          pqsign_slh: Joi.string().required()
+        }).required()
+      }).required(),
+      seed: Joi.allow(null)
+    }).required(),
+    pqCipherText: Joi.string().required(),
+    streamNonce: Joi.string().required()
+  }).required(),
+  signature: Joi.object().keys({
+    timestamp: Joi.number().required(),
+    type: Joi.string().required(),
+    value: Joi.string().required()
+  }).required()
 })
 
 const CALL_OP = Joi.object().keys({

src/comms/isocket-comms.js

@@ -7,7 +7,7 @@ const {Message, Routines} = require('@dataparty/crypto')
 
 const AuthOp = require('./op/auth-op')
 const RosShim = require('./ros-shim')
-const IParty = require('../party/iparty')
+
 
 
 /**
@@ -38,6 +38,9 @@ class ISocketComms extends EventEmitter {
 
         this.socket = undefined
 
+        //this.aesOffer = null
+        this.aesStream = null
+
         this._ros = undefined
     }
 
@@ -80,49 +83,70 @@ class ISocketComms extends EventEmitter {
         op.run().then((status)=>{
             debug(status)
             debug('authed')
-            this.emit('open')
+            //this.aesOffer = op.offer
+            this.aesStream = op.stream
             this.authed = true
+            this.emit('open')
         }).catch(error=>{
             this.authed = false
             debug('auth error', error)
             this.emit('close')
         })
     }
 
-    decrypt(reply, sender){
+    async decrypt(reply, sender){
+      if(this.aesStream){
+        debug('decrypting quantum aes')
+        console.log(reply, typeof reply)
+        console.log(typeof reply.data)
+
+        let buf = reply.data
+
+        if(buf instanceof Blob){
+          debug('reply.data is a blob')
+          buf = await reply.data.arrayBuffer();
+        } else {
+          //buf = reply.data
+        }
+
+        const contentBSON = await this.aesStream.decrypt( new Uint8Array(buf) )
+        const content = Routines.BSON.parseObject(new Routines.BSON.BaseParser( contentBSON ))
+
+        return content
+
+      } else {
+        debug('decrypting classic')
         const replyObj = JSON.parse(reply.data)
-        let dataPromise = new Promise((resolve, reject)=>{
-            if(replyObj.enc && replyObj.sig){
-              let msg = new Message(replyObj)
-      
-              return resolve(msg.decrypt(this.party._identity).then(content=>{
-                const senderPub = Routines.extractPublicKeys(msg.enc)
-                debug('sender', sender, '\tdiscover', this.discoverRemoteIdentity)
-                if(this.discoverRemoteIdentity && !sender){
-                    debug('discovered remote identity', senderPub)
-                    this.remoteIdentity = {
-                        key: {
-                            public: senderPub
-                        }
-                    }
-                    sender = this.remoteIdentity
-                }
-                debug(`sender from - ${msg.from}`)
-                debug(`senderPub - ${senderPub}`)
-      
-                if(senderPub.box != sender.key.public.box || senderPub.sign != sender.key.public.sign){
-                  return Promise.reject('TRUST - reply is not from expected remote')
-                }
-
-                debug('decrypted data')
-                return content
-              }))
-            }
-      
-            reject( Promise.reject('TRUST - reply is not encrypted') )
-          })
-      
-        return dataPromise
+  
+        if(replyObj.enc && replyObj.sig){
+          let msg = new Message({})
+          msg.fromJSON(replyObj)
+  
+          let content = await msg.decrypt(this.party.privateIdentity)
+        
+          const senderPub = Routines.extractPublicKeys(msg.enc)
+          debug('sender', sender, '\tdiscover', this.discoverRemoteIdentity)
+          if(this.discoverRemoteIdentity && !sender){
+              debug('discovered remote identity', senderPub)
+              this.remoteIdentity = {
+                  key: {
+                      public: senderPub
+                  }
+              }
+              sender = this.remoteIdentity
+          }
+          debug(`sender from - ${msg.from}`)
+          debug(`senderPub - ${senderPub}`)
+  
+          if(senderPub.box != sender.key.public.box || senderPub.sign != sender.key.public.sign){
+            throw new Error('TRUST - reply is not from expected remote')
+          }
+  
+          debug('decrypted data')
+          return content
+        }
+      }
+
     }
 
     onmessage(message){
@@ -142,28 +166,37 @@ class ISocketComms extends EventEmitter {
         })
     }
 
-    send(input){
-        debug('send - ', typeof input, input)
+    async send(input){
+      debug('send - ', typeof input, input)
 
-        if(typeof input != 'object'){
-            input = JSON.parse(input)
-        }
+      if(typeof input != 'object'){
+        input = JSON.parse(input)
+      }
 
-        const content = new Message({msg: input})
+      let content = null
 
-        return content.encrypt(this.party._identity, this.remoteIdentity.key)
-            .then(JSON.stringify)
-            .then(this.socket.send.bind(this.socket))
+      if(this.aesStream && input.id.indexOf('auth') == -1){
+        debug('sending quantum aes')
+        const contentBSON = Routines.BSON.serializeBSONWithoutOptimiser( input )
+        content = await this.aesStream.encrypt( contentBSON )
+      } else {
 
+        debug('sending classic')
+        const msg = new Message({msg: input})
+        await msg.encrypt(this.party._identity, this.remoteIdentity.key)
+        content = JSON.stringify(msg.toJSON())
+      }
+
+      await this.socket.send(content)
     }
 
     get ros(){
-        if(!this._ros){
-            this._ros = new RosShim(this)
-            this._ros.connect()
-        }
+      if(!this._ros){
+          this._ros = new RosShim(this)
+          this._ros.connect()
+      }
 
-        return this._ros
+      return this._ros
     }
 }
 

src/comms/op/auth-op.js

@@ -1,11 +1,48 @@
 const debug = require('debug')('dataparty.op.auth-op')
 const SocketOp = require('./socket-op')
 
+const {Routines} = require('@dataparty/crypto')
+
 
 class AuthOp extends SocketOp {
-    constructor(socket){
-        super('auth', {}, socket)
+  constructor(socket){
+    super('auth', {}, socket)
+
+    this.offer=null
+    this.stream=null
+  }
+
+  async run(){
+    const actor = this.socket.party.privateIdentity
+    const aesStreamOffer = await actor.createStream( this.socket.remoteIdentity )
+
+    this.stream = aesStreamOffer.stream
+
+    const offer = {
+      sender: aesStreamOffer.sender,
+      pqCipherText: aesStreamOffer.pqCipherText,
+      streamNonce: aesStreamOffer.streamNonce
+    }
+
+    const offerBSON = Routines.BSON.serializeBSONWithoutOptimiser( offer )
+
+    const { timestamp, value, type } = await Routines.signDataPQ(actor, offerBSON, 'pqsign_ml')
+
+    const authPkt = {
+      offer,
+      signature: {
+        timestamp, type,
+        value: Routines.Utils.base64.encode(value)
+      }
     }
+
+    debug('created authPkt', authPkt)
+
+    this.offer = offer
+    this.data = authPkt
+
+    return super.run()
+  }
 }
 
 module.exports = AuthOp