From 7de2752068a6b263c6064e56158020356911e407 Mon Sep 17 00:00:00 2001 From: Tony Garnock-Jones Date: Mon, 6 Feb 2023 17:09:17 +0100 Subject: [PATCH] Switch to HMAC-BLAKE2s --- Cargo.lock | 34 +++------------------ dev-scripts/benchmark-config.pr | 2 +- syndicate-server/examples/consumer.rs | 4 +-- syndicate-server/examples/dirty-consumer.rs | 4 +-- syndicate-server/examples/dirty-producer.rs | 4 +-- syndicate-server/examples/pingpong.rs | 4 +-- syndicate-server/examples/producer.rs | 4 +-- syndicate-server/examples/state-consumer.rs | 4 +-- syndicate-server/examples/state-producer.rs | 4 +-- syndicate/Cargo.toml | 4 +-- syndicate/src/sturdy.rs | 18 +++++------ 11 files changed, 30 insertions(+), 56 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 51eb0aa..56f8615 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -420,16 +420,6 @@ dependencies = [ "typenum", ] -[[package]] -name = "crypto-mac" -version = "0.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714" -dependencies = [ - "generic-array", - "subtle", -] - [[package]] name = "csv" version = "1.1.6" @@ -835,12 +825,11 @@ dependencies = [ [[package]] name = "hmac" -version = "0.11.0" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" dependencies = [ - "crypto-mac", - "digest 0.9.0", + "digest 0.10.6", ] [[package]] @@ -1183,7 +1172,7 @@ dependencies = [ "chacha20poly1305", "getrandom 0.2.8", "noise-protocol", - "sha2 0.10.6", + "sha2", "x25519-dalek", "zeroize", ] @@ -1810,19 +1799,6 @@ dependencies = [ "opaque-debug", ] -[[package]] -name = "sha2" -version = "0.9.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800" -dependencies = [ - "block-buffer 0.9.0", - "cfg-if 1.0.0", - "cpufeatures", - "digest 0.9.0", - "opaque-debug", -] - [[package]] name = "sha2" version = "0.10.6" @@ -1934,6 +1910,7 @@ dependencies = [ name = "syndicate" version = "0.26.2" dependencies = [ + "blake2", "bytes", "criterion", "futures", @@ -1944,7 +1921,6 @@ dependencies = [ "parking_lot", "preserves", "preserves-schema", - "sha2 0.9.9", "tokio", "tokio-util", "tracing", diff --git a/dev-scripts/benchmark-config.pr b/dev-scripts/benchmark-config.pr index fb9a99d..b40e52a 100644 --- a/dev-scripts/benchmark-config.pr +++ b/dev-scripts/benchmark-config.pr @@ -1,3 +1,3 @@ let ?root_ds = dataspace - $gatekeeper>> + $gatekeeper>> diff --git a/syndicate-server/examples/consumer.rs b/syndicate-server/examples/consumer.rs index d0296be..51e271c 100644 --- a/syndicate-server/examples/consumer.rs +++ b/syndicate-server/examples/consumer.rs @@ -15,7 +15,7 @@ use core::time::Duration; #[derive(Clone, Debug, StructOpt)] pub struct Config { - #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")] + #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")] dataspace: String, } @@ -24,7 +24,7 @@ async fn main() -> ActorResult { syndicate::convenient_logging()?; let config = Config::from_args(); let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?; - let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split(); + let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split(); Actor::top(None, |t| { relay::connect_stream(t, i, o, false, sturdyref, (), |_state, t, ds| { let consumer = syndicate::entity(0) diff --git a/syndicate-server/examples/dirty-consumer.rs b/syndicate-server/examples/dirty-consumer.rs index 1863407..6f38108 100644 --- a/syndicate-server/examples/dirty-consumer.rs +++ b/syndicate-server/examples/dirty-consumer.rs @@ -26,14 +26,14 @@ mod dirty; #[derive(Clone, Debug, StructOpt)] pub struct Config { - #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")] + #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")] dataspace: String, } fn main() -> Result<(), Box> { let config = Config::from_args(); - let mut stream = TcpStream::connect("127.0.0.1:8001")?; + let mut stream = TcpStream::connect("127.0.0.1:9001")?; dirty::dirty_resolve(&mut stream, &config.dataspace)?; let iolang = Language::::default(); diff --git a/syndicate-server/examples/dirty-producer.rs b/syndicate-server/examples/dirty-producer.rs index fe5b080..34bfc14 100644 --- a/syndicate-server/examples/dirty-producer.rs +++ b/syndicate-server/examples/dirty-producer.rs @@ -25,7 +25,7 @@ pub struct Config { #[structopt(short = "b", default_value = "0")] bytes_padding: usize, - #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")] + #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")] dataspace: String, } @@ -40,7 +40,7 @@ fn says(who: IOValue, what: IOValue) -> IOValue { fn main() -> Result<(), Box> { let config = Config::from_args(); - let mut stream = TcpStream::connect("127.0.0.1:8001")?; + let mut stream = TcpStream::connect("127.0.0.1:9001")?; dirty::dirty_resolve(&mut stream, &config.dataspace)?; let padding: IOValue = Value::ByteString(vec![0; config.bytes_padding]).wrap(); diff --git a/syndicate-server/examples/pingpong.rs b/syndicate-server/examples/pingpong.rs index e0491e0..d671f7a 100644 --- a/syndicate-server/examples/pingpong.rs +++ b/syndicate-server/examples/pingpong.rs @@ -43,7 +43,7 @@ pub struct Config { #[structopt(subcommand)] mode: PingPongMode, - #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")] + #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")] dataspace: String, } @@ -93,7 +93,7 @@ async fn main() -> ActorResult { syndicate::convenient_logging()?; let config = Config::from_args(); let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?; - let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split(); + let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split(); Actor::top(None, |t| { relay::connect_stream(t, i, o, false, sturdyref, (), move |_state, t, ds| { diff --git a/syndicate-server/examples/producer.rs b/syndicate-server/examples/producer.rs index 3db2a57..b8fb818 100644 --- a/syndicate-server/examples/producer.rs +++ b/syndicate-server/examples/producer.rs @@ -16,7 +16,7 @@ pub struct Config { #[structopt(short = "b", default_value = "0")] bytes_padding: usize, - #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")] + #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")] dataspace: String, } @@ -25,7 +25,7 @@ async fn main() -> ActorResult { syndicate::convenient_logging()?; let config = Config::from_args(); let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?; - let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split(); + let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split(); Actor::top(None, |t| { relay::connect_stream(t, i, o, false, sturdyref, (), move |_state, t, ds| { let facet = t.facet.clone(); diff --git a/syndicate-server/examples/state-consumer.rs b/syndicate-server/examples/state-consumer.rs index 5c78263..71f86bf 100644 --- a/syndicate-server/examples/state-consumer.rs +++ b/syndicate-server/examples/state-consumer.rs @@ -15,7 +15,7 @@ use core::time::Duration; #[derive(Clone, Debug, StructOpt)] pub struct Config { - #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")] + #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")] dataspace: String, } @@ -24,7 +24,7 @@ async fn main() -> ActorResult { syndicate::convenient_logging()?; let config = Config::from_args(); let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?; - let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split(); + let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split(); Actor::top(None, |t| { relay::connect_stream(t, i, o, false, sturdyref, (), |_state, t, ds| { let consumer = { diff --git a/syndicate-server/examples/state-producer.rs b/syndicate-server/examples/state-producer.rs index 5052e13..461a536 100644 --- a/syndicate-server/examples/state-producer.rs +++ b/syndicate-server/examples/state-producer.rs @@ -10,7 +10,7 @@ use tokio::net::TcpStream; #[derive(Clone, Debug, StructOpt)] pub struct Config { - #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")] + #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")] dataspace: String, } @@ -19,7 +19,7 @@ async fn main() -> ActorResult { syndicate::convenient_logging()?; let config = Config::from_args(); let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?; - let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split(); + let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split(); Actor::top(None, |t| { relay::connect_stream(t, i, o, false, sturdyref, (), move |_state, t, ds| { let facet = t.facet.clone(); diff --git a/syndicate/Cargo.toml b/syndicate/Cargo.toml index d3ec092..0e7651e 100644 --- a/syndicate/Cargo.toml +++ b/syndicate/Cargo.toml @@ -25,11 +25,11 @@ bytes = "1.0" futures = "0.3" +blake2 = "0.10" getrandom = "0.2" -hmac = "0.11" +hmac = "0.12" lazy_static = "1.4" parking_lot = "0.11" -sha2 = "0.9" tracing = "0.1" tracing-subscriber = "0.2" diff --git a/syndicate/src/sturdy.rs b/syndicate/src/sturdy.rs index 82aee5c..aae9207 100644 --- a/syndicate/src/sturdy.rs +++ b/syndicate/src/sturdy.rs @@ -1,6 +1,6 @@ +use blake2::Blake2s256; use getrandom::getrandom; - -use hmac::{Hmac, Mac, NewMac, crypto_mac::MacError}; +use hmac::{SimpleHmac, Mac}; use preserves::hex::HexParser; use preserves::hex::HexFormatter; @@ -10,8 +10,6 @@ use preserves::value::packed::PackedWriter; use preserves::value::packed::from_bytes; use preserves_schema::Codec; -use sha2::Sha256; - use std::io; use super::language; @@ -21,14 +19,14 @@ pub use super::schemas::sturdy::*; #[derive(Debug)] pub enum ValidationError { - SignatureError(MacError), + SignatureError, AttenuationError(CaveatError), } impl std::fmt::Display for ValidationError { fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> { match self { - ValidationError::SignatureError(_) => + ValidationError::SignatureError => write!(f, "Invalid SturdyRef signature"), ValidationError::AttenuationError(e) => write!(f, "Invalid SturdyRef attenuation: {:?}", e), @@ -41,7 +39,7 @@ impl std::error::Error for ValidationError {} const KEY_LENGTH: usize = 16; // bytes; 128 bits fn signature(key: &[u8], data: &[u8]) -> Vec { - let mut m = Hmac::::new_from_slice(key).expect("valid key length"); + let mut m = SimpleHmac::::new_from_slice(key).expect("valid key length"); m.update(data); let mut result = m.finalize().into_bytes().to_vec(); result.truncate(KEY_LENGTH); @@ -90,20 +88,20 @@ impl SturdyRef { key: &[u8], unattenuated_target: &_Ptr, ) -> Result<_Ptr, ValidationError> { - self.validate(key).map_err(ValidationError::SignatureError)?; + self.validate(key).map_err(|_| ValidationError::SignatureError)?; let target = unattenuated_target .attenuate(&self.caveat_chain) .map_err(ValidationError::AttenuationError)?; Ok(target) } - pub fn validate(&self, key: &[u8]) -> Result<(), MacError> { + pub fn validate(&self, key: &[u8]) -> Result<(), ()> { let SturdyRef { oid, caveat_chain, sig } = self; let key = chain_signature(&signature(&key, &encode(oid)), caveat_chain); if &key == sig { Ok(()) } else { - Err(MacError) + Err(()) } }