* Allowed '/' in protocol name
* Added SymmetricState.GetHandshakeHash()
* Added CipherState.SetNonce()
* Unittests to ensure that each of above is working
Closes#3
* 2.1 version of pyca/cryptography got released. Version bumped
* Python 3.5 support reintroduced, as we are now using BLAKE from
Cryptography, not hashlib
* Removed hashlib references, uncommented Cryptography references.
* Enum fix for python 3.5 compat
Closes#9
First shot at documentation. Just to check if they work with
ReadTheDocs.
Also, added dev_requirements.txt with packages required for development
of package.
Refs #8
- Added readme
- Updated setup.py
- Removed pytest from requirements, added version of cryptography
package
- Small improvements in code:
noise/noise_protocol.py:
* removed unused one_way variable
noise/patterns.py
* fixed has_pre_messages - no longer a variable, but method - and now
works properly
noise/state.py
* SymmetricState now holds reference to CipherState.
tests/vectors/*:
- removed noise-c-basic.txt test vectors
tests/test_vectors.py:
- removed workarounds related to noise-c test vectors
noise/builder.py:
- added some more type hinting
noise/state.py:
- CipherState is now consistent in raising NoiseMaxNonceError
and using MAX_NONCE constant for encrypt and decrypt methods
noise/functions.py:
- Keypair constructors now guarded from invalid length of given
public/private bytes
- _25519_generate_keypair now returns proper class instance
requirements.txt:
- specified versions of packages that are compatible with currently used source code
Cryptography ships with OpenSSL 1.0.2g when it's installed against
python3.7. Old OpenSSL is largely incompatible with this package.
Testing (and any required development for ensuring compatibility) will
be turned on again when Cryptography wheel for python3.7 will ship with
new OpenSSL
noise/builder.py:
- Added guard for data length in decrypt
- Handling InvalidTag exception when AEAD fails
- New NoiseInvalidMessage exception class
noise/exceptions.py
- Three new exception classes
noise/noise_protocol.py
- Implemented rest of validation, now checks for required keypairs, setting initiator/responder role, warns if ephemeral keypairs are set.
noise/patterns.py:
- added name field to every Pattern with pattern name
- added get_required_keypairs method that returns list of keypairs required for given handshake pattern
noise/state.py
- new NoiseMaxNonceError exception
Overall: some TODOs resolved
This commit introduces an example of interoperability of this library
with Wireguard. The script is responsible for performing a Noise
handshake between localhost and Wireguard test server. Then, ICMP echo
request is sent and ICMP echo reply is retrieved. Lastly, Wireguard
keepalive packet is sent.
Example utilises Noise messages wrapped in Wireguard's packet
format.
noise/builder.py
- Added methods for rekeying cipherstates
- Added method for getting handshake hash (for channel binding)
noise/functions.py
- Added default rekey behavior and set it for AESGCM and ChaCha20
noise/constants.py
- Added MAX_NONCE
noise/state.py
- Added rekey method to CipherState
- Removed writing to noise_protocol instance in SymmetricState.
NoiseProtocol fills the appropriate field by taking the data from
HandshakeState now.
noise/__init__.py
- __all__ containing builder module
noise/builder.py
- NoiseBuilder class providing interface for use with other apps. Allows
for setting up all required data for Noise protocol, using appropriate
methods. Enforces proper path of handshake execution
noise/constants.py
- Added maximum Noise message length constant
noise/exceptions.py
- A few exceptions created for proper signaling of errors
noise/noise_protocol.py
- handshake_done does proper cleanup now
- new validation method that should be ran before starting handshake
(checks presence of prerequisites for current settings)
- new HandshakeState initialization method
noise/state.py
- Modified read_message and write_message methods of HandshakeState to
operate on bytes/bytearray as message/payload and bytearray as
message_buffer/payload_buffer. It is application's responsibility to
provide data in this form, underlying Noise code doesn't do buffer
reading/writing anymore.
tests/test_vectors.py
- Changed tests to comply with new code
noise/noise_protocol.py
* PSKs should be now delivered to NoiseProtocol while initialising
* New field `is_psk_handshake` in NoiseProtocol
noise/patterns.py
* Fixed erronenous super call in OneWayPattern
* Changed class variables to instance variables in Patterns, fixes
things.
noise/state.py
* Added missing mix_key_and_hash to SymmetricState
* Added required calls when in PSK handshake (TOKEN_E and TOKEN_PSK),
both in write_message and read_message of HandshakeState
tests/test_vectors.py
* Enabled PSK tests, some minor fixes to make them work
noise/functions.py
* Turning off Cryptography's primitives for hmac and hash functions,
using ones from python's hashlib instead.
tests/test_vectors.py
* Enabled blake2b/s tests
noise/functions.py
* Enabling ChaCha20 usage (from Cryptography)
* Switching to per-cipher nonce formatting function
* Changes to KeyPair interface - now wrappers exist for every ECDH
* Fixing hmac_hash bug in implementation
noise/noise_protocol.py
* Added placeholders for multiple datafields in __init__, as well as for
transport mode cipher states
* Added handshake_done method for cleanup (post-handshake,
pre-transport), not finished though
noise/patterns.py
* Now Pattern holds boolean telling if it's oneway. OneWayPattern class
created for derivation by PatternN, PatternK, PatternX
* Fixed wrong mapping of PatternK and PatternX in patterns_map
noise/state.py
* CipherState now takes noise_protocol in __init__, so that
initialize_key() only reinitalizes CipherState instead of creating it.
* Changed CipherState creation in SymmetricState to reflect change above
* Fixing wrong sequence of concatenation hash and data in mix_hash()
* SymmetricState's split() fixed and calling noise_protocol's
handshake_done()
* Pattern tokens are now copied to HandshakeState instead of modifying
original Pattern
* Changes in HandshakeState's writemessage and readmessage to reflect
changes in KeyPair interface
* Added workaround for tests (usage of pre-generated ephemeral keypair),
to be removed in future
tests/test_vectors.py
* Individual test now is properly described in pytest with protocol name
* Finished main test case, fully utilises test vectors (and all their
messages)
tests/vectors/noise-c-basic.txttests/vectors/noise-c-basic.txt
* Forked rev30 test vector from noise-c
noise/state.py
* Implemented HandshakeState's write_message and read_message
* Added variable placeholders in HandshakeState.__init__
noise/functions.py
* Refactored KeyPair into abstract class
* KeyPair25519 implements KeyPair with appropriate ed25519 methods
noise/noise_protocol.py
* Now holds proper KeyPair wrapper (chosen based on DH)
tests/test_vectors.py
* Skipping psk tests for now
requirements.py
* Removing pycryptodome and ed25519 - the latter lacked ability to
perform DH
* Replacing aforementioned with cryptography package
noise/functions.py
* Switched hash-functions to ones from cryptography
* Added ed25519 method for DH wrapper and added compatible constructors
for KeyPair
tests/test_vectors.py
* Omit test vectors with ed448
* Parse hexstrings from JSONs properly into bytearrays.
noise/functions.py
* Wrapped cryptoalgorithms in maps with appropriate wrapper classes
* Probably finished Hash wrapper (to verify when we test first outputs
in tests)
noise/noise_protocol.py
* Slightly renamed attributes containing wrapped cryptoalgorithms
* Added placeholders for protocol State objects
* Now checks if given protocol_name is of bytes()
noise/state.py
* HandshakeState: remove handshake_pattern argument and take it from
given NoiseProtocol instance instead.
* HandshakeState: save NoiseProtocol instance in the HandshakeState
instance and vice versa
* SymmetricState: implemented initialize_symmetric() and mix_hash()
* SymmetricState: save NoiseProtocol instance in the SymmetricState
instance and vice versa
* CipherState: implemented initialize_key() as class constructor
* CipherState: save NoiseProtocol instance in the CipherState
instance and vice versa
tests/test_vectors.py
* Changes to reflect new signature of HandshakeState
* Fix - strings read from .json are now casted to bytes()
noise/functions.py
* Moved dh, cipher and hash maps from noise_protocol.py
* Provisioned DH, Cipher, Hash classes
* Provisioned key public key derivation in KeyPair class
noise/state.py
* Fixed buggy logic for getting appropriate keys when parsing
pre-messages
tests/test_vectors.py
* Updated tests to reflect what we have already and prepare for next
failing additions (TDD-ish)
