RunesAuth/libFenrir
3
1
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects 1 Releases Wiki Activity
1259996201
libFenrir/src/connection/handshake/dirsync.rs
Luca Fulchir 1259996201
Connect boilerplate, cleanup 
Signed-off-by: Luca Fulchir <luca.fulchir@runesauth.com>
2023-05-27 10:57:15 +02:00

459 lines
14 KiB
Rust
Raw Blame History

//! Directory synchronized handshake
//! 1-RTT connection
//!
//! The simplest, fastest handshake supported by Fenrir
//! Downside: It does not offer protection from DDos,
//! no perfect forward secrecy
//!
//! To grant a form of perfect forward secrecy, the server should periodically
//! change the DNSSEC public/private keys
use super::{Error, HandshakeData};
use crate::{
auth,
connection::{ProtocolVersion, ID},
enc::{
asym::{ExchangePubKey, KeyExchange, KeyID},
sym::{CipherKind, HeadLen, Secret, TagLen},
},
};
use ::arrayref::array_mut_ref;
type Nonce = [u8; 16];
/// Parsed handshake
#[derive(Debug, Clone)]
pub enum DirSync {
/// Directory synchronized handshake: client request
Req(Req),
/// Directory synchronized handshake: server response
Resp(Resp),
}
impl DirSync {
/// actual length of the dirsync handshake data
pub fn len(&self) -> usize {
match self {
DirSync::Req(req) => req.len(),
DirSync::Resp(resp) => resp.len(),
}
}
/// Serialize into raw bytes
/// NOTE: assumes that there is exactly asa much buffer as needed
pub fn serialize(
&self,
head_len: HeadLen,
tag_len: TagLen,
out: &mut [u8],
) {
match self {
DirSync::Req(req) => req.serialize(head_len, tag_len, out),
DirSync::Resp(resp) => resp.serialize(head_len, tag_len, out),
}
}
}
/// Client request of a directory synchronized handshake
#[derive(Debug, Clone)]
pub struct Req {
/// Id of the server key used for the key exchange
pub key_id: KeyID,
/// Selected key exchange
pub exchange: KeyExchange,
/// Selected cipher
pub cipher: CipherKind,
/// Client ephemeral public key used for key exchanges
pub exchange_key: ExchangePubKey,
/// encrypted data
pub data: ReqInner,
// Security: Add padding to min: 1200 bytes to avoid amplification attaks
}
impl Req {
/// return the offset of the encrypted data
/// NOTE: starts from the beginning of the fenrir packet
pub fn encrypted_offset(&self) -> usize {
ProtocolVersion::len()
+ KeyID::len()
+ KeyExchange::len()
+ CipherKind::len()
+ self.exchange_key.len()
}
/// return the total length of the cleartext data
pub fn encrypted_length(&self) -> usize {
match &self.data {
ReqInner::ClearText(data) => data.len(),
_ => 0,
}
}
/// actual length of the directory synchronized request
pub fn len(&self) -> usize {
KeyID::len()
+ KeyExchange::len()
+ CipherKind::len()
+ self.exchange_key.len()
+ self.data.len()
}
/// Serialize into raw bytes
/// NOTE: assumes that there is exactly as much buffer as needed
pub fn serialize(
&self,
head_len: HeadLen,
tag_len: TagLen,
out: &mut [u8],
) {
//assert!(out.len() > , ": not enough buffer to serialize");
todo!()
}
}
impl super::HandshakeParsing for Req {
fn deserialize(raw: &[u8]) -> Result<HandshakeData, Error> {
const MIN_PKT_LEN: usize = 10;
if raw.len() < MIN_PKT_LEN {
return Err(Error::NotEnoughData);
}
let key_id: KeyID =
KeyID(u16::from_le_bytes(raw[0..1].try_into().unwrap()));
use ::num_traits::FromPrimitive;
let exchange: KeyExchange = match KeyExchange::from_u8(raw[2]) {
Some(exchange) => exchange,
None => return Err(Error::Parsing),
};
let cipher: CipherKind = match CipherKind::from_u8(raw[3]) {
Some(cipher) => cipher,
None => return Err(Error::Parsing),
};
let (exchange_key, len) = match ExchangePubKey::from_slice(&raw[4..]) {
Ok(exchange_key) => exchange_key,
Err(e) => return Err(e.into()),
};
let data = ReqInner::CipherText(raw.len() - (4 + len));
Ok(HandshakeData::DirSync(DirSync::Req(Self {
key_id,
exchange,
cipher,
exchange_key,
data,
})))
}
}
/// Quick way to avoid mixing cipher and clear text
#[derive(Debug, Clone)]
pub enum ReqInner {
/// Data is still encrytped, we only keep the length
CipherText(usize),
/// Client data, decrypted and parsed
ClearText(ReqData),
}
impl ReqInner {
/// The length of the data
pub fn len(&self) -> usize {
match self {
ReqInner::CipherText(len) => *len,
ReqInner::ClearText(data) => data.len(),
}
}
/// parse the cleartext
pub fn deserialize_as_cleartext(&mut self, raw: &[u8]) {
let clear = match self {
ReqInner::CipherText(len) => {
assert!(
*len == raw.len(),
"DirSync::ReqInner::CipherText length mismatch"
);
match ReqData::deserialize(raw) {
Ok(clear) => clear,
Err(_) => return,
}
}
_ => return,
};
*self = ReqInner::ClearText(clear);
}
}
/// Informations needed for authentication
#[derive(Debug, Clone)]
pub struct AuthInfo {
/// User of the domain
pub user: auth::UserID,
/// Authentication token
pub token: auth::Token,
/// service ID that we want to use on the domain
pub service_id: auth::ServiceID,
/// subdomain on which we authenticate
// SECURITY: TODO: this should be padded to multiples of 32 bytes or so
// reason: packet length can let you infer the authentication domain
pub domain: auth::Domain,
}
impl AuthInfo {
/// Minimum length of the authentication info
pub const MIN_PKT_LEN: usize =
auth::UserID::len() + auth::Token::len() + auth::ServiceID::len() + 1;
/// Actual length of the authentication info
pub fn len(&self) -> usize {
Self::MIN_PKT_LEN + self.domain.len()
}
/// deserialize from raw bytes
pub fn deserialize(raw: &[u8]) -> Result<Self, Error> {
if raw.len() < Self::MIN_PKT_LEN {
return Err(Error::NotEnoughData);
}
let raw_user_id: [u8; auth::UserID::len()];
let raw_token: [u8; auth::Token::len()];
let raw_service_id: [u8; auth::ServiceID::len()];
let mut start = 0;
let mut end = auth::UserID::len();
raw_user_id = raw[start..end].try_into().unwrap();
let user: auth::UserID = raw_user_id.into();
start = end;
end = end + auth::Token::len();
raw_token = raw[start..end].try_into().unwrap();
let token: auth::Token = raw_token.into();
start = end;
end = end + auth::ServiceID::len();
raw_service_id = raw[start..end].try_into().unwrap();
let service_id: auth::ServiceID = raw_service_id.into();
start = end;
let domain_len = raw[start];
start = start + 1;
end = start + domain_len as usize;
if raw.len() < end {
return Err(Error::NotEnoughData);
}
let domain: auth::Domain = match raw[start..end].try_into() {
Ok(domain) => domain,
Err(_) => return Err(Error::Parsing),
};
Ok(Self {
user,
token,
service_id,
domain,
})
}
}
/// Decrypted request data
#[derive(Debug, Clone)]
pub struct ReqData {
/// Random nonce, the client can use this to track multiple key exchanges
pub nonce: Nonce,
/// Client key id so the client can use and rotate keys
pub client_key_id: KeyID,
/// Receiving connection id for the client
pub id: ID,
/// Authentication data
pub auth: AuthInfo,
}
impl ReqData {
/// actual length of the request data
pub fn len(&self) -> usize {
self.nonce.len() + KeyID::len() + ID::len() + self.auth.len()
}
/// Minimum byte length of the request data
pub const MIN_PKT_LEN: usize =
16 + KeyID::len() + ID::len() + AuthInfo::MIN_PKT_LEN;
/// Parse the cleartext raw data
pub fn deserialize(raw: &[u8]) -> Result<Self, Error> {
if raw.len() < Self::MIN_PKT_LEN {
return Err(Error::NotEnoughData);
}
let mut start = 0;
let mut end = 16;
let nonce: Nonce = raw[start..end].try_into().unwrap();
start = end;
end = end + KeyID::len();
let client_key_id =
KeyID(u16::from_le_bytes(raw[start..end].try_into().unwrap()));
start = end;
end = end + ID::len();
let id: ID =
u64::from_le_bytes(raw[start..end].try_into().unwrap()).into();
if id.is_handshake() {
return Err(Error::Parsing);
}
start = end;
//end = raw.len();
let auth = AuthInfo::deserialize(&raw[start..])?;
Ok(Self {
nonce,
client_key_id,
id,
auth,
})
}
}
/// Quick way to avoid mixing cipher and clear text
#[derive(Debug, Clone)]
pub enum RespInner {
/// Server data, still in ciphertext
CipherText(usize),
/// Parsed, cleartext server data
ClearText(RespData),
}
impl RespInner {
/// The length of the data
pub fn len(&self) -> usize {
match self {
RespInner::CipherText(len) => *len,
RespInner::ClearText(_) => RespData::len(),
}
}
/*
/// Get the ciptertext, or panic
pub fn ciphertext<'a>(&'a mut self) -> &'a mut VecDeque<u8> {
match self {
RespInner::CipherText(data) => data,
_ => panic!(),
}
}
*/
/// parse the cleartext
pub fn deserialize_as_cleartext(&mut self, raw: &[u8]) {
let clear = match self {
RespInner::CipherText(len) => {
assert!(
*len == raw.len(),
"DirSync::RespInner::CipherText length mismatch"
);
match RespData::deserialize(raw) {
Ok(clear) => clear,
Err(_) => return,
}
}
_ => return,
};
*self = RespInner::ClearText(clear);
}
/*
/// switch from ciphertext to cleartext
pub fn mark_as_cleartext(&mut self) {
let mut newdata: VecDeque<u8>;
match self {
RespInner::CipherText(data) => {
newdata = VecDeque::new();
::core::mem::swap(&mut newdata, data);
}
_ => return,
}
*self = RespInner::ClearText(newdata);
}
*/
/// serialize, but only if ciphertext
pub fn serialize(&self, out: &mut [u8]) {
todo!()
}
}
/// Server response in a directory synchronized handshake
#[derive(Debug, Clone)]
pub struct Resp {
/// Tells the client with which key the exchange was done
pub client_key_id: KeyID,
/// actual response data, might be encrypted
pub data: RespInner,
}
impl super::HandshakeParsing for Resp {
fn deserialize(raw: &[u8]) -> Result<HandshakeData, Error> {
const MIN_PKT_LEN: usize = 68;
if raw.len() < MIN_PKT_LEN {
return Err(Error::NotEnoughData);
}
let client_key_id: KeyID =
KeyID(u16::from_le_bytes(raw[0..1].try_into().unwrap()));
Ok(HandshakeData::DirSync(DirSync::Resp(Self {
client_key_id,
data: RespInner::CipherText(raw[KeyID::len()..].len()),
})))
}
}
impl Resp {
/// return the offset of the encrypted data
/// NOTE: starts from the beginning of the fenrir packet
pub fn encrypted_offset(&self) -> usize {
ProtocolVersion::len() + KeyID::len()
}
/// return the total length of the cleartext data
pub fn encrypted_length(&self) -> usize {
match &self.data {
RespInner::ClearText(_data) => RespData::len(),
_ => 0,
}
}
/// Total length of the response handshake
pub fn len(&self) -> usize {
KeyID::len() + self.data.len()
}
/// Serialize into raw bytes
/// NOTE: assumes that there is exactly as much buffer as needed
/// NOTE: assumes that the data is *ClearText*
pub fn serialize(
&self,
head_len: HeadLen,
tag_len: TagLen,
out: &mut [u8],
) {
assert!(
out.len() == KeyID::len() + self.data.len(),
"DirSync Resp: not enough buffer to serialize"
);
self.client_key_id.serialize(array_mut_ref![out, 0, 2]);
let end_data = (2 + self.data.len()) - tag_len.0;
self.data.serialize(&mut out[(2 + head_len.0)..end_data]);
}
/// Set the cleartext data after it was parsed
pub fn set_data(&mut self, data: RespData) {
self.data = RespInner::ClearText(data);
}
}
/// Decrypted response data
#[derive(Debug, Clone)]
pub struct RespData {
/// Client nonce, copied from the request
pub client_nonce: Nonce,
/// Server Connection ID
pub id: ID,
/// Service Connection ID
pub service_connection_id: ID,
/// Service encryption key
pub service_key: Secret,
}
impl RespData {
const NONCE_LEN: usize = ::core::mem::size_of::<Nonce>();
/// Return the expected length for buffer allocation
pub fn len() -> usize {
Self::NONCE_LEN + ID::len() + ID::len() + 32
}
/// Serialize the data into a buffer
/// NOTE: assumes that there is exactly asa much buffer as needed
pub fn serialize(&self, out: &mut [u8]) {
assert!(out.len() == Self::len(), "wrong buffer size");
let mut start = 0;
let mut end = Self::NONCE_LEN;
out[start..end].copy_from_slice(&self.client_nonce);
start = end;
end = end + Self::NONCE_LEN;
self.id.serialize(&mut out[start..end]);
start = end;
end = end + Self::NONCE_LEN;
self.service_connection_id.serialize(&mut out[start..end]);
start = end;
end = end + Self::NONCE_LEN;
out[start..end].copy_from_slice(self.service_key.as_ref());
}
/// Parse the cleartext raw data
pub fn deserialize(raw: &[u8]) -> Result<Self, Error> {
todo!();
}
}
Reference in New Issue View Git Blame Copy Permalink