diff options
Diffstat (limited to 'src/wireguard/handshake/noise.rs')
| -rw-r--r-- | src/wireguard/handshake/noise.rs | 35 |
1 files changed, 16 insertions, 19 deletions
diff --git a/src/wireguard/handshake/noise.rs b/src/wireguard/handshake/noise.rs index beb99c2..92c8c5f 100644 --- a/src/wireguard/handshake/noise.rs +++ b/src/wireguard/handshake/noise.rs @@ -1,7 +1,7 @@ use std::time::Instant; // DH -use x25519_dalek::{PublicKey, StaticSecret, SharedSecret}; +use x25519_dalek::{PublicKey, SharedSecret, StaticSecret}; // HASH & MAC use blake2::Blake2s; @@ -11,15 +11,13 @@ use hmac::Hmac; use aead::{Aead, NewAead, Payload}; use chacha20poly1305::ChaCha20Poly1305; -use log; - -use rand::prelude::{CryptoRng, RngCore}; +use rand_core::{CryptoRng, RngCore}; use generic_array::typenum::*; use generic_array::*; use clear_on_drop::clear::Clear; -use clear_on_drop::clear_stack_on_return; +use clear_on_drop::clear_stack_on_return_fnonce; use subtle::ConstantTimeEq; @@ -65,20 +63,20 @@ macro_rules! HASH { use blake2::Digest; let mut hsh = Blake2s::new(); $( - hsh.input($input); + hsh.update($input); )* - hsh.result() + hsh.finalize() }}; } macro_rules! HMAC { ($key:expr, $($input:expr),*) => {{ - use hmac::Mac; + use hmac::{Mac, NewMac}; let mut mac = HMACBlake2s::new_varkey($key).unwrap(); $( - mac.input($input); + mac.update($input); )* - mac.result().code() + mac.finalize().into_bytes() }}; } @@ -114,7 +112,7 @@ macro_rules! KDF3 { macro_rules! SEAL { ($key:expr, $ad:expr, $pt:expr, $ct:expr) => { - ChaCha20Poly1305::new(*GenericArray::from_slice($key)) + ChaCha20Poly1305::new(GenericArray::from_slice($key)) .encrypt(&ZERO_NONCE.into(), Payload { msg: $pt, aad: $ad }) .map(|ct| $ct.copy_from_slice(&ct)) .unwrap() @@ -123,7 +121,7 @@ macro_rules! SEAL { macro_rules! OPEN { ($key:expr, $ad:expr, $pt:expr, $ct:expr) => { - ChaCha20Poly1305::new(*GenericArray::from_slice($key)) + ChaCha20Poly1305::new(GenericArray::from_slice($key)) .decrypt(&ZERO_NONCE.into(), Payload { msg: $ct, aad: $ad }) .map_err(|_| HandshakeError::DecryptionFailure) .map(|pt| $pt.copy_from_slice(&pt)) @@ -215,7 +213,7 @@ mod tests { } // Computes an X25519 shared secret. -// +// // This function wraps dalek to add a zero-check. // This is not recommended by the Noise specification, // but implemented in the kernel with which we strive for absolute equivalent behavior. @@ -244,7 +242,7 @@ pub(super) fn create_initiation<R: RngCore + CryptoRng, O>( return Err(HandshakeError::InvalidSharedSecret); } - clear_stack_on_return(CLEAR_PAGES, || { + clear_stack_on_return_fnonce(CLEAR_PAGES, || { // initialize state let ck = INITIAL_CK; @@ -290,7 +288,6 @@ pub(super) fn create_initiation<R: RngCore + CryptoRng, O>( // (C, k) := Kdf2(C, DH(S_priv, S_pub)) - let (ck, key) = KDF2!(&ck, &peer.ss); // msg.timestamp := Aead(k, 0, Timestamp(), H) @@ -326,7 +323,7 @@ pub(super) fn consume_initiation<'a, O>( ) -> Result<(&'a Peer<O>, PublicKey, TemporaryState), HandshakeError> { log::debug!("consume initiation"); - clear_stack_on_return(CLEAR_PAGES, || { + clear_stack_on_return_fnonce(CLEAR_PAGES, || { // initialize new state let ck = INITIAL_CK; @@ -360,7 +357,7 @@ pub(super) fn consume_initiation<'a, O>( let peer = device.lookup_pk(&PublicKey::from(pk))?; // check for zero shared-secret (see "shared_secret" note). - + if peer.ss.ct_eq(&[0u8; 32]).into() { return Err(HandshakeError::InvalidSharedSecret); } @@ -415,7 +412,7 @@ pub(super) fn create_response<R: RngCore + CryptoRng, O>( msg: &mut NoiseResponse, // resulting response ) -> Result<KeyPair, HandshakeError> { log::debug!("create response"); - clear_stack_on_return(CLEAR_PAGES, || { + clear_stack_on_return_fnonce(CLEAR_PAGES, || { // unpack state let (receiver, eph_r_pk, hs, ck) = state; @@ -500,7 +497,7 @@ pub(super) fn consume_response<'a, O>( msg: &NoiseResponse, ) -> Result<Output<'a, O>, HandshakeError> { log::debug!("consume response"); - clear_stack_on_return(CLEAR_PAGES, || { + clear_stack_on_return_fnonce(CLEAR_PAGES, || { // retrieve peer and copy initiation state let (peer, _) = device.lookup_id(msg.f_receiver.get())?; |