This commit is contained in:
John Smith 2021-11-26 11:50:49 -05:00
parent 303a7aec29
commit 7718ca84a7
4 changed files with 54 additions and 61 deletions

View File

@ -75,7 +75,7 @@ pub struct Crypto {
impl Crypto {
fn new_inner(table_store: TableStore) -> CryptoInner {
CryptoInner {
table_store: table_store,
table_store,
node_id: Default::default(),
node_id_secret: Default::default(),
dh_cache: DHCache::default(),
@ -85,7 +85,7 @@ impl Crypto {
pub fn new(config: VeilidConfig, table_store: TableStore) -> Self {
Self {
config: config,
config,
inner: Arc::new(Mutex::new(Self::new_inner(table_store))),
}
}
@ -106,12 +106,9 @@ impl Crypto {
None => false,
};
if caches_valid {
match db.load(0, b"dh_cache").await? {
Some(b) => {
if let Some(b) = db.load(0, b"dh_cache").await? {
bytes_to_cache(&b, &mut inner.dh_cache);
}
None => (),
};
} else {
drop(db);
inner.table_store.delete("crypto_caches").await?;
@ -157,11 +154,9 @@ impl Crypto {
match self.flush().await {
Ok(_) => {
trace!("finished termination flush");
()
}
Err(e) => {
error!("failed termination flush: {}", e);
()
}
};
}
@ -190,13 +185,13 @@ impl Crypto {
return Ok(c.shared_secret);
}
let ss = Self::compute_dh(key, secret)?;
let shared_secret = Self::compute_dh(key, secret)?;
self.inner.lock().dh_cache.insert(DHCacheEntry {
key: key.clone(),
secret: secret.clone(),
shared_secret: ss.clone(),
key: *key,
secret: *secret,
shared_secret,
});
Ok(ss)
Ok(shared_secret)
}
///////////
@ -242,8 +237,8 @@ impl Crypto {
shared_secret: &SharedSecret,
associated_data: Option<&[u8]>,
) -> Result<(), ()> {
let key = ch::Key::from(shared_secret.clone());
let xnonce = ch::XNonce::from(nonce.clone());
let key = ch::Key::from(*shared_secret);
let xnonce = ch::XNonce::from(*nonce);
let aead = ch::XChaCha20Poly1305::new(&key);
aead.decrypt_in_place(&xnonce, associated_data.unwrap_or(b""), body)
.map_err(|e| trace!("decryption failure: {}", e))
@ -266,8 +261,8 @@ impl Crypto {
shared_secret: &SharedSecret,
associated_data: Option<&[u8]>,
) -> Result<(), ()> {
let key = ch::Key::from(shared_secret.clone());
let xnonce = ch::XNonce::from(nonce.clone());
let key = ch::Key::from(*shared_secret);
let xnonce = ch::XNonce::from(*nonce);
let aead = ch::XChaCha20Poly1305::new(&key);
aead.encrypt_in_place(&xnonce, associated_data.unwrap_or(b""), body)

View File

@ -1,3 +1,4 @@
#![allow(clippy::absurd_extreme_comparisons)]
use super::crypto::*;
use super::key::*;
use crate::xx::*;
@ -65,13 +66,13 @@ impl Envelope {
assert!(version >= MIN_VERSION);
assert!(version <= MAX_VERSION);
Self {
version: version,
version,
min_version: MIN_VERSION,
max_version: MAX_VERSION,
timestamp: timestamp,
nonce: nonce,
sender_id: sender_id,
recipient_id: recipient_id,
timestamp,
nonce,
sender_id,
recipient_id,
}
}
@ -139,29 +140,29 @@ impl Envelope {
// Get nonce and sender node id
let nonce: EnvelopeNonce = data[0x12..0x2A].try_into().map_err(drop)?;
let sender_id: [u8; 32] = data[0x2A..0x4A].try_into().map_err(drop)?;
let recipient_id: [u8; 32] = data[0x4A..0x6A].try_into().map_err(drop)?;
let sender_id_dhtkey = DHTKey::new(sender_id);
let recipient_id_dhtkey = DHTKey::new(recipient_id);
let sender_id_slice: [u8; 32] = data[0x2A..0x4A].try_into().map_err(drop)?;
let recipient_id_slice: [u8; 32] = data[0x4A..0x6A].try_into().map_err(drop)?;
let sender_id = DHTKey::new(sender_id_slice);
let recipient_id = DHTKey::new(recipient_id_slice);
// Ensure sender_id and recipient_id are not the same
if sender_id_dhtkey == recipient_id_dhtkey {
if sender_id == recipient_id {
trace!(
"sender_id should not be same as recipient_id: {}",
recipient_id_dhtkey.encode()
recipient_id.encode()
);
return Err(());
}
// Return envelope
Ok(Self {
version: version,
min_version: min_version,
max_version: max_version,
timestamp: timestamp,
nonce: nonce,
sender_id: sender_id_dhtkey,
recipient_id: recipient_id_dhtkey,
version,
min_version,
max_version,
timestamp,
nonce,
sender_id,
recipient_id,
})
}
@ -205,8 +206,7 @@ impl Envelope {
if envelope_size > MAX_ENVELOPE_SIZE {
return Err(());
}
let mut data: Vec<u8> = Vec::with_capacity(envelope_size);
data.resize(envelope_size, 0u8);
let mut data = vec![0u8; envelope_size];
// Write magic
data[0x00..0x04].copy_from_slice(ENVELOPE_MAGIC);

View File

@ -62,16 +62,13 @@ macro_rules! byte_array_type {
if s == "" {
return Ok($name::default());
}
$name::try_decode(s.as_str()).map_err(|e| serde::de::Error::custom(e))
$name::try_decode(s.as_str()).map_err(serde::de::Error::custom)
}
}
impl $name {
pub fn new(bytes: [u8; $size]) -> Self {
Self {
bytes: bytes,
valid: true,
}
Self { bytes, valid: true }
}
pub fn try_from_vec(v: Vec<u8>) -> Result<Self, String> {
@ -377,7 +374,7 @@ pub fn sign(
.sign_prehashed(dig, None)
.map_err(|_| "Signature failed".to_owned())?;
let dht_sig = DHTSignature::new(sig.to_bytes().clone());
let dht_sig = DHTSignature::new(sig.to_bytes());
Ok(dht_sig)
}
@ -410,13 +407,13 @@ pub fn validate_hash(data: &[u8], dht_key: &DHTKey) -> bool {
pub fn validate_key(dht_key: &DHTKey, dht_key_secret: &DHTKeySecret) -> bool {
let data = vec![0u8; 512];
let sig = match sign(&dht_key, &dht_key_secret, &data) {
let sig = match sign(dht_key, dht_key_secret, &data) {
Ok(s) => s,
Err(_) => {
return false;
}
};
verify(&dht_key, &data, &sig).is_ok()
verify(dht_key, &data, &sig).is_ok()
}
pub fn distance(key1: &DHTKey, key2: &DHTKey) -> DHTKeyDistance {
@ -424,8 +421,8 @@ pub fn distance(key1: &DHTKey, key2: &DHTKey) -> DHTKeyDistance {
assert!(key2.valid);
let mut bytes = [0u8; DHT_KEY_LENGTH];
for n in 0..DHT_KEY_LENGTH {
bytes[n] = key1.bytes[n] ^ key2.bytes[n];
for (n, byte) in bytes.iter_mut().enumerate() {
*byte = key1.bytes[n] ^ key2.bytes[n];
}
DHTKeyDistance::new(bytes)

View File

@ -1,3 +1,4 @@
#![allow(clippy::absurd_extreme_comparisons)]
use super::envelope::{MAX_VERSION, MIN_VERSION};
use super::key::*;
use crate::xx::*;
@ -50,9 +51,9 @@ impl Receipt {
return Err("extra data too large for receipt".to_owned());
}
Ok(Self {
version: version,
nonce: nonce,
sender_id: sender_id,
version,
nonce,
sender_id,
extra_data: Vec::from(extra_data.as_ref()),
})
}
@ -94,12 +95,13 @@ impl Receipt {
}
// Get sender id
let sender_id_dhtkey = DHTKey::new(data[0x20..0x40].try_into().map_err(drop)?);
let sender_id = DHTKey::new(data[0x20..0x40].try_into().map_err(drop)?);
// Get signature
let signature = DHTSignature::new(data[(data.len() - 64)..].try_into().map_err(drop)?);
// Validate signature
verify(&sender_id_dhtkey, &data[0..(data.len() - 64)], &signature).map_err(drop)?;
verify(&sender_id, &data[0..(data.len() - 64)], &signature).map_err(drop)?;
// Get nonce
let nonce: ReceiptNonce = data[0x08..0x20].try_into().map_err(drop)?;
@ -109,10 +111,10 @@ impl Receipt {
// Return receipt
Ok(Self {
version: version,
nonce: nonce,
sender_id: sender_id_dhtkey,
extra_data: extra_data,
version,
nonce,
sender_id,
extra_data,
})
}
@ -127,8 +129,7 @@ impl Receipt {
if receipt_size > MAX_RECEIPT_SIZE {
return Err(());
}
let mut data: Vec<u8> = Vec::with_capacity(receipt_size);
data.resize(receipt_size, 0u8);
let mut data: Vec<u8> = vec![0u8; receipt_size];
// Write magic
data[0x00..0x04].copy_from_slice(RECEIPT_MAGIC);
@ -141,7 +142,7 @@ impl Receipt {
// Write sender node id
data[0x20..0x40].copy_from_slice(&self.sender_id.bytes);
// Write extra data
if self.extra_data.len() > 0 {
if !self.extra_data.is_empty() {
data[0x40..(receipt_size - 64)].copy_from_slice(self.extra_data.as_slice());
}
// Sign the receipt