diff --git a/README.md b/README.md index 44ce05b182140e6bf4e6397afa2bc6e23503acc9..ab7a3646d790da563fc0d79a7903c7e16c3df934 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ suggest something! [Linux tap device on `std`](embassy/demos/std) running locally. At present the Pico W build is around 150kB binary size - (plus ~200KB [cyw43](https://github.com/embassy-rs/cyw43/) wifi blob), + (plus ~200KB [cyw43](https://github.com/embassy-rs/cyw43/) wifi firmware), using about 30kB RAM per concurrent SSH session (max stack size not confirmed). - [`sunset-async`](async/) adds functionality to use Sunset as a normal SSH client or @@ -78,4 +78,4 @@ will not be cleared. Matt Johnston <matt@ucc.asn.au> It's built on top of lots of other work, particularly Embassy, the rust-crypto crates, -and Salty. +Virtue, and Salty. diff --git a/src/encrypt.rs b/src/encrypt.rs index d16f16969768002a598aadfa9ea47f571786377a..d45e1144b5739b4aeef941d830242d04e0d5ae16 100644 --- a/src/encrypt.rs +++ b/src/encrypt.rs @@ -43,8 +43,8 @@ const MAX_KEY_LEN: usize = 64; pub(crate) struct KeyState { keys: Keys, // Packet sequence numbers. These don't reset with rekeying. - seq_encrypt: Wrapping<u32>, - seq_decrypt: Wrapping<u32>, + pub seq_encrypt: Wrapping<u32>, + pub seq_decrypt: Wrapping<u32>, } impl KeyState { diff --git a/src/kex.rs b/src/kex.rs index 136fb743f7751c30b1b0f971eb65b3851426417f..540a8b7b2ee1baccf9b26e3f34ecea66f2dc69ab 100644 --- a/src/kex.rs +++ b/src/kex.rs @@ -242,6 +242,7 @@ impl Kex { } fn take(&mut self) -> Self { + debug_assert!(!matches!(self, Kex::Taken)); core::mem::replace(self, Kex::Taken) } @@ -583,6 +584,8 @@ impl SharedSecret { } } +// TODO ZeroizeOnDrop. Sha256 doesn't support it yet. +// https://github.com/RustCrypto/hashes/issues/87 pub(crate) struct KexOutput { /// `H` for this exchange, conn takes the first as sess_id h: SessId, diff --git a/src/traffic.rs b/src/traffic.rs index 163fef9b91b43338b27941b39ebe7e3101988c86..eee177874ae2b2d1560426374ab1e34a1310e885 100644 --- a/src/traffic.rs +++ b/src/traffic.rs @@ -325,7 +325,7 @@ impl<'a> TrafOut<'a> { /// Serializes and and encrypts a packet to send pub(crate) fn send_packet(&mut self, p: packets::Packet, keys: &mut KeyState) -> Result<()> { - trace!("send_packet {:?}", p.message_num()); + trace!("send_packet seq {} {:?}", keys.seq_encrypt, p.message_num()); // Either a fresh buffer or appending to write let (idx, len) = match self.state {