client: P2P Encrypted Messaging#18
Open
martonp wants to merge 2 commits intobisoncraft:masterfrom
Open
Conversation
This commit implements encrypted p2p messaging. MessagePeer and HandlePeerMessage functions are added to the Client. Peers use symmetric encryption keys derived via Elliptic Curve Diffie- Hellman (ECDH) to communicate privately. When a client communicates with another Client for the first time, it sends a signed HandshakeRequest containing an ephemeral public key. The counterparty responds with its own ephemeral public key, allowing both parties to derive the shared key. To avoid handshake race conditions and allow key rotation/expiry without interrupting communication, the client stores up to 5 keys per peer. The latest key is used for outbound encryption, while previous keys remain available for decrypting inbound messages during rotation. Each encrypted message is tagged with a key ID so the receiver can select the right key. Keys expire after 1 hour.
dnldd
suggested changes
Mar 11, 2026
Comment on lines
+152
to
+154
| unsignedReq := proto.Clone(hsResp).(*clientpb.HandshakeResponse) | ||
| unsignedReq.Signature = nil | ||
| unsignedReqPayload, err := proto.Marshal(unsignedReq) |
Contributor
There was a problem hiding this comment.
This is cloning the message just to unset the signature field. It's more expensive than reconstructing the unsigned response.
unsignedResp := &clientpb.HandshakeResponse{
Nonce: hsResp.GetNonce(),
PublicKey: hsResp.GetPublicKey(),
// Leave Signature unset (defaults to nil)
}
Contributor
Author
There was a problem hiding this comment.
It's true, but cloning allows this to keep working even if there are unknown fields (the schema changes in a newer version but someone is still running an older version). The cost of this cloning is minor compared to signature verification anyways.
Comment on lines
+300
to
+302
| unsignedReq := proto.Clone(hsReq).(*clientpb.HandshakeRequest) | ||
| unsignedReq.Signature = nil | ||
| unsignedReqPayload, err := proto.Marshal(unsignedReq) |
Contributor
There was a problem hiding this comment.
Same cloning issue here, refer to the comment above.
| return fmt.Errorf("client host not initialized") | ||
| } | ||
|
|
||
| c.host.SetStreamHandler(protocols.TatankaRelayMessageProtocol, func(s network.Stream) { |
Contributor
There was a problem hiding this comment.
I think the inlined handler here can be refactored into handleTatankaRelayMessage
Comment on lines
+251
to
+253
| return []byte("tatanka-p2p-v1|" + string(a) + "|" + string(b)) | ||
| } | ||
| return []byte("tatanka-p2p-v1|" + string(b) + "|" + string(a)) |
Contributor
There was a problem hiding this comment.
Let's make the protocol version prefix tatanka-p2p-v1 and separator | constants.
dnldd
approved these changes
Mar 13, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This commit implements encrypted p2p messaging. MessagePeer and HandlePeerMessage functions are added to the Client.
Peers use symmetric encryption keys derived via Elliptic Curve Diffie- Hellman (ECDH) to communicate privately. When a client communicates with another Client for the first time, it sends a signed HandshakeRequest containing an ephemeral public key. The counterparty responds with its own ephemeral public key, allowing both parties to derive the shared key. To avoid handshake race conditions and allow key rotation/expiry without interrupting communication, the client stores up to 5 keys per peer. The latest key is used for outbound encryption, while previous keys remain available for decrypting inbound messages during rotation. Each encrypted message is tagged with a key ID so the receiver can select the right key. Keys expire after 1 hour.