fix: address points in issue #4138 and companions (#4336)

Description --- Fix issues #4138, #4333 and #4170. Motivation and Context --- Add domain separation and cipher authentication for out bound messaging How Has This Been Tested? --- Unit tests.
tari-project · Jul 28, 2022 · 2ca0672 · 2ca0672
1 parent c73de62
commit 2ca0672
Show file tree

Hide file tree

Showing 28 changed files with 491 additions and 245 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/base_layer/core/src/transactions/transaction_components/test.rs b/base_layer/core/src/transactions/transaction_components/test.rs
@@ -23,7 +23,7 @@
 use digest::Digest;
 use rand::{self, rngs::OsRng};
 use tari_common_types::types::{BlindingFactor, ComSignature, CommitmentFactory, PrivateKey, PublicKey, Signature};
-use tari_comms::types::Challenge;
+use tari_comms::types::CommsChallenge;
 use tari_crypto::{
     commitment::HomomorphicCommitmentFactory,
     errors::RangeProofError,
@@ -608,7 +608,7 @@ mod validate_internal_consistency {
 
         //---------------------------------- Case2 - PASS --------------------------------------------//
         features.parent_public_key = Some(PublicKey::default());
-        let hash = Challenge::new()
+        let hash = CommsChallenge::new()
             .chain(Some(PublicKey::default()).to_consensus_bytes())
             .chain(Some(unique_id.clone()).to_consensus_bytes())
             .finalize();

diff --git a/base_layer/core/src/transactions/transaction_protocol/mod.rs b/base_layer/core/src/transactions/transaction_protocol/mod.rs
@@ -89,7 +89,7 @@ use derivative::Derivative;
 use digest::Digest;
 use serde::{Deserialize, Serialize};
 use tari_common_types::types::{PrivateKey, PublicKey};
-use tari_comms::types::Challenge;
+use tari_comms::types::CommsChallenge;
 use tari_crypto::{errors::RangeProofError, signatures::SchnorrSignatureError, tari_utilities::byte_array::ByteArray};
 use thiserror::Error;
 
@@ -154,7 +154,7 @@ pub struct RewindData {
 
 /// Convenience function that calculates the challenge for the Schnorr signatures
 pub fn build_challenge(sum_public_nonces: &PublicKey, metadata: &TransactionMetadata) -> [u8; 32] {
-    Challenge::new()
+    CommsChallenge::new()
         .chain(sum_public_nonces.as_bytes())
         .chain(&u64::from(metadata.fee).to_le_bytes())
         .chain(&metadata.lock_height.to_le_bytes())

diff --git a/base_layer/p2p/src/services/liveness/service.rs b/base_layer/p2p/src/services/liveness/service.rs
@@ -486,7 +486,7 @@ mod test {
             dht_header: DhtMessageHeader {
                 version: DhtProtocolVersion::latest(),
                 destination: Default::default(),
-                origin_mac: Vec::new(),
+                message_signature: Vec::new(),
                 ephemeral_public_key: None,
                 message_type: DhtMessageType::None,
                 flags: Default::default(),

diff --git a/base_layer/p2p/src/test_utils.rs b/base_layer/p2p/src/test_utils.rs
@@ -63,7 +63,7 @@ pub fn make_dht_header(trace: MessageTag) -> DhtMessageHeader {
     DhtMessageHeader {
         version: DhtProtocolVersion::latest(),
         destination: NodeDestination::Unknown,
-        origin_mac: Vec::new(),
+        message_signature: Vec::new(),
         ephemeral_public_key: None,
         message_type: DhtMessageType::None,
         flags: DhtMessageFlags::NONE,

diff --git a/base_layer/wallet/tests/support/comms_and_services.rs b/base_layer/wallet/tests/support/comms_and_services.rs
@@ -80,7 +80,7 @@ pub fn create_dummy_message<T>(inner: T, public_key: &CommsPublicKey) -> DomainM
         dht_header: DhtMessageHeader {
             version: DhtProtocolVersion::latest(),
             ephemeral_public_key: None,
-            origin_mac: Vec::new(),
+            message_signature: Vec::new(),
             message_type: Default::default(),
             flags: Default::default(),
             destination: Default::default(),

diff --git a/comms/core/src/peer_manager/identity_signature.rs b/comms/core/src/peer_manager/identity_signature.rs
@@ -35,7 +35,7 @@ use crate::{
     multiaddr::Multiaddr,
     peer_manager::{Peer, PeerFeatures, PeerManagerError},
     proto,
-    types::{Challenge, CommsPublicKey, CommsSecretKey, Signature},
+    types::{CommsChallenge, CommsPublicKey, CommsSecretKey, Signature},
 };
 
 /// Signature that secures the peer identity
@@ -136,9 +136,9 @@ impl IdentitySignature {
         features: PeerFeatures,
         addresses: I,
         updated_at: DateTime<Utc>,
-    ) -> Challenge {
+    ) -> CommsChallenge {
         // e = H(P||R||m)
-        let challenge = Challenge::new()
+        let challenge = CommsChallenge::new()
             .chain(public_key.as_bytes())
             .chain(public_nonce.as_bytes())
             .chain(version.to_le_bytes())

diff --git a/comms/core/src/types.rs b/comms/core/src/types.rs
@@ -41,7 +41,7 @@ pub type CommsPublicKey = RistrettoPublicKey;
 pub type CommsSecretKey = <CommsPublicKey as PublicKey>::K;
 
 /// Specify the digest type for the signature challenges
-pub type Challenge = Blake256;
+pub type CommsChallenge = Blake256;
 /// Comms signature type
 pub type Signature = SchnorrSignature<CommsPublicKey, CommsSecretKey>;
 

diff --git a/comms/dht/Cargo.toml b/comms/dht/Cargo.toml
@@ -23,6 +23,7 @@ anyhow = "1.0.53"
 bitflags = "1.2.0"
 bytes = "0.5"
 chacha20 = "0.7.1"
+chacha20poly1305 = "0.9.1"
 chrono = { version = "0.4.19", default-features = false }
 diesel = { version = "1.4.7", features = ["sqlite", "serde_json", "chrono", "numeric"] }
 diesel_migrations = "1.4.0"