diff --git a/rosenpass/Cargo.toml b/rosenpass/Cargo.toml index a90c458..e574ad5 100644 --- a/rosenpass/Cargo.toml +++ b/rosenpass/Cargo.toml @@ -53,5 +53,5 @@ procspawn = {workspace = true} [features] enable_broker_api = ["rosenpass-wireguard-broker/enable_broker_api"] -enable_memfd_alloc = [] +experiment_memfd_secret = [] experiment_libcrux = ["rosenpass-ciphers/experiment_libcrux"] diff --git a/rosenpass/src/cli.rs b/rosenpass/src/cli.rs index d69d404..47a33d8 100644 --- a/rosenpass/src/cli.rs +++ b/rosenpass/src/cli.rs @@ -3,9 +3,6 @@ use clap::{Parser, Subcommand}; use rosenpass_cipher_traits::Kem; use rosenpass_ciphers::kem::StaticKem; use rosenpass_secret_memory::file::StoreSecret; -use rosenpass_secret_memory::{ - secret_policy_try_use_memfd_secrets, secret_policy_use_only_malloc_secrets, -}; use rosenpass_util::file::{LoadValue, LoadValueB64, StoreValue}; use rosenpass_wireguard_broker::brokers::native_unix::{ NativeUnixBroker, NativeUnixBrokerConfigBaseBuilder, NativeUnixBrokerConfigBaseBuilderError, @@ -158,13 +155,6 @@ impl CliCommand { /// ## TODO /// - This method consumes the [`CliCommand`] value. It might be wise to use a reference... pub fn run(self, test_helpers: Option) -> anyhow::Result<()> { - //Specify secret policy - - #[cfg(feature = "enable_memfd_alloc")] - secret_policy_try_use_memfd_secrets(); - #[cfg(not(feature = "enable_memfd_alloc"))] - secret_policy_use_only_malloc_secrets(); - use CliCommand::*; match self { Man => { diff --git a/rosenpass/src/main.rs b/rosenpass/src/main.rs index acf2850..58f65cb 100644 --- a/rosenpass/src/main.rs +++ b/rosenpass/src/main.rs @@ -8,6 +8,14 @@ pub fn main() { // parse CLI arguments let args = CliArgs::parse(); + { + use rosenpass_secret_memory as SM; + #[cfg(feature = "experiment_memfd_secret")] + SM::secret_policy_try_use_memfd_secrets(); + #[cfg(not(feature = "experiment_memfd_secret"))] + SM::secret_policy_use_only_malloc_secrets(); + } + // init logging { let mut log_builder = env_logger::Builder::from_default_env(); // sets log level filter from environment (or defaults) diff --git a/rosenpass/tests/integration_test.rs b/rosenpass/tests/integration_test.rs index 97c86ca..628e8c1 100644 --- a/rosenpass/tests/integration_test.rs +++ b/rosenpass/tests/integration_test.rs @@ -15,9 +15,19 @@ use std::io::Write; const BIN: &str = "rosenpass"; +fn setup_tests() { + use rosenpass_secret_memory as SM; + #[cfg(feature = "experiment_memfd_secret")] + SM::secret_policy_try_use_memfd_secrets(); + #[cfg(not(feature = "experiment_memfd_secret"))] + SM::secret_policy_use_only_malloc_secrets(); +} + // check that we can generate keys #[test] fn generate_keys() { + setup_tests(); + let tmpdir = PathBuf::from(env!("CARGO_TARGET_TMPDIR")).join("keygen"); fs::create_dir_all(&tmpdir).unwrap(); @@ -134,6 +144,7 @@ fn run_server_client_exchange( #[test] #[serial] fn check_exchange_under_normal() { + setup_tests(); setup_logging(); let tmpdir = PathBuf::from(env!("CARGO_TARGET_TMPDIR")).join("exchange"); @@ -206,6 +217,7 @@ fn check_exchange_under_normal() { #[test] #[serial] fn check_exchange_under_dos() { + setup_tests(); setup_logging(); //Generate binary with responder with feature integration_test diff --git a/rp/Cargo.toml b/rp/Cargo.toml index 95e3bab..9166bdc 100644 --- a/rp/Cargo.toml +++ b/rp/Cargo.toml @@ -39,5 +39,5 @@ tempfile = {workspace = true} stacker = {workspace = true} [features] -enable_memfd_alloc = [] +experiment_memfd_secret = [] experiment_libcrux = ["rosenpass-ciphers/experiment_libcrux"] diff --git a/rp/src/main.rs b/rp/src/main.rs index 014b0e7..7a2ab99 100644 --- a/rp/src/main.rs +++ b/rp/src/main.rs @@ -11,9 +11,9 @@ mod key; #[tokio::main] async fn main() { - #[cfg(feature = "enable_memfd_alloc")] + #[cfg(feature = "experiment_memfd_secret")] policy::secret_policy_try_use_memfd_secrets(); - #[cfg(not(feature = "enable_memfd_alloc"))] + #[cfg(not(feature = "experiment_memfd_secret"))] policy::secret_policy_use_only_malloc_secrets(); let cli = match Cli::parse(std::env::args().peekable()) {