update flakes, randomize mutex

Signed-off-by: Luca Fulchir <luca.fulchir@runesauth.com>
2023-03-01 18:20:03 +01:00 · 2023-03-01 18:20:03 +01:00 · d1e1006143
parent 7bddc9bf55
commit d1e1006143
5 changed files with 38 additions and 22 deletions
--- a/Readme.md
+++ b/Readme.md
@ -7,3 +7,11 @@ Official reference implementation of the Fenrir protocol
 Licensed under the Apache2.0 with LLVM exception.  
 You should be free to use it with GPL2 or other licenses.

+# Building
+
+like all rust proejcts, just run `cargo build --release`
+you will find the result in `./target/release`
+
+If you want to build the `Hati` server, you don't need to build this library
+separately. Just build the server and it will automatically include this lib
+
--- a/flake.lock
+++ b/flake.lock
@ -32,11 +32,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1676375384,
-        "narHash": "sha256-6HI3jZiuJX+KLz05cocYy2mBAWlISEKHU84ftYfxHZ8=",
+        "lastModified": 1677624842,
+        "narHash": "sha256-4DF9DbDuK4/+KYx0L6XcPBeDHUFVCtzok2fWtwXtb5w=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "c43f676c938662072772339be6269226c77b51b8",
+        "rev": "d70f5cd5c3bef45f7f52698f39e7cc7a89daa7f0",
        "type": "github"
      },
      "original": {
@ -48,11 +48,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1676300157,
-        "narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=",
+        "lastModified": 1677407201,
+        "narHash": "sha256-3blwdI9o1BAprkvlByHvtEm5HAIRn/XPjtcfiunpY7s=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "545c7a31e5dedea4a6d372712a18e00ce097d462",
+        "rev": "7f5639fa3b68054ca0b062866dc62b22c3f11505",
        "type": "github"
      },
      "original": {
@ -92,11 +92,11 @@
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1676437770,
-        "narHash": "sha256-mhJye91Bn0jJIE7NnEywGty/U5qdELfsT8S+FBjTdG4=",
+        "lastModified": 1677638104,
+        "narHash": "sha256-vbdOoDYnQ1QYSchMb3fYGCLYeta3XwmGvMrlXchST5s=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "a619538647bd03e3ee1d7b947f7c11ff289b376e",
+        "rev": "f388187efb41ce4195b2f4de0b6bb463d3cd0a76",
        "type": "github"
      },
      "original": {
--- a/src/connection/mod.rs
+++ b/src/connection/mod.rs
@ -58,7 +58,12 @@ pub enum Role {
 }

 impl Connection {
-    pub(crate) fn new(hkdf: HkdfSha3, cipher: CipherKind, role: Role) -> Self {
+    pub(crate) fn new(
+        hkdf: HkdfSha3,
+        cipher: CipherKind,
+        role: Role,
+        rand: &::ring::rand::SystemRandom,
+    ) -> Self {
        let (secret_recv, secret_send) = match role {
            Role::Server => {
                (hkdf.get_secret(b"to_server"), hkdf.get_secret(b"to_client"))
@ -68,7 +73,7 @@ impl Connection {
            }
        };
        let mut cipher_recv = CipherRecv::new(cipher, secret_recv);
-        let mut cipher_send = CipherSend::new(cipher, secret_send);
+        let mut cipher_send = CipherSend::new(cipher, secret_send, rand);

        Self {
            id: ID::Handshake,
--- a/src/enc/sym.rs
+++ b/src/enc/sym.rs
@ -275,9 +275,13 @@ impl ::core::fmt::Debug for CipherSend {

 impl CipherSend {
    /// Build a new Cipher
-    pub fn new(kind: CipherKind, secret: Secret) -> Self {
+    pub fn new(
+        kind: CipherKind,
+        secret: Secret,
+        rand: &::ring::rand::SystemRandom,
+    ) -> Self {
        Self {
-            nonce: NonceSync::new(),
+            nonce: NonceSync::new(rand),
            cipher: Cipher::new(kind, secret),
        }
    }
@ -344,16 +348,14 @@ impl ::core::fmt::Debug for Nonce {
 }

 impl Nonce {
-    // FIXME: nonces should be random!
    /// Generate a new random Nonce
-    pub fn new() -> Self {
+    pub fn new(rand: &::ring::rand::SystemRandom) -> Self {
+        use ring::rand::SecureRandom;
+        let mut raw = [0; 12];
+        rand.fill(&mut raw);
        #[allow(unsafe_code)]
        unsafe {
-            Self {
-                // chosen by a fair dice roll
-                // ahh, who am I kidding...
-                num: NonceNum { high: 42, low: 69 },
-            }
+            Self { raw }
        }
    }
    /// Length of this nonce in bytes
@ -394,9 +396,9 @@ pub struct NonceSync {
 }
 impl NonceSync {
    /// Create a new thread safe nonce
-    pub fn new() -> Self {
+    pub fn new(rand: &::ring::rand::SystemRandom) -> Self {
        Self {
-            nonce: ::std::sync::Mutex::new(Nonce::new()),
+            nonce: ::std::sync::Mutex::new(Nonce::new(rand)),
        }
    }
    /// Advance the nonce and return the *old* value
--- a/src/lib.rs
+++ b/src/lib.rs
@ -661,6 +661,7 @@ impl Fenrir {
                                    authinfo.hkdf,
                                    req.cipher,
                                    connection::Role::Server,
+                                    &self.rand,
                                );
                                // track connection
                                let auth_conn = {