waku-org/nwaku
1
0
Fork 0
mirror of https://github.com/waku-org/nwaku.git synced 2025-02-23 12:28:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into noise-payloadV2

Browse Source
This commit is contained in:
G 2022-04-06 14:54:27 +02:00 committed by GitHub
commit a56f3c22a4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 220 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
tests/v2/test_waku_noise.nim
View File

@ -2,27 +2,58 @@
import
testutils/unittests,
../../waku/v2/protocol/waku_message,
std/random,
stew/byteutils,
../../waku/v2/protocol/waku_noise/noise,
../../waku/v2/node/waku_payload,
../test_helpers,
std/tables
../test_helpers
procSuite "Waku Noise":
# We initialize the RNG in test_helpers
let rng = rng()
# We initialize the RNG in std/random
randomize()
test "Encrypt -> decrypt public keys":
test "ChaChaPoly Encryption/Decryption: random byte sequences":
let cipherState = randomChaChaPolyCipherState(rng[])
# We encrypt/decrypt random byte sequences
let
plaintext: seq[byte] = randomSeqByte(rng[], rand(1..128))
ciphertext: ChaChaPolyCiphertext = encrypt(cipherState, plaintext)
decryptedCiphertext: seq[byte] = decrypt(cipherState, ciphertext)
check:
plaintext == decryptedCiphertext
test "ChaChaPoly Encryption/Decryption: random strings":
let cipherState = randomChaChaPolyCipherState(rng[])
# We encrypt/decrypt random strings
var plaintext: string
for _ in 1..rand(1..128):
add(plaintext, char(rand(int('A') .. int('z'))))
let
ciphertext: ChaChaPolyCiphertext = encrypt(cipherState, plaintext.toBytes())
decryptedCiphertext: seq[byte] = decrypt(cipherState, ciphertext)
check:
plaintext.toBytes() == decryptedCiphertext
test "Encrypt and decrypt Noise public keys":
let noisePublicKey: NoisePublicKey = genNoisePublicKey(rng[])
let
cs: ChaChaPolyCipherState = randomChaChaPolyCipherState(rng[])
enc_pk: NoisePublicKey = encryptNoisePublicKey(cs, noisePublicKey)
dec_pk: NoisePublicKey = decryptNoisePublicKey(cs, enc_pk)
encryptedPk: NoisePublicKey = encryptNoisePublicKey(cs, noisePublicKey)
decryptedPk: NoisePublicKey = decryptNoisePublicKey(cs, encryptedPk)
check:
noisePublicKey == dec_pk
noisePublicKey == decryptedPk
test "Decrypt unencrypted public key":
@ -30,36 +61,37 @@ procSuite "Waku Noise":
let
cs: ChaChaPolyCipherState = randomChaChaPolyCipherState(rng[])
dec_pk: NoisePublicKey = decryptNoisePublicKey(cs, noisePublicKey)
decryptedPk: NoisePublicKey = decryptNoisePublicKey(cs, noisePublicKey)
check:
noisePublicKey == dec_pk
noisePublicKey == decryptedPk
test "Encrypt -> encrypt public keys":
test "Encrypt encrypted public key":
let noisePublicKey: NoisePublicKey = genNoisePublicKey(rng[])
let
cs: ChaChaPolyCipherState = randomChaChaPolyCipherState(rng[])
enc_pk: NoisePublicKey = encryptNoisePublicKey(cs, noisePublicKey)
enc2_pk: NoisePublicKey = encryptNoisePublicKey(cs, enc_pk)
encryptedPk: NoisePublicKey = encryptNoisePublicKey(cs, noisePublicKey)
encryptedPk2: NoisePublicKey = encryptNoisePublicKey(cs, encryptedPk)
check enc_pk == enc2_pk
check:
encryptedPk == encryptedPk2
test "Encrypt -> decrypt -> decrypt public keys":
test "Encrypt, decrypt and decrypt public key":
let noisePublicKey: NoisePublicKey = genNoisePublicKey(rng[])
let
cs: ChaChaPolyCipherState = randomChaChaPolyCipherState(rng[])
enc_pk: NoisePublicKey = encryptNoisePublicKey(cs, noisePublicKey)
dec_pk: NoisePublicKey = decryptNoisePublicKey(cs, enc_pk)
dec2_pk: NoisePublicKey = decryptNoisePublicKey(cs, dec_pk)
encryptedPk: NoisePublicKey = encryptNoisePublicKey(cs, noisePublicKey)
decryptedPk: NoisePublicKey = decryptNoisePublicKey(cs, encryptedPk)
decryptedPk2: NoisePublicKey = decryptNoisePublicKey(cs, decryptedPk)
check:
dec_pk == dec2_pk
decryptedPk == decryptedPk2
test "Serialize -> deserialize public keys (unencrypted)":
test "Serialize and deserialize unencrypted public key":
let
noisePublicKey: NoisePublicKey = genNoisePublicKey(rng[])
@ -69,19 +101,19 @@ procSuite "Waku Noise":
check:
noisePublicKey == deserializedNoisePublicKey
test "Encrypt -> serialize -> deserialize -> decrypt public keys":
test "Encrypt, serialize, deserialize and decrypt public key":
let noisePublicKey: NoisePublicKey = genNoisePublicKey(rng[])
let
cs: ChaChaPolyCipherState = randomChaChaPolyCipherState(rng[])
enc_pk: NoisePublicKey = encryptNoisePublicKey(cs, noisePublicKey)
serializedNoisePublicKey: seq[byte] = serializeNoisePublicKey(enc_pk)
encryptedPk: NoisePublicKey = encryptNoisePublicKey(cs, noisePublicKey)
serializedNoisePublicKey: seq[byte] = serializeNoisePublicKey(encryptedPk)
deserializedNoisePublicKey: NoisePublicKey = intoNoisePublicKey(serializedNoisePublicKey)
dec_pk: NoisePublicKey = decryptNoisePublicKey(cs, deserializedNoisePublicKey)
decryptedPk: NoisePublicKey = decryptNoisePublicKey(cs, deserializedNoisePublicKey)
check:
noisePublicKey == dec_pk
noisePublicKey == decryptedPk
test "Encode/decode PayloadV2 to byte sequence":
@ -120,4 +152,4 @@ procSuite "Waku Noise":
decoded.isOk()
decoded.get() == payload
#TODO: add encrypt payload with ChaChaPoly
#TODO: add encrypt payload with ChaChaPoly

240
waku/v2/protocol/waku_noise/noise.nim
View File

@ -24,153 +24,237 @@ import libp2p/errors
import libp2p/crypto/[crypto, chacha20poly1305, curve25519]
when defined(libp2p_dump):
import libp2p/debugutils
logScope:
topics = "nim-waku noise"
topics = "wakunoise"
#################################################################
# Constants and data structures
const
# Empty is a special value which indicates k has not yet been initialized.
# EmptyKey represents a non-initialized ChaChaPolyKey
EmptyKey = default(ChaChaPolyKey)
NonceMax = uint64.high - 1 # max is reserved
NoiseSize = 32
MaxPlainSize = int(uint16.high - NoiseSize - ChaChaPolyTag.len)
# The maximum ChaChaPoly allowed nonce in Noise Handshakes
NonceMax = uint64.high - 1
type
KeyPair* = object
privateKey: Curve25519Key
publicKey: Curve25519Key
# Default underlying elliptic curve arithmetic (useful for switching to multiple ECs)
# Current default is Curve25519
EllipticCurveKey = Curve25519Key
# An EllipticCurveKey (public, private) key pair
KeyPair* = object
privateKey: EllipticCurveKey
publicKey: EllipticCurveKey
# A Noise public key is a public key exchanged during Noise handshakes (no private part)
# This follows https://rfc.vac.dev/spec/35/#public-keys-serialization
# pk contains the X coordinate of the public key, if unencrypted (this implies flag = 0)
# or the encryption of the X coordinate concatenated with the authorization tag, if encrypted (this implies flag = 1)
NoisePublicKey* = object
flag: uint8
pk: seq[byte]
# A ChaChaPoly ciphertext (data) + authorization tag (tag)
ChaChaPolyCiphertext* = object
data: seq[byte]
tag: ChaChaPolyTag
data*: seq[byte]
tag*: ChaChaPolyTag
# A ChaChaPoly Cipher State containing key (k), nonce (nonce) and associated data (ad)
ChaChaPolyCipherState* = object
k*: ChaChaPolyKey
nonce*: ChaChaPolyNonce
ad*: seq[byte]
k: ChaChaPolyKey
nonce: ChaChaPolyNonce
ad: seq[byte]
# Some useful error types
NoiseError* = object of LPError
NoiseHandshakeError* = object of NoiseError
NoiseEmptyChaChaPolyInput* = object of NoiseError
NoiseDecryptTagError* = object of NoiseError
NoiseNonceMaxError* = object of NoiseError # drop connection on purpose
NoiseNonceMaxError* = object of NoiseError
NoisePublicKeyError* = object of NoiseError
NoiseMalformedHandshake* = object of NoiseError
#################################################################
# Utilities
# Generates random byte sequences of given size
proc randomSeqByte*(rng: var BrHmacDrbgContext, size: int): seq[byte] =
var output = newSeq[byte](size.uint32)
brHmacDrbgGenerate(rng, output)
return output
# Generate random Curve25519 (public, private) key pairs
proc genKeyPair*(rng: var BrHmacDrbgContext): KeyPair =
var keyPair: KeyPair
keyPair.privateKey = EllipticCurveKey.random(rng)
keyPair.publicKey = keyPair.privateKey.public()
return keyPair
#################################################################
# ChaChaPoly Symmetric Cipher
# ChaChaPoly encryption
# It takes a Cipher State (with key, nonce, and associated data) and encrypts a plaintext
# The cipher state in not changed
proc encrypt*(
state: ChaChaPolyCipherState,
plaintext: openArray[byte]): ChaChaPolyCiphertext
{.noinit, raises: [Defect].} =
{.noinit, raises: [Defect, NoiseEmptyChaChaPolyInput].} =
# If plaintext is empty, we raise an error
if plaintext == @[]:
raise newException(NoiseEmptyChaChaPolyInput, "Tried to encrypt empty plaintext")
var ciphertext: ChaChaPolyCiphertext
# Since ChaChaPoly's library "encrypt" primitive directly changes the input plaintext to the ciphertext,
# we copy the plaintext into the ciphertext variable and we pass the latter to encrypt
ciphertext.data.add plaintext
#TODO: add padding
result.data.add plaintext
ChaChaPoly.encrypt(state.k, state.nonce, result.tag, result.data, state.ad)
# ChaChaPoly.encrypt takes as input: the key (k), the nonce (nonce), a data structure for storing the computed authorization tag (tag),
# the plaintext (overwritten to ciphertext) (data), the associated data (ad)
ChaChaPoly.encrypt(state.k, state.nonce, ciphertext.tag, ciphertext.data, state.ad)
return ciphertext
# ChaChaPoly decryption
# It takes a Cipher State (with key, nonce, and associated data) and decrypts a ciphertext
# The cipher state is not changed
proc decrypt*(
state: ChaChaPolyCipherState,
ciphertext: ChaChaPolyCiphertext): seq[byte]
{.raises: [Defect, NoiseDecryptTagError].} =
{.raises: [Defect, NoiseEmptyChaChaPolyInput, NoiseDecryptTagError].} =
# If ciphertext is empty, we raise an error
if ciphertext.data == @[]:
raise newException(NoiseEmptyChaChaPolyInput, "Tried to decrypt empty ciphertext")
var
# The input authorization tag
tagIn = ciphertext.tag
# The authorization tag computed during decryption
tagOut: ChaChaPolyTag
result = ciphertext.data
ChaChaPoly.decrypt(state.k, state.nonce, tagOut, result, state.ad)
# Since ChaChaPoly's library "decrypt" primitive directly changes the input ciphertext to the plaintext,
# we copy the ciphertext into the plaintext variable and we pass the latter to decrypt
var plaintext = ciphertext.data
# ChaChaPoly.decrypt takes as input: the key (k), the nonce (nonce), a data structure for storing the computed authorization tag (tag),
# the ciphertext (overwritten to plaintext) (data), the associated data (ad)
ChaChaPoly.decrypt(state.k, state.nonce, tagOut, plaintext, state.ad)
#TODO: add unpadding
trace "decrypt", tagIn = tagIn.shortLog, tagOut = tagOut.shortLog, nonce = state.nonce
# We check if the authorization tag computed while decrypting is the same as the input tag
if tagIn != tagOut:
debug "decrypt failed", result = shortLog(result)
debug "decrypt failed", plaintext = shortLog(plaintext)
raise newException(NoiseDecryptTagError, "decrypt tag authentication failed.")
return plaintext
# Generates a random ChaChaPoly Cipher State for testing encryption/decryption
proc randomChaChaPolyCipherState*(rng: var BrHmacDrbgContext): ChaChaPolyCipherState =
brHmacDrbgGenerate(rng, result.k)
brHmacDrbgGenerate(rng, result.nonce)
result.ad = newSeq[byte](32)
brHmacDrbgGenerate(rng, result.ad)
var randomCipherState: ChaChaPolyCipherState
brHmacDrbgGenerate(rng, randomCipherState.k)
brHmacDrbgGenerate(rng, randomCipherState.nonce)
randomCipherState.ad = newSeq[byte](32)
brHmacDrbgGenerate(rng, randomCipherState.ad)
return randomCipherState
#################################################################
# Noise Public keys
# Utility
proc genKeyPair*(rng: var BrHmacDrbgContext): KeyPair =
result.privateKey = Curve25519Key.random(rng)
result.publicKey = result.privateKey.public()
# Public keys serializations/encryption
# Checks equality between two Noise public keys
proc `==`(k1, k2: NoisePublicKey): bool =
result = (k1.flag == k2.flag) and (k1.pk == k2.pk)
return (k1.flag == k2.flag) and (k1.pk == k2.pk)
# Converts a (public, private) Elliptic Curve keypair to an unencrypted Noise public key (only public part)
proc keyPairToNoisePublicKey*(keyPair: KeyPair): NoisePublicKey =
result.flag = 0
result.pk = getBytes(keyPair.publicKey)
var noisePublicKey: NoisePublicKey
noisePublicKey.flag = 0
noisePublicKey.pk = getBytes(keyPair.publicKey)
return noisePublicKey
# Generates a random Noise public key
proc genNoisePublicKey*(rng: var BrHmacDrbgContext): NoisePublicKey =
var noisePublicKey: NoisePublicKey
# We generate a random key pair
let keyPair: KeyPair = genKeyPair(rng)
result.flag = 0
result.pk = getBytes(keyPair.publicKey)
# Since it is unencrypted, flag is 0
noisePublicKey.flag = 0
# We copy the public X coordinate of the key pair to the output Noise public key
noisePublicKey.pk = getBytes(keyPair.publicKey)
return noisePublicKey
# Converts a Noise public key to a stream of bytes as in
# https://rfc.vac.dev/spec/35/#public-keys-serialization
proc serializeNoisePublicKey*(noisePublicKey: NoisePublicKey): seq[byte] =
result.add noisePublicKey.flag
result.add noisePublicKey.pk
var serializedNoisePublicKey: seq[byte]
# Public key is serialized as (flag || pk)
# Note that pk contains the X coordinate of the public key if unencrypted
# or the encryption concatenated with the authorization tag if encrypted
serializedNoisePublicKey.add noisePublicKey.flag
serializedNoisePublicKey.add noisePublicKey.pk
return serializedNoisePublicKey
proc intoNoisePublicKey*(serializedNoisePublicKey: seq[byte]): NoisePublicKey =
result.flag = serializedNoisePublicKey[0]
assert result.flag == 0 or result.flag == 1
result.pk = serializedNoisePublicKey[1..<serializedNoisePublicKey.len]
# Public keys encryption/decryption
# Converts a serialized Noise public key to a NoisePublicKey object as in
# https://rfc.vac.dev/spec/35/#public-keys-serialization
proc intoNoisePublicKey*(serializedNoisePublicKey: seq[byte]): NoisePublicKey
{.raises: [Defect, NoisePublicKeyError].} =
var noisePublicKey: NoisePublicKey
# We retrieve the encryption flag
noisePublicKey.flag = serializedNoisePublicKey[0]
# If not 0 or 1 we raise a new exception
if not (noisePublicKey.flag == 0 or noisePublicKey.flag == 1):
raise newException(NoisePublicKeyError, "Invalid flag in serialized public key")
# We set the remaining sequence to the pk value (this may be an encrypted or not encrypted X coordinate)
noisePublicKey.pk = serializedNoisePublicKey[1..<serializedNoisePublicKey.len]
return noisePublicKey
# Encrypts a Noise public key using a ChaChaPoly Cipher State
proc encryptNoisePublicKey*(cs: ChaChaPolyCipherState, noisePublicKey: NoisePublicKey): NoisePublicKey
{.raises: [Defect, NoiseNonceMaxError].} =
{.raises: [Defect, NoiseEmptyChaChaPolyInput, NoiseNonceMaxError].} =
var encryptedNoisePublicKey: NoisePublicKey
# We proceed with encryption only if
# - a key is set in the cipher state
# - the public key is unencrypted
if cs.k != EmptyKey and noisePublicKey.flag == 0:
let enc_pk = encrypt(cs, noisePublicKey.pk)
result.flag = 1
result.pk = enc_pk.data
result.pk.add enc_pk.tag
let encPk = encrypt(cs, noisePublicKey.pk)
# We set the flag to 1, since encrypted
encryptedNoisePublicKey.flag = 1
# Authorization tag is appendend to the ciphertext
encryptedNoisePublicKey.pk = encPk.data
encryptedNoisePublicKey.pk.add encPk.tag
# Otherwise we return the public key as it is
else:
result = noisePublicKey
encryptedNoisePublicKey = noisePublicKey
return encryptedNoisePublicKey
# Decrypts a Noise public key using a ChaChaPoly Cipher State
proc decryptNoisePublicKey*(cs: ChaChaPolyCipherState, noisePublicKey: NoisePublicKey): NoisePublicKey
{.raises: [Defect, NoiseDecryptTagError].} =
{.raises: [Defect, NoiseEmptyChaChaPolyInput, NoiseDecryptTagError].} =
var decryptedNoisePublicKey: NoisePublicKey
# We proceed with decryption only if
# - a key is set in the cipher state
# - the public key is encrypted
if cs.k != EmptyKey and noisePublicKey.flag == 1:
#let ciphertext = ChaChaPolyCiphertext(data: noisePublicKey.pk, tag: noisePublicKey.pk_auth)
let pk_len = noisePublicKey.pk.len - ChaChaPolyTag.len
let pk = noisePublicKey.pk[0..<pk_len]
let pk_auth = intoChaChaPolyTag(noisePublicKey.pk[pk_len..<pk_len+ChaChaPolyTag.len])
let ciphertext = ChaChaPolyCiphertext(data: pk, tag: pk_auth)
result.pk = decrypt(cs, ciphertext)
result.flag = 0
# Since the pk field would contain an encryption + tag, we retrieve the ciphertext length
let pkLen = noisePublicKey.pk.len - ChaChaPolyTag.len
# We isolate the ciphertext and the authorization tag
let pk = noisePublicKey.pk[0..<pkLen]
let pkAuth = intoChaChaPolyTag(noisePublicKey.pk[pkLen..<pkLen+ChaChaPolyTag.len])
# We convert it to a ChaChaPolyCiphertext
let ciphertext = ChaChaPolyCiphertext(data: pk, tag: pkAuth)
# We run decryption and store its value to a non-encrypted Noise public key (flag = 0)
decryptedNoisePublicKey.pk = decrypt(cs, ciphertext)
decryptedNoisePublicKey.flag = 0
# Otherwise we return the public key as it is
else:
if cs.k == EmptyKey:
debug "No key in cipher state."
if noisePublicKey.flag == 0:
debug "Public key is not encrypted."
debug "Public key is left unchanged"
result = noisePublicKey
decryptedNoisePublicKey = noisePublicKey
return decryptedNoisePublicKey
#################################################################
# Payload functions
type
PayloadV2* = object
protocol_id: uint8
@ -273,4 +357,4 @@ proc decodeV2*(payload: seq[byte]): Option[PayloadV2] =
res.transport_message = payload[i..i+transport_message_len-1]
i+=transport_message_len
return some(res)
return some(res)