fix: Add a feature flag for the cookie reply mechanism

This is a stopgap measure against #539
This commit is contained in:
Karolin Varner
2025-04-08 16:35:45 +02:00
parent e8fb7206fc
commit d558bdb633
2 changed files with 19 additions and 0 deletions

View File

@@ -86,6 +86,7 @@ rustix = { workspace = true }
[features] [features]
#default = ["experiment_libcrux_all"] #default = ["experiment_libcrux_all"]
experiment_cookie_dos_mitigation = []
experiment_memfd_secret = ["rosenpass-wireguard-broker/experiment_memfd_secret"] experiment_memfd_secret = ["rosenpass-wireguard-broker/experiment_memfd_secret"]
experiment_libcrux_all = ["rosenpass-ciphers/experiment_libcrux_all"] experiment_libcrux_all = ["rosenpass-ciphers/experiment_libcrux_all"]
experiment_libcrux_blake2 = ["rosenpass-ciphers/experiment_libcrux_blake2"] experiment_libcrux_blake2 = ["rosenpass-ciphers/experiment_libcrux_blake2"]

View File

@@ -2138,6 +2138,18 @@ impl CryptoServer {
/// ///
/// - test::cookie_reply_mechanism_responder_under_load /// - test::cookie_reply_mechanism_responder_under_load
/// - test::cookie_reply_mechanism_initiator_bails_on_message_under_load /// - test::cookie_reply_mechanism_initiator_bails_on_message_under_load
#[cfg(not(feature = "experiment_cookie_dos_mitigation"))]
#[inline]
pub fn handle_msg_under_load<H: HostIdentification>(
&mut self,
rx_buf: &[u8],
tx_buf: &mut [u8],
host_identification: &H,
) -> Result<HandleMsgResult> {
self.handle_msg(rx_buf, tx_buf)
}
#[cfg(feature = "experiment_cookie_dos_mitigation")]
pub fn handle_msg_under_load<H: HostIdentification>( pub fn handle_msg_under_load<H: HostIdentification>(
&mut self, &mut self,
rx_buf: &[u8], rx_buf: &[u8],
@@ -4313,16 +4325,19 @@ mod test {
#[test] #[test]
#[serial] #[serial]
#[cfg(feature = "experiment_cookie_dos_mitigation")]
fn cookie_reply_mechanism_responder_under_load_v02() { fn cookie_reply_mechanism_responder_under_load_v02() {
cookie_reply_mechanism_initiator_bails_on_message_under_load(ProtocolVersion::V02) cookie_reply_mechanism_initiator_bails_on_message_under_load(ProtocolVersion::V02)
} }
#[test] #[test]
#[serial] #[serial]
#[cfg(feature = "experiment_cookie_dos_mitigation")]
fn cookie_reply_mechanism_responder_under_load_v03() { fn cookie_reply_mechanism_responder_under_load_v03() {
cookie_reply_mechanism_initiator_bails_on_message_under_load(ProtocolVersion::V03) cookie_reply_mechanism_initiator_bails_on_message_under_load(ProtocolVersion::V03)
} }
#[cfg(feature = "experiment_cookie_dos_mitigation")]
fn cookie_reply_mechanism_responder_under_load(protocol_version: ProtocolVersion) { fn cookie_reply_mechanism_responder_under_load(protocol_version: ProtocolVersion) {
setup_logging(); setup_logging();
rosenpass_secret_memory::secret_policy_try_use_memfd_secrets(); rosenpass_secret_memory::secret_policy_try_use_memfd_secrets();
@@ -4420,16 +4435,19 @@ mod test {
#[test] #[test]
#[serial] #[serial]
#[cfg(feature = "experiment_cookie_dos_mitigation")]
fn cookie_reply_mechanism_initiator_bails_on_message_under_load_v02() { fn cookie_reply_mechanism_initiator_bails_on_message_under_load_v02() {
cookie_reply_mechanism_initiator_bails_on_message_under_load(ProtocolVersion::V02) cookie_reply_mechanism_initiator_bails_on_message_under_load(ProtocolVersion::V02)
} }
#[test] #[test]
#[serial] #[serial]
#[cfg(feature = "experiment_cookie_dos_mitigation")]
fn cookie_reply_mechanism_initiator_bails_on_message_under_load_v03() { fn cookie_reply_mechanism_initiator_bails_on_message_under_load_v03() {
cookie_reply_mechanism_initiator_bails_on_message_under_load(ProtocolVersion::V03) cookie_reply_mechanism_initiator_bails_on_message_under_load(ProtocolVersion::V03)
} }
#[cfg(feature = "experiment_cookie_dos_mitigation")]
fn cookie_reply_mechanism_initiator_bails_on_message_under_load( fn cookie_reply_mechanism_initiator_bails_on_message_under_load(
protocol_version: ProtocolVersion, protocol_version: ProtocolVersion,
) { ) {