aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFranklin Wei <me@fwei.tk>2018-07-10 22:56:38 -0400
committerFranklin Wei <me@fwei.tk>2018-07-10 22:56:38 -0400
commit8aafb24ff873f9acea736a3574217256e2ebf5d9 (patch)
tree6606b2b7cdbbb75fff5033984c483e8fbec69151
parent7f4cd7a5065ca29d4644b301b54f2db3e71b1647 (diff)
downloadcsaa-8aafb24ff873f9acea736a3574217256e2ebf5d9.zip
csaa-8aafb24ff873f9acea736a3574217256e2ebf5d9.tar.gz
csaa-8aafb24ff873f9acea736a3574217256e2ebf5d9.tar.bz2
csaa-8aafb24ff873f9acea736a3574217256e2ebf5d9.tar.xz
Fix whitespace, indentation; minor changes to plotting script
-rw-r--r--client.c48
-rw-r--r--crypto.c40
-rw-r--r--graph.gnu3
-rw-r--r--service_provider.c112
-rw-r--r--service_provider.h12
-rwxr-xr-xtabulate.sh4
6 files changed, 110 insertions, 109 deletions
diff --git a/client.c b/client.c
index e157057..ebaba73 100644
--- a/client.c
+++ b/client.c
@@ -386,7 +386,7 @@ bool exec_request(int fd, const struct user_request *req,
struct version_info *verinfo_out, /* RETRIEVE_INFO only */
const void *user_key, size_t keylen, /* RETRIEVE_INFO and RETRIEVE_FILE only */
void **buildcode, size_t *bc_len_out, /* RETRIEVE_FILE only */
- void **composefile, size_t *cf_len_out, /* RETRIEVE_FILE only */
+ void **composefile, size_t *cf_len_out, /* RETRIEVE_FILE only */
hash_t *secret_out, /* RETRIEVE_FILE only */
void **file_contents_out, /* RETRIEVE_FILE only */
size_t *file_len) /* RETRIEVE_FILE only */
@@ -401,9 +401,9 @@ bool exec_request(int fd, const struct user_request *req,
break;
case MODIFY_FILE:
/* send build code, compose file, and file contents */
- serialize_file(fd, new_file_contents, len);
- serialize_file(fd, new_bc, new_bc_len);
- serialize_file(fd, new_cf, new_cf_len);
+ serialize_file(fd, new_file_contents, len);
+ serialize_file(fd, new_bc, new_bc_len);
+ serialize_file(fd, new_cf, new_cf_len);
break;
case CREATE_FILE:
case RETRIEVE_INFO:
@@ -424,12 +424,12 @@ bool exec_request(int fd, const struct user_request *req,
if(req->type == MODIFY_FILE)
{
hash_t gamma = sha256(new_file_contents, len);
- hash_t h_bc = new_bc ? sha256(new_bc, new_bc_len) : hash_null;
- hash_t h_cf = new_cf ? sha256(new_cf, new_cf_len) : hash_null;
-
+ hash_t h_bc = new_bc ? sha256(new_bc, new_bc_len) : hash_null;
+ hash_t h_cf = new_cf ? sha256(new_cf, new_cf_len) : hash_null;
+
val = calc_lambda(gamma,
- h_bc,
- h_cf,
+ h_bc,
+ h_cf,
req->modify_file.kf);
}
else if(req->type == MODIFY_ACL)
@@ -478,12 +478,12 @@ bool exec_request(int fd, const struct user_request *req,
else
*secret_out = hash_null;
- *file_contents_out = deserialize_file(fd, file_len);
-
+ *file_contents_out = deserialize_file(fd, file_len);
+
*buildcode = deserialize_file(fd, bc_len_out);
*composefile = deserialize_file(fd, cf_len_out);
- return *file_contents_out != NULL;
+ return *file_contents_out != NULL;
}
default:
assert(false);
@@ -552,8 +552,8 @@ int connect_to_service(const char *sockpath)
void *load_file(const char *path, size_t *len)
{
if(!path)
- return NULL;
-
+ return NULL;
+
FILE *f = fopen(path, "r");
fseek(f, 0, SEEK_END);
*len = ftell(f);
@@ -593,7 +593,7 @@ bool server_request(const char *sockpath,
{
/* these can safely take NULLs */
buildcode = load_file(buildcode_path, &bc_len);
- composefile = load_file(compose_path, &cf_len);
+ composefile = load_file(compose_path, &cf_len);
if(image_path)
{
@@ -649,9 +649,9 @@ bool server_request(const char *sockpath,
bool success = exec_request(fd, &req,
req.type == MODIFY_ACL ? new_acl : NULL,
req.type == MODIFY_FILE ? buildcode : NULL,
- req.type == MODIFY_FILE ? bc_len : 0,
+ req.type == MODIFY_FILE ? bc_len : 0,
req.type == MODIFY_FILE ? composefile : NULL,
- req.type == MODIFY_FILE ? cf_len : 0,
+ req.type == MODIFY_FILE ? cf_len : 0,
req.type == MODIFY_FILE ? file_contents : NULL,
req.type == MODIFY_FILE ? file_len : 0,
req.type <= MODIFY_ACL ? &tmreq : NULL,
@@ -659,9 +659,9 @@ bool server_request(const char *sockpath,
req.type >= RETRIEVE_INFO ? user_key : NULL,
req.type >= RETRIEVE_INFO ? strlen(user_key) : 0,
req.type == RETRIEVE_FILE ? &buildcode : NULL,
- req.type == RETRIEVE_FILE ? &bc_len : NULL,
+ req.type == RETRIEVE_FILE ? &bc_len : NULL,
req.type == RETRIEVE_FILE ? &composefile : NULL,
- req.type == RETRIEVE_FILE ? &cf_len : NULL,
+ req.type == RETRIEVE_FILE ? &cf_len : NULL,
req.type == RETRIEVE_FILE ? &secret : NULL,
req.type == RETRIEVE_FILE ? &file_contents : NULL,
req.type == RETRIEVE_FILE ? &file_len : NULL);
@@ -688,9 +688,9 @@ bool server_request(const char *sockpath,
case RETRIEVE_FILE:
{
hash_t gamma = sha256(file_contents, file_len);
-
- hash_t h_bc = buildcode ? sha256(buildcode, bc_len) : hash_null;
- hash_t h_cf = composefile ? sha256(composefile, cf_len) : hash_null;
+
+ hash_t h_bc = buildcode ? sha256(buildcode, bc_len) : hash_null;
+ hash_t h_cf = composefile ? sha256(composefile, cf_len) : hash_null;
hash_t kf = calc_kf(secret, req.retrieve.file_idx);
@@ -707,10 +707,10 @@ bool server_request(const char *sockpath,
printf("Writing image file to %s.\n", image_path);
write_file(image_path, file_contents, file_len);
- if(buildcode_path && buildcode)
+ if(buildcode_path && buildcode)
write_file(buildcode_path, buildcode, bc_len);
- if(compose_path && composefile)
+ if(compose_path && composefile)
write_file(compose_path, composefile, cf_len);
/* What about build code? We only have the IOMT, not the actual contents. */
diff --git a/crypto.c b/crypto.c
index 6ba1bba..db25779 100644
--- a/crypto.c
+++ b/crypto.c
@@ -224,44 +224,44 @@ hash_t hash_increment(hash_t h)
#include <string.h>
#include <openssl/engine.h>
- static void *OPENSSL_zalloc(size_t num)
- {
+static void *OPENSSL_zalloc(size_t num)
+{
void *ret = OPENSSL_malloc(num);
if (ret != NULL)
memset(ret, 0, num);
return ret;
- }
+}
- const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
- {
+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
+{
return ctx->iv;
- }
+}
- unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
- {
+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
+{
return ctx->iv;
- }
+}
- EVP_MD_CTX *EVP_MD_CTX_new(void)
- {
+EVP_MD_CTX *EVP_MD_CTX_new(void)
+{
return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
- }
+}
- void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
- {
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
+{
EVP_MD_CTX_cleanup(ctx);
OPENSSL_free(ctx);
- }
- HMAC_CTX *HMAC_CTX_new(void)
- {
+}
+HMAC_CTX *HMAC_CTX_new(void)
+{
HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
return ctx;
- }
+}
- void HMAC_CTX_free(HMAC_CTX *ctx)
- {
+void HMAC_CTX_free(HMAC_CTX *ctx)
+{
if (ctx != NULL) {
OPENSSL_free(ctx);
}
diff --git a/graph.gnu b/graph.gnu
index a1edec2..7d3ccc6 100644
--- a/graph.gnu
+++ b/graph.gnu
@@ -1,7 +1,8 @@
set xlabel "logleaves"
set ylabel "avg time per operation (sec)"
set yrange [0:]
-set style line 1 lc rgb '#0060ad' lt 1 lw 2 pt 7 ps .1
+set style line 1 lc rgb '#0060ad' lt 1 lw 2 pt -1 ps 0
+set style line 3 pt -1 ps 0
set terminal eps
set output "graph_create.eps"
diff --git a/service_provider.c b/service_provider.c
index a064a90..707e97f 100644
--- a/service_provider.c
+++ b/service_provider.c
@@ -169,8 +169,8 @@ size_t file_len(FILE *f)
}
void *read_contents(const struct service_provider *sp,
- uint64_t file_idx, uint64_t version, const char *suffix,
- size_t *len)
+ uint64_t file_idx, uint64_t version, const char *suffix,
+ size_t *len)
{
assert(len);
char filename[MAX_PATH];
@@ -180,10 +180,10 @@ void *read_contents(const struct service_provider *sp,
if(!f)
{
- *len = 0;
- return NULL;
+ *len = 0;
+ return NULL;
}
-
+
*len = file_len(f);
void *buf = malloc(*len);
@@ -496,7 +496,7 @@ static void insert_version(struct service_provider *sp,
}
static uint64_t count_versions(struct service_provider *sp,
- uint64_t file_idx)
+ uint64_t file_idx)
{
sqlite3 *handle = sp->db;
@@ -569,8 +569,8 @@ struct tm_cert sp_request(struct service_provider *sp,
hash_t *ack_hmac_out,
hash_t encrypted_secret, hash_t kf,
const void *encrypted_contents, size_t contents_len,
- const void *buildcode, size_t buildcode_len,
- const void *composefile, size_t composefile_len,
+ const void *buildcode, size_t buildcode_len,
+ const void *composefile, size_t composefile_len,
const struct iomt *new_acl)
{
struct tm_cert vr = cert_null;
@@ -643,23 +643,23 @@ struct tm_cert sp_request(struct service_provider *sp,
ver.version = fr.fr.version;
ver.vr_cert = vr;
ver.vr_hmac = vr_hmac;
-
- /* write to disk */
+
+ /* write to disk */
if(encrypted_contents)
- write_contents(sp, fr.fr.idx, fr.fr.version, "",
- encrypted_contents, contents_len);
-
- if(buildcode)
- write_contents(sp, fr.fr.idx, fr.fr.version, "_bc",
- buildcode, buildcode_len);
-
- if(composefile)
- write_contents(sp, fr.fr.idx, fr.fr.version, "_cf",
- composefile, composefile_len);
-
+ write_contents(sp, fr.fr.idx, fr.fr.version, "",
+ encrypted_contents, contents_len);
+
+ if(buildcode)
+ write_contents(sp, fr.fr.idx, fr.fr.version, "_bc",
+ buildcode, buildcode_len);
+
+ if(composefile)
+ write_contents(sp, fr.fr.idx, fr.fr.version, "_cf",
+ composefile, composefile_len);
+
insert_version(sp, rec, &ver);
}
-
+
if(need_insert)
insert_record(sp, rec);
else
@@ -774,8 +774,8 @@ struct tm_request sp_createfile(struct service_provider *sp,
sp->next_fileidx++;
iomt_update_leaf_full(acl,
- 0,
- user_id, user_id, u64_to_hash(3));
+ 0,
+ user_id, user_id, u64_to_hash(3));
struct tm_request req = req_filecreate(sp->tm,
user_id,
@@ -791,7 +791,7 @@ struct tm_request sp_createfile(struct service_provider *sp,
NULL, NULL,
ack_hmac,
hash_null, hash_null,
- NULL, 0,
+ NULL, 0,
NULL, 0,
NULL, 0,
acl);
@@ -858,7 +858,7 @@ struct tm_request sp_modifyacl(struct service_provider *sp,
NULL, NULL,
ack_hmac,
hash_null, hash_null,
- NULL, 0,
+ NULL, 0,
NULL, 0,
NULL, 0,
new_acl);
@@ -875,8 +875,8 @@ struct tm_request sp_modifyfile(struct service_provider *sp,
uint64_t file_idx,
hash_t encrypted_secret, hash_t kf,
const void *encrypted_file, size_t filelen,
- const void *buildcode, size_t buildcode_len,
- const void *composefile, size_t composefile_len,
+ const void *buildcode, size_t buildcode_len,
+ const void *composefile, size_t composefile_len,
hash_t *ack_hmac)
{
/* modification */
@@ -940,8 +940,8 @@ struct tm_request sp_modifyfile(struct service_provider *sp,
ack_hmac,
encrypted_secret, kf,
encrypted_file, filelen,
- buildcode, buildcode_len,
- composefile, composefile_len,
+ buildcode, buildcode_len,
+ composefile, composefile_len,
NULL);
/* We return the request because that is how the module's
@@ -1030,9 +1030,9 @@ void *sp_retrieve_file(struct service_provider *sp,
hash_t *encrypted_secret,
hash_t *kf,
void **buildcode,
- size_t *bc_len,
+ size_t *bc_len,
void **composefile,
- size_t *cf_len,
+ size_t *cf_len,
size_t *len)
{
struct file_record *rec = lookup_record(sp, file_idx);
@@ -1088,9 +1088,9 @@ void *sp_retrieve_file(struct service_provider *sp,
/* read contents of build/compose files */
if(buildcode)
- *buildcode = read_contents(sp, file_idx, version, "_bc", bc_len);
+ *buildcode = read_contents(sp, file_idx, version, "_bc", bc_len);
if(composefile)
- *composefile = read_contents(sp, file_idx, version, "_cf", cf_len);
+ *composefile = read_contents(sp, file_idx, version, "_cf", cf_len);
free_record(rec);
free_version(ver);
@@ -1155,13 +1155,13 @@ static void sp_handle_client(struct service_provider *sp, int cl)
case MODIFY_FILE:
{
printf("Client: modify file %lu\n", user_req.modify_file.file_idx);
- size_t filelen;
- void *filebuf = deserialize_file(cl, &filelen);
+ size_t filelen;
+ void *filebuf = deserialize_file(cl, &filelen);
+
+ size_t bc_len, cf_len;
+ void *bc = deserialize_file(cl, &bc_len);
+ void *cf = deserialize_file(cl, &cf_len);
- size_t bc_len, cf_len;
- void *bc = deserialize_file(cl, &bc_len);
- void *cf = deserialize_file(cl, &cf_len);
-
if(sp_modifyfile(sp,
user_req.user_id,
get_client_signature,
@@ -1170,8 +1170,8 @@ static void sp_handle_client(struct service_provider *sp, int cl)
user_req.modify_file.encrypted_secret,
user_req.modify_file.kf,
filebuf, filelen,
- bc, bc_len,
- cf, cf_len,
+ bc, bc_len,
+ cf, cf_len,
&ack_hmac).type == REQ_NONE)
{
printf("Failed: %s\n", tm_geterror());
@@ -1209,30 +1209,30 @@ static void sp_handle_client(struct service_provider *sp, int cl)
printf("Client: retrieve file\n");
hash_t encrypted_secret = hash_null, kf = hash_null;
size_t len = 0;
- void *bc = NULL, *cf = NULL;
- size_t bc_len = 0, cf_len = 0;
-
+ void *bc = NULL, *cf = NULL;
+ size_t bc_len = 0, cf_len = 0;
+
void *contents = sp_retrieve_file(sp,
user_req.user_id,
user_req.retrieve.file_idx,
user_req.retrieve.version,
&encrypted_secret,
&kf,
- &bc, &bc_len,
- &cf, &cf_len,
+ &bc, &bc_len,
+ &cf, &cf_len,
&len);
/* write everything (no HMAC; the client should do a
* RETRIEVE_INFO request separately) */
write(cl, &encrypted_secret, sizeof(encrypted_secret));
write(cl, &kf, sizeof(kf));
- serialize_file(cl, contents, len);
- serialize_file(cl, bc, bc_len);
- serialize_file(cl, cf, cf_len);
-
- free(contents);
- free(bc);
- free(cf);
+ serialize_file(cl, contents, len);
+ serialize_file(cl, bc, bc_len);
+ serialize_file(cl, cf, cf_len);
+
+ free(contents);
+ free(bc);
+ free(cf);
break;
}
@@ -1327,7 +1327,7 @@ void sp_test(void)
printf("%.1f modifications per second\n", (double)N_MODIFY * CLOCKS_PER_SEC / (stop - start));
check("File modification", verify_ack(&req, "a", 1, ack_hmac));
-
+
hash_t hmac;
/* check inside range, but empty slot */
struct version_info vi = sp_fileinfo(sp, 1, 12, 1, hash_null, &hmac, NULL);
@@ -1399,7 +1399,7 @@ void sp_test(void)
check("ACL modification 1", success);
}
#endif
-
+
if(logleaves < 5)
{
printf("CDI-IOMT contents: ");
diff --git a/service_provider.h b/service_provider.h
index 65ba3bd..97cf37e 100644
--- a/service_provider.h
+++ b/service_provider.h
@@ -85,8 +85,8 @@ struct tm_cert sp_request(struct service_provider *sp,
hash_t *ack_hmac_out,
hash_t encrypted_secret, hash_t kf,
const void *encrypted_contents, size_t contents_len,
- const void *buildcode, size_t buildcode_len,
- const void *composefile, size_t composefile_len,
+ const void *buildcode, size_t buildcode_len,
+ const void *composefile, size_t composefile_len,
const struct iomt *new_acl);
/* Reserve a new file index with user_id added to the ACL. Returns
@@ -113,8 +113,8 @@ struct tm_request sp_modifyfile(struct service_provider *sp,
uint64_t file_idx,
hash_t encrypted_secret, hash_t kf,
const void *encrypted_file, size_t filelen,
- const void *buildcode, size_t buildcode_len,
- const void *composefile, size_t composefile_len,
+ const void *buildcode, size_t buildcode_len,
+ const void *composefile, size_t composefile_len,
hash_t *ack_hmac);
/* Retrieve authenticated information on a version of a file; if
@@ -134,9 +134,9 @@ void *sp_retrieve_file(struct service_provider *sp,
hash_t *encrypted_secret,
hash_t *kf,
void **buildcode,
- size_t *bc_len,
+ size_t *bc_len,
void **composefile,
- size_t *cf_len,
+ size_t *cf_len,
size_t *len);
void sp_test(void);
diff --git a/tabulate.sh b/tabulate.sh
index 9ff2387..b2cfc00 100755
--- a/tabulate.sh
+++ b/tabulate.sh
@@ -1,9 +1,9 @@
#!/bin/bash
-for i in `seq 2 10`
+for i in `seq 2 17`
do
rm -f all_"$i".txt
rm -f dummy_all_"$i".txt
- for j in `seq 1 5`
+ for j in `seq 1 3`
do
echo -n "$i $j " >> all_"$i".txt
echo -n "$i $j " >> dummy_all_"$i".txt