gitea-mirror/rosenpass
1
0
Fork 0
mirror of https://github.com/rosenpass/rosenpass.git synced 2026-02-28 14:33:37 -08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: gitea-mirror:dev/karo/sha3-and-crypto-trait-and-libcrux
Branches Tags
gitea-mirror:main gitea-mirror:gh-pages gitea-mirror:arabich/analyze_py/ast gitea-mirror:blipp/analyze_py/compat gitea-mirror:dependabot/github_actions/actions/cache-5 gitea-mirror:papers-pdf gitea-mirror:dependabot/github_actions/stefanzweifel/git-auto-commit-action-7 gitea-mirror:arabich/analyze_py/awk gitea-mirror:analyze_py gitea-mirror:dev/karo/api-transports gitea-mirror:dependabot/github_actions/actions/download-artifact-6 gitea-mirror:dependabot/cargo/anyhow-1.0.100 gitea-mirror:dependabot/github_actions/cachix/cachix-action-16 gitea-mirror:dependabot/cargo/clap_complete-4.5.48 gitea-mirror:dev/karo/fix-mac-build gitea-mirror:dependabot/cargo/base64ct-1.8.0 gitea-mirror:dependabot/cargo/thiserror-2.0.11 gitea-mirror:dependabot/cargo/clap-4.5.37 gitea-mirror:dependabot/github_actions/cachix/install-nix-action-31 gitea-mirror:dev/karo/disable-benchmarks gitea-mirror:dev/karo/keks-benchmarks-ci-fix gitea-mirror:dev/karo/test-pr/keks/benchmarks gitea-mirror:dev/karo/atomic-polyfill-fix gitea-mirror:dev/david/cargo-crev-and-dependabot gitea-mirror:dev/karo/sha3-and-crypto-trait-and-libcrux gitea-mirror:dev/blipp/build_with_experiment_api gitea-mirror:dev/karo/rp-smoke-test gitea-mirror:dev/karo/docs_and_unit_tests gitea-mirror:dev/karo/cli_config_docs gitea-mirror:docu-tests-to gitea-mirror:dev/karo/api-integration-test-coverage-reporting gitea-mirror:systemd-unit-files gitea-mirror:dev/karo/hash-based-retransmission gitea-mirror:dev/update-cargolock gitea-mirror:dev/flake-maintenance gitea-mirror:revert-431-cargo-fmt gitea-mirror:alice/changelog gitea-mirror:dev/karo/macos-fix gitea-mirror:dev/karo/api gitea-mirror:dev/cve/dead-mockbrocker gitea-mirror:dev/karo/libcrux_chacha20poly1305 gitea-mirror:macos-runner gitea-mirror:regression-test gitea-mirror:feat/improved-memfd-allocation gitea-mirror:dev/karo/historical-symbolic-models-identity-hiding-dos-protection gitea-mirror:dev/karo/rollback-proofs gitea-mirror:v0.2.x gitea-mirror:bench gitea-mirror:dev/broker-architecture gitea-mirror:dev/broker-architecture-hermit gitea-mirror:dev/old-digital-phoenix-identity-hiding-pr gitea-mirror:dev/broker-architecture-2024-01-27-backup-pre-history-cleanup-with-initial-podman gitea-mirror:dev/improve-logging gitea-mirror:dev/add-dev-container gitea-mirror:dev/karo/merge-cookie-mechanism gitea-mirror:dev/karo/protocol-version-2 gitea-mirror:dev/add-uds gitea-mirror:dev/refine-logging gitea-mirror:dev/redo-retransmission gitea-mirror:dev/rustify-rp gitea-mirror:dev/add-osx-ci gitea-mirror:dev/wucke13
gitea-mirror:v0.2.2 gitea-mirror:v0.2.1 gitea-mirror:v0.2.1-rc.3 gitea-mirror:rosenpass-v0.2.1-rc.2 gitea-mirror:rosenpass-v0.2.1-rc.1 gitea-mirror:v0.2.0 gitea-mirror:v0.2.0-rc.1 gitea-mirror:v0.1.2-rc.4 gitea-mirror:v0.1.2-rc.3 gitea-mirror:v0.1.2-rc.2 gitea-mirror:v0.1.2-rc.1 gitea-mirror:whitepaper-release gitea-mirror:v0.1.1 gitea-mirror:v0.1.1-rc.7 gitea-mirror:v0.1.1-rc.5 gitea-mirror:v0.1.1-rc.4 gitea-mirror:v0.1.1-rc.3 gitea-mirror:v0.1.1-rc.2 gitea-mirror:v0.1.1-rc.1
..
compare: gitea-mirror:docu-tests-to
Branches Tags
gitea-mirror:gh-pages gitea-mirror:arabich/analyze_py/ast gitea-mirror:blipp/analyze_py/compat gitea-mirror:dependabot/github_actions/actions/cache-5 gitea-mirror:papers-pdf gitea-mirror:dependabot/github_actions/stefanzweifel/git-auto-commit-action-7 gitea-mirror:main gitea-mirror:arabich/analyze_py/awk gitea-mirror:analyze_py gitea-mirror:dev/karo/api-transports gitea-mirror:dependabot/github_actions/actions/download-artifact-6 gitea-mirror:dependabot/cargo/anyhow-1.0.100 gitea-mirror:dependabot/github_actions/cachix/cachix-action-16 gitea-mirror:dependabot/cargo/clap_complete-4.5.48 gitea-mirror:dev/karo/fix-mac-build gitea-mirror:dependabot/cargo/base64ct-1.8.0 gitea-mirror:dependabot/cargo/thiserror-2.0.11 gitea-mirror:dependabot/cargo/clap-4.5.37 gitea-mirror:dependabot/github_actions/cachix/install-nix-action-31 gitea-mirror:dev/karo/disable-benchmarks gitea-mirror:dev/karo/keks-benchmarks-ci-fix gitea-mirror:dev/karo/test-pr/keks/benchmarks gitea-mirror:dev/karo/atomic-polyfill-fix gitea-mirror:dev/david/cargo-crev-and-dependabot gitea-mirror:dev/karo/sha3-and-crypto-trait-and-libcrux gitea-mirror:dev/blipp/build_with_experiment_api gitea-mirror:dev/karo/rp-smoke-test gitea-mirror:dev/karo/docs_and_unit_tests gitea-mirror:dev/karo/cli_config_docs gitea-mirror:docu-tests-to gitea-mirror:dev/karo/api-integration-test-coverage-reporting gitea-mirror:systemd-unit-files gitea-mirror:dev/karo/hash-based-retransmission gitea-mirror:dev/update-cargolock gitea-mirror:dev/flake-maintenance gitea-mirror:revert-431-cargo-fmt gitea-mirror:alice/changelog gitea-mirror:dev/karo/macos-fix gitea-mirror:dev/karo/api gitea-mirror:dev/cve/dead-mockbrocker gitea-mirror:dev/karo/libcrux_chacha20poly1305 gitea-mirror:macos-runner gitea-mirror:regression-test gitea-mirror:feat/improved-memfd-allocation gitea-mirror:dev/karo/historical-symbolic-models-identity-hiding-dos-protection gitea-mirror:dev/karo/rollback-proofs gitea-mirror:v0.2.x gitea-mirror:bench gitea-mirror:dev/broker-architecture gitea-mirror:dev/broker-architecture-hermit gitea-mirror:dev/old-digital-phoenix-identity-hiding-pr gitea-mirror:dev/broker-architecture-2024-01-27-backup-pre-history-cleanup-with-initial-podman gitea-mirror:dev/improve-logging gitea-mirror:dev/add-dev-container gitea-mirror:dev/karo/merge-cookie-mechanism gitea-mirror:dev/karo/protocol-version-2 gitea-mirror:dev/add-uds gitea-mirror:dev/refine-logging gitea-mirror:dev/redo-retransmission gitea-mirror:dev/rustify-rp gitea-mirror:dev/add-osx-ci gitea-mirror:dev/wucke13
gitea-mirror:v0.2.2 gitea-mirror:v0.2.1 gitea-mirror:v0.2.1-rc.3 gitea-mirror:rosenpass-v0.2.1-rc.2 gitea-mirror:rosenpass-v0.2.1-rc.1 gitea-mirror:v0.2.0 gitea-mirror:v0.2.0-rc.1 gitea-mirror:v0.1.2-rc.4 gitea-mirror:v0.1.2-rc.3 gitea-mirror:v0.1.2-rc.2 gitea-mirror:v0.1.2-rc.1 gitea-mirror:whitepaper-release gitea-mirror:v0.1.1 gitea-mirror:v0.1.1-rc.7 gitea-mirror:v0.1.1-rc.5 gitea-mirror:v0.1.1-rc.4 gitea-mirror:v0.1.1-rc.3 gitea-mirror:v0.1.1-rc.2 gitea-mirror:v0.1.1-rc.1

4 Commits
dev/karo/s ... docu-tests

Author SHA1 Message Date
Karolin Varner
caf91c84f0 chore: Remove unused warning in api integration test 2024-12-18 13:45:38 +01:00
Karolin Varner
f5b4c17011 fix: Disable asserts that rely on timing characteristics during coverage testing 2024-12-18 13:45:38 +01:00
Karolin Varner
12506e5f95 chore: Final improvements on the to crate API doc 2024-12-18 13:45:38 +01:00
David Niehues
965600212d docs+doctest(to): Add tests, examples and documentation to the to-crate 2024-12-18 13:45:38 +01:00
134 changed files with 1471 additions and 10410 deletions
Expand all files Collapse all files

1
.dockerignore
View File

@@ -1 +0,0 @@
.gitignore

288
.github/workflows/docker.yaml vendored
View File

@@ -1,288 +0,0 @@
name: Build Docker Images
# Run this job on all non-pull-request events,
# or if Docker-related files are changed in a pull request.
on:
push:
branches:
- "main"
tags:
- "v*"
pull_request:
paths:
- "docker/Dockerfile"
- ".github/workflows/docker.yaml"
branches:
- "main"
permissions:
contents: read
packages: write
jobs:
# --------------------------------
# 1. BUILD & TEST
# --------------------------------
build-and-test-rp:
strategy:
matrix:
arch: [amd64, arm64]
runs-on: ${{ matrix.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build (no push) and Load
id: build
uses: docker/build-push-action@v6
with:
context: .
file: docker/Dockerfile
# no pushing here, so we can test locally
push: false
# load the built image into the local Docker daemon on the runner
load: true
target: rosenpass
tags: rosenpass:test
platforms: linux/${{ matrix.arch }}
- name: Integration Test - Standalone Key Exchange
run: |
# Create separate workdirs
mkdir -p workdir-server workdir-client
# Create a Docker network
docker network create -d bridge rp
echo "=== GENERATE SERVER KEYS ==="
docker run --rm \
-v $PWD/workdir-server:/workdir \
rosenpass:test gen-keys \
--public-key=workdir/server-public \
--secret-key=workdir/server-secret
echo "=== GENERATE CLIENT KEYS ==="
docker run --rm \
-v $PWD/workdir-client:/workdir \
rosenpass:test gen-keys \
--public-key=workdir/client-public \
--secret-key=workdir/client-secret
echo "=== SHARE PUBLIC KEYS ==="
cp workdir-client/client-public workdir-server/client-public
cp workdir-server/server-public workdir-client/server-public
echo "=== START SERVER CONTAINER ==="
docker run -d --rm \
--name rpserver \
--network rp \
-v $PWD/workdir-server:/workdir \
rosenpass:test exchange \
private-key workdir/server-secret \
public-key workdir/server-public \
listen 0.0.0.0:9999 \
peer public-key workdir/client-public \
outfile workdir/server-sharedkey
# Get the container IP of the server
SERVER_IP=$(docker inspect --format='{{.NetworkSettings.Networks.rp.IPAddress}}' rpserver)
echo "SERVER_IP=$SERVER_IP"
echo "=== START CLIENT CONTAINER ==="
docker run -d --rm \
--name rpclient \
--network rp \
-v $PWD/workdir-client:/workdir \
rosenpass:test exchange \
private-key workdir/client-secret \
public-key workdir/client-public \
peer public-key workdir/server-public \
endpoint ${SERVER_IP}:9999 \
outfile workdir/client-sharedkey
echo "=== COMPARE SHARED KEYS ==="
echo "Waiting up to 30 seconds for the server to generate 'server-sharedkey'..."
for i in $(seq 1 30); do
if [ -f "workdir-server/server-sharedkey" ]; then
echo "server-sharedkey found!"
break
fi
sleep 1
done
sudo cmp workdir-server/server-sharedkey workdir-client/client-sharedkey
echo "Standalone Key Exchange test OK."
# --------------------------------
# 2. PUSH (only if tests pass)
# --------------------------------
docker-image-rp:
needs:
- build-and-test-rp
# Skip if this is not a PR. Then we want to push this image.
if: ${{ github.event_name != 'pull_request' }}
# Use a matrix to build for both AMD64 and ARM64
strategy:
matrix:
arch: [amd64, arm64]
# Switch the runner based on the architecture
runs-on: ${{ matrix.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.actor }}/rp
labels: |
maintainer=Karolin Varner <karo@cupdev.net>, wucke13 <wucke13@gmail.com>
org.opencontainers.image.authors=Karolin Varner <karo@cupdev.net>, wucke13 <wucke13@gmail.com>
org.opencontainers.image.title=Rosenpass
org.opencontainers.image.description=The rp command-line integrates Rosenpass and WireGuard to help you create a VPN
org.opencontainers.image.vendor=Rosenpass e.V.
org.opencontainers.image.licenses=MIT OR Apache-2.0
org.opencontainers.image.url=https://rosenpass.eu
org.opencontainers.image.documentation=https://rosenpass.eu/docs/
org.opencontainers.image.source=https://github.com/rosenpass/rosenpass
- name: Log in to registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push by digest
id: build
uses: docker/build-push-action@v6
with:
context: .
file: docker/Dockerfile
push: ${{ github.event_name != 'pull_request' }}
labels: ${{ steps.meta.outputs.labels }}
tags: ghcr.io/${{ github.actor }}/rp
target: rp
platforms: linux/${{ matrix.arch }}
outputs: type=image,push-by-digest=true,name-canonical=true,push=true
- name: Export digest
run: |
mkdir -p ${{ runner.temp }}/digests
digest="${{ steps.build.outputs.digest }}"
touch "${{ runner.temp }}/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-rp-${{ matrix.arch }}
path: ${{ runner.temp }}/digests/*
if-no-files-found: error
retention-days: 1
docker-image-rosenpass:
needs:
- build-and-test-rp
# Skip if this is not a PR. Then we want to push this image.
if: ${{ github.event_name != 'pull_request' }}
# Use a matrix to build for both AMD64 and ARM64
strategy:
matrix:
arch: [amd64, arm64]
# Switch the runner based on the architecture
runs-on: ${{ matrix.arch == 'arm64' && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.actor }}/rosenpass
labels: |
maintainer=Karolin Varner <karo@cupdev.net>, wucke13 <wucke13@gmail.com>
org.opencontainers.image.authors=Karolin Varner <karo@cupdev.net>, wucke13 <wucke13@gmail.com>
org.opencontainers.image.title=Rosenpass
org.opencontainers.image.description=Reference implementation of the protocol rosenpass protocol
org.opencontainers.image.vendor=Rosenpass e.V.
org.opencontainers.image.licenses=MIT OR Apache-2.0
org.opencontainers.image.url=https://rosenpass.eu
org.opencontainers.image.documentation=https://rosenpass.eu/docs/
org.opencontainers.image.source=https://github.com/rosenpass/rosenpass
- name: Log in to registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push by digest
id: build
uses: docker/build-push-action@v6
with:
context: .
file: docker/Dockerfile
push: ${{ github.event_name != 'pull_request' }}
labels: ${{ steps.meta.outputs.labels }}
tags: ghcr.io/${{ github.actor }}/rosenpass
target: rosenpass
platforms: linux/${{ matrix.arch }}
outputs: type=image,push-by-digest=true,name-canonical=true,push=true
- name: Export digest
run: |
mkdir -p ${{ runner.temp }}/digests
digest="${{ steps.build.outputs.digest }}"
touch "${{ runner.temp }}/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-rosenpass-${{ matrix.arch }}
path: ${{ runner.temp }}/digests/*
if-no-files-found: error
retention-days: 1
merge-digests:
runs-on: ubuntu-latest
needs:
- docker-image-rosenpass
- docker-image-rp
if: ${{ github.event_name != 'pull_request' }}
strategy:
matrix:
target: [rp, rosenpass]
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: ${{ runner.temp }}/digests
pattern: digests-${{ matrix.target }}-*
merge-multiple: true
- name: Log in to registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.actor }}/${{ matrix.target }}
tags: |
type=edge,branch=main
type=sha,branch=main
type=semver,pattern={{version}}
- name: Create manifest list and push
working-directory: ${{ runner.temp }}/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf 'ghcr.io/${{ github.actor }}/${{ matrix.target }}@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect ghcr.io/${{ github.actor }}/${{ matrix.target }}:${{ steps.meta.outputs.version }}

113
.github/workflows/nix-mac.yaml vendored
View File

@@ -1,113 +0,0 @@
name: Nix on Mac
permissions:
contents: write
on:
push:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
aarch64-darwin---default:
name: Build aarch64-darwin.default
runs-on:
- warp-macos-13-arm64-6x
needs:
- aarch64-darwin---rosenpass
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v15
with:
name: rosenpass
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Build
run: nix build .#packages.aarch64-darwin.default --print-build-logs
aarch64-darwin---release-package:
name: Build aarch64-darwin.release-package
runs-on:
- warp-macos-13-arm64-6x
needs:
- aarch64-darwin---rosenpass
- aarch64-darwin---rp
- aarch64-darwin---rosenpass-oci-image
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v15
with:
name: rosenpass
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Build
run: nix build .#packages.aarch64-darwin.release-package --print-build-logs
aarch64-darwin---rosenpass:
name: Build aarch64-darwin.rosenpass
runs-on:
- warp-macos-13-arm64-6x
needs: []
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v15
with:
name: rosenpass
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Build
run: nix build .#packages.aarch64-darwin.rosenpass --print-build-logs
aarch64-darwin---rp:
name: Build aarch64-darwin.rp
runs-on:
- warp-macos-13-arm64-6x
needs: []
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v15
with:
name: rosenpass
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Build
run: nix build .#packages.aarch64-darwin.rp --print-build-logs
aarch64-darwin---rosenpass-oci-image:
name: Build aarch64-darwin.rosenpass-oci-image
runs-on:
- warp-macos-13-arm64-6x
needs:
- aarch64-darwin---rosenpass
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v15
with:
name: rosenpass
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Build
run: nix build .#packages.aarch64-darwin.rosenpass-oci-image --print-build-logs
aarch64-darwin---check:
name: Run Nix checks on aarch64-darwin
runs-on:
- warp-macos-13-arm64-6x
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v15
with:
name: rosenpass
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Check
run: nix flake check . --print-build-logs

146
.github/workflows/nix.yaml vendored
View File

@@ -15,7 +15,7 @@ jobs:
i686-linux---default:
name: Build i686-linux.default
runs-on:
- ubicloud-standard-2-ubuntu-2204
- ubuntu-latest
needs:
- i686-linux---rosenpass
steps:
@@ -32,7 +32,7 @@ jobs:
i686-linux---rosenpass:
name: Build i686-linux.rosenpass
runs-on:
- ubicloud-standard-2-ubuntu-2204
- ubuntu-latest
needs: []
steps:
- uses: actions/checkout@v4
@@ -48,7 +48,7 @@ jobs:
i686-linux---rosenpass-oci-image:
name: Build i686-linux.rosenpass-oci-image
runs-on:
- ubicloud-standard-2-ubuntu-2204
- ubuntu-latest
needs:
- i686-linux---rosenpass
steps:
@@ -65,7 +65,107 @@ jobs:
i686-linux---check:
name: Run Nix checks on i686-linux
runs-on:
- ubicloud-standard-2-ubuntu-2204
- ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v15
with:
name: rosenpass
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Check
run: nix flake check . --print-build-logs
x86_64-darwin---default:
name: Build x86_64-darwin.default
runs-on:
- macos-13
needs:
- x86_64-darwin---rosenpass
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v15
with:
name: rosenpass
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Build
run: nix build .#packages.x86_64-darwin.default --print-build-logs
x86_64-darwin---release-package:
name: Build x86_64-darwin.release-package
runs-on:
- macos-13
needs:
- x86_64-darwin---rosenpass
- x86_64-darwin---rp
- x86_64-darwin---rosenpass-oci-image
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v15
with:
name: rosenpass
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Build
run: nix build .#packages.x86_64-darwin.release-package --print-build-logs
x86_64-darwin---rosenpass:
name: Build x86_64-darwin.rosenpass
runs-on:
- macos-13
needs: []
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v15
with:
name: rosenpass
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Build
run: nix build .#packages.x86_64-darwin.rosenpass --print-build-logs
x86_64-darwin---rp:
name: Build x86_64-darwin.rp
runs-on:
- macos-13
needs: []
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v15
with:
name: rosenpass
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Build
run: nix build .#packages.x86_64-darwin.rp --print-build-logs
x86_64-darwin---rosenpass-oci-image:
name: Build x86_64-darwin.rosenpass-oci-image
runs-on:
- macos-13
needs:
- x86_64-darwin---rosenpass
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v15
with:
name: rosenpass
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Build
run: nix build .#packages.x86_64-darwin.rosenpass-oci-image --print-build-logs
x86_64-darwin---check:
name: Run Nix checks on x86_64-darwin
runs-on:
- macos-13
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
@@ -80,7 +180,7 @@ jobs:
x86_64-linux---default:
name: Build x86_64-linux.default
runs-on:
- ubicloud-standard-2-ubuntu-2204
- ubuntu-latest
needs:
- x86_64-linux---rosenpass
steps:
@@ -97,7 +197,7 @@ jobs:
x86_64-linux---proof-proverif:
name: Build x86_64-linux.proof-proverif
runs-on:
- ubicloud-standard-2-ubuntu-2204
- ubuntu-latest
needs:
- x86_64-linux---proverif-patched
steps:
@@ -114,7 +214,7 @@ jobs:
x86_64-linux---proverif-patched:
name: Build x86_64-linux.proverif-patched
runs-on:
- ubicloud-standard-2-ubuntu-2204
- ubuntu-latest
needs: []
steps:
- uses: actions/checkout@v4
@@ -130,7 +230,7 @@ jobs:
x86_64-linux---release-package:
name: Build x86_64-linux.release-package
runs-on:
- ubicloud-standard-2-ubuntu-2204
- ubuntu-latest
needs:
- x86_64-linux---rosenpass-static
- x86_64-linux---rosenpass-static-oci-image
@@ -149,7 +249,7 @@ jobs:
# aarch64-linux---release-package:
# name: Build aarch64-linux.release-package
# runs-on:
# - ubicloud-standard-2-arm-ubuntu-2204
# - ubuntu-latest
# needs:
# - aarch64-linux---rosenpass-oci-image
# - aarch64-linux---rosenpass
@@ -173,7 +273,7 @@ jobs:
x86_64-linux---rosenpass:
name: Build x86_64-linux.rosenpass
runs-on:
- ubicloud-standard-2-ubuntu-2204
- ubuntu-latest
needs: []
steps:
- uses: actions/checkout@v4
@@ -189,12 +289,12 @@ jobs:
aarch64-linux---rosenpass:
name: Build aarch64-linux.rosenpass
runs-on:
- ubicloud-standard-2-arm-ubuntu-2204
- ubuntu-latest
needs: []
steps:
- run: |
DEBIAN_FRONTEND=noninteractive
sudo apt-get update -q -y && sudo apt-get install -q -y qemu-system-aarch64 qemu-efi-aarch64 binfmt-support qemu-user-static
sudo apt-get update -q -y && sudo apt-get install -q -y qemu-system-aarch64 qemu-efi binfmt-support qemu-user-static
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
@@ -210,12 +310,12 @@ jobs:
aarch64-linux---rp:
name: Build aarch64-linux.rp
runs-on:
- ubicloud-standard-2-arm-ubuntu-2204
- ubuntu-latest
needs: []
steps:
- run: |
DEBIAN_FRONTEND=noninteractive
sudo apt-get update -q -y && sudo apt-get install -q -y qemu-system-aarch64 qemu-efi-aarch64 binfmt-support qemu-user-static
sudo apt-get update -q -y && sudo apt-get install -q -y qemu-system-aarch64 qemu-efi binfmt-support qemu-user-static
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
@@ -231,7 +331,7 @@ jobs:
x86_64-linux---rosenpass-oci-image:
name: Build x86_64-linux.rosenpass-oci-image
runs-on:
- ubicloud-standard-2-ubuntu-2204
- ubuntu-latest
needs:
- x86_64-linux---rosenpass
steps:
@@ -248,13 +348,13 @@ jobs:
aarch64-linux---rosenpass-oci-image:
name: Build aarch64-linux.rosenpass-oci-image
runs-on:
- ubicloud-standard-2-arm-ubuntu-2204
- ubuntu-latest
needs:
- aarch64-linux---rosenpass
steps:
- run: |
DEBIAN_FRONTEND=noninteractive
sudo apt-get update -q -y && sudo apt-get install -q -y qemu-system-aarch64 qemu-efi-aarch64 binfmt-support qemu-user-static
sudo apt-get update -q -y && sudo apt-get install -q -y qemu-system-aarch64 qemu-efi binfmt-support qemu-user-static
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
@@ -270,7 +370,7 @@ jobs:
x86_64-linux---rosenpass-static:
name: Build x86_64-linux.rosenpass-static
runs-on:
- ubicloud-standard-2-ubuntu-2204
- ubuntu-latest
needs: []
steps:
- uses: actions/checkout@v4
@@ -286,7 +386,7 @@ jobs:
x86_64-linux---rp-static:
name: Build x86_64-linux.rp-static
runs-on:
- ubicloud-standard-2-ubuntu-2204
- ubuntu-latest
needs: []
steps:
- uses: actions/checkout@v4
@@ -302,7 +402,7 @@ jobs:
x86_64-linux---rosenpass-static-oci-image:
name: Build x86_64-linux.rosenpass-static-oci-image
runs-on:
- ubicloud-standard-2-ubuntu-2204
- ubuntu-latest
needs:
- x86_64-linux---rosenpass-static
steps:
@@ -319,7 +419,7 @@ jobs:
x86_64-linux---whitepaper:
name: Build x86_64-linux.whitepaper
runs-on:
- ubicloud-standard-2-ubuntu-2204
- ubuntu-latest
needs: []
steps:
- uses: actions/checkout@v4
@@ -335,7 +435,7 @@ jobs:
x86_64-linux---check:
name: Run Nix checks on x86_64-linux
runs-on:
- ubicloud-standard-2-ubuntu-2204
- ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
@@ -349,7 +449,7 @@ jobs:
run: nix flake check . --print-build-logs
x86_64-linux---whitepaper-upload:
name: Upload whitepaper x86_64-linux
runs-on: ubicloud-standard-2-ubuntu-2204
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/main' }}
steps:
- uses: actions/checkout@v4

31
.github/workflows/qc-mac.yaml vendored
View File

@@ -1,31 +0,0 @@
name: QC
on:
push:
branches: [main]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
checks: write
contents: read
jobs:
cargo-test:
runs-on: warp-macos-13-arm64-6x
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
# liboqs requires quite a lot of stack memory, thus we adjust
# the default stack size picked for new threads (which is used
# by `cargo test`) to be _big enough_. Setting it to 8 MiB
- run: RUST_MIN_STACK=8388608 cargo test --workspace --all-features

24
.github/workflows/qc.yaml vendored
View File

@@ -14,7 +14,7 @@ permissions:
jobs:
prettier:
runs-on: ubicloud-standard-2-ubuntu-2204
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actionsx/prettier@v3
@@ -23,7 +23,7 @@ jobs:
shellcheck:
name: Shellcheck
runs-on: ubicloud-standard-2-ubuntu-2204
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run ShellCheck
@@ -31,14 +31,14 @@ jobs:
rustfmt:
name: Rust Format
runs-on: ubicloud-standard-2-ubuntu-2204
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Rust Formatting Script
run: bash format_rust_code.sh --mode check
cargo-bench:
runs-on: ubicloud-standard-2-ubuntu-2204
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v4
@@ -57,7 +57,7 @@ jobs:
mandoc:
name: mandoc
runs-on: ubicloud-standard-2-ubuntu-2204
runs-on: ubuntu-latest
steps:
- name: Install mandoc
run: sudo apt-get install -y mandoc
@@ -66,7 +66,7 @@ jobs:
run: doc/check.sh doc/rp.1
cargo-audit:
runs-on: ubicloud-standard-2-ubuntu-2204
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions-rs/audit-check@v1
@@ -74,7 +74,7 @@ jobs:
token: ${{ secrets.GITHUB_TOKEN }}
cargo-clippy:
runs-on: ubicloud-standard-2-ubuntu-2204
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v4
@@ -93,7 +93,7 @@ jobs:
args: --all-features
cargo-doc:
runs-on: ubicloud-standard-2-ubuntu-2204
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v4
@@ -115,7 +115,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubicloud-standard-2-ubuntu-2204, warp-macos-13-arm64-6x]
os: [ubuntu-latest, macos-13]
# - ubuntu is x86-64
# - macos-13 is also x86-64 architecture
steps:
@@ -136,7 +136,7 @@ jobs:
cargo-test-nix-devshell-x86_64-linux:
runs-on:
- ubicloud-standard-2-ubuntu-2204
- ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v4
@@ -158,7 +158,7 @@ jobs:
- run: nix develop --command cargo test --workspace --all-features
cargo-fuzz:
runs-on: ubicloud-standard-2-ubuntu-2204
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v4
@@ -191,7 +191,7 @@ jobs:
cargo fuzz run fuzz_vec_secret_alloc_memfdsec_mallocfb -- -max_total_time=5
codecov:
runs-on: ubicloud-standard-2-ubuntu-2204
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: rustup default nightly

4
.github/workflows/regressions.yml vendored
View File

@@ -14,7 +14,7 @@ permissions:
jobs:
multi-peer:
runs-on: ubicloud-standard-2-ubuntu-2204
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: cargo build --bin rosenpass --release
@@ -25,7 +25,7 @@ jobs:
[ $(ls -1 output/ate/out | wc -l) -eq 100 ]
boot-race:
runs-on: ubicloud-standard-2-ubuntu-2204
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: cargo build --bin rosenpass --release

25
.github/workflows/release.yaml vendored
View File

@@ -13,6 +13,8 @@ jobs:
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v15
with:
name: rosenpass
@@ -32,6 +34,8 @@ jobs:
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v15
with:
name: rosenpass
@@ -65,24 +69,3 @@ jobs:
draft: ${{ contains(github.ref_name, 'rc') }}
prerelease: ${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') }}
files: result/*
linux-packages:
name: Build and upload DEB and RPM packages
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
- uses: cachix/cachix-action@v15
with:
name: rosenpass
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Build DEB & RPM package
run: |
mkdir packages
for f in $(nix build .#package-deb .#package-rpm --print-out-paths); do cp "$f" "packages/${f#*-}"; done
- name: Release
uses: softprops/action-gh-release@v2
with:
draft: ${{ contains(github.ref_name, 'rc') }}
prerelease: ${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') }}
files: |
packages/*

71
.github/workflows/supply-chain.yml vendored
View File

@@ -1,71 +0,0 @@
name: Supply-Chain
on:
pull_request:
push:
branches: [main]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
cargo-deny:
name: Deny dependencies with vulnerabilities or incompatible licenses
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v2
cargo-supply-chain:
name: Supply Chain Report
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cache/cargo-supply-chain/
key: cargo-supply-chain-cache
- uses: actions/cache@v4
with:
path: ${{ runner.tool_cache }}/cargo-supply-chain
key: cargo-supply-chain-bin
- name: Add the tool cache directory to the search path
run: echo "${{ runner.tool_cache }}/cargo-supply-chain/bin" >> $GITHUB_PATH
- name: Ensure that the tool cache is populated with the cargo-supply-chain binary
run: cargo install --root ${{ runner.tool_cache }}/cargo-supply-chain cargo-supply-chain
- name: Update data for cargo-supply-chain
run: cargo supply-chain update
- name: Generate cargo-supply-chain report about publishers
run: cargo supply-chain publishers
- name: Generate cargo-supply-chain report about crates
run: cargo supply-chain crates
# The setup for cargo-vet follows the recommendations in the cargo-vet documentation: https://mozilla.github.io/cargo-vet/configuring-ci.html
cargo-vet:
name: Vet Dependencies
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
key: cargo-vet-cache
- name: Install stable toolchain # Since we are running/compiling cargo-vet, we should rely on the stable toolchain.
run: |
rustup toolchain install stable
rustup default stable
- uses: actions/cache@v4
with:
path: ${{ runner.tool_cache }}/cargo-vet
key: cargo-vet-bin
- name: Add the tool cache directory to the search path
run: echo "${{ runner.tool_cache }}/cargo-vet/bin" >> $GITHUB_PATH
- name: Ensure that the tool cache is populated with the cargo-vet binary
run: cargo install --root ${{ runner.tool_cache }}/cargo-vet cargo-vet
- name: Invoke cargo-vet
run: cargo vet --locked

1
.gitignore vendored
View File

@@ -25,4 +25,3 @@ _markdown_*
.vscode
/output
.nixos-test-history

847
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

15
Cargo.toml
View File

@@ -50,29 +50,25 @@ log = { version = "0.4.22" }
clap = { version = "4.5.23", features = ["derive"] }
clap_mangen = "0.2.24"
clap_complete = "4.5.40"
serde = { version = "1.0.217", features = ["derive"] }
serde = { version = "1.0.216", features = ["derive"] }
arbitrary = { version = "1.4.1", features = ["derive"] }
anyhow = { version = "1.0.95", features = ["backtrace", "std"] }
anyhow = { version = "1.0.94", features = ["backtrace", "std"] }
mio = { version = "1.0.3", features = ["net", "os-poll"] }
oqs-sys = { version = "0.9.1", default-features = false, features = [
'classic_mceliece',
'kyber',
] }
blake2 = "0.10.6"
sha3 = "0.10.8"
chacha20poly1305 = { version = "0.10.1", default-features = false, features = [
"std",
"heapless",
] }
zerocopy = { version = "0.7.35", features = ["derive"] }
home = "=0.5.9" # 5.11 requires rustc 1.81
home = "0.5.9"
derive_builder = "0.20.1"
tokio = { version = "1.42", features = ["macros", "rt-multi-thread"] }
postcard = { version = "1.1.1", features = ["alloc"] }
libcrux = { version = "0.0.2-pre.2" }
libcrux-chacha20poly1305 = { version = "0.0.2-beta.3" }
libcrux-ml-kem = { version = "0.0.2-beta.3" }
libcrux-blake2 = { git = "https://github.com/cryspen/libcrux.git", rev = "10ce653e9476"}
hex-literal = { version = "0.4.1" }
hex = { version = "0.4.3" }
heck = { version = "0.5.0" }
@@ -86,7 +82,7 @@ tempfile = "3"
stacker = "0.1.17"
libfuzzer-sys = "0.4"
test_bin = "0.4.0"
criterion = "0.5.1"
criterion = "0.4.0"
allocator-api2-tests = "0.2.15"
procspawn = { version = "1.0.1", features = ["test-support"] }
@@ -95,6 +91,3 @@ procspawn = { version = "1.0.1", features = ["test-support"] }
wireguard-uapi = { version = "3.0.0", features = ["xplatform"] }
command-fds = "0.2.3"
rustix = { version = "0.38.42", features = ["net", "fs", "process"] }
futures = "0.3"
futures-util = "0.3"
x25519-dalek = "2"

4
cipher-traits/Cargo.toml
View File

@@ -10,10 +10,8 @@ repository = "https://github.com/rosenpass/rosenpass"
readme = "readme.md"
[dependencies]
thiserror = { workspace = true }
rosenpass-to = { workspace = true }
[dev-dependencies]
rosenpass-oqs = { workspace = true }
rosenpass-secret-memory = { workspace = true }
anyhow = { workspace = true }
anyhow = {workspace = true}

137
cipher-traits/src/algorithms.rs
View File

@@ -1,137 +0,0 @@
//! This module contains the traits for all the cryptographic algorithms used throughout Rosenpass.
//! These traits are marker traits that signal intent. They can also be used for trait objects.
/// Constants and trait for the Incorrect HMAC over Blake2b, with 256 key and hash length.
pub mod keyed_hash_incorrect_hmac_blake2b {
use crate::primitives::keyed_hash::*;
// These constants describe how they are used here, not what the algorithm defines.
/// The key length used in [`KeyedHashIncorrectHmacBlake2b`].
pub const KEY_LEN: usize = 32;
/// The hash length used in [`KeyedHashIncorrectHmacBlake2b`].
pub const HASH_LEN: usize = 32;
/// A [`KeyedHash`] that is an incorrect HMAC over Blake2 (a custom Rosenpass construction)
pub trait KeyedHashIncorrectHmacBlake2b: KeyedHash<KEY_LEN, HASH_LEN> {}
}
/// Constants and trait for Blake2b, with 256 key and hash length.
pub mod keyed_hash_blake2b {
use crate::primitives::keyed_hash::*;
// These constants describe how they are used here, not what the algorithm defines.
/// The key length used in [`KeyedHashBlake2b`].
pub const KEY_LEN: usize = 32;
/// The hash length used in [`KeyedHashBlake2b`].
pub const HASH_LEN: usize = 32;
/// A [`KeyedHash`] that is Blake2b
pub trait KeyedHashBlake2b: KeyedHash<KEY_LEN, HASH_LEN> {}
}
/// Constants and trait for SHAKE256, with 256 key and hash length.
pub mod keyed_hash_shake256 {
use crate::primitives::keyed_hash::*;
// These constants describe how they are used here, not what the algorithm defines.
/// The key length used in [`KeyedHashShake256`].
pub const KEY_LEN: usize = 32;
/// The hash length used in [`KeyedHashShake256`].
pub const HASH_LEN: usize = 32;
/// A [`KeyedHash`] that is SHAKE256.
pub trait KeyedHashShake256: KeyedHash<KEY_LEN, HASH_LEN> {}
}
/// Constants and trait for the ChaCha20Poly1305 AEAD
pub mod aead_chacha20poly1305 {
use crate::primitives::aead::*;
// See https://datatracker.ietf.org/doc/html/rfc7539#section-2.8
/// The key length used in [`AeadChaCha20Poly1305`].
pub const KEY_LEN: usize = 32;
/// The nonce length used in [`AeadChaCha20Poly1305`].
pub const NONCE_LEN: usize = 12;
/// The tag length used in [`AeadChaCha20Poly1305`].
pub const TAG_LEN: usize = 16;
/// An [`Aead`] that is ChaCha20Poly1305.
pub trait AeadChaCha20Poly1305: Aead<KEY_LEN, NONCE_LEN, TAG_LEN> {}
}
/// Constants and trait for the XChaCha20Poly1305 AEAD (i.e. ChaCha20Poly1305 with extended nonce
/// lengths)
pub mod aead_xchacha20poly1305 {
use crate::primitives::aead::*;
// See https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha-03
/// The key length used in [`AeadXChaCha20Poly1305`].
pub const KEY_LEN: usize = 32;
/// The nonce length used in [`AeadXChaCha20Poly1305`].
pub const NONCE_LEN: usize = 24;
/// The tag length used in [`AeadXChaCha20Poly1305`].
pub const TAG_LEN: usize = 16;
/// An [`Aead`] that is XChaCha20Poly1305.
pub trait AeadXChaCha20Poly1305: Aead<KEY_LEN, NONCE_LEN, TAG_LEN> {}
}
/// Constants and trait for the Kyber512 KEM
pub mod kem_kyber512 {
use crate::primitives::kem::*;
// page 39 of https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf
// (which is ml-kem instead of kyber, but it's the same)
/// The secret key length used in [`KemKyber512`].
pub const SK_LEN: usize = 1632;
/// The public key length used in [`KemKyber512`].
pub const PK_LEN: usize = 800;
/// The ciphertext length used in [`KemKyber512`].
pub const CT_LEN: usize = 768;
/// The shared key length used in [`KemKyber512`].
pub const SHK_LEN: usize = 32;
/// A [`Kem`] that is Kyber512.
pub trait KemKyber512: Kem<SK_LEN, PK_LEN, CT_LEN, SHK_LEN> {}
}
/// Constants and trait for the Classic McEliece 460896 KEM
pub mod kem_classic_mceliece460896 {
use crate::primitives::kem::*;
// page 6 of https://classic.mceliece.org/mceliece-impl-20221023.pdf
/// The secret key length used in [`KemClassicMceliece460896`].
pub const SK_LEN: usize = 13608;
/// The public key length used in [`KemClassicMceliece460896`].
pub const PK_LEN: usize = 524160;
/// The ciphertext length used in [`KemClassicMceliece460896`].
pub const CT_LEN: usize = 156;
/// The shared key length used in [`KemClassicMceliece460896`].
pub const SHK_LEN: usize = 32;
/// A [`Kem`] that is ClassicMceliece460896.
pub trait KemClassicMceliece460896: Kem<SK_LEN, PK_LEN, CT_LEN, SHK_LEN> {}
}
pub use aead_chacha20poly1305::AeadChaCha20Poly1305;
pub use aead_xchacha20poly1305::AeadXChaCha20Poly1305;
pub use kem_classic_mceliece460896::KemClassicMceliece460896;
pub use kem_kyber512::KemKyber512;
pub use keyed_hash_blake2b::KeyedHashBlake2b;
pub use keyed_hash_incorrect_hmac_blake2b::KeyedHashIncorrectHmacBlake2b;
pub use keyed_hash_shake256::KeyedHashShake256;

7
cipher-traits/src/lib.rs
View File

@@ -1,5 +1,2 @@
//! This trait contains traits, constants and wrappers that provid= the interface between Rosenpass
//! as a consumer of cryptographic libraries and the implementations of cryptographic algorithms.
pub mod algorithms;
pub mod primitives;
mod kem;
pub use kem::Kem;

10
cipher-traits/src/primitives.rs
View File

@@ -1,10 +0,0 @@
//! Traits for cryptographic primitives used in Rosenpass, specifically KEM, AEAD and keyed
//! hashing.
pub(crate) mod aead;
pub(crate) mod kem;
pub(crate) mod keyed_hash;
pub use aead::{Aead, AeadWithNonceInCiphertext, Error as AeadError};
pub use kem::{Error as KemError, Kem};
pub use keyed_hash::*;

175
cipher-traits/src/primitives/aead.rs
View File

@@ -1,175 +0,0 @@
use rosenpass_to::{ops::copy_slice, To as _};
use thiserror::Error;
/// Models authenticated encryption with assiciated data (AEAD) functionality.
///
/// The methods of this trait take a `&self` argument as a receiver. This has two reasons:
/// 1. It makes type inference a lot smoother
/// 2. It allows to use the functionality through a trait object or having an enum that has
/// variants for multiple options (like e.g. the `KeyedHash` enum in `rosenpass-ciphers`).
///
/// Since the caller needs an instance of the type to use the functionality, implementors are
/// adviced to implement the [`Default`] trait where possible.
///
/// Example for encrypting a message with a specific [`Aead`] instance:
/// ```
/// use rosenpass_cipher_traits::primitives::Aead;
///
/// const KEY_LEN: usize = 32;
/// const NONCE_LEN: usize = 12;
/// const TAG_LEN: usize = 16;
///
/// fn encrypt_message_given_an_aead<AeadImpl>(
/// aead: &AeadImpl,
/// msg: &str,
/// nonce: &[u8; NONCE_LEN],
/// encrypted: &mut [u8]
/// ) where AeadImpl: Aead<KEY_LEN, NONCE_LEN, TAG_LEN> {
/// let key = [0u8; KEY_LEN]; // This is not a secure key!
/// let ad = b""; // we don't need associated data here
/// aead.encrypt(encrypted, &key, nonce, ad, msg.as_bytes()).unwrap();
/// }
/// ```
///
/// If only the type (but no instance) is available, then we can still encrypt, as long as the type
/// also is [`Default`]:
/// ```
/// use rosenpass_cipher_traits::primitives::Aead;
///
/// const KEY_LEN: usize = 32;
/// const NONCE_LEN: usize = 12;
/// const TAG_LEN: usize = 16;
///
/// fn encrypt_message_without_aead<AeadImpl>(
/// msg: &str,
/// nonce: &[u8; NONCE_LEN],
/// encrypted: &mut [u8]
/// ) where AeadImpl: Default + Aead<KEY_LEN, NONCE_LEN, TAG_LEN> {
/// let key = [0u8; KEY_LEN]; // This is not a secure key!
/// let ad = b""; // we don't need associated data here
/// AeadImpl::default().encrypt(encrypted, &key, nonce, ad, msg.as_bytes()).unwrap();
/// }
/// ```
pub trait Aead<const KEY_LEN: usize, const NONCE_LEN: usize, const TAG_LEN: usize> {
const KEY_LEN: usize = KEY_LEN;
const NONCE_LEN: usize = NONCE_LEN;
const TAG_LEN: usize = TAG_LEN;
/// Encrypts `plaintext` using the given `key` and `nonce`, taking into account the additional
/// data `ad` and writes the result into `ciphertext`.
///
/// `ciphertext` must be exactly `TAG_LEN` longer than `plaintext`.
fn encrypt(
&self,
ciphertext: &mut [u8],
key: &[u8; KEY_LEN],
nonce: &[u8; NONCE_LEN],
ad: &[u8],
plaintext: &[u8],
) -> Result<(), Error>;
/// Decrypts `ciphertexttext` using the given `key` and `nonce`, taking into account the additional
/// data `ad` and writes the result into `plaintext`.
///
/// `ciphertext` must be exactly `TAG_LEN` longer than `plaintext`.
fn decrypt(
&self,
plaintext: &mut [u8],
key: &[u8; KEY_LEN],
nonce: &[u8; NONCE_LEN],
ad: &[u8],
ciphertext: &[u8],
) -> Result<(), Error>;
}
/// Provides an AEAD API where the nonce is part of the ciphertext.
///
/// The old xaead API had the ciphertext begin with the `nonce`. In order to not having to change
/// the calling code too much, we add a wrapper trait that provides this API and implement it for
/// all AEAD.
pub trait AeadWithNonceInCiphertext<
const KEY_LEN: usize,
const NONCE_LEN: usize,
const TAG_LEN: usize,
>: Aead<KEY_LEN, NONCE_LEN, TAG_LEN>
{
/// Encrypts `plaintext` using the given `key` and `nonce`, taking into account the additional
/// data `ad` and writes the result into `ciphertext`.
///
/// `ciphertext` must be exactly `TAG_LEN` + `NONCE_LEN` longer than `plaintext`.
fn encrypt_with_nonce_in_ctxt(
&self,
ciphertext: &mut [u8],
key: &[u8; KEY_LEN],
nonce: &[u8; NONCE_LEN],
ad: &[u8],
plaintext: &[u8],
) -> Result<(), Error> {
// The comparison looks complicated, but we need to do it this way to prevent
// over/underflows.
if ciphertext.len() < NONCE_LEN + TAG_LEN
|| ciphertext.len() - TAG_LEN - NONCE_LEN < plaintext.len()
{
return Err(Error::InvalidLengths);
}
let (n, rest) = ciphertext.split_at_mut(NONCE_LEN);
copy_slice(nonce).to(n);
self.encrypt(rest, key, nonce, ad, plaintext)
}
/// Decrypts `ciphertexttext` using the given `key` and `nonce`, taking into account the additional
/// data `ad` and writes the result into `plaintext`.
///
/// `ciphertext` must be exactly `TAG_LEN` + `NONCE_LEN` longer than `plaintext`.
fn decrypt_with_nonce_in_ctxt(
&self,
plaintext: &mut [u8],
key: &[u8; KEY_LEN],
ad: &[u8],
ciphertext: &[u8],
) -> Result<(), Error> {
// The comparison looks complicated, but we need to do it this way to prevent
// over/underflows.
if ciphertext.len() < NONCE_LEN + TAG_LEN
|| ciphertext.len() - TAG_LEN - NONCE_LEN < plaintext.len()
{
return Err(Error::InvalidLengths);
}
let (nonce, rest) = ciphertext.split_at(NONCE_LEN);
// We know this should be the right length (we just split it), and everything else would be
// very unexpected.
let nonce = nonce.try_into().map_err(|_| Error::InternalError)?;
self.decrypt(plaintext, key, nonce, ad, rest)
}
}
impl<
const KEY_LEN: usize,
const NONCE_LEN: usize,
const TAG_LEN: usize,
T: Aead<KEY_LEN, NONCE_LEN, TAG_LEN>,
> AeadWithNonceInCiphertext<KEY_LEN, NONCE_LEN, TAG_LEN> for T
{
}
/// The error returned by AEAD operations
#[derive(Debug, Error)]
pub enum Error {
/// An internal error occurred. This should never be happen and indicates an error in the
/// AEAD implementation.
#[error("internal error")]
InternalError,
/// Could not decrypt a message because the message is not a valid ciphertext for the given
/// key.
#[error("decryption error")]
DecryptError,
/// The provided buffers have the wrong lengths.
#[error("buffers have invalid length")]
InvalidLengths,
}

212
cipher-traits/src/primitives/kem.rs
View File

@@ -1,212 +0,0 @@
//! Traits and implementations for Key Encapsulation Mechanisms (KEMs)
//!
//! KEMs are the interface provided by almost all post-quantum
//! secure key exchange mechanisms.
//!
//! Conceptually KEMs are akin to public-key encryption, but instead of encrypting
//! arbitrary data, KEMs are limited to the transmission of keys, randomly chosen during
//! encapsulation.
//!
//! The [Kem] Trait describes the basic API offered by a Key Encapsulation
//! Mechanism. Two implementations for it are provided:
//! [Kyber512](../../rosenpass_oqs/kyber_512/enum.Kyber512.html) and
//! [ClassicMceliece460896](../../rosenpass_oqs/classic_mceliece_460896/enum.ClassicMceliece460896.html).
//!
//! An example where Alice generates a keypair and gives her public key to Bob, for Bob to
//! encapsulate a symmetric key and Alice to decapsulate it would look as follows.
//! In the example, we are using Kyber512, but any KEM that correctly implements the [Kem]
//! trait could be used as well.
//!```rust
//! use rosenpass_cipher_traits::primitives::Kem;
//! use rosenpass_oqs::Kyber512;
//! # use rosenpass_secret_memory::{secret_policy_use_only_malloc_secrets, Secret};
//!
//! type MyKem = Kyber512;
//! secret_policy_use_only_malloc_secrets();
//! let mut alice_sk: Secret<{ MyKem::SK_LEN }> = Secret::zero();
//! let mut alice_pk: [u8; MyKem::PK_LEN] = [0; MyKem::PK_LEN];
//! MyKem::default().keygen(alice_sk.secret_mut(), &mut alice_pk)?;
//!
//! let mut bob_shk: Secret<{ MyKem::SHK_LEN }> = Secret::zero();
//! let mut bob_ct: [u8; MyKem::CT_LEN] = [0; MyKem::CT_LEN];
//! MyKem::default().encaps(bob_shk.secret_mut(), &mut bob_ct, &mut alice_pk)?;
//!
//! let mut alice_shk: Secret<{ MyKem::SHK_LEN }> = Secret::zero();
//! MyKem::default().decaps(alice_shk.secret_mut(), alice_sk.secret_mut(), &mut bob_ct)?;
//!
//! # assert_eq!(alice_shk.secret(), bob_shk.secret());
//! # Ok::<(), anyhow::Error>(())
//!```
//!
//! Implementing the [Kem]-trait for a KEM is easy. Mostly, you must format the KEM's
//! keys, and ciphertext as `u8` slices. Below, we provide an example for how the trait can
//! be implemented using a **HORRIBLY INSECURE** DummyKem that only uses static values for keys
//! and ciphertexts as an example.
//!```rust
//!# use rosenpass_cipher_traits::primitives::{Kem, KemError as Error};
//!
//! struct DummyKem {}
//! impl Kem<1,1,1,1> for DummyKem {
//!
//! // For this DummyKem, we will use a single `u8` for everything
//! const SK_LEN: usize = 1;
//! const PK_LEN: usize = 1;
//! const CT_LEN: usize = 1;
//! const SHK_LEN: usize = 1;
//!
//! fn keygen(&self, sk: &mut [u8;1], pk: &mut [u8;1]) -> Result<(), Error> {
//! sk[0] = 42;
//! pk[0] = 21;
//! Ok(())
//! }
//!
//! fn encaps(&self, shk: &mut [u8;1], ct: &mut [u8;1], pk: &[u8;1]) -> Result<(), Error> {
//! if pk[0] != 21 {
//! return Err(Error::InvalidArgument);
//! }
//! ct[0] = 7;
//! shk[0] = 17;
//! Ok(())
//! }
//!
//! fn decaps(&self, shk: &mut [u8;1 ], sk: &[u8;1], ct: &[u8;1]) -> Result<(), Error> {
//! if sk[0] != 42 {
//! return Err(Error::InvalidArgument);
//! }
//! if ct[0] != 7 {
//! return Err(Error::InvalidArgument);
//! }
//! shk[0] = 17;
//! Ok(())
//! }
//! }
//!
//! impl Default for DummyKem {
//! fn default() -> Self {
//! Self{}
//! }
//! }
//! # use rosenpass_secret_memory::{secret_policy_use_only_malloc_secrets, Secret};
//! #
//! # type MyKem = DummyKem;
//! # secret_policy_use_only_malloc_secrets();
//! # let mut alice_sk: Secret<{ MyKem::SK_LEN }> = Secret::zero();
//! # let mut alice_pk: [u8; MyKem::PK_LEN] = [0; MyKem::PK_LEN];
//! # MyKem::default().keygen(alice_sk.secret_mut(), &mut alice_pk)?;
//!
//! # let mut bob_shk: Secret<{ MyKem::SHK_LEN }> = Secret::zero();
//! # let mut bob_ct: [u8; MyKem::CT_LEN] = [0; MyKem::CT_LEN];
//! # MyKem::default().encaps(bob_shk.secret_mut(), &mut bob_ct, &mut alice_pk)?;
//! #
//! # let mut alice_shk: Secret<{ MyKem::SHK_LEN }> = Secret::zero();
//! # MyKem::default().decaps(alice_shk.secret_mut(), alice_sk.secret_mut(), &mut bob_ct)?;
//! #
//! # assert_eq!(alice_shk.secret(), bob_shk.secret());
//! #
//! # Ok::<(), Error>(())
//!```
//!
use thiserror::Error;
/// Key Encapsulation Mechanism
///
/// The KEM interface defines three operations: Key generation, key encapsulation and key
/// decapsulation. The parameters are made available as associated constants for convenience.
///
/// The methods of this trait take a `&self` argument as a receiver. This has two reasons:
/// 1. It makes type inference a lot smoother
/// 2. It allows to use the functionality through a trait object or having an enum that has
/// variants for multiple options (like e.g. the `KeyedHash` enum in `rosenpass-ciphers`).
///
/// Since the caller needs an instance of the type to use the functionality, implementors are
/// adviced to implement the [`Default`] trait where possible.
///
/// Example for encrypting a message with a specific [`Kem`] instance:
/// ```
/// use rosenpass_cipher_traits::primitives::Kem;
///
/// const SK_LEN: usize = 1632;
/// const PK_LEN: usize = 800;
/// const CT_LEN: usize = 768;
/// const SHK_LEN: usize = 32;
///
/// fn encaps_given_a_kem<KemImpl>(
/// kem: &KemImpl,
/// pk: &[u8; PK_LEN],
/// ct: &mut [u8; CT_LEN]
/// ) -> [u8; SHK_LEN] where KemImpl: Kem<SK_LEN, PK_LEN, CT_LEN, SHK_LEN>{
/// let mut shk = [0u8; SHK_LEN];
/// kem.encaps(&mut shk, ct, pk).unwrap();
/// shk
/// }
/// ```
///
/// If only the type (but no instance) is available, then we can still use the trait, as long as
/// the type also is [`Default`]:
/// ```
/// use rosenpass_cipher_traits::primitives::Kem;
///
/// const SK_LEN: usize = 1632;
/// const PK_LEN: usize = 800;
/// const CT_LEN: usize = 768;
/// const SHK_LEN: usize = 32;
///
/// fn encaps_without_kem<KemImpl>(
/// pk: &[u8; PK_LEN],
/// ct: &mut [u8; CT_LEN]
/// ) -> [u8; SHK_LEN]
/// where KemImpl: Default + Kem<SK_LEN, PK_LEN, CT_LEN, SHK_LEN> {
/// let mut shk = [0u8; SHK_LEN];
/// KemImpl::default().encaps(&mut shk, ct, pk).unwrap();
/// shk
/// }
/// ```
pub trait Kem<const SK_LEN: usize, const PK_LEN: usize, const CT_LEN: usize, const SHK_LEN: usize> {
/// The length of the secret (decapsulation) key.
const SK_LEN: usize = SK_LEN;
/// The length of the public (encapsulation) key.
const PK_LEN: usize = PK_LEN;
/// The length of the ciphertext.
const CT_LEN: usize = CT_LEN;
/// The legnth of the resulting shared key.
const SHK_LEN: usize = SHK_LEN;
/// Generate a keypair consisting of secret key (`sk`) and public key (`pk`)
///
/// `keygen() -> sk, pk`
fn keygen(&self, sk: &mut [u8; SK_LEN], pk: &mut [u8; PK_LEN]) -> Result<(), Error>;
/// From a public key (`pk`), generate a shared key (`shk`, for local use)
/// and a cipher text (`ct`, to be sent to the owner of the `pk`).
///
/// `encaps(pk) -> shk, ct`
fn encaps(
&self,
shk: &mut [u8; SHK_LEN],
ct: &mut [u8; CT_LEN],
pk: &[u8; PK_LEN],
) -> Result<(), Error>;
/// From a secret key (`sk`) and a cipher text (`ct`) derive a shared key
/// (`shk`)
///
/// `decaps(sk, ct) -> shk`
fn decaps(
&self,
shk: &mut [u8; SHK_LEN],
sk: &[u8; SK_LEN],
ct: &[u8; CT_LEN],
) -> Result<(), Error>;
}
#[derive(Debug, Error)]
pub enum Error {
#[error("invalid argument")]
InvalidArgument,
#[error("internal error")]
InternalError,
}

159
cipher-traits/src/primitives/keyed_hash.rs
View File

@@ -1,159 +0,0 @@
use std::marker::PhantomData;
/// Models a keyed hash function using an associated function (i.e. without `&self` receiver).
pub trait KeyedHash<const KEY_LEN: usize, const HASH_LEN: usize> {
/// The error type used to signal what went wrong.
type Error;
/// Performs a keyed hash using `key` and `data` and writes the output to `out`
fn keyed_hash(
key: &[u8; KEY_LEN],
data: &[u8],
out: &mut [u8; HASH_LEN],
) -> Result<(), Self::Error>;
}
/// Models a keyed hash function using a method (i.e. with a `&self` receiver).
///
/// This makes type inference easier, but also requires having a [`KeyedHashInstance`] value,
/// instead of just the [`KeyedHash`] type.
pub trait KeyedHashInstance<const KEY_LEN: usize, const HASH_LEN: usize> {
/// The error type used to signal what went wrong.
type Error;
/// Performs a keyed hash using `key` and `data` and writes the output to `out`
fn keyed_hash(
&self,
key: &[u8; KEY_LEN],
data: &[u8],
out: &mut [u8; HASH_LEN],
) -> Result<(), Self::Error>;
}
/// This is a helper to allow for type parameter inference when calling functions
/// that need a [KeyedHash].
///
/// Really just binds the [KeyedHash] trait to a dummy variable, so the type of this dummy variable
/// can be used for type inference. Less typing work.
#[derive(Debug, PartialEq, Eq)]
pub struct InferKeyedHash<Static, const KEY_LEN: usize, const HASH_LEN: usize>
where
Static: KeyedHash<KEY_LEN, HASH_LEN>,
{
pub _phantom_keyed_hasher: PhantomData<*const Static>,
}
impl<Static, const KEY_LEN: usize, const HASH_LEN: usize> InferKeyedHash<Static, KEY_LEN, HASH_LEN>
where
Static: KeyedHash<KEY_LEN, HASH_LEN>,
{
pub const KEY_LEN: usize = KEY_LEN;
pub const HASH_LEN: usize = HASH_LEN;
pub const fn new() -> Self {
Self {
_phantom_keyed_hasher: PhantomData,
}
}
/// This just forwards to [KeyedHash::keyed_hash] of the type parameter `Static`
fn keyed_hash_internal<'a>(
&self,
key: &'a [u8; KEY_LEN],
data: &'a [u8],
out: &mut [u8; HASH_LEN],
) -> Result<(), Static::Error> {
Static::keyed_hash(key, data, out)
}
/// Returns the key length of the keyed hash function.
pub const fn key_len(self) -> usize {
Self::KEY_LEN
}
/// Returns the hash length of the keyed hash function.
pub const fn hash_len(self) -> usize {
Self::HASH_LEN
}
}
impl<const KEY_LEN: usize, const HASH_LEN: usize, Static: KeyedHash<KEY_LEN, HASH_LEN>>
KeyedHashInstance<KEY_LEN, HASH_LEN> for InferKeyedHash<Static, KEY_LEN, HASH_LEN>
{
type Error = Static::Error;
fn keyed_hash(
&self,
key: &[u8; KEY_LEN],
data: &[u8],
out: &mut [u8; HASH_LEN],
) -> Result<(), Static::Error> {
self.keyed_hash_internal(key, data, out)
}
}
// Helper traits /////////////////////////////////////////////
impl<Static, const KEY_LEN: usize, const OUT_LEN: usize> Default
for InferKeyedHash<Static, KEY_LEN, OUT_LEN>
where
Static: KeyedHash<KEY_LEN, OUT_LEN>,
{
fn default() -> Self {
Self::new()
}
}
impl<Static, const KEY_LEN: usize, const OUT_LEN: usize> Clone
for InferKeyedHash<Static, KEY_LEN, OUT_LEN>
where
Static: KeyedHash<KEY_LEN, OUT_LEN>,
{
fn clone(&self) -> Self {
*self
}
}
impl<Static, const KEY_LEN: usize, const OUT_LEN: usize> Copy
for InferKeyedHash<Static, KEY_LEN, OUT_LEN>
where
Static: KeyedHash<KEY_LEN, OUT_LEN>,
{
}
use rosenpass_to::{with_destination, To};
/// Extends the [`KeyedHash`] trait with a [`To`]-flavoured function.
pub trait KeyedHashTo<const KEY_LEN: usize, const HASH_LEN: usize>:
KeyedHash<KEY_LEN, HASH_LEN>
{
fn keyed_hash_to(
key: &[u8; KEY_LEN],
data: &[u8],
) -> impl To<[u8; HASH_LEN], Result<(), Self::Error>> {
with_destination(|out| Self::keyed_hash(key, data, out))
}
}
impl<const KEY_LEN: usize, const HASH_LEN: usize, T: KeyedHash<KEY_LEN, HASH_LEN>>
KeyedHashTo<KEY_LEN, HASH_LEN> for T
{
}
/// Extends the [`KeyedHashInstance`] trait with a [`To`]-flavoured function.
pub trait KeyedHashInstanceTo<const KEY_LEN: usize, const HASH_LEN: usize>:
KeyedHashInstance<KEY_LEN, HASH_LEN>
{
fn keyed_hash_to(
&self,
key: &[u8; KEY_LEN],
data: &[u8],
) -> impl To<[u8; HASH_LEN], Result<(), Self::Error>> {
with_destination(|out| self.keyed_hash(key, data, out))
}
}
impl<const KEY_LEN: usize, const HASH_LEN: usize, T: KeyedHashInstance<KEY_LEN, HASH_LEN>>
KeyedHashInstanceTo<KEY_LEN, HASH_LEN> for T
{
}

27
ciphers/Cargo.toml
View File

@@ -10,19 +10,7 @@ repository = "https://github.com/rosenpass/rosenpass"
readme = "readme.md"
[features]
experiment_libcrux_all = [
"experiment_libcrux_blake2",
"experiment_libcrux_chachapoly",
"experiment_libcrux_chachapoly_test",
"experiment_libcrux_kyber",
]
experiment_libcrux_blake2 = ["dep:libcrux-blake2", "dep:thiserror"]
experiment_libcrux_chachapoly = ["dep:libcrux-chacha20poly1305"]
experiment_libcrux_chachapoly_test = [
"experiment_libcrux_chachapoly",
"dep:libcrux",
]
experiment_libcrux_kyber = ["dep:libcrux-ml-kem", "dep:rand"]
experiment_libcrux = ["dep:libcrux"]
[dependencies]
anyhow = { workspace = true }
@@ -31,21 +19,8 @@ rosenpass-constant-time = { workspace = true }
rosenpass-secret-memory = { workspace = true }
rosenpass-oqs = { workspace = true }
rosenpass-util = { workspace = true }
rosenpass-cipher-traits = { workspace = true }
static_assertions = { workspace = true }
zeroize = { workspace = true }
chacha20poly1305 = { workspace = true }
blake2 = { workspace = true }
sha3 = { workspace = true }
rand = { workspace = true, optional = true }
thiserror = { workspace = true, optional = true }
libcrux-chacha20poly1305 = { workspace = true, optional = true }
libcrux-blake2 = { workspace = true, optional = true }
libcrux-ml-kem = { workspace = true, optional = true, features = ["kyber"] }
# this one is only used in testing, so it requires the `experiment_libcrux_chachapoly_test` feature.
libcrux = { workspace = true, optional = true }
[dev-dependencies]
rand = { workspace = true }

137
ciphers/src/hash_domain.rs
View File

@@ -1,75 +1,74 @@
//!
//!```rust
//! # use rosenpass_ciphers::hash_domain::{HashDomain, HashDomainNamespace, SecretHashDomain, SecretHashDomainNamespace};
//! use rosenpass_ciphers::KeyedHash;
//! use rosenpass_secret_memory::Secret;
//! # rosenpass_secret_memory::secret_policy_use_only_malloc_secrets();
//!
//! const PROTOCOL_IDENTIFIER: &str = "MY_PROTOCOL:IDENTIFIER";
//! // create use once hash domain for the protocol identifier
//! let mut hash_domain = HashDomain::zero(KeyedHash::keyed_shake256());
//! hash_domain = hash_domain.mix(PROTOCOL_IDENTIFIER.as_bytes())?;
//! // upgrade to reusable hash domain
//! let hash_domain_namespace: HashDomainNamespace = hash_domain.dup();
//! // derive new key
//! let key_identifier = "my_key_identifier";
//! let key = hash_domain_namespace.mix(key_identifier.as_bytes())?.into_value();
//! // derive a new key based on a secret
//! const MY_SECRET_LEN: usize = 21;
//! let my_secret_bytes = "my super duper secret".as_bytes();
//! let my_secret: Secret<21> = Secret::from_slice("my super duper secret".as_bytes());
//! let secret_hash_domain: SecretHashDomain = hash_domain_namespace.mix_secret(my_secret)?;
//! // derive a new key based on the secret key
//! let new_key_identifier = "my_new_key_identifier".as_bytes();
//! let new_key = secret_hash_domain.mix(new_key_identifier)?.into_secret();
//!
//! # Ok::<(), anyhow::Error>(())
//!```
//!
use anyhow::Result;
use rosenpass_secret_memory::Secret;
use rosenpass_to::To as _;
use rosenpass_to::To;
pub use crate::{KeyedHash, KEY_LEN};
use crate::keyed_hash as hash;
use rosenpass_cipher_traits::primitives::KeyedHashInstanceTo;
pub use hash::KEY_LEN;
///
///```rust
/// # use rosenpass_ciphers::hash_domain::{HashDomain, HashDomainNamespace, SecretHashDomain, SecretHashDomainNamespace};
/// use rosenpass_secret_memory::Secret;
/// # rosenpass_secret_memory::secret_policy_use_only_malloc_secrets();
///
/// const PROTOCOL_IDENTIFIER: &str = "MY_PROTOCOL:IDENTIFIER";
/// // create use once hash domain for the protocol identifier
/// let mut hash_domain = HashDomain::zero();
/// hash_domain = hash_domain.mix(PROTOCOL_IDENTIFIER.as_bytes())?;
/// // upgrade to reusable hash domain
/// let hash_domain_namespace: HashDomainNamespace = hash_domain.dup();
/// // derive new key
/// let key_identifier = "my_key_identifier";
/// let key = hash_domain_namespace.mix(key_identifier.as_bytes())?.into_value();
/// // derive a new key based on a secret
/// const MY_SECRET_LEN: usize = 21;
/// let my_secret_bytes = "my super duper secret".as_bytes();
/// let my_secret: Secret<21> = Secret::from_slice("my super duper secret".as_bytes());
/// let secret_hash_domain: SecretHashDomain = hash_domain_namespace.mix_secret(my_secret)?;
/// // derive a new key based on the secret key
/// let new_key_identifier = "my_new_key_identifier".as_bytes();
/// let new_key = secret_hash_domain.mix(new_key_identifier)?.into_secret();
///
/// # Ok::<(), anyhow::Error>(())
///```
///
// TODO Use a proper Dec interface
/// A use-once hash domain for a specified key that can be used directly.
/// The key must consist of [KEY_LEN] many bytes. If the key must remain secret,
/// use [SecretHashDomain] instead.
#[derive(Clone, Debug)]
pub struct HashDomain([u8; KEY_LEN], KeyedHash);
pub struct HashDomain([u8; KEY_LEN]);
/// A reusable hash domain for a namespace identified by the key.
/// The key must consist of [KEY_LEN] many bytes. If the key must remain secret,
/// use [SecretHashDomainNamespace] instead.
#[derive(Clone, Debug)]
pub struct HashDomainNamespace([u8; KEY_LEN], KeyedHash);
pub struct HashDomainNamespace([u8; KEY_LEN]);
/// A use-once hash domain for a specified key that can be used directly
/// by wrapping it in [Secret]. The key must consist of [KEY_LEN] many bytes.
#[derive(Clone, Debug)]
pub struct SecretHashDomain(Secret<KEY_LEN>, KeyedHash);
pub struct SecretHashDomain(Secret<KEY_LEN>);
/// A reusable secure hash domain for a namespace identified by the key and that keeps the key secure
/// by wrapping it in [Secret]. The key must consist of [KEY_LEN] many bytes.
#[derive(Clone, Debug)]
pub struct SecretHashDomainNamespace(Secret<KEY_LEN>, KeyedHash);
pub struct SecretHashDomainNamespace(Secret<KEY_LEN>);
impl HashDomain {
/// Creates a nw [HashDomain] initialized with a all-zeros key.
pub fn zero(choice: KeyedHash) -> Self {
Self([0u8; KEY_LEN], choice)
pub fn zero() -> Self {
Self([0u8; KEY_LEN])
}
/// Turns this [HashDomain] into a [HashDomainNamespace], keeping the key.
pub fn dup(self) -> HashDomainNamespace {
HashDomainNamespace(self.0, self.1)
HashDomainNamespace(self.0)
}
/// Turns this [HashDomain] into a [SecretHashDomain] by wrapping the key into a [Secret]
/// and creating a new [SecretHashDomain] from it.
pub fn turn_secret(self) -> SecretHashDomain {
SecretHashDomain(Secret::from_slice(&self.0), self.1)
SecretHashDomain(Secret::from_slice(&self.0))
}
// TODO: Protocol! Use domain separation to ensure that
@@ -78,16 +77,14 @@ impl HashDomain {
/// as the `data` and uses the result as the key for the new [HashDomain].
///
pub fn mix(self, v: &[u8]) -> Result<Self> {
let mut new_key: [u8; KEY_LEN] = [0u8; KEY_LEN];
self.1.keyed_hash_to(&self.0, v).to(&mut new_key)?;
Ok(Self(new_key, self.1))
Ok(Self(hash::hash(&self.0, v).collect::<[u8; KEY_LEN]>()?))
}
/// Creates a new [SecretHashDomain] by mixing in a new key `v`
/// by calling [SecretHashDomain::invoke_primitive] with this
/// [HashDomain]'s key as `k` and `v` as `d`.
pub fn mix_secret<const N: usize>(self, v: Secret<N>) -> Result<SecretHashDomain> {
SecretHashDomain::invoke_primitive(&self.0, v.secret(), self.1)
SecretHashDomain::invoke_primitive(&self.0, v.secret())
}
/// Gets the key of this [HashDomain].
@@ -101,9 +98,9 @@ impl HashDomainNamespace {
/// it evaluates [hash::hash] with the key of this HashDomainNamespace key as the key and `v`
/// as the `data` and uses the result as the key for the new [HashDomain].
pub fn mix(&self, v: &[u8]) -> Result<HashDomain> {
let mut new_key: [u8; KEY_LEN] = [0u8; KEY_LEN];
self.1.keyed_hash_to(&self.0, v).to(&mut new_key)?;
Ok(HashDomain(new_key, self.1.clone()))
Ok(HashDomain(
hash::hash(&self.0, v).collect::<[u8; KEY_LEN]>()?,
))
}
/// Creates a new [SecretHashDomain] by mixing in a new key `v`
@@ -112,7 +109,7 @@ impl HashDomainNamespace {
///
/// It requires that `v` consists of exactly [KEY_LEN] many bytes.
pub fn mix_secret<const N: usize>(&self, v: Secret<N>) -> Result<SecretHashDomain> {
SecretHashDomain::invoke_primitive(&self.0, v.secret(), self.1.clone())
SecretHashDomain::invoke_primitive(&self.0, v.secret())
}
}
@@ -121,35 +118,27 @@ impl SecretHashDomain {
/// [hash::hash] with `k` as the `key` and `d` s the `data`, and using the result
/// as the content for the new [SecretHashDomain].
/// Both `k` and `d` have to be exactly [KEY_LEN] bytes in length.
/// TODO: docu
pub fn invoke_primitive(
k: &[u8],
d: &[u8],
hash_choice: KeyedHash,
) -> Result<SecretHashDomain> {
let mut new_secret_key = Secret::zero();
hash_choice
.keyed_hash_to(k.try_into()?, d)
.to(new_secret_key.secret_mut())?;
let r = SecretHashDomain(new_secret_key, hash_choice);
pub fn invoke_primitive(k: &[u8], d: &[u8]) -> Result<SecretHashDomain> {
let mut r = SecretHashDomain(Secret::zero());
hash::hash(k, d).to(r.0.secret_mut())?;
Ok(r)
}
/// Creates a new [SecretHashDomain] that is initialized with an all zeros key.
pub fn zero(hash_choice: KeyedHash) -> Self {
Self(Secret::zero(), hash_choice)
pub fn zero() -> Self {
Self(Secret::zero())
}
/// Turns this [SecretHashDomain] into a [SecretHashDomainNamespace].
pub fn dup(self) -> SecretHashDomainNamespace {
SecretHashDomainNamespace(self.0, self.1)
SecretHashDomainNamespace(self.0)
}
/// Creates a new [SecretHashDomain] from a [Secret] `k`.
///
/// It requires that `k` consist of exactly [KEY_LEN] bytes.
pub fn danger_from_secret(k: Secret<KEY_LEN>, hash_choice: KeyedHash) -> Self {
Self(k, hash_choice)
pub fn danger_from_secret(k: Secret<KEY_LEN>) -> Self {
Self(k)
}
/// Creates a new [SecretHashDomain] by mixing in a new key `v`. Specifically,
@@ -158,7 +147,7 @@ impl SecretHashDomain {
///
/// It requires that `v` consists of exactly [KEY_LEN] many bytes.
pub fn mix(self, v: &[u8]) -> Result<SecretHashDomain> {
Self::invoke_primitive(self.0.secret(), v, self.1)
Self::invoke_primitive(self.0.secret(), v)
}
/// Creates a new [SecretHashDomain] by mixing in a new key `v`
@@ -167,13 +156,21 @@ impl SecretHashDomain {
///
/// It requires that `v` consists of exactly [KEY_LEN] many bytes.
pub fn mix_secret<const N: usize>(self, v: Secret<N>) -> Result<SecretHashDomain> {
Self::invoke_primitive(self.0.secret(), v.secret(), self.1)
Self::invoke_primitive(self.0.secret(), v.secret())
}
/// Get the secret key data from this [SecretHashDomain].
pub fn into_secret(self) -> Secret<KEY_LEN> {
self.0
}
/// Evaluate [hash::hash] with this [SecretHashDomain]'s data as the `key` and
/// `dst` as the `data` and stores the result as the new data for this [SecretHashDomain].
///
/// It requires that both `v` and `d` consist of exactly [KEY_LEN] many bytes.
pub fn into_secret_slice(mut self, v: &[u8], dst: &[u8]) -> Result<()> {
hash::hash(v, dst).to(self.0.secret_mut())
}
}
impl SecretHashDomainNamespace {
@@ -183,7 +180,7 @@ impl SecretHashDomainNamespace {
///
/// It requires that `v` consists of exactly [KEY_LEN] many bytes.
pub fn mix(&self, v: &[u8]) -> Result<SecretHashDomain> {
SecretHashDomain::invoke_primitive(self.0.secret(), v, self.1.clone())
SecretHashDomain::invoke_primitive(self.0.secret(), v)
}
/// Creates a new [SecretHashDomain] by mixing in a new key `v`
@@ -192,7 +189,7 @@ impl SecretHashDomainNamespace {
///
/// It requires that `v` consists of exactly [KEY_LEN] many bytes.
pub fn mix_secret<const N: usize>(&self, v: Secret<N>) -> Result<SecretHashDomain> {
SecretHashDomain::invoke_primitive(self.0.secret(), v.secret(), self.1.clone())
SecretHashDomain::invoke_primitive(self.0.secret(), v.secret())
}
// TODO: This entire API is not very nice; we need this for biscuits, but
@@ -202,8 +199,4 @@ impl SecretHashDomainNamespace {
pub fn danger_into_secret(self) -> Secret<KEY_LEN> {
self.0
}
pub fn keyed_hash(&self) -> &KeyedHash {
&self.1
}
}

61
ciphers/src/lib.rs
View File

@@ -1,12 +1,11 @@
use rosenpass_cipher_traits::primitives::Aead as AeadTrait;
use static_assertions::const_assert;
pub mod subtle;
/// All keyed primitives in this crate use 32 byte keys
pub const KEY_LEN: usize = 32;
const_assert!(KEY_LEN == Aead::KEY_LEN);
const_assert!(KEY_LEN == XAead::KEY_LEN);
const_assert!(KEY_LEN == aead::KEY_LEN);
const_assert!(KEY_LEN == xaead::KEY_LEN);
const_assert!(KEY_LEN == hash_domain::KEY_LEN);
/// Keyed hashing
@@ -14,33 +13,41 @@ const_assert!(KEY_LEN == hash_domain::KEY_LEN);
/// This should only be used for implementation details; anything with relevance
/// to the cryptographic protocol should use the facilities in [hash_domain], (though
/// hash domain uses this module internally)
pub use crate::subtle::keyed_hash::KeyedHash;
pub mod keyed_hash {
pub use crate::subtle::incorrect_hmac_blake2b::{
hash, KEY_LEN, KEY_MAX, KEY_MIN, OUT_MAX, OUT_MIN,
};
}
/// Authenticated encryption with associated data (AEAD)
/// Authenticated encryption with associated data
/// Chacha20poly1305 is used.
#[cfg(feature = "experiment_libcrux_chachapoly")]
pub use subtle::libcrux::chacha20poly1305_ietf::ChaCha20Poly1305 as Aead;
pub mod aead {
#[cfg(not(feature = "experiment_libcrux"))]
pub use crate::subtle::chacha20poly1305_ietf::{decrypt, encrypt, KEY_LEN, NONCE_LEN, TAG_LEN};
#[cfg(feature = "experiment_libcrux")]
pub use crate::subtle::chacha20poly1305_ietf_libcrux::{
decrypt, encrypt, KEY_LEN, NONCE_LEN, TAG_LEN,
};
}
/// Authenticated encryption with associated data (AEAD)
/// Chacha20poly1305 is used.
#[cfg(not(feature = "experiment_libcrux_chachapoly"))]
pub use crate::subtle::rust_crypto::chacha20poly1305_ietf::ChaCha20Poly1305 as Aead;
/// Authenticated encryption with associated data with a extended-length nonce (XAEAD)
/// Authenticated encryption with associated data with a constant nonce
/// XChacha20poly1305 is used.
pub use crate::subtle::rust_crypto::xchacha20poly1305_ietf::XChaCha20Poly1305 as XAead;
/// Use Classic-McEcliece-460986 as the Static KEM.
///
/// See [rosenpass_oqs::ClassicMceliece460896] for more details.
pub use rosenpass_oqs::ClassicMceliece460896 as StaticKem;
/// Use Kyber-512 as the Static KEM
///
/// See [rosenpass_oqs::Kyber512] for more details.
#[cfg(not(feature = "experiment_libcrux_kyber"))]
pub use rosenpass_oqs::Kyber512 as EphemeralKem;
#[cfg(feature = "experiment_libcrux_kyber")]
pub use subtle::libcrux::kyber512::Kyber512 as EphemeralKem;
pub mod xaead {
pub use crate::subtle::xchacha20poly1305_ietf::{
decrypt, encrypt, KEY_LEN, NONCE_LEN, TAG_LEN,
};
}
pub mod hash_domain;
/// This crate includes two key encapsulation mechanisms.
/// Namely ClassicMceliece460896 (also referred to as `StaticKem` sometimes) and
/// Kyber512 (also referred to as `EphemeralKem` sometimes).
///
/// See [rosenpass_oqs::ClassicMceliece460896]
/// and [rosenpass_oqs::Kyber512] for more details on the specific KEMS.
///
pub mod kem {
pub use rosenpass_oqs::ClassicMceliece460896 as StaticKem;
pub use rosenpass_oqs::Kyber512 as EphemeralKem;
}

65
ciphers/src/subtle/blake2b.rs Normal file
View File

@@ -0,0 +1,65 @@
use zeroize::Zeroizing;
use blake2::digest::crypto_common::generic_array::GenericArray;
use blake2::digest::crypto_common::typenum::U32;
use blake2::digest::crypto_common::KeySizeUser;
use blake2::digest::{FixedOutput, Mac, OutputSizeUser};
use blake2::Blake2bMac;
use rosenpass_to::{ops::copy_slice, with_destination, To};
use rosenpass_util::typenum2const;
/// Specify that the used implementation of BLAKE2b is the MAC version of BLAKE2b
/// with output and key length of 32 bytes (see [Blake2bMac]).
type Impl = Blake2bMac<U32>;
type KeyLen = <Impl as KeySizeUser>::KeySize;
type OutLen = <Impl as OutputSizeUser>::OutputSize;
/// The key length for BLAKE2b supported by this API. Currently 32 Bytes.
const KEY_LEN: usize = typenum2const! { KeyLen };
/// The output length for BLAKE2b supported by this API. Currently 32 Bytes.
const OUT_LEN: usize = typenum2const! { OutLen };
/// Minimal key length supported by this API.
pub const KEY_MIN: usize = KEY_LEN;
/// maximal key length supported by this API.
pub const KEY_MAX: usize = KEY_LEN;
/// minimal output length supported by this API.
pub const OUT_MIN: usize = OUT_LEN;
/// maximal output length supported by this API.
pub const OUT_MAX: usize = OUT_LEN;
/// Hashes the given `data` with the [Blake2bMac] hash function under the given `key`.
/// The both the length of the output the length of the key 32 bytes (or 256 bits).
///
/// # Examples
///
///```rust
/// # use rosenpass_ciphers::subtle::blake2b::hash;
/// use rosenpass_to::To;
/// let zero_key: [u8; 32] = [0; 32];
/// let data: [u8; 32] = [255; 32];
/// // buffer for the hash output
/// let mut hash_data: [u8; 32] = [0u8; 32];
///
/// assert!(hash(&zero_key, &data).to(&mut hash_data).is_ok(), "Hashing has to return OK result");
///```
///
#[inline]
pub fn hash<'a>(key: &'a [u8], data: &'a [u8]) -> impl To<[u8], anyhow::Result<()>> + 'a {
with_destination(|out: &mut [u8]| {
let mut h = Impl::new_from_slice(key)?;
h.update(data);
// Jesus christ, blake2 crate, your usage of GenericArray might be nice and fancy
// but it introduces a ton of complexity. This cost me half an hour just to figure
// out the right way to use the imports while allowing for zeroization.
// An API based on slices might actually be simpler.
let mut tmp = Zeroizing::new([0u8; OUT_LEN]);
let tmp = GenericArray::from_mut_slice(tmp.as_mut());
h.finalize_into(tmp);
copy_slice(tmp.as_ref()).to(out);
Ok(())
})
}

99
ciphers/src/subtle/chacha20poly1305_ietf.rs Normal file
View File

@@ -0,0 +1,99 @@
use rosenpass_to::ops::copy_slice;
use rosenpass_to::To;
use rosenpass_util::typenum2const;
use chacha20poly1305::aead::generic_array::GenericArray;
use chacha20poly1305::ChaCha20Poly1305 as AeadImpl;
use chacha20poly1305::{AeadCore, AeadInPlace, KeyInit, KeySizeUser};
/// The key length is 32 bytes or 256 bits.
pub const KEY_LEN: usize = typenum2const! { <AeadImpl as KeySizeUser>::KeySize };
/// The MAC tag length is 16 bytes or 128 bits.
pub const TAG_LEN: usize = typenum2const! { <AeadImpl as AeadCore>::TagSize };
/// The nonce length is 12 bytes or 96 bits.
pub const NONCE_LEN: usize = typenum2const! { <AeadImpl as AeadCore>::NonceSize };
/// Encrypts using ChaCha20Poly1305 as implemented in [RustCrypto](https://github.com/RustCrypto/AEADs/tree/master/chacha20poly1305).
/// `key` MUST be chosen (pseudo-)randomly and `nonce` MOST NOT be reused. The `key` slice MUST have
/// a length of [KEY_LEN]. The `nonce` slice MUST have a length of [NONCE_LEN]. The last [TAG_LEN] bytes
/// written in `ciphertext` are the tag guaranteeing integrity. `ciphertext` MUST have a capacity of
/// `plaintext.len()` + [TAG_LEN].
///
/// # Examples
///```rust
/// # use rosenpass_ciphers::subtle::chacha20poly1305_ietf::{encrypt, TAG_LEN, KEY_LEN, NONCE_LEN};
///
/// const PLAINTEXT_LEN: usize = 43;
/// let plaintext = "post-quantum cryptography is very important".as_bytes();
/// assert_eq!(PLAINTEXT_LEN, plaintext.len());
/// let key: &[u8] = &[0u8; KEY_LEN]; // THIS IS NOT A SECURE KEY
/// let nonce: &[u8] = &[0u8; NONCE_LEN]; // THIS IS NOT A SECURE NONCE
/// let additional_data: &[u8] = "the encrypted message is very important".as_bytes();
/// let mut ciphertext_buffer = [0u8;PLAINTEXT_LEN + TAG_LEN];
///
/// let res: anyhow::Result<()> = encrypt(&mut ciphertext_buffer, key, nonce, additional_data, plaintext);
/// assert!(res.is_ok());
/// # let expected_ciphertext: &[u8] = &[239, 104, 148, 202, 120, 32, 77, 27, 246, 206, 226, 17,
/// # 83, 78, 122, 116, 187, 123, 70, 199, 58, 130, 21, 1, 107, 230, 58, 77, 18, 152, 31, 159, 80,
/// # 151, 72, 27, 236, 137, 60, 55, 180, 31, 71, 97, 199, 12, 60, 155, 70, 221, 225, 110, 132, 191,
/// # 8, 114, 85, 4, 25];
/// # assert_eq!(expected_ciphertext, &ciphertext_buffer);
///```
#[inline]
pub fn encrypt(
ciphertext: &mut [u8],
key: &[u8],
nonce: &[u8],
ad: &[u8],
plaintext: &[u8],
) -> anyhow::Result<()> {
let nonce = GenericArray::from_slice(nonce);
let (ct, mac) = ciphertext.split_at_mut(ciphertext.len() - TAG_LEN);
copy_slice(plaintext).to(ct);
let mac_value = AeadImpl::new_from_slice(key)?.encrypt_in_place_detached(nonce, ad, ct)?;
copy_slice(&mac_value[..]).to(mac);
Ok(())
}
/// Decrypts a `ciphertext` and verifies the integrity of the `ciphertext` and the additional data
/// `ad`. using ChaCha20Poly1305 as implemented in [RustCrypto](https://github.com/RustCrypto/AEADs/tree/master/chacha20poly1305).
///
/// The `key` slice MUST have a length of [KEY_LEN]. The `nonce` slice MUST have a length of
/// [NONCE_LEN]. The plaintext buffer must have a capacity of `ciphertext.len()` - [TAG_LEN].
///
/// # Examples
///```rust
/// # use rosenpass_ciphers::subtle::chacha20poly1305_ietf::{decrypt, TAG_LEN, KEY_LEN, NONCE_LEN};
/// let ciphertext: &[u8] = &[239, 104, 148, 202, 120, 32, 77, 27, 246, 206, 226, 17,
/// 83, 78, 122, 116, 187, 123, 70, 199, 58, 130, 21, 1, 107, 230, 58, 77, 18, 152, 31, 159, 80,
/// 151, 72, 27, 236, 137, 60, 55, 180, 31, 71, 97, 199, 12, 60, 155, 70, 221, 225, 110, 132, 191,
/// 8, 114, 85, 4, 25]; // this is the ciphertext generated by the example for the encryption
/// const PLAINTEXT_LEN: usize = 43;
/// assert_eq!(PLAINTEXT_LEN + TAG_LEN, ciphertext.len());
///
/// let key: &[u8] = &[0u8; KEY_LEN]; // THIS IS NOT A SECURE KEY
/// let nonce: &[u8] = &[0u8; NONCE_LEN]; // THIS IS NOT A SECURE NONCE
/// let additional_data: &[u8] = "the encrypted message is very important".as_bytes();
/// let mut plaintext_buffer = [0u8; PLAINTEXT_LEN];
///
/// let res: anyhow::Result<()> = decrypt(&mut plaintext_buffer, key, nonce, additional_data, ciphertext);
/// assert!(res.is_ok());
/// let expected_plaintext = "post-quantum cryptography is very important".as_bytes();
/// assert_eq!(expected_plaintext, plaintext_buffer);
///
///```
#[inline]
pub fn decrypt(
plaintext: &mut [u8],
key: &[u8],
nonce: &[u8],
ad: &[u8],
ciphertext: &[u8],
) -> anyhow::Result<()> {
let nonce = GenericArray::from_slice(nonce);
let (ct, mac) = ciphertext.split_at(ciphertext.len() - TAG_LEN);
let tag = GenericArray::from_slice(mac);
copy_slice(ct).to(plaintext);
AeadImpl::new_from_slice(key)?.decrypt_in_place_detached(nonce, ad, plaintext, tag)?;
Ok(())
}

117
ciphers/src/subtle/chacha20poly1305_ietf_libcrux.rs Normal file
View File

@@ -0,0 +1,117 @@
use rosenpass_to::ops::copy_slice;
use rosenpass_to::To;
use zeroize::Zeroize;
/// The key length is 32 bytes or 256 bits.
pub const KEY_LEN: usize = 32; // Grrrr! Libcrux, please provide me these constants.
/// The MAC tag length is 16 bytes or 128 bits.
pub const TAG_LEN: usize = 16;
/// The nonce length is 12 bytes or 96 bits.
pub const NONCE_LEN: usize = 12;
/// Encrypts using ChaCha20Poly1305 as implemented in [libcrux](https://github.com/cryspen/libcrux).
/// Key and nonce MUST be chosen (pseudo-)randomly. The `key` slice MUST have a length of
/// [KEY_LEN]. The `nonce` slice MUST have a length of [NONCE_LEN]. The last [TAG_LEN] bytes
/// written in `ciphertext` are the tag guaranteeing integrity. `ciphertext` MUST have a capacity of
/// `plaintext.len()` + [TAG_LEN].
///
/// # Examples
///```rust
/// # use rosenpass_ciphers::subtle::chacha20poly1305_ietf_libcrux::{encrypt, TAG_LEN, KEY_LEN, NONCE_LEN};
///
/// const PLAINTEXT_LEN: usize = 43;
/// let plaintext = "post-quantum cryptography is very important".as_bytes();
/// assert_eq!(PLAINTEXT_LEN, plaintext.len());
/// let key: &[u8] = &[0u8; KEY_LEN]; // THIS IS NOT A SECURE KEY
/// let nonce: &[u8] = &[0u8; NONCE_LEN]; // THIS IS NOT A SECURE NONCE
/// let additional_data: &[u8] = "the encrypted message is very important".as_bytes();
/// let mut ciphertext_buffer = [0u8; PLAINTEXT_LEN + TAG_LEN];
///
/// let res: anyhow::Result<()> = encrypt(&mut ciphertext_buffer, key, nonce, additional_data, plaintext);
/// assert!(res.is_ok());
/// # let expected_ciphertext: &[u8] = &[239, 104, 148, 202, 120, 32, 77, 27, 246, 206, 226, 17,
/// # 83, 78, 122, 116, 187, 123, 70, 199, 58, 130, 21, 1, 107, 230, 58, 77, 18, 152, 31, 159, 80,
/// # 151, 72, 27, 236, 137, 60, 55, 180, 31, 71, 97, 199, 12, 60, 155, 70, 221, 225, 110, 132, 191,
/// # 8, 114, 85, 4, 25];
/// # assert_eq!(expected_ciphertext, &ciphertext_buffer);
///```
///
#[inline]
pub fn encrypt(
ciphertext: &mut [u8],
key: &[u8],
nonce: &[u8],
ad: &[u8],
plaintext: &[u8],
) -> anyhow::Result<()> {
let (ciphertext, mac) = ciphertext.split_at_mut(ciphertext.len() - TAG_LEN);
use libcrux::aead as C;
let crux_key = C::Key::Chacha20Poly1305(C::Chacha20Key(key.try_into().unwrap()));
let crux_iv = C::Iv(nonce.try_into().unwrap());
copy_slice(plaintext).to(ciphertext);
let crux_tag = libcrux::aead::encrypt(&crux_key, ciphertext, crux_iv, ad).unwrap();
copy_slice(crux_tag.as_ref()).to(mac);
match crux_key {
C::Key::Chacha20Poly1305(mut k) => k.0.zeroize(),
_ => panic!(),
}
Ok(())
}
/// Decrypts a `ciphertext` and verifies the integrity of the `ciphertext` and the additional data
/// `ad`. using ChaCha20Poly1305 as implemented in [libcrux](https://github.com/cryspen/libcrux).
///
/// The `key` slice MUST have a length of [KEY_LEN]. The `nonce` slice MUST have a length of
/// [NONCE_LEN]. The plaintext buffer must have a capacity of `ciphertext.len()` - [TAG_LEN].
///
/// # Examples
///```rust
/// # use rosenpass_ciphers::subtle::chacha20poly1305_ietf_libcrux::{decrypt, TAG_LEN, KEY_LEN, NONCE_LEN};
/// let ciphertext: &[u8] = &[239, 104, 148, 202, 120, 32, 77, 27, 246, 206, 226, 17,
/// 83, 78, 122, 116, 187, 123, 70, 199, 58, 130, 21, 1, 107, 230, 58, 77, 18, 152, 31, 159, 80,
/// 151, 72, 27, 236, 137, 60, 55, 180, 31, 71, 97, 199, 12, 60, 155, 70, 221, 225, 110, 132, 191,
/// 8, 114, 85, 4, 25]; // this is the ciphertext generated by the example for the encryption
/// const PLAINTEXT_LEN: usize = 43;
/// assert_eq!(PLAINTEXT_LEN + TAG_LEN, ciphertext.len());
///
/// let key: &[u8] = &[0u8; KEY_LEN]; // THIS IS NOT A SECURE KEY
/// let nonce: &[u8] = &[0u8; NONCE_LEN]; // THIS IS NOT A SECURE NONCE
/// let additional_data: &[u8] = "the encrypted message is very important".as_bytes();
/// let mut plaintext_buffer = [0u8; PLAINTEXT_LEN];
///
/// let res: anyhow::Result<()> = decrypt(&mut plaintext_buffer, key, nonce, additional_data, ciphertext);
/// assert!(res.is_ok());
/// let expected_plaintext = "post-quantum cryptography is very important".as_bytes();
/// assert_eq!(expected_plaintext, plaintext_buffer);
///
///```
#[inline]
pub fn decrypt(
plaintext: &mut [u8],
key: &[u8],
nonce: &[u8],
ad: &[u8],
ciphertext: &[u8],
) -> anyhow::Result<()> {
let (ciphertext, mac) = ciphertext.split_at(ciphertext.len() - TAG_LEN);
use libcrux::aead as C;
let crux_key = C::Key::Chacha20Poly1305(C::Chacha20Key(key.try_into().unwrap()));
let crux_iv = C::Iv(nonce.try_into().unwrap());
let crux_tag = C::Tag::from_slice(mac).unwrap();
copy_slice(ciphertext).to(plaintext);
libcrux::aead::decrypt(&crux_key, plaintext, crux_iv, ad, &crux_tag).unwrap();
match crux_key {
C::Key::Chacha20Poly1305(mut k) => k.0.zeroize(),
_ => panic!(),
}
Ok(())
}

79
ciphers/src/subtle/custom/incorrect_hmac_blake2b.rs
View File

@@ -1,79 +0,0 @@
use rosenpass_cipher_traits::{
algorithms::KeyedHashIncorrectHmacBlake2b,
primitives::{InferKeyedHash, KeyedHash, KeyedHashTo},
};
use rosenpass_constant_time::xor;
use rosenpass_to::{ops::copy_slice, To};
use zeroize::Zeroizing;
#[cfg(not(feature = "experiment_libcrux_blake2"))]
use crate::subtle::rust_crypto::blake2b::Blake2b;
#[cfg(not(feature = "experiment_libcrux_blake2"))]
use anyhow::Error;
#[cfg(feature = "experiment_libcrux_blake2")]
use crate::subtle::libcrux::blake2b::{Blake2b, Error};
/// The key length, 32 bytes or 256 bits.
pub const KEY_LEN: usize = 32;
/// The hash length, 32 bytes or 256 bits.
pub const HASH_LEN: usize = 32;
/// This is a woefully incorrect implementation of hmac_blake2b.
/// See <https://github.com/rosenpass/rosenpass/issues/68#issuecomment-1563612222>
///
/// It accepts 32 byte keys, exclusively.
///
/// This will be replaced, likely by Kekkac at some point soon.
/// <https://github.com/rosenpass/rosenpass/pull/145>
///
/// # Examples
///```rust
/// # use rosenpass_ciphers::subtle::custom::incorrect_hmac_blake2b::IncorrectHmacBlake2bCore;
/// use rosenpass_cipher_traits::primitives::KeyedHashTo;
/// use rosenpass_to::To;
/// let key: [u8; 32] = [0; 32];
/// let data: [u8; 32] = [255; 32];
/// // buffer for the hash output
/// let mut hash_data: [u8; 32] = [0u8; 32];
///
/// assert!(IncorrectHmacBlake2bCore::keyed_hash_to(&key, &data).to(&mut hash_data).is_ok(), "Hashing has to return OK result");
/// # let expected_hash: &[u8] = &[5, 152, 135, 141, 151, 106, 147, 8, 220, 95, 38, 66, 29, 33, 3,
/// 104, 250, 114, 131, 119, 27, 56, 59, 44, 11, 67, 230, 113, 112, 20, 80, 103];
/// # assert_eq!(hash_data, expected_hash);
///```
///
#[derive(Clone, Debug, PartialEq, Eq)]
pub struct IncorrectHmacBlake2bCore;
impl KeyedHash<KEY_LEN, HASH_LEN> for IncorrectHmacBlake2bCore {
type Error = Error;
fn keyed_hash(
key: &[u8; KEY_LEN],
data: &[u8],
out: &mut [u8; HASH_LEN],
) -> Result<(), Self::Error> {
const IPAD: [u8; KEY_LEN] = [0x36u8; KEY_LEN];
const OPAD: [u8; KEY_LEN] = [0x5Cu8; KEY_LEN];
type Key = Zeroizing<[u8; KEY_LEN]>;
let mut tmp_key = Key::default();
copy_slice(key).to(tmp_key.as_mut());
xor(&IPAD).to(tmp_key.as_mut());
let mut outer_data = Key::default();
Blake2b::keyed_hash_to(&tmp_key, data).to(&mut outer_data)?;
copy_slice(key).to(tmp_key.as_mut());
xor(&OPAD).to(tmp_key.as_mut());
Blake2b::keyed_hash_to(&tmp_key, outer_data.as_ref()).to(out)?;
Ok(())
}
}
pub type IncorrectHmacBlake2b = InferKeyedHash<IncorrectHmacBlake2bCore, KEY_LEN, HASH_LEN>;
impl KeyedHashIncorrectHmacBlake2b for IncorrectHmacBlake2bCore {}

3
ciphers/src/subtle/custom/mod.rs
View File

@@ -1,3 +0,0 @@
//! Own implementations of custom algorithms
pub mod incorrect_hmac_blake2b;

67
ciphers/src/subtle/incorrect_hmac_blake2b.rs Normal file
View File

@@ -0,0 +1,67 @@
use anyhow::ensure;
use zeroize::Zeroizing;
use rosenpass_constant_time::xor;
use rosenpass_to::{ops::copy_slice, with_destination, To};
use crate::subtle::blake2b;
/// The key length, 32 bytes or 256 bits.
pub const KEY_LEN: usize = 32;
/// The minimal key length, identical to [KEY_LEN]
pub const KEY_MIN: usize = KEY_LEN;
/// The maximal key length, identical to [KEY_LEN]
pub const KEY_MAX: usize = KEY_LEN;
/// The minimal output length, see [blake2b::OUT_MIN]
pub const OUT_MIN: usize = blake2b::OUT_MIN;
/// The maximal output length, see [blake2b::OUT_MAX]
pub const OUT_MAX: usize = blake2b::OUT_MAX;
/// This is a woefully incorrect implementation of hmac_blake2b.
/// See <https://github.com/rosenpass/rosenpass/issues/68#issuecomment-1563612222>
///
/// It accepts 32 byte keys, exclusively.
///
/// This will be replaced, likely by Kekkac at some point soon.
/// <https://github.com/rosenpass/rosenpass/pull/145>
///
/// # Examples
///```rust
/// # use rosenpass_ciphers::subtle::incorrect_hmac_blake2b::hash;
/// use rosenpass_to::To;
/// let key: [u8; 32] = [0; 32];
/// let data: [u8; 32] = [255; 32];
/// // buffer for the hash output
/// let mut hash_data: [u8; 32] = [0u8; 32];
///
/// assert!(hash(&key, &data).to(&mut hash_data).is_ok(), "Hashing has to return OK result");
/// # let expected_hash: &[u8] = &[5, 152, 135, 141, 151, 106, 147, 8, 220, 95, 38, 66, 29, 33, 3,
/// 104, 250, 114, 131, 119, 27, 56, 59, 44, 11, 67, 230, 113, 112, 20, 80, 103];
/// # assert_eq!(hash_data, expected_hash);
///```
///
#[inline]
pub fn hash<'a>(key: &'a [u8], data: &'a [u8]) -> impl To<[u8], anyhow::Result<()>> + 'a {
const IPAD: [u8; KEY_LEN] = [0x36u8; KEY_LEN];
const OPAD: [u8; KEY_LEN] = [0x5Cu8; KEY_LEN];
with_destination(|out: &mut [u8]| {
// Not bothering with padding; the implementation
// uses appropriately sized keys.
ensure!(key.len() == KEY_LEN);
type Key = Zeroizing<[u8; KEY_LEN]>;
let mut tmp_key = Key::default();
copy_slice(key).to(tmp_key.as_mut());
xor(&IPAD).to(tmp_key.as_mut());
let mut outer_data = Key::default();
blake2b::hash(tmp_key.as_ref(), data).to(outer_data.as_mut())?;
copy_slice(key).to(tmp_key.as_mut());
xor(&OPAD).to(tmp_key.as_mut());
blake2b::hash(tmp_key.as_ref(), outer_data.as_ref()).to(out)?;
Ok(())
})
}

65
ciphers/src/subtle/keyed_hash.rs
View File

@@ -1,65 +0,0 @@
//! This module provides types that enabling choosing the keyed hash building block to be used at
//! runtime (using enums) instead of at compile time (using generics).
use anyhow::Result;
use rosenpass_cipher_traits::primitives::KeyedHashInstance;
use std::fmt::Display;
use crate::subtle::{
custom::incorrect_hmac_blake2b::IncorrectHmacBlake2b, rust_crypto::keyed_shake256::SHAKE256_32,
};
/// Length of symmetric key throughout Rosenpass.
pub const KEY_LEN: usize = 32;
/// The hash is used as a symmetric key and should have the same length.
pub const HASH_LEN: usize = KEY_LEN;
/// Provides a way to pick which keyed hash to use at runtime.
/// Implements [`KeyedHashInstance`] to allow hashing using the respective algorithm.
#[derive(Debug, Eq, PartialEq, Clone)]
pub enum KeyedHash {
/// A hasher backed by [`SHAKE256_32`].
KeyedShake256(SHAKE256_32),
/// A hasher backed by [`IncorrectHmacBlake2b`].
IncorrectHmacBlake2b(IncorrectHmacBlake2b),
}
impl KeyedHash {
/// Creates an [`KeyedHash`] backed by SHAKE256.
pub fn keyed_shake256() -> Self {
Self::KeyedShake256(Default::default())
}
/// Creates an [`KeyedHash`] backed by Blake2B.
pub fn incorrect_hmac_blake2b() -> Self {
Self::IncorrectHmacBlake2b(Default::default())
}
}
impl KeyedHashInstance<KEY_LEN, HASH_LEN> for KeyedHash {
type Error = anyhow::Error;
fn keyed_hash(
&self,
key: &[u8; KEY_LEN],
data: &[u8],
out: &mut [u8; HASH_LEN],
) -> Result<(), Self::Error> {
match self {
Self::KeyedShake256(h) => h.keyed_hash(key, data, out)?,
Self::IncorrectHmacBlake2b(h) => h.keyed_hash(key, data, out)?,
};
Ok(())
}
}
impl Display for KeyedHash {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
match self {
Self::KeyedShake256(_) => write!(f, "KeyedShake256_32"),
Self::IncorrectHmacBlake2b(_) => write!(f, "IncorrectHmacBlake2b"),
}
}
}

88
ciphers/src/subtle/libcrux/blake2b.rs
View File

@@ -1,88 +0,0 @@
//! Implementation of the [`KeyedHashBlake2b`] trait based on the [`libcrux_blake2`] crate.
use libcrux_blake2::Blake2bBuilder;
use rosenpass_cipher_traits::algorithms::KeyedHashBlake2b;
use rosenpass_cipher_traits::primitives::KeyedHash;
pub use rosenpass_cipher_traits::algorithms::keyed_hash_blake2b::HASH_LEN;
pub use rosenpass_cipher_traits::algorithms::keyed_hash_blake2b::KEY_LEN;
/// Describles which error occurred
#[derive(Debug, thiserror::Error)]
pub enum Error {
/// An unexpected internal error occurred. Should never be returned and points to a bug in the
/// implementation.
#[error("internal error")]
InternalError,
/// Indicates that the provided data was too long.
#[error("data is too long")]
DataTooLong,
}
/// Hasher for the given `data` with the Blake2b hash function.
pub struct Blake2b;
impl KeyedHash<KEY_LEN, HASH_LEN> for Blake2b {
type Error = Error;
fn keyed_hash(
key: &[u8; KEY_LEN],
data: &[u8],
out: &mut [u8; HASH_LEN],
) -> Result<(), Self::Error> {
let mut h = Blake2bBuilder::new_keyed_const(key)
// this may fail if the key length is invalid, but 32 is fine
.map_err(|_| Error::InternalError)?
.build_const_digest_len()
.map_err(|_|
// this can only fail if the output length is invalid, but 32 is fine.
Error::InternalError)?;
h.update(data).map_err(|_| Error::DataTooLong)?;
h.finalize(out);
Ok(())
}
}
impl KeyedHashBlake2b for Blake2b {}
#[cfg(test)]
mod equivalence_tests {
use super::*;
use rand::RngCore;
#[test]
fn fuzz_equivalence_libcrux_old_new() {
let datas: [&[u8]; 3] = [
b"".as_slice(),
b"test".as_slice(),
b"abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd",
];
let mut key = [0; KEY_LEN];
let mut rng = rand::thread_rng();
let mut hash_left = [0; 32];
let mut hash_right = [0; 32];
for data in datas {
for _ in 0..1000 {
rng.fill_bytes(&mut key);
crate::subtle::rust_crypto::blake2b::Blake2b::keyed_hash(
&key,
data,
&mut hash_left,
)
.unwrap();
crate::subtle::libcrux::blake2b::Blake2b::keyed_hash(&key, data, &mut hash_right)
.unwrap();
assert_eq!(hash_left, hash_right);
}
}
}
}

274
ciphers/src/subtle/libcrux/chacha20poly1305_ietf.rs
View File

@@ -1,274 +0,0 @@
//! Implementation of the [`AeadChaCha20Poly1305`] trait based on the [`libcrux_chacha20poly1305`] crate.
use rosenpass_cipher_traits::algorithms::AeadChaCha20Poly1305;
use rosenpass_cipher_traits::primitives::{Aead, AeadError};
pub use rosenpass_cipher_traits::algorithms::aead_chacha20poly1305::{KEY_LEN, NONCE_LEN, TAG_LEN};
/// An implementation of the ChaCha20Poly1305 AEAD based on libcrux
pub struct ChaCha20Poly1305;
impl Aead<KEY_LEN, NONCE_LEN, TAG_LEN> for ChaCha20Poly1305 {
fn encrypt(
&self,
ciphertext: &mut [u8],
key: &[u8; KEY_LEN],
nonce: &[u8; NONCE_LEN],
ad: &[u8],
plaintext: &[u8],
) -> Result<(), AeadError> {
let (ctxt, tag) = libcrux_chacha20poly1305::encrypt(key, plaintext, ciphertext, ad, nonce)
.map_err(|_| AeadError::InternalError)?;
// return an error of the destination buffer is longer than expected
// because the caller wouldn't know where the end is
if ctxt.len() + tag.len() != ciphertext.len() {
return Err(AeadError::InternalError);
}
Ok(())
}
fn decrypt(
&self,
plaintext: &mut [u8],
key: &[u8; KEY_LEN],
nonce: &[u8; NONCE_LEN],
ad: &[u8],
ciphertext: &[u8],
) -> Result<(), AeadError> {
let ptxt = libcrux_chacha20poly1305::decrypt(key, plaintext, ciphertext, ad, nonce)
.map_err(|_| AeadError::DecryptError)?;
// return an error of the destination buffer is longer than expected
// because the caller wouldn't know where the end is
if ptxt.len() != plaintext.len() {
return Err(AeadError::DecryptError);
}
Ok(())
}
}
impl AeadChaCha20Poly1305 for ChaCha20Poly1305 {}
/// The idea of these tests is to check that the above implemenatation behaves, by and large, the
/// same as the one from the old libcrux and the one from RustCrypto. You can consider them janky,
/// self-rolled property-based tests.
#[cfg(test)]
mod equivalence_tests {
use super::*;
use rand::RngCore;
#[test]
fn proptest_equivalence_libcrux_rustcrypto() {
use crate::subtle::rust_crypto::chacha20poly1305_ietf::ChaCha20Poly1305 as RustCryptoChaCha20Poly1305;
let ptxts: [&[u8]; 3] = [
b"".as_slice(),
b"test".as_slice(),
b"abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd",
];
let mut key = [0; KEY_LEN];
let mut rng = rand::thread_rng();
let mut ctxt_left = [0; 64 + TAG_LEN];
let mut ctxt_right = [0; 64 + TAG_LEN];
let mut ptxt_left = [0; 64];
let mut ptxt_right = [0; 64];
let nonce = [0; NONCE_LEN];
let ad = b"";
for ptxt in ptxts {
for _ in 0..1000 {
rng.fill_bytes(&mut key);
let ctxt_left = &mut ctxt_left[..ptxt.len() + TAG_LEN];
let ctxt_right = &mut ctxt_right[..ptxt.len() + TAG_LEN];
let ptxt_left = &mut ptxt_left[..ptxt.len()];
let ptxt_right = &mut ptxt_right[..ptxt.len()];
RustCryptoChaCha20Poly1305
.encrypt(ctxt_left, &key, &nonce, ad, ptxt)
.unwrap();
ChaCha20Poly1305
.encrypt(ctxt_right, &key, &nonce, ad, ptxt)
.unwrap();
assert_eq!(ctxt_left, ctxt_right);
RustCryptoChaCha20Poly1305
.decrypt(ptxt_left, &key, &nonce, ad, ctxt_left)
.unwrap();
ChaCha20Poly1305
.decrypt(ptxt_right, &key, &nonce, ad, ctxt_right)
.unwrap();
assert_eq!(ptxt_left, ptxt);
assert_eq!(ptxt_right, ptxt);
}
}
}
#[test]
#[cfg(feature = "experiment_libcrux_chachapoly_test")]
fn proptest_equivalence_libcrux_old_new() {
let ptxts: [&[u8]; 3] = [
b"".as_slice(),
b"test".as_slice(),
b"abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd",
];
let mut key = [0; KEY_LEN];
let mut rng = rand::thread_rng();
let mut ctxt_left = [0; 64 + TAG_LEN];
let mut ctxt_right = [0; 64 + TAG_LEN];
let mut ptxt_left = [0; 64];
let mut ptxt_right = [0; 64];
let nonce = [0; NONCE_LEN];
let ad = b"";
for ptxt in ptxts {
for _ in 0..1000 {
rng.fill_bytes(&mut key);
let ctxt_left = &mut ctxt_left[..ptxt.len() + TAG_LEN];
let ctxt_right = &mut ctxt_right[..ptxt.len() + TAG_LEN];
let ptxt_left = &mut ptxt_left[..ptxt.len()];
let ptxt_right = &mut ptxt_right[..ptxt.len()];
encrypt(ctxt_left, &key, &nonce, ad, ptxt).unwrap();
ChaCha20Poly1305
.encrypt(ctxt_right, &key, &nonce, ad, ptxt)
.unwrap();
assert_eq!(ctxt_left, ctxt_right);
decrypt(ptxt_left, &key, &nonce, ad, ctxt_left).unwrap();
ChaCha20Poly1305
.decrypt(ptxt_right, &key, &nonce, ad, ctxt_right)
.unwrap();
assert_eq!(ptxt_left, ptxt);
assert_eq!(ptxt_right, ptxt);
}
}
// The old libcrux functions:
// The functions below are from the old libcrux backend. I am keeping them around so we can
// check if they behave the same.
use rosenpass_to::ops::copy_slice;
use rosenpass_to::To;
use zeroize::Zeroize;
/// Encrypts using ChaCha20Poly1305 as implemented in [libcrux](https://github.com/cryspen/libcrux).
/// Key and nonce MUST be chosen (pseudo-)randomly. The `key` slice MUST have a length of
/// [KEY_LEN]. The `nonce` slice MUST have a length of [NONCE_LEN]. The last [TAG_LEN] bytes
/// written in `ciphertext` are the tag guaranteeing integrity. `ciphertext` MUST have a capacity of
/// `plaintext.len()` + [TAG_LEN].
///
/// # Examples
///```rust
/// # use rosenpass_ciphers::subtle::chacha20poly1305_ietf_libcrux::{encrypt, TAG_LEN, KEY_LEN, NONCE_LEN};
///
/// const PLAINTEXT_LEN: usize = 43;
/// let plaintext = "post-quantum cryptography is very important".as_bytes();
/// assert_eq!(PLAINTEXT_LEN, plaintext.len());
/// let key: &[u8] = &[0u8; KEY_LEN]; // THIS IS NOT A SECURE KEY
/// let nonce: &[u8] = &[0u8; NONCE_LEN]; // THIS IS NOT A SECURE NONCE
/// let additional_data: &[u8] = "the encrypted message is very important".as_bytes();
/// let mut ciphertext_buffer = [0u8; PLAINTEXT_LEN + TAG_LEN];
///
/// let res: anyhow::Result<()> = encrypt(&mut ciphertext_buffer, key, nonce, additional_data, plaintext);
/// assert!(res.is_ok());
/// # let expected_ciphertext: &[u8] = &[239, 104, 148, 202, 120, 32, 77, 27, 246, 206, 226, 17,
/// # 83, 78, 122, 116, 187, 123, 70, 199, 58, 130, 21, 1, 107, 230, 58, 77, 18, 152, 31, 159, 80,
/// # 151, 72, 27, 236, 137, 60, 55, 180, 31, 71, 97, 199, 12, 60, 155, 70, 221, 225, 110, 132, 191,
/// # 8, 114, 85, 4, 25];
/// # assert_eq!(expected_ciphertext, &ciphertext_buffer);
///```
///
#[inline]
pub fn encrypt(
ciphertext: &mut [u8],
key: &[u8],
nonce: &[u8],
ad: &[u8],
plaintext: &[u8],
) -> anyhow::Result<()> {
let (ciphertext, mac) = ciphertext.split_at_mut(ciphertext.len() - TAG_LEN);
use libcrux::aead as C;
let crux_key = C::Key::Chacha20Poly1305(C::Chacha20Key(key.try_into().unwrap()));
let crux_iv = C::Iv(nonce.try_into().unwrap());
copy_slice(plaintext).to(ciphertext);
let crux_tag = libcrux::aead::encrypt(&crux_key, ciphertext, crux_iv, ad).unwrap();
copy_slice(crux_tag.as_ref()).to(mac);
match crux_key {
C::Key::Chacha20Poly1305(mut k) => k.0.zeroize(),
_ => panic!(),
}
Ok(())
}
/// Decrypts a `ciphertext` and verifies the integrity of the `ciphertext` and the additional data
/// `ad`. using ChaCha20Poly1305 as implemented in [libcrux](https://github.com/cryspen/libcrux).
///
/// The `key` slice MUST have a length of [KEY_LEN]. The `nonce` slice MUST have a length of
/// [NONCE_LEN]. The plaintext buffer must have a capacity of `ciphertext.len()` - [TAG_LEN].
///
/// # Examples
///```rust
/// # use rosenpass_ciphers::subtle::chacha20poly1305_ietf_libcrux::{decrypt, TAG_LEN, KEY_LEN, NONCE_LEN};
/// let ciphertext: &[u8] = &[239, 104, 148, 202, 120, 32, 77, 27, 246, 206, 226, 17,
/// 83, 78, 122, 116, 187, 123, 70, 199, 58, 130, 21, 1, 107, 230, 58, 77, 18, 152, 31, 159, 80,
/// 151, 72, 27, 236, 137, 60, 55, 180, 31, 71, 97, 199, 12, 60, 155, 70, 221, 225, 110, 132, 191,
/// 8, 114, 85, 4, 25]; // this is the ciphertext generated by the example for the encryption
/// const PLAINTEXT_LEN: usize = 43;
/// assert_eq!(PLAINTEXT_LEN + TAG_LEN, ciphertext.len());
///
/// let key: &[u8] = &[0u8; KEY_LEN]; // THIS IS NOT A SECURE KEY
/// let nonce: &[u8] = &[0u8; NONCE_LEN]; // THIS IS NOT A SECURE NONCE
/// let additional_data: &[u8] = "the encrypted message is very important".as_bytes();
/// let mut plaintext_buffer = [0u8; PLAINTEXT_LEN];
///
/// let res: anyhow::Result<()> = decrypt(&mut plaintext_buffer, key, nonce, additional_data, ciphertext);
/// assert!(res.is_ok());
/// let expected_plaintext = "post-quantum cryptography is very important".as_bytes();
/// assert_eq!(expected_plaintext, plaintext_buffer);
///
///```
#[inline]
pub fn decrypt(
plaintext: &mut [u8],
key: &[u8],
nonce: &[u8],
ad: &[u8],
ciphertext: &[u8],
) -> anyhow::Result<()> {
let (ciphertext, mac) = ciphertext.split_at(ciphertext.len() - TAG_LEN);
use libcrux::aead as C;
let crux_key = C::Key::Chacha20Poly1305(C::Chacha20Key(key.try_into().unwrap()));
let crux_iv = C::Iv(nonce.try_into().unwrap());
let crux_tag = C::Tag::from_slice(mac).unwrap();
copy_slice(ciphertext).to(plaintext);
libcrux::aead::decrypt(&crux_key, plaintext, crux_iv, ad, &crux_tag).unwrap();
match crux_key {
C::Key::Chacha20Poly1305(mut k) => k.0.zeroize(),
_ => panic!(),
}
Ok(())
}
}
}

133
ciphers/src/subtle/libcrux/kyber512.rs
View File

@@ -1,133 +0,0 @@
//! Implementation of the [`KemKyber512`] trait based on the [`libcrux_ml_kem`] crate.
use libcrux_ml_kem::kyber512;
use rand::RngCore;
use rosenpass_cipher_traits::algorithms::KemKyber512;
use rosenpass_cipher_traits::primitives::{Kem, KemError};
pub use rosenpass_cipher_traits::algorithms::kem_kyber512::{CT_LEN, PK_LEN, SHK_LEN, SK_LEN};
/// An implementation of the Kyber512 KEM based on libcrux
pub struct Kyber512;
impl Kem<SK_LEN, PK_LEN, CT_LEN, SHK_LEN> for Kyber512 {
fn keygen(&self, sk: &mut [u8; SK_LEN], pk: &mut [u8; PK_LEN]) -> Result<(), KemError> {
let mut randomness = [0u8; libcrux_ml_kem::KEY_GENERATION_SEED_SIZE];
rand::thread_rng().fill_bytes(&mut randomness);
let key_pair = kyber512::generate_key_pair(randomness);
let new_sk: &[u8; SK_LEN] = key_pair.sk();
let new_pk: &[u8; PK_LEN] = key_pair.pk();
sk.clone_from_slice(new_sk);
pk.clone_from_slice(new_pk);
Ok(())
}
fn encaps(
&self,
shk: &mut [u8; SHK_LEN],
ct: &mut [u8; CT_LEN],
pk: &[u8; PK_LEN],
) -> Result<(), KemError> {
let mut randomness = [0u8; libcrux_ml_kem::SHARED_SECRET_SIZE];
rand::thread_rng().fill_bytes(&mut randomness);
let (new_ct, new_shk) = kyber512::encapsulate(&pk.into(), randomness);
let new_ct: &[u8; CT_LEN] = new_ct.as_slice();
shk.clone_from_slice(&new_shk);
ct.clone_from_slice(new_ct);
Ok(())
}
fn decaps(
&self,
shk: &mut [u8; SHK_LEN],
sk: &[u8; SK_LEN],
ct: &[u8; CT_LEN],
) -> Result<(), KemError> {
let new_shk: [u8; SHK_LEN] = kyber512::decapsulate(&sk.into(), &ct.into());
shk.clone_from(&new_shk);
Ok(())
}
}
impl Default for Kyber512 {
fn default() -> Self {
Self
}
}
impl KemKyber512 for Kyber512 {}
#[cfg(test)]
mod equivalence_tests {
use super::*;
// Test that libcrux and OQS produce the same results
#[test]
fn proptest_equivalence_libcrux_oqs() {
use rosenpass_oqs::Kyber512 as OqsKyber512;
let (mut sk1, mut pk1) = ([0; SK_LEN], [0; PK_LEN]);
let (mut sk2, mut pk2) = ([0; SK_LEN], [0; PK_LEN]);
let mut ct_left = [0; CT_LEN];
let mut ct_right = [0; CT_LEN];
let mut shk_enc_left = [0; SHK_LEN];
let mut shk_enc_right = [0; SHK_LEN];
// naming schema: shk_dec_{encapsing lib}_{decapsing lib}
// should be the same if the encapsing lib was the same.
let mut shk_dec_left_left = [0; SHK_LEN];
let mut shk_dec_left_right = [0; SHK_LEN];
let mut shk_dec_right_left = [0; SHK_LEN];
let mut shk_dec_right_right = [0; SHK_LEN];
for _ in 0..1000 {
let sk1 = &mut sk1;
let pk1 = &mut pk1;
let sk2 = &mut sk2;
let pk2 = &mut pk2;
let ct_left = &mut ct_left;
let ct_right = &mut ct_right;
let shk_enc_left = &mut shk_enc_left;
let shk_enc_right = &mut shk_enc_right;
let shk_dec_left_left = &mut shk_dec_left_left;
let shk_dec_left_right = &mut shk_dec_left_right;
let shk_dec_right_left = &mut shk_dec_right_left;
let shk_dec_right_right = &mut shk_dec_right_right;
Kyber512.keygen(sk1, pk1).unwrap();
Kyber512.keygen(sk2, pk2).unwrap();
Kyber512.encaps(shk_enc_left, ct_left, pk2).unwrap();
OqsKyber512.encaps(shk_enc_right, ct_right, pk2).unwrap();
Kyber512.decaps(shk_dec_left_left, sk2, ct_left).unwrap();
Kyber512.decaps(shk_dec_right_left, sk2, ct_right).unwrap();
OqsKyber512
.decaps(shk_dec_left_right, sk2, ct_left)
.unwrap();
OqsKyber512
.decaps(shk_dec_right_right, sk2, ct_right)
.unwrap();
assert_eq!(shk_enc_left, shk_dec_left_left);
assert_eq!(shk_enc_left, shk_dec_left_right);
assert_eq!(shk_enc_right, shk_dec_right_left);
assert_eq!(shk_enc_right, shk_dec_right_right);
}
}
}

14
ciphers/src/subtle/libcrux/mod.rs
View File

@@ -1,14 +0,0 @@
//! Implementations backed by libcrux, a verified crypto library.
//!
//! [Website](https://cryspen.com/libcrux/)
//!
//! [Github](https://github.com/cryspen/libcrux)
#[cfg(feature = "experiment_libcrux_blake2")]
pub mod blake2b;
#[cfg(feature = "experiment_libcrux_chachapoly")]
pub mod chacha20poly1305_ietf;
#[cfg(feature = "experiment_libcrux_kyber")]
pub mod kyber512;

29
ciphers/src/subtle/mod.rs
View File

@@ -1,16 +1,13 @@
//! Contains the implementations of the crypto algorithms used throughout Rosenpass.
pub mod keyed_hash;
pub use custom::incorrect_hmac_blake2b;
pub use rust_crypto::{blake2b, keyed_shake256};
pub mod custom;
pub mod rust_crypto;
#[cfg(any(
feature = "experiment_libcrux_blake2",
feature = "experiment_libcrux_chachapoly",
feature = "experiment_libcrux_kyber"
))]
pub mod libcrux;
/// This module provides the following cryptographic schemes:
/// - [blake2b]: The blake2b hash function
/// - [chacha20poly1305_ietf]: The Chacha20Poly1305 AEAD as implemented in [RustCrypto](https://crates.io/crates/chacha20poly1305) (only used when the feature `experiment_libcrux` is disabled).
/// - [chacha20poly1305_ietf_libcrux]: The Chacha20Poly1305 AEAD as implemented in [libcrux](https://github.com/cryspen/libcrux) (only used when the feature `experiment_libcrux` is enabled).
/// - [incorrect_hmac_blake2b]: An (incorrect) hmac based on [blake2b].
/// - [xchacha20poly1305_ietf] The Chacha20Poly1305 AEAD as implemented in [RustCrypto](https://crates.io/crates/chacha20poly1305)
pub mod blake2b;
#[cfg(not(feature = "experiment_libcrux"))]
pub mod chacha20poly1305_ietf;
#[cfg(feature = "experiment_libcrux")]
pub mod chacha20poly1305_ietf_libcrux;
pub mod incorrect_hmac_blake2b;
pub mod xchacha20poly1305_ietf;

44
ciphers/src/subtle/rust_crypto/blake2b.rs
View File

@@ -1,44 +0,0 @@
use zeroize::Zeroizing;
use blake2::digest::crypto_common::generic_array::GenericArray;
use blake2::digest::crypto_common::typenum::U32;
use blake2::digest::{FixedOutput, Mac};
use blake2::Blake2bMac;
use rosenpass_cipher_traits::primitives::KeyedHash;
use rosenpass_to::{ops::copy_slice, To};
pub use rosenpass_cipher_traits::algorithms::keyed_hash_blake2b::{HASH_LEN, KEY_LEN};
/// Specify that the used implementation of BLAKE2b is the MAC version of BLAKE2b
/// with output and key length of 32 bytes (see [Blake2bMac]).
type Impl = Blake2bMac<U32>;
/// Hashes the given `data` with the [Blake2bMac] hash function under the given `key`.
/// The both the length of the output the length of the key 32 bytes (or 256 bits).
pub struct Blake2b;
impl KeyedHash<KEY_LEN, HASH_LEN> for Blake2b {
type Error = anyhow::Error;
fn keyed_hash(
key: &[u8; KEY_LEN],
data: &[u8],
out: &mut [u8; HASH_LEN],
) -> Result<(), Self::Error> {
let mut h = Impl::new_from_slice(key)?;
h.update(data);
// Jesus christ, blake2 crate, your usage of GenericArray might be nice and fancy,
// but it introduces a ton of complexity. This cost me half an hour just to figure
// out the right way to use the imports while allowing for zeroization.
// An API based on slices might actually be simpler.
let mut tmp = Zeroizing::new([0u8; HASH_LEN]);
let tmp = GenericArray::from_mut_slice(tmp.as_mut());
h.finalize_into(tmp);
copy_slice(tmp.as_ref()).to(out);
Ok(())
}
}
impl rosenpass_cipher_traits::algorithms::KeyedHashBlake2b for Blake2b {}

79
ciphers/src/subtle/rust_crypto/chacha20poly1305_ietf.rs
View File

@@ -1,79 +0,0 @@
use rosenpass_to::ops::copy_slice;
use rosenpass_to::To;
use rosenpass_cipher_traits::algorithms::AeadChaCha20Poly1305;
use rosenpass_cipher_traits::primitives::{Aead, AeadError};
use chacha20poly1305::aead::generic_array::GenericArray;
use chacha20poly1305::ChaCha20Poly1305 as AeadImpl;
use chacha20poly1305::{AeadInPlace, KeyInit};
pub use rosenpass_cipher_traits::algorithms::aead_chacha20poly1305::{KEY_LEN, NONCE_LEN, TAG_LEN};
/// Implements the [`Aead`] and [`AeadChaCha20Poly1305`] traits backed by the RustCrypto
/// implementation.
pub struct ChaCha20Poly1305;
impl Aead<KEY_LEN, NONCE_LEN, TAG_LEN> for ChaCha20Poly1305 {
fn encrypt(
&self,
ciphertext: &mut [u8],
key: &[u8; KEY_LEN],
nonce: &[u8; NONCE_LEN],
ad: &[u8],
plaintext: &[u8],
) -> Result<(), AeadError> {
// The comparison looks complicated, but we need to do it this way to prevent
// over/underflows.
if ciphertext.len() < TAG_LEN || ciphertext.len() - TAG_LEN < plaintext.len() {
return Err(AeadError::InvalidLengths);
}
let nonce = GenericArray::from_slice(nonce);
let (ct, mac) = ciphertext.split_at_mut(ciphertext.len() - TAG_LEN);
copy_slice(plaintext).to(ct);
// This only fails if the length is wrong, which really shouldn't happen and would
// constitute an internal error.
let encrypter = AeadImpl::new_from_slice(key).map_err(|_| AeadError::InternalError)?;
let mac_value = encrypter
.encrypt_in_place_detached(nonce, ad, ct)
.map_err(|_| AeadError::InternalError)?;
copy_slice(&mac_value[..]).to(mac);
Ok(())
}
fn decrypt(
&self,
plaintext: &mut [u8],
key: &[u8; KEY_LEN],
nonce: &[u8; NONCE_LEN],
ad: &[u8],
ciphertext: &[u8],
) -> Result<(), AeadError> {
// The comparison looks complicated, but we need to do it this way to prevent
// over/underflows.
if ciphertext.len() < TAG_LEN || ciphertext.len() - TAG_LEN < plaintext.len() {
return Err(AeadError::InvalidLengths);
}
let nonce = GenericArray::from_slice(nonce);
let (ct, mac) = ciphertext.split_at(ciphertext.len() - TAG_LEN);
let tag = GenericArray::from_slice(mac);
copy_slice(ct).to(plaintext);
// This only fails if the length is wrong, which really shouldn't happen and would
// constitute an internal error.
let decrypter = AeadImpl::new_from_slice(key).map_err(|_| AeadError::InternalError)?;
decrypter
.decrypt_in_place_detached(nonce, ad, plaintext, tag)
.map_err(|_| AeadError::DecryptError)?;
Ok(())
}
}
impl AeadChaCha20Poly1305 for ChaCha20Poly1305 {}

117
ciphers/src/subtle/rust_crypto/keyed_shake256.rs
View File

@@ -1,117 +0,0 @@
use anyhow::ensure;
use rosenpass_cipher_traits::primitives::{InferKeyedHash, KeyedHash};
use sha3::digest::{ExtendableOutput, Update, XofReader};
use sha3::Shake256;
pub use rosenpass_cipher_traits::algorithms::keyed_hash_shake256::{HASH_LEN, KEY_LEN};
/// An implementation of the [`KeyedHash`] trait backed by the RustCrypto implementation of SHAKE256.
#[derive(Clone, Debug, PartialEq, Eq)]
pub struct SHAKE256Core<const KEY_LEN: usize, const HASH_LEN: usize>;
impl<const KEY_LEN: usize, const HASH_LEN: usize> KeyedHash<KEY_LEN, HASH_LEN>
for SHAKE256Core<KEY_LEN, HASH_LEN>
{
type Error = anyhow::Error;
/// Provides a keyed hash function based on SHAKE256. To work for the protocol, the output length
/// and key length are fixed to 32 bytes (also see [KEY_LEN] and [HASH_LEN]).
///
/// Note that the SHAKE256 is designed for 64 bytes output length, which we truncate to 32 bytes
/// to work well with the overall protocol. Referring to Table 4 of FIPS 202, this offers the
/// same collision resistance as SHAKE128, but 256 bits of preimage resistance. We therefore
/// prefer a truncated SHAKE256 over SHAKE128.
///
/// #Examples
/// ```rust
/// # use rosenpass_ciphers::subtle::rust_crypto::keyed_shake256::SHAKE256Core;
/// use rosenpass_cipher_traits::primitives::KeyedHash;
/// const KEY_LEN: usize = 32;
/// const HASH_LEN: usize = 32;
/// let key: [u8; 32] = [0; KEY_LEN];
/// let data: [u8; 32] = [255; 32]; // arbitrary data, could also be longer
/// // buffer for the hash output
/// let mut hash_data: [u8; 32] = [0u8; HASH_LEN];
///
/// assert!(SHAKE256Core::<32, 32>::keyed_hash(&key, &data, &mut hash_data).is_ok(), "Hashing has to return OK result");
/// # let expected_hash: &[u8] = &[174, 4, 47, 188, 1, 228, 179, 246, 67, 43, 255, 94, 155, 11,
/// 187, 161, 38, 110, 217, 23, 4, 62, 172, 30, 218, 187, 249, 80, 171, 21, 145, 238];
/// # assert_eq!(hash_data, expected_hash);
/// ```
fn keyed_hash(
key: &[u8; KEY_LEN],
data: &[u8],
out: &mut [u8; HASH_LEN],
) -> Result<(), Self::Error> {
// Since SHAKE256 is a XOF, we fix the output length manually to what is required for the
// protocol.
ensure!(out.len() == HASH_LEN);
// Not bothering with padding; the implementation
// uses appropriately sized keys.
ensure!(key.len() == KEY_LEN);
let mut shake256 = Shake256::default();
shake256.update(key);
shake256.update(data);
// Since we use domain separation extensively, related outputs of the truncated XOF
// are not a concern. This follows the NIST recommendations in Section A.2 of the FIPS 202
// standard, (pages 24/25, i.e., 32/33 in the PDF).
shake256.finalize_xof().read(out);
Ok(())
}
}
impl<const KEY_LEN: usize, const HASH_LEN: usize> SHAKE256Core<KEY_LEN, HASH_LEN> {
pub fn new() -> Self {
Self
}
}
impl<const KEY_LEN: usize, const HASH_LEN: usize> Default for SHAKE256Core<KEY_LEN, HASH_LEN> {
fn default() -> Self {
Self::new()
}
}
/// This type provides the same functionality as [SHAKE256Core], but bound to an instance.
/// In contrast to [SHAKE256Core], this allows for type interference and thus allows the user of the
/// type to omit explicit type parameters when instantiating the type or using it.
///
/// The instantiation is based on the [InferKeyedHash] trait.
///
/// ```rust
/// # use rosenpass_ciphers::subtle::rust_crypto::keyed_shake256::{SHAKE256};
/// use rosenpass_cipher_traits::primitives::KeyedHashInstance;
/// const KEY_LEN: usize = 32;
/// const HASH_LEN: usize = 32;
/// let key: [u8; KEY_LEN] = [0; KEY_LEN];
/// let data: [u8; 32] = [255; 32]; // arbitrary data, could also be longer
/// // buffer for the hash output
/// let mut hash_data: [u8; 32] = [0u8; HASH_LEN];
/// assert!(SHAKE256::new().keyed_hash(&key, &data, &mut hash_data).is_ok(), "Hashing has to return OK result");
/// # let expected_hash: &[u8] = &[174, 4, 47, 188, 1, 228, 179, 246, 67, 43, 255, 94, 155, 11, 187,
/// 161, 38, 110, 217, 23, 4, 62, 172, 30, 218, 187, 249, 80, 171, 21, 145, 238];
/// # assert_eq!(hash_data, expected_hash);
/// ```
pub type SHAKE256<const KEY_LEN: usize, const HASH_LEN: usize> =
InferKeyedHash<SHAKE256Core<KEY_LEN, HASH_LEN>, KEY_LEN, HASH_LEN>;
/// The SHAKE256_32 type is a specific instance of the [SHAKE256] type with the key length and hash
/// length fixed to 32 bytes.
///
/// ```rust
/// # use rosenpass_ciphers::subtle::keyed_shake256::{SHAKE256_32};
/// use rosenpass_cipher_traits::primitives::KeyedHashInstance;
/// const KEY_LEN: usize = 32;
/// const HASH_LEN: usize = 32;
/// let key: [u8; 32] = [0; KEY_LEN];
/// let data: [u8; 32] = [255; 32]; // arbitrary data, could also be longer
/// // buffer for the hash output
/// let mut hash_data: [u8; 32] = [0u8; HASH_LEN];
///
/// assert!(SHAKE256_32::new().keyed_hash(&key, &data, &mut hash_data).is_ok(), "Hashing has to return OK result");
/// # let expected_hash: &[u8] = &[174, 4, 47, 188, 1, 228, 179, 246, 67, 43, 255, 94, 155, 11, 187,
/// 161, 38, 110, 217, 23, 4, 62, 172, 30, 218, 187, 249, 80, 171, 21, 145, 238];
/// # assert_eq!(hash_data, expected_hash);
/// ```
pub type SHAKE256_32 = SHAKE256<32, 32>;

7
ciphers/src/subtle/rust_crypto/mod.rs
View File

@@ -1,7 +0,0 @@
//! Implementations backed by RustCrypto
pub mod blake2b;
pub mod keyed_shake256;
pub mod chacha20poly1305_ietf;
pub mod xchacha20poly1305_ietf;

120
ciphers/src/subtle/rust_crypto/xchacha20poly1305_ietf.rs → ciphers/src/subtle/xchacha20poly1305_ietf.rs
View File

@@ -1,82 +1,17 @@
use rosenpass_to::ops::copy_slice;
use rosenpass_to::To;
use rosenpass_cipher_traits::algorithms::aead_xchacha20poly1305::AeadXChaCha20Poly1305;
use rosenpass_cipher_traits::primitives::{Aead, AeadError, AeadWithNonceInCiphertext};
use rosenpass_util::typenum2const;
use chacha20poly1305::aead::generic_array::GenericArray;
use chacha20poly1305::XChaCha20Poly1305 as AeadImpl;
use chacha20poly1305::{AeadInPlace, KeyInit};
use chacha20poly1305::{AeadCore, AeadInPlace, KeyInit, KeySizeUser};
pub use rosenpass_cipher_traits::algorithms::aead_xchacha20poly1305::{
KEY_LEN, NONCE_LEN, TAG_LEN,
};
/// Implements the [`Aead`] and [`AeadXChaCha20Poly1305`] traits backed by the RustCrypto
/// implementation.
pub struct XChaCha20Poly1305;
impl Aead<KEY_LEN, NONCE_LEN, TAG_LEN> for XChaCha20Poly1305 {
fn encrypt(
&self,
ciphertext: &mut [u8],
key: &[u8; KEY_LEN],
nonce: &[u8; NONCE_LEN],
ad: &[u8],
plaintext: &[u8],
) -> Result<(), AeadError> {
// The comparison looks complicated, but we need to do it this way to prevent
// over/underflows.
if ciphertext.len() < TAG_LEN || ciphertext.len() - TAG_LEN < plaintext.len() {
return Err(AeadError::InvalidLengths);
}
let (ct, mac) = ciphertext.split_at_mut(ciphertext.len() - TAG_LEN);
copy_slice(plaintext).to(ct);
let nonce = GenericArray::from_slice(nonce);
// This only fails if the length is wrong, which really shouldn't happen and would
// constitute an internal error.
let encrypter = AeadImpl::new_from_slice(key).map_err(|_| AeadError::InternalError)?;
let mac_value = encrypter
.encrypt_in_place_detached(nonce, ad, ct)
.map_err(|_| AeadError::InternalError)?;
copy_slice(&mac_value[..]).to(mac);
Ok(())
}
fn decrypt(
&self,
plaintext: &mut [u8],
key: &[u8; KEY_LEN],
nonce: &[u8; NONCE_LEN],
ad: &[u8],
ciphertext: &[u8],
) -> Result<(), AeadError> {
// The comparison looks complicated, but we need to do it this way to prevent
// over/underflows.
if ciphertext.len() < TAG_LEN || ciphertext.len() - TAG_LEN < plaintext.len() {
return Err(AeadError::InvalidLengths);
}
let (ct, mac) = ciphertext.split_at(ciphertext.len() - TAG_LEN);
let nonce = GenericArray::from_slice(nonce);
let tag = GenericArray::from_slice(mac);
copy_slice(ct).to(plaintext);
// This only fails if the length is wrong, which really shouldn't happen and would
// constitute an internal error.
let decrypter = AeadImpl::new_from_slice(key).map_err(|_| AeadError::InternalError)?;
decrypter
.decrypt_in_place_detached(nonce, ad, plaintext, tag)
.map_err(|_| AeadError::DecryptError)?;
Ok(())
}
}
impl AeadXChaCha20Poly1305 for XChaCha20Poly1305 {}
/// The key length is 32 bytes or 256 bits.
pub const KEY_LEN: usize = typenum2const! { <AeadImpl as KeySizeUser>::KeySize };
/// The MAC tag length is 16 bytes or 128 bits.
pub const TAG_LEN: usize = typenum2const! { <AeadImpl as AeadCore>::TagSize };
/// The nonce length is 24 bytes or 192 bits.
pub const NONCE_LEN: usize = typenum2const! { <AeadImpl as AeadCore>::NonceSize };
/// Encrypts using XChaCha20Poly1305 as implemented in [RustCrypto](https://github.com/RustCrypto/AEADs/tree/master/chacha20poly1305).
/// `key` and `nonce` MUST be chosen (pseudo-)randomly. The `key` slice MUST have a length of
@@ -88,12 +23,12 @@ impl AeadXChaCha20Poly1305 for XChaCha20Poly1305 {}
///
/// # Examples
///```rust
/// # use rosenpass_ciphers::subtle::rust_crypto::xchacha20poly1305_ietf::{encrypt, TAG_LEN, KEY_LEN, NONCE_LEN};
/// # use rosenpass_ciphers::subtle::xchacha20poly1305_ietf::{encrypt, TAG_LEN, KEY_LEN, NONCE_LEN};
/// const PLAINTEXT_LEN: usize = 43;
/// let plaintext = "post-quantum cryptography is very important".as_bytes();
/// assert_eq!(PLAINTEXT_LEN, plaintext.len());
/// let key: &[u8; KEY_LEN] = &[0u8; KEY_LEN]; // THIS IS NOT A SECURE KEY
/// let nonce: &[u8; NONCE_LEN] = &[0u8; NONCE_LEN]; // THIS IS NOT A SECURE NONCE
/// let key: &[u8] = &[0u8; KEY_LEN]; // THIS IS NOT A SECURE KEY
/// let nonce: &[u8] = &[0u8; NONCE_LEN]; // THIS IS NOT A SECURE NONCE
/// let additional_data: &[u8] = "the encrypted message is very important".as_bytes();
/// let mut ciphertext_buffer = [0u8; NONCE_LEN + PLAINTEXT_LEN + TAG_LEN];
///
@@ -109,14 +44,19 @@ impl AeadXChaCha20Poly1305 for XChaCha20Poly1305 {}
#[inline]
pub fn encrypt(
ciphertext: &mut [u8],
key: &[u8; KEY_LEN],
nonce: &[u8; NONCE_LEN],
key: &[u8],
nonce: &[u8],
ad: &[u8],
plaintext: &[u8],
) -> anyhow::Result<()> {
XChaCha20Poly1305
.encrypt_with_nonce_in_ctxt(ciphertext, key, nonce, ad, plaintext)
.map_err(anyhow::Error::from)
let nonce = GenericArray::from_slice(nonce);
let (n, ct_mac) = ciphertext.split_at_mut(NONCE_LEN);
let (ct, mac) = ct_mac.split_at_mut(ct_mac.len() - TAG_LEN);
copy_slice(nonce).to(n);
copy_slice(plaintext).to(ct);
let mac_value = AeadImpl::new_from_slice(key)?.encrypt_in_place_detached(nonce, ad, ct)?;
copy_slice(&mac_value[..]).to(mac);
Ok(())
}
/// Decrypts a `ciphertext` and verifies the integrity of the `ciphertext` and the additional data
@@ -131,7 +71,7 @@ pub fn encrypt(
///
/// # Examples
///```rust
/// # use rosenpass_ciphers::subtle::rust_crypto::xchacha20poly1305_ietf::{decrypt, TAG_LEN, KEY_LEN, NONCE_LEN};
/// # use rosenpass_ciphers::subtle::xchacha20poly1305_ietf::{decrypt, TAG_LEN, KEY_LEN, NONCE_LEN};
/// let ciphertext: &[u8] = &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
/// # 0, 0, 0, 0, 8, 241, 229, 253, 200, 81, 248, 30, 183, 149, 134, 168, 149, 87, 109, 49, 159, 108,
/// # 206, 89, 51, 232, 232, 197, 163, 253, 254, 208, 73, 76, 253, 13, 247, 162, 133, 184, 177, 44,
@@ -140,8 +80,8 @@ pub fn encrypt(
/// const PLAINTEXT_LEN: usize = 43;
/// assert_eq!(PLAINTEXT_LEN + TAG_LEN + NONCE_LEN, ciphertext.len());
///
/// let key: &[u8; KEY_LEN] = &[0u8; KEY_LEN]; // THIS IS NOT A SECURE KEY
/// let nonce: &[u8; NONCE_LEN] = &[0u8; NONCE_LEN]; // THIS IS NOT A SECURE NONCE
/// let key: &[u8] = &[0u8; KEY_LEN]; // THIS IS NOT A SECURE KEY
/// let nonce: &[u8] = &[0u8; NONCE_LEN]; // THIS IS NOT A SECURE NONCE
/// let additional_data: &[u8] = "the encrypted message is very important".as_bytes();
/// let mut plaintext_buffer = [0u8; PLAINTEXT_LEN];
///
@@ -154,11 +94,15 @@ pub fn encrypt(
#[inline]
pub fn decrypt(
plaintext: &mut [u8],
key: &[u8; KEY_LEN],
key: &[u8],
ad: &[u8],
ciphertext: &[u8],
) -> anyhow::Result<()> {
XChaCha20Poly1305
.decrypt_with_nonce_in_ctxt(plaintext, key, ad, ciphertext)
.map_err(anyhow::Error::from)
let (n, ct_mac) = ciphertext.split_at(NONCE_LEN);
let (ct, mac) = ct_mac.split_at(ct_mac.len() - TAG_LEN);
let nonce = GenericArray::from_slice(n);
let tag = GenericArray::from_slice(mac);
copy_slice(ct).to(plaintext);
AeadImpl::new_from_slice(key)?.decrypt_in_place_detached(nonce, ad, plaintext, tag)?;
Ok(())
}

2
constant-time/Cargo.toml
View File

@@ -19,7 +19,7 @@ rosenpass-to = { workspace = true }
memsec = { workspace = true }
[dev-dependencies]
rand = { workspace = true }
rand = "0.8.5"
[lints.rust]
unexpected_cfgs = { level = "allow", check-cfg = ['cfg(coverage)'] }

29
constant-time/src/memcmp.rs
View File

@@ -32,11 +32,8 @@ pub fn memcmp(a: &[u8], b: &[u8]) -> bool {
/// For discussion on how to (further) ensure the constant-time execution of this function,
/// see <https://github.com/rosenpass/rosenpass/issues/232>
#[cfg(all(test, feature = "constant_time_tests"))]
// Stopgap measure against https://github.com/rosenpass/rosenpass/issues/634
#[cfg(not(all(target_os = "macos", target_arch = "aarch64")))]
mod tests {
use super::*;
use core::hint::black_box;
use rand::seq::SliceRandom;
use rand::thread_rng;
use std::time::Instant;
@@ -53,12 +50,14 @@ mod tests {
fn memcmp_runs_in_constant_time() {
// prepare data to compare
let n: usize = 1E6 as usize; // number of comparisons to run
const LEN: usize = 1024; // length of each slice passed as parameters to the tested comparison function
let len = 1024; // length of each slice passed as parameters to the tested comparison function
let a1 = "a".repeat(len);
let a2 = a1.clone();
let b = "b".repeat(len);
let a = [b'a'; LEN];
let b = [b'b'; LEN];
let mut tmp = [0u8; LEN];
let a1 = a1.as_bytes();
let a2 = a2.as_bytes();
let b = b.as_bytes();
// vector representing all timing tests
//
@@ -72,14 +71,12 @@ mod tests {
// run comparisons / call function to test
for test in tests.iter_mut() {
let src = match test.0 {
true => a,
false => b,
};
tmp.copy_from_slice(&src);
let now = Instant::now();
memcmp(black_box(&a), black_box(&tmp));
if test.0 {
memcmp(a1, a2);
} else {
memcmp(a1, b);
}
test.1 = now.elapsed();
// println!("eq: {}, elapsed: {:.2?}", test.0, test.1);
}
@@ -120,6 +117,6 @@ mod tests {
assert!(
correlation.abs() < 0.01,
"execution time correlates with result"
)
);
}
}

3
coverage_report.sh
View File

@@ -23,8 +23,7 @@ main() {
exc cargo llvm-cov --all-features --workspace --doctests --branch
exc rm -rf target/llvm-cov-target/debug/deps/doctestbins
exc mv -v target/llvm-cov-target/doctestbins target/llvm-cov-target/debug/deps/
exc cp -rv target/llvm-cov-target/doctestbins target/llvm-cov-target/debug/deps/doctestbins
exc rm -rf "${OUTPUT_DIR}"
exc mkdir -p "${OUTPUT_DIR}"
exc grcov target/llvm-cov-target/ --llvm -s . --branch \

128
deny.toml
View File

@@ -1,128 +0,0 @@
# The graph table configures how the dependency graph is constructed and thus
# which crates the checks are performed against
[graph]
# If true, metadata will be collected with `--all-features`. Note that this can't
# be toggled off if true, if you want to conditionally enable `--all-features` it
# is recommended to pass `--all-features` on the cmd line instead
all-features = true
# If true, metadata will be collected with `--no-default-features`. The same
# caveat with `all-features` applies
no-default-features = false
# The output table provides options for how/if diagnostics are outputted
[output]
# When outputting inclusion graphs in diagnostics that include features, this
# option can be used to specify the depth at which feature edges will be added.
# This option is included since the graphs can be quite large and the addition
# of features from the crate(s) to all of the graph roots can be far too verbose.
# This option can be overridden via `--feature-depth` on the cmd line
feature-depth = 1
# This section is considered when running `cargo deny check advisories`
# More documentation for the advisories section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html
[advisories]
# A list of advisory IDs to ignore. Note that ignored advisories will still
# output a note when they are encountered.
ignore = [
"RUSTSEC-2024-0370",
"RUSTSEC-2024-0436",
]
# If this is true, then cargo deny will use the git executable to fetch advisory database.
# If this is false, then it uses a built-in git library.
# Setting this to true can be helpful if you have special authentication requirements that cargo-deny does not support.
# See Git Authentication for more information about setting up git authentication.
#git-fetch-with-cli = true
# This section is considered when running `cargo deny check #licenses`
# More documentation for the licenses section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
[licenses]
# List of explicitly allowed licenses
# See https://spdx.org/licenses/ for list of possible licenses
# [possible values: any SPDX 3.11 short identifier (+ optional exception)].
allow = [
"MIT",
"Apache-2.0",
"Apache-2.0 WITH LLVM-exception",
"BSD-3-Clause",
"ISC",
]
# The confidence threshold for detecting a license from license text.
# The higher the value, the more closely the license text must be to the
# canonical license text of a valid SPDX license file.
# [possible values: any between 0.0 and 1.0].
confidence-threshold = 0.8
# Allow 1 or more licenses on a per-crate basis, so that particular licenses
# aren't accepted for every possible crate as with the normal allow list
exceptions = [
# Each entry is the crate and version constraint, and its specific allow
# list
{ allow = ["Unicode-DFS-2016", "Unicode-3.0"], crate = "unicode-ident" },
{ allow = ["NCSA"], crate = "libfuzzer-sys" },
]
[licenses.private]
# If true, ignores workspace crates that aren't published, or are only
# published to private registries.
# To see how to mark a crate as unpublished (to the official registry),
# visit https://doc.rust-lang.org/cargo/reference/manifest.html#the-publish-field.
ignore = true
# This section is considered when running `cargo deny check bans`.
# More documentation about the 'bans' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html
[bans]
# Lint level for when multiple versions of the same crate are detected
multiple-versions = "warn"
# Lint level for when a crate version requirement is `*`
wildcards = "allow"
# The graph highlighting used when creating dotgraphs for crates
# with multiple versions
# * lowest-version - The path to the lowest versioned duplicate is highlighted
# * simplest-path - The path to the version with the fewest edges is highlighted
# * all - Both lowest-version and simplest-path are used
highlight = "all"
# The default lint level for `default` features for crates that are members of
# the workspace that is being checked. This can be overridden by allowing/denying
# `default` on a crate-by-crate basis if desired.
workspace-default-features = "allow"
# The default lint level for `default` features for external crates that are not
# members of the workspace. This can be overridden by allowing/denying `default`
# on a crate-by-crate basis if desired.
external-default-features = "allow"
# List of crates that are allowed. Use with care!
allow = [
]
# List of crates to deny
deny = [
]
skip-tree = [
]
# This section is considered when running `cargo deny check sources`.
# More documentation about the 'sources' section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/sources/cfg.html
[sources]
# Lint level for what to happen when a crate from a crate registry that is not
# in the allow list is encountered
unknown-registry = "warn"
# Lint level for what to happen when a crate from a git repository that is not
# in the allow list is encountered
unknown-git = "warn"
# List of URLs for allowed crate registries. Defaults to the crates.io index
# if not specified. If it is specified but empty, no registries are allowed.
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
# List of URLs for allowed Git repositories
allow-git = ["git+https://github.com/rosenpass/memsec.git?branch=master"]
[sources.allow-org]
# github.com organizations to allow git sources for
github = []
# gitlab.com organizations to allow git sources for
gitlab = []
# bitbucket.org organizations to allow git sources for
bitbucket = []

45
docker/Dockerfile
View File

@@ -1,45 +0,0 @@
# syntax=docker/dockerfile:1
ARG BASE_IMAGE=debian:bookworm-slim
# Stage 1: Base image with cargo-chef installed
FROM rust:latest AS chef
RUN cargo install cargo-chef
# install software required for liboqs-rust
RUN apt-get update && apt-get install -y clang cmake && rm -rf /var/lib/apt/lists/*
# Stage 2: Prepare the cargo-chef recipe
FROM chef AS planner
WORKDIR /app
COPY . .
RUN cargo chef prepare --recipe-path recipe.json
# Stage 3: Cache dependencies using the recipe
FROM chef AS cacher
WORKDIR /app
COPY --from=planner /app/recipe.json recipe.json
RUN cargo chef cook --release --recipe-path recipe.json
# Stage 4: Build the application
FROM cacher AS builder
WORKDIR /app
COPY . .
RUN cargo build --release
# Stage 5: Install runtime-dependencies in the base image
FROM ${BASE_IMAGE} AS base_image_with_dependencies
RUN apt-get update && apt-get install -y iproute2 && rm -rf /var/lib/apt/lists/*
# Final Stage (rosenpass): Copy the rosenpass binary
FROM base_image_with_dependencies AS rosenpass
COPY --from=builder /app/target/release/rosenpass /usr/local/bin/rosenpass
ENTRYPOINT [ "/usr/local/bin/rosenpass" ]
# Final Stage (rp): Copy the rp binary
FROM base_image_with_dependencies AS rp
RUN apt-get update && apt-get install -y wireguard && rm -rf /var/lib/apt/lists/*
COPY --from=builder /app/target/release/rp /usr/local/bin/rp
ENTRYPOINT [ "/usr/local/bin/rp" ]

203
docker/USAGE.md
View File

@@ -1,203 +0,0 @@
# Rosenpass in Docker
Rosenpass provides post-quantum-secure key exchange for VPNs. It generates symmetric keys used by [WireGuard](https://www.wireguard.com/papers/wireguard.pdf) or other applications. The protocol enhances "Post-Quantum WireGuard" ([PQWG](https://eprint.iacr.org/2020/379)) with a cookie mechanism for better security against state disruption attacks.
Prebuilt Docker images are available for easy deployment:
- [`ghcr.io/rosenpass/rosenpass`](https://github.com/rosenpass/rosenpass/pkgs/container/rosenpass) the core key exchange tool
- [`ghcr.io/rosenpass/rp`](https://github.com/rosenpass/rosenpass/pkgs/container/rp) a frontend for setting up WireGuard VPNs
The entrypoint of the `rosenpass` image is the `rosenpass` executable, whose documentation can be found [here](https://rosenpass.eu/docs/rosenpass-tool/manuals/rp_manual/).
Similarly, the entrypoint of the `rp` image is the `rp` executable, with its documentation available [here](https://rosenpass.eu/docs/rosenpass-tool/manuals/rp1/).
## Usage - Standalone Key Exchange
The `ghcr.io/rosenpass/rosenpass` image can be used in a server-client setup to exchange quantum-secure shared keys.
This setup uses rosenpass as a standalone application, without using any other component such as wireguard.
What follows, is a simple setup for illustrative purposes.
Create a docker network that is used to connect the containers:
```bash
docker network create -d bridge rp
export NET=rp
```
Generate the server and client key pairs:
```bash
mkdir ./workdir-client ./workdir-server
docker run -it --rm -v ./workdir-server:/workdir ghcr.io/rosenpass/rosenpass \
gen-keys --public-key=workdir/server-public --secret-key=workdir/server-secret
docker run -it --rm -v ./workdir-client:/workdir ghcr.io/rosenpass/rosenpass \
gen-keys --public-key=workdir/client-public --secret-key=workdir/client-secret
# share the public keys between client and server
cp workdir-client/client-public workdir-server/client-public
cp workdir-server/server-public workdir-client/server-public
```
Start the server container:
```bash
docker run --name "rpserver" --network ${NET} \
-it --rm -v ./workdir-server:/workdir ghcr.io/rosenpass/rosenpass \
exchange \
private-key workdir/server-secret \
public-key workdir/server-public \
listen 0.0.0.0:9999 \
peer public-key workdir/client-public \
outfile workdir/server-sharedkey
```
Find out the ip address of the server container:
```bash
EP="rpserver"
EP=$(docker inspect --format '{{ .NetworkSettings.Networks.rp.IPAddress }}' $EP)
```
Run the client container and perform the key exchange:
```bash
docker run --name "rpclient" --network ${NET} \
-it --rm -v ./workdir-client:/workdir ghcr.io/rosenpass/rosenpass \
exchange \
private-key workdir/client-secret \
public-key workdir/client-public \
peer public-key workdir/server-public endpoint ${EP}:9999 \
outfile workdir/client-sharedkey
```
Now the containers will exchange shared keys and each put them into their respective outfile.
Comparing the outfiles shows that these shared keys equal:
```bash
cmp workdir-server/server-sharedkey workdir-client/client-sharedkey
```
It is now possible to set add these keys as pre-shared keys within a wireguard interface.
For example as the server,
```bash
PREKEY=$(cat workdir-server/server-sharedkey)
wg set <server-interface> peer <client-peer-public-key> preshared-key <(echo "$PREKEY")
```
## Usage - Combined with wireguard
The `ghcr.io/rosenpass/rp` image can be used to build a VPN with WireGuard and Rosenpass.
In this example, we run two containers on the same system and connect them with a bridge network within the docker overlay network.
Create the named docker network, to be able to connect the containers.
Create a docker network that is used to connect the containers:
```bash
docker network create -d bridge rp
export NET=rp
```
Generate the server and client secret keys and extract public keys.
```bash
mkdir -p ./workdir-server ./workdir-client
# server
docker run -it --rm -v ./workdir-server:/workdir ghcr.io/rosenpass/rp \
genkey workdir/server.rosenpass-secret
docker run -it --rm -v ./workdir-server:/workdir ghcr.io/rosenpass/rp \
pubkey workdir/server.rosenpass-secret workdir/server.rosenpass-public
# client
docker run -it --rm -v ./workdir-client:/workdir ghcr.io/rosenpass/rp \
genkey workdir/client.rosenpass-secret
docker run -it --rm -v ./workdir-client:/workdir ghcr.io/rosenpass/rp \
pubkey workdir/client.rosenpass-secret workdir/client.rosenpass-public
# share the public keys between client and server
cp -r workdir-client/client.rosenpass-public workdir-server/client.rosenpass-public
cp -r workdir-server/server.rosenpass-public workdir-client/server.rosenpass-public
```
Start the server container.
Note that the `NET_ADMIN` capability is neccessary, the rp command will create and manage wireguard interfaces.
Also make sure the `wireguard` kernel module is loaded by the host. (`lsmod | grep wireguard`)
```bash
docker run --name "rpserver" --network ${NET} -it -d --rm -v ./workdir-server:/workdir \
--cap-add=NET_ADMIN \
ghcr.io/rosenpass/rp \
exchange workdir/server.rosenpass-secret dev rosenpass0 \
listen 0.0.0.0:9999 peer workdir/client.rosenpass-public allowed-ips 10.0.0.0/8
```
Now find out the ip-address of the server container and then start the client container:
```bash
EP="rpserver"
EP=$(docker inspect --format '{{ .NetworkSettings.Networks.rp.IPAddress }}' $EP)
docker run --name "rpclient" --network ${NET} -it -d --rm -v ./workdir-client:/workdir \
--cap-add=NET_ADMIN \
ghcr.io/rosenpass/rp \
exchange workdir/client.rosenpass-secret dev rosenpass1 \
peer workdir/server.rosenpass-public endpoint ${EP}:9999 allowed-ips 10.0.0.1
```
Inside the docker containers assign the IP addresses:
```bash
# server
docker exec -it rpserver ip a add 10.0.0.1/24 dev rosenpass0
# client
docker exec -it rpclient ip a add 10.0.0.2/24 dev rosenpass1
```
Done! The two containers should now be connected through a wireguard VPN (Port 1000) with pre-shared keys exchanged by rosenpass (Port 9999).
Now, test the connection by starting a shell inside the client container, and ping the server through the VPN:
```bash
# client
docker exec -it rpclient bash
apt update; apt install iputils-ping
ping 10.0.0.1
```
The ping command should continuously show ping-logs:
```
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.119 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.132 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.394 ms
...
```
While the ping is running, you may stop the server container, and verify that the ping-log halts. In another terminal do:
```
docker stop -t 1 rpserver
```
## Building the Docker Images Locally
Clone the Rosenpass repository:
```
git clone https://github.com/rosenpass/rosenpass
cd rosenpass
```
Build the rp image from the root of the repository as follows:
```
docker build -f docker/Dockerfile -t ghcr.io/rosenpass/rp --target rp .
```
Build the rosenpass image from the root of the repostiry with the following command:
```
docker build -f docker/Dockerfile -t ghcr.io/rosenpass/rosenpass --target rosenpass .
```

21
flake.lock generated
View File

@@ -39,26 +39,6 @@
"type": "github"
}
},
"nix-vm-test": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1734355073,
"narHash": "sha256-FfdPOGy1zElTwKzjgIMp5K2D3gfPn6VWjVa4MJ9L1Tc=",
"owner": "numtide",
"repo": "nix-vm-test",
"rev": "5948de39a616f2261dbbf4b6f25cbe1cbefd788c",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nix-vm-test",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1728193676,
@@ -79,7 +59,6 @@
"inputs": {
"fenix": "fenix",
"flake-utils": "flake-utils",
"nix-vm-test": "nix-vm-test",
"nixpkgs": "nixpkgs"
}
},

24
flake.nix
View File

@@ -6,13 +6,9 @@
# for rust nightly with llvm-tools-preview
fenix.url = "github:nix-community/fenix";
fenix.inputs.nixpkgs.follows = "nixpkgs";
nix-vm-test.url = "github:numtide/nix-vm-test";
nix-vm-test.inputs.nixpkgs.follows = "nixpkgs";
nix-vm-test.inputs.flake-utils.follows = "flake-utils";
};
outputs = { self, nixpkgs, flake-utils, nix-vm-test, ... }@inputs:
outputs = { self, nixpkgs, flake-utils, ... }@inputs:
nixpkgs.lib.foldl (a: b: nixpkgs.lib.recursiveUpdate a b) { } [
@@ -81,19 +77,10 @@
inherit system;
# apply our own overlay, overriding/inserting our packages as defined in ./pkgs
overlays = [
self.overlays.default
nix-vm-test.overlays.default
];
overlays = [ self.overlays.default ];
};
in
{
packages.package-deb = pkgs.callPackage ./pkgs/package-deb.nix {
rosenpass = pkgs.pkgsStatic.rosenpass;
};
packages.package-rpm = pkgs.callPackage ./pkgs/package-rpm.nix {
rosenpass = pkgs.pkgsStatic.rosenpass;
};
#
### Reading materials ###
@@ -127,7 +114,6 @@
inherit (pkgs.proof-proverif) CRYPTOVERIF_LIB;
inputsFrom = [ pkgs.rosenpass ];
nativeBuildInputs = with pkgs; [
cargo-audit
cargo-release
rustfmt
nodePackages.prettier
@@ -164,11 +150,7 @@
{ nativeBuildInputs = [ pkgs.nodePackages.prettier ]; } ''
cd ${./.} && prettier --check . && touch $out
'';
} // pkgs.lib.optionalAttrs (system == "x86_64-linux") (import ./tests/legacy-distro-packaging.nix {
inherit pkgs;
rosenpass-deb = self.packages.${system}.package-deb;
rosenpass-rpm = self.packages.${system}.package-rpm;
});
};
formatter = pkgs.nixpkgs-fmt;
}))

2
fuzz/Cargo.toml
View File

@@ -5,7 +5,7 @@ publish = false
edition = "2021"
[features]
experiment_libcrux = ["rosenpass-ciphers/experiment_libcrux_all"]
experiment_libcrux = ["rosenpass-ciphers/experiment_libcrux"]
[package.metadata]
cargo-fuzz = true

5
fuzz/fuzz_targets/aead_enc_into.rs
View File

@@ -4,8 +4,7 @@ extern crate rosenpass;
use libfuzzer_sys::fuzz_target;
use rosenpass_cipher_traits::primitives::Aead as _;
use rosenpass_ciphers::Aead;
use rosenpass_ciphers::aead;
#[derive(arbitrary::Arbitrary, Debug)]
pub struct Input {
@@ -18,7 +17,7 @@ pub struct Input {
fuzz_target!(|input: Input| {
let mut ciphertext = vec![0u8; input.plaintext.len() + 16];
Aead.encrypt(
aead::encrypt(
ciphertext.as_mut_slice(),
&input.key,
&input.nonce,

5
fuzz/fuzz_targets/blake2b.rs
View File

@@ -4,7 +4,6 @@ extern crate rosenpass;
use libfuzzer_sys::fuzz_target;
use rosenpass_cipher_traits::primitives::KeyedHashTo;
use rosenpass_ciphers::subtle::blake2b;
use rosenpass_to::To;
@@ -17,7 +16,5 @@ pub struct Blake2b {
fuzz_target!(|input: Blake2b| {
let mut out = [0u8; 32];
blake2b::Blake2b::keyed_hash_to(&input.key, &input.data)
.to(&mut out)
.unwrap();
blake2b::hash(&input.key, &input.data).to(&mut out).unwrap();
});

4
fuzz/fuzz_targets/handle_msg.rs
View File

@@ -4,8 +4,8 @@ extern crate rosenpass;
use libfuzzer_sys::fuzz_target;
use rosenpass::protocol::CryptoServer;
use rosenpass_cipher_traits::primitives::Kem;
use rosenpass_ciphers::StaticKem;
use rosenpass_cipher_traits::Kem;
use rosenpass_ciphers::kem::StaticKem;
use rosenpass_secret_memory::policy::*;
use rosenpass_secret_memory::{PublicBox, Secret};
use std::sync::Once;

8
fuzz/fuzz_targets/kyber_encaps.rs
View File

@@ -4,8 +4,8 @@ extern crate rosenpass;
use libfuzzer_sys::fuzz_target;
use rosenpass_cipher_traits::primitives::Kem;
use rosenpass_ciphers::EphemeralKem;
use rosenpass_cipher_traits::Kem;
use rosenpass_ciphers::kem::EphemeralKem;
#[derive(arbitrary::Arbitrary, Debug)]
pub struct Input {
@@ -16,7 +16,5 @@ fuzz_target!(|input: Input| {
let mut ciphertext = [0u8; EphemeralKem::CT_LEN];
let mut shared_secret = [0u8; EphemeralKem::SHK_LEN];
EphemeralKem
.encaps(&mut shared_secret, &mut ciphertext, &input.pk)
.unwrap();
EphemeralKem::encaps(&mut shared_secret, &mut ciphertext, &input.pk).unwrap();
});

6
fuzz/fuzz_targets/mceliece_encaps.rs
View File

@@ -3,13 +3,13 @@ extern crate rosenpass;
use libfuzzer_sys::fuzz_target;
use rosenpass_cipher_traits::primitives::Kem;
use rosenpass_ciphers::StaticKem;
use rosenpass_cipher_traits::Kem;
use rosenpass_ciphers::kem::StaticKem;
fuzz_target!(|input: [u8; StaticKem::PK_LEN]| {
let mut ciphertext = [0u8; StaticKem::CT_LEN];
let mut shared_secret = [0u8; StaticKem::SHK_LEN];
// We expect errors while fuzzing therefore we do not check the result.
let _ = StaticKem.encaps(&mut shared_secret, &mut ciphertext, &input);
let _ = StaticKem::encaps(&mut shared_secret, &mut ciphertext, &input);
});

52
oqs/src/kem_macro.rs
View File

@@ -2,10 +2,11 @@
/// Generate bindings to a liboqs-provided KEM
macro_rules! oqs_kem {
($name:ident, $algo_trait:path) => { ::paste::paste!{
($name:ident) => { ::paste::paste!{
#[doc = "Bindings for ::oqs_sys::kem::" [<"OQS_KEM" _ $name:snake>] "_*"]
mod [< $name:snake >] {
use rosenpass_cipher_traits::primitives::{Kem, KemError};
use rosenpass_cipher_traits::Kem;
use rosenpass_util::result::Guaranteed;
#[doc = "Bindings for ::oqs_sys::kem::" [<"OQS_KEM" _ $name:snake>] "_*"]
#[doc = ""]
@@ -13,7 +14,7 @@ macro_rules! oqs_kem {
#[doc = ""]
#[doc = "```rust"]
#[doc = "use std::borrow::{Borrow, BorrowMut};"]
#[doc = "use rosenpass_cipher_traits::primitives::Kem;"]
#[doc = "use rosenpass_cipher_traits::Kem;"]
#[doc = "use rosenpass_oqs::" $name:camel " as MyKem;"]
#[doc = "use rosenpass_secret_memory::{Secret, Public};"]
#[doc = ""]
@@ -22,26 +23,21 @@ macro_rules! oqs_kem {
#[doc = "// Recipient generates secret key, transfers pk to sender"]
#[doc = "let mut sk = Secret::<{ MyKem::SK_LEN }>::zero();"]
#[doc = "let mut pk = Public::<{ MyKem::PK_LEN }>::zero();"]
#[doc = "MyKem.keygen(sk.secret_mut(), &mut pk);"]
#[doc = "MyKem::keygen(sk.secret_mut(), pk.borrow_mut());"]
#[doc = ""]
#[doc = "// Sender generates ciphertext and local shared key, sends ciphertext to recipient"]
#[doc = "let mut shk_enc = Secret::<{ MyKem::SHK_LEN }>::zero();"]
#[doc = "let mut ct = Public::<{ MyKem::CT_LEN }>::zero();"]
#[doc = "MyKem.encaps(shk_enc.secret_mut(), &mut ct, &pk);"]
#[doc = "MyKem::encaps(shk_enc.secret_mut(), ct.borrow_mut(), pk.borrow());"]
#[doc = ""]
#[doc = "// Recipient decapsulates ciphertext"]
#[doc = "let mut shk_dec = Secret::<{ MyKem::SHK_LEN }>::zero();"]
#[doc = "MyKem.decaps(shk_dec.secret_mut(), sk.secret_mut(), &ct);"]
#[doc = "MyKem::decaps(shk_dec.secret_mut(), sk.secret(), ct.borrow());"]
#[doc = ""]
#[doc = "// Both parties end up with the same shared key"]
#[doc = "assert!(rosenpass_constant_time::compare(shk_enc.secret(), shk_dec.secret()) == 0);"]
#[doc = "assert!(rosenpass_constant_time::compare(shk_enc.secret_mut(), shk_dec.secret_mut()) == 0);"]
#[doc = "```"]
pub struct [< $name:camel >];
pub const SK_LEN: usize = ::oqs_sys::kem::[<OQS_KEM _ $name:snake _ length_secret_key >] as usize;
pub const PK_LEN: usize = ::oqs_sys::kem::[<OQS_KEM _ $name:snake _ length_public_key >] as usize;
pub const CT_LEN: usize = ::oqs_sys::kem::[<OQS_KEM _ $name:snake _ length_ciphertext >] as usize;
pub const SHK_LEN: usize = ::oqs_sys::kem::[<OQS_KEM _ $name:snake _ length_shared_secret >] as usize;
pub enum [< $name:camel >] {}
/// # Panic & Safety
///
@@ -55,8 +51,17 @@ macro_rules! oqs_kem {
/// to only check that the buffers are big enough, allowing them to be even
/// bigger. However, from a correctness point of view it does not make sense to
/// allow bigger buffers.
impl Kem<SK_LEN, PK_LEN, CT_LEN, SHK_LEN> for [< $name:camel >] {
fn keygen(&self, sk: &mut [u8; SK_LEN], pk: &mut [u8; PK_LEN]) -> Result<(), KemError> {
impl Kem for [< $name:camel >] {
type Error = ::std::convert::Infallible;
const SK_LEN: usize = ::oqs_sys::kem::[<OQS_KEM _ $name:snake _ length_secret_key >] as usize;
const PK_LEN: usize = ::oqs_sys::kem::[<OQS_KEM _ $name:snake _ length_public_key >] as usize;
const CT_LEN: usize = ::oqs_sys::kem::[<OQS_KEM _ $name:snake _ length_ciphertext >] as usize;
const SHK_LEN: usize = ::oqs_sys::kem::[<OQS_KEM _ $name:snake _ length_shared_secret >] as usize;
fn keygen(sk: &mut [u8], pk: &mut [u8]) -> Guaranteed<()> {
assert_eq!(sk.len(), Self::SK_LEN);
assert_eq!(pk.len(), Self::PK_LEN);
unsafe {
oqs_call!(
::oqs_sys::kem::[< OQS_KEM _ $name:snake _ keypair >],
@@ -68,7 +73,10 @@ macro_rules! oqs_kem {
Ok(())
}
fn encaps(&self, shk: &mut [u8; SHK_LEN], ct: &mut [u8; CT_LEN], pk: &[u8; PK_LEN]) -> Result<(), KemError> {
fn encaps(shk: &mut [u8], ct: &mut [u8], pk: &[u8]) -> Guaranteed<()> {
assert_eq!(shk.len(), Self::SHK_LEN);
assert_eq!(ct.len(), Self::CT_LEN);
assert_eq!(pk.len(), Self::PK_LEN);
unsafe {
oqs_call!(
::oqs_sys::kem::[< OQS_KEM _ $name:snake _ encaps >],
@@ -81,7 +89,10 @@ macro_rules! oqs_kem {
Ok(())
}
fn decaps(&self, shk: &mut [u8; SHK_LEN], sk: &[u8; SK_LEN], ct: &[u8; CT_LEN]) -> Result<(), KemError> {
fn decaps(shk: &mut [u8], sk: &[u8], ct: &[u8]) -> Guaranteed<()> {
assert_eq!(shk.len(), Self::SHK_LEN);
assert_eq!(sk.len(), Self::SK_LEN);
assert_eq!(ct.len(), Self::CT_LEN);
unsafe {
oqs_call!(
::oqs_sys::kem::[< OQS_KEM _ $name:snake _ decaps >],
@@ -94,16 +105,9 @@ macro_rules! oqs_kem {
Ok(())
}
}
}
impl Default for [< $name:camel >] {
fn default() -> Self {
Self
}
}
impl $algo_trait for [< $name:camel >] {}
pub use [< $name:snake >] :: [< $name:camel >];
}}
}

7
oqs/src/lib.rs
View File

@@ -22,8 +22,5 @@ macro_rules! oqs_call {
#[macro_use]
mod kem_macro;
oqs_kem!(kyber_512, rosenpass_cipher_traits::algorithms::KemKyber512);
oqs_kem!(
classic_mceliece_460896,
rosenpass_cipher_traits::algorithms::KemClassicMceliece460896
);
oqs_kem!(kyber_512);
oqs_kem!(classic_mceliece_460896);

9
pkgs/example.toml
View File

@@ -1,9 +0,0 @@
dev = "rp-example"
ip = "fc00::1/64"
listen = "[::]:51821"
private_keys_dir = "/run/credentials/rp@example.service"
verbose = true
[[peers]]
public_keys_dir = "/etc/rosenpass/example/peers/client"
allowed_ips = "fc00::2"

30
pkgs/package-deb.nix
View File

@@ -1,30 +0,0 @@
{ runCommand, dpkg, rosenpass }:
let
inherit (rosenpass) version;
in
runCommand "rosenpass-${version}.deb" { } ''
mkdir -p packageroot/DEBIAN
cat << EOF > packageroot/DEBIAN/control
Package: rosenpass
Version: ${version}
Architecture: all
Maintainer: Jacek Galowicz <jacek@galowicz.de>
Depends:
Description: Post-quantum-secure VPN tool Rosenpass
Rosenpass is a post-quantum-secure VPN
that uses WireGuard to transport the actual data.
EOF
mkdir -p packageroot/usr/bin
install -m755 -t packageroot/usr/bin ${rosenpass}/bin/*
mkdir -p packageroot/etc/rosenpass
cp -r ${rosenpass}/lib/systemd packageroot/etc/
cp ${./example.toml} packageroot/etc/rosenpass/example.toml
${dpkg}/bin/dpkg --build packageroot $out
''

57
pkgs/package-rpm.nix
View File

@@ -1,57 +0,0 @@
{ lib, system, runCommand, rosenpass, rpm }:
let
splitVersion = lib.strings.splitString "-" rosenpass.version;
version = builtins.head splitVersion;
release =
if builtins.length splitVersion != 2
then "release"
else builtins.elemAt splitVersion 1;
arch = builtins.head (builtins.split "-" system);
in
runCommand "rosenpass-${version}.rpm" { } ''
mkdir -p rpmbuild/SPECS
cat << EOF > rpmbuild/SPECS/rosenpass.spec
Name: rosenpass
Release: ${release}
Version: ${version}
Summary: Post-quantum-secure VPN key exchange
License: Apache-2.0
%description
Post-quantum-secure VPN tool Rosenpass
Rosenpass is a post-quantum-secure VPN
that uses WireGuard to transport the actual data.
%files
/usr/bin/rosenpass
/usr/bin/rp
/etc/systemd/system/rosenpass.target
/etc/systemd/system/rosenpass@.service
/etc/systemd/system/rp@.service
/etc/rosenpass/example.toml
EOF
buildroot=rpmbuild/BUILDROOT/rosenpass-${version}-${release}.${arch}
mkdir -p $buildroot/usr/bin
install -m755 -t $buildroot/usr/bin ${rosenpass}/bin/*
mkdir -p $buildroot/etc/rosenpass
cp -r ${rosenpass}/lib/systemd $buildroot/etc/
chmod -R 744 $buildroot/etc/systemd
cp ${./example.toml} $buildroot/etc/rosenpass/example.toml
export HOME=/build
mkdir -p /build/tmp
ls -R rpmbuild
${rpm}/bin/rpmbuild \
-bb \
--dbpath=$HOME \
--define "_tmppath /build/tmp" \
rpmbuild/SPECS/rosenpass.spec
cp rpmbuild/RPMS/${arch}/rosenpass*.rpm $out
''

1
pkgs/rosenpass.nix
View File

@@ -57,7 +57,6 @@ rustPlatform.buildRustPackage {
outputHashes = {
"memsec-0.6.3" = "sha256-4ri+IEqLd77cLcul3lZrmpDKj4cwuYJ8oPRAiQNGeLw=";
"uds-0.4.2" = "sha256-qlxr/iJt2AV4WryePIvqm/8/MK/iqtzegztNliR93W8=";
"libcrux-blake2-0.0.3-pre" = "sha256-0CLjuzwJqGooiODOHf5D8Hc8ClcG/XcGvVGyOVnLmJY=";
};
};

9
readme.md
View File

@@ -78,15 +78,6 @@ Rosenpass is packaged for more and more distributions, maybe also for the distri
[![Packaging status](https://repology.org/badge/vertical-allrepos/rosenpass.svg)](https://repology.org/project/rosenpass/versions)
## Docker Images
Rosenpass is also available as prebuilt Docker images:
- [`ghcr.io/rosenpass/rosenpass`](https://github.com/rosenpass/rosenpass/pkgs/container/rosenpass)
- [`ghcr.io/rosenpass/rp`](https://github.com/rosenpass/rosenpass/pkgs/container/rp)
For details on how to use these images, refer to the [Docker usage guide](docker/USAGE.md).
# Mirrors
Don't want to use GitHub or only have an IPv6 connection? Rosenpass has set up two mirrors for this:

18
rosenpass/Cargo.toml
View File

@@ -26,14 +26,6 @@ required-features = ["experiment_api", "internal_testing"]
name = "api-integration-tests-api-setup"
required-features = ["experiment_api", "internal_testing"]
[[test]]
name = "gen-ipc-msg-types"
required-features = [
"experiment_api",
"internal_testing",
"internal_bin_gen_ipc_msg_types",
]
[[bench]]
name = "handshake"
harness = false
@@ -85,15 +77,9 @@ tempfile = { workspace = true }
rustix = { workspace = true }
[features]
#default = ["experiment_libcrux_all"]
experiment_cookie_dos_mitigation = []
default = []
experiment_memfd_secret = ["rosenpass-wireguard-broker/experiment_memfd_secret"]
experiment_libcrux_all = ["rosenpass-ciphers/experiment_libcrux_all"]
experiment_libcrux_blake2 = ["rosenpass-ciphers/experiment_libcrux_blake2"]
experiment_libcrux_chachapoly = [
"rosenpass-ciphers/experiment_libcrux_chachapoly",
]
experiment_libcrux_kyber = ["rosenpass-ciphers/experiment_libcrux_kyber"]
experiment_libcrux = ["rosenpass-ciphers/experiment_libcrux"]
experiment_api = [
"hex-literal",
"uds",

33
rosenpass/benches/handshake.rs
View File

@@ -1,11 +1,9 @@
use anyhow::Result;
use rosenpass::protocol::{
CryptoServer, HandleMsgResult, MsgBuf, PeerPtr, ProtocolVersion, SPk, SSk, SymKey,
};
use rosenpass::protocol::{CryptoServer, HandleMsgResult, MsgBuf, PeerPtr, SPk, SSk, SymKey};
use std::ops::DerefMut;
use rosenpass_cipher_traits::primitives::Kem;
use rosenpass_ciphers::StaticKem;
use rosenpass_cipher_traits::Kem;
use rosenpass_ciphers::kem::StaticKem;
use criterion::{black_box, criterion_group, criterion_main, Criterion};
use rosenpass_secret_memory::secret_policy_try_use_memfd_secrets;
@@ -43,33 +41,25 @@ fn hs(ini: &mut CryptoServer, res: &mut CryptoServer) -> Result<()> {
fn keygen() -> Result<(SSk, SPk)> {
let (mut sk, mut pk) = (SSk::zero(), SPk::zero());
StaticKem.keygen(sk.secret_mut(), pk.deref_mut())?;
StaticKem::keygen(sk.secret_mut(), pk.deref_mut())?;
Ok((sk, pk))
}
fn make_server_pair(protocol_version: ProtocolVersion) -> Result<(CryptoServer, CryptoServer)> {
fn make_server_pair() -> Result<(CryptoServer, CryptoServer)> {
let psk = SymKey::random();
let ((ska, pka), (skb, pkb)) = (keygen()?, keygen()?);
let (mut a, mut b) = (
CryptoServer::new(ska, pka.clone()),
CryptoServer::new(skb, pkb.clone()),
);
a.add_peer(Some(psk.clone()), pkb, protocol_version.clone())?;
b.add_peer(Some(psk), pka, protocol_version)?;
a.add_peer(Some(psk.clone()), pkb)?;
b.add_peer(Some(psk), pka)?;
Ok((a, b))
}
fn criterion_benchmark_v02(c: &mut Criterion) {
criterion_benchmark(c, ProtocolVersion::V02)
}
fn criterion_benchmark_v03(c: &mut Criterion) {
criterion_benchmark(c, ProtocolVersion::V03)
}
fn criterion_benchmark(c: &mut Criterion, protocol_version: ProtocolVersion) {
fn criterion_benchmark(c: &mut Criterion) {
secret_policy_try_use_memfd_secrets();
let (mut a, mut b) = make_server_pair(protocol_version).unwrap();
let (mut a, mut b) = make_server_pair().unwrap();
c.bench_function("cca_secret_alloc", |bench| {
bench.iter(|| {
SSk::zero();
@@ -92,6 +82,5 @@ fn criterion_benchmark(c: &mut Criterion, protocol_version: ProtocolVersion) {
});
}
criterion_group!(benches_v02, criterion_benchmark_v02);
criterion_group!(benches_v03, criterion_benchmark_v03);
criterion_main!(benches_v02, benches_v03);
criterion_group!(benches, criterion_benchmark);
criterion_main!(benches);

64
rosenpass/src/api/boilerplate/byte_slice_ext.rs
View File

@@ -8,250 +8,210 @@ use super::{
};
pub trait ByteSliceRefExt: ByteSlice {
/// Shorthand for the typed use of [ZerocopySliceExt::zk_ref_maker].
fn msg_type_maker(self) -> RefMaker<Self, RawMsgType> {
self.zk_ref_maker()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_ref_maker] and
/// [RefMakerRawMsgTypeExt::parse_request_msg_type]
fn msg_type(self) -> anyhow::Result<Ref<Self, PingRequest>> {
self.zk_parse()
}
fn msg_type_from_prefix(self) -> anyhow::Result<Ref<Self, PingRequest>> {
self.zk_parse_prefix()
}
fn msg_type_from_suffix(self) -> anyhow::Result<Ref<Self, PingRequest>> {
self.zk_parse_suffix()
}
fn request_msg_type(self) -> anyhow::Result<RequestMsgType> {
self.msg_type_maker().parse_request_msg_type()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_ref_maker],
/// [RefMaker::from_prefix], and
/// [RefMakerRawMsgTypeExt::parse_request_msg_type].
fn request_msg_type_from_prefix(self) -> anyhow::Result<RequestMsgType> {
self.msg_type_maker()
.from_prefix()?
.parse_request_msg_type()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_ref_maker],
/// [RefMaker::from_suffix], and
/// [RefMakerRawMsgTypeExt::parse_request_msg_type].
fn request_msg_type_from_suffix(self) -> anyhow::Result<RequestMsgType> {
self.msg_type_maker()
.from_suffix()?
.parse_request_msg_type()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_ref_maker],
/// [RefMakerRawMsgTypeExt::parse_response_msg_type].
fn response_msg_type(self) -> anyhow::Result<ResponseMsgType> {
self.msg_type_maker().parse_response_msg_type()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_ref_maker],
/// [RefMaker::from_prefix], and
/// [RefMakerRawMsgTypeExt::parse_response_msg_type].
fn response_msg_type_from_prefix(self) -> anyhow::Result<ResponseMsgType> {
self.msg_type_maker()
.from_prefix()?
.parse_response_msg_type()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_ref_maker],
/// [RefMaker::from_suffix], and
/// [RefMakerRawMsgTypeExt::parse_response_msg_type].
fn response_msg_type_from_suffix(self) -> anyhow::Result<ResponseMsgType> {
self.msg_type_maker()
.from_suffix()?
.parse_response_msg_type()
}
/// Shorthand for the use of [RequestRef::parse] in chaining.
fn parse_request(self) -> anyhow::Result<RequestRef<Self>> {
RequestRef::parse(self)
}
/// Shorthand for the use of [RequestRef::parse_from_prefix] in chaining.
fn parse_request_from_prefix(self) -> anyhow::Result<RequestRef<Self>> {
RequestRef::parse_from_prefix(self)
}
/// Shorthand for the use of [RequestRef::parse_from_suffix] in chaining.
fn parse_request_from_suffix(self) -> anyhow::Result<RequestRef<Self>> {
RequestRef::parse_from_suffix(self)
}
/// Shorthand for the use of [ResponseRef::parse] in chaining.
fn parse_response(self) -> anyhow::Result<ResponseRef<Self>> {
ResponseRef::parse(self)
}
/// Shorthand for the use of [ResponseRef::parse_from_prefix] in chaining.
fn parse_response_from_prefix(self) -> anyhow::Result<ResponseRef<Self>> {
ResponseRef::parse_from_prefix(self)
}
/// Shorthand for the use of [ResponseRef::parse_from_suffix] in chaining.
fn parse_response_from_suffix(self) -> anyhow::Result<ResponseRef<Self>> {
ResponseRef::parse_from_suffix(self)
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_ref_maker].
fn ping_request_maker(self) -> RefMaker<Self, PingRequest> {
self.zk_ref_maker()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_ref_maker].
fn ping_request(self) -> anyhow::Result<Ref<Self, PingRequest>> {
self.zk_parse()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse_prefix].
fn ping_request_from_prefix(self) -> anyhow::Result<Ref<Self, PingRequest>> {
self.zk_parse_prefix()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse_suffix].
fn ping_request_from_suffix(self) -> anyhow::Result<Ref<Self, PingRequest>> {
self.zk_parse_suffix()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_ref_maker].
fn ping_response_maker(self) -> RefMaker<Self, PingResponse> {
self.zk_ref_maker()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse].
fn ping_response(self) -> anyhow::Result<Ref<Self, PingResponse>> {
self.zk_parse()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse_prefix].
fn ping_response_from_prefix(self) -> anyhow::Result<Ref<Self, PingResponse>> {
self.zk_parse_prefix()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse_suffix].
fn ping_response_from_suffix(self) -> anyhow::Result<Ref<Self, PingResponse>> {
self.zk_parse_suffix()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse].
fn supply_keypair_request(self) -> anyhow::Result<Ref<Self, SupplyKeypairRequest>> {
self.zk_parse()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse_prefix].
fn supply_keypair_request_from_prefix(self) -> anyhow::Result<Ref<Self, SupplyKeypairRequest>> {
self.zk_parse_prefix()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse_suffix].
fn supply_keypair_request_from_suffix(self) -> anyhow::Result<Ref<Self, SupplyKeypairRequest>> {
self.zk_parse_suffix()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_ref_maker].
fn supply_keypair_response_maker(self) -> RefMaker<Self, SupplyKeypairResponse> {
self.zk_ref_maker()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse].
fn supply_keypair_response(self) -> anyhow::Result<Ref<Self, SupplyKeypairResponse>> {
self.zk_parse()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse_prefix].
fn supply_keypair_response_from_prefix(
self,
) -> anyhow::Result<Ref<Self, SupplyKeypairResponse>> {
self.zk_parse_prefix()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse_suffix].
fn supply_keypair_response_from_suffix(
self,
) -> anyhow::Result<Ref<Self, SupplyKeypairResponse>> {
self.zk_parse_suffix()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse].
fn add_listen_socket_request(self) -> anyhow::Result<Ref<Self, super::AddListenSocketRequest>> {
self.zk_parse()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse_prefix].
fn add_listen_socket_request_from_prefix(
self,
) -> anyhow::Result<Ref<Self, super::AddListenSocketRequest>> {
self.zk_parse_prefix()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse_suffix].
fn add_listen_socket_request_from_suffix(
self,
) -> anyhow::Result<Ref<Self, super::AddListenSocketRequest>> {
self.zk_parse_suffix()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_ref_maker].
fn add_listen_socket_response_maker(self) -> RefMaker<Self, super::AddListenSocketResponse> {
self.zk_ref_maker()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse].
fn add_listen_socket_response(
self,
) -> anyhow::Result<Ref<Self, super::AddListenSocketResponse>> {
self.zk_parse()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse_prefix].
fn add_listen_socket_response_from_prefix(
self,
) -> anyhow::Result<Ref<Self, super::AddListenSocketResponse>> {
self.zk_parse_prefix()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse_suffix].
fn add_listen_socket_response_from_suffix(
self,
) -> anyhow::Result<Ref<Self, super::AddListenSocketResponse>> {
self.zk_parse_suffix()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse].
fn add_psk_broker_request(self) -> anyhow::Result<Ref<Self, super::AddPskBrokerRequest>> {
self.zk_parse()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse_prefix].
fn add_psk_broker_request_from_prefix(
self,
) -> anyhow::Result<Ref<Self, super::AddPskBrokerRequest>> {
self.zk_parse_prefix()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse_suffix].
fn add_psk_broker_request_from_suffix(
self,
) -> anyhow::Result<Ref<Self, super::AddPskBrokerRequest>> {
self.zk_parse_suffix()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_ref_maker].
fn add_psk_broker_response_maker(self) -> RefMaker<Self, super::AddPskBrokerResponse> {
self.zk_ref_maker()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse].
fn add_psk_broker_response(self) -> anyhow::Result<Ref<Self, super::AddPskBrokerResponse>> {
self.zk_parse()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse_prefix].
fn add_psk_broker_response_from_prefix(
self,
) -> anyhow::Result<Ref<Self, super::AddPskBrokerResponse>> {
self.zk_parse_prefix()
}
/// Shorthand for the typed use of [ZerocopySliceExt::zk_parse_suffix].
fn add_psk_broker_response_from_suffix(
self,
) -> anyhow::Result<Ref<Self, super::AddPskBrokerResponse>> {

46
rosenpass/src/api/boilerplate/message_trait.rs
View File

@@ -4,41 +4,16 @@ use rosenpass_util::zerocopy::RefMaker;
use super::RawMsgType;
/// Trait implemented by all the Rosenpass API message types.
///
/// Implemented by the message as including the message envelope; e.g.
/// [crate::api::PingRequest] but not by [crate::api::PingRequestPayload].
pub trait Message {
/// The payload this API message contains. E.g. this is [crate::api::PingRequestPayload] for [[crate::api::PingRequest].
type Payload;
/// Either [crate::api::RequestMsgType] or [crate::api::ResponseMsgType]
type MessageClass: Into<RawMsgType>;
/// The specific message type in the [Self::MessageClass].
/// E.g. this is [crate::api::RequestMsgType::Ping] for [crate::api::PingRequest]
const MESSAGE_TYPE: Self::MessageClass;
/// Wraps the payload into the envelope
///
/// # Examples
///
/// See [crate::api::PingRequest::from_payload]
fn from_payload(payload: Self::Payload) -> Self;
/// Initialize the message;
/// just sets the message type [crate::api::Envelope::msg_type].
///
/// # Examples
///
/// See [crate::api::PingRequest::init]
fn init(&mut self);
/// Initialize the message from a raw buffer: Zeroize the buffer and then call [Self::init].
///
/// # Examples
///
/// See [crate::api::PingRequest::setup]
fn setup<B: ByteSliceMut>(buf: B) -> anyhow::Result<Ref<B, Self>>;
}
/// Additional convenience functions for working with [rosenpass_util::zerocopy::RefMaker]
pub trait ZerocopyResponseMakerSetupMessageExt<B, T> {
fn setup_msg(self) -> anyhow::Result<Ref<B, T>>;
}
@@ -48,27 +23,6 @@ where
B: ByteSliceMut,
T: Message,
{
/// Initialize the message using [Message::setup].
///
/// # Examples
///
/// ```
/// use rosenpass::api::{
/// PingRequest, ZerocopyResponseMakerSetupMessageExt, PING_REQUEST,
/// };
/// use rosenpass_util::zerocopy::RefMaker;
/// use std::mem::size_of;
///
/// let mut buf = [0u8; { size_of::<PingRequest>() }];
///
/// let rm = RefMaker::<&mut [u8], PingRequest>::new(&mut buf);
/// let msg: zerocopy::Ref<_, PingRequest> = rm.setup_msg()?;
///
/// let t = msg.msg_type; // Deal with unaligned read
/// assert_eq!(t, PING_REQUEST);
///
/// Ok::<(), anyhow::Error>(())
/// ```
fn setup_msg(self) -> anyhow::Result<Ref<B, T>> {
T::setup(self.into_buf())
}

18
rosenpass/src/api/boilerplate/message_type.rs
View File

@@ -35,15 +35,10 @@ const ADD_PSK_BROKER_REQUEST: RawMsgType =
const ADD_PSK_BROKER_RESPONSE: RawMsgType =
RawMsgType::from_le_bytes(hex!("bd25 e418 ffb0 6930 248b 217e 2fae e353"));
/// Message properties global to the message type
pub trait MessageAttributes {
/// Get the size of the message
///
/// # Exampleds
fn message_size(&self) -> usize;
}
/// API request message types as an enum
#[derive(Hash, PartialEq, Eq, PartialOrd, Ord, Debug, Clone, Copy)]
pub enum RequestMsgType {
Ping,
@@ -52,7 +47,6 @@ pub enum RequestMsgType {
AddPskBroker,
}
/// API response messages types as an enum
#[derive(Hash, PartialEq, Eq, PartialOrd, Ord, Debug, Clone, Copy)]
pub enum ResponseMsgType {
Ping,
@@ -137,17 +131,8 @@ impl From<ResponseMsgType> for RawMsgType {
}
}
/// Extension trait for [RawMsgType].
///
/// We are using an extension trait rather than just using methods
/// because [RawMsgType] is a type alias, so we can not define methods
/// on it.
pub trait RawMsgTypeExt {
/// Try to convert this to a [RequestMsgType]; alias for the appropriate [TryFrom]
/// implementation
fn into_request_msg_type(self) -> Result<RequestMsgType, RosenpassError>;
/// Try to convert this to a [ResponseMsgType]; alias for the appropriate [TryFrom]
/// implementation
fn into_response_msg_type(self) -> Result<ResponseMsgType, RosenpassError>;
}
@@ -161,11 +146,8 @@ impl RawMsgTypeExt for RawMsgType {
}
}
/// Extension trait for [rosenpass_util::zerocopy::RefMaker].
pub trait RefMakerRawMsgTypeExt {
/// Parse a request message type from bytes
fn parse_request_msg_type(self) -> anyhow::Result<RequestMsgType>;
/// Parse a response message type from bytes
fn parse_response_msg_type(self) -> anyhow::Result<ResponseMsgType>;
}

4
rosenpass/src/api/boilerplate/mod.rs
View File

@@ -1,7 +1,3 @@
//! Boring, repetitive code related to message parsing for the API.
//!
//! Most of this should be automatically generated though some derive macro at some point.
mod byte_slice_ext;
mod message_trait;
mod message_type;

49
rosenpass/src/api/boilerplate/payload.rs
View File

@@ -3,14 +3,11 @@ use zerocopy::{AsBytes, ByteSliceMut, FromBytes, FromZeroes, Ref};
use super::{Message, RawMsgType, RequestMsgType, ResponseMsgType};
/// Size required to fit any request message in binary form
/// Size required to fit any message in binary form
pub const MAX_REQUEST_LEN: usize = 2500; // TODO fix this
/// Size required to fit any response message in binary form
pub const MAX_RESPONSE_LEN: usize = 2500; // TODO fix this
/// Maximum number of file descriptors that can be sent in a request.
pub const MAX_REQUEST_FDS: usize = 2;
/// Message envelope for API messages
#[repr(packed)]
#[derive(Debug, Copy, Clone, Hash, AsBytes, FromBytes, FromZeroes, PartialEq, Eq)]
pub struct Envelope<M: AsBytes + FromBytes> {
@@ -20,12 +17,9 @@ pub struct Envelope<M: AsBytes + FromBytes> {
pub payload: M,
}
/// Message envelope for API requests
pub type RequestEnvelope<M> = Envelope<M>;
/// Message envelope for API responses
pub type ResponseEnvelope<M> = Envelope<M>;
#[allow(missing_docs)]
#[repr(packed)]
#[derive(Debug, Copy, Clone, Hash, AsBytes, FromBytes, FromZeroes, PartialEq, Eq)]
pub struct PingRequestPayload {
@@ -33,11 +27,9 @@ pub struct PingRequestPayload {
pub echo: [u8; 256],
}
#[allow(missing_docs)]
pub type PingRequest = RequestEnvelope<PingRequestPayload>;
impl PingRequest {
#[allow(missing_docs)]
pub fn new(echo: [u8; 256]) -> Self {
Self::from_payload(PingRequestPayload { echo })
}
@@ -66,7 +58,6 @@ impl Message for PingRequest {
}
}
#[allow(missing_docs)]
#[repr(packed)]
#[derive(Debug, Copy, Clone, Hash, AsBytes, FromBytes, FromZeroes, PartialEq, Eq)]
pub struct PingResponsePayload {
@@ -74,11 +65,9 @@ pub struct PingResponsePayload {
pub echo: [u8; 256],
}
#[allow(missing_docs)]
pub type PingResponse = ResponseEnvelope<PingResponsePayload>;
impl PingResponse {
#[allow(missing_docs)]
pub fn new(echo: [u8; 256]) -> Self {
Self::from_payload(PingResponsePayload { echo })
}
@@ -107,12 +96,10 @@ impl Message for PingResponse {
}
}
#[allow(missing_docs)]
#[repr(packed)]
#[derive(Debug, Copy, Clone, Hash, AsBytes, FromBytes, FromZeroes, PartialEq, Eq)]
pub struct SupplyKeypairRequestPayload {}
#[allow(missing_docs)]
pub type SupplyKeypairRequest = RequestEnvelope<SupplyKeypairRequestPayload>;
impl Default for SupplyKeypairRequest {
@@ -122,7 +109,6 @@ impl Default for SupplyKeypairRequest {
}
impl SupplyKeypairRequest {
#[allow(missing_docs)]
pub fn new() -> Self {
Self::from_payload(SupplyKeypairRequestPayload {})
}
@@ -151,35 +137,25 @@ impl Message for SupplyKeypairRequest {
}
}
#[allow(missing_docs)]
pub mod supply_keypair_response_status {
#[allow(missing_docs)]
pub const OK: u128 = 0;
#[allow(missing_docs)]
pub const KEYPAIR_ALREADY_SUPPLIED: u128 = 1;
/// TODO: This is not actually part of the API. Remove.
#[allow(missing_docs)]
// TODO: This is not actually part of the API. Remove.
pub const INTERNAL_ERROR: u128 = 2;
#[allow(missing_docs)]
pub const INVALID_REQUEST: u128 = 3;
/// TODO: Deprectaed, remove
#[allow(missing_docs)]
pub const IO_ERROR: u128 = 4;
}
#[allow(missing_docs)]
#[repr(packed)]
#[derive(Debug, Copy, Clone, Hash, AsBytes, FromBytes, FromZeroes, PartialEq, Eq)]
pub struct SupplyKeypairResponsePayload {
#[allow(missing_docs)]
pub status: u128,
}
#[allow(missing_docs)]
pub type SupplyKeypairResponse = ResponseEnvelope<SupplyKeypairResponsePayload>;
impl SupplyKeypairResponse {
#[allow(missing_docs)]
pub fn new(status: u128) -> Self {
Self::from_payload(SupplyKeypairResponsePayload { status })
}
@@ -208,12 +184,10 @@ impl Message for SupplyKeypairResponse {
}
}
#[allow(missing_docs)]
#[repr(packed)]
#[derive(Debug, Copy, Clone, Hash, AsBytes, FromBytes, FromZeroes, PartialEq, Eq)]
pub struct AddListenSocketRequestPayload {}
#[allow(missing_docs)]
pub type AddListenSocketRequest = RequestEnvelope<AddListenSocketRequestPayload>;
impl Default for AddListenSocketRequest {
@@ -223,7 +197,6 @@ impl Default for AddListenSocketRequest {
}
impl AddListenSocketRequest {
#[allow(missing_docs)]
pub fn new() -> Self {
Self::from_payload(AddListenSocketRequestPayload {})
}
@@ -252,28 +225,21 @@ impl Message for AddListenSocketRequest {
}
}
#[allow(missing_docs)]
pub mod add_listen_socket_response_status {
#[allow(missing_docs)]
pub const OK: u128 = 0;
#[allow(missing_docs)]
pub const INVALID_REQUEST: u128 = 1;
#[allow(missing_docs)]
pub const INTERNAL_ERROR: u128 = 2;
}
#[allow(missing_docs)]
#[repr(packed)]
#[derive(Debug, Copy, Clone, Hash, AsBytes, FromBytes, FromZeroes, PartialEq, Eq)]
pub struct AddListenSocketResponsePayload {
pub status: u128,
}
#[allow(missing_docs)]
pub type AddListenSocketResponse = ResponseEnvelope<AddListenSocketResponsePayload>;
impl AddListenSocketResponse {
#[allow(missing_docs)]
pub fn new(status: u128) -> Self {
Self::from_payload(AddListenSocketResponsePayload { status })
}
@@ -302,23 +268,19 @@ impl Message for AddListenSocketResponse {
}
}
#[allow(missing_docs)]
#[repr(packed)]
#[derive(Debug, Copy, Clone, Hash, AsBytes, FromBytes, FromZeroes, PartialEq, Eq)]
pub struct AddPskBrokerRequestPayload {}
#[allow(missing_docs)]
pub type AddPskBrokerRequest = RequestEnvelope<AddPskBrokerRequestPayload>;
impl Default for AddPskBrokerRequest {
#[allow(missing_docs)]
fn default() -> Self {
Self::new()
}
}
impl AddPskBrokerRequest {
#[allow(missing_docs)]
pub fn new() -> Self {
Self::from_payload(AddPskBrokerRequestPayload {})
}
@@ -347,28 +309,21 @@ impl Message for AddPskBrokerRequest {
}
}
#[allow(missing_docs)]
pub mod add_psk_broker_response_status {
#[allow(missing_docs)]
pub const OK: u128 = 0;
#[allow(missing_docs)]
pub const INVALID_REQUEST: u128 = 1;
#[allow(missing_docs)]
pub const INTERNAL_ERROR: u128 = 2;
}
#[allow(missing_docs)]
#[repr(packed)]
#[derive(Debug, Copy, Clone, Hash, AsBytes, FromBytes, FromZeroes, PartialEq, Eq)]
pub struct AddPskBrokerResponsePayload {
pub status: u128,
}
#[allow(missing_docs)]
pub type AddPskBrokerResponse = ResponseEnvelope<AddPskBrokerResponsePayload>;
impl AddPskBrokerResponse {
#[allow(missing_docs)]
pub fn new(status: u128) -> Self {
Self::from_payload(AddPskBrokerResponsePayload { status })
}

46
rosenpass/src/api/boilerplate/request_ref.rs
View File

@@ -4,63 +4,24 @@ use zerocopy::{ByteSlice, ByteSliceMut, Ref};
use super::{ByteSliceRefExt, MessageAttributes, PingRequest, RequestMsgType};
/// Helper for producing API message request references, [RequestRef].
///
/// This is to [RequestRef] as [rosenpass_util::zerocopy::RefMaker] is to
/// [zerocopy::Ref].
struct RequestRefMaker<B> {
buf: B,
msg_type: RequestMsgType,
}
impl<B: ByteSlice> RequestRef<B> {
/// Produce a [RequestRef] from a raw message buffer,
/// reading the type from the buffer
///
/// # Examples
///
/// ```
/// use zerocopy::AsBytes;
///
/// use rosenpass::api::{PingRequest, RequestRef, RequestMsgType};
///
/// let msg = PingRequest::new([0u8; 256]);
///
/// // TODO: HEISENBUG: This is necessary for some reason to make the rest of the example work
/// let typ = msg.msg_type;
/// assert_eq!(typ, rosenpass::api::PING_REQUEST);
///
/// let buf = msg.as_bytes();
/// let msg_ref = RequestRef::parse(buf)?;
/// assert!(matches!(msg_ref, RequestRef::Ping(_)));
///
/// assert_eq!(msg_ref.message_type(), RequestMsgType::Ping);
///
/// assert!(std::ptr::eq(buf, msg_ref.bytes()));
///
/// Ok::<(), anyhow::Error>(())
/// ```
pub fn parse(buf: B) -> anyhow::Result<Self> {
RequestRefMaker::new(buf)?.parse()
}
/// Produce a [ResponseRef] from the prefix of a raw message buffer,
/// reading the type from the buffer.
pub fn parse_from_prefix(buf: B) -> anyhow::Result<Self> {
RequestRefMaker::new(buf)?.from_prefix()?.parse()
}
/// Produce a [ResponseRef] from the prefix of a raw message buffer,
/// reading the type from the buffer.
pub fn parse_from_suffix(buf: B) -> anyhow::Result<Self> {
RequestRefMaker::new(buf)?.from_suffix()?.parse()
}
/// Get the message type [Self] contains
///
/// # Examples
///
/// See [Self::parse]
pub fn message_type(&self) -> RequestMsgType {
match self {
Self::Ping(_) => RequestMsgType::Ping,
@@ -149,7 +110,6 @@ impl<B: ByteSlice> RequestRefMaker<B> {
}
}
/// Reference to a API message response, typed as an enum.
pub enum RequestRef<B> {
Ping(Ref<B, PingRequest>),
SupplyKeypair(Ref<B, super::SupplyKeypairRequest>),
@@ -161,11 +121,6 @@ impl<B> RequestRef<B>
where
B: ByteSlice,
{
/// Access the byte data of this reference
///
/// # Examples
///
/// See [Self::parse].
pub fn bytes(&self) -> &[u8] {
match self {
Self::Ping(r) => r.bytes(),
@@ -180,7 +135,6 @@ impl<B> RequestRef<B>
where
B: ByteSliceMut,
{
/// Access the byte data of this reference; mutably
pub fn bytes_mut(&mut self) -> &[u8] {
match self {
Self::Ping(r) => r.bytes_mut(),

18
rosenpass/src/api/boilerplate/request_response.rs
View File

@@ -6,29 +6,23 @@ use zerocopy::{ByteSlice, ByteSliceMut, Ref};
use super::{Message, PingRequest, PingResponse};
use super::{RequestRef, ResponseRef, ZerocopyResponseMakerSetupMessageExt};
/// Extension trait for [Message]s that are requests messages
pub trait RequestMsg: Sized + Message {
/// The response message belonging to this request message
type ResponseMsg: ResponseMsg;
/// Construct a response make for this particular message
fn zk_response_maker<B: ByteSlice>(buf: B) -> RefMaker<B, Self::ResponseMsg> {
buf.zk_ref_maker()
}
/// Setup a response maker (through [Message::setup]) for this request message type
fn setup_response<B: ByteSliceMut>(buf: B) -> anyhow::Result<Ref<B, Self::ResponseMsg>> {
Self::zk_response_maker(buf).setup_msg()
}
/// Setup a response maker from a buffer prefix (through [Message::setup]) for this request message type
fn setup_response_from_prefix<B: ByteSliceMut>(
buf: B,
) -> anyhow::Result<Ref<B, Self::ResponseMsg>> {
Self::zk_response_maker(buf).from_prefix()?.setup_msg()
}
/// Setup a response maker from a buffer suffix (through [Message::setup]) for this request message type
fn setup_response_from_suffix<B: ByteSliceMut>(
buf: B,
) -> anyhow::Result<Ref<B, Self::ResponseMsg>> {
@@ -36,7 +30,6 @@ pub trait RequestMsg: Sized + Message {
}
}
/// Extension trait for [Message]s that are response messages
pub trait ResponseMsg: Message {
type RequestMsg: RequestMsg;
}
@@ -73,25 +66,20 @@ impl ResponseMsg for super::AddPskBrokerResponse {
type RequestMsg = super::AddPskBrokerRequest;
}
/// Request and response for the [crate::api::RequestMsgType::Ping] message type
pub type PingPair<B1, B2> = (Ref<B1, PingRequest>, Ref<B2, PingResponse>);
/// Request and response for the [crate::api::RequestMsgType::SupplyKeypair] message type
pub type SupplyKeypairPair<B1, B2> = (
Ref<B1, super::SupplyKeypairRequest>,
Ref<B2, super::SupplyKeypairResponse>,
);
/// Request and response for the [crate::api::RequestMsgType::AddListenSocket] message type
pub type AddListenSocketPair<B1, B2> = (
Ref<B1, super::AddListenSocketRequest>,
Ref<B2, super::AddListenSocketResponse>,
);
/// Request and response for the [crate::api::RequestMsgType::AddPskBroker] message type
pub type AddPskBrokerPair<B1, B2> = (
Ref<B1, super::AddPskBrokerRequest>,
Ref<B2, super::AddPskBrokerResponse>,
);
/// A pair of references to messages; request and response each.
pub enum RequestResponsePair<B1, B2> {
Ping(PingPair<B1, B2>),
SupplyKeypair(SupplyKeypairPair<B1, B2>),
@@ -128,7 +116,6 @@ where
B1: ByteSlice,
B2: ByteSlice,
{
/// Returns a tuple to both the request and the response message
pub fn both(&self) -> (RequestRef<&[u8]>, ResponseRef<&[u8]>) {
match self {
Self::Ping((req, res)) => {
@@ -154,12 +141,10 @@ where
}
}
/// Returns the request message
pub fn request(&self) -> RequestRef<&[u8]> {
self.both().0
}
/// Returns the response message
pub fn response(&self) -> ResponseRef<&[u8]> {
self.both().1
}
@@ -170,7 +155,6 @@ where
B1: ByteSliceMut,
B2: ByteSliceMut,
{
/// Returns a mutable tuple to both the request and the response message
pub fn both_mut(&mut self) -> (RequestRef<&mut [u8]>, ResponseRef<&mut [u8]>) {
match self {
Self::Ping((req, res)) => {
@@ -196,12 +180,10 @@ where
}
}
/// Returns the request message, mutably
pub fn request_mut(&mut self) -> RequestRef<&mut [u8]> {
self.both_mut().0
}
/// Returns the response message, mutably
pub fn response_mut(&mut self) -> ResponseRef<&mut [u8]> {
self.both_mut().1
}

49
rosenpass/src/api/boilerplate/response_ref.rs
View File

@@ -5,66 +5,24 @@ use zerocopy::{ByteSlice, ByteSliceMut, Ref};
use super::{ByteSliceRefExt, MessageAttributes, PingResponse, ResponseMsgType};
/// Helper for producing API message response references, [ResponseRef].
///
/// This is to [ResponseRef] as [rosenpass_util::zerocopy::RefMaker] is to
/// [zerocopy::Ref].
struct ResponseRefMaker<B> {
/// Buffer we are referencing
buf: B,
/// Message type we are producing
msg_type: ResponseMsgType,
}
impl<B: ByteSlice> ResponseRef<B> {
/// Produce a [ResponseRef] from a raw message buffer,
/// reading the type from the buffer
///
/// # Examples
///
/// ```
/// use zerocopy::AsBytes;
///
/// use rosenpass::api::{PingResponse, ResponseRef, ResponseMsgType};
/// // Produce the original PingResponse
/// let msg = PingResponse::new([0u8; 256]);
///
/// // TODO: HEISENBUG: This is necessary for some reason to make the rest of the example work
/// let typ = msg.msg_type;
/// assert_eq!(typ, rosenpass::api::PING_RESPONSE);
///
/// // Parse as a message type
/// let buf = msg.as_bytes();
/// let msg_ref = ResponseRef::parse(buf)?;
/// assert!(matches!(msg_ref, ResponseRef::Ping(_)));
///
/// // Buffers and message types of course match what we expect
/// assert_eq!(msg_ref.message_type(), ResponseMsgType::Ping);
/// assert!(std::ptr::eq(buf, msg_ref.bytes()));
///
/// Ok::<(), anyhow::Error>(())
/// ```
pub fn parse(buf: B) -> anyhow::Result<Self> {
ResponseRefMaker::new(buf)?.parse()
}
/// Produce a [ResponseRef] from the prefix of a raw message buffer,
/// reading the type from the buffer.
pub fn parse_from_prefix(buf: B) -> anyhow::Result<Self> {
ResponseRefMaker::new(buf)?.from_prefix()?.parse()
}
/// Produce a [ResponseRef] from the prefix of a raw message buffer,
/// reading the type from the buffer.
pub fn parse_from_suffix(buf: B) -> anyhow::Result<Self> {
ResponseRefMaker::new(buf)?.from_suffix()?.parse()
}
/// Get the message type [Self] contains
///
/// # Examples
///
/// See [Self::parse]
pub fn message_type(&self) -> ResponseMsgType {
match self {
Self::Ping(_) => ResponseMsgType::Ping,
@@ -153,7 +111,6 @@ impl<B: ByteSlice> ResponseRefMaker<B> {
}
}
/// Reference to a API message response, typed.
pub enum ResponseRef<B> {
Ping(Ref<B, PingResponse>),
SupplyKeypair(Ref<B, super::SupplyKeypairResponse>),
@@ -165,11 +122,6 @@ impl<B> ResponseRef<B>
where
B: ByteSlice,
{
/// Access the byte data of this reference
///
/// # Examples
///
/// See [Self::parse].
pub fn bytes(&self) -> &[u8] {
match self {
Self::Ping(r) => r.bytes(),
@@ -184,7 +136,6 @@ impl<B> ResponseRef<B>
where
B: ByteSliceMut,
{
/// Access the byte data of this reference; mutably
pub fn bytes_mut(&mut self) -> &[u8] {
match self {
Self::Ping(r) => r.bytes_mut(),

60
rosenpass/src/api/boilerplate/server.rs
View File

@@ -2,21 +2,10 @@ use super::{ByteSliceRefExt, Message, PingRequest, PingResponse, RequestRef, Req
use std::{collections::VecDeque, os::fd::OwnedFd};
use zerocopy::{ByteSlice, ByteSliceMut};
/// The rosenpass API implementation functions.
///
/// Implemented by [crate::api::ApiHandler].
///
/// # Examples
///
/// See the example of how to use the API in [crate::api].
pub trait Server {
/// This implements the handler for the [crate::api::RequestMsgType::Ping] API message
///
/// It merely takes a buffer and returns that same buffer.
///
/// # Examples
///
/// See the example of how to use the API in [crate::api].
fn ping(
&mut self,
req: &PingRequest,
@@ -65,10 +54,6 @@ pub trait Server {
/// The file descriptors for the keys need not be backed by a file on disk. You can supply a
/// [memfd](https://man.archlinux.org/man/memfd.2.en) or [memfd_secret](https://man.archlinux.org/man/memfd_secret.2.en)
/// backed file descriptor if the server keys are not backed by a file system file.
///
/// # Examples
///
/// See the example of how to use the API in [crate::api].
fn supply_keypair(
&mut self,
req: &super::SupplyKeypairRequest,
@@ -95,13 +80,8 @@ pub trait Server {
///
/// # Description
///
/// This endpoint allows you to supply a UDP listen socket; it will be used to perform key
/// key exchanges using the Rosenpass protocol.
/// This endpoint allows you to supply a UDP listen socket; it will be used to perform
/// cryptographic key exchanges via the Rosenpass protocol.
///
/// # Examples
///
/// See the example of how to use the API in [crate::api].
fn add_listen_socket(
&mut self,
req: &super::AddListenSocketRequest,
@@ -109,31 +89,6 @@ pub trait Server {
res: &mut super::AddListenSocketResponse,
) -> anyhow::Result<()>;
/// Supply a new PSK broker listen socket through file descriptor passing via the API
///
/// This implements the handler for the [crate::api::RequestMsgType::AddPskBroker] API message.
///
/// # File descriptors
///
/// 1. The listen socket; must be backed by a unix domain stream socket
///
/// # API Return Status
///
/// 1. [crate::api::add_psk_broker_response_status::OK] - Indicates success
/// 2. [crate::api::add_psk_broker_response_status::INVALID_REQUEST] Malformed request; could be:
/// - Missing file descriptors for public key
/// - Invalid file descriptor type
/// 3. [crate::api::add_psk_broker_response_status::INTERNAL_ERROR] Some other, non-fatal error
/// occured. Check the logs on log
///
/// # Description
///
/// This endpoint allows you to supply a UDP listen socket; it will be used to transmit
/// cryptographic keys exchanged to WireGuard.
///
/// # Examples
///
/// See the example of how to use the API in [crate::api].
fn add_psk_broker(
&mut self,
req: &super::AddPskBrokerRequest,
@@ -141,11 +96,6 @@ pub trait Server {
res: &mut super::AddPskBrokerResponse,
) -> anyhow::Result<()>;
/// Similar to [Self::handle_message], but takes a [RequestResponsePair]
/// instead of taking to separate byte buffers.
///
/// I.e. this function uses the explicit type tag encoded in [RequestResponsePair]
/// rather than reading the type tag from the request buffer.
fn dispatch<ReqBuf, ResBuf>(
&mut self,
p: &mut RequestResponsePair<ReqBuf, ResBuf>,
@@ -167,14 +117,6 @@ pub trait Server {
}
}
/// Called by [crate::api::mio::MioConnection] when a new API request was received.
///
/// The parameters are:
///
/// - `req` A buffer containing the request
/// - `res_fds` A list of file descriptors received during the API call (i.e. this is used
/// with unix socket file descriptor passing)
/// - `res` The buffer to store the response in.
fn handle_message<ReqBuf, ResBuf>(
&mut self,
req: ReqBuf,

5
rosenpass/src/api/cli.rs
View File

@@ -6,7 +6,6 @@ use crate::config::Rosenpass as RosenpassConfig;
use super::config::ApiConfig;
/// Additional command line arguments for the API
#[cfg(feature = "experiment_api")]
#[derive(Args, Debug)]
pub struct ApiCli {
@@ -28,14 +27,10 @@ pub struct ApiCli {
}
impl ApiCli {
/// Copy the parameters set here into the [RosenpassConfig].
/// Forwards to [Self::apply_to_api_config]:
pub fn apply_to_config(&self, cfg: &mut RosenpassConfig) -> anyhow::Result<()> {
self.apply_to_api_config(&mut cfg.api)
}
/// Fills the values from [ApiConfig::listen_path], [ApiConfig::listen_fd], and
/// [ApiConfig::stream_fd] with the values from [Self]
pub fn apply_to_api_config(&self, cfg: &mut ApiConfig) -> anyhow::Result<()> {
cfg.listen_path.extend_from_slice(&self.api_listen_path);
cfg.listen_fd.extend_from_slice(&self.api_listen_fd);

9
rosenpass/src/api/config.rs
View File

@@ -6,8 +6,7 @@ use serde::{Deserialize, Serialize};
use crate::app_server::AppServer;
/// Configuration options for the Rosenpass API
#[derive(Debug, Serialize, Deserialize, Default, Clone, PartialEq, Eq)]
#[derive(Debug, Serialize, Deserialize, Default, Clone)]
pub struct ApiConfig {
/// Where in the file-system to create the unix socket the rosenpass API will be listening for
/// connections on
@@ -24,10 +23,6 @@ pub struct ApiConfig {
}
impl ApiConfig {
/// Construct appropriate [UnixListener]s for each of the API
/// listeners and connections configured in [Self] and invoke
/// [AppServer::add_api_listener] for each to add them to the
/// [AppServer].
pub fn apply_to_app_server(&self, srv: &mut AppServer) -> anyhow::Result<()> {
for path in self.listen_path.iter() {
srv.add_api_listener(UnixListener::bind(path)?)?;
@@ -44,12 +39,10 @@ impl ApiConfig {
Ok(())
}
/// Sum of all the API sources configured in here
pub fn count_api_sources(&self) -> usize {
self.listen_path.len() + self.listen_fd.len() + self.stream_fd.len()
}
/// Checks if [Self::count_api_sources] is greater than zero
pub fn has_api_sources(&self) -> bool {
self.count_api_sources() > 0
}

21
rosenpass/src/api/mio/connection.rs
View File

@@ -53,9 +53,6 @@ struct MioConnectionBuffers {
}
#[derive(Debug)]
/// Represents a single connection with an API client.
/// Includes the necessary buffers, the [ApiHandler],
/// and the [UnixStream] that is used for communication.
pub struct MioConnection {
io: UnixStream,
mio_token: mio::Token,
@@ -65,8 +62,6 @@ pub struct MioConnection {
}
impl MioConnection {
/// Construct a new [Self] for the given app server from the unix socket stream
/// to communicate on.
pub fn new(app_server: &mut AppServer, mut io: UnixStream) -> std::io::Result<Self> {
let mio_token = app_server.mio_token_dispenser.dispense();
app_server
@@ -93,8 +88,6 @@ impl MioConnection {
})
}
/// Checks if this unix stream should be closed by the enclosing
/// structure
pub fn should_close(&self) -> bool {
let exhausted = self
.buffers
@@ -104,30 +97,22 @@ impl MioConnection {
self.invalid_read && exhausted
}
/// Close and deregister this particular API connection
pub fn close(mut self, app_server: &mut AppServer) -> anyhow::Result<()> {
app_server.mio_poll.registry().deregister(&mut self.io)?;
Ok(())
}
/// Retrieve the mio token
pub fn mio_token(&self) -> mio::Token {
self.mio_token
}
}
/// We require references to both [MioConnection] and to the [AppServer] that contains it.
pub trait MioConnectionContext {
/// Reference to the [MioConnection] we are focusing on
fn mio_connection(&self) -> &MioConnection;
/// Reference to the [AppServer] that contains the [Self::mio_connection]
fn app_server(&self) -> &AppServer;
/// Mutable reference to the [MioConnection] we are focusing on
fn mio_connection_mut(&mut self) -> &mut MioConnection;
/// Mutable reference to the [AppServer] that contains the [Self::mio_connection]
fn app_server_mut(&mut self) -> &mut AppServer;
/// Called by [AppServer::poll] regularly to process any incoming (and outgoing) API messages
fn poll(&mut self) -> anyhow::Result<()> {
macro_rules! short {
($e:expr) => {
@@ -148,7 +133,6 @@ pub trait MioConnectionContext {
Ok(())
}
/// Called by [Self::poll] to process incoming messages
fn handle_incoming_message(&mut self) -> anyhow::Result<Option<()>> {
self.with_buffers_stolen(|this, bufs| {
// Acquire request & response. Caller is responsible to make sure
@@ -172,7 +156,6 @@ pub trait MioConnectionContext {
})
}
/// Called by [Self::poll] to write data in the send buffer to the unix stream
fn flush_write_buffer(&mut self) -> anyhow::Result<Option<()>> {
if self.write_buf_mut().exhausted() {
return Ok(Some(()));
@@ -211,7 +194,6 @@ pub trait MioConnectionContext {
}
}
/// Called by [Self::poll] to check for messages to receive
fn recv(&mut self) -> anyhow::Result<Option<()>> {
if !self.write_buf_mut().exhausted() || self.mio_connection().invalid_read {
return Ok(None);
@@ -275,12 +257,10 @@ pub trait MioConnectionContext {
}
}
/// Forwards to [MioConnection::mio_token]
fn mio_token(&self) -> mio::Token {
self.mio_connection().mio_token()
}
/// Forwards to [MioConnection::should_close]
fn should_close(&self) -> bool {
self.mio_connection().should_close()
}
@@ -319,7 +299,6 @@ trait MioConnectionContextPrivate: MioConnectionContext {
impl<T> MioConnectionContextPrivate for T where T: ?Sized + MioConnectionContext {}
/// Every [MioConnectionContext] is also a [ApiHandlerContext]
impl<T> ApiHandlerContext for T
where
T: ?Sized + MioConnectionContext,

25
rosenpass/src/api/mio/manager.rs
View File

@@ -10,59 +10,41 @@ use crate::app_server::{AppServer, AppServerIoSource};
use super::{MioConnection, MioConnectionContext};
/// This is in essence a unix listener for API connections.
///
/// It contains a number of [UnixListener]s and the associated [MioConnection]s encapsulating [mio::net::UnixListener]s.
#[derive(Default, Debug)]
pub struct MioManager {
listeners: Vec<UnixListener>,
connections: Vec<Option<MioConnection>>,
}
/// Points at a particular source of IO events inside [MioManager]
#[derive(Debug, PartialEq, Eq, Copy, Clone)]
pub enum MioManagerIoSource {
// Source of IO events is the Nth unix socket listener (see [MioManager::listeners])
Listener(usize),
// Source of IO events is the Nth unix socket listener (see [MioManager::connections])
Connection(usize),
}
impl MioManager {
/// Construct an empty [Self]
pub fn new() -> Self {
Self::default()
}
}
/// Focus in on a particular [MioConnection] inside a [MioManager]
///
/// This is mainly used to implement [MioConnectionContext].
struct MioConnectionFocus<'a, T: ?Sized + MioManagerContext> {
/// [MioConnectionContext] to access the [MioManager] instance and [AppServer]
ctx: &'a mut T,
/// Index of the connection referenced to by [Self]
conn_idx: usize,
}
impl<'a, T: ?Sized + MioManagerContext> MioConnectionFocus<'a, T> {
/// Produce a MioConnectionContext from the [MioConnectionContext] and the connection index
fn new(ctx: &'a mut T, conn_idx: usize) -> Self {
Self { ctx, conn_idx }
}
}
pub trait MioManagerContext {
/// Reference to the [MioManager]
fn mio_manager(&self) -> &MioManager;
/// Reference to the [MioManager], mutably
fn mio_manager_mut(&mut self) -> &mut MioManager;
/// Reference to the [AppServer] this [MioManager] is associated with
fn app_server(&self) -> &AppServer;
/// Mutable reference to the [AppServer] this [MioManager] is associated with
fn app_server_mut(&mut self) -> &mut AppServer;
/// Add a new [UnixListener] to listen for API connections on
fn add_listener(&mut self, mut listener: UnixListener) -> io::Result<()> {
let srv = self.app_server_mut();
let mio_token = srv.mio_token_dispenser.dispense();
@@ -82,7 +64,6 @@ pub trait MioManagerContext {
Ok(())
}
/// Add a new connection to an API client
fn add_connection(&mut self, connection: UnixStream) -> io::Result<()> {
let connection = MioConnection::new(self.app_server_mut(), connection)?;
let mio_token = connection.mio_token();
@@ -103,7 +84,6 @@ pub trait MioManagerContext {
Ok(())
}
/// Poll a particular [MioManagerIoSource] in this [MioManager]
fn poll_particular(&mut self, io_source: MioManagerIoSource) -> anyhow::Result<()> {
use MioManagerIoSource as S;
match io_source {
@@ -113,14 +93,12 @@ pub trait MioManagerContext {
Ok(())
}
/// Check for new connections and poll all the [MioConnectionContext]s managed by [Self]
fn poll(&mut self) -> anyhow::Result<()> {
self.accept_connections()?;
self.poll_connections()?;
Ok(())
}
/// Check all the [UnixListener]s managed by this [MioManager] for new connections
fn accept_connections(&mut self) -> io::Result<()> {
for idx in 0..self.mio_manager_mut().listeners.len() {
self.accept_from(idx)?;
@@ -128,7 +106,6 @@ pub trait MioManagerContext {
Ok(())
}
/// Check a particular [UnixListener] managed by this for new connections.
fn accept_from(&mut self, idx: usize) -> io::Result<()> {
// Accept connection until the socket would block or returns another error
// TODO: This currently only adds connections--we eventually need the ability to remove
@@ -145,7 +122,6 @@ pub trait MioManagerContext {
Ok(())
}
/// Call [MioConnectionContext::poll] on all the [MioConnection]s in This
fn poll_connections(&mut self) -> anyhow::Result<()> {
for idx in 0..self.mio_manager().connections.len() {
self.poll_particular_connection(idx)?;
@@ -153,7 +129,6 @@ pub trait MioManagerContext {
Ok(())
}
/// Call [MioConnectionContext::poll] on a particular connection
fn poll_particular_connection(&mut self, idx: usize) -> anyhow::Result<()> {
if self.mio_manager().connections[idx].is_none() {
return Ok(());

6
rosenpass/src/api/mod.rs
View File

@@ -1,10 +1,4 @@
//! The bulk code relating to the Rosenpass unix socket API
//!
//! # Examples
//!
#![doc = "```ignore"]
#![doc = include_str!("../../tests/api-integration-tests-api-setup.rs")]
#![doc = "```"]
mod api_handler;
mod boilerplate;

419
rosenpass/src/app_server.rs
View File

@@ -1,5 +1,3 @@
/// This contains the bulk of the rosenpass server IO handling code whereas
/// the actual cryptographic code lives in the [crate::protocol] module
use anyhow::bail;
use anyhow::Context;
@@ -42,7 +40,6 @@ use std::slice;
use std::time::Duration;
use std::time::Instant;
use crate::config::ProtocolVersion;
use crate::protocol::BuildCryptoServer;
use crate::protocol::HostIdentification;
use crate::{
@@ -52,78 +49,33 @@ use crate::{
use rosenpass_util::attempt;
use rosenpass_util::b64::B64Display;
/// The maximum size of a base64 encoded symmetric key (estimate)
pub const MAX_B64_KEY_SIZE: usize = 32 * 5 / 3;
/// The maximum size of a base64 peer ID (estimate)
pub const MAX_B64_PEER_ID_SIZE: usize = 32 * 5 / 3;
const MAX_B64_KEY_SIZE: usize = 32 * 5 / 3;
const MAX_B64_PEER_ID_SIZE: usize = 32 * 5 / 3;
/// The zero IPv4 address; this is generally used to tell network servers to choose any interface
/// when listening
const IPV4_ANY_ADDR: Ipv4Addr = Ipv4Addr::new(0, 0, 0, 0);
/// The zero IPv6 address; this is generally used to tell network servers to choose any interface
/// when listening
const IPV6_ANY_ADDR: Ipv6Addr = Ipv6Addr::new(0, 0, 0, 0, 0, 0, 0, 0);
/// Ratio of blocking epoll(7) polls to non-blocking polls at which the rosenpass server
/// assumes it is under load (i.e. a DOS attack may be happening)
const UNDER_LOAD_RATIO: f64 = 0.5;
/// Period at which the DOS detection code updates whether there is an "under load" status
const DURATION_UPDATE_UNDER_LOAD_STATUS: Duration = Duration::from_millis(500);
pub const BROKER_ID_BYTES: usize = 8;
const BROKER_ID_BYTES: usize = 8;
/// IPv4 address that tells the network layer to listen on any interface
///
/// # Examples
///
/// See [AppServer::new].
pub fn ipv4_any_binding() -> SocketAddr {
fn ipv4_any_binding() -> SocketAddr {
// addr, port
SocketAddr::V4(SocketAddrV4::new(IPV4_ANY_ADDR, 0))
}
/// IPv6 address that tells the network layer to listen on any interface
///
/// # Examples
///
/// See [AppServer::new].
pub fn ipv6_any_binding() -> SocketAddr {
fn ipv6_any_binding() -> SocketAddr {
// addr, port, flowinfo, scope_id
SocketAddr::V6(SocketAddrV6::new(IPV6_ANY_ADDR, 0, 0, 0))
}
/// This is used to assign indices to MIO (epoll) event sources
#[derive(Debug, Default)]
pub struct MioTokenDispenser {
pub counter: usize,
counter: usize,
}
impl MioTokenDispenser {
/// Produces a single IO event source ID
///
/// # Examples
///
/// Use is quite straightforward:
///
/// ```
/// use rosenpass::app_server::MioTokenDispenser;
/// use mio::Token;
///
/// let mut dispenser = MioTokenDispenser {
/// counter: 0
/// };
///
/// let t1 = dispenser.dispense();
/// let t2 = dispenser.dispense();
///
/// assert_ne!(t1, t2);
///
/// // If you inspected the output, you would find that the dispenser is really just a counter.
/// // Though this is an implementation detail
/// assert_eq!(t1, Token(0));
/// assert_eq!(t2, Token(1));
/// ```
///
pub fn dispense(&mut self) -> Token {
let r = self.counter;
self.counter += 1;
@@ -131,132 +83,42 @@ impl MioTokenDispenser {
}
}
/// List of WireGuard brokers
///
/// Each WireGuard peer ([AppPeer]) is assigned a broker ([AppPeer::broker_peer]).
///
/// When a new has been exchanged, then its associated broker is called to transmit the key
/// to WireGuard (or to do something else).
///
/// Brokers live in [AppServer::brokers]. They are added/removed from the AppServer via
/// [AppServer::register_broker] and [AppServer::unregister_broker]. PSKs are distributed
/// to their respective brokers via [AppPeerPtr::set_psk].
///
/// Note that the entire broker system is an experimental feature; it is not up to the
/// same quality standards as the rest of the code. In particular, the use of [BROKER_ID_BYTES]
/// and a hash map is simultaneously overengineered and not really that useful for what it is
/// doing.
#[derive(Debug, Default)]
pub struct BrokerStore {
/// The collection of WireGuard brokers. See [Self].
pub store: HashMap<
Public<BROKER_ID_BYTES>,
Box<dyn WireguardBrokerMio<Error = anyhow::Error, MioError = anyhow::Error>>,
>,
}
/// Reference to a broker imbued with utility methods
#[derive(Debug, Clone)]
pub struct BrokerStorePtr(pub Public<BROKER_ID_BYTES>);
/// This is the broker configuration for a particular broker peer
#[derive(Debug)]
pub struct BrokerPeer {
/// Reference to the broker used for this particular peer
ptr: BrokerStorePtr,
/// Configuration for a WireGuard broker.
///
/// This is woefully overengineered and there is very little reason why the broker
/// configuration should not live in the particular WireGuard broker.
peer_cfg: Box<dyn WireguardBrokerCfg>,
}
impl BrokerPeer {
/// Create a broker peer
pub fn new(ptr: BrokerStorePtr, peer_cfg: Box<dyn WireguardBrokerCfg>) -> Self {
Self { ptr, peer_cfg }
}
/// Retrieve the pointer to WireGuard PSK broker used with this peer
pub fn ptr(&self) -> &BrokerStorePtr {
&self.ptr
}
}
/// IO/BusinessLogic information for a particular protocol peer.
///
/// There is a one-to-one correspondence between this struct and [crate::protocol::Peer];
/// whereas the struct in the protocol module stores information specific to the cryptographic layer,
/// this struct stores information IO information.
#[derive(Default, Debug)]
pub struct AppPeer {
/// If set, then [AppServer::output_key] will write generated output keys
/// to a file configured here and produce information on standard out to
/// notify the calling process that
pub outfile: Option<PathBuf>,
/// If this option is set, then [AppServer::output_key] will send generated output
/// keys to the broker configured here
pub broker_peer: Option<BrokerPeer>,
/// This is the network address configured for a particular peer at program start.
///
/// I.e. this is the address the rosenpass program will send [crate::msgs::InitHello]
/// packets to, trying to exchange a key.
///
/// Note that the remote peer may connect with another address. See [Self::current_endpoint].
pub initial_endpoint: Option<Endpoint>,
/// The network address currently used for a particular peer.
///
/// This is not necessarily the address that was configured at program start (see [Self::initial_endpoint]),
/// because the remote peer can initiate handshakes from an arbitrary network address.
///
/// If another peer successfully connects to this one from any address, then this field will
/// be updated to reflect which address this was.
pub current_endpoint: Option<Endpoint>,
}
impl AppPeer {
/// Retrieve the [Endpoint] associated with this peer.
///
/// I.e. the [Self::current_endpoint] if set and [Self::initial_endpoint] otherwise.
///
/// # Examples
///
/// ```
/// use rosenpass::app_server::{Endpoint, AppPeer};
/// use rosenpass_util::functional::run;
///
/// let mut peer = AppPeer {
/// outfile: None,
/// broker_peer: None,
/// initial_endpoint: Some(Endpoint::discovery_from_hostname("0.0.0.0:0".to_string())?),
/// current_endpoint: Some(Endpoint::discovery_from_hostname("0.0.0.0:1".to_string())?),
/// };
///
/// fn same(a: Option<&Endpoint>, b: Option<&Endpoint>) -> bool {
/// if a.is_none() && b.is_none() {
/// return true;
/// }
///
/// run(|| Some(std::ptr::eq(a?, b?)) )
/// .unwrap_or(a.is_some() == b.is_some())
/// }
///
/// assert!(same(peer.endpoint(), peer.current_endpoint.as_ref()));
///
/// let mut tmp = None;
/// std::mem::swap(&mut tmp, &mut peer.initial_endpoint);
/// assert!(same(peer.endpoint(), peer.current_endpoint.as_ref()));
///
/// std::mem::swap(&mut tmp, &mut peer.initial_endpoint);
/// std::mem::swap(&mut tmp, &mut peer.current_endpoint);
/// assert!(same(peer.endpoint(), peer.initial_endpoint.as_ref()));
///
/// peer.initial_endpoint = None;
/// peer.current_endpoint = None;
/// assert!(peer.endpoint().is_none());
///
/// Ok::<(), anyhow::Error>(())
/// ```
pub fn endpoint(&self) -> Option<&Endpoint> {
self.current_endpoint
.as_ref()
@@ -264,8 +126,6 @@ impl AppPeer {
}
}
/// No longer in use since we have the broker system (see [BrokerPeer])
/// TODO: Remove
#[derive(Default, Debug)]
pub struct WireguardOut {
// impl KeyOutput
@@ -274,20 +134,12 @@ pub struct WireguardOut {
pub extra_params: Vec<String>,
}
/// Used to indicate whether the rosenpass server is in normal operating
/// conditions or under load (i.e. a DOS attack is happening)
#[derive(Debug, Clone, Copy, PartialEq)]
pub enum DoSOperation {
UnderLoad,
Normal,
}
/// Integration test helpers for AppServer
///
/// TODO: Remove; this is no way to write integration tests
///
/// # Examples
///
/// See [AppServer]
#[derive(Debug, Builder)]
#[builder(pattern = "owned")]
pub struct AppServerTest {
@@ -299,100 +151,43 @@ pub struct AppServerTest {
pub termination_handler: Option<std::sync::mpsc::Receiver<()>>,
}
/// This represents a some source of IO operations in the context of the Rosenpass server
///
/// I.e. this identifies some structure that could be marked as "ready for IO" by [mio]
#[derive(Debug, PartialEq, Eq, Copy, Clone)]
pub enum AppServerIoSource {
/// IO source refers to a socket in [AppServer::sockets]
Socket(usize),
/// IO source refers to a PSK broker in [AppServer::brokers]
PskBroker(Public<BROKER_ID_BYTES>),
/// IO source refers to some IO sources used in the API;
/// see [AppServer::api_manager]
#[cfg(feature = "experiment_api")]
MioManager(crate::api::mio::MioManagerIoSource),
}
/// Number of epoll(7) events Rosenpass can receive at a time
const EVENT_CAPACITY: usize = 20;
/// This holds pretty much all of the state of the Rosenpass application
/// including the cryptographic state in [Self::crypto_site]
/// Holds the state of the application, namely the external IO
///
/// Responsible for file IO, network IO, etc…
///
/// # Examples
///
#[doc = "```ignore"]
#[doc = include_str!("../tests/app_server_example.rs")]
#[doc = "```"]
/// Responsible for file IO, network IO
// TODO add user control via unix domain socket and stdin/stdout
#[derive(Debug)]
pub struct AppServer {
/// Contains the actual cryptographic implementation.
///
/// Because the API supports initializing the server with a keypair
/// and CryptoServer needs to be initialized with a keypair, the struct
/// is wrapped in a ConstructionSite
pub crypto_site: ConstructionSite<BuildCryptoServer, CryptoServer>,
/// The UDP sockets used to send and receive protocol messages
pub sockets: Vec<mio::net::UdpSocket>,
/// Buffer for [mio] (epoll(7), async IO handling) IO events
pub events: mio::Events,
/// Supplemental buffer for [mio] events. See the inline documentation of [AppServer::try_recv]
/// for details.
pub short_poll_queue: VecDeque<mio::event::Event>,
/// We have two different polling modes; long polling (legacy) and short polling (new and
/// somewhat experimental). See [AppServer::try_recv] for details
pub performed_long_poll: bool,
/// Events produced by [mio] refer to IO sources by a numeric token assigned to them
/// (see [MioTokenDispenser]). This index associateds mio token with the specific IO
/// source stored in this object
pub io_source_index: HashMap<mio::Token, AppServerIoSource>,
/// Asynchronous IO source
pub mio_poll: mio::Poll,
/// MIO associates IO sources with numeric tokens. This struct takes care of generating these
/// tokens
pub mio_token_dispenser: MioTokenDispenser,
/// Helpers handling communication with WireGuard; these take a generated key and forward it to
/// WireGuard
pub brokers: BrokerStore,
/// This is our view of the peers; generally every peer in here is associated with one peer in
/// CryptoServer
pub peers: Vec<AppPeer>,
/// If set to [Verbosity::Verbose], then some extra information will be printed
/// at the info log level
pub verbosity: Verbosity,
/// Used by [AppServer::try_recv] to ensure that all packages have been read
/// from the UDP sockets
pub all_sockets_drained: bool,
/// Whether network message handling determined that a Denial of Service attack is happening
pub under_load: DoSOperation,
/// State kept by the [AppServer::try_recv] for polling
pub blocking_polls_count: usize,
/// State kept by the [AppServer::try_recv] for polling
pub non_blocking_polls_count: usize,
/// State kept by the [AppServer::try_recv] for polling
pub unpolled_count: usize,
/// State kept by the [AppServer::try_recv] for polling
pub last_update_time: Instant,
/// Used by integration tests to force [Self] into DoS condition
/// and to terminate the AppServer after the test is complete
pub test_helpers: Option<AppServerTest>,
/// Helper for integration tests running rosenpass as a subprocess
/// to terminate properly upon receiving an appropriate system signal.
///
/// This is primarily needed for coverage testing, since llvm-cov does not
/// write coverage reports to disk when a process is stopped by the default
/// signal handler.
///
/// See <https://github.com/rosenpass/rosenpass/issues/385>
#[cfg(feature = "internal_signal_handling_for_coverage_reports")]
pub term_signal: terminate::TerminateRequested,
pub crypto_site: ConstructionSite<BuildCryptoServer, CryptoServer>,
pub sockets: Vec<mio::net::UdpSocket>,
pub events: mio::Events,
pub short_poll_queue: VecDeque<mio::event::Event>,
pub performed_long_poll: bool,
pub io_source_index: HashMap<mio::Token, AppServerIoSource>,
pub mio_poll: mio::Poll,
pub mio_token_dispenser: MioTokenDispenser,
pub brokers: BrokerStore,
pub peers: Vec<AppPeer>,
pub verbosity: Verbosity,
pub all_sockets_drained: bool,
pub under_load: DoSOperation,
pub blocking_polls_count: usize,
pub non_blocking_polls_count: usize,
pub unpolled_count: usize,
pub last_update_time: Instant,
pub test_helpers: Option<AppServerTest>,
#[cfg(feature = "experiment_api")]
/// The Rosenpass unix socket API handler; this is an experimental
/// feature that can be used to embed Rosenpass in external applications
/// via communication by unix socket
pub api_manager: crate::api::mio::MioManager,
}
@@ -406,19 +201,14 @@ pub struct AppServer {
pub struct SocketPtr(pub usize);
impl SocketPtr {
/// Retrieve the concrete udp socket associated with the pointer
pub fn get<'a>(&self, srv: &'a AppServer) -> &'a mio::net::UdpSocket {
&srv.sockets[self.0]
}
/// Retrieve the concrete udp socket associated with the pointer, mutably
pub fn get_mut<'a>(&self, srv: &'a mut AppServer) -> &'a mut mio::net::UdpSocket {
&mut srv.sockets[self.0]
}
/// Send a UDP packet to another address.
///
/// Merely forwards to [mio::net::UdpSocket::send_to]
pub fn send_to(&self, srv: &AppServer, buf: &[u8], addr: SocketAddr) -> anyhow::Result<()> {
self.get(srv).send_to(buf, addr)?;
Ok(())
@@ -426,41 +216,28 @@ impl SocketPtr {
}
/// Index based pointer to a Peer
///
/// This allows retrieving both the io-oriented and the cryptographic information
/// about a peer.
#[derive(Debug, Copy, Clone)]
pub struct AppPeerPtr(pub usize);
impl AppPeerPtr {
/// Takes an pointer from the cryptography subsystem
/// in [AppServer::crypto_site] and derives the associated AppPeerPtr
/// in [AppServer]
/// Takes an index based handle and returns the actual peer
pub fn lift(p: PeerPtr) -> Self {
Self(p.0)
}
/// Turns this pointer into a cryptographic peer pointer for [CryptoServer]
/// in [AppServer::crypto_site]
/// Returns an index based handle to one Peer
pub fn lower(&self) -> PeerPtr {
PeerPtr(self.0)
}
/// Retrieve the [AppPeer] pointed to by [Self]
pub fn get_app<'a>(&self, srv: &'a AppServer) -> &'a AppPeer {
&srv.peers[self.0]
}
/// Retrieve the [AppPeer] pointed to by [Self], mutably
pub fn get_app_mut<'a>(&self, srv: &'a mut AppServer) -> &'a mut AppPeer {
&mut srv.peers[self.0]
}
/// Use the associated WireGuard PSK broker via [BrokerStorePtr]
/// to upload a new PSK.
///
/// If no PSK broker is set and [AppPeer::outfile] is none, then
/// this prints a warning
pub fn set_psk(&self, server: &mut AppServer, psk: &Secret<WG_KEY_LEN>) -> anyhow::Result<()> {
if let Some(broker) = server.peers[self.0].broker_peer.as_ref() {
let config = broker.peer_cfg.create_config(psk);
@@ -473,34 +250,17 @@ impl AppPeerPtr {
}
}
/// The result of [AppServer::poll].
///
/// Instructs [AppServer::event_loop_without_error_handling] on how to proceed.
#[derive(Debug)]
pub enum AppPollResult {
/// Erase the key for a given peer. Corresponds to [crate::protocol::PollResult::DeleteKey]
DeleteKey(AppPeerPtr),
/// Send an initiation to the given peer. Corresponds to [crate::protocol::PollResult::SendInitiation]
SendInitiation(AppPeerPtr),
/// Send a retransmission to the given peer. Corresponds to
/// [crate::protocol::PollResult::SendRetransmission]
SendRetransmission(AppPeerPtr),
/// Received a network message.
///
/// This is the only case without a correspondence in [crate::protocol::PollResult]
ReceivedMessage(usize, Endpoint),
}
/// The reason why we are outputting a key
#[derive(Debug)]
pub enum KeyOutputReason {
/// The reason is that a new key for the given peer was successfully exchanged
Exchanged,
/// The reason is, that no key could be exchanged with the peer before the output
/// key lifetime was reached; a [AppPollResult::DeleteKey] event was issued.
///
/// The key we output in this case is chosen randomly and serves to securely
/// erase whatever key is currently stored.
Stale,
}
@@ -539,21 +299,14 @@ impl std::fmt::Display for Endpoint {
}
}
/// A network address bound to a particular socket.
///
/// We need the information which socket is used because different listen sockets
/// might be on different networks.
#[derive(Debug)]
pub struct SocketBoundEndpoint {
/// The socket the address can be reached under; this is generally
/// determined when we actually receive an RespHello message
socket: SocketPtr,
/// The network address
/// Just the address
addr: SocketAddr,
/// Byte representation of this socket bound network address.
/// Generated through [SocketBoundEndpoint::to_bytes].
///
/// Read through [HostIdentification::encode]
/// identifier
bytes: (usize, [u8; SocketBoundEndpoint::BUFFER_SIZE]),
}
@@ -564,22 +317,16 @@ impl std::fmt::Display for SocketBoundEndpoint {
}
impl SocketBoundEndpoint {
/// Length in bytes of the serialized socket index
const SOCKET_SIZE: usize = usize::BITS as usize / 8;
/// Length in bytes of the serialized ipv6 address
const IPV6_SIZE: usize = 16;
/// Length in bytes of the serialized port
const PORT_SIZE: usize = 2;
/// Length in bytes of the serialized ipv6 address scope (see [SocketAddrV6::scope_id])
const SCOPE_ID_SIZE: usize = 4;
/// Length in size of
const BUFFER_SIZE: usize = SocketBoundEndpoint::SOCKET_SIZE
+ SocketBoundEndpoint::IPV6_SIZE
+ SocketBoundEndpoint::PORT_SIZE
+ SocketBoundEndpoint::SCOPE_ID_SIZE;
/// Produce a new [Self]
pub fn new(socket: SocketPtr, addr: SocketAddr) -> Self {
let bytes = Self::to_bytes(&socket, &addr);
Self {
@@ -589,7 +336,6 @@ impl SocketBoundEndpoint {
}
}
/// Computes [HostIdentification::encode] for [Self]. Value cached in [Self::bytes].
fn to_bytes(
socket: &SocketPtr,
addr: &SocketAddr,
@@ -624,18 +370,12 @@ impl HostIdentification for SocketBoundEndpoint {
}
impl Endpoint {
/// Given a list of potential network addresses, start peer discovery.
///
/// Will send initiations to different addresses given here on each [crate::msgs::InitHello]
/// retransmission during the peer discovery phase.
/// Start discovery from some addresses
pub fn discovery_from_addresses(addresses: Vec<SocketAddr>) -> Self {
Endpoint::Discovery(HostPathDiscoveryEndpoint::from_addresses(addresses))
}
/// Given a hostname, start peer discovery.
///
/// Will send initiations to different addresses assigned to the host name
/// on each [crate::msgs::InitHello] retransmission during the peer discovery phase.
/// Start endpoint discovery from a hostname
pub fn discovery_from_hostname(hostname: String) -> anyhow::Result<Self> {
let host = HostPathDiscoveryEndpoint::lookup(hostname)?;
Ok(Endpoint::Discovery(host))
@@ -666,8 +406,6 @@ impl Endpoint {
Some(Self::discovery_from_addresses(addrs))
}
/// Send a message to the address referenced by this endpoint or to one of
/// the endpoints if we are in the peer discovery phase for this endpoint
pub fn send(&self, srv: &AppServer, buf: &[u8]) -> anyhow::Result<()> {
use Endpoint::*;
match self {
@@ -676,9 +414,6 @@ impl Endpoint {
}
}
/// List of addresses this endpoint may be associated with.
///
/// During peer discovery, this can be multiple addresses.
fn addresses(&self) -> &[SocketAddr] {
use Endpoint::*;
match self {
@@ -716,14 +451,7 @@ impl Endpoint {
// TODO: We might consider adjusting the retransmission handling to account for host-path discovery
#[derive(Debug)]
pub struct HostPathDiscoveryEndpoint {
/// Round robin index the next [Self::send_scouting] call should send packets to
///
/// (address offset, socket offset)
///
/// Including the socket here accounts for the fact that some network addresses may be
/// reachable only through particular UDP sockets
scouting_state: Cell<(usize, usize)>,
/// List of addresses fir oeer discovery
scouting_state: Cell<(usize, usize)>, // addr_off, sock_off
addresses: Vec<SocketAddr>,
}
@@ -734,7 +462,6 @@ impl std::fmt::Display for HostPathDiscoveryEndpoint {
}
impl HostPathDiscoveryEndpoint {
/// Initiate a peer discovery process through a list of potential addresses
pub fn from_addresses(addresses: Vec<SocketAddr>) -> Self {
let scouting_state = Cell::new((0, 0));
Self {
@@ -743,7 +470,7 @@ impl HostPathDiscoveryEndpoint {
}
}
/// Initiate a peer discovery process through hostname lookup
/// Lookup a hostname
pub fn lookup(hostname: String) -> anyhow::Result<Self> {
Ok(Self {
addresses: ToSocketAddrs::to_socket_addrs(&hostname)?.collect(),
@@ -751,14 +478,10 @@ impl HostPathDiscoveryEndpoint {
})
}
/// List of address candidates for the peer
pub fn addresses(&self) -> &Vec<SocketAddr> {
&self.addresses
}
/// Calculates and stores the next value for [Self::scouting_state]
/// given the address and socket we just sent a scouting [crate::msgs::InitHello] message
/// to
fn insert_next_scout_offset(&self, srv: &AppServer, addr_no: usize, sock_no: usize) {
self.scouting_state.set((
(addr_no + 1) % self.addresses.len(),
@@ -813,11 +536,6 @@ impl HostPathDiscoveryEndpoint {
}
impl AppServer {
/// Construct a new AppServer
///
/// # Examples
///
/// See [Self].
pub fn new(
keypair: Option<(SSk, SPk)>,
addrs: Vec<SocketAddr>,
@@ -942,37 +660,22 @@ impl AppServer {
})
}
/// Access the cryptographic protocol server
///
/// This may return an error if [Self] was initialized without a keypair
/// and no keypair has been supplied since then.
///
/// I.e. will return an error if [Self::crypto_site] is not fully initialized
pub fn crypto_server(&self) -> anyhow::Result<&CryptoServer> {
self.crypto_site
.product_ref()
.context("Cryptography handler not initialized")
}
/// Access the cryptographic protocol server, mutably
///
/// This may return an error if [Self] was initialized without a keypair
/// and no keypair has been supplied since then.
///
/// I.e. will return an error if [Self::crypto_site] is not fully initialized
pub fn crypto_server_mut(&mut self) -> anyhow::Result<&mut CryptoServer> {
self.crypto_site
.product_mut()
.context("Cryptography handler not initialized")
}
/// If set to [Verbosity::Verbose], then some extra information will be printed
/// at the info log level
pub fn verbose(&self) -> bool {
matches!(self.verbosity, Verbosity::Verbose)
}
/// Used by [Self::new] to register a new udp listen source
pub fn register_listen_socket(&mut self, mut sock: mio::net::UdpSocket) -> anyhow::Result<()> {
let mio_token = self.mio_token_dispenser.dispense();
self.mio_poll
@@ -984,19 +687,16 @@ impl AppServer {
Ok(())
}
/// Used to register a source of IO such as a listen socket with [Self::io_source_index]
pub fn register_io_source(&mut self, token: mio::Token, io_source: AppServerIoSource) {
let prev = self.io_source_index.insert(token, io_source);
assert!(prev.is_none());
}
/// Unregister an IO source registered with [Self::register_io_source]
pub fn unregister_io_source(&mut self, token: mio::Token) {
let value = self.io_source_index.remove(&token);
assert!(value.is_some(), "Removed IO source that does not exist");
}
/// Register a new WireGuard PSK broker
pub fn register_broker(
&mut self,
broker: Box<dyn WireguardBrokerMio<Error = anyhow::Error, MioError = anyhow::Error>>,
@@ -1019,7 +719,6 @@ impl AppServer {
Ok(BrokerStorePtr(ptr))
}
/// Unregister a WireGuard PSK broker registered with [Self::register_broker]
pub fn unregister_broker(&mut self, ptr: BrokerStorePtr) -> Result<()> {
let mut broker = self
.brokers
@@ -1031,11 +730,6 @@ impl AppServer {
Ok(())
}
/// Register a new protocol peer
///
/// # Examples
///
/// See [Self::new].
pub fn add_peer(
&mut self,
psk: Option<SymKey>,
@@ -1043,12 +737,11 @@ impl AppServer {
outfile: Option<PathBuf>,
broker_peer: Option<BrokerPeer>,
hostname: Option<String>,
protocol_version: ProtocolVersion,
) -> anyhow::Result<AppPeerPtr> {
let PeerPtr(pn) = match &mut self.crypto_site {
ConstructionSite::Void => bail!("Crypto server construction site is void"),
ConstructionSite::Builder(builder) => builder.add_peer(psk, pk, protocol_version),
ConstructionSite::Product(srv) => srv.add_peer(psk, pk, protocol_version.into())?,
ConstructionSite::Builder(builder) => builder.add_peer(psk, pk),
ConstructionSite::Product(srv) => srv.add_peer(psk, pk)?,
};
assert!(pn == self.peers.len());
@@ -1065,11 +758,6 @@ impl AppServer {
Ok(AppPeerPtr(pn))
}
/// Main IO handler; this generally does not terminate
///
/// # Examples
///
/// See [Self::new].
pub fn event_loop(&mut self) -> anyhow::Result<()> {
const INIT_SLEEP: f64 = 0.01;
const MAX_FAILURES: i32 = 10;
@@ -1123,9 +811,6 @@ impl AppServer {
}
}
/// IO handler without proactive restarts after errors.
///
/// This is used internally in [Self::event_loop].
pub fn event_loop_without_error_handling(&mut self) -> anyhow::Result<()> {
let (mut rx, mut tx) = (MsgBuf::zero(), MsgBuf::zero());
@@ -1245,8 +930,6 @@ impl AppServer {
}
}
/// Helper for [Self::event_loop_without_error_handling] to handle network messages
/// under DoS condition
fn handle_msg_under_load(
&mut self,
endpoint: &Endpoint,
@@ -1263,8 +946,6 @@ impl AppServer {
}
}
/// Used as a helper by [Self::event_loop_without_error_handling] when
/// a new output key has been exchanged
pub fn output_key(
&mut self,
peer: AppPeerPtr,
@@ -1314,10 +995,6 @@ impl AppServer {
Ok(())
}
/// Poll for events from the cryptographic server ([Self::crypto_server()])
/// and for IO events through [Self::poll].
///
/// Used internally in [Self::event_loop_without_error_handling]
pub fn poll(&mut self, rx_buf: &mut [u8]) -> anyhow::Result<AppPollResult> {
use crate::protocol::PollResult as C;
use AppPollResult as A;
@@ -1349,9 +1026,7 @@ impl AppServer {
Ok(res)
}
/// Tries to receive a new message from the network sockets.
///
/// Used internally in [Self::poll]
/// Tries to receive a new message
///
/// - might wait for an duration up to `timeout`
/// - returns immediately if an error occurs
@@ -1523,7 +1198,6 @@ impl AppServer {
Ok(None)
}
/// Internal helper for [Self::try_recv]
fn perform_mio_poll_and_register_events(&mut self, timeout: Duration) -> io::Result<()> {
self.mio_poll.poll(&mut self.events, Some(timeout))?;
// Fill the short poll buffer with the acquired events
@@ -1534,7 +1208,6 @@ impl AppServer {
Ok(())
}
/// Internal helper for [Self::try_recv]
fn try_recv_from_mio_token(
&mut self,
buf: &mut [u8],
@@ -1551,7 +1224,6 @@ impl AppServer {
self.try_recv_from_io_source(buf, io_source)
}
/// Internal helper for [Self::try_recv]
fn try_recv_from_io_source(
&mut self,
buf: &mut [u8],
@@ -1582,7 +1254,6 @@ impl AppServer {
}
}
/// Internal helper for [Self::try_recv]
fn try_recv_from_listen_socket(
&mut self,
buf: &mut [u8],
@@ -1618,20 +1289,6 @@ impl AppServer {
}
#[cfg(feature = "experiment_api")]
/// This is a wrapper around a reference to [AppServer] that
/// dishes out references to [AppServer::api_manager] and
/// to [AppServer] itself.
///
/// It really just implements [crate::api::mio::MioManagerContext] which
/// provides the methods operating on [crate::api::mio::MioManager] provided
/// through a trait.
///
/// This is a rather complicated way of providing just a few functions. The entire
/// point of this exercise is to decouple the code in the API from [AppServer] and
/// this file a bit, despite those functions all needing access to [AppServer].
///
/// We want the code to live in its own module instead of expanding and expanding the source
/// file with [AppServer] more and more.
struct MioManagerFocus<'a>(&'a mut AppServer);
#[cfg(feature = "experiment_api")]

21
rosenpass/src/bin/gen-ipc-msg-types.rs
View File

@@ -1,7 +1,6 @@
use anyhow::{Context, Result};
use heck::ToShoutySnakeCase;
use rosenpass_ciphers::subtle::keyed_hash::KeyedHash;
use rosenpass_ciphers::{hash_domain::HashDomain, KEY_LEN};
/// Recursively calculate a concrete hash value for an API message type
@@ -13,12 +12,12 @@ fn calculate_hash_value(hd: HashDomain, values: &[&str]) -> Result<[u8; KEY_LEN]
}
/// Print a hash literal for pasting into the Rosenpass source code
fn print_literal(path: &[&str], shake_or_blake: KeyedHash) -> Result<()> {
let val = calculate_hash_value(HashDomain::zero(shake_or_blake.clone()), path)?;
fn print_literal(path: &[&str]) -> Result<()> {
let val = calculate_hash_value(HashDomain::zero(), path)?;
let (last, prefix) = path.split_last().context("developer error!")?;
let var_name = last.to_shouty_snake_case();
print!("// hash domain hash with hash {} of: ", shake_or_blake);
print!("// hash domain hash of: ");
for n in prefix.iter() {
print!("{n} -> ");
}
@@ -52,24 +51,24 @@ impl Tree {
}
}
fn gen_code_inner(&self, prefix: &[&str], shake_or_blake: KeyedHash) -> Result<()> {
fn gen_code_inner(&self, prefix: &[&str]) -> Result<()> {
let mut path = prefix.to_owned();
path.push(self.name());
match self {
Self::Branch(_, ref children) => {
for c in children.iter() {
c.gen_code_inner(&path, shake_or_blake.clone())?
c.gen_code_inner(&path)?
}
}
Self::Leaf(_) => print_literal(&path, shake_or_blake)?,
Self::Leaf(_) => print_literal(&path)?,
};
Ok(())
}
fn gen_code(&self, shake_or_blake: KeyedHash) -> Result<()> {
self.gen_code_inner(&[], shake_or_blake)
fn gen_code(&self) -> Result<()> {
self.gen_code_inner(&[])
}
}
@@ -94,7 +93,5 @@ fn main() -> Result<()> {
println!("type RawMsgType = u128;");
println!();
tree.gen_code(KeyedHash::keyed_shake256())?;
println!();
tree.gen_code(KeyedHash::incorrect_hmac_blake2b())
tree.gen_code()
}

83
rosenpass/src/cli.rs
View File

@@ -1,12 +1,7 @@
//! Contains the code used to parse command line parameters for rosenpass.
//!
//! [CliArgs::run] is called by the rosenpass main function and contains the
//! bulk of our boostrapping code while the main function just sets up the basic environment
use anyhow::{bail, ensure, Context};
use clap::{Parser, Subcommand};
use rosenpass_cipher_traits::primitives::Kem;
use rosenpass_ciphers::StaticKem;
use rosenpass_cipher_traits::Kem;
use rosenpass_ciphers::kem::StaticKem;
use rosenpass_secret_memory::file::StoreSecret;
use rosenpass_util::file::{LoadValue, LoadValueB64, StoreValue};
use rosenpass_wireguard_broker::brokers::native_unix::{
@@ -36,25 +31,15 @@ use {
std::thread,
};
/// How to reach a WireGuard PSK Broker
/// enum representing a choice of interface to a WireGuard broker
#[derive(Debug)]
pub enum BrokerInterface {
/// The PSK Broker is listening on a unix socket at the given path
Socket(PathBuf),
/// The PSK Broker broker is already connected to this process; a
/// unix socket stream can be reached at the given file descriptor.
///
/// This is generally used with file descriptor passing.
FileDescriptor(i32),
/// Create a socketpair(3p), spawn the PSK broker process from within rosenpass,
/// and hand one end of the socketpair to the broker process via file
/// descriptor passing to the subprocess
SocketPair,
}
/// Command line arguments to the Rosenpass binary.
///
/// Used for parsing with [clap].
/// struct holding all CLI arguments for `clap` crate to parse
#[derive(Parser, Debug)]
#[command(author, version, about, long_about, arg_required_else_help = true)]
pub struct CliArgs {
@@ -95,7 +80,6 @@ pub struct CliArgs {
#[arg(short, long, group = "psk-broker-specs")]
psk_broker_spawn: bool,
/// The subcommand to be invoked
#[command(subcommand)]
pub command: Option<CliCommand>,
@@ -114,10 +98,6 @@ pub struct CliArgs {
}
impl CliArgs {
/// Apply the command line parameters to the Rosenpass configuration struct
///
/// Generally the flow of control here is that all the command line parameters
/// are merged into the configuration file to avoid much code duplication.
pub fn apply_to_config(&self, _cfg: &mut config::Rosenpass) -> anyhow::Result<()> {
#[cfg(feature = "experiment_api")]
self.api.apply_to_config(_cfg)?;
@@ -143,11 +123,9 @@ impl CliArgs {
None
}
/// Return the WireGuard PSK broker interface configured.
///
/// Returns `None` if the `experiment_api` feature is disabled.
#[cfg(feature = "experiment_api")]
/// returns the broker interface set by CLI args
/// returns `None` if the `experiment_api` feature isn't enabled
pub fn get_broker_interface(&self) -> Option<BrokerInterface> {
if let Some(path_ref) = self.psk_broker_path.as_ref() {
Some(BrokerInterface::Socket(path_ref.to_path_buf()))
@@ -160,10 +138,9 @@ impl CliArgs {
}
}
/// Return the WireGuard PSK broker interface configured.
///
/// Returns `None` if the `experiment_api` feature is disabled.
#[cfg(not(feature = "experiment_api"))]
/// returns the broker interface set by CLI args
/// returns `None` if the `experiment_api` feature isn't enabled
pub fn get_broker_interface(&self) -> Option<BrokerInterface> {
None
}
@@ -267,17 +244,15 @@ pub enum CliCommand {
}
impl CliArgs {
/// Run Rosenpass with the given command line parameters
/// Runs the command specified via CLI
///
/// This contains the bulk of our startup logic with
/// the main function just setting up the basic environment
/// and then calling this function.
/// ## TODO
/// - This method consumes the [`CliCommand`] value. It might be wise to use a reference...
pub fn run(
self,
broker_interface: Option<BrokerInterface>,
test_helpers: Option<AppServerTest>,
) -> anyhow::Result<()> {
// TODO: This method consumes the [`CliCommand`] value. It might be wise to use a reference...
use CliCommand::*;
match &self.command {
Some(GenConfig { config_file, force }) => {
@@ -428,7 +403,6 @@ impl CliArgs {
Ok(())
}
/// Used by [Self::run] to start the Rosenpass key exchange server
fn event_loop(
config: config::Rosenpass,
broker_interface: Option<BrokerInterface>,
@@ -490,26 +464,12 @@ impl CliArgs {
cfg_peer.key_out,
broker_peer,
cfg_peer.endpoint.clone(),
cfg_peer.protocol_version.into(),
)?;
}
srv.event_loop()
}
/// Create the WireGuard PSK broker to be used by
/// [crate::app_server::AppServer].
///
/// If the `experiment_api`
/// feature flag is set, then this communicates with a PSK broker
/// running in a different process as configured via
/// the `psk_broker_path`, `psk_broker_fd`, and `psk_broker_spawn`
/// fields.
///
/// If the `experiment_api`
/// feature flag is not set, then this returns a [NativeUnixBroker],
/// sending pre-shared keys directly to WireGuard from within this
/// process.
#[cfg(feature = "experiment_api")]
fn create_broker(
broker_interface: Option<BrokerInterface>,
@@ -525,19 +485,6 @@ impl CliArgs {
}
}
/// Create the WireGuard PSK broker to be used by
/// [crate::app_server::AppServer].
///
/// If the `experiment_api`
/// feature flag is set, then this communicates with a PSK broker
/// running in a different process as configured via
/// the `psk_broker_path`, `psk_broker_fd`, and `psk_broker_spawn`
/// fields.
///
/// If the `experiment_api`
/// feature flag is not set, then this returns a [NativeUnixBroker],
/// sending pre-shared keys directly to WireGuard from within this
/// process.
#[cfg(not(feature = "experiment_api"))]
fn create_broker(
_broker_interface: Option<BrokerInterface>,
@@ -545,10 +492,6 @@ impl CliArgs {
Ok(Box::new(NativeUnixBroker::new()))
}
/// Used by [Self::create_broker] if the `experiment_api` is configured
/// to set up the connection with the PSK broker process as configured
/// via the `psk_broker_path`, `psk_broker_fd`, and `psk_broker_spawn`
/// fields.
#[cfg(feature = "experiment_api")]
fn get_broker_socket(broker_interface: BrokerInterface) -> Result<UnixStream, anyhow::Error> {
// Connect to the psk broker unix socket if one was specified
@@ -606,10 +549,10 @@ impl CliArgs {
}
/// generate secret and public keys, store in files according to the paths passed as arguments
pub fn generate_and_save_keypair(secret_key: PathBuf, public_key: PathBuf) -> anyhow::Result<()> {
fn generate_and_save_keypair(secret_key: PathBuf, public_key: PathBuf) -> anyhow::Result<()> {
let mut ssk = crate::protocol::SSk::random();
let mut spk = crate::protocol::SPk::random();
StaticKem.keygen(ssk.secret_mut(), spk.deref_mut())?;
StaticKem::keygen(ssk.secret_mut(), spk.deref_mut())?;
ssk.store_secret(secret_key)?;
spk.store(public_key)
}

248
rosenpass/src/config.rs
View File

@@ -4,9 +4,8 @@
//! [`Rosenpass`] which holds such a configuration.
//!
//! ## TODO
//! - TODO: support `~` in <https://github.com/rosenpass/rosenpass/issues/237>
//! - TODO: provide tooling to create config file from shell <https://github.com/rosenpass/rosenpass/issues/247>
//! - support `~` in <https://github.com/rosenpass/rosenpass/issues/237>
//! - provide tooling to create config file from shell <https://github.com/rosenpass/rosenpass/issues/247>
use crate::protocol::{SPk, SSk};
use rosenpass_util::file::LoadValue;
use std::{
@@ -32,10 +31,7 @@ fn empty_api_config() -> crate::api::config::ApiConfig {
}
}
/// Configuration for the Rosenpass key exchange
///
/// i.e. configuration for the `rosenpass exchange` and `rosenpass exchange-config` commands
#[derive(Debug, Serialize, Deserialize, PartialEq, Eq)]
#[derive(Debug, Serialize, Deserialize)]
pub struct Rosenpass {
// TODO: Raise error if secret key or public key alone is set during deserialization
// SEE: https://github.com/serde-rs/serde/issues/2793
@@ -50,10 +46,7 @@ pub struct Rosenpass {
/// list of [`SocketAddr`] to listen on
///
/// Examples:
///
/// - `0.0.0.0:123` Listen on any interface using IPv4, port 123
/// - `[::1]:1234` Listen on IPv6 localhost, port 1234
/// - `[::]:4476` Listen on any IPv4 or IPv6 interface, port 4476
/// - `0.0.0.0:123`
pub listen: Vec<SocketAddr>,
/// log verbosity
@@ -75,7 +68,6 @@ pub struct Rosenpass {
pub config_file_path: PathBuf,
}
/// Public key and secret key locations.
#[derive(Debug, Deserialize, Serialize, PartialEq, Eq, Clone)]
pub struct Keypair {
/// path to the public key file
@@ -86,7 +78,6 @@ pub struct Keypair {
}
impl Keypair {
/// Construct a keypair from its fields
pub fn new<Pk: AsRef<Path>, Sk: AsRef<Path>>(public_key: Pk, secret_key: Sk) -> Self {
let public_key = public_key.as_ref().to_path_buf();
let secret_key = secret_key.as_ref().to_path_buf();
@@ -97,84 +88,62 @@ impl Keypair {
}
}
/// Level of verbosity for [crate::app_server::AppServer]
///
/// The value of the field [crate::app_server::AppServer::verbosity]. See the field documentation
/// for details.
///
/// - TODO: replace this type with [`log::LevelFilter`], also see <https://github.com/rosenpass/rosenpass/pull/246>
/// ## TODO
/// - replace this type with [`log::LevelFilter`], also see <https://github.com/rosenpass/rosenpass/pull/246>
#[derive(Debug, PartialEq, Eq, Serialize, Deserialize, Copy, Clone)]
pub enum Verbosity {
Quiet,
Verbose,
}
/// The protocol version to be used by a peer.
#[derive(Debug, PartialEq, Eq, Serialize, Deserialize, Copy, Clone, Default)]
pub enum ProtocolVersion {
#[default]
V02,
V03,
}
/// Configuration data for a single Rosenpass peer
/// ## TODO
/// - examples
/// - documentation
#[derive(Debug, Default, PartialEq, Eq, Serialize, Deserialize)]
pub struct RosenpassPeer {
/// path to the public key of the peer
pub public_key: PathBuf,
/// The hostname and port to connect to
///
/// Can be a
///
/// - hostname and port, e.g. `localhost:8876` or `rosenpass.eu:1427`
/// - IPv4 address and port, e.g. `1.2.3.4:7764`
/// - IPv6 address and port, e.g. `[fe80::24]:7890`
/// ## TODO
/// - documentation
pub endpoint: Option<String>,
/// path to the pre-shared key shared with the peer
/// path to the pre-shared key with the peer
///
/// NOTE: this item can be skipped in the config if you do not use a pre-shared key with the peer
pub pre_shared_key: Option<PathBuf>,
/// If this field is set to a path, the Rosenpass will write the exchanged symmetric keys
/// to the given file and write a notification to standard out to let the calling application
/// know that a new key was exchanged
/// ## TODO
/// - documentation
#[serde(default)]
pub key_out: Option<PathBuf>,
/// Information for supplying exchanged keys directly to WireGuard
/// ## TODO
/// - documentation
/// - make this field only available on binary builds, not on library builds <https://github.com/rosenpass/rosenpass/issues/249>
#[serde(flatten)]
pub wg: Option<WireGuard>,
#[serde(default)]
/// The protocol version to use for the exchange
pub protocol_version: ProtocolVersion,
}
/// Information for supplying exchanged keys directly to WireGuard
/// ## TODO
/// - documentation
#[derive(Debug, Default, PartialEq, Eq, Serialize, Deserialize)]
pub struct WireGuard {
/// Name of the WireGuard interface to supply with pre-shared keys generated by the Rosenpass
/// key exchange
/// ## TODO
/// - documentation
pub device: String,
/// WireGuard public key of the peer to supply with pre-shared keys
/// ## TODO
/// - documentation
pub peer: String,
/// Extra parameters passed to the `wg` command
/// ## TODO
/// - documentation
#[serde(default)]
pub extra_params: Vec<String>,
}
impl Default for Rosenpass {
/// Generate an empty configuration
///
/// # Examples
///
#[doc = "```ignore"]
#[doc = include_str!("../tests/config_Rosenpass_new.rs")]
#[doc = "```"]
fn default() -> Self {
Self::empty()
}
@@ -187,15 +156,8 @@ impl Rosenpass {
/// checked whether they even exist.
///
/// ## TODO
///
/// - consider using a different algorithm to determine home directory the below one may
/// behave unexpectedly on Windows
///
/// # Examples
///
#[doc = "```ignore"]
#[doc = include_str!("../tests/config_Rosenpass_store.rs")]
#[doc = "```"]
pub fn load<P: AsRef<Path>>(p: P) -> anyhow::Result<Self> {
// read file and deserialize
let mut config: Self = toml::from_str(&fs::read_to_string(&p)?)?;
@@ -223,13 +185,7 @@ impl Rosenpass {
Ok(config)
}
/// Encode a configuration object as toml and write it to a file
///
/// # Examples
///
#[doc = "```ignore"]
#[doc = include_str!("../tests/config_Rosenpass_store.rs")]
#[doc = "```"]
/// Write a config to a file
pub fn store<P: AsRef<Path>>(&self, p: P) -> anyhow::Result<()> {
let serialized_config =
toml::to_string_pretty(&self).expect("unable to serialize the default config");
@@ -238,12 +194,6 @@ impl Rosenpass {
}
/// Commit the configuration to where it came from, overwriting the original file
///
/// # Examples
///
#[doc = "```ignore"]
#[doc = include_str!("../tests/config_Rosenpass_store.rs")]
#[doc = "```"]
pub fn commit(&self) -> anyhow::Result<()> {
let mut f = fopen_w(&self.config_file_path, Visibility::Public)?;
f.write_all(toml::to_string_pretty(&self)?.as_bytes())?;
@@ -251,21 +201,13 @@ impl Rosenpass {
self.store(&self.config_file_path)
}
/// Apply the configuration in this object to the given [crate::app_server::AppServer]
pub fn apply_to_app_server(&self, _srv: &mut AppServer) -> anyhow::Result<()> {
#[cfg(feature = "experiment_api")]
self.api.apply_to_app_server(_srv)?;
Ok(())
}
/// Check that the configuration is sound, ensuring
/// for instance that the referenced files exist
///
/// # Examples
///
#[doc = "```ignore"]
#[doc = include_str!("../tests/config_Rosenpass_validate.rs")]
#[doc = "```"]
/// Validate a configuration
pub fn validate(&self) -> anyhow::Result<()> {
if let Some(ref keypair) = self.keypair {
// check the public key file exists
@@ -342,21 +284,6 @@ impl Rosenpass {
Ok(())
}
/// Check that the configuration is useful given the feature set Rosenpass was compiled with
/// and the configuration values.
///
/// This was introduced when we introduced a unix-socket API feature allowing the server
/// keypair to be supplied via the API; in this process we also made [Self::keypair] optional.
/// With respect to this particular feature, this function ensures that [Self::keypair] is set
/// when Rosenpass is compiles without the `experiment_api` flag. When `experiment_api` is
/// used, the function ensures that [Self::keypair] is only `None`, if the Rosenpass API is
/// enabled in the configuration.
///
/// # Examples
///
#[doc = "```ignore"]
#[doc = include_str!("../tests/config_Rosenpass_validate.rs")]
#[doc = "```"]
pub fn check_usefullness(&self) -> anyhow::Result<()> {
#[cfg(not(feature = "experiment_api"))]
ensure!(self.keypair.is_some(), "Server keypair missing.");
@@ -372,38 +299,15 @@ impl Rosenpass {
Ok(())
}
/// Produce an empty confuguration
///
/// # Examples
///
#[doc = "```ignore"]
#[doc = include_str!("../tests/config_Rosenpass_new.rs")]
#[doc = "```"]
pub fn empty() -> Self {
Self::new(None)
}
/// Produce configuration from the keypair
///
/// Shorthand for calling [Self::new] with Some([Keypair]::new(sk, pk)).
///
/// # Examples
///
#[doc = "```ignore"]
#[doc = include_str!("../tests/config_Rosenpass_new.rs")]
#[doc = "```"]
pub fn from_sk_pk<Sk: AsRef<Path>, Pk: AsRef<Path>>(sk: Sk, pk: Pk) -> Self {
Self::new(Some(Keypair::new(pk, sk)))
}
/// Initialize a minimal configuration with the [Self::keypair] field supplied
/// as a parameter
///
/// # Examples
///
#[doc = "```ignore"]
#[doc = include_str!("../tests/config_Rosenpass_new.rs")]
#[doc = "```"]
/// Creates a new configuration
pub fn new(keypair: Option<Keypair>) -> Self {
Self {
keypair,
@@ -417,14 +321,6 @@ impl Rosenpass {
}
/// Add IPv4 __and__ IPv6 IF_ANY address to the listen interfaces
///
/// I.e. listen on any interface.
///
/// # Examples
///
#[doc = "```ignore"]
#[doc = include_str!("../tests/config_Rosenpass_add_if_any.rs")]
#[doc = "```"]
pub fn add_if_any(&mut self, port: u16) {
let ipv4_any = SocketAddr::V4(SocketAddrV4::new(Ipv4Addr::new(0, 0, 0, 0), port));
let ipv6_any = SocketAddr::V6(SocketAddrV6::new(
@@ -437,20 +333,8 @@ impl Rosenpass {
self.listen.push(ipv6_any);
}
/// Parser for the old, IP style grammar.
///
/// See out manual page rosenpass-exchange(1) on details about the grammar.
///
/// This function parses the grammar and turns it into an instance of the configuration
/// struct.
///
/// TODO: the grammar is undecidable, what do we do here?
///
/// # Examples
///
#[doc = "```ignore"]
#[doc = include_str!("../tests/config_Rosenpass_parse_args_simple.rs")]
#[doc = "```"]
/// from chaotic args
/// Quest: the grammar is undecideable, what do we do here?
pub fn parse_args(args: Vec<String>) -> anyhow::Result<Self> {
let mut config = Self::new(Some(Keypair::new("", "")));
@@ -641,13 +525,11 @@ impl Rosenpass {
}
impl Default for Verbosity {
/// Self::Quiet
fn default() -> Self {
Self::Quiet
}
}
/// Example configuration generated by the command `rosenpass gen-config <TOML-FILE>`.
pub static EXAMPLE_CONFIG: &str = r###"public_key = "/path/to/rp-public-key"
secret_key = "/path/to/rp-secret-key"
listen = []
@@ -671,7 +553,7 @@ key_out = "/path/to/rp-key-out.txt" # path to store the key
mod test {
use super::*;
use std::borrow::Borrow;
use std::{borrow::Borrow, net::IpAddr};
fn toml_des<S: Borrow<str>>(s: S) -> Result<toml::Table, toml::de::Error> {
toml::from_str(s.borrow())
@@ -783,50 +665,34 @@ mod test {
}
#[test]
fn test_protocol_version() {
let mut rosenpass = Rosenpass::empty();
let mut peer_v_02 = RosenpassPeer::default();
peer_v_02.protocol_version = ProtocolVersion::V02;
rosenpass.peers.push(peer_v_02);
let mut peer_v_03 = RosenpassPeer::default();
peer_v_03.protocol_version = ProtocolVersion::V03;
rosenpass.peers.push(peer_v_03);
#[cfg(feature = "experiment_api")]
{
rosenpass.api.listen_fd = vec![];
rosenpass.api.listen_path = vec![];
rosenpass.api.stream_fd = vec![];
}
#[cfg(feature = "experiment_api")]
let expected_toml = r#"listen = []
verbosity = "Quiet"
[api]
listen_fd = []
listen_path = []
stream_fd = []
fn test_simple_cli_parse() {
let args = split_str(
"public-key /my/public-key secret-key /my/secret-key verbose \
listen 0.0.0.0:9999 peer public-key /peer/public-key endpoint \
peer.test:9999 outfile /peer/rp-out",
);
[[peers]]
protocol_version = "V02"
public_key = ""
let config = Rosenpass::parse_args(args).unwrap();
[[peers]]
protocol_version = "V03"
public_key = ""
"#;
#[cfg(not(feature = "experiment_api"))]
let expected_toml = r#"listen = []
verbosity = "Quiet"
[[peers]]
protocol_version = "V02"
public_key = ""
[[peers]]
protocol_version = "V03"
public_key = ""
"#;
assert_toml_round(rosenpass, expected_toml).unwrap()
assert_eq!(
config.keypair,
Some(Keypair::new("/my/public-key", "/my/secret-key"))
);
assert_eq!(config.verbosity, Verbosity::Verbose);
assert_eq!(
&config.listen,
&vec![SocketAddr::new(IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)), 9999)]
);
assert_eq!(
config.peers,
vec![RosenpassPeer {
public_key: PathBuf::from("/peer/public-key"),
endpoint: Some("peer.test:9999".into()),
pre_shared_key: None,
key_out: Some(PathBuf::from("/peer/rp-out")),
..Default::default()
}]
)
}
#[test]

39
rosenpass/src/hash_domains.rs
View File

@@ -13,8 +13,6 @@
//! use rosenpass::{hash_domain, hash_domain_ns};
//! use rosenpass::hash_domains::protocol;
//!
//! use rosenpass_ciphers::subtle::keyed_hash::KeyedHash;
//!
//! // Declaring a custom hash domain
//! hash_domain_ns!(protocol, custom_domain, "my custom hash domain label");
//!
@@ -28,18 +26,15 @@
//! hash_domain!(domain_separators, sep1, "1");
//! hash_domain!(domain_separators, sep2, "2");
//!
//! // We use the SHAKE256 hash function for this example
//! let hash_choice = KeyedHash::keyed_shake256();
//!
//! // Generating values under hasher1 with both domain separators
//! let h1 = hasher1(hash_choice.clone())?.mix(b"some data")?.dup();
//! let h1v1 = h1.mix(&sep1(hash_choice.clone())?)?.mix(b"More data")?.into_value();
//! let h1v2 = h1.mix(&sep2(hash_choice.clone())?)?.mix(b"More data")?.into_value();
//! let h1 = hasher1()?.mix(b"some data")?.dup();
//! let h1v1 = h1.mix(&sep1()?)?.mix(b"More data")?.into_value();
//! let h1v2 = h1.mix(&sep2()?)?.mix(b"More data")?.into_value();
//!
//! // Generating values under hasher2 with both domain separators
//! let h2 = hasher2(hash_choice.clone())?.mix(b"some data")?.dup();
//! let h2v1 = h2.mix(&sep1(hash_choice.clone())?)?.mix(b"More data")?.into_value();
//! let h2v2 = h2.mix(&sep2(hash_choice.clone())?)?.mix(b"More data")?.into_value();
//! let h2 = hasher2()?.mix(b"some data")?.dup();
//! let h2v1 = h2.mix(&sep1()?)?.mix(b"More data")?.into_value();
//! let h2v2 = h2.mix(&sep2()?)?.mix(b"More data")?.into_value();
//!
//! // All of the domain separators are now different, random strings
//! let values = [h1v1, h1v2, h2v1, h2v2];
@@ -54,7 +49,6 @@
use anyhow::Result;
use rosenpass_ciphers::hash_domain::HashDomain;
use rosenpass_ciphers::subtle::keyed_hash::KeyedHash;
/// Declare a hash function
///
@@ -68,8 +62,8 @@ use rosenpass_ciphers::subtle::keyed_hash::KeyedHash;
macro_rules! hash_domain_ns {
($(#[$($attrss:tt)*])* $base:ident, $name:ident, $($lbl:expr),+ ) => {
$(#[$($attrss)*])*
pub fn $name(hash_choice: KeyedHash) -> ::anyhow::Result<::rosenpass_ciphers::hash_domain::HashDomain> {
let t = $base(hash_choice)?;
pub fn $name() -> ::anyhow::Result<::rosenpass_ciphers::hash_domain::HashDomain> {
let t = $base()?;
$( let t = t.mix($lbl.as_bytes())?; )*
Ok(t)
}
@@ -87,8 +81,8 @@ macro_rules! hash_domain_ns {
macro_rules! hash_domain {
($(#[$($attrss:tt)*])* $base:ident, $name:ident, $($lbl:expr),+ ) => {
$(#[$($attrss)*])*
pub fn $name(hash_choice: KeyedHash) -> ::anyhow::Result<[u8; ::rosenpass_ciphers::KEY_LEN]> {
let t = $base(hash_choice)?;
pub fn $name() -> ::anyhow::Result<[u8; ::rosenpass_ciphers::KEY_LEN]> {
let t = $base()?;
$( let t = t.mix($lbl.as_bytes())?; )*
Ok(t.into_value())
}
@@ -100,22 +94,15 @@ macro_rules! hash_domain {
/// This serves as a global [domain separator](https://en.wikipedia.org/wiki/Domain_separation)
/// used in various places in the rosenpass protocol.
///
/// This is generally used to create further hash-domains for specific purposes. Depending on
/// the used hash function, the protocol string is different.
/// This is generally used to create further hash-domains for specific purposes. See
///
/// # Examples
///
/// See the source file for details about how this is used concretely.
///
/// See the [module](self) documentation on how to use the hash domains in general
pub fn protocol(hash_choice: KeyedHash) -> Result<HashDomain> {
// Depending on the hash function, we use different protocol strings
match hash_choice {
KeyedHash::KeyedShake256(_) => HashDomain::zero(hash_choice)
.mix("Rosenpass v1 mceliece460896 Kyber512 ChaChaPoly1305 SHAKE256".as_bytes()),
KeyedHash::IncorrectHmacBlake2b(_) => HashDomain::zero(hash_choice)
.mix("Rosenpass v1 mceliece460896 Kyber512 ChaChaPoly1305 BLAKE2s".as_bytes()),
}
pub fn protocol() -> Result<HashDomain> {
HashDomain::zero().mix("Rosenpass v1 mceliece460896 Kyber512 ChaChaPoly1305 BLAKE2s".as_bytes())
}
hash_domain_ns!(

26
rosenpass/src/msgs.rs
View File

@@ -9,12 +9,13 @@
//! To achieve this we utilize the zerocopy library.
//!
use std::mem::size_of;
use std::u8;
use zerocopy::{AsBytes, FromBytes, FromZeroes};
use super::RosenpassError;
use rosenpass_cipher_traits::primitives::{Aead as _, Kem};
use rosenpass_ciphers::{Aead, XAead, KEY_LEN};
use rosenpass_ciphers::{EphemeralKem, StaticKem};
use rosenpass_cipher_traits::Kem;
use rosenpass_ciphers::kem::{EphemeralKem, StaticKem};
use rosenpass_ciphers::{aead, xaead, KEY_LEN};
/// Length of a session ID such as [InitHello::sidi]
pub const SESSION_ID_LEN: usize = 4;
@@ -31,7 +32,7 @@ pub const MAX_MESSAGE_LEN: usize = 2500; // TODO fix this
pub const BISCUIT_PT_LEN: usize = size_of::<Biscuit>();
/// Length in bytes of an encrypted Biscuit (cipher text)
pub const BISCUIT_CT_LEN: usize = BISCUIT_PT_LEN + XAead::NONCE_LEN + XAead::TAG_LEN;
pub const BISCUIT_CT_LEN: usize = BISCUIT_PT_LEN + xaead::NONCE_LEN + xaead::TAG_LEN;
/// Size of the field [Envelope::mac]
pub const MAC_SIZE: usize = 16;
@@ -135,9 +136,9 @@ pub struct InitHello {
/// Classic McEliece Ciphertext
pub sctr: [u8; StaticKem::CT_LEN],
/// Encryped: 16 byte hash of McEliece initiator static key
pub pidic: [u8; Aead::TAG_LEN + 32],
pub pidic: [u8; aead::TAG_LEN + 32],
/// Encrypted TAI64N Time Stamp (against replay attacks)
pub auth: [u8; Aead::TAG_LEN],
pub auth: [u8; aead::TAG_LEN],
}
/// This is the second message sent by the responder to the initiator
@@ -186,7 +187,7 @@ pub struct RespHello {
/// Classic McEliece Ciphertext
pub scti: [u8; StaticKem::CT_LEN],
/// Empty encrypted message (just an auth tag)
pub auth: [u8; Aead::TAG_LEN],
pub auth: [u8; aead::TAG_LEN],
/// Responders handshake state in encrypted form
pub biscuit: [u8; BISCUIT_CT_LEN],
}
@@ -235,7 +236,7 @@ pub struct InitConf {
/// Responders handshake state in encrypted form
pub biscuit: [u8; BISCUIT_CT_LEN],
/// Empty encrypted message (just an auth tag)
pub auth: [u8; Aead::TAG_LEN],
pub auth: [u8; aead::TAG_LEN],
}
/// This is the fourth message sent by the initiator to the responder
@@ -291,7 +292,7 @@ pub struct EmptyData {
/// Nonce
pub ctr: [u8; 8],
/// Empty encrypted message (just an auth tag)
pub auth: [u8; Aead::TAG_LEN],
pub auth: [u8; aead::TAG_LEN],
}
/// Cookie encrypted and sent to the initiator by the responder in [RespHello]
@@ -345,7 +346,7 @@ pub struct CookieReplyInner {
/// Session ID of the sender (initiator)
pub sid: [u8; 4],
/// Encrypted cookie with authenticated initiator `mac`
pub cookie_encrypted: [u8; XAead::NONCE_LEN + COOKIE_SIZE + XAead::TAG_LEN],
pub cookie_encrypted: [u8; xaead::NONCE_LEN + COOKIE_SIZE + xaead::TAG_LEN],
}
/// Specialized message for use in the cookie mechanism.
@@ -436,8 +437,7 @@ impl From<MsgType> for u8 {
#[cfg(test)]
mod test_constants {
use crate::msgs::{BISCUIT_CT_LEN, BISCUIT_PT_LEN};
use rosenpass_cipher_traits::primitives::Aead as _;
use rosenpass_ciphers::{XAead, KEY_LEN};
use rosenpass_ciphers::{xaead, KEY_LEN};
#[test]
fn sodium_keysize() {
@@ -453,7 +453,7 @@ mod test_constants {
fn biscuit_ct_len() {
assert_eq!(
BISCUIT_CT_LEN,
BISCUIT_PT_LEN + XAead::NONCE_LEN + XAead::TAG_LEN
BISCUIT_PT_LEN + xaead::NONCE_LEN + xaead::TAG_LEN
);
}
}

311
rosenpass/src/protocol/build_crypto_server.rs
View File

@@ -1,5 +1,3 @@
use super::{CryptoServer, PeerPtr, SPk, SSk, SymKey};
use crate::config::ProtocolVersion;
use rosenpass_util::{
build::Build,
mem::{DiscardResultExt, SwapWithDefaultExt},
@@ -7,100 +5,32 @@ use rosenpass_util::{
};
use thiserror::Error;
use super::{CryptoServer, PeerPtr, SPk, SSk, SymKey};
#[derive(Debug, Clone)]
/// A pair of matching public/secret keys used to launch the crypto server.
///
/// # Examples
///
/// Decomposing a key pair into its individual components, then recreating it:
///
/// ```rust
/// use rosenpass::protocol::Keypair;
///
/// // We have to define the security policy before using Secrets.
/// use rosenpass_secret_memory::secret_policy_use_only_malloc_secrets;
/// secret_policy_use_only_malloc_secrets();
///
/// let random_pair = Keypair::random();
/// let random_copy = random_pair.clone();
/// let (sk_copy, pk_copy) = random_copy.into_parts();
///
/// // Re-assemble the key pair from the original secret/public key
/// // Note that it doesn't have to be the exact same keys;
/// // you could just as easily use a completely different pair here
/// let reconstructed_pair = Keypair::from_parts((sk_copy, pk_copy));
///
/// assert_eq!(random_pair.sk.secret(), reconstructed_pair.sk.secret());
/// assert_eq!(random_pair.pk, reconstructed_pair.pk);
/// ```
pub struct Keypair {
/// Secret key matching the crypto server's public key.
pub sk: SSk,
/// Public key identifying the crypto server instance.
pub pk: SPk,
}
// TODO: We need a named tuple derive
impl Keypair {
/// Creates a new key pair from the given secret/public key components.
///
/// # Example
///
/// ```rust
/// use rosenpass::protocol::{Keypair, SSk, SPk};
///
/// // We have to define the security policy before using Secrets.
/// use rosenpass_secret_memory::secret_policy_use_only_malloc_secrets;
/// secret_policy_use_only_malloc_secrets();
///
/// let random_sk = SSk::random();
/// let random_pk = SPk::random();
/// let random_pair = Keypair::new(random_sk.clone(), random_pk.clone());
///
/// assert_eq!(random_sk.secret(), random_pair.sk.secret());
/// assert_eq!(random_pk, random_pair.pk);
/// ```
pub fn new(sk: SSk, pk: SPk) -> Self {
Self { sk, pk }
}
/// Creates a new "empty" key pair. All bytes are initialized to zero.
///
/// See [SSk:zero()][crate::protocol::SSk::zero] and [SPk:zero()][crate::protocol::SPk::zero], respectively.
///
/// # Example
///
/// ```rust
/// use rosenpass::protocol::{Keypair, SSk, SPk};
///
/// // We have to define the security policy before using Secrets.
/// use rosenpass_secret_memory::secret_policy_use_only_malloc_secrets;
/// secret_policy_use_only_malloc_secrets();
///
/// let zero_sk = SSk::zero();
/// let zero_pk = SPk::zero();
/// let zero_pair = Keypair::zero();
///
/// assert_eq!(zero_sk.secret(), zero_pair.sk.secret());
/// assert_eq!(zero_pk, zero_pair.pk);
/// ```
pub fn zero() -> Self {
Self::new(SSk::zero(), SPk::zero())
}
/// Creates a new (securely-)random key pair. The mechanism is described in [rosenpass_secret_memory::Secret].
///
/// See [SSk:random()][crate::protocol::SSk::random] and [SPk:random()][crate::protocol::SPk::random], respectively.
pub fn random() -> Self {
Self::new(SSk::random(), SPk::random())
}
/// Creates a new key pair from the given public/secret key components.
pub fn from_parts(parts: (SSk, SPk)) -> Self {
Self::new(parts.0, parts.1)
}
/// Deconstructs the key pair, yielding the individual public/secret key components.
pub fn into_parts(self) -> (SSk, SPk) {
(self.sk, self.pk)
}
@@ -108,78 +38,25 @@ impl Keypair {
#[derive(Error, Debug)]
#[error("PSK already set in BuildCryptoServer")]
/// Error indicating that the PSK is already set.
/// Unused in the current version of the protocol.
pub struct PskAlreadySet;
#[derive(Error, Debug)]
#[error("Keypair already set in BuildCryptoServer")]
/// Error type indicating that the public/secret key pair has already been set.
pub struct KeypairAlreadySet;
#[derive(Error, Debug)]
#[error("Can not construct CryptoServer: Missing keypair")]
/// Error type indicating that no public/secret key pair has been provided.
pub struct MissingKeypair;
#[derive(Debug, Default)]
/// Builder for setting up a [CryptoServer] (with deferred initialization).
///
/// There are multiple ways of creating a crypto server:
///
/// 1. Provide the key pair at initialization time (using [CryptoServer::new][crate::protocol::CryptoServer::new])
/// 2. Provide the key pair at a later time (using [BuildCryptoServer::empty])
///
/// With BuildCryptoServer, you can gradually configure parameters as they become available.
/// This may be useful when they depend on runtime conditions or have to be fetched asynchronously.
/// It's possible to use the builder multiple times; it then serves as a "blueprint" for new
/// instances, several of which may be spawned with the same base configuration (or variations thereof).
///
/// Note that the server won't actually launch without a key pair (expect a [MissingKeypair] error).
/// The setup will be much simplified if one is provided, at the cost of some flexibility.
/// It's however possible to defer this step in case your application requires it.
///
/// For additional details or examples, see [AppServer::crypto_site][crate::app_server::AppServer::crypto_site] and [ConstructionSite][rosenpass_util::build::ConstructionSite].
///
/// # Example
///
/// ```rust
/// use rosenpass_util::build::Build;
/// use rosenpass::protocol::{BuildCryptoServer, Keypair, PeerParams, SPk, SymKey};
/// use rosenpass::config::ProtocolVersion;
///
/// // We have to define the security policy before using Secrets.
/// use rosenpass_secret_memory::secret_policy_use_only_malloc_secrets;
/// secret_policy_use_only_malloc_secrets();
///
/// let keypair = Keypair::random();
/// let peer1 = PeerParams { psk: Some(SymKey::random()), pk: SPk::random(), protocol_version: ProtocolVersion::V02 };
/// let peer2 = PeerParams { psk: None, pk: SPk::random(), protocol_version: ProtocolVersion::V02 };
///
/// let mut builder = BuildCryptoServer::new(Some(keypair.clone()), vec![peer1]);
/// builder.add_peer(peer2.psk.clone(), peer2.pk, ProtocolVersion::V02);
///
/// let server = builder.build().expect("build failed");
/// assert_eq!(server.peers.len(), 2);
/// assert_eq!(server.sskm.secret(), keypair.sk.secret());
/// assert_eq!(server.spkm, keypair.pk);
/// ```
pub struct BuildCryptoServer {
/// The key pair (secret/public key) identifying the crypto server instance.
pub keypair: Option<Keypair>,
/// A list of network peers that should be registered when launching the server.
pub peers: Vec<PeerParams>,
}
impl Build<CryptoServer> for BuildCryptoServer {
type Error = anyhow::Error;
/// Creates a crypto server, adding all peers that have previously been registered.
///
/// You must provide a key pair at the time of instantiation.
/// If the list of peers is outdated, building the server will fail.
///
/// In this case, make sure to remove or re-add any peers that may have changed.
fn build(self) -> Result<CryptoServer, Self::Error> {
let Some(Keypair { sk, pk }) = self.keypair else {
return Err(MissingKeypair)?;
@@ -187,16 +64,8 @@ impl Build<CryptoServer> for BuildCryptoServer {
let mut srv = CryptoServer::new(sk, pk);
for (
idx,
PeerParams {
psk,
pk,
protocol_version,
},
) in self.peers.into_iter().enumerate()
{
let PeerPtr(idx2) = srv.add_peer(psk, pk, protocol_version.into())?;
for (idx, PeerParams { psk, pk }) in self.peers.into_iter().enumerate() {
let PeerPtr(idx2) = srv.add_peer(psk, pk)?;
assert!(idx == idx2, "Peer id changed during CryptoServer construction from {idx} to {idx2}. This is a developer error.")
}
@@ -205,34 +74,20 @@ impl Build<CryptoServer> for BuildCryptoServer {
}
#[derive(Debug)]
/// Cryptographic key(s) identifying the connected [peer][crate::protocol::Peer] ("client")
/// for a given session that is being managed by the crypto server.
///
/// Each peer must be identified by a [public key (SPk)][crate::protocol::SPk].
/// Optionally, a [symmetric key (SymKey)][crate::protocol::SymKey]
/// can be provided when setting up the connection.
/// For more information on the intended usage and security considerations, see [Peer::psk][crate::protocol::Peer::psk] and [Peer::spkt][crate::protocol::Peer::spkt].
pub struct PeerParams {
/// Pre-shared (symmetric) encryption keys that should be used with this peer.
pub psk: Option<SymKey>,
/// Public key identifying the peer.
pub pk: SPk,
/// The used protocol version.
pub protocol_version: ProtocolVersion,
}
impl BuildCryptoServer {
/// Creates a new builder instance using the given key pair and peer list.
pub fn new(keypair: Option<Keypair>, peers: Vec<PeerParams>) -> Self {
Self { keypair, peers }
}
/// Creates an "incomplete" builder instance, without assigning a key pair.
pub fn empty() -> Self {
Self::new(None, Vec::new())
}
/// Creates a builder instance from the given key pair and peer list components.
pub fn from_parts(parts: (Option<Keypair>, Vec<PeerParams>)) -> Self {
Self {
keypair: parts.0,
@@ -240,182 +95,32 @@ impl BuildCryptoServer {
}
}
/// Deconstructs the current builder instance, taking ownership of its key pair and peer list.
///
/// Replaces all parameters with their default values, which allows extracting them
/// while leaving the builder in a reusable state.
pub fn take_parts(&mut self) -> (Option<Keypair>, Vec<PeerParams>) {
(self.keypair.take(), self.peers.swap_with_default())
}
/// Deconstructs the builder instance, yielding the assigned key pair and peer list.
pub fn into_parts(mut self) -> (Option<Keypair>, Vec<PeerParams>) {
self.take_parts()
}
/// Creates a new builder instance, assigning the given keypair to it.
///
/// Note that only one key pair can be assigned (expect [KeypairAlreadySet] on failure).
///
/// # Examples
///
/// ## Adding key pairs to an existing builder
///
/// ```rust
/// // We have to define the security policy before using Secrets.
/// use rosenpass_secret_memory::secret_policy_use_only_malloc_secrets;
/// secret_policy_use_only_malloc_secrets();
///
/// use rosenpass_util::build::Build;
/// use rosenpass::protocol::{BuildCryptoServer, Keypair};
///
/// // Deferred initialization: Create builder first, add the key pair later
/// let mut builder = BuildCryptoServer::empty();
/// // Do something with the builder ...
///
/// // Quite some time may have passed (network/disk IO, runtime events, ...)
/// // Now we've got a key pair that should be added to the configuration
/// let keypair = Keypair::random();
/// builder.with_keypair(keypair.clone()).expect("build with key pair failed");
///
/// // New server instances can now make use of the assigned key pair
/// let server = builder.build().expect("build failed");
/// assert_eq!(server.sskm.secret(), keypair.sk.secret());
/// assert_eq!(server.spkm, keypair.pk);
/// ```
///
/// ## Basic error handling: Re-assigning key pairs
///
/// ```rust
/// // We have to define the security policy before using Secrets.
/// use rosenpass_secret_memory::secret_policy_use_only_malloc_secrets;
/// secret_policy_use_only_malloc_secrets();
///
/// use rosenpass_util::build::Build;
/// use rosenpass::protocol::{BuildCryptoServer, Keypair, KeypairAlreadySet};
///
/// // In this case, we'll create a functional builder from its various components
/// // These could be salvaged from another builder, or obtained from disk/network (etc.)
/// let keypair = Keypair::random();
/// let mut builder = BuildCryptoServer::from_parts((Some(keypair.clone()), Vec::new()));
///
/// // The builder has already been assigned a key pair, so this won't work
/// let err = builder.with_keypair(keypair).expect_err("should fail to reassign key pair");
/// assert!(matches!(err, KeypairAlreadySet));
/// ```
pub fn with_keypair(&mut self, keypair: Keypair) -> Result<&mut Self, KeypairAlreadySet> {
ensure_or(self.keypair.is_none(), KeypairAlreadySet)?;
self.keypair.insert(keypair).discard_result();
Ok(self)
}
/// Creates a new builder instance, adding a new entry to the list of registered peers.
///
/// # Example
///
/// Adding peers to an existing builder:
///
/// ```rust
/// use rosenpass::config::ProtocolVersion;
/// // We have to define the security policy before using Secrets.
/// use rosenpass_secret_memory::secret_policy_use_only_malloc_secrets;
/// secret_policy_use_only_malloc_secrets();
///
/// use rosenpass_util::build::Build;
/// use rosenpass::protocol::{BuildCryptoServer, Keypair, SymKey, SPk};
///
/// // Deferred initialization: Create builder first, add some peers later
/// let keypair_option = Some(Keypair::random());
/// let mut builder = BuildCryptoServer::new(keypair_option, Vec::new());
/// assert!(builder.peers.is_empty());
///
/// // Do something with the builder ...
///
/// // Quite some time may have passed (network/disk IO, runtime events, ...)
/// // Now we've found a peer that should be added to the configuration
/// let pre_shared_key = SymKey::random();
/// let public_key = SPk::random();
/// builder.with_added_peer(Some(pre_shared_key.clone()), public_key.clone(), ProtocolVersion::V02);
///
/// // New server instances will then start with the peer being registered already
/// let server = builder.build().expect("build failed");
/// assert_eq!(server.peers.len(), 1);
/// let peer = &server.peers[0];
/// let peer_psk = Some(peer.psk.clone()).expect("PSK is None");
/// assert_eq!(peer.spkt, public_key);
/// assert_eq!(peer_psk.secret(), pre_shared_key.secret());
/// ```
pub fn with_added_peer(
&mut self,
psk: Option<SymKey>,
pk: SPk,
protocol_version: ProtocolVersion,
) -> &mut Self {
pub fn with_added_peer(&mut self, psk: Option<SymKey>, pk: SPk) -> &mut Self {
// TODO: Check here already whether peer was already added
self.peers.push(PeerParams {
psk,
pk,
protocol_version,
});
self.peers.push(PeerParams { psk, pk });
self
}
/// Add a new entry to the list of registered peers, with or without a pre-shared key.
pub fn add_peer(
&mut self,
psk: Option<SymKey>,
pk: SPk,
protocol_version: ProtocolVersion,
) -> PeerPtr {
pub fn add_peer(&mut self, psk: Option<SymKey>, pk: SPk) -> PeerPtr {
let id = PeerPtr(self.peers.len());
self.with_added_peer(psk, pk, protocol_version);
self.with_added_peer(psk, pk);
id
}
/// Creates a new builder, taking ownership of another instance's key pair and peer list.
/// Allows duplicating the current set of launch parameters, which can then be used to
/// start multiple servers with the exact same configuration (or variants using it as a base).
///
/// # Example
///
/// Extracting the server configuration from a builder:
///
/// ```rust
/// // We have to define the security policy before using Secrets.
/// use rosenpass::config::ProtocolVersion;
/// use rosenpass::hash_domains::protocol;
/// use rosenpass_secret_memory::secret_policy_use_only_malloc_secrets;
/// secret_policy_use_only_malloc_secrets();
///
/// use rosenpass_util::build::Build;
/// use rosenpass::protocol::{BuildCryptoServer, Keypair, SymKey, SPk};
///
/// let keypair = Keypair::random();
/// let peer_pk = SPk::random();
/// let mut builder = BuildCryptoServer::new(Some(keypair.clone()), vec![]);
/// builder.add_peer(None, peer_pk, ProtocolVersion::V02);
///
/// // Extract configuration parameters from the decomissioned builder
/// let (keypair_option, peers) = builder.take_parts();
/// let extracted_keypair = keypair_option.unwrap();
/// assert_eq!(extracted_keypair.sk.secret(), keypair.sk.secret());
/// assert_eq!(extracted_keypair.pk, keypair.pk);
/// assert_eq!(peers.len(), 1);
///
/// // Now we can create a new builder with the same configuration
/// let parts = (Some(extracted_keypair), peers);
/// let mut reassembled_builder = BuildCryptoServer::from_parts(parts);
/// let new_builder = reassembled_builder.emancipate();
///
/// // Do something with the new builder ...
///
/// // ... and now, deconstruct this one as well - still using the same parts
/// let (keypair_option, peers) = new_builder.into_parts();
/// let extracted_keypair = keypair_option.unwrap();
/// assert_eq!(extracted_keypair.sk.secret(), keypair.sk.secret());
/// assert_eq!(extracted_keypair.pk, keypair.pk);
/// assert_eq!(peers.len(), 1);
/// ```
pub fn emancipate(&mut self) -> Self {
Self::from_parts(self.take_parts())
}

13
rosenpass/src/protocol/mod.rs
View File

@@ -25,24 +25,23 @@
//! ```
//! use std::ops::DerefMut;
//! use rosenpass_secret_memory::policy::*;
//! use rosenpass_cipher_traits::primitives::Kem;
//! use rosenpass_ciphers::StaticKem;
//! use rosenpass_cipher_traits::Kem;
//! use rosenpass_ciphers::kem::StaticKem;
//! use rosenpass::{
//! protocol::{SSk, SPk, MsgBuf, PeerPtr, CryptoServer, SymKey},
//! };
//! # fn main() -> anyhow::Result<()> {
//! // Set security policy for storing secrets
//!
//! use rosenpass::protocol::ProtocolVersion;
//! secret_policy_try_use_memfd_secrets();
//!
//! // initialize secret and public key for peer a ...
//! let (mut peer_a_sk, mut peer_a_pk) = (SSk::zero(), SPk::zero());
//! StaticKem.keygen(peer_a_sk.secret_mut(), peer_a_pk.deref_mut())?;
//! StaticKem::keygen(peer_a_sk.secret_mut(), peer_a_pk.deref_mut())?;
//!
//! // ... and for peer b
//! let (mut peer_b_sk, mut peer_b_pk) = (SSk::zero(), SPk::zero());
//! StaticKem.keygen(peer_b_sk.secret_mut(), peer_b_pk.deref_mut())?;
//! StaticKem::keygen(peer_b_sk.secret_mut(), peer_b_pk.deref_mut())?;
//!
//! // initialize server and a pre-shared key
//! let psk = SymKey::random();
@@ -50,8 +49,8 @@
//! let mut b = CryptoServer::new(peer_b_sk, peer_b_pk.clone());
//!
//! // introduce peers to each other
//! a.add_peer(Some(psk.clone()), peer_b_pk, ProtocolVersion::V03)?;
//! b.add_peer(Some(psk), peer_a_pk, ProtocolVersion::V03)?;
//! a.add_peer(Some(psk.clone()), peer_b_pk)?;
//! b.add_peer(Some(psk), peer_a_pk)?;
//!
//! // declare buffers for message exchange
//! let (mut a_buf, mut b_buf) = (MsgBuf::zero(), MsgBuf::zero());

643
rosenpass/src/protocol/protocol.rs
View File

File diff suppressed because it is too large Load Diff

17
rosenpass/tests/api-integration-tests-api-setup.rs
View File

@@ -14,8 +14,6 @@ use rosenpass::api::{
self, add_listen_socket_response_status, add_psk_broker_response_status,
supply_keypair_response_status,
};
use rosenpass::config::ProtocolVersion;
use rosenpass::protocol::SymKey;
use rosenpass_util::{
b64::B64Display,
file::LoadValueB64,
@@ -29,6 +27,8 @@ use std::os::fd::{AsFd, AsRawFd};
use tempfile::TempDir;
use zerocopy::AsBytes;
use rosenpass::protocol::SymKey;
struct KillChild(std::process::Child);
impl Drop for KillChild {
@@ -48,16 +48,7 @@ impl Drop for KillChild {
}
#[test]
fn api_integration_api_setup_v02() -> anyhow::Result<()> {
api_integration_api_setup(ProtocolVersion::V02)
}
#[test]
fn api_integration_api_setup_v03() -> anyhow::Result<()> {
api_integration_api_setup(ProtocolVersion::V03)
}
fn api_integration_api_setup(protocol_version: ProtocolVersion) -> anyhow::Result<()> {
fn api_integration_api_setup() -> anyhow::Result<()> {
rosenpass_secret_memory::policy::secret_policy_use_only_malloc_secrets();
let dir = TempDir::with_prefix("rosenpass-api-integration-test")?;
@@ -105,7 +96,6 @@ fn api_integration_api_setup(protocol_version: ProtocolVersion) -> anyhow::Resul
peer: format!("{}", peer_b_wg_peer_id.fmt_b64::<8129>()),
extra_params: vec![],
}),
protocol_version: protocol_version.clone(),
}],
};
@@ -126,7 +116,6 @@ fn api_integration_api_setup(protocol_version: ProtocolVersion) -> anyhow::Resul
endpoint: Some(peer_a_endpoint.to_owned()),
pre_shared_key: None,
wg: None,
protocol_version: protocol_version.clone(),
}],
};

26
rosenpass/tests/api-integration-tests.rs
View File

@@ -16,37 +16,19 @@ use rosenpass_util::{mem::DiscardResultExt, zerocopy::ZerocopySliceExt};
use tempfile::TempDir;
use zerocopy::AsBytes;
use rosenpass::config::ProtocolVersion;
use rosenpass::protocol::SymKey;
struct KillChild(std::process::Child);
impl Drop for KillChild {
fn drop(&mut self) {
use rustix::process::{kill_process, Pid, Signal::Term};
let pid = Pid::from_child(&self.0);
// We seriously need to start handling signals with signalfd, our current signal handling
// system is a bit broken; there is probably a few functions that just restart on EINTR
// so the signal is absorbed
loop {
kill_process(pid, Term).discard_result();
if self.0.try_wait().unwrap().is_some() {
break;
}
}
self.0.kill().discard_result();
self.0.wait().discard_result()
}
}
#[test]
fn api_integration_test_v02() -> anyhow::Result<()> {
api_integration_test(ProtocolVersion::V02)
}
fn api_integration_test_v03() -> anyhow::Result<()> {
api_integration_test(ProtocolVersion::V03)
}
fn api_integration_test(protocol_version: ProtocolVersion) -> anyhow::Result<()> {
fn api_integration_test() -> anyhow::Result<()> {
rosenpass_secret_memory::policy::secret_policy_use_only_malloc_secrets();
let dir = TempDir::with_prefix("rosenpass-api-integration-test")?;
@@ -82,7 +64,6 @@ fn api_integration_test(protocol_version: ProtocolVersion) -> anyhow::Result<()>
endpoint: None,
pre_shared_key: None,
wg: None,
protocol_version: protocol_version.clone(),
}],
};
@@ -103,7 +84,6 @@ fn api_integration_test(protocol_version: ProtocolVersion) -> anyhow::Result<()>
endpoint: Some(peer_a_endpoint.to_owned()),
pre_shared_key: None,
wg: None,
protocol_version: protocol_version.clone(),
}],
};

143
rosenpass/tests/app_server_example.rs
View File

@@ -1,143 +0,0 @@
use std::{
net::SocketAddr,
ops::DerefMut,
str::FromStr,
sync::mpsc,
thread::{self, sleep},
time::Duration,
};
use rosenpass::config::ProtocolVersion;
use rosenpass::{
app_server::{AppServer, AppServerTest, MAX_B64_KEY_SIZE},
protocol::{SPk, SSk, SymKey},
};
use rosenpass_cipher_traits::primitives::Kem;
use rosenpass_ciphers::StaticKem;
use rosenpass_util::{file::LoadValueB64, functional::run, mem::DiscardResultExt, result::OkExt};
#[test]
fn key_exchange_with_app_server_v02() -> anyhow::Result<()> {
key_exchange_with_app_server(ProtocolVersion::V02)
}
#[test]
fn key_exchange_with_app_server_v03() -> anyhow::Result<()> {
key_exchange_with_app_server(ProtocolVersion::V03)
}
fn key_exchange_with_app_server(protocol_version: ProtocolVersion) -> anyhow::Result<()> {
let tmpdir = tempfile::tempdir()?;
let outfile_a = tmpdir.path().join("osk_a");
let outfile_b = tmpdir.path().join("osk_b");
// Set security policy for storing secrets; choose the one that is faster for testing
rosenpass_secret_memory::policy::secret_policy_use_only_malloc_secrets();
// Introduce the servers to each other
let psk_a = SymKey::random();
let psk_b = psk_a.clone();
let (tx_a, rx_b) = mpsc::sync_channel(1);
let (tx_b, rx_a) = mpsc::sync_channel(1);
let (tx_term_a, rx_term_a) = mpsc::channel();
let (tx_term_b, rx_term_b) = mpsc::channel();
let configs = [
(false, outfile_a.clone(), psk_a, tx_a, rx_a, rx_term_a),
(true, outfile_b.clone(), psk_b, tx_b, rx_b, rx_term_b),
];
for (is_client, osk, psk, tx, rx, rx_term) in configs {
thread::spawn(move || {
run(move || -> anyhow::Result<()> {
let mut srv = TestServer::new(rx_term)?;
tx.send((srv.loopback_port()?, srv.public_key()?.clone()))?;
let (otr_port, otr_pk) = rx.recv()?;
let psk = Some(psk);
let broker_peer = None;
let pk = otr_pk;
let outfile = Some(osk);
let port = otr_port;
let hostname = is_client.then(|| format!("[::1]:{port}"));
srv.app_srv.add_peer(
psk,
pk,
outfile,
broker_peer,
hostname,
protocol_version.clone(),
)?;
srv.app_srv.event_loop()
})
.unwrap();
});
}
// Busy wait for both keys to be exchanged
let mut successful_exchange = false;
for _ in 0..2000 {
// 40s
sleep(Duration::from_millis(20));
run(|| -> anyhow::Result<()> {
let osk_a = SymKey::load_b64::<MAX_B64_KEY_SIZE, _>(&outfile_a)?;
let osk_b = SymKey::load_b64::<MAX_B64_KEY_SIZE, _>(&outfile_b)?;
successful_exchange = rosenpass_constant_time::memcmp(osk_a.secret(), osk_b.secret());
Ok(())
})
.discard_result();
if successful_exchange {
break;
}
}
// Tell the parties to terminate
tx_term_a.send(())?;
tx_term_b.send(())?;
assert!(
successful_exchange,
"Test did not complete successfully within the deadline"
);
Ok(())
}
struct TestServer {
app_srv: AppServer,
}
impl TestServer {
fn new(termination_queue: mpsc::Receiver<()>) -> anyhow::Result<Self> {
let (mut sk, mut pk) = (SSk::zero(), SPk::zero());
StaticKem.keygen(sk.secret_mut(), pk.deref_mut())?;
let keypair = Some((sk, pk));
let addrs = vec![
SocketAddr::from_str("[::1]:0")?, // Localhost, any port. For connecting to the test server.
// ipv4_any_binding(), // any IPv4 interface
// ipv6_any_binding(), // any IPv6 interface
];
let verbosity = rosenpass::config::Verbosity::Verbose;
let test_helpers = Some(AppServerTest {
enable_dos_permanently: false,
termination_handler: Some(termination_queue),
});
let app_srv = AppServer::new(keypair, addrs, verbosity, test_helpers)?;
Self { app_srv }.ok()
}
fn loopback_port(&self) -> anyhow::Result<u16> {
self.app_srv.sockets[0].local_addr()?.port().ok()
}
fn public_key(&self) -> anyhow::Result<&SPk> {
Ok(&self.app_srv.crypto_server()?.spkm)
}
}

10
rosenpass/tests/config_Rosenpass_add_if_any.rs
View File

@@ -1,10 +0,0 @@
use rosenpass::config::Rosenpass;
#[test]
fn config_Rosenpass_add_if_any_example() {
let mut v = Rosenpass::empty();
v.add_if_any(4000);
assert!(v.listen.iter().any(|a| format!("{a:?}") == "0.0.0.0:4000"));
assert!(v.listen.iter().any(|a| format!("{a:?}") == "[::]:4000"));
}

18
rosenpass/tests/config_Rosenpass_new.rs
View File

@@ -1,18 +0,0 @@
use rosenpass::config::{Keypair, Rosenpass};
#[test]
fn example_config_rosenpass_new() {
let (sk, pk) = ("./example.sk", "./example.pk");
assert_eq!(Rosenpass::empty(), Rosenpass::new(None));
assert_eq!(Rosenpass::empty(), Rosenpass::default());
assert_eq!(
Rosenpass::from_sk_pk(sk, pk),
Rosenpass::new(Some(Keypair::new(pk, sk)))
);
let mut v = Rosenpass::empty();
v.keypair = Some(Keypair::new(pk, sk));
assert_eq!(Rosenpass::from_sk_pk(sk, pk), v);
}

36
rosenpass/tests/config_Rosenpass_parse_args_simple.rs
View File

@@ -1,36 +0,0 @@
use std::{
net::{IpAddr, Ipv4Addr, SocketAddr},
path::PathBuf,
};
use rosenpass::config::{Keypair, Rosenpass, RosenpassPeer, Verbosity};
#[test]
fn parse_simple() {
let argv = "public-key /my/public-key secret-key /my/secret-key verbose \
listen 0.0.0.0:9999 peer public-key /peer/public-key endpoint \
peer.test:9999 outfile /peer/rp-out";
let argv = argv.split(' ').map(|s| s.to_string()).collect();
let config = Rosenpass::parse_args(argv).unwrap();
assert_eq!(
config.keypair,
Some(Keypair::new("/my/public-key", "/my/secret-key"))
);
assert_eq!(config.verbosity, Verbosity::Verbose);
assert_eq!(
&config.listen,
&vec![SocketAddr::new(IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)), 9999)]
);
assert_eq!(
config.peers,
vec![RosenpassPeer {
public_key: PathBuf::from("/peer/public-key"),
endpoint: Some("peer.test:9999".into()),
pre_shared_key: None,
key_out: Some(PathBuf::from("/peer/rp-out")),
..Default::default()
}]
);
}

42
rosenpass/tests/config_Rosenpass_store.rs
View File

@@ -1,42 +0,0 @@
use std::path::PathBuf;
use rosenpass::config::{Rosenpass, Verbosity};
#[test]
fn example_config_rosenpass_store() -> anyhow::Result<()> {
rosenpass_secret_memory::policy::secret_policy_use_only_malloc_secrets();
let tmpdir = tempfile::tempdir()?;
let sk = tmpdir.path().join("example.sk");
let pk = tmpdir.path().join("example.pk");
let cfg = tmpdir.path().join("config.toml");
let mut c = Rosenpass::from_sk_pk(&sk, &pk);
// Can not commit config, path not known
assert!(c.commit().is_err());
// We can store it to an explicit path though
c.store(&cfg)?;
// Storing does not set commitment path
assert!(c.commit().is_err());
// We can reload the config now and the configurations
// are equal if we adjust the commitment path
let mut c2 = Rosenpass::load(&cfg)?;
c.config_file_path = PathBuf::from(&cfg);
assert_eq!(c, c2);
// And this loaded config can now be committed
c2.verbosity = Verbosity::Verbose;
c2.commit()?;
// And the changes actually made it to disk
let c3 = Rosenpass::load(cfg)?;
assert_eq!(c2, c3);
assert_ne!(c, c3);
Ok(())
}

37
rosenpass/tests/config_Rosenpass_validate.rs
View File

@@ -1,37 +0,0 @@
use std::fs;
use rosenpass::{cli::generate_and_save_keypair, config::Rosenpass};
#[test]
fn example_config_rosenpass_validate() -> anyhow::Result<()> {
rosenpass_secret_memory::policy::secret_policy_use_only_malloc_secrets();
let tmpdir = tempfile::tempdir()?;
// Empty validates OK
assert!(Rosenpass::empty().validate().is_ok());
// Missing secret key does not pass usefulness
assert!(Rosenpass::empty().check_usefullness().is_err());
let sk = tmpdir.path().join("example.sk");
let pk = tmpdir.path().join("example.pk");
let cfg = Rosenpass::from_sk_pk(&sk, &pk);
// Missing secret key does not validate
assert!(cfg.validate().is_err());
// But passes usefulness (the configuration is useful but invalid)
assert!(cfg.check_usefullness().is_ok());
// Providing empty key files does not help
fs::write(&sk, b"")?;
fs::write(&pk, b"")?;
assert!(cfg.validate().is_err());
// But after providing proper key files, the configuration validates
generate_and_save_keypair(sk, pk)?;
assert!(cfg.validate().is_ok());
Ok(())
}

19
rosenpass/tests/gen-ipc-msg-types.rs
View File

@@ -1,19 +0,0 @@
use std::process::Command;
#[test]
fn test_gen_ipc_msg_types() -> anyhow::Result<()> {
let out = Command::new(env!("CARGO_BIN_EXE_rosenpass-gen-ipc-msg-types")).output()?;
assert!(out.status.success());
let stdout = String::from_utf8(out.stdout)?;
// Smoke tests only
assert!(stdout.contains("type RawMsgType = u128;"));
// For Blake2b:
assert!(stdout.contains("const SUPPLY_KEYPAIR_RESPONSE : RawMsgType = RawMsgType::from_le_bytes(hex!(\"f2dc 49bd e261 5f10 40b7 3c16 ec61 edb9\"));"));
// For SHAKE256:
assert!(stdout.contains("const SUPPLY_KEYPAIR_RESPONSE : RawMsgType = RawMsgType::from_le_bytes(hex!(\"ff80 3886 68a4 47ce 2ae6 0915 0972 682f\"))"));
// TODO: Also test SHAKE256 here
Ok(())
}

4
rosenpass/tests/integration_test.rs
View File

@@ -129,7 +129,7 @@ fn run_server_client_exchange(
});
// give them some time to do the key exchange under load
std::thread::sleep(Duration::from_secs(30));
std::thread::sleep(Duration::from_secs(10));
// time's up, kill the childs
server_terminate.send(()).unwrap();
@@ -251,7 +251,7 @@ fn check_exchange_under_normal() {
fs::remove_dir_all(&tmpdir).unwrap();
}
// check that we can trigger a DoS condition, and we can exchange keys under DoS
// check that we can trigger a DoS condition and we can exchange keys under DoS
// This test creates a responder (server) with the feature flag "integration_test_always_under_load" to always be under load condition for the test.
#[test]
#[serial]

7
rosenpass/tests/main-fn-generates-manpages.rs
View File

@@ -46,6 +46,7 @@ fn main_fn_generates_manpages() -> anyhow::Result<()> {
"rosenpass-exchange-config.1",
"rosenpass-gen-config.1",
"rosenpass-gen-keys.1",
"rosenpass-keygen.1",
"rosenpass-validate.1",
];
@@ -55,10 +56,7 @@ fn main_fn_generates_manpages() -> anyhow::Result<()> {
.map(|name| (name, dir.path().join(name)))
.map(|(name, path)| {
let res = std::process::Command::new("man").arg(path).output()?;
assert!(
res.status.success(),
"Error rendering manpage {name} using man"
);
assert!(res.status.success());
let body = res
.stdout
.apply(String::from_utf8)?
@@ -66,6 +64,7 @@ fn main_fn_generates_manpages() -> anyhow::Result<()> {
Ok((name, body))
})
.collect::<anyhow::Result<_>>()?;
for (name, body) in man_texts.iter() {
expect_sections(body, &["NAME", "SYNOPSIS", "OPTIONS"])?;

65
rosenpass/tests/poll_example.rs
View File

@@ -5,33 +5,24 @@ use std::{
ops::DerefMut,
};
use rosenpass_cipher_traits::primitives::Kem;
use rosenpass_ciphers::StaticKem;
use rosenpass_cipher_traits::Kem;
use rosenpass_ciphers::kem::StaticKem;
use rosenpass_util::result::OkExt;
use rosenpass::protocol::{
testutils::time_travel_forward, CryptoServer, HostIdentification, MsgBuf, PeerPtr, PollResult,
ProtocolVersion, SPk, SSk, SymKey, Timing, UNENDING,
SPk, SSk, SymKey, Timing, UNENDING,
};
// TODO: Most of the utility functions in here should probably be moved to
// rosenpass::protocol::testutils;
#[test]
fn test_successful_exchange_with_poll_v02() -> anyhow::Result<()> {
test_successful_exchange_with_poll(ProtocolVersion::V02)
}
#[test]
fn test_successful_exchange_with_poll_v03() -> anyhow::Result<()> {
test_successful_exchange_with_poll(ProtocolVersion::V03)
}
fn test_successful_exchange_with_poll(protocol_version: ProtocolVersion) -> anyhow::Result<()> {
fn test_successful_exchange_with_poll() -> anyhow::Result<()> {
// Set security policy for storing secrets; choose the one that is faster for testing
rosenpass_secret_memory::policy::secret_policy_use_only_malloc_secrets();
let mut sim = RosenpassSimulator::new(protocol_version)?;
let mut sim = RosenpassSimulator::new()?;
sim.poll_loop(150)?; // Poll 75 times
let transcript = sim.transcript;
@@ -51,9 +42,9 @@ fn test_successful_exchange_with_poll(protocol_version: ProtocolVersion) -> anyh
);
#[cfg(not(coverage))]
assert!(
_completions[0].0 < 60.0,
_completions[0].0 < 20.0,
"\
First key exchange should happen in under 60 seconds!\n\
First key exchange should happen in under twenty seconds!\n\
Transcript: {transcript:?}\n\
Completions: {_completions:?}\
"
@@ -88,23 +79,12 @@ fn test_successful_exchange_with_poll(protocol_version: ProtocolVersion) -> anyh
}
#[test]
fn test_successful_exchange_under_packet_loss_v02() -> anyhow::Result<()> {
test_successful_exchange_under_packet_loss(ProtocolVersion::V02)
}
#[test]
fn test_successful_exchange_under_packet_loss_v03() -> anyhow::Result<()> {
test_successful_exchange_under_packet_loss(ProtocolVersion::V03)
}
fn test_successful_exchange_under_packet_loss(
protocol_version: ProtocolVersion,
) -> anyhow::Result<()> {
fn test_successful_exchange_under_packet_loss() -> anyhow::Result<()> {
// Set security policy for storing secrets; choose the one that is faster for testing
rosenpass_secret_memory::policy::secret_policy_use_only_malloc_secrets();
// Create the simulator
let mut sim = RosenpassSimulator::new(protocol_version)?;
let mut sim = RosenpassSimulator::new()?;
// Make sure the servers are set to under load condition
sim.srv_a.under_load = true;
@@ -119,7 +99,7 @@ fn test_successful_exchange_under_packet_loss(
event: ServerEvent::Transmit(_, _),
} = ev
{
// Drop every tenth package
// Drop every fifth package
if pkg_counter % 10 == 0 {
source.drop_outgoing_packet(&mut sim);
}
@@ -145,9 +125,9 @@ fn test_successful_exchange_under_packet_loss(
);
#[cfg(not(coverage))]
assert!(
_completions[0].0 < 60.0,
_completions[0].0 < 10.0,
"\
First key exchange should happen in under 60 seconds!\n\
First key exchange should happen in under twenty seconds!\n\
Transcript: {transcript:?}\n\
Completions: {_completions:?}\
"
@@ -292,21 +272,21 @@ struct SimulatorServer {
impl RosenpassSimulator {
/// Set up the simulator
fn new(protocol_version: ProtocolVersion) -> anyhow::Result<Self> {
fn new() -> anyhow::Result<Self> {
// Set up the first server
let (mut peer_a_sk, mut peer_a_pk) = (SSk::zero(), SPk::zero());
StaticKem.keygen(peer_a_sk.secret_mut(), peer_a_pk.deref_mut())?;
StaticKem::keygen(peer_a_sk.secret_mut(), peer_a_pk.deref_mut())?;
let mut srv_a = CryptoServer::new(peer_a_sk, peer_a_pk.clone());
// …and the second server.
let (mut peer_b_sk, mut peer_b_pk) = (SSk::zero(), SPk::zero());
StaticKem.keygen(peer_b_sk.secret_mut(), peer_b_pk.deref_mut())?;
StaticKem::keygen(peer_b_sk.secret_mut(), peer_b_pk.deref_mut())?;
let mut srv_b = CryptoServer::new(peer_b_sk, peer_b_pk.clone());
// Generate a PSK and introduce the Peers to each other.
let psk = SymKey::random();
let peer_a = srv_a.add_peer(Some(psk.clone()), peer_b_pk, protocol_version.clone())?;
let peer_b = srv_b.add_peer(Some(psk), peer_a_pk, protocol_version.clone())?;
let peer_a = srv_a.add_peer(Some(psk.clone()), peer_b_pk)?;
let peer_b = srv_b.add_peer(Some(psk), peer_a_pk)?;
// Set up the individual server data structures
let srv_a = SimulatorServer::new(srv_a, peer_b);
@@ -334,8 +314,8 @@ impl RosenpassSimulator {
Ok(())
}
/// Every call to poll produces one [TranscriptEvent]
/// and implicitly adds it to [Self::transcript]
/// Every call to poll produces one [TranscriptEvent] and
/// and implicitly adds it to [Self:::transcript]
fn poll(&mut self) -> anyhow::Result<&TranscriptEvent> {
let ev = TranscriptEvent::begin_poll()
.try_fold_with(|| self.poll_focus.poll(self))?
@@ -510,11 +490,8 @@ impl ServerPtr {
// Let the crypto server handle the message now
let mut tx_buf = MsgBuf::zero();
let handle_msg_result = if self.get(sim).under_load {
self.srv_mut(sim).handle_msg_under_load(
rx_msg.borrow(),
tx_buf.borrow_mut(),
&self.other(),
)
self.srv_mut(sim)
.handle_msg_under_load(rx_msg.borrow(), tx_buf.borrow_mut(), &self)
} else {
self.srv_mut(sim)
.handle_msg(rx_msg.borrow(), tx_buf.borrow_mut())

8
rp/Cargo.toml
View File

@@ -14,7 +14,7 @@ anyhow = { workspace = true }
base64ct = { workspace = true }
serde = { workspace = true }
toml = { workspace = true }
x25519-dalek = { workspace = true, features = ["static_secrets"] }
x25519-dalek = { version = "2", features = ["static_secrets"] }
zeroize = { workspace = true }
rosenpass = { workspace = true }
@@ -26,8 +26,8 @@ rosenpass-wireguard-broker = { workspace = true }
tokio = { workspace = true }
futures = { workspace = true }
futures-util = { workspace = true }
futures = "0.3"
futures-util = "0.3"
[target.'cfg(any(target_os = "linux", target_os = "freebsd"))'.dependencies]
ctrlc-async = "3.2"
@@ -43,4 +43,4 @@ stacker = { workspace = true }
[features]
experiment_memfd_secret = []
experiment_libcrux = ["rosenpass-ciphers/experiment_libcrux_all"]
experiment_libcrux = ["rosenpass-ciphers/experiment_libcrux"]

8
rp/src/exchange.rs
View File

@@ -6,10 +6,10 @@ use std::pin::Pin;
use std::sync::Arc;
use std::{net::SocketAddr, path::PathBuf, process::Command};
use anyhow::Result;
#[cfg(any(target_os = "linux", target_os = "freebsd"))]
use crate::key::WG_B64_LEN;
use anyhow::Result;
use rosenpass::config::ProtocolVersion;
/// Used to define a peer for the rosenpass connection that consists of
/// a directory for storing public keys and optionally an IP address and port of the endpoint,
@@ -24,9 +24,6 @@ pub struct ExchangePeer {
pub persistent_keepalive: Option<u32>,
/// The IPs that are allowed for this peer.
pub allowed_ips: Option<String>,
/// The protocol version used by the peer.
#[serde(default)]
pub protocol_version: ProtocolVersion,
}
/// Options for the exchange operation of the `rp` binary.
@@ -359,7 +356,6 @@ pub async fn exchange(options: ExchangeOptions) -> Result<()> {
None,
broker_peer,
peer.endpoint.map(|x| x.to_string()),
peer.protocol_version,
)?;
// Configure routes, equivalent to `ip route replace <allowed_ips> dev <dev>` and set up

6
rp/src/key.rs
View File

@@ -10,8 +10,8 @@ use rosenpass_util::file::{LoadValueB64, StoreValue, StoreValueB64};
use zeroize::Zeroize;
use rosenpass::protocol::{SPk, SSk};
use rosenpass_cipher_traits::primitives::Kem;
use rosenpass_ciphers::StaticKem;
use rosenpass_cipher_traits::Kem;
use rosenpass_ciphers::kem::StaticKem;
use rosenpass_secret_memory::{file::StoreSecret as _, Public, Secret};
/// The length of wireguard keys as a length in base 64 encoding.
@@ -66,7 +66,7 @@ pub fn genkey(private_keys_dir: &Path) -> Result<()> {
if !pqsk_path.exists() && !pqpk_path.exists() {
let mut pqsk = SSk::random();
let mut pqpk = SPk::random();
StaticKem.keygen(pqsk.secret_mut(), pqpk.deref_mut())?;
StaticKem::keygen(pqsk.secret_mut(), pqpk.deref_mut())?;
pqpk.store(pqpk_path)?;
pqsk.store_secret(pqsk_path)?;
} else {

Some files were not shown because too many files have changed in this diff Show More