Release/node/v0.7.0 to master

src/Dockerfile

@@ -14,10 +14,12 @@ WORKDIR /node
 ARG GIT_BRANCH
 ARG GIT_COMMIT
 ARG GIT_COMMIT_DATE
+ARG RUSTFLAGS=""
 
 ENV GIT_BRANCH=${GIT_BRANCH}
 ENV GIT_COMMIT=${GIT_COMMIT}
 ENV GIT_COMMIT_DATE=${GIT_COMMIT_DATE}
+ENV RUSTFLAGS=${RUSTFLAGS}
 
 RUN cargo build --release --bin node --bin console --bin secrets-vault-cli
 

src/Makefile

@@ -57,8 +57,11 @@ fmt:
 	@cargo +nightly fmt $(check) --manifest-path ./tl/ton_tl_codegen/Cargo.toml
 	@cargo +nightly fmt $(check) --manifest-path ./secrets-vault/Cargo.toml
 	@cargo +nightly fmt $(check) --manifest-path ./vm/Cargo.toml
-	@rustfmt +nightly $(check) --edition 2021 --config-path ./ ./common/src/*.rs
-	@rustfmt +nightly $(check) --edition 2021 --config-path ./ ./common/build/*.rs
+	@rustfmt +nightly $(check) --edition 2021 --config-path ./ ./common/src/config.rs
+	@rustfmt +nightly $(check) --edition 2021 --config-path ./ ./common/src/info.rs
+	@rustfmt +nightly $(check) --edition 2021 --config-path ./ ./common/src/log.rs
+	@rustfmt +nightly $(check) --edition 2021 --config-path ./ ./common/src/test.rs
+	@rustfmt +nightly $(check) --edition 2021 --config-path ./ ./common/build/build.rs
 
 #### Tests
 

src/adnl/Cargo.toml

@@ -36,6 +36,10 @@ ton_block = { path = '../block', features = [ 'export_key' ] }
 lockfree = { path = '../lockfree' }
 raptorq = { path = 'raptorq', version = '1.2.1' }
 ton_api = { path = '../tl/ton_api' }
+secrets-vault = { path = '../secrets-vault', default-features = false, features = [
+    "file-storage-json",
+    "hashicorp-storage",
+] }
 
 [dev-dependencies]
 log4rs = '1.2'

src/adnl/src/adnl/client.rs

@@ -10,6 +10,7 @@
  */
 use crate::common::{AdnlHandshake, AdnlStream, AdnlStreamCrypto, Query, TaggedTlObject, Timeouts};
 use rand::{Rng, RngCore};
+use secrets_vault::vault_block::get_key_option_factory;
 use std::{
     convert::TryInto,
     net::SocketAddr,
@@ -29,7 +30,7 @@ use ton_api::{
     },
     AnyBoxedSerialize, IntoBoxed, TLObject,
 };
-use ton_block::{error, fail, Ed25519KeyOption, KeyOption, KeyOptionJson, Result};
+use ton_block::{error, fail, KeyOption, KeyOptionJson, Result};
 
 #[derive(serde::Deserialize, serde::Serialize)]
 pub struct AdnlClientConfigJson {
@@ -84,12 +85,12 @@ impl AdnlClientConfig {
     pub fn from_json_config(
         json_config: &AdnlClientConfigJson,
     ) -> Result<(Option<AdnlClientConfigJson>, Self)> {
-        let server_key = Ed25519KeyOption::from_public_key_json(&json_config.server_key)?;
+        let server_key = get_key_option_factory().from_public_key_json(&json_config.server_key)?;
         let mut result_config = None;
         let client_key = if let Some(key) = &json_config.client_key {
-            Some(Ed25519KeyOption::from_private_key_json(key)?)
+            Some(get_key_option_factory().from_private_key_json(key)?)
         } else {
-            let (json, key) = Ed25519KeyOption::generate_with_json()?;
+            let (json, key) = get_key_option_factory().generate_with_json()?;
             result_config = Some(AdnlClientConfigJson {
                 client_key: Some(json),
                 server_address: json_config.server_address.clone(),
@@ -205,7 +206,7 @@ impl AdnlClient {
         } else {
             AdnlHandshake::build_packet(
                 &mut buf,
-                &Ed25519KeyOption::generate()?,
+                &get_key_option_factory().generate()?,
                 &config.server_key,
                 None,
             )?

src/adnl/src/adnl/common.rs

@@ -205,8 +205,10 @@ impl AdnlHandshake {
             version,
         );
         let hdr = if version.is_some() { 100 } else { 96 };
-        let mut shared_secret = local.shared_secret(other.pub_key()?)?;
-        Self::build_packet_cipher(&mut shared_secret, &checksum).apply_keystream(&mut buf[hdr..]);
+        let shared_secret = local.shared_secret(other.pub_key()?)?;
+        let shared_secret_data: &[u8] = &shared_secret.lock()?;
+        Self::build_packet_cipher(shared_secret_data.try_into()?, &checksum)
+            .apply_keystream(&mut buf[hdr..]);
         Ok(())
     }
 
@@ -220,7 +222,7 @@ impl AdnlHandshake {
     ) -> Result<(Option<Arc<KeyId>>, Option<u16>)> {
         fn process(
             buf: &mut Vec<u8>,
-            secret: &mut [u8; 32],
+            secret: &[u8; 32],
             range: &Range<usize>,
             version: &Option<u16>,
         ) -> Result<()> {
@@ -254,28 +256,34 @@ impl AdnlHandshake {
                         &buf[68..100],
                     ) {
                         range.start += 4;
-                        let mut shared_secret = key.val().shared_secret(buf[32..64].try_into()?)?;
                         let mut tmp = Vec::with_capacity(buf.len() - range.end + range.start);
                         tmp.extend_from_slice(&buf[range.start..range.end]);
                         let version = Some(version);
-                        if process(buf, &mut shared_secret, &range, &version).is_ok() {
+                        let shared_secret = key.val().shared_secret(buf[32..64].try_into()?)?;
+                        let guard = shared_secret.lock()?;
+                        let shared_secret_data: &[u8] = &guard;
+                        if process(buf, shared_secret_data.try_into()?, &range, &version).is_ok() {
                             return Ok((Some(key.key().clone()), version));
                         }
+                        drop(guard);
                         buf[range.start..range.end].copy_from_slice(&tmp);
                     }
                 }
-                let mut shared_secret = key.val().shared_secret(buf[32..64].try_into()?)?;
-                process(buf, &mut shared_secret, &range, &None)?;
+
+                let shared_secret = key.val().shared_secret(buf[32..64].try_into()?)?;
+                let guard = shared_secret.lock()?;
+                let shared_secret_data: &[u8] = &guard;
+                process(buf, shared_secret_data.try_into()?, &range, &None)?;
+                drop(guard);
                 return Ok((Some(key.key().clone()), None));
             }
         }
         Ok((None, None))
     }
 
     #[cfg(any(feature = "client", feature = "node", feature = "server"))]
-    fn build_packet_cipher(shared_secret: &mut [u8; 32], checksum: &[u8; 32]) -> AesCtr {
+    fn build_packet_cipher(shared_secret: &[u8; 32], checksum: &[u8; 32]) -> AesCtr {
         let ret = AdnlCryptoUtils::build_cipher_secure(shared_secret, checksum);
-        shared_secret.iter_mut().for_each(|a| *a = 0);
         ret
     }
 }