gitea-mirror/rosenpass
1
0
Fork 0
mirror of https://github.com/rosenpass/rosenpass.git synced 2025-12-12 15:49:22 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix: Add a feature flag for the cookie reply mechanism

Browse Source 
This is a stopgap measure against #539
This commit is contained in:
Karolin Varner
2025-04-08 16:35:45 +02:00
parent e8fb7206fc
commit d558bdb633
2 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
rosenpass/Cargo.toml
View File

@@ -86,6 +86,7 @@ rustix = { workspace = true }
[features]
#default = ["experiment_libcrux_all"]
experiment_cookie_dos_mitigation = []
experiment_memfd_secret = ["rosenpass-wireguard-broker/experiment_memfd_secret"]
experiment_libcrux_all = ["rosenpass-ciphers/experiment_libcrux_all"]
experiment_libcrux_blake2 = ["rosenpass-ciphers/experiment_libcrux_blake2"]

18
rosenpass/src/protocol/protocol.rs
View File

@@ -2138,6 +2138,18 @@ impl CryptoServer {
///
/// - test::cookie_reply_mechanism_responder_under_load
/// - test::cookie_reply_mechanism_initiator_bails_on_message_under_load
#[cfg(not(feature = "experiment_cookie_dos_mitigation"))]
#[inline]
pub fn handle_msg_under_load<H: HostIdentification>(
&mut self,
rx_buf: &[u8],
tx_buf: &mut [u8],
host_identification: &H,
) -> Result<HandleMsgResult> {
self.handle_msg(rx_buf, tx_buf)
}
#[cfg(feature = "experiment_cookie_dos_mitigation")]
pub fn handle_msg_under_load<H: HostIdentification>(
&mut self,
rx_buf: &[u8],
@@ -4313,16 +4325,19 @@ mod test {
#[test]
#[serial]
#[cfg(feature = "experiment_cookie_dos_mitigation")]
fn cookie_reply_mechanism_responder_under_load_v02() {
cookie_reply_mechanism_initiator_bails_on_message_under_load(ProtocolVersion::V02)
}
#[test]
#[serial]
#[cfg(feature = "experiment_cookie_dos_mitigation")]
fn cookie_reply_mechanism_responder_under_load_v03() {
cookie_reply_mechanism_initiator_bails_on_message_under_load(ProtocolVersion::V03)
}
#[cfg(feature = "experiment_cookie_dos_mitigation")]
fn cookie_reply_mechanism_responder_under_load(protocol_version: ProtocolVersion) {
setup_logging();
rosenpass_secret_memory::secret_policy_try_use_memfd_secrets();
@@ -4420,16 +4435,19 @@ mod test {
#[test]
#[serial]
#[cfg(feature = "experiment_cookie_dos_mitigation")]
fn cookie_reply_mechanism_initiator_bails_on_message_under_load_v02() {
cookie_reply_mechanism_initiator_bails_on_message_under_load(ProtocolVersion::V02)
}
#[test]
#[serial]
#[cfg(feature = "experiment_cookie_dos_mitigation")]
fn cookie_reply_mechanism_initiator_bails_on_message_under_load_v03() {
cookie_reply_mechanism_initiator_bails_on_message_under_load(ProtocolVersion::V03)
}
#[cfg(feature = "experiment_cookie_dos_mitigation")]
fn cookie_reply_mechanism_initiator_bails_on_message_under_load(
protocol_version: ProtocolVersion,
) {