mirror of
https://github.com/rosenpass/rosenpass.git
synced 2026-02-27 14:03:11 -08:00
stasg
This commit is contained in:
Karolin Varner
@@ -1,4 +1,4 @@
|
|||||||
use zerocopy::{ByteSlice, Ref, SplitByteSlice};
|
use zerocopy::{Ref, SplitByteSlice};
|
||||||
|
|
||||||
use rosenpass_util::zerocopy::{RefMaker, ZerocopySliceExt};
|
use rosenpass_util::zerocopy::{RefMaker, ZerocopySliceExt};
|
||||||
|
|
||||||
|
|||||||
@@ -2042,7 +2042,8 @@ impl CryptoServer {
|
|||||||
|
|
||||||
let mut expected = [0u8; COOKIE_SIZE];
|
let mut expected = [0u8; COOKIE_SIZE];
|
||||||
|
|
||||||
let msg_in = Ref::<&[u8], Envelope<InitHello>>::new(rx_buf)
|
let msg_in = Ref::<&[u8], Envelope<InitHello>>::from_bytes(rx_buf)
|
||||||
|
.ok()
|
||||||
.ok_or(RosenpassError::BufferSizeMismatch)?;
|
.ok_or(RosenpassError::BufferSizeMismatch)?;
|
||||||
expected.copy_from_slice(
|
expected.copy_from_slice(
|
||||||
&hash_domains::cookie(KeyedHash::keyed_shake256())?
|
&hash_domains::cookie(KeyedHash::keyed_shake256())?
|
||||||
@@ -2188,7 +2189,7 @@ impl CryptoServer {
|
|||||||
let peer = match msg_type {
|
let peer = match msg_type {
|
||||||
Ok(MsgType::InitHello) => {
|
Ok(MsgType::InitHello) => {
|
||||||
let msg_in: Ref<&[u8], Envelope<InitHello>> =
|
let msg_in: Ref<&[u8], Envelope<InitHello>> =
|
||||||
Ref::new(rx_buf).ok_or(RosenpassError::BufferSizeMismatch)?;
|
Ref::from_bytes(rx_buf).ok().ok_or(RosenpassError::BufferSizeMismatch)?;
|
||||||
|
|
||||||
// At this point, we do not know the hash functon used by the peer, thus we try both,
|
// At this point, we do not know the hash functon used by the peer, thus we try both,
|
||||||
// with a preference for SHAKE256.
|
// with a preference for SHAKE256.
|
||||||
@@ -2222,7 +2223,7 @@ impl CryptoServer {
|
|||||||
}
|
}
|
||||||
Ok(MsgType::RespHello) => {
|
Ok(MsgType::RespHello) => {
|
||||||
let msg_in: Ref<&[u8], Envelope<RespHello>> =
|
let msg_in: Ref<&[u8], Envelope<RespHello>> =
|
||||||
Ref::new(rx_buf).ok_or(RosenpassError::BufferSizeMismatch)?;
|
Ref::from_bytes(rx_buf).ok().ok_or(RosenpassError::BufferSizeMismatch)?;
|
||||||
|
|
||||||
let mut msg_out = truncating_cast_into::<Envelope<InitConf>>(tx_buf)?;
|
let mut msg_out = truncating_cast_into::<Envelope<InitConf>>(tx_buf)?;
|
||||||
let peer = self.handle_resp_hello(&msg_in.payload, &mut msg_out.payload)?;
|
let peer = self.handle_resp_hello(&msg_in.payload, &mut msg_out.payload)?;
|
||||||
@@ -2239,7 +2240,7 @@ impl CryptoServer {
|
|||||||
}
|
}
|
||||||
Ok(MsgType::InitConf) => {
|
Ok(MsgType::InitConf) => {
|
||||||
let msg_in: Ref<&[u8], Envelope<InitConf>> =
|
let msg_in: Ref<&[u8], Envelope<InitConf>> =
|
||||||
Ref::new(rx_buf).ok_or(RosenpassError::BufferSizeMismatch)?;
|
Ref::from_bytes(rx_buf).ok().ok_or(RosenpassError::BufferSizeMismatch)?;
|
||||||
|
|
||||||
let mut msg_out = truncating_cast_into::<Envelope<EmptyData>>(tx_buf)?;
|
let mut msg_out = truncating_cast_into::<Envelope<EmptyData>>(tx_buf)?;
|
||||||
|
|
||||||
@@ -2258,7 +2259,7 @@ impl CryptoServer {
|
|||||||
.map(|v| v.response.borrow())
|
.map(|v| v.response.borrow())
|
||||||
// Invalid! Found peer no with cache in index but the cache does not exist
|
// Invalid! Found peer no with cache in index but the cache does not exist
|
||||||
.unwrap();
|
.unwrap();
|
||||||
copy_slice(cached.as_bytes()).to(msg_out.as_bytes_mut());
|
copy_slice(cached.as_bytes()).to(msg_out.as_mut_bytes());
|
||||||
peer
|
peer
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2307,13 +2308,13 @@ impl CryptoServer {
|
|||||||
}
|
}
|
||||||
Ok(MsgType::EmptyData) => {
|
Ok(MsgType::EmptyData) => {
|
||||||
let msg_in: Ref<&[u8], Envelope<EmptyData>> =
|
let msg_in: Ref<&[u8], Envelope<EmptyData>> =
|
||||||
Ref::new(rx_buf).ok_or(RosenpassError::BufferSizeMismatch)?;
|
Ref::from_bytes(rx_buf).ok().ok_or(RosenpassError::BufferSizeMismatch)?;
|
||||||
|
|
||||||
self.handle_resp_conf(&msg_in, seal_broken.to_string())?
|
self.handle_resp_conf(&msg_in, seal_broken.to_string())?
|
||||||
}
|
}
|
||||||
Ok(MsgType::CookieReply) => {
|
Ok(MsgType::CookieReply) => {
|
||||||
let msg_in: Ref<&[u8], CookieReply> =
|
let msg_in: Ref<&[u8], CookieReply> =
|
||||||
Ref::new(rx_buf).ok_or(RosenpassError::BufferSizeMismatch)?;
|
Ref::from_bytes(rx_buf).ok().ok_or(RosenpassError::BufferSizeMismatch)?;
|
||||||
let peer = self.handle_cookie_reply(&msg_in)?;
|
let peer = self.handle_cookie_reply(&msg_in)?;
|
||||||
len = 0;
|
len = 0;
|
||||||
peer
|
peer
|
||||||
@@ -3322,7 +3323,7 @@ impl HandshakeState {
|
|||||||
let test_values: StoreBiscuitTestValues = TV::initialize_values();
|
let test_values: StoreBiscuitTestValues = TV::initialize_values();
|
||||||
let mut biscuit = Secret::<BISCUIT_PT_LEN>::zero(); // pt buffer
|
let mut biscuit = Secret::<BISCUIT_PT_LEN>::zero(); // pt buffer
|
||||||
let mut biscuit: Ref<&mut [u8], Biscuit> =
|
let mut biscuit: Ref<&mut [u8], Biscuit> =
|
||||||
Ref::new(biscuit.secret_mut().as_mut_slice()).unwrap();
|
Ref::from_bytes(biscuit.secret_mut().as_mut_slice()).unwrap();
|
||||||
|
|
||||||
// calculate pt contents
|
// calculate pt contents
|
||||||
biscuit
|
biscuit
|
||||||
@@ -3384,9 +3385,9 @@ impl HandshakeState {
|
|||||||
// Allocate and decrypt the biscuit data
|
// Allocate and decrypt the biscuit data
|
||||||
let mut biscuit = Secret::<BISCUIT_PT_LEN>::zero(); // pt buf
|
let mut biscuit = Secret::<BISCUIT_PT_LEN>::zero(); // pt buf
|
||||||
let mut biscuit: Ref<&mut [u8], Biscuit> =
|
let mut biscuit: Ref<&mut [u8], Biscuit> =
|
||||||
Ref::new(biscuit.secret_mut().as_mut_slice()).unwrap();
|
Ref::from_bytes(biscuit.secret_mut().as_mut_slice()).unwrap();
|
||||||
XAead.decrypt_with_nonce_in_ctxt(
|
XAead.decrypt_with_nonce_in_ctxt(
|
||||||
biscuit.as_bytes_mut(),
|
biscuit.as_mut_bytes(),
|
||||||
bk.get(srv).value.secret(),
|
bk.get(srv).value.secret(),
|
||||||
&ad,
|
&ad,
|
||||||
biscuit_ct,
|
biscuit_ct,
|
||||||
|
|||||||
@@ -17,7 +17,7 @@ use assert_tv::TestVectorSet;
|
|||||||
use base64::Engine;
|
use base64::Engine;
|
||||||
use rosenpass_cipher_traits::primitives::{Aead, Kem};
|
use rosenpass_cipher_traits::primitives::{Aead, Kem};
|
||||||
use rosenpass_ciphers::{EphemeralKem, XAead, KEY_LEN};
|
use rosenpass_ciphers::{EphemeralKem, XAead, KEY_LEN};
|
||||||
use rosenpass_secret_memory::{Public, PublicBox, Secret};
|
use rosenpass_secret_memory::{Public, Secret};
|
||||||
use serde_json::Value;
|
use serde_json::Value;
|
||||||
|
|
||||||
#[derive(TestVectorSet)]
|
#[derive(TestVectorSet)]
|
||||||
|
|||||||
@@ -10,12 +10,12 @@ use crate::RosenpassError;
|
|||||||
pub fn truncating_cast_into<T: FromBytes + KnownLayout + Immutable>(
|
pub fn truncating_cast_into<T: FromBytes + KnownLayout + Immutable>(
|
||||||
buf: &mut [u8],
|
buf: &mut [u8],
|
||||||
) -> Result<Ref<&mut [u8], T>, RosenpassError> {
|
) -> Result<Ref<&mut [u8], T>, RosenpassError> {
|
||||||
Ref::new(&mut buf[..size_of::<T>()]).ok_or(RosenpassError::BufferSizeMismatch)
|
Ref::from_bytes(&mut buf[..size_of::<T>()]).ok().ok_or(RosenpassError::BufferSizeMismatch)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Used to parse a network message using [zerocopy], mutably
|
/// Used to parse a network message using [zerocopy], mutably
|
||||||
pub fn truncating_cast_into_nomut<T: FromBytes + KnownLayout + Immutable>(
|
pub fn truncating_cast_into_nomut<T: FromBytes + KnownLayout + Immutable>(
|
||||||
buf: &[u8],
|
buf: &[u8],
|
||||||
) -> Result<Ref<&[u8], T>, RosenpassError> {
|
) -> Result<Ref<&[u8], T>, RosenpassError> {
|
||||||
Ref::new(&buf[..size_of::<T>()]).ok_or(RosenpassError::BufferSizeMismatch)
|
Ref::from_bytes(&buf[..size_of::<T>()]).ok().ok_or(RosenpassError::BufferSizeMismatch)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
//! Extension traits for converting `Ref<B, T>` into references backed by
|
//! Extension traits for converting `Ref<B, T>` into references backed by
|
||||||
//! standard slices.
|
//! standard slices.
|
||||||
|
|
||||||
use zerocopy::{SplitByteSlice, SplitByteSliceMut, Immutable, KnownLayout, Ref};
|
use zerocopy::{Immutable, KnownLayout, Ref, SplitByteSlice, SplitByteSliceMut};
|
||||||
|
|
||||||
/// A trait for converting a `Ref<B, T>` into a `Ref<&[u8], T>`.
|
/// A trait for converting a `Ref<B, T>` into a `Ref<&[u8], T>`.
|
||||||
///
|
///
|
||||||
@@ -68,7 +68,7 @@ where
|
|||||||
T: KnownLayout + Immutable,
|
T: KnownLayout + Immutable,
|
||||||
{
|
{
|
||||||
fn emancipate(&self) -> Ref<&[u8], T> {
|
fn emancipate(&self) -> Ref<&[u8], T> {
|
||||||
Ref::new(zerocopy::Ref::<B, T>::bytes(&self)).unwrap()
|
Ref::from_bytes(zerocopy::Ref::bytes(self)).unwrap()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -78,6 +78,6 @@ where
|
|||||||
T: KnownLayout + Immutable,
|
T: KnownLayout + Immutable,
|
||||||
{
|
{
|
||||||
fn emancipate_mut(&mut self) -> Ref<&mut [u8], T> {
|
fn emancipate_mut(&mut self) -> Ref<&mut [u8], T> {
|
||||||
Ref::new(zerocopy::Ref::<B, T>::bytes_mut(self)).unwrap()
|
Ref::from_bytes(zerocopy::Ref::bytes_mut(self)).unwrap()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -172,7 +172,8 @@ where
|
|||||||
let typ = msgs::MsgType::try_from(*typ)?;
|
let typ = msgs::MsgType::try_from(*typ)?;
|
||||||
let msgs::MsgType::SetPsk = typ; // Assert type
|
let msgs::MsgType::SetPsk = typ; // Assert type
|
||||||
|
|
||||||
let res = zerocopy::Ref::<&[u8], Envelope<SetPskResponse>>::new(res)
|
let res = zerocopy::Ref::<&[u8], Envelope<SetPskResponse>>::from_bytes(res)
|
||||||
|
.ok()
|
||||||
.ok_or(invalid_msg_poller())?;
|
.ok_or(invalid_msg_poller())?;
|
||||||
let res: &msgs::SetPskResponse = &res.payload;
|
let res: &msgs::SetPskResponse = &res.payload;
|
||||||
let res: msgs::SetPskResponseReturnCode = res
|
let res: msgs::SetPskResponseReturnCode = res
|
||||||
@@ -202,7 +203,8 @@ where
|
|||||||
let mut req = [0u8; BUF_SIZE];
|
let mut req = [0u8; BUF_SIZE];
|
||||||
|
|
||||||
// Construct message view
|
// Construct message view
|
||||||
let mut req = zerocopy::Ref::<&mut [u8], Envelope<msgs::SetPskRequest>>::new(&mut req)
|
let mut req = zerocopy::Ref::<&mut [u8], Envelope<msgs::SetPskRequest>>::from_bytes(&mut req)
|
||||||
|
.ok()
|
||||||
.ok_or(MsgError)?;
|
.ok_or(MsgError)?;
|
||||||
|
|
||||||
// Populate envelope
|
// Populate envelope
|
||||||
|
|||||||
@@ -80,9 +80,9 @@ where
|
|||||||
let msgs::MsgType::SetPsk = typ; // Assert type
|
let msgs::MsgType::SetPsk = typ; // Assert type
|
||||||
|
|
||||||
let req =
|
let req =
|
||||||
zerocopy::Ref::<&[u8], Envelope<SetPskRequest>>::new(req).ok_or(InvalidMessage)?;
|
zerocopy::Ref::<&[u8], Envelope<SetPskRequest>>::from_bytes(req).ok().ok_or(InvalidMessage)?;
|
||||||
let mut res =
|
let mut res =
|
||||||
zerocopy::Ref::<&mut [u8], Envelope<SetPskResponse>>::new(res).ok_or(InvalidMessage)?;
|
zerocopy::Ref::<&mut [u8], Envelope<SetPskResponse>>::from_bytes(res).ok().ok_or(InvalidMessage)?;
|
||||||
res.msg_type = msgs::MsgType::SetPsk as u8;
|
res.msg_type = msgs::MsgType::SetPsk as u8;
|
||||||
self.handle_set_psk(&req.payload, &mut res.payload)?;
|
self.handle_set_psk(&req.payload, &mut res.payload)?;
|
||||||
|
|
||||||
@@ -139,7 +139,7 @@ mod tests {
|
|||||||
use crate::brokers::netlink::SetPskError;
|
use crate::brokers::netlink::SetPskError;
|
||||||
use crate::{SerializedBrokerConfig, WireGuardBroker};
|
use crate::{SerializedBrokerConfig, WireGuardBroker};
|
||||||
use rosenpass_secret_memory::{secret_policy_use_only_malloc_secrets, Secret};
|
use rosenpass_secret_memory::{secret_policy_use_only_malloc_secrets, Secret};
|
||||||
use zerocopy::AsBytes;
|
use zerocopy::IntoBytes;
|
||||||
|
|
||||||
#[derive(Debug, Clone)]
|
#[derive(Debug, Clone)]
|
||||||
struct MockWireGuardBroker {
|
struct MockWireGuardBroker {
|
||||||
|
|||||||
Reference in New Issue
Block a user