LCOV - code coverage report
Current view: top level - src - bip324.h (source / functions) Coverage Total Hit
Test: fuzz_coverage.info Lines: 100.0 % 5 5
Test Date: 2024-12-02 12:23:29 Functions: - 0 0
Branches: 50.0 % 8 4

             Branch data     Line data    Source code
       1                 :             : // Copyright (c) 2023 The Bitcoin Core developers
       2                 :             : // Distributed under the MIT software license, see the accompanying
       3                 :             : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
       4                 :             : 
       5                 :             : #ifndef BITCOIN_BIP324_H
       6                 :             : #define BITCOIN_BIP324_H
       7                 :             : 
       8                 :             : #include <array>
       9                 :             : #include <cstddef>
      10                 :             : #include <optional>
      11                 :             : 
      12                 :             : #include <crypto/chacha20.h>
      13                 :             : #include <crypto/chacha20poly1305.h>
      14                 :             : #include <key.h>
      15                 :             : #include <pubkey.h>
      16                 :             : #include <span.h>
      17                 :             : 
      18                 :             : /** The BIP324 packet cipher, encapsulating its key derivation, stream cipher, and AEAD. */
      19                 :             : class BIP324Cipher
      20                 :             : {
      21                 :             : public:
      22                 :             :     static constexpr unsigned SESSION_ID_LEN{32};
      23                 :             :     static constexpr unsigned GARBAGE_TERMINATOR_LEN{16};
      24                 :             :     static constexpr unsigned REKEY_INTERVAL{224};
      25                 :             :     static constexpr unsigned LENGTH_LEN{3};
      26                 :             :     static constexpr unsigned HEADER_LEN{1};
      27                 :             :     static constexpr unsigned EXPANSION = LENGTH_LEN + HEADER_LEN + FSChaCha20Poly1305::EXPANSION;
      28                 :             :     static constexpr std::byte IGNORE_BIT{0x80};
      29                 :             : 
      30                 :             : private:
      31                 :             :     std::optional<FSChaCha20> m_send_l_cipher;
      32                 :             :     std::optional<FSChaCha20> m_recv_l_cipher;
      33                 :             :     std::optional<FSChaCha20Poly1305> m_send_p_cipher;
      34                 :             :     std::optional<FSChaCha20Poly1305> m_recv_p_cipher;
      35                 :             : 
      36                 :             :     CKey m_key;
      37                 :             :     EllSwiftPubKey m_our_pubkey;
      38                 :             : 
      39                 :             :     std::array<std::byte, SESSION_ID_LEN> m_session_id;
      40                 :             :     std::array<std::byte, GARBAGE_TERMINATOR_LEN> m_send_garbage_terminator;
      41                 :             :     std::array<std::byte, GARBAGE_TERMINATOR_LEN> m_recv_garbage_terminator;
      42                 :             : 
      43                 :             : public:
      44                 :             :     /** No default constructor; keys must be provided to create a BIP324Cipher. */
      45                 :             :     BIP324Cipher() = delete;
      46                 :             : 
      47                 :             :     /** Initialize a BIP324 cipher with specified key and encoding entropy (testing only). */
      48                 :             :     BIP324Cipher(const CKey& key, Span<const std::byte> ent32) noexcept;
      49                 :             : 
      50                 :             :     /** Initialize a BIP324 cipher with specified key (testing only). */
      51                 :             :     BIP324Cipher(const CKey& key, const EllSwiftPubKey& pubkey) noexcept;
      52                 :             : 
      53                 :             :     /** Retrieve our public key. */
      54                 :        2422 :     const EllSwiftPubKey& GetOurPubKey() const noexcept { return m_our_pubkey; }
      55                 :             : 
      56                 :             :     /** Initialize when the other side's public key is received. Can only be called once.
      57                 :             :      *
      58                 :             :      * initiator is set to true if we are the initiator establishing the v2 P2P connection.
      59                 :             :      * self_decrypt is only for testing, and swaps encryption/decryption keys, so that encryption
      60                 :             :      * and decryption can be tested without knowing the other side's private key.
      61                 :             :      */
      62                 :             :     void Initialize(const EllSwiftPubKey& their_pubkey, bool initiator, bool self_decrypt = false) noexcept;
      63                 :             : 
      64                 :             :     /** Determine whether this cipher is fully initialized. */
      65   [ -  +  -  +  :        2212 :     explicit operator bool() const noexcept { return m_send_l_cipher.has_value(); }
             -  +  -  + ]
      66                 :             : 
      67                 :             :     /** Encrypt a packet. Only after Initialize().
      68                 :             :      *
      69                 :             :      * It must hold that output.size() == contents.size() + EXPANSION.
      70                 :             :      */
      71                 :             :     void Encrypt(Span<const std::byte> contents, Span<const std::byte> aad, bool ignore, Span<std::byte> output) noexcept;
      72                 :             : 
      73                 :             :     /** Decrypt the length of a packet. Only after Initialize().
      74                 :             :      *
      75                 :             :      * It must hold that input.size() == LENGTH_LEN.
      76                 :             :      */
      77                 :             :     unsigned DecryptLength(Span<const std::byte> input) noexcept;
      78                 :             : 
      79                 :             :     /** Decrypt a packet. Only after Initialize().
      80                 :             :      *
      81                 :             :      * It must hold that input.size() + LENGTH_LEN == contents.size() + EXPANSION.
      82                 :             :      * Contents.size() must equal the length returned by DecryptLength.
      83                 :             :      */
      84                 :             :     bool Decrypt(Span<const std::byte> input, Span<const std::byte> aad, bool& ignore, Span<std::byte> contents) noexcept;
      85                 :             : 
      86                 :             :     /** Get the Session ID. Only after Initialize(). */
      87                 :        1803 :     Span<const std::byte> GetSessionID() const noexcept { return m_session_id; }
      88                 :             : 
      89                 :             :     /** Get the Garbage Terminator to send. Only after Initialize(). */
      90                 :        2356 :     Span<const std::byte> GetSendGarbageTerminator() const noexcept { return m_send_garbage_terminator; }
      91                 :             : 
      92                 :             :     /** Get the expected Garbage Terminator to receive. Only after Initialize(). */
      93                 :     1848310 :     Span<const std::byte> GetReceiveGarbageTerminator() const noexcept { return m_recv_garbage_terminator; }
      94                 :             : };
      95                 :             : 
      96                 :             : #endif // BITCOIN_BIP324_H
        

Generated by: LCOV version 2.0-1