Add warnings about multiple calls to same method in Builder

mcginty · mcginty · commit 308a24d23da1 · 2024-01-25T18:47:15.000-08:00
Since multiple calls to the same method in Builder is not disallowed,
there is a risk of misuse if values are accidentally overwritten.

In later versions of snow, this will not be allowed full-stop, but in
the mean time we'll add a warning here to remain API-compatible.
diff --git a/src/builder.rs b/src/builder.rs
@@ -97,13 +97,23 @@ impl<'builder> Builder<'builder> {
     }
 
     /// Specify a PSK (only used with `NoisePSK` base parameter)
+    ///
+    /// # Safety
+    /// This will overwrite the value provided in any previous call to this method. Please take care
+    /// to ensure this is not a security risk. In future versions, multiple calls to the same
+    /// builder method will be explicitly prohibited.
     pub fn psk(mut self, location: u8, key: &'builder [u8]) -> Self {
         self.psks[location as usize] = Some(key);
         self
     }
 
     /// Your static private key (can be generated with [`generate_keypair()`]).
     ///
+    /// # Safety
+    /// This will overwrite the value provided in any previous call to this method. Please take care
+    /// to ensure this is not a security risk. In future versions, multiple calls to the same
+    /// builder method will be explicitly prohibited.
+    ///
     /// [`generate_keypair()`]: #method.generate_keypair
     pub fn local_private_key(mut self, key: &'builder [u8]) -> Self {
         self.s = Some(key);
@@ -117,12 +127,22 @@ impl<'builder> Builder<'builder> {
     }
 
     /// Arbitrary data to be hashed in to the handshake hash value.
+    ///
+    /// # Safety
+    /// This will overwrite the value provided in any previous call to this method. Please take care
+    /// to ensure this is not a security risk. In future versions, multiple calls to the same
+    /// builder method will be explicitly prohibited.
     pub fn prologue(mut self, key: &'builder [u8]) -> Self {
         self.plog = Some(key);
         self
     }
 
     /// The responder's static public key.
+    ///
+    /// # Safety
+    /// This will overwrite the value provided in any previous call to this method. Please take care
+    /// to ensure this is not a security risk. In future versions, multiple calls to the same
+    /// builder method will be explicitly prohibited.
     pub fn remote_public_key(mut self, pub_key: &'builder [u8]) -> Self {
         self.rs = Some(pub_key);
         self
