ciri 0.0.0

data/lib/ciri/devp2p/rlpx.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+#
+
+# Copyright (c) 2018, by Jiang Jinyang. <https://justjjy.com>
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+require_relative 'rlpx/node'
+require_relative 'rlpx/message'
+require_relative 'rlpx/frame_io'
+require_relative 'rlpx/protocol_messages'
+require_relative 'rlpx/encryption_handshake'

data/lib/ciri/devp2p/rlpx/connection.rb

@@ -0,0 +1,179 @@
+# frozen_string_literal: true
+
+# Copyright (c) 2018, by Jiang Jinyang. <https://justjjy.com>
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+
+require 'ciri/rlp'
+require 'socket'
+require 'forwardable'
+require_relative 'frame_io'
+require_relative 'protocol_messages'
+require_relative 'error'
+require_relative 'encryption_handshake'
+
+module Ciri
+  module DevP2P
+    module RLPX
+
+      # RLPX::Connection implement RLPX protocol operations
+      # all operations end with bang(!)
+      class Connection
+        extend Forwardable
+
+        def_delegators :@frame_io, :read_msg, :write_msg, :send_data
+
+        class Error < RLPX::Error
+        end
+
+        class MessageOverflowError < Error
+        end
+
+        class UnexpectedMessageError < Error
+        end
+
+        class FormatError < Error
+        end
+
+        def initialize(io)
+          set_timeout(io)
+          @io = io
+          @frame_io = nil
+        end
+
+        # Encryption handshake, exchange keys with node, must been invoked before other operations
+        def encryption_handshake!(private_key:, node_id: nil)
+          enc_handshake = EncryptionHandshake.new(private_key: private_key, remote_id: node_id)
+          secrets = node_id.nil? ? receiver_enc_handshake(enc_handshake) : initiator_enc_handshake(enc_handshake)
+          @frame_io = FrameIO.new(@io, secrets)
+        end
+
+        # protocol handshake
+        def protocol_handshake!(our_hs)
+          @frame_io.send_data(MESSAGES[:handshake], our_hs.rlp_encode!)
+          remote_hs = read_protocol_handshake
+          # enable snappy compress if remote peer support
+          @frame_io.snappy = remote_hs.version >= SNAPPY_PROTOCOL_VERSION
+          remote_hs
+        end
+
+        private
+        def receiver_enc_handshake(receiver)
+          auth_msg_binary, auth_packet = read_enc_handshake_msg(ENC_AUTH_MSG_LENGTH, receiver.private_key)
+          auth_msg = AuthMsgV4.rlp_decode(auth_msg_binary)
+          receiver.handle_auth_msg(auth_msg)
+
+          auth_ack_msg = receiver.auth_ack_msg
+          auth_ack_msg_plain_text = auth_ack_msg.rlp_encode!
+          auth_ack_packet = if auth_msg.got_plain
+                              raise NotImplementedError.new('not support pre eip8 plain text seal')
+                            else
+                              seal_eip8(auth_ack_msg_plain_text, receiver)
+                            end
+          @io.write(auth_ack_packet)
+
+          receiver.extract_secrets(auth_packet, auth_ack_packet, initiator: false)
+        end
+
+        def initiator_enc_handshake(initiator)
+          initiator_auth_msg = initiator.auth_msg
+          auth_msg_plain_text = initiator_auth_msg.rlp_encode!
+          # seal eip8
+          auth_packet = seal_eip8(auth_msg_plain_text, initiator)
+          @io.write(auth_packet)
+
+          auth_ack_mgs_binary, auth_ack_packet = read_enc_handshake_msg(ENC_AUTH_RESP_MSG_LENGTH, initiator.private_key)
+          auth_ack_msg = AuthRespV4.rlp_decode! auth_ack_mgs_binary
+          initiator.handle_auth_ack_msg(auth_ack_msg)
+
+          initiator.extract_secrets(auth_packet, auth_ack_packet, initiator: true)
+        end
+
+        def read_enc_handshake_msg(plain_size, private_key)
+          packet = @io.read(plain_size)
+
+          decrypt_binary_msg = begin
+            private_key.ecies_decrypt(packet)
+          rescue Crypto::ECIESDecryptionError => e
+            nil
+          end
+
+          # pre eip old plain format
+          return decrypt_binary_msg if decrypt_binary_msg
+
+          # try decode eip8 format
+          prefix = packet[0...2]
+          size = Ciri::Utils.big_endian_decode(prefix)
+          raise FormatError.new("EIP8 format message size #{size} less than plain_size #{plain_size}") if size < plain_size
+
+          # continue read remain bytes
+          packet << @io.read(size - plain_size + 2)
+          # decrypt message
+          [private_key.ecies_decrypt(packet[2..-1], prefix), packet]
+        end
+
+        def read_protocol_handshake
+          msg = @frame_io.read_msg
+
+          if msg.size > BASE_PROTOCOL_MAX_MSG_SIZE
+            raise MessageOverflowError.new("message size #{msg.size} is too big")
+          end
+          if msg.code == MESSAGES[:discovery]
+            payload = RLP.decode(msg.payload)
+            raise UnexpectedMessageError.new("expected handshake, get discovery, reason: #{payload}")
+          end
+          if msg.code != MESSAGES[:handshake]
+            raise UnexpectedMessageError.new("expected handshake, get #{msg.code}")
+          end
+          ProtocolHandshake.rlp_decode!(msg.payload)
+        end
+
+        def set_timeout(io)
+          timeout = HANDSHAKE_TIMEOUT
+
+          if io.is_a?(BasicSocket)
+            secs = Integer(timeout)
+            usecs = Integer((timeout - secs) * 1_000_000)
+            optval = [secs, usecs].pack("l_2")
+            io.setsockopt Socket::SOL_SOCKET, Socket::SO_RCVTIMEO, optval
+            io.setsockopt Socket::SOL_SOCKET, Socket::SO_SNDTIMEO, optval
+          end
+        end
+
+        def seal_eip8(encoded_msg, handshake)
+          # padding encoded message, make message distinguished from pre eip8
+          encoded_msg += "\x00".b * rand(100..300)
+          prefix = encoded_prefix(encoded_msg.size + ECIES_OVERHEAD)
+
+          enc = handshake.remote_key.ecies_encrypt(encoded_msg, prefix)
+          prefix + enc
+        end
+
+        # encode 16 uint prefix
+        def encoded_prefix(n)
+          prefix = Utils.big_endian_encode(n)
+          # pad to 2 bytes
+          prefix.ljust(2, "\x00".b)
+        end
+      end
+
+    end
+  end
+end

data/lib/ciri/devp2p/rlpx/encryption_handshake.rb

@@ -0,0 +1,143 @@
+# frozen_string_literal: true
+#
+
+# Copyright (c) 2018, by Jiang Jinyang. <https://justjjy.com>
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+
+require 'ciri/key'
+require 'digest/sha3'
+require_relative 'secrets'
+
+module Ciri
+  module DevP2P
+    module RLPX
+
+      SHA_LENGTH = 32
+      SIGNATURE_LENGTH = 65
+      PUBLIC_KEY_LENGTH = 64
+      ECIES_OVERHEAD = 65 + 16 + 32
+      AUTH_MSG_LENGTH = SIGNATURE_LENGTH + SHA_LENGTH + PUBLIC_KEY_LENGTH + SHA_LENGTH + 1
+      AUTH_RESP_MSG_LENGTH = PUBLIC_KEY_LENGTH + SHA_LENGTH + 1
+
+      HANDSHAKE_TIMEOUT = 5
+
+      ENC_AUTH_MSG_LENGTH = AUTH_MSG_LENGTH + ECIES_OVERHEAD
+      ENC_AUTH_RESP_MSG_LENGTH = AUTH_RESP_MSG_LENGTH + ECIES_OVERHEAD
+
+      # handle key exchange handshake
+      class EncryptionHandshake
+        attr_reader :private_key, :remote_key, :remote_random_key, :initiator_nonce, :receiver_nonce, :remote_id
+
+        def initialize(private_key:, remote_id:)
+          @private_key = private_key
+          @remote_id = remote_id
+        end
+
+        def remote_key
+          @remote_key || @remote_id.key
+        end
+
+        def random_key
+          @random_key ||= Ciri::Key.random
+        end
+
+        def auth_msg
+          # make nonce bytes
+          nonce = random_nonce(SHA_LENGTH)
+          @initiator_nonce = nonce
+          # remote first byte tag
+          token = dh_compute_key(private_key, remote_key)
+          raise StandardError.new("token size #{token.size} not correct") if token.size != nonce.size
+          # xor
+          signed = xor(token, nonce)
+
+          signature = random_key.ecdsa_signature(signed)
+          initiator_pubkey = private_key.raw_public_key[1..-1]
+          AuthMsgV4.new(signature: signature, initiator_pubkey: initiator_pubkey, nonce: nonce, version: 4)
+        end
+
+        def handle_auth_msg(msg)
+          @remote_key = Ciri::Key.new(raw_public_key: "\x04" + msg.initiator_pubkey)
+          @initiator_nonce = msg.nonce
+
+          token = dh_compute_key(private_key, @remote_key)
+          signed = xor(token, msg.nonce)
+          @remote_random_key = Ciri::Key.ecdsa_recover(signed, msg.signature)
+        end
+
+        def auth_ack_msg
+          # make nonce bytes
+          nonce = random_nonce(SHA_LENGTH)
+          @receiver_nonce = nonce
+          random_pubkey = random_key.raw_public_key[1..-1]
+          AuthRespV4.new(random_pubkey: random_pubkey, nonce: nonce, version: 4)
+        end
+
+        def handle_auth_ack_msg(msg)
+          # make nonce bytes
+          @receiver_nonce = msg.nonce
+          @remote_random_key = Ciri::Key.new(raw_public_key: "\x04" + msg.random_pubkey)
+        end
+
+        def extract_secrets(auth_packet, auth_ack_packet, initiator:)
+          secret = dh_compute_key(random_key, remote_random_key)
+          shared_secret = Ciri::Utils.sha3(secret, Ciri::Utils.sha3(receiver_nonce, initiator_nonce))
+          aes_secret = Ciri::Utils.sha3(secret, shared_secret)
+          mac = Ciri::Utils.sha3(secret, aes_secret)
+          secrets = Secrets.new(remote_id: remote_id, aes: aes_secret, mac: mac)
+
+          # initial secrets macs
+          mac1 = Digest::SHA3.new(256)
+          mac1.update xor(mac, receiver_nonce)
+          mac1.update auth_packet
+
+          mac2 = Digest::SHA3.new(256)
+          mac2.update xor(mac, initiator_nonce)
+          mac2.update auth_ack_packet
+
+          if initiator
+            secrets.egress_mac = mac1
+            secrets.ingress_mac = mac2
+          else
+            secrets.egress_mac = mac2
+            secrets.ingress_mac = mac1
+          end
+          secrets
+        end
+
+        private
+
+        def dh_compute_key(private_key, public_key)
+          private_key.ec_key.dh_compute_key(public_key.ec_key.public_key)
+        end
+
+        def xor(b1, b2)
+          b1.each_byte.with_index.map {|b, i| b ^ b2[i].ord}.pack('c*')
+        end
+
+        def random_nonce(size)
+          size.times.map {rand(8)}.pack('c*')
+        end
+
+      end
+    end
+  end
+end

data/lib/ciri/devp2p/rlpx/error.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+# Copyright (c) 2018, by Jiang Jinyang. <https://justjjy.com>
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+
+module Ciri
+  module DevP2P
+    module RLPX
+
+      # RLPX basic error
+      class Error < StandardError
+      end
+
+    end
+  end
+end

data/lib/ciri/devp2p/rlpx/frame_io.rb

@@ -0,0 +1,221 @@
+# frozen_string_literal: true
+
+# Copyright (c) 2018, by Jiang Jinyang. <https://justjjy.com>
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+
+require 'stringio'
+require 'ciri/rlp/serializable'
+require_relative 'error'
+require_relative 'message'
+
+require 'snappy'
+
+module Ciri
+  module DevP2P
+    module RLPX
+
+      class FrameIO
+
+        # max message size, took 3 byte to store message size, equal to uint24 max size
+        MAX_MESSAGE_SIZE = (1 << 24) - 1
+
+        class Error < RLPX::Error
+        end
+
+        class OverflowError < Error
+        end
+
+        class InvalidError < Error
+        end
+
+        attr_accessor :snappy
+
+        def initialize(io, secrets)
+          @io = io
+          @secrets = secrets
+          @snappy = false # snappy compress
+
+          mac_aes_version = secrets.mac.size * 8
+          @mac = OpenSSL::Cipher.new("AES#{mac_aes_version}")
+          @mac.encrypt
+          @mac.key = secrets.mac
+
+          # init encrypt/decrypt
+          aes_version = secrets.aes.size * 8
+          @encrypt = OpenSSL::Cipher::AES.new(aes_version, :CTR)
+          @decrypt = OpenSSL::Cipher::AES.new(aes_version, :CTR)
+          zero_iv = "\x00".b * @encrypt.iv_len
+          @encrypt.iv = zero_iv
+          @encrypt.key = secrets.aes
+          @decrypt.iv = zero_iv
+          @decrypt.key = secrets.aes
+        end
+
+        def send_data(code, data)
+          msg = Message.new(code: code, size: data.size, payload: data)
+          write_msg(msg)
+        end
+
+        def write_msg(msg)
+          pkg_type = RLP.encode_with_type msg.code, Integer, zero: "\x00"
+
+          # use snappy compress if enable
+          if snappy
+            if msg.size > MAX_MESSAGE_SIZE
+              raise OverflowError.new("Message size is overflow, msg size: #{msg.size}")
+            end
+            msg.payload = Snappy.deflate(msg.payload)
+            msg.size = msg.payload.size
+          end
+
+          # write header
+          head_buf = "\x00".b * 32
+
+          frame_size = pkg_type.size + msg.size
+          if frame_size > MAX_MESSAGE_SIZE
+            raise OverflowError.new("Message size is overflow, frame size: #{frame_size}")
+          end
+
+          write_frame_size(head_buf, frame_size)
+
+          # Can't find related RFC or RLPX Spec, below code is copy from geth
+          # write zero header, but I can't find spec or explanations of 'zero header'
+          head_buf[3..5] = [0xC2, 0x80, 0x80].pack('c*')
+          # encrypt first half
+          head_buf[0...16] = @encrypt.update(head_buf[0...16]) + @encrypt.final
+          # write header mac
+          head_buf[16...32] = update_mac(@secrets.egress_mac, head_buf[0...16])
+          @io.write head_buf
+          # write encrypt frame
+          write_frame(pkg_type)
+          write_frame(msg.payload)
+          # pad to n*16 bytes
+          if (need_padding = frame_size % 16) > 0
+            write_frame("\x00".b * (16 - need_padding))
+          end
+          finish_write_frame
+        end
+
+        def read_msg
+          # verify header mac
+          head_buf = read(32)
+          verify_mac = update_mac(@secrets.ingress_mac, head_buf[0...16])
+          unless Ciri::Utils.secret_compare(verify_mac, head_buf[16...32])
+            raise InvalidError.new('bad header mac')
+          end
+
+          # decrypt header
+          head_buf[0...16] = @decrypt.update(head_buf[0...16]) + @decrypt.final
+
+          # read frame
+          frame_size = read_frame_size head_buf
+          # frame size should padded to n*16 bytes
+          need_padding = frame_size % 16
+          padded_frame_size = need_padding > 0 ? frame_size + (16 - need_padding) : frame_size
+          frame_buf = read(padded_frame_size)
+
+          # verify frame mac
+          @secrets.ingress_mac.update(frame_buf)
+          frame_digest = @secrets.ingress_mac.digest
+          verify_mac = update_mac(@secrets.ingress_mac, frame_digest)
+          # clear head_buf 16...32 bytes(header mac), since we will not need it
+          frame_mac = head_buf[16...32] = read(16)
+          unless Ciri::Utils.secret_compare(verify_mac, frame_mac)
+            raise InvalidError.new('bad frame mac')
+          end
+
+          # decrypt frame
+          frame_content = @decrypt.update(frame_buf) + @decrypt.final
+          frame_content = frame_content[0...frame_size]
+          msg_code = RLP.decode_with_type frame_content[0], Integer
+          msg = Message.new(code: msg_code, size: frame_content.size - 1, payload: frame_content[1..-1])
+
+          # snappy decompress if enable
+          if snappy
+            msg.payload = Snappy.inflate(msg.payload)
+            msg.size = msg.payload.size
+          end
+
+          msg
+        end
+
+        private
+        def read(length)
+          if (buf = @io.read(length)).nil?
+            @io.close
+            raise EOFError.new('read EOF, connection closed')
+          end
+          buf
+        end
+
+        def write_frame_size(buf, frame_size)
+          # frame-size: 3-byte integer size of frame, big endian encoded (excludes padding)
+          bytes_of_frame_size = [
+            frame_size >> 16,
+            frame_size >> 8,
+            frame_size % 256
+          ]
+          buf[0..2] = bytes_of_frame_size.pack('c*')
+        end
+
+        def read_frame_size(buf)
+          size_bytes = buf[0..2].each_byte.map(&:ord)
+          (size_bytes[0] << 16) + (size_bytes[1] << 8) + (size_bytes[2])
+        end
+
+        def update_mac(mac, seed)
+          # reset mac each time
+          @mac.reset
+          aes_buf = (@mac.update(mac.digest) + @mac.final)[0...@mac.block_size]
+          aes_buf = aes_buf.each_byte.with_index.map {|b, i| b ^ seed[i].ord}.pack('c*')
+          mac.update(aes_buf)
+          # return first 16 byte
+          mac.digest[0...16]
+        end
+
+        # write encrypt content to @io, and update @secrets.egress_mac
+        def write_frame(string_or_io)
+          if string_or_io.is_a?(IO)
+            while (s = string_or_io.read(4096))
+              write_frame_string(s)
+            end
+          else
+            write_frame_string(string_or_io)
+          end
+        end
+
+        def write_frame_string(s)
+          encrypt_content = @encrypt.update(s) + @encrypt.final
+          # update egress_mac
+          @secrets.egress_mac.update encrypt_content
+          @io.write encrypt_content
+        end
+
+        def finish_write_frame
+          # get frame digest
+          frame_digest = @secrets.egress_mac.digest
+          @io.write update_mac(@secrets.egress_mac, frame_digest)
+        end
+      end
+
+    end
+  end
+end