mirror of
https://github.com/rosenpass/rosenpass.git
synced 2026-02-27 22:13:12 -08:00
fix: PSK broker integration did not work
This commit resolves multiple issues with the PSK broker integration. - The manual testing procedure never actually utilized the brokers due to the use of the outfile option, this led to issues with the broker being hidden. - The manual testing procedure omitted checking whether a PSK was actually sent to WireGuard entirely. This was fixed by writing an entirely new manual integration testing shell-script that can serve as a blueprint for future integration tests. - Many parts of the PSK broker code did not report (log) errors accurately; added error logging - BrokerServer set message.payload.return_code to the msg_type value, this led to crashes - The PSK broker commands all omitted to set the memfd policy, this led to immediate crashes once secrets where actually allocated - The MioBrokerClient IO state machine was broken and the design was too obtuse to debug. The state machine returned the length prefix as a message instead of actually interpreting it as a state machine. Seems the code was integrated but never actually tested. This was fixed by rewriting the entire state machine code using the new LengthPrefixEncoder/Decoder facilities. A write-buffer that was not being flushed is now handled by flushing the buffer in blocking-io mode.
This commit is contained in:
@@ -1,49 +0,0 @@
|
||||
## Experimental Broker Feature Testing
|
||||
|
||||
In order to test the experimental broker feature, a few manual steps are needed. These will soon be replaced with a revision to the integration test to allow it to optionally use the broker feature, but for the moment manual testing is the only option.
|
||||
|
||||
To manually test the broker feature, start by building Rosenpass with the broker feature:
|
||||
|
||||
```bash
|
||||
cd rosenpass
|
||||
cargo build --features=experimental_broker_api
|
||||
```
|
||||
|
||||
Next, generate keys for two parties using the example Rosenpass configuration files
|
||||
|
||||
```bash
|
||||
PATH="$PWD/target/debug:$PATH" rosenpass gen-keys config-examples/peer-a-config.toml
|
||||
PATH="$PWD/target/debug:$PATH" rosenpass gen-keys config-examples/peer-b-config.toml
|
||||
```
|
||||
|
||||
Now, open a second terminal and run the following in one (not using the broker):
|
||||
|
||||
```bash
|
||||
PATH="$PWD/target/debug:$PATH" rosenpass exchange-config config-examples/peer-a-config.toml
|
||||
```
|
||||
|
||||
and the following in the other (spawning a broker and communicating with it via socketpair(2)):
|
||||
|
||||
```bash
|
||||
cd rosenpass
|
||||
PATH="$PWD/target/debug:$PATH" rosenpass --psk_broker_spawn exchange-config config-examples/peer-a-config.toml
|
||||
```
|
||||
|
||||
You should see the two parties exchange keys, and can view the shared PSK via `wg show`.
|
||||
|
||||
In order to test using a Unix socket at a provided path instead, replace the above command with this:
|
||||
|
||||
```bash
|
||||
PATH="$PWD/target/debug:$PATH" rosenpass --psk_broker_path broker.sock exchange-config config-examples/peer-a-config.toml
|
||||
```
|
||||
|
||||
Then, in a third terminal, run the following
|
||||
|
||||
```bash
|
||||
cd rosenpass
|
||||
PATH="$PWD/target/debug:$PATH" rosenpass-wireguard-broker-socket-handler --listen-path broker.sock
|
||||
```
|
||||
|
||||
You should see the two parties exchange keys.
|
||||
|
||||
The `--psk_broker_fd` feature can be similarly tested, but would require a separate script providing an open file descriptor to do so.
|
||||
Reference in New Issue
Block a user