Browse Source

shot in the dark

cl-refactor
subtly 10 years ago
parent
commit
76e267b908
  1. 3
      libdevcrypto/EC.cpp
  2. 12
      libdevcrypto/EC.h
  3. 55
      libdevcrypto/ECDHE.cpp
  4. 97
      libdevcrypto/ECDHE.h

3
libdevcrypto/EC.cpp

@ -46,4 +46,5 @@ ECKeyPair ECKeyPair::create()
ECIES<ECP>::Encryptor e(d);
k.m_pub = e.GetKey();
return k;
}
}

12
libdevcrypto/EC.h

@ -31,12 +31,20 @@ namespace dev
namespace crypto
{
//class ECDHETKeyExchange;
// 256-bit sha3(k) || Public = 84
using PublicTrustNonce = h256;
typedef std::pair<PublicTrustNonce,Public> PublicTrust;
inline CryptoPP::AutoSeededRandomPool& PRNG() { static CryptoPP::AutoSeededRandomPool prng; return prng; }
inline CryptoPP::OID secp256k1() { return CryptoPP::ASN1::secp256k1(); }
class ECKeyPair
{
friend class ECDHETKeyExchange;
public:
static ECKeyPair create();
@ -49,7 +57,11 @@ private:
ECKeyPair() {}
CryptoPP::DL_PublicKey_EC<CryptoPP::ECP> m_pub;
CryptoPP::DL_PrivateKey_EC<CryptoPP::ECP> m_sec;
std::map<Address,PublicTrust> m_trustEgress;
std::set<PublicTrustNonce> m_trustIngress;
};
}
}

55
libdevcrypto/ECDHE.cpp

@ -0,0 +1,55 @@
/*
This file is part of cpp-ethereum.
cpp-ethereum is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
cpp-ethereum is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with cpp-ethereum. If not, see <http://www.gnu.org/licenses/>.
*/
/** @file ECDHE.cpp
* @author Alex Leverington <nessence@gmail.com>
* @date 2014
*/
#include "SHA3.h"
#include "ECDHE.h"
using namespace dev::crypto;
using namespace CryptoPP;
void ECDHE::agree(Public _remote)
{
m_remote = _remote;
// cryptopp::agree
}
dev::Secret ECDHE::secret()
{
// return cryptopp::secret
}
ECDHETKeyExchange::ECDHETKeyExchange(ECDHE const& _ecdhe, ECKeyPair* _keyTrust):
blind(true),
m_ecdhe(_ecdhe),
m_keypair(_keyTrust),
m_trust(m_ecdhe.m_remote,dev::sha3(bytesConstRef(m_ecdhe.m_remote.ref())))
{
}
ECDHETKeyExchange::ECDHETKeyExchange(ECDHE const& _ecdhe, ECKeyPair* _keyTrust, Address _remote):
blind(false),
m_ecdhe(_ecdhe),
m_keypair(_keyTrust),
m_trust(_keyTrust->m_trustEgress.find(_remote)->second)
{
}

97
libdevcrypto/ECDHE.h

@ -0,0 +1,97 @@
/*
This file is part of cpp-ethereum.
cpp-ethereum is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
cpp-ethereum is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with cpp-ethereum. If not, see <http://www.gnu.org/licenses/>.
*/
/** @file ECDHE.h
* @author Alex Leverington <nessence@gmail.com>
* @date 2014
*
* Elliptic curve Diffie-Hellman ephemeral key exchange
*/
#pragma once
#include "EC.h"
namespace dev
{
namespace crypto
{
/**
* @brief Derive DH shared secret from EC keypairs.
* @todo shield secret()
*/
class ECDHE
{
friend class ECDHETKeyExchange;
public:
ECDHE();
/// Agree on ECDH parmaters and derive shared secret.
void agree(Public _remote);
protected:
Secret secret();
private:
KeyPair m_ephemeral; ///< Ephemeral keypair
Public m_remote; ///< Public key of remote
};
/**
* @brief Secure exchange of static keys.
* Key exchange is encrypted with public key of remote and then encrypted by block cipher. For a blind remote the ecdhe public key is used to encrypt exchange, and for a trusted remote the trusted public key is used. The block cipher key is derived from ecdhe shared secret.
*/
class ECDHETKeyExchange
{
public:
/// Blind key exchange. KeyPair trusts will be updated if successful.
ECDHETKeyExchange(ECDHE const& _ecdhe, ECKeyPair* _keyTrust);
/// Trusted key exchange. Upon success, KeyPair trusts will be updated.
ECDHETKeyExchange(ECDHE const& _ecdhe, ECKeyPair* _keyTrust, Address _remote);
/// Authentication for trusted remote, blind trust, or disconnect.
/// @returns key exchange. encrypted w/aes-ctr. key=ecdhe.m_shared[0-127]
/// If blind, plaintext is:
/// sha3(newPublicKey) ||
/// e(ecdhe.m_remote,sha3(dhe-k)||sign(m_auth.sec,sha3(m))||m)||mac
/// If trusted, plaintext is:
/// sha3(previous ecdsa k) || // trust.second
/// e(m_trusted,sha3(dhe-k)||sign(m_auth.sec,sha3(m))||m)||mac
/// bytes is encrypted via aes-ctr with ecdhe-derived secret.
bytes exchange();
/// Decrypts payload, checks mac, checks trust, decrypts exchange, authenticates exchange, verifies version, verifies signature, and if no failures occur, updates or creats trust and derives trusted-shared-secret.
bytes authenticate(bytes _exchangeIn);
/// Encrypts message; @returns e(k,m).
void encrypt();
/// Signs message then encrypts; @returns e(k,sign(k,sha3(m))||m).
bytes signEncrypt(bytes _m);
private:
bool blind;
ECDHE const& m_ecdhe;
ECKeyPair* m_keypair;
PublicTrust m_trust;
};
}
}
Loading…
Cancel
Save