update flakes, randomize mutex
Signed-off-by: Luca Fulchir <luca.fulchir@runesauth.com>
This commit is contained in:
parent
7bddc9bf55
commit
d1e1006143
|
@ -7,3 +7,11 @@ Official reference implementation of the Fenrir protocol
|
|||
Licensed under the Apache2.0 with LLVM exception.
|
||||
You should be free to use it with GPL2 or other licenses.
|
||||
|
||||
# Building
|
||||
|
||||
like all rust proejcts, just run `cargo build --release`
|
||||
you will find the result in `./target/release`
|
||||
|
||||
If you want to build the `Hati` server, you don't need to build this library
|
||||
separately. Just build the server and it will automatically include this lib
|
||||
|
||||
|
|
18
flake.lock
18
flake.lock
|
@ -32,11 +32,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1676375384,
|
||||
"narHash": "sha256-6HI3jZiuJX+KLz05cocYy2mBAWlISEKHU84ftYfxHZ8=",
|
||||
"lastModified": 1677624842,
|
||||
"narHash": "sha256-4DF9DbDuK4/+KYx0L6XcPBeDHUFVCtzok2fWtwXtb5w=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "c43f676c938662072772339be6269226c77b51b8",
|
||||
"rev": "d70f5cd5c3bef45f7f52698f39e7cc7a89daa7f0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -48,11 +48,11 @@
|
|||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1676300157,
|
||||
"narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=",
|
||||
"lastModified": 1677407201,
|
||||
"narHash": "sha256-3blwdI9o1BAprkvlByHvtEm5HAIRn/XPjtcfiunpY7s=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "545c7a31e5dedea4a6d372712a18e00ce097d462",
|
||||
"rev": "7f5639fa3b68054ca0b062866dc62b22c3f11505",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -92,11 +92,11 @@
|
|||
"nixpkgs": "nixpkgs_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1676437770,
|
||||
"narHash": "sha256-mhJye91Bn0jJIE7NnEywGty/U5qdELfsT8S+FBjTdG4=",
|
||||
"lastModified": 1677638104,
|
||||
"narHash": "sha256-vbdOoDYnQ1QYSchMb3fYGCLYeta3XwmGvMrlXchST5s=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "a619538647bd03e3ee1d7b947f7c11ff289b376e",
|
||||
"rev": "f388187efb41ce4195b2f4de0b6bb463d3cd0a76",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -58,7 +58,12 @@ pub enum Role {
|
|||
}
|
||||
|
||||
impl Connection {
|
||||
pub(crate) fn new(hkdf: HkdfSha3, cipher: CipherKind, role: Role) -> Self {
|
||||
pub(crate) fn new(
|
||||
hkdf: HkdfSha3,
|
||||
cipher: CipherKind,
|
||||
role: Role,
|
||||
rand: &::ring::rand::SystemRandom,
|
||||
) -> Self {
|
||||
let (secret_recv, secret_send) = match role {
|
||||
Role::Server => {
|
||||
(hkdf.get_secret(b"to_server"), hkdf.get_secret(b"to_client"))
|
||||
|
@ -68,7 +73,7 @@ impl Connection {
|
|||
}
|
||||
};
|
||||
let mut cipher_recv = CipherRecv::new(cipher, secret_recv);
|
||||
let mut cipher_send = CipherSend::new(cipher, secret_send);
|
||||
let mut cipher_send = CipherSend::new(cipher, secret_send, rand);
|
||||
|
||||
Self {
|
||||
id: ID::Handshake,
|
||||
|
|
|
@ -275,9 +275,13 @@ impl ::core::fmt::Debug for CipherSend {
|
|||
|
||||
impl CipherSend {
|
||||
/// Build a new Cipher
|
||||
pub fn new(kind: CipherKind, secret: Secret) -> Self {
|
||||
pub fn new(
|
||||
kind: CipherKind,
|
||||
secret: Secret,
|
||||
rand: &::ring::rand::SystemRandom,
|
||||
) -> Self {
|
||||
Self {
|
||||
nonce: NonceSync::new(),
|
||||
nonce: NonceSync::new(rand),
|
||||
cipher: Cipher::new(kind, secret),
|
||||
}
|
||||
}
|
||||
|
@ -344,16 +348,14 @@ impl ::core::fmt::Debug for Nonce {
|
|||
}
|
||||
|
||||
impl Nonce {
|
||||
// FIXME: nonces should be random!
|
||||
/// Generate a new random Nonce
|
||||
pub fn new() -> Self {
|
||||
pub fn new(rand: &::ring::rand::SystemRandom) -> Self {
|
||||
use ring::rand::SecureRandom;
|
||||
let mut raw = [0; 12];
|
||||
rand.fill(&mut raw);
|
||||
#[allow(unsafe_code)]
|
||||
unsafe {
|
||||
Self {
|
||||
// chosen by a fair dice roll
|
||||
// ahh, who am I kidding...
|
||||
num: NonceNum { high: 42, low: 69 },
|
||||
}
|
||||
Self { raw }
|
||||
}
|
||||
}
|
||||
/// Length of this nonce in bytes
|
||||
|
@ -394,9 +396,9 @@ pub struct NonceSync {
|
|||
}
|
||||
impl NonceSync {
|
||||
/// Create a new thread safe nonce
|
||||
pub fn new() -> Self {
|
||||
pub fn new(rand: &::ring::rand::SystemRandom) -> Self {
|
||||
Self {
|
||||
nonce: ::std::sync::Mutex::new(Nonce::new()),
|
||||
nonce: ::std::sync::Mutex::new(Nonce::new(rand)),
|
||||
}
|
||||
}
|
||||
/// Advance the nonce and return the *old* value
|
||||
|
|
|
@ -661,6 +661,7 @@ impl Fenrir {
|
|||
authinfo.hkdf,
|
||||
req.cipher,
|
||||
connection::Role::Server,
|
||||
&self.rand,
|
||||
);
|
||||
// track connection
|
||||
let auth_conn = {
|
||||
|
|
Loading…
Reference in New Issue