Secret memory with memfd_secret (#321)

Implements:
- An additional allocator to use memfd_secret(2) and guard pages using mmap(2), implemented in quininer/memsec#16
- An allocator that abstracts away underlying allocators, and uses specified allocator set by rosenpass_secret_memory::policy functions (or a function that sets rosenpass_secret_memory::alloc::ALLOC_INIT
- Updates to tests- integration, fuzz, bench: some tests use procspawn to spawn multiple processes with different allocator policies
This commit is contained in:
Prabhpreet Dua
2024-06-10 13:12:44 +05:30
committed by GitHub
parent b46fca99cb
commit 526c930119
29 changed files with 1010 additions and 307 deletions

View File

@@ -102,6 +102,7 @@ mod tests {
use std::fs;
use rosenpass::protocol::{SPk, SSk};
use rosenpass_secret_memory::secret_policy_try_use_memfd_secrets;
use rosenpass_secret_memory::Secret;
use rosenpass_util::file::LoadValue;
use rosenpass_util::file::LoadValueB64;
@@ -110,7 +111,8 @@ mod tests {
use crate::key::{genkey, pubkey, WG_B64_LEN};
#[test]
fn it_works() {
fn test_key_loopback() {
secret_policy_try_use_memfd_secrets();
let private_keys_dir = tempdir().unwrap();
fs::remove_dir(private_keys_dir.path()).unwrap();