[Cryptech-Commits] [sw/libhal] 01/05: Debug per-session keys.

git at cryptech.is git at cryptech.is
Mon May 29 18:53:44 UTC 2017


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch ks9
in repository sw/libhal.

commit 5cee716555db92942c5b11c824839bb00aaf35b9
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Mon May 29 00:44:18 2017 -0400

    Debug per-session keys.
---
 ks.c          | 19 +++++++++----------
 ks.h          | 11 +++++++++++
 ks_token.c    | 24 ++++++++++++++++--------
 ks_volatile.c | 25 ++++++++++++++++++++++---
 unit-tests.py |  2 +-
 5 files changed, 59 insertions(+), 22 deletions(-)

diff --git a/ks.c b/ks.c
index a0a4de7..2d1d8c4 100644
--- a/ks.c
+++ b/ks.c
@@ -182,6 +182,7 @@ hal_error_t hal_ks_block_update(hal_ks_t *ks,
   if ((err = hal_ks_block_deprecate(ks, b1))            != HAL_OK ||
       (err = hal_ks_index_replace(ks, uuid, &b2, hint)) != HAL_OK ||
       (err = hal_ks_block_write(ks, b2, block))         != HAL_OK ||
+      (err = hal_ks_block_copy_owner(ks, b1, b2))       != HAL_OK ||
       (err = hal_ks_block_zero(ks, b1))                 != HAL_OK)
     return err;
 
@@ -243,8 +244,8 @@ hal_error_t hal_ks_alloc_common(hal_ks_t *ks,
   if (mem == NULL)
     return HAL_ERROR_ALLOCATION_FAILURE;
 
-  memset(((uint8_t *) ks) + sizeof(hal_ks_driver_t), 0,
-         sizeof(hal_ks_t) - sizeof(hal_ks_driver_t));
+  memset(((uint8_t *) ks) + sizeof(ks->driver), 0,
+         sizeof(hal_ks_t) - sizeof(ks->driver));
   memset(mem, 0, len);
 
   ks->index = gnaw(&mem, &len, sizeof(*ks->index) * ks_blocks);
@@ -498,23 +499,21 @@ static inline hal_error_t key_visible(hal_ks_t * const ks,
                                       const hal_session_handle_t session,
                                       const unsigned blockno)
 {
+  hal_error_t err;
+
   if (ks == NULL)
     return HAL_ERROR_IMPOSSIBLE;
 
   if (!ks->per_session)
     return HAL_OK;
 
-  hal_error_t err;
-
-  if ((err = hal_ks_block_test_owner(ks, blockno, client, session)) != HAL_OK)
+  if ((err = hal_ks_block_test_owner(ks, blockno, client, session)) != HAL_ERROR_KEY_NOT_FOUND)
     return err;
 
-  err = hal_rpc_is_logged_in(client, HAL_USER_WHEEL);
-
-  if (err == HAL_ERROR_FORBIDDEN)
-    err = HAL_ERROR_KEY_NOT_FOUND;
+  if ((err = hal_rpc_is_logged_in(client, HAL_USER_WHEEL)) != HAL_ERROR_FORBIDDEN)
+    return err;
 
-  return err;
+  return HAL_ERROR_KEY_NOT_FOUND;
 }
 
 hal_error_t hal_ks_store(hal_ks_t *ks,
diff --git a/ks.h b/ks.h
index 6db0bd7..25f2acf 100644
--- a/ks.h
+++ b/ks.h
@@ -223,6 +223,7 @@ struct hal_ks_driver {
                               const hal_client_handle_t client, const hal_session_handle_t session);
   hal_error_t (*test_owner)  (hal_ks_t *ks, const unsigned blockno,
                               const hal_client_handle_t client, const hal_session_handle_t session);
+  hal_error_t (*copy_owner)  (hal_ks_t *ks, const unsigned source, const unsigned target);
 };
 
 /*
@@ -299,6 +300,16 @@ static inline hal_error_t hal_ks_block_test_owner(hal_ks_t *ks, const unsigned b
     ks->driver->test_owner(ks, blockno, client, session);
 }
 
+static inline hal_error_t hal_ks_block_copy_owner(hal_ks_t *ks,
+                                                  const unsigned source,
+                                                  const unsigned target)
+{
+  return
+    ks == NULL || ks->driver == NULL  ? HAL_ERROR_BAD_ARGUMENTS   :
+    ks->driver->copy_owner == NULL    ? HAL_ERROR_NOT_IMPLEMENTED :
+    ks->driver->copy_owner(ks, source, target);
+}
+
 /*
  * Type safe casts.
  */
diff --git a/ks_token.c b/ks_token.c
index 6172f79..e69eb02 100644
--- a/ks_token.c
+++ b/ks_token.c
@@ -267,17 +267,24 @@ static hal_error_t ks_token_write(hal_ks_t *ks, const unsigned blockno, hal_ks_b
  */
 
 static hal_error_t ks_token_set_owner(hal_ks_t *ks,
-                                   const unsigned blockno,
-                                   const hal_client_handle_t client,
-                                   const hal_session_handle_t session)
+                                      const unsigned blockno,
+                                      const hal_client_handle_t client,
+                                      const hal_session_handle_t session)
 {
   return HAL_OK;
 }
 
-static hal_error_t ks_token_test_owner(hal_ks_t *ks, const
-                                    unsigned blockno,
-                                    const hal_client_handle_t client,
-                                    const hal_session_handle_t session)
+static hal_error_t ks_token_test_owner(hal_ks_t *ks,
+                                       const unsigned blockno,
+                                       const hal_client_handle_t client,
+                                       const hal_session_handle_t session)
+{
+  return HAL_OK;
+}
+
+static hal_error_t ks_token_copy_owner(hal_ks_t *ks,
+                                       const unsigned source,
+                                       const unsigned target)
 {
   return HAL_OK;
 }
@@ -386,7 +393,8 @@ static const hal_ks_driver_t ks_token_driver = {
   .erase                = ks_token_erase,
   .erase_maybe          = ks_token_erase_maybe,
   .set_owner            = ks_token_set_owner,
-  .test_owner           = ks_token_test_owner
+  .test_owner           = ks_token_test_owner,
+  .copy_owner           = ks_token_copy_owner
 };
 
 static ks_token_db_t _db = { .ks.driver = &ks_token_driver };
diff --git a/ks_volatile.c b/ks_volatile.c
index c1ea72d..0b39133 100644
--- a/ks_volatile.c
+++ b/ks_volatile.c
@@ -169,8 +169,8 @@ static hal_error_t ks_volatile_set_owner(hal_ks_t *ks,
  * Test key ownership.
  */
 
-static hal_error_t ks_volatile_test_owner(hal_ks_t *ks, const
-                                          unsigned blockno,
+static hal_error_t ks_volatile_test_owner(hal_ks_t *ks,
+                                          const unsigned blockno,
                                           const hal_client_handle_t client,
                                           const hal_session_handle_t session)
 {
@@ -185,6 +185,22 @@ static hal_error_t ks_volatile_test_owner(hal_ks_t *ks, const
 }
 
 /*
+ * Copy key ownership.
+ */
+
+static hal_error_t ks_volatile_copy_owner(hal_ks_t *ks,
+                                          const unsigned source,
+                                          const unsigned target)
+{
+  if (ks != hal_ks_volatile || db->keys == NULL || source >= ks->size || target >= ks->size)
+    return HAL_ERROR_IMPOSSIBLE;
+
+  db->keys[target].client  = db->keys[source].client;
+  db->keys[target].session = db->keys[source].session;
+  return HAL_OK;
+}
+
+/*
  * Initialize keystore.
  */
 
@@ -217,6 +233,8 @@ static hal_error_t ks_volatile_init(hal_ks_t *ks, const int alloc)
   if ((err = hal_ks_init_common(ks)) != HAL_OK)
     goto done;
 
+  ks->per_session = 1;
+
   err = HAL_OK;
 
  done:
@@ -238,7 +256,8 @@ static const hal_ks_driver_t ks_volatile_driver = {
   .erase                = ks_volatile_erase,
   .erase_maybe          = ks_volatile_erase, /* sic */
   .set_owner            = ks_volatile_set_owner,
-  .test_owner           = ks_volatile_test_owner
+  .test_owner           = ks_volatile_test_owner,
+  .copy_owner           = ks_volatile_copy_owner
 };
 
 static ks_volatile_db_t _db = { .ks.driver = &ks_volatile_driver };
diff --git a/unit-tests.py b/unit-tests.py
index 338af64..a304205 100644
--- a/unit-tests.py
+++ b/unit-tests.py
@@ -657,7 +657,7 @@ class TestPKeyAttribute(TestCaseLoggedIn):
         try:
             with hsm.pkey_open(uuid) as pkey:
                 pkey.delete()
-        except:
+        except Exception as e:
             logger.debug("Problem deleting key %s: %s", uuid, e)
 
     def load_and_fill(self, flags, n_keys = 1, n_attrs = 2, n_fill = 0):



More information about the Commits mailing list