From 311b4054c61b5b94039b9a58493cb96f8e15abb9 Mon Sep 17 00:00:00 2001
From: Jaromil <jaromil@dyne.org>
Date: Mon, 10 Mar 2025 17:33:54 +0100
Subject: [PATCH] feat: keyringguard to check keyring octets

---
 src/lua/zencode.lua     | 10 ++++++++++
 src/sfpool.h            | 16 +++++++++++++++-
 src/zen_octet.c         | 18 ++++++++++++++++--
 test/lua/secure_mem.lua |  3 +++
 4 files changed, 44 insertions(+), 3 deletions(-)
 create mode 100644 test/lua/secure_mem.lua

diff --git a/src/lua/zencode.lua b/src/lua/zencode.lua
index 2e5f6a89c..d6a23589f 100644
--- a/src/lua/zencode.lua
+++ b/src/lua/zencode.lua
@@ -787,6 +787,7 @@ function ZEN:run()
 			deepmap(zenguard, ACK)
 			-- check that everythink in HEAP.ACK has a CODEC
 			self:codecguard()
+			self:keyringguard()
 		end
 
 		self.OK = true
@@ -858,6 +859,15 @@ function ZEN:codecguard()
    end
    return true
 end
+function ZEN:keyringguard()
+	local keys <const> = ACK.keyring
+	if not keys then return end
+	for k,v in pairs(keys) do
+		if not v:octet():is_secure() then -- sfpool check
+			error("Key out of secure memory: "..k)
+		end
+	end
+end
 
 ------------------------------------------
 -- ZENCODE STATEMENT DECLARATION FUNCTIONS
diff --git a/src/sfpool.h b/src/sfpool.h
index c69284d4f..3c08e7591 100644
--- a/src/sfpool.h
+++ b/src/sfpool.h
@@ -71,8 +71,10 @@ static inline void _secure_zero(void *ptr, uint32_t size) {
 
 #if defined(__x86_64__) || defined(_M_X64) || defined(__ppc64__) || defined(__LP64__)
 #define ptr_t uint64_t
+#define ptr_align 8
 #else
 #define ptr_t uint32_t
+#define ptr_align 4
 #endif
 #if !defined(__MUSL__)
 static_assert(sizeof(ptr_t) == sizeof(void*), "Unknown memory pointer size detected");
@@ -82,6 +84,11 @@ static inline bool _is_in_pool(sfpool_t *pool, const void *ptr) {
   return(p >= (ptr_t)pool->data
          && p < (ptr_t)(pool->data + pool->total_bytes));
 }
+static inline void* memalign(const void* ptr) {
+    register ptr_t mask = ptr_align - 1;
+    ptr_t aligned = (ptr_t)ptr + mask & ~mask;
+    return (void*)aligned;
+}
 
 // Create memory manager
 size_t sfpool_init(sfpool_t *pool, size_t nmemb, size_t blocksize) {
@@ -92,7 +99,7 @@ size_t sfpool_init(sfpool_t *pool, size_t nmemb, size_t blocksize) {
 	pool->secure_lock = false;
   size_t totalsize = nmemb * blocksize;
 #if defined(__EMSCRIPTEN__)
-  pool->data = (uint8_t *)malloc(totalsize);
+  pool->data = (uint8_t *)memalign(malloc(totalsize+4));
 #elif defined(_WIN32)
   pool->data = VirtualAlloc(NULL, totalsize,
                             MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
@@ -260,6 +267,13 @@ void *sfpool_realloc(void *restrict opaque, void *ptr, const size_t size) {
   }
 }
 
+int sfpool_contains(void *restrict opaque, const void *ptr) {
+  sfpool_t *pool = (sfpool_t*)opaque;
+  int res = 0;
+  if( _is_in_pool(pool,ptr) ) res = 1;
+  return res;
+}
+
 // Debug function to print memory manager state
 void sfpool_status(sfpool_t *restrict p) {
   fprintf(stderr,"\n🌊 sfpool: %u blocks %u B each\n",
diff --git a/src/zen_octet.c b/src/zen_octet.c
index f4b9fdaf6..3c206e47d 100644
--- a/src/zen_octet.c
+++ b/src/zen_octet.c
@@ -75,6 +75,9 @@
 
 #include <zenroom.h>
 
+// from sfpool.h
+extern int sfpool_contains(void *restrict opaque, const void *ptr);
+
 // from segwit_addr.c
 extern int segwit_addr_encode(char *output, const char *hrp, int witver, const uint8_t *witprog, size_t witprog_len);
 extern int segwit_addr_decode(int* witver, uint8_t* witdata, size_t* witdata_len, const char* hrp, const char* addr);
@@ -219,7 +222,7 @@ octet* o_new(lua_State *L, const int size) {
 		return NULL; }
 	luaL_getmetatable(L, "zenroom.octet");
 	lua_setmetatable(L, -2);
-	o->val = malloc(size +0x0f);
+	o->val = malloc(size+0x0f);
 	if(HEDLEY_UNLIKELY(o->val==NULL)) {
 		zerror(L, "Cannot create octet, malloc failure");
 		zerror(L, "%s: %s",__func__,strerror(errno));
@@ -2560,6 +2563,16 @@ static int mempaste(lua_State *L) {
 	END(1);
 }
 
+static int is_secure_memory(lua_State *L) {
+	BEGIN();
+	const octet *arg = o_arg(L,1);
+   	lua_pushboolean
+		(L, sfpool_contains(ZMM,(void*)arg->val));
+	END(1);
+}
+
+
+
 int luaopen_octet(lua_State *L) {
 	(void)L;
 	const struct luaL_Reg octet_class[] = {
@@ -2635,7 +2648,7 @@ int luaopen_octet(lua_State *L) {
 		{"find", memfind},
 		{"copy", memcopy},
 		{"paste", mempaste},
-
+		{"is_secure", is_secure_memory},
 		{NULL,NULL}
 	};
 	const struct luaL_Reg octet_methods[] = {
@@ -2689,6 +2702,7 @@ int luaopen_octet(lua_State *L) {
 		{"find", memfind},
 		{"copy", memcopy},
 		{"paste", mempaste},
+		{"is_secure", is_secure_memory},
 		// {"zcash_topoint", zcash_topoint},
 		// idiomatic operators
 		{"__len",octet_size},
diff --git a/test/lua/secure_mem.lua b/test/lua/secure_mem.lua
new file mode 100644
index 000000000..25bb627d5
--- /dev/null
+++ b/test/lua/secure_mem.lua
@@ -0,0 +1,3 @@
+oo = O.random(64);
+I.print(oo:is_secure())
+