diff options
-rw-r--r-- | Cargo.lock | 79 | ||||
-rw-r--r-- | Cargo.toml | 4 | ||||
-rw-r--r-- | src/consts.rs | 1 | ||||
-rw-r--r-- | src/interface/mod.rs | 8 | ||||
-rw-r--r-- | src/interface/peer_server.rs | 36 | ||||
-rw-r--r-- | src/main.rs | 1 | ||||
-rw-r--r-- | src/noise.rs | 16 | ||||
-rw-r--r-- | src/protocol/peer.rs | 9 |
8 files changed, 136 insertions, 18 deletions
@@ -12,6 +12,11 @@ version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] +name = "arrayref" +version = "0.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] name = "arrayvec" version = "0.3.25" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -152,6 +157,18 @@ version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] +name = "curve25519-dalek" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "arrayref 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)", + "digest 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)", + "generic-array 0.8.3 (registry+https://github.com/rust-lang/crates.io-index)", + "rand 0.3.22 (registry+https://github.com/rust-lang/crates.io-index)", + "subtle 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "daemonize" version = "0.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -160,6 +177,14 @@ dependencies = [ ] [[package]] +name = "digest" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "generic-array 0.8.3 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "either" version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -225,6 +250,15 @@ version = "0.3.54" source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] +name = "generic-array" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "nodrop 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)", + "typenum 1.9.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "glob" version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -377,6 +411,19 @@ version = "0.1.12" source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] +name = "num-traits" +version = "0.1.43" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "num-traits 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "num-traits" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] name = "num_cpus" version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -677,6 +724,14 @@ dependencies = [ ] [[package]] +name = "subtle" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "num-traits 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "syn" version = "0.11.11" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -866,6 +921,11 @@ version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] +name = "typenum" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] name = "unicode-width" version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -939,6 +999,7 @@ dependencies = [ "tokio-uds 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", "tokio-utun 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)", "treebitmap 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)", + "x25519-dalek 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -979,9 +1040,19 @@ dependencies = [ "winapi-build 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "x25519-dalek" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "curve25519-dalek 0.12.1 (registry+https://github.com/rust-lang/crates.io-index)", + "rand 0.3.22 (registry+https://github.com/rust-lang/crates.io-index)", +] + [metadata] "checksum aho-corasick 0.6.4 (registry+https://github.com/rust-lang/crates.io-index)" = "d6531d44de723825aa81398a6415283229725a00fa30713812ab9323faa82fc4" "checksum ansi_term 0.10.2 (registry+https://github.com/rust-lang/crates.io-index)" = "6b3568b48b7cefa6b8ce125f9bb4989e52fbcc29ebea88df04cc7c5f12f70455" +"checksum arrayref 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)" = "0fd1479b7c29641adbd35ff3b5c293922d696a92f25c8c975da3e0acbc87258f" "checksum arrayvec 0.3.25 (registry+https://github.com/rust-lang/crates.io-index)" = "06f59fe10306bb78facd90d28c2038ad23ffaaefa85bac43c8a434cde383334f" "checksum arrayvec 0.4.7 (registry+https://github.com/rust-lang/crates.io-index)" = "a1e964f9e24d588183fcb43503abda40d288c8657dfc27311516ce2f05675aef" "checksum atty 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)" = "8352656fd42c30a0c3c89d26dea01e3b77c0ab2af18230835c15e2e13cd51859" @@ -1000,7 +1071,9 @@ dependencies = [ "checksum clap 2.29.4 (registry+https://github.com/rust-lang/crates.io-index)" = "7b8f59bcebcfe4269b09f71dab0da15b355c75916a8f975d3876ce81561893ee" "checksum coco 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "c06169f5beb7e31c7c67ebf5540b8b472d23e3eade3b2ec7d1f5b504a85f91bd" "checksum constant_time_eq 0.1.3 (registry+https://github.com/rust-lang/crates.io-index)" = "8ff012e225ce166d4422e0e78419d901719760f62ae2b7969ca6b564d1b54a9e" +"checksum curve25519-dalek 0.12.1 (registry+https://github.com/rust-lang/crates.io-index)" = "4576702012648a8d7331c0ebb1a41a13723ef8d5bfc704a7ab4175a02e38906e" "checksum daemonize 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "0239832c1b4ca406d5ec73728cf4c7336d25cf85dd32db9e047e9e706ee0e935" +"checksum digest 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)" = "e5b29bf156f3f4b3c4f610a25ff69370616ae6e0657d416de22645483e72af0a" "checksum either 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "740178ddf48b1a9e878e6d6509a1442a2d42fd2928aae8e7a6f8a36fb01981b3" "checksum env_logger 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)" = "3ddf21e73e016298f5cb37d6ef8e8da8e39f91f9ec8b0df44b7deb16a9f8cd5b" "checksum error-chain 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ff511d5dc435d703f4971bc399647c9bc38e20cb41452e3b9feb4765419ed3f3" @@ -1010,6 +1083,7 @@ dependencies = [ "checksum fuchsia-zircon-sys 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "3dcaa9ae7725d12cdb85b3ad99a434db70b468c09ded17e012d86b5c1010f7a7" "checksum futures 0.1.18 (registry+https://github.com/rust-lang/crates.io-index)" = "0bab5b5e94f5c31fc764ba5dd9ad16568aae5d4825538c01d6bca680c9bf94a7" "checksum gcc 0.3.54 (registry+https://github.com/rust-lang/crates.io-index)" = "5e33ec290da0d127825013597dbdfc28bee4964690c7ce1166cbc2a7bd08b1bb" +"checksum generic-array 0.8.3 (registry+https://github.com/rust-lang/crates.io-index)" = "fceb69994e330afed50c93524be68c42fa898c2d9fd4ee8da03bd7363acd26f2" "checksum glob 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "8be18de09a56b60ed0edf84bc9df007e30040691af7acd1c41874faac5895bfb" "checksum hex 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "459d3cf58137bb02ad4adeef5036377ff59f066dbb82517b7192e3a5462a2abc" "checksum iovec 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "dbe6e417e7d0975db6512b90796e8ce223145ac4e33c377e4a42882a0e88bb08" @@ -1029,6 +1103,8 @@ dependencies = [ "checksum net2 0.2.31 (registry+https://github.com/rust-lang/crates.io-index)" = "3a80f842784ef6c9a958b68b7516bc7e35883c614004dd94959a4dca1b716c09" "checksum nix 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "a2c5afeb0198ec7be8569d666644b574345aad2e95a53baf3a532da3e0f3fb32" "checksum nodrop 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)" = "9a2228dca57108069a5262f2ed8bd2e82496d2e074a06d1ccc7ce1687b6ae0a2" +"checksum num-traits 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)" = "92e5113e9fd4cc14ded8e499429f396a20f98c772a47cc8622a736e1ec843c31" +"checksum num-traits 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "e7de20f146db9d920c45ee8ed8f71681fd9ade71909b48c3acbd766aa504cf10" "checksum num_cpus 1.8.0 (registry+https://github.com/rust-lang/crates.io-index)" = "c51a3322e4bca9d212ad9a158a02abc6934d005490c054a2778df73a70aa0a30" "checksum odds 0.2.26 (registry+https://github.com/rust-lang/crates.io-index)" = "4eae0151b9dacf24fcc170d9995e511669a082856a91f958a2fe380bfab3fb22" "checksum pnet 0.20.0 (registry+https://github.com/rust-lang/crates.io-index)" = "e866218222e997f8aeebbbda7761d29c3b75772573e65da68fff97c21c5754ad" @@ -1065,6 +1141,7 @@ dependencies = [ "checksum strsim 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "bb4f380125926a99e52bc279241539c018323fab05ad6368b56f93d9369ff550" "checksum structopt 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "783cb22d520b177a3772e520d04a3c7970d51c3b647ba80739f99be01131b54f" "checksum structopt-derive 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "4da119c9a7a1eccb7c6de0c1eb3f7ed1c11138624d092b3687222aeed8f1375c" +"checksum subtle 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)" = "c7a6bab57c3efd01ebd3d750f4244ae0af4cdd1fc505a7904a41603192b803c5" "checksum syn 0.11.11 (registry+https://github.com/rust-lang/crates.io-index)" = "d3b891b9015c88c576343b9b3e41c2c11a51c219ef067b264bd9c8aa9b441dad" "checksum synom 0.11.3 (registry+https://github.com/rust-lang/crates.io-index)" = "a393066ed9010ebaed60b9eafa373d4b1baac186dd7e008555b0f702b51945b6" "checksum synstructure 0.6.1 (registry+https://github.com/rust-lang/crates.io-index)" = "3a761d12e6d8dcb4dcf952a7a89b475e3a9d69e4a69307e01a470977642914bd" @@ -1083,6 +1160,7 @@ dependencies = [ "checksum tokio-uds 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "65ae5d255ce739e8537221ed2942e0445f4b3b813daebac1c0050ddaaa3587f9" "checksum tokio-utun 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "0e44b976406c6edfd4bede61feb70f5f0751d6dc5e965e5d817136cdc6051a2d" "checksum treebitmap 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "1efcc0a760c155a5eff13249f6d3339b7000278f24360db9e4c80fab798c79c5" +"checksum typenum 1.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "13a99dc6780ef33c78780b826cf9d2a78840b72cae9474de4bcaf9051e60ebbd" "checksum unicode-width 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)" = "bf3a113775714a22dcb774d8ea3655c53a32debae63a063acc00a91cc586245f" "checksum unicode-xid 0.0.3 (registry+https://github.com/rust-lang/crates.io-index)" = "36dff09cafb4ec7c8cf0023eb0b686cb6ce65499116a12201c9e11840ca01beb" "checksum unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)" = "8c1f860d7d29cf02cb2f3f359fd35991af3d30bac52c57d265a3c461074cb4dc" @@ -1097,3 +1175,4 @@ dependencies = [ "checksum winapi-i686-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" "checksum winapi-x86_64-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" "checksum ws2_32-sys 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "d59cefebd0c892fa2dd6de581e937301d8552cb44489cdff035c6187cb63fa5e" +"checksum x25519-dalek 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "26a6680200ec1e504fc05234344f398e682517fd8ea355af87f3cdcc9ea471a3" @@ -6,6 +6,9 @@ license = "GPL-3.0" repository = "https://git.zx2c4.com/wireguard-rs/" description = "Userspace implementation of WireGuard, a fast, modern and secure VPN tunnel." +[profile.release] +debug = true + [dependencies] base64 = "^0.5" blake2-rfc = "0.2" @@ -34,3 +37,4 @@ tokio-uds = "^0.1" tokio-utun = "^0.1" tokio-timer = "^0.1" treebitmap = "^0.2" +x25519-dalek = "0.1.0" diff --git a/src/consts.rs b/src/consts.rs index f5059d0..f810ad4 100644 --- a/src/consts.rs +++ b/src/consts.rs @@ -22,3 +22,4 @@ pub const AEAD_TAG_SIZE: usize = 16; pub const TRANSPORT_OVERHEAD: usize = TRANSPORT_HEADER_SIZE + AEAD_TAG_SIZE; pub const MAX_SEGMENT_SIZE: usize = (1 << 16) - 1; pub const MAX_CONTENT_SIZE: usize = MAX_SEGMENT_SIZE - TRANSPORT_OVERHEAD; +pub const PADDING_MULTIPLE: usize = 16; diff --git a/src/interface/mod.rs b/src/interface/mod.rs index 41b4a66..38c306c 100644 --- a/src/interface/mod.rs +++ b/src/interface/mod.rs @@ -18,6 +18,7 @@ use std::collections::HashMap; use std::net::{Ipv4Addr, Ipv6Addr, IpAddr, SocketAddr}; use std::time::Duration; use types::{InterfaceInfo}; +use x25519_dalek as x25519; use pnet::packet::ipv4::Ipv4Packet; @@ -190,7 +191,10 @@ impl Interface { let mut state = state.borrow_mut(); match event { UpdateEvent::PrivateKey(private_key) => { + let pub_key = x25519::generate_public(&private_key); + info!("our pubkey: {}", base64::encode(pub_key.as_bytes())); state.interface_info.private_key = Some(private_key); + state.interface_info.pub_key = Some(*pub_key.as_bytes()); debug!("set new private key"); }, UpdateEvent::ListenPort(port) => { @@ -202,7 +206,7 @@ impl Interface { let mut peer = Peer::new(info.clone()); let private_key = &state.interface_info.private_key.expect("no private key!"); - let (init_packet, our_index) = peer.initiate_new_session(private_key).unwrap(); + let (init_packet, our_index) = peer.initiate_new_session(private_key).expect("initiate_new_session"); let peer = Rc::new(RefCell::new(peer)); @@ -219,7 +223,7 @@ impl Interface { future::ok(()) } - }).map_err(|_| ()); + }).map_err(|e| { warn!("error {:?}", e); () }); core.run(peer_server.join(utun_fut.join(config_fut.join(config_server)))).unwrap(); } diff --git a/src/interface/peer_server.rs b/src/interface/peer_server.rs index 2470335..1fe6724 100644 --- a/src/interface/peer_server.rs +++ b/src/interface/peer_server.rs @@ -122,6 +122,14 @@ impl PeerServer { let mut state = self.shared_state.borrow_mut(); match packet[0] { 1 => { + ensure!(packet.len() == 148, "handshake init packet length is incorrect"); + { + let pubkey = state.interface_info.pub_key.as_ref() + .ok_or_else(|| format_err!("must have local interface key"))?; + let (mac_in, mac_out) = packet.split_at(116); + Noise::verify_mac1(pubkey, mac_in, &mac_out[..16])?; + } + let their_index = LittleEndian::read_u32(&packet[4..]); let mut noise = Noise::build_responder( @@ -145,12 +153,19 @@ impl PeerServer { let _ = state.index_map.insert(next_index, peer_ref.clone()); self.send_to_peer((addr, response)); - info!("sent handshake response, ratcheted session."); + info!("sent handshake response, ratcheted session (index {}).", next_index); }, 2 => { - let our_index = LittleEndian::read_u32(&packet[8..]); - let peer_ref = state.index_map.get(&our_index) - .ok_or_else(|| format_err!("unknown our_index"))? + ensure!(packet.len() == 92, "handshake resp packet length is incorrect"); + { + let pubkey = state.interface_info.pub_key.as_ref() + .ok_or_else(|| format_err!("must have local interface key"))?; + let (mac_in, mac_out) = packet.split_at(60); + Noise::verify_mac1(pubkey, mac_in, &mac_out[..16])?; + } + let our_index = LittleEndian::read_u32(&packet[8..]); + let peer_ref = state.index_map.get(&our_index) + .ok_or_else(|| format_err!("unknown our_index ({})", our_index))? .clone(); let mut peer = peer_ref.borrow_mut(); let dead_index = peer.process_incoming_handshake_response(&packet)?; @@ -288,7 +303,9 @@ impl Future for PeerServer { // Handle pending state-changing timers loop { match self.timer_rx.poll() { - Ok(Async::Ready(Some(message))) => self.handle_timer(message).unwrap(), + Ok(Async::Ready(Some(message))) => { + let _ = self.handle_timer(message).map_err(|e| warn!("TIMER ERR: {:?}", e)); + }, Ok(Async::NotReady) => break, Ok(Async::Ready(None)) | Err(_) => return Err(()), } @@ -297,7 +314,9 @@ impl Future for PeerServer { // Handle UDP packets from the outside world loop { match self.udp_stream.poll() { - Ok(Async::Ready(Some((addr, packet)))) => self.handle_incoming_packet(addr, packet).unwrap(), + Ok(Async::Ready(Some((addr, packet)))) => { + let _ = self.handle_incoming_packet(addr, packet).map_err(|e| warn!("UDP ERR: {:?}", e)); + }, Ok(Async::NotReady) => break, Ok(Async::Ready(None)) | Err(_) => return Err(()), } @@ -305,9 +324,8 @@ impl Future for PeerServer { // Handle packets coming from the local tunnel loop { - match self.peek_from_tun_and_handle() { - Ok(false) => break, - Err(_) => return Err(()), + match self.peek_from_tun_and_handle().map_err(|e| { warn!("TUN ERR: {:?}", e); e }) { + Ok(false) | Err(_) => break, _ => {} } } diff --git a/src/main.rs b/src/main.rs index ddade34..4efebf6 100644 --- a/src/main.rs +++ b/src/main.rs @@ -31,6 +31,7 @@ extern crate tokio_uds; extern crate tokio_utun; extern crate tokio_timer; extern crate treebitmap; +extern crate x25519_dalek; mod consts; mod error; diff --git a/src/noise.rs b/src/noise.rs index beddbfa..3e08099 100644 --- a/src/noise.rs +++ b/src/noise.rs @@ -2,6 +2,7 @@ use blake2_rfc::blake2s::{Blake2s, blake2s}; use failure::{Error, SyncFailure}; use snow::{NoiseBuilder, Session}; use snow::params::NoiseParams; +use snow::wrappers::crypto_wrapper::Dh25519; use types::{InterfaceInfo, PeerInfo}; @@ -30,10 +31,9 @@ impl Noise { Ok(Noise::new_foundation(local_privkey) .build_responder() .map_err(SyncFailure::new)?) - } - pub fn build_mac1(pub_key: &[u8], mac_input: &mut [u8], mac_output: &mut [u8]) { + pub fn build_mac1(pub_key: &[u8], mac_input: &[u8], mac_output: &mut [u8]) { debug_assert!(mac_output.len() == 16); let mut mac_key_input = [0; 40]; mac_key_input[..8].copy_from_slice(b"mac1----"); @@ -42,4 +42,16 @@ impl Noise { let mac = blake2s(16, mac_key.as_bytes(), mac_input); mac_output.copy_from_slice(mac.as_bytes()); } + + pub fn verify_mac1(pub_key: &[u8], mac_input: &[u8], mac: &[u8]) -> Result<(), Error> { + debug_assert!(mac.len() == 16); + let mut mac_key_input = [0; 40]; + mac_key_input[..8].copy_from_slice(b"mac1----"); + mac_key_input[8..40].copy_from_slice(pub_key); + let mac_key = blake2s(32, &[], &mac_key_input); + let our_mac = blake2s(16, mac_key.as_bytes(), mac_input); + + ensure!(mac == our_mac.as_bytes(), "mac mismatch"); + Ok(()) + } } diff --git a/src/protocol/peer.rs b/src/protocol/peer.rs index 2afb4c4..1852569 100644 --- a/src/protocol/peer.rs +++ b/src/protocol/peer.rs @@ -196,7 +196,7 @@ impl Peer { let mut next_session = Session::with_their_index(noise, their_index); let next_index = next_session.our_index; let response_packet = self.get_response_packet(&mut next_session)?; - self.set_next_session(next_session); + self.set_next_session(next_session.into_transport_mode()); self.info.endpoint = Some(addr); // update peer endpoint after successful authentication self.last_handshake_tai64n = Some(timestamp); @@ -205,14 +205,14 @@ impl Peer { } fn get_response_packet(&mut self, next_session: &mut Session) -> Result<Vec<u8>, Error> { - let mut packet = vec![0; 76]; + let mut packet = vec![0; 92]; packet[0] = 2; /* Type: Response */ LittleEndian::write_u32(&mut packet[4..], next_session.our_index); LittleEndian::write_u32(&mut packet[8..], next_session.their_index); next_session.noise.write_message(&[], &mut packet[12..]).map_err(SyncFailure::new)?; { - let (mac_in, mac_out) = packet.split_at_mut(44); + let (mac_in, mac_out) = packet.split_at_mut(60); Noise::build_mac1(&self.info.pub_key, mac_in, &mut mac_out[..16]); } @@ -222,9 +222,8 @@ impl Peer { pub fn process_incoming_handshake_response(&mut self, packet: &[u8]) -> Result<Option<u32>, Error> { let their_index = LittleEndian::read_u32(&packet[4..]); let mut session = mem::replace(&mut self.sessions.next, None).ok_or_else(|| format_err!("no next session"))?; - let len = session.noise.read_message(&packet[12..60], &mut []).map_err(SyncFailure::new)?; + let _ = session.noise.read_message(&packet[12..60], &mut []).map_err(SyncFailure::new)?; - ensure!(len == 0, "non-zero payload length in handshake response"); session.their_index = their_index; let session = session.into_transport_mode(); |