cerc-io/solidity
16
0
Fork 0
mirror of https://github.com/ethereum/solidity synced 2023-10-03 13:03:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

end-to-end handshake for uknown node

Browse Source
This commit is contained in:
subtly 2015-02-13 20:45:03 -05:00
parent 1542497872
commit 4942dab73c
1 changed files with 66 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
crypto.cpp
View File

@ -323,9 +323,13 @@ BOOST_AUTO_TEST_CASE(handshakeNew)
Secret nodeAsecret(sha3("privacy")); Secret nodeAsecret(sha3("privacy"));
KeyPair nodeA(nodeAsecret); KeyPair nodeA(nodeAsecret);
BOOST_REQUIRE(nodeA.pub());
Secret nodeBsecret(sha3("privacy++")); Secret nodeBsecret(sha3("privacy++"));
KeyPair nodeB(nodeBsecret); KeyPair nodeB(nodeBsecret);
BOOST_REQUIRE(nodeA.pub());
BOOST_REQUIRE_NE(nodeA.sec(), nodeB.sec());
// Initiator is Alice (nodeA) // Initiator is Alice (nodeA)
ECDHE eA; ECDHE eA;
@ -348,7 +352,6 @@ BOOST_AUTO_TEST_CASE(handshakeNew)
} }
bytes authcipher; bytes authcipher;
encrypt(nodeB.pub(), &auth, authcipher); encrypt(nodeB.pub(), &auth, authcipher);
cnote << "initAuth:" << toHex(authcipher);
ECDHE eB; ECDHE eB;
bytes nBbytes(fromHex("0xBBBB")); bytes nBbytes(fromHex("0xBBBB"));
@ -364,45 +367,89 @@ BOOST_AUTO_TEST_CASE(handshakeNew)
} }
bytes ackcipher; bytes ackcipher;
encrypt(nodeA.pub(), &ack, ackcipher); encrypt(nodeA.pub(), &ack, ackcipher);
cnote << "ackAuth:" << toHex(ackcipher);
BOOST_REQUIRE(eA.pubkey());
BOOST_REQUIRE(eB.pubkey());
BOOST_REQUIRE_NE(eA.seckey(), eB.seckey());
/// Alice /// Alice
// TODO: decrypt ackcipher and check decrypted pubk is eb
Secret aEncryptK; Secret aEncryptK;
Secret aMacK; Secret aMacK;
Secret aEgressMac; Secret aEgressMac;
Secret aIngressMac; Secret aIngressMac;
{ {
bytes keyMaterial(512); // TODO: decrypt ackcipher and check decrypted material
// TODO: export ess and require equal to b
bytes keyMaterialBytes(512);
bytesConstRef keyMaterial(&keyMaterialBytes);
h256 ess; h256 ess;
// todo: ecdh-agree should be able to output bytes // todo: ecdh-agree should be able to output bytes
s_secp256k1.agree(eA.seckey(), eB.pubkey(), ess); s_secp256k1.agree(eA.seckey(), eB.pubkey(), ess);
ess.ref().copyTo(bytesConstRef(&keyMaterial).cropped(0, h256::size)); ess.ref().copyTo(keyMaterial.cropped(0, h256::size));
ssA.ref().copyTo(bytesConstRef(&keyMaterial).cropped(h256::size, h256::size)); ssA.ref().copyTo(keyMaterial.cropped(h256::size, h256::size));
// auto token = sha3(ssA); // auto token = sha3(ssA);
aEncryptK = sha3(keyMaterial); aEncryptK = sha3(keyMaterial);
aEncryptK.ref().copyTo(bytesConstRef(&keyMaterial).cropped(h256::size, h256::size)); aEncryptK.ref().copyTo(keyMaterial.cropped(h256::size, h256::size));
aMacK = sha3(keyMaterial); aMacK = sha3(keyMaterial);
// todo: resize key-material and copy ciphertext // todo: replace nonceB with decrypted nonceB
keyMaterialBytes.resize(h256::size + authcipher.size());
keyMaterial.retarget(keyMaterialBytes.data(), keyMaterialBytes.size());
(aMacK ^ nonceB).ref().copyTo(keyMaterial);
bytesConstRef(&authcipher).copyTo(keyMaterial.cropped(h256::size, authcipher.size()));
aEgressMac = sha3(keyMaterial); aEgressMac = sha3(keyMaterial);
keyMaterialBytes.resize(h256::size + ackcipher.size());
keyMaterial.retarget(keyMaterialBytes.data(), keyMaterialBytes.size());
(aMacK ^ nonceA).ref().copyTo(keyMaterial);
bytesConstRef(&ackcipher).copyTo(keyMaterial.cropped(h256::size, ackcipher.size()));
aIngressMac = sha3(keyMaterial); aIngressMac = sha3(keyMaterial);
} }
// ecdhe-shared-secret = ecdh.agree(ecdhe-random, remote-ecdhe-random-pubk) /// Bob
// shared-secret = sha3(ecdhe-shared-secret || sha3(nonce || initiator-nonce)) Secret ssB;
// token = sha3(shared-secret) s_secp256k1.agree(nodeB.sec(), nodeA.pub(), ssB);
// aes-secret = sha3(ecdhe-shared-secret || shared-secret) BOOST_REQUIRE_EQUAL(ssA, ssB);
//# destroy shared-secret
// mac-secret = sha3(ecdhe-shared-secret || aes-secret)
//# destroy ecdhe-shared-secret
// egress-mac = sha3(mac-secret^nonce || auth)
//# destroy nonce
// ingress-mac = sha3(mac-secret^initiator-nonce || auth)
//# destroy remote-nonce
Secret bEncryptK;
Secret bMacK;
Secret bEgressMac;
Secret bIngressMac;
{
bytes keyMaterialBytes(512);
bytesConstRef keyMaterial(&keyMaterialBytes);
h256 ess;
// todo: ecdh-agree should be able to output bytes
s_secp256k1.agree(eB.seckey(), eA.pubkey(), ess);
ess.ref().copyTo(keyMaterial.cropped(0, h256::size));
ssB.ref().copyTo(keyMaterial.cropped(h256::size, h256::size));
// auto token = sha3(ssA);
bEncryptK = sha3(keyMaterial);
bEncryptK.ref().copyTo(keyMaterial.cropped(h256::size, h256::size));
bMacK = sha3(keyMaterial);
// todo: replace nonceB with decrypted nonceB
keyMaterialBytes.resize(h256::size + ackcipher.size());
keyMaterial.retarget(keyMaterialBytes.data(), keyMaterialBytes.size());
(bMacK ^ nonceA).ref().copyTo(keyMaterial);
bytesConstRef(&ackcipher).copyTo(keyMaterial.cropped(h256::size, ackcipher.size()));
bEgressMac = sha3(keyMaterial);
keyMaterialBytes.resize(h256::size + authcipher.size());
keyMaterial.retarget(keyMaterialBytes.data(), keyMaterialBytes.size());
(bMacK ^ nonceB).ref().copyTo(keyMaterial);
bytesConstRef(&authcipher).copyTo(keyMaterial.cropped(h256::size, authcipher.size()));
bIngressMac = sha3(keyMaterial);
}
BOOST_REQUIRE_EQUAL(aEncryptK, bEncryptK);
BOOST_REQUIRE_EQUAL(aMacK, bMacK);
BOOST_REQUIRE_EQUAL(aEgressMac, bIngressMac);
BOOST_REQUIRE_EQUAL(bEgressMac, aIngressMac);
} }
BOOST_AUTO_TEST_CASE(ecdhe_aes128_ctr_sha3mac) BOOST_AUTO_TEST_CASE(ecdhe_aes128_ctr_sha3mac)