Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: update message and signature key types #5064

Merged
merged 1 commit into from
Jan 3, 2023
Merged

fix: update message and signature key types #5064

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
133 changes: 60 additions & 73 deletions comms/dht/src/crypt.rs
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion comms/dht/src/dht.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -620,7 +620,7 @@ mod test {
let ecdh_key = CommsDHKE::new(node_identity2.secret_key(), node_identity2.public_key());
let key_message = crypt::generate_key_message(&ecdh_key);
let mut encrypted_bytes = msg.encode_into_bytes_mut();
crypt::encrypt(&key_message, &mut encrypted_bytes).unwrap();
crypt::encrypt_message(&key_message, &mut encrypted_bytes).unwrap();
let dht_envelope = make_dht_envelope(
&node_identity2,
&encrypted_bytes.to_vec(),
Expand Down
16 changes: 8 additions & 8 deletions comms/dht/src/inbound/decryption.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -390,8 +390,8 @@ where S: Service<DecryptedDhtMessage, Response = (), Error = PipelineError>
.ok_or( DecryptionError::MessageSignatureNotProvidedForEncryptedMessage)?;

// obtain key signature for authenticated decrypt signature
let key_signature = crypt::generate_key_signature_for_authenticated_encryption(shared_secret);
let decrypted_bytes = crypt::decrypt_with_chacha20_poly1305(&key_signature, encrypted_message_signature)
let key_signature = crypt::generate_key_signature(shared_secret);
let decrypted_bytes = crypt::decrypt_signature(&key_signature, encrypted_message_signature)
.map_err(|_| DecryptionError::MessageSignatureDecryptedFailed)?;
let message_signature = ProtoMessageSignature::decode(decrypted_bytes.as_slice())
.map_err(|_| DecryptionError::MessageSignatureDeserializedFailed)?;
Expand All @@ -408,7 +408,8 @@ where S: Service<DecryptedDhtMessage, Response = (), Error = PipelineError>
) -> Result<EnvelopeBody, DecryptionError> {
let key_message = crypt::generate_key_message(shared_secret);
let mut decrypted = BytesMut::from(message_body);
crypt::decrypt(&key_message, &mut decrypted).map_err(DecryptionError::DecryptionFailedMalformedCipher)?;
crypt::decrypt_message(&key_message, &mut decrypted)
.map_err(DecryptionError::DecryptionFailedMalformedCipher)?;
// Deserialization into an EnvelopeBody is done here to determine if the
// decryption produced valid bytes or not.
EnvelopeBody::decode(decrypted.freeze())
Expand Down Expand Up @@ -643,7 +644,7 @@ mod test {
let msg_tag = MessageTag::new();

let mut message = plain_text_msg.clone();
crypt::encrypt(&key_message, &mut message).unwrap();
crypt::encrypt_message(&key_message, &mut message).unwrap();
let message = message.freeze();
let header = make_dht_header(
&node_identity,
Expand All @@ -668,10 +669,9 @@ mod test {
// Sign invalid data. Other peers cannot validate this while propagating, but this should not cause them to be
// banned.
let signature = make_valid_message_signature(&node_identity, b"sign invalid data");
let key_signature = crypt::generate_key_signature_for_authenticated_encryption(&shared_secret);
let key_signature = crypt::generate_key_signature(&shared_secret);

inbound_msg.dht_header.message_signature =
crypt::encrypt_with_chacha20_poly1305(&key_signature, &signature).unwrap();
inbound_msg.dht_header.message_signature = crypt::encrypt_signature(&key_signature, &signature).unwrap();

let err = service.call(inbound_msg).await.unwrap_err();
let err = err.downcast::<DecryptionError>().unwrap();
Expand Down Expand Up @@ -706,7 +706,7 @@ mod test {
let msg_tag = MessageTag::new();

let mut message = plain_text_msg.clone();
crypt::encrypt(&key_message, &mut message).unwrap();
crypt::encrypt_message(&key_message, &mut message).unwrap();
let message = message.freeze();
let header = make_dht_header(
&node_identity,
Expand Down
7 changes: 3 additions & 4 deletions comms/dht/src/outbound/broadcast.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -498,7 +498,7 @@ where S: Service<DhtOutboundMessage, Response = (), Error = PipelineError>
// Generate key message for encryption of message
let key_message = crypt::generate_key_message(&shared_ephemeral_secret);
// Encrypt the message with the body with key message above
crypt::encrypt(&key_message, &mut body)?;
crypt::encrypt_message(&key_message, &mut body)?;
let encrypted_body = body.freeze();

// Produce domain separated signature signature
Expand All @@ -513,16 +513,15 @@ where S: Service<DhtOutboundMessage, Response = (), Error = PipelineError>
);

// Generate key signature for encryption of signature
let key_signature =
crypt::generate_key_signature_for_authenticated_encryption(&shared_ephemeral_secret);
let key_signature = crypt::generate_key_signature(&shared_ephemeral_secret);

// Sign the encrypted message
let signature =
MessageSignature::new_signed(self.node_identity.secret_key().clone(), &mac_signature).to_proto();

// Perform authenticated encryption with ChaCha20-Poly1305 and set the origin field
let encrypted_message_signature =
crypt::encrypt_with_chacha20_poly1305(&key_signature, &signature.to_encoded_bytes())?;
crypt::encrypt_signature(&key_signature, &signature.to_encoded_bytes())?;

Ok((
Some(Arc::new(e_public_key)),
Expand Down
6 changes: 3 additions & 3 deletions comms/dht/src/store_forward/saf_handler/task.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -558,8 +558,8 @@ where S: Service<DecryptedDhtMessage, Response = (), Error = PipelineError>
header.message_signature.len()
);
let shared_secret = CommsDHKE::new(node_identity.secret_key(), ephemeral_public_key);
let key_signature = crypt::generate_key_signature_for_authenticated_encryption(&shared_secret);
let decrypted = crypt::decrypt_with_chacha20_poly1305(&key_signature, &header.message_signature)?;
let key_signature = crypt::generate_key_signature(&shared_secret);
let decrypted = crypt::decrypt_signature(&key_signature, &header.message_signature)?;
let authenticated_pk = Self::authenticate_message(&decrypted, header, body)?;

trace!(
Expand All @@ -570,7 +570,7 @@ where S: Service<DecryptedDhtMessage, Response = (), Error = PipelineError>

let key_message = crypt::generate_key_message(&shared_secret);
let mut decrypted_bytes = BytesMut::from(body);
crypt::decrypt(&key_message, &mut decrypted_bytes)?;
crypt::decrypt_message(&key_message, &mut decrypted_bytes)?;
let envelope_body =
EnvelopeBody::decode(decrypted_bytes.freeze()).map_err(|_| StoreAndForwardError::DecryptionFailed)?;
if envelope_body.is_empty() {
Expand Down
6 changes: 3 additions & 3 deletions comms/dht/src/test_utils/makers.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,8 +98,8 @@ pub fn make_dht_header(
let signature = make_valid_message_signature(node_identity, &binding_message_representation);
if flags.is_encrypted() {
let shared_secret = CommsDHKE::new(e_secret_key, node_identity.public_key());
let key_signature = crypt::generate_key_signature_for_authenticated_encryption(&shared_secret);
message_signature = crypt::encrypt_with_chacha20_poly1305(&key_signature, &signature)?;
let key_signature = crypt::generate_key_signature(&shared_secret);
message_signature = crypt::encrypt_signature(&key_signature, &signature)?;
}
}
Ok(DhtMessageHeader {
Expand Down Expand Up @@ -203,7 +203,7 @@ pub fn make_dht_envelope<T: prost::Message>(
let shared_secret = CommsDHKE::new(&e_secret_key, node_identity.public_key());
let key_message = crypt::generate_key_message(&shared_secret);
let mut message = prepare_message(true, message);
crypt::encrypt(&key_message, &mut message).unwrap();
crypt::encrypt_message(&key_message, &mut message).unwrap();
message.freeze()
} else {
prepare_message(false, message).freeze()
Expand Down