diff --git a/Cargo.toml b/Cargo.toml index 8d5e7fc..1859aa0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "roughenough" -version = "1.3.0-draft8" +version = "1.3.0-draft11" repository = "https://github.com/int08h/roughenough" authors = ["Stuart Stock ", "Aaron Hill "] license = "Apache-2.0" diff --git a/src/bin/roughenough-client.rs b/src/bin/roughenough-client.rs index 5d27df0..4e0ab3d 100644 --- a/src/bin/roughenough-client.rs +++ b/src/bin/roughenough-client.rs @@ -31,12 +31,12 @@ use clap::{App, Arg}; use data_encoding::{Encoding, BASE64, HEXLOWER_PERMISSIVE}; use ring::rand; use ring::rand::SecureRandom; - +use roughenough::key::LongTermKey; use roughenough::merkle::MerkleTree; use roughenough::sign::Verifier; use roughenough::version::Version; use roughenough::{ - roughenough_version, Error, RtMessage, Tag, CERTIFICATE_CONTEXT, RFC_REQUEST_FRAME_BYTES, + roughenough_version, Error, RtMessage, Tag, CERTIFICATE_CONTEXT, REQUEST_FRAMING_BYTES, SIGNED_RESPONSE_CONTEXT, }; @@ -52,7 +52,7 @@ fn create_nonce(ver: Version) -> Nonce { rng.fill(&mut nonce).unwrap(); nonce.to_vec() } - Version::Rfc | Version::RfcDraft8 => { + Version::Rfc | Version::RfcDraft11 => { let mut nonce = [0u8; 32]; rng.fill(&mut nonce).unwrap(); nonce.to_vec() @@ -60,9 +60,14 @@ fn create_nonce(ver: Version) -> Nonce { } } -fn make_request(ver: Version, nonce: &Nonce, text_dump: bool) -> Vec { +fn make_request(ver: Version, nonce: &Nonce, text_dump: bool, pub_key: &Option>) -> Vec { let mut msg = RtMessage::with_capacity(3); + let srv_value = match pub_key { + None => None, + Some(ref pk) => Some(LongTermKey::calc_srv_value(&pk)), + }; + match ver { Version::Classic => { msg.add_field(Tag::NONC, nonce).unwrap(); @@ -81,7 +86,11 @@ fn make_request(ver: Version, nonce: &Nonce, text_dump: bool) -> Vec { msg.encode().unwrap() } - Version::Rfc | Version::RfcDraft8 => { + Version::Rfc | Version::RfcDraft11 => { + if srv_value.is_some() { + let val = srv_value.as_ref().unwrap(); + msg.add_field(Tag::SRV, val).unwrap(); + } msg.add_field(Tag::VER, ver.wire_bytes()).unwrap(); msg.add_field(Tag::NONC, nonce).unwrap(); msg.add_field(Tag::ZZZZ, &[]).unwrap(); @@ -90,6 +99,11 @@ fn make_request(ver: Version, nonce: &Nonce, text_dump: bool) -> Vec { let padding: Vec = (0..padding_needed).map(|_| 0).collect(); msg.clear(); + + if srv_value.is_some() { + let val = srv_value.as_ref().unwrap(); + msg.add_field(Tag::SRV, val).unwrap(); + } msg.add_field(Tag::VER, ver.wire_bytes()).unwrap(); msg.add_field(Tag::NONC, nonce).unwrap(); msg.add_field(Tag::ZZZZ, &padding).unwrap(); @@ -106,7 +120,7 @@ fn make_request(ver: Version, nonce: &Nonce, text_dump: bool) -> Vec { fn receive_response(ver: Version, buf: &[u8], buf_len: usize) -> RtMessage { match ver { Version::Classic => RtMessage::from_bytes(&buf[0..buf_len]).unwrap(), - Version::Rfc | Version::RfcDraft8 => { + Version::Rfc | Version::RfcDraft11 => { verify_framing(&buf).unwrap(); RtMessage::from_bytes(&buf[12..buf_len]).unwrap() } @@ -114,7 +128,7 @@ fn receive_response(ver: Version, buf: &[u8], buf_len: usize) -> RtMessage { } fn verify_framing(buf: &[u8]) -> Result<(), Error> { - if &buf[0..8] != RFC_REQUEST_FRAME_BYTES { + if &buf[0..8] != REQUEST_FRAMING_BYTES { eprintln!("RFC response is missing framing header bytes"); return Err(Error::InvalidResponse); } @@ -146,8 +160,8 @@ fn stress_test_forever(ver: Version, addr: &SocketAddr) -> ! { } else { "0.0.0.0:0" }) - .expect("Couldn't open UDP socket"); - let request = make_request(ver, &nonce, false); + .expect("Couldn't open UDP socket"); + let request = make_request(ver, &nonce, false, &None); loop { socket.send_to(&request, addr).unwrap(); } @@ -262,7 +276,7 @@ impl ResponseHandler { let hash = match self.version { Version::Classic => MerkleTree::new_sha512_classic(), - Version::Rfc | Version::RfcDraft8 => MerkleTree::new_sha512_ietf(), + Version::Rfc | Version::RfcDraft11 => MerkleTree::new_sha512_ietf(), } .root_from_paths(index as usize, &self.nonce, paths); @@ -333,7 +347,7 @@ fn main() { .short("k") .long("public-key") .takes_value(true) - .help("The server public key used to validate responses. If unset, no validation will be performed.")) + .help("The server public key used to validate responses. When set, will add SRV tag to request to bind request to the expected public key. If unset, no validation will be performed.")) .arg(Arg::with_name("time-format") .short("f") .long("time-format") @@ -412,7 +426,7 @@ fn main() { let version = match protocol { 0 => Version::Classic, 1 => Version::Rfc, - 8 => Version::RfcDraft8, + 11 => Version::RfcDraft11, _ => panic!( "Invalid protocol '{}'; valid values are 0, 1, or 8", protocol @@ -438,8 +452,8 @@ fn main() { } else { "0.0.0.0:0" }) - .expect("Couldn't open UDP socket"); - let request = make_request(version, &nonce, text_dump); + .expect("Couldn't open UDP socket"); + let request = make_request(version, &nonce, text_dump, &pub_key); if let Some(f) = file_for_requests.as_mut() { f.write_all(&request).expect("Failed to write to file!") @@ -499,7 +513,7 @@ fn main() { let nsecs = (midpoint - (seconds * 10_u64.pow(6))) * 10_u64.pow(3); (seconds, nsecs as u32) } - Version::Rfc | Version::RfcDraft8 => (midpoint, 0), + Version::Rfc | Version::RfcDraft11 => (midpoint, 0), }; let verify_str = if verified { "Yes" } else { "No" }; diff --git a/src/bin/roughenough-server.rs b/src/bin/roughenough-server.rs index 77ab93a..905f4e3 100644 --- a/src/bin/roughenough-server.rs +++ b/src/bin/roughenough-server.rs @@ -23,16 +23,16 @@ #[macro_use] extern crate log; -use std::{env, io, thread}; use std::process; -use std::sync::{Arc, Mutex}; use std::sync::atomic::{AtomicBool, Ordering}; +use std::sync::{Arc, Mutex}; +use std::{env, io, thread}; use log::LevelFilter; -use mio::Events; use mio::net::UdpSocket; -use net2::UdpBuilder; +use mio::Events; use net2::unix::UnixUdpBuilderExt; +use net2::UdpBuilder; use once_cell::sync::Lazy; use simple_logger::SimpleLogger; diff --git a/src/error.rs b/src/error.rs index 98dca74..01a209c 100644 --- a/src/error.rs +++ b/src/error.rs @@ -38,6 +38,9 @@ pub enum Error { /// Request was less than 1024 bytes RequestTooShort, + /// Request was larger than 1500 bytes + RequestTooLarge, + /// Offset was not 32-bit aligned InvalidAlignment(u32), @@ -64,6 +67,9 @@ pub enum Error { /// Sending response to a client request has failed SendingResponseFailed, + + /// The request's SRV value and this server's SRV value do not match + SrvMismatch, } impl From for Error { diff --git a/src/key/longterm.rs b/src/key/longterm.rs index b333897..0b09fb6 100644 --- a/src/key/longterm.rs +++ b/src/key/longterm.rs @@ -16,26 +16,39 @@ //! Represents the server's long-term identity. //! -use std::fmt; -use std::fmt::Formatter; - use crate::key::OnlineKey; use crate::message::RtMessage; use crate::sign::Signer; use crate::tag::Tag; use crate::CERTIFICATE_CONTEXT; +use ring::digest; +use ring::digest::SHA512; +use std::fmt; +use std::fmt::Formatter; /// /// Represents the server's long-term identity. /// pub struct LongTermKey { signer: Signer, + srv_value: Vec, } impl LongTermKey { + pub fn calc_srv_value(pubkey: &[u8]) -> Vec { + let mut ctx = digest::Context::new(&SHA512); + ctx.update(Tag::HASH_PREFIX_SRV); + ctx.update(pubkey); + ctx.finish().as_ref()[0..32].to_vec() + } + pub fn new(seed: &[u8]) -> Self { + let signer = Signer::from_seed(seed); + let srv_value = LongTermKey::calc_srv_value(signer.public_key_bytes()); + LongTermKey { - signer: Signer::from_seed(seed), + signer, + srv_value, } } @@ -60,6 +73,11 @@ impl LongTermKey { pub fn public_key(&self) -> &[u8] { self.signer.public_key_bytes() } + + /// Return the SRV tag value, which is SHA512[0:32] over (0xff || public key) + pub fn srv_value(&self) -> &[u8] { + self.srv_value.as_ref() + } } impl fmt::Display for LongTermKey { diff --git a/src/key/online.rs b/src/key/online.rs index bc6254c..f018dee 100644 --- a/src/key/online.rs +++ b/src/key/online.rs @@ -80,9 +80,10 @@ impl OnlineKey { let mut radi = [0; 4]; let mut midp = [0; 8]; + // RADI is hard coded at 5 seconds (providing a 10-second measurement window overall) let radi_time = match ver { - Version::Classic => 2_000_000, // two seconds in microseconds - Version::Rfc | Version::RfcDraft8 => 2, // two seconds + Version::Classic => 5_000_000, // five seconds in microseconds + Version::Rfc | Version::RfcDraft11 => 5, // five seconds }; (&mut radi as &mut [u8]) @@ -91,7 +92,7 @@ impl OnlineKey { let midp_time = match ver { Version::Classic => self.classic_midp(now), - Version::Rfc | Version::RfcDraft8 => self.rfc_midp(now), + Version::Rfc | Version::RfcDraft11 => self.rfc_midp(now), }; (&mut midp as &mut [u8]) diff --git a/src/lib.rs b/src/lib.rs index 2a16da2..c711c2a 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -79,7 +79,7 @@ pub mod stats; pub mod version; /// Version of Roughenough -pub const VERSION: &str = "1.3.0-draft8"; +pub const VERSION: &str = "1.3.0-draft11"; /// Roughenough version string enriched with any compile-time optional features pub fn roughenough_version() -> String { @@ -96,24 +96,18 @@ pub fn roughenough_version() -> String { // Constants and magic numbers of the Roughtime protocol -/// Minimum size (in bytes) of a client request -pub const MIN_REQUEST_LENGTH: u32 = 1024; +/// Minimum size (in bytes) of a client request. Any request smaller than is will be dropped. +pub const MIN_REQUEST_LENGTH: usize = 1024; + +/// Maximum size (in bytes) of a client request. Any request larger than is will be dropped. +pub const MAX_REQUEST_LENGTH: usize = 1500; /// Size (in bytes) of seeds used to derive private keys pub const SEED_LENGTH: u32 = 32; -/// Size (in bytes) of an Ed25519 public key -pub const PUBKEY_LENGTH: u32 = 32; - /// Size (in bytes) of an Ed25519 signature pub const SIGNATURE_LENGTH: u32 = 64; -/// Size (in bytes) of server's timestamp value -pub const TIMESTAMP_LENGTH: u32 = 8; - -/// Size (in bytes) of server's time uncertainty value -pub const RADIUS_LENGTH: u32 = 4; - /// Prefixed to the server's certificate before generating or verifying certificate's signature pub const CERTIFICATE_CONTEXT: &str = "RoughTime v1 delegation signature--\x00"; @@ -127,4 +121,4 @@ pub const TREE_LEAF_TWEAK: &[u8] = &[0x00]; pub const TREE_NODE_TWEAK: &[u8] = &[0x01]; /// RFC first field magic value -pub const RFC_REQUEST_FRAME_BYTES: &[u8] = b"ROUGHTIM"; +pub const REQUEST_FRAMING_BYTES: &[u8] = b"ROUGHTIM"; diff --git a/src/merkle.rs b/src/merkle.rs index 67ce263..c83ace9 100644 --- a/src/merkle.rs +++ b/src/merkle.rs @@ -17,7 +17,7 @@ //! use crate::version::Version; -use crate::version::Version::{Classic, Rfc, RfcDraft8}; +use crate::version::Version::{Classic, Rfc, RfcDraft11}; use ring::digest; use super::{TREE_LEAF_TWEAK, TREE_NODE_TWEAK}; @@ -172,7 +172,7 @@ impl MerkleTree { #[inline] fn finalize_output(&self, data: Hash) -> Hash { match self.version { - Rfc | RfcDraft8 => data[0..32].into(), + Rfc | RfcDraft11 => data[0..32].into(), Classic => data, } } diff --git a/src/message.rs b/src/message.rs index d4c9f63..ce34870 100644 --- a/src/message.rs +++ b/src/message.rs @@ -24,7 +24,7 @@ use data_encoding::{Encoding, HEXLOWER_PERMISSIVE}; use crate::error::Error; use crate::tag::Tag; -use crate::RFC_REQUEST_FRAME_BYTES; +use crate::REQUEST_FRAMING_BYTES; const HEX: Encoding = HEXLOWER_PERMISSIVE; @@ -237,8 +237,8 @@ impl RtMessage { /// Encode this message into an on-the-wire representation prefixed with RFC framing. pub fn encode_framed(&self) -> Result, Error> { let encoded = self.encode()?; - let mut frame = Vec::with_capacity(RFC_REQUEST_FRAME_BYTES.len() + 4 + encoded.len()); - frame.write_all(RFC_REQUEST_FRAME_BYTES)?; + let mut frame = Vec::with_capacity(REQUEST_FRAMING_BYTES.len() + 4 + encoded.len()); + frame.write_all(REQUEST_FRAMING_BYTES)?; frame.write_u32::(encoded.len() as u32)?; frame.write_all(&encoded)?; diff --git a/src/request.rs b/src/request.rs index 1d445c3..5d50394 100644 --- a/src/request.rs +++ b/src/request.rs @@ -19,25 +19,27 @@ use std::io::Cursor; use byteorder::{LittleEndian, ReadBytesExt}; use crate::version::Version; -use crate::{Error, RtMessage, Tag, MIN_REQUEST_LENGTH, RFC_REQUEST_FRAME_BYTES}; +use crate::{Error, RtMessage, Tag, MAX_REQUEST_LENGTH, MIN_REQUEST_LENGTH, REQUEST_FRAMING_BYTES}; /// Guess which protocol the request is using and extract the client's nonce from the request -pub fn nonce_from_request(buf: &[u8], num_bytes: usize) -> Result<(Vec, Version), Error> { - if num_bytes < MIN_REQUEST_LENGTH as usize { - return Err(Error::RequestTooShort); +pub fn nonce_from_request(buf: &[u8], num_bytes: usize, expected_srv: &[u8]) -> Result<(Vec, Version), Error> { + if num_bytes < MIN_REQUEST_LENGTH { + return Err(Error::RequestTooShort) + } else if num_bytes > MAX_REQUEST_LENGTH { + return Err(Error::RequestTooLarge) } if is_classic_request(buf) { - return nonce_from_classic_request(&buf[..num_bytes]); + nonce_from_classic_request(&buf[..num_bytes]) } else { - return nonce_from_rfc_request(&buf[..num_bytes]); + nonce_from_rfc_request(&buf[..num_bytes], expected_srv) } } /// Inspect the message in `buf`, if it doesn't start with RFC framing, we guess /// it is a classic request fn is_classic_request(buf: &[u8]) -> bool { - return &buf[0..8] != RFC_REQUEST_FRAME_BYTES; + &buf[0..8] != REQUEST_FRAMING_BYTES } fn nonce_from_classic_request(buf: &[u8]) -> Result<(Vec, Version), Error> { @@ -49,7 +51,7 @@ fn nonce_from_classic_request(buf: &[u8]) -> Result<(Vec, Version), Error> { } // This could be any VER that we support. Extract VER from request and return it. -fn nonce_from_rfc_request(buf: &[u8]) -> Result<(Vec, Version), Error> { +fn nonce_from_rfc_request(buf: &[u8], expected_srv: &[u8]) -> Result<(Vec, Version), Error> { // first 8 bytes were RFC_REQUEST_FRAME_BYTES, [0..8] let mut cur = Cursor::new(&buf[8..12]); let reported_len = cur.read_u32::()?; @@ -62,11 +64,16 @@ fn nonce_from_rfc_request(buf: &[u8]) -> Result<(Vec, Version), Error> { let msg = RtMessage::from_bytes(&buf[12..])?; let version = get_supported_version(&msg); - if version.is_none() { return Err(Error::NoCompatibleVersion); } + if let Some(request_srv) = msg.get_field(Tag::SRV) { + if request_srv != expected_srv { + return Err(Error::SrvMismatch); + } + } + match msg.get_field(Tag::NONC) { Some(nonce) => Ok((nonce.to_vec(), version.unwrap())), None => Err(Error::InvalidRequest), @@ -74,7 +81,7 @@ fn nonce_from_rfc_request(buf: &[u8]) -> Result<(Vec, Version), Error> { } fn get_supported_version(msg: &RtMessage) -> Option { - const SUPPORTED_VERSIONS: &[Version] = &[Version::RfcDraft8, Version::Rfc]; + const SUPPORTED_VERSIONS: &[Version] = &[Version::RfcDraft11, Version::Rfc]; if let Some(tag_bytes) = msg.get_field(Tag::VER) { // Iterate the list of supplied versions, looking for the first match diff --git a/src/responder.rs b/src/responder.rs index f83872c..c3960d4 100644 --- a/src/responder.rs +++ b/src/responder.rs @@ -116,7 +116,7 @@ impl Responder { let resp_bytes = match self.version { Version::Classic => resp_msg.encode().unwrap(), - Version::Rfc | Version::RfcDraft8 => resp_msg.encode_framed().unwrap(), + Version::Rfc | Version::RfcDraft11 => resp_msg.encode_framed().unwrap(), }; let mut bytes_sent: usize = 0; @@ -140,7 +140,7 @@ impl Responder { if successful_send { match self.version { Version::Classic => stats.add_classic_response(&src_addr.ip(), bytes_sent), - Version::Rfc | Version::RfcDraft8 => { + Version::Rfc | Version::RfcDraft11 => { stats.add_rfc_response(&src_addr.ip(), bytes_sent) } } diff --git a/src/server.rs b/src/server.rs index 2d0c6e6..1e43971 100644 --- a/src/server.rs +++ b/src/server.rs @@ -22,7 +22,7 @@ use std::net::{IpAddr, Shutdown, SocketAddr}; use std::thread; use std::time::Duration; -use humansize::{BINARY, format_size}; +use humansize::{format_size, BINARY}; use mio::net::{TcpListener, UdpSocket}; use mio::{Events, Poll, PollOpt, Ready, Token}; use mio_extras::timer::Timer; @@ -66,6 +66,7 @@ pub struct Server { responder_classic: Responder, buf: [u8; 65_536], thread_name: String, + srv_value: Vec, stats: Box, @@ -127,13 +128,14 @@ impl Server { }; let responder_rfc = Responder::new(Version::Rfc, config, &mut long_term_key); - let responder_draft = Responder::new(Version::RfcDraft8, config, &mut long_term_key); + let responder_draft = Responder::new(Version::RfcDraft11, config, &mut long_term_key); let responder_classic = Responder::new(Version::Classic, config, &mut long_term_key); let batch_size = config.batch_size(); let status_interval = config.status_interval(); let thread_name = thread::current().name().unwrap().to_string(); let poll_duration = Some(Duration::from_millis(100)); + let srv_value = long_term_key.srv_value().to_vec(); Server { batch_size, @@ -148,6 +150,7 @@ impl Server { responder_classic, buf: [0u8; 65_536], thread_name, + srv_value, stats, #[cfg(fuzzing)] @@ -209,13 +212,13 @@ impl Server { for i in 0..self.batch_size { match self.socket.recv_from(&mut self.buf) { Ok((num_bytes, src_addr)) => { - match request::nonce_from_request(&self.buf, num_bytes) { + match request::nonce_from_request(&self.buf, num_bytes, &self.srv_value) { Ok((nonce, Version::Rfc)) => { self.responder_rfc.add_request(nonce, src_addr); self.stats.add_rfc_request(&src_addr.ip()); } // TODO(stuart) remove when RFC is ratified - Ok((nonce, Version::RfcDraft8)) => { + Ok((nonce, Version::RfcDraft11)) => { self.responder_draft.add_request(nonce, src_addr); // Mismatch of draft responder vs rfc stats is intentional self.stats.add_rfc_request(&src_addr.ip()); @@ -225,7 +228,7 @@ impl Server { self.stats.add_classic_request(&src_addr.ip()); } Err(e) => { - self.stats.add_invalid_request(&src_addr.ip()); + self.stats.add_invalid_request(&src_addr.ip(), &e); debug!( "Invalid request: '{:?}' ({} bytes) from {} (#{} in batch)", diff --git a/src/sign.rs b/src/sign.rs index ed2208a..563db2d 100644 --- a/src/sign.rs +++ b/src/sign.rs @@ -20,9 +20,9 @@ use std::fmt; use std::fmt::Formatter; use data_encoding::{Encoding, HEXLOWER_PERMISSIVE}; -use ring::rand; use ring::rand::SecureRandom; use ring::signature::{self, Ed25519KeyPair, KeyPair}; +use ring::rand; const HEX: Encoding = HEXLOWER_PERMISSIVE; diff --git a/src/stats/aggregated.rs b/src/stats/aggregated.rs index 2ba4ee4..af31e00 100644 --- a/src/stats/aggregated.rs +++ b/src/stats/aggregated.rs @@ -12,13 +12,13 @@ // See the License for the specific language governing permissions and // limitations under the License. +use crate::stats::ClientStatEntry; +use crate::stats::ServerStats; +use crate::Error; use std::collections::hash_map::Iter; use std::collections::HashMap; use std::net::IpAddr; -use crate::stats::ClientStatEntry; -use crate::stats::ServerStats; - /// /// Implementation of `ServerStats` that provides high-level aggregated client statistics. No /// per-client statistic are maintained and runtime memory use is constant. @@ -70,7 +70,7 @@ impl ServerStats for AggregatedStats { self.classic_requests += 1 } - fn add_invalid_request(&mut self, _: &IpAddr) { + fn add_invalid_request(&mut self, _: &IpAddr, _: &Error) { self.invalid_requests += 1 } diff --git a/src/stats/mod.rs b/src/stats/mod.rs index 3faa8dd..225c68c 100644 --- a/src/stats/mod.rs +++ b/src/stats/mod.rs @@ -16,11 +16,11 @@ //! Facilities for tracking client requests to the server //! -use std::collections::hash_map::Iter; -use std::net::IpAddr; - pub use crate::stats::aggregated::AggregatedStats; pub use crate::stats::per_client::PerClientStats; +use crate::Error; +use std::collections::hash_map::Iter; +use std::net::IpAddr; mod aggregated; mod per_client; @@ -65,7 +65,7 @@ pub trait ServerStats { fn add_classic_request(&mut self, addr: &IpAddr); - fn add_invalid_request(&mut self, addr: &IpAddr); + fn add_invalid_request(&mut self, addr: &IpAddr, err: &Error); fn add_failed_send_attempt(&mut self, addr: &IpAddr); @@ -110,9 +110,9 @@ pub trait ServerStats { #[cfg(test)] mod test { - use std::net::{IpAddr, Ipv4Addr}; - use crate::stats::{PerClientStats, ServerStats}; + use crate::Error; + use std::net::{IpAddr, Ipv4Addr}; #[test] fn simple_stats_starts_empty() { @@ -145,7 +145,7 @@ mod test { assert_eq!(stats.num_classic_requests(), 3); assert_eq!(stats.num_rfc_requests(), 1); - stats.add_invalid_request(&ip2); + stats.add_invalid_request(&ip2, &Error::RequestTooLarge); assert_eq!(stats.total_invalid_requests(), 1); assert_eq!(stats.total_unique_clients(), 3); diff --git a/src/stats/per_client.rs b/src/stats/per_client.rs index 845d438..38a9c98 100644 --- a/src/stats/per_client.rs +++ b/src/stats/per_client.rs @@ -12,13 +12,13 @@ // See the License for the specific language governing permissions and // limitations under the License. +use crate::stats::ClientStatEntry; +use crate::stats::ServerStats; +use crate::Error; use std::collections::hash_map::Iter; use std::collections::HashMap; use std::net::IpAddr; -use crate::stats::ClientStatEntry; -use crate::stats::ServerStats; - /// /// Implementation of `ServerStats` that provides granular per-client request/response counts. /// @@ -98,7 +98,7 @@ impl ServerStats for PerClientStats { .classic_requests += 1; } - fn add_invalid_request(&mut self, addr: &IpAddr) { + fn add_invalid_request(&mut self, addr: &IpAddr, _: &Error) { if self.too_many_entries() { return; } diff --git a/src/tag.rs b/src/tag.rs index 1a245dd..45210f1 100644 --- a/src/tag.rs +++ b/src/tag.rs @@ -49,6 +49,8 @@ pub enum Tag { } impl Tag { + pub (crate) const HASH_PREFIX_SRV: &'static [u8] = &[0xff]; + const BYTES_CERT: &'static [u8] = b"CERT"; const BYTES_DELE: &'static [u8] = b"DELE"; const BYTES_INDX: &'static [u8] = b"INDX"; diff --git a/src/version.rs b/src/version.rs index bef74b5..cc5beb2 100644 --- a/src/version.rs +++ b/src/version.rs @@ -20,11 +20,11 @@ pub enum Version { /// Original Google version from https://roughtime.googlesource.com/roughtime/+/HEAD/PROTOCOL.md Classic, - /// IETF standardized version + /// Placeholder for final IETF standardized version Rfc, - /// IETF draft version 8 - RfcDraft8, + /// IETF draft version 11 + RfcDraft11, } // Google classic (unused) @@ -35,9 +35,9 @@ const STR_VER_CLASSIC: &'static str = "Classic"; const BYTES_VER_RFC: &'static [u8] = &[0x01, 0x00, 0x00, 0x00]; const STR_VER_RFC: &'static str = "Rfc"; -// RFC draft 8 (keep updated as draft evolves) -const BYTES_VER_RFC_DRAFT8: &'static [u8] = &[0x08, 0x00, 0x00, 0x80]; -const STR_VER_RFC_DRAFT8: &'static str = "RfcDraft8"; +// RFC draft 11 (keep updated as draft evolves) +const BYTES_VER_RFC_DRAFT11: &'static [u8] = &[0x0b, 0x00, 0x00, 0x80]; +const STR_VER_RFC_DRAFT11: &'static str = "RfcDraft11"; impl Version { /// On-the-wire representation of the version value @@ -45,7 +45,7 @@ impl Version { match self { Version::Classic => BYTES_VER_CLASSIC, Version::Rfc => BYTES_VER_RFC, - Version::RfcDraft8 => BYTES_VER_RFC_DRAFT8, + Version::RfcDraft11 => BYTES_VER_RFC_DRAFT11, } } @@ -54,7 +54,7 @@ impl Version { match self { Version::Classic => STR_VER_CLASSIC, Version::Rfc => STR_VER_RFC, - Version::RfcDraft8 => STR_VER_RFC_DRAFT8, + Version::RfcDraft11 => STR_VER_RFC_DRAFT11, } } }