It looks like the calls to KeyPair25519 and KeyPair448 weren't being
exercised by the tests, so the 'cryptography' deprecation warnings that they
provoked weren't visible in the test run.
KeyPair448 requires the extra encoding/format parameters, so any uses of
Noise that has "448" in the name would probably have failed. KeyPair25519 was
lenient (since the original release didn't require those parameters), but has
started emitting warnings when they're omitted, and will probably start
throwing errors in the next release. So this patch is needed to fix 448 now,
and 25519 later.
refs #32
* Created NoiseBackend class serving as a base for backends
* Refactored NoiseProtocol name parsing
* Refactored existing spec-defined functions into abstract classes.
Implementing classes are connecting crypto primitives to expected
interfaces.
* Refactored existing usage of Cryptography as source of crypto into
"default" backend (along with in-house implementation of X448).
* Provisioned "experimental" backend, it will contain e.g. non-default
crypto algorithms
* Backend can be chosen while creating NoiseConnection, though by
default, the Cryptography backend ("default") is used
Closes#7
* Allowed '/' in protocol name
* Added SymmetricState.GetHandshakeHash()
* Added CipherState.SetNonce()
* Unittests to ensure that each of above is working
Closes#3
tests/vectors/*:
- removed noise-c-basic.txt test vectors
tests/test_vectors.py:
- removed workarounds related to noise-c test vectors
noise/builder.py:
- added some more type hinting
noise/state.py:
- CipherState is now consistent in raising NoiseMaxNonceError
and using MAX_NONCE constant for encrypt and decrypt methods
noise/functions.py:
- Keypair constructors now guarded from invalid length of given
public/private bytes
- _25519_generate_keypair now returns proper class instance
requirements.txt:
- specified versions of packages that are compatible with currently used source code
noise/builder.py:
- Added guard for data length in decrypt
- Handling InvalidTag exception when AEAD fails
- New NoiseInvalidMessage exception class
noise/exceptions.py
- Three new exception classes
noise/noise_protocol.py
- Implemented rest of validation, now checks for required keypairs, setting initiator/responder role, warns if ephemeral keypairs are set.
noise/patterns.py:
- added name field to every Pattern with pattern name
- added get_required_keypairs method that returns list of keypairs required for given handshake pattern
noise/state.py
- new NoiseMaxNonceError exception
Overall: some TODOs resolved
noise/__init__.py
- __all__ containing builder module
noise/builder.py
- NoiseBuilder class providing interface for use with other apps. Allows
for setting up all required data for Noise protocol, using appropriate
methods. Enforces proper path of handshake execution
noise/constants.py
- Added maximum Noise message length constant
noise/exceptions.py
- A few exceptions created for proper signaling of errors
noise/noise_protocol.py
- handshake_done does proper cleanup now
- new validation method that should be ran before starting handshake
(checks presence of prerequisites for current settings)
- new HandshakeState initialization method
noise/state.py
- Modified read_message and write_message methods of HandshakeState to
operate on bytes/bytearray as message/payload and bytearray as
message_buffer/payload_buffer. It is application's responsibility to
provide data in this form, underlying Noise code doesn't do buffer
reading/writing anymore.
tests/test_vectors.py
- Changed tests to comply with new code
noise/noise_protocol.py
* PSKs should be now delivered to NoiseProtocol while initialising
* New field `is_psk_handshake` in NoiseProtocol
noise/patterns.py
* Fixed erronenous super call in OneWayPattern
* Changed class variables to instance variables in Patterns, fixes
things.
noise/state.py
* Added missing mix_key_and_hash to SymmetricState
* Added required calls when in PSK handshake (TOKEN_E and TOKEN_PSK),
both in write_message and read_message of HandshakeState
tests/test_vectors.py
* Enabled PSK tests, some minor fixes to make them work
noise/functions.py
* Turning off Cryptography's primitives for hmac and hash functions,
using ones from python's hashlib instead.
tests/test_vectors.py
* Enabled blake2b/s tests
noise/functions.py
* Enabling ChaCha20 usage (from Cryptography)
* Switching to per-cipher nonce formatting function
* Changes to KeyPair interface - now wrappers exist for every ECDH
* Fixing hmac_hash bug in implementation
noise/noise_protocol.py
* Added placeholders for multiple datafields in __init__, as well as for
transport mode cipher states
* Added handshake_done method for cleanup (post-handshake,
pre-transport), not finished though
noise/patterns.py
* Now Pattern holds boolean telling if it's oneway. OneWayPattern class
created for derivation by PatternN, PatternK, PatternX
* Fixed wrong mapping of PatternK and PatternX in patterns_map
noise/state.py
* CipherState now takes noise_protocol in __init__, so that
initialize_key() only reinitalizes CipherState instead of creating it.
* Changed CipherState creation in SymmetricState to reflect change above
* Fixing wrong sequence of concatenation hash and data in mix_hash()
* SymmetricState's split() fixed and calling noise_protocol's
handshake_done()
* Pattern tokens are now copied to HandshakeState instead of modifying
original Pattern
* Changes in HandshakeState's writemessage and readmessage to reflect
changes in KeyPair interface
* Added workaround for tests (usage of pre-generated ephemeral keypair),
to be removed in future
tests/test_vectors.py
* Individual test now is properly described in pytest with protocol name
* Finished main test case, fully utilises test vectors (and all their
messages)
tests/vectors/noise-c-basic.txttests/vectors/noise-c-basic.txt
* Forked rev30 test vector from noise-c
noise/state.py
* Implemented HandshakeState's write_message and read_message
* Added variable placeholders in HandshakeState.__init__
noise/functions.py
* Refactored KeyPair into abstract class
* KeyPair25519 implements KeyPair with appropriate ed25519 methods
noise/noise_protocol.py
* Now holds proper KeyPair wrapper (chosen based on DH)
tests/test_vectors.py
* Skipping psk tests for now
requirements.py
* Removing pycryptodome and ed25519 - the latter lacked ability to
perform DH
* Replacing aforementioned with cryptography package
noise/functions.py
* Switched hash-functions to ones from cryptography
* Added ed25519 method for DH wrapper and added compatible constructors
for KeyPair
tests/test_vectors.py
* Omit test vectors with ed448
* Parse hexstrings from JSONs properly into bytearrays.
noise/functions.py
* Wrapped cryptoalgorithms in maps with appropriate wrapper classes
* Probably finished Hash wrapper (to verify when we test first outputs
in tests)
noise/noise_protocol.py
* Slightly renamed attributes containing wrapped cryptoalgorithms
* Added placeholders for protocol State objects
* Now checks if given protocol_name is of bytes()
noise/state.py
* HandshakeState: remove handshake_pattern argument and take it from
given NoiseProtocol instance instead.
* HandshakeState: save NoiseProtocol instance in the HandshakeState
instance and vice versa
* SymmetricState: implemented initialize_symmetric() and mix_hash()
* SymmetricState: save NoiseProtocol instance in the SymmetricState
instance and vice versa
* CipherState: implemented initialize_key() as class constructor
* CipherState: save NoiseProtocol instance in the CipherState
instance and vice versa
tests/test_vectors.py
* Changes to reflect new signature of HandshakeState
* Fix - strings read from .json are now casted to bytes()
noise/functions.py
* Moved dh, cipher and hash maps from noise_protocol.py
* Provisioned DH, Cipher, Hash classes
* Provisioned key public key derivation in KeyPair class
noise/state.py
* Fixed buggy logic for getting appropriate keys when parsing
pre-messages
tests/test_vectors.py
* Updated tests to reflect what we have already and prepare for next
failing additions (TDD-ish)
noise/noise_protocol.py
* Added validation of given function names vs available crypto methods
* Members of NoiseProtocol should now refer to proper classes/methods
after initialization of an instance
noise/patterns.py
* Added method for application of pattern modifiers
noise/crypto.py
* Provisioned ed448 function
noise/state.py
* Changed references to NoiseProtocol instances to make it more
consistent throughout the code
tests/vectors/Noise* - removed, as they are incompatible with current
revision
tests/vectors/cacophony.txt - added from Cacophony repository
tests/test_vectors.py - updated with currently implemented functionality
