WIP support for the Hermit microkernel.

A whole bunch of close-to-the-metal crates are yielding compiler errors
upon compilation with --target x86_64-unknown-hermit. MIO is not.

Using hermit might necessitate relying on threads for IO instead of
using MIO.

https://github.com/hermit-os/kernel/issues/1043

Cargo.lock

@@ -245,12 +245,6 @@ version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
 
-[[package]]
-name = "bytes"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223"
-
 [[package]]
 name = "cast"
 version = "0.3.0"
@@ -431,16 +425,6 @@ version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7"
 
-[[package]]
-name = "command-fds"
-version = "0.2.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f190f3c954f7bca3c6296d0ec561c739bdbe6c7e990294ed168d415f6e1b5b01"
-dependencies = [
- "nix",
- "thiserror",
-]
-
 [[package]]
 name = "cpufeatures"
 version = "0.2.12"
@@ -450,6 +434,15 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "crc32fast"
+version = "1.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d"
+dependencies = [
+ "cfg-if",
+]
+
 [[package]]
 name = "criterion"
 version = "0.4.0"
@@ -664,12 +657,43 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
+[[package]]
+name = "filetime"
+version = "0.2.23"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1ee447700ac8aa0b2f2bd7bc4462ad686ba06baa6727ac149a2d6277f0d240fd"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "redox_syscall",
+ "windows-sys 0.52.0",
+]
+
+[[package]]
+name = "flate2"
+version = "1.0.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e"
+dependencies = [
+ "crc32fast",
+ "miniz_oxide",
+]
+
 [[package]]
 name = "fnv"
 version = "1.0.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
 
+[[package]]
+name = "form_urlencoded"
+version = "1.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456"
+dependencies = [
+ "percent-encoding",
+]
+
 [[package]]
 name = "generic-array"
 version = "0.14.7"
@@ -749,6 +773,17 @@ version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8"
 
+[[package]]
+name = "hermit"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0f54046de71e77899abc5fee9a9ada4b6299e0829cf26cf47cdfe2163be3d33a"
+dependencies = [
+ "flate2",
+ "tar",
+ "ureq",
+]
+
 [[package]]
 name = "hermit-abi"
 version = "0.1.19"
@@ -785,6 +820,16 @@ version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39"
 
+[[package]]
+name = "idna"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "634d9b1461af396cad843f47fdba5597a4f9e6ddd4bfb6ff5d85028c25cb12f6"
+dependencies = [
+ "unicode-bidi",
+ "unicode-normalization",
+]
+
 [[package]]
 name = "indexmap"
 version = "1.9.3"
@@ -934,17 +979,6 @@ dependencies = [
  "autocfg",
 ]
 
-[[package]]
-name = "memsec"
-version = "0.6.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0fa0916b001582d253822171bd23f4a0229d32b9507fae236f5da8cad515ba7c"
-dependencies = [
- "getrandom",
- "libc",
- "windows-sys 0.45.0",
-]
-
 [[package]]
 name = "minimal-lexical"
 version = "0.2.1"
@@ -997,17 +1031,6 @@ dependencies = [
  "syn 1.0.109",
 ]
 
-[[package]]
-name = "nix"
-version = "0.27.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2eb04e9c688eff1c89d72b407f168cf79bb9e867a9d3323ed6c01519eb9cc053"
-dependencies = [
- "bitflags 2.4.1",
- "cfg-if",
- "libc",
-]
-
 [[package]]
 name = "nom"
 version = "7.1.3"
@@ -1027,16 +1050,6 @@ dependencies = [
  "autocfg",
 ]
 
-[[package]]
-name = "num_cpus"
-version = "1.16.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43"
-dependencies = [
- "hermit-abi 0.3.3",
- "libc",
-]
-
 [[package]]
 name = "object"
 version = "0.32.1"
@@ -1082,29 +1095,6 @@ version = "6.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e2355d85b9a3786f481747ced0e0ff2ba35213a1f9bd406ed906554d7af805a1"
 
-[[package]]
-name = "parking_lot"
-version = "0.12.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f"
-dependencies = [
- "lock_api",
- "parking_lot_core",
-]
-
-[[package]]
-name = "parking_lot_core"
-version = "0.9.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e"
-dependencies = [
- "cfg-if",
- "libc",
- "redox_syscall",
- "smallvec",
- "windows-targets 0.48.5",
-]
-
 [[package]]
 name = "paste"
 version = "1.0.14"
@@ -1118,10 +1108,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099"
 
 [[package]]
-name = "pin-project-lite"
+name = "percent-encoding"
-version = "0.2.13"
+version = "2.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58"
+checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e"
 
 [[package]]
 name = "plotters"
@@ -1293,15 +1283,29 @@ version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f"
 
+[[package]]
+name = "ring"
+version = "0.17.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74"
+dependencies = [
+ "cc",
+ "getrandom",
+ "libc",
+ "spin",
+ "untrusted",
+ "windows-sys 0.48.0",
+]
+
 [[package]]
 name = "rosenpass"
 version = "0.2.1"
 dependencies = [
  "anyhow",
  "clap 4.4.10",
- "command-fds",
  "criterion",
  "env_logger",
+ "hermit",
  "log",
  "memoffset",
  "mio",
@@ -1315,7 +1319,6 @@ dependencies = [
  "rosenpass-to",
  "rosenpass-util",
  "rosenpass-wireguard-broker",
- "rustix",
  "serde",
  "stacker",
  "static_assertions",
@@ -1348,7 +1351,6 @@ dependencies = [
 name = "rosenpass-constant-time"
 version = "0.1.0"
 dependencies = [
- "memsec",
  "rosenpass-to",
 ]
 
@@ -1392,7 +1394,6 @@ dependencies = [
  "allocator-api2-tests",
  "anyhow",
  "log",
- "memsec",
  "rand",
  "rosenpass-to",
  "rosenpass-util",
@@ -1412,7 +1413,6 @@ version = "0.1.0"
 dependencies = [
  "anyhow",
  "base64",
- "rustix",
  "static_assertions",
  "typenum",
 ]
@@ -1431,7 +1431,6 @@ dependencies = [
  "rosenpass-to",
  "rosenpass-util",
  "thiserror",
- "tokio",
  "wireguard-uapi",
 ]
 
@@ -1469,6 +1468,28 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
+[[package]]
+name = "rustls"
+version = "0.21.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba"
+dependencies = [
+ "log",
+ "ring",
+ "rustls-webpki",
+ "sct",
+]
+
+[[package]]
+name = "rustls-webpki"
+version = "0.101.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
 [[package]]
 name = "ryu"
 version = "1.0.15"
@@ -1490,6 +1511,16 @@ version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
 
+[[package]]
+name = "sct"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
 [[package]]
 name = "semver"
 version = "1.0.21"
@@ -1542,31 +1573,6 @@ version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a7cee0529a6d40f580e7a5e6c495c8fbfe21b7b52795ed4bb5e62cdf92bc6380"
 
-[[package]]
-name = "signal-hook-registry"
-version = "1.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d8229b473baa5980ac72ef434c4415e70c4b5e71b423043adb4ba059f89c99a1"
-dependencies = [
- "libc",
-]
-
-[[package]]
-name = "smallvec"
-version = "1.11.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4dccd0940a2dcdf68d092b8cbab7dc0ad8fa938bf95787e1b916b0e3d0e8e970"
-
-[[package]]
-name = "socket2"
-version = "0.5.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7b5fac59a5cb5dd637972e5fca70daf0523c9067fcdc4842f053dae04a18f8e9"
-dependencies = [
- "libc",
- "windows-sys 0.48.0",
-]
-
 [[package]]
 name = "spin"
 version = "0.9.8"
@@ -1635,6 +1641,17 @@ dependencies = [
  "unicode-ident",
 ]
 
+[[package]]
+name = "tar"
+version = "0.4.40"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b16afcea1f22891c49a00c751c7b63b2233284064f11a200fc624137c51e2ddb"
+dependencies = [
+ "filetime",
+ "libc",
+ "xattr",
+]
+
 [[package]]
 name = "termcolor"
 version = "1.4.0"
@@ -1687,34 +1704,19 @@ dependencies = [
 ]
 
 [[package]]
-name = "tokio"
+name = "tinyvec"
-version = "1.34.0"
+version = "1.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d0c014766411e834f7af5b8f4cf46257aab4036ca95e9d2c144a10f59ad6f5b9"
+checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50"
 dependencies = [
- "backtrace",
+ "tinyvec_macros",
- "bytes",
- "libc",
- "mio",
- "num_cpus",
- "parking_lot",
- "pin-project-lite",
- "signal-hook-registry",
- "socket2",
- "tokio-macros",
- "windows-sys 0.48.0",
 ]
 
 [[package]]
-name = "tokio-macros"
+name = "tinyvec_macros"
-version = "2.2.0"
+version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b"
+checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.39",
-]
 
 [[package]]
 name = "toml"
@@ -1756,12 +1758,27 @@ version = "1.17.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825"
 
+[[package]]
+name = "unicode-bidi"
+version = "0.3.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "08f95100a766bf4f8f28f90d77e0a5461bbdb219042e7679bebe79004fed8d75"
+
 [[package]]
 name = "unicode-ident"
 version = "1.0.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
 
+[[package]]
+name = "unicode-normalization"
+version = "0.1.22"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921"
+dependencies = [
+ "tinyvec",
+]
+
 [[package]]
 name = "universal-hash"
 version = "0.5.1"
@@ -1772,6 +1789,39 @@ dependencies = [
  "subtle",
 ]
 
+[[package]]
+name = "untrusted"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
+
+[[package]]
+name = "ureq"
+version = "2.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f8cdd25c339e200129fe4de81451814e5228c9b771d57378817d6117cc2b3f97"
+dependencies = [
+ "base64",
+ "flate2",
+ "log",
+ "once_cell",
+ "rustls",
+ "rustls-webpki",
+ "url",
+ "webpki-roots",
+]
+
+[[package]]
+name = "url"
+version = "2.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "31e6302e3bb753d46e83516cae55ae196fc0c309407cf11ab35cc51a4c2a4633"
+dependencies = [
+ "form_urlencoded",
+ "idna",
+ "percent-encoding",
+]
+
 [[package]]
 name = "utf8parse"
 version = "0.2.1"
@@ -1864,6 +1914,12 @@ dependencies = [
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "webpki-roots"
+version = "0.25.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1778a42e8b3b90bff8d0f5032bf22250792889a5cdc752aa0020c84abe3aaf10"
+
 [[package]]
 name = "which"
 version = "4.4.2"
@@ -1907,15 +1963,6 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 
-[[package]]
-name = "windows-sys"
-version = "0.45.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0"
-dependencies = [
- "windows-targets 0.42.2",
-]
-
 [[package]]
 name = "windows-sys"
 version = "0.48.0"
@@ -1934,21 +1981,6 @@ dependencies = [
  "windows-targets 0.52.0",
 ]
 
-[[package]]
-name = "windows-targets"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e5180c00cd44c9b1c88adb3693291f1cd93605ded80c250a75d472756b4d071"
-dependencies = [
- "windows_aarch64_gnullvm 0.42.2",
- "windows_aarch64_msvc 0.42.2",
- "windows_i686_gnu 0.42.2",
- "windows_i686_msvc 0.42.2",
- "windows_x86_64_gnu 0.42.2",
- "windows_x86_64_gnullvm 0.42.2",
- "windows_x86_64_msvc 0.42.2",
-]
-
 [[package]]
 name = "windows-targets"
 version = "0.48.5"
@@ -1979,12 +2011,6 @@ dependencies = [
  "windows_x86_64_msvc 0.52.0",
 ]
 
-[[package]]
-name = "windows_aarch64_gnullvm"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8"
-
 [[package]]
 name = "windows_aarch64_gnullvm"
 version = "0.48.5"
@@ -1997,12 +2023,6 @@ version = "0.52.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cb7764e35d4db8a7921e09562a0304bf2f93e0a51bfccee0bd0bb0b666b015ea"
 
-[[package]]
-name = "windows_aarch64_msvc"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43"
-
 [[package]]
 name = "windows_aarch64_msvc"
 version = "0.48.5"
@@ -2015,12 +2035,6 @@ version = "0.52.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bbaa0368d4f1d2aaefc55b6fcfee13f41544ddf36801e793edbbfd7d7df075ef"
 
-[[package]]
-name = "windows_i686_gnu"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f"
-
 [[package]]
 name = "windows_i686_gnu"
 version = "0.48.5"
@@ -2033,12 +2047,6 @@ version = "0.52.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a28637cb1fa3560a16915793afb20081aba2c92ee8af57b4d5f28e4b3e7df313"
 
-[[package]]
-name = "windows_i686_msvc"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060"
-
 [[package]]
 name = "windows_i686_msvc"
 version = "0.48.5"
@@ -2051,12 +2059,6 @@ version = "0.52.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ffe5e8e31046ce6230cc7215707b816e339ff4d4d67c65dffa206fd0f7aa7b9a"
 
-[[package]]
-name = "windows_x86_64_gnu"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36"
-
 [[package]]
 name = "windows_x86_64_gnu"
 version = "0.48.5"
@@ -2069,12 +2071,6 @@ version = "0.52.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3d6fa32db2bc4a2f5abeacf2b69f7992cd09dca97498da74a151a3132c26befd"
 
-[[package]]
-name = "windows_x86_64_gnullvm"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3"
-
 [[package]]
 name = "windows_x86_64_gnullvm"
 version = "0.48.5"
@@ -2087,12 +2083,6 @@ version = "0.52.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1a657e1e9d3f514745a572a6846d3c7aa7dbe1658c056ed9c3344c4109a6949e"
 
-[[package]]
-name = "windows_x86_64_msvc"
-version = "0.42.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0"
-
 [[package]]
 name = "windows_x86_64_msvc"
 version = "0.48.5"
@@ -2126,6 +2116,15 @@ dependencies = [
  "thiserror",
 ]
 
+[[package]]
+name = "xattr"
+version = "1.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fbc6ab6ec1907d1a901cdbcd2bd4cb9e7d64ce5c9739cbb97d3c391acd8c7fae"
+dependencies = [
+ "libc",
+]
+
 [[package]]
 name = "zeroize"
 version = "1.7.0"

Cargo.toml

@@ -50,19 +50,15 @@ toml = "0.7.8"
 static_assertions = "1.1.0"
 allocator-api2 = "0.2.14"
 allocator-api2-tests = "0.2.14"
-memsec = "0.6.3"
 rand = "0.8.5"
 wireguard-uapi = "3.0.0"
-command-fds = "0.2.3"
-rustix = { version = "0.38.27", features = ["net"] }
-tokio = { version = "1.34.0", features = ["sync", "full", "mio"] }
 typenum = "1.17.0"
 log = { version = "0.4.20" }
 clap = { version = "4.4.10", features = ["derive"] }
 serde = { version = "1.0.193", features = ["derive"] }
 arbitrary = { version = "1.3.2", features = ["derive"] }
 anyhow = { version = "1.0.75", features = ["backtrace", "std"] }
-mio = { version = "0.8.9", features = ["net", "os-poll"] }
+mio = { version = "0.8.9", features = ["net"] }
 oqs-sys = { version = "0.8", default-features = false, features = ['classic_mceliece', 'kyber']  }
 blake2 = "0.10.6"
 chacha20poly1305 = { version = "0.10.1", default-features = false, features = [ "std", "heapless" ] }

constant-time/Cargo.toml

@@ -13,4 +13,3 @@ readme = "readme.md"
 
 [dependencies]
 rosenpass-to = { workspace = true }
-memsec = { workspace = true }

constant-time/src/lib.rs

@@ -29,14 +29,13 @@ pub fn xor(src: &[u8]) -> impl To<[u8], ()> + '_ {
 
 #[inline]
 pub fn memcmp(a: &[u8], b: &[u8]) -> bool {
-    a.len() == b.len()
+    a == b
-        && unsafe { memsec::memeq(a.as_ptr() as *const u8, b.as_ptr() as *const u8, a.len()) }
 }
 
 #[inline]
 pub fn compare(a: &[u8], b: &[u8]) -> i32 {
     assert!(a.len() == b.len());
-    unsafe { memsec::memcmp(a.as_ptr(), b.as_ptr(), a.len()) }
+    a.cmp(b) as i32
 }
 
 /// Interpret the given slice as a little-endian unsigned integer

rosenpass/Cargo.toml

@@ -34,8 +34,9 @@ toml = { workspace = true }
 clap = { workspace = true }
 mio = { workspace = true }
 rand = { workspace = true }
-command-fds = { workspace = true }
+
-rustix = { workspace = true }
+[target.'cfg(target_os = "hermit")'.dependencies]
+hermit = { version = "0.8", features = ["pci", "pci-ids", "acpi", "fsgsbase", "tcp", "rtl8139"]}
 
 [build-dependencies]
 anyhow = { workspace = true }

rosenpass/src/app_server.rs

@@ -1,7 +1,6 @@
 use std::cell::{Cell, RefCell};
 use std::io::{ErrorKind, Write};
-use std::net::{Ipv4Addr, Ipv6Addr, SocketAddr, SocketAddrV4, SocketAddrV6, ToSocketAddrs};
+use std::net::{Ipv4Addr, Ipv6Addr, SocketAddr, SocketAddrV4, SocketAddrV6, ToSocketAddrs, TcpStream};
-use std::os::unix::net::UnixStream;
 use std::path::PathBuf;
 use std::slice;
 use std::time::Duration;
@@ -353,7 +352,7 @@ impl AppServer {
         sk: SSk,
         pk: SPk,
         addrs: Vec<SocketAddr>,
-        psk_broker_socket: UnixStream,
+        psk_broker_socket: TcpStream,
         verbosity: Verbosity,
     ) -> anyhow::Result<Self> {
         // setup mio
@@ -363,7 +362,7 @@ impl AppServer {
 
         // Create the Wireguard broker connection
         let psk_broker = {
-            let mut sock = mio::net::UnixStream::from_std(psk_broker_socket);
+            let mut sock = mio::net::TcpStream::from_std(psk_broker_socket);
             mio_poll.registry().register(
                 &mut sock,
                 dispenser.get_token(),

rosenpass/src/cli.rs

@@ -1,15 +1,9 @@
 use std::io::{BufReader, Read};
-use std::os::unix::net::UnixStream;
+use std::net::TcpStream;
 use std::path::PathBuf;
-use std::process::Command;
-use std::thread;
 
 use anyhow::{bail, ensure, Context};
 use clap::Parser;
-use command_fds::{CommandFdExt, FdMapping};
-use log::{error, info};
-use rustix::fd::AsRawFd;
-use rustix::net::{socketpair, AddressFamily, SocketFlags, SocketType};
 
 use rosenpass_cipher_traits::Kem;
 use rosenpass_ciphers::kem::StaticKem;
@@ -272,46 +266,7 @@ impl Cli {
         let pk = SPk::load(&config.public_key)?;
 
         // Spawn the psk broker and use socketpair(2) to connect with them
-        let psk_broker_socket = {
+        let psk_broker_socket = TcpStream::connect("127.0.0.1:8001")?;
-            let (ours, theirs) = socketpair(
-                AddressFamily::UNIX,
-                SocketType::STREAM,
-                SocketFlags::empty(),
-                None,
-            )?;
-
-            // Setup our end of the socketpair
-            let ours = UnixStream::from(ours);
-            ours.set_nonblocking(true)?;
-
-            // Start the PSK broker
-            let mut child = Command::new("rosenpass-wireguard-broker-socket-handler")
-                .args(["--stream-fd", "3"])
-                .fd_mappings(vec![FdMapping {
-                    parent_fd: theirs.as_raw_fd(),
-                    child_fd: 3,
-                }])?
-                .spawn()?;
-
-            // Handle the PSK broker crashing
-            thread::spawn(move || {
-                let status = child.wait();
-
-                if let Ok(status) = status {
-                    if status.success() {
-                        // Maybe they are doing double forking?
-                        info!("PSK broker exited.");
-                    } else {
-                        error!("PSK broker exited with an error ({status:?})");
-                    }
-                } else {
-                    error!("Wait on PSK broker process failed ({status:?})");
-                }
-            });
-
-            ours
-        };
-
         // start an application server
         let mut srv = std::boxed::Box::<AppServer>::new(AppServer::new(
             sk,

rosenpass/src/main.rs

@@ -2,6 +2,9 @@ use log::error;
 use rosenpass::cli::Cli;
 use std::process::exit;
 
+#[cfg(target_os = "hermit")]
+use hermit as _;
+
 /// Catches errors, prints them through the logger, then exits
 pub fn main() {
     // default to displaying warning and error log messages only

rust-toolchain.toml

@@ -0,0 +1,2 @@
+[toolchain]
+channel = "1.74.1"

secret-memory/Cargo.toml

@@ -15,7 +15,6 @@ rosenpass-to = { workspace = true }
 rosenpass-util = { workspace = true }
 zeroize = { workspace = true }
 rand = { workspace = true }
-memsec = { workspace = true }
 allocator-api2 = { workspace = true }
 log = { workspace = true }
 

secret-memory/src/alloc/memsec.rs

@@ -1,7 +1,7 @@
 use std::fmt;
 use std::ptr::NonNull;
 
-use allocator_api2::alloc::{AllocError, Allocator, Layout};
+use allocator_api2::alloc::{AllocError, Allocator, Layout, Global};
 
 #[derive(Copy, Clone, Default)]
 struct MemsecAllocatorContents;
@@ -9,7 +9,7 @@ struct MemsecAllocatorContents;
 /// Memory allocation using using the memsec crate
 #[derive(Copy, Clone, Default)]
 pub struct MemsecAllocator {
-    _dummy_private_data: MemsecAllocatorContents,
+    global: Global
 }
 
 /// A box backed by the memsec allocator
@@ -29,40 +29,18 @@ pub fn memsec_vec<T>() -> MemsecVec<T> {
 impl MemsecAllocator {
     pub fn new() -> Self {
         Self {
-            _dummy_private_data: MemsecAllocatorContents,
+            global: Global
         }
     }
 }
 
 unsafe impl Allocator for MemsecAllocator {
     fn allocate(&self, layout: Layout) -> Result<NonNull<[u8]>, AllocError> {
-        // Call memsec allocator
+        self.global.allocate(layout)
-        let mem: Option<NonNull<[u8]>> = unsafe { memsec::malloc_sized(layout.size()) };
-
-        // Unwrap the option
-        let Some(mem) = mem else {
-            log::error!("Allocation {layout:?} was requested but memsec returned a null pointer");
-            return Err(AllocError);
-        };
-
-        // Ensure the right alignment is used
-        let off = (mem.as_ptr() as *const u8).align_offset(layout.align());
-        if off != 0 {
-            log::error!("Allocation {layout:?} was requested but memsec returned allocation \
-                with offset {off} from the requested alignment. Memsec always allocates values \
-                at the end of a memory page for security reasons, custom alignments are not supported. \
-                You could try allocating an oversized value.");
-            unsafe { memsec::free(mem) };
-            return Err(AllocError);
-        };
-
-        Ok(mem)
     }
 
     unsafe fn deallocate(&self, ptr: NonNull<u8>, _layout: Layout) {
-        unsafe {
+        unsafe { self.global.deallocate(ptr, _layout) }
-            memsec::free(ptr);
-        }
     }
 }
 

util/Cargo.toml

@@ -14,6 +14,5 @@ readme = "readme.md"
 [dependencies]
 base64 = { workspace = true }
 anyhow = { workspace = true }
-rustix = { workspace = true }
 typenum = { workspace = true }
 static_assertions = { workspace = true }

util/src/fd.rs

@@ -1,12 +0,0 @@
-use std::os::fd::{OwnedFd, RawFd};
-
-/// Clone some file descriptor
-///
-/// If the file descriptor is invalid, an error will be raised.
-pub fn claim_fd(fd: RawFd) -> anyhow::Result<OwnedFd> {
-    use rustix::{fd::BorrowedFd, io::dup};
-
-    // This is safe since [dup] will simply raise
-    let fd = unsafe { dup(BorrowedFd::borrow_raw(fd))? };
-    Ok(fd)
-}

wireguard-broker/Cargo.toml

@@ -19,7 +19,6 @@ wireguard-uapi = { workspace = true }
 
 # Socket handler only
 rosenpass-to = { workspace = true }
-tokio = { workspace = true }
 anyhow = { workspace = true }
 clap = { workspace = true }
 env_logger = { workspace = true }

wireguard-broker/src/api/mio_client.rs

@@ -17,7 +17,7 @@ pub struct MioBrokerClient {
 
 #[derive(Debug)]
 struct MioBrokerClientIo {
-    socket: mio::net::UnixStream,
+    socket: mio::net::TcpStream,
     send_buf: VecDeque<u8>,
     receiving_size: bool,
     recv_buf: Vec<u8>,
@@ -25,7 +25,7 @@ struct MioBrokerClientIo {
 }
 
 impl MioBrokerClient {
-    pub fn new(socket: mio::net::UnixStream) -> Self {
+    pub fn new(socket: mio::net::TcpStream) -> Self {
         let io = MioBrokerClientIo {
             socket,
             send_buf: VecDeque::new(),
@@ -155,7 +155,7 @@ impl MioBrokerClientIo {
     }
 }
 
-fn raw_send(mut socket: &mio::net::UnixStream, data: &[u8]) -> anyhow::Result<usize> {
+fn raw_send(mut socket: &mio::net::TcpStream, data: &[u8]) -> anyhow::Result<usize> {
     let mut off = 0;
 
     socket.try_io(|| {
@@ -179,7 +179,7 @@ fn raw_send(mut socket: &mio::net::UnixStream, data: &[u8]) -> anyhow::Result<us
     return Ok(off);
 }
 
-fn raw_recv(mut socket: &mio::net::UnixStream, out: &mut [u8]) -> anyhow::Result<usize> {
+fn raw_recv(mut socket: &mio::net::TcpStream, out: &mut [u8]) -> anyhow::Result<usize> {
     let mut off = 0;
 
     socket.try_io(|| {

wireguard-broker/src/lib.rs

@@ -12,4 +12,3 @@ pub trait WireGuardBroker {
 }
 
 pub mod api;
-pub mod netlink;

wireguard-broker/src/netlink.rs

@@ -1,103 +0,0 @@
-use wireguard_uapi::linux as wg;
-
-use crate::api::msgs;
-use crate::WireGuardBroker;
-
-#[derive(thiserror::Error, Debug)]
-pub enum ConnectError {
-    #[error(transparent)]
-    ConnectError(#[from] wg::err::ConnectError),
-}
-
-#[derive(thiserror::Error, Debug)]
-pub enum NetlinkError {
-    #[error(transparent)]
-    SetDevice(#[from] wg::err::SetDeviceError),
-    #[error(transparent)]
-    GetDevice(#[from] wg::err::GetDeviceError),
-}
-
-#[derive(thiserror::Error, Debug)]
-pub enum SetPskError {
-    #[error("The indicated wireguard interface does not exist")]
-    NoSuchInterface,
-    #[error("The indicated peer does not exist on the wireguard interface")]
-    NoSuchPeer,
-    #[error(transparent)]
-    NetlinkError(#[from] NetlinkError),
-}
-
-impl From<wg::err::SetDeviceError> for SetPskError {
-    fn from(err: wg::err::SetDeviceError) -> Self {
-        NetlinkError::from(err).into()
-    }
-}
-
-impl From<wg::err::GetDeviceError> for SetPskError {
-    fn from(err: wg::err::GetDeviceError) -> Self {
-        NetlinkError::from(err).into()
-    }
-}
-
-use msgs::SetPskError as SetPskMsgsError;
-use SetPskError as SetPskNetlinkError;
-impl From<SetPskNetlinkError> for SetPskMsgsError {
-    fn from(err: SetPskError) -> Self {
-        match err {
-            SetPskNetlinkError::NoSuchPeer => SetPskMsgsError::NoSuchPeer,
-            _ => SetPskMsgsError::InternalError,
-        }
-    }
-}
-
-pub struct NetlinkWireGuardBroker {
-    sock: wg::WgSocket,
-}
-
-impl NetlinkWireGuardBroker {
-    pub fn new() -> Result<Self, ConnectError> {
-        let sock = wg::WgSocket::connect()?;
-        Ok(Self { sock })
-    }
-}
-
-impl WireGuardBroker for NetlinkWireGuardBroker {
-    type Error = SetPskError;
-
-    fn set_psk(
-        &mut self,
-        interface: &str,
-        peer_id: [u8; 32],
-        psk: [u8; 32],
-    ) -> Result<(), Self::Error> {
-        // Ensure that the peer exists by querying the device configuration
-        // TODO: Use InvalidInterfaceError
-        let state = self
-            .sock
-            .get_device(wg::DeviceInterface::from_name(interface.to_owned()))?;
-
-        if state
-            .peers
-            .iter()
-            .find(|p| &p.public_key == &peer_id)
-            .is_none()
-        {
-            return Err(SetPskError::NoSuchPeer);
-        }
-
-        // Peer update description
-        let mut set_peer = wireguard_uapi::set::Peer::from_public_key(&peer_id);
-        set_peer
-            .flags
-            .push(wireguard_uapi::linux::set::WgPeerF::UpdateOnly);
-        set_peer.preshared_key = Some(&psk);
-
-        // Device update description
-        let mut set_dev = wireguard_uapi::set::Device::from_ifname(interface.to_owned());
-        set_dev.peers.push(set_peer);
-
-        self.sock.set_device(set_dev)?;
-
-        Ok(())
-    }
-}