gitea-mirror/rosenpass
1
0
Fork 0
mirror of https://github.com/rosenpass/rosenpass.git synced 2025-12-05 20:40:02 -08:00
Code Issues Packages Projects Releases Wiki Activity

feat: add preliminary miri support

Browse Source 
- Adds a devShell with Miri
- Marks some of the tests which Miri cannot execute as ignored for Miri

Signed-off-by: wucke13 <wucke13+github@gmail.com>
This commit is contained in:
wucke13
2025-08-30 13:26:20 +02:00
committed by Karolin Varner
parent aa42ba070b
commit 49be83847b
9 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
flake.nix
View File

@@ -186,6 +186,25 @@
rustfmt rustfmt
]; ];
}; };
# a devshell to hunt unsafe `unsafe` in the code
devShells.miri = pkgs.mkShell {
# inputsFrom = [ self.packages.${system}.rosenpass ];
nativeBuildInputs = with pkgs; [
((rust-bin.selectLatestNightlyWith (toolchain: toolchain.default)).override {
extensions = [
"rust-analysis"
"rust-src"
"miri-preview"
];
})
pkgs.cmake
pkgs.rustPlatform.bindgenHook
];
# Run this to find unsafe `unsafe`:
# MIRIFLAGS="-Zmiri-disable-isolation" cargo miri test --no-fail-fast --lib --bins --tests
#
# - Some test failure is expected.
};
checks = checks =
import ./tests/integration/integration-checks.nix { import ./tests/integration/integration-checks.nix {

8
rosenpass/src/protocol/test.rs
View File

@@ -55,12 +55,14 @@ fn setup_logging() {
#[test] #[test]
#[serial] #[serial]
#[cfg_attr(miri, ignore)] // Miri does not support calls to mmap with protections other than PROT_READ|PROT_WRITE
fn handles_incorrect_size_messages_v02() { fn handles_incorrect_size_messages_v02() {
handles_incorrect_size_messages(ProtocolVersion::V02) handles_incorrect_size_messages(ProtocolVersion::V02)
} }
#[test] #[test]
#[serial] #[serial]
#[cfg_attr(miri, ignore)] // Miri does not support calls to mmap with protections other than PROT_READ|PROT_WRITE
fn handles_incorrect_size_messages_v03() { fn handles_incorrect_size_messages_v03() {
handles_incorrect_size_messages(ProtocolVersion::V03) handles_incorrect_size_messages(ProtocolVersion::V03)
} }
@@ -163,12 +165,14 @@ fn make_server_pair(protocol_version: ProtocolVersion) -> Result<(CryptoServer,
#[test] #[test]
#[serial] #[serial]
#[cfg_attr(miri, ignore)] // Miri does not support calls to mmap with protections other than PROT_READ|PROT_WRITE
fn test_regular_exchange_v02() { fn test_regular_exchange_v02() {
test_regular_exchange(ProtocolVersion::V02) test_regular_exchange(ProtocolVersion::V02)
} }
#[test] #[test]
#[serial] #[serial]
#[cfg_attr(miri, ignore)] // Miri does not support calls to mmap with protections other than PROT_READ|PROT_WRITE
fn test_regular_exchange_v03() { fn test_regular_exchange_v03() {
test_regular_exchange(ProtocolVersion::V03) test_regular_exchange(ProtocolVersion::V03)
} }
@@ -234,12 +238,14 @@ fn test_regular_exchange(protocol_version: ProtocolVersion) {
#[test] #[test]
#[serial] #[serial]
#[cfg_attr(miri, ignore)] // Miri does not support calls to mmap with protections other than PROT_READ|PROT_WRITE
fn test_regular_init_conf_retransmit_v02() { fn test_regular_init_conf_retransmit_v02() {
test_regular_init_conf_retransmit(ProtocolVersion::V02) test_regular_init_conf_retransmit(ProtocolVersion::V02)
} }
#[test] #[test]
#[serial] #[serial]
#[cfg_attr(miri, ignore)] // Miri does not support calls to mmap with protections other than PROT_READ|PROT_WRITE
fn test_regular_init_conf_retransmit_v03() { fn test_regular_init_conf_retransmit_v03() {
test_regular_init_conf_retransmit(ProtocolVersion::V03) test_regular_init_conf_retransmit(ProtocolVersion::V03)
} }
@@ -507,11 +513,13 @@ fn cookie_reply_mechanism_initiator_bails_on_message_under_load(protocol_version
} }
#[test] #[test]
#[cfg_attr(miri, ignore)] // Miri does not support calls to mmap with protections other than PROT_READ|PROT_WRITE
fn init_conf_retransmission_v02() -> Result<()> { fn init_conf_retransmission_v02() -> Result<()> {
init_conf_retransmission(ProtocolVersion::V02) init_conf_retransmission(ProtocolVersion::V02)
} }
#[test] #[test]
#[cfg_attr(miri, ignore)] // Miri does not support calls to mmap with protections other than PROT_READ|PROT_WRITE
fn init_conf_retransmission_v03() -> Result<()> { fn init_conf_retransmission_v03() -> Result<()> {
init_conf_retransmission(ProtocolVersion::V03) init_conf_retransmission(ProtocolVersion::V03)
} }

2
rosenpass/tests/app_server_example.rs
View File

@@ -10,11 +10,13 @@ use rosenpass::protocol::basic_types::{SPk, SSk, SymKey};
use rosenpass::{config::ProtocolVersion, protocol::osk_domain_separator::OskDomainSeparator}; use rosenpass::{config::ProtocolVersion, protocol::osk_domain_separator::OskDomainSeparator};
#[test] #[test]
#[cfg_attr(miri, ignore)] // unsupported operation: can't call foreign function `mprotect` on OS `linux`
fn key_exchange_with_app_server_v02() -> anyhow::Result<()> { fn key_exchange_with_app_server_v02() -> anyhow::Result<()> {
key_exchange_with_app_server(ProtocolVersion::V02) key_exchange_with_app_server(ProtocolVersion::V02)
} }
#[test] #[test]
#[cfg_attr(miri, ignore)] // unsupported operation: can't call foreign function `mprotect` on OS `linux`
fn key_exchange_with_app_server_v03() -> anyhow::Result<()> { fn key_exchange_with_app_server_v03() -> anyhow::Result<()> {
key_exchange_with_app_server(ProtocolVersion::V03) key_exchange_with_app_server(ProtocolVersion::V03)
} }

1
rosenpass/tests/config_Rosenpass_validate.rs
View File

@@ -3,6 +3,7 @@ use std::fs;
use rosenpass::{cli::generate_and_save_keypair, config::Rosenpass}; use rosenpass::{cli::generate_and_save_keypair, config::Rosenpass};
#[test] #[test]
#[cfg_attr(miri, ignore)] // unsupported operation: can't call foreign function `mprotect` on OS `linux`
fn example_config_rosenpass_validate() -> anyhow::Result<()> { fn example_config_rosenpass_validate() -> anyhow::Result<()> {
rosenpass_secret_memory::policy::secret_policy_use_only_malloc_secrets(); rosenpass_secret_memory::policy::secret_policy_use_only_malloc_secrets();

2
rosenpass/tests/integration_test.rs
View File

@@ -182,6 +182,7 @@ fn check_example_config() {
// check that we can exchange keys // check that we can exchange keys
#[test] #[test]
#[serial] #[serial]
#[cfg_attr(miri, ignore)] // TODO investigate why this panicks in miri
fn check_exchange_under_normal() { fn check_exchange_under_normal() {
setup_tests(); setup_tests();
setup_logging(); setup_logging();
@@ -255,6 +256,7 @@ fn check_exchange_under_normal() {
// This test creates a responder (server) with the feature flag "integration_test_always_under_load" to always be under load condition for the test. // This test creates a responder (server) with the feature flag "integration_test_always_under_load" to always be under load condition for the test.
#[test] #[test]
#[serial] #[serial]
#[cfg_attr(miri, ignore)] // integer-to-pointer cast
fn check_exchange_under_dos() { fn check_exchange_under_dos() {
setup_tests(); setup_tests();
setup_logging(); setup_logging();

7
rosenpass/tests/poll_example.rs
View File

@@ -19,16 +19,19 @@ use rosenpass::protocol::{CryptoServer, HostIdentification, PeerPtr, PollResult,
// rosenpass::protocol::testutils; // rosenpass::protocol::testutils;
#[test] #[test]
#[cfg_attr(miri, ignore)] // unsupported operation: can't call foreign function `mprotect` on OS `linux`
fn test_successful_exchange_with_poll_v02() -> anyhow::Result<()> { fn test_successful_exchange_with_poll_v02() -> anyhow::Result<()> {
test_successful_exchange_with_poll(ProtocolVersion::V02, OskDomainSeparator::default()) test_successful_exchange_with_poll(ProtocolVersion::V02, OskDomainSeparator::default())
} }
#[test] #[test]
#[cfg_attr(miri, ignore)] // unsupported operation: can't call foreign function `mprotect` on OS `linux`
fn test_successful_exchange_with_poll_v03() -> anyhow::Result<()> { fn test_successful_exchange_with_poll_v03() -> anyhow::Result<()> {
test_successful_exchange_with_poll(ProtocolVersion::V03, OskDomainSeparator::default()) test_successful_exchange_with_poll(ProtocolVersion::V03, OskDomainSeparator::default())
} }
#[test] #[test]
#[cfg_attr(miri, ignore)] // unsupported operation: can't call foreign function `mprotect` on OS `linux`
fn test_successful_exchange_with_poll_v02_custom_domain_separator() -> anyhow::Result<()> { fn test_successful_exchange_with_poll_v02_custom_domain_separator() -> anyhow::Result<()> {
test_successful_exchange_with_poll( test_successful_exchange_with_poll(
ProtocolVersion::V02, ProtocolVersion::V02,
@@ -37,6 +40,7 @@ fn test_successful_exchange_with_poll_v02_custom_domain_separator() -> anyhow::R
} }
#[test] #[test]
#[cfg_attr(miri, ignore)] // unsupported operation: can't call foreign function `mprotect` on OS `linux`
fn test_successful_exchange_with_poll_v03_custom_domain_separator() -> anyhow::Result<()> { fn test_successful_exchange_with_poll_v03_custom_domain_separator() -> anyhow::Result<()> {
test_successful_exchange_with_poll( test_successful_exchange_with_poll(
ProtocolVersion::V03, ProtocolVersion::V03,
@@ -108,11 +112,13 @@ fn test_successful_exchange_with_poll(
} }
#[test] #[test]
#[cfg_attr(miri, ignore)] // unsupported operation: can't call foreign function `mprotect` on OS `linux`
fn test_successful_exchange_under_packet_loss_v02() -> anyhow::Result<()> { fn test_successful_exchange_under_packet_loss_v02() -> anyhow::Result<()> {
test_successful_exchange_under_packet_loss(ProtocolVersion::V02) test_successful_exchange_under_packet_loss(ProtocolVersion::V02)
} }
#[test] #[test]
#[cfg_attr(miri, ignore)] // unsupported operation: can't call foreign function `mprotect` on OS `linux`
fn test_successful_exchange_under_packet_loss_v03() -> anyhow::Result<()> { fn test_successful_exchange_under_packet_loss_v03() -> anyhow::Result<()> {
test_successful_exchange_under_packet_loss(ProtocolVersion::V03) test_successful_exchange_under_packet_loss(ProtocolVersion::V03)
} }
@@ -202,6 +208,7 @@ fn test_successful_exchange_under_packet_loss(
} }
#[test] #[test]
#[cfg_attr(miri, ignore)] // unsupported operation: can't call foreign function `mprotect` on OS `linux`
fn test_osk_label_mismatch() -> anyhow::Result<()> { fn test_osk_label_mismatch() -> anyhow::Result<()> {
// Set security policy for storing secrets; choose the one that is faster for testing // Set security policy for storing secrets; choose the one that is faster for testing
rosenpass_secret_memory::policy::secret_policy_use_only_malloc_secrets(); rosenpass_secret_memory::policy::secret_policy_use_only_malloc_secrets();

1
rosenpass/tests/test_vector_crypto_server.rs
View File

@@ -82,6 +82,7 @@ struct CryptoServerTestValues {
} }
#[test_vec_case(format = "toml")] #[test_vec_case(format = "toml")]
// TODO find a way to make miri ignore these test cases
fn crypto_server_test_vector_1() -> anyhow::Result<()> { fn crypto_server_test_vector_1() -> anyhow::Result<()> {
type TV = TestVectorActive; type TV = TestVectorActive;
let test_values: TestCaseValues = TV::initialize_values(); let test_values: TestCaseValues = TV::initialize_values();

1
rp/src/key.rs
View File

@@ -128,6 +128,7 @@ mod tests {
use crate::key::{genkey, pubkey, WG_B64_LEN}; use crate::key::{genkey, pubkey, WG_B64_LEN};
#[test] #[test]
#[cfg_attr(miri, ignore)] // Miri does not support calls to mmap with protections other than PROT_READ|PROT_WRITE
fn test_key_loopback() { fn test_key_loopback() {
secret_policy_try_use_memfd_secrets(); secret_policy_try_use_memfd_secrets();
let private_keys_dir = tempdir().unwrap(); let private_keys_dir = tempdir().unwrap();

1
rp/tests/smoketest.rs
View File

@@ -2,6 +2,7 @@ use std::process::Command;
#[cfg(any(target_os = "linux", target_os = "freebsd"))] #[cfg(any(target_os = "linux", target_os = "freebsd"))]
#[test] #[test]
#[cfg_attr(miri, ignore)] // unsupported operation: extern static `pidfd_spawnp` is not supported by Miri
fn smoketest() -> anyhow::Result<()> { fn smoketest() -> anyhow::Result<()> {
let tmpdir = tempfile::tempdir()?; let tmpdir = tempfile::tempdir()?;