don't seal sync_mem

get shared_memory_heap from git repository
Make number of spawned ed25519 agent configurable through environment variables
2025-10-27 10:15:55 +01:00 · 2025-10-23 18:20:47 +02:00 · 2025-05-14 11:27:58 +02:00 · 2025-05-14 11:23:23 +02:00 · 2025-04-07 12:06:59 +02:00 · 2025-04-04 13:10:45 +02:00
6 changed files with 83 additions and 25 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1,6 +1,6 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 3
+version = 4
 [[package]]
 name = "agent_lib"
@@ -26,7 +26,7 @@ checksum = "561d97a539a36e26a9a5fad1ea11a3039a67714694aaa379433e580854bc3dc5"
 [[package]]
 name = "shared_memory_heap"
 version = "0.1.0"
-source = "git+https://gitea.rixxc.de/rixxc/shared_memory_heap.git#7f46573218dc46417608a700a6146950dfea1442"
+source = "git+https://gitea.rixxc.de/rixxc/shared_memory_heap.git#ef9bcc94fb04d7191514a249c78d608d2f7cb9a6"
 dependencies = [
 "libc",
 ]
--- a/src/agent.rs
+++ b/src/agent.rs
@@ -1,7 +1,8 @@
 use anyhow::{bail, Result};
 use libc::{
-    c_char, c_void, execve, fork, ftruncate, memfd_create, mmap, perror, syscall, SYS_futex,
+    c_char, c_void, close, execve, fcntl, fork, ftruncate, memfd_create, mmap, perror, syscall,
-    FUTEX_WAIT, FUTEX_WAKE, MAP_FAILED, MAP_SHARED, PROT_READ, PROT_WRITE,
+    SYS_futex, FUTEX_WAIT, FUTEX_WAKE, F_ADD_SEALS, F_SEAL_FUTURE_WRITE, MAP_FAILED, MAP_SHARED,
    MFD_ALLOW_SEALING, PROT_READ, PROT_WRITE,
 };
 use shared_memory_heap::get_shared_mem_fd;
 use std::{ffi::CString, path::Path, ptr, usize};
@@ -46,18 +47,22 @@ impl Agent {
        if child == 0 {
            // child
            close(0);
            close(1);
            close(2);
            let path = CString::new(agent_path.as_os_str().as_encoded_bytes()).unwrap();
            let data_fd = CString::new(data_fd.to_string()).unwrap();
            let sync_fd = CString::new(sync_fd.to_string()).unwrap();
            let keyfile = CString::new(keyfile_path.as_os_str().as_encoded_bytes()).unwrap();
-            let args = [data_fd.as_ptr(), sync_fd.as_ptr(), keyfile.as_ptr(), ptr::null()];
+            let args = [
-
+                data_fd.as_ptr(),
-
+                sync_fd.as_ptr(),
-            execve(
+                keyfile.as_ptr(),
                path.as_ptr() as *const c_char,
                args.as_ptr(),
                ptr::null(),
-            );
+            ];
            execve(path.as_ptr() as *const c_char, args.as_ptr(), ptr::null());
            perror("execve:\x00".as_ptr() as *const c_char);
--- a/src/ed25519.rs
+++ b/src/ed25519.rs
@@ -2,14 +2,29 @@ pub use shared_memory_heap::sharedptr::SharedPtr;
 use crate::agent::Agent;
 use std::{
-    ops::Deref, path::Path, sync::{LazyLock, Mutex}
+    ops::Deref,
    path::Path,
    sync::{LazyLock, Mutex},
 };
-static ED25519AGENT: LazyLock<Mutex<Agent>> = LazyLock::new(|| {
+static ED25519AGENT: LazyLock<Vec<Mutex<Agent>>> = LazyLock::new(|| {
-    let agent_path = std::env::var("ED25519_AGENT_PATH").expect("ED25519_AGENT_PATH environment variable missing");
+    let agent_path = std::env::var("ED25519_AGENT_PATH")
-    let keyfile_path = std::env::var("ED25519_KEYFILE").expect("Ed25519_KEYFILE environment variable missing");
+        .expect("ED25519_AGENT_PATH environment variable missing");
-    let agent = unsafe { Agent::new(Path::new(&agent_path), Path::new(&keyfile_path)).expect("Agent failed to start") };
+    let keyfile_path =
-    Mutex::new(agent)
+        std::env::var("ED25519_KEYFILE").expect("Ed25519_KEYFILE environment variable missing");
    let num_agents: usize = std::env::var("NUM_AGENTS")
        .expect("NUM_AGENTS environment variable missing")
        .parse()
        .expect("NUM_AGENTS should be an integer");
    let mut agents = Vec::with_capacity(num_agents);
    for _ in 0..num_agents {
        let agent = unsafe {
            Agent::new(Path::new(&agent_path), Path::new(&keyfile_path))
                .expect("Agent failed to start")
        };
        agents.push(Mutex::new(agent));
    }
    agents
 });
 #[derive(Debug)]
@@ -63,23 +78,51 @@ pub fn ed25519_keygen() -> (Ed25519PrivKey, Ed25519PubKey) {
    let sk = Ed25519PrivKey(SharedPtr::new(8).unwrap());
    let pk = Ed25519PubKey(SharedPtr::new(32).unwrap());
-    let mut agent = ED25519AGENT.lock().unwrap();
+    let mut agent = None;
    while agent.is_none() {
        agent = ED25519AGENT
            .iter()
            .map(|agent| agent.try_lock())
            .filter(|agent| agent.is_ok())
            .next();
    }
    let mut agent = agent.unwrap().unwrap();
    unsafe {
        agent.perform_ipc_call(0, &[sk.0.get_offset(), pk.0.get_offset()]);
    }
    drop(agent);
    (sk, pk)
 }
 pub fn ed25519_sign(sk: &Ed25519PrivKey, msg: &SharedPtr) -> Ed25519Signature {
    let sig = Ed25519Signature(SharedPtr::new(64).unwrap());
-    let mut agent = ED25519AGENT.lock().unwrap();
+    let mut agent = None;
    while agent.is_none() {
        agent = ED25519AGENT
            .iter()
            .map(|agent| agent.try_lock())
            .filter(|agent| agent.is_ok())
            .next();
    }
    let mut agent = agent.unwrap().unwrap();
    unsafe {
-        agent.perform_ipc_call(1, &[sk.0.get_offset(), msg.get_offset(), msg.get_size(), sig.0.get_offset()]);
+        agent.perform_ipc_call(
            1,
            &[
                sk.0.get_offset(),
                msg.get_offset(),
                msg.get_size(),
                sig.0.get_offset(),
            ],
        );
    }
    drop(agent);
    sig
 }
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -1,8 +1,6 @@
 #![feature(lazy_cell)]
 pub use shared_memory_heap::sharedptr::SharedPtr;
 mod agent;
 pub mod x25519;
 pub mod mlkem;
 pub mod ed25519;
 pub mod mlkem;
 pub mod x25519;
--- a/src/mlkem.rs
+++ b/src/mlkem.rs
@@ -79,6 +79,8 @@ pub fn mlkem_keygen() -> (MLKEMPrivKey, MLKEMPubKey) {
        agent.perform_ipc_call(0, &[sk.0.get_offset(), pk.0.get_offset()]);
    }
    drop(agent);
    (sk, pk)
 }
@@ -92,6 +94,8 @@ pub fn mlkem_encap(pk: &MLKEMPubKey) -> (MLKEMCiphertext, MLKEMSharedKey) {
        agent.perform_ipc_call(1, &[ct.0.get_offset(), ss.0.get_offset(), pk.0.get_offset()]);
    }
    drop(agent);
    (ct, ss)
 }
@@ -104,5 +108,7 @@ pub fn mlkem_decap(ct: &MLKEMCiphertext, sk: &MLKEMPrivKey) -> MLKEMSharedKey {
        agent.perform_ipc_call(2, &[ss.0.get_offset(), ct.0.get_offset(), sk.0.get_offset()]);
    }
    drop(agent);
    ss
 }
--- a/src/x25519.rs
+++ b/src/x25519.rs
@@ -69,6 +69,8 @@ pub fn x25519_keygen() -> (X25519PrivKey, X25519PubKey) {
        agent.perform_ipc_call(0, &[sk.0.get_offset(), pk.0.get_offset()]);
    }
    drop(agent);
    (sk, pk)
 }
@@ -81,6 +83,8 @@ pub fn x22519_pubkey(sk: &X25519PrivKey) -> X25519PubKey {
        agent.perform_ipc_call(1, &[sk.0.get_offset(), pk.0.get_offset()]);
    }
    drop(agent);
    pk
 }
@@ -93,5 +97,7 @@ pub fn x25519(sk: &X25519PrivKey, pk: &X25519PubKey) -> X25519SharedKey {
        agent.perform_ipc_call(2, &[out.0.get_offset(), sk.0.get_offset(), pk.0.get_offset()]);
    }
    drop(agent);
    out
 }
Author	SHA1	Message	Date
Aaron Kaiser	6b60e04513	don't seal sync_mem	2025-10-27 10:15:55 +01:00
Aaron Kaiser	b72ea11712	get shared_memory_heap from git repository	2025-10-23 18:20:47 +02:00
Aaron Kaiser	ebb738445b	Make number of spawned ed25519 agent configurable through environment variables	2025-05-14 11:27:58 +02:00
Aaron Kaiser	0f16f071b4	Revert last three commits This reverts commit `a97adf188b`. This reverts commit `c61fb504c6` This reverts commit `0bb5c528ee`	2025-05-14 11:23:23 +02:00
Aaron Kaiser	0bb5c528ee	use memfd_secret for sync memory	2025-04-07 12:06:59 +02:00
Aaron Kaiser	c61fb504c6	remove seal from shared memory page	2025-04-04 13:10:45 +02:00
Aaron Kaiser	a97adf188b	change synchronization with agent	2025-04-04 12:18:07 +02:00
Aaron Kaiser	2b23baa3af	remove lazy_cell feature	2025-03-04 10:36:32 +01:00
Aaron Kaiser	68ff86b8c6	sync changes from artifact	2025-02-25 17:26:25 +01:00