The p2p library enables end-to-end encrypted communication between peers in different processes, devices and networks. The basis for its functionality is the libp2p framework, which is a system of protocols, specifications and libraries that enable the development of peer-to-peer network applications.
It was originally build as a communication layer for Stronghold, but may be used independently. It allows users to transmit generic 1:1 Request-Response messages between two peers, with an additional firewall that prevents unauthorized access. In case that a peer may not be dialed directly, it supports the usage of a relay peer that blindly relays the traffic between two peers.
Data is transmitted via a TCP transport with additional support for Websockets and DNS resolution. The transport is "upgraded" with the Yamux Protocol for multiplexing, and a Noise protocol that implements end-to-end encryption.
The Noise-handshake is based on the Diffie-Helllman key exchange and allows two peers that have no prior knowledge of each other to create a shared secret key over an insecure medium. We uses the XX-Pattern for the handshake.
A peer can establish a connection to a remote peer if they know the remote peer's address. If both peers are in the same local network, they can enable the Mdns feature, which implements automatic peer discovery in a local network.
If the two peers are in two different networks without public IP addresses, the library supports the usage of relay peers. The relay forwards all traffic between source and destination. Thanks to the Noise-encryption, the communication is end-to-end encrypted between the two peers, independently of whether a relay is used or not.
The network protocol implements a low-level firewall. The firewall approves or rejects each inbound request based on default and peer-specific rules. In addition to fixed rules, requests may also be approved or rejected individually in an asynchronous manner.