ciri-p2p 0.1.0

data/lib/ciri/p2p/rlpx/encryption_handshake.rb

@@ -0,0 +1,143 @@
+# frozen_string_literal: true
+#
+
+# Copyright (c) 2018 by Jiang Jinyang <jjyruby@gmail.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+
+require 'ciri/key'
+require_relative 'secrets'
+
+module Ciri
+  module P2P
+    module RLPX
+
+      SHA_LENGTH = 32
+      SIGNATURE_LENGTH = 65
+      PUBLIC_KEY_LENGTH = 64
+      ECIES_OVERHEAD = 65 + 16 + 32
+      AUTH_MSG_LENGTH = SIGNATURE_LENGTH + SHA_LENGTH + PUBLIC_KEY_LENGTH + SHA_LENGTH + 1
+      AUTH_RESP_MSG_LENGTH = PUBLIC_KEY_LENGTH + SHA_LENGTH + 1
+
+      HANDSHAKE_TIMEOUT = 5
+
+      ENC_AUTH_MSG_LENGTH = AUTH_MSG_LENGTH + ECIES_OVERHEAD
+      ENC_AUTH_RESP_MSG_LENGTH = AUTH_RESP_MSG_LENGTH + ECIES_OVERHEAD
+
+      # handle key exchange handshake
+      class EncryptionHandshake
+        attr_reader :private_key, :remote_key, :remote_random_key, :initiator_nonce, :receiver_nonce, :remote_id
+
+        def initialize(private_key:, remote_id:)
+          @private_key = private_key
+          @remote_id = remote_id
+        end
+
+        def remote_key
+          @remote_key || @remote_id.key
+        end
+
+        def random_key
+          @random_key ||= Ciri::Key.random
+        end
+
+        def auth_msg
+          # make nonce bytes
+          nonce = random_nonce(SHA_LENGTH)
+          @initiator_nonce = nonce
+          # remote first byte tag
+          token = dh_compute_key(private_key, remote_key)
+          raise StandardError.new("token size #{token.size} not correct") if token.size != nonce.size
+          # xor
+          signed = xor(token, nonce)
+
+          signature = random_key.ecdsa_signature(signed).signature
+          initiator_pubkey = private_key.raw_public_key[1..-1]
+          AuthMsgV4.new(signature: signature, initiator_pubkey: initiator_pubkey, nonce: nonce, version: 4)
+        end
+
+        def handle_auth_msg(msg)
+          @remote_key = Ciri::Key.new(raw_public_key: "\x04" + msg.initiator_pubkey)
+          @initiator_nonce = msg.nonce
+
+          token = dh_compute_key(private_key, @remote_key)
+          signed = xor(token, msg.nonce)
+          @remote_random_key = Ciri::Key.ecdsa_recover(signed, msg.signature)
+        end
+
+        def auth_ack_msg
+          # make nonce bytes
+          nonce = random_nonce(SHA_LENGTH)
+          @receiver_nonce = nonce
+          random_pubkey = random_key.raw_public_key[1..-1]
+          AuthRespV4.new(random_pubkey: random_pubkey, nonce: nonce, version: 4)
+        end
+
+        def handle_auth_ack_msg(msg)
+          # make nonce bytes
+          @receiver_nonce = msg.nonce
+          @remote_random_key = Ciri::Key.new(raw_public_key: "\x04" + msg.random_pubkey)
+        end
+
+        def extract_secrets(auth_packet, auth_ack_packet, initiator:)
+          secret = dh_compute_key(random_key, remote_random_key)
+          shared_secret = Ciri::Utils.keccak(secret, Ciri::Utils.keccak(receiver_nonce, initiator_nonce))
+          aes_secret = Ciri::Utils.keccak(secret, shared_secret)
+          mac = Ciri::Utils.keccak(secret, aes_secret)
+          secrets = Secrets.new(remote_id: remote_id, aes: aes_secret, mac: mac)
+
+          # initial secrets macs
+          mac1 = Digest::SHA3.new(256)
+          mac1.update xor(mac, receiver_nonce)
+          mac1.update auth_packet
+
+          mac2 = Digest::SHA3.new(256)
+          mac2.update xor(mac, initiator_nonce)
+          mac2.update auth_ack_packet
+
+          if initiator
+            secrets.egress_mac = mac1
+            secrets.ingress_mac = mac2
+          else
+            secrets.egress_mac = mac2
+            secrets.ingress_mac = mac1
+          end
+          secrets
+        end
+
+        private
+
+        def dh_compute_key(private_key, public_key)
+          private_key.ec_key.dh_compute_key(public_key.ec_key.public_key)
+        end
+
+        def xor(b1, b2)
+          b1.each_byte.with_index.map {|b, i| b ^ b2[i].ord}.pack('c*')
+        end
+
+        def random_nonce(size)
+          size.times.map {rand(8)}.pack('c*')
+        end
+
+      end
+    end
+  end
+end
+

data/lib/ciri/p2p/rlpx/errors.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+# Copyright (c) 2018 by Jiang Jinyang <jjyruby@gmail.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+
+module Ciri
+  module P2P
+    module RLPX
+
+      # RLPX basic error
+      class Error < StandardError
+      end
+
+    end
+  end
+end

data/lib/ciri/p2p/rlpx/frame_io.rb

@@ -0,0 +1,229 @@
+# frozen_string_literal: true
+
+# Copyright (c) 2018 by Jiang Jinyang <jjyruby@gmail.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+
+require 'stringio'
+require 'forwardable'
+require 'ciri/core_ext'
+require 'ciri/rlp/serializable'
+require_relative 'errors'
+require_relative 'message'
+
+require 'snappy'
+
+using Ciri::CoreExt
+
+module Ciri
+  module P2P
+    module RLPX
+
+      class FrameIO
+        extend Forwardable
+        def_delegators :@io, :closed?, :close, :flush
+
+        # max message size, took 3 byte to store message size, equal to uint24 max size
+        MAX_MESSAGE_SIZE = (1 << 24) - 1
+
+        class Error < RLPX::Error
+        end
+
+        class OverflowError < Error
+        end
+
+        class InvalidError < Error
+        end
+
+        attr_accessor :snappy
+
+        def initialize(io, secrets)
+          @io = io
+          @secrets = secrets
+          @snappy = false # snappy compress
+
+          mac_aes_version = secrets.mac.size * 8
+          @mac = OpenSSL::Cipher.new("AES#{mac_aes_version}")
+          @mac.encrypt
+          @mac.key = secrets.mac
+
+          # init encrypt/decrypt
+          aes_version = secrets.aes.size * 8
+          @encrypt = OpenSSL::Cipher::AES.new(aes_version, :CTR)
+          @decrypt = OpenSSL::Cipher::AES.new(aes_version, :CTR)
+          zero_iv = "\x00".b * @encrypt.iv_len
+          @encrypt.iv = zero_iv
+          @encrypt.key = secrets.aes
+          @decrypt.iv = zero_iv
+          @decrypt.key = secrets.aes
+        end
+
+        def send_data(code, data)
+          msg = Message.new(code: code, size: data.size, payload: data)
+          write_msg(msg)
+        end
+
+        def write_msg(msg)
+          pkg_type = RLP.encode_with_type msg.code, Integer, zero: "\x00"
+
+          # use snappy compress if enable
+          if snappy
+            if msg.size > MAX_MESSAGE_SIZE
+              raise OverflowError.new("Message size is overflow, msg size: #{msg.size}")
+            end
+            msg.payload = Snappy.deflate(msg.payload)
+            msg.size = msg.payload.size
+          end
+
+          # write header
+          head_buf = "\x00".b * 32
+
+          frame_size = pkg_type.size + msg.size
+          if frame_size > MAX_MESSAGE_SIZE
+            raise OverflowError.new("Message size is overflow, frame size: #{frame_size}")
+          end
+
+          write_frame_size(head_buf, frame_size)
+
+          # Can't find related RFC or RLPX Spec, below code is copy from geth
+          # write zero header, but I can't find spec or explanations of 'zero header'
+          head_buf[3..5] = [0xC2, 0x80, 0x80].pack('c*')
+          # encrypt first half
+          head_buf[0...16] = @encrypt.update(head_buf[0...16]) + @encrypt.final
+          # write header mac
+          head_buf[16...32] = update_mac(@secrets.egress_mac, head_buf[0...16])
+          @io.write head_buf
+          # write encrypt frame
+          write_frame(pkg_type)
+          write_frame(msg.payload)
+          # pad to n*16 bytes
+          if (need_padding = frame_size % 16) > 0
+            write_frame("\x00".b * (16 - need_padding))
+          end
+          finish_write_frame
+          # because we use Async::IO::Stream as IO object, we must invoke flush to make sure data is send
+          flush
+        end
+
+        def read_msg
+          # verify header mac
+          head_buf = read(32)
+          verify_mac = update_mac(@secrets.ingress_mac, head_buf[0...16])
+          unless Ciri::Utils.secret_compare(verify_mac, head_buf[16...32])
+            raise InvalidError.new('bad header mac')
+          end
+
+          # decrypt header
+          head_buf[0...16] = @decrypt.update(head_buf[0...16]) + @decrypt.final
+
+          # read frame
+          frame_size = read_frame_size head_buf
+          # frame size should padded to n*16 bytes
+          need_padding = frame_size % 16
+          padded_frame_size = need_padding > 0 ? frame_size + (16 - need_padding) : frame_size
+          frame_buf = read(padded_frame_size)
+
+          # verify frame mac
+          @secrets.ingress_mac.update(frame_buf)
+          frame_digest = @secrets.ingress_mac.digest
+          verify_mac = update_mac(@secrets.ingress_mac, frame_digest)
+          # clear head_buf 16...32 bytes(header mac), since we will not need it
+          frame_mac = head_buf[16...32] = read(16)
+          unless Ciri::Utils.secret_compare(verify_mac, frame_mac)
+            raise InvalidError.new('bad frame mac')
+          end
+
+          # decrypt frame
+          frame_content = @decrypt.update(frame_buf) + @decrypt.final
+          frame_content = frame_content[0...frame_size]
+          msg_code = RLP.decode_with_type frame_content[0], Integer
+          msg = Message.new(code: msg_code, size: frame_content.size - 1, payload: frame_content[1..-1])
+
+          # snappy decompress if enable
+          if snappy
+            msg.payload = Snappy.inflate(msg.payload)
+            msg.size = msg.payload.size
+          end
+
+          msg
+        end
+
+        private
+        def read(length)
+          if (buf = @io.read(length)).nil?
+            @io.close
+            raise EOFError.new('read EOF, connection closed')
+          end
+          buf
+        end
+
+        def write_frame_size(buf, frame_size)
+          # frame-size: 3-byte integer size of frame, big endian encoded (excludes padding)
+          bytes_of_frame_size = [
+            frame_size >> 16,
+            frame_size >> 8,
+            frame_size % 256
+          ]
+          buf[0..2] = bytes_of_frame_size.pack('c*')
+        end
+
+        def read_frame_size(buf)
+          size_bytes = buf[0..2].each_byte.map(&:ord)
+          (size_bytes[0] << 16) + (size_bytes[1] << 8) + (size_bytes[2])
+        end
+
+        def update_mac(mac, seed)
+          # reset mac each time
+          @mac.reset
+          aes_buf = (@mac.update(mac.digest) + @mac.final)[0...@mac.block_size]
+          aes_buf = aes_buf.each_byte.with_index.map {|b, i| b ^ seed[i].ord}.pack('c*')
+          mac.update(aes_buf)
+          # return first 16 byte
+          mac.digest[0...16]
+        end
+
+        # write encrypt content to @io, and update @secrets.egress_mac
+        def write_frame(string_or_io)
+          if string_or_io.is_a?(IO)
+            while (s = string_or_io.read(4096))
+              write_frame_string(s)
+            end
+          else
+            write_frame_string(string_or_io)
+          end
+        end
+
+        def write_frame_string(s)
+          encrypt_content = @encrypt.update(s) + @encrypt.final
+          # update egress_mac
+          @secrets.egress_mac.update encrypt_content
+          @io.write encrypt_content
+        end
+
+        def finish_write_frame
+          # get frame digest
+          frame_digest = @secrets.egress_mac.digest
+          @io.write update_mac(@secrets.egress_mac, frame_digest)
+        end
+      end
+
+    end
+  end
+end

data/lib/ciri/p2p/rlpx/message.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+# Copyright (c) 2018 by Jiang Jinyang <jjyruby@gmail.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+
+require 'ciri/rlp'
+
+module Ciri
+  module P2P
+    module RLPX
+
+      # RLPX message
+      class Message
+        include Ciri::RLP::Serializable
+
+        attr_accessor :received_at
+
+        schema(
+            code: Integer,
+            size: Integer,
+            payload: RLP::Bytes
+        )
+      end
+
+    end
+  end
+end