Skip to content

Commit

Permalink
make sure code is untouched in non-nts-pool mode
Browse files Browse the repository at this point in the history
  • Loading branch information
@squell
squell committed Nov 16, 2023
1 parent 642bfc1 commit 65a7ad4
Showing 1 changed file with 18 additions and 15 deletions.
33 changes: 18 additions & 15 deletions ntp-proto/src/nts_record.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -229,7 +229,8 @@ impl NtsRecord {
pub fn client_key_exchange_records_fixed(
c2s: Vec<u8>,
s2c: Vec<u8>,
) -> [NtsRecord; if cfg!(feature = "ntpv5") { 5 } else { 4 }] {
) -> [NtsRecord; 3 + cfg!(feature = "ntpv5") as usize + cfg!(feature = "nts-pool") as usize]
{
[
#[cfg(feature = "ntpv5")]
NtsRecord::DraftId {
Expand All @@ -249,6 +250,7 @@ impl NtsRecord {
.map(|algorithm| *algorithm as u16)
.collect(),
},
#[cfg(feature = "nts-pool")]
NtsRecord::FixedKeyRequest { c2s, s2c },
NtsRecord::EndOfMessage,
]
Expand Down Expand Up @@ -1136,6 +1138,7 @@ struct ServerKeyExchangeData {
struct KeyMethod {
algorithm: AeadAlgorithm,
/// By default, perform key extraction to acquire the c2s and s2c keys; otherwise, use the fixed keys.
#[cfg(feature = "nts-pool")]
fixed_keys: Option<RequestedKeys>,
}

Expand Down Expand Up @@ -1173,13 +1176,11 @@ impl KeyExchangeServerDecoder {
#[cfg(feature = "nts-pool")]
let fixed_keys = state.fixed_key_request;

#[cfg(not(feature = "nts-pool"))]
let fixed_keys = None;

let algorithm = state.algorithm;

KeyMethod {
algorithm,
#[cfg(feature = "nts-pool")]
fixed_keys,
}
};
Expand Down Expand Up @@ -1397,30 +1398,33 @@ impl KeyExchangeServer {
let protocol = result.protocol;

let algorithm = key_method.algorithm;
tracing::debug!(
?algorithm,
"{}",
if key_method.fixed_keys.is_none() {
"selected AEAD algorithm for key extraction"
} else {
"using fixed keys with AEAD algorithm"
}
);
tracing::debug!(?algorithm, "selected AEAD algorithm",);

#[cfg(feature = "nts-pool")]
let keys = if let Some(keys) = key_method.fixed_keys {
if self.privileged_connection {
tracing::debug!("using fixed keys for AEAD algorithm");
algorithm
.try_into_nts_keys(keys)
.ok_or(KeyExchangeError::InvalidFixedKeyLength)
} else {
tracing::debug!("refused fixed key request due to improper authorization");
Err(KeyExchangeError::UnrecognizedCriticalRecord)
}
} else {
tracing::debug!(
"using AEAD keys extracted from TLS connection"
);
algorithm
.extract_nts_keys(protocol, &self.tls_connection)
.map_err(KeyExchangeError::Tls)
};

#[cfg(not(feature = "nts-pool"))]
let keys = algorithm
.extract_nts_keys(protocol, &self.tls_connection)
.map_err(KeyExchangeError::Tls);

let send_response = || -> Result<(), KeyExchangeError> {
self.send_response(protocol, algorithm, keys?)
.map_err(KeyExchangeError::Io)
Expand Down Expand Up @@ -1474,11 +1478,10 @@ impl KeyExchangeServer {
.find(|&allowed_cert| allowed_cert == cert)
})
.is_some();
#[cfg(not(feature = "nts-pool"))]
let privileged_connection = false;

Ok(Self {
tls_connection,
#[cfg(feature = "nts-pool")]
privileged_connection,
decoder: Some(KeyExchangeServerDecoder::new()),
keyset,
Expand Down

0 comments on commit 65a7ad4

Please sign in to comment.