Commit 018e0d14 authored by Jordan Sissel's avatar Jordan Sissel

Make nonce a proper slice, not an array

parent a19c9251
...@@ -53,10 +53,11 @@ module Lumberjack ...@@ -53,10 +53,11 @@ module Lumberjack
end end
def run(&block) def run(&block)
setup_proxy(@context) #setup_proxy(@context)
threads = @options[:workers].times.collect do |i| threads = @options[:workers].times.collect do |i|
Thread.new do Thread.new do
puts "Starting worker #{i}"
run_worker(@context, &block) run_worker(@context, &block)
end end
end end
...@@ -67,7 +68,8 @@ module Lumberjack ...@@ -67,7 +68,8 @@ module Lumberjack
def run_worker(context, &block) def run_worker(context, &block)
socket = context.socket(ZMQ::REP) socket = context.socket(ZMQ::REP)
Stud::try(10.times) do Stud::try(10.times) do
rc = socket.connect(@options[:worker_endpoint]) #rc = socket.connect(@options[:worker_endpoint])
rc = socket.bind(@options[:endpoint])
if rc < 0 if rc < 0
raise "connect to #{@options[:worker_endpoint]} failed" raise "connect to #{@options[:worker_endpoint]} failed"
end end
...@@ -85,25 +87,26 @@ module Lumberjack ...@@ -85,25 +87,26 @@ module Lumberjack
socket.recv_string(ciphertext) socket.recv_string(ciphertext)
# Decrypt # Decrypt
plaintext = @cryptobox.open(nonce, ciphertext) #plaintext = @cryptobox.open(nonce, ciphertext)
# decompress # decompress
inflated = Zlib::Inflate.inflate(plaintext) #inflated = Zlib::Inflate.inflate(plaintext)
# JSON # JSON
events = JSON.parse(inflated) #events = JSON.parse(inflated)
#events.each do |event| #events.each do |event|
#yield event #yield event
#end #end
# TODO(sissel): yield each event # TODO(sissel): yield each event
count += events.count #count += events.count
count += 1
# Reply to acknowledge. # Reply to acknowledge.
# Currently there is no response message to put. # Currently there is no response message to put.
socket.send_string("") socket.send_string("")
if count > 100000 if count > 100
puts :rate => (count / (Time.now - start)) puts :rate => (count / (Time.now - start))
count = 0 count = 0
start = Time.now start = Time.now
...@@ -115,15 +118,15 @@ end # module Lumberjack ...@@ -115,15 +118,15 @@ end # module Lumberjack
if __FILE__ == $0 if __FILE__ == $0
a = Lumberjack::Server2.new( a = Lumberjack::Server2.new(
:workers => 4, :workers => 1,
:endpoint => "tcp://127.0.0.1:12345", :endpoint => "tcp://127.0.0.1:12345",
:their_public_key => File.read("../../nacl.public").force_encoding("BINARY"), :their_public_key => File.read("../../nacl.public").force_encoding("BINARY"),
:my_secret_key => File.read("../../nacl.secret").force_encoding("BINARY")) :my_secret_key => File.read("../../nacl.secret").force_encoding("BINARY"))
count = 0 count = 0
start = Time.now #start = Time.now
require "thread" #require "thread"
q = Queue.new #q = Queue.new
#q = java.util.concurrent.LinkedBlockingQueue.new #q = java.util.concurrent.LinkedBlockingQueue.new
#Thread.new { a.run { |e| q.put(e) } } #Thread.new { a.run { |e| q.put(e) } }
a.run { |e| } a.run { |e| }
......
...@@ -175,7 +175,7 @@ func Publish(input chan []*FileEvent, ...@@ -175,7 +175,7 @@ func Publish(input chan []*FileEvent,
for events := range input { for events := range input {
// got a bunch of events, ship them out. // got a bunch of events, ship them out.
log.Printf("Publisher received %d events\n", len(events)) //log.Printf("Publisher received %d events\n", len(events))
data, _ := json.Marshal(events) data, _ := json.Marshal(events)
// TODO(sissel): check error // TODO(sissel): check error
...@@ -210,7 +210,7 @@ func Publish(input chan []*FileEvent, ...@@ -210,7 +210,7 @@ func Publish(input chan []*FileEvent,
// Loop forever trying to send. // Loop forever trying to send.
// This will cause reconnects/etc on failures automatically // This will cause reconnects/etc on failures automatically
for { for {
err = socket.Send(nonce[:], zmq.SNDMORE) err = socket.Send(nonce, zmq.SNDMORE)
if err != nil { if err != nil {
continue // send failed, retry! continue // send failed, retry!
} }
......
...@@ -3,23 +3,24 @@ import ( ...@@ -3,23 +3,24 @@ import (
"unsafe" "unsafe"
) )
func RandomNonceStrategy() (func() [crypto_box_NONCEBYTES]byte) { func RandomNonceStrategy() (func() []byte) {
return func () (nonce [crypto_box_NONCEBYTES]byte) { return func () ([]byte) {
var nonce [crypto_box_NONCEBYTES]byte
Randombytes(nonce[:]) Randombytes(nonce[:])
return return nonce[:]
} }
} }
func IncrementalNonceStrategy() (func() [crypto_box_NONCEBYTES]byte) { func IncrementalNonceStrategy() (func() []byte) {
var nonce [crypto_box_NONCEBYTES]byte var nonce [crypto_box_NONCEBYTES]byte
Randombytes(nonce[:]) Randombytes(nonce[:])
// TODO(sissel): Make the high-8 bytes of the nonce based on current time to // TODO(sissel): Make the high-8 bytes of the nonce based on current time to
// help avoid collisions? // help avoid collisions?
return func() ([crypto_box_NONCEBYTES]byte) { return func() ([]byte) {
increment(nonce[:], 1) increment(nonce[:], 1)
return nonce return nonce[:]
} }
} }
......
...@@ -3,7 +3,7 @@ package sodium ...@@ -3,7 +3,7 @@ package sodium
// #cgo pkg-config: sodium // #cgo pkg-config: sodium
import "C" import "C"
import "unsafe" import "unsafe"
//import "fmt" import "fmt"
type Session struct { type Session struct {
// the public key of the agent who is sending you encrypted messages // the public key of the agent who is sending you encrypted messages
...@@ -16,7 +16,7 @@ type Session struct { ...@@ -16,7 +16,7 @@ type Session struct {
k [crypto_box_BEFORENMBYTES]byte k [crypto_box_BEFORENMBYTES]byte
// The nonce generator. // The nonce generator.
Nonce func() [crypto_box_NONCEBYTES]byte Nonce func() []byte
} }
func NewSession(pk [PUBLICKEYBYTES]byte, sk [SECRETKEYBYTES]byte) (s *Session){ func NewSession(pk [PUBLICKEYBYTES]byte, sk [SECRETKEYBYTES]byte) (s *Session){
...@@ -36,11 +36,12 @@ func (s *Session) Precompute() { ...@@ -36,11 +36,12 @@ func (s *Session) Precompute() {
(*C.uchar)(unsafe.Pointer(&s.Secret[0]))) (*C.uchar)(unsafe.Pointer(&s.Secret[0])))
} }
func (s *Session) Box(plaintext []byte) (ciphertext []byte, nonce [crypto_box_NONCEBYTES]byte) { func (s *Session) Box(plaintext []byte) (ciphertext []byte, nonce []byte) {
// XXX: ciphertext needs to be zero-padded at the start for crypto_box_ZEROBYTES // XXX: ciphertext needs to be zero-padded at the start for crypto_box_ZEROBYTES
// ZEROBYTES + len(plaintext) is ciphertext length // ZEROBYTES + len(plaintext) is ciphertext length
ciphertext = make([]byte, crypto_box_ZEROBYTES + len(plaintext)) ciphertext = make([]byte, crypto_box_ZEROBYTES + len(plaintext))
nonce = s.Nonce() nonce = s.Nonce()
m := make([]byte, crypto_box_ZEROBYTES + len(plaintext)) m := make([]byte, crypto_box_ZEROBYTES + len(plaintext))
copy(m[crypto_box_ZEROBYTES:], plaintext) copy(m[crypto_box_ZEROBYTES:], plaintext)
...@@ -52,14 +53,18 @@ func (s *Session) Box(plaintext []byte) (ciphertext []byte, nonce [crypto_box_NO ...@@ -52,14 +53,18 @@ func (s *Session) Box(plaintext []byte) (ciphertext []byte, nonce [crypto_box_NO
//fmt.Printf("ciphertext: %v\n", ciphertext) //fmt.Printf("ciphertext: %v\n", ciphertext)
//fmt.Printf("ciphertext2: %v\n", ciphertext[crypto_box_BOXZEROBYTES:]) //fmt.Printf("ciphertext2: %v\n", ciphertext[crypto_box_BOXZEROBYTES:])
return ciphertext[crypto_box_BOXZEROBYTES:], nonce return ciphertext[crypto_box_BOXZEROBYTES:], nonce[:]
} }
func (s *Session) Open(nonce [crypto_box_NONCEBYTES]byte, ciphertext []byte) ([]byte) { func (s *Session) Open(nonce []byte, ciphertext []byte) ([]byte) {
// This function assumes the verbatim []byte given by Session.Box() is passed // This function assumes the verbatim []byte given by Session.Box() is passed
m := make([]byte, crypto_box_BOXZEROBYTES + len(ciphertext)) m := make([]byte, crypto_box_BOXZEROBYTES + len(ciphertext))
copy(m[crypto_box_BOXZEROBYTES:], ciphertext) copy(m[crypto_box_BOXZEROBYTES:], ciphertext)
plaintext := make([]byte, len(m)) plaintext := make([]byte, len(m))
if len(nonce) != crypto_box_NONCEBYTES {
panic(fmt.Sprintf("Invalid nonce length (%d). Expected %d\n",
len(nonce), crypto_box_NONCEBYTES))
}
C.crypto_box_curve25519xsalsa20poly1305_ref_open_afternm( C.crypto_box_curve25519xsalsa20poly1305_ref_open_afternm(
(*C.uchar)(unsafe.Pointer(&plaintext[0])), (*C.uchar)(unsafe.Pointer(&plaintext[0])),
......
...@@ -2,6 +2,7 @@ package sodium ...@@ -2,6 +2,7 @@ package sodium
import "fmt" import "fmt"
import "testing" import "testing"
import "bytes"
func ExampleBox() { func ExampleBox() {
pk, sk := CryptoBoxKeypair() pk, sk := CryptoBoxKeypair()
...@@ -30,7 +31,7 @@ func TestNonceGeneration(t *testing.T) { ...@@ -30,7 +31,7 @@ func TestNonceGeneration(t *testing.T) {
_, nonce := s.Box([]byte(original)) _, nonce := s.Box([]byte(original))
_, nonce2 := s.Box([]byte(original)) _, nonce2 := s.Box([]byte(original))
if nonce == nonce2 { if bytes.Equal(nonce, nonce2) {
t.Fatal("Two Box() calls generated the same nonce") t.Fatal("Two Box() calls generated the same nonce")
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment