syndicate-lang
/
syndicate-rs
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Switch to HMAC-BLAKE2s

This commit is contained in:
Tony Garnock-Jones 2023-02-06 17:09:17 +01:00
parent d2c783927c
commit 7de2752068
11 changed files with 30 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
Cargo.lock generated
View File

@ -420,16 +420,6 @@ dependencies = [
"typenum",
]
[[package]]
name = "crypto-mac"
version = "0.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714"
dependencies = [
"generic-array",
"subtle",
]
[[package]]
name = "csv"
version = "1.1.6"
@ -835,12 +825,11 @@ dependencies = [
[[package]]
name = "hmac"
version = "0.11.0"
version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b"
checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
dependencies = [
"crypto-mac",
"digest 0.9.0",
"digest 0.10.6",
]
[[package]]
@ -1183,7 +1172,7 @@ dependencies = [
"chacha20poly1305",
"getrandom 0.2.8",
"noise-protocol",
"sha2 0.10.6",
"sha2",
"x25519-dalek",
"zeroize",
]
@ -1810,19 +1799,6 @@ dependencies = [
"opaque-debug",
]
[[package]]
name = "sha2"
version = "0.9.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800"
dependencies = [
"block-buffer 0.9.0",
"cfg-if 1.0.0",
"cpufeatures",
"digest 0.9.0",
"opaque-debug",
]
[[package]]
name = "sha2"
version = "0.10.6"
@ -1934,6 +1910,7 @@ dependencies = [
name = "syndicate"
version = "0.26.2"
dependencies = [
"blake2",
"bytes",
"criterion",
"futures",
@ -1944,7 +1921,6 @@ dependencies = [
"parking_lot",
"preserves",
"preserves-schema",
"sha2 0.9.9",
"tokio",
"tokio-util",
"tracing",

2
dev-scripts/benchmark-config.pr
View File

@ -1,3 +1,3 @@
let ?root_ds = dataspace
<require-service <relay-listener <tcp "0.0.0.0" 8001> $gatekeeper>>
<require-service <relay-listener <tcp "0.0.0.0" 9001> $gatekeeper>>
<bind "syndicate" #x"" $root_ds>

4
syndicate-server/examples/consumer.rs
View File

@ -15,7 +15,7 @@ use core::time::Duration;
#[derive(Clone, Debug, StructOpt)]
pub struct Config {
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")]
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
dataspace: String,
}
@ -24,7 +24,7 @@ async fn main() -> ActorResult {
syndicate::convenient_logging()?;
let config = Config::from_args();
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split();
let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split();
Actor::top(None, |t| {
relay::connect_stream(t, i, o, false, sturdyref, (), |_state, t, ds| {
let consumer = syndicate::entity(0)

4
syndicate-server/examples/dirty-consumer.rs
View File

@ -26,14 +26,14 @@ mod dirty;
#[derive(Clone, Debug, StructOpt)]
pub struct Config {
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")]
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
dataspace: String,
}
fn main() -> Result<(), Box<dyn std::error::Error>> {
let config = Config::from_args();
let mut stream = TcpStream::connect("127.0.0.1:8001")?;
let mut stream = TcpStream::connect("127.0.0.1:9001")?;
dirty::dirty_resolve(&mut stream, &config.dataspace)?;
let iolang = Language::<IOValue>::default();

4
syndicate-server/examples/dirty-producer.rs
View File

@ -25,7 +25,7 @@ pub struct Config {
#[structopt(short = "b", default_value = "0")]
bytes_padding: usize,
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")]
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
dataspace: String,
}
@ -40,7 +40,7 @@ fn says(who: IOValue, what: IOValue) -> IOValue {
fn main() -> Result<(), Box<dyn std::error::Error>> {
let config = Config::from_args();
let mut stream = TcpStream::connect("127.0.0.1:8001")?;
let mut stream = TcpStream::connect("127.0.0.1:9001")?;
dirty::dirty_resolve(&mut stream, &config.dataspace)?;
let padding: IOValue = Value::ByteString(vec![0; config.bytes_padding]).wrap();

4
syndicate-server/examples/pingpong.rs
View File

@ -43,7 +43,7 @@ pub struct Config {
#[structopt(subcommand)]
mode: PingPongMode,
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")]
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
dataspace: String,
}
@ -93,7 +93,7 @@ async fn main() -> ActorResult {
syndicate::convenient_logging()?;
let config = Config::from_args();
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split();
let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split();
Actor::top(None, |t| {
relay::connect_stream(t, i, o, false, sturdyref, (), move |_state, t, ds| {

4
syndicate-server/examples/producer.rs
View File

@ -16,7 +16,7 @@ pub struct Config {
#[structopt(short = "b", default_value = "0")]
bytes_padding: usize,
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")]
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
dataspace: String,
}
@ -25,7 +25,7 @@ async fn main() -> ActorResult {
syndicate::convenient_logging()?;
let config = Config::from_args();
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split();
let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split();
Actor::top(None, |t| {
relay::connect_stream(t, i, o, false, sturdyref, (), move |_state, t, ds| {
let facet = t.facet.clone();

4
syndicate-server/examples/state-consumer.rs
View File

@ -15,7 +15,7 @@ use core::time::Duration;
#[derive(Clone, Debug, StructOpt)]
pub struct Config {
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")]
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
dataspace: String,
}
@ -24,7 +24,7 @@ async fn main() -> ActorResult {
syndicate::convenient_logging()?;
let config = Config::from_args();
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split();
let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split();
Actor::top(None, |t| {
relay::connect_stream(t, i, o, false, sturdyref, (), |_state, t, ds| {
let consumer = {

4
syndicate-server/examples/state-producer.rs
View File

@ -10,7 +10,7 @@ use tokio::net::TcpStream;
#[derive(Clone, Debug, StructOpt)]
pub struct Config {
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")]
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
dataspace: String,
}
@ -19,7 +19,7 @@ async fn main() -> ActorResult {
syndicate::convenient_logging()?;
let config = Config::from_args();
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split();
let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split();
Actor::top(None, |t| {
relay::connect_stream(t, i, o, false, sturdyref, (), move |_state, t, ds| {
let facet = t.facet.clone();

4
syndicate/Cargo.toml
View File

@ -25,11 +25,11 @@ bytes = "1.0"
futures = "0.3"
blake2 = "0.10"
getrandom = "0.2"
hmac = "0.11"
hmac = "0.12"
lazy_static = "1.4"
parking_lot = "0.11"
sha2 = "0.9"
tracing = "0.1"
tracing-subscriber = "0.2"

18
syndicate/src/sturdy.rs
View File

@ -1,6 +1,6 @@
use blake2::Blake2s256;
use getrandom::getrandom;
use hmac::{Hmac, Mac, NewMac, crypto_mac::MacError};
use hmac::{SimpleHmac, Mac};
use preserves::hex::HexParser;
use preserves::hex::HexFormatter;
@ -10,8 +10,6 @@ use preserves::value::packed::PackedWriter;
use preserves::value::packed::from_bytes;
use preserves_schema::Codec;
use sha2::Sha256;
use std::io;
use super::language;
@ -21,14 +19,14 @@ pub use super::schemas::sturdy::*;
#[derive(Debug)]
pub enum ValidationError {
SignatureError(MacError),
SignatureError,
AttenuationError(CaveatError),
}
impl std::fmt::Display for ValidationError {
fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> {
match self {
ValidationError::SignatureError(_) =>
ValidationError::SignatureError =>
write!(f, "Invalid SturdyRef signature"),
ValidationError::AttenuationError(e) =>
write!(f, "Invalid SturdyRef attenuation: {:?}", e),
@ -41,7 +39,7 @@ impl std::error::Error for ValidationError {}
const KEY_LENGTH: usize = 16; // bytes; 128 bits
fn signature(key: &[u8], data: &[u8]) -> Vec<u8> {
let mut m = Hmac::<Sha256>::new_from_slice(key).expect("valid key length");
let mut m = SimpleHmac::<Blake2s256>::new_from_slice(key).expect("valid key length");
m.update(data);
let mut result = m.finalize().into_bytes().to_vec();
result.truncate(KEY_LENGTH);
@ -90,20 +88,20 @@ impl SturdyRef {
key: &[u8],
unattenuated_target: &_Ptr,
) -> Result<_Ptr, ValidationError> {
self.validate(key).map_err(ValidationError::SignatureError)?;
self.validate(key).map_err(|_| ValidationError::SignatureError)?;
let target = unattenuated_target
.attenuate(&self.caveat_chain)
.map_err(ValidationError::AttenuationError)?;
Ok(target)
}
pub fn validate(&self, key: &[u8]) -> Result<(), MacError> {
pub fn validate(&self, key: &[u8]) -> Result<(), ()> {
let SturdyRef { oid, caveat_chain, sig } = self;
let key = chain_signature(&signature(&key, &encode(oid)), caveat_chain);
if &key == sig {
Ok(())
} else {
Err(MacError)
Err(())
}
}