rixxc/agent_lib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync changes from artifact

Browse Source
This commit is contained in:
Aaron Kaiser
2025-02-25 17:26:25 +01:00
parent d770fd2641
commit 68ff86b8c6
6 changed files with 79 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Cargo.lock generated
View File

@@ -26,7 +26,6 @@ checksum = "561d97a539a36e26a9a5fad1ea11a3039a67714694aaa379433e580854bc3dc5"
[[package]] [[package]]
name = "shared_memory_heap" name = "shared_memory_heap"
version = "0.1.0" version = "0.1.0"
source = "git+https://gitea.rixxc.de/rixxc/shared_memory_heap.git#7f46573218dc46417608a700a6146950dfea1442"
dependencies = [ dependencies = [
"libc", "libc",
] ]

2
Cargo.toml
View File

@@ -8,4 +8,4 @@ edition = "2021"
[dependencies] [dependencies]
anyhow = "1.0.82" anyhow = "1.0.82"
libc = "0.2.153" libc = "0.2.153"
shared_memory_heap = { git = "https://gitea.rixxc.de/rixxc/shared_memory_heap.git" } shared_memory_heap = { path = "../shared_memory_heap" }

27
src/agent.rs
View File

@@ -1,7 +1,8 @@
use anyhow::{bail, Result}; use anyhow::{bail, Result};
use libc::{ use libc::{
c_char, c_void, execve, fork, ftruncate, memfd_create, mmap, perror, syscall, SYS_futex, c_char, c_void, close, execve, fcntl, fork, ftruncate, memfd_create, mmap, perror, syscall,
FUTEX_WAIT, FUTEX_WAKE, MAP_FAILED, MAP_SHARED, PROT_READ, PROT_WRITE, SYS_futex, FUTEX_WAIT, FUTEX_WAKE, F_ADD_SEALS, F_SEAL_FUTURE_WRITE, MAP_FAILED, MAP_SHARED,
MFD_ALLOW_SEALING, PROT_READ, PROT_WRITE,
}; };
use shared_memory_heap::get_shared_mem_fd; use shared_memory_heap::get_shared_mem_fd;
use std::{ffi::CString, path::Path, ptr, usize}; use std::{ffi::CString, path::Path, ptr, usize};
@@ -15,7 +16,7 @@ unsafe impl Send for Agent {}
impl Agent { impl Agent {
pub(crate) unsafe fn new(agent_path: &Path, keyfile_path: &Path) -> Result<Self> { pub(crate) unsafe fn new(agent_path: &Path, keyfile_path: &Path) -> Result<Self> {
let data_fd = get_shared_mem_fd(); let data_fd = get_shared_mem_fd();
let sync_fd = memfd_create("sync\x00".as_ptr() as *const c_char, 0); let sync_fd = memfd_create("sync\x00".as_ptr() as *const c_char, MFD_ALLOW_SEALING);
if sync_fd <= 0 { if sync_fd <= 0 {
bail!("creating memfd failed"); bail!("creating memfd failed");
@@ -35,6 +36,8 @@ impl Agent {
0, 0,
) as *mut usize; ) as *mut usize;
fcntl(sync_fd, F_ADD_SEALS, F_SEAL_FUTURE_WRITE);
if sync_mem == MAP_FAILED as *mut usize { if sync_mem == MAP_FAILED as *mut usize {
bail!("mmap failed"); bail!("mmap failed");
} }
@@ -46,18 +49,22 @@ impl Agent {
if child == 0 { if child == 0 {
// child // child
close(0);
close(1);
close(2);
let path = CString::new(agent_path.as_os_str().as_encoded_bytes()).unwrap(); let path = CString::new(agent_path.as_os_str().as_encoded_bytes()).unwrap();
let data_fd = CString::new(data_fd.to_string()).unwrap(); let data_fd = CString::new(data_fd.to_string()).unwrap();
let sync_fd = CString::new(sync_fd.to_string()).unwrap(); let sync_fd = CString::new(sync_fd.to_string()).unwrap();
let keyfile = CString::new(keyfile_path.as_os_str().as_encoded_bytes()).unwrap(); let keyfile = CString::new(keyfile_path.as_os_str().as_encoded_bytes()).unwrap();
let args = [data_fd.as_ptr(), sync_fd.as_ptr(), keyfile.as_ptr(), ptr::null()]; let args = [
data_fd.as_ptr(),
sync_fd.as_ptr(),
execve( keyfile.as_ptr(),
path.as_ptr() as *const c_char,
args.as_ptr(),
ptr::null(), ptr::null(),
); ];
execve(path.as_ptr() as *const c_char, args.as_ptr(), ptr::null());
perror("execve:\x00".as_ptr() as *const c_char); perror("execve:\x00".as_ptr() as *const c_char);

57
src/ed25519.rs
View File

@@ -2,14 +2,25 @@ pub use shared_memory_heap::sharedptr::SharedPtr;
use crate::agent::Agent; use crate::agent::Agent;
use std::{ use std::{
ops::Deref, path::Path, sync::{LazyLock, Mutex} ops::Deref,
path::Path,
sync::{LazyLock, Mutex},
}; };
static ED25519AGENT: LazyLock<Mutex<Agent>> = LazyLock::new(|| { static ED25519AGENT: LazyLock<Vec<Mutex<Agent>>> = LazyLock::new(|| {
let agent_path = std::env::var("ED25519_AGENT_PATH").expect("ED25519_AGENT_PATH environment variable missing"); let agent_path = std::env::var("ED25519_AGENT_PATH")
let keyfile_path = std::env::var("ED25519_KEYFILE").expect("Ed25519_KEYFILE environment variable missing"); .expect("ED25519_AGENT_PATH environment variable missing");
let agent = unsafe { Agent::new(Path::new(&agent_path), Path::new(&keyfile_path)).expect("Agent failed to start") }; let keyfile_path =
Mutex::new(agent) std::env::var("ED25519_KEYFILE").expect("Ed25519_KEYFILE environment variable missing");
let mut agents = Vec::with_capacity(5);
for _ in 0..5 {
let agent = unsafe {
Agent::new(Path::new(&agent_path), Path::new(&keyfile_path))
.expect("Agent failed to start")
};
agents.push(Mutex::new(agent));
}
agents
}); });
#[derive(Debug)] #[derive(Debug)]
@@ -63,23 +74,51 @@ pub fn ed25519_keygen() -> (Ed25519PrivKey, Ed25519PubKey) {
let sk = Ed25519PrivKey(SharedPtr::new(8).unwrap()); let sk = Ed25519PrivKey(SharedPtr::new(8).unwrap());
let pk = Ed25519PubKey(SharedPtr::new(32).unwrap()); let pk = Ed25519PubKey(SharedPtr::new(32).unwrap());
let mut agent = ED25519AGENT.lock().unwrap(); let mut agent = None;
while agent.is_none() {
agent = ED25519AGENT
.iter()
.map(|agent| agent.try_lock())
.filter(|agent| agent.is_ok())
.next();
}
let mut agent = agent.unwrap().unwrap();
unsafe { unsafe {
agent.perform_ipc_call(0, &[sk.0.get_offset(), pk.0.get_offset()]); agent.perform_ipc_call(0, &[sk.0.get_offset(), pk.0.get_offset()]);
} }
drop(agent);
(sk, pk) (sk, pk)
} }
pub fn ed25519_sign(sk: &Ed25519PrivKey, msg: &SharedPtr) -> Ed25519Signature { pub fn ed25519_sign(sk: &Ed25519PrivKey, msg: &SharedPtr) -> Ed25519Signature {
let sig = Ed25519Signature(SharedPtr::new(64).unwrap()); let sig = Ed25519Signature(SharedPtr::new(64).unwrap());
let mut agent = ED25519AGENT.lock().unwrap(); let mut agent = None;
while agent.is_none() {
agent = ED25519AGENT
.iter()
.map(|agent| agent.try_lock())
.filter(|agent| agent.is_ok())
.next();
}
let mut agent = agent.unwrap().unwrap();
unsafe { unsafe {
agent.perform_ipc_call(1, &[sk.0.get_offset(), msg.get_offset(), msg.get_size(), sig.0.get_offset()]); agent.perform_ipc_call(
1,
&[
sk.0.get_offset(),
msg.get_offset(),
msg.get_size(),
sig.0.get_offset(),
],
);
} }
drop(agent);
sig sig
} }

6
src/mlkem.rs
View File

@@ -79,6 +79,8 @@ pub fn mlkem_keygen() -> (MLKEMPrivKey, MLKEMPubKey) {
agent.perform_ipc_call(0, &[sk.0.get_offset(), pk.0.get_offset()]); agent.perform_ipc_call(0, &[sk.0.get_offset(), pk.0.get_offset()]);
} }
drop(agent);
(sk, pk) (sk, pk)
} }
@@ -92,6 +94,8 @@ pub fn mlkem_encap(pk: &MLKEMPubKey) -> (MLKEMCiphertext, MLKEMSharedKey) {
agent.perform_ipc_call(1, &[ct.0.get_offset(), ss.0.get_offset(), pk.0.get_offset()]); agent.perform_ipc_call(1, &[ct.0.get_offset(), ss.0.get_offset(), pk.0.get_offset()]);
} }
drop(agent);
(ct, ss) (ct, ss)
} }
@@ -104,5 +108,7 @@ pub fn mlkem_decap(ct: &MLKEMCiphertext, sk: &MLKEMPrivKey) -> MLKEMSharedKey {
agent.perform_ipc_call(2, &[ss.0.get_offset(), ct.0.get_offset(), sk.0.get_offset()]); agent.perform_ipc_call(2, &[ss.0.get_offset(), ct.0.get_offset(), sk.0.get_offset()]);
} }
drop(agent);
ss ss
} }

6
src/x25519.rs
View File

@@ -69,6 +69,8 @@ pub fn x25519_keygen() -> (X25519PrivKey, X25519PubKey) {
agent.perform_ipc_call(0, &[sk.0.get_offset(), pk.0.get_offset()]); agent.perform_ipc_call(0, &[sk.0.get_offset(), pk.0.get_offset()]);
} }
drop(agent);
(sk, pk) (sk, pk)
} }
@@ -81,6 +83,8 @@ pub fn x22519_pubkey(sk: &X25519PrivKey) -> X25519PubKey {
agent.perform_ipc_call(1, &[sk.0.get_offset(), pk.0.get_offset()]); agent.perform_ipc_call(1, &[sk.0.get_offset(), pk.0.get_offset()]);
} }
drop(agent);
pk pk
} }
@@ -93,5 +97,7 @@ pub fn x25519(sk: &X25519PrivKey, pk: &X25519PubKey) -> X25519SharedKey {
agent.perform_ipc_call(2, &[out.0.get_offset(), sk.0.get_offset(), pk.0.get_offset()]); agent.perform_ipc_call(2, &[out.0.get_offset(), sk.0.get_offset(), pk.0.get_offset()]);
} }
drop(agent);
out out
} }