Let rust and node handshake

[Frando]

The handshake does not work at the moment. See this issue in datrs/hypercore for a high-level overview.

This issue is only concerned with the handshake. I managed to track down where exactly the handshake fails:

It's always the client (initiator) that crashes. And both in Rust and in Node it happens at the same place. It happens when receiving the S token and then calling into the SymetricState and its DecryptAndHash function. There, the cipher's DecryptWithAd function is called, and this decryption fails.

• In rust, the error occurs here in symmetricstate.rs when called from handshakestate.rs when receiving the S token
• In node, the error occurs here in symmetric-state.js when called from handshake-state.js when receiving the S token

So - either the input parameters to the decrypt function are different, or the XChaCha20 impls differ.

[Frando]

The README of noise-protocol states the following:

Deviations from the Noise specification

• Uses libsodiums crypto_kx_* API which hashes the shared secret with the
  client and server public key; BLAKE2b-512(shared || client_pk || server_pk)
• Uses crypto_aead_xchacha20poly1305_ietf_* for symmetric cryptography with
  nonces 128-bit zero || 64-bit counter, meaning the protocol name is Noise_*_25519_XChaChaPoly_BLAKE2b, with * being the handshake pattern

[Frando]

I hackily replaced the x25519 DH calculation in snow with crypto_kx_* from sodiumoxide and again, it works between rust and rust but not rust and node/noise-protocol. Hm.

[bltavares]

I'm trying the following, yet I'm not sure what should be the values for Key to initiate the XSalsa20 stream:

master...bltavares:cipher

It compiles, but I didn't even try to run as the keys are dummy values so far.

[Frando]

I managed to get this to work 😅

still not with the released versions, but it works!

[Frando]

This was fixed quite a while ago