[Cryptech-Commits] [sw/libhal] 02/02: Add rpc_hash.c. Convert dynamic allocator in hash.c to use private pool of pre-configured state blocks, suitable for an embedded system.

git at cryptech.is git at cryptech.is
Sun Dec 13 06:49:49 UTC 2015


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch rpc
in repository sw/libhal.

commit c60b4bbd62865c4fe891dcbf7586c4718082d626
Author: Rob Austein <sra at hactrn.net>
Date:   Sun Dec 13 00:43:11 2015 -0500

    Add rpc_hash.c.  Convert dynamic allocator in hash.c to use private
    pool of pre-configured state blocks, suitable for an embedded system.
---
 GNUmakefile    |  19 +++-
 hal.h          |  14 +++
 hal_rpc.c      |   8 +-
 hal_rpc.h      |  13 +--
 hash.c         | 102 ++++++++++++++++----
 rpc_client.c   |  12 +--
 rpc_hash.c     | 300 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 rpc_internal.h |   8 +-
 8 files changed, 430 insertions(+), 46 deletions(-)

diff --git a/GNUmakefile b/GNUmakefile
index 810d997..1f6b711 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -25,28 +25,37 @@
 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
 # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+# Number of static hash and HMAC state blocks to allocate
+
+STATIC_HASH_STATE_BLOCKS = 10
+STATIC_HMAC_STATE_BLOCKS = 4
+
 INC		= hal.h
 LIB		= libhal.a
 OBJ		= ${IO_OBJ} core.o csprng.o hash.o aes_keywrap.o pbkdf2.o \
 		  modexp.o rsa.o ecdsa.o asn1.o errorstrings.o ${RPC_OBJ}
-
 IO_OBJ_EIM	= hal_io_eim.o novena-eim.o
 IO_OBJ_I2C 	= hal_io_i2c.o
 
 # Default I/O bus is EIM, override this to use I2C instead
 IO_OBJ		= ${IO_OBJ_EIM}
 
-RPC_OBJ_CLIENT	= hal_rpc.o rpc_client.o
-RPC_OBJ_SERVER	= hal_rpc.o rpc_server.o
+RPC_OBJ_COMMON	= hal_rpc.o rpc_hash.o
+RPC_OBJ_CLIENT	= ${RPC_OBJ_COMMON} rpc_client.o
+RPC_OBJ_SERVER	= ${RPC_OBJ_COMMON} rpc_misc.o rpc_pkey.o
 
-# Default should be to build the RPC server, but we haven't written even the skeleton of that yet.
-# We'll probably end up needing a makefile conditional to handle all this properly
+# Default should be to build the RPC server code, but we haven't
+# written even the skeleton of that yet.  We'll probably end up
+# needing a makefile conditional to handle all this properly
 RPC_OBJ		= ${RPC_OBJ_CLIENT}
 
 TFMDIR		:= $(abspath ../thirdparty/libtfm)
 CFLAGS		+= -g3 -Wall -fPIC -std=c99 -I${TFMDIR} -DHAL_ECDSA_DEBUG_ONLY_STATIC_TEST_VECTOR_RANDOM=1
 LDFLAGS		:= -g3 -L${TFMDIR} -ltfm
 
+CFLAGS		+= -DHAL_STATIC_HASH_STATE_BLOCKS=${STATIC_HASH_STATE_BLOCKS}
+CFLAGS		+= -DHAL_STATIC_HMAC_STATE_BLOCKS=${STATIC_HMAC_STATE_BLOCKS}
+
 all: ${LIB}
 	cd tests; ${MAKE} CFLAGS='${CFLAGS} -I..' LDFLAGS='${LDFLAGS}' $@
 	cd utils; ${MAKE} CFLAGS='${CFLAGS} -I..' LDFLAGS='${LDFLAGS}' $@
diff --git a/hal.h b/hal.h
index eb1e253..1ccc491 100644
--- a/hal.h
+++ b/hal.h
@@ -221,7 +221,17 @@ typedef struct hal_hash_driver hal_hash_driver_t;
  * problem.
  */
 
+typedef enum {
+  hal_digest_algorithm_sha1,
+  hal_digest_algorithm_sha256,
+  hal_digest_algorithm_sha512_224,
+  hal_digest_algorithm_sha512_256,
+  hal_digest_algorithm_sha384,
+  hal_digest_algorithm_sha512
+} hal_digest_algorithm_t;
+
 typedef struct {
+  hal_digest_algorithm_t digest_algorithm;
   size_t block_length;
   size_t digest_length;
   size_t hash_state_length;
@@ -284,6 +294,10 @@ extern void hal_hash_cleanup(hal_hash_state_t **state);
 
 extern void hal_hmac_cleanup(hal_hmac_state_t **state);
 
+extern const hal_hash_descriptor_t *hal_hash_get_descriptor(const hal_hash_state_t * const state);
+
+extern const hal_hash_descriptor_t *hal_hmac_get_descriptor(const hal_hmac_state_t * const state);
+
 /*
  * AES key wrap functions.
  */
diff --git a/hal_rpc.c b/hal_rpc.c
index 15f5f65..6ad198e 100644
--- a/hal_rpc.c
+++ b/hal_rpc.c
@@ -146,20 +146,20 @@ hal_error_t hal_rpc_logout(const hal_rpc_client_handle_t client)
   return misc_dispatch->logout(client);
 }
 
-hal_error_t hal_rpc_hash_get_digest_length(const hal_rpc_hash_alg_t alg, size_t *length)
+hal_error_t hal_rpc_hash_get_digest_length(const hal_digest_algorithm_t alg, size_t *length)
 {
   if (length == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
   return hash_dispatch->get_digest_length(alg, length);
 }
 
-hal_error_t hal_rpc_hash_get_digest_algorithm_id(const hal_rpc_hash_alg_t alg,
+hal_error_t hal_rpc_hash_get_digest_algorithm_id(const hal_digest_algorithm_t alg,
 						 uint8_t *id, size_t *len, const size_t len_max)
 {
   return hash_dispatch->get_digest_algorithm_id(alg, id, len, len_max);
 }
 
-hal_error_t hal_rpc_hash_get_algorithm(const hal_rpc_hash_handle_t hash, hal_rpc_hash_alg_t *alg)
+hal_error_t hal_rpc_hash_get_algorithm(const hal_rpc_hash_handle_t hash, hal_digest_algorithm_t *alg)
 {
   if (hash.handle == hal_rpc_hash_handle_none.handle || alg == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
@@ -169,7 +169,7 @@ hal_error_t hal_rpc_hash_get_algorithm(const hal_rpc_hash_handle_t hash, hal_rpc
 hal_error_t hal_rpc_hash_initialize(const hal_rpc_client_handle_t client,
 				    const hal_rpc_session_handle_t session,
 				    hal_rpc_hash_handle_t *hash,
-				    const hal_rpc_hash_alg_t alg,
+				    const hal_digest_algorithm_t alg,
 				    const uint8_t * const key, const size_t key_len)
 {
   if (hash == NULL)
diff --git a/hal_rpc.h b/hal_rpc.h
index db300e3..553fb6b 100644
--- a/hal_rpc.h
+++ b/hal_rpc.h
@@ -87,21 +87,16 @@ extern hal_error_t hal_rpc_get_random(void *buffer, const size_t length);
  * Combined hash and HMAC functions: pass NULL key for plain hashing.
  */
 
-typedef enum {
-  hal_rpc_hash_alg__sha1,       hal_rpc_hash_alg__sha256, hal_rpc_hash_alg__sha512_224,
-  hal_rpc_hash_alg__sha512_256, hal_rpc_hash_alg__sha384, hal_rpc_hash_alg__sha512
-} hal_rpc_hash_alg_t;
-
 typedef struct { uint32_t handle; } hal_rpc_hash_handle_t;
 
 extern const hal_rpc_hash_handle_t hal_rpc_hash_handle_none;
 
-extern hal_error_t hal_rpc_hash_get_digest_length(const hal_rpc_hash_alg_t alg, size_t *length);
+extern hal_error_t hal_rpc_hash_get_digest_length(const hal_digest_algorithm_t alg, size_t *length);
 
-extern hal_error_t hal_rpc_hash_get_digest_algorithm_id(const hal_rpc_hash_alg_t alg,
+extern hal_error_t hal_rpc_hash_get_digest_algorithm_id(const hal_digest_algorithm_t alg,
                                                         uint8_t *id, size_t *len, const size_t len_max);
 
-extern hal_error_t hal_rpc_hash_get_algorithm(const hal_rpc_hash_handle_t hash, hal_rpc_hash_alg_t *alg);
+extern hal_error_t hal_rpc_hash_get_algorithm(const hal_rpc_hash_handle_t hash, hal_digest_algorithm_t *alg);
 
 /*
  * Once started, a hash or HMAC operation is bound to a particular
@@ -111,7 +106,7 @@ extern hal_error_t hal_rpc_hash_get_algorithm(const hal_rpc_hash_handle_t hash,
 extern hal_error_t hal_rpc_hash_initialize(const hal_rpc_client_handle_t client,
                                            const hal_rpc_session_handle_t session,
                                            hal_rpc_hash_handle_t *hash,
-                                           const hal_rpc_hash_alg_t alg,
+                                           const hal_digest_algorithm_t alg,
                                            const uint8_t * const key, const size_t key_length);
 
 extern hal_error_t hal_rpc_hash_update(const hal_rpc_hash_handle_t hash,
diff --git a/hash.c b/hash.c
index 0ba6b50..138740e 100644
--- a/hash.c
+++ b/hash.c
@@ -52,13 +52,6 @@
  * Driver.  This encapsulates whatever per-algorithm voodoo we need
  * this week.  At the moment, this is mostly Cryptech core addresses,
  * but this is subject to change without notice.
- *
- * Most of the addresses in the current version could be calculated
- * from a single address (the core base address), but this week's
- * theory prefers the precomputed composite addresses, and doing it
- * this way saves some microscopic bit of addition at runtime.
- * Whatever.  It'll probably all change again once we have a dynamic
- * memory map, so it's not really worth overthinking at the moment.
  */
 
 struct hal_hash_driver {
@@ -103,10 +96,6 @@ struct hal_hmac_state {
 
 /*
  * Drivers for known digest algorithms.
- *
- * Initialization of the core_name field is not a typo, we're
- * concatenating two string constants and trusting the compiler to
- * whine if the resulting string doesn't fit into the field.
  */
 
 static const hal_hash_driver_t sha1_driver = {
@@ -163,6 +152,7 @@ static const uint8_t
  */
 
 const hal_hash_descriptor_t hal_hash_sha1[1] = {{
+  hal_digest_algorithm_sha1,
   SHA1_BLOCK_LEN, SHA1_DIGEST_LEN,
   sizeof(hal_hash_state_t), sizeof(hal_hmac_state_t),
   dalgid_sha1, sizeof(dalgid_sha1),
@@ -170,6 +160,7 @@ const hal_hash_descriptor_t hal_hash_sha1[1] = {{
 }};
 
 const hal_hash_descriptor_t hal_hash_sha256[1] = {{
+  hal_digest_algorithm_sha256,
   SHA256_BLOCK_LEN, SHA256_DIGEST_LEN,
   sizeof(hal_hash_state_t), sizeof(hal_hmac_state_t),
   dalgid_sha256, sizeof(dalgid_sha256),
@@ -177,6 +168,7 @@ const hal_hash_descriptor_t hal_hash_sha256[1] = {{
 }};
 
 const hal_hash_descriptor_t hal_hash_sha512_224[1] = {{
+  hal_digest_algorithm_sha512_224,
   SHA512_BLOCK_LEN, SHA512_224_DIGEST_LEN,
   sizeof(hal_hash_state_t), sizeof(hal_hmac_state_t),
   dalgid_sha512_224, sizeof(dalgid_sha512_224),
@@ -184,6 +176,7 @@ const hal_hash_descriptor_t hal_hash_sha512_224[1] = {{
 }};
 
 const hal_hash_descriptor_t hal_hash_sha512_256[1] = {{
+  hal_digest_algorithm_sha512_256,
   SHA512_BLOCK_LEN, SHA512_256_DIGEST_LEN,
   sizeof(hal_hash_state_t), sizeof(hal_hmac_state_t),
   dalgid_sha512_256, sizeof(dalgid_sha512_256),
@@ -191,6 +184,7 @@ const hal_hash_descriptor_t hal_hash_sha512_256[1] = {{
 }};
 
 const hal_hash_descriptor_t hal_hash_sha384[1] = {{
+  hal_digest_algorithm_sha384,
   SHA512_BLOCK_LEN, SHA384_DIGEST_LEN,
   sizeof(hal_hash_state_t), sizeof(hal_hmac_state_t),
   dalgid_sha384, sizeof(dalgid_sha384),
@@ -198,6 +192,7 @@ const hal_hash_descriptor_t hal_hash_sha384[1] = {{
 }};
 
 const hal_hash_descriptor_t hal_hash_sha512[1] = {{
+  hal_digest_algorithm_sha512,
   SHA512_BLOCK_LEN, SHA512_DIGEST_LEN,
   sizeof(hal_hash_state_t), sizeof(hal_hmac_state_t),
   dalgid_sha512, sizeof(dalgid_sha512),
@@ -205,6 +200,33 @@ const hal_hash_descriptor_t hal_hash_sha512[1] = {{
 }};
 
 /*
+ * Static state blocks.  This library is intended for a style of
+ * embedded programming in which one avoids heap-based allocation
+ * functions such as malloc() wherever possible and instead uses
+ * static variables when just allocating on the stack won't do.
+ *
+ * The number of each kind of state block to be allocated this way
+ * must be configured at compile-time.  Sorry, that's life in the
+ * deeply embedded universe.
+ */
+
+#ifndef	HAL_STATIC_HASH_STATE_BLOCKS
+#define	HAL_STATIC_HASH_STATE_BLOCKS 0
+#endif
+
+#ifndef	HAL_STATIC_HMAC_STATE_BLOCKS
+#define	HAL_STATIC_HMAC_STATE_BLOCKS 0
+#endif
+
+#if HAL_STATIC_HASH_STATE_BLOCKS > 0
+static hal_hash_state_t static_hash_state[HAL_STATIC_HASH_STATE_BLOCKS];
+#endif
+
+#if HAL_STATIC_HMAC_STATE_BLOCKS > 0
+static hal_hmac_state_t static_hmac_state[HAL_STATIC_HMAC_STATE_BLOCKS];
+#endif
+
+/*
  * Debugging control.
  */
 
@@ -216,6 +238,38 @@ void hal_hash_set_debug(int onoff)
 }
 
 /*
+ * Internal utilities to allocate static state blocks.
+ */
+
+static inline hal_hash_state_t *alloc_static_hash_state(void)
+{
+
+#if HAL_STATIC_HASH_STATE_BLOCKS > 0
+
+  for (int i = 0; i < sizeof(static_hash_state)/sizeof(*static_hash_state); i++)
+    if ((static_hash_state[i].flags & STATE_FLAG_STATE_ALLOCATED) == 0)
+      return &static_hash_state[i];
+
+#endif  
+
+  return NULL;
+}
+
+static inline hal_hmac_state_t *alloc_static_hmac_state(void)
+{
+
+#if HAL_STATIC_HMAC_STATE_BLOCKS > 0
+
+  for (int i = 0; i < sizeof(static_hmac_state)/sizeof(*static_hmac_state); i++)
+    if ((static_hmac_state[i].hash_state.flags & STATE_FLAG_STATE_ALLOCATED) == 0)
+      return &static_hmac_state[i];
+
+#endif  
+
+  return NULL;
+}
+
+/*
  * Internal utility to do whatever checking we need of a descriptor,
  * then extract the driver pointer in a way that works nicely with
  * initialization of an automatic const pointer.
@@ -223,7 +277,7 @@ void hal_hash_set_debug(int onoff)
  * Returns the driver pointer on success, NULL on failure.
  */
 
-static const hal_hash_driver_t *check_driver(const hal_hash_descriptor_t * const descriptor)
+static inline const hal_hash_driver_t *check_driver(const hal_hash_descriptor_t * const descriptor)
 {
   return descriptor == NULL ? NULL : descriptor->driver;
 }
@@ -233,8 +287,8 @@ static const hal_hash_driver_t *check_driver(const hal_hash_descriptor_t * const
  * attempting to locate an appropriate core if we weren't given one.
  */
 
-static hal_error_t check_core(const hal_core_t **core,
-                              const hal_hash_descriptor_t * const descriptor)
+static inline hal_error_t check_core(const hal_core_t **core,
+                                     const hal_hash_descriptor_t * const descriptor)
 {
   assert(descriptor != NULL && descriptor->driver != NULL);
   return hal_core_check_name(core, descriptor->core_name);
@@ -262,7 +316,7 @@ hal_error_t hal_hash_initialize(const hal_core_t *core,
   if ((err = check_core(&core, descriptor)) != HAL_OK)
     return err;
 
-  if (state_buffer == NULL && (state = malloc(descriptor->hash_state_length)) == NULL)
+  if (state_buffer == NULL && (state = alloc_static_hash_state()) == NULL)
       return HAL_ERROR_ALLOCATION_FAILURE;
 
   memset(state, 0, sizeof(*state));
@@ -293,7 +347,6 @@ void hal_hash_cleanup(hal_hash_state_t **state_)
     return;
 
   memset(state, 0, state->descriptor->hash_state_length);
-  free(state);
   *state_ = NULL;
 }
 
@@ -540,7 +593,7 @@ hal_error_t hal_hmac_initialize(const hal_core_t *core,
   if ((err = check_core(&core, descriptor)) != HAL_OK)
     return err;
 
-  if (state_buffer == NULL && (state = malloc(descriptor->hmac_state_length)) == NULL)
+  if (state_buffer == NULL && (state = alloc_static_hmac_state()) == NULL)
     return HAL_ERROR_ALLOCATION_FAILURE;
 
   hal_hash_state_t *h = &state->hash_state;
@@ -637,7 +690,6 @@ void hal_hmac_cleanup(hal_hmac_state_t **state_)
     return;
 
   memset(state, 0, h->descriptor->hmac_state_length);
-  free(state);
   *state_ = NULL;
 }
 
@@ -688,6 +740,20 @@ hal_error_t hal_hmac_finalize(hal_hmac_state_t *state,
 }
 
 /*
+ * Pull descriptor pointer from state block.
+ */
+
+const hal_hash_descriptor_t *hal_hash_get_descriptor(const hal_hash_state_t * const state)
+{
+  return state == NULL ? NULL : state->descriptor;
+}
+
+const hal_hash_descriptor_t *hal_hmac_get_descriptor(const hal_hmac_state_t * const state)
+{
+  return state == NULL ? NULL : state->hash_state.descriptor;
+}
+
+/*
  * "Any programmer who fails to comply with the standard naming, formatting,
  *  or commenting conventions should be shot.  If it so happens that it is
  *  inconvenient to shoot him, then he is to be politely requested to recode
diff --git a/rpc_client.c b/rpc_client.c
index 4a755af..20cc26f 100644
--- a/rpc_client.c
+++ b/rpc_client.c
@@ -64,18 +64,18 @@ static hal_error_t logout(const hal_rpc_client_handle_t client)
   return HAL_ERROR_IMPOSSIBLE;
 }
 
-static hal_error_t hash_get_digest_len(const hal_rpc_hash_alg_t alg, size_t *length)
+static hal_error_t hash_get_digest_len(const hal_digest_algorithm_t alg, size_t *length)
 {
   return HAL_ERROR_IMPOSSIBLE;
 }
 
-static hal_error_t hash_get_digest_algorithm_id(const hal_rpc_hash_alg_t alg,
+static hal_error_t hash_get_digest_algorithm_id(const hal_digest_algorithm_t alg,
                                                 uint8_t *id, size_t *len, const size_t len_max)
 {
   return HAL_ERROR_IMPOSSIBLE;
 }
 
-static hal_error_t hash_get_algorithm(const hal_rpc_hash_handle_t hash, hal_rpc_hash_alg_t *alg)
+static hal_error_t hash_get_algorithm(const hal_rpc_hash_handle_t hash, hal_digest_algorithm_t *alg)
 {
   return HAL_ERROR_IMPOSSIBLE;
 }
@@ -83,7 +83,7 @@ static hal_error_t hash_get_algorithm(const hal_rpc_hash_handle_t hash, hal_rpc_
 static hal_error_t hash_initialize(const hal_rpc_client_handle_t client,
                                    const hal_rpc_session_handle_t session,
                                    hal_rpc_hash_handle_t *hash,
-                                   const hal_rpc_hash_alg_t alg,
+                                   const hal_digest_algorithm_t alg,
                                    const uint8_t * const key, const size_t key_len)
 {
   return HAL_ERROR_IMPOSSIBLE;
@@ -213,7 +213,7 @@ static hal_error_t pkey_mixed_sign(const hal_rpc_session_handle_t session,
   if (input != NULL)
     return pkey_remote_sign(session, pkey, hash, input,  input_len, output, output_len);
 
-  hal_rpc_hash_alg_t alg;
+  hal_digest_algorithm_t alg;
   size_t digest_len;
   hal_error_t err;
 
@@ -238,7 +238,7 @@ static hal_error_t pkey_mixed_verify(const hal_rpc_session_handle_t session,
   if (input != NULL)
     return pkey_remote_verify(session, pkey, hash, input,  input_len, output, output_len);
 
-  hal_rpc_hash_alg_t alg;
+  hal_digest_algorithm_t alg;
   size_t digest_len;
   hal_error_t err;
 
diff --git a/rpc_hash.c b/rpc_hash.c
new file mode 100644
index 0000000..4ceadb6
--- /dev/null
+++ b/rpc_hash.c
@@ -0,0 +1,300 @@
+/*
+ * rpc_hash.c
+ * ----------
+ * Remote procedure call server-side hash implementation.
+ *
+ * Authors: Rob Austein
+ * Copyright (c) 2015, NORDUnet A/S All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * - Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of the NORDUnet nor the names of its contributors may
+ *   be used to endorse or promote products derived from this software
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+
+#include "hal.h"
+#include "rpc_internal.h"
+
+/*
+ * Need table and handle allocation, including some kind of in_use
+ * flag (perhaps just handle == none).
+ *
+ * Hash and HMAC aren't really things for which we need permission
+ * bits, so not sure we even care about login stuff here.
+ */
+
+typedef struct {
+  hal_rpc_client_handle_t client_handle;
+  hal_rpc_session_handle_t session_handle;
+  hal_rpc_hash_handle_t hash_handle;
+  union {
+    hal_hash_state_t *hash;
+    hal_hmac_state_t *hmac;
+  } state;
+} handle_slot_t;
+
+#ifndef	HAL_STATIC_HASH_STATE_BLOCKS
+#define	HAL_STATIC_HASH_STATE_BLOCKS 0
+#endif
+
+#ifndef	HAL_STATIC_HMAC_STATE_BLOCKS
+#define	HAL_STATIC_HMAC_STATE_BLOCKS 0
+#endif
+
+#if HAL_STATIC_HASH_STATE_BLOCKS > 0
+static handle_slot_t hash_handle[HAL_STATIC_HASH_STATE_BLOCKS];
+#endif
+
+#if HAL_STATIC_HMAC_STATE_BLOCKS > 0
+static handle_slot_t hmac_handle[HAL_STATIC_HMAC_STATE_BLOCKS];
+#endif
+
+/*
+ * Handle allocation is simple: we look for an unused (state == NULL)
+ * slot in the appropriate table, and, assuming we find one, construct
+ * a composite handle consisting of a flag telling us which table this
+ * is, the index into the table, and a counter whose sole purpose is
+ * to keep the same handle from reoccurring anytime soon, to help
+ * identify use-after-free bugs in calling code.
+ */
+
+#define	HANDLE_FLAG_HMAC	0x80000000
+
+static inline handle_slot_t *alloc_handle(const int is_hmac)
+{
+#if HAL_STATIC_HASH_STATE_BLOCKS > 0 || HAL_STATIC_HMAC_STATE_BLOCKS > 0
+  static uint16_t next_glop = 0;
+  uint32_t glop = ++next_glop << 16;
+  next_glop %= 0x7FFF;
+#endif
+
+#if HAL_STATIC_HASH_STATE_BLOCKS > 0
+  if (!is_hmac) {
+    for (int i = 0; i < sizeof(hash_handle)/sizeof(*hash_handle); i++) {
+      if (hash_handle[i].state.hash == NULL) {
+        hash_handle[i].hash_handle.handle = i | glop;
+        return &hash_handle[i];
+      }
+    }
+  }
+#endif
+
+#if HAL_STATIC_HMAC_STATE_BLOCKS > 0
+  if (is_hmac) {
+    for (int i = 0; i < sizeof(hmac_handle)/sizeof(*hmac_handle); i++) {
+      if (hmac_handle[i].state.hmac == NULL) {
+        hmac_handle[i].hash_handle.handle = i | glop | HANDLE_FLAG_HMAC;
+        return &hmac_handle[i];
+      }
+    }
+  }
+#endif
+
+  return NULL;
+}
+
+/*
+ * Check a caller-supplied handle.  Must be in range, in use, and have
+ * the right glop.  Returns slot pointer on success, NULL otherwise.
+ */
+
+static inline handle_slot_t *find_handle(const hal_rpc_hash_handle_t handle)
+{
+#if HAL_STATIC_HASH_STATE_BLOCKS > 0 || HAL_STATIC_HMAC_STATE_BLOCKS > 0
+  const int i = (int) (handle.handle & 0xFFFF);
+  const int is_hmac = (handle.handle & HANDLE_FLAG_HMAC) != 0;
+#endif
+
+#if HAL_STATIC_HASH_STATE_BLOCKS > 0
+  if (!is_hmac && i < sizeof(hash_handle)/sizeof(*hash_handle) &&
+      hash_handle[i].hash_handle.handle == handle.handle && hash_handle[i].state.hash != NULL)
+    return &hash_handle[i];
+#endif
+
+#if HAL_STATIC_HASH_STATE_BLOCKS > 0
+  if (is_hmac && i < sizeof(hmac_handle)/sizeof(*hmac_handle) &&
+      hmac_handle[i].hash_handle.handle == handle.handle && hmac_handle[i].state.hmac != NULL)
+    return &hmac_handle[i];
+#endif
+
+  return NULL;
+}
+
+/*
+ * Translate an algorithm number to a descriptor.
+ */
+
+static inline const hal_hash_descriptor_t *alg_to_descriptor(const hal_digest_algorithm_t alg)
+{
+  switch (alg) {
+  case hal_digest_algorithm_sha1:       return hal_hash_sha1;
+  case hal_digest_algorithm_sha256:     return hal_hash_sha256;
+  case hal_digest_algorithm_sha512_224: return hal_hash_sha512_224;
+  case hal_digest_algorithm_sha512_256: return hal_hash_sha512_256;
+  case hal_digest_algorithm_sha384:     return hal_hash_sha384;
+  case hal_digest_algorithm_sha512:     return hal_hash_sha512;
+  default:                              return NULL;
+  }
+}
+
+/*
+ * Given a slot pointer, fetch the descriptor.
+ */
+
+static inline const hal_hash_descriptor_t *slot_to_descriptor(const handle_slot_t * const slot)
+{
+  if (slot == NULL)
+    return NULL;
+
+  if ((slot->hash_handle.handle & HANDLE_FLAG_HMAC) == 0)
+    return hal_hash_get_descriptor(slot->state.hash);
+  else
+    return hal_hmac_get_descriptor(slot->state.hmac);
+}
+
+/*
+ * Public API
+ */
+
+static hal_error_t get_digest_length(const hal_digest_algorithm_t alg, size_t *length)
+{
+  const hal_hash_descriptor_t * const d = alg_to_descriptor(alg);
+
+  if (d == NULL || length == NULL)
+    return HAL_ERROR_BAD_ARGUMENTS;
+
+  *length = d->digest_length;
+  return HAL_OK;
+}
+
+static hal_error_t get_digest_algorithm_id(const hal_digest_algorithm_t alg,
+                                           uint8_t *id, size_t *len, const size_t len_max)
+{
+  const hal_hash_descriptor_t * const d = alg_to_descriptor(alg);
+
+  if (d == NULL)
+    return HAL_ERROR_BAD_ARGUMENTS;
+
+  if (len != NULL)
+    *len = d->digest_algorithm_id_length;
+
+  if (id == NULL)
+    return HAL_OK;
+
+  if (len_max < d->digest_algorithm_id_length)
+    return HAL_ERROR_RESULT_TOO_LONG;
+
+  memcpy(id, d->digest_algorithm_id, d->digest_algorithm_id_length);
+  return HAL_OK;
+}
+
+static hal_error_t get_algorithm(const hal_rpc_hash_handle_t handle, hal_digest_algorithm_t *alg)
+{
+  handle_slot_t *slot = find_handle(handle);
+  const hal_hash_descriptor_t *descriptor = slot_to_descriptor(slot);
+
+  if (slot == NULL || alg == NULL)
+    return HAL_ERROR_BAD_ARGUMENTS;
+
+  if (descriptor == NULL)
+    return HAL_ERROR_IMPOSSIBLE;
+
+  *alg = descriptor->digest_algorithm;
+  return HAL_OK;
+}
+
+static hal_error_t initialize(const hal_rpc_client_handle_t client,
+                       const hal_rpc_session_handle_t session,
+                       hal_rpc_hash_handle_t *hash,
+                       const hal_digest_algorithm_t alg,
+                       const uint8_t * const key, const size_t key_len)
+{
+  const hal_hash_descriptor_t *descriptor;
+  handle_slot_t *slot;
+
+  if (hash == NULL)
+    return HAL_ERROR_BAD_ARGUMENTS;
+
+  if ((descriptor = alg_to_descriptor(alg)) == NULL)
+    return HAL_ERROR_BAD_ARGUMENTS;
+
+  if ((slot = alloc_handle(key != NULL)) == NULL)
+    return HAL_ERROR_ALLOCATION_FAILURE;
+
+  slot->client_handle  = client;
+  slot->session_handle = session;
+
+  if (key == NULL)
+    return hal_hash_initialize(NULL, descriptor, &slot->state.hash, NULL, 0);
+  else
+    return hal_hmac_initialize(NULL, descriptor, &slot->state.hmac, NULL, 0, key, key_len);
+}
+
+static hal_error_t update(const hal_rpc_hash_handle_t handle,
+                   const uint8_t * data, const size_t length)
+{
+  handle_slot_t *slot = find_handle(handle);
+
+  if (slot == NULL)
+    return HAL_ERROR_BAD_ARGUMENTS;
+
+  if ((handle.handle & HANDLE_FLAG_HMAC) == 0)
+    return hal_hash_update(slot->state.hash, data, length);
+  else
+    return hal_hmac_update(slot->state.hmac, data, length);
+}
+
+static hal_error_t finalize(const hal_rpc_hash_handle_t handle,
+                            uint8_t *digest, const size_t length)
+{
+  handle_slot_t *slot = find_handle(handle);
+  hal_error_t err;
+
+  if (slot == NULL)
+    return HAL_ERROR_BAD_ARGUMENTS;
+
+  if ((handle.handle & HANDLE_FLAG_HMAC) == 0) {
+    err = hal_hash_finalize(slot->state.hash, digest, length);
+    hal_hash_cleanup(&slot->state.hash);
+  }
+
+  else {
+    err = hal_hmac_finalize(slot->state.hmac, digest, length);
+    hal_hmac_cleanup(&slot->state.hmac);
+  }
+
+  return err;
+}
+
+const hal_rpc_hash_dispatch_t hal_rpc_remote_hash_dispatch = {
+  get_digest_length, get_digest_algorithm_id, get_algorithm, initialize, update, finalize
+};
+
+/*
+ * Local variables:
+ * indent-tabs-mode: nil
+ * End:
+ */
diff --git a/rpc_internal.h b/rpc_internal.h
index 73e79f7..b861ec7 100644
--- a/rpc_internal.h
+++ b/rpc_internal.h
@@ -93,17 +93,17 @@ typedef struct {
 
 typedef struct {
 
-  hal_error_t (*get_digest_length)(const hal_rpc_hash_alg_t alg, size_t *length);
+  hal_error_t (*get_digest_length)(const hal_digest_algorithm_t alg, size_t *length);
 
-  hal_error_t (*get_digest_algorithm_id)(const hal_rpc_hash_alg_t alg,
+  hal_error_t (*get_digest_algorithm_id)(const hal_digest_algorithm_t alg,
                                          uint8_t *id, size_t *len, const size_t len_max);
 
-  hal_error_t (*get_algorithm)(const hal_rpc_hash_handle_t hash, hal_rpc_hash_alg_t *alg);
+  hal_error_t (*get_algorithm)(const hal_rpc_hash_handle_t hash, hal_digest_algorithm_t *alg);
 
   hal_error_t (*initialize)(const hal_rpc_client_handle_t client,
                             const hal_rpc_session_handle_t session,
                             hal_rpc_hash_handle_t *hash,
-                            const hal_rpc_hash_alg_t alg,
+                            const hal_digest_algorithm_t alg,
                             const uint8_t * const key, const size_t key_length);
 
   hal_error_t (*update)(const hal_rpc_hash_handle_t hash,



More information about the Commits mailing list