Add basic session key logging

This commit is contained in:
Matija Petrunic
2020-04-09 15:33:15 +02:00
parent 9bf6c2e85d
commit 83e6380d8f
4 changed files with 33 additions and 2 deletions

View File

@ -1,3 +1,5 @@
export const NOISE_MSG_MAX_LENGTH_BYTES = 65535;
export const NOISE_MSG_MAX_LENGTH_BYTES_WITHOUT_TAG = NOISE_MSG_MAX_LENGTH_BYTES - 16;
export const DUMP_SESSION_KEYS = true;

View File

@ -1,2 +1,3 @@
import debug from "debug";
export const logger = debug('libp2p:noise');
export const sessionKeyLogger = debug('libp2p:session')

View File

@ -9,7 +9,7 @@ import {encode, decode} from 'it-length-prefixed';
import {XXHandshake} from "./handshake-xx";
import {IKHandshake} from "./handshake-ik";
import {XXFallbackHandshake} from "./handshake-xx-fallback";
import {generateKeypair, getPayload} from "./utils";
import {generateKeypair, getPayload, dumpSessionKeys} from "./utils";
import {uint16BEDecode, uint16BEEncode} from "./encoder";
import {decryptStream, encryptStream} from "./crypto";
import {bytes} from "./@types/basic";
@ -83,6 +83,8 @@ export class Noise implements INoiseConnection {
});
const conn = await this.createSecureConnection(wrappedConnection, handshake);
dumpSessionKeys(handshake.session.hs, localPeer.id, remotePeer.id);
return {
conn,
remotePeer: handshake.remotePeer,
@ -113,6 +115,8 @@ export class Noise implements INoiseConnection {
});
const conn = await this.createSecureConnection(wrappedConnection, handshake);
dumpSessionKeys(handshake.session.hs, localPeer.id, remotePeer ? remotePeer.id : undefined);
return {
conn,
remotePeer: handshake.remotePeer

View File

@ -4,8 +4,10 @@ import PeerId from "peer-id";
import * as crypto from 'libp2p-crypto';
import {KeyPair} from "./@types/libp2p";
import {bytes, bytes32} from "./@types/basic";
import {Hkdf, INoisePayload} from "./@types/handshake";
import {Hkdf, INoisePayload, HandshakeState} from "./@types/handshake";
import {pb} from "./proto/payload";
import {sessionKeyLogger} from "./logger"
import {DUMP_SESSION_KEYS} from "./constants"
const NoiseHandshakePayloadProto = pb.NoiseHandshakePayload;
@ -113,3 +115,25 @@ export function getHkdf(ck: bytes32, ikm: bytes): Hkdf {
export function isValidPublicKey(pk: bytes): boolean {
return x25519.publicKeyVerify(pk.slice(0, 32));
}
export function dumpSessionKeys(hs: HandshakeState, localPeerId: Buffer, remotePeerId=Buffer.alloc(0)): void {
if(!DUMP_SESSION_KEYS){
return;
}
if(hs.e === undefined){
hs.e = {privateKey: Buffer.alloc(0), publicKey: Buffer.alloc(0)}
}
const log = `
PEER_ID_LOCAL ${localPeerId.toString('hex')}
PEER_ID_REMOTE ${remotePeerId.toString('hex')}
LOCAL_STATIC_KEY ${hs.s.privateKey.toString('hex')}
LOCAL_EPHEMEREAL_KEY ${hs.e.privateKey.toString('hex')}
REMOTE_STATIC_KEY ${hs.rs.toString('hex')}
REMOTE_EPHEMEREAL_KEY ${hs.re.toString('hex')}
ENCRYPTION_KEY ${hs.ss.cs.k.toString('hex')}
`
sessionKeyLogger(log);
}