Add in header fields for per-object encryption/authentication.

author Michael Vrable <mvrable@cs.ucsd.edu>

Tue, 14 Sep 2010 21:49:39 +0000 (14:49 -0700)

committer Michael Vrable <mvrable@cs.ucsd.edu>

Tue, 14 Sep 2010 21:49:39 +0000 (14:49 -0700)
author Michael Vrable <mvrable@cs.ucsd.edu>
Tue, 14 Sep 2010 21:49:39 +0000 (14:49 -0700)
committer Michael Vrable <mvrable@cs.ucsd.edu>
Tue, 14 Sep 2010 21:49:39 +0000 (14:49 -0700)
diff --git a/bluesky/bluesky-private.h b/bluesky/bluesky-private.h

index 85eb99c..87237cc 100644 (file)
--- a/bluesky/bluesky-private.h
+++ b/bluesky/bluesky-private.h
@@ -213,6 +213,8 @@ struct log_footer {
  
  struct cloudlog_header {
      char magic[4];
+    uint8_t crypt_auth[CRYPTO_HASH_SIZE];
+    uint8_t crypt_iv[CRYPTO_BLOCK_SIZE];
      uint8_t type;
      BlueSkyCloudID id;
      uint64_t inum;
diff --git a/bluesky/bluesky.h b/bluesky/bluesky.h

index c4d175e..9805086 100644 (file)
--- a/bluesky/bluesky.h
+++ b/bluesky/bluesky.h
@@ -88,6 +88,12 @@ void bluesky_string_resize(BlueSkyRCStr *string, gsize len);
  /* Cryptographic operations. */
  #define CRYPTO_BLOCK_SIZE 16        /* 128-bit AES */
  #define CRYPTO_KEY_SIZE   16
+#define CRYPTO_HASH_SIZE  32        /* SHA-256 */
+
+struct BlueSkyCryptKeys {
+    uint8_t encryption_key[CRYPTO_KEY_SIZE];
+    uint8_t authentication_key[CRYPTO_HASH_SIZE];
+};
  
  void bluesky_crypt_init();
  void bluesky_crypt_hash_key(const char *keystr, uint8_t *out);
diff --git a/bluesky/cloudlog.c b/bluesky/cloudlog.c

index 9d2fe37..c4cb1ae 100644 (file)
--- a/bluesky/cloudlog.c
+++ b/bluesky/cloudlog.c
@@ -295,14 +295,14 @@ BlueSkyCloudPointer bluesky_cloudlog_serialize(BlueSkyCloudLog *log,
      GString *data3 = g_string_new("");
      bluesky_serialize_cloudlog(log, data1, data2, data3);
  
-    /* TODO: Right now offset/size are set to the raw data, but we should add
-     * header parsing to the code which loads objects back in. */
      log->location = state->location;
      log->location.offset = state->data->len;
      log->data_size = data1->len;
  
      struct cloudlog_header header;
      memcpy(header.magic, CLOUDLOG_MAGIC, 4);
+    memset(header.crypt_auth, sizeof(header.crypt_auth), 0);
+    memset(header.crypt_iv, sizeof(header.crypt_iv), 0);
      header.type = log->type + '0';
      header.size1 = GUINT32_TO_LE(data1->len);
      header.size2 = GUINT32_TO_LE(data2->len);
diff --git a/cleaner/cleaner b/cleaner/cleaner

index 336537d..1e564e8 100755 (executable)
--- a/cleaner/cleaner
+++ b/cleaner/cleaner
@@ -13,7 +13,8 @@ import boto
  from boto.s3.key import Key
  
  # The BlueSky 'struct cloudlog_header' data type.
-HEADER_FORMAT = '<4sb16sQIII'
+HEADER_FORMAT = '<4s48sb16sQIII'
+HEADER_CRYPTBYTES = 48
  HEADER_MAGIC = 'AgI-'
  HEADER_SIZE = struct.calcsize(HEADER_FORMAT)
  
@@ -114,6 +115,9 @@ class S3Backend:
  class LogItem:
      """In-memory representation of a single item stored in a log file."""
  
+    def __init__(self):
+        self.cryptkeys = '\0' * HEADER_CRYPTBYTES
+
      def __str__(self):
          return "<Item ty=%s location=%s size=%d id=%s...>" % (self.type, self.location, self.size, base64.b16encode(self.id).lower()[0:8])
  
@@ -132,7 +136,8 @@ class LogItem:
          link_locs = ''.join(link_locs)
  
          header = struct.pack(HEADER_FORMAT,
-                             HEADER_MAGIC, ord(self.type), self.id, self.inum,
+                             HEADER_MAGIC, self.cryptkeys,
+                             ord(self.type), self.id, self.inum,
                               len(self.data), len(link_ids), len(link_locs))
          return header + self.data + link_ids + link_locs
  
@@ -211,28 +216,29 @@ class UtilizationTracker:
  def parse_item(data):
      if len(data) < HEADER_SIZE: return
      header = struct.unpack_from(HEADER_FORMAT, data, 0)
-    size = HEADER_SIZE + sum(header[4:7])
+    size = HEADER_SIZE + sum(header[5:8])
  
      if header[0] != HEADER_MAGIC:
          print "Bad header magic!"
          return
  
      if len(data) != size:
-        print "Item size does not match!"
+        print "Item size does not match: %d != %d" % (size, len(data))
          return
  
      item = LogItem()
-    item.id = header[2]
-    item.inum = header[3]
+    item.cryptkeys = header[1]
+    item.id = header[3]
+    item.inum = header[4]
      item.location = None
-    item.type = chr(header[1])
+    item.type = chr(header[2])
      item.size = size
-    item.data = data[HEADER_SIZE : HEADER_SIZE + header[4]]
+    item.data = data[HEADER_SIZE : HEADER_SIZE + header[5]]
      links = []
-    link_ids = data[HEADER_SIZE + header[4]
-                    : HEADER_SIZE + header[4] + header[5]]
-    link_locs = data[HEADER_SIZE + header[4] + header[5]
-                     : HEADER_SIZE + sum(header[4:7])]
+    link_ids = data[HEADER_SIZE + header[5]
+                    : HEADER_SIZE + header[5] + header[6]]
+    link_locs = data[HEADER_SIZE + header[5] + header[6]
+                     : HEADER_SIZE + sum(header[5:8])]
      for i in range(len(link_ids) // 16):
          id = link_ids[16*i : 16*i + 16]
          if id == '\0' * 16:
@@ -268,7 +274,7 @@ def parse_log(data, location=None):
      offset = 0
      while len(data) - offset >= HEADER_SIZE:
          header = struct.unpack_from(HEADER_FORMAT, data, offset)
-        size = HEADER_SIZE + sum(header[4:7])
+        size = HEADER_SIZE + sum(header[5:8])
          if header[0] != HEADER_MAGIC:
              print "Bad header magic!"
              break
author	Michael Vrable <mvrable@cs.ucsd.edu>
	Tue, 14 Sep 2010 21:49:39 +0000 (14:49 -0700)
committer	Michael Vrable <mvrable@cs.ucsd.edu>
	Tue, 14 Sep 2010 21:49:39 +0000 (14:49 -0700)
bluesky/bluesky-private.h		patch \| blob \| history
bluesky/bluesky.h		patch \| blob \| history
bluesky/cloudlog.c		patch \| blob \| history
cleaner/cleaner		patch \| blob \| history