use crate::rand;
use crate::server::ProducesTickets;
use crate::Error;
use ring::aead;
use std::mem;
use std::sync::{Arc, Mutex, MutexGuard};
use std::time;
#[derive(Clone, Copy, Debug)]
pub struct TimeBase(time::Duration);
impl TimeBase {
#[inline]
pub fn now() -> Result<Self, time::SystemTimeError> {
Ok(Self(
time::SystemTime::now().duration_since(time::UNIX_EPOCH)?,
))
}
#[inline]
pub fn as_secs(&self) -> u64 {
self.0.as_secs()
}
}
struct AeadTicketer {
alg: &'static aead::Algorithm,
key: aead::LessSafeKey,
lifetime: u32,
}
impl AeadTicketer {
fn new() -> Result<Self, rand::GetRandomFailed> {
let mut key = [0u8; 32];
rand::fill_random(&mut key)?;
let alg = &aead::CHACHA20_POLY1305;
let key = aead::UnboundKey::new(alg, &key).unwrap();
Ok(Self {
alg,
key: aead::LessSafeKey::new(key),
lifetime: 60 * 60 * 12,
})
}
}
impl ProducesTickets for AeadTicketer {
fn enabled(&self) -> bool {
true
}
fn lifetime(&self) -> u32 {
self.lifetime
}
fn encrypt(&self, message: &[u8]) -> Option<Vec<u8>> {
let mut nonce_buf = [0u8; 12];
rand::fill_random(&mut nonce_buf).ok()?;
let nonce = ring::aead::Nonce::assume_unique_for_key(nonce_buf);
let aad = ring::aead::Aad::empty();
let mut ciphertext =
Vec::with_capacity(nonce_buf.len() + message.len() + self.key.algorithm().tag_len());
ciphertext.extend(nonce_buf);
ciphertext.extend(message);
self.key
.seal_in_place_separate_tag(nonce, aad, &mut ciphertext[nonce_buf.len()..])
.map(|tag| {
ciphertext.extend(tag.as_ref());
ciphertext
})
.ok()
}
fn decrypt(&self, ciphertext: &[u8]) -> Option<Vec<u8>> {
let nonce = ciphertext.get(..self.alg.nonce_len())?;
let ciphertext = ciphertext.get(nonce.len()..)?;
let nonce = ring::aead::Nonce::try_assume_unique_for_key(nonce).ok()?;
let mut out = Vec::from(ciphertext);
let plain_len = self
.key
.open_in_place(nonce, aead::Aad::empty(), &mut out)
.ok()?
.len();
out.truncate(plain_len);
Some(out)
}
}
struct TicketSwitcherState {
next: Option<Box<dyn ProducesTickets>>,
current: Box<dyn ProducesTickets>,
previous: Option<Box<dyn ProducesTickets>>,
next_switch_time: u64,
}
struct TicketSwitcher {
generator: fn() -> Result<Box<dyn ProducesTickets>, rand::GetRandomFailed>,
lifetime: u32,
state: Mutex<TicketSwitcherState>,
}
impl TicketSwitcher {
fn new(
lifetime: u32,
generator: fn() -> Result<Box<dyn ProducesTickets>, rand::GetRandomFailed>,
) -> Result<Self, Error> {
let now = TimeBase::now()?;
Ok(Self {
generator,
lifetime,
state: Mutex::new(TicketSwitcherState {
next: Some(generator()?),
current: generator()?,
previous: None,
next_switch_time: now
.as_secs()
.saturating_add(u64::from(lifetime)),
}),
})
}
fn maybe_roll(&self, now: TimeBase) -> Option<MutexGuard<TicketSwitcherState>> {
let now = now.as_secs();
let mut are_recovering = false; {
let mut state = self.state.lock().ok()?;
if now <= state.next_switch_time {
return Some(state);
}
if let Some(next) = state.next.take() {
state.previous = Some(mem::replace(&mut state.current, next));
state.next_switch_time = now.saturating_add(u64::from(self.lifetime));
} else {
are_recovering = true;
}
}
let next = (self.generator)().ok()?;
if !are_recovering {
let mut state = self.state.lock().ok()?;
state.next = Some(next);
Some(state)
} else {
let new_current = (self.generator)().ok()?;
let mut state = self.state.lock().ok()?;
state.next = Some(next);
if now > state.next_switch_time {
state.previous = Some(mem::replace(&mut state.current, new_current));
state.next_switch_time = now.saturating_add(u64::from(self.lifetime));
}
Some(state)
}
}
}
impl ProducesTickets for TicketSwitcher {
fn lifetime(&self) -> u32 {
self.lifetime * 2
}
fn enabled(&self) -> bool {
true
}
fn encrypt(&self, message: &[u8]) -> Option<Vec<u8>> {
let state = self.maybe_roll(TimeBase::now().ok()?)?;
state.current.encrypt(message)
}
fn decrypt(&self, ciphertext: &[u8]) -> Option<Vec<u8>> {
let state = self.maybe_roll(TimeBase::now().ok()?)?;
state
.current
.decrypt(ciphertext)
.or_else(|| {
state
.previous
.as_ref()
.and_then(|previous| previous.decrypt(ciphertext))
})
}
}
pub struct Ticketer {}
fn generate_inner() -> Result<Box<dyn ProducesTickets>, rand::GetRandomFailed> {
Ok(Box::new(AeadTicketer::new()?))
}
impl Ticketer {
pub fn new() -> Result<Arc<dyn ProducesTickets>, Error> {
Ok(Arc::new(TicketSwitcher::new(6 * 60 * 60, generate_inner)?))
}
}
#[test]
fn basic_pairwise_test() {
let t = Ticketer::new().unwrap();
assert!(t.enabled());
let cipher = t.encrypt(b"hello world").unwrap();
let plain = t.decrypt(&cipher).unwrap();
assert_eq!(plain, b"hello world");
}
#[test]
fn ticketswitcher_switching_test() {
let t = Arc::new(TicketSwitcher::new(1, generate_inner).unwrap());
let now = TimeBase::now().unwrap();
let cipher1 = t.encrypt(b"ticket 1").unwrap();
assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1");
{
t.maybe_roll(TimeBase(now.0 + std::time::Duration::from_secs(10)));
}
let cipher2 = t.encrypt(b"ticket 2").unwrap();
assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1");
assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2");
{
t.maybe_roll(TimeBase(now.0 + std::time::Duration::from_secs(20)));
}
let cipher3 = t.encrypt(b"ticket 3").unwrap();
assert!(t.decrypt(&cipher1).is_none());
assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2");
assert_eq!(t.decrypt(&cipher3).unwrap(), b"ticket 3");
}
#[cfg(test)]
fn fail_generator() -> Result<Box<dyn ProducesTickets>, rand::GetRandomFailed> {
Err(rand::GetRandomFailed)
}
#[test]
fn ticketswitcher_recover_test() {
let mut t = TicketSwitcher::new(1, generate_inner).unwrap();
let now = TimeBase::now().unwrap();
let cipher1 = t.encrypt(b"ticket 1").unwrap();
assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1");
t.generator = fail_generator;
{
t.maybe_roll(TimeBase(now.0 + std::time::Duration::from_secs(10)));
}
t.generator = generate_inner;
let cipher2 = t.encrypt(b"ticket 2").unwrap();
assert_eq!(t.decrypt(&cipher1).unwrap(), b"ticket 1");
assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2");
{
t.maybe_roll(TimeBase(now.0 + std::time::Duration::from_secs(20)));
}
let cipher3 = t.encrypt(b"ticket 3").unwrap();
assert!(t.decrypt(&cipher1).is_none());
assert_eq!(t.decrypt(&cipher2).unwrap(), b"ticket 2");
assert_eq!(t.decrypt(&cipher3).unwrap(), b"ticket 3");
}