Some code cleanup and refactor

author: Franklin Wei <me@fwei.tk> 2018-06-20 14:13:48 -0400
committer: Franklin Wei <me@fwei.tk> 2018-06-20 14:13:48 -0400
commit: 9fb1f3ba699a2ff004aaf35f5fc628df7bcf6f1e (patch)
tree: 0dac159462ae9fff6d4000038b358527dc51849e
parent: a9315b1f9e01097e4fedff446912db8d5fd5e422 (diff)
download: csaa-9fb1f3ba699a2ff004aaf35f5fc628df7bcf6f1e.zip
csaa-9fb1f3ba699a2ff004aaf35f5fc628df7bcf6f1e.tar.gz
csaa-9fb1f3ba699a2ff004aaf35f5fc628df7bcf6f1e.tar.bz2
csaa-9fb1f3ba699a2ff004aaf35f5fc628df7bcf6f1e.tar.xz
3 files changed, 43 insertions, 41 deletions
diff --git a/crypto.c b/crypto.c
index 10576a0..5752913 100644
--- a/crypto.c
+++ b/crypto.c
@@ -242,7 +242,9 @@ void restore_nodes(hash_t *nodes, const int *indices, const hash_t *values, int
 /* Update mt_nodes to reflect a change to a leaf node's
  * value. Optionally, if old_dep is not NULL, *old_dep will be made to
  * point to an array of length mt_logleaves that contains the old node
- * values (whose indices are returned by bintree_ancestors()). */
+ * values (whose indices are returned by bintree_ancestors()). NOTE:
+ * this function will NOT set the corresponding IOMT leaf; use
+ * iomt_update_by_leafidx for that. */
 void merkle_update(struct iomt *tree, uint64_t leafidx, hash_t newval, hash_t **old_dep)
 {
     if(old_dep)
diff --git a/service_provider.c b/service_provider.c
index a895e98..d55ae49 100644
--- a/service_provider.c
+++ b/service_provider.c
@@ -12,6 +12,7 @@
 #include "test.h"
 #include "trusted_module.h"
 
+/* arbitrary */
 #define ACL_LOGLEAVES 4
 
 struct file_version {
@@ -89,53 +90,63 @@ struct tm_cert cert_eq(struct service_provider *sp,
 
     hash_t h_ins = hash_node(&insert);
 
-    int *orders_enc, *orders_ins;
-    int *compidx_enc = bintree_complement(encloser_leafidx, sp->iomt->mt_logleaves, &orders_enc);
-    int *compidx_ins = bintree_complement(placeholder_leafidx, sp->iomt->mt_logleaves, &orders_ins);
-
-    hash_t *comp_enc = lookup_nodes(sp->iomt->mt_nodes, compidx_enc, sp->iomt->mt_logleaves);
+    int *enc_orders;
+    hash_t *enc_comp = merkle_complement(sp->iomt, encloser_leafidx, &enc_orders);
 
     /* we need two NU certificates */
     hash_t nu1_hmac, nu2_hmac;
 
     struct tm_cert nu1 = tm_cert_node_update(sp->tm,
                                              h_enc, h_encmod,
-                                             comp_enc, orders_enc, sp->iomt->mt_logleaves,
+                                             enc_comp, enc_orders, sp->iomt->mt_logleaves,
                                              &nu1_hmac);
 
     /* We now update the ancestors of the encloser node. */
     hash_t *old_depvalues;
     merkle_update(sp->iomt, encloser_leafidx, h_encmod, &old_depvalues);
 
-    hash_t *comp_ins = lookup_nodes(sp->iomt->mt_nodes, compidx_ins, sp->iomt->mt_logleaves);
+    int *ins_orders;
+    hash_t *ins_comp = merkle_complement(sp->iomt, placeholder_leafidx, &ins_orders);
 
     struct tm_cert nu2 = tm_cert_node_update(sp->tm,
                                              hash_null, h_ins,
-                                             comp_ins, orders_ins, sp->iomt->mt_logleaves,
+                                             ins_comp, ins_orders, sp->iomt->mt_logleaves,
                                              &nu2_hmac);
 
     /* restore the tree */
     int *dep_indices = bintree_ancestors(encloser_leafidx, sp->iomt->mt_logleaves);
     restore_nodes(sp->iomt->mt_nodes, dep_indices, old_depvalues, sp->iomt->mt_logleaves);
+
     free(dep_indices);
     free(old_depvalues);
 
-    free(compidx_enc);
-    free(compidx_ins);
-    free(comp_enc);
-    free(comp_ins);
-    free(orders_enc);
-    free(orders_ins);
+    free(enc_comp);
+    free(ins_comp);
+    free(enc_orders);
+    free(ins_orders);
 
     return tm_cert_equiv(sp->tm, &nu1, nu1_hmac, &nu2, nu2_hmac, encloser, placeholder_nodeidx, hmac_out);
 }
 
+#if 0
+void *db_init(const char *filename)
+{
+    sqlite3 *db;
+    if(sqlite3_open(filename, &db) != SQLITE_OK)
+        return null;
+
+    return db;
+}
+#endif
+
 /* leaf count will be 2^logleaves */
 struct service_provider *sp_new(const void *key, size_t keylen, int logleaves)
 {
     assert(logleaves > 0);
     struct service_provider *sp = calloc(1, sizeof(*sp));
 
+    //sp->db = db_init("csaa.db");
+
     sp->tm = tm_new(key, keylen);
 
     sp->iomt = iomt_new(logleaves);
@@ -145,8 +156,9 @@ struct service_provider *sp_new(const void *key, size_t keylen, int logleaves)
      * insert our desired number of nodes by using EQ certificates to
      * update the internal IOMT root. Note that leaf indices are
      * 1-indexed. */
-    sp->iomt->mt_leaves[0] = (struct iomt_node) { 1, 1, hash_null };
-    merkle_update(sp->iomt, 0, hash_node(sp->iomt->mt_leaves + 0), NULL);
+    iomt_update_by_leafidx(sp->iomt,
+                           0,
+                           1, 1, hash_null);
 
     for(int i = 1; i < sp->iomt->mt_leafcount; ++i)
     {
@@ -213,10 +225,9 @@ static struct file_record *lookup_record(struct service_provider *sp, int idx)
 }
 
 /* Should we insert sorted (for O(logn) lookup), or just at the end to
- * avoid copying (O(n) lookup, O(1) insertion)? Probably better to use a hash
- * table. */
-/* We do not check to ensure that there are no duplicate file indices;
- * this is up to the caller */
+ * avoid copying (O(n) lookup, O(1) insertion)? Eventually this will
+ * be replaced with a SQL backend.  We do not check to ensure that
+ * there are no duplicate file indices; that is up to the caller. */
 static void append_record(struct service_provider *sp, const struct file_record *rec)
 {
     sp->records = realloc(sp->records, sizeof(struct file_record) * ++sp->nrecords);
@@ -245,8 +256,7 @@ static void append_version(struct file_record *rec, const struct file_version *v
  *
  * If the request is to either modify the ACL or create a file (which
  * is essentially an ACL update), the ACL will be set to
- * new_acl. `new_acl' must be in persistent storage.
- */
+ * new_acl. `new_acl' must be in persistent storage. */
 struct tm_cert sp_request(struct service_provider *sp,
                           const struct user_request *req, hash_t req_hmac,
                           hash_t *hmac_out,
@@ -298,8 +308,6 @@ struct tm_cert sp_request(struct service_provider *sp,
             struct file_version ver;
             memset(&ver, 0, sizeof(ver));
 
-            hash_t gamma = sha256(encrypted_contents, contents_len);
-
             if(!is_zero(encrypted_secret) && !is_zero(kf))
             {
                 /* File is encrypted */
@@ -348,9 +356,7 @@ struct tm_cert sp_request(struct service_provider *sp,
         }
 
         /* update our tree */
-        sp->iomt->mt_leaves[req->idx - 1].val = u64_to_hash(fr.fr.counter);
-
-        merkle_update(sp->iomt, req->idx - 1, hash_node(sp->iomt->mt_leaves + req->idx - 1), NULL);
+        iomt_update(sp->iomt, req->idx, u64_to_hash(fr.fr.counter));
     }
 
     /* return values to caller */
@@ -385,14 +391,13 @@ struct user_request sp_createfile(struct service_provider *sp,
         return req_null;
     }
 
-    int *file_compidx, *file_orders;
-    file_compidx = bintree_complement(i, sp->iomt->mt_logleaves, &file_orders);
-
-    hash_t *file_comp = lookup_nodes(sp->iomt->mt_nodes, file_compidx, sp->iomt->mt_logleaves);
+    int *file_orders;
+    hash_t *file_comp = merkle_complement(sp->iomt, i, &file_orders);
 
     struct iomt *acl = iomt_new(ACL_LOGLEAVES);
-    acl->mt_leaves[0] = (struct iomt_node) { user_id, user_id, u64_to_hash(3) };
-    merkle_update(acl, 0, hash_node(acl->mt_leaves + 0), NULL);
+    iomt_update_by_leafidx(acl,
+                           0,
+                           user_id, user_id, u64_to_hash(3));
 
     struct user_request req = req_filecreate(sp->tm,
                                              i + 1,
@@ -414,7 +419,6 @@ struct user_request sp_createfile(struct service_provider *sp,
 
     iomt_free(acl);
 
-    free(file_compidx);
     free(file_comp);
     free(file_orders);
 
diff --git a/trusted_module.c b/trusted_module.c
index e0d84ce..7ebd716 100644
--- a/trusted_module.c
+++ b/trusted_module.c
@@ -281,7 +281,7 @@ struct tm_cert tm_cert_record_verify(const struct trusted_module *tm,
     {
         if(encloses(node->idx, node->next_idx, b))
         {
-            memset(nonexist, 0, sizeof(*nonexist));
+            *nonexist = cert_null;
             nonexist->type = RV;
             nonexist->rv.idx = b;
 
@@ -299,8 +299,6 @@ struct tm_cert tm_cert_record_verify(const struct trusted_module *tm,
     /* verify that this node is a child of y */
     struct tm_cert cert = cert_null;
 
-    memset(&cert, 0, sizeof(cert));
-
     cert.type = RV;
     cert.rv.root = nu->nu.orig_root;
     cert.rv.idx = node->idx;
@@ -348,7 +346,6 @@ struct tm_cert tm_cert_record_update(const struct trusted_module *tm,
     }
 
     struct tm_cert cert = cert_null;
-    memset(&cert, 0, sizeof(cert));
 
     cert.type = RU;
     cert.ru.idx = node->idx;
@@ -389,7 +386,7 @@ bool tm_set_equiv_root(struct trusted_module *tm,
 }
 
 /* user id is 1-indexed */
-hash_t req_sign(const struct trusted_module *tm, const struct user_request *req, int id)
+static hash_t req_sign(const struct trusted_module *tm, const struct user_request *req, int id)
 {
     return hmac_sha256(req, sizeof(*req), tm->user_keys[id - 1].key, tm->user_keys[id - 1].len);
 }
@@ -959,7 +956,6 @@ struct version_info tm_verify_file(const struct trusted_module *tm,
 /* self-test */
 void tm_test(void)
 {
-
     {
         /* check NU certificate generation */
         struct trusted_module *tm = tm_new("a", 1);
author	Franklin Wei <me@fwei.tk>	2018-06-20 14:13:48 -0400
committer	Franklin Wei <me@fwei.tk>	2018-06-20 14:13:48 -0400
commit	9fb1f3ba699a2ff004aaf35f5fc628df7bcf6f1e (patch)
tree	0dac159462ae9fff6d4000038b358527dc51849e
parent	a9315b1f9e01097e4fedff446912db8d5fd5e422 (diff)
download	csaa-9fb1f3ba699a2ff004aaf35f5fc628df7bcf6f1e.zip csaa-9fb1f3ba699a2ff004aaf35f5fc628df7bcf6f1e.tar.gz csaa-9fb1f3ba699a2ff004aaf35f5fc628df7bcf6f1e.tar.bz2 csaa-9fb1f3ba699a2ff004aaf35f5fc628df7bcf6f1e.tar.xz