Commit Graph

7 Commits

Author SHA1 Message Date
Olaoluwa Osuntokun
60f66fe2d7
brontide: implement handshake versioning enforcement per the spec 2016-11-30 19:11:58 -08:00
Olaoluwa Osuntokun
75ea05aef6
brontide: the encrypted packet length is no longer the associated data
This commit modifies the current implementation to more closely match
what’s currently specified within the spec.

The encrypted+MAC’d packet length is no longer included as the
associated data for the encryption/decryption of transport messages.
This isn’t required as if an active attacker swaps out the encrypted
length in the byte string, the decryption+MAC check will simply fail as
the nonce won’t be in proper sequence.
2016-11-14 15:10:54 -08:00
Olaoluwa Osuntokun
ae84b6197b
brontide: implement cipher stream key rotation
This commit implements key rotation for brontide as-per the current
draft of the LN p2p crypto spec. Key rotation is currently performed
every 1000 messages encrypted/decrypted with a cipherState object. Key
rotation is performed by evaluating the HKDF (extracting exactly 64
bytes) with the current chaining key, and cipher key. The key rotation
is to attempted after each nonce increment making implementation easy
as the current nonce value will already be within the local scope.
2016-11-10 17:29:13 -08:00
Olaoluwa Osuntokun
767c550d65
brontide: implement message chunking for the net.Conn implementation
This commit implements message chunking within the implementation of
net.Conn which implements our initial handshake, then uses the crypto
to read/write messages.

With this change it’s now possible to send message larger than 65535
bytes over a p2p crypto connection by properly chunking the messages on
the side of the connection that’s writing.
2016-11-07 19:45:06 -08:00
Olaoluwa Osuntokun
49f9f496fb
brontide: modify the max payload length to be 65535 bytes total
This commit modifies the current implementation of the p2p crypto
protocol to further constrain the max allowed payload size. With this
change we now use 16-bits (2-bytes) for the maximum payload length.
This change puts us closer to strict adherence of the Noise spec, and
simplifies the memory management w.r.t implementing the current version
of our scheme.

Note that this doesn’t restrict the size of messages that are able to
be sent over the wire within the LN p2p protocol. Larger message can
safely be encapsulated within the crypt messages via fragmentation that
will detected take place if a larger message is detected.
2016-11-07 18:50:26 -08:00
Olaoluwa Osuntokun
9850e8667e
brontide: modify the Dial function to take a *lnwire.NetAddress 2016-10-26 19:04:27 -07:00
Olaoluwa Osuntokun
ab97d9693f
brontide: an authenticated key agreement protocol in three acts
This commit introduces Brontide: an authenticated key agreement
protocol in three acts. Brontide is the successor to lndc within lnd,
and ultimately within the greater Lighting Network. Brontide uses the
Noise_XK handshake for initial key agreement, then implements an AEAD
scheme which encrypts+authenticates both packets, and the lengths of
the packets on the wire. The initial authentication handshake preserves
the responder’s identity by never transmitting it to the initiator and
performing mutual authentication via an incremental Triple-DH based on
ECDH of secp256k1 and an HKDF which uses SHA-256.

Bronzed isn’t yet integrated within the wider daemon yet. Full
integration will land in a future pull request.
2016-10-17 19:41:29 -07:00