update flakes, randomize mutex

Signed-off-by: Luca Fulchir <luca.fulchir@runesauth.com>
This commit is contained in:
Luca Fulchir 2023-03-01 18:20:03 +01:00
parent 7bddc9bf55
commit d1e1006143
Signed by: luca.fulchir
GPG Key ID: 8F6440603D13A78E
5 changed files with 38 additions and 22 deletions

View File

@ -7,3 +7,11 @@ Official reference implementation of the Fenrir protocol
Licensed under the Apache2.0 with LLVM exception. Licensed under the Apache2.0 with LLVM exception.
You should be free to use it with GPL2 or other licenses. You should be free to use it with GPL2 or other licenses.
# Building
like all rust proejcts, just run `cargo build --release`
you will find the result in `./target/release`
If you want to build the `Hati` server, you don't need to build this library
separately. Just build the server and it will automatically include this lib

View File

@ -32,11 +32,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1676375384, "lastModified": 1677624842,
"narHash": "sha256-6HI3jZiuJX+KLz05cocYy2mBAWlISEKHU84ftYfxHZ8=", "narHash": "sha256-4DF9DbDuK4/+KYx0L6XcPBeDHUFVCtzok2fWtwXtb5w=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c43f676c938662072772339be6269226c77b51b8", "rev": "d70f5cd5c3bef45f7f52698f39e7cc7a89daa7f0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -48,11 +48,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1676300157, "lastModified": 1677407201,
"narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=", "narHash": "sha256-3blwdI9o1BAprkvlByHvtEm5HAIRn/XPjtcfiunpY7s=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "545c7a31e5dedea4a6d372712a18e00ce097d462", "rev": "7f5639fa3b68054ca0b062866dc62b22c3f11505",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -92,11 +92,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1676437770, "lastModified": 1677638104,
"narHash": "sha256-mhJye91Bn0jJIE7NnEywGty/U5qdELfsT8S+FBjTdG4=", "narHash": "sha256-vbdOoDYnQ1QYSchMb3fYGCLYeta3XwmGvMrlXchST5s=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "a619538647bd03e3ee1d7b947f7c11ff289b376e", "rev": "f388187efb41ce4195b2f4de0b6bb463d3cd0a76",
"type": "github" "type": "github"
}, },
"original": { "original": {

View File

@ -58,7 +58,12 @@ pub enum Role {
} }
impl Connection { impl Connection {
pub(crate) fn new(hkdf: HkdfSha3, cipher: CipherKind, role: Role) -> Self { pub(crate) fn new(
hkdf: HkdfSha3,
cipher: CipherKind,
role: Role,
rand: &::ring::rand::SystemRandom,
) -> Self {
let (secret_recv, secret_send) = match role { let (secret_recv, secret_send) = match role {
Role::Server => { Role::Server => {
(hkdf.get_secret(b"to_server"), hkdf.get_secret(b"to_client")) (hkdf.get_secret(b"to_server"), hkdf.get_secret(b"to_client"))
@ -68,7 +73,7 @@ impl Connection {
} }
}; };
let mut cipher_recv = CipherRecv::new(cipher, secret_recv); let mut cipher_recv = CipherRecv::new(cipher, secret_recv);
let mut cipher_send = CipherSend::new(cipher, secret_send); let mut cipher_send = CipherSend::new(cipher, secret_send, rand);
Self { Self {
id: ID::Handshake, id: ID::Handshake,

View File

@ -275,9 +275,13 @@ impl ::core::fmt::Debug for CipherSend {
impl CipherSend { impl CipherSend {
/// Build a new Cipher /// Build a new Cipher
pub fn new(kind: CipherKind, secret: Secret) -> Self { pub fn new(
kind: CipherKind,
secret: Secret,
rand: &::ring::rand::SystemRandom,
) -> Self {
Self { Self {
nonce: NonceSync::new(), nonce: NonceSync::new(rand),
cipher: Cipher::new(kind, secret), cipher: Cipher::new(kind, secret),
} }
} }
@ -344,16 +348,14 @@ impl ::core::fmt::Debug for Nonce {
} }
impl Nonce { impl Nonce {
// FIXME: nonces should be random!
/// Generate a new random Nonce /// Generate a new random Nonce
pub fn new() -> Self { pub fn new(rand: &::ring::rand::SystemRandom) -> Self {
use ring::rand::SecureRandom;
let mut raw = [0; 12];
rand.fill(&mut raw);
#[allow(unsafe_code)] #[allow(unsafe_code)]
unsafe { unsafe {
Self { Self { raw }
// chosen by a fair dice roll
// ahh, who am I kidding...
num: NonceNum { high: 42, low: 69 },
}
} }
} }
/// Length of this nonce in bytes /// Length of this nonce in bytes
@ -394,9 +396,9 @@ pub struct NonceSync {
} }
impl NonceSync { impl NonceSync {
/// Create a new thread safe nonce /// Create a new thread safe nonce
pub fn new() -> Self { pub fn new(rand: &::ring::rand::SystemRandom) -> Self {
Self { Self {
nonce: ::std::sync::Mutex::new(Nonce::new()), nonce: ::std::sync::Mutex::new(Nonce::new(rand)),
} }
} }
/// Advance the nonce and return the *old* value /// Advance the nonce and return the *old* value

View File

@ -661,6 +661,7 @@ impl Fenrir {
authinfo.hkdf, authinfo.hkdf,
req.cipher, req.cipher,
connection::Role::Server, connection::Role::Server,
&self.rand,
); );
// track connection // track connection
let auth_conn = { let auth_conn = {