feat: add tls connection encrypter (#2377)

Encrypts connections using TLS 1.3 on Node.js.

Spec: https://github.com/libp2p/specs/blob/master/tls/tls.md

packages/connection-encrypter-tls/LICENSE

@@ -0,0 +1,4 @@
+This project is dual licensed under MIT and Apache-2.0.
+
+MIT: https://www.opensource.org/licenses/mit
+Apache-2.0: https://www.apache.org/licenses/license-2.0

packages/connection-encrypter-tls/LICENSE-APACHE

@@ -0,0 +1,5 @@
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

packages/connection-encrypter-tls/LICENSE-MIT

@@ -0,0 +1,19 @@
+The MIT License (MIT)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

packages/connection-encrypter-tls/README.md

@@ -0,0 +1,45 @@
+[![libp2p.io](https://img.shields.io/badge/project-libp2p-yellow.svg?style=flat-square)](http://libp2p.io/)
+[![Discuss](https://img.shields.io/discourse/https/discuss.libp2p.io/posts.svg?style=flat-square)](https://discuss.libp2p.io)
+[![codecov](https://img.shields.io/codecov/c/github/libp2p/js-libp2p.svg?style=flat-square)](https://codecov.io/gh/libp2p/js-libp2p)
+[![CI](https://img.shields.io/github/actions/workflow/status/libp2p/js-libp2p/main.yml?branch=main\&style=flat-square)](https://github.com/libp2p/js-libp2p/actions/workflows/main.yml?query=branch%3Amain)
+
+> A connection encrypter that uses TLS 1.3
+
+# About
+
+Implements the spec at <https://github.com/libp2p/specs/blob/master/tls/tls.md>
+
+## Example
+
+```typescript
+import { createLibp2p } from 'libp2p'
+import { tls } from '@libp2p/tls'
+
+const node = await createLibp2p({
+  // ...other options
+  connectionEncryption: [
+    tls()
+  ]
+})
+```
+
+# Install
+
+```console
+$ npm i @libp2p/tls
+```
+
+# API Docs
+
+- <https://libp2p.github.io/js-libp2p/modules/_libp2p_tls.html>
+
+# License
+
+Licensed under either of
+
+- Apache 2.0, ([LICENSE-APACHE](LICENSE-APACHE) / <http://www.apache.org/licenses/LICENSE-2.0>)
+- MIT ([LICENSE-MIT](LICENSE-MIT) / <http://opensource.org/licenses/MIT>)
+
+# Contribution
+
+Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

packages/connection-encrypter-tls/package.json

@@ -0,0 +1,74 @@
+{
+  "name": "@libp2p/tls",
+  "version": "0.0.0",
+  "description": "A connection encrypter that uses TLS 1.3",
+  "license": "Apache-2.0 OR MIT",
+  "homepage": "https://github.com/libp2p/js-libp2p/tree/main/packages/connection-encrypter-tls#readme",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/libp2p/js-libp2p.git"
+  },
+  "bugs": {
+    "url": "https://github.com/libp2p/js-libp2p/issues"
+  },
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
+  "type": "module",
+  "types": "./dist/src/index.d.ts",
+  "files": [
+    "src",
+    "dist",
+    "!dist/test",
+    "!**/*.tsbuildinfo"
+  ],
+  "exports": {
+    ".": {
+      "types": "./dist/src/index.d.ts",
+      "import": "./dist/src/index.js"
+    }
+  },
+  "eslintConfig": {
+    "extends": "ipfs",
+    "parserOptions": {
+      "project": true,
+      "sourceType": "module"
+    }
+  },
+  "scripts": {
+    "start": "node dist/src/main.js",
+    "build": "aegir build --bundle false",
+    "test": "aegir test -t node",
+    "clean": "aegir clean",
+    "generate": "protons ./src/pb/index.proto",
+    "lint": "aegir lint",
+    "test:node": "aegir test -t node --cov",
+    "dep-check": "aegir dep-check"
+  },
+  "dependencies": {
+    "@libp2p/crypto": "^4.0.1",
+    "@libp2p/interface": "^1.1.2",
+    "@libp2p/peer-id": "^4.0.5",
+    "@peculiar/asn1-schema": "^2.3.8",
+    "@peculiar/asn1-x509": "^2.3.8",
+    "@peculiar/webcrypto": "^1.4.5",
+    "@peculiar/x509": "^1.9.6",
+    "asn1js": "^3.0.5",
+    "it-pushable": "^3.2.3",
+    "it-stream-types": "^2.0.1",
+    "protons-runtime": "^5.0.0",
+    "uint8arraylist": "^2.4.7",
+    "uint8arrays": "^5.0.1"
+  },
+  "devDependencies": {
+    "@libp2p/interface-compliance-tests": "^5.2.0",
+    "@libp2p/logger": "^4.0.5",
+    "@libp2p/peer-id-factory": "^4.0.5",
+    "@multiformats/multiaddr": "^12.1.10",
+    "aegir": "^42.0.0",
+    "protons": "^7.3.0",
+    "sinon": "^17.0.1"
+  },
+  "sideEffects": false
+}

packages/connection-encrypter-tls/src/index.ts

@@ -0,0 +1,40 @@
+/**
+ * @packageDocumentation
+ *
+ * Implements the spec at https://github.com/libp2p/specs/blob/master/tls/tls.md
+ *
+ * @example
+ *
+ * ```typescript
+ * import { createLibp2p } from 'libp2p'
+ * import { tls } from '@libp2p/tls'
+ *
+ * const node = await createLibp2p({
+ *   // ...other options
+ *   connectionEncryption: [
+ *     tls()
+ *   ]
+ * })
+ * ```
+ */
+
+import { TLS } from './tls.js'
+import type { ComponentLogger, ConnectionEncrypter } from '@libp2p/interface'
+
+export const PROTOCOL = '/tls/1.0.0'
+
+export interface TLSComponents {
+  logger: ComponentLogger
+}
+
+export interface TLSInit {
+  /**
+   * The peer id exchange must complete within this many milliseconds
+   * (default: 1000)
+   */
+  timeout?: number
+}
+
+export function tls (init?: TLSInit): (components: TLSComponents) => ConnectionEncrypter {
+  return (components) => new TLS(components, init)
+}

packages/connection-encrypter-tls/src/pb/index.proto

@@ -0,0 +1,13 @@
+syntax = "proto3";
+
+enum KeyType {
+  RSA = 0;
+  Ed25519 = 1;
+  Secp256k1 = 2;
+  ECDSA = 3;
+}
+
+message PublicKey {
+  optional KeyType type = 1;
+  optional bytes data = 2;
+}

packages/connection-encrypter-tls/src/pb/index.ts

@@ -0,0 +1,95 @@
+/* eslint-disable import/export */
+/* eslint-disable complexity */
+/* eslint-disable @typescript-eslint/no-namespace */
+/* eslint-disable @typescript-eslint/no-unnecessary-boolean-literal-compare */
+/* eslint-disable @typescript-eslint/no-empty-interface */
+
+import { type Codec, decodeMessage, encodeMessage, enumeration, message } from 'protons-runtime'
+import type { Uint8ArrayList } from 'uint8arraylist'
+
+export enum KeyType {
+  RSA = 'RSA',
+  Ed25519 = 'Ed25519',
+  Secp256k1 = 'Secp256k1',
+  ECDSA = 'ECDSA'
+}
+
+enum __KeyTypeValues {
+  RSA = 0,
+  Ed25519 = 1,
+  Secp256k1 = 2,
+  ECDSA = 3
+}
+
+export namespace KeyType {
+  export const codec = (): Codec<KeyType> => {
+    return enumeration<KeyType>(__KeyTypeValues)
+  }
+}
+export interface PublicKey {
+  type?: KeyType
+  data?: Uint8Array
+}
+
+export namespace PublicKey {
+  let _codec: Codec<PublicKey>
+
+  export const codec = (): Codec<PublicKey> => {
+    if (_codec == null) {
+      _codec = message<PublicKey>((obj, w, opts = {}) => {
+        if (opts.lengthDelimited !== false) {
+          w.fork()
+        }
+
+        if (obj.type != null) {
+          w.uint32(8)
+          KeyType.codec().encode(obj.type, w)
+        }
+
+        if (obj.data != null) {
+          w.uint32(18)
+          w.bytes(obj.data)
+        }
+
+        if (opts.lengthDelimited !== false) {
+          w.ldelim()
+        }
+      }, (reader, length) => {
+        const obj: any = {}
+
+        const end = length == null ? reader.len : reader.pos + length
+
+        while (reader.pos < end) {
+          const tag = reader.uint32()
+
+          switch (tag >>> 3) {
+            case 1: {
+              obj.type = KeyType.codec().decode(reader)
+              break
+            }
+            case 2: {
+              obj.data = reader.bytes()
+              break
+            }
+            default: {
+              reader.skipType(tag & 7)
+              break
+            }
+          }
+        }
+
+        return obj
+      })
+    }
+
+    return _codec
+  }
+
+  export const encode = (obj: Partial<PublicKey>): Uint8Array => {
+    return encodeMessage(obj, PublicKey.codec())
+  }
+
+  export const decode = (buf: Uint8Array | Uint8ArrayList): PublicKey => {
+    return decodeMessage(buf, PublicKey.codec())
+  }
+}