From 1bb790618419868237fc1e3d6087035451d40ae3 Mon Sep 17 00:00:00 2001 From: mycognosist Date: Mon, 16 Oct 2023 10:46:20 +0200 Subject: [PATCH 1/7] derive Clone for HandshakeComplete --- src/handshake.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/handshake.rs b/src/handshake.rs index fef4ede..359955b 100644 --- a/src/handshake.rs +++ b/src/handshake.rs @@ -556,7 +556,7 @@ impl Handshake { /// Type used to group all the values obtained during a successful handshake that can be used to /// stablish a secure authenticated channel. -#[derive(Debug)] +#[derive(Debug, Clone)] pub struct HandshakeComplete { pub net_id: auth::Key, pub pk: ed25519::PublicKey, From 53be95a785945e17f49f4d299e3e4e7b2fe5d03f Mon Sep 17 00:00:00 2001 From: mycognosist Date: Mon, 16 Oct 2023 10:53:01 +0200 Subject: [PATCH 2/7] satisfy clippy --- src/boxstream.rs | 31 ++++++++++++------------------- src/handshake.rs | 8 ++++---- 2 files changed, 16 insertions(+), 23 deletions(-) diff --git a/src/boxstream.rs b/src/boxstream.rs index c325682..96ac294 100644 --- a/src/boxstream.rs +++ b/src/boxstream.rs @@ -144,12 +144,12 @@ impl Header { /// /// Note that the nonce is not incremented since this **must** be the last nonce used. fn encrypt_box_stream_goodbye(key_nonce: &mut KeyNonce, enc: &mut [u8]) -> usize { - let (goodbye_tag_buf, mut goodbye_header_buf) = + let (goodbye_tag_buf, goodbye_header_buf) = enc[..MSG_HEADER_LEN].split_at_mut(secretbox::MACBYTES); goodbye_header_buf.iter_mut().for_each(|x| *x = 0); let goodbye_tag = - secretbox::seal_detached(&mut goodbye_header_buf, &key_nonce.nonce, &key_nonce.key); + secretbox::seal_detached(goodbye_header_buf, &key_nonce.nonce, &key_nonce.key); goodbye_tag_buf.copy_from_slice(goodbye_tag.as_ref()); MSG_HEADER_LEN } @@ -164,17 +164,16 @@ fn encrypt_box_stream_msg(key_nonce: &mut KeyNonce, buf: &[u8], enc: &mut [u8]) let body_nonce = key_nonce.nonce; key_nonce.increment_nonce_be_inplace(); - let (header_buf, mut body_buf) = - enc[..MSG_HEADER_LEN + body.len()].split_at_mut(MSG_HEADER_LEN); - let (header_tag_buf, mut header_body_buf) = header_buf.split_at_mut(secretbox::MACBYTES); + let (header_buf, body_buf) = enc[..MSG_HEADER_LEN + body.len()].split_at_mut(MSG_HEADER_LEN); + let (header_tag_buf, header_body_buf) = header_buf.split_at_mut(secretbox::MACBYTES); body_buf.copy_from_slice(body); - let body_tag = secretbox::seal_detached(&mut body_buf, &body_nonce, &key_nonce.key); + let body_tag = secretbox::seal_detached(body_buf, &body_nonce, &key_nonce.key); let header = Header { body_len: body.len(), body_mac: body_tag, }; header_body_buf.copy_from_slice(&header.to_bytes()); - let header_tag = secretbox::seal_detached(&mut header_body_buf, &header_nonce, &key_nonce.key); + let header_tag = secretbox::seal_detached(header_body_buf, &header_nonce, &key_nonce.key); header_tag_buf.copy_from_slice(header_tag.as_ref()); (body.len(), MSG_HEADER_LEN + body.len()) } @@ -196,14 +195,14 @@ impl BoxStreamSend { /// Encrypt a single boxstream message by taking bytes from `buf` and encrypting them into /// `enc`. Returns the number of bytes read from `buf` and the number of bytes written into /// `enc`. - pub fn encrypt(&mut self, buf: &[u8], mut enc: &mut [u8]) -> Result<(usize, usize)> { + pub fn encrypt(&mut self, buf: &[u8], enc: &mut [u8]) -> Result<(usize, usize)> { if self.goodbye { return Err(Error::GoodbyeSent); } if buf.is_empty() { Ok((0, 0)) } else { - Ok(encrypt_box_stream_msg(&mut self.key_nonce, buf, &mut enc)) + Ok(encrypt_box_stream_msg(&mut self.key_nonce, buf, enc)) } } /// Encrypt a goodbye message into `enc`. Returns the number of bytes written into `enc`. @@ -244,10 +243,9 @@ fn decrypt_box_stream_header( key_nonce: &mut KeyNonce, buf: &mut [u8], ) -> Result> { - let (header_tag_buf, mut header_body_buf) = - buf[..MSG_HEADER_LEN].split_at_mut(secretbox::MACBYTES); + let (header_tag_buf, header_body_buf) = buf[..MSG_HEADER_LEN].split_at_mut(secretbox::MACBYTES); match secretbox::open_detached( - &mut header_body_buf, + header_body_buf, &secretbox::Tag::from_slice(header_tag_buf).unwrap(), &key_nonce.nonce, &key_nonce.key, @@ -273,13 +271,8 @@ fn decrypt_box_stream_body( key_nonce: &mut KeyNonce, buf: &mut [u8], ) -> Result { - let mut body_buf = &mut buf[..header.body_len]; - match secretbox::open_detached( - &mut body_buf, - &header.body_mac, - &key_nonce.nonce, - &key_nonce.key, - ) { + let body_buf = &mut buf[..header.body_len]; + match secretbox::open_detached(body_buf, &header.body_mac, &key_nonce.nonce, &key_nonce.key) { Ok(()) => { key_nonce.increment_nonce_be_inplace(); Ok(header.body_len) diff --git a/src/handshake.rs b/src/handshake.rs index 359955b..4bcc931 100644 --- a/src/handshake.rs +++ b/src/handshake.rs @@ -313,9 +313,9 @@ impl Handshake { impl Handshake { pub fn recv_server_accept(self, recv_buf: &mut [u8]) -> Result> { - let (tag_buf, mut enc_buf) = recv_buf.split_at_mut(secretbox::MACBYTES); + let (tag_buf, enc_buf) = recv_buf.split_at_mut(secretbox::MACBYTES); secretbox::open_detached( - &mut enc_buf, + enc_buf, &secretbox::Tag::from_slice(tag_buf).unwrap(), &secretbox::Nonce([0; 24]), &secretbox::Key( @@ -447,9 +447,9 @@ impl Handshake { impl Handshake { /// Receive a client auth and advance to the next server state. pub fn recv_client_auth(self, recv_buf: &mut [u8]) -> Result> { - let (tag_buf, mut enc_buf) = recv_buf.split_at_mut(secretbox::MACBYTES); + let (tag_buf, enc_buf) = recv_buf.split_at_mut(secretbox::MACBYTES); secretbox::open_detached( - &mut enc_buf, + enc_buf, &secretbox::Tag::from_slice(tag_buf).unwrap(), &secretbox::Nonce([0; 24]), &secretbox::Key( From bd11c19e84b1b55957428f26d771fd1ae50a6dab Mon Sep 17 00:00:00 2001 From: mycognosist Date: Tue, 17 Oct 2023 08:57:20 +0200 Subject: [PATCH 3/7] remove needless borrows to satisfy clippy --- src/async_std/handshake.rs | 20 ++++++++++---------- src/sync/handshake.rs | 20 ++++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/src/async_std/handshake.rs b/src/async_std/handshake.rs index 8fe26ef..8804703 100644 --- a/src/async_std/handshake.rs +++ b/src/async_std/handshake.rs @@ -33,20 +33,20 @@ pub async fn handshake_client( let handshake = Handshake::new_client(net_id, pk, sk); let mut send_buf = &mut buf[..handshake.send_bytes()]; - let handshake = handshake.send_client_hello(&mut send_buf); + let handshake = handshake.send_client_hello(send_buf); stream.write_all(send_buf).await?; let mut recv_buf = &mut buf[..handshake.recv_bytes()]; - stream.read_exact(&mut recv_buf).await?; + stream.read_exact(recv_buf).await?; let handshake = handshake.recv_server_hello(recv_buf)?; let mut send_buf = &mut buf[..handshake.send_bytes()]; - let handshake = handshake.send_client_auth(&mut send_buf, server_pk)?; + let handshake = handshake.send_client_auth(send_buf, server_pk)?; stream.write_all(send_buf).await?; let mut recv_buf = &mut buf[..handshake.recv_bytes()]; - stream.read_exact(&mut recv_buf).await?; - let handshake = handshake.recv_server_accept(&mut recv_buf)?; + stream.read_exact(recv_buf).await?; + let handshake = handshake.recv_server_accept(recv_buf)?; Ok(handshake.complete()) } @@ -61,19 +61,19 @@ pub async fn handshake_server( let handshake = Handshake::new_server(net_id, pk, sk); let mut recv_buf = &mut buf[..handshake.recv_bytes()]; - stream.read_exact(&mut recv_buf).await?; + stream.read_exact(recv_buf).await?; let handshake = handshake.recv_client_hello(recv_buf)?; let mut send_buf = &mut buf[..handshake.send_bytes()]; - let handshake = handshake.send_server_hello(&mut send_buf); + let handshake = handshake.send_server_hello(send_buf); stream.write_all(send_buf).await?; let mut recv_buf = &mut buf[..handshake.recv_bytes()]; - stream.read_exact(&mut recv_buf).await?; - let handshake = handshake.recv_client_auth(&mut recv_buf)?; + stream.read_exact(recv_buf).await?; + let handshake = handshake.recv_client_auth(recv_buf)?; let mut send_buf = &mut buf[..handshake.send_bytes()]; - let handshake = handshake.send_server_accept(&mut send_buf); + let handshake = handshake.send_server_accept(send_buf); stream.write_all(send_buf).await?; Ok(handshake.complete()) diff --git a/src/sync/handshake.rs b/src/sync/handshake.rs index e29b137..04be95e 100644 --- a/src/sync/handshake.rs +++ b/src/sync/handshake.rs @@ -32,20 +32,20 @@ pub fn handshake_client( let handshake = Handshake::new_client(net_id, pk, sk); let mut send_buf = &mut buf[..handshake.send_bytes()]; - let handshake = handshake.send_client_hello(&mut send_buf); + let handshake = handshake.send_client_hello(send_buf); stream.write_all(send_buf)?; let mut recv_buf = &mut buf[..handshake.recv_bytes()]; - stream.read_exact(&mut recv_buf)?; + stream.read_exact(recv_buf)?; let handshake = handshake.recv_server_hello(recv_buf)?; let mut send_buf = &mut buf[..handshake.send_bytes()]; - let handshake = handshake.send_client_auth(&mut send_buf, server_pk)?; + let handshake = handshake.send_client_auth(send_buf, server_pk)?; stream.write_all(send_buf)?; let mut recv_buf = &mut buf[..handshake.recv_bytes()]; - stream.read_exact(&mut recv_buf)?; - let handshake = handshake.recv_server_accept(&mut recv_buf)?; + stream.read_exact(recv_buf)?; + let handshake = handshake.recv_server_accept(recv_buf)?; Ok(handshake.complete()) } @@ -60,19 +60,19 @@ pub fn handshake_server( let handshake = Handshake::new_server(net_id, pk, sk); let mut recv_buf = &mut buf[..handshake.recv_bytes()]; - stream.read_exact(&mut recv_buf)?; + stream.read_exact(recv_buf)?; let handshake = handshake.recv_client_hello(recv_buf)?; let mut send_buf = &mut buf[..handshake.send_bytes()]; - let handshake = handshake.send_server_hello(&mut send_buf); + let handshake = handshake.send_server_hello(send_buf); stream.write_all(send_buf)?; let mut recv_buf = &mut buf[..handshake.recv_bytes()]; - stream.read_exact(&mut recv_buf)?; - let handshake = handshake.recv_client_auth(&mut recv_buf)?; + stream.read_exact(recv_buf)?; + let handshake = handshake.recv_client_auth(recv_buf)?; let mut send_buf = &mut buf[..handshake.send_bytes()]; - let handshake = handshake.send_server_accept(&mut send_buf); + let handshake = handshake.send_server_accept(send_buf); stream.write_all(send_buf)?; Ok(handshake.complete()) From 73224fea27f597de859a925c4996dc8657b86d40 Mon Sep 17 00:00:00 2001 From: mycognosist Date: Tue, 17 Oct 2023 08:59:08 +0200 Subject: [PATCH 4/7] remove mutable variable assignments to satisfy clippy --- src/async_std/handshake.rs | 16 ++++++++-------- src/sync/handshake.rs | 16 ++++++++-------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/src/async_std/handshake.rs b/src/async_std/handshake.rs index 8804703..d4355e4 100644 --- a/src/async_std/handshake.rs +++ b/src/async_std/handshake.rs @@ -32,19 +32,19 @@ pub async fn handshake_client( let mut buf = [0; 128]; let handshake = Handshake::new_client(net_id, pk, sk); - let mut send_buf = &mut buf[..handshake.send_bytes()]; + let send_buf = &mut buf[..handshake.send_bytes()]; let handshake = handshake.send_client_hello(send_buf); stream.write_all(send_buf).await?; - let mut recv_buf = &mut buf[..handshake.recv_bytes()]; + let recv_buf = &mut buf[..handshake.recv_bytes()]; stream.read_exact(recv_buf).await?; let handshake = handshake.recv_server_hello(recv_buf)?; - let mut send_buf = &mut buf[..handshake.send_bytes()]; + let send_buf = &mut buf[..handshake.send_bytes()]; let handshake = handshake.send_client_auth(send_buf, server_pk)?; stream.write_all(send_buf).await?; - let mut recv_buf = &mut buf[..handshake.recv_bytes()]; + let recv_buf = &mut buf[..handshake.recv_bytes()]; stream.read_exact(recv_buf).await?; let handshake = handshake.recv_server_accept(recv_buf)?; @@ -60,19 +60,19 @@ pub async fn handshake_server( let mut buf = [0; 128]; let handshake = Handshake::new_server(net_id, pk, sk); - let mut recv_buf = &mut buf[..handshake.recv_bytes()]; + let recv_buf = &mut buf[..handshake.recv_bytes()]; stream.read_exact(recv_buf).await?; let handshake = handshake.recv_client_hello(recv_buf)?; - let mut send_buf = &mut buf[..handshake.send_bytes()]; + let send_buf = &mut buf[..handshake.send_bytes()]; let handshake = handshake.send_server_hello(send_buf); stream.write_all(send_buf).await?; - let mut recv_buf = &mut buf[..handshake.recv_bytes()]; + let recv_buf = &mut buf[..handshake.recv_bytes()]; stream.read_exact(recv_buf).await?; let handshake = handshake.recv_client_auth(recv_buf)?; - let mut send_buf = &mut buf[..handshake.send_bytes()]; + let send_buf = &mut buf[..handshake.send_bytes()]; let handshake = handshake.send_server_accept(send_buf); stream.write_all(send_buf).await?; diff --git a/src/sync/handshake.rs b/src/sync/handshake.rs index 04be95e..bc6888e 100644 --- a/src/sync/handshake.rs +++ b/src/sync/handshake.rs @@ -31,19 +31,19 @@ pub fn handshake_client( let mut buf = [0; 128]; let handshake = Handshake::new_client(net_id, pk, sk); - let mut send_buf = &mut buf[..handshake.send_bytes()]; + let send_buf = &mut buf[..handshake.send_bytes()]; let handshake = handshake.send_client_hello(send_buf); stream.write_all(send_buf)?; - let mut recv_buf = &mut buf[..handshake.recv_bytes()]; + let recv_buf = &mut buf[..handshake.recv_bytes()]; stream.read_exact(recv_buf)?; let handshake = handshake.recv_server_hello(recv_buf)?; - let mut send_buf = &mut buf[..handshake.send_bytes()]; + let send_buf = &mut buf[..handshake.send_bytes()]; let handshake = handshake.send_client_auth(send_buf, server_pk)?; stream.write_all(send_buf)?; - let mut recv_buf = &mut buf[..handshake.recv_bytes()]; + let recv_buf = &mut buf[..handshake.recv_bytes()]; stream.read_exact(recv_buf)?; let handshake = handshake.recv_server_accept(recv_buf)?; @@ -59,19 +59,19 @@ pub fn handshake_server( let mut buf = [0; 128]; let handshake = Handshake::new_server(net_id, pk, sk); - let mut recv_buf = &mut buf[..handshake.recv_bytes()]; + let recv_buf = &mut buf[..handshake.recv_bytes()]; stream.read_exact(recv_buf)?; let handshake = handshake.recv_client_hello(recv_buf)?; - let mut send_buf = &mut buf[..handshake.send_bytes()]; + let send_buf = &mut buf[..handshake.send_bytes()]; let handshake = handshake.send_server_hello(send_buf); stream.write_all(send_buf)?; - let mut recv_buf = &mut buf[..handshake.recv_bytes()]; + let recv_buf = &mut buf[..handshake.recv_bytes()]; stream.read_exact(recv_buf)?; let handshake = handshake.recv_client_auth(recv_buf)?; - let mut send_buf = &mut buf[..handshake.send_bytes()]; + let send_buf = &mut buf[..handshake.send_bytes()]; let handshake = handshake.send_server_accept(send_buf); stream.write_all(send_buf)?; From 6de37fdab2e990d3360d43084ef7b60cbfedc843 Mon Sep 17 00:00:00 2001 From: mycognosist Date: Tue, 17 Oct 2023 09:03:20 +0200 Subject: [PATCH 5/7] ignore unused_must_use warning in test --- src/boxstream.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/src/boxstream.rs b/src/boxstream.rs index 96ac294..5dda6cb 100644 --- a/src/boxstream.rs +++ b/src/boxstream.rs @@ -386,6 +386,7 @@ mod tests { } #[test] + #[allow(unused_must_use)] fn test_boxstream_error() { let test_error = |error| { format!("{}", error); From 44b3d49b0e56a6e16fb7de13266e40e9936038a7 Mon Sep 17 00:00:00 2001 From: mycognosist Date: Wed, 18 Oct 2023 14:33:07 +0200 Subject: [PATCH 6/7] replace glob re-exports with explicit re-exports and alias error and result types --- src/lib.rs | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index b5bc843..e796af5 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -13,5 +13,9 @@ pub mod async_std; mod boxstream; mod handshake; -pub use boxstream::*; -pub use handshake::*; +pub use boxstream::{ + BoxStreamRecv, BoxStreamSend, Error as BoxstreamError, Header, Result as BoxstreamResult, +}; +pub use handshake::{ + Error as HandshakeError, Handshake, Result as HandshakeResult, SendServerAccept, +}; From a8167aa8fc5202d3990538007abf51d854c26370 Mon Sep 17 00:00:00 2001 From: mycognosist Date: Wed, 18 Oct 2023 14:56:03 +0200 Subject: [PATCH 7/7] export KeyNonce and SharedSecret --- src/lib.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index e796af5..13cab59 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -14,8 +14,9 @@ mod boxstream; mod handshake; pub use boxstream::{ - BoxStreamRecv, BoxStreamSend, Error as BoxstreamError, Header, Result as BoxstreamResult, + BoxStreamRecv, BoxStreamSend, Error as BoxstreamError, Header, KeyNonce, + Result as BoxstreamResult, }; pub use handshake::{ - Error as HandshakeError, Handshake, Result as HandshakeResult, SendServerAccept, + Error as HandshakeError, Handshake, Result as HandshakeResult, SendServerAccept, SharedSecret, };