[Cryptech-Commits] [sw/libhal] 01/08: Goodbye ancient mmap()-based keystore.

git at cryptech.is git at cryptech.is
Sun May 28 22:51:50 UTC 2017


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch ks9
in repository sw/libhal.

commit dc8c7d92118541bba8d6f76f75a5661416055fb8
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Tue May 23 00:57:29 2017 -0400

    Goodbye ancient mmap()-based keystore.
    
    The Novena-era mmap()-based keystore is far enough out of date that
    it's not worth maintaining (and we haven't been doing so): if we ever
    need one again, it would be easier to rewrite it from scratch.
---
 Makefile       |  16 +----
 hal_internal.h |   5 +-
 ks_mmap.c      | 180 ---------------------------------------------------------
 ks_volatile.c  |   6 +-
 4 files changed, 8 insertions(+), 199 deletions(-)

diff --git a/Makefile b/Makefile
index 829c895..5ba5d32 100644
--- a/Makefile
+++ b/Makefile
@@ -41,10 +41,9 @@ LIB		= libhal.a
 
 # Error checking on known control options, some of which allow the user entirely too much rope.
 
-USAGE := "usage: ${MAKE} [IO_BUS=eim|i2c|fmc] [RPC_MODE=none|server|client-simple|client-mixed] [KS=mmap|flash] [RPC_TRANSPORT=none|loopback|serial|daemon] [MODEXP_CORE=no|yes] [HASH_CORES=no|yes] [ECDSA_CORES=no|yes]"
+USAGE := "usage: ${MAKE} [IO_BUS=eim|i2c|fmc] [RPC_MODE=none|server|client-simple|client-mixed] [RPC_TRANSPORT=none|loopback|serial|daemon] [MODEXP_CORE=no|yes] [HASH_CORES=no|yes] [ECDSA_CORES=no|yes]"
 
 IO_BUS		?= none
-KS		?= flash
 RPC_MODE	?= none
 RPC_TRANSPORT	?= none
 MODEXP_CORE	?= yes
@@ -54,7 +53,6 @@ ECDSA_CORES	?= yes
 ifeq (,$(and \
 	$(filter	none eim i2c fmc			,${IO_BUS}),\
 	$(filter	none server client-simple client-mixed	,${RPC_MODE}),\
-	$(filter	mmap flash				,${KS}),\
 	$(filter	none loopback serial daemon		,${RPC_TRANSPORT}),\
 	$(filter	no yes					,${MODEXP_CORE}),\
 	$(filter	no yes					,${HASH_CORES}),\
@@ -62,7 +60,7 @@ ifeq (,$(and \
   $(error ${USAGE})
 endif
 
-$(info Building libhal with configuration IO_BUS=${IO_BUS} RPC_MODE=${RPC_MODE} KS=${KS} RPC_TRANSPORT=${RPC_TRANSPORT} MODEXP_CORE=${MODEXP_CORE} HASH_CORES=${HASH_CORES} ECDSA_CORES=${ECDSA_CORES})
+$(info Building libhal with configuration IO_BUS=${IO_BUS} RPC_MODE=${RPC_MODE} RPC_TRANSPORT=${RPC_TRANSPORT} MODEXP_CORE=${MODEXP_CORE} HASH_CORES=${HASH_CORES} ECDSA_CORES=${ECDSA_CORES})
 
 # Whether the RSA code should use the ModExp | ModExpS6 | ModExpA7 core.
 
@@ -138,16 +136,8 @@ endif
 # In the new world, all keystores are on the server side, and the
 # volatile keystore is always present, to support things like PKCS #11
 # "session" objects.
-#
-# The mmap keystore hasn't been rewritten for the new API yet.
-
-KS_OBJ = ks_index.o ks_attribute.o ks_volatile.o
 
-ifeq "${KS}" "mmap"
-  KS_OBJ += ks_mmap.o
-else ifeq "${KS}" "flash"
-  KS_OBJ += ks_flash.o mkm.o
-endif
+KS_OBJ = ks_index.o ks_attribute.o ks_volatile.o ks_flash.o mkm.o
 
 # RPC_MODE = none | server | client-simple | client-mixed
 #   none:		Build without RPC client, use cores directly.
diff --git a/hal_internal.h b/hal_internal.h
index aa31585..eee2eab 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -689,9 +689,8 @@ static inline hal_error_t hal_ks_get_attributes(hal_ks_t *ks,
 
 /*
  * Keystore index.  This is intended to be usable by both memory-based
- * (in-memory, mmap(), ...) keystores and keystores based on raw flash.
- * Some of the features aren't really necessary for memory-based keystores,
- * but should be harmless.
+ * and flash-based keystores.  Some of the features aren't really
+ * necessary for memory-based keystores, but should be harmless.
  *
  * General approach is multiple arrays, all but one of which are
  * indexed by "block" numbers, where a block number might be a slot in
diff --git a/ks_mmap.c b/ks_mmap.c
deleted file mode 100644
index 066e93e..0000000
--- a/ks_mmap.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * ks_mmap.c
- * ---------
- * Keystore implementation over POSIX mmap().
- *
- * Authors: Rob Austein
- * Copyright (c) 2015, NORDUnet A/S All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are
- * met:
- * - Redistributions of source code must retain the above copyright notice,
- *   this list of conditions and the following disclaimer.
- *
- * - Redistributions in binary form must reproduce the above copyright
- *   notice, this list of conditions and the following disclaimer in the
- *   documentation and/or other materials provided with the distribution.
- *
- * - Neither the name of the NORDUnet nor the names of its contributors may
- *   be used to endorse or promote products derived from this software
- *   without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
- * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
- * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <unistd.h>
-#include <fcntl.h>
-#include <sys/mman.h>
-#include <string.h>
-#include <sys/errno.h>
-#include <unistd.h>
-
-#include "hal.h"
-#include "hal_internal.h"
-
-#ifndef HAL_KS_MMAP_FILE
-#define HAL_KS_MMAP_FILE ".cryptech_hal_keystore"
-#endif
-
-#ifndef MAP_FILE
-#define MAP_FILE 0
-#endif
-
-/*
- * Storing the KEK in with the keys it's protecting is a bad idea, but we have no better
- * place to put it (real protection requires dedicated hardware, which we don't have here).
- */
-
-#define KEKBUF_LEN (bitsToBytes(256))
-
-static hal_ks_keydb_t *db;
-static uint8_t *kekbuf;
-
-const hal_ks_keydb_t *hal_ks_get_keydb(void)
-{
-  if (db != NULL)
-    return db;
-
-  const char * const env  = getenv("CRYPTECH_KEYSTORE");
-  const char * const home = getenv("HOME");
-  const char * const base = HAL_KS_MMAP_FILE;
-  const long pagemask = sysconf(_SC_PAGESIZE) - 1;
-  const size_t len = (sizeof(hal_ks_keydb_t) + KEKBUF_LEN + pagemask) & ~pagemask;
-
-  char fn_[strlen(base) + (home == NULL ? 0 : strlen(home)) + 2];
-  const char *fn = fn_;
-  int fd;
-
-  if (pagemask < 0)
-    return NULL;
-
-  if (env != NULL)
-    fn = env;
-  else if (home == NULL)
-    fn = base;
-  else
-    strcat(strcat(strcpy(fn_, home), "/"), base);
-
-  if ((fd = open(fn, O_RDWR | O_CREAT | O_EXCL, 0600)) >= 0) {
-    uint8_t zeros[len];
-    memset(zeros, 0, sizeof(zeros));
-    (void) write(fd, zeros, sizeof(zeros));
-  }
-  else if (errno == EEXIST) {
-    fd = open(fn, O_RDWR | O_CREAT, 0600);
-  }
-
-  if (fd >= 0 && (db = mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_FILE | MAP_SHARED, fd, 0)) != NULL)
-    kekbuf = (uint8_t *) (db + 1);
-
-  (void) close(fd);
-
-  return db;
-}
-
-hal_error_t hal_ks_set_keydb(const hal_ks_key_t * const key,
-                             const int loc,
-                             const int updating)
-{
-  if (key == NULL || loc < 0 || loc >= sizeof(db->keys)/sizeof(*db->keys) || (!key->in_use != !updating))
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  db->keys[loc] = *key;
-  db->keys[loc].in_use = 1;
-  return HAL_OK;
-}
-
-hal_error_t hal_ks_del_keydb(const int loc)
-{
-  if (loc < 0 || loc >= sizeof(db->keys)/sizeof(*db->keys))
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  db->keys[loc].in_use = 0;
-  memset(&db->keys[loc], 0, sizeof(db->keys[loc]));
-  return HAL_OK;
-}
-
-hal_error_t hal_set_pin(const hal_user_t user,
-                        const hal_ks_pin_t * const pin)
-{
-  if (pin == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  hal_ks_pin_t *p = NULL;
-
-  switch (user) {
-  case HAL_USER_WHEEL:  p = &db->wheel_pin;  break;
-  case HAL_USER_SO:	p = &db->so_pin;     break;
-  case HAL_USER_NORMAL:	p = &db->user_pin;   break;
-  default:		return HAL_ERROR_BAD_ARGUMENTS;
-  }
-
-  *p = *pin;
-  return HAL_OK;
-}
-
-hal_error_t hal_mkm_get_kek(uint8_t *kek,
-                           size_t *kek_len,
-                           const size_t kek_max)
-{
-  if (kek == NULL || kek_len == NULL || kek_max < bitsToBytes(128))
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  if (kekbuf == NULL)
-    return HAL_ERROR_IMPOSSIBLE;
-
-  hal_error_t err;
-
-  const size_t len = ((kek_max < bitsToBytes(192)) ? bitsToBytes(128) :
-                      (kek_max < bitsToBytes(256)) ? bitsToBytes(192) :
-                      bitsToBytes(256));
-
-  uint8_t t = 0;
-
-  for (int i = 0; i < KEKBUF_LEN; i++)
-    t |= kekbuf[i];
-
-  if (t == 0 && (err = hal_rpc_get_random(kekbuf, sizeof(KEKBUF_LEN))) != HAL_OK)
-    return err;
-
-  memcpy(kek, kekbuf, len);
-  *kek_len = len;
-  return HAL_OK;
-}
-
-/*
- * Local variables:
- * indent-tabs-mode: nil
- * End:
- */
diff --git a/ks_volatile.c b/ks_volatile.c
index 2dcb599..515a8e8 100644
--- a/ks_volatile.c
+++ b/ks_volatile.c
@@ -53,9 +53,9 @@
 #endif
 
 /*
- * In-memory keystore database.  This should also be usable for
- * mmap(), if and when we get around to rewriting that driver (and in
- * which case this driver probably ought to be renamed ks_memory).
+ * In-memory keystore database.  This is a bit more complicated than
+ * necessary because originally I though we would want to continue
+ * supporting an mmap()-based keystore as well.  Needs cleaning up.
  */
 
 typedef struct {



More information about the Commits mailing list