aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--crypto.c33
-rw-r--r--crypto.h9
-rw-r--r--helper.c5
-rw-r--r--service_provider.c51
4 files changed, 63 insertions, 35 deletions
diff --git a/crypto.c b/crypto.c
index d14e52e..ae744ae 100644
--- a/crypto.c
+++ b/crypto.c
@@ -277,30 +277,52 @@ void merkle_update(struct iomt *tree, uint64_t leafidx, hash_t newval, hash_t **
}
}
+hash_t iomt_getroot(const struct iomt *tree)
+{
+ return tree->mt_nodes[0];
+}
+
+struct iomt_node *iomt_get_leaf_by_idx(const struct iomt *tree, uint64_t leafidx)
+{
+ return tree->mt_leaves + leafidx;
+}
+
/* find a node with given idx */
-struct iomt_node *iomt_find_leaf(const struct iomt *tree, uint64_t idx)
+struct iomt_node *iomt_find_leaf(const struct iomt *tree, uint64_t idx, uint64_t *leafidx)
{
for(int i = 0; i < tree->mt_leafcount; ++i)
if(idx == tree->mt_leaves[i].idx)
+ {
+ if(leafidx)
+ *leafidx = i;
return tree->mt_leaves + i;
+ }
return NULL;
}
-struct iomt_node *iomt_find_encloser(const struct iomt *tree, uint64_t idx)
+struct iomt_node *iomt_find_encloser(const struct iomt *tree, uint64_t idx, uint64_t *leafidx)
{
for(int i = 0; i < tree->mt_leafcount; ++i)
if(encloses(tree->mt_leaves[i].idx, tree->mt_leaves[i].next_idx, idx))
+ {
+ if(leafidx)
+ *leafidx = i;
return tree->mt_leaves + i;
+ }
return NULL;
}
-struct iomt_node *iomt_find_leaf_or_encloser(const struct iomt *tree, uint64_t idx)
+struct iomt_node *iomt_find_leaf_or_encloser(const struct iomt *tree, uint64_t idx, uint64_t *leafidx)
{
for(int i = 0; i < tree->mt_leafcount; ++i)
{
if(tree->mt_leaves[i].idx == idx ||
encloses(tree->mt_leaves[i].idx, tree->mt_leaves[i].next_idx, idx))
+ {
+ if(leafidx)
+ *leafidx = i;
return tree->mt_leaves + i;
+ }
}
return NULL;
}
@@ -308,10 +330,11 @@ struct iomt_node *iomt_find_leaf_or_encloser(const struct iomt *tree, uint64_t i
void iomt_update(struct iomt *tree, uint64_t idx, hash_t newval)
{
/* update the leaf first, then use merkle_update */
- struct iomt_node *leaf = iomt_find_leaf(tree, idx);
+ uint64_t leafidx;
+ struct iomt_node *leaf = iomt_find_leaf(tree, idx, &leafidx);
leaf->val = newval;
- merkle_update(tree, leaf - tree->mt_leaves, hash_node(leaf), NULL);
+ merkle_update(tree, leafidx, hash_node(leaf), NULL);
}
void iomt_update_leaf_full(struct iomt *tree, uint64_t leafidx,
diff --git a/crypto.h b/crypto.h
index fafdf18..65ead1f 100644
--- a/crypto.h
+++ b/crypto.h
@@ -118,10 +118,13 @@ struct iomt *iomt_deserialize(int (*read_fn)(void *userdata, void *buf, size_t l
void iomt_fill(struct iomt *tree);
void iomt_dump(const struct iomt *tree);
+hash_t iomt_getroot(const struct iomt *tree);
+struct iomt_node *iomt_get_leaf_by_idx(const struct iomt *tree, uint64_t leafidx);
+
/* All linear searches... slow! */
-struct iomt_node *iomt_find_leaf(const struct iomt *tree, uint64_t idx);
-struct iomt_node *iomt_find_encloser(const struct iomt *tree, uint64_t idx);
-struct iomt_node *iomt_find_leaf_or_encloser(const struct iomt *tree, uint64_t idx);
+struct iomt_node *iomt_find_leaf(const struct iomt *tree, uint64_t idx, uint64_t *leafidx);
+struct iomt_node *iomt_find_encloser(const struct iomt *tree, uint64_t idx, uint64_t *leafidx);
+struct iomt_node *iomt_find_leaf_or_encloser(const struct iomt *tree, uint64_t idx, uint64_t *leafidx);
int bintree_parent(int idx);
int bintree_sibling(int idx);
diff --git a/helper.c b/helper.c
index e34e515..15ae695 100644
--- a/helper.c
+++ b/helper.c
@@ -53,14 +53,15 @@ struct tm_cert cert_rv_by_idx(const struct trusted_module *tm,
uint64_t idx,
hash_t *hmac_out)
{
- struct iomt_node *node = iomt_find_leaf_or_encloser(tree, idx);
+ uint64_t leafidx;
+ struct iomt_node *node = iomt_find_leaf_or_encloser(tree, idx, &leafidx);
if(!node)
return cert_null;
/* find the complement */
int *orders;
- hash_t *comp = merkle_complement(tree, node - tree->mt_leaves, &orders);
+ hash_t *comp = merkle_complement(tree, leafidx, &orders);
struct tm_cert cert;
diff --git a/service_provider.c b/service_provider.c
index 86b4864..f09badb 100644
--- a/service_provider.c
+++ b/service_provider.c
@@ -169,7 +169,8 @@ struct service_provider *sp_new(const void *key, size_t keylen, int logleaves)
{
/* generate EQ certificate */
hash_t hmac;
- struct tm_cert eq = cert_eq(sp, sp->iomt->mt_leaves + i - 1,
+ struct tm_cert eq = cert_eq(sp,
+ iomt_get_leaf_by_idx(sp->iomt, i - 1),
i - 1,
i, i + 1,
&hmac);
@@ -295,7 +296,7 @@ struct tm_cert sp_request(struct service_provider *sp,
if(req->type == ACL_UPDATE)
{
/* check that the passed value matches the calculated root */
- assert(hash_equals(req->val, new_acl->mt_nodes[0]));
+ assert(hash_equals(req->val, iomt_getroot(new_acl)));
/* update our ACL */
iomt_free(rec->acl);
@@ -384,7 +385,7 @@ struct tm_request sp_createfile(struct service_provider *sp,
/* Find an empty leaf node */
for(i = 0; i < sp->iomt->mt_leafcount; ++i)
{
- if(is_zero(sp->iomt->mt_leaves[i].val))
+ if(is_zero(iomt_get_leaf_by_idx(sp->iomt, i)->val))
break;
}
@@ -404,7 +405,7 @@ struct tm_request sp_createfile(struct service_provider *sp,
struct tm_request req = req_filecreate(sp->tm,
user_id,
- sp->iomt->mt_leaves + i,
+ iomt_get_leaf_by_idx(sp->iomt, i),
file_comp, file_orders, sp->iomt->mt_logleaves);
hash_t req_hmac = sign_request(userdata, &req);
@@ -445,15 +446,17 @@ struct tm_request sp_modifyacl(struct service_provider *sp,
return req_null;
int *file_orders, *acl_orders;
- struct iomt_node *file_node = iomt_find_leaf(sp->iomt, file_idx);
+ uint64_t file_leafidx;
+ struct iomt_node *file_node = iomt_find_leaf(sp->iomt, file_idx, &file_leafidx);
hash_t *file_comp = merkle_complement(sp->iomt,
- file_node - sp->iomt->mt_leaves,
+ file_leafidx,
&file_orders);
- struct iomt_node *acl_node = iomt_find_leaf(rec->acl, user_id);
+ uint64_t acl_leafidx;
+ struct iomt_node *acl_node = iomt_find_leaf(rec->acl, user_id, &acl_leafidx);
hash_t *acl_comp = merkle_complement(rec->acl,
- acl_node - rec->acl->mt_leaves,
+ acl_leafidx,
&acl_orders);
struct tm_request req = req_aclmodify(sp->tm,
@@ -462,7 +465,7 @@ struct tm_request sp_modifyacl(struct service_provider *sp,
file_comp, file_orders, sp->iomt->mt_logleaves,
acl_node,
acl_comp, acl_orders, rec->acl->mt_logleaves,
- new_acl->mt_nodes[0]);
+ iomt_getroot(new_acl));
free(file_comp);
free(file_orders);
@@ -505,15 +508,17 @@ struct tm_request sp_modifyfile(struct service_provider *sp,
}
int *file_orders, *acl_orders;
- struct iomt_node *file_node = iomt_find_leaf(sp->iomt, file_idx);
+ uint64_t file_leafidx;
+ struct iomt_node *file_node = iomt_find_leaf(sp->iomt, file_idx, &file_leafidx);
hash_t *file_comp = merkle_complement(sp->iomt,
- file_node - sp->iomt->mt_leaves,
+ file_leafidx,
&file_orders);
- struct iomt_node *acl_node = iomt_find_leaf(rec->acl, user_id);
+ uint64_t acl_leafidx;
+ struct iomt_node *acl_node = iomt_find_leaf(rec->acl, user_id, &acl_leafidx);
hash_t *acl_comp = merkle_complement(rec->acl,
- acl_node - rec->acl->mt_leaves,
+ acl_leafidx,
&acl_orders);
hash_t gamma = sha256(encrypted_file, filelen);
@@ -587,35 +592,31 @@ struct version_info sp_fileinfo(struct service_provider *sp,
if(1 <= file_idx && file_idx <= sp->iomt->mt_leafcount)
{
- int *orders, *compidx;
- compidx = bintree_complement(file_idx - 1, sp->iomt->mt_logleaves, &orders);
- hash_t *comp = lookup_nodes(sp->iomt->mt_nodes, compidx, sp->iomt->mt_logleaves);
+ int *orders;
+ hash_t *comp = merkle_complement(sp->iomt, file_idx - 1, &orders);
/* Placeholder exists. */
rv1 = cert_rv(sp->tm,
- sp->iomt->mt_leaves + file_idx - 1,
+ iomt_get_leaf_by_idx(sp->iomt, file_idx - 1),
comp, orders, sp->iomt->mt_logleaves,
&rv1_hmac,
0, NULL, NULL);
free(comp);
- free(compidx);
free(orders);
}
else
{
/* Use last node as encloser */
- int *orders, *compidx;
- compidx = bintree_complement(sp->iomt->mt_leafcount - 1, sp->iomt->mt_logleaves, &orders);
- hash_t *comp = lookup_nodes(sp->iomt->mt_nodes, compidx, sp->iomt->mt_logleaves);
+ int *orders;
+ hash_t *comp = merkle_complement(sp->iomt, sp->iomt->mt_leafcount - 1, &orders);
cert_rv(sp->tm,
- sp->iomt->mt_leaves + sp->iomt->mt_leafcount - 1,
+ iomt_get_leaf_by_idx(sp->iomt, sp->iomt->mt_leafcount - 1),
comp, orders, sp->iomt->mt_logleaves,
NULL,
file_idx, &rv1, &rv1_hmac);
free(comp);
- free(compidx);
free(orders);
}
@@ -937,7 +938,7 @@ void sp_test(void)
struct iomt_node node2 = { 2, 1, sha256("line2", 5) };
hash_t correct_root = merkle_parent(hash_node(&node1), hash_node(&node2), 0);
- check("IOMT generation from file 2", hash_equals(buildcode->mt_nodes[0], correct_root));
+ check("IOMT generation from file 2", hash_equals(iomt_getroot(buildcode), correct_root));
#define N_MODIFY 100
start = clock();
@@ -1032,7 +1033,7 @@ void sp_test(void)
{
struct iomt_node a = { 1, 2, u64_to_hash(2) };
struct iomt_node b = { 2, 1, hash_null };
- check("Merkle tree initialization", hash_equals(sp->iomt->mt_nodes[0], merkle_parent(hash_node(&a), hash_node(&b), 0)));
+ check("Merkle tree initialization", hash_equals(iomt_getroot(sp->iomt), merkle_parent(hash_node(&a), hash_node(&b), 0)));
}
sp_free(sp);