gitea-mirror/rosenpass
1
0
Fork 0
mirror of https://github.com/rosenpass/rosenpass.git synced 2026-02-28 06:23:08 -08:00
Code Issues Packages Projects Releases Wiki Activity

chore: Reorganize memfd secret policy

Browse Source 
- Policy is now set in main.rs, not cli.rs.
- Feature is called experiment_memfd_secret, not enable_memfd_alloc

This also fixes the last remaining warnings.
This commit is contained in:
Karolin Varner
2024-08-03 15:06:58 +02:00
parent 648a94ead8
commit 8d3c8790fe
6 changed files with 24 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rosenpass/Cargo.toml
View File

@@ -53,5 +53,5 @@ procspawn = {workspace = true}
[features] [features]
enable_broker_api = ["rosenpass-wireguard-broker/enable_broker_api"] enable_broker_api = ["rosenpass-wireguard-broker/enable_broker_api"]
enable_memfd_alloc = [] experiment_memfd_secret = []
experiment_libcrux = ["rosenpass-ciphers/experiment_libcrux"] experiment_libcrux = ["rosenpass-ciphers/experiment_libcrux"]

10
rosenpass/src/cli.rs
View File

@@ -3,9 +3,6 @@ use clap::{Parser, Subcommand};
use rosenpass_cipher_traits::Kem; use rosenpass_cipher_traits::Kem;
use rosenpass_ciphers::kem::StaticKem; use rosenpass_ciphers::kem::StaticKem;
use rosenpass_secret_memory::file::StoreSecret; use rosenpass_secret_memory::file::StoreSecret;
use rosenpass_secret_memory::{
secret_policy_try_use_memfd_secrets, secret_policy_use_only_malloc_secrets,
};
use rosenpass_util::file::{LoadValue, LoadValueB64, StoreValue}; use rosenpass_util::file::{LoadValue, LoadValueB64, StoreValue};
use rosenpass_wireguard_broker::brokers::native_unix::{ use rosenpass_wireguard_broker::brokers::native_unix::{
NativeUnixBroker, NativeUnixBrokerConfigBaseBuilder, NativeUnixBrokerConfigBaseBuilderError, NativeUnixBroker, NativeUnixBrokerConfigBaseBuilder, NativeUnixBrokerConfigBaseBuilderError,
@@ -158,13 +155,6 @@ impl CliCommand {
/// ## TODO /// ## TODO
/// - This method consumes the [`CliCommand`] value. It might be wise to use a reference... /// - This method consumes the [`CliCommand`] value. It might be wise to use a reference...
pub fn run(self, test_helpers: Option<AppServerTest>) -> anyhow::Result<()> { pub fn run(self, test_helpers: Option<AppServerTest>) -> anyhow::Result<()> {
//Specify secret policy
#[cfg(feature = "enable_memfd_alloc")]
secret_policy_try_use_memfd_secrets();
#[cfg(not(feature = "enable_memfd_alloc"))]
secret_policy_use_only_malloc_secrets();
use CliCommand::*; use CliCommand::*;
match self { match self {
Man => { Man => {

8
rosenpass/src/main.rs
View File

@@ -8,6 +8,14 @@ pub fn main() {
// parse CLI arguments // parse CLI arguments
let args = CliArgs::parse(); let args = CliArgs::parse();
{
use rosenpass_secret_memory as SM;
#[cfg(feature = "experiment_memfd_secret")]
SM::secret_policy_try_use_memfd_secrets();
#[cfg(not(feature = "experiment_memfd_secret"))]
SM::secret_policy_use_only_malloc_secrets();
}
// init logging // init logging
{ {
let mut log_builder = env_logger::Builder::from_default_env(); // sets log level filter from environment (or defaults) let mut log_builder = env_logger::Builder::from_default_env(); // sets log level filter from environment (or defaults)

12
rosenpass/tests/integration_test.rs
View File

@@ -15,9 +15,19 @@ use std::io::Write;
const BIN: &str = "rosenpass"; const BIN: &str = "rosenpass";
fn setup_tests() {
use rosenpass_secret_memory as SM;
#[cfg(feature = "experiment_memfd_secret")]
SM::secret_policy_try_use_memfd_secrets();
#[cfg(not(feature = "experiment_memfd_secret"))]
SM::secret_policy_use_only_malloc_secrets();
}
// check that we can generate keys // check that we can generate keys
#[test] #[test]
fn generate_keys() { fn generate_keys() {
setup_tests();
let tmpdir = PathBuf::from(env!("CARGO_TARGET_TMPDIR")).join("keygen"); let tmpdir = PathBuf::from(env!("CARGO_TARGET_TMPDIR")).join("keygen");
fs::create_dir_all(&tmpdir).unwrap(); fs::create_dir_all(&tmpdir).unwrap();
@@ -134,6 +144,7 @@ fn run_server_client_exchange(
#[test] #[test]
#[serial] #[serial]
fn check_exchange_under_normal() { fn check_exchange_under_normal() {
setup_tests();
setup_logging(); setup_logging();
let tmpdir = PathBuf::from(env!("CARGO_TARGET_TMPDIR")).join("exchange"); let tmpdir = PathBuf::from(env!("CARGO_TARGET_TMPDIR")).join("exchange");
@@ -206,6 +217,7 @@ fn check_exchange_under_normal() {
#[test] #[test]
#[serial] #[serial]
fn check_exchange_under_dos() { fn check_exchange_under_dos() {
setup_tests();
setup_logging(); setup_logging();
//Generate binary with responder with feature integration_test //Generate binary with responder with feature integration_test

2
rp/Cargo.toml
View File

@@ -39,5 +39,5 @@ tempfile = {workspace = true}
stacker = {workspace = true} stacker = {workspace = true}
[features] [features]
enable_memfd_alloc = [] experiment_memfd_secret = []
experiment_libcrux = ["rosenpass-ciphers/experiment_libcrux"] experiment_libcrux = ["rosenpass-ciphers/experiment_libcrux"]

4
rp/src/main.rs
View File

@@ -11,9 +11,9 @@ mod key;
#[tokio::main] #[tokio::main]
async fn main() { async fn main() {
#[cfg(feature = "enable_memfd_alloc")] #[cfg(feature = "experiment_memfd_secret")]
policy::secret_policy_try_use_memfd_secrets(); policy::secret_policy_try_use_memfd_secrets();
#[cfg(not(feature = "enable_memfd_alloc"))] #[cfg(not(feature = "experiment_memfd_secret"))]
policy::secret_policy_use_only_malloc_secrets(); policy::secret_policy_use_only_malloc_secrets();
let cli = match Cli::parse(std::env::args().peekable()) { let cli = match Cli::parse(std::env::args().peekable()) {