Get rid of make_array (#280)

cloudflare · Jul 1, 2022 · 3bcdca9 · 3bcdca9
1 parent dff941d
commit 3bcdca9
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 32 deletions.
diff --git a/boringtun/src/noise/handshake.rs b/boringtun/src/noise/handshake.rs
@@ -3,7 +3,6 @@
 
 use super::{HandshakeInit, HandshakeResponse, PacketCookieReply};
 use crate::noise::errors::WireGuardError;
-use crate::noise::make_array;
 use crate::noise::session::Session;
 use aead::{Aead, NewAead, Payload};
 use blake2::digest::{FixedOutput, KeyInit};
@@ -196,13 +195,14 @@ impl Tai64N {
     }
 
     /// Parse a timestamp from a 12 byte u8 slice
-    fn parse(buf: &[u8]) -> Result<Tai64N, WireGuardError> {
+    fn parse(buf: &[u8; 12]) -> Result<Tai64N, WireGuardError> {
         if buf.len() < 12 {
             return Err(WireGuardError::InvalidTai64nTimestamp);
         }
 
-        let secs = u64::from_be_bytes(make_array(&buf[0..]));
-        let nano = u32::from_be_bytes(make_array(&buf[8..]));
+        let (sec_bytes, nano_bytes) = buf.split_at(std::mem::size_of::<u64>());
+        let secs = u64::from_be_bytes(sec_bytes.try_into().unwrap());
+        let nano = u32::from_be_bytes(nano_bytes.try_into().unwrap());
 
         // WireGuard does not actually expect tai64n timestamp, just monotonically increasing one
         //if secs < (1u64 << 62) || secs >= (1u64 << 63) {

diff --git a/boringtun/src/noise/mod.rs b/boringtun/src/noise/mod.rs
@@ -16,7 +16,7 @@ use crate::noise::rate_limiter::RateLimiter;
 use crate::noise::timers::{TimerName, Timers};
 
 use std::collections::VecDeque;
-use std::convert::TryFrom;
+use std::convert::{TryFrom, TryInto};
 use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
 use std::sync::atomic::{AtomicUsize, Ordering};
 use std::sync::Arc;
@@ -266,31 +266,31 @@ impl Tunn {
         }
 
         // Checks the type, as well as the reserved zero fields
-        let packet_type = u32::from_le_bytes(make_array(&src[0..4]));
+        let packet_type = u32::from_le_bytes(src[0..4].try_into().unwrap());
 
         Ok(match (packet_type, src.len()) {
             (HANDSHAKE_INIT, HANDSHAKE_INIT_SZ) => Packet::HandshakeInit(HandshakeInit {
-                sender_idx: u32::from_le_bytes(make_array(&src[4..8])),
+                sender_idx: u32::from_le_bytes(src[4..8].try_into().unwrap()),
                 unencrypted_ephemeral: <&[u8; 32] as TryFrom<&[u8]>>::try_from(&src[8..40])
                     .expect("length already checked above"),
                 encrypted_static: &src[40..88],
                 encrypted_timestamp: &src[88..116],
             }),
             (HANDSHAKE_RESP, HANDSHAKE_RESP_SZ) => Packet::HandshakeResponse(HandshakeResponse {
-                sender_idx: u32::from_le_bytes(make_array(&src[4..8])),
-                receiver_idx: u32::from_le_bytes(make_array(&src[8..12])),
+                sender_idx: u32::from_le_bytes(src[4..8].try_into().unwrap()),
+                receiver_idx: u32::from_le_bytes(src[8..12].try_into().unwrap()),
                 unencrypted_ephemeral: <&[u8; 32] as TryFrom<&[u8]>>::try_from(&src[12..44])
                     .expect("length already checked above"),
                 encrypted_nothing: &src[44..60],
             }),
             (COOKIE_REPLY, COOKIE_REPLY_SZ) => Packet::PacketCookieReply(PacketCookieReply {
-                receiver_idx: u32::from_le_bytes(make_array(&src[4..8])),
+                receiver_idx: u32::from_le_bytes(src[4..8].try_into().unwrap()),
                 nonce: &src[8..32],
                 encrypted_cookie: &src[32..64],
             }),
             (DATA, DATA_OVERHEAD_SZ..=std::usize::MAX) => Packet::PacketData(PacketData {
-                receiver_idx: u32::from_le_bytes(make_array(&src[4..8])),
-                counter: u64::from_le_bytes(make_array(&src[8..16])),
+                receiver_idx: u32::from_le_bytes(src[4..8].try_into().unwrap()),
+                counter: u64::from_le_bytes(src[8..16].try_into().unwrap()),
                 encrypted_encapsulated_packet: &src[16..],
             }),
             _ => return Err(WireGuardError::InvalidPacket),
@@ -457,11 +457,17 @@ impl Tunn {
 
         match packet[0] >> 4 {
             4 if packet.len() >= IPV4_MIN_HEADER_SIZE => {
-                let addr_bytes: [u8; IPV4_IP_SZ] = make_array(&packet[IPV4_DST_IP_OFF..]);
+                let addr_bytes: [u8; IPV4_IP_SZ] = packet
+                    [IPV4_DST_IP_OFF..IPV4_DST_IP_OFF + IPV4_IP_SZ]
+                    .try_into()
+                    .unwrap();
                 Some(IpAddr::from(addr_bytes))
             }
             6 if packet.len() >= IPV6_MIN_HEADER_SIZE => {
-                let addr_bytes: [u8; IPV6_IP_SZ] = make_array(&packet[IPV6_DST_IP_OFF..]);
+                let addr_bytes: [u8; IPV6_IP_SZ] = packet
+                    [IPV6_DST_IP_OFF..IPV6_DST_IP_OFF + IPV6_IP_SZ]
+                    .try_into()
+                    .unwrap();
                 Some(IpAddr::from(addr_bytes))
             }
             _ => None,
@@ -474,16 +480,26 @@ impl Tunn {
         let (computed_len, src_ip_address) = match packet.len() {
             0 => return TunnResult::Done, // This is keepalive, and not an error
             _ if packet[0] >> 4 == 4 && packet.len() >= IPV4_MIN_HEADER_SIZE => {
-                let len_bytes: [u8; IP_LEN_SZ] = make_array(&packet[IPV4_LEN_OFF..]);
-                let addr_bytes: [u8; IPV4_IP_SZ] = make_array(&packet[IPV4_SRC_IP_OFF..]);
+                let len_bytes: [u8; IP_LEN_SZ] = packet[IPV4_LEN_OFF..IPV4_LEN_OFF + IP_LEN_SZ]
+                    .try_into()
+                    .unwrap();
+                let addr_bytes: [u8; IPV4_IP_SZ] = packet
+                    [IPV4_SRC_IP_OFF..IPV4_SRC_IP_OFF + IPV4_IP_SZ]
+                    .try_into()
+                    .unwrap();
                 (
                     u16::from_be_bytes(len_bytes) as usize,
                     IpAddr::from(addr_bytes),
                 )
             }
             _ if packet[0] >> 4 == 6 && packet.len() >= IPV6_MIN_HEADER_SIZE => {
-                let len_bytes: [u8; IP_LEN_SZ] = make_array(&packet[IPV6_LEN_OFF..]);
-                let addr_bytes: [u8; IPV6_IP_SZ] = make_array(&packet[IPV6_SRC_IP_OFF..]);
+                let len_bytes: [u8; IP_LEN_SZ] = packet[IPV6_LEN_OFF..IPV6_LEN_OFF + IP_LEN_SZ]
+                    .try_into()
+                    .unwrap();
+                let addr_bytes: [u8; IPV6_IP_SZ] = packet
+                    [IPV6_SRC_IP_OFF..IPV6_SRC_IP_OFF + IPV6_IP_SZ]
+                    .try_into()
+                    .unwrap();
                 (
                     u16::from_be_bytes(len_bytes) as usize + IPV6_MIN_HEADER_SIZE,
                     IpAddr::from(addr_bytes),
@@ -592,15 +608,3 @@ impl Tunn {
         self.handshake.lock().is_expired()
     }
 }
-
-#[inline(always)]
-pub fn make_array<A, T>(slice: &[T]) -> A
-where
-    A: Sized + Default + AsMut<[T]> + std::borrow::Borrow<[T]>,
-    T: Copy,
-{
-    let mut arr: A = Default::default();
-    let arr_len = arr.borrow().len();
-    <A as AsMut<[T]>>::as_mut(&mut arr).copy_from_slice(&slice[0..arr_len]);
-    arr
-}
diff --git a/boringtun/src/noise/rate_limiter.rs b/boringtun/src/noise/rate_limiter.rs
@@ -1,5 +1,4 @@
 use super::handshake::{b2s_hash, b2s_keyed_mac_16, b2s_keyed_mac_16_2, b2s_mac_24};
-use super::make_array;
 use crate::noise::handshake::{LABEL_COOKIE, LABEL_MAC1};
 use crate::noise::{HandshakeInit, HandshakeResponse, Packet, Tunn, TunnResult, WireGuardError};
 
@@ -50,9 +49,11 @@ pub struct RateLimiter {
 
 impl RateLimiter {
     pub fn new(public_key: &x25519_dalek::PublicKey, limit: u64) -> Self {
+        let mut secret_key = [0u8; 16];
+        OsRng.fill_bytes(&mut secret_key);
         RateLimiter {
             nonce_key: Self::rand_bytes(),
-            secret_key: make_array(&Self::rand_bytes()[..16]),
+            secret_key,
             start_time: Instant::now(),
             nonce_ctr: AtomicU64::new(0),
             mac1_key: b2s_hash(LABEL_MAC1, public_key.as_bytes()),