Improved error messages for `set_encrypted_read()` and `exchange()`.

Fortune for rsh's current commit: Future small blessing − 末小吉
3 years ago · b6b3bb0fd5
parent 087a076b40
commit b6b3bb0fd5
5 changed files with 128 additions and 22 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -185,10 +185,11 @@ dependencies = [
 [[package]]
 name = "cryptohelpers"
-version = "1.8.1"
+version = "1.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "14be74ce15793a86acd04872953368ce27d07f384f07b8028bd5aaa31a031a38"
+checksum = "9143447fb393f8d38abbb617af9b986a0941785ddc63685bd8de735fb31bcafc"
 dependencies = [
 "base64 0.13.0",
 "crc",
 "futures",
 "getrandom 0.1.16",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -11,7 +11,7 @@ base64 = "0.13.0"
 bytes = { version = "1.0.1", features = ["serde"] }
 chacha20stream = { version = "2.1.0", features = ["async", "serde"] }
 color-eyre = "0.5.11"
-cryptohelpers = { version = "1.8.1" , features = ["serialise", "full"] }
+cryptohelpers = { version = "1.8.2" , features = ["serialise", "full"] }
 futures = "0.3.16"
 mopa = "0.2.2"
 pin-project = "1.0.8"
--- a/src/ext/base64.rs
+++ b/src/ext/base64.rs
@ -0,0 +1,15 @@
 //! Base64 formatting extensions
 use super::*;
 pub trait Base64StringExt
 {
    fn to_base64_string(&self) -> String;
 }
 impl<T: ?Sized> Base64StringExt for T
 where T: AsRef<[u8]>
 {
    fn to_base64_string(&self) -> String {
 	::base64::encode(self.as_ref())
    }
 }
--- a/src/ext/mod.rs
+++ b/src/ext/mod.rs
@ -10,6 +10,9 @@ pub use alloc::*;
 mod hex;
 pub use hex::*;
 mod base64;
 pub use self::base64::*;
 /// A maybe-atom that can spill into a vector.
 pub type MaybeVec<T> = SmallVec<[T; 1]>;
--- a/src/sock/enc.rs
+++ b/src/sock/enc.rs
@ -56,12 +56,44 @@ struct ESockInfo {
    them: Option<RsaPublicKey>,
 }
-#[derive(Debug)]
+impl ESockInfo
 {
    /// Generate a new private key
    pub fn new(us: impl Into<RsaPrivateKey>) -> Self
    {
 	Self {
 	    us: us.into(),
 	    them: None,
 	}
    }
    /// Generate a new private key for the local endpoint
    pub fn generate() -> Result<Self, rsa::Error>
    {
 	Ok(Self::new(RsaPrivateKey::generate()?))
    }
 }
 /// The encryption state of the Tx and Rx instances.
 #[derive(Debug, PartialEq, Eq, PartialOrd, Ord, Hash, Clone)]
 struct ESockState {
    encr: bool,
    encw: bool,
 }
 impl Default for ESockState
 {
    #[inline]
    fn default() -> Self
    {
 	Self {
 	    encr: false,
 	    encw: false,
 	}
    }
 }
 /// Contains a cc20 Key and IV that can be serialized and then encrypted
 #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
 struct ESockSessionKey
@ -188,16 +220,42 @@ impl<W: AsyncWrite, R: AsyncRead> ESock<W, R>
 impl<W: AsyncWrite+ Unpin, R: AsyncRead + Unpin> ESock<W, R>
 {
    /// Get the Tx and Rx of the stream.
    ///
    /// # Returns
    /// Returns encrypted stream halfs if the stream is encrypted, unencrypted if not.
    pub fn stream(&mut self) -> (&mut (dyn AsyncWrite + Unpin + '_), &mut (dyn AsyncRead + Unpin + '_))
    {
 	(if self.state.encw {
 	    &mut self.tx
 	} else {
 	    self.tx.inner_mut()
 	}, if self.state.encr {
 	    &mut self.rx
 	} else {
 	    self.rx.inner_mut()
 	})
    }
    /// Enable write encryption
    pub async fn set_encrypted_write(&mut self, set: bool) -> eyre::Result<()>
    {
 	use tokio::prelude::*;
 	if set {
 	    let session_key = ESockSessionKey::generate();
-	    let data = session_key.to_ciphertext(self.info.them.as_ref().expect("Cannot set encrypted write when keys have not been exchanged"))?;
+	    let data = {
-	    let crypter = session_key.to_encrypter()?;
+		let them = self.info.them.as_ref().expect("Cannot set encrypted write when keys have not been exchanged");
 		session_key.to_ciphertext(them)
 		    .wrap_err(eyre!("Failed to encrypt session key with foreign endpoint's key"))
 		    .with_section(|| session_key.to_string().header("Session key was"))
 		    .with_section(|| them.to_string().header("Foreign pubkey was"))?
 	    };
 	    let crypter = session_key.to_encrypter()
 		.wrap_err(eyre!("Failed to create encryption device from session key for Tx"))
 		.with_section(|| session_key.to_string().header("Session key was"))?;
 	    // Send rsa `data` over unencrypted endpoint
-	    self.unencrypted().0.write_all(&data[..]).await?;
+	    self.unencrypted().0.write_all(&data[..]).await
 		.wrap_err(eyre!("Failed to write ciphertext to endpoint"))
 		.with_section(|| data.to_base64_string().header("Ciphertext of session key was"))?;
 	    // Set crypter of `tx` to `session_key`.
 	    *self.tx.crypter_mut() = crypter;
 	    // Set `encw` to true
@ -218,11 +276,17 @@ impl<W: AsyncWrite+ Unpin, R: AsyncRead + Unpin> ESock<W, R>
 	if set {
 	    let mut data = [0u8; RSA_CIPHERTEXT_SIZE];
 	    // Read `data` from unencrypted endpoint
-	    self.unencrypted().1.read_exact(&mut data[..]).await?;
+	    self.unencrypted().1.read_exact(&mut data[..]).await
 		.wrap_err(eyre!("Failed to read ciphertext from endpoint"))?;
 	    // Decrypt `data`
-	    let session_key = ESockSessionKey::from_ciphertext(&data, &self.info.us)?;
+	    let session_key = ESockSessionKey::from_ciphertext(&data, &self.info.us)
 		.wrap_err(eyre!("Failed to decrypt session key from ciphertext"))
 		.with_section(|| data.to_base64_string().header("Ciphertext was"))
 		.with_section(|| self.info.us.to_string().header("Our RSA key is"))?;
 	    // Set crypter of `rx` to `session_key`.
-	    *self.rx.crypter_mut() = session_key.to_decrypter()?;
+	    *self.rx.crypter_mut() = session_key.to_decrypter()
 		.wrap_err(eyre!("Failed to create decryption device from session key for Rx"))
 		.with_section(|| session_key.to_string().header("Decrypted session key was"))?;
 	    // Set `encr` to true
 	    self.state.encr = true;
 	    Ok(())
@ -255,17 +319,29 @@ impl<W: AsyncWrite+ Unpin, R: AsyncRead + Unpin> ESock<W, R>
 		// Read the public key from `rx`.
 		//TODO: Find pubkey max size.
 		let mut sz_buf = [0u8; std::mem::size_of::<u64>()];
-		rx.read_exact(&mut sz_buf[..]).await?;
+		rx.read_exact(&mut sz_buf[..]).await
-		let sz= match usize::try_from(u64::from_be_bytes(sz_buf))? {
+		    .wrap_err(eyre!("Failed to read size of pubkey form endpoint"))?;
-		    x if x > TRANS_KEY_MAX_SIZE => return Err(eyre!("Recv'd key size exceeded max")),
+		let sz64 = u64::from_be_bytes(sz_buf);
-		    x => x
+		let sz= match usize::try_from(sz64)
-		};
+		    .wrap_err(eyre!("Read size could not fit into u64"))
 		    .with_section(|| format!("{:?}", sz_buf).header("Read buffer was"))
 		    .with_section(|| u64::from_be_bytes(sz_buf).header("64=bit size value was"))
 		    .with_warning(|| "This should not happen, it is only possible when you are running a machine with a pointer size lower than 64 bits.")
 		    .with_suggestion(|| "The message is likely malformed. If it is not, then you are communicating with an endpoint of 64 bits whereas your pointer size is far less.")? {
 			x if x > TRANS_KEY_MAX_SIZE => return Err(eyre!("Recv'd key size exceeded max acceptable key buffer size")),
 			x => x
 		    };
 		let mut key_bytes = Vec::with_capacity(sz);
-		tokio::io::copy(&mut rx.take(sz as u64), &mut key_bytes).await?;
+		tokio::io::copy(&mut rx.take(sz64), &mut key_bytes).await
 		    .wrap_err("Failed to read key bytes into buffer")
 		    .with_section(move || sz64.header("Pubkey size to read was"))?;
 		if key_bytes.len() != sz {
 		    return Err(eyre!("Could not read required bytes"));
 		}
-		let k = RsaPublicKey::from_bytes(key_bytes)?;
+		let k = RsaPublicKey::from_bytes(&key_bytes)
 		    .wrap_err("Failed to construct RSA public key from read bytes")
 		    .with_section(|| sz.header("Pubkey size was"))
 		    .with_section(move || key_bytes.to_base64_string().header("Pubkey bytes were"))?;
 		Result::<RsaPublicKey, eyre::Report>::Ok(k)
 	    }
@ -273,16 +349,27 @@ impl<W: AsyncWrite+ Unpin, R: AsyncRead + Unpin> ESock<W, R>
 	let write_fut = {
 	    let key_bytes = our_key.to_bytes();
 	    assert!(key_bytes.len() <= TRANS_KEY_MAX_SIZE);
-	    let sz_buf = u64::try_from(key_bytes.len())?.to_be_bytes();
+	    let sz64 = u64::try_from(key_bytes.len())
 		.wrap_err(eyre!("Size of our pubkey could not fit into u64"))
 		.with_section(|| key_bytes.len().header("Size was"))
 		.with_warning(|| "This should not happen, it is only possible when you are running a machine with a pointer size larger than 64 bits.")
 		.with_warning(|| "There was likely internal memory corruption.")?;
 	    let sz_buf = sz64.to_be_bytes();
 	    async move {
-		tx.write_all(&sz_buf[..]).await?;
+		tx.write_all(&sz_buf[..]).await
-		tx.write_all(&key_bytes[..]).await?;
+		    .wrap_err(eyre!("Failed to write key size"))
 		    .with_section(|| sz64.header("Key size bytes were"))
 		    .with_section(|| format!("{:?}", sz_buf).header("Key size bytes (BE) were"))?;
 		tx.write_all(&key_bytes[..]).await
 		    .wrap_err(eyre!("Failed to write key bytes"))
 		    .with_section(|| sz64.header("Size of key was"))
 		    .with_section(|| key_bytes.to_base64_string().header("Key bytes are"))?;
 		Result::<(), eyre::Report>::Ok(())
 	    }
 	};
 	let (send, recv) = tokio::join! [write_fut, read_fut];
-	send?;
+	send.wrap_err("Failed to send our pubkey")?;
-	let recv = recv?;
+	let recv = recv.wrap_err("Failed to receive foreign pubkey")?;
 	self.info.them = Some(recv);
 	Ok(())
    }