gitea-mirror/rosenpass
1
0
Fork 0
mirror of https://github.com/rosenpass/rosenpass.git synced 2026-02-27 14:03:11 -08:00
Code Issues Packages Projects Releases Wiki Activity

stasg

Browse Source
This commit is contained in:
Karolin Varner
2025-11-01 20:49:38 +01:00
parent 8f276f70a6
commit 0c960d57bc
7 changed files with 28 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rosenpass/src/api/boilerplate/byte_slice_ext.rs
View File

@@ -1,4 +1,4 @@
use zerocopy::{ByteSlice, Ref, SplitByteSlice}; use zerocopy::{Ref, SplitByteSlice};
use rosenpass_util::zerocopy::{RefMaker, ZerocopySliceExt}; use rosenpass_util::zerocopy::{RefMaker, ZerocopySliceExt};

25
rosenpass/src/protocol/protocol.rs
View File

@@ -2042,7 +2042,8 @@ impl CryptoServer {
let mut expected = [0u8; COOKIE_SIZE]; let mut expected = [0u8; COOKIE_SIZE];
let msg_in = Ref::<&[u8], Envelope<InitHello>>::new(rx_buf) let msg_in = Ref::<&[u8], Envelope<InitHello>>::from_bytes(rx_buf)
.ok()
.ok_or(RosenpassError::BufferSizeMismatch)?; .ok_or(RosenpassError::BufferSizeMismatch)?;
expected.copy_from_slice( expected.copy_from_slice(
&hash_domains::cookie(KeyedHash::keyed_shake256())? &hash_domains::cookie(KeyedHash::keyed_shake256())?
@@ -2188,7 +2189,7 @@ impl CryptoServer {
let peer = match msg_type { let peer = match msg_type {
Ok(MsgType::InitHello) => { Ok(MsgType::InitHello) => {
let msg_in: Ref<&[u8], Envelope<InitHello>> = let msg_in: Ref<&[u8], Envelope<InitHello>> =
Ref::new(rx_buf).ok_or(RosenpassError::BufferSizeMismatch)?; Ref::from_bytes(rx_buf).ok().ok_or(RosenpassError::BufferSizeMismatch)?;
// At this point, we do not know the hash functon used by the peer, thus we try both, // At this point, we do not know the hash functon used by the peer, thus we try both,
// with a preference for SHAKE256. // with a preference for SHAKE256.
@@ -2222,7 +2223,7 @@ impl CryptoServer {
} }
Ok(MsgType::RespHello) => { Ok(MsgType::RespHello) => {
let msg_in: Ref<&[u8], Envelope<RespHello>> = let msg_in: Ref<&[u8], Envelope<RespHello>> =
Ref::new(rx_buf).ok_or(RosenpassError::BufferSizeMismatch)?; Ref::from_bytes(rx_buf).ok().ok_or(RosenpassError::BufferSizeMismatch)?;
let mut msg_out = truncating_cast_into::<Envelope<InitConf>>(tx_buf)?; let mut msg_out = truncating_cast_into::<Envelope<InitConf>>(tx_buf)?;
let peer = self.handle_resp_hello(&msg_in.payload, &mut msg_out.payload)?; let peer = self.handle_resp_hello(&msg_in.payload, &mut msg_out.payload)?;
@@ -2239,7 +2240,7 @@ impl CryptoServer {
} }
Ok(MsgType::InitConf) => { Ok(MsgType::InitConf) => {
let msg_in: Ref<&[u8], Envelope<InitConf>> = let msg_in: Ref<&[u8], Envelope<InitConf>> =
Ref::new(rx_buf).ok_or(RosenpassError::BufferSizeMismatch)?; Ref::from_bytes(rx_buf).ok().ok_or(RosenpassError::BufferSizeMismatch)?;
let mut msg_out = truncating_cast_into::<Envelope<EmptyData>>(tx_buf)?; let mut msg_out = truncating_cast_into::<Envelope<EmptyData>>(tx_buf)?;
@@ -2258,7 +2259,7 @@ impl CryptoServer {
.map(|v| v.response.borrow()) .map(|v| v.response.borrow())
// Invalid! Found peer no with cache in index but the cache does not exist // Invalid! Found peer no with cache in index but the cache does not exist
.unwrap(); .unwrap();
copy_slice(cached.as_bytes()).to(msg_out.as_bytes_mut()); copy_slice(cached.as_bytes()).to(msg_out.as_mut_bytes());
peer peer
} }
@@ -2270,7 +2271,7 @@ impl CryptoServer {
&msg_in.payload, &msg_in.payload,
&mut msg_out.payload, &mut msg_out.payload,
KeyedHash::keyed_shake256(), KeyedHash::keyed_shake256(),
); );
let (peer, peer_hash_choice) = match peer_shake256 { let (peer, peer_hash_choice) = match peer_shake256 {
Ok(peer) => (peer, KeyedHash::keyed_shake256()), Ok(peer) => (peer, KeyedHash::keyed_shake256()),
Err(_) => { Err(_) => {
@@ -2307,13 +2308,13 @@ impl CryptoServer {
} }
Ok(MsgType::EmptyData) => { Ok(MsgType::EmptyData) => {
let msg_in: Ref<&[u8], Envelope<EmptyData>> = let msg_in: Ref<&[u8], Envelope<EmptyData>> =
Ref::new(rx_buf).ok_or(RosenpassError::BufferSizeMismatch)?; Ref::from_bytes(rx_buf).ok().ok_or(RosenpassError::BufferSizeMismatch)?;
self.handle_resp_conf(&msg_in, seal_broken.to_string())? self.handle_resp_conf(&msg_in, seal_broken.to_string())?
} }
Ok(MsgType::CookieReply) => { Ok(MsgType::CookieReply) => {
let msg_in: Ref<&[u8], CookieReply> = let msg_in: Ref<&[u8], CookieReply> =
Ref::new(rx_buf).ok_or(RosenpassError::BufferSizeMismatch)?; Ref::from_bytes(rx_buf).ok().ok_or(RosenpassError::BufferSizeMismatch)?;
let peer = self.handle_cookie_reply(&msg_in)?; let peer = self.handle_cookie_reply(&msg_in)?;
len = 0; len = 0;
peer peer
@@ -3240,7 +3241,7 @@ impl HandshakeState {
/// out the const generics. /// out the const generics.
/// - By adding a value parameter of type `PhantomData<TV>`, you can choose /// - By adding a value parameter of type `PhantomData<TV>`, you can choose
/// `TV` at the call site while allowing the compiler to infer `KEM_*` /// `TV` at the call site while allowing the compiler to infer `KEM_*`
/// const generics from `ct` and `pk`. /// const generics from `ct` and `pk`.
/// - Call like: `encaps_and_mix_with_test_vector(&StaticKem, &mut ct, pk, /// - Call like: `encaps_and_mix_with_test_vector(&StaticKem, &mut ct, pk,
/// PhantomData::<TestVectorActive>)?;` /// PhantomData::<TestVectorActive>)?;`
pub fn encaps_and_mix_with_test_vector< pub fn encaps_and_mix_with_test_vector<
@@ -3322,7 +3323,7 @@ impl HandshakeState {
let test_values: StoreBiscuitTestValues = TV::initialize_values(); let test_values: StoreBiscuitTestValues = TV::initialize_values();
let mut biscuit = Secret::<BISCUIT_PT_LEN>::zero(); // pt buffer let mut biscuit = Secret::<BISCUIT_PT_LEN>::zero(); // pt buffer
let mut biscuit: Ref<&mut [u8], Biscuit> = let mut biscuit: Ref<&mut [u8], Biscuit> =
Ref::new(biscuit.secret_mut().as_mut_slice()).unwrap(); Ref::from_bytes(biscuit.secret_mut().as_mut_slice()).unwrap();
// calculate pt contents // calculate pt contents
biscuit biscuit
@@ -3384,9 +3385,9 @@ impl HandshakeState {
// Allocate and decrypt the biscuit data // Allocate and decrypt the biscuit data
let mut biscuit = Secret::<BISCUIT_PT_LEN>::zero(); // pt buf let mut biscuit = Secret::<BISCUIT_PT_LEN>::zero(); // pt buf
let mut biscuit: Ref<&mut [u8], Biscuit> = let mut biscuit: Ref<&mut [u8], Biscuit> =
Ref::new(biscuit.secret_mut().as_mut_slice()).unwrap(); Ref::from_bytes(biscuit.secret_mut().as_mut_slice()).unwrap();
XAead.decrypt_with_nonce_in_ctxt( XAead.decrypt_with_nonce_in_ctxt(
biscuit.as_bytes_mut(), biscuit.as_mut_bytes(),
bk.get(srv).value.secret(), bk.get(srv).value.secret(),
&ad, &ad,
biscuit_ct, biscuit_ct,

2
rosenpass/src/protocol/test_vector_sets.rs
View File

@@ -17,7 +17,7 @@ use assert_tv::TestVectorSet;
use base64::Engine; use base64::Engine;
use rosenpass_cipher_traits::primitives::{Aead, Kem}; use rosenpass_cipher_traits::primitives::{Aead, Kem};
use rosenpass_ciphers::{EphemeralKem, XAead, KEY_LEN}; use rosenpass_ciphers::{EphemeralKem, XAead, KEY_LEN};
use rosenpass_secret_memory::{Public, PublicBox, Secret}; use rosenpass_secret_memory::{Public, Secret};
use serde_json::Value; use serde_json::Value;
#[derive(TestVectorSet)] #[derive(TestVectorSet)]

4
rosenpass/src/protocol/zerocopy.rs
View File

@@ -10,12 +10,12 @@ use crate::RosenpassError;
pub fn truncating_cast_into<T: FromBytes + KnownLayout + Immutable>( pub fn truncating_cast_into<T: FromBytes + KnownLayout + Immutable>(
buf: &mut [u8], buf: &mut [u8],
) -> Result<Ref<&mut [u8], T>, RosenpassError> { ) -> Result<Ref<&mut [u8], T>, RosenpassError> {
Ref::new(&mut buf[..size_of::<T>()]).ok_or(RosenpassError::BufferSizeMismatch) Ref::from_bytes(&mut buf[..size_of::<T>()]).ok().ok_or(RosenpassError::BufferSizeMismatch)
} }
/// Used to parse a network message using [zerocopy], mutably /// Used to parse a network message using [zerocopy], mutably
pub fn truncating_cast_into_nomut<T: FromBytes + KnownLayout + Immutable>( pub fn truncating_cast_into_nomut<T: FromBytes + KnownLayout + Immutable>(
buf: &[u8], buf: &[u8],
) -> Result<Ref<&[u8], T>, RosenpassError> { ) -> Result<Ref<&[u8], T>, RosenpassError> {
Ref::new(&buf[..size_of::<T>()]).ok_or(RosenpassError::BufferSizeMismatch) Ref::from_bytes(&buf[..size_of::<T>()]).ok().ok_or(RosenpassError::BufferSizeMismatch)
} }

6
util/src/zerocopy/zerocopy_ref_ext.rs
View File

@@ -1,7 +1,7 @@
//! Extension traits for converting `Ref<B, T>` into references backed by //! Extension traits for converting `Ref<B, T>` into references backed by
//! standard slices. //! standard slices.
use zerocopy::{SplitByteSlice, SplitByteSliceMut, Immutable, KnownLayout, Ref}; use zerocopy::{Immutable, KnownLayout, Ref, SplitByteSlice, SplitByteSliceMut};
/// A trait for converting a `Ref<B, T>` into a `Ref<&[u8], T>`. /// A trait for converting a `Ref<B, T>` into a `Ref<&[u8], T>`.
/// ///
@@ -68,7 +68,7 @@ where
T: KnownLayout + Immutable, T: KnownLayout + Immutable,
{ {
fn emancipate(&self) -> Ref<&[u8], T> { fn emancipate(&self) -> Ref<&[u8], T> {
Ref::new(zerocopy::Ref::<B, T>::bytes(&self)).unwrap() Ref::from_bytes(zerocopy::Ref::bytes(self)).unwrap()
} }
} }
@@ -78,6 +78,6 @@ where
T: KnownLayout + Immutable, T: KnownLayout + Immutable,
{ {
fn emancipate_mut(&mut self) -> Ref<&mut [u8], T> { fn emancipate_mut(&mut self) -> Ref<&mut [u8], T> {
Ref::new(zerocopy::Ref::<B, T>::bytes_mut(self)).unwrap() Ref::from_bytes(zerocopy::Ref::bytes_mut(self)).unwrap()
} }
} }

8
wireguard-broker/src/api/client.rs
View File

@@ -171,8 +171,9 @@ where
let typ = res.first().ok_or(invalid_msg_poller())?; let typ = res.first().ok_or(invalid_msg_poller())?;
let typ = msgs::MsgType::try_from(*typ)?; let typ = msgs::MsgType::try_from(*typ)?;
let msgs::MsgType::SetPsk = typ; // Assert type let msgs::MsgType::SetPsk = typ; // Assert type
let res = zerocopy::Ref::<&[u8], Envelope<SetPskResponse>>::new(res) let res = zerocopy::Ref::<&[u8], Envelope<SetPskResponse>>::from_bytes(res)
.ok()
.ok_or(invalid_msg_poller())?; .ok_or(invalid_msg_poller())?;
let res: &msgs::SetPskResponse = &res.payload; let res: &msgs::SetPskResponse = &res.payload;
let res: msgs::SetPskResponseReturnCode = res let res: msgs::SetPskResponseReturnCode = res
@@ -202,7 +203,8 @@ where
let mut req = [0u8; BUF_SIZE]; let mut req = [0u8; BUF_SIZE];
// Construct message view // Construct message view
let mut req = zerocopy::Ref::<&mut [u8], Envelope<msgs::SetPskRequest>>::new(&mut req) let mut req = zerocopy::Ref::<&mut [u8], Envelope<msgs::SetPskRequest>>::from_bytes(&mut req)
.ok()
.ok_or(MsgError)?; .ok_or(MsgError)?;
// Populate envelope // Populate envelope

6
wireguard-broker/src/api/server.rs
View File

@@ -80,9 +80,9 @@ where
let msgs::MsgType::SetPsk = typ; // Assert type let msgs::MsgType::SetPsk = typ; // Assert type
let req = let req =
zerocopy::Ref::<&[u8], Envelope<SetPskRequest>>::new(req).ok_or(InvalidMessage)?; zerocopy::Ref::<&[u8], Envelope<SetPskRequest>>::from_bytes(req).ok().ok_or(InvalidMessage)?;
let mut res = let mut res =
zerocopy::Ref::<&mut [u8], Envelope<SetPskResponse>>::new(res).ok_or(InvalidMessage)?; zerocopy::Ref::<&mut [u8], Envelope<SetPskResponse>>::from_bytes(res).ok().ok_or(InvalidMessage)?;
res.msg_type = msgs::MsgType::SetPsk as u8; res.msg_type = msgs::MsgType::SetPsk as u8;
self.handle_set_psk(&req.payload, &mut res.payload)?; self.handle_set_psk(&req.payload, &mut res.payload)?;
@@ -139,7 +139,7 @@ mod tests {
use crate::brokers::netlink::SetPskError; use crate::brokers::netlink::SetPskError;
use crate::{SerializedBrokerConfig, WireGuardBroker}; use crate::{SerializedBrokerConfig, WireGuardBroker};
use rosenpass_secret_memory::{secret_policy_use_only_malloc_secrets, Secret}; use rosenpass_secret_memory::{secret_policy_use_only_malloc_secrets, Secret};
use zerocopy::AsBytes; use zerocopy::IntoBytes;
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
struct MockWireGuardBroker { struct MockWireGuardBroker {