[Cryptech-Commits] [sw/libhal] 01/08: Goodbye ancient mmap()-based keystore.
git at cryptech.is
git at cryptech.is
Sun May 28 22:51:50 UTC 2017
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch ks9
in repository sw/libhal.
commit dc8c7d92118541bba8d6f76f75a5661416055fb8
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Tue May 23 00:57:29 2017 -0400
Goodbye ancient mmap()-based keystore.
The Novena-era mmap()-based keystore is far enough out of date that
it's not worth maintaining (and we haven't been doing so): if we ever
need one again, it would be easier to rewrite it from scratch.
---
Makefile | 16 +----
hal_internal.h | 5 +-
ks_mmap.c | 180 ---------------------------------------------------------
ks_volatile.c | 6 +-
4 files changed, 8 insertions(+), 199 deletions(-)
diff --git a/Makefile b/Makefile
index 829c895..5ba5d32 100644
--- a/Makefile
+++ b/Makefile
@@ -41,10 +41,9 @@ LIB = libhal.a
# Error checking on known control options, some of which allow the user entirely too much rope.
-USAGE := "usage: ${MAKE} [IO_BUS=eim|i2c|fmc] [RPC_MODE=none|server|client-simple|client-mixed] [KS=mmap|flash] [RPC_TRANSPORT=none|loopback|serial|daemon] [MODEXP_CORE=no|yes] [HASH_CORES=no|yes] [ECDSA_CORES=no|yes]"
+USAGE := "usage: ${MAKE} [IO_BUS=eim|i2c|fmc] [RPC_MODE=none|server|client-simple|client-mixed] [RPC_TRANSPORT=none|loopback|serial|daemon] [MODEXP_CORE=no|yes] [HASH_CORES=no|yes] [ECDSA_CORES=no|yes]"
IO_BUS ?= none
-KS ?= flash
RPC_MODE ?= none
RPC_TRANSPORT ?= none
MODEXP_CORE ?= yes
@@ -54,7 +53,6 @@ ECDSA_CORES ?= yes
ifeq (,$(and \
$(filter none eim i2c fmc ,${IO_BUS}),\
$(filter none server client-simple client-mixed ,${RPC_MODE}),\
- $(filter mmap flash ,${KS}),\
$(filter none loopback serial daemon ,${RPC_TRANSPORT}),\
$(filter no yes ,${MODEXP_CORE}),\
$(filter no yes ,${HASH_CORES}),\
@@ -62,7 +60,7 @@ ifeq (,$(and \
$(error ${USAGE})
endif
-$(info Building libhal with configuration IO_BUS=${IO_BUS} RPC_MODE=${RPC_MODE} KS=${KS} RPC_TRANSPORT=${RPC_TRANSPORT} MODEXP_CORE=${MODEXP_CORE} HASH_CORES=${HASH_CORES} ECDSA_CORES=${ECDSA_CORES})
+$(info Building libhal with configuration IO_BUS=${IO_BUS} RPC_MODE=${RPC_MODE} RPC_TRANSPORT=${RPC_TRANSPORT} MODEXP_CORE=${MODEXP_CORE} HASH_CORES=${HASH_CORES} ECDSA_CORES=${ECDSA_CORES})
# Whether the RSA code should use the ModExp | ModExpS6 | ModExpA7 core.
@@ -138,16 +136,8 @@ endif
# In the new world, all keystores are on the server side, and the
# volatile keystore is always present, to support things like PKCS #11
# "session" objects.
-#
-# The mmap keystore hasn't been rewritten for the new API yet.
-
-KS_OBJ = ks_index.o ks_attribute.o ks_volatile.o
-ifeq "${KS}" "mmap"
- KS_OBJ += ks_mmap.o
-else ifeq "${KS}" "flash"
- KS_OBJ += ks_flash.o mkm.o
-endif
+KS_OBJ = ks_index.o ks_attribute.o ks_volatile.o ks_flash.o mkm.o
# RPC_MODE = none | server | client-simple | client-mixed
# none: Build without RPC client, use cores directly.
diff --git a/hal_internal.h b/hal_internal.h
index aa31585..eee2eab 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -689,9 +689,8 @@ static inline hal_error_t hal_ks_get_attributes(hal_ks_t *ks,
/*
* Keystore index. This is intended to be usable by both memory-based
- * (in-memory, mmap(), ...) keystores and keystores based on raw flash.
- * Some of the features aren't really necessary for memory-based keystores,
- * but should be harmless.
+ * and flash-based keystores. Some of the features aren't really
+ * necessary for memory-based keystores, but should be harmless.
*
* General approach is multiple arrays, all but one of which are
* indexed by "block" numbers, where a block number might be a slot in
diff --git a/ks_mmap.c b/ks_mmap.c
deleted file mode 100644
index 066e93e..0000000
--- a/ks_mmap.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * ks_mmap.c
- * ---------
- * Keystore implementation over POSIX mmap().
- *
- * Authors: Rob Austein
- * Copyright (c) 2015, NORDUnet A/S All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are
- * met:
- * - Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * - Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * - Neither the name of the NORDUnet nor the names of its contributors may
- * be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
- * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
- * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <unistd.h>
-#include <fcntl.h>
-#include <sys/mman.h>
-#include <string.h>
-#include <sys/errno.h>
-#include <unistd.h>
-
-#include "hal.h"
-#include "hal_internal.h"
-
-#ifndef HAL_KS_MMAP_FILE
-#define HAL_KS_MMAP_FILE ".cryptech_hal_keystore"
-#endif
-
-#ifndef MAP_FILE
-#define MAP_FILE 0
-#endif
-
-/*
- * Storing the KEK in with the keys it's protecting is a bad idea, but we have no better
- * place to put it (real protection requires dedicated hardware, which we don't have here).
- */
-
-#define KEKBUF_LEN (bitsToBytes(256))
-
-static hal_ks_keydb_t *db;
-static uint8_t *kekbuf;
-
-const hal_ks_keydb_t *hal_ks_get_keydb(void)
-{
- if (db != NULL)
- return db;
-
- const char * const env = getenv("CRYPTECH_KEYSTORE");
- const char * const home = getenv("HOME");
- const char * const base = HAL_KS_MMAP_FILE;
- const long pagemask = sysconf(_SC_PAGESIZE) - 1;
- const size_t len = (sizeof(hal_ks_keydb_t) + KEKBUF_LEN + pagemask) & ~pagemask;
-
- char fn_[strlen(base) + (home == NULL ? 0 : strlen(home)) + 2];
- const char *fn = fn_;
- int fd;
-
- if (pagemask < 0)
- return NULL;
-
- if (env != NULL)
- fn = env;
- else if (home == NULL)
- fn = base;
- else
- strcat(strcat(strcpy(fn_, home), "/"), base);
-
- if ((fd = open(fn, O_RDWR | O_CREAT | O_EXCL, 0600)) >= 0) {
- uint8_t zeros[len];
- memset(zeros, 0, sizeof(zeros));
- (void) write(fd, zeros, sizeof(zeros));
- }
- else if (errno == EEXIST) {
- fd = open(fn, O_RDWR | O_CREAT, 0600);
- }
-
- if (fd >= 0 && (db = mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_FILE | MAP_SHARED, fd, 0)) != NULL)
- kekbuf = (uint8_t *) (db + 1);
-
- (void) close(fd);
-
- return db;
-}
-
-hal_error_t hal_ks_set_keydb(const hal_ks_key_t * const key,
- const int loc,
- const int updating)
-{
- if (key == NULL || loc < 0 || loc >= sizeof(db->keys)/sizeof(*db->keys) || (!key->in_use != !updating))
- return HAL_ERROR_BAD_ARGUMENTS;
-
- db->keys[loc] = *key;
- db->keys[loc].in_use = 1;
- return HAL_OK;
-}
-
-hal_error_t hal_ks_del_keydb(const int loc)
-{
- if (loc < 0 || loc >= sizeof(db->keys)/sizeof(*db->keys))
- return HAL_ERROR_BAD_ARGUMENTS;
-
- db->keys[loc].in_use = 0;
- memset(&db->keys[loc], 0, sizeof(db->keys[loc]));
- return HAL_OK;
-}
-
-hal_error_t hal_set_pin(const hal_user_t user,
- const hal_ks_pin_t * const pin)
-{
- if (pin == NULL)
- return HAL_ERROR_BAD_ARGUMENTS;
-
- hal_ks_pin_t *p = NULL;
-
- switch (user) {
- case HAL_USER_WHEEL: p = &db->wheel_pin; break;
- case HAL_USER_SO: p = &db->so_pin; break;
- case HAL_USER_NORMAL: p = &db->user_pin; break;
- default: return HAL_ERROR_BAD_ARGUMENTS;
- }
-
- *p = *pin;
- return HAL_OK;
-}
-
-hal_error_t hal_mkm_get_kek(uint8_t *kek,
- size_t *kek_len,
- const size_t kek_max)
-{
- if (kek == NULL || kek_len == NULL || kek_max < bitsToBytes(128))
- return HAL_ERROR_BAD_ARGUMENTS;
-
- if (kekbuf == NULL)
- return HAL_ERROR_IMPOSSIBLE;
-
- hal_error_t err;
-
- const size_t len = ((kek_max < bitsToBytes(192)) ? bitsToBytes(128) :
- (kek_max < bitsToBytes(256)) ? bitsToBytes(192) :
- bitsToBytes(256));
-
- uint8_t t = 0;
-
- for (int i = 0; i < KEKBUF_LEN; i++)
- t |= kekbuf[i];
-
- if (t == 0 && (err = hal_rpc_get_random(kekbuf, sizeof(KEKBUF_LEN))) != HAL_OK)
- return err;
-
- memcpy(kek, kekbuf, len);
- *kek_len = len;
- return HAL_OK;
-}
-
-/*
- * Local variables:
- * indent-tabs-mode: nil
- * End:
- */
diff --git a/ks_volatile.c b/ks_volatile.c
index 2dcb599..515a8e8 100644
--- a/ks_volatile.c
+++ b/ks_volatile.c
@@ -53,9 +53,9 @@
#endif
/*
- * In-memory keystore database. This should also be usable for
- * mmap(), if and when we get around to rewriting that driver (and in
- * which case this driver probably ought to be renamed ks_memory).
+ * In-memory keystore database. This is a bit more complicated than
+ * necessary because originally I though we would want to continue
+ * supporting an mmap()-based keystore as well. Needs cleaning up.
*/
typedef struct {
More information about the Commits
mailing list