- Added readme
- Updated setup.py
- Removed pytest from requirements, added version of cryptography
package
- Small improvements in code:
noise/noise_protocol.py:
* removed unused one_way variable
noise/patterns.py
* fixed has_pre_messages - no longer a variable, but method - and now
works properly
noise/state.py
* SymmetricState now holds reference to CipherState.
tests/vectors/*:
- removed noise-c-basic.txt test vectors
tests/test_vectors.py:
- removed workarounds related to noise-c test vectors
noise/builder.py:
- added some more type hinting
noise/state.py:
- CipherState is now consistent in raising NoiseMaxNonceError
and using MAX_NONCE constant for encrypt and decrypt methods
noise/functions.py:
- Keypair constructors now guarded from invalid length of given
public/private bytes
- _25519_generate_keypair now returns proper class instance
requirements.txt:
- specified versions of packages that are compatible with currently used source code
Cryptography ships with OpenSSL 1.0.2g when it's installed against
python3.7. Old OpenSSL is largely incompatible with this package.
Testing (and any required development for ensuring compatibility) will
be turned on again when Cryptography wheel for python3.7 will ship with
new OpenSSL
noise/builder.py:
- Added guard for data length in decrypt
- Handling InvalidTag exception when AEAD fails
- New NoiseInvalidMessage exception class
noise/exceptions.py
- Three new exception classes
noise/noise_protocol.py
- Implemented rest of validation, now checks for required keypairs, setting initiator/responder role, warns if ephemeral keypairs are set.
noise/patterns.py:
- added name field to every Pattern with pattern name
- added get_required_keypairs method that returns list of keypairs required for given handshake pattern
noise/state.py
- new NoiseMaxNonceError exception
Overall: some TODOs resolved
This commit introduces an example of interoperability of this library
with Wireguard. The script is responsible for performing a Noise
handshake between localhost and Wireguard test server. Then, ICMP echo
request is sent and ICMP echo reply is retrieved. Lastly, Wireguard
keepalive packet is sent.
Example utilises Noise messages wrapped in Wireguard's packet
format.
noise/builder.py
- Added methods for rekeying cipherstates
- Added method for getting handshake hash (for channel binding)
noise/functions.py
- Added default rekey behavior and set it for AESGCM and ChaCha20
noise/constants.py
- Added MAX_NONCE
noise/state.py
- Added rekey method to CipherState
- Removed writing to noise_protocol instance in SymmetricState.
NoiseProtocol fills the appropriate field by taking the data from
HandshakeState now.
noise/__init__.py
- __all__ containing builder module
noise/builder.py
- NoiseBuilder class providing interface for use with other apps. Allows
for setting up all required data for Noise protocol, using appropriate
methods. Enforces proper path of handshake execution
noise/constants.py
- Added maximum Noise message length constant
noise/exceptions.py
- A few exceptions created for proper signaling of errors
noise/noise_protocol.py
- handshake_done does proper cleanup now
- new validation method that should be ran before starting handshake
(checks presence of prerequisites for current settings)
- new HandshakeState initialization method
noise/state.py
- Modified read_message and write_message methods of HandshakeState to
operate on bytes/bytearray as message/payload and bytearray as
message_buffer/payload_buffer. It is application's responsibility to
provide data in this form, underlying Noise code doesn't do buffer
reading/writing anymore.
tests/test_vectors.py
- Changed tests to comply with new code
noise/noise_protocol.py
* PSKs should be now delivered to NoiseProtocol while initialising
* New field `is_psk_handshake` in NoiseProtocol
noise/patterns.py
* Fixed erronenous super call in OneWayPattern
* Changed class variables to instance variables in Patterns, fixes
things.
noise/state.py
* Added missing mix_key_and_hash to SymmetricState
* Added required calls when in PSK handshake (TOKEN_E and TOKEN_PSK),
both in write_message and read_message of HandshakeState
tests/test_vectors.py
* Enabled PSK tests, some minor fixes to make them work
noise/functions.py
* Turning off Cryptography's primitives for hmac and hash functions,
using ones from python's hashlib instead.
tests/test_vectors.py
* Enabled blake2b/s tests
noise/functions.py
* Enabling ChaCha20 usage (from Cryptography)
* Switching to per-cipher nonce formatting function
* Changes to KeyPair interface - now wrappers exist for every ECDH
* Fixing hmac_hash bug in implementation
noise/noise_protocol.py
* Added placeholders for multiple datafields in __init__, as well as for
transport mode cipher states
* Added handshake_done method for cleanup (post-handshake,
pre-transport), not finished though
noise/patterns.py
* Now Pattern holds boolean telling if it's oneway. OneWayPattern class
created for derivation by PatternN, PatternK, PatternX
* Fixed wrong mapping of PatternK and PatternX in patterns_map
noise/state.py
* CipherState now takes noise_protocol in __init__, so that
initialize_key() only reinitalizes CipherState instead of creating it.
* Changed CipherState creation in SymmetricState to reflect change above
* Fixing wrong sequence of concatenation hash and data in mix_hash()
* SymmetricState's split() fixed and calling noise_protocol's
handshake_done()
* Pattern tokens are now copied to HandshakeState instead of modifying
original Pattern
* Changes in HandshakeState's writemessage and readmessage to reflect
changes in KeyPair interface
* Added workaround for tests (usage of pre-generated ephemeral keypair),
to be removed in future
tests/test_vectors.py
* Individual test now is properly described in pytest with protocol name
* Finished main test case, fully utilises test vectors (and all their
messages)
tests/vectors/noise-c-basic.txttests/vectors/noise-c-basic.txt
* Forked rev30 test vector from noise-c
noise/state.py
* Implemented HandshakeState's write_message and read_message
* Added variable placeholders in HandshakeState.__init__
noise/functions.py
* Refactored KeyPair into abstract class
* KeyPair25519 implements KeyPair with appropriate ed25519 methods
noise/noise_protocol.py
* Now holds proper KeyPair wrapper (chosen based on DH)
tests/test_vectors.py
* Skipping psk tests for now
requirements.py
* Removing pycryptodome and ed25519 - the latter lacked ability to
perform DH
* Replacing aforementioned with cryptography package
noise/functions.py
* Switched hash-functions to ones from cryptography
* Added ed25519 method for DH wrapper and added compatible constructors
for KeyPair
tests/test_vectors.py
* Omit test vectors with ed448
* Parse hexstrings from JSONs properly into bytearrays.
noise/functions.py
* Wrapped cryptoalgorithms in maps with appropriate wrapper classes
* Probably finished Hash wrapper (to verify when we test first outputs
in tests)
noise/noise_protocol.py
* Slightly renamed attributes containing wrapped cryptoalgorithms
* Added placeholders for protocol State objects
* Now checks if given protocol_name is of bytes()
noise/state.py
* HandshakeState: remove handshake_pattern argument and take it from
given NoiseProtocol instance instead.
* HandshakeState: save NoiseProtocol instance in the HandshakeState
instance and vice versa
* SymmetricState: implemented initialize_symmetric() and mix_hash()
* SymmetricState: save NoiseProtocol instance in the SymmetricState
instance and vice versa
* CipherState: implemented initialize_key() as class constructor
* CipherState: save NoiseProtocol instance in the CipherState
instance and vice versa
tests/test_vectors.py
* Changes to reflect new signature of HandshakeState
* Fix - strings read from .json are now casted to bytes()
noise/functions.py
* Moved dh, cipher and hash maps from noise_protocol.py
* Provisioned DH, Cipher, Hash classes
* Provisioned key public key derivation in KeyPair class
noise/state.py
* Fixed buggy logic for getting appropriate keys when parsing
pre-messages
tests/test_vectors.py
* Updated tests to reflect what we have already and prepare for next
failing additions (TDD-ish)
noise/noise_protocol.py
* Added validation of given function names vs available crypto methods
* Members of NoiseProtocol should now refer to proper classes/methods
after initialization of an instance
noise/patterns.py
* Added method for application of pattern modifiers
noise/crypto.py
* Provisioned ed448 function
noise/state.py
* Changed references to NoiseProtocol instances to make it more
consistent throughout the code
noise/noise_protocol.py - added maps of cryptofunctions that will be
used, finished protocol name splitting
noise/patterns.py - added map of patterns
requirements.txt - switching to pycryptodome as a source of cipher and
hashing functions, and ed25519 package for that curve
tests/vectors/Noise* - removed, as they are incompatible with current
revision
tests/vectors/cacophony.txt - added from Cacophony repository
tests/test_vectors.py - updated with currently implemented functionality
constants.py
* Adding max Noise protocol name constant
noise_protocol.py
* Provisioning NoiseProtocol and KeyPair classes
patterns.py
* Switching to proper intra-package relative imports
* Adding getter functions for pre-messages
state.py
* Switching to proper intra-package relative imports
* Removed __init__ of HandshakeState, leaving only initialize() as
constructor function.
* Implemented initialize() along with helper functions for retrieving
keypairs
* Modified SymmetricState, removing __init__ and leaving
initialize_symmetric as a constructor function (only provisioned)
