From f16b2e1b03f9992b54715c1ebf6f12333a090bd0 Mon Sep 17 00:00:00 2001 From: Ilka Schulz Date: Fri, 5 Jun 2026 07:35:21 +0200 Subject: [PATCH] run formatters --- cipher-traits/src/primitives/aead.rs | 12 +- cipher-traits/src/primitives/keyed_hash.rs | 2 +- ciphers/benches/primitives.rs | 6 +- ciphers/src/hash_domain.rs | 2 +- .../subtle/custom/incorrect_hmac_blake2b.rs | 2 +- .../subtle/libcrux/chacha20poly1305_ietf.rs | 2 +- ciphers/src/subtle/rust_crypto/blake2b.rs | 4 +- .../rust_crypto/chacha20poly1305_ietf.rs | 4 +- .../src/subtle/rust_crypto/keyed_shake256.rs | 2 +- .../rust_crypto/xchacha20poly1305_ietf.rs | 4 +- constant-time/src/xor.rs | 2 +- flake.nix | 23 +- rosenpass/benches/handshake.rs | 2 +- rosenpass/src/api/api_handler.rs | 6 +- rosenpass/src/api/mio/connection.rs | 6 +- rosenpass/src/app_server.rs | 19 +- rosenpass/src/bin/gen-ipc-msg-types.rs | 8 +- rosenpass/src/cli.rs | 14 +- rosenpass/src/config.rs | 10 +- rosenpass/src/main.rs | 2 +- rosenpass/src/msgs.rs | 4 +- rosenpass/src/protocol/basic_types.rs | 2 +- rosenpass/src/protocol/build_crypto_server.rs | 5 +- rosenpass/src/protocol/index.rs | 2 +- rosenpass/src/protocol/protocol.rs | 28 +- rosenpass/src/protocol/test.rs | 9 +- rosenpass/src/protocol/test_vector_sets.rs | 2 +- rosenpass/src/protocol/testutils.rs | 2 +- .../tests/api-integration-tests-api-setup.rs | 12 +- rosenpass/tests/api-integration-tests.rs | 12 +- rosenpass/tests/integration_test.rs | 2 +- rosenpass/tests/poll_example.rs | 20 +- rosenpass/tests/test_vector_crypto_server.rs | 2 +- rp/src/cli.rs | 23 +- rp/src/exchange.rs | 4 +- rp/src/key.rs | 8 +- rp/src/main.rs | 4 +- rp/src/main_supported_platforms.rs | 2 +- secret-memory/src/alloc/memsec/malloc.rs | 6 +- secret-memory/src/alloc/memsec/memfdsec.rs | 10 +- secret-memory/src/public.rs | 10 +- secret-memory/src/secret.rs | 8 +- secret-memory/src/serialization.rs | 2 +- tests/integration/rpsc-test.nix | 378 +++++++++--------- to/src/ops.rs | 2 +- util/src/build.rs | 2 +- util/src/fd.rs | 6 +- util/src/length_prefix_encoding/decoder.rs | 2 +- util/src/mem.rs | 2 +- util/src/mio/uds_recv_fd.rs | 2 +- util/src/tokio/janitor.rs | 30 +- util/src/zerocopy/ref_maker.rs | 2 +- util/tests/janitor.rs | 2 +- wireguard-broker/src/api/client.rs | 2 +- wireguard-broker/src/api/msgs.rs | 2 +- wireguard-broker/src/api/server.rs | 4 +- wireguard-broker/src/bin/priviledged.rs | 2 +- wireguard-broker/src/bin/socket_handler.rs | 2 +- wireguard-broker/src/brokers/mio_client.rs | 15 +- wireguard-broker/src/brokers/netlink.rs | 4 +- 60 files changed, 408 insertions(+), 362 deletions(-) diff --git a/cipher-traits/src/primitives/aead.rs b/cipher-traits/src/primitives/aead.rs index 06deea75..3873c14c 100644 --- a/cipher-traits/src/primitives/aead.rs +++ b/cipher-traits/src/primitives/aead.rs @@ -1,4 +1,4 @@ -use rosenpass_to::{ops::copy_slice, To as _}; +use rosenpass_to::{To as _, ops::copy_slice}; use thiserror::Error; /// Models authenticated encryption with assiciated data (AEAD) functionality. @@ -148,11 +148,11 @@ pub trait AeadWithNonceInCiphertext< } impl< - const KEY_LEN: usize, - const NONCE_LEN: usize, - const TAG_LEN: usize, - T: Aead, - > AeadWithNonceInCiphertext for T + const KEY_LEN: usize, + const NONCE_LEN: usize, + const TAG_LEN: usize, + T: Aead, +> AeadWithNonceInCiphertext for T { } diff --git a/cipher-traits/src/primitives/keyed_hash.rs b/cipher-traits/src/primitives/keyed_hash.rs index 426cc78e..6d8d8853 100644 --- a/cipher-traits/src/primitives/keyed_hash.rs +++ b/cipher-traits/src/primitives/keyed_hash.rs @@ -121,7 +121,7 @@ where { } -use rosenpass_to::{with_destination, To}; +use rosenpass_to::{To, with_destination}; /// Extends the [`KeyedHash`] trait with a [`To`]-flavoured function. pub trait KeyedHashTo: diff --git a/ciphers/benches/primitives.rs b/ciphers/benches/primitives.rs index f1ef4d7e..7723e375 100644 --- a/ciphers/benches/primitives.rs +++ b/ciphers/benches/primitives.rs @@ -79,7 +79,7 @@ mod kem { impl_name: &str, scheme: T, ) { - use super::{benchid, KvPair, KvPairs}; + use super::{KvPair, KvPairs, benchid}; let base = [ KvPair("primitive", "kem"), @@ -176,7 +176,7 @@ mod aead { impl_name: &str, scheme: T, ) { - use crate::{benchid, KvPair, KvPairs}; + use crate::{KvPair, KvPairs, benchid}; let base = [ KvPair("primitive", "aead"), @@ -326,7 +326,7 @@ mod keyed_hash { ) where H::Error: std::fmt::Debug, { - use crate::{benchid, KvPair, KvPairs}; + use crate::{KvPair, KvPairs, benchid}; let key = [12u8; KEY_LEN]; let mut out = [0u8; HASH_LEN]; diff --git a/ciphers/src/hash_domain.rs b/ciphers/src/hash_domain.rs index ad11a4bc..75012194 100644 --- a/ciphers/src/hash_domain.rs +++ b/ciphers/src/hash_domain.rs @@ -31,7 +31,7 @@ use anyhow::Result; use rosenpass_secret_memory::Secret; use rosenpass_to::To as _; -pub use crate::{KeyedHash, KEY_LEN}; +pub use crate::{KEY_LEN, KeyedHash}; use rosenpass_cipher_traits::primitives::KeyedHashInstanceTo; diff --git a/ciphers/src/subtle/custom/incorrect_hmac_blake2b.rs b/ciphers/src/subtle/custom/incorrect_hmac_blake2b.rs index 93101d53..4c369f02 100644 --- a/ciphers/src/subtle/custom/incorrect_hmac_blake2b.rs +++ b/ciphers/src/subtle/custom/incorrect_hmac_blake2b.rs @@ -3,7 +3,7 @@ use rosenpass_cipher_traits::{ primitives::{InferKeyedHash, KeyedHash, KeyedHashTo}, }; use rosenpass_constant_time::xor; -use rosenpass_to::{ops::copy_slice, To}; +use rosenpass_to::{To, ops::copy_slice}; use zeroize::Zeroizing; #[cfg(not(feature = "experiment_libcrux_blake2"))] diff --git a/ciphers/src/subtle/libcrux/chacha20poly1305_ietf.rs b/ciphers/src/subtle/libcrux/chacha20poly1305_ietf.rs index 1a402be3..076e98e7 100644 --- a/ciphers/src/subtle/libcrux/chacha20poly1305_ietf.rs +++ b/ciphers/src/subtle/libcrux/chacha20poly1305_ietf.rs @@ -161,8 +161,8 @@ mod equivalence_tests { // The functions below are from the old libcrux backend. I am keeping them around so we can // check if they behave the same. - use rosenpass_to::ops::copy_slice; use rosenpass_to::To; + use rosenpass_to::ops::copy_slice; use zeroize::Zeroize; /// Encrypts using ChaCha20Poly1305 as implemented in [libcrux](https://github.com/cryspen/libcrux). diff --git a/ciphers/src/subtle/rust_crypto/blake2b.rs b/ciphers/src/subtle/rust_crypto/blake2b.rs index c391297f..a4dfcb56 100644 --- a/ciphers/src/subtle/rust_crypto/blake2b.rs +++ b/ciphers/src/subtle/rust_crypto/blake2b.rs @@ -1,12 +1,12 @@ use zeroize::Zeroizing; +use blake2::Blake2bMac; use blake2::digest::crypto_common::generic_array::GenericArray; use blake2::digest::crypto_common::typenum::U32; use blake2::digest::{FixedOutput, Mac}; -use blake2::Blake2bMac; use rosenpass_cipher_traits::primitives::KeyedHash; -use rosenpass_to::{ops::copy_slice, To}; +use rosenpass_to::{To, ops::copy_slice}; pub use rosenpass_cipher_traits::algorithms::keyed_hash_blake2b::{HASH_LEN, KEY_LEN}; diff --git a/ciphers/src/subtle/rust_crypto/chacha20poly1305_ietf.rs b/ciphers/src/subtle/rust_crypto/chacha20poly1305_ietf.rs index 7f0a114c..bd55c510 100644 --- a/ciphers/src/subtle/rust_crypto/chacha20poly1305_ietf.rs +++ b/ciphers/src/subtle/rust_crypto/chacha20poly1305_ietf.rs @@ -1,11 +1,11 @@ -use rosenpass_to::ops::copy_slice; use rosenpass_to::To; +use rosenpass_to::ops::copy_slice; use rosenpass_cipher_traits::algorithms::AeadChaCha20Poly1305; use rosenpass_cipher_traits::primitives::{Aead, AeadError}; -use chacha20poly1305::aead::generic_array::GenericArray; use chacha20poly1305::ChaCha20Poly1305 as AeadImpl; +use chacha20poly1305::aead::generic_array::GenericArray; use chacha20poly1305::{AeadInPlace, KeyInit}; pub use rosenpass_cipher_traits::algorithms::aead_chacha20poly1305::{KEY_LEN, NONCE_LEN, TAG_LEN}; diff --git a/ciphers/src/subtle/rust_crypto/keyed_shake256.rs b/ciphers/src/subtle/rust_crypto/keyed_shake256.rs index 9474761f..d6fc4d8b 100644 --- a/ciphers/src/subtle/rust_crypto/keyed_shake256.rs +++ b/ciphers/src/subtle/rust_crypto/keyed_shake256.rs @@ -1,7 +1,7 @@ use anyhow::ensure; use rosenpass_cipher_traits::primitives::{InferKeyedHash, KeyedHash}; -use sha3::digest::{ExtendableOutput, Update, XofReader}; use sha3::Shake256; +use sha3::digest::{ExtendableOutput, Update, XofReader}; pub use rosenpass_cipher_traits::algorithms::keyed_hash_shake256::{HASH_LEN, KEY_LEN}; diff --git a/ciphers/src/subtle/rust_crypto/xchacha20poly1305_ietf.rs b/ciphers/src/subtle/rust_crypto/xchacha20poly1305_ietf.rs index ce02f359..73d62360 100644 --- a/ciphers/src/subtle/rust_crypto/xchacha20poly1305_ietf.rs +++ b/ciphers/src/subtle/rust_crypto/xchacha20poly1305_ietf.rs @@ -1,11 +1,11 @@ -use rosenpass_to::ops::copy_slice; use rosenpass_to::To; +use rosenpass_to::ops::copy_slice; use rosenpass_cipher_traits::algorithms::aead_xchacha20poly1305::AeadXChaCha20Poly1305; use rosenpass_cipher_traits::primitives::{Aead, AeadError, AeadWithNonceInCiphertext}; -use chacha20poly1305::aead::generic_array::GenericArray; use chacha20poly1305::XChaCha20Poly1305 as AeadImpl; +use chacha20poly1305::aead::generic_array::GenericArray; use chacha20poly1305::{AeadInPlace, KeyInit}; pub use rosenpass_cipher_traits::algorithms::aead_xchacha20poly1305::{ diff --git a/constant-time/src/xor.rs b/constant-time/src/xor.rs index 779e3103..c414c778 100644 --- a/constant-time/src/xor.rs +++ b/constant-time/src/xor.rs @@ -1,7 +1,7 @@ //! xor use core::hint::black_box; -use rosenpass_to::{with_destination, To}; +use rosenpass_to::{To, with_destination}; /// Xors the source into the destination /// diff --git a/flake.nix b/flake.nix index fef3751a..db9960af 100644 --- a/flake.nix +++ b/flake.nix @@ -63,20 +63,19 @@ }; in { - packages = - { - default = pkgs.rosenpass; - rosenpass = pkgs.rosenpass; - rosenpass-oci-image = pkgs.rosenpass-oci-image; - rp = pkgs.rp; + packages = { + default = pkgs.rosenpass; + rosenpass = pkgs.rosenpass; + rosenpass-oci-image = pkgs.rosenpass-oci-image; + rp = pkgs.rp; - release-package = pkgs.release-package; + release-package = pkgs.release-package; - # for good measure, we also offer to cross compile to Linux on Arm - aarch64-linux-rosenpass-static = pkgs.pkgsCross.aarch64-multiplatform.pkgsStatic.rosenpass; - aarch64-linux-rp-static = pkgs.pkgsCross.aarch64-multiplatform.pkgsStatic.rp; - } - // + # for good measure, we also offer to cross compile to Linux on Arm + aarch64-linux-rosenpass-static = pkgs.pkgsCross.aarch64-multiplatform.pkgsStatic.rosenpass; + aarch64-linux-rp-static = pkgs.pkgsCross.aarch64-multiplatform.pkgsStatic.rp; + } + // # We only offer static builds for linux, as this is not supported on OS X (nixpkgs.lib.attrsets.optionalAttrs pkgs.stdenv.isLinux { rosenpass-static = pkgs.pkgsStatic.rosenpass; diff --git a/rosenpass/benches/handshake.rs b/rosenpass/benches/handshake.rs index cceafcba..5924a00e 100644 --- a/rosenpass/benches/handshake.rs +++ b/rosenpass/benches/handshake.rs @@ -1,7 +1,7 @@ use std::ops::DerefMut; use anyhow::Result; -use criterion::{black_box, criterion_group, criterion_main, Criterion}; +use criterion::{Criterion, black_box, criterion_group, criterion_main}; use rosenpass_cipher_traits::primitives::Kem; use rosenpass_ciphers::StaticKem; diff --git a/rosenpass/src/api/api_handler.rs b/rosenpass/src/api/api_handler.rs index dcd85cca..26683d78 100644 --- a/rosenpass/src/api/api_handler.rs +++ b/rosenpass/src/api/api_handler.rs @@ -4,10 +4,10 @@ use std::{borrow::BorrowMut, collections::VecDeque, os::fd::OwnedFd}; use anyhow::Context; -use rosenpass_to::{ops::copy_slice, To}; +use rosenpass_to::{To, ops::copy_slice}; use rosenpass_util::{ fd::FdIo, - functional::{run, ApplyExt}, + functional::{ApplyExt, run}, io::ReadExt, mem::DiscardResultExt, mio::UnixStreamExt, @@ -21,7 +21,7 @@ use crate::{ protocol::BuildCryptoServer, }; -use super::{supply_keypair_response_status, Server as ApiServer}; +use super::{Server as ApiServer, supply_keypair_response_status}; /// Stores the state of the API handler. /// diff --git a/rosenpass/src/api/mio/connection.rs b/rosenpass/src/api/mio/connection.rs index c93347a5..726d4e38 100644 --- a/rosenpass/src/api/mio/connection.rs +++ b/rosenpass/src/api/mio/connection.rs @@ -246,9 +246,11 @@ pub trait MioConnectionContext { // Message does not fit in buffer Err((e @ E::MessageTooLargeError { .. }, _)) => { - log::warn!("Received message on API that was too big to fit in our buffers; \ + log::warn!( + "Received message on API that was too big to fit in our buffers; \ looks like the client is broken. Stopping to process messages of the client.\n\ - Error: {e:?}"); + Error: {e:?}" + ); conn.invalid_read = true; // Closed mio_manager break Ok(None); } diff --git a/rosenpass/src/app_server.rs b/rosenpass/src/app_server.rs index eeff1635..1408500a 100644 --- a/rosenpass/src/app_server.rs +++ b/rosenpass/src/app_server.rs @@ -2,7 +2,7 @@ //! the actual cryptographic code lives in the [crate::protocol] module use std::collections::{HashMap, VecDeque}; -use std::io::{stdout, ErrorKind, Write}; +use std::io::{ErrorKind, Write, stdout}; use std::net::{Ipv4Addr, Ipv6Addr, SocketAddr, SocketAddrV4, SocketAddrV6, ToSocketAddrs}; use std::time::{Duration, Instant}; use std::{cell::Cell, fmt::Debug, io, path::PathBuf, slice}; @@ -10,21 +10,21 @@ use std::{cell::Cell, fmt::Debug, io, path::PathBuf, slice}; use mio::{Interest, Token}; use signal_hook_mio::v1_0 as signal_hook_mio; -use anyhow::{bail, Context, Result}; +use anyhow::{Context, Result, bail}; use derive_builder::Builder; use log::{error, info, warn}; use zerocopy::AsBytes; use rosenpass_util::attempt; use rosenpass_util::fmt::debug::NullDebug; -use rosenpass_util::functional::{run, ApplyExt}; +use rosenpass_util::functional::{ApplyExt, run}; use rosenpass_util::io::{IoResultKindHintExt, SubstituteForIoErrorKindExt}; use rosenpass_util::{ b64::B64Display, build::ConstructionSite, file::StoreValueB64, result::OkExt, }; use rosenpass_secret_memory::{Public, Secret}; -use rosenpass_wireguard_broker::{WireguardBrokerCfg, WireguardBrokerMio, WG_KEY_LEN}; +use rosenpass_wireguard_broker::{WG_KEY_LEN, WireguardBrokerCfg, WireguardBrokerMio}; use crate::config::{ProtocolVersion, Verbosity}; @@ -886,7 +886,10 @@ impl AppServer { Some(Ok(v)) => v, None => true, Some(Err(e)) => { - warn!("Unable to detect whether the IPv6 socket supports dual-stack operation: {}", e); + warn!( + "Unable to detect whether the IPv6 socket supports dual-stack operation: {}", + e + ); true } }; @@ -1325,7 +1328,7 @@ impl AppServer { Some(C::DeleteKey(PeerPtr(no))) => break A::DeleteKey(AppPeerPtr(no)), Some(C::SendInitiation(PeerPtr(no))) => break A::SendInitiation(AppPeerPtr(no)), Some(C::SendRetransmission(PeerPtr(no))) => { - break A::SendRetransmission(AppPeerPtr(no)) + break A::SendRetransmission(AppPeerPtr(no)); } Some(C::Sleep(timeout)) => timeout, // No event from crypto-server, do IO None => crate::protocol::timing::UNENDING, // Crypto server is uninitialized, do IO @@ -1555,7 +1558,9 @@ impl AppServer { let io_source = match self.io_source_index.get(&token) { Some(io_source) => *io_source, None => { - log::warn!("No IO source assiociated with mio token ({token:?}). Polling using mio tokens directly is an experimental feature and IO handler should recover when all available io sources are polled. This is a developer error. Please report it."); + log::warn!( + "No IO source assiociated with mio token ({token:?}). Polling using mio tokens directly is an experimental feature and IO handler should recover when all available io sources are polled. This is a developer error. Please report it." + ); return Ok(AppServerTryRecvResult::None); } }; diff --git a/rosenpass/src/bin/gen-ipc-msg-types.rs b/rosenpass/src/bin/gen-ipc-msg-types.rs index 64eb27bd..c40242e2 100644 --- a/rosenpass/src/bin/gen-ipc-msg-types.rs +++ b/rosenpass/src/bin/gen-ipc-msg-types.rs @@ -2,7 +2,7 @@ use anyhow::{Context, Result}; use heck::ToShoutySnakeCase; use rosenpass_ciphers::subtle::keyed_hash::KeyedHash; -use rosenpass_ciphers::{hash_domain::HashDomain, KEY_LEN}; +use rosenpass_ciphers::{KEY_LEN, hash_domain::HashDomain}; /// Recursively calculate a concrete hash value for an API message type fn calculate_hash_value(hd: HashDomain, values: &[&str]) -> Result<[u8; KEY_LEN]> { @@ -30,8 +30,10 @@ fn print_literal(path: &[&str], shake_or_blake: KeyedHash) -> Result<()> { .chunks_exact(4) .map(|chunk| chunk.iter().collect::()) .collect::>(); - println!("const {var_name} : RawMsgType = RawMsgType::from_le_bytes(hex!(\"{} {} {} {} {} {} {} {}\"));", - c[0], c[1], c[2], c[3], c[4], c[5], c[6], c[7]); + println!( + "const {var_name} : RawMsgType = RawMsgType::from_le_bytes(hex!(\"{} {} {} {} {} {} {} {}\"));", + c[0], c[1], c[2], c[3], c[4], c[5], c[6], c[7] + ); Ok(()) } diff --git a/rosenpass/src/cli.rs b/rosenpass/src/cli.rs index f242a922..082e4124 100644 --- a/rosenpass/src/cli.rs +++ b/rosenpass/src/cli.rs @@ -3,7 +3,7 @@ //! [CliArgs::run] is called by the rosenpass main function and contains the //! bulk of our boostrapping code while the main function just sets up the basic environment -use anyhow::{bail, ensure, Context}; +use anyhow::{Context, bail, ensure}; use clap::{Parser, Subcommand}; use rosenpass_cipher_traits::primitives::Kem; use rosenpass_ciphers::StaticKem; @@ -27,9 +27,9 @@ use { log::{error, info}, mio::net::UnixStream, rosenpass_util::fd::claim_fd, - rosenpass_wireguard_broker::brokers::mio_client::MioBrokerClient, rosenpass_wireguard_broker::WireguardBrokerMio, - rustix::net::{socketpair, AddressFamily, SocketFlags, SocketType}, + rosenpass_wireguard_broker::brokers::mio_client::MioBrokerClient, + rustix::net::{AddressFamily, SocketFlags, SocketType, socketpair}, std::os::fd::AsRawFd, std::os::unix::net, std::process::Command, @@ -291,7 +291,9 @@ impl CliArgs { // Deprecated - use gen-keys instead Some(Keygen { args }) => { - log::warn!("The 'keygen' command is deprecated. Please use the 'gen-keys' command instead."); + log::warn!( + "The 'keygen' command is deprecated. Please use the 'gen-keys' command instead." + ); let mut public_key: Option = None; let mut secret_key: Option = None; @@ -346,7 +348,9 @@ impl CliArgs { } (_, Some(pkf), Some(skf)) => (pkf.clone(), skf.clone()), _ => { - bail!("either a config-file or both public-key and secret-key file are required") + bail!( + "either a config-file or both public-key and secret-key file are required" + ) } }; diff --git a/rosenpass/src/config.rs b/rosenpass/src/config.rs index 31a4b5cb..80569db8 100644 --- a/rosenpass/src/config.rs +++ b/rosenpass/src/config.rs @@ -15,7 +15,7 @@ use anyhow::{bail, ensure}; use serde::{Deserialize, Serialize}; -use rosenpass_util::file::{fopen_w, LoadValue, Visibility}; +use rosenpass_util::file::{LoadValue, Visibility, fopen_w}; use crate::protocol::basic_types::{SPk, SSk}; use crate::protocol::osk_domain_separator::OskDomainSeparator; @@ -201,8 +201,12 @@ impl RosenpassPeerOskDomainSeparator { match (&self.osk_organization, &self.osk_label) { (None, None) => Ok(None), (Some(org), Some(label)) => Ok(Some((org, label))), - (Some(_), None) => bail!("Specified osk_organization but not osk_label in config file. You need to specify both, or none."), - (None, Some(_)) => bail!("Specified osk_label but not osk_organization in config file. You need to specify both, or none."), + (Some(_), None) => bail!( + "Specified osk_organization but not osk_label in config file. You need to specify both, or none." + ), + (None, Some(_)) => bail!( + "Specified osk_label but not osk_organization in config file. You need to specify both, or none." + ), } } diff --git a/rosenpass/src/main.rs b/rosenpass/src/main.rs index 42369c54..bebbec72 100644 --- a/rosenpass/src/main.rs +++ b/rosenpass/src/main.rs @@ -2,7 +2,7 @@ use clap::CommandFactory; use clap::Parser; -use clap_mangen::roff::{roman, Roff}; +use clap_mangen::roff::{Roff, roman}; use log::error; use rosenpass::cli::CliArgs; use std::process::exit; diff --git a/rosenpass/src/msgs.rs b/rosenpass/src/msgs.rs index 9fbeba21..db90912d 100644 --- a/rosenpass/src/msgs.rs +++ b/rosenpass/src/msgs.rs @@ -13,7 +13,7 @@ use zerocopy::{AsBytes, FromBytes, FromZeroes}; use super::RosenpassError; use rosenpass_cipher_traits::primitives::{Aead as _, Kem}; -use rosenpass_ciphers::{Aead, XAead, KEY_LEN}; +use rosenpass_ciphers::{Aead, KEY_LEN, XAead}; use rosenpass_ciphers::{EphemeralKem, StaticKem}; /// Length of a session ID such as [InitHello::sidi] @@ -437,7 +437,7 @@ impl From for u8 { mod test_constants { use crate::msgs::{BISCUIT_CT_LEN, BISCUIT_PT_LEN}; use rosenpass_cipher_traits::primitives::Aead as _; - use rosenpass_ciphers::{XAead, KEY_LEN}; + use rosenpass_ciphers::{KEY_LEN, XAead}; #[test] fn sodium_keysize() { diff --git a/rosenpass/src/protocol/basic_types.rs b/rosenpass/src/protocol/basic_types.rs index 00078ac6..108fdfab 100644 --- a/rosenpass/src/protocol/basic_types.rs +++ b/rosenpass/src/protocol/basic_types.rs @@ -1,7 +1,7 @@ //! Key types and other fundamental types used in the Rosenpass protocol use rosenpass_cipher_traits::primitives::{Aead, Kem}; -use rosenpass_ciphers::{EphemeralKem, StaticKem, XAead, KEY_LEN}; +use rosenpass_ciphers::{EphemeralKem, KEY_LEN, StaticKem, XAead}; use rosenpass_secret_memory::{Public, PublicBox, Secret}; use crate::msgs::{BISCUIT_ID_LEN, MAX_MESSAGE_LEN, SESSION_ID_LEN}; diff --git a/rosenpass/src/protocol/build_crypto_server.rs b/rosenpass/src/protocol/build_crypto_server.rs index 7929a47d..5ffa5ff1 100644 --- a/rosenpass/src/protocol/build_crypto_server.rs +++ b/rosenpass/src/protocol/build_crypto_server.rs @@ -206,7 +206,10 @@ impl Build for BuildCryptoServer { let PeerPtr(idx2) = srv.add_peer(psk, pk, protocol_version.into(), osk_domain_separator)?; - assert!(idx == idx2, "Peer id changed during CryptoServer construction from {idx} to {idx2}. This is a developer error.") + assert!( + idx == idx2, + "Peer id changed during CryptoServer construction from {idx} to {idx2}. This is a developer error." + ) } Ok(srv) diff --git a/rosenpass/src/protocol/index.rs b/rosenpass/src/protocol/index.rs index 9f3556be..68785b75 100644 --- a/rosenpass/src/protocol/index.rs +++ b/rosenpass/src/protocol/index.rs @@ -2,8 +2,8 @@ use std::collections::HashMap; -use super::basic_types::{PeerId, PeerNo, SessionId}; use super::KnownResponseHash; +use super::basic_types::{PeerId, PeerNo, SessionId}; /// Maps various keys to peer (numbers). /// diff --git a/rosenpass/src/protocol/protocol.rs b/rosenpass/src/protocol/protocol.rs index faaa0562..890a9aee 100644 --- a/rosenpass/src/protocol/protocol.rs +++ b/rosenpass/src/protocol/protocol.rs @@ -14,7 +14,7 @@ use std::{ ops::Deref, }; -use anyhow::{bail, ensure, Context, Result}; +use anyhow::{Context, Result, bail, ensure}; use assert_tv::{TestVector, TestVectorNOP}; use memoffset::span_of; use zerocopy::{AsBytes, FromBytes, Ref}; @@ -26,11 +26,11 @@ use rosenpass_ciphers::hash_domain::{SecretHashDomain, SecretHashDomainNamespace use rosenpass_ciphers::{Aead, EphemeralKem, KeyedHash, StaticKem, XAead}; use rosenpass_constant_time as constant_time; use rosenpass_secret_memory::{Public, Secret}; -use rosenpass_to::{ops::copy_slice, To}; +use rosenpass_to::{To, ops::copy_slice}; use rosenpass_util::{ cat, functional::ApplyExt, - mem::{cpy_min, DiscardResultExt}, + mem::{DiscardResultExt, cpy_min}, time::Timebase, }; @@ -38,7 +38,7 @@ use crate::protocol::test_vector_sets::{ CycledBiscuitSecretKeyTestValues, EncapsAndMixTestValues, HandleInitHelloTestValues, HandleInitiationTestValues, StoreBiscuitTestValues, }; -use crate::{hash_domains, msgs::*, RosenpassError}; +use crate::{RosenpassError, hash_domains, msgs::*}; use super::basic_types::{ BiscuitId, EPk, ESk, MsgBuf, PeerId, PeerNo, PublicSymKey, SPk, SSk, SessionId, SymKey, @@ -53,7 +53,7 @@ use super::constants::{ use super::cookies::{BiscuitKey, CookieSecret, CookieStore}; use super::index::{PeerIndex, PeerIndexKey}; use super::osk_domain_separator::OskDomainSeparator; -use super::timing::{has_happened, Timing, BCE, UNENDING}; +use super::timing::{BCE, Timing, UNENDING, has_happened}; use super::zerocopy::{truncating_cast_into, truncating_cast_into_nomut}; #[cfg(feature = "trace_bench")] @@ -1657,11 +1657,7 @@ impl Mortal for BiscuitKeyPtr { /// At [BiscuitKey::created_at] fn created_at(&self, srv: &CryptoServer) -> Option { let t = self.get(srv).created_at; - if t < 0.0 { - None - } else { - Some(t) - } + if t < 0.0 { None } else { Some(t) } } /// At [Self::created_at] plus [BISCUIT_EPOCH] @@ -1679,11 +1675,7 @@ impl Mortal for ServerCookieSecretPtr { /// At [CookieSecret::created_at] fn created_at(&self, srv: &CryptoServer) -> Option { let t = self.get(srv).created_at; - if t < 0.0 { - None - } else { - Some(t) - } + if t < 0.0 { None } else { Some(t) } } /// At [Self::created_at] plus [COOKIE_SECRET_EPOCH] @@ -1725,11 +1717,7 @@ impl Mortal for KnownInitConfResponsePtr { /// At [KnownInitConfResponse::received_at] fn created_at(&self, srv: &CryptoServer) -> Option { let t = self.get(srv)?.received_at; - if t < 0.0 { - None - } else { - Some(t) - } + if t < 0.0 { None } else { Some(t) } } /// No retirement phase, so this is the same as [Self::die_at] diff --git a/rosenpass/src/protocol/test.rs b/rosenpass/src/protocol/test.rs index b5f58823..025575fd 100644 --- a/rosenpass/src/protocol/test.rs +++ b/rosenpass/src/protocol/test.rs @@ -9,7 +9,7 @@ use rosenpass_ciphers::StaticKem; use rosenpass_secret_memory::Public; use rosenpass_util::mem::DiscardResultExt; -use crate::msgs::{EmptyData, Envelope, InitConf, InitHello, MsgType, RespHello, MAX_MESSAGE_LEN}; +use crate::msgs::{EmptyData, Envelope, InitConf, InitHello, MAX_MESSAGE_LEN, MsgType, RespHello}; use super::basic_types::{MsgBuf, SPk, SSk, SymKey}; use super::constants::REKEY_AFTER_TIME_RESPONDER; @@ -502,13 +502,14 @@ fn cookie_reply_mechanism_initiator_bails_on_message_under_load(protocol_version ip_addr_port_b[..ip_addr_port_b_len].to_vec().into(); //A handles RespHello message under load, should not send cookie reply - assert!(a - .handle_msg_under_load( + assert!( + a.handle_msg_under_load( &b_to_a_buf[..resp_hello_len], &mut *a_to_b_buf, &ip_addr_port_b ) - .is_err()); + .is_err() + ); }); } diff --git a/rosenpass/src/protocol/test_vector_sets.rs b/rosenpass/src/protocol/test_vector_sets.rs index 89cd9e93..f08abf7b 100644 --- a/rosenpass/src/protocol/test_vector_sets.rs +++ b/rosenpass/src/protocol/test_vector_sets.rs @@ -16,7 +16,7 @@ use assert_tv::TestValue; use assert_tv::TestVectorSet; use base64::Engine; use rosenpass_cipher_traits::primitives::{Aead, Kem}; -use rosenpass_ciphers::{EphemeralKem, XAead, KEY_LEN}; +use rosenpass_ciphers::{EphemeralKem, KEY_LEN, XAead}; use rosenpass_secret_memory::{Public, PublicBox, Secret}; use serde_json::Value; diff --git a/rosenpass/src/protocol/testutils.rs b/rosenpass/src/protocol/testutils.rs index 8ba51832..a8251614 100644 --- a/rosenpass/src/protocol/testutils.rs +++ b/rosenpass/src/protocol/testutils.rs @@ -6,9 +6,9 @@ use rosenpass_cipher_traits::primitives::Kem; use rosenpass_ciphers::StaticKem; use super::{ + CryptoServer, PeerPtr, ProtocolVersion, basic_types::{SPk, SSk}, osk_domain_separator::OskDomainSeparator, - CryptoServer, PeerPtr, ProtocolVersion, }; /// Helper for tests and examples diff --git a/rosenpass/tests/api-integration-tests-api-setup.rs b/rosenpass/tests/api-integration-tests-api-setup.rs index 54ae051d..7437db7b 100644 --- a/rosenpass/tests/api-integration-tests-api-setup.rs +++ b/rosenpass/tests/api-integration-tests-api-setup.rs @@ -7,7 +7,7 @@ use std::{ time::Duration, }; -use anyhow::{bail, Context}; +use anyhow::{Context, bail}; use command_fds::{CommandFdExt, FdMapping}; use hex_literal::hex; use rosenpass::api::{ @@ -33,7 +33,7 @@ struct KillChild(std::process::Child); impl Drop for KillChild { fn drop(&mut self) { - use rustix::process::{kill_process, Pid, Signal::Term}; + use rustix::process::{Pid, Signal::Term, kill_process}; let pid = Pid::from_child(&self.0); // We seriously need to start handling signals with signalfd, our current signal handling // system is a bit broken; there is probably a few functions that just restart on EINTR @@ -241,7 +241,7 @@ fn api_integration_api_setup(protocol_version: ProtocolVersion) -> anyhow::Resul // Send SupplyKeypairRequest { - use rustix::fs::{open, Mode, OFlags}; + use rustix::fs::{Mode, OFlags, open}; let sk = open(peer_a_keypair.secret_key, OFlags::RDONLY, Mode::empty())?; let pk = open(peer_a_keypair.public_key, OFlags::RDONLY, Mode::empty())?; @@ -342,8 +342,10 @@ fn api_integration_api_setup(protocol_version: ProtocolVersion) -> anyhow::Resul // success on consensus match osk_a.secret() == osk_b.secret() { true => break, - false if attempt > 10 => bail!("Peers did not produce a matching key even after ten attempts. Something is wrong with the key exchange!"), - false => {}, + false if attempt > 10 => bail!( + "Peers did not produce a matching key even after ten attempts. Something is wrong with the key exchange!" + ), + false => {} }; attempt += 1; diff --git a/rosenpass/tests/api-integration-tests.rs b/rosenpass/tests/api-integration-tests.rs index ef54d281..4bde1ac6 100644 --- a/rosenpass/tests/api-integration-tests.rs +++ b/rosenpass/tests/api-integration-tests.rs @@ -5,9 +5,9 @@ use std::{ process::Stdio, }; -use anyhow::{bail, Context}; +use anyhow::{Context, bail}; use rosenpass::api; -use rosenpass_to::{ops::copy_slice_least_src, To}; +use rosenpass_to::{To, ops::copy_slice_least_src}; use rosenpass_util::{ file::LoadValueB64, length_prefix_encoding::{decoder::LengthPrefixDecoder, encoder::LengthPrefixEncoder}, @@ -23,7 +23,7 @@ struct KillChild(std::process::Child); impl Drop for KillChild { fn drop(&mut self) { - use rustix::process::{kill_process, Pid, Signal::Term}; + use rustix::process::{Pid, Signal::Term, kill_process}; let pid = Pid::from_child(&self.0); // We seriously need to start handling signals with signalfd, our current signal handling // system is a bit broken; there is probably a few functions that just restart on EINTR @@ -188,8 +188,10 @@ fn api_integration_test(protocol_version: ProtocolVersion) -> anyhow::Result<()> let osk_b = SymKey::load_b64::<64, _>(peer_b_osk.clone())?; match osk_a.secret() == osk_b.secret() { true => break, - false if attempt > 10 => bail!("Peers did not produce a matching key even after ten attempts. Something is wrong with the key exchange!"), - false => {}, + false if attempt > 10 => bail!( + "Peers did not produce a matching key even after ten attempts. Something is wrong with the key exchange!" + ), + false => {} }; attempt += 1; diff --git a/rosenpass/tests/integration_test.rs b/rosenpass/tests/integration_test.rs index 494a711f..9c94b9ff 100644 --- a/rosenpass/tests/integration_test.rs +++ b/rosenpass/tests/integration_test.rs @@ -11,7 +11,7 @@ use tempfile::tempdir; use clap::Parser; use rosenpass::{app_server::AppServerTestBuilder, cli::CliArgs, config::EXAMPLE_CONFIG}; use rosenpass_secret_memory::{Public, Secret}; -use rosenpass_wireguard_broker::{WireguardBrokerMio, WG_KEY_LEN, WG_PEER_LEN}; +use rosenpass_wireguard_broker::{WG_KEY_LEN, WG_PEER_LEN, WireguardBrokerMio}; use serial_test::serial; use std::io::Write; diff --git a/rosenpass/tests/poll_example.rs b/rosenpass/tests/poll_example.rs index 39c31882..c4d66849 100644 --- a/rosenpass/tests/poll_example.rs +++ b/rosenpass/tests/poll_example.rs @@ -102,11 +102,14 @@ fn test_successful_exchange_with_poll( " ); #[cfg(not(coverage))] - assert!((110.0..175.0).contains(&(_completions[2].0 - _completions[1].0)), "\ + assert!( + (110.0..175.0).contains(&(_completions[2].0 - _completions[1].0)), + "\ First renegotiation should happen in between two and three minutes after the first renegotiation!\n\ Transcript: {transcript:?}\n\ Completions: {_completions:?}\ - "); + " + ); Ok(()) } @@ -198,11 +201,14 @@ fn test_successful_exchange_under_packet_loss( " ); #[cfg(not(coverage))] - assert!((110.0..175.0).contains(&(_completions[2].0 - _completions[1].0)), "\ + assert!( + (110.0..175.0).contains(&(_completions[2].0 - _completions[1].0)), + "\ First renegotiation should happen in between two and three minutes after the first renegotiation!\n\ Transcript: {transcript:?}\n\ Completions: {_completions:?}\ - "); + " + ); Ok(()) } @@ -232,8 +238,10 @@ fn test_osk_label_mismatch() -> anyhow::Result<()> { for _ in 0..300 { let ev = sim.poll()?; - assert!(!matches!(ev, TranscriptEvent::CompletedExchange(_)), - "We deliberately provoked a mismatch in OSK domain separator, but still saw a successfully completed key exchange"); + assert!( + !matches!(ev, TranscriptEvent::CompletedExchange(_)), + "We deliberately provoked a mismatch in OSK domain separator, but still saw a successfully completed key exchange" + ); // Wait for a key exchange that failed with a KeyMismatch event let (osk_a_custom1, osk_b_custom2) = match ev { diff --git a/rosenpass/tests/test_vector_crypto_server.rs b/rosenpass/tests/test_vector_crypto_server.rs index 7e393641..8a69d351 100644 --- a/rosenpass/tests/test_vector_crypto_server.rs +++ b/rosenpass/tests/test_vector_crypto_server.rs @@ -15,7 +15,7 @@ //! TEST_MODE=init cargo test crypto_server_test_vector_1 //! ``` -use assert_tv::{test_vec_case, TestValue, TestVector, TestVectorActive, TestVectorSet}; +use assert_tv::{TestValue, TestVector, TestVectorActive, TestVectorSet, test_vec_case}; use rosenpass::protocol::basic_types::{MsgBuf, SPk, SSk, SymKey}; use rosenpass::protocol::osk_domain_separator::OskDomainSeparator; use rosenpass::protocol::test_vector_sets::deserialize_byte_vec; diff --git a/rp/src/cli.rs b/rp/src/cli.rs index 97fce509..765b1b20 100644 --- a/rp/src/cli.rs +++ b/rp/src/cli.rs @@ -56,11 +56,22 @@ fn fatal(note: &str, command: Option) -> Result { match command { Some(command) => match command { CommandType::GenKey => Err(format!("{}\nUsage: rp genkey PRIVATE_KEYS_DIR", note)), - CommandType::PubKey => Err(format!("{}\nUsage: rp pubkey PRIVATE_KEYS_DIR PUBLIC_KEYS_DIR", note)), - CommandType::Exchange => Err(format!("{}\nUsage: rp exchange PRIVATE_KEYS_DIR [dev ] [ip /] [listen :] [peer PUBLIC_KEYS_DIR [endpoint :] [persistent-keepalive ] [allowed-ips /[,/]...]]...", note)), - CommandType::ExchangeConfig => Err(format!("{}\nUsage: rp exchange-config ", note)), + CommandType::PubKey => Err(format!( + "{}\nUsage: rp pubkey PRIVATE_KEYS_DIR PUBLIC_KEYS_DIR", + note + )), + CommandType::Exchange => Err(format!( + "{}\nUsage: rp exchange PRIVATE_KEYS_DIR [dev ] [ip /] [listen :] [peer PUBLIC_KEYS_DIR [endpoint :] [persistent-keepalive ] [allowed-ips /[,/]...]]...", + note + )), + CommandType::ExchangeConfig => { + Err(format!("{}\nUsage: rp exchange-config ", note)) + } }, - None => Err(format!("{}\nUsage: rp [verbose] genkey|pubkey|exchange|exchange-config [ARGS]...", note)), + None => Err(format!( + "{}\nUsage: rp [verbose] genkey|pubkey|exchange|exchange-config [ARGS]...", + note + )), } } @@ -140,7 +151,7 @@ impl ExchangePeer { return fatal( &format!("Unknown option {}", x), Some(CommandType::Exchange), - ) + ); } } } @@ -208,7 +219,7 @@ impl ExchangeOptions { return fatal( &format!("Unknown option {}", x), Some(CommandType::Exchange), - ) + ); } } } diff --git a/rp/src/exchange.rs b/rp/src/exchange.rs index fa5a4b21..65f1ae92 100644 --- a/rp/src/exchange.rs +++ b/rp/src/exchange.rs @@ -3,7 +3,7 @@ use std::{borrow::Borrow, net::SocketAddr, path::PathBuf}; use tokio::process::Command; -use anyhow::{bail, ensure, Context, Result}; +use anyhow::{Context, Result, bail, ensure}; use futures_util::TryStreamExt as _; use serde::Deserialize; @@ -33,7 +33,7 @@ use crate::key::WG_B64_LEN; mod netlink { /// Re-exports from [::netlink_packet_core] pub mod core { - pub use ::netlink_packet_core::{NetlinkMessage, NLM_F_ACK, NLM_F_REQUEST}; + pub use ::netlink_packet_core::{NLM_F_ACK, NLM_F_REQUEST, NetlinkMessage}; } /// Re-exports from [::rtnetlink] diff --git a/rp/src/key.rs b/rp/src/key.rs index a7ac7491..2d7f6acb 100644 --- a/rp/src/key.rs +++ b/rp/src/key.rs @@ -5,14 +5,14 @@ use std::{ path::Path, }; -use anyhow::{anyhow, Result}; +use anyhow::{Result, anyhow}; use rosenpass_util::file::{LoadValueB64, StoreValue, StoreValueB64}; use zeroize::Zeroize; use rosenpass::protocol::basic_types::{SPk, SSk}; use rosenpass_cipher_traits::primitives::Kem; use rosenpass_ciphers::StaticKem; -use rosenpass_secret_memory::{file::StoreSecret as _, Public, Secret}; +use rosenpass_secret_memory::{Public, Secret, file::StoreSecret as _}; /// The length of wireguard keys as a length in base 64 encoding. pub const WG_B64_LEN: usize = 32 * 5 / 3; @@ -119,13 +119,13 @@ mod tests { use std::fs; use rosenpass::protocol::basic_types::{SPk, SSk}; - use rosenpass_secret_memory::secret_policy_try_use_memfd_secrets; use rosenpass_secret_memory::Secret; + use rosenpass_secret_memory::secret_policy_try_use_memfd_secrets; use rosenpass_util::file::LoadValue; use rosenpass_util::file::LoadValueB64; use tempfile::tempdir; - use crate::key::{genkey, pubkey, WG_B64_LEN}; + use crate::key::{WG_B64_LEN, genkey, pubkey}; #[test] #[cfg_attr(miri, ignore)] // Miri does not support calls to mmap with protections other than PROT_READ|PROT_WRITE diff --git a/rp/src/main.rs b/rp/src/main.rs index 87bf1f27..71ee6c3a 100644 --- a/rp/src/main.rs +++ b/rp/src/main.rs @@ -15,5 +15,7 @@ fn main() -> anyhow::Result<()> { #[cfg(not(any(target_os = "linux", target_os = "freebsd")))] fn main() { - panic!("Unfortunately, the rp command is currently not supported on your platform. See https://github.com/rosenpass/rosenpass/issues/689 for more information and discussion.") + panic!( + "Unfortunately, the rp command is currently not supported on your platform. See https://github.com/rosenpass/rosenpass/issues/689 for more information and discussion." + ) } diff --git a/rp/src/main_supported_platforms.rs b/rp/src/main_supported_platforms.rs index 30d40a2c..96d953b5 100644 --- a/rp/src/main_supported_platforms.rs +++ b/rp/src/main_supported_platforms.rs @@ -5,7 +5,7 @@ use rosenpass_util::tokio::janitor::ensure_janitor; use rosenpass_secret_memory::policy; use crate::cli::{Cli, Command}; -use crate::exchange::{exchange, ExchangeOptions}; +use crate::exchange::{ExchangeOptions, exchange}; use crate::key::{genkey, pubkey}; #[tokio::main] diff --git a/secret-memory/src/alloc/memsec/malloc.rs b/secret-memory/src/alloc/memsec/malloc.rs index a28568a8..df4da621 100644 --- a/secret-memory/src/alloc/memsec/malloc.rs +++ b/secret-memory/src/alloc/memsec/malloc.rs @@ -105,10 +105,12 @@ unsafe impl Allocator for MallocAllocator { // Ensure the right alignment is used let off = (mem.as_ptr() as *const u8).align_offset(layout.align()); if off != 0 { - log::error!("Allocation {layout:?} was requested but malloc-based memsec returned allocation \ + log::error!( + "Allocation {layout:?} was requested but malloc-based memsec returned allocation \ with offset {off} from the requested alignment. Malloc always allocates values \ at the end of a memory page for security reasons, custom alignments are not supported. \ - You could try allocating an oversized value."); + You could try allocating an oversized value." + ); unsafe { memsec::free(mem) }; return Err(AllocError); }; diff --git a/secret-memory/src/alloc/memsec/memfdsec.rs b/secret-memory/src/alloc/memsec/memfdsec.rs index a348b536..bd093435 100644 --- a/secret-memory/src/alloc/memsec/memfdsec.rs +++ b/secret-memory/src/alloc/memsec/memfdsec.rs @@ -99,17 +99,21 @@ unsafe impl Allocator for MemfdSecAllocator { // Unwrap the option let Some(mem) = mem else { - log::error!("Allocation {layout:?} was requested but memfd-based memsec returned a null pointer"); + log::error!( + "Allocation {layout:?} was requested but memfd-based memsec returned a null pointer" + ); return Err(AllocError); }; // Ensure the right alignment is used let off = (mem.as_ptr() as *const u8).align_offset(layout.align()); if off != 0 { - log::error!("Allocation {layout:?} was requested but memfd-based memsec returned allocation \ + log::error!( + "Allocation {layout:?} was requested but memfd-based memsec returned allocation \ with offset {off} from the requested alignment. Memfd always allocates values \ at the end of a memory page for security reasons, custom alignments are not supported. \ - You could try allocating an oversized value."); + You could try allocating an oversized value." + ); unsafe { memsec::free_memfd_secret(mem) }; return Err(AllocError); }; diff --git a/secret-memory/src/public.rs b/secret-memory/src/public.rs index e78cf813..d925dcde 100644 --- a/secret-memory/src/public.rs +++ b/secret-memory/src/public.rs @@ -1,11 +1,11 @@ use crate::debug::debug_crypto_array; use anyhow::Context; use rand::{Fill as Randomize, Rng}; -use rosenpass_to::{ops::copy_slice, To}; +use rosenpass_to::{To, ops::copy_slice}; use rosenpass_util::b64::{b64_decode, b64_encode}; use rosenpass_util::file::{ - fopen_r, fopen_w, LoadValue, LoadValueB64, ReadExactToEnd, ReadSliceToEnd, StoreValue, - StoreValueB64, StoreValueB64Writer, Visibility, + LoadValue, LoadValueB64, ReadExactToEnd, ReadSliceToEnd, StoreValue, StoreValueB64, + StoreValueB64Writer, Visibility, fopen_r, fopen_w, }; use rosenpass_util::functional::mutating; use std::borrow::{Borrow, BorrowMut}; @@ -390,8 +390,8 @@ mod tests { use rosenpass_util::{ b64::b64_encode, file::{ - fopen_w, LoadValue, LoadValueB64, StoreValue, StoreValueB64, StoreValueB64Writer, - Visibility, + LoadValue, LoadValueB64, StoreValue, StoreValueB64, StoreValueB64Writer, + Visibility, fopen_w, }, }; use std::{fs, ops::Deref, os::unix::fs::PermissionsExt}; diff --git a/secret-memory/src/secret.rs b/secret-memory/src/secret.rs index ec235ecb..e5f0be53 100644 --- a/secret-memory/src/secret.rs +++ b/secret-memory/src/secret.rs @@ -10,15 +10,15 @@ use zeroize::{Zeroize, ZeroizeOnDrop}; use rosenpass_util::b64::{b64_decode, b64_encode}; use rosenpass_util::file::{ - fopen_r, LoadValue, LoadValueB64, ReadExactToEnd, ReadSliceToEnd, StoreValueB64, - StoreValueB64Writer, + LoadValue, LoadValueB64, ReadExactToEnd, ReadSliceToEnd, StoreValueB64, StoreValueB64Writer, + fopen_r, }; use rosenpass_util::functional::mutating; -use crate::alloc::{secret_box, SecretBox, SecretVec}; +use crate::alloc::{SecretBox, SecretVec, secret_box}; use crate::file::StoreSecret; -use rosenpass_util::file::{fopen_w, Visibility}; +use rosenpass_util::file::{Visibility, fopen_w}; use std::io::Write; // This might become a problem in library usage; it's effectively a memory // leak which probably isn't a problem right now because most memory will diff --git a/secret-memory/src/serialization.rs b/secret-memory/src/serialization.rs index a8d496e9..c090896e 100644 --- a/secret-memory/src/serialization.rs +++ b/secret-memory/src/serialization.rs @@ -101,7 +101,7 @@ impl<'de, const N: usize> Deserialize<'de> for PublicBox { mod tests { use super::*; use crate::secret_policy_use_only_malloc_secrets; - use serde::{de::DeserializeOwned, Serialize}; + use serde::{Serialize, de::DeserializeOwned}; use serde_json; // Generic helper: serialize to JSON, then deserialize back. diff --git a/tests/integration/rpsc-test.nix b/tests/integration/rpsc-test.nix index b679e82e..2e3ce9ab 100644 --- a/tests/integration/rpsc-test.nix +++ b/tests/integration/rpsc-test.nix @@ -33,79 +33,78 @@ let peerBConfigFileVersion = getConfigFileVersion pkgs.rosenpass-peer-b; peerCConfigFileVersion = if multiPeer then getConfigFileVersion pkgs.rosenpass-peer-c else null; - staticConfig = - { - peerA = { - innerIp = "10.100.0.1"; - wgPrivateKeyFile = "${wireguardKeyFolder}/peerA.sk"; - wgPublicKeyFile = "${wireguardKeyFolder}/peerA.pk"; - rosenpassConfig = builtins.toFile "peer-a.toml" ( - '' - public_key = "${rosenpassKeyFolder}/self.pk" - secret_key = "${rosenpassKeyFolder}/self.sk" - listen = ["[::]:${builtins.toString rpPort}"] - verbosity = "Verbose" - - [[peers]] - public_key = "${rosenpassKeyFolder}/peer-b.pk" - endpoint = "peerbkeyexchanger:${builtins.toString rpPort}" - key_out = "${keyExchangePathAB}" - '' - + (lib.optionalString multiPeer '' - [[peers]] - public_key = "${rosenpassKeyFolder}/peer-c.pk" - endpoint = "peerckeyexchanger:${builtins.toString rpPort}" - key_out = "${keyExchangePathAC}" - '') - ); - }; - peerB = { - innerIp = "10.100.0.2"; - wgPrivateKeyFile = "${wireguardKeyFolder}/peerB.sk"; - wgPublicKeyFile = "${wireguardKeyFolder}/peerB.pk"; - rosenpassConfig = builtins.toFile "peer-b.toml" ( - '' - public_key = "${rosenpassKeyFolder}/self.pk" - secret_key = "${rosenpassKeyFolder}/self.sk" - listen = ["[::]:${builtins.toString rpPort}"] - verbosity = "Verbose" - - [[peers]] - public_key = "${rosenpassKeyFolder}/peer-a.pk" - endpoint = "peerakeyexchanger:${builtins.toString rpPort}" - key_out = "${keyExchangePathBA}" - '' - + (lib.optionalString multiPeer '' - [[peers]] - public_key = "${rosenpassKeyFolder}/peer-c.pk" - endpoint = "peerckeyexchanger:${builtins.toString rpPort}" - key_out = "${keyExchangePathBC}" - '') - ); - }; - } - // lib.optionalAttrs multiPeer { - # peerC is only defined if we are in a multiPeer context. - peerC = { - innerIp = "10.100.0.3"; - wgPrivateKeyFile = "${wireguardKeyFolder}/peerC.sk"; - wgPublicKeyFile = "${wireguardKeyFolder}/peerC.pk"; - rosenpassConfig = builtins.toFile "peer-c.toml" '' + staticConfig = { + peerA = { + innerIp = "10.100.0.1"; + wgPrivateKeyFile = "${wireguardKeyFolder}/peerA.sk"; + wgPublicKeyFile = "${wireguardKeyFolder}/peerA.pk"; + rosenpassConfig = builtins.toFile "peer-a.toml" ( + '' public_key = "${rosenpassKeyFolder}/self.pk" secret_key = "${rosenpassKeyFolder}/self.sk" listen = ["[::]:${builtins.toString rpPort}"] verbosity = "Verbose" + + [[peers]] + public_key = "${rosenpassKeyFolder}/peer-b.pk" + endpoint = "peerbkeyexchanger:${builtins.toString rpPort}" + key_out = "${keyExchangePathAB}" + '' + + (lib.optionalString multiPeer '' + [[peers]] + public_key = "${rosenpassKeyFolder}/peer-c.pk" + endpoint = "peerckeyexchanger:${builtins.toString rpPort}" + key_out = "${keyExchangePathAC}" + '') + ); + }; + peerB = { + innerIp = "10.100.0.2"; + wgPrivateKeyFile = "${wireguardKeyFolder}/peerB.sk"; + wgPublicKeyFile = "${wireguardKeyFolder}/peerB.pk"; + rosenpassConfig = builtins.toFile "peer-b.toml" ( + '' + public_key = "${rosenpassKeyFolder}/self.pk" + secret_key = "${rosenpassKeyFolder}/self.sk" + listen = ["[::]:${builtins.toString rpPort}"] + verbosity = "Verbose" + [[peers]] public_key = "${rosenpassKeyFolder}/peer-a.pk" endpoint = "peerakeyexchanger:${builtins.toString rpPort}" - key_out = "${keyExchangePathCA}" + key_out = "${keyExchangePathBA}" + '' + + (lib.optionalString multiPeer '' [[peers]] - public_key = "${rosenpassKeyFolder}/peer-b.pk" + public_key = "${rosenpassKeyFolder}/peer-c.pk" endpoint = "peerckeyexchanger:${builtins.toString rpPort}" - key_out = "${keyExchangePathCB}" - ''; - }; + key_out = "${keyExchangePathBC}" + '') + ); }; + } + // lib.optionalAttrs multiPeer { + # peerC is only defined if we are in a multiPeer context. + peerC = { + innerIp = "10.100.0.3"; + wgPrivateKeyFile = "${wireguardKeyFolder}/peerC.sk"; + wgPublicKeyFile = "${wireguardKeyFolder}/peerC.pk"; + rosenpassConfig = builtins.toFile "peer-c.toml" '' + public_key = "${rosenpassKeyFolder}/self.pk" + secret_key = "${rosenpassKeyFolder}/self.sk" + listen = ["[::]:${builtins.toString rpPort}"] + verbosity = "Verbose" + [[peers]] + public_key = "${rosenpassKeyFolder}/peer-a.pk" + endpoint = "peerakeyexchanger:${builtins.toString rpPort}" + key_out = "${keyExchangePathCA}" + [[peers]] + public_key = "${rosenpassKeyFolder}/peer-b.pk" + endpoint = "peerckeyexchanger:${builtins.toString rpPort}" + key_out = "${keyExchangePathCB}" + ''; + }; + }; inherit (import (pkgs.path + "/nixos/tests/ssh-keys.nix") pkgs) snakeOilPublicKey @@ -133,143 +132,140 @@ in systemd.tmpfiles.rules = [ "d ${rosenpassKeyFolder} 0400 root root - -" ]; }; - nodes = - { - # peerA and peerB are the only neccessary peers unless we are in the multiPeer test. - peerA = { - networking.firewall.allowedUDPPorts = [ wgPort ]; + nodes = { + # peerA and peerB are the only neccessary peers unless we are in the multiPeer test. + peerA = { + networking.firewall.allowedUDPPorts = [ wgPort ]; - # Each instance of the key sync service loads a symmetric key from a rosenpass keyexchanger node and sets it as the preshared key for the appropriate wireguard tunnel. - services.rosenpassKeySync.instances = - { - AB = { - create = true; - enable = false; - inherit wgInterface; - rpHost = "peerakeyexchanger"; - peerPubkeyFile = staticConfig.peerB.wgPublicKeyFile; - remoteKeyPath = keyExchangePathAB; - endpoint = "peerB:${builtins.toString wgPort}"; - allowedIps = "${staticConfig.peerB.innerIp}/32"; - }; - } - // lib.optionalAttrs multiPeer { - AC = { - create = true; - enable = false; - inherit wgInterface; - rpHost = "peerakeyexchanger"; - peerPubkeyFile = staticConfig.peerC.wgPublicKeyFile; - remoteKeyPath = keyExchangePathAC; - endpoint = "peerC:${builtins.toString wgPort}"; - allowedIps = "${staticConfig.peerC.innerIp}/32"; - }; - }; - }; - peerB = { - networking.firewall.allowedUDPPorts = [ wgPort ]; - - # Each instance of the key sync service loads a symmetric key from a rosenpass keyexchanger node and sets it as the preshared key for the appropriate wireguard tunnel. - services.rosenpassKeySync.instances = - { - BA = { - create = true; - enable = false; - inherit wgInterface; - rpHost = "peerbkeyexchanger"; - peerPubkeyFile = staticConfig.peerA.wgPublicKeyFile; - remoteKeyPath = keyExchangePathBA; - endpoint = "peerA:${builtins.toString wgPort}"; - allowedIps = "${staticConfig.peerA.innerIp}/32"; - }; - } - // lib.optionalAttrs multiPeer { - BC = { - create = true; - enable = false; - inherit wgInterface; - rpHost = "peerbkeyexchanger"; - peerPubkeyFile = staticConfig.peerC.wgPublicKeyFile; - remoteKeyPath = keyExchangePathBC; - endpoint = "peerC:${builtins.toString wgPort}"; - allowedIps = "${staticConfig.peerC.innerIp}/32"; - }; - }; - }; - - # The key exchanger node for peerA is the node that actually runs rosenpass. It takes the rosenpass confguration for peerA and runs it. - # The key sync services of peerA will ssh into this node and download the exchanged keys from here. - peerakeyexchanger = { - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; - networking.firewall.allowedUDPPorts = [ rpPort ]; - - services.rosenpassKeyExchange = { + # Each instance of the key sync service loads a symmetric key from a rosenpass keyexchanger node and sets it as the preshared key for the appropriate wireguard tunnel. + services.rosenpassKeySync.instances = { + AB = { create = true; enable = false; - config = staticConfig.peerA.rosenpassConfig; - rosenpassVersion = pkgs.rosenpass-peer-a; + inherit wgInterface; + rpHost = "peerakeyexchanger"; + peerPubkeyFile = staticConfig.peerB.wgPublicKeyFile; + remoteKeyPath = keyExchangePathAB; + endpoint = "peerB:${builtins.toString wgPort}"; + allowedIps = "${staticConfig.peerB.innerIp}/32"; }; - }; - - # The key exchanger node for peerB is the node that actually runs rosenpass. It takes the rosenpass confguration for peerB and runs it. - # The key sync services of peerB will ssh into this node and download the exchanged keys from here. - peerbkeyexchanger = { - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; - - services.rosenpassKeyExchange = { + } + // lib.optionalAttrs multiPeer { + AC = { create = true; enable = false; - config = staticConfig.peerB.rosenpassConfig; - rosenpassVersion = pkgs.rosenpass-peer-b; - }; - }; - } - // lib.optionalAttrs multiPeer { - peerC = { - networking.firewall.allowedUDPPorts = [ wgPort ]; - - # Each instance of the key sync service loads a symmetric key from a rosenpass keyexchanger node and sets it as the preshared key for the appropriate wireguard tunnel. - services.rosenpassKeySync.instances = { - CA = { - create = true; - enable = false; - inherit wgInterface; - rpHost = "peerckeyexchanger"; - peerPubkeyFile = staticConfig.peerA.wgPublicKeyFile; - remoteKeyPath = keyExchangePathCA; - endpoint = "peerA:${builtins.toString wgPort}"; - allowedIps = "${staticConfig.peerA.innerIp}/32"; - }; - CB = { - create = true; - enable = false; - inherit wgInterface; - rpHost = "peerckeyexchanger"; - peerPubkeyFile = staticConfig.peerB.wgPublicKeyFile; - remoteKeyPath = keyExchangePathCB; - endpoint = "peerB:${builtins.toString wgPort}"; - allowedIps = "${staticConfig.peerB.innerIp}/32"; - }; - }; - }; - - # The key exchanger node for peerC is the node that actually runs rosenpass. It takes the rosenpass confguration for peerC and runs it. - # The key sync services of peerC will ssh into this node and download the exchanged keys from here. - peerckeyexchanger = { - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; - networking.firewall.allowedUDPPorts = [ rpPort ]; - - services.rosenpassKeyExchange = { - create = true; - enable = false; - config = staticConfig.peerC.rosenpassConfig; - rosenpassVersion = pkgs.rosenpass-peer-c; + inherit wgInterface; + rpHost = "peerakeyexchanger"; + peerPubkeyFile = staticConfig.peerC.wgPublicKeyFile; + remoteKeyPath = keyExchangePathAC; + endpoint = "peerC:${builtins.toString wgPort}"; + allowedIps = "${staticConfig.peerC.innerIp}/32"; }; }; }; + peerB = { + networking.firewall.allowedUDPPorts = [ wgPort ]; + + # Each instance of the key sync service loads a symmetric key from a rosenpass keyexchanger node and sets it as the preshared key for the appropriate wireguard tunnel. + services.rosenpassKeySync.instances = { + BA = { + create = true; + enable = false; + inherit wgInterface; + rpHost = "peerbkeyexchanger"; + peerPubkeyFile = staticConfig.peerA.wgPublicKeyFile; + remoteKeyPath = keyExchangePathBA; + endpoint = "peerA:${builtins.toString wgPort}"; + allowedIps = "${staticConfig.peerA.innerIp}/32"; + }; + } + // lib.optionalAttrs multiPeer { + BC = { + create = true; + enable = false; + inherit wgInterface; + rpHost = "peerbkeyexchanger"; + peerPubkeyFile = staticConfig.peerC.wgPublicKeyFile; + remoteKeyPath = keyExchangePathBC; + endpoint = "peerC:${builtins.toString wgPort}"; + allowedIps = "${staticConfig.peerC.innerIp}/32"; + }; + }; + }; + + # The key exchanger node for peerA is the node that actually runs rosenpass. It takes the rosenpass confguration for peerA and runs it. + # The key sync services of peerA will ssh into this node and download the exchanged keys from here. + peerakeyexchanger = { + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; + networking.firewall.allowedUDPPorts = [ rpPort ]; + + services.rosenpassKeyExchange = { + create = true; + enable = false; + config = staticConfig.peerA.rosenpassConfig; + rosenpassVersion = pkgs.rosenpass-peer-a; + }; + }; + + # The key exchanger node for peerB is the node that actually runs rosenpass. It takes the rosenpass confguration for peerB and runs it. + # The key sync services of peerB will ssh into this node and download the exchanged keys from here. + peerbkeyexchanger = { + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; + + services.rosenpassKeyExchange = { + create = true; + enable = false; + config = staticConfig.peerB.rosenpassConfig; + rosenpassVersion = pkgs.rosenpass-peer-b; + }; + }; + } + // lib.optionalAttrs multiPeer { + peerC = { + networking.firewall.allowedUDPPorts = [ wgPort ]; + + # Each instance of the key sync service loads a symmetric key from a rosenpass keyexchanger node and sets it as the preshared key for the appropriate wireguard tunnel. + services.rosenpassKeySync.instances = { + CA = { + create = true; + enable = false; + inherit wgInterface; + rpHost = "peerckeyexchanger"; + peerPubkeyFile = staticConfig.peerA.wgPublicKeyFile; + remoteKeyPath = keyExchangePathCA; + endpoint = "peerA:${builtins.toString wgPort}"; + allowedIps = "${staticConfig.peerA.innerIp}/32"; + }; + CB = { + create = true; + enable = false; + inherit wgInterface; + rpHost = "peerckeyexchanger"; + peerPubkeyFile = staticConfig.peerB.wgPublicKeyFile; + remoteKeyPath = keyExchangePathCB; + endpoint = "peerB:${builtins.toString wgPort}"; + allowedIps = "${staticConfig.peerB.innerIp}/32"; + }; + }; + }; + + # The key exchanger node for peerC is the node that actually runs rosenpass. It takes the rosenpass confguration for peerC and runs it. + # The key sync services of peerC will ssh into this node and download the exchanged keys from here. + peerckeyexchanger = { + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; + networking.firewall.allowedUDPPorts = [ rpPort ]; + + services.rosenpassKeyExchange = { + create = true; + enable = false; + config = staticConfig.peerC.rosenpassConfig; + rosenpassVersion = pkgs.rosenpass-peer-c; + }; + }; + }; interactive = { defaults = { diff --git a/to/src/ops.rs b/to/src/ops.rs index 0c0973f2..6e6a5044 100644 --- a/to/src/ops.rs +++ b/to/src/ops.rs @@ -1,7 +1,7 @@ //! Functions that make it easy to copy data between arrays and slices using functions with //! destinations. See the specific functions for examples and more explanations. -use crate::{with_destination, To}; +use crate::{To, with_destination}; /// Function with destination that copies data from /// origin into the destination. diff --git a/util/src/build.rs b/util/src/build.rs index de74d5d6..787046b9 100644 --- a/util/src/build.rs +++ b/util/src/build.rs @@ -459,7 +459,7 @@ where let builder = match site { site @ Self::Void => return (site, Err(ConstructionSiteErectError::IsVoid)), site @ Self::Product(_) => { - return (site, Err(ConstructionSiteErectError::AlreadyBuilt)) + return (site, Err(ConstructionSiteErectError::AlreadyBuilt)); } Self::Builder(builder) => builder, }; diff --git a/util/src/fd.rs b/util/src/fd.rs index 351d011c..85fde780 100644 --- a/util/src/fd.rs +++ b/util/src/fd.rs @@ -133,7 +133,7 @@ pub fn clone_fd_cloexec(fd: Fd) -> rustix::io::Result { /// explicit destination file descriptor. #[cfg(target_os = "linux")] pub fn clone_fd_to_cloexec(fd: Fd, new: &mut OwnedFd) -> rustix::io::Result<()> { - use rustix::io::{dup3, DupFlags}; + use rustix::io::{DupFlags, dup3}; dup3(fd, new, DupFlags::CLOEXEC) } @@ -143,7 +143,7 @@ pub fn clone_fd_to_cloexec(fd: Fd, new: &mut OwnedFd) -> rustix::io::R /// This is slightly different from [clone_fd_cloexec], as this function supports specifying an /// explicit destination file descriptor. pub fn clone_fd_to_cloexec(fd: Fd, new: &mut OwnedFd) -> rustix::io::Result<()> { - use rustix::io::{dup2, fcntl_setfd, FdFlags}; + use rustix::io::{FdFlags, dup2, fcntl_setfd}; dup2(&fd, new)?; fcntl_setfd(&new, FdFlags::CLOEXEC) } @@ -165,7 +165,7 @@ pub fn clone_fd_to_cloexec(fd: Fd, new: &mut OwnedFd) -> rustix::io::R /// let nullfd = open_nullfd().unwrap(); /// ``` pub fn open_nullfd() -> rustix::io::Result { - use rustix::fs::{open, Mode, OFlags}; + use rustix::fs::{Mode, OFlags, open}; // TODO: Add tests showing that this will throw errors on use open("/dev/null", OFlags::CLOEXEC, Mode::empty()) } diff --git a/util/src/length_prefix_encoding/decoder.rs b/util/src/length_prefix_encoding/decoder.rs index f510f9df..64136157 100644 --- a/util/src/length_prefix_encoding/decoder.rs +++ b/util/src/length_prefix_encoding/decoder.rs @@ -271,7 +271,7 @@ impl> LengthPrefixDecoder { break Err(ReadFromIoError::IoError(io::Error::new( K::UnexpectedEof, "", - ))) + ))); } // Retry diff --git a/util/src/mem.rs b/util/src/mem.rs index 5d43f079..a296fd3c 100644 --- a/util/src/mem.rs +++ b/util/src/mem.rs @@ -283,9 +283,9 @@ impl MoveExt for T { #[cfg(test)] mod test_forgetting { use crate::mem::Forgetting; + use std::sync::Arc; use std::sync::atomic::AtomicBool; use std::sync::atomic::Ordering::SeqCst; - use std::sync::Arc; #[test] fn test_forgetting() { diff --git a/util/src/mio/uds_recv_fd.rs b/util/src/mio/uds_recv_fd.rs index 31e0f9ce..ad0c8a3a 100644 --- a/util/src/mio/uds_recv_fd.rs +++ b/util/src/mio/uds_recv_fd.rs @@ -7,7 +7,7 @@ use std::{ }; use uds::UnixStreamExt as FdPassingExt; -use crate::fd::{claim_fd_inplace, IntoStdioErr}; +use crate::fd::{IntoStdioErr, claim_fd_inplace}; /// A wrapper around a socket that combines reading from the socket with tracking /// received file descriptors. Limits the maximum number of file descriptors that diff --git a/util/src/tokio/janitor.rs b/util/src/tokio/janitor.rs index 91624e7f..cabfa236 100644 --- a/util/src/tokio/janitor.rs +++ b/util/src/tokio/janitor.rs @@ -50,7 +50,7 @@ use std::any::type_name; use std::future::Future; -use anyhow::{bail, Context}; +use anyhow::{Context, bail}; use tokio::task::{AbortHandle, JoinError, JoinHandle, JoinSet}; use tokio::task_local; @@ -214,13 +214,14 @@ impl JanitorAgent { }), // JoinError produced by the user task: The user task was cancelled. - (Some(Ok(E::CleanupJobJoinError(err))), _) if err.is_cancelled() => Err(err).with_context(|| { - format!( - "Error in cleanup job handled by {me}; the cleanup task was cancelled. + (Some(Ok(E::CleanupJobJoinError(err))), _) if err.is_cancelled() => Err(err) + .with_context(|| { + format!( + "Error in cleanup job handled by {me}; the cleanup task was cancelled. This should not happend and likely indicates a developer error in {me}.", - me = type_name::() - ) - }), + me = type_name::() + ) + }), // JoinError produced by the user task: The user task panicked (Some(Ok(E::CleanupJobJoinError(err))), _) => Err(err).with_context(|| { @@ -250,17 +251,18 @@ impl JanitorAgent { ) }), - // Internal errors: State machine failure // No tasks left, but ticket queue was not drained - (Option::None, false) => bail!("Internal error in {me}::handle_one_event(); \ + (Option::None, false) => bail!( + "Internal error in {me}::handle_one_event(); \ there are no more internal tasks active, but the ticket queue was not drained. \ The {me}::handle_one_event() code is deliberately designed to never leave the internal task set empty; \ instead, there should always be one task to receive new cleanup jobs from the task queue unless the task \ queue has been closed. \ This is probably a developer error.", - me = type_name::()) + me = type_name::() + ), } } @@ -562,10 +564,14 @@ where #[derive(thiserror::Error, Debug)] pub enum TrySpawnCleanupJobError { /// No active janitor exists - #[error("No janitor registered. Did the developer forget to call enter_janitor(…) or ensure_janitor(…)?")] + #[error( + "No janitor registered. Did the developer forget to call enter_janitor(…) or ensure_janitor(…)?" + )] NoActiveJanitor, /// The currently active janitor is in the process of terminating - #[error("There is a registered janitor, but it is currently in the process of terminating and won't accept new tasks.")] + #[error( + "There is a registered janitor, but it is currently in the process of terminating and won't accept new tasks." + )] ActiveJanitorTerminating, } diff --git a/util/src/zerocopy/ref_maker.rs b/util/src/zerocopy/ref_maker.rs index f0c46edd..5fc210a4 100644 --- a/util/src/zerocopy/ref_maker.rs +++ b/util/src/zerocopy/ref_maker.rs @@ -1,7 +1,7 @@ //! A module providing the [`RefMaker`] type and its associated methods for constructing //! [`zerocopy::Ref`] references from byte buffers. -use anyhow::{ensure, Context}; +use anyhow::{Context, ensure}; use std::marker::PhantomData; use zerocopy::{ByteSlice, ByteSliceMut, Ref}; use zeroize::Zeroize; diff --git a/util/tests/janitor.rs b/util/tests/janitor.rs index 06612036..4112a27e 100644 --- a/util/tests/janitor.rs +++ b/util/tests/janitor.rs @@ -1,7 +1,7 @@ #![cfg(feature = "tokio")] -use std::sync::atomic::{AtomicUsize, Ordering}; use std::sync::Arc; +use std::sync::atomic::{AtomicUsize, Ordering}; use std::time::Duration; use tokio::time::sleep; diff --git a/wireguard-broker/src/api/client.rs b/wireguard-broker/src/api/client.rs index 6e439532..fe207607 100644 --- a/wireguard-broker/src/api/client.rs +++ b/wireguard-broker/src/api/client.rs @@ -39,11 +39,11 @@ use std::{borrow::BorrowMut, fmt::Debug}; use crate::{ + SerializedBrokerConfig, WireGuardBroker, api::{ config::NetworkBrokerConfig, msgs::{self, REQUEST_MSG_BUFFER_SIZE}, }, - SerializedBrokerConfig, WireGuardBroker, }; use super::{ diff --git a/wireguard-broker/src/api/msgs.rs b/wireguard-broker/src/api/msgs.rs index 4ed1fa35..428e1fac 100644 --- a/wireguard-broker/src/api/msgs.rs +++ b/wireguard-broker/src/api/msgs.rs @@ -1,7 +1,7 @@ //! This module defines message formats for messages in the Wireguard Broker protocol as well as //! helper structures like errors and conversion functions. -use std::str::{from_utf8, Utf8Error}; +use std::str::{Utf8Error, from_utf8}; use zerocopy::{AsBytes, FromBytes, FromZeroes}; diff --git a/wireguard-broker/src/api/server.rs b/wireguard-broker/src/api/server.rs index 9a55b3d5..2ed90965 100644 --- a/wireguard-broker/src/api/server.rs +++ b/wireguard-broker/src/api/server.rs @@ -9,8 +9,8 @@ use std::borrow::BorrowMut; use rosenpass_secret_memory::{Public, Secret}; -use crate::api::msgs::{self, Envelope, SetPskRequest, SetPskResponse}; use crate::WireGuardBroker; +use crate::api::msgs::{self, Envelope, SetPskRequest, SetPskResponse}; use super::config::{NetworkBrokerConfigBuilder, NetworkBrokerConfigErr}; @@ -137,7 +137,7 @@ mod tests { use crate::api::server::BrokerServer; use crate::brokers::netlink::SetPskError; use crate::{SerializedBrokerConfig, WireGuardBroker}; - use rosenpass_secret_memory::{secret_policy_use_only_malloc_secrets, Secret}; + use rosenpass_secret_memory::{Secret, secret_policy_use_only_malloc_secrets}; use zerocopy::AsBytes; #[derive(Debug, Clone)] diff --git a/wireguard-broker/src/bin/priviledged.rs b/wireguard-broker/src/bin/priviledged.rs index 1a8bbf3c..280f8a2c 100644 --- a/wireguard-broker/src/bin/priviledged.rs +++ b/wireguard-broker/src/bin/priviledged.rs @@ -19,7 +19,7 @@ fn main() { pub mod linux { //! Linux-specific implementation for the broker that communicates with the WireGuard broker. - use std::io::{stdin, stdout, Read, Write}; + use std::io::{Read, Write, stdin, stdout}; use rosenpass_wireguard_broker::api::msgs; use rosenpass_wireguard_broker::api::server::BrokerServer; diff --git a/wireguard-broker/src/bin/socket_handler.rs b/wireguard-broker/src/bin/socket_handler.rs index c3e2cba7..4ea308cf 100644 --- a/wireguard-broker/src/bin/socket_handler.rs +++ b/wireguard-broker/src/bin/socket_handler.rs @@ -9,7 +9,7 @@ use tokio::process::Command; use tokio::sync::{mpsc, oneshot}; use tokio::task; -use anyhow::{bail, ensure, Result}; +use anyhow::{Result, bail, ensure}; use clap::{ArgGroup, Parser}; use rosenpass_util::fd::claim_fd; diff --git a/wireguard-broker/src/brokers/mio_client.rs b/wireguard-broker/src/brokers/mio_client.rs index e024eef8..6eca81c3 100644 --- a/wireguard-broker/src/brokers/mio_client.rs +++ b/wireguard-broker/src/brokers/mio_client.rs @@ -47,10 +47,10 @@ //! # } //! ``` -use anyhow::{bail, Context}; +use anyhow::{Context, bail}; use mio::Interest; use rosenpass_secret_memory::Secret; -use rosenpass_to::{ops::copy_slice_least_src, To}; +use rosenpass_to::{To, ops::copy_slice_least_src}; use rosenpass_util::io::{IoResultKindHintExt, TryIoResultKindHintExt}; use rosenpass_util::length_prefix_encoding::decoder::LengthPrefixDecoder; use rosenpass_util::length_prefix_encoding::encoder::LengthPrefixEncoder; @@ -233,7 +233,10 @@ impl BrokerClientIo for MioBrokerClientIo { fn send_msg(&mut self, buf: &[u8]) -> Result<(), Self::SendError> { // Clear write buffer (blocking write) self.flush_blocking()?; - assert!(self.write_buffer.exhausted(), "flush_blocking() should have put the write buffer in exhausted state. Developer error!"); + assert!( + self.write_buffer.exhausted(), + "flush_blocking() should have put the write buffer in exhausted state. Developer error!" + ); // Emplace new message in write buffer copy_slice_least_src(buf).to(self.write_buffer.buffer_bytes_mut()); @@ -273,8 +276,10 @@ impl MioBrokerClientIo { return Ok(()); } - log::warn!("Could not flush PSK broker write buffer in non-blocking mode. Flushing in blocking mode!"); - use rustix::io::{fcntl_getfd, fcntl_setfd, FdFlags}; + log::warn!( + "Could not flush PSK broker write buffer in non-blocking mode. Flushing in blocking mode!" + ); + use rustix::io::{FdFlags, fcntl_getfd, fcntl_setfd}; // Build O_NONBLOCK let o_nonblock = { diff --git a/wireguard-broker/src/brokers/netlink.rs b/wireguard-broker/src/brokers/netlink.rs index ef8c1818..f0bb2c95 100644 --- a/wireguard-broker/src/brokers/netlink.rs +++ b/wireguard-broker/src/brokers/netlink.rs @@ -90,6 +90,7 @@ impl From for SetPskError { } } +use SetPskError as SetPskNetlinkError; /// # Example /// ``` /// use rosenpass_wireguard_broker::api::msgs::SetPskError as SetPskMsgsError; @@ -98,7 +99,6 @@ impl From for SetPskError { /// let set_psk_msgs_error = SetPskMsgsError::from(set_psk_nlink_error); /// ``` use msgs::SetPskError as SetPskMsgsError; -use SetPskError as SetPskNetlinkError; impl From for SetPskMsgsError { fn from(err: SetPskError) -> Self { match err { @@ -191,7 +191,7 @@ impl WireGuardBroker for NetlinkWireGuardBroker { #[cfg(test)] mod tests { use super::*; - use rosenpass_secret_memory::{secret_policy_use_only_malloc_secrets, Public, Secret}; + use rosenpass_secret_memory::{Public, Secret, secret_policy_use_only_malloc_secrets}; #[test] fn smoke_test() -> Result<(), Box> { secret_policy_use_only_malloc_secrets();