async def test_handshake():
# TODO: this test should be re-written to not depend on functionality in the `ETHPeer` class.
cancel_token = CancelToken("test_handshake")
use_eip8 = False
initiator_remote = kademlia.Node(
keys.PrivateKey(test_values['receiver_private_key']).public_key,
kademlia.Address('0.0.0.0', 0, 0))
initiator = HandshakeInitiator(
initiator_remote,
keys.PrivateKey(test_values['initiator_private_key']), use_eip8,
cancel_token)
initiator.ephemeral_privkey = keys.PrivateKey(
test_values['initiator_ephemeral_private_key'])
responder_remote = kademlia.Node(
keys.PrivateKey(test_values['initiator_private_key']).public_key,
kademlia.Address('0.0.0.0', 0, 0))
responder = HandshakeResponder(
responder_remote, keys.PrivateKey(test_values['receiver_private_key']),
use_eip8, cancel_token)
responder.ephemeral_privkey = keys.PrivateKey(
test_values['receiver_ephemeral_private_key'])
# Check that the auth message generated by the initiator is what we expect. Notice that we
# can't use the auth_init generated here because the non-deterministic prefix would cause the
# derived secrets to not match the expected values.
_auth_init = initiator.create_auth_message(test_values['initiator_nonce'])
assert len(_auth_init) == len(test_values['auth_plaintext'])
assert _auth_init[65:] == test_values['auth_plaintext'][
65:] # starts with non deterministic k
# Check that encrypting and decrypting the auth_init gets us the orig msg.
_auth_init_ciphertext = initiator.encrypt_auth_message(_auth_init)
assert _auth_init == ecies.decrypt(_auth_init_ciphertext,
responder.privkey)
# Check that the responder correctly decodes the auth msg.
auth_msg_ciphertext = test_values['auth_ciphertext']
initiator_ephemeral_pubkey, initiator_nonce, _ = decode_authentication(
auth_msg_ciphertext, responder.privkey)
assert initiator_nonce == test_values['initiator_nonce']
assert initiator_ephemeral_pubkey == (keys.PrivateKey(
test_values['initiator_ephemeral_private_key']).public_key)
# Check that the auth_ack msg generated by the responder is what we expect.
auth_ack_msg = responder.create_auth_ack_message(
test_values['receiver_nonce'])
assert auth_ack_msg == test_values['authresp_plaintext']
# Check that the secrets derived from ephemeral key agreements match the expected values.
auth_ack_ciphertext = test_values['authresp_ciphertext']
aes_secret, mac_secret, egress_mac, ingress_mac = responder.derive_secrets(
initiator_nonce, test_values['receiver_nonce'],
initiator_ephemeral_pubkey, auth_msg_ciphertext, auth_ack_ciphertext)
assert aes_secret == test_values['aes_secret']
assert mac_secret == test_values['mac_secret']
# Test values are from initiator perspective, so they're reversed here.
assert ingress_mac.digest() == test_values['initial_egress_MAC']
assert egress_mac.digest() == test_values['initial_ingress_MAC']
# Check that the initiator secrets match as well.
responder_ephemeral_pubkey, responder_nonce = initiator.decode_auth_ack_message(
test_values['authresp_ciphertext'])
(initiator_aes_secret, initiator_mac_secret, initiator_egress_mac,
initiator_ingress_mac) = initiator.derive_secrets(
initiator_nonce, responder_nonce, responder_ephemeral_pubkey,
auth_msg_ciphertext, auth_ack_ciphertext)
assert initiator_aes_secret == aes_secret
assert initiator_mac_secret == mac_secret
assert initiator_ingress_mac.digest() == test_values['initial_ingress_MAC']
assert initiator_egress_mac.digest() == test_values['initial_egress_MAC']
# Finally, check that two Peers configured with the secrets generated above understand each
# other.
responder_reader = asyncio.StreamReader()
initiator_reader = asyncio.StreamReader()
# Link the initiator's writer to the responder's reader, and the responder's writer to the
# initiator's reader.
responder_writer = MockStreamWriter(initiator_reader.feed_data)
initiator_writer = MockStreamWriter(responder_reader.feed_data)
initiator_peer = DumbPeer(remote=initiator.remote,
privkey=initiator.privkey,
reader=initiator_reader,
writer=initiator_writer,
aes_secret=initiator_aes_secret,
mac_secret=initiator_mac_secret,
egress_mac=initiator_egress_mac,
ingress_mac=initiator_ingress_mac,
headerdb=None,
network_id=1)
initiator_peer.base_protocol.send_handshake()
responder_peer = DumbPeer(remote=responder.remote,
privkey=responder.privkey,
reader=responder_reader,
writer=responder_writer,
aes_secret=aes_secret,
mac_secret=mac_secret,
egress_mac=egress_mac,
ingress_mac=ingress_mac,
headerdb=None,
network_id=1)
responder_peer.base_protocol.send_handshake()
# The handshake msgs sent by each peer (above) are going to be fed directly into their remote's
# reader, and thus the read_msg() calls will return immediately.
responder_hello, _ = await responder_peer.read_msg()
initiator_hello, _ = await initiator_peer.read_msg()
assert isinstance(responder_hello, Hello)
assert isinstance(initiator_hello, Hello)
async def receive_connection(cls, reader: asyncio.StreamReader,
writer: asyncio.StreamWriter,
private_key: datatypes.PrivateKey,
token: CancelToken) -> TransportAPI:
try:
msg = await token.cancellable_wait(
reader.readexactly(ENCRYPTED_AUTH_MSG_LEN),
timeout=REPLY_TIMEOUT,
)
except asyncio.IncompleteReadError as err:
raise HandshakeFailure from err
try:
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg,
private_key,
)
except DecryptionError as non_eip8_err:
# Try to decode as EIP8
msg_size = big_endian_to_int(msg[:2])
remaining_bytes = msg_size - ENCRYPTED_AUTH_MSG_LEN + 2
try:
msg += await token.cancellable_wait(
reader.readexactly(remaining_bytes),
timeout=REPLY_TIMEOUT,
)
except asyncio.IncompleteReadError as err:
raise HandshakeFailure from err
try:
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg,
private_key,
)
except DecryptionError as eip8_err:
raise HandshakeFailure(
f"Failed to decrypt both EIP8 handshake: {eip8_err} and "
f"non-EIP8 handshake: {non_eip8_err}")
else:
got_eip8 = True
else:
got_eip8 = False
peername = writer.get_extra_info("peername")
if peername is None:
socket = writer.get_extra_info("socket")
sockname = writer.get_extra_info("sockname")
raise HandshakeFailure(
"Received incoming connection with no remote information:"
f"socket={repr(socket)} sockname={sockname}")
ip, socket, *_ = peername
remote_address = Address(ip, socket)
cls.logger.debug("Receiving handshake from %s", remote_address)
initiator_remote = Node(initiator_pubkey, remote_address)
responder = HandshakeResponder(initiator_remote, private_key, got_eip8,
token)
responder_nonce = secrets.token_bytes(HASH_LEN)
auth_ack_msg = responder.create_auth_ack_message(responder_nonce)
auth_ack_ciphertext = responder.encrypt_auth_ack_message(auth_ack_msg)
# Use the `writer` to send the reply to the remote
writer.write(auth_ack_ciphertext)
await token.cancellable_wait(writer.drain())
# Call `HandshakeResponder.derive_shared_secrets()` and use return values to create `Peer`
aes_secret, mac_secret, egress_mac, ingress_mac = responder.derive_secrets(
initiator_nonce=initiator_nonce,
responder_nonce=responder_nonce,
remote_ephemeral_pubkey=ephem_pubkey,
auth_init_ciphertext=msg,
auth_ack_ciphertext=auth_ack_ciphertext)
transport = cls(
remote=initiator_remote,
private_key=private_key,
reader=reader,
writer=writer,
aes_secret=aes_secret,
mac_secret=mac_secret,
egress_mac=egress_mac,
ingress_mac=ingress_mac,
)
return transport
async def _receive_handshake(self, reader: asyncio.StreamReader,
writer: asyncio.StreamWriter) -> None:
msg = await self.wait(reader.read(ENCRYPTED_AUTH_MSG_LEN),
timeout=REPLY_TIMEOUT)
ip, socket, *_ = writer.get_extra_info("peername")
remote_address = Address(ip, socket)
self.logger.debug("Receiving handshake from %s", remote_address)
got_eip8 = False
try:
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg, self.privkey)
except DecryptionError:
# Try to decode as EIP8
got_eip8 = True
msg_size = big_endian_to_int(msg[:2])
remaining_bytes = msg_size - ENCRYPTED_AUTH_MSG_LEN + 2
msg += await self.wait(reader.read(remaining_bytes),
timeout=REPLY_TIMEOUT)
try:
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg, self.privkey)
except DecryptionError as e:
self.logger.debug("Failed to decrypt handshake: %s", e)
return
initiator_remote = Node(initiator_pubkey, remote_address)
responder = HandshakeResponder(initiator_remote, self.privkey,
got_eip8, self.cancel_token)
responder_nonce = secrets.token_bytes(HASH_LEN)
auth_ack_msg = responder.create_auth_ack_message(responder_nonce)
auth_ack_ciphertext = responder.encrypt_auth_ack_message(auth_ack_msg)
# Use the `writer` to send the reply to the remote
writer.write(auth_ack_ciphertext)
await self.wait(writer.drain())
# Call `HandshakeResponder.derive_shared_secrets()` and use return values to create `Peer`
aes_secret, mac_secret, egress_mac, ingress_mac = responder.derive_secrets(
initiator_nonce=initiator_nonce,
responder_nonce=responder_nonce,
remote_ephemeral_pubkey=ephem_pubkey,
auth_init_ciphertext=msg,
auth_ack_ciphertext=auth_ack_ciphertext)
# Create and register peer in peer_pool
peer = self.peer_class(
remote=initiator_remote,
privkey=self.privkey,
reader=reader,
writer=writer,
aes_secret=aes_secret,
mac_secret=mac_secret,
egress_mac=egress_mac,
ingress_mac=ingress_mac,
headerdb=self.headerdb,
network_id=self.network_id,
inbound=True,
)
if self.peer_pool.is_full:
peer.disconnect(DisconnectReason.too_many_peers)
else:
# We use self.wait() here as a workaround for
# https://github.com/ethereum/py-evm/issues/670.
await self.wait(self.do_handshake(peer))
async def test_handshake_eip8():
cancel_token = CancelToken("test_handshake_eip8")
use_eip8 = True
initiator_remote = kademlia.Node(
keys.PrivateKey(eip8_values['receiver_private_key']).public_key,
kademlia.Address('0.0.0.0', 0, 0))
initiator = HandshakeInitiator(
initiator_remote,
keys.PrivateKey(eip8_values['initiator_private_key']), use_eip8,
cancel_token)
initiator.ephemeral_privkey = keys.PrivateKey(
eip8_values['initiator_ephemeral_private_key'])
responder_remote = kademlia.Node(
keys.PrivateKey(eip8_values['initiator_private_key']).public_key,
kademlia.Address('0.0.0.0', 0, 0))
responder = HandshakeResponder(
responder_remote, keys.PrivateKey(eip8_values['receiver_private_key']),
use_eip8, cancel_token)
responder.ephemeral_privkey = keys.PrivateKey(
eip8_values['receiver_ephemeral_private_key'])
auth_init_ciphertext = eip8_values['auth_init_ciphertext']
# Check that we can decrypt/decode the EIP-8 auth init message.
initiator_ephemeral_pubkey, initiator_nonce, _ = decode_authentication(
auth_init_ciphertext, responder.privkey)
assert initiator_nonce == eip8_values['initiator_nonce']
assert initiator_ephemeral_pubkey == (keys.PrivateKey(
eip8_values['initiator_ephemeral_private_key']).public_key)
responder_nonce = eip8_values['receiver_nonce']
auth_ack_ciphertext = eip8_values['auth_ack_ciphertext']
aes_secret, mac_secret, egress_mac, ingress_mac = responder.derive_secrets(
initiator_nonce, responder_nonce, initiator_ephemeral_pubkey,
auth_init_ciphertext, auth_ack_ciphertext)
# Check that the secrets derived by the responder match the expected values.
assert aes_secret == eip8_values['expected_aes_secret']
assert mac_secret == eip8_values['expected_mac_secret']
# Also according to https://github.com/ethereum/EIPs/blob/master/EIPS/eip-8.md, running B's
# ingress-mac keccak state on the string "foo" yields the following hash:
ingress_mac_copy = ingress_mac.copy()
ingress_mac_copy.update(b'foo')
assert ingress_mac_copy.hexdigest() == (
'0c7ec6340062cc46f5e9f1e3cf86f8c8c403c5a0964f5df0ebd34a75ddc86db5')
responder_ephemeral_pubkey, responder_nonce = initiator.decode_auth_ack_message(
auth_ack_ciphertext)
(initiator_aes_secret, initiator_mac_secret, initiator_egress_mac,
initiator_ingress_mac) = initiator.derive_secrets(
initiator_nonce, responder_nonce, responder_ephemeral_pubkey,
auth_init_ciphertext, auth_ack_ciphertext)
# Check that the secrets derived by the initiator match the expected values.
assert initiator_aes_secret == eip8_values['expected_aes_secret']
assert initiator_mac_secret == eip8_values['expected_mac_secret']
# Finally, check that two Peers configured with the secrets generated above understand each
# other.
responder_reader = asyncio.StreamReader()
initiator_reader = asyncio.StreamReader()
# Link the initiator's writer to the responder's reader, and the responder's writer to the
# initiator's reader.
responder_writer = MockStreamWriter(initiator_reader.feed_data)
initiator_writer = MockStreamWriter(responder_reader.feed_data)
initiator_peer = DumbPeer(remote=initiator.remote,
privkey=initiator.privkey,
reader=initiator_reader,
writer=initiator_writer,
aes_secret=initiator_aes_secret,
mac_secret=initiator_mac_secret,
egress_mac=initiator_egress_mac,
ingress_mac=initiator_ingress_mac,
headerdb=None,
network_id=1)
initiator_peer.base_protocol.send_handshake()
responder_peer = DumbPeer(remote=responder.remote,
privkey=responder.privkey,
reader=responder_reader,
writer=responder_writer,
aes_secret=aes_secret,
mac_secret=mac_secret,
egress_mac=egress_mac,
ingress_mac=ingress_mac,
headerdb=None,
network_id=1)
responder_peer.base_protocol.send_handshake()
# The handshake msgs sent by each peer (above) are going to be fed directly into their remote's
# reader, and thus the read_msg() calls will return immediately.
responder_hello, _ = await responder_peer.read_msg()
initiator_hello, _ = await initiator_peer.read_msg()
assert isinstance(responder_hello, Hello)
assert isinstance(initiator_hello, Hello)
async def test_handshake():
# TODO: this test should be re-written to not depend on functionality in the `ETHPeer` class.
cancel_token = CancelToken("test_handshake")
use_eip8 = False
initiator_remote = kademlia.Node(
keys.PrivateKey(test_values['receiver_private_key']).public_key,
kademlia.Address('0.0.0.0', 0, 0))
initiator = HandshakeInitiator(
initiator_remote,
keys.PrivateKey(test_values['initiator_private_key']), use_eip8,
cancel_token)
initiator.ephemeral_privkey = keys.PrivateKey(
test_values['initiator_ephemeral_private_key'])
responder_remote = kademlia.Node(
keys.PrivateKey(test_values['initiator_private_key']).public_key,
kademlia.Address('0.0.0.0', 0, 0))
responder = HandshakeResponder(
responder_remote, keys.PrivateKey(test_values['receiver_private_key']),
use_eip8, cancel_token)
responder.ephemeral_privkey = keys.PrivateKey(
test_values['receiver_ephemeral_private_key'])
# Check that the auth message generated by the initiator is what we expect. Notice that we
# can't use the auth_init generated here because the non-deterministic prefix would cause the
# derived secrets to not match the expected values.
_auth_init = initiator.create_auth_message(test_values['initiator_nonce'])
assert len(_auth_init) == len(test_values['auth_plaintext'])
assert _auth_init[65:] == test_values['auth_plaintext'][
65:] # starts with non deterministic k
# Check that encrypting and decrypting the auth_init gets us the orig msg.
_auth_init_ciphertext = initiator.encrypt_auth_message(_auth_init)
assert _auth_init == ecies.decrypt(_auth_init_ciphertext,
responder.privkey)
# Check that the responder correctly decodes the auth msg.
auth_msg_ciphertext = test_values['auth_ciphertext']
initiator_ephemeral_pubkey, initiator_nonce, _ = decode_authentication(
auth_msg_ciphertext, responder.privkey)
assert initiator_nonce == test_values['initiator_nonce']
assert initiator_ephemeral_pubkey == (keys.PrivateKey(
test_values['initiator_ephemeral_private_key']).public_key)
# Check that the auth_ack msg generated by the responder is what we expect.
auth_ack_msg = responder.create_auth_ack_message(
test_values['receiver_nonce'])
assert auth_ack_msg == test_values['authresp_plaintext']
# Check that the secrets derived from ephemeral key agreements match the expected values.
auth_ack_ciphertext = test_values['authresp_ciphertext']
aes_secret, mac_secret, egress_mac, ingress_mac = responder.derive_secrets(
initiator_nonce, test_values['receiver_nonce'],
initiator_ephemeral_pubkey, auth_msg_ciphertext, auth_ack_ciphertext)
assert aes_secret == test_values['aes_secret']
assert mac_secret == test_values['mac_secret']
# Test values are from initiator perspective, so they're reversed here.
assert ingress_mac.digest() == test_values['initial_egress_MAC']
assert egress_mac.digest() == test_values['initial_ingress_MAC']
# Check that the initiator secrets match as well.
responder_ephemeral_pubkey, responder_nonce = initiator.decode_auth_ack_message(
test_values['authresp_ciphertext'])
(initiator_aes_secret, initiator_mac_secret, initiator_egress_mac,
initiator_ingress_mac) = initiator.derive_secrets(
initiator_nonce, responder_nonce, responder_ephemeral_pubkey,
auth_msg_ciphertext, auth_ack_ciphertext)
assert initiator_aes_secret == aes_secret
assert initiator_mac_secret == mac_secret
assert initiator_ingress_mac.digest() == test_values['initial_ingress_MAC']
assert initiator_egress_mac.digest() == test_values['initial_egress_MAC']
# Finally, check that two Peers configured with the secrets generated above understand each
# other.
(
(responder_reader, responder_writer),
(initiator_reader, initiator_writer),
) = get_directly_connected_streams()
capabilities = (('paragon', 1), )
initiator_transport = Transport(remote=initiator_remote,
private_key=initiator.privkey,
reader=initiator_reader,
writer=initiator_writer,
aes_secret=initiator_aes_secret,
mac_secret=initiator_mac_secret,
egress_mac=initiator_egress_mac,
ingress_mac=initiator_ingress_mac)
initiator_p2p_protocol = P2PProtocolV5(initiator_transport, 0, False)
initiator_multiplexer = Multiplexer(
transport=initiator_transport,
base_protocol=initiator_p2p_protocol,
protocols=(),
)
initiator_multiplexer.get_base_protocol().send(
Hello(
HelloPayload(
client_version_string='initiator',
capabilities=capabilities,
listen_port=30303,
version=DEVP2P_V5,
remote_public_key=initiator.privkey.public_key.to_bytes(),
)))
responder_transport = Transport(
remote=responder_remote,
private_key=responder.privkey,
reader=responder_reader,
writer=responder_writer,
aes_secret=aes_secret,
mac_secret=mac_secret,
egress_mac=egress_mac,
ingress_mac=ingress_mac,
)
responder_p2p_protocol = P2PProtocolV5(responder_transport, 0, False)
responder_multiplexer = Multiplexer(
transport=responder_transport,
base_protocol=responder_p2p_protocol,
protocols=(),
)
responder_multiplexer.get_base_protocol().send(
Hello(
HelloPayload(
client_version_string='responder',
capabilities=capabilities,
listen_port=30303,
version=DEVP2P_V5,
remote_public_key=responder.privkey.public_key.to_bytes(),
)))
async with initiator_multiplexer.multiplex():
async with responder_multiplexer.multiplex():
initiator_stream = initiator_multiplexer.stream_protocol_messages(
initiator_p2p_protocol, )
responder_stream = responder_multiplexer.stream_protocol_messages(
responder_p2p_protocol, )
initiator_hello = await asyncio.wait_for(
initiator_stream.asend(None), timeout=0.1)
responder_hello = await asyncio.wait_for(
responder_stream.asend(None), timeout=0.1)
await initiator_stream.aclose()
await responder_stream.aclose()
assert isinstance(responder_hello, Hello)
assert isinstance(initiator_hello, Hello)
async def get_directly_linked_peers_without_handshake(
alice_factory: BasePeerFactory = None,
bob_factory: BasePeerFactory = None) -> Tuple[BasePeer, BasePeer]:
"""
See get_directly_linked_peers().
Neither the P2P handshake nor the sub-protocol handshake will be performed here.
"""
cancel_token = CancelToken("get_directly_linked_peers_without_handshake")
if alice_factory is None:
alice_factory = ParagonPeerFactory(
privkey=ecies.generate_privkey(),
context=ParagonContext(),
token=cancel_token,
)
if bob_factory is None:
bob_factory = ParagonPeerFactory(
privkey=ecies.generate_privkey(),
context=ParagonContext(),
token=cancel_token,
)
alice_private_key = alice_factory.privkey
bob_private_key = bob_factory.privkey
alice_remote = kademlia.Node(bob_private_key.public_key,
kademlia.Address('0.0.0.0', 0, 0))
bob_remote = kademlia.Node(alice_private_key.public_key,
kademlia.Address('0.0.0.0', 0, 0))
use_eip8 = False
initiator = auth.HandshakeInitiator(alice_remote, alice_private_key,
use_eip8, cancel_token)
f_alice: 'asyncio.Future[BasePeer]' = asyncio.Future()
handshake_finished = asyncio.Event()
(
(alice_reader, alice_writer),
(bob_reader, bob_writer),
) = get_directly_connected_streams()
async def do_handshake() -> None:
aes_secret, mac_secret, egress_mac, ingress_mac = await auth._handshake(
initiator, alice_reader, alice_writer, cancel_token)
transport = Transport(
remote=alice_remote,
private_key=alice_factory.privkey,
reader=alice_reader,
writer=alice_writer,
aes_secret=aes_secret,
mac_secret=mac_secret,
egress_mac=egress_mac,
ingress_mac=ingress_mac,
)
alice = alice_factory.create_peer(transport)
f_alice.set_result(alice)
handshake_finished.set()
asyncio.ensure_future(do_handshake())
use_eip8 = False
responder = auth.HandshakeResponder(bob_remote, bob_private_key, use_eip8,
cancel_token)
auth_cipher = await bob_reader.read(constants.ENCRYPTED_AUTH_MSG_LEN)
initiator_ephemeral_pubkey, initiator_nonce, _ = decode_authentication(
auth_cipher, bob_private_key)
responder_nonce = keccak(os.urandom(constants.HASH_LEN))
auth_ack_msg = responder.create_auth_ack_message(responder_nonce)
auth_ack_ciphertext = responder.encrypt_auth_ack_message(auth_ack_msg)
bob_writer.write(auth_ack_ciphertext)
await handshake_finished.wait()
alice = await f_alice
aes_secret, mac_secret, egress_mac, ingress_mac = responder.derive_secrets(
initiator_nonce, responder_nonce, initiator_ephemeral_pubkey,
auth_cipher, auth_ack_ciphertext)
assert egress_mac.digest() == alice.transport._ingress_mac.digest()
assert ingress_mac.digest() == alice.transport._egress_mac.digest()
transport = Transport(
remote=bob_remote,
private_key=bob_factory.privkey,
reader=bob_reader,
writer=bob_writer,
aes_secret=aes_secret,
mac_secret=mac_secret,
egress_mac=egress_mac,
ingress_mac=ingress_mac,
)
bob = bob_factory.create_peer(transport)
return alice, bob
async def test_handshake_eip8():
cancel_token = CancelToken("test_handshake_eip8")
use_eip8 = True
initiator_remote = kademlia.Node(
keys.PrivateKey(eip8_values['receiver_private_key']).public_key,
kademlia.Address('0.0.0.0', 0, 0))
initiator = HandshakeInitiator(
initiator_remote,
keys.PrivateKey(eip8_values['initiator_private_key']), use_eip8,
cancel_token)
initiator.ephemeral_privkey = keys.PrivateKey(
eip8_values['initiator_ephemeral_private_key'])
responder_remote = kademlia.Node(
keys.PrivateKey(eip8_values['initiator_private_key']).public_key,
kademlia.Address('0.0.0.0', 0, 0))
responder = HandshakeResponder(
responder_remote, keys.PrivateKey(eip8_values['receiver_private_key']),
use_eip8, cancel_token)
responder.ephemeral_privkey = keys.PrivateKey(
eip8_values['receiver_ephemeral_private_key'])
auth_init_ciphertext = eip8_values['auth_init_ciphertext']
# Check that we can decrypt/decode the EIP-8 auth init message.
initiator_ephemeral_pubkey, initiator_nonce, _ = decode_authentication(
auth_init_ciphertext, responder.privkey)
assert initiator_nonce == eip8_values['initiator_nonce']
assert initiator_ephemeral_pubkey == (keys.PrivateKey(
eip8_values['initiator_ephemeral_private_key']).public_key)
responder_nonce = eip8_values['receiver_nonce']
auth_ack_ciphertext = eip8_values['auth_ack_ciphertext']
aes_secret, mac_secret, egress_mac, ingress_mac = responder.derive_secrets(
initiator_nonce, responder_nonce, initiator_ephemeral_pubkey,
auth_init_ciphertext, auth_ack_ciphertext)
# Check that the secrets derived by the responder match the expected values.
assert aes_secret == eip8_values['expected_aes_secret']
assert mac_secret == eip8_values['expected_mac_secret']
# Also according to https://github.com/ethereum/EIPs/blob/master/EIPS/eip-8.md, running B's
# ingress-mac keccak state on the string "foo" yields the following hash:
ingress_mac_copy = ingress_mac.copy()
ingress_mac_copy.update(b'foo')
assert ingress_mac_copy.hexdigest() == (
'0c7ec6340062cc46f5e9f1e3cf86f8c8c403c5a0964f5df0ebd34a75ddc86db5')
responder_ephemeral_pubkey, responder_nonce = initiator.decode_auth_ack_message(
auth_ack_ciphertext)
(initiator_aes_secret, initiator_mac_secret, initiator_egress_mac,
initiator_ingress_mac) = initiator.derive_secrets(
initiator_nonce, responder_nonce, responder_ephemeral_pubkey,
auth_init_ciphertext, auth_ack_ciphertext)
# Check that the secrets derived by the initiator match the expected values.
assert initiator_aes_secret == eip8_values['expected_aes_secret']
assert initiator_mac_secret == eip8_values['expected_mac_secret']
# Finally, check that two Peers configured with the secrets generated above understand each
# other.
(
(responder_reader, responder_writer),
(initiator_reader, initiator_writer),
) = get_directly_connected_streams()
capabilities = (('testing', 1), )
initiator_transport = Transport(remote=initiator_remote,
private_key=initiator.privkey,
reader=initiator_reader,
writer=initiator_writer,
aes_secret=initiator_aes_secret,
mac_secret=initiator_mac_secret,
egress_mac=initiator_egress_mac,
ingress_mac=initiator_ingress_mac)
initiator_p2p_protocol = P2PProtocolV5(initiator_transport, 0, False)
initiator_multiplexer = Multiplexer(
transport=initiator_transport,
base_protocol=initiator_p2p_protocol,
protocols=(),
)
initiator_multiplexer.get_base_protocol().send(
Hello(
HelloPayload(
client_version_string='initiator',
capabilities=capabilities,
listen_port=30303,
version=DEVP2P_V5,
remote_public_key=initiator.privkey.public_key.to_bytes(),
)))
responder_transport = Transport(
remote=responder_remote,
private_key=responder.privkey,
reader=responder_reader,
writer=responder_writer,
aes_secret=aes_secret,
mac_secret=mac_secret,
egress_mac=egress_mac,
ingress_mac=ingress_mac,
)
responder_p2p_protocol = P2PProtocolV4(responder_transport, 0, False)
responder_multiplexer = Multiplexer(
transport=responder_transport,
base_protocol=responder_p2p_protocol,
protocols=(),
)
responder_multiplexer.get_base_protocol().send(
Hello(
HelloPayload(
client_version_string='responder',
capabilities=capabilities,
listen_port=30303,
version=DEVP2P_V4,
remote_public_key=responder.privkey.public_key.to_bytes(),
)))
async with initiator_multiplexer.multiplex():
async with responder_multiplexer.multiplex():
initiator_stream = initiator_multiplexer.stream_protocol_messages(
initiator_p2p_protocol, )
responder_stream = responder_multiplexer.stream_protocol_messages(
responder_p2p_protocol, )
initiator_hello = await initiator_stream.asend(None)
responder_hello = await responder_stream.asend(None)
await initiator_stream.aclose()
await responder_stream.aclose()
assert isinstance(responder_hello, Hello)
assert isinstance(initiator_hello, Hello)
async def _receive_handshake(
self, reader: asyncio.StreamReader, writer: asyncio.StreamWriter) -> None:
msg = await self.wait_first(
reader.read(ENCRYPTED_AUTH_MSG_LEN),
timeout=REPLY_TIMEOUT)
ip, socket, *_ = writer.get_extra_info("peername")
remote_address = Address(ip, socket)
self.logger.debug("Receiving handshake from %s", remote_address)
try:
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg, self.privkey)
except DecryptionError:
# Try to decode as EIP8
msg_size = big_endian_to_int(msg[:2])
remaining_bytes = msg_size - ENCRYPTED_AUTH_MSG_LEN + 2
msg += await self.wait_first(
reader.read(remaining_bytes),
timeout=REPLY_TIMEOUT)
try:
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg, self.privkey)
except DecryptionError as e:
self.logger.debug("Failed to decrypt handshake: %s", e)
return
# Create `HandshakeResponder(remote: kademlia.Node, privkey: datatypes.PrivateKey)` instance
initiator_remote = Node(initiator_pubkey, remote_address)
responder = HandshakeResponder(initiator_remote, self.privkey, self.cancel_token)
# Call `HandshakeResponder.create_auth_ack_message(nonce: bytes)` to create the reply
responder_nonce = secrets.token_bytes(HASH_LEN)
auth_ack_msg = responder.create_auth_ack_message(nonce=responder_nonce)
auth_ack_ciphertext = responder.encrypt_auth_ack_message(auth_ack_msg)
# Use the `writer` to send the reply to the remote
writer.write(auth_ack_ciphertext)
await writer.drain()
# Call `HandshakeResponder.derive_shared_secrets()` and use return values to create `Peer`
aes_secret, mac_secret, egress_mac, ingress_mac = responder.derive_secrets(
initiator_nonce=initiator_nonce,
responder_nonce=responder_nonce,
remote_ephemeral_pubkey=ephem_pubkey,
auth_init_ciphertext=msg,
auth_ack_ciphertext=auth_ack_ciphertext
)
# Create and register peer in peer_pool
peer = self.peer_class(
remote=initiator_remote,
privkey=self.privkey,
reader=reader,
writer=writer,
aes_secret=aes_secret,
mac_secret=mac_secret,
egress_mac=egress_mac,
ingress_mac=ingress_mac,
headerdb=self.headerdb,
network_id=self.network_id,
inbound=True,
)
await self.do_handshake(peer)
async def get_directly_linked_peers_without_handshake(
peer1_class=LESPeer, peer1_headerdb=None,
peer2_class=LESPeer, peer2_headerdb=None):
"""See get_directly_linked_peers().
Neither the P2P handshake nor the sub-protocol handshake will be performed here.
"""
cancel_token = CancelToken("get_directly_linked_peers_without_handshake")
if peer1_headerdb is None:
peer1_headerdb = get_fresh_mainnet_headerdb()
if peer2_headerdb is None:
peer2_headerdb = get_fresh_mainnet_headerdb()
peer1_private_key = ecies.generate_privkey()
peer2_private_key = ecies.generate_privkey()
peer1_remote = kademlia.Node(
peer2_private_key.public_key, kademlia.Address('0.0.0.0', 0, 0))
peer2_remote = kademlia.Node(
peer1_private_key.public_key, kademlia.Address('0.0.0.0', 0, 0))
use_eip8 = False
initiator = auth.HandshakeInitiator(peer1_remote, peer1_private_key, use_eip8, cancel_token)
peer2_reader = asyncio.StreamReader()
peer1_reader = asyncio.StreamReader()
# Link the peer1's writer to the peer2's reader, and the peer2's writer to the
# peer1's reader.
peer2_writer = MockStreamWriter(peer1_reader.feed_data)
peer1_writer = MockStreamWriter(peer2_reader.feed_data)
peer1, peer2 = None, None
handshake_finished = asyncio.Event()
async def do_handshake():
nonlocal peer1
aes_secret, mac_secret, egress_mac, ingress_mac = await auth._handshake(
initiator, peer1_reader, peer1_writer, cancel_token)
peer1 = peer1_class(
remote=peer1_remote, privkey=peer1_private_key, reader=peer1_reader,
writer=peer1_writer, aes_secret=aes_secret, mac_secret=mac_secret,
egress_mac=egress_mac, ingress_mac=ingress_mac, headerdb=peer1_headerdb,
network_id=1)
handshake_finished.set()
asyncio.ensure_future(do_handshake())
use_eip8 = False
responder = auth.HandshakeResponder(peer2_remote, peer2_private_key, use_eip8, cancel_token)
auth_cipher = await peer2_reader.read(constants.ENCRYPTED_AUTH_MSG_LEN)
initiator_ephemeral_pubkey, initiator_nonce, _ = decode_authentication(
auth_cipher, peer2_private_key)
responder_nonce = keccak(os.urandom(constants.HASH_LEN))
auth_ack_msg = responder.create_auth_ack_message(responder_nonce)
auth_ack_ciphertext = responder.encrypt_auth_ack_message(auth_ack_msg)
peer2_writer.write(auth_ack_ciphertext)
await handshake_finished.wait()
aes_secret, mac_secret, egress_mac, ingress_mac = responder.derive_secrets(
initiator_nonce, responder_nonce, initiator_ephemeral_pubkey,
auth_cipher, auth_ack_ciphertext)
assert egress_mac.digest() == peer1.ingress_mac.digest()
assert ingress_mac.digest() == peer1.egress_mac.digest()
peer2 = peer2_class(
remote=peer2_remote, privkey=peer2_private_key, reader=peer2_reader,
writer=peer2_writer, aes_secret=aes_secret, mac_secret=mac_secret,
egress_mac=egress_mac, ingress_mac=ingress_mac, headerdb=peer2_headerdb,
network_id=1)
return peer1, peer2
async def _receive_handshake(self, reader: asyncio.StreamReader,
writer: asyncio.StreamWriter) -> None:
self.logger.debug("Receiving handshake...")
# Use reader to read the auth_init msg until EOF
msg = await wait_with_token(
reader.read(ENCRYPTED_AUTH_MSG_LEN),
token=self.cancel_token,
)
# Use decode_authentication(auth_init_message) on auth init msg
try:
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg, self.privkey)
# Try to decode as EIP8
except DecryptionError:
msg_size = big_endian_to_int(msg[:2])
remaining_bytes = msg_size - ENCRYPTED_AUTH_MSG_LEN + 2
msg += await wait_with_token(
reader.read(remaining_bytes),
token=self.cancel_token,
)
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg, self.privkey)
# Get remote's address: IPv4 or IPv6
ip, socket, *_ = writer.get_extra_info("peername")
remote_address = Address(ip, socket)
# Create `HandshakeResponder(remote: kademlia.Node, privkey: datatypes.PrivateKey)` instance
initiator_remote = Node(initiator_pubkey, remote_address)
responder = HandshakeResponder(initiator_remote, self.privkey)
# Call `HandshakeResponder.create_auth_ack_message(nonce: bytes)` to create the reply
responder_nonce = secrets.token_bytes(HASH_LEN)
auth_ack_msg = responder.create_auth_ack_message(nonce=responder_nonce)
auth_ack_ciphertext = responder.encrypt_auth_ack_message(auth_ack_msg)
# Use the `writer` to send the reply to the remote
writer.write(auth_ack_ciphertext)
await writer.drain()
# Call `HandshakeResponder.derive_shared_secrets()` and use return values to create `Peer`
aes_secret, mac_secret, egress_mac, ingress_mac = responder.derive_secrets(
initiator_nonce=initiator_nonce,
responder_nonce=responder_nonce,
remote_ephemeral_pubkey=ephem_pubkey,
auth_init_ciphertext=msg,
auth_ack_ciphertext=auth_ack_ciphertext)
# Create and register peer in peer_pool
peer = self.peer_class(remote=initiator_remote,
privkey=self.privkey,
reader=reader,
writer=writer,
aes_secret=aes_secret,
mac_secret=mac_secret,
egress_mac=egress_mac,
ingress_mac=ingress_mac,
chaindb=self.chaindb,
network_id=self.network_id)
await self.do_p2p_handshake(peer)
async def _receive_handshake(
self, reader: asyncio.StreamReader, writer: asyncio.StreamWriter) -> None:
msg = await self.wait(
reader.read(ENCRYPTED_AUTH_MSG_LEN),
timeout=REPLY_TIMEOUT)
peername = writer.get_extra_info("peername")
if peername is None:
socket = writer.get_extra_info("socket")
sockname = writer.get_extra_info("sockname")
raise HandshakeFailure(
"Received incoming connection with no remote information:"
f"socket={repr(socket)} sockname={sockname}"
)
ip, socket, *_ = peername
remote_address = Address(ip, socket)
self.logger.debug("Receiving handshake from %s", remote_address)
try:
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg, self.privkey)
except DecryptionError as non_eip8_err:
# Try to decode as EIP8
got_eip8 = True
msg_size = big_endian_to_int(msg[:2])
remaining_bytes = msg_size - ENCRYPTED_AUTH_MSG_LEN + 2
msg += await self.wait(
reader.read(remaining_bytes),
timeout=REPLY_TIMEOUT)
try:
ephem_pubkey, initiator_nonce, initiator_pubkey = decode_authentication(
msg, self.privkey)
except DecryptionError as eip8_err:
raise HandshakeFailure(
f"Failed to decrypt both EIP8 handshake: {eip8_err} and "
f"non-EIP8 handshake: {non_eip8_err}"
)
else:
got_eip8 = False
initiator_remote = Node(initiator_pubkey, remote_address)
responder = HandshakeResponder(initiator_remote, self.privkey, got_eip8, self.cancel_token)
responder_nonce = secrets.token_bytes(HASH_LEN)
auth_ack_msg = responder.create_auth_ack_message(responder_nonce)
auth_ack_ciphertext = responder.encrypt_auth_ack_message(auth_ack_msg)
# Use the `writer` to send the reply to the remote
writer.write(auth_ack_ciphertext)
await self.wait(writer.drain())
# Call `HandshakeResponder.derive_shared_secrets()` and use return values to create `Peer`
aes_secret, mac_secret, egress_mac, ingress_mac = responder.derive_secrets(
initiator_nonce=initiator_nonce,
responder_nonce=responder_nonce,
remote_ephemeral_pubkey=ephem_pubkey,
auth_init_ciphertext=msg,
auth_ack_ciphertext=auth_ack_ciphertext
)
transport = Transport(
remote=initiator_remote,
private_key=self.privkey,
reader=reader,
writer=writer,
aes_secret=aes_secret,
mac_secret=mac_secret,
egress_mac=egress_mac,
ingress_mac=ingress_mac,
)
# Create and register peer in peer_pool
peer = self.peer_pool.get_peer_factory().create_peer(
transport=transport,
inbound=True,
)
if self.peer_pool.is_full:
await peer.disconnect(DisconnectReason.too_many_peers)
return
elif not self.peer_pool.is_valid_connection_candidate(peer.remote):
await peer.disconnect(DisconnectReason.useless_peer)
return
total_peers = len(self.peer_pool)
inbound_peer_count = len([
peer
for peer
in self.peer_pool.connected_nodes.values()
if peer.inbound
])
if total_peers > 1 and inbound_peer_count / total_peers > DIAL_IN_OUT_RATIO:
# make sure to have at least 1/4 outbound connections
await peer.disconnect(DisconnectReason.too_many_peers)
else:
# We use self.wait() here as a workaround for
# https://github.com/ethereum/py-evm/issues/670.
await self.wait(self.do_handshake(peer))