fluencelabs/js-libp2p-noise
1
0
Fork 0
mirror of https://github.com/fluencelabs/js-libp2p-noise synced 2025-06-13 03:31:32 +00:00
Code Issues Projects Releases Wiki Activity

Update handling keys, refactoring

Browse Source
This commit is contained in:
morrigan
2019-11-28 17:32:46 +01:00
parent d03f4974ba
commit a8ff05cdf1
8 changed files with 194 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
test/handshake.test.ts
View File

@ -5,6 +5,8 @@ import Wrap from "it-pb-rpc";
import {Handshake} from "../src/handshake";
import {generateKeypair} from "../src/utils";
import {createPeerIds, createPeerIdsFromFixtures} from "./fixtures/peer";
describe("Handshake", () => {
it("should propose, exchange and finish handshake", async() => {
@ -15,24 +17,39 @@ describe("Handshake", () => {
const prologue = Buffer.from('/noise');
const staticKeysInitiator = generateKeypair();
const staticKeysResponder = generateKeypair();
const [peerA, peerB] = await createPeerIds(2);
const handshakeInitator = new Handshake('XX', true, staticKeysResponder.publicKey, prologue, staticKeysInitiator, connectionFrom);
const handshakeResponder = new Handshake('XX', false, staticKeysInitiator.publicKey, prologue, staticKeysResponder, connectionTo);
const initiatorPrivKey = peerA.privKey.marshal().slice(0, 32);
const initiatorPubKey = peerA.pubKey.marshal();
const handshakeInitator = new Handshake(true, initiatorPrivKey, initiatorPubKey, prologue, staticKeysInitiator, connectionFrom);
const sessionInitator = await handshakeInitator.propose();
const sessionResponder = await handshakeResponder.propose();
const responderPrivKey = peerB.privKey.marshal().slice(0, 32);
const responderPubKey = peerB.pubKey.marshal();
const handshakeResponder = new Handshake(false, responderPrivKey, responderPubKey, prologue, staticKeysResponder, connectionTo);
await handshakeResponder.exchange(sessionResponder);
await handshakeInitator.exchange(sessionInitator);
await handshakeInitator.propose();
await handshakeResponder.propose();
await handshakeInitator.finish(sessionInitator);
await handshakeResponder.finish( sessionResponder);
await handshakeResponder.exchange();
await handshakeInitator.exchange();
await handshakeInitator.finish();
await handshakeResponder.finish();
const sessionInitator = handshakeInitator.session;
const sessionResponder = handshakeResponder.session;
// Test shared key
if (sessionInitator.cs1 && sessionResponder.cs1 && sessionInitator.cs2 && sessionResponder.cs2) {
assert(sessionInitator.cs1.k.equals(sessionResponder.cs1.k));
assert(sessionInitator.cs2.k.equals(sessionResponder.cs2.k));
} else {
assert(false);
}
// Test encryption and decryption
const encrypted = handshakeInitator.encrypt(Buffer.from("encryptthis"), handshakeInitator.session);
const decrypted = handshakeResponder.decrypt(encrypted, handshakeResponder.session);
assert(decrypted.equals(Buffer.from("encryptthis")));
});
});

53
test/noise.test.ts
View File

@ -21,29 +21,15 @@ describe("Noise", () => {
let remotePeer, localPeer;
before(async () => {
// [remotePeer, localPeer] = await createPeerIds(2);
// TODO: Handle Peer ID received ed25519 keys
const pair1 = generateKeypair();
remotePeer = {
id: "id-1",
pubKey: { bytes: pair1.publicKey },
privKey: { bytes: pair1.privateKey },
}
const pair2 = generateKeypair();
localPeer = {
id: "id-2",
pubKey: { bytes: pair2.publicKey },
privKey: { bytes: pair2.privateKey },
}
[localPeer, remotePeer] = await createPeerIds(2);
});
it("should communicate through encrypted streams", async() => {
const libp2pKeys = await generateEd25519Keys();
const libp2pKeys2 = await generateEd25519Keys();
const libp2pInitPrivKey = localPeer.privKey.marshal().slice(0, 32);
const libp2pRespPrivKey = remotePeer.privKey.marshal().slice(0, 32);
const noiseInit = new Noise(libp2pKeys._key, localPeer.privKey.bytes);
const noiseResp = new Noise(libp2pKeys2._key, remotePeer.privKey.bytes);
const noiseInit = new Noise(libp2pInitPrivKey);
const noiseResp = new Noise(libp2pRespPrivKey);
const [inboundConnection, outboundConnection] = DuplexPair();
const [outbound, inbound] = await Promise.all([
@ -59,39 +45,36 @@ describe("Noise", () => {
});
it("should test that secureOutbound is spec compliant", async() => {
const libp2pKeys = await generateEd25519Keys();
const noiseInit = new Noise(libp2pKeys._key, localPeer.privKey.bytes);
const libp2pPrivKey = localPeer.privKey.marshal().slice(0, 32);
const noiseInit = new Noise(libp2pPrivKey);
const [inboundConnection, outboundConnection] = DuplexPair();
const [outbound, { wrapped, ns, handshake }] = await Promise.all([
const [outbound, { wrapped, handshake }] = await Promise.all([
noiseInit.secureOutbound(localPeer, outboundConnection, remotePeer),
(async () => {
const wrapped = Wrap(inboundConnection);
const prologue = Buffer.from('/noise');
const staticKeys = {
privateKey: remotePeer.privKey.bytes,
publicKey: remotePeer.pubKey.bytes,
};
const staticKeys = generateKeypair();
const xx = new XXHandshake();
const handshake = new Handshake('XX', false, localPeer.pubKey.bytes, prologue, staticKeys, wrapped, xx);
const ns = await xx.initSession(false, prologue, staticKeys, localPeer.pubKey.bytes);
const libp2pPubKey = remotePeer.pubKey.marshal().slice(32, 64);
const handshake = new Handshake(false, libp2pPrivKey, libp2pPubKey, prologue, staticKeys, wrapped, xx);
let receivedMessageBuffer = decodeMessageBuffer((await wrapped.readLP()).slice());
// The first handshake message contains the initiator's ephemeral public key
expect(receivedMessageBuffer.ne.length).equal(32);
await xx.recvMessage(ns, receivedMessageBuffer);
await xx.recvMessage(handshake.session, receivedMessageBuffer);
// Stage 1
const signedPayload = signPayload(staticKeys.privateKey, getHandshakePayload(staticKeys.publicKey));
const handshakePayload = await createHandshakePayload(localPeer.pubKey.bytes, signedPayload);
const signedPayload = signPayload(libp2pPrivKey, getHandshakePayload(staticKeys.publicKey));
const handshakePayload = await createHandshakePayload(libp2pPubKey, libp2pPrivKey, signedPayload);
const messageBuffer = await xx.sendMessage(ns, handshakePayload);
const messageBuffer = await xx.sendMessage(handshake.session, handshakePayload);
wrapped.writeLP(encodeMessageBuffer(messageBuffer));
// Stage 2 - finish handshake
receivedMessageBuffer = decodeMessageBuffer((await wrapped.readLP()).slice());
await xx.recvMessage(ns, receivedMessageBuffer);
return { wrapped, ns, handshake };
await xx.recvMessage(handshake.session, receivedMessageBuffer);
return { wrapped, handshake };
})(),
]);
@ -102,7 +85,7 @@ describe("Noise", () => {
const receivedEncryptedPayload = (await wrapped.read()).slice();
const dataLength = receivedEncryptedPayload.readInt16BE(0);
const data = receivedEncryptedPayload.slice(2, dataLength + 2);
const decrypted = handshake.decrypt(data, ns);
const decrypted = handshake.decrypt(data, handshake.session);
// Decrypted data should match
assert(decrypted.equals(Buffer.from("test")));
})

79
test/xx.test.ts
View File

@ -10,13 +10,16 @@ describe("Index", () => {
const prologue = Buffer.from("/noise", "utf-8");
it("Test creating new XX session", async () => {
const xx = new XXHandshake();
try {
const xx = new XXHandshake();
const kpInitiator: KeyPair = await generateKeypair();
const kpResponder: KeyPair = await generateKeypair();
const kpInitiator: KeyPair = await generateKeypair();
const kpResponder: KeyPair = await generateKeypair();
const session = await xx.initSession(true, prologue, kpInitiator, kpResponder.publicKey);
const session = await xx.initSession(true, prologue, kpInitiator);
} catch (e) {
assert(false, e.message);
}
});
it("Test get HKDF", async () => {
@ -45,14 +48,16 @@ describe("Index", () => {
const respSignedPayload = await libp2pRespKeys.sign(getHandshakePayload(kpResp.publicKey));
// initiator: new XX noise session
const nsInit = await xx.initSession(true, prologue, kpInit, kpResp.publicKey);
const nsInit = await xx.initSession(true, prologue, kpInit);
// responder: new XX noise session
const nsResp = await xx.initSession(false, prologue, kpResp, kpInit.publicKey);
const nsResp = await xx.initSession(false, prologue, kpResp);
/* STAGE 0 */
// initiator creates payload
const payloadInitEnc = await createHandshakePayload(libp2pInitKeys.bytes, initSignedPayload)
const libp2pInitPrivKey = libp2pInitKeys.marshal().slice(0, 32);
const libp2pInitPubKey = libp2pInitKeys.marshal().slice(32, 64);
const payloadInitEnc = await createHandshakePayload(libp2pInitPubKey, libp2pInitPrivKey, initSignedPayload);
// initiator sends message
const message = Buffer.concat([Buffer.alloc(0), payloadInitEnc]);
@ -67,7 +72,9 @@ describe("Index", () => {
/* STAGE 1 */
// responder creates payload
const payloadRespEnc = await createHandshakePayload(libp2pRespKeys.bytes, respSignedPayload);
const libp2pRespPrivKey = libp2pRespKeys.marshal().slice(0, 32);
const libp2pRespPubKey = libp2pRespKeys.marshal().slice(32, 64);
const payloadRespEnc = await createHandshakePayload(libp2pRespPubKey, libp2pRespPrivKey, respSignedPayload);
const message1 = Buffer.concat([message, payloadRespEnc]);
const messageBuffer2 = await xx.sendMessage(nsResp, message1);
@ -95,36 +102,48 @@ describe("Index", () => {
}
it("Test handshake", async () => {
const xx = new XXHandshake();
await doHandshake(xx);
try {
const xx = new XXHandshake();
await doHandshake(xx);
} catch (e) {
assert(false, e.message);
}
});
it("Test symmetric encrypt and decrypt", async () => {
const xx = new XXHandshake();
const { nsInit, nsResp } = await doHandshake(xx);
const ad = Buffer.from("authenticated");
const message = Buffer.from("HelloCrypto");
try {
const xx = new XXHandshake();
const { nsInit, nsResp } = await doHandshake(xx);
const ad = Buffer.from("authenticated");
const message = Buffer.from("HelloCrypto");
xx.encryptWithAd(nsInit.cs1, ad, message);
assert(!Buffer.from("HelloCrypto").equals(message), "Encrypted message should not be same as plaintext.");
const decrypted = xx.decryptWithAd(nsResp.cs1, ad, message);
xx.encryptWithAd(nsInit.cs1, ad, message);
assert(!Buffer.from("HelloCrypto").equals(message), "Encrypted message should not be same as plaintext.");
const decrypted = xx.decryptWithAd(nsResp.cs1, ad, message);
assert(Buffer.from("HelloCrypto").equals(decrypted), "Decrypted text not equal to original message.");
assert(Buffer.from("HelloCrypto").equals(decrypted), "Decrypted text not equal to original message.");
} catch (e) {
assert(false, e.message);
}
});
it("Test multiple messages encryption and decryption", async () => {
const xx = new XXHandshake();
const { nsInit, nsResp } = await doHandshake(xx);
const ad = Buffer.from("authenticated");
const message = Buffer.from("ethereum1");
try {
const xx = new XXHandshake();
const { nsInit, nsResp } = await doHandshake(xx);
const ad = Buffer.from("authenticated");
const message = Buffer.from("ethereum1");
xx.encryptWithAd(nsInit.cs1, ad, message);
const decrypted = xx.decryptWithAd(nsResp.cs1, ad, message);
assert(Buffer.from("ethereum1").equals(decrypted), "Decrypted text not equal to original message.");
xx.encryptWithAd(nsInit.cs1, ad, message);
const decrypted = xx.decryptWithAd(nsResp.cs1, ad, message);
assert(Buffer.from("ethereum1").equals(decrypted), "Decrypted text not equal to original message.");
const message2 = Buffer.from("ethereum2");
xx.encryptWithAd(nsInit.cs1, ad, message2);
const decrypted2 = xx.decryptWithAd(nsResp.cs1, ad, message2);
assert(Buffer.from("ethereum2").equals(decrypted2), "Decrypted text not equal to original message.");
const message2 = Buffer.from("ethereum2");
xx.encryptWithAd(nsInit.cs1, ad, message2);
const decrypted2 = xx.decryptWithAd(nsResp.cs1, ad, message2);
assert(Buffer.from("ethereum2").equals(decrypted2), "Decrypted text not equal to original message.");
} catch (e) {
assert(false, e.message);
}
});
});