Skip to content

Commit

Permalink
feat: header MAC
Browse files Browse the repository at this point in the history
  • Loading branch information
@Banyc
Banyc committed Jan 1, 2024
1 parent 31698ec commit 51e7ee8
Show file tree
Hide file tree
Showing 4 changed files with 65 additions and 12 deletions.
34 changes: 33 additions & 1 deletion Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ tabled = "0.15"
thiserror = "1"
tokio = "1"
tokio-util = "0.7"
tokio_chacha20 = { git = "https://github.com/Banyc/tokio_chacha20.git", rev = "3e8835dc6143c1c5ecd664d5af3d6fa8229cf4e3" }
tokio_chacha20 = { git = "https://github.com/Banyc/tokio_chacha20.git", rev = "246bc1df7c449d608c3a74d8d4ee79cd1d0b983f" }
tokio_kcp = "0.9"
tracing = "0.1"
tracing-subscriber = "0.3"
39 changes: 30 additions & 9 deletions common/src/header/codec.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,17 +39,29 @@ where
};
trace!(len, "Read header length");

// Read header
if len > MAX_HEADER_LEN {
return Err(CodecError::Io(io::Error::new(
io::ErrorKind::InvalidData,
"Header too long",
)));
}
let hdr = &mut buf[..len];
let res = reader.read_exact(hdr);
add_await([res])?;

// Check MAC
let mut tag = [0; 16];
let res = reader.read_exact(&mut tag);
add_await([res])?;
let key = cursor.poly1305_key().unwrap();
let expected_tag = tokio_chacha20::mac::poly1305_mac(key, hdr);
if tag != expected_tag {
return Err(CodecError::Integrity);
}

// Decode header
let header = {
if len > MAX_HEADER_LEN {
return Err(CodecError::Io(io::Error::new(
io::ErrorKind::InvalidData,
"Header too long",
)));
}
let hdr = &mut buf[..len];
let res = reader.read_exact(hdr);
add_await([res])?;
let i = cursor.decrypt(hdr).unwrap();
assert_eq!(i, 0);
bincode::deserialize(hdr)?
Expand Down Expand Up @@ -99,8 +111,15 @@ where
// Write header
let (f, t) = cursor.encrypt(hdr, &mut buf[n..]);
assert_eq!(hdr.len(), f);
let encrypted_hdr = &buf[n..n + t];
n += t;

// Write tag
let key = cursor.poly1305_key();
let tag = tokio_chacha20::mac::poly1305_mac(key, encrypted_hdr);
buf[n..n + tag.len()].copy_from_slice(&tag);
n += tag.len();

add_await([writer.write_all(&buf[..n])])?;

Ok(())
Expand Down Expand Up @@ -151,4 +170,6 @@ pub enum CodecError {
Io(#[from] io::Error),
#[error("Serialization error: {0}")]
Serialization(#[from] bincode::Error),
#[error("Data tempered")]
Integrity,
}
2 changes: 1 addition & 1 deletion common/src/udp/steer.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,6 @@ async fn handle_steer_error(
fn error_kind_from_header_error(e: &CodecError) -> RouteErrorKind {
match e {
CodecError::Io(_) => RouteErrorKind::Io,
CodecError::Serialization(_) => RouteErrorKind::Codec,
CodecError::Serialization(_) | CodecError::Integrity => RouteErrorKind::Codec,
}
}

0 comments on commit 51e7ee8

Please sign in to comment.