js-waku/packages/message-encryption/src/symmetric.ts

192 lines
5.2 KiB
TypeScript

import { DefaultPubSubTopic } from "@waku/core";
import { Decoder as DecoderV0 } from "@waku/core/lib/message/version_0";
import type {
EncoderOptions as BaseEncoderOptions,
IDecoder,
IEncoder,
IMessage,
IMetaSetter,
IProtoMessage,
PubSubTopic
} from "@waku/interfaces";
import { WakuMessage } from "@waku/proto";
import debug from "debug";
import { DecodedMessage } from "./decoded_message.js";
import {
decryptSymmetric,
encryptSymmetric,
postCipher,
preCipher
} from "./waku_payload.js";
import { generateSymmetricKey, OneMillion, Version } from "./index.js";
export { generateSymmetricKey };
export type { DecodedMessage, Encoder, Decoder };
const log = debug("waku:message-encryption:symmetric");
class Encoder implements IEncoder {
constructor(
public pubSubTopic: PubSubTopic,
public contentTopic: string,
private symKey: Uint8Array,
private sigPrivKey?: Uint8Array,
public ephemeral: boolean = false,
public metaSetter?: IMetaSetter
) {
if (!contentTopic || contentTopic === "") {
throw new Error("Content topic must be specified");
}
}
async toWire(message: IMessage): Promise<Uint8Array | undefined> {
const protoMessage = await this.toProtoObj(message);
if (!protoMessage) return;
return WakuMessage.encode(protoMessage);
}
async toProtoObj(message: IMessage): Promise<IProtoMessage | undefined> {
const timestamp = message.timestamp ?? new Date();
const preparedPayload = await preCipher(message.payload, this.sigPrivKey);
const payload = await encryptSymmetric(preparedPayload, this.symKey);
const protoMessage = {
payload,
version: Version,
contentTopic: this.contentTopic,
timestamp: BigInt(timestamp.valueOf()) * OneMillion,
meta: undefined,
rateLimitProof: message.rateLimitProof,
ephemeral: this.ephemeral
};
if (this.metaSetter) {
const meta = this.metaSetter(protoMessage);
return { ...protoMessage, meta };
}
return protoMessage;
}
}
export interface EncoderOptions extends BaseEncoderOptions {
/** The symmetric key to encrypt the payload with. */
symKey: Uint8Array;
/** An optional private key to be used to sign the payload before encryption. */
sigPrivKey?: Uint8Array;
}
/**
* Creates an encoder that encrypts messages using symmetric encryption for the
* given key, as defined in [26/WAKU2-PAYLOAD](https://rfc.vac.dev/spec/26/).
*
* An encoder is used to encode messages in the [`14/WAKU2-MESSAGE](https://rfc.vac.dev/spec/14/)
* format to be sent over the Waku network. The resulting encoder can then be
* pass to { @link @waku/interfaces!ISender.send } to automatically encrypt
* and encode outgoing messages.
*
* The payload can optionally be signed with the given private key as defined
* in [26/WAKU2-PAYLOAD](https://rfc.vac.dev/spec/26/).
*/
export function createEncoder({
pubSubTopic = DefaultPubSubTopic,
contentTopic,
symKey,
sigPrivKey,
ephemeral = false,
metaSetter
}: EncoderOptions): Encoder {
return new Encoder(
pubSubTopic,
contentTopic,
symKey,
sigPrivKey,
ephemeral,
metaSetter
);
}
class Decoder extends DecoderV0 implements IDecoder<DecodedMessage> {
constructor(
pubSubTopic: PubSubTopic,
contentTopic: string,
private symKey: Uint8Array
) {
super(pubSubTopic, contentTopic);
}
async fromProtoObj(
pubSubTopic: string,
protoMessage: IProtoMessage
): Promise<DecodedMessage | undefined> {
const cipherPayload = protoMessage.payload;
if (protoMessage.version !== Version) {
log(
"Failed to decrypt due to incorrect version, expected:",
Version,
", actual:",
protoMessage.version
);
return;
}
let payload;
try {
payload = await decryptSymmetric(cipherPayload, this.symKey);
} catch (e) {
log(
`Failed to decrypt message using asymmetric decryption for contentTopic: ${this.contentTopic}`,
e
);
return;
}
if (!payload) {
log(`Failed to decrypt payload for contentTopic ${this.contentTopic}`);
return;
}
const res = postCipher(payload);
if (!res) {
log(`Failed to decode payload for contentTopic ${this.contentTopic}`);
return;
}
log("Message decrypted", protoMessage);
return new DecodedMessage(
pubSubTopic,
protoMessage,
res.payload,
res.sig?.signature,
res.sig?.publicKey
);
}
}
/**
* Creates a decoder that decrypts messages using symmetric encryption, using
* the given key as defined in [26/WAKU2-PAYLOAD](https://rfc.vac.dev/spec/26/).
*
* A decoder is used to decode messages from the [14/WAKU2-MESSAGE](https://rfc.vac.dev/spec/14/)
* format when received from the Waku network. The resulting decoder can then be
* pass to { @link @waku/interfaces!IReceiver.subscribe } to automatically decrypt and
* decode incoming messages.
*
* @param contentTopic The resulting decoder will only decode messages with this content topic.
* @param symKey The symmetric key used to decrypt the message.
*/
export function createDecoder(
contentTopic: string,
symKey: Uint8Array,
pubSubTopic: PubSubTopic = DefaultPubSubTopic
): Decoder {
return new Decoder(pubSubTopic, contentTopic, symKey);
}