[Cryptech-Commits] [sw/libhal] branch pymux updated: Add some comments for things I figured out while reviewing code.

git at cryptech.is git at cryptech.is
Tue Feb 14 04:21:24 UTC 2017


This is an automated email from the git hooks/post-receive script.

paul at psgd.org pushed a commit to branch pymux
in repository sw/libhal.

The following commit(s) were added to refs/heads/pymux by this push:
     new 33c843a  Add some comments for things I figured out while reviewing code.
33c843a is described below

commit 33c843ad457f8341b8a277e6d9481937d3925951
Author: Paul Selkirk <paul at psgd.org>
AuthorDate: Mon Feb 13 23:16:21 2017 -0500

    Add some comments for things I figured out while reviewing code.
---
 ks_attribute.c |  9 +++++++
 ks_flash.c     | 83 +++++++++++++++++++++++++++++++++++++++++++++++++++++-----
 ks_index.c     | 42 ++++++++++++++++++++++++-----
 rpc_pkey.c     |  3 ++-
 4 files changed, 123 insertions(+), 14 deletions(-)

diff --git a/ks_attribute.c b/ks_attribute.c
index 92e450d..ec674f5 100644
--- a/ks_attribute.c
+++ b/ks_attribute.c
@@ -120,11 +120,18 @@ hal_error_t hal_ks_attribute_delete(uint8_t *bytes, const size_t bytes_len,
   if (bytes == NULL || attributes == NULL || attributes_len == NULL || total_len == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
 
+  /*
+   * Search for attribute by type. Note that there can be only one
+   * attribute of any given type.
+   */
+
   int i = 0;
 
   while (i < *attributes_len && attributes[i].type != type)
     i++;
 
+  /* If not found, great, it's already deleted from the key. */
+
   if (i == *attributes_len)
     return HAL_OK;
 
@@ -152,6 +159,8 @@ hal_error_t hal_ks_attribute_insert(uint8_t *bytes, const size_t bytes_len,
       total_len == NULL || value == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
 
+  /* Delete the existing attribute value (if present), then write the new value. */
+
   hal_error_t err
     = hal_ks_attribute_delete(bytes, bytes_len, attributes, attributes_len, total_len, type);
 
diff --git a/ks_flash.c b/ks_flash.c
index c21d668..b9397f8 100644
--- a/ks_flash.c
+++ b/ks_flash.c
@@ -33,6 +33,15 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+/*
+ * This keystore driver operates over bare flash, versus over a flash file
+ * system or flash translation layer. The block size is large enough to
+ * hold an AES-keywrapped 4096-bit RSA key. Any remaining space in the key
+ * block may be used to store attributes (opaque TLV blobs). If the
+ * attributes overflow the key block, additional blocks may be added, but
+ * no attribute may exceed the block size.
+ */
+
 #include <stddef.h>
 #include <string.h>
 #include <assert.h>
@@ -312,7 +321,7 @@ static hal_crc32_t calculate_block_crc(const flash_block_t * const block)
 }
 
 /*
- * Calculate block offset.
+ * Calculate offset of the block in the flash address space.
  */
 
 static inline uint32_t block_offset(const unsigned blockno)
@@ -537,6 +546,11 @@ static hal_error_t block_update(const unsigned b1, flash_block_t *block,
 
   cache_mark_used(block, b2);
 
+  /*
+   * Erase the first block in the free list. In case of restart, this
+   * puts the block back at the head of the free list.
+   */
+
   return block_erase_maybe(db.ksi.index[db.ksi.used]);
 }
 
@@ -579,6 +593,12 @@ static hal_error_t ks_init(const hal_ks_driver_t * const driver, const int alloc
                   sizeof(*db.ksi.names) * NUM_FLASH_BLOCKS +
                   sizeof(*db.cache)     * KS_FLASH_CACHE_SIZE);
 
+    /*
+     * This is done as a single large allocation, rather than 3 smaller
+     * allocations, to make it atomic - we need all 3, so either all
+     * succeed or all fail.
+     */
+
     uint8_t *mem = hal_allocate_static_memory(len);
 
     if (mem == NULL) {
@@ -634,7 +654,7 @@ static hal_error_t ks_init(const hal_ks_driver_t * const driver, const int alloc
      * Read one block.  If the CRC is bad or the block type is
      * unknown, it's old data we don't understand, something we were
      * writing when we crashed, or bad flash; in any of these cases,
-     * we want the block to ends up near the end of the free list.
+     * we want the block to end up near the end of the free list.
      */
 
     err = block_read(i, block);
@@ -742,20 +762,22 @@ static hal_error_t ks_init(const hal_ks_driver_t * const driver, const int alloc
    *
    * For any tombstone we find, we start by looking for all the blocks
    * with a matching UUID, then see what valid sequences we can
-   * construct from what we found.
+   * construct from what we found. This basically works in reverse of
+   * the update sequence in ks_set_attributes().
    *
    * If we can construct a valid sequence of live blocks, the complete
-   * update was written out, and we just need to zero the tombstones.
+   * update was written out, and we just need to finish zeroing the
+   * tombstones.
    *
    * Otherwise, if we can construct a complete sequence of tombstone
    * blocks, the update failed before it was completely written, so we
    * have to zero the incomplete sequence of live blocks then restore
-   * from the tombstones.
+   * the tombstones.
    *
    * Otherwise, if the live and tombstone blocks taken together form a
    * valid sequence, the update failed while deprecating the old live
-   * blocks, and the update itself was not written, so we need to
-   * restore the tombstones and leave the live blocks alone.
+   * blocks, and none of the new data was written, so we need to restore
+   * the tombstones and leave the live blocks alone.
    *
    * If none of the above applies, we don't understand what happened,
    * which is a symptom of either a bug or a hardware failure more
@@ -775,11 +797,25 @@ static hal_error_t ks_init(const hal_ks_driver_t * const driver, const int alloc
     if ((err = hal_ks_index_find_range(&db.ksi, &name, 0, &n_blocks, NULL, &where, 0)) != HAL_OK)
       goto done;
 
+    /*
+     * hal_ks_index_find_range does a binary search, not a linear search,
+     * so it may not return the first instance of a block with the given
+     * name and chunk=0. Search backwards to make sure we have all chunks.
+     */
+
     while (where > 0 && !hal_uuid_cmp(&name, &db.ksi.names[db.ksi.index[where - 1]].name)) {
       where--;
       n_blocks++;
     }
 
+    /*
+     * Rather than calling hal_ks_index_find_range with an array pointer
+     * to get the list of matching blocks (because of the binary search
+     * issue), we're going to fondle the index directly. This is really
+     * not something to do in regular code, but this is error-recovery
+     * code.
+     */
+
     int live_ok = 1, tomb_ok = 1, join_ok = 1;
     unsigned n_live = 0, n_tomb = 0;
     unsigned i_live = 0, i_tomb = 0;
@@ -823,6 +859,12 @@ static hal_error_t ks_init(const hal_ks_driver_t * const driver, const int alloc
       goto done;
     }
 
+    /*
+     * If live_ok or tomb_ok, we have to zero out some blocks, and adjust
+     * the index. Again, don't fondle the index directly, outside of error
+     * recovery.
+     */
+
     if (live_ok) {
       for (int j = 0; j < n_tomb; j++) {
         const unsigned b = tomb_blocks[j];
@@ -861,6 +903,10 @@ static hal_error_t ks_init(const hal_ks_driver_t * const driver, const int alloc
       n_blocks = n_tomb;
     }
 
+    /*
+     * Restore tombstone blocks (tomb_ok or join_ok).
+     */
+
     for (int j = 0; j < n_blocks; j++) {
       int hint = where + j;
       unsigned b1 = db.ksi.index[hint], b2;
@@ -878,6 +924,10 @@ static hal_error_t ks_init(const hal_ks_driver_t * const driver, const int alloc
     }
   }
 
+  /*
+   * Fetch or create the PIN block.
+   */
+
   err = fetch_pin_block(NULL, &block);
 
   if (err == HAL_OK) {
@@ -1112,9 +1162,17 @@ static hal_error_t ks_delete(hal_ks_t *ks,
   hal_ks_lock();
 
   {
+    /*
+     * Get the count of blocks to delete.
+     */
+
     if ((err = hal_ks_index_delete_range(&db.ksi, &slot->name, 0, &n, NULL, &slot->hint)) != HAL_OK)
       goto done;
 
+    /*
+     * Then delete them.
+     */
+
     unsigned b[n];
 
     if ((err = hal_ks_index_delete_range(&db.ksi, &slot->name, n, NULL, b, &slot->hint)) != HAL_OK)
@@ -1123,10 +1181,19 @@ static hal_error_t ks_delete(hal_ks_t *ks,
     for (int i = 0; i < n; i++)
       cache_release(cache_find_block(b[i]));
 
+    /*
+     * Zero the blocks, to mark them as recently used.
+     */
+
     for (int i = 0; i < n; i++)
       if ((err = block_zero(b[i])) != HAL_OK)
         goto done;
 
+    /*
+     * Erase the first block in the free list. In case of restart, this
+     * puts the block back at the head of the free list.
+     */
+
     err = block_erase_maybe(db.ksi.index[db.ksi.used]);
   }
 
@@ -1455,6 +1522,8 @@ static  hal_error_t ks_set_attributes(hal_ks_t *ks,
 
     /*
      * Phase 0.2: Merge new attributes into updated_attributes[].
+     * For each new attribute type, mark any existing attributes of that
+     * type for deletion. Append new attributes to updated_attributes[].
      */
 
     for (int i = 0; i < attributes_len; i++) {
diff --git a/ks_index.c b/ks_index.c
index 0c12fcc..c47451c 100644
--- a/ks_index.c
+++ b/ks_index.c
@@ -55,8 +55,8 @@ static inline int ks_name_cmp(const hal_ks_name_t * const name1, const hal_ks_na
 }
 
 /*
- * Return value indicates whether the name is present in the index.
- * "where" indicates the name's position whether present or not.
+ * Find a block in the index, return true (found) or false (not found).
+ * "where" indicates the name's position, or the position of the first free block.
  *
  * NB: This does NOT return a block number, it returns an index into
  * ksi->index[].
@@ -145,6 +145,10 @@ static inline void ks_heapsort(hal_ks_index_t *ksi)
   }
 }
 
+/*
+ * Perform a consistency check on the index.
+ */
+
 #define fsck(_ksi) \
   do { hal_error_t _err = hal_ks_index_fsck(_ksi); if (_err != HAL_OK) return _err; } while (0)
 
@@ -179,16 +183,16 @@ hal_error_t hal_ks_index_fsck(hal_ks_index_t *ksi)
   return HAL_OK;
 }
 
+/*
+ * Set up the index. Only setup task we have at the moment is sorting the index.
+ */
+
 hal_error_t hal_ks_index_setup(hal_ks_index_t *ksi)
 {
   if (ksi == NULL || ksi->index == NULL || ksi->names == NULL ||
       ksi->size == 0 || ksi->used > ksi->size)
     return HAL_ERROR_BAD_ARGUMENTS;
 
-  /*
-   * Only setup task we have at the moment is sorting the index.
-   */
-
   ks_heapsort(ksi);
 
   /*
@@ -200,6 +204,10 @@ hal_error_t hal_ks_index_setup(hal_ks_index_t *ksi)
   return HAL_OK;
 }
 
+/*
+ * Find a single block by name and chunk number.
+ */
+
 hal_error_t hal_ks_index_find(hal_ks_index_t *ksi,
 			      const hal_uuid_t * const name,
                               const unsigned chunk,
@@ -225,6 +233,11 @@ hal_error_t hal_ks_index_find(hal_ks_index_t *ksi,
   return ok ? HAL_OK : HAL_ERROR_KEY_NOT_FOUND;
 }
 
+/*
+ * Find all blocks with the given name.
+ * If 'strict' is set, expect it to be a well-ordered set of chunks.
+ */
+
 hal_error_t hal_ks_index_find_range(hal_ks_index_t *ksi,
                                     const hal_uuid_t * const name,
                                     const unsigned max_blocks,
@@ -266,6 +279,10 @@ hal_error_t hal_ks_index_find_range(hal_ks_index_t *ksi,
   return HAL_OK;
 }
 
+/*
+ * Add a single block to the index.
+ */
+
 hal_error_t hal_ks_index_add(hal_ks_index_t *ksi,
 			     const hal_uuid_t * const name,
                              const unsigned chunk,
@@ -309,6 +326,10 @@ hal_error_t hal_ks_index_add(hal_ks_index_t *ksi,
   return HAL_OK;
 }
 
+/*
+ * Delete a single block from the index.
+ */
+
 hal_error_t hal_ks_index_delete(hal_ks_index_t *ksi,
 				const hal_uuid_t * const name,
                                 const unsigned chunk,
@@ -348,6 +369,11 @@ hal_error_t hal_ks_index_delete(hal_ks_index_t *ksi,
   return HAL_OK;
 }
 
+/*
+ * Delete all blocks with the given name. If blocknos is NULL, return a
+ * count of the matching blocks without deleting anything.
+ */
+
 hal_error_t hal_ks_index_delete_range(hal_ks_index_t *ksi,
                                       const hal_uuid_t * const name,
                                       const unsigned max_blocks,
@@ -404,6 +430,10 @@ hal_error_t hal_ks_index_delete_range(hal_ks_index_t *ksi,
   return HAL_OK;
 }
 
+/*
+ * Replace a single block in the index.
+ */
+
 hal_error_t hal_ks_index_replace(hal_ks_index_t *ksi,
                                  const hal_uuid_t * const name,
                                  const unsigned chunk,
diff --git a/rpc_pkey.c b/rpc_pkey.c
index c0a6479..ba75f7e 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -227,7 +227,8 @@ static inline hal_error_t ks_open_from_flags(hal_ks_t **ks, const hal_key_flags_
 }
 
 /*
- * Receive key from application, store it with supplied name, return a key handle.
+ * Receive key from application, generate a name (UUID), store it, and
+ * return a key handle and the name.
  */
 
 static hal_error_t pkey_local_load(const hal_client_handle_t client,

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the Commits mailing list