Crypto Middleware Convert + Patches

New Certificate Format
Cleanup
seperate Encryption &  Connection ID keypairs

package.json

@@ -105,25 +105,19 @@
 		"access": "public"
 	},
 	"scripts": {
-		"cc": "nodemon ./client/createCertificate/index.js --watch ./client/createCertificate/",
 		"certificates": "nodemon ./scripts/certificates.js --watch ./scripts/certificates.js --watch ./certificates/ --watch ./utilities/",
-		"client": "nodemon udsp/client/index.js --watch client/",
-		"components": "nodemon ./browser/components/index.js --watch ./browser/components/source/ --watch ./browser/components/index.js",
-		"compressionTest": "nodemon scripts/compression.js --watch scripts/compression.js",
-		"dis": "nodemon ./DIS/index.js --watch ./server/ --watch ./DIS/",
 		"dist": "electron-builder",
 		"electron": "electron .",
 		"pack": "electron-builder --dir",
 		"server": "nodemon ./serverApp/index.js --watch ./udsp/ --watch ./serverApp/  --watch ./utilities/",
 		"simulate": "nodemon ./scripts/simulate.js --watch ./client/ --watch ./server/ --watch ./scripts/simulate.js --watch utilities/",
 		"simc": "nodemon ./scripts/simulateClient.js --watch ./udsp/ --watch ./scripts/simulateClient.js --watch ./utilities/ --delay 3",
 		"start": "nodemon --watch ./index.html --watch ./client/ --watch ./browser/ --watch ./main.js --exec 'electron .'",
-		"uwBridge": "nodemon ./uwBridge/index.js --watch ./uwBridge/",
 		"changelog": "auto-changelog -p --sort-commits date-desc && git add CHANGELOG.md",
 		"bumpVersion": "npm version patch --force && cd ./package/ && npm version patch --force"
 	},
 	"version": "1.3.2",
 	"devDependencies": {
 		"@electron-forge/cli": "^6.0.5"
 	}
-}
+}

scripts/certificates.js

@@ -19,12 +19,22 @@ const domainProfile = await createProfile({
 				signature: 'ed25519',
 				exchange: 'x25519',
 				curve: '25519',
+				// The cryptographic algo used, intended, and or generated with the provided public key
+				publicKeyType: 'ed25519',
 				// The purpose of encrypting connection IDs is to eliminate CID tracking and to constantly change how the CID looks.
 				// Encrypting CIDs protects against leaking smart CID routing information which show the endpoint server/process.
-				connectionID: {
-					// anonymous encryption of connectionIDs
-					encrypt: 'sealedbox',
-				}
+				// encryptConnectionId: 'sealedbox', Applies to both client and server connection ID
+				encryptClientConnectionId: 'sealedbox',
+				encryptServerConnectionId: 'sealedbox',
+				connectionIdKeypair: true,
+				// Max connection id size in bytes
+				maxConnectionIdSize: 64,
+				// Min connection id size in bytes
+				minConnectionIdSize: 64,
+				// Encrypt public key sent in the packet
+				encryptClientKey: 'sealedbox',
+				encryptServerKey: 'sealedbox',
+				encryptKeypair: true
 			},
 			ip: '::1',
 			port: 8888,
@@ -47,11 +57,6 @@ const domainProfile = await createProfile({
 				// When publicKey is set to true it will use the public key in the certificate as the main Viat wallet for the domain. If a string is provided then it would be the main wallet for the domain.
 				publicKey: true
 			},
-			// Must use either encryptConnectionId or (encryptClientId & encryptServerConnectionId)
-			encryptConnectionId: true,
-			encryptClientConnectionId: true,
-			encryptServerConnectionId: true,
-			encryptKeypair: true,
 			compression: true,
 			headerCompression: true,
 			autoLogin: true,

udsp/client/index.js

@@ -36,7 +36,7 @@ import { watch } from '#watch';
 import { send } from './send.js';
 import { emit } from './emit.js';
 import { request } from '#udsp/request';
-import { cryptography } from '#udsp/crypto';
+import { cryptography } from '#udsp/cryptography';
 import { processMessage } from './processMessage.js';
 import { onMessage } from './onPacket.js';
 import { connect as clientConnect } from './connect.js';
@@ -75,26 +75,22 @@ export class Client {
 		if (port) {
 			destination.port = port;
 		}
-		// console.log('Destination', destination.cryptography);
-		if (destination.cryptography) {
-			const cryptoConfig = assign({
-				generate: {
-					keypair: true,
-					connectionIdKeypair: true,
-					clientSessionKeys: true,
-				}
-			}, destination);
-			this.cryptography = await cryptography(cryptoConfig);
-		}
-		if (this.cryptography) {
-			this.destination.encryptKeypair = this.cryptography.generated.encryptKeypair;
-			if (this.encryptConnectionId) {
-				this.destination.connectionIdKeypair = this.cryptography.generated.connectionIdKeypair;
+		console.log('Destination', destination.cryptography);
+		const cryptoConfig = assign({
+			isClient: true,
+			generate: {
+				keypair: true,
+				connectionIdKeypair: true,
+				clientSessionKeys: true,
 			}
+		}, destination);
+		this.cryptography = await cryptography(cryptoConfig);
+		if (this.cryptography.encryptionKeypair) {
+			this.destination.encryptKeypair = this.cryptography.encryptionKeypair;
+		}
+		if (this.cryptography.connectionIdKeypair) {
+			this.destination.connectionIdKeypair = this.cryptography.connectionIdKeypair;
 		}
-		this.encryptConnectionId = destination.encryptConnectionId;
-		this.encryptClientId = destination.encryptClientId;
-		this.encryptServerId = destination.encryptServerId;
 		this.compression = destination.compression;
 		this.headerCompression = destination.headerCompression;
 		if (destination.autoLogin && this.autoLogin) {
@@ -126,6 +122,8 @@ export class Client {
 		console.log(this.cryptography);
 		if (!this.keyPair) {
 			this.keypair = this.cryptography.generated.keypair;
+			this.encryptKeypair = this.cryptography.generated.encryptKeypair;
+			this.connectionIdKeypair = this.cryptography.generated.connectionIdKeypair;
 		}
 		success(`Created Connection Keypair`);
 		this.sessionKeys = this.cryptography.generated.sessionKeys;

udsp/crypto.js → udsp/cryptography.js

@@ -52,26 +52,34 @@ import {
 	signKeypair, encryptKeypair, createSessionKey, clientSessionKeys,
 	serverSessionKeys, signPrivateKeyToEncryptPrivateKey, signPublicKeyToEncryptPublicKey,
 	signKeypairToEncryptKeypair, getSignPublicKeyFromPrivateKey, keypair,
-	boxUnseal, boxSeal
+	boxUnseal, boxSeal, randomConnectionId
 } from '#crypto';
 class Cryptography {
-	constructor(destination) {
-		this.config = destination;
-		console.log(destination);
+	constructor(config) {
+		this.config = config;
+		console.log(config);
+		const { cryptography: cryptographyConfig } = config;
 		let {
+			encryptClientConnectionId,
+			encryptServerConnectionId,
+			encryptServerKey,
+			encryptClientKey,
 			aead = 'xchacha20poly1305',
 			hash = 'blake2b',
 			signature = 'ed25519',
 			exchange = 'x25519',
-		} = destination.cryptography;
+		} = cryptographyConfig;
 		const {
-			connectionID,
+			maxConnectionIdLength,
+			encryptConnectionId,
+			encryptKey,
 			nonce,
 			alias,
 			curve,
-			convertEd25519ToX25519
-		} = destination.cryptography;
-		const { generate } = destination;
+			convertEd25519ToX25519,
+			connectionIdKeypair
+		} = cryptographyConfig;
+		const { generate } = config;
 		if (alias === 'default') {
 			aead = 'xchacha20poly1305';
 			signature = 'ed25519';
@@ -86,12 +94,9 @@ class Cryptography {
 				signature = 'ed25519';
 			}
 		}
-		if (isTrue(connectionID?.encrypt)) {
-			connectionID.encrypt = 'sealedbox';
-		}
 		if (aead === 'xchacha20poly1305') {
 			this.encryptMethod = encrypt;
-			this.encryptMethod = decrypt;
+			this.decryptMethod = decrypt;
 			this.nonceMethod = nonceBox;
 			this.createSecretKey = createSecretKey;
 			this.createSessionKey = createSessionKey;
@@ -107,48 +112,88 @@ class Cryptography {
 			this.signKeypairToEncryptKeypair = signKeypairToEncryptKeypair;
 			this.getSignPublicKeyFromPrivateKey = getSignPublicKeyFromPrivateKey;
 			this.safeMath = RistrettoPoint;
-			if (isTrue(destination.encryptKeypair)) {
-				this.generated.encryptKeypair = {
-					publicKey: this.signPublicKeyToEncryptPublicKey(destination.publicKey),
-				};
-			} else if (destination.encryptKeypair) {
-				this.generated.encryptKeypair = {
-					publicKey: destination.publicKey,
-				};
+			if (isTrue(cryptographyConfig.encryptKeypair)) {
+				if (config.privateKey) {
+					this.encryptionKeypair = signKeypairToEncryptKeypair({
+						publicKey: config.publicKey,
+						privateKey: config.privateKey
+					});
+				} else {
+					this.encryptionKeypair = signKeypairToEncryptKeypair({
+						publicKey: config.publicKey
+					});
+				}
+			} else if (cryptographyConfig.encryptKeypair) {
+				this.encryptionKeypair = config.encryptionKeypair;
 			}
 		}
 		if (exchange === 'x25519') {
 			this.signMethod = sign;
 			this.encryptKeypairMethod = encryptKeypair;
 			this.keypairMethod = keypair;
-			if (generate?.keypair) {
-				this.generated.keypair = this.keypair();
+		}
+		if (encryptConnectionId) {
+			if (!encryptClientConnectionId) {
+				encryptClientConnectionId = encryptConnectionId;
+			}
+			if (!encryptServerConnectionId) {
+				encryptServerConnectionId = encryptConnectionId;
 			}
 		}
-		if (isTrue(convertEd25519ToX25519)) {
-			this.generated.encryptKeypair = {
-				publicKey: this.signPublicKeyToEncryptPublicKey(destination.publicKey),
-			};
+		if (encryptClientConnectionId === 'sealedbox') {
+			this.encryptClientConnectionId = boxSeal;
+			this.decryptClientConnectionId = boxUnseal;
 		}
-		if (connectionID) {
-			if (connectionID.encrypt === 'sealedbox') {
-				this.boxSeal = boxSeal;
-				this.boxUnseal = boxUnseal;
-				if (generate?.connectionIdKeypair) {
-					this.generated.connectionIdKeypair = this.generated.keypair;
-				}
+		if (encryptServerConnectionId === 'sealedbox') {
+			this.encryptServerConnectionId = boxSeal;
+			this.decryptServerConnectionId = boxUnseal;
+		}
+		if (encryptClientConnectionId || encryptServerConnectionId) {
+			if (isTrue(connectionIdKeypair)) {
+				this.connectionIdKeypair = this.encryptionKeypair;
+			} else if (connectionIdKeypair) {
+				this.connectionIdKeypair = connectionIdKeypair;
 			}
 		}
+		if (encryptKey) {
+			encryptClientKey = encryptKey;
+			encryptServerKey = encryptKey;
+		}
+		if (encryptClientKey === 'sealedbox') {
+			this.encryptClientKey = boxSeal;
+			this.decryptClientKey = boxUnseal;
+		}
+		if (encryptServerKey === 'sealedbox') {
+			this.encryptServerKey = boxSeal;
+			this.decryptServerKey = boxUnseal;
+		}
 		if (hash === 'blake3') {
 			this.hashMethod = blake3;
 		}
+		if (generate?.keypair) {
+			this.generated.keypair = this.keypair();
+			this.generated.connectionIdKeypair = this.generated.keypair;
+			this.generated.encryptKeypair = this.generated.keypair;
+		}
 		if (generate?.clientSessionKeys) {
-			console.log(this.generated);
-			this.generated.sessionKeys = this.clientSessionKeys(this.generated.keypair, this.generated.encryptKeypair.publicKey);
+			console.log(this.encryptionKeypair);
+			this.generated.sessionKeys = this.clientSessionKeys(this.generated.keypair, this.encryptionKeypair.publicKey);
 		}
+		assign(this.config, {
+			encryptClientConnectionId,
+			encryptServerConnectionId,
+			encryptConnectionId,
+			encryptClientKey,
+			encryptServerKey
+		});
 		return this.initialize();
 	}
-	generated = {};
+	generated = {
+		destination: {}
+	};
+	generateConnectionID() {
+		const randomPortion = randomConnectionId(16);
+	}
 	signKeypair(...args) {
 		return this.signKeypairMethod(...args);
 	}
@@ -170,8 +215,8 @@ class Cryptography {
 	encrypt(...args) {
 		return this.encryptMethod(...args);
 	}
-	dencrypt(...args) {
-		return this.dencryptMethod(...args);
+	decrypt(...args) {
+		return this.decryptMethod(...args);
 	}
 	convertSignKeypair(...args) {
 		return this.convertSignKeypairMethod(...args);