From ed5d7b4fa47a2284629833311d225cf886f74091 Mon Sep 17 00:00:00 2001 From: Karolin Varner Date: Sat, 27 Jan 2024 22:11:33 +0100 Subject: [PATCH] WIP support for the Hermit microkernel. A whole bunch of close-to-the-metal crates are yielding compiler errors upon compilation with --target x86_64-unknown-hermit. MIO is not. Using hermit might necessitate relying on threads for IO instead of using MIO. https://github.com/hermit-os/kernel/issues/1043 --- Cargo.lock | 385 ++++++++++++------------- Cargo.toml | 6 +- constant-time/Cargo.toml | 1 - constant-time/src/lib.rs | 5 +- rosenpass/Cargo.toml | 5 +- rosenpass/src/app_server.rs | 7 +- rosenpass/src/cli.rs | 49 +--- rosenpass/src/main.rs | 3 + rust-toolchain.toml | 2 + secret-memory/Cargo.toml | 1 - secret-memory/src/alloc/memsec.rs | 32 +- util/Cargo.toml | 1 - util/src/fd.rs | 12 - wireguard-broker/Cargo.toml | 1 - wireguard-broker/src/api/mio_client.rs | 8 +- wireguard-broker/src/lib.rs | 1 - wireguard-broker/src/netlink.rs | 103 ------- 17 files changed, 217 insertions(+), 405 deletions(-) create mode 100644 rust-toolchain.toml delete mode 100644 wireguard-broker/src/netlink.rs diff --git a/Cargo.lock b/Cargo.lock index b60e2a7..aa985a9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -245,12 +245,6 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" -[[package]] -name = "bytes" -version = "1.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223" - [[package]] name = "cast" version = "0.3.0" @@ -431,16 +425,6 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7" -[[package]] -name = "command-fds" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f190f3c954f7bca3c6296d0ec561c739bdbe6c7e990294ed168d415f6e1b5b01" -dependencies = [ - "nix", - "thiserror", -] - [[package]] name = "cpufeatures" version = "0.2.12" @@ -450,6 +434,15 @@ dependencies = [ "libc", ] +[[package]] +name = "crc32fast" +version = "1.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d" +dependencies = [ + "cfg-if", +] + [[package]] name = "criterion" version = "0.4.0" @@ -664,12 +657,43 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "filetime" +version = "0.2.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ee447700ac8aa0b2f2bd7bc4462ad686ba06baa6727ac149a2d6277f0d240fd" +dependencies = [ + "cfg-if", + "libc", + "redox_syscall", + "windows-sys 0.52.0", +] + +[[package]] +name = "flate2" +version = "1.0.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e" +dependencies = [ + "crc32fast", + "miniz_oxide", +] + [[package]] name = "fnv" version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" +[[package]] +name = "form_urlencoded" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456" +dependencies = [ + "percent-encoding", +] + [[package]] name = "generic-array" version = "0.14.7" @@ -749,6 +773,17 @@ version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" +[[package]] +name = "hermit" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0f54046de71e77899abc5fee9a9ada4b6299e0829cf26cf47cdfe2163be3d33a" +dependencies = [ + "flate2", + "tar", + "ureq", +] + [[package]] name = "hermit-abi" version = "0.1.19" @@ -785,6 +820,16 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" +[[package]] +name = "idna" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "634d9b1461af396cad843f47fdba5597a4f9e6ddd4bfb6ff5d85028c25cb12f6" +dependencies = [ + "unicode-bidi", + "unicode-normalization", +] + [[package]] name = "indexmap" version = "1.9.3" @@ -934,17 +979,6 @@ dependencies = [ "autocfg", ] -[[package]] -name = "memsec" -version = "0.6.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fa0916b001582d253822171bd23f4a0229d32b9507fae236f5da8cad515ba7c" -dependencies = [ - "getrandom", - "libc", - "windows-sys 0.45.0", -] - [[package]] name = "minimal-lexical" version = "0.2.1" @@ -997,17 +1031,6 @@ dependencies = [ "syn 1.0.109", ] -[[package]] -name = "nix" -version = "0.27.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053" -dependencies = [ - "bitflags 2.4.1", - "cfg-if", - "libc", -] - [[package]] name = "nom" version = "7.1.3" @@ -1027,16 +1050,6 @@ dependencies = [ "autocfg", ] -[[package]] -name = "num_cpus" -version = "1.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" -dependencies = [ - "hermit-abi 0.3.3", - "libc", -] - [[package]] name = "object" version = "0.32.1" @@ -1082,29 +1095,6 @@ version = "6.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2355d85b9a3786f481747ced0e0ff2ba35213a1f9bd406ed906554d7af805a1" -[[package]] -name = "parking_lot" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" -dependencies = [ - "lock_api", - "parking_lot_core", -] - -[[package]] -name = "parking_lot_core" -version = "0.9.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e" -dependencies = [ - "cfg-if", - "libc", - "redox_syscall", - "smallvec", - "windows-targets 0.48.5", -] - [[package]] name = "paste" version = "1.0.14" @@ -1118,10 +1108,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099" [[package]] -name = "pin-project-lite" -version = "0.2.13" +name = "percent-encoding" +version = "2.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58" +checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" [[package]] name = "plotters" @@ -1293,15 +1283,29 @@ version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" +[[package]] +name = "ring" +version = "0.17.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74" +dependencies = [ + "cc", + "getrandom", + "libc", + "spin", + "untrusted", + "windows-sys 0.48.0", +] + [[package]] name = "rosenpass" version = "0.2.1" dependencies = [ "anyhow", "clap 4.4.10", - "command-fds", "criterion", "env_logger", + "hermit", "log", "memoffset", "mio", @@ -1315,7 +1319,6 @@ dependencies = [ "rosenpass-to", "rosenpass-util", "rosenpass-wireguard-broker", - "rustix", "serde", "stacker", "static_assertions", @@ -1348,7 +1351,6 @@ dependencies = [ name = "rosenpass-constant-time" version = "0.1.0" dependencies = [ - "memsec", "rosenpass-to", ] @@ -1392,7 +1394,6 @@ dependencies = [ "allocator-api2-tests", "anyhow", "log", - "memsec", "rand", "rosenpass-to", "rosenpass-util", @@ -1412,7 +1413,6 @@ version = "0.1.0" dependencies = [ "anyhow", "base64", - "rustix", "static_assertions", "typenum", ] @@ -1431,7 +1431,6 @@ dependencies = [ "rosenpass-to", "rosenpass-util", "thiserror", - "tokio", "wireguard-uapi", ] @@ -1469,6 +1468,28 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "rustls" +version = "0.21.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" +dependencies = [ + "log", + "ring", + "rustls-webpki", + "sct", +] + +[[package]] +name = "rustls-webpki" +version = "0.101.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" +dependencies = [ + "ring", + "untrusted", +] + [[package]] name = "ryu" version = "1.0.15" @@ -1490,6 +1511,16 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" +[[package]] +name = "sct" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" +dependencies = [ + "ring", + "untrusted", +] + [[package]] name = "semver" version = "1.0.21" @@ -1542,31 +1573,6 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a7cee0529a6d40f580e7a5e6c495c8fbfe21b7b52795ed4bb5e62cdf92bc6380" -[[package]] -name = "signal-hook-registry" -version = "1.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8229b473baa5980ac72ef434c4415e70c4b5e71b423043adb4ba059f89c99a1" -dependencies = [ - "libc", -] - -[[package]] -name = "smallvec" -version = "1.11.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4dccd0940a2dcdf68d092b8cbab7dc0ad8fa938bf95787e1b916b0e3d0e8e970" - -[[package]] -name = "socket2" -version = "0.5.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b5fac59a5cb5dd637972e5fca70daf0523c9067fcdc4842f053dae04a18f8e9" -dependencies = [ - "libc", - "windows-sys 0.48.0", -] - [[package]] name = "spin" version = "0.9.8" @@ -1635,6 +1641,17 @@ dependencies = [ "unicode-ident", ] +[[package]] +name = "tar" +version = "0.4.40" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b16afcea1f22891c49a00c751c7b63b2233284064f11a200fc624137c51e2ddb" +dependencies = [ + "filetime", + "libc", + "xattr", +] + [[package]] name = "termcolor" version = "1.4.0" @@ -1687,34 +1704,19 @@ dependencies = [ ] [[package]] -name = "tokio" -version = "1.34.0" +name = "tinyvec" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0c014766411e834f7af5b8f4cf46257aab4036ca95e9d2c144a10f59ad6f5b9" +checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50" dependencies = [ - "backtrace", - "bytes", - "libc", - "mio", - "num_cpus", - "parking_lot", - "pin-project-lite", - "signal-hook-registry", - "socket2", - "tokio-macros", - "windows-sys 0.48.0", + "tinyvec_macros", ] [[package]] -name = "tokio-macros" -version = "2.2.0" +name = "tinyvec_macros" +version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.39", -] +checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "toml" @@ -1756,12 +1758,27 @@ version = "1.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" +[[package]] +name = "unicode-bidi" +version = "0.3.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08f95100a766bf4f8f28f90d77e0a5461bbdb219042e7679bebe79004fed8d75" + [[package]] name = "unicode-ident" version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +[[package]] +name = "unicode-normalization" +version = "0.1.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921" +dependencies = [ + "tinyvec", +] + [[package]] name = "universal-hash" version = "0.5.1" @@ -1772,6 +1789,39 @@ dependencies = [ "subtle", ] +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + +[[package]] +name = "ureq" +version = "2.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8cdd25c339e200129fe4de81451814e5228c9b771d57378817d6117cc2b3f97" +dependencies = [ + "base64", + "flate2", + "log", + "once_cell", + "rustls", + "rustls-webpki", + "url", + "webpki-roots", +] + +[[package]] +name = "url" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "31e6302e3bb753d46e83516cae55ae196fc0c309407cf11ab35cc51a4c2a4633" +dependencies = [ + "form_urlencoded", + "idna", + "percent-encoding", +] + [[package]] name = "utf8parse" version = "0.2.1" @@ -1864,6 +1914,12 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "webpki-roots" +version = "0.25.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1778a42e8b3b90bff8d0f5032bf22250792889a5cdc752aa0020c84abe3aaf10" + [[package]] name = "which" version = "4.4.2" @@ -1907,15 +1963,6 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" -[[package]] -name = "windows-sys" -version = "0.45.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0" -dependencies = [ - "windows-targets 0.42.2", -] - [[package]] name = "windows-sys" version = "0.48.0" @@ -1934,21 +1981,6 @@ dependencies = [ "windows-targets 0.52.0", ] -[[package]] -name = "windows-targets" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071" -dependencies = [ - "windows_aarch64_gnullvm 0.42.2", - "windows_aarch64_msvc 0.42.2", - "windows_i686_gnu 0.42.2", - "windows_i686_msvc 0.42.2", - "windows_x86_64_gnu 0.42.2", - "windows_x86_64_gnullvm 0.42.2", - "windows_x86_64_msvc 0.42.2", -] - [[package]] name = "windows-targets" version = "0.48.5" @@ -1979,12 +2011,6 @@ dependencies = [ "windows_x86_64_msvc 0.52.0", ] -[[package]] -name = "windows_aarch64_gnullvm" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8" - [[package]] name = "windows_aarch64_gnullvm" version = "0.48.5" @@ -1997,12 +2023,6 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea" -[[package]] -name = "windows_aarch64_msvc" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43" - [[package]] name = "windows_aarch64_msvc" version = "0.48.5" @@ -2015,12 +2035,6 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef" -[[package]] -name = "windows_i686_gnu" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f" - [[package]] name = "windows_i686_gnu" version = "0.48.5" @@ -2033,12 +2047,6 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313" -[[package]] -name = "windows_i686_msvc" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060" - [[package]] name = "windows_i686_msvc" version = "0.48.5" @@ -2051,12 +2059,6 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a" -[[package]] -name = "windows_x86_64_gnu" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36" - [[package]] name = "windows_x86_64_gnu" version = "0.48.5" @@ -2069,12 +2071,6 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd" -[[package]] -name = "windows_x86_64_gnullvm" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3" - [[package]] name = "windows_x86_64_gnullvm" version = "0.48.5" @@ -2087,12 +2083,6 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e" -[[package]] -name = "windows_x86_64_msvc" -version = "0.42.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0" - [[package]] name = "windows_x86_64_msvc" version = "0.48.5" @@ -2126,6 +2116,15 @@ dependencies = [ "thiserror", ] +[[package]] +name = "xattr" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fbc6ab6ec1907d1a901cdbcd2bd4cb9e7d64ce5c9739cbb97d3c391acd8c7fae" +dependencies = [ + "libc", +] + [[package]] name = "zeroize" version = "1.7.0" diff --git a/Cargo.toml b/Cargo.toml index f668c11..0c26430 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -50,19 +50,15 @@ toml = "0.7.8" static_assertions = "1.1.0" allocator-api2 = "0.2.14" allocator-api2-tests = "0.2.14" -memsec = "0.6.3" rand = "0.8.5" wireguard-uapi = "3.0.0" -command-fds = "0.2.3" -rustix = { version = "0.38.27", features = ["net"] } -tokio = { version = "1.34.0", features = ["sync", "full", "mio"] } typenum = "1.17.0" log = { version = "0.4.20" } clap = { version = "4.4.10", features = ["derive"] } serde = { version = "1.0.193", features = ["derive"] } arbitrary = { version = "1.3.2", features = ["derive"] } anyhow = { version = "1.0.75", features = ["backtrace", "std"] } -mio = { version = "0.8.9", features = ["net", "os-poll"] } +mio = { version = "0.8.9", features = ["net"] } oqs-sys = { version = "0.8", default-features = false, features = ['classic_mceliece', 'kyber'] } blake2 = "0.10.6" chacha20poly1305 = { version = "0.10.1", default-features = false, features = [ "std", "heapless" ] } diff --git a/constant-time/Cargo.toml b/constant-time/Cargo.toml index 497f0f4..46de621 100644 --- a/constant-time/Cargo.toml +++ b/constant-time/Cargo.toml @@ -13,4 +13,3 @@ readme = "readme.md" [dependencies] rosenpass-to = { workspace = true } -memsec = { workspace = true } diff --git a/constant-time/src/lib.rs b/constant-time/src/lib.rs index b5ea516..77b48c5 100644 --- a/constant-time/src/lib.rs +++ b/constant-time/src/lib.rs @@ -29,14 +29,13 @@ pub fn xor(src: &[u8]) -> impl To<[u8], ()> + '_ { #[inline] pub fn memcmp(a: &[u8], b: &[u8]) -> bool { - a.len() == b.len() - && unsafe { memsec::memeq(a.as_ptr() as *const u8, b.as_ptr() as *const u8, a.len()) } + a == b } #[inline] pub fn compare(a: &[u8], b: &[u8]) -> i32 { assert!(a.len() == b.len()); - unsafe { memsec::memcmp(a.as_ptr(), b.as_ptr(), a.len()) } + a.cmp(b) as i32 } /// Interpret the given slice as a little-endian unsigned integer diff --git a/rosenpass/Cargo.toml b/rosenpass/Cargo.toml index ca20279..2856999 100644 --- a/rosenpass/Cargo.toml +++ b/rosenpass/Cargo.toml @@ -34,8 +34,9 @@ toml = { workspace = true } clap = { workspace = true } mio = { workspace = true } rand = { workspace = true } -command-fds = { workspace = true } -rustix = { workspace = true } + +[target.'cfg(target_os = "hermit")'.dependencies] +hermit = { version = "0.8", features = ["pci", "pci-ids", "acpi", "fsgsbase", "tcp", "rtl8139"]} [build-dependencies] anyhow = { workspace = true } diff --git a/rosenpass/src/app_server.rs b/rosenpass/src/app_server.rs index 44c377f..701bada 100644 --- a/rosenpass/src/app_server.rs +++ b/rosenpass/src/app_server.rs @@ -1,7 +1,6 @@ use std::cell::{Cell, RefCell}; use std::io::{ErrorKind, Write}; -use std::net::{Ipv4Addr, Ipv6Addr, SocketAddr, SocketAddrV4, SocketAddrV6, ToSocketAddrs}; -use std::os::unix::net::UnixStream; +use std::net::{Ipv4Addr, Ipv6Addr, SocketAddr, SocketAddrV4, SocketAddrV6, ToSocketAddrs, TcpStream}; use std::path::PathBuf; use std::slice; use std::time::Duration; @@ -353,7 +352,7 @@ impl AppServer { sk: SSk, pk: SPk, addrs: Vec, - psk_broker_socket: UnixStream, + psk_broker_socket: TcpStream, verbosity: Verbosity, ) -> anyhow::Result { // setup mio @@ -363,7 +362,7 @@ impl AppServer { // Create the Wireguard broker connection let psk_broker = { - let mut sock = mio::net::UnixStream::from_std(psk_broker_socket); + let mut sock = mio::net::TcpStream::from_std(psk_broker_socket); mio_poll.registry().register( &mut sock, dispenser.get_token(), diff --git a/rosenpass/src/cli.rs b/rosenpass/src/cli.rs index aa75003..06633d1 100644 --- a/rosenpass/src/cli.rs +++ b/rosenpass/src/cli.rs @@ -1,15 +1,9 @@ use std::io::{BufReader, Read}; -use std::os::unix::net::UnixStream; +use std::net::TcpStream; use std::path::PathBuf; -use std::process::Command; -use std::thread; use anyhow::{bail, ensure, Context}; use clap::Parser; -use command_fds::{CommandFdExt, FdMapping}; -use log::{error, info}; -use rustix::fd::AsRawFd; -use rustix::net::{socketpair, AddressFamily, SocketFlags, SocketType}; use rosenpass_cipher_traits::Kem; use rosenpass_ciphers::kem::StaticKem; @@ -272,46 +266,7 @@ impl Cli { let pk = SPk::load(&config.public_key)?; // Spawn the psk broker and use socketpair(2) to connect with them - let psk_broker_socket = { - let (ours, theirs) = socketpair( - AddressFamily::UNIX, - SocketType::STREAM, - SocketFlags::empty(), - None, - )?; - - // Setup our end of the socketpair - let ours = UnixStream::from(ours); - ours.set_nonblocking(true)?; - - // Start the PSK broker - let mut child = Command::new("rosenpass-wireguard-broker-socket-handler") - .args(["--stream-fd", "3"]) - .fd_mappings(vec![FdMapping { - parent_fd: theirs.as_raw_fd(), - child_fd: 3, - }])? - .spawn()?; - - // Handle the PSK broker crashing - thread::spawn(move || { - let status = child.wait(); - - if let Ok(status) = status { - if status.success() { - // Maybe they are doing double forking? - info!("PSK broker exited."); - } else { - error!("PSK broker exited with an error ({status:?})"); - } - } else { - error!("Wait on PSK broker process failed ({status:?})"); - } - }); - - ours - }; - + let psk_broker_socket = TcpStream::connect("127.0.0.1:8001")?; // start an application server let mut srv = std::boxed::Box::::new(AppServer::new( sk, diff --git a/rosenpass/src/main.rs b/rosenpass/src/main.rs index c5cd7e1..2a6642c 100644 --- a/rosenpass/src/main.rs +++ b/rosenpass/src/main.rs @@ -2,6 +2,9 @@ use log::error; use rosenpass::cli::Cli; use std::process::exit; +#[cfg(target_os = "hermit")] +use hermit as _; + /// Catches errors, prints them through the logger, then exits pub fn main() { // default to displaying warning and error log messages only diff --git a/rust-toolchain.toml b/rust-toolchain.toml new file mode 100644 index 0000000..27ae62c --- /dev/null +++ b/rust-toolchain.toml @@ -0,0 +1,2 @@ +[toolchain] +channel = "1.74.1" diff --git a/secret-memory/Cargo.toml b/secret-memory/Cargo.toml index a89f9d1..e4c3004 100644 --- a/secret-memory/Cargo.toml +++ b/secret-memory/Cargo.toml @@ -15,7 +15,6 @@ rosenpass-to = { workspace = true } rosenpass-util = { workspace = true } zeroize = { workspace = true } rand = { workspace = true } -memsec = { workspace = true } allocator-api2 = { workspace = true } log = { workspace = true } diff --git a/secret-memory/src/alloc/memsec.rs b/secret-memory/src/alloc/memsec.rs index eec4897..f0005c1 100644 --- a/secret-memory/src/alloc/memsec.rs +++ b/secret-memory/src/alloc/memsec.rs @@ -1,7 +1,7 @@ use std::fmt; use std::ptr::NonNull; -use allocator_api2::alloc::{AllocError, Allocator, Layout}; +use allocator_api2::alloc::{AllocError, Allocator, Layout, Global}; #[derive(Copy, Clone, Default)] struct MemsecAllocatorContents; @@ -9,7 +9,7 @@ struct MemsecAllocatorContents; /// Memory allocation using using the memsec crate #[derive(Copy, Clone, Default)] pub struct MemsecAllocator { - _dummy_private_data: MemsecAllocatorContents, + global: Global } /// A box backed by the memsec allocator @@ -29,40 +29,18 @@ pub fn memsec_vec() -> MemsecVec { impl MemsecAllocator { pub fn new() -> Self { Self { - _dummy_private_data: MemsecAllocatorContents, + global: Global } } } unsafe impl Allocator for MemsecAllocator { fn allocate(&self, layout: Layout) -> Result, AllocError> { - // Call memsec allocator - let mem: Option> = unsafe { memsec::malloc_sized(layout.size()) }; - - // Unwrap the option - let Some(mem) = mem else { - log::error!("Allocation {layout:?} was requested but memsec returned a null pointer"); - return Err(AllocError); - }; - - // Ensure the right alignment is used - let off = (mem.as_ptr() as *const u8).align_offset(layout.align()); - if off != 0 { - log::error!("Allocation {layout:?} was requested but memsec returned allocation \ - with offset {off} from the requested alignment. Memsec always allocates values \ - at the end of a memory page for security reasons, custom alignments are not supported. \ - You could try allocating an oversized value."); - unsafe { memsec::free(mem) }; - return Err(AllocError); - }; - - Ok(mem) + self.global.allocate(layout) } unsafe fn deallocate(&self, ptr: NonNull, _layout: Layout) { - unsafe { - memsec::free(ptr); - } + unsafe { self.global.deallocate(ptr, _layout) } } } diff --git a/util/Cargo.toml b/util/Cargo.toml index b05919f..a75e76c 100644 --- a/util/Cargo.toml +++ b/util/Cargo.toml @@ -14,6 +14,5 @@ readme = "readme.md" [dependencies] base64 = { workspace = true } anyhow = { workspace = true } -rustix = { workspace = true } typenum = { workspace = true } static_assertions = { workspace = true } diff --git a/util/src/fd.rs b/util/src/fd.rs index cf5eaf9..e69de29 100644 --- a/util/src/fd.rs +++ b/util/src/fd.rs @@ -1,12 +0,0 @@ -use std::os::fd::{OwnedFd, RawFd}; - -/// Clone some file descriptor -/// -/// If the file descriptor is invalid, an error will be raised. -pub fn claim_fd(fd: RawFd) -> anyhow::Result { - use rustix::{fd::BorrowedFd, io::dup}; - - // This is safe since [dup] will simply raise - let fd = unsafe { dup(BorrowedFd::borrow_raw(fd))? }; - Ok(fd) -} diff --git a/wireguard-broker/Cargo.toml b/wireguard-broker/Cargo.toml index a91046a..247d32c 100644 --- a/wireguard-broker/Cargo.toml +++ b/wireguard-broker/Cargo.toml @@ -19,7 +19,6 @@ wireguard-uapi = { workspace = true } # Socket handler only rosenpass-to = { workspace = true } -tokio = { workspace = true } anyhow = { workspace = true } clap = { workspace = true } env_logger = { workspace = true } diff --git a/wireguard-broker/src/api/mio_client.rs b/wireguard-broker/src/api/mio_client.rs index 1e1be6c..474b200 100644 --- a/wireguard-broker/src/api/mio_client.rs +++ b/wireguard-broker/src/api/mio_client.rs @@ -17,7 +17,7 @@ pub struct MioBrokerClient { #[derive(Debug)] struct MioBrokerClientIo { - socket: mio::net::UnixStream, + socket: mio::net::TcpStream, send_buf: VecDeque, receiving_size: bool, recv_buf: Vec, @@ -25,7 +25,7 @@ struct MioBrokerClientIo { } impl MioBrokerClient { - pub fn new(socket: mio::net::UnixStream) -> Self { + pub fn new(socket: mio::net::TcpStream) -> Self { let io = MioBrokerClientIo { socket, send_buf: VecDeque::new(), @@ -155,7 +155,7 @@ impl MioBrokerClientIo { } } -fn raw_send(mut socket: &mio::net::UnixStream, data: &[u8]) -> anyhow::Result { +fn raw_send(mut socket: &mio::net::TcpStream, data: &[u8]) -> anyhow::Result { let mut off = 0; socket.try_io(|| { @@ -179,7 +179,7 @@ fn raw_send(mut socket: &mio::net::UnixStream, data: &[u8]) -> anyhow::Result anyhow::Result { +fn raw_recv(mut socket: &mio::net::TcpStream, out: &mut [u8]) -> anyhow::Result { let mut off = 0; socket.try_io(|| { diff --git a/wireguard-broker/src/lib.rs b/wireguard-broker/src/lib.rs index 6c13dfa..ddca082 100644 --- a/wireguard-broker/src/lib.rs +++ b/wireguard-broker/src/lib.rs @@ -12,4 +12,3 @@ pub trait WireGuardBroker { } pub mod api; -pub mod netlink; diff --git a/wireguard-broker/src/netlink.rs b/wireguard-broker/src/netlink.rs deleted file mode 100644 index c8ebdab..0000000 --- a/wireguard-broker/src/netlink.rs +++ /dev/null @@ -1,103 +0,0 @@ -use wireguard_uapi::linux as wg; - -use crate::api::msgs; -use crate::WireGuardBroker; - -#[derive(thiserror::Error, Debug)] -pub enum ConnectError { - #[error(transparent)] - ConnectError(#[from] wg::err::ConnectError), -} - -#[derive(thiserror::Error, Debug)] -pub enum NetlinkError { - #[error(transparent)] - SetDevice(#[from] wg::err::SetDeviceError), - #[error(transparent)] - GetDevice(#[from] wg::err::GetDeviceError), -} - -#[derive(thiserror::Error, Debug)] -pub enum SetPskError { - #[error("The indicated wireguard interface does not exist")] - NoSuchInterface, - #[error("The indicated peer does not exist on the wireguard interface")] - NoSuchPeer, - #[error(transparent)] - NetlinkError(#[from] NetlinkError), -} - -impl From for SetPskError { - fn from(err: wg::err::SetDeviceError) -> Self { - NetlinkError::from(err).into() - } -} - -impl From for SetPskError { - fn from(err: wg::err::GetDeviceError) -> Self { - NetlinkError::from(err).into() - } -} - -use msgs::SetPskError as SetPskMsgsError; -use SetPskError as SetPskNetlinkError; -impl From for SetPskMsgsError { - fn from(err: SetPskError) -> Self { - match err { - SetPskNetlinkError::NoSuchPeer => SetPskMsgsError::NoSuchPeer, - _ => SetPskMsgsError::InternalError, - } - } -} - -pub struct NetlinkWireGuardBroker { - sock: wg::WgSocket, -} - -impl NetlinkWireGuardBroker { - pub fn new() -> Result { - let sock = wg::WgSocket::connect()?; - Ok(Self { sock }) - } -} - -impl WireGuardBroker for NetlinkWireGuardBroker { - type Error = SetPskError; - - fn set_psk( - &mut self, - interface: &str, - peer_id: [u8; 32], - psk: [u8; 32], - ) -> Result<(), Self::Error> { - // Ensure that the peer exists by querying the device configuration - // TODO: Use InvalidInterfaceError - let state = self - .sock - .get_device(wg::DeviceInterface::from_name(interface.to_owned()))?; - - if state - .peers - .iter() - .find(|p| &p.public_key == &peer_id) - .is_none() - { - return Err(SetPskError::NoSuchPeer); - } - - // Peer update description - let mut set_peer = wireguard_uapi::set::Peer::from_public_key(&peer_id); - set_peer - .flags - .push(wireguard_uapi::linux::set::WgPeerF::UpdateOnly); - set_peer.preshared_key = Some(&psk); - - // Device update description - let mut set_dev = wireguard_uapi::set::Device::from_ifname(interface.to_owned()); - set_dev.peers.push(set_peer); - - self.sock.set_device(set_dev)?; - - Ok(()) - } -}