[Cryptech-Commits] [sw/libhal] 01/05: Debug per-session keys.
git at cryptech.is
git at cryptech.is
Mon May 29 18:53:44 UTC 2017
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch ks9
in repository sw/libhal.
commit 5cee716555db92942c5b11c824839bb00aaf35b9
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Mon May 29 00:44:18 2017 -0400
Debug per-session keys.
---
ks.c | 19 +++++++++----------
ks.h | 11 +++++++++++
ks_token.c | 24 ++++++++++++++++--------
ks_volatile.c | 25 ++++++++++++++++++++++---
unit-tests.py | 2 +-
5 files changed, 59 insertions(+), 22 deletions(-)
diff --git a/ks.c b/ks.c
index a0a4de7..2d1d8c4 100644
--- a/ks.c
+++ b/ks.c
@@ -182,6 +182,7 @@ hal_error_t hal_ks_block_update(hal_ks_t *ks,
if ((err = hal_ks_block_deprecate(ks, b1)) != HAL_OK ||
(err = hal_ks_index_replace(ks, uuid, &b2, hint)) != HAL_OK ||
(err = hal_ks_block_write(ks, b2, block)) != HAL_OK ||
+ (err = hal_ks_block_copy_owner(ks, b1, b2)) != HAL_OK ||
(err = hal_ks_block_zero(ks, b1)) != HAL_OK)
return err;
@@ -243,8 +244,8 @@ hal_error_t hal_ks_alloc_common(hal_ks_t *ks,
if (mem == NULL)
return HAL_ERROR_ALLOCATION_FAILURE;
- memset(((uint8_t *) ks) + sizeof(hal_ks_driver_t), 0,
- sizeof(hal_ks_t) - sizeof(hal_ks_driver_t));
+ memset(((uint8_t *) ks) + sizeof(ks->driver), 0,
+ sizeof(hal_ks_t) - sizeof(ks->driver));
memset(mem, 0, len);
ks->index = gnaw(&mem, &len, sizeof(*ks->index) * ks_blocks);
@@ -498,23 +499,21 @@ static inline hal_error_t key_visible(hal_ks_t * const ks,
const hal_session_handle_t session,
const unsigned blockno)
{
+ hal_error_t err;
+
if (ks == NULL)
return HAL_ERROR_IMPOSSIBLE;
if (!ks->per_session)
return HAL_OK;
- hal_error_t err;
-
- if ((err = hal_ks_block_test_owner(ks, blockno, client, session)) != HAL_OK)
+ if ((err = hal_ks_block_test_owner(ks, blockno, client, session)) != HAL_ERROR_KEY_NOT_FOUND)
return err;
- err = hal_rpc_is_logged_in(client, HAL_USER_WHEEL);
-
- if (err == HAL_ERROR_FORBIDDEN)
- err = HAL_ERROR_KEY_NOT_FOUND;
+ if ((err = hal_rpc_is_logged_in(client, HAL_USER_WHEEL)) != HAL_ERROR_FORBIDDEN)
+ return err;
- return err;
+ return HAL_ERROR_KEY_NOT_FOUND;
}
hal_error_t hal_ks_store(hal_ks_t *ks,
diff --git a/ks.h b/ks.h
index 6db0bd7..25f2acf 100644
--- a/ks.h
+++ b/ks.h
@@ -223,6 +223,7 @@ struct hal_ks_driver {
const hal_client_handle_t client, const hal_session_handle_t session);
hal_error_t (*test_owner) (hal_ks_t *ks, const unsigned blockno,
const hal_client_handle_t client, const hal_session_handle_t session);
+ hal_error_t (*copy_owner) (hal_ks_t *ks, const unsigned source, const unsigned target);
};
/*
@@ -299,6 +300,16 @@ static inline hal_error_t hal_ks_block_test_owner(hal_ks_t *ks, const unsigned b
ks->driver->test_owner(ks, blockno, client, session);
}
+static inline hal_error_t hal_ks_block_copy_owner(hal_ks_t *ks,
+ const unsigned source,
+ const unsigned target)
+{
+ return
+ ks == NULL || ks->driver == NULL ? HAL_ERROR_BAD_ARGUMENTS :
+ ks->driver->copy_owner == NULL ? HAL_ERROR_NOT_IMPLEMENTED :
+ ks->driver->copy_owner(ks, source, target);
+}
+
/*
* Type safe casts.
*/
diff --git a/ks_token.c b/ks_token.c
index 6172f79..e69eb02 100644
--- a/ks_token.c
+++ b/ks_token.c
@@ -267,17 +267,24 @@ static hal_error_t ks_token_write(hal_ks_t *ks, const unsigned blockno, hal_ks_b
*/
static hal_error_t ks_token_set_owner(hal_ks_t *ks,
- const unsigned blockno,
- const hal_client_handle_t client,
- const hal_session_handle_t session)
+ const unsigned blockno,
+ const hal_client_handle_t client,
+ const hal_session_handle_t session)
{
return HAL_OK;
}
-static hal_error_t ks_token_test_owner(hal_ks_t *ks, const
- unsigned blockno,
- const hal_client_handle_t client,
- const hal_session_handle_t session)
+static hal_error_t ks_token_test_owner(hal_ks_t *ks,
+ const unsigned blockno,
+ const hal_client_handle_t client,
+ const hal_session_handle_t session)
+{
+ return HAL_OK;
+}
+
+static hal_error_t ks_token_copy_owner(hal_ks_t *ks,
+ const unsigned source,
+ const unsigned target)
{
return HAL_OK;
}
@@ -386,7 +393,8 @@ static const hal_ks_driver_t ks_token_driver = {
.erase = ks_token_erase,
.erase_maybe = ks_token_erase_maybe,
.set_owner = ks_token_set_owner,
- .test_owner = ks_token_test_owner
+ .test_owner = ks_token_test_owner,
+ .copy_owner = ks_token_copy_owner
};
static ks_token_db_t _db = { .ks.driver = &ks_token_driver };
diff --git a/ks_volatile.c b/ks_volatile.c
index c1ea72d..0b39133 100644
--- a/ks_volatile.c
+++ b/ks_volatile.c
@@ -169,8 +169,8 @@ static hal_error_t ks_volatile_set_owner(hal_ks_t *ks,
* Test key ownership.
*/
-static hal_error_t ks_volatile_test_owner(hal_ks_t *ks, const
- unsigned blockno,
+static hal_error_t ks_volatile_test_owner(hal_ks_t *ks,
+ const unsigned blockno,
const hal_client_handle_t client,
const hal_session_handle_t session)
{
@@ -185,6 +185,22 @@ static hal_error_t ks_volatile_test_owner(hal_ks_t *ks, const
}
/*
+ * Copy key ownership.
+ */
+
+static hal_error_t ks_volatile_copy_owner(hal_ks_t *ks,
+ const unsigned source,
+ const unsigned target)
+{
+ if (ks != hal_ks_volatile || db->keys == NULL || source >= ks->size || target >= ks->size)
+ return HAL_ERROR_IMPOSSIBLE;
+
+ db->keys[target].client = db->keys[source].client;
+ db->keys[target].session = db->keys[source].session;
+ return HAL_OK;
+}
+
+/*
* Initialize keystore.
*/
@@ -217,6 +233,8 @@ static hal_error_t ks_volatile_init(hal_ks_t *ks, const int alloc)
if ((err = hal_ks_init_common(ks)) != HAL_OK)
goto done;
+ ks->per_session = 1;
+
err = HAL_OK;
done:
@@ -238,7 +256,8 @@ static const hal_ks_driver_t ks_volatile_driver = {
.erase = ks_volatile_erase,
.erase_maybe = ks_volatile_erase, /* sic */
.set_owner = ks_volatile_set_owner,
- .test_owner = ks_volatile_test_owner
+ .test_owner = ks_volatile_test_owner,
+ .copy_owner = ks_volatile_copy_owner
};
static ks_volatile_db_t _db = { .ks.driver = &ks_volatile_driver };
diff --git a/unit-tests.py b/unit-tests.py
index 338af64..a304205 100644
--- a/unit-tests.py
+++ b/unit-tests.py
@@ -657,7 +657,7 @@ class TestPKeyAttribute(TestCaseLoggedIn):
try:
with hsm.pkey_open(uuid) as pkey:
pkey.delete()
- except:
+ except Exception as e:
logger.debug("Problem deleting key %s: %s", uuid, e)
def load_and_fill(self, flags, n_keys = 1, n_attrs = 2, n_fill = 0):
More information about the Commits
mailing list