update flakes, randomize mutex
Signed-off-by: Luca Fulchir <luca.fulchir@runesauth.com>
This commit is contained in:
parent
7bddc9bf55
commit
d1e1006143
|
@ -7,3 +7,11 @@ Official reference implementation of the Fenrir protocol
|
||||||
Licensed under the Apache2.0 with LLVM exception.
|
Licensed under the Apache2.0 with LLVM exception.
|
||||||
You should be free to use it with GPL2 or other licenses.
|
You should be free to use it with GPL2 or other licenses.
|
||||||
|
|
||||||
|
# Building
|
||||||
|
|
||||||
|
like all rust proejcts, just run `cargo build --release`
|
||||||
|
you will find the result in `./target/release`
|
||||||
|
|
||||||
|
If you want to build the `Hati` server, you don't need to build this library
|
||||||
|
separately. Just build the server and it will automatically include this lib
|
||||||
|
|
||||||
|
|
18
flake.lock
18
flake.lock
|
@ -32,11 +32,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1676375384,
|
"lastModified": 1677624842,
|
||||||
"narHash": "sha256-6HI3jZiuJX+KLz05cocYy2mBAWlISEKHU84ftYfxHZ8=",
|
"narHash": "sha256-4DF9DbDuK4/+KYx0L6XcPBeDHUFVCtzok2fWtwXtb5w=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "c43f676c938662072772339be6269226c77b51b8",
|
"rev": "d70f5cd5c3bef45f7f52698f39e7cc7a89daa7f0",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -48,11 +48,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1676300157,
|
"lastModified": 1677407201,
|
||||||
"narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=",
|
"narHash": "sha256-3blwdI9o1BAprkvlByHvtEm5HAIRn/XPjtcfiunpY7s=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "545c7a31e5dedea4a6d372712a18e00ce097d462",
|
"rev": "7f5639fa3b68054ca0b062866dc62b22c3f11505",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -92,11 +92,11 @@
|
||||||
"nixpkgs": "nixpkgs_2"
|
"nixpkgs": "nixpkgs_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1676437770,
|
"lastModified": 1677638104,
|
||||||
"narHash": "sha256-mhJye91Bn0jJIE7NnEywGty/U5qdELfsT8S+FBjTdG4=",
|
"narHash": "sha256-vbdOoDYnQ1QYSchMb3fYGCLYeta3XwmGvMrlXchST5s=",
|
||||||
"owner": "oxalica",
|
"owner": "oxalica",
|
||||||
"repo": "rust-overlay",
|
"repo": "rust-overlay",
|
||||||
"rev": "a619538647bd03e3ee1d7b947f7c11ff289b376e",
|
"rev": "f388187efb41ce4195b2f4de0b6bb463d3cd0a76",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -58,7 +58,12 @@ pub enum Role {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Connection {
|
impl Connection {
|
||||||
pub(crate) fn new(hkdf: HkdfSha3, cipher: CipherKind, role: Role) -> Self {
|
pub(crate) fn new(
|
||||||
|
hkdf: HkdfSha3,
|
||||||
|
cipher: CipherKind,
|
||||||
|
role: Role,
|
||||||
|
rand: &::ring::rand::SystemRandom,
|
||||||
|
) -> Self {
|
||||||
let (secret_recv, secret_send) = match role {
|
let (secret_recv, secret_send) = match role {
|
||||||
Role::Server => {
|
Role::Server => {
|
||||||
(hkdf.get_secret(b"to_server"), hkdf.get_secret(b"to_client"))
|
(hkdf.get_secret(b"to_server"), hkdf.get_secret(b"to_client"))
|
||||||
|
@ -68,7 +73,7 @@ impl Connection {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
let mut cipher_recv = CipherRecv::new(cipher, secret_recv);
|
let mut cipher_recv = CipherRecv::new(cipher, secret_recv);
|
||||||
let mut cipher_send = CipherSend::new(cipher, secret_send);
|
let mut cipher_send = CipherSend::new(cipher, secret_send, rand);
|
||||||
|
|
||||||
Self {
|
Self {
|
||||||
id: ID::Handshake,
|
id: ID::Handshake,
|
||||||
|
|
|
@ -275,9 +275,13 @@ impl ::core::fmt::Debug for CipherSend {
|
||||||
|
|
||||||
impl CipherSend {
|
impl CipherSend {
|
||||||
/// Build a new Cipher
|
/// Build a new Cipher
|
||||||
pub fn new(kind: CipherKind, secret: Secret) -> Self {
|
pub fn new(
|
||||||
|
kind: CipherKind,
|
||||||
|
secret: Secret,
|
||||||
|
rand: &::ring::rand::SystemRandom,
|
||||||
|
) -> Self {
|
||||||
Self {
|
Self {
|
||||||
nonce: NonceSync::new(),
|
nonce: NonceSync::new(rand),
|
||||||
cipher: Cipher::new(kind, secret),
|
cipher: Cipher::new(kind, secret),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -344,16 +348,14 @@ impl ::core::fmt::Debug for Nonce {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Nonce {
|
impl Nonce {
|
||||||
// FIXME: nonces should be random!
|
|
||||||
/// Generate a new random Nonce
|
/// Generate a new random Nonce
|
||||||
pub fn new() -> Self {
|
pub fn new(rand: &::ring::rand::SystemRandom) -> Self {
|
||||||
|
use ring::rand::SecureRandom;
|
||||||
|
let mut raw = [0; 12];
|
||||||
|
rand.fill(&mut raw);
|
||||||
#[allow(unsafe_code)]
|
#[allow(unsafe_code)]
|
||||||
unsafe {
|
unsafe {
|
||||||
Self {
|
Self { raw }
|
||||||
// chosen by a fair dice roll
|
|
||||||
// ahh, who am I kidding...
|
|
||||||
num: NonceNum { high: 42, low: 69 },
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/// Length of this nonce in bytes
|
/// Length of this nonce in bytes
|
||||||
|
@ -394,9 +396,9 @@ pub struct NonceSync {
|
||||||
}
|
}
|
||||||
impl NonceSync {
|
impl NonceSync {
|
||||||
/// Create a new thread safe nonce
|
/// Create a new thread safe nonce
|
||||||
pub fn new() -> Self {
|
pub fn new(rand: &::ring::rand::SystemRandom) -> Self {
|
||||||
Self {
|
Self {
|
||||||
nonce: ::std::sync::Mutex::new(Nonce::new()),
|
nonce: ::std::sync::Mutex::new(Nonce::new(rand)),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/// Advance the nonce and return the *old* value
|
/// Advance the nonce and return the *old* value
|
||||||
|
|
|
@ -661,6 +661,7 @@ impl Fenrir {
|
||||||
authinfo.hkdf,
|
authinfo.hkdf,
|
||||||
req.cipher,
|
req.cipher,
|
||||||
connection::Role::Server,
|
connection::Role::Server,
|
||||||
|
&self.rand,
|
||||||
);
|
);
|
||||||
// track connection
|
// track connection
|
||||||
let auth_conn = {
|
let auth_conn = {
|
||||||
|
|
Loading…
Reference in New Issue