From 5f5bca7632cee1d810bdc086ca7391fc06c7d892 Mon Sep 17 00:00:00 2001 From: subtly Date: Fri, 13 Feb 2015 02:48:33 -0500 Subject: [PATCH 01/20] initiator handshake crypto-test --- crypto.cpp | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/crypto.cpp b/crypto.cpp index 291893f59..b63bdf596 100644 --- a/crypto.cpp +++ b/crypto.cpp @@ -316,6 +316,43 @@ BOOST_AUTO_TEST_CASE(ecdhe) BOOST_REQUIRE_EQUAL(sremote, slocal); } +BOOST_AUTO_TEST_CASE(handshakeNew) +{ + // authInitiator -> E(remote-pubk, S(ecdhe-random, ecdh-shared-secret^nonce) || H(ecdhe-random-pubk) || pubk || nonce || 0x0) + // authRecipient -> E(remote-pubk, ecdhe-random-pubk || nonce || 0x0) + + Secret nodeAsecret(sha3("privacy")); + KeyPair nodeA(nodeAsecret); + + Secret nodeBsecret(sha3("privacy++")); + KeyPair nodeB(nodeBsecret); + + // Initiator is Alice (nodeA) + ECDHE eA; + bytes nAbytes(fromHex("0xAAAA")); + h256 nonceA(sha3(nAbytes)); + + bytes auth(Signature::size + h256::size + Public::size + h256::size + 1); + { + bytesConstRef sig(&auth[0], Signature::size); + bytesConstRef hepubk(&auth[Signature::size], h256::size); + bytesConstRef pubk(&auth[Signature::size + h256::size], Public::size); + bytesConstRef nonce(&auth[Signature::size + h256::size + Public::size], h256::size); + + Secret ss; + s_secp256k1.agree(nodeA.sec(), nodeB.pub(), ss); + sign(eA.seckey(), ss ^ nonceA).ref().copyTo(sig); + sha3(eA.pubkey().ref(), hepubk); + nodeA.pub().ref().copyTo(pubk); + nonceA.ref().copyTo(nonce); + auth[auth.size() - 1] = 0x0; + } + + cnote << "initAuth:" << toHex(auth); + +// bytes ack(h256::size * 2 + 1); +} + BOOST_AUTO_TEST_CASE(ecdhe_aes128_ctr_sha3mac) { // New connections require new ECDH keypairs From 773337596bbb7e77f6fff9bee7b14ec6db3dc69e Mon Sep 17 00:00:00 2001 From: subtly Date: Fri, 13 Feb 2015 02:57:26 -0500 Subject: [PATCH 02/20] ack handshake for new node and encrypt both sides --- crypto.cpp | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/crypto.cpp b/crypto.cpp index b63bdf596..ed35c3408 100644 --- a/crypto.cpp +++ b/crypto.cpp @@ -347,10 +347,25 @@ BOOST_AUTO_TEST_CASE(handshakeNew) nonceA.ref().copyTo(nonce); auth[auth.size() - 1] = 0x0; } + bytes authcipher; + encrypt(nodeB.pub(), &auth, authcipher); + cnote << "initAuth:" << toHex(authcipher); - cnote << "initAuth:" << toHex(auth); - -// bytes ack(h256::size * 2 + 1); + ECDHE eB; + bytes nBbytes(fromHex("0xBBBB")); + h256 nonceB(sha3(nAbytes)); + bytes ack(h256::size * 2 + 1); + { + bytesConstRef epubk(&auth[0], Secret::size); + bytesConstRef nonce(&auth[Secret::size], h256::size); + + eB.pubkey().ref().copyTo(epubk); + nonceB.ref().copyTo(nonce); + auth[auth.size() - 1] = 0x0; + } + bytes ackcipher; + encrypt(nodeA.pub(), &ack, ackcipher); + cnote << "ackAuth:" << toHex(ackcipher); } BOOST_AUTO_TEST_CASE(ecdhe_aes128_ctr_sha3mac) From 1542497872eeb050d8ef2e36a3bc26ebdcd4596d Mon Sep 17 00:00:00 2001 From: subtly Date: Fri, 13 Feb 2015 16:05:20 -0500 Subject: [PATCH 03/20] key agreement --- crypto.cpp | 45 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 41 insertions(+), 4 deletions(-) diff --git a/crypto.cpp b/crypto.cpp index ed35c3408..588fb4d6b 100644 --- a/crypto.cpp +++ b/crypto.cpp @@ -331,17 +331,16 @@ BOOST_AUTO_TEST_CASE(handshakeNew) ECDHE eA; bytes nAbytes(fromHex("0xAAAA")); h256 nonceA(sha3(nAbytes)); - bytes auth(Signature::size + h256::size + Public::size + h256::size + 1); + Secret ssA; { bytesConstRef sig(&auth[0], Signature::size); bytesConstRef hepubk(&auth[Signature::size], h256::size); bytesConstRef pubk(&auth[Signature::size + h256::size], Public::size); bytesConstRef nonce(&auth[Signature::size + h256::size + Public::size], h256::size); - Secret ss; - s_secp256k1.agree(nodeA.sec(), nodeB.pub(), ss); - sign(eA.seckey(), ss ^ nonceA).ref().copyTo(sig); + s_secp256k1.agree(nodeA.sec(), nodeB.pub(), ssA); + sign(eA.seckey(), ssA ^ nonceA).ref().copyTo(sig); sha3(eA.pubkey().ref(), hepubk); nodeA.pub().ref().copyTo(pubk); nonceA.ref().copyTo(nonce); @@ -366,6 +365,44 @@ BOOST_AUTO_TEST_CASE(handshakeNew) bytes ackcipher; encrypt(nodeA.pub(), &ack, ackcipher); cnote << "ackAuth:" << toHex(ackcipher); + + /// Alice + // TODO: decrypt ackcipher and check decrypted pubk is eb + Secret aEncryptK; + Secret aMacK; + Secret aEgressMac; + Secret aIngressMac; + { + bytes keyMaterial(512); + + h256 ess; + // todo: ecdh-agree should be able to output bytes + s_secp256k1.agree(eA.seckey(), eB.pubkey(), ess); + ess.ref().copyTo(bytesConstRef(&keyMaterial).cropped(0, h256::size)); + ssA.ref().copyTo(bytesConstRef(&keyMaterial).cropped(h256::size, h256::size)); +// auto token = sha3(ssA); + aEncryptK = sha3(keyMaterial); + aEncryptK.ref().copyTo(bytesConstRef(&keyMaterial).cropped(h256::size, h256::size)); + aMacK = sha3(keyMaterial); + + // todo: resize key-material and copy ciphertext + aEgressMac = sha3(keyMaterial); + aIngressMac = sha3(keyMaterial); + } + + +// ecdhe-shared-secret = ecdh.agree(ecdhe-random, remote-ecdhe-random-pubk) +// shared-secret = sha3(ecdhe-shared-secret || sha3(nonce || initiator-nonce)) +// token = sha3(shared-secret) +// aes-secret = sha3(ecdhe-shared-secret || shared-secret) +//# destroy shared-secret +// mac-secret = sha3(ecdhe-shared-secret || aes-secret) +//# destroy ecdhe-shared-secret +// egress-mac = sha3(mac-secret^nonce || auth) +//# destroy nonce +// ingress-mac = sha3(mac-secret^initiator-nonce || auth) +//# destroy remote-nonce + } BOOST_AUTO_TEST_CASE(ecdhe_aes128_ctr_sha3mac) From 4942dab73c359a4ef09fb022517243604ded1177 Mon Sep 17 00:00:00 2001 From: subtly Date: Fri, 13 Feb 2015 20:45:03 -0500 Subject: [PATCH 04/20] end-to-end handshake for uknown node --- crypto.cpp | 85 ++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 66 insertions(+), 19 deletions(-) diff --git a/crypto.cpp b/crypto.cpp index 588fb4d6b..646202168 100644 --- a/crypto.cpp +++ b/crypto.cpp @@ -323,9 +323,13 @@ BOOST_AUTO_TEST_CASE(handshakeNew) Secret nodeAsecret(sha3("privacy")); KeyPair nodeA(nodeAsecret); + BOOST_REQUIRE(nodeA.pub()); Secret nodeBsecret(sha3("privacy++")); KeyPair nodeB(nodeBsecret); + BOOST_REQUIRE(nodeA.pub()); + + BOOST_REQUIRE_NE(nodeA.sec(), nodeB.sec()); // Initiator is Alice (nodeA) ECDHE eA; @@ -348,7 +352,6 @@ BOOST_AUTO_TEST_CASE(handshakeNew) } bytes authcipher; encrypt(nodeB.pub(), &auth, authcipher); - cnote << "initAuth:" << toHex(authcipher); ECDHE eB; bytes nBbytes(fromHex("0xBBBB")); @@ -364,45 +367,89 @@ BOOST_AUTO_TEST_CASE(handshakeNew) } bytes ackcipher; encrypt(nodeA.pub(), &ack, ackcipher); - cnote << "ackAuth:" << toHex(ackcipher); + + BOOST_REQUIRE(eA.pubkey()); + BOOST_REQUIRE(eB.pubkey()); + BOOST_REQUIRE_NE(eA.seckey(), eB.seckey()); /// Alice - // TODO: decrypt ackcipher and check decrypted pubk is eb Secret aEncryptK; Secret aMacK; Secret aEgressMac; Secret aIngressMac; { - bytes keyMaterial(512); + // TODO: decrypt ackcipher and check decrypted material + // TODO: export ess and require equal to b + + bytes keyMaterialBytes(512); + bytesConstRef keyMaterial(&keyMaterialBytes); h256 ess; // todo: ecdh-agree should be able to output bytes s_secp256k1.agree(eA.seckey(), eB.pubkey(), ess); - ess.ref().copyTo(bytesConstRef(&keyMaterial).cropped(0, h256::size)); - ssA.ref().copyTo(bytesConstRef(&keyMaterial).cropped(h256::size, h256::size)); + ess.ref().copyTo(keyMaterial.cropped(0, h256::size)); + ssA.ref().copyTo(keyMaterial.cropped(h256::size, h256::size)); // auto token = sha3(ssA); aEncryptK = sha3(keyMaterial); - aEncryptK.ref().copyTo(bytesConstRef(&keyMaterial).cropped(h256::size, h256::size)); + aEncryptK.ref().copyTo(keyMaterial.cropped(h256::size, h256::size)); aMacK = sha3(keyMaterial); - // todo: resize key-material and copy ciphertext + // todo: replace nonceB with decrypted nonceB + keyMaterialBytes.resize(h256::size + authcipher.size()); + keyMaterial.retarget(keyMaterialBytes.data(), keyMaterialBytes.size()); + (aMacK ^ nonceB).ref().copyTo(keyMaterial); + bytesConstRef(&authcipher).copyTo(keyMaterial.cropped(h256::size, authcipher.size())); aEgressMac = sha3(keyMaterial); + + keyMaterialBytes.resize(h256::size + ackcipher.size()); + keyMaterial.retarget(keyMaterialBytes.data(), keyMaterialBytes.size()); + (aMacK ^ nonceA).ref().copyTo(keyMaterial); + bytesConstRef(&ackcipher).copyTo(keyMaterial.cropped(h256::size, ackcipher.size())); aIngressMac = sha3(keyMaterial); } -// ecdhe-shared-secret = ecdh.agree(ecdhe-random, remote-ecdhe-random-pubk) -// shared-secret = sha3(ecdhe-shared-secret || sha3(nonce || initiator-nonce)) -// token = sha3(shared-secret) -// aes-secret = sha3(ecdhe-shared-secret || shared-secret) -//# destroy shared-secret -// mac-secret = sha3(ecdhe-shared-secret || aes-secret) -//# destroy ecdhe-shared-secret -// egress-mac = sha3(mac-secret^nonce || auth) -//# destroy nonce -// ingress-mac = sha3(mac-secret^initiator-nonce || auth) -//# destroy remote-nonce + /// Bob + Secret ssB; + s_secp256k1.agree(nodeB.sec(), nodeA.pub(), ssB); + BOOST_REQUIRE_EQUAL(ssA, ssB); + Secret bEncryptK; + Secret bMacK; + Secret bEgressMac; + Secret bIngressMac; + { + bytes keyMaterialBytes(512); + bytesConstRef keyMaterial(&keyMaterialBytes); + + h256 ess; + // todo: ecdh-agree should be able to output bytes + s_secp256k1.agree(eB.seckey(), eA.pubkey(), ess); + ess.ref().copyTo(keyMaterial.cropped(0, h256::size)); + ssB.ref().copyTo(keyMaterial.cropped(h256::size, h256::size)); +// auto token = sha3(ssA); + bEncryptK = sha3(keyMaterial); + bEncryptK.ref().copyTo(keyMaterial.cropped(h256::size, h256::size)); + bMacK = sha3(keyMaterial); + + // todo: replace nonceB with decrypted nonceB + keyMaterialBytes.resize(h256::size + ackcipher.size()); + keyMaterial.retarget(keyMaterialBytes.data(), keyMaterialBytes.size()); + (bMacK ^ nonceA).ref().copyTo(keyMaterial); + bytesConstRef(&ackcipher).copyTo(keyMaterial.cropped(h256::size, ackcipher.size())); + bEgressMac = sha3(keyMaterial); + + keyMaterialBytes.resize(h256::size + authcipher.size()); + keyMaterial.retarget(keyMaterialBytes.data(), keyMaterialBytes.size()); + (bMacK ^ nonceB).ref().copyTo(keyMaterial); + bytesConstRef(&authcipher).copyTo(keyMaterial.cropped(h256::size, authcipher.size())); + bIngressMac = sha3(keyMaterial); + } + + BOOST_REQUIRE_EQUAL(aEncryptK, bEncryptK); + BOOST_REQUIRE_EQUAL(aMacK, bMacK); + BOOST_REQUIRE_EQUAL(aEgressMac, bIngressMac); + BOOST_REQUIRE_EQUAL(bEgressMac, aIngressMac); } BOOST_AUTO_TEST_CASE(ecdhe_aes128_ctr_sha3mac) From cc66993e61a8f87dc14dc58544e7a774cd3f194e Mon Sep 17 00:00:00 2001 From: subtly Date: Fri, 13 Feb 2015 22:11:23 -0500 Subject: [PATCH 05/20] finished test of new-node handshake --- crypto.cpp | 66 ++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 54 insertions(+), 12 deletions(-) diff --git a/crypto.cpp b/crypto.cpp index 646202168..d572dc697 100644 --- a/crypto.cpp +++ b/crypto.cpp @@ -352,14 +352,16 @@ BOOST_AUTO_TEST_CASE(handshakeNew) } bytes authcipher; encrypt(nodeB.pub(), &auth, authcipher); + BOOST_REQUIRE(authcipher.size()); + // Receipient is Bob (nodeB) ECDHE eB; bytes nBbytes(fromHex("0xBBBB")); h256 nonceB(sha3(nAbytes)); - bytes ack(h256::size * 2 + 1); + bytes ack(Public::size + h256::size + 1); { - bytesConstRef epubk(&auth[0], Secret::size); - bytesConstRef nonce(&auth[Secret::size], h256::size); + bytesConstRef epubk(&ack[0], Public::size); + bytesConstRef nonce(&ack[Public::size], h256::size); eB.pubkey().ref().copyTo(epubk); nonceB.ref().copyTo(nonce); @@ -367,18 +369,29 @@ BOOST_AUTO_TEST_CASE(handshakeNew) } bytes ackcipher; encrypt(nodeA.pub(), &ack, ackcipher); + BOOST_REQUIRE(ackcipher.size()); BOOST_REQUIRE(eA.pubkey()); BOOST_REQUIRE(eB.pubkey()); BOOST_REQUIRE_NE(eA.seckey(), eB.seckey()); - /// Alice + /// Alice (after receiving ack) Secret aEncryptK; Secret aMacK; Secret aEgressMac; Secret aIngressMac; { - // TODO: decrypt ackcipher and check decrypted material + bytes ackdecrypted; + decrypt(nodeA.sec(), &ackcipher, ackdecrypted); + BOOST_REQUIRE(ackdecrypted.size()); + bytesConstRef ackRef(&ackdecrypted); + Public eBAck; + h256 nonceBAck; + ackRef.cropped(0, Public::size).copyTo(bytesConstRef(eBAck.data(), Public::size)); + ackRef.cropped(Public::size, h256::size).copyTo(nonceBAck.ref()); + BOOST_REQUIRE_EQUAL(eBAck, eB.pubkey()); + BOOST_REQUIRE_EQUAL(nonceBAck, nonceB); + // TODO: export ess and require equal to b bytes keyMaterialBytes(512); @@ -386,18 +399,17 @@ BOOST_AUTO_TEST_CASE(handshakeNew) h256 ess; // todo: ecdh-agree should be able to output bytes - s_secp256k1.agree(eA.seckey(), eB.pubkey(), ess); + s_secp256k1.agree(eA.seckey(), eBAck, ess); ess.ref().copyTo(keyMaterial.cropped(0, h256::size)); ssA.ref().copyTo(keyMaterial.cropped(h256::size, h256::size)); // auto token = sha3(ssA); aEncryptK = sha3(keyMaterial); aEncryptK.ref().copyTo(keyMaterial.cropped(h256::size, h256::size)); aMacK = sha3(keyMaterial); - - // todo: replace nonceB with decrypted nonceB + keyMaterialBytes.resize(h256::size + authcipher.size()); keyMaterial.retarget(keyMaterialBytes.data(), keyMaterialBytes.size()); - (aMacK ^ nonceB).ref().copyTo(keyMaterial); + (aMacK ^ nonceBAck).ref().copyTo(keyMaterial); bytesConstRef(&authcipher).copyTo(keyMaterial.cropped(h256::size, authcipher.size())); aEgressMac = sha3(keyMaterial); @@ -409,7 +421,7 @@ BOOST_AUTO_TEST_CASE(handshakeNew) } - /// Bob + /// Bob (after sending ack) Secret ssB; s_secp256k1.agree(nodeB.sec(), nodeA.pub(), ssB); BOOST_REQUIRE_EQUAL(ssA, ssB); @@ -419,12 +431,42 @@ BOOST_AUTO_TEST_CASE(handshakeNew) Secret bEgressMac; Secret bIngressMac; { + bytes authdecrypted; + decrypt(nodeB.sec(), &authcipher, authdecrypted); + BOOST_REQUIRE(authdecrypted.size()); + bytesConstRef ackRef(&authdecrypted); + Signature sigAuth; + h256 heA; + Public eAAuth; + Public nodeAAuth; + h256 nonceAAuth; + bytesConstRef sig(&authdecrypted[0], Signature::size); + bytesConstRef hepubk(&authdecrypted[Signature::size], h256::size); + bytesConstRef pubk(&authdecrypted[Signature::size + h256::size], Public::size); + bytesConstRef nonce(&authdecrypted[Signature::size + h256::size + Public::size], h256::size); + + nonce.copyTo(nonceAAuth.ref()); + pubk.copyTo(nodeAAuth.ref()); + BOOST_REQUIRE(nonceAAuth); + BOOST_REQUIRE_EQUAL(nonceA, nonceAAuth); + BOOST_REQUIRE(nodeAAuth); + BOOST_REQUIRE_EQUAL(nodeA.pub(), nodeAAuth); // bad test, bad!!! + hepubk.copyTo(heA.ref()); + sig.copyTo(sigAuth.ref()); + + Secret ss; + s_secp256k1.agree(nodeB.sec(), nodeAAuth, ss); + eAAuth = recover(sigAuth, ss ^ nonceAAuth); + // todo: test when this fails; means remote is bad or packet bits were flipped + BOOST_REQUIRE_EQUAL(heA, sha3(eAAuth)); + BOOST_REQUIRE_EQUAL(eAAuth, eA.pubkey()); + bytes keyMaterialBytes(512); bytesConstRef keyMaterial(&keyMaterialBytes); h256 ess; // todo: ecdh-agree should be able to output bytes - s_secp256k1.agree(eB.seckey(), eA.pubkey(), ess); + s_secp256k1.agree(eB.seckey(), eAAuth, ess); ess.ref().copyTo(keyMaterial.cropped(0, h256::size)); ssB.ref().copyTo(keyMaterial.cropped(h256::size, h256::size)); // auto token = sha3(ssA); @@ -435,7 +477,7 @@ BOOST_AUTO_TEST_CASE(handshakeNew) // todo: replace nonceB with decrypted nonceB keyMaterialBytes.resize(h256::size + ackcipher.size()); keyMaterial.retarget(keyMaterialBytes.data(), keyMaterialBytes.size()); - (bMacK ^ nonceA).ref().copyTo(keyMaterial); + (bMacK ^ nonceAAuth).ref().copyTo(keyMaterial); bytesConstRef(&ackcipher).copyTo(keyMaterial.cropped(h256::size, ackcipher.size())); bEgressMac = sha3(keyMaterial); From dfd6b4907b5d035ff213235842641d31b3ffc8f9 Mon Sep 17 00:00:00 2001 From: subtly Date: Tue, 17 Feb 2015 07:16:56 -0500 Subject: [PATCH 06/20] initial handshake on the wire --- crypto.cpp | 66 +++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 56 insertions(+), 10 deletions(-) diff --git a/crypto.cpp b/crypto.cpp index d572dc697..5dec3dd6d 100644 --- a/crypto.cpp +++ b/crypto.cpp @@ -321,13 +321,16 @@ BOOST_AUTO_TEST_CASE(handshakeNew) // authInitiator -> E(remote-pubk, S(ecdhe-random, ecdh-shared-secret^nonce) || H(ecdhe-random-pubk) || pubk || nonce || 0x0) // authRecipient -> E(remote-pubk, ecdhe-random-pubk || nonce || 0x0) - Secret nodeAsecret(sha3("privacy")); + h256 base(sha3("privacy")); + sha3(base.ref(), base.ref()); + Secret nodeAsecret(base); KeyPair nodeA(nodeAsecret); BOOST_REQUIRE(nodeA.pub()); - Secret nodeBsecret(sha3("privacy++")); + sha3(base.ref(), base.ref()); + Secret nodeBsecret(base); KeyPair nodeB(nodeBsecret); - BOOST_REQUIRE(nodeA.pub()); + BOOST_REQUIRE(nodeB.pub()); BOOST_REQUIRE_NE(nodeA.sec(), nodeB.sec()); @@ -343,7 +346,7 @@ BOOST_AUTO_TEST_CASE(handshakeNew) bytesConstRef pubk(&auth[Signature::size + h256::size], Public::size); bytesConstRef nonce(&auth[Signature::size + h256::size + Public::size], h256::size); - s_secp256k1.agree(nodeA.sec(), nodeB.pub(), ssA); + crypto::ecdh::agree(nodeA.sec(), nodeB.pub(), ssA); sign(eA.seckey(), ssA ^ nonceA).ref().copyTo(sig); sha3(eA.pubkey().ref(), hepubk); nodeA.pub().ref().copyTo(pubk); @@ -352,7 +355,7 @@ BOOST_AUTO_TEST_CASE(handshakeNew) } bytes authcipher; encrypt(nodeB.pub(), &auth, authcipher); - BOOST_REQUIRE(authcipher.size()); + BOOST_REQUIRE_EQUAL(authcipher.size(), 279); // Receipient is Bob (nodeB) ECDHE eB; @@ -360,6 +363,14 @@ BOOST_AUTO_TEST_CASE(handshakeNew) h256 nonceB(sha3(nAbytes)); bytes ack(Public::size + h256::size + 1); { + // todo: replace nodeA.pub() in encrypt() + // decrypt public key from auth + bytes authdecrypted; + decrypt(nodeB.sec(), &authcipher, authdecrypted); + Public node; + bytesConstRef pubk(&authdecrypted[Signature::size + h256::size], Public::size); + pubk.copyTo(node.ref()); + bytesConstRef epubk(&ack[0], Public::size); bytesConstRef nonce(&ack[Public::size], h256::size); @@ -369,7 +380,7 @@ BOOST_AUTO_TEST_CASE(handshakeNew) } bytes ackcipher; encrypt(nodeA.pub(), &ack, ackcipher); - BOOST_REQUIRE(ackcipher.size()); + BOOST_REQUIRE_EQUAL(ackcipher.size(), 182); BOOST_REQUIRE(eA.pubkey()); BOOST_REQUIRE(eB.pubkey()); @@ -399,7 +410,7 @@ BOOST_AUTO_TEST_CASE(handshakeNew) h256 ess; // todo: ecdh-agree should be able to output bytes - s_secp256k1.agree(eA.seckey(), eBAck, ess); + eA.agree(eBAck, ess); ess.ref().copyTo(keyMaterial.cropped(0, h256::size)); ssA.ref().copyTo(keyMaterial.cropped(h256::size, h256::size)); // auto token = sha3(ssA); @@ -423,7 +434,7 @@ BOOST_AUTO_TEST_CASE(handshakeNew) /// Bob (after sending ack) Secret ssB; - s_secp256k1.agree(nodeB.sec(), nodeA.pub(), ssB); + crypto::ecdh::agree(nodeB.sec(), nodeA.pub(), ssB); BOOST_REQUIRE_EQUAL(ssA, ssB); Secret bEncryptK; @@ -466,7 +477,8 @@ BOOST_AUTO_TEST_CASE(handshakeNew) h256 ess; // todo: ecdh-agree should be able to output bytes - s_secp256k1.agree(eB.seckey(), eAAuth, ess); + eB.agree(eAAuth, ess); +// s_secp256k1.agree(eB.seckey(), eAAuth, ess); ess.ref().copyTo(keyMaterial.cropped(0, h256::size)); ssB.ref().copyTo(keyMaterial.cropped(h256::size, h256::size)); // auto token = sha3(ssA); @@ -492,6 +504,9 @@ BOOST_AUTO_TEST_CASE(handshakeNew) BOOST_REQUIRE_EQUAL(aMacK, bMacK); BOOST_REQUIRE_EQUAL(aEgressMac, bIngressMac); BOOST_REQUIRE_EQUAL(bEgressMac, aIngressMac); + + + } BOOST_AUTO_TEST_CASE(ecdhe_aes128_ctr_sha3mac) @@ -504,6 +519,37 @@ BOOST_AUTO_TEST_CASE(ecdhe_aes128_ctr_sha3mac) } +BOOST_AUTO_TEST_CASE(crypto_rlpxwire) +{ + Secret encryptK(sha3("...")); + h256 egressMac(sha3("+++")); + // TESTING: send encrypt magic sequence + bytes magic {0x22,0x40,0x08,0x91}; + bytes magicCipherAndMac; + encryptSymNoAuth(encryptK, &magic, magicCipherAndMac, h256()); + magicCipherAndMac.resize(magicCipherAndMac.size() + 32); + sha3mac(egressMac.ref(), &magic, egressMac.ref()); + egressMac.ref().copyTo(bytesConstRef(&magicCipherAndMac).cropped(magicCipherAndMac.size() - 32, 32)); + + bytes plaintext; + bytesConstRef cipher(&magicCipherAndMac[0], magicCipherAndMac.size() - 32); + decryptSymNoAuth(encryptK, h256(), cipher, plaintext); +} + +BOOST_AUTO_TEST_CASE(crypto_aes128_ctr) +{ + Secret k(sha3("0xAAAA")); + string m = "AAAAAAAAAAAAAAAA"; + bytesConstRef msg((byte*)m.data(), m.size()); + + bytes ciphertext; + auto iv = encryptSymNoAuth(k, msg, ciphertext); + + bytes plaintext; + decryptSymNoAuth(k, iv, &ciphertext, plaintext); + BOOST_REQUIRE_EQUAL(asString(plaintext), m); +} + BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr) { const int aesKeyLen = 16; @@ -535,7 +581,7 @@ BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr) // 68 % 255 should be difference of counter e.ProcessData(out, in, text.size()); - ctr = h128(u128(ctr) + text.size() % 16); + ctr = h128(u128(ctr) + text.size() / 16); BOOST_REQUIRE(text != original); cipherCopy = text; From b78116ae447e2350ca939b0e27d1bc3401635c9b Mon Sep 17 00:00:00 2001 From: subtly Date: Sun, 1 Mar 2015 22:17:17 +0100 Subject: [PATCH 07/20] start of ecies interop with go --- crypto.cpp | 78 ++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 64 insertions(+), 14 deletions(-) diff --git a/crypto.cpp b/crypto.cpp index 5dec3dd6d..56fb8a51c 100644 --- a/crypto.cpp +++ b/crypto.cpp @@ -228,6 +228,51 @@ BOOST_AUTO_TEST_CASE(cryptopp_ecdsa_sipaseckp256k1) } } +BOOST_AUTO_TEST_CASE(ecies_kdf) +{ + KeyPair local = KeyPair::create(); + KeyPair remote = KeyPair::create(); + // nonce + Secret z1; + ecdh::agree(local.sec(), remote.pub(), z1); + auto key1 = s_secp256k1.eciesKDF(z1, bytes(), 512); + bytesConstRef eKey1 = bytesConstRef(&key1).cropped(0, 32); + bytesRef mKey1 = bytesRef(&key1).cropped(32, 32); + sha3(mKey1, mKey1); + + Secret z2; + ecdh::agree(remote.sec(), local.pub(), z2); + auto key2 = s_secp256k1.eciesKDF(z2, bytes(), 512); + bytesConstRef eKey2 = bytesConstRef(&key2).cropped(0, 32); + bytesRef mKey2 = bytesRef(&key2).cropped(32, 32); + sha3(mKey2, mKey2); + + BOOST_REQUIRE(eKey1.toBytes() == eKey2.toBytes()); + BOOST_REQUIRE(mKey1.toBytes() == mKey2.toBytes()); + + BOOST_REQUIRE((u256)h256(z1) > 0); + BOOST_REQUIRE(z1 == z2); + + BOOST_REQUIRE(key1.size() > 0 && ((u512)h512(key1)) > 0); + BOOST_REQUIRE(key1 == key2); +} + +BOOST_AUTO_TEST_CASE(ecies_standard) +{ + KeyPair k = KeyPair::create(); + + string message("Now is the time for all good persons to come to the aid of humanity."); + string original = message; + bytes b = asBytes(message); + + s_secp256k1.encryptECIES(k.pub(), b); + BOOST_REQUIRE(b != asBytes(original)); + BOOST_REQUIRE(b.size() > 0 && ((u128)h128(b)) > 0); + + s_secp256k1.decryptECIES(k.sec(), b); + BOOST_REQUIRE(bytesConstRef(&b).cropped(0, original.size()).toBytes() == asBytes(original)); +} + BOOST_AUTO_TEST_CASE(ecies_eckeypair) { KeyPair k = KeyPair::create(); @@ -341,10 +386,10 @@ BOOST_AUTO_TEST_CASE(handshakeNew) bytes auth(Signature::size + h256::size + Public::size + h256::size + 1); Secret ssA; { - bytesConstRef sig(&auth[0], Signature::size); - bytesConstRef hepubk(&auth[Signature::size], h256::size); - bytesConstRef pubk(&auth[Signature::size + h256::size], Public::size); - bytesConstRef nonce(&auth[Signature::size + h256::size + Public::size], h256::size); + bytesRef sig(&auth[0], Signature::size); + bytesRef hepubk(&auth[Signature::size], h256::size); + bytesRef pubk(&auth[Signature::size + h256::size], Public::size); + bytesRef nonce(&auth[Signature::size + h256::size + Public::size], h256::size); crypto::ecdh::agree(nodeA.sec(), nodeB.pub(), ssA); sign(eA.seckey(), ssA ^ nonceA).ref().copyTo(sig); @@ -371,8 +416,8 @@ BOOST_AUTO_TEST_CASE(handshakeNew) bytesConstRef pubk(&authdecrypted[Signature::size + h256::size], Public::size); pubk.copyTo(node.ref()); - bytesConstRef epubk(&ack[0], Public::size); - bytesConstRef nonce(&ack[Public::size], h256::size); + bytesRef epubk(&ack[0], Public::size); + bytesRef nonce(&ack[Public::size], h256::size); eB.pubkey().ref().copyTo(epubk); nonceB.ref().copyTo(nonce); @@ -398,7 +443,7 @@ BOOST_AUTO_TEST_CASE(handshakeNew) bytesConstRef ackRef(&ackdecrypted); Public eBAck; h256 nonceBAck; - ackRef.cropped(0, Public::size).copyTo(bytesConstRef(eBAck.data(), Public::size)); + ackRef.cropped(0, Public::size).copyTo(bytesRef(eBAck.data(), Public::size)); ackRef.cropped(Public::size, h256::size).copyTo(nonceBAck.ref()); BOOST_REQUIRE_EQUAL(eBAck, eB.pubkey()); BOOST_REQUIRE_EQUAL(nonceBAck, nonceB); @@ -406,7 +451,7 @@ BOOST_AUTO_TEST_CASE(handshakeNew) // TODO: export ess and require equal to b bytes keyMaterialBytes(512); - bytesConstRef keyMaterial(&keyMaterialBytes); + bytesRef keyMaterial(&keyMaterialBytes); h256 ess; // todo: ecdh-agree should be able to output bytes @@ -473,7 +518,7 @@ BOOST_AUTO_TEST_CASE(handshakeNew) BOOST_REQUIRE_EQUAL(eAAuth, eA.pubkey()); bytes keyMaterialBytes(512); - bytesConstRef keyMaterial(&keyMaterialBytes); + bytesRef keyMaterial(&keyMaterialBytes); h256 ess; // todo: ecdh-agree should be able to output bytes @@ -519,24 +564,29 @@ BOOST_AUTO_TEST_CASE(ecdhe_aes128_ctr_sha3mac) } -BOOST_AUTO_TEST_CASE(crypto_rlpxwire) +BOOST_AUTO_TEST_CASE(ecies_aes128_ctr_unaligned) { Secret encryptK(sha3("...")); h256 egressMac(sha3("+++")); // TESTING: send encrypt magic sequence bytes magic {0x22,0x40,0x08,0x91}; bytes magicCipherAndMac; - encryptSymNoAuth(encryptK, &magic, magicCipherAndMac, h256()); + encryptSymNoAuth(encryptK, &magic, magicCipherAndMac, h128()); + magicCipherAndMac.resize(magicCipherAndMac.size() + 32); sha3mac(egressMac.ref(), &magic, egressMac.ref()); - egressMac.ref().copyTo(bytesConstRef(&magicCipherAndMac).cropped(magicCipherAndMac.size() - 32, 32)); + egressMac.ref().copyTo(bytesRef(&magicCipherAndMac).cropped(magicCipherAndMac.size() - 32, 32)); bytes plaintext; bytesConstRef cipher(&magicCipherAndMac[0], magicCipherAndMac.size() - 32); - decryptSymNoAuth(encryptK, h256(), cipher, plaintext); + decryptSymNoAuth(encryptK, h128(), cipher, plaintext); + + plaintext.resize(magic.size()); + BOOST_REQUIRE(plaintext.size() > 0); + BOOST_REQUIRE(magic == plaintext); } -BOOST_AUTO_TEST_CASE(crypto_aes128_ctr) +BOOST_AUTO_TEST_CASE(ecies_aes128_ctr) { Secret k(sha3("0xAAAA")); string m = "AAAAAAAAAAAAAAAA"; From 0a7b5bb62bec496b89db20c0fbbc16235e45b3cb Mon Sep 17 00:00:00 2001 From: subtly Date: Tue, 3 Mar 2015 02:23:48 +0100 Subject: [PATCH 08/20] ecies interop fix and tests. 128-bit keys. --- crypto.cpp | 48 ++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 38 insertions(+), 10 deletions(-) diff --git a/crypto.cpp b/crypto.cpp index 56fb8a51c..5673dd530 100644 --- a/crypto.cpp +++ b/crypto.cpp @@ -228,6 +228,44 @@ BOOST_AUTO_TEST_CASE(cryptopp_ecdsa_sipaseckp256k1) } } +BOOST_AUTO_TEST_CASE(ecies_interop_test) +{ + Secret input1(fromHex("0x0de72f1223915fa8b8bf45dffef67aef8d89792d116eb61c9a1eb02c422a4663")); + bytes expect1(fromHex("0x1d0c446f9899a3426f2b89a8cb75c14b")); + bytes test1; + test1 = s_secp256k1.eciesKDF(input1, bytes(), 16); + BOOST_REQUIRE(test1 == expect1); + + KeyPair k(Secret(fromHex("0x332143e9629eedff7d142d741f896258f5a1bfab54dab2121d3ec5000093d74b"))); + Public p(fromHex("0xf0d2b97981bd0d415a843b5dfe8ab77a30300daab3658c578f2340308a2da1a07f0821367332598b6aa4e180a41e92f4ebbae3518da847f0b1c0bbfe20bcf4e1")); + Secret agreeExpected(fromHex("0xee1418607c2fcfb57fda40380e885a707f49000a5dda056d828b7d9bd1f29a08")); + Secret agreeTest; + s_secp256k1.agree(k.sec(), p, agreeTest); + BOOST_REQUIRE(agreeExpected == agreeTest); + + KeyPair kenc(Secret(fromHex("0x472413e97f1fd58d84e28a559479e6b6902d2e8a0cee672ef38a3a35d263886b"))); + Public penc(Public(fromHex("0x7a2aa2951282279dc1171549a7112b07c38c0d97c0fe2c0ae6c4588ba15be74a04efc4f7da443f6d61f68a9279bc82b73e0cc8d090048e9f87e838ae65dd8d4c"))); + BOOST_REQUIRE(penc == kenc.pub()); + + bytes cipher1(fromHex("0x046f647e1bd8a5cd1446d31513bac233e18bdc28ec0e59d46de453137a72599533f1e97c98154343420d5f16e171e5107999a7c7f1a6e26f57bcb0d2280655d08fb148d36f1d4b28642d3bb4a136f0e33e3dd2e3cffe4b45a03fb7c5b5ea5e65617250fdc89e1a315563c20504b9d3a72555")); + bytes plainTest1 = cipher1; + bytes expectedPlain1 = asBytes("a"); + BOOST_REQUIRE(s_secp256k1.decryptECIES(kenc.sec(), plainTest1)); + BOOST_REQUIRE(plainTest1 == expectedPlain1); + + bytes cipher2(fromHex("0x0443c24d6ccef3ad095140760bb143078b3880557a06392f17c5e368502d79532bc18903d59ced4bbe858e870610ab0d5f8b7963dd5c9c4cf81128d10efd7c7aa80091563c273e996578403694673581829e25a865191bdc9954db14285b56eb0043b6288172e0d003c10f42fe413222e273d1d4340c38a2d8344d7aadcbc846ee")); + bytes plainTest2 = cipher2; + bytes expectedPlain2 = asBytes("aaaaaaaaaaaaaaaa"); + BOOST_REQUIRE(s_secp256k1.decryptECIES(kenc.sec(), plainTest2)); + BOOST_REQUIRE(plainTest2 == expectedPlain2); + + bytes cipher3(fromHex("0x04c4e40c86bb5324e017e598c6d48c19362ae527af8ab21b077284a4656c8735e62d73fb3d740acefbec30ca4c024739a1fcdff69ecaf03301eebf156eb5f17cca6f9d7a7e214a1f3f6e34d1ee0ec00ce0ef7d2b242fbfec0f276e17941f9f1bfbe26de10a15a6fac3cda039904ddd1d7e06e7b96b4878f61860e47f0b84c8ceb64f6a900ff23844f4359ae49b44154980a626d3c73226c19e")); + bytes plainTest3 = cipher3; + bytes expectedPlain3 = asBytes("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); + BOOST_REQUIRE(s_secp256k1.decryptECIES(kenc.sec(), plainTest3)); + BOOST_REQUIRE(plainTest3 == expectedPlain3); +} + BOOST_AUTO_TEST_CASE(ecies_kdf) { KeyPair local = KeyPair::create(); @@ -552,16 +590,6 @@ BOOST_AUTO_TEST_CASE(handshakeNew) -} - -BOOST_AUTO_TEST_CASE(ecdhe_aes128_ctr_sha3mac) -{ - // New connections require new ECDH keypairs - // Every new connection requires a new EC keypair - // Every new trust requires a new EC keypair - // All connections should share seed for PRF (or PRNG) for nonces - - } BOOST_AUTO_TEST_CASE(ecies_aes128_ctr_unaligned) From 42f7632c3c687278b5c901454d900e699243cd38 Mon Sep 17 00:00:00 2001 From: subtly Date: Tue, 3 Mar 2015 13:01:47 +0100 Subject: [PATCH 09/20] ECIES interop with go is a go. --- crypto.cpp | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/crypto.cpp b/crypto.cpp index 5673dd530..4a9a9dc80 100644 --- a/crypto.cpp +++ b/crypto.cpp @@ -230,12 +230,52 @@ BOOST_AUTO_TEST_CASE(cryptopp_ecdsa_sipaseckp256k1) BOOST_AUTO_TEST_CASE(ecies_interop_test) { + CryptoPP::SHA256 sha256ctx; + bytes emptyExpected(fromHex("0xe3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")); + bytes empty; + sha256ctx.Update(empty.data(), 0); + bytes emptyTestOut(32); + sha256ctx.Final(emptyTestOut.data()); + BOOST_REQUIRE(emptyExpected == emptyTestOut); + + bytes hash1Expected(fromHex("0x8949b278bbafb8da1aaa18cb724175c5952280f74be5d29ab4b37d1b45c84b08")); + bytes hash1input(fromHex("0x55a53b55afb12affff3c")); + sha256ctx.Update(hash1input.data(), hash1input.size()); + bytes hash1Out(32); + sha256ctx.Final(hash1Out.data()); + BOOST_REQUIRE(hash1Out == hash1Expected); + + h128 hmack(fromHex("0x07a4b6dfa06369a570f2dcba2f11a18f")); + CryptoPP::HMAC hmacctx(hmack.data(), h128::size); + bytes input(fromHex("0x4dcb92ed4fc67fe86832")); + hmacctx.Update(input.data(), input.size()); + bytes hmacExpected(fromHex("0xc90b62b1a673b47df8e395e671a68bfa68070d6e2ef039598bb829398b89b9a9")); + bytes hmacOut(hmacExpected.size()); + hmacctx.Final(hmacOut.data()); + BOOST_REQUIRE(hmacExpected == hmacOut); + + // go messageTag + bytes tagSecret(fromHex("0xaf6623e52208c596e17c72cea6f1cb09")); + bytes tagInput(fromHex("0x3461282bcedace970df2")); + bytes tagExpected(fromHex("0xb3ce623bce08d5793677ba9441b22bb34d3e8a7de964206d26589df3e8eb5183")); + CryptoPP::HMAC hmactagctx(tagSecret.data(), tagSecret.size()); + hmactagctx.Update(tagInput.data(), tagInput.size()); + h256 mac; + hmactagctx.Final(mac.data()); + BOOST_REQUIRE(mac.asBytes() == tagExpected); + Secret input1(fromHex("0x0de72f1223915fa8b8bf45dffef67aef8d89792d116eb61c9a1eb02c422a4663")); bytes expect1(fromHex("0x1d0c446f9899a3426f2b89a8cb75c14b")); bytes test1; test1 = s_secp256k1.eciesKDF(input1, bytes(), 16); BOOST_REQUIRE(test1 == expect1); + Secret kdfInput2(fromHex("0x961c065873443014e0371f1ed656c586c6730bf927415757f389d92acf8268df")); + bytes kdfExpect2(fromHex("0x4050c52e6d9c08755e5a818ac66fabe478b825b1836fd5efc4d44e40d04dabcc")); + bytes kdfTest2; + kdfTest2 = s_secp256k1.eciesKDF(kdfInput2, bytes(), 32); + BOOST_REQUIRE(kdfTest2 == kdfExpect2); + KeyPair k(Secret(fromHex("0x332143e9629eedff7d142d741f896258f5a1bfab54dab2121d3ec5000093d74b"))); Public p(fromHex("0xf0d2b97981bd0d415a843b5dfe8ab77a30300daab3658c578f2340308a2da1a07f0821367332598b6aa4e180a41e92f4ebbae3518da847f0b1c0bbfe20bcf4e1")); Secret agreeExpected(fromHex("0xee1418607c2fcfb57fda40380e885a707f49000a5dda056d828b7d9bd1f29a08")); @@ -243,6 +283,13 @@ BOOST_AUTO_TEST_CASE(ecies_interop_test) s_secp256k1.agree(k.sec(), p, agreeTest); BOOST_REQUIRE(agreeExpected == agreeTest); + KeyPair kmK(Secret(fromHex("0x57baf2c62005ddec64c357d96183ebc90bf9100583280e848aa31d683cad73cb"))); + bytes kmCipher(fromHex("0x04ff2c874d0a47917c84eea0b2a4141ca95233720b5c70f81a8415bae1dc7b746b61df7558811c1d6054333907333ef9bb0cc2fbf8b34abb9730d14e0140f4553f4b15d705120af46cf653a1dc5b95b312cf8444714f95a4f7a0425b67fc064d18f4d0a528761565ca02d97faffdac23de10")); + bytes kmPlain = kmCipher; + bytes kmExpected(asBytes("a")); + BOOST_REQUIRE(s_secp256k1.decryptECIES(kmK.sec(), kmPlain)); + BOOST_REQUIRE(kmExpected == kmPlain); + KeyPair kenc(Secret(fromHex("0x472413e97f1fd58d84e28a559479e6b6902d2e8a0cee672ef38a3a35d263886b"))); Public penc(Public(fromHex("0x7a2aa2951282279dc1171549a7112b07c38c0d97c0fe2c0ae6c4588ba15be74a04efc4f7da443f6d61f68a9279bc82b73e0cc8d090048e9f87e838ae65dd8d4c"))); BOOST_REQUIRE(penc == kenc.pub()); From 454c851260753a1d54153ea747f774606b53aea6 Mon Sep 17 00:00:00 2001 From: subtly Date: Tue, 3 Mar 2015 20:56:05 +0100 Subject: [PATCH 10/20] update host for ecies interop. test sha3 output of interim digest. --- crypto.cpp | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/crypto.cpp b/crypto.cpp index 4a9a9dc80..ebe8db6c5 100644 --- a/crypto.cpp +++ b/crypto.cpp @@ -228,6 +228,42 @@ BOOST_AUTO_TEST_CASE(cryptopp_ecdsa_sipaseckp256k1) } } +BOOST_AUTO_TEST_CASE(rlpx_sha3_norestart) +{ + CryptoPP::SHA3_256 ctx; + bytes input(asBytes("test")); + ctx.Update(input.data(), 4); + CryptoPP::SHA3_256 ctxCopy(ctx); + bytes interimDigest(32); + ctx.Final(interimDigest.data()); + ctx.Update(input.data(), 4); + bytes firstDigest(32); + ctx.Final(firstDigest.data()); + BOOST_REQUIRE(interimDigest == firstDigest); + + ctxCopy.Update(input.data(), 4); + bytes finalDigest(32); + ctxCopy.Final(interimDigest.data()); + BOOST_REQUIRE(interimDigest != finalDigest); + + // we can do this another way -- copy the context for final + ctxCopy.Update(input.data(), 4); + ctxCopy.Update(input.data(), 4); + CryptoPP::SHA3_256 finalCtx(ctxCopy); + bytes finalDigest2(32); + finalCtx.Final(finalDigest2.data()); + BOOST_REQUIRE(finalDigest2 == interimDigest); + ctxCopy.Update(input.data(), 4); + bytes finalDigest3(32); + finalCtx.Final(finalDigest3.data()); + BOOST_REQUIRE(finalDigest2 != finalDigest3); +} + +BOOST_AUTO_TEST_CASE(rlpx_updatemac_aesecb_sha3) +{ + +} + BOOST_AUTO_TEST_CASE(ecies_interop_test) { CryptoPP::SHA256 sha256ctx; From 7ce91422ff23bc43460ae59b164528e72520b6ef Mon Sep 17 00:00:00 2001 From: subtly Date: Thu, 5 Mar 2015 00:22:35 +0100 Subject: [PATCH 11/20] test initial secrets and ciphers, interop with go --- crypto.cpp | 93 +----------- rlpx.cpp | 417 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 419 insertions(+), 91 deletions(-) create mode 100644 rlpx.cpp diff --git a/crypto.cpp b/crypto.cpp index ebe8db6c5..c20b4c51f 100644 --- a/crypto.cpp +++ b/crypto.cpp @@ -15,6 +15,7 @@ along with cpp-ethereum. If not, see . */ /** @file crypto.cpp + * @author Alex Leverington * @author Gav Wood * @date 2014 * Crypto test functions. @@ -228,7 +229,7 @@ BOOST_AUTO_TEST_CASE(cryptopp_ecdsa_sipaseckp256k1) } } -BOOST_AUTO_TEST_CASE(rlpx_sha3_norestart) +BOOST_AUTO_TEST_CASE(sha3_norestart) { CryptoPP::SHA3_256 ctx; bytes input(asBytes("test")); @@ -259,96 +260,6 @@ BOOST_AUTO_TEST_CASE(rlpx_sha3_norestart) BOOST_REQUIRE(finalDigest2 != finalDigest3); } -BOOST_AUTO_TEST_CASE(rlpx_updatemac_aesecb_sha3) -{ - -} - -BOOST_AUTO_TEST_CASE(ecies_interop_test) -{ - CryptoPP::SHA256 sha256ctx; - bytes emptyExpected(fromHex("0xe3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")); - bytes empty; - sha256ctx.Update(empty.data(), 0); - bytes emptyTestOut(32); - sha256ctx.Final(emptyTestOut.data()); - BOOST_REQUIRE(emptyExpected == emptyTestOut); - - bytes hash1Expected(fromHex("0x8949b278bbafb8da1aaa18cb724175c5952280f74be5d29ab4b37d1b45c84b08")); - bytes hash1input(fromHex("0x55a53b55afb12affff3c")); - sha256ctx.Update(hash1input.data(), hash1input.size()); - bytes hash1Out(32); - sha256ctx.Final(hash1Out.data()); - BOOST_REQUIRE(hash1Out == hash1Expected); - - h128 hmack(fromHex("0x07a4b6dfa06369a570f2dcba2f11a18f")); - CryptoPP::HMAC hmacctx(hmack.data(), h128::size); - bytes input(fromHex("0x4dcb92ed4fc67fe86832")); - hmacctx.Update(input.data(), input.size()); - bytes hmacExpected(fromHex("0xc90b62b1a673b47df8e395e671a68bfa68070d6e2ef039598bb829398b89b9a9")); - bytes hmacOut(hmacExpected.size()); - hmacctx.Final(hmacOut.data()); - BOOST_REQUIRE(hmacExpected == hmacOut); - - // go messageTag - bytes tagSecret(fromHex("0xaf6623e52208c596e17c72cea6f1cb09")); - bytes tagInput(fromHex("0x3461282bcedace970df2")); - bytes tagExpected(fromHex("0xb3ce623bce08d5793677ba9441b22bb34d3e8a7de964206d26589df3e8eb5183")); - CryptoPP::HMAC hmactagctx(tagSecret.data(), tagSecret.size()); - hmactagctx.Update(tagInput.data(), tagInput.size()); - h256 mac; - hmactagctx.Final(mac.data()); - BOOST_REQUIRE(mac.asBytes() == tagExpected); - - Secret input1(fromHex("0x0de72f1223915fa8b8bf45dffef67aef8d89792d116eb61c9a1eb02c422a4663")); - bytes expect1(fromHex("0x1d0c446f9899a3426f2b89a8cb75c14b")); - bytes test1; - test1 = s_secp256k1.eciesKDF(input1, bytes(), 16); - BOOST_REQUIRE(test1 == expect1); - - Secret kdfInput2(fromHex("0x961c065873443014e0371f1ed656c586c6730bf927415757f389d92acf8268df")); - bytes kdfExpect2(fromHex("0x4050c52e6d9c08755e5a818ac66fabe478b825b1836fd5efc4d44e40d04dabcc")); - bytes kdfTest2; - kdfTest2 = s_secp256k1.eciesKDF(kdfInput2, bytes(), 32); - BOOST_REQUIRE(kdfTest2 == kdfExpect2); - - KeyPair k(Secret(fromHex("0x332143e9629eedff7d142d741f896258f5a1bfab54dab2121d3ec5000093d74b"))); - Public p(fromHex("0xf0d2b97981bd0d415a843b5dfe8ab77a30300daab3658c578f2340308a2da1a07f0821367332598b6aa4e180a41e92f4ebbae3518da847f0b1c0bbfe20bcf4e1")); - Secret agreeExpected(fromHex("0xee1418607c2fcfb57fda40380e885a707f49000a5dda056d828b7d9bd1f29a08")); - Secret agreeTest; - s_secp256k1.agree(k.sec(), p, agreeTest); - BOOST_REQUIRE(agreeExpected == agreeTest); - - KeyPair kmK(Secret(fromHex("0x57baf2c62005ddec64c357d96183ebc90bf9100583280e848aa31d683cad73cb"))); - bytes kmCipher(fromHex("0x04ff2c874d0a47917c84eea0b2a4141ca95233720b5c70f81a8415bae1dc7b746b61df7558811c1d6054333907333ef9bb0cc2fbf8b34abb9730d14e0140f4553f4b15d705120af46cf653a1dc5b95b312cf8444714f95a4f7a0425b67fc064d18f4d0a528761565ca02d97faffdac23de10")); - bytes kmPlain = kmCipher; - bytes kmExpected(asBytes("a")); - BOOST_REQUIRE(s_secp256k1.decryptECIES(kmK.sec(), kmPlain)); - BOOST_REQUIRE(kmExpected == kmPlain); - - KeyPair kenc(Secret(fromHex("0x472413e97f1fd58d84e28a559479e6b6902d2e8a0cee672ef38a3a35d263886b"))); - Public penc(Public(fromHex("0x7a2aa2951282279dc1171549a7112b07c38c0d97c0fe2c0ae6c4588ba15be74a04efc4f7da443f6d61f68a9279bc82b73e0cc8d090048e9f87e838ae65dd8d4c"))); - BOOST_REQUIRE(penc == kenc.pub()); - - bytes cipher1(fromHex("0x046f647e1bd8a5cd1446d31513bac233e18bdc28ec0e59d46de453137a72599533f1e97c98154343420d5f16e171e5107999a7c7f1a6e26f57bcb0d2280655d08fb148d36f1d4b28642d3bb4a136f0e33e3dd2e3cffe4b45a03fb7c5b5ea5e65617250fdc89e1a315563c20504b9d3a72555")); - bytes plainTest1 = cipher1; - bytes expectedPlain1 = asBytes("a"); - BOOST_REQUIRE(s_secp256k1.decryptECIES(kenc.sec(), plainTest1)); - BOOST_REQUIRE(plainTest1 == expectedPlain1); - - bytes cipher2(fromHex("0x0443c24d6ccef3ad095140760bb143078b3880557a06392f17c5e368502d79532bc18903d59ced4bbe858e870610ab0d5f8b7963dd5c9c4cf81128d10efd7c7aa80091563c273e996578403694673581829e25a865191bdc9954db14285b56eb0043b6288172e0d003c10f42fe413222e273d1d4340c38a2d8344d7aadcbc846ee")); - bytes plainTest2 = cipher2; - bytes expectedPlain2 = asBytes("aaaaaaaaaaaaaaaa"); - BOOST_REQUIRE(s_secp256k1.decryptECIES(kenc.sec(), plainTest2)); - BOOST_REQUIRE(plainTest2 == expectedPlain2); - - bytes cipher3(fromHex("0x04c4e40c86bb5324e017e598c6d48c19362ae527af8ab21b077284a4656c8735e62d73fb3d740acefbec30ca4c024739a1fcdff69ecaf03301eebf156eb5f17cca6f9d7a7e214a1f3f6e34d1ee0ec00ce0ef7d2b242fbfec0f276e17941f9f1bfbe26de10a15a6fac3cda039904ddd1d7e06e7b96b4878f61860e47f0b84c8ceb64f6a900ff23844f4359ae49b44154980a626d3c73226c19e")); - bytes plainTest3 = cipher3; - bytes expectedPlain3 = asBytes("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); - BOOST_REQUIRE(s_secp256k1.decryptECIES(kenc.sec(), plainTest3)); - BOOST_REQUIRE(plainTest3 == expectedPlain3); -} - BOOST_AUTO_TEST_CASE(ecies_kdf) { KeyPair local = KeyPair::create(); diff --git a/rlpx.cpp b/rlpx.cpp new file mode 100644 index 000000000..d845911f4 --- /dev/null +++ b/rlpx.cpp @@ -0,0 +1,417 @@ +/* + This file is part of cpp-ethereum. + + cpp-ethereum is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + cpp-ethereum is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with cpp-ethereum. If not, see . +*/ +/** @file crypto.cpp + * @author Alex Leverington + * @date 2015 + * RLPx test functions. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +using namespace std; +using namespace dev; +using namespace dev::crypto; +using namespace CryptoPP; + +BOOST_AUTO_TEST_SUITE(rlpx) + +static Secp256k1 s_secp256k1; +static CryptoPP::AutoSeededRandomPool s_rng; +static CryptoPP::OID s_curveOID(CryptoPP::ASN1::secp256k1()); +static CryptoPP::DL_GroupParameters_EC s_params(s_curveOID); +static CryptoPP::DL_GroupParameters_EC::EllipticCurve s_curve(s_params.GetCurve()); + +BOOST_AUTO_TEST_CASE(test_secrets_cpp_vectors) +{ + KeyPair init(Secret(sha3("initiator"))); + KeyPair initR(Secret(sha3("initiator-random"))); + h256 initNonce(sha3("initiator-nonce")); + + KeyPair recv(Secret(sha3("remote-recv"))); + KeyPair recvR(Secret(sha3("remote-recv-random"))); + h256 recvNonce(sha3("remote-recv-nonce")); + + bytes authCipher(fromHex("")); + bytes ackCipher(fromHex("")); + + CryptoPP::CTR_Mode::Encryption m_frameEnc; + CryptoPP::CTR_Mode::Encryption m_frameDec; + CryptoPP::ECB_Mode::Encryption m_macEnc; + CryptoPP::SHA3_256 m_egressMac; + CryptoPP::SHA3_256 m_ingressMac; + + // when originated is true, agreement is with init secrets + // when originated is true, remoteNonce = recvNonce + // when originated is true, nonce = initNonce + bool originated = true; + auto remoteNonce = recvNonce; + auto nonce = initNonce; + bytes keyMaterialBytes(64); + bytesRef keyMaterial(&keyMaterialBytes); + + // shared-secret = sha3(ecdhe-shared-secret || sha3(nonce || initiator-nonce)) + Secret ephemeralShared; + s_secp256k1.agree(initR.sec(), recvR.pub(), ephemeralShared); + Secret expected(fromHex("20d82c1092f351dc217bd66fa183e801234af14ead40423b6ee25112201c6e5a")); + BOOST_REQUIRE(expected == ephemeralShared); + + ephemeralShared.ref().copyTo(keyMaterial.cropped(0, h256::size)); + h512 nonceMaterial; + h256 const& leftNonce = originated ? remoteNonce : nonce; + h256 const& rightNonce = originated ? nonce : remoteNonce; + leftNonce.ref().copyTo(nonceMaterial.ref().cropped(0, h256::size)); + rightNonce.ref().copyTo(nonceMaterial.ref().cropped(h256::size, h256::size)); + auto outRef(keyMaterial.cropped(h256::size, h256::size)); + sha3(nonceMaterial.ref(), outRef); // output h(nonces) + + // test that keyMaterial = ecdhe-shared-secret || sha3(nonce || initiator-nonce) + { + BOOST_REQUIRE(ephemeralShared == *(Secret*)keyMaterialBytes.data()); + + SHA3_256 ctx; + ctx.Update(leftNonce.data(), h256::size); + ctx.Update(rightNonce.data(), h256::size); + bytes expected(32); + ctx.Final(expected.data()); + bytes given(32); + outRef.copyTo(&given); + BOOST_REQUIRE(expected == given); + } + bytes preImage(keyMaterialBytes); + + // shared-secret <- sha3(ecdhe-shared-secret || sha3(nonce || initiator-nonce)) + // keyMaterial = ecdhe-shared-secret || shared-secret + sha3(keyMaterial, outRef); + bytes sharedSecret(32); + outRef.copyTo(&sharedSecret); + BOOST_REQUIRE(sharedSecret == fromHex("b65319ce56e00f3be75c4d0da92b5957d5583ca25eeeedac8e29b6dfc8b1ddf7")); + + // test that keyMaterial = ecdhe-shared-secret || shared-secret + { + BOOST_REQUIRE(ephemeralShared == *(Secret*)keyMaterialBytes.data()); + + SHA3_256 ctx; + ctx.Update(preImage.data(), preImage.size()); + bytes expected(32); + ctx.Final(expected.data()); + bytes test(32); + outRef.copyTo(&test); + BOOST_REQUIRE(expected == test); + } + + // token: sha3(outRef) + bytes token(32); + sha3(outRef, bytesRef(&token)); + BOOST_REQUIRE(token == fromHex("db41fe0180f372983cf19fca7ee890f7fb5481079d44683d2c027be9e71bbca2")); + + // aes-secret = sha3(ecdhe-shared-secret || shared-secret) + sha3(keyMaterial, outRef); // output aes-secret + bytes aesSecret(32); + outRef.copyTo(&aesSecret); + BOOST_REQUIRE(aesSecret == fromHex("12347b4784bcb4e74b84637940482852fe25d78e328cf5c6f7a396bf96cc20bb")); + m_frameEnc.SetKeyWithIV(outRef.data(), h128::size, h128().data()); + m_frameDec.SetKeyWithIV(outRef.data(), h128::size, h128().data()); + + // mac-secret = sha3(ecdhe-shared-secret || aes-secret) + sha3(keyMaterial, outRef); // output mac-secret + bytes macSecret(32); + outRef.copyTo(&macSecret); + BOOST_REQUIRE(macSecret == fromHex("2ec149072353d54437422837c886b0538a9206e6c559f6b4a55f65a866867723")); + m_macEnc.SetKey(outRef.data(), h256::size); + + // Initiator egress-mac: sha3(mac-secret^recipient-nonce || auth-sent-init) + // ingress-mac: sha3(mac-secret^initiator-nonce || auth-recvd-ack) + // Recipient egress-mac: sha3(mac-secret^initiator-nonce || auth-sent-ack) + // ingress-mac: sha3(mac-secret^recipient-nonce || auth-recvd-init) + + (*(h256*)outRef.data() ^ remoteNonce).ref().copyTo(keyMaterial); + bytes const& egressCipher = originated ? authCipher : ackCipher; + keyMaterialBytes.resize(h256::size + egressCipher.size()); + keyMaterial.retarget(keyMaterialBytes.data(), keyMaterialBytes.size()); + bytesConstRef(&egressCipher).copyTo(keyMaterial.cropped(h256::size, egressCipher.size())); + m_egressMac.Update(keyMaterial.data(), keyMaterial.size()); + + { + bytes egressMac; + SHA3_256 h(m_egressMac); + bytes digest(16); + h.TruncatedFinal(digest.data(), 16); + BOOST_REQUIRE(digest == fromHex("23e5e8efb6e3765ecae1fca9160b18df")); + } + + // recover mac-secret by re-xoring remoteNonce + (*(h256*)keyMaterial.data() ^ remoteNonce ^ nonce).ref().copyTo(keyMaterial); + bytes const& ingressCipher = originated ? ackCipher : authCipher; + keyMaterialBytes.resize(h256::size + ingressCipher.size()); + keyMaterial.retarget(keyMaterialBytes.data(), keyMaterialBytes.size()); + bytesConstRef(&ingressCipher).copyTo(keyMaterial.cropped(h256::size, ingressCipher.size())); + m_ingressMac.Update(keyMaterial.data(), keyMaterial.size()); + + { + bytes ingressMac; + SHA3_256 h(m_ingressMac); + bytes digest(16); + h.TruncatedFinal(digest.data(), 16); + BOOST_REQUIRE(digest == fromHex("ceed64135852064cbdde86e7ea05e8f5")); + } +} + +BOOST_AUTO_TEST_CASE(test_secrets_from_go) +{ + KeyPair init(Secret(fromHex("0x5e173f6ac3c669587538e7727cf19b782a4f2fda07c1eaa662c593e5e85e3051"))); + KeyPair initR(Secret(fromHex("0x19c2185f4f40634926ebed3af09070ca9e029f2edd5fae6253074896205f5f6c"))); + h256 initNonce(fromHex("0xcd26fecb93657d1cd9e9eaf4f8be720b56dd1d39f190c4e1c6b7ec66f077bb11")); + + KeyPair recv(Secret(fromHex("0xc45f950382d542169ea207959ee0220ec1491755abe405cd7498d6b16adb6df8"))); + KeyPair recvR(Secret(fromHex("0xd25688cf0ab10afa1a0e2dba7853ed5f1e5bf1c631757ed4e103b593ff3f5620"))); + h256 recvNonce(fromHex("0xf37ec61d84cea03dcc5e8385db93248584e8af4b4d1c832d8c7453c0089687a7")); + + bytes authCipher(fromHex("0x04a0274c5951e32132e7f088c9bdfdc76c9d91f0dc6078e848f8e3361193dbdc43b94351ea3d89e4ff33ddcefbc80070498824857f499656c4f79bbd97b6c51a514251d69fd1785ef8764bd1d262a883f780964cce6a14ff206daf1206aa073a2d35ce2697ebf3514225bef186631b2fd2316a4b7bcdefec8d75a1025ba2c5404a34e7795e1dd4bc01c6113ece07b0df13b69d3ba654a36e35e69ff9d482d88d2f0228e7d96fe11dccbb465a1831c7d4ad3a026924b182fc2bdfe016a6944312021da5cc459713b13b86a686cf34d6fe6615020e4acf26bf0d5b7579ba813e7723eb95b3cef9942f01a58bd61baee7c9bdd438956b426a4ffe238e61746a8c93d5e10680617c82e48d706ac4953f5e1c4c4f7d013c87d34a06626f498f34576dc017fdd3d581e83cfd26cf125b6d2bda1f1d56")); + bytes ackCipher(fromHex("0x049934a7b2d7f9af8fd9db941d9da281ac9381b5740e1f64f7092f3588d4f87f5ce55191a6653e5e80c1c5dd538169aa123e70dc6ffc5af1827e546c0e958e42dad355bcc1fcb9cdf2cf47ff524d2ad98cbf275e661bf4cf00960e74b5956b799771334f426df007350b46049adb21a6e78ab1408d5e6ccde6fb5e69f0f4c92bb9c725c02f99fa72b9cdc8dd53cff089e0e73317f61cc5abf6152513cb7d833f09d2851603919bf0fbe44d79a09245c6e8338eb502083dc84b846f2fee1cc310d2cc8b1b9334728f97220bb799376233e113")); + + bytes authPlainExpected(fromHex("0x884c36f7ae6b406637c1f61b2f57e1d2cab813d24c6559aaf843c3f48962f32f46662c066d39669b7b2e3ba14781477417600e7728399278b1b5d801a519aa570034fdb5419558137e0d44cd13d319afe5629eeccb47fd9dfe55cc6089426e46cc762dd8a0636e07a54b31169eba0c7a20a1ac1ef68596f1f283b5c676bae4064abfcce24799d09f67e392632d3ffdc12e3d6430dcb0ea19c318343ffa7aae74d4cd26fecb93657d1cd9e9eaf4f8be720b56dd1d39f190c4e1c6b7ec66f077bb1100")); + bytes ackPlainExpected(fromHex("0x802b052f8b066640bba94a4fc39d63815c377fced6fcb84d27f791c9921ddf3e9bf0108e298f490812847109cbd778fae393e80323fd643209841a3b7f110397f37ec61d84cea03dcc5e8385db93248584e8af4b4d1c832d8c7453c0089687a700")); + + bytes authPlain = authCipher; + BOOST_REQUIRE(s_secp256k1.decryptECIES(recv.sec(), authPlain)); + bytes ackPlain = ackCipher; + BOOST_REQUIRE(s_secp256k1.decryptECIES(init.sec(), ackPlain)); + + CryptoPP::CTR_Mode::Encryption m_frameEnc; + CryptoPP::CTR_Mode::Encryption m_frameDec; + CryptoPP::ECB_Mode::Encryption m_macEnc; + CryptoPP::SHA3_256 m_egressMac; + CryptoPP::SHA3_256 m_ingressMac; + + // when originated is true, agreement is with init secrets + // when originated is true, remoteNonce = recvNonce + // when originated is true, nonce = initNonce + bool originated = true; + auto remoteNonce = recvNonce; + auto nonce = initNonce; + bytes keyMaterialBytes(64); + bytesRef keyMaterial(&keyMaterialBytes); + + // shared-secret = sha3(ecdhe-shared-secret || sha3(nonce || initiator-nonce)) + Secret ephemeralShared; + s_secp256k1.agree(initR.sec(), recvR.pub(), ephemeralShared); + Secret expected(fromHex("0xe3f407f83fc012470c26a93fdff534100f2c6f736439ce0ca90e9914f7d1c381")); + BOOST_REQUIRE(expected == ephemeralShared); + + ephemeralShared.ref().copyTo(keyMaterial.cropped(0, h256::size)); + h512 nonceMaterial; + h256 const& leftNonce = originated ? remoteNonce : nonce; + h256 const& rightNonce = originated ? nonce : remoteNonce; + leftNonce.ref().copyTo(nonceMaterial.ref().cropped(0, h256::size)); + rightNonce.ref().copyTo(nonceMaterial.ref().cropped(h256::size, h256::size)); + auto outRef(keyMaterial.cropped(h256::size, h256::size)); + sha3(nonceMaterial.ref(), outRef); // output h(nonces) + + // test that keyMaterial = ecdhe-shared-secret || sha3(nonce || initiator-nonce) + { + BOOST_REQUIRE(ephemeralShared == *(Secret*)keyMaterialBytes.data()); + + SHA3_256 ctx; + ctx.Update(leftNonce.data(), h256::size); + ctx.Update(rightNonce.data(), h256::size); + bytes expected(32); + ctx.Final(expected.data()); + bytes given(32); + outRef.copyTo(&given); + BOOST_REQUIRE(expected == given); + } + bytes preImage(keyMaterialBytes); + + // shared-secret <- sha3(ecdhe-shared-secret || sha3(nonce || initiator-nonce)) + // keyMaterial = ecdhe-shared-secret || shared-secret + sha3(keyMaterial, outRef); + + // test that keyMaterial = ecdhe-shared-secret || shared-secret + { + BOOST_REQUIRE(ephemeralShared == *(Secret*)keyMaterialBytes.data()); + + SHA3_256 ctx; + ctx.Update(preImage.data(), preImage.size()); + bytes expected(32); + ctx.Final(expected.data()); + bytes test(32); + outRef.copyTo(&test); + BOOST_REQUIRE(expected == test); + } + + // token: sha3(outRef) + bytes token(32); + sha3(outRef, bytesRef(&token)); + BOOST_REQUIRE(token == fromHex("0x3f9ec2592d1554852b1f54d228f042ed0a9310ea86d038dc2b401ba8cd7fdac4")); + + // aes-secret = sha3(ecdhe-shared-secret || shared-secret) + sha3(keyMaterial, outRef); // output aes-secret + bytes aesSecret(32); + outRef.copyTo(&aesSecret); + BOOST_REQUIRE(aesSecret == fromHex("0xc0458fa97a5230830e05f4f20b7c755c1d4e54b1ce5cf43260bb191eef4e418d")); + m_frameEnc.SetKeyWithIV(outRef.data(), h128::size, h128().data()); + m_frameDec.SetKeyWithIV(outRef.data(), h128::size, h128().data()); + + // mac-secret = sha3(ecdhe-shared-secret || aes-secret) + sha3(keyMaterial, outRef); // output mac-secret + bytes macSecret(32); + outRef.copyTo(&macSecret); + BOOST_REQUIRE(macSecret == fromHex("0x48c938884d5067a1598272fcddaa4b833cd5e7d92e8228c0ecdfabbe68aef7f1")); + m_macEnc.SetKey(outRef.data(), h256::size); + + // Initiator egress-mac: sha3(mac-secret^recipient-nonce || auth-sent-init) + // ingress-mac: sha3(mac-secret^initiator-nonce || auth-recvd-ack) + // Recipient egress-mac: sha3(mac-secret^initiator-nonce || auth-sent-ack) + // ingress-mac: sha3(mac-secret^recipient-nonce || auth-recvd-init) + + (*(h256*)outRef.data() ^ remoteNonce).ref().copyTo(keyMaterial); + bytes const& egressCipher = originated ? authCipher : ackCipher; + keyMaterialBytes.resize(h256::size + egressCipher.size()); + keyMaterial.retarget(keyMaterialBytes.data(), keyMaterialBytes.size()); + bytesConstRef(&egressCipher).copyTo(keyMaterial.cropped(h256::size, egressCipher.size())); + m_egressMac.Update(keyMaterialBytes.data(), keyMaterialBytes.size()); + + { + bytes egressMac; + SHA3_256 h(m_egressMac); + bytes digest(32); + h.Final(digest.data()); + BOOST_REQUIRE(digest == fromHex("0x09771e93b1a6109e97074cbe2d2b0cf3d3878efafe68f53c41bb60c0ec49097e")); + } + + // recover mac-secret by re-xoring remoteNonce + bytes recoverMacSecretTest(32); + (*(h256*)keyMaterial.data() ^ remoteNonce).ref().copyTo(&recoverMacSecretTest); + BOOST_REQUIRE(recoverMacSecretTest == macSecret); + + (*(h256*)keyMaterial.data() ^ remoteNonce ^ nonce).ref().copyTo(keyMaterial); + bytes const& ingressCipher = originated ? ackCipher : authCipher; + keyMaterialBytes.resize(h256::size + ingressCipher.size()); + keyMaterial.retarget(keyMaterialBytes.data(), keyMaterialBytes.size()); + bytesConstRef(&ingressCipher).copyTo(keyMaterial.cropped(h256::size, ingressCipher.size())); + m_ingressMac.Update(keyMaterial.data(), keyMaterial.size()); + + { + bytes ingressMac; + SHA3_256 h(m_ingressMac); + bytes digest(32); + h.Final(digest.data()); + BOOST_CHECK(digest == fromHex("0x75823d96e23136c89666ee025fb21a432be906512b3dd4a3049e898adb433847")); + } + +// bytes initHello(fromHex("6ef23fcf1cec7312df623f9ae701e63b550cdb8517fefd8dd398fc2acd1d935e6e0434a2b96769078477637347b7b01924fff9ff1c06df2f804df3b0402bbb9f87365b3c6856b45e1e2b6470986813c3816a71bff9d69dd297a5dbd935ab578f6e5d7e93e4506a44f307c332d95e8a4b102585fd8ef9fc9e3e055537a5cec2e9")); +// +// bytes recvHello(fromHex("6ef23fcf1cec7312df623f9ae701e63be36a1cdd1b19179146019984f3625d4a6e0434a2b96769050577657247b7b02bc6c314470eca7e3ef650b98c83e9d7dd4830b3f718ff562349aead2530a8d28a8484604f92e5fced2c6183f304344ab0e7c301a0c05559f4c25db65e36820b4b909a226171a60ac6cb7beea09376d6d8")); +} + +BOOST_AUTO_TEST_CASE(ecies_interop_test_primitives) +{ + CryptoPP::SHA256 sha256ctx; + bytes emptyExpected(fromHex("0xe3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")); + bytes empty; + sha256ctx.Update(empty.data(), 0); + bytes emptyTestOut(32); + sha256ctx.Final(emptyTestOut.data()); + BOOST_REQUIRE(emptyExpected == emptyTestOut); + + bytes hash1Expected(fromHex("0x8949b278bbafb8da1aaa18cb724175c5952280f74be5d29ab4b37d1b45c84b08")); + bytes hash1input(fromHex("0x55a53b55afb12affff3c")); + sha256ctx.Update(hash1input.data(), hash1input.size()); + bytes hash1Out(32); + sha256ctx.Final(hash1Out.data()); + BOOST_REQUIRE(hash1Out == hash1Expected); + + h128 hmack(fromHex("0x07a4b6dfa06369a570f2dcba2f11a18f")); + CryptoPP::HMAC hmacctx(hmack.data(), h128::size); + bytes input(fromHex("0x4dcb92ed4fc67fe86832")); + hmacctx.Update(input.data(), input.size()); + bytes hmacExpected(fromHex("0xc90b62b1a673b47df8e395e671a68bfa68070d6e2ef039598bb829398b89b9a9")); + bytes hmacOut(hmacExpected.size()); + hmacctx.Final(hmacOut.data()); + BOOST_REQUIRE(hmacExpected == hmacOut); + + // go messageTag + bytes tagSecret(fromHex("0xaf6623e52208c596e17c72cea6f1cb09")); + bytes tagInput(fromHex("0x3461282bcedace970df2")); + bytes tagExpected(fromHex("0xb3ce623bce08d5793677ba9441b22bb34d3e8a7de964206d26589df3e8eb5183")); + CryptoPP::HMAC hmactagctx(tagSecret.data(), tagSecret.size()); + hmactagctx.Update(tagInput.data(), tagInput.size()); + h256 mac; + hmactagctx.Final(mac.data()); + BOOST_REQUIRE(mac.asBytes() == tagExpected); + + Secret input1(fromHex("0x0de72f1223915fa8b8bf45dffef67aef8d89792d116eb61c9a1eb02c422a4663")); + bytes expect1(fromHex("0x1d0c446f9899a3426f2b89a8cb75c14b")); + bytes test1; + test1 = s_secp256k1.eciesKDF(input1, bytes(), 16); + BOOST_REQUIRE(test1 == expect1); + + Secret kdfInput2(fromHex("0x961c065873443014e0371f1ed656c586c6730bf927415757f389d92acf8268df")); + bytes kdfExpect2(fromHex("0x4050c52e6d9c08755e5a818ac66fabe478b825b1836fd5efc4d44e40d04dabcc")); + bytes kdfTest2; + kdfTest2 = s_secp256k1.eciesKDF(kdfInput2, bytes(), 32); + BOOST_REQUIRE(kdfTest2 == kdfExpect2); + + KeyPair k(Secret(fromHex("0x332143e9629eedff7d142d741f896258f5a1bfab54dab2121d3ec5000093d74b"))); + Public p(fromHex("0xf0d2b97981bd0d415a843b5dfe8ab77a30300daab3658c578f2340308a2da1a07f0821367332598b6aa4e180a41e92f4ebbae3518da847f0b1c0bbfe20bcf4e1")); + Secret agreeExpected(fromHex("0xee1418607c2fcfb57fda40380e885a707f49000a5dda056d828b7d9bd1f29a08")); + Secret agreeTest; + s_secp256k1.agree(k.sec(), p, agreeTest); + BOOST_REQUIRE(agreeExpected == agreeTest); + + KeyPair kmK(Secret(fromHex("0x57baf2c62005ddec64c357d96183ebc90bf9100583280e848aa31d683cad73cb"))); + bytes kmCipher(fromHex("0x04ff2c874d0a47917c84eea0b2a4141ca95233720b5c70f81a8415bae1dc7b746b61df7558811c1d6054333907333ef9bb0cc2fbf8b34abb9730d14e0140f4553f4b15d705120af46cf653a1dc5b95b312cf8444714f95a4f7a0425b67fc064d18f4d0a528761565ca02d97faffdac23de10")); + bytes kmPlain = kmCipher; + bytes kmExpected(asBytes("a")); + BOOST_REQUIRE(s_secp256k1.decryptECIES(kmK.sec(), kmPlain)); + BOOST_REQUIRE(kmExpected == kmPlain); + + KeyPair kenc(Secret(fromHex("0x472413e97f1fd58d84e28a559479e6b6902d2e8a0cee672ef38a3a35d263886b"))); + Public penc(Public(fromHex("0x7a2aa2951282279dc1171549a7112b07c38c0d97c0fe2c0ae6c4588ba15be74a04efc4f7da443f6d61f68a9279bc82b73e0cc8d090048e9f87e838ae65dd8d4c"))); + BOOST_REQUIRE(penc == kenc.pub()); + + bytes cipher1(fromHex("0x046f647e1bd8a5cd1446d31513bac233e18bdc28ec0e59d46de453137a72599533f1e97c98154343420d5f16e171e5107999a7c7f1a6e26f57bcb0d2280655d08fb148d36f1d4b28642d3bb4a136f0e33e3dd2e3cffe4b45a03fb7c5b5ea5e65617250fdc89e1a315563c20504b9d3a72555")); + bytes plainTest1 = cipher1; + bytes expectedPlain1 = asBytes("a"); + BOOST_REQUIRE(s_secp256k1.decryptECIES(kenc.sec(), plainTest1)); + BOOST_REQUIRE(plainTest1 == expectedPlain1); + + bytes cipher2(fromHex("0x0443c24d6ccef3ad095140760bb143078b3880557a06392f17c5e368502d79532bc18903d59ced4bbe858e870610ab0d5f8b7963dd5c9c4cf81128d10efd7c7aa80091563c273e996578403694673581829e25a865191bdc9954db14285b56eb0043b6288172e0d003c10f42fe413222e273d1d4340c38a2d8344d7aadcbc846ee")); + bytes plainTest2 = cipher2; + bytes expectedPlain2 = asBytes("aaaaaaaaaaaaaaaa"); + BOOST_REQUIRE(s_secp256k1.decryptECIES(kenc.sec(), plainTest2)); + BOOST_REQUIRE(plainTest2 == expectedPlain2); + + bytes cipher3(fromHex("0x04c4e40c86bb5324e017e598c6d48c19362ae527af8ab21b077284a4656c8735e62d73fb3d740acefbec30ca4c024739a1fcdff69ecaf03301eebf156eb5f17cca6f9d7a7e214a1f3f6e34d1ee0ec00ce0ef7d2b242fbfec0f276e17941f9f1bfbe26de10a15a6fac3cda039904ddd1d7e06e7b96b4878f61860e47f0b84c8ceb64f6a900ff23844f4359ae49b44154980a626d3c73226c19e")); + bytes plainTest3 = cipher3; + bytes expectedPlain3 = asBytes("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); + BOOST_REQUIRE(s_secp256k1.decryptECIES(kenc.sec(), plainTest3)); + BOOST_REQUIRE(plainTest3 == expectedPlain3); +} + +BOOST_AUTO_TEST_SUITE_END() + From 5d8e80032416565df10efd2f3060b3891ac5a337 Mon Sep 17 00:00:00 2001 From: subtly Date: Thu, 5 Mar 2015 03:07:14 +0100 Subject: [PATCH 12/20] authenticated capability (hello) and handshake authentication --- rlpx.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rlpx.cpp b/rlpx.cpp index d845911f4..1cdde4320 100644 --- a/rlpx.cpp +++ b/rlpx.cpp @@ -141,7 +141,7 @@ BOOST_AUTO_TEST_CASE(test_secrets_cpp_vectors) bytes macSecret(32); outRef.copyTo(&macSecret); BOOST_REQUIRE(macSecret == fromHex("2ec149072353d54437422837c886b0538a9206e6c559f6b4a55f65a866867723")); - m_macEnc.SetKey(outRef.data(), h256::size); + m_macEnc.SetKey(outRef.data(), h128::size); // Initiator egress-mac: sha3(mac-secret^recipient-nonce || auth-sent-init) // ingress-mac: sha3(mac-secret^initiator-nonce || auth-recvd-ack) From 517a77f9b4b98ea1786a32522be9583da4067d7a Mon Sep 17 00:00:00 2001 From: subtly Date: Thu, 5 Mar 2015 23:27:31 +0100 Subject: [PATCH 13/20] test header macs --- rlpx.cpp | 45 ++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 42 insertions(+), 3 deletions(-) diff --git a/rlpx.cpp b/rlpx.cpp index 1cdde4320..593613106 100644 --- a/rlpx.cpp +++ b/rlpx.cpp @@ -323,9 +323,48 @@ BOOST_AUTO_TEST_CASE(test_secrets_from_go) BOOST_CHECK(digest == fromHex("0x75823d96e23136c89666ee025fb21a432be906512b3dd4a3049e898adb433847")); } -// bytes initHello(fromHex("6ef23fcf1cec7312df623f9ae701e63b550cdb8517fefd8dd398fc2acd1d935e6e0434a2b96769078477637347b7b01924fff9ff1c06df2f804df3b0402bbb9f87365b3c6856b45e1e2b6470986813c3816a71bff9d69dd297a5dbd935ab578f6e5d7e93e4506a44f307c332d95e8a4b102585fd8ef9fc9e3e055537a5cec2e9")); -// -// bytes recvHello(fromHex("6ef23fcf1cec7312df623f9ae701e63be36a1cdd1b19179146019984f3625d4a6e0434a2b96769050577657247b7b02bc6c314470eca7e3ef650b98c83e9d7dd4830b3f718ff562349aead2530a8d28a8484604f92e5fced2c6183f304344ab0e7c301a0c05559f4c25db65e36820b4b909a226171a60ac6cb7beea09376d6d8")); + bytes initHello(fromHex("6ef23fcf1cec7312df623f9ae701e63b550cdb8517fefd8dd398fc2acd1d935e6e0434a2b96769078477637347b7b01924fff9ff1c06df2f804df3b0402bbb9f87365b3c6856b45e1e2b6470986813c3816a71bff9d69dd297a5dbd935ab578f6e5d7e93e4506a44f307c332d95e8a4b102585fd8ef9fc9e3e055537a5cec2e9")); + + bytes recvHello(fromHex("6ef23fcf1cec7312df623f9ae701e63be36a1cdd1b19179146019984f3625d4a6e0434a2b96769050577657247b7b02bc6c314470eca7e3ef650b98c83e9d7dd4830b3f718ff562349aead2530a8d28a8484604f92e5fced2c6183f304344ab0e7c301a0c05559f4c25db65e36820b4b909a226171a60ac6cb7beea09376d6d8")); + + /// test macs of frame headers + { + SHA3_256 egressmac(m_egressMac); + SHA3_256 prevDigest(egressmac); + h128 prevDigestOut; + prevDigest.TruncatedFinal(prevDigestOut.data(), h128::size); + h128 encDigest; + m_macEnc.ProcessData(encDigest.data(), prevDigestOut.data(), h128::size); + encDigest ^= *(h128*)initHello.data(); + egressmac.Update(encDigest.data(), h128::size); + egressmac.TruncatedFinal(encDigest.data(), h128::size); + + bytes provided(16); + bytesConstRef(&initHello).cropped(16, 16).copyTo(bytesRef(&provided)); + BOOST_REQUIRE(*(h128*)encDigest.data() == *(h128*)provided.data()); + } + + { + SHA3_256 ingressmac(m_ingressMac); + SHA3_256 prevDigest(ingressmac); + h128 prevDigestOut; + prevDigest.TruncatedFinal(prevDigestOut.data(), h128::size); + h128 encDigest; + m_macEnc.ProcessData(encDigest.data(), prevDigestOut.data(), h128::size); + encDigest ^= *(h128*)recvHello.data(); + ingressmac.Update(encDigest.data(), h128::size); + ingressmac.TruncatedFinal(encDigest.data(), h128::size); + + bytes provided(16); + bytesConstRef(&recvHello).cropped(16, 16).copyTo(bytesRef(&provided)); + BOOST_REQUIRE(*(h128*)encDigest.data() == *(h128*)provided.data()); + } + + // test decrypt of frame headers for recvHello + bytes plaintext(16); + m_frameDec.ProcessData(plaintext.data(), recvHello.data(), h128::size); + cout << "decrypt recv got: " << *(h128*)plaintext.data(); + } BOOST_AUTO_TEST_CASE(ecies_interop_test_primitives) From 1e91b7d1deabd69bcc969e98a128edf71f35c780 Mon Sep 17 00:00:00 2001 From: subtly Date: Fri, 6 Mar 2015 07:08:34 +0100 Subject: [PATCH 14/20] separate packet type. add coding. --- peer.cpp | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/peer.cpp b/peer.cpp index 7f3c19e1e..0fe3fd1ed 100644 --- a/peer.cpp +++ b/peer.cpp @@ -32,6 +32,9 @@ BOOST_AUTO_TEST_SUITE(p2p) BOOST_AUTO_TEST_CASE(host) { + auto oldLogVerbosity = g_logVerbosity; + g_logVerbosity = 10; + NetworkPreferences host1prefs(30301, "127.0.0.1", true, true); NetworkPreferences host2prefs(30302, "127.0.0.1", true, true); @@ -44,10 +47,14 @@ BOOST_AUTO_TEST_CASE(host) host1.addNode(node2, "127.0.0.1", host2prefs.listenPort, host2prefs.listenPort); - this_thread::sleep_for(chrono::seconds(1)); + this_thread::sleep_for(chrono::seconds(3)); - BOOST_REQUIRE_EQUAL(host1.peerCount(), 1); - BOOST_REQUIRE_EQUAL(host2.peerCount(), host1.peerCount()); + auto host1peerCount = host1.peerCount(); + auto host2peerCount = host2.peerCount(); + BOOST_REQUIRE_EQUAL(host1peerCount, 1); + BOOST_REQUIRE_EQUAL(host2peerCount, 1); + + g_logVerbosity = oldLogVerbosity; } BOOST_AUTO_TEST_CASE(save_nodes) @@ -71,7 +78,7 @@ BOOST_AUTO_TEST_CASE(save_nodes) for (auto const& h: hosts) host2.addNode(h->id(), "127.0.0.1", h->listenPort(), h->listenPort()); - this_thread::sleep_for(chrono::milliseconds(1000)); + this_thread::sleep_for(chrono::milliseconds(2000)); bytes firstHostNetwork(host.saveNetwork()); bytes secondHostNetwork(host.saveNetwork()); From 587e544063da2f14819f15d2a55859305fa80e00 Mon Sep 17 00:00:00 2001 From: subtly Date: Sun, 8 Mar 2015 13:45:23 +0100 Subject: [PATCH 15/20] fix kdf test --- crypto.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto.cpp b/crypto.cpp index c20b4c51f..a844cbf09 100644 --- a/crypto.cpp +++ b/crypto.cpp @@ -267,14 +267,14 @@ BOOST_AUTO_TEST_CASE(ecies_kdf) // nonce Secret z1; ecdh::agree(local.sec(), remote.pub(), z1); - auto key1 = s_secp256k1.eciesKDF(z1, bytes(), 512); + auto key1 = s_secp256k1.eciesKDF(z1, bytes(), 64); bytesConstRef eKey1 = bytesConstRef(&key1).cropped(0, 32); bytesRef mKey1 = bytesRef(&key1).cropped(32, 32); sha3(mKey1, mKey1); Secret z2; ecdh::agree(remote.sec(), local.pub(), z2); - auto key2 = s_secp256k1.eciesKDF(z2, bytes(), 512); + auto key2 = s_secp256k1.eciesKDF(z2, bytes(), 64); bytesConstRef eKey2 = bytesConstRef(&key2).cropped(0, 32); bytesRef mKey2 = bytesRef(&key2).cropped(32, 32); sha3(mKey2, mKey2); From ee02d25453b0abe3ed6c20138517d1c7a21c0aed Mon Sep 17 00:00:00 2001 From: subtly Date: Sun, 8 Mar 2015 13:48:49 +0100 Subject: [PATCH 16/20] coding standards --- crypto.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/crypto.cpp b/crypto.cpp index a844cbf09..2d7121f89 100644 --- a/crypto.cpp +++ b/crypto.cpp @@ -658,9 +658,9 @@ BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr) BOOST_REQUIRE(text != original); cipherCopy = text; } - catch(CryptoPP::Exception& e) + catch (CryptoPP::Exception& _e) { - cerr << e.what() << endl; + cerr << _e.what() << endl; } try @@ -670,9 +670,9 @@ BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr) d.ProcessData(out, in, text.size()); BOOST_REQUIRE(text == original); } - catch(CryptoPP::Exception& e) + catch (CryptoPP::Exception& _e) { - cerr << e.what() << endl; + cerr << _e.what() << endl; } @@ -690,9 +690,9 @@ BOOST_AUTO_TEST_CASE(cryptopp_aes128_ctr) // yep, ctr mode. BOOST_REQUIRE(cipherCopy == original); } - catch(CryptoPP::Exception& e) + catch (CryptoPP::Exception& _e) { - cerr << e.what() << endl; + cerr << _e.what() << endl; } } From 1c53a9107c65ee650368c003a36008f5f448349e Mon Sep 17 00:00:00 2001 From: subtly Date: Mon, 9 Mar 2015 18:14:49 +0100 Subject: [PATCH 17/20] bugfix and doc clarification. fix test. --- crypto.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto.cpp b/crypto.cpp index 2d7121f89..dbbc2dfa0 100644 --- a/crypto.cpp +++ b/crypto.cpp @@ -299,7 +299,7 @@ BOOST_AUTO_TEST_CASE(ecies_standard) s_secp256k1.encryptECIES(k.pub(), b); BOOST_REQUIRE(b != asBytes(original)); - BOOST_REQUIRE(b.size() > 0 && ((u128)h128(b)) > 0); + BOOST_REQUIRE(b.size() > 0 && b[0] == 0x04); s_secp256k1.decryptECIES(k.sec(), b); BOOST_REQUIRE(bytesConstRef(&b).cropped(0, original.size()).toBytes() == asBytes(original)); From ac6431e0888bc6c857bfa0cfcae41466fad4e27a Mon Sep 17 00:00:00 2001 From: subtly Date: Mon, 9 Mar 2015 19:06:01 +0100 Subject: [PATCH 18/20] replace go counter logic. remove dead test code. --- rlpx.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/rlpx.cpp b/rlpx.cpp index 593613106..6a86652fb 100644 --- a/rlpx.cpp +++ b/rlpx.cpp @@ -363,7 +363,6 @@ BOOST_AUTO_TEST_CASE(test_secrets_from_go) // test decrypt of frame headers for recvHello bytes plaintext(16); m_frameDec.ProcessData(plaintext.data(), recvHello.data(), h128::size); - cout << "decrypt recv got: " << *(h128*)plaintext.data(); } From 23400e99ebc156349416711d44f52910a4afcddb Mon Sep 17 00:00:00 2001 From: winsvega Date: Tue, 10 Mar 2015 14:38:17 +0300 Subject: [PATCH 19/20] State Init And Transaction Tests fixed to poc9 --- stInitCodeTestFiller.json | 46 +++++------ stTransactionTestFiller.json | 147 ++++++++++++++++++++++++++++++++--- ttTransactionTestFiller.json | 6 +- 3 files changed, 162 insertions(+), 37 deletions(-) diff --git a/stInitCodeTestFiller.json b/stInitCodeTestFiller.json index 902290121..cb1b4d14a 100644 --- a/stInitCodeTestFiller.json +++ b/stInitCodeTestFiller.json @@ -1,5 +1,5 @@ { - "TransactionContractCreation" : { + "TransactionCreateRandomInitCode" : { "env" : { "currentCoinbase" : "2adc25665018aa1fe0e6bc666dac8fc2697ff9ba", "currentDifficulty" : "45678256", @@ -58,7 +58,7 @@ "nonce" : "0", "secretKey" : "45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8", "to" : "", - "value" : "1" + "value" : "100" } }, @@ -66,7 +66,7 @@ "env" : { "currentCoinbase" : "2adc25665018aa1fe0e6bc666dac8fc2697ff9ba", "currentDifficulty" : "45678256", - "currentGasLimit" : "1000000", + "currentGasLimit" : "100000000", "currentNumber" : "0", "currentTimestamp" : 1, "previousHash" : "5e20a0453cecd065ea59c37ac63e079ee08998b6045136a8ce6635c7912ec0b6" @@ -74,7 +74,7 @@ "pre" : { "a94f5374fce5edbc8e2a8697c15331677e6ebf0b" : { - "balance" : "70000", + "balance" : "1000000", "code" : "", "nonce" : "0", "storage" : { @@ -84,7 +84,7 @@ "transaction" : { "data" : "0x600a80600c6000396000f200600160008035811a8100", - "gasLimit" : "21590", + "gasLimit" : "22000", "gasPrice" : "3", "nonce" : "0", "secretKey" : "45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8", @@ -123,7 +123,7 @@ } }, - "TransactionSuicideInitCode" : { + "TransactionCreateAutoSuicideContract" : { "env" : { "currentCoinbase" : "2adc25665018aa1fe0e6bc666dac8fc2697ff9ba", "currentDifficulty" : "45678256", @@ -150,11 +150,11 @@ "nonce" : "0", "secretKey" : "45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8", "to" : "", - "value" : "1" + "value" : "15" } }, - "TransactionStopInitCode" : { + "TransactionCreateStopInInitcode" : { "env" : { "currentCoinbase" : "2adc25665018aa1fe0e6bc666dac8fc2697ff9ba", "currentDifficulty" : "45678256", @@ -185,7 +185,7 @@ } }, - "TransactionCreateSuicideContract" : { + "TransactionCreateSuicideInInitcode" : { "env" : { "currentCoinbase" : "2adc25665018aa1fe0e6bc666dac8fc2697ff9ba", "currentDifficulty" : "45678256", @@ -220,7 +220,7 @@ "env" : { "currentCoinbase" : "2adc25665018aa1fe0e6bc666dac8fc2697ff9ba", "currentDifficulty" : "45678256", - "currentGasLimit" : "1000000", + "currentGasLimit" : "100000000", "currentNumber" : "0", "currentTimestamp" : 1, "previousHash" : "5e20a0453cecd065ea59c37ac63e079ee08998b6045136a8ce6635c7912ec0b6" @@ -235,7 +235,7 @@ }, "a94f5374fce5edbc8e2a8697c15331677e6ebf0b" : { - "balance" : "100000", + "balance" : "1000000", "code" : "", "nonce" : "0", "storage" : { @@ -245,7 +245,7 @@ "transaction" : { "data" : "0x00", - "gasLimit" : "40000", + "gasLimit" : "100000", "gasPrice" : "1", "nonce" : "0", "secretKey" : "45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8", @@ -258,7 +258,7 @@ "env" : { "currentCoinbase" : "2adc25665018aa1fe0e6bc666dac8fc2697ff9ba", "currentDifficulty" : "45678256", - "currentGasLimit" : "1000000", + "currentGasLimit" : "100000000", "currentNumber" : "0", "currentTimestamp" : 1, "previousHash" : "5e20a0453cecd065ea59c37ac63e079ee08998b6045136a8ce6635c7912ec0b6" @@ -273,7 +273,7 @@ }, "a94f5374fce5edbc8e2a8697c15331677e6ebf0b" : { - "balance" : "100000", + "balance" : "1000000", "code" : "", "nonce" : "0", "storage" : { @@ -283,7 +283,7 @@ "transaction" : { "data" : "0x00", - "gasLimit" : "40000", + "gasLimit" : "400000", "gasPrice" : "1", "nonce" : "0", "secretKey" : "45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8", @@ -347,7 +347,7 @@ "nonce": "0", "//": "(CREATE 0 64 32)", "//": "{[[0]] 12 (MSTORE 32 0x602060406000f0)(RETURN 57 7)}", - "code": "{(MSTORE 0 0x600c60005566602060406000f060205260076039f3)[[0]](CREATE 1 11 21)(CALL 500 (SLOAD 0) 1 0 0 0 0)}", + "code": "{(MSTORE 0 0x600c60005566602060406000f060205260076039f3)[[0]](CREATE 1 11 21)(CALL 50000 (SLOAD 0) 1 0 0 0 0)}", "storage": {} }, @@ -427,7 +427,7 @@ "nonce": "0", "//": "(CREATE 0 64 32)", "//": "{[[0]] 12 (MSTORE 32 0x602060406000f0)(RETURN 57 7)}", - "code": "{(MSTORE 0 0x600c60005566602060406000f060205260076039f3)[[0]](CREATE 1 11 21)(CALL 0 (SLOAD 0) 1 0 0 0 0)}", + "code": "{(MSTORE 0 0x600c60005566602060406000f060205260076039f3)[[0]](CREATE 1 11 21)(CALL 100000 (SLOAD 0) 1 0 0 0 0)}", "storage": {} }, @@ -442,7 +442,7 @@ "transaction" : { "data" : "0x00", - "gasLimit" : "20000000", + "gasLimit" : "1000000", "gasPrice" : "1", "nonce" : "0", "secretKey" : "45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8", @@ -463,11 +463,11 @@ "pre" : { "095e7baea6a6c7c4c2dfeb977efac326af552d87": { - "balance": "1000", + "balance": "10000", "nonce": "0", "//": "(CREATE 0 64 32)", "//": "{[[0]] 12 (MSTORE 32 0x602060406000f0)(RETURN 57 7)}", - "code": "{(MSTORE 0 0x600c60005566602060406000f060205260076039f3)[[0]](CREATE 1001 11 21)}", + "code": "{(MSTORE 0 0x600c60005566602060406000f060205260076039f3)[[0]](CREATE 100000 11 21)}", "storage": {} }, @@ -534,7 +534,7 @@ "env" : { "currentCoinbase" : "2adc25665018aa1fe0e6bc666dac8fc2697ff9ba", "currentDifficulty" : "45678256", - "currentGasLimit" : "100000000", + "currentGasLimit" : "1000000000", "currentNumber" : "0", "currentTimestamp" : 1, "previousHash" : "5e20a0453cecd065ea59c37ac63e079ee08998b6045136a8ce6635c7912ec0b6" @@ -542,7 +542,7 @@ "pre" : { "a94f5374fce5edbc8e2a8697c15331677e6ebf0b" : { - "balance" : "100000", + "balance" : "1000000", "code" : "{(MSTORE 0 0x15)(CALL 7000 0xb94f5374fce5edbc8e2a8697c15331677e6ebf0b 0 0 32 32 32) (RETURN 0 64)}", "nonce" : "0", "storage" : { @@ -560,7 +560,7 @@ "transaction" : { "data" : "", - "gasLimit" : "25000", + "gasLimit" : "250000", "gasPrice" : "1", "nonce" : "0", "secretKey" : "45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8", diff --git a/stTransactionTestFiller.json b/stTransactionTestFiller.json index 9bd7436bc..a69f0df27 100644 --- a/stTransactionTestFiller.json +++ b/stTransactionTestFiller.json @@ -514,7 +514,7 @@ "transaction" : { "data" : "", - "gasLimit" : "21100", + "gasLimit" : "23000", "gasPrice" : "1", "nonce" : "", "secretKey" : "45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8", @@ -535,7 +535,7 @@ "pre" : { "a94f5374fce5edbc8e2a8697c15331677e6ebf0b" : { - "balance" : "22000", + "balance" : "1000000", "code" : "", "nonce" : "0", "storage" : { @@ -545,7 +545,7 @@ "c94f5374fce5edbc8e2a8697c15331677e6ebf0b" : { "balance" : "10", "//" : "gas = 19 going OOG, gas = 20 fine", - "code" : "{ (CALL 19 0 1 0 0 0 0) }", + "code" : "{ (CALL 40000 0 1 0 0 0 0) }", "nonce" : "0", "storage" : { } @@ -574,7 +574,67 @@ "transaction" : { "data" : "", - "gasLimit" : "21100", + "gasLimit" : "160000", + "gasPrice" : "1", + "nonce" : "", + "secretKey" : "45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8", + "to" : "c94f5374fce5edbc8e2a8697c15331677e6ebf0b", + "value" : "10" + } + }, + + "InternlCallStoreClearsSucces" : { + "env" : { + "currentCoinbase" : "b94f5374fce5edbc8e2a8697c15331677e6ebf0b", + "currentDifficulty" : "45678256", + "currentGasLimit" : "1000000", + "currentNumber" : "0", + "currentTimestamp" : 1, + "previousHash" : "5e20a0453cecd065ea59c37ac63e079ee08998b6045136a8ce6635c7912ec0b6" + }, + "pre" : + { + "a94f5374fce5edbc8e2a8697c15331677e6ebf0b" : { + "balance" : "1000000", + "code" : "", + "nonce" : "0", + "storage" : { + } + }, + + "c94f5374fce5edbc8e2a8697c15331677e6ebf0b" : { + "balance" : "10", + "//" : "gas = 19 going OOG, gas = 20 fine", + "code" : "{ (CALL 100000 0 1 0 0 0 0) }", + "nonce" : "0", + "storage" : { + } + }, + + "0000000000000000000000000000000000000000" : { + "balance" : "0", + "code" : "{(SSTORE 0 0)(SSTORE 1 0)(SSTORE 2 0)(SSTORE 3 0)(SSTORE 4 0)(SSTORE 5 0)(SSTORE 6 0)(SSTORE 7 0)(SSTORE 8 0)(SSTORE 9 0)}", + "nonce" : "0", + "storage" : { + "0x" : "0x0c", + "0x01" : "0x0c", + "0x02" : "0x0c", + "0x03" : "0x0c", + "0x04" : "0x0c", + "0x05" : "0x0c", + "0x06" : "0x0c", + "0x07" : "0x0c", + "0x08" : "0x0c", + "0x09" : "0x0c" + } + } + + }, + + "transaction" : + { + "data" : "", + "gasLimit" : "160000", "gasPrice" : "1", "nonce" : "", "secretKey" : "45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8", @@ -605,7 +665,7 @@ "c94f5374fce5edbc8e2a8697c15331677e6ebf0b" : { "balance" : "10", "//" : "gas = 19 going OOG, gas = 20 fine", - "code" : "{(SSTORE 0 0)(SSTORE 1 0)(SSTORE 2 0)(SSTORE 3 0) (CALL 19 0 1 0 0 0 0) }", + "code" : "{(SSTORE 0 0)(SSTORE 1 0)(SSTORE 2 0)(SSTORE 3 0) (CALL 20000 0 1 0 0 0 0) }", "nonce" : "0", "storage" : { "0x" : "0x0c", @@ -639,7 +699,72 @@ "transaction" : { "data" : "", - "gasLimit" : "23000", + "gasLimit" : "200000", + "gasPrice" : "1", + "nonce" : "", + "secretKey" : "45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8", + "to" : "c94f5374fce5edbc8e2a8697c15331677e6ebf0b", + "value" : "10" + } + }, + + "StoreClearsAndInternlCallStoreClearsSuccess" : { + "env" : { + "currentCoinbase" : "b94f5374fce5edbc8e2a8697c15331677e6ebf0b", + "currentDifficulty" : "45678256", + "currentGasLimit" : "10000000", + "currentNumber" : "0", + "currentTimestamp" : 1, + "previousHash" : "5e20a0453cecd065ea59c37ac63e079ee08998b6045136a8ce6635c7912ec0b6" + }, + "pre" : + { + "a94f5374fce5edbc8e2a8697c15331677e6ebf0b" : { + "balance" : "500000", + "code" : "", + "nonce" : "0", + "storage" : { + } + }, + + "c94f5374fce5edbc8e2a8697c15331677e6ebf0b" : { + "balance" : "10", + "//" : "gas = 19 going OOG, gas = 20 fine", + "code" : "{(SSTORE 0 0)(SSTORE 1 0)(SSTORE 2 0)(SSTORE 3 0) (CALL 50000 0 1 0 0 0 0) }", + "nonce" : "0", + "storage" : { + "0x" : "0x0c", + "0x01" : "0x0c", + "0x02" : "0x0c", + "0x03" : "0x0c", + "0x04" : "0x0c" + } + }, + + "0000000000000000000000000000000000000000" : { + "balance" : "0", + "code" : "{(SSTORE 0 0)(SSTORE 1 0)(SSTORE 2 0)(SSTORE 3 0)(SSTORE 4 0)(SSTORE 5 0)(SSTORE 6 0)(SSTORE 7 0)(SSTORE 8 0)(SSTORE 9 0)}", + "nonce" : "0", + "storage" : { + "0x" : "0x0c", + "0x01" : "0x0c", + "0x02" : "0x0c", + "0x03" : "0x0c", + "0x04" : "0x0c", + "0x05" : "0x0c", + "0x06" : "0x0c", + "0x07" : "0x0c", + "0x08" : "0x0c", + "0x09" : "0x0c" + } + } + + }, + + "transaction" : + { + "data" : "", + "gasLimit" : "200000", "gasPrice" : "1", "nonce" : "", "secretKey" : "45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8", @@ -669,7 +794,7 @@ "c94f5374fce5edbc8e2a8697c15331677e6ebf0b" : { "balance" : "10", - "code" : "{(CALL 20000 0x0000000000000000000000000000000000000000 1 0 0 0 0) (SUICIDE 0)}", + "code" : "{(CALL 22000 0x0000000000000000000000000000000000000000 1 0 0 0 0) (SUICIDE 0)}", "nonce" : "0", "storage" : { } @@ -697,7 +822,7 @@ } }, - "SuicidesAndInternlCallSuicides" : { + "SuicidesAndInternlCallSuicidesSuccess" : { "env" : { "currentCoinbase" : "b94f5374fce5edbc8e2a8697c15331677e6ebf0b", "currentDifficulty" : "45678256", @@ -737,7 +862,7 @@ "transaction" : { "data" : "", - "gasLimit" : "50000", + "gasLimit" : "150000", "gasPrice" : "1", "nonce" : "", "secretKey" : "45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8", @@ -767,7 +892,7 @@ "c94f5374fce5edbc8e2a8697c15331677e6ebf0b" : { "balance" : "10000", - "code" : "{(SUICIDE 0) (CALL 2000 0x0000000000000000000000000000000000000000 0 0 0 0 0) }", + "code" : "{(SUICIDE 0) (CALL 30000 0x0000000000000000000000000000000000000000 0 0 0 0 0) }", "nonce" : "0", "storage" : { } @@ -785,7 +910,7 @@ "transaction" : { "data" : "", - "gasLimit" : "33700", + "gasLimit" : "83700", "gasPrice" : "1", "nonce" : "", "secretKey" : "45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8", diff --git a/ttTransactionTestFiller.json b/ttTransactionTestFiller.json index 96e4c78a6..105b64abc 100644 --- a/ttTransactionTestFiller.json +++ b/ttTransactionTestFiller.json @@ -14,7 +14,7 @@ } }, - "WrongVRSTestVl26" : { + "WrongVRSTestVEqual26" : { "transaction" : { "data" : "", @@ -29,7 +29,7 @@ } }, - "WrongVRSTestVl29" : { + "WrongVRSTestVEqual29" : { "transaction" : { "data" : "", @@ -44,7 +44,7 @@ } }, - "WrongVRSTestVge31" : { + "WrongVRSTestVEqual31" : { "transaction" : { "data" : "", From 0602a04917dfbab76270f2dffe77bdaeb3ea2efb Mon Sep 17 00:00:00 2001 From: winsvega Date: Tue, 10 Mar 2015 23:05:59 +0300 Subject: [PATCH 20/20] State Transaction Tests bonus gas at call with value transfer --- stTransactionTestFiller.json | 97 +++++++++++++++++++++++++++++++++++- 1 file changed, 96 insertions(+), 1 deletion(-) diff --git a/stTransactionTestFiller.json b/stTransactionTestFiller.json index a69f0df27..5d07bf763 100644 --- a/stTransactionTestFiller.json +++ b/stTransactionTestFiller.json @@ -773,6 +773,102 @@ } }, + "SuicidesAndInternlCallSuicidesBonusGasAtCall" : { + "env" : { + "currentCoinbase" : "b94f5374fce5edbc8e2a8697c15331677e6ebf0b", + "currentDifficulty" : "45678256", + "currentGasLimit" : "1000000", + "currentNumber" : "0", + "currentTimestamp" : 1, + "previousHash" : "5e20a0453cecd065ea59c37ac63e079ee08998b6045136a8ce6635c7912ec0b6" + }, + "pre" : + { + "a94f5374fce5edbc8e2a8697c15331677e6ebf0b" : { + "balance" : "100000", + "code" : "", + "nonce" : "0", + "storage" : { + } + }, + + "c94f5374fce5edbc8e2a8697c15331677e6ebf0b" : { + "balance" : "10", + "code" : "{(CALL 0 0x0000000000000000000000000000000000000000 1 0 0 0 0) (SUICIDE 0)}", + "nonce" : "0", + "storage" : { + } + }, + + "0000000000000000000000000000000000000000" : { + "balance" : "0", + "code" : "{(SUICIDE 0x0000000000000000000000000000000000000001)}", + "nonce" : "0", + "storage" : { + } + } + }, + + "transaction" : + { + "data" : "", + "gasLimit" : "50000", + "gasPrice" : "1", + "nonce" : "", + "secretKey" : "45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8", + "to" : "c94f5374fce5edbc8e2a8697c15331677e6ebf0b", + "value" : "10" + } + }, + + "SuicidesAndInternlCallSuicidesBonusGasAtCallFailed" : { + "env" : { + "currentCoinbase" : "b94f5374fce5edbc8e2a8697c15331677e6ebf0b", + "currentDifficulty" : "45678256", + "currentGasLimit" : "1000000", + "currentNumber" : "0", + "currentTimestamp" : 1, + "previousHash" : "5e20a0453cecd065ea59c37ac63e079ee08998b6045136a8ce6635c7912ec0b6" + }, + "pre" : + { + "a94f5374fce5edbc8e2a8697c15331677e6ebf0b" : { + "balance" : "100000", + "code" : "", + "nonce" : "0", + "storage" : { + } + }, + + "c94f5374fce5edbc8e2a8697c15331677e6ebf0b" : { + "balance" : "10", + "code" : "{(CALL 0 0x0000000000000000000000000000000000000000 0 0 0 0 0) (SUICIDE 0)}", + "nonce" : "0", + "storage" : { + } + }, + + "0000000000000000000000000000000000000000" : { + "balance" : "0", + "code" : "{(SUICIDE 0x0000000000000000000000000000000000000001)}", + "nonce" : "0", + "storage" : { + } + } + }, + + "transaction" : + { + "data" : "", + "gasLimit" : "50000", + "gasPrice" : "1", + "nonce" : "", + "secretKey" : "45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8", + "to" : "c94f5374fce5edbc8e2a8697c15331677e6ebf0b", + "value" : "10" + } + }, + "SuicidesAndInternlCallSuicidesOOG" : { "env" : { "currentCoinbase" : "b94f5374fce5edbc8e2a8697c15331677e6ebf0b", @@ -807,7 +903,6 @@ "storage" : { } } - }, "transaction" :