[codestyle] code cleanup
This commit is contained in:
parent
3e84f47f12
commit
8bc64762f7
|
@ -3,7 +3,5 @@
|
||||||
#[cfg(unix)]
|
#[cfg(unix)]
|
||||||
#[path = "linux.rs"]
|
#[path = "linux.rs"]
|
||||||
pub mod tun; // Tun/tap drivers for Linux
|
pub mod tun; // Tun/tap drivers for Linux
|
||||||
#[cfg(unix)]
|
|
||||||
pub mod linux;
|
|
||||||
|
|
||||||
pub mod tungeneric;
|
pub mod tungeneric;
|
|
@ -1,17 +1,18 @@
|
||||||
//! A simple, almost pure-rust, cross-platform `WireGuard` implementation.
|
//! A simple, almost pure-rust, cross-platform `WireGuard` implementation.
|
||||||
//! Designed to function similarly to boringtun, this crate has modules for cross-platform device drivers, the Noise_IKpsk2 handshake, and cryptography constructs required for the above.
|
//! Designed to function similarly to boringtun, this crate has modules for cross-platform device drivers, the `Noise_IKpsk2` handshake, and cryptography constructs required for the above.
|
||||||
|
|
||||||
|
#![deny(missing_docs)]
|
||||||
|
|
||||||
#![warn(clippy::pedantic)]
|
#![warn(clippy::pedantic)]
|
||||||
#![warn(clippy::nursery)]
|
#![warn(clippy::nursery)]
|
||||||
#![deny(missing_docs)]
|
|
||||||
#![deny(clippy::unwrap_used)]
|
#![deny(clippy::unwrap_used)]
|
||||||
#![deny(clippy::expect_used)]
|
#![deny(clippy::expect_used)]
|
||||||
|
|
||||||
// This is an annoyance
|
// This is an annoyance
|
||||||
#![allow(clippy::must_use_candidate)]
|
#![allow(clippy::must_use_candidate)]
|
||||||
|
|
||||||
|
pub use cidr;
|
||||||
|
|
||||||
pub mod drivers;
|
pub mod drivers;
|
||||||
pub mod qcrypto;
|
pub mod qcrypto;
|
||||||
pub mod noise;
|
pub mod noise;
|
||||||
|
|
||||||
pub use cidr;
|
|
|
@ -1,14 +1,15 @@
|
||||||
//! `Noise_IKpsk2` handshake initiator packets
|
//! `Noise_IKpsk2` handshake initiator packets
|
||||||
|
|
||||||
use rand::{Rng, thread_rng};
|
use rand::{Rng, thread_rng};
|
||||||
use x25519_dalek::{PublicKey};
|
use x25519_dalek::PublicKey;
|
||||||
|
|
||||||
use crate::noise::error::NoiseError;
|
use crate::noise::error::NoiseError;
|
||||||
use crate::noise::handshake::{HANDSHAKE_INITIATOR_CHAIN_KEY, HANDSHAKE_INITIATOR_CHAIN_KEY_HASH, HandshakeState, needs_cookie};
|
use crate::noise::handshake::{HANDSHAKE_INITIATOR_CHAIN_KEY, HANDSHAKE_INITIATOR_CHAIN_KEY_HASH, HandshakeState, needs_cookie};
|
||||||
|
use crate::qcrypto::{LABEL_MAC1, timestamp};
|
||||||
use crate::qcrypto::aead::{qcrypto_aead, qcrypto_aead_decrypt};
|
use crate::qcrypto::aead::{qcrypto_aead, qcrypto_aead_decrypt};
|
||||||
use crate::qcrypto::hashes::{qcrypto_hash_twice, qcrypto_mac};
|
use crate::qcrypto::hashes::{qcrypto_hash_twice, qcrypto_mac};
|
||||||
use crate::qcrypto::hkdf::qcrypto_hkdf;
|
use crate::qcrypto::hkdf::qcrypto_hkdf;
|
||||||
use crate::qcrypto::pki::{qcrypto_dh_generate_longterm, qcrypto_dh_longterm};
|
use crate::qcrypto::pki::{qcrypto_dh_generate_longterm, qcrypto_dh_longterm};
|
||||||
use crate::qcrypto::{LABEL_MAC1, timestamp};
|
|
||||||
|
|
||||||
/// Generate a handshake initiator packet and encrypt it using the given session state, starting a new handshake state
|
/// Generate a handshake initiator packet and encrypt it using the given session state, starting a new handshake state
|
||||||
/// # Errors
|
/// # Errors
|
||||||
|
@ -16,6 +17,7 @@ use crate::qcrypto::{LABEL_MAC1, timestamp};
|
||||||
/// # Panics
|
/// # Panics
|
||||||
/// While containing unwraps, this function will never panic.
|
/// While containing unwraps, this function will never panic.
|
||||||
#[allow(clippy::module_name_repetitions)]
|
#[allow(clippy::module_name_repetitions)]
|
||||||
|
#[allow(clippy::unwrap_used)] // Safe because it is only used for type conversions in known safe ways
|
||||||
pub fn handshake_init_to(session: &mut HandshakeState) -> Result<[u8; 148], NoiseError> {
|
pub fn handshake_init_to(session: &mut HandshakeState) -> Result<[u8; 148], NoiseError> {
|
||||||
session.s_pub_i = PublicKey::from(session.s_priv_me);
|
session.s_pub_i = PublicKey::from(session.s_priv_me);
|
||||||
session.s_pub_r = session.s_pub_them;
|
session.s_pub_r = session.s_pub_them;
|
||||||
|
@ -57,7 +59,7 @@ pub fn handshake_init_to(session: &mut HandshakeState) -> Result<[u8; 148], Nois
|
||||||
|
|
||||||
session.h = qcrypto_hash_twice(&session.h, &msg.static_pub);
|
session.h = qcrypto_hash_twice(&session.h, &msg.static_pub);
|
||||||
|
|
||||||
let ci_k_pair = qcrypto_hkdf::<2>(&session.ck, qcrypto_dh_longterm(&session.s_priv_me, &session.s_pub_r).as_bytes());
|
let ci_k_pair = qcrypto_hkdf::<2>(&session.ck, qcrypto_dh_longterm(session.s_priv_me, &session.s_pub_r).as_bytes());
|
||||||
session.ck = ci_k_pair[0];
|
session.ck = ci_k_pair[0];
|
||||||
let k = ci_k_pair[1];
|
let k = ci_k_pair[1];
|
||||||
|
|
||||||
|
@ -102,6 +104,7 @@ impl HandshakeInitiatorRaw {
|
||||||
output
|
output
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[allow(clippy::unwrap_used)] // Only used for type conversions in known safe ways
|
||||||
fn from_bytes(bytes: [u8; 148]) -> Self {
|
fn from_bytes(bytes: [u8; 148]) -> Self {
|
||||||
Self {
|
Self {
|
||||||
sender: bytes[4..8].try_into().unwrap(),
|
sender: bytes[4..8].try_into().unwrap(),
|
||||||
|
@ -120,6 +123,7 @@ impl HandshakeInitiatorRaw {
|
||||||
/// # Panics
|
/// # Panics
|
||||||
/// While containing unwraps, this function will never panic.
|
/// While containing unwraps, this function will never panic.
|
||||||
#[allow(clippy::module_name_repetitions)]
|
#[allow(clippy::module_name_repetitions)]
|
||||||
|
#[allow(clippy::unwrap_used)] // Only used for type conversions in known safe ways
|
||||||
pub fn handshake_init_from(session: &mut HandshakeState, packet: [u8; 148]) -> Result<(), NoiseError> {
|
pub fn handshake_init_from(session: &mut HandshakeState, packet: [u8; 148]) -> Result<(), NoiseError> {
|
||||||
let s_pub_i = session.s_pub_them;
|
let s_pub_i = session.s_pub_them;
|
||||||
let s_pub_r = PublicKey::from(session.s_priv_me);
|
let s_pub_r = PublicKey::from(session.s_priv_me);
|
||||||
|
@ -140,7 +144,7 @@ pub fn handshake_init_from(session: &mut HandshakeState, packet: [u8; 148]) -> R
|
||||||
|
|
||||||
let h = qcrypto_hash_twice(&h, &msg.ephemeral);
|
let h = qcrypto_hash_twice(&h, &msg.ephemeral);
|
||||||
|
|
||||||
let ci_k_pair = qcrypto_hkdf::<2>(&ck, qcrypto_dh_longterm(&session.s_priv_me, &eph_pub).as_bytes());
|
let ci_k_pair = qcrypto_hkdf::<2>(&ck, qcrypto_dh_longterm(session.s_priv_me, &eph_pub).as_bytes());
|
||||||
let ck = ci_k_pair[0];
|
let ck = ci_k_pair[0];
|
||||||
let k = ci_k_pair[1];
|
let k = ci_k_pair[1];
|
||||||
|
|
||||||
|
@ -154,7 +158,7 @@ pub fn handshake_init_from(session: &mut HandshakeState, packet: [u8; 148]) -> R
|
||||||
|
|
||||||
let h = qcrypto_hash_twice(&h, &msg.static_pub);
|
let h = qcrypto_hash_twice(&h, &msg.static_pub);
|
||||||
|
|
||||||
let ci_k_pair = qcrypto_hkdf::<2>(&ck, qcrypto_dh_longterm(&session.s_priv_me, &session.s_pub_i).as_bytes());
|
let ci_k_pair = qcrypto_hkdf::<2>(&ck, qcrypto_dh_longterm(session.s_priv_me, &session.s_pub_i).as_bytes());
|
||||||
let ck = ci_k_pair[0];
|
let ck = ci_k_pair[0];
|
||||||
let k = ci_k_pair[1];
|
let k = ci_k_pair[1];
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,10 @@
|
||||||
//! `Noise_IKpsk2` handshake, specifically the way WireGuard defines it
|
//! `Noise_IKpsk2` handshake, specifically the way `WireGuard` defines it
|
||||||
use std::fmt::{Debug, Formatter};
|
use std::fmt::{Debug, Formatter};
|
||||||
|
|
||||||
use rand::rngs::OsRng;
|
use rand::rngs::OsRng;
|
||||||
use tai64::Tai64N;
|
use tai64::Tai64N;
|
||||||
use x25519_dalek::{PublicKey, StaticSecret};
|
use x25519_dalek::{PublicKey, StaticSecret};
|
||||||
|
|
||||||
use crate::qcrypto::timestamp;
|
use crate::qcrypto::timestamp;
|
||||||
|
|
||||||
pub mod initiator;
|
pub mod initiator;
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
//! `Noise_IKpsk2` handshake response packet
|
//! `Noise_IKpsk2` handshake response packet
|
||||||
|
|
||||||
use x25519_dalek::PublicKey;
|
use x25519_dalek::PublicKey;
|
||||||
|
|
||||||
use crate::noise::error::NoiseError;
|
use crate::noise::error::NoiseError;
|
||||||
use crate::noise::handshake::{HandshakeState, needs_cookie};
|
use crate::noise::handshake::{HandshakeState, needs_cookie};
|
||||||
use crate::qcrypto::aead::{qcrypto_aead, qcrypto_aead_decrypt};
|
use crate::qcrypto::aead::{qcrypto_aead, qcrypto_aead_decrypt};
|
||||||
|
@ -14,6 +15,7 @@ use crate::qcrypto::pki::{qcrypto_dh_generate_longterm, qcrypto_dh_longterm};
|
||||||
/// This function will error if an encryption step is unsuccessful
|
/// This function will error if an encryption step is unsuccessful
|
||||||
/// # Panics
|
/// # Panics
|
||||||
/// This function, while containing unwraps, will never panic.
|
/// This function, while containing unwraps, will never panic.
|
||||||
|
#[allow(clippy::unwrap_used)] // Used for known safe type conversions only
|
||||||
pub fn handshake_response_to(session: &mut HandshakeState) -> Result<[u8; 92], NoiseError> {
|
pub fn handshake_response_to(session: &mut HandshakeState) -> Result<[u8; 92], NoiseError> {
|
||||||
let eph_keypair = qcrypto_dh_generate_longterm();
|
let eph_keypair = qcrypto_dh_generate_longterm();
|
||||||
|
|
||||||
|
@ -67,7 +69,7 @@ pub fn handshake_response_from(session: &mut HandshakeState, packet: [u8; 92]) -
|
||||||
let mut h = qcrypto_hash_twice(&session.h, &msg.ephemeral);
|
let mut h = qcrypto_hash_twice(&session.h, &msg.ephemeral);
|
||||||
|
|
||||||
ck = qcrypto_hkdf::<1>(&ck, qcrypto_dh_longterm(&session.e_priv_me, &e_pub_r).as_bytes())[0];
|
ck = qcrypto_hkdf::<1>(&ck, qcrypto_dh_longterm(&session.e_priv_me, &e_pub_r).as_bytes())[0];
|
||||||
ck = qcrypto_hkdf::<1>(&ck, qcrypto_dh_longterm(&session.s_priv_me, &e_pub_r).as_bytes())[0];
|
ck = qcrypto_hkdf::<1>(&ck, qcrypto_dh_longterm(session.s_priv_me, &e_pub_r).as_bytes())[0];
|
||||||
|
|
||||||
let cr_t_k = qcrypto_hkdf::<3>(&ck, &session.q);
|
let cr_t_k = qcrypto_hkdf::<3>(&ck, &session.q);
|
||||||
ck = cr_t_k[0];
|
ck = cr_t_k[0];
|
||||||
|
@ -108,7 +110,7 @@ struct HandshakeResponseRaw {
|
||||||
sender: [u8; 4],
|
sender: [u8; 4],
|
||||||
receiver: [u8; 4],
|
receiver: [u8; 4],
|
||||||
ephemeral: [u8; 32],
|
ephemeral: [u8; 32],
|
||||||
empty: [u8; 0 + 16],
|
empty: [u8; 16],
|
||||||
mac1: [u8; 16],
|
mac1: [u8; 16],
|
||||||
mac2: [u8; 16]
|
mac2: [u8; 16]
|
||||||
}
|
}
|
||||||
|
@ -133,6 +135,7 @@ impl HandshakeResponseRaw {
|
||||||
output_array
|
output_array
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[allow(clippy::unwrap_used)] // Only used for type conversions in known safe ways
|
||||||
fn from_bytes(packet: [u8; 92]) -> Self {
|
fn from_bytes(packet: [u8; 92]) -> Self {
|
||||||
Self {
|
Self {
|
||||||
sender: packet[4..8].try_into().unwrap(),
|
sender: packet[4..8].try_into().unwrap(),
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
#![allow(clippy::unwrap_used)] // this is a test harness, we want to panic
|
||||||
|
|
||||||
use crate::noise::handshake::HandshakeState;
|
use crate::noise::handshake::HandshakeState;
|
||||||
use crate::noise::handshake::initiator::{handshake_init_from, handshake_init_to};
|
use crate::noise::handshake::initiator::{handshake_init_from, handshake_init_to};
|
||||||
use crate::noise::handshake::response::{handshake_response_from, handshake_response_to};
|
use crate::noise::handshake::response::{handshake_response_from, handshake_response_to};
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
//! Contains structs and functions for serializing and deserializing different packets in the Noise_IKpsk2 handshake and data frames
|
//! Contains structs and functions for serializing and deserializing different packets in the `Noise_IKpsk2` handshake and data frames
|
||||||
pub mod handshake;
|
pub mod handshake;
|
||||||
pub mod error;
|
pub mod error;
|
|
@ -1,14 +1,15 @@
|
||||||
//! Various functions for ChaCha20Poly1305 stream ciphers
|
//! Various functions for `ChaCha20Poly1305` stream ciphers
|
||||||
|
|
||||||
use chacha20poly1305::{ChaCha20Poly1305, Error, KeyInit, XChaCha20Poly1305};
|
use chacha20poly1305::{ChaCha20Poly1305, Error, KeyInit, XChaCha20Poly1305};
|
||||||
use chacha20poly1305::aead::{Aead, Payload, Nonce};
|
use chacha20poly1305::aead::{Aead, Nonce, Payload};
|
||||||
|
|
||||||
/// Encrypt the plaintext with the given parameters using ChaCha20Poly1305
|
/// Encrypt the plaintext with the given parameters using `ChaCha20Poly1305`
|
||||||
/// # Errors
|
/// # Errors
|
||||||
/// This function will error if the encryption was unsuccessful
|
/// This function will error if the encryption was unsuccessful
|
||||||
/// # Panics
|
/// # Panics
|
||||||
/// This function, while having an .unwrap() call, will never panic because the key is a fixed, correctly sized array.
|
/// This function, while having an .unwrap() call, will never panic because the key is a fixed, correctly sized array.
|
||||||
#[allow(clippy::module_name_repetitions)]
|
#[allow(clippy::module_name_repetitions)]
|
||||||
|
#[allow(clippy::unwrap_used)] // Safe becuase the key is a fixed size array
|
||||||
pub fn qcrypto_aead(key: &[u8; 32], counter: u64, plaintext: &[u8], authtext: &[u8]) -> Result<Vec<u8>, Error> {
|
pub fn qcrypto_aead(key: &[u8; 32], counter: u64, plaintext: &[u8], authtext: &[u8]) -> Result<Vec<u8>, Error> {
|
||||||
let cipher = ChaCha20Poly1305::new_from_slice(key).unwrap();
|
let cipher = ChaCha20Poly1305::new_from_slice(key).unwrap();
|
||||||
let mut nonce_bytes = [0u8; 12];
|
let mut nonce_bytes = [0u8; 12];
|
||||||
|
@ -19,11 +20,12 @@ pub fn qcrypto_aead(key: &[u8; 32], counter: u64, plaintext: &[u8], authtext: &[
|
||||||
cipher.encrypt(&Nonce::<ChaCha20Poly1305>::from(nonce_bytes), payload)
|
cipher.encrypt(&Nonce::<ChaCha20Poly1305>::from(nonce_bytes), payload)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Decrypt the ciphertext with the given parameters using ChaCha20Poly1305
|
/// Decrypt the ciphertext with the given parameters using `ChaCha20Poly1305`
|
||||||
/// # Errors
|
/// # Errors
|
||||||
/// This function will error if the decryption was unsuccessful
|
/// This function will error if the decryption was unsuccessful
|
||||||
/// # Panics
|
/// # Panics
|
||||||
/// This function, while having an .unwrap() call, will never panic because the key is a fixed, correctly sized array.
|
/// This function, while having an .unwrap() call, will never panic because the key is a fixed, correctly sized array.
|
||||||
|
#[allow(clippy::unwrap_used)] // Safe becuase the key is a fixed size array
|
||||||
pub fn qcrypto_aead_decrypt(key: &[u8; 32], counter: u64, ciphertext: &[u8], authtext: &[u8]) -> Result<Vec<u8>, Error> {
|
pub fn qcrypto_aead_decrypt(key: &[u8; 32], counter: u64, ciphertext: &[u8], authtext: &[u8]) -> Result<Vec<u8>, Error> {
|
||||||
let cipher = ChaCha20Poly1305::new_from_slice(key).unwrap();
|
let cipher = ChaCha20Poly1305::new_from_slice(key).unwrap();
|
||||||
let mut nonce_bytes = [0u8; 12];
|
let mut nonce_bytes = [0u8; 12];
|
||||||
|
@ -34,11 +36,12 @@ pub fn qcrypto_aead_decrypt(key: &[u8; 32], counter: u64, ciphertext: &[u8], aut
|
||||||
cipher.decrypt(&Nonce::<ChaCha20Poly1305>::from(nonce_bytes), payload)
|
cipher.decrypt(&Nonce::<ChaCha20Poly1305>::from(nonce_bytes), payload)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Encrypt the ciphertext with the given parameters using XChaCha20Poly1305
|
/// Encrypt the ciphertext with the given parameters using `XChaCha20Poly1305`
|
||||||
/// # Errors
|
/// # Errors
|
||||||
/// This function will error if the decryption was unsuccessful
|
/// This function will error if the decryption was unsuccessful
|
||||||
/// # Panics
|
/// # Panics
|
||||||
/// This function, while having an .unwrap() call, will never panic because the key is a fixed, correctly sized array.
|
/// This function, while having an .unwrap() call, will never panic because the key is a fixed, correctly sized array.
|
||||||
|
#[allow(clippy::unwrap_used)] // Safe becuase the key is a fixed size array
|
||||||
pub fn qcrypto_xaead(key: &[u8; 32], nonce: &[u8; 24], plaintext: &[u8], authtext: &[u8]) -> Result<Vec<u8>, Error> {
|
pub fn qcrypto_xaead(key: &[u8; 32], nonce: &[u8; 24], plaintext: &[u8], authtext: &[u8]) -> Result<Vec<u8>, Error> {
|
||||||
let cipher = XChaCha20Poly1305::new_from_slice(key).unwrap();
|
let cipher = XChaCha20Poly1305::new_from_slice(key).unwrap();
|
||||||
let mut payload = Payload::from(plaintext);
|
let mut payload = Payload::from(plaintext);
|
||||||
|
@ -47,11 +50,12 @@ pub fn qcrypto_xaead(key: &[u8; 32], nonce: &[u8; 24], plaintext: &[u8], authtex
|
||||||
cipher.encrypt(Nonce::<XChaCha20Poly1305>::from_slice(nonce), payload)
|
cipher.encrypt(Nonce::<XChaCha20Poly1305>::from_slice(nonce), payload)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Decrypt the ciphertext with the given parameters using XChaCha20Poly1305
|
/// Decrypt the ciphertext with the given parameters using `XChaCha20Poly1305`
|
||||||
/// # Errors
|
/// # Errors
|
||||||
/// This function will error if the decryption was unsuccessful
|
/// This function will error if the decryption was unsuccessful
|
||||||
/// # Panics
|
/// # Panics
|
||||||
/// This function, while having an .unwrap() call, will never panic because the key is a fixed, correctly sized array.
|
/// This function, while having an .unwrap() call, will never panic because the key is a fixed, correctly sized array.
|
||||||
|
#[allow(clippy::unwrap_used)] // Safe becuase the key is a fixed size array
|
||||||
pub fn qcrypto_xaead_decrypt(key: &[u8; 32], nonce: &[u8; 24], ciphertext: &[u8], authtext: &[u8]) -> Result<Vec<u8>, Error> {
|
pub fn qcrypto_xaead_decrypt(key: &[u8; 32], nonce: &[u8; 24], ciphertext: &[u8], authtext: &[u8]) -> Result<Vec<u8>, Error> {
|
||||||
let cipher = XChaCha20Poly1305::new_from_slice(key).unwrap();
|
let cipher = XChaCha20Poly1305::new_from_slice(key).unwrap();
|
||||||
let mut payload = Payload::from(ciphertext);
|
let mut payload = Payload::from(ciphertext);
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
//! Various hash functions
|
//! Various hash functions
|
||||||
|
|
||||||
use blake2::{Blake2s256, Blake2sMac, Digest};
|
use blake2::{Blake2s256, Blake2sMac, Digest};
|
||||||
use blake2::digest::{KeyInit, FixedOutput, Update};
|
use blake2::digest::{FixedOutput, KeyInit, Update};
|
||||||
use hmac::SimpleHmac;
|
use hmac::SimpleHmac;
|
||||||
|
|
||||||
type HmacBlake2s = SimpleHmac<Blake2s256>;
|
type HmacBlake2s = SimpleHmac<Blake2s256>;
|
||||||
|
@ -24,6 +24,7 @@ pub fn qcrypto_hash_twice(input: &[u8], input2: &[u8]) -> [u8; 32] {
|
||||||
/// Given a varied length MAC key and a varied length input, produce a 16-byte MAC digest using Blake2s
|
/// Given a varied length MAC key and a varied length input, produce a 16-byte MAC digest using Blake2s
|
||||||
/// # Panics
|
/// # Panics
|
||||||
/// This function will panic if the key is an incorrect size.
|
/// This function will panic if the key is an incorrect size.
|
||||||
|
#[allow(clippy::unwrap_used)] // Safe because a panic indicates a bug in quicktap
|
||||||
pub fn qcrypto_mac(key: &[u8], input: &[u8]) -> [u8; 16] {
|
pub fn qcrypto_mac(key: &[u8], input: &[u8]) -> [u8; 16] {
|
||||||
let mut hasher = Blake2sMac::new_from_slice(key).unwrap();
|
let mut hasher = Blake2sMac::new_from_slice(key).unwrap();
|
||||||
hasher.update(input);
|
hasher.update(input);
|
||||||
|
@ -33,6 +34,7 @@ pub fn qcrypto_mac(key: &[u8], input: &[u8]) -> [u8; 16] {
|
||||||
/// Given a varied length HMAC key and a varied length input, produce a 32-byte HMAC digest using Blake2s
|
/// Given a varied length HMAC key and a varied length input, produce a 32-byte HMAC digest using Blake2s
|
||||||
/// # Panics
|
/// # Panics
|
||||||
/// This function will panic if the key is an incorrect size.
|
/// This function will panic if the key is an incorrect size.
|
||||||
|
#[allow(clippy::unwrap_used)] // Safe because a panic indicates a bug in quicktap
|
||||||
pub fn qcrypto_hmac(key: &[u8], input: &[u8]) -> [u8; 32] {
|
pub fn qcrypto_hmac(key: &[u8], input: &[u8]) -> [u8; 32] {
|
||||||
let mut hasher = HmacBlake2s::new_from_slice(key).unwrap();
|
let mut hasher = HmacBlake2s::new_from_slice(key).unwrap();
|
||||||
Update::update(&mut hasher, input);
|
Update::update(&mut hasher, input);
|
||||||
|
@ -43,6 +45,7 @@ pub fn qcrypto_hmac(key: &[u8], input: &[u8]) -> [u8; 32] {
|
||||||
/// This does essentially the same thing as concatenating input2 to input and calling `qcrypto_hmac` on that.
|
/// This does essentially the same thing as concatenating input2 to input and calling `qcrypto_hmac` on that.
|
||||||
/// # Panics
|
/// # Panics
|
||||||
/// This function will panic if the key is an incorrect size.
|
/// This function will panic if the key is an incorrect size.
|
||||||
|
#[allow(clippy::unwrap_used)] // Safe because a panic indicates a bug in quicktap
|
||||||
pub fn qcrypto_hmac_twice(key: &[u8], input: &[u8], input2: &[u8]) -> [u8; 32] {
|
pub fn qcrypto_hmac_twice(key: &[u8], input: &[u8], input2: &[u8]) -> [u8; 32] {
|
||||||
let mut hasher = HmacBlake2s::new_from_slice(key).unwrap();
|
let mut hasher = HmacBlake2s::new_from_slice(key).unwrap();
|
||||||
Update::update(&mut hasher, input);
|
Update::update(&mut hasher, input);
|
||||||
|
|
|
@ -17,7 +17,7 @@ pub fn timestamp() -> Tai64N {
|
||||||
|
|
||||||
/// The cryptography handshake construction identifier
|
/// The cryptography handshake construction identifier
|
||||||
pub const CONSTURCTION: &str = "Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s";
|
pub const CONSTURCTION: &str = "Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s";
|
||||||
/// The WireGuard protocol identifier
|
/// The `WireGuard` protocol identifier
|
||||||
pub const IDENTIFIER: &str = "WireGuard v1 zx2c4 Jason@zx2c4.com";
|
pub const IDENTIFIER: &str = "WireGuard v1 zx2c4 Jason@zx2c4.com";
|
||||||
/// The MAC1 cookie label
|
/// The MAC1 cookie label
|
||||||
pub const LABEL_MAC1: &str = "mac1----";
|
pub const LABEL_MAC1: &str = "mac1----";
|
||||||
|
|
|
@ -1,10 +1,13 @@
|
||||||
|
#![allow(clippy::unwrap_used)] // we want to panic, this is a test file
|
||||||
|
|
||||||
use hex_lit::hex;
|
use hex_lit::hex;
|
||||||
use x25519_dalek::{PublicKey};
|
use x25519_dalek::PublicKey;
|
||||||
use crate::qcrypto::aead::{qcrypto_aead, qcrypto_aead_decrypt, qcrypto_xaead, qcrypto_xaead_decrypt};
|
|
||||||
use crate::qcrypto::{CONSTURCTION, IDENTIFIER};
|
use crate::qcrypto::{CONSTURCTION, IDENTIFIER};
|
||||||
|
use crate::qcrypto::aead::{qcrypto_aead, qcrypto_aead_decrypt, qcrypto_xaead, qcrypto_xaead_decrypt};
|
||||||
use crate::qcrypto::hashes::{qcrypto_hash, qcrypto_hash_twice, qcrypto_hmac, qcrypto_mac};
|
use crate::qcrypto::hashes::{qcrypto_hash, qcrypto_hash_twice, qcrypto_hmac, qcrypto_mac};
|
||||||
use crate::qcrypto::hkdf::qcrypto_hkdf;
|
use crate::qcrypto::hkdf::qcrypto_hkdf;
|
||||||
use crate::qcrypto::pki::{qcrypto_dh_longterm, qcrypto_dh_generate_longterm};
|
use crate::qcrypto::pki::{qcrypto_dh_generate_longterm, qcrypto_dh_longterm};
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn qcrypto_hash_test() {
|
fn qcrypto_hash_test() {
|
||||||
|
|
Loading…
Reference in New Issue