From 0130e0cb28e838f77c8dfe158c3a7e9af29ea1c0 Mon Sep 17 00:00:00 2001 From: librelois <elois@ifee.fr> Date: Tue, 3 Sep 2019 20:30:03 +0200 Subject: [PATCH] [ref] pkstl: use same config object for all modes --- lib/tools/pkstl/src/agreement.rs | 3 +- lib/tools/pkstl/src/complete.rs | 38 ++++++++----------- .../pkstl/src/complete/serde/serializer.rs | 6 +-- lib/tools/pkstl/src/config.rs | 29 +++++++------- lib/tools/pkstl/src/encryption.rs | 2 +- .../src/encryption/chacha20_poly1305_aead.rs | 2 +- lib/tools/pkstl/src/lib.rs | 2 +- lib/tools/pkstl/src/minimal.rs | 36 +++++++++--------- lib/tools/pkstl/tests/complete_mode.rs | 12 ++++-- lib/tools/pkstl/tests/complete_serde_mode.rs | 4 +- lib/tools/pkstl/tests/minimal_mode.rs | 6 +-- 11 files changed, 69 insertions(+), 71 deletions(-) diff --git a/lib/tools/pkstl/src/agreement.rs b/lib/tools/pkstl/src/agreement.rs index 3bc6f370..f9f176c6 100644 --- a/lib/tools/pkstl/src/agreement.rs +++ b/lib/tools/pkstl/src/agreement.rs @@ -65,7 +65,7 @@ impl SharedSecret { } } -#[derive(Clone)] +#[derive(Clone, Debug)] /// Ephemeral public key used once to generate shared secret pub struct EphemeralPublicKey(agreement::PublicKey); @@ -76,6 +76,7 @@ impl AsRef<[u8]> for EphemeralPublicKey { } /// Ephemeral key pair used once to generate shared secret +#[derive(Debug)] pub struct EphemeralKeyPair { privkey: agreement::EphemeralPrivateKey, pubkey: EphemeralPublicKey, diff --git a/lib/tools/pkstl/src/complete.rs b/lib/tools/pkstl/src/complete.rs index 10e72212..ee8ebb7f 100644 --- a/lib/tools/pkstl/src/complete.rs +++ b/lib/tools/pkstl/src/complete.rs @@ -23,7 +23,7 @@ pub mod writer; #[cfg(feature = "ser")] pub use self::serde::IncomingMessage; -use crate::{Error, Message, MinimalSecureLayer, Result, SdtlConfig, Seed32}; +use crate::{Error, Message, MinimalSecureLayer, Result, SecureLayerConfig, Seed32}; use flate2::write::{DeflateDecoder, DeflateEncoder}; use message::IncomingBinaryMessage; use ring::signature::Ed25519KeyPair; @@ -37,8 +37,8 @@ use ::serde::Serialize; use std::fmt::Debug; /// Secure layer +#[derive(Debug)] pub struct SecureLayer { - config: SdtlConfig, minimal_secure_layer: MinimalSecureLayer, sig_key_pair: Option<Ed25519KeyPair>, } @@ -49,17 +49,14 @@ impl SecureLayer { let msl_clone = self.minimal_secure_layer.try_clone()?; Ok(SecureLayer { - config: self.config, minimal_secure_layer: msl_clone, sig_key_pair: None, }) } /// Change configuration #[inline] - pub fn change_config(&mut self, new_config: SdtlConfig) -> Result<()> { - self.minimal_secure_layer - .change_config(new_config.minimal)?; - self.config = new_config; + pub fn change_config(&mut self, new_config: SecureLayerConfig) -> Result<()> { + self.minimal_secure_layer.change_config(new_config)?; Ok(()) } fn compress(&self, bin_message: &[u8]) -> Result<Vec<u8>> { @@ -67,11 +64,12 @@ impl SecureLayer { let buffer = BufWriter::new(Vec::with_capacity(bin_message.len())); // Determine compression level - let compression_level = if bin_message.len() < self.config.compression_min_size { - flate2::Compression::none() - } else { - self.config.compression - }; + let compression_level = + if bin_message.len() < self.minimal_secure_layer.config.compression_min_size { + flate2::Compression::none() + } else { + self.minimal_secure_layer.config.compression + }; // Create compressor let mut deflate_encoder = DeflateEncoder::new(buffer, compression_level); @@ -95,18 +93,14 @@ impl SecureLayer { /// Create secure layer #[inline] pub fn create( - config: SdtlConfig, + config: SecureLayerConfig, sig_key_pair_seed: Option<Seed32>, expected_remote_sig_pubkey: Option<Vec<u8>>, ) -> Result<Self> { let seed = sig_key_pair_seed.unwrap_or_else(Seed32::random); let secure_layer = SecureLayer { - config, - minimal_secure_layer: MinimalSecureLayer::create( - config.minimal, - expected_remote_sig_pubkey, - )?, + minimal_secure_layer: MinimalSecureLayer::create(config, expected_remote_sig_pubkey)?, sig_key_pair: Some( Ed25519KeyPair::from_seed_unchecked(seed.as_ref()) .map_err(|_| Error::FailtoGenSigKeyPair)?, @@ -293,17 +287,17 @@ mod tests { use super::*; #[cfg(feature = "ser")] use crate::MessageFormat; - use crate::SdtlMinimalConfig; + use crate::{EncryptAlgo, SecureLayerConfig}; #[test] fn test_change_config() -> Result<()> { - let mut msl = SecureLayer::create(SdtlConfig::default(), None, None)?; - msl.change_config(SdtlConfig { + let mut msl = SecureLayer::create(SecureLayerConfig::default(), None, None)?; + msl.change_config(SecureLayerConfig { compression: flate2::Compression::fast(), compression_min_size: 8_192, #[cfg(feature = "ser")] message_format: MessageFormat::RawBinary, - minimal: SdtlMinimalConfig::default(), + encrypt_algo: EncryptAlgo::default(), }) .expect("change config must be success"); Ok(()) diff --git a/lib/tools/pkstl/src/complete/serde/serializer.rs b/lib/tools/pkstl/src/complete/serde/serializer.rs index 5a89e846..70450be6 100644 --- a/lib/tools/pkstl/src/complete/serde/serializer.rs +++ b/lib/tools/pkstl/src/complete/serde/serializer.rs @@ -32,7 +32,7 @@ where { // Serialize and compress custom datas let custom_datas = if let Some(custom_datas) = custom_datas { - let bin_msg = serialize(custom_datas, sl.config.message_format)?; + let bin_msg = serialize(custom_datas, sl.minimal_secure_layer.config.message_format)?; Some(sl.compress(&bin_msg[..])?) } else { None @@ -53,7 +53,7 @@ where { // Serialize and compress custom datas let custom_datas = if let Some(custom_datas) = custom_datas { - let bin_msg = serialize(custom_datas, sl.config.message_format)?; + let bin_msg = serialize(custom_datas, sl.minimal_secure_layer.config.message_format)?; Some(sl.compress(&bin_msg[..])?) } else { None @@ -73,7 +73,7 @@ where W: Write, { // Serialize message - let bin_msg = serialize(message, sl.config.message_format)?; + let bin_msg = serialize(message, sl.minimal_secure_layer.config.message_format)?; // Compress message let bin_zip_msg = sl.compress(&bin_msg[..])?; diff --git a/lib/tools/pkstl/src/config.rs b/lib/tools/pkstl/src/config.rs index c80949b0..b883b231 100644 --- a/lib/tools/pkstl/src/config.rs +++ b/lib/tools/pkstl/src/config.rs @@ -26,37 +26,34 @@ use crate::format::MessageFormat; #[cfg(feature = "zip-sign")] #[derive(Clone, Copy, Debug, PartialEq)] /// PKSTL Configuration -pub struct SdtlConfig { +pub struct SecureLayerConfig { + #[cfg(feature = "zip-sign")] /// Compression level pub compression: flate2::Compression, + #[cfg(feature = "zip-sign")] /// Compression minimal size in bytes pub compression_min_size: usize, #[cfg(feature = "ser")] /// Message format pub message_format: MessageFormat, - /// PKSTL minimum Configuration - pub minimal: SdtlMinimalConfig, + /// Encryption algorithm + pub encrypt_algo: EncryptAlgo, } -impl Default for SdtlConfig { +impl Default for SecureLayerConfig { fn default() -> Self { - SdtlConfig { + SecureLayerConfig { + #[cfg(feature = "zip-sign")] compression: flate2::Compression::fast(), + #[cfg(feature = "zip-sign")] compression_min_size: DEFAULT_COMPRESSION_MIN_SIZE, #[cfg(feature = "ser")] message_format: MessageFormat::default(), - minimal: SdtlMinimalConfig::default(), + encrypt_algo: EncryptAlgo::default(), } } } -#[derive(Clone, Copy, Debug, Default, PartialEq)] -/// PKSTL minimum Configuration -pub struct SdtlMinimalConfig { - /// Encryption algorithm - pub encrypt_algo: EncryptAlgo, -} - #[cfg(test)] mod tests { @@ -65,14 +62,14 @@ mod tests { #[test] fn test_default_config() { assert_eq!( - SdtlConfig { + SecureLayerConfig { compression: flate2::Compression::fast(), compression_min_size: DEFAULT_COMPRESSION_MIN_SIZE, #[cfg(feature = "ser")] message_format: MessageFormat::default(), - minimal: SdtlMinimalConfig::default(), + encrypt_algo: EncryptAlgo::default(), }, - SdtlConfig::default() + SecureLayerConfig::default() ) } } diff --git a/lib/tools/pkstl/src/encryption.rs b/lib/tools/pkstl/src/encryption.rs index 1786381e..7e0519da 100644 --- a/lib/tools/pkstl/src/encryption.rs +++ b/lib/tools/pkstl/src/encryption.rs @@ -42,7 +42,7 @@ impl EncryptAlgo { } } -#[derive(Clone)] +#[derive(Clone, Debug)] pub enum EncryptAlgoWithSecretKey { Chacha20Poly1305Aead(chacha20_poly1305_aead::SecretKey), } diff --git a/lib/tools/pkstl/src/encryption/chacha20_poly1305_aead.rs b/lib/tools/pkstl/src/encryption/chacha20_poly1305_aead.rs index 9dd33c0c..acea90c3 100644 --- a/lib/tools/pkstl/src/encryption/chacha20_poly1305_aead.rs +++ b/lib/tools/pkstl/src/encryption/chacha20_poly1305_aead.rs @@ -22,7 +22,7 @@ use std::io::{BufWriter, Read, Write}; const CHACHA20_TAG_SIZE: usize = 16; -#[derive(Clone, Default)] +#[derive(Clone, Debug, Default)] /// Secret key used for encryption algo pub struct SecretKey { key: [u8; 32], diff --git a/lib/tools/pkstl/src/lib.rs b/lib/tools/pkstl/src/lib.rs index 09e8bc5b..41d97e7b 100644 --- a/lib/tools/pkstl/src/lib.rs +++ b/lib/tools/pkstl/src/lib.rs @@ -46,7 +46,7 @@ mod signature; mod status; pub use agreement::EphemeralPublicKey; -pub use config::{SdtlConfig, SdtlMinimalConfig}; +pub use config::SecureLayerConfig; pub use encryption::EncryptAlgo; pub use errors::Error; pub use message::{EncapsuledMessage, Message}; diff --git a/lib/tools/pkstl/src/minimal.rs b/lib/tools/pkstl/src/minimal.rs index a820222f..69fb34e6 100644 --- a/lib/tools/pkstl/src/minimal.rs +++ b/lib/tools/pkstl/src/minimal.rs @@ -16,7 +16,7 @@ //! Manage minimal secure and decentralized transport layer. use crate::agreement::{EphemeralKeyPair, EphemeralPublicKey}; -use crate::config::SdtlMinimalConfig; +use crate::config::SecureLayerConfig; use crate::constants::*; use crate::digest::sha256; use crate::encryption::{encrypt, EncryptAlgoWithSecretKey}; @@ -29,10 +29,11 @@ use crate::{Action, ActionSideEffects, Error, MsgType, Result}; use std::io::{BufReader, BufWriter, Write}; /// Minimal secure layer +#[derive(Debug)] pub struct MinimalSecureLayer { ack_msg_recv_too_early: Option<Vec<u8>>, cloned: bool, - config: SdtlMinimalConfig, + pub(crate) config: SecureLayerConfig, pub(crate) encrypt_algo_with_secret: Option<EncryptAlgoWithSecretKey>, ephemeral_kp: Option<EphemeralKeyPair>, pub(crate) ephemeral_pubkey: EphemeralPublicKey, @@ -64,7 +65,7 @@ impl MinimalSecureLayer { } } /// Change configuration - pub fn change_config(&mut self, new_config: SdtlMinimalConfig) -> Result<()> { + pub fn change_config(&mut self, new_config: SecureLayerConfig) -> Result<()> { if !self.cloned { self.config = new_config; Ok(()) @@ -74,7 +75,7 @@ impl MinimalSecureLayer { } /// Create minimal secure layer pub fn create( - config: SdtlMinimalConfig, + config: SecureLayerConfig, expected_remote_sig_public_key: Option<Vec<u8>>, ) -> Result<Self> { let ephemeral_kp = EphemeralKeyPair::generate()?; @@ -409,9 +410,10 @@ mod tests { #[test] fn test_change_config() -> Result<()> { - let mut msl = MinimalSecureLayer::create(SdtlMinimalConfig::default(), None)?; - msl.change_config(SdtlMinimalConfig { + let mut msl = MinimalSecureLayer::create(SecureLayerConfig::default(), None)?; + msl.change_config(SecureLayerConfig { encrypt_algo: EncryptAlgo::Chacha20Poly1305Aead, + ..SecureLayerConfig::default() }) .expect("change config must be success"); Ok(()) @@ -419,8 +421,8 @@ mod tests { #[test] fn test_compute_shared_secret_twice() -> Result<()> { - let mut msl1 = MinimalSecureLayer::create(SdtlMinimalConfig::default(), None)?; - let msl2 = MinimalSecureLayer::create(SdtlMinimalConfig::default(), None)?; + let mut msl1 = MinimalSecureLayer::create(SecureLayerConfig::default(), None)?; + let msl2 = MinimalSecureLayer::create(SecureLayerConfig::default(), None)?; msl1.compute_shared_secret(msl2.ephemeral_pubkey.as_ref())?; msl1.compute_shared_secret(msl2.ephemeral_pubkey.as_ref())?; @@ -429,7 +431,7 @@ mod tests { #[test] fn test_status_update_to_fail() -> Result<()> { - let mut msl1 = MinimalSecureLayer::create(SdtlMinimalConfig::default(), None)?; + let mut msl1 = MinimalSecureLayer::create(SecureLayerConfig::default(), None)?; let fake_encrypted_incoming_datas = &[0, 0, 0, 0]; let result = msl1.read(fake_encrypted_incoming_datas); @@ -455,7 +457,7 @@ mod tests { incoming_datas.append(&mut [0u8; 32].to_vec()); // fake sig // Create secure layer - let mut msl1 = MinimalSecureLayer::create(SdtlMinimalConfig::default(), None)?; + let mut msl1 = MinimalSecureLayer::create(SecureLayerConfig::default(), None)?; // Read ack msg let result = msl1.read(&incoming_datas[..]); @@ -471,7 +473,7 @@ mod tests { #[test] fn test_write_user_msg_before_nego() -> Result<()> { // Create secure layer - let mut msl1 = MinimalSecureLayer::create(SdtlMinimalConfig::default(), None)?; + let mut msl1 = MinimalSecureLayer::create(SecureLayerConfig::default(), None)?; // Try to create ack message before connect message let result = msl1.write_message(&[], &mut BufWriter::new(Vec::new())); @@ -486,7 +488,7 @@ mod tests { #[test] fn test_create_ack_msg_before_connect() -> Result<()> { // Create secure layer - let mut msl1 = MinimalSecureLayer::create(SdtlMinimalConfig::default(), None)?; + let mut msl1 = MinimalSecureLayer::create(SecureLayerConfig::default(), None)?; // Try to create ack message before connect message let result = msl1.create_ack_message(None); @@ -505,7 +507,7 @@ mod tests { .map_err(|_| Error::FailtoGenSigKeyPair)?; // Create secure layer - let mut msl1 = MinimalSecureLayer::create(SdtlMinimalConfig::default(), None)?; + let mut msl1 = MinimalSecureLayer::create(SecureLayerConfig::default(), None)?; let _ = msl1.create_connect_message(sig_kp.public_key().as_ref(), None)?; @@ -539,7 +541,7 @@ mod tests { incoming_datas.append(&mut [0u8; 32].to_vec()); // fake sig // Create secure layer - let mut msl1 = MinimalSecureLayer::create(SdtlMinimalConfig::default(), None)?; + let mut msl1 = MinimalSecureLayer::create(SecureLayerConfig::default(), None)?; // Read connect msg let result = msl1.read(&incoming_datas[..]); @@ -566,7 +568,7 @@ mod tests { create_connect_msg_bytes(ephemeral_kp.public_key().as_ref().to_vec(), &sig_kp)?; // Create secure layer - let mut msl1 = MinimalSecureLayer::create(SdtlMinimalConfig::default(), None)?; + let mut msl1 = MinimalSecureLayer::create(SecureLayerConfig::default(), None)?; // Read connect message let _ = msl1.read(&incoming_datas[..])?; @@ -588,7 +590,7 @@ mod tests { .map_err(|_| Error::FailtoGenSigKeyPair)?; // Create secure layer - let mut msl1 = MinimalSecureLayer::create(SdtlMinimalConfig::default(), None)?; + let mut msl1 = MinimalSecureLayer::create(SecureLayerConfig::default(), None)?; // Create ack msg bytes let incoming_datas = @@ -609,7 +611,7 @@ mod tests { #[test] fn test_recv_user_msg_before_nego() -> Result<()> { // Create secure layer - let mut msl1 = MinimalSecureLayer::create(SdtlMinimalConfig::default(), None)?; + let mut msl1 = MinimalSecureLayer::create(SecureLayerConfig::default(), None)?; // Create empty user msg fakely encryted let mut incoming_datas = Vec::with_capacity(100); diff --git a/lib/tools/pkstl/tests/complete_mode.rs b/lib/tools/pkstl/tests/complete_mode.rs index f41f763f..47dcecc8 100644 --- a/lib/tools/pkstl/tests/complete_mode.rs +++ b/lib/tools/pkstl/tests/complete_mode.rs @@ -39,7 +39,8 @@ mod tests { let seed = Seed32::random(); // Create server secure layer - let server_msl = SecureLayer::create(SdtlConfig::default(), Some(seed.clone()), None)?; + let server_msl = + SecureLayer::create(SecureLayerConfig::default(), Some(seed.clone()), None)?; // Get server sig pubkey let server_sig_pubkey = Ed25519KeyPair::from_seed_unchecked(seed.as_ref()) @@ -53,8 +54,11 @@ mod tests { fn client_infos(expected_server_sig_pubkey: Option<Vec<u8>>) -> Result<SecureLayer> { // Create client secure layer - let client_msl = - SecureLayer::create(SdtlConfig::default(), None, expected_server_sig_pubkey)?; + let client_msl = SecureLayer::create( + SecureLayerConfig::default(), + None, + expected_server_sig_pubkey, + )?; Ok(client_msl) } @@ -254,7 +258,7 @@ mod tests { server_msl.try_clone()?; // After clone, we can't change config - let result = client_msl.change_config(SdtlConfig::default()); + let result = client_msl.change_config(SecureLayerConfig::default()); if let Err(Error::ForbidChangeConfAfterClone) = result { // OK } else { diff --git a/lib/tools/pkstl/tests/complete_serde_mode.rs b/lib/tools/pkstl/tests/complete_serde_mode.rs index 8d4e8883..ab7e5817 100644 --- a/lib/tools/pkstl/tests/complete_serde_mode.rs +++ b/lib/tools/pkstl/tests/complete_serde_mode.rs @@ -29,7 +29,7 @@ mod tests { let seed = Seed32::random(); // Create server secure layer - let mut conf = SdtlConfig::default(); + let mut conf = SecureLayerConfig::default(); conf.message_format = format; let server_msl = SecureLayer::create(conf, Some(seed.clone()), None)?; @@ -48,7 +48,7 @@ mod tests { format: MessageFormat, ) -> Result<SecureLayer> { // Create client secure layer - let mut conf = SdtlConfig::default(); + let mut conf = SecureLayerConfig::default(); conf.message_format = format; let client_msl = SecureLayer::create(conf, None, expected_server_sig_pubkey)?; diff --git a/lib/tools/pkstl/tests/minimal_mode.rs b/lib/tools/pkstl/tests/minimal_mode.rs index e1667e9d..6f753720 100644 --- a/lib/tools/pkstl/tests/minimal_mode.rs +++ b/lib/tools/pkstl/tests/minimal_mode.rs @@ -39,14 +39,14 @@ fn client_infos(server_sig_kp: &[u8]) -> Result<(MinimalSecureLayer, Ed25519KeyP // Create client secure layer let client_msl = - MinimalSecureLayer::create(SdtlMinimalConfig::default(), Some(server_sig_kp.to_vec()))?; + MinimalSecureLayer::create(SecureLayerConfig::default(), Some(server_sig_kp.to_vec()))?; Ok((client_msl, client_sig_kp)) } fn server_infos() -> Result<(MinimalSecureLayer, Ed25519KeyPair)> { // Create server secure layer - let server_msl = MinimalSecureLayer::create(SdtlMinimalConfig::default(), None)?; + let server_msl = MinimalSecureLayer::create(SecureLayerConfig::default(), None)?; // Create server sig keypair let server_sig_kp = Ed25519KeyPair::from_seed_unchecked(Seed32::random().as_ref()) @@ -461,7 +461,7 @@ fn ordered_passing_case() -> Result<()> { server_msl.try_clone()?; // After clone, we can't change config - let result = client_msl.change_config(SdtlMinimalConfig::default()); + let result = client_msl.change_config(SecureLayerConfig::default()); if let Err(Error::ForbidChangeConfAfterClone) = result { // OK } else { -- GitLab