syndicate-lang
/
syndicate-rs
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Switch to HMAC-BLAKE2s

This commit is contained in:
Tony Garnock-Jones 2023-02-06 17:09:17 +01:00
parent d2c783927c
commit 7de2752068
11 changed files with 30 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
Cargo.lock generated
View File

@ -420,16 +420,6 @@ dependencies = [
"typenum", "typenum",
] ]
[[package]]
name = "crypto-mac"
version = "0.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714"
dependencies = [
"generic-array",
"subtle",
]
[[package]] [[package]]
name = "csv" name = "csv"
version = "1.1.6" version = "1.1.6"
@ -835,12 +825,11 @@ dependencies = [
[[package]] [[package]]
name = "hmac" name = "hmac"
version = "0.11.0" version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b" checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
dependencies = [ dependencies = [
"crypto-mac", "digest 0.10.6",
"digest 0.9.0",
] ]
[[package]] [[package]]
@ -1183,7 +1172,7 @@ dependencies = [
"chacha20poly1305", "chacha20poly1305",
"getrandom 0.2.8", "getrandom 0.2.8",
"noise-protocol", "noise-protocol",
"sha2 0.10.6", "sha2",
"x25519-dalek", "x25519-dalek",
"zeroize", "zeroize",
] ]
@ -1810,19 +1799,6 @@ dependencies = [
"opaque-debug", "opaque-debug",
] ]
[[package]]
name = "sha2"
version = "0.9.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800"
dependencies = [
"block-buffer 0.9.0",
"cfg-if 1.0.0",
"cpufeatures",
"digest 0.9.0",
"opaque-debug",
]
[[package]] [[package]]
name = "sha2" name = "sha2"
version = "0.10.6" version = "0.10.6"
@ -1934,6 +1910,7 @@ dependencies = [
name = "syndicate" name = "syndicate"
version = "0.26.2" version = "0.26.2"
dependencies = [ dependencies = [
"blake2",
"bytes", "bytes",
"criterion", "criterion",
"futures", "futures",
@ -1944,7 +1921,6 @@ dependencies = [
"parking_lot", "parking_lot",
"preserves", "preserves",
"preserves-schema", "preserves-schema",
"sha2 0.9.9",
"tokio", "tokio",
"tokio-util", "tokio-util",
"tracing", "tracing",

2
dev-scripts/benchmark-config.pr
View File

@ -1,3 +1,3 @@
let ?root_ds = dataspace let ?root_ds = dataspace
<require-service <relay-listener <tcp "0.0.0.0" 8001> $gatekeeper>> <require-service <relay-listener <tcp "0.0.0.0" 9001> $gatekeeper>>
<bind "syndicate" #x"" $root_ds> <bind "syndicate" #x"" $root_ds>

4
syndicate-server/examples/consumer.rs
View File

@ -15,7 +15,7 @@ use core::time::Duration;
#[derive(Clone, Debug, StructOpt)] #[derive(Clone, Debug, StructOpt)]
pub struct Config { pub struct Config {
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")] #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
dataspace: String, dataspace: String,
} }
@ -24,7 +24,7 @@ async fn main() -> ActorResult {
syndicate::convenient_logging()?; syndicate::convenient_logging()?;
let config = Config::from_args(); let config = Config::from_args();
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?; let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split(); let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split();
Actor::top(None, |t| { Actor::top(None, |t| {
relay::connect_stream(t, i, o, false, sturdyref, (), |_state, t, ds| { relay::connect_stream(t, i, o, false, sturdyref, (), |_state, t, ds| {
let consumer = syndicate::entity(0) let consumer = syndicate::entity(0)

4
syndicate-server/examples/dirty-consumer.rs
View File

@ -26,14 +26,14 @@ mod dirty;
#[derive(Clone, Debug, StructOpt)] #[derive(Clone, Debug, StructOpt)]
pub struct Config { pub struct Config {
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")] #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
dataspace: String, dataspace: String,
} }
fn main() -> Result<(), Box<dyn std::error::Error>> { fn main() -> Result<(), Box<dyn std::error::Error>> {
let config = Config::from_args(); let config = Config::from_args();
let mut stream = TcpStream::connect("127.0.0.1:8001")?; let mut stream = TcpStream::connect("127.0.0.1:9001")?;
dirty::dirty_resolve(&mut stream, &config.dataspace)?; dirty::dirty_resolve(&mut stream, &config.dataspace)?;
let iolang = Language::<IOValue>::default(); let iolang = Language::<IOValue>::default();

4
syndicate-server/examples/dirty-producer.rs
View File

@ -25,7 +25,7 @@ pub struct Config {
#[structopt(short = "b", default_value = "0")] #[structopt(short = "b", default_value = "0")]
bytes_padding: usize, bytes_padding: usize,
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")] #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
dataspace: String, dataspace: String,
} }
@ -40,7 +40,7 @@ fn says(who: IOValue, what: IOValue) -> IOValue {
fn main() -> Result<(), Box<dyn std::error::Error>> { fn main() -> Result<(), Box<dyn std::error::Error>> {
let config = Config::from_args(); let config = Config::from_args();
let mut stream = TcpStream::connect("127.0.0.1:8001")?; let mut stream = TcpStream::connect("127.0.0.1:9001")?;
dirty::dirty_resolve(&mut stream, &config.dataspace)?; dirty::dirty_resolve(&mut stream, &config.dataspace)?;
let padding: IOValue = Value::ByteString(vec![0; config.bytes_padding]).wrap(); let padding: IOValue = Value::ByteString(vec![0; config.bytes_padding]).wrap();

4
syndicate-server/examples/pingpong.rs
View File

@ -43,7 +43,7 @@ pub struct Config {
#[structopt(subcommand)] #[structopt(subcommand)]
mode: PingPongMode, mode: PingPongMode,
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")] #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
dataspace: String, dataspace: String,
} }
@ -93,7 +93,7 @@ async fn main() -> ActorResult {
syndicate::convenient_logging()?; syndicate::convenient_logging()?;
let config = Config::from_args(); let config = Config::from_args();
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?; let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split(); let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split();
Actor::top(None, |t| { Actor::top(None, |t| {
relay::connect_stream(t, i, o, false, sturdyref, (), move |_state, t, ds| { relay::connect_stream(t, i, o, false, sturdyref, (), move |_state, t, ds| {

4
syndicate-server/examples/producer.rs
View File

@ -16,7 +16,7 @@ pub struct Config {
#[structopt(short = "b", default_value = "0")] #[structopt(short = "b", default_value = "0")]
bytes_padding: usize, bytes_padding: usize,
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")] #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
dataspace: String, dataspace: String,
} }
@ -25,7 +25,7 @@ async fn main() -> ActorResult {
syndicate::convenient_logging()?; syndicate::convenient_logging()?;
let config = Config::from_args(); let config = Config::from_args();
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?; let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split(); let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split();
Actor::top(None, |t| { Actor::top(None, |t| {
relay::connect_stream(t, i, o, false, sturdyref, (), move |_state, t, ds| { relay::connect_stream(t, i, o, false, sturdyref, (), move |_state, t, ds| {
let facet = t.facet.clone(); let facet = t.facet.clone();

4
syndicate-server/examples/state-consumer.rs
View File

@ -15,7 +15,7 @@ use core::time::Duration;
#[derive(Clone, Debug, StructOpt)] #[derive(Clone, Debug, StructOpt)]
pub struct Config { pub struct Config {
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")] #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
dataspace: String, dataspace: String,
} }
@ -24,7 +24,7 @@ async fn main() -> ActorResult {
syndicate::convenient_logging()?; syndicate::convenient_logging()?;
let config = Config::from_args(); let config = Config::from_args();
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?; let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split(); let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split();
Actor::top(None, |t| { Actor::top(None, |t| {
relay::connect_stream(t, i, o, false, sturdyref, (), |_state, t, ds| { relay::connect_stream(t, i, o, false, sturdyref, (), |_state, t, ds| {
let consumer = { let consumer = {

4
syndicate-server/examples/state-producer.rs
View File

@ -10,7 +10,7 @@ use tokio::net::TcpStream;
#[derive(Clone, Debug, StructOpt)] #[derive(Clone, Debug, StructOpt)]
pub struct Config { pub struct Config {
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")] #[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
dataspace: String, dataspace: String,
} }
@ -19,7 +19,7 @@ async fn main() -> ActorResult {
syndicate::convenient_logging()?; syndicate::convenient_logging()?;
let config = Config::from_args(); let config = Config::from_args();
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?; let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split(); let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split();
Actor::top(None, |t| { Actor::top(None, |t| {
relay::connect_stream(t, i, o, false, sturdyref, (), move |_state, t, ds| { relay::connect_stream(t, i, o, false, sturdyref, (), move |_state, t, ds| {
let facet = t.facet.clone(); let facet = t.facet.clone();

4
syndicate/Cargo.toml
View File

@ -25,11 +25,11 @@ bytes = "1.0"
futures = "0.3" futures = "0.3"
blake2 = "0.10"
getrandom = "0.2" getrandom = "0.2"
hmac = "0.11" hmac = "0.12"
lazy_static = "1.4" lazy_static = "1.4"
parking_lot = "0.11" parking_lot = "0.11"
sha2 = "0.9"
tracing = "0.1" tracing = "0.1"
tracing-subscriber = "0.2" tracing-subscriber = "0.2"

18
syndicate/src/sturdy.rs
View File

@ -1,6 +1,6 @@
use blake2::Blake2s256;
use getrandom::getrandom; use getrandom::getrandom;
use hmac::{SimpleHmac, Mac};
use hmac::{Hmac, Mac, NewMac, crypto_mac::MacError};
use preserves::hex::HexParser; use preserves::hex::HexParser;
use preserves::hex::HexFormatter; use preserves::hex::HexFormatter;
@ -10,8 +10,6 @@ use preserves::value::packed::PackedWriter;
use preserves::value::packed::from_bytes; use preserves::value::packed::from_bytes;
use preserves_schema::Codec; use preserves_schema::Codec;
use sha2::Sha256;
use std::io; use std::io;
use super::language; use super::language;
@ -21,14 +19,14 @@ pub use super::schemas::sturdy::*;
#[derive(Debug)] #[derive(Debug)]
pub enum ValidationError { pub enum ValidationError {
SignatureError(MacError), SignatureError,
AttenuationError(CaveatError), AttenuationError(CaveatError),
} }
impl std::fmt::Display for ValidationError { impl std::fmt::Display for ValidationError {
fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> { fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> {
match self { match self {
ValidationError::SignatureError(_) => ValidationError::SignatureError =>
write!(f, "Invalid SturdyRef signature"), write!(f, "Invalid SturdyRef signature"),
ValidationError::AttenuationError(e) => ValidationError::AttenuationError(e) =>
write!(f, "Invalid SturdyRef attenuation: {:?}", e), write!(f, "Invalid SturdyRef attenuation: {:?}", e),
@ -41,7 +39,7 @@ impl std::error::Error for ValidationError {}
const KEY_LENGTH: usize = 16; // bytes; 128 bits const KEY_LENGTH: usize = 16; // bytes; 128 bits
fn signature(key: &[u8], data: &[u8]) -> Vec<u8> { fn signature(key: &[u8], data: &[u8]) -> Vec<u8> {
let mut m = Hmac::<Sha256>::new_from_slice(key).expect("valid key length"); let mut m = SimpleHmac::<Blake2s256>::new_from_slice(key).expect("valid key length");
m.update(data); m.update(data);
let mut result = m.finalize().into_bytes().to_vec(); let mut result = m.finalize().into_bytes().to_vec();
result.truncate(KEY_LENGTH); result.truncate(KEY_LENGTH);
@ -90,20 +88,20 @@ impl SturdyRef {
key: &[u8], key: &[u8],
unattenuated_target: &_Ptr, unattenuated_target: &_Ptr,
) -> Result<_Ptr, ValidationError> { ) -> Result<_Ptr, ValidationError> {
self.validate(key).map_err(ValidationError::SignatureError)?; self.validate(key).map_err(|_| ValidationError::SignatureError)?;
let target = unattenuated_target let target = unattenuated_target
.attenuate(&self.caveat_chain) .attenuate(&self.caveat_chain)
.map_err(ValidationError::AttenuationError)?; .map_err(ValidationError::AttenuationError)?;
Ok(target) Ok(target)
} }
pub fn validate(&self, key: &[u8]) -> Result<(), MacError> { pub fn validate(&self, key: &[u8]) -> Result<(), ()> {
let SturdyRef { oid, caveat_chain, sig } = self; let SturdyRef { oid, caveat_chain, sig } = self;
let key = chain_signature(&signature(&key, &encode(oid)), caveat_chain); let key = chain_signature(&signature(&key, &encode(oid)), caveat_chain);
if &key == sig { if &key == sig {
Ok(()) Ok(())
} else { } else {
Err(MacError) Err(())
} }
} }