Skip to content

Commit

Permalink
crypto: clean up crypto and cypher clode
Browse files Browse the repository at this point in the history
  • Loading branch information
@da2ce7
da2ce7 committed Sep 10, 2022
1 parent e807376 commit cbb03d2
Show file tree
Hide file tree
Showing 6 changed files with 192 additions and 138 deletions.
91 changes: 91 additions & 0 deletions src/crypto_core.rs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
pub mod keys {

pub mod seeds {
use crate::static_keys::static_seeds::{SeedSize, INSTANCE_SEED};

pub trait Seed {
type Seed: Sized + Default + AsMut<[u8]>;
fn seed() -> &'static Self::Seed;
}

pub struct DefaultSeed;
pub struct InstanceSeed;

impl Seed for DefaultSeed {
type Seed = SeedSize;
fn seed() -> &'static Self::Seed {
&*self::detail::DEFAULT_SEED
}
}

impl Seed for InstanceSeed {
type Seed = SeedSize;
fn seed() -> &'static Self::Seed {
&*INSTANCE_SEED
}
}

pub fn initialize_default_seed() {
lazy_static::initialize(&self::detail::DEFAULT_SEED);
}

mod detail {

pub use crate::static_keys::static_seeds::INSTANCE_SEED;

#[cfg(not(test))]
pub use INSTANCE_SEED as DEFAULT_SEED;

#[cfg(test)]
pub use crate::static_keys::static_seeds::ZEROED_TEST_SEED as DEFAULT_SEED;
}
}

pub mod block_ciphers {
use cipher::{BlockSizeUser, generic_array::GenericArray};

use crate::static_keys::block_ciphers::Cypher;

use super::seeds::initialize_default_seed;

pub trait BlockCipher {
type BlockCipher: cipher::BlockCipher;
fn block_cipher() -> &'static Self::BlockCipher;
}

pub type CypherArray = GenericArray<u8, <Cypher as BlockSizeUser>::BlockSize>;

pub struct DefaultBlockCipher;
pub struct InstanceBlockCipher;

impl BlockCipher for DefaultBlockCipher {
type BlockCipher = Cypher;
fn block_cipher() -> &'static Self::BlockCipher {
&*self::detail::DEFAULT_BLOCK_CIPHER
}
}

impl BlockCipher for InstanceBlockCipher {
type BlockCipher = Cypher;
fn block_cipher() -> &'static Self::BlockCipher {
&*self::detail::INSTANCE_CIPHER
}
}

pub fn initialize_default_block_cipher() {
initialize_default_seed();
lazy_static::initialize(&self::detail::DEFAULT_BLOCK_CIPHER);
}

mod detail {

pub use crate::static_keys::block_ciphers::INSTANCE_BLOCK_CIPHER_BLOWFISH as INSTANCE_CIPHER;

#[cfg(not(test))]
pub use INSTANCE_CIPHER as DEFAULT_BLOCK_CIPHER;

#[cfg(test)]
pub use crate::static_keys::block_ciphers::TEST_BLOCK_CIPHER_BLOWFISH as DEFAULT_BLOCK_CIPHER;
}
}
}
136 changes: 26 additions & 110 deletions src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ pub use protocol::common::*;

pub mod api;
pub mod config;
pub mod crypto_core;
pub mod databases;
pub mod http;
pub mod jobs;
Expand All @@ -20,128 +21,43 @@ pub mod udp;
#[macro_use]
extern crate lazy_static;

pub mod keys {
pub mod static_keys {
pub mod static_seeds {
use rand::{rngs::ThreadRng, Rng};

pub mod seeds {
pub type SeedSize = [u8; 32];

pub trait Seed {
type Seed: Sized + Default + AsMut<[u8]>;
fn seed() -> &'static Self::Seed;
lazy_static! {
pub static ref INSTANCE_SEED: SeedSize = Rng::gen(&mut ThreadRng::default());
}

pub struct DefaultSeed;
pub struct InstanceSeed;

impl Seed for DefaultSeed {
type Seed = detail::Seed;
fn seed() -> &'static Self::Seed {
&*self::detail::DEFAULT_SEED
}
}

impl Seed for InstanceSeed {
type Seed = detail::Seed;
fn seed() -> &'static Self::Seed {
&*detail::instance::INSTANCE_SEED
}
}

pub fn initialize_default_seed() {
lazy_static::initialize(&self::detail::DEFAULT_SEED);
}

mod detail {
pub type Seed = [u8; 32];

#[cfg(not(test))]
pub use self::instance::INSTANCE_SEED as DEFAULT_SEED;

#[cfg(test)]
pub use self::zeroed_test::ZEROED_TEST_SEED as DEFAULT_SEED;

pub mod instance {
use super::*;
lazy_static! {
pub static ref INSTANCE_SEED: Seed = rand::Rng::gen(&mut rand::rngs::ThreadRng::default());
}
}

#[cfg(test)]
pub mod zeroed_test {
use super::*;
lazy_static! {
pub static ref ZEROED_TEST_SEED: Seed = [0u8; 32];
}
}
#[cfg(test)]
lazy_static! {
pub static ref ZEROED_TEST_SEED: SeedSize = [0u8; 32];
}
}

pub mod block_ciphers {
use super::seeds::initialize_default_seed;
use crate::crypto_core::keys::seeds::Seed;
use blowfish::BlowfishLE;
use cipher::KeyInit;
use rand::rngs::StdRng;
use rand::SeedableRng;

pub trait BlockCipher {
type BlockCipher: cipher::BlockCipher;
fn block_cipher() -> &'static Self::BlockCipher;
}

pub struct DefaultBlockCipher;
pub struct InstanceBlockCipher;
use crate::crypto_core::keys::seeds::{DefaultSeed, InstanceSeed};

impl BlockCipher for DefaultBlockCipher {
type BlockCipher = self::detail::blowfish::Blowfish;
fn block_cipher() -> &'static Self::BlockCipher {
&*self::detail::DEFAULT_BLOCK_CIPHER
}
}

impl BlockCipher for InstanceBlockCipher {
type BlockCipher = self::detail::blowfish::Blowfish;
fn block_cipher() -> &'static Self::BlockCipher {
&*self::detail::blowfish::instance::INSTANCE_BLOCK_CIPHER_BLOWFISH
}
}
pub type Cypher = BlowfishLE;

pub fn initialize_default_block_cipher() {
initialize_default_seed();
lazy_static::initialize(&self::detail::DEFAULT_BLOCK_CIPHER);
lazy_static! {
pub static ref INSTANCE_BLOCK_CIPHER_BLOWFISH: BlowfishLE = <BlowfishLE as KeyInit>::new(
&<BlowfishLE as KeyInit>::generate_key(<StdRng as SeedableRng>::from_seed(*InstanceSeed::seed()))
);
}

pub mod detail {
#[cfg(not(test))]
pub use self::blowfish::instance::INSTANCE_BLOCK_CIPHER_BLOWFISH as DEFAULT_BLOCK_CIPHER;

#[cfg(test)]
pub use self::blowfish::zeroed_test::TEST_BLOWFISH_BLOCK_CIPHER as DEFAULT_BLOCK_CIPHER;

pub mod blowfish {
use ::blowfish;
use crate::keys::seeds::Seed;
pub type Blowfish = blowfish::Blowfish<byteorder::LE>;

pub mod instance {
use super::*;
use crate::keys::seeds::InstanceSeed;

lazy_static! {
pub static ref INSTANCE_BLOCK_CIPHER_BLOWFISH: Blowfish =
<Blowfish as crypto_common::KeyInit>::new(&<Blowfish as crypto_common::KeyInit>::generate_key(
<rand::rngs::StdRng as rand::SeedableRng>::from_seed(*InstanceSeed::seed())
));
}
}
#[cfg(test)]
pub mod zeroed_test {
use super::*;
use crate::keys::seeds::DefaultSeed;

lazy_static! {
pub static ref TEST_BLOWFISH_BLOCK_CIPHER: Blowfish =
<Blowfish as crypto_common::KeyInit>::new(&<Blowfish as crypto_common::KeyInit>::generate_key(
<rand::rngs::StdRng as rand::SeedableRng>::from_seed(*DefaultSeed::seed())
));
}
}
}
lazy_static! {
pub static ref TEST_BLOCK_CIPHER_BLOWFISH: BlowfishLE = <BlowfishLE as KeyInit>::new(
&<BlowfishLE as KeyInit>::generate_key(<StdRng as SeedableRng>::from_seed(*DefaultSeed::seed()))
);
}
}
}
}
38 changes: 13 additions & 25 deletions src/udp/connection/connection_cookie.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,11 @@ use std::convert::TryInto;
use std::hash::Hasher;
use std::time::Duration;

use blowfish::Blowfish;
use byteorder::{LittleEndian, LE};
use cipher::generic_array::GenericArray;
use cipher::{BlockDecrypt, BlockEncrypt, BlockSizeUser};
use cipher::{BlockDecrypt, BlockEncrypt};

use crate::keys::block_ciphers::{DefaultBlockCipher, BlockCipher};
use crate::crypto_core::keys::block_ciphers::{BlockCipher, CypherArray, DefaultBlockCipher};
use crate::protocol::clock::{DefaultTime, Time};

type BlowfishArray = GenericArray<u8, <Blowfish<LittleEndian> as BlockSizeUser>::BlockSize>;

use super::connection_image::{ConnectionImage, KeyedImage, PlainImage};

pub trait ConnectionCookie<T: ConnectionImage> {
Expand Down Expand Up @@ -41,18 +36,17 @@ pub struct EncryptedCookie {

impl HashedCookie {
fn new_int(client_image: KeyedImage, lifetime: Duration, past: bool, after_now: Option<Duration>) -> Self {

let after_maybe = match after_now {
Some(after) => after,
None => Duration::ZERO,
};

let now_maybe_next = match past {
true => DefaultTime::after(&after_maybe),
false => DefaultTime::after(&(lifetime + after_maybe)),
};

let life_period = now_maybe_next / lifetime.into();
let life_period = now_maybe_next / lifetime.into();

let mut hasher = DefaultHasher::default();
hasher.write_u128(life_period);
Expand Down Expand Up @@ -158,11 +152,9 @@ impl ConnectionCookie<PlainImage> for EncryptedCookie {
let id_clear: Vec<u8> = [&client_image.value()[0..4], &expiry_u32.to_le_bytes().as_slice()].concat();

let id_clear_bytes: [u8; 8] = id_clear.try_into().unwrap();
let mut block: BlowfishArray = BlowfishArray::from(id_clear_bytes);

let blowfish_key: &blowfish::Blowfish<LE> = DefaultBlockCipher::block_cipher();

<Blowfish<LE> as BlockEncrypt>::encrypt_block(blowfish_key, &mut block);
let mut block = CypherArray::from(id_clear_bytes);
DefaultBlockCipher::block_cipher().encrypt_block(&mut block);

EncryptedCookie {
value: block.try_into().unwrap(),
Expand All @@ -179,11 +171,9 @@ impl ConnectionCookie<PlainImage> for EncryptedCookie {
encoded_id: [u8; 8],
after_now: Option<Duration>,
) -> Result<(), Self::Error> {
let mut block: BlowfishArray = BlowfishArray::from(encoded_id);
let mut block = CypherArray::from(encoded_id);

let blowfish_key: &blowfish::Blowfish<LE> = DefaultBlockCipher::block_cipher();

<Blowfish<LE> as BlockDecrypt>::decrypt_block(&blowfish_key, &mut block);
DefaultBlockCipher::block_cipher().decrypt_block(&mut block);

let client_image_bytes: [u8; 4] = block[0..4].try_into().unwrap();
let expiry_bytes: [u8; 4] = block[4..8].try_into().unwrap();
Expand Down Expand Up @@ -214,15 +204,15 @@ mod tests {
use std::net::{IpAddr, Ipv4Addr, SocketAddr};
use std::time::Duration;

use crate::udp::connection::connection_image::Create;
use crate::udp::connection::connection_cookie::ConnectionCookie;
use crate::udp::connection::connection_image::Create;

static LIFETIME_SEC : u64 = 120;
static LIFETIME_SEC: u64 = 120;

mod test_hashed_encoded_id {
use super::*;
use crate::udp::connection::connection_image::KeyedImage as Image;
use crate::udp::connection::connection_cookie::HashedCookie as Id;
use crate::udp::connection::connection_image::KeyedImage as Image;

#[test]
fn it_should_make_an_encoded_id() {
Expand Down Expand Up @@ -260,13 +250,11 @@ mod tests {

mod test_witness_encoded_id {
use super::*;
use crate::protocol::clock::DefaultTime;
use crate::udp::connection::connection_image::KeyedImage as Image;
use crate::udp::connection::connection_cookie::WitnessCookie as Id;
use crate::udp::connection::connection_image::KeyedImage as Image;

#[test]
fn it_should_make_an_encoded_id() {

let socket = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), 8080);
let client_image = Image::new(&socket);
let lifetime = Duration::new(LIFETIME_SEC, 0);
Expand Down Expand Up @@ -300,8 +288,8 @@ mod tests {

mod test_encrypted_encoded_id {
use super::*;
use crate::udp::connection::connection_image::{PlainImage as Image, PlainHash};
use crate::udp::connection::connection_cookie::EncryptedCookie as Id;
use crate::udp::connection::connection_image::{PlainHash, PlainImage as Image};

#[test]
fn it_should_make_an_encoded_id() {
Expand Down
2 changes: 1 addition & 1 deletion src/udp/connection/connection_image.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ use std::collections::hash_map::DefaultHasher;
use std::hash::{Hash, Hasher};
use std::net::SocketAddr;

use crate::keys::seeds::{DefaultSeed, Seed};
use crate::crypto_core::keys::seeds::{DefaultSeed, Seed};

pub trait ConnectionImage: PartialEq + Clone {
fn value(&self) -> &Vec<u8>;
Expand Down
Loading

0 comments on commit cbb03d2

Please sign in to comment.