dohertj2/mxaccess
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[M5] mxaccess-asb-nettcp: M5 plan + F19 deps + F23 auth crypto port

Browse Source 
F18 plans M5 as 9 sub-followups (F18-F26 + F27 constant-time DH) per
design/dependencies.md:73-89. Wave-1 streams F20-F23+F24 are parallel-safe
after F19 (workspace deps). F25 (ASB client) is sequential after the
framing/encoder streams. F26 (Session over AsbTransport) is sequential
after F25.

F19 — workspace deps for the M5 crypto + framing surface: hmac, md-5,
sha1, sha2, aes, cbc, pbkdf2, flate2, rand, num-bigint, num-traits,
num-integer, quick-xml, tokio-util, zeroize. Pinned to the digest 0.10 /
cipher 0.4 generation matching mxaccess-rpc.

F23 — ports `AsbSystemAuthenticator.cs` (167 LoC) to
`mxaccess-asb-nettcp::auth`. Wire-byte parity points: .NET BigInteger
little-endian two's-complement byte order with optional 0x00 sign-byte
suffix; AES-128-CBC with PKCS7 padding; PBKDF2-SHA1 1000 iterations
over `Convert.ToBase64String(crypto_key)` with ASCII salt
"ArchestrAService"; deflate-then-AES (Baktun) vs raw-AES (Apollo)
selected by `:V2` lifetime suffix; HMAC-MD5/SHA1/SHA512 negotiated per
`AsbSolutionCryptoParameters.HashAlgorithm` (with `force_hmac=true`
fallback to HMAC-SHA1 for unrecognised algorithms).

13 unit tests cover the cryptographic primitives + DH peer agreement +
.NET byte-order round-trip + Apollo lifetime dispatch.

F27 — filed for the `num-bigint` → `crypto-bigint::BoxedUint` swap once
the latter exposes a stable heap-allocated `pow_mod`. Currently at
parity with the .NET reference (also not constant-time).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Joseph Doherty
2026-05-05 10:36:15 -04:00
parent a5d31cc2e1
commit ed17c07c10
6 changed files with 994 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rust/Cargo.toml
+27
View File
@@ -31,6 +31,33 @@ futures-util = "0.3"
bytes = "1"
byteorder = "1"
tokio = { version = "1", features = ["net", "io-util", "rt-multi-thread", "sync", "time", "macros"] }
# M5 ASB transport (F19). Crypto crates target the digest 0.10 / cipher 0.4
# generation (the line that hmac 0.12, md-5 0.10, sha1 0.10, sha2 0.10,
# aes 0.8, cbc 0.1, pbkdf2 0.12 all share). mxaccess-rpc is already on this
# generation (crates/mxaccess-rpc/Cargo.toml:13-18); M5 sticks with it for
# resolved-graph coherence. The design doc at design/30-crate-topology.md:251-289
# prescribed the 0.11/0.5 generation but the rpc crate landed earlier on the
# 0.10/0.4 line — when those two diverge, the implementation is canonical.
hmac = "0.12"
md-5 = "0.10"
sha1 = "0.10"
sha2 = "0.10"
aes = "0.8"
cbc = { version = "0.1", features = ["std"] }
pbkdf2 = { version = "0.12", default-features = false, features = ["hmac"] }
flate2 = "1"
rand = "0.8"
# DH bigint. NOTE: num-bigint::modpow is not constant-time. The DH private
# exponent is long-lived (AsbSystemAuthenticator.cs:153-166); .NET BigInteger
# also isn't constant-time, so we are at parity with the reference. Tracked
# as F27 to swap to crypto-bigint::BoxedUint once that crate exposes a stable
# pow_mod over heap-allocated values — design/30-crate-topology.md:269-274.
num-bigint = "0.4"
num-traits = "0.2"
num-integer = "0.1"
quick-xml = "0.36"
tokio-util = { version = "0.7", features = ["codec"] }
zeroize = { version = "1", features = ["zeroize_derive"] }
[workspace.lints.rust]
unsafe_op_in_unsafe_fn = "warn"