aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--client.c22
-rw-r--r--crypto.c9
-rw-r--r--crypto.h2
-rw-r--r--service_provider.c59
4 files changed, 49 insertions, 43 deletions
diff --git a/client.c b/client.c
index b464d56..e84445b 100644
--- a/client.c
+++ b/client.c
@@ -404,9 +404,11 @@ static bool verify_sp_ack(int fd, const struct tm_request *tmr)
}
/* This depends on exec_request */
+/* will profile if profile_out != NULL */
struct version_info request_verinfo(int fd, uint64_t user_id,
const char *user_key, size_t keylen,
- uint64_t file_idx, uint64_t version);
+ uint64_t file_idx, uint64_t version,
+ struct server_profile *profile_out);
/* In case of modifcation or file creation, returns true on successful
* completion of request, as acknowledged by module. In case of info
@@ -559,7 +561,8 @@ bool exec_request(int fd, const struct user_request *req,
/* set version = 0 to get latest version */
struct version_info request_verinfo(int fd, uint64_t user_id,
const char *user_key, size_t keylen,
- uint64_t file_idx, uint64_t version)
+ uint64_t file_idx, uint64_t version,
+ struct server_profile *profile_out)
{
struct user_request req;
@@ -568,6 +571,7 @@ struct version_info request_verinfo(int fd, uint64_t user_id,
req.retrieve.file_idx = file_idx;
req.retrieve.version = version;
req.retrieve.nonce = generate_nonce();
+ req.profile = (profile_out != NULL);
struct version_info verinfo;
@@ -584,7 +588,7 @@ struct version_info request_verinfo(int fd, uint64_t user_id,
NULL,
NULL,
NULL,
- NULL,
+ profile_out,
NULL);
if(rc)
return verinfo;
@@ -641,7 +645,7 @@ bool server_request(const char *sockpath,
orig_verinfo = request_verinfo(fd, user_id,
user_key, strlen(user_key),
req.modify_file.file_idx,
- 0);
+ 0, NULL);
close(fd);
if(orig_verinfo.idx == 0)
@@ -693,7 +697,7 @@ bool server_request(const char *sockpath,
struct version_info verinfo;
struct tm_request tmreq;
- struct server_profile profile;
+ struct server_profile profile, profile_verify; /* profile_verify is used iff profile == true and req.type == RETRIEVE_FILE */
int fd = connect_to_service(sockpath);
@@ -771,7 +775,7 @@ bool server_request(const char *sockpath,
struct version_info verinfo = request_verinfo(fd, user_id,
user_key, strlen(user_key),
req.file_idx,
- 0);
+ 0, &profile_verify);
close(fd);
success = hash_equals(lambda, verinfo.lambda);
@@ -792,6 +796,12 @@ bool server_request(const char *sockpath,
if(req.profile)
{
+ if(req.type == RETRIEVE_FILE)
+ {
+ /* concatenate the verify profile */
+ prof_concat(&profile, &profile_verify);
+ }
+
/* dump to stderr */
prof_dump(&profile, labels, labels_only);
}
diff --git a/crypto.c b/crypto.c
index eae8fb8..402ece9 100644
--- a/crypto.c
+++ b/crypto.c
@@ -541,6 +541,15 @@ void prof_add(struct server_profile *prof, const char *label)
}
}
+/* no bound checks here */
+void prof_concat(struct server_profile *out, const struct server_profile *in)
+{
+ memcpy(out->times + out->n_times, in->times, sizeof(clock_t) * (MAX_TIMES - out->n_times));
+ memcpy(out->labels + out->n_times, in->labels, MAX_LABEL * (MAX_TIMES - out->n_times));
+
+ out->n_times += in->n_times;
+}
+
/* The test scripts depend on the output of this function with -p set
* (labels = false, labels_only = false). Do not change! */
void prof_dump(struct server_profile *profile, bool labels, bool labels_only)
diff --git a/crypto.h b/crypto.h
index bdb4618..23b3809 100644
--- a/crypto.h
+++ b/crypto.h
@@ -135,6 +135,8 @@ void prof_add(struct server_profile *prof, const char *label);
void prof_dump(struct server_profile *profile, bool labels, bool labels_only);
void prof_read(int fd, struct server_profile *profile_out);
+void prof_concat(struct server_profile *out, const struct server_profile *in);
+
/* self-test */
void crypto_test(void);
#endif
diff --git a/service_provider.c b/service_provider.c
index 0959155..3e82fad 100644
--- a/service_provider.c
+++ b/service_provider.c
@@ -108,8 +108,6 @@ struct tm_cert cert_eq(struct service_provider *sp,
int *enc_orders;
hash_t *enc_comp = merkle_complement(sp->iomt, encloser_leafidx, &enc_orders);
- prof_add(&sp->profile, "EQGenComputeHashes");
-
/* we need two NU certificates */
hash_t nu1_hmac, nu2_hmac;
@@ -118,27 +116,21 @@ struct tm_cert cert_eq(struct service_provider *sp,
enc_comp, enc_orders, sp->iomt->mt_logleaves,
&nu1_hmac);
- prof_add(&sp->profile, "EQGenNUGeneration1");
/* We now update the ancestors of the encloser node. */
hash_t *old_depvalues = malloc(sizeof(hash_t) * sp->iomt->mt_logleaves);
merkle_update(sp->iomt, encloser_leafidx, h_encmod, old_depvalues);
- prof_add(&sp->profile, "EQGenEncloserInsert");
int *ins_orders;
hash_t *ins_comp = merkle_complement(sp->iomt, placeholder_leafidx, &ins_orders);
- prof_add(&sp->profile, "EQGenComplementCalculation");
struct tm_cert nu2 = tm_cert_node_update(sp->tm,
hash_null, h_ins,
ins_comp, ins_orders, sp->iomt->mt_logleaves,
&nu2_hmac);
-
- prof_add(&sp->profile, "EQGenNUGeneration2");
/* restore the tree */
uint64_t *dep_indices = bintree_ancestors(encloser_leafidx, sp->iomt->mt_logleaves);
restore_nodes(sp->iomt, dep_indices, old_depvalues, sp->iomt->mt_logleaves);
- prof_add(&sp->profile, "EQGenRestoreTree");
free(dep_indices);
free(old_depvalues);
@@ -599,6 +591,8 @@ struct tm_cert sp_request(struct service_provider *sp,
/* execute the request */
struct tm_cert fr = tm_request(sp->tm, req, req_hmac, &fr_hmac, &vr, &vr_hmac, &ack_hmac);
+ prof_add(&sp->profile, "ExecModuleRequest");
+
/* now update our databases based on the result */
if(fr.type == FR)
{
@@ -780,13 +774,12 @@ struct tm_request sp_createfile(struct service_provider *sp,
i, i + 1,
&hmac);
- prof_add(&sp->profile, "FinishEQGen");
+ prof_add(&sp->profile, "EQGeneration");
assert(eq.type == EQ);
/* update previous leaf's index */
iomt_update_leaf_nextidx(sp->iomt, i - 1, i + 1);
- prof_add(&sp->profile, "UpdatePrevLeaf");
/* next_idx is set to 1 to keep everything circularly linked;
* in the next iteration it will be updated to point to the
@@ -794,15 +787,13 @@ struct tm_request sp_createfile(struct service_provider *sp,
/* for random indices, recall the encloser's old next index,
* and use that here */
iomt_update_leaf_full(sp->iomt, i, i + 1, 1, hash_null);
- prof_add(&sp->profile, "UpdateNewLeaf");
assert(tm_set_equiv_root(sp->tm, &eq, hmac));
- prof_add(&sp->profile, "RootTransition");
sp->n_placeholders++;
}
- prof_add(&sp->profile, "FinishPlaceholderInsert");
+ prof_add(&sp->profile, "PlaceholderInsert");
printf("Allocated leaf index %lu\n", i);
@@ -826,7 +817,7 @@ struct tm_request sp_createfile(struct service_provider *sp,
hash_t req_hmac = sign_request(userdata, &req);
hash_t fr_hmac;
- prof_add(&sp->profile, "FinishFillRequest");
+ prof_add(&sp->profile, "FillRequestStructure");
struct tm_cert fr_cert = sp_request(sp,
&req, req_hmac,
@@ -839,8 +830,6 @@ struct tm_request sp_createfile(struct service_provider *sp,
NULL, 0,
acl);
- prof_add(&sp->profile, "FinishExecutingRequest");
-
sp->n_placeholders--;
/* sp_request() has made a copy of the ACL */
@@ -929,8 +918,6 @@ struct tm_request sp_modifyfile(struct service_provider *sp,
/* modification */
struct file_record *rec = lookup_record(sp, file_idx);
- prof_add(&sp->profile, "FinishDBLookupRecord");
-
if(!rec)
{
printf("Could not find file with index %lu\n", file_idx);
@@ -941,8 +928,6 @@ struct tm_request sp_modifyfile(struct service_provider *sp,
uint64_t file_leafidx;
struct iomt_node file_node = iomt_find_leaf(sp->iomt, file_idx, &file_leafidx);
- prof_add(&sp->profile, "FinishIOMTFindLeaf");
-
if(!file_node.idx)
{
printf("Couldn't find file node???\n");
@@ -953,22 +938,20 @@ struct tm_request sp_modifyfile(struct service_provider *sp,
file_leafidx,
&file_orders);
- prof_add(&sp->profile, "FinishComplementCalculation");
-
uint64_t acl_leafidx;
struct iomt_node acl_node = iomt_find_leaf(rec->acl, user_id, &acl_leafidx);
hash_t *acl_comp = merkle_complement(rec->acl,
acl_leafidx,
&acl_orders);
- prof_add(&sp->profile, "FinishACLComplementCalculation");
+ prof_add(&sp->profile, "LookupRecordAndComplements");
hash_t gamma = sha256(encrypted_file, filelen);
hash_t h_bc = buildcode ? sha256(buildcode, buildcode_len) : hash_null;
hash_t h_cf = composefile ? sha256(composefile, composefile_len) : hash_null;
hash_t lambda = calc_lambda(gamma, h_bc, h_cf, kf);
- prof_add(&sp->profile, "FinishCalculateLambda");
+ prof_add(&sp->profile, "CalculateLambda");
struct tm_request req = req_filemodify(sp->tm,
&rec->fr_cert, rec->fr_hmac,
@@ -986,7 +969,7 @@ struct tm_request sp_modifyfile(struct service_provider *sp,
hash_t req_hmac = sign_request(userdata, &req);
- prof_add(&sp->profile, "FinishFillRequestStructure");
+ prof_add(&sp->profile, "FillRequestStructure");
struct tm_cert vr;
hash_t vr_hmac, fr_hmac;
@@ -1004,8 +987,6 @@ struct tm_request sp_modifyfile(struct service_provider *sp,
composefile, composefile_len,
NULL);
- prof_add(&sp->profile, "FinishExecuteRequest");
-
/* We return the request because that is how the module's
* authentication is done. */
if(new_fr.type == FR)
@@ -1027,6 +1008,13 @@ struct version_info sp_fileinfo(struct service_provider *sp,
struct iomt **acl_out)
{
struct file_record *rec = lookup_record(sp, file_idx);
+
+ if(!version)
+ version = rec->version;
+
+ struct file_version *ver = lookup_version(sp, rec->idx, version);
+
+ prof_add(&sp->profile, "VerifyLookupRecords");
/* RV1 indicates counter */
hash_t rv1_hmac;
@@ -1056,14 +1044,11 @@ struct version_info sp_fileinfo(struct service_provider *sp,
user_id,
&rv2_hmac);
- if(!version)
- version = rec->version;
-
- struct file_version *ver = lookup_version(sp, rec->idx, version);
+ prof_add(&sp->profile, "VerifyRVGen");
if(acl_out)
*acl_out = iomt_dup(rec->acl);
-
+
struct version_info ret = tm_verify_fileinfo(sp->tm,
user_id,
&rv1, rv1_hmac,
@@ -1072,6 +1057,7 @@ struct version_info sp_fileinfo(struct service_provider *sp,
ver ? &ver->vr_cert : NULL, ver ? ver->vr_hmac : hash_null,
nonce,
hmac);
+
free_record(rec);
free_version(ver);
@@ -1099,8 +1085,6 @@ void *sp_retrieve_file(struct service_provider *sp,
{
struct file_record *rec = lookup_record(sp, file_idx);
- prof_add(&sp->profile, "FinishDBLookup");
-
if(!rec || !rec->version)
{
/* Newly created file, no contents. We don't bother to set
@@ -1115,7 +1099,6 @@ void *sp_retrieve_file(struct service_provider *sp,
version = rec->version;
struct file_version *ver = lookup_version(sp, file_idx, version);
- prof_add(&sp->profile, "FinishDBLookupVersion");
if(!ver)
{
@@ -1124,11 +1107,13 @@ void *sp_retrieve_file(struct service_provider *sp,
return NULL;
}
+ prof_add(&sp->profile, "LookupRecords");
+
hash_t rv1_hmac, rv2_hmac;
struct tm_cert rv1 = cert_rv_by_idx(sp->tm, sp->iomt, file_idx, &rv1_hmac);
struct tm_cert rv2 = cert_rv_by_idx(sp->tm, rec->acl, user_id, &rv2_hmac);
- prof_add(&sp->profile, "FinishGenerateRVCerts");
+ prof_add(&sp->profile, "RVGeneration");
if(hash_to_u64(rv2.rv.val) < 1)
{
@@ -1147,7 +1132,7 @@ void *sp_retrieve_file(struct service_provider *sp,
&rec->fr_cert, rec->fr_hmac,
ver->encrypted_secret, ver->kf);
}
- prof_add(&sp->profile, "FinishRetrieveSecret");
+ prof_add(&sp->profile, "RetrieveSecret");
if(kf)
*kf = ver->kf;
generated by cgit v1.1 at 2023-10-01 22:51:20 +0000