reuse single RNG instance for all crypto key generation (#249)
* reuse single RNG instance for all crypto key generation * use foolproof rng * initRng -> newRng (because it's ref) * fix test * imports/exports, chat fix * fix rsa * imports and exports * work around threadvar issue * fixup * mac workaround test
This commit is contained in:
parent
b49c619ca8
commit
d522537b19
|
@ -1,7 +1,7 @@
|
|||
when not(compileOption("threads")):
|
||||
{.fatal: "Please, compile this program with the --threads:on option!".}
|
||||
|
||||
import tables, strformat, strutils
|
||||
import tables, strformat, strutils, bearssl
|
||||
import chronos # an efficient library for async
|
||||
import ../libp2p/[switch, # manage transports, a single entry point for dialing and listening
|
||||
multistream, # tag stream with short header to identify it
|
||||
|
@ -149,10 +149,10 @@ proc readInput(wfd: AsyncFD) {.thread.} =
|
|||
let line = stdin.readLine()
|
||||
discard waitFor transp.write(line & "\r\n")
|
||||
|
||||
proc processInput(rfd: AsyncFD) {.async.} =
|
||||
proc processInput(rfd: AsyncFD, rng: ref BrHmacDrbgContext) {.async.} =
|
||||
let transp = fromPipe(rfd)
|
||||
|
||||
let seckey = PrivateKey.random(RSA).get()
|
||||
let seckey = PrivateKey.random(RSA, rng[]).get()
|
||||
let peerInfo = PeerInfo.init(seckey)
|
||||
var localAddress = DefaultAddr
|
||||
while true:
|
||||
|
@ -178,7 +178,7 @@ proc processInput(rfd: AsyncFD) {.async.} =
|
|||
let transports = @[Transport(TcpTransport.init())]
|
||||
let muxers = [(MplexCodec, mplexProvider)].toTable()
|
||||
let identify = newIdentify(peerInfo)
|
||||
let secureManagers = [Secure(newSecio(seckey))]
|
||||
let secureManagers = [Secure(newSecio(rng, seckey))]
|
||||
let switch = newSwitch(peerInfo,
|
||||
transports,
|
||||
identify,
|
||||
|
@ -200,6 +200,7 @@ proc processInput(rfd: AsyncFD) {.async.} =
|
|||
await allFuturesThrowing(libp2pFuts)
|
||||
|
||||
proc main() {.async.} =
|
||||
let rng = newRng() # Singe random number source for the whole application
|
||||
let (rfd, wfd) = createAsyncPipe()
|
||||
if rfd == asyncInvalidPipe or wfd == asyncInvalidPipe:
|
||||
raise newException(ValueError, "Could not initialize pipe!")
|
||||
|
@ -207,7 +208,7 @@ proc main() {.async.} =
|
|||
var thread: Thread[AsyncFD]
|
||||
thread.createThread(readInput, wfd)
|
||||
|
||||
await processInput(rfd)
|
||||
await processInput(rfd, rng)
|
||||
|
||||
when isMainModule: # isMainModule = true when the module is compiled as the main file
|
||||
waitFor(main())
|
||||
|
|
|
@ -11,14 +11,14 @@
|
|||
|
||||
{.push raises: [Defect].}
|
||||
|
||||
import rsa, ecnist, ed25519/ed25519, secp
|
||||
import rsa, ecnist, ed25519/ed25519, secp, bearssl
|
||||
import ../protobuf/minprotobuf, ../vbuffer, ../multihash, ../multicodec
|
||||
import nimcrypto/[rijndael, blowfish, twofish, sha, sha2, hash, hmac, utils]
|
||||
import ../utility
|
||||
import stew/results
|
||||
export results
|
||||
|
||||
# This is workaround for Nim's `import` bug
|
||||
# Export modules of types that are part of public API
|
||||
export rijndael, blowfish, twofish, sha, sha2, hash, hmac, utils
|
||||
|
||||
from strutils import split
|
||||
|
@ -46,26 +46,26 @@ type
|
|||
PublicKey* = object
|
||||
case scheme*: PKScheme
|
||||
of RSA:
|
||||
rsakey*: RsaPublicKey
|
||||
rsakey*: rsa.RsaPublicKey
|
||||
of Ed25519:
|
||||
edkey*: EdPublicKey
|
||||
of Secp256k1:
|
||||
skkey*: SkPublicKey
|
||||
of ECDSA:
|
||||
eckey*: EcPublicKey
|
||||
eckey*: ecnist.EcPublicKey
|
||||
of NoSupport:
|
||||
discard
|
||||
|
||||
PrivateKey* = object
|
||||
case scheme*: PKScheme
|
||||
of RSA:
|
||||
rsakey*: RsaPrivateKey
|
||||
rsakey*: rsa.RsaPrivateKey
|
||||
of Ed25519:
|
||||
edkey*: EdPrivateKey
|
||||
of Secp256k1:
|
||||
skkey*: SkPrivateKey
|
||||
of ECDSA:
|
||||
eckey*: EcPrivateKey
|
||||
eckey*: ecnist.EcPrivateKey
|
||||
of NoSupport:
|
||||
discard
|
||||
|
||||
|
@ -98,52 +98,68 @@ const
|
|||
template orError*(exp: untyped, err: untyped): untyped =
|
||||
(exp.mapErr do (_: auto) -> auto: err)
|
||||
|
||||
proc random*(t: typedesc[PrivateKey], scheme: PKScheme,
|
||||
bits = DefaultKeySize): CryptoResult[PrivateKey] =
|
||||
proc newRng*(): ref BrHmacDrbgContext =
|
||||
# You should only create one instance of the RNG per application / library
|
||||
# Ref is used so that it can be shared between components
|
||||
# TODO consider moving to bearssl
|
||||
var seeder = brPrngSeederSystem(nil)
|
||||
if seeder == nil:
|
||||
return nil
|
||||
|
||||
var rng = (ref BrHmacDrbgContext)()
|
||||
brHmacDrbgInit(addr rng[], addr sha256Vtable, nil, 0)
|
||||
if seeder(addr rng.vtable) == 0:
|
||||
return nil
|
||||
rng
|
||||
|
||||
proc random*(
|
||||
T: typedesc[PrivateKey], scheme: PKScheme,
|
||||
rng: var BrHmacDrbgContext, bits = DefaultKeySize): CryptoResult[PrivateKey] =
|
||||
## Generate random private key for scheme ``scheme``.
|
||||
##
|
||||
## ``bits`` is number of bits for RSA key, ``bits`` value must be in
|
||||
## [512, 4096], default value is 2048 bits.
|
||||
case scheme
|
||||
of RSA:
|
||||
let rsakey = ? RsaPrivateKey.random(bits).orError(KeyError)
|
||||
let rsakey = ? RsaPrivateKey.random(rng, bits).orError(KeyError)
|
||||
ok(PrivateKey(scheme: scheme, rsakey: rsakey))
|
||||
of Ed25519:
|
||||
let edkey = ? EdPrivateKey.random().orError(KeyError)
|
||||
let edkey = EdPrivateKey.random(rng)
|
||||
ok(PrivateKey(scheme: scheme, edkey: edkey))
|
||||
of ECDSA:
|
||||
let eckey = ? EcPrivateKey.random(Secp256r1).orError(KeyError)
|
||||
let eckey = ? ecnist.EcPrivateKey.random(Secp256r1, rng).orError(KeyError)
|
||||
ok(PrivateKey(scheme: scheme, eckey: eckey))
|
||||
of Secp256k1:
|
||||
let skkey = ? SkPrivateKey.random().orError(KeyError)
|
||||
let skkey = SkPrivateKey.random(rng)
|
||||
ok(PrivateKey(scheme: scheme, skkey: skkey))
|
||||
else:
|
||||
err(SchemeError)
|
||||
|
||||
proc random*(t: typedesc[KeyPair], scheme: PKScheme,
|
||||
bits = DefaultKeySize): CryptoResult[KeyPair] =
|
||||
proc random*(
|
||||
T: typedesc[KeyPair], scheme: PKScheme,
|
||||
rng: var BrHmacDrbgContext, bits = DefaultKeySize): CryptoResult[KeyPair] =
|
||||
## Generate random key pair for scheme ``scheme``.
|
||||
##
|
||||
## ``bits`` is number of bits for RSA key, ``bits`` value must be in
|
||||
## [512, 4096], default value is 2048 bits.
|
||||
case scheme
|
||||
of RSA:
|
||||
let pair = ? RsaKeyPair.random(bits).orError(KeyError)
|
||||
let pair = ? RsaKeyPair.random(rng, bits).orError(KeyError)
|
||||
ok(KeyPair(
|
||||
seckey: PrivateKey(scheme: scheme, rsakey: pair.seckey),
|
||||
pubkey: PublicKey(scheme: scheme, rsakey: pair.pubkey)))
|
||||
of Ed25519:
|
||||
let pair = ? EdKeyPair.random().orError(KeyError)
|
||||
let pair = EdKeyPair.random(rng)
|
||||
ok(KeyPair(
|
||||
seckey: PrivateKey(scheme: scheme, edkey: pair.seckey),
|
||||
pubkey: PublicKey(scheme: scheme, edkey: pair.pubkey)))
|
||||
of ECDSA:
|
||||
let pair = ? EcKeyPair.random(Secp256r1).orError(KeyError)
|
||||
let pair = ? EcKeyPair.random(Secp256r1, rng).orError(KeyError)
|
||||
ok(KeyPair(
|
||||
seckey: PrivateKey(scheme: scheme, eckey: pair.seckey),
|
||||
pubkey: PublicKey(scheme: scheme, eckey: pair.pubkey)))
|
||||
of Secp256k1:
|
||||
let pair = ? SkKeyPair.random().orError(KeyError)
|
||||
let pair = SkKeyPair.random(rng)
|
||||
ok(KeyPair(
|
||||
seckey: PrivateKey(scheme: scheme, skkey: pair.seckey),
|
||||
pubkey: PublicKey(scheme: scheme, skkey: pair.pubkey)))
|
||||
|
@ -629,32 +645,35 @@ proc mac*(secret: Secret, id: int): seq[byte] {.inline.} =
|
|||
offset += secret.ivsize + secret.keysize
|
||||
copyMem(addr result[0], unsafeAddr secret.data[offset], secret.macsize)
|
||||
|
||||
proc ephemeral*(scheme: ECDHEScheme): CryptoResult[KeyPair] =
|
||||
proc ephemeral*(
|
||||
scheme: ECDHEScheme,
|
||||
rng: var BrHmacDrbgContext): CryptoResult[KeyPair] =
|
||||
## Generate ephemeral keys used to perform ECDHE.
|
||||
var keypair: EcKeyPair
|
||||
if scheme == Secp256r1:
|
||||
keypair = ? EcKeyPair.random(Secp256r1).orError(KeyError)
|
||||
keypair = ? EcKeyPair.random(Secp256r1, rng).orError(KeyError)
|
||||
elif scheme == Secp384r1:
|
||||
keypair = ? EcKeyPair.random(Secp384r1).orError(KeyError)
|
||||
keypair = ? EcKeyPair.random(Secp384r1, rng).orError(KeyError)
|
||||
elif scheme == Secp521r1:
|
||||
keypair = ? EcKeyPair.random(Secp521r1).orError(KeyError)
|
||||
keypair = ? EcKeyPair.random(Secp521r1, rng).orError(KeyError)
|
||||
ok(KeyPair(
|
||||
seckey: PrivateKey(scheme: ECDSA, eckey: keypair.seckey),
|
||||
pubkey: PublicKey(scheme: ECDSA, eckey: keypair.pubkey)))
|
||||
|
||||
proc ephemeral*(scheme: string): CryptoResult[KeyPair] {.inline.} =
|
||||
proc ephemeral*(
|
||||
scheme: string, rng: var BrHmacDrbgContext): CryptoResult[KeyPair] =
|
||||
## Generate ephemeral keys used to perform ECDHE using string encoding.
|
||||
##
|
||||
## Currently supported encoding strings are P-256, P-384, P-521, if encoding
|
||||
## string is not supported P-521 key will be generated.
|
||||
if scheme == "P-256":
|
||||
ephemeral(Secp256r1)
|
||||
ephemeral(Secp256r1, rng)
|
||||
elif scheme == "P-384":
|
||||
ephemeral(Secp384r1)
|
||||
ephemeral(Secp384r1, rng)
|
||||
elif scheme == "P-521":
|
||||
ephemeral(Secp521r1)
|
||||
ephemeral(Secp521r1, rng)
|
||||
else:
|
||||
ephemeral(Secp521r1)
|
||||
ephemeral(Secp521r1, rng)
|
||||
|
||||
proc makeSecret*(remoteEPublic: PublicKey, localEPrivate: PrivateKey,
|
||||
data: var openarray[byte]): int =
|
||||
|
|
|
@ -28,8 +28,8 @@ type
|
|||
Curve25519* = object
|
||||
Curve25519Key* = array[Curve25519KeySize, byte]
|
||||
pcuchar = ptr cuchar
|
||||
Curve25519Error* = enum
|
||||
Curver25519RngError
|
||||
Curve25519Error* = enum
|
||||
Curver25519GenError
|
||||
|
||||
proc intoCurve25519Key*(s: openarray[byte]): Curve25519Key =
|
||||
assert s.len == Curve25519KeySize
|
||||
|
@ -105,16 +105,10 @@ proc mulgen*(_: type[Curve25519], dst: var Curve25519Key, point: Curve25519Key)
|
|||
proc public*(private: Curve25519Key): Curve25519Key =
|
||||
Curve25519.mulgen(result, private)
|
||||
|
||||
proc random*(_: type[Curve25519Key]): Result[Curve25519Key, Curve25519Error] =
|
||||
var rng: BrHmacDrbgContext
|
||||
proc random*(_: type[Curve25519Key], rng: var BrHmacDrbgContext): Result[Curve25519Key, Curve25519Error] =
|
||||
var res: Curve25519Key
|
||||
let seeder = brPrngSeederSystem(nil)
|
||||
brHmacDrbgInit(addr rng, addr sha256Vtable, nil, 0)
|
||||
if seeder(addr rng.vtable) == 0:
|
||||
err(Curver25519RngError)
|
||||
let defaultBrEc = brEcGetDefault()
|
||||
if brEcKeygen(addr rng.vtable, defaultBrEc, nil, addr res[0], EC_curve25519) != Curve25519KeySize:
|
||||
err(Curver25519GenError)
|
||||
else:
|
||||
let defaultBrEc = brEcGetDefault()
|
||||
if brEcKeygen(addr rng.vtable, defaultBrEc, nil, addr res[0], EC_curve25519) != Curve25519KeySize:
|
||||
err(Curver25519RngError)
|
||||
else:
|
||||
ok(res)
|
||||
ok(res)
|
||||
|
|
|
@ -227,17 +227,14 @@ proc clear*[T: EcPKI|EcKeyPair](pki: var T) =
|
|||
pki.pubkey.key.qlen = 0
|
||||
pki.pubkey.key.curve = 0
|
||||
|
||||
proc random*(t: typedesc[EcPrivateKey], kind: EcCurveKind): EcResult[EcPrivateKey] =
|
||||
proc random*(
|
||||
T: typedesc[EcPrivateKey], kind: EcCurveKind,
|
||||
rng: var BrHmacDrbgContext): EcResult[EcPrivateKey] =
|
||||
## Generate new random EC private key using BearSSL's HMAC-SHA256-DRBG
|
||||
## algorithm.
|
||||
##
|
||||
## ``kind`` elliptic curve kind of your choice (secp256r1, secp384r1 or
|
||||
## secp521r1).
|
||||
var rng: BrHmacDrbgContext
|
||||
var seeder = brPrngSeederSystem(nil)
|
||||
brHmacDrbgInit(addr rng, addr sha256Vtable, nil, 0)
|
||||
if seeder(addr rng.vtable) == 0:
|
||||
return err(EcRngError)
|
||||
var ecimp = brEcGetDefault()
|
||||
var res = new EcPrivateKey
|
||||
res.buffer = newSeq[byte](BR_EC_KBUF_PRIV_MAX_SIZE)
|
||||
|
@ -266,14 +263,16 @@ proc getKey*(seckey: EcPrivateKey): EcResult[EcPublicKey] =
|
|||
else:
|
||||
err(EcKeyIncorrectError)
|
||||
|
||||
proc random*(t: typedesc[EcKeyPair], kind: EcCurveKind): EcResult[EcKeyPair] =
|
||||
proc random*(
|
||||
T: typedesc[EcKeyPair], kind: EcCurveKind,
|
||||
rng: var BrHmacDrbgContext): EcResult[T] =
|
||||
## Generate new random EC private and public keypair using BearSSL's
|
||||
## HMAC-SHA256-DRBG algorithm.
|
||||
##
|
||||
## ``kind`` elliptic curve kind of your choice (secp256r1, secp384r1 or
|
||||
## secp521r1).
|
||||
let
|
||||
seckey = ? EcPrivateKey.random(kind)
|
||||
seckey = ? EcPrivateKey.random(kind, rng)
|
||||
pubkey = ? seckey.getKey()
|
||||
key = EcKeyPair(seckey: seckey, pubkey: pubkey)
|
||||
ok(key)
|
||||
|
|
|
@ -13,8 +13,8 @@
|
|||
|
||||
{.push raises: Defect.}
|
||||
|
||||
import constants
|
||||
import nimcrypto/[hash, sha2, sysrand, utils]
|
||||
import constants, bearssl
|
||||
import nimcrypto/[hash, sha2, utils]
|
||||
import stew/results
|
||||
export results
|
||||
|
||||
|
@ -44,7 +44,6 @@ type
|
|||
pubkey*: EdPublicKey
|
||||
|
||||
EdError* = enum
|
||||
EdRngError,
|
||||
EdIncorrectError
|
||||
|
||||
proc `-`(x: uint32): uint32 {.inline.} =
|
||||
|
@ -1643,41 +1642,43 @@ proc checkScalar*(scalar: openarray[byte]): uint32 =
|
|||
c = -1
|
||||
result = NEQ(z, 0'u32) and LT0(c)
|
||||
|
||||
proc random*(t: typedesc[EdPrivateKey]): Result[EdPrivateKey, EdError] =
|
||||
## Generate new random ED25519 private key using OS specific CSPRNG.
|
||||
proc random*(t: typedesc[EdPrivateKey], rng: var BrHmacDrbgContext): EdPrivateKey =
|
||||
## Generate new random ED25519 private key using the given random number generator
|
||||
var
|
||||
point: GeP3
|
||||
pk: array[EdPublicKeySize, byte]
|
||||
res: EdPrivateKey
|
||||
if randomBytes(res.data.toOpenArray(0, 31)) != 32:
|
||||
err(EdRngError)
|
||||
else:
|
||||
var hh = sha512.digest(res.data.toOpenArray(0, 31))
|
||||
hh.data[0] = hh.data[0] and 0xF8'u8
|
||||
hh.data[31] = hh.data[31] and 0x3F'u8
|
||||
hh.data[31] = hh.data[31] or 0x40'u8
|
||||
geScalarMultBase(point, hh.data)
|
||||
geP3ToBytes(pk, point)
|
||||
copyMem(addr res.data[32], addr pk[0], 32)
|
||||
ok(res)
|
||||
|
||||
proc random*(t: typedesc[EdKeyPair]): Result[EdKeyPair, EdError] =
|
||||
brHmacDrbgGenerate(addr rng, addr res.data[0], 32)
|
||||
|
||||
var hh = sha512.digest(res.data.toOpenArray(0, 31))
|
||||
hh.data[0] = hh.data[0] and 0xF8'u8
|
||||
hh.data[31] = hh.data[31] and 0x3F'u8
|
||||
hh.data[31] = hh.data[31] or 0x40'u8
|
||||
geScalarMultBase(point, hh.data)
|
||||
geP3ToBytes(pk, point)
|
||||
res.data[32..63] = pk
|
||||
|
||||
res
|
||||
|
||||
proc random*(t: typedesc[EdKeyPair], rng: var BrHmacDrbgContext): EdKeyPair =
|
||||
## Generate new random ED25519 private and public keypair using OS specific
|
||||
## CSPRNG.
|
||||
var
|
||||
point: GeP3
|
||||
res: EdKeyPair
|
||||
if randomBytes(res.seckey.data.toOpenArray(0, 31)) != 32:
|
||||
err(EdRngError)
|
||||
else:
|
||||
var hh = sha512.digest(res.seckey.data.toOpenArray(0, 31))
|
||||
hh.data[0] = hh.data[0] and 0xF8'u8
|
||||
hh.data[31] = hh.data[31] and 0x3F'u8
|
||||
hh.data[31] = hh.data[31] or 0x40'u8
|
||||
geScalarMultBase(point, hh.data)
|
||||
geP3ToBytes(res.pubkey.data, point)
|
||||
copyMem(addr res.seckey.data[32], addr res.pubkey.data[0], 32)
|
||||
ok(res)
|
||||
|
||||
brHmacDrbgGenerate(addr rng, addr res.seckey.data[0], 32)
|
||||
|
||||
var hh = sha512.digest(res.seckey.data.toOpenArray(0, 31))
|
||||
hh.data[0] = hh.data[0] and 0xF8'u8
|
||||
hh.data[31] = hh.data[31] and 0x3F'u8
|
||||
hh.data[31] = hh.data[31] or 0x40'u8
|
||||
geScalarMultBase(point, hh.data)
|
||||
geP3ToBytes(res.pubkey.data, point)
|
||||
res.seckey.data[32..63] = res.pubkey.data
|
||||
|
||||
res
|
||||
|
||||
proc getKey*(key: EdPrivateKey): EdPublicKey =
|
||||
## Calculate and return ED25519 public key from private key ``key``.
|
||||
|
|
|
@ -17,8 +17,6 @@ import nimcrypto/utils
|
|||
|
||||
type
|
||||
Asn1Error* {.pure.} = enum
|
||||
None,
|
||||
Error,
|
||||
Overflow,
|
||||
Incomplete,
|
||||
Indefinite,
|
||||
|
|
|
@ -76,7 +76,6 @@ type
|
|||
RsaKP* = RsaPrivateKey | RsaKeyPair
|
||||
|
||||
RsaError* = enum
|
||||
RsaRngError,
|
||||
RsaGenError,
|
||||
RsaKeyIncorrectError,
|
||||
RsaSignatureError
|
||||
|
@ -112,7 +111,8 @@ template trimZeroes(b: seq[byte], pt, ptlen: untyped) =
|
|||
pt = cast[ptr cuchar](cast[uint](pt) + 1)
|
||||
ptlen -= 1
|
||||
|
||||
proc random*[T: RsaKP](t: typedesc[T], bits = DefaultKeySize,
|
||||
proc random*[T: RsaKP](t: typedesc[T], rng: var BrHmacDrbgContext,
|
||||
bits = DefaultKeySize,
|
||||
pubexp = DefaultPublicExponent): RsaResult[T] =
|
||||
## Generate new random RSA private key using BearSSL's HMAC-SHA256-DRBG
|
||||
## algorithm.
|
||||
|
@ -121,38 +121,26 @@ proc random*[T: RsaKP](t: typedesc[T], bits = DefaultKeySize,
|
|||
## range [512, 4096] (default = 2048).
|
||||
##
|
||||
## ``pubexp`` is RSA public exponent, which must be prime (default = 3).
|
||||
var rng: BrHmacDrbgContext
|
||||
var keygen: BrRsaKeygen
|
||||
var seeder = brPrngSeederSystem(nil)
|
||||
brHmacDrbgInit(addr rng, addr sha256Vtable, nil, 0)
|
||||
if seeder(addr rng.vtable) == 0:
|
||||
return err(RsaRngError)
|
||||
|
||||
keygen = brRsaKeygenGetDefault()
|
||||
|
||||
let length = brRsaPrivateKeyBufferSize(bits) +
|
||||
brRsaPublicKeyBufferSize(bits) +
|
||||
((bits + 7) shr 3)
|
||||
let sko = 0
|
||||
let pko = brRsaPrivateKeyBufferSize(bits)
|
||||
let eko = pko + brRsaPublicKeyBufferSize(bits)
|
||||
|
||||
var res: T
|
||||
|
||||
when T is RsaKeyPair:
|
||||
res = new T
|
||||
else:
|
||||
res = new RsaPrivateKey
|
||||
let
|
||||
sko = 0
|
||||
pko = brRsaPrivateKeyBufferSize(bits)
|
||||
eko = pko + brRsaPublicKeyBufferSize(bits)
|
||||
length = eko + ((bits + 7) shr 3)
|
||||
|
||||
let res = new T
|
||||
res.buffer = newSeq[byte](length)
|
||||
|
||||
var keygen = brRsaKeygenGetDefault()
|
||||
|
||||
if keygen(addr rng.vtable,
|
||||
addr res.seck, addr res.buffer[sko],
|
||||
addr res.pubk, addr res.buffer[pko],
|
||||
cuint(bits), pubexp) == 0:
|
||||
return err(RsaGenError)
|
||||
|
||||
let compute = brRsaComputePrivexpGetDefault()
|
||||
let computed = compute(addr res.buffer[eko], addr res.seck, pubexp)
|
||||
let
|
||||
compute = brRsaComputePrivexpGetDefault()
|
||||
computed = compute(addr res.buffer[eko], addr res.seck, pubexp)
|
||||
if computed == 0:
|
||||
return err(RsaGenError)
|
||||
|
||||
|
|
|
@ -9,10 +9,12 @@
|
|||
|
||||
{.push raises: [Defect].}
|
||||
|
||||
import secp256k1, stew/byteutils, nimcrypto/hash, nimcrypto/sha2
|
||||
export sha2
|
||||
import stew/results
|
||||
export results
|
||||
import
|
||||
secp256k1, bearssl,
|
||||
stew/[byteutils, results],
|
||||
nimcrypto/[hash, sha2]
|
||||
|
||||
export sha2, results
|
||||
|
||||
const
|
||||
SkRawPrivateKeySize* = 256 div 8
|
||||
|
@ -32,11 +34,19 @@ type
|
|||
template pubkey*(v: SkKeyPair): SkPublicKey = SkPublicKey(secp256k1.SkKeyPair(v).pubkey)
|
||||
template seckey*(v: SkKeyPair): SkPrivateKey = SkPrivateKey(secp256k1.SkKeyPair(v).seckey)
|
||||
|
||||
proc random*(t: typedesc[SkPrivateKey]): SkResult[SkPrivateKey] =
|
||||
ok(SkPrivateKey(? SkSecretKey.random()))
|
||||
proc random*(t: typedesc[SkPrivateKey], rng: var BrHmacDrbgContext): SkPrivateKey =
|
||||
let rngPtr = unsafeAddr rng # doesn't escape
|
||||
proc callRng(data: var openArray[byte]) =
|
||||
brHmacDrbgGenerate(rngPtr[], data)
|
||||
|
||||
proc random*(t: typedesc[SkKeyPair]): SkResult[SkKeyPair] =
|
||||
ok(SkKeyPair(? secp256k1.SkKeyPair.random()))
|
||||
SkPrivateKey(SkSecretKey.random(callRng))
|
||||
|
||||
proc random*(t: typedesc[SkKeyPair], rng: var BrHmacDrbgContext): SkKeyPair =
|
||||
let rngPtr = unsafeAddr rng # doesn't escape
|
||||
proc callRng(data: var openArray[byte]) =
|
||||
brHmacDrbgGenerate(rngPtr[], data)
|
||||
|
||||
SkKeyPair(secp256k1.SkKeyPair.random(callRng))
|
||||
|
||||
template seckey*(v: SkKeyPair): SkPrivateKey =
|
||||
SkPrivateKey(secp256k1.SkKeyPair(v).seckey)
|
||||
|
@ -90,14 +100,14 @@ proc init*(t: typedesc[SkPrivateKey], data: openarray[byte]): SkResult[SkPrivate
|
|||
## representation ``data``.
|
||||
##
|
||||
## Procedure returns `private key` on success.
|
||||
ok(SkPrivateKey(? SkSecretKey.fromRaw(data)))
|
||||
SkSecretKey.fromRaw(data).mapConvert(SkPrivateKey)
|
||||
|
||||
proc init*(t: typedesc[SkPrivateKey], data: string): SkResult[SkPrivateKey] =
|
||||
## Initialize Secp256k1 `private key` from hexadecimal string
|
||||
## representation ``data``.
|
||||
##
|
||||
## Procedure returns `private key` on success.
|
||||
ok(SkPrivateKey(? SkSecretKey.fromHex(data)))
|
||||
SkSecretKey.fromHex(data).mapConvert(SkPrivateKey)
|
||||
|
||||
proc init*(t: typedesc[SkPublicKey], data: openarray[byte]): SkResult[SkPublicKey] =
|
||||
## Initialize Secp256k1 `public key` from raw binary
|
||||
|
@ -169,11 +179,11 @@ proc toBytes*(sig: SkSignature, data: var openarray[byte]): int =
|
|||
|
||||
proc getBytes*(key: SkPrivateKey): seq[byte] {.inline.} =
|
||||
## Serialize Secp256k1 `private key` and return it.
|
||||
result = @(SkSecretKey(key).toRaw())
|
||||
@(SkSecretKey(key).toRaw())
|
||||
|
||||
proc getBytes*(key: SkPublicKey): seq[byte] {.inline.} =
|
||||
## Serialize Secp256k1 `public key` and return it.
|
||||
result = @(secp256k1.SkPublicKey(key).toRawCompressed())
|
||||
@(secp256k1.SkPublicKey(key).toRawCompressed())
|
||||
|
||||
proc getBytes*(sig: SkSignature): seq[byte] {.inline.} =
|
||||
## Serialize Secp256k1 `signature` and return it.
|
||||
|
@ -184,12 +194,12 @@ proc getBytes*(sig: SkSignature): seq[byte] {.inline.} =
|
|||
proc sign*[T: byte|char](key: SkPrivateKey, msg: openarray[T]): SkSignature =
|
||||
## Sign message `msg` using private key `key` and return signature object.
|
||||
let h = sha256.digest(msg)
|
||||
SkSignature(sign(SkSecretKey(key), h))
|
||||
SkSignature(sign(SkSecretKey(key), SkMessage(h.data)))
|
||||
|
||||
proc verify*[T: byte|char](sig: SkSignature, msg: openarray[T],
|
||||
key: SkPublicKey): bool =
|
||||
let h = sha256.digest(msg)
|
||||
verify(secp256k1.SkSignature(sig), h, secp256k1.SkPublicKey(key))
|
||||
verify(secp256k1.SkSignature(sig), SkMessage(h.data), secp256k1.SkPublicKey(key))
|
||||
|
||||
func clear*(key: var SkPrivateKey) {.borrow.}
|
||||
|
||||
|
|
|
@ -33,6 +33,7 @@ type
|
|||
lifefut: Future[void]
|
||||
protoVersion*: string
|
||||
agentVersion*: string
|
||||
secure*: string
|
||||
case keyType*: KeyType:
|
||||
of HasPrivate:
|
||||
privateKey*: PrivateKey
|
||||
|
|
|
@ -9,8 +9,9 @@
|
|||
|
||||
import chronos
|
||||
import chronicles
|
||||
import bearssl
|
||||
import stew/[endians2, byteutils]
|
||||
import nimcrypto/[utils, sysrand, sha2, hmac]
|
||||
import nimcrypto/[utils, sha2, hmac]
|
||||
import ../../stream/lpstream
|
||||
import ../../peerid
|
||||
import ../../peerinfo
|
||||
|
@ -69,10 +70,10 @@ type
|
|||
rs: Curve25519Key
|
||||
|
||||
Noise* = ref object of Secure
|
||||
rng: ref BrHmacDrbgContext
|
||||
localPrivateKey: PrivateKey
|
||||
localPublicKey: PublicKey
|
||||
noisePrivateKey: Curve25519Key
|
||||
noisePublicKey: Curve25519Key
|
||||
noiseKeys: KeyPair
|
||||
commonPrologue: seq[byte]
|
||||
outgoing: bool
|
||||
|
||||
|
@ -87,8 +88,8 @@ type
|
|||
|
||||
# Utility
|
||||
|
||||
proc genKeyPair(): KeyPair =
|
||||
result.privateKey = Curve25519Key.random().tryGet()
|
||||
proc genKeyPair(rng: var BrHmacDrbgContext): KeyPair =
|
||||
result.privateKey = Curve25519Key.random(rng).tryGet()
|
||||
result.publicKey = result.privateKey.public()
|
||||
|
||||
proc hashProtocol(name: string): MDigest[256] =
|
||||
|
@ -200,7 +201,7 @@ proc init(_: type[HandshakeState]): HandshakeState =
|
|||
template write_e: untyped =
|
||||
trace "noise write e"
|
||||
# Sets e (which must be empty) to GENERATE_KEYPAIR(). Appends e.public_key to the buffer. Calls MixHash(e.public_key).
|
||||
hs.e = genKeyPair()
|
||||
hs.e = genKeyPair(p.rng[])
|
||||
msg &= hs.e.publicKey
|
||||
hs.ss.mixHash(hs.e.publicKey)
|
||||
|
||||
|
@ -293,8 +294,7 @@ proc handshakeXXOutbound(p: Noise, conn: Connection, p2pProof: ProtoBuffer): Fut
|
|||
p2psecret = p2pProof.buffer
|
||||
|
||||
hs.ss.mixHash(p.commonPrologue)
|
||||
hs.s.privateKey = p.noisePrivateKey
|
||||
hs.s.publicKey = p.noisePublicKey
|
||||
hs.s = p.noiseKeys
|
||||
|
||||
# -> e
|
||||
var msg: seq[byte]
|
||||
|
@ -340,8 +340,7 @@ proc handshakeXXInbound(p: Noise, conn: Connection, p2pProof: ProtoBuffer): Futu
|
|||
p2psecret = p2pProof.buffer
|
||||
|
||||
hs.ss.mixHash(p.commonPrologue)
|
||||
hs.s.privateKey = p.noisePrivateKey
|
||||
hs.s.publicKey = p.noisePublicKey
|
||||
hs.s = p.noiseKeys
|
||||
|
||||
# -> e
|
||||
|
||||
|
@ -418,7 +417,7 @@ method handshake*(p: Noise, conn: Connection, initiator: bool): Future[SecureCon
|
|||
# https://github.com/libp2p/specs/tree/master/noise#libp2p-data-in-handshake-messages
|
||||
let
|
||||
signedPayload = p.localPrivateKey.sign(
|
||||
PayloadString.toBytes & p.noisePublicKey.getBytes).tryGet()
|
||||
PayloadString.toBytes & p.noiseKeys.publicKey.getBytes).tryGet()
|
||||
|
||||
var
|
||||
libp2pProof = initProtoBuffer()
|
||||
|
@ -485,12 +484,15 @@ method init*(p: Noise) {.gcsafe.} =
|
|||
procCall Secure(p).init()
|
||||
p.codec = NoiseCodec
|
||||
|
||||
proc newNoise*(privateKey: PrivateKey; outgoing: bool = true; commonPrologue: seq[byte] = @[]): Noise =
|
||||
new result
|
||||
result.outgoing = outgoing
|
||||
result.localPrivateKey = privateKey
|
||||
result.localPublicKey = privateKey.getKey().tryGet()
|
||||
result.noisePrivateKey = Curve25519Key.random().tryGet()
|
||||
result.noisePublicKey = result.noisePrivateKey.public()
|
||||
result.commonPrologue = commonPrologue
|
||||
proc newNoise*(
|
||||
rng: ref BrHmacDrbgContext, privateKey: PrivateKey;
|
||||
outgoing: bool = true; commonPrologue: seq[byte] = @[]): Noise =
|
||||
result = Noise(
|
||||
rng: rng,
|
||||
outgoing: outgoing,
|
||||
localPrivateKey: privateKey,
|
||||
localPublicKey: privateKey.getKey().tryGet(),
|
||||
noiseKeys: genKeyPair(rng[]),
|
||||
commonPrologue: commonPrologue,
|
||||
)
|
||||
result.init()
|
||||
|
|
|
@ -6,8 +6,8 @@
|
|||
## at your option.
|
||||
## This file may not be copied, modified, or distributed except according to
|
||||
## those terms.
|
||||
import chronos, chronicles, oids, stew/endians2
|
||||
import nimcrypto/[sysrand, hmac, sha2, sha, hash, rijndael, twofish, bcmode]
|
||||
import chronos, chronicles, oids, stew/endians2, bearssl
|
||||
import nimcrypto/[hmac, sha2, sha, hash, rijndael, twofish, bcmode]
|
||||
import secure,
|
||||
../../stream/connection,
|
||||
../../peerinfo,
|
||||
|
@ -32,6 +32,7 @@ const
|
|||
|
||||
type
|
||||
Secio = ref object of Secure
|
||||
rng: ref BrHmacDrbgContext
|
||||
localPrivateKey: PrivateKey
|
||||
localPublicKey: PublicKey
|
||||
remotePublicKey: PublicKey
|
||||
|
@ -288,8 +289,7 @@ method handshake*(s: Secio, conn: Connection, initiator: bool = false): Future[S
|
|||
localPeerId: PeerID
|
||||
localBytesPubkey = s.localPublicKey.getBytes().tryGet()
|
||||
|
||||
if randomBytes(localNonce) != SecioNonceSize:
|
||||
raise (ref SecioError)(msg: "Could not generate random data")
|
||||
brHmacDrbgGenerate(s.rng[], localNonce)
|
||||
|
||||
var request = createProposal(localNonce,
|
||||
localBytesPubkey,
|
||||
|
@ -340,7 +340,7 @@ method handshake*(s: Secio, conn: Connection, initiator: bool = false): Future[S
|
|||
trace "Encryption scheme selected", scheme = scheme, cipher = cipher,
|
||||
hash = hash
|
||||
|
||||
var ekeypair = ephemeral(scheme).tryGet()
|
||||
var ekeypair = ephemeral(scheme, s.rng[]).tryGet()
|
||||
# We need EC public key in raw binary form
|
||||
var epubkey = ekeypair.pubkey.eckey.getRawBytes().tryGet()
|
||||
var localCorpus = request[4..^1] & answer & epubkey
|
||||
|
@ -410,8 +410,10 @@ method init(s: Secio) {.gcsafe.} =
|
|||
procCall Secure(s).init()
|
||||
s.codec = SecioCodec
|
||||
|
||||
proc newSecio*(localPrivateKey: PrivateKey): Secio =
|
||||
new result
|
||||
result.localPrivateKey = localPrivateKey
|
||||
result.localPublicKey = localPrivateKey.getKey().tryGet()
|
||||
proc newSecio*(rng: ref BrHmacDrbgContext, localPrivateKey: PrivateKey): Secio =
|
||||
result = Secio(
|
||||
rng: rng,
|
||||
localPrivateKey: localPrivateKey,
|
||||
localPublicKey: localPrivateKey.getKey().tryGet(),
|
||||
)
|
||||
result.init()
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
## those terms.
|
||||
|
||||
import options
|
||||
import chronos, chronicles
|
||||
import chronos, chronicles, bearssl
|
||||
import ../protocol,
|
||||
../../stream/streamseq,
|
||||
../../stream/connection,
|
||||
|
@ -66,6 +66,8 @@ proc handleConn*(s: Secure, conn: Connection, initiator: bool): Future[Connectio
|
|||
return sconn
|
||||
|
||||
method init*(s: Secure) {.gcsafe.} =
|
||||
procCall LPProtocol(s).init()
|
||||
|
||||
proc handle(conn: Connection, proto: string) {.async, gcsafe.} =
|
||||
trace "handling connection upgrade", proto
|
||||
try:
|
||||
|
|
|
@ -4,7 +4,7 @@ const
|
|||
libp2p_pubsub_verify {.booldefine.} = true
|
||||
|
||||
import
|
||||
options, tables, chronos,
|
||||
options, tables, chronos, bearssl,
|
||||
switch, peerid, peerinfo, stream/connection, multiaddress,
|
||||
crypto/crypto, transports/[transport, tcptransport],
|
||||
muxers/[muxer, mplex/mplex, mplex/types],
|
||||
|
@ -36,12 +36,16 @@ proc newStandardSwitch*(privKey = none(PrivateKey),
|
|||
verifySignature = libp2p_pubsub_verify,
|
||||
sign = libp2p_pubsub_sign,
|
||||
transportFlags: set[ServerFlags] = {},
|
||||
msgIdProvider: MsgIdProvider = defaultMsgIdProvider): Switch =
|
||||
msgIdProvider: MsgIdProvider = defaultMsgIdProvider,
|
||||
rng = newRng()): Switch =
|
||||
proc createMplex(conn: Connection): Muxer =
|
||||
newMplex(conn)
|
||||
|
||||
if rng == nil: # newRng could fail
|
||||
raise (ref CatchableError)(msg: "Cannot initialize RNG")
|
||||
|
||||
let
|
||||
seckey = privKey.get(otherwise = PrivateKey.random(ECDSA).tryGet())
|
||||
seckey = privKey.get(otherwise = PrivateKey.random(ECDSA, rng[]).tryGet())
|
||||
peerInfo = PeerInfo.init(seckey, [address])
|
||||
mplexProvider = newMuxerProvider(createMplex, MplexCodec)
|
||||
transports = @[Transport(TcpTransport.init(transportFlags))]
|
||||
|
@ -53,9 +57,9 @@ proc newStandardSwitch*(privKey = none(PrivateKey),
|
|||
for sec in secureManagers:
|
||||
case sec
|
||||
of SecureProtocol.Noise:
|
||||
secureManagerInstances &= newNoise(seckey).Secure
|
||||
secureManagerInstances &= newNoise(rng, seckey).Secure
|
||||
of SecureProtocol.Secio:
|
||||
secureManagerInstances &= newSecio(seckey).Secure
|
||||
secureManagerInstances &= newSecio(rng, seckey).Secure
|
||||
|
||||
let pubSub = if gossip:
|
||||
newPubSub(GossipSub,
|
||||
|
|
|
@ -645,15 +645,19 @@ proc newSwitch*(peerInfo: PeerInfo,
|
|||
muxers: Table[string, MuxerProvider],
|
||||
secureManagers: openarray[Secure] = [],
|
||||
pubSub: Option[PubSub] = none(PubSub)): Switch =
|
||||
new result
|
||||
result.peerInfo = peerInfo
|
||||
result.ms = newMultistream()
|
||||
result.transports = transports
|
||||
result.connections = initTable[string, seq[ConnectionHolder]]()
|
||||
result.muxed = initTable[string, seq[MuxerHolder]]()
|
||||
result.identity = identity
|
||||
result.muxers = muxers
|
||||
result.secureManagers = @secureManagers
|
||||
if secureManagers.len == 0:
|
||||
raise (ref CatchableError)(msg: "Provide at least one secure manager")
|
||||
|
||||
result = Switch(
|
||||
peerInfo: peerInfo,
|
||||
ms: newMultistream(),
|
||||
transports: transports,
|
||||
connections: initTable[string, seq[ConnectionHolder]](),
|
||||
muxed: initTable[string, seq[MuxerHolder]](),
|
||||
identity: identity,
|
||||
muxers: muxers,
|
||||
secureManagers: @secureManagers,
|
||||
)
|
||||
|
||||
let s = result # can't capture result
|
||||
result.streamHandler = proc(stream: Connection) {.async, gcsafe.} =
|
||||
|
@ -674,11 +678,6 @@ proc newSwitch*(peerInfo: PeerInfo,
|
|||
val.muxerHandler = proc(muxer: Muxer): Future[void] =
|
||||
s.muxerHandler(muxer)
|
||||
|
||||
if result.secureManagers.len <= 0:
|
||||
# use plain text if no secure managers are provided
|
||||
warn "no secure managers, falling back to plain text", codec = PlainTextCodec
|
||||
result.secureManagers &= Secure(newPlainText())
|
||||
|
||||
if pubSub.isSome:
|
||||
result.pubSub = pubSub
|
||||
result.mount(pubSub.get())
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
import chronos
|
||||
import chronos, bearssl
|
||||
|
||||
import ../libp2p/transports/tcptransport
|
||||
import ../libp2p/stream/bufferstream
|
||||
import ../libp2p/crypto/crypto
|
||||
import ../libp2p/stream/lpstream
|
||||
|
||||
const
|
||||
|
@ -23,3 +24,20 @@ iterator testTrackers*(extras: openArray[string] = []): TrackerBase =
|
|||
for name in extras:
|
||||
let t = getTracker(name)
|
||||
if not isNil(t): yield t
|
||||
|
||||
type RngWrap = object
|
||||
rng: ref BrHmacDrbgContext
|
||||
|
||||
var rngVar: RngWrap
|
||||
|
||||
proc getRng(): ref BrHmacDrbgContext =
|
||||
# TODO if `rngVar` is a threadvar like it should be, there are random and
|
||||
# spurious compile failures on mac - this is not gcsafe but for the
|
||||
# purpose of the tests, it's ok as long as we only use a single thread
|
||||
{.gcsafe.}:
|
||||
if rngVar.rng.isNil:
|
||||
rngVar.rng = newRng()
|
||||
rngVar.rng
|
||||
|
||||
template rng*(): ref BrHmacDrbgContext =
|
||||
getRng()
|
||||
|
|
|
@ -15,7 +15,6 @@ import utils,
|
|||
../../libp2p/[errors,
|
||||
switch,
|
||||
stream/connection,
|
||||
stream/bufferstream,
|
||||
crypto/crypto,
|
||||
protocols/pubsub/pubsub,
|
||||
protocols/pubsub/floodsub,
|
||||
|
|
|
@ -2,7 +2,7 @@ include ../../libp2p/protocols/pubsub/gossipsub
|
|||
|
||||
{.used.}
|
||||
|
||||
import unittest
|
||||
import unittest, bearssl
|
||||
import stew/byteutils
|
||||
import ../../libp2p/errors
|
||||
import ../../libp2p/crypto/crypto
|
||||
|
@ -15,6 +15,9 @@ type
|
|||
|
||||
proc noop(data: seq[byte]) {.async, gcsafe.} = discard
|
||||
|
||||
proc randomPeerInfo(): PeerInfo =
|
||||
PeerInfo.init(PrivateKey.random(ECDSA, rng[]).get())
|
||||
|
||||
suite "GossipSub internal":
|
||||
teardown:
|
||||
for tracker in testTrackers():
|
||||
|
@ -23,8 +26,7 @@ suite "GossipSub internal":
|
|||
|
||||
test "`rebalanceMesh` Degree Lo":
|
||||
proc testRun(): Future[bool] {.async.} =
|
||||
let gossipSub = newPubSub(TestGossipSub,
|
||||
PeerInfo.init(PrivateKey.random(ECDSA).get()))
|
||||
let gossipSub = newPubSub(TestGossipSub, randomPeerInfo())
|
||||
|
||||
let topic = "foobar"
|
||||
gossipSub.mesh[topic] = initHashSet[string]()
|
||||
|
@ -33,7 +35,7 @@ suite "GossipSub internal":
|
|||
for i in 0..<15:
|
||||
let conn = newBufferStream(noop)
|
||||
conns &= conn
|
||||
let peerInfo = PeerInfo.init(PrivateKey.random(ECDSA).get())
|
||||
let peerInfo = randomPeerInfo()
|
||||
conn.peerInfo = peerInfo
|
||||
gossipSub.peers[peerInfo.id] = newPubSubPeer(peerInfo, GossipSubCodec)
|
||||
gossipSub.peers[peerInfo.id].conn = conn
|
||||
|
@ -52,8 +54,7 @@ suite "GossipSub internal":
|
|||
|
||||
test "`rebalanceMesh` Degree Hi":
|
||||
proc testRun(): Future[bool] {.async.} =
|
||||
let gossipSub = newPubSub(TestGossipSub,
|
||||
PeerInfo.init(PrivateKey.random(ECDSA).get()))
|
||||
let gossipSub = newPubSub(TestGossipSub, randomPeerInfo())
|
||||
|
||||
let topic = "foobar"
|
||||
gossipSub.gossipsub[topic] = initHashSet[string]()
|
||||
|
@ -62,7 +63,7 @@ suite "GossipSub internal":
|
|||
for i in 0..<15:
|
||||
let conn = newBufferStream(noop)
|
||||
conns &= conn
|
||||
let peerInfo = PeerInfo.init(PrivateKey.random(ECDSA).get())
|
||||
let peerInfo = PeerInfo.init(PrivateKey.random(ECDSA, rng[]).get())
|
||||
conn.peerInfo = peerInfo
|
||||
gossipSub.peers[peerInfo.id] = newPubSubPeer(peerInfo, GossipSubCodec)
|
||||
gossipSub.peers[peerInfo.id].conn = conn
|
||||
|
@ -81,8 +82,7 @@ suite "GossipSub internal":
|
|||
|
||||
test "`replenishFanout` Degree Lo":
|
||||
proc testRun(): Future[bool] {.async.} =
|
||||
let gossipSub = newPubSub(TestGossipSub,
|
||||
PeerInfo.init(PrivateKey.random(ECDSA).get()))
|
||||
let gossipSub = newPubSub(TestGossipSub, randomPeerInfo())
|
||||
|
||||
proc handler(peer: PubSubPeer, msg: seq[RPCMsg]) {.async.} =
|
||||
discard
|
||||
|
@ -94,7 +94,7 @@ suite "GossipSub internal":
|
|||
for i in 0..<15:
|
||||
let conn = newBufferStream(noop)
|
||||
conns &= conn
|
||||
var peerInfo = PeerInfo.init(PrivateKey.random(ECDSA).get())
|
||||
var peerInfo = randomPeerInfo()
|
||||
conn.peerInfo = peerInfo
|
||||
gossipSub.peers[peerInfo.id] = newPubSubPeer(peerInfo, GossipSubCodec)
|
||||
gossipSub.peers[peerInfo.id].handler = handler
|
||||
|
@ -113,8 +113,7 @@ suite "GossipSub internal":
|
|||
|
||||
test "`dropFanoutPeers` drop expired fanout topics":
|
||||
proc testRun(): Future[bool] {.async.} =
|
||||
let gossipSub = newPubSub(TestGossipSub,
|
||||
PeerInfo.init(PrivateKey.random(ECDSA).get()))
|
||||
let gossipSub = newPubSub(TestGossipSub, randomPeerInfo())
|
||||
|
||||
proc handler(peer: PubSubPeer, msg: seq[RPCMsg]) {.async.} =
|
||||
discard
|
||||
|
@ -128,7 +127,7 @@ suite "GossipSub internal":
|
|||
for i in 0..<6:
|
||||
let conn = newBufferStream(noop)
|
||||
conns &= conn
|
||||
let peerInfo = PeerInfo.init(PrivateKey.random(ECDSA).get())
|
||||
let peerInfo = PeerInfo.init(PrivateKey.random(ECDSA, rng[]).get())
|
||||
conn.peerInfo = peerInfo
|
||||
gossipSub.peers[peerInfo.id] = newPubSubPeer(peerInfo, GossipSubCodec)
|
||||
gossipSub.peers[peerInfo.id].handler = handler
|
||||
|
@ -148,8 +147,7 @@ suite "GossipSub internal":
|
|||
|
||||
test "`dropFanoutPeers` leave unexpired fanout topics":
|
||||
proc testRun(): Future[bool] {.async.} =
|
||||
let gossipSub = newPubSub(TestGossipSub,
|
||||
PeerInfo.init(PrivateKey.random(ECDSA).get()))
|
||||
let gossipSub = newPubSub(TestGossipSub, randomPeerInfo())
|
||||
|
||||
proc handler(peer: PubSubPeer, msg: seq[RPCMsg]) {.async.} =
|
||||
discard
|
||||
|
@ -166,7 +164,7 @@ suite "GossipSub internal":
|
|||
for i in 0..<6:
|
||||
let conn = newBufferStream(noop)
|
||||
conns &= conn
|
||||
let peerInfo = PeerInfo.init(PrivateKey.random(ECDSA).get())
|
||||
let peerInfo = randomPeerInfo()
|
||||
conn.peerInfo = peerInfo
|
||||
gossipSub.peers[peerInfo.id] = newPubSubPeer(peerInfo, GossipSubCodec)
|
||||
gossipSub.peers[peerInfo.id].handler = handler
|
||||
|
@ -189,8 +187,7 @@ suite "GossipSub internal":
|
|||
|
||||
test "`getGossipPeers` - should gather up to degree D non intersecting peers":
|
||||
proc testRun(): Future[bool] {.async.} =
|
||||
let gossipSub = newPubSub(TestGossipSub,
|
||||
PeerInfo.init(PrivateKey.random(ECDSA).get()))
|
||||
let gossipSub = newPubSub(TestGossipSub, randomPeerInfo())
|
||||
|
||||
proc handler(peer: PubSubPeer, msg: seq[RPCMsg]) {.async.} =
|
||||
discard
|
||||
|
@ -205,7 +202,7 @@ suite "GossipSub internal":
|
|||
for i in 0..<30:
|
||||
let conn = newBufferStream(noop)
|
||||
conns &= conn
|
||||
let peerInfo = PeerInfo.init(PrivateKey.random(ECDSA).get())
|
||||
let peerInfo = randomPeerInfo()
|
||||
conn.peerInfo = peerInfo
|
||||
gossipSub.peers[peerInfo.id] = newPubSubPeer(peerInfo, GossipSubCodec)
|
||||
gossipSub.peers[peerInfo.id].handler = handler
|
||||
|
@ -218,7 +215,7 @@ suite "GossipSub internal":
|
|||
for i in 0..<15:
|
||||
let conn = newBufferStream(noop)
|
||||
conns &= conn
|
||||
let peerInfo = PeerInfo.init(PrivateKey.random(ECDSA).get())
|
||||
let peerInfo = randomPeerInfo()
|
||||
conn.peerInfo = peerInfo
|
||||
gossipSub.peers[peerInfo.id] = newPubSubPeer(peerInfo, GossipSubCodec)
|
||||
gossipSub.peers[peerInfo.id].handler = handler
|
||||
|
@ -228,7 +225,7 @@ suite "GossipSub internal":
|
|||
for i in 0..5:
|
||||
let conn = newBufferStream(noop)
|
||||
conns &= conn
|
||||
let peerInfo = PeerInfo.init(PrivateKey.random(ECDSA).get())
|
||||
let peerInfo = randomPeerInfo()
|
||||
conn.peerInfo = peerInfo
|
||||
let msg = Message.init(peerInfo, ("HELLO" & $i).toBytes(), topic, false)
|
||||
gossipSub.mcache.put(gossipSub.msgIdProvider(msg), msg)
|
||||
|
@ -252,8 +249,7 @@ suite "GossipSub internal":
|
|||
|
||||
test "`getGossipPeers` - should not crash on missing topics in mesh":
|
||||
proc testRun(): Future[bool] {.async.} =
|
||||
let gossipSub = newPubSub(TestGossipSub,
|
||||
PeerInfo.init(PrivateKey.random(ECDSA).get()))
|
||||
let gossipSub = newPubSub(TestGossipSub, randomPeerInfo())
|
||||
|
||||
proc handler(peer: PubSubPeer, msg: seq[RPCMsg]) {.async.} =
|
||||
discard
|
||||
|
@ -265,7 +261,7 @@ suite "GossipSub internal":
|
|||
for i in 0..<30:
|
||||
let conn = newBufferStream(noop)
|
||||
conns &= conn
|
||||
let peerInfo = PeerInfo.init(PrivateKey.random(ECDSA).get())
|
||||
let peerInfo = randomPeerInfo()
|
||||
conn.peerInfo = peerInfo
|
||||
gossipSub.peers[peerInfo.id] = newPubSubPeer(peerInfo, GossipSubCodec)
|
||||
gossipSub.peers[peerInfo.id].handler = handler
|
||||
|
@ -278,7 +274,7 @@ suite "GossipSub internal":
|
|||
for i in 0..5:
|
||||
let conn = newBufferStream(noop)
|
||||
conns &= conn
|
||||
let peerInfo = PeerInfo.init(PrivateKey.random(ECDSA).get())
|
||||
let peerInfo = randomPeerInfo()
|
||||
conn.peerInfo = peerInfo
|
||||
let msg = Message.init(peerInfo, ("HELLO" & $i).toBytes(), topic, false)
|
||||
gossipSub.mcache.put(gossipSub.msgIdProvider(msg), msg)
|
||||
|
@ -295,8 +291,7 @@ suite "GossipSub internal":
|
|||
|
||||
test "`getGossipPeers` - should not crash on missing topics in fanout":
|
||||
proc testRun(): Future[bool] {.async.} =
|
||||
let gossipSub = newPubSub(TestGossipSub,
|
||||
PeerInfo.init(PrivateKey.random(ECDSA).get()))
|
||||
let gossipSub = newPubSub(TestGossipSub, randomPeerInfo())
|
||||
|
||||
proc handler(peer: PubSubPeer, msg: seq[RPCMsg]) {.async.} =
|
||||
discard
|
||||
|
@ -308,7 +303,7 @@ suite "GossipSub internal":
|
|||
for i in 0..<30:
|
||||
let conn = newBufferStream(noop)
|
||||
conns &= conn
|
||||
let peerInfo = PeerInfo.init(PrivateKey.random(ECDSA).get())
|
||||
let peerInfo = randomPeerInfo()
|
||||
conn.peerInfo = peerInfo
|
||||
gossipSub.peers[peerInfo.id] = newPubSubPeer(peerInfo, GossipSubCodec)
|
||||
gossipSub.peers[peerInfo.id].handler = handler
|
||||
|
@ -321,7 +316,7 @@ suite "GossipSub internal":
|
|||
for i in 0..5:
|
||||
let conn = newBufferStream(noop)
|
||||
conns &= conn
|
||||
let peerInfo = PeerInfo.init(PrivateKey.random(ECDSA).get())
|
||||
let peerInfo = randomPeerInfo()
|
||||
conn.peerInfo = peerInfo
|
||||
let msg = Message.init(peerInfo, ("HELLO" & $i).toBytes(), topic, false)
|
||||
gossipSub.mcache.put(gossipSub.msgIdProvider(msg), msg)
|
||||
|
@ -338,8 +333,7 @@ suite "GossipSub internal":
|
|||
|
||||
test "`getGossipPeers` - should not crash on missing topics in gossip":
|
||||
proc testRun(): Future[bool] {.async.} =
|
||||
let gossipSub = newPubSub(TestGossipSub,
|
||||
PeerInfo.init(PrivateKey.random(ECDSA).get()))
|
||||
let gossipSub = newPubSub(TestGossipSub, randomPeerInfo())
|
||||
|
||||
proc handler(peer: PubSubPeer, msg: seq[RPCMsg]) {.async.} =
|
||||
discard
|
||||
|
@ -351,7 +345,7 @@ suite "GossipSub internal":
|
|||
for i in 0..<30:
|
||||
let conn = newBufferStream(noop)
|
||||
conns &= conn
|
||||
let peerInfo = PeerInfo.init(PrivateKey.random(ECDSA).get())
|
||||
let peerInfo = randomPeerInfo()
|
||||
conn.peerInfo = peerInfo
|
||||
gossipSub.peers[peerInfo.id] = newPubSubPeer(peerInfo, GossipSubCodec)
|
||||
gossipSub.peers[peerInfo.id].handler = handler
|
||||
|
@ -364,7 +358,7 @@ suite "GossipSub internal":
|
|||
for i in 0..5:
|
||||
let conn = newBufferStream(noop)
|
||||
conns &= conn
|
||||
let peerInfo = PeerInfo.init(PrivateKey.random(ECDSA).get())
|
||||
let peerInfo = randomPeerInfo()
|
||||
conn.peerInfo = peerInfo
|
||||
let msg = Message.init(peerInfo, ("bar" & $i).toBytes(), topic, false)
|
||||
gossipSub.mcache.put(gossipSub.msgIdProvider(msg), msg)
|
||||
|
|
|
@ -17,7 +17,6 @@ import utils, ../../libp2p/[errors,
|
|||
peerinfo,
|
||||
stream/connection,
|
||||
crypto/crypto,
|
||||
stream/bufferstream,
|
||||
protocols/pubsub/pubsub,
|
||||
protocols/pubsub/gossipsub,
|
||||
protocols/pubsub/rpc/messages]
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{.used.}
|
||||
|
||||
import unittest, options, sets, sequtils
|
||||
import unittest, options, sets, sequtils, bearssl
|
||||
import stew/byteutils
|
||||
import ../../libp2p/[peerid,
|
||||
crypto/crypto,
|
||||
|
@ -8,11 +8,15 @@ import ../../libp2p/[peerid,
|
|||
protocols/pubsub/rpc/message,
|
||||
protocols/pubsub/rpc/messages]
|
||||
|
||||
var rng = newRng()
|
||||
|
||||
proc randomPeerID(): PeerID =
|
||||
PeerID.init(PrivateKey.random(ECDSA, rng[]).get()).get()
|
||||
|
||||
suite "MCache":
|
||||
test "put/get":
|
||||
var mCache = newMCache(3, 5)
|
||||
var msg = Message(fromPeer: PeerID.init(PrivateKey.random(ECDSA).get()).get(),
|
||||
seqno: "12345".toBytes())
|
||||
var msg = Message(fromPeer: randomPeerID(), seqno: "12345".toBytes())
|
||||
let msgId = defaultMsgIdProvider(msg)
|
||||
mCache.put(msgId, msg)
|
||||
check mCache.get(msgId).isSome and mCache.get(msgId).get() == msg
|
||||
|
@ -21,13 +25,13 @@ suite "MCache":
|
|||
var mCache = newMCache(3, 5)
|
||||
|
||||
for i in 0..<3:
|
||||
var msg = Message(fromPeer: PeerID.init(PrivateKey.random(ECDSA).get()).get(),
|
||||
var msg = Message(fromPeer: randomPeerID(),
|
||||
seqno: "12345".toBytes(),
|
||||
topicIDs: @["foo"])
|
||||
mCache.put(defaultMsgIdProvider(msg), msg)
|
||||
|
||||
for i in 0..<5:
|
||||
var msg = Message(fromPeer: PeerID.init(PrivateKey.random(ECDSA).get()).get(),
|
||||
var msg = Message(fromPeer: randomPeerID(),
|
||||
seqno: "12345".toBytes(),
|
||||
topicIDs: @["bar"])
|
||||
mCache.put(defaultMsgIdProvider(msg), msg)
|
||||
|
@ -42,7 +46,7 @@ suite "MCache":
|
|||
var mCache = newMCache(1, 5)
|
||||
|
||||
for i in 0..<3:
|
||||
var msg = Message(fromPeer: PeerID.init(PrivateKey.random(ECDSA).get()).get(),
|
||||
var msg = Message(fromPeer: randomPeerID(),
|
||||
seqno: "12345".toBytes(),
|
||||
topicIDs: @["foo"])
|
||||
mCache.put(defaultMsgIdProvider(msg), msg)
|
||||
|
@ -51,7 +55,7 @@ suite "MCache":
|
|||
check mCache.window("foo").len == 0
|
||||
|
||||
for i in 0..<3:
|
||||
var msg = Message(fromPeer: PeerID.init(PrivateKey.random(ECDSA).get()).get(),
|
||||
var msg = Message(fromPeer: randomPeerID(),
|
||||
seqno: "12345".toBytes(),
|
||||
topicIDs: @["bar"])
|
||||
mCache.put(defaultMsgIdProvider(msg), msg)
|
||||
|
@ -60,7 +64,7 @@ suite "MCache":
|
|||
check mCache.window("bar").len == 0
|
||||
|
||||
for i in 0..<3:
|
||||
var msg = Message(fromPeer: PeerID.init(PrivateKey.random(ECDSA).get()).get(),
|
||||
var msg = Message(fromPeer: randomPeerID(),
|
||||
seqno: "12345".toBytes(),
|
||||
topicIDs: @["baz"])
|
||||
mCache.put(defaultMsgIdProvider(msg), msg)
|
||||
|
@ -72,19 +76,19 @@ suite "MCache":
|
|||
var mCache = newMCache(1, 5)
|
||||
|
||||
for i in 0..<3:
|
||||
var msg = Message(fromPeer: PeerID.init(PrivateKey.random(ECDSA).get()).get(),
|
||||
var msg = Message(fromPeer: randomPeerID(),
|
||||
seqno: "12345".toBytes(),
|
||||
topicIDs: @["foo"])
|
||||
mCache.put(defaultMsgIdProvider(msg), msg)
|
||||
|
||||
for i in 0..<3:
|
||||
var msg = Message(fromPeer: PeerID.init(PrivateKey.random(ECDSA).get()).get(),
|
||||
var msg = Message(fromPeer: randomPeerID(),
|
||||
seqno: "12345".toBytes(),
|
||||
topicIDs: @["bar"])
|
||||
mCache.put(defaultMsgIdProvider(msg), msg)
|
||||
|
||||
for i in 0..<3:
|
||||
var msg = Message(fromPeer: PeerID.init(PrivateKey.random(ECDSA).get()).get(),
|
||||
var msg = Message(fromPeer: randomPeerID(),
|
||||
seqno: "12345".toBytes(),
|
||||
topicIDs: @["baz"])
|
||||
mCache.put(defaultMsgIdProvider(msg), msg)
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
import unittest
|
||||
|
||||
{.used.}
|
||||
|
||||
import ../../libp2p/[peerid, peerinfo,
|
||||
crypto/crypto,
|
||||
protocols/pubsub/rpc/message,
|
||||
protocols/pubsub/rpc/messages]
|
||||
|
||||
let rng = newRng()
|
||||
|
||||
suite "Message":
|
||||
test "signature":
|
||||
let
|
||||
peer = PeerInfo.init(PrivateKey.random(ECDSA).get())
|
||||
peer = PeerInfo.init(PrivateKey.random(ECDSA, rng[]).get())
|
||||
msg = Message.init(peer, @[], "topic", sign = true)
|
||||
|
||||
check verify(msg, peer)
|
||||
|
|
|
@ -374,6 +374,8 @@ proc testStretcher(s, e: int, cs: string, ds: string): bool =
|
|||
if not result:
|
||||
break
|
||||
|
||||
let rng = newRng()
|
||||
|
||||
suite "Key interface test suite":
|
||||
|
||||
test "Go test vectors":
|
||||
|
@ -394,9 +396,9 @@ suite "Key interface test suite":
|
|||
var bmsg = cast[seq[byte]](msg)
|
||||
|
||||
for i in 0..<5:
|
||||
var seckey = PrivateKey.random(ECDSA).get()
|
||||
var seckey = PrivateKey.random(ECDSA, rng[]).get()
|
||||
var pubkey = seckey.getKey().get()
|
||||
var pair = KeyPair.random(ECDSA).get()
|
||||
var pair = KeyPair.random(ECDSA, rng[]).get()
|
||||
var sig1 = pair.seckey.sign(bmsg).get()
|
||||
var sig2 = seckey.sign(bmsg).get()
|
||||
var sersig1 = sig1.getBytes()
|
||||
|
@ -414,9 +416,9 @@ suite "Key interface test suite":
|
|||
recsig2.verify(bmsg, recpub2) == true
|
||||
|
||||
for i in 0..<5:
|
||||
var seckey = PrivateKey.random(Ed25519).get()
|
||||
var seckey = PrivateKey.random(Ed25519, rng[]).get()
|
||||
var pubkey = seckey.getKey().get()
|
||||
var pair = KeyPair.random(Ed25519).get()
|
||||
var pair = KeyPair.random(Ed25519, rng[]).get()
|
||||
var sig1 = pair.seckey.sign(bmsg).get()
|
||||
var sig2 = seckey.sign(bmsg).get()
|
||||
var sersig1 = sig1.getBytes()
|
||||
|
@ -434,9 +436,9 @@ suite "Key interface test suite":
|
|||
recsig2.verify(bmsg, recpub2) == true
|
||||
|
||||
for i in 0..<5:
|
||||
var seckey = PrivateKey.random(RSA, 512).get()
|
||||
var seckey = PrivateKey.random(RSA, rng[], 512).get()
|
||||
var pubkey = seckey.getKey().get()
|
||||
var pair = KeyPair.random(RSA, 512).get()
|
||||
var pair = KeyPair.random(RSA, rng[], 512).get()
|
||||
var sig1 = pair.seckey.sign(bmsg).get()
|
||||
var sig2 = seckey.sign(bmsg).get()
|
||||
var sersig1 = sig1.getBytes()
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
## those terms.
|
||||
import unittest
|
||||
import nimcrypto/utils
|
||||
import ../libp2p/crypto/ecnist
|
||||
import ../libp2p/crypto/[crypto, ecnist]
|
||||
import stew/results
|
||||
|
||||
when defined(nimHasUsed): {.used.}
|
||||
|
@ -294,13 +294,14 @@ const
|
|||
35ab"""
|
||||
]
|
||||
|
||||
suite "EC NIST-P256/384/521 test suite":
|
||||
let rng = newRng()
|
||||
|
||||
suite "EC NIST-P256/384/521 test suite":
|
||||
test "[secp256r1] Private key serialize/deserialize test":
|
||||
for i in 0..<TestsCount:
|
||||
var rkey1, rkey2: EcPrivateKey
|
||||
var skey2 = newSeq[byte](256)
|
||||
var key = EcPrivateKey.random(Secp256r1).expect("random key")
|
||||
var key = EcPrivateKey.random(Secp256r1, rng[]).expect("random key")
|
||||
var skey1 = key.getBytes().expect("bytes")
|
||||
check:
|
||||
key.toBytes(skey2).expect("bytes") > 0
|
||||
|
@ -319,7 +320,7 @@ suite "EC NIST-P256/384/521 test suite":
|
|||
for i in 0..<TestsCount:
|
||||
var rkey1, rkey2: EcPublicKey
|
||||
var skey2 = newSeq[byte](256)
|
||||
var pair = EcKeyPair.random(Secp256r1).expect("random key")
|
||||
var pair = EcKeyPair.random(Secp256r1, rng[]).expect("random key")
|
||||
var skey1 = pair.pubkey.getBytes().expect("bytes")
|
||||
check:
|
||||
pair.pubkey.toBytes(skey2).expect("bytes") > 0
|
||||
|
@ -335,8 +336,8 @@ suite "EC NIST-P256/384/521 test suite":
|
|||
|
||||
test "[secp256r1] ECDHE test":
|
||||
for i in 0..<TestsCount:
|
||||
var kp1 = EcKeyPair.random(Secp256r1).expect("random key")
|
||||
var kp2 = EcKeyPair.random(Secp256r1).expect("random key")
|
||||
var kp1 = EcKeyPair.random(Secp256r1, rng[]).expect("random key")
|
||||
var kp2 = EcKeyPair.random(Secp256r1, rng[]).expect("random key")
|
||||
var shared1 = kp2.pubkey.scalarMul(kp1.seckey)
|
||||
var shared2 = kp1.pubkey.scalarMul(kp2.seckey)
|
||||
check:
|
||||
|
@ -390,7 +391,7 @@ suite "EC NIST-P256/384/521 test suite":
|
|||
test "[secp256r1] Generate/Sign/Serialize/Deserialize/Verify test":
|
||||
var message = "message to sign"
|
||||
for i in 0..<TestsCount:
|
||||
var kp = EcKeyPair.random(Secp256r1).expect("random key")
|
||||
var kp = EcKeyPair.random(Secp256r1, rng[]).expect("random key")
|
||||
var sig = kp.seckey.sign(message).expect("signature")
|
||||
var sersk = kp.seckey.getBytes().expect("bytes")
|
||||
var serpk = kp.pubkey.getBytes().expect("bytes")
|
||||
|
@ -407,7 +408,7 @@ suite "EC NIST-P256/384/521 test suite":
|
|||
for i in 0..<TestsCount:
|
||||
var rkey1, rkey2: EcPrivateKey
|
||||
var skey2 = newSeq[byte](256)
|
||||
var key = EcPrivateKey.random(Secp384r1).expect("random key")
|
||||
var key = EcPrivateKey.random(Secp384r1, rng[]).expect("random key")
|
||||
var skey1 = key.getBytes().expect("bytes")
|
||||
check:
|
||||
key.toBytes(skey2).expect("bytes") > 0
|
||||
|
@ -426,7 +427,7 @@ suite "EC NIST-P256/384/521 test suite":
|
|||
for i in 0..<TestsCount:
|
||||
var rkey1, rkey2: EcPublicKey
|
||||
var skey2 = newSeq[byte](256)
|
||||
var pair = EcKeyPair.random(Secp384r1).expect("random key")
|
||||
var pair = EcKeyPair.random(Secp384r1, rng[]).expect("random key")
|
||||
var skey1 = pair.pubkey.getBytes().expect("bytes")
|
||||
check:
|
||||
pair.pubkey.toBytes(skey2).expect("bytes") > 0
|
||||
|
@ -442,8 +443,8 @@ suite "EC NIST-P256/384/521 test suite":
|
|||
|
||||
test "[secp384r1] ECDHE test":
|
||||
for i in 0..<TestsCount:
|
||||
var kp1 = EcKeyPair.random(Secp384r1).expect("random key")
|
||||
var kp2 = EcKeyPair.random(Secp384r1).expect("random key")
|
||||
var kp1 = EcKeyPair.random(Secp384r1, rng[]).expect("random key")
|
||||
var kp2 = EcKeyPair.random(Secp384r1, rng[]).expect("random key")
|
||||
var shared1 = kp2.pubkey.scalarMul(kp1.seckey)
|
||||
var shared2 = kp1.pubkey.scalarMul(kp2.seckey)
|
||||
check:
|
||||
|
@ -497,7 +498,7 @@ suite "EC NIST-P256/384/521 test suite":
|
|||
test "[secp384r1] Generate/Sign/Serialize/Deserialize/Verify test":
|
||||
var message = "message to sign"
|
||||
for i in 0..<TestsCount:
|
||||
var kp = EcKeyPair.random(Secp384r1).expect("random key")
|
||||
var kp = EcKeyPair.random(Secp384r1, rng[]).expect("random key")
|
||||
var sig = kp.seckey.sign(message).expect("signature")
|
||||
var sersk = kp.seckey.getBytes().expect("bytes")
|
||||
var serpk = kp.pubkey.getBytes().expect("bytes")
|
||||
|
@ -514,7 +515,7 @@ suite "EC NIST-P256/384/521 test suite":
|
|||
for i in 0..<TestsCount:
|
||||
var rkey1, rkey2: EcPrivateKey
|
||||
var skey2 = newSeq[byte](256)
|
||||
var key = EcPrivateKey.random(Secp521r1).expect("random key")
|
||||
var key = EcPrivateKey.random(Secp521r1, rng[]).expect("random key")
|
||||
var skey1 = key.getBytes().expect("bytes")
|
||||
check:
|
||||
key.toBytes(skey2).expect("bytes") > 0
|
||||
|
@ -533,7 +534,7 @@ suite "EC NIST-P256/384/521 test suite":
|
|||
for i in 0..<TestsCount:
|
||||
var rkey1, rkey2: EcPublicKey
|
||||
var skey2 = newSeq[byte](256)
|
||||
var pair = EcKeyPair.random(Secp521r1).expect("random key")
|
||||
var pair = EcKeyPair.random(Secp521r1, rng[]).expect("random key")
|
||||
var skey1 = pair.pubkey.getBytes().expect("bytes")
|
||||
check:
|
||||
pair.pubkey.toBytes(skey2).expect("bytes") > 0
|
||||
|
@ -549,8 +550,8 @@ suite "EC NIST-P256/384/521 test suite":
|
|||
|
||||
test "[secp521r1] ECDHE test":
|
||||
for i in 0..<TestsCount:
|
||||
var kp1 = EcKeyPair.random(Secp521r1).expect("random key")
|
||||
var kp2 = EcKeyPair.random(Secp521r1).expect("random key")
|
||||
var kp1 = EcKeyPair.random(Secp521r1, rng[]).expect("random key")
|
||||
var kp2 = EcKeyPair.random(Secp521r1, rng[]).expect("random key")
|
||||
var shared1 = kp2.pubkey.scalarMul(kp1.seckey)
|
||||
var shared2 = kp1.pubkey.scalarMul(kp2.seckey)
|
||||
check:
|
||||
|
@ -604,7 +605,7 @@ suite "EC NIST-P256/384/521 test suite":
|
|||
test "[secp521r1] Generate/Sign/Serialize/Deserialize/Verify test":
|
||||
var message = "message to sign"
|
||||
for i in 0..<TestsCount:
|
||||
var kp = EcKeyPair.random(Secp521r1).expect("random key")
|
||||
var kp = EcKeyPair.random(Secp521r1, rng[]).expect("random key")
|
||||
var sig = kp.seckey.sign(message).expect("signature")
|
||||
var sersk = kp.seckey.getBytes().expect("bytes")
|
||||
var serpk = kp.pubkey.getBytes().expect("bytes")
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
## Test vectors are from RFC 8032 (https://tools.ietf.org/html/rfc8032)
|
||||
import unittest
|
||||
import nimcrypto/utils
|
||||
import ../libp2p/crypto/crypto
|
||||
import ../libp2p/crypto/ed25519/ed25519
|
||||
|
||||
when defined(nimHasUsed): {.used.}
|
||||
|
@ -100,6 +101,8 @@ const GoodScalars = [
|
|||
"ECD3F55C1A631258D69CF7A2DEF9DE1400000000000000000000000000000010",
|
||||
]
|
||||
|
||||
let rng = newRng()
|
||||
|
||||
suite "Ed25519 test suite":
|
||||
test "Scalar check edge cases test":
|
||||
for item in FailScalars:
|
||||
|
@ -111,7 +114,7 @@ suite "Ed25519 test suite":
|
|||
for i in 0..<TestsCount:
|
||||
var rkey1, rkey2: EdPrivateKey
|
||||
var skey2 = newSeq[byte](256)
|
||||
var key = EdPrivateKey.random().expect("private key")
|
||||
var key = EdPrivateKey.random(rng[])
|
||||
var skey1 = key.getBytes()
|
||||
check:
|
||||
key.toBytes(skey2) > 0
|
||||
|
@ -135,7 +138,7 @@ suite "Ed25519 test suite":
|
|||
for i in 0..<TestsCount:
|
||||
var rkey1, rkey2: EdPublicKey
|
||||
var skey2 = newSeq[byte](256)
|
||||
var pair = EdKeyPair.random().expect("random key pair")
|
||||
var pair = EdKeyPair.random(rng[])
|
||||
var skey1 = pair.pubkey.getBytes()
|
||||
check:
|
||||
pair.pubkey.toBytes(skey2) > 0
|
||||
|
@ -171,7 +174,7 @@ suite "Ed25519 test suite":
|
|||
test "Generate/Sign/Serialize/Deserialize/Verify test":
|
||||
var message = "message to sign"
|
||||
for i in 0..<TestsCount:
|
||||
var kp = EdKeyPair.random().expect("random key pair")
|
||||
var kp = EdKeyPair.random(rng[])
|
||||
var sig = kp.seckey.sign(message)
|
||||
var sersk = kp.seckey.getBytes()
|
||||
var serpk = kp.pubkey.getBytes()
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
import unittest, options
|
||||
import unittest, options, bearssl
|
||||
import chronos, strutils
|
||||
import ../libp2p/[protocols/identify,
|
||||
multiaddress,
|
||||
|
@ -22,7 +22,7 @@ suite "Identify":
|
|||
test "handle identify message":
|
||||
proc testHandle(): Future[bool] {.async.} =
|
||||
let ma: MultiAddress = Multiaddress.init("/ip4/0.0.0.0/tcp/0").tryGet()
|
||||
let remoteSecKey = PrivateKey.random(ECDSA).get()
|
||||
let remoteSecKey = PrivateKey.random(ECDSA, rng[]).get()
|
||||
let remotePeerInfo = PeerInfo.init(remoteSecKey,
|
||||
[ma],
|
||||
["/test/proto1/1.0.0",
|
||||
|
@ -42,7 +42,7 @@ suite "Identify":
|
|||
let transport2: TcpTransport = TcpTransport.init()
|
||||
let conn = await transport2.dial(transport1.ma)
|
||||
|
||||
var peerInfo = PeerInfo.init(PrivateKey.random(ECDSA).get(), [ma])
|
||||
var peerInfo = PeerInfo.init(PrivateKey.random(ECDSA, rng[]).get(), [ma])
|
||||
let identifyProto2 = newIdentify(peerInfo)
|
||||
discard await msDial.select(conn, IdentifyCodec)
|
||||
let id = await identifyProto2.identify(conn, remotePeerInfo)
|
||||
|
@ -66,8 +66,8 @@ suite "Identify":
|
|||
|
||||
test "handle failed identify":
|
||||
proc testHandleError() {.async.} =
|
||||
let ma: MultiAddress = Multiaddress.init("/ip4/0.0.0.0/tcp/0").tryGet()
|
||||
var remotePeerInfo = PeerInfo.init(PrivateKey.random(ECDSA).get(), [ma])
|
||||
let ma = Multiaddress.init("/ip4/0.0.0.0/tcp/0").tryGet()
|
||||
var remotePeerInfo = PeerInfo.init(PrivateKey.random(ECDSA, rng[]).get(), [ma])
|
||||
let identifyProto1 = newIdentify(remotePeerInfo)
|
||||
let msListen = newMultistream()
|
||||
|
||||
|
@ -85,13 +85,13 @@ suite "Identify":
|
|||
let msDial = newMultistream()
|
||||
let transport2: TcpTransport = TcpTransport.init()
|
||||
let conn = await transport2.dial(transport1.ma)
|
||||
|
||||
var localPeerInfo = PeerInfo.init(PrivateKey.random(ECDSA).get(), [ma])
|
||||
var localPeerInfo = PeerInfo.init(PrivateKey.random(ECDSA, rng[]).get(), [ma])
|
||||
let identifyProto2 = newIdentify(localPeerInfo)
|
||||
|
||||
try:
|
||||
let pi2 = PeerInfo.init(PrivateKey.random(ECDSA, rng[]).get())
|
||||
discard await msDial.select(conn, IdentifyCodec)
|
||||
discard await identifyProto2.identify(conn, PeerInfo.init(PrivateKey.random(ECDSA).get()))
|
||||
discard await identifyProto2.identify(conn, pi2)
|
||||
finally:
|
||||
await done.wait(5000.millis) # when no issues will not wait that long!
|
||||
await conn.close()
|
||||
|
|
|
@ -9,10 +9,9 @@
|
|||
|
||||
{.used.}
|
||||
|
||||
import unittest, tables
|
||||
import unittest, tables, bearssl
|
||||
import chronos, stew/byteutils
|
||||
import chronicles
|
||||
import nimcrypto/sysrand
|
||||
import ../libp2p/crypto/crypto
|
||||
import ../libp2p/[switch,
|
||||
errors,
|
||||
|
@ -50,7 +49,7 @@ method init(p: TestProto) {.gcsafe.} =
|
|||
p.handler = handle
|
||||
|
||||
proc createSwitch(ma: MultiAddress; outgoing: bool): (Switch, PeerInfo) =
|
||||
var peerInfo: PeerInfo = PeerInfo.init(PrivateKey.random(ECDSA).get())
|
||||
var peerInfo: PeerInfo = PeerInfo.init(PrivateKey.random(ECDSA, rng[]).get())
|
||||
peerInfo.addrs.add(ma)
|
||||
let identify = newIdentify(peerInfo)
|
||||
|
||||
|
@ -60,7 +59,7 @@ proc createSwitch(ma: MultiAddress; outgoing: bool): (Switch, PeerInfo) =
|
|||
let mplexProvider = newMuxerProvider(createMplex, MplexCodec)
|
||||
let transports = @[Transport(TcpTransport.init())]
|
||||
let muxers = [(MplexCodec, mplexProvider)].toTable()
|
||||
let secureManagers = [Secure(newNoise(peerInfo.privateKey, outgoing = outgoing))]
|
||||
let secureManagers = [Secure(newNoise(rng, peerInfo.privateKey, outgoing = outgoing))]
|
||||
let switch = newSwitch(peerInfo,
|
||||
transports,
|
||||
identify,
|
||||
|
@ -77,9 +76,9 @@ suite "Noise":
|
|||
test "e2e: handle write + noise":
|
||||
proc testListenerDialer(): Future[bool] {.async.} =
|
||||
let
|
||||
server: MultiAddress = Multiaddress.init("/ip4/0.0.0.0/tcp/0").tryGet()
|
||||
serverInfo = PeerInfo.init(PrivateKey.random(ECDSA).get(), [server])
|
||||
serverNoise = newNoise(serverInfo.privateKey, outgoing = false)
|
||||
server = Multiaddress.init("/ip4/0.0.0.0/tcp/0").tryGet()
|
||||
serverInfo = PeerInfo.init(PrivateKey.random(ECDSA, rng[]).get(), [server])
|
||||
serverNoise = newNoise(rng, serverInfo.privateKey, outgoing = false)
|
||||
|
||||
proc connHandler(conn: Connection) {.async, gcsafe.} =
|
||||
let sconn = await serverNoise.secure(conn, false)
|
||||
|
@ -95,8 +94,8 @@ suite "Noise":
|
|||
|
||||
let
|
||||
transport2: TcpTransport = TcpTransport.init()
|
||||
clientInfo = PeerInfo.init(PrivateKey.random(ECDSA).get(), [transport1.ma])
|
||||
clientNoise = newNoise(clientInfo.privateKey, outgoing = true)
|
||||
clientInfo = PeerInfo.init(PrivateKey.random(ECDSA, rng[]).get(), [transport1.ma])
|
||||
clientNoise = newNoise(rng, clientInfo.privateKey, outgoing = true)
|
||||
conn = await transport2.dial(transport1.ma)
|
||||
sconn = await clientNoise.secure(conn, true)
|
||||
|
||||
|
@ -116,9 +115,9 @@ suite "Noise":
|
|||
test "e2e: handle read + noise":
|
||||
proc testListenerDialer(): Future[bool] {.async.} =
|
||||
let
|
||||
server: MultiAddress = Multiaddress.init("/ip4/0.0.0.0/tcp/0").tryGet()
|
||||
serverInfo = PeerInfo.init(PrivateKey.random(ECDSA).get(), [server])
|
||||
serverNoise = newNoise(serverInfo.privateKey, outgoing = false)
|
||||
server = Multiaddress.init("/ip4/0.0.0.0/tcp/0").tryGet()
|
||||
serverInfo = PeerInfo.init(PrivateKey.random(ECDSA, rng[]).get(), [server])
|
||||
serverNoise = newNoise(rng, serverInfo.privateKey, outgoing = false)
|
||||
readTask = newFuture[void]()
|
||||
|
||||
proc connHandler(conn: Connection) {.async, gcsafe.} =
|
||||
|
@ -137,8 +136,8 @@ suite "Noise":
|
|||
|
||||
let
|
||||
transport2: TcpTransport = TcpTransport.init()
|
||||
clientInfo = PeerInfo.init(PrivateKey.random(ECDSA).get(), [transport1.ma])
|
||||
clientNoise = newNoise(clientInfo.privateKey, outgoing = true)
|
||||
clientInfo = PeerInfo.init(PrivateKey.random(ECDSA, rng[]).get(), [transport1.ma])
|
||||
clientNoise = newNoise(rng, clientInfo.privateKey, outgoing = true)
|
||||
conn = await transport2.dial(transport1.ma)
|
||||
sconn = await clientNoise.secure(conn, true)
|
||||
|
||||
|
@ -157,13 +156,13 @@ suite "Noise":
|
|||
test "e2e: handle read + noise fragmented":
|
||||
proc testListenerDialer(): Future[bool] {.async.} =
|
||||
let
|
||||
server: MultiAddress = Multiaddress.init("/ip4/0.0.0.0/tcp/0").tryGet()
|
||||
serverInfo = PeerInfo.init(PrivateKey.random(ECDSA).get(), [server])
|
||||
serverNoise = newNoise(serverInfo.privateKey, outgoing = false)
|
||||
server = Multiaddress.init("/ip4/0.0.0.0/tcp/0").tryGet()
|
||||
serverInfo = PeerInfo.init(PrivateKey.random(ECDSA, rng[]).get(), [server])
|
||||
serverNoise = newNoise(rng, serverInfo.privateKey, outgoing = false)
|
||||
readTask = newFuture[void]()
|
||||
|
||||
var hugePayload = newSeq[byte](0xFFFFF)
|
||||
check randomBytes(hugePayload) == hugePayload.len
|
||||
brHmacDrbgGenerate(rng[], hugePayload)
|
||||
trace "Sending huge payload", size = hugePayload.len
|
||||
|
||||
proc connHandler(conn: Connection) {.async, gcsafe.} =
|
||||
|
@ -180,8 +179,8 @@ suite "Noise":
|
|||
|
||||
let
|
||||
transport2: TcpTransport = TcpTransport.init()
|
||||
clientInfo = PeerInfo.init(PrivateKey.random(ECDSA).get(), [transport1.ma])
|
||||
clientNoise = newNoise(clientInfo.privateKey, outgoing = true)
|
||||
clientInfo = PeerInfo.init(PrivateKey.random(ECDSA, rng[]).get(), [transport1.ma])
|
||||
clientNoise = newNoise(rng, clientInfo.privateKey, outgoing = true)
|
||||
conn = await transport2.dial(transport1.ma)
|
||||
sconn = await clientNoise.secure(conn, true)
|
||||
|
||||
|
|
|
@ -1,14 +1,16 @@
|
|||
{.used.}
|
||||
|
||||
import unittest, options
|
||||
import unittest, options, bearssl
|
||||
import chronos
|
||||
import ../libp2p/crypto/crypto,
|
||||
../libp2p/peerinfo,
|
||||
../libp2p/peerid
|
||||
|
||||
import ./helpers
|
||||
|
||||
suite "PeerInfo":
|
||||
test "Should init with private key":
|
||||
let seckey = PrivateKey.random(ECDSA).get()
|
||||
let seckey = PrivateKey.random(ECDSA, rng[]).get()
|
||||
var peerInfo = PeerInfo.init(seckey)
|
||||
var peerId = PeerID.init(seckey).get()
|
||||
|
||||
|
@ -17,7 +19,7 @@ suite "PeerInfo":
|
|||
check seckey.getKey().get() == peerInfo.publicKey.get()
|
||||
|
||||
test "Should init with public key":
|
||||
let seckey = PrivateKey.random(ECDSA).get()
|
||||
let seckey = PrivateKey.random(ECDSA, rng[]).get()
|
||||
var peerInfo = PeerInfo.init(seckey.getKey().get())
|
||||
var peerId = PeerID.init(seckey.getKey().get()).get()
|
||||
|
||||
|
@ -25,7 +27,7 @@ suite "PeerInfo":
|
|||
check seckey.getKey.get() == peerInfo.publicKey.get()
|
||||
|
||||
test "Should init from PeerId with public key":
|
||||
let seckey = PrivateKey.random(Ed25519).get()
|
||||
let seckey = PrivateKey.random(Ed25519, rng[]).get()
|
||||
var peerInfo = PeerInfo.init(PeerID.init(seckey.getKey.get()).get())
|
||||
var peerId = PeerID.init(seckey.getKey.get()).get()
|
||||
|
||||
|
@ -47,16 +49,16 @@ suite "PeerInfo":
|
|||
# PeerID.init("bafzbeie5745rpv2m6tjyuugywy4d5ewrqgqqhfnf445he3omzpjbx5xqxe") == peerInfo.peerId
|
||||
|
||||
test "Should return none if pubkey is missing from id":
|
||||
let peerInfo = PeerInfo.init(PeerID.init(PrivateKey.random(ECDSA).get()).get())
|
||||
let peerInfo = PeerInfo.init(PeerID.init(PrivateKey.random(ECDSA, rng[]).get()).get())
|
||||
check peerInfo.publicKey.isNone
|
||||
|
||||
test "Should return some if pubkey is present in id":
|
||||
let peerInfo = PeerInfo.init(PeerID.init(PrivateKey.random(Ed25519).get()).get())
|
||||
let peerInfo = PeerInfo.init(PeerID.init(PrivateKey.random(Ed25519, rng[]).get()).get())
|
||||
check peerInfo.publicKey.isSome
|
||||
|
||||
test "join() and isClosed() test":
|
||||
proc testJoin(): Future[bool] {.async, gcsafe.} =
|
||||
let peerInfo = PeerInfo.init(PeerID.init(PrivateKey.random(Ed25519).get()).get())
|
||||
let peerInfo = PeerInfo.init(PeerID.init(PrivateKey.random(Ed25519, rng[]).get()).get())
|
||||
check peerInfo.isClosed() == false
|
||||
var joinFut = peerInfo.join()
|
||||
check joinFut.finished() == false
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
## those terms.
|
||||
import unittest
|
||||
import nimcrypto/utils
|
||||
import ../libp2p/crypto/rsa
|
||||
import ../libp2p/crypto/[crypto, rsa]
|
||||
|
||||
when defined(nimHasUsed): {.used.}
|
||||
|
||||
|
@ -267,13 +267,18 @@ const
|
|||
ACB51807206B8332127E3692269013B96F0CABD95D7431805E48176ADC5D1366"""
|
||||
]
|
||||
|
||||
suite "RSA 512/1024/2048/4096 test suite":
|
||||
let rng = newRng()
|
||||
|
||||
type
|
||||
RsaPrivateKey = rsa.RsaPrivateKey
|
||||
RsaPublicKey = rsa.RsaPublicKey
|
||||
|
||||
suite "RSA 512/1024/2048/4096 test suite":
|
||||
test "[rsa512] Private key serialize/deserialize test":
|
||||
for i in 0..<TestsCount:
|
||||
var rkey1, rkey2: RsaPrivateKey
|
||||
var skey2 = newSeq[byte](4096)
|
||||
var key = RsaPrivateKey.random(512).expect("random key")
|
||||
var key = RsaPrivateKey.random(rng[], 512).expect("random key")
|
||||
var skey1 = key.getBytes().expect("bytes")
|
||||
check key.toBytes(skey2).expect("bytes") > 0
|
||||
check:
|
||||
|
@ -291,7 +296,7 @@ suite "RSA 512/1024/2048/4096 test suite":
|
|||
for i in 0..<TestsCount:
|
||||
var rkey1, rkey2: RsaPrivateKey
|
||||
var skey2 = newSeq[byte](4096)
|
||||
var key = RsaPrivateKey.random(1024).expect("random failed")
|
||||
var key = RsaPrivateKey.random(rng[], 1024).expect("random failed")
|
||||
var skey1 = key.getBytes().expect("bytes")
|
||||
check key.toBytes(skey2).expect("bytes") > 0
|
||||
check:
|
||||
|
@ -308,7 +313,7 @@ suite "RSA 512/1024/2048/4096 test suite":
|
|||
test "[rsa2048] Private key serialize/deserialize test":
|
||||
var rkey1, rkey2: RsaPrivateKey
|
||||
var skey2 = newSeq[byte](4096)
|
||||
var key = RsaPrivateKey.random(2048).expect("random failed")
|
||||
var key = RsaPrivateKey.random(rng[], 2048).expect("random failed")
|
||||
var skey1 = key.getBytes().expect("bytes")
|
||||
check key.toBytes(skey2).expect("bytes") > 0
|
||||
check:
|
||||
|
@ -327,7 +332,7 @@ suite "RSA 512/1024/2048/4096 test suite":
|
|||
when defined(release):
|
||||
var rkey1, rkey2: RsaPrivateKey
|
||||
var skey2 = newSeq[byte](4096)
|
||||
var key = RsaPrivateKey.random(4096).expect("random failed")
|
||||
var key = RsaPrivateKey.random(rng[], 4096).expect("random failed")
|
||||
var skey1 = key.getBytes().expect("bytes")
|
||||
check key.toBytes(skey2).expect("bytes") > 0
|
||||
check:
|
||||
|
@ -345,7 +350,7 @@ suite "RSA 512/1024/2048/4096 test suite":
|
|||
for i in 0..<TestsCount:
|
||||
var rkey1, rkey2: RsaPublicKey
|
||||
var skey2 = newSeq[byte](4096)
|
||||
var pair = RsaKeyPair.random(512).expect("random failed")
|
||||
var pair = RsaKeyPair.random(rng[], 512).expect("random failed")
|
||||
var skey1 = pair.pubkey().getBytes().expect("bytes")
|
||||
check:
|
||||
pair.pubkey.toBytes(skey2).expect("bytes") > 0
|
||||
|
@ -363,7 +368,7 @@ suite "RSA 512/1024/2048/4096 test suite":
|
|||
for i in 0..<TestsCount:
|
||||
var rkey1, rkey2: RsaPublicKey
|
||||
var skey2 = newSeq[byte](4096)
|
||||
var pair = RsaKeyPair.random(1024).expect("random failed")
|
||||
var pair = RsaKeyPair.random(rng[], 1024).expect("random failed")
|
||||
var skey1 = pair.pubkey.getBytes().expect("bytes")
|
||||
check:
|
||||
pair.pubkey.toBytes(skey2).expect("bytes") > 0
|
||||
|
@ -380,7 +385,7 @@ suite "RSA 512/1024/2048/4096 test suite":
|
|||
test "[rsa2048] Public key serialize/deserialize test":
|
||||
var rkey1, rkey2: RsaPublicKey
|
||||
var skey2 = newSeq[byte](4096)
|
||||
var pair = RsaKeyPair.random(2048).expect("random failed")
|
||||
var pair = RsaKeyPair.random(rng[], 2048).expect("random failed")
|
||||
var skey1 = pair.pubkey.getBytes().expect("bytes")
|
||||
check:
|
||||
pair.pubkey.toBytes(skey2).expect("bytes") > 0
|
||||
|
@ -398,7 +403,7 @@ suite "RSA 512/1024/2048/4096 test suite":
|
|||
when defined(release):
|
||||
var rkey1, rkey2: RsaPublicKey
|
||||
var skey2 = newSeq[byte](4096)
|
||||
var pair = RsaKeyPair.random(4096).expect("random failed")
|
||||
var pair = RsaKeyPair.random(rng[], 4096).expect("random failed")
|
||||
var skey1 = pair.pubkey.getBytes().expect("bytes")
|
||||
check:
|
||||
pair.pubkey.toBytes(skey2).expect("bytes") > 0
|
||||
|
@ -415,7 +420,7 @@ suite "RSA 512/1024/2048/4096 test suite":
|
|||
test "[rsa512] Generate/Sign/Serialize/Deserialize/Verify test":
|
||||
var message = "message to sign"
|
||||
for i in 0..<TestsCount:
|
||||
var kp = RsaKeyPair.random(512).expect("RsaKeyPair.random failed")
|
||||
var kp = RsaKeyPair.random(rng[], 512).expect("RsaKeyPair.random failed")
|
||||
var sig = kp.seckey.sign(message).expect("signature")
|
||||
var sersk = kp.seckey.getBytes().expect("bytes")
|
||||
var serpk = kp.pubkey.getBytes().expect("bytes")
|
||||
|
@ -431,7 +436,7 @@ suite "RSA 512/1024/2048/4096 test suite":
|
|||
test "[rsa1024] Generate/Sign/Serialize/Deserialize/Verify test":
|
||||
var message = "message to sign"
|
||||
for i in 0..<TestsCount:
|
||||
var kp = RsaKeyPair.random(1024).expect("RsaPrivateKey.random failed")
|
||||
var kp = RsaKeyPair.random(rng[], 1024).expect("RsaPrivateKey.random failed")
|
||||
var sig = kp.seckey.sign(message).expect("signature")
|
||||
var sersk = kp.seckey.getBytes().expect("bytes")
|
||||
var serpk = kp.pubkey.getBytes().expect("bytes")
|
||||
|
@ -446,7 +451,7 @@ suite "RSA 512/1024/2048/4096 test suite":
|
|||
|
||||
test "[rsa2048] Generate/Sign/Serialize/Deserialize/Verify test":
|
||||
var message = "message to sign"
|
||||
var kp = RsaKeyPair.random(2048).expect("RsaPrivateKey.random failed")
|
||||
var kp = RsaKeyPair.random(rng[], 2048).expect("RsaPrivateKey.random failed")
|
||||
var sig = kp.seckey.sign(message).expect("signature")
|
||||
var sersk = kp.seckey.getBytes().expect("bytes")
|
||||
var serpk = kp.pubkey.getBytes().expect("bytes")
|
||||
|
@ -462,7 +467,7 @@ suite "RSA 512/1024/2048/4096 test suite":
|
|||
test "[rsa4096] Generate/Sign/Serialize/Deserialize/Verify test":
|
||||
when defined(release):
|
||||
var message = "message to sign"
|
||||
var kp = RsaKeyPair.random(2048).expect("RsaPrivateKey.random failed")
|
||||
var kp = RsaKeyPair.random(rng[], 2048).expect("RsaPrivateKey.random failed")
|
||||
var sig = kp.seckey.sign(message).expect("signature")
|
||||
var sersk = kp.seckey.getBytes().expect("bytes")
|
||||
var serpk = kp.pubkey.getBytes().expect("bytes")
|
||||
|
|
|
@ -6,19 +6,22 @@
|
|||
## at your option.
|
||||
## This file may not be copied, modified, or distributed except according to
|
||||
## those terms.
|
||||
import unittest
|
||||
import ../libp2p/crypto/secp
|
||||
import unittest, bearssl
|
||||
import ../libp2p/crypto/[crypto, secp]
|
||||
import nimcrypto/utils
|
||||
|
||||
when defined(nimHasUsed): {.used.}
|
||||
|
||||
let rng = newRng()
|
||||
|
||||
suite "Secp256k1 testing suite":
|
||||
const TestsCount = 20
|
||||
|
||||
test "Private key serialize/deserialize test":
|
||||
for i in 0..<TestsCount:
|
||||
var rkey1, rkey2: SkPrivateKey
|
||||
var skey2 = newSeq[byte](256)
|
||||
var key = SkPrivateKey.random().expect("random key")
|
||||
var key = SkPrivateKey.random(rng[])
|
||||
var skey1 = key.getBytes()
|
||||
check:
|
||||
key.toBytes(skey2).expect("bytes len") > 0
|
||||
|
@ -36,7 +39,7 @@ suite "Secp256k1 testing suite":
|
|||
for i in 0..<TestsCount:
|
||||
var rkey1, rkey2: SkPublicKey
|
||||
var skey2 = newSeq[byte](256)
|
||||
var pair = SkKeyPair.random().expect("random key pair")
|
||||
var pair = SkKeyPair.random(rng[])
|
||||
var skey1 = pair.pubkey.getBytes()
|
||||
check:
|
||||
pair.pubkey.toBytes(skey2).expect("bytes len") > 0
|
||||
|
@ -52,7 +55,7 @@ suite "Secp256k1 testing suite":
|
|||
test "Generate/Sign/Serialize/Deserialize/Verify test":
|
||||
var message = "message to sign"
|
||||
for i in 0..<TestsCount:
|
||||
var kp = SkKeyPair.random().expect("random key pair")
|
||||
var kp = SkKeyPair.random(rng[])
|
||||
var sig = kp.seckey.sign(message)
|
||||
var sersk = kp.seckey.getBytes()
|
||||
var serpk = kp.pubkey.getBytes()
|
||||
|
|
Loading…
Reference in New Issue