Merge branch 'ud1' of https://github.com/mrnaveira/tari into ud1

comms/core/Cargo.toml

@@ -19,7 +19,7 @@ tari_utilities = { git = "https://github.com/tari-project/tari_utilities.git", t
 anyhow = "1.0.53"
 async-trait = "0.1.36"
 bitflags = "1.0.4"
-blake2 = "0.9.0"
+blake2 = "0.10.4"
 bytes = { version = "1", features = ["serde"] }
 chrono = { version = "0.4.19", default-features = false, features = ["serde", "clock"] }
 cidr = "0.1.0"

comms/core/src/peer_manager/identity_signature.rs

@@ -27,7 +27,7 @@ use digest::Digest;
 use prost::Message;
 use rand::rngs::OsRng;
 use serde::{Deserialize, Serialize};
-use tari_crypto::keys::SecretKey;
+use tari_crypto::keys::PublicKey as PublicKeyTrait;
 use tari_utilities::ByteArray;
 
 use crate::{
@@ -64,9 +64,17 @@ impl IdentitySignature {
         addresses: I,
         updated_at: DateTime<Utc>,
     ) -> Self {
-        let challenge = Self::construct_challenge(Self::LATEST_VERSION, features, addresses, updated_at);
-        let nonce = CommsSecretKey::random(&mut OsRng);
-        let signature = Signature::sign(secret_key.clone(), nonce, &challenge.finalize())
+        let public_key = CommsPublicKey::from_secret_key(secret_key);
+        let (secret_nonce, public_nonce) = CommsPublicKey::random_keypair(&mut OsRng);
+        let challenge = Self::construct_challenge(
+            &public_key,
+            &public_nonce,
+            Self::LATEST_VERSION,
+            features,
+            addresses,
+            updated_at,
+        );
+        let signature = Signature::sign(secret_key.clone(), secret_nonce, &challenge.finalize())
             .expect("unreachable panic: challenge hash digest is the correct length");
         Self {
             version: Self::LATEST_VERSION,
@@ -110,17 +118,29 @@ impl IdentitySignature {
             return false;
         }
 
-        let challenge = Self::construct_challenge(self.version, features, addresses, self.updated_at);
+        let challenge = Self::construct_challenge(
+            public_key,
+            self.signature.get_public_nonce(),
+            self.version,
+            features,
+            addresses,
+            self.updated_at,
+        );
         self.signature.verify_challenge(public_key, &challenge.finalize())
     }
 
     fn construct_challenge<'a, I: IntoIterator<Item = &'a Multiaddr>>(
+        public_key: &CommsPublicKey,
+        public_nonce: &CommsPublicKey,
         version: u8,
         features: PeerFeatures,
         addresses: I,
         updated_at: DateTime<Utc>,
     ) -> Challenge {
+        // e = H(P||R||m)
         let challenge = Challenge::new()
+            .chain(public_key.as_bytes())
+            .chain(public_nonce.as_bytes())
             .chain(version.to_le_bytes())
             .chain(u64::try_from(updated_at.timestamp()).unwrap().to_le_bytes())
             .chain(features.bits().to_le_bytes());
@@ -177,7 +197,7 @@ impl From<&IdentitySignature> for proto::identity::IdentitySignature {
 mod test {
     use std::str::FromStr;
 
-    use tari_crypto::keys::PublicKey;
+    use tari_crypto::keys::{PublicKey, SecretKey};
 
     use super::*;
     use crate::peer_manager::{NodeId, PeerFlags};

comms/core/src/peer_manager/node_id.rs

@@ -32,7 +32,7 @@ use std::{
 
 use blake2::{
     digest::{Update, VariableOutput},
-    VarBlake2b,
+    Blake2bVar,
 };
 use serde::{de, Deserialize, Deserializer, Serialize};
 use tari_utilities::{
@@ -74,13 +74,11 @@ impl NodeId {
     pub fn from_key<K: ByteArray>(key: &K) -> Self {
         let bytes = key.as_bytes();
         let mut buf = [0u8; NodeId::byte_size()];
-        VarBlake2b::new(NodeId::byte_size())
+        Blake2bVar::new(NodeId::byte_size())
             .expect("NodeId::byte_size() is invalid")
             .chain(bytes)
-            .finalize_variable(|hash| {
-                // Safety: output size and buf size are equal
-                buf.copy_from_slice(hash)
-            });
+            // Safety: output size and buf size are equal
+            .finalize_variable(&mut buf).unwrap();
         NodeId(buf)
     }
 

comms/core/src/utils/mod.rs

@@ -27,4 +27,3 @@ pub mod cidr;
 pub mod datetime;
 pub mod mpsc;
 pub mod multiaddr;
-pub mod signature;

comms/dht/Cargo.toml

@@ -27,7 +27,7 @@ diesel = { version = "1.4.7", features = ["sqlite", "serde_json", "chrono", "num
 diesel_migrations = "1.4.0"
 libsqlite3-sys = { version = "0.22.2", features = ["bundled"], optional = true }
 digest = "0.9.0"
-futures = { version = "^0.3.1" }
+futures = "^0.3.1"
 log = "0.4.8"
 log-mdc = "0.1.0"
 prost = "=0.9.0"

comms/dht/src/crypt.rs

@@ -28,7 +28,7 @@ use chacha20::{
     Key,
     Nonce,
 };
-use digest::Digest;
+use digest::{Digest, FixedOutput};
 use rand::{rngs::OsRng, RngCore};
 use tari_comms::types::{Challenge, CommsPublicKey};
 use tari_crypto::{
@@ -80,21 +80,16 @@ pub fn encrypt(cipher_key: &CipherKey, plain_text: &[u8]) -> Vec<u8> {
     let nonce_ga = Nonce::from_slice(&nonce);
     let mut cipher = ChaCha20::new(&cipher_key.0, nonce_ga);
 
-    // Cloning the plain text to avoid a caller thinking we have encrypted in place and losing the integral nonce added
-    // below
-    let mut plain_text_clone = plain_text.to_vec();
-
-    cipher.apply_keystream(plain_text_clone.as_mut_slice());
-
-    let mut ciphertext_integral_nonce = Vec::with_capacity(nonce.len() + plain_text_clone.len());
-    ciphertext_integral_nonce.extend(&nonce);
-    ciphertext_integral_nonce.append(&mut plain_text_clone);
-    ciphertext_integral_nonce
+    let mut buf = vec![0u8; plain_text.len() + nonce.len()];
+    buf[..nonce.len()].copy_from_slice(&nonce[..]);
+    buf[nonce.len()..].copy_from_slice(plain_text);
+    cipher.apply_keystream(&mut buf[nonce.len()..]);
+    buf
 }
 
-/// Generates a challenge for the origin MAC.
-pub fn create_origin_mac_challenge(header: &DhtMessageHeader, body: &[u8]) -> Challenge {
-    create_origin_mac_challenge_parts(
+/// Generates a 32-byte hashed challenge that commits to the message header and body
+pub fn create_message_challenge(header: &DhtMessageHeader, body: &[u8]) -> [u8; 32] {
+    create_message_challenge_parts(
         header.version,
         &header.destination,
         header.message_type,
@@ -105,29 +100,36 @@ pub fn create_origin_mac_challenge(header: &DhtMessageHeader, body: &[u8]) -> Ch
     )
 }
 
-/// Generates a challenge for the origin MAC.
-pub fn create_origin_mac_challenge_parts(
+/// Generates a 32-byte hashed challenge that commits to all message parts
+pub fn create_message_challenge_parts(
     protocol_version: DhtProtocolVersion,
     destination: &NodeDestination,
     message_type: DhtMessageType,
     flags: DhtMessageFlags,
     expires: Option<EpochTime>,
     ephemeral_public_key: Option<&CommsPublicKey>,
     body: &[u8],
-) -> Challenge {
+) -> [u8; 32] {
     let mut mac_challenge = Challenge::new();
-    mac_challenge.update(&protocol_version.to_bytes());
-    mac_challenge.update(destination.as_inner_bytes());
+    mac_challenge.update(&protocol_version.as_bytes());
+    mac_challenge.update(destination.to_inner_bytes());
     mac_challenge.update(&(message_type as i32).to_le_bytes());
     mac_challenge.update(&flags.bits().to_le_bytes());
-    if let Some(t) = expires {
-        mac_challenge.update(&t.as_u64().to_le_bytes());
-    }
-    if let Some(e_pk) = ephemeral_public_key.as_ref() {
-        mac_challenge.update(e_pk.as_bytes());
-    }
+    let expires = expires.map(|t| t.as_u64().to_le_bytes()).unwrap_or_default();
+    mac_challenge.update(&expires);
+
+    let e_pk = ephemeral_public_key
+        .map(|e_pk| {
+            let mut buf = [0u8; 32];
+            // CommsPublicKey::as_bytes returns 32-bytes
+            buf.copy_from_slice(e_pk.as_bytes());
+            buf
+        })
+        .unwrap_or_default();
+    mac_challenge.update(&e_pk);
+
     mac_challenge.update(&body);
-    mac_challenge
+    mac_challenge.finalize_fixed().into()
 }
 
 #[cfg(test)]