Skip to content

Commit

Permalink
Update message and signature key types
Browse files Browse the repository at this point in the history
  • Loading branch information
AaronFeickert committed Dec 16, 2022
1 parent 75eabc8 commit b4f3eb9
Show file tree
Hide file tree
Showing 6 changed files with 78 additions and 92 deletions.
133 changes: 60 additions & 73 deletions comms/dht/src/crypt.rs

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion comms/dht/src/dht.rs
Original file line number Diff line number Diff line change
Expand Up @@ -620,7 +620,7 @@ mod test {
let ecdh_key = CommsDHKE::new(node_identity2.secret_key(), node_identity2.public_key());
let key_message = crypt::generate_key_message(&ecdh_key);
let mut encrypted_bytes = msg.encode_into_bytes_mut();
crypt::encrypt(&key_message, &mut encrypted_bytes).unwrap();
crypt::encrypt_message(&key_message, &mut encrypted_bytes).unwrap();
let dht_envelope = make_dht_envelope(
&node_identity2,
&encrypted_bytes.to_vec(),
Expand Down
16 changes: 8 additions & 8 deletions comms/dht/src/inbound/decryption.rs
Original file line number Diff line number Diff line change
Expand Up @@ -390,8 +390,8 @@ where S: Service<DecryptedDhtMessage, Response = (), Error = PipelineError>
.ok_or( DecryptionError::MessageSignatureNotProvidedForEncryptedMessage)?;

// obtain key signature for authenticated decrypt signature
let key_signature = crypt::generate_key_signature_for_authenticated_encryption(shared_secret);
let decrypted_bytes = crypt::decrypt_with_chacha20_poly1305(&key_signature, encrypted_message_signature)
let key_signature = crypt::generate_key_signature(shared_secret);
let decrypted_bytes = crypt::decrypt_signature(&key_signature, encrypted_message_signature)
.map_err(|_| DecryptionError::MessageSignatureDecryptedFailed)?;
let message_signature = ProtoMessageSignature::decode(decrypted_bytes.as_slice())
.map_err(|_| DecryptionError::MessageSignatureDeserializedFailed)?;
Expand All @@ -408,7 +408,8 @@ where S: Service<DecryptedDhtMessage, Response = (), Error = PipelineError>
) -> Result<EnvelopeBody, DecryptionError> {
let key_message = crypt::generate_key_message(shared_secret);
let mut decrypted = BytesMut::from(message_body);
crypt::decrypt(&key_message, &mut decrypted).map_err(DecryptionError::DecryptionFailedMalformedCipher)?;
crypt::decrypt_message(&key_message, &mut decrypted)
.map_err(DecryptionError::DecryptionFailedMalformedCipher)?;
// Deserialization into an EnvelopeBody is done here to determine if the
// decryption produced valid bytes or not.
EnvelopeBody::decode(decrypted.freeze())
Expand Down Expand Up @@ -643,7 +644,7 @@ mod test {
let msg_tag = MessageTag::new();

let mut message = plain_text_msg.clone();
crypt::encrypt(&key_message, &mut message).unwrap();
crypt::encrypt_message(&key_message, &mut message).unwrap();
let message = message.freeze();
let header = make_dht_header(
&node_identity,
Expand All @@ -668,10 +669,9 @@ mod test {
// Sign invalid data. Other peers cannot validate this while propagating, but this should not cause them to be
// banned.
let signature = make_valid_message_signature(&node_identity, b"sign invalid data");
let key_signature = crypt::generate_key_signature_for_authenticated_encryption(&shared_secret);
let key_signature = crypt::generate_key_signature(&shared_secret);

inbound_msg.dht_header.message_signature =
crypt::encrypt_with_chacha20_poly1305(&key_signature, &signature).unwrap();
inbound_msg.dht_header.message_signature = crypt::encrypt_signature(&key_signature, &signature).unwrap();

let err = service.call(inbound_msg).await.unwrap_err();
let err = err.downcast::<DecryptionError>().unwrap();
Expand Down Expand Up @@ -706,7 +706,7 @@ mod test {
let msg_tag = MessageTag::new();

let mut message = plain_text_msg.clone();
crypt::encrypt(&key_message, &mut message).unwrap();
crypt::encrypt_message(&key_message, &mut message).unwrap();
let message = message.freeze();
let header = make_dht_header(
&node_identity,
Expand Down
7 changes: 3 additions & 4 deletions comms/dht/src/outbound/broadcast.rs
Original file line number Diff line number Diff line change
Expand Up @@ -498,7 +498,7 @@ where S: Service<DhtOutboundMessage, Response = (), Error = PipelineError>
// Generate key message for encryption of message
let key_message = crypt::generate_key_message(&shared_ephemeral_secret);
// Encrypt the message with the body with key message above
crypt::encrypt(&key_message, &mut body)?;
crypt::encrypt_message(&key_message, &mut body)?;
let encrypted_body = body.freeze();

// Produce domain separated signature signature
Expand All @@ -513,16 +513,15 @@ where S: Service<DhtOutboundMessage, Response = (), Error = PipelineError>
);

// Generate key signature for encryption of signature
let key_signature =
crypt::generate_key_signature_for_authenticated_encryption(&shared_ephemeral_secret);
let key_signature = crypt::generate_key_signature(&shared_ephemeral_secret);

// Sign the encrypted message
let signature =
MessageSignature::new_signed(self.node_identity.secret_key().clone(), &mac_signature).to_proto();

// Perform authenticated encryption with ChaCha20-Poly1305 and set the origin field
let encrypted_message_signature =
crypt::encrypt_with_chacha20_poly1305(&key_signature, &signature.to_encoded_bytes())?;
crypt::encrypt_signature(&key_signature, &signature.to_encoded_bytes())?;

Ok((
Some(Arc::new(e_public_key)),
Expand Down
6 changes: 3 additions & 3 deletions comms/dht/src/store_forward/saf_handler/task.rs
Original file line number Diff line number Diff line change
Expand Up @@ -558,8 +558,8 @@ where S: Service<DecryptedDhtMessage, Response = (), Error = PipelineError>
header.message_signature.len()
);
let shared_secret = CommsDHKE::new(node_identity.secret_key(), ephemeral_public_key);
let key_signature = crypt::generate_key_signature_for_authenticated_encryption(&shared_secret);
let decrypted = crypt::decrypt_with_chacha20_poly1305(&key_signature, &header.message_signature)?;
let key_signature = crypt::generate_key_signature(&shared_secret);
let decrypted = crypt::decrypt_signature(&key_signature, &header.message_signature)?;
let authenticated_pk = Self::authenticate_message(&decrypted, header, body)?;

trace!(
Expand All @@ -570,7 +570,7 @@ where S: Service<DecryptedDhtMessage, Response = (), Error = PipelineError>

let key_message = crypt::generate_key_message(&shared_secret);
let mut decrypted_bytes = BytesMut::from(body);
crypt::decrypt(&key_message, &mut decrypted_bytes)?;
crypt::decrypt_message(&key_message, &mut decrypted_bytes)?;
let envelope_body =
EnvelopeBody::decode(decrypted_bytes.freeze()).map_err(|_| StoreAndForwardError::DecryptionFailed)?;
if envelope_body.is_empty() {
Expand Down
6 changes: 3 additions & 3 deletions comms/dht/src/test_utils/makers.rs
Original file line number Diff line number Diff line change
Expand Up @@ -98,8 +98,8 @@ pub fn make_dht_header(
let signature = make_valid_message_signature(node_identity, &binding_message_representation);
if flags.is_encrypted() {
let shared_secret = CommsDHKE::new(e_secret_key, node_identity.public_key());
let key_signature = crypt::generate_key_signature_for_authenticated_encryption(&shared_secret);
message_signature = crypt::encrypt_with_chacha20_poly1305(&key_signature, &signature)?;
let key_signature = crypt::generate_key_signature(&shared_secret);
message_signature = crypt::encrypt_signature(&key_signature, &signature)?;
}
}
Ok(DhtMessageHeader {
Expand Down Expand Up @@ -203,7 +203,7 @@ pub fn make_dht_envelope<T: prost::Message>(
let shared_secret = CommsDHKE::new(&e_secret_key, node_identity.public_key());
let key_message = crypt::generate_key_message(&shared_secret);
let mut message = prepare_message(true, message);
crypt::encrypt(&key_message, &mut message).unwrap();
crypt::encrypt_message(&key_message, &mut message).unwrap();
message.freeze()
} else {
prepare_message(false, message).freeze()
Expand Down

0 comments on commit b4f3eb9

Please sign in to comment.