mirror of
https://github.com/status-im/nim-eth-p2p.git
synced 2025-01-11 15:24:44 +00:00
Initial commit
This commit is contained in:
cheatfate
parent
bb21c17217
commit
56f034f57a
22
.travis.yml
Normal file
22
.travis.yml
Normal file
@ -0,0 +1,22 @@
|
||||
sudo: false
|
||||
language: c
|
||||
os:
|
||||
- linux
|
||||
- osx
|
||||
dist: trusty
|
||||
before_script:
|
||||
- git clone https://github.com/nim-lang/Nim.git
|
||||
- cd Nim
|
||||
- git clone --depth 1 https://github.com/nim-lang/csources
|
||||
- cd csources && sh build.sh
|
||||
- cd ..
|
||||
- bin/nim c koch
|
||||
- ./koch boot -d:release
|
||||
- ./koch nimble
|
||||
- export PATH=$(pwd)/bin:$PATH
|
||||
- cd ..
|
||||
- nimble install https://github.com/status-im/nim-rlp
|
||||
- nimble install https://github.com/cheatfate/nimcrypto >= 0.1.0
|
||||
- nimble install https://github.com/status-im/nim-secp256k1
|
||||
script:
|
||||
- nimble tests
|
||||
11
ethp2p.nim
Normal file
11
ethp2p.nim
Normal file
@ -0,0 +1,11 @@
|
||||
#
|
||||
# Ethereum P2P
|
||||
# (c) Copyright 2018
|
||||
# Status Research & Development GmbH
|
||||
#
|
||||
# See the file "LICENSE", included in this
|
||||
# distribution, for details about the copyright.
|
||||
#
|
||||
|
||||
import ethp2p/ecc, ethp2p/ecies, ethp2p/auth, ethp2p/hexdump
|
||||
export ecc, ecies, auth, hexdump
|
||||
15
ethp2p.nimble
Normal file
15
ethp2p.nimble
Normal file
@ -0,0 +1,15 @@
|
||||
mode = ScriptMode.Verbose
|
||||
|
||||
packageName = "ethp2p"
|
||||
version = "1.0.0"
|
||||
author = "Status Research & Development GmbH"
|
||||
description = "Ethereum P2P library"
|
||||
license = "MIT"
|
||||
skipDirs = @["tests", "Nim"]
|
||||
|
||||
requires "nim > 0.18.0", "https://github.com/status-im/nim-rlp >= 1.0.1", "https://github.com/cheatfate/nimcrypto >= 0.1.0", "https://github.com/status-im/nim-secp256k1 >= 0.1.0"
|
||||
|
||||
task tests, "Runs the test suite":
|
||||
exec "nim c -r tests/testecc"
|
||||
exec "nim c -r tests/testecies"
|
||||
exec "nim c -r tests/testauth"
|
||||
855
ethp2p/auth.nim
Normal file
855
ethp2p/auth.nim
Normal file
@ -0,0 +1,855 @@
|
||||
#
|
||||
# Ethereum P2P
|
||||
# (c) Copyright 2018
|
||||
# Status Research & Development GmbH
|
||||
#
|
||||
# See the file "LICENSE", included in this
|
||||
# distribution, for details about the copyright.
|
||||
#
|
||||
|
||||
## This module implements Ethereum authentication
|
||||
|
||||
import endians
|
||||
import ecc, ecies, rlp
|
||||
import nimcrypto/sysrand, nimcrypto/hash, nimcrypto/utils, nimcrypto/hmac
|
||||
import nimcrypto/rijndael, nimcrypto/keccak, nimcrypto/sha2
|
||||
import hexdump
|
||||
|
||||
const
|
||||
SupportedRlpxVersion* = 4
|
||||
PlainAuthMessageLength* = 194
|
||||
PlainAuthAckMessageLength* = 97
|
||||
AuthMessageLength* = 307
|
||||
AuthAckMessageLength* = 210
|
||||
|
||||
type
|
||||
HandshakeFlag* = enum
|
||||
Initiator, ## `Handshake` owner is connection initiator
|
||||
Responder, ## `Handshake` owner is connection responder
|
||||
Eip8 ## Flag indicates that EIP-8 handshake is used
|
||||
|
||||
AuthStatus* = enum
|
||||
Success, ## Operation was successful
|
||||
RandomError, ## Could not obtain random data
|
||||
EcdhError, ## ECDH shared secret could not be calculated
|
||||
SignatureError, ## Signature could not be obtained
|
||||
EciesError, ## ECIES encryption/decryption error
|
||||
InvalidPubKey, ## Invalid public key
|
||||
InvalidAuth, ## Invalid Authentication message
|
||||
InvalidAck, ## Invalid Authentication ACK message
|
||||
RlpError, ## Error while decoding RLP stream
|
||||
IncompleteError ## Data incomplete error
|
||||
|
||||
Handshake* = object
|
||||
version: uint8
|
||||
flags: set[HandshakeFlag]
|
||||
host*: KeyPair
|
||||
ephemeral*: KeyPair
|
||||
remoteHPubkey*: PublicKey
|
||||
remoteEPubkey*: PublicKey
|
||||
initiatorNonce*: Nonce
|
||||
responderNonce*: Nonce
|
||||
|
||||
ConnectionSecret* = object
|
||||
aesKey*: array[aes256.sizeKey, byte]
|
||||
macKey*: array[KeyLength, byte]
|
||||
egressMac*: array[keccak256.sizeDigest, byte]
|
||||
ingressMac*: array[keccak256.sizeDigest, byte]
|
||||
|
||||
PlainAuthMessage* = array[PlainAuthMessageLength, byte]
|
||||
PlainAuthAckMessage* = array[PlainAuthAckMessageLength, byte]
|
||||
AuthMessage* = array[AuthMessageLength, byte]
|
||||
AuthAckMessage* = array[AuthAckMessageLength, byte]
|
||||
|
||||
AuthException* = object of Exception
|
||||
|
||||
proc sxor[T](a: var openarray[T], b: openarray[T]) =
|
||||
assert(len(a) == len(b))
|
||||
for i in 0..(len(a) - 1):
|
||||
a[i] = a[i] xor b[i]
|
||||
|
||||
proc empty[T](v: openarray[T]): bool =
|
||||
var r: T
|
||||
for item in v:
|
||||
r = r + item
|
||||
result = (r == T(0))
|
||||
|
||||
proc move[T](dst: var openarray[T], src: openarray[T],
|
||||
dstx: int = 0, dsty: int = -1, srcx: int = 0, srcy: int = -1) =
|
||||
let sx = if srcx < 0: (len(src) + srcx) else: srcx
|
||||
let sy = if srcy < 0: (len(src) + srcy) else: srcy
|
||||
let dx = if dstx < 0: (len(dst) + dstx) else: dstx
|
||||
let dy = if dsty < 0: (len(dst) + dsty) else: dsty
|
||||
assert(sy - sx == dy - dx)
|
||||
moveMem(addr dst[dstx], unsafeAddr src[srcx], (dy - dx + 1) * sizeof(T))
|
||||
|
||||
proc newHandshake*(flags: set[HandshakeFlag] = {Initiator}): Handshake =
|
||||
var p: ptr byte
|
||||
result.flags = flags
|
||||
result.ephemeral = newKeyPair()
|
||||
|
||||
if Initiator in flags:
|
||||
p = addr result.initiatorNonce[0]
|
||||
else:
|
||||
p = addr result.responderNonce[0]
|
||||
|
||||
if randomBytes(p, KeyLength) != KeyLength:
|
||||
raise newException(AuthException, "Could not obtain random data!")
|
||||
|
||||
proc authMessage*(h: var Handshake,
|
||||
pubkey: PublicKey,
|
||||
output: var PlainAuthMessage): AuthStatus =
|
||||
## Create plain preEIP8 authentication message.
|
||||
var secret: SharedSecret
|
||||
var signature: Signature
|
||||
var flag = byte(0x00)
|
||||
|
||||
if ecdhAgree(h.host.seckey, pubkey, secret) != EccStatus.Success:
|
||||
return(EcdhError)
|
||||
|
||||
if h.initiatorNonce.empty():
|
||||
if randomBytes(addr h.initiatorNonce[0], KeyLength) != KeyLength:
|
||||
return(RandomError)
|
||||
|
||||
var xornonce = h.initiatorNonce
|
||||
xornonce.sxor(secret)
|
||||
|
||||
if signMessage(h.ephemeral.seckey, xornonce, signature) != EccStatus.Success:
|
||||
return(SignatureError)
|
||||
|
||||
copyMem(addr h.remoteHPubkey, unsafeAddr pubkey, sizeof(PublicKey))
|
||||
|
||||
move(output, signature.getRaw().data, 0, 64)
|
||||
move(output, keccak256.digest(h.ephemeral.pubkey.getRaw().data).data, 65, 96)
|
||||
move(output, h.host.pubkey.getRaw().data, 97, 160)
|
||||
move(output, h.initiatorNonce, 161, 192)
|
||||
output[193] = flag
|
||||
|
||||
proc authAckMessage*(h: var Handshake,
|
||||
output: var PlainAuthAckMessage): AuthStatus =
|
||||
if EIP8 in h.flags:
|
||||
discard
|
||||
else:
|
||||
move(output, h.ephemeral.pubkey.getRaw().data, 0, 63)
|
||||
move(output, h.responderNonce, 64, 95)
|
||||
output[96] = byte(0x00)
|
||||
|
||||
proc encryptAuthMessage*(input: ptr byte, inputlen: int,
|
||||
output: ptr byte, outputlen: int,
|
||||
pubkey: PublicKey, shmac: ptr byte = nil,
|
||||
shlen: int = 0): AuthStatus =
|
||||
result = Success
|
||||
if eciesEncrypt(input, output, inputlen, outputlen,
|
||||
pubkey, shmac, shlen) != EciesStatus.Success:
|
||||
result = EciesError
|
||||
|
||||
proc encryptAuthMessage*(input: PlainAuthMessage,
|
||||
output: var AuthMessage,
|
||||
pubkey: PublicKey): AuthStatus =
|
||||
result = Success
|
||||
result = encryptAuthMessage(unsafeAddr input[0], PlainAuthMessageLength,
|
||||
addr output[0], AuthMessageLength, pubkey)
|
||||
|
||||
proc decryptAuthMessage*(input: ptr byte, inputlen: int,
|
||||
output: ptr byte, outputlen: int,
|
||||
seckey: PrivateKey, shmac: ptr byte = nil,
|
||||
shlen: int = 0): AuthStatus =
|
||||
result = Success
|
||||
if eciesDecrypt(input, output, inputlen, outputlen,
|
||||
seckey, shmac, shlen) != EciesStatus.Success:
|
||||
result = EciesError
|
||||
|
||||
proc decryptAuthMessage*(input: AuthMessage, output: var PlainAuthMessage,
|
||||
seckey: PrivateKey): AuthStatus =
|
||||
result = decryptAuthMessage(unsafeAddr input[0], AuthMessageLength,
|
||||
addr output[0], PlainAuthMessageLength,
|
||||
seckey)
|
||||
|
||||
proc encryptAuthAckMessage*(input: ptr byte, inputlen: int,
|
||||
output: ptr byte, outputlen: int,
|
||||
pubkey: PublicKey, shmac: ptr byte = nil,
|
||||
shlen: int = 0): AuthStatus =
|
||||
result = Success
|
||||
if eciesEncrypt(input, output, inputlen, outputlen,
|
||||
pubkey, shmac, shlen) != EciesStatus.Success:
|
||||
result = EciesError
|
||||
|
||||
proc encryptAuthAckMessage*(input: PlainAuthAckMessage,
|
||||
output: var AuthAckMessage,
|
||||
pubkey: PublicKey): AuthStatus =
|
||||
result = encryptAuthAckMessage(unsafeAddr input[0], PlainAuthAckMessageLength,
|
||||
addr output[0], AuthAckMessageLength,
|
||||
pubkey)
|
||||
|
||||
proc decryptAuthAckMessage*(input: ptr byte, inputlen: int,
|
||||
output: ptr byte, outputlen: int,
|
||||
seckey: PrivateKey, shmac: ptr byte = nil,
|
||||
shlen: int = 0): AuthStatus =
|
||||
result = Success
|
||||
if eciesDecrypt(input, output, inputlen, outputlen,
|
||||
seckey, shmac, shlen) != EciesStatus.Success:
|
||||
result = EciesError
|
||||
|
||||
proc decryptAuthAckMessage*(input: AuthAckMessage,
|
||||
output: var PlainAuthAckMessage,
|
||||
seckey: PrivateKey): AuthStatus =
|
||||
result = decryptAuthAckMessage(unsafeAddr input[0], AuthAckMessageLength,
|
||||
addr output[0], PlainAuthAckMessageLength,
|
||||
seckey)
|
||||
|
||||
proc decodePlainAuthMessage(h: var Handshake, m: PlainAuthMessage): AuthStatus =
|
||||
var secret: SharedSecret
|
||||
var nonce: array[32, byte]
|
||||
var pubkey: PublicKey
|
||||
|
||||
copyMem(addr nonce[0], unsafeAddr m[161], KeyLength)
|
||||
if recoverPublicKey(unsafeAddr m[97], sizeof(PublicKey),
|
||||
pubkey) != EccStatus.Success:
|
||||
return(InvalidPubKey)
|
||||
|
||||
if ecdhAgree(h.host.seckey, pubkey, secret) != EccStatus.Success:
|
||||
return(EcdhError)
|
||||
|
||||
var xornonce = nonce
|
||||
xornonce.sxor(secret)
|
||||
|
||||
if recoverSignatureKey(unsafeAddr m[0], SignatureLength, addr xornonce[0],
|
||||
h.remoteEPubkey) != EccStatus.Success:
|
||||
return(SignatureError)
|
||||
|
||||
h.initiatorNonce = nonce
|
||||
h.remoteHPubkey = pubkey
|
||||
result = Success
|
||||
|
||||
proc decodePlainAuthAckMessage*(h: var Handshake,
|
||||
m: PlainAuthAckMessage): AuthStatus =
|
||||
if recoverPublicKey(m, h.remoteEPubkey, 0, 63) != EccStatus.Success:
|
||||
return(InvalidPubKey)
|
||||
|
||||
h.responderNonce[0..31] = m[64..95]
|
||||
result = Success
|
||||
|
||||
proc getSecrets*(h: var Handshake,
|
||||
msg: ptr byte, msglen: int,
|
||||
ack: ptr byte, acklen: int,
|
||||
secret: var ConnectionSecret): AuthStatus =
|
||||
|
||||
var
|
||||
shsec: SharedSecret
|
||||
ctx0: keccak256
|
||||
ctx1: keccak256
|
||||
digest: array[keccak256.sizeDigest, byte]
|
||||
mac1: array[keccak256.sizeDigest, byte]
|
||||
mac2: array[keccak256.sizeDigest, byte]
|
||||
xornonce: Nonce
|
||||
|
||||
# ecdhe-secret = ecdh.agree(ephemeral-privkey, remote-ephemeral-pubk)
|
||||
if ecdhAgree(h.ephemeral.seckey, h.remoteEPubkey, shsec) != EccStatus.Success:
|
||||
return(EcdhError)
|
||||
|
||||
# shared-secret = keccak(ecdhe-secret || keccak(nonce || initiator-nonce))
|
||||
ctx0.init()
|
||||
ctx1.init()
|
||||
ctx1.update(addr h.responderNonce[0], uint(len(h.responderNonce)))
|
||||
ctx1.update(addr h.initiatorNonce[0], uint(len(h.initiatorNonce)))
|
||||
digest = ctx1.finish().data
|
||||
|
||||
ctx1.init() # clean keccak256 context
|
||||
ctx0.update(addr shsec[0], uint(sizeof(SharedSecret)))
|
||||
ctx0.update(addr digest[0], uint(keccak256.sizeDigest))
|
||||
digest = ctx0.finish().data
|
||||
|
||||
# aes-secret = keccak(ecdhe-secret || shared-secret)
|
||||
ctx0.init()
|
||||
ctx0.update(addr shsec[0], uint(sizeof(SharedSecret)))
|
||||
ctx0.update(addr digest[0], uint(keccak256.sizeDigest))
|
||||
secret.aesKey = ctx0.finish().data
|
||||
|
||||
# mac-secret = keccak(ecdhe-secret || aes-secret)
|
||||
ctx0.init()
|
||||
ctx0.update(addr shsec[0], uint(sizeof(SharedSecret)))
|
||||
ctx0.update(addr secret.aesKey[0], uint(keccak256.sizeDigest))
|
||||
secret.macKey = ctx0.finish().data
|
||||
|
||||
zeroMem(addr shsec[0], sizeof(SharedSecret)) # clean ecdhe-secret
|
||||
|
||||
# egress-mac = keccak256(mac-secret ^ recipient-nonce || auth-sent-init)
|
||||
xornonce = secret.macKey
|
||||
xornonce.sxor(h.responderNonce)
|
||||
ctx0.init()
|
||||
ctx0.update(addr xornonce[0], uint(sizeof(Nonce)))
|
||||
ctx0.update(msg, uint(msglen))
|
||||
mac1 = ctx0.finish().data
|
||||
|
||||
# ingress-mac = keccak256(mac-secret ^ initiator-nonce || auth-recvd-ack)
|
||||
xornonce = secret.macKey
|
||||
xornonce.sxor(h.initiatorNonce)
|
||||
ctx0.init()
|
||||
ctx0.update(addr xornonce[0], uint(sizeof(Nonce)))
|
||||
ctx0.update(ack, uint(acklen))
|
||||
mac2 = ctx0.finish().data
|
||||
|
||||
ctx0.init() # clean keccak256 context
|
||||
zeroMem(addr xornonce[0], sizeof(Nonce)) # clean xornonce
|
||||
|
||||
if Initiator in h.flags:
|
||||
secret.egressMac = mac1
|
||||
secret.ingressMac = mac2
|
||||
else:
|
||||
secret.ingressMac = mac1
|
||||
secret.egressMac = mac2
|
||||
|
||||
zeroMem(addr mac1[0], keccak256.sizeDigest) # clean temporary mac1
|
||||
zeroMem(addr mac2[0], keccak256.sizeDigest) # clean temporary mac2
|
||||
|
||||
result = Success
|
||||
|
||||
proc getSecrets*(h: var Handshake, msg: AuthMessage, ack: AuthAckMessage,
|
||||
secret: var ConnectionSecret): AuthStatus =
|
||||
result = getSecrets(h, unsafeAddr msg[0], AuthMessageLength,
|
||||
unsafeAddr ack[0], AuthAckMessageLength,
|
||||
secret)
|
||||
|
||||
proc decodeAuthEip8Message*(h: var Handshake, msg: ptr byte,
|
||||
msglen: int): AuthStatus =
|
||||
var
|
||||
pubkey: PublicKey
|
||||
nonce: Nonce
|
||||
size: uint16
|
||||
secret: SharedSecret
|
||||
if msglen < 2:
|
||||
return(InvalidAuth)
|
||||
bigEndian16(addr size, msg)
|
||||
|
||||
if (2 + int(size)) > msglen:
|
||||
return(InvalidAuth)
|
||||
|
||||
# Maximum `size` value is 65535 bytes
|
||||
var outlen = eciesDecryptedLength(int(size))
|
||||
var output = newSeq[byte](outlen)
|
||||
var input = cast[ptr UncheckedArray[byte]](msg)
|
||||
if decryptAuthMessage(addr input[2], int(size), addr output[0],
|
||||
outlen, h.host.seckey,
|
||||
addr input[0], 2) != Success:
|
||||
return(EciesError)
|
||||
|
||||
try:
|
||||
var reader = rlpFromBytes(initBytesRange(output))
|
||||
if not reader.isList() or reader.listLen() < 4:
|
||||
return(InvalidAuth)
|
||||
if reader.listElem(0).blobLen != SignatureLength:
|
||||
return(InvalidAuth)
|
||||
if reader.listElem(1).blobLen != PublicKeyLength:
|
||||
return(InvalidAuth)
|
||||
if reader.listElem(2).blobLen != KeyLength:
|
||||
return(InvalidAuth)
|
||||
if reader.listElem(3).blobLen != 1:
|
||||
return(InvalidAuth)
|
||||
|
||||
var signatureBr = reader.listElem(0).toBytes()
|
||||
var pubkeyBr = reader.listElem(1).toBytes()
|
||||
var nonceBr = reader.listElem(2).toBytes()
|
||||
var versionBr = reader.listElem(3).toBytes()
|
||||
|
||||
if recoverPublicKey(addr output[pubkeyBr.ibegin], PublicKeyLength,
|
||||
pubkey) != EccStatus.Success:
|
||||
return(InvalidPubKey)
|
||||
copyMem(addr nonce[0], addr output[nonceBr.ibegin], KeyLength)
|
||||
|
||||
if ecdhAgree(h.host.seckey, pubkey, secret) != EccStatus.Success:
|
||||
return(EcdhError)
|
||||
|
||||
var xornonce = nonce
|
||||
xornonce.sxor(secret)
|
||||
|
||||
if recoverSignatureKey(addr output[signatureBr.ibegin], SignatureLength,
|
||||
addr xornonce[0],
|
||||
h.remoteEPubkey) != EccStatus.Success:
|
||||
return(SignatureError)
|
||||
|
||||
h.initiatorNonce = nonce
|
||||
h.remoteHPubkey = pubkey
|
||||
h.version = output[versionBr.ibegin]
|
||||
result = Success
|
||||
except:
|
||||
return(RlpError)
|
||||
|
||||
proc decodeAuthAckEip8Message(h: var Handshake, msg: ptr byte,
|
||||
msglen: int): AuthStatus =
|
||||
var size: uint16
|
||||
if msglen < 2:
|
||||
return(IncompleteError)
|
||||
bigEndian16(addr size, msg)
|
||||
|
||||
if (2 + int(size)) > msglen:
|
||||
return(IncompleteError)
|
||||
|
||||
# Maximum `size` value is 65535 bytes
|
||||
var outlen = eciesDecryptedLength(int(size))
|
||||
var output = newSeq[byte](outlen)
|
||||
var input = cast[ptr UncheckedArray[byte]](msg)
|
||||
if decryptAuthMessage(addr input[2], int(size), addr output[0],
|
||||
outlen, h.host.seckey,
|
||||
addr input[0], 2) != Success:
|
||||
return(EciesError)
|
||||
|
||||
try:
|
||||
var reader = rlpFromBytes(initBytesRange(output))
|
||||
if not reader.isList() or reader.listLen() < 3:
|
||||
return(InvalidAck)
|
||||
if reader.listElem(0).blobLen != PublicKeyLength:
|
||||
return(InvalidAck)
|
||||
if reader.listElem(1).blobLen != KeyLength:
|
||||
return(InvalidAck)
|
||||
if reader.listElem(2).blobLen != 1:
|
||||
return(InvalidAck)
|
||||
var pubkeyBr = reader.listElem(0).toBytes()
|
||||
var nonceBr = reader.listElem(1).toBytes()
|
||||
var versionBr = reader.listElem(2).toBytes()
|
||||
|
||||
if recoverPublicKey(addr output[pubkeyBr.ibegin], PublicKeyLength,
|
||||
h.remoteEPubkey) != EccStatus.Success:
|
||||
return(InvalidPubKey)
|
||||
copyMem(addr h.responderNonce[0], addr output[nonceBr.ibegin], KeyLength)
|
||||
h.version = output[versionBr.ibegin]
|
||||
result = Success
|
||||
except:
|
||||
return(RlpError)
|
||||
|
||||
proc decodeAuthMessage*(h: var Handshake, msg: ptr byte,
|
||||
msglen: int): AuthStatus =
|
||||
if msglen < AuthMessageLength:
|
||||
return(IncompleteError)
|
||||
elif msglen == AuthMessageLength:
|
||||
# Decoding plain authentication message
|
||||
var plain: PlainAuthMessage
|
||||
result = decryptAuthMessage(msg, msglen, addr plain[0],
|
||||
sizeof(PlainAuthMessage), h.host.seckey)
|
||||
if result == Success:
|
||||
result = decodePlainAuthMessage(h, plain)
|
||||
else:
|
||||
# Decoding EIP-8 authentication message
|
||||
result = decodeAuthEip8Message(h, msg, msglen)
|
||||
if result == Success:
|
||||
h.flags.incl(EIP8)
|
||||
|
||||
proc decodeAckMessage*(h: var Handshake, msg: ptr byte,
|
||||
msglen: int): AuthStatus =
|
||||
if msglen < AuthAckMessageLength:
|
||||
return(IncompleteError)
|
||||
elif msglen == AuthAckMessageLength:
|
||||
# Decoding plain authentication ACK message
|
||||
var plain: PlainAuthAckMessage
|
||||
result = decryptAuthAckMessage(msg, msglen, addr plain[0],
|
||||
PlainAuthAckMessageLength,
|
||||
h.host.seckey)
|
||||
if result == Success:
|
||||
result = decodePlainAuthAckMessage(h, plain)
|
||||
else:
|
||||
# Decoding EIP-8 ACK authentication message
|
||||
result = decodeAuthAckEip8Message(h, msg, msglen)
|
||||
|
||||
proc decodeAuthMessage*(h: var Handshake, msg: openarray[byte]): AuthStatus =
|
||||
result = decodeAuthMessage(h, unsafeAddr msg[0], len(msg))
|
||||
|
||||
proc decodeAckMessage*(h: var Handshake, msg: openarray[byte]): AuthStatus =
|
||||
result = decodeAckMessage(h, unsafeAddr msg[0], len(msg))
|
||||
|
||||
when isMainModule:
|
||||
# This was generated by `print` actual auth message generated by
|
||||
# https://github.com/ethereum/py-evm/blob/master/tests/p2p/test_auth.py
|
||||
const pyevmAuth = """
|
||||
22034ad2e7545e2b0bf02ecb1e40db478dfbbf7aeecc834aec2523eb2b7e74ee
|
||||
77ba40c70a83bfe9f2ab91f0131546dcf92c3ee8282d9907fee093017fd0302d
|
||||
0034fdb5419558137e0d44cd13d319afe5629eeccb47fd9dfe55cc6089426e46
|
||||
cc762dd8a0636e07a54b31169eba0c7a20a1ac1ef68596f1f283b5c676bae406
|
||||
4abfcce24799d09f67e392632d3ffdc12e3d6430dcb0ea19c318343ffa7aae74
|
||||
d4cd26fecb93657d1cd9e9eaf4f8be720b56dd1d39f190c4e1c6b7ec66f077bb
|
||||
1100"""
|
||||
|
||||
# This data comes from https://gist.github.com/fjl/3a78780d17c755d22df2
|
||||
const data = [
|
||||
("initiator_private_key",
|
||||
"5e173f6ac3c669587538e7727cf19b782a4f2fda07c1eaa662c593e5e85e3051"),
|
||||
("receiver_private_key",
|
||||
"c45f950382d542169ea207959ee0220ec1491755abe405cd7498d6b16adb6df8"),
|
||||
("initiator_ephemeral_private_key",
|
||||
"19c2185f4f40634926ebed3af09070ca9e029f2edd5fae6253074896205f5f6c"),
|
||||
("receiver_ephemeral_private_key",
|
||||
"d25688cf0ab10afa1a0e2dba7853ed5f1e5bf1c631757ed4e103b593ff3f5620"),
|
||||
("auth_plaintext",
|
||||
"""884c36f7ae6b406637c1f61b2f57e1d2cab813d24c6559aaf843c3f48962f32f
|
||||
46662c066d39669b7b2e3ba14781477417600e7728399278b1b5d801a519aa57
|
||||
0034fdb5419558137e0d44cd13d319afe5629eeccb47fd9dfe55cc6089426e46
|
||||
cc762dd8a0636e07a54b31169eba0c7a20a1ac1ef68596f1f283b5c676bae406
|
||||
4abfcce24799d09f67e392632d3ffdc12e3d6430dcb0ea19c318343ffa7aae74
|
||||
d4cd26fecb93657d1cd9e9eaf4f8be720b56dd1d39f190c4e1c6b7ec66f077bb
|
||||
1100"""),
|
||||
("authresp_plaintext",
|
||||
"""802b052f8b066640bba94a4fc39d63815c377fced6fcb84d27f791c9921ddf3e
|
||||
9bf0108e298f490812847109cbd778fae393e80323fd643209841a3b7f110397
|
||||
f37ec61d84cea03dcc5e8385db93248584e8af4b4d1c832d8c7453c0089687a7
|
||||
00"""),
|
||||
("auth_ciphertext",
|
||||
"""04a0274c5951e32132e7f088c9bdfdc76c9d91f0dc6078e848f8e3361193dbdc
|
||||
43b94351ea3d89e4ff33ddcefbc80070498824857f499656c4f79bbd97b6c51a
|
||||
514251d69fd1785ef8764bd1d262a883f780964cce6a14ff206daf1206aa073a
|
||||
2d35ce2697ebf3514225bef186631b2fd2316a4b7bcdefec8d75a1025ba2c540
|
||||
4a34e7795e1dd4bc01c6113ece07b0df13b69d3ba654a36e35e69ff9d482d88d
|
||||
2f0228e7d96fe11dccbb465a1831c7d4ad3a026924b182fc2bdfe016a6944312
|
||||
021da5cc459713b13b86a686cf34d6fe6615020e4acf26bf0d5b7579ba813e77
|
||||
23eb95b3cef9942f01a58bd61baee7c9bdd438956b426a4ffe238e61746a8c93
|
||||
d5e10680617c82e48d706ac4953f5e1c4c4f7d013c87d34a06626f498f34576d
|
||||
c017fdd3d581e83cfd26cf125b6d2bda1f1d56"""),
|
||||
("authresp_ciphertext",
|
||||
"""049934a7b2d7f9af8fd9db941d9da281ac9381b5740e1f64f7092f3588d4f87f
|
||||
5ce55191a6653e5e80c1c5dd538169aa123e70dc6ffc5af1827e546c0e958e42
|
||||
dad355bcc1fcb9cdf2cf47ff524d2ad98cbf275e661bf4cf00960e74b5956b79
|
||||
9771334f426df007350b46049adb21a6e78ab1408d5e6ccde6fb5e69f0f4c92b
|
||||
b9c725c02f99fa72b9cdc8dd53cff089e0e73317f61cc5abf6152513cb7d833f
|
||||
09d2851603919bf0fbe44d79a09245c6e8338eb502083dc84b846f2fee1cc310
|
||||
d2cc8b1b9334728f97220bb799376233e113"""),
|
||||
("ecdhe_shared_secret",
|
||||
"e3f407f83fc012470c26a93fdff534100f2c6f736439ce0ca90e9914f7d1c381"),
|
||||
("initiator_nonce",
|
||||
"cd26fecb93657d1cd9e9eaf4f8be720b56dd1d39f190c4e1c6b7ec66f077bb11"),
|
||||
("receiver_nonce",
|
||||
"f37ec61d84cea03dcc5e8385db93248584e8af4b4d1c832d8c7453c0089687a7"),
|
||||
("aes_secret",
|
||||
"c0458fa97a5230830e05f4f20b7c755c1d4e54b1ce5cf43260bb191eef4e418d"),
|
||||
("mac_secret",
|
||||
"48c938884d5067a1598272fcddaa4b833cd5e7d92e8228c0ecdfabbe68aef7f1"),
|
||||
("token",
|
||||
"3f9ec2592d1554852b1f54d228f042ed0a9310ea86d038dc2b401ba8cd7fdac4"),
|
||||
("initial_egress_MAC",
|
||||
"09771e93b1a6109e97074cbe2d2b0cf3d3878efafe68f53c41bb60c0ec49097e"),
|
||||
("initial_ingress_MAC",
|
||||
"75823d96e23136c89666ee025fb21a432be906512b3dd4a3049e898adb433847"),
|
||||
("initiator_hello_packet",
|
||||
"""6ef23fcf1cec7312df623f9ae701e63b550cdb8517fefd8dd398fc2acd1d935e
|
||||
6e0434a2b96769078477637347b7b01924fff9ff1c06df2f804df3b0402bbb9f
|
||||
87365b3c6856b45e1e2b6470986813c3816a71bff9d69dd297a5dbd935ab578f
|
||||
6e5d7e93e4506a44f307c332d95e8a4b102585fd8ef9fc9e3e055537a5cec2e9"""),
|
||||
("receiver_hello_packet",
|
||||
"""6ef23fcf1cec7312df623f9ae701e63be36a1cdd1b19179146019984f3625d4a
|
||||
6e0434a2b96769050577657247b7b02bc6c314470eca7e3ef650b98c83e9d7dd
|
||||
4830b3f718ff562349aead2530a8d28a8484604f92e5fced2c6183f304344ab0
|
||||
e7c301a0c05559f4c25db65e36820b4b909a226171a60ac6cb7beea09376d6d8""")
|
||||
]
|
||||
|
||||
# Thies test vectors was copied from EIP8 specfication
|
||||
# https://github.com/ethereum/EIPs/blob/master/EIPS/eip-8.md
|
||||
const eip8data = [
|
||||
("initiator_private_key",
|
||||
"49a7b37aa6f6645917e7b807e9d1c00d4fa71f18343b0d4122a4d2df64dd6fee"),
|
||||
("receiver_private_key",
|
||||
"b71c71a67e1177ad4e901695e1b4b9ee17ae16c6668d313eac2f96dbcda3f291"),
|
||||
("initiator_ephemeral_private_key",
|
||||
"869d6ecf5211f1cc60418a13b9d870b22959d0c16f02bec714c960dd2298a32d"),
|
||||
("receiver_ephemeral_private_key",
|
||||
"e238eb8e04fee6511ab04c6dd3c89ce097b11f25d584863ac2b6d5b35b1847e4"),
|
||||
("initiator_nonce",
|
||||
"7e968bba13b6c50e2c4cd7f241cc0d64d1ac25c7f5952df231ac6a2bda8ee5d6"),
|
||||
("receiver_nonce",
|
||||
"559aead08264d5795d3909718cdd05abd49572e84fe55590eef31a88a08fdffd"),
|
||||
("auth_ciphertext_v4",
|
||||
"""048ca79ad18e4b0659fab4853fe5bc58eb83992980f4c9cc147d2aa31532efd29
|
||||
a3d3dc6a3d89eaf913150cfc777ce0ce4af2758bf4810235f6e6ceccfee1acc6b
|
||||
22c005e9e3a49d6448610a58e98744ba3ac0399e82692d67c1f58849050b3024e
|
||||
21a52c9d3b01d871ff5f210817912773e610443a9ef142e91cdba0bd77b5fdf07
|
||||
69b05671fc35f83d83e4d3b0b000c6b2a1b1bba89e0fc51bf4e460df3105c444f
|
||||
14be226458940d6061c296350937ffd5e3acaceeaaefd3c6f74be8e23e0f45163
|
||||
cc7ebd76220f0128410fd05250273156d548a414444ae2f7dea4dfca2d43c057a
|
||||
db701a715bf59f6fb66b2d1d20f2c703f851cbf5ac47396d9ca65b6260bd141ac
|
||||
4d53e2de585a73d1750780db4c9ee4cd4d225173a4592ee77e2bd94d0be3691f3
|
||||
b406f9bba9b591fc63facc016bfa8"""),
|
||||
("auth_ciphertext_eip8",
|
||||
"""01b304ab7578555167be8154d5cc456f567d5ba302662433674222360f08d5f15
|
||||
34499d3678b513b0fca474f3a514b18e75683032eb63fccb16c156dc6eb2c0b15
|
||||
93f0d84ac74f6e475f1b8d56116b849634a8c458705bf83a626ea0384d4d7341a
|
||||
ae591fae42ce6bd5c850bfe0b999a694a49bbbaf3ef6cda61110601d3b4c02ab6
|
||||
c30437257a6e0117792631a4b47c1d52fc0f8f89caadeb7d02770bf999cc147d2
|
||||
df3b62e1ffb2c9d8c125a3984865356266bca11ce7d3a688663a51d82defaa8aa
|
||||
d69da39ab6d5470e81ec5f2a7a47fb865ff7cca21516f9299a07b1bc63ba56c7a
|
||||
1a892112841ca44b6e0034dee70c9adabc15d76a54f443593fafdc3b27af80597
|
||||
03f88928e199cb122362a4b35f62386da7caad09c001edaeb5f8a06d2b26fb6cb
|
||||
93c52a9fca51853b68193916982358fe1e5369e249875bb8d0d0ec36f917bc5e1
|
||||
eafd5896d46bd61ff23f1a863a8a8dcd54c7b109b771c8e61ec9c8908c733c026
|
||||
3440e2aa067241aaa433f0bb053c7b31a838504b148f570c0ad62837129e54767
|
||||
8c5190341e4f1693956c3bf7678318e2d5b5340c9e488eefea198576344afbdf6
|
||||
6db5f51204a6961a63ce072c8926c"""),
|
||||
("auth_ciphertext_eip8_3f",
|
||||
"""01b8044c6c312173685d1edd268aa95e1d495474c6959bcdd10067ba4c9013df9
|
||||
e40ff45f5bfd6f72471f93a91b493f8e00abc4b80f682973de715d77ba3a005a2
|
||||
42eb859f9a211d93a347fa64b597bf280a6b88e26299cf263b01b8dfdb7122784
|
||||
64fd1c25840b995e84d367d743f66c0e54a586725b7bbf12acca27170ae3283c1
|
||||
073adda4b6d79f27656993aefccf16e0d0409fe07db2dc398a1b7e8ee93bcd181
|
||||
485fd332f381d6a050fba4c7641a5112ac1b0b61168d20f01b479e19adf7fdbfa
|
||||
0905f63352bfc7e23cf3357657455119d879c78d3cf8c8c06375f3f7d4861aa02
|
||||
a122467e069acaf513025ff196641f6d2810ce493f51bee9c966b15c504350535
|
||||
0392b57645385a18c78f14669cc4d960446c17571b7c5d725021babbcd786957f
|
||||
3d17089c084907bda22c2b2675b4378b114c601d858802a55345a15116bc61da4
|
||||
193996187ed70d16730e9ae6b3bb8787ebcaea1871d850997ddc08b4f4ea668fb
|
||||
f37407ac044b55be0908ecb94d4ed172ece66fd31bfdadf2b97a8bc690163ee11
|
||||
f5b575a4b44e36e2bfb2f0fce91676fd64c7773bac6a003f481fddd0bae0a1f31
|
||||
aa27504e2a533af4cef3b623f4791b2cca6d490"""),
|
||||
("authack_ciphertext_v4",
|
||||
"""049f8abcfa9c0dc65b982e98af921bc0ba6e4243169348a236abe9df5f93aa69d
|
||||
99cadddaa387662b0ff2c08e9006d5a11a278b1b3331e5aaabf0a32f01281b6f4
|
||||
ede0e09a2d5f585b26513cb794d9635a57563921c04a9090b4f14ee42be1a5461
|
||||
049af4ea7a7f49bf4c97a352d39c8d02ee4acc416388c1c66cec761d2bc1c72da
|
||||
6ba143477f049c9d2dde846c252c111b904f630ac98e51609b3b1f58168ddca65
|
||||
05b7196532e5f85b259a20c45e1979491683fee108e9660edbf38f3add489ae73
|
||||
e3dda2c71bd1497113d5c755e942d1"""),
|
||||
("authack_ciphertext_eip8",
|
||||
"""01ea0451958701280a56482929d3b0757da8f7fbe5286784beead59d95089c217
|
||||
c9b917788989470b0e330cc6e4fb383c0340ed85fab836ec9fb8a49672712aeab
|
||||
bdfd1e837c1ff4cace34311cd7f4de05d59279e3524ab26ef753a0095637ac88f
|
||||
2b499b9914b5f64e143eae548a1066e14cd2f4bd7f814c4652f11b254f8a2d019
|
||||
1e2f5546fae6055694aed14d906df79ad3b407d94692694e259191cde171ad542
|
||||
fc588fa2b7333313d82a9f887332f1dfc36cea03f831cb9a23fea05b33deb999e
|
||||
85489e645f6aab1872475d488d7bd6c7c120caf28dbfc5d6833888155ed69d34d
|
||||
bdc39c1f299be1057810f34fbe754d021bfca14dc989753d61c413d261934e1a9
|
||||
c67ee060a25eefb54e81a4d14baff922180c395d3f998d70f46f6b58306f96962
|
||||
7ae364497e73fc27f6d17ae45a413d322cb8814276be6ddd13b885b201b943213
|
||||
656cde498fa0e9ddc8e0b8f8a53824fbd82254f3e2c17e8eaea009c38b4aa0a3f
|
||||
306e8797db43c25d68e86f262e564086f59a2fc60511c42abfb3057c247a8a8fe
|
||||
4fb3ccbadde17514b7ac8000cdb6a912778426260c47f38919a91f25f4b5ffb45
|
||||
5d6aaaf150f7e5529c100ce62d6d92826a71778d809bdf60232ae21ce8a437eca
|
||||
8223f45ac37f6487452ce626f549b3b5fdee26afd2072e4bc75833c2464c80524
|
||||
6155289f4"""),
|
||||
("authack_ciphertext_eip8_3f",
|
||||
"""01f004076e58aae772bb101ab1a8e64e01ee96e64857ce82b1113817c6cdd52c0
|
||||
9d26f7b90981cd7ae835aeac72e1573b8a0225dd56d157a010846d888dac7464b
|
||||
af53f2ad4e3d584531fa203658fab03a06c9fd5e35737e417bc28c1cbf5e5dfc6
|
||||
66de7090f69c3b29754725f84f75382891c561040ea1ddc0d8f381ed1b9d0d4ad
|
||||
2a0ec021421d847820d6fa0ba66eaf58175f1b235e851c7e2124069fbc202888d
|
||||
db3ac4d56bcbd1b9b7eab59e78f2e2d400905050f4a92dec1c4bdf797b3fc9b2f
|
||||
8e84a482f3d800386186712dae00d5c386ec9387a5e9c9a1aca5a573ca91082c7
|
||||
d68421f388e79127a5177d4f8590237364fd348c9611fa39f78dcdceee3f390f0
|
||||
7991b7b47e1daa3ebcb6ccc9607811cb17ce51f1c8c2c5098dbdd28fca547b3f5
|
||||
8c01a424ac05f869f49c6a34672ea2cbbc558428aa1fe48bbfd61158b1b735a65
|
||||
d99f21e70dbc020bfdface9f724a0d1fb5895db971cc81aa7608baa0920abb0a5
|
||||
65c9c436e2fd13323428296c86385f2384e408a31e104670df0791d93e743a3a5
|
||||
194ee6b076fb6323ca593011b7348c16cf58f66b9633906ba54a2ee803187344b
|
||||
394f75dd2e663a57b956cb830dd7a908d4f39a2336a61ef9fda549180d4ccde21
|
||||
514d117b6c6fd07a9102b5efe710a32af4eeacae2cb3b1dec035b9593b48b9d3c
|
||||
a4c13d245d5f04169b0b1"""),
|
||||
("auth2ack2_aes_secret",
|
||||
"80e8632c05fed6fc2a13b0f8d31a3cf645366239170ea067065aba8e28bac487"),
|
||||
("auth2ack2_mac_secret",
|
||||
"2ea74ec5dae199227dff1af715362700e989d889d7a493cb0639691efb8e5f98"),
|
||||
("auth2ack2_ingress_message", "foo"),
|
||||
("auth2ack2_ingress_mac",
|
||||
"0c7ec6340062cc46f5e9f1e3cf86f8c8c403c5a0964f5df0ebd34a75ddc86db5")
|
||||
]
|
||||
|
||||
proc testValue(s: string): string =
|
||||
for item in data:
|
||||
if item[0] == s:
|
||||
result = item[1]
|
||||
break
|
||||
|
||||
proc testE8Value(s: string): string =
|
||||
for item in eip8data:
|
||||
if item[0] == s:
|
||||
result = item[1]
|
||||
break
|
||||
|
||||
block:
|
||||
var initiator: Handshake
|
||||
var receiver: Handshake
|
||||
var m0, dm0: PlainAuthMessage
|
||||
var em0: AuthMessage
|
||||
|
||||
initiator = newHandshake({Initiator})
|
||||
receiver = newHandshake({Responder})
|
||||
initiator.host.seckey = getPrivateKey(testValue("initiator_private_key"))
|
||||
initiator.host.pubkey = initiator.host.seckey.getPublicKey()
|
||||
var epki = testValue("initiator_ephemeral_private_key")
|
||||
initiator.ephemeral.seckey = getPrivateKey(epki)
|
||||
initiator.ephemeral.pubkey = initiator.ephemeral.seckey.getPublicKey()
|
||||
receiver.host.seckey = getPrivateKey(testValue("receiver_private_key"))
|
||||
receiver.host.pubkey = receiver.host.seckey.getPublicKey()
|
||||
var epkr = testValue("receiver_ephemeral_private_key")
|
||||
receiver.ephemeral.seckey = getPrivateKey(epkr)
|
||||
receiver.ephemeral.pubkey = receiver.ephemeral.seckey.getPublicKey()
|
||||
var n0 = fromHex(stripSpaces(testValue("initiator_nonce")))
|
||||
initiator.initiatorNonce[0..^1] = n0[0..^1]
|
||||
var n1 = fromHex(stripSpaces(testValue("receiver_nonce")))
|
||||
receiver.responderNonce[0..^1] = n1[0..^1]
|
||||
|
||||
doAssert(authMessage(initiator, receiver.host.pubkey, m0) == Success)
|
||||
var m1 = fromHex(stripSpaces(testValue("auth_plaintext")))
|
||||
var m2 = fromHex(stripSpaces(pyevmAuth))
|
||||
|
||||
doAssert(m0[65..^1] == m1[65..^1])
|
||||
doAssert(m0[0..^1] == m2[0..^1])
|
||||
|
||||
# Check that encrypting and decrypting the auth_init gets us the orig msg.
|
||||
doAssert(encryptAuthMessage(m0, em0, receiver.host.pubkey) == Success)
|
||||
doAssert(decryptAuthMessage(em0, dm0, receiver.host.seckey) == Success)
|
||||
doAssert(m0[0..^1] == dm0[0..^1])
|
||||
|
||||
# Check that the responder correctly decodes the auth msg.
|
||||
doAssert(receiver.decodeAuthMessage(em0) == Success)
|
||||
|
||||
doAssert(receiver.initiatorNonce[0..^1] == n0[0..^1])
|
||||
let remoteEPubkey0 = initiator.ephemeral.pubkey.data
|
||||
doAssert(receiver.remoteEPubkey.data[0..^1] == remoteEPubkey0[0..^1])
|
||||
let remoteHPubkey0 = initiator.host.pubkey.data
|
||||
doAssert(receiver.remoteHPubkey.data[0..^1] == remoteHPubkey0[0..^1])
|
||||
|
||||
# Check that the auth_ack msg generated by the responder is what we expect.
|
||||
var k0: PlainAuthAckMessage
|
||||
var ek0: AuthAckMessage
|
||||
doAssert(receiver.authAckMessage(k0) == Success)
|
||||
var ac0 = fromHex(stripSpaces(testValue("authresp_plaintext")))
|
||||
doAssert(k0[0..^1] == ac0[0..^1])
|
||||
doAssert(receiver.initiatorNonce[0..^1] == n0[0..^1])
|
||||
doAssert(encryptAuthAckMessage(k0, ek0, receiver.remoteHPubkey) == Success)
|
||||
|
||||
# Check if initiator correctly decodes the auth ack msg.
|
||||
doAssert(initiator.decodeAckMessage(ek0) == Success)
|
||||
let remoteEPubkey1 = receiver.ephemeral.pubkey.data
|
||||
doAssert(initiator.remoteEPubkey.data[0..^1] == remoteEPubkey1[0..^1])
|
||||
let remoteHPubkey1 = receiver.host.pubkey.data
|
||||
doAssert(initiator.remoteHPubkey.data[0..^1] == remoteHPubkey1[0..^1])
|
||||
doAssert(initiator.responderNonce[0..^1] == n1[0..^1])
|
||||
|
||||
# Check that the secrets derived from ephemeral key agreements match
|
||||
# the expected values.
|
||||
var authm = fromHex(stripSpaces(testValue("auth_ciphertext")))
|
||||
var ackm = fromHex(stripSpaces(testValue("authresp_ciphertext")))
|
||||
var taes = fromHex(stripSpaces(testValue("aes_secret")))
|
||||
var tmac = fromHex(stripSpaces(testValue("mac_secret")))
|
||||
var temac = fromHex(stripSpaces(testValue("initial_egress_MAC")))
|
||||
var timac = fromHex(stripSpaces(testValue("initial_ingress_MAC")))
|
||||
|
||||
var csecInitiator: ConnectionSecret
|
||||
var csecResponder: ConnectionSecret
|
||||
|
||||
doAssert(initiator.getSecrets(addr authm[0], len(authm), addr ackm[0],
|
||||
len(ackm), csecInitiator) == Success)
|
||||
doAssert(receiver.getSecrets(addr authm[0], len(authm), addr ackm[0],
|
||||
len(ackm), csecResponder) == Success)
|
||||
|
||||
doAssert(csecInitiator.aesKey == csecResponder.aesKey)
|
||||
doAssert(csecInitiator.macKey == csecResponder.macKey)
|
||||
doAssert(taes[0..^1] == csecInitiator.aesKey[0..^1])
|
||||
doAssert(tmac[0..^1] == csecInitiator.macKey[0..^1])
|
||||
|
||||
doAssert(csecInitiator.egressMac[0..^1] == temac[0..^1])
|
||||
doAssert(csecInitiator.ingressMac[0..^1] == timac[0..^1])
|
||||
doAssert(csecResponder.egressMac[0..^1] == timac[0..^1])
|
||||
doAssert(csecResponder.ingressMac[0..^1] == temac[0..^1])
|
||||
|
||||
block:
|
||||
proc newTestHandshake(flags: set[HandshakeFlag]): Handshake =
|
||||
result = newHandshake(flags)
|
||||
if Initiator in flags:
|
||||
result.host.seckey = getPrivateKey(testE8Value("initiator_private_key"))
|
||||
result.host.pubkey = result.host.seckey.getPublicKey()
|
||||
let esec = testE8Value("initiator_ephemeral_private_key")
|
||||
result.ephemeral.seckey = getPrivateKey(esec)
|
||||
result.ephemeral.pubkey = result.ephemeral.seckey.getPublicKey()
|
||||
let nonce = fromHex(stripSpaces(testE8Value("initiator_nonce")))
|
||||
result.initiatorNonce[0..(KeyLength - 1)] = nonce[0..(KeyLength - 1)]
|
||||
elif Responder in flags:
|
||||
result.host.seckey = getPrivateKey(testE8Value("receiver_private_key"))
|
||||
result.host.pubkey = result.host.seckey.getPublicKey()
|
||||
let esec = testE8Value("receiver_ephemeral_private_key")
|
||||
result.ephemeral.seckey = getPrivateKey(esec)
|
||||
result.ephemeral.pubkey = result.ephemeral.seckey.getPublicKey()
|
||||
let nonce = fromHex(stripSpaces(testE8Value("receiver_nonce")))
|
||||
result.responderNonce[0..(KeyLength - 1)] = nonce[0..(KeyLength - 1)]
|
||||
|
||||
block: # auth/ack v4
|
||||
var initiator = newTestHandshake({Initiator})
|
||||
var receiver = newTestHandshake({Responder})
|
||||
|
||||
# Check that the responder correctly decodes the auth msg.
|
||||
var m0 = fromHex(stripSpaces(testE8Value("auth_ciphertext_v4")))
|
||||
doAssert(receiver.decodeAuthMessage(m0) == Success)
|
||||
|
||||
doAssert(receiver.initiatorNonce[0..^1] ==
|
||||
initiator.initiatorNonce[0..^1])
|
||||
let remoteEPubkey0 = initiator.ephemeral.pubkey.data
|
||||
doAssert(receiver.remoteEPubkey.data[0..^1] == remoteEPubkey0[0..^1])
|
||||
let remoteHPubkey0 = initiator.host.pubkey.data
|
||||
doAssert(receiver.remoteHPubkey.data[0..^1] == remoteHPubkey0[0..^1])
|
||||
|
||||
# Check that the initiator correctly decodes the auth ack msg.
|
||||
var m1 = fromHex(stripSpaces(testE8Value("authack_ciphertext_v4")))
|
||||
doAssert(initiator.decodeAckMessage(m1) == Success)
|
||||
|
||||
let remoteEPubkey1 = receiver.ephemeral.pubkey.data
|
||||
doAssert(initiator.remoteEPubkey.data[0..^1] == remoteEPubkey1[0..^1])
|
||||
doAssert(initiator.responderNonce[0..^1] ==
|
||||
receiver.responderNonce[0..^1])
|
||||
|
||||
block: # auth/ack eip8
|
||||
var initiator = newTestHandshake({Initiator})
|
||||
var receiver = newTestHandshake({Responder})
|
||||
|
||||
# Check that the responder correctly decodes the auth msg.
|
||||
var m0 = fromHex(stripSpaces(testE8Value("auth_ciphertext_eip8")))
|
||||
doAssert(receiver.decodeAuthMessage(m0) == Success)
|
||||
|
||||
doAssert(receiver.initiatorNonce[0..^1] ==
|
||||
initiator.initiatorNonce[0..^1])
|
||||
let remoteEPubkey0 = initiator.ephemeral.pubkey.data
|
||||
doAssert(receiver.remoteEPubkey.data[0..^1] == remoteEPubkey0[0..^1])
|
||||
let remoteHPubkey0 = initiator.host.pubkey.data
|
||||
doAssert(receiver.remoteHPubkey.data[0..^1] == remoteHPubkey0[0..^1])
|
||||
|
||||
# Check that the initiator correctly decodes the auth ack msg.
|
||||
var m1 = fromHex(stripSpaces(testE8Value("authack_ciphertext_eip8")))
|
||||
doAssert(initiator.decodeAckMessage(m1) == Success)
|
||||
|
||||
let remoteEPubkey1 = receiver.ephemeral.pubkey.data
|
||||
doAssert(initiator.remoteEPubkey.data[0..^1] == remoteEPubkey1[0..^1])
|
||||
doAssert(initiator.responderNonce[0..^1] ==
|
||||
receiver.responderNonce[0..^1])
|
||||
|
||||
# Check that the secrets derived from ephemeral key agreements match
|
||||
# the expected values.
|
||||
var taes = fromHex(stripSpaces(testE8Value("auth2ack2_aes_secret")))
|
||||
var tmac = fromHex(stripSpaces(testE8Value("auth2ack2_mac_secret")))
|
||||
|
||||
var csecInitiator: ConnectionSecret
|
||||
var csecResponder: ConnectionSecret
|
||||
|
||||
doAssert(initiator.getSecrets(addr m0[0], len(m0), addr m1[0],
|
||||
len(m1), csecInitiator) == Success)
|
||||
doAssert(receiver.getSecrets(addr m0[0], len(m0), addr m1[0],
|
||||
len(m1), csecResponder) == Success)
|
||||
|
||||
doAssert(csecInitiator.aesKey == csecResponder.aesKey)
|
||||
doAssert(csecInitiator.macKey == csecResponder.macKey)
|
||||
doAssert(taes[0..^1] == csecInitiator.aesKey[0..^1])
|
||||
doAssert(tmac[0..^1] == csecInitiator.macKey[0..^1])
|
||||
|
||||
block: # auth/ack eip8 with 3 additional fields
|
||||
var initiator = newTestHandshake({Initiator})
|
||||
var receiver = newTestHandshake({Responder})
|
||||
|
||||
# Check that the responder correctly decodes the auth msg.
|
||||
var m0 = fromHex(stripSpaces(testE8Value("auth_ciphertext_eip8_3f")))
|
||||
doAssert(receiver.decodeAuthMessage(m0) == Success)
|
||||
|
||||
doAssert(receiver.initiatorNonce[0..^1] ==
|
||||
initiator.initiatorNonce[0..^1])
|
||||
let remoteEPubkey0 = initiator.ephemeral.pubkey.data
|
||||
doAssert(receiver.remoteEPubkey.data[0..^1] == remoteEPubkey0[0..^1])
|
||||
let remoteHPubkey0 = initiator.host.pubkey.data
|
||||
doAssert(receiver.remoteHPubkey.data[0..^1] == remoteHPubkey0[0..^1])
|
||||
|
||||
# Check that the initiator correctly decodes the auth ack msg.
|
||||
var m1 = fromHex(stripSpaces(testE8Value("authack_ciphertext_eip8_3f")))
|
||||
doAssert(initiator.decodeAckMessage(m1) == Success)
|
||||
|
||||
let remoteEPubkey1 = receiver.ephemeral.pubkey.data
|
||||
doAssert(initiator.remoteEPubkey.data[0..^1] == remoteEPubkey1[0..^1])
|
||||
doAssert(initiator.responderNonce[0..^1] ==
|
||||
receiver.responderNonce[0..^1])
|
||||
446
ethp2p/ecc.nim
Normal file
446
ethp2p/ecc.nim
Normal file
@ -0,0 +1,446 @@
|
||||
#
|
||||
# Ethereum P2P
|
||||
# (c) Copyright 2018
|
||||
# Status Research & Development GmbH
|
||||
#
|
||||
# See the file "LICENSE", included in this
|
||||
# distribution, for details about the copyright.
|
||||
#
|
||||
|
||||
## This module implements `libsecp256k1` ECC/ECDH functions
|
||||
|
||||
import secp256k1, hexdump, nimcrypto/sysrand, nimcrypto/utils
|
||||
|
||||
const
|
||||
KeyLength* = 32
|
||||
PublicKeyLength* = 64
|
||||
SignatureLength* = 65
|
||||
|
||||
|
||||
type
|
||||
EccContext* = ref object of RootRef
|
||||
context*: ptr secp256k1_context
|
||||
error*: string
|
||||
|
||||
EccStatus* = enum
|
||||
Success, ## Operation was successful
|
||||
Error ## Operation failed
|
||||
|
||||
PublicKey* = secp256k1_pubkey
|
||||
## Representation of public key
|
||||
|
||||
PrivateKey* = array[KeyLength, byte]
|
||||
## Representation of secret key
|
||||
|
||||
SharedSecret* = array[KeyLength, byte]
|
||||
## Representation of ECDH shared secret
|
||||
|
||||
Nonce* = array[KeyLength, byte]
|
||||
## Representation of nonce
|
||||
|
||||
RawPublickey* = object
|
||||
## Representation of serialized public key
|
||||
header*: byte
|
||||
data*: array[KeyLength * 2, byte]
|
||||
|
||||
KeyPair* = object
|
||||
## Representation of private/public keys pair
|
||||
seckey*: PrivateKey
|
||||
pubkey*: PublicKey
|
||||
|
||||
Signature* = secp256k1_ecdsa_recoverable_signature
|
||||
## Representation of signature
|
||||
|
||||
RawSignature* = object
|
||||
## Representation of serialized signature
|
||||
data*: array[KeyLength * 2 + 1, byte]
|
||||
|
||||
Secp256k1Exception* = object of Exception
|
||||
## Exceptions generated by `libsecp256k1`
|
||||
EccException* = object of Exception
|
||||
## Exception generated by this module
|
||||
|
||||
var eccContext* {.threadvar.}: EccContext
|
||||
## Thread local variable which holds current context
|
||||
|
||||
proc illegalCallback(message: cstring; data: pointer) {.cdecl.} =
|
||||
let ctx = cast[EccContext](data)
|
||||
ctx.error = $message
|
||||
|
||||
proc errorCallback(message: cstring, data: pointer) {.cdecl.} =
|
||||
let ctx = cast[EccContext](data)
|
||||
ctx.error = $message
|
||||
|
||||
proc newEccContext*(): EccContext =
|
||||
## Create new `EccContext`.
|
||||
result = new EccContext
|
||||
let flags = cuint(SECP256K1_CONTEXT_VERIFY or SECP256K1_CONTEXT_SIGN)
|
||||
result.context = secp256k1_context_create(flags)
|
||||
secp256k1_context_set_illegal_callback(result.context, illegalCallback,
|
||||
cast[pointer](result))
|
||||
secp256k1_context_set_error_callback(result.context, errorCallback,
|
||||
cast[pointer](result))
|
||||
result.error = ""
|
||||
|
||||
proc getSecpContext*(): ptr secp256k1_context =
|
||||
## Get current `secp256k1_context`
|
||||
if isNil(eccContext):
|
||||
eccContext = newEccContext()
|
||||
result = eccContext.context
|
||||
|
||||
proc getEccContext*(): EccContext =
|
||||
## Get current `EccContext`
|
||||
if isNil(eccContext):
|
||||
eccContext = newEccContext()
|
||||
result = eccContext
|
||||
|
||||
template raiseSecp256k1Error*() =
|
||||
## Raises `libsecp256k1` error as exception
|
||||
let mctx = getEccContext()
|
||||
if len(mctx.error) > 0:
|
||||
var msg = mctx.error
|
||||
mctx.error.setLen(0)
|
||||
raise newException(Secp256k1Exception, msg)
|
||||
|
||||
proc eccErrorMsg*(): string =
|
||||
let mctx = getEccContext()
|
||||
result = mctx.error
|
||||
|
||||
proc setErrorMsg*(m: string) =
|
||||
let mctx = getEccContext()
|
||||
mctx.error = m
|
||||
|
||||
proc getRaw*(pubkey: PublicKey): RawPublickey =
|
||||
## Converts public key `pubkey` to serialized form of `secp256k1_pubkey`.
|
||||
var length = csize(sizeof(RawPublickey))
|
||||
let ctx = getSecpContext()
|
||||
if secp256k1_ec_pubkey_serialize(ctx, cast[ptr cuchar](addr result),
|
||||
addr length, unsafeAddr pubkey,
|
||||
SECP256K1_EC_UNCOMPRESSED) != 1:
|
||||
raiseSecp256k1Error()
|
||||
if length != 65:
|
||||
raise newException(EccException, "Invalid public key length!")
|
||||
if result.header != 0x04'u8:
|
||||
raise newException(EccException, "Invalid public key header!")
|
||||
|
||||
proc getRaw*(s: Signature): RawSignature =
|
||||
## Converts signature `s` to serialized form.
|
||||
let ctx = getSecpContext()
|
||||
var recid = cint(0)
|
||||
if secp256k1_ecdsa_recoverable_signature_serialize_compact(
|
||||
ctx, cast[ptr cuchar](unsafeAddr result), addr recid, unsafeAddr s) != 1:
|
||||
raiseSecp256k1Error()
|
||||
result.data[64] = uint8(recid)
|
||||
|
||||
proc signMessage*(seckey: PrivateKey, data: ptr byte, length: int,
|
||||
sig: var Signature): EccStatus =
|
||||
## Sign message pointed by `data` with size `length` and save signature to
|
||||
## `sig`.
|
||||
let ctx = getSecpContext()
|
||||
if secp256k1_ecdsa_sign_recoverable(ctx, addr sig,
|
||||
cast[ptr cuchar](data),
|
||||
cast[ptr cuchar](unsafeAddr seckey[0]),
|
||||
nil, nil) != 1:
|
||||
return(Error)
|
||||
return(Success)
|
||||
|
||||
proc signMessage*[T](seckey: PrivateKey, data: openarray[T],
|
||||
sig: var Signature, ostart: int = 0,
|
||||
ofinish: int = -1): EccStatus =
|
||||
## Sign message ``data``[`soffset`..`eoffset`] and store result into `sig`.
|
||||
let so = ostart
|
||||
let eo = if ofinish == -1: (len(data) - 1) else: ofinish
|
||||
let length = (eo - so + 1) * sizeof(T)
|
||||
# We don't need to check `so` because compiler will do it for `data[so]`.
|
||||
if eo >= len(data):
|
||||
setErrorMsg("Index is out of bounds!")
|
||||
return(Error)
|
||||
if len(data) < KeyLength or length < KeyLength:
|
||||
setErrorMsg("There no reason to sign this message!")
|
||||
return(Error)
|
||||
result = signMessage(seckey, cast[ptr byte](unsafeAddr data[so]),
|
||||
length, sig)
|
||||
|
||||
proc recoverSignatureKey*(data: ptr byte, length: int, message: ptr byte,
|
||||
pubkey: var PublicKey): EccStatus =
|
||||
## Check signature and return public key from `data` with size `length` and
|
||||
## `message`.
|
||||
let ctx = getSecpContext()
|
||||
var s: secp256k1_ecdsa_recoverable_signature
|
||||
if length >= 65:
|
||||
var recid = cint(cast[ptr UncheckedArray[byte]](data)[KeyLength * 2])
|
||||
if secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, addr s,
|
||||
cast[ptr cuchar](data),
|
||||
recid) != 1:
|
||||
return(Error)
|
||||
|
||||
if secp256k1_ecdsa_recover(ctx, addr pubkey, addr s,
|
||||
cast[ptr cuchar](message)) != 1:
|
||||
setErrorMsg("Message signature verification failed!")
|
||||
return(Error)
|
||||
return(Success)
|
||||
else:
|
||||
setErrorMsg("Incorrect signature size")
|
||||
return(Error)
|
||||
|
||||
proc recoverSignatureKey*[A, B](data: openarray[A],
|
||||
message: openarray[B],
|
||||
pubkey: var PublicKey,
|
||||
ostart: int = 0,
|
||||
ofinish: int = -1): EccStatus =
|
||||
## Check signature in ``data``[`soffset`..`eoffset`] and recover public key
|
||||
## from signature to ``pubkey`` using message `message`.
|
||||
if len(message) == 0:
|
||||
setErrorMsg("Message could not be empty!")
|
||||
return(Error)
|
||||
let so = ostart
|
||||
let eo = if ofinish == -1: (len(data) - 1) else: ofinish
|
||||
let length = (eo - so + 1) * sizeof(A)
|
||||
# We don't need to check `so` because compiler will do it for `data[so]`.
|
||||
if eo > len(data):
|
||||
setErrorMsg("Index is out of bounds!")
|
||||
return(Error)
|
||||
if length < sizeof(RawSignature) or len(data) < sizeof(RawSignature):
|
||||
setErrorMsg("Invalid signature size!")
|
||||
return(Error)
|
||||
result = recoverSignatureKey(cast[ptr byte](unsafeAddr data[so]), length,
|
||||
cast[ptr byte](unsafeAddr message[0]), pubkey)
|
||||
|
||||
proc ecdhAgree*(seckey: PrivateKey, pubkey: PublicKey,
|
||||
secret: var SharedSecret): EccStatus =
|
||||
## Calculate ECDH shared secret
|
||||
var res: array[KeyLength + 1, byte]
|
||||
let ctx = getSecpContext()
|
||||
if secp256k1_ecdh_raw(ctx, cast[ptr cuchar](addr res),
|
||||
unsafeAddr pubkey,
|
||||
cast[ptr cuchar](unsafeAddr seckey)) != 1:
|
||||
return(Error)
|
||||
copyMem(addr secret[0], addr res[1], KeyLength)
|
||||
return(Success)
|
||||
|
||||
proc getPublicKey*(seckey: PrivateKey): PublicKey =
|
||||
## Return public key for private key `seckey`.
|
||||
let ctx = getSecpContext()
|
||||
if secp256k1_ec_pubkey_create(ctx, addr result,
|
||||
cast[ptr cuchar](unsafeAddr seckey[0])) != 1:
|
||||
raiseSecp256k1Error()
|
||||
|
||||
|
||||
proc recoverPublicKey*(data: ptr byte, length: int,
|
||||
pubkey: var PublicKey): EccStatus =
|
||||
## Unserialize public key from `data` pointer and size `length` and'
|
||||
## set `pubkey`.
|
||||
let ctx = getSecpContext()
|
||||
if length < sizeof(PublicKey):
|
||||
setErrorMsg("Invalid public key!")
|
||||
return(Error)
|
||||
var rawkey: RawPublickey
|
||||
rawkey.header = 0x04 # mark key with COMPRESSED flag
|
||||
copyMem(addr rawkey.data[0], data, len(rawkey.data))
|
||||
if secp256k1_ec_pubkey_parse(ctx, addr pubkey,
|
||||
cast[ptr cuchar](addr rawkey),
|
||||
sizeof(RawPublickey)) != 1:
|
||||
return(Error)
|
||||
return(Success)
|
||||
|
||||
proc recoverPublicKey*[T](data: openarray[T], pubkey: var PublicKey,
|
||||
ostart: int = 0, ofinish: int = -1, ): EccStatus =
|
||||
## Unserialize public key from openarray[T] `data`, from position `ostart` to
|
||||
## position `ofinish` and save it to `pubkey`.
|
||||
let so = ostart
|
||||
let eo = if ofinish == -1: (len(data) - 1) else: ofinish
|
||||
let length = (eo - so + 1) * sizeof(T)
|
||||
# We don't need to check `so` because compiler will do it for `data[so]`.
|
||||
if eo > len(data):
|
||||
setErrorMsg("Index is out of bounds!")
|
||||
return(Error)
|
||||
if length < sizeof(PublicKey) or len(data) < sizeof(PublicKey):
|
||||
setErrorMsg("Invalid public key size!")
|
||||
return(Error)
|
||||
result = recoverPublicKey(cast[ptr byte](unsafeAddr data[so]), length,
|
||||
pubkey)
|
||||
|
||||
proc newPrivateKey*(): PrivateKey =
|
||||
## Generates new secret key.
|
||||
let ctx = getSecpContext()
|
||||
while true:
|
||||
if randomBytes(addr result[0], KeyLength) == KeyLength:
|
||||
if secp256k1_ec_seckey_verify(ctx, cast[ptr cuchar](addr result[0])) == 1:
|
||||
break
|
||||
|
||||
proc newKeyPair*(): KeyPair =
|
||||
## Generates new private and public key.
|
||||
result.seckey = newPrivateKey()
|
||||
result.pubkey = result.seckey.getPublicKey()
|
||||
|
||||
proc getPrivateKey*(hexstr: string): PrivateKey =
|
||||
## Set secret key from hexadecimal string representation.
|
||||
let ctx = getSecpContext()
|
||||
var o = fromHex(stripSpaces(hexstr))
|
||||
if len(o) < KeyLength:
|
||||
raise newException(EccException, "Invalid private key!")
|
||||
copyMem(addr result[0], unsafeAddr o[0], KeyLength)
|
||||
if secp256k1_ec_seckey_verify(ctx, cast[ptr cuchar](addr result[0])) != 1:
|
||||
raise newException(EccException, "Invalid private key!")
|
||||
|
||||
proc getPublicKey*(hexstr: string): PublicKey =
|
||||
## Set public key from hexadecimal string representation.
|
||||
var o = fromHex(stripSpaces(hexstr))
|
||||
if recoverPublicKey(o, result) != Success:
|
||||
raise newException(EccException, "Invalid public key!")
|
||||
|
||||
proc dump*(s: openarray[byte], c: string = ""): string =
|
||||
## Return hexadecimal dump of array `s`.
|
||||
result = if len(c) > 0: c & "=>\n" else: ""
|
||||
if len(s) > 0:
|
||||
result &= dumpHex(unsafeAddr s[0], len(s))
|
||||
else:
|
||||
result &= "[]"
|
||||
|
||||
proc dump*(s: PublicKey, c: string = ""): string =
|
||||
## Return hexadecimal dump of public key `s`.
|
||||
result = if len(c) > 0: c & "=>\n" else: ""
|
||||
result &= dumpHex(unsafeAddr s.data[0], sizeof(secp256k1_pubkey))
|
||||
|
||||
proc dump*(s: RawSignature, c: string = ""): string =
|
||||
## Return hexadecimal dump of serialized signature `s`.
|
||||
result = if len(c) > 0: c & "=>\n" else: ""
|
||||
result &= dumpHex(unsafeAddr s.data[0], sizeof(RawSignature))
|
||||
|
||||
proc dump*(s: RawPublickey, c: string = ""): string =
|
||||
## Return hexadecimal dump of serialized public key `s`.
|
||||
result = if len(c) > 0: c & "=>\n" else: ""
|
||||
result &= dumpHex(unsafeAddr s, sizeof(RawSignature))
|
||||
|
||||
proc dump*(s: secp256k1_ecdsa_recoverable_signature, c: string = ""): string =
|
||||
## Return hexadecimal dump of signature `s`.
|
||||
result = if len(c) > 0: c & "=>\n" else: ""
|
||||
result &= dumpHex(unsafeAddr s.data[0],
|
||||
sizeof(secp256k1_ecdsa_recoverable_signature))
|
||||
|
||||
proc dump*(p: pointer, s: int, c: string = ""): string =
|
||||
## Return hexadecimal dump of memory blob `p` and size `s`.
|
||||
result = if len(c) > 0: c & "=>\n" else: ""
|
||||
result &= dumpHex(p, s)
|
||||
|
||||
when isMainModule:
|
||||
import nimcrypto/hash, nimcrypto/keccak
|
||||
|
||||
proc compare(x: openarray[byte], y: openarray[byte]): bool =
|
||||
result = len(x) == len(y)
|
||||
if result:
|
||||
for i in 0..(len(x) - 1):
|
||||
if x[i] != y[i]:
|
||||
result = false
|
||||
break
|
||||
|
||||
block:
|
||||
# ECDHE test vectors
|
||||
# Copied from
|
||||
# https://github.com/ethereum/py-evm/blob/master/tests/p2p/test_ecies.py#L19
|
||||
const privateKeys = [
|
||||
"332143e9629eedff7d142d741f896258f5a1bfab54dab2121d3ec5000093d74b",
|
||||
"7ebbc6a8358bc76dd73ebc557056702c8cfc34e5cfcd90eb83af0347575fd2ad"
|
||||
]
|
||||
const publicKeys = [
|
||||
"""f0d2b97981bd0d415a843b5dfe8ab77a30300daab3658c578f2340308a2da1a07
|
||||
f0821367332598b6aa4e180a41e92f4ebbae3518da847f0b1c0bbfe20bcf4e1""",
|
||||
"""83ede0f19c3c98649265956a4193677b14c338a22de2086a08d84e4446fe37e4e
|
||||
233478259ec90dbeef52f4f6c890f8c38660ec7b61b9d439b8a6d1c323dc025"""
|
||||
]
|
||||
const sharedSecrets = [
|
||||
"ee1418607c2fcfb57fda40380e885a707f49000a5dda056d828b7d9bd1f29a08",
|
||||
"167ccc13ac5e8a26b131c3446030c60fbfac6aa8e31149d0869f93626a4cdf62"
|
||||
]
|
||||
var secret: array[KeyLength, byte]
|
||||
for i in 0..1:
|
||||
var s = privateKeys[i].getPrivateKey()
|
||||
var p = publicKeys[i].getPublicKey()
|
||||
doAssert(ecdhAgree(s, p, secret) == Success)
|
||||
var check = fromHex(stripSpaces(sharedSecrets[i]))
|
||||
doAssert(compare(check, secret))
|
||||
|
||||
block:
|
||||
# ECDHE test vectors
|
||||
# Copied from https://github.com/ethereum/cpp-ethereum/blob/develop/test/unittests/libdevcrypto/crypto.cpp#L394
|
||||
var expect = """
|
||||
8ac7e464348b85d9fdfc0a81f2fdc0bbbb8ee5fb3840de6ed60ad9372e718977"""
|
||||
var secret: array[KeyLength, byte]
|
||||
var s = keccak256.digest("ecdhAgree").data
|
||||
var p = s.getPublicKey()
|
||||
doAssert(ecdhAgree(s, p, secret) == Success)
|
||||
var check = fromHex(stripSpaces(expect))
|
||||
doAssert(compare(check, secret))
|
||||
|
||||
block:
|
||||
# ECDHE test vectors
|
||||
# Copied from https://github.com/ethereum/cpp-ethereum/blob/2409d7ec7d34d5ff5770463b87eb87f758e621fe/test/unittests/libp2p/rlpx.cpp#L425
|
||||
var s0 = """
|
||||
332143e9629eedff7d142d741f896258f5a1bfab54dab2121d3ec5000093d74b"""
|
||||
var p0 = """
|
||||
f0d2b97981bd0d415a843b5dfe8ab77a30300daab3658c578f2340308a2da1a0
|
||||
7f0821367332598b6aa4e180a41e92f4ebbae3518da847f0b1c0bbfe20bcf4e1"""
|
||||
var e0 = """
|
||||
ee1418607c2fcfb57fda40380e885a707f49000a5dda056d828b7d9bd1f29a08"""
|
||||
var secret: array[KeyLength, byte]
|
||||
var s = getPrivateKey(s0)
|
||||
var p = getPublicKey(p0)
|
||||
var check = fromHex(stripSpaces(e0))
|
||||
doAssert(ecdhAgree(s, p, secret) == Success)
|
||||
doAssert(compare(check, secret))
|
||||
|
||||
block:
|
||||
# ECDSA test vectors
|
||||
# Copied from https://github.com/ethereum/cpp-ethereum/blob/develop/test/unittests/libdevcrypto/crypto.cpp#L132
|
||||
var signature = """
|
||||
b826808a8c41e00b7c5d71f211f005a84a7b97949d5e765831e1da4e34c9b8295d
|
||||
2a622eee50f25af78241c1cb7cfff11bcf2a13fe65dee1e3b86fd79a4e3ed000"""
|
||||
var pubkey = """
|
||||
e40930c838d6cca526795596e368d16083f0672f4ab61788277abfa23c3740e1cc
|
||||
84453b0b24f49086feba0bd978bb4446bae8dff1e79fcc1e9cf482ec2d07c3"""
|
||||
var check1 = fromHex(stripSpaces(signature))
|
||||
var check2 = fromHex(stripSpaces(pubkey))
|
||||
var sig: Signature
|
||||
var key: PublicKey
|
||||
var s = keccak256.digest("sec").data
|
||||
var m = keccak256.digest("msg").data
|
||||
doAssert(signMessage(s, m, sig) == Success)
|
||||
var sersig = sig.getRaw().data
|
||||
doAssert(recoverSignatureKey(sersig, m, key) == Success)
|
||||
var serkey = key.getRaw().data
|
||||
doAssert(compare(sersig, check1))
|
||||
doAssert(compare(serkey, check2))
|
||||
|
||||
block:
|
||||
# signature test
|
||||
var rkey: PublicKey
|
||||
var sig: Signature
|
||||
for i in 1..100:
|
||||
var m = newPrivateKey()
|
||||
var s = newPrivateKey()
|
||||
var key = s.getPublicKey()
|
||||
doAssert(signMessage(s, m, sig) == Success)
|
||||
var sersig = sig.getRaw().data
|
||||
doAssert(recoverSignatureKey(sersig, m, rkey) == Success)
|
||||
doAssert(key == rkey)
|
||||
|
||||
block:
|
||||
# key create/recovery test
|
||||
var rkey: PublicKey
|
||||
for i in 1..100:
|
||||
var s = newPrivateKey()
|
||||
var key = s.getPublicKey()
|
||||
doAssert(recoverPublicKey(key.getRaw().data, rkey) == Success)
|
||||
doAssert(key == rkey)
|
||||
|
||||
block:
|
||||
# ECDHE shared secret test
|
||||
var secret1, secret2: SharedSecret
|
||||
for i in 1..100:
|
||||
var aliceSecret = newPrivateKey()
|
||||
var alicePublic = aliceSecret.getPublicKey()
|
||||
var bobSecret = newPrivateKey()
|
||||
var bobPublic = bobSecret.getPublicKey()
|
||||
doAssert(ecdhAgree(aliceSecret, bobPublic, secret1) == Success)
|
||||
doAssert(ecdhAgree(bobSecret, alicePublic, secret2) == Success)
|
||||
doAssert(secret1 == secret2)
|
||||
493
ethp2p/ecies.nim
Normal file
493
ethp2p/ecies.nim
Normal file
@ -0,0 +1,493 @@
|
||||
#
|
||||
# Ethereum P2P
|
||||
# (c) Copyright 2018
|
||||
# Status Research & Development GmbH
|
||||
#
|
||||
# See the file "LICENSE", included in this
|
||||
# distribution, for details about the copyright.
|
||||
#
|
||||
|
||||
## This module implements ECIES method encryption/decryption.
|
||||
|
||||
import ecc, nimcrypto/sha2, nimcrypto/hash, nimcrypto/hmac
|
||||
import nimcrypto/rijndael, nimcrypto/utils, nimcrypto/sysrand
|
||||
import nimcrypto/bcmode, nimcrypto/utils
|
||||
|
||||
type
|
||||
EciesException* = object of Exception
|
||||
EciesStatus* = enum
|
||||
Success, ## Operation was successful
|
||||
BufferOverrun, ## Output buffer size is too small
|
||||
EmptyMessage, ## Attempt to encrypt/decrypt empty message
|
||||
RandomError, ## Could not obtain random data
|
||||
EcdhError, ## ECDH shared secret could not be calculated
|
||||
IncorrectSize, ## ECIES data has incorrect size (size is too low)
|
||||
WrongHeader, ## ECIES header is incorrect
|
||||
IncorrectKey, ## Recovered public key is invalid
|
||||
IncorrectTag ## ECIES tag verification failed
|
||||
|
||||
template eciesOverheadLength*(): int =
|
||||
## Return data overhead size for ECIES encrypted message
|
||||
1 + sizeof(PublicKey) + aes128.sizeBlock + sha256.sizeDigest
|
||||
|
||||
template eciesEncryptedLength*(size: int): int =
|
||||
## Return size of encrypted message for message with size `size`.
|
||||
size + eciesOverheadLength()
|
||||
|
||||
template eciesDecryptedLength*(size: int): int =
|
||||
## Return size of decrypted message for encrypted message with size `size`.
|
||||
size - eciesOverheadLength()
|
||||
|
||||
template eciesMacLength(size: int): int =
|
||||
## Return size of authenticated data
|
||||
size + aes128.sizeBlock
|
||||
|
||||
template eciesMacPos(size: int): int =
|
||||
## Return position of MAC code in encrypted block
|
||||
size - sha256.sizeDigest
|
||||
|
||||
template eciesIvPos(): int =
|
||||
## Return position of IV in encrypted block
|
||||
sizeof(PublicKey) + 1
|
||||
|
||||
template eciesDataPos(): int =
|
||||
## Return position of encrypted data in block
|
||||
sizeof(PublicKey) + 1 + aes128.sizeBlock
|
||||
|
||||
proc kdf*(data: openarray[byte]): array[KeyLength, byte] {.noInit.} =
|
||||
## NIST SP 800-56a Concatenation Key Derivation Function (see section 5.8.1)
|
||||
var ctx: sha256
|
||||
var counter: uint32
|
||||
var counterLe: uint32
|
||||
let reps = ((KeyLength + 7) * 8) div (int(ctx.sizeDigest) * 8)
|
||||
var offset = 0
|
||||
var storage = newSeq[byte](KeyLength * (reps + 1))
|
||||
while counter <= uint32(reps):
|
||||
counter = counter + 1
|
||||
counterLe = LSWAP(counter)
|
||||
ctx.init()
|
||||
ctx.update(cast[ptr byte](addr counterLe), uint(sizeof(uint32)))
|
||||
ctx.update(unsafeAddr data[0], uint(len(data)))
|
||||
var hash = ctx.finish().data
|
||||
copyMem(addr storage[offset], addr hash[0], ctx.sizeDigest)
|
||||
offset = offset + int(ctx.sizeDigest)
|
||||
ctx.init() # clean ctx
|
||||
copyMem(addr result[0], addr storage[0], KeyLength)
|
||||
|
||||
proc eciesEncrypt*(inp, oup: ptr byte, inl, oul: int, pubkey: PublicKey,
|
||||
shmac: ptr byte = nil, shlen: int = 0): EciesStatus =
|
||||
## Encrypt data with ECIES method to the given public key `pubkey`.
|
||||
##
|
||||
## `inp` - [INPUT] pointer to input data
|
||||
## `oup` - [INPUT] pointer to output data
|
||||
## `inl` - [INPUT] input data size
|
||||
## `oul` - [INPUT] output data size
|
||||
## `pubkey` - [INPUT] Ecc secp256k1 public key
|
||||
## `shmac` - [INPUT] additional mac data
|
||||
## `shlen` - [INPUT] additional mac data size
|
||||
|
||||
var
|
||||
encKey: array[KeyLength div 2, byte]
|
||||
macKey: array[KeyLength, byte]
|
||||
cipher: CTR[aes128]
|
||||
ctx: HMAC[sha256]
|
||||
iv: array[aes128.sizeBlock, byte]
|
||||
tag: array[sha256.sizeDigest, byte]
|
||||
secret: SharedSecret
|
||||
material: array[KeyLength, byte]
|
||||
|
||||
assert(not isNil(inp) and not isNil(oup))
|
||||
assert(inl > 0 and oul > 0)
|
||||
|
||||
if oul < eciesEncryptedLength(inl):
|
||||
return(BufferOverrun)
|
||||
if randomBytes(addr iv[0], len(iv)) != len(iv):
|
||||
return(RandomError)
|
||||
|
||||
var ephemeral = newKeyPair()
|
||||
var output = cast[ptr UncheckedArray[byte]](oup)
|
||||
var epub = ephemeral.pubkey.getRaw()
|
||||
|
||||
if ecdhAgree(ephemeral.seckey, pubkey, secret) != EccStatus.Success:
|
||||
return(EcdhError)
|
||||
|
||||
material = kdf(secret)
|
||||
zeroMem(addr secret[0], sizeof(SharedSecret)) # clean shared secret
|
||||
copyMem(addr encKey[0], addr material[0], KeyLength div 2)
|
||||
macKey = sha256.digest(material, KeyLength div 2).data
|
||||
zeroMem(addr material[0], KeyLength) # clean material
|
||||
|
||||
cipher.init(addr encKey[0], addr iv[0])
|
||||
cipher.encrypt(inp, cast[ptr byte](addr output[eciesDataPos()]), uint(inl))
|
||||
zeroMem(addr encKey[0], KeyLength div 2) # clean encKey
|
||||
zeroMem(addr cipher, sizeof(CTR[aes128])) # clean cipher context
|
||||
|
||||
output[0] = 0x04
|
||||
copyMem(addr output[1], addr epub.data[0], sizeof(PublicKey))
|
||||
copyMem(addr output[eciesIvPos()], addr iv[0], aes128.sizeBlock)
|
||||
|
||||
ctx.init(addr macKey[0], uint(len(macKey)))
|
||||
ctx.update(addr output[eciesIvPos()], uint(eciesMacLength(inl)))
|
||||
if not isNil(shmac) and shlen > 0:
|
||||
ctx.update(shmac, uint(shlen))
|
||||
tag = ctx.finish().data
|
||||
zeroMem(addr ctx, sizeof(HMAC[sha256])) # clean hmac context
|
||||
zeroMem(addr macKey[0], KeyLength) # clean macKey
|
||||
copyMem(addr output[eciesDataPos() + inl], addr tag[0], sha256.sizeDigest)
|
||||
result = Success
|
||||
|
||||
proc eciesDecrypt*(inp, oup: ptr byte, inl, oul: int, seckey: PrivateKey,
|
||||
shmac: ptr byte = nil, shlen: int = 0): EciesStatus =
|
||||
## Decrypt data with ECIES method using the given private key `seckey`.
|
||||
##
|
||||
## `inp` - [INPUT] pointer to input data
|
||||
## `oup` - [INPUT] pointer to output data
|
||||
## `inl` - [INPUT] input data size
|
||||
## `oul` - [INPUT] output data size
|
||||
## `seckey` - [INPUT] Ecc secp256k1 private key
|
||||
## `shmac` - [INPUT] additional mac data (default = nil)
|
||||
## `shlen` - [INPUT] additional mac data size (default = 0)
|
||||
|
||||
var
|
||||
pubkey: PublicKey
|
||||
encKey: array[KeyLength div 2, byte]
|
||||
macKey: array[KeyLength, byte]
|
||||
tag: array[sha256.sizeDigest, byte]
|
||||
cipher: CTR[aes128]
|
||||
ctx: HMAC[sha256]
|
||||
secret: SharedSecret
|
||||
|
||||
assert(not isNil(inp) and not isNil(oup))
|
||||
assert(inl > 0 and oul > 0)
|
||||
|
||||
var input = cast[ptr UncheckedArray[byte]](inp)
|
||||
if inl <= eciesOverheadLength():
|
||||
return(IncorrectSize)
|
||||
if inl - eciesOverheadLength() > oul:
|
||||
return(BufferOverrun)
|
||||
if input[0] != 0x04:
|
||||
return(WrongHeader)
|
||||
|
||||
if recoverPublicKey(addr input[1], KeyLength * 2,
|
||||
pubkey) != EccStatus.Success:
|
||||
return(IncorrectKey)
|
||||
if ecdhAgree(seckey, pubkey, secret) != EccStatus.Success:
|
||||
return(EcdhError)
|
||||
|
||||
var material = kdf(secret)
|
||||
zeroMem(addr secret[0], sizeof(SharedSecret)) # clean shared secret
|
||||
copyMem(addr encKey[0], addr material[0], KeyLength div 2)
|
||||
macKey = sha256.digest(material, KeyLength div 2).data
|
||||
zeroMem(addr material[0], KeyLength) # clean material
|
||||
|
||||
let macsize = eciesMacLength(inl - eciesOverheadLength())
|
||||
ctx.init(addr macKey[0], uint(len(macKey)))
|
||||
|
||||
ctx.update(addr input[eciesIvPos()], uint(macsize))
|
||||
if not isNil(shmac) and shlen > 0:
|
||||
ctx.update(shmac, uint(shlen))
|
||||
tag = ctx.finish().data
|
||||
zeroMem(addr ctx, sizeof(HMAC[sha256])) # clean hmac context
|
||||
zeroMem(addr macKey[0], KeyLength) # clean macKey
|
||||
|
||||
if not equalMem(addr tag[0], addr input[eciesMacPos(inl)], sha256.sizeDigest):
|
||||
return(IncorrectTag)
|
||||
|
||||
cipher.init(addr encKey[0], addr input[eciesIvPos()])
|
||||
cipher.decrypt(cast[ptr byte](addr input[eciesDataPos()]),
|
||||
cast[ptr byte](oup), uint(inl - eciesOverheadLength()))
|
||||
|
||||
zeroMem(addr encKey[0], KeyLength div 2) # clean encKey
|
||||
zeroMem(addr cipher, sizeof(CTR[aes128])) # clean cipher context
|
||||
result = Success
|
||||
|
||||
proc eciesEncrypt*[A, B](input: openarray[A],
|
||||
pubkey: PublicKey,
|
||||
output: var openarray[B],
|
||||
outlen: var int,
|
||||
ostart: int = 0,
|
||||
ofinish: int = -1): EciesStatus =
|
||||
## Encrypt data with ECIES method to the given public key `pubkey`.
|
||||
##
|
||||
## `input` - [INPUT] input data
|
||||
## `pubkey` - [INPUT] Ecc secp256k1 public key
|
||||
## `output` - [OUTPUT] output data
|
||||
## `outlen` - [OUTPUT] output data size
|
||||
## `ostart` - [INPUT] starting index in `data` (default = -1, start of input)
|
||||
## `ofinish` - [INPUT] ending index in `data` (default = -1, whole input)
|
||||
##
|
||||
## Encryption is done on `data` with inclusive range [ostart, ofinish]
|
||||
## Negative values of `ostart` and `ofinish` are treated as index with value
|
||||
## (len(data) + `ostart/ofinish`).
|
||||
|
||||
let so = if ostart < 0: (len(input) + ostart) else: ostart
|
||||
let eo = if ofinish < 0: (len(input) + ofinish) else: ofinish
|
||||
let length = (eo - so + 1) * sizeof(A)
|
||||
# We don't need to check `so` because compiler will do it for `data[so]`.
|
||||
if eo >= len(input):
|
||||
return(BufferOverrun)
|
||||
if len(input) == 0:
|
||||
return(EmptyMessage)
|
||||
let esize = eciesEncryptedLength(length)
|
||||
if (len(output) * sizeof(B)) < esize:
|
||||
return(BufferOverrun)
|
||||
outlen = esize
|
||||
result = eciesEncrypt(cast[ptr byte](unsafeAddr input[so]), addr output[0],
|
||||
length, esize, pubkey)
|
||||
|
||||
proc eciesEncrypt*[A, B, C](input: openarray[A],
|
||||
pubkey: PublicKey,
|
||||
output: var openarray[B],
|
||||
outlen: var int,
|
||||
shmac: openarray[C],
|
||||
ostart: int = 0,
|
||||
ofinish: int = -1): EciesStatus =
|
||||
## Encrypt data with ECIES method to the given public key `pubkey`.
|
||||
##
|
||||
## `input` - [INPUT] input data
|
||||
## `pubkey` - [INPUT] Ecc secp256k1 public key
|
||||
## `output` - [OUTPUT] output data
|
||||
## `outlen` - [OUTPUT] output data size
|
||||
## `shmac` - [INPUT] additional mac data
|
||||
## `ostart` - [INPUT] starting index in `data` (default = -1, start of input)
|
||||
## `ofinish` - [INPUT] ending index in `data` (default = -1, whole input)
|
||||
##
|
||||
## Encryption is done on `data` with inclusive range [ostart, ofinish]
|
||||
## Negative values of `ostart` and `ofinish` are treated as index with value
|
||||
## (len(data) + `ostart/ofinish`).
|
||||
|
||||
let so = if ostart < 0: (len(input) + ostart) else: ostart
|
||||
let eo = if ofinish < 0: (len(input) + ofinish) else: ofinish
|
||||
let length = (eo - so + 1) * sizeof(A)
|
||||
# We don't need to check `so` because compiler will do it for `data[so]`.
|
||||
if eo >= len(input):
|
||||
return(BufferOverrun)
|
||||
if len(input) == 0:
|
||||
return(EmptyMessage)
|
||||
let esize = eciesEncryptedLength(length)
|
||||
if len(output) * sizeof(B) < esize:
|
||||
return(BufferOverrun)
|
||||
outlen = esize
|
||||
result = eciesEncrypt(cast[ptr byte](unsafeAddr input[so]), addr output[0],
|
||||
length, esize, pubkey,
|
||||
cast[ptr byte](unsafeAddr shmac[0]),
|
||||
len(shmac) * sizeof(C))
|
||||
|
||||
proc eciesDecrypt*[A, B](input: openarray[A],
|
||||
seckey: PrivateKey,
|
||||
output: var openarray[B],
|
||||
outlen: var int,
|
||||
ostart: int = 0,
|
||||
ofinish: int = -1): EciesStatus =
|
||||
## Decrypt data with ECIES method using given private key `seckey`.
|
||||
##
|
||||
## `input` - [INPUT] input data
|
||||
## `seckey` - [INPUT] Ecc secp256k1 private key
|
||||
## `output` - [OUTPUT] output data
|
||||
## `outlen` - [OUTPUT] output data size
|
||||
## `ostart` - [INPUT] starting index in `data` (default = -1, start of input)
|
||||
## `ofinish` - [INPUT] ending index in `data` (default = -1, whole input)
|
||||
##
|
||||
## Decryption is done on `data` with inclusive range [ostart, ofinish]
|
||||
|
||||
let so = if ostart < 0: (len(input) + ostart) else: ostart
|
||||
let eo = if ofinish < 0: (len(input) + ofinish) else: ofinish
|
||||
let length = (eo - so + 1) * sizeof(A)
|
||||
# We don't need to check `so` because compiler will do it for `data[so]`.
|
||||
if eo >= len(input):
|
||||
return(BufferOverrun)
|
||||
if len(input) == 0:
|
||||
return(EmptyMessage)
|
||||
let dsize = eciesDecryptedLength(length)
|
||||
if len(output) * sizeof(B) < dsize:
|
||||
return(BufferOverrun)
|
||||
outlen = dsize
|
||||
result = eciesDecrypt(cast[ptr byte](unsafeAddr input[so]), addr output[0],
|
||||
length, dsize, seckey)
|
||||
|
||||
proc eciesDecrypt*[A, B, C](input: openarray[A],
|
||||
seckey: PrivateKey,
|
||||
output: var openarray[B],
|
||||
outlen: var int,
|
||||
shmac: openarray[C],
|
||||
ostart: int = 0,
|
||||
ofinish: int = -1): EciesStatus =
|
||||
## Decrypt data with ECIES method using given private key `seckey`.
|
||||
##
|
||||
## `input` - [INPUT] input data
|
||||
## `seckey` - [INPUT] Ecc secp256k1 private key
|
||||
## `output` - [OUTPUT] output data
|
||||
## `outlen` - [OUTPUT] output data size
|
||||
## `shmac` - additional mac data
|
||||
## `ostart` - starting index in `data` (default = -1, data[0])
|
||||
## `ofinish` - ending index in `data` (default = -1, data[len(data) - 1])
|
||||
##
|
||||
## Decryption is done on `data` with inclusive range [ostart, ofinish]
|
||||
|
||||
let so = if ostart < 0: (len(input) + ostart) else: ostart
|
||||
let eo = if ofinish < 0: (len(input) + ofinish) else: ofinish
|
||||
let length = (eo - so + 1) * sizeof(A)
|
||||
# We don't need to check `so` because compiler will do it for `data[so]`.
|
||||
if eo >= len(input):
|
||||
return(BufferOverrun)
|
||||
if len(input) == 0:
|
||||
return(EmptyMessage)
|
||||
let dsize = eciesDecryptedLength(length)
|
||||
if len(output) * sizeof(B) < dsize:
|
||||
return(BufferOverrun)
|
||||
outlen = dsize
|
||||
result = eciesDecrypt(cast[ptr byte](unsafeAddr input[so]), addr output[0],
|
||||
length, dsize, seckey,
|
||||
cast[ptr byte](unsafeAddr shmac[0]),
|
||||
len(shmac) * sizeof(C))
|
||||
|
||||
when isMainModule:
|
||||
proc compare[A, B](x: openarray[A], y: openarray[B], s: int = 0): bool =
|
||||
result = true
|
||||
assert(s >= 0)
|
||||
var size = if s == 0: min(len(x), len(y)) else: min(s, min(len(x), len(y)))
|
||||
for i in 0..(size - 1):
|
||||
if x[i] != cast[A](y[i]):
|
||||
result = false
|
||||
break
|
||||
|
||||
block:
|
||||
# KDF test
|
||||
# Copied from https://github.com/ethereum/pydevp2p/blob/develop/devp2p/tests/test_ecies.py#L53
|
||||
let m0 = "961c065873443014e0371f1ed656c586c6730bf927415757f389d92acf8268df"
|
||||
let c0 = "4050c52e6d9c08755e5a818ac66fabe478b825b1836fd5efc4d44e40d04dabcc"
|
||||
var m = fromHex(stripSpaces(m0))
|
||||
var c = fromHex(stripSpaces(c0))
|
||||
var k = kdf(m)
|
||||
doAssert(compare(k, c))
|
||||
|
||||
block:
|
||||
# HMAC-SHA256 test
|
||||
# https://github.com/ethereum/py-evm/blob/master/tests/p2p/test_ecies.py#L64-L76
|
||||
const keys = [
|
||||
"07a4b6dfa06369a570f2dcba2f11a18f",
|
||||
"af6623e52208c596e17c72cea6f1cb09"
|
||||
]
|
||||
const datas = ["4dcb92ed4fc67fe86832", "3461282bcedace970df2"]
|
||||
const expects = [
|
||||
"c90b62b1a673b47df8e395e671a68bfa68070d6e2ef039598bb829398b89b9a9",
|
||||
"b3ce623bce08d5793677ba9441b22bb34d3e8a7de964206d26589df3e8eb5183"
|
||||
]
|
||||
for i in 0..1:
|
||||
var k = fromHex(stripSpaces(keys[i]))
|
||||
var m = fromHex(stripSpaces(datas[i]))
|
||||
var digest = sha256.hmac(k, m).data
|
||||
var check = fromHex(stripSpaces(expects[i]))
|
||||
doAssert(compare(digest, check))
|
||||
|
||||
block:
|
||||
# ECIES encryption
|
||||
var m = "Hello World!"
|
||||
var encr = newSeq[byte](eciesEncryptedLength(len(m)))
|
||||
var decr = newSeq[byte](len(m))
|
||||
var shmac = [0x13'u8, 0x13'u8]
|
||||
var outlen = 0
|
||||
var s = newPrivateKey()
|
||||
var p = s.getPublicKey()
|
||||
# Without additional mac data
|
||||
doAssert(eciesEncrypt(m, p, encr, outlen) == Success)
|
||||
doAssert(eciesDecrypt(encr, s, decr, outlen) == Success)
|
||||
doAssert(outlen == len(m))
|
||||
doAssert(equalMem(addr m[0], addr decr[0], outlen))
|
||||
# With additional mac data
|
||||
doAssert(eciesEncrypt(m, p, encr, outlen, shmac) == Success)
|
||||
doAssert(eciesDecrypt(encr, s, decr, outlen, shmac) == Success)
|
||||
doAssert(outlen == len(m))
|
||||
doAssert(equalMem(addr m[0], addr decr[0], outlen))
|
||||
|
||||
block:
|
||||
# ECIES
|
||||
# https://github.com/ethereum/py-evm/blob/master/tests/p2p/test_ecies.py#L43
|
||||
# https://github.com/ethereum/cpp-ethereum/blob/develop/test/unittests/libp2p/rlpx.cpp#L187
|
||||
const secretKeys = [
|
||||
"c45f950382d542169ea207959ee0220ec1491755abe405cd7498d6b16adb6df8",
|
||||
"5e173f6ac3c669587538e7727cf19b782a4f2fda07c1eaa662c593e5e85e3051"
|
||||
]
|
||||
const cipherText = [
|
||||
"""04a0274c5951e32132e7f088c9bdfdc76c9d91f0dc6078e848f8e3361193dbdc
|
||||
43b94351ea3d89e4ff33ddcefbc80070498824857f499656c4f79bbd97b6c51a
|
||||
514251d69fd1785ef8764bd1d262a883f780964cce6a14ff206daf1206aa073a
|
||||
2d35ce2697ebf3514225bef186631b2fd2316a4b7bcdefec8d75a1025ba2c540
|
||||
4a34e7795e1dd4bc01c6113ece07b0df13b69d3ba654a36e35e69ff9d482d88d
|
||||
2f0228e7d96fe11dccbb465a1831c7d4ad3a026924b182fc2bdfe016a6944312
|
||||
021da5cc459713b13b86a686cf34d6fe6615020e4acf26bf0d5b7579ba813e77
|
||||
23eb95b3cef9942f01a58bd61baee7c9bdd438956b426a4ffe238e61746a8c93
|
||||
d5e10680617c82e48d706ac4953f5e1c4c4f7d013c87d34a06626f498f34576d
|
||||
c017fdd3d581e83cfd26cf125b6d2bda1f1d56""",
|
||||
"""049934a7b2d7f9af8fd9db941d9da281ac9381b5740e1f64f7092f3588d4f87f
|
||||
5ce55191a6653e5e80c1c5dd538169aa123e70dc6ffc5af1827e546c0e958e42
|
||||
dad355bcc1fcb9cdf2cf47ff524d2ad98cbf275e661bf4cf00960e74b5956b79
|
||||
9771334f426df007350b46049adb21a6e78ab1408d5e6ccde6fb5e69f0f4c92b
|
||||
b9c725c02f99fa72b9cdc8dd53cff089e0e73317f61cc5abf6152513cb7d833f
|
||||
09d2851603919bf0fbe44d79a09245c6e8338eb502083dc84b846f2fee1cc310
|
||||
d2cc8b1b9334728f97220bb799376233e113"""
|
||||
]
|
||||
const expectText = [
|
||||
"""884c36f7ae6b406637c1f61b2f57e1d2cab813d24c6559aaf843c3f48962f32f
|
||||
46662c066d39669b7b2e3ba14781477417600e7728399278b1b5d801a519aa57
|
||||
0034fdb5419558137e0d44cd13d319afe5629eeccb47fd9dfe55cc6089426e46
|
||||
cc762dd8a0636e07a54b31169eba0c7a20a1ac1ef68596f1f283b5c676bae406
|
||||
4abfcce24799d09f67e392632d3ffdc12e3d6430dcb0ea19c318343ffa7aae74
|
||||
d4cd26fecb93657d1cd9e9eaf4f8be720b56dd1d39f190c4e1c6b7ec66f077bb
|
||||
1100""",
|
||||
"""802b052f8b066640bba94a4fc39d63815c377fced6fcb84d27f791c9921ddf3e
|
||||
9bf0108e298f490812847109cbd778fae393e80323fd643209841a3b7f110397
|
||||
f37ec61d84cea03dcc5e8385db93248584e8af4b4d1c832d8c7453c0089687a7
|
||||
00"""
|
||||
]
|
||||
var data: array[1024, byte]
|
||||
var outlen = 0
|
||||
for i in 0..1:
|
||||
var s = secretKeys[i].getPrivateKey()
|
||||
var cipher = fromHex(stripSpaces(cipherText[i]))
|
||||
var check = fromHex(stripSpaces(expectText[i]))
|
||||
var r = eciesDecrypt(cipher, s, data, outlen)
|
||||
doAssert(r == Success, $r)
|
||||
doAssert(outlen == len(check))
|
||||
doAssert(compare(data, check))
|
||||
|
||||
block:
|
||||
# ECIES
|
||||
# https://github.com/ethereum/cpp-ethereum/blob/develop/test/unittests/libp2p/rlpx.cpp#L432-L459
|
||||
const secretKeys = [
|
||||
"57baf2c62005ddec64c357d96183ebc90bf9100583280e848aa31d683cad73cb",
|
||||
"472413e97f1fd58d84e28a559479e6b6902d2e8a0cee672ef38a3a35d263886b",
|
||||
"472413e97f1fd58d84e28a559479e6b6902d2e8a0cee672ef38a3a35d263886b",
|
||||
"472413e97f1fd58d84e28a559479e6b6902d2e8a0cee672ef38a3a35d263886b"
|
||||
]
|
||||
const cipherData = [
|
||||
"""04ff2c874d0a47917c84eea0b2a4141ca95233720b5c70f81a8415bae1dc7b74
|
||||
6b61df7558811c1d6054333907333ef9bb0cc2fbf8b34abb9730d14e0140f455
|
||||
3f4b15d705120af46cf653a1dc5b95b312cf8444714f95a4f7a0425b67fc064d
|
||||
18f4d0a528761565ca02d97faffdac23de10""",
|
||||
"""046f647e1bd8a5cd1446d31513bac233e18bdc28ec0e59d46de453137a725995
|
||||
33f1e97c98154343420d5f16e171e5107999a7c7f1a6e26f57bcb0d2280655d0
|
||||
8fb148d36f1d4b28642d3bb4a136f0e33e3dd2e3cffe4b45a03fb7c5b5ea5e65
|
||||
617250fdc89e1a315563c20504b9d3a72555""",
|
||||
"""0443c24d6ccef3ad095140760bb143078b3880557a06392f17c5e368502d7953
|
||||
2bc18903d59ced4bbe858e870610ab0d5f8b7963dd5c9c4cf81128d10efd7c7a
|
||||
a80091563c273e996578403694673581829e25a865191bdc9954db14285b56eb
|
||||
0043b6288172e0d003c10f42fe413222e273d1d4340c38a2d8344d7aadcbc846
|
||||
ee""",
|
||||
"""04c4e40c86bb5324e017e598c6d48c19362ae527af8ab21b077284a4656c8735
|
||||
e62d73fb3d740acefbec30ca4c024739a1fcdff69ecaf03301eebf156eb5f17c
|
||||
ca6f9d7a7e214a1f3f6e34d1ee0ec00ce0ef7d2b242fbfec0f276e17941f9f1b
|
||||
fbe26de10a15a6fac3cda039904ddd1d7e06e7b96b4878f61860e47f0b84c8ce
|
||||
b64f6a900ff23844f4359ae49b44154980a626d3c73226c19e"""
|
||||
]
|
||||
const expectData = [
|
||||
"a", "a", "aaaaaaaaaaaaaaaa", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
]
|
||||
var data: array[1024, byte]
|
||||
var outlen = 0
|
||||
for i in 0..3:
|
||||
var s = secretKeys[i].getPrivateKey()
|
||||
var cipher = fromHex(stripSpaces(cipherData[i]))
|
||||
doAssert(eciesDecrypt(cipher, s, data, outlen) == Success)
|
||||
doAssert(outlen == len(expectData[i]))
|
||||
doAssert(compare(data, expectData[i]))
|
||||
92
ethp2p/hexdump.nim
Normal file
92
ethp2p/hexdump.nim
Normal file
@ -0,0 +1,92 @@
|
||||
#
|
||||
# Copyright (c) 2016 Eugene Kabanov <ka@hardcore.kiev.ua>
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
# of this software and associated documentation files (the "Software"), to deal
|
||||
# in the Software without restriction, including without limitation the rights
|
||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
# copies of the Software, and to permit persons to whom the Software is
|
||||
# furnished to do so, subject to the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be included in all
|
||||
# copies or substantial portions of the Software.
|
||||
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
# SOFTWARE.
|
||||
#
|
||||
|
||||
from strutils import toHex, repeat
|
||||
|
||||
proc dumpHex*(pbytes: pointer, nbytes: int, items = 1, ascii = true): string =
|
||||
## Return hexadecimal memory dump representation pointed by ``p``.
|
||||
## ``nbytes`` - number of bytes to show
|
||||
## ``items`` - number of bytes in group (supported ``items`` count is
|
||||
## 1, 2, 4, 8)
|
||||
## ``ascii`` - if ``true`` show ASCII representation of memory dump.
|
||||
result = ""
|
||||
let hexSize = items * 2
|
||||
var i = 0
|
||||
var slider = pbytes
|
||||
var asciiText = ""
|
||||
while i < nbytes:
|
||||
if i %% 16 == 0:
|
||||
result = result & toHex(cast[BiggestInt](slider),
|
||||
sizeof(BiggestInt) * 2) & ": "
|
||||
var k = 0
|
||||
while k < items:
|
||||
var ch = cast[ptr char](cast[uint](slider) + k.uint)[]
|
||||
if ord(ch) > 31 and ord(ch) < 127: asciiText &= ch else: asciiText &= "."
|
||||
inc(k)
|
||||
case items:
|
||||
of 1:
|
||||
result = result & toHex(cast[BiggestInt](cast[ptr uint8](slider)[]),
|
||||
hexSize)
|
||||
of 2:
|
||||
result = result & toHex(cast[BiggestInt](cast[ptr uint16](slider)[]),
|
||||
hexSize)
|
||||
of 4:
|
||||
result = result & toHex(cast[BiggestInt](cast[ptr uint32](slider)[]),
|
||||
hexSize)
|
||||
of 8:
|
||||
result = result & toHex(cast[BiggestInt](cast[ptr uint64](slider)[]),
|
||||
hexSize)
|
||||
else:
|
||||
raise newException(ValueError, "Wrong items size!")
|
||||
result = result & " "
|
||||
slider = cast[pointer](cast[uint](slider) + items.uint)
|
||||
i = i + items
|
||||
if i %% 16 == 0:
|
||||
result = result & " " & asciiText
|
||||
asciiText.setLen(0)
|
||||
result = result & "\n"
|
||||
|
||||
if i %% 16 != 0:
|
||||
var spacesCount = ((16 - (i %% 16)) div items) * (hexSize + 1) + 1
|
||||
result = result & repeat(' ', spacesCount)
|
||||
result = result & asciiText
|
||||
result = result & "\n"
|
||||
|
||||
proc dumpHex*[T](v: openarray[T], items: int = 0, ascii = true): string =
|
||||
## Return hexadecimal memory dump representation of openarray[T] ``v``.
|
||||
## ``items`` - number of bytes in group (supported ``items`` count is
|
||||
## 0, 1, 2, 4, 8). If ``items`` is ``0`` group size will depend on
|
||||
## ``sizeof(T)``.
|
||||
## ``ascii`` - if ``true`` show ASCII representation of memory dump.
|
||||
var i = 0
|
||||
if items == 0:
|
||||
when sizeof(T) == 2:
|
||||
i = 2
|
||||
elif sizeof(T) == 4:
|
||||
i = 4
|
||||
elif sizeof(T) == 8:
|
||||
i = 8
|
||||
else:
|
||||
i = 1
|
||||
else:
|
||||
i = items
|
||||
result = dumpHex(unsafeAddr v[0], sizeof(T) * len(v), i, ascii)
|
||||
1
tests/config.nims
Normal file
1
tests/config.nims
Normal file
@ -0,0 +1 @@
|
||||
switch("path", "$projectDir/..")
|
||||
420
tests/testauth.nim
Normal file
420
tests/testauth.nim
Normal file
@ -0,0 +1,420 @@
|
||||
#
|
||||
# Ethereum P2P
|
||||
# (c) Copyright 2018
|
||||
# Status Research & Development GmbH
|
||||
#
|
||||
# See the file "LICENSE", included in this
|
||||
# distribution, for details about the copyright.
|
||||
#
|
||||
|
||||
import unittest
|
||||
import ethp2p/ecc, ethp2p/auth, nimcrypto/utils
|
||||
|
||||
# This was generated by `print` actual auth message generated by
|
||||
# https://github.com/ethereum/py-evm/blob/master/tests/p2p/test_auth.py
|
||||
const pyevmAuth = """
|
||||
22034ad2e7545e2b0bf02ecb1e40db478dfbbf7aeecc834aec2523eb2b7e74ee
|
||||
77ba40c70a83bfe9f2ab91f0131546dcf92c3ee8282d9907fee093017fd0302d
|
||||
0034fdb5419558137e0d44cd13d319afe5629eeccb47fd9dfe55cc6089426e46
|
||||
cc762dd8a0636e07a54b31169eba0c7a20a1ac1ef68596f1f283b5c676bae406
|
||||
4abfcce24799d09f67e392632d3ffdc12e3d6430dcb0ea19c318343ffa7aae74
|
||||
d4cd26fecb93657d1cd9e9eaf4f8be720b56dd1d39f190c4e1c6b7ec66f077bb
|
||||
1100"""
|
||||
|
||||
# This data comes from https://gist.github.com/fjl/3a78780d17c755d22df2
|
||||
const data = [
|
||||
("initiator_private_key",
|
||||
"5e173f6ac3c669587538e7727cf19b782a4f2fda07c1eaa662c593e5e85e3051"),
|
||||
("receiver_private_key",
|
||||
"c45f950382d542169ea207959ee0220ec1491755abe405cd7498d6b16adb6df8"),
|
||||
("initiator_ephemeral_private_key",
|
||||
"19c2185f4f40634926ebed3af09070ca9e029f2edd5fae6253074896205f5f6c"),
|
||||
("receiver_ephemeral_private_key",
|
||||
"d25688cf0ab10afa1a0e2dba7853ed5f1e5bf1c631757ed4e103b593ff3f5620"),
|
||||
("auth_plaintext",
|
||||
"""884c36f7ae6b406637c1f61b2f57e1d2cab813d24c6559aaf843c3f48962f32f
|
||||
46662c066d39669b7b2e3ba14781477417600e7728399278b1b5d801a519aa57
|
||||
0034fdb5419558137e0d44cd13d319afe5629eeccb47fd9dfe55cc6089426e46
|
||||
cc762dd8a0636e07a54b31169eba0c7a20a1ac1ef68596f1f283b5c676bae406
|
||||
4abfcce24799d09f67e392632d3ffdc12e3d6430dcb0ea19c318343ffa7aae74
|
||||
d4cd26fecb93657d1cd9e9eaf4f8be720b56dd1d39f190c4e1c6b7ec66f077bb
|
||||
1100"""),
|
||||
("authresp_plaintext",
|
||||
"""802b052f8b066640bba94a4fc39d63815c377fced6fcb84d27f791c9921ddf3e
|
||||
9bf0108e298f490812847109cbd778fae393e80323fd643209841a3b7f110397
|
||||
f37ec61d84cea03dcc5e8385db93248584e8af4b4d1c832d8c7453c0089687a7
|
||||
00"""),
|
||||
("auth_ciphertext",
|
||||
"""04a0274c5951e32132e7f088c9bdfdc76c9d91f0dc6078e848f8e3361193dbdc
|
||||
43b94351ea3d89e4ff33ddcefbc80070498824857f499656c4f79bbd97b6c51a
|
||||
514251d69fd1785ef8764bd1d262a883f780964cce6a14ff206daf1206aa073a
|
||||
2d35ce2697ebf3514225bef186631b2fd2316a4b7bcdefec8d75a1025ba2c540
|
||||
4a34e7795e1dd4bc01c6113ece07b0df13b69d3ba654a36e35e69ff9d482d88d
|
||||
2f0228e7d96fe11dccbb465a1831c7d4ad3a026924b182fc2bdfe016a6944312
|
||||
021da5cc459713b13b86a686cf34d6fe6615020e4acf26bf0d5b7579ba813e77
|
||||
23eb95b3cef9942f01a58bd61baee7c9bdd438956b426a4ffe238e61746a8c93
|
||||
d5e10680617c82e48d706ac4953f5e1c4c4f7d013c87d34a06626f498f34576d
|
||||
c017fdd3d581e83cfd26cf125b6d2bda1f1d56"""),
|
||||
("authresp_ciphertext",
|
||||
"""049934a7b2d7f9af8fd9db941d9da281ac9381b5740e1f64f7092f3588d4f87f
|
||||
5ce55191a6653e5e80c1c5dd538169aa123e70dc6ffc5af1827e546c0e958e42
|
||||
dad355bcc1fcb9cdf2cf47ff524d2ad98cbf275e661bf4cf00960e74b5956b79
|
||||
9771334f426df007350b46049adb21a6e78ab1408d5e6ccde6fb5e69f0f4c92b
|
||||
b9c725c02f99fa72b9cdc8dd53cff089e0e73317f61cc5abf6152513cb7d833f
|
||||
09d2851603919bf0fbe44d79a09245c6e8338eb502083dc84b846f2fee1cc310
|
||||
d2cc8b1b9334728f97220bb799376233e113"""),
|
||||
("ecdhe_shared_secret",
|
||||
"e3f407f83fc012470c26a93fdff534100f2c6f736439ce0ca90e9914f7d1c381"),
|
||||
("initiator_nonce",
|
||||
"cd26fecb93657d1cd9e9eaf4f8be720b56dd1d39f190c4e1c6b7ec66f077bb11"),
|
||||
("receiver_nonce",
|
||||
"f37ec61d84cea03dcc5e8385db93248584e8af4b4d1c832d8c7453c0089687a7"),
|
||||
("aes_secret",
|
||||
"c0458fa97a5230830e05f4f20b7c755c1d4e54b1ce5cf43260bb191eef4e418d"),
|
||||
("mac_secret",
|
||||
"48c938884d5067a1598272fcddaa4b833cd5e7d92e8228c0ecdfabbe68aef7f1"),
|
||||
("token",
|
||||
"3f9ec2592d1554852b1f54d228f042ed0a9310ea86d038dc2b401ba8cd7fdac4"),
|
||||
("initial_egress_MAC",
|
||||
"09771e93b1a6109e97074cbe2d2b0cf3d3878efafe68f53c41bb60c0ec49097e"),
|
||||
("initial_ingress_MAC",
|
||||
"75823d96e23136c89666ee025fb21a432be906512b3dd4a3049e898adb433847"),
|
||||
("initiator_hello_packet",
|
||||
"""6ef23fcf1cec7312df623f9ae701e63b550cdb8517fefd8dd398fc2acd1d935e
|
||||
6e0434a2b96769078477637347b7b01924fff9ff1c06df2f804df3b0402bbb9f
|
||||
87365b3c6856b45e1e2b6470986813c3816a71bff9d69dd297a5dbd935ab578f
|
||||
6e5d7e93e4506a44f307c332d95e8a4b102585fd8ef9fc9e3e055537a5cec2e9"""),
|
||||
("receiver_hello_packet",
|
||||
"""6ef23fcf1cec7312df623f9ae701e63be36a1cdd1b19179146019984f3625d4a
|
||||
6e0434a2b96769050577657247b7b02bc6c314470eca7e3ef650b98c83e9d7dd
|
||||
4830b3f718ff562349aead2530a8d28a8484604f92e5fced2c6183f304344ab0
|
||||
e7c301a0c05559f4c25db65e36820b4b909a226171a60ac6cb7beea09376d6d8""")
|
||||
]
|
||||
|
||||
# Thies test vectors was copied from EIP8 specfication
|
||||
# https://github.com/ethereum/EIPs/blob/master/EIPS/eip-8.md
|
||||
const eip8data = [
|
||||
("initiator_private_key",
|
||||
"49a7b37aa6f6645917e7b807e9d1c00d4fa71f18343b0d4122a4d2df64dd6fee"),
|
||||
("receiver_private_key",
|
||||
"b71c71a67e1177ad4e901695e1b4b9ee17ae16c6668d313eac2f96dbcda3f291"),
|
||||
("initiator_ephemeral_private_key",
|
||||
"869d6ecf5211f1cc60418a13b9d870b22959d0c16f02bec714c960dd2298a32d"),
|
||||
("receiver_ephemeral_private_key",
|
||||
"e238eb8e04fee6511ab04c6dd3c89ce097b11f25d584863ac2b6d5b35b1847e4"),
|
||||
("initiator_nonce",
|
||||
"7e968bba13b6c50e2c4cd7f241cc0d64d1ac25c7f5952df231ac6a2bda8ee5d6"),
|
||||
("receiver_nonce",
|
||||
"559aead08264d5795d3909718cdd05abd49572e84fe55590eef31a88a08fdffd"),
|
||||
("auth_ciphertext_v4",
|
||||
"""048ca79ad18e4b0659fab4853fe5bc58eb83992980f4c9cc147d2aa31532efd29
|
||||
a3d3dc6a3d89eaf913150cfc777ce0ce4af2758bf4810235f6e6ceccfee1acc6b
|
||||
22c005e9e3a49d6448610a58e98744ba3ac0399e82692d67c1f58849050b3024e
|
||||
21a52c9d3b01d871ff5f210817912773e610443a9ef142e91cdba0bd77b5fdf07
|
||||
69b05671fc35f83d83e4d3b0b000c6b2a1b1bba89e0fc51bf4e460df3105c444f
|
||||
14be226458940d6061c296350937ffd5e3acaceeaaefd3c6f74be8e23e0f45163
|
||||
cc7ebd76220f0128410fd05250273156d548a414444ae2f7dea4dfca2d43c057a
|
||||
db701a715bf59f6fb66b2d1d20f2c703f851cbf5ac47396d9ca65b6260bd141ac
|
||||
4d53e2de585a73d1750780db4c9ee4cd4d225173a4592ee77e2bd94d0be3691f3
|
||||
b406f9bba9b591fc63facc016bfa8"""),
|
||||
("auth_ciphertext_eip8",
|
||||
"""01b304ab7578555167be8154d5cc456f567d5ba302662433674222360f08d5f15
|
||||
34499d3678b513b0fca474f3a514b18e75683032eb63fccb16c156dc6eb2c0b15
|
||||
93f0d84ac74f6e475f1b8d56116b849634a8c458705bf83a626ea0384d4d7341a
|
||||
ae591fae42ce6bd5c850bfe0b999a694a49bbbaf3ef6cda61110601d3b4c02ab6
|
||||
c30437257a6e0117792631a4b47c1d52fc0f8f89caadeb7d02770bf999cc147d2
|
||||
df3b62e1ffb2c9d8c125a3984865356266bca11ce7d3a688663a51d82defaa8aa
|
||||
d69da39ab6d5470e81ec5f2a7a47fb865ff7cca21516f9299a07b1bc63ba56c7a
|
||||
1a892112841ca44b6e0034dee70c9adabc15d76a54f443593fafdc3b27af80597
|
||||
03f88928e199cb122362a4b35f62386da7caad09c001edaeb5f8a06d2b26fb6cb
|
||||
93c52a9fca51853b68193916982358fe1e5369e249875bb8d0d0ec36f917bc5e1
|
||||
eafd5896d46bd61ff23f1a863a8a8dcd54c7b109b771c8e61ec9c8908c733c026
|
||||
3440e2aa067241aaa433f0bb053c7b31a838504b148f570c0ad62837129e54767
|
||||
8c5190341e4f1693956c3bf7678318e2d5b5340c9e488eefea198576344afbdf6
|
||||
6db5f51204a6961a63ce072c8926c"""),
|
||||
("auth_ciphertext_eip8_3f",
|
||||
"""01b8044c6c312173685d1edd268aa95e1d495474c6959bcdd10067ba4c9013df9
|
||||
e40ff45f5bfd6f72471f93a91b493f8e00abc4b80f682973de715d77ba3a005a2
|
||||
42eb859f9a211d93a347fa64b597bf280a6b88e26299cf263b01b8dfdb7122784
|
||||
64fd1c25840b995e84d367d743f66c0e54a586725b7bbf12acca27170ae3283c1
|
||||
073adda4b6d79f27656993aefccf16e0d0409fe07db2dc398a1b7e8ee93bcd181
|
||||
485fd332f381d6a050fba4c7641a5112ac1b0b61168d20f01b479e19adf7fdbfa
|
||||
0905f63352bfc7e23cf3357657455119d879c78d3cf8c8c06375f3f7d4861aa02
|
||||
a122467e069acaf513025ff196641f6d2810ce493f51bee9c966b15c504350535
|
||||
0392b57645385a18c78f14669cc4d960446c17571b7c5d725021babbcd786957f
|
||||
3d17089c084907bda22c2b2675b4378b114c601d858802a55345a15116bc61da4
|
||||
193996187ed70d16730e9ae6b3bb8787ebcaea1871d850997ddc08b4f4ea668fb
|
||||
f37407ac044b55be0908ecb94d4ed172ece66fd31bfdadf2b97a8bc690163ee11
|
||||
f5b575a4b44e36e2bfb2f0fce91676fd64c7773bac6a003f481fddd0bae0a1f31
|
||||
aa27504e2a533af4cef3b623f4791b2cca6d490"""),
|
||||
("authack_ciphertext_v4",
|
||||
"""049f8abcfa9c0dc65b982e98af921bc0ba6e4243169348a236abe9df5f93aa69d
|
||||
99cadddaa387662b0ff2c08e9006d5a11a278b1b3331e5aaabf0a32f01281b6f4
|
||||
ede0e09a2d5f585b26513cb794d9635a57563921c04a9090b4f14ee42be1a5461
|
||||
049af4ea7a7f49bf4c97a352d39c8d02ee4acc416388c1c66cec761d2bc1c72da
|
||||
6ba143477f049c9d2dde846c252c111b904f630ac98e51609b3b1f58168ddca65
|
||||
05b7196532e5f85b259a20c45e1979491683fee108e9660edbf38f3add489ae73
|
||||
e3dda2c71bd1497113d5c755e942d1"""),
|
||||
("authack_ciphertext_eip8",
|
||||
"""01ea0451958701280a56482929d3b0757da8f7fbe5286784beead59d95089c217
|
||||
c9b917788989470b0e330cc6e4fb383c0340ed85fab836ec9fb8a49672712aeab
|
||||
bdfd1e837c1ff4cace34311cd7f4de05d59279e3524ab26ef753a0095637ac88f
|
||||
2b499b9914b5f64e143eae548a1066e14cd2f4bd7f814c4652f11b254f8a2d019
|
||||
1e2f5546fae6055694aed14d906df79ad3b407d94692694e259191cde171ad542
|
||||
fc588fa2b7333313d82a9f887332f1dfc36cea03f831cb9a23fea05b33deb999e
|
||||
85489e645f6aab1872475d488d7bd6c7c120caf28dbfc5d6833888155ed69d34d
|
||||
bdc39c1f299be1057810f34fbe754d021bfca14dc989753d61c413d261934e1a9
|
||||
c67ee060a25eefb54e81a4d14baff922180c395d3f998d70f46f6b58306f96962
|
||||
7ae364497e73fc27f6d17ae45a413d322cb8814276be6ddd13b885b201b943213
|
||||
656cde498fa0e9ddc8e0b8f8a53824fbd82254f3e2c17e8eaea009c38b4aa0a3f
|
||||
306e8797db43c25d68e86f262e564086f59a2fc60511c42abfb3057c247a8a8fe
|
||||
4fb3ccbadde17514b7ac8000cdb6a912778426260c47f38919a91f25f4b5ffb45
|
||||
5d6aaaf150f7e5529c100ce62d6d92826a71778d809bdf60232ae21ce8a437eca
|
||||
8223f45ac37f6487452ce626f549b3b5fdee26afd2072e4bc75833c2464c80524
|
||||
6155289f4"""),
|
||||
("authack_ciphertext_eip8_3f",
|
||||
"""01f004076e58aae772bb101ab1a8e64e01ee96e64857ce82b1113817c6cdd52c0
|
||||
9d26f7b90981cd7ae835aeac72e1573b8a0225dd56d157a010846d888dac7464b
|
||||
af53f2ad4e3d584531fa203658fab03a06c9fd5e35737e417bc28c1cbf5e5dfc6
|
||||
66de7090f69c3b29754725f84f75382891c561040ea1ddc0d8f381ed1b9d0d4ad
|
||||
2a0ec021421d847820d6fa0ba66eaf58175f1b235e851c7e2124069fbc202888d
|
||||
db3ac4d56bcbd1b9b7eab59e78f2e2d400905050f4a92dec1c4bdf797b3fc9b2f
|
||||
8e84a482f3d800386186712dae00d5c386ec9387a5e9c9a1aca5a573ca91082c7
|
||||
d68421f388e79127a5177d4f8590237364fd348c9611fa39f78dcdceee3f390f0
|
||||
7991b7b47e1daa3ebcb6ccc9607811cb17ce51f1c8c2c5098dbdd28fca547b3f5
|
||||
8c01a424ac05f869f49c6a34672ea2cbbc558428aa1fe48bbfd61158b1b735a65
|
||||
d99f21e70dbc020bfdface9f724a0d1fb5895db971cc81aa7608baa0920abb0a5
|
||||
65c9c436e2fd13323428296c86385f2384e408a31e104670df0791d93e743a3a5
|
||||
194ee6b076fb6323ca593011b7348c16cf58f66b9633906ba54a2ee803187344b
|
||||
394f75dd2e663a57b956cb830dd7a908d4f39a2336a61ef9fda549180d4ccde21
|
||||
514d117b6c6fd07a9102b5efe710a32af4eeacae2cb3b1dec035b9593b48b9d3c
|
||||
a4c13d245d5f04169b0b1"""),
|
||||
("auth2ack2_aes_secret",
|
||||
"80e8632c05fed6fc2a13b0f8d31a3cf645366239170ea067065aba8e28bac487"),
|
||||
("auth2ack2_mac_secret",
|
||||
"2ea74ec5dae199227dff1af715362700e989d889d7a493cb0639691efb8e5f98"),
|
||||
("auth2ack2_ingress_message", "foo"),
|
||||
("auth2ack2_ingress_mac",
|
||||
"0c7ec6340062cc46f5e9f1e3cf86f8c8c403c5a0964f5df0ebd34a75ddc86db5")
|
||||
]
|
||||
|
||||
proc testValue(s: string): string =
|
||||
for item in data:
|
||||
if item[0] == s:
|
||||
result = item[1]
|
||||
break
|
||||
|
||||
proc testE8Value(s: string): string =
|
||||
for item in eip8data:
|
||||
if item[0] == s:
|
||||
result = item[1]
|
||||
break
|
||||
|
||||
suite "Ethereum P2P handshake test suite":
|
||||
|
||||
block:
|
||||
var initiator: Handshake
|
||||
var receiver: Handshake
|
||||
var m0, dm0: PlainAuthMessage
|
||||
var em0: AuthMessage
|
||||
|
||||
initiator = newHandshake({Initiator})
|
||||
receiver = newHandshake({Responder})
|
||||
initiator.host.seckey = getPrivateKey(testValue("initiator_private_key"))
|
||||
initiator.host.pubkey = initiator.host.seckey.getPublicKey()
|
||||
var epki = testValue("initiator_ephemeral_private_key")
|
||||
initiator.ephemeral.seckey = getPrivateKey(epki)
|
||||
initiator.ephemeral.pubkey = initiator.ephemeral.seckey.getPublicKey()
|
||||
receiver.host.seckey = getPrivateKey(testValue("receiver_private_key"))
|
||||
receiver.host.pubkey = receiver.host.seckey.getPublicKey()
|
||||
var epkr = testValue("receiver_ephemeral_private_key")
|
||||
receiver.ephemeral.seckey = getPrivateKey(epkr)
|
||||
receiver.ephemeral.pubkey = receiver.ephemeral.seckey.getPublicKey()
|
||||
var n0 = fromHex(stripSpaces(testValue("initiator_nonce")))
|
||||
initiator.initiatorNonce[0..^1] = n0[0..^1]
|
||||
var n1 = fromHex(stripSpaces(testValue("receiver_nonce")))
|
||||
receiver.responderNonce[0..^1] = n1[0..^1]
|
||||
|
||||
test "Create plain auth message":
|
||||
check authMessage(initiator, receiver.host.pubkey,
|
||||
m0) == AuthStatus.Success
|
||||
var m1 = fromHex(stripSpaces(testValue("auth_plaintext")))
|
||||
var m2 = fromHex(stripSpaces(pyevmAuth))
|
||||
check:
|
||||
m0[65..^1] == m1[65..^1]
|
||||
m0[0..^1] == m2[0..^1]
|
||||
|
||||
test "Auth message encrypt/decrypt":
|
||||
# Check that encrypting and decrypting the auth_init gets us the orig msg.
|
||||
check:
|
||||
encryptAuthMessage(m0, em0, receiver.host.pubkey) == AuthStatus.Success
|
||||
decryptAuthMessage(em0, dm0, receiver.host.seckey) == AuthStatus.Success
|
||||
m0[0..^1] == dm0[0..^1]
|
||||
|
||||
test "Auth message decode":
|
||||
# Check that the responder correctly decodes the auth msg.
|
||||
check receiver.decodeAuthMessage(em0) == AuthStatus.Success
|
||||
let remoteEPubkey0 = initiator.ephemeral.pubkey.data
|
||||
let remoteHPubkey0 = initiator.host.pubkey.data
|
||||
check:
|
||||
receiver.initiatorNonce[0..^1] == n0[0..^1]
|
||||
receiver.remoteEPubkey.data[0..^1] == remoteEPubkey0[0..^1]
|
||||
receiver.remoteHPubkey.data[0..^1] == remoteHPubkey0[0..^1]
|
||||
|
||||
var k0: PlainAuthAckMessage
|
||||
var ek0: AuthAckMessage
|
||||
|
||||
test "Auth ACK expectation":
|
||||
# Check that the auth_ack msg generated by the responder is what we
|
||||
# expect.
|
||||
check receiver.authAckMessage(k0) == AuthStatus.Success
|
||||
var ac0 = fromHex(stripSpaces(testValue("authresp_plaintext")))
|
||||
check:
|
||||
k0[0..^1] == ac0[0..^1]
|
||||
receiver.initiatorNonce[0..^1] == n0[0..^1]
|
||||
encryptAuthAckMessage(k0, ek0,
|
||||
receiver.remoteHPubkey) == AuthStatus.Success
|
||||
|
||||
test "Initiator decode Auth ACK message":
|
||||
# Check if initiator correctly decodes the auth ack msg.
|
||||
check initiator.decodeAckMessage(ek0) == AuthStatus.Success
|
||||
let remoteEPubkey1 = receiver.ephemeral.pubkey.data
|
||||
let remoteHPubkey1 = receiver.host.pubkey.data
|
||||
check:
|
||||
initiator.remoteEPubkey.data[0..^1] == remoteEPubkey1[0..^1]
|
||||
initiator.remoteHPubkey.data[0..^1] == remoteHPubkey1[0..^1]
|
||||
initiator.responderNonce[0..^1] == n1[0..^1]
|
||||
|
||||
test "Check derived secrets":
|
||||
# Check that the secrets derived from ephemeral key agreements match
|
||||
# the expected values.
|
||||
var authm = fromHex(stripSpaces(testValue("auth_ciphertext")))
|
||||
var ackm = fromHex(stripSpaces(testValue("authresp_ciphertext")))
|
||||
var taes = fromHex(stripSpaces(testValue("aes_secret")))
|
||||
var tmac = fromHex(stripSpaces(testValue("mac_secret")))
|
||||
var temac = fromHex(stripSpaces(testValue("initial_egress_MAC")))
|
||||
var timac = fromHex(stripSpaces(testValue("initial_ingress_MAC")))
|
||||
|
||||
var csecInitiator: ConnectionSecret
|
||||
var csecResponder: ConnectionSecret
|
||||
|
||||
check:
|
||||
initiator.getSecrets(addr authm[0], len(authm), addr ackm[0],
|
||||
len(ackm), csecInitiator) == AuthStatus.Success
|
||||
receiver.getSecrets(addr authm[0], len(authm), addr ackm[0],
|
||||
len(ackm), csecResponder) == AuthStatus.Success
|
||||
csecInitiator.aesKey == csecResponder.aesKey
|
||||
csecInitiator.macKey == csecResponder.macKey
|
||||
taes[0..^1] == csecInitiator.aesKey[0..^1]
|
||||
tmac[0..^1] == csecInitiator.macKey[0..^1]
|
||||
csecInitiator.egressMac[0..^1] == temac[0..^1]
|
||||
csecInitiator.ingressMac[0..^1] == timac[0..^1]
|
||||
csecResponder.egressMac[0..^1] == timac[0..^1]
|
||||
csecResponder.ingressMac[0..^1] == temac[0..^1]
|
||||
|
||||
block:
|
||||
proc newTestHandshake(flags: set[HandshakeFlag]): Handshake =
|
||||
result = newHandshake(flags)
|
||||
if Initiator in flags:
|
||||
result.host.seckey = getPrivateKey(testE8Value("initiator_private_key"))
|
||||
result.host.pubkey = result.host.seckey.getPublicKey()
|
||||
let esec = testE8Value("initiator_ephemeral_private_key")
|
||||
result.ephemeral.seckey = getPrivateKey(esec)
|
||||
result.ephemeral.pubkey = result.ephemeral.seckey.getPublicKey()
|
||||
let nonce = fromHex(stripSpaces(testE8Value("initiator_nonce")))
|
||||
result.initiatorNonce[0..(KeyLength - 1)] = nonce[0..(KeyLength - 1)]
|
||||
elif Responder in flags:
|
||||
result.host.seckey = getPrivateKey(testE8Value("receiver_private_key"))
|
||||
result.host.pubkey = result.host.seckey.getPublicKey()
|
||||
let esec = testE8Value("receiver_ephemeral_private_key")
|
||||
result.ephemeral.seckey = getPrivateKey(esec)
|
||||
result.ephemeral.pubkey = result.ephemeral.seckey.getPublicKey()
|
||||
let nonce = fromHex(stripSpaces(testE8Value("receiver_nonce")))
|
||||
result.responderNonce[0..(KeyLength - 1)] = nonce[0..(KeyLength - 1)]
|
||||
|
||||
test "AUTH/ACK v4 test vectors": # auth/ack v4
|
||||
var initiator = newTestHandshake({Initiator})
|
||||
var receiver = newTestHandshake({Responder})
|
||||
|
||||
# Check that the responder correctly decodes the auth msg.
|
||||
var m0 = fromHex(stripSpaces(testE8Value("auth_ciphertext_v4")))
|
||||
check:
|
||||
receiver.decodeAuthMessage(m0) == AuthStatus.Success
|
||||
receiver.initiatorNonce[0..^1] == initiator.initiatorNonce[0..^1]
|
||||
let remoteEPubkey0 = initiator.ephemeral.pubkey.data
|
||||
check receiver.remoteEPubkey.data[0..^1] == remoteEPubkey0[0..^1]
|
||||
let remoteHPubkey0 = initiator.host.pubkey.data
|
||||
check receiver.remoteHPubkey.data[0..^1] == remoteHPubkey0[0..^1]
|
||||
|
||||
# Check that the initiator correctly decodes the auth ack msg.
|
||||
var m1 = fromHex(stripSpaces(testE8Value("authack_ciphertext_v4")))
|
||||
check initiator.decodeAckMessage(m1) == AuthStatus.Success
|
||||
|
||||
let remoteEPubkey1 = receiver.ephemeral.pubkey.data
|
||||
check:
|
||||
initiator.remoteEPubkey.data[0..^1] == remoteEPubkey1[0..^1]
|
||||
initiator.responderNonce[0..^1] == receiver.responderNonce[0..^1]
|
||||
|
||||
test "AUTH/ACK EIP-8 test vectors":
|
||||
var initiator = newTestHandshake({Initiator})
|
||||
var receiver = newTestHandshake({Responder})
|
||||
|
||||
# Check that the responder correctly decodes the auth msg.
|
||||
var m0 = fromHex(stripSpaces(testE8Value("auth_ciphertext_eip8")))
|
||||
check:
|
||||
receiver.decodeAuthMessage(m0) == AuthStatus.Success
|
||||
receiver.initiatorNonce[0..^1] == initiator.initiatorNonce[0..^1]
|
||||
let remoteEPubkey0 = initiator.ephemeral.pubkey.data
|
||||
check receiver.remoteEPubkey.data[0..^1] == remoteEPubkey0[0..^1]
|
||||
let remoteHPubkey0 = initiator.host.pubkey.data
|
||||
check receiver.remoteHPubkey.data[0..^1] == remoteHPubkey0[0..^1]
|
||||
|
||||
# Check that the initiator correctly decodes the auth ack msg.
|
||||
var m1 = fromHex(stripSpaces(testE8Value("authack_ciphertext_eip8")))
|
||||
check initiator.decodeAckMessage(m1) == AuthStatus.Success
|
||||
|
||||
let remoteEPubkey1 = receiver.ephemeral.pubkey.data
|
||||
check:
|
||||
initiator.remoteEPubkey.data[0..^1] == remoteEPubkey1[0..^1]
|
||||
initiator.responderNonce[0..^1] == receiver.responderNonce[0..^1]
|
||||
|
||||
# Check that the secrets derived from ephemeral key agreements match
|
||||
# the expected values.
|
||||
var taes = fromHex(stripSpaces(testE8Value("auth2ack2_aes_secret")))
|
||||
var tmac = fromHex(stripSpaces(testE8Value("auth2ack2_mac_secret")))
|
||||
|
||||
var csecInitiator: ConnectionSecret
|
||||
var csecResponder: ConnectionSecret
|
||||
|
||||
check:
|
||||
initiator.getSecrets(addr m0[0], len(m0), addr m1[0],
|
||||
len(m1), csecInitiator) == AuthStatus.Success
|
||||
receiver.getSecrets(addr m0[0], len(m0), addr m1[0],
|
||||
len(m1), csecResponder) == AuthStatus.Success
|
||||
csecInitiator.aesKey == csecResponder.aesKey
|
||||
csecInitiator.macKey == csecResponder.macKey
|
||||
taes[0..^1] == csecInitiator.aesKey[0..^1]
|
||||
tmac[0..^1] == csecInitiator.macKey[0..^1]
|
||||
|
||||
test "AUTH/ACK EIP-8 with additional fields test vectors":
|
||||
var initiator = newTestHandshake({Initiator})
|
||||
var receiver = newTestHandshake({Responder})
|
||||
|
||||
# Check that the responder correctly decodes the auth msg.
|
||||
var m0 = fromHex(stripSpaces(testE8Value("auth_ciphertext_eip8_3f")))
|
||||
check:
|
||||
receiver.decodeAuthMessage(m0) == AuthStatus.Success
|
||||
receiver.initiatorNonce[0..^1] == initiator.initiatorNonce[0..^1]
|
||||
let remoteEPubkey0 = initiator.ephemeral.pubkey.data
|
||||
check receiver.remoteEPubkey.data[0..^1] == remoteEPubkey0[0..^1]
|
||||
let remoteHPubkey0 = initiator.host.pubkey.data
|
||||
check receiver.remoteHPubkey.data[0..^1] == remoteHPubkey0[0..^1]
|
||||
|
||||
# Check that the initiator correctly decodes the auth ack msg.
|
||||
var m1 = fromHex(stripSpaces(testE8Value("authack_ciphertext_eip8_3f")))
|
||||
check initiator.decodeAckMessage(m1) == AuthStatus.Success
|
||||
|
||||
let remoteEPubkey1 = receiver.ephemeral.pubkey.data
|
||||
check:
|
||||
initiator.remoteEPubkey.data[0..^1] == remoteEPubkey1[0..^1]
|
||||
initiator.responderNonce[0..^1] == receiver.responderNonce[0..^1]
|
||||
139
tests/testecc.nim
Normal file
139
tests/testecc.nim
Normal file
@ -0,0 +1,139 @@
|
||||
#
|
||||
# Ethereum P2P
|
||||
# (c) Copyright 2018
|
||||
# Status Research & Development GmbH
|
||||
#
|
||||
# See the file "LICENSE", included in this
|
||||
# distribution, for details about the copyright.
|
||||
#
|
||||
|
||||
import unittest
|
||||
import ethp2p/ecc
|
||||
import nimcrypto/hash, nimcrypto/keccak, nimcrypto/utils
|
||||
|
||||
proc compare(x: openarray[byte], y: openarray[byte]): bool =
|
||||
result = len(x) == len(y)
|
||||
if result:
|
||||
for i in 0..(len(x) - 1):
|
||||
if x[i] != y[i]:
|
||||
result = false
|
||||
break
|
||||
|
||||
suite "ECC/ECDSA/ECDHE tests suite":
|
||||
test "ECDHE/py-evm test_ecies.py#L19":
|
||||
# ECDHE test vectors
|
||||
# Copied from
|
||||
# https://github.com/ethereum/py-evm/blob/master/tests/p2p/test_ecies.py#L19
|
||||
const privateKeys = [
|
||||
"332143e9629eedff7d142d741f896258f5a1bfab54dab2121d3ec5000093d74b",
|
||||
"7ebbc6a8358bc76dd73ebc557056702c8cfc34e5cfcd90eb83af0347575fd2ad"
|
||||
]
|
||||
const publicKeys = [
|
||||
"""f0d2b97981bd0d415a843b5dfe8ab77a30300daab3658c578f2340308a2da1a07
|
||||
f0821367332598b6aa4e180a41e92f4ebbae3518da847f0b1c0bbfe20bcf4e1""",
|
||||
"""83ede0f19c3c98649265956a4193677b14c338a22de2086a08d84e4446fe37e4e
|
||||
233478259ec90dbeef52f4f6c890f8c38660ec7b61b9d439b8a6d1c323dc025"""
|
||||
]
|
||||
const sharedSecrets = [
|
||||
"ee1418607c2fcfb57fda40380e885a707f49000a5dda056d828b7d9bd1f29a08",
|
||||
"167ccc13ac5e8a26b131c3446030c60fbfac6aa8e31149d0869f93626a4cdf62"
|
||||
]
|
||||
var secret: array[KeyLength, byte]
|
||||
for i in 0..1:
|
||||
var s = privateKeys[i].getPrivateKey()
|
||||
var p = publicKeys[i].getPublicKey()
|
||||
let expect = fromHex(stripSpaces(sharedSecrets[i]))
|
||||
check:
|
||||
ecdhAgree(s, p, secret) == Success
|
||||
compare(expect, secret) == true
|
||||
|
||||
test "ECDHE/cpp-ethereum crypto.cpp#L394":
|
||||
# ECDHE test vectors
|
||||
# Copied from https://github.com/ethereum/cpp-ethereum/blob/develop/test/unittests/libdevcrypto/crypto.cpp#L394
|
||||
var expectm = """
|
||||
8ac7e464348b85d9fdfc0a81f2fdc0bbbb8ee5fb3840de6ed60ad9372e718977"""
|
||||
var secret: array[KeyLength, byte]
|
||||
var s = keccak256.digest("ecdhAgree").data
|
||||
var p = s.getPublicKey()
|
||||
let expect = fromHex(stripSpaces(expectm))
|
||||
check:
|
||||
ecdhAgree(s, p, secret) == Success
|
||||
compare(expect, secret) == true
|
||||
|
||||
test "ECDHE/cpp-ethereum rlpx.cpp#L425":
|
||||
# ECDHE test vectors
|
||||
# Copied from https://github.com/ethereum/cpp-ethereum/blob/2409d7ec7d34d5ff5770463b87eb87f758e621fe/test/unittests/libp2p/rlpx.cpp#L425
|
||||
var s0 = """
|
||||
332143e9629eedff7d142d741f896258f5a1bfab54dab2121d3ec5000093d74b"""
|
||||
var p0 = """
|
||||
f0d2b97981bd0d415a843b5dfe8ab77a30300daab3658c578f2340308a2da1a0
|
||||
7f0821367332598b6aa4e180a41e92f4ebbae3518da847f0b1c0bbfe20bcf4e1"""
|
||||
var e0 = """
|
||||
ee1418607c2fcfb57fda40380e885a707f49000a5dda056d828b7d9bd1f29a08"""
|
||||
var secret: array[KeyLength, byte]
|
||||
var s = getPrivateKey(s0)
|
||||
var p = getPublicKey(p0)
|
||||
let expect = fromHex(stripSpaces(e0))
|
||||
check:
|
||||
ecdhAgree(s, p, secret) == Success
|
||||
compare(expect, secret) == true
|
||||
|
||||
test "ECDSA/cpp-ethereum crypto.cpp#L132":
|
||||
# ECDSA test vectors
|
||||
# Copied from https://github.com/ethereum/cpp-ethereum/blob/develop/test/unittests/libdevcrypto/crypto.cpp#L132
|
||||
var signature = """
|
||||
b826808a8c41e00b7c5d71f211f005a84a7b97949d5e765831e1da4e34c9b8295d
|
||||
2a622eee50f25af78241c1cb7cfff11bcf2a13fe65dee1e3b86fd79a4e3ed000"""
|
||||
var pubkey = """
|
||||
e40930c838d6cca526795596e368d16083f0672f4ab61788277abfa23c3740e1cc
|
||||
84453b0b24f49086feba0bd978bb4446bae8dff1e79fcc1e9cf482ec2d07c3"""
|
||||
var check1 = fromHex(stripSpaces(signature))
|
||||
var check2 = fromHex(stripSpaces(pubkey))
|
||||
var sig: Signature
|
||||
var key: PublicKey
|
||||
var s = keccak256.digest("sec").data
|
||||
var m = keccak256.digest("msg").data
|
||||
check signMessage(s, m, sig) == Success
|
||||
var sersig = sig.getRaw().data
|
||||
check recoverSignatureKey(sersig, m, key) == Success
|
||||
var serkey = key.getRaw().data
|
||||
check:
|
||||
compare(sersig, check1) == true
|
||||
compare(serkey, check2) == true
|
||||
|
||||
test "ECDSA/100 signatures":
|
||||
# signature test
|
||||
var rkey: PublicKey
|
||||
var sig: Signature
|
||||
for i in 1..100:
|
||||
var m = newPrivateKey()
|
||||
var s = newPrivateKey()
|
||||
var key = s.getPublicKey()
|
||||
check signMessage(s, m, sig) == Success
|
||||
var sersig = sig.getRaw().data
|
||||
check:
|
||||
recoverSignatureKey(sersig, m, rkey) == Success
|
||||
key == rkey
|
||||
|
||||
test "KEYS/100 create/recovery keys":
|
||||
# key create/recovery test
|
||||
var rkey: PublicKey
|
||||
for i in 1..100:
|
||||
var s = newPrivateKey()
|
||||
var key = s.getPublicKey()
|
||||
check:
|
||||
recoverPublicKey(key.getRaw().data, rkey) == Success
|
||||
key == rkey
|
||||
|
||||
test "ECDHE/100 shared secrets":
|
||||
# ECDHE shared secret test
|
||||
var secret1, secret2: SharedSecret
|
||||
for i in 1..100:
|
||||
var aliceSecret = newPrivateKey()
|
||||
var alicePublic = aliceSecret.getPublicKey()
|
||||
var bobSecret = newPrivateKey()
|
||||
var bobPublic = bobSecret.getPublicKey()
|
||||
check:
|
||||
ecdhAgree(aliceSecret, bobPublic, secret1) == Success
|
||||
ecdhAgree(bobSecret, alicePublic, secret2) == Success
|
||||
secret1 == secret2
|
||||
165
tests/testecies.nim
Normal file
165
tests/testecies.nim
Normal file
@ -0,0 +1,165 @@
|
||||
#
|
||||
# Ethereum P2P
|
||||
# (c) Copyright 2018
|
||||
# Status Research & Development GmbH
|
||||
#
|
||||
# See the file "LICENSE", included in this
|
||||
# distribution, for details about the copyright.
|
||||
#
|
||||
|
||||
import unittest
|
||||
import ethp2p/ecc, ethp2p/ecies
|
||||
import nimcrypto/utils, nimcrypto/sha2, nimcrypto/hmac
|
||||
|
||||
proc compare[A, B](x: openarray[A], y: openarray[B], s: int = 0): bool =
|
||||
result = true
|
||||
assert(s >= 0)
|
||||
var size = if s == 0: min(len(x), len(y)) else: min(s, min(len(x), len(y)))
|
||||
for i in 0..(size - 1):
|
||||
if x[i] != cast[A](y[i]):
|
||||
result = false
|
||||
break
|
||||
|
||||
suite "ECIES test suite":
|
||||
test "KDF test vectors":
|
||||
# KDF test
|
||||
# Copied from https://github.com/ethereum/pydevp2p/blob/develop/devp2p/tests/test_ecies.py#L53
|
||||
let m0 = "961c065873443014e0371f1ed656c586c6730bf927415757f389d92acf8268df"
|
||||
let c0 = "4050c52e6d9c08755e5a818ac66fabe478b825b1836fd5efc4d44e40d04dabcc"
|
||||
var m = fromHex(stripSpaces(m0))
|
||||
var c = fromHex(stripSpaces(c0))
|
||||
var k = kdf(m)
|
||||
check compare(k, c) == true
|
||||
|
||||
test "HMAC-SHA256 test vectors":
|
||||
# HMAC-SHA256 test
|
||||
# https://github.com/ethereum/py-evm/blob/master/tests/p2p/test_ecies.py#L64-L76
|
||||
const keys = [
|
||||
"07a4b6dfa06369a570f2dcba2f11a18f",
|
||||
"af6623e52208c596e17c72cea6f1cb09"
|
||||
]
|
||||
const datas = ["4dcb92ed4fc67fe86832", "3461282bcedace970df2"]
|
||||
const expects = [
|
||||
"c90b62b1a673b47df8e395e671a68bfa68070d6e2ef039598bb829398b89b9a9",
|
||||
"b3ce623bce08d5793677ba9441b22bb34d3e8a7de964206d26589df3e8eb5183"
|
||||
]
|
||||
for i in 0..1:
|
||||
var k = fromHex(stripSpaces(keys[i]))
|
||||
var m = fromHex(stripSpaces(datas[i]))
|
||||
var digest = sha256.hmac(k, m).data
|
||||
var expect = fromHex(stripSpaces(expects[i]))
|
||||
check compare(digest, expect) == true
|
||||
|
||||
test "ECIES \"Hello World!\" encryption/decryption test":
|
||||
# ECIES encryption
|
||||
var m = "Hello World!"
|
||||
var encr = newSeq[byte](eciesEncryptedLength(len(m)))
|
||||
var decr = newSeq[byte](len(m))
|
||||
var shmac = [0x13'u8, 0x13'u8]
|
||||
var outlen = 0
|
||||
var s = newPrivateKey()
|
||||
var p = s.getPublicKey()
|
||||
check:
|
||||
# Without additional mac data
|
||||
eciesEncrypt(m, p, encr, outlen) == EciesStatus.Success
|
||||
eciesDecrypt(encr, s, decr, outlen) == EciesStatus.Success
|
||||
outlen == len(m)
|
||||
equalMem(addr m[0], addr decr[0], outlen) == true
|
||||
# With additional mac data
|
||||
eciesEncrypt(m, p, encr, outlen, shmac) == EciesStatus.Success
|
||||
eciesDecrypt(encr, s, decr, outlen, shmac) == EciesStatus.Success
|
||||
outlen == len(m)
|
||||
equalMem(addr m[0], addr decr[0], outlen) == true
|
||||
|
||||
test "ECIES/py-evm/cpp-ethereum test_ecies.py#L43/rlpx.cpp#L187":
|
||||
# ECIES
|
||||
# https://github.com/ethereum/py-evm/blob/master/tests/p2p/test_ecies.py#L43
|
||||
# https://github.com/ethereum/cpp-ethereum/blob/develop/test/unittests/libp2p/rlpx.cpp#L187
|
||||
const secretKeys = [
|
||||
"c45f950382d542169ea207959ee0220ec1491755abe405cd7498d6b16adb6df8",
|
||||
"5e173f6ac3c669587538e7727cf19b782a4f2fda07c1eaa662c593e5e85e3051"
|
||||
]
|
||||
const cipherText = [
|
||||
"""04a0274c5951e32132e7f088c9bdfdc76c9d91f0dc6078e848f8e3361193dbdc
|
||||
43b94351ea3d89e4ff33ddcefbc80070498824857f499656c4f79bbd97b6c51a
|
||||
514251d69fd1785ef8764bd1d262a883f780964cce6a14ff206daf1206aa073a
|
||||
2d35ce2697ebf3514225bef186631b2fd2316a4b7bcdefec8d75a1025ba2c540
|
||||
4a34e7795e1dd4bc01c6113ece07b0df13b69d3ba654a36e35e69ff9d482d88d
|
||||
2f0228e7d96fe11dccbb465a1831c7d4ad3a026924b182fc2bdfe016a6944312
|
||||
021da5cc459713b13b86a686cf34d6fe6615020e4acf26bf0d5b7579ba813e77
|
||||
23eb95b3cef9942f01a58bd61baee7c9bdd438956b426a4ffe238e61746a8c93
|
||||
d5e10680617c82e48d706ac4953f5e1c4c4f7d013c87d34a06626f498f34576d
|
||||
c017fdd3d581e83cfd26cf125b6d2bda1f1d56""",
|
||||
"""049934a7b2d7f9af8fd9db941d9da281ac9381b5740e1f64f7092f3588d4f87f
|
||||
5ce55191a6653e5e80c1c5dd538169aa123e70dc6ffc5af1827e546c0e958e42
|
||||
dad355bcc1fcb9cdf2cf47ff524d2ad98cbf275e661bf4cf00960e74b5956b79
|
||||
9771334f426df007350b46049adb21a6e78ab1408d5e6ccde6fb5e69f0f4c92b
|
||||
b9c725c02f99fa72b9cdc8dd53cff089e0e73317f61cc5abf6152513cb7d833f
|
||||
09d2851603919bf0fbe44d79a09245c6e8338eb502083dc84b846f2fee1cc310
|
||||
d2cc8b1b9334728f97220bb799376233e113"""
|
||||
]
|
||||
const expectText = [
|
||||
"""884c36f7ae6b406637c1f61b2f57e1d2cab813d24c6559aaf843c3f48962f32f
|
||||
46662c066d39669b7b2e3ba14781477417600e7728399278b1b5d801a519aa57
|
||||
0034fdb5419558137e0d44cd13d319afe5629eeccb47fd9dfe55cc6089426e46
|
||||
cc762dd8a0636e07a54b31169eba0c7a20a1ac1ef68596f1f283b5c676bae406
|
||||
4abfcce24799d09f67e392632d3ffdc12e3d6430dcb0ea19c318343ffa7aae74
|
||||
d4cd26fecb93657d1cd9e9eaf4f8be720b56dd1d39f190c4e1c6b7ec66f077bb
|
||||
1100""",
|
||||
"""802b052f8b066640bba94a4fc39d63815c377fced6fcb84d27f791c9921ddf3e
|
||||
9bf0108e298f490812847109cbd778fae393e80323fd643209841a3b7f110397
|
||||
f37ec61d84cea03dcc5e8385db93248584e8af4b4d1c832d8c7453c0089687a7
|
||||
00"""
|
||||
]
|
||||
var data: array[1024, byte]
|
||||
var outlen = 0
|
||||
for i in 0..1:
|
||||
var s = secretKeys[i].getPrivateKey()
|
||||
var cipher = fromHex(stripSpaces(cipherText[i]))
|
||||
var expect = fromHex(stripSpaces(expectText[i]))
|
||||
check:
|
||||
eciesDecrypt(cipher, s, data, outlen) == EciesStatus.Success
|
||||
outlen == len(expect)
|
||||
compare(data, expect) == true
|
||||
|
||||
test "ECIES/cpp-ethereum rlpx.cpp#L432-L459":
|
||||
# ECIES
|
||||
# https://github.com/ethereum/cpp-ethereum/blob/develop/test/unittests/libp2p/rlpx.cpp#L432-L459
|
||||
const secretKeys = [
|
||||
"57baf2c62005ddec64c357d96183ebc90bf9100583280e848aa31d683cad73cb",
|
||||
"472413e97f1fd58d84e28a559479e6b6902d2e8a0cee672ef38a3a35d263886b",
|
||||
"472413e97f1fd58d84e28a559479e6b6902d2e8a0cee672ef38a3a35d263886b",
|
||||
"472413e97f1fd58d84e28a559479e6b6902d2e8a0cee672ef38a3a35d263886b"
|
||||
]
|
||||
const cipherData = [
|
||||
"""04ff2c874d0a47917c84eea0b2a4141ca95233720b5c70f81a8415bae1dc7b74
|
||||
6b61df7558811c1d6054333907333ef9bb0cc2fbf8b34abb9730d14e0140f455
|
||||
3f4b15d705120af46cf653a1dc5b95b312cf8444714f95a4f7a0425b67fc064d
|
||||
18f4d0a528761565ca02d97faffdac23de10""",
|
||||
"""046f647e1bd8a5cd1446d31513bac233e18bdc28ec0e59d46de453137a725995
|
||||
33f1e97c98154343420d5f16e171e5107999a7c7f1a6e26f57bcb0d2280655d0
|
||||
8fb148d36f1d4b28642d3bb4a136f0e33e3dd2e3cffe4b45a03fb7c5b5ea5e65
|
||||
617250fdc89e1a315563c20504b9d3a72555""",
|
||||
"""0443c24d6ccef3ad095140760bb143078b3880557a06392f17c5e368502d7953
|
||||
2bc18903d59ced4bbe858e870610ab0d5f8b7963dd5c9c4cf81128d10efd7c7a
|
||||
a80091563c273e996578403694673581829e25a865191bdc9954db14285b56eb
|
||||
0043b6288172e0d003c10f42fe413222e273d1d4340c38a2d8344d7aadcbc846
|
||||
ee""",
|
||||
"""04c4e40c86bb5324e017e598c6d48c19362ae527af8ab21b077284a4656c8735
|
||||
e62d73fb3d740acefbec30ca4c024739a1fcdff69ecaf03301eebf156eb5f17c
|
||||
ca6f9d7a7e214a1f3f6e34d1ee0ec00ce0ef7d2b242fbfec0f276e17941f9f1b
|
||||
fbe26de10a15a6fac3cda039904ddd1d7e06e7b96b4878f61860e47f0b84c8ce
|
||||
b64f6a900ff23844f4359ae49b44154980a626d3c73226c19e"""
|
||||
]
|
||||
const expectData = [
|
||||
"a", "a", "aaaaaaaaaaaaaaaa", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
|
||||
]
|
||||
var data: array[1024, byte]
|
||||
var outlen = 0
|
||||
for i in 0..3:
|
||||
var s = secretKeys[i].getPrivateKey()
|
||||
var cipher = fromHex(stripSpaces(cipherData[i]))
|
||||
check:
|
||||
eciesDecrypt(cipher, s, data, outlen) == EciesStatus.Success
|
||||
outlen == len(expectData[i])
|
||||
compare(data, expectData[i]) == true
|
||||
Loading…
x
Reference in New Issue
Block a user