mirror of
https://github.com/fluencelabs/js-libp2p-noise
synced 2025-06-20 09:26:47 +00:00
Merge remote-tracking branch 'remotes/origin/master' into feature/xx-fallback
# Conflicts: # src/handshake-xx.ts # src/noise.ts # src/utils.ts # test/noise.test.ts # test/xx-handshake.test.ts
This commit is contained in:
Belma Gutlic
@ -6,10 +6,6 @@ import { bytes, bytes32 } from "./@types/basic";
|
||||
import { NoiseSession } from "./@types/handshake";
|
||||
import {IHandshake} from "./@types/handshake-interface";
|
||||
import {
|
||||
createHandshakePayload,
|
||||
getHandshakePayload,
|
||||
signEarlyDataPayload,
|
||||
signPayload,
|
||||
verifySignedPayload,
|
||||
} from "./utils";
|
||||
import { logger } from "./logger";
|
||||
@ -28,11 +24,11 @@ export class XXHandshake implements IHandshake {
|
||||
protected remotePeer: PeerId;
|
||||
|
||||
private prologue: bytes32;
|
||||
private payload: bytes;
|
||||
|
||||
constructor(
|
||||
isInitiator: boolean,
|
||||
libp2pPrivateKey: bytes,
|
||||
libp2pPublicKey: bytes,
|
||||
payload: bytes,
|
||||
prologue: bytes32,
|
||||
staticKeypair: KeyPair,
|
||||
connection: WrappedConnection,
|
||||
@ -40,8 +36,7 @@ export class XXHandshake implements IHandshake {
|
||||
handshake?: XX,
|
||||
) {
|
||||
this.isInitiator = isInitiator;
|
||||
this.libp2pPrivateKey = libp2pPrivateKey;
|
||||
this.libp2pPublicKey = libp2pPublicKey;
|
||||
this.payload = payload;
|
||||
this.prologue = prologue;
|
||||
this.staticKeypair = staticKeypair;
|
||||
this.connection = connection;
|
||||
@ -83,34 +78,17 @@ export class XXHandshake implements IHandshake {
|
||||
logger("All good with the signature!");
|
||||
} else {
|
||||
logger('Stage 1 - Responder sending out first message with signed payload and static key.');
|
||||
const signedPayload = signPayload(this.libp2pPrivateKey, getHandshakePayload(this.staticKeypair.publicKey));
|
||||
const signedEarlyDataPayload = signEarlyDataPayload(this.libp2pPrivateKey, Buffer.alloc(0));
|
||||
const handshakePayload = await createHandshakePayload(
|
||||
this.libp2pPublicKey,
|
||||
this.libp2pPrivateKey,
|
||||
signedPayload,
|
||||
signedEarlyDataPayload,
|
||||
);
|
||||
|
||||
const messageBuffer = this.xx.sendMessage(this.session, handshakePayload);
|
||||
const messageBuffer = this.xx.sendMessage(this.session, this.payload);
|
||||
this.connection.writeLP(encode1(messageBuffer));
|
||||
logger('Stage 1 - Responder sent the second handshake message with signed payload.')
|
||||
}
|
||||
}
|
||||
|
||||
// stage 2
|
||||
public async finish(earlyData?: bytes): Promise<void> {
|
||||
public async finish(): Promise<void> {
|
||||
if (this.isInitiator) {
|
||||
logger('Stage 2 - Initiator sending third handshake message.');
|
||||
const signedPayload = signPayload(this.libp2pPrivateKey, getHandshakePayload(this.staticKeypair.publicKey));
|
||||
const signedEarlyDataPayload = signEarlyDataPayload(this.libp2pPrivateKey, earlyData || Buffer.alloc(0));
|
||||
const handshakePayload = await createHandshakePayload(
|
||||
this.libp2pPublicKey,
|
||||
this.libp2pPrivateKey,
|
||||
signedPayload,
|
||||
signedEarlyDataPayload
|
||||
);
|
||||
const messageBuffer = this.xx.sendMessage(this.session, handshakePayload);
|
||||
const messageBuffer = this.xx.sendMessage(this.session, this.payload);
|
||||
this.connection.writeLP(encode1(messageBuffer));
|
||||
logger('Stage 2 - Initiator sent message with signed payload.');
|
||||
} else {
|
||||
|
||||
31
src/noise.ts
31
src/noise.ts
@ -9,7 +9,7 @@ import lp from 'it-length-prefixed';
|
||||
import { XXHandshake } from "./handshake-xx";
|
||||
import { IKHandshake } from "./handshake-ik";
|
||||
import { XXFallbackHandshake } from "./handshake-xx-fallback";
|
||||
import { generateKeypair } from "./utils";
|
||||
import { generateKeypair, getPayload } from "./utils";
|
||||
import { uint16BEDecode, uint16BEEncode } from "./encoder";
|
||||
import { decryptStream, encryptStream } from "./crypto";
|
||||
import { bytes } from "./@types/basic";
|
||||
@ -34,8 +34,7 @@ export class Noise implements NoiseConnection {
|
||||
private readonly staticKeys: KeyPair;
|
||||
private readonly earlyData?: bytes;
|
||||
|
||||
constructor(privateKey: bytes, staticNoiseKey?: bytes, earlyData?: bytes) {
|
||||
this.privateKey = privateKey;
|
||||
constructor(staticNoiseKey?: bytes, earlyData?: bytes) {
|
||||
this.earlyData = earlyData || Buffer.alloc(0);
|
||||
|
||||
if (staticNoiseKey) {
|
||||
@ -58,11 +57,10 @@ export class Noise implements NoiseConnection {
|
||||
*/
|
||||
public async secureOutbound(localPeer: PeerId, connection: any, remotePeer: PeerId): Promise<SecureOutbound> {
|
||||
const wrappedConnection = Wrap(connection);
|
||||
const libp2pPublicKey = localPeer.marshalPubKey();
|
||||
const handshake = await this.performHandshake({
|
||||
connection: wrappedConnection,
|
||||
isInitiator: true,
|
||||
libp2pPublicKey,
|
||||
localPeer,
|
||||
remotePeer,
|
||||
});
|
||||
const conn = await this.createSecureConnection(wrappedConnection, handshake);
|
||||
@ -82,11 +80,10 @@ export class Noise implements NoiseConnection {
|
||||
*/
|
||||
public async secureInbound(localPeer: PeerId, connection: any, remotePeer: PeerId): Promise<SecureOutbound> {
|
||||
const wrappedConnection = Wrap(connection);
|
||||
const libp2pPublicKey = localPeer.marshalPubKey();
|
||||
const handshake = await this.performHandshake({
|
||||
connection: wrappedConnection,
|
||||
isInitiator: false,
|
||||
libp2pPublicKey,
|
||||
localPeer,
|
||||
remotePeer
|
||||
});
|
||||
const conn = await this.createSecureConnection(wrappedConnection, handshake);
|
||||
@ -107,35 +104,37 @@ export class Noise implements NoiseConnection {
|
||||
*/
|
||||
private async performHandshake(params: HandshakeParams): Promise<IHandshake> {
|
||||
// TODO: Implement noise pipes
|
||||
const payload = await getPayload(params.localPeer, this.staticKeys.publicKey, this.earlyData);
|
||||
|
||||
if (false) {
|
||||
let IKhandshake;
|
||||
try {
|
||||
IKhandshake = await this.performIKHandshake(params);
|
||||
IKhandshake = await this.performIKHandshake(params, payload);
|
||||
return IKhandshake;
|
||||
} catch (e) {
|
||||
// XX fallback
|
||||
const ephemeralKeys = IKhandshake.getRemoteEphemeralKeys();
|
||||
return await this.performXXFallbackHandshake(params, ephemeralKeys, e.initialMsg);
|
||||
return await this.performXXFallbackHandshake(params, payload, ephemeralKeys, e.initialMsg);
|
||||
}
|
||||
} else {
|
||||
return await this.performXXHandshake(params);
|
||||
return await this.performXXHandshake(params, payload);
|
||||
}
|
||||
}
|
||||
|
||||
private async performXXFallbackHandshake(
|
||||
params: HandshakeParams,
|
||||
payload: bytes,
|
||||
ephemeralKeys: KeyPair,
|
||||
initialMsg: bytes,
|
||||
): Promise<XXFallbackHandshake> {
|
||||
const { isInitiator, libp2pPublicKey, remotePeer, connection } = params;
|
||||
const handshake =
|
||||
new XXFallbackHandshake(isInitiator, this.privateKey, libp2pPublicKey, this.prologue, this.staticKeys, connection, remotePeer, initialMsg, ephemeralKeys);
|
||||
new XXFallbackHandshake(isInitiator, payload, this.privateKey, libp2pPublicKey, this.prologue, this.staticKeys, connection, remotePeer, initialMsg, ephemeralKeys);
|
||||
|
||||
try {
|
||||
await handshake.propose();
|
||||
await handshake.exchange();
|
||||
await handshake.finish(this.earlyData);
|
||||
await handshake.finish();
|
||||
} catch (e) {
|
||||
throw new Error(`Error occurred during XX Fallback handshake: ${e.message}`);
|
||||
}
|
||||
@ -145,14 +144,15 @@ export class Noise implements NoiseConnection {
|
||||
|
||||
private async performXXHandshake(
|
||||
params: HandshakeParams,
|
||||
payload: bytes,
|
||||
): Promise<XXHandshake> {
|
||||
const { isInitiator, libp2pPublicKey, remotePeer, connection } = params;
|
||||
const handshake = new XXHandshake(isInitiator, this.privateKey, libp2pPublicKey, this.prologue, this.staticKeys, connection, remotePeer);
|
||||
const handshake = new XXHandshake(isInitiator, payload, this.privateKey, libp2pPublicKey, this.prologue, this.staticKeys, connection, remotePeer);
|
||||
|
||||
try {
|
||||
await handshake.propose();
|
||||
await handshake.exchange();
|
||||
await handshake.finish(this.earlyData);
|
||||
await handshake.finish();
|
||||
} catch (e) {
|
||||
throw new Error(`Error occurred during XX handshake: ${e.message}`);
|
||||
}
|
||||
@ -162,9 +162,10 @@ export class Noise implements NoiseConnection {
|
||||
|
||||
private async performIKHandshake(
|
||||
params: HandshakeParams,
|
||||
payload: bytes,
|
||||
): Promise<IKHandshake> {
|
||||
const { isInitiator, libp2pPublicKey, remotePeer, connection } = params;
|
||||
const handshake = new IKHandshake(isInitiator, this.privateKey, libp2pPublicKey, this.prologue, this.staticKeys, connection, remotePeer);
|
||||
const handshake = new IKHandshake(isInitiator, payload, this.privateKey, libp2pPublicKey, this.prologue, this.staticKeys, connection, remotePeer);
|
||||
|
||||
// TODO
|
||||
|
||||
|
||||
33
src/utils.ts
33
src/utils.ts
@ -1,4 +1,4 @@
|
||||
import { x25519, ed25519, HKDF, SHA256 } from 'bcrypto';
|
||||
import { x25519, HKDF, SHA256 } from 'bcrypto';
|
||||
import protobuf from "protobufjs";
|
||||
import { Buffer } from "buffer";
|
||||
import PeerId from "peer-id";
|
||||
@ -23,9 +23,23 @@ export function generateKeypair(): KeyPair {
|
||||
}
|
||||
}
|
||||
|
||||
export async function getPayload(
|
||||
localPeer: PeerId,
|
||||
staticPublicKey: bytes,
|
||||
earlyData?: bytes,
|
||||
): Promise<bytes> {
|
||||
const signedPayload = await signPayload(localPeer, getHandshakePayload(staticPublicKey));
|
||||
const signedEarlyDataPayload = await signEarlyDataPayload(localPeer, earlyData || Buffer.alloc(0));
|
||||
|
||||
return await createHandshakePayload(
|
||||
localPeer.marshalPubKey(),
|
||||
signedPayload,
|
||||
signedEarlyDataPayload
|
||||
);
|
||||
}
|
||||
|
||||
export async function createHandshakePayload(
|
||||
libp2pPublicKey: bytes,
|
||||
libp2pPrivateKey: bytes,
|
||||
signedPayload: bytes,
|
||||
signedEarlyData?: EarlyDataPayload,
|
||||
): Promise<bytes> {
|
||||
@ -46,8 +60,8 @@ export async function createHandshakePayload(
|
||||
}
|
||||
|
||||
|
||||
export function signPayload(libp2pPrivateKey: bytes, payload: bytes): bytes {
|
||||
return ed25519.sign(payload, libp2pPrivateKey);
|
||||
export async function signPayload(peerId: PeerId, payload: bytes): Promise<bytes> {
|
||||
return peerId.privKey.sign(payload);
|
||||
}
|
||||
|
||||
type EarlyDataPayload = {
|
||||
@ -55,9 +69,9 @@ type EarlyDataPayload = {
|
||||
libp2pDataSignature: bytes;
|
||||
}
|
||||
|
||||
export function signEarlyDataPayload(libp2pPrivateKey: bytes, earlyData: bytes): EarlyDataPayload {
|
||||
export async function signEarlyDataPayload(peerId: PeerId, earlyData: bytes): Promise<EarlyDataPayload> {
|
||||
const payload = getEarlyDataPayload(earlyData);
|
||||
const signedPayload = signPayload(libp2pPrivateKey, payload);
|
||||
const signedPayload = await signPayload(peerId, payload);
|
||||
|
||||
return {
|
||||
libp2pData: payload,
|
||||
@ -83,9 +97,10 @@ export async function verifySignedPayload(noiseStaticKey: bytes, plaintext: byte
|
||||
}
|
||||
|
||||
const generatedPayload = getHandshakePayload(noiseStaticKey);
|
||||
// Unmarshaling from PublicKey protobuf and taking key buffer only.
|
||||
const publicKey = crypto.keys.unmarshalPublicKey(receivedPayload.libp2pKey).marshal();
|
||||
if (!ed25519.verify(generatedPayload, receivedPayload.noiseStaticKeySignature, publicKey)) {
|
||||
|
||||
// Unmarshaling from PublicKey protobuf
|
||||
const publicKey = crypto.keys.unmarshalPublicKey(receivedPayload.libp2pKey);
|
||||
if (!publicKey.verify(generatedPayload, receivedPayload.noiseStaticKeySignature)) {
|
||||
throw new Error("Static key doesn't match to peer that signed payload!");
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user