Removed Deprecated

jamesgober · jamesgober · commit 349051bd38de · 2025-08-17T19:33:26.000-04:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,7 +13,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 
+### Removed
+- Removed deprecated legacy handshake functions (`derive_shared_key`, `verify_server_ack`, `server_handshake_response`)
+- Removed deprecated message types (`HandshakeInit`, `HandshakeAck`)
+- Removed references to deprecated code from dispatcher, client, and daemon
+- Updated API documentation to reflect removal of legacy handshake functionality
+
 ### Security
+- Enhanced security by removing insecure legacy handshake implementation
 
 
 ## [0.9.3] - 2025-08-17
diff --git a/docs/API.md b/docs/API.md
@@ -560,20 +560,19 @@ The `Message` enum defines the types of messages that can be exchanged.
 pub enum Message {
     Ping,
     Pong,
-    HandshakeInit { client_nonce: u64 },
-    HandshakeAck { server_nonce: u64 },
+    SecureHandshakeInit { pub_key: [u8; 32], timestamp: u64, nonce: Vec<u8> },
+    SecureHandshakeResponse { pub_key: [u8; 32], timestamp: u64, nonce: Vec<u8> },
+    SecureHandshakeConfirm { nonce_verification: Vec<u8> },
     Echo(String),
     Disconnect,
     Unknown,
+    Custom { command: String, data: Vec<u8> },
 }
 ```
 
 ### Handshake
 
-The handshake module provides functions for performing secure handshakes between client and server. It offers two handshake methods:
-
-1. **Legacy Handshake**: A simple nonce-based handshake (deprecated, maintained for backward compatibility)
-2. **Secure ECDH Handshake**: An Elliptic Curve Diffie-Hellman key exchange providing strong security guarantees
+The handshake module provides functions for performing secure handshakes between client and server using Elliptic Curve Diffie-Hellman (ECDH) key exchange, offering strong security guarantees including forward secrecy and protection against various attacks.
 
 #### Secure ECDH Handshake
 
@@ -763,63 +762,9 @@ let server_key = handshake::server_derive_session_key(
 handshake::clear_handshake_data();
 ```
 
-#### Legacy Handshake (Deprecated)
-
-> **Note**: The following functions are deprecated and maintained only for backward compatibility.
-
-##### `client_handshake_init`
-
-Initiates a handshake from the client side.
-
-```rust
-pub fn client_handshake_init() -> Message
-```
-
-**Returns:**
-- `Message`: A `HandshakeInit` message containing a randomly generated nonce
-
-##### `server_handshake_response`
-
-Handles a server-side handshake response.
-
-```rust
-pub fn server_handshake_response(client_nonce: u64) -> Message
-```
-
-**Parameters:**
-- `client_nonce`: The nonce received from the client
-
-**Returns:**
-- `Message`: A `HandshakeAck` message containing the server's response nonce
+#### Legacy Handshake Support
 
-##### `verify_server_ack`
-
-Verifies the server's handshake response.
-
-```rust
-pub fn verify_server_ack(server_nonce: u64, client_nonce: u64) -> bool
-```
-
-**Parameters:**
-- `server_nonce`: The nonce received from the server
-- `client_nonce`: The original client nonce
-
-**Returns:**
-- `bool`: `true` if the server's response is valid, `false` otherwise
-
-##### `derive_shared_key`
-
-Generates a 32-byte symmetric key from the client nonce.
-
-```rust
-pub fn derive_shared_key(client_nonce: u64) -> [u8; 32]
-```
-
-**Parameters:**
-- `client_nonce`: The client nonce
-
-**Returns:**
-- `[u8; 32]`: A 32-byte symmetric key
+> **Note**: Legacy handshake support has been removed from the codebase in favor of the more secure ECDH handshake implementation.
 
 ### Dispatcher
 
diff --git a/src/protocol/dispatcher.rs b/src/protocol/dispatcher.rs
@@ -56,11 +56,6 @@ fn get_opcode(msg: &Message) -> String {
         Message::Ping => "PING",
         Message::Pong => "PONG",
         Message::Echo(_) => "ECHO",
-        // Deprecated handshake messages (still need to handle them)
-        #[allow(deprecated)]
-        Message::HandshakeInit { .. } => "HS_INIT",
-        #[allow(deprecated)]
-        Message::HandshakeAck { .. } => "HS_ACK",
         // Secure handshake messages
         Message::SecureHandshakeInit { .. } => "SEC_HS_INIT",
         Message::SecureHandshakeResponse { .. } => "SEC_HS_RESP",
diff --git a/src/protocol/handshake.rs b/src/protocol/handshake.rs
@@ -598,17 +598,7 @@ fn client_derive_session_key_internal(test_nonce: Option<[u8; 16]>) -> Result<[u
     Ok(session_key)
 }
 
-/// Derive a shared key from the ECDH exchange using insecure legacy method
-/// This should only be used for backward compatibility
-#[deprecated(note = "Use derive_secure_key instead")]
-pub fn derive_shared_key(client_nonce: u64) -> [u8; 32] {
-    let mut key = [0u8; 32];
-    let nonce_bytes = client_nonce.to_le_bytes();
-    for i in 0..32 {
-        key[i] = nonce_bytes[i % 8] ^ (0xA5 ^ (i as u8));
-    }
-    key
-}
+// Removed deprecated derive_shared_key function
 
 /// Legacy client handshake function for compatibility
 /// Now uses the secure handshake implementation
@@ -643,55 +633,9 @@ pub fn client_handshake_init() -> Result<(u64, Message)> {
     }))
 }
 
-/// Legacy handshake verification function for compatibility
-/// @deprecated Use client_secure_handshake_verify instead
-#[deprecated(note = "Use client_secure_handshake_verify instead")]
-pub fn verify_server_ack(server_nonce: u64, client_nonce: u64) -> bool {
-    // Legacy verification simply checks if nonces are not zero
-    server_nonce != 0 && client_nonce != 0
-}
+// Removed deprecated verify_server_ack function
 
-/// Legacy server handshake response for compatibility
-/// @deprecated Use server_secure_handshake_response instead
-#[deprecated(note = "Use server_secure_handshake_response instead")]
-pub fn server_handshake_response(client_nonce: u64) -> Message {
-    let mut rng = OsRng;
-    let server_nonce = rng.next_u64();
-    
-    // Generate a server key pair for compatibility with secure handshake
-    let server_secret = EphemeralSecret::random_from_rng(OsRng);
-    let server_public = PublicKey::from(&server_secret);
-    
-    // Convert u64 nonces to proper format
-    let mut client_nonce_bytes = [0u8; 16];
-    client_nonce_bytes[0..8].copy_from_slice(&client_nonce.to_le_bytes());
-    
-    let mut server_nonce_bytes = [0u8; 16];
-    server_nonce_bytes[0..8].copy_from_slice(&server_nonce.to_le_bytes());
-    
-    // Create verification hash of client nonce
-    let nonce_verification = hash_nonce(&client_nonce_bytes);
-    
-    // Store server keys and nonces
-    let mut server_keys = SERVER_KEYS.lock().unwrap();
-    server_keys.secret = Some(server_secret);
-    server_keys.public = Some(server_public.to_bytes());
-    server_keys.client_nonce = Some(client_nonce_bytes);
-    server_keys.server_nonce = Some(server_nonce_bytes);
-    
-    // Convert client nonce bytes to a proper public key format for compatibility
-    // This is just for backward compatibility - in real secure handshake this would be a real public key
-    let mut dummy_client_pub = [0u8; 32];
-    dummy_client_pub[..16].copy_from_slice(&client_nonce_bytes);
-    dummy_client_pub[16..32].copy_from_slice(&client_nonce_bytes); // Duplicate to fill 32 bytes
-    server_keys.client_public = Some(dummy_client_pub);
-    
-    Message::SecureHandshakeResponse { 
-        pub_key: server_public.to_bytes(),
-        nonce: server_nonce_bytes,
-        nonce_verification,
-    }
-}
+// Removed deprecated server_handshake_response function
 
 /// Clears handshake data for clean test runs
 pub fn clear_handshake_data() -> Result<()> {
diff --git a/src/protocol/message.rs b/src/protocol/message.rs
@@ -1,22 +1,11 @@
-#![allow(deprecated)]
-
 use serde::{Serialize, Deserialize};
 
 #[derive(Debug, Serialize, Deserialize, Clone)]
 #[repr(u8)]
-#[allow(deprecated)]
 pub enum Message {
     Ping,
     Pong,
 
-    /// Legacy handshake types (deprecated)
-    #[allow(deprecated)]
-    #[deprecated(note = "Use SecureHandshakeInit instead")]
-    HandshakeInit { client_nonce: u64 },
-    #[allow(deprecated)]
-    #[deprecated(note = "Use SecureHandshakeResponse instead")]
-    HandshakeAck { server_nonce: u64 },
-
     /// Secure handshake using ECDH key exchange
     /// Client initiates with its public key and a timestamp to prevent replay attacks
     SecureHandshakeInit {
diff --git a/src/service/client.rs b/src/service/client.rs
@@ -7,8 +7,6 @@ use crate::core::packet::Packet;
 use crate::protocol::message::Message;
 // Import secure handshake functions
 use crate::protocol::handshake::{client_secure_handshake_init, client_secure_handshake_verify, client_derive_session_key};
-// Keep deprecated imports for reference but commented out
-// use crate::protocol::handshake::{client_handshake_init, verify_server_ack, derive_shared_key};
 use crate::service::secure::SecureConnection;
 use crate::transport::remote;
 use crate::error::{Result, ProtocolError};
@@ -30,26 +28,6 @@ impl Client {
         //     // Legacy handshake process
         //     let (client_nonce, handshake) = client_handshake_init();
         //     
-        //     let handshake_bytes = bincode::serialize(&handshake)?;
-        //     framed.send(Packet {
-        //         version: 1,
-        //         payload: handshake_bytes,
-        //     }).await?;
-        //     
-        //     let packet = framed.next().await.ok_or(ProtocolError::Timeout)??;
-        //     let ack: Message = bincode::deserialize(&packet.payload)?;
-        //     match ack {
-        //         Message::HandshakeAck { server_nonce } => {
-        //             if !verify_server_ack(server_nonce, client_nonce) {
-        //                 return Err(ProtocolError::HandshakeError("Invalid handshake ack".into()));
-        //             }
-        //         }
-        //         _ => return Err(ProtocolError::UnexpectedMessage),
-        //     }
-        //     
-        //     Ok(derive_shared_key(client_nonce))
-        // }
-        
         // --- Secure Handshake Process ---
         // Step 1: Send client init with public key, nonce, and timestamp
         let init_msg = client_secure_handshake_init()?;
diff --git a/src/service/daemon.rs b/src/service/daemon.rs
@@ -11,8 +11,6 @@ use crate::core::packet::Packet;
 use crate::protocol::message::Message;
 // Import secure handshake functions
 use crate::protocol::handshake::{server_secure_handshake_response, server_secure_handshake_finalize, clear_handshake_data};
-// Legacy imports (commented out for reference)
-// use crate::protocol::handshake::{server_handshake_response, derive_shared_key};
 use crate::protocol::dispatcher::Dispatcher;
 use crate::service::secure::SecureConnection;
 use crate::error::{Result, ProtocolError};
