fix: endianness of nonce function

fix: payload serialization
feat: add functions to retrieve h,e,rs,re
2026-01-02 13:03:10 +00:00 · 2022-12-21 12:46:15 -04:00 · 2022-12-21 11:56:30 -04:00 · 2022-12-21 08:47:05 -04:00
5 changed files with 56 additions and 16 deletions
--- a/handshake.go
+++ b/handshake.go
@ -284,6 +284,22 @@ func (h *Handshake) FinalizeHandshake() (*HandshakeResult, error) {
 }

 // HandshakeComplete indicates whether the handshake process is complete or not
-func (hs *Handshake) IsComplete() bool {
-	return hs.hsResult != nil
+func (h *Handshake) IsComplete() bool {
+	return h.hsResult != nil
+}
+
+func (h *Handshake) LocalEphemeralKeypair() Keypair {
+	return h.hs.e
+}
+
+func (h *Handshake) RemoteStaticPublicKey() []byte {
+	return h.hs.rs
+}
+
+func (h *Handshake) RemoteEphemeralPublicKey() []byte {
+	return h.hs.re
+}
+
+func (h *Handshake) H() []byte {
+	return h.hs.ss.h
 }
--- a/noise.go
+++ b/noise.go
@ -67,8 +67,10 @@ func (c *CipherState) hasKey() bool {
 }

 func (cs *CipherState) nonce() []byte {
-	var nonceBytes [12]byte // RFC7539 specifies 12 bytes for nonce.
-	binary.BigEndian.PutUint64(nonceBytes[4:], cs.n)
+	// RFC7539 specifies 12 bytes for nonce.
+	// TODO: extract this to function setup when creating handshake pattern
+	var nonceBytes [12]byte
+	binary.LittleEndian.PutUint64(nonceBytes[4:], cs.n)
 	return nonceBytes[:]
 }

--- a/noise_test.go
+++ b/noise_test.go
@ -126,7 +126,13 @@ func handshakeTest(t *testing.T, hsAlice *Handshake, hsBob *Handshake) {
 		encryptedPayload, err := aliceHSResult.WriteMessage(message, defaultMessageNametagBuffer)
 		require.NoError(t, err)

-		plaintext, err := bobHSResult.ReadMessage(encryptedPayload, defaultMessageNametagBuffer)
+		serializedPayload, err := encryptedPayload.Serialize()
+		require.NoError(t, err)
+
+		deserializedPayload, err := DeserializePayloadV2(serializedPayload)
+		require.NoError(t, err)
+
+		plaintext, err := bobHSResult.ReadMessage(deserializedPayload, defaultMessageNametagBuffer)
 		require.NoError(t, err)

 		require.Equal(t, message, plaintext)
@ -137,7 +143,13 @@ func handshakeTest(t *testing.T, hsAlice *Handshake, hsBob *Handshake) {
 		encryptedPayload, err = bobHSResult.WriteMessage(message, defaultMessageNametagBuffer)
 		require.NoError(t, err)

-		plaintext, err = aliceHSResult.ReadMessage(encryptedPayload, defaultMessageNametagBuffer)
+		serializedPayload, err = encryptedPayload.Serialize()
+		require.NoError(t, err)
+
+		deserializedPayload, err = DeserializePayloadV2(serializedPayload)
+		require.NoError(t, err)
+
+		plaintext, err = aliceHSResult.ReadMessage(deserializedPayload, defaultMessageNametagBuffer)
 		require.NoError(t, err)

 		require.Equal(t, message, plaintext)
--- a/patterns.go
+++ b/patterns.go
@ -104,15 +104,17 @@ type HandshakePattern struct {
 	messagePatterns    []MessagePattern
 	hashFn             func() hash.Hash
 	cipherFn           func([]byte) (cipher.AEAD, error)
+	tagSize            int
 	dhKey              DHKey
 }

-func NewHandshakePattern(protocolID byte, name string, hashFn func() hash.Hash, cipherFn func([]byte) (cipher.AEAD, error), dhKey DHKey, preMessagePatterns []PreMessagePattern, messagePatterns []MessagePattern) HandshakePattern {
+func NewHandshakePattern(protocolID byte, name string, hashFn func() hash.Hash, cipherFn func([]byte) (cipher.AEAD, error), tagSize int, dhKey DHKey, preMessagePatterns []PreMessagePattern, messagePatterns []MessagePattern) HandshakePattern {
 	return HandshakePattern{
 		protocolID:         protocolID,
 		name:               name,
 		hashFn:             hashFn,
 		cipherFn:           cipherFn,
+		tagSize:            tagSize,
 		dhKey:              dhKey,
 		premessagePatterns: preMessagePatterns,
 		messagePatterns:    messagePatterns,
@ -153,6 +155,7 @@ var K1K1 = NewHandshakePattern(
 	"Noise_K1K1_25519_ChaChaPoly_SHA256",
 	sha256.New,
 	chacha20poly1305.New,
+	16,
 	DH25519,
 	[]PreMessagePattern{
 		NewPreMessagePattern(Right, []NoiseTokens{S}),
@ -170,6 +173,7 @@ var XK1 = NewHandshakePattern(
 	"Noise_XK1_25519_ChaChaPoly_SHA256",
 	sha256.New,
 	chacha20poly1305.New,
+	16,
 	DH25519,
 	[]PreMessagePattern{
 		NewPreMessagePattern(Left, []NoiseTokens{S}),
@ -186,6 +190,7 @@ var XX = NewHandshakePattern(
 	"Noise_XX_25519_ChaChaPoly_SHA256",
 	sha256.New,
 	chacha20poly1305.New,
+	16,
 	DH25519,
 	EmptyPreMessage,
 	[]MessagePattern{
@ -200,6 +205,7 @@ var XXpsk0 = NewHandshakePattern(
 	"Noise_XXpsk0_25519_ChaChaPoly_SHA256",
 	sha256.New,
 	chacha20poly1305.New,
+	16,
 	DH25519,
 	EmptyPreMessage,
 	[]MessagePattern{
@ -214,6 +220,7 @@ var WakuPairing = NewHandshakePattern(
 	"Noise_WakuPairing_25519_ChaChaPoly_SHA256",
 	sha256.New,
 	chacha20poly1305.New,
+	16,
 	DH25519,
 	[]PreMessagePattern{
 		NewPreMessagePattern(Left, []NoiseTokens{E}),
--- a/payload.go
+++ b/payload.go
@ -2,7 +2,6 @@ package noise

 import (
 	"bytes"
-	"crypto/ed25519"
 	"encoding/binary"
 	"errors"
 )
@ -106,8 +105,6 @@ func (p *PayloadV2) Serialize() ([]byte, error) {
 	return payloadBuf.Bytes(), nil
 }

-const ChaChaPolyTagSize = byte(16)
-
 // Deserializes a byte sequence to a PayloadV2 object according to https://rfc.vac.dev/spec/35/.
 // The input serialized payload concatenates the output PayloadV2 object fields as
 // payload = ( protocolId || serializedHandshakeMessageLen || serializedHandshakeMessage || transportMessageLen || transportMessage)
@ -126,8 +123,14 @@ func DeserializePayloadV2(payload []byte) (*PayloadV2, error) {
 		return nil, err
 	}

-	if !IsProtocolIDSupported(result.ProtocolId) {
-		return nil, errors.New("unsupported protocol")
+	var pattern HandshakePattern
+	var err error
+
+	if result.ProtocolId != None {
+		pattern, err = GetHandshakePattern(result.ProtocolId)
+		if err != nil {
+			return nil, err
+		}
 	}

 	// We read the Handshake Message length (1 byte)
@ -150,13 +153,13 @@ func DeserializePayloadV2(payload []byte) (*PayloadV2, error) {

 		if flag == 0 {
 			// If the key is unencrypted, we only read the X coordinate of the EC public key and we deserialize into a Noise Public Key
-			pkLen := ed25519.PublicKeySize
+			pkLen := pattern.dhKey.DHLen()
 			var pkBytes SerializedNoisePublicKey = make([]byte, pkLen)
 			if err := binary.Read(payloadBuf, binary.BigEndian, &pkBytes); err != nil {
 				return nil, err
 			}

-			serializedPK := SerializedNoisePublicKey(make([]byte, ed25519.PublicKeySize+1))
+			serializedPK := SerializedNoisePublicKey(make([]byte, pkLen+1))
 			serializedPK[0] = flag
 			copy(serializedPK[1:], pkBytes)

@ -169,7 +172,7 @@ func DeserializePayloadV2(payload []byte) (*PayloadV2, error) {
 			written += uint8(1 + pkLen)
 		} else if flag == 1 {
 			// If the key is encrypted, we only read the encrypted X coordinate and the authorization tag, and we deserialize into a Noise Public Key
-			pkLen := ed25519.PublicKeySize + ChaChaPolyTagSize
+			pkLen := pattern.dhKey.DHLen() + pattern.tagSize
 			// TODO: duplicated code: ==============

 			var pkBytes SerializedNoisePublicKey = make([]byte, pkLen)
@ -177,7 +180,7 @@ func DeserializePayloadV2(payload []byte) (*PayloadV2, error) {
 				return nil, err
 			}

-			serializedPK := SerializedNoisePublicKey(make([]byte, ed25519.PublicKeySize+1))
+			serializedPK := SerializedNoisePublicKey(make([]byte, pkLen+1))
 			serializedPK[0] = flag
 			copy(serializedPK[1:], pkBytes)
Author	SHA1	Message	Date
Richard Ramos	d654270130	fix: endianness of nonce function	2022-12-21 12:46:15 -04:00
Richard Ramos	962299d8b4	fix: payload serialization	2022-12-21 11:56:30 -04:00
Richard Ramos	daf3130edf	feat: add functions to retrieve h,e,rs,re	2022-12-21 08:47:05 -04:00