[Cryptech-Commits] [sw/libhal] 01/12: New keystore index internal API. Compiles, not yet integrated or tested.

git at cryptech.is git at cryptech.is
Fri Sep 16 19:53:09 UTC 2016


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch ksng
in repository sw/libhal.

commit 97ee7df6092551774b4c112a0349a25e76a684f3
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Thu Sep 8 19:34:07 2016 -0400

    New keystore index internal API.  Compiles, not yet integrated or tested.
---
 Makefile       |   2 +-
 hal_internal.h |  96 +++++++++++++++++++++++--
 ks.c           |   4 +-
 ks_flash.c     |   8 +--
 ks_index.c     | 222 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 ks_mmap.c      |   4 +-
 rpc_misc.c     |   6 +-
 7 files changed, 326 insertions(+), 16 deletions(-)

diff --git a/Makefile b/Makefile
index 26030db..a246828 100644
--- a/Makefile
+++ b/Makefile
@@ -118,7 +118,7 @@ endif
 #
 # The mmap keystore hasn't been rewritten for the new API yet.
 
-KS_OBJ = ks_volatile.o
+KS_OBJ = ks_index.o ks_volatile.o
 
 ifeq "${KS}" "mmap"
   KS_OBJ += ks_mmap.o
diff --git a/hal_internal.h b/hal_internal.h
index ef00328..dcf532f 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -304,6 +304,12 @@ extern hal_error_t hal_uuid_format(const hal_uuid_t * const uuid, char *buffer,
 #define HAL_KS_WRAPPED_KEYSIZE  ((4655 + 15) & ~7)
 
 /*
+ * hal_ks_key_t probably should not be here, or perhaps even exist at
+ * all, since it's really a relic of an older design from before we
+ * understood how the keystore flash fit into this picture.  Leaving
+ * it in place for now, but expect it to go away once the new ks_index
+ * stuff is ready to use.
+ *
  * This struct is ordered such that all metadata appears before the
  * big buffers, in order for all metadata to be loaded with a single
  * page read from e.g. the ks_flash module.
@@ -488,17 +494,99 @@ static inline hal_error_t hal_ks_list(hal_ks_t *ks,
 }
 
 /*
+ * Keystore index.  This is intended to be usable by both memory-based
+ * (in-memory, mmap(), ...) keystores and keystores based on raw flash.
+ * Some of the features aren't really necessary for memory-based keystores,
+ * but should be harmless.
+ *
+ * General approach is multiple arrays, all but one of which are
+ * indexed by "block" numbers, where a block number might be a slot in
+ * yet another static array, the number of a flash sub-sector, or
+ * whatever is the appropriate unit for holding one keystore record.
+ *
+ * The index array contains nothing but flags and block numbers, and
+ * is deliberately a small data structure so that moving data around
+ * within it is relatively cheap.
+ *
+ * The index array is divided into two portions: the index proper, and
+ * the free queue.  The index proper is ordered according to the names
+ * (UUIDs) of the corresponding blocks; the free queue is a FIFO, to
+ * support a simplistic form of wear leveling in flash-based keystores.
+ *
+ * Key names are kept in a separate array, indexed by block number.
+ *
+ * The all-ones UUID, which (by definition) cannot be a valid key
+ * UUID, is reserved for the (non-key) block used to stash PINs and
+ * other small data which aren't really part of the keystore proper
+ * but are kept with it because the keystore is the flash we have.
+ *
+ * At the moment, this design leaves no room for "continuation" blocks
+ * (additional blocks for keys so large that they won't fit in a
+ * single flash sub-sector, or whatever).  Not sure we need that, but
+ * if we do, adding it would be fairly simple: change the keyname
+ * array to be an array of two-element structures, the first of which
+ * is the name UUID, the second of which is the offset within the
+ * series of blocks sharing that name (usually just one block, so the
+ * offset would usually just be zero).  Implement that if and when we
+ * need it.
+ *
+ * Note that this API deliberately says nothing about how the keys
+ * themselves are stored, that's up to the keystore driver.  This
+ * portion of the API is only concerned with allocation and naming.
+ */
+
+typedef struct {
+  unsigned size;                /* Array length */
+  unsigned used;                /* How many blocks are in use */
+  uint16_t *index;              /* Index/freelist array */
+  hal_uuid_t *names;            /* Keyname array */
+} hal_ks_index_t;
+
+/*
+ * Finish setting up key index.  Caller must populate index, free
+ * list, and name array.
+ *
+ * This function checks a few things then sorts the index proper.
+ *
+ * If driver cares about wear leveling, driver must supply the free
+ * list in the desired order (FIFO); figuring out what that order is a
+ * problem for the keystore driver.
+ */
+extern hal_error_t hal_ks_index_setup(hal_ks_index_t *ksi);
+
+/*
+ * Find a key block, return its block number.
+ */
+extern hal_error_t hal_ks_index_find(hal_ks_index_t *ksi,
+                                     const hal_uuid_t * const name,
+                                     unsigned *blockno);
+
+/*
+ * Add a key block, return its block number.
+ */
+extern hal_error_t hal_ks_index_add(hal_ks_index_t *ksi,
+                                    const hal_uuid_t * const name,
+                                    unsigned *blockno);
+
+/*
+ * Delete a key block, returns its block number (driver may need it).
+ */
+extern hal_error_t hal_ks_index_delete(hal_ks_index_t *ksi,
+                                       const hal_uuid_t * const name,
+                                       unsigned *blockno);
+
+/*
  * This stuff might want renaming, eg, to hal_pin_*().
  */
 
 extern hal_error_t hal_set_pin_default_iterations(const hal_client_handle_t client,
                                                   const uint32_t iterations);
 
-extern hal_error_t hal_ks_get_pin(const hal_user_t user,
-                                  const hal_ks_pin_t **pin);
+extern hal_error_t hal_get_pin(const hal_user_t user,
+                               const hal_ks_pin_t **pin);
 
-extern hal_error_t hal_ks_set_pin(const hal_user_t user,
-                                  const hal_ks_pin_t * const pin);
+extern hal_error_t hal_set_pin(const hal_user_t user,
+                               const hal_ks_pin_t * const pin);
 
 /*
  * RPC lowest-level send and receive routines. These are blocking, and
diff --git a/ks.c b/ks.c
index 8510dc3..a2c0f3c 100644
--- a/ks.c
+++ b/ks.c
@@ -353,8 +353,8 @@ hal_error_t hal_ks_list(hal_pkey_info_t *result,
   return HAL_OK;
 }
 
-hal_error_t hal_ks_get_pin(const hal_user_t user,
-                           const hal_ks_pin_t **pin)
+hal_error_t hal_get_pin(const hal_user_t user,
+                        const hal_ks_pin_t **pin)
 {
   if (pin == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
diff --git a/ks_flash.c b/ks_flash.c
index 5d0baaf..c3d12aa 100644
--- a/ks_flash.c
+++ b/ks_flash.c
@@ -519,8 +519,8 @@ const hal_ks_driver_t hal_ks_token_driver[1] = {{
  * because it's the flash we've got.
  */
 
-hal_error_t hal_ks_get_pin(const hal_user_t user,
-                           const hal_ks_pin_t **pin)
+hal_error_t hal_get_pin(const hal_user_t user,
+                        const hal_ks_pin_t **pin)
 {
   if (pin == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
@@ -560,8 +560,8 @@ hal_error_t hal_ks_get_pin(const hal_user_t user,
   return LIBHAL_OK;
 }
 
-hal_error_t hal_ks_set_pin(const hal_user_t user,
-                           const hal_ks_pin_t * const pin)
+hal_error_t hal_set_pin(const hal_user_t user,
+                        const hal_ks_pin_t * const pin)
 {
   uint32_t active_sector_offset;
 
diff --git a/ks_index.c b/ks_index.c
new file mode 100644
index 0000000..eb6ff10
--- /dev/null
+++ b/ks_index.c
@@ -0,0 +1,222 @@
+/*
+ * ks_index.c
+ * ----------
+ * Keystore index API.  This is internal within libhal.
+ *
+ * Copyright (c) 2016, NORDUnet A/S All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * - Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of the NORDUnet nor the names of its contributors may
+ *   be used to endorse or promote products derived from this software
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+#include <assert.h>
+
+#include "hal.h"
+#include "hal_internal.h"
+
+/*
+ * Return value indicates whether the name is present in the index.
+ * "where" indicates the name's position whether present or not.
+ *
+ * NB: this does NOT return a block number, it returns an index into
+ * ksi->index[].
+ */
+
+static int ks_find(const hal_ks_index_t * const ksi,
+		   const hal_uuid_t * const name,
+		   int *where)
+{
+  assert(ksi != NULL && ksi->index != NULL && ksi->names != NULL && name != NULL && where != NULL);
+
+  int lo = -1;
+  int hi = ksi->used;
+
+  for (;;) {
+    int m = (lo + hi) / 2;
+    if (m == lo) {
+      *where = hi;
+      return 0;
+    }
+    const int cmp = hal_uuid_cmp(name, &ksi->names[ksi->index[m]]);
+    if (cmp < 0)
+      hi = m;
+    else if (cmp > 0)
+      lo = m;
+    else {
+      *where = m;
+      return 1;
+    }
+  }
+}
+
+/*
+ * Heapsort the index.  We only need to do this on setup, for other
+ * operations we're just inserting or deleting a single entry in an
+ * already-ordered array, which is just a search problem.  If we were
+ * really crunched for space, we could use an insertion sort here, but
+ * heapsort is easy and works well with data already in place.
+ */
+
+static inline void ks_heapsift(hal_ks_index_t *ksi, int parent, const int end)
+{
+  assert(ksi != NULL && ksi->index != NULL && ksi->names != NULL &&
+	 parent >= 0 && end >= parent);
+  for (;;) {
+    const int left_child  = parent * 2 + 1;
+    const int right_child = parent * 2 + 2;
+    int biggest = parent;
+    if (left_child  <= end && hal_uuid_cmp(&ksi->names[ksi->index[biggest]],
+					   &ksi->names[ksi->index[left_child]])  < 0)
+      biggest = left_child;
+    if (right_child <= end && hal_uuid_cmp(&ksi->names[ksi->index[biggest]],
+					   &ksi->names[ksi->index[right_child]]) < 0)
+      biggest = right_child;
+    if (biggest == parent)
+      return;
+    const uint16_t tmp  = ksi->index[biggest];
+    ksi->index[biggest] = ksi->index[parent];
+    ksi->index[parent] = tmp;
+    parent = biggest;
+  }
+}
+
+static inline void ks_heapsort(hal_ks_index_t *ksi)
+{
+  assert(ksi != NULL && ksi->index != NULL && ksi->names != NULL);
+  if (ksi->used < 2)
+    return;
+  for (int i = (ksi->used - 2) / 2; i >= 0; i--)
+    ks_heapsift(ksi, i, ksi->used - 1);
+  for (int i = ksi->used - 1; i > 0; i--) {
+    const uint16_t tmp = ksi->index[i];
+    ksi->index[i]      = ksi->index[0];
+    ksi->index[0]      = tmp;
+    ks_heapsift(ksi, 0, i);
+  }
+}
+
+hal_error_t hal_ks_index_setup(hal_ks_index_t *ksi)
+{
+  if (ksi == NULL || ksi->index == NULL || ksi->names == NULL ||
+      ksi->size == 0 || ksi->used > ksi->size)
+    return HAL_ERROR_BAD_ARGUMENTS;
+
+  /*
+   * Only setup task we have at the moment is sorting the index.
+   */
+
+  ks_heapsort(ksi);
+  return HAL_OK;
+}
+
+hal_error_t hal_ks_index_find(hal_ks_index_t *ksi,
+			      const hal_uuid_t * const name,
+			      unsigned *blockno)
+{
+  if (ksi == NULL || ksi->index == NULL || ksi->names == NULL ||
+      ksi->size == 0 || ksi->used > ksi->size || name == NULL)
+    return HAL_ERROR_BAD_ARGUMENTS;
+
+  int where;
+
+  if (!ks_find(ksi, name, &where))
+    return HAL_ERROR_KEY_NOT_FOUND;
+
+  if (blockno != NULL)
+    *blockno = ksi->index[where];
+
+  return HAL_OK;
+}
+
+hal_error_t hal_ks_index_add(hal_ks_index_t *ksi,
+			     const hal_uuid_t * const name,
+			     unsigned *blockno)
+{
+  if (ksi == NULL || ksi->index == NULL || ksi->names == NULL ||
+      ksi->size == 0 || ksi->used > ksi->size || name == NULL)
+    return HAL_ERROR_BAD_ARGUMENTS;
+
+  if (ksi->used == ksi->size)
+    return HAL_ERROR_NO_KEY_SLOTS_AVAILABLE;
+
+  int where;
+
+  if (ks_find(ksi, name, &where))
+    return HAL_ERROR_KEY_NAME_IN_USE;
+
+  /*
+   * Grab first block on free list, which makes room to slide the
+   * index down by one slot so we can insert the new block number.
+   */
+
+  const size_t len = (ksi->used - where) * sizeof(*ksi->index);
+  const uint16_t b = ksi->index[ksi->used++];
+  memmove(&ksi->index[where + 1], &ksi->index[where], len);
+  ksi->index[where] = b;
+  ksi->names[b] = *name;
+
+  if (blockno != NULL)
+    *blockno = b;
+
+  return HAL_OK;
+}
+
+hal_error_t hal_ks_index_delete(hal_ks_index_t *ksi,
+				const hal_uuid_t * const name,
+				unsigned *blockno)
+{
+  if (ksi == NULL || ksi->index == NULL || ksi->names == NULL ||
+      ksi->size == 0 || ksi->used > ksi->size || name == NULL)
+    return HAL_ERROR_BAD_ARGUMENTS;
+
+  int where;
+
+  if (ksi->used == 0 || !ks_find(ksi, name, &where))
+    return HAL_ERROR_KEY_NOT_FOUND;
+
+  /*
+   * Free the block and stuff it at the end of the free list.
+   */
+
+  const size_t len = (ksi->size - where - 1) * sizeof(*ksi->index);
+  const uint16_t b = ksi->index[where];
+  memmove(&ksi->index[where], &ksi->index[where + 1], len);
+  ksi->index[ksi->size - 1] = b;
+  ksi->used--;
+  memset(&ksi->names[b], 0, sizeof(ksi->names[b]));
+
+  if (blockno != NULL)
+    *blockno = b;
+
+  return HAL_OK;
+}
+
+/*
+ * Local variables:
+ * indent-tabs-mode: nil
+ * End:
+ */
diff --git a/ks_mmap.c b/ks_mmap.c
index e158e13..6d9ac6f 100644
--- a/ks_mmap.c
+++ b/ks_mmap.c
@@ -125,8 +125,8 @@ hal_error_t hal_ks_del_keydb(const int loc)
   return HAL_OK;
 }
 
-hal_error_t hal_ks_set_pin(const hal_user_t user,
-                           const hal_ks_pin_t * const pin)
+hal_error_t hal_set_pin(const hal_user_t user,
+                        const hal_ks_pin_t * const pin)
 {
   if (pin == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
diff --git a/rpc_misc.c b/rpc_misc.c
index 1902b71..c3ff44c 100644
--- a/rpc_misc.c
+++ b/rpc_misc.c
@@ -133,7 +133,7 @@ static hal_error_t login(const hal_client_handle_t client,
   const hal_ks_pin_t *p;
   hal_error_t err;
 
-  if ((err = hal_ks_get_pin(user, &p)) != HAL_OK)
+  if ((err = hal_get_pin(user, &p)) != HAL_OK)
     return err;
 
   uint8_t buf[sizeof(p->pin)];
@@ -207,7 +207,7 @@ static hal_error_t set_pin(const hal_client_handle_t client,
   const hal_ks_pin_t *pp;
   hal_error_t err;
 
-  if ((err = hal_ks_get_pin(user, &pp)) != HAL_OK)
+  if ((err = hal_get_pin(user, &pp)) != HAL_OK)
     return err;
 
   hal_ks_pin_t p = *pp;
@@ -219,7 +219,7 @@ static hal_error_t set_pin(const hal_client_handle_t client,
                         (const uint8_t *) newpin, newpin_len,
                         p.salt, sizeof(p.salt),
                         p.pin,  sizeof(p.pin), p.iterations))   != HAL_OK ||
-      (err = hal_ks_set_pin(user, &p))                          != HAL_OK)
+      (err = hal_set_pin(user, &p))                             != HAL_OK)
     return err;
 
   return HAL_OK;



More information about the Commits mailing list