mirror of
https://github.com/status-im/nim-libp2p.git
synced 2025-01-10 13:06:09 +00:00
c02fca25f8
* Start ChaCha20Poly1305 integration (BearSSL) * Add Curve25519 (BearSSL) required operations for noise * Fix curve mulgen iterate/derive * Fix misleading header * Add chachapoly proper test * Curve25519 integration tests (failing, something is wrong) * Add few converters, finish c25519 integration tests * Remove implicit converters * removed internal globals * Start noise implementation * Fix public() using proper bear mulgen * Noise protocol WIP * Noise progress * Add a quick nim version of HKDF * Converted hkdf to iterator, useful for noise * Noise protocol implementation progress * Noise progress * XX handshake almost there * noise progress * Noise, testing handshake with test vectors * Noise handshake progress, still wrong somewhere! * Noise handshake success! * Full verified noise XX handshake completed * Fix and rewrite test to be similar to switch one * Start with connection upgrade * Switch chachapoly to CT implementations * Improve HKDF implementation * Use a type insted of tuple for HandshakeResult * Remove unnecessary Let * More cosmetic fixes * Properly check randomBytes result * Fix chachapoly signature * Noise full circle (altho dispatcher is nil cursed) * Allow nil aads in chachapoly routines * Noise implementation up to running full test * Use bearssl HKDF as well * Directly use bearssl rng for curve25519 keys * Add a (disabled/no CI) noise interop test server * WIP on fixing interop issues * More fixes in noise implementation for interop * bump chronos requirement (nimble) * Add a chachapoly test for very small size payloads * Noise, more tracing * Add 2 properly working noise tests * Fix payload packing, following the spec properly (and not go version but rather rust) * Sanity, replace discard with asyncCheck * Small fixes and optimization * Use stew endian2 rather then system endian module * Update nimble deps (chronos) * Minor cosmetic/code sanity fixes * Noise, handle Nonce max * Noise tests, make sure to close secured conns * More polish, improve code readability too * More polish and testing again which test fails * Further polishing * Restore noise tests * Remove useless Future[void] * Remove useless CipherState initializer * add a proper read wait future in second noise test * Remove noise generic secure implementation for now * Few fixes to run eth2 sim * Add more debug info in noise traces * Merge size + payload write in sendEncryptedMessage * Revert secure interface, add outgoing property directly in newNoise * remove sendEncrypted and receiveEncrypted * Use openarray in chachapoly and curve25519 helpers
113 lines
4.8 KiB
Nim
113 lines
4.8 KiB
Nim
## Nim-Libp2p
|
|
## Copyright (c) 2020 Status Research & Development GmbH
|
|
## Licensed under either of
|
|
## * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
|
|
## * MIT license ([LICENSE-MIT](LICENSE-MIT))
|
|
## at your option.
|
|
## This file may not be copied, modified, or distributed except according to
|
|
## those terms.
|
|
|
|
## This module integrates BearSSL Cyrve25519 mul and mulgen
|
|
##
|
|
## This module uses unmodified parts of code from
|
|
## BearSSL library <https://bearssl.org/>
|
|
## Copyright(C) 2018 Thomas Pornin <pornin@bolet.org>.
|
|
|
|
# RFC @ https://tools.ietf.org/html/rfc7748
|
|
|
|
import bearssl
|
|
import nimcrypto/sysrand
|
|
|
|
const
|
|
Curve25519KeySize* = 32
|
|
|
|
type
|
|
Curve25519* = object
|
|
Curve25519Key* = array[Curve25519KeySize, byte]
|
|
pcuchar = ptr cuchar
|
|
Curver25519RngError* = object of CatchableError
|
|
|
|
proc intoCurve25519Key*(s: openarray[byte]): Curve25519Key =
|
|
assert s.len == Curve25519KeySize
|
|
copyMem(addr result[0], unsafeaddr s[0], Curve25519KeySize)
|
|
|
|
proc getBytes*(key: Curve25519Key): seq[byte] = @key
|
|
|
|
const
|
|
ForbiddenCurveValues: array[12, Curve25519Key] = [
|
|
[0.byte, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
|
|
[1.byte, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
|
|
[224.byte, 235, 122, 124, 59, 65, 184, 174, 22, 86, 227, 250, 241, 159, 196, 106, 218, 9, 141, 235, 156, 50, 177, 253, 134, 98, 5, 22, 95, 73, 184, 0],
|
|
[95.byte, 156, 149, 188, 163, 80, 140, 36, 177, 208, 177, 85, 156, 131, 239, 91, 4, 68, 92, 196, 88, 28, 142, 134, 216, 34, 78, 221, 208, 159, 17, 87],
|
|
[236.byte, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 127],
|
|
[237.byte, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 127],
|
|
[238.byte, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 127],
|
|
[205.byte, 235, 122, 124, 59, 65, 184, 174, 22, 86, 227, 250, 241, 159, 196, 106, 218, 9, 141, 235, 156, 50, 177, 253, 134, 98, 5, 22, 95, 73, 184, 128],
|
|
[76.byte, 156, 149, 188, 163, 80, 140, 36, 177, 208, 177, 85, 156, 131, 239, 91, 4, 68, 92, 196, 88, 28, 142, 134, 216, 34, 78, 221, 208, 159, 17, 215],
|
|
[217.byte, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255],
|
|
[218.byte, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255],
|
|
[219.byte, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 25],
|
|
]
|
|
|
|
proc byteswap(buf: var Curve25519Key) {.inline.} =
|
|
for i in 0..<16:
|
|
let
|
|
x = buf[i]
|
|
buf[i] = buf[31 - i]
|
|
buf[31 - i] = x
|
|
|
|
proc mul*(_: type[Curve25519], dst: var Curve25519Key, scalar: Curve25519Key, point: Curve25519Key) =
|
|
let defaultBrEc = brEcGetDefault()
|
|
|
|
# The source point is provided in array G (of size Glen bytes);
|
|
# the multiplication result is written over it.
|
|
dst = scalar
|
|
|
|
# point needs to be big-endian
|
|
var
|
|
rpoint = point
|
|
rpoint.byteswap()
|
|
let
|
|
res = defaultBrEc.mul(
|
|
cast[pcuchar](addr dst[0]),
|
|
Curve25519KeySize,
|
|
cast[pcuchar](addr rpoint[0]),
|
|
Curve25519KeySize,
|
|
EC_curve25519)
|
|
assert res == 1
|
|
|
|
proc mulgen*(_: type[Curve25519], dst: var Curve25519Key, point: Curve25519Key) =
|
|
let defaultBrEc = brEcGetDefault()
|
|
|
|
var
|
|
rpoint = point
|
|
rpoint.byteswap()
|
|
|
|
block iterate:
|
|
while true:
|
|
block derive:
|
|
let
|
|
size = defaultBrEc.mulgen(
|
|
cast[pcuchar](addr dst[0]),
|
|
cast[pcuchar](addr rpoint[0]),
|
|
Curve25519KeySize,
|
|
EC_curve25519)
|
|
assert size == Curve25519KeySize
|
|
for forbid in ForbiddenCurveValues:
|
|
if dst == forbid:
|
|
break derive
|
|
break iterate
|
|
|
|
proc public*(private: Curve25519Key): Curve25519Key =
|
|
Curve25519.mulgen(result, private)
|
|
|
|
proc random*(_: type[Curve25519Key]): Curve25519Key =
|
|
var rng: BrHmacDrbgContext
|
|
let seeder = brPrngSeederSystem(nil)
|
|
brHmacDrbgInit(addr rng, addr sha256Vtable, nil, 0)
|
|
if seeder(addr rng.vtable) == 0:
|
|
raise newException(ValueError, "Could not seed RNG")
|
|
let defaultBrEc = brEcGetDefault()
|
|
if brEcKeygen(addr rng.vtable, defaultBrEc, nil, addr result[0], EC_curve25519) != Curve25519KeySize:
|
|
raise newException(Curver25519RngError, "Could not generate random data")
|