Skip to content

Commit 1c57cc9

Browse files
authored
Use weak pointer internally for peristant key storage (#159)
* Use weak pointer internally for key storage. Clean up duplicate bsl_data inits. * Remove unneeded function
1 parent 9107894 commit 1c57cc9

5 files changed

Lines changed: 44 additions & 27 deletions

File tree

src/Data.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -82,6 +82,10 @@ void BSL_Data_InitMove(BSL_Data_t *data, BSL_Data_t *src)
8282
{
8383
ASSERT_ARG_NONNULL(data);
8484
ASSERT_ARG_NONNULL(src);
85+
if (data == src)
86+
{
87+
return;
88+
}
8589
*data = *src;
8690
bsl_data_int_reset(src);
8791
}

src/Data.h

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,8 @@ int BSL_Data_InitBuffer(BSL_Data_t *data, size_t bytelen);
9090
*/
9191
int BSL_Data_InitView(BSL_Data_t *data, size_t len, BSL_DataPtr_t src);
9292

93-
/// @overload
93+
/** Initialize a data struct with move semantics from an existing struct.
94+
*/
9495
void BSL_Data_InitMove(BSL_Data_t *data, BSL_Data_t *src);
9596

9697
/** De-initialize a data struct, freeing if necessary.

src/crypto/CryptoInterface.c

Lines changed: 34 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@
2727
#include <CryptoInterface.h>
2828

2929
#include <m-dict.h>
30+
#include <m-shared-ptr.h>
3031
#include <m-string.h>
3132
#include <openssl/err.h>
3233
#include <openssl/rand.h>
@@ -48,21 +49,23 @@ typedef struct BSL_CryptoKey_s
4849
BSL_Crypto_KeyStats_t stats;
4950
} BSL_CryptoKey_t;
5051

51-
static int BSL_CryptoKey_Init(BSL_CryptoKey_t *key)
52+
static void BSL_CryptoKey_Init(BSL_CryptoKey_t *key)
5253
{
54+
ASSERT_ARG_NONNULL(key);
55+
5356
key->pkey = NULL;
5457
BSL_Data_Init(&(key->raw));
5558

5659
for (uint64_t i = 0; i < BSL_CRYPTO_KEYSTATS_MAX_INDEX; i++)
5760
{
5861
key->stats.stats[i] = 0;
5962
}
60-
61-
return 0;
6263
}
6364

64-
static int BSL_CryptoKey_Deinit(BSL_CryptoKey_t *key)
65+
static void BSL_CryptoKey_Deinit(BSL_CryptoKey_t *key)
6566
{
67+
ASSERT_ARG_NONNULL(key);
68+
6669
if (key->pkey)
6770
{
6871
EVP_PKEY_free(key->pkey);
@@ -74,19 +77,25 @@ static int BSL_CryptoKey_Deinit(BSL_CryptoKey_t *key)
7477
{
7578
key->stats.stats[i] = 0;
7679
}
77-
return 0;
7880
}
7981

8082
/** M*LIB OPLIST for ::BSL_CryptoKey_t
8183
*/
82-
#define M_OPL_BSL_CryptoKey_t() M_OPEXTEND(M_POD_OPLIST, CLEAR(API_2(BSL_CryptoKey_Deinit)))
84+
#define M_OPL_BSL_CryptoKey_t() \
85+
M_OPEXTEND(M_POD_OPLIST, INIT(API_2(BSL_CryptoKey_Init)), INIT_SET(0), SET(0), CLEAR(API_2(BSL_CryptoKey_Deinit)))
86+
87+
/** @struct BSL_CryptoKeyPtr_t
88+
* Non-thread-safe shared pointer to memory-stable ::BSL_CryptoKey_t struct.
89+
*/
8390
/** @struct BSL_CryptoKeyDict_t
84-
* Stable dict of crypto keys (key: key ID | value: key)
91+
* Stable dict of crypto keys (key: key ID | value: BSL_CryptoKeyPtr_t)
8592
*/
8693
/// @cond Doxygen_Suppress
8794
// NOLINTBEGIN
8895
// GCOV_EXCL_START
89-
DICT_DEF2(BSL_CryptoKeyDict, string_t, STRING_OPLIST, BSL_CryptoKey_t, M_OPL_BSL_CryptoKey_t())
96+
M_SHARED_WEAK_PTR_DEF(BSL_CryptoKeyPtr, BSL_CryptoKey_t, M_OPL_BSL_CryptoKey_t())
97+
M_DICT_DEF2(BSL_CryptoKeyDict, m_string_t, M_STRING_OPLIST, BSL_CryptoKeyPtr_t *,
98+
M_SHARED_PTR_OPLIST(BSL_CryptoKeyPtr, M_OPL_BSL_CryptoKey_t()))
9099
// GCOV_EXCL_STOP
91100
// NOLINTEND
92101
/// @endcond
@@ -634,7 +643,7 @@ int BSL_Crypto_GenKey(size_t key_length, void **key_out)
634643
CHK_PROPERTY(new_key);
635644
BSL_CryptoKey_Init(new_key);
636645

637-
BSL_Data_InitBuffer(&new_key->raw, key_length);
646+
BSL_Data_Resize(&new_key->raw, key_length);
638647
if (rand_bytes_generator(new_key->raw.ptr, (int)new_key->raw.len) != 1)
639648
{
640649
return -2;
@@ -670,19 +679,19 @@ int BSL_Crypto_AddRegistryKey(const char *keyid, const uint8_t *secret, size_t s
670679
CHK_ARG_NONNULL(secret);
671680
CHK_ARG_EXPR(secret_len > 0);
672681

673-
BSL_CryptoKey_t key;
674-
BSL_CryptoKey_Init(&key);
675-
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HMAC, NULL);
676-
int res = EVP_PKEY_keygen_init(ctx);
682+
BSL_CryptoKeyPtr_t *key_ptr = BSL_CryptoKeyPtr_new();
683+
CHK_PROPERTY(key_ptr != NULL);
684+
// actual key struct
685+
BSL_CryptoKey_t *key = BSL_CryptoKeyPtr_ref(key_ptr);
686+
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HMAC, NULL);
687+
int res = EVP_PKEY_keygen_init(ctx);
677688
CHK_PROPERTY(res == 1);
678689

679-
key.pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, secret, (int)secret_len);
690+
key->pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, secret, (int)secret_len);
680691
EVP_PKEY_CTX_free(ctx);
681692

682-
BSL_Data_Init(&key.raw);
683-
684693
int ecode = 0;
685-
if ((ecode = BSL_Data_CopyFrom(&key.raw, secret_len, secret)) < 0)
694+
if ((ecode = BSL_Data_CopyFrom(&key->raw, secret_len, secret)) < 0)
686695
{
687696
BSL_LOG_ERR("Failed to copy key");
688697
return ecode;
@@ -692,9 +701,10 @@ int BSL_Crypto_AddRegistryKey(const char *keyid, const uint8_t *secret, size_t s
692701
string_init_set_str(keyid_str, keyid);
693702

694703
pthread_mutex_lock(&StaticCryptoMutex);
695-
BSL_CryptoKeyDict_set_at(StaticKeyRegistry, keyid_str, key);
704+
BSL_CryptoKeyDict_set_at(StaticKeyRegistry, keyid_str, key_ptr);
696705
pthread_mutex_unlock(&StaticCryptoMutex);
697706

707+
BSL_CryptoKeyPtr_release(key_ptr);
698708
string_clear(keyid_str);
699709
return 0;
700710
}
@@ -709,14 +719,14 @@ int BSL_Crypto_GetRegistryKey(const char *keyid, void **key_handle)
709719

710720
int retval = BSL_SUCCESS;
711721
pthread_mutex_lock(&StaticCryptoMutex);
712-
BSL_CryptoKey_t *found = BSL_CryptoKeyDict_get(StaticKeyRegistry, keyid_str);
722+
BSL_CryptoKeyPtr_t **found = BSL_CryptoKeyDict_get(StaticKeyRegistry, keyid_str);
713723
if (!found)
714724
{
715725
retval = BSL_ERR_NOT_FOUND;
716726
}
717727
else
718728
{
719-
*key_handle = found;
729+
*key_handle = BSL_CryptoKeyPtr_ref(*found);
720730
}
721731
pthread_mutex_unlock(&StaticCryptoMutex);
722732
string_clear(keyid_str);
@@ -746,16 +756,18 @@ int BSL_Crypto_GetKeyStatistics(const char *keyid, BSL_Crypto_KeyStats_t *stats)
746756

747757
int retval = BSL_SUCCESS;
748758
pthread_mutex_lock(&StaticCryptoMutex);
749-
BSL_CryptoKey_t *found = BSL_CryptoKeyDict_get(StaticKeyRegistry, keyid_str);
759+
BSL_CryptoKeyPtr_t **found = BSL_CryptoKeyDict_get(StaticKeyRegistry, keyid_str);
750760
if (!found)
751761
{
752762
retval = BSL_ERR_NOT_FOUND;
753763
}
754764
else
755765
{
766+
const BSL_CryptoKey_t *key = BSL_CryptoKeyPtr_cref(*found);
767+
756768
for (uint64_t i = 0; i < BSL_CRYPTO_KEYSTATS_MAX_INDEX; i++)
757769
{
758-
stats->stats[i] = found->stats.stats[i];
770+
stats->stats[i] = key->stats.stats[i];
759771
}
760772
}
761773
pthread_mutex_unlock(&StaticCryptoMutex);

src/mock_bpa/decode.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -224,7 +224,7 @@ int bsl_mock_decode_primary(QCBORDecodeContext *dec, MockBPA_PrimaryBlock_t *blk
224224
return 4;
225225
}
226226

227-
BSL_Data_InitBuffer(&blk->encoded, end - begin);
227+
BSL_Data_Resize(&blk->encoded, end - begin);
228228
memcpy(blk->encoded.ptr, (const uint8_t *)buf.ptr + begin, blk->encoded.len);
229229

230230
return 0;

src/security_context/BCB_AES_GCM.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ int BSLX_BCB_ComputeAAD(BSLX_BCB_t *bcb_context)
5454
// See: https://www.rfc-editor.org/rfc/rfc9173.html#name-aad-scope-flags
5555
// Note, this over-allocates and is resized downward later.
5656
const size_t aad_len = 1024;
57-
if (BSL_SUCCESS != BSL_Data_InitBuffer(&bcb_context->aad, aad_len))
57+
if (BSL_SUCCESS != BSL_Data_Resize(&bcb_context->aad, aad_len))
5858
{
5959
BSL_LOG_ERR("Failed to allocate AAD space");
6060
return BSL_ERR_INSUFFICIENT_SPACE;
@@ -260,7 +260,7 @@ int BSLX_BCB_Encrypt(BSLX_BCB_t *bcb_context)
260260

261261
// https://www.rfc-editor.org/rfc/rfc9173.html#name-initialization-vector-iv
262262
// "A value of 12 bytes SHOULD be used unless local security policy requires a different length"
263-
BSL_Data_InitBuffer(&bcb_context->iv, RFC9173_BCB_DEFAULT_IV_LEN);
263+
BSL_Data_Resize(&bcb_context->iv, RFC9173_BCB_DEFAULT_IV_LEN);
264264
void *iv_ptr = bcb_context->iv.ptr;
265265
const size_t iv_len = bcb_context->iv.len;
266266
if (BSL_SUCCESS != BSL_Crypto_GenIV(iv_ptr, iv_len))
@@ -550,7 +550,7 @@ int BSLX_BCB_Init(BSLX_BCB_t *bcb_context, BSL_BundleRef_t *bundle, const BSL_Se
550550

551551
bcb_context->bundle = bundle;
552552

553-
if (BSL_SUCCESS != BSL_Data_InitBuffer(&bcb_context->debugstr, 512))
553+
if (BSL_SUCCESS != BSL_Data_Resize(&bcb_context->debugstr, 512))
554554
{
555555
BSL_LOG_ERR("Failed to allocated debug str");
556556
return BSL_ERR_INSUFFICIENT_SPACE;

0 commit comments

Comments
 (0)