Commit 61adddc2 authored by Georgio Nicolas's avatar Georgio Nicolas
Browse files

Resolves #33: Added validation rules for public keys + Additional refactoring

parent 8a4a927a
......@@ -15,3 +15,17 @@ pub(crate) const MAX_MESSAGE: usize = 0xFFFF;
pub(crate) const MAX_NONCE: u64 = u64::max_value();
pub(crate) const NONCE_LENGTH: usize = chacha20poly1305::NONCE_LENGTH;
pub(crate) const ZEROLEN: [u8; 0] = [0_u8; 0];
pub(crate) const forbidden_curve_values: [[u8; 32]; 12] = [
[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
[1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
[224, 235, 122, 124, 59, 65, 184, 174, 22, 86, 227, 250, 241, 159, 196, 106, 218, 9, 141, 235, 156, 50, 177, 253, 134, 98, 5, 22, 95, 73, 184, 0],
[95, 156, 149, 188, 163, 80, 140, 36, 177, 208, 177, 85, 156, 131, 239, 91, 4, 68, 92, 196, 88, 28, 142, 134, 216, 34, 78, 221, 208, 159, 17, 87],
[236, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 127],
[237, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 127],
[238, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 127],
[205, 235, 122, 124, 59, 65, 184, 174, 22, 86, 227, 250, 241, 159, 196, 106, 218, 9, 141, 235, 156, 50, 177, 253, 134, 98, 5, 22, 95, 73, 184, 128],
[76, 156, 149, 188, 163, 80, 140, 36, 177, 208, 177, 85, 156, 131, 239, 91, 4, 68, 92, 196, 88, 28, 142, 134, 216, 34, 78, 221, 208, 159, 17, 215],
[217, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255],
[218, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255],
[219, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255]
];
\ No newline at end of file
......@@ -108,7 +108,7 @@ impl NoiseSession {
pub fn init_session(initiator: bool, prologue: &[u8], s: Keypair, rs: Option<PublicKey>) -> NoiseSession {
if initiator {
NoiseSession{
hs: HandshakeState::initialize_initiator(prologue, s, rs.unwrap_or(PublicKey::empty()), Psk::new()),
hs: HandshakeState::initialize_initiator(prologue, s, rs.unwrap_or(PublicKey::empty()), Psk::default()),
mc: 0,
i: initiator,
cs1: CipherState::new(),
......@@ -118,7 +118,7 @@ impl NoiseSession {
}
} else {
NoiseSession {
hs: HandshakeState::initialize_responder(prologue, s, Psk::new()),
hs: HandshakeState::initialize_responder(prologue, s, Psk::default()),
mc: 0,
i: initiator,
cs1: CipherState::new(),
......
......@@ -286,7 +286,7 @@ impl HandshakeState {
return Err(NoiseError::MissingneError);
}
if self.e.is_empty() {
self.e = Keypair::new();
self.e = Keypair::default();
}
let (ne, in_out) = in_out.split_at_mut(DHLEN);
ne.copy_from_slice(&self.e.get_public_key().as_bytes()[..]);
......@@ -297,7 +297,7 @@ impl HandshakeState {
ns[..DHLEN].copy_from_slice(&self.s.get_public_key().as_bytes()[..]);
self.ss.encrypt_and_hash(ns)?;
self.ss.encrypt_and_hash(in_out)?;
return Ok(());
Ok(())
}
pub(crate) fn write_message_b(&mut self, in_out: &mut [u8]) -> Result<(), NoiseError> {
......@@ -305,7 +305,7 @@ impl HandshakeState {
return Err(NoiseError::MissingneError);
}
if self.e.is_empty() {
self.e = Keypair::new();
self.e = Keypair::default();
}
let (ne, in_out) = in_out.split_at_mut(DHLEN);
ne.copy_from_slice(&self.e.get_public_key().as_bytes()[..]);
......@@ -313,7 +313,7 @@ impl HandshakeState {
/* No PSK, so skipping mixKey */
self.ss.mix_key(&self.e.dh(&self.re.as_bytes()));
self.ss.encrypt_and_hash(in_out)?;
return Ok(());
Ok(())
}
pub(crate) fn write_message_c(&mut self, in_out: &mut [u8]) -> Result<(Hash, CipherState, CipherState), NoiseError> {
......@@ -342,7 +342,7 @@ impl HandshakeState {
self.ss.decrypt_and_hash(rs)?;
self.rs = PublicKey::from_bytes(from_slice_hashlen(rs))?;
self.ss.decrypt_and_hash(in_out)?;
return Ok(());
Ok(())
}
pub(crate) fn read_message_b(&mut self, in_out: &mut [u8]) -> Result<(), NoiseError> {
......@@ -355,7 +355,7 @@ impl HandshakeState {
/* No PSK, so skipping mixKey */
self.ss.mix_key(&self.e.dh(&self.re.as_bytes()));
self.ss.decrypt_and_hash(in_out)?;
return Ok(());
Ok(())
}
pub(crate) fn read_message_c(&mut self, in_out: &mut [u8]) -> Result<(Hash, CipherState, CipherState), NoiseError> {
......
/* ---------------------------------------------------------------- *
* TYPES *
* ---------------------------------------------------------------- */
// TODO clean up here
use constant_time_eq::constant_time_eq;
use crate::{
consts::{DHLEN, EMPTY_KEY, HASHLEN, MAX_NONCE},
consts::{DHLEN, EMPTY_KEY, HASHLEN, MAX_NONCE, forbidden_curve_values},
error::NoiseError,
};
use hacl_star::curve25519;
......@@ -66,26 +65,6 @@ impl Key {
k: key,
}
}
/// Instanciates a new `Key` from a string of hexadecimal values.
/// # Example
///
/// ```
/// # use noiseexplorer_i1k::{
/// # error::NoiseError,
/// # types::Key,
/// # };
/// # fn try_main() -> Result<(), NoiseError> {
/// let k = Key::from_str("4a3acbfdb163dec651dfa3194dece676d437029c62a408b4c5ea9114246e4893")?;
/// # Ok(())
/// # }
/// # fn main() {
/// # try_main().unwrap();
/// # }
/// ```
pub fn from_str(key: &str) -> Result<Self, NoiseError> {
let a = decode_str_32(key)?;
Ok(Self::from_bytes(a))
}
pub(crate) fn as_bytes(&self) -> [u8; DHLEN] {
self.k
}
......@@ -97,6 +76,7 @@ impl Key {
/// # error::NoiseError,
/// # types::Key,
/// # };
/// # use std::str::FromStr;
/// # fn try_main() -> Result<(), NoiseError> {
/// let empty_key1 = Key::from_str("0000000000000000000000000000000000000000000000000000000000000000")?;
/// let empty_key2 = Key::new();
......@@ -123,13 +103,37 @@ impl Key {
}
}
}
impl std::str::FromStr for Key {
type Err = NoiseError;
/// Instanciates a new `Key` from a string of hexadecimal values.
/// # Example
///
/// ```
/// # use noiseexplorer_i1k::{
/// # error::NoiseError,
/// # types::Key,
/// # };
/// # use std::str::FromStr;
/// # fn try_main() -> Result<(), NoiseError> {
/// let k = Key::from_str("4a3acbfdb163dec651dfa3194dece676d437029c62a408b4c5ea9114246e4893")?;
/// # Ok(())
/// # }
/// # fn main() {
/// # try_main().unwrap();
/// # }
/// ```
fn from_str(key: &str) -> Result<Self, NoiseError> {
let a = decode_str_32(key)?;
Ok(Self::from_bytes(a))
}
}
pub struct Psk {
psk: [u8; DHLEN],
}
impl Psk {
/// Instanciates a new empty `Psk`.
pub fn new() -> Self {
pub fn default() -> Self {
Self::from_bytes(EMPTY_KEY)
}
pub(crate) fn clear(&mut self) {
......@@ -141,26 +145,7 @@ impl Psk {
psk: k,
}
}
/// Instanciates a new `Psk` from a string of hexadecimal values.
/// # Example
///
/// ```
/// # use noiseexplorer_i1k::{
/// # error::NoiseError,
/// # types::Psk,
/// # };
/// # fn try_main() -> Result<(), NoiseError> {
/// let k = Psk::from_str("4a3acbfdb163dec651dfa3194dece676d437029c62a408b4c5ea9114246e4893")?;
/// # Ok(())
/// # }
/// # fn main() {
/// # try_main().unwrap();
/// # }
/// ```
pub fn from_str(k: &str) -> Result<Self, NoiseError> {
let psk = decode_str_32(k)?;
Ok(Self::from_bytes(psk))
}
#[allow(dead_code)]
pub(crate) fn as_bytes(&self) -> [u8; DHLEN] {
self.psk
......@@ -173,9 +158,10 @@ impl Psk {
/// # error::NoiseError,
/// # types::Psk,
/// # };
/// # use std::str::FromStr;
/// # fn try_main() -> Result<(), NoiseError> {
/// let empty_key1 = Psk::from_str("0000000000000000000000000000000000000000000000000000000000000000")?;
/// let empty_key2 = Psk::new();
/// let empty_key2 = Psk::default();
/// let k = Psk::from_str("4a3acbfdb163dec651dfa3194dece676d437029c62a408b4c5ea9114246e4893")?;
/// assert!(empty_key1.is_empty());
/// assert!(empty_key2.is_empty());
......@@ -198,6 +184,34 @@ impl Clone for Psk {
}
}
impl std::str::FromStr for Psk {
type Err = NoiseError;
/// Instanciates a new `Psk` from a string of hexadecimal values.
/// # Example
///
/// ```
/// # use noiseexplorer_i1k::{
/// # error::NoiseError,
/// # types::Psk,
/// # };
/// # use std::str::FromStr;
/// # fn try_main() -> Result<(), NoiseError> {
/// let k = Psk::from_str("4a3acbfdb163dec651dfa3194dece676d437029c62a408b4c5ea9114246e4893")?;
/// # Ok(())
/// # }
/// # fn main() {
/// # try_main().unwrap();
/// # }
/// ```
fn from_str(k: &str) -> Result<Self, NoiseError> {
let psk = decode_str_32(k)?;
if psk.len() > 32 {
}
Ok(Self::from_bytes(psk))
}
}
#[derive(Clone)]
pub struct PrivateKey {
k: [u8; DHLEN],
......@@ -221,26 +235,6 @@ impl PrivateKey {
k: hacl_secret.0,
}
}
/// Instanciates a new `PrivateKey` from a string of hexadecimal values.
/// # Example
///
/// ```
/// # use noiseexplorer_i1k::{
/// # error::NoiseError,
/// # types::PrivateKey,
/// # };
/// # fn try_main() -> Result<(), NoiseError> {
/// let k = PrivateKey::from_str("4a3acbfdb163dec651dfa3194dece676d437029c62a408b4c5ea9114246e4893")?;
/// # Ok(())
/// # }
/// # fn main() {
/// # try_main().unwrap();
/// # }
/// ```
pub fn from_str(key: &str) -> Result<Self, NoiseError> {
let k = decode_str_32(key)?;
Ok(Self::from_hacl_secret_key(curve25519::SecretKey(k)))
}
pub(crate) fn as_bytes(&self) -> [u8; DHLEN] {
self.k
}
......@@ -252,6 +246,7 @@ impl PrivateKey {
/// # error::NoiseError,
/// # types::PrivateKey,
/// # };
/// # use std::str::FromStr;
/// # fn try_main() -> Result<(), NoiseError> {
/// let empty_key1 = PrivateKey::from_str("0000000000000000000000000000000000000000000000000000000000000000")?;
/// let empty_key2 = PrivateKey::empty();
......@@ -279,6 +274,31 @@ impl PrivateKey {
}
}
impl std::str::FromStr for PrivateKey {
type Err = NoiseError;
/// Instanciates a new `PrivateKey` from a string of hexadecimal values.
/// # Example
///
/// ```
/// # use noiseexplorer_i1k::{
/// # error::NoiseError,
/// # types::PrivateKey,
/// # };
/// # use std::str::FromStr;
/// # fn try_main() -> Result<(), NoiseError> {
/// let k = PrivateKey::from_str("4a3acbfdb163dec651dfa3194dece676d437029c62a408b4c5ea9114246e4893")?;
/// # Ok(())
/// # }
/// # fn main() {
/// # try_main().unwrap();
/// # }
/// ```
fn from_str(key: &str) -> Result<Self, NoiseError> {
let k = decode_str_32(key)?;
Ok(Self::from_hacl_secret_key(curve25519::SecretKey(k)))
}
}
#[derive(Copy, Clone)]
pub struct PublicKey {
k: [u8; DHLEN],
......@@ -292,19 +312,28 @@ impl PublicKey {
}
/// Instanciates a new `PublicKey` from an array of `DHLEN` bytes.
pub fn from_bytes(k: [u8; DHLEN]) -> Result<Self, NoiseError> {
// TODO check if public key is a valid point on the curve
// if false {
// Err(NoiseError::InvalidPublicKeyError)
// }
for i in forbidden_curve_values.iter() {
if &k == i {
return Err(NoiseError::InvalidPublicKeyError);
}
}
Ok(Self {
k,
})
}
pub(crate) fn clear(&mut self) {
self.k.zeroize();
}
/// Instanciates a new `PublicKey` from a string of hexadecimal values.
/// Returns `Ok(PublicKey)` when successful and `Err(NoiseError)` otherwise.
pub(crate) fn from_hacl_public_key(hacl_public: curve25519::PublicKey) -> Self {
Self {
k: hacl_public.0,
}
}
pub fn as_bytes(&self) -> [u8; DHLEN] {
self.k
}
/// Checks whether a `PublicKey` object is empty or not.
/// # Example
///
/// ```
......@@ -312,28 +341,26 @@ impl PublicKey {
/// # error::NoiseError,
/// # types::PublicKey,
/// # };
/// # use std::str::FromStr;
/// # fn try_main() -> Result<(), NoiseError> {
/// let empty_key = PublicKey::empty();
/// let k = PublicKey::from_str("4a3acbfdb163dec651dfa3194dece676d437029c62a408b4c5ea9114246e4893")?;
/// println!("{:?}", k.as_bytes());
/// assert!(empty_key.is_empty());
/// assert!(!k.is_empty());
/// # Ok(())
/// # }
/// # fn main() {
/// # try_main().unwrap();
/// # }
/// ```
pub fn from_str(key: &str) -> Result<Self, NoiseError> {
let pk = decode_str_32(key)?;
Ok(Self::from_hacl_public_key(curve25519::PublicKey(pk)))
}
pub(crate) fn from_hacl_public_key(hacl_public: curve25519::PublicKey) -> Self {
Self {
k: hacl_public.0,
}
}
pub fn as_bytes(&self) -> [u8; DHLEN] {
self.k
pub fn is_empty(&self) -> bool {
constant_time_eq(&self.k[..], &EMPTY_KEY)
}
/// Checks whether a `PublicKey` object is empty or not.
}
impl std::str::FromStr for PublicKey {
type Err = NoiseError;
/// Instanciates a new `PublicKey` from a string of hexadecimal values.
/// Returns `Ok(PublicKey)` when successful and `Err(NoiseError)` otherwise.
/// # Example
///
/// ```
......@@ -341,21 +368,19 @@ impl PublicKey {
/// # error::NoiseError,
/// # types::PublicKey,
/// # };
/// # use std::str::FromStr;
/// # fn try_main() -> Result<(), NoiseError> {
/// let empty_key1 = PublicKey::from_str("0000000000000000000000000000000000000000000000000000000000000000")?;
/// let empty_key2 = PublicKey::empty();
/// let k = PublicKey::from_str("4a3acbfdb163dec651dfa3194dece676d437029c62a408b4c5ea9114246e4893")?;
/// assert!(empty_key1.is_empty());
/// assert!(empty_key2.is_empty());
/// assert!(!k.is_empty());
/// println!("{:?}", k.as_bytes());
/// # Ok(())
/// # }
/// # fn main() {
/// # try_main().unwrap();
/// # }
/// ```
pub fn is_empty(&self) -> bool {
constant_time_eq(&self.k[..], &EMPTY_KEY)
fn from_str(key: &str) -> Result<Self, NoiseError> {
let pk = decode_str_32(key)?;
Ok(Self::from_hacl_public_key(curve25519::PublicKey(pk)))
}
}
......@@ -398,7 +423,7 @@ impl Keypair {
}
}
/// Instanciates a `Keypair` by generating a `PrivateKey` from random values using `thread_rng()`, then deriving the corresponding `PublicKey`
pub fn new() -> Self {
pub fn default() -> Self {
let hacl_keypair: (curve25519::SecretKey, curve25519::PublicKey) =
curve25519::keypair(rand::thread_rng());
Self {
......@@ -406,7 +431,6 @@ impl Keypair {
public_key: PublicKey::from_hacl_public_key(hacl_keypair.1),
}
}
pub(crate) fn dh(&self, public_key: &[u8; DHLEN]) -> [u8; DHLEN] {
let mut output: [u8; DHLEN] = EMPTY_KEY;
curve25519::scalarmult(&mut output, &self.private_key.as_bytes(), public_key);
......@@ -435,3 +459,31 @@ impl Keypair {
self.public_key
}
}
#[test]
fn public_key_validation_test() {
let bad_public_keys = vec![
PublicKey::from_bytes([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]),
PublicKey::from_bytes([1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]),
PublicKey::from_bytes([224, 235, 122, 124, 59, 65, 184, 174, 22, 86, 227, 250, 241, 159, 196, 106, 218, 9, 141, 235, 156, 50, 177, 253, 134, 98, 5, 22, 95, 73, 184, 0]),
PublicKey::from_bytes([95, 156, 149, 188, 163, 80, 140, 36, 177, 208, 177, 85, 156, 131, 239, 91, 4, 68, 92, 196, 88, 28, 142, 134, 216, 34, 78, 221, 208, 159, 17, 87]),
PublicKey::from_bytes([236, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 127]),
PublicKey::from_bytes([237, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 127]),
PublicKey::from_bytes([238, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 127]),
PublicKey::from_bytes([205, 235, 122, 124, 59, 65, 184, 174, 22, 86, 227, 250, 241, 159, 196, 106, 218, 9, 141, 235, 156, 50, 177, 253, 134, 98, 5, 22, 95, 73, 184, 128]),
PublicKey::from_bytes([76, 156, 149, 188, 163, 80, 140, 36, 177, 208, 177, 85, 156, 131, 239, 91, 4, 68, 92, 196, 88, 28, 142, 134, 216, 34, 78, 221, 208, 159, 17, 215]),
PublicKey::from_bytes([217, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255]),
PublicKey::from_bytes([218, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255]),
PublicKey::from_bytes([219, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255]),
];
for i in bad_public_keys {
if i.is_ok() {
panic!("Allowed forbidden Public Key value");
}
}
if PublicKey::from_bytes(decode_str_32("31e0303fd6418d2f8c0e78b91f22e8caed0fbe48656dcf4767e4834f701b8f62").unwrap()).is_err() {
panic!("Denied valid Public Key value");
}
}
\ No newline at end of file
......@@ -6,6 +6,7 @@ use noiseexplorer_i1k::{
noisesession::NoiseSession,
types::{Keypair, PrivateKey, PublicKey},
};
use std::str::FromStr;
fn decode_str(s: &str) -> Vec<u8> {
hex::decode(s).unwrap()
......
......@@ -15,3 +15,17 @@ pub(crate) const MAX_MESSAGE: usize = 0xFFFF;
pub(crate) const MAX_NONCE: u64 = u64::max_value();
pub(crate) const NONCE_LENGTH: usize = chacha20poly1305::NONCE_LENGTH;
pub(crate) const ZEROLEN: [u8; 0] = [0_u8; 0];
pub(crate) const forbidden_curve_values: [[u8; 32]; 12] = [
[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
[1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
[224, 235, 122, 124, 59, 65, 184, 174, 22, 86, 227, 250, 241, 159, 196, 106, 218, 9, 141, 235, 156, 50, 177, 253, 134, 98, 5, 22, 95, 73, 184, 0],
[95, 156, 149, 188, 163, 80, 140, 36, 177, 208, 177, 85, 156, 131, 239, 91, 4, 68, 92, 196, 88, 28, 142, 134, 216, 34, 78, 221, 208, 159, 17, 87],
[236, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 127],
[237, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 127],
[238, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 127],
[205, 235, 122, 124, 59, 65, 184, 174, 22, 86, 227, 250, 241, 159, 196, 106, 218, 9, 141, 235, 156, 50, 177, 253, 134, 98, 5, 22, 95, 73, 184, 128],
[76, 156, 149, 188, 163, 80, 140, 36, 177, 208, 177, 85, 156, 131, 239, 91, 4, 68, 92, 196, 88, 28, 142, 134, 216, 34, 78, 221, 208, 159, 17, 215],
[217, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255],
[218, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255],
[219, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255]
];
\ No newline at end of file
......@@ -108,7 +108,7 @@ impl NoiseSession {
pub fn init_session(initiator: bool, prologue: &[u8], s: Keypair, rs: Option<PublicKey>) -> NoiseSession {
if initiator {
NoiseSession{
hs: HandshakeState::initialize_initiator(prologue, s, rs.unwrap_or(PublicKey::empty()), Psk::new()),
hs: HandshakeState::initialize_initiator(prologue, s, rs.unwrap_or(PublicKey::empty()), Psk::default()),
mc: 0,
i: initiator,
cs1: CipherState::new(),
......@@ -118,7 +118,7 @@ impl NoiseSession {
}
} else {
NoiseSession {
hs: HandshakeState::initialize_responder(prologue, s, Psk::new()),
hs: HandshakeState::initialize_responder(prologue, s, Psk::default()),
mc: 0,
i: initiator,
cs1: CipherState::new(),
......
......@@ -286,7 +286,7 @@ impl HandshakeState {
return Err(NoiseError::MissingneError);
}
if self.e.is_empty() {
self.e = Keypair::new();
self.e = Keypair::default();
}
let (ne, in_out) = in_out.split_at_mut(DHLEN);
ne.copy_from_slice(&self.e.get_public_key().as_bytes()[..]);
......@@ -296,7 +296,7 @@ impl HandshakeState {
ns[..DHLEN].copy_from_slice(&self.s.get_public_key().as_bytes()[..]);
self.ss.mix_hash(ns);
self.ss.mix_hash(in_out);
return Ok(());
Ok(())
}
pub(crate) fn write_message_b(&mut self, in_out: &mut [u8]) -> Result<(), NoiseError> {
......@@ -304,7 +304,7 @@ impl HandshakeState {
return Err(NoiseError::MissingneError);
}
if self.e.is_empty() {
self.e = Keypair::new();
self.e = Keypair::default();
}
let (ne, in_out) = in_out.split_at_mut(DHLEN);
ne.copy_from_slice(&self.e.get_public_key().as_bytes()[..]);
......@@ -313,7 +313,7 @@ impl HandshakeState {
self.ss.mix_key(&self.e.dh(&self.re.as_bytes()));
self.ss.mix_key(&self.s.dh(&self.re.as_bytes()));
self.ss.encrypt_and_hash(in_out)?;
return Ok(());
Ok(())
}
pub(crate) fn write_message_c(&mut self, in_out: &mut [u8]) -> Result<(Hash, CipherState, CipherState), NoiseError> {
......@@ -341,7 +341,7 @@ impl HandshakeState {
self.ss.mix_hash(rs);
self.rs = PublicKey::from_bytes(from_slice_hashlen(rs))?;
self.ss.mix_hash(in_out);
return Ok(());
Ok(())
}
pub(crate) fn read_message_b(&mut self, in_out: &mut [u8]) -> Result<(), NoiseError> {
......@@ -355,7 +355,7 @@ impl HandshakeState {
self.ss.mix_key(&self.e.dh(&self.re.as_bytes()));
self.ss.mix_key(&self.e.dh(&self.rs.as_bytes()));
self.ss.decrypt_and_hash(in_out)?;
return Ok(());
Ok(())
}
pub(crate) fn read_message_c(&mut self, in_out: &mut [u8]) -> Result<(Hash, CipherState, CipherState), NoiseError> {
......
/* ---------------------------------------------------------------- *
* TYPES *
* ---------------------------------------------------------------- */
// TODO clean up here
use constant_time_eq::constant_time_eq;
use crate::{
consts::{DHLEN, EMPTY_KEY, HASHLEN, MAX_NONCE},
consts::{DHLEN, EMPTY_KEY, HASHLEN, MAX_NONCE, forbidden_curve_values},
error::NoiseError,
};
use hacl_star::curve25519;
......@@ -66,26 +65,6 @@ impl Key {
k: key,