update flakes, randomize mutex

Signed-off-by: Luca Fulchir <luca.fulchir@runesauth.com>
This commit is contained in:
Luca Fulchir 2023-03-01 18:20:03 +01:00
parent 7bddc9bf55
commit d1e1006143
Signed by: luca.fulchir
GPG Key ID: 8F6440603D13A78E
5 changed files with 38 additions and 22 deletions

View File

@ -7,3 +7,11 @@ Official reference implementation of the Fenrir protocol
Licensed under the Apache2.0 with LLVM exception.
You should be free to use it with GPL2 or other licenses.
# Building
like all rust proejcts, just run `cargo build --release`
you will find the result in `./target/release`
If you want to build the `Hati` server, you don't need to build this library
separately. Just build the server and it will automatically include this lib

View File

@ -32,11 +32,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1676375384,
"narHash": "sha256-6HI3jZiuJX+KLz05cocYy2mBAWlISEKHU84ftYfxHZ8=",
"lastModified": 1677624842,
"narHash": "sha256-4DF9DbDuK4/+KYx0L6XcPBeDHUFVCtzok2fWtwXtb5w=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c43f676c938662072772339be6269226c77b51b8",
"rev": "d70f5cd5c3bef45f7f52698f39e7cc7a89daa7f0",
"type": "github"
},
"original": {
@ -48,11 +48,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1676300157,
"narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=",
"lastModified": 1677407201,
"narHash": "sha256-3blwdI9o1BAprkvlByHvtEm5HAIRn/XPjtcfiunpY7s=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "545c7a31e5dedea4a6d372712a18e00ce097d462",
"rev": "7f5639fa3b68054ca0b062866dc62b22c3f11505",
"type": "github"
},
"original": {
@ -92,11 +92,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1676437770,
"narHash": "sha256-mhJye91Bn0jJIE7NnEywGty/U5qdELfsT8S+FBjTdG4=",
"lastModified": 1677638104,
"narHash": "sha256-vbdOoDYnQ1QYSchMb3fYGCLYeta3XwmGvMrlXchST5s=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "a619538647bd03e3ee1d7b947f7c11ff289b376e",
"rev": "f388187efb41ce4195b2f4de0b6bb463d3cd0a76",
"type": "github"
},
"original": {

View File

@ -58,7 +58,12 @@ pub enum Role {
}
impl Connection {
pub(crate) fn new(hkdf: HkdfSha3, cipher: CipherKind, role: Role) -> Self {
pub(crate) fn new(
hkdf: HkdfSha3,
cipher: CipherKind,
role: Role,
rand: &::ring::rand::SystemRandom,
) -> Self {
let (secret_recv, secret_send) = match role {
Role::Server => {
(hkdf.get_secret(b"to_server"), hkdf.get_secret(b"to_client"))
@ -68,7 +73,7 @@ impl Connection {
}
};
let mut cipher_recv = CipherRecv::new(cipher, secret_recv);
let mut cipher_send = CipherSend::new(cipher, secret_send);
let mut cipher_send = CipherSend::new(cipher, secret_send, rand);
Self {
id: ID::Handshake,

View File

@ -275,9 +275,13 @@ impl ::core::fmt::Debug for CipherSend {
impl CipherSend {
/// Build a new Cipher
pub fn new(kind: CipherKind, secret: Secret) -> Self {
pub fn new(
kind: CipherKind,
secret: Secret,
rand: &::ring::rand::SystemRandom,
) -> Self {
Self {
nonce: NonceSync::new(),
nonce: NonceSync::new(rand),
cipher: Cipher::new(kind, secret),
}
}
@ -344,16 +348,14 @@ impl ::core::fmt::Debug for Nonce {
}
impl Nonce {
// FIXME: nonces should be random!
/// Generate a new random Nonce
pub fn new() -> Self {
pub fn new(rand: &::ring::rand::SystemRandom) -> Self {
use ring::rand::SecureRandom;
let mut raw = [0; 12];
rand.fill(&mut raw);
#[allow(unsafe_code)]
unsafe {
Self {
// chosen by a fair dice roll
// ahh, who am I kidding...
num: NonceNum { high: 42, low: 69 },
}
Self { raw }
}
}
/// Length of this nonce in bytes
@ -394,9 +396,9 @@ pub struct NonceSync {
}
impl NonceSync {
/// Create a new thread safe nonce
pub fn new() -> Self {
pub fn new(rand: &::ring::rand::SystemRandom) -> Self {
Self {
nonce: ::std::sync::Mutex::new(Nonce::new()),
nonce: ::std::sync::Mutex::new(Nonce::new(rand)),
}
}
/// Advance the nonce and return the *old* value

View File

@ -661,6 +661,7 @@ impl Fenrir {
authinfo.hkdf,
req.cipher,
connection::Role::Server,
&self.rand,
);
// track connection
let auth_conn = {