310 lines
12 KiB
C
310 lines
12 KiB
C
#include <stdlib.h>
|
|
|
|
#include "libp2p/secio/secio.h"
|
|
#include "libp2p/secio/exchange.h"
|
|
#include "libp2p/net/multistream.h"
|
|
#include "libp2p/net/p2pnet.h"
|
|
#include "libp2p/utils/logger.h"
|
|
|
|
#include "mbedtls/md.h"
|
|
#include "mbedtls/cipher.h"
|
|
#include "mbedtls/md_internal.h"
|
|
#include "mbedtls/aes.h"
|
|
|
|
|
|
void print_stretched_key(struct StretchedKey* key) {
|
|
fprintf(stdout, "cipher key: ");
|
|
for(int i = 0; i < key->cipher_size; i++) {
|
|
fprintf(stdout, "%d ", key->cipher_key[i]);
|
|
}
|
|
fprintf(stdout, "\nIV: ");
|
|
for(int i = 0; i < key->iv_size; i++) {
|
|
fprintf(stdout, "%d ", key->iv[i]);
|
|
}
|
|
fprintf(stdout, "\nMAC: ");
|
|
for(int i = 0; i < key->mac_size; i++) {
|
|
fprintf(stdout, "%d ", key->mac_key[i]);
|
|
}
|
|
}
|
|
|
|
int test_secio_handshake() {
|
|
|
|
libp2p_logger_add_class("secio");
|
|
|
|
int retVal = 0;
|
|
size_t decode_base64_size = 0;
|
|
unsigned char* decode_base64 = NULL;
|
|
// this is a base64 encoded private key. It makes it easier to test if it is in base64 form
|
|
// these were pulled from the GO version of ipfs
|
|
char* orig_priv_key = "CAASqQkwggSlAgEAAoIBAQCuW+8vGUb2n4xOcfPZLmfVAy6GNJ0sYrD/hVXwxBU1aBas+8lfAuLwYJXPCVBg65wZWYEbbWCevLFjwB/oZyJA1J1g+HohggH8QvuDH164FtSbgyHFip2SPR7oUHgSWRqfKXRJsVW/SPCfEt59S8JH99Q747dU9fvZKpelE9aDLf5yI8nj29TDy3c1RpkxfUwfgnbeoCwsDnakFmVdoSEp3Lnt3JlI05qE0bgvkWAaelcXSNQCmZzDwXeMk9y221FnBkL4Vs3v2lKmjLx+Qr37P/t78T+VxsjnGHPhbZTIMIjwwON6568d0j25Bj9v6biiz8iXzBR4Fmz1CQ0mqU5BAgMBAAECggEAc6EYX/29Z/SrEaLUeiUiSsuPYQUnbrYMd4gvVDpVblOXJiTciJvbcFo9P04H9h6KKO2Ih23j86FjaqmQ/4jV2HSn4hUmuW4EbwzkyzJUmHTbjj5KeTzR/pd2Fc63skNROlg9fFmUagSvPm8/CYziTOP35bfAbyGqYXyzkJA1ZExVVSOi1zGVi+lnlI1fU2Aki5F7W7F/d2AQWsh7NXUwT7e6JP7TL+Gn4bWdn3NvluwAWTMgp6/It8OU1XPgu8OhdpZQWsMBqJwr79KGLbq2SZZXAw8O+ay1JQYmmmvYzwhdDgJwl+MOtf3NiqQWFzZP8RnlHGNcXlLHHPW0FB9H+QKBgQDirtBOqjCtND6m4hEfy6A24GcITYUBg1+AYQ7uM5uZl5u9AyxfG4bPxyrspz3yS0DOV4HNQ88iwmUE8+8ZHCLSY/YIp73Nk4m8t2s46CuI7Y5GrwCnh9xTMwaUrNx4IRTWyR3OxjQtUyrXtPR6uJ83FDenXvNi//Mrzp+myxX4wwKBgQDE6L8qiVA6n9k5dyUxxMUKJqynwPcBeC+wI85gr/9wwlRYDrgMYeH6/D5prZ3N5m8+zugVQQJKLfXBG0i8BRh5xLYFCZnV2O3NwvCdENlZJZrNNoz9jM3yRV+c7OdrclxDiN0bjGEBWv8GHutNFAwuUfMe0TMdfFYpM7gBHjEMqwKBgQCWHwOhNSCrdDARwSFqFyZxcUeKvhvZlrFGigCjS9Y+b6MaF+Ho0ogDTnlk5JUnwyKWBGnYEJI7CNZx40JzNKjzAHRN4xjV7mGHc0k1FLzQH9LbiMY8LMOC7gXrrFcNz4rHe8WbzLN9WNjEpfhK1b3Lcj4xP7ab17mpR1t/0HsqlQKBgQC3S6lYIUZLrCz7b0tyTqbU0jd6WQgVmBlcL5iXLH3uKxd0eQ8eh6diiZhXq0PwPQdlQhmMX12QS8QupAVK8Ltd7p05hzxqcmq7VTHCI8MPVxAI4zTPeVjko2tjmqu5u1TjkO2yDTTnnBs1SWbj8zt7itFz6G1ajzltVTV95OrnzQKBgQDEwZxnJA2vDJEDaJ82CiMiUAFzwsoK8hDvz63kOKeEW3/yESySnUbzpxDEjzYNsK74VaXHKCGI40fDRUqZxU/+qCrFf3xDfYS4r4wfFd2Jh+tn4NzSV/EhIr9KR/ZJW+TvGks+pWUJ3mhjPEvNtlt3M64/j2D0RP2aBQtoSpeezQ==";
|
|
char* orig_peer_id = "QmRKm1d9kSCRpMFtLYpfhhCQ3DKuSSPJa3qn9wWXfwnWnY";
|
|
size_t orig_peer_id_size = strlen(orig_peer_id);
|
|
struct RsaPrivateKey* rsa_private_key = NULL;
|
|
unsigned char hashed[32] = {0};
|
|
size_t final_id_size = 1600;
|
|
unsigned char final_id[final_id_size];
|
|
|
|
struct PrivateKey* private_key = NULL;
|
|
struct SessionContext secure_session = {0};
|
|
|
|
// 1) take the private key and turn it back into bytes (decode base 64)
|
|
decode_base64_size = libp2p_crypto_encoding_base64_decode_size(strlen(orig_priv_key));
|
|
decode_base64 = (unsigned char*)malloc(decode_base64_size);
|
|
memset(decode_base64, 0, decode_base64_size);
|
|
|
|
if (!libp2p_crypto_encoding_base64_decode((unsigned char*)orig_priv_key, strlen(orig_priv_key), &decode_base64[0], decode_base64_size, &decode_base64_size))
|
|
goto exit;
|
|
|
|
if (!libp2p_crypto_private_key_protobuf_decode(decode_base64, decode_base64_size, &private_key))
|
|
goto exit;
|
|
|
|
// 2) take the bytes of the private key and turn it back into an RSA private key struct
|
|
//TODO: should verify that this key is RSA
|
|
rsa_private_key = libp2p_crypto_rsa_rsa_private_key_new();
|
|
if (!libp2p_crypto_encoding_x509_der_to_private_key(private_key->data, private_key->data_size, rsa_private_key))
|
|
goto exit;
|
|
|
|
// 2b) take the private key and fill in the public key DER
|
|
if (!libp2p_crypto_rsa_private_key_fill_public_key(rsa_private_key))
|
|
goto exit;
|
|
|
|
//secure_session.host = "www.jmjatlanta.com";
|
|
secure_session.host = "10.211.55.4";
|
|
secure_session.port = 4001;
|
|
secure_session.traffic_type = TCP;
|
|
// connect to host
|
|
secure_session.insecure_stream = libp2p_net_multistream_connect(secure_session.host, secure_session.port);
|
|
secure_session.default_stream = secure_session.insecure_stream;
|
|
if (*((int*)secure_session.insecure_stream->socket_descriptor) == -1) {
|
|
fprintf(stderr, "test_secio_handshake: Unable to get socket descriptor\n");
|
|
goto exit;
|
|
}
|
|
|
|
if (!libp2p_secio_handshake(&secure_session, rsa_private_key, NULL)) {
|
|
fprintf(stderr, "test_secio_handshake: Unable to do handshake\n");
|
|
fprintf(stdout, "Shared key: ");
|
|
for(int i = 0; i < secure_session.shared_key_size; i++)
|
|
fprintf(stdout, "%d ", secure_session.shared_key[i]);
|
|
fprintf(stdout, "\nLocal stretched key: ");
|
|
print_stretched_key(secure_session.local_stretched_key);
|
|
fprintf(stdout, "\nRemote stretched key: ");
|
|
print_stretched_key(secure_session.remote_stretched_key);
|
|
fprintf(stdout, "\n");
|
|
goto exit;
|
|
}
|
|
|
|
/*
|
|
fprintf(stdout, "Shared key: ");
|
|
for(int i = 0; i < secure_session.shared_key_size; i++)
|
|
fprintf(stdout, "%d ", secure_session.shared_key[i]);
|
|
fprintf(stdout, "\nLocal stretched key: ");
|
|
print_stretched_key(secure_session.local_stretched_key);
|
|
fprintf(stdout, "\nRemote stretched key: ");
|
|
print_stretched_key(secure_session.remote_stretched_key);
|
|
fprintf(stdout, "\n");
|
|
*/
|
|
|
|
// now attempt to do something with it... try to negotiate a multistream
|
|
if (libp2p_net_multistream_negotiate(&secure_session) == 0) {
|
|
fprintf(stdout, "Unable to negotiate multistream\n");
|
|
goto exit;
|
|
}
|
|
|
|
// now attempt an "ls"
|
|
if (libp2p_net_multistream_write(&secure_session, (unsigned char*)"ls\n", 3) == 0) {
|
|
fprintf(stdout, "Unable to send ls to multistream\n");
|
|
goto exit;
|
|
}
|
|
|
|
// retrieve the response
|
|
unsigned char* results;
|
|
size_t results_size;
|
|
if (libp2p_net_multistream_read(&secure_session, &results, &results_size, 30) == 0) {
|
|
fprintf(stdout, "Unable to read ls results from multistream\n");
|
|
free(results);
|
|
goto exit;
|
|
}
|
|
|
|
fprintf(stdout, "Results of ls: %.*s", (int)results_size, results);
|
|
|
|
free(results);
|
|
results = NULL;
|
|
|
|
retVal = 1;
|
|
exit:
|
|
if (secure_session.insecure_stream != NULL)
|
|
libp2p_net_multistream_stream_free(secure_session.insecure_stream);
|
|
if (secure_session.local_stretched_key != NULL)
|
|
libp2p_crypto_ephemeral_stretched_key_free(secure_session.local_stretched_key);
|
|
if (secure_session.remote_stretched_key != NULL)
|
|
libp2p_crypto_ephemeral_stretched_key_free(secure_session.remote_stretched_key);
|
|
if (secure_session.ephemeral_private_key != NULL)
|
|
libp2p_crypto_ephemeral_key_free(secure_session.ephemeral_private_key);
|
|
if (secure_session.remote_ephemeral_public_key != NULL)
|
|
free(secure_session.remote_ephemeral_public_key);
|
|
if (secure_session.chosen_cipher != NULL)
|
|
free(secure_session.chosen_cipher);
|
|
if (secure_session.chosen_curve != NULL)
|
|
free(secure_session.chosen_curve);
|
|
if (secure_session.chosen_hash != NULL)
|
|
free(secure_session.chosen_hash);
|
|
if (secure_session.shared_key != NULL)
|
|
free(secure_session.shared_key);
|
|
if (private_key != NULL)
|
|
libp2p_crypto_private_key_free(private_key);
|
|
if (decode_base64 != NULL)
|
|
free(decode_base64);
|
|
if (rsa_private_key != NULL)
|
|
libp2p_crypto_rsa_rsa_private_key_free(rsa_private_key);
|
|
return retVal;
|
|
}
|
|
|
|
int libp2p_secio_encrypt(const struct SessionContext* session, const unsigned char* incoming, size_t incoming_size, unsigned char** outgoing, size_t* outgoing_size);
|
|
int libp2p_secio_decrypt(const struct SessionContext* session, const unsigned char* incoming, size_t incoming_size, unsigned char** outgoing, size_t* outgoing_size);
|
|
|
|
int test_secio_encrypt_decrypt() {
|
|
unsigned char* original = (unsigned char*)"This is a test message";
|
|
int retVal = 0;
|
|
unsigned char* encrypted = NULL;
|
|
size_t encrypted_size = 0;
|
|
unsigned char* results = NULL;
|
|
size_t results_size = 0;
|
|
struct SessionContext secure_session;
|
|
struct StretchedKey stretched_key;
|
|
|
|
secure_session.local_stretched_key = &stretched_key;
|
|
secure_session.remote_stretched_key = &stretched_key;
|
|
|
|
secure_session.local_stretched_key->cipher_key = (unsigned char*)"abcdefghijklmnopqrstuvwxyzabcdef";
|
|
secure_session.local_stretched_key->cipher_size = 32;
|
|
secure_session.local_stretched_key->mac_size = 40;
|
|
secure_session.local_stretched_key->mac_key = (unsigned char*)"abcdefghijklmnopqrstuvwxyzabcdefghijklmn";
|
|
secure_session.local_stretched_key->iv_size = 16;
|
|
secure_session.local_stretched_key->iv = (unsigned char*)"abcdefghijklmnop";
|
|
secure_session.mac_function = NULL;
|
|
|
|
if (!libp2p_secio_encrypt(&secure_session, original, strlen((char*)original), &encrypted, &encrypted_size)) {
|
|
fprintf(stderr, "Unable to encrypt\n");
|
|
goto exit;
|
|
}
|
|
|
|
if (!libp2p_secio_decrypt(&secure_session, encrypted, encrypted_size, &results, &results_size)) {
|
|
fprintf(stderr, "Unable to decrypt\n");
|
|
goto exit;
|
|
}
|
|
|
|
if (results_size != strlen((char*)original)) {
|
|
fprintf(stderr, "Results size are different. Results size = %lu and original is %lu\n", results_size, strlen((char*)original));
|
|
goto exit;
|
|
}
|
|
|
|
if (strncmp((char*)original, (char*)results, strlen( (char*) original)) != 0) {
|
|
fprintf(stderr, "String comparison did not match\n");
|
|
goto exit;
|
|
}
|
|
|
|
retVal = 1;
|
|
exit:
|
|
if (results != NULL)
|
|
free(results);
|
|
if (encrypted != NULL)
|
|
free(encrypted);
|
|
return retVal;
|
|
}
|
|
|
|
int test_secio_exchange_protobuf_encode() {
|
|
char* protobuf = NULL;
|
|
size_t protobuf_size = 0, actual_size = 0;
|
|
struct Exchange* exch = libp2p_secio_exchange_new();
|
|
int retVal = 0;
|
|
|
|
exch->epubkey_size = 100;
|
|
exch->epubkey = malloc(exch->epubkey_size);
|
|
for(int i = 0; i < exch->epubkey_size; i++) {
|
|
exch->epubkey[i] = i;
|
|
}
|
|
exch->signature_size = 32;
|
|
exch->signature = malloc(exch->signature_size);
|
|
for(int i = 0; i < exch->signature_size; i++) {
|
|
exch->signature[i] = i;
|
|
}
|
|
|
|
protobuf_size = libp2p_secio_exchange_protobuf_encode_size(exch);
|
|
protobuf = malloc(protobuf_size);
|
|
|
|
libp2p_secio_exchange_protobuf_encode(exch, (unsigned char*)protobuf, protobuf_size, &actual_size);
|
|
|
|
if (actual_size > protobuf_size)
|
|
goto exit;
|
|
|
|
retVal = 1;
|
|
exit:
|
|
free(protobuf);
|
|
libp2p_secio_exchange_free(exch);
|
|
return retVal;
|
|
}
|
|
|
|
|
|
int test_secio_encrypt_like_go() {
|
|
// GO version keys:
|
|
// local keys
|
|
unsigned char keyIv[] = { 233, 20, 188, 79, 55, 204, 132, 231, 82, 167, 63, 211, 74, 253, 20, 109 };
|
|
unsigned char keyMac[] = { 224, 94, 119, 190, 68, 213, 247, 204, 211, 25, 42, 154, 145, 96, 86, 8, 103, 187, 133, 15 };
|
|
unsigned char keyCipher[] = { 137, 132, 0, 154, 131, 200, 29, 70, 88, 158, 170, 177, 220, 101, 113, 212, 98, 180, 25, 96, 15, 208, 210, 204, 167, 161, 238, 207, 229, 69, 83, 29 };
|
|
|
|
// with the above keys, the "nonce" below should give the expected result
|
|
unsigned char nonce_string[] = { 253, 17, 36, 85, 95, 130, 6, 14, 184, 204, 131, 114, 143, 245, 74, 51 };
|
|
unsigned char expected_nonce[] = { 71, 244, 156, 168, 60, 181, 227, 199, 116, 155, 82, 29, 7, 237, 234, 27 };
|
|
int incoming_size = 16;
|
|
|
|
size_t result_size = 255;
|
|
unsigned char result[result_size];
|
|
memset(result, 0, result_size);
|
|
|
|
// do nonce
|
|
mbedtls_aes_context cipher_ctx;
|
|
mbedtls_aes_init(&cipher_ctx);
|
|
if (mbedtls_aes_setkey_enc(&cipher_ctx, keyCipher, 32 * 8)) {
|
|
fprintf(stderr, "Unable to set key for cipher\n");
|
|
return 0;
|
|
}
|
|
|
|
size_t nonce_offset = 0;
|
|
unsigned char stream_block[16];
|
|
memset(stream_block, 0, 16);
|
|
if (mbedtls_aes_crypt_ctr(&cipher_ctx, incoming_size, &nonce_offset, keyIv, stream_block, nonce_string, result)) {
|
|
fprintf(stderr, "Unable to update cipher\n");
|
|
return 0;
|
|
}
|
|
|
|
// do comparison
|
|
for(int i = 0; i < incoming_size; i++) {
|
|
if (result[i] != expected_nonce[i]) {
|
|
fprintf(stderr, "Nonce: At position %d expected %u but got %u\n", i, expected_nonce[i], result[i]);
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
// now try multistream
|
|
result_size = 255;
|
|
memset(result, 0, result_size);
|
|
unsigned char multistream_string[] = { 19, 47, 109, 117, 108, 116, 105, 115, 116, 114, 101, 97, 109, 47, 49, 46, 48, 46, 48, 10 };
|
|
unsigned char expected_multistream[] = { 105, 218, 190, 138, 115, 254, 188, 113, 192, 128, 162, 148, 118, 164, 178, 140, 239, 185, 53, 17 };
|
|
incoming_size = 20;
|
|
|
|
if (mbedtls_aes_crypt_ctr(&cipher_ctx, incoming_size, &nonce_offset, keyIv, stream_block, multistream_string, result)) {
|
|
fprintf(stderr, "Unable to update cipher\n");
|
|
return 0;
|
|
}
|
|
mbedtls_aes_free(&cipher_ctx);
|
|
|
|
// do comparison
|
|
for(int i = 0; i < incoming_size; i++) {
|
|
if (result[i] != expected_multistream[i]) {
|
|
fprintf(stderr, "Multistream: At position %d expected %d but got %d\n", i, expected_multistream[i], result[i]);
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
return 1;
|
|
}
|