From c62aca70a3443271d7d151873991ea9a02537f9a Mon Sep 17 00:00:00 2001 From: Mathias Hall-Andersen Date: Mon, 5 Aug 2019 21:51:16 +0200 Subject: Multiple mac2 can be checked concurrently --- src/handshake/macs.rs | 35 +++++++++++++++++------------------ src/handshake/noise.rs | 2 -- 2 files changed, 17 insertions(+), 20 deletions(-) (limited to 'src') diff --git a/src/handshake/macs.rs b/src/handshake/macs.rs index 65fd7fa..f465099 100644 --- a/src/handshake/macs.rs +++ b/src/handshake/macs.rs @@ -1,5 +1,5 @@ use rand::{CryptoRng, RngCore}; -use spin::Mutex; +use spin::RwLock; use std::time::{Duration, Instant}; use blake2::Blake2s; @@ -8,7 +8,6 @@ use subtle::ConstantTimeEq; use x25519_dalek::PublicKey; use std::net::SocketAddr; -use zerocopy::AsBytes; use super::messages::{CookieReply, MacsFooter}; use super::types::HandshakeError; @@ -192,9 +191,9 @@ struct Secret { } pub struct Validator { - mac1_key: [u8; 32], + mac1_key: [u8; 32], // mac1 key, derieved from device public key cookie_key: [u8; 32], // xchacha20poly key for sealing cookie response - secret: Mutex, + secret: RwLock, } impl Validator { @@ -202,7 +201,7 @@ impl Validator { Validator { mac1_key: HASH!(LABEL_MAC1, pk.as_bytes()).into(), cookie_key: HASH!(LABEL_COOKIE, pk.as_bytes()).into(), - secret: Mutex::new(Secret { + secret: RwLock::new(Secret { value: [0u8; SIZE_SECRET], birth: Instant::now() - Duration::from_secs(2 * SECS_COOKIE_UPDATE), }), @@ -210,7 +209,7 @@ impl Validator { } fn get_tau(&self, src: &[u8]) -> Option<[u8; SIZE_COOKIE]> { - let secret = self.secret.lock(); + let secret = self.secret.read(); if secret.birth.elapsed() < Duration::from_secs(SECS_COOKIE_UPDATE) { Some(MAC!(&secret.value, src)) } else { @@ -218,33 +217,33 @@ impl Validator { } } - fn get_set_tau(&self, rng: &mut T, src: &[u8]) -> [u8; SIZE_COOKIE] - where - T: RngCore + CryptoRng, - { - let mut secret = self.secret.lock(); - + fn get_set_tau(&self, rng: &mut R, src: &[u8]) -> [u8; SIZE_COOKIE] { // check if current value is still valid + let secret = self.secret.read(); + if secret.birth.elapsed() < Duration::from_secs(SECS_COOKIE_UPDATE) { + return MAC!(&secret.value, src); + }; + + // take write lock, check again + let mut secret = self.secret.write(); if secret.birth.elapsed() < Duration::from_secs(SECS_COOKIE_UPDATE) { return MAC!(&secret.value, src); }; - // generate new value + // set new random cookie secret rng.fill_bytes(&mut secret.value); secret.birth = Instant::now(); MAC!(&secret.value, src) } - pub fn create_cookie_reply( + pub fn create_cookie_reply( &self, - rng: &mut T, + rng: &mut R, receiver: u32, // receiver id of incoming message src: &SocketAddr, // source address of incoming message macs: &MacsFooter, // footer of incoming message msg: &mut CookieReply, // resulting cookie reply - ) where - T: RngCore + CryptoRng, - { + ) { let src = addr_to_mac_bytes(src); msg.f_receiver.set(receiver); rng.fill_bytes(&mut msg.f_nonce); diff --git a/src/handshake/noise.rs b/src/handshake/noise.rs index a93d544..d66304c 100644 --- a/src/handshake/noise.rs +++ b/src/handshake/noise.rs @@ -9,7 +9,6 @@ use hmac::Hmac; // AEAD (from libsodium) use sodiumoxide::crypto::aead::chacha20poly1305; -use rand::rngs::OsRng; use rand::{CryptoRng, RngCore}; use generic_array::typenum::*; @@ -323,7 +322,6 @@ pub fn create_response( state: TemporaryState, // state from "consume_initiation" msg: &mut NoiseResponse, // resulting response ) -> Result { - // unpack state let (receiver, eph_r_pk, hs, ck) = state; -- cgit v1.2.3-59-g8ed1b