Compare commits
11 Commits
d2154ade95
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| f7720356f3 | |||
| dd6fb23a9e | |||
| f243b7b95c | |||
| 7e45cd719e | |||
| 5757ed1140 | |||
| bfb77a8368 | |||
| 081cac7074 | |||
| 32d799a5e8 | |||
| 13f852bd20 | |||
| a8ab06df98 | |||
| f50bd5ea91 |
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1,2 +1,3 @@
|
||||
/target
|
||||
result
|
||||
.direnv
|
||||
|
||||
15
default.nix
15
default.nix
@@ -1,14 +1,7 @@
|
||||
{ pkgs ? import <nixpkgs> { } }:
|
||||
{ pkgs ? import <nixpkgs> { }
|
||||
, agent
|
||||
}:
|
||||
with pkgs;
|
||||
let
|
||||
agent_src = fetchgit {
|
||||
url = "https://gitea.rixxc.de/rixxc/x25519_agent.git";
|
||||
rev = "36ae72a8d90d94b5b0d1fd01adf50a33edd80e80";
|
||||
hash = "sha256-SxXZ/1CRi4J6Neq1uXIbue0bFa8WzdXPBnoXCjekOy8=";
|
||||
};
|
||||
|
||||
agent = callPackage "${agent_src}/default.nix" { };
|
||||
in
|
||||
rustPlatform.buildRustPackage {
|
||||
name = "agent-harness";
|
||||
src = nix-gitignore.gitignoreSource [ ] ./.;
|
||||
@@ -17,5 +10,5 @@ rustPlatform.buildRustPackage {
|
||||
|
||||
buildInputs = [ agent ];
|
||||
|
||||
cargoSha256 = "sha256-ZgwQr1goz9yPws0P1eQwhHEv2WbcJeTCLEPYOUADOtE=";
|
||||
cargoHash = "sha256-ZgwQr1goz9yPws0P1eQwhHEv2WbcJeTCLEPYOUADOtE=";
|
||||
}
|
||||
|
||||
48
src/main.rs
48
src/main.rs
@@ -1,18 +1,36 @@
|
||||
use libc::{
|
||||
c_char, c_int, c_void, mmap, perror, MAP_FAILED, MAP_PRIVATE, MAP_SHARED, PROT_READ, PROT_WRITE,
|
||||
c_int, c_void, mlockall, mmap, prctl, MAP_FAILED, MAP_SHARED, MCL_FUTURE, PROT_READ,
|
||||
PROT_WRITE, PR_SET_DUMPABLE, PR_SET_SPECULATION_CTRL, PR_SPEC_FORCE_DISABLE,
|
||||
PR_SPEC_STORE_BYPASS,
|
||||
};
|
||||
use std::fs::File;
|
||||
use std::os::fd::AsRawFd;
|
||||
use std::{env, ptr};
|
||||
|
||||
const SHARED_MEMORY_SIZE: usize = 1024;
|
||||
const SHARED_MEMORY_SIZE: usize = 1024 * 1024;
|
||||
|
||||
#[link(name = "agent")]
|
||||
extern "C" {
|
||||
fn agent_start(shared_memory: *mut u8, sync_memory: *mut u8, private_mem: *mut u8);
|
||||
fn agent_start(shared_memory: *mut u8, sync_memory: *mut u8, private_mem_fd: u64);
|
||||
}
|
||||
|
||||
fn main() {
|
||||
unsafe {
|
||||
assert!(
|
||||
prctl(
|
||||
PR_SET_SPECULATION_CTRL,
|
||||
PR_SPEC_STORE_BYPASS,
|
||||
PR_SPEC_FORCE_DISABLE,
|
||||
0,
|
||||
0,
|
||||
) >= 0,
|
||||
);
|
||||
}
|
||||
|
||||
unsafe {
|
||||
assert!(prctl(PR_SET_DUMPABLE, 0) == 0);
|
||||
}
|
||||
|
||||
let args: Vec<String> = env::args().collect();
|
||||
|
||||
let shared_fd: c_int = args[0]
|
||||
@@ -21,7 +39,7 @@ fn main() {
|
||||
|
||||
let sync_fd: c_int = args[1]
|
||||
.parse()
|
||||
.expect("Please provide a valid file descriptor as first argument");
|
||||
.expect("Please provide a valid file descriptor as second argument");
|
||||
|
||||
let shared_memory = unsafe {
|
||||
mmap(
|
||||
@@ -53,19 +71,17 @@ fn main() {
|
||||
.open(&args[2])
|
||||
.expect("Cannot open KEY_FILE");
|
||||
|
||||
let private_mem = unsafe {
|
||||
mmap(
|
||||
ptr::null_mut() as *mut c_void,
|
||||
32 * 100,
|
||||
PROT_READ | PROT_WRITE,
|
||||
MAP_SHARED,
|
||||
private_file.as_raw_fd(),
|
||||
0,
|
||||
)
|
||||
} as *mut u8;
|
||||
assert_ne!(private_mem, MAP_FAILED as *mut u8);
|
||||
unsafe {
|
||||
assert!(mlockall(MCL_FUTURE) == 0);
|
||||
}
|
||||
|
||||
unsafe {
|
||||
agent_start(shared_memory, sync_memory, private_mem);
|
||||
agent_start(
|
||||
shared_memory,
|
||||
sync_memory,
|
||||
private_file.as_raw_fd().try_into().unwrap(),
|
||||
);
|
||||
}
|
||||
|
||||
drop(private_file); // don't drop (and close) private file before here
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user