chore: DOS protection and identity hiding symbolic models

Starting points for actually integrating these models in a
comprehensive, reliable way.

.ci/run-regression.sh

@@ -1,33 +0,0 @@
-#!/usr/bin/env bash
-
-iterations="$1"
-sleep_time="$2"
-
-PWD="$(pwd)"
-EXEC="$PWD/target/release/rosenpass"
-LOGS="$PWD/output/logs"
-
-mkdir -p "$LOGS"
-
-run_command() {
-  local file=$1
-  local log_file="$2"
-  ("$EXEC" exchange-config "$file" 2>&1 | tee -a "$log_file") &
-  echo $!
-}
-
-pids=()
-
-(cd output/dut && run_command "configs/dut-$iterations.toml" "$LOGS/dut.log")
-for (( x=0; x<iterations; x++ )); do
-  (cd output/ate && run_command "configs/ate-$x.toml" "$LOGS/ate-$x.log") & pids+=($!)
-done
-
-sleep "$sleep_time"
-
-lsof -i :9999 | awk 'NR!=1 {print $2}' | xargs kill
-
-for (( x=0; x<iterations; x++ )); do
-    port=$((x + 50000))
-    lsof -i :$port | awk 'NR!=1 {print $2}' | xargs kill
-done

.github/workflows/qc.yaml

@@ -110,12 +110,7 @@ jobs:
       - run: RUSTDOCFLAGS="-D warnings" cargo doc --no-deps --document-private-items
 
   cargo-test:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ubuntu-latest, macos-13]
-        # - ubuntu is x86-64
-        # - macos-13 is also x86-64 architecture
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - uses: actions/cache@v3
@@ -181,12 +176,8 @@ jobs:
           cargo fuzz run fuzz_handle_msg -- -max_total_time=5
           ulimit -s 8192000 && RUST_MIN_STACK=33554432000 && cargo fuzz run fuzz_kyber_encaps -- -max_total_time=5
           cargo fuzz run fuzz_mceliece_encaps -- -max_total_time=5
-          cargo fuzz run fuzz_box_secret_alloc_malloc -- -max_total_time=5
-          cargo fuzz run fuzz_box_secret_alloc_memfdsec -- -max_total_time=5
-          cargo fuzz run fuzz_box_secret_alloc_memfdsec_mallocfb -- -max_total_time=5
-          cargo fuzz run fuzz_vec_secret_alloc_malloc -- -max_total_time=5
-          cargo fuzz run fuzz_vec_secret_alloc_memfdsec -- -max_total_time=5
-          cargo fuzz run fuzz_vec_secret_alloc_memfdsec_mallocfb -- -max_total_time=5
+          cargo fuzz run fuzz_box_secret_alloc -- -max_total_time=5
+          cargo fuzz run fuzz_vec_secret_alloc -- -max_total_time=5
 
   codecov:
     runs-on: ubuntu-latest

.github/workflows/regressions.yml

@@ -1,21 +0,0 @@
-name: QC
-on:
-  pull_request:
-  push:
-    branches: [main]
-
-permissions:
-  checks: write
-  contents: read
-
-jobs:
-  multi-peer:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - run: cargo build --bin rosenpass --release
-      - run: python misc/generate_configs.py
-      - run: chmod +x .ci/run-regression.sh
-      - run: .ci/run-regression.sh 100 20
-      - run: |
-          [ $(ls -1 output/ate/out | wc -l) -eq 100 ]

.gitignore

@@ -20,5 +20,3 @@ _markdown_*
 **/result
 **/result-*
 .direnv
-
-/output

.mailmap

@@ -1 +0,0 @@
-Clara Engler <cve@cve.cx> <me@emilengler.com>

Cargo.toml

@@ -12,10 +12,14 @@ members = [
     "fuzz",
     "secret-memory",
     "rp",
-    "wireguard-broker",
+    "wireguard-broker"
 ]
 
-default-members = ["rosenpass", "rp", "wireguard-broker"]
+default-members = [
+    "rosenpass",
+    "rp",
+    "wireguard-broker",
+]
 
 [workspace.metadata.release]
 # ensure that adding `--package` as argument to `cargo release` still creates version tags in the form of `vx.y.z`
@@ -35,49 +39,40 @@ doc-comment = "0.3.3"
 base64ct = {version = "1.6.0", default-features=false}
 zeroize = "1.8.1"
 memoffset = "0.9.1"
-thiserror = "1.0.63"
+thiserror = "1.0.61"
 paste = "1.0.15"
 env_logger = "0.10.2"
 toml = "0.7.8"
 static_assertions = "1.1.0"
 allocator-api2 = "0.2.14"
-memsec = { git="https://github.com/rosenpass/memsec.git" ,rev="aceb9baee8aec6844125bd6612f92e9a281373df", features = [ "alloc_ext", ] }
+memsec = "0.6.3"
 rand = "0.8.5"
 typenum = "1.17.0"
-log = { version = "0.4.22" }
-clap = { version = "4.5.9", features = ["derive"] }
-serde = { version = "1.0.204", features = ["derive"] }
+log = { version = "0.4.21" }
+clap = { version = "4.5.6", features = ["derive"] }
+serde = { version = "1.0.203", features = ["derive"] }
 arbitrary = { version = "1.3.2", features = ["derive"] }
 anyhow = { version = "1.0.86", features = ["backtrace", "std"] }
 mio = { version = "0.8.11", features = ["net", "os-poll"] }
-oqs-sys = { version = "0.9.1", default-features = false, features = [
-    'classic_mceliece',
-    'kyber',
-] }
+oqs-sys = { version = "0.9.1", default-features = false, features = ['classic_mceliece', 'kyber']  }
 blake2 = "0.10.6"
-chacha20poly1305 = { version = "0.10.1", default-features = false, features = [
-    "std",
-    "heapless",
-] }
-zerocopy = { version = "0.7.35", features = ["derive"] }
+chacha20poly1305 = { version = "0.10.1", default-features = false, features = [ "std", "heapless" ] }
+zerocopy = { version = "0.7.34", features = ["derive"] }
 home = "0.5.9"
 derive_builder = "0.20.0"
 tokio = { version = "1.38", features = ["macros", "rt-multi-thread"] }
 postcard= {version = "1.0.8", features = ["alloc"]}
-libcrux = { version = "0.0.2-pre.2" }
 
 #Dev dependencies
 serial_test = "3.1.1"
-tempfile = "3"
+tempfile="3"
 stacker = "0.1.15"
 libfuzzer-sys = "0.4"
 test_bin = "0.4.0"
 criterion = "0.4.0"
 allocator-api2-tests = "0.2.15"
-procspawn = {version = "1.0.0", features= ["test-support"]}
-
 
 #Broker dependencies (might need cleanup or changes)
-wireguard-uapi = { version = "3.0.0", features = ["xplatform"] }
+wireguard-uapi = "3.0.0"
 command-fds = "0.2.3"
-rustix = { version = "0.38.27", features = ["net"] }
+rustix = { version = "0.38.27", features = ["net"] }

analysis/01_secrecy.entry.mpv

@@ -3,12 +3,33 @@
 #define SESSION_START_EVENTS 0
 #define RANDOMIZED_CALL_IDS 0
 
+
 #include "config.mpv"
 #include "prelude/basic.mpv"
 #include "crypto/key.mpv"
 #include "crypto/kem.mpv"
+
 #include "rosenpass/oracles.mpv"
 
+nounif v:seed_prec;   attacker(prepare_seed(trusted_seed( v )))/6217[hypothesis].
+nounif v:seed;        attacker(prepare_seed( v ))/6216[hypothesis].
+nounif v:seed;        attacker(rng_kem_sk( v ))/6215[hypothesis].
+nounif v:seed;        attacker(rng_key( v ))/6214[hypothesis].
+nounif v:key_prec;    attacker(prepare_key(trusted_key( v )))/6213[hypothesis].
+nounif v:kem_sk_prec; attacker(prepare_kem_sk(trusted_kem_sk( v )))/6212[hypothesis].
+nounif v:key;         attacker(prepare_key( v ))/6211[hypothesis].
+nounif v:kem_sk;      attacker(prepare_kem_sk( v ))/6210[hypothesis].
+nounif Spk:kem_sk_tmpl;
+  attacker(Creveal_kem_pk(Spk))/6110[conclusion].
+nounif sid:SessionId, Ssskm:kem_sk_tmpl, Spsk:key_tmpl, Sspkt:kem_sk_tmpl, Seski:seed_tmpl, Ssptr:seed_tmpl;
+  attacker(Cinitiator( *sid, *Ssskm, *Spsk, *Sspkt, *Seski, *Ssptr ))/6109[conclusion].
+nounif sid:SessionId, biscuit_no:Atom, Ssskm:kem_sk_tmpl, Spsk:key_tmpl, Sspkt:kem_sk_tmpl, Septi:seed_tmpl, Sspti:seed_tmpl, ih:InitHello_t;
+  attacker(Cinit_hello( *sid, *biscuit_no, *Ssskm, *Spsk, *Sspkt, *Septi, *Sspti, *ih ))/6108[conclusion].
+nounif rh:RespHello_t;
+  attacker(Cresp_hello( *rh ))/6107[conclusion].
+nounif Ssskm:kem_sk_tmpl, Spsk:key_tmpl, Sspkt:kem_sk_tmpl, ic:InitConf_t;
+  attacker(Cinit_conf( *Ssskm, *Spsk, *Sspkt, *ic ))/6106[conclusion].
+
 let main = rosenpass_main.
 
 @lemma "state coherence, initiator: Initiator accepting a RespHello message implies they also generated the associated InitHello message"

analysis/02_availability.entry.mpv

@@ -10,6 +10,26 @@
 
 let main = rosenpass_main.
 
+nounif v:seed_prec;   attacker(prepare_seed(trusted_seed( v )))/6217[hypothesis].
+nounif v:seed;        attacker(prepare_seed( v ))/6216[hypothesis].
+nounif v:seed;        attacker(rng_kem_sk( v ))/6215[hypothesis].
+nounif v:seed;        attacker(rng_key( v ))/6214[hypothesis].
+nounif v:key_prec;    attacker(prepare_key(trusted_key( v )))/6213[hypothesis].
+nounif v:kem_sk_prec; attacker(prepare_kem_sk(trusted_kem_sk( v )))/6212[hypothesis].
+nounif v:key;         attacker(prepare_key( v ))/6211[hypothesis].
+nounif v:kem_sk;      attacker(prepare_kem_sk( v ))/6210[hypothesis].
+nounif Spk:kem_sk_tmpl;
+  attacker(Creveal_kem_pk(Spk))/6110[conclusion].
+nounif sid:SessionId, Ssskm:kem_sk_tmpl, Spsk:key_tmpl, Sspkt:kem_sk_tmpl, Seski:seed_tmpl, Ssptr:seed_tmpl;
+  attacker(Cinitiator( *sid, *Ssskm, *Spsk, *Sspkt, *Seski, *Ssptr ))/6109[conclusion].
+nounif sid:SessionId, biscuit_no:Atom, Ssskm:kem_sk_tmpl, Spsk:key_tmpl, Sspkt:kem_sk_tmpl, Septi:seed_tmpl, Sspti:seed_tmpl, ih:InitHello_t;
+  attacker(Cinit_hello( *sid, *biscuit_no, *Ssskm, *Spsk, *Sspkt, *Septi, *Sspti, *ih ))/6108[conclusion].
+nounif rh:RespHello_t;
+  attacker(Cresp_hello( *rh ))/6107[conclusion].
+nounif Ssskm:kem_sk_tmpl, Spsk:key_tmpl, Sspkt:kem_sk_tmpl, ic:InitConf_t;
+  attacker(Cinit_conf( *Ssskm, *Spsk, *Sspkt, *ic ))/6106[conclusion].
+
+
 @lemma "non-interruptability: Adv cannot prevent a genuine InitHello message from being accepted"
 lemma ih:InitHello_t, psk:key, sski:kem_sk, sskr:kem_sk;
   event(IHRjct(ih, psk, sskr, kem_pub(sski)))

analysis/config.mpv

@@ -88,6 +88,18 @@ set verboseCompleted=VERBOSE.
 #define SES_EV(...)
 #endif
 
+#if COOKIE_EVENTS
+#define COOKIE_EV(...) __VA_ARGS__
+#else
+#define COOKIE_EV(...)
+#endif
+
+#if KEM_EVENTS
+#define KEM_EV(...) __VA_ARGS__
+#else
+#define KEM_EV(...)
+#endif
+
 
 (* TODO: Authentication timing properties *)
 (* TODO: Proof that every adversary submitted package is equivalent to one generated by the proper algorithm using different coins. This probably requires introducing an oracle that extracts the coins used and explicitly adding the notion of coins used for Packet->Packet steps and an inductive RNG notion. *)

analysis/rosenpass/oracles.mpv

@@ -41,23 +41,32 @@ restriction s:seed, p1:Atom, p2:Atom, ad1:Atom, ad2:Atom;
   event(ConsumeSeed(p1, s, ad1)) && event(ConsumeSeed(p2, s, ad2))
     ==> p1 = p2 && ad1 = ad2.
 
+letfun create_mac2(k:key, msg:bits) = prf(k,msg).
+
 #include "rosenpass/responder.macro"
 fun Cinit_conf(kem_sk_tmpl, key_tmpl, kem_pk_tmpl, InitConf_t) : Atom [data].
 CK_EV(  event OskOinit_conf(key, key). )
 MTX_EV( event ICRjct(InitConf_t, key, kem_sk, kem_pk). )
 SES_EV( event ResponderSession(InitConf_t, key). )
-event ConsumeBiscuit(Atom, kem_sk, kem_pk, Atom).
-let Oinit_conf() = 
-  in(C, Cinit_conf(Ssskm, Spsk, Sspkt, ic));
-#if RANDOMIZED_CALL_IDS
-  new call:Atom;
-#else
-  call <- Cinit_conf(Ssskm, Spsk, Sspkt, ic);
+KEM_EV(event Oinit_conf_KemUse(SessionId, SessionId, Atom).)
+#ifdef KEM_EVENTS
+  restriction sidi:SessionId, sidr:SessionId, ad1:Atom, ad2:Atom;
+    event(Oinit_conf_KemUse(sidi, sidr, ad1)) && event(Oinit_conf_KemUse(sidi, sidr, ad2))
+      ==> ad1 = ad2.
 #endif
+event ConsumeBiscuit(Atom, kem_sk, kem_pk, Atom).
+
+fun Ccookie(key, bits) : Atom[data].
+
+let Oinit_conf_inner(Ssskm:kem_sk_tmpl, Spsk:key_tmpl, Sspkt:kem_sk_tmpl, ic:InitConf_t, call:Atom) =
+
   SETUP_HANDSHAKE_STATE()
+
   eski <- kem_sk0;
   epki <- kem_pk0;
   let try_ = (
+    let InitConf(sidi, sidr, biscuit, auth) = ic in 
+    KEM_EV(event Oinit_conf_KemUse(sidi, sidr, call);)
     INITCONF_CONSUME()
     event ConsumeBiscuit(biscuit_no, sskm, spkt, call);
     CK_EV(  event OskOinit_conf(ck_rh, osk); )
@@ -72,11 +81,21 @@ let Oinit_conf() =
     0
 #endif
   ).
+  
+let Oinit_conf() = 
+
+  in(C, Cinit_conf(Ssskm, Spsk, Sspkt, ic));
+  #if RANDOMIZED_CALL_IDS
+    new call:Atom;
+  #else
+    call <- Cinit_conf(Ssskm, Spsk, Sspkt, ic);
+  #endif
+
+  Oinit_conf_inner(Ssskm, Spsk, Sspkt, ic, call).
 
 restriction biscuit_no:Atom, sskm:kem_sk, spkr:kem_pk, ad1:Atom, ad2:Atom;
   event(ConsumeBiscuit(biscuit_no, sskm, spkr, ad1)) && event(ConsumeBiscuit(biscuit_no, sskm, spkr, ad2))
     ==> ad1 = ad2.
-
 // TODO: Restriction biscuit no invalidation
 
 #include "rosenpass/initiator.macro"
@@ -85,27 +104,56 @@ CK_EV(  event OskOresp_hello(key, key, key). )
 MTX_EV( event RHRjct(RespHello_t, key, kem_sk, kem_pk). )
 MTX_EV( event ICSent(RespHello_t, InitConf_t, key, kem_sk, kem_pk). )
 SES_EV( event InitiatorSession(RespHello_t, key). )
-let Oresp_hello(HS_DECL_ARGS) =
-  in(C, Cresp_hello(RespHello(sidr, =sidi, ecti, scti, biscuit, auth)));
-  rh <- RespHello(sidr, sidi, ecti, scti, biscuit, auth);
-  /* try */ let ic = (
-    ck_ini <- ck;
-    RESPHELLO_CONSUME()
-    ck_ih <- ck;
-    INITCONF_PRODUCE()
-    CK_EV (event OskOresp_hello(ck_ini, ck_ih, osk); ) // TODO: Queries testing that there is no duplication
-    MTX_EV( event ICSent(rh, ic, psk, sski, spkr); )
-    SES_EV( event InitiatorSession(rh, osk); )
-    ic
-  /* success */ ) in (
-    out(C, ic)
-  /* fail */ ) else (
-#if MESSAGE_TRANSMISSION_EVENTS
-    event RHRjct(rh, psk, sski, spkr)
-#else
-    0
+
+KEM_EV(event Oresp_hello_KemUse(SessionId, SessionId, Atom).)
+#ifdef KEM_EVENTS
+restriction sidi:SessionId, sidr:SessionId, ad1:Atom, ad2:Atom;
+  event(Oresp_hello_KemUse(sidi, sidr, ad1)) && event(Oresp_hello_KemUse(sidi, sidr, ad2))
+    ==> ad1 = ad2.
+#endif
+
+#ifdef COOKIE_EVENTS
+COOKIE_EVENTS(Oresp_hello)
+#endif
+let Oresp_hello(HS_DECL_ARGS, C_in:channel, call:Atom) =
+  in(C_in, Cresp_hello(RespHello(sidr, =sidi, ecti, scti, biscuit, auth)));
+  in(C_in, mac2_key:key);
+  rh <- RespHello(sidr, sidi, ecti, scti, biscuit, auth);
+  #ifdef COOKIE_EVENTS
+    msg <- RH2b(rh);
+
+    COOKIE_PROCESS(Oresp_hello,
+  #endif
+    /* try */ let ic = (
+      ck_ini <- ck;
+      KEM_EV(event Oresp_hello_KemUse(sidi, sidr, call);)
+      RESPHELLO_CONSUME()
+      ck_ih <- ck;
+      INITCONF_PRODUCE()
+      CK_EV (event OskOresp_hello(ck_ini, ck_ih, osk); ) // TODO: Queries testing that there is no duplication
+      MTX_EV( event ICSent(rh, ic, psk, sski, spkr); )
+      SES_EV( event InitiatorSession(rh, osk); )
+      ic
+    /* success */ ) in (
+      icbits <- IC2b(ic);
+      mac <- create_mac(spkt, icbits);
+      mac2 <- create_mac2(mac2_key, mac_envelope2b(mac));
+      out(C_in, ic);
+      out(C_in, mac);
+      out(C_in, mac2)
+
+    /* fail */ ) else (
+  #if MESSAGE_TRANSMISSION_EVENTS
+      event RHRjct(rh, psk, sski, spkr)
+  #else
+      0
+  #endif
+    )
+#ifdef COOKIE_EVENTS
+  )
+#else
+  .
 #endif
-  ).
 
 // TODO: Restriction: Biscuit no invalidation
 
@@ -116,24 +164,33 @@ MTX_EV( event IHRjct(InitHello_t, key, kem_sk, kem_pk). )
 MTX_EV( event RHSent(InitHello_t, RespHello_t, key, kem_sk, kem_pk). )
 event ConsumeSidr(SessionId, Atom).
 event ConsumeBn(Atom, kem_sk, kem_pk, Atom).
-let Oinit_hello() = 
-  in(C, Cinit_hello(sidr, biscuit_no, Ssskm, Spsk, Sspkt, Septi, Sspti, ih));
-#if RANDOMIZED_CALL_IDS
-  new call:Atom;
-#else
-  call <- Cinit_hello(sidr, biscuit_no, Ssskm, Spsk, Sspkt, Septi, Sspti, ih);
+KEM_EV(event Oinit_hello_KemUse(SessionId, SessionId, Atom).)
+
+#ifdef KEM_EVENTS
+restriction sidi:SessionId, sidr:SessionId, ad1:Atom, ad2:Atom;
+  event(Oinit_hello_KemUse(sidi, sidr, ad1)) && event(Oinit_hello_KemUse(sidi, sidr, ad2))
+    ==> ad1 = ad2.
 #endif
+
+let Oinit_hello_inner(sidm:SessionId, biscuit_no:Atom, Ssskm:kem_sk_tmpl, Spsk:key_tmpl, Sspkt: kem_sk_tmpl, Septi: seed_tmpl, Sspti: seed_tmpl, ih: InitHello_t, mac2_key:key, C_out:channel, call:Atom) = 
   // TODO: This is ugly
   let InitHello(sidi, epki, sctr, pidiC, auth) = ih in
+
   SETUP_HANDSHAKE_STATE()
+
   eski <- kem_sk0;
-  epti <- rng_key(setup_seed(Septi)); // RHR4
-  spti <- rng_key(setup_seed(Sspti)); // RHR5
+
   event ConsumeBn(biscuit_no, sskm, spkt, call);
   event ConsumeSidr(sidr, call);
+
+  epti <- rng_key(setup_seed(Septi)); // RHR4
+  spti <- rng_key(setup_seed(Sspti)); // RHR5
   event ConsumeSeed(Epti, setup_seed(Septi), call);
   event ConsumeSeed(Spti, setup_seed(Sspti), call);
+  // out(C_out, spkt);
+
   let rh = (
+    KEM_EV(event Oinit_hello_KemUse(sidi, sidr, call);)
     INITHELLO_CONSUME()
     ck_ini <- ck;
     RESPHELLO_PRODUCE()
@@ -141,7 +198,14 @@ let Oinit_hello() =
     MTX_EV( event RHSent(ih, rh, psk, sskr, spki); )
     rh
   /* success */ ) in (
-    out(C, rh)
+    rhbits <- RH2b(rh);
+    mac <- create_mac(spkt, rhbits);
+    
+    out(C_out, rh);
+    out(C_out, mac);
+    mac2 <- create_mac2(mac2_key, mac_envelope2b(mac));
+    out(C_out, mac2)
+
   /* fail */ ) else (
 #if MESSAGE_TRANSMISSION_EVENTS
     event IHRjct(ih, psk, sskr, spki)
@@ -150,6 +214,18 @@ let Oinit_hello() =
 #endif
   ).
 
+let Oinit_hello() = 
+  in(C, Cinit_hello(sidr, biscuit_no, Ssskm, Spsk, Sspkt, Septi, Sspti, ih));
+  in(C, mac2_key:key);
+
+  #if RANDOMIZED_CALL_IDS
+    new call:Atom;
+  #else
+    call <- Cinit_hello(sidr, biscuit_no, Ssskm, Spsk, Sspkt, Septi, Sspti, ih);
+  #endif
+
+  Oinit_hello_inner(sidr, biscuit_no, Ssskm, Spsk, Sspkt, Septi, Sspti, ih, mac2_key, C, call).
+
 restriction sid:SessionId, ad1:Atom, ad2:Atom;
   event(ConsumeSidr(sid, ad1)) && event(ConsumeSidr(sid, ad2))
     ==> ad1 = ad2.
@@ -166,27 +242,55 @@ fun Cinitiator(SessionId, kem_sk_tmpl, key_tmpl, kem_pk_tmpl, seed_tmpl, seed_tm
 CK_EV( event OskOinitiator_ck(key). )
 CK_EV( event OskOinitiator(key, key, kem_sk, kem_pk, key). )
 MTX_EV( event IHSent(InitHello_t, key, kem_sk, kem_pk). )
-event ConsumeSidi(SessionId, Atom).
-let Oinitiator() =
-  in(C, Cinitiator(sidi, Ssskm, Spsk, Sspkt, Seski, Ssptr));
-#if RANDOMIZED_CALL_IDS
-  new call:Atom;
-#else
-  call <- Cinitiator(sidi, Ssskm, Spsk, Sspkt, Seski, Ssptr);
+KEM_EV(event Oinitiator_inner_KemUse(SessionId, SessionId, Atom).)
+
+#ifdef KEM_EVENTS
+restriction sidi:SessionId, sidr:SessionId, ad1:Atom, ad2:Atom;
+  event(Oinitiator_inner_KemUse(sidi, sidr, ad1)) && event(Oinitiator_inner_KemUse(sidi, sidr, ad2))
+    ==> ad1 = ad2.
 #endif
-  SETUP_HANDSHAKE_STATE()
-  RNG_KEM_PAIR(eski, epki, Seski) // IHI3
-  sidr <- sid0;
-  sptr <- rng_key(setup_seed(Ssptr)); // IHI5
-  event ConsumeSidi(sidi, call);
-  event ConsumeSeed(Sptr, setup_seed(Ssptr), call);
-  event ConsumeSeed(Eski, setup_seed(Seski), call);
-  INITHELLO_PRODUCE()
-  CK_EV( event OskOinitiator_ck(ck); ) 
-  CK_EV( event OskOinitiator(ck, psk, sski, spkr, sptr); )
-  MTX_EV( event IHSent(ih, psk, sski, spkr); )
-  out(C, ih);
-  Oresp_hello(HS_PASS_ARGS).
+event ConsumeSidi(SessionId, Atom).
+
+let Oinitiator_inner(sidi: SessionId, Ssskm: kem_sk_tmpl, Spsk: key_tmpl, Sspkt: kem_sk_tmpl, Seski: seed_tmpl, Ssptr: seed_tmpl, last_cookie:key, C_out:channel, call:Atom) =
+
+    SETUP_HANDSHAKE_STATE()
+    sidr <- sid0;
+
+    KEM_EV(event Oinitiator_inner_KemUse(sidi, sidr, call);)
+
+    RNG_KEM_PAIR(eski, epki, Seski) // IHI3
+    sptr <- rng_key(setup_seed(Ssptr)); // IHI5
+    event ConsumeSidi(sidi, call);
+    event ConsumeSeed(Sptr, setup_seed(Ssptr), call);
+    event ConsumeSeed(Eski, setup_seed(Seski), call);
+
+    INITHELLO_PRODUCE()
+    CK_EV( event OskOinitiator_ck(ck); ) 
+    CK_EV( event OskOinitiator(ck, psk, sski, spkr, sptr); )
+    MTX_EV( event IHSent(ih, psk, sski, spkr); )
+  
+    out(C_out, ih);
+    ihbits <- IH2b(ih);
+    mac <- create_mac(spkt, ihbits);
+    out(C_out, mac);
+    mac2 <- create_mac2(last_cookie, mac_envelope2b(mac));
+    out(C_out, mac2);
+
+    Oresp_hello(HS_PASS_ARGS, C_out, call).
+
+let Oinitiator() =
+
+  in(C, Cinitiator(sidi, Ssskm, Spsk, Sspkt, Seski, Ssptr));
+
+  #if RANDOMIZED_CALL_IDS
+    new call:Atom;
+  #else
+    call <- Cinitiator(sidi, Ssskm, Spsk, Sspkt, Seski, Ssptr);
+  #endif
+
+  in(C, last_cookie:key);
+  Oinitiator_inner(sidi, Ssskm, Spsk, Sspkt, Seski, Ssptr, last_cookie, C, call).
+
 
 restriction sid:SessionId, ad1:Atom, ad2:Atom;
   event(ConsumeSidi(sid, ad1)) && event(ConsumeSidi(sid, ad2))
@@ -207,21 +311,3 @@ let rosenpass_main() = 0
   | REP(RESPONDER_BOUND, Oinit_hello)
   | REP(RESPONDER_BOUND, Oinit_conf).
 
-nounif v:seed_prec;   attacker(prepare_seed(trusted_seed( v )))/6217[hypothesis].
-nounif v:seed;        attacker(prepare_seed( v ))/6216[hypothesis].
-nounif v:seed;        attacker(rng_kem_sk( v ))/6215[hypothesis].
-nounif v:seed;        attacker(rng_key( v ))/6214[hypothesis].
-nounif v:key_prec;    attacker(prepare_key(trusted_key( v )))/6213[hypothesis].
-nounif v:kem_sk_prec; attacker(prepare_kem_sk(trusted_kem_sk( v )))/6212[hypothesis].
-nounif v:key;         attacker(prepare_key( v ))/6211[hypothesis].
-nounif v:kem_sk;      attacker(prepare_kem_sk( v ))/6210[hypothesis].
-nounif Spk:kem_sk_tmpl;
-  attacker(Creveal_kem_pk(Spk))/6110[conclusion].
-nounif sid:SessionId, Ssskm:kem_sk_tmpl, Spsk:key_tmpl, Sspkt:kem_sk_tmpl, Seski:seed_tmpl, Ssptr:seed_tmpl;
-  attacker(Cinitiator( *sid, *Ssskm, *Spsk, *Sspkt, *Seski, *Ssptr ))/6109[conclusion].
-nounif sid:SessionId, biscuit_no:Atom, Ssskm:kem_sk_tmpl, Spsk:key_tmpl, Sspkt:kem_sk_tmpl, Septi:seed_tmpl, Sspti:seed_tmpl, ih:InitHello_t;
-  attacker(Cinit_hello( *sid, *biscuit_no, *Ssskm, *Spsk, *Sspkt, *Septi, *Sspti, *ih ))/6108[conclusion].
-nounif rh:RespHello_t;
-  attacker(Cresp_hello( *rh ))/6107[conclusion].
-nounif Ssskm:kem_sk_tmpl, Spsk:key_tmpl, Sspkt:kem_sk_tmpl, ic:InitConf_t;
-  attacker(Cinit_conf( *Ssskm, *Spsk, *Sspkt, *ic ))/6106[conclusion].

analysis/rosenpass/protocol.mpv

@@ -2,6 +2,26 @@
 #include "crypto/kem.mpv"
 #include "rosenpass/handshake_state.mpv"
 
+fun Envelope(
+  key,
+  bits
+): bits [data].
+
+type mac_envelope_t.
+fun mac_envelope(
+  key,
+  bits
+) : mac_envelope_t.
+
+fun mac_envelope2b(mac_envelope_t) : bits [typeConverter].
+
+letfun create_mac(pk:kem_pk, payload:bits) = mac_envelope(lprf2(MAC, kem_pk2b(pk), payload), payload).
+
+fun mac_envelope_pk_test(mac_envelope_t, kem_pk) : bool
+  reduc forall pk:kem_pk, b:bits;
+    mac_envelope_pk_test(mac_envelope(prf(prf(prf(prf(key0,PROTOCOL),MAC),kem_pk2b(pk)),
+        b), b), pk) = true.
+
 type InitHello_t.
 fun InitHello(
   SessionId, // sidi
@@ -11,6 +31,8 @@ fun InitHello(
   bits       // auth
 ) : InitHello_t [data].
 
+fun IH2b(InitHello_t) : bitstring [typeConverter].
+
 #define INITHELLO_PRODUCE()       \
   ck <- lprf1(CK_INIT, kem_pk2b(spkr)); /* IHI1 */ \
   /* not handled here */                /* IHI2 */ \
@@ -41,7 +63,9 @@ fun RespHello(
     bits       // auth
 ) : RespHello_t [data].
 
-#define RESPHELLO_PRODUCE()                   \
+fun RH2b(RespHello_t) : bitstring [typeConverter].
+
+#define RESPHELLO_PRODUCE()  \
   /* not handled here */           /* RHR1 */ \
   MIX2(sid2b(sidr), sid2b(sidi))   /* RHR3 */ \
   ENCAPS_AND_MIX(ecti, epki, epti) /* RHR4 */ \
@@ -67,13 +91,14 @@ fun InitConf(
     bits       // auth
 ) : InitConf_t [data].
 
+fun IC2b(InitConf_t) : bitstring [typeConverter].
+
 #define INITCONF_PRODUCE()                  \
   MIX2(sid2b(sidi), sid2b(sidr)) /* ICI3 */ \
   ENCRYPT_AND_MIX(auth, empty)   /* ICI4 */ \
   ic <- InitConf(sidi, sidr, biscuit, auth);
 
 #define INITCONF_CONSUME()                        \
-  let InitConf(sidi, sidr, biscuit, auth) = ic in \
   LOAD_BISCUIT(biscuit_no, biscuit)   /* ICR1 */    \
   ENCRYPT_AND_MIX(rh_auth, empty)     /* ICIR */    \
   ck_rh <- ck;                        /* ---- */ /* TODO: Move into oracles.mpv */ \

ciphers/Cargo.toml

@@ -9,9 +9,6 @@ homepage = "https://rosenpass.eu/"
 repository = "https://github.com/rosenpass/rosenpass"
 readme = "readme.md"
 
-[features]
-experiment_libcrux = ["dep:libcrux"]
-
 [dependencies]
 anyhow = { workspace = true }
 rosenpass-to = { workspace = true }
@@ -23,4 +20,3 @@ static_assertions = { workspace = true }
 zeroize = { workspace = true }
 chacha20poly1305 = { workspace = true }
 blake2 = { workspace = true }
-libcrux = { workspace = true, optional = true } 

ciphers/src/lib.rs

@@ -9,9 +9,6 @@ const_assert!(KEY_LEN == hash_domain::KEY_LEN);
 
 /// Authenticated encryption with associated data
 pub mod aead {
-    #[cfg(not(feature = "libcrux"))]
-    pub use crate::subtle::chacha20poly1305_ietf::{decrypt, encrypt, KEY_LEN, NONCE_LEN, TAG_LEN};
-    #[cfg(feature = "libcrux")]
     pub use crate::subtle::chacha20poly1305_ietf::{decrypt, encrypt, KEY_LEN, NONCE_LEN, TAG_LEN};
 }
 

ciphers/src/subtle/chacha20poly1305_ietf_libcrux.rs

@@ -1,60 +0,0 @@
-use rosenpass_to::ops::copy_slice;
-use rosenpass_to::To;
-
-use zeroize::Zeroize;
-
-pub const KEY_LEN: usize = 32; // Grrrr! Libcrux, please provide me these constants.
-pub const TAG_LEN: usize = 16;
-pub const NONCE_LEN: usize = 12;
-
-#[inline]
-pub fn encrypt(
-    ciphertext: &mut [u8],
-    key: &[u8],
-    nonce: &[u8],
-    ad: &[u8],
-    plaintext: &[u8],
-) -> anyhow::Result<()> {
-    let (ciphertext, mac) = ciphertext.split_at_mut(ciphertext.len() - TAG_LEN);
-
-    use libcrux::aead as C;
-    let crux_key = C::Key::Chacha20Poly1305(C::Chacha20Key(key.try_into().unwrap()));
-    let crux_iv = C::Iv(nonce.try_into().unwrap());
-
-    copy_slice(plaintext).to(ciphertext);
-    let crux_tag = libcrux::aead::encrypt(&crux_key, ciphertext, crux_iv, ad).unwrap();
-    copy_slice(crux_tag.as_ref()).to(mac);
-
-    match crux_key {
-        C::Key::Chacha20Poly1305(mut k) => k.0.zeroize(),
-        _ => panic!(),
-    }
-
-    Ok(())
-}
-
-#[inline]
-pub fn decrypt(
-    plaintext: &mut [u8],
-    key: &[u8],
-    nonce: &[u8],
-    ad: &[u8],
-    ciphertext: &[u8],
-) -> anyhow::Result<()> {
-    let (ciphertext, mac) = ciphertext.split_at(ciphertext.len() - TAG_LEN);
-
-    use libcrux::aead as C;
-    let crux_key = C::Key::Chacha20Poly1305(C::Chacha20Key(key.try_into().unwrap()));
-    let crux_iv = C::Iv(nonce.try_into().unwrap());
-    let crux_tag = C::Tag::from_slice(mac).unwrap();
-
-    copy_slice(ciphertext).to(plaintext);
-    libcrux::aead::decrypt(&crux_key, plaintext, crux_iv, ad, &crux_tag).unwrap();
-
-    match crux_key {
-        C::Key::Chacha20Poly1305(mut k) => k.0.zeroize(),
-        _ => panic!(),
-    }
-
-    Ok(())
-}

ciphers/src/subtle/mod.rs

@@ -1,7 +1,4 @@
 pub mod blake2b;
-#[cfg(not(feature = "libcrux"))]
 pub mod chacha20poly1305_ietf;
-#[cfg(feature = "libcrux")]
-pub mod chacha20poly1305_ietf_libcrux;
 pub mod incorrect_hmac_blake2b;
 pub mod xchacha20poly1305_ietf;

doc/rosenpass.1

@@ -108,7 +108,7 @@ Rosenpass was created by Karolin Varner, Benjamin Lipp, Wanja Zaeske,
 Marei Peischl, Stephan Ajuvo, and Lisa Schmidt.
 .Pp
 This manual page was written by
-.An Clara Engler
+.An Emil Engler
 .Sh BUGS
 The bugs are tracked at
 .Lk https://github.com/rosenpass/rosenpass/issues .

doc/rp.1

@@ -113,7 +113,7 @@ Rosenpass was created by Karolin Varner, Benjamin Lipp, Wanja Zaeske,
 Marei Peischl, Stephan Ajuvo, and Lisa Schmidt.
 .Pp
 This manual page was written by
-.An Clara Engler
+.An Emil Engler
 .Sh BUGS
 The bugs are tracked at
 .Lk https://github.com/rosenpass/rosenpass/issues .

fuzz/Cargo.toml

@@ -4,9 +4,6 @@ version = "0.0.1"
 publish = false
 edition = "2021"
 
-[features]
-experiment_libcrux = ["rosenpass-ciphers/experiment_libcrux"]
-
 [package.metadata]
 cargo-fuzz = true
 
@@ -51,37 +48,13 @@ test = false
 doc = false
 
 [[bin]]
-name = "fuzz_box_secret_alloc_malloc"
-path = "fuzz_targets/box_secret_alloc_malloc.rs"
+name = "fuzz_box_secret_alloc"
+path = "fuzz_targets/box_secret_alloc.rs"
 test = false
 doc = false
 
 [[bin]]
-name = "fuzz_vec_secret_alloc_malloc"
-path = "fuzz_targets/vec_secret_alloc_malloc.rs"
-test = false
-doc = false
-
-[[bin]]
-name = "fuzz_box_secret_alloc_memfdsec"
-path = "fuzz_targets/box_secret_alloc_memfdsec.rs"
-test = false
-doc = false
-
-[[bin]]
-name = "fuzz_vec_secret_alloc_memfdsec"
-path = "fuzz_targets/vec_secret_alloc_memfdsec.rs"
-test = false
-doc = false
-
-[[bin]]
-name = "fuzz_box_secret_alloc_memfdsec_mallocfb"
-path = "fuzz_targets/box_secret_alloc_memfdsec_mallocfb.rs"
-test = false
-doc = false
-
-[[bin]]
-name = "fuzz_vec_secret_alloc_memfdsec_mallocfb"
-path = "fuzz_targets/vec_secret_alloc_memfdsec_mallocfb.rs"
+name = "fuzz_vec_secret_alloc"
+path = "fuzz_targets/vec_secret_alloc.rs"
 test = false
 doc = false

fuzz/fuzz_targets/box_secret_alloc.rs

@@ -2,12 +2,7 @@
 
 use libfuzzer_sys::fuzz_target;
 use rosenpass_secret_memory::alloc::secret_box;
-use rosenpass_secret_memory::policy::*;
-use std::sync::Once;
-
-static ONCE: Once = Once::new();
 
 fuzz_target!(|data: &[u8]| {
-    ONCE.call_once(secret_policy_try_use_memfd_secrets);
     let _ = secret_box(data);
 });

fuzz/fuzz_targets/box_secret_alloc_malloc.rs

@@ -1,12 +0,0 @@
-#![no_main]
-
-use libfuzzer_sys::fuzz_target;
-use rosenpass_secret_memory::alloc::secret_box;
-use rosenpass_secret_memory::policy::*;
-use std::sync::Once;
-static ONCE: Once = Once::new();
-
-fuzz_target!(|data: &[u8]| {
-    ONCE.call_once(secret_policy_use_only_malloc_secrets);
-    let _ = secret_box(data);
-});

fuzz/fuzz_targets/box_secret_alloc_memfdsec.rs

@@ -1,13 +0,0 @@
-#![no_main]
-
-use libfuzzer_sys::fuzz_target;
-use rosenpass_secret_memory::alloc::secret_box;
-use rosenpass_secret_memory::policy::*;
-use std::sync::Once;
-
-static ONCE: Once = Once::new();
-
-fuzz_target!(|data: &[u8]| {
-    ONCE.call_once(secret_policy_use_only_memfd_secrets);
-    let _ = secret_box(data);
-});

fuzz/fuzz_targets/handle_msg.rs

@@ -6,15 +6,11 @@ use libfuzzer_sys::fuzz_target;
 use rosenpass::protocol::CryptoServer;
 use rosenpass_cipher_traits::Kem;
 use rosenpass_ciphers::kem::StaticKem;
-use rosenpass_secret_memory::policy::*;
-use rosenpass_secret_memory::{PublicBox, Secret};
-use std::sync::Once;
+use rosenpass_secret_memory::Secret;
 
-static ONCE: Once = Once::new();
 fuzz_target!(|rx_buf: &[u8]| {
-    ONCE.call_once(secret_policy_use_only_malloc_secrets);
     let sk = Secret::from_slice(&[0; StaticKem::SK_LEN]);
-    let pk = PublicBox::from_slice(&[0; StaticKem::PK_LEN]);
+    let pk = Secret::from_slice(&[0; StaticKem::PK_LEN]);
 
     let mut cs = CryptoServer::new(sk, pk);
     let mut tx_buf = [0; 10240];

fuzz/fuzz_targets/kyber_encaps.rs

@@ -14,7 +14,7 @@ pub struct Input {
 
 fuzz_target!(|input: Input| {
     let mut ciphertext = [0u8; EphemeralKem::CT_LEN];
-    let mut shared_secret = [0u8; EphemeralKem::SHK_LEN];
+    let mut shared_secret = [0u8; EphemeralKem::SK_LEN];
 
     EphemeralKem::encaps(&mut shared_secret, &mut ciphertext, &input.pk).unwrap();
 });

fuzz/fuzz_targets/vec_secret_alloc.rs

@@ -1,15 +1,9 @@
 #![no_main]
 
-use std::sync::Once;
-
 use libfuzzer_sys::fuzz_target;
 use rosenpass_secret_memory::alloc::secret_vec;
-use rosenpass_secret_memory::policy::*;
-
-static ONCE: Once = Once::new();
 
 fuzz_target!(|data: &[u8]| {
-    ONCE.call_once(secret_policy_try_use_memfd_secrets);
     let mut vec = secret_vec();
     vec.extend_from_slice(data);
 });

fuzz/fuzz_targets/vec_secret_alloc_malloc.rs

@@ -1,15 +0,0 @@
-#![no_main]
-
-use std::sync::Once;
-
-use libfuzzer_sys::fuzz_target;
-use rosenpass_secret_memory::alloc::secret_vec;
-use rosenpass_secret_memory::policy::*;
-
-static ONCE: Once = Once::new();
-
-fuzz_target!(|data: &[u8]| {
-    ONCE.call_once(secret_policy_use_only_malloc_secrets);
-    let mut vec = secret_vec();
-    vec.extend_from_slice(data);
-});

fuzz/fuzz_targets/vec_secret_alloc_memfdsec.rs

@@ -1,15 +0,0 @@
-#![no_main]
-
-use std::sync::Once;
-
-use libfuzzer_sys::fuzz_target;
-use rosenpass_secret_memory::alloc::secret_vec;
-use rosenpass_secret_memory::policy::*;
-
-static ONCE: Once = Once::new();
-
-fuzz_target!(|data: &[u8]| {
-    ONCE.call_once(secret_policy_use_only_memfd_secrets);
-    let mut vec = secret_vec();
-    vec.extend_from_slice(data);
-});

misc/README.md

@@ -1,40 +0,0 @@
-# Additional files
-
-This folder contains additional files that are used in the project.
-
-## `generate_configs.py`
-
-The script is used to generate configuration files for a benchmark setup
-consisting of a device under testing (DUT) and automatic test equipment (ATE),
-basically a strong machine capable of running multiple Rosenpass instances at
-once.
-
-At the top of the script multiple variables can be set to configure the DUT IP
-address and more. Once configured you may run `python3 generate_configs.py` to
-create the configuration files.
-
-A new folder called `output/` is created containing the subfolder `dut/` and
-`ate/`. The former has to be copied on the DUT, ideally reproducible hardware
-like a Raspberry Pi, while the latter is copied to the ATE, i.e. a laptop.
-
-### Running a benchmark
-
-On the ATE a run script is required since multiple instances of `rosenpass` are
-started with different configurations in parallel. The scripts are named after
-the number of instances they start, e.g. `run-50.sh` starts 50 instances.
-
-```shell
-# on the ATE aka laptop
-cd output/ate
-./run-10.sh
-```
-
-On the DUT you start a single Rosenpass instance with the configuration matching
-the ATE number of peers.
-
-```shell
-# on the DUT aka Raspberry Pi
-rosenpass exchange-config configs/dut-10.toml
-```
-
-Use whatever measurement tool you like to monitor the DUT and ATE.

misc/generate_configs.py

@@ -1,105 +0,0 @@
-from pathlib import Path
-from subprocess import run
-import os
-
-config = dict(
-    peer_counts=[1, 5, 10, 50, 100, 500],
-    peer_count_max=100,
-    ate_ip="127.0.0.1",
-    dut_ip="127.0.0.1",
-    dut_port=9999,
-    path_to_rosenpass_bin=os.getcwd() + "/target/release/rosenpass",
-)
-
-print(config)
-
-output_dir = Path("output")
-output_dir.mkdir(exist_ok=True)
-
-template_dut = """
-public_key = "keys/dut-public-key"
-secret_key = "keys/dut-secret-key"
-listen = ["{dut_ip}:{dut_port}"]
-verbosity = "Quiet"
-"""
-template_dut_peer = """
-[[peers]] # ATE-{i}
-public_key = "keys/ate-{i}-public-key"
-endpoint = "{ate_ip}:{ate_port}"
-key_out = "out/key_out_{i}"
-"""
-
-template_ate = """
-public_key = "keys/ate-{i}-public-key"
-secret_key = "keys/ate-{i}-secret-key"
-listen = ["{ate_ip}:{ate_port}"]
-verbosity = "Quiet"
-
-[[peers]] # DUT
-public_key = "keys/dut-public-key"
-endpoint = "{dut_ip}:{dut_port}"
-key_out = "out/key_out_{i}"
-"""
-
-(output_dir / "dut" / "keys").mkdir(exist_ok=True, parents=True)
-(output_dir / "dut" / "out").mkdir(exist_ok=True, parents=True)
-(output_dir / "dut" / "configs").mkdir(exist_ok=True, parents=True)
-(output_dir / "ate" / "keys").mkdir(exist_ok=True, parents=True)
-(output_dir / "ate" / "out").mkdir(exist_ok=True, parents=True)
-(output_dir / "ate" / "configs").mkdir(exist_ok=True, parents=True)
-
-for peer_count in config["peer_counts"]:
-    dut_config = template_dut.format(**config)
-    for i in range(peer_count):
-        dut_config += template_dut_peer.format(**config, i=i, ate_port=50000 + i)
-
-    (output_dir / "dut" / "configs" / f"dut-{peer_count}.toml").write_text(dut_config)
-
-    if not (output_dir / "dut" / "keys" / "dut-public-key").exists():
-        print("Generate DUT keys")
-        run(
-            [
-                config["path_to_rosenpass_bin"],
-                "gen-keys",
-                f"configs/dut-{peer_count}.toml",
-            ],
-            cwd=output_dir / "dut",
-        )
-    else:
-        print("DUT keys already exist")
-
-# copy the DUT public key to the ATE
-(output_dir / "ate" / "keys" / "dut-public-key").write_bytes(
-    (output_dir / "dut" / "keys" / "dut-public-key").read_bytes()
-)
-
-ate_script = "(trap 'kill 0' SIGINT; \\\n"
-
-for i in range(config["peer_count_max"]):
-    (output_dir / "ate" / "configs" / f"ate-{i}.toml").write_text(
-        template_ate.format(**config, i=i, ate_port=50000 + i)
-    )
-
-    if not (output_dir / "ate" / "keys" / f"ate-{i}-public-key").exists():
-        # generate ATE keys
-        run(
-            [config["path_to_rosenpass_bin"], "gen-keys", f"configs/ate-{i}.toml"],
-            cwd=output_dir / "ate",
-        )
-    else:
-        print(f"ATE-{i} keys already exist")
-
-    # copy the ATE public keys to the DUT
-    (output_dir / "dut" / "keys" / f"ate-{i}-public-key").write_bytes(
-        (output_dir / "ate" / "keys" / f"ate-{i}-public-key").read_bytes()
-    )
-
-    ate_script += (
-        f"{config['path_to_rosenpass_bin']} exchange-config configs/ate-{i}.toml & \\\n"
-    )
-
-    if (i + 1) in config["peer_counts"]:
-        write_script = ate_script
-        write_script += "wait)"
-
-        (output_dir / "ate" / f"run-{i+1}.sh").write_text(write_script)

rosenpass/Cargo.toml

@@ -49,9 +49,6 @@ criterion = { workspace = true }
 test_bin = { workspace = true }
 stacker = { workspace = true }
 serial_test = {workspace = true}
-procspawn = {workspace = true}
 
 [features]
-enable_broker_api = ["rosenpass-wireguard-broker/enable_broker_api"]
-enable_memfd_alloc = []
-experiment_libcrux = ["rosenpass-ciphers/experiment_libcrux"]
+enable_broker_api = ["rosenpass-wireguard-broker/enable_broker_api"]

rosenpass/benches/handshake.rs

@@ -1,12 +1,10 @@
 use anyhow::Result;
 use rosenpass::protocol::{CryptoServer, HandleMsgResult, MsgBuf, PeerPtr, SPk, SSk, SymKey};
-use std::ops::DerefMut;
 
 use rosenpass_cipher_traits::Kem;
 use rosenpass_ciphers::kem::StaticKem;
 
 use criterion::{black_box, criterion_group, criterion_main, Criterion};
-use rosenpass_secret_memory::secret_policy_try_use_memfd_secrets;
 
 fn handle(
     tx: &mut CryptoServer,
@@ -41,7 +39,7 @@ fn hs(ini: &mut CryptoServer, res: &mut CryptoServer) -> Result<()> {
 
 fn keygen() -> Result<(SSk, SPk)> {
     let (mut sk, mut pk) = (SSk::zero(), SPk::zero());
-    StaticKem::keygen(sk.secret_mut(), pk.deref_mut())?;
+    StaticKem::keygen(sk.secret_mut(), pk.secret_mut())?;
     Ok((sk, pk))
 }
 
@@ -58,7 +56,6 @@ fn make_server_pair() -> Result<(CryptoServer, CryptoServer)> {
 }
 
 fn criterion_benchmark(c: &mut Criterion) {
-    secret_policy_try_use_memfd_secrets();
     let (mut a, mut b) = make_server_pair().unwrap();
     c.bench_function("cca_secret_alloc", |bench| {
         bench.iter(|| {

rosenpass/src/cli.rs

@@ -3,14 +3,10 @@ use clap::{Parser, Subcommand};
 use rosenpass_cipher_traits::Kem;
 use rosenpass_ciphers::kem::StaticKem;
 use rosenpass_secret_memory::file::StoreSecret;
-use rosenpass_secret_memory::{
-    secret_policy_try_use_memfd_secrets, secret_policy_use_only_malloc_secrets,
-};
-use rosenpass_util::file::{LoadValue, LoadValueB64, StoreValue};
+use rosenpass_util::file::{LoadValue, LoadValueB64};
 use rosenpass_wireguard_broker::brokers::native_unix::{
     NativeUnixBroker, NativeUnixBrokerConfigBaseBuilder, NativeUnixBrokerConfigBaseBuilderError,
 };
-use std::ops::DerefMut;
 use std::path::PathBuf;
 
 use crate::app_server::AppServerTest;
@@ -158,13 +154,6 @@ impl CliCommand {
     /// ## TODO
     /// - This method consumes the [`CliCommand`] value. It might be wise to use a reference...
     pub fn run(self, test_helpers: Option<AppServerTest>) -> anyhow::Result<()> {
-        //Specify secret policy
-
-        #[cfg(feature = "enable_memfd_alloc")]
-        secret_policy_try_use_memfd_secrets();
-        #[cfg(not(feature = "enable_memfd_alloc"))]
-        secret_policy_use_only_malloc_secrets();
-
         use CliCommand::*;
         match self {
             Man => {
@@ -371,7 +360,7 @@ impl CliCommand {
 fn generate_and_save_keypair(secret_key: PathBuf, public_key: PathBuf) -> anyhow::Result<()> {
     let mut ssk = crate::protocol::SSk::random();
     let mut spk = crate::protocol::SPk::random();
-    StaticKem::keygen(ssk.secret_mut(), spk.deref_mut())?;
+    StaticKem::keygen(ssk.secret_mut(), spk.secret_mut())?;
     ssk.store_secret(secret_key)?;
     spk.store(public_key)
 }

rosenpass/src/protocol.rs

@@ -19,25 +19,20 @@
 //! [CryptoServer].
 //!
 //! ```
-//! use std::ops::DerefMut;
-//! use rosenpass_secret_memory::policy::*;
 //! use rosenpass_cipher_traits::Kem;
 //! use rosenpass_ciphers::kem::StaticKem;
 //! use rosenpass::{
 //!     protocol::{SSk, SPk, MsgBuf, PeerPtr, CryptoServer, SymKey},
 //! };
 //! # fn main() -> anyhow::Result<()> {
-//! // Set security policy for storing secrets
-//!
-//! secret_policy_try_use_memfd_secrets();
 //!
 //! // initialize secret and public key for peer a ...
 //! let (mut peer_a_sk, mut peer_a_pk) = (SSk::zero(), SPk::zero());
-//! StaticKem::keygen(peer_a_sk.secret_mut(), peer_a_pk.deref_mut())?;
+//! StaticKem::keygen(peer_a_sk.secret_mut(), peer_a_pk.secret_mut())?;
 //!
 //! // ... and for peer b
 //! let (mut peer_b_sk, mut peer_b_pk) = (SSk::zero(), SPk::zero());
-//! StaticKem::keygen(peer_b_sk.secret_mut(), peer_b_pk.deref_mut())?;
+//! StaticKem::keygen(peer_b_sk.secret_mut(), peer_b_pk.secret_mut())?;
 //!
 //! // initialize server and a pre-shared key
 //! let psk = SymKey::random();
@@ -72,7 +67,6 @@
 
 use std::convert::Infallible;
 use std::mem::size_of;
-use std::ops::Deref;
 use std::{
     collections::hash_map::{
         Entry::{Occupied, Vacant},
@@ -90,7 +84,7 @@ use rosenpass_ciphers::hash_domain::{SecretHashDomain, SecretHashDomainNamespace
 use rosenpass_ciphers::kem::{EphemeralKem, StaticKem};
 use rosenpass_ciphers::{aead, xaead, KEY_LEN};
 use rosenpass_constant_time as constant_time;
-use rosenpass_secret_memory::{Public, PublicBox, Secret};
+use rosenpass_secret_memory::{Public, Secret};
 use rosenpass_util::{cat, mem::cpy_min, ord::max_usize, time::Timebase};
 use zerocopy::{AsBytes, FromBytes, Ref};
 
@@ -165,7 +159,7 @@ pub fn has_happened(ev: Timing, now: Timing) -> bool {
 
 // DATA STRUCTURES & BASIC TRAITS & ACCESSORS ////
 
-pub type SPk = PublicBox<{ StaticKem::PK_LEN }>;
+pub type SPk = Secret<{ StaticKem::PK_LEN }>; // Just Secret<> instead of Public<> so it gets allocated on the heap
 pub type SSk = Secret<{ StaticKem::SK_LEN }>;
 pub type EPk = Public<{ EphemeralKem::PK_LEN }>;
 pub type ESk = Secret<{ EphemeralKem::SK_LEN }>;
@@ -550,7 +544,7 @@ impl CryptoServer {
     pub fn pidm(&self) -> Result<PeerId> {
         Ok(Public::new(
             hash_domains::peerid()?
-                .mix(self.spkm.deref())?
+                .mix(self.spkm.secret())?
                 .into_value()))
     }
 
@@ -710,7 +704,7 @@ impl Peer {
     pub fn pidt(&self) -> Result<PeerId> {
         Ok(Public::new(
             hash_domains::peerid()?
-                .mix(self.spkt.deref())?
+                .mix(self.spkt.secret())?
                 .into_value()))
     }
 }
@@ -1019,7 +1013,7 @@ impl CryptoServer {
 
         let cookie_value = active_cookie_value.unwrap();
         let cookie_key = hash_domains::cookie_key()?
-            .mix(self.spkm.deref())?
+            .mix(self.spkm.secret())?
             .into_value();
 
         let mut msg_out = truncating_cast_into::<CookieReply>(tx_buf)?;
@@ -1511,7 +1505,7 @@ where
     /// Calculate the message authentication code (`mac`) and also append cookie value
     pub fn seal(&mut self, peer: PeerPtr, srv: &CryptoServer) -> Result<()> {
         let mac = hash_domains::mac()?
-            .mix(peer.get(srv).spkt.deref())?
+            .mix(peer.get(srv).spkt.secret())?
             .mix(&self.as_bytes()[span_of!(Self, msg_type..mac)])?;
         self.mac.copy_from_slice(mac.into_value()[..16].as_ref());
         self.seal_cookie(peer, srv)?;
@@ -1538,7 +1532,7 @@ where
     /// Check the message authentication code
     pub fn check_seal(&self, srv: &CryptoServer) -> Result<bool> {
         let expected = hash_domains::mac()?
-            .mix(srv.spkm.deref())?
+            .mix(srv.spkm.secret())?
             .mix(&self.as_bytes()[span_of!(Self, msg_type..mac)])?;
         Ok(constant_time::memcmp(
             &self.mac,
@@ -1643,7 +1637,7 @@ impl HandshakeState {
 
         // calculate ad contents
         let ad = hash_domains::biscuit_ad()?
-            .mix(srv.spkm.deref())?
+            .mix(srv.spkm.secret())?
             .mix(self.sidi.as_slice())?
             .mix(self.sidr.as_slice())?
             .into_value();
@@ -1678,7 +1672,7 @@ impl HandshakeState {
 
         // Calculate additional data fields
         let ad = hash_domains::biscuit_ad()?
-            .mix(srv.spkm.deref())?
+            .mix(srv.spkm.secret())?
             .mix(sidi.as_slice())?
             .mix(sidr.as_slice())?
             .into_value();
@@ -1765,7 +1759,7 @@ impl CryptoServer {
         let mut hs = InitiatorHandshake::zero_with_timestamp(self);
 
         // IHI1
-        hs.core.init(peer.get(self).spkt.deref())?;
+        hs.core.init(peer.get(self).spkt.secret())?;
 
         // IHI2
         hs.core.sidi.randomize();
@@ -1782,7 +1776,7 @@ impl CryptoServer {
         hs.core
             .encaps_and_mix::<StaticKem, { StaticKem::SHK_LEN }>(
                 ih.sctr.as_mut_slice(),
-                peer.get(self).spkt.deref(),
+                peer.get(self).spkt.secret(),
             )?;
 
         // IHI6
@@ -1791,7 +1785,7 @@ impl CryptoServer {
 
         // IHI7
         hs.core
-            .mix(self.spkm.deref())?
+            .mix(self.spkm.secret())?
             .mix(peer.get(self).psk.secret())?;
 
         // IHI8
@@ -1809,7 +1803,7 @@ impl CryptoServer {
         core.sidi = SessionId::from_slice(&ih.sidi);
 
         // IHR1
-        core.init(self.spkm.deref())?;
+        core.init(self.spkm.secret())?;
 
         // IHR4
         core.mix(&ih.sidi)?.mix(&ih.epki)?;
@@ -1817,7 +1811,7 @@ impl CryptoServer {
         // IHR5
         core.decaps_and_mix::<StaticKem, { StaticKem::SHK_LEN }>(
             self.sskm.secret(),
-            self.spkm.deref(),
+            self.spkm.secret(),
             &ih.sctr,
         )?;
 
@@ -1830,7 +1824,7 @@ impl CryptoServer {
         };
 
         // IHR7
-        core.mix(peer.get(self).spkt.deref())?
+        core.mix(peer.get(self).spkt.secret())?
             .mix(peer.get(self).psk.secret())?;
 
         // IHR8
@@ -1850,7 +1844,7 @@ impl CryptoServer {
         // RHR5
         core.encaps_and_mix::<StaticKem, { StaticKem::SHK_LEN }>(
             &mut rh.scti,
-            peer.get(self).spkt.deref(),
+            peer.get(self).spkt.secret(),
         )?;
 
         // RHR6
@@ -1911,14 +1905,14 @@ impl CryptoServer {
         // RHI4
         core.decaps_and_mix::<EphemeralKem, { EphemeralKem::SHK_LEN }>(
             hs!().eski.secret(),
-            hs!().epki.deref(),
+            &*hs!().epki,
             &rh.ecti,
         )?;
 
         // RHI5
         core.decaps_and_mix::<StaticKem, { StaticKem::SHK_LEN }>(
             self.sskm.secret(),
-            self.spkm.deref(),
+            self.spkm.secret(),
             &rh.scti,
         )?;
 
@@ -2115,7 +2109,7 @@ impl CryptoServer {
                     ),
                 }?;
 
-                let spkt = peer.get(self).spkt.deref();
+                let spkt = peer.get(self).spkt.secret();
                 let cookie_key = hash_domains::cookie_key()?.mix(spkt)?.into_value();
                 let cookie_value = peer.cv().update_mut(self).unwrap();
 
@@ -2148,10 +2142,9 @@ fn truncating_cast_into_nomut<T: FromBytes>(buf: &[u8]) -> Result<Ref<&[u8], T>,
 
 #[cfg(test)]
 mod test {
-    use std::{net::SocketAddrV4, ops::DerefMut, thread::sleep, time::Duration};
+    use std::{net::SocketAddrV4, thread::sleep, time::Duration};
 
     use super::*;
-    use serial_test::serial;
 
     struct VecHostIdentifier(Vec<u8>);
 
@@ -2173,21 +2166,7 @@ mod test {
         }
     }
 
-    fn setup_logging() {
-        use std::io::Write;
-        let mut log_builder = env_logger::Builder::from_default_env(); // sets log level filter from environment (or defaults)
-        log_builder.filter_level(log::LevelFilter::Info);
-        log_builder.format_timestamp_nanos();
-        log_builder.format(|buf, record| {
-            let ts_format = buf.timestamp_nanos().to_string();
-            writeln!(buf, "{}: {}", &ts_format[14..], record.args())
-        });
-
-        let _ = log_builder.try_init();
-    }
-
     #[test]
-    #[serial]
     /// Ensure that the protocol implementation can deal with truncated
     /// messages and with overlong messages.
     ///
@@ -2203,8 +2182,6 @@ mod test {
     /// Through all this, the handshake should still successfully terminate;
     /// i.e. an exchanged key must be produced in both servers.
     fn handles_incorrect_size_messages() {
-        setup_logging();
-        rosenpass_secret_memory::secret_policy_try_use_memfd_secrets();
         stacker::grow(8 * 1024 * 1024, || {
             const OVERSIZED_MESSAGE: usize = ((MAX_MESSAGE_LEN as f32) * 1.2) as usize;
             type MsgBufPlus = Public<OVERSIZED_MESSAGE>;
@@ -2257,7 +2234,7 @@ mod test {
     fn keygen() -> Result<(SSk, SPk)> {
         // TODO: Copied from the benchmark; deduplicate
         let (mut sk, mut pk) = (SSk::zero(), SPk::zero());
-        StaticKem::keygen(sk.secret_mut(), pk.deref_mut())?;
+        StaticKem::keygen(sk.secret_mut(), pk.secret_mut())?;
         Ok((sk, pk))
     }
 
@@ -2275,10 +2252,7 @@ mod test {
     }
 
     #[test]
-    #[serial]
     fn test_regular_exchange() {
-        setup_logging();
-        rosenpass_secret_memory::secret_policy_try_use_memfd_secrets();
         stacker::grow(8 * 1024 * 1024, || {
             type MsgBufPlus = Public<MAX_MESSAGE_LEN>;
             let (mut a, mut b) = make_server_pair().unwrap();
@@ -2322,7 +2296,7 @@ mod test {
 
             //B handles InitConf, sends EmptyData
             let HandleMsgResult {
-                resp: _,
+                resp,
                 exchanged_with,
             } = b
                 .handle_msg(&a_to_b_buf.as_slice()[..init_conf_len], &mut *b_to_a_buf)
@@ -2336,10 +2310,7 @@ mod test {
     }
 
     #[test]
-    #[serial]
     fn test_regular_init_conf_retransmit() {
-        setup_logging();
-        rosenpass_secret_memory::secret_policy_try_use_memfd_secrets();
         stacker::grow(8 * 1024 * 1024, || {
             type MsgBufPlus = Public<MAX_MESSAGE_LEN>;
             let (mut a, mut b) = make_server_pair().unwrap();
@@ -2384,7 +2355,7 @@ mod test {
 
             //B handles InitConf, sends EmptyData
             let HandleMsgResult {
-                resp: _,
+                resp,
                 exchanged_with,
             } = b
                 .handle_msg(&a_to_b_buf.as_slice()[..init_conf_len], &mut *b_to_a_buf)
@@ -2397,7 +2368,7 @@ mod test {
 
             //B handles InitConf again, sends EmptyData
             let HandleMsgResult {
-                resp: _,
+                resp,
                 exchanged_with,
             } = b
                 .handle_msg(&a_to_b_buf.as_slice()[..init_conf_len], &mut *b_to_a_buf)
@@ -2411,10 +2382,7 @@ mod test {
     }
 
     #[test]
-    #[serial]
     fn cookie_reply_mechanism_responder_under_load() {
-        setup_logging();
-        rosenpass_secret_memory::secret_policy_try_use_memfd_secrets();
         stacker::grow(8 * 1024 * 1024, || {
             type MsgBufPlus = Public<MAX_MESSAGE_LEN>;
             let (mut a, mut b) = make_server_pair().unwrap();
@@ -2508,10 +2476,7 @@ mod test {
     }
 
     #[test]
-    #[serial]
     fn cookie_reply_mechanism_initiator_bails_on_message_under_load() {
-        setup_logging();
-        rosenpass_secret_memory::secret_policy_try_use_memfd_secrets();
         stacker::grow(8 * 1024 * 1024, || {
             type MsgBufPlus = Public<MAX_MESSAGE_LEN>;
             let (mut a, mut b) = make_server_pair().unwrap();

rosenpass/tests/integration_test.rs

@@ -2,11 +2,14 @@ use std::{
     fs,
     net::UdpSocket,
     path::PathBuf,
+    sync::{Arc, Mutex},
     time::Duration,
 };
 
-use clap::Parser;
+use clap::{builder::Str, Parser};
 use rosenpass::{app_server::AppServerTestBuilder, cli::CliArgs};
+use rosenpass_secret_memory::{Public, Secret};
+use rosenpass_wireguard_broker::{WireguardBrokerMio, WG_KEY_LEN, WG_PEER_LEN};
 use serial_test::serial;
 use std::io::Write;
 
@@ -271,3 +274,57 @@ fn check_exchange_under_dos() {
     // cleanup
     fs::remove_dir_all(&tmpdir).unwrap();
 }
+
+#[derive(Debug, Default)]
+struct MockBrokerInner {
+    psk: Option<Secret<WG_KEY_LEN>>,
+    peer_id: Option<Public<WG_PEER_LEN>>,
+    interface: Option<String>,
+}
+
+#[derive(Debug, Default)]
+struct MockBroker {
+    inner: Arc<Mutex<MockBrokerInner>>,
+}
+
+impl WireguardBrokerMio for MockBroker {
+    type MioError = anyhow::Error;
+
+    fn register(
+        &mut self,
+        _registry: &mio::Registry,
+        _token: mio::Token,
+    ) -> Result<(), Self::MioError> {
+        Ok(())
+    }
+
+    fn process_poll(&mut self) -> Result<(), Self::MioError> {
+        Ok(())
+    }
+
+    fn unregister(&mut self, _registry: &mio::Registry) -> Result<(), Self::MioError> {
+        Ok(())
+    }
+}
+
+impl rosenpass_wireguard_broker::WireGuardBroker for MockBroker {
+    type Error = anyhow::Error;
+
+    fn set_psk(
+        &mut self,
+        config: rosenpass_wireguard_broker::SerializedBrokerConfig<'_>,
+    ) -> Result<(), Self::Error> {
+        loop {
+            let mut lock = self.inner.try_lock();
+
+            if let Ok(ref mut mutex) = lock {
+                **mutex = MockBrokerInner {
+                    psk: Some(config.psk.clone()),
+                    peer_id: Some(config.peer_id.clone()),
+                    interface: Some(std::str::from_utf8(config.interface).unwrap().to_string()),
+                };
+                break Ok(());
+            }
+        }
+    }
+}

rp/Cargo.toml

@@ -37,7 +37,3 @@ netlink-packet-wireguard = "0.2"
 [dev-dependencies]
 tempfile = {workspace = true}
 stacker = {workspace = true}
-
-[features]
-enable_memfd_alloc = []
-experiment_libcrux = ["rosenpass-ciphers/experiment_libcrux"]

rp/src/exchange.rs

@@ -2,9 +2,7 @@ use std::{net::SocketAddr, path::PathBuf};
 
 use anyhow::Result;
 
-#[cfg(any(target_os = "linux", target_os = "freebsd"))]
 use crate::key::WG_B64_LEN;
-
 #[derive(Default)]
 pub struct ExchangePeer {
     pub public_keys_dir: PathBuf,

rp/src/key.rs

@@ -1,12 +1,11 @@
 use std::{
     fs::{self, DirBuilder},
-    ops::DerefMut,
     os::unix::fs::{DirBuilderExt, PermissionsExt},
     path::Path,
 };
 
 use anyhow::{anyhow, Result};
-use rosenpass_util::file::{LoadValueB64, StoreValue, StoreValueB64};
+use rosenpass_util::file::{LoadValueB64, StoreValueB64};
 use zeroize::Zeroize;
 
 use rosenpass::protocol::{SPk, SSk};
@@ -57,8 +56,8 @@ pub fn genkey(private_keys_dir: &Path) -> Result<()> {
     if !pqsk_path.exists() && !pqpk_path.exists() {
         let mut pqsk = SSk::random();
         let mut pqpk = SPk::random();
-        StaticKem::keygen(pqsk.secret_mut(), pqpk.deref_mut())?;
-        pqpk.store(pqpk_path)?;
+        StaticKem::keygen(pqsk.secret_mut(), pqpk.secret_mut())?;
+        pqpk.store_secret(pqpk_path)?;
         pqsk.store_secret(pqsk_path)?;
     } else {
         eprintln!(
@@ -103,7 +102,6 @@ mod tests {
     use std::fs;
 
     use rosenpass::protocol::{SPk, SSk};
-    use rosenpass_secret_memory::secret_policy_try_use_memfd_secrets;
     use rosenpass_secret_memory::Secret;
     use rosenpass_util::file::LoadValue;
     use rosenpass_util::file::LoadValueB64;
@@ -112,8 +110,7 @@ mod tests {
     use crate::key::{genkey, pubkey, WG_B64_LEN};
 
     #[test]
-    fn test_key_loopback() {
-        secret_policy_try_use_memfd_secrets();
+    fn it_works() {
         let private_keys_dir = tempdir().unwrap();
         fs::remove_dir(private_keys_dir.path()).unwrap();
 

rp/src/main.rs

@@ -3,7 +3,6 @@ use std::process::exit;
 use cli::{Cli, Command};
 use exchange::exchange;
 use key::{genkey, pubkey};
-use rosenpass_secret_memory::policy;
 
 mod cli;
 mod exchange;
@@ -11,11 +10,6 @@ mod key;
 
 #[tokio::main]
 async fn main() {
-    #[cfg(feature = "enable_memfd_alloc")]
-    policy::secret_policy_try_use_memfd_secrets();
-    #[cfg(not(feature = "enable_memfd_alloc"))]
-    policy::secret_policy_use_only_malloc_secrets();
-
     let cli = match Cli::parse(std::env::args().peekable()) {
         Ok(cli) => cli,
         Err(err) => {

secret-memory/Cargo.toml

@@ -23,4 +23,3 @@ log = { workspace = true }
 allocator-api2-tests = { workspace = true }
 tempfile = {workspace = true}
 base64ct = {workspace = true}
-procspawn = {workspace = true}

secret-memory/src/alloc/memsec.rs

@@ -4,41 +4,37 @@ use std::ptr::NonNull;
 use allocator_api2::alloc::{AllocError, Allocator, Layout};
 
 #[derive(Copy, Clone, Default)]
-struct MallocAllocatorContents;
+struct MemsecAllocatorContents;
 
 /// Memory allocation using using the memsec crate
 #[derive(Copy, Clone, Default)]
-pub struct MallocAllocator {
-    _dummy_private_data: MallocAllocatorContents,
+pub struct MemsecAllocator {
+    _dummy_private_data: MemsecAllocatorContents,
 }
 
 /// A box backed by the memsec allocator
-pub type MallocBox<T> = allocator_api2::boxed::Box<T, MallocAllocator>;
+pub type MemsecBox<T> = allocator_api2::boxed::Box<T, MemsecAllocator>;
 
 /// A vector backed by the memsec allocator
-pub type MallocVec<T> = allocator_api2::vec::Vec<T, MallocAllocator>;
+pub type MemsecVec<T> = allocator_api2::vec::Vec<T, MemsecAllocator>;
 
-pub fn malloc_box_try<T>(x: T) -> Result<MallocBox<T>, AllocError> {
-    MallocBox::<T>::try_new_in(x, MallocAllocator::new())
+pub fn memsec_box<T>(x: T) -> MemsecBox<T> {
+    MemsecBox::<T>::new_in(x, MemsecAllocator::new())
 }
 
-pub fn malloc_box<T>(x: T) -> MallocBox<T> {
-    MallocBox::<T>::new_in(x, MallocAllocator::new())
+pub fn memsec_vec<T>() -> MemsecVec<T> {
+    MemsecVec::<T>::new_in(MemsecAllocator::new())
 }
 
-pub fn malloc_vec<T>() -> MallocVec<T> {
-    MallocVec::<T>::new_in(MallocAllocator::new())
-}
-
-impl MallocAllocator {
+impl MemsecAllocator {
     pub fn new() -> Self {
         Self {
-            _dummy_private_data: MallocAllocatorContents,
+            _dummy_private_data: MemsecAllocatorContents,
         }
     }
 }
 
-unsafe impl Allocator for MallocAllocator {
+unsafe impl Allocator for MemsecAllocator {
     fn allocate(&self, layout: Layout) -> Result<NonNull<[u8]>, AllocError> {
         // Call memsec allocator
         let mem: Option<NonNull<[u8]>> = unsafe { memsec::malloc_sized(layout.size()) };
@@ -52,8 +48,8 @@ unsafe impl Allocator for MallocAllocator {
         // Ensure the right alignment is used
         let off = (mem.as_ptr() as *const u8).align_offset(layout.align());
         if off != 0 {
-            log::error!("Allocation {layout:?} was requested but malloc-based memsec returned allocation \
-                with offset {off} from the requested alignment. Malloc always allocates values \
+            log::error!("Allocation {layout:?} was requested but memsec returned allocation \
+                with offset {off} from the requested alignment. Memsec always allocates values \
                 at the end of a memory page for security reasons, custom alignments are not supported. \
                 You could try allocating an oversized value.");
             unsafe { memsec::free(mem) };
@@ -70,7 +66,7 @@ unsafe impl Allocator for MallocAllocator {
     }
 }
 
-impl fmt::Debug for MallocAllocator {
+impl fmt::Debug for MemsecAllocator {
     fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
         fmt.write_str("<memsec based Rust allocator>")
     }
@@ -82,21 +78,21 @@ mod test {
 
     use super::*;
 
-    make_test! { test_sizes(MallocAllocator::new()) }
-    make_test! { test_vec(MallocAllocator::new()) }
-    make_test! { test_many_boxes(MallocAllocator::new()) }
+    make_test! { test_sizes(MemsecAllocator::new()) }
+    make_test! { test_vec(MemsecAllocator::new()) }
+    make_test! { test_many_boxes(MemsecAllocator::new()) }
 
     #[test]
-    fn malloc_allocation() {
-        let alloc = MallocAllocator::new();
-        malloc_allocation_impl::<0>(&alloc);
-        malloc_allocation_impl::<7>(&alloc);
-        malloc_allocation_impl::<8>(&alloc);
-        malloc_allocation_impl::<64>(&alloc);
-        malloc_allocation_impl::<999>(&alloc);
+    fn memsec_allocation() {
+        let alloc = MemsecAllocator::new();
+        memsec_allocation_impl::<0>(&alloc);
+        memsec_allocation_impl::<7>(&alloc);
+        memsec_allocation_impl::<8>(&alloc);
+        memsec_allocation_impl::<64>(&alloc);
+        memsec_allocation_impl::<999>(&alloc);
     }
 
-    fn malloc_allocation_impl<const N: usize>(alloc: &MallocAllocator) {
+    fn memsec_allocation_impl<const N: usize>(alloc: &MemsecAllocator) {
         let layout = Layout::new::<[u8; N]>();
         let mem = alloc.allocate(layout).unwrap();
 

secret-memory/src/alloc/memsec/memfdsec.rs

@@ -1,112 +0,0 @@
-#![cfg(target_os = "linux")]
-use std::fmt;
-use std::ptr::NonNull;
-
-use allocator_api2::alloc::{AllocError, Allocator, Layout};
-
-#[derive(Copy, Clone, Default)]
-struct MemfdSecAllocatorContents;
-
-/// Memory allocation using using the memsec crate
-#[derive(Copy, Clone, Default)]
-pub struct MemfdSecAllocator {
-    _dummy_private_data: MemfdSecAllocatorContents,
-}
-
-/// A box backed by the memsec allocator
-pub type MemfdSecBox<T> = allocator_api2::boxed::Box<T, MemfdSecAllocator>;
-
-/// A vector backed by the memsec allocator
-pub type MemfdSecVec<T> = allocator_api2::vec::Vec<T, MemfdSecAllocator>;
-
-pub fn memfdsec_box_try<T>(x: T) -> Result<MemfdSecBox<T>, AllocError> {
-    MemfdSecBox::<T>::try_new_in(x, MemfdSecAllocator::new())
-}
-
-pub fn memfdsec_box<T>(x: T) -> MemfdSecBox<T> {
-    MemfdSecBox::<T>::new_in(x, MemfdSecAllocator::new())
-}
-
-pub fn memfdsec_vec<T>() -> MemfdSecVec<T> {
-    MemfdSecVec::<T>::new_in(MemfdSecAllocator::new())
-}
-
-impl MemfdSecAllocator {
-    pub fn new() -> Self {
-        Self {
-            _dummy_private_data: MemfdSecAllocatorContents,
-        }
-    }
-}
-
-unsafe impl Allocator for MemfdSecAllocator {
-    fn allocate(&self, layout: Layout) -> Result<NonNull<[u8]>, AllocError> {
-        // Call memsec allocator
-        let mem: Option<NonNull<[u8]>> = unsafe { memsec::memfd_secret_sized(layout.size()) };
-
-        // Unwrap the option
-        let Some(mem) = mem else {
-            log::error!("Allocation {layout:?} was requested but memfd-based memsec returned a null pointer");
-            return Err(AllocError);
-        };
-
-        // Ensure the right alignment is used
-        let off = (mem.as_ptr() as *const u8).align_offset(layout.align());
-        if off != 0 {
-            log::error!("Allocation {layout:?} was requested but memfd-based memsec returned allocation \
-                with offset {off} from the requested alignment. Memfd always allocates values \
-                at the end of a memory page for security reasons, custom alignments are not supported. \
-                You could try allocating an oversized value.");
-            unsafe { memsec::free_memfd_secret(mem) };
-            return Err(AllocError);
-        };
-
-        Ok(mem)
-    }
-
-    unsafe fn deallocate(&self, ptr: NonNull<u8>, _layout: Layout) {
-        unsafe {
-            memsec::free_memfd_secret(ptr);
-        }
-    }
-}
-
-impl fmt::Debug for MemfdSecAllocator {
-    fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
-        fmt.write_str("<memsec based Rust allocator>")
-    }
-}
-
-#[cfg(test)]
-mod test {
-    use allocator_api2_tests::make_test;
-
-    use super::*;
-
-    make_test! { test_sizes(MemfdSecAllocator::new()) }
-    make_test! { test_vec(MemfdSecAllocator::new()) }
-    make_test! { test_many_boxes(MemfdSecAllocator::new()) }
-
-    #[test]
-    fn memfdsec_allocation() {
-        let alloc = MemfdSecAllocator::new();
-        memfdsec_allocation_impl::<0>(&alloc);
-        memfdsec_allocation_impl::<7>(&alloc);
-        memfdsec_allocation_impl::<8>(&alloc);
-        memfdsec_allocation_impl::<64>(&alloc);
-        memfdsec_allocation_impl::<999>(&alloc);
-    }
-
-    fn memfdsec_allocation_impl<const N: usize>(alloc: &MemfdSecAllocator) {
-        let layout = Layout::new::<[u8; N]>();
-        let mem = alloc.allocate(layout).unwrap();
-
-        // https://libsodium.gitbook.io/doc/memory_management#guarded-heap-allocations
-        // promises us that allocated memory is initialized with the magic byte 0xDB
-        // and memsec promises to provide a reimplementation of the libsodium mechanism;
-        // it uses the magic value 0xD0 though
-        assert_eq!(unsafe { mem.as_ref() }, &[0xD0u8; N]);
-        let mem = NonNull::new(mem.as_ptr() as *mut u8).unwrap();
-        unsafe { alloc.deallocate(mem, layout) };
-    }
-}

secret-memory/src/alloc/memsec/mod.rs

@@ -1,2 +0,0 @@
-pub mod malloc;
-pub mod memfdsec;

secret-memory/src/alloc/mod.rs

@@ -1,86 +1,6 @@
 pub mod memsec;
 
-use std::sync::OnceLock;
-
-use allocator_api2::alloc::{AllocError, Allocator};
-use memsec::malloc::MallocAllocator;
-
-#[cfg(target_os = "linux")]
-use memsec::memfdsec::MemfdSecAllocator;
-
-static ALLOC_TYPE: OnceLock<SecretAllocType> = OnceLock::new();
-
-/// Sets the secret allocation type to use.
-/// Intended usage at startup before secret allocation
-/// takes place
-pub fn set_secret_alloc_type(alloc_type: SecretAllocType) {
-    ALLOC_TYPE.set(alloc_type).unwrap();
-}
-
-pub fn get_or_init_secret_alloc_type(alloc_type: SecretAllocType) -> SecretAllocType {
-    *ALLOC_TYPE.get_or_init(|| alloc_type)
-}
-
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
-pub enum SecretAllocType {
-    MemsecMalloc,
-    #[cfg(target_os = "linux")]
-    MemsecMemfdSec,
-}
-
-pub struct SecretAlloc {
-    alloc_type: SecretAllocType,
-}
-
-impl Default for SecretAlloc {
-    fn default() -> Self {
-        Self {
-            alloc_type: *ALLOC_TYPE.get().expect(
-                "Secret security policy not specified. \
-                Run the specifying policy function in \
-                 rosenpass_secret_memory::policy or set a \
-                 custom policy by initializing \
-                 rosenpass_secret_memory::alloc::ALLOC_TYPE \
-                 before using secrets",
-            ),
-        }
-    }
-}
-
-unsafe impl Allocator for SecretAlloc {
-    fn allocate(
-        &self,
-        layout: std::alloc::Layout,
-    ) -> Result<std::ptr::NonNull<[u8]>, allocator_api2::alloc::AllocError> {
-        match self.alloc_type {
-            SecretAllocType::MemsecMalloc => MallocAllocator::default().allocate(layout),
-            #[cfg(target_os = "linux")]
-            SecretAllocType::MemsecMemfdSec => MemfdSecAllocator::default().allocate(layout),
-        }
-    }
-
-    unsafe fn deallocate(&self, ptr: std::ptr::NonNull<u8>, layout: std::alloc::Layout) {
-        match self.alloc_type {
-            SecretAllocType::MemsecMalloc => MallocAllocator::default().deallocate(ptr, layout),
-            #[cfg(target_os = "linux")]
-            SecretAllocType::MemsecMemfdSec => MemfdSecAllocator::default().deallocate(ptr, layout),
-        }
-    }
-}
-
-pub type SecretBox<T> = allocator_api2::boxed::Box<T, SecretAlloc>;
-
-/// A vector backed by the memsec allocator
-pub type SecretVec<T> = allocator_api2::vec::Vec<T, SecretAlloc>;
-
-pub fn secret_box_try<T>(x: T) -> Result<SecretBox<T>, AllocError> {
-    SecretBox::<T>::try_new_in(x, SecretAlloc::default())
-}
-
-pub fn secret_box<T>(x: T) -> SecretBox<T> {
-    SecretBox::<T>::new_in(x, SecretAlloc::default())
-}
-
-pub fn secret_vec<T>() -> SecretVec<T> {
-    SecretVec::<T>::new_in(SecretAlloc::default())
-}
+pub use crate::alloc::memsec::{
+    memsec_box as secret_box, memsec_vec as secret_vec, MemsecAllocator as SecretAllocator,
+    MemsecBox as SecretBox, MemsecVec as SecretVec,
+};

secret-memory/src/lib.rs

@@ -6,10 +6,6 @@ pub mod alloc;
 
 mod public;
 pub use crate::public::Public;
-pub use crate::public::PublicBox;
 
 mod secret;
 pub use crate::secret::Secret;
-
-pub mod policy;
-pub use crate::policy::*;

secret-memory/src/policy.rs

@@ -1,82 +0,0 @@
-pub fn secret_policy_try_use_memfd_secrets() {
-    let alloc_type = {
-        #[cfg(target_os = "linux")]
-        {
-            if crate::alloc::memsec::memfdsec::memfdsec_box_try(0u8).is_ok() {
-                crate::alloc::SecretAllocType::MemsecMemfdSec
-            } else {
-                crate::alloc::SecretAllocType::MemsecMalloc
-            }
-        }
-
-        #[cfg(not(target_os = "linux"))]
-        {
-            crate::alloc::SecretAllocType::MemsecMalloc
-        }
-    };
-    assert_eq!(
-        alloc_type,
-        crate::alloc::get_or_init_secret_alloc_type(alloc_type)
-    );
-
-    log::info!("Secrets will be allocated using {:?}", alloc_type);
-}
-
-#[cfg(target_os = "linux")]
-pub fn secret_policy_use_only_memfd_secrets() {
-    let alloc_type = crate::alloc::SecretAllocType::MemsecMemfdSec;
-
-    assert_eq!(
-        alloc_type,
-        crate::alloc::get_or_init_secret_alloc_type(alloc_type)
-    );
-
-    log::info!("Secrets will be allocated using {:?}", alloc_type);
-}
-
-pub fn secret_policy_use_only_malloc_secrets() {
-    let alloc_type = crate::alloc::SecretAllocType::MemsecMalloc;
-    assert_eq!(
-        alloc_type,
-        crate::alloc::get_or_init_secret_alloc_type(alloc_type)
-    );
-
-    log::info!("Secrets will be allocated using {:?}", alloc_type);
-}
-
-pub mod test {
-    #[macro_export]
-    macro_rules! test_spawn_process_with_policies {
-        ($body:block, $($f: expr),*) => {
-            $(
-                let handle = procspawn::spawn((), |_| {
-
-                $f();
-
-                $body
-
-                });
-                handle.join().unwrap();
-            )*
-            };
-        }
-
-    #[macro_export]
-    macro_rules! test_spawn_process_provided_policies {
-        ($body: block) => {
-            $crate::test_spawn_process_with_policies!(
-                $body,
-                $crate::policy::secret_policy_try_use_memfd_secrets,
-                $crate::secret_policy_use_only_malloc_secrets
-            );
-
-            #[cfg(target_os = "linux")]
-            {
-                $crate::test_spawn_process_with_policies!(
-                    $body,
-                    $crate::policy::secret_policy_use_only_memfd_secrets
-                );
-            }
-        };
-    }
-}

secret-memory/src/public.rs

@@ -172,153 +172,12 @@ impl<const N: usize> StoreValueB64Writer for Public<N> {
     }
 }
 
-#[derive(Clone, Hash, PartialEq, Eq, PartialOrd, Ord)]
-#[repr(transparent)]
-pub struct PublicBox<const N: usize> {
-    pub inner: Box<Public<N>>,
-}
-
-impl<const N: usize> PublicBox<N> {
-    /// Create a new [PublicBox] from a byte slice
-    pub fn from_slice(value: &[u8]) -> Self {
-        Self {
-            inner: Box::new(Public::from_slice(value)),
-        }
-    }
-
-    /// Create a new [PublicBox] from a byte array
-    pub fn new(value: [u8; N]) -> Self {
-        Self {
-            inner: Box::new(Public::new(value)),
-        }
-    }
-
-    /// Create a zero initialized [PublicBox]
-    pub fn zero() -> Self {
-        Self {
-            inner: Box::new(Public::zero()),
-        }
-    }
-
-    /// Create a random initialized [PublicBox]
-    pub fn random() -> Self {
-        Self {
-            inner: Box::new(Public::random()),
-        }
-    }
-
-    /// Randomize all bytes in an existing [PublicBox]
-    pub fn randomize(&mut self) {
-        self.inner.randomize()
-    }
-}
-
-impl<const N: usize> Randomize for PublicBox<N> {
-    fn try_fill<R: Rng + ?Sized>(&mut self, rng: &mut R) -> Result<(), rand::Error> {
-        self.inner.try_fill(rng)
-    }
-}
-
-impl<const N: usize> fmt::Debug for PublicBox<N> {
-    fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
-        debug_crypto_array(&**self, fmt)
-    }
-}
-
-impl<const N: usize> Deref for PublicBox<N> {
-    type Target = [u8; N];
-
-    fn deref(&self) -> &[u8; N] {
-        self.inner.deref()
-    }
-}
-
-impl<const N: usize> DerefMut for PublicBox<N> {
-    fn deref_mut(&mut self) -> &mut [u8; N] {
-        self.inner.deref_mut()
-    }
-}
-
-impl<const N: usize> Borrow<[u8]> for PublicBox<N> {
-    fn borrow(&self) -> &[u8] {
-        self.deref()
-    }
-}
-
-impl<const N: usize> BorrowMut<[u8]> for PublicBox<N> {
-    fn borrow_mut(&mut self) -> &mut [u8] {
-        self.deref_mut()
-    }
-}
-
-impl<const N: usize> LoadValue for PublicBox<N> {
-    type Error = anyhow::Error;
-
-    // This is implemented separately from Public to avoid allocating too much stack memory
-    fn load<P: AsRef<Path>>(path: P) -> anyhow::Result<Self> {
-        let mut p = Self::random();
-        fopen_r(path)?.read_exact_to_end(p.deref_mut())?;
-        Ok(p)
-    }
-}
-
-impl<const N: usize> StoreValue for PublicBox<N> {
-    type Error = anyhow::Error;
-
-    fn store<P: AsRef<Path>>(&self, path: P) -> anyhow::Result<()> {
-        self.inner.store(path)
-    }
-}
-
-impl<const N: usize> LoadValueB64 for PublicBox<N> {
-    type Error = anyhow::Error;
-
-    // This is implemented separately from Public to avoid allocating too much stack memory
-    fn load_b64<const F: usize, P: AsRef<Path>>(path: P) -> Result<Self, Self::Error>
-    where
-        Self: Sized,
-    {
-        // A vector is used here to ensure heap allocation without copy from stack
-        let mut f = vec![0u8; F];
-        let mut v = PublicBox::zero();
-        let p = path.as_ref();
-
-        let len = fopen_r(p)?
-            .read_slice_to_end(&mut f)
-            .with_context(|| format!("Could not load file {p:?}"))?;
-
-        b64_decode(&f[0..len], v.deref_mut())
-            .with_context(|| format!("Could not decode base64 file {p:?}"))?;
-
-        Ok(v)
-    }
-}
-
-impl<const N: usize> StoreValueB64 for PublicBox<N> {
-    type Error = anyhow::Error;
-
-    fn store_b64<const F: usize, P: AsRef<Path>>(&self, path: P) -> anyhow::Result<()> {
-        self.inner.store_b64::<F, P>(path)
-    }
-}
-
-impl<const N: usize> StoreValueB64Writer for PublicBox<N> {
-    type Error = anyhow::Error;
-
-    fn store_b64_writer<const F: usize, W: std::io::Write>(
-        &self,
-        writer: W,
-    ) -> Result<(), Self::Error> {
-        self.inner.store_b64_writer::<F, W>(writer)
-    }
-}
-
 #[cfg(test)]
 mod tests {
 
     #[cfg(test)]
     mod tests {
-        use crate::{Public, PublicBox};
+        use crate::Public;
         use rosenpass_util::{
             b64::b64_encode,
             file::{
@@ -326,35 +185,32 @@ mod tests {
                 Visibility,
             },
         };
-        use std::{fs, ops::Deref, os::unix::fs::PermissionsExt};
+        use std::{fs, os::unix::fs::PermissionsExt};
         use tempfile::tempdir;
 
-        /// Number of bytes in payload for load and store tests
-        const N: usize = 100;
+        /// test loading a public from an example file, and then storing it again in a different file
+        #[test]
+        fn test_public_load_store() {
+            const N: usize = 100;
 
-        /// Convenience function for running a load/store test
-        fn run_load_store_test<
-            T: LoadValue<Error = anyhow::Error>
-                + StoreValue<Error = anyhow::Error>
-                + Deref<Target = [u8; N]>,
-        >() {
             // Generate original random bytes
             let original_bytes: [u8; N] = [rand::random(); N];
 
             // Create a temporary directory
             let temp_dir = tempdir().unwrap();
 
-            // Store the original bytes to an example file in the temporary directory
+            // Store the original public to an example file in the temporary directory
             let example_file = temp_dir.path().join("example_file");
             std::fs::write(example_file.clone(), &original_bytes).unwrap();
 
-            // Load the value from the example file into our generic type
-            let loaded_public = T::load(&example_file).unwrap();
+            // Load the public from the example file
 
-            // Check that the loaded value matches the original bytes
-            assert_eq!(loaded_public.deref(), &original_bytes);
+            let loaded_public = Public::load(&example_file).unwrap();
 
-            // Store the loaded value to a different file in the temporary directory
+            // Check that the loaded public matches the original bytes
+            assert_eq!(&loaded_public.value, &original_bytes);
+
+            // Store the loaded public to a different file in the temporary directory
             let new_file = temp_dir.path().join("new_file");
             loaded_public.store(&new_file).unwrap();
 
@@ -368,13 +224,10 @@ mod tests {
             assert_eq!(new_file_contents, original_file_contents);
         }
 
-        /// Convenience function for running a base64 load/store test
-        fn run_base64_load_store_test<
-            T: LoadValueB64<Error = anyhow::Error>
-                + StoreValueB64<Error = anyhow::Error>
-                + StoreValueB64Writer<Error = anyhow::Error>
-                + Deref<Target = [u8; N]>,
-        >() {
+        /// test loading a base64 encoded public from an example file, and then storing it again in a different file
+        #[test]
+        fn test_public_load_store_base64() {
+            const N: usize = 100;
             // Generate original random bytes
             let original_bytes: [u8; N] = [rand::random(); N];
             // Create a temporary directory
@@ -385,9 +238,9 @@ mod tests {
             std::fs::write(&example_file, encoded_public).unwrap();
 
             // Load the public from the example file
-            let loaded_public = T::load_b64::<{ N * 2 }, _>(&example_file).unwrap();
+            let loaded_public = Public::load_b64::<{ N * 2 }, _>(&example_file).unwrap();
             // Check that the loaded public matches the original bytes
-            assert_eq!(loaded_public.deref(), &original_bytes);
+            assert_eq!(&loaded_public.value, &original_bytes);
 
             // Store the loaded public to a different file in the temporary directory
             let new_file = temp_dir.path().join("new_file");
@@ -400,7 +253,7 @@ mod tests {
             // Check that the contents of the new file match the original file
             assert_eq!(new_file_contents, original_file_contents);
 
-            // Check new file permissions are public
+            //Check new file permissions are public
             let metadata = fs::metadata(&new_file).unwrap();
             assert_eq!(metadata.permissions().mode() & 0o000777, 0o644);
 
@@ -418,35 +271,9 @@ mod tests {
             // Check that the contents of the new file match the original file
             assert_eq!(new_file_contents, original_file_contents);
 
-            // Check new file permissions are public
+            //Check new file permissions are public
             let metadata = fs::metadata(&new_file).unwrap();
             assert_eq!(metadata.permissions().mode() & 0o000777, 0o644);
         }
-
-        /// Test loading a [Public] from an example file, and then storing it again in a new file
-        #[test]
-        fn test_public_load_store() {
-            run_load_store_test::<Public<N>>();
-        }
-
-        /// Test loading a [PublicBox] from an example file, and then storing it again in a new file
-        #[test]
-        fn test_public_box_load_store() {
-            run_load_store_test::<PublicBox<N>>();
-        }
-
-        /// Test loading a base64-encoded [Public] from an example file, and then storing it again
-        /// in a different file
-        #[test]
-        fn test_public_load_store_base64() {
-            run_base64_load_store_test::<Public<N>>();
-        }
-
-        /// Test loading a base64-encoded [PublicBox] from an example file, and then storing it
-        /// again in a different file
-        #[test]
-        fn test_public_box_load_store_base64() {
-            run_base64_load_store_test::<PublicBox<N>>();
-        }
     }
 }

secret-memory/src/secret.rs

@@ -321,147 +321,133 @@ impl<const N: usize> StoreSecret for Secret<N> {
 
 #[cfg(test)]
 mod test {
-    use crate::test_spawn_process_provided_policies;
-
     use super::*;
     use std::{fs, os::unix::fs::PermissionsExt};
     use tempfile::tempdir;
 
-    procspawn::enable_test_support!();
-
     /// check that we can alloc using the magic pool
     #[test]
     fn secret_memory_pool_take() {
-        test_spawn_process_provided_policies!({
-            const N: usize = 0x100;
-            let mut pool = SecretMemoryPool::new();
-            let secret: ZeroizingSecretBox<[u8; N]> = pool.take();
-            assert_eq!(secret.as_ref(), &[0; N]);
-        });
+        const N: usize = 0x100;
+        let mut pool = SecretMemoryPool::new();
+        let secret: ZeroizingSecretBox<[u8; N]> = pool.take();
+        assert_eq!(secret.as_ref(), &[0; N]);
     }
 
     /// check that a secret lives, even if its [SecretMemoryPool] is deleted
     #[test]
     fn secret_memory_pool_drop() {
-        test_spawn_process_provided_policies!({
-            const N: usize = 0x100;
-            let mut pool = SecretMemoryPool::new();
-            let secret: ZeroizingSecretBox<[u8; N]> = pool.take();
-            std::mem::drop(pool);
-            assert_eq!(secret.as_ref(), &[0; N]);
-        });
+        const N: usize = 0x100;
+        let mut pool = SecretMemoryPool::new();
+        let secret: ZeroizingSecretBox<[u8; N]> = pool.take();
+        std::mem::drop(pool);
+        assert_eq!(secret.as_ref(), &[0; N]);
     }
 
     /// check that a secret can be reborn, freshly initialized with zero
     #[test]
     fn secret_memory_pool_release() {
-        test_spawn_process_provided_policies!({
-            const N: usize = 1;
-            let mut pool = SecretMemoryPool::new();
-            let mut secret: ZeroizingSecretBox<[u8; N]> = pool.take();
-            let old_secret_ptr = secret.as_ref().as_ptr();
+        const N: usize = 1;
+        let mut pool = SecretMemoryPool::new();
+        let mut secret: ZeroizingSecretBox<[u8; N]> = pool.take();
+        let old_secret_ptr = secret.as_ref().as_ptr();
 
-            secret.as_mut()[0] = 0x13;
-            pool.release(secret);
+        secret.as_mut()[0] = 0x13;
+        pool.release(secret);
 
-            // now check that we get the same ptr
-            let new_secret: ZeroizingSecretBox<[u8; N]> = pool.take();
-            assert_eq!(old_secret_ptr, new_secret.as_ref().as_ptr());
+        // now check that we get the same ptr
+        let new_secret: ZeroizingSecretBox<[u8; N]> = pool.take();
+        assert_eq!(old_secret_ptr, new_secret.as_ref().as_ptr());
 
-            // and that the secret was zeroized
-            assert_eq!(new_secret.as_ref(), &[0; N]);
-        });
+        // and that the secret was zeroized
+        assert_eq!(new_secret.as_ref(), &[0; N]);
     }
 
     /// test loading a secret from an example file, and then storing it again in a different file
     #[test]
     fn test_secret_load_store() {
-        test_spawn_process_provided_policies!({
-            const N: usize = 100;
+        const N: usize = 100;
 
-            // Generate original random bytes
-            let original_bytes: [u8; N] = [rand::random(); N];
+        // Generate original random bytes
+        let original_bytes: [u8; N] = [rand::random(); N];
 
-            // Create a temporary directory
-            let temp_dir = tempdir().unwrap();
+        // Create a temporary directory
+        let temp_dir = tempdir().unwrap();
 
-            // Store the original secret to an example file in the temporary directory
-            let example_file = temp_dir.path().join("example_file");
-            std::fs::write(example_file.clone(), &original_bytes).unwrap();
+        // Store the original secret to an example file in the temporary directory
+        let example_file = temp_dir.path().join("example_file");
+        std::fs::write(example_file.clone(), &original_bytes).unwrap();
 
-            // Load the secret from the example file
-            let loaded_secret = Secret::load(&example_file).unwrap();
+        // Load the secret from the example file
+        let loaded_secret = Secret::load(&example_file).unwrap();
 
-            // Check that the loaded secret matches the original bytes
-            assert_eq!(loaded_secret.secret(), &original_bytes);
+        // Check that the loaded secret matches the original bytes
+        assert_eq!(loaded_secret.secret(), &original_bytes);
 
-            // Store the loaded secret to a different file in the temporary directory
-            let new_file = temp_dir.path().join("new_file");
-            loaded_secret.store(&new_file).unwrap();
+        // Store the loaded secret to a different file in the temporary directory
+        let new_file = temp_dir.path().join("new_file");
+        loaded_secret.store(&new_file).unwrap();
 
-            // Read the contents of the new file
-            let new_file_contents = fs::read(&new_file).unwrap();
+        // Read the contents of the new file
+        let new_file_contents = fs::read(&new_file).unwrap();
 
-            // Read the contents of the original file
-            let original_file_contents = fs::read(&example_file).unwrap();
+        // Read the contents of the original file
+        let original_file_contents = fs::read(&example_file).unwrap();
 
-            // Check that the contents of the new file match the original file
-            assert_eq!(new_file_contents, original_file_contents);
-        });
+        // Check that the contents of the new file match the original file
+        assert_eq!(new_file_contents, original_file_contents);
     }
 
     /// test loading a base64 encoded secret from an example file, and then storing it again in a different file
     #[test]
     fn test_secret_load_store_base64() {
-        test_spawn_process_provided_policies!({
-            const N: usize = 100;
-            // Generate original random bytes
-            let original_bytes: [u8; N] = [rand::random(); N];
-            // Create a temporary directory
-            let temp_dir = tempdir().unwrap();
-            let example_file = temp_dir.path().join("example_file");
-            let mut encoded_secret = [0u8; N * 2];
-            let encoded_secret = b64_encode(&original_bytes, &mut encoded_secret).unwrap();
+        const N: usize = 100;
+        // Generate original random bytes
+        let original_bytes: [u8; N] = [rand::random(); N];
+        // Create a temporary directory
+        let temp_dir = tempdir().unwrap();
+        let example_file = temp_dir.path().join("example_file");
+        let mut encoded_secret = [0u8; N * 2];
+        let encoded_secret = b64_encode(&original_bytes, &mut encoded_secret).unwrap();
 
-            std::fs::write(&example_file, encoded_secret).unwrap();
+        std::fs::write(&example_file, encoded_secret).unwrap();
 
-            // Load the secret from the example file
-            let loaded_secret = Secret::load_b64::<{ N * 2 }, _>(&example_file).unwrap();
-            // Check that the loaded secret matches the original bytes
-            assert_eq!(loaded_secret.secret(), &original_bytes);
+        // Load the secret from the example file
+        let loaded_secret = Secret::load_b64::<{ N * 2 }, _>(&example_file).unwrap();
+        // Check that the loaded secret matches the original bytes
+        assert_eq!(loaded_secret.secret(), &original_bytes);
 
-            // Store the loaded secret to a different file in the temporary directory
-            let new_file = temp_dir.path().join("new_file");
-            loaded_secret.store_b64::<{ N * 2 }, _>(&new_file).unwrap();
+        // Store the loaded secret to a different file in the temporary directory
+        let new_file = temp_dir.path().join("new_file");
+        loaded_secret.store_b64::<{ N * 2 }, _>(&new_file).unwrap();
 
-            // Read the contents of the new file
-            let new_file_contents = fs::read(&new_file).unwrap();
-            // Read the contents of the original file
-            let original_file_contents = fs::read(&example_file).unwrap();
-            // Check that the contents of the new file match the original file
-            assert_eq!(new_file_contents, original_file_contents);
+        // Read the contents of the new file
+        let new_file_contents = fs::read(&new_file).unwrap();
+        // Read the contents of the original file
+        let original_file_contents = fs::read(&example_file).unwrap();
+        // Check that the contents of the new file match the original file
+        assert_eq!(new_file_contents, original_file_contents);
 
-            //Check new file permissions are secret
-            let metadata = fs::metadata(&new_file).unwrap();
-            assert_eq!(metadata.permissions().mode() & 0o000777, 0o600);
+        //Check new file permissions are secret
+        let metadata = fs::metadata(&new_file).unwrap();
+        assert_eq!(metadata.permissions().mode() & 0o000777, 0o600);
 
-            // Store the loaded secret to a different file in the temporary directory for a second time
-            let new_file = temp_dir.path().join("new_file_writer");
-            let new_file_writer = fopen_w(new_file.clone(), Visibility::Secret).unwrap();
-            loaded_secret
-                .store_b64_writer::<{ N * 2 }, _>(&new_file_writer)
-                .unwrap();
+        // Store the loaded secret to a different file in the temporary directory for a second time
+        let new_file = temp_dir.path().join("new_file_writer");
+        let new_file_writer = fopen_w(new_file.clone(), Visibility::Secret).unwrap();
+        loaded_secret
+            .store_b64_writer::<{ N * 2 }, _>(&new_file_writer)
+            .unwrap();
 
-            // Read the contents of the new file
-            let new_file_contents = fs::read(&new_file).unwrap();
-            // Read the contents of the original file
-            let original_file_contents = fs::read(&example_file).unwrap();
-            // Check that the contents of the new file match the original file
-            assert_eq!(new_file_contents, original_file_contents);
+        // Read the contents of the new file
+        let new_file_contents = fs::read(&new_file).unwrap();
+        // Read the contents of the original file
+        let original_file_contents = fs::read(&example_file).unwrap();
+        // Check that the contents of the new file match the original file
+        assert_eq!(new_file_contents, original_file_contents);
 
-            //Check new file permissions are secret
-            let metadata = fs::metadata(&new_file).unwrap();
-            assert_eq!(metadata.permissions().mode() & 0o000777, 0o600);
-        });
+        //Check new file permissions are secret
+        let metadata = fs::metadata(&new_file).unwrap();
+        assert_eq!(metadata.permissions().mode() & 0o000777, 0o600);
     }
 }

wireguard-broker/Cargo.toml

@@ -19,7 +19,7 @@ wireguard-uapi = { workspace = true }
 
 # Socket handler only
 rosenpass-to = { workspace = true }
-tokio = { version = "1.38.1", features = ["sync", "full", "mio"] }
+tokio = { version = "1.38.0", features = ["sync", "full", "mio"] }
 anyhow = { workspace = true }
 clap = { workspace = true }
 env_logger = { workspace = true }
@@ -33,7 +33,6 @@ rosenpass-util = { workspace = true }
 
 [dev-dependencies]
 rand = {workspace = true}
-procspawn = {workspace = true}
 
 [features]
 enable_broker_api=[]
@@ -44,7 +43,6 @@ path = "src/bin/priviledged.rs"
 test = false
 doc = false
 required-features=["enable_broker_api"]
-cfg = { target_os = "linux" } 
 
 [[bin]]
 name = "rosenpass-wireguard-broker-socket-handler"
@@ -52,4 +50,3 @@ test = false
 path = "src/bin/socket_handler.rs"
 doc = false
 required-features=["enable_broker_api"]
-cfg = { target_os = "linux" } 

wireguard-broker/src/bin/priviledged.rs

@@ -1,67 +1,56 @@
-fn main() {
-    #[cfg(target_os = "linux")]
-    linux::main().unwrap();
+use std::io::{stdin, stdout, Read, Write};
+use std::result::Result;
 
-    #[cfg(not(target_os = "linux"))]
-    panic!("This binary is only supported on Linux");
+use rosenpass_wireguard_broker::api::msgs;
+use rosenpass_wireguard_broker::api::server::BrokerServer;
+use rosenpass_wireguard_broker::brokers::netlink as wg;
+
+#[derive(thiserror::Error, Debug)]
+pub enum BrokerAppError {
+    #[error(transparent)]
+    IoError(#[from] std::io::Error),
+    #[error(transparent)]
+    WgConnectError(#[from] wg::ConnectError),
+    #[error(transparent)]
+    WgSetPskError(#[from] wg::SetPskError),
+    #[error("Oversized message {}; something about the request is fatally wrong", .0)]
+    OversizedMessage(u64),
 }
 
-#[cfg(target_os = "linux")]
-pub mod linux {
-    use std::io::{stdin, stdout, Read, Write};
-    use std::result::Result;
+fn main() -> Result<(), BrokerAppError> {
+    let mut broker = BrokerServer::new(wg::NetlinkWireGuardBroker::new()?);
 
-    use rosenpass_wireguard_broker::api::msgs;
-    use rosenpass_wireguard_broker::api::server::BrokerServer;
-    use rosenpass_wireguard_broker::brokers::netlink as wg;
+    let mut stdin = stdin().lock();
+    let mut stdout = stdout().lock();
+    loop {
+        // Read the message length
+        let mut len = [0u8; 8];
+        stdin.read_exact(&mut len)?;
 
-    #[derive(thiserror::Error, Debug)]
-    pub enum BrokerAppError {
-        #[error(transparent)]
-        IoError(#[from] std::io::Error),
-        #[error(transparent)]
-        WgConnectError(#[from] wg::ConnectError),
-        #[error(transparent)]
-        WgSetPskError(#[from] wg::SetPskError),
-        #[error("Oversized message {}; something about the request is fatally wrong", .0)]
-        OversizedMessage(u64),
-    }
-
-    pub fn main() -> Result<(), BrokerAppError> {
-        let mut broker = BrokerServer::new(wg::NetlinkWireGuardBroker::new()?);
-
-        let mut stdin = stdin().lock();
-        let mut stdout = stdout().lock();
-        loop {
-            // Read the message length
-            let mut len = [0u8; 8];
-            stdin.read_exact(&mut len)?;
-
-            // Parse the message length
-            let len = u64::from_le_bytes(len);
-            if (len as usize) > msgs::REQUEST_MSG_BUFFER_SIZE {
-                return Err(BrokerAppError::OversizedMessage(len));
-            }
-
-            // Read the message itself
-            let mut req_buf = [0u8; msgs::REQUEST_MSG_BUFFER_SIZE];
-            let req_buf = &mut req_buf[..(len as usize)];
-            stdin.read_exact(req_buf)?;
-
-            // Process the message
-            let mut res_buf = [0u8; msgs::RESPONSE_MSG_BUFFER_SIZE];
-            let res = match broker.handle_message(req_buf, &mut res_buf) {
-                Ok(len) => &res_buf[..len],
-                Err(e) => {
-                    eprintln!("Error processing message for wireguard PSK broker: {e:?}");
-                    continue;
-                }
-            };
-
-            // Write the response
-            stdout.write_all(&(res.len() as u64).to_le_bytes())?;
-            stdout.write_all(&res)?;
-            stdout.flush()?;
+        // Parse the message length
+        let len = u64::from_le_bytes(len);
+        if (len as usize) > msgs::REQUEST_MSG_BUFFER_SIZE {
+            return Err(BrokerAppError::OversizedMessage(len));
         }
+
+        // Read the message itself
+        let mut req_buf = [0u8; msgs::REQUEST_MSG_BUFFER_SIZE];
+        let req_buf = &mut req_buf[..(len as usize)];
+        stdin.read_exact(req_buf)?;
+
+        // Process the message
+        let mut res_buf = [0u8; msgs::RESPONSE_MSG_BUFFER_SIZE];
+        let res = match broker.handle_message(req_buf, &mut res_buf) {
+            Ok(len) => &res_buf[..len],
+            Err(e) => {
+                eprintln!("Error processing message for wireguard PSK broker: {e:?}");
+                continue;
+            }
+        };
+
+        // Write the response
+        stdout.write_all(&(res.len() as u64).to_le_bytes())?;
+        stdout.write_all(&res)?;
+        stdout.flush()?;
     }
 }

wireguard-broker/src/brokers/mod.rs

@@ -1,6 +1,6 @@
 #[cfg(feature = "enable_broker_api")]
 pub mod mio_client;
-#[cfg(all(feature = "enable_broker_api", target_os = "linux"))]
+#[cfg(feature = "enable_broker_api")]
 pub mod netlink;
 
 pub mod native_unix;

wireguard-broker/src/brokers/netlink.rs

@@ -1,5 +1,3 @@
-#![cfg(target_os = "linux")]
-
 use std::fmt::Debug;
 
 use wireguard_uapi::linux as wg;
@@ -79,7 +77,7 @@ impl WireGuardBroker for NetlinkWireGuardBroker {
     fn set_psk(&mut self, config: SerializedBrokerConfig) -> Result<(), Self::Error> {
         let config: NetworkBrokerConfig = config
             .try_into()
-            .map_err(|_e| SetPskError::NoSuchInterface)?;
+            .map_err(|e| SetPskError::NoSuchInterface)?;
         // Ensure that the peer exists by querying the device configuration
         // TODO: Use InvalidInterfaceError
 

wireguard-broker/tests/integration.rs

@@ -53,88 +53,82 @@ mod integration_tests {
         }
     }
 
-    procspawn::enable_test_support!();
-
     #[test]
     fn test_psk_exchanges() {
         const TEST_RUNS: usize = 100;
 
-        use rosenpass_secret_memory::test_spawn_process_provided_policies;
+        let server_broker_inner = Arc::new(Mutex::new(MockServerBrokerInner::default()));
+        // Create a mock BrokerServer
+        let server_broker = MockServerBroker::new(server_broker_inner.clone());
 
-        test_spawn_process_provided_policies!({
-            let server_broker_inner = Arc::new(Mutex::new(MockServerBrokerInner::default()));
-            // Create a mock BrokerServer
-            let server_broker = MockServerBroker::new(server_broker_inner.clone());
+        let mut server = BrokerServer::<SetPskError, MockServerBroker>::new(server_broker);
 
-            let mut server = BrokerServer::<SetPskError, MockServerBroker>::new(server_broker);
-
-            let (client_socket, mut server_socket) = mio::net::UnixStream::pair().unwrap();
-
-            // Spawn a new thread to connect to the unix socket
-            let handle = std::thread::spawn(move || {
-                for _ in 0..TEST_RUNS {
-                    // Wait for 8 bytes of length to come in
-                    let mut length_buffer = [0; 8];
-
-                    while let Err(_err) = server_socket.read_exact(&mut length_buffer) {}
-
-                    let length = u64::from_le_bytes(length_buffer) as usize;
-
-                    // Read the amount of length bytes into a buffer
-                    let mut data_buffer = [0; REQUEST_MSG_BUFFER_SIZE];
-                    while let Err(_err) = server_socket.read_exact(&mut data_buffer[0..length]) {}
-
-                    let mut response = [0; RESPONSE_MSG_BUFFER_SIZE];
-                    server.handle_message(&data_buffer[0..length], &mut response)?;
-                }
-                Ok::<(), BrokerServerError>(())
-            });
-
-            // Create a MioBrokerClient and send a psk
-            let mut client = MioBrokerClient::new(client_socket);
+        let (client_socket, mut server_socket) = mio::net::UnixStream::pair().unwrap();
 
+        // Spawn a new thread to connect to the unix socket
+        let handle = std::thread::spawn(move || {
             for _ in 0..TEST_RUNS {
-                //Create psk of random 32 bytes
-                let psk = Secret::random();
-                let peer_id = Public::random();
-                let interface = "test";
-                let config = SerializedBrokerConfig {
-                    psk: &psk,
-                    peer_id: &peer_id,
-                    interface: interface.as_bytes(),
-                    additional_params: &[],
-                };
-                client.set_psk(config).unwrap();
+                // Wait for 8 bytes of length to come in
+                let mut length_buffer = [0; 8];
 
-                //Sleep for a while to allow the server to process the message
-                std::thread::sleep(std::time::Duration::from_millis(
-                    rand::thread_rng().gen_range(100..500),
-                ));
+                while let Err(_err) = server_socket.read_exact(&mut length_buffer) {}
 
-                let psk = psk.secret().to_owned();
+                let length = u64::from_le_bytes(length_buffer) as usize;
 
-                loop {
-                    let mut lock = server_broker_inner.try_lock();
+                // Read the amount of length bytes into a buffer
+                let mut data_buffer = [0; REQUEST_MSG_BUFFER_SIZE];
+                while let Err(_err) = server_socket.read_exact(&mut data_buffer[0..length]) {}
 
-                    if let Ok(ref mut inner) = lock {
-                        // Check if the psk is received by the server
-                        let received_psk = &inner.psk;
-                        assert_eq!(
-                            received_psk.as_ref().map(|psk| psk.secret().to_owned()),
-                            Some(psk)
-                        );
+                let mut response = [0; RESPONSE_MSG_BUFFER_SIZE];
+                server.handle_message(&data_buffer[0..length], &mut response)?;
+            }
+            Ok::<(), BrokerServerError>(())
+        });
 
-                        let recieved_peer_id = inner.peer_id;
-                        assert_eq!(recieved_peer_id, Some(peer_id));
+        // Create a MioBrokerClient and send a psk
+        let mut client = MioBrokerClient::new(client_socket);
 
-                        let target_interface = &inner.interface;
-                        assert_eq!(target_interface.as_deref(), Some(interface));
+        for _ in 0..TEST_RUNS {
+            //Create psk of random 32 bytes
+            let psk = Secret::random();
+            let peer_id = Public::random();
+            let interface = "test";
+            let config = SerializedBrokerConfig {
+                psk: &psk,
+                peer_id: &peer_id,
+                interface: interface.as_bytes(),
+                additional_params: &[],
+            };
+            client.set_psk(config).unwrap();
 
-                        break;
-                    }
+            //Sleep for a while to allow the server to process the message
+            std::thread::sleep(std::time::Duration::from_millis(
+                rand::thread_rng().gen_range(100..500),
+            ));
+
+            let psk = psk.secret().to_owned();
+
+            loop {
+                let mut lock = server_broker_inner.try_lock();
+
+                if let Ok(ref mut inner) = lock {
+                    // Check if the psk is received by the server
+                    let received_psk = &inner.psk;
+                    assert_eq!(
+                        received_psk.as_ref().map(|psk| psk.secret().to_owned()),
+                        Some(psk)
+                    );
+
+                    let recieved_peer_id = inner.peer_id;
+                    assert_eq!(recieved_peer_id, Some(peer_id));
+
+                    let target_interface = &inner.interface;
+                    assert_eq!(target_interface.as_deref(), Some(interface));
+
+                    break;
                 }
             }
-            handle.join().unwrap().unwrap();
-        });
+        }
+        handle.join().unwrap().unwrap();
     }
 }