From 79b0491a758b519feabef204ace6a9ce711ecfef Mon Sep 17 00:00:00 2001 From: stcb <21@stcb.cc> Date: Sat, 29 Mar 2025 11:17:26 +0200 Subject: [PATCH] Update diagram, add HKDF derivation --- protocol_prototype/IcingProtocol.drawio | 163 +++++++++++++++++------- protocol_prototype/cli.py | 145 +++++++++++---------- protocol_prototype/messages.py | 31 ++--- protocol_prototype/protocol.py | 121 ++++++++++++++---- 4 files changed, 301 insertions(+), 159 deletions(-) diff --git a/protocol_prototype/IcingProtocol.drawio b/protocol_prototype/IcingProtocol.drawio index cbb1e62..683237e 100644 --- a/protocol_prototype/IcingProtocol.drawio +++ b/protocol_prototype/IcingProtocol.drawio @@ -260,11 +260,11 @@ - + - + @@ -281,55 +281,58 @@ - + - + + + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -337,28 +340,28 @@ - + - + - + - + - + @@ -366,25 +369,25 @@ - + - + - + - + @@ -392,7 +395,7 @@ - + @@ -400,58 +403,124 @@ - + - + - + - + - + - + - + - + - + - + - - + + - + - + - + - + - + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/protocol_prototype/cli.py b/protocol_prototype/cli.py index 600376b..48894ee 100644 --- a/protocol_prototype/cli.py +++ b/protocol_prototype/cli.py @@ -22,91 +22,90 @@ def main(): print(" connect ") print(" generate_ephemeral_keys") print(" send_ping") - print(" send_handshake") print(" respond_ping <0|1>") + print(" send_handshake") print(" generate_ecdhe ") + print(" derive_hkdf") print(" auto_responder ") print(" show_state") print(" exit\n") while True: - try: - line = input("Cmd> ").strip() - except EOFError: - break - if not line: - continue - - parts = line.split() - cmd = parts[0].lower() - - if cmd == "exit": - protocol.stop() - sys.exit(0) - - elif cmd == "show_state": - protocol.show_state() - - elif cmd == "set_peer_identity": - if len(parts) != 2: - print(f"{RED}Usage: set_peer_identity {RESET}") - continue - protocol.set_peer_identity(parts[1]) - - elif cmd == "connect": - if len(parts) != 2: - print(f"{RED}Usage: connect {RESET}") - continue + while True: try: - port = int(parts[1]) - protocol.connect_to_peer(port) - except ValueError: - print(f"{RED}Invalid port.{RESET}") - - elif cmd == "generate_ephemeral_keys": - protocol.generate_ephemeral_keys() - - elif cmd == "send_ping": - protocol.send_ping_request() - - elif cmd == "send_handshake": - protocol.send_handshake() - - elif cmd == "respond_ping": - if len(parts) != 3: - print(f"{RED}Usage: respond_ping {RESET}") + line = input("Cmd> ").strip() + except EOFError: + break + if not line: continue - try: - idx = int(parts[1]) - ac = int(parts[2]) - protocol.respond_to_ping(idx, ac) - except ValueError: - print(f"{RED}Index and answer_code must be integers.{RESET}") + parts = line.split() + cmd = parts[0].lower() - elif cmd == "generate_ecdhe": - if len(parts) != 2: - print(f"{RED}Usage: generate_ecdhe {RESET}") - continue - try: - idx = int(parts[1]) - protocol.generate_ecdhe(idx) - except ValueError: - print(f"{RED}Index must be an integer.{RESET}") + if cmd == "exit": + protocol.stop() + sys.exit(0) + + elif cmd == "show_state": + protocol.show_state() + + elif cmd == "set_peer_identity": + if len(parts) != 2: + print("Usage: set_peer_identity ") + continue + protocol.set_peer_identity(parts[1]) + + elif cmd == "connect": + if len(parts) != 2: + print("Usage: connect ") + continue + try: + port = int(parts[1]) + protocol.connect_to_peer(port) + except ValueError: + print("Invalid port.") + + elif cmd == "generate_ephemeral_keys": + protocol.generate_ephemeral_keys() + + elif cmd == "send_ping": + protocol.send_ping_request() + + elif cmd == "send_handshake": + protocol.send_handshake() + + elif cmd == "respond_ping": + if len(parts) != 3: + print("Usage: respond_ping <0|1>") + continue + try: + idx = int(parts[1]) + ac = int(parts[2]) + protocol.respond_to_ping(idx, ac) + except ValueError: + print("Index and answer must be integers.") + + elif cmd == "generate_ecdhe": + if len(parts) != 2: + print("Usage: generate_ecdhe ") + continue + try: + idx = int(parts[1]) + protocol.generate_ecdhe(idx) + except ValueError: + print("Index must be an integer.") + + elif cmd == "derive_hkdf": + protocol.derive_hkdf() + + elif cmd == "auto_responder": + if len(parts) != 2: + print("Usage: auto_responder ") + continue + arg = parts[1].lower() + protocol.enable_auto_responder(arg == "on") - elif cmd == "auto_responder": - if len(parts) != 2: - print(f"{RED}Usage: auto_responder {RESET}") - continue - arg = parts[1].lower() - if arg == "on": - protocol.enable_auto_responder(True) - elif arg == "off": - protocol.enable_auto_responder(False) else: - print(f"{RED}Usage: auto_responder {RESET}") - - else: - print(f"{RED}[ERROR]{RESET} Unknown command: {cmd}") + print(f"{RED}[ERROR]{RESET} Unknown command: {cmd}") if __name__ == "__main__": diff --git a/protocol_prototype/messages.py b/protocol_prototype/messages.py index 7194e73..55f5f5c 100644 --- a/protocol_prototype/messages.py +++ b/protocol_prototype/messages.py @@ -20,40 +20,41 @@ def crc32_of(data: bytes) -> int: # In practice, we store 37 bytes (296 bits); 1 bit is unused. # ============================================================================= -def build_ping_request(version: int) -> bytes: +def build_ping_request(version: int, nonce: bytes = None) -> bytes: """ Build a Ping request with: - 256-bit nonce (32 bytes) - 7-bit version - 32-bit CRC - We do bit-packing. The final result is 37 bytes (296 bits), with 1 unused bit. + Total = 295 bits logically. + Since 295 bits do not fill an integer number of bytes, we pack into 37 bytes (296 bits), + with one unused bit. """ + if nonce is None: + nonce = os.urandom(32) # 32 bytes = 256 bits + if len(nonce) != 32: + raise ValueError("Nonce must be exactly 32 bytes.") if not (0 <= version < 128): raise ValueError("Version must fit in 7 bits (0..127)") - # 1) Generate 256-bit nonce - nonce = os.urandom(32) # 32 bytes = 256 bits + # Build the partial integer: + # Shift the nonce (256 bits) left by 7 bits and then OR with the 7-bit version. + partial_int = int.from_bytes(nonce, 'big') << 7 + partial_int |= version # version occupies the lower 7 bits - # We'll build partial_data = [nonce (256 bits), version (7 bits)] as an integer - # Then compute CRC-32 over those bytes, then append 32 bits of CRC. - partial_int = int.from_bytes(nonce, 'big') << 7 # shift left 7 bits - partial_int |= version # put version in the low 7 bits - - # Convert partial to bytes - # partial is 256+7=263 bits => needs 33 bytes to store + # Convert to 33 bytes (263 bits needed) partial_bytes = partial_int.to_bytes(33, 'big') - # Compute CRC over partial_bytes + # Compute CRC over these 33 bytes cval = crc32_of(partial_bytes) - # Now combine partial_data (263 bits) with 32 bits of CRC => 295 bits - # We'll store that in a single integer + # Combine partial data (263 bits) with the 32-bit CRC => 295 bits total. final_int = (int.from_bytes(partial_bytes, 'big') << 32) | cval - # final_int is 263+32=295 bits, needs 37 bytes to store (the last bit is unused). final_bytes = final_int.to_bytes(37, 'big') return final_bytes + def parse_ping_request(data: bytes): """ Parse a Ping request (37 bytes = 295 bits). diff --git a/protocol_prototype/protocol.py b/protocol_prototype/protocol.py index 99e22e3..74c71db 100644 --- a/protocol_prototype/protocol.py +++ b/protocol_prototype/protocol.py @@ -1,8 +1,8 @@ import random +import os import time import threading from typing import List, Dict, Any -from crypto_utils import raw_signature_to_der from crypto_utils import ( generate_identity_keys, @@ -20,6 +20,9 @@ from messages import ( ) import transmission +from cryptography.hazmat.primitives.kdf.hkdf import HKDF +from cryptography.hazmat.primitives import hashes + # ANSI colors RED = "\033[91m" GREEN = "\033[92m" @@ -30,30 +33,27 @@ RESET = "\033[0m" class IcingProtocol: def __init__(self): - # Identity keys + # Identity keys (each 512 bits when printed as hex of 64 bytes) self.identity_privkey, self.identity_pubkey = generate_identity_keys() - # Peer identity + # Peer identity for verifying ephemeral signatures self.peer_identity_pubkey_obj = None self.peer_identity_pubkey_bytes = None - # Ephemeral keys + # Ephemeral keys (our side) self.ephemeral_privkey = None self.ephemeral_pubkey = None - # Last computed shared secret (hex) + # Last computed shared secret (hex string) self.shared_secret = None - # For PFS: track session_number + last_shared_secret per peer identity - # Key: bytes(64) peer identity pubkey - # Value: (int session_number, str last_shared_secret_hex) + # Derived HKDF key (hex string, 256 bits) + self.hkdf_key = None + + # For PFS: track per-peer session info (session number and last shared secret) self.pfs_history: Dict[bytes, (int, str)] = {} - # Inbound messages are stored for manual or auto handling - # Each entry: { 'type': str, 'raw': bytes, 'parsed': Any, 'connection': PeerConnection } - self.inbound_messages: List[Dict[str, Any]] = [] - - # Simple dictionary to track protocol flags + # Protocol flags self.state = { "ping_sent": False, "ping_received": False, @@ -64,10 +64,15 @@ class IcingProtocol: # Auto-responder toggle self.auto_responder = False - # Connections + # Active connections list self.connections = [] - # Listening port + # Inbound messages (each message is a dict with keys: type, raw, parsed, connection) + self.inbound_messages: List[Dict[str, Any]] = [] + + # Store the session nonce (32 bytes) from our first sent or received PING + self.session_nonce: bytes = None + self.local_port = random.randint(30000, 40000) self.server_listener = transmission.ServerListener( host="127.0.0.1", @@ -86,20 +91,18 @@ class IcingProtocol: self.connections.append(conn) def on_data_received(self, conn: transmission.PeerConnection, data: bytes): - """ - Called whenever data arrives on any open PeerConnection. - We'll parse and store the message, then handle automatically if auto_responder is on. - """ - # Print data size in bits, not bytes - bits_count = len(data)*8 + bits_count = len(data) * 8 print(f"{GREEN}[RECV]{RESET} {bits_count} bits from peer: {data.hex()[:60]}{'...' if len(data.hex())>60 else ''}") - - # Attempt to parse Ping request + # For a PING_REQUEST, parse and store the session nonce if not already set. if len(data) == 37: parsed = parse_ping_request(data) if parsed: nonce, version = parsed self.state["ping_received"] = True + # Store session nonce if not already set + if self.session_nonce is None: + self.session_nonce = nonce + print(f"{YELLOW}[NOTICE]{RESET} Stored session nonce from received PING.") index = len(self.inbound_messages) msg = { "type": "PING_REQUEST", @@ -170,6 +173,64 @@ class IcingProtocol: self.inbound_messages.append(msg) print(f"{RED}[WARNING]{RESET} Unrecognized or malformed message stored at index={index}.") + + # ------------------------------------------------------------------------- + # HKDF Derivation + # ------------------------------------------------------------------------- + + def derive_hkdf(self): + """ + Derives a 256-bit key using HKDF. + Uses as input keying material (IKM) the shared secret from ECDH. + The salt is computed as SHA256(session_nonce || pfs_param), where: + - session_nonce is taken from self.session_nonce (32 bytes) or defaults to zeros. + - pfs_param is taken from the first inbound HANDSHAKE's pfs_hash field (32 bytes) or zeros. + """ + if not self.shared_secret: + print(f"{RED}[ERROR]{RESET} No shared secret available; cannot derive HKDF key.") + return + + # IKM: shared secret converted from hex to bytes. + ikm = bytes.fromhex(self.shared_secret) + # Use stored session_nonce if available; otherwise default to zeros. + session_nonce = self.session_nonce if self.session_nonce is not None else (b"\x00" * 32) + + # Determine pfs_param from first HANDSHAKE message (if any) + pfs_param = None + for msg in self.inbound_messages: + if msg["type"] == "HANDSHAKE": + # Expect parsed handshake as tuple: (timestamp, ephemeral_pub, ephemeral_sig, pfs_hash) + try: + _, _, _, pfs_param = msg["parsed"] + except Exception: + pfs_param = None + break + if pfs_param is None: + print(f"{RED}[WARNING]{RESET} No HANDSHAKE found; using 32 zero bytes for pfs_param.") + pfs_param = b"\x00" * 32 # 256-bit zeros + + # Ensure both are bytes + if isinstance(session_nonce, str): + session_nonce = session_nonce.encode() + if isinstance(pfs_param, str): + pfs_param = pfs_param.encode() + + from cryptography.hazmat.primitives import hashes + from cryptography.hazmat.primitives.kdf.hkdf import HKDF + hasher = hashes.Hash(hashes.SHA256()) + hasher.update(session_nonce + pfs_param) + salt_value = hasher.finalize() + + hkdf = HKDF( + algorithm=hashes.SHA256(), + length=32, # 256 bits + salt=salt_value, + info=b"", + ) + derived_key = hkdf.derive(ikm) + self.hkdf_key = derived_key.hex() + print(f"{GREEN}[HKDF]{RESET} Derived HKDF key: {self.hkdf_key}") + # ------------------------------------------------------------------------- # Auto-responder helpers # ------------------------------------------------------------------------- @@ -228,7 +289,12 @@ class IcingProtocol: if not self.connections: print(f"{RED}[ERROR]{RESET} No active connections.") return - pkt = build_ping_request(version=0) + # Generate a new nonce for this ping and store it as session_nonce if not already set. + nonce = os.urandom(32) + if self.session_nonce is None: + self.session_nonce = nonce + print(f"{YELLOW}[NOTICE]{RESET} Stored session nonce from sent PING.") + pkt = build_ping_request(version=0, nonce=nonce) self._send_packet(self.connections[0], pkt, "PING_REQUEST") self.state["ping_sent"] = True @@ -373,6 +439,13 @@ class IcingProtocol: print(f"\nShared Secret: {self.shared_secret if self.shared_secret else '[None]'}") + if self.hkdf_key: + print(f"HKDF Derived Key: {self.hkdf_key.hex()} (size: {len(self.hkdf_key)*8} bits)") + else: + print("HKDF Derived Key: [None]") + + print("\nSession Nonce: " + (self.session_nonce.hex() if self.session_nonce else "[None]")) + print("\nProtocol Flags:") for k, v in self.state.items(): print(f" {k}: {v}")