Karolin Varner
c82ed332f6
Start splitting protocol.rs into multiple files (#655)
|
1 vecka sedan | |
|---|---|---|
| .ci | 1 månad sedan | |
| .devcontainer | 1 år sedan | |
| .github | 1 vecka sedan | |
| analysis | 1 år sedan | |
| cipher-traits | 1 månad sedan | |
| ciphers | 1 vecka sedan | |
| config-examples | 2 år sedan | |
| constant-time | 1 månad sedan | |
| doc | 8 månader sedan | |
| docker | 4 månader sedan | |
| fuzz | 1 månad sedan | |
| manual_tests | 10 månader sedan | |
| marzipan | 2 år sedan | |
| misc | 11 månader sedan | |
| oqs | 1 månad sedan | |
| papers | 1 månad sedan | |
| pkgs | 1 vecka sedan | |
| rosenpass | 1 vecka sedan | |
| rp | 1 vecka sedan | |
| secret-memory | 1 månad sedan | |
| supply-chain | 2 månader sedan | |
| systemd | 6 månader sedan | |
| tests | 1 månad sedan | |
| to | 1 månad sedan | |
| util | 1 vecka sedan | |
| wireguard-broker | 1 månad sedan | |
| .dockerignore | 4 månader sedan | |
| .envrc | 2 år sedan | |
| .gitignore | 4 månader sedan | |
| .gitlab-ci.yml | 2 år sedan | |
| .mailmap | 1 år sedan | |
| .prettierignore | 8 månader sedan | |
| CONTRIBUTING.md | 6 månader sedan | |
| Cargo.lock | 1 vecka sedan | |
| Cargo.toml | 1 vecka sedan | |
| LICENSE-APACHE | 2 år sedan | |
| LICENSE-MIT | 2 år sedan | |
| analyze.sh | 2 år sedan | |
| coverage_report.sh | 6 månader sedan | |
| deny.toml | 1 månad sedan | |
| flake.lock | 1 månad sedan | |
| flake.nix | 1 vecka sedan | |
| format_rust_code.sh | 1 år sedan | |
| overlay.nix | 1 månad sedan | |
| readme.md | 1 vecka sedan | |
| rust-toolchain.toml | 2 månader sedan | |
| supply-chain-protection.md | 4 månader sedan | |
| treefmt.nix | 1 månad sedan |
readme.md
Rosenpass README
This repository contains
- A description of the Rosenpass protocol
- The reference implementation of the protocol – the rosenpass tool
- A frontend integrating Rosenpass and WireGuard to create a vpn – the rp frontend
- Security analysis of the protocol using proverif
Getting started
First, install rosenpass. Then, check out the help functions of rp & rosenpass:
rp help
rosenpass help
Follow quick start instructions to get a VPN up and running.
Contributing
Contributions are generally welcome. Join our Matrix Chat if you are looking for guidance on how to contribute or for people to collaborate with.
We also have a – as of now, very minimal – contributors guide.
Software architecture
The rosenpass tool is written in Rust and uses liboqs^liboqs. The tool establishes a symmetric key and provides it to WireGuard. Since it supplies WireGuard with key through the PSK feature using Rosenpass+WireGuard is cryptographically no less secure than using WireGuard on its own ("hybrid security"). Rosenpass refreshes the symmetric key every two minutes.
As with any application a small risk of critical security issues (such as buffer overflows, remote code execution) exists; the Rosenpass application is written in the Rust programming language which is much less prone to such issues. Rosenpass can also write keys to files instead of supplying them to WireGuard With a bit of scripting the stand alone mode of the implementation can be used to run the application in a Container, VM or on another host. This mode can also be used to integrate tools other than WireGuard with Rosenpass.
The rp tool written in Rust makes it easy to create a VPN using WireGuard and Rosenpass.
rp is easy to get started with but has a few drawbacks; it runs as root, demanding access to both WireGuard
and Rosenpass private keys, takes control of the interface and works with exactly one interface. If you do not feel confident about running Rosenpass as root, you should use the stand-alone mode to create a more secure setup using containers, jails, or virtual machines.
Networking & ports
rp allocates two UDP ports; if port N is specified for rosenpass, it will allocate port N+1 for WireGuard.
Like WireGuard, Rosenpass does not enforce any separation between clients and servers.
If you do not specify the listen option, Rosenpass and WireGuard will choose random ports; this is client mode.
If you do not specify endpoint, Rosenpass will not try to connect to the peer and instead wait for connections from peers. This is server mode.
You may specify both. Leaving out both is not forbidden but also not very useful.
Security analysis
We are working on a cryptographic proof of security, but we already provide a symbolic analysis using proverif as part of the software package. You can run the security analysis using the nix package manager which handles installing the dependencies or you can call the ./analyze.sh script directly. In this case, you need to ensure that proverif, graphviz, awk, and cpp are installed on your system.
(nix) $ nix build .#proof-proverif --print-build-logs
(manual) $ ./analyze.sh
The analysis is implemented according to modern software engineering principles: Using the C preprocessor, we where able to split the analysis into multiple files and uses some meta programming to avoid repetition. The code uses a variety of optimizations to speed up analysis such as using secret functions to model trusted/malicious setup. We split the model into two separate entry points which can be analyzed in parallel. Each is much faster than both models combined. A wrapper script provides instant feedback about which queries execute as expected in color: A red cross if a query fails and a green check if it succeeds.
Getting Rosenpass
Documentation and installation guides can be found at the Rosenpass website.
Rosenpass is packaged for more and more distributions, maybe also for the distribution of your choice?
Docker Images
Rosenpass is also available as prebuilt Docker images:
For details on how to use these images, refer to the Docker usage guide.
Benchmarks
This repository contains facilities for benchmarking both the Rosenpass protocol code and the implementations of the cryptographic primitives used by it. The primitives are benchmarked using criterion. For the protocol code benchmarks we use a library for instrumenting the code such that events are written to a trace, which is then inspected after a run.
Benchmarks are automatically run on CI. The measurements are visualized in the Benchmark Dashboard.
Primitive Benchmarks
There are benchmarks for the functions of the traits Kem, Aead and
KeyedHash. They are run for all implementations in the primitives
benchmark of rosenpass-ciphers. Run the benchmarks and view their results using
cargo bench -p rosenpass-ciphers --bench primitives -F bench
Note that the bench feature enables the inclusion of the libcrux-backed
trait implementations in the module tree, but does not enable them
as default.
Protocol Benchmarks
The trace that is being written to lives in a new module
trace_bench in the util crate. A basic benchmark that
performs some minor statistical analysis of the trace can be run using
cargo bench -p rosenpass --bench trace_handshake -F trace_bench
This runs the benchmarks and prints the results in machine-readable JSON.
Mirrors
Don't want to use GitHub or only have an IPv6 connection? Rosenpass has set up two mirrors for this:
Supported by
Funded through NLNet with financial support for the European Commission's NGI Assure program.