add control socket serde code

- add new, optional configuration parameter to the config file, `control_socket`
- enhance debug and trace logging in `app_server.rs`
- add optional attribute `maybe_control_socket` to `AppServer`
- registers the uds (if present) in mio, so that one `mio::poll` call can both check on control commands and normal handshake traffic
- sprinkle a little more documentation over `app_server.rs`
- inject control socket handling skeleton code to `AppServer::try_recv`
  - control socket is always processed first, then incoming traffic

Cargo.lock

@@ -25,21 +25,20 @@ checksum = "aae1277d39aeec15cb388266ecc24b11c80469deae6067e17a1a7aa9e5c1f234"
 
 [[package]]
 name = "ahash"
-version = "0.8.6"
+version = "0.8.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "91429305e9f0a25f6205c5b8e0d2db09e0708a7a6df0f42212bb56c32c8ac97a"
+checksum = "2c99f64d1e06488f620f932677e24bc6e2897582980441ae90a671415bd7ec2f"
 dependencies = [
  "cfg-if",
  "once_cell",
  "version_check",
- "zerocopy",
 ]
 
 [[package]]
 name = "aho-corasick"
-version = "1.1.2"
+version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0"
+checksum = "6748e8def348ed4d14996fa801f4122cd763fff530258cdc03f64b25f89d3a5a"
 dependencies = [
  "memchr",
 ]
@@ -52,29 +51,30 @@ checksum = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299"
 
 [[package]]
 name = "anstream"
-version = "0.6.4"
+version = "0.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2ab91ebe16eb252986481c5b62f6098f3b698a45e34b5b98200cf20dd2484a44"
+checksum = "0ca84f3628370c59db74ee214b3263d58f9aadd9b4fe7e711fd87dc452b7f163"
 dependencies = [
  "anstyle",
  "anstyle-parse",
  "anstyle-query",
  "anstyle-wincon",
  "colorchoice",
+ "is-terminal",
  "utf8parse",
 ]
 
 [[package]]
 name = "anstyle"
-version = "1.0.4"
+version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7079075b41f533b8c61d2a4d073c4676e1f8b249ff94a393b0595db304e0dd87"
+checksum = "3a30da5c5f2d5e72842e00bcb57657162cdabef0931f40e2deb9b4140440cecd"
 
 [[package]]
 name = "anstyle-parse"
-version = "0.2.2"
+version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "317b9a89c1868f5ea6ff1d9539a69f45dffc21ce321ac1fd1160dfa48c8e2140"
+checksum = "938874ff5980b03a87c5524b3ae5b59cf99b1d6bc836848df7bc5ada9643c333"
 dependencies = [
  "utf8parse",
 ]
@@ -90,9 +90,9 @@ dependencies = [
 
 [[package]]
 name = "anstyle-wincon"
-version = "3.0.1"
+version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0699d10d2f4d628a98ee7b57b289abbc98ff3bad977cb3152709d4bf2330628"
+checksum = "c677ab05e09154296dd37acecd46420c17b9713e8366facafa8fc0885167cf4c"
 dependencies = [
  "anstyle",
  "windows-sys",
@@ -141,9 +141,9 @@ dependencies = [
 
 [[package]]
 name = "base64"
-version = "0.21.5"
+version = "0.21.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9"
+checksum = "604178f6c5c21f02dc555784810edfb88d34ac2c73b2eae109655649ee73ce3d"
 
 [[package]]
 name = "bindgen"
@@ -176,9 +176,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
 
 [[package]]
 name = "bitflags"
-version = "2.4.1"
+version = "2.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07"
+checksum = "b4682ae6287fcf752ecaabbfcc7b6f9b72aa33933dc23a554d853aea8eea8635"
 
 [[package]]
 name = "build-deps"
@@ -191,15 +191,15 @@ dependencies = [
 
 [[package]]
 name = "bumpalo"
-version = "3.14.0"
+version = "3.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec"
+checksum = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1"
 
 [[package]]
 name = "byteorder"
-version = "1.5.0"
+version = "1.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
+checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
 
 [[package]]
 name = "cast"
@@ -283,31 +283,32 @@ dependencies = [
 
 [[package]]
 name = "clap"
-version = "4.4.8"
+version = "4.3.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2275f18819641850fa26c89acc84d465c1bf91ce57bc2748b28c420473352f64"
+checksum = "03aef18ddf7d879c15ce20f04826ef8418101c7e528014c3eeea13321047dca3"
 dependencies = [
  "clap_builder",
  "clap_derive",
+ "once_cell",
 ]
 
 [[package]]
 name = "clap_builder"
-version = "4.4.8"
+version = "4.3.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07cdf1b148b25c1e1f7a42225e30a0d99a615cd4637eae7365548dd4529b95bc"
+checksum = "f8ce6fffb678c9b80a70b6b6de0aad31df727623a70fd9a842c30cd573e2fa98"
 dependencies = [
  "anstream",
  "anstyle",
- "clap_lex 0.6.0",
+ "clap_lex 0.5.0",
  "strsim",
 ]
 
 [[package]]
 name = "clap_derive"
-version = "4.4.7"
+version = "4.3.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf9804afaaf59a91e75b022a30fb7229a7901f60c755489cc61c9b423b836442"
+checksum = "54a9bb5758fc5dfe728d1019941681eccaf0cf8a4189b692a0ee2f2ecf90a050"
 dependencies = [
  "heck",
  "proc-macro2",
@@ -326,9 +327,9 @@ dependencies = [
 
 [[package]]
 name = "clap_lex"
-version = "0.6.0"
+version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "702fc72eb24e5a1e48ce58027a675bc24edd52096d5397d4aea7c6dd9eca0bd1"
+checksum = "2da6da31387c7e4ef160ffab6d5e7f00c42626fe39aea70a7b0f1773f7dd6c1b"
 
 [[package]]
 name = "cmake"
@@ -399,6 +400,16 @@ dependencies = [
  "itertools",
 ]
 
+[[package]]
+name = "crossbeam-channel"
+version = "0.5.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a33c2bf77f2df06183c3aa30d1e96c0695a313d4f9c453cc3762a6db39f99200"
+dependencies = [
+ "cfg-if",
+ "crossbeam-utils",
+]
+
 [[package]]
 name = "crossbeam-deque"
 version = "0.8.3"
@@ -446,9 +457,9 @@ checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07"
 
 [[package]]
 name = "env_logger"
-version = "0.10.1"
+version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "95b3f3e67048839cb0d0781f445682a35113da7121f7c949db0e2be96a4fbece"
+checksum = "85cdab6a89accf66733ad5a1693a4dcced6aeff64602b634530dd73c1f3ee9f0"
 dependencies = [
  "humantime",
  "is-terminal",
@@ -465,14 +476,25 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5"
 
 [[package]]
 name = "errno"
-version = "0.3.6"
+version = "0.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7c18ee0ed65a5f1f81cac6b1d213b69c35fa47d4252ad41f1486dbd8226fe36e"
+checksum = "6b30f669a7961ef1631673d2766cc92f52d64f7ef354d4fe0ddfd30ed52f0f4f"
 dependencies = [
+ "errno-dragonfly",
  "libc",
  "windows-sys",
 ]
 
+[[package]]
+name = "errno-dragonfly"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf"
+dependencies = [
+ "cc",
+ "libc",
+]
+
 [[package]]
 name = "filetime"
 version = "0.2.22"
@@ -487,9 +509,9 @@ dependencies = [
 
 [[package]]
 name = "flate2"
-version = "1.0.28"
+version = "1.0.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e"
+checksum = "c6c98ee8095e9d1dcbf2fcc6d95acccb90d1c81db1e44725c6a984b1dbdfb010"
 dependencies = [
  "crc32fast",
  "miniz_oxide",
@@ -504,17 +526,6 @@ dependencies = [
  "percent-encoding",
 ]
 
-[[package]]
-name = "getrandom"
-version = "0.2.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f"
-dependencies = [
- "cfg-if",
- "libc",
- "wasi",
-]
-
 [[package]]
 name = "gimli"
 version = "0.28.0"
@@ -550,9 +561,9 @@ dependencies = [
 
 [[package]]
 name = "hashbrown"
-version = "0.14.2"
+version = "0.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f93e7192158dbcda357bdec5fb5788eebf8bbac027f3f33e719d29135ae84156"
+checksum = "2c6201b9ff9fd90a5a3bac2e56a830d0caa509576f0e503818ee82c181b3437a"
 
 [[package]]
 name = "heck"
@@ -571,18 +582,9 @@ dependencies = [
 
 [[package]]
 name = "hermit-abi"
-version = "0.3.3"
+version = "0.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7"
-
-[[package]]
-name = "home"
-version = "0.5.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5444c27eef6923071f7ebcc33e3444508466a76f7a2b93da00ed6e19f30c1ddb"
-dependencies = [
- "windows-sys",
-]
+checksum = "443144c8cdadd93ebf52ddb4056d257f5b52c04d3c804e657d19eb73fc33668b"
 
 [[package]]
 name = "humantime"
@@ -612,12 +614,12 @@ dependencies = [
 
 [[package]]
 name = "indexmap"
-version = "2.1.0"
+version = "2.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d530e1a18b1cb4c484e6e34556a0d948706958449fca0cab753d649f2bce3d1f"
+checksum = "d5477fe2230a79769d8dc68e0eabf5437907c0457a5614a9e8dddb67f65eb65d"
 dependencies = [
  "equivalent",
- "hashbrown 0.14.2",
+ "hashbrown 0.14.0",
 ]
 
 [[package]]
@@ -626,7 +628,7 @@ version = "0.4.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b"
 dependencies = [
- "hermit-abi 0.3.3",
+ "hermit-abi 0.3.2",
  "rustix",
  "windows-sys",
 ]
@@ -648,9 +650,9 @@ checksum = "af150ab688ff2122fcef229be89cb50dd66af9e01a4ff320cc137eecc9bacc38"
 
 [[package]]
 name = "js-sys"
-version = "0.3.65"
+version = "0.3.64"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "54c0c35952f67de54bb584e9fd912b3023117cbafc0a77d8f3dee1fb5f572fe8"
+checksum = "c5f195fe497f702db0f318b07fdd68edb16955aed830df8363d837542f8f935a"
 dependencies = [
  "wasm-bindgen",
 ]
@@ -669,9 +671,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
 
 [[package]]
 name = "libc"
-version = "0.2.150"
+version = "0.2.147"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c"
+checksum = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3"
 
 [[package]]
 name = "libflate"
@@ -709,9 +711,9 @@ dependencies = [
 
 [[package]]
 name = "libsodium-sys-stable"
-version = "1.20.3"
+version = "1.19.30"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cfc31f983531631496f4e621110cd81468ab78b65dee0046cfddea83caa2c327"
+checksum = "2cf9c3bd17952580efd8f57e3d01d724cfb18d51fbd9dc00a65e5911f71521ba"
 dependencies = [
  "cc",
  "libc",
@@ -726,9 +728,9 @@ dependencies = [
 
 [[package]]
 name = "linux-raw-sys"
-version = "0.4.11"
+version = "0.4.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "969488b55f8ac402214f3f5fd243ebb7206cf82de60d3172994707a4bcc2b829"
+checksum = "57bcfdad1b858c2db7c38303a6d2ad4dfaf5eb53dfeb0910128b2c26d6158503"
 
 [[package]]
 name = "log"
@@ -738,9 +740,9 @@ checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f"
 
 [[package]]
 name = "memchr"
-version = "2.6.4"
+version = "2.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167"
+checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
 
 [[package]]
 name = "memoffset"
@@ -774,9 +776,9 @@ dependencies = [
 
 [[package]]
 name = "mio"
-version = "0.8.9"
+version = "0.8.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3dce281c5e46beae905d4de1870d8b1509a9142b62eedf18b443b011ca8343d0"
+checksum = "927a765cd3fc26206e66b296465fa9d3e5ab003e651c1b3c060e7956d96b19d2"
 dependencies = [
  "libc",
  "log",
@@ -796,18 +798,28 @@ dependencies = [
 
 [[package]]
 name = "num-traits"
-version = "0.2.17"
+version = "0.2.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c"
+checksum = "f30b0abd723be7e2ffca1272140fac1a2f084c77ec3e123c192b66af1ee9e6c2"
 dependencies = [
  "autocfg",
 ]
 
 [[package]]
-name = "object"
-version = "0.32.1"
+name = "num_cpus"
+version = "1.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9cf5f9dd3933bd50a9e1f149ec995f39ae2c496d31fd772c1fd45ebc27e902b0"
+checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43"
+dependencies = [
+ "hermit-abi 0.3.2",
+ "libc",
+]
+
+[[package]]
+name = "object"
+version = "0.32.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77ac5bbd07aea88c60a577a1ce218075ffd59208b2d7ca97adf9bfc5aeb21ebe"
 dependencies = [
  "memchr",
 ]
@@ -838,9 +850,9 @@ dependencies = [
 
 [[package]]
 name = "os_str_bytes"
-version = "6.6.1"
+version = "6.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e2355d85b9a3786f481747ced0e0ff2ba35213a1f9bd406ed906554d7af805a1"
+checksum = "4d5d9eb14b174ee9aa2ef96dc2b94637a2d4b6e7cb873c7e171f0c20c6cf3eac"
 
 [[package]]
 name = "paste"
@@ -896,9 +908,9 @@ dependencies = [
 
 [[package]]
 name = "prettyplease"
-version = "0.2.15"
+version = "0.2.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ae005bd773ab59b4725093fd7df83fd7892f7d8eafb48dbd7de6e024e4215f9d"
+checksum = "6c64d9ba0963cdcea2e1b2230fbae2bab30eb25a174be395c41e764bfb65dd62"
 dependencies = [
  "proc-macro2",
  "syn",
@@ -906,9 +918,9 @@ dependencies = [
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.69"
+version = "1.0.66"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da"
+checksum = "18fb31db3f9bddb2ea821cde30a9f70117e3f119938b5ee630b7403aa6e2ead9"
 dependencies = [
  "unicode-ident",
 ]
@@ -933,9 +945,9 @@ dependencies = [
 
 [[package]]
 name = "rayon"
-version = "1.8.0"
+version = "1.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c27db03db7734835b3f53954b534c91069375ce6ccaa2e065441e07d9b6cdb1"
+checksum = "1d2df5196e37bcc87abebc0053e20787d73847bb33134a69841207dd0a47f03b"
 dependencies = [
  "either",
  "rayon-core",
@@ -943,12 +955,14 @@ dependencies = [
 
 [[package]]
 name = "rayon-core"
-version = "1.12.0"
+version = "1.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5ce3fb6ad83f861aac485e76e1985cd109d9a3713802152be56c3b1f0e0658ed"
+checksum = "4b8f95bd6966f5c87776639160a66bd8ab9895d9d4ab01ddba9fc60661aebe8d"
 dependencies = [
+ "crossbeam-channel",
  "crossbeam-deque",
  "crossbeam-utils",
+ "num_cpus",
 ]
 
 [[package]]
@@ -962,9 +976,9 @@ dependencies = [
 
 [[package]]
 name = "regex"
-version = "1.10.2"
+version = "1.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343"
+checksum = "81bc1d4caf89fac26a70747fe603c130093b53c773888797a6329091246d651a"
 dependencies = [
  "aho-corasick",
  "memchr",
@@ -974,9 +988,9 @@ dependencies = [
 
 [[package]]
 name = "regex-automata"
-version = "0.4.3"
+version = "0.3.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f"
+checksum = "fed1ceff11a1dddaee50c9dc8e4938bd106e9d89ae372f192311e7da498e3b69"
 dependencies = [
  "aho-corasick",
  "memchr",
@@ -985,22 +999,23 @@ dependencies = [
 
 [[package]]
 name = "regex-syntax"
-version = "0.8.2"
+version = "0.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f"
+checksum = "e5ea92a5b6195c6ef2a0295ea818b312502c6fc94dde986c5553242e18fd4ce2"
 
 [[package]]
 name = "ring"
-version = "0.17.5"
+version = "0.16.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fb0205304757e5d899b9c2e448b867ffd03ae7f988002e47cd24954391394d0b"
+checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
 dependencies = [
  "cc",
- "getrandom",
  "libc",
+ "once_cell",
  "spin",
  "untrusted",
- "windows-sys",
+ "web-sys",
+ "winapi",
 ]
 
 [[package]]
@@ -1011,11 +1026,11 @@ checksum = "3582f63211428f83597b51b2ddb88e2a91a9d52d12831f9d08f5e624e8977422"
 
 [[package]]
 name = "rosenpass"
-version = "0.2.2"
+version = "0.2.0"
 dependencies = [
  "anyhow",
  "base64",
- "clap 4.4.8",
+ "clap 4.3.23",
  "criterion",
  "env_logger",
  "lazy_static",
@@ -1047,11 +1062,11 @@ checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
 
 [[package]]
 name = "rustix"
-version = "0.38.21"
+version = "0.38.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2b426b0506e5d50a7d8dafcf2e81471400deb602392c7dd110815afb4eaf02a3"
+checksum = "19ed4fa021d81c8392ce04db050a3da9a60299050b7ae1cf482d862b54a7218f"
 dependencies = [
- "bitflags 2.4.1",
+ "bitflags 2.4.0",
  "errno",
  "libc",
  "linux-raw-sys",
@@ -1060,21 +1075,31 @@ dependencies = [
 
 [[package]]
 name = "rustls"
-version = "0.21.8"
+version = "0.21.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "446e14c5cda4f3f30fe71863c34ec70f5ac79d6087097ad0bb433e1be5edf04c"
+checksum = "1d1feddffcfcc0b33f5c6ce9a29e341e4cd59c3f78e7ee45f4a40c038b1d6cbb"
 dependencies = [
  "log",
  "ring",
- "rustls-webpki",
+ "rustls-webpki 0.101.4",
  "sct",
 ]
 
 [[package]]
 name = "rustls-webpki"
-version = "0.101.7"
+version = "0.100.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
+checksum = "e98ff011474fa39949b7e5c0428f9b4937eda7da7848bbb947786b7be0b27dab"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
+[[package]]
+name = "rustls-webpki"
+version = "0.101.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7d93931baf2d282fff8d3a532bbfd7653f734643161b87e3e01e59a04439bf0d"
 dependencies = [
  "ring",
  "untrusted",
@@ -1103,9 +1128,9 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
 
 [[package]]
 name = "sct"
-version = "0.7.1"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
+checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4"
 dependencies = [
  "ring",
  "untrusted",
@@ -1113,18 +1138,18 @@ dependencies = [
 
 [[package]]
 name = "serde"
-version = "1.0.192"
+version = "1.0.185"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bca2a08484b285dcb282d0f67b26cadc0df8b19f8c12502c13d966bf9482f001"
+checksum = "be9b6f69f1dfd54c3b568ffa45c310d6973a5e5148fd40cf515acaf38cf5bc31"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.192"
+version = "1.0.185"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d6c7207fbec9faa48073f3e3074cbe553af6ea512d7c21ba46e434e70ea9fbc1"
+checksum = "dc59dfdcbad1437773485e0367fea4b090a2e0a16d9ffc46af47764536a298ec"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1133,9 +1158,9 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.108"
+version = "1.0.105"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d1c7e3eac408d115102c4c24ad393e0821bb3a5df4d506a80f85f7a742a526b"
+checksum = "693151e1ac27563d6dbcec9dee9fbd5da8539b20fa14ad3752b2e6d363ace360"
 dependencies = [
  "itoa",
  "ryu",
@@ -1144,24 +1169,24 @@ dependencies = [
 
 [[package]]
 name = "serde_spanned"
-version = "0.6.4"
+version = "0.6.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "12022b835073e5b11e90a14f86838ceb1c8fb0325b72416845c487ac0fa95e80"
+checksum = "96426c9936fd7a0124915f9185ea1d20aa9445cc9821142f0a73bc9207a2e186"
 dependencies = [
  "serde",
 ]
 
 [[package]]
 name = "shlex"
-version = "1.2.0"
+version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a7cee0529a6d40f580e7a5e6c495c8fbfe21b7b52795ed4bb5e62cdf92bc6380"
+checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3"
 
 [[package]]
 name = "spin"
-version = "0.9.8"
+version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
+checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
 
 [[package]]
 name = "stacker"
@@ -1190,9 +1215,9 @@ checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"
 
 [[package]]
 name = "syn"
-version = "2.0.39"
+version = "2.0.29"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "23e78b90f2fcf45d3e842032ce32e3f2d1545ba6636271dcbf24fa306d87be7a"
+checksum = "c324c494eba9d92503e6f1ef2e6df781e78f6a7705a0202d9801b198807d518a"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1212,9 +1237,9 @@ dependencies = [
 
 [[package]]
 name = "termcolor"
-version = "1.3.0"
+version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6093bad37da69aab9d123a8091e4be0aa4a03e4d601ec641c327398315f62b64"
+checksum = "be55cf8942feac5c765c2c993422806843c9a9a45d4d5c407ad6dd2ea95eb9b6"
 dependencies = [
  "winapi-util",
 ]
@@ -1233,18 +1258,18 @@ checksum = "222a222a5bfe1bba4a77b45ec488a741b3cb8872e5e499451fd7d0129c9c7c3d"
 
 [[package]]
 name = "thiserror"
-version = "1.0.50"
+version = "1.0.47"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f9a7210f5c9a7156bb50aa36aed4c95afb51df0df00713949448cf9e97d382d2"
+checksum = "97a802ec30afc17eee47b2855fc72e0c4cd62be9b4efe6591edde0ec5bd68d8f"
 dependencies = [
  "thiserror-impl",
 ]
 
 [[package]]
 name = "thiserror-impl"
-version = "1.0.50"
+version = "1.0.47"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8"
+checksum = "6bb623b56e39ab7dcd4b1b98bb6c8f8d907ed255b18de254088016b27a8ee19b"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1278,9 +1303,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
 [[package]]
 name = "toml"
-version = "0.7.8"
+version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dd79e69d3b627db300ff956027cc6c3798cef26d22526befdfcd12feeb6d2257"
+checksum = "c17e963a819c331dcacd7ab957d80bc2b9a9c1e71c804826d2f283dd65306542"
 dependencies = [
  "serde",
  "serde_spanned",
@@ -1290,20 +1315,20 @@ dependencies = [
 
 [[package]]
 name = "toml_datetime"
-version = "0.6.5"
+version = "0.6.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3550f4e9685620ac18a50ed434eb3aec30db8ba93b0287467bca5826ea25baf1"
+checksum = "7cda73e2f1397b1262d6dfdcef8aafae14d1de7748d66822d3bfeeb6d03e5e4b"
 dependencies = [
  "serde",
 ]
 
 [[package]]
 name = "toml_edit"
-version = "0.19.15"
+version = "0.19.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1b5bb770da30e5cbfde35a2d7b9b8a2c4b8ef89548a7a6aeab5c9a576e3e7421"
+checksum = "f8123f27e969974a3dfba720fdb560be359f57b44302d280ba72e76a74480e8a"
 dependencies = [
- "indexmap 2.1.0",
+ "indexmap 2.0.0",
  "serde",
  "serde_spanned",
  "toml_datetime",
@@ -1318,9 +1343,9 @@ checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460"
 
 [[package]]
 name = "unicode-ident"
-version = "1.0.12"
+version = "1.0.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
+checksum = "301abaae475aa91687eb82514b328ab47a211a533026cb25fc3e519b86adfc3c"
 
 [[package]]
 name = "unicode-normalization"
@@ -1333,30 +1358,30 @@ dependencies = [
 
 [[package]]
 name = "untrusted"
-version = "0.9.0"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
+checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
 
 [[package]]
 name = "ureq"
-version = "2.8.0"
+version = "2.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f5ccd538d4a604753ebc2f17cd9946e89b77bf87f6a8e2309667c6f2e87855e3"
+checksum = "0b11c96ac7ee530603dcdf68ed1557050f374ce55a5a07193ebf8cbc9f8927e9"
 dependencies = [
  "base64",
  "log",
  "once_cell",
  "rustls",
- "rustls-webpki",
+ "rustls-webpki 0.100.2",
  "url",
  "webpki-roots",
 ]
 
 [[package]]
 name = "url"
-version = "2.4.1"
+version = "2.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "143b538f18257fac9cad154828a57c6bf5157e1aa604d4816b5995bf6de87ae5"
+checksum = "50bff7831e19200a85b17131d085c25d7811bc4e186efdaf54bbd132994a88cb"
 dependencies = [
  "form_urlencoded",
  "idna",
@@ -1383,9 +1408,9 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
 
 [[package]]
 name = "walkdir"
-version = "2.4.0"
+version = "2.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d71d857dc86794ca4c280d616f7da00d2dbfd8cd788846559a6813e6aa4b54ee"
+checksum = "36df944cda56c7d8d8b7496af378e6b16de9284591917d307c9b4d313c44e698"
 dependencies = [
  "same-file",
  "winapi-util",
@@ -1399,9 +1424,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
 
 [[package]]
 name = "wasm-bindgen"
-version = "0.2.88"
+version = "0.2.87"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7daec296f25a1bae309c0cd5c29c4b260e510e6d813c286b19eaadf409d40fce"
+checksum = "7706a72ab36d8cb1f80ffbf0e071533974a60d0a308d01a5d0375bf60499a342"
 dependencies = [
  "cfg-if",
  "wasm-bindgen-macro",
@@ -1409,9 +1434,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-backend"
-version = "0.2.88"
+version = "0.2.87"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e397f4664c0e4e428e8313a469aaa58310d302159845980fd23b0f22a847f217"
+checksum = "5ef2b6d3c510e9625e5fe6f509ab07d66a760f0885d858736483c32ed7809abd"
 dependencies = [
  "bumpalo",
  "log",
@@ -1424,9 +1449,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-macro"
-version = "0.2.88"
+version = "0.2.87"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5961017b3b08ad5f3fe39f1e79877f8ee7c23c5e5fd5eb80de95abc41f1f16b2"
+checksum = "dee495e55982a3bd48105a7b947fd2a9b4a8ae3010041b9e0faab3f9cd028f1d"
 dependencies = [
  "quote",
  "wasm-bindgen-macro-support",
@@ -1434,9 +1459,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-macro-support"
-version = "0.2.88"
+version = "0.2.87"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c5353b8dab669f5e10f5bd76df26a9360c748f054f862ff5f3f8aae0c7fb3907"
+checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1447,15 +1472,15 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-shared"
-version = "0.2.88"
+version = "0.2.87"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0d046c5d029ba91a1ed14da14dca44b68bf2f124cfbaf741c54151fdb3e0750b"
+checksum = "ca6ad05a4870b2bf5fe995117d3728437bd27d7cd5f06f13c17443ef369775a1"
 
 [[package]]
 name = "web-sys"
-version = "0.3.65"
+version = "0.3.64"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5db499c5f66323272151db0e666cd34f78617522fb0c1604d31a27c50c206a85"
+checksum = "9b85cbef8c220a6abc02aefd892dfc0fc23afb1c6a426316ec33253a3877249b"
 dependencies = [
  "js-sys",
  "wasm-bindgen",
@@ -1463,20 +1488,22 @@ dependencies = [
 
 [[package]]
 name = "webpki-roots"
-version = "0.25.2"
+version = "0.23.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "14247bb57be4f377dfb94c72830b8ce8fc6beac03cf4bf7b9732eadd414123fc"
+checksum = "b03058f88386e5ff5310d9111d53f48b17d732b401aeb83a8d5190f2ac459338"
+dependencies = [
+ "rustls-webpki 0.100.2",
+]
 
 [[package]]
 name = "which"
-version = "4.4.2"
+version = "4.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7"
+checksum = "2441c784c52b289a054b7201fc93253e288f094e2f4be9058343127c4226a269"
 dependencies = [
  "either",
- "home",
+ "libc",
  "once_cell",
- "rustix",
 ]
 
 [[package]]
@@ -1497,9 +1524,9 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
 
 [[package]]
 name = "winapi-util"
-version = "0.1.6"
+version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596"
+checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
 dependencies = [
  "winapi",
 ]
@@ -1578,9 +1605,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538"
 
 [[package]]
 name = "winnow"
-version = "0.5.19"
+version = "0.5.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "829846f3e3db426d4cee4510841b71a8e58aa2a76b1132579487ae430ccd9c7b"
+checksum = "d09770118a7eb1ccaf4a594a221334119a44a814fcb0d31c5b85e83e97227a97"
 dependencies = [
  "memchr",
 ]
@@ -1594,26 +1621,6 @@ dependencies = [
  "libc",
 ]
 
-[[package]]
-name = "zerocopy"
-version = "0.7.25"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8cd369a67c0edfef15010f980c3cbe45d7f651deac2cd67ce097cd801de16557"
-dependencies = [
- "zerocopy-derive",
-]
-
-[[package]]
-name = "zerocopy-derive"
-version = "0.7.25"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c2f140bda219a26ccc0cdb03dba58af72590c53b22642577d88a927bc5c87d6b"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
 [[package]]
 name = "zip"
 version = "0.6.6"

Cargo.toml

@@ -1,10 +1,42 @@
-[workspace]
-resolver = "2"
+[package]
+name = "rosenpass"
+version = "0.2.0"
+authors = ["Karolin Varner <karo@cupdev.net>", "wucke13 <wucke13@gmail.com>"]
+edition = "2021"
+license = "MIT OR Apache-2.0"
+description = "Build post-quantum-secure VPNs with WireGuard!"
+homepage = "https://rosenpass.eu/"
+repository = "https://github.com/rosenpass/rosenpass"
+readme = "readme.md"
 
-members = [
-    "rosenpass",
-]
+[[bench]]
+name = "handshake"
+harness = false
 
-[workspace.metadata.release]
-# ensure that adding `--package` as argument to `cargo release` still creates version tags in the form of `vx.y.z`
-tag-prefix = ""
+[dependencies]
+anyhow = { version = "1.0.71", features = ["backtrace"] }
+base64 = "0.21.1"
+static_assertions = "1.1.0"
+memoffset = "0.9.0"
+libsodium-sys-stable = { version = "1.19.28", features = ["use-pkg-config"] }
+oqs-sys = { version = "0.8", default-features = false, features = ['classic_mceliece', 'kyber'] }
+lazy_static = "1.4.0"
+thiserror = "1.0.40"
+paste = "1.0.12"
+log = { version = "0.4.17", optional = true }
+env_logger = { version = "0.10.0", optional = true }
+serde = { version = "1.0.163", features = ["derive"] }
+toml = "0.7.4"
+clap = { version = "4.3.0", features = ["derive"] }
+mio = { version = "0.8.6", features = ["net", "os-poll"] }
+
+[build-dependencies]
+anyhow = "1.0.71"
+
+[dev-dependencies]
+criterion = "0.4.0"
+test_bin = "0.4.0"
+stacker = "0.1.15"
+
+[features]
+default = ["log", "env_logger"]

benches/handshake.rs

@@ -1,8 +1,7 @@
 use anyhow::Result;
-use rosenpass::pqkem::KEM;
 use rosenpass::{
-    pqkem::StaticKEM,
-    protocol::{CryptoServer, HandleMsgResult, MsgBuf, PeerPtr, SPk, SSk, SymKey},
+    pqkem::{EphemeralKEM, CCAKEM},
+    protocol::{CcaPk, CcaSk, CryptoServer, HandleMsgResult, MsgBuf, PeerPtr, SymKey},
     sodium::sodium_init,
 };
 
@@ -39,9 +38,9 @@ fn hs(ini: &mut CryptoServer, res: &mut CryptoServer) -> Result<()> {
     Ok(())
 }
 
-fn keygen() -> Result<(SSk, SPk)> {
-    let (mut sk, mut pk) = (SSk::zero(), SPk::zero());
-    StaticKEM::keygen(sk.secret_mut(), pk.secret_mut())?;
+fn keygen() -> Result<(CcaSk, CcaPk)> {
+    let (mut sk, mut pk) = (CcaSk::zero(), CcaPk::zero());
+    CCAKEM::keygen(sk.secret_mut(), pk.secret_mut())?;
     Ok((sk, pk))
 }
 
@@ -62,12 +61,12 @@ fn criterion_benchmark(c: &mut Criterion) {
     let (mut a, mut b) = make_server_pair().unwrap();
     c.bench_function("cca_secret_alloc", |bench| {
         bench.iter(|| {
-            SSk::zero();
+            CcaSk::zero();
         })
     });
     c.bench_function("cca_public_alloc", |bench| {
         bench.iter(|| {
-            SPk::zero();
+            CcaPk::zero();
         })
     });
     c.bench_function("keygen", |bench| {

config-examples/peer-a-config.toml

@@ -2,6 +2,7 @@ public_key = "peer-a-public-key"
 secret_key = "peer-a-secret-key"
 listen = ["[::]:10001"]
 verbosity = "Quiet"
+control_socket = "rosenpassd.sock"
 
 [[peers]]
 public_key = "peer-b-public-key"

doc/rosenpass.1

@@ -12,13 +12,13 @@
 .Sh DESCRIPTION
 .Nm
 performs cryptographic key exchanges that are secure against quantum-computers
-and then outputs the keys.
-These keys can then be passed to various services, such as wireguard or other
-vpn services, as pre-shared-keys to achieve security against attackers with
+and outputs the keys.
+These keys can then be passed to various services such as wireguard or other
+vpn services as pre-shared-keys to achieve security against attackers with
 quantum computers.
 .Pp
 This is a research project and quantum computers are not thought to become
-practical in fewer than ten years.
+practical in less than ten years.
 If you are not specifically tasked with developing post-quantum secure systems,
 you probably do not need this tool.
 .Ss COMMANDS
@@ -31,7 +31,7 @@ file secret!
 Start a process to exchange keys with the specified peers.
 You should specify at least one peer.
 .Pp
-Its
+It's
 .Ar OPTIONS
 are as follows:
 .Bl -tag -width Ds
@@ -39,7 +39,7 @@ are as follows:
 Instructs
 .Nm
 to listen on the specified interface and port.
-By default,
+By default
 .Nm
 will listen on all interfaces and select a random port.
 .It Ar verbose

flake.lock

@@ -8,11 +8,11 @@
         "rust-analyzer-src": "rust-analyzer-src"
       },
       "locked": {
-        "lastModified": 1699770036,
-        "narHash": "sha256-bZmI7ytPAYLpyFNgj5xirDkKuAniOkj1xHdv5aIJ5GM=",
+        "lastModified": 1692771621,
+        "narHash": "sha256-W1qOIeOvzkJxdITGGWqSxmFbu9ob+ZP8lXNkkQi8UL4=",
         "owner": "nix-community",
         "repo": "fenix",
-        "rev": "81ab0b4f7ae9ebb57daa0edf119c4891806e4d3a",
+        "rev": "add522038f2a32aa1263c8d3c81e1ea2265cc4e1",
         "type": "github"
       },
       "original": {
@@ -26,11 +26,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1694529238,
-        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
+        "lastModified": 1689068808,
+        "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
+        "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
         "type": "github"
       },
       "original": {
@@ -46,11 +46,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1698420672,
-        "narHash": "sha256-/TdeHMPRjjdJub7p7+w55vyABrsJlt5QkznPYy55vKA=",
+        "lastModified": 1692351612,
+        "narHash": "sha256-KTGonidcdaLadRnv9KFgwSMh1ZbXoR/OBmPjeNMhFwU=",
         "owner": "nix-community",
         "repo": "naersk",
-        "rev": "aeb58d5e8faead8980a807c840232697982d47b9",
+        "rev": "78789c30d64dea2396c9da516bbcc8db3a475207",
         "type": "github"
       },
       "original": {
@@ -61,11 +61,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1698846319,
-        "narHash": "sha256-4jyW/dqFBVpWFnhl0nvP6EN4lP7/ZqPxYRjl6var0Oc=",
+        "lastModified": 1691522891,
+        "narHash": "sha256-xqQqVryXKJoFQ/+RL0A7DihkLkev8dk6afM7B04TilU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "34bdaaf1f0b7fb6d9091472edc968ff10a8c2857",
+        "rev": "78287547942dd8e8afff0ae47fb8e2553db79d7e",
         "type": "github"
       },
       "original": {
@@ -84,11 +84,11 @@
     "rust-analyzer-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1699715108,
-        "narHash": "sha256-yPozsobJU55gj+szgo4Lpcg1lHvGQYAT6Y4MrC80mWE=",
+        "lastModified": 1692701491,
+        "narHash": "sha256-Lz5GXi/CImvcIXtpBpQ9jVI9Ni9eU/4xk36PvKmjwJM=",
         "owner": "rust-lang",
         "repo": "rust-analyzer",
-        "rev": "5fcf5289e726785d20d3aa4d13d90a43ed248e83",
+        "rev": "9e3bf69ad3c736893b285f47f4d014ae1aed1cb0",
         "type": "github"
       },
       "original": {

flake.nix

@@ -55,13 +55,14 @@
             };
 
             # parsed Cargo.toml
-            cargoToml = builtins.fromTOML (builtins.readFile ./rosenpass/Cargo.toml);
+            cargoToml = builtins.fromTOML (builtins.readFile ./Cargo.toml);
 
             # source files relevant for rust
-            src = pkgs.lib.sources.sourceFilesBySuffices ./. [
-              ".lock"
-              ".rs"
-              ".toml"
+            src = pkgs.lib.sourceByRegex ./. [
+              "Cargo\\.(toml|lock)"
+              "build.rs"
+              "(src|benches)(/.*\\.(rs|md))?"
+              "rp"
             ];
 
             # builds a bin path for all dependencies for the `rp` shellscript
@@ -111,9 +112,6 @@
                   version = cargoToml.package.version;
                   inherit src;
 
-                  cargoBuildOptions = x: x ++ [ "-p" "rosenpass" ];
-                  cargoTestOptions = x: x ++ [ "-p" "rosenpass" ];
-
                   doCheck = true;
 
                   nativeBuildInputs = with pkgs; [
@@ -159,6 +157,11 @@
                     '';
                   };
 
+                  # liboqs requires quite a lot of stack memory, thus we adjust
+                  # the default stack size picked for new threads (which is used
+                  # by `cargo test`) to be _big enough_
+                  RUST_MIN_STACK = 8 * 1024 * 1024; # 8 MiB
+
                   # We want to build for a specific target...
                   CARGO_BUILD_TARGET = target;
 
@@ -287,7 +290,7 @@
           packages.proof-proverif = pkgs.stdenv.mkDerivation {
             name = "rosenpass-proverif-proof";
             version = "unstable";
-            src = pkgs.lib.sources.sourceByRegex ./. [
+            src = pkgs.lib.sourceByRegex ./. [
               "analyze.sh"
               "marzipan(/marzipan.awk)?"
               "analysis(/.*)?"
@@ -306,6 +309,7 @@
           #
           devShells.default = pkgs.mkShell {
             inherit (packages.proof-proverif) CRYPTOVERIF_LIB;
+            inherit (packages.rosenpass) RUST_MIN_STACK;
             inputsFrom = [ packages.default ];
             nativeBuildInputs = with pkgs; [
               cmake # override the fakecmake from the main step above
@@ -318,6 +322,7 @@
           };
           devShells.coverage = pkgs.mkShell {
             inputsFrom = [ packages.default ];
+            inherit (packages.rosenpass) RUST_MIN_STACK;
             nativeBuildInputs = with pkgs; [ inputs.fenix.packages.${system}.complete.toolchain cargo-llvm-cov ];
           };
 

rosenpass/Cargo.toml

@@ -1,42 +0,0 @@
-[package]
-name = "rosenpass"
-version = "0.2.2"
-authors = ["Karolin Varner <karo@cupdev.net>", "wucke13 <wucke13@gmail.com>"]
-edition = "2021"
-license = "MIT OR Apache-2.0"
-description = "Build post-quantum-secure VPNs with WireGuard!"
-homepage = "https://rosenpass.eu/"
-repository = "https://github.com/rosenpass/rosenpass"
-readme = "readme.md"
-
-[[bench]]
-name = "handshake"
-harness = false
-
-[dependencies]
-anyhow = { version = "1.0.71", features = ["backtrace"] }
-base64 = "0.21.1"
-static_assertions = "1.1.0"
-memoffset = "0.9.0"
-libsodium-sys-stable = { version = "1.19.28", features = ["use-pkg-config"] }
-oqs-sys = { version = "0.8", default-features = false, features = ['classic_mceliece', 'kyber'] }
-lazy_static = "1.4.0"
-thiserror = "1.0.40"
-paste = "1.0.12"
-log = { version = "0.4.17", optional = true }
-env_logger = { version = "0.10.0", optional = true }
-serde = { version = "1.0.163", features = ["derive"] }
-toml = "0.7.4"
-clap = { version = "4.3.0", features = ["derive"] }
-mio = { version = "0.8.6", features = ["net", "os-poll"] }
-
-[build-dependencies]
-anyhow = "1.0.71"
-
-[dev-dependencies]
-criterion = "0.4.0"
-test_bin = "0.4.0"
-stacker = "0.1.15"
-
-[features]
-default = ["log", "env_logger"]

rosenpass/readme.md

@@ -1 +0,0 @@
-../readme.md

src/app_server.rs

@@ -1,7 +1,9 @@
 use anyhow::bail;
 
 use anyhow::Result;
-use log::{debug, error, info, warn};
+use log::debug;
+use log::trace;
+use log::{error, info, warn};
 use mio::Interest;
 use mio::Token;
 
@@ -15,11 +17,11 @@ use std::net::SocketAddr;
 use std::net::SocketAddrV4;
 use std::net::SocketAddrV6;
 use std::net::ToSocketAddrs;
+use std::path::Path;
 use std::path::PathBuf;
 use std::process::Command;
 use std::process::Stdio;
 use std::slice;
-use std::thread;
 use std::time::Duration;
 
 use crate::util::fopen_w;
@@ -31,6 +33,7 @@ use crate::{
 
 const IPV4_ANY_ADDR: Ipv4Addr = Ipv4Addr::new(0, 0, 0, 0);
 const IPV6_ANY_ADDR: Ipv6Addr = Ipv6Addr::new(0, 0, 0, 0, 0, 0, 0, 0);
+const CONTROL_SOCKET_TOKEN: mio::Token = mio::Token(usize::MAX);
 
 fn ipv4_any_binding() -> SocketAddr {
     // addr, port
@@ -79,6 +82,9 @@ pub struct AppServer {
     pub peers: Vec<AppPeer>,
     pub verbosity: Verbosity,
     pub all_sockets_drained: bool,
+
+    /// Optional control socket to change the configuration of a running rosenpassd
+    pub maybe_control_socket: Option<mio::net::UnixDatagram>,
 }
 
 /// A socket pointer is an index assigned to a socket;
@@ -336,11 +342,13 @@ impl HostPathDiscoveryEndpoint {
 }
 
 impl AppServer {
-    pub fn new(
+    pub fn new<P: AsRef<Path> + core::fmt::Debug>(
+        // TODO @wucke13 check if requiring Debug breaks important types that otherwise fulfill AsRef<Path>
         sk: SSk,
         pk: SPk,
         addrs: Vec<SocketAddr>,
         verbosity: Verbosity,
+        uds: Option<P>,
     ) -> anyhow::Result<Self> {
         // setup mio
         let mio_poll = mio::Poll::new()?;
@@ -418,13 +426,31 @@ impl AppServer {
         }
 
         // register all sockets to mio
+        debug!("registering all UDP sockets to mio");
         for (i, socket) in sockets.iter_mut().enumerate() {
+            trace!("registering {socket:?}");
             mio_poll
                 .registry()
                 .register(socket, Token(i), Interest::READABLE)?;
         }
 
+        let mut maybe_control_socket = uds
+            .map(|p| {
+                debug!("binding control socket {p:?}");
+                mio::net::UnixDatagram::bind(p)
+            })
+            .transpose()?;
+        if let Some(control_socket) = &mut maybe_control_socket {
+            debug!("registering control socket to mio");
+            mio_poll.registry().register(
+                control_socket,
+                CONTROL_SOCKET_TOKEN,
+                Interest::READABLE,
+            )?;
+        }
+
         // TODO use mio::net::UnixStream together with std::os::unix::net::UnixStream for Linux
+        debug!("finalizing AppServer creation");
 
         Ok(Self {
             crypt: CryptoServer::new(sk, pk),
@@ -434,6 +460,7 @@ impl AppServer {
             events,
             mio_poll,
             all_sockets_drained: false,
+            maybe_control_socket,
         })
     }
 
@@ -623,7 +650,7 @@ impl AppServer {
         }
 
         if let Some(owg) = ap.outwg.as_ref() {
-            let mut child = Command::new("wg")
+            let child = Command::new("wg")
                 .arg("set")
                 .arg(&owg.dev)
                 .arg("peer")
@@ -633,26 +660,13 @@ impl AppServer {
                 .stdin(Stdio::piped())
                 .args(&owg.extra_params)
                 .spawn()?;
-            b64_writer(child.stdin.take().unwrap()).write_all(key.secret())?;
-
-            thread::spawn(move || {
-                let status = child.wait();
-
-                if let Ok(status) = status {
-                    if status.success() {
-                        debug!("successfully passed psk to wg")
-                    } else {
-                        error!("could not pass psk to wg {:?}", status)
-                    }
-                } else {
-                    error!("wait failed: {:?}", status)
-                }
-            });
+            b64_writer(child.stdin.unwrap()).write_all(key.secret())?;
         }
 
         Ok(())
     }
 
+    // Polls the crypto servers state machine for new actions
     pub fn poll(&mut self, rx_buf: &mut [u8]) -> anyhow::Result<AppPollResult> {
         use crate::protocol::PollResult as C;
         use AppPollResult as A;
@@ -669,7 +683,7 @@ impl AppServer {
         }
     }
 
-    /// Tries to receive a new message
+    /// Tries to receive a new control socket command or incoming message
     ///
     /// - might wait for an duration up to `timeout`
     /// - returns immediately if an error occurs
@@ -708,6 +722,27 @@ impl AppServer {
             self.mio_poll.poll(&mut self.events, Some(timeout))?;
         }
 
+        trace!("checking for new command on control socket");
+        // control socket always has priority
+        if let Some(control_socket) = &mut self.maybe_control_socket {
+            let mut buf = [0u8; 16];
+
+            match control_socket.recv(&mut buf) {
+                Ok(size) => {
+                    // TODO handle command
+                    // to send something here, use the following shell snippet:
+                    //
+                    // printf '\x7\' | nc -NuU rosenpassd.sock
+                    log::debug!("buf received {:?}", &buf[0..size]);
+                }
+                Err(e) if e.kind() == ErrorKind::WouldBlock => {
+                    trace!("no new commands on control socket")
+                }
+                Err(e) => return Err(e.into()),
+            }
+        }
+
+        // then normal traffic is processed
         let mut would_block_count = 0;
         for (sock_no, socket) in self.sockets.iter_mut().enumerate() {
             match socket.recv_from(buf) {

src/cli.rs

@@ -228,6 +228,7 @@ impl Cli {
             pk,
             config.listen,
             config.verbosity,
+            config.control_socket.as_ref(),
         )?);
 
         for cfg_peer in config.peers {

src/config.rs

@@ -25,6 +25,8 @@ pub struct Rosenpass {
 
     #[serde(skip)]
     pub config_file_path: PathBuf,
+
+    pub control_socket: Option<PathBuf>,
 }
 
 #[derive(Debug, PartialEq, Eq, Serialize, Deserialize)]
@@ -55,8 +57,6 @@ pub struct RosenpassPeer {
 pub struct WireGuard {
     pub device: String,
     pub peer: String,
-
-    #[serde(default)]
     pub extra_params: Vec<String>,
 }
 
@@ -135,6 +135,7 @@ impl Rosenpass {
             verbosity: Verbosity::Quiet,
             peers: vec![],
             config_file_path: PathBuf::new(),
+            control_socket: None,
         }
     }
 

src/control_commands.rs

@@ -0,0 +1,38 @@
+//! Data structures representing the control messages going over the control socket
+//!
+//! This module uses the same de-/serialization mechanism as [crate::msgs].
+//! If you want to interface with `rosenpassd`, this is where you can look up the format
+//! of the messages that are accepted.
+
+use crate::{data_lense, msgs::LenseView, RosenpassError};
+
+data_lense! { ControlComand<C> :=
+    /// [MsgType] of this message
+    msg_type: 1
+}
+
+#[repr(u8)]
+#[derive(Hash, PartialEq, Eq, PartialOrd, Ord, Debug, Clone, Copy)]
+pub enum CommandType {
+    /// Add one peer
+    AddPeer = 0x10,
+
+    /// Remove all peers that match the given public key
+    RemovePeerPk = 0x11,
+
+    /// Remove all peers that match the given address
+    RemovePeerIp = 0x12,
+}
+
+impl TryFrom<u8> for CommandType {
+    type Error = RosenpassError;
+
+    fn try_from(value: u8) -> Result<Self, Self::Error> {
+        Ok(match value {
+            0x10 => CommandType::AddPeer,
+            0x11 => CommandType::RemovePeerPk,
+            0x12 => CommandType::RemovePeerIp,
+            _ => return Err(RosenpassError::InvalidMessageType(value)),
+        })
+    }
+}

src/labeled_prf.rs

@@ -21,12 +21,12 @@ macro_rules! prflabel {
     }
 }
 
-prflabel!(protocol, mac, "mac");
-prflabel!(protocol, cookie, "cookie");
-prflabel!(protocol, peerid, "peer id");
+prflabel!(protocol, mac,        "mac");
+prflabel!(protocol, cookie,     "cookie");
+prflabel!(protocol, peerid,     "peer id");
 prflabel!(protocol, biscuit_ad, "biscuit additional data");
-prflabel!(protocol, ckinit, "chaining key init");
-prflabel!(protocol, _ckextract, "chaining key extract");
+prflabel!(protocol, ckinit,     "chaining key init");
+prflabel!(protocol, _ckextract,  "chaining key extract");
 
 macro_rules! prflabel_leaf {
     ($base:ident, $name:ident, $($lbl:expr),* ) => {
@@ -38,10 +38,10 @@ macro_rules! prflabel_leaf {
     }
 }
 
-prflabel_leaf!(_ckextract, mix, "mix");
-prflabel_leaf!(_ckextract, hs_enc, "handshake encryption");
-prflabel_leaf!(_ckextract, ini_enc, "initiator handshake encryption");
-prflabel_leaf!(_ckextract, res_enc, "responder handshake encryption");
+prflabel_leaf!(_ckextract, mix,        "mix");
+prflabel_leaf!(_ckextract, hs_enc,     "handshake encryption");
+prflabel_leaf!(_ckextract, ini_enc,    "initiator handshake encryption");
+prflabel_leaf!(_ckextract, res_enc,    "responder handshake encryption");
 
 prflabel!(_ckextract, _user, "user");
 prflabel!(_user, _rp, "rosenpass.eu");

src/lib.rs

@@ -8,6 +8,7 @@ pub mod labeled_prf;
 pub mod app_server;
 pub mod cli;
 pub mod config;
+pub mod control_commands;
 pub mod msgs;
 pub mod pqkem;
 pub mod prftree;
@@ -19,13 +20,16 @@ pub enum RosenpassError {
     Oqs,
     #[error("error from external library while calling OQS")]
     OqsExternalLib,
-    #[error("buffer size mismatch, required {required_size} but found {actual_size}")]
+    #[error("buffer size mismatch, required {required_size} but only found {actual_size}")]
     BufferSizeMismatch {
         required_size: usize,
         actual_size: usize,
     },
     #[error("invalid message type")]
     InvalidMessageType(u8),
+
+    #[error("invalid command type")]
+    InvalidCommandType(u8),
 }
 
 impl RosenpassError {

src/lprf.rs

@@ -27,7 +27,7 @@ pub fn prf_into(out: &mut [u8], key: &[u8], data: &[u8]) {
     hmac_into(out, key, data).unwrap()
 }
 
-pub fn prf(key: &[u8], data: &[u8]) -> [u8; KEY_SIZE] {
+pub fn prf(key: &[u8], data: &[u8]) -> [u8; KEY_SIZE]{
     mutating([0u8; KEY_SIZE], |r| prf_into(r, key, data))
 }
 
@@ -70,9 +70,8 @@ impl IprfBranch {
 
 impl SecretIprf {
     fn prf_invoc(k: &[u8], d: &[u8]) -> SecretIprf {
-        mutating(SecretIprf(Secret::zero()), |r| {
-            prf_into(k, d, r.secret_mut())
-        })
+        mutating(SecretIprf(Secret::zero()), |r|
+            prf_into(k, d, r.secret_mut()))
     }
 
     fn from_key(k: Secret<N>) -> SecretIprf {

src/msgs.rs

@@ -131,6 +131,9 @@ macro_rules! data_lense(
 
         impl<__ContainerType $(, $( $generic: LenseView ),+ )? > $type<__ContainerType $(, $( $generic ),+ )? >{
             $(
+            /// Size in bytes of the field `
+            #[doc = !($field)]
+            /// `
             pub const fn [< $field _len >]() -> usize{
                 $len
             }
@@ -140,7 +143,7 @@ macro_rules! data_lense(
             pub fn check_size(len: usize) -> Result<(), RosenpassError>{
                 let required_size = $( $len + )+ 0;
                 let actual_size = len;
-                if required_size != actual_size {
+                if required_size < actual_size {
                     Err(RosenpassError::BufferSizeMismatch {
                         required_size,
                         actual_size,
@@ -196,53 +199,23 @@ macro_rules! data_lense(
             type __ContainerType;
 
             /// Create a lense to the byte slice
-            fn [< $type:snake >] $(< $($generic : LenseView),* >)? (self) -> Result< $type<Self::__ContainerType, $( $($generic),+ )? >, RosenpassError>;
-
-            /// Create a lense to the byte slice, automatically truncating oversized buffers
-            fn [< $type:snake _ truncating >] $(< $($generic : LenseView),* >)? (self) -> Result< $type<Self::__ContainerType, $( $($generic),+ )? >, RosenpassError>;
+            fn [< $type:snake >] $(< $($generic),* >)? (self) -> Result< $type<Self::__ContainerType, $( $($generic),+ )? >, RosenpassError>;
         }
 
         impl<'a> [< $type Ext >] for &'a [u8] {
             type __ContainerType = &'a [u8];
 
-            fn [< $type:snake >] $(< $($generic : LenseView),* >)? (self) -> Result< $type<Self::__ContainerType, $( $($generic),+ )? >, RosenpassError> {
-                $type::<Self::__ContainerType, $( $($generic),+ )? >::check_size(self.len())?;
+            fn [< $type:snake >] $(< $($generic),* >)? (self) -> Result< $type<Self::__ContainerType, $( $($generic),+ )? >, RosenpassError> {
                 Ok($type ( self, $( $( ::core::marker::PhantomData::<$generic>  ),+ )? ))
             }
-
-            fn [< $type:snake _ truncating >] $(< $($generic : LenseView),* >)? (self) -> Result< $type<Self::__ContainerType, $( $($generic),+ )? >, RosenpassError> {
-                let required_size = $( $len + )+ 0;
-                let actual_size = self.len();
-                if actual_size < required_size {
-                    return Err(RosenpassError::BufferSizeMismatch {
-                        required_size,
-                        actual_size,
-                    });
-                }
-
-                [< $type Ext >]::[< $type:snake >](&self[..required_size])
-            }
         }
 
         impl<'a> [< $type Ext >] for &'a mut [u8] {
             type __ContainerType = &'a mut [u8];
-            fn [< $type:snake >] $(< $($generic : LenseView),* >)? (self) -> Result< $type<Self::__ContainerType, $( $($generic),+ )? >, RosenpassError> {
-                $type::<Self::__ContainerType, $( $($generic),+ )? >::check_size(self.len())?;
+
+            fn [< $type:snake >] $(< $($generic),* >)? (self) -> Result< $type<Self::__ContainerType, $( $($generic),+ )? >, RosenpassError> {
                 Ok($type ( self, $( $( ::core::marker::PhantomData::<$generic>  ),+ )? ))
             }
-
-            fn [< $type:snake _ truncating >] $(< $($generic : LenseView),* >)? (self) -> Result< $type<Self::__ContainerType, $( $($generic),+ )? >, RosenpassError> {
-                let required_size = $( $len + )+ 0;
-                let actual_size = self.len();
-                if actual_size < required_size {
-                    return Err(RosenpassError::BufferSizeMismatch {
-                        required_size,
-                        actual_size,
-                    });
-                }
-
-                [< $type Ext >]::[< $type:snake >](&mut self[..required_size])
-            }
         }
     });
 );

src/protocol.rs

@@ -23,10 +23,10 @@
 //!     pqkem::{StaticKEM, KEM},
 //!     protocol::{SSk, SPk, MsgBuf, PeerPtr, CryptoServer, SymKey},
 //! };
-//! # fn main() -> anyhow::Result<()> {
+//! # fn main() -> Result<(), rosenpass::RosenpassError> {
 //!
 //! // always init libsodium before anything
-//! rosenpass::sodium::sodium_init()?;
+//! rosenpass::sodium::sodium_init().unwrap();
 //!
 //! // initialize secret and public key for peer a ...
 //! let (mut peer_a_sk, mut peer_a_pk) = (SSk::zero(), SPk::zero());
@@ -42,26 +42,25 @@
 //! let mut b = CryptoServer::new(peer_b_sk, peer_b_pk.clone());
 //!
 //! // introduce peers to each other
-//! a.add_peer(Some(psk.clone()), peer_b_pk)?;
-//! b.add_peer(Some(psk), peer_a_pk)?;
+//! a.add_peer(Some(psk.clone()), peer_b_pk).unwrap();
+//! b.add_peer(Some(psk), peer_a_pk).unwrap();
 //!
 //! // declare buffers for message exchange
 //! let (mut a_buf, mut b_buf) = (MsgBuf::zero(), MsgBuf::zero());
 //!
 //! // let a initiate a handshake
-//! let mut maybe_len = Some(a.initiate_handshake(PeerPtr(0), a_buf.as_mut_slice())?);
+//! let length = a.initiate_handshake(PeerPtr(0), a_buf.as_mut_slice());
 //!
-//! // let a and b communicate
-//! while let Some(len) = maybe_len {
-//!    maybe_len = b.handle_msg(&a_buf[..len], &mut b_buf[..])?.resp;
-//!    std::mem::swap(&mut a, &mut b);
-//!    std::mem::swap(&mut a_buf, &mut b_buf);
+//! // let b respond to a and a respond to b, in two rounds
+//! for _ in 0..2 {
+//!    b.handle_msg(&a_buf[..], &mut b_buf[..]);
+//!    a.handle_msg(&b_buf[..], &mut a_buf[..]);
 //! }
 //!
 //! // all done! Extract the shared keys and ensure they are identical
-//! let a_key = a.osk(PeerPtr(0))?;
-//! let b_key = b.osk(PeerPtr(0))?;
-//! assert_eq!(a_key.secret(), b_key.secret(),
+//! let a_key = a.osk(PeerPtr(0));
+//! let b_key = b.osk(PeerPtr(0));
+//! assert_eq!(a_key.unwrap().secret(), b_key.unwrap().secret(),
 //!     "the key exchanged failed to establish a shared secret");
 //! # Ok(())
 //! # }
@@ -737,7 +736,7 @@ impl CryptoServer {
     // TODO remove unnecessary copying between global tx_buf and per-peer buf
     // TODO move retransmission storage to io server
     pub fn initiate_handshake(&mut self, peer: PeerPtr, tx_buf: &mut [u8]) -> Result<usize> {
-        let mut msg = tx_buf.envelope_truncating::<InitHello<()>>()?; // Envelope::<InitHello>::default(); // TODO
+        let mut msg = tx_buf.envelope::<InitHello<()>>()?; // Envelope::<InitHello>::default(); // TODO
         self.handle_initiation(peer, msg.payload_mut().init_hello()?)?;
         let len = self.seal_and_commit_msg(peer, MsgType::InitHello, msg)?;
         peer.hs()
@@ -794,7 +793,7 @@ impl CryptoServer {
                 let msg_in = rx_buf.envelope::<InitHello<&[u8]>>()?;
                 ensure!(msg_in.check_seal(self)?, seal_broken);
 
-                let mut msg_out = tx_buf.envelope_truncating::<RespHello<&mut [u8]>>()?;
+                let mut msg_out = tx_buf.envelope::<RespHello<&mut [u8]>>()?;
                 let peer = self.handle_init_hello(
                     msg_in.payload().init_hello()?,
                     msg_out.payload_mut().resp_hello()?,
@@ -806,7 +805,7 @@ impl CryptoServer {
                 let msg_in = rx_buf.envelope::<RespHello<&[u8]>>()?;
                 ensure!(msg_in.check_seal(self)?, seal_broken);
 
-                let mut msg_out = tx_buf.envelope_truncating::<InitConf<&mut [u8]>>()?;
+                let mut msg_out = tx_buf.envelope::<InitConf<&mut [u8]>>()?;
                 let peer = self.handle_resp_hello(
                     msg_in.payload().resp_hello()?,
                     msg_out.payload_mut().init_conf()?,
@@ -821,13 +820,13 @@ impl CryptoServer {
                 let msg_in = rx_buf.envelope::<InitConf<&[u8]>>()?;
                 ensure!(msg_in.check_seal(self)?, seal_broken);
 
-                let mut msg_out = tx_buf.envelope_truncating::<EmptyData<&mut [u8]>>()?;
-                let (peer, if_exchanged) = self.handle_init_conf(
+                let mut msg_out = tx_buf.envelope::<EmptyData<&mut [u8]>>()?;
+                let peer = self.handle_init_conf(
                     msg_in.payload().init_conf()?,
                     msg_out.payload_mut().empty_data()?,
                 )?;
                 len = self.seal_and_commit_msg(peer, MsgType::EmptyData, msg_out)?;
-                exchanged = if_exchanged;
+                exchanged = true;
                 peer
             }
             Ok(MsgType::EmptyData) => {
@@ -1614,8 +1613,7 @@ impl CryptoServer {
         &mut self,
         ic: InitConf<&[u8]>,
         mut rc: EmptyData<&mut [u8]>,
-    ) -> Result<(PeerPtr, bool)> {
-        let mut exchanged = false;
+    ) -> Result<PeerPtr> {
         // (peer, bn) ← LoadBiscuit(InitConf.biscuit)
         // ICR1
         let (peer, biscuit_no, mut core) = HandshakeState::load_biscuit(
@@ -1645,9 +1643,6 @@ impl CryptoServer {
             // TODO: This should be part of the protocol specification.
             // Abort any ongoing handshake from initiator role
             peer.hs().take(self);
-
-            // Only exchange key on a new biscuit number
-            exchanged = true;
         }
 
         // TODO: Implementing RP should be possible without touching the live session stuff
@@ -1687,7 +1682,7 @@ impl CryptoServer {
         let k = ses.txkm.secret();
         aead_enc_into(rc.auth_mut(), k, &n, &NOTHING, &NOTHING)?; // ct, k, n, ad, pt
 
-        Ok((peer, exchanged))
+        Ok(peer)
     }
 
     pub fn handle_resp_conf(&mut self, rc: EmptyData<&[u8]>) -> Result<PeerPtr> {
@@ -1738,94 +1733,31 @@ impl CryptoServer {
 mod test {
     use super::*;
 
-    #[test]
-    /// Ensure that the protocol implementation can deal with truncated
-    /// messages and with overlong messages.
-    ///
-    /// This test performs a complete handshake between two randomly generated
-    /// servers; instead of delivering the message correctly at first messages
-    /// of length zero through about 1.2 times the correct message size are delivered.
-    ///
-    /// Producing an error is expected on each of these messages.
-    ///
-    /// Finally the correct message is delivered and the same process
-    /// starts again in the other direction.
-    ///
-    /// Through all this, the handshake should still successfully terminate;
-    /// i.e. an exchanged key must be produced in both servers.
-    fn handles_incorrect_size_messages() {
+    fn init_crypto_server() -> CryptoServer {
+        // always init libsodium before anything
         crate::sodium::sodium_init().unwrap();
 
-        stacker::grow(8 * 1024 * 1024, || {
-            const OVERSIZED_MESSAGE: usize = ((MAX_MESSAGE_LEN as f32) * 1.2) as usize;
-            type MsgBufPlus = Public<OVERSIZED_MESSAGE>;
-
-            const PEER0: PeerPtr = PeerPtr(0);
-
-            let (mut me, mut they) = make_server_pair().unwrap();
-            let (mut msgbuf, mut resbuf) = (MsgBufPlus::zero(), MsgBufPlus::zero());
-
-            // Process the entire handshake
-            let mut msglen = Some(me.initiate_handshake(PEER0, &mut *resbuf).unwrap());
-            loop {
-                if let Some(l) = msglen {
-                    std::mem::swap(&mut me, &mut they);
-                    std::mem::swap(&mut msgbuf, &mut resbuf);
-                    msglen = test_incorrect_sizes_for_msg(&mut me, &*msgbuf, l, &mut *resbuf);
-                } else {
-                    break;
-                }
-            }
-
-            assert_eq!(
-                me.osk(PEER0).unwrap().secret(),
-                they.osk(PEER0).unwrap().secret()
-            );
-        });
-    }
-
-    /// Used in handles_incorrect_size_messages() to first deliver many truncated
-    /// and overlong messages, finally the correct message is delivered and the response
-    /// returned.
-    fn test_incorrect_sizes_for_msg(
-        srv: &mut CryptoServer,
-        msgbuf: &[u8],
-        msglen: usize,
-        resbuf: &mut [u8],
-    ) -> Option<usize> {
-        resbuf.fill(0);
-
-        for l in 0..(((msglen as f32) * 1.2) as usize) {
-            if l == msglen {
-                continue;
-            }
-
-            let res = srv.handle_msg(&msgbuf[..l], resbuf);
-            assert!(matches!(res, Err(_))); // handle_msg should raise an error
-            assert!(!resbuf.iter().find(|x| **x != 0).is_some()); // resbuf should not have been changed
-        }
-
-        // Apply the proper handle_msg operation
-        srv.handle_msg(&msgbuf[..msglen], resbuf).unwrap().resp
-    }
-
-    fn keygen() -> Result<(SSk, SPk)> {
-        // TODO: Copied from the benchmark; deduplicate
+        // initialize secret and public key for the crypto server
         let (mut sk, mut pk) = (SSk::zero(), SPk::zero());
-        StaticKEM::keygen(sk.secret_mut(), pk.secret_mut())?;
-        Ok((sk, pk))
+
+        // Guranteed to have 16MB of stack size
+        stacker::grow(8 * 1024 * 1024, || {
+            StaticKEM::keygen(sk.secret_mut(), pk.secret_mut()).expect("unable to generate keys");
+        });
+
+        CryptoServer::new(sk, pk)
     }
 
-    fn make_server_pair() -> Result<(CryptoServer, CryptoServer)> {
-        // TODO: Copied from the benchmark; deduplicate
-        let psk = SymKey::random();
-        let ((ska, pka), (skb, pkb)) = (keygen()?, keygen()?);
-        let (mut a, mut b) = (
-            CryptoServer::new(ska, pka.clone()),
-            CryptoServer::new(skb, pkb.clone()),
-        );
-        a.add_peer(Some(psk.clone()), pkb)?;
-        b.add_peer(Some(psk), pka)?;
-        Ok((a, b))
+    /// The determination of the message type relies on reading the first byte of the message. Only
+    /// after that the length of the message is checked against the specified message type. This
+    /// test ensures that nothing breaks in the case of an empty message.
+    #[test]
+    #[should_panic = "called `Result::unwrap()` on an `Err` value: received empty message, ignoring it"]
+    fn handle_empty_message() {
+        let mut crypt = init_crypto_server();
+        let empty_rx_buf = [0u8; 0];
+        let mut tx_buf = [0u8; 0];
+
+        crypt.handle_msg(&empty_rx_buf, &mut tx_buf).unwrap();
     }
 }

src/util.rs

@@ -15,17 +15,6 @@ use std::{
 
 use crate::coloring::{Public, Secret};
 
-/// Xors a and b element-wise and writes the result into a.
-///
-/// # Examples
-///
-/// ```
-/// use rosenpass::util::xor_into;
-/// let mut a = String::from("hello").into_bytes();
-/// let b = b"world";
-/// xor_into(&mut a, b);
-/// assert_eq!(&a, b"\x1f\n\x1e\x00\x0b");
-/// ```
 #[inline]
 pub fn xor_into(a: &mut [u8], b: &[u8]) {
     assert!(a.len() == b.len());