Use static key caching

This commit is contained in:
Belma Gutlic 2020-01-13 16:33:58 +01:00
parent 90af03ab02
commit 7d22967197
6 changed files with 29 additions and 23 deletions

View File

@ -24,6 +24,7 @@ export class IKHandshake implements IHandshake {
staticKeypair: KeyPair,
connection: WrappedConnection,
remotePeer: PeerId,
remoteStaticKey: bytes,
handshake?: IK,
) {
this.isInitiator = isInitiator;
@ -34,11 +35,7 @@ export class IKHandshake implements IHandshake {
this.remotePeer = remotePeer;
this.ik = handshake || new IK();
// Dummy data
// TODO: Load remote static keys if found
const remoteStaticKeys = this.staticKeypair;
this.session = this.ik.initSession(this.isInitiator, this.prologue, this.staticKeypair, remoteStaticKeys.publicKey);
this.session = this.ik.initSession(this.isInitiator, this.prologue, this.staticKeypair, remoteStaticKey);
}
public decrypt(ciphertext: Buffer, session: NoiseSession): Buffer {

View File

@ -114,6 +114,10 @@ export class XXHandshake implements IHandshake {
return this.xx.decryptWithAd(cs, Buffer.alloc(0), ciphertext);
}
public getRemoteStaticKey(): bytes {
return this.session.hs.rs;
}
private getCS(session: NoiseSession, encryption = true) {
if (!session.cs1 || !session.cs2) {
throw new Error("Handshake not completed properly, cipher state does not exist.");

View File

@ -145,7 +145,6 @@ export class XX extends AbstractHandshake {
session.h = h;
session.cs1 = cs1;
session.cs2 = cs2;
delete session.hs;
} else if (session.mc.gtn(2)) {
if (session.i) {
if (!session.cs1) {

View File

@ -20,11 +20,11 @@ class Keycache {
}
}
public async load(peerId: PeerId): Promise<bytes32> {
public async load(peerId: PeerId): Promise<bytes32|null> {
const release = await this.mutex.acquire();
let key;
try {
key = this.storage.get(peerId.id);
key = this.storage.get(peerId.id) || null;
} finally {
release();
}

View File

@ -16,6 +16,8 @@ import { bytes } from "./@types/basic";
import { INoiseConnection, PeerId, KeyPair, SecureOutbound } from "./@types/libp2p";
import { Duplex } from "./@types/it-pair";
import {IHandshake} from "./@types/handshake-interface";
import {KeyCache} from "./keycache";
import {logger} from "./logger";
export type WrappedConnection = ReturnType<typeof Wrap>;
@ -104,14 +106,21 @@ export class Noise implements INoiseConnection {
* @param remotePeer
*/
private async performHandshake(params: HandshakeParams): Promise<IHandshake> {
// TODO: Implement noise pipes
const payload = await getPayload(params.localPeer, this.staticKeys.publicKey, this.earlyData);
if (false) {
let IKhandshake;
let foundRemoteStaticKey: bytes|null = null;
if (this.useNoisePipes && params.isInitiator) {
logger("Initiator using noise pipes. Going to load cached static key...");
foundRemoteStaticKey = await KeyCache.load(params.remotePeer);
logger(`Static key has been found: ${!!foundRemoteStaticKey}`)
}
if (foundRemoteStaticKey) {
// Try IK first
const { remotePeer, connection, isInitiator } = params;
const IKhandshake = new IKHandshake(isInitiator, payload, this.prologue, this.staticKeys, connection, remotePeer, foundRemoteStaticKey);
try {
IKhandshake = await this.performIKHandshake(params, payload);
return IKhandshake;
return await this.performIKHandshake(IKhandshake, payload);
} catch (e) {
// XX fallback
const ephemeralKeys = IKhandshake.getRemoteEphemeralKeys();
@ -156,7 +165,7 @@ export class Noise implements INoiseConnection {
await handshake.finish();
if (this.useNoisePipes) {
await KeyCache.store(remotePeer, handshake.getRemoteStaticKey());
}
} catch (e) {
throw new Error(`Error occurred during XX handshake: ${e.message}`);
@ -166,12 +175,9 @@ export class Noise implements INoiseConnection {
}
private async performIKHandshake(
params: HandshakeParams,
handshake: IKHandshake,
payload: bytes,
): Promise<IKHandshake> {
const { isInitiator, remotePeer, connection } = params;
const handshake = new IKHandshake(isInitiator, payload, this.prologue, this.staticKeys, connection, remotePeer);
// TODO
return handshake;

View File

@ -26,8 +26,8 @@ describe("Noise", () => {
it("should communicate through encrypted streams", async() => {
try {
const noiseInit = new Noise();
const noiseResp = new Noise();
const noiseInit = new Noise(undefined, undefined, false);
const noiseResp = new Noise(undefined, undefined, false);
const [inboundConnection, outboundConnection] = DuplexPair();
const [outbound, inbound] = await Promise.all([
@ -46,7 +46,7 @@ describe("Noise", () => {
});
it("should test that secureOutbound is spec compliant", async() => {
const noiseInit = new Noise();
const noiseInit = new Noise(undefined, undefined, false);
const [inboundConnection, outboundConnection] = DuplexPair();
const [outbound, { wrapped, handshake }] = await Promise.all([
@ -99,8 +99,8 @@ describe("Noise", () => {
it("should test large payloads", async() => {
try {
const noiseInit = new Noise();
const noiseResp = new Noise();
const noiseInit = new Noise(undefined, undefined, false);
const noiseResp = new Noise(undefined, undefined, false);
const [inboundConnection, outboundConnection] = DuplexPair();
const [outbound, inbound] = await Promise.all([