Commit Graph

26 Commits

Author SHA1 Message Date
Oliver Gugger
535a22c590
server+brontide: use ECDH interface for brontide handshake 2020-05-20 09:06:56 +02:00
Lars Lehtonen
4d4da3c07c brontide: fix goroutine in test 2019-09-13 16:50:53 +00:00
Conner Fromknecht
12ec999252
brontide/noise_test: defer wait group decrement
If any of the checks in the goroutine fail, the test will deadlock since
the waitgroup is never released.
2019-04-22 16:04:37 -07:00
Conner Fromknecht
e3728da478
brontide/noise_test: add TestFlush 2019-04-22 16:04:24 -07:00
Conner Fromknecht
333caac09c
brontide/noise_test: add timeoutWriter 2019-04-22 16:04:08 -07:00
Conner Fromknecht
73cf352daa
brontide/conn: migrate to WriteMessage + Flush
This commit modifies WriteMessage to only perform encryption on the
passed plaintext, and buffer the ciphertext within the connection
object. We then modify internal uses of WriteMessage to follow with a
call to Flush, which actually writes the message to the wire.
Additionally, since WriteMessage does not actually perform the write
itself, the io.Writer argument is removed from the function signature
and all call sites.
2019-04-22 16:03:56 -07:00
Conner Fromknecht
1ded697e8d
multi: sort import paths with gofmt 2018-08-02 18:20:49 -07:00
Olaoluwa Osuntokun
6f60f139f4 multi: switch over import paths from roasbeef/* to btcsuite/* 2018-07-13 17:05:39 -07:00
Conner Fromknecht
c22b46d462
brontide/noise_test: test parallel handshakes 2018-04-02 12:51:44 -07:00
practicalswift
a93736d21e multi: comprehensive typo fixes across all packages 2018-02-06 19:11:11 -08:00
MeshCollider
945be73bca brontide: Make dialer parameter in brontide.Dial non-optional 2018-02-05 17:37:46 -08:00
Adam Gibson
a6c0ba0c35
Add tests for key rotation from BOLT8 test vectors
This adds a test of encryption/decryption of 1002 copies
of a message "hello" so as to test the test vectors in the
final section of BOLT 8 ("transport-message test").
It also corrects some typos in the preceding section of the
same function (TestBolt0008TestVectors).
2018-01-28 06:38:21 +01:00
Olaoluwa Osuntokun
b3000b621b
brontide: within tests, listen on localhost rather than all interfaces 2017-11-01 15:30:57 -07:00
Olaoluwa Osuntokun
eb84d34b8d
brontide: don't run tests that use establishTestConnection in parallel 2017-11-01 15:12:13 -07:00
Olaoluwa Osuntokun
6a42e9057d
brontide: ensure connections are closed after test completion 2017-11-01 13:55:49 -07:00
Olaoluwa Osuntokun
1899847823
brontide: make establishTestConnection full async
In this commit we modify the establishTestConnection() function that
each of the brontide unit tests utilize. Before this commit, we would
fully block on the Accept method of the listener. Since then it has
been observed, that at times if Accept blocks indefinitely, then the
entire test will fail after 10 minutes. To allow the test to return
early with a pertinent error, we’ll now make the entire test async, so
we can immediately return with an error if detected.
2017-11-01 13:28:29 -07:00
Olaoluwa Osuntokun
91e14497bb
brontide: add a test case to exercise all BOLT-0008 test vectors 2017-08-01 17:18:05 -07:00
Olaoluwa Osuntokun
1be4d67ce4
multi: run all test instances in parallel 2017-06-17 01:00:07 +02:00
Andrey Samokhvalov
fd97a4bd19 lnd: partially fix golint warnings 2017-03-13 16:30:23 -07:00
Olaoluwa Osuntokun
d046efb502
brontide: exclude MAC length from cipher text packet length prefix
Pervasively we would include the length of the MAC in the length prefix
for cipher text packets. As a result, the MAC would eat into the total
payload size. To remedy this, we now exclude the MAC from the length
prefix for cipher text packets, and instead account for the length of
the MAC on the packet when reading messages.
2017-01-07 21:21:52 -08:00
Olaoluwa Osuntokun
ad180b4fba
brontide: fix bug in final sender/receiver key derivation
This commit fixes a bug in our key derivation for the final step of the
key exchange. In our code we were swapping the order of the salt and
input keyeing material to the HKDF function. This was triggered by the
argument order of the golang implementation we’re currently using has
the “secret” of IKM argument first, instead of second as defined within
rfc5869.

To fix this, we simply need to swap function arguments in two places:
within the split() function and during key rotation.

This bug was discovered by Rusty Russell, thanks!
2016-12-13 11:32:02 -08:00
Olaoluwa Osuntokun
60f66fe2d7
brontide: implement handshake versioning enforcement per the spec 2016-11-30 19:11:58 -08:00
Olaoluwa Osuntokun
767c550d65
brontide: implement message chunking for the net.Conn implementation
This commit implements message chunking within the implementation of
net.Conn which implements our initial handshake, then uses the crypto
to read/write messages.

With this change it’s now possible to send message larger than 65535
bytes over a p2p crypto connection by properly chunking the messages on
the side of the connection that’s writing.
2016-11-07 19:45:06 -08:00
Olaoluwa Osuntokun
49f9f496fb
brontide: modify the max payload length to be 65535 bytes total
This commit modifies the current implementation of the p2p crypto
protocol to further constrain the max allowed payload size. With this
change we now use 16-bits (2-bytes) for the maximum payload length.
This change puts us closer to strict adherence of the Noise spec, and
simplifies the memory management w.r.t implementing the current version
of our scheme.

Note that this doesn’t restrict the size of messages that are able to
be sent over the wire within the LN p2p protocol. Larger message can
safely be encapsulated within the crypt messages via fragmentation that
will detected take place if a larger message is detected.
2016-11-07 18:50:26 -08:00
Olaoluwa Osuntokun
9850e8667e
brontide: modify the Dial function to take a *lnwire.NetAddress 2016-10-26 19:04:27 -07:00
Olaoluwa Osuntokun
ab97d9693f
brontide: an authenticated key agreement protocol in three acts
This commit introduces Brontide: an authenticated key agreement
protocol in three acts. Brontide is the successor to lndc within lnd,
and ultimately within the greater Lighting Network. Brontide uses the
Noise_XK handshake for initial key agreement, then implements an AEAD
scheme which encrypts+authenticates both packets, and the lengths of
the packets on the wire. The initial authentication handshake preserves
the responder’s identity by never transmitting it to the initiator and
performing mutual authentication via an incremental Triple-DH based on
ECDH of secp256k1 and an HKDF which uses SHA-256.

Bronzed isn’t yet integrated within the wider daemon yet. Full
integration will land in a future pull request.
2016-10-17 19:41:29 -07:00