diff options
author | Franklin Wei <me@fwei.tk> | 2018-07-10 19:55:36 +0000 |
---|---|---|
committer | Franklin Wei <me@fwei.tk> | 2018-07-10 19:55:36 +0000 |
commit | 7f4cd7a5065ca29d4644b301b54f2db3e71b1647 (patch) | |
tree | 4ab1322ffa45c61297c28209ad6282b262ee5cb8 /service_provider.c | |
parent | 1ad0b326b1d9f780b9189383bcc271e2b74b4358 (diff) | |
download | csaa-7f4cd7a5065ca29d4644b301b54f2db3e71b1647.zip csaa-7f4cd7a5065ca29d4644b301b54f2db3e71b1647.tar.gz csaa-7f4cd7a5065ca29d4644b301b54f2db3e71b1647.tar.bz2 csaa-7f4cd7a5065ca29d4644b301b54f2db3e71b1647.tar.xz |
Track build code/compose file as a hash
Diffstat (limited to 'service_provider.c')
-rw-r--r-- | service_provider.c | 155 |
1 files changed, 71 insertions, 84 deletions
diff --git a/service_provider.c b/service_provider.c index 3a01111..a064a90 100644 --- a/service_provider.c +++ b/service_provider.c @@ -35,12 +35,6 @@ struct file_version { struct tm_cert vr_cert; /* VR certificate */ hash_t vr_hmac; - - /* lines of Dockerfile */ - struct iomt *buildcode; - - /* lines of docker-compose.yml */ - struct iomt *composefile; }; /* should be free'd with free_record */ @@ -144,7 +138,7 @@ struct tm_cert cert_eq(struct service_provider *sp, /* write to file data_dir/file_idx/version */ void write_contents(const struct service_provider *sp, - uint64_t file_idx, uint64_t version, + uint64_t file_idx, uint64_t version, const char *suffix, const void *data, size_t len) { mkdir(sp->data_dir, 0755); @@ -155,7 +149,7 @@ void write_contents(const struct service_provider *sp, mkdir(dirname, 0755); char filename[MAX_PATH]; - snprintf(filename, sizeof(filename), "%s/%lu/%lu", sp->data_dir, file_idx, version); + snprintf(filename, sizeof(filename), "%s/%lu/%lu%s", sp->data_dir, file_idx, version, suffix); FILE *f = fopen(filename, "w"); @@ -175,14 +169,21 @@ size_t file_len(FILE *f) } void *read_contents(const struct service_provider *sp, - uint64_t file_idx, uint64_t version, - size_t *len) + uint64_t file_idx, uint64_t version, const char *suffix, + size_t *len) { + assert(len); char filename[MAX_PATH]; - snprintf(filename, sizeof(filename), "%s/%lu/%lu", sp->data_dir, file_idx, version); + snprintf(filename, sizeof(filename), "%s/%lu/%lu%s", sp->data_dir, file_idx, version, suffix); FILE *f = fopen(filename, "r"); + if(!f) + { + *len = 0; + return NULL; + } + *len = file_len(f); void *buf = malloc(*len); @@ -367,8 +368,6 @@ static void free_version(struct file_version *ver) { if(ver) { - iomt_free(ver->buildcode); - iomt_free(ver->composefile); free(ver); } } @@ -489,10 +488,6 @@ static void insert_version(struct service_provider *sp, sqlite3_bind_blob(st, 5, &ver->vr_cert, sizeof(ver->vr_cert), SQLITE_TRANSIENT); sqlite3_bind_blob(st, 6, &ver->vr_hmac, sizeof(ver->vr_hmac), SQLITE_TRANSIENT); - sqlite3_bind_int64(st, 7, ver->buildcode ? ver->buildcode->mt_logleaves : -1); - - sqlite3_bind_int64(st, 8, ver->composefile ? ver->composefile->mt_logleaves : -1); - int rc = sqlite3_step(st); if(rc != SQLITE_DONE) { @@ -544,21 +539,6 @@ static struct file_version *lookup_version(struct service_provider *sp, memcpy(&ver->encrypted_secret, sqlite3_column_blob(st, 3), sizeof(ver->encrypted_secret)); memcpy(&ver->vr_cert, sqlite3_column_blob(st, 4), sizeof(ver->vr_cert)); memcpy(&ver->vr_hmac, sqlite3_column_blob(st, 5), sizeof(ver->vr_hmac)); - - int64_t bc_logleaves = sqlite3_column_int64(st, 6); - int64_t cf_logleaves = sqlite3_column_int64(st, 7); - - ver->buildcode = bc_logleaves >= 0 ? iomt_new_from_db(sp->db, - "BCNodes", "BCLeaves", - "FileIdx", file_idx, - "Version", version, - bc_logleaves) : NULL; - - ver->composefile = cf_logleaves >= 0 ? iomt_new_from_db(sp->db, - "CFNodes", "CFLeaves", - "FileIdx", file_idx, - "Version", version, - cf_logleaves) : NULL; return ver; } return NULL; @@ -588,8 +568,9 @@ struct tm_cert sp_request(struct service_provider *sp, struct tm_cert *vr_out, hash_t *vr_hmac_out, hash_t *ack_hmac_out, hash_t encrypted_secret, hash_t kf, - const struct iomt *buildcode, const struct iomt *composefile, const void *encrypted_contents, size_t contents_len, + const void *buildcode, size_t buildcode_len, + const void *composefile, size_t composefile_len, const struct iomt *new_acl) { struct tm_cert vr = cert_null; @@ -662,23 +643,23 @@ struct tm_cert sp_request(struct service_provider *sp, ver.version = fr.fr.version; ver.vr_cert = vr; ver.vr_hmac = vr_hmac; - - if(buildcode) - ver.buildcode = iomt_dup(buildcode); - - if(composefile) - ver.composefile = iomt_dup(composefile); - + + /* write to disk */ if(encrypted_contents) - { - /* write to disk */ - write_contents(sp, fr.fr.idx, fr.fr.version, - encrypted_contents, contents_len); - } - + write_contents(sp, fr.fr.idx, fr.fr.version, "", + encrypted_contents, contents_len); + + if(buildcode) + write_contents(sp, fr.fr.idx, fr.fr.version, "_bc", + buildcode, buildcode_len); + + if(composefile) + write_contents(sp, fr.fr.idx, fr.fr.version, "_cf", + composefile, composefile_len); + insert_version(sp, rec, &ver); } - + if(need_insert) insert_record(sp, rec); else @@ -810,7 +791,8 @@ struct tm_request sp_createfile(struct service_provider *sp, NULL, NULL, ack_hmac, hash_null, hash_null, - NULL, NULL, + NULL, 0, + NULL, 0, NULL, 0, acl); sp->n_placeholders--; @@ -876,7 +858,8 @@ struct tm_request sp_modifyacl(struct service_provider *sp, NULL, NULL, ack_hmac, hash_null, hash_null, - NULL, NULL, + NULL, 0, + NULL, 0, NULL, 0, new_acl); @@ -891,8 +874,9 @@ struct tm_request sp_modifyfile(struct service_provider *sp, void *userdata, uint64_t file_idx, hash_t encrypted_secret, hash_t kf, - const struct iomt *buildcode, const struct iomt *composefile, const void *encrypted_file, size_t filelen, + const void *buildcode, size_t buildcode_len, + const void *composefile, size_t composefile_len, hash_t *ack_hmac) { /* modification */ @@ -924,7 +908,9 @@ struct tm_request sp_modifyfile(struct service_provider *sp, &acl_orders); hash_t gamma = sha256(encrypted_file, filelen); - hash_t lambda = calc_lambda(gamma, buildcode, composefile, kf); + hash_t h_bc = buildcode ? sha256(buildcode, buildcode_len) : hash_null; + hash_t h_cf = composefile ? sha256(composefile, composefile_len) : hash_null; + hash_t lambda = calc_lambda(gamma, h_bc, h_cf, kf); struct tm_request req = req_filemodify(sp->tm, &rec->fr_cert, rec->fr_hmac, @@ -953,8 +939,9 @@ struct tm_request sp_modifyfile(struct service_provider *sp, &vr, &vr_hmac, ack_hmac, encrypted_secret, kf, - buildcode, composefile, encrypted_file, filelen, + buildcode, buildcode_len, + composefile, composefile_len, NULL); /* We return the request because that is how the module's @@ -1042,8 +1029,10 @@ void *sp_retrieve_file(struct service_provider *sp, uint64_t version, hash_t *encrypted_secret, hash_t *kf, - struct iomt **buildcode, - struct iomt **composefile, + void **buildcode, + size_t *bc_len, + void **composefile, + size_t *cf_len, size_t *len) { struct file_record *rec = lookup_record(sp, file_idx); @@ -1095,13 +1084,13 @@ void *sp_retrieve_file(struct service_provider *sp, if(kf) *kf = ver->kf; - void *ret = read_contents(sp, file_idx, version, len); + void *ret = read_contents(sp, file_idx, version, "", len); - /* duplicate compose and build files */ + /* read contents of build/compose files */ if(buildcode) - *buildcode = iomt_dup(ver->buildcode); + *buildcode = read_contents(sp, file_idx, version, "_bc", bc_len); if(composefile) - *composefile = iomt_dup(ver->composefile); + *composefile = read_contents(sp, file_idx, version, "_cf", cf_len); free_record(rec); free_version(ver); @@ -1166,15 +1155,13 @@ static void sp_handle_client(struct service_provider *sp, int cl) case MODIFY_FILE: { printf("Client: modify file %lu\n", user_req.modify_file.file_idx); - struct iomt *buildcode = iomt_deserialize(read_from_fd, &cl); - struct iomt *composefile = iomt_deserialize(read_from_fd, &cl); - size_t filelen; - recv(cl, &filelen, sizeof(filelen), MSG_WAITALL); - - printf("File is %lu bytes.\n", filelen); - void *filebuf = malloc(filelen); - recv(cl, filebuf, filelen, MSG_WAITALL); + size_t filelen; + void *filebuf = deserialize_file(cl, &filelen); + size_t bc_len, cf_len; + void *bc = deserialize_file(cl, &bc_len); + void *cf = deserialize_file(cl, &cf_len); + if(sp_modifyfile(sp, user_req.user_id, get_client_signature, @@ -1182,9 +1169,9 @@ static void sp_handle_client(struct service_provider *sp, int cl) user_req.modify_file.file_idx, user_req.modify_file.encrypted_secret, user_req.modify_file.kf, - buildcode, - composefile, filebuf, filelen, + bc, bc_len, + cf, cf_len, &ack_hmac).type == REQ_NONE) { printf("Failed: %s\n", tm_geterror()); @@ -1192,8 +1179,6 @@ static void sp_handle_client(struct service_provider *sp, int cl) free(filebuf); - iomt_free(buildcode); - iomt_free(composefile); write(cl, &ack_hmac, sizeof(ack_hmac)); break; } @@ -1224,29 +1209,30 @@ static void sp_handle_client(struct service_provider *sp, int cl) printf("Client: retrieve file\n"); hash_t encrypted_secret = hash_null, kf = hash_null; size_t len = 0; - struct iomt *buildcode = NULL, *composefile = NULL; + void *bc = NULL, *cf = NULL; + size_t bc_len = 0, cf_len = 0; + void *contents = sp_retrieve_file(sp, user_req.user_id, user_req.retrieve.file_idx, user_req.retrieve.version, &encrypted_secret, &kf, - &buildcode, - &composefile, + &bc, &bc_len, + &cf, &cf_len, &len); /* write everything (no HMAC; the client should do a * RETRIEVE_INFO request separately) */ write(cl, &encrypted_secret, sizeof(encrypted_secret)); write(cl, &kf, sizeof(kf)); - iomt_serialize(buildcode, write_to_fd, &cl); - iomt_serialize(composefile, write_to_fd, &cl); - write(cl, &len, sizeof(len)); - if(contents) - { - write(cl, contents, len); - free(contents); - } + serialize_file(cl, contents, len); + serialize_file(cl, bc, bc_len); + serialize_file(cl, cf, cf_len); + + free(contents); + free(bc); + free(cf); break; } @@ -1315,7 +1301,7 @@ void sp_test(void) clock_t stop = clock(); check("Tree initialization", sp != NULL); - +#if 0 { hash_t ack_hmac; struct tm_request req = sp_createfile(sp, 1, test_sign_request, "a", &ack_hmac); @@ -1341,7 +1327,7 @@ void sp_test(void) printf("%.1f modifications per second\n", (double)N_MODIFY * CLOCKS_PER_SEC / (stop - start)); check("File modification", verify_ack(&req, "a", 1, ack_hmac)); - + hash_t hmac; /* check inside range, but empty slot */ struct version_info vi = sp_fileinfo(sp, 1, 12, 1, hash_null, &hmac, NULL); @@ -1412,7 +1398,8 @@ void sp_test(void) check("ACL modification 1", success); } - +#endif + if(logleaves < 5) { printf("CDI-IOMT contents: "); |