diff --git a/package.json b/package.json index 0e0c2db3..edd6e971 100644 --- a/package.json +++ b/package.json @@ -105,12 +105,7 @@ "access": "public" }, "scripts": { - "cc": "nodemon ./client/createCertificate/index.js --watch ./client/createCertificate/", "certificates": "nodemon ./scripts/certificates.js --watch ./scripts/certificates.js --watch ./certificates/ --watch ./utilities/", - "client": "nodemon udsp/client/index.js --watch client/", - "components": "nodemon ./browser/components/index.js --watch ./browser/components/source/ --watch ./browser/components/index.js", - "compressionTest": "nodemon scripts/compression.js --watch scripts/compression.js", - "dis": "nodemon ./DIS/index.js --watch ./server/ --watch ./DIS/", "dist": "electron-builder", "electron": "electron .", "pack": "electron-builder --dir", @@ -118,7 +113,6 @@ "simulate": "nodemon ./scripts/simulate.js --watch ./client/ --watch ./server/ --watch ./scripts/simulate.js --watch utilities/", "simc": "nodemon ./scripts/simulateClient.js --watch ./udsp/ --watch ./scripts/simulateClient.js --watch ./utilities/ --delay 3", "start": "nodemon --watch ./index.html --watch ./client/ --watch ./browser/ --watch ./main.js --exec 'electron .'", - "uwBridge": "nodemon ./uwBridge/index.js --watch ./uwBridge/", "changelog": "auto-changelog -p --sort-commits date-desc && git add CHANGELOG.md", "bumpVersion": "npm version patch --force && cd ./package/ && npm version patch --force" }, @@ -126,4 +120,4 @@ "devDependencies": { "@electron-forge/cli": "^6.0.5" } -} +} \ No newline at end of file diff --git a/profiles/default-Ephemeral.cert b/profiles/default-Ephemeral.cert index fd9b75fb..efa399c2 100644 Binary files a/profiles/default-Ephemeral.cert and b/profiles/default-Ephemeral.cert differ diff --git a/profiles/default-EphemeralPublic.cert b/profiles/default-EphemeralPublic.cert index cb5540ba..7e843446 100644 Binary files a/profiles/default-EphemeralPublic.cert and b/profiles/default-EphemeralPublic.cert differ diff --git a/profiles/default-Master.cert b/profiles/default-Master.cert index aac17380..9b7006d2 100644 Binary files a/profiles/default-Master.cert and b/profiles/default-Master.cert differ diff --git a/profiles/default-MasterPublic.cert b/profiles/default-MasterPublic.cert index 3b3ace92..15c47841 100644 Binary files a/profiles/default-MasterPublic.cert and b/profiles/default-MasterPublic.cert differ diff --git a/profiles/default-Profile.cert b/profiles/default-Profile.cert index bd8272a8..e2c130fb 100644 Binary files a/profiles/default-Profile.cert and b/profiles/default-Profile.cert differ diff --git a/scripts/certificates.js b/scripts/certificates.js index b5660577..9cadbb91 100644 --- a/scripts/certificates.js +++ b/scripts/certificates.js @@ -19,12 +19,22 @@ const domainProfile = await createProfile({ signature: 'ed25519', exchange: 'x25519', curve: '25519', + // The cryptographic algo used, intended, and or generated with the provided public key + publicKeyType: 'ed25519', // The purpose of encrypting connection IDs is to eliminate CID tracking and to constantly change how the CID looks. // Encrypting CIDs protects against leaking smart CID routing information which show the endpoint server/process. - connectionID: { - // anonymous encryption of connectionIDs - encrypt: 'sealedbox', - } + // encryptConnectionId: 'sealedbox', Applies to both client and server connection ID + encryptClientConnectionId: 'sealedbox', + encryptServerConnectionId: 'sealedbox', + connectionIdKeypair: true, + // Max connection id size in bytes + maxConnectionIdSize: 64, + // Min connection id size in bytes + minConnectionIdSize: 64, + // Encrypt public key sent in the packet + encryptClientKey: 'sealedbox', + encryptServerKey: 'sealedbox', + encryptKeypair: true }, ip: '::1', port: 8888, @@ -47,11 +57,6 @@ const domainProfile = await createProfile({ // When publicKey is set to true it will use the public key in the certificate as the main Viat wallet for the domain. If a string is provided then it would be the main wallet for the domain. publicKey: true }, - // Must use either encryptConnectionId or (encryptClientId & encryptServerConnectionId) - encryptConnectionId: true, - encryptClientConnectionId: true, - encryptServerConnectionId: true, - encryptKeypair: true, compression: true, headerCompression: true, autoLogin: true, diff --git a/services/universal.web-Ephemeral.cert b/services/universal.web-Ephemeral.cert index 9fa6b47b..2bf5b9dd 100644 Binary files a/services/universal.web-Ephemeral.cert and b/services/universal.web-Ephemeral.cert differ diff --git a/services/universal.web-EphemeralPublic.cert b/services/universal.web-EphemeralPublic.cert index 774dfd2b..c786d17e 100644 Binary files a/services/universal.web-EphemeralPublic.cert and b/services/universal.web-EphemeralPublic.cert differ diff --git a/services/universal.web-Master.cert b/services/universal.web-Master.cert index 39165822..2962c4cb 100644 Binary files a/services/universal.web-Master.cert and b/services/universal.web-Master.cert differ diff --git a/services/universal.web-MasterPublic.cert b/services/universal.web-MasterPublic.cert index 7af61cbb..4be01a2d 100644 Binary files a/services/universal.web-MasterPublic.cert and b/services/universal.web-MasterPublic.cert differ diff --git a/services/universal.web-Profile.cert b/services/universal.web-Profile.cert index 2cc58b3a..0f21ebdf 100644 Binary files a/services/universal.web-Profile.cert and b/services/universal.web-Profile.cert differ diff --git a/udsp/client/index.js b/udsp/client/index.js index 607f6739..5b3614aa 100644 --- a/udsp/client/index.js +++ b/udsp/client/index.js @@ -36,7 +36,7 @@ import { watch } from '#watch'; import { send } from './send.js'; import { emit } from './emit.js'; import { request } from '#udsp/request'; -import { cryptography } from '#udsp/crypto'; +import { cryptography } from '#udsp/cryptography'; import { processMessage } from './processMessage.js'; import { onMessage } from './onPacket.js'; import { connect as clientConnect } from './connect.js'; @@ -75,26 +75,22 @@ export class Client { if (port) { destination.port = port; } - // console.log('Destination', destination.cryptography); - if (destination.cryptography) { - const cryptoConfig = assign({ - generate: { - keypair: true, - connectionIdKeypair: true, - clientSessionKeys: true, - } - }, destination); - this.cryptography = await cryptography(cryptoConfig); - } - if (this.cryptography) { - this.destination.encryptKeypair = this.cryptography.generated.encryptKeypair; - if (this.encryptConnectionId) { - this.destination.connectionIdKeypair = this.cryptography.generated.connectionIdKeypair; + console.log('Destination', destination.cryptography); + const cryptoConfig = assign({ + isClient: true, + generate: { + keypair: true, + connectionIdKeypair: true, + clientSessionKeys: true, } + }, destination); + this.cryptography = await cryptography(cryptoConfig); + if (this.cryptography.encryptionKeypair) { + this.destination.encryptKeypair = this.cryptography.encryptionKeypair; + } + if (this.cryptography.connectionIdKeypair) { + this.destination.connectionIdKeypair = this.cryptography.connectionIdKeypair; } - this.encryptConnectionId = destination.encryptConnectionId; - this.encryptClientId = destination.encryptClientId; - this.encryptServerId = destination.encryptServerId; this.compression = destination.compression; this.headerCompression = destination.headerCompression; if (destination.autoLogin && this.autoLogin) { @@ -126,6 +122,8 @@ export class Client { console.log(this.cryptography); if (!this.keyPair) { this.keypair = this.cryptography.generated.keypair; + this.encryptKeypair = this.cryptography.generated.encryptKeypair; + this.connectionIdKeypair = this.cryptography.generated.connectionIdKeypair; } success(`Created Connection Keypair`); this.sessionKeys = this.cryptography.generated.sessionKeys; diff --git a/udsp/crypto.js b/udsp/cryptography.js similarity index 60% rename from udsp/crypto.js rename to udsp/cryptography.js index c2cd5519..1e36f721 100644 --- a/udsp/crypto.js +++ b/udsp/cryptography.js @@ -52,26 +52,34 @@ import { signKeypair, encryptKeypair, createSessionKey, clientSessionKeys, serverSessionKeys, signPrivateKeyToEncryptPrivateKey, signPublicKeyToEncryptPublicKey, signKeypairToEncryptKeypair, getSignPublicKeyFromPrivateKey, keypair, - boxUnseal, boxSeal + boxUnseal, boxSeal, randomConnectionId } from '#crypto'; class Cryptography { - constructor(destination) { - this.config = destination; - console.log(destination); + constructor(config) { + this.config = config; + console.log(config); + const { cryptography: cryptographyConfig } = config; let { + encryptClientConnectionId, + encryptServerConnectionId, + encryptServerKey, + encryptClientKey, aead = 'xchacha20poly1305', hash = 'blake2b', signature = 'ed25519', exchange = 'x25519', - } = destination.cryptography; + } = cryptographyConfig; const { - connectionID, + maxConnectionIdLength, + encryptConnectionId, + encryptKey, nonce, alias, curve, - convertEd25519ToX25519 - } = destination.cryptography; - const { generate } = destination; + convertEd25519ToX25519, + connectionIdKeypair + } = cryptographyConfig; + const { generate } = config; if (alias === 'default') { aead = 'xchacha20poly1305'; signature = 'ed25519'; @@ -86,12 +94,9 @@ class Cryptography { signature = 'ed25519'; } } - if (isTrue(connectionID?.encrypt)) { - connectionID.encrypt = 'sealedbox'; - } if (aead === 'xchacha20poly1305') { this.encryptMethod = encrypt; - this.encryptMethod = decrypt; + this.decryptMethod = decrypt; this.nonceMethod = nonceBox; this.createSecretKey = createSecretKey; this.createSessionKey = createSessionKey; @@ -107,48 +112,88 @@ class Cryptography { this.signKeypairToEncryptKeypair = signKeypairToEncryptKeypair; this.getSignPublicKeyFromPrivateKey = getSignPublicKeyFromPrivateKey; this.safeMath = RistrettoPoint; - if (isTrue(destination.encryptKeypair)) { - this.generated.encryptKeypair = { - publicKey: this.signPublicKeyToEncryptPublicKey(destination.publicKey), - }; - } else if (destination.encryptKeypair) { - this.generated.encryptKeypair = { - publicKey: destination.publicKey, - }; + if (isTrue(cryptographyConfig.encryptKeypair)) { + if (config.privateKey) { + this.encryptionKeypair = signKeypairToEncryptKeypair({ + publicKey: config.publicKey, + privateKey: config.privateKey + }); + } else { + this.encryptionKeypair = signKeypairToEncryptKeypair({ + publicKey: config.publicKey + }); + } + } else if (cryptographyConfig.encryptKeypair) { + this.encryptionKeypair = config.encryptionKeypair; } } if (exchange === 'x25519') { this.signMethod = sign; this.encryptKeypairMethod = encryptKeypair; this.keypairMethod = keypair; - if (generate?.keypair) { - this.generated.keypair = this.keypair(); + } + if (encryptConnectionId) { + if (!encryptClientConnectionId) { + encryptClientConnectionId = encryptConnectionId; + } + if (!encryptServerConnectionId) { + encryptServerConnectionId = encryptConnectionId; } } - if (isTrue(convertEd25519ToX25519)) { - this.generated.encryptKeypair = { - publicKey: this.signPublicKeyToEncryptPublicKey(destination.publicKey), - }; + if (encryptClientConnectionId === 'sealedbox') { + this.encryptClientConnectionId = boxSeal; + this.decryptClientConnectionId = boxUnseal; } - if (connectionID) { - if (connectionID.encrypt === 'sealedbox') { - this.boxSeal = boxSeal; - this.boxUnseal = boxUnseal; - if (generate?.connectionIdKeypair) { - this.generated.connectionIdKeypair = this.generated.keypair; - } + if (encryptServerConnectionId === 'sealedbox') { + this.encryptServerConnectionId = boxSeal; + this.decryptServerConnectionId = boxUnseal; + } + if (encryptClientConnectionId || encryptServerConnectionId) { + if (isTrue(connectionIdKeypair)) { + this.connectionIdKeypair = this.encryptionKeypair; + } else if (connectionIdKeypair) { + this.connectionIdKeypair = connectionIdKeypair; } } + if (encryptKey) { + encryptClientKey = encryptKey; + encryptServerKey = encryptKey; + } + if (encryptClientKey === 'sealedbox') { + this.encryptClientKey = boxSeal; + this.decryptClientKey = boxUnseal; + } + if (encryptServerKey === 'sealedbox') { + this.encryptServerKey = boxSeal; + this.decryptServerKey = boxUnseal; + } if (hash === 'blake3') { this.hashMethod = blake3; } + if (generate?.keypair) { + this.generated.keypair = this.keypair(); + this.generated.connectionIdKeypair = this.generated.keypair; + this.generated.encryptKeypair = this.generated.keypair; + } if (generate?.clientSessionKeys) { - console.log(this.generated); - this.generated.sessionKeys = this.clientSessionKeys(this.generated.keypair, this.generated.encryptKeypair.publicKey); + console.log(this.encryptionKeypair); + this.generated.sessionKeys = this.clientSessionKeys(this.generated.keypair, this.encryptionKeypair.publicKey); } + assign(this.config, { + encryptClientConnectionId, + encryptServerConnectionId, + encryptConnectionId, + encryptClientKey, + encryptServerKey + }); return this.initialize(); } - generated = {}; + generated = { + destination: {} + }; + generateConnectionID() { + const randomPortion = randomConnectionId(16); + } signKeypair(...args) { return this.signKeypairMethod(...args); } @@ -170,8 +215,8 @@ class Cryptography { encrypt(...args) { return this.encryptMethod(...args); } - dencrypt(...args) { - return this.dencryptMethod(...args); + decrypt(...args) { + return this.decryptMethod(...args); } convertSignKeypair(...args) { return this.convertSignKeypairMethod(...args); diff --git a/udsp/decodePacket.js b/udsp/decodePacket.js index a09a9991..c3345295 100644 --- a/udsp/decodePacket.js +++ b/udsp/decodePacket.js @@ -2,10 +2,8 @@ import { success, failed, imported, msgSent, info, msgReceived } from '#logs'; import { decode, } from 'msgpackr'; -import { assign, isBuffer, } from '@universalweb/acid'; -import { - encrypt, toBase64, decrypt, boxUnseal -} from '#crypto'; +import { assign, isBuffer, isArray } from '@universalweb/acid'; +import { toBase64 } from '#crypto'; import { createClient } from './server/clients/index.js'; export async function decodePacketHeaders(config) { const { @@ -13,16 +11,31 @@ export async function decodePacketHeaders(config) { destination, packet: packetEncoded } = config; - const { encryptKeypair } = destination; + const { + encryptKeypair, + connectionIdKeypair, + cryptography, + state, + isClient, + isServer, + isServerEnd, + isServerClient + } = destination; if (packetEncoded.length >= 1350) { console.log(packetEncoded); failed(`WARNING: Packet size is larger than max allowed size 1350 -> ${packetEncoded.length} over by ${packetEncoded.length - 1350}`); } - const encryptConnectionId = destination.encryptConnectionId; + let encryptConnectionId; + if (isServerEnd) { + encryptConnectionId = cryptography.config.encryptServerConnectionId; + } else { + encryptConnectionId = cryptography.config.encryptClientConnectionId; + } info(`encryptConnectionId ${encryptConnectionId}`); const client = config.client; info(`Packet Encoded Size ${packetEncoded.length}`); const packet = decode(packetEncoded); + config.packet = packet; info(`Packet Decoded Array Size ${packet.length}`); const headersEncoded = packet[0]; info(`headersEncoded Size ${headersEncoded.length}`); @@ -47,15 +60,24 @@ export async function decodePacketHeaders(config) { return failed(`No connection id in headers -> Invalid Packet`); } let headerId; - if (headerIdEncoded.length > 24) { + if (encryptConnectionId) { success('Server Connection ID Decrypted'); - headerId = boxUnseal(headerIdEncoded, encryptKeypair); + // console.log(destination); + if (encryptConnectionId === 'sealedbox') { + if (isServerEnd) { + headerId = cryptography.decryptServerConnectionId(headerIdEncoded, connectionIdKeypair); + } else { + headerId = cryptography.decryptClientConnectionId(headerIdEncoded, connectionIdKeypair); + } + } if (!headerId) { - return failed(headerIdEncoded, 'Packet ID Decrypt Failed'); + return failed(`Packet ID Decrypt Failed method given:${encryptConnectionId}`); } info(`clientId: ${toBase64(headerId)}`); if (isHeadersBuffer) { - config.packetDecoded.headers = headerId; + config.packetDecoded = { + headers: headerId + }; return true; } else { headers.id = headerId; @@ -66,19 +88,32 @@ export async function decodePacketHeaders(config) { if (headers.key) { success(`Public Key is given -> Processing as create client`); console.log(toBase64(encryptKeypair.publicKey)); - const publicKey = boxUnseal(headers.key, destination.encryptKeypair); + const { + encryptClientKey, + encryptServerKey + } = cryptography.config; + let publicKey; + if (isClient) { + if (encryptClientKey === 'sealedbox') { + publicKey = cryptography.decryptServerKey(headers.key, destination.encryptKeypair); + } + } + if (isServerEnd) { + if (encryptServerKey === 'sealedbox') { + publicKey = cryptography.decryptClientKey(headers.key, destination.encryptKeypair); + } + } if (!publicKey) { - return failed(publicKey, 'Client Key Decrypt Failed'); + return failed('Client Key Decrypt Failed'); } headers.key = publicKey; } else { success(`No Public Key is given -> Processing as a message`); } - console.log(headers); + // console.log(headers); config.packetDecoded = { headers }; - config.packet = packet; return true; } export async function decodePacket(config) { @@ -89,6 +124,7 @@ export async function decodePacket(config) { packetDecoded, packetDecoded: { headers, } } = config; + const { cryptography, } = destination; const footer = packet[2] && decode(packet[2]); if (packet[2] && !footer) { return failed(`Footer failed to decode -> Invalid Packet`); @@ -101,7 +137,7 @@ export async function decodePacket(config) { return failed(`No Encrypted Message - failed to decode -> Invalid Packet`); } info(`encryptedMessage ${packet[1].length} bytes`); - const decryptedMessage = decrypt(packet[1], destination.sessionKeys, ad); + const decryptedMessage = cryptography.decrypt(packet[1], destination.sessionKeys, ad); if (!decryptedMessage) { return failed('Encryption failed'); } diff --git a/udsp/encodePacket.js b/udsp/encodePacket.js index 48ffd787..5014a71a 100644 --- a/udsp/encodePacket.js +++ b/udsp/encodePacket.js @@ -11,14 +11,7 @@ import { omit, objectSize } from '@universalweb/acid'; -import { - encrypt, - nonceBox, - randomize, - toBase64, - signDetached, - boxSeal, -} from '#crypto'; +import { toBase64 } from '#crypto'; export async function encodePacket(config) { success(`PROCESSING ENCODE PACKET`); const { @@ -34,23 +27,58 @@ export async function encodePacket(config) { state, isClient, isServer, + isServerEnd, isServerClient } = source; const destination = source.destination || config.destination; let id = destination.id || source.id; - const encryptConnectionId = (isServer || isServerClient) ? source.encryptConnectionId : destination.encryptConnectionId; + const { cryptography } = source; + let encryptConnectionId; + if (isServerEnd) { + encryptConnectionId = cryptography.config.encryptClientConnectionId; + } else { + encryptConnectionId = cryptography.config.encryptServerConnectionId; + } if (!id) { return console.error(`ID IS'T ASSIGNED`); } if (encryptConnectionId) { - id = boxSeal(id, destination.encryptKeypair); + // console.log(destination); + if (encryptConnectionId === 'sealedbox') { + if (isServerEnd) { + id = cryptography.encryptClientConnectionId(id, destination.connectionIdKeypair); + } else { + id = cryptography.encryptServerConnectionId(id, destination.connectionIdKeypair); + } + } + if (!id) { + return console.error(`Connection ID Encrypt failed method given ${encryptConnectionId}`); + } } headers.id = id; message.t = Date.now(); if (isClient) { if (state === 0) { console.log('DESTINATION ENCRYPT PUBLIC KEY', toBase64(destination.encryptKeypair.publicKey)); - headers.key = boxSeal(source.keypair.publicKey, destination.encryptKeypair); + if (!headers.key) { + headers.key = source.encryptKeypair.publicKey; + } + } + } + if (headers.key) { + const { + encryptClientKey, + encryptServerKey + } = cryptography.config; + if (isClient) { + if (encryptClientKey === 'sealedbox') { + headers.key = cryptography.encryptClientKey(headers.key, destination.encryptKeypair); + } + } + if (isServerEnd) { + if (encryptServerKey === 'sealedbox') { + headers.key = cryptography.encryptServerKey(headers.key, destination.encryptKeypair); + } } } if (options) { @@ -59,7 +87,7 @@ export async function encodePacket(config) { const headersEncoded = (objectSize(headers) === 1 && headers.id) ? encode(id) : encode(headers); const messageEncoded = encode(message); const ad = (footer) ? Buffer.concat([headersEncoded, footer]) : headersEncoded; - const encryptedMessage = encrypt(messageEncoded, source.sessionKeys, ad); + const encryptedMessage = cryptography.encrypt(messageEncoded, source.sessionKeys, ad); if (!encryptedMessage) { return failed('Encryption failed'); } diff --git a/udsp/server/clients/index.js b/udsp/server/clients/index.js index abcd092b..8147f0ba 100644 --- a/udsp/server/clients/index.js +++ b/udsp/server/clients/index.js @@ -70,6 +70,7 @@ export class Client { descriptor = `Server's client`; type = 'serverClient'; isServerClient = true; + isServerEnd = true; pending = false; replyQueue = construct(Map); packetIdGenerator = construct(UniqID); diff --git a/udsp/server/clients/initialize.js b/udsp/server/clients/initialize.js index 297cbb34..74db7b7f 100644 --- a/udsp/server/clients/initialize.js +++ b/udsp/server/clients/initialize.js @@ -31,10 +31,13 @@ export async function initialize(config, client) { address: ip, port } = connection; + client.cryptography = cryptography; // When changing to a new sessionKeys you must first create new keys from scratch to replace these. client.sessionKeys = cryptography.serverSessionKeys(encryptKeypair, publicKey); // When changing to a new key you must first create new keys from scratch to replace these. - client.keypair = encryptKeypair; + client.keypair = server.keypair; + client.encryptKeypair = server.encryptKeypair; + client.connectionIdKeypair = server.connectionIdKeypair; success(`key: ${toBase64(publicKey)}`); success(`receiveKey: ${toBase64(client.sessionKeys.receiveKey)}`); success(`transmitKey: ${toBase64(client.sessionKeys.transmitKey)}`); @@ -69,7 +72,12 @@ export async function initialize(config, client) { this.encryptConnectionId = true; } client.destination = { - publicKey, + encryptKeypair: { + publicKey + }, + connectionIdKeypair: { + publicKey + }, ip, port, id: clientId diff --git a/udsp/server/index.js b/udsp/server/index.js index 02cb0594..ebf803e3 100644 --- a/udsp/server/index.js +++ b/udsp/server/index.js @@ -26,7 +26,7 @@ import { sendPacket } from '#udsp/sendPacket'; import { actions } from './actions/index.js'; import { getCertificate, parseCertificate } from '#certificate'; import { randomConnectionId, signKeypairToEncryptKeypair } from '#crypto'; -import { cryptography } from '#udsp/crypto'; +import { cryptography } from '#udsp/cryptography'; const { seal } = Object; /* * socket ID: SID @@ -64,30 +64,22 @@ export class Server { publicKey: this.certificate.publicKey, privateKey: this.certificate.privateKey, }; - if (isTrue(this.certificate.encryptKeypair)) { - this.encryptKeypair = signKeypairToEncryptKeypair(this.keypair); - } if (this.certificate.ipVersion) { this.ipVersion = this.certificate.ipVersion; } } if (this.certificate.cryptography) { const cryptoConfig = assign({ - convertEd25519ToX25519: true, + keypair: this.keypair, + connectionIdKeypair: this.connectionIdKeypair, }, this.certificate); this.cryptography = await cryptography(cryptoConfig); - } - if (this.connectionIdCertificate) { - this.connectionIdCertificate = await getCertificate(this.connectionIdCertificate); - } else if (this.certificate.encryptConnectionId) { - this.connectionIdKeypair = this.certificate.connectionIdKeypair; - } - if (this.connectionIdKeypair) { - this.encryptConnectionId = true; - this.connectionIdKeypair = { - publicKey: this.connectionIdKeypair.publicKey, - privateKey: this.connectionIdKeypair.privateKey, - }; + if (this.cryptography.encryptionKeypair) { + this.encryptKeypair = this.cryptography.encryptionKeypair; + } + if (this.cryptography.connectionIdKeypair) { + this.connectionIdKeypair = this.cryptography.connectionIdKeypair; + } } } async configureNetwork() { @@ -164,6 +156,7 @@ export class Server { description = `The Universal Web's UDSP server module.`; descriptor = 'UWServer'; isServer = true; + isServerEnd = true; defaultExtension = 'js'; port = 80; ip = '::1'; diff --git a/utilities/crypto.js b/utilities/crypto.js index 232464f5..2d91fa1d 100644 --- a/utilities/crypto.js +++ b/utilities/crypto.js @@ -258,13 +258,16 @@ export function signPrivateKeyToEncryptPrivateKey(originalPrivateKey) { } export function signKeypairToEncryptKeypair(originalKeypair) { const publicKey = bufferAlloc(crypto_box_PUBLICKEYBYTES); - const privateKey = bufferAlloc(crypto_box_SECRETKEYBYTES); crypto_sign_ed25519_pk_to_curve25519(publicKey, originalKeypair.publicKey); - crypto_sign_ed25519_sk_to_curve25519(privateKey, originalKeypair.privateKey); - return { - publicKey, - privateKey + const result = { + publicKey }; + if (originalKeypair.privateKey) { + const privateKey = bufferAlloc(crypto_box_SECRETKEYBYTES); + crypto_sign_ed25519_sk_to_curve25519(privateKey, originalKeypair.privateKey); + result.privateKey = privateKey; + } + return result; } export function getSignPublicKeyFromPrivateKey(privateKey) { const publicKey = bufferAlloc(crypto_box_PUBLICKEYBYTES);