udp: symmetric encrypted cookie

Author: da2ce7

Cargo.lock

@@ -38,8 +38,10 @@ axum-extra = { version = "0", features = ["query"] }
 axum-server = { version = "0", features = ["tls-rustls"] }
 bittorrent-primitives = "0.1.0"
 bittorrent-tracker-client = { version = "3.0.0-develop", path = "packages/tracker-client" }
+blowfish = "0"
 camino = { version = "1", features = ["serde", "serde1"] }
 chrono = { version = "0", default-features = false, features = ["clock"] }
+cipher = "0"
 clap = { version = "4", features = ["derive", "env"] }
 crossbeam-skiplist = "0"
 dashmap = "6"

Cargo.toml

@@ -52,6 +52,7 @@
         "downloadedi",
         "dtolnay",
         "elif",
+        "endianness",
         "Eray",
         "filesd",
         "flamegraph",
@@ -161,6 +162,7 @@
         "Trackon",
         "typenum",
         "Unamed",
+        "underflows",
         "untuple",
         "uroot",
         "Vagaa",

cSpell.json

@@ -26,7 +26,6 @@
 pub mod clock;
 pub mod conv;
 pub mod static_time;
-pub mod time_extent;
 
 #[macro_use]
 extern crate lazy_static;
@@ -41,13 +40,3 @@ pub(crate) type CurrentClock = clock::Working;
 #[cfg(test)]
 #[allow(dead_code)]
 pub(crate) type CurrentClock = clock::Stopped;
-
-/// Working version, for production.
-#[cfg(not(test))]
-#[allow(dead_code)]
-pub(crate) type DefaultTimeExtentMaker = time_extent::WorkingTimeExtentMaker;
-
-/// Stopped version, for testing.
-#[cfg(test)]
-#[allow(dead_code)]
-pub(crate) type DefaultTimeExtentMaker = time_extent::StoppedTimeExtentMaker;

packages/clock/src/lib.rs

@@ -1,4 +1,5 @@
 use std::net::{IpAddr, Ipv4Addr, SocketAddr};
+use std::time::Duration;
 
 use serde::{Deserialize, Serialize};
 
@@ -10,11 +11,16 @@ pub struct UdpTracker {
     /// system to choose a random port, use port `0`.
     #[serde(default = "UdpTracker::default_bind_address")]
     pub bind_address: SocketAddr,
+
+    /// The lifetime of the server-generated connection cookie, that is passed
+    /// the client as the `ConnectionId`.
+    pub cookie_lifetime: Duration,
 }
 impl Default for UdpTracker {
     fn default() -> Self {
         Self {
             bind_address: Self::default_bind_address(),
+            cookie_lifetime: Self::default_cookie_lifetime(),
         }
     }
 }
@@ -23,4 +29,8 @@ impl UdpTracker {
     fn default_bind_address() -> SocketAddr {
         SocketAddr::new(IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)), 6969)
     }
+
+    fn default_cookie_lifetime() -> Duration {
+        Duration::from_secs(120)
+    }
 }

packages/clock/src/time_extent/mod.rs

@@ -1,6 +1,7 @@
 //! Tracker configuration factories for testing.
 use std::env;
 use std::net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr};
+use std::time::Duration;
 
 use torrust_tracker_configuration::{Configuration, HttpApi, HttpTracker, Threshold, UdpTracker};
 
@@ -47,6 +48,7 @@ pub fn ephemeral() -> Configuration {
     let udp_port = 0u16;
     config.udp_trackers = Some(vec![UdpTracker {
         bind_address: SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), udp_port),
+        cookie_lifetime: Duration::from_secs(120),
     }]);
 
     // Ephemeral socket address for HTTP tracker

packages/configuration/src/v2_0_0/udp_tracker.rs

@@ -23,6 +23,7 @@ use crate::bootstrap;
 use crate::core::services::tracker_factory;
 use crate::core::Tracker;
 use crate::shared::crypto::ephemeral_instance_keys;
+use crate::shared::crypto::keys::{self, Keeper as _};
 
 /// It loads the configuration from the environment and builds the main domain [`Tracker`] struct.
 ///
@@ -32,6 +33,9 @@ use crate::shared::crypto::ephemeral_instance_keys;
 #[must_use]
 #[instrument(skip())]
 pub fn setup() -> (Configuration, Arc<Tracker>) {
+    #[cfg(not(test))]
+    check_seed();
+
     let configuration = initialize_configuration();
 
     if let Err(e) = configuration.validate() {
@@ -45,6 +49,18 @@ pub fn setup() -> (Configuration, Arc<Tracker>) {
     (configuration, tracker)
 }
 
+/// checks if the seed is the instance seed in production.
+///
+/// # Panics
+///
+/// It would panic if the seed is not the instance seed.
+pub fn check_seed() {
+    let seed = keys::Current::get_seed();
+    let instance = keys::Instance::get_seed();
+
+    assert_eq!(seed, instance, "maybe using zeroed see in production!?");
+}
+
 /// It initializes the application with the given configuration.
 ///
 /// The configuration may be obtained from the environment (via config file or env vars).
@@ -69,6 +85,12 @@ pub fn initialize_static() {
 
     // Initialize the Ephemeral Instance Random Seed
     lazy_static::initialize(&ephemeral_instance_keys::RANDOM_SEED);
+
+    // Initialize the Ephemeral Instance Random Cipher
+    lazy_static::initialize(&ephemeral_instance_keys::RANDOM_CIPHER_BLOWFISH);
+
+    // Initialize the Zeroed Cipher
+    lazy_static::initialize(&ephemeral_instance_keys::ZEROED_TEST_CIPHER_BLOWFISH);
 }
 
 /// It builds the domain tracker

packages/test-helpers/src/configuration.rs

@@ -32,9 +32,10 @@ use crate::servers::udp::UDP_TRACKER_LOG_TARGET;
 #[instrument(skip(config, tracker, form))]
 pub async fn start_job(config: &UdpTracker, tracker: Arc<core::Tracker>, form: ServiceRegistrationForm) -> JoinHandle<()> {
     let bind_to = config.bind_address;
+    let cookie_lifetime = config.cookie_lifetime;
 
     let server = Server::new(Spawner::new(bind_to))
-        .start(tracker, form)
+        .start(tracker, form, cookie_lifetime)
         .await
         .expect("it should be able to start the udp tracker");
 

src/bootstrap/app.rs

@@ -488,7 +488,7 @@
 //! In addition to the production code documentation you can find a lot of
 //! examples on the integration and unit tests.
 
-use torrust_tracker_clock::{clock, time_extent};
+use torrust_tracker_clock::clock;
 
 pub mod app;
 pub mod bootstrap;
@@ -510,13 +510,3 @@ pub(crate) type CurrentClock = clock::Working;
 #[cfg(test)]
 #[allow(dead_code)]
 pub(crate) type CurrentClock = clock::Stopped;
-
-/// Working version, for production.
-#[cfg(not(test))]
-#[allow(dead_code)]
-pub(crate) type DefaultTimeExtentMaker = time_extent::WorkingTimeExtentMaker;
-
-/// Stopped version, for testing.
-#[cfg(test)]
-#[allow(dead_code)]
-pub(crate) type DefaultTimeExtentMaker = time_extent::StoppedTimeExtentMaker;

src/bootstrap/jobs/udp_tracker.rs

@@ -1,12 +1,30 @@
 //! Error types for the UDP server.
 use std::panic::Location;
 
+use aquatic_udp_protocol::ConnectionId;
+use derive_more::derive::Display;
 use thiserror::Error;
 use torrust_tracker_located_error::LocatedError;
 
+#[derive(Display, Debug)]
+#[display(":?")]
+pub struct ConnectionCookie(pub ConnectionId);
+
 /// Error returned by the UDP server.
 #[derive(Error, Debug)]
 pub enum Error {
+    #[error("the issue time should be a normal floating point number")]
+    InvalidCookieIssueTime { invalid_value: f64 },
+
+    #[error("connection id was decoded, but could not be understood")]
+    InvalidConnectionId { bad_id: ConnectionCookie },
+
+    #[error("connection id was decoded, but was expired (too old)")]
+    ConnectionIdExpired { bad_age: f64, min_age: f64 },
+
+    #[error("connection id was decoded, but was invalid (from future)")]
+    ConnectionIdFromFuture { future_age: f64, max_age: f64 },
+
     /// Error returned when the domain tracker returns an error.
     #[error("tracker server error: {source}")]
     TrackerError {
@@ -20,10 +38,6 @@ pub enum Error {
         message: String,
     },
 
-    /// Error returned when the connection id could not be verified.
-    #[error("connection id could not be verified")]
-    InvalidConnectionId { location: &'static Location<'static> },
-
     /// Error returned when the request is invalid.
     #[error("bad request: {source}")]
     BadRequest {

src/lib.rs

@@ -35,6 +35,7 @@ impl Launcher {
     pub async fn run_with_graceful_shutdown(
         tracker: Arc<Tracker>,
         bind_to: SocketAddr,
+        cookie_lifetime: Duration,
         tx_start: oneshot::Sender<Started>,
         rx_halt: oneshot::Receiver<Halted>,
     ) {
@@ -65,7 +66,7 @@ impl Launcher {
             let local_addr = local_udp_url.clone();
             tokio::task::spawn(async move {
                 tracing::debug!(target: UDP_TRACKER_LOG_TARGET, local_addr, "Udp::run_with_graceful_shutdown::task (listening...)");
-                let () = Self::run_udp_server_main(receiver, tracker.clone()).await;
+                let () = Self::run_udp_server_main(receiver, tracker.clone(), cookie_lifetime).await;
             })
         };
 
@@ -103,14 +104,16 @@ impl Launcher {
     }
 
     #[instrument(skip(receiver, tracker))]
-    async fn run_udp_server_main(mut receiver: Receiver, tracker: Arc<Tracker>) {
+    async fn run_udp_server_main(mut receiver: Receiver, tracker: Arc<Tracker>, cookie_lifetime: Duration) {
         let active_requests = &mut ActiveRequests::default();
 
         let addr = receiver.bound_socket_address();
         let local_addr = format!("udp://{addr}");
 
+        let cookie_lifetime = cookie_lifetime.as_secs_f64();
+
         loop {
-            let processor = Processor::new(receiver.socket.clone(), tracker.clone());
+            let processor = Processor::new(receiver.socket.clone(), tracker.clone(), cookie_lifetime);
 
             if let Some(req) = {
                 tracing::trace!(target: UDP_TRACKER_LOG_TARGET, local_addr, "Udp::run_udp_server (wait for request)");

src/servers/udp/connection_cookie.rs

@@ -76,7 +76,7 @@ mod tests {
         let stopped = Server::new(Spawner::new(bind_to));
 
         let started = stopped
-            .start(tracker, register.give_form())
+            .start(tracker, register.give_form(), config.cookie_lifetime)
             .await
             .expect("it should start the server");
 
@@ -98,7 +98,7 @@ mod tests {
         let stopped = Server::new(Spawner::new(bind_to));
 
         let started = stopped
-            .start(tracker, register.give_form())
+            .start(tracker, register.give_form(), config.cookie_lifetime)
             .await
             .expect("it should start the server");
 

src/servers/udp/error.rs

@@ -3,26 +3,45 @@ use std::net::SocketAddr;
 use std::sync::Arc;
 
 use aquatic_udp_protocol::Response;
+use torrust_tracker_clock::clock::Time as _;
 use tracing::{instrument, Level};
 
 use super::bound_socket::BoundSocket;
 use crate::core::Tracker;
 use crate::servers::udp::{handlers, RawRequest};
+use crate::CurrentClock;
 
 pub struct Processor {
     socket: Arc<BoundSocket>,
     tracker: Arc<Tracker>,
+    cookie_lifetime: f64,
 }
 
 impl Processor {
-    pub fn new(socket: Arc<BoundSocket>, tracker: Arc<Tracker>) -> Self {
-        Self { socket, tracker }
+    pub fn new(socket: Arc<BoundSocket>, tracker: Arc<Tracker>, cookie_lifetime: f64) -> Self {
+        Self {
+            socket,
+            tracker,
+            cookie_lifetime,
+        }
     }
 
     #[instrument(skip(self, request))]
     pub async fn process_request(self, request: RawRequest) {
+        let cookie_issue_time = CurrentClock::now().as_secs_f64();
+        let cookie_expiry_time = cookie_issue_time - self.cookie_lifetime - 1.0;
+        let cookie_tolerance_max_time = cookie_issue_time + 1.0;
+
         let from = request.from;
-        let response = handlers::handle_packet(request, &self.tracker, self.socket.address()).await;
+        let response = handlers::handle_packet(
+            request,
+            &self.tracker,
+            self.socket.address(),
+            cookie_issue_time,
+            cookie_expiry_time,
+            cookie_tolerance_max_time,
+        )
+        .await;
         self.send_response(from, response).await;
     }
 

src/servers/udp/handlers.rs

@@ -1,6 +1,7 @@
 //! A thin wrapper for tokio spawn to launch the UDP server launcher as a new task.
 use std::net::SocketAddr;
 use std::sync::Arc;
+use std::time::Duration;
 
 use derive_more::derive::Display;
 use derive_more::Constructor;
@@ -27,13 +28,14 @@ impl Spawner {
     pub fn spawn_launcher(
         &self,
         tracker: Arc<Tracker>,
+        cookie_lifetime: Duration,
         tx_start: oneshot::Sender<Started>,
         rx_halt: oneshot::Receiver<Halted>,
     ) -> JoinHandle<Spawner> {
         let spawner = Self::new(self.bind_to);
 
         tokio::spawn(async move {
-            Launcher::run_with_graceful_shutdown(tracker, spawner.bind_to, tx_start, rx_halt).await;
+            Launcher::run_with_graceful_shutdown(tracker, spawner.bind_to, cookie_lifetime, tx_start, rx_halt).await;
             spawner
         })
     }

src/servers/udp/server/launcher.rs

@@ -1,6 +1,7 @@
 use std::fmt::Debug;
 use std::net::SocketAddr;
 use std::sync::Arc;
+use std::time::Duration;
 
 use derive_more::derive::Display;
 use derive_more::Constructor;
@@ -62,14 +63,19 @@ impl Server<Stopped> {
     /// It panics if unable to receive the bound socket address from service.
     ///
     #[instrument(skip(self, tracker, form), err, ret(Display, level = Level::INFO))]
-    pub async fn start(self, tracker: Arc<Tracker>, form: ServiceRegistrationForm) -> Result<Server<Running>, std::io::Error> {
+    pub async fn start(
+        self,
+        tracker: Arc<Tracker>,
+        form: ServiceRegistrationForm,
+        cookie_lifetime: Duration,
+    ) -> Result<Server<Running>, std::io::Error> {
         let (tx_start, rx_start) = tokio::sync::oneshot::channel::<Started>();
         let (tx_halt, rx_halt) = tokio::sync::oneshot::channel::<Halted>();
 
         assert!(!tx_halt.is_closed(), "Halt channel for UDP tracker should be open");
 
         // May need to wrap in a task to about a tokio bug.
-        let task = self.state.spawner.spawn_launcher(tracker, tx_start, rx_halt);
+        let task = self.state.spawner.spawn_launcher(tracker, cookie_lifetime, tx_start, rx_halt);
 
         let local_addr = rx_start.await.expect("it should be able to start the service").address;
 

src/servers/udp/server/mod.rs

@@ -2,12 +2,24 @@
 //!
 //! They are ephemeral because they are generated at runtime when the
 //! application starts and are not persisted anywhere.
+
+use blowfish::BlowfishLE;
+use cipher::generic_array::GenericArray;
+use cipher::{BlockSizeUser, KeyInit};
 use rand::rngs::ThreadRng;
 use rand::Rng;
 
 pub type Seed = [u8; 32];
+pub type CipherBlowfish = BlowfishLE;
+pub type CipherArrayBlowfish = GenericArray<u8, <CipherBlowfish as BlockSizeUser>::BlockSize>;
 
 lazy_static! {
     /// The random static seed.
     pub static ref RANDOM_SEED: Seed = Rng::gen(&mut ThreadRng::default());
+
+    /// The random cipher from the seed.
+    pub static ref RANDOM_CIPHER_BLOWFISH: CipherBlowfish = CipherBlowfish::new_from_slice(&Rng::gen::<Seed>(&mut ThreadRng::default())).expect("it could not generate key");
+
+    /// The constant cipher for testing.
+    pub static ref ZEROED_TEST_CIPHER_BLOWFISH: CipherBlowfish = CipherBlowfish::new_from_slice(&[0u8; 32]).expect("it could not generate key");
 }

src/servers/udp/server/processor.rs

@@ -1,110 +1,154 @@
 //! This module contains logic related to cryptographic keys.
-pub mod seeds {
-    //! This module contains logic related to cryptographic seeds.
-    //!
-    //! Specifically, it contains the logic for storing the seed and providing
-    //! it to other modules.
-    //!
-    //! A **seed** is a pseudo-random number that is used as a secret key for
-    //! cryptographic operations.
-    use self::detail::CURRENT_SEED;
-    use crate::shared::crypto::ephemeral_instance_keys::{Seed, RANDOM_SEED};
-
-    /// This trait is for structures that can keep and provide a seed.
-    pub trait Keeper {
-        type Seed: Sized + Default + AsMut<[u8]>;
-
-        /// It returns a reference to the seed that is keeping.
-        fn get_seed() -> &'static Self::Seed;
+//!
+//! Specifically, it contains the logic for storing the seed and providing
+//! it to other modules.
+//!
+//! It also provides the logic for the cipher for encryption and decryption.
+
+use self::detail_cipher::CURRENT_CIPHER;
+use self::detail_seed::CURRENT_SEED;
+pub use crate::shared::crypto::ephemeral_instance_keys::CipherArrayBlowfish;
+use crate::shared::crypto::ephemeral_instance_keys::{CipherBlowfish, Seed, RANDOM_CIPHER_BLOWFISH, RANDOM_SEED};
+
+/// This trait is for structures that can keep and provide a seed.
+pub trait Keeper {
+    type Seed: Sized + Default + AsMut<[u8]>;
+    type Cipher: cipher::BlockCipher;
+
+    /// It returns a reference to the seed that is keeping.
+    fn get_seed() -> &'static Self::Seed;
+    fn get_cipher_blowfish() -> &'static Self::Cipher;
+}
+
+/// The keeper for the instance. When the application is running
+/// in production, this will be the seed keeper that is used.
+pub struct Instance;
+
+/// The keeper for the current execution. It's a facade at compilation
+/// time that will either be the instance seed keeper (with a randomly
+/// generated key for production) or the zeroed seed keeper.
+pub struct Current;
+
+impl Keeper for Instance {
+    type Seed = Seed;
+    type Cipher = CipherBlowfish;
+
+    fn get_seed() -> &'static Self::Seed {
+        &RANDOM_SEED
     }
 
-    /// The seed keeper for the instance. When the application is running
-    /// in production, this will be the seed keeper that is used.
-    pub struct Instance;
+    fn get_cipher_blowfish() -> &'static Self::Cipher {
+        &RANDOM_CIPHER_BLOWFISH
+    }
+}
 
-    /// The seed keeper for the current execution. It's a facade at compilation
-    /// time that will either be the instance seed keeper (with a randomly
-    /// generated key for production) or the zeroed seed keeper.
-    pub struct Current;
+impl Keeper for Current {
+    type Seed = Seed;
+    type Cipher = CipherBlowfish;
 
-    impl Keeper for Instance {
-        type Seed = Seed;
+    #[allow(clippy::needless_borrow)]
+    fn get_seed() -> &'static Self::Seed {
+        &CURRENT_SEED
+    }
 
-        fn get_seed() -> &'static Self::Seed {
-            &RANDOM_SEED
-        }
+    fn get_cipher_blowfish() -> &'static Self::Cipher {
+        &CURRENT_CIPHER
     }
+}
+
+#[cfg(test)]
+mod tests {
+
+    use super::detail_seed::ZEROED_TEST_SEED;
+    use super::{Current, Instance, Keeper};
+    use crate::shared::crypto::ephemeral_instance_keys::{CipherBlowfish, Seed, ZEROED_TEST_CIPHER_BLOWFISH};
 
-    impl Keeper for Current {
+    pub struct ZeroedTest;
+
+    impl Keeper for ZeroedTest {
         type Seed = Seed;
+        type Cipher = CipherBlowfish;
 
         #[allow(clippy::needless_borrow)]
         fn get_seed() -> &'static Self::Seed {
-            &CURRENT_SEED
+            &ZEROED_TEST_SEED
+        }
+
+        fn get_cipher_blowfish() -> &'static Self::Cipher {
+            &ZEROED_TEST_CIPHER_BLOWFISH
         }
     }
 
+    #[test]
+    fn the_default_seed_and_the_zeroed_seed_should_be_the_same_when_testing() {
+        assert_eq!(Current::get_seed(), ZeroedTest::get_seed());
+    }
+
+    #[test]
+    fn the_default_seed_and_the_instance_seed_should_be_different_when_testing() {
+        assert_ne!(Current::get_seed(), Instance::get_seed());
+    }
+}
+
+mod detail_seed {
+    use crate::shared::crypto::ephemeral_instance_keys::Seed;
+
+    #[allow(dead_code)]
+    pub const ZEROED_TEST_SEED: Seed = [0u8; 32];
+
     #[cfg(test)]
-    mod tests {
-        use super::detail::ZEROED_TEST_SEED;
-        use super::{Current, Instance, Keeper};
-        use crate::shared::crypto::ephemeral_instance_keys::Seed;
+    pub use ZEROED_TEST_SEED as CURRENT_SEED;
 
-        pub struct ZeroedTestSeed;
+    #[cfg(not(test))]
+    pub use crate::shared::crypto::ephemeral_instance_keys::RANDOM_SEED as CURRENT_SEED;
 
-        impl Keeper for ZeroedTestSeed {
-            type Seed = Seed;
+    #[cfg(test)]
+    mod tests {
+        use crate::shared::crypto::ephemeral_instance_keys::RANDOM_SEED;
+        use crate::shared::crypto::keys::detail_seed::ZEROED_TEST_SEED;
+        use crate::shared::crypto::keys::CURRENT_SEED;
 
-            #[allow(clippy::needless_borrow)]
-            fn get_seed() -> &'static Self::Seed {
-                &ZEROED_TEST_SEED
-            }
+        #[test]
+        fn it_should_have_a_zero_test_seed() {
+            assert_eq!(ZEROED_TEST_SEED, [0u8; 32]);
         }
 
         #[test]
-        fn the_default_seed_and_the_zeroed_seed_should_be_the_same_when_testing() {
-            assert_eq!(Current::get_seed(), ZeroedTestSeed::get_seed());
+        fn it_should_default_to_zeroed_seed_when_testing() {
+            assert_eq!(CURRENT_SEED, ZEROED_TEST_SEED);
         }
 
         #[test]
-        fn the_default_seed_and_the_instance_seed_should_be_different_when_testing() {
-            assert_ne!(Current::get_seed(), Instance::get_seed());
+        fn it_should_have_a_large_random_seed() {
+            assert!(u128::from_ne_bytes((*RANDOM_SEED)[..16].try_into().unwrap()) > u128::from(u64::MAX));
+            assert!(u128::from_ne_bytes((*RANDOM_SEED)[16..].try_into().unwrap()) > u128::from(u64::MAX));
         }
     }
+}
 
-    mod detail {
-        use crate::shared::crypto::ephemeral_instance_keys::Seed;
-
-        #[allow(dead_code)]
-        pub const ZEROED_TEST_SEED: &Seed = &[0u8; 32];
-
-        #[cfg(test)]
-        pub use ZEROED_TEST_SEED as CURRENT_SEED;
+mod detail_cipher {
+    #[allow(unused_imports)]
+    #[cfg(not(test))]
+    pub use crate::shared::crypto::ephemeral_instance_keys::RANDOM_CIPHER_BLOWFISH as CURRENT_CIPHER;
+    #[cfg(test)]
+    pub use crate::shared::crypto::ephemeral_instance_keys::ZEROED_TEST_CIPHER_BLOWFISH as CURRENT_CIPHER;
 
-        #[cfg(not(test))]
-        pub use crate::shared::crypto::ephemeral_instance_keys::RANDOM_SEED as CURRENT_SEED;
+    #[cfg(test)]
+    mod tests {
+        use cipher::BlockEncrypt;
 
-        #[cfg(test)]
-        mod tests {
-            use crate::shared::crypto::ephemeral_instance_keys::RANDOM_SEED;
-            use crate::shared::crypto::keys::seeds::detail::ZEROED_TEST_SEED;
-            use crate::shared::crypto::keys::seeds::CURRENT_SEED;
+        use crate::shared::crypto::ephemeral_instance_keys::{CipherArrayBlowfish, ZEROED_TEST_CIPHER_BLOWFISH};
+        use crate::shared::crypto::keys::detail_cipher::CURRENT_CIPHER;
 
-            #[test]
-            fn it_should_have_a_zero_test_seed() {
-                assert_eq!(*ZEROED_TEST_SEED, [0u8; 32]);
-            }
+        #[test]
+        fn it_should_default_to_zeroed_seed_when_testing() {
+            let mut data: cipher::generic_array::GenericArray<u8, _> = CipherArrayBlowfish::from([0u8; 8]);
+            let mut data_2 = CipherArrayBlowfish::from([0u8; 8]);
 
-            #[test]
-            fn it_should_default_to_zeroed_seed_when_testing() {
-                assert_eq!(*CURRENT_SEED, *ZEROED_TEST_SEED);
-            }
+            CURRENT_CIPHER.encrypt_block(&mut data);
+            ZEROED_TEST_CIPHER_BLOWFISH.encrypt_block(&mut data_2);
 
-            #[test]
-            fn it_should_have_a_large_random_seed() {
-                assert!(u128::from_ne_bytes((*RANDOM_SEED)[..16].try_into().unwrap()) > u128::from(u64::MAX));
-                assert!(u128::from_ne_bytes((*RANDOM_SEED)[16..].try_into().unwrap()) > u128::from(u64::MAX));
-            }
+            assert_eq!(data, data_2);
         }
     }
 }

src/servers/udp/server/spawner.rs

@@ -55,11 +55,16 @@ impl Environment<Stopped> {
 
     #[allow(dead_code)]
     pub async fn start(self) -> Environment<Running> {
+        let cookie_lifetime = self.config.cookie_lifetime;
         Environment {
             config: self.config,
             tracker: self.tracker.clone(),
             registar: self.registar.clone(),
-            server: self.server.start(self.tracker, self.registar.give_form()).await.unwrap(),
+            server: self
+                .server
+                .start(self.tracker, self.registar.give_form(), cookie_lifetime)
+                .await
+                .unwrap(),
         }
     }
 }