diff options
Diffstat (limited to 'src/rust')
40 files changed, 2162 insertions, 359 deletions
diff --git a/src/rust/.cargo/config.in b/src/rust/.cargo/config.in index 301e7fdbe7..6eddc75459 100644 --- a/src/rust/.cargo/config.in +++ b/src/rust/.cargo/config.in @@ -6,3 +6,7 @@ @RUST_DL@ [source.vendored-sources] @RUST_DL@ directory = '@TOR_RUST_DEPENDENCIES@' + +[build] +@RUST_WARN@ rustflags = [ "-D", "warnings" ] +@RUST_TARGET_PROP@ diff --git a/src/rust/.rustfmt.toml b/src/rust/.rustfmt.toml index f25bd51883..4ff839dcf3 100644 --- a/src/rust/.rustfmt.toml +++ b/src/rust/.rustfmt.toml @@ -1,2 +1,12 @@ -max_width = 80 -comment_width = 80 +max_width = 100 +hard_tabs = false +tab_spaces = 4 +newline_style = "Unix" +#use_small_heuristics = "Default" +reorder_imports = true +reorder_modules = true +remove_nested_parens = true +merge_derives = true +use_try_shorthand = false +use_field_init_shorthand = false +force_explicit_abi = true diff --git a/src/rust/Cargo.lock b/src/rust/Cargo.lock index 4f918c0221..1d2a7359aa 100644 --- a/src/rust/Cargo.lock +++ b/src/rust/Cargo.lock @@ -1,8 +1,39 @@ [[package]] +name = "crypto" +version = "0.0.1" +dependencies = [ + "digest 0.7.2 (registry+https://github.com/rust-lang/crates.io-index)", + "external 0.0.1", + "libc 0.2.39 (registry+https://github.com/rust-lang/crates.io-index)", + "rand 0.5.0-pre.2 (registry+https://github.com/rust-lang/crates.io-index)", + "rand_core 0.2.0-pre.0 (registry+https://github.com/rust-lang/crates.io-index)", + "smartlist 0.0.1", + "tor_allocate 0.0.1", + "tor_log 0.1.0", +] + +[[package]] +name = "digest" +version = "0.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "generic-array 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "external" version = "0.0.1" dependencies = [ "libc 0.2.39 (registry+https://github.com/rust-lang/crates.io-index)", + "smartlist 0.0.1", +] + +[[package]] +name = "generic-array" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "typenum 1.9.0 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -18,10 +49,24 @@ dependencies = [ "libc 0.2.39 (registry+https://github.com/rust-lang/crates.io-index)", "smartlist 0.0.1", "tor_allocate 0.0.1", + "tor_log 0.1.0", "tor_util 0.0.1", ] [[package]] +name = "rand" +version = "0.5.0-pre.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "rand_core 0.2.0-pre.0 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] +name = "rand_core" +version = "0.2.0-pre.0" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] name = "smartlist" version = "0.0.1" dependencies = [ @@ -36,6 +81,14 @@ dependencies = [ ] [[package]] +name = "tor_log" +version = "0.1.0" +dependencies = [ + "libc 0.2.39 (registry+https://github.com/rust-lang/crates.io-index)", + "tor_allocate 0.0.1", +] + +[[package]] name = "tor_rust" version = "0.1.0" dependencies = [ @@ -49,7 +102,18 @@ version = "0.0.1" dependencies = [ "libc 0.2.39 (registry+https://github.com/rust-lang/crates.io-index)", "tor_allocate 0.0.1", + "tor_log 0.1.0", ] +[[package]] +name = "typenum" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" + [metadata] +"checksum digest 0.7.2 (registry+https://github.com/rust-lang/crates.io-index)" = "00a49051fef47a72c9623101b19bd71924a45cca838826caae3eaa4d00772603" +"checksum generic-array 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ef25c5683767570c2bbd7deba372926a55eaae9982d7726ee2a1050239d45b9d" "checksum libc 0.2.39 (registry+https://github.com/rust-lang/crates.io-index)" = "f54263ad99207254cf58b5f701ecb432c717445ea2ee8af387334bdd1a03fdff" +"checksum rand 0.5.0-pre.2 (registry+https://github.com/rust-lang/crates.io-index)" = "3795e4701d9628a63a84d0289e66279883b40df165fca7caed7b87122447032a" +"checksum rand_core 0.2.0-pre.0 (registry+https://github.com/rust-lang/crates.io-index)" = "c7255ffbdb188d5be1a69b6f9f3cf187de4207430b9e79ed5b76458a6b20de9a" +"checksum typenum 1.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "13a99dc6780ef33c78780b826cf9d2a78840b72cae9474de4bcaf9051e60ebbd" diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml index 953c9b96b7..e399dbb33a 100644 --- a/src/rust/Cargo.toml +++ b/src/rust/Cargo.toml @@ -1,7 +1,31 @@ [workspace] -members = ["tor_util", "protover", "smartlist", "external", "tor_allocate", "tor_rust"] +members = [ + "crypto", + "external", + "protover", + "smartlist", + "tor_allocate", + "tor_log", + "tor_rust", + "tor_util", +] [profile.release] debug = true panic = "abort" +[features] +default = [] +# If this feature is enabled, test code which calls Tor C code from Rust will +# execute with `cargo test`. Due to numerous linker issues (#25386), this is +# currently disabled by default. Crates listed here are those which, in their +# unittests, doctests, and/or integration tests, call C code. +test-c-from-rust = [ + "crypto/test-c-from-rust", +] + +# We have to define a feature here because doctests don't get cfg(test), +# and we need to disable some C dependencies when running the doctests +# because of the various linker issues. See +# https://github.com/rust-lang/rust/issues/45599 +test_linking_hack = [] diff --git a/src/rust/build.rs b/src/rust/build.rs new file mode 100644 index 0000000000..123d5c0682 --- /dev/null +++ b/src/rust/build.rs @@ -0,0 +1,190 @@ +//! Build script for Rust modules in Tor. +//! +//! We need to use this because some of our Rust tests need to use some +//! of our C modules, which need to link some external libraries. +//! +//! This script works by looking at a "config.rust" file generated by our +//! configure script, and then building a set of options for cargo to pass to +//! the compiler. + +use std::collections::HashMap; +use std::env; +use std::fs::File; +use std::io; +use std::io::prelude::*; +use std::path::PathBuf; + +/// Wrapper around a key-value map. +struct Config(HashMap<String, String>); + +/// Locate a config.rust file generated by autoconf, starting in the OUT_DIR +/// location provided by cargo and recursing up the directory tree. Note that +/// we need to look in the OUT_DIR, since autoconf will place generated files +/// in the build directory. +fn find_cfg() -> io::Result<String> { + let mut path = PathBuf::from(env::var("OUT_DIR").unwrap()); + loop { + path.push("config.rust"); + if path.exists() { + return Ok(path.to_str().unwrap().to_owned()); + } + path.pop(); // remove config.rust + if !path.pop() { + // can't remove last part of directory + return Err(io::Error::new(io::ErrorKind::NotFound, "No config.rust")); + } + } +} + +impl Config { + /// Find the config.rust file and try to parse it. + /// + /// The file format is a series of lines of the form KEY=VAL, with + /// any blank lines and lines starting with # ignored. + fn load() -> io::Result<Config> { + let path = find_cfg()?; + let f = File::open(&path)?; + let reader = io::BufReader::new(f); + let mut map = HashMap::new(); + for line in reader.lines() { + let s = line?; + if s.trim().starts_with("#") || s.trim() == "" { + continue; + } + let idx = match s.find("=") { + None => { + return Err(io::Error::new(io::ErrorKind::InvalidData, "missing =")); + } + Some(x) => x, + }; + let (var, eq_val) = s.split_at(idx); + let val = &eq_val[1..]; + map.insert(var.to_owned(), val.to_owned()); + } + Ok(Config(map)) + } + + /// Return a reference to the value whose key is 'key'. + /// + /// Panics if 'key' is not found in the configuration. + fn get(&self, key: &str) -> &str { + self.0.get(key).unwrap() + } + + /// Add a dependency on a static C library that is part of Tor, by name. + fn component(&self, s: &str) { + println!("cargo:rustc-link-lib=static={}", s); + } + + /// Add a dependency on a native library that is not part of Tor, by name. + fn dependency(&self, s: &str) { + println!("cargo:rustc-link-lib={}", s); + } + + /// Add a link path, relative to Tor's build directory. + fn link_relpath(&self, s: &str) { + let builddir = self.get("BUILDDIR"); + println!("cargo:rustc-link-search=native={}/{}", builddir, s); + } + + /// Add an absolute link path. + fn link_path(&self, s: &str) { + println!("cargo:rustc-link-search=native={}", s); + } + + /// Parse the CFLAGS in s, looking for -l and -L items, and adding + /// rust configuration as appropriate. + fn from_cflags(&self, s: &str) { + let mut next_is_lib = false; + let mut next_is_path = false; + for ent in self.get(s).split_whitespace() { + if next_is_lib { + self.dependency(ent); + next_is_lib = false; + } else if next_is_path { + self.link_path(ent); + next_is_path = false; + } else if ent == "-l" { + next_is_lib = true; + } else if ent == "-L" { + next_is_path = true; + } else if ent.starts_with("-L") { + self.link_path(&ent[2..]); + } else if ent.starts_with("-l") { + self.dependency(&ent[2..]); + } + } + } +} + +pub fn main() { + let cfg = Config::load().unwrap(); + let package = env::var("CARGO_PKG_NAME").unwrap(); + + match package.as_ref() { + "crypto" => { + // Right now, I'm having a separate configuration for each Rust + // package, since I'm hoping we can trim them down. Once we have a + // second Rust package that needs to use this build script, let's + // extract some of this stuff into a module. + // + // This is a ridiculous amount of code to be pulling in just + // to test our crypto library: modularity would be our + // friend here. + cfg.from_cflags("TOR_LDFLAGS_zlib"); + cfg.from_cflags("TOR_LDFLAGS_openssl"); + cfg.from_cflags("TOR_LDFLAGS_libevent"); + + cfg.link_relpath("src/lib"); + cfg.link_relpath("src/ext/keccak-tiny"); + cfg.link_relpath("src/ext/ed25519/ref10"); + cfg.link_relpath("src/ext/ed25519/donna"); + cfg.link_relpath("src/trunnel"); + + // Note that we can't pull in "libtor-testing", or else we + // will have dependencies on all the other rust packages that + // tor uses. We must be careful with factoring and dependencies + // moving forward! + cfg.component("tor-crypt-ops-testing"); + cfg.component("tor-sandbox-testing"); + cfg.component("tor-encoding-testing"); + cfg.component("tor-fs-testing"); + cfg.component("tor-time-testing"); + cfg.component("tor-net-testing"); + cfg.component("tor-thread-testing"); + cfg.component("tor-memarea-testing"); + cfg.component("tor-log-testing"); + cfg.component("tor-lock-testing"); + cfg.component("tor-fdio-testing"); + cfg.component("tor-container-testing"); + cfg.component("tor-smartlist-core-testing"); + cfg.component("tor-string-testing"); + cfg.component("tor-malloc"); + cfg.component("tor-wallclock"); + cfg.component("tor-err-testing"); + cfg.component("tor-intmath-testing"); + cfg.component("tor-ctime-testing"); + cfg.component("curve25519_donna"); + cfg.component("keccak-tiny"); + cfg.component("ed25519_ref10"); + cfg.component("ed25519_donna"); + cfg.component("or-trunnel-testing"); + + cfg.from_cflags("TOR_ZLIB_LIBS"); + cfg.from_cflags("TOR_LIB_MATH"); + cfg.from_cflags("NSS_LIBS"); + cfg.from_cflags("TOR_OPENSSL_LIBS"); + cfg.from_cflags("TOR_LIBEVENT_LIBS"); + cfg.from_cflags("TOR_LIB_WS32"); + cfg.from_cflags("TOR_LIB_GDI"); + cfg.from_cflags("TOR_LIB_USERENV"); + cfg.from_cflags("CURVE25519_LIBS"); + cfg.from_cflags("TOR_LZMA_LIBS"); + cfg.from_cflags("TOR_ZSTD_LIBS"); + cfg.from_cflags("LIBS"); + } + _ => { + panic!("No configuration in build.rs for package {}", package); + } + } +} diff --git a/src/rust/crypto/Cargo.toml b/src/rust/crypto/Cargo.toml new file mode 100644 index 0000000000..6ebfe0dc11 --- /dev/null +++ b/src/rust/crypto/Cargo.toml @@ -0,0 +1,38 @@ +[package] +authors = ["The Tor Project", + "Isis Lovecruft <isis@torproject.org>"] +name = "crypto" +version = "0.0.1" +publish = false +build = "../build.rs" + +[lib] +name = "crypto" +path = "lib.rs" +crate_type = ["rlib", "staticlib"] + +[dependencies] +libc = "=0.2.39" +digest = "=0.7.2" +rand_core = { version = "=0.2.0-pre.0", default-features = false } + +external = { path = "../external" } +smartlist = { path = "../smartlist" } +tor_allocate = { path = "../tor_allocate" } +tor_log = { path = "../tor_log" } + +[dev-dependencies] +rand = { version = "=0.5.0-pre.2", default-features = false } +rand_core = { version = "=0.2.0-pre.0", default-features = false } + +[features] +# If this feature is enabled, test code which calls Tor C code from Rust will +# execute with `cargo test`. Due to numerous linker issues (#25386), this is +# currently disabled by default. +test-c-from-rust = [] + +# We have to define a feature here because doctests don't get cfg(test), +# and we need to disable some C dependencies when running the doctests +# because of the various linker issues. See +# https://github.com/rust-lang/rust/issues/45599 +test_linking_hack = [] diff --git a/src/rust/crypto/digests/mod.rs b/src/rust/crypto/digests/mod.rs new file mode 100644 index 0000000000..a2463b89eb --- /dev/null +++ b/src/rust/crypto/digests/mod.rs @@ -0,0 +1,7 @@ +// Copyright (c) 2018, The Tor Project, Inc. +// Copyright (c) 2018, isis agora lovecruft +// See LICENSE for licensing information + +//! Hash Digests and eXtendible Output Functions (XOFs) + +pub mod sha2; diff --git a/src/rust/crypto/digests/sha2.rs b/src/rust/crypto/digests/sha2.rs new file mode 100644 index 0000000000..55d0027665 --- /dev/null +++ b/src/rust/crypto/digests/sha2.rs @@ -0,0 +1,234 @@ +// Copyright (c) 2018, The Tor Project, Inc. +// Copyright (c) 2018, isis agora lovecruft +// See LICENSE for licensing information + +//! Hash Digests and eXtendible Output Functions (XOFs) + +pub use digest::Digest; + +use digest::generic_array::typenum::U32; +use digest::generic_array::typenum::U64; +use digest::generic_array::GenericArray; +use digest::BlockInput; +use digest::FixedOutput; +use digest::Input; + +use external::crypto_digest::get_256_bit_digest; +use external::crypto_digest::get_512_bit_digest; +use external::crypto_digest::CryptoDigest; +use external::crypto_digest::DigestAlgorithm; + +pub use external::crypto_digest::DIGEST256_LEN; +pub use external::crypto_digest::DIGEST512_LEN; + +/// The block size for both SHA-256 and SHA-512 digests is 512 bits/64 bytes. +/// +/// Unfortunately, we have to use the generic_array crate currently to express +/// this at compile time. Later, in the future, when Rust implements const +/// generics, we'll be able to remove this dependency (actually, it will get +/// removed from the digest crate, which is currently `pub use`ing it). +type BlockSize = U64; + +/// A SHA2-256 digest. +/// +/// # C_RUST_COUPLED +/// +/// * `crypto_digest_dup` +#[derive(Clone)] +pub struct Sha256 { + engine: CryptoDigest, +} + +/// Construct a new, default instance of a `Sha256` hash digest function. +/// +/// # Examples +/// +/// ```rust,no_run +/// use crypto::digests::sha2::{Sha256, Digest}; +/// +/// let mut hasher: Sha256 = Sha256::default(); +/// ``` +/// +/// # Returns +/// +/// A new `Sha256` digest. +impl Default for Sha256 { + fn default() -> Sha256 { + Sha256 { + engine: CryptoDigest::new(Some(DigestAlgorithm::SHA2_256)), + } + } +} + +impl BlockInput for Sha256 { + type BlockSize = BlockSize; +} + +/// Input `msg` into the digest. +/// +/// # Examples +/// +/// ```rust,no_run +/// use crypto::digests::sha2::{Sha256, Digest}; +/// +/// let mut hasher: Sha256 = Sha256::default(); +/// +/// hasher.input(b"foo"); +/// hasher.input(b"bar"); +/// ``` +impl Input for Sha256 { + fn process(&mut self, msg: &[u8]) { + self.engine.add_bytes(&msg); + } +} + +/// Retrieve the output hash from everything which has been fed into this +/// `Sha256` digest thus far. +/// +// +// FIXME: Once const generics land in Rust, we should genericise calling +// crypto_digest_get_digest in external::crypto_digest. +impl FixedOutput for Sha256 { + type OutputSize = U32; + + fn fixed_result(self) -> GenericArray<u8, Self::OutputSize> { + let buffer: [u8; DIGEST256_LEN] = get_256_bit_digest(self.engine); + + GenericArray::from(buffer) + } +} + +/// A SHA2-512 digest. +/// +/// # C_RUST_COUPLED +/// +/// * `crypto_digest_dup` +#[derive(Clone)] +pub struct Sha512 { + engine: CryptoDigest, +} + +/// Construct a new, default instance of a `Sha512` hash digest function. +/// +/// # Examples +/// +/// ```rust,no_run +/// use crypto::digests::sha2::{Sha512, Digest}; +/// +/// let mut hasher: Sha512 = Sha512::default(); +/// ``` +/// +/// # Returns +/// +/// A new `Sha512` digest. +impl Default for Sha512 { + fn default() -> Sha512 { + Sha512 { + engine: CryptoDigest::new(Some(DigestAlgorithm::SHA2_512)), + } + } +} + +impl BlockInput for Sha512 { + type BlockSize = BlockSize; +} + +/// Input `msg` into the digest. +/// +/// # Examples +/// +/// ```rust,no_run +/// use crypto::digests::sha2::{Sha512, Digest}; +/// +/// let mut hasher: Sha512 = Sha512::default(); +/// +/// hasher.input(b"foo"); +/// hasher.input(b"bar"); +/// ``` +impl Input for Sha512 { + fn process(&mut self, msg: &[u8]) { + self.engine.add_bytes(&msg); + } +} + +/// Retrieve the output hash from everything which has been fed into this +/// `Sha512` digest thus far. +/// +// +// FIXME: Once const generics land in Rust, we should genericise calling +// crypto_digest_get_digest in external::crypto_digest. +impl FixedOutput for Sha512 { + type OutputSize = U64; + + fn fixed_result(self) -> GenericArray<u8, Self::OutputSize> { + let buffer: [u8; DIGEST512_LEN] = get_512_bit_digest(self.engine); + + GenericArray::clone_from_slice(&buffer) + } +} + +#[cfg(test)] +mod test { + #[cfg(feature = "test-c-from-rust")] + use digest::Digest; + + #[cfg(feature = "test-c-from-rust")] + use super::*; + + #[cfg(feature = "test-c-from-rust")] + #[test] + fn sha256_default() { + let _: Sha256 = Sha256::default(); + } + + #[cfg(feature = "test-c-from-rust")] + #[test] + fn sha256_digest() { + let mut h: Sha256 = Sha256::new(); + let mut result: [u8; DIGEST256_LEN] = [0u8; DIGEST256_LEN]; + let expected = [ + 151, 223, 53, 136, 181, 163, 242, 75, 171, 195, 133, 27, 55, 47, 11, 167, 26, 157, 205, + 222, 212, 59, 20, 185, 208, 105, 97, 191, 193, 112, 125, 157, + ]; + + h.input(b"foo"); + h.input(b"bar"); + h.input(b"baz"); + + result.copy_from_slice(h.fixed_result().as_slice()); + + println!("{:?}", &result[..]); + + assert_eq!(result, expected); + } + + #[cfg(feature = "test-c-from-rust")] + #[test] + fn sha512_default() { + let _: Sha512 = Sha512::default(); + } + + #[cfg(feature = "test-c-from-rust")] + #[test] + fn sha512_digest() { + let mut h: Sha512 = Sha512::new(); + let mut result: [u8; DIGEST512_LEN] = [0u8; DIGEST512_LEN]; + + let expected = [ + 203, 55, 124, 16, 176, 245, 166, 44, 128, 54, 37, 167, 153, 217, 233, 8, 190, 69, 231, + 103, 245, 209, 71, 212, 116, 73, 7, 203, 5, 89, 122, 164, 237, 211, 41, 160, 175, 20, + 122, 221, 12, 244, 24, 30, 211, 40, 250, 30, 121, 148, 38, 88, 38, 179, 237, 61, 126, + 246, 240, 103, 202, 153, 24, 90, + ]; + + h.input(b"foo"); + h.input(b"bar"); + h.input(b"baz"); + + result.copy_from_slice(h.fixed_result().as_slice()); + + println!("{:?}", &result[..]); + + assert_eq!(&result[..], &expected[..]); + } +} diff --git a/src/rust/crypto/lib.rs b/src/rust/crypto/lib.rs new file mode 100644 index 0000000000..4eceb4cbd1 --- /dev/null +++ b/src/rust/crypto/lib.rs @@ -0,0 +1,46 @@ +// Copyright (c) 2018, The Tor Project, Inc. +// Copyright (c) 2018, isis agora lovecruft +// See LICENSE for licensing information + +//! Common cryptographic functions and utilities. +//! +//! # Hash Digests and eXtendable Output Functions (XOFs) +//! +//! The `digests` module contains submodules for specific hash digests +//! and extendable output functions. +//! +//! ```rust,no_run +//! use crypto::digests::sha2::*; +//! +//! let mut hasher: Sha256 = Sha256::default(); +//! let mut result: [u8; 32] = [0u8; 32]; +//! +//! hasher.input(b"foo"); +//! hasher.input(b"bar"); +//! hasher.input(b"baz"); +//! +//! result.copy_from_slice(hasher.result().as_slice()); +//! +//! assert!(result == [b'X'; DIGEST256_LEN]); +//! ``` + +// XXX: add missing docs +//#![deny(missing_docs)] + +// External crates from cargo or TOR_RUST_DEPENDENCIES. +extern crate digest; +extern crate libc; +extern crate rand_core; + +// External dependencies for tests. +#[cfg(test)] +extern crate rand as rand_crate; + +// Our local crates. +extern crate external; +#[cfg(not(test))] +#[macro_use] +extern crate tor_log; + +pub mod digests; // Unfortunately named "digests" plural to avoid name conflict with the digest crate +pub mod rand; diff --git a/src/rust/crypto/rand/mod.rs b/src/rust/crypto/rand/mod.rs new file mode 100644 index 0000000000..82d02a70bb --- /dev/null +++ b/src/rust/crypto/rand/mod.rs @@ -0,0 +1,6 @@ +// Copyright (c) 2018, The Tor Project, Inc. +// Copyright (c) 2018, isis agora lovecruft +// See LICENSE for licensing information + +// Internal dependencies +pub mod rng; diff --git a/src/rust/crypto/rand/rng.rs b/src/rust/crypto/rand/rng.rs new file mode 100644 index 0000000000..64ceb22424 --- /dev/null +++ b/src/rust/crypto/rand/rng.rs @@ -0,0 +1,145 @@ +// Copyright (c) 2018, The Tor Project, Inc. +// Copyright (c) 2018, isis agora lovecruft +// See LICENSE for licensing information + +//! Wrappers for Tor's random number generators to provide implementations of +//! `rand_core` traits. + +// This is the real implementation, in use in production, which calls into our C +// wrappers in /src/common/crypto_rand.c, which call into OpenSSL, system +// libraries, and make syscalls. +#[cfg(not(test))] +mod internal { + use std::u64; + + use rand_core::impls::next_u32_via_fill; + use rand_core::impls::next_u64_via_fill; + use rand_core::CryptoRng; + use rand_core::Error; + use rand_core::RngCore; + + use external::c_tor_crypto_rand; + use external::c_tor_crypto_seed_rng; + use external::c_tor_crypto_strongest_rand; + + use tor_log::LogDomain; + use tor_log::LogSeverity; + + /// Largest strong entropy request permitted. + // + // C_RUST_COUPLED: `MAX_STRONGEST_RAND_SIZE` /src/common/crypto_rand.c + const MAX_STRONGEST_RAND_SIZE: usize = 256; + + /// A wrapper around OpenSSL's RNG. + pub struct TorRng { + // This private, zero-length field forces the struct to be treated the + // same as its opaque C couterpart. + _unused: [u8; 0], + } + + /// Mark `TorRng` as being suitable for cryptographic purposes. + impl CryptoRng for TorRng {} + + impl TorRng { + // C_RUST_COUPLED: `crypto_seed_rng()` /src/common/crypto_rand.c + #[allow(dead_code)] + pub fn new() -> Self { + if !c_tor_crypto_seed_rng() { + tor_log_msg!( + LogSeverity::Warn, + LogDomain::General, + "TorRng::from_seed()", + "The RNG could not be seeded!" + ); + } + // XXX also log success at info level —isis + TorRng { _unused: [0u8; 0] } + } + } + + impl RngCore for TorRng { + // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c + fn next_u32(&mut self) -> u32 { + next_u32_via_fill(self) + } + + // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c + fn next_u64(&mut self) -> u64 { + next_u64_via_fill(self) + } + + // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c + fn fill_bytes(&mut self, dest: &mut [u8]) { + c_tor_crypto_rand(dest); + } + + // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c + fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> { + Ok(self.fill_bytes(dest)) + } + } + + /// A CSPRNG which hashes together randomness from OpenSSL's RNG and entropy + /// obtained from the operating system. + pub struct TorStrongestRng { + // This private, zero-length field forces the struct to be treated the + // same as its opaque C couterpart. + _unused: [u8; 0], + } + + /// Mark `TorRng` as being suitable for cryptographic purposes. + impl CryptoRng for TorStrongestRng {} + + impl TorStrongestRng { + // C_RUST_COUPLED: `crypto_seed_rng()` /src/common/crypto_rand.c + #[allow(dead_code)] + pub fn new() -> Self { + if !c_tor_crypto_seed_rng() { + tor_log_msg!( + LogSeverity::Warn, + LogDomain::General, + "TorStrongestRng::from_seed()", + "The RNG could not be seeded!" + ); + } + // XXX also log success at info level —isis + TorStrongestRng { _unused: [0u8; 0] } + } + } + + impl RngCore for TorStrongestRng { + // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c + fn next_u32(&mut self) -> u32 { + next_u32_via_fill(self) + } + + // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c + fn next_u64(&mut self) -> u64 { + next_u64_via_fill(self) + } + + // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c + fn fill_bytes(&mut self, dest: &mut [u8]) { + debug_assert!(dest.len() <= MAX_STRONGEST_RAND_SIZE); + + c_tor_crypto_strongest_rand(dest); + } + + // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c + fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> { + Ok(self.fill_bytes(dest)) + } + } +} + +// For testing, we expose a pure-Rust implementation. +#[cfg(test)] +mod internal { + // It doesn't matter if we pretend ChaCha is a CSPRNG in tests. + pub use rand_crate::ChaChaRng as TorRng; + pub use rand_crate::ChaChaRng as TorStrongestRng; +} + +// Finally, expose the public functionality of whichever appropriate internal +// module. +pub use self::internal::*; diff --git a/src/rust/external/Cargo.toml b/src/rust/external/Cargo.toml index b5957b1079..4735144ee6 100644 --- a/src/rust/external/Cargo.toml +++ b/src/rust/external/Cargo.toml @@ -6,8 +6,17 @@ name = "external" [dependencies] libc = "=0.2.39" +[dependencies.smartlist] +path = "../smartlist" + [lib] name = "external" path = "lib.rs" crate_type = ["rlib", "staticlib"] +[features] +# We have to define a feature here because doctests don't get cfg(test), +# and we need to disable some C dependencies when running the doctests +# because of the various linker issues. See +# https://github.com/rust-lang/rust/issues/45599 +test_linking_hack = [] diff --git a/src/rust/external/crypto_digest.rs b/src/rust/external/crypto_digest.rs new file mode 100644 index 0000000000..ebcf2e88a9 --- /dev/null +++ b/src/rust/external/crypto_digest.rs @@ -0,0 +1,454 @@ +// Copyright (c) 2018, The Tor Project, Inc. +// Copyright (c) 2018, isis agora lovecruft +// See LICENSE for licensing information + +//! Bindings to external digest and XOF functions which live within +//! src/common/crypto_digest.[ch]. +//! +//! We wrap our C implementations in src/common/crypto_digest.[ch] with more +//! Rusty types and interfaces in src/rust/crypto/digest/. + +use std::process::abort; + +use libc::c_char; +use libc::c_int; +use libc::size_t; +use libc::uint8_t; + +use smartlist::Stringlist; + +/// Length of the output of our message digest. +pub const DIGEST_LEN: usize = 20; + +/// Length of the output of our second (improved) message digests. (For now +/// this is just sha256, but it could be any other 256-bit digest.) +pub const DIGEST256_LEN: usize = 32; + +/// Length of the output of our 64-bit optimized message digests (SHA512). +pub const DIGEST512_LEN: usize = 64; + +/// Length of a sha1 message digest when encoded in base32 with trailing = signs +/// removed. +pub const BASE32_DIGEST_LEN: usize = 32; + +/// Length of a sha1 message digest when encoded in base64 with trailing = signs +/// removed. +pub const BASE64_DIGEST_LEN: usize = 27; + +/// Length of a sha256 message digest when encoded in base64 with trailing = +/// signs removed. +pub const BASE64_DIGEST256_LEN: usize = 43; + +/// Length of a sha512 message digest when encoded in base64 with trailing = +/// signs removed. +pub const BASE64_DIGEST512_LEN: usize = 86; + +/// Length of hex encoding of SHA1 digest, not including final NUL. +pub const HEX_DIGEST_LEN: usize = 40; + +/// Length of hex encoding of SHA256 digest, not including final NUL. +pub const HEX_DIGEST256_LEN: usize = 64; + +/// Length of hex encoding of SHA512 digest, not including final NUL. +pub const HEX_DIGEST512_LEN: usize = 128; + +/// Our C code uses an enum to declare the digest algorithm types which we know +/// about. However, because enums are implementation-defined in C, we can +/// neither work with them directly nor translate them into Rust enums. +/// Instead, we represent them as a u8 (under the assumption that we'll never +/// support more than 256 hash functions). +#[allow(non_camel_case_types)] +type digest_algorithm_t = u8; + +const DIGEST_SHA1: digest_algorithm_t = 0; +const DIGEST_SHA256: digest_algorithm_t = 1; +const DIGEST_SHA512: digest_algorithm_t = 2; +const DIGEST_SHA3_256: digest_algorithm_t = 3; +const DIGEST_SHA3_512: digest_algorithm_t = 4; + +/// The number of hash digests we produce for a `common_digests_t`. +/// +/// We can't access these from Rust, because their definitions in C require +/// introspecting the `digest_algorithm_t` typedef, which is an enum, so we have +/// to redefine them here. +const N_COMMON_DIGEST_ALGORITHMS: usize = DIGEST_SHA256 as usize + 1; + +/// A digest function. +#[repr(C)] +#[derive(Debug, Copy, Clone)] +#[allow(non_camel_case_types)] +struct crypto_digest_t { + // This private, zero-length field forces the struct to be treated the same + // as its opaque C couterpart. + _unused: [u8; 0], +} + +/// An eXtendible Output Function (XOF). +#[repr(C)] +#[derive(Debug, Copy, Clone)] +#[allow(non_camel_case_types)] +struct crypto_xof_t { + // This private, zero-length field forces the struct to be treated the same + // as its opaque C couterpart. + _unused: [u8; 0], +} + +/// A set of all the digests we commonly compute, taken on a single +/// string. Any digests that are shorter than 512 bits are right-padded +/// with 0 bits. +/// +/// Note that this representation wastes 44 bytes for the SHA1 case, so +/// don't use it for anything where we need to allocate a whole bunch at +/// once. +#[repr(C)] +#[derive(Debug, Copy, Clone)] +#[allow(non_camel_case_types)] +struct common_digests_t { + pub d: [[c_char; N_COMMON_DIGEST_ALGORITHMS]; DIGEST256_LEN], +} + +/// A `smartlist_t` is just an alias for the `#[repr(C)]` type `Stringlist`, to +/// make it more clear that we're working with a smartlist which is owned by C. +#[allow(non_camel_case_types)] +// BINDGEN_GENERATED: This type isn't actually bindgen generated, but the code +// below it which uses it is. As such, this comes up as "dead code" as well. +#[allow(dead_code)] +type smartlist_t = Stringlist; + +/// All of the external functions from `src/common/crypto_digest.h`. +/// +/// These are kept private because they should be wrapped with Rust to make their usage safer. +// +// BINDGEN_GENERATED: These definitions were generated with bindgen and cleaned +// up manually. As such, there are more bindings than are likely necessary or +// which are in use. +#[allow(dead_code)] +extern "C" { + fn crypto_digest(digest: *mut c_char, m: *const c_char, len: size_t) -> c_int; + fn crypto_digest256( + digest: *mut c_char, + m: *const c_char, + len: size_t, + algorithm: digest_algorithm_t, + ) -> c_int; + fn crypto_digest512( + digest: *mut c_char, + m: *const c_char, + len: size_t, + algorithm: digest_algorithm_t, + ) -> c_int; + fn crypto_common_digests(ds_out: *mut common_digests_t, m: *const c_char, len: size_t) + -> c_int; + fn crypto_digest_smartlist_prefix( + digest_out: *mut c_char, + len_out: size_t, + prepend: *const c_char, + lst: *const smartlist_t, + append: *const c_char, + alg: digest_algorithm_t, + ); + fn crypto_digest_smartlist( + digest_out: *mut c_char, + len_out: size_t, + lst: *const smartlist_t, + append: *const c_char, + alg: digest_algorithm_t, + ); + fn crypto_digest_algorithm_get_name(alg: digest_algorithm_t) -> *const c_char; + fn crypto_digest_algorithm_get_length(alg: digest_algorithm_t) -> size_t; + fn crypto_digest_algorithm_parse_name(name: *const c_char) -> c_int; + fn crypto_digest_new() -> *mut crypto_digest_t; + fn crypto_digest256_new(algorithm: digest_algorithm_t) -> *mut crypto_digest_t; + fn crypto_digest512_new(algorithm: digest_algorithm_t) -> *mut crypto_digest_t; + fn crypto_digest_free_(digest: *mut crypto_digest_t); + fn crypto_digest_add_bytes(digest: *mut crypto_digest_t, data: *const c_char, len: size_t); + fn crypto_digest_get_digest(digest: *mut crypto_digest_t, out: *mut c_char, out_len: size_t); + fn crypto_digest_dup(digest: *const crypto_digest_t) -> *mut crypto_digest_t; + fn crypto_digest_assign(into: *mut crypto_digest_t, from: *const crypto_digest_t); + fn crypto_hmac_sha256( + hmac_out: *mut c_char, + key: *const c_char, + key_len: size_t, + msg: *const c_char, + msg_len: size_t, + ); + fn crypto_mac_sha3_256( + mac_out: *mut uint8_t, + len_out: size_t, + key: *const uint8_t, + key_len: size_t, + msg: *const uint8_t, + msg_len: size_t, + ); + fn crypto_xof_new() -> *mut crypto_xof_t; + fn crypto_xof_add_bytes(xof: *mut crypto_xof_t, data: *const uint8_t, len: size_t); + fn crypto_xof_squeeze_bytes(xof: *mut crypto_xof_t, out: *mut uint8_t, len: size_t); + fn crypto_xof_free(xof: *mut crypto_xof_t); +} + +/// A wrapper around a `digest_algorithm_t`. +pub enum DigestAlgorithm { + SHA2_256, + SHA2_512, + SHA3_256, + SHA3_512, +} + +impl From<DigestAlgorithm> for digest_algorithm_t { + fn from(digest: DigestAlgorithm) -> digest_algorithm_t { + match digest { + DigestAlgorithm::SHA2_256 => DIGEST_SHA256, + DigestAlgorithm::SHA2_512 => DIGEST_SHA512, + DigestAlgorithm::SHA3_256 => DIGEST_SHA3_256, + DigestAlgorithm::SHA3_512 => DIGEST_SHA3_512, + } + } +} + +/// A wrapper around a mutable pointer to a `crypto_digest_t`. +pub struct CryptoDigest(*mut crypto_digest_t); + +/// Explicitly copy the state of a `CryptoDigest` hash digest context. +/// +/// # C_RUST_COUPLED +/// +/// * `crypto_digest_dup` +impl Clone for CryptoDigest { + fn clone(&self) -> CryptoDigest { + let digest: *mut crypto_digest_t; + + unsafe { + digest = crypto_digest_dup(self.0 as *const crypto_digest_t); + } + + // See the note in the implementation of CryptoDigest for the + // reasoning for `abort()` here. + if digest.is_null() { + abort(); + } + + CryptoDigest(digest) + } +} + +impl CryptoDigest { + /// A wrapper to call one of the C functions `crypto_digest_new`, + /// `crypto_digest256_new`, or `crypto_digest512_new`. + /// + /// # Warnings + /// + /// This function will `abort()` the entire process in an "abnormal" fashion, + /// i.e. not unwinding this or any other thread's stack, running any + /// destructors, or calling any panic/exit hooks) if `tor_malloc()` (called in + /// `crypto_digest256_new()`) is unable to allocate memory. + /// + /// # Returns + /// + /// A new `CryptoDigest`, which is a wrapper around a opaque representation + /// of a `crypto_digest_t`. The underlying `crypto_digest_t` _MUST_ only + /// ever be handled via a raw pointer, and never introspected. + /// + /// # C_RUST_COUPLED + /// + /// * `crypto_digest_new` + /// * `crypto_digest256_new` + /// * `crypto_digest512_new` + /// * `tor_malloc` (called by `crypto_digest256_new`, but we make + /// assumptions about its behvaiour and return values here) + pub fn new(algorithm: Option<DigestAlgorithm>) -> CryptoDigest { + let digest: *mut crypto_digest_t; + + if algorithm.is_none() { + unsafe { + digest = crypto_digest_new(); + } + } else { + let algo: digest_algorithm_t = algorithm.unwrap().into(); // can't fail because it's Some + + unsafe { + // XXX This is a pretty awkward API to use from Rust... + digest = match algo { + DIGEST_SHA1 => crypto_digest_new(), + DIGEST_SHA256 => crypto_digest256_new(DIGEST_SHA256), + DIGEST_SHA3_256 => crypto_digest256_new(DIGEST_SHA3_256), + DIGEST_SHA512 => crypto_digest512_new(DIGEST_SHA512), + DIGEST_SHA3_512 => crypto_digest512_new(DIGEST_SHA3_512), + _ => abort(), + } + } + } + + // In our C code, `crypto_digest*_new()` allocates memory with + // `tor_malloc()`. In `tor_malloc()`, if the underlying malloc + // implementation fails to allocate the requested memory and returns a + // NULL pointer, we call `exit(1)`. In the case that this `exit(1)` is + // called within a worker, be that a process or a thread, the inline + // comments within `tor_malloc()` mention "that's ok, since the parent + // will run out of memory soon anyway". However, if it takes long + // enough for the worker to die, and it manages to return a NULL pointer + // to our Rust code, our Rust is now in an irreparably broken state and + // may exhibit undefined behaviour. An even worse scenario, if/when we + // have parent/child processes/threads controlled by Rust, would be that + // the UB contagion in Rust manages to spread to other children before + // the entire process (hopefully terminates). + // + // However, following the assumptions made in `tor_malloc()` that + // calling `exit(1)` in a child is okay because the parent will + // eventually run into the same errors, and also to stymie any UB + // contagion in the meantime, we call abort!() here to terminate the + // entire program immediately. + if digest.is_null() { + abort(); + } + + CryptoDigest(digest) + } + + /// A wrapper to call the C function `crypto_digest_add_bytes`. + /// + /// # Inputs + /// + /// * `bytes`: a byte slice of bytes to be added into this digest. + /// + /// # C_RUST_COUPLED + /// + /// * `crypto_digest_add_bytes` + pub fn add_bytes(&self, bytes: &[u8]) { + unsafe { + crypto_digest_add_bytes( + self.0 as *mut crypto_digest_t, + bytes.as_ptr() as *const c_char, + bytes.len() as size_t, + ) + } + } +} + +impl Drop for CryptoDigest { + fn drop(&mut self) { + unsafe { + crypto_digest_free_(self.0 as *mut crypto_digest_t); + } + } +} + +/// Get the 256-bit digest output of a `crypto_digest_t`. +/// +/// # Inputs +/// +/// * `digest`: A `CryptoDigest` which wraps either a `DIGEST_SHA256` or a +/// `DIGEST_SHA3_256`. +/// +/// # Warning +/// +/// Calling this function with a `CryptoDigest` which is neither SHA2-256 or +/// SHA3-256 is a programming error. Since we cannot introspect the opaque +/// struct from Rust, however, there is no way for us to check that the correct +/// one is being passed in. That is up to you, dear programmer. If you mess +/// up, you will get a incorrectly-sized hash digest in return, and it will be +/// your fault. Don't do that. +/// +/// # Returns +/// +/// A 256-bit hash digest, as a `[u8; 32]`. +/// +/// # C_RUST_COUPLED +/// +/// * `crypto_digest_get_digest` +/// * `DIGEST256_LEN` +// +// FIXME: Once const generics land in Rust, we should genericise calling +// crypto_digest_get_digest w.r.t. output array size. +pub fn get_256_bit_digest(digest: CryptoDigest) -> [u8; DIGEST256_LEN] { + let mut buffer: [u8; DIGEST256_LEN] = [0u8; DIGEST256_LEN]; + + unsafe { + crypto_digest_get_digest( + digest.0, + buffer.as_mut_ptr() as *mut c_char, + DIGEST256_LEN as size_t, + ); + + if buffer.as_ptr().is_null() { + abort(); + } + } + buffer +} + +/// Get the 512-bit digest output of a `crypto_digest_t`. +/// +/// # Inputs +/// +/// * `digest`: A `CryptoDigest` which wraps either a `DIGEST_SHA512` or a +/// `DIGEST_SHA3_512`. +/// +/// # Warning +/// +/// Calling this function with a `CryptoDigest` which is neither SHA2-512 or +/// SHA3-512 is a programming error. Since we cannot introspect the opaque +/// struct from Rust, however, there is no way for us to check that the correct +/// one is being passed in. That is up to you, dear programmer. If you mess +/// up, you will get a incorrectly-sized hash digest in return, and it will be +/// your fault. Don't do that. +/// +/// # Returns +/// +/// A 512-bit hash digest, as a `[u8; 64]`. +/// +/// # C_RUST_COUPLED +/// +/// * `crypto_digest_get_digest` +/// * `DIGEST512_LEN` +// +// FIXME: Once const generics land in Rust, we should genericise calling +// crypto_digest_get_digest w.r.t. output array size. +pub fn get_512_bit_digest(digest: CryptoDigest) -> [u8; DIGEST512_LEN] { + let mut buffer: [u8; DIGEST512_LEN] = [0u8; DIGEST512_LEN]; + + unsafe { + crypto_digest_get_digest( + digest.0, + buffer.as_mut_ptr() as *mut c_char, + DIGEST512_LEN as size_t, + ); + + if buffer.as_ptr().is_null() { + abort(); + } + } + buffer +} + +#[cfg(test)] +mod test { + use super::*; + + #[test] + fn test_layout_common_digests_t() { + assert_eq!( + ::std::mem::size_of::<common_digests_t>(), + 64usize, + concat!("Size of: ", stringify!(common_digests_t)) + ); + assert_eq!( + ::std::mem::align_of::<common_digests_t>(), + 1usize, + concat!("Alignment of ", stringify!(common_digests_t)) + ); + } + + #[test] + fn test_layout_crypto_digest_t() { + assert_eq!( + ::std::mem::size_of::<crypto_digest_t>(), + 0usize, + concat!("Size of: ", stringify!(crypto_digest_t)) + ); + assert_eq!( + ::std::mem::align_of::<crypto_digest_t>(), + 1usize, + concat!("Alignment of ", stringify!(crypto_digest_t)) + ); + } +} diff --git a/src/rust/external/crypto_rand.rs b/src/rust/external/crypto_rand.rs new file mode 100644 index 0000000000..b68f98b358 --- /dev/null +++ b/src/rust/external/crypto_rand.rs @@ -0,0 +1,84 @@ +// Copyright (c) 2018, The Tor Project, Inc. +// Copyright (c) 2018, isis agora lovecruft +// See LICENSE for licensing information + +//! Bindings to external (P)RNG interfaces and utilities in +//! src/common/crypto_rand.[ch]. +//! +//! We wrap our C implementations in src/common/crypto_rand.[ch] here in order +//! to provide wrappers with native Rust types, and then provide more Rusty +//! types and and trait implementations in src/rust/crypto/rand/. + +use std::time::Duration; + +use libc::c_double; +use libc::c_int; +use libc::size_t; +use libc::time_t; +use libc::uint8_t; + +extern "C" { + fn crypto_seed_rng() -> c_int; + fn crypto_rand(out: *mut uint8_t, out_len: size_t); + fn crypto_strongest_rand(out: *mut uint8_t, out_len: size_t); + fn crypto_rand_time_range(min: time_t, max: time_t) -> time_t; + fn crypto_rand_double() -> c_double; +} + +/// Seed OpenSSL's random number generator with bytes from the operating +/// system. +/// +/// # Returns +/// +/// `true` on success; `false` on failure. +pub fn c_tor_crypto_seed_rng() -> bool { + let ret: c_int; + + unsafe { + ret = crypto_seed_rng(); + } + match ret { + 0 => return true, + _ => return false, + } +} + +/// Fill the bytes of `dest` with random data. +pub fn c_tor_crypto_rand(dest: &mut [u8]) { + unsafe { + crypto_rand(dest.as_mut_ptr(), dest.len() as size_t); + } +} + +/// Fill the bytes of `dest` with "strong" random data by hashing +/// together randomness obtained from OpenSSL's RNG and the operating +/// system. +pub fn c_tor_crypto_strongest_rand(dest: &mut [u8]) { + // We'll let the C side panic if the len is larger than + // MAX_STRONGEST_RAND_SIZE, rather than potentially panicking here. A + // paranoid caller should assert on the length of dest *before* calling this + // function. + unsafe { + crypto_strongest_rand(dest.as_mut_ptr(), dest.len() as size_t); + } +} + +/// Get a random time, in seconds since the Unix Epoch. +/// +/// # Returns +/// +/// A `std::time::Duration` of seconds since the Unix Epoch. +pub fn c_tor_crypto_rand_time_range(min: &Duration, max: &Duration) -> Duration { + let ret: time_t; + + unsafe { + ret = crypto_rand_time_range(min.as_secs() as time_t, max.as_secs() as time_t); + } + + Duration::from_secs(ret as u64) +} + +/// Return a pseudorandom 64-bit float, chosen uniformly from the range [0.0, 1.0). +pub fn c_tor_crypto_rand_double() -> f64 { + unsafe { crypto_rand_double() } +} diff --git a/src/rust/external/external.rs b/src/rust/external/external.rs index b9e17f021d..aa43d2a928 100644 --- a/src/rust/external/external.rs +++ b/src/rust/external/external.rs @@ -1,17 +1,14 @@ -// Copyright (c) 2016-2017, The Tor Project, Inc. */ +// Copyright (c) 2016-2018, The Tor Project, Inc. */ // See LICENSE for licensing information */ use libc::{c_char, c_int}; use std::ffi::CString; extern "C" { - fn tor_version_as_new_as( - platform: *const c_char, - cutoff: *const c_char, - ) -> c_int; + fn tor_version_as_new_as(platform: *const c_char, cutoff: *const c_char) -> c_int; } -/// Wrap calls to tor_version_as_new_as, defined in src/or/routerparse.c +/// Wrap calls to tor_version_as_new_as, defined in routerparse.c pub fn c_tor_version_as_new_as(platform: &str, cutoff: &str) -> bool { // CHK: These functions should log a warning if an error occurs. This // can be added when integration with tor's logger is added to rust @@ -25,9 +22,16 @@ pub fn c_tor_version_as_new_as(platform: &str, cutoff: &str) -> bool { Err(_) => return false, }; - let result: c_int = unsafe { - tor_version_as_new_as(c_platform.as_ptr(), c_cutoff.as_ptr()) - }; + let result: c_int = unsafe { tor_version_as_new_as(c_platform.as_ptr(), c_cutoff.as_ptr()) }; result == 1 } + +extern "C" { + fn tor_is_using_nss() -> c_int; +} + +/// Return true if Tor was built to use NSS. +pub fn c_tor_is_using_nss() -> bool { + 0 != unsafe { tor_is_using_nss() } +} diff --git a/src/rust/external/lib.rs b/src/rust/external/lib.rs index 0af0d6452d..b72a4f6e4c 100644 --- a/src/rust/external/lib.rs +++ b/src/rust/external/lib.rs @@ -1,4 +1,4 @@ -//! Copyright (c) 2016-2017, The Tor Project, Inc. */ +//! Copyright (c) 2016-2018, The Tor Project, Inc. */ //! See LICENSE for licensing information */ //! Interface for external calls to tor C ABI @@ -9,6 +9,11 @@ extern crate libc; +extern crate smartlist; + +pub mod crypto_digest; +mod crypto_rand; mod external; +pub use crypto_rand::*; pub use external::*; diff --git a/src/rust/include.am b/src/rust/include.am index 7a0181e373..5e5b0b3faf 100644 --- a/src/rust/include.am +++ b/src/rust/include.am @@ -1,10 +1,19 @@ include src/rust/tor_rust/include.am EXTRA_DIST +=\ + src/rust/build.rs \ src/rust/Cargo.toml \ src/rust/Cargo.lock \ src/rust/.cargo/config.in \ + src/rust/crypto/Cargo.toml \ + src/rust/crypto/lib.rs \ + src/rust/crypto/digests/mod.rs \ + src/rust/crypto/digests/sha2.rs \ + src/rust/crypto/rand/mod.rs \ + src/rust/crypto/rand/rng.rs \ src/rust/external/Cargo.toml \ + src/rust/external/crypto_digest.rs \ + src/rust/external/crypto_rand.rs \ src/rust/external/external.rs \ src/rust/external/lib.rs \ src/rust/protover/Cargo.toml \ @@ -20,6 +29,9 @@ EXTRA_DIST +=\ src/rust/tor_allocate/Cargo.toml \ src/rust/tor_allocate/lib.rs \ src/rust/tor_allocate/tor_allocate.rs \ + src/rust/tor_log/Cargo.toml \ + src/rust/tor_log/lib.rs \ + src/rust/tor_log/tor_log.rs \ src/rust/tor_rust/Cargo.toml \ src/rust/tor_rust/include.am \ src/rust/tor_rust/lib.rs \ diff --git a/src/rust/protover/Cargo.toml b/src/rust/protover/Cargo.toml index 86301b8787..2f7783e76c 100644 --- a/src/rust/protover/Cargo.toml +++ b/src/rust/protover/Cargo.toml @@ -3,6 +3,13 @@ authors = ["The Tor Project"] version = "0.0.1" name = "protover" +[features] +# We have to define a feature here because doctests don't get cfg(test), +# and we need to disable some C dependencies when running the doctests +# because of the various linker issues. See +# https://github.com/rust-lang/rust/issues/45599 +test_linking_hack = [] + [dependencies] libc = "=0.2.39" @@ -18,8 +25,10 @@ path = "../tor_util" [dependencies.tor_allocate] path = "../tor_allocate" +[dependencies.tor_log] +path = "../tor_log" + [lib] name = "protover" path = "lib.rs" crate_type = ["rlib", "staticlib"] - diff --git a/src/rust/protover/errors.rs b/src/rust/protover/errors.rs index d9dc73381f..f26a48b019 100644 --- a/src/rust/protover/errors.rs +++ b/src/rust/protover/errors.rs @@ -25,22 +25,33 @@ pub enum ProtoverError { impl Display for ProtoverError { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { match *self { - ProtoverError::Overlap - => write!(f, "Two or more (low, high) protover ranges would overlap once expanded."), - ProtoverError::LowGreaterThanHigh - => write!(f, "The low in a (low, high) protover range was greater than high."), - ProtoverError::Unparseable - => write!(f, "The protover string was unparseable."), - ProtoverError::ExceedsMax - => write!(f, "The high in a (low, high) protover range exceeds u32::MAX."), - ProtoverError::ExceedsExpansionLimit - => write!(f, "The protover string would exceed the maximum expansion limit."), - ProtoverError::UnknownProtocol - => write!(f, "A protocol in the protover string we attempted to parse is unknown."), - ProtoverError::ExceedsNameLimit - => write!(f, "An unrecognised protocol name was too long."), - ProtoverError::InvalidProtocol - => write!(f, "A protocol name includes invalid characters."), + ProtoverError::Overlap => write!( + f, + "Two or more (low, high) protover ranges would overlap once expanded." + ), + ProtoverError::LowGreaterThanHigh => write!( + f, + "The low in a (low, high) protover range was greater than high." + ), + ProtoverError::Unparseable => write!(f, "The protover string was unparseable."), + ProtoverError::ExceedsMax => write!( + f, + "The high in a (low, high) protover range exceeds u32::MAX." + ), + ProtoverError::ExceedsExpansionLimit => write!( + f, + "The protover string would exceed the maximum expansion limit." + ), + ProtoverError::UnknownProtocol => write!( + f, + "A protocol in the protover string we attempted to parse is unknown." + ), + ProtoverError::ExceedsNameLimit => { + write!(f, "An unrecognised protocol name was too long.") + } + ProtoverError::InvalidProtocol => { + write!(f, "A protocol name includes invalid characters.") + } } } } diff --git a/src/rust/protover/ffi.rs b/src/rust/protover/ffi.rs index f803bd0155..940f923327 100644 --- a/src/rust/protover/ffi.rs +++ b/src/rust/protover/ffi.rs @@ -1,9 +1,9 @@ -// Copyright (c) 2016-2017, The Tor Project, Inc. */ +// Copyright (c) 2016-2018, The Tor Project, Inc. */ // See LICENSE for licensing information */ //! FFI functions, only to be called from C. //! -//! Equivalent C versions of this api are in `src/or/protover.c` +//! Equivalent C versions of this api are in `protover.c` use libc::{c_char, c_int, uint32_t}; use std::ffi::CStr; @@ -11,9 +11,6 @@ use std::ffi::CString; use smartlist::*; use tor_allocate::allocate_and_copy_string; -use tor_util::strings::byte_slice_is_c_like; -use tor_util::strings::empty_static_cstr; - use errors::ProtoverError; use protover::*; @@ -21,7 +18,7 @@ use protover::*; /// Translate C enums to Rust Proto enums, using the integer value of the C /// enum to map to its associated Rust enum. /// -/// C_RUST_COUPLED: src/or/protover.h `protocol_type_t` +/// C_RUST_COUPLED: protover.h `protocol_type_t` fn translate_to_rust(c_proto: uint32_t) -> Result<Protocol, ProtoverError> { match c_proto { 0 => Ok(Protocol::Link), @@ -45,7 +42,6 @@ pub extern "C" fn protover_all_supported( c_relay_version: *const c_char, missing_out: *mut *mut c_char, ) -> c_int { - if c_relay_version.is_null() { return 1; } @@ -61,13 +57,11 @@ pub extern "C" fn protover_all_supported( let relay_proto_entry: UnvalidatedProtoEntry = match UnvalidatedProtoEntry::from_str_any_len(relay_version) { - Ok(n) => n, - Err(_) => return 1, - }; - let maybe_unsupported: Option<UnvalidatedProtoEntry> = relay_proto_entry.all_supported(); + Ok(n) => n, + Err(_) => return 1, + }; - if maybe_unsupported.is_some() { - let unsupported: UnvalidatedProtoEntry = maybe_unsupported.unwrap(); + if let Some(unsupported) = relay_proto_entry.all_supported() { let c_unsupported: CString = match CString::new(unsupported.to_string()) { Ok(n) => n, Err(_) => return 1, @@ -103,23 +97,22 @@ pub extern "C" fn protocol_list_supports_protocol( Err(_) => return 1, }; let proto_entry: UnvalidatedProtoEntry = match protocol_list.parse() { - Ok(n) => n, + Ok(n) => n, Err(_) => return 0, }; let protocol: UnknownProtocol = match translate_to_rust(c_protocol) { Ok(n) => n.into(), Err(_) => return 0, }; - match proto_entry.supports_protocol(&protocol, &version) { - false => return 0, - true => return 1, + if proto_entry.supports_protocol(&protocol, &version) { + 1 + } else { + 0 } } #[no_mangle] -pub extern "C" fn protover_contains_long_protocol_names_( - c_protocol_list: *const c_char -) -> c_int { +pub extern "C" fn protover_contains_long_protocol_names_(c_protocol_list: *const c_char) -> c_int { if c_protocol_list.is_null() { return 1; } @@ -130,13 +123,10 @@ pub extern "C" fn protover_contains_long_protocol_names_( let protocol_list = match c_str.to_str() { Ok(n) => n, - Err(_) => return 1 + Err(_) => return 1, }; - let protocol_entry : Result<UnvalidatedProtoEntry,_> = - protocol_list.parse(); - - match protocol_entry { + match protocol_list.parse::<UnvalidatedProtoEntry>() { Ok(_) => 0, Err(_) => 1, } @@ -169,7 +159,7 @@ pub extern "C" fn protocol_list_supports_protocol_or_later( }; let proto_entry: UnvalidatedProtoEntry = match protocol_list.parse() { - Ok(n) => n, + Ok(n) => n, Err(_) => return 1, }; @@ -185,18 +175,7 @@ pub extern "C" fn protocol_list_supports_protocol_or_later( pub extern "C" fn protover_get_supported_protocols() -> *const c_char { let supported: &'static CStr; - // If we're going to pass it to C, there cannot be any intermediate NUL - // bytes. An assert is okay here, since changing the const byte slice - // in protover.rs to contain a NUL byte somewhere in the middle would be a - // programming error. - assert!(byte_slice_is_c_like(SUPPORTED_PROTOCOLS)); - - // It's okay to unwrap the result of this function because - // we can see that the bytes we're passing into it 1) are valid UTF-8, - // 2) have no intermediate NUL bytes, and 3) are terminated with a NUL - // byte. - supported = CStr::from_bytes_with_nul(SUPPORTED_PROTOCOLS).unwrap(); - + supported = get_supported_protocols_cstr(); supported.as_ptr() } @@ -205,14 +184,9 @@ pub extern "C" fn protover_get_supported_protocols() -> *const c_char { // // Why is the threshold a signed integer? —isis #[no_mangle] -pub extern "C" fn protover_compute_vote( - list: *const Stringlist, - threshold: c_int -) -> *mut c_char { - +pub extern "C" fn protover_compute_vote(list: *const Stringlist, threshold: c_int) -> *mut c_char { if list.is_null() { - let empty = String::new(); - return allocate_and_copy_string(&empty); + return allocate_and_copy_string(""); } // Dereference of raw pointer requires an unsafe block. The pointer is @@ -223,8 +197,8 @@ pub extern "C" fn protover_compute_vote( for datum in data { let entry: UnvalidatedProtoEntry = match datum.parse() { - Ok(n) => n, - Err(_) => continue + Ok(n) => n, + Err(_) => continue, }; proto_entries.push(entry); } @@ -236,10 +210,7 @@ pub extern "C" fn protover_compute_vote( /// Provide an interface for C to translate arguments and return types for /// protover::is_supported_here #[no_mangle] -pub extern "C" fn protover_is_supported_here( - c_protocol: uint32_t, - version: uint32_t, -) -> c_int { +pub extern "C" fn protover_is_supported_here(c_protocol: uint32_t, version: uint32_t) -> c_int { let protocol = match translate_to_rust(c_protocol) { Ok(n) => n, Err(_) => return 0, @@ -255,10 +226,9 @@ pub extern "C" fn protover_is_supported_here( #[no_mangle] pub extern "C" fn protover_compute_for_old_tor(version: *const c_char) -> *const c_char { let supported: &'static CStr; - let elder_protocols: &'static [u8]; let empty: &'static CStr; - empty = empty_static_cstr(); + empty = cstr!(""); if version.is_null() { return empty.as_ptr(); @@ -273,19 +243,6 @@ pub extern "C" fn protover_compute_for_old_tor(version: *const c_char) -> *const Err(_) => return empty.as_ptr(), }; - elder_protocols = compute_for_old_tor_cstr(&version); - - // If we're going to pass it to C, there cannot be any intermediate NUL - // bytes. An assert is okay here, since changing the const byte slice - // in protover.rs to contain a NUL byte somewhere in the middle would be a - // programming error. - assert!(byte_slice_is_c_like(elder_protocols)); - - // It's okay to unwrap the result of this function because - // we can see that the bytes we're passing into it 1) are valid UTF-8, - // 2) have no intermediate NUL bytes, and 3) are terminated with a NUL - // byte. - supported = CStr::from_bytes_with_nul(elder_protocols).unwrap_or(empty); - + supported = compute_for_old_tor_cstr(&version); supported.as_ptr() } diff --git a/src/rust/protover/lib.rs b/src/rust/protover/lib.rs index 483260bca8..9625cb58ad 100644 --- a/src/rust/protover/lib.rs +++ b/src/rust/protover/lib.rs @@ -1,4 +1,4 @@ -//! Copyright (c) 2016-2017, The Tor Project, Inc. */ +//! Copyright (c) 2016-2018, The Tor Project, Inc. */ //! See LICENSE for licensing information */ //! Versioning information for different pieces of the Tor protocol. @@ -22,17 +22,19 @@ //! protocols to develop independently, without having to claim compatibility //! with specific versions of Tor. -#[deny(missing_docs)] +// XXX: add missing docs +//#![deny(missing_docs)] +extern crate external; extern crate libc; extern crate smartlist; -extern crate external; extern crate tor_allocate; +#[macro_use] extern crate tor_util; pub mod errors; +pub mod ffi; pub mod protoset; mod protover; -pub mod ffi; pub use protover::*; diff --git a/src/rust/protover/protoset.rs b/src/rust/protover/protoset.rs index b99e1a99f7..aa8d243bad 100644 --- a/src/rust/protover/protoset.rs +++ b/src/rust/protover/protoset.rs @@ -4,6 +4,8 @@ //! Sets for lazily storing ordered, non-overlapping ranges of integers. +use std::cmp; +use std::iter; use std::slice; use std::str::FromStr; use std::u32; @@ -53,7 +55,7 @@ impl Default for ProtoSet { fn default() -> Self { let pairs: Vec<(Version, Version)> = Vec::new(); - ProtoSet{ pairs } + ProtoSet { pairs } } } @@ -73,7 +75,7 @@ impl<'a> ProtoSet { pairs.sort_unstable(); pairs.dedup(); - ProtoSet{ pairs }.is_ok() + ProtoSet { pairs }.is_ok() } } @@ -240,8 +242,8 @@ impl ProtoSet { false } - /// Retain only the `Version`s in this `ProtoSet` for which the predicate - /// `F` returns `true`. + /// Returns all the `Version`s in `self` which are not also in the `other` + /// `ProtoSet`. /// /// # Examples /// @@ -250,24 +252,45 @@ impl ProtoSet { /// use protover::protoset::ProtoSet; /// /// # fn do_test() -> Result<bool, ProtoverError> { - /// let mut protoset: ProtoSet = "1,3-5,9".parse()?; + /// let protoset: ProtoSet = "1,3-6,10-12,15-16".parse()?; + /// let other: ProtoSet = "2,5-7,9-11,14-20".parse()?; /// - /// // Keep only versions less than or equal to 8: - /// protoset.retain(|x| x <= &8); + /// let subset: ProtoSet = protoset.and_not_in(&other); /// - /// assert_eq!(protoset.expand(), vec![1, 3, 4, 5]); + /// assert_eq!(subset.expand(), vec![1, 3, 4, 12]); /// # /// # Ok(true) /// # } /// # fn main() { do_test(); } // wrap the test so we can use the ? operator /// ``` - // XXX we could probably do something more efficient here. —isis - pub fn retain<F>(&mut self, f: F) - where F: FnMut(&Version) -> bool - { - let mut expanded: Vec<Version> = self.clone().expand(); - expanded.retain(f); - *self = expanded.into(); + pub fn and_not_in(&self, other: &Self) -> Self { + if self.is_empty() || other.is_empty() { + return self.clone(); + } + + let pairs = self.iter().flat_map(|&(lo, hi)| { + let the_end = (hi + 1, hi + 1); // special case to mark the end of the range. + let excluded_ranges = other + .iter() + .cloned() // have to be owned tuples, to match iter::once(the_end). + .skip_while(move|&(_, hi2)| hi2 < lo) // skip the non-overlapping ranges. + .take_while(move|&(lo2, _)| lo2 <= hi) // take all the overlapping ones. + .chain(iter::once(the_end)); + + let mut nextlo = lo; + excluded_ranges.filter_map(move |(excluded_lo, excluded_hi)| { + let pair = if nextlo < excluded_lo { + Some((nextlo, excluded_lo - 1)) + } else { + None + }; + nextlo = cmp::min(excluded_hi, u32::MAX - 1) + 1; + pair + }) + }); + + let pairs = pairs.collect(); + ProtoSet::is_ok(ProtoSet { pairs }).expect("should be already sorted") } } @@ -299,7 +322,7 @@ impl FromStr for ProtoSet { /// * there are greater than 2^16 version numbers to expand. /// /// # Examples - /// + /// /// ``` /// use std::str::FromStr; /// @@ -329,49 +352,41 @@ impl FromStr for ProtoSet { /// assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("3-")); /// assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("1-,4")); /// - /// // Things which would get parsed into an _empty_ `ProtoSet` are, - /// // however, legal, and result in an empty `ProtoSet`: + /// // An empty string is, however, legal, and results in an + /// // empty `ProtoSet`: /// assert_eq!(Ok(ProtoSet::default()), ProtoSet::from_str("")); - /// assert_eq!(Ok(ProtoSet::default()), ProtoSet::from_str(",,,")); /// # /// # Ok(protoset) /// # } /// # fn main() { do_test(); } // wrap the test so we can use the ? operator /// ``` fn from_str(version_string: &str) -> Result<Self, Self::Err> { + // If we were passed in an empty string, then return an empty ProtoSet. + if version_string.is_empty() { + return Ok(Self::default()); + } + let mut pairs: Vec<(Version, Version)> = Vec::new(); let pieces: ::std::str::Split<char> = version_string.split(','); for p in pieces { - if p.is_empty() { - continue; - } else if p.contains('-') { + if p.contains('-') { let mut pair = p.splitn(2, '-'); - let low = pair.next().ok_or(ProtoverError::Unparseable)?; + let low = pair.next().ok_or(ProtoverError::Unparseable)?; let high = pair.next().ok_or(ProtoverError::Unparseable)?; - let lo: Version = low.parse().or(Err(ProtoverError::Unparseable))?; + let lo: Version = low.parse().or(Err(ProtoverError::Unparseable))?; let hi: Version = high.parse().or(Err(ProtoverError::Unparseable))?; - if lo == u32::MAX || hi == u32::MAX { - return Err(ProtoverError::ExceedsMax); - } pairs.push((lo, hi)); } else { let v: u32 = p.parse().or(Err(ProtoverError::Unparseable))?; - if v == u32::MAX { - return Err(ProtoverError::ExceedsMax); - } pairs.push((v, v)); } } - // If we were passed in an empty string, or - // simply a comma, or a pile of commas, then return an empty ProtoSet. - if pairs.len() == 0 { - return Ok(ProtoSet::default()); - } + ProtoSet::from_slice(&pairs[..]) } } @@ -455,11 +470,11 @@ impl From<Vec<Version>> for ProtoSet { if has_range { let first: Version = match v.first() { Some(x) => *x, - None => continue, + None => continue, }; - let last: Version = match v.get(index) { + let last: Version = match v.get(index) { Some(x) => *x, - None => continue, + None => continue, }; debug_assert!(last == end, format!("last = {}, end = {}", last, end)); @@ -472,7 +487,7 @@ impl From<Vec<Version>> for ProtoSet { } else { let last: Version = match v.get(index) { Some(x) => *x, - None => continue, + None => continue, }; version_pairs.push((last, last)); v.remove(index); @@ -496,22 +511,22 @@ mod test { } macro_rules! assert_contains_each { - ($protoset:expr, $versions:expr) => ( + ($protoset:expr, $versions:expr) => { for version in $versions { assert!($protoset.contains(version)); } - ) + }; } macro_rules! test_protoset_contains_versions { - ($list:expr, $str:expr) => ( + ($list:expr, $str:expr) => { let versions: &[Version] = $list; let protoset: Result<ProtoSet, ProtoverError> = ProtoSet::from_str($str); assert!(protoset.is_ok()); let p = protoset.unwrap(); assert_contains_each!(p, versions); - ) + }; } #[test] @@ -536,6 +551,13 @@ mod test { } #[test] + fn test_versions_from_str_commas() { + assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str(",")); + assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("1,,2")); + assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("1,2,")); + } + + #[test] fn test_versions_from_str_hyphens() { assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("--1")); assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("-1-2")); @@ -571,26 +593,41 @@ mod test { #[test] fn test_versions_from_slice_overlap() { - assert_eq!(Err(ProtoverError::Overlap), ProtoSet::from_slice(&[(1, 3), (2, 4)])); + assert_eq!( + Err(ProtoverError::Overlap), + ProtoSet::from_slice(&[(1, 3), (2, 4)]) + ); } #[test] fn test_versions_from_str_max() { - assert_eq!(Err(ProtoverError::ExceedsMax), ProtoSet::from_str("4294967295")); + assert_eq!( + Err(ProtoverError::ExceedsMax), + ProtoSet::from_str("4294967295") + ); } #[test] fn test_versions_from_slice_max() { - assert_eq!(Err(ProtoverError::ExceedsMax), ProtoSet::from_slice(&[(4294967295, 4294967295)])); + assert_eq!( + Err(ProtoverError::ExceedsMax), + ProtoSet::from_slice(&[(4294967295, 4294967295)]) + ); } #[test] fn test_protoset_contains() { let protoset: ProtoSet = ProtoSet::from_slice(&[(1, 5), (7, 9), (13, 14)]).unwrap(); - for x in 1..6 { assert!(protoset.contains(&x), format!("should contain {}", x)); } - for x in 7..10 { assert!(protoset.contains(&x), format!("should contain {}", x)); } - for x in 13..15 { assert!(protoset.contains(&x), format!("should contain {}", x)); } + for x in 1..6 { + assert!(protoset.contains(&x), format!("should contain {}", x)); + } + for x in 7..10 { + assert!(protoset.contains(&x), format!("should contain {}", x)); + } + for x in 13..15 { + assert!(protoset.contains(&x), format!("should contain {}", x)); + } for x in [6, 10, 11, 12, 15, 42, 43, 44, 45, 1234584].iter() { assert!(!protoset.contains(&x), format!("should not contain {}", x)); @@ -601,7 +638,9 @@ mod test { fn test_protoset_contains_1_3() { let protoset: ProtoSet = ProtoSet::from_slice(&[(1, 3)]).unwrap(); - for x in 1..4 { assert!(protoset.contains(&x), format!("should contain {}", x)); } + for x in 1..4 { + assert!(protoset.contains(&x), format!("should contain {}", x)); + } } macro_rules! assert_protoset_from_vec_contains_all { @@ -627,7 +666,7 @@ mod test { #[test] fn test_protoset_from_vec_unordered() { - let v: Vec<Version> = vec!(2, 3, 8, 4, 3, 9, 7, 2); + let v: Vec<Version> = vec![2, 3, 8, 4, 3, 9, 7, 2]; let ps: ProtoSet = v.into(); assert_eq!(ps.to_string(), "2-4,7-9"); diff --git a/src/rust/protover/protover.rs b/src/rust/protover/protover.rs index b3563b0637..8624afeafa 100644 --- a/src/rust/protover/protover.rs +++ b/src/rust/protover/protover.rs @@ -1,63 +1,39 @@ -// Copyright (c) 2016-2017, The Tor Project, Inc. */ +// Copyright (c) 2016-2018, The Tor Project, Inc. */ // See LICENSE for licensing information */ -use std::collections::HashMap; use std::collections::hash_map; +use std::collections::HashMap; +use std::ffi::CStr; use std::fmt; use std::str; use std::str::FromStr; use std::string::String; -use tor_util::strings::NUL_BYTE; use external::c_tor_version_as_new_as; use errors::ProtoverError; -use protoset::Version; use protoset::ProtoSet; +use protoset::Version; /// The first version of Tor that included "proto" entries in its descriptors. /// Authorities should use this to decide whether to guess proto lines. /// /// C_RUST_COUPLED: -/// src/or/protover.h `FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS` +/// protover.h `FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS` const FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS: &'static str = "0.2.9.3-alpha"; /// The maximum number of subprotocol version numbers we will attempt to expand /// before concluding that someone is trying to DoS us /// -/// C_RUST_COUPLED: src/or/protover.c `MAX_PROTOCOLS_TO_EXPAND` -const MAX_PROTOCOLS_TO_EXPAND: usize = (1<<16); +/// C_RUST_COUPLED: protover.c `MAX_PROTOCOLS_TO_EXPAND` +const MAX_PROTOCOLS_TO_EXPAND: usize = (1 << 16); /// The maximum size an `UnknownProtocol`'s name may be. pub(crate) const MAX_PROTOCOL_NAME_LENGTH: usize = 100; -/// Currently supported protocols and their versions, as a byte-slice. -/// -/// # Warning -/// -/// This byte-slice ends in a NUL byte. This is so that we can directly convert -/// it to an `&'static CStr` in the FFI code, in order to hand the static string -/// to C in a way that is compatible with C static strings. -/// -/// Rust code which wishes to accesses this string should use -/// `protover::get_supported_protocols()` instead. -/// -/// C_RUST_COUPLED: src/or/protover.c `protover_get_supported_protocols` -pub(crate) const SUPPORTED_PROTOCOLS: &'static [u8] = - b"Cons=1-2 \ - Desc=1-2 \ - DirCache=1-2 \ - HSDir=1-2 \ - HSIntro=3-4 \ - HSRend=1-2 \ - Link=1-5 \ - LinkAuth=1,3 \ - Microdesc=1-2 \ - Relay=1-2\0"; - /// Known subprotocols in Tor. Indicates which subprotocol a relay supports. /// -/// C_RUST_COUPLED: src/or/protover.h `protocol_type_t` +/// C_RUST_COUPLED: protover.h `protocol_type_t` #[derive(Clone, Hash, Eq, PartialEq, Debug)] pub enum Protocol { Cons, @@ -81,7 +57,7 @@ impl fmt::Display for Protocol { /// Translates a string representation of a protocol into a Proto type. /// Error if the string is an unrecognized protocol name. /// -/// C_RUST_COUPLED: src/or/protover.c `PROTOCOL_NAMES` +/// C_RUST_COUPLED: protover.c `PROTOCOL_NAMES` impl FromStr for Protocol { type Err = ProtoverError; @@ -148,21 +124,61 @@ impl From<Protocol> for UnknownProtocol { } } -/// Get the string representation of current supported protocols +#[cfg(feature = "test_linking_hack")] +fn have_linkauth_v1() -> bool { + true +} + +#[cfg(not(feature = "test_linking_hack"))] +fn have_linkauth_v1() -> bool { + use external::c_tor_is_using_nss; + !c_tor_is_using_nss() +} + +/// Get a CStr representation of current supported protocols, for +/// passing to C, or for converting to a `&str` for Rust. /// /// # Returns /// -/// A `String` whose value is the existing protocols supported by tor. +/// An `&'static CStr` whose value is the existing protocols supported by tor. /// Returned data is in the format as follows: /// /// "HSDir=1-1 LinkAuth=1" /// -pub fn get_supported_protocols() -> &'static str { - // The `len() - 1` is to remove the NUL byte. - // The `unwrap` is safe becauase we SUPPORTED_PROTOCOLS is under - // our control. - str::from_utf8(&SUPPORTED_PROTOCOLS[..SUPPORTED_PROTOCOLS.len() - 1]) - .unwrap_or("") +/// # Note +/// +/// Rust code can use the `&'static CStr` as a normal `&'a str` by +/// calling `protover::get_supported_protocols`. +/// +// C_RUST_COUPLED: protover.c `protover_get_supported_protocols` +pub(crate) fn get_supported_protocols_cstr() -> &'static CStr { + if !have_linkauth_v1() { + cstr!( + "Cons=1-2 \ + Desc=1-2 \ + DirCache=1-2 \ + HSDir=1-2 \ + HSIntro=3-4 \ + HSRend=1-2 \ + Link=1-5 \ + LinkAuth=3 \ + Microdesc=1-2 \ + Relay=1-2" + ) + } else { + cstr!( + "Cons=1-2 \ + Desc=1-2 \ + DirCache=1-2 \ + HSDir=1-2 \ + HSIntro=3-4 \ + HSRend=1-2 \ + Link=1-5 \ + LinkAuth=1,3 \ + Microdesc=1-2 \ + Relay=1-2" + ) + } } /// A map of protocol names to the versions of them which are supported. @@ -171,7 +187,7 @@ pub struct ProtoEntry(HashMap<Protocol, ProtoSet>); impl Default for ProtoEntry { fn default() -> ProtoEntry { - ProtoEntry( HashMap::new() ) + ProtoEntry(HashMap::new()) } } @@ -185,7 +201,8 @@ impl ProtoEntry { /// ProtoEntry, which is useful when looking up a specific /// subprotocol. pub fn supported() -> Result<Self, ProtoverError> { - let supported: &'static str = get_supported_protocols(); + let supported_cstr: &'static CStr = get_supported_protocols_cstr(); + let supported: &str = supported_cstr.to_str().unwrap_or(""); supported.parse() } @@ -224,9 +241,7 @@ impl FromStr for ProtoEntry { /// /// # Returns /// - /// A `Result` whose `Ok` value is a `ProtoEntry`, where the - /// first element is the subprotocol type (see `protover::Protocol`) and the last - /// element is an ordered set of `(low, high)` unique version numbers which are supported. + /// A `Result` whose `Ok` value is a `ProtoEntry`. /// Otherwise, the `Err` value of this `Result` is a `ProtoverError`. fn from_str(protocol_entry: &str) -> Result<ProtoEntry, ProtoverError> { let mut proto_entry: ProtoEntry = ProtoEntry::default(); @@ -260,7 +275,7 @@ impl FromStr for ProtoEntry { /// Generate an implementation of `ToString` for either a `ProtoEntry` or an /// `UnvalidatedProtoEntry`. macro_rules! impl_to_string_for_proto_entry { - ($t:ty) => ( + ($t:ty) => { impl ToString for $t { fn to_string(&self) -> String { let mut parts: Vec<String> = Vec::new(); @@ -272,7 +287,7 @@ macro_rules! impl_to_string_for_proto_entry { parts.join(" ") } } - ) + }; } impl_to_string_for_proto_entry!(ProtoEntry); @@ -286,7 +301,7 @@ pub struct UnvalidatedProtoEntry(HashMap<UnknownProtocol, ProtoSet>); impl Default for UnvalidatedProtoEntry { fn default() -> UnvalidatedProtoEntry { - UnvalidatedProtoEntry( HashMap::new() ) + UnvalidatedProtoEntry(HashMap::new()) } } @@ -344,7 +359,7 @@ impl UnvalidatedProtoEntry { pub fn all_supported(&self) -> Option<UnvalidatedProtoEntry> { let mut unsupported: UnvalidatedProtoEntry = UnvalidatedProtoEntry::default(); let supported: ProtoEntry = match ProtoEntry::supported() { - Ok(x) => x, + Ok(x) => x, Err(_) => return None, }; @@ -365,7 +380,6 @@ impl UnvalidatedProtoEntry { let maybe_supported_versions: Option<&ProtoSet> = supported.get(&supported_protocol); let supported_versions: &ProtoSet; - let mut unsupported_versions: ProtoSet; // If the protocol wasn't in the map, then we don't know about it // and don't support any of its versions. Add its versions to the @@ -378,8 +392,7 @@ impl UnvalidatedProtoEntry { } else { supported_versions = maybe_supported_versions.unwrap(); } - unsupported_versions = versions.clone(); - unsupported_versions.retain(|x| !supported_versions.contains(x)); + let unsupported_versions = versions.and_not_in(supported_versions); if !unsupported_versions.is_empty() { unsupported.insert(protocol.clone(), unsupported_versions); @@ -472,11 +485,12 @@ impl UnvalidatedProtoEntry { /// following are true: /// /// * If a protocol name is an empty string, e.g. `"Cons=1,3 =3-5"`. - /// * If a protocol name cannot be parsed as utf-8. - /// * If the version numbers are an empty string, e.g. `"Cons="`. - fn parse_protocol_and_version_str<'a>(protocol_string: &'a str) - -> Result<Vec<(&'a str, &'a str)>, ProtoverError> - { + /// * If an entry has no equals sign, e.g. `"Cons=1,3 Desc"`. + /// * If there is leading or trailing whitespace, e.g. `" Cons=1,3 Link=3"`. + /// * If there is any other extra whitespice, e.g. `"Cons=1,3 Link=3"`. + fn parse_protocol_and_version_str<'a>( + protocol_string: &'a str, + ) -> Result<Vec<(&'a str, &'a str)>, ProtoverError> { let mut protovers: Vec<(&str, &str)> = Vec::new(); for subproto in protocol_string.split(' ') { @@ -512,11 +526,9 @@ impl FromStr for UnvalidatedProtoEntry { /// /// # Returns /// - /// A `Result` whose `Ok` value is a `ProtoSet` holding all of the - /// unique version numbers. + /// A `Result` whose `Ok` value is an `UnvalidatedProtoEntry`. /// - /// The returned `Result`'s `Err` value is an `ProtoverError` whose `Display` - /// impl has a description of the error. + /// The returned `Result`'s `Err` value is an `ProtoverError`. /// /// # Errors /// @@ -543,9 +555,9 @@ impl FromStr for UnvalidatedProtoEntry { impl UnvalidatedProtoEntry { /// Create an `UnknownProtocol`, ignoring whether or not it /// exceeds MAX_PROTOCOL_NAME_LENGTH. - pub(crate) fn from_str_any_len(protocol_string: &str) - -> Result<UnvalidatedProtoEntry, ProtoverError> - { + pub(crate) fn from_str_any_len( + protocol_string: &str, + ) -> Result<UnvalidatedProtoEntry, ProtoverError> { let mut parsed: UnvalidatedProtoEntry = UnvalidatedProtoEntry::default(); let parts: Vec<(&str, &str)> = UnvalidatedProtoEntry::parse_protocol_and_version_str(protocol_string)?; @@ -580,11 +592,11 @@ impl From<ProtoEntry> for UnvalidatedProtoEntry { /// The "protocols" are *not* guaranteed to be known/supported `Protocol`s, in /// order to allow new subprotocols to be introduced even if Directory /// Authorities don't yet know of them. -pub struct ProtoverVote( HashMap<UnknownProtocol, HashMap<Version, usize>> ); +pub struct ProtoverVote(HashMap<UnknownProtocol, HashMap<Version, usize>>); impl Default for ProtoverVote { fn default() -> ProtoverVote { - ProtoverVote( HashMap::new() ) + ProtoverVote(HashMap::new()) } } @@ -598,9 +610,10 @@ impl IntoIterator for ProtoverVote { } impl ProtoverVote { - pub fn entry(&mut self, key: UnknownProtocol) - -> hash_map::Entry<UnknownProtocol, HashMap<Version, usize>> - { + pub fn entry( + &mut self, + key: UnknownProtocol, + ) -> hash_map::Entry<UnknownProtocol, HashMap<Version, usize>> { self.0.entry(key) } @@ -621,8 +634,11 @@ impl ProtoverVote { /// let vote = ProtoverVote::compute(protos, &2); /// assert_eq!("Link=3", vote.to_string()); /// ``` - // C_RUST_COUPLED: /src/or/protover.c protover_compute_vote - pub fn compute(proto_entries: &[UnvalidatedProtoEntry], threshold: &usize) -> UnvalidatedProtoEntry { + // C_RUST_COUPLED: protover.c protover_compute_vote + pub fn compute( + proto_entries: &[UnvalidatedProtoEntry], + threshold: &usize, + ) -> UnvalidatedProtoEntry { let mut all_count: ProtoverVote = ProtoverVote::default(); let mut final_output: UnvalidatedProtoEntry = UnvalidatedProtoEntry::default(); @@ -648,8 +664,7 @@ impl ProtoverVote { all_count.entry(protocol.clone()).or_insert(HashMap::new()); for version in versions.clone().expand() { - let counter: &mut usize = - supported_vers.entry(version).or_insert(0); + let counter: &mut usize = supported_vers.entry(version).or_insert(0); *counter += 1; } } @@ -705,7 +720,7 @@ pub fn is_supported_here(proto: &Protocol, vers: &Version) -> bool { /// /// # Returns /// -/// A `&'static [u8]` encoding a list of protocol names and supported +/// A `&'static CStr` encoding a list of protocol names and supported /// versions. The string takes the following format: /// /// "HSDir=1-1 LinkAuth=1" @@ -721,24 +736,31 @@ pub fn is_supported_here(proto: &Protocol, vers: &Version) -> bool { /// like to use this code in Rust, please see `compute_for_old_tor()`. // // C_RUST_COUPLED: src/rust/protover.c `compute_for_old_tor` -pub(crate) fn compute_for_old_tor_cstr(version: &str) -> &'static [u8] { +pub(crate) fn compute_for_old_tor_cstr(version: &str) -> &'static CStr { + let empty: &'static CStr = cstr!(""); + if c_tor_version_as_new_as(version, FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS) { - return NUL_BYTE; + return empty; } if c_tor_version_as_new_as(version, "0.2.9.1-alpha") { - return b"Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1-2 \ - Link=1-4 LinkAuth=1 Microdesc=1-2 Relay=1-2\0"; + return cstr!( + "Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1-2 \ + Link=1-4 LinkAuth=1 Microdesc=1-2 Relay=1-2" + ); } if c_tor_version_as_new_as(version, "0.2.7.5") { - return b"Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 \ - Link=1-4 LinkAuth=1 Microdesc=1-2 Relay=1-2\0"; + return cstr!( + "Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 \ + Link=1-4 LinkAuth=1 Microdesc=1-2 Relay=1-2" + ); } if c_tor_version_as_new_as(version, "0.2.4.19") { - return b"Cons=1 Desc=1 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 \ - Link=1-4 LinkAuth=1 Microdesc=1 Relay=1-2\0"; + return cstr!( + "Cons=1 Desc=1 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 \ + Link=1-4 LinkAuth=1 Microdesc=1 Relay=1-2" + ); } - - NUL_BYTE + empty } /// Since older versions of Tor cannot infer their own subprotocols, @@ -769,14 +791,11 @@ pub(crate) fn compute_for_old_tor_cstr(version: &str) -> &'static [u8] { // // C_RUST_COUPLED: src/rust/protover.c `compute_for_old_tor` pub fn compute_for_old_tor(version: &str) -> Result<&'static str, ProtoverError> { - let mut computed: &'static [u8] = compute_for_old_tor_cstr(version); - - // Remove the NULL byte at the end. - computed = &computed[..computed.len() - 1]; - - // .from_utf8() fails with a Utf8Error if it couldn't validate the + // .to_str() fails with a Utf8Error if it couldn't validate the // utf-8, so convert that here into an Unparseable ProtoverError. - str::from_utf8(computed).or(Err(ProtoverError::Unparseable)) + compute_for_old_tor_cstr(version) + .to_str() + .or(Err(ProtoverError::Unparseable)) } #[cfg(test)] @@ -810,19 +829,19 @@ mod test { } macro_rules! assert_protoentry_is_parseable { - ($e:expr) => ( + ($e:expr) => { let protoentry: Result<ProtoEntry, ProtoverError> = $e.parse(); assert!(protoentry.is_ok(), format!("{:?}", protoentry.err())); - ) + }; } macro_rules! assert_protoentry_is_unparseable { - ($e:expr) => ( + ($e:expr) => { let protoentry: Result<ProtoEntry, ProtoverError> = $e.parse(); assert!(protoentry.is_err()); - ) + }; } #[test] @@ -908,24 +927,45 @@ mod test { #[test] fn test_contract_protocol_list() { let mut versions = ""; - assert_eq!(String::from(versions), ProtoSet::from_str(&versions).unwrap().to_string()); + assert_eq!( + String::from(versions), + ProtoSet::from_str(&versions).unwrap().to_string() + ); versions = "1"; - assert_eq!(String::from(versions), ProtoSet::from_str(&versions).unwrap().to_string()); + assert_eq!( + String::from(versions), + ProtoSet::from_str(&versions).unwrap().to_string() + ); versions = "1-2"; - assert_eq!(String::from(versions), ProtoSet::from_str(&versions).unwrap().to_string()); + assert_eq!( + String::from(versions), + ProtoSet::from_str(&versions).unwrap().to_string() + ); versions = "1,3"; - assert_eq!(String::from(versions), ProtoSet::from_str(&versions).unwrap().to_string()); + assert_eq!( + String::from(versions), + ProtoSet::from_str(&versions).unwrap().to_string() + ); versions = "1-4"; - assert_eq!(String::from(versions), ProtoSet::from_str(&versions).unwrap().to_string()); + assert_eq!( + String::from(versions), + ProtoSet::from_str(&versions).unwrap().to_string() + ); versions = "1,3,5-7"; - assert_eq!(String::from(versions), ProtoSet::from_str(&versions).unwrap().to_string()); + assert_eq!( + String::from(versions), + ProtoSet::from_str(&versions).unwrap().to_string() + ); versions = "1-3,500"; - assert_eq!(String::from(versions), ProtoSet::from_str(&versions).unwrap().to_string()); + assert_eq!( + String::from(versions), + ProtoSet::from_str(&versions).unwrap().to_string() + ); } } diff --git a/src/rust/protover/tests/protover.rs b/src/rust/protover/tests/protover.rs index 59a4b5a8a0..86e276cf73 100644 --- a/src/rust/protover/tests/protover.rs +++ b/src/rust/protover/tests/protover.rs @@ -1,12 +1,12 @@ -// Copyright (c) 2016-2017, The Tor Project, Inc. */ +// Copyright (c) 2016-2018, The Tor Project, Inc. */ // See LICENSE for licensing information */ extern crate protover; +use protover::errors::ProtoverError; use protover::ProtoEntry; use protover::ProtoverVote; use protover::UnvalidatedProtoEntry; -use protover::errors::ProtoverError; #[test] fn parse_protocol_with_single_proto_and_single_version() { @@ -179,14 +179,16 @@ fn protover_compute_vote_returns_two_protocols_for_two_matching() { #[test] fn protover_compute_vote_returns_one_protocol_when_one_out_of_two_matches() { - let protocols: &[UnvalidatedProtoEntry] = &["Cons=1 Link=2".parse().unwrap(), "Cons=1".parse().unwrap()]; + let protocols: &[UnvalidatedProtoEntry] = + &["Cons=1 Link=2".parse().unwrap(), "Cons=1".parse().unwrap()]; let listed = ProtoverVote::compute(protocols, &2); assert_eq!("Cons=1", listed.to_string()); } #[test] fn protover_compute_vote_returns_protocols_that_it_doesnt_currently_support() { - let protocols: &[UnvalidatedProtoEntry] = &["Foo=1 Cons=2".parse().unwrap(), "Bar=1".parse().unwrap()]; + let protocols: &[UnvalidatedProtoEntry] = + &["Foo=1 Cons=2".parse().unwrap(), "Bar=1".parse().unwrap()]; let listed = ProtoverVote::compute(protocols, &1); assert_eq!("Bar=1 Cons=2 Foo=1", listed.to_string()); } @@ -222,10 +224,12 @@ fn protover_compute_vote_returns_matching_for_longer_mix_with_threshold_two() { #[test] fn protover_compute_vote_handles_duplicated_versions() { - let protocols: &[UnvalidatedProtoEntry] = &["Cons=1".parse().unwrap(), "Cons=1".parse().unwrap()]; + let protocols: &[UnvalidatedProtoEntry] = + &["Cons=1".parse().unwrap(), "Cons=1".parse().unwrap()]; assert_eq!("Cons=1", ProtoverVote::compute(protocols, &2).to_string()); - let protocols: &[UnvalidatedProtoEntry] = &["Cons=1-2".parse().unwrap(), "Cons=1-2".parse().unwrap()]; + let protocols: &[UnvalidatedProtoEntry] = + &["Cons=1-2".parse().unwrap(), "Cons=1-2".parse().unwrap()]; assert_eq!("Cons=1-2", ProtoverVote::compute(protocols, &2).to_string()); } @@ -246,12 +250,18 @@ fn parse_protocol_with_single_protocol_and_two_nonsequential_versions() { #[test] fn protover_is_supported_here_returns_true_for_supported_protocol() { - assert_eq!(true, protover::is_supported_here(&protover::Protocol::Cons, &1)); + assert_eq!( + true, + protover::is_supported_here(&protover::Protocol::Cons, &1) + ); } #[test] fn protover_is_supported_here_returns_false_for_unsupported_protocol() { - assert_eq!(false, protover::is_supported_here(&protover::Protocol::Cons, &5)); + assert_eq!( + false, + protover::is_supported_here(&protover::Protocol::Cons, &5) + ); } #[test] @@ -354,18 +364,18 @@ fn protover_all_supported_should_exclude_some_versions_and_entire_protocols() { #[test] fn protover_all_supported_should_not_dos_anyones_computer() { - let proto: UnvalidatedProtoEntry = "Sleen=1-2147483648".parse().unwrap(); + let proto: UnvalidatedProtoEntry = "Link=1-2147483648".parse().unwrap(); let result: String = proto.all_supported().unwrap().to_string(); - assert_eq!(result, "Sleen=1-2147483648".to_string()); + assert_eq!(result, "Link=6-2147483648".to_string()); } #[test] fn protover_all_supported_should_not_dos_anyones_computer_max_versions() { - let proto: UnvalidatedProtoEntry = "Sleen=1-4294967294".parse().unwrap(); + let proto: UnvalidatedProtoEntry = "Link=1-4294967294".parse().unwrap(); let result: String = proto.all_supported().unwrap().to_string(); - assert_eq!(result, "Sleen=1-4294967294".to_string()); + assert_eq!(result, "Link=6-4294967294".to_string()); } #[test] diff --git a/src/rust/smartlist/Cargo.toml b/src/rust/smartlist/Cargo.toml index 6ddcbee8e9..4ecdf50869 100644 --- a/src/rust/smartlist/Cargo.toml +++ b/src/rust/smartlist/Cargo.toml @@ -11,3 +11,9 @@ name = "smartlist" path = "lib.rs" crate_type = ["rlib", "staticlib"] +[features] +# We have to define a feature here because doctests don't get cfg(test), +# and we need to disable some C dependencies when running the doctests +# because of the various linker issues. See +# https://github.com/rust-lang/rust/issues/45599 +test_linking_hack = [] diff --git a/src/rust/smartlist/lib.rs b/src/rust/smartlist/lib.rs index 14a8148315..2716842af2 100644 --- a/src/rust/smartlist/lib.rs +++ b/src/rust/smartlist/lib.rs @@ -1,4 +1,4 @@ -// Copyright (c) 2016-2017, The Tor Project, Inc. */ +// Copyright (c) 2016-2018, The Tor Project, Inc. */ // See LICENSE for licensing information */ extern crate libc; diff --git a/src/rust/smartlist/smartlist.rs b/src/rust/smartlist/smartlist.rs index 2a822d89f4..bce58c0ef9 100644 --- a/src/rust/smartlist/smartlist.rs +++ b/src/rust/smartlist/smartlist.rs @@ -1,9 +1,9 @@ -// Copyright (c) 2016-2017, The Tor Project, Inc. */ +// Copyright (c) 2016-2018, The Tor Project, Inc. */ // See LICENSE for licensing information */ -use std::slice; use libc::{c_char, c_int}; use std::ffi::CStr; +use std::slice; /// Smartlists are a type used in C code in tor to define a collection of a /// generic type, which has a capacity and a number used. Each Smartlist @@ -65,8 +65,8 @@ mod test { fn test_get_list_of_strings() { extern crate libc; - use std::ffi::CString; use libc::c_char; + use std::ffi::CString; use super::Smartlist; use super::Stringlist; @@ -89,13 +89,13 @@ mod test { let args = vec![String::from("a"), String::from("b")]; // for each string, transform it into a CString - let c_strings: Vec<_> = args.iter() + let c_strings: Vec<_> = args + .iter() .map(|arg| CString::new(arg.as_str()).unwrap()) .collect(); // then, collect a pointer for each CString - let p_args: Vec<_> = - c_strings.iter().map(|arg| arg.as_ptr()).collect(); + let p_args: Vec<_> = c_strings.iter().map(|arg| arg.as_ptr()).collect(); let p: *const *const c_char = p_args.as_ptr(); diff --git a/src/rust/tor_allocate/Cargo.toml b/src/rust/tor_allocate/Cargo.toml index 468425f115..7bb3b9887f 100644 --- a/src/rust/tor_allocate/Cargo.toml +++ b/src/rust/tor_allocate/Cargo.toml @@ -11,3 +11,9 @@ name = "tor_allocate" path = "lib.rs" crate_type = ["rlib", "staticlib"] +[features] +# We have to define a feature here because doctests don't get cfg(test), +# and we need to disable some C dependencies when running the doctests +# because of the various linker issues. See +# https://github.com/rust-lang/rust/issues/45599 +test_linking_hack = [] diff --git a/src/rust/tor_allocate/lib.rs b/src/rust/tor_allocate/lib.rs index 937a5dcf63..5a355bc8d6 100644 --- a/src/rust/tor_allocate/lib.rs +++ b/src/rust/tor_allocate/lib.rs @@ -1,4 +1,4 @@ -// Copyright (c) 2016-2017, The Tor Project, Inc. */ +// Copyright (c) 2016-2018, The Tor Project, Inc. */ // See LICENSE for licensing information */ //! Allocation helper functions that allow data to be allocated in Rust diff --git a/src/rust/tor_allocate/tor_allocate.rs b/src/rust/tor_allocate/tor_allocate.rs index 359df1cd7a..48351d8482 100644 --- a/src/rust/tor_allocate/tor_allocate.rs +++ b/src/rust/tor_allocate/tor_allocate.rs @@ -1,12 +1,17 @@ -// Copyright (c) 2016-2017, The Tor Project, Inc. */ +// Copyright (c) 2016-2018, The Tor Project, Inc. */ // See LICENSE for licensing information */ - -use libc::{c_char, c_void}; -use std::{ptr, slice, mem}; - -#[cfg(not(test))] -extern "C" { - fn tor_malloc_(size: usize) -> *mut c_void; +// No-op defined purely for testing at the module level +use libc::c_char; + +use libc::c_void; +#[cfg(not(feature = "testing"))] +use std::{mem, ptr, slice}; + +// Define a no-op implementation for testing Rust modules without linking to C +#[cfg(feature = "testing")] +pub fn allocate_and_copy_string(s: &str) -> *mut c_char { + use std::ffi::CString; + CString::new(s).unwrap().into_raw() } // Defined only for tests, used for testing purposes, so that we don't need @@ -17,6 +22,11 @@ unsafe extern "C" fn tor_malloc_(size: usize) -> *mut c_void { malloc(size) } +#[cfg(all(not(test), not(feature = "testing")))] +extern "C" { + fn tor_malloc_(size: usize) -> *mut c_void; +} + /// Allocate memory using tor_malloc_ and copy an existing string into the /// allocated buffer, returning a pointer that can later be called in C. /// @@ -28,7 +38,8 @@ unsafe extern "C" fn tor_malloc_(size: usize) -> *mut c_void { /// /// A `*mut c_char` that should be freed by tor_free in C /// -pub fn allocate_and_copy_string(src: &String) -> *mut c_char { +#[cfg(not(feature = "testing"))] +pub fn allocate_and_copy_string(src: &str) -> *mut c_char { let bytes: &[u8] = src.as_bytes(); let size = mem::size_of_val::<[u8]>(bytes); @@ -61,16 +72,14 @@ mod test { #[test] fn test_allocate_and_copy_string_with_empty() { + use libc::{c_void, free}; use std::ffi::CStr; - use libc::{free, c_void}; use tor_allocate::allocate_and_copy_string; - let empty = String::new(); - let allocated_empty = allocate_and_copy_string(&empty); + let allocated_empty = allocate_and_copy_string(""); - let allocated_empty_rust = - unsafe { CStr::from_ptr(allocated_empty).to_str().unwrap() }; + let allocated_empty_rust = unsafe { CStr::from_ptr(allocated_empty).to_str().unwrap() }; assert_eq!("", allocated_empty_rust); @@ -79,16 +88,14 @@ mod test { #[test] fn test_allocate_and_copy_string_with_not_empty_string() { + use libc::{c_void, free}; use std::ffi::CStr; - use libc::{free, c_void}; use tor_allocate::allocate_and_copy_string; - let empty = String::from("foo bar biz"); - let allocated_empty = allocate_and_copy_string(&empty); + let allocated_empty = allocate_and_copy_string("foo bar biz"); - let allocated_empty_rust = - unsafe { CStr::from_ptr(allocated_empty).to_str().unwrap() }; + let allocated_empty_rust = unsafe { CStr::from_ptr(allocated_empty).to_str().unwrap() }; assert_eq!("foo bar biz", allocated_empty_rust); diff --git a/src/rust/tor_log/Cargo.toml b/src/rust/tor_log/Cargo.toml new file mode 100644 index 0000000000..1aa9be0612 --- /dev/null +++ b/src/rust/tor_log/Cargo.toml @@ -0,0 +1,22 @@ +[package] +name = "tor_log" +version = "0.1.0" +authors = ["The Tor Project"] + +[lib] +name = "tor_log" +path = "lib.rs" +crate_type = ["rlib", "staticlib"] + +[features] +# We have to define a feature here because doctests don't get cfg(test), +# and we need to disable some C dependencies when running the doctests +# because of the various linker issues. See +# https://github.com/rust-lang/rust/issues/45599 +test_linking_hack = [] + +[dependencies] +libc = "0.2.39" + +[dependencies.tor_allocate] +path = "../tor_allocate" diff --git a/src/rust/tor_log/lib.rs b/src/rust/tor_log/lib.rs new file mode 100644 index 0000000000..21855ae73b --- /dev/null +++ b/src/rust/tor_log/lib.rs @@ -0,0 +1,16 @@ +//! Copyright (c) 2016-2018, The Tor Project, Inc. */ +//! See LICENSE for licensing information */ + +//! Logging wrapper for Rust to utilize Tor's logger, found at +//! src/common/log.c and src/common/torlog.h +//! +//! Exposes different interfaces depending on whether we are running in test +//! or non-test mode. When testing, we use a no-op implementation, +//! otherwise we link directly to C. + +extern crate libc; +extern crate tor_allocate; + +mod tor_log; + +pub use tor_log::*; diff --git a/src/rust/tor_log/tor_log.rs b/src/rust/tor_log/tor_log.rs new file mode 100644 index 0000000000..5231d0c631 --- /dev/null +++ b/src/rust/tor_log/tor_log.rs @@ -0,0 +1,265 @@ +// Copyright (c) 2016-2018, The Tor Project, Inc. */ +// See LICENSE for licensing information */ + +// Note that these functions are untested due to the fact that there are no +// return variables to test and they are calling into a C API. + +/// The related domain which the logging message is relevant. For example, +/// log messages relevant to networking would use LogDomain::LdNet, whereas +/// general messages can use LdGeneral. +#[derive(Eq, PartialEq)] +pub enum LogDomain { + Net, + General, +} + +/// The severity level at which to log messages. +#[derive(Eq, PartialEq)] +pub enum LogSeverity { + Notice, + Warn, +} + +/// Main entry point for Rust modules to log messages. +/// +/// # Inputs +/// +/// * A `severity` of type LogSeverity, which defines the level of severity the +/// message will be logged. +/// * A `domain` of type LogDomain, which defines the domain the log message +/// will be associated with. +/// * A `function` of type &str, which defines the name of the function where +/// the message is being logged. There is a current RFC for a macro that +/// defines function names. When it is, we should use it. See +/// https://github.com/rust-lang/rfcs/pull/1719 +/// * A `message` of type &str, which is the log message itself. +#[macro_export] +macro_rules! tor_log_msg { + ($severity: path, + $domain: path, + $function: expr, + $($message:tt)*) => + { + { + let msg = format!($($message)*); + $crate::tor_log_msg_impl($severity, $domain, $function, msg) + } + }; +} + +#[inline] +pub fn tor_log_msg_impl(severity: LogSeverity, domain: LogDomain, function: &str, message: String) { + use std::ffi::CString; + + /// Default function name to log in case of errors when converting + /// a function name to a CString + const ERR_LOG_FUNCTION: &str = "tor_log_msg"; + + /// Default message to log in case of errors when converting a log + /// message to a CString + const ERR_LOG_MSG: &str = "Unable to log message from Rust \ + module due to error when converting to CString"; + + let func = match CString::new(function) { + Ok(n) => n, + Err(_) => CString::new(ERR_LOG_FUNCTION).unwrap(), + }; + + let msg = match CString::new(message) { + Ok(n) => n, + Err(_) => CString::new(ERR_LOG_MSG).unwrap(), + }; + + // Bind to a local variable to preserve ownership. This is essential so + // that ownership is guaranteed until these local variables go out of scope + let func_ptr = func.as_ptr(); + let msg_ptr = msg.as_ptr(); + + let c_severity = unsafe { log::translate_severity(severity) }; + let c_domain = unsafe { log::translate_domain(domain) }; + + unsafe { log::tor_log_string(c_severity, c_domain, func_ptr, msg_ptr) } +} + +/// This implementation is used when compiling for actual use, as opposed to +/// testing. +#[cfg(not(test))] +pub mod log { + use super::LogDomain; + use super::LogSeverity; + use libc::{c_char, c_int}; + + /// Severity log types. These mirror definitions in /src/common/torlog.h + /// C_RUST_COUPLED: src/common/log.c, log domain types + extern "C" { + static LOG_WARN_: c_int; + static LOG_NOTICE_: c_int; + } + + /// Domain log types. These mirror definitions in /src/common/torlog.h + /// C_RUST_COUPLED: src/common/log.c, log severity types + extern "C" { + static LD_NET_: u32; + static LD_GENERAL_: u32; + } + + /// Translate Rust defintions of log domain levels to C. This exposes a 1:1 + /// mapping between types. + #[inline] + pub unsafe fn translate_domain(domain: LogDomain) -> u32 { + match domain { + LogDomain::Net => LD_NET_, + LogDomain::General => LD_GENERAL_, + } + } + + /// Translate Rust defintions of log severity levels to C. This exposes a + /// 1:1 mapping between types. + #[inline] + pub unsafe fn translate_severity(severity: LogSeverity) -> c_int { + match severity { + LogSeverity::Warn => LOG_WARN_, + LogSeverity::Notice => LOG_NOTICE_, + } + } + + /// The main entry point into Tor's logger. When in non-test mode, this + /// will link directly with `tor_log_string` in torlog.c + extern "C" { + pub fn tor_log_string( + severity: c_int, + domain: u32, + function: *const c_char, + string: *const c_char, + ); + } +} + +/// This module exposes no-op functionality for testing other Rust modules +/// without linking to C. +#[cfg(test)] +pub mod log { + use super::LogDomain; + use super::LogSeverity; + use libc::{c_char, c_int}; + + pub static mut LAST_LOGGED_FUNCTION: *mut String = 0 as *mut String; + pub static mut LAST_LOGGED_MESSAGE: *mut String = 0 as *mut String; + + pub unsafe fn tor_log_string( + _severity: c_int, + _domain: u32, + function: *const c_char, + message: *const c_char, + ) { + use std::ffi::CStr; + + let f = CStr::from_ptr(function); + let fct = match f.to_str() { + Ok(n) => n, + Err(_) => "", + }; + LAST_LOGGED_FUNCTION = Box::into_raw(Box::new(String::from(fct))); + + let m = CStr::from_ptr(message); + let msg = match m.to_str() { + Ok(n) => n, + Err(_) => "", + }; + LAST_LOGGED_MESSAGE = Box::into_raw(Box::new(String::from(msg))); + } + + pub unsafe fn translate_domain(_domain: LogDomain) -> u32 { + 1 + } + + pub unsafe fn translate_severity(_severity: LogSeverity) -> c_int { + 1 + } +} + +#[cfg(test)] +mod test { + use tor_log::log::{LAST_LOGGED_FUNCTION, LAST_LOGGED_MESSAGE}; + use tor_log::*; + + #[test] + fn test_get_log_message() { + { + fn test_macro() { + tor_log_msg!( + LogSeverity::Warn, + LogDomain::Net, + "test_macro", + "test log message {}", + "a", + ); + } + + test_macro(); + + let function = unsafe { Box::from_raw(LAST_LOGGED_FUNCTION) }; + assert_eq!("test_macro", *function); + + let message = unsafe { Box::from_raw(LAST_LOGGED_MESSAGE) }; + assert_eq!("test log message a", *message); + } + + // test multiple inputs into the log message + { + fn test_macro() { + tor_log_msg!( + LogSeverity::Warn, + LogDomain::Net, + "next_test_macro", + "test log message {} {} {} {} {}", + 1, + 2, + 3, + 4, + 5 + ); + } + + test_macro(); + + let function = unsafe { Box::from_raw(LAST_LOGGED_FUNCTION) }; + assert_eq!("next_test_macro", *function); + + let message = unsafe { Box::from_raw(LAST_LOGGED_MESSAGE) }; + assert_eq!("test log message 1 2 3 4 5", *message); + } + + // test how a long log message will be formatted + { + fn test_macro() { + tor_log_msg!( + LogSeverity::Warn, + LogDomain::Net, + "test_macro", + "{}", + "All the world's a stage, and all the men and women \ + merely players: they have their exits and their \ + entrances; and one man in his time plays many parts, his \ + acts being seven ages." + ); + } + + test_macro(); + + let expected_string = "All the world's a \ + stage, and all the men \ + and women merely players: \ + they have their exits and \ + their entrances; and one man \ + in his time plays many parts, \ + his acts being seven ages."; + + let function = unsafe { Box::from_raw(LAST_LOGGED_FUNCTION) }; + assert_eq!("test_macro", *function); + + let message = unsafe { Box::from_raw(LAST_LOGGED_MESSAGE) }; + assert_eq!(expected_string, *message); + } + } +} diff --git a/src/rust/tor_rust/Cargo.toml b/src/rust/tor_rust/Cargo.toml index 86fad3ee76..1523ee0dd1 100644 --- a/src/rust/tor_rust/Cargo.toml +++ b/src/rust/tor_rust/Cargo.toml @@ -14,3 +14,9 @@ path = "../tor_util" [dependencies.protover] path = "../protover" +[features] +# We have to define a feature here because doctests don't get cfg(test), +# and we need to disable some C dependencies when running the doctests +# because of the various linker issues. See +# https://github.com/rust-lang/rust/issues/45599 +test_linking_hack = [] diff --git a/src/rust/tor_rust/include.am b/src/rust/tor_rust/include.am index 40511bf9f2..ce673abbee 100644 --- a/src/rust/tor_rust/include.am +++ b/src/rust/tor_rust/include.am @@ -4,23 +4,23 @@ EXTRA_DIST +=\ EXTRA_CARGO_OPTIONS= -src/rust/target/release/@TOR_RUST_STATIC_NAME@: FORCE +@TOR_RUST_LIB_PATH@: FORCE ( cd "$(abs_top_builddir)/src/rust" ; \ CARGO_TARGET_DIR="$(abs_top_builddir)/src/rust/target" \ $(CARGO) build --release $(EXTRA_CARGO_OPTIONS) \ - $(CARGO_ONLINE) \ - --manifest-path "$(abs_top_srcdir)/src/rust/tor_rust/Cargo.toml" ) + $(CARGO_ONLINE) \ + --manifest-path "$(abs_top_srcdir)/src/rust/tor_rust/Cargo.toml" ) distclean-rust: ( cd "$(abs_top_builddir)/src/rust" ; \ CARGO_TARGET_DIR="$(abs_top_builddir)/src/rust/target" \ $(CARGO) clean $(EXTRA_CARGO_OPTIONS) \ - $(CARGO_ONLINE) \ - --manifest-path "$(abs_top_srcdir)/src/rust/tor_rust/Cargo.toml" ) + $(CARGO_ONLINE) \ + --manifest-path "$(abs_top_srcdir)/src/rust/tor_rust/Cargo.toml" ) rm -rf "$(abs_top_builddir)/src/rust/registry" if USE_RUST -build-rust: src/rust/target/release/@TOR_RUST_STATIC_NAME@ +build-rust: @TOR_RUST_LIB_PATH@ else build-rust: endif diff --git a/src/rust/tor_rust/lib.rs b/src/rust/tor_rust/lib.rs index c1585c0480..18519f8497 100644 --- a/src/rust/tor_rust/lib.rs +++ b/src/rust/tor_rust/lib.rs @@ -1,5 +1,5 @@ -extern crate tor_util; extern crate protover; +extern crate tor_util; -pub use tor_util::*; pub use protover::*; +pub use tor_util::*; diff --git a/src/rust/tor_util/Cargo.toml b/src/rust/tor_util/Cargo.toml index b540d8c847..51e4bd9c5d 100644 --- a/src/rust/tor_util/Cargo.toml +++ b/src/rust/tor_util/Cargo.toml @@ -11,6 +11,15 @@ crate_type = ["rlib", "staticlib"] [dependencies.tor_allocate] path = "../tor_allocate" +[dependencies.tor_log] +path = "../tor_log" + [dependencies] libc = "=0.2.39" +[features] +# We have to define a feature here because doctests don't get cfg(test), +# and we need to disable some C dependencies when running the doctests +# because of the various linker issues. See +# https://github.com/rust-lang/rust/issues/45599 +test_linking_hack = [] diff --git a/src/rust/tor_util/ffi.rs b/src/rust/tor_util/ffi.rs index 5c3cdba4be..f015590178 100644 --- a/src/rust/tor_util/ffi.rs +++ b/src/rust/tor_util/ffi.rs @@ -1,12 +1,11 @@ -// Copyright (c) 2016-2017, The Tor Project, Inc. */ +// Copyright (c) 2016-2018, The Tor Project, Inc. */ // See LICENSE for licensing information */ //! FFI functions to announce Rust support during tor startup, only to be //! called from C. //! -use libc::c_char; -use tor_allocate::allocate_and_copy_string; +use tor_log::{LogDomain, LogSeverity}; /// Returns a short string to announce Rust support during startup. /// @@ -17,10 +16,12 @@ use tor_allocate::allocate_and_copy_string; /// tor_free(rust_str); /// ``` #[no_mangle] -pub extern "C" fn rust_welcome_string() -> *mut c_char { - let rust_welcome = String::from( +pub extern "C" fn rust_log_welcome_string() { + tor_log_msg!( + LogSeverity::Notice, + LogDomain::General, + "rust_log_welcome_string", "Tor is running with Rust integration. Please report \ - any bugs you encounter.", + any bugs you encounter." ); - allocate_and_copy_string(&rust_welcome) } diff --git a/src/rust/tor_util/lib.rs b/src/rust/tor_util/lib.rs index 12cb3896b6..4ce5fc9374 100644 --- a/src/rust/tor_util/lib.rs +++ b/src/rust/tor_util/lib.rs @@ -1,4 +1,4 @@ -// Copyright (c) 2016-2017, The Tor Project, Inc. */ +// Copyright (c) 2016-2018, The Tor Project, Inc. */ // See LICENSE for licensing information */ //! Small module to announce Rust support during startup for demonstration @@ -7,5 +7,8 @@ extern crate libc; extern crate tor_allocate; +#[macro_use] +extern crate tor_log; + pub mod ffi; pub mod strings; diff --git a/src/rust/tor_util/strings.rs b/src/rust/tor_util/strings.rs index 9321ce4f85..d64275e06b 100644 --- a/src/rust/tor_util/strings.rs +++ b/src/rust/tor_util/strings.rs @@ -1,82 +1,140 @@ -// Copyright (c) 2016-2017, The Tor Project, Inc. */ +// Copyright (c) 2016-2018, The Tor Project, Inc. */ // See LICENSE for licensing information */ //! Utilities for working with static strings. -use std::ffi::CStr; - -/// A byte-array containing a single NUL byte (`b"\0"`). -pub const NUL_BYTE: &'static [u8] = b"\0"; - -/// Determine if a byte slice is a C-like string. -/// -/// These checks guarantee that: -/// -/// 1. there are no intermediate NUL bytes -/// 2. the last byte *is* a NUL byte +/// Create a `CStr` from a literal byte slice, appending a NUL byte to it first. /// /// # Warning /// -/// This function does _not_ guarantee that the bytes represent any valid -/// encoding such as ASCII or UTF-8. +/// The literal byte slice which is taken as an argument *MUST NOT* have any NUL +/// bytes (`b"\0"`) in it, anywhere, or else an empty string will be returned +/// (`CStr::from_bytes_with_nul_unchecked(b"\0")`) so as to avoid `panic!()`ing. /// /// # Examples /// /// ``` -/// # use tor_util::strings::byte_slice_is_c_like; -/// # -/// let bytes: &[u8] = b"foo bar baz"; +/// #[macro_use] +/// extern crate tor_util; /// -/// assert!(byte_slice_is_c_like(&bytes) == false); +/// use std::ffi::CStr; /// -/// let bytes: &[u8] = b"foo\0bar baz"; +/// # fn do_test() -> Result<&'static CStr, &'static str> { +/// let message: &'static str = "This is a test of the tsunami warning system."; +/// let tuesday: &'static CStr; +/// let original: &str; /// -/// assert!(byte_slice_is_c_like(&bytes) == false); +/// tuesday = cstr!("This is a test of the tsunami warning system."); +/// original = tuesday.to_str().or(Err("Couldn't unwrap CStr!"))?; /// -/// let bytes: &[u8] = b"foo bar baz\0"; +/// assert!(original == message); +/// # +/// # Ok(tuesday) +/// # } +/// # fn main() { +/// # do_test(); // so that we can use the ? operator in the test +/// # } +/// ``` +/// It is also possible to pass several string literals to this macro. They +/// will be concatenated together in the order of the arguments, unmodified, +/// before finally being suffixed with a NUL byte: /// -/// assert!(byte_slice_is_c_like(&bytes) == true); /// ``` -pub fn byte_slice_is_c_like(bytes: &[u8]) -> bool { - if !bytes[..bytes.len() - 1].contains(&0x00) && bytes[bytes.len() - 1] == 0x00 { - return true; - } - false -} - -/// Get a static `CStr` containing a single `NUL_BYTE`. +/// #[macro_use] +/// extern crate tor_util; +/// # +/// # use std::ffi::CStr; +/// # +/// # fn do_test() -> Result<&'static CStr, &'static str> { /// -/// # Examples +/// let quux: &'static CStr = cstr!("foo", "bar", "baz"); +/// let orig: &'static str = quux.to_str().or(Err("Couldn't unwrap CStr!"))?; /// -/// When used as follows in a Rust FFI function, which could be called -/// from C: +/// assert!(orig == "foobarbaz"); +/// # Ok(quux) +/// # } +/// # fn main() { +/// # do_test(); // so that we can use the ? operator in the test +/// # } +/// ``` +/// This is useful for passing static strings to C from Rust FFI code. To do so +/// so, use the `.as_ptr()` method on the resulting `&'static CStr` to convert +/// it to the Rust equivalent of a C `const char*`: /// /// ``` -/// # extern crate libc; -/// # extern crate tor_util; -/// # -/// # use tor_util::strings::empty_static_cstr; -/// use libc::c_char; +/// #[macro_use] +/// extern crate tor_util; +/// /// use std::ffi::CStr; +/// use std::os::raw::c_char; /// -/// pub extern "C" fn give_c_code_an_empty_static_string() -> *const c_char { -/// let empty: &'static CStr = empty_static_cstr(); +/// pub extern "C" fn give_static_borrowed_string_to_c() -> *const c_char { +/// let hello: &'static CStr = cstr!("Hello, language my parents wrote."); /// -/// empty.as_ptr() +/// hello.as_ptr() /// } -/// /// # fn main() { -/// # give_c_code_an_empty_static_string(); +/// # let greetings = give_static_borrowed_string_to_c(); /// # } /// ``` +/// Note that the C code this static borrowed string is passed to *MUST NOT* +/// attempt to free the memory for the string. +/// +/// # Note +/// +/// An unfortunate limitation of the rustc compiler (as of 1.25.0-nightly), is +/// that the first example above compiles, but if we were to change the +/// assignment of `tuesday` as follows, it will fail to compile, because Rust +/// macros are expanded at parse time, and at parse time there is no symbol +/// table available. /// -/// This equates to an "empty" `const char*` static string in C. -pub fn empty_static_cstr() -> &'static CStr { - let empty: &'static CStr; +/// ```ignore +/// tuesday = cstr!(message); +/// ``` +/// with the error message `error: expected a literal`. +/// +/// # Returns +/// +/// If the string literals passed as arguments contain no NUL bytes anywhere, +/// then an `&'static CStr` containing the (concatenated) bytes of the string +/// literal(s) passed as arguments, with a NUL byte appended, is returned. +/// Otherwise, an `&'static CStr` containing a single NUL byte is returned (an +/// "empty" string in C). +#[macro_export] +macro_rules! cstr { + ($($bytes:expr),*) => ( + ::std::ffi::CStr::from_bytes_with_nul( + concat!($($bytes),*, "\0").as_bytes() + ).unwrap_or( + unsafe{ + ::std::ffi::CStr::from_bytes_with_nul_unchecked(b"\0") + } + ) + ) +} + +#[cfg(test)] +mod test { + use std::ffi::CStr; + + #[test] + fn cstr_macro() { + let _: &'static CStr = cstr!("boo"); + } + + #[test] + fn cstr_macro_multi_input() { + let quux: &'static CStr = cstr!("foo", "bar", "baz"); - unsafe { - empty = CStr::from_bytes_with_nul_unchecked(NUL_BYTE); + assert!(quux.to_str().unwrap() == "foobarbaz"); } - empty + #[test] + fn cstr_macro_bad_input() { + let waving: &'static CStr = cstr!("waving not drowning o/"); + let drowning: &'static CStr = cstr!("\0 drowning not waving"); + + assert!(waving.to_str().unwrap() == "waving not drowning o/"); + assert!(drowning.to_str().unwrap() == "") + } } |