With this commit, rosenpass uses a signal handler based on the signal-hook-mio crate.
Even though, in this commit, no rosenpass-rp code is touched, this also
fixes the signal handling in rosenpass-rp. The way rosenpass is
integrated in rp is a bit of a hack – it just directly embeds
rosenpass in the same process (though on a dedicated thread). For this
reason, rp now just inherits rosenpass' signal handlers. The
rosenpass event_loop() will terminate. The main loop of `rp` just spends
most of the time waiting for rosenpass itself to finish, and exits when
it finishes.
Unfortunately, this means we are not using signalfd(2)[^0]; the
signal-hook-mio crate appears to use a pipe-based mechanism to deliver
events to mio instead.
This may not be such a bad thing, as signalfd has some severe drawbacks
with respect to subprocesses and masked signals[^1].
Fixes: #358 (https://github.com/rosenpass/rosenpass/issues/385)
Fixes: #522 (https://github.com/rosenpass/rosenpass/issues/522)
Fixes: #678 (https://github.com/rosenpass/rosenpass/pull/678)
[^0]: https://unixism.net/2021/02/making-signals-less-painful-under-linux/
[^1]: https://ldpreload.com/blog/signalfd-is-useless?reposted-on-request
This commit introduces two kinds of benchmarks:
1. Cryptographic Primitives. Measures the performance of all available
implementations of cryptographic algorithms using traditional
benchmarking. Uses criterion.
2. Protocol Runs. Measures the time each step in the protocol takes.
Measured using a tracing-based approach.
The benchmarks are run on CI and an interactive visual overview is
written to the gh-pages branch. If a benchmark takes more than twice the
time than the reference commit (for PR: the main branch), the action
fails.
Before this change, the patch release was left open. This patch
pinpoints it exactly, down to the patch release.
Signed-off-by: wucke13 <wucke13+github@gmail.com>
This implicates a change from nixpkgs-fmt to nixfmt. Nixfmt will become
the new standard on nix formatting, sanctioned by the nixpkgs. To verify
that these changes are purely in whitespace, but not semantic:
git diff --ignore-all-space -w HEAD^!
That will only show newline changes, make the diffing somewhat easier.
Signed-off-by: wucke13 <wucke13+github@gmail.com>
Three changes:
1. We neglected to forward stderr from Rosenpass subprocess two
in the API setup integration test (driveby fix)
2. Added rudimentary signal handling for program termination
to rosenpass, specifically for the coverage reporting
3. Apparently std::process::Child::kill() sends SIGKILL and not
SIGTERM, so our nice new signal handler was never used.
Switched to a rustix based child reaper.
(2) and (3) where necessary because llvm-cov does not produce coverage
when a subprocess terminates due to a default signal handler.
Instead of using a static one, generate it via clap_mangen. To generate
the manpage run `rosenpass --generate-manpage <folder>`.
Right now clap does not support flattening of generated manpages,
meaning that each subcommand is explained in its own file. To add extra
sections to the main file `rosenpass.1`, it's rewritten after the
initial creation.
Once clap support flattened Man pages, the `generate_to` call can be
removed and all subcommand are added to the `rosenpass.1` file.
This implementation allows downstream manpage generation to stay
unchanged even after switching from multiple manpages to a flattened
one.
Signed-off-by: Paul Spooren <mail@aparcar.org>
This commit resolves multiple issues with the PSK broker integration.
- The manual testing procedure never actually utilized the brokers
due to the use of the outfile option, this led to issues with the
broker being hidden.
- The manual testing procedure omitted checking whether a PSK was
actually sent to WireGuard entirely. This was fixed by writing an
entirely new manual integration testing shell-script that can serve
as a blueprint for future integration tests.
- Many parts of the PSK broker code did not report (log) errors
accurately; added error logging
- BrokerServer set message.payload.return_code to the msg_type value,
this led to crashes
- The PSK broker commands all omitted to set the memfd policy, this led
to immediate crashes once secrets where actually allocated
- The MioBrokerClient IO state machine was broken and the design was
too obtuse to debug. The state machine returned the length prefix as
a message instead of actually interpreting it as a state machine.
Seems the code was integrated but never actually tested. This was
fixed by rewriting the entire state machine code using the new
LengthPrefixEncoder/Decoder facilities. A write-buffer that was not
being flushed is now handled by flushing the buffer in blocking-io
mode.
doc: Add documentation for new methods and arguments
fix: Require new psk_broker_spawn flag to use broker without extra parameters, to make all-features cargo test pass
fix: Fix MioBrokerClient buffer size to allow room for length prefix
fix: Fix remaining issue with panic
- Policy is now set in main.rs, not cli.rs.
- Feature is called experiment_memfd_secret, not enable_memfd_alloc
This also fixes the last remaining warnings.
Libcrux is a library for formally verified implementations of
cryptographic primitives. It uses multiple back ends; one of which is
libjade. A cryptographic library written in the jasmin assembly
language for high assurance cryptographic implementations.
To use compile with the experiment_libcrux feature enabled:
cargo build --features experiment_libcrux
Implements:
- An additional allocator to use memfd_secret(2) and guard pages using mmap(2), implemented in quininer/memsec#16
- An allocator that abstracts away underlying allocators, and uses specified allocator set by rosenpass_secret_memory::policy functions (or a function that sets rosenpass_secret_memory::alloc::ALLOC_INIT
- Updates to tests- integration, fuzz, bench: some tests use procspawn to spawn multiple processes with different allocator policies
Dynamically dispatch WireguardBrokerMio trait in AppServer. Also allows for mio event registration and poll processing, logic from dev/broker-architecture branch
Co-authored-by: Prabhpreet Dua <615318+prabhpreet@users.noreply.github.com>
Co-authored-by: Karolin Varner <karo@cupdev.net>
