Make unit tests pass

src/handshake/device.rs

@@ -1,5 +1,6 @@
 use spin::RwLock;
 use std::collections::HashMap;
+use zerocopy::AsBytes;
 
 use rand::prelude::*;
 use rand::rngs::OsRng;
@@ -159,7 +160,16 @@ where
             None => Err(HandshakeError::UnknownPublicKey),
             Some(peer) => {
                 let sender = self.allocate(peer);
-                noise::create_initiation(self, peer, sender)
+
+                let mut msg = Initiation::default();
+
+                noise::create_initiation(self, peer, sender, &mut msg.noise)?;
+
+                // add macs to initation
+
+                peer.macs.generate(msg.noise.as_bytes(), &mut msg.macs);
+
+                Ok(msg.as_bytes().to_owned())
             }
         }
     }
@@ -174,7 +184,7 @@ where
             Some(&TYPE_INITIATION) => {
                 let msg = Initiation::parse(msg)?;
 
-                // check mac footer and ratelimiter
+                // check mac footer and ratelimiter for initiation
 
                 // consume the initiation
                 let (peer, st) = noise::consume_initiation(self, &msg.noise)?;
@@ -182,12 +192,25 @@ where
                 // allocate new index for response
                 let sender = self.allocate(peer);
 
-                // create response (release id on error), TODO: take slice
+                // prepare memory for response, TODO: take slice for zero allocation
                 let mut resp = Response::default();
+
+                // create response (release id on error)
+                let keys =
                     noise::create_response(peer, sender, st, &mut resp.noise).map_err(|e| {
                         self.release(sender);
                         e
-                })
+                    })?;
+
+                // add macs to response
+
+                resp.macs.f_mac1 = [8u8; 16];
+
+                Ok((
+                    peer.identifier,
+                    Some(resp.as_bytes().to_owned()),
+                    Some(keys),
+                ))
             }
             Some(&TYPE_RESPONSE) => {
                 let msg = Response::parse(msg)?;
@@ -297,7 +320,7 @@ mod tests {
 
             let msg1 = dev1.begin(&pk2).unwrap();
 
-            println!("msg1 = {}", hex::encode(&msg1[..]));
+            println!("msg1 = {} : {} bytes", hex::encode(&msg1[..]), msg1.len());
             println!("msg1 = {:?}", Initiation::parse(&msg1[..]).unwrap());
 
             // process initiation and create response
@@ -307,7 +330,7 @@ mod tests {
             let ks_r = ks_r.unwrap();
             let msg2 = msg2.unwrap();
 
-            println!("msg2 = {}", hex::encode(&msg2[..]));
+            println!("msg2 = {} : {} bytes", hex::encode(&msg2[..]), msg2.len());
             println!("msg2 = {:?}", Response::parse(&msg2[..]).unwrap());
 
             assert!(!ks_r.confirmed, "Responders key-pair is confirmed");

src/handshake/macs.rs

@@ -38,14 +38,14 @@ macro_rules! MAC {
     }};
 }
 
-struct Generator {
+pub struct Generator {
     mac1_key: [u8; 32],
     cookie_value: [u8; 16],
     cookie_birth: Option<Instant>, // when was the cookie set?
 }
 
 impl Generator {
-    fn new(pk: PublicKey) -> Generator {
+    pub fn new(pk: PublicKey) -> Generator {
         Generator {
             mac1_key: HASH!(LABEL_MAC1, pk.as_bytes()).into(),
             cookie_value: [0u8; SIZE_COOKIE],
@@ -66,14 +66,11 @@ impl Generator {
         self.cookie_value = *cookie;
     }
 
-    pub fn generate(&self, msg: &[u8]) -> MacsFooter {
+    pub fn generate(&self, inner: &[u8], macs : &mut MacsFooter) {
-        MacsFooter {
+
-            f_mac1: self.mac1(msg),
-            f_mac2: self.mac2(msg),
-        }
     }
 }
 
-struct Validator {}
+pub struct Validator {}
 
 impl Validator {}

src/handshake/messages.rs

@@ -23,21 +23,21 @@ pub const TYPE_COOKIEREPLY: u8 = 3;
 
 /* Handshake messsages */
 
-#[repr(C)]
+#[repr(packed)]
 #[derive(Copy, Clone, FromBytes, AsBytes)]
 pub struct Response {
     pub noise: NoiseResponse, // inner message covered by macs
     pub macs: MacsFooter,
 }
 
-#[repr(C)]
+#[repr(packed)]
 #[derive(Copy, Clone, FromBytes, AsBytes)]
 pub struct Initiation {
     pub noise: NoiseInitiation, // inner message covered by macs
     pub macs: MacsFooter,
 }
 
-#[repr(C)]
+#[repr(packed)]
 #[derive(Copy, Clone, FromBytes, AsBytes)]
 pub struct CookieReply {
     f_type: U32<LittleEndian>,
@@ -49,14 +49,14 @@ pub struct CookieReply {
 
 /* Inner sub-messages */
 
-#[repr(C)]
+#[repr(packed)]
 #[derive(Copy, Clone, FromBytes, AsBytes)]
 pub struct MacsFooter {
     pub f_mac1: [u8; SIZE_MAC],
     pub f_mac2: [u8; SIZE_MAC],
 }
 
-#[repr(C)]
+#[repr(packed)]
 #[derive(Copy, Clone, FromBytes, AsBytes)]
 pub struct NoiseInitiation {
     f_type: U32<LittleEndian>,
@@ -65,17 +65,17 @@ pub struct NoiseInitiation {
     pub f_static: [u8; SIZE_X25519_POINT],
     pub f_static_tag: [u8; SIZE_TAG],
     pub f_timestamp: timestamp::TAI64N,
-    pub f_timestamp_tag: [u8; SIZE_TAG]
+    pub f_timestamp_tag: [u8; SIZE_TAG],
 }
 
-#[repr(C)]
+#[repr(packed)]
 #[derive(Copy, Clone, FromBytes, AsBytes)]
 pub struct NoiseResponse {
     f_type: U32<LittleEndian>,
     pub f_sender: U32<LittleEndian>,
     pub f_receiver: U32<LittleEndian>,
     pub f_ephemeral: [u8; SIZE_X25519_POINT],
-    pub f_empty_tag: [u8; SIZE_TAG]
+    pub f_empty_tag: [u8; SIZE_TAG],
 }
 
 /* Zero copy parsing of handshake messages */
@@ -170,7 +170,7 @@ impl Default for NoiseInitiation {
             f_static: [0u8; SIZE_X25519_POINT],
             f_static_tag: [0u8; SIZE_TAG],
             f_timestamp: timestamp::ZERO,
-            f_timestamp_tag: [0u8; SIZE_TAG]
+            f_timestamp_tag: [0u8; SIZE_TAG],
         }
     }
 }
@@ -206,7 +206,8 @@ impl fmt::Debug for Response {
 #[cfg(test)]
 impl fmt::Debug for CookieReply {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        write!(f,
+        write!(
+            f,
             "CookieReply {{ type = {}, receiver = {}, nonce = {}, cookie = {}|{}  }}",
             self.f_type,
             self.f_receiver,
@@ -250,7 +251,8 @@ impl fmt::Debug for NoiseResponse {
 #[cfg(test)]
 impl fmt::Debug for MacsFooter {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        write!(f,
+        write!(
+            f,
             "Macs {{ mac1 = {}, mac2 = {} }}",
             hex::encode(self.f_mac1),
             hex::encode(self.f_mac2)
@@ -268,7 +270,7 @@ macro_rules! eq_as_bytes {
             }
         }
         impl Eq for $type {}
-    }
+    };
 }
 
 #[cfg(test)]

src/handshake/noise.rs

@@ -15,8 +15,6 @@ use rand::rngs::OsRng;
 use generic_array::typenum::*;
 use generic_array::GenericArray;
 
-use zerocopy::AsBytes;
-
 use super::device::Device;
 use super::messages::{NoiseInitiation, NoiseResponse};
 use super::peer::{Peer, State};
@@ -140,9 +138,9 @@ pub fn create_initiation<T: Copy>(
     device: &Device<T>,
     peer: &Peer<T>,
     sender: u32,
-) -> Result<Vec<u8>, HandshakeError> {
+    msg: &mut NoiseInitiation,
+) -> Result<(), HandshakeError> {
     let mut rng = OsRng::new().unwrap();
-    let mut msg: NoiseInitiation = Default::default();
 
     // initialize state
 
@@ -214,9 +212,7 @@ pub fn create_initiation<T: Copy>(
         sender,
     });
 
-    // return message as vector
+    Ok(())
-
-    Ok(msg.as_bytes().to_vec())
 }
 
 pub fn consume_initiation<'a, T: Copy>(
@@ -294,7 +290,7 @@ pub fn create_response<T: Copy>(
     sender: u32,             // sending identifier
     state: TemporaryState,   // state from "consume_initiation"
     msg: &mut NoiseResponse, // resulting response
-) -> Result<Output<T>, HandshakeError> {
+) -> Result<KeyPair, HandshakeError> {
     let mut rng = OsRng::new().unwrap();
     let (receiver, eph_r_pk, hs, ck) = state;
 
@@ -354,12 +350,9 @@ pub fn create_response<T: Copy>(
 
     let (key_recv, key_send) = KDF2!(&ck, &[]);
 
-    // return response and unconfirmed key-pair
+    // return unconfirmed key-pair
 
-    Ok((
+    Ok(KeyPair {
-        peer.identifier,
-        Some(msg.as_bytes().to_vec()),
-        Some(KeyPair {
         confirmed: false,
         send: Key {
             id: sender,
@@ -369,8 +362,7 @@ pub fn create_response<T: Copy>(
             id: receiver,
             key: key_recv.into(),
         },
-        }),
+    })
-    ))
 }
 
 pub fn consume_response<T: Copy>(

src/handshake/peer.rs

@@ -10,6 +10,7 @@ use x25519_dalek::StaticSecret;
 use super::device::Device;
 use super::timestamp;
 use super::types::*;
+use super::macs;
 
 /* Represents the recomputation and state of a peer.
  *
@@ -24,6 +25,9 @@ pub struct Peer<T> {
     state: Mutex<State>,
     timestamp: Mutex<Option<timestamp::TAI64N>>,
 
+    // state related to DoS mitigation fields
+    pub(crate) macs: macs::Generator,
+
     // constant state
     pub(crate) pk: PublicKey,    // public key of peer
     pub(crate) ss: SharedSecret, // precomputed DH(static, static)
@@ -69,6 +73,7 @@ where
         ss: SharedSecret, // precomputed DH(static, static)
     ) -> Self {
         Self {
+            macs: macs::Generator::new(pk),
             identifier: identifier,
             state: Mutex::new(State::Reset),
             timestamp: Mutex::new(None),