feat(p2p/webrtc): signal encryption

binier · binier · commit 2d75c352142a · 2024-10-15T15:42:20.000+04:00
re: #772
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/node/native/src/http_server.rs b/node/native/src/http_server.rs
@@ -65,6 +65,9 @@ pub async fn run(port: u16, rpc_sender: RpcSender) {
                                     false => StatusCode::OK,
                                     true => StatusCode::BAD_REQUEST,
                                 },
+                                P2pConnectionResponse::SignalDecryptionFailed => {
+                                    StatusCode::BAD_REQUEST
+                                }
                                 P2pConnectionResponse::InternalError => {
                                     StatusCode::INTERNAL_SERVER_ERROR
                                 }
diff --git a/node/src/event_source/event_source_effects.rs b/node/src/event_source/event_source_effects.rs
@@ -158,6 +158,12 @@ pub fn event_source_effects<S: Service>(store: &mut Store<S>, action: EventSourc
                                 error: P2pConnectionErrorResponse::Rejected(reason),
                             });
                         }
+                        P2pConnectionResponse::SignalDecryptionFailed => {
+                            store.dispatch(P2pConnectionOutgoingAction::AnswerRecvError {
+                                peer_id,
+                                error: P2pConnectionErrorResponse::SignalDecryptionFailed,
+                            });
+                        }
                         P2pConnectionResponse::InternalError => {
                             store.dispatch(P2pConnectionOutgoingAction::AnswerRecvError {
                                 peer_id,
diff --git a/node/src/rpc/rpc_effects.rs b/node/src/rpc/rpc_effects.rs
@@ -293,8 +293,11 @@ pub fn rpc_effects<S: Service>(store: &mut Store<S>, action: RpcActionWithMeta)
         RpcAction::P2pConnectionIncomingRespond { rpc_id, response } => {
             let error = match &response {
                 P2pConnectionResponse::Accepted(_) => None,
-                P2pConnectionResponse::InternalError => Some("RemoteInternalError".to_owned()),
                 P2pConnectionResponse::Rejected(reason) => Some(format!("Rejected({:?})", reason)),
+                P2pConnectionResponse::SignalDecryptionFailed => {
+                    Some("RemoteSignalDecryptionFailed".to_owned())
+                }
+                P2pConnectionResponse::InternalError => Some("RemoteInternalError".to_owned()),
             };
             let _ = store
                 .service
diff --git a/p2p/Cargo.toml b/p2p/Cargo.toml
@@ -23,8 +23,9 @@ cfg-if = "1.0.0"
 url = "2.3.1"
 multihash = "0.18.1"
 sha2 = "0.10.6"
-# ecies-ed25519 = "0.5.1"
 ed25519-dalek = { version = "2.1.1", features = ["serde"] }
+x25519-dalek = { version = "2.0.1", features = ["static_secrets"] }
+aes-gcm = "0.10.3"
 faster-stun = { version = "1.0.1", optional = true }
 reqwest = { version = "0.11.22", optional = true }
 unsigned-varint = { version = "0.8.0" }
diff --git a/p2p/src/connection/mod.rs b/p2p/src/connection/mod.rs
@@ -17,55 +17,14 @@ pub use p2p_connection_service::*;
 
 use serde::{Deserialize, Serialize};
 
-use crate::webrtc;
-
-#[derive(Serialize, Deserialize, Eq, PartialEq, Debug, Clone, Copy, thiserror::Error)]
-pub enum RejectionReason {
-    #[error("peer_id does not match peer's public key")]
-    PeerIdAndPublicKeyMismatch,
-    #[error("target peer_id is not local node's peer_id")]
-    TargetPeerIdNotMe,
-    #[error("too many peers")]
-    PeerCapacityFull,
-    #[error("peer already connected")]
-    AlreadyConnected,
-    #[error("self connection detected")]
-    ConnectingToSelf,
-}
-
-impl RejectionReason {
-    pub fn is_bad(&self) -> bool {
-        match self {
-            Self::PeerIdAndPublicKeyMismatch => true,
-            Self::TargetPeerIdNotMe => true,
-            Self::PeerCapacityFull => false,
-            Self::AlreadyConnected => true,
-            Self::ConnectingToSelf => false,
-        }
-    }
-}
+pub use crate::webrtc::{Answer, Offer, P2pConnectionResponse, RejectionReason};
 
 #[derive(Serialize, Deserialize, Debug, Clone, thiserror::Error)]
 pub enum P2pConnectionErrorResponse {
     #[error("connection rejected: {0}")]
     Rejected(RejectionReason),
+    #[error("signal decryption failed")]
+    SignalDecryptionFailed,
     #[error("internal error")]
     InternalError,
 }
-
-#[derive(Serialize, Deserialize, Debug, Clone)]
-pub enum P2pConnectionResponse {
-    Accepted(Box<webrtc::Answer>),
-    Rejected(RejectionReason),
-    InternalError,
-}
-
-impl P2pConnectionResponse {
-    pub fn internal_error_str() -> &'static str {
-        "InternalError"
-    }
-
-    pub fn internal_error_json_str() -> &'static str {
-        "\"InternalError\""
-    }
-}
diff --git a/p2p/src/connection/outgoing/p2p_connection_outgoing_actions.rs b/p2p/src/connection/outgoing/p2p_connection_outgoing_actions.rs
@@ -189,6 +189,7 @@ impl redux::EnablingCondition<P2pState> for P2pConnectionOutgoingAction {
                             matches!(s, P2pConnectionOutgoingState::OfferSdpCreatePending { .. })
                         }
                         P2pConnectionOutgoingError::Rejected(_)
+                        | P2pConnectionOutgoingError::RemoteSignalDecryptionFailed
                         | P2pConnectionOutgoingError::RemoteInternalError => {
                             matches!(s, P2pConnectionOutgoingState::AnswerRecvPending { .. })
                         }
diff --git a/p2p/src/connection/outgoing/p2p_connection_outgoing_reducer.rs b/p2p/src/connection/outgoing/p2p_connection_outgoing_reducer.rs
@@ -276,6 +276,9 @@ impl P2pConnectionOutgoingState {
                         P2pConnectionErrorResponse::Rejected(reason) => {
                             P2pConnectionOutgoingError::Rejected(*reason)
                         }
+                        P2pConnectionErrorResponse::SignalDecryptionFailed => {
+                            P2pConnectionOutgoingError::RemoteSignalDecryptionFailed
+                        }
                         P2pConnectionErrorResponse::InternalError => {
                             P2pConnectionOutgoingError::RemoteInternalError
                         }
diff --git a/p2p/src/connection/outgoing/p2p_connection_outgoing_state.rs b/p2p/src/connection/outgoing/p2p_connection_outgoing_state.rs
@@ -125,6 +125,8 @@ pub enum P2pConnectionOutgoingError {
     SdpCreateError(String),
     #[error("rejected: {0}")]
     Rejected(RejectionReason),
+    #[error("remote signal decryption failed")]
+    RemoteSignalDecryptionFailed,
     #[error("remote internal error")]
     RemoteInternalError,
     #[error("finalization error: {0}")]
diff --git a/p2p/src/identity/mod.rs b/p2p/src/identity/mod.rs
@@ -5,4 +5,4 @@ mod public_key;
 pub use public_key::PublicKey;
 
 mod secret_key;
-pub use secret_key::SecretKey;
+pub use secret_key::{EncryptableType, SecretKey};
diff --git a/p2p/src/identity/public_key.rs b/p2p/src/identity/public_key.rs
@@ -22,6 +22,10 @@ impl PublicKey {
     pub fn peer_id(&self) -> PeerId {
         PeerId::from_bytes(self.to_bytes())
     }
+
+    pub fn to_x25519(&self) -> x25519_dalek::PublicKey {
+        self.0.to_montgomery().to_bytes().into()
+    }
 }
 
 impl fmt::Display for PublicKey {
diff --git a/p2p/src/identity/secret_key.rs b/p2p/src/identity/secret_key.rs
@@ -1,7 +1,7 @@
 use std::{fmt, str::FromStr};
 
 use ed25519_dalek::SigningKey as Ed25519SecretKey;
-use rand::Rng;
+use rand::{CryptoRng, Rng};
 use serde::{Deserialize, Serialize};
 
 use crate::identity::PublicKey;
@@ -46,6 +46,70 @@ impl SecretKey {
     pub fn public_key(&self) -> PublicKey {
         PublicKey(self.0.verifying_key())
     }
+
+    pub fn to_x25519(&self) -> x25519_dalek::StaticSecret {
+        self.0.to_scalar_bytes().into()
+    }
+}
+
+use aes_gcm::{
+    aead::{Aead, AeadCore, AeadInPlace},
+    Aes256Gcm, KeyInit,
+};
+impl SecretKey {
+    fn shared_key(&self, other_pk: &PublicKey) -> Result<Aes256Gcm, ()> {
+        let key = self.to_x25519().diffie_hellman(&other_pk.to_x25519());
+        if !key.was_contributory() {
+            return Err(());
+        }
+        let key = key.to_bytes();
+        let key: &aes_gcm::Key<Aes256Gcm> = (&key).into();
+        Ok(Aes256Gcm::new(key))
+    }
+
+    pub fn encrypt_raw(
+        &self,
+        other_pk: &PublicKey,
+        rng: impl Rng + CryptoRng,
+        data: &[u8],
+    ) -> Result<Vec<u8>, ()> {
+        let shared_key = self.shared_key(other_pk)?;
+        let nonce = Aes256Gcm::generate_nonce(rng);
+        let mut buffer = Vec::from(AsRef::<[u8]>::as_ref(&nonce));
+        shared_key
+            .encrypt_in_place(&nonce, data, &mut buffer)
+            .or(Err(()))?;
+        Ok(buffer)
+    }
+
+    pub fn encrypt<M: EncryptableType>(
+        &self,
+        other_pk: &PublicKey,
+        rng: impl Rng + CryptoRng,
+        data: &M,
+    ) -> Result<M::Encrypted, ()> {
+        let data = serde_json::to_vec(data).or(Err(()))?;
+        self.encrypt_raw(other_pk, rng, &data).map(Into::into)
+    }
+
+    pub fn decrypt_raw(&self, other_pk: &PublicKey, ciphertext: &[u8]) -> Result<Vec<u8>, ()> {
+        let shared_key = self.shared_key(other_pk)?;
+        let (nonce, ciphertext) = ciphertext.split_at_checked(12).ok_or(())?;
+        shared_key.decrypt(nonce.into(), ciphertext).or(Err(()))
+    }
+
+    pub fn decrypt<M: EncryptableType>(
+        &self,
+        other_pk: &PublicKey,
+        ciphertext: &M::Encrypted,
+    ) -> Result<M, ()> {
+        let data = self.decrypt_raw(other_pk, ciphertext.as_ref())?;
+        serde_json::from_slice(&data).or(Err(()))
+    }
+}
+
+pub trait EncryptableType: Serialize + for<'a> Deserialize<'a> {
+    type Encrypted: From<Vec<u8>> + AsRef<[u8]>;
 }
 
 impl fmt::Display for SecretKey {
diff --git a/p2p/src/p2p_event.rs b/p2p/src/p2p_event.rs
@@ -105,6 +105,9 @@ impl fmt::Display for P2pConnectionEvent {
                 P2pConnectionResponse::Rejected(reason) => {
                     write!(f, "AnswerReceived, {peer_id}, Rejected, {reason:?}")
                 }
+                P2pConnectionResponse::SignalDecryptionFailed => {
+                    write!(f, "SignalDecryptionFailed, {peer_id}")
+                }
                 P2pConnectionResponse::InternalError => {
                     write!(f, "AnswerReceived, {peer_id}, InternalError")
                 }
diff --git a/p2p/src/webrtc/mod.rs b/p2p/src/webrtc/mod.rs
@@ -2,7 +2,7 @@ mod host;
 pub use host::Host;
 
 mod signal;
-pub use signal::{Answer, Offer, Signal};
+pub use signal::{Answer, Offer, P2pConnectionResponse, RejectionReason, Signal};
 
 mod signaling_method;
 pub use signaling_method::{HttpSignalingInfo, SignalingMethod, SignalingMethodParseError};
diff --git a/p2p/src/webrtc/signal.rs b/p2p/src/webrtc/signal.rs
@@ -1,7 +1,7 @@
 use derive_more::From;
 use serde::{Deserialize, Serialize};
 
-use crate::identity::{PeerId, PublicKey};
+use crate::identity::{EncryptableType, PeerId, PublicKey};
 
 use super::Host;
 
@@ -33,3 +33,75 @@ pub enum Signal {
     Offer(Offer),
     Answer(Answer),
 }
+
+#[derive(Serialize, Deserialize, Eq, PartialEq, Debug, Clone, Copy, thiserror::Error)]
+pub enum RejectionReason {
+    #[error("peer_id does not match peer's public key")]
+    PeerIdAndPublicKeyMismatch,
+    #[error("target peer_id is not local node's peer_id")]
+    TargetPeerIdNotMe,
+    #[error("too many peers")]
+    PeerCapacityFull,
+    #[error("peer already connected")]
+    AlreadyConnected,
+    #[error("self connection detected")]
+    ConnectingToSelf,
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone)]
+pub enum P2pConnectionResponse {
+    Accepted(Box<Answer>),
+    Rejected(RejectionReason),
+    SignalDecryptionFailed,
+    InternalError,
+}
+
+impl RejectionReason {
+    pub fn is_bad(&self) -> bool {
+        match self {
+            Self::PeerIdAndPublicKeyMismatch => true,
+            Self::TargetPeerIdNotMe => true,
+            Self::PeerCapacityFull => false,
+            Self::AlreadyConnected => true,
+            Self::ConnectingToSelf => false,
+        }
+    }
+}
+
+impl P2pConnectionResponse {
+    pub fn internal_error_str() -> &'static str {
+        "InternalError"
+    }
+
+    pub fn internal_error_json_str() -> &'static str {
+        "\"InternalError\""
+    }
+}
+
+/// Encrypted `webrtc::Offer`.
+#[derive(Serialize, Deserialize, From, Debug, Clone)]
+pub struct EncryptedOffer(Vec<u8>);
+
+/// Encrypted `P2pConnectionResponse`.
+#[derive(Serialize, Deserialize, From, Debug, Clone)]
+pub struct EncryptedAnswer(Vec<u8>);
+
+impl AsRef<[u8]> for EncryptedOffer {
+    fn as_ref(&self) -> &[u8] {
+        self.0.as_ref()
+    }
+}
+
+impl AsRef<[u8]> for EncryptedAnswer {
+    fn as_ref(&self) -> &[u8] {
+        self.0.as_ref()
+    }
+}
+
+impl EncryptableType for Offer {
+    type Encrypted = EncryptedOffer;
+}
+
+impl EncryptableType for P2pConnectionResponse {
+    type Encrypted = EncryptedAnswer;
+}

Original file line number	Diff line number	Diff line change
`@@ -189,6 +189,7 @@ impl redux::EnablingCondition<P2pState> for P2pConnectionOutgoingAction {`
`189`	`189`	`matches!(s, P2pConnectionOutgoingState::OfferSdpCreatePending { .. })`
`190`	`190`	`}`
`191`	`191`	`P2pConnectionOutgoingError::Rejected(_)`
	`192`	`+ \| P2pConnectionOutgoingError::RemoteSignalDecryptionFailed`
`192`	`193`	`\| P2pConnectionOutgoingError::RemoteInternalError => {`
`193`	`194`	`matches!(s, P2pConnectionOutgoingState::AnswerRecvPending { .. })`
`194`	`195`	`}`
Original file line number	Diff line number	Diff line change
`@@ -276,6 +276,9 @@ impl P2pConnectionOutgoingState {`
`276`	`276`	`P2pConnectionErrorResponse::Rejected(reason) => {`
`277`	`277`	`P2pConnectionOutgoingError::Rejected(*reason)`
`278`	`278`	`}`
	`279`	`+ P2pConnectionErrorResponse::SignalDecryptionFailed => {`
	`280`	`+ P2pConnectionOutgoingError::RemoteSignalDecryptionFailed`
	`281`	`+ }`
`279`	`282`	`P2pConnectionErrorResponse::InternalError => {`
`280`	`283`	`P2pConnectionOutgoingError::RemoteInternalError`
`281`	`284`	`}`