Go (transport.go, crypto.go): - DeriveForNetwork: HKDF per-room Ed25519 identity to avoid anchor peer-ID collision when daemon holds multiple simultaneous pair-room connections (§ waste-go pattern) - sendHello: sign prefix||local_fp||remote_fp per yaw/2 §6 DTLS fingerprint binding - onControl hello: verify fingerprint binding + sig before setting verified=true - FileOffer.SHA256: carry file hash in offer message per yaw/2 §9 - SendFile: sha256 before offer, sends file-done with hash after streaming - wireFileRecv: pion Detach API + sha256 during recv + wait for file-done + verify - pendingDones map: goroutine-safe channel for file-done routing - signaling keepalive: ping with 10 s timeout, 3-min read deadline on anchor loop PWA (flit.ts): - dtlsFP/sha256hex helpers - Split PeerConn.signalingId (routing) from .peerId (cryptoId, for crypto/hello) - _sendHello: include DTLS fingerprints in signature per §6 - _onControl hello: verify fingerprint binding - sendFile: async, sha256 before offer - _stream: send file-done after DC close - _wire: set dataComplete=true on DC close, defer emit until file-done arrives - _onControl file-done: set expectedSHA256, conditionally call _finalizeRecv - _finalizeRecv: concatenate bufs, verify sha256, create URL, emit fileRecv Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
24 KiB
24 KiB