js-libp2p-noise/src/utils.ts

import {HKDF, SHA256, x25519} from 'bcrypto';
import {Buffer} from "buffer";
import PeerId from "peer-id";
import * as crypto from 'libp2p-crypto';
import {KeyPair} from "./@types/libp2p";
import {bytes, bytes32} from "./@types/basic";
import {Hkdf, INoisePayload} from "./@types/handshake";
import {pb} from "./proto/payload";

const NoiseHandshakePayloadProto = pb.NoiseHandshakePayload;

export function generateKeypair(): KeyPair {
  const privateKey = x25519.privateKeyGenerate();
  const publicKey = x25519.publicKeyCreate(privateKey);

  return {
    publicKey,
    privateKey,
  }
}

export async function getPayload(
  localPeer: PeerId,
  staticPublicKey: bytes,
  earlyData?: bytes,
): Promise<bytes> {
  const signedPayload = await signPayload(localPeer, getHandshakePayload(staticPublicKey));
  const earlyDataPayload = earlyData || Buffer.alloc(0);

  return await createHandshakePayload(
    localPeer.marshalPubKey(),
    signedPayload,
    earlyDataPayload
  );
}

export async function createHandshakePayload(
  libp2pPublicKey: bytes,
  signedPayload: bytes,
  earlyData?: bytes,
): Promise<bytes> {

  const payloadInit = NoiseHandshakePayloadProto.create({
    identityKey: libp2pPublicKey,
    identitySig: signedPayload,
    data: earlyData || null,
  });

  return Buffer.from(NoiseHandshakePayloadProto.encode(payloadInit).finish());
}


export async function signPayload(peerId: PeerId, payload: bytes): Promise<bytes> {
  return peerId.privKey.sign(payload);
}

export async function getPeerIdFromPayload(payload: pb.INoiseHandshakePayload): Promise<PeerId> {
  return await PeerId.createFromPubKey(Buffer.from(payload.identityKey as Uint8Array));
}

export async function decodePayload(payload: bytes|Uint8Array): Promise<pb.INoiseHandshakePayload> {
  return NoiseHandshakePayloadProto.toObject(
    NoiseHandshakePayloadProto.decode(Buffer.from(payload))
  ) as INoisePayload;
}

export function getHandshakePayload(publicKey: bytes): bytes {
  return Buffer.concat([Buffer.from("noise-libp2p-static-key:"), publicKey]);
}

async function isValidPeerId(peerId: bytes, publicKeyProtobuf: bytes) {
  const generatedPeerId = await PeerId.createFromPubKey(publicKeyProtobuf);
  return generatedPeerId.id.equals(peerId);
}

/**
 * Verifies signed payload, throws on any irregularities.
 * @param {bytes} noiseStaticKey - owner's noise static key
 * @param {bytes} payload - decoded payload
 * @param {PeerId} remotePeer - owner's libp2p peer ID
 * @returns {Promise<PeerId>} - peer ID of payload owner
 */
export async function verifySignedPayload(
  noiseStaticKey: bytes,
  payload: pb.INoiseHandshakePayload,
  remotePeer: PeerId
): Promise<PeerId> {
  const identityKey = Buffer.from(payload.identityKey as Uint8Array);
  if (!(await isValidPeerId(remotePeer.id, identityKey))) {
    throw new Error("Peer ID doesn't match libp2p public key.");
  }
  const generatedPayload = getHandshakePayload(noiseStaticKey);
  // Unmarshaling from PublicKey protobuf
  const publicKey = crypto.keys.unmarshalPublicKey(identityKey);
  if (!publicKey.verify(generatedPayload, payload.identitySig)) {
    throw new Error("Static key doesn't match to peer that signed payload!");
  }
  return remotePeer;
}

export function getHkdf(ck: bytes32, ikm: bytes): Hkdf {
  const info = Buffer.alloc(0);
  const prk = HKDF.extract(SHA256, ikm, ck);
  const okm = HKDF.expand(SHA256, prk, info, 96);

  const k1 = okm.slice(0, 32);
  const k2 = okm.slice(32, 64);
  const k3 = okm.slice(64, 96);

  return [k1, k2, k3];
}

export function isValidPublicKey(pk: bytes): boolean {
  return x25519.publicKeyVerify(pk.slice(0, 32));
}
adjust code to new proto 2020-02-17 09:18:44 +01:00			`import {HKDF, SHA256, x25519} from 'bcrypto';`
			`import {Buffer} from "buffer";`
Write functions for verification 2019-12-02 12:53:00 +01:00			`import PeerId from "peer-id";`
Verify peer id 2019-12-03 13:39:33 +01:00			`import * as crypto from 'libp2p-crypto';`
adjust code to new proto 2020-02-17 09:18:44 +01:00			`import {KeyPair} from "./@types/libp2p";`
Move common function to abstract class 2019-12-24 21:15:38 +01:00			`import {bytes, bytes32} from "./@types/basic";`
Add type for decoded payload 2020-02-10 13:38:35 +01:00			`import {Hkdf, INoisePayload} from "./@types/handshake";`
adjust code to new proto 2020-02-17 09:18:44 +01:00			`import {pb} from "./proto/payload";`
Handshake payload refactor 2019-11-20 21:38:14 +01:00
adjust code to new proto 2020-02-17 09:18:44 +01:00			`const NoiseHandshakePayloadProto = pb.NoiseHandshakePayload;`
Create interface according to spec 2019-11-11 21:58:04 +01:00
Fix eslint 2019-11-28 17:53:27 +01:00			`export function generateKeypair(): KeyPair {`
Create interface according to spec 2019-11-11 21:58:04 +01:00			`const privateKey = x25519.privateKeyGenerate();`
			`const publicKey = x25519.publicKeyCreate(privateKey);`

			`return {`
			`publicKey,`
			`privateKey,`
			`}`
			`}`

use libp2p keys from PeerId argument 2020-01-07 16:59:41 +01:00			`export async function getPayload(`
			`localPeer: PeerId,`
			`staticPublicKey: bytes,`
			`earlyData?: bytes,`
			`): Promise<bytes> {`
			`const signedPayload = await signPayload(localPeer, getHandshakePayload(staticPublicKey));`
Remove signing early data payload and prefix 2020-02-05 22:16:48 +01:00			`const earlyDataPayload = earlyData \|\| Buffer.alloc(0);`
use libp2p keys from PeerId argument 2020-01-07 16:59:41 +01:00
			`return await createHandshakePayload(`
			`localPeer.marshalPubKey(),`
			`signedPayload,`
Remove signing early data payload and prefix 2020-02-05 22:16:48 +01:00			`earlyDataPayload`
use libp2p keys from PeerId argument 2020-01-07 16:59:41 +01:00			`);`
			`}`

Handshake payload refactor 2019-11-20 21:38:14 +01:00			`export async function createHandshakePayload(`
Written handshake exchange 2019-11-21 13:38:39 +01:00			`libp2pPublicKey: bytes,`
Handshake payload refactor 2019-11-20 21:38:14 +01:00			`signedPayload: bytes,`
Remove signing early data payload and prefix 2020-02-05 22:16:48 +01:00			`earlyData?: bytes,`
Fix eslint 2019-11-28 17:53:27 +01:00			`): Promise<bytes> {`
Update handling keys, refactoring 2019-11-28 17:32:46 +01:00
adjust code to new proto 2020-02-17 09:18:44 +01:00			`const payloadInit = NoiseHandshakePayloadProto.create({`
Rename protobuf fields 2020-02-05 22:10:51 +01:00			`identityKey: libp2pPublicKey,`
			`identitySig: signedPayload,`
adjust code to new proto 2020-02-17 09:18:44 +01:00			`data: earlyData \|\| null,`
Handshake payload refactor 2019-11-20 21:38:14 +01:00			`});`

adjust code to new proto 2020-02-17 09:18:44 +01:00			`return Buffer.from(NoiseHandshakePayloadProto.encode(payloadInit).finish());`
Handshake payload refactor 2019-11-20 21:38:14 +01:00			`}`


use libp2p keys from PeerId argument 2020-01-07 16:59:41 +01:00			`export async function signPayload(peerId: PeerId, payload: bytes): Promise<bytes> {`
			`return peerId.privKey.sign(payload);`
Create interface according to spec 2019-11-11 21:58:04 +01:00			`}`
Handshake payload refactor 2019-11-20 21:38:14 +01:00
adjust code to new proto 2020-02-17 09:18:44 +01:00			`export async function getPeerIdFromPayload(payload: pb.INoiseHandshakePayload): Promise<PeerId> {`
			`return await PeerId.createFromPubKey(Buffer.from(payload.identityKey as Uint8Array));`
better ik flow 2020-02-07 20:21:27 +01:00			`}`

fix buffer usage in browser 2020-03-11 09:43:40 +01:00			`export async function decodePayload(payload: bytes\|Uint8Array): Promise<pb.INoiseHandshakePayload> {`
adjust code to new proto 2020-02-17 09:18:44 +01:00			`return NoiseHandshakePayloadProto.toObject(`
fix buffer usage in browser 2020-03-11 09:43:40 +01:00			`NoiseHandshakePayloadProto.decode(Buffer.from(payload))`
Add type for decoded payload 2020-02-10 13:38:35 +01:00			`) as INoisePayload;`
better ik flow 2020-02-07 20:21:27 +01:00			`}`

fix return types 2020-02-14 10:10:42 +01:00			`export function getHandshakePayload(publicKey: bytes): bytes {`
			`return Buffer.concat([Buffer.from("noise-libp2p-static-key:"), publicKey]);`
			`}`
Update handling keys, refactoring 2019-11-28 17:32:46 +01:00
Verify peer id 2019-12-03 13:39:33 +01:00			`async function isValidPeerId(peerId: bytes, publicKeyProtobuf: bytes) {`
			`const generatedPeerId = await PeerId.createFromPubKey(publicKeyProtobuf);`
			`return generatedPeerId.id.equals(peerId);`
Write functions for verification 2019-12-02 12:53:00 +01:00			`}`

Update setting remote id 2020-02-08 12:23:35 +01:00			`/**`
Address PR comment and refactor setting remote peer 2020-02-10 13:51:32 +01:00			`* Verifies signed payload, throws on any irregularities.`
Update setting remote id 2020-02-08 12:23:35 +01:00			`* @param {bytes} noiseStaticKey - owner's noise static key`
Address PR comment and refactor setting remote peer 2020-02-10 13:51:32 +01:00			`* @param {bytes} payload - decoded payload`
			`* @param {PeerId} remotePeer - owner's libp2p peer ID`
Update setting remote id 2020-02-08 12:23:35 +01:00			`* @returns {Promise<PeerId>} - peer ID of payload owner`
			`*/`
			`export async function verifySignedPayload(`
			`noiseStaticKey: bytes,`
adjust code to new proto 2020-02-17 09:18:44 +01:00			`payload: pb.INoiseHandshakePayload,`
Address PR comment and refactor setting remote peer 2020-02-10 13:51:32 +01:00			`remotePeer: PeerId`
Update setting remote id 2020-02-08 12:23:35 +01:00			`): Promise<PeerId> {`
fix buffer usage in browser 2020-03-11 09:43:40 +01:00			`const identityKey = Buffer.from(payload.identityKey as Uint8Array);`
			`if (!(await isValidPeerId(remotePeer.id, identityKey))) {`
Verify peer id 2019-12-03 13:39:33 +01:00			`throw new Error("Peer ID doesn't match libp2p public key.");`
			`}`
			`const generatedPayload = getHandshakePayload(noiseStaticKey);`
Remove comment 2020-01-07 17:08:08 +01:00			`// Unmarshaling from PublicKey protobuf`
fix buffer usage in browser 2020-03-11 09:43:40 +01:00			`const publicKey = crypto.keys.unmarshalPublicKey(identityKey);`
Address PR comment and refactor setting remote peer 2020-02-10 13:51:32 +01:00			`if (!publicKey.verify(generatedPayload, payload.identitySig)) {`
Update timing of initiator payloading sending to verify that payload 2019-12-02 15:24:49 +01:00			`throw new Error("Static key doesn't match to peer that signed payload!");`
Write functions for verification 2019-12-02 12:53:00 +01:00			`}`
Update setting remote id 2020-02-08 12:23:35 +01:00			`return remotePeer;`
Write functions for verification 2019-12-02 12:53:00 +01:00			`}`
Move common function to abstract class 2019-12-24 21:15:38 +01:00
			`export function getHkdf(ck: bytes32, ikm: bytes): Hkdf {`
			`const info = Buffer.alloc(0);`
			`const prk = HKDF.extract(SHA256, ikm, ck);`
			`const okm = HKDF.expand(SHA256, prk, info, 96);`

			`const k1 = okm.slice(0, 32);`
			`const k2 = okm.slice(32, 64);`
			`const k3 = okm.slice(64, 96);`

adjust code to new proto 2020-02-17 09:18:44 +01:00			`return [k1, k2, k3];`
Move common function to abstract class 2019-12-24 21:15:38 +01:00			`}`
Address PR comments 2019-12-29 18:23:43 +01:00
			`export function isValidPublicKey(pk: bytes): boolean {`
handle aead auth tag 2020-02-17 12:11:55 +01:00			`return x25519.publicKeyVerify(pk.slice(0, 32));`
Address PR comments 2019-12-29 18:23:43 +01:00			`}`