add first draft of rp rust binary

fix(usage): Remove warning about this being a research project

.github/workflows/nix.yaml

@@ -31,38 +31,37 @@ jobs:
       - name: Generate gitHeadInfo.gin for the whitepaper
         if: ${{ matrix.derivation == 'whitepaper' }}
         run: ( cd papers && ./tex/gitinfo2.sh && git add gitHeadInfo.gin )
-      - name: Build ${{ matrix.derivation }}
+      - name: Build ${{ matrix.derivation }}@${{ matrix.nix-system }}
         run: |
           # build the package
           nix build .#packages.${{ matrix.nix-system }}.${{ matrix.derivation }} --print-build-logs
 
           # copy over the results
           if [[ -f $(readlink --canonicalize result ) ]]; then
-            mkdir -- ${{ matrix.derivation }}
+            mkdir -- ${{ matrix.derivation }}-${{ matrix.nix-system }}
           fi
-          cp --recursive -- $(readlink --canonicalize -- result) ${{ matrix.derivation }}
-          chmod --recursive -- ug+rw ${{ matrix.derivation }}
+          cp --recursive -- $(readlink --canonicalize result) ${{ matrix.derivation }}-${{ matrix.nix-system }}
+          chmod --recursive ug+rw -- ${{ matrix.derivation }}-${{ matrix.nix-system }}
 
           # add version information
-          git rev-parse --abbrev-ref HEAD > ${{ matrix.derivation }}/git-version
-          git rev-parse HEAD > ${{ matrix.derivation }}/git-sha
+          git rev-parse --abbrev-ref HEAD > ${{ matrix.derivation }}-${{ matrix.nix-system }}/git-version
+          git rev-parse HEAD > ${{ matrix.derivation }}-${{ matrix.nix-system }}/git-sha
 
           # override the `rp` script to keep compatible with non-nix systems
-          if [[ -f ${{ matrix.derivation }}/bin/rp ]]
-          then
-            cp --force rp ${{ matrix.derivation }}/bin/
+          if [[ -f ${{ matrix.derivation }}-${{ matrix.nix-system }}/bin/rp ]]; then
+            cp --force -- rp ${{ matrix.derivation }}-${{ matrix.nix-system }}/bin/
           fi
       - name: Upload build results
         uses: actions/upload-artifact@v3
         with:
-          name: ${{ matrix.derivation }}@${{ matrix.nix-system }}
-          path: ${{ matrix.derivation }}
+          name: ${{ matrix.derivation }}-${{ matrix.nix-system }}
+          path: ${{ matrix.derivation }}-${{ matrix.nix-system }}
       - name: Deploy PDF artifacts
         if: ${{ matrix.derivation == 'whitepaper' && github.ref == 'refs/heads/main' }}
         uses: peaceiris/actions-gh-pages@v3
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          publish_dir: whitepaper
+          publish_dir: ${{ matrix.derivation }}-${{ matrix.nix-system }}
           publish_branch: papers-pdf
           force_orphan: true
   checks:

.github/workflows/qc.yaml

@@ -0,0 +1,47 @@
+name: Quality Control
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+permissions:
+  checks: write
+  contents: read
+
+jobs:
+  prettier:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actionsx/prettier@v2
+        with:
+          args: --check .
+
+  cargo-clippy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+      - run: rustup component add clippy
+      - name: Install xmllint
+        run: sudo apt-get install -y libsodium-dev
+      - uses: actions-rs/clippy-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          args: --all-features
+
+  cargo-audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yaml

@@ -0,0 +1,30 @@
+name: Release
+permissions:
+  contents: write
+on:
+  push:
+    tags: ["v*"]
+
+jobs:
+  release:
+    name: Release for ${{ matrix.nix-system }}
+    runs-on:
+      - nix
+      - ${{ matrix.nix-system }}
+    strategy:
+      fail-fast: false
+      matrix:
+        nix-system:
+          - x86_64-linux
+          # - aarch64-linux
+    steps:
+      - uses: actions/checkout@v3
+      - name: Build release-package for ${{ matrix.nix-system }}
+        run: nix build .#release-package --print-build-logs
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        with:
+          draft: ${{ contains(github.ref_name, 'rc') }}
+          prerelease: ${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') }}
+          files: |
+            result/*

.prettierignore

@@ -0,0 +1,4 @@
+.direnv/
+papers/whitepaper.md
+target/
+src/usage.md

Cargo.lock

@@ -34,9 +34,9 @@ dependencies = [
 
 [[package]]
 name = "anyhow"
-version = "1.0.68"
+version = "1.0.69"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2cb2f989d18dd141ab8ae82f64d1a8cdd37e0840f73a406896cf5e99502fab61"
+checksum = "224afbd727c3d6e4b90103ece64b8d1b67fbb1973b1046c2281eed3f3803f800"
 dependencies = [
  "backtrace",
 ]
@@ -108,18 +108,6 @@ version = "1.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
 
-[[package]]
-name = "bstr"
-version = "0.2.17"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ba3569f383e8f1598449f1a423e72e99569137b47740b1da11ef19af3d5c3223"
-dependencies = [
- "lazy_static",
- "memchr",
- "regex-automata",
- "serde",
-]
-
 [[package]]
 name = "build-deps"
 version = "0.1.4"
@@ -131,9 +119,9 @@ dependencies = [
 
 [[package]]
 name = "bumpalo"
-version = "3.11.1"
+version = "3.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "572f695136211188308f16ad2ca5c851a712c464060ae6974944458eb83880ba"
+checksum = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535"
 
 [[package]]
 name = "byteorder"
@@ -149,9 +137,9 @@ checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5"
 
 [[package]]
 name = "cc"
-version = "1.0.78"
+version = "1.0.79"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a20104e2335ce8a659d6dd92a51a767a0c062599c73b343fd152cb401e828c3d"
+checksum = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f"
 
 [[package]]
 name = "cexpr"
@@ -170,9 +158,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
 
 [[package]]
 name = "clang-sys"
-version = "1.4.0"
+version = "1.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fa2e27ae6ab525c3d369ded447057bca5438d86dc3a68f6faafb8269ba82ebf3"
+checksum = "77ed9a53e5d4d9c573ae844bfac6872b159cb1d1585a83b29e7a64b7eef7332a"
 dependencies = [
  "glob",
  "libc",
@@ -198,7 +186,7 @@ checksum = "71655c45cb9845d3270c9d6df84ebe72b4dad3c2ba3f7023ad47c144e4e473a5"
 dependencies = [
  "atty",
  "bitflags",
- "clap_lex",
+ "clap_lex 0.2.4",
  "indexmap",
  "strsim",
  "termcolor",
@@ -206,6 +194,34 @@ dependencies = [
  "yaml-rust",
 ]
 
+[[package]]
+name = "clap"
+version = "4.1.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c3d7ae14b20b94cb02149ed21a86c423859cbe18dc7ed69845cace50e52b40a5"
+dependencies = [
+ "bitflags",
+ "clap_derive",
+ "clap_lex 0.3.2",
+ "is-terminal",
+ "once_cell",
+ "strsim",
+ "termcolor",
+]
+
+[[package]]
+name = "clap_derive"
+version = "4.1.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "44bec8e5c9d09e439c4335b1af0abaab56dcf3b94999a936e1bb47b9134288f0"
+dependencies = [
+ "heck",
+ "proc-macro-error",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "clap_lex"
 version = "0.2.4"
@@ -215,6 +231,15 @@ dependencies = [
  "os_str_bytes",
 ]
 
+[[package]]
+name = "clap_lex"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "350b9cf31731f9957399229e9b2adc51eeabdfbe9d71d9a0552275fd12710d09"
+dependencies = [
+ "os_str_bytes",
+]
+
 [[package]]
 name = "cmake"
 version = "0.1.49"
@@ -314,13 +339,12 @@ dependencies = [
 
 [[package]]
 name = "csv"
-version = "1.1.6"
+version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22813a6dc45b335f9bade10bf7271dc477e81113e89eb251a0bc2a8a81c536e1"
+checksum = "af91f40b7355f82b0a891f50e70399475945bb0b0da4f1700ce60761c9d3e359"
 dependencies = [
- "bstr",
  "csv-core",
- "itoa 0.4.8",
+ "itoa",
  "ryu",
  "serde",
 ]
@@ -336,9 +360,9 @@ dependencies = [
 
 [[package]]
 name = "either"
-version = "1.8.0"
+version = "1.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "90e5c1c8368803113bf0c9584fc495a58b86dc8a29edbf8fe877d21d9507e797"
+checksum = "7fcaabb2fef8c910e7f4c7ce9f67a1283a1715879a7c230ca9d6d1ae31f16d91"
 
 [[package]]
 name = "env_logger"
@@ -389,14 +413,14 @@ dependencies = [
 
 [[package]]
 name = "filetime"
-version = "0.2.19"
+version = "0.2.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4e884668cd0c7480504233e951174ddc3b382f7c2666e3b7310b5c4e7b0c37f9"
+checksum = "8a3de6e8d11b22ff9edc6d916f890800597d60f8b2da1caf2955c274638d6412"
 dependencies = [
  "cfg-if",
  "libc",
  "redox_syscall",
- "windows-sys 0.42.0",
+ "windows-sys",
 ]
 
 [[package]]
@@ -420,9 +444,9 @@ dependencies = [
 
 [[package]]
 name = "gimli"
-version = "0.27.0"
+version = "0.27.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dec7af912d60cdbd3677c1af9352ebae6fb8394d165568a2234df0fa00f87793"
+checksum = "ad0a93d233ebf96623465aad4046a8d3aa4da22d4f4beba5388838c8a434bbb4"
 
 [[package]]
 name = "glob"
@@ -442,6 +466,12 @@ version = "0.12.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
 
+[[package]]
+name = "heck"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8"
+
 [[package]]
 name = "hermit-abi"
 version = "0.1.19"
@@ -499,19 +529,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1abeb7a0dd0f8181267ff8adc397075586500b81b28a73e8a0208b00fc170fb3"
 dependencies = [
  "libc",
- "windows-sys 0.45.0",
+ "windows-sys",
 ]
 
 [[package]]
 name = "is-terminal"
-version = "0.4.3"
+version = "0.4.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22e18b0a45d56fe973d6db23972bf5bc46f988a4a2385deac9cc29572f09daef"
+checksum = "21b6b32576413a8e69b90e952e4a026476040d81017b80445deda5f2d3921857"
 dependencies = [
  "hermit-abi 0.3.1",
  "io-lifetimes",
  "rustix",
- "windows-sys 0.45.0",
+ "windows-sys",
 ]
 
 [[package]]
@@ -523,12 +553,6 @@ dependencies = [
  "either",
 ]
 
-[[package]]
-name = "itoa"
-version = "0.4.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b71991ff56294aa922b450139ee08b3bfc70982c6b2c7562771375cf73542dd4"
-
 [[package]]
 name = "itoa"
 version = "1.0.5"
@@ -537,9 +561,9 @@ checksum = "fad582f4b9e86b6caa621cabeb0963332d92eea04729ab12892c2533951e6440"
 
 [[package]]
 name = "js-sys"
-version = "0.3.60"
+version = "0.3.61"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49409df3e3bf0856b916e2ceaca09ee28e6871cf7d9ce97a692cacfdb2a25a47"
+checksum = "445dde2150c55e483f3d8416706b97ec8e8237c307e5b7b4b8dd15e6af2a0730"
 dependencies = [
  "wasm-bindgen",
 ]
@@ -564,9 +588,9 @@ checksum = "201de327520df007757c1f0adce6e827fe8562fbc28bfd9c15571c66ca1f5f79"
 
 [[package]]
 name = "libflate"
-version = "1.2.0"
+version = "1.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "05605ab2bce11bcfc0e9c635ff29ef8b2ea83f29be257ee7d730cac3ee373093"
+checksum = "97822bf791bd4d5b403713886a5fbe8bf49520fe78e323b0dc480ca1a03e50b0"
 dependencies = [
  "adler32",
  "crc32fast",
@@ -575,9 +599,9 @@ dependencies = [
 
 [[package]]
 name = "libflate_lz77"
-version = "1.1.0"
+version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "39a734c0493409afcd49deee13c006a04e3586b9761a03543c6272c9c51f2f5a"
+checksum = "a52d3a8bfc85f250440e4424db7d857e241a3aebbbe301f3eb606ab15c39acbf"
 dependencies = [
  "rle-decode-fast",
 ]
@@ -677,9 +701,9 @@ dependencies = [
 
 [[package]]
 name = "nom"
-version = "7.1.2"
+version = "7.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e5507769c4919c998e69e49c839d9dc6e693ede4cc4290d6ad8b41d4f09c548c"
+checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
 dependencies = [
  "memchr",
  "minimal-lexical",
@@ -706,18 +730,18 @@ dependencies = [
 
 [[package]]
 name = "object"
-version = "0.30.1"
+version = "0.30.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8d864c91689fdc196779b98dba0aceac6118594c2df6ee5d943eb6a8df4d107a"
+checksum = "ea86265d3d3dcb6a27fc51bd29a4bf387fae9d2986b823079d4986af253eb439"
 dependencies = [
  "memchr",
 ]
 
 [[package]]
 name = "once_cell"
-version = "1.17.0"
+version = "1.17.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6f61fba1741ea2b3d6a1e3178721804bb716a68a6aeba1149b5d52e3d464ea66"
+checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3"
 
 [[package]]
 name = "oorandom"
@@ -796,10 +820,34 @@ dependencies = [
 ]
 
 [[package]]
-name = "proc-macro2"
-version = "1.0.49"
+name = "proc-macro-error"
+version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "57a8eca9f9c4ffde41714334dee777596264c7825420f521abc92b5b5deb63a5"
+checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c"
+dependencies = [
+ "proc-macro-error-attr",
+ "proc-macro2",
+ "quote",
+ "syn",
+ "version_check",
+]
+
+[[package]]
+name = "proc-macro-error-attr"
+version = "1.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "version_check",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.51"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5d727cae5b39d21da60fa540906919ad737832fe0b1c165da3a34d6548c849d6"
 dependencies = [
  "unicode-ident",
 ]
@@ -825,9 +873,9 @@ dependencies = [
 
 [[package]]
 name = "rayon-core"
-version = "1.10.1"
+version = "1.10.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cac410af5d00ab6884528b4ab69d1e8e146e8d471201800fa1b4524126de6ad3"
+checksum = "356a0625f1954f730c0201cdab48611198dc6ce21f4acff55089b5a78e6e835b"
 dependencies = [
  "crossbeam-channel",
  "crossbeam-deque",
@@ -846,21 +894,15 @@ dependencies = [
 
 [[package]]
 name = "regex"
-version = "1.7.0"
+version = "1.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e076559ef8e241f2ae3479e36f97bd5741c0330689e217ad51ce2c76808b868a"
+checksum = "48aaa5748ba571fb95cd2c85c09f629215d3a6ece942baa100950af03a34f733"
 dependencies = [
  "aho-corasick",
  "memchr",
  "regex-syntax",
 ]
 
-[[package]]
-name = "regex-automata"
-version = "0.1.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"
-
 [[package]]
 name = "regex-syntax"
 version = "0.6.28"
@@ -890,7 +932,7 @@ checksum = "3582f63211428f83597b51b2ddb88e2a91a9d52d12831f9d08f5e624e8977422"
 
 [[package]]
 name = "rosenpass"
-version = "0.1.1-rc.1"
+version = "0.1.1"
 dependencies = [
  "anyhow",
  "base64",
@@ -908,6 +950,13 @@ dependencies = [
  "thiserror",
 ]
 
+[[package]]
+name = "rp"
+version = "0.1.0"
+dependencies = [
+ "clap 4.1.8",
+]
+
 [[package]]
 name = "rustc-demangle"
 version = "0.1.21"
@@ -931,7 +980,7 @@ dependencies = [
  "io-lifetimes",
  "libc",
  "linux-raw-sys",
- "windows-sys 0.45.0",
+ "windows-sys",
 ]
 
 [[package]]
@@ -1006,11 +1055,11 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.91"
+version = "1.0.93"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "877c235533714907a8c2464236f5c4b2a17262ef1bd71f38f35ea592c8da6883"
+checksum = "cad406b69c91885b5107daf2c29572f6c8cdb3c66826821e286c533490c0bc76"
 dependencies = [
- "itoa 1.0.5",
+ "itoa",
  "ryu",
  "serde",
 ]
@@ -1041,9 +1090,9 @@ checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"
 
 [[package]]
 name = "syn"
-version = "1.0.107"
+version = "1.0.109"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1f4064b5b16e03ae50984a5a8ed5d4f8803e6bc1fd170a3cda91a1be4b18e3f5"
+checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1063,9 +1112,9 @@ dependencies = [
 
 [[package]]
 name = "termcolor"
-version = "1.1.3"
+version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bab24d30b911b2376f3a13cc2cd443142f0c81dda04c118693e35b3835757755"
+checksum = "be55cf8942feac5c765c2c993422806843c9a9a45d4d5c407ad6dd2ea95eb9b6"
 dependencies = [
  "winapi-util",
 ]
@@ -1132,9 +1181,9 @@ dependencies = [
 
 [[package]]
 name = "tinyvec_macros"
-version = "0.1.0"
+version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c"
+checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
 [[package]]
 name = "unicode-bidi"
@@ -1201,6 +1250,12 @@ version = "0.2.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
 
+[[package]]
+name = "version_check"
+version = "0.9.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
+
 [[package]]
 name = "walkdir"
 version = "2.3.2"
@@ -1214,9 +1269,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen"
-version = "0.2.83"
+version = "0.2.84"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eaf9f5aceeec8be17c128b2e93e031fb8a4d469bb9c4ae2d7dc1888b26887268"
+checksum = "31f8dcbc21f30d9b8f2ea926ecb58f6b91192c17e9d33594b3df58b2007ca53b"
 dependencies = [
  "cfg-if",
  "wasm-bindgen-macro",
@@ -1224,9 +1279,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-backend"
-version = "0.2.83"
+version = "0.2.84"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c8ffb332579b0557b52d268b91feab8df3615f265d5270fec2a8c95b17c1142"
+checksum = "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9"
 dependencies = [
  "bumpalo",
  "log",
@@ -1239,9 +1294,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-macro"
-version = "0.2.83"
+version = "0.2.84"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "052be0f94026e6cbc75cdefc9bae13fd6052cdcaf532fa6c45e7ae33a1e6c810"
+checksum = "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5"
 dependencies = [
  "quote",
  "wasm-bindgen-macro-support",
@@ -1249,9 +1304,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-macro-support"
-version = "0.2.83"
+version = "0.2.84"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07bc0c051dc5f23e307b13285f9d75df86bfdf816c5721e573dec1f9b8aa193c"
+checksum = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1262,15 +1317,15 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-shared"
-version = "0.2.83"
+version = "0.2.84"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1c38c045535d93ec4f0b4defec448e4291638ee608530863b1e2ba115d4fff7f"
+checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d"
 
 [[package]]
 name = "web-sys"
-version = "0.3.60"
+version = "0.3.61"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bcda906d8be16e728fd5adc5b729afad4e444e106ab28cd1c7256e54fa61510f"
+checksum = "e33b99f4b23ba3eec1a53ac264e35a755f00e966e0065077d6027c0f575b0b97"
 dependencies = [
  "js-sys",
  "wasm-bindgen",
@@ -1297,9 +1352,9 @@ dependencies = [
 
 [[package]]
 name = "which"
-version = "4.3.0"
+version = "4.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1c831fbbee9e129a8cf93e7747a82da9d95ba8e16621cae60ec2cdc849bacb7b"
+checksum = "2441c784c52b289a054b7201fc93253e288f094e2f4be9058343127c4226a269"
 dependencies = [
  "either",
  "libc",
@@ -1337,21 +1392,6 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 
-[[package]]
-name = "windows-sys"
-version = "0.42.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a3e1820f08b8513f676f7ab6c1f99ff312fb97b553d30ff4dd86f9f15728aa7"
-dependencies = [
- "windows_aarch64_gnullvm",
- "windows_aarch64_msvc",
- "windows_i686_gnu",
- "windows_i686_msvc",
- "windows_x86_64_gnu",
- "windows_x86_64_gnullvm",
- "windows_x86_64_msvc",
-]
-
 [[package]]
 name = "windows-sys"
 version = "0.45.0"
@@ -1438,9 +1478,9 @@ dependencies = [
 
 [[package]]
 name = "zip"
-version = "0.6.3"
+version = "0.6.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "537ce7411d25e54e8ae21a7ce0b15840e7bfcff15b51d697ec3266cc76bdf080"
+checksum = "0445d0fbc924bb93539b4316c11afb121ea39296f99a3c4c9edad09e3658cdef"
 dependencies = [
  "byteorder",
  "crc32fast",

Cargo.toml

@@ -1,34 +1,6 @@
-[package]
-name = "rosenpass"
-version = "0.1.1-rc.1"
-authors = ["Karolin Varner <karo@cupdev.net>", "wucke13 <wucke13@gmail.com>"]
-edition = "2021"
-license = "MIT OR Apache-2.0"
-description = "Build post-quantum-secure VPNs with WireGuard!"
-homepage = "https://rosenpass.eu/"
-repository = "https://github.com/rosenpass/rosenpass"
+[workspace]
 
-[[bench]]
-name = "handshake"
-harness = false
-
-[dependencies]
-anyhow = { version = "1.0.52", features = ["backtrace"] }
-base64 = "0.13.0"
-clap = { version = "3.0.0", features = ["yaml"] }
-static_assertions = "1.1.0"
-memoffset = "0.6.5"
-libsodium-sys-stable = { version = "1.19.26", features = ["use-pkg-config"] }
-oqs-sys = { version = "0.7.1", default-features = false, features = ['classic_mceliece', 'kyber'] }
-lazy_static = "1.4.0"
-thiserror = "1.0.38"
-paste = "1.0.11"
-log = { version = "0.4.17", optional = true }
-env_logger = { version = "0.10.0", optional = true }
-
-[dev-dependencies]
-criterion = "0.3.5"
-test_bin = "0.4.0"
-
-[features]
-default = ["log", "env_logger"]
+members = [
+    "rosenpass",
+    "rp",
+]

flake.nix

@@ -132,6 +132,29 @@
               default = rosenpass;
               rosenpass = rpDerivation pkgs;
               rosenpass-oci-image = rosenpassOCI "rosenpass";
+
+              # derivation for the release
+              release-package =
+                let
+                  version = cargoToml.package.version;
+                  package =
+                    if pkgs.hostPlatform.isLinux then
+                      packages.rosenpass-static
+                    else packages.rosenpass;
+                  oci-image =
+                    if pkgs.hostPlatform.isLinux then
+                      packages.rosenpass-static-oci-image
+                    else packages.rosenpass-oci-image;
+                in
+                pkgs.runCommandNoCC "lace-result" { }
+                  ''
+                    mkdir {bin,$out}
+                    cp ${./.}/rp bin/
+                    tar -cvf $out/rosenpass-${system}-${version}.tar bin/rp \
+                      -C ${package} bin/rosenpass
+                    cp ${oci-image} \
+                      $out/rosenpass-oci-image-${system}-${version}.tar.gz
+                  '';
             } // (if pkgs.stdenv.isLinux then rec {
               rosenpass-static = rpDerivation pkgs.pkgsStatic;
               rosenpass-static-oci-image = rosenpassOCI "rosenpass-static";
@@ -222,6 +245,7 @@
             nativeBuildInputs = with pkgs; [
               cargo-release
               clippy
+              nodePackages.prettier
               rustfmt
               packages.proverif-patched
             ];
@@ -241,7 +265,11 @@
             # '';
             nixpkgs-fmt = pkgs.runCommand "check-nixpkgs-fmt"
               { nativeBuildInputs = [ pkgs.nixpkgs-fmt ]; } ''
-              nixpkgs-fmt --check ${./.} > $out
+              nixpkgs-fmt --check ${./.} && touch $out
+            '';
+            prettier-check = pkgs.runCommand "check-with-prettier"
+              { nativeBuildInputs = [ pkgs.nodePackages.prettier ]; } ''
+              cd ${./.} && prettier --check . && touch $out
             '';
           };
         }))

papers/graphics/readme.md

@@ -0,0 +1,5 @@
+# Illustrations
+
+## License
+
+The graphics graphics (SVG, PDF, and PNG files) in this folder are released under the CC BY-SA 4.0 license.

papers/prftree.d2

@@ -1,218 +0,0 @@
-root: 0  { shape: text }
-PROTOCOL: "PROTOCOL"  { shape: text }
-
-protocol_comment: 'PROTOCOL = "rosenpass 1 rosenpass.eu aead=chachapoly1305 dprf=blake2s ekem=lightsaber skem=mceliece460896 xaead=xchachapoly1305"' { shape: text}
-
-ck_init: '"chaining key init"' { shape: text }
-ck_ext: '"chaining key extract"'  { shape: text }
-
-mac: '"mac"' { shape: text }
-mac_param: MAC_WIRE_DATA { shape: text }
-cookie: '"cookie"' { shape: text }
-cookie_param: COOKIE_WIRE_DATA { shape: text }
-peer_id: '"peer_id"' { shape: text }
-peer_id_p1: spkm { shape: text}
-peer_id_p2: spkt { shape: text}
-
-root -> PROTOCOL
-
-PROTOCOL -> mac -> mac_param
-PROTOCOL -> cookie -> cookie_param
-PROTOCOL -> peer_id -> peer_id_p1 -> peer_id_p2
-PROTOCOL -> ck_init
-PROTOCOL -> ck_ext
-
-mix: '"mix"' { shape: text }
-user: '"user"' { shape: text }
-rp_eu: '"rosenpass.eu"' { shape: text }
-wg_psk: '"wireguard psk"' { shape: text }
-hs_enc: '"handshake encryption"' { shape: text }
-ini_enc: '"initiator session encryption"' { shape: text }
-res_enc: '"responder session encryption"' { shape: text }
-
-ck_ext -> mix
-ck_ext -> user -> rp_eu -> wg_psk
-ck_ext -> hs_enc
-ck_ext -> ini_enc
-ck_ext -> res_enc
-
-# ck_init -> InitHello.start
-
-InitHello {
-  start   -> d0 \
-    -> m1 -> d1 \
-    -> m2 -> d2
-
-              d2 -> encaps_spkr.m1
-  encaps_spkr.d3 -> encrypt_ltk.m1
-  encaps_spkr.d3 -> encrypt_ltk.key
-  encrypt_ltk.d1 -> encrypt_auth.m1
-  encrypt_ltk.d1 -> encrypt_auth.key
-
-  m1: "mix" { shape: text }
-  m2: "mix" { shape: text }
-
-  start: '"chaining key init"' { shape: text }
-  d0: "spkr" { shape: circle }
-  d1: "sidi" { shape: circle }
-  d2: "epki" { shape: circle }
-
-  encaps_spkr {
-       m1 -> d1 \
-    -> m2 -> d2 \
-    -> m3 -> d3 \
-
-    m1: "mix" { shape: text }
-    m2: "mix" { shape: text }
-    m3: "mix" { shape: text }
-
-    d1: "spkr" { shape: circle }
-    d2: "sctr" { shape: circle }
-    d3: "sptr" { shape: circle }
-  }
-
-  encrypt_ltk {
-    m1 -> d1
-
-    encrypt: 'Aead::enc(peer_id(spkr, spki))'
-    key -> encrypt: {
-      target-arrowhead.label: key
-    }
-    data -> encrypt: {
-      target-arrowhead.label: data
-    }
-    encrypt -> d1: {
-      source-arrowhead.label: output
-    }
-
-    m1: "mix" { shape: text }
-    key: '"handshake encryption"' { shape: text }
-    data: 'ref from "peer id" branch after spkt' { shape: text }
-    d1: "ct" { shape: diamond }
-  }
-
-  encrypt_auth {
-    m1 -> d1
-
-    encrypt: 'Aead::enc(empty())'
-    key -> encrypt: {
-      target-arrowhead.label: key
-    }
-    encrypt -> d1: {
-      source-arrowhead.label: output
-    }
-
-    m1: "mix" { shape: text }
-    key: '"handshake encryption"' { shape: text }
-    d1: "ct" { shape: diamond }
-  }
-}
-
-RespHello {
-  start -> d0 -> m1 -> d1
-              d1 -> encaps_epki.m1
-  encaps_epki.d3 -> encaps_spki.m1
-  encaps_spki.d3 -> m2 -> d2
-  d2 -> encrypt_auth.m1
-
-  store_biscuit -> d2
-  "pidi" -> store_biscuit {
-    target-arrowhead.label: "field=peerid"
-  }
-  encaps_spki.d3 -> store_biscuit {
-    target-arrowhead.label: "field=ck"
-  }
-
-
-  m1: "mix" { shape: text }
-  m2: "mix" { shape: text }
-
-  start: '(state from InitHello)' { shape: text }
-  d0: "sidr" { shape: circle }
-  d1: "sidi" { shape: circle }
-  d2: "biscuit" { shape: diamond }
-
-  store_biscuit: "store_biscuit()"
-
-  encaps_epki {
-       m1 -> d1 \
-    -> m2 -> d2 \
-    -> m3 -> d3 \
-
-    m1: "mix" { shape: text }
-    m2: "mix" { shape: text }
-    m3: "mix" { shape: text }
-
-    d1: "epki" { shape: circle }
-    d2: "ecti" { shape: circle }
-    d3: "epti" { shape: circle }
-  }
-
-  encaps_spki {
-       m1 -> d1 \
-    -> m2 -> d2 \
-    -> m3 -> d3 \
-
-    m1: "mix" { shape: text }
-    m2: "mix" { shape: text }
-    m3: "mix" { shape: text }
-
-    d1: "spki" { shape: circle }
-    d2: "scti" { shape: circle }
-    d3: "spti" { shape: circle }
-  }
-
-  encrypt_auth {
-    m1 -> d1
-
-    encrypt: 'Aead::enc(empty())'
-    key -> encrypt: {
-      target-arrowhead.label: key
-    }
-    encrypt -> d1: {
-      source-arrowhead.label: output
-    }
-
-    m1: "mix" { shape: text }
-    key: '"handshake encryption"' { shape: text }
-    d1: "ct" { shape: diamond }
-  }
-}
-
-InitConf {
-  start -> d0 -> m1 -> d1 -> encrypt_auth.m1
-
-  encrypt_auth.d1 -> ol1 -> o1
-  encrypt_auth.d1 -> ol2 -> o2
-  encrypt_auth.d1 -> ol3 -> o3
-
-  m1: "mix" { shape: text }
-
-  start: '(state from RespHello)' { shape: text }
-  d0: "sidi" { shape: circle }
-  d1: "sidr" { shape: circle }
-
-  ol1: '"wireguard psk"' { shape: text }
-  ol2: '"initiator session encryption"' { shape: text }
-  ol3: '"responder session encryption"' { shape: text}
-                                                             o2: "" { shape: page }
-  o1: "" { shape: step }
-  o2: "" { shape: step }
-  o3: "" { shape: step }
-
-  encrypt_auth {
-    m1 -> d1
-
-    encrypt: 'Aead::enc(empty())'
-    key -> encrypt: {
-      target-arrowhead.label: key
-    }
-    encrypt -> d1: {
-      source-arrowhead.label: output
-    }
-
-    m1: "mix" { shape: text }
-    key: '"handshake encryption"' { shape: text }
-    d1: "ct" { shape: diamond }
-  }
-}

papers/readme.md

@@ -16,10 +16,14 @@ You can build the PDF files from Markdown using `latexmk`. Simply run
 latexmk -r tex/CI.rc
 ```
 
-inside `papers/`.  The PDF files will be located directly in `papers/`.
+inside `papers/`. The PDF files will be located directly in `papers/`.
 
 ## Add version info within the template-rosenpass files
 
 The version info is using gitinfo2. To use the setup one has to run the `papers/tex/gitinfo2.sh` script. In local copies it's also possible to add this as a post-checkout or post-commit hook to keep it automatically up to date.
 
-The version information in the footer automatically includes a “draft”. This can be removed by tagging a release version using `\jobname-release`, e.h. `whitepaper-release`  for the `whitepaper.md` file.
+The version information in the footer automatically includes a “draft”. This can be removed by tagging a release version using `\jobname-release`, e.h. `whitepaper-release` for the `whitepaper.md` file.
+
+## Licensing of assets
+
+The text files and graphics in this folder (i.e. whitepaper.md, the SVG, PDF, and PNG files in the graphics/ folder) are released under the CC BY-SA 4.0 license.

papers/sequencing.d2

@@ -1,81 +0,0 @@
-Protocol: {
-  shape: sequence_diagram
-  ini: "Initiator"
-  res: "Responder"
-  ini -> res: "InitHello"
-  res -> ini: "RespHello"
-  ini -> res: "InitConf"
-  res -> ini: "EmptyData"
-}
-
-Envelope: "Envelope" {
-  shape: class
-  type: "1"
-  '': 3
-  payload: variable
-  mac: 16
-  cookie: 16
-}
-
-Envelope.payload -> InitHello
-InitHello: "InitHello (type=0x81)" {
-  shape: class
-  sidi: 4
-  epki: 800
-  sctr: 188
-  peerid: 32 + 16 = 48
-  auth: 16
-}
-
-Envelope.payload -> RespHello
-RespHello: "RespHello (type=0x82)" {
-  shape: class
-  sidr: 4
-  sidi: 4
-  ecti: 768
-  scti: 188
-  biscuit: 76 + 24 + 16 = 116
-  auth: 16
-}
-
-Envelope.payload -> InitConf
-InitConf: "InitConf (type=0x83)" {
-  shape: class
-  sidi: 4
-  sidr: 4
-  biscuit: 76 + 24 +16 = 116
-  auth: 16
-}
-
-Envelope.payload -> EmptyData
-EmptyData: "EmptyData (type=0x84)" {
-  shape: class
-  sidx: 4
-  ctr: 8
-  auth: 16
-}
-
-Envelope.payload -> Data
-Data: "Data (type=0x85)" {
-  shape: class
-  sidx: 4
-  ctr: 8
-  data: variable + 16
-}
-
-Envelope.payload -> CookieReply
-CookieReply: "CookieReply (type=0x86)" {
-  shape: class
-  sidx: 4
-  nonce: 24
-  cookie: 16 + 16 = 32
-}
-
-RespHello.biscuit -> Biscuit
-InitConf.biscuit -> Biscuit
-Biscuit: "Biscuit" {
-  shape: class
-  peerid: 32
-  no: 12
-  ck: 32
-}

papers/tex/template-rosenpass.tex

@@ -130,7 +130,7 @@
 \bool_set_false:N \l_tmpa_bool
 \gitAbbrevHash{}~(\gitAuthorDate
 \clist_map_inline:Nn \gitTags {
-	\exp_args:Nx \str_if_eq:nnT {\jobname-release} {test-whitepaper}  {\bool_set_true:N \l_tmpa_bool\clist_map_break:}
+	\exp_args:Nx \str_if_eq:nnT {\jobname-release} {whitepaper-release}  {\bool_set_true:N \l_tmpa_bool\clist_map_break:}
 }
 \bool_if:NF \l_tmpa_bool {~--~draft}
 )

papers/whitepaper.md

@@ -33,7 +33,7 @@ abstract: |
 Rosenpass inherits most security properties from Post-Quantum WireGuard (PQWG). The security properties mentioned here are covered by the symbolic analysis in the Rosenpass repository. 
 
 ## Secrecy
-Three key encapsulations using the keypairs `sski`/`spki`, `sskr`/`spkr`, and `eski`/`epki` provide secrecy (see Section \ref{variables} for an introduction of the variables). Their respective ciphertexts are called `scti`, `sctr`, and `ectr` and the resulting keys are called `spti`, `sptr`, `epti`. A single secure encapsulation is sufficient to provide secrecy. We use two different KEMs (Key Encapsulation Methods; see section \ref{skem}): Kyber and Classic McEliece.
+Three key encapsulations using the keypairs `sski`/`spki`, `sskr`/`spkr`, and `eski`/`epki` provide secrecy (see Section \ref{variables} for an introduction of the variables). Their respective ciphertexts are called `scti`, `sctr`, and `ectr` and the resulting keys are called `spti`, `sptr`, `epti`. A single secure encapsulation is sufficient to provide secrecy. We use two different KEMs (Key Encapsulation Mechanisms; see section \ref{skem}): Kyber and Classic McEliece.
 
 ## Authenticity
 

readme.md

@@ -1,5 +1,10 @@
 # Rosenpass README
 
+![Nix](https://github.com/rosenpass/rosenpass/actions/workflows/nix.yaml/badge.svg)
+![QC](https://github.com/rosenpass/rosenpass/actions/workflows/qc.yaml/badge.svg)
+![crates.io](https://img.shields.io/crates/v/rosenpass.svg)
+![Libraries.io dependency status for latest release](https://img.shields.io/librariesio/release/cargo/rosenpass)
+
 This repository contains
 
 1. A description of the [Rosenpass protocol](https://github.com/rosenpass/rosenpass/raw/papers-pdf/whitepaper.pdf)
@@ -9,9 +14,7 @@ This repository contains
 
 ## Getting started
 
-[how to install nix]
-[how to build with nix]
-[how to build without nix]
+First, [install rosenpass](#Getting-Rosenpass). Then, check out the help funtions of `rp` & `rosenpass`:
 
 ```sh
 rp help
@@ -24,7 +27,7 @@ Follow [quickstart instructions](https://rosenpass.eu/#start) to get a VPN up an
 
 The [rosenpass tool](./src/) is written in Rust and uses liboqs[^liboqs] and libsodium[^libsodium]. The tool establishes a symmetric key and provides it to WireGuard. Since it supplies WireGuard with key through the PSK feature using Rosenpass+WireGuard is cryptographically no less secure than using WireGuard on its own ("hybrid security"). Rosenpass refreshes the symmetric key every two minutes.
 
-As with any application a small risk of critical security issues (such as buffer overflows, remote code execution)  exists; the Rosenpass application is written in the Rust programming language which is much less prone to such issues. Rosenpass can also write keys to files instead of supplying them to WireGuard With a bit of scripting the stand alone mode of the implementation can be used to run the application in a Container, VM or on another host. This mode can also be used to integrate tools other than WireGuard with Rosenpass.
+As with any application a small risk of critical security issues (such as buffer overflows, remote code execution) exists; the Rosenpass application is written in the Rust programming language which is much less prone to such issues. Rosenpass can also write keys to files instead of supplying them to WireGuard With a bit of scripting the stand alone mode of the implementation can be used to run the application in a Container, VM or on another host. This mode can also be used to integrate tools other than WireGuard with Rosenpass.
 
 The [`rp`](./rp) tool written in bash makes it easy to create a VPN using WireGuard and Rosenpass.
 
@@ -36,8 +39,8 @@ and Rosenpass private keys, takes control of the interface and works with exactl
 rp allocates two UDP ports; if port N is specified for rosenpass, it will allocate port N+1 for WireGuard.
 
 Like WireGuard, Rosenpass does not enforce any separation between clients and servers.
-If you do not specify the `listen` option, Rosenpass and WireGuard will choose random ports; this is *client mode*.
-If you do not specify `endpoint`, Rosenpass will not try to connect to the peer and instead wait for connections from peers. This is *server mode*.
+If you do not specify the `listen` option, Rosenpass and WireGuard will choose random ports; this is _client mode_.
+If you do not specify `endpoint`, Rosenpass will not try to connect to the peer and instead wait for connections from peers. This is _server mode_.
 You may specify both. Leaving out both is not forbidden but also not very useful.
 
 ## Security analysis
@@ -55,7 +58,19 @@ The analysis is implemented according to modern software engineering principles:
 The code uses a variety of optimizations to speed up analysis such as using secret functions to model trusted/malicious setup. We split the model into two separate entry points which can be analyzed in parallel. Each is much faster than both models combined.
 A wrapper script provides instant feedback about which queries execute as expected in color: A red cross if a query fails and a green check if it succeeds.
 
+[^liboqs]: https://openquantumsafe.org/liboqs/
+[^libsodium]: https://doc.libsodium.org/
 [^wg]: https://www.wireguard.com/
 [^pqwg]: https://eprint.iacr.org/2020/379
 [^pqwg-statedis]: Unless supplied with a pre-shared-key, but this defeates the purpose of a key exchange protocol
-[^wg-statedis]: https://lists.zx2c4.com/pipermail/wireguard/2021-August/006916.html
+[^wg-statedis]: https://lists.zx2c4.com/pipermail/wireguard/2021-August/006916.htmlA
+
+# Getting Rosenpass
+
+Rosenpass is packaged for more and more distros, maybe also for the distro of your choice?
+
+[![Packaging status](https://repology.org/badge/vertical-allrepos/rosenpass.svg)](https://repology.org/project/rosenpass/versions)
+
+# Supported by
+
+Funded through <a href="https://nlnet.nl/">NLNet</a> with financial support for the European Commission's <a href="https://nlnet.nl/assure">NGI Assure</a> program.

rosenpass/Cargo.toml

@@ -0,0 +1,35 @@
+[package]
+name = "rosenpass"
+version = "0.1.1"
+authors = ["Karolin Varner <karo@cupdev.net>", "wucke13 <wucke13@gmail.com>"]
+edition = "2021"
+license = "MIT OR Apache-2.0"
+description = "Build post-quantum-secure VPNs with WireGuard!"
+homepage = "https://rosenpass.eu/"
+repository = "https://github.com/rosenpass/rosenpass"
+readme = "../readme.md"
+
+[[bench]]
+name = "handshake"
+harness = false
+
+[dependencies]
+anyhow = { version = "1.0.52", features = ["backtrace"] }
+base64 = "0.13.0"
+clap = { version = "3.0.0", features = ["yaml"] }
+static_assertions = "1.1.0"
+memoffset = "0.6.5"
+libsodium-sys-stable = { version = "1.19.26", features = ["use-pkg-config"] }
+oqs-sys = { version = "0.7.1", default-features = false, features = ['classic_mceliece', 'kyber'] }
+lazy_static = "1.4.0"
+thiserror = "1.0.38"
+paste = "1.0.11"
+log = { version = "0.4.17", optional = true }
+env_logger = { version = "0.10.0", optional = true }
+
+[dev-dependencies]
+criterion = "0.3.5"
+test_bin = "0.4.0"
+
+[features]
+default = ["log", "env_logger"]

rosenpass/src/usage.md

@@ -11,9 +11,6 @@ DESCRIPTION
   These keys can then be passed to various services such as wireguard or other vpn services
   as pre-shared-keys to achieve security against attackers with quantum computers.
 
-  This is a research project and quantum computers are not thought to become practical in less than ten years.
-  If you are not specifically tasked with developing post-quantum secure systems, you probably do not need this tool.
-
 COMMANDS
   
   keygen private-key <file-path> public-key <file-path>
@@ -35,11 +32,11 @@ COMMANDS
       You must either specify the outfile or wireguard output option.
 
       endpoint <ip>[:<port>]
-        Specifies the address where the peer can be reached. This will be automatically updated after the first sucessfull
+        Specifies the address where the peer can be reached. This will be automatically updated after the first successful
         key exchange with the peer. If this is unspecified, the peer must initiate the connection.
 
       preshared-key <file-path>
-        You may specifie a pre-shared key which will be mixied into the final secret.
+        You may specify a pre-shared key which will be mixed into the final secret.
 
       outfile <file-path>
         You may specify a file to write the exchanged keys to. If this option is specified, {0} will

rp

@@ -1,333 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-# String formatting subsystem
-
-formatting_init() {
-  endl=$'\n'
-}
-
-enquote() {
-    while (( $# > 1 )); do
-      printf "%q " "${1}"; shift
-    done
-    if (( $# == 1 )); then
-      printf "%q" "${1}"; shift
-    fi
-}
-
-multiline() {
-  # shellcheck disable=SC1004
-  echo "${1} " | awk '
-    function pm(a, b, l) {
-      return length(a) > l \
-          && length(b) > l \
-          && substr(a, 1, l+1) == substr(b, 1, l+1) \
-            ? pm(a, b, l+1) : l;
-    }
-
-    !started && $0 !~ /^[ \t]*$/ {
-      started=1
-      match($0, /^[ \t]*/)
-      prefix=substr($0, 1, RLENGTH)
-    }
-
-    started {
-      print(substr($0, 1 + pm($0, prefix)));
-    }
-  '
-}
-
-dbg() {
-  echo >&2 "$@"
-}
-
-# Cleanup subsystem (sigterm)
-
-cleanup_init() {
-  cleanup_actions=()
-  trap cleanup_apply exit
-}
-
-cleanup_apply() {
-  local f
-  for f in "${cleanup_actions[@]}"; do
-    eval "${f}"
-  done
-}
-
-cleanup() {
-  cleanup_actions+=("$(multiline "${1}")")
-}
-
-# Transactional execution subsystem
-
-frag_init() {
-  explain=0
-  frag_transaction=()
-  frag "
-    #! /bin/bash
-    set -e"
-}
-
-frag_apply() {
-  local f
-  for f in "${frag_transaction[@]}"; do
-    if (( explain == 1 )); then
-      dbg "${f}"
-    fi
-    eval "${f}"
-  done
-}
-
-frag() {
-  frag_transaction+=("$(multiline "${1}")")
-}
-
-frag_append() {
-  local len; len="${#frag_transaction[@]}"
-  frag_transaction=("${frag_transaction[@]:0:len-1}" "${frag_transaction[len-1]}${1}")
-}
-
-frag_append_esc() {
-  frag_append " \\${endl}${1}"
-}
-
-# Usage documentation subsystem
-usage_init() {
-  usagestack=("${script}")
-}
-
-usage_snap() {
-  echo "${#usagestack}"
-}
-
-usage_restore() {
-  local n; n="${1}"
-  dbg REST "${1}"
-  usagestack=("${usagestack[@]:0:n-2}")
-}
-
-
-usage() {
-  dbg "Usage: ${usagestack[*]}"
-}
-
-fatal() {
-  dbg "FATAL: $*"
-  usage
-  exit 1
-}
-
-genkey() {
-  usagestack+=("PRIVATE_KEYS_DIR")
-  local skdir
-  skdir="${1/\//}"; shift || fatal "Required positional argument: PRIVATE_KEYS_DIR"
-
-  while (( $# > 0 )); do
-    local arg; arg="$1"; shift
-    case "${arg}" in
-      -h | -help | --help | help) usage; return 0 ;;
-      *) fatal "Unknown option ${arg}";;
-    esac
-  done
-
-  if test -e "${skdir}"; then
-    fatal "PRIVATE_KEYS_DIR \"${skdir}\" already exists"
-  fi
-
-  frag "
-    umask 077
-    mkdir -p $(enquote "${skdir}")
-    wg genkey > $(enquote "${skdir}"/wgsk)
-    $(enquote "${binary}") keygen \\
-      private-key $(enquote "${skdir}"/pqsk) \\
-      public-key  $(enquote "${skdir}"/pqpk)"
-}
-
-pubkey() {
-  usagestack+=("PRIVATE_KEYS_DIR" "PUBLIC_KEYS_DIR")
-  local skdir pkdir
-  skdir="${1/\//}"; shift || fatal "Required positional argument: PRIVATE_KEYS_DIR"
-  pkdir="${1/\//}"; shift || fatal "Required positional argument: PUBLIC_KEYS_DIR"
-
-  while (( $# > 0 )); do
-    local arg; arg="$1"; shift
-    case "${arg}" in
-      -h | -help | --help | help) usage; exit 0;;
-      *) fatal "Unknown option ${arg}";;
-    esac
-  done
-
-  if test -e "${pkdir}"; then
-    fatal "PUBLIC_KEYS_DIR \"${pkdir}\" already exists"
-  fi
-
-  frag "
-    mkdir -p $(enquote "${pkdir}")
-    wg pubkey < $(enquote "${skdir}"/wgsk) > $(enquote "${pkdir}/wgpk")
-    cp $(enquote "${skdir}"/pqpk) $(enquote "${pkdir}/pqpk")"
-}
-
-exchange() {
-  usagestack+=("PRIVATE_KEYS_DIR" "[dev <device>]" "[listen <ip>:<port>]" "[peer PUBLIC_KEYS_DIR [endpoint <ip>:<port>] [persistent-keepalive <interval>] [allowed-ips <ip1>/<cidr1>[,<ip2>/<cidr2>]...]]...")
-  local skdir dev lport
-  dev="${project_name}0"
-  skdir="${1/\//}"; shift || fatal "Required positional argument: PRIVATE_KEYS_DIR"
-
-  while (( $# > 0 )); do
-    local arg; arg="$1"; shift
-    case "${arg}" in
-      dev) dev="${1}"; shift || fatal "dev option requires parameter";;
-      peer) set -- "peer" "$@"; break;; # Parsed down below
-      listen)
-        local listen; listen="${1}";
-        lip="${listen%:*}";
-        lport="${listen/*:/}";
-        if [[ "$lip" = "$lport" ]]; then
-          lip="[0::0]"
-        fi
-        shift;;
-      -h | -help | --help | help) usage; return 0;;
-      *) fatal "Unknown option ${arg}";;
-    esac
-  done
-
-  if (( $# == 0 )); then
-    fatal "Needs at least one peer specified"
-  fi
-
-  frag "
-    # Create the Wireguard interface
-    ip link add dev $(enquote "${dev}") type wireguard || true"
-
-  cleanup "
-    ip link del dev $(enquote "${dev}") || true"
-
-  frag "
-    ip link set dev $(enquote "${dev}") up"
-
-  frag "
-    # Deploy the classic wireguard private key
-    wg set $(enquote "${dev}") private-key $(enquote "${skdir}/wgsk")"
-
-
-  if test -n "${lport}"; then
-    frag_append "listen-port $(enquote "$(( lport + 1 ))")"
-  fi
-
-  frag "
-    # Launch the post quantum wireguard exchange daemon
-    $(enquote "${binary}") exchange"
-
-  if (( verbose == 1 )); then
-    frag_append "verbose"
-  fi
-
-  frag_append_esc "    private-key $(enquote "${skdir}/pqsk")"
-  frag_append_esc "    public-key  $(enquote "${skdir}/pqpk")"
-
-  if test -n "${lport}"; then
-    frag_append_esc "    listen $(enquote "${lip}:${lport}")"
-  fi
-
-  usagestack+=("peer" "PUBLIC_KEYS_DIR endpoint IP:PORT")
-
-  while (( $# > 0 )); do
-    shift; # Skip "peer" argument
-
-    local peerdir ip port keepalive allowedips
-    peerdir="${1/\//}"; shift || fatal "Required peer argument: PUBLIC_KEYS_DIR"
-
-    while (( $# > 0 )); do
-      local arg; arg="$1"; shift
-      case "${arg}" in
-        peer) set -- "peer" "$@"; break;; # Next peer
-        endpoint) ip="${1%:*}"; port="${1/*:/}"; shift;;
-        persistent-keepalive) keepalive="${1}"; shift;;
-        allowed-ips) allowedips="${1}"; shift;;
-        -h | -help | --help | help) usage; return 0;;
-        *) fatal "Unknown option ${arg}";;
-      esac
-    done
-
-    # Public key
-    frag_append_esc "    peer public-key $(enquote "${peerdir}/pqpk")"
-
-    # PSK
-    local pskfile; pskfile="${peerdir}/psk"
-    if test -f "${pskfile}"; then
-      frag_append_esc "      preshared-key $(enquote "${pskfile}")"
-    fi
-
-
-    if test -n "${ip}"; then
-      frag_append_esc "      endpoint $(enquote "${ip}:${port}")"
-    fi
-
-    frag_append_esc "      wireguard $(enquote "${dev}") $(enquote "$(cat "${peerdir}/wgpk")")"
-
-    if test -n "${ip}"; then
-      frag_append_esc "        endpoint $(enquote "${ip}:$(( port + 1 ))")"
-    fi
-
-    if test -n "${keepalive}"; then
-      frag_append_esc "        persistent-keepalive $(enquote "${keepalive}")"
-    fi
-
-    if test -n "${allowedips}"; then
-      frag_append_esc "        allowed-ips $(enquote "${allowedips}")"
-    fi
-  done
-}
-
-main() {
-  formatting_init
-  cleanup_init
-  usage_init
-  frag_init
-
-  project_name="rosenpass"
-  scriptdir="$(dirname "${script}")"
-  verbose=0
-  binary="$(
-    find "${scriptdir}"/target/{release,debug}/"${project_name}" -printf "%T@ %p\n" 2>/dev/null \
-      | sort -nr \
-      | awk -v fallback="${project_name}" '
-          NR == 1 { print($2) }
-          END { if (NR == 0) print(fallback) }'
-  )"
-
-  # Parse command
-
-  usagestack+=("[explain]" "[verbose]" "genkey|pubkey|exchange" "[ARGS]...")
-
-  local cmd
-  while (( $# > 0 )); do
-    local arg; arg="$1"; shift
-    case "${arg}" in
-      genkey|pubkey|exchange) cmd="${arg}"; break;;
-      explain) explain=1;;
-      verbose) verbose=1;;
-      -h | -help | --help | help) usage; return 0 ;;
-      *) fatal "Unknown command ${arg}";;
-    esac
-  done
-
-  test -n "${cmd}" || fatal "No command supplied"
-  usagestack=("${script}")
-
-  # Execute command
-
-  usagestack+=("${cmd}")
-  "${cmd}" "$@"
-  usagestack=("${script}")
-
-  # Apply transaction
-
-  frag_apply
-}
-
-script="$0"
-main "$@"

rp/Cargo.toml

@@ -0,0 +1,13 @@
+[package]
+name = "rp"
+version = "0.1.0"
+edition = "2021"
+authors = ["wucke13 <wucke13@gmail.com>", "Karolin Varner <karo@cupdev.net>"]
+license = "MIT OR Apache-2.0"
+description = "Build post-quantum-secure VPNs with WireGuard!"
+homepage = "https://rosenpass.eu/"
+repository = "https://github.com/rosenpass/rosenpass"
+readme = "../readme.md"
+
+[dependencies]
+clap = { version = "4.1.8", features = ["derive"] }

rp/src/main.rs

@@ -0,0 +1,55 @@
+use std::path::PathBuf;
+
+use clap::{Parser, Subcommand};
+
+// Usage: ../rp-old [explain] [verbose] genkey|pubkey|exchange [ARGS]...
+
+/// Simple program to greet a person
+#[derive(Parser, Debug)]
+#[command(author, version, about, long_about = None)]
+struct Cli {
+    /// Explain what is done
+    #[arg(short, long)]
+    explain: bool,
+
+    /// Be verbose about what's going on
+    #[arg(short, long)]
+    verbose: bool,
+
+    #[command(subcommand)]
+    command: Command,
+}
+
+/// Doc comment
+#[derive(Subcommand, Debug)]
+// #[command(PARENT CMD ATTRIBUTE)]
+enum Command {
+    /// Generate a keypair
+    // --- Requirements ---
+    // requires wireguard
+    // should not exist before
+    // should be dir after
+    // should contain three files after pqpk, pqsk, wgsk
+    Genkey {
+        private_keys_dir: PathBuf,
+    },
+
+    /// Generate public keys
+    // --- Requirements ---
+    // requires wireguard
+    // requires private_keys_dir to exist
+    // should create public_keys_dir
+    // should copy pqpk from private_ to public_keys_dir
+    // should generate wgpk to public_keys_dir
+    Pubkey {
+        private_keys_dir: PathBuf,
+        public_keys_dir: PathBuf,
+    },
+
+    Exchange {},
+}
+fn main() {
+    let args = Cli::parse();
+
+    println!("{args:#?}");
+}