diff --git a/packages/communication/src/SocketConnection.ts b/packages/communication/src/SocketConnection.ts index fc4dac5..f0027fe 100644 --- a/packages/communication/src/SocketConnection.ts +++ b/packages/communication/src/SocketConnection.ts @@ -1,9 +1,13 @@ import { ICodec, IConnection, IMessageComposer, IMessageConfiguration, IMessageDataWrapper, IMessageEvent, WebSocketEventEnum } from '@nitrots/api'; +import { GetConfiguration } from '@nitrots/configuration'; import { GetEventDispatcher, NitroEvent, NitroEventType, ReconnectEvent } from '@nitrots/events'; import { NitroLogger } from '@nitrots/utils'; import { EvaWireFormat } from './codec'; +import { aesGcmDecrypt, aesGcmEncrypt, buildClientHello, deriveAesKey, deriveSharedSecret, exportPublicKeySpki, generateEphemeralKeyPair, importPublicKeySpki, importSigningPublicKeyFromBase64, NONCE_LEN, parseServerHello, randomNonce, verifyEphemeralSignature } from './crypto'; import { MessageClassManager } from './messages'; +type CryptoState = 'disabled' | 'awaiting_server_hello' | 'ready' | 'error'; + export class SocketConnection implements IConnection { private _socket: WebSocket = null; @@ -24,11 +28,15 @@ export class SocketConnection implements IConnection private _isReconnecting: boolean = false; private _intentionalClose: boolean = false; private _wasAuthenticated: boolean = false; - + public static readonly MAX_RECONNECT_ATTEMPTS: number = 7; public static readonly BASE_RECONNECT_DELAY_MS: number = 1000; public static readonly MAX_RECONNECT_DELAY_MS: number = 30000; + private _cryptoState: CryptoState = 'disabled'; + private _sessionKey: CryptoKey = null; + private _pendingEncryptedSends: ArrayBuffer[] = []; + public init(socketUrl: string): void { if(!socketUrl || !socketUrl.length) return; @@ -42,24 +50,155 @@ export class SocketConnection implements IConnection private createSocket(socketUrl: string): void { this._dataBuffer = new ArrayBuffer(0); + const cryptoEnabled = !!GetConfiguration().getValue('crypto.ws.enabled', false); + if(cryptoEnabled && !this.subtleCryptoAvailable()) + { + NitroLogger.error('[ws-crypto] crypto.ws.enabled=true but window.crypto.subtle is unavailable. ' + + 'This page must be served from a secure context - HTTPS, localhost, or 127.0.0.1. ' + + 'Current origin: ' + (typeof window !== 'undefined' ? window.location.origin : 'unknown')); + this._cryptoState = 'error'; + } + else + { + this._cryptoState = cryptoEnabled ? 'awaiting_server_hello' : 'disabled'; + } + this._sessionKey = null; + this._pendingEncryptedSends = []; this._socket = new WebSocket(socketUrl); this._socket.binaryType = 'arraybuffer'; this._onOpenCallback = () => this.onSocketOpened(); this._onCloseCallback = (event: Event) => this.onSocketClosed(event as CloseEvent); this._onErrorCallback = () => this.onSocketError(); - this._onMessageCallback = (event: MessageEvent) => - { - this._dataBuffer = this.concatArrayBuffers(this._dataBuffer, event.data); - this.processReceivedData(); - }; - + this._onMessageCallback = (event: MessageEvent) => this.onSocketMessage(event.data as ArrayBuffer); this._socket.addEventListener(WebSocketEventEnum.CONNECTION_OPENED, this._onOpenCallback); this._socket.addEventListener(WebSocketEventEnum.CONNECTION_CLOSED, this._onCloseCallback); this._socket.addEventListener(WebSocketEventEnum.CONNECTION_ERROR, this._onErrorCallback); this._socket.addEventListener(WebSocketEventEnum.CONNECTION_MESSAGE, this._onMessageCallback); } + private subtleCryptoAvailable(): boolean + { + return typeof window !== 'undefined' + && typeof window.crypto !== 'undefined' + && typeof window.crypto.subtle !== 'undefined'; + } + + private onSocketMessage(data: ArrayBuffer): void + { + if(this._cryptoState === 'error') + { + this._intentionalClose = true; + if(this._socket) this._socket.close(); + return; + } + + if(this._cryptoState === 'awaiting_server_hello') + { + this.handleServerHello(data) + .catch(err => + { + NitroLogger.error('[ws-crypto] handshake failed', err); + this._cryptoState = 'error'; + this._intentionalClose = true; + if(this._socket) this._socket.close(); + }); + return; + } + + if(this._cryptoState === 'ready') + { + this.decryptFrame(data) + .then(plain => + { + this._dataBuffer = this.concatArrayBuffers(this._dataBuffer, plain); + this.processReceivedData(); + }) + .catch(err => + { + NitroLogger.error('[ws-crypto] decrypt failed', err); + this._cryptoState = 'error'; + this._intentionalClose = true; + if(this._socket) this._socket.close(); + }); + return; + } + + this._dataBuffer = this.concatArrayBuffers(this._dataBuffer, data); + this.processReceivedData(); + } + + private async handleServerHello(frame: ArrayBuffer): Promise + { + const { pubkeySpki: serverPubkeySpki, signature } = parseServerHello(frame); + const signingRequired = !!GetConfiguration().getValue('crypto.ws.signing.enabled', false); + if(signingRequired) + { + if(!signature) throw new Error('crypto.ws.signing.enabled=true but server_hello had no signature'); + + const signingPub = await this.getSigningPublicKey(); + const ok = await verifyEphemeralSignature(signingPub, signature, serverPubkeySpki); + if(!ok) throw new Error('server_hello signature verification failed (MITM?)'); + } + + const serverPubkey = await importPublicKeySpki(serverPubkeySpki); + const ourKeys = await generateEphemeralKeyPair(); + const ourPubkeySpki = await exportPublicKeySpki(ourKeys.publicKey); + const shared = await deriveSharedSecret(ourKeys.privateKey, serverPubkey); + this._sessionKey = await deriveAesKey(shared); + this._socket.send(buildClientHello(ourPubkeySpki)); + this._cryptoState = 'ready'; + + if(this._pendingEncryptedSends.length) + { + const queued = this._pendingEncryptedSends; + this._pendingEncryptedSends = []; + for(const buf of queued) await this.encryptAndSend(buf); + } + } + + private _cachedSigningPublicKey: CryptoKey = null; + private async getSigningPublicKey(): Promise + { + if(this._cachedSigningPublicKey) return this._cachedSigningPublicKey; + + const pinned = GetConfiguration().getValue('crypto.ws.signing.public_key', ''); + if(pinned) + { + this._cachedSigningPublicKey = await importSigningPublicKeyFromBase64(pinned); + return this._cachedSigningPublicKey; + } + + const endpointTemplate = GetConfiguration().getValue('login.server_key.endpoint', '/api/auth/server-key'); + const endpoint = GetConfiguration().interpolate(endpointTemplate); + const resp = await fetch(endpoint, { credentials: 'include' }); + if(!resp.ok) throw new Error(`server-key fetch failed: HTTP ${ resp.status }`); + const payload = await resp.json(); + const b64 = typeof payload?.publicKey === 'string' ? payload.publicKey : ''; + if(!b64) throw new Error('server-key response missing publicKey'); + this._cachedSigningPublicKey = await importSigningPublicKeyFromBase64(b64); + return this._cachedSigningPublicKey; + } + + private async decryptFrame(frame: ArrayBuffer): Promise + { + if(frame.byteLength < NONCE_LEN + 16) throw new Error('encrypted frame too short'); + const nonce = new Uint8Array(frame, 0, NONCE_LEN); + const ct = frame.slice(NONCE_LEN); + return aesGcmDecrypt(this._sessionKey, nonce, ct); + } + + private async encryptAndSend(plaintext: ArrayBuffer): Promise + { + if(!this._sessionKey) return; + const nonce = randomNonce(); + const ct = await aesGcmEncrypt(this._sessionKey, nonce, plaintext); + const framed = new Uint8Array(NONCE_LEN + ct.byteLength); + framed.set(nonce, 0); + framed.set(new Uint8Array(ct), NONCE_LEN); + if(this._socket && this._socket.readyState === WebSocket.OPEN) this._socket.send(framed.buffer); + } + private onSocketOpened(): void { if(this._isReconnecting) @@ -270,7 +409,23 @@ export class SocketConnection implements IConnection { if(!this._socket || this._socket.readyState !== WebSocket.OPEN) return; - this._socket.send(buffer); + if(this._cryptoState === 'disabled') + { + this._socket.send(buffer); + return; + } + + if(this._cryptoState === 'ready') + { + this.encryptAndSend(buffer).catch(err => NitroLogger.error('[ws-crypto] encrypt failed', err)); + return; + } + + if(this._cryptoState === 'awaiting_server_hello') + { + this._pendingEncryptedSends.push(buffer); + return; + } } public processReceivedData(): void @@ -354,7 +509,6 @@ export class SocketConnection implements IConnection try { - //@ts-ignore const parser = new events[0].parserClass(); if(!parser || !parser.flush() || !parser.parse(wrapper)) return null; diff --git a/packages/communication/src/crypto/WsSessionCrypto.ts b/packages/communication/src/crypto/WsSessionCrypto.ts new file mode 100644 index 0000000..e92078c --- /dev/null +++ b/packages/communication/src/crypto/WsSessionCrypto.ts @@ -0,0 +1,119 @@ +export const HANDSHAKE_MAGIC = 0xC0DEC0DE | 0; +export const TYPE_SERVER_HELLO = 0x01; +export const TYPE_CLIENT_HELLO = 0x02; +export const HKDF_INFO = 'nitro-ws-v1'; +export const AES_KEY_BITS = 256; +export const NONCE_LEN = 12; +export const GCM_TAG_LEN = 16; + +export async function generateEphemeralKeyPair(): Promise +{ + return window.crypto.subtle.generateKey({ name: 'ECDH', namedCurve: 'P-256' }, true, [ 'deriveBits' ]); +} + +export async function exportPublicKeySpki(publicKey: CryptoKey): Promise +{ + return window.crypto.subtle.exportKey('spki', publicKey); +} + +export async function importPublicKeySpki(spki: ArrayBuffer): Promise +{ + return window.crypto.subtle.importKey('spki', spki, { name: 'ECDH', namedCurve: 'P-256' }, false, []); +} + +export async function deriveSharedSecret(ourPrivate: CryptoKey, theirPublic: CryptoKey): Promise +{ + return window.crypto.subtle.deriveBits({ name: 'ECDH', public: theirPublic }, ourPrivate, 256); +} + +export async function deriveAesKey(sharedSecret: ArrayBuffer): Promise +{ + const ikm = await window.crypto.subtle.importKey('raw', sharedSecret, 'HKDF', false, [ 'deriveKey' ]); + return window.crypto.subtle.deriveKey( + { name: 'HKDF', hash: 'SHA-256', salt: new Uint8Array(32), info: new TextEncoder().encode(HKDF_INFO) }, + ikm, + { name: 'AES-GCM', length: AES_KEY_BITS }, + false, + [ 'encrypt', 'decrypt' ] + ); +} + +export async function aesGcmEncrypt(key: CryptoKey, nonce: Uint8Array, plaintext: ArrayBuffer): Promise +{ + return window.crypto.subtle.encrypt({ name: 'AES-GCM', iv: nonce, tagLength: GCM_TAG_LEN * 8 }, key, plaintext); +} + +export async function aesGcmDecrypt(key: CryptoKey, nonce: Uint8Array, ciphertextWithTag: ArrayBuffer): Promise +{ + return window.crypto.subtle.decrypt({ name: 'AES-GCM', iv: nonce, tagLength: GCM_TAG_LEN * 8 }, key, ciphertextWithTag); +} + +export function randomNonce(): Uint8Array +{ + const n = new Uint8Array(NONCE_LEN); + window.crypto.getRandomValues(n); + return n; +} + +export function buildClientHello(pubkeySpki: ArrayBuffer): ArrayBuffer +{ + const out = new Uint8Array(4 + 1 + 2 + pubkeySpki.byteLength); + const dv = new DataView(out.buffer); + dv.setUint32(0, HANDSHAKE_MAGIC, false); + out[4] = TYPE_CLIENT_HELLO; + dv.setUint16(5, pubkeySpki.byteLength, false); + out.set(new Uint8Array(pubkeySpki), 7); + return out.buffer; +} + +export interface ParsedServerHello +{ + pubkeySpki: ArrayBuffer; + signature: ArrayBuffer | null; +} + +export function parseServerHello(frame: ArrayBuffer): ParsedServerHello +{ + if (frame.byteLength < 7) throw new Error('server_hello frame too short'); + const dv = new DataView(frame); + const magic = dv.getUint32(0, false); + if (magic >>> 0 !== (HANDSHAKE_MAGIC >>> 0)) throw new Error('server_hello magic mismatch'); + const type = dv.getUint8(4); + if (type !== TYPE_SERVER_HELLO) throw new Error(`expected server_hello, got type=0x${ type.toString(16) }`); + + const keyLen = dv.getUint16(5, false); + if (keyLen <= 0 || keyLen > frame.byteLength - 7) throw new Error(`invalid server key length ${ keyLen }`); + const pubkeySpki = frame.slice(7, 7 + keyLen); + + const remaining = frame.byteLength - (7 + keyLen); + if (remaining === 0) return { pubkeySpki, signature: null }; + if (remaining < 2) throw new Error('truncated signature trailer'); + const sigLen = dv.getUint16(7 + keyLen, false); + if (sigLen <= 0 || 7 + keyLen + 2 + sigLen !== frame.byteLength) throw new Error(`invalid signature length ${ sigLen }`); + const signature = frame.slice(7 + keyLen + 2, 7 + keyLen + 2 + sigLen); + return { pubkeySpki, signature }; +} + +export async function importSigningPublicKeyFromBase64(spkiBase64: string): Promise +{ + const bin = atob(spkiBase64.replace(/-/g, '+').replace(/_/g, '/')); + const bytes = new Uint8Array(bin.length); + for (let i = 0; i < bin.length; i++) bytes[i] = bin.charCodeAt(i); + return window.crypto.subtle.importKey( + 'spki', + bytes.buffer, + { name: 'ECDSA', namedCurve: 'P-256' }, + false, + [ 'verify' ] + ); +} + +export async function verifyEphemeralSignature(signingKey: CryptoKey, signature: ArrayBuffer, signedBytes: ArrayBuffer): Promise +{ + return window.crypto.subtle.verify( + { name: 'ECDSA', hash: 'SHA-256' }, + signingKey, + signature, + signedBytes + ); +} diff --git a/packages/communication/src/crypto/index.ts b/packages/communication/src/crypto/index.ts new file mode 100644 index 0000000..0a97306 --- /dev/null +++ b/packages/communication/src/crypto/index.ts @@ -0,0 +1 @@ +export * from './WsSessionCrypto'; diff --git a/packages/communication/src/index.ts b/packages/communication/src/index.ts index 5f617ab..02a98fc 100644 --- a/packages/communication/src/index.ts +++ b/packages/communication/src/index.ts @@ -4,6 +4,7 @@ export * from './NitroMessages'; export * from './SocketConnection'; export * from './codec'; export * from './codec/evawire'; +export * from './crypto'; export * from './messages'; export * from './messages/incoming'; export * from './messages/incoming/advertisement'; diff --git a/packages/room/src/renderer/RoomSpriteCanvas.ts b/packages/room/src/renderer/RoomSpriteCanvas.ts index 19a4b67..e1f1b09 100644 --- a/packages/room/src/renderer/RoomSpriteCanvas.ts +++ b/packages/room/src/renderer/RoomSpriteCanvas.ts @@ -378,49 +378,20 @@ export class RoomSpriteCanvas implements IRoomRenderingCanvas let leftIdx = 0; let rightIdx = 0; + let maxY = hull[0].y; for(let i = 1; i < hull.length; i++) { if(hull[i].x < hull[leftIdx].x) leftIdx = i; if(hull[i].x > hull[rightIdx].x) rightIdx = i; + if(hull[i].y > maxY) maxY = hull[i].y; } - const n = hull.length; - - // Collect arc going CCW: leftIdx → rightIdx via increasing indices - const arcCCW: { x: number; y: number }[] = []; - let idx = leftIdx; - - while(idx !== rightIdx) - { - arcCCW.push(hull[idx]); - idx = (idx + 1) % n; - } - - arcCCW.push(hull[rightIdx]); - - // Collect arc going CW: leftIdx → rightIdx via decreasing indices - const arcCW: { x: number; y: number }[] = []; - idx = leftIdx; - - while(idx !== rightIdx) - { - arcCW.push(hull[idx]); - idx = (idx - 1 + n) % n; - } - - arcCW.push(hull[rightIdx]); - - // Bottom arc = the arc with larger average Y (floor/front tiles) - const avgCCW = arcCCW.reduce((s, p) => s + p.y, 0) / arcCCW.length; - const avgCW = arcCW.reduce((s, p) => s + p.y, 0) / arcCW.length; - const bottomArc = avgCCW >= avgCW ? arcCCW : arcCW; - - // Build polygon: extend upward far above walls, then trace bottom boundary return [ - { x: hull[leftIdx].x, y: -extension }, - { x: hull[rightIdx].x, y: -extension }, - ...bottomArc.slice().reverse() + { x: hull[leftIdx].x - extension, y: -extension }, + { x: hull[rightIdx].x + extension, y: -extension }, + { x: hull[rightIdx].x + extension, y: maxY + extension }, + { x: hull[leftIdx].x - extension, y: maxY + extension } ]; }