mirror of
https://github.com/rosenpass/rosenpass.git
synced 2026-02-28 06:23:08 -08:00
Compare commits
1 Commits
dev/add-os
...
dev/wucke1
| Author | SHA1 | Date | |
|---|---|---|---|
|
a4722d7eeb |
21
.github/workflows/release.yaml
vendored
21
.github/workflows/release.yaml
vendored
@@ -12,6 +12,7 @@ jobs:
|
|||||||
- nix
|
- nix
|
||||||
- ${{ matrix.nix-system }}
|
- ${{ matrix.nix-system }}
|
||||||
strategy:
|
strategy:
|
||||||
|
fail-fast: false
|
||||||
matrix:
|
matrix:
|
||||||
nix-system:
|
nix-system:
|
||||||
- x86_64-linux
|
- x86_64-linux
|
||||||
@@ -27,23 +28,3 @@ jobs:
|
|||||||
prerelease: ${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') }}
|
prerelease: ${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') }}
|
||||||
files: |
|
files: |
|
||||||
result/*
|
result/*
|
||||||
|
|
||||||
|
|
||||||
release-darwin:
|
|
||||||
name: Release for x86_64-darwin
|
|
||||||
runs-on:
|
|
||||||
- macos-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
- uses: cachix/install-nix-action@v20
|
|
||||||
with:
|
|
||||||
github_access_token: ${{ secrets.GITHUB_TOKEN }}
|
|
||||||
- name: Build release-package for ${{ matrix.nix-system }}
|
|
||||||
run: nix build .#release-package --print-build-logs
|
|
||||||
- name: Release
|
|
||||||
uses: softprops/action-gh-release@v1
|
|
||||||
with:
|
|
||||||
draft: ${{ contains(github.ref_name, 'rc') }}
|
|
||||||
prerelease: ${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') }}
|
|
||||||
files: |
|
|
||||||
result/*
|
|
||||||
|
|||||||
2
Cargo.lock
generated
2
Cargo.lock
generated
@@ -865,7 +865,7 @@ checksum = "3582f63211428f83597b51b2ddb88e2a91a9d52d12831f9d08f5e624e8977422"
|
|||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "rosenpass"
|
name = "rosenpass"
|
||||||
version = "0.1.2-rc.3"
|
version = "0.1.1"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"anyhow",
|
"anyhow",
|
||||||
"base64",
|
"base64",
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
[package]
|
[package]
|
||||||
name = "rosenpass"
|
name = "rosenpass"
|
||||||
version = "0.1.2-rc.3"
|
version = "0.1.1"
|
||||||
authors = ["Karolin Varner <karo@cupdev.net>", "wucke13 <wucke13@gmail.com>"]
|
authors = ["Karolin Varner <karo@cupdev.net>", "wucke13 <wucke13@gmail.com>"]
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
license = "MIT OR Apache-2.0"
|
license = "MIT OR Apache-2.0"
|
||||||
|
|||||||
44
flake.nix
44
flake.nix
@@ -66,9 +66,27 @@
|
|||||||
# given set of nixpkgs
|
# given set of nixpkgs
|
||||||
rpDerivation = p:
|
rpDerivation = p:
|
||||||
let
|
let
|
||||||
isStatic = p.stdenv.hostPlatform.isStatic;
|
# whether we want to build a statically linked binary
|
||||||
|
isStatic = p.targetPlatform.isStatic;
|
||||||
|
|
||||||
|
# the rust target of `p`
|
||||||
|
target = p.rust.toRustTargetSpec p.targetPlatform;
|
||||||
|
|
||||||
|
# convert a string to shout case
|
||||||
|
shout = string: builtins.replaceStrings ["-"] ["_"] (pkgs.lib.toUpper string);
|
||||||
|
|
||||||
|
# suitable Rust toolchain
|
||||||
|
toolchain = with inputs.fenix.packages.${system}; combine [
|
||||||
|
stable.cargo
|
||||||
|
stable.rustc
|
||||||
|
targets.${target}.stable.rust-std
|
||||||
|
];
|
||||||
|
myRustPlatform = p.makeRustPlatform {
|
||||||
|
cargo = toolchain;
|
||||||
|
rustc = toolchain;
|
||||||
|
};
|
||||||
in
|
in
|
||||||
p.rustPlatform.buildRustPackage {
|
myRustPlatform.buildRustPackage {
|
||||||
# metadata and source
|
# metadata and source
|
||||||
pname = cargoToml.package.name;
|
pname = cargoToml.package.name;
|
||||||
version = cargoToml.package.version;
|
version = cargoToml.package.version;
|
||||||
@@ -83,12 +101,17 @@
|
|||||||
pkg-config # let libsodium-sys-stable find libsodium
|
pkg-config # let libsodium-sys-stable find libsodium
|
||||||
removeReferencesTo
|
removeReferencesTo
|
||||||
rustPlatform.bindgenHook # for C-bindings in the crypto libs
|
rustPlatform.bindgenHook # for C-bindings in the crypto libs
|
||||||
|
pkgs.stdenv.cc # for Rust proc macro linking we need a non-cross compiler
|
||||||
];
|
];
|
||||||
buildInputs = with p; [ bash libsodium ];
|
buildInputs = with p; [ bash libsodium ];
|
||||||
|
|
||||||
# otherwise pkg-config tries to link non-existent dynamic libs
|
# otherwise pkg-config tries to link non-existent dynamic libs
|
||||||
PKG_CONFIG_ALL_STATIC = true;
|
PKG_CONFIG_ALL_STATIC = true;
|
||||||
|
|
||||||
|
CARGO_BUILD_TARGET = target;
|
||||||
|
# for final linking, a cross compiler needs to be used
|
||||||
|
"CARGO_TARGET_${shout target}_LINKER" = "${pkgs.stdenv.cc.targetPrefix}ld";
|
||||||
|
|
||||||
# nix defaults to building for aarch64 _without_ the armv8-a
|
# nix defaults to building for aarch64 _without_ the armv8-a
|
||||||
# crypto extensions, but liboqs depens on these
|
# crypto extensions, but liboqs depens on these
|
||||||
preBuild =
|
preBuild =
|
||||||
@@ -132,15 +155,19 @@
|
|||||||
default = rosenpass;
|
default = rosenpass;
|
||||||
rosenpass = rpDerivation pkgs;
|
rosenpass = rpDerivation pkgs;
|
||||||
rosenpass-oci-image = rosenpassOCI "rosenpass";
|
rosenpass-oci-image = rosenpassOCI "rosenpass";
|
||||||
rosenpass-static = rpDerivation pkgs.pkgsStatic;
|
|
||||||
rosenpass-static-oci-image = rosenpassOCI "rosenpass-static";
|
|
||||||
|
|
||||||
# derivation for the release
|
# derivation for the release
|
||||||
release-package =
|
release-package =
|
||||||
let
|
let
|
||||||
version = cargoToml.package.version;
|
version = cargoToml.package.version;
|
||||||
package = packages.rosenpass-static;
|
package =
|
||||||
oci-image = packages.rosenpass-static-oci-image;
|
if pkgs.hostPlatform.isLinux then
|
||||||
|
packages.rosenpass-static
|
||||||
|
else packages.rosenpass;
|
||||||
|
oci-image =
|
||||||
|
if pkgs.hostPlatform.isLinux then
|
||||||
|
packages.rosenpass-static-oci-image
|
||||||
|
else packages.rosenpass-oci-image;
|
||||||
in
|
in
|
||||||
pkgs.runCommandNoCC "lace-result" { }
|
pkgs.runCommandNoCC "lace-result" { }
|
||||||
''
|
''
|
||||||
@@ -151,7 +178,10 @@
|
|||||||
cp ${oci-image} \
|
cp ${oci-image} \
|
||||||
$out/rosenpass-oci-image-${system}-${version}.tar.gz
|
$out/rosenpass-oci-image-${system}-${version}.tar.gz
|
||||||
'';
|
'';
|
||||||
};
|
} // (if pkgs.stdenv.isLinux then rec {
|
||||||
|
rosenpass-static = rpDerivation pkgs.pkgsStatic;
|
||||||
|
rosenpass-static-oci-image = rosenpassOCI "rosenpass-static";
|
||||||
|
} else { });
|
||||||
}
|
}
|
||||||
))
|
))
|
||||||
|
|
||||||
|
|||||||
@@ -33,7 +33,7 @@ abstract: |
|
|||||||
Rosenpass inherits most security properties from Post-Quantum WireGuard (PQWG). The security properties mentioned here are covered by the symbolic analysis in the Rosenpass repository.
|
Rosenpass inherits most security properties from Post-Quantum WireGuard (PQWG). The security properties mentioned here are covered by the symbolic analysis in the Rosenpass repository.
|
||||||
|
|
||||||
## Secrecy
|
## Secrecy
|
||||||
Three key encapsulations using the keypairs `sski`/`spki`, `sskr`/`spkr`, and `eski`/`epki` provide secrecy (see Section \ref{variables} for an introduction of the variables). Their respective ciphertexts are called `scti`, `sctr`, and `ectr` and the resulting keys are called `spti`, `sptr`, `epti`. A single secure encapsulation is sufficient to provide secrecy. We use two different KEMs (Key Encapsulation Mechanisms; see section \ref{skem}): Kyber and Classic McEliece.
|
Three key encapsulations using the keypairs `sski`/`spki`, `sskr`/`spkr`, and `eski`/`epki` provide secrecy (see Section \ref{variables} for an introduction of the variables). Their respective ciphertexts are called `scti`, `sctr`, and `ectr` and the resulting keys are called `spti`, `sptr`, `epti`. A single secure encapsulation is sufficient to provide secrecy. We use two different KEMs (Key Encapsulation Methods; see section \ref{skem}): Kyber and Classic McEliece.
|
||||||
|
|
||||||
## Authenticity
|
## Authenticity
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user