From baebac5bec42743ea49644d4a836c6162cfe613f Mon Sep 17 00:00:00 2001 From: Mathias Hall-Andersen Date: Sat, 3 Aug 2019 14:45:45 +0200 Subject: Validate mac2 field --- src/handshake/macs.rs | 35 ++++++++++++++++++++++------------- src/handshake/noise.rs | 1 - src/handshake/types.rs | 2 ++ 3 files changed, 24 insertions(+), 14 deletions(-) diff --git a/src/handshake/macs.rs b/src/handshake/macs.rs index c65f2c8..d95489f 100644 --- a/src/handshake/macs.rs +++ b/src/handshake/macs.rs @@ -1,6 +1,5 @@ use std::time::{Duration, Instant}; -use rand::rngs::OsRng; use rand::CryptoRng; use rand::RngCore; @@ -194,7 +193,16 @@ impl Validator { } } - fn get_tau(&self, rng: &mut T, addr: &[u8]) -> [u8; SIZE_COOKIE] + fn get_tau(&self, src: &[u8]) -> Result<[u8; SIZE_COOKIE], HandshakeError> { + let secret = self.secret.lock(); + if secret.birth.elapsed() < Duration::from_secs(SECS_COOKIE_UPDATE) { + Ok(MAC!(&secret.value, src)) + } else { + Err(HandshakeError::InvalidMac2) + } + } + + fn get_set_tau(&self, rng: &mut T, src: &[u8]) -> [u8; SIZE_COOKIE] where T: RngCore + CryptoRng, { @@ -202,13 +210,13 @@ impl Validator { // check if current value is still valid if secret.birth.elapsed() < Duration::from_secs(SECS_COOKIE_UPDATE) { - return MAC!(&secret.value, addr); + return MAC!(&secret.value, src); }; // generate new value rng.fill_bytes(&mut secret.value); secret.birth = Instant::now(); - MAC!(&secret.value, addr) + MAC!(&secret.value, src) } fn create_cookie_reply( @@ -224,12 +232,12 @@ impl Validator { msg.f_receiver.set(receiver); rng.fill_bytes(&mut msg.f_nonce); XSEAL!( - &self.cookie_key, // key - &msg.f_nonce, // nonce - &macs.f_mac1, // ad - &self.get_tau(rng, src), // pt - &mut msg.f_cookie, // ct - &mut msg.f_cookie_tag // tag + &self.cookie_key, // key + &msg.f_nonce, // nonce + &macs.f_mac1, // ad + &self.get_set_tau(rng, src), // pt + &mut msg.f_cookie, // ct + &mut msg.f_cookie_tag // tag ); } @@ -261,9 +269,10 @@ impl Validator { src: &[u8], macs: &MacsFooter, ) -> Result<(), HandshakeError> { - let valid_mac1: bool = MAC!(&self.mac1_key, inner).ct_eq(&macs.f_mac1).into(); - if !valid_mac1 { - Err(HandshakeError::InvalidMac1) + let tau = self.get_tau(src)?; + let valid_mac2: bool = MAC!(&tau, inner, macs.f_mac1).ct_eq(&macs.f_mac2).into(); + if !valid_mac2 { + Err(HandshakeError::InvalidMac2) } else { Ok(()) } diff --git a/src/handshake/noise.rs b/src/handshake/noise.rs index cf5238c..0534e97 100644 --- a/src/handshake/noise.rs +++ b/src/handshake/noise.rs @@ -322,7 +322,6 @@ pub fn create_response( state: TemporaryState, // state from "consume_initiation" msg: &mut NoiseResponse, // resulting response ) -> Result { - let mut rng = OsRng::new().unwrap(); let (receiver, eph_r_pk, hs, ck) = state; let mut rng = OsRng::new().unwrap(); msg.f_sender.set(sender); diff --git a/src/handshake/types.rs b/src/handshake/types.rs index 6a35e1c..38b044e 100644 --- a/src/handshake/types.rs +++ b/src/handshake/types.rs @@ -43,6 +43,7 @@ pub enum HandshakeError { OldTimestamp, InvalidState, InvalidMac1, + InvalidMac2 } impl fmt::Display for HandshakeError { @@ -57,6 +58,7 @@ impl fmt::Display for HandshakeError { HandshakeError::OldTimestamp => write!(f, "Timestamp is less/equal to the newest"), HandshakeError::InvalidState => write!(f, "Message does not apply to handshake state"), HandshakeError::InvalidMac1 => write!(f, "Message has invalid mac1 field"), + HandshakeError::InvalidMac2 => write!(f, "Message has invalid mac2 field"), } } } -- cgit v1.2.3-59-g8ed1b