plizonczyk / noiseprotocol Goto Github PK

Any full client server example in readme should help a lot...

pow(x, y[, z])
Return x to the power y; if z is present, return x to the power y, modulo z (computed more efficiently than pow(x, y) % z). The two-argument form pow(x, y) is equivalent to using the power operator: x**y.

For the first iteration - host autodoc-generated documentation on readthedocs.

New version of pyca/cryptography got released today. Required version should be bumped. Python 3.5 support should be working after fully switching to cryptography as crypto primitives source.

Attempting to use this, and there is serious lack of documentation associated w/ how to use it.

There isn't any docs on what the various ciphers and key pair options are. There isn't documentation on how to generate key pairs. Only via the examples is there even an example on how to use static keys.

The Rust version of Noise protocol snow contains additional test vectors. I've pulled them in and simply loaded as the other test vector files (the new ones are one layer deeper in the JSON file behind "vectors" key, I've saved the list directly).

Previously, there were 104 and now there are 408. pytest gave me 304 failures. This suggests some general problem, but the things I've checked so far (e.g. the structure of the test vectors, their keys etc.) look similar between the old snow test vectors and the new ones.

I'm going to take a deeper look.

I noticed the following deprecation warning when running a magic-wormhole test:

.../.tox/py35/lib/python3.5/site-packages/cryptography/hazmat/backends/openssl/x25519.py:35: CryptographyDeprecationWarning: public_bytes now requires encoding and format arguments. Support for calling without arguments will be removed in cryptography 2.7

I think this is coming from noise/backends/default/diffie_hellmans.py, where it does return KeyPair25519(private_key, public_key, public_key.public_bytes()). I'm guessing that cryptography now wants additional arguments for the public_bytes() call to specify the encoding.

The x25519 module is also imported by noise/backends/default/keypairs.py, so maybe something will need to be patched in there too.

Cc'ing @reaperhulk to get a sense for how urgent this might or might not be.

I can appreciate requiring a specific version or newer, e.g. cryptography>=2.1.4, but why prevent more recent versions from being used? The pin causes my project to downgrade cryptography when I add noiseprotocol, because the current release still has a pin on 2.1.3 . Making a new noiseprotocol release will help, but it'll probably run into the same problem again in a month or two when they make a new cryptography release.

Would you accept a PR to make that >= ?

thanks!

@plizonczyk firts of all, congrats for your code.

I ran the pytest and it is ok, but I got the sample in the main page (socket client and server in python) and the server crash when I connect with the client and I getting the bellow error in server side:

noise.exceptions.NoiseValidationError: Keypair s has to be set for chosen handshake pattern

I used Noise_IK_25519_AESGCM_SHA256 and others.

Previous releases, such as 0.3.0 had both a wheel and a tar.gz/zip source distributable.
0.3.1 only has a wheel uploaded to PyPI.

Compare:
https://pypi.org/project/noiseprotocol/0.3.0/#files
https://pypi.org/project/noiseprotocol/0.3.1/#files

This breaks pip install --no-binary :all: noiseprotocol
(or indeed pip installing anything that pulls in noiseprotocol as a dependency)

Without any warranties.

If installed/run on python 3.4, it fails to work:

problem in noise.connection - ImportError: No module named 'typing'

(p) nmac,ttys022,~/github/noiseprotocol,549$python --version
Python 3.4.10

Either prevent installation on python 3.4, or add typing as a required dependency, as it appears that installing the pip module typing make things work.

As suggested by Trevor (@trevp), NoiseBuilder name is a bit off, as it's the main interface of the library.
Additionally, ed25519 and ed448 shall be renamed to x25519 and x448 respectively.
Filenames could be a little bit more explicit on their contents (e.g. "functions.py", "crypto.py" and "state.py")

I can't claim to fully understand the Noise protocol, but I think MAX_MESSAGE_LEN should be 65535 - 16.

The protocol specs say "A Noise transport message is simply an AEAD ciphertext that is less than or equal to 65535 bytes in length, and that consists of an encrypted payload plus 16 bytes of authentication data."

Indeed, if I encrypt a 65535-byte message, I get 65551 bytes out -- which fails to round-trip back through .decrypt(). I will comment with a test-case.

Apparently OpenSSL finally supports x448/ed448 - https://github.com/openssl/openssl/blob/master/CHANGES#L47
Will require upgrading cryptography requirement to 2.2.x as that's where's OpenSSL 1.1.1 included.

I try to package this for Gentoo. Since we build everything from source and that did not seem to be available on pypi I tried to get it from github and noticed that the tags for the newest versions are missing.

• Abstract crypto usage to backend class
• Create default backend (the one used right now)

Having noiseprotocol support Noise_XK_secp256k1_ChaChaPoly_SHA256 (the Lightning variant of Noise) would be very useful for developers looking to build Lightning Network related projects in Python.

See BOLT #8: Encrypted and Authenticated Transport for details.

As far as I know there are no Noise protocol frameworks in Python with support for Noise_XK_secp256k1_ChaChaPoly_SHA256.

Sorry if these are already somehow implemented, but I need a handshake pattern either like X1X or X1X1 for the application i'm developing (where entity authentication is done using a database of known remote static pubkeys). Let me know if this is possible

• Allow '/' in protocol name
• Add SymmetricState.GetHandshakeHash()
• Add CipherState.SetNonce()

Some guesses off the top of the head:

• type hinting
• BLAKE2s/BLAKE2b support (buggy in pyca/cryptography for now and only supported by hashlib in Python 3.6) - fixed in new version