Add initial pristine commit of roughenough 1.1.8 (#1035)

project-oak · May 28, 2020 · 8188216 · 8188216
1 parent 039799c
commit 8188216
Show file tree

Hide file tree

Showing 37 changed files with 5,640 additions and 0 deletions.
diff --git a/third_party/roughenough/.drone.yml b/third_party/roughenough/.drone.yml
@@ -0,0 +1,40 @@
+---
+kind: pipeline
+name: build
+
+steps:
+  # Make sure image builds
+  - name: build
+    image: plugins/docker
+
+trigger:
+  ref:
+    exclude:
+      - refs/tags/v*
+
+---
+kind: pipeline
+name: release
+
+steps:
+  # Release image to DockerHub
+  - name: release
+    image: plugins/docker
+    settings:
+      repo: int08h/roughenough
+      tags:
+        - ${DRONE_TAG}
+      username:
+        from_secret: docker-username
+      password:
+        from_secret: docker-password
+    when:
+      ref:
+        - refs/tags/v*
+
+trigger:
+  event:
+    - tag
+  ref:
+    - refs/tags/v*
+
diff --git a/third_party/roughenough/.gitignore b/third_party/roughenough/.gitignore
@@ -0,0 +1,7 @@
+Cargo.lock
+target/
+*.rs.bk
+example-kms.cfg
+example-gcp.cfg
+creds.json
+.idea/
diff --git a/third_party/roughenough/.travis.yml b/third_party/roughenough/.travis.yml
@@ -0,0 +1,19 @@
+language: rust
+cache: cargo
+rust:
+  - stable
+  - nightly
+
+env:
+  - FEATURE=default
+  - FEATURE=awskms
+  - FEATURE=gcpkms
+
+matrix:
+  allow_failures:
+    - rust: nightly
+  fast_finish: true
+
+script:
+  - travis_wait cargo build --verbose --features $FEATURE
+  - travis_wait cargo test --verbose --features $FEATURE
diff --git a/third_party/roughenough/CHANGELOG.md b/third_party/roughenough/CHANGELOG.md
@@ -0,0 +1,109 @@
+## Version 1.1.8
+
+New feature:
+* 407f12d client: output local time by default, add -z/--zulu for UTC 
+
+Housekeeping:
+* 02212e2 Switch to std::time and drop use of 'time' crate 
+* d42db50 Upgrade several dependencies to latest versions 
+* e13d6fd Remove deprecated `std::error::Error::description` calls 
+* 32f11aa Update Dockerfile to Rust 1.42 
+
+## Version 1.1.7
+
+* Improved options for client output thanks to @zicklag (f1f834e8c).
+
+  By default the client now outputs just the time reported by the queried server. 
+  The `-v` or `--verbose` flag will print additional information such as the response's 
+  midpoint and radius. `-j` or `--json` outputs responses in JSON format instead.
+
+  Non-response text output is written to standard error to enable verbose output 
+  while redirecting the response(s) to a file or pipe like so:
+
+  ```
+  $ roughenough-client -v roughtime.int08h.com 2002 > time.txt
+  Requesting time from: "roughtime.int08h.com":2002
+  Received time from server: midpoint="Oct 08 2019 18:40:38", radius=1000000, verified=No (merkle_index=0)
+  
+  $ cat time.txt
+  Oct 08 2019 18:40:38
+  ```
+
+## Version 1.1.6
+
+* Fix several Clippy items (266f1adc9) 
+* Update to latest Rusoto (6ff01af52)
+* Update to latest google-cloudkms (a0165c019)
+* Update Dockerfile to Rust 1.38 (a14c2e8)
+
+## Version 1.1.5
+
+* Improved error messages (3841942)
+* Update fuzzer server target to sync with roughenough-fuzz
+* Add Dockerfile to create a server container
+
+## Version 1.1.4
+
+* Implement Roughtime ecosystem response mangling (177372f, f851deb)
+* Doc fix from @Muncan90 (20ba144)
+
+## Version 1.1.3
+
+* Add decrypt option to `roughenough-kms` 
+
+## Version 1.1.2 
+
+* Add client request statistics tracking.
+* Clean-up and simplification of server inner loop.
+* Rust 2018 edition required to compile.
+
+## Version 1.1.1
+
+* Provide auxiliary data to the AWS KMS decryption call. The auxiliary data _was_ provided in encrypt, but not decrypt, resulting in unconditional failure when unwrapping the long-term identity. See https://github.com/int08h/roughenough/commit/846128d08bd3fcd72f23b3123b332d0692782e41#diff-7f7c3059af30a5ded26269301caf8531R102
+
+## Version 1.1.0
+
+* Optional HTTP health check (requested in #8), see the
+  [feature's documentation](https://github.com/int08h/roughenough/blob/master/doc/OPTIONAL-FEATURES.md#http-health-check)
+* Support AWS and Google Key Management Systems (KMS) to protect the server's long-term key.
+  See the [KMS documentation](https://github.com/int08h/roughenough/blob/master/doc/OPTIONAL-FEATURES.md#key-management-system-kms-support).
+* Numerous refactorings and clean ups to support fuzzing of 
+  server components (b801eda, thanks to @Aaron1011)
+
+## Version 1.0.6
+
+* As pointed out in #10, the client and server binary names were too generic. Rename 
+  them to be packaging friendly. Thank you @grempe. (b43bcb27ad)
+
+## Version 1.0.5
+
+* The server now supports configuration from 
+  [environment variables](https://github.com/int08h/roughenough#server-configuration)
+
+## Version 1.0.4
+
+* Update `untrusted` dependency to incorporate security fix (see https://github.com/RustSec/advisory-db/pull/24). 
+  Fixes #6 reported by @tirkarthi (383b0347).
+
+## Release 1.0.3
+
+* Limit the number of tags in a message to 1024 (0b8c965)
+
+## Release 1.0.2
+
+* Merge input validation and error handling improvements from #5. Fuzzing FTW.
+* Misc docstring and README updates
+* Fix incorrect range-check introduced in 9656fda and released as 1.0.1.
+
+## Release 1.0.1 (yanked)
+
+* Release 1.0.1 was removed from Github and yanked from crates.io due to a range-check bug. 
+  1.0.2 is its replacement. 
+
+## Release 1.0.0
+
+Thanks to @Aaron1011's work, Roughenough has 1.0 level of functionality.
+
+* Server batches responses and signs Merkle tree root (3471e04, ee38933f, and 31bf8b3)
+* `mio` error handling improvement (613fb01f)
+* Build on Rust Nightly (350b23a)
diff --git a/third_party/roughenough/CONTRIBUTING.md b/third_party/roughenough/CONTRIBUTING.md
@@ -0,0 +1,72 @@
+# Contributing to Roughenough
+
+Do you enjoy working on obscure cryptographically secure time synchronization protocols? 
+
+:+1::tada: nice, me too!
+
+# Contribute via Pull Requests
+
+Please open a pull request (PR) for your changes and include:
+
+* An overall description/rationale of the PR
+* Tests for any new or modified functionality
+* Code formatted with `rustfmt` default style settings 
+* License (Apache 2.0) and copyright statements for your code
+* A Developer Certificate of Origin (DCO) sign-off as described below
+* A willingness to iterate and make changes ;)
+
+`Roughenough` targets **stable Rust** only. Contributions that don't compile
+on `stable` will be declined. Sorry.
+
+# Developer Certificate of Origin
+
+To provide assurance of the provenance and integrity of contributions 
+Roughenough uses the [Developer Certificate of Origin](https://developercertificate.org/)
+created by the Linux Foundation instead of lengthy Contributor License 
+Agreements (CLAs). 
+
+Please include *verbatim* and *unchanged* the full DCO statement 
+below with your PR:
+
+```
+Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+1 Letterman Drive
+Suite D4700
+San Francisco, CA, 94129
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.
+```
+
+# Thanks In Advance for Helping Roughenough!
+
+Stuart @int08h
diff --git a/third_party/roughenough/Cargo.toml b/third_party/roughenough/Cargo.toml
@@ -0,0 +1,58 @@
+[package]
+name = "roughenough"
+version = "1.1.8"
+repository = "https://github.com/int08h/roughenough"
+authors = ["Stuart Stock <stuart@int08h.com>", "Aaron Hill <aa1ronham@gmail.com>"]
+license = "Apache-2.0"
+description = "A Roughtime secure time sync server and client written in Rust"
+readme = "README.md"
+keywords = ["roughtime", "cryptography", "crypto"]
+edition = "2018"
+
+[badges]
+travis-ci = { repository = "int08h/roughenough", branch = "master" }
+
+[features]
+default = []
+awskms = ["rusoto_core", "rusoto_kms"]
+gcpkms = ["google-cloudkms1", "hyper", "hyper-rustls", "serde", "serde_json", "yup-oauth2"]
+
+[dependencies]
+base64 = "0.12"
+byteorder = "1"
+bytes = "0.4"
+chrono = "0.4"
+clap = "2"
+ctrlc = { version = "3.1", features = ["termination"] }
+hex = "0.4"
+humansize = "1.0"
+log = "0.4"
+mio = "0.6"
+mio-extras = "2.0"
+rand = "0.6"
+ring = "0.13"
+simple_logger = "1"
+untrusted = "0.6"
+yaml-rust = "0.4"
+
+# Used by 'awskms'
+rusoto_core = { version = "0.42", optional = true }
+rusoto_kms = { version = "0.42", optional = true }
+
+# Used by 'gcpkms'
+# google-cloudkms1 intentionally uses an old version of Hyper. See
+# https://github.com/Byron/google-apis-rs/issues/173 for more information.
+# Exact build date '1.0.10+20190626' not included to avoid Cargo warning 'semver metadata ignored'
+google-cloudkms1 = { version = "1.0.12", optional = true }
+hyper = { version = "^0.10", optional = true }
+hyper-rustls = { version = "^0.6", optional = true }
+serde = { version = "^1.0", optional = true }
+serde_json = { version = "^1.0", optional = true }
+yup-oauth2 = { version = "^1.0", optional = true }
+
+[dev-dependencies]
+criterion = "0.3"
+
+[[bench]]
+name = "roughenough-bench"
+harness = false
diff --git a/third_party/roughenough/Dockerfile b/third_party/roughenough/Dockerfile
@@ -0,0 +1,47 @@
+#
+# Example multi-stage docker build for running a Roughenough server
+#
+
+# Stage 1: build
+
+FROM rust:1.42 AS stage1
+
+ARG ROUGHENOUGH_RELEASE=1.1.7
+ARG ROUGHENOUGH_FEATURES="default" 
+# Uncomment and replace above if you want KMS support
+#ARG ROUGHENOUGH_FEATURES="awskms"
+#ARG ROUGHENOUGH_FEATURES="gcpkms"
+
+RUN git clone -b ${ROUGHENOUGH_RELEASE} https://github.com/int08h/roughenough.git \
+    && cd /roughenough \ 
+    && cargo build --release --features ${ROUGHENOUGH_FEATURES}
+
+# Stage 2: runtime image
+
+FROM gcr.io/distroless/cc
+
+WORKDIR /roughenough
+
+COPY --from=stage1 /roughenough/target/release/roughenough-server /roughenough
+
+# Produce backtraces in case of a panic
+ENV RUST_BACKTRACE 1
+
+# Configure Roughenough via environment variables
+ENV ROUGHENOUGH_PORT 2002
+ENV ROUGHENOUGH_INTERFACE 127.0.0.1
+ENV ROUGHENOUGH_SEED 111111111aaaaaaaaa222222222bbbbbbbbb333333333ccccccccc4444444444
+
+# Alternatively Roughenough can use a config file
+# COPY roughenough.cfg /roughenough
+
+# How to provide credentials when using GCP KMS
+# COPY gcp-creds.json /roughenough
+# ENV GOOGLE_APPLICATION_CREDENTIALS /roughenough/creds.json
+
+EXPOSE 2002/udp 
+
+CMD ["/roughenough/roughenough-server", "ENV"]
+
+# Or if using a config file
+#CMD ["/roughenough/roughenough-server", "/roughenough/roughenough.cfg"]