New Crypto Middleware in progress

universalweb · Aug 25, 2023 · 7790e22 · 7790e22
1 parent 050642d
commit 7790e22
Show file tree

Hide file tree

Showing 18 changed files with 53 additions and 39 deletions.
diff --git a/profiles/default-Ephemeral.cert b/profiles/default-Ephemeral.cert
diff --git a/profiles/default-EphemeralPublic.cert b/profiles/default-EphemeralPublic.cert
diff --git a/profiles/default-Master.cert b/profiles/default-Master.cert
diff --git a/profiles/default-MasterPublic.cert b/profiles/default-MasterPublic.cert
diff --git a/profiles/default-Profile.cert b/profiles/default-Profile.cert
diff --git a/services/universal.web-Ephemeral.cert b/services/universal.web-Ephemeral.cert
diff --git a/services/universal.web-EphemeralPublic.cert b/services/universal.web-EphemeralPublic.cert
diff --git a/services/universal.web-Master.cert b/services/universal.web-Master.cert
diff --git a/services/universal.web-MasterPublic.cert b/services/universal.web-MasterPublic.cert
diff --git a/services/universal.web-Profile.cert b/services/universal.web-Profile.cert
diff --git a/udsp/base.js b/udsp/base.js
@@ -1,8 +1,8 @@
-import { construct, UniqID, each } from '@universalweb/acid';
-import { cryptography } from '#udsp/crypto/cryptography';
+import {
+	construct, UniqID, each, hasValue
+} from '@universalweb/acid';
 import dgram from 'dgram';
 import { randomConnectionId, randomBuffer } from '#crypto';
-import { UWCrypto } from './cryptoMiddleware/index.js';
 export class UDSP {
 	async calculatePacketOverhead() {
 		const {
@@ -14,8 +14,8 @@ export class UDSP {
 			maxParametersSize,
 			cipherSuite
 		} = this;
-		const encryptOverhead = cipherSuite?.encrypt?.overhead;
-		if (encryptOverhead) {
+		const encryptOverhead = cipherSuite?.encrypt?.overhead || 0;
+		if (hasValue(encryptOverhead)) {
 			this.encryptOverhead = encryptOverhead;
 		}
 		if (maxPayloadSize) {
@@ -111,5 +111,5 @@ export class UDSP {
 	randomId = randomBuffer(8);
 	cipherSuiteName = 'x25519-xchacha20-poly1305';
 	cipherSuiteNames = ['x25519-xchacha20-poly1305'];
-	cipherSuites = {};
+	version = 1;
 }
diff --git a/udsp/client/index.js b/udsp/client/index.js
@@ -46,8 +46,7 @@ import { fetchRequest } from '../requestMethods/fetch.js';
 import { UDSP } from '#udsp/base';
 import { sendPacket } from '../sendPacket.js';
 import { post } from '../requestMethods/post.js';
-import { getAlgorithm } from '../cryptoMiddleware/index.js';
-import { processPublicKey } from '../cryptoMiddleware/index';
+import { getAlgorithm, processPublicKey } from '../cryptoMiddleware/index.js';
 // UNIVERSAL WEB Client Class
 export class Client extends UDSP {
 	constructor(configuration) {
@@ -109,9 +108,6 @@ export class Client extends UDSP {
 		} else if (encryptServerConnectionId) {
 			this.encryptServerConnectionId = true;
 		}
-		if (this.cryptography.connectionIdKeypair) {
-			this.connectionIdKeypair = this.cryptography.connectionIdKeypair;
-		}
 		// console.log('Destination', destination.cryptography);
 	}
 	async getKeychainSave(keychain) {
@@ -149,6 +145,7 @@ export class Client extends UDSP {
 		}
 		this.publicKeyCryptography = getAlgorithm(publicKeyAlgorithm);
 		this.cipherSuite = getAlgorithm(this.cipherSuiteName);
+		console.log(this.cipherSuiteName);
 		if (destination.boxCryptography) {
 			this.boxCryptography = getAlgorithm(destination.boxCryptography);
 		}
@@ -158,7 +155,7 @@ export class Client extends UDSP {
 			this.autoLogin = true;
 		}
 		if (!this.keypair) {
-			this.keypair = this.publicKeyCryptography.keypair();
+			this.keypair = this.cipherSuite.keypair();
 			success(`Created Connection Keypair`);
 		}
 		if (!this.encryptionKeypair) {
@@ -297,6 +294,16 @@ export class Client extends UDSP {
 		}
 		return header;
 	}
+	setCryptographyHeaders(header = {}) {
+		const key = this.encryptionKeypair.publicKey;
+		console.log('Setting Cryptography in UDSP Header', toBase64(key));
+		const {
+			cipherSuiteName, version
+		} = this;
+		header.cs = cipherSuiteName;
+		header.v = version;
+		return header;
+	}
 	sendIntro() {
 		console.log('Sending Intro');
 		this.state = 1;

diff --git a/udsp/cryptoMiddleware/index.js b/udsp/cryptoMiddleware/index.js
@@ -31,12 +31,12 @@ import { pbkdf2, pbkdf2Async } from '@noble/hashes/pbkdf2';
 import { scrypt, scryptAsync } from '@noble/hashes/scrypt';
 const { seal } = Object;
 import * as defaultCrypto from '#crypto';
-import { assign } from '@universalweb/acid';
+import { assign, hasValue } from '@universalweb/acid';
 const {
 	encrypt, decrypt, nonceBox, sign, signVerify, createSecretKey,
 	signKeypair, encryptKeypair, createSessionKey, clientSessionKeys,
 	serverSessionKeys, signPrivateKeyToEncryptPrivateKey, signPublicKeyToEncryptPublicKey,
-	signKeypairToEncryptKeypair, getSignPublicKeyFromPrivateKey, keypair,
+	signKeypairToEncryptionKeypair, getSignPublicKeyFromPrivateKey, keypair,
 	boxUnseal, boxSeal, randomConnectionId, hashMin: defaultHashMin, hash: defaultHash,
 } = defaultCrypto;
 const x25519XChaChaPoly1305Algo = {
@@ -55,7 +55,7 @@ const ed25519Algo = {
 	signVerify,
 	signPrivateKeyToEncryptPrivateKey,
 	signPublicKeyToEncryptPublicKey,
-	signKeypairToEncryptKeypair,
+	signKeypairToEncryptionKeypair,
 	getSignPublicKeyFromPrivateKey,
 	safeMath: RistrettoPoint,
 	clientSessionKeys,
@@ -66,7 +66,9 @@ const xsalsa20Algo = {
 	boxUnseal
 };
 export const algorithms = {
-	x25519XChaChaPoly1305: x25519XChaChaPoly1305Algo,
+	'x25519-xchacha20-poly1305': x25519XChaChaPoly1305Algo,
+	ed25519: ed25519Algo,
+	xsalsa20: xsalsa20Algo,
 	version: {
 		1: {
 			0: x25519XChaChaPoly1305Algo,
@@ -82,24 +84,22 @@ export function getAlgorithm(cipherSuite, version) {
 	if (!cipherSuite) {
 		return false;
 	}
-	const algo = algorithms[version || currentVersion][cipherSuite];
-	if (algo) {
-		return algo;
+	if (hasValue(version)) {
+		return algorithms.version[version || currentVersion][cipherSuite];
+	} else {
+		return algorithms[cipherSuite];
 	}
 }
-export function processPublicKey(source) {
+export function processPublicKey(certificate) {
+	console.log('keypairType', certificate);
 	const {
-		publicKeyAlgorithm,
-		publicKeyCryptography,
-		encryptionKeypair,
-		keypair: {
-			privateKey,
-			publicKey
-		},
-	} = source;
-	console.log('keypairType', publicKeyAlgorithm);
+		publicKeyAlgorithm,		encryptionKeypair,
+		privateKey,
+		publicKey
+	} = certificate;
 	if (!encryptionKeypair && publicKeyAlgorithm === 'ed25519') {
 		if (publicKeyAlgorithm === 'ed25519') {
+			const publicKeyCryptography = getAlgorithm(publicKeyAlgorithm);
 			if (privateKey) {
 				return publicKeyCryptography.signKeypairToEncryptionKeypair({
 					publicKey,

diff --git a/udsp/encoding/decodePacket.js b/udsp/encoding/decodePacket.js
@@ -119,6 +119,7 @@ export async function decodePacket(config) {
 	info(`Receive Key ${toBase64(destination.sessionKeys.receiveKey)}`);
 	if (messageEncoded) {
 		info(`encrypted Message size ${messageEncoded.length}bytes`);
+		console.log(destination);
 		const decryptedMessage = cipherSuite.decrypt(packet[1], destination.sessionKeys, ad);
 		if (!decryptedMessage) {
 			return failed('Encryption failed');

diff --git a/udsp/server/clients/index.js b/udsp/server/clients/index.js
@@ -44,14 +44,20 @@ export class Client {
 		this.publicKeyCryptography = server.publicKeyCryptography;
 		this.encryptClientConnectionId = server.encryptClientConnectionId;
 		this.encryptServerConnectionId = server.encryptServerConnectionId;
+		return this.initialize(config);
+	}
+	initialize = initialize;
+	async calculatePacketOverhead() {
 		const {
 			maxPacketSize,
 			maxDataSize,
 			maxHeadSize,
 			maxPathSize,
 			maxParametersSize,
 			packetMaxPayloadSafeEstimate
-		} = server;
+		} = this.server();
+		const cipherSuite = this.cipherSuite;
+		const encryptOverhead = cipherSuite?.encrypt?.overhead || 0;
 		if (maxPacketSize) {
 			this.maxPacketSize = maxPacketSize;
 		}
@@ -70,7 +76,6 @@ export class Client {
 		if (packetMaxPayloadSafeEstimate) {
 			this.packetMaxPayloadSafeEstimate = packetMaxPayloadSafeEstimate;
 		}
-		return initialize(config, client);
 	}
 	async created() {
 		const server = this.server();
@@ -83,7 +88,7 @@ export class Client {
 		success(`socket EVENT -> connected - ID:${this.idString}`);
 	}
 	async generateSessionKeypair() {
-		const newKeypair = this.cryptography.keypair();
+		const newKeypair = this.cipherSuite.keypair();
 		this.newKeypair = newKeypair;
 		info(`socket EVENT -> reKey - ID:${this.idString}`);
 	}

diff --git a/udsp/server/clients/initialize.js b/udsp/server/clients/initialize.js
@@ -13,7 +13,7 @@ import {
 } from '@universalweb/acid';
 import { Client } from './index.js';
 import { getAlgorithm } from '../../cryptoMiddleware/index.js';
-export async function initialize(config, client) {
+export async function initialize(config) {
 	const {
 		packet: {
 			header: {
@@ -36,6 +36,7 @@ export async function initialize(config, client) {
 		address: ip,
 		port
 	} = connection;
+	const client = this;
 	let selectedCipherSuite = cipherSuite;
 	if (cipherSuites) {
 		const cipherSelection = intersection(cipherSuites, keys(server.ciphers));
@@ -48,6 +49,7 @@ export async function initialize(config, client) {
 	} else {
 		client.cipherSuite = getAlgorithm(server.cipherSuite);
 	}
+	client.calculatePacketOverhead();
 	client.certificate = server.certificate;
 	// When changing to a new key you must first create new keys from scratch to replace these.
 	client.keypair = server.keypair;

diff --git a/udsp/server/index.js b/udsp/server/index.js
@@ -26,8 +26,7 @@ import { requestMethods } from './methods/index.js';
 import { getCertificate, parseCertificate, loadCertificate } from '#certificate';
 import { randomBuffer, toBase64 } from '#crypto';
 import { UDSP } from '#udsp/base';
-import { UWCrypto } from '../cryptoMiddleware/index.js';
-import { processPublicKey, getAlgorithm } from '../cryptoMiddleware/index';
+import { processPublicKey, getAlgorithm } from '../cryptoMiddleware/index.js';
 const { seal } = Object;
 export class Server extends UDSP {
 	constructor(configuration) {
@@ -106,7 +105,7 @@ export class Server extends UDSP {
 			this.chunkCertificate();
 		}
 		if (this.certificate) {
-			this.publicKeyCryptography = getAlgorithm(this.certificate.publicKeyAlgorithm);
+			this.publicKeyCryptography = getAlgorithm(this.certificate.publicKeyAlgorithm, this.certificate.version);
 			const convertSignKeypairToEncryptionKeypair = processPublicKey(this.certificate);
 			if (convertSignKeypairToEncryptionKeypair) {
 				this.encryptionKeypair = convertSignKeypairToEncryptionKeypair;
@@ -126,8 +125,8 @@ export class Server extends UDSP {
 			} else if (encryptServerConnectionId) {
 				this.encryptServerConnectionId = true;
 			}
-			if (this.cryptography.connectionIdKeypair) {
-				this.connectionIdKeypair = this.cryptography.connectionIdKeypair;
+			if (this.certificate.connectionIdKeypair) {
+				this.connectionIdKeypair = this.certificate.connectionIdKeypair;
 			}
 		}
 	}

diff --git a/utilities/crypto.js b/utilities/crypto.js
@@ -257,7 +257,7 @@ export function signPrivateKeyToEncryptPrivateKey(originalPrivateKey) {
 	crypto_sign_ed25519_sk_to_curve25519(privateKey, originalPrivateKey);
 	return privateKey;
 }
-export function signKeypairToEncryptKeypair(originalKeypair) {
+export function signKeypairToEncryptionKeypair(originalKeypair) {
 	const publicKey = bufferAlloc(crypto_box_PUBLICKEYBYTES);
 	crypto_sign_ed25519_pk_to_curve25519(publicKey, originalKeypair.publicKey);
 	const result = {