feat!: update to libp2p v3 api (#618)

Refactors code to conform to the `libp2p@3.x.x` API.

- Encrypted streams are now EventTargets
- Consuming incoming data is now done synchronously for reduced latency

BREAKING CHANGE: Must be used with `libp2p@3.x.x`, it cannot be used with earlier versions

Author: achingbrain

package.json

@@ -151,44 +151,40 @@
   },
   "dependencies": {
     "@chainsafe/as-chacha20poly1305": "^0.1.0",
-    "@chainsafe/as-sha256": "^1.0.0",
-    "@libp2p/crypto": "^5.0.0",
-    "@libp2p/interface": "^2.9.0",
-    "@libp2p/peer-id": "^5.0.0",
-    "@noble/ciphers": "^1.1.3",
-    "@noble/curves": "^1.1.0",
-    "@noble/hashes": "^1.3.1",
-    "it-length-prefixed": "^10.0.1",
-    "it-length-prefixed-stream": "^2.0.1",
-    "it-pair": "^2.0.6",
-    "it-pipe": "^3.0.1",
-    "it-stream-types": "^2.0.1",
-    "protons-runtime": "^5.5.0",
-    "uint8arraylist": "^2.4.3",
-    "uint8arrays": "^5.0.0",
+    "@chainsafe/as-sha256": "^1.2.0",
+    "@libp2p/crypto": "^5.1.9",
+    "@libp2p/interface": "^3.0.0",
+    "@libp2p/peer-id": "^6.0.0",
+    "@libp2p/utils": "^7.0.0",
+    "@noble/ciphers": "^2.0.1",
+    "@noble/curves": "^2.0.1",
+    "@noble/hashes": "^2.0.1",
+    "protons-runtime": "^5.6.0",
+    "uint8arraylist": "^2.4.8",
+    "uint8arrays": "^5.1.0",
     "wherearewe": "^2.0.1"
   },
   "devDependencies": {
-    "@chainsafe/libp2p-yamux": "^7.0.0",
-    "@libp2p/daemon-client": "^9.0.0",
-    "@libp2p/daemon-server": "^8.0.0",
-    "@libp2p/interface-compliance-tests": "^6.0.0",
-    "@libp2p/interop": "^13.0.0",
-    "@libp2p/logger": "^5.0.0",
-    "@libp2p/tcp": "^10.0.0",
-    "@multiformats/multiaddr": "^12.1.0",
-    "@types/sinon": "^17.0.1",
-    "aegir": "^47.0.18",
+    "@chainsafe/libp2p-yamux": "^8.0.0",
+    "@libp2p/daemon-client": "^10.0.0",
+    "@libp2p/daemon-server": "^9.0.0",
+    "@libp2p/interface-compliance-tests": "^7.0.0",
+    "@libp2p/interop": "^14.0.0",
+    "@libp2p/logger": "^6.0.0",
+    "@libp2p/tcp": "^11.0.0",
+    "@multiformats/multiaddr": "^13.0.1",
+    "@types/sinon": "^17.0.4",
+    "aegir": "^47.0.22",
     "benchmark": "^2.1.4",
-    "execa": "^9.3.0",
-    "go-libp2p": "^1.0.3",
+    "execa": "^9.6.0",
+    "go-libp2p": "^1.6.0",
     "iso-random-stream": "^2.0.2",
-    "it-byte-stream": "^2.0.1",
-    "libp2p": "^2.0.0",
-    "mkdirp": "^3.0.0",
-    "multiformats": "^13.2.2",
-    "p-defer": "^4.0.0",
-    "protons": "^7.6.0",
+    "it-pair": "^2.0.6",
+    "libp2p": "^3.0.0",
+    "mkdirp": "^3.0.1",
+    "multiformats": "^13.4.0",
+    "p-defer": "^4.0.1",
+    "protons": "^7.7.0",
     "sinon": "^21.0.0",
     "sinon-ts": "^2.0.0"
   },

src/constants.ts

@@ -2,3 +2,4 @@ export const NOISE_MSG_MAX_LENGTH_BYTES = 65535
 export const NOISE_MSG_MAX_LENGTH_BYTES_WITHOUT_TAG = NOISE_MSG_MAX_LENGTH_BYTES - 16
 
 export const DUMP_SESSION_KEYS = Boolean(globalThis.process?.env?.DUMP_SESSION_KEYS)
+export const CHACHA_TAG_LENGTH = 16

src/crypto/js.ts

@@ -1,7 +1,7 @@
-import { chacha20poly1305 } from '@noble/ciphers/chacha'
-import { x25519 } from '@noble/curves/ed25519'
-import { extract, expand } from '@noble/hashes/hkdf'
-import { sha256 } from '@noble/hashes/sha256'
+import { chacha20poly1305 } from '@noble/ciphers/chacha.js'
+import { x25519 } from '@noble/curves/ed25519.js'
+import { extract, expand } from '@noble/hashes/hkdf.js'
+import { sha256 } from '@noble/hashes/sha2.js'
 import type { ICryptoInterface } from '../crypto.js'
 import type { KeyPair } from '../types.js'
 import type { Uint8ArrayList } from 'uint8arraylist'
@@ -24,7 +24,7 @@ export const pureJsCrypto: ICryptoInterface = {
   },
 
   generateX25519KeyPair (): KeyPair {
-    const secretKey = x25519.utils.randomPrivateKey()
+    const secretKey = x25519.utils.randomSecretKey()
     const publicKey = x25519.getPublicKey(secretKey)
 
     return {

src/encoder.ts

@@ -1,5 +1,4 @@
 import { allocUnsafe as uint8ArrayAllocUnsafe } from 'uint8arrays/alloc'
-import type { LengthDecoderFunction } from 'it-length-prefixed'
 import type { Uint8ArrayList } from 'uint8arraylist'
 
 export const uint16BEEncode = (value: number): Uint8Array => {
@@ -10,7 +9,7 @@ export const uint16BEEncode = (value: number): Uint8Array => {
 }
 uint16BEEncode.bytes = 2
 
-export const uint16BEDecode: LengthDecoderFunction = (data: Uint8Array | Uint8ArrayList): number => {
+export const uint16BEDecode = (data: Uint8Array | Uint8ArrayList): number => {
   if (data.length < 2) { throw RangeError('Could not decode int16BE') }
 
   if (data instanceof Uint8Array) {

src/noise.ts

@@ -1,26 +1,21 @@
 import { publicKeyFromProtobuf } from '@libp2p/crypto/keys'
 import { InvalidCryptoExchangeError, serviceCapabilities } from '@libp2p/interface'
 import { peerIdFromPublicKey } from '@libp2p/peer-id'
-import { decode } from 'it-length-prefixed'
-import { lpStream } from 'it-length-prefixed-stream'
-import { duplexPair } from 'it-pair/duplex'
-import { pipe } from 'it-pipe'
+import { lpStream } from '@libp2p/utils'
 import { alloc as uint8ArrayAlloc } from 'uint8arrays/alloc'
 import { NOISE_MSG_MAX_LENGTH_BYTES } from './constants.js'
 import { defaultCrypto } from './crypto/index.js'
 import { wrapCrypto } from './crypto.js'
 import { uint16BEDecode, uint16BEEncode } from './encoder.js'
 import { registerMetrics } from './metrics.js'
 import { performHandshakeInitiator, performHandshakeResponder } from './performHandshake.js'
-import { decryptStream, encryptStream } from './streaming.js'
+import { toMessageStream } from './utils.ts'
 import type { ICryptoInterface } from './crypto.js'
 import type { NoiseComponents } from './index.js'
 import type { MetricsRegistry } from './metrics.js'
-import type { HandshakeResult, ICrypto, INoiseConnection, KeyPair } from './types.js'
-import type { MultiaddrConnection, SecuredConnection, PrivateKey, PublicKey, StreamMuxerFactory, SecureConnectionOptions } from '@libp2p/interface'
-import type { LengthPrefixedStream } from 'it-length-prefixed-stream'
-import type { Duplex } from 'it-stream-types'
-import type { Uint8ArrayList } from 'uint8arraylist'
+import type { HandshakeResult, ICrypto, INoiseConnection, INoiseExtensions, KeyPair } from './types.js'
+import type { SecuredConnection, PrivateKey, PublicKey, StreamMuxerFactory, SecureConnectionOptions, Logger, MessageStream } from '@libp2p/interface'
+import type { LengthPrefixedStream } from '@libp2p/utils'
 
 export interface NoiseExtensions {
   webtransportCerthashes: Uint8Array[]
@@ -45,12 +40,14 @@ export class Noise implements INoiseConnection {
   private readonly extensions?: NoiseExtensions
   private readonly metrics?: MetricsRegistry
   private readonly components: NoiseComponents
+  private readonly log: Logger
 
   constructor (components: NoiseComponents, init: NoiseInit = {}) {
     const { staticNoiseKey, extensions, crypto, prologueBytes } = init
     const { metrics } = components
 
     this.components = components
+    this.log = components.logger.forComponent('libp2p:noise')
     const _crypto = crypto ?? defaultCrypto
     this.crypto = wrapCrypto(_crypto)
     this.extensions = {
@@ -83,31 +80,25 @@ export class Noise implements INoiseConnection {
    * @param options.remotePeer - PeerId of the remote peer. Used to validate the integrity of the remote peer
    * @param options.signal - Used to abort the operation
    */
-  public async secureOutbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (connection: Stream, options?: SecureConnectionOptions): Promise<SecuredConnection<Stream, NoiseExtensions>> {
-    const wrappedConnection = lpStream(
-      connection,
-      {
-        lengthEncoder: uint16BEEncode,
-        lengthDecoder: uint16BEDecode,
-        maxDataLength: NOISE_MSG_MAX_LENGTH_BYTES
-      }
-    )
+  async secureOutbound (connection: MessageStream, options?: SecureConnectionOptions): Promise<SecuredConnection<INoiseExtensions>> {
+    const log = connection.log?.newScope('noise') ?? this.log
+    const wrappedConnection = lpStream(connection, {
+      lengthEncoder: uint16BEEncode,
+      lengthDecoder: uint16BEDecode,
+      maxDataLength: NOISE_MSG_MAX_LENGTH_BYTES
+    })
 
     const handshake = await this.performHandshakeInitiator(
       wrappedConnection,
       this.components.privateKey,
+      log,
       options?.remotePeer?.publicKey,
       options
     )
-    const conn = await this.createSecureConnection(wrappedConnection, handshake)
-
-    connection.source = conn.source
-    connection.sink = conn.sink
-
     const publicKey = publicKeyFromProtobuf(handshake.payload.identityKey)
 
     return {
-      conn: connection,
+      connection: toMessageStream(wrappedConnection.unwrap(), handshake, this.metrics),
       remoteExtensions: handshake.payload.extensions,
       remotePeer: peerIdFromPublicKey(publicKey),
       streamMuxer: options?.skipStreamMuxerNegotiation === true ? undefined : this.getStreamMuxer(handshake.payload.extensions?.streamMuxers)
@@ -144,31 +135,25 @@ export class Noise implements INoiseConnection {
    * @param options.remotePeer - PeerId of the remote peer. Used to validate the integrity of the remote peer
    * @param options.signal - Used to abort the operation
    */
-  public async secureInbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (connection: Stream, options?: SecureConnectionOptions): Promise<SecuredConnection<Stream, NoiseExtensions>> {
-    const wrappedConnection = lpStream(
-      connection,
-      {
-        lengthEncoder: uint16BEEncode,
-        lengthDecoder: uint16BEDecode,
-        maxDataLength: NOISE_MSG_MAX_LENGTH_BYTES
-      }
-    )
+  async secureInbound (connection: MessageStream, options?: SecureConnectionOptions): Promise<SecuredConnection<INoiseExtensions>> {
+    const log = connection.log?.newScope('noise') ?? this.log
+    const wrappedConnection = lpStream(connection, {
+      lengthEncoder: uint16BEEncode,
+      lengthDecoder: uint16BEDecode,
+      maxDataLength: NOISE_MSG_MAX_LENGTH_BYTES
+    })
 
     const handshake = await this.performHandshakeResponder(
       wrappedConnection,
       this.components.privateKey,
+      log,
       options?.remotePeer?.publicKey,
       options
     )
-    const conn = await this.createSecureConnection(wrappedConnection, handshake)
-
-    connection.source = conn.source
-    connection.sink = conn.sink
-
     const publicKey = publicKeyFromProtobuf(handshake.payload.identityKey)
 
     return {
-      conn: connection,
+      connection: toMessageStream(wrappedConnection.unwrap(), handshake, this.metrics),
       remoteExtensions: handshake.payload.extensions,
       remotePeer: peerIdFromPublicKey(publicKey),
       streamMuxer: options?.skipStreamMuxerNegotiation === true ? undefined : this.getStreamMuxer(handshake.payload.extensions?.streamMuxers)
@@ -182,6 +167,7 @@ export class Noise implements INoiseConnection {
     connection: LengthPrefixedStream,
     // TODO: pass private key in noise constructor via Components
     privateKey: PrivateKey,
+    log: Logger,
     remoteIdentityKey?: PublicKey,
     options?: SecureConnectionOptions
   ): Promise<HandshakeResult> {
@@ -193,7 +179,7 @@ export class Noise implements INoiseConnection {
         connection,
         privateKey,
         remoteIdentityKey,
-        log: this.components.logger.forComponent('libp2p:noise:xxhandshake'),
+        log: log.newScope('xxhandshake'),
         crypto: this.crypto,
         prologue: this.prologue,
         s: this.staticKey,
@@ -218,6 +204,7 @@ export class Noise implements INoiseConnection {
   private async performHandshakeResponder (
     connection: LengthPrefixedStream,
     privateKey: PrivateKey,
+    log: Logger,
     remoteIdentityKey?: PublicKey,
     options?: SecureConnectionOptions
   ): Promise<HandshakeResult> {
@@ -229,7 +216,7 @@ export class Noise implements INoiseConnection {
         connection,
         privateKey,
         remoteIdentityKey,
-        log: this.components.logger.forComponent('libp2p:noise:xxhandshake'),
+        log: log.newScope('xxhandshake'),
         crypto: this.crypto,
         prologue: this.prologue,
         s: this.staticKey,
@@ -247,24 +234,4 @@ export class Noise implements INoiseConnection {
 
     return result
   }
-
-  private async createSecureConnection (
-    connection: LengthPrefixedStream<Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>>>,
-    handshake: HandshakeResult
-  ): Promise<Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>>> {
-    // Create encryption box/unbox wrapper
-    const [secure, user] = duplexPair<Uint8Array | Uint8ArrayList>()
-    const network = connection.unwrap()
-
-    await pipe(
-      secure, // write to wrapper
-      encryptStream(handshake, this.metrics), // encrypt data + prefix with message length
-      network, // send to the remote peer
-      (source) => decode(source, { lengthDecoder: uint16BEDecode }), // read message length prefix
-      decryptStream(handshake, this.metrics), // decrypt the incoming data
-      secure // pipe to the wrapper
-    )
-
-    return user
-  }
 }