[Cryptech-Commits] [sw/libhal] 03/05: Add protection against trying to use hashsig while the restart mechanism is rebuilding the tree.

git at cryptech.is git at cryptech.is
Wed Jul 25 02:36:19 UTC 2018

Previous message (by thread): [Cryptech-Commits] [sw/libhal] 02/05: Housekeeping: Mark hal_ks_pin_uuid extern, so it doesn't get instantiated in each object module.
Next message (by thread): [Cryptech-Commits] [sw/libhal] 04/05: A recent(?) version of arm-none-eabi-gcc decided to make storage for enums the minimum size necessary, so hal_asn1_decode_lms_algorithm and hal_asn1_decode_lmots_algorithm were writing 4 bytes of data into 1-byte variables. Hilarity ensued. Yes, I already knew that conflating enum with uint32_t was a bad idea, I was just being lazy.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is an automated email from the git hooks/post-receive script.

paul at psgd.org pushed a commit to branch hashsig
in repository sw/libhal.

commit e1a2a7ff2e240c118b62fd372254e8f8097bd416
Author: Paul Selkirk <paul at psgd.org>
AuthorDate: Tue Jul 24 16:57:07 2018 -0400

    Add protection against trying to use hashsig while the restart mechanism is rebuilding the tree.
---
 hal.h     |  1 +
 hashsig.c | 14 ++++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/hal.h b/hal.h
index 8797a4f..a01b9bd 100644
--- a/hal.h
+++ b/hal.h
@@ -162,6 +162,7 @@
   DEFINE_HAL_ERROR(HAL_ERROR_RPC_PROTOCOL_ERROR,        "RPC protocol error")                           \
   DEFINE_HAL_ERROR(HAL_ERROR_NOT_IMPLEMENTED,           "Not implemented")                              \
   DEFINE_HAL_ERROR(HAL_ERROR_HASHSIG_KEY_EXHAUSTED,     "Key exhausted")                                \
+  DEFINE_HAL_ERROR(HAL_ERROR_NOT_READY,                 "Not ready for this operation")                 \
   END_OF_HAL_ERROR_LIST
 
 /* Marker to forestall silly line continuation errors */
diff --git a/hashsig.c b/hashsig.c
index 2ffe995..f463b3c 100644
--- a/hashsig.c
+++ b/hashsig.c
@@ -1182,6 +1182,8 @@ size_t hal_hashsig_lmots_private_key_len(const lmots_algorithm_t lmots_type)
 }
 
 #if RPC_CLIENT == RPC_CLIENT_LOCAL
+static int restart_in_progress = 0;
+
 static inline void *gnaw(uint8_t **mem, size_t *len, const size_t size)
 {
     if (mem == NULL || *mem == NULL || len == NULL || size > *len)
@@ -1285,6 +1287,9 @@ hal_error_t hal_hashsig_key_gen(hal_core_t *core,
 {
     /* hss_alloc does most of the checks */
 
+    if (restart_in_progress)
+        return HAL_ERROR_NOT_READY;
+
     /* check flash keystore for space to store the root tree */
     lms_parameter_t *lms = lms_select_parameter_set(lms_type);
     if (lms == NULL)
@@ -1335,6 +1340,9 @@ hal_error_t hal_hashsig_key_gen(hal_core_t *core,
 /* caller will delete the hss key from the keystore */
 hal_error_t hal_hashsig_key_delete(const hal_hashsig_key_t * const key)
 {
+    if (restart_in_progress)
+        return HAL_ERROR_NOT_READY;
+
     if (key == NULL || key->type != HAL_KEY_TYPE_HASHSIG_PRIVATE)
         return HAL_ERROR_BAD_ARGUMENTS;
 
@@ -1367,6 +1375,9 @@ hal_error_t hal_hashsig_sign(hal_core_t *core,
                              const uint8_t * const msg, const size_t msg_len,
                              uint8_t *sig, size_t *sig_len, const size_t sig_max)
 {
+    if (restart_in_progress)
+        return HAL_ERROR_NOT_READY;
+
     if (key == NULL || key->type != HAL_KEY_TYPE_HASHSIG_PRIVATE || msg == NULL || sig == NULL || sig_len == NULL)
         return HAL_ERROR_BAD_ARGUMENTS;
 
@@ -1873,6 +1884,8 @@ hal_error_t hal_hashsig_ks_init(void)
     uint8_t der[HAL_KS_WRAPPED_KEYSIZE];
     size_t der_len;
 
+    restart_in_progress = 1;
+
     /* Find all hss private keys */
     while ((hal_ks_match(hal_ks_token, client, session,
                          HAL_KEY_TYPE_HASHSIG_PRIVATE, HAL_CURVE_NONE, 0, 0, NULL, 0,
@@ -2056,6 +2069,7 @@ hal_error_t hal_hashsig_ks_init(void)
         }
     }
 
+    restart_in_progress = 0;
     return HAL_OK;
 }
 #endif

More information about the Commits mailing list