1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
use core::mem::size_of;
use std::sync::Once;
extern crate sodiumoxide;
use sodiumoxide::crypto::{auth, sign};
pub use auth::Tag as AuthTag;
pub use sign::{
sign_detached, verify_detached, PublicKey, SecretKey, Signature, PUBLICKEYBYTES,
SECRETKEYBYTES, SIGNATUREBYTES,
};
pub use sodiumoxide::crypto::secretbox;
pub mod handshake;
pub mod hash;
pub mod utils;
static INIT: Once = Once::new();
pub fn init() {
INIT.call_once(|| {
sodiumoxide::init().expect("Failed to initialize libsodium.");
});
}
pub fn generate_longterm_keypair() -> (PublicKey, SecretKey) {
sign::gen_keypair()
}
#[derive(Clone, Debug, PartialEq)]
pub struct NetworkKey(auth::Key);
impl NetworkKey {
pub const SSB_MAIN_NET: NetworkKey = NetworkKey(auth::Key([
0xd4, 0xa1, 0xcb, 0x88, 0xa6, 0x6f, 0x02, 0xf8, 0xdb, 0x63, 0x5c, 0xe2, 0x64, 0x41, 0xcc,
0x5d, 0xac, 0x1b, 0x08, 0x42, 0x0c, 0xea, 0xac, 0x23, 0x08, 0x39, 0xb7, 0x55, 0x84, 0x5a,
0x9f, 0xfb,
]));
pub fn random() -> NetworkKey {
let mut buf = [0u8; NetworkKey::size()];
utils::randombytes_into(&mut buf);
NetworkKey::from_slice(&buf).unwrap()
}
pub fn as_slice(&self) -> &[u8] {
&self.0[..]
}
pub fn from_slice(b: &[u8]) -> Option<NetworkKey> {
Some(NetworkKey(auth::Key::from_slice(b)?))
}
pub fn authenticate(&self, data: &[u8]) -> AuthTag {
auth::authenticate(data, &self.0)
}
pub fn verify(&self, tag: &AuthTag, data: &[u8]) -> bool {
auth::verify(tag, data, &self.0)
}
pub const fn size() -> usize {
size_of::<auth::Key>()
}
}
pub struct NonceGen {
next_nonce: secretbox::Nonce,
}
impl NonceGen {
pub fn new(pk: &handshake::EphPublicKey, net_id: &NetworkKey) -> NonceGen {
let hmac = auth::authenticate(&pk[..], &net_id.0);
const N: usize = size_of::<secretbox::Nonce>();
NonceGen {
next_nonce: secretbox::Nonce::from_slice(&hmac[..N]).unwrap(),
}
}
pub fn with_starting_nonce(nonce: secretbox::Nonce) -> NonceGen {
NonceGen { next_nonce: nonce }
}
pub fn next(&mut self) -> secretbox::Nonce {
let n = self.next_nonce;
for byte in self.next_nonce.0.iter_mut().rev() {
*byte = byte.wrapping_add(1);
if *byte != 0 {
break;
}
}
n
}
}
#[cfg(test)]
mod tests {
use super::{generate_longterm_keypair, handshake::*, NetworkKey, PublicKey};
use core::mem::size_of;
#[test]
fn networkkey_random() {
let a = NetworkKey::random();
let b = NetworkKey::random();
assert_ne!(a, b);
assert_ne!(
a,
NetworkKey::from_slice(&[0u8; NetworkKey::size()]).unwrap()
);
}
#[test]
fn shared_secret_with_zero() {
let (c_eph_pk, _) = generate_ephemeral_keypair();
let (c_pk, _) = generate_longterm_keypair();
let (_, s_eph_sk) = generate_ephemeral_keypair();
let (_, s_sk) = generate_longterm_keypair();
assert!(derive_shared_secret(&s_eph_sk, &c_eph_pk).is_some());
let zero_eph_pk = EphPublicKey::from_slice(&[0; size_of::<EphPublicKey>()]).unwrap();
assert!(derive_shared_secret(&s_eph_sk, &zero_eph_pk).is_none());
assert!(derive_shared_secret_pk(&s_eph_sk, &c_pk).is_some());
let zero_pk = PublicKey::from_slice(&[0; size_of::<PublicKey>()]).unwrap();
assert!(derive_shared_secret_pk(&s_eph_sk, &zero_pk).is_none());
assert!(derive_shared_secret_sk(&s_sk, &c_eph_pk).is_some());
assert!(derive_shared_secret_sk(&s_sk, &zero_eph_pk).is_none());
}
}