[Cryptech-Commits] [sw/libhal] 03/05: Simplify per-session keys.

git at cryptech.is git at cryptech.is
Mon May 29 18:53:46 UTC 2017


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch ks9
in repository sw/libhal.

commit 776c4e8cfed92bc2d894f002cb7d222abc65bb50
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Mon May 29 13:16:14 2017 -0400

    Simplify per-session keys.
    
    Cosmetic cleanup of pkey_slot along the way.
---
 hal_internal.h |  6 +++---
 ks.c           | 68 +++++++++++++---------------------------------------------
 ks.h           |  7 +++---
 ks_volatile.c  | 27 +++++++++++++++++------
 rpc_pkey.c     | 16 +++++++-------
 5 files changed, 51 insertions(+), 73 deletions(-)

diff --git a/hal_internal.h b/hal_internal.h
index e998ae3..add7890 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -449,9 +449,9 @@ extern hal_error_t hal_mkm_flash_erase(const size_t len);
  */
 
 typedef struct {
-  hal_client_handle_t client_handle;
-  hal_session_handle_t session_handle;
-  hal_pkey_handle_t pkey_handle;
+  hal_client_handle_t client;
+  hal_session_handle_t session;
+  hal_pkey_handle_t pkey;
   hal_key_type_t type;
   hal_curve_name_t curve;
   hal_key_flags_t flags;
diff --git a/ks.c b/ks.c
index 2b33771..e966b94 100644
--- a/ks.c
+++ b/ks.c
@@ -477,45 +477,6 @@ static inline int acceptable_key_type(const hal_key_type_t type)
   }
 }
 
-/*
- * Test whether the current session can see a particular key.  One
- * might expect this to be based on whether the session matches, and
- * indeed it would be in a sane world, but in the world of PKCS #11,
- * keys belong to sessions, are visible to other sessions, and may
- * even be modifiable by other sessions, but softly and silently
- * vanish away when the original creating session is destroyed.
- *
- * In our terms, this means that visibility of session objects is
- * determined only by the client handle, so taking the session handle
- * as an argument here isn't really necessary, but we've flipflopped
- * on that enough times that at least for now I'd prefer to leave the
- * session handle here and not have to revise all the RPC calls again.
- * Remove it at some later date and redo the RPC calls if we manage to
- * avoid revising this yet again.
- */
-
-static inline hal_error_t key_visible(hal_ks_t * const ks,
-                                      const hal_client_handle_t client,
-                                      const hal_session_handle_t session,
-                                      const unsigned blockno)
-{
-  hal_error_t err;
-
-  if (ks == NULL)
-    return HAL_ERROR_IMPOSSIBLE;
-
-  if (!ks->per_session)
-    return HAL_OK;
-
-  if ((err = hal_ks_block_test_owner(ks, blockno, client, session)) != HAL_ERROR_KEY_NOT_FOUND)
-    return err;
-
-  if ((err = hal_rpc_is_logged_in(client, HAL_USER_WHEEL)) != HAL_ERROR_FORBIDDEN)
-    return err;
-
-  return HAL_ERROR_KEY_NOT_FOUND;
-}
-
 hal_error_t hal_ks_store(hal_ks_t *ks,
                          hal_pkey_slot_t *slot,
                          const uint8_t * const der, const size_t der_len)
@@ -571,7 +532,7 @@ hal_error_t hal_ks_store(hal_ks_t *ks,
     err = hal_ks_block_write(ks, b, block);
 
   if (err == HAL_OK)
-    err = hal_ks_block_set_owner(ks, b, slot->client_handle, slot->session_handle);
+    err = hal_ks_block_set_owner(ks, b, slot->client, slot->session);
 
   if (err == HAL_OK)
     goto done;
@@ -598,9 +559,9 @@ hal_error_t hal_ks_fetch(hal_ks_t *ks,
 
   hal_ks_lock();
 
-  if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint))           != HAL_OK ||
-      (err = key_visible(ks, slot->client_handle, slot->session_handle, b)) != HAL_OK ||
-      (err = hal_ks_block_read_cached(ks, b, &block))                       != HAL_OK)
+  if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint))         != HAL_OK ||
+      (err = hal_ks_block_test_owner(ks, b, slot->client, slot->session)) != HAL_OK ||
+      (err = hal_ks_block_read_cached(ks, b, &block))                     != HAL_OK)
     goto done;
 
   if (hal_ks_block_get_type(block) != HAL_KS_BLOCK_TYPE_KEY) {
@@ -652,8 +613,8 @@ hal_error_t hal_ks_delete(hal_ks_t *ks,
 
   hal_ks_lock();
 
-  if ((err = hal_ks_index_delete(ks, &slot->name, &b, &slot->hint))         != HAL_OK ||
-      (err = key_visible(ks, slot->client_handle, slot->session_handle, b)) != HAL_OK)
+  if ((err = hal_ks_index_delete(ks, &slot->name, &b, &slot->hint))       != HAL_OK ||
+      (err = hal_ks_block_test_owner(ks, b, slot->client, slot->session)) != HAL_OK)
     goto done;
 
   hal_ks_cache_release(ks, hal_ks_cache_find_block(ks, b));
@@ -725,9 +686,10 @@ hal_error_t hal_ks_match(hal_ks_t *ks,
     if ((err = hal_ks_block_read_cached(ks, b, &block)) != HAL_OK)
       goto done;
 
-    if ((err = key_visible(ks, client, session, b)) == HAL_ERROR_KEY_NOT_FOUND)
+    if ((err = hal_ks_block_test_owner(ks, b, client, session)) == HAL_ERROR_KEY_NOT_FOUND)
       continue;
-    else if (err != HAL_OK)
+
+    if (err != HAL_OK)
       goto done;
 
     if ((type  != HAL_KEY_TYPE_NONE && type  != block->key.type)  ||
@@ -799,9 +761,9 @@ hal_error_t hal_ks_set_attributes(hal_ks_t *ks,
   hal_ks_lock();
 
   {
-    if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint))             != HAL_OK ||
-        (err = key_visible(ks, slot->client_handle, slot->session_handle, b))   != HAL_OK ||
-        (err = hal_ks_block_read_cached(ks, b, &block))                         != HAL_OK)
+    if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint))         != HAL_OK ||
+        (err = hal_ks_block_test_owner(ks, b, slot->client, slot->session)) != HAL_OK ||
+        (err = hal_ks_block_read_cached(ks, b, &block))                     != HAL_OK)
       goto done;
 
     hal_ks_cache_mark_used(ks, block, b);
@@ -865,9 +827,9 @@ hal_error_t hal_ks_get_attributes(hal_ks_t *ks,
   hal_ks_lock();
 
   {
-    if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint))             != HAL_OK ||
-        (err = key_visible(ks, slot->client_handle, slot->session_handle, b))   != HAL_OK ||
-        (err = hal_ks_block_read_cached(ks, b, &block))                         != HAL_OK)
+    if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint))         != HAL_OK ||
+        (err = hal_ks_block_test_owner(ks, b, slot->client, slot->session)) != HAL_OK ||
+        (err = hal_ks_block_read_cached(ks, b, &block))                     != HAL_OK)
       goto done;
 
     hal_ks_cache_mark_used(ks, block, b);
diff --git a/ks.h b/ks.h
index 44581a2..240d3e6 100644
--- a/ks.h
+++ b/ks.h
@@ -204,7 +204,6 @@ struct hal_ks {
   unsigned cache_lru;           /* Cache LRU counter */
   unsigned cache_size;          /* Size (how many blocks) in cache */
   hal_ks_cache_block_t *cache;  /* Cache */
-  int per_session;              /* Whether objects have per-session semantics (PKCS #11, sigh) */
 };
 
 /*
@@ -280,7 +279,8 @@ static inline hal_error_t hal_ks_block_erase_maybe(hal_ks_t *ks, const unsigned
     ks->driver->erase_maybe(ks, blockno);
 }
 
-static inline hal_error_t hal_ks_block_set_owner(hal_ks_t *ks, const unsigned blockno,
+static inline hal_error_t hal_ks_block_set_owner(hal_ks_t *ks,
+                                                 const unsigned blockno,
                                                  const hal_client_handle_t  client,
                                                  const hal_session_handle_t session)
 {
@@ -290,7 +290,8 @@ static inline hal_error_t hal_ks_block_set_owner(hal_ks_t *ks, const unsigned bl
     ks->driver->set_owner(ks, blockno, client, session);
 }
 
-static inline hal_error_t hal_ks_block_test_owner(hal_ks_t *ks, const unsigned blockno,
+static inline hal_error_t hal_ks_block_test_owner(hal_ks_t *ks,
+                                                  const unsigned blockno,
                                                   const hal_client_handle_t  client,
                                                   const hal_session_handle_t session)
 {
diff --git a/ks_volatile.c b/ks_volatile.c
index 0b39133..02054ff 100644
--- a/ks_volatile.c
+++ b/ks_volatile.c
@@ -167,6 +167,20 @@ static hal_error_t ks_volatile_set_owner(hal_ks_t *ks,
 
 /*
  * Test key ownership.
+ *
+ * One might expect this to be based on whether the session matches,
+ * and indeed it would be in a sane world, but in the world of PKCS
+ * #11, keys belong to sessions, are visible to other sessions, and
+ * may even be modifiable by other sessions, but softly and silently
+ * vanish away when the original creating session is destroyed.
+ *
+ * In our terms, this means that visibility of session objects is
+ * determined only by the client handle, so taking the session handle
+ * as an argument here isn't really necessary, but we've flipflopped
+ * on that enough times that at least for now I'd prefer to leave the
+ * session handle here and not have to revise all the RPC calls again.
+ * Remove it at some later date and redo the RPC calls if we manage to
+ * avoid revising this yet again.
  */
 
 static hal_error_t ks_volatile_test_owner(hal_ks_t *ks,
@@ -177,11 +191,14 @@ static hal_error_t ks_volatile_test_owner(hal_ks_t *ks,
   if (ks != hal_ks_volatile || db->keys == NULL || blockno >= ks->size)
     return HAL_ERROR_IMPOSSIBLE;
 
-  if (db->keys[blockno].client.handle  == client.handle &&
-      db->keys[blockno].session.handle == session.handle)
+  if (db->keys[blockno].client.handle == HAL_HANDLE_NONE ||
+      db->keys[blockno].client.handle == client.handle)
+    return HAL_OK;
+
+  if (hal_rpc_is_logged_in(client, HAL_USER_WHEEL) == HAL_OK)
     return HAL_OK;
-  else
-    return HAL_ERROR_KEY_NOT_FOUND;
+
+  return HAL_ERROR_KEY_NOT_FOUND;
 }
 
 /*
@@ -233,8 +250,6 @@ static hal_error_t ks_volatile_init(hal_ks_t *ks, const int alloc)
   if ((err = hal_ks_init_common(ks)) != HAL_OK)
     goto done;
 
-  ks->per_session = 1;
-
   err = HAL_OK;
 
  done:
diff --git a/rpc_pkey.c b/rpc_pkey.c
index d280c54..63bc8bd 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -79,10 +79,10 @@ static inline hal_pkey_slot_t *alloc_slot(const hal_key_flags_t flags)
     glop |= HAL_PKEY_HANDLE_TOKEN_FLAG;
 
   for (int i = 0; slot == NULL && i < sizeof(pkey_slot)/sizeof(*pkey_slot); i++) {
-    if (pkey_slot[i].pkey_handle.handle != HAL_HANDLE_NONE)
+    if (pkey_slot[i].pkey.handle != HAL_HANDLE_NONE)
       continue;
     memset(&pkey_slot[i], 0, sizeof(pkey_slot[i]));
-    pkey_slot[i].pkey_handle.handle = i | glop;
+    pkey_slot[i].pkey.handle = i | glop;
     pkey_slot[i].hint = -1;
     slot = &pkey_slot[i];
   }
@@ -120,7 +120,7 @@ static inline hal_pkey_slot_t *find_handle(const hal_pkey_handle_t handle)
 #if HAL_STATIC_PKEY_STATE_BLOCKS > 0
   const int i = (int) (handle.handle & 0xFFFF);
 
-  if (i < sizeof(pkey_slot)/sizeof(*pkey_slot) && pkey_slot[i].pkey_handle.handle == handle.handle)
+  if (i < sizeof(pkey_slot)/sizeof(*pkey_slot) && pkey_slot[i].pkey.handle == handle.handle)
     slot = &pkey_slot[i];
 #endif
 
@@ -334,7 +334,7 @@ static hal_error_t pkey_local_load(const hal_client_handle_t client,
     return err;
   }
 
-  *pkey = slot->pkey_handle;
+  *pkey = slot->pkey;
   *name = slot->name;
   return HAL_OK;
 }
@@ -364,7 +364,7 @@ static hal_error_t pkey_local_open(const hal_client_handle_t client,
   slot->session_handle = session;
 
   if ((err = hal_ks_fetch(hal_ks_token, slot, NULL, NULL, 0)) == HAL_OK)
-    slot->pkey_handle.handle |= HAL_PKEY_HANDLE_TOKEN_FLAG;
+    slot->pkey.handle |= HAL_PKEY_HANDLE_TOKEN_FLAG;
 
   else if (err == HAL_ERROR_KEY_NOT_FOUND)
     err = hal_ks_fetch(hal_ks_volatile, slot, NULL, NULL, 0);
@@ -372,7 +372,7 @@ static hal_error_t pkey_local_open(const hal_client_handle_t client,
   if (err != HAL_OK)
     goto fail;
 
-  *pkey = slot->pkey_handle;
+  *pkey = slot->pkey;
   return HAL_OK;
 
  fail:
@@ -434,7 +434,7 @@ static hal_error_t pkey_local_generate_rsa(const hal_client_handle_t client,
     return err;
   }
 
-  *pkey = slot->pkey_handle;
+  *pkey = slot->pkey;
   *name = slot->name;
   return HAL_OK;
 }
@@ -492,7 +492,7 @@ static hal_error_t pkey_local_generate_ec(const hal_client_handle_t client,
     return err;
   }
 
-  *pkey = slot->pkey_handle;
+  *pkey = slot->pkey;
   *name = slot->name;
   return HAL_OK;
 }



More information about the Commits mailing list