Switch to HMAC-BLAKE2s
This commit is contained in:
parent
d2c783927c
commit
7de2752068
|
@ -420,16 +420,6 @@ dependencies = [
|
||||||
"typenum",
|
"typenum",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "crypto-mac"
|
|
||||||
version = "0.11.1"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "b1d1a86f49236c215f271d40892d5fc950490551400b02ef360692c29815c714"
|
|
||||||
dependencies = [
|
|
||||||
"generic-array",
|
|
||||||
"subtle",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "csv"
|
name = "csv"
|
||||||
version = "1.1.6"
|
version = "1.1.6"
|
||||||
|
@ -835,12 +825,11 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "hmac"
|
name = "hmac"
|
||||||
version = "0.11.0"
|
version = "0.12.1"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "2a2a2320eb7ec0ebe8da8f744d7812d9fc4cb4d09344ac01898dbcb6a20ae69b"
|
checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"crypto-mac",
|
"digest 0.10.6",
|
||||||
"digest 0.9.0",
|
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
|
@ -1183,7 +1172,7 @@ dependencies = [
|
||||||
"chacha20poly1305",
|
"chacha20poly1305",
|
||||||
"getrandom 0.2.8",
|
"getrandom 0.2.8",
|
||||||
"noise-protocol",
|
"noise-protocol",
|
||||||
"sha2 0.10.6",
|
"sha2",
|
||||||
"x25519-dalek",
|
"x25519-dalek",
|
||||||
"zeroize",
|
"zeroize",
|
||||||
]
|
]
|
||||||
|
@ -1810,19 +1799,6 @@ dependencies = [
|
||||||
"opaque-debug",
|
"opaque-debug",
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
|
||||||
name = "sha2"
|
|
||||||
version = "0.9.9"
|
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
|
||||||
checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800"
|
|
||||||
dependencies = [
|
|
||||||
"block-buffer 0.9.0",
|
|
||||||
"cfg-if 1.0.0",
|
|
||||||
"cpufeatures",
|
|
||||||
"digest 0.9.0",
|
|
||||||
"opaque-debug",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "sha2"
|
name = "sha2"
|
||||||
version = "0.10.6"
|
version = "0.10.6"
|
||||||
|
@ -1934,6 +1910,7 @@ dependencies = [
|
||||||
name = "syndicate"
|
name = "syndicate"
|
||||||
version = "0.26.2"
|
version = "0.26.2"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
"blake2",
|
||||||
"bytes",
|
"bytes",
|
||||||
"criterion",
|
"criterion",
|
||||||
"futures",
|
"futures",
|
||||||
|
@ -1944,7 +1921,6 @@ dependencies = [
|
||||||
"parking_lot",
|
"parking_lot",
|
||||||
"preserves",
|
"preserves",
|
||||||
"preserves-schema",
|
"preserves-schema",
|
||||||
"sha2 0.9.9",
|
|
||||||
"tokio",
|
"tokio",
|
||||||
"tokio-util",
|
"tokio-util",
|
||||||
"tracing",
|
"tracing",
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
let ?root_ds = dataspace
|
let ?root_ds = dataspace
|
||||||
<require-service <relay-listener <tcp "0.0.0.0" 8001> $gatekeeper>>
|
<require-service <relay-listener <tcp "0.0.0.0" 9001> $gatekeeper>>
|
||||||
<bind "syndicate" #x"" $root_ds>
|
<bind "syndicate" #x"" $root_ds>
|
||||||
|
|
|
@ -15,7 +15,7 @@ use core::time::Duration;
|
||||||
|
|
||||||
#[derive(Clone, Debug, StructOpt)]
|
#[derive(Clone, Debug, StructOpt)]
|
||||||
pub struct Config {
|
pub struct Config {
|
||||||
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")]
|
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
|
||||||
dataspace: String,
|
dataspace: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -24,7 +24,7 @@ async fn main() -> ActorResult {
|
||||||
syndicate::convenient_logging()?;
|
syndicate::convenient_logging()?;
|
||||||
let config = Config::from_args();
|
let config = Config::from_args();
|
||||||
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
|
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
|
||||||
let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split();
|
let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split();
|
||||||
Actor::top(None, |t| {
|
Actor::top(None, |t| {
|
||||||
relay::connect_stream(t, i, o, false, sturdyref, (), |_state, t, ds| {
|
relay::connect_stream(t, i, o, false, sturdyref, (), |_state, t, ds| {
|
||||||
let consumer = syndicate::entity(0)
|
let consumer = syndicate::entity(0)
|
||||||
|
|
|
@ -26,14 +26,14 @@ mod dirty;
|
||||||
|
|
||||||
#[derive(Clone, Debug, StructOpt)]
|
#[derive(Clone, Debug, StructOpt)]
|
||||||
pub struct Config {
|
pub struct Config {
|
||||||
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")]
|
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
|
||||||
dataspace: String,
|
dataspace: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
fn main() -> Result<(), Box<dyn std::error::Error>> {
|
fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
let config = Config::from_args();
|
let config = Config::from_args();
|
||||||
|
|
||||||
let mut stream = TcpStream::connect("127.0.0.1:8001")?;
|
let mut stream = TcpStream::connect("127.0.0.1:9001")?;
|
||||||
dirty::dirty_resolve(&mut stream, &config.dataspace)?;
|
dirty::dirty_resolve(&mut stream, &config.dataspace)?;
|
||||||
|
|
||||||
let iolang = Language::<IOValue>::default();
|
let iolang = Language::<IOValue>::default();
|
||||||
|
|
|
@ -25,7 +25,7 @@ pub struct Config {
|
||||||
#[structopt(short = "b", default_value = "0")]
|
#[structopt(short = "b", default_value = "0")]
|
||||||
bytes_padding: usize,
|
bytes_padding: usize,
|
||||||
|
|
||||||
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")]
|
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
|
||||||
dataspace: String,
|
dataspace: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -40,7 +40,7 @@ fn says(who: IOValue, what: IOValue) -> IOValue {
|
||||||
fn main() -> Result<(), Box<dyn std::error::Error>> {
|
fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||||
let config = Config::from_args();
|
let config = Config::from_args();
|
||||||
|
|
||||||
let mut stream = TcpStream::connect("127.0.0.1:8001")?;
|
let mut stream = TcpStream::connect("127.0.0.1:9001")?;
|
||||||
dirty::dirty_resolve(&mut stream, &config.dataspace)?;
|
dirty::dirty_resolve(&mut stream, &config.dataspace)?;
|
||||||
|
|
||||||
let padding: IOValue = Value::ByteString(vec![0; config.bytes_padding]).wrap();
|
let padding: IOValue = Value::ByteString(vec![0; config.bytes_padding]).wrap();
|
||||||
|
|
|
@ -43,7 +43,7 @@ pub struct Config {
|
||||||
#[structopt(subcommand)]
|
#[structopt(subcommand)]
|
||||||
mode: PingPongMode,
|
mode: PingPongMode,
|
||||||
|
|
||||||
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")]
|
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
|
||||||
dataspace: String,
|
dataspace: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -93,7 +93,7 @@ async fn main() -> ActorResult {
|
||||||
syndicate::convenient_logging()?;
|
syndicate::convenient_logging()?;
|
||||||
let config = Config::from_args();
|
let config = Config::from_args();
|
||||||
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
|
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
|
||||||
let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split();
|
let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split();
|
||||||
Actor::top(None, |t| {
|
Actor::top(None, |t| {
|
||||||
relay::connect_stream(t, i, o, false, sturdyref, (), move |_state, t, ds| {
|
relay::connect_stream(t, i, o, false, sturdyref, (), move |_state, t, ds| {
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@ pub struct Config {
|
||||||
#[structopt(short = "b", default_value = "0")]
|
#[structopt(short = "b", default_value = "0")]
|
||||||
bytes_padding: usize,
|
bytes_padding: usize,
|
||||||
|
|
||||||
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")]
|
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
|
||||||
dataspace: String,
|
dataspace: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -25,7 +25,7 @@ async fn main() -> ActorResult {
|
||||||
syndicate::convenient_logging()?;
|
syndicate::convenient_logging()?;
|
||||||
let config = Config::from_args();
|
let config = Config::from_args();
|
||||||
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
|
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
|
||||||
let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split();
|
let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split();
|
||||||
Actor::top(None, |t| {
|
Actor::top(None, |t| {
|
||||||
relay::connect_stream(t, i, o, false, sturdyref, (), move |_state, t, ds| {
|
relay::connect_stream(t, i, o, false, sturdyref, (), move |_state, t, ds| {
|
||||||
let facet = t.facet.clone();
|
let facet = t.facet.clone();
|
||||||
|
|
|
@ -15,7 +15,7 @@ use core::time::Duration;
|
||||||
|
|
||||||
#[derive(Clone, Debug, StructOpt)]
|
#[derive(Clone, Debug, StructOpt)]
|
||||||
pub struct Config {
|
pub struct Config {
|
||||||
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")]
|
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
|
||||||
dataspace: String,
|
dataspace: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -24,7 +24,7 @@ async fn main() -> ActorResult {
|
||||||
syndicate::convenient_logging()?;
|
syndicate::convenient_logging()?;
|
||||||
let config = Config::from_args();
|
let config = Config::from_args();
|
||||||
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
|
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
|
||||||
let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split();
|
let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split();
|
||||||
Actor::top(None, |t| {
|
Actor::top(None, |t| {
|
||||||
relay::connect_stream(t, i, o, false, sturdyref, (), |_state, t, ds| {
|
relay::connect_stream(t, i, o, false, sturdyref, (), |_state, t, ds| {
|
||||||
let consumer = {
|
let consumer = {
|
||||||
|
|
|
@ -10,7 +10,7 @@ use tokio::net::TcpStream;
|
||||||
|
|
||||||
#[derive(Clone, Debug, StructOpt)]
|
#[derive(Clone, Debug, StructOpt)]
|
||||||
pub struct Config {
|
pub struct Config {
|
||||||
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b210a6480df5306611ddd0d3882b546e197784")]
|
#[structopt(short = "d", default_value = "b4b303726566b10973796e646963617465b584b21069ca300c1dbfa08fba692102dd82311a84")]
|
||||||
dataspace: String,
|
dataspace: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -19,7 +19,7 @@ async fn main() -> ActorResult {
|
||||||
syndicate::convenient_logging()?;
|
syndicate::convenient_logging()?;
|
||||||
let config = Config::from_args();
|
let config = Config::from_args();
|
||||||
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
|
let sturdyref = sturdy::SturdyRef::from_hex(&config.dataspace)?;
|
||||||
let (i, o) = TcpStream::connect("127.0.0.1:8001").await?.into_split();
|
let (i, o) = TcpStream::connect("127.0.0.1:9001").await?.into_split();
|
||||||
Actor::top(None, |t| {
|
Actor::top(None, |t| {
|
||||||
relay::connect_stream(t, i, o, false, sturdyref, (), move |_state, t, ds| {
|
relay::connect_stream(t, i, o, false, sturdyref, (), move |_state, t, ds| {
|
||||||
let facet = t.facet.clone();
|
let facet = t.facet.clone();
|
||||||
|
|
|
@ -25,11 +25,11 @@ bytes = "1.0"
|
||||||
|
|
||||||
futures = "0.3"
|
futures = "0.3"
|
||||||
|
|
||||||
|
blake2 = "0.10"
|
||||||
getrandom = "0.2"
|
getrandom = "0.2"
|
||||||
hmac = "0.11"
|
hmac = "0.12"
|
||||||
lazy_static = "1.4"
|
lazy_static = "1.4"
|
||||||
parking_lot = "0.11"
|
parking_lot = "0.11"
|
||||||
sha2 = "0.9"
|
|
||||||
|
|
||||||
tracing = "0.1"
|
tracing = "0.1"
|
||||||
tracing-subscriber = "0.2"
|
tracing-subscriber = "0.2"
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
|
use blake2::Blake2s256;
|
||||||
use getrandom::getrandom;
|
use getrandom::getrandom;
|
||||||
|
use hmac::{SimpleHmac, Mac};
|
||||||
use hmac::{Hmac, Mac, NewMac, crypto_mac::MacError};
|
|
||||||
|
|
||||||
use preserves::hex::HexParser;
|
use preserves::hex::HexParser;
|
||||||
use preserves::hex::HexFormatter;
|
use preserves::hex::HexFormatter;
|
||||||
|
@ -10,8 +10,6 @@ use preserves::value::packed::PackedWriter;
|
||||||
use preserves::value::packed::from_bytes;
|
use preserves::value::packed::from_bytes;
|
||||||
use preserves_schema::Codec;
|
use preserves_schema::Codec;
|
||||||
|
|
||||||
use sha2::Sha256;
|
|
||||||
|
|
||||||
use std::io;
|
use std::io;
|
||||||
|
|
||||||
use super::language;
|
use super::language;
|
||||||
|
@ -21,14 +19,14 @@ pub use super::schemas::sturdy::*;
|
||||||
|
|
||||||
#[derive(Debug)]
|
#[derive(Debug)]
|
||||||
pub enum ValidationError {
|
pub enum ValidationError {
|
||||||
SignatureError(MacError),
|
SignatureError,
|
||||||
AttenuationError(CaveatError),
|
AttenuationError(CaveatError),
|
||||||
}
|
}
|
||||||
|
|
||||||
impl std::fmt::Display for ValidationError {
|
impl std::fmt::Display for ValidationError {
|
||||||
fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> {
|
fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> {
|
||||||
match self {
|
match self {
|
||||||
ValidationError::SignatureError(_) =>
|
ValidationError::SignatureError =>
|
||||||
write!(f, "Invalid SturdyRef signature"),
|
write!(f, "Invalid SturdyRef signature"),
|
||||||
ValidationError::AttenuationError(e) =>
|
ValidationError::AttenuationError(e) =>
|
||||||
write!(f, "Invalid SturdyRef attenuation: {:?}", e),
|
write!(f, "Invalid SturdyRef attenuation: {:?}", e),
|
||||||
|
@ -41,7 +39,7 @@ impl std::error::Error for ValidationError {}
|
||||||
const KEY_LENGTH: usize = 16; // bytes; 128 bits
|
const KEY_LENGTH: usize = 16; // bytes; 128 bits
|
||||||
|
|
||||||
fn signature(key: &[u8], data: &[u8]) -> Vec<u8> {
|
fn signature(key: &[u8], data: &[u8]) -> Vec<u8> {
|
||||||
let mut m = Hmac::<Sha256>::new_from_slice(key).expect("valid key length");
|
let mut m = SimpleHmac::<Blake2s256>::new_from_slice(key).expect("valid key length");
|
||||||
m.update(data);
|
m.update(data);
|
||||||
let mut result = m.finalize().into_bytes().to_vec();
|
let mut result = m.finalize().into_bytes().to_vec();
|
||||||
result.truncate(KEY_LENGTH);
|
result.truncate(KEY_LENGTH);
|
||||||
|
@ -90,20 +88,20 @@ impl SturdyRef {
|
||||||
key: &[u8],
|
key: &[u8],
|
||||||
unattenuated_target: &_Ptr,
|
unattenuated_target: &_Ptr,
|
||||||
) -> Result<_Ptr, ValidationError> {
|
) -> Result<_Ptr, ValidationError> {
|
||||||
self.validate(key).map_err(ValidationError::SignatureError)?;
|
self.validate(key).map_err(|_| ValidationError::SignatureError)?;
|
||||||
let target = unattenuated_target
|
let target = unattenuated_target
|
||||||
.attenuate(&self.caveat_chain)
|
.attenuate(&self.caveat_chain)
|
||||||
.map_err(ValidationError::AttenuationError)?;
|
.map_err(ValidationError::AttenuationError)?;
|
||||||
Ok(target)
|
Ok(target)
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn validate(&self, key: &[u8]) -> Result<(), MacError> {
|
pub fn validate(&self, key: &[u8]) -> Result<(), ()> {
|
||||||
let SturdyRef { oid, caveat_chain, sig } = self;
|
let SturdyRef { oid, caveat_chain, sig } = self;
|
||||||
let key = chain_signature(&signature(&key, &encode(oid)), caveat_chain);
|
let key = chain_signature(&signature(&key, &encode(oid)), caveat_chain);
|
||||||
if &key == sig {
|
if &key == sig {
|
||||||
Ok(())
|
Ok(())
|
||||||
} else {
|
} else {
|
||||||
Err(MacError)
|
Err(())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue