BIP324: Add encrypted p2p transport {de}serializer #23233

pull dhruv wants to merge 10 commits into bitcoin:master from dhruv:bip324-net-v2 changing 26 files +1600 −654
  1. dhruv commented at 7:01 pm on October 8, 2021: contributor

    Revives #18242. Depends on #25361 (please review that first, the last 4 commits are to be reviewed here).

    This PR adds a p2p message transport {de}serializer for encrypted packets leveraging the BIP324 specification.

    The dependency tree for BIP324 PRs is here.

  2. dhruv force-pushed on Oct 8, 2021
  3. dhruv force-pushed on Oct 8, 2021
  4. dhruv force-pushed on Oct 8, 2021
  5. DrahtBot added the label Build system on Oct 8, 2021
  6. DrahtBot added the label P2P on Oct 8, 2021
  7. DrahtBot added the label Utils/log/libs on Oct 8, 2021
  8. dhruv commented at 10:45 pm on October 8, 2021: contributor
    Rebased and lint errors fixed. Ready for review.
  9. in src/test/fuzz/crypto_chacha20_poly1305_aead.cpp:41 in f81e8add76 outdated
    60-                seqnr_payload = fuzzed_data_provider.ConsumeIntegral<uint64_t>();
    61-            },
    62-            [&] {
    63-                seqnr_aad = fuzzed_data_provider.ConsumeIntegral<uint64_t>();
    64+                uint32_t len = aead.DecryptLength(in.data());
    65+                len = 0; // addressing the [[nodiscard]] and otherwise unused variable
    


    maflcko commented at 6:28 am on October 9, 2021:
    0                (void)aead.DecryptLength(in.data());
    

    Does this not work?


    dhruv commented at 4:50 am on October 10, 2021:

    That does indeed work. Thank you.

    I’ve updated the commit in PR #20962 (where it originally belongs) and also here(this PR is based off that one).

  10. DrahtBot commented at 7:00 pm on October 9, 2021: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    Concept ACK stratospher

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #27534 (rpc: add ‘getnetmsgstats’, new rpc to view network message statistics by satsie)
    • #27530 (Remove now-unnecessary poll, fcntl includes from net(base).cpp by Empact)
    • #27479 (BIP324: ElligatorSwift integrations by sipa)
    • #27411 (p2p: Restrict self-advertisements with privacy networks to avoid fingerprinting by mzumsande)
    • #27407 (net, refactor: Privatise CNode send queue by dergoegge)
    • #27385 (net, refactor: extract Network and BIP155Network logic to node/network by jonatack)
    • #26684 (bench: add readblock benchmark by andrewtoth)
    • #26593 (tracing: Only prepare tracepoint arguments when actually tracing by 0xB10C)
    • #25572 (refactor: Introduce EvictionManager and use it for the inbound eviction logic by dergoegge)
    • #25268 (refactor: Introduce EvictionManager by dergoegge)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  11. dhruv force-pushed on Oct 10, 2021
  12. dhruv commented at 4:51 am on October 10, 2021: contributor
    Addressed #23233 (review) - ready for further review.
  13. DrahtBot added the label Needs rebase on Oct 21, 2021
  14. dhruv force-pushed on Oct 22, 2021
  15. dhruv commented at 6:24 pm on October 22, 2021: contributor
    Rebased. Ready for further review.
  16. DrahtBot removed the label Needs rebase on Oct 22, 2021
  17. in src/net.cpp:776 in a53a06cc75 outdated
    772+    if (m_hdr_pos < CHACHA20_POLY1305_AEAD_AAD_LEN) {
    773+        return copy_bytes;
    774+    }
    775+
    776+    // we got the AAD bytes at this point (3 bytes encrypted packet length)
    777+    // we keep the sequence numbers unchanged at this point. Once the message is authenticated and decrypted, we increase the sequence numbers (or the aad_pos)
    


    stratospher commented at 4:44 am on November 5, 2021:

    This comment can be removed since it’s related to the AEAD cipher suite implementation and doesn’t play a role here.


    dhruv commented at 0:28 am on November 9, 2021:
    Good find. Removed.
  18. in src/net.cpp:780 in a53a06cc75 outdated
    776+    // we got the AAD bytes at this point (3 bytes encrypted packet length)
    777+    // we keep the sequence numbers unchanged at this point. Once the message is authenticated and decrypted, we increase the sequence numbers (or the aad_pos)
    778+    m_message_size = m_aead->DecryptLength((const uint8_t*)vRecv.data());
    779+
    780+    // reject messages larger than MAX_SIZE
    781+    if (m_message_size > MAX_SIZE) {
    


    stratospher commented at 4:51 am on November 5, 2021:
    This will need to be updated to be consistent with the BIP since MAX_SIZE is 2^25 bytes.

    dhruv commented at 0:29 am on November 9, 2021:
    Thanks for the catch. Fixed.
  19. in src/net.cpp:807 in a53a06cc75 outdated
    803+    m_data_pos += copy_bytes;
    804+
    805+    return copy_bytes;
    806+}
    807+
    808+std::optional<CNetMessage> V2TransportDeserializer::GetMessage(std::chrono::microseconds time, uint32_t& out_err_raw_size)
    


    stratospher commented at 5:33 am on November 5, 2021:
    This function can be modified to keep it’s format consistent with the v1 GetMessage since #22735 got merged.

    dhruv commented at 0:29 am on November 9, 2021:
    Done. Rebased with master.
  20. in src/net.cpp:886 in a53a06cc75 outdated
    882+        // message command without an assigned short-ID
    883+        assert(msg.m_type.size() <= NET_P2P_V2_CMD_MAX_CHARS_SIZE);
    884+        // encode as varstr, max 12 chars
    885+        serialized_command_size = ::GetSerializeSize(msg.m_type, PROTOCOL_VERSION);
    886+    }
    887+    // prepare the packet length that will later be encrypted and part of the MAC (AD)
    


    stratospher commented at 5:34 am on November 5, 2021:
    0    // prepare the packet length that will later be encrypted and part of the MAC (AAD)
    

    dhruv commented at 0:29 am on November 9, 2021:
    Done.
  21. in src/net.cpp:909 in a53a06cc75 outdated
    905+        vector_writer << msg.m_type;
    906+    }
    907+
    908+    // insert header directly into the CSerializedNetMsg data buffer (insert at begin)
    909+    // TODO: if we refactor the ChaCha20Poly1350 crypt function to allow separate buffers for
    910+    //       the AD, payload and MAC, we could avoid a insert and thus a potential reallocation
    


    stratospher commented at 5:36 am on November 5, 2021:
    0    //       the AAD, payload and MAC, we could avoid a insert and thus a potential reallocation
    

    dhruv commented at 0:29 am on November 9, 2021:
    Done.
  22. in src/net.h:388 in a53a06cc75 outdated
    383+private:
    384+    std::unique_ptr<ChaCha20Poly1305AEAD> m_aead;
    385+    const NodeId m_node_id;      // Only for logging
    386+    bool m_in_data = false;      // parsing header (false) or data (true)
    387+    uint32_t m_message_size = 0; // expected message size
    388+    CDataStream vRecv;           // received message data
    


    stratospher commented at 5:46 am on November 5, 2021:
    0    CDataStream vRecv;           // received message header and data
    

    dhruv commented at 0:31 am on November 9, 2021:
    Well, so, the term “header” doesn’t really make sense without the context of which layer we are talking about. net covers both transport and p2p(application) layers to some degree. For the transport layer, perhaps the “header” is the encrypted length. For the application layer, the p2p message type is arguably part of the “header”. I updated the comment to be clear in a different way though.
  23. in src/net.cpp:908 in a53a06cc75 outdated
    904+        // or the ASCII command string
    905+        vector_writer << msg.m_type;
    906+    }
    907+
    908+    // insert header directly into the CSerializedNetMsg data buffer (insert at begin)
    909+    // TODO: if we refactor the ChaCha20Poly1350 crypt function to allow separate buffers for
    


    stratospher commented at 5:54 am on November 5, 2021:
    0    // TODO: if we refactor the ChaCha20Poly1305 crypt function to allow separate buffers for
    

    dhruv commented at 0:32 am on November 9, 2021:
    Done.
  24. in src/net.cpp:809 in a53a06cc75 outdated
    805+    return copy_bytes;
    806+}
    807+
    808+std::optional<CNetMessage> V2TransportDeserializer::GetMessage(std::chrono::microseconds time, uint32_t& out_err_raw_size)
    809+{
    810+    // In v2, vRecv contains the encrypted payload plus the MAC tag (1+bytes serialized message command + ? bytes message payload + 16 byte mac tag)
    


    stratospher commented at 6:08 am on November 5, 2021:
    0    // In v2, vRecv contains the AAD, encrypted payload plus the MAC tag (3 byte AAD + 1+bytes serialized message command + ? bytes message payload + 16 byte mac tag)
    

    dhruv commented at 0:32 am on November 9, 2021:
    Done.
  25. in src/test/net_tests.cpp:745 in 1820cdfa18 outdated
    740+            Span<const uint8_t> span_header(serialized_header.data(), serialized_header.size());
    741+            if (serialized_header.size() > 0) read_bytes += deserializer->Read(span_header);
    742+            //  second: read the encrypted payload (if required)
    743+            Span<const uint8_t> span_msg(msg.data.data(), msg.data.size());
    744+            if (msg.data.size() > 0) read_bytes += deserializer->Read(span_msg);
    745+            if (msg.data.size() > read_bytes && msg.data.size() - read_bytes > 0) {
    


    stratospher commented at 6:10 am on November 5, 2021:
    0            if (msg.data.size() > read_bytes) {
    

    dhruv commented at 0:32 am on November 9, 2021:
    Oh, that was quite silly. Thanks for reviewing closely. Done.
  26. in src/test/net_tests.cpp:753 in 1820cdfa18 outdated
    748+            }
    749+            BOOST_CHECK(deserializer->Complete());
    750+            BOOST_CHECK_EQUAL(read_bytes, msg.data.size() + serialized_header.size());
    751+            // message must be complete
    752+            uint32_t out_err_raw_size{0};
    753+            std::optional<CNetMessage> result{deserializer->GetMessage(GetTime<std::chrono::microseconds>(), out_err_raw_size)};
    


    stratospher commented at 6:18 am on November 5, 2021:

    This can be updated to keep it consistent with 22735’s change.

    0            bool reject_message{false};
    1            CNetMessage result{deserializer->GetMessage(GetTime<std::chrono::microseconds>(), reject_message)};
    

    dhruv commented at 0:32 am on November 9, 2021:
    Done.
  27. in src/test/fuzz/p2p_v2_transport_serialization.cpp:30 in 757d68c0f3 outdated
    25+            break;
    26+        }
    27+        if (deserializer.Complete()) {
    28+            const std::chrono::microseconds m_time{std::numeric_limits<int64_t>::max()};
    29+            uint32_t out_err_raw_size{0};
    30+            std::optional<CNetMessage> result{deserializer.GetMessage(m_time, out_err_raw_size)};
    


    stratospher commented at 6:21 am on November 5, 2021:
    0            bool reject_message{false};
    1            CNetMessage result{deserializer.GetMessage(m_time, reject_message)};
    

    Here also.


    dhruv commented at 0:32 am on November 9, 2021:
    Done.
  28. stratospher commented at 6:38 am on November 5, 2021: contributor

    Concept ACK ab5b49d. This PR nicely implements the v2 transport serialisation and deserialisation process.

    • 4be7638
      • To introduce short-IDs, allNetMessageTypes[] is represented as a map and functions to convert short-ID to a message and vice versa are added. Verified that changes don’t need to be made to other files due to this commit.
    • a53a06c
      • The v2TransportDeserializer contains:
        • readHeader() : copies the header from msg_bytes to location in vRecv[] which is addressed by m_hdr_pos. After the entire header is read, it switches to read message data mode(m_in_data = true).
        • readData() : copies the data from msg_bytes to location in vRecv[] which is addressed by CHACHA20_POLY1305_AEAD_AAD_LEN + m_data_pos. vRecv[] is resized to at max 256 KiB forward if there’s no space to hold msg_bytes.
        • GetMessage() : performs decryption of vRecv[] and chops off the AAD and MAC tag if successful decryption occurs. It reads the first byte of the payload in size_or_shortid. If size_or_shortid is a number between 1 and 12, then it’s a string command and the next size_or_shortid bytes is read into command_name. If size_or_shortid is larger than 12, then it’s a Message-Type-ID and if it’s string mapping is found, it’s stored in command_name. Otherwise the size_or_shortid is appended with the prefix ‘unknown’ and stored in command_name. CNetMessage msg is constructed and returned.
      • The v2TransportSerializer contains:
        • prepareForTransport() : prepares the CSerializedNetMsg msg for serialisation. serialized_command_size is used to store the size of short id (1 byte) or the size of message command string if short id isn’t assigned. packet_length contains the length of the message type id and payload which is stored in a LE representation in serialized_header. The short id/ command string is also appended to it. serialized_header is then inserted into the beginning of msg buffer. Encryption is performed on msg and returns true when successful.
  29. ryihan approved
  30. dhruv force-pushed on Nov 9, 2021
  31. dhruv commented at 0:28 am on November 9, 2021: contributor
    Rebased to bring in changes from #22735, and addressed comments from @stratospher (Thank you!). Ready for further review.
  32. in src/net.cpp:965 in 286c0b881f outdated
    859+        Reset();
    860+        reject_message = true;
    861+    } else if (!valid_checksum) {
    862+        LogPrint(BCLog::NET, "DECRYPTION INVALID MAC, peer=%d\n", m_node_id);
    863+        Reset();
    864+        reject_message = true;
    


    dhruv commented at 4:45 pm on November 17, 2021:
    Note for myself: This should result in a dropped connection, not just a rejected message.

    dhruv commented at 11:29 pm on November 23, 2021:
    Done.
  33. dhruv force-pushed on Nov 23, 2021
  34. dhruv commented at 11:29 pm on November 23, 2021: contributor
    Pushed changes to enforce connection termination upon finding an invalid mac tag. Ready for further review.
  35. dhruv force-pushed on Dec 5, 2021
  36. dhruv commented at 4:33 pm on December 5, 2021: contributor

    @stratospher found a couple crashing fuzz seeds. They were occurring because the fuzz test allowed for a mac_assist to be provided even if the length was not assisted. And when that happens, the test assertion for a valid mac tag would fail.

    Rebased with master due to unrelated tests failing on CI.

    Ready for further review.

  37. in src/protocol.cpp:49 in 6f819714a3 outdated
    45@@ -46,46 +46,44 @@ const char *CFCHECKPT="cfcheckpt";
    46 const char *WTXIDRELAY="wtxidrelay";
    47 } // namespace NetMsgType
    48 
    49-/** All known message types. Keep this in the same order as the list of
    50+/** All known message types including the short-ID. Keep this in the same order as the list of
    


    laanwj commented at 4:17 pm on December 17, 2021:
    Please add a reference in the doc-comment that these are defined in BIP324, section Message-Type-ID.

    dhruv commented at 4:47 am on January 21, 2022:
    Done.
  38. in src/protocol.cpp:86 in 6f819714a3 outdated
    119+    {39, NetMsgType::CFILTER},
    120+    {40, NetMsgType::GETCFHEADERS},
    121+    {41, NetMsgType::CFHEADERS},
    122+    {42, NetMsgType::GETCFCHECKPT},
    123+    {43, NetMsgType::CFCHECKPT},
    124+    {44, NetMsgType::WTXIDRELAY}};
    


  39. in src/test/crypto_tests.cpp:641 in 6f819714a3 outdated
    678-        if (aad_pos + CHACHA20_POLY1305_AEAD_AAD_LEN > CHACHA20_ROUND_OUTPUT) {
    679-            aad_pos = 0;
    680-            seqnr_aad++;
    681-        }
    682+        // compare at iteration 999 against the test vector
    683+        if (i == 999) BOOST_CHECK(memcmp(ciphertext_buf.data(), expected_ciphertext_and_mac_sequence999.data(), expected_ciphertext_and_mac_sequence999.size()) == 0);
    


    laanwj commented at 4:43 pm on December 17, 2021:
    Isn’t comparing at the end of the last iteration essentially the same as moving this outside the loop?

    dhruv commented at 4:47 am on January 21, 2022:
    Nice suggestion. Done in #20962(where the commit belongs) and brought in here.
  40. in src/test/fuzz/p2p_v2_transport_serialization.cpp:28 in 6f819714a3 outdated
    23+    V2TransportSerializer serializer{k1, k2};
    24+    FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
    25+
    26+    bool length_assist = fuzzed_data_provider.ConsumeBool();
    27+
    28+    // There is no sense is providing a mac assist if the length is incorrect.
    


    laanwj commented at 5:35 pm on December 17, 2021:
    Typo in comment

    dhruv commented at 4:47 am on January 21, 2022:
    Done.
  41. in src/test/fuzz/p2p_v2_transport_serialization.cpp:36 in 6f819714a3 outdated
    31+
    32+    if (payload_bytes.size() >= CHACHA20_POLY1305_AEAD_AAD_LEN + CHACHA20_POLY1305_AEAD_TAG_LEN) {
    33+        if (length_assist) {
    34+            uint32_t packet_length = payload_bytes.size() - CHACHA20_POLY1305_AEAD_AAD_LEN - CHACHA20_POLY1305_AEAD_TAG_LEN;
    35+            packet_length = htole32(packet_length);
    36+            memcpy(payload_bytes.data(), &packet_length, 3);
    


    laanwj commented at 5:37 pm on December 17, 2021:
    Please use our own WriteLE32 here instead of htole32 and memcmp directly

    dhruv commented at 4:50 am on January 21, 2022:

    I might be missing something, but, wouldn’t WriteLE32 here mean that the fourth byte (which is the first byte in the ciphertext payload) would be written over. Is there a way for me to use WriteLE32 only for 3 bytes?

    I guess that is still deterministic, so the fuzz test would work, but I’m not sure if it will work against the fuzzing engine.


    laanwj commented at 8:55 am on January 21, 2022:

    Oh you’re right, here you see how easy it is to miss a off-by-one like that with memcpy! Never mind my comment. What about writing it out explicitly?

    0payload_bytes.data[0] = packet_length & 0xff;
    1payload_bytes.data[1] = (packet_length >> 8) & 0xff;
    2payload_bytes.data[2] = (packet_length >> 16) & 0xff;
    

    dhruv commented at 5:40 pm on January 21, 2022:
    Done!
  42. in src/protocol.h:278 in 6f819714a3 outdated
    274+ *   returns the short ID for a message type (if known) */
    275+std::optional<uint8_t> GetShortIDFromMessageType(const std::string& message_type);
    276+
    277+/** returns the message type (string) from a short ID
    278+ * returns an empty string if short ID has not been found */
    279+bool GetMessageTypeFromShortID(const uint8_t shortID, std::string& message_type);
    


    laanwj commented at 5:46 pm on December 17, 2021:
    Would prefer to return a std::optional<std::string> instead of a separate bool and output argument (more symmetrical with GetShortIDFromMessageType as well).

    dhruv commented at 4:50 am on January 21, 2022:
    Nice suggestion. Done!
  43. in src/crypto/chacha_poly_aead.cpp:69 in 6f819714a3 outdated
    73+ChaCha20Forward4064::~ChaCha20Forward4064()
    74+{
    75+    memory_cleanse(m_keystream, KEYSTREAM_SIZE);
    76+}
    77+
    78+ChaCha20Poly1305AEAD::ChaCha20Poly1305AEAD(const unsigned char* K_1,
    


    laanwj commented at 5:50 pm on December 17, 2021:
    Could use Span instead of `const unsigned char*, size_t`` pairs (here and in some other places)

    dhruv commented at 4:50 am on January 21, 2022:
    This had been on my list for far too long. Thanks for the nudge. Done in #20962 and brought in here. (First commit is a separate PR #20962 and this PR builds on it).
  44. in src/protocol.cpp:230 in 6f819714a3 outdated
    222@@ -225,3 +223,23 @@ GenTxid ToGenTxid(const CInv& inv)
    223     assert(inv.IsGenTxMsg());
    224     return inv.IsMsgWtx() ? GenTxid::Wtxid(inv.hash) : GenTxid::Txid(inv.hash);
    225 }
    226+
    227+std::optional<uint8_t> GetShortIDFromMessageType(const std::string& message_type)
    228+{
    229+    for (const std::pair<uint8_t, std::string> entry : allNetMessageTypes) {
    230+        if (entry.second == message_type) {
    


    laanwj commented at 5:56 pm on December 17, 2021:
    Is a linear iteration fast enough here? Or would it be better to build a hash table the other way around as well?

    dhruv commented at 4:51 am on January 21, 2022:
    Doesn’t hurt! Done.
  45. in src/crypto/chacha_poly_aead.h:99 in 6f819714a3 outdated
    152+ * (using the ChaCha20 stream keyed with K_2) and append it to the encrypted
    153+ * length. Finally, calculate a MAC tag (using poly1305 key from stream keyed with K_1)
    154+ * and append it.
    155  */
    156 
    157+const int KEYSTREAM_SIZE = 4096;
    


    laanwj commented at 6:05 pm on December 17, 2021:
    Why an int not a size_t?

    dhruv commented at 4:51 am on January 21, 2022:
    Done.
  46. in src/net.cpp:114 in 6f819714a3 outdated
    109@@ -107,6 +110,8 @@ const std::string NET_MESSAGE_COMMAND_OTHER = "*other*";
    110 static const uint64_t RANDOMIZER_ID_NETGROUP = 0x6c0edd8036ef4036ULL; // SHA256("netgroup")[0:8]
    111 static const uint64_t RANDOMIZER_ID_LOCALHOSTNONCE = 0xd93e69e2bbfa5735ULL; // SHA256("localhostnonce")[0:8]
    112 static const uint64_t RANDOMIZER_ID_ADDRCACHE = 0x1cf2e4ddd306dda9ULL; // SHA256("addrcache")[0:8]
    113+
    114+static constexpr uint8_t NET_P2P_V2_CMD_MAX_CHARS_SIZE = 12; //maximal length for V2 (BIP324) string message commands
    


    laanwj commented at 6:07 pm on December 17, 2021:
    comment: missing space after //

    dhruv commented at 4:51 am on January 21, 2022:
    Done.
  47. in src/net.cpp:798 in 6f819714a3 outdated
    790@@ -776,7 +791,160 @@ CNetMessage V1TransportDeserializer::GetMessage(const std::chrono::microseconds
    791     return msg;
    792 }
    793 
    794-void V1TransportSerializer::prepareForTransport(CSerializedNetMsg& msg, std::vector<unsigned char>& header) {
    795+int V2TransportDeserializer::readHeader(Span<const uint8_t> msg_bytes)
    796+{
    797+    // copy data to temporary parsing buffer
    798+    const unsigned int remaining = CHACHA20_POLY1305_AEAD_AAD_LEN - m_hdr_pos;
    799+    const unsigned int copy_bytes = std::min<unsigned int>(remaining, msg_bytes.size());
    


    laanwj commented at 6:15 pm on December 17, 2021:
    Any reason to use unsigned int for offsets/sizes here and in readData instead of size_t?

    dhruv commented at 4:51 am on January 21, 2022:
    That’s a good idea. Done.
  48. in src/net.cpp:878 in 6f819714a3 outdated
    864+        uint8_t size_or_shortid = 0;
    865+        try {
    866+            vRecv >> size_or_shortid;
    867+        } catch (const std::ios_base::failure&) {
    868+            LogPrint(BCLog::NET, "Invalid message type, peer=%d\n", m_node_id);
    869+            reject_message = true;
    


    laanwj commented at 6:22 pm on December 17, 2021:
    So in this case, size_or_shortid will stay at 0, and it can simply continue below?

    dhruv commented at 4:52 am on January 21, 2022:
    Yes. It makes some of the invariants about msg below hold and that makes fuzz testing easier. The client of this function is expected to reject the message in this case.

    laanwj commented at 11:35 am on January 21, 2022:
    Thanks, clear.
  49. laanwj removed the label Build system on Dec 17, 2021
  50. laanwj commented at 6:23 pm on December 17, 2021: member
    Left some comments
  51. dhruv force-pushed on Jan 21, 2022
  52. dhruv commented at 4:53 am on January 21, 2022: contributor

    Thank you for the review, @laanwj. Comments addressed. I ended up rebasing against master due to a local issue.

    Ready for further review.

  53. dhruv force-pushed on Jan 21, 2022
  54. dhruv commented at 5:41 pm on January 21, 2022: contributor

    Pushed to address #23233 (review)

    Ready for further review.

  55. DrahtBot added the label Needs rebase on Jan 24, 2022
  56. dhruv force-pushed on Jan 24, 2022
  57. dhruv commented at 7:41 pm on January 24, 2022: contributor
    Rebased. Ready for further review.
  58. DrahtBot removed the label Needs rebase on Jan 24, 2022
  59. DrahtBot added the label Needs rebase on Jan 31, 2022
  60. dhruv force-pushed on Feb 2, 2022
  61. dhruv commented at 2:49 am on February 2, 2022: contributor

    Rebased. Ready for further review.

    git range-diff 02e1d8d06f a999f11 ed5f00d

  62. DrahtBot removed the label Needs rebase on Feb 2, 2022
  63. dhruv force-pushed on Feb 10, 2022
  64. dhruv commented at 2:28 am on February 10, 2022: contributor

    Update to bring in #24253. Please review with: git range-diff 5e8e0b3d7f ed5f00d d7afc96

    Ready for further review.

  65. dhruv force-pushed on Feb 23, 2022
  66. dhruv commented at 1:47 am on February 23, 2022: contributor

    Updated code due to bug found while fuzzing and testing a new BIP324 PR which is WIP. Please review diff with: git range-diff refs/heads/master d7afc96 HEAD

    Ready for further review.

  67. DrahtBot added the label Needs rebase on Mar 3, 2022
  68. dhruv force-pushed on Mar 10, 2022
  69. DrahtBot removed the label Needs rebase on Mar 10, 2022
  70. dhruv commented at 1:00 am on March 11, 2022: contributor
    Rebased. Ready for further review.
  71. dhruv force-pushed on Mar 21, 2022
  72. dhruv commented at 8:13 pm on March 21, 2022: contributor
    Bringing in upstream changes from #20962. Ready for further review.
  73. DrahtBot added the label Needs rebase on Apr 8, 2022
  74. dhruv force-pushed on Apr 9, 2022
  75. dhruv commented at 3:46 pm on April 9, 2022: contributor

    Rebased. git range-diff e0680bbce 8264b14 92c51da7d.

    Ready for further review.

  76. DrahtBot removed the label Needs rebase on Apr 9, 2022
  77. Thurabochit referenced this in commit 3e10fc3722 on Apr 11, 2022
  78. DrahtBot added the label Needs rebase on May 5, 2022
  79. dhruv force-pushed on Jun 30, 2022
  80. dhruv commented at 4:17 am on June 30, 2022: contributor
    Changes incorporate latest working group changes and leverage #25361. Rebased with master. Ready for further review.
  81. dhruv force-pushed on Jun 30, 2022
  82. dhruv commented at 4:48 am on June 30, 2022: contributor
    Re-pushed to force CI to run (it was trying to checkout old git objects and failing repeatedly). Ready for further review.
  83. DrahtBot removed the label Needs rebase on Jun 30, 2022
  84. dhruv force-pushed on Jul 6, 2022
  85. dhruv commented at 7:45 pm on July 6, 2022: contributor
    Updated to reflect upstream correction in #25361.
  86. DrahtBot added the label Needs rebase on Jul 20, 2022
  87. dhruv force-pushed on Jul 22, 2022
  88. dhruv commented at 1:54 pm on July 22, 2022: contributor
    Rebased. Ready for further review.
  89. dhruv force-pushed on Jul 22, 2022
  90. dhruv commented at 1:59 pm on July 22, 2022: contributor
    Amended a commit description to force push again as CI would not trigger. No code changes. Ready for further review.
  91. DrahtBot removed the label Needs rebase on Jul 22, 2022
  92. DrahtBot added the label Needs rebase on Aug 30, 2022
  93. dhruv force-pushed on Sep 11, 2022
  94. dhruv commented at 8:24 pm on September 11, 2022: contributor

    Modified code to bring in upstream interface changes from #25361 and exposed the BIP324CipherSuite AAD via the V2TransportSerializer and V2TransportDeserializerclasses to facilitate the authentication of the garbage bytes in the shapable handshake.

    Ready for further review.

  95. DrahtBot removed the label Needs rebase on Sep 11, 2022
  96. DrahtBot added the label Needs rebase on Sep 25, 2022
  97. dhruv force-pushed on Sep 29, 2022
  98. dhruv commented at 4:38 am on September 29, 2022: contributor

    Latest push:

    • Rebased
    • Bring in upstream PR #25361 which was updated
    • New nomenclature to correspond to latest working group draft
  99. DrahtBot removed the label Needs rebase on Sep 29, 2022
  100. dhruv force-pushed on Oct 1, 2022
  101. dhruv commented at 6:29 am on October 1, 2022: contributor

    Latest push:

    • Nomenclature update
    • Encrypted length is now len(contents) instead of len(header) + len(contents)
    • Rekey salt is now 23 bytes instead of 32 bytes to save on SHA256 compression upon rekey event
    • Bring in upstream changes
  102. DrahtBot added the label Needs rebase on Oct 17, 2022
  103. in src/protocol.h:263 in 8a1901cc6d outdated
    260@@ -261,7 +261,16 @@ extern const char* WTXIDRELAY;
    261 }; // namespace NetMsgType
    262 
    263 /* Get a vector of all valid message types (see above) */
    


    stratospher commented at 6:29 pm on October 17, 2022:
    8a1901cc: s/vector/map also in the comments.

    dhruv commented at 5:47 am on October 21, 2022:
    Fixed.
  104. in src/net.cpp:835 in 1f22117fa8 outdated
    811@@ -797,7 +812,7 @@ CNetMessage V1TransportDeserializer::GetMessage(const std::chrono::microseconds
    812     return msg;
    813 }
    814 
    815-void V1TransportSerializer::prepareForTransport(CSerializedNetMsg& msg, std::vector<unsigned char>& header) const
    816+bool V1TransportSerializer::prepareForTransport(CSerializedNetMsg& msg, std::vector<unsigned char>& header) const
    


    stratospher commented at 6:37 pm on October 17, 2022:
    1f22117: it’d be easier to understand if we renamed header to transport_header.

    dhruv commented at 5:46 am on October 21, 2022:
    Going to keep this as-is for now as it’d be less confusing for v2 and perhaps more confusing for v1.
  105. dhruv force-pushed on Oct 21, 2022
  106. dhruv commented at 5:45 am on October 21, 2022: contributor
    Rebased. Addressed a comment from @stratospher.
  107. DrahtBot removed the label Needs rebase on Oct 21, 2022
  108. DrahtBot added the label Needs rebase on Nov 19, 2022
  109. DrahtBot removed the label Needs rebase on Nov 21, 2022
  110. dhruv force-pushed on Nov 23, 2022
  111. dhruv commented at 5:11 am on November 23, 2022: contributor
    Bringing in upstream rebase (#26153)
  112. DrahtBot added the label Needs rebase on Nov 30, 2022
  113. dhruv force-pushed on Dec 15, 2022
  114. dhruv commented at 4:52 pm on December 15, 2022: contributor

    Latest push:

    • Rebased upstream changes
    • Upstream changes include a new rekey ratchet mechanism (forward security) based on ChaCha20 instead of SHA256. BIP changes are WIP and coming soon.
  115. DrahtBot removed the label Needs rebase on Dec 15, 2022
  116. DrahtBot added the label Needs rebase on Dec 25, 2022
  117. dhruv force-pushed on Jan 12, 2023
  118. dhruv commented at 7:10 pm on January 12, 2023: contributor
    Rebased
  119. DrahtBot removed the label Needs rebase on Jan 12, 2023
  120. dhruv force-pushed on Jan 23, 2023
  121. dhruv commented at 10:12 pm on January 23, 2023: contributor
    Rebased changes from #26153
  122. dhruv force-pushed on Feb 2, 2023
  123. dhruv commented at 6:27 am on February 2, 2023: contributor
    Rebased. Brought in upstream changes.
  124. DrahtBot added the label Needs rebase on Feb 15, 2023
  125. RFC8439 nonce and counter for ChaCha20 8e04f058a4
  126. RFC8439 implementation and tests 7a9d2fb8cf
  127. Adding forward secure FSChaCha20 acd664e805
  128. dhruv force-pushed on Feb 21, 2023
  129. dhruv commented at 3:34 am on February 21, 2023: contributor
    Rebased.
  130. DrahtBot removed the label Needs rebase on Feb 21, 2023
  131. dhruv force-pushed on Mar 8, 2023
  132. dhruv commented at 3:26 pm on March 8, 2023: contributor

    Latest push:

    • Implemented changes from https://github.com/bitcoin/bips/pull/1428 involving fixed length message type ids (there’s also a relevant discussion on the ML)
    • While implementing it, I found a bug in the arm of code that serialized/deserialized message types without assigned short ids. That branch of code was previously unexercised by any tests. This is no longer the case.
  133. BIP324 Cipher Suite 187761fc8a
  134. Allow for RFC8439 AD in cipher suite interface 8405856ed9
  135. Merge branch 'bip324-cipher-suite' into bip324-net-v2 0c3c7ab105
  136. Add BIP324 short-IDs to protocol.cpp
    Co-authored-by: Jonas Schnelli <dev@jonasschnelli.ch>
    9d9c46f702
  137. Add BIP324 v2 transport serializer and deserializer
    Co-authored-by: Jonas Schnelli <dev@jonasschnelli.ch>
    c32329c47a
  138. fuzz: Add fuzz test for v2 transport {de}serialization 16eeb431eb
  139. Expose BIP324CipherSuite AAD via transport classes f01955687f
  140. dhruv force-pushed on Mar 21, 2023
  141. dhruv commented at 4:01 am on March 21, 2023: contributor

    Latest push:

    • Upstream changes from #25361
    • Rebased
  142. fanquake commented at 11:11 am on May 6, 2023: member
    Closing for now. This will be picked up again later. BIP324 review attention should be directed towards #27479 and https://github.com/bitcoin-core/secp256k1/pull/1129.
  143. fanquake closed this on May 6, 2023

  144. bitcoin locked this on May 5, 2024

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-18 18:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me