PKIError InitCKMInfo(void) { FUNCTION_INIT(); FILE *filePointer = NULL; int count = 1; int objectsRead = 0; int objectsWrote = 0; if (!g_ckmInfo.CKMInfoIsLoaded) { filePointer = fopen(CA_STORAGE_FILE, "rb"); if (filePointer) //read existing storage { objectsRead = fread(&g_ckmInfo, sizeof(CKMInfo_t), count, filePointer); g_ckmInfo.CACertificateChain = CA_CERTIFICATE_CHAIN_MEMORY_IS_NOT_ALLOCATED; CHECK_EQUAL(objectsRead, count, ISSUER_CA_STORAGE_FILE_READ_ERROR); } else ////create new storage { filePointer = fopen(CA_STORAGE_FILE, "wb"); CHECK_NULL(filePointer, ISSUER_CA_STORAGE_FILE_WRITE_ERROR); objectsWrote = fwrite(&g_ckmInfo, sizeof(CKMInfo_t), count, filePointer); CHECK_EQUAL(objectsWrote, count, ISSUER_CA_STORAGE_FILE_WRITE_ERROR); } CHECK_CALL(InitCRL); CHECK_CALL(InitCRT); g_ckmInfo.CKMInfoIsLoaded = CKM_INFO_IS_LOADED; } FUNCTION_CLEAR( if (filePointer) { fclose(filePointer); filePointer = NULL; } );
/*---------------------------------------------------------------------*/ bool MakeSSLRequest(const char* hostname, int port, ClientFunction client_func, void* client_data) { // Set up context SSL_CTX* ctx = InitCTX(); CHECK_CALL(ctx); // Connect to server int server = OpenConnection(hostname, port); if(server < 0) return false; CHECK_CALL(server); SSL* ssl = SSL_new(ctx); SSL_set_fd(ssl, server); // Do handshake if ( SSL_connect(ssl) == FAIL ) { ERR_print_errors_fp(stderr); return false; } client_func(ssl, client_data); fprintf(stderr, "Connected with %s encryption\n", SSL_get_cipher(ssl)); SSL_free(ssl); close(server); SSL_CTX_free(ctx); ERR_free_strings(); EVP_cleanup(); return true; }
WEAK void halide_release() { // CUcontext ignore; // TODO: this is for timing; bad for release-mode performance CHECK_CALL( cuCtxSynchronize(), "cuCtxSynchronize on exit" ); // Only destroy the context if we own it if (weak_cuda_ctx) { CHECK_CALL( cuCtxDestroy(weak_cuda_ctx), "cuCtxDestroy on exit" ); weak_cuda_ctx = 0; } // Destroy the events if (__start) { cuEventDestroy(__start); cuEventDestroy(__end); __start = __end = 0; } // Unload the module if (__mod) { CHECK_CALL( cuModuleUnload(__mod), "cuModuleUnload" ); __mod = 0; } //CHECK_CALL( cuCtxPopCurrent(&ignore), "cuCtxPopCurrent" ); }
BIGNUM* Commit(const_ProductStatement st, const BIGNUM* m1, const BIGNUM* m2) { unsigned char digest[SHA_DIGEST_LENGTH]; SHA_CTX sha; CHECK_CALL(SHA1_Init(&sha)); AddBignumToHash(&sha, IntegerGroup_GetP(st->group)); AddBignumToHash(&sha, IntegerGroup_GetQ(st->group)); AddBignumToHash(&sha, IntegerGroup_GetG(st->group)); AddBignumToHash(&sha, IntegerGroup_GetH(st->group)); AddBignumToHash(&sha, st->commit_a); AddBignumToHash(&sha, st->commit_b); AddBignumToHash(&sha, st->commit_c); AddBignumToHash(&sha, m1); AddBignumToHash(&sha, m2); CHECK_CALL(SHA1_Final(digest, &sha)); BIGNUM* result = BN_bin2bn(digest, SHA_DIGEST_LENGTH, NULL); CHECK_CALL(result); CHECK_CALL(BN_mod(result, result, IntegerGroup_GetQ(st->group), IntegerGroup_GetCtx(st->group))); return result; }
bool MakePrime(RsaParams params, const BIGNUM* value, BIGNUM** delta_ret, BN_CTX* ctx) { BIGNUM* tmp = BN_dup(value); CHECK_CALL(tmp); // Find a delta such that // p = value + delta // is prime const int delta_max = RsaParams_GetDeltaMax(params); bool is_even = !BN_is_odd(tmp); if(is_even) { CHECK_CALL(BN_add_word(tmp, 1)); } if(!RsaPrime(*delta_ret, tmp, ctx)) return false; if(is_even) { CHECK_CALL(BN_add_word(*delta_ret, 1)); } // printf("%llu %d\n", BN_get_word(*delta_ret), delta_max); if(BN_get_word(*delta_ret) > delta_max) return false; BN_clear_free(tmp); return true; }
ProductEvidence ProductEvidence_Unserialize(FILE* fp) { ProductEvidence ev = safe_malloc(sizeof(*ev)); ev->c = BN_new(); ev->z = BN_new(); ev->w1 = BN_new(); ev->w2 = BN_new(); CHECK_CALL(ev->c); CHECK_CALL(ev->z); CHECK_CALL(ev->w1); CHECK_CALL(ev->w2); if(!(ReadOneBignum(&(ev->c), fp, str_c) && ReadOneBignum(&(ev->z), fp, str_z) && ReadOneBignum(&(ev->w1), fp, str_w1) && ReadOneBignum(&(ev->w2), fp, str_w2))) { BN_clear_free(ev->c); BN_clear_free(ev->z); BN_clear_free(ev->w1); BN_clear_free(ev->w2); free(ev); return NULL; } return ev; }
void Redirect(const char *target_path, int fd, const char *name) { if (target_path != NULL && strcmp(target_path, "-") != 0) { int fd_out; const int flags = O_WRONLY | O_CREAT | O_TRUNC | O_APPEND; CHECK_CALL(fd_out = open(target_path, flags, 0666)); CHECK_CALL(dup2(fd_out, fd)); CHECK_CALL(close(fd_out)); } }
void AddBignumToHash(SHA_CTX* sha, const BIGNUM* bn) { const int n_bytes = BN_num_bytes(bn); unsigned char* bytes = safe_malloc(sizeof(unsigned char) * n_bytes); CHECK_CALL(BN_bn2bin(bn, bytes)); CHECK_CALL(SHA1_Update(sha, (void*)bytes, n_bytes)); free(bytes); }
X509* DsaCa_SignCertificate(DsaCa ca, X509* cert_in) { CHECK_CALL(X509_verify(cert_in, DsaParams_GetEaPublicKey(ca->params))); CHECK_CALL(cert_in); X509* cert_out = X509_dup(cert_in); CHECK_CALL(cert_out); CHECK_CALL(X509_sign(cert_in, DsaParams_GetCaPrivateKey(ca->params), EVP_sha1())); return cert_out; }
bool RsaDevice_SetEntropyResponse(RsaDevice d, const BIGNUM* x_prime, const BIGNUM* y_prime) { if(!RsaParams_InRange(d->params, x_prime)) return false; if(!RsaParams_InRange(d->params, y_prime)) return false; CHECK_CALL(d->x_prime = BN_dup(x_prime)); CHECK_CALL(d->y_prime = BN_dup(y_prime)); return true; }
/** * Multiplication protocol from: * "Zero-Knowledge Proofs for Finite Field Arithmetic or: * Can Zero-Knowledge be for Free?" * Cramer and Damgard - BRICS Report RS-97-27 * November 1997 * * ftp://ftp.cs.au.dk/pub/BRICS/pub/RS/97/27/BRICS-RS-97-27.pdf */ ProductStatement ProductStatement_New(const_IntegerGroup group, const BIGNUM* commit_a, const BIGNUM* commit_b, const BIGNUM* commit_c) { ProductStatement st = safe_malloc(sizeof(*st)); st->group = group; CHECK_CALL(st->commit_a = BN_dup(commit_a)); CHECK_CALL(st->commit_b = BN_dup(commit_b)); CHECK_CALL(st->commit_c = BN_dup(commit_c)); return st; }
HRESULT IDirect3DQuery9InterceptorStub::DoSpecific(DXMethodCallPtr call) { switch (call->GetToken()) { case DXMethodCallHelper::TOK_IDirect3DQuery9_QueryInterface: { IID param1; CHECK_CALL(call->Pop_IID(¶m1)); DXIgnoredParameter ignoredParam; CHECK_CALL(call->Pop_DXIgnoredParameter(&ignoredParam)); VOID* param2; HRESULT hr = m_original->QueryInterface(param1, ¶m2); CHECK_CALL_RETURN_VALUE_HRESULT(hr); } break; case DXMethodCallHelper::TOK_IDirect3DQuery9_AddRef: { ULONG result = m_original->AddRef(); CHECK_CALL_RETURN_VALUE(ULONG, result); } break; case DXMethodCallHelper::TOK_IDirect3DQuery9_Release: { ULONG result = m_original->Release(); if (!result) { m_painter->RemoveStub(this); m_original = NULL; } CHECK_CALL_RETURN_VALUE_ADDREF_RELEASE(ULONG, result); } break; case DXMethodCallHelper::TOK_IDirect3DQuery9_GetDevice: { DXResourceObjectID param1ResID; CHECK_CALL(call->Pop_DXResourceObjectID(¶m1ResID)); IDirect3DDevice9* param1; HRESULT hr = m_original->GetDevice(¶m1); CHECK_CALL_RETURN_VALUE_HRESULT(hr); } break; } return E_NOTIMPL; }
bool RsaDevice_GenEntropyRequest(RsaDevice d, BIGNUM* commit_x, BIGNUM* commit_y) { if(d->x || d->y) return false; PrintTime("Getting x, y, r_p, r_q"); CHECK_CALL(d->x = RsaParams_RandomLargeValue(d->params)); CHECK_CALL(d->y = RsaParams_RandomLargeValue(d->params)); CHECK_CALL(d->rand_p = IntegerGroup_RandomExponent(RsaParams_GetGroup(d->params))); CHECK_CALL(d->rand_q = IntegerGroup_RandomExponent(RsaParams_GetGroup(d->params))); PrintTime("...done"); bool retval = (d->x && d->y && d->rand_p && d->rand_q); PrintTime("Generating C(x), C(y)"); BIGNUM* cx = IntegerGroup_Commit(RsaParams_GetGroup(d->params), d->x, d->rand_p); BIGNUM* cy = IntegerGroup_Commit(RsaParams_GetGroup(d->params), d->y, d->rand_q); PrintTime("...done"); CHECK_CALL(cx); CHECK_CALL(cy); CHECK_CALL(BN_copy(commit_x, cx)); CHECK_CALL(BN_copy(commit_y, cy)); BN_clear_free(cx); BN_clear_free(cy); return retval; }
WEAK void halide_dev_run( const char* entry_name, int blocksX, int blocksY, int blocksZ, int threadsX, int threadsY, int threadsZ, int shared_mem_bytes, size_t arg_sizes[], void* args[]) { cl_kernel f = __get_kernel(entry_name); #ifndef DEBUG char msg[1]; #else char msg[256]; snprintf( msg, 256, "dev_run %s with (%dx%dx%d) blks, (%dx%dx%d) threads, %d shmem (t=%lld)", entry_name, blocksX, blocksY, blocksZ, threadsX, threadsY, threadsZ, shared_mem_bytes, (long long)halide_current_time_ns() ); #endif // Pack dims size_t global_dim[3] = {blocksX*threadsX, blocksY*threadsY, blocksZ*threadsZ}; size_t local_dim[3] = {threadsX, threadsY, threadsZ}; // Set args int i = 0; while (arg_sizes[i] != 0) { CHECK_CALL( clSetKernelArg(f, i, arg_sizes[i], args[i]), "clSetKernelArg" ); i++; } // Set the shared mem buffer last // Always set at least 1 byte of shmem, to keep the launch happy CHECK_CALL( clSetKernelArg(f, i, (shared_mem_bytes > 0) ? shared_mem_bytes : 1, NULL), "clSetKernelArg" ); // Launch kernel TIME_START(); int err = clEnqueueNDRangeKernel( cl_q, f, 3, NULL, global_dim, local_dim, 0, NULL, NULL ); CHECK_ERR(err, "clEnqueueNDRangeKernel"); TIME_CHECK(msg); }
// Set up a signal handler which kills all subprocesses when the // given signal is triggered. static void InstallSignalHandler(int sig) { struct sigaction sa = {}; sa.sa_handler = OnSignal; sigemptyset(&sa.sa_mask); CHECK_CALL(sigaction(sig, &sa, NULL)); }
WEAK void halide_dev_run( void *user_context, const char* entry_name, int blocksX, int blocksY, int blocksZ, int threadsX, int threadsY, int threadsZ, int shared_mem_bytes, size_t arg_sizes[], void* args[]) { cl_kernel f = __get_kernel(user_context, entry_name); #ifdef DEBUG halide_printf(user_context, "dev_run %s with (%dx%dx%d) blks, (%dx%dx%d) threads, %d shmem\n", entry_name, blocksX, blocksY, blocksZ, threadsX, threadsY, threadsZ, shared_mem_bytes ); #endif // Pack dims size_t global_dim[3] = {blocksX*threadsX, blocksY*threadsY, blocksZ*threadsZ}; size_t local_dim[3] = {threadsX, threadsY, threadsZ}; // Set args int i = 0; while (arg_sizes[i] != 0) { #ifdef DEBUG halide_printf(user_context, "clSetKernelArg %i %i [0x%x ...]\n", i, arg_sizes[i], *(int *)args[i]); #endif CHECK_CALL( clSetKernelArg(f, i, arg_sizes[i], args[i]), "clSetKernelArg" ); i++; } // Set the shared mem buffer last // Always set at least 1 byte of shmem, to keep the launch happy CHECK_CALL( clSetKernelArg(f, i, (shared_mem_bytes > 0) ? shared_mem_bytes : 1, NULL), "clSetKernelArg" ); // Launch kernel int err = clEnqueueNDRangeKernel( *cl_q, f, 3, NULL, global_dim, local_dim, 0, NULL, NULL ); CHECK_ERR(err, "clEnqueueNDRangeKernel"); }
WEAK void halide_release() { // TODO: this is for timing; bad for release-mode performance #ifdef DEBUG halide_printf("dev_sync on exit" ); #endif halide_dev_sync(); // Unload the module if (__mod) { CHECK_CALL( clReleaseProgram(__mod), "clReleaseProgram" ); __mod = 0; } // Unload context (ref counted). CHECK_CALL( clReleaseCommandQueue(cl_q), "clReleaseCommandQueue" ); CHECK_CALL( clReleaseContext(cl_ctx), "clReleaseContext" ); }
int SwitchToEgid() { int gid = getgid(); int egid = getegid(); if (gid != egid) { CHECK_CALL(setregid(egid, egid)); } return egid; }
int SwitchToEuid() { int uid = getuid(); int euid = geteuid(); if (uid != euid) { CHECK_CALL(setreuid(euid, euid)); } return euid; }
void ClearSignalMask() { // Use an empty signal mask for the process. sigset_t empty_sset; CHECK_CALL(sigemptyset(&empty_sset)); CHECK_CALL(sigprocmask(SIG_SETMASK, &empty_sset, NULL)); // Set the default signal handler for all signals. for (int i = 1; i < NSIG; ++i) { if (i == SIGKILL || i == SIGSTOP) { continue; } struct sigaction sa = {.sa_handler = SIG_DFL}; CHECK_CALL(sigemptyset(&sa.sa_mask)); // Ignore possible errors, because we might not be allowed to set the // handler for certain signals, but we still want to try. sigaction(i, &sa, NULL); } }
inline void CommandContext<T, N, L>::resetCommandList(const size_t index, ID3D12PipelineState* state) { assert(index < L); // After a command list has been executed, it can be then // reset at any time (and must be before re-recording). auto commandListAllocator = m_commandAllocators[m_frameAllocatorSet][index].Get(); CHECK_CALL(m_commandLists[index]->Reset(commandListAllocator, state), "Failed to reset the command list."); }
PKIError GenerateCAKeyPair (ByteArray *caPrivateKey, ByteArray *caPublicKey) { FUNCTION_INIT(); CHECK_NULL(caPrivateKey, ISSUER_NULL_PASSED); CHECK_NULL(caPrivateKey->data, ISSUER_NULL_PASSED); CHECK_NULL(caPublicKey, ISSUER_NULL_PASSED); CHECK_NULL(caPublicKey->data, ISSUER_NULL_PASSED); CHECK_COND(uECC_make_key(caPublicKey->data, caPrivateKey->data), ISSUER_MAKE_KEY_ERROR); caPublicKey->len = PUBLIC_KEY_SIZE; caPrivateKey->len = PRIVATE_KEY_SIZE; CHECK_CALL(InitCKMInfo); CHECK_CALL(SetCAPrivateKey, caPrivateKey); CHECK_CALL(SetCAPublicKey, caPublicKey); CHECK_CALL(SaveCKMInfo); FUNCTION_CLEAR(); }
inline void CommandContext<T, N, L>::syncThread(const uint64_t fenceValue) { // fence->GetCompletedValue() returns the value of the fence reached so far. // If we haven't reached the fence with 'fenceValue' yet... if (m_fence->GetCompletedValue() < fenceValue) { // ... we wait using a synchronization event. CHECK_CALL(m_fence->SetEventOnCompletion(fenceValue, m_syncEvent), "Failed to set a synchronization event."); WaitForSingleObject(m_syncEvent, INFINITE); } }
// Run the command specified by the argv array and kill it after timeout // seconds. static void SpawnCommand(char *const *argv, double timeout_secs) { CHECK_CALL(global_child_pid = fork()); if (global_child_pid == 0) { // In child. CHECK_CALL(setsid()); ClearSignalMask(); // Force umask to include read and execute for everyone, to make // output permissions predictable. umask(022); // Does not return unless something went wrong. execvp(argv[0], argv); err(EXIT_FAILURE, "execvp(\"%s\", ...)", argv[0]); } else { // In parent. // Set up a signal handler which kills all subprocesses when the given // signal is triggered. HandleSignal(SIGALRM, OnSignal); HandleSignal(SIGTERM, OnSignal); HandleSignal(SIGINT, OnSignal); SetTimeout(timeout_secs); int status = WaitChild(global_child_pid, argv[0]); // The child is done for, but may have grandchildren that we still have to // kill. kill(-global_child_pid, SIGKILL); if (global_signal > 0) { // Don't trust the exit code if we got a timeout or signal. UnHandle(global_signal); raise(global_signal); } else if (WIFEXITED(status)) { exit(WEXITSTATUS(status)); } else { int sig = WTERMSIG(status); UnHandle(sig); raise(sig); } } }
void BringupInterface(const char *name) { int fd; struct ifreq ifr; CHECK_CALL(fd = socket(AF_INET, SOCK_DGRAM, 0)); memset(&ifr, 0, sizeof(ifr)); strncpy(ifr.ifr_name, name, IF_NAMESIZE); // Verify that name is valid. CHECK_CALL(if_nametoindex(ifr.ifr_name)); // Enable the interface ifr.ifr_flags |= IFF_UP; CHECK_CALL(ioctl(fd, SIOCSIFFLAGS, &ifr)); CHECK_CALL(close(fd)); }
WEAK void halide_dev_free(buffer_t* buf) { #ifndef NDEBUG fprintf(stderr, "In dev_free of %p - dev: 0x%zx\n", buf, buf->dev); #endif assert(halide_validate_dev_pointer(buf)); CHECK_CALL( cuMemFree(buf->dev), "cuMemFree" ); buf->dev = 0; }
WEAK void halide_dev_free(buffer_t* buf) { #ifdef DEBUG halide_printf("In dev_free of %p - dev: 0x%p\n", buf, (void*)buf->dev); halide_assert(halide_validate_dev_pointer(buf)); #endif CHECK_CALL( cuMemFree(buf->dev), "cuMemFree" ); buf->dev = 0; }
bool ProductEvidence_Verify(const_ProductEvidence ev, const_ProductStatement st) { const BIGNUM* g = IntegerGroup_GetG(st->group); const BIGNUM* h = IntegerGroup_GetH(st->group); const BIGNUM* p = IntegerGroup_GetP(st->group); BN_CTX* ctx = IntegerGroup_GetCtx(st->group); BIGNUM *tmp = BN_new(); // Recompute commitments // m1' = (g^z h^w1) / A^c BIGNUM* m1 = IntegerGroup_CascadeExponentiate(st->group, g, ev->z, h, ev->w1); CHECK_CALL(m1); CHECK_CALL(BN_copy(tmp, st->commit_a)); CHECK_CALL(BN_mod_exp(tmp, tmp, ev->c, p, ctx)); CHECK_CALL(BN_mod_inverse(tmp, tmp, p, ctx)); CHECK_CALL(BN_mod_mul(m1, m1, tmp, p, ctx)); // m2' = (B^z h^w2) / C^c BIGNUM* m2 = IntegerGroup_CascadeExponentiate(st->group, st->commit_b, ev->z, h, ev->w2); CHECK_CALL(m2); CHECK_CALL(BN_copy(tmp, st->commit_c)); CHECK_CALL(BN_mod_exp(tmp, tmp, ev->c, p, ctx)); CHECK_CALL(BN_mod_inverse(tmp, tmp, p, ctx)); CHECK_CALL(BN_mod_mul(m2, m2, tmp, p, ctx)); BN_clear_free(tmp); // Check challenge // c =? H(g, h, q, p, A, B, C, m1', m2') BIGNUM *c_prime = Commit(st, m1, m2); BN_free(m1); BN_free(m2); bool retval = !BN_cmp(ev->c, c_prime); BN_clear_free(c_prime); return retval; }
// Enable the given timeout, or no-op if the timeout is non-positive. static void EnableAlarm(double timeout) { if (timeout <= 0) return; struct itimerval timer = {}; timer.it_interval.tv_sec = 0; timer.it_interval.tv_usec = 0; double int_val, fraction_val; fraction_val = modf(timeout, &int_val); timer.it_value.tv_sec = (long) int_val; timer.it_value.tv_usec = (long) (fraction_val * 1e6); CHECK_CALL(setitimer(ITIMER_REAL, &timer, NULL)); }
static bool GenerateCertRequest(RsaDevice d, X509_REQ* req) { // Create key in EVP format EVP_PKEY* key = CreateRsaKey(d); CHECK_CALL(key); // Create x509 cert signing request (CSR) CHECK_CALL(X509_REQ_set_pubkey(req, key)); // Add subject name to the CSR X509_NAME* subj = X509_REQ_get_subject_name(req); CHECK_CALL(X509_NAME_add_entry_by_txt( subj, "O", MBSTRING_ASC, (const unsigned char *)"RSA Device", -1, -1, 0)); CHECK_CALL(X509_REQ_set_subject_name(req, subj)); //X509_REQ_print_fp(stderr, req); CHECK_CALL(X509_REQ_sign(req, key, EVP_sha1())); EVP_PKEY_free(key); return true; }