Crypto: implement TweetNaCl via Crypto++, remove SUPERCOP (ref10)

[anonimal]

---

By submitting this pull-request, I confirm the following:

• I have read and understood the developer guide in kovri-docs.
• I have checked that another pull-request for this purpose does not exist.
• I have considered and confirmed that this submission will be valuable to others.
• I accept that this submission may not be used and that this pull-request may be closed by the will of the maintainer.
• I give this submission freely under the BSD 3-clause license.

---

See git-log for details. References anonimal/cryptopp@caa06bf and #784. Resolves #485. Closes #345.

[anonimal]

Unit test passes. Live test fires an assertion. Live tests pass for transports (yes, sessions are successful with ed25519 router ident) and tunnel pool tunnel tests are passing - but not client destinations.

This is most likely because, according to the spec, I2P requires 32byte sk buffer (I hate I2P) but, if 32byte sk were the case, then nothing should work... Certainly, a quick look at the identity code isn't helpful (#366) either.

TBD.

Update: note as to why 32byte sk buffer, the java implementation appears to take a lazy approach to interop'ing with pre-hashed ed25519 for their offline signing (see EdDSAPublicKey.java and EdDSAPrivateKey.java). Offline signing (according to spec) has nothing to do with router identities or client destinations.

If they enforce 32byte sk buffer in place of pure ed25519 for purely implementation reasons and not coherent mathematical reasons, then [insert rage comment].

I'll need more time to confirm (after I return next week).

[coneiric]

Just ran this branch in the Docker testnet, and Kovri exited with the following errors:

[2018.06.26 23:03:48.636067] [0x00007fc0af0a0440] [info]    The Kovri I2P Router Project
[2018.06.26 23:03:48.636154] [0x00007fc0af0a0440] [info]    0.1.0-pre-alpha-  "In the beginning"
[2018.06.26 23:03:48.636363] [0x00007fc0af0a0440] [info]    DaemonSingleton: configured
kovri: /home/kovri/kovri/src/core/crypto/impl/cryptopp/signature.cc:846: bool kovri::core::Ed25519Verifier::Ed25519VerifierImpl::Verify(const uint8_t*, std::size_t, const uint8_t*) const: Assertion `rmlen == sm.size()' failed.
[2018.06.26 23:09:12.322998] [0x00007f0b2ee11440] [info]    The Kovri I2P Router Project
[2018.06.26 23:09:12.323090] [0x00007f0b2ee11440] [info]    0.1.0-pre-alpha-  "In the beginning"
[2018.06.26 23:09:12.323325] [0x00007f0b2ee11440] [info]    DaemonSingleton: configured
kovri: /home/kovri/kovri/src/core/crypto/impl/cryptopp/signature.cc:846: bool kovri::core::Ed25519Verifier::Ed25519VerifierImpl::Verify(const uint8_t*, std::size_t, const uint8_t*) const: Assertion `rmlen == sm.size()' failed.

Tracking down the cause of the assertion firing, but wanted to leave this here in case it's helpful.

[coneiric]

Just made a PR to your branch, anonimal/kovri#4 with updates that resolves the failed assertion.

After applying those patches, rebasing on current master, and resolving some merge conflicts, this branch passes all the live tests.

I was able to connect to a server tunnel, and use the IRC + HTTP proxies.

Everything looks good to me, unless there was another client destination test you ran that was failing.

Update: ironically, shortly after posting this comment, the router's NetDb stalled with boost::bad_any_cast exceptions. I have a backtrace of the failure, hopefully it helps: netdb-log.txt

[anonimal]

Just made a PR to your branch, anonimal#4 with updates that resolves the failed assertion.

I've closed that PR because this PR resolves that issue (safer than what you were proposing).

Update: ironically, shortly after posting this comment, the router's NetDb stalled with boost::bad_any_cast exceptions. I have a backtrace of the failure, hopefully it helps: netdb-log.txt

Unrelated to this PR. I've seen it without this PR.

[anonimal]

Live tests pass. This PR should be ready to merge.

Thank you very much to @noloader for his assistance in weidai11/cryptopp#668. I've credited him in the git log.