git ssb

0+

farewellutopia-dev / deno-ssb-experiments



Commit d486ca5e3386b45fa5058ed4b11114a7b1cba51b

Moved simmetric key computation to connection

Reto Gmür committed on 8/17/2021, 12:48:18 PM
Parent: 014d8921fce193c2007afab069201a9633d3d87a

Files changed

BoxConnection.tschanged
ScuttlebuttPeer.tschanged
BoxConnection.tsView
@@ -1,18 +1,48 @@
11 import sodium from "https://deno.land/x/sodium@0.2.0/sumo.ts";
2-import { concat, isZero, log, readBytes } from "./util.ts";
2 +import { concat, FeedId, isZero, log, readBytes } from "./util.ts";
3 +import config from "./config.ts";
34
45 export default class BoxConnection extends EventTarget
56 implements Deno.Reader, Deno.Writer, Deno.Closer {
67 closed = false;
8 + serverToClientKey: Uint8Array;
9 + clientToServerKey: Uint8Array;
10 + serverToClientNonce: Uint8Array;
11 + clientToServerNonce: Uint8Array;
12 + peer: FeedId;
713 constructor(
814 public conn: Deno.Reader & Deno.Writer & Deno.Closer,
9- public serverToClientKey: Uint8Array,
10- public serverToClientNonce: Uint8Array,
11- public clientToServerKey: Uint8Array,
12- public clientToServerNonce: Uint8Array,
15 + combinedSharedSecret: Uint8Array,
16 + ourLongTermPublicKey: Uint8Array,
17 + theirLongTermPublicKey: Uint8Array,
18 + ourEphemeralPublicKey: Uint8Array,
19 + theirEphemeralTermPublicKey: Uint8Array,
1320 ) {
1421 super();
22 + this.peer = new FeedId(theirLongTermPublicKey);
23 + this.serverToClientKey = sodium.crypto_hash_sha256(
24 + concat(
25 + combinedSharedSecret,
26 + ourLongTermPublicKey,
27 + ),
28 + );
29 +
30 + this.clientToServerKey = sodium.crypto_hash_sha256(
31 + concat(
32 + combinedSharedSecret,
33 + theirLongTermPublicKey,
34 + ),
35 + );
36 +
37 + this.serverToClientNonce = sodium.crypto_auth(
38 + ourEphemeralPublicKey,
39 + config.networkIdentifier,
40 + ).slice(0, 24);
41 + this.clientToServerNonce = sodium.crypto_auth(
42 + theirEphemeralTermPublicKey,
43 + config.networkIdentifier,
44 + ).slice(0, 24);
1545 }
1646
1747 pendingData: Uint8Array | null = null;
1848
ScuttlebuttPeer.tsView
@@ -14,11 +14,9 @@
1414 import { advertise } from "./udpPeerDiscoverer.ts";
1515
1616 /** A peer with an identity and the abity to connect to other peers using the Secure Scuttlebutt Handshake */
1717 export default class ScuttlebuttPeer extends EventTarget {
18- network_identifier = fromBase64(
19- "1KHLiKZvAvjbY1ziZEHMXawbCEIM6qwjCDm3VYRan/s=",
20- );
18 + network_identifier = config.networkIdentifier;
2119 keyPair = getClientKeyPair();
2220 id = "@" +
2321 toBase64(
2422 this.keyPair.publicKey,
@@ -147,52 +145,24 @@
147145 if (!verification2) {
148146 throw new Error("Verification of the server's second response failed");
149147 }
150148
151- const serverToClientKey = sodium.crypto_hash_sha256(
149 + const combinedSharedSecret = sodium.crypto_hash_sha256(
152150 concat(
153- sodium.crypto_hash_sha256(sodium.crypto_hash_sha256(
154- concat(
155- this.network_identifier,
156- shared_secret_ab,
157- shared_secret_aB,
158- shared_secret_Ab,
159- ),
160- )),
161- this.keyPair.publicKey,
151 + this.network_identifier,
152 + shared_secret_ab,
153 + shared_secret_aB,
154 + shared_secret_Ab,
162155 ),
163156 );
164157
165- const clientToServerKey = sodium.crypto_hash_sha256(
166- concat(
167- sodium.crypto_hash_sha256(sodium.crypto_hash_sha256(
168- concat(
169- this.network_identifier,
170- shared_secret_ab,
171- shared_secret_aB,
172- shared_secret_Ab,
173- ),
174- )),
175- server_longterm_pk,
176- ),
177- );
178-
179- const network_identifier = this.network_identifier;
180- const serverToClientNonce = sodium.crypto_auth(
158 + const connection = new BoxConnection(
159 + conn,
160 + combinedSharedSecret,
161 + this.keyPair.publicKey,
162 + server_longterm_pk,
181163 clientEphemeralKeyPair.publicKey,
182- network_identifier,
183- ).slice(0, 24);
184- const clientToServerNonce = sodium.crypto_auth(
185164 server_ephemeral_pk,
186- network_identifier,
187- ).slice(0, 24);
188-
189- const connection = new BoxConnection(
190- conn,
191- serverToClientKey,
192- serverToClientNonce,
193- clientToServerKey,
194- clientToServerNonce,
195165 );
196166 this.connections.push(connection);
197167 connection.addEventListener("close", () => {
198168 log.debug(
@@ -299,52 +269,24 @@
299269 ),
300270 );
301271 await conn.write(completionMsg);
302272
303- //FIXME code duplicatio
304- const serverToClientKey = sodium.crypto_hash_sha256(
273 + const combinedSharedSecret = sodium.crypto_hash_sha256(
305274 concat(
306- sodium.crypto_hash_sha256(sodium.crypto_hash_sha256(
307- concat(
308- this.network_identifier,
309- shared_secret_ab,
310- shared_secret_aB,
311- shared_secret_Ab,
312- ),
313- )),
314- client_longterm_pk,
275 + this.network_identifier,
276 + shared_secret_ab,
277 + shared_secret_aB,
278 + shared_secret_Ab,
315279 ),
316280 );
317281
318- const clientToServerKey = sodium.crypto_hash_sha256(
319- concat(
320- sodium.crypto_hash_sha256(sodium.crypto_hash_sha256(
321- concat(
322- this.network_identifier,
323- shared_secret_ab,
324- shared_secret_aB,
325- shared_secret_Ab,
326- ),
327- )),
328- this.keyPair.publicKey,
329- ),
330- );
331-
332- const serverToClientNonce = sodium.crypto_auth(
333- client_ephemeral_pk,
334- this.network_identifier,
335- ).slice(0, 24);
336- const clientToServerNonce = sodium.crypto_auth(
337- serverEphemeralKeyPair.publicKey,
338- this.network_identifier,
339- ).slice(0, 24);
340-
341282 const connection = new BoxConnection(
342283 conn,
343- clientToServerKey,
344- clientToServerNonce,
345- serverToClientKey,
346- serverToClientNonce,
284 + combinedSharedSecret,
285 + this.keyPair.publicKey,
286 + client_longterm_pk,
287 + serverEphemeralKeyPair.publicKey,
288 + client_ephemeral_pk,
347289 );
348290 this.connections.push(connection);
349291 connection.addEventListener("close", () => {
350292 log.debug(

Built with git-ssb-web