From a4dbcbaf4b54a7e82533f671ab9a7064feb0ee71 Mon Sep 17 00:00:00 2001 From: Bryan Newbold Date: Mon, 30 Oct 2017 22:52:36 -0700 Subject: notes on debugging crypto/hashing --- notes/crypto/ipython_log.py | 44 +++++++++++++ notes/crypto/notes.txt | 151 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 195 insertions(+) create mode 100644 notes/crypto/ipython_log.py create mode 100644 notes/crypto/notes.txt diff --git a/notes/crypto/ipython_log.py b/notes/crypto/ipython_log.py new file mode 100644 index 0000000..91f0403 --- /dev/null +++ b/notes/crypto/ipython_log.py @@ -0,0 +1,44 @@ +# IPython log file + +import pysodium +import base64 +import pyblake2 + +pub_key = "yx6NZfPGJC25C/2ZrMr0eTDqP/bIUvtQyqpUjJzcuLc=" +base64.b16encode(base64.b64decode(pub_key)).lower() +pub_key = base64.b64decode(pub_key) +secret_key = "qzvSkJMQeWw2rGb4W+xbGNTgk5dEkiViOtq5niOkEiTLHo1l88YkLbkL/ZmsyvR5MOo/9shS+1DKqlSMnNy4tw==" +base64.b16encode(base64.b64decode(secret_key)).lower() +secret_key = base64.b64decode(secret_key) + +h = pyblake2.blake2b(data=b"hypercore", key=pub_key, digest_size=32) +h.hexdigest() + +base64.b16encode(bytearray([43, 235, 230, 134, 54, 24, 197, 134, 8, 109, 37, 32, 170, 13, 19, 218, 102, 107, 0, 46, 90, 210, 177, 98, 35, 161, 91, 193, 85, 134, 241, 228, 0, 0, 0, 0, 0, 0, 0, 204])).lower() + +h = pyblake2.blake2b(digest_size=32) +h.update([2]) +h.update(bytearray([0x02])) +h.update(base64.b16decode("67179c243b387b7c7c420bd7bdc69d35c061b979bb365f9cc07b4527eeddeefa".upper())) +h.update(bytearray([0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00])) +h.update(bytearray([0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x42])) +h.hexdigest() + +base64.b16encode(pysodium.crypto_sign_detached(h.digest(), secret_key)).lower() + +h = pyblake2.blake2b(digest_size=32) +h.update(bytearray([0x02])) +h.update(base64.b16decode("ab27d45f509274ce0d08f4f09ba2d0e0d8df61a0c2a78932e81b5ef26ef398df".upper())) +h.update(bytearray([0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00])) +h.update(bytearray([0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01])) +h.hexdigest() + +sk = base64.b16decode("53729c0311846cca9cc0eded07aaf9e6689705b6a0b1bb8c3a2a839b72fda3839718a1ff1c4ca79feac551c0c7212a65e4091278ec886b88be01ee4039682238".upper()) +base64.b16encode(pysodium.crypto_sign_detached(h.digest(), sk)).lower() + +lh = pyblake2.blake2b(digest_size=32) +lh.update(bytearray([0x00])) +lh.update(bytearray([0, 0, 0, 0, 0, 0, 0, 1])) +hex(ord('a')) +lh.update(bytearray([0x61])) +lh.hexdigest() diff --git a/notes/crypto/notes.txt b/notes/crypto/notes.txt new file mode 100644 index 0000000..023aaf6 --- /dev/null +++ b/notes/crypto/notes.txt @@ -0,0 +1,151 @@ + +libsodium Ed25519 keys, Blake2b 32-bit hashes + +====== simple + +bnewbold@orithena$ cat test-data/dat/simple/.dat/content.key | base64 +BnlFLuVBAS6rYID8wUCmIS/O85v/jJ9i7ousH16C0r0= + + +metadata pub: + len_bytes: 32 + hex: cb1e8d65f3c6242db90bfd99accaf47930ea3ff6c852fb50caaa548c9cdcb8b7 + base64: yx6NZfPGJC25C/2ZrMr0eTDqP/bIUvtQyqpUjJzcuLc= + +metadata secret: + len_bytes: 64 + file: ~/.dat/secret_keys/bf/feaefe7cb34458e11ecb1e38b67b5f93eafce2bd7a286db229a87f0384e61c + hex: ab3bd2909310796c36ac66f85bec5b18d4e09397449225623adab99e23a41224cb1e8d65f3c6242db90bfd99accaf47930ea3ff6c852fb50caaa548c9cdcb8b7 + base64: qzvSkJMQeWw2rGb4W+xbGNTgk5dEkiViOtq5niOkEiTLHo1l88YkLbkL/ZmsyvR5MOo/9shS+1DKqlSMnNy4tw== + +discovery key: + len_bytes: 32 + hex: bffeaefe7cb34458e11ecb1e38b67b5f93eafce2bd7a286db229a87f0384e61c + +content pub: + len_bytes: 32 + hex: 0679452ee541012eab6080fcc140a6212fcef39bff8c9f62ee8bac1f5e82d2bd + base64: BnlFLuVBAS6rYID8wUCmIS/O85v/jJ9i7ousH16C0r0= + +content secret: + len_bytes: 64 + hex: c322b4918b90e53f13ab14c7e86dec7e5e7bd4128b585dac6bdf0353f8e4974f0679452ee541012eab6080fcc140a6212fcef39bff8c9f62ee8bac1f5e82d2bd + base64: wyK0kYuQ5T8TqxTH6G3sfl571BKLWF2sa98DU/jkl08GeUUu5UEBLqtggPzBQKYhL87zm/+Mn2Lui6wfXoLSvQ== + +To make a discovery key, do a "keyed" Blake2b hash of the string "hypercore" (9 +bytes, no null) using the public key. + + bnewbold@orithena$ ./target/debug/geniza-sleep file-read-all test-data/dat/simple/.dat/content.tree + 0: + debug: Ok([103, 23, 156, 36, 59, 56, 123, 124, 124, 66, 11, 215, 189, 198, 157, 53, 192, 97, 185, 121, 187, 54, 95, 156, 192, 123, 69, 39, 238, 221, 238, 250, 0, 0, 0, 0, 0, 0, 0, 66]) + hex: 67179c243b387b7c7c420bd7bdc69d35c061b979bb365f9cc07b4527eeddeefa0000000000000042 + 1: + debug: Ok([43, 235, 230, 134, 54, 24, 197, 134, 8, 109, 37, 32, 170, 13, 19, 218, 102, 107, 0, 46, 90, 210, 177, 98, 35, 161, 91, 193, 85, 134, 241, 228, 0, 0, 0, 0, 0, 0, 0, 204]) + hex: 2bebe6863618c586086d2520aa0d13da666b002e5ad2b16223a15bc15586f1e400000000000000cc + 2: + debug: Ok([163, 78, 52, 182, 129, 66, 214, 34, 130, 211, 196, 230, 152, 173, 250, 133, 82, 164, 113, 127, 75, 106, 60, 76, 179, 136, 210, 137, 113, 45, 233, 250, 0, 0, 0, 0, 0, 0, 0, 138]) + hex: a34e34b68142d62282d3c4e698adfa8552a4717f4b6a3c4cb388d289712de9fa000000000000008a + +Signature file should be 64 byte each: + + bnewbold@orithena$ ./target/debug/geniza-sleep file-read-all test-data/dat/simple/.dat/content.signatures + 0: + debug: Ok([235, 70, 69, 206, 179, 128, 50, 76, 255, 139, 94, 124, 133, 55, 170, 130, 46, 139, 101, 250, 234, 52, 122, 184, 195, 40, 149, 95, 215, 220, 160, 39, 99, 173, 22, 146, 226, 165, 213, 245, 57, 186, 81, 45, 159, 218, 248, 109, 140, 172, 99, 57, 155, 180, 128, 17, 181, 220, 90, 22, 238, 78, 81, 1]) + hex: eb4645ceb380324cff8b5e7c8537aa822e8b65faea347ab8c328955fd7dca02763ad1692e2a5d5f539ba512d9fdaf86d8cac63399bb48011b5dc5a16ee4e5101 + 1: + debug: Ok([53, 69, 157, 171, 205, 82, 230, 197, 158, 124, 63, 2, 46, 165, 192, 24, 86, 33, 58, 126, 220, 80, 116, 202, 6, 194, 40, 108, 160, 63, 63, 245, 248, 171, 2, 76, 207, 153, 236, 176, 192, 193, 17, 45, 64, 246, 160, 228, 9, 120, 117, 115, 209, 34, 91, 117, 210, 82, 15, 238, 21, 160, 151, 9]) + hex: 35459dabcd52e6c59e7c3f022ea5c01856213a7edc5074ca06c2286ca03f3ff5f8ab024ccf99ecb0c0c1112d40f6a0e409787573d1225b75d2520fee15a09709 + + +Paper says: + + Ed25519 sign( + BLAKE2b( + <1 byte> 2 // root type + for (every root node left-to-right) { + <32 byte root hash> + <8 byte Uint64BE root tree index> + <8 byte Uint64BE child byte lengths> + } + ) + ) + +So, for first entry, expect: + + Ed25519 sign( + BLAKE2b ( + 02, + 67179c243b387b7c7c420bd7bdc69d35c061b979bb365f9cc07b4527eeddeefa, + 00 00 00 00 00 00 00 00, + 00 00 00 00 00 00 00 42, + ) = e589278e08886963a6010afff83f27a977fe9a8e54a404cc7f18347a5dabcb8c + ) = 0c9baeb68e8c74adc57ac4e85ffb7e4b6b66f21c821b068e6eead2889b68026c5c731bc5786c669cdf3461572fb7f32f41e8399c8ecd7e360f9fdfb39a667a05 + +For the second: + + Ed25519 sign( + BLAKE2b ( + 02, + 2bebe6863618c586086d2520aa0d13da666b002e5ad2b16223a15bc15586f1e4, + 00 00 00 00 00 00 00 01, + 00 00 00 00 00 00 00 CC, + ) = e589278e08886963a6010afff83f27a977fe9a8e54a404cc7f18347a5dabcb8c + ) = 0c9baeb68e8c74adc57ac4e85ffb7e4b6b66f21c821b068e6eead2889b68026c5c731bc5786c669cdf3461572fb7f32f41e8399c8ecd7e360f9fdfb39a667a05 + + +=========== New example from hypercore tests + +Data chunks are just 'a', 'b', 'c'. + +Public key: + 9718a1ff1c4ca79feac551c0c7212a65e4091278ec886b88be01ee4039682238 + +Secret key: + 53729c0311846cca9cc0eded07aaf9e6689705b6a0b1bb8c3a2a839b72fda3839718a1ff1c4ca79feac551c0c7212a65e4091278ec886b88be01ee4039682238 + +Tree: + 0: ab27d45f509274ce0d08f4f09ba2d0e0d8df61a0c2a78932e81b5ef26ef398df0000000000000001 + 1: 064321a8413be8c604599689e2c7a59367b031b598bceeeb16556a8f3252e0de0000000000000002 + 2: 94c17054005942a002c7c39fbb9c6183518691fb401436f1a2f329b380230af80000000000000001 + 3: 00000000000000000000000000000000000000000000000000000000000000000000000000000000 + 4: 94c17054005942a002c7c39fbb9c6183518691fb401436f1a2f329b380230af80000000000000001 + + BLAKE2b ( + 00, + 00 00 00 00 00 00 00 01, + 61, + ) = ab27d45f509274ce0d08f4f09ba2d0e0d8df61a0c2a78932e81b5ef26ef398df + +Signatures: + 0: 84684e8dd76c339d6f5754e813204906ee818e6c6cdc6a816a2ac785a3e0d926ac08641a904013194fe6121847b7dad4e361965d47715428eb0a0ededbdd5909 + 1: d037ff3c3614fa0100ed9264a712d3b77cbe7a4f6eadd8f342809be99dfb9154a19e278d7a5de7d2b4d890f7701a38b006469f6bab1aff66ac6125d48bafdc07 + 2: 11057675ed57d445ce7ed4613881be37ebc56bb40556b822e431bb4dc3517421f9a5e3ed124eb5c4db8367386d9ce12b2408613b9fec2837022772a635ffd807 + + + Ed25519 sign( + BLAKE2b ( + 02, + ab27d45f509274ce0d08f4f09ba2d0e0d8df61a0c2a78932e81b5ef26ef398df, + 00 00 00 00 00 00 00 00, + 00 00 00 00 00 00 00 01, + ) = fd09e68350db613d3afc9390abf12a7c2693d602b69012ff068251568d05887b + ) = 84684e8dd76c339d6f5754e813204906ee818e6c6cdc6a816a2ac785a3e0d926ac08641a904013194fe6121847b7dad4e361965d47715428eb0a0ededbdd5909 + +Cool! It works! + +====== alphabet + +Tree: + 0: ab27d45f509274ce0d08f4f09ba2d0e0d8df61a0c2a78932e81b5ef26ef398df0000000000000001 + 1: 064321a8413be8c604599689e2c7a59367b031b598bceeeb16556a8f3252e0de0000000000000002 + 2: 94c17054005942a002c7c39fbb9c6183518691fb401436f1a2f329b380230af80000000000000001 + + ab27d45f509274ce0d08f4f09ba2d0e0d8df61a0c2a78932e81b5ef26ef398df0000000000000001 + 588e663097be0b31a3862613f96a1826be03c4ee529f11a495d193465d42b4ab0000000000000002 <= AH HA! parent hashing + 064321a8413be8c604599689e2c7a59367b031b598bceeeb16556a8f3252e0de0000000000000002 + +Ah, the gotcha: when making parent hashes, make sure to only include child +*hashes* (32-bytes), not entire child entries (40 bytes, including lengths). + +Ah, and signatures were failing because I was passing an index to +tree_root_nodes(), not an entry_count (index+1). -- cgit v1.2.3