aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFranklin Wei <me@fwei.tk>2018-06-01 23:18:29 -0400
committerFranklin Wei <me@fwei.tk>2018-06-01 23:18:29 -0400
commit35da023f66db5e755baf40ff89b1a62be9c0bd2c (patch)
treef9d8289e4216c880ca28446129be7655132b6056
parentfbd47093d2e71e4d6a58b4c23ac57e357a26ab2a (diff)
downloadcsaa-35da023f66db5e755baf40ff89b1a62be9c0bd2c.zip
csaa-35da023f66db5e755baf40ff89b1a62be9c0bd2c.tar.gz
csaa-35da023f66db5e755baf40ff89b1a62be9c0bd2c.tar.bz2
csaa-35da023f66db5e755baf40ff89b1a62be9c0bd2c.tar.xz
Partially finish F_tp() implementation
Added some comments (mostly for my own sake) and a little code.
-rw-r--r--service_provider.h2
-rw-r--r--trusted_module.c76
2 files changed, 73 insertions, 5 deletions
diff --git a/service_provider.h b/service_provider.h
index 2ba3682..1c92c36 100644
--- a/service_provider.h
+++ b/service_provider.h
@@ -17,7 +17,7 @@ struct user_request {
* update, val is a commitment to the contents, key,
* and index of the file */
union {
- /* if counter = 0 and type = ACL, create a new file with given ACL */
+ /* if counter = 0 and type = ACL_UPDATE, create a new file with given ACL */
struct {
struct tm_cert ru_cert;
hash_t ru_hmac;
diff --git a/trusted_module.c b/trusted_module.c
index 6de0d9e..af76c72 100644
--- a/trusted_module.c
+++ b/trusted_module.c
@@ -402,6 +402,54 @@ static bool req_verify(struct trusted_module *tm, const struct user_request *req
}
/* execute a user request, if possible */
+/*
+ * This function handles all transformations on the IOMT except
+ * inserting a placeholder (handled above). The function takes its
+ * parameter in the form of a user_request struct, which must be
+ * authenticated or else the function will fail. Based on the request
+ * contents, one of three actions are performed:
+ *
+ * 1) req->type == ACL_UPDATE and req->counter == 0:
+ *
+ * Create a new file entry. A properly authenticated RU certificate
+ * must be passed in the `create' struct of the request. The RU
+ * certificate must be of the form [ f, 0, current root, 1, new root
+ * ]. Additionally, the `val' field of the request struct should be
+ * set to the root of the ACL IOMT (a).
+ *
+ * Given these parameters, this function will then update the internal
+ * IOMT root to the new root and will issue an FR certificate of the
+ * form [ idx = f, c_f = 1, acl = a, ver = 0 ].
+ *
+ * 2) req->type == ACL_UPDATE (and req->counter > 0 and access = 3):
+ *
+ * Three properly authenticated certificates are needed for an update
+ * to the ACL: one FR certificate to indicate the ACL root, one RU
+ * certificate of the form [ user_id, access, acl_root ] to indicate
+ * user access level (which must be 3 in order to change the ACL), and
+ * one RU certificate of the form [ f, c_f, current IOMT root, c_f +
+ * 1, new IOMT root ] to indicate that the counter c_f is consistent
+ * with the internally stored root and the updated IOMT root.
+ *
+ * Given these three certificates, this function will return an FR
+ * certificate (signed in *hmac_out) with the updated ACL root, and
+ * will update the internal IOMT root to increment the file counter,
+ * c_f.
+ *
+ * 3) req->type == FILE_UPDATE (and req->counter > 0 and access >= 2):
+ *
+ * Three properly authenticated certificates are needed for the
+ * creation of a new file version (which are also the same as the ones
+ * needed for an ACL update, see above). The user access level must be
+ * >= 2, otherwise this function will fail.
+ *
+ * This function returns two certificates: one FR certificate
+ * indicating the updated file counter and version number (and an
+ * unchanged ACL root), and a new VR certificate, returned in *vr_out
+ * and signed in *vr_hmac. Additionally, the internal IOMT root will
+ * be updated to reflect the incremented file counter.
+ */
+
/* TODO: authenticated acknowledgement */
struct tm_cert tm_request(struct trusted_module *tm,
const struct user_request *req, hash_t req_hmac,
@@ -461,13 +509,16 @@ struct tm_cert tm_request(struct trusted_module *tm,
return cert;
}
- /* otherwise the request is to either modify the ACL, delete the
- * file, or create a new version */
+ /* Otherwise the request is to either modify the ACL or create a
+ * new file version. In either case, check the two certificates
+ * (to verify ACL and access privilege). */
+ if(req->counter <= 0)
+ return cert_null;
if(!cert_verify(tm, req->modify.fr_cert, req->modify.fr_hmac))
return cert_null;
if(!cert_verify(tm, req->modify.rv_cert, req->modify.rv_hmac))
return cert_null;
-
+
/* check access level */
if(!hash_equals(req->modify.fr_cert.acl, req->modify.rv_cert.root))
return cert_null;
@@ -477,11 +528,28 @@ struct tm_cert tm_request(struct trusted_module *tm,
/* we treat the bottom 8 bytes of the counter as an integer counter */
int access = hash_to_u64(req->modify.rv_cert.val);
- /* no write access */
+ /* no write access to file or ACL */
if(access < 2)
return cert_null;
+ /* file update */
+ if(req->type == FILE_UPDATE)
+ {
+ /* We need to issue a VR certificate indicating the new
+ * version's contents, and an FR certificate with the new
+ * version number. */
+ struct tm_cert fr, vr;
+
+ }
+ else if(req->type == ACL_UPDATE)
+ {
+ /* We just need a new FR certificate with the new ACL. */
+ struct tm_cert cert;
+
+ }
+ /* should not get here */
+ assert(false);
}
/* self-test */