gitea-mirror/rosenpass
1
0
Fork 0
mirror of https://github.com/rosenpass/rosenpass.git synced 2025-12-12 15:49:22 -08:00
Code Issues Packages Projects Releases Wiki Activity

chore: Split basic types from protocol.rs into own file

Browse Source
This commit is contained in:
Karolin Varner
2025-06-01 18:59:49 +02:00
parent 53ddad30f1
commit 9656fa7025
16 changed files with 95 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
rosenpass/benches/handshake.rs
View File

@@ -1,7 +1,6 @@
use anyhow::Result;
use rosenpass::protocol::{
CryptoServer, HandleMsgResult, MsgBuf, PeerPtr, ProtocolVersion, SPk, SSk, SymKey,
};
use rosenpass::protocol::basic_types::{MsgBuf, SPk, SSk, SymKey};
use rosenpass::protocol::{CryptoServer, HandleMsgResult, PeerPtr, ProtocolVersion};
use std::ops::DerefMut;
use rosenpass_cipher_traits::primitives::Kem;

5
rosenpass/benches/trace_handshake.rs
View File

@@ -14,9 +14,8 @@ use rosenpass_ciphers::StaticKem;
use rosenpass_secret_memory::secret_policy_try_use_memfd_secrets;
use rosenpass_util::trace_bench::RpEventType;
use rosenpass::protocol::{
CryptoServer, HandleMsgResult, MsgBuf, PeerPtr, ProtocolVersion, SPk, SSk, SymKey,
};
use rosenpass::protocol::basic_types::{MsgBuf, SPk, SSk, SymKey};
use rosenpass::protocol::{CryptoServer, HandleMsgResult, PeerPtr, ProtocolVersion};
const ITERATIONS: usize = 100;

4
rosenpass/src/api/api_handler.rs
View File

@@ -158,10 +158,10 @@ where
);
// Actually read the secrets
let mut sk = crate::protocol::SSk::zero();
let mut sk = crate::protocol::basic_types::SSk::zero();
sk_io.read_exact_til_end(sk.secret_mut()).einvalid_req()?;
let mut pk = crate::protocol::SPk::zero();
let mut pk = crate::protocol::basic_types::SPk::zero();
pk_io.read_exact_til_end(pk.borrow_mut()).einvalid_req()?;
// Retrieve the construction site

3
rosenpass/src/app_server.rs
View File

@@ -47,7 +47,8 @@ use crate::protocol::BuildCryptoServer;
use crate::protocol::HostIdentification;
use crate::{
config::Verbosity,
protocol::{timing::Timing, CryptoServer, MsgBuf, PeerPtr, SPk, SSk, SymKey},
protocol::basic_types::{MsgBuf, SPk, SSk, SymKey},
protocol::{timing::Timing, CryptoServer, PeerPtr},
};
use rosenpass_util::attempt;
use rosenpass_util::b64::B64Display;

6
rosenpass/src/cli.rs
View File

@@ -17,7 +17,7 @@ use std::path::PathBuf;
use crate::app_server::AppServerTest;
use crate::app_server::{AppServer, BrokerPeer};
use crate::protocol::{SPk, SSk, SymKey};
use crate::protocol::basic_types::{SPk, SSk, SymKey};
use super::config;
@@ -607,8 +607,8 @@ impl CliArgs {
/// generate secret and public keys, store in files according to the paths passed as arguments
pub fn generate_and_save_keypair(secret_key: PathBuf, public_key: PathBuf) -> anyhow::Result<()> {
let mut ssk = crate::protocol::SSk::random();
let mut spk = crate::protocol::SPk::random();
let mut ssk = crate::protocol::basic_types::SSk::random();
let mut spk = crate::protocol::basic_types::SPk::random();
StaticKem.keygen(ssk.secret_mut(), spk.deref_mut())?;
ssk.store_secret(secret_key)?;
spk.store(public_key)

2
rosenpass/src/config.rs
View File

@@ -7,7 +7,7 @@
//! - TODO: support `~` in <https://github.com/rosenpass/rosenpass/issues/237>
//! - TODO: provide tooling to create config file from shell <https://github.com/rosenpass/rosenpass/issues/247>
use crate::protocol::{SPk, SSk};
use crate::protocol::basic_types::{SPk, SSk};
use rosenpass_util::file::LoadValue;
use std::{
collections::HashSet,

38
rosenpass/src/protocol/basic_types.rs Normal file
View File

@@ -0,0 +1,38 @@
//! Key types and other fundamental types used in the Rosenpass protocol
use rosenpass_cipher_traits::primitives::{Aead, Kem};
use rosenpass_ciphers::{EphemeralKem, StaticKem, XAead, KEY_LEN};
use rosenpass_secret_memory::{Public, PublicBox, Secret};
use crate::msgs::{BISCUIT_ID_LEN, MAX_MESSAGE_LEN, SESSION_ID_LEN};
/// Static public key
///
/// Using [PublicBox] instead of [Public] because Classic McEliece keys are very large.
pub type SPk = PublicBox<{ StaticKem::PK_LEN }>;
/// Static secret key
pub type SSk = Secret<{ StaticKem::SK_LEN }>;
/// Ephemeral public key
pub type EPk = Public<{ EphemeralKem::PK_LEN }>;
pub type ESk = Secret<{ EphemeralKem::SK_LEN }>;
/// Symmetric key
pub type SymKey = Secret<KEY_LEN>;
/// Symmetric hash
pub type SymHash = Public<KEY_LEN>;
/// Peer ID (derived from the public key, see the hash derivations in the [whitepaper](https://rosenpass.eu/whitepaper.pdf))
pub type PeerId = Public<KEY_LEN>;
/// Session ID
pub type SessionId = Public<SESSION_ID_LEN>;
/// Biscuit ID
pub type BiscuitId = Public<BISCUIT_ID_LEN>;
/// Nonce for use with random-nonce AEAD
pub type XAEADNonce = Public<{ XAead::NONCE_LEN }>;
/// Buffer capably of holding any Rosenpass protocol message
pub type MsgBuf = Public<MAX_MESSAGE_LEN>;
/// Server-local peer number; this is just the index in [super::CryptoServer::peers]
pub type PeerNo = usize;

32
rosenpass/src/protocol/build_crypto_server.rs
View File

@@ -1,4 +1,5 @@
use super::{CryptoServer, PeerPtr, SPk, SSk, SymKey};
use super::basic_types::{SPk, SSk, SymKey};
use super::{CryptoServer, PeerPtr};
use crate::config::ProtocolVersion;
use rosenpass_util::{
build::Build,
@@ -47,7 +48,8 @@ impl Keypair {
/// # Example
///
/// ```rust
/// use rosenpass::protocol::{Keypair, SSk, SPk};
/// use rosenpass::protocol::basic_types::{SSk, SPk};
/// use rosenpass::protocol::Keypair;
///
/// // We have to define the security policy before using Secrets.
/// use rosenpass_secret_memory::secret_policy_use_only_malloc_secrets;
@@ -66,12 +68,13 @@ impl Keypair {
/// Creates a new "empty" key pair. All bytes are initialized to zero.
///
/// See [SSk:zero()][crate::protocol::SSk::zero] and [SPk:zero()][crate::protocol::SPk::zero], respectively.
/// See [SSk:zero()][SSk::zero] and [SPk:zero()][SPk::zero], respectively.
///
/// # Example
///
/// ```rust
/// use rosenpass::protocol::{Keypair, SSk, SPk};
/// use rosenpass::protocol::basic_types::{SSk, SPk};
/// use rosenpass::protocol::Keypair;
///
/// // We have to define the security policy before using Secrets.
/// use rosenpass_secret_memory::secret_policy_use_only_malloc_secrets;
@@ -90,7 +93,7 @@ impl Keypair {
/// Creates a new (securely-)random key pair. The mechanism is described in [rosenpass_secret_memory::Secret].
///
/// See [SSk:random()][crate::protocol::SSk::random] and [SPk:random()][crate::protocol::SPk::random], respectively.
/// See [SSk:random()][SSk::random] and [SPk:random()][SPk::random], respectively.
pub fn random() -> Self {
Self::new(SSk::random(), SPk::random())
}
@@ -127,7 +130,7 @@ pub struct MissingKeypair;
///
/// There are multiple ways of creating a crypto server:
///
/// 1. Provide the key pair at initialization time (using [CryptoServer::new][crate::protocol::CryptoServer::new])
/// 1. Provide the key pair at initialization time (using [CryptoServer::new][CryptoServer::new])
/// 2. Provide the key pair at a later time (using [BuildCryptoServer::empty])
///
/// With BuildCryptoServer, you can gradually configure parameters as they become available.
@@ -145,7 +148,8 @@ pub struct MissingKeypair;
///
/// ```rust
/// use rosenpass_util::build::Build;
/// use rosenpass::protocol::{BuildCryptoServer, Keypair, PeerParams, SPk, SymKey};
/// use rosenpass::protocol::basic_types::{SPk, SymKey};
/// use rosenpass::protocol::{BuildCryptoServer, Keypair, PeerParams};
/// use rosenpass::config::ProtocolVersion;
///
/// // We have to define the security policy before using Secrets.
@@ -205,13 +209,13 @@ impl Build<CryptoServer> for BuildCryptoServer {
}
#[derive(Debug)]
/// Cryptographic key(s) identifying the connected [peer][crate::protocol::Peer] ("client")
/// Cryptographic key(s) identifying the connected [peer][super::Peer] ("client")
/// for a given session that is being managed by the crypto server.
///
/// Each peer must be identified by a [public key (SPk)][crate::protocol::SPk].
/// Optionally, a [symmetric key (SymKey)][crate::protocol::SymKey]
/// Each peer must be identified by a [public key (SPk)][SPk].
/// Optionally, a [symmetric key (SymKey)][SymKey]
/// can be provided when setting up the connection.
/// For more information on the intended usage and security considerations, see [Peer::psk][crate::protocol::Peer::psk] and [Peer::spkt][crate::protocol::Peer::spkt].
/// For more information on the intended usage and security considerations, see [Peer::psk][super::Peer::psk] and [Peer::spkt][super::Peer::spkt].
pub struct PeerParams {
/// Pre-shared (symmetric) encryption keys that should be used with this peer.
pub psk: Option<SymKey>,
@@ -322,7 +326,8 @@ impl BuildCryptoServer {
/// secret_policy_use_only_malloc_secrets();
///
/// use rosenpass_util::build::Build;
/// use rosenpass::protocol::{BuildCryptoServer, Keypair, SymKey, SPk};
/// use rosenpass::protocol::basic_types::{SymKey, SPk};
/// use rosenpass::protocol::{BuildCryptoServer, Keypair};
///
/// // Deferred initialization: Create builder first, add some peers later
/// let keypair_option = Some(Keypair::random());
@@ -388,7 +393,8 @@ impl BuildCryptoServer {
/// secret_policy_use_only_malloc_secrets();
///
/// use rosenpass_util::build::Build;
/// use rosenpass::protocol::{BuildCryptoServer, Keypair, SymKey, SPk};
/// use rosenpass::protocol::basic_types::{SymKey, SPk};
/// use rosenpass::protocol::{BuildCryptoServer, Keypair};
///
/// let keypair = Keypair::random();
/// let peer_pk = SPk::random();

6
rosenpass/src/protocol/mod.rs
View File

@@ -27,9 +27,8 @@
//! use rosenpass_secret_memory::policy::*;
//! use rosenpass_cipher_traits::primitives::Kem;
//! use rosenpass_ciphers::StaticKem;
//! use rosenpass::{
//! protocol::{SSk, SPk, MsgBuf, PeerPtr, CryptoServer, SymKey},
//! };
//! use rosenpass::protocol::basic_types::{SSk, SPk, MsgBuf, SymKey};
//! use rosenpass::protocol::{PeerPtr, CryptoServer};
//! # fn main() -> anyhow::Result<()> {
//! // Set security policy for storing secrets
//!
@@ -78,6 +77,7 @@
mod build_crypto_server;
pub use build_crypto_server::*;
pub mod basic_types;
pub mod constants;
pub mod timing;

54
rosenpass/src/protocol/protocol.rs
View File

@@ -24,7 +24,7 @@ use rosenpass_cipher_traits::primitives::{
use rosenpass_ciphers::hash_domain::{SecretHashDomain, SecretHashDomainNamespace};
use rosenpass_ciphers::{Aead, EphemeralKem, KeyedHash, StaticKem, XAead, KEY_LEN};
use rosenpass_constant_time as constant_time;
use rosenpass_secret_memory::{Public, PublicBox, Secret};
use rosenpass_secret_memory::{Public, Secret};
use rosenpass_to::{ops::copy_slice, To};
use rosenpass_util::{
cat,
@@ -35,6 +35,9 @@ use rosenpass_util::{
use crate::{hash_domains, msgs::*, RosenpassError};
use super::basic_types::{
BiscuitId, EPk, ESk, MsgBuf, PeerId, PeerNo, SPk, SSk, SessionId, SymKey, XAEADNonce,
};
use super::constants::{
BISCUIT_EPOCH, COOKIE_SECRET_EPOCH, COOKIE_SECRET_LEN, COOKIE_VALUE_LEN,
PEER_COOKIE_VALUE_EPOCH, REJECT_AFTER_TIME, REKEY_AFTER_TIME_INITIATOR,
@@ -47,38 +50,6 @@ use super::timing::{has_happened, Timing, BCE, UNENDING};
use rosenpass_util::trace_bench::Trace as _;
// DATA STRUCTURES & BASIC TRAITS & ACCESSORS ////
/// Static public key
///
/// Using [PublicBox] instead of [Public] because Classic McEliece keys are very large.
pub type SPk = PublicBox<{ StaticKem::PK_LEN }>;
/// Static secret key
pub type SSk = Secret<{ StaticKem::SK_LEN }>;
/// Ephemeral public key
pub type EPk = Public<{ EphemeralKem::PK_LEN }>;
pub type ESk = Secret<{ EphemeralKem::SK_LEN }>;
/// Symmetric key
pub type SymKey = Secret<KEY_LEN>;
/// Symmetric hash
pub type SymHash = Public<KEY_LEN>;
/// Peer ID (derived from the public key, see the hash derivations in the [whitepaper](https://rosenpass.eu/whitepaper.pdf))
pub type PeerId = Public<KEY_LEN>;
/// Session ID
pub type SessionId = Public<SESSION_ID_LEN>;
/// Biscuit ID
pub type BiscuitId = Public<BISCUIT_ID_LEN>;
/// Nonce for use with random-nonce AEAD
pub type XAEADNonce = Public<{ XAead::NONCE_LEN }>;
/// Buffer capably of holding any Rosenpass protocol message
pub type MsgBuf = Public<MAX_MESSAGE_LEN>;
/// Server-local peer number; this is just the index in [CryptoServer::peers]
pub type PeerNo = usize;
/// This is the implementation of our cryptographic protocol.
///
/// The scope of this is:
@@ -172,7 +143,7 @@ pub struct CryptoServer {
///
/// ```
/// use rosenpass_util::time::Timebase;
/// use rosenpass::protocol::{timing::BCE, SymKey, CookieStore};
/// use rosenpass::protocol::{timing::BCE, basic_types::SymKey, CookieStore};
///
/// rosenpass_secret_memory::secret_policy_try_use_memfd_secrets();
///
@@ -299,7 +270,8 @@ impl From<crate::config::ProtocolVersion> for ProtocolVersion {
///
/// ```
/// use std::ops::DerefMut;
/// use rosenpass::protocol::{SSk, SPk, SymKey, Peer, ProtocolVersion};
/// use rosenpass::protocol::basic_types::{SSk, SPk, SymKey};
/// use rosenpass::protocol::{Peer, ProtocolVersion};
/// use rosenpass_ciphers::StaticKem;
/// use rosenpass_cipher_traits::primitives::Kem;
///
@@ -387,7 +359,8 @@ impl Peer {
/// This is dirty but allows us to perform easy incremental construction of [Self].
///
/// ```
/// use rosenpass::protocol::{Peer, SymKey, SPk, ProtocolVersion};
/// use rosenpass::protocol::basic_types::{SymKey, SPk};
/// use rosenpass::protocol::{Peer, ProtocolVersion};
/// rosenpass_secret_memory::secret_policy_try_use_memfd_secrets();
/// let p = Peer::zero(ProtocolVersion::V03);
/// assert_eq!(p.psk.secret(), SymKey::zero().secret());
@@ -735,7 +708,8 @@ pub trait Mortal {
/// ```
/// use std::ops::DerefMut;
/// use rosenpass_ciphers::StaticKem;
/// use rosenpass::protocol::{SSk, SPk, testutils::ServerForTesting, ProtocolVersion};
/// use rosenpass::protocol::basic_types::{SSk, SPk};
/// use rosenpass::protocol::{testutils::ServerForTesting, ProtocolVersion};
///
/// rosenpass_secret_memory::secret_policy_try_use_memfd_secrets();
///
@@ -1275,7 +1249,8 @@ impl CryptoServer {
///
/// ```
/// use std::ops::DerefMut;
/// use rosenpass::protocol::{SSk, SPk, CryptoServer, ProtocolVersion};
/// use rosenpass::protocol::basic_types::{SSk, SPk};
/// use rosenpass::protocol::{CryptoServer, ProtocolVersion};
/// use rosenpass_ciphers::StaticKem;
/// use rosenpass_cipher_traits::primitives::Kem;
///
@@ -1339,7 +1314,8 @@ impl CryptoServer {
///
/// ```
/// use std::ops::DerefMut;
/// use rosenpass::protocol::{SSk, SPk, SymKey, CryptoServer, ProtocolVersion};
/// use rosenpass::protocol::basic_types::{SSk, SPk, SymKey};
/// use rosenpass::protocol::{CryptoServer, ProtocolVersion};
/// use rosenpass_ciphers::StaticKem;
/// use rosenpass_cipher_traits::primitives::Kem;
///

2
rosenpass/tests/api-integration-tests-api-setup.rs
View File

@@ -15,7 +15,7 @@ use rosenpass::api::{
supply_keypair_response_status,
};
use rosenpass::config::ProtocolVersion;
use rosenpass::protocol::SymKey;
use rosenpass::protocol::basic_types::SymKey;
use rosenpass_util::{
b64::B64Display,
file::LoadValueB64,

2
rosenpass/tests/api-integration-tests.rs
View File

@@ -17,7 +17,7 @@ use tempfile::TempDir;
use zerocopy::AsBytes;
use rosenpass::config::ProtocolVersion;
use rosenpass::protocol::SymKey;
use rosenpass::protocol::basic_types::SymKey;
struct KillChild(std::process::Child);

2
rosenpass/tests/app_server_example.rs
View File

@@ -10,7 +10,7 @@ use std::{
use rosenpass::config::ProtocolVersion;
use rosenpass::{
app_server::{AppServer, AppServerTest, MAX_B64_KEY_SIZE},
protocol::{SPk, SSk, SymKey},
protocol::basic_types::{SPk, SSk, SymKey},
};
use rosenpass_cipher_traits::primitives::Kem;
use rosenpass_ciphers::StaticKem;

4
rosenpass/tests/poll_example.rs
View File

@@ -10,10 +10,10 @@ use rosenpass_ciphers::StaticKem;
use rosenpass_util::result::OkExt;
use rosenpass::protocol::{
basic_types::{MsgBuf, SPk, SSk, SymKey},
testutils::time_travel_forward,
timing::{Timing, UNENDING},
CryptoServer, HostIdentification, MsgBuf, PeerPtr, PollResult, ProtocolVersion, SPk, SSk,
SymKey,
CryptoServer, HostIdentification, PeerPtr, PollResult, ProtocolVersion,
};
// TODO: Most of the utility functions in here should probably be moved to

2
rp/src/exchange.rs
View File

@@ -206,7 +206,7 @@ pub async fn exchange(options: ExchangeOptions) -> Result<()> {
use rosenpass::{
app_server::{AppServer, BrokerPeer},
config::Verbosity,
protocol::{SPk, SSk, SymKey},
protocol::basic_types::{SPk, SSk, SymKey},
};
use rosenpass_secret_memory::Secret;
use rosenpass_util::file::{LoadValue as _, LoadValueB64};

4
rp/src/key.rs
View File

@@ -9,7 +9,7 @@ use anyhow::{anyhow, Result};
use rosenpass_util::file::{LoadValueB64, StoreValue, StoreValueB64};
use zeroize::Zeroize;
use rosenpass::protocol::{SPk, SSk};
use rosenpass::protocol::basic_types::{SPk, SSk};
use rosenpass_cipher_traits::primitives::Kem;
use rosenpass_ciphers::StaticKem;
use rosenpass_secret_memory::{file::StoreSecret as _, Public, Secret};
@@ -118,7 +118,7 @@ pub fn pubkey(private_keys_dir: &Path, public_keys_dir: &Path) -> Result<()> {
mod tests {
use std::fs;
use rosenpass::protocol::{SPk, SSk};
use rosenpass::protocol::basic_types::{SPk, SSk};
use rosenpass_secret_memory::secret_policy_try_use_memfd_secrets;
use rosenpass_secret_memory::Secret;
use rosenpass_util::file::LoadValue;