3 releases

0.4.2 Jun 27, 2022
0.4.1 Jun 3, 2022
0.4.0 Jun 1, 2022

#6 in #stronghold

Apache-2.0

195KB
3.5K SLoC

Stronghold Peer-to-Peer Communication

The Stronghold-p2p library enables end-to-end encrypted communication between peers in different processes, devices and networks. The basis for its functionality is the libp2p framework, which is a system of protocols, specifications and libraries that enable the development of peer-to-peer network applications.

You can build the Stronghold-p2p crate separately from Stronghold, as well as use it independently. It allows users to transmit generic 1:1 Request-Response messages between two peers, with an additional firewall that prevents unauthorized access. In case that a peer may not be dialed directly, it supports the usage of a relay peer that blindly relays the traffic between two peers.

Transmission of Data

Data is transmitted via a TCP transport with additional support for Websockets and DNS resolution. The transport is "upgraded" with the Yamux Protocol for multiplexing, and a Noise protocol that implements end-to-end encryption.

The Noise-handshake is based on the Diffie-Helllman key exchange and allows two peers that have no prior knowledge of each other to create a shared secret key over an insecure medium. Stronghold-p2p uses the XX-Pattern for the handshake.

Connecting Peers

A peer can establish a connection to a remote peer if they know the remote peer's address. If both peers are in the same local network, they can enable the Mdns feature, which implements automatic peer discovery in a local network.

If the two peers are in two different networks without public IP addresses, Stronghold-p2p supports the usage of relay peers. The relay forwards all traffic between source and destination. Thanks to the Noise-encryption, the communication is end-to-end encrypted between the two peers, independently of whether a relay is used or not.

Firewall

Stronghold-p2p's network protocol implements a low-level firewall. The firewall approves or rejects each inbound request based on default and peer-specific rules. In addition to fixed rules, requests may also be approved or rejected individually in an asynchronous manner.

Dependencies

~17–56MB
~1M SLoC