aboutsummaryrefslogtreecommitdiff
path: root/service_provider.c
diff options
context:
space:
mode:
authorFranklin Wei <me@fwei.tk>2018-07-10 19:55:36 +0000
committerFranklin Wei <me@fwei.tk>2018-07-10 19:55:36 +0000
commit7f4cd7a5065ca29d4644b301b54f2db3e71b1647 (patch)
tree4ab1322ffa45c61297c28209ad6282b262ee5cb8 /service_provider.c
parent1ad0b326b1d9f780b9189383bcc271e2b74b4358 (diff)
downloadcsaa-7f4cd7a5065ca29d4644b301b54f2db3e71b1647.zip
csaa-7f4cd7a5065ca29d4644b301b54f2db3e71b1647.tar.gz
csaa-7f4cd7a5065ca29d4644b301b54f2db3e71b1647.tar.bz2
csaa-7f4cd7a5065ca29d4644b301b54f2db3e71b1647.tar.xz
Track build code/compose file as a hash
Diffstat (limited to 'service_provider.c')
-rw-r--r--service_provider.c155
1 files changed, 71 insertions, 84 deletions
diff --git a/service_provider.c b/service_provider.c
index 3a01111..a064a90 100644
--- a/service_provider.c
+++ b/service_provider.c
@@ -35,12 +35,6 @@ struct file_version {
struct tm_cert vr_cert; /* VR certificate */
hash_t vr_hmac;
-
- /* lines of Dockerfile */
- struct iomt *buildcode;
-
- /* lines of docker-compose.yml */
- struct iomt *composefile;
};
/* should be free'd with free_record */
@@ -144,7 +138,7 @@ struct tm_cert cert_eq(struct service_provider *sp,
/* write to file data_dir/file_idx/version */
void write_contents(const struct service_provider *sp,
- uint64_t file_idx, uint64_t version,
+ uint64_t file_idx, uint64_t version, const char *suffix,
const void *data, size_t len)
{
mkdir(sp->data_dir, 0755);
@@ -155,7 +149,7 @@ void write_contents(const struct service_provider *sp,
mkdir(dirname, 0755);
char filename[MAX_PATH];
- snprintf(filename, sizeof(filename), "%s/%lu/%lu", sp->data_dir, file_idx, version);
+ snprintf(filename, sizeof(filename), "%s/%lu/%lu%s", sp->data_dir, file_idx, version, suffix);
FILE *f = fopen(filename, "w");
@@ -175,14 +169,21 @@ size_t file_len(FILE *f)
}
void *read_contents(const struct service_provider *sp,
- uint64_t file_idx, uint64_t version,
- size_t *len)
+ uint64_t file_idx, uint64_t version, const char *suffix,
+ size_t *len)
{
+ assert(len);
char filename[MAX_PATH];
- snprintf(filename, sizeof(filename), "%s/%lu/%lu", sp->data_dir, file_idx, version);
+ snprintf(filename, sizeof(filename), "%s/%lu/%lu%s", sp->data_dir, file_idx, version, suffix);
FILE *f = fopen(filename, "r");
+ if(!f)
+ {
+ *len = 0;
+ return NULL;
+ }
+
*len = file_len(f);
void *buf = malloc(*len);
@@ -367,8 +368,6 @@ static void free_version(struct file_version *ver)
{
if(ver)
{
- iomt_free(ver->buildcode);
- iomt_free(ver->composefile);
free(ver);
}
}
@@ -489,10 +488,6 @@ static void insert_version(struct service_provider *sp,
sqlite3_bind_blob(st, 5, &ver->vr_cert, sizeof(ver->vr_cert), SQLITE_TRANSIENT);
sqlite3_bind_blob(st, 6, &ver->vr_hmac, sizeof(ver->vr_hmac), SQLITE_TRANSIENT);
- sqlite3_bind_int64(st, 7, ver->buildcode ? ver->buildcode->mt_logleaves : -1);
-
- sqlite3_bind_int64(st, 8, ver->composefile ? ver->composefile->mt_logleaves : -1);
-
int rc = sqlite3_step(st);
if(rc != SQLITE_DONE)
{
@@ -544,21 +539,6 @@ static struct file_version *lookup_version(struct service_provider *sp,
memcpy(&ver->encrypted_secret, sqlite3_column_blob(st, 3), sizeof(ver->encrypted_secret));
memcpy(&ver->vr_cert, sqlite3_column_blob(st, 4), sizeof(ver->vr_cert));
memcpy(&ver->vr_hmac, sqlite3_column_blob(st, 5), sizeof(ver->vr_hmac));
-
- int64_t bc_logleaves = sqlite3_column_int64(st, 6);
- int64_t cf_logleaves = sqlite3_column_int64(st, 7);
-
- ver->buildcode = bc_logleaves >= 0 ? iomt_new_from_db(sp->db,
- "BCNodes", "BCLeaves",
- "FileIdx", file_idx,
- "Version", version,
- bc_logleaves) : NULL;
-
- ver->composefile = cf_logleaves >= 0 ? iomt_new_from_db(sp->db,
- "CFNodes", "CFLeaves",
- "FileIdx", file_idx,
- "Version", version,
- cf_logleaves) : NULL;
return ver;
}
return NULL;
@@ -588,8 +568,9 @@ struct tm_cert sp_request(struct service_provider *sp,
struct tm_cert *vr_out, hash_t *vr_hmac_out,
hash_t *ack_hmac_out,
hash_t encrypted_secret, hash_t kf,
- const struct iomt *buildcode, const struct iomt *composefile,
const void *encrypted_contents, size_t contents_len,
+ const void *buildcode, size_t buildcode_len,
+ const void *composefile, size_t composefile_len,
const struct iomt *new_acl)
{
struct tm_cert vr = cert_null;
@@ -662,23 +643,23 @@ struct tm_cert sp_request(struct service_provider *sp,
ver.version = fr.fr.version;
ver.vr_cert = vr;
ver.vr_hmac = vr_hmac;
-
- if(buildcode)
- ver.buildcode = iomt_dup(buildcode);
-
- if(composefile)
- ver.composefile = iomt_dup(composefile);
-
+
+ /* write to disk */
if(encrypted_contents)
- {
- /* write to disk */
- write_contents(sp, fr.fr.idx, fr.fr.version,
- encrypted_contents, contents_len);
- }
-
+ write_contents(sp, fr.fr.idx, fr.fr.version, "",
+ encrypted_contents, contents_len);
+
+ if(buildcode)
+ write_contents(sp, fr.fr.idx, fr.fr.version, "_bc",
+ buildcode, buildcode_len);
+
+ if(composefile)
+ write_contents(sp, fr.fr.idx, fr.fr.version, "_cf",
+ composefile, composefile_len);
+
insert_version(sp, rec, &ver);
}
-
+
if(need_insert)
insert_record(sp, rec);
else
@@ -810,7 +791,8 @@ struct tm_request sp_createfile(struct service_provider *sp,
NULL, NULL,
ack_hmac,
hash_null, hash_null,
- NULL, NULL,
+ NULL, 0,
+ NULL, 0,
NULL, 0,
acl);
sp->n_placeholders--;
@@ -876,7 +858,8 @@ struct tm_request sp_modifyacl(struct service_provider *sp,
NULL, NULL,
ack_hmac,
hash_null, hash_null,
- NULL, NULL,
+ NULL, 0,
+ NULL, 0,
NULL, 0,
new_acl);
@@ -891,8 +874,9 @@ struct tm_request sp_modifyfile(struct service_provider *sp,
void *userdata,
uint64_t file_idx,
hash_t encrypted_secret, hash_t kf,
- const struct iomt *buildcode, const struct iomt *composefile,
const void *encrypted_file, size_t filelen,
+ const void *buildcode, size_t buildcode_len,
+ const void *composefile, size_t composefile_len,
hash_t *ack_hmac)
{
/* modification */
@@ -924,7 +908,9 @@ struct tm_request sp_modifyfile(struct service_provider *sp,
&acl_orders);
hash_t gamma = sha256(encrypted_file, filelen);
- hash_t lambda = calc_lambda(gamma, buildcode, composefile, kf);
+ hash_t h_bc = buildcode ? sha256(buildcode, buildcode_len) : hash_null;
+ hash_t h_cf = composefile ? sha256(composefile, composefile_len) : hash_null;
+ hash_t lambda = calc_lambda(gamma, h_bc, h_cf, kf);
struct tm_request req = req_filemodify(sp->tm,
&rec->fr_cert, rec->fr_hmac,
@@ -953,8 +939,9 @@ struct tm_request sp_modifyfile(struct service_provider *sp,
&vr, &vr_hmac,
ack_hmac,
encrypted_secret, kf,
- buildcode, composefile,
encrypted_file, filelen,
+ buildcode, buildcode_len,
+ composefile, composefile_len,
NULL);
/* We return the request because that is how the module's
@@ -1042,8 +1029,10 @@ void *sp_retrieve_file(struct service_provider *sp,
uint64_t version,
hash_t *encrypted_secret,
hash_t *kf,
- struct iomt **buildcode,
- struct iomt **composefile,
+ void **buildcode,
+ size_t *bc_len,
+ void **composefile,
+ size_t *cf_len,
size_t *len)
{
struct file_record *rec = lookup_record(sp, file_idx);
@@ -1095,13 +1084,13 @@ void *sp_retrieve_file(struct service_provider *sp,
if(kf)
*kf = ver->kf;
- void *ret = read_contents(sp, file_idx, version, len);
+ void *ret = read_contents(sp, file_idx, version, "", len);
- /* duplicate compose and build files */
+ /* read contents of build/compose files */
if(buildcode)
- *buildcode = iomt_dup(ver->buildcode);
+ *buildcode = read_contents(sp, file_idx, version, "_bc", bc_len);
if(composefile)
- *composefile = iomt_dup(ver->composefile);
+ *composefile = read_contents(sp, file_idx, version, "_cf", cf_len);
free_record(rec);
free_version(ver);
@@ -1166,15 +1155,13 @@ static void sp_handle_client(struct service_provider *sp, int cl)
case MODIFY_FILE:
{
printf("Client: modify file %lu\n", user_req.modify_file.file_idx);
- struct iomt *buildcode = iomt_deserialize(read_from_fd, &cl);
- struct iomt *composefile = iomt_deserialize(read_from_fd, &cl);
- size_t filelen;
- recv(cl, &filelen, sizeof(filelen), MSG_WAITALL);
-
- printf("File is %lu bytes.\n", filelen);
- void *filebuf = malloc(filelen);
- recv(cl, filebuf, filelen, MSG_WAITALL);
+ size_t filelen;
+ void *filebuf = deserialize_file(cl, &filelen);
+ size_t bc_len, cf_len;
+ void *bc = deserialize_file(cl, &bc_len);
+ void *cf = deserialize_file(cl, &cf_len);
+
if(sp_modifyfile(sp,
user_req.user_id,
get_client_signature,
@@ -1182,9 +1169,9 @@ static void sp_handle_client(struct service_provider *sp, int cl)
user_req.modify_file.file_idx,
user_req.modify_file.encrypted_secret,
user_req.modify_file.kf,
- buildcode,
- composefile,
filebuf, filelen,
+ bc, bc_len,
+ cf, cf_len,
&ack_hmac).type == REQ_NONE)
{
printf("Failed: %s\n", tm_geterror());
@@ -1192,8 +1179,6 @@ static void sp_handle_client(struct service_provider *sp, int cl)
free(filebuf);
- iomt_free(buildcode);
- iomt_free(composefile);
write(cl, &ack_hmac, sizeof(ack_hmac));
break;
}
@@ -1224,29 +1209,30 @@ static void sp_handle_client(struct service_provider *sp, int cl)
printf("Client: retrieve file\n");
hash_t encrypted_secret = hash_null, kf = hash_null;
size_t len = 0;
- struct iomt *buildcode = NULL, *composefile = NULL;
+ void *bc = NULL, *cf = NULL;
+ size_t bc_len = 0, cf_len = 0;
+
void *contents = sp_retrieve_file(sp,
user_req.user_id,
user_req.retrieve.file_idx,
user_req.retrieve.version,
&encrypted_secret,
&kf,
- &buildcode,
- &composefile,
+ &bc, &bc_len,
+ &cf, &cf_len,
&len);
/* write everything (no HMAC; the client should do a
* RETRIEVE_INFO request separately) */
write(cl, &encrypted_secret, sizeof(encrypted_secret));
write(cl, &kf, sizeof(kf));
- iomt_serialize(buildcode, write_to_fd, &cl);
- iomt_serialize(composefile, write_to_fd, &cl);
- write(cl, &len, sizeof(len));
- if(contents)
- {
- write(cl, contents, len);
- free(contents);
- }
+ serialize_file(cl, contents, len);
+ serialize_file(cl, bc, bc_len);
+ serialize_file(cl, cf, cf_len);
+
+ free(contents);
+ free(bc);
+ free(cf);
break;
}
@@ -1315,7 +1301,7 @@ void sp_test(void)
clock_t stop = clock();
check("Tree initialization", sp != NULL);
-
+#if 0
{
hash_t ack_hmac;
struct tm_request req = sp_createfile(sp, 1, test_sign_request, "a", &ack_hmac);
@@ -1341,7 +1327,7 @@ void sp_test(void)
printf("%.1f modifications per second\n", (double)N_MODIFY * CLOCKS_PER_SEC / (stop - start));
check("File modification", verify_ack(&req, "a", 1, ack_hmac));
-
+
hash_t hmac;
/* check inside range, but empty slot */
struct version_info vi = sp_fileinfo(sp, 1, 12, 1, hash_null, &hmac, NULL);
@@ -1412,7 +1398,8 @@ void sp_test(void)
check("ACL modification 1", success);
}
-
+#endif
+
if(logleaves < 5)
{
printf("CDI-IOMT contents: ");