This repository has been archived by the owner on Feb 24, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test: add verify inbound and outbound secio
- Loading branch information
Showing
5 changed files
with
225 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,196 @@ | ||
| /* eslint-env mocha */ | ||
| 'use strict' | ||
|
|
||
| const chai = require('chai') | ||
| const dirtyChai = require('dirty-chai') | ||
| const expect = chai.expect | ||
| chai.use(dirtyChai) | ||
|
|
||
| const duplexPair = require('it-pair/duplex') | ||
| const Handshake = require('it-pb-rpc') | ||
| const Secio = require('../src') | ||
| const { createPeerIdsFromFixtures } = require('./fixtures/peer') | ||
| const { | ||
| createExchange, | ||
| createProposal, | ||
| generateKeys, | ||
| identify, | ||
| selectProtocols, | ||
| verify | ||
| } = require('../src/handshake/crypto') | ||
| const { createBoxStream, createUnboxStream } = require('../src/etm') | ||
| const State = require('../src/state') | ||
| const { Exchange, Propose } = require('../src/handshake/secio.proto') | ||
|
|
||
| /** | ||
| * TODO: | ||
| * Both sides send their proposals, | ||
| * then, their exchanges | ||
| * then, encrypted nonces for verification | ||
| * 1. Proposal A | ||
| * 2. Proposal B | ||
| * 3. Exchange B | ||
| * 4. Exchange A | ||
| * 5. Encrypted Nonce A | ||
| * 6. Encrypted Nonce B | ||
| * | ||
| B->F Data 375 | ||
| F->B Data 375 | ||
| F->B Data 330 | ||
| B->F Data 330 | ||
| F->B Data 52 | ||
| B->F Data 52 | ||
| */ | ||
|
|
||
| describe('secio', () => { | ||
| let remotePeer | ||
| let localPeer | ||
|
|
||
| before(async () => { | ||
| [remotePeer, localPeer] = await createPeerIdsFromFixtures(2) | ||
| }) | ||
|
|
||
| it('performs a spec compliant inbound exchange', async () => { | ||
| const [inboundConnection, outboundConnection] = duplexPair() | ||
| await Promise.all([ | ||
| Secio.secureInbound(remotePeer, inboundConnection, null), | ||
| (async () => { | ||
| const wrap = Handshake(outboundConnection) | ||
| const state = new State(localPeer, remotePeer) | ||
|
|
||
| // Create our proposal | ||
| const proposal = createProposal(state) | ||
|
|
||
| // Send our proposal | ||
| const proposalLength = Buffer.allocUnsafe(4) | ||
| proposalLength.writeInt32BE(proposal.length, 0) | ||
| wrap.write(Buffer.concat([proposalLength, proposal])) | ||
|
|
||
| // Read their proposal | ||
| let theirProposalRaw = (await wrap.read()).slice() | ||
| let dataLength = theirProposalRaw.readInt32BE(0) | ||
| theirProposalRaw = theirProposalRaw.slice(4, dataLength + 4) | ||
| const theirProposal = Propose.decode(theirProposalRaw) | ||
| expect(theirProposal.rand).to.have.length(16) | ||
| expect(theirProposal.pubkey).to.eql(remotePeer.pubKey.bytes) | ||
| expect(theirProposal.exchanges).to.equal('P-256,P-384,P-521') | ||
| expect(theirProposal.ciphers).to.equal('AES-256,AES-128') | ||
| expect(theirProposal.hashes).to.equal('SHA256,SHA512') | ||
|
|
||
| // Select protocols | ||
| identify(state, theirProposalRaw) | ||
| await selectProtocols(state) | ||
| expect(state.protocols.local).to.include({ curveT: 'P-256', cipherT: 'AES-256', hashT: 'SHA256' }) | ||
| expect(state.protocols.remote).to.include({ curveT: 'P-256', cipherT: 'AES-256', hashT: 'SHA256' }) | ||
|
|
||
| // Create our exchange | ||
| const exchange = await createExchange(state) | ||
|
|
||
| // Send our exchange | ||
| const exchangeLength = Buffer.allocUnsafe(4) | ||
| exchangeLength.writeInt32BE(exchange.length, 0) | ||
| wrap.write(Buffer.concat([exchangeLength, exchange])) | ||
|
|
||
| // Read their exchange | ||
| let theirExchangeRaw = (await wrap.read()).slice() | ||
| dataLength = theirExchangeRaw.readInt32BE(0) | ||
| theirExchangeRaw = theirExchangeRaw.slice(4, dataLength + 4) | ||
| await verify(state, theirExchangeRaw) | ||
|
|
||
| // Generate the crypto keys | ||
| await generateKeys(state) | ||
|
|
||
| // Create the crypto stream | ||
| const box = createBoxStream(state.protocols.local.cipher, state.protocols.local.mac) | ||
| const unbox = createUnboxStream(state.protocols.remote.cipher, state.protocols.remote.mac) | ||
|
|
||
| // Send back their nonce over the crypto stream | ||
| const { value: nonce } = await box([state.proposal.in.rand]).next() | ||
| const nonceLength = Buffer.allocUnsafe(4) | ||
| nonceLength.writeInt32BE(nonce.length, 0) | ||
| wrap.write(Buffer.concat([nonceLength, nonce.slice()])) | ||
|
|
||
| // Read our nonce from the crypto stream | ||
| let ourNonceRaw = (await wrap.read()) | ||
| dataLength = ourNonceRaw.readInt32BE(0) | ||
| ourNonceRaw = ourNonceRaw.shallowSlice(4, dataLength + 4) // Unbox expects a BufferList, so shallow slice here | ||
| const { value: ourNonce } = await unbox([ourNonceRaw]).next() | ||
|
|
||
| // Verify our nonce is correct | ||
| expect(ourNonce.slice()).to.eql(state.proposal.out.rand) | ||
| })() | ||
| ]) | ||
| }) | ||
|
|
||
| it('performs a spec compliant outbound exchange', async () => { | ||
| const [inboundConnection, outboundConnection] = duplexPair() | ||
| await Promise.all([ | ||
| Secio.secureOutbound(localPeer, outboundConnection, remotePeer), | ||
| (async () => { | ||
| const wrap = Handshake(inboundConnection) | ||
| const state = new State(remotePeer, localPeer) | ||
|
|
||
| // Create our proposal | ||
| const proposal = createProposal(state) | ||
|
|
||
| // Send our proposal | ||
| const proposalLength = Buffer.allocUnsafe(4) | ||
| proposalLength.writeInt32BE(proposal.length, 0) | ||
| wrap.write(Buffer.concat([proposalLength, proposal])) | ||
|
|
||
| // Read their proposal | ||
| let theirProposalRaw = (await wrap.read()).slice() | ||
| let dataLength = theirProposalRaw.readInt32BE(0) | ||
| theirProposalRaw = theirProposalRaw.slice(4, dataLength + 4) | ||
| const theirProposal = Propose.decode(theirProposalRaw) | ||
| expect(theirProposal.rand).to.have.length(16) | ||
| expect(theirProposal.pubkey).to.eql(localPeer.pubKey.bytes) | ||
| expect(theirProposal.exchanges).to.equal('P-256,P-384,P-521') | ||
| expect(theirProposal.ciphers).to.equal('AES-256,AES-128') | ||
| expect(theirProposal.hashes).to.equal('SHA256,SHA512') | ||
|
|
||
| // Select protocols | ||
| identify(state, theirProposalRaw) | ||
| await selectProtocols(state) | ||
| expect(state.protocols.local).to.include({ curveT: 'P-256', cipherT: 'AES-256', hashT: 'SHA256' }) | ||
| expect(state.protocols.remote).to.include({ curveT: 'P-256', cipherT: 'AES-256', hashT: 'SHA256' }) | ||
|
|
||
| // Create our exchange | ||
| const exchange = await createExchange(state) | ||
|
|
||
| // Send our exchange | ||
| const exchangeLength = Buffer.allocUnsafe(4) | ||
| exchangeLength.writeInt32BE(exchange.length, 0) | ||
| wrap.write(Buffer.concat([exchangeLength, exchange])) | ||
|
|
||
| // Read their exchange | ||
| let theirExchangeRaw = (await wrap.read()).slice() | ||
| dataLength = theirExchangeRaw.readInt32BE(0) | ||
| theirExchangeRaw = theirExchangeRaw.slice(4, dataLength + 4) | ||
| await verify(state, theirExchangeRaw) | ||
|
|
||
| // Generate the crypto keys | ||
| await generateKeys(state) | ||
|
|
||
| // Create the crypto stream | ||
| const box = createBoxStream(state.protocols.local.cipher, state.protocols.local.mac) | ||
| const unbox = createUnboxStream(state.protocols.remote.cipher, state.protocols.remote.mac) | ||
|
|
||
| // Send back their nonce over the crypto stream | ||
| const { value: nonce } = await box([state.proposal.in.rand]).next() | ||
| const nonceLength = Buffer.allocUnsafe(4) | ||
| nonceLength.writeInt32BE(nonce.length, 0) | ||
| wrap.write(Buffer.concat([nonceLength, nonce.slice()])) | ||
|
|
||
| // Read our nonce from the crypto stream | ||
| let ourNonceRaw = (await wrap.read()) | ||
| dataLength = ourNonceRaw.readInt32BE(0) | ||
| ourNonceRaw = ourNonceRaw.shallowSlice(4, dataLength + 4) // Unbox expects a BufferList, so shallow slice here | ||
| const { value: ourNonce } = await unbox([ourNonceRaw]).next() | ||
|
|
||
| // Verify our nonce is correct | ||
| expect(ourNonce.slice()).to.eql(state.proposal.out.rand) | ||
| })() | ||
| ]) | ||
| }) | ||
| }) |