atsign-foundation
diff --git a/‎packages/dart/noports_core/lib/src/common/features.dart
Lines changed: 5 additions & 0 deletions b/‎packages/dart/noports_core/lib/src/common/features.dart
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/dart/noports_core/lib/src/common/types.dart
Lines changed: 4 additions & 2 deletions b/‎packages/dart/noports_core/lib/src/common/types.dart
Lines changed: 4 additions & 2 deletions
diff --git a/‎packages/dart/noports_core/lib/src/npt/npt.dart
Lines changed: 12 additions & 4 deletions b/‎packages/dart/noports_core/lib/src/npt/npt.dart
Lines changed: 12 additions & 4 deletions
diff --git a/‎packages/dart/noports_core/lib/src/srv/srv.dart
Lines changed: 36 additions & 16 deletions b/‎packages/dart/noports_core/lib/src/srv/srv.dart
Lines changed: 36 additions & 16 deletions
@@ -31,6 +31,9 @@ enum DaemonFeature {
 
   /// Understands [RelayAuthMode.escr]
   supportsRamEscr('1.4.0'),
+
+  /// Separate keys & IVs for client-to-server and server-to-client
+  twinKeys('1.5.0'),
   ;
 
   /// The version of the NoPorts control protocol which introduced this feature.
@@ -75,6 +78,8 @@ extension FeatureDescription on DaemonFeature {
         return 'handle heartbeat messages being send over the control channel';
       case DaemonFeature.supportsRamEscr:
         return 'support the \'ESCR\' relay auth mode';
+      case DaemonFeature.twinKeys:
+        return 'support separate keys for each direction';
     }
   }
 }
@@ -7,8 +7,10 @@ typedef SrvGenerator<T> = Srv<T> Function(
   bool? bindLocalPort,
   String? localHost,
   required RelayAuthenticator? relayAuthenticator,
-  String? sessionAESKeyString,
-  String? sessionIVString,
+  String? aesC2D,
+  String? ivC2D,
+  String? aesD2C,
+  String? ivD2C,
   bool multi,
   bool detached,
   Duration timeout,
 
@@ -256,6 +256,9 @@ class _NptImpl extends NptBase
     var msg = 'Sending session request to the device daemon';
     logger.info(msg);
     sendProgress(msg);
+    if (sshnpdChannel.twinKeys) {
+      logger.info('Session will use twinned keys');
+    }
 
     /// Send an ssh request to sshnpd
     await notify(
@@ -282,6 +285,7 @@ class _NptImpl extends NptBase
             requestedPort: params.remotePort,
             requestedHost: params.remoteHost,
             timeout: params.timeout,
+            twinKeys: sshnpdChannel.twinKeys,
           ).toJson()),
       checkForFinalDeliveryStatus: false,
       waitForFinalDeliveryStatus: false,
@@ -331,8 +335,10 @@ class _NptImpl extends NptBase
 
       await _srvdChannel.runSrv(
         localRvPort: localRvPort,
-        sessionAESKeyString: sshnpdChannel.sessionAESKeyString,
-        sessionIVString: sshnpdChannel.sessionIVString,
+        aesC2D: sshnpdChannel.aesC2D,
+        ivC2D: sshnpdChannel.ivC2D,
+        aesD2C: sshnpdChannel.aesD2C,
+        ivD2C: sshnpdChannel.ivD2C,
         multi: true,
         detached: true,
         timeout: params.timeout,
@@ -356,8 +362,10 @@ class _NptImpl extends NptBase
 
     SocketConnector sc = await _srvdChannel.runSrv(
       localRvPort: localRvPort,
-      sessionAESKeyString: sshnpdChannel.sessionAESKeyString,
-      sessionIVString: sshnpdChannel.sessionIVString,
+      aesC2D: sshnpdChannel.aesC2D,
+      ivC2D: sshnpdChannel.ivC2D,
+      aesD2C: sshnpdChannel.aesD2C,
+      ivD2C: sshnpdChannel.ivD2C,
       multi: true,
       detached: false,
       timeout: params.timeout,
 
@@ -27,11 +27,19 @@ abstract class Srv<T> {
 
   abstract final RelayAuthenticator? relayAuthenticator;
 
-  /// The AES key for encryption / decryption of the rv traffic
-  abstract final String? sessionAESKeyString;
+  /// The AES key for Client-to-Daemon encryption in a single-socket
+  /// session, or on the control channel for a multi-socket session
+  abstract final String? aesC2D;
 
-  /// The IV to use with the [sessionAESKeyString]
-  abstract final String? sessionIVString;
+  /// The IV to use with the [aesC2D]
+  abstract final String? ivC2D;
+
+  /// The AES key for Daemon-to-Client encryption in a single-socket
+  /// session, or on the control channel for a multi-socket session
+  abstract final String? aesD2C;
+
+  /// The IV to use with the [aesD2C]
+  abstract final String? ivD2C;
 
   /// Whether to bind a local port or not
   abstract final bool? bindLocalPort;
@@ -60,8 +68,10 @@ abstract class Srv<T> {
     bool? bindLocalPort,
     String? rvdAuthString,
     required RelayAuthenticator? relayAuthenticator,
-    String? sessionAESKeyString,
-    String? sessionIVString,
+    String? aesC2D,
+    String? ivC2D,
+    String? aesD2C,
+    String? ivD2C,
     bool multi = false,
     bool detached = false,
     Duration timeout = DefaultArgs.srvTimeout,
@@ -74,8 +84,10 @@ abstract class Srv<T> {
       localHost: localHost,
       bindLocalPort: bindLocalPort,
       relayAuthenticator: relayAuthenticator,
-      sessionAESKeyString: sessionAESKeyString,
-      sessionIVString: sessionIVString,
+      aesC2D: aesC2D,
+      ivC2D: ivC2D,
+      aesD2C: aesD2C,
+      ivD2C: ivD2C,
       multi: multi,
       timeout: timeout,
       controlChannelHeartbeat: controlChannelHeartbeat,
@@ -90,8 +102,10 @@ abstract class Srv<T> {
     String? localHost,
     String? rvdAuthString,
     required RelayAuthenticator? relayAuthenticator,
-    String? sessionAESKeyString,
-    String? sessionIVString,
+    String? aesC2D,
+    String? ivC2D,
+    String? aesD2C,
+    String? ivD2C,
     bool multi = false,
     bool detached = false,
     Duration timeout = DefaultArgs.srvTimeout,
@@ -104,8 +118,10 @@ abstract class Srv<T> {
       localHost: localHost,
       bindLocalPort: bindLocalPort!,
       relayAuthenticator: relayAuthenticator,
-      sessionAESKeyString: sessionAESKeyString,
-      sessionIVString: sessionIVString,
+      aesC2D: aesC2D,
+      ivC2D: ivC2D,
+      aesD2C: aesD2C,
+      ivD2C: ivD2C,
       multi: multi,
       detached: detached,
       timeout: timeout,
@@ -121,8 +137,10 @@ abstract class Srv<T> {
     String? localHost,
     String? rvdAuthString,
     required RelayAuthenticator? relayAuthenticator,
-    String? sessionAESKeyString,
-    String? sessionIVString,
+    String? aesC2D,
+    String? ivC2D,
+    String? aesD2C,
+    String? ivD2C,
     bool multi = false,
     bool detached = false,
     Duration timeout = DefaultArgs.srvTimeout,
@@ -132,8 +150,10 @@ abstract class Srv<T> {
       streamingHost,
       streamingPort,
       relayAuthenticator: relayAuthenticator,
-      sessionAESKeyString: sessionAESKeyString,
-      sessionIVString: sessionIVString,
+      aesC2D: aesC2D,
+      ivC2D: ivC2D,
+      aesD2C: aesD2C,
+      ivD2C: ivD2C,
       multi: multi,
       timeout: timeout,
       controlChannelHeartbeat: controlChannelHeartbeat,
Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,9 @@ enum DaemonFeature {`
`31`	`31`
`32`	`32`	`/// Understands [RelayAuthMode.escr]`
`33`	`33`	`supportsRamEscr('1.4.0'),`
	`34`	`+`
	`35`	`+ /// Separate keys & IVs for client-to-server and server-to-client`
	`36`	`+ twinKeys('1.5.0'),`
`34`	`37`	`;`
`35`	`38`
`36`	`39`	`/// The version of the NoPorts control protocol which introduced this feature.`
`@@ -75,6 +78,8 @@ extension FeatureDescription on DaemonFeature {`
`75`	`78`	`return 'handle heartbeat messages being send over the control channel';`
`76`	`79`	`case DaemonFeature.supportsRamEscr:`
`77`	`80`	`return 'support the \'ESCR\' relay auth mode';`
	`81`	`+ case DaemonFeature.twinKeys:`
	`82`	`+ return 'support separate keys for each direction';`
`78`	`83`	`}`
`79`	`84`	`}`
`80`	`85`	`}`