use agent

Cargo.lock

@@ -5,7 +5,7 @@ version = 3
 [[package]]
 name = "agent_lib"
 version = "0.1.0"
-source = "git+https://gitea.rixxc.de/rixxc/agent_lib.git#5c05bd7921d7dd496d68d60cb92e23b9ffea59b4"
+source = "git+https://gitea.rixxc.de/rixxc/agent_lib.git#d770fd2641a9697a1e08f866456a4e142f143ed8"
 dependencies = [
  "anyhow",
  "libc",

flake.lock

@@ -0,0 +1,26 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1728018373,
+        "narHash": "sha256-NOiTvBbRLIOe5F6RbHaAh6++BNjsb149fGZd1T4+KBg=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "bc947f541ae55e999ffdb4013441347d83b00feb",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-unstable",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,12 @@
+{
+  inputs.nixpkgs.url = "nixpkgs/nixos-unstable";
+
+  outputs = { nixpkgs, ... }:
+    let
+      system = "x86_64-linux";
+      pkgs = import nixpkgs { inherit system; };
+    in
+    {
+      devShells.${system}.default = pkgs.callPackage ./shell.nix { inherit pkgs; };
+    };
+}

shell.nix

@@ -0,0 +1,24 @@
+{ pkgs ? import <nixpkgs> { } }:
+with pkgs;
+let
+  ed25519_agent_lib = callPackage "${fetchgit {
+    url = "https://gitea.rixxc.de/rixxc/ed25519_agent.git";
+    rev = "d2ae2cd9142671a8e13d6f133b8d5429e507cd78";
+    hash = "sha256-hKKzsRY7IvM4eq8ybWZ5Z/ix7Oaohvcz6qngM+jGIgU=";
+  }}/default.nix"
+    { inherit pkgs; };
+
+  harness = fetchgit {
+    url = "https://gitea.rixxc.de/rixxc/agent_harness.git";
+    rev = "f7720356f3db3bdf2b115e13afe521ba06c10fe1";
+    hash = "sha256-6FTNByDZp9DRukuMQrlsrbouSytrllfdrULhS7UMwqs=";
+  };
+
+  ed25519_agent = callPackage "${harness}/default.nix" { inherit pkgs; agent = ed25519_agent_lib; };
+in
+mkShell {
+  name = "agent-test";
+
+  ED25519_AGENT_PATH = "${ed25519_agent}/bin/agent_harness";
+  ED25519_KEYFILE = "./keyfile";
+}

src/certificate_resolver.rs

@@ -1,19 +1,18 @@
+use agent_lib::{ed25519::Ed25519PrivKey, SharedPtr};
 use rustls::{pki_types::CertificateDer, server::{ClientHello, ResolvesServerCert}, sign::{CertifiedKey, Signer as TLSSigner, SigningKey}, SignatureAlgorithm, SignatureScheme};
-// use rustls_pki_types::CertificateDer;
+use std::{fs, io::BufReader, ops::Deref, sync::Arc};
-use std::{sync::Arc, fs, io::BufReader};
-use ed25519_dalek::Signer;
 
 #[derive(Debug)]
 pub struct CertificateResolver {
     cert_filename: String,
-    key: [u8; 32]
+    key: Arc<Ed25519PrivKey>
 }
 
 impl CertificateResolver {
-    pub fn new(cert_filename: String, key: [u8; 32]) -> Self {
+    pub fn new(cert_filename: String, key: Ed25519PrivKey) -> Self {
         Self {
             cert_filename,
-            key
+            key: Arc::new(key)
         }
     }
 }
@@ -31,7 +30,7 @@ impl ResolvesServerCert for CertificateResolver {
         Some(Arc::new(CertifiedKey {
             cert: vec![cert],
             key: Arc::new(Ed25519Key{
-                key: self.key
+                key: self.key.clone()
             }),
             ocsp: None
         }))
@@ -40,13 +39,13 @@ impl ResolvesServerCert for CertificateResolver {
 
 #[derive(Debug)]
 struct Ed25519Key {
-    key: [u8; 32]
+    key: Arc<Ed25519PrivKey>
 }
 
 impl SigningKey for Ed25519Key {
     fn choose_scheme(&self, offered: &[SignatureScheme]) -> Option<Box<dyn TLSSigner>> {
         if offered.contains(&SignatureScheme::ED25519) {
-            Some(Box::new(Ed25519Signer::new(&self.key)))
+            Some(Box::new(Ed25519Signer::new(self.key.clone())))
         } else {
             None
         }
@@ -59,13 +58,13 @@ impl SigningKey for Ed25519Key {
 
 #[derive(Debug)]
 struct Ed25519Signer {
-    key: ed25519_dalek::SigningKey
+    key: Arc<Ed25519PrivKey>
 }
 
 impl Ed25519Signer {
-    fn new(key: &[u8; 32]) -> Self {
+    fn new(key: Arc<Ed25519PrivKey>) -> Self {
         Self { 
-            key: ed25519_dalek::SigningKey::from_bytes(key) 
+            key
         }
     }
 }
@@ -76,6 +75,8 @@ impl TLSSigner for Ed25519Signer {
     }
 
     fn sign(&self, message: &[u8]) -> Result<Vec<u8>, rustls::Error> {
-        Ok(self.key.sign(message).to_vec())
+        let mut msg = SharedPtr::new(message.len()).expect("SharedPtr allocation failed");
+        msg.copy_from_slice(message);
+        Ok(agent_lib::ed25519::ed25519_sign(self.key.deref(), &msg).to_vec())
     }
 }

src/main.rs

@@ -3,15 +3,14 @@ mod certificate_resolver;
 use std::{error::Error, io::Write};
 use std::net::TcpListener;
 use std::sync::Arc;
+use agent_lib::ed25519::Ed25519PrivKey;
 use rustls::server::{ServerConfig, Acceptor};
 use certificate_resolver::CertificateResolver;
 
 fn main() -> Result<(), Box<dyn Error>> {
     env_logger::init();
 
-    let ed25519_key = [67, 172, 227, 162, 104, 7, 219, 85, 140, 212, 238, 223, 8, 206, 63, 0, 91, 20, 173, 188, 82, 207, 110, 235, 3, 55, 237, 2, 25, 65, 40, 186];
+    let cert_resolver = Arc::new(CertificateResolver::new("./ed25519.crt".to_string(), Ed25519PrivKey::from(&[0,0,0,0,0,0,0,0])));
-
-    let cert_resolver = Arc::new(CertificateResolver::new("./ed25519.crt".to_string(), ed25519_key));
 
     let config = Arc::new(ServerConfig::builder()
         .with_no_client_auth()