aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFranklin Wei <me@fwei.tk>2018-06-20 21:20:04 -0400
committerFranklin Wei <me@fwei.tk>2018-06-20 21:20:04 -0400
commit6f67db25e477a94fc7160fe1052329e41e1f9da7 (patch)
tree74c00fef60d41de3506d44306b2549e4e93d9102
parent9fb1f3ba699a2ff004aaf35f5fc628df7bcf6f1e (diff)
downloadcsaa-6f67db25e477a94fc7160fe1052329e41e1f9da7.zip
csaa-6f67db25e477a94fc7160fe1052329e41e1f9da7.tar.gz
csaa-6f67db25e477a94fc7160fe1052329e41e1f9da7.tar.bz2
csaa-6f67db25e477a94fc7160fe1052329e41e1f9da7.tar.xz
Support creation of line-by-line IOMTs from disk files
Also minor changes to iomt_* interface.
-rw-r--r--container1/Dockerfile2
-rw-r--r--crypto.c83
-rw-r--r--crypto.h18
-rw-r--r--service_provider.c39
4 files changed, 119 insertions, 23 deletions
diff --git a/container1/Dockerfile b/container1/Dockerfile
new file mode 100644
index 0000000..f8be7bb
--- /dev/null
+++ b/container1/Dockerfile
@@ -0,0 +1,2 @@
+line1
+line2 \ No newline at end of file
diff --git a/crypto.c b/crypto.c
index 5752913..1045809 100644
--- a/crypto.c
+++ b/crypto.c
@@ -244,7 +244,7 @@ void restore_nodes(hash_t *nodes, const int *indices, const hash_t *values, int
* point to an array of length mt_logleaves that contains the old node
* values (whose indices are returned by bintree_ancestors()). NOTE:
* this function will NOT set the corresponding IOMT leaf; use
- * iomt_update_by_leafidx for that. */
+ * iomt_update_leaf_full for that. */
void merkle_update(struct iomt *tree, uint64_t leafidx, hash_t newval, hash_t **old_dep)
{
if(old_dep)
@@ -307,8 +307,8 @@ void iomt_update(struct iomt *tree, uint64_t idx, hash_t newval)
merkle_update(tree, leaf - tree->mt_leaves, hash_node(leaf), NULL);
}
-void iomt_update_by_leafidx(struct iomt *tree, uint64_t leafidx,
- uint64_t new_idx, uint64_t new_next_idx, hash_t new_val)
+void iomt_update_leaf_full(struct iomt *tree, uint64_t leafidx,
+ uint64_t new_idx, uint64_t new_next_idx, hash_t new_val)
{
struct iomt_node *leaf = tree->mt_leaves + leafidx;
leaf->idx = new_idx;
@@ -318,6 +318,33 @@ void iomt_update_by_leafidx(struct iomt *tree, uint64_t leafidx,
merkle_update(tree, leafidx, hash_node(leaf), NULL);
}
+void iomt_update_leaf_idx(struct iomt *tree, uint64_t leafidx,
+ uint64_t new_idx)
+{
+ struct iomt_node *leaf = tree->mt_leaves + leafidx;
+ leaf->idx = new_idx;
+
+ merkle_update(tree, leafidx, hash_node(leaf), NULL);
+}
+
+void iomt_update_leaf_nextidx(struct iomt *tree, uint64_t leafidx,
+ uint64_t new_next_idx)
+{
+ struct iomt_node *leaf = tree->mt_leaves + leafidx;
+ leaf->next_idx = new_next_idx;
+
+ merkle_update(tree, leafidx, hash_node(leaf), NULL);
+}
+
+void iomt_update_leaf_hash(struct iomt *tree, uint64_t leafidx,
+ hash_t new_val)
+{
+ struct iomt_node *leaf = tree->mt_leaves + leafidx;
+ leaf->val = new_val;
+
+ merkle_update(tree, leafidx, hash_node(leaf), NULL);
+}
+
/* Create a merkle tree with 2^logleaves leaves, each initialized to a
* zero leaf (not a placeholder!) */
struct iomt *iomt_new(int logleaves)
@@ -357,6 +384,56 @@ void iomt_free(struct iomt *tree)
}
}
+/* arbitrary */
+#define FILELINES_LOGLEAVES 10
+
+struct iomt *iomt_from_lines(const char *filename)
+{
+ struct iomt *tree = iomt_new(FILELINES_LOGLEAVES);
+
+ FILE *f = fopen(filename, "r");
+
+ SHA256_CTX ctx;
+ SHA256_Init(&ctx);
+
+ int c;
+ uint64_t line = 0;
+
+ while(c != EOF)
+ {
+ c = fgetc(f);
+
+ char ch = c;
+
+ if(c != EOF)
+ SHA256_Update(&ctx, &ch, sizeof(ch));
+
+ if(ch == '\n' || c == EOF)
+ {
+ hash_t linehash;
+ SHA256_Final(linehash.hash, &ctx);
+
+ /* set this leaf to loop around */
+ iomt_update_leaf_full(tree, line, line + 1, 1, linehash);
+
+ if(line > 0)
+ {
+ /* make previously inserted leaf point to this leaf */
+ iomt_update_leaf_nextidx(tree, line - 1, line + 1);
+ }
+
+ line++;
+
+ /* re-initialize for next line */
+ SHA256_Init(&ctx);
+ }
+ }
+
+ fclose(f);
+
+ return tree;
+}
+
struct hashstring hash_format(hash_t h, int n)
{
struct hashstring ret;
diff --git a/crypto.h b/crypto.h
index 055259d..3d824e6 100644
--- a/crypto.h
+++ b/crypto.h
@@ -88,9 +88,23 @@ struct iomt *iomt_new(int logleaves);
struct iomt *iomt_dup(const struct iomt *tree);
void iomt_free(struct iomt *tree);
+/* Find a leaf with IOMT index `idx' and change its value, propagating
+ * up the tree. */
void iomt_update(struct iomt *tree, uint64_t idx, hash_t newval);
-void iomt_update_by_leafidx(struct iomt *tree, uint64_t leafidx,
- uint64_t new_idx, uint64_t new_next_idx, hash_t new_val);
+
+/* Set all the fields of a leaf node (not an IOMT index!) */
+void iomt_update_leaf_full(struct iomt *tree, uint64_t leafidx,
+ uint64_t new_idx, uint64_t new_next_idx, hash_t new_val);
+void iomt_update_leaf_idx(struct iomt *tree, uint64_t leafidx,
+ uint64_t new_idx);
+void iomt_update_leaf_nextidx(struct iomt *tree, uint64_t leafidx,
+ uint64_t new_next_idx);
+void iomt_update_leaf_hash(struct iomt *tree, uint64_t leafidx,
+ hash_t new_val);
+
+/* Create an IOMT where the leaves are the hash of file lines */
+struct iomt *iomt_from_lines(const char *filename);
+
void iomt_fill(struct iomt *tree);
void iomt_dump(const struct iomt *tree);
diff --git a/service_provider.c b/service_provider.c
index d55ae49..421d377 100644
--- a/service_provider.c
+++ b/service_provider.c
@@ -156,7 +156,7 @@ struct service_provider *sp_new(const void *key, size_t keylen, int logleaves)
* insert our desired number of nodes by using EQ certificates to
* update the internal IOMT root. Note that leaf indices are
* 1-indexed. */
- iomt_update_by_leafidx(sp->iomt,
+ iomt_update_leaf_full(sp->iomt,
0,
1, 1, hash_null);
@@ -171,29 +171,25 @@ struct service_provider *sp_new(const void *key, size_t keylen, int logleaves)
assert(eq.type == EQ);
/* update previous leaf's index */
- sp->iomt->mt_leaves[i - 1].next_idx = i + 1;
- merkle_update(sp->iomt, i - 1, hash_node(sp->iomt->mt_leaves + i - 1), NULL);
+ iomt_update_leaf_nextidx(sp->iomt, i - 1, i + 1);
/* next_idx is set to 1 to keep everything circularly linked;
* in the next iteration it will be updated to point to the
* next node, if any */
- sp->iomt->mt_leaves[i] = (struct iomt_node) { i + 1, 1, hash_null };
- merkle_update(sp->iomt, i, hash_node(sp->iomt->mt_leaves + i), NULL);
+ iomt_update_leaf_full(sp->iomt, i, i + 1, 1, hash_null);
assert(tm_set_equiv_root(sp->tm, &eq, hmac));
}
- /* We shouldn't need this; the incremental update_tree() calls
- * should give the same result. */
- //fill_tree(sp);
-
- /* everything else is already zeroed by calloc */
return sp;
}
static void free_version(struct file_version *ver)
{
free(ver->contents);
+
+ iomt_free(ver->buildcode);
+ iomt_free(ver->composefile);
}
static void free_record(struct file_record *rec)
@@ -395,7 +391,7 @@ struct user_request sp_createfile(struct service_provider *sp,
hash_t *file_comp = merkle_complement(sp->iomt, i, &file_orders);
struct iomt *acl = iomt_new(ACL_LOGLEAVES);
- iomt_update_by_leafidx(acl,
+ iomt_update_leaf_full(acl,
0,
user_id, user_id, u64_to_hash(3));
@@ -725,19 +721,26 @@ void sp_test(void)
check("File creation", ack_verify(&req, "a", 1, ack_hmac));
+ /* IOMT generation from file */
+ struct iomt *buildcode = iomt_from_lines("container1/Dockerfile");
+ check("IOMT generation from file 1", buildcode != NULL);
+
+ struct iomt_node node1 = { 1, 2, sha256("line1\n", 6) };
+ struct iomt_node node2 = { 2, 1, sha256("line2", 5) };
+
+ hash_t correct_root = merkle_parent(hash_node(&node1), hash_node(&node2), 0);
+ check("IOMT generation from file 2", hash_equals(buildcode->mt_nodes[0], correct_root));
+
#define N_MODIFY 100
start = clock();
for(int i = 0; i < N_MODIFY; ++i)
- req = sp_modifyfile(sp, 1, "a", 1, 1, hash_null, hash_null, NULL, NULL, "contents", 8, &ack_hmac);
+ req = sp_modifyfile(sp, 1, "a", 1, 1, hash_null, hash_null, buildcode, NULL, "contents", 8, &ack_hmac);
stop = clock();
printf("%.1f modifications per second\n", (double)N_MODIFY * CLOCKS_PER_SEC / (stop - start));
check("File modification", ack_verify(&req, "a", 1, ack_hmac));
- }
- /* file info retrieval */
- {
hash_t hmac;
/* check inside range, but empty slot */
struct version_info vi = sp_fileinfo(sp, 1, 12, 1, &hmac);
@@ -757,7 +760,7 @@ void sp_test(void)
hash_t gamma = sha256("contents", 8);
hash_t kf = hash_null;
- hash_t lambda = calc_lambda(gamma, NULL, NULL, kf);
+ hash_t lambda = calc_lambda(gamma, buildcode, NULL, kf);
struct version_info correct = { 1, N_MODIFY + 1, 1, N_MODIFY, lambda };
check("File info retrieval 2", !memcmp(&correct, &vi, sizeof(vi)));
@@ -780,8 +783,8 @@ void sp_test(void)
{
/* ACL modify */
struct iomt *newacl = iomt_new(ACL_LOGLEAVES);
- iomt_update_by_leafidx(newacl, 0, 1, 2, u64_to_hash(3));
- iomt_update_by_leafidx(newacl, 1, 2, 1, u64_to_hash(1));
+ iomt_update_leaf_full(newacl, 0, 1, 2, u64_to_hash(3));
+ iomt_update_leaf_full(newacl, 1, 2, 1, u64_to_hash(1));
hash_t ack;
bool success = true;