Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Design of Memory Locking #50

Closed
satvikc opened this issue Aug 9, 2013 · 8 comments
Closed

Design of Memory Locking #50

satvikc opened this issue Aug 9, 2013 · 8 comments

Comments

@satvikc
Copy link
Contributor

satvikc commented Aug 9, 2013

A high-level design for memory locking is given below. I am just mentioning types for brevity.

allocMem :: Size -> StateT Store IO CryptoPtr
freeMem :: CryptoPtr -> Size -> StateT Store IO ()
lockMem :: CryptoPtr -> StateT Store IO Bool
unlockMem :: CryptoPtr -> StateT Store IO Bool

class Monad m => Memory a m where
  newMemory :: m a
  freeMemory :: a -> m ()
  withMemory :: (a -> m b) -> m b

class (Monad m, Memory a m) => Lockable a m where
  secureMemory :: a -> m Bool
  unsecureMemory :: a -> m Bool
  withSecureMemory :: (a -> m b) -> m b

instance Memory CryptoCell IO 

instance Memory CryptoCell (StateT Store IO)

instance Lockable CryptoCell (StateT Store IO)

A problem with the approach is nothing restricts user from using newMemory and secureMemory in different monads. For example, user can use CryptoCell returned from newMemory :: IO CryptoCell inside secureMemory.
@piyush-kurur
Copy link
Member

On Fri, Aug 09, 2013 at 12:17:40AM -0700, satvikc wrote:

A high-level design for memory locking is given below. I am just mentioning types for brevity.

Maybe we should try a simpler approach first. I think we should look
at Memory and gadgets together as they are closly related.

Regards

ppk

@satvikc
Copy link
Contributor Author

satvikc commented Aug 13, 2013

I have a few questions

  • How to malloc with the given alignment? There are functions available in Foreign.ForeignPtr to allocate a ForeignPtr but it says nowhere about alignment.
  • How to read data directly from the given handle to the given buffer? We would not want to first read say using ByteString and then store in the given address for security reasons. We would also want the handle to be unbuffered.

There is some code available at

https://github.com/satvikc/raaz/blob/x-memory/raaz-primitives/Raaz/Util/SecureMemory.hs

Right now I am just using list instead of a tree for simplicity. We can change that later once we get this working.

@piyush-kurur
Copy link
Member

On Mon, Aug 12, 2013 at 09:58:40PM -0700, satvikc wrote:

I have a few questions

  • How to malloc with the given alignment? There are functions
    available in Foreign.ForeignPtr to allocate a ForeignPtr but it
    says nowhere about alignment.
I think the alignment is taken careof by
mallocForeignPtr. However, be careful: In the case of secure
memory pool, we should be aligning against page boundary instead
of word boundary.
  • How to read data directly from the given handle to the given
    buffer? We would not want to first read say using ByteString and
    then store in the given address for security reasons. We would
    also want the handle to be unbuffered.
You can reuse the function that you wrote for Ptr with the help of
the function withForeignPtr.

Regards

ppk

@satvikc
Copy link
Contributor Author

satvikc commented Aug 13, 2013

Yeah, mallocForeignPtr aligns at alignment of the datatype and not the page boundary.

@satvikc
Copy link
Contributor Author

satvikc commented Aug 13, 2013

I have a way of doing that by defining the Storable instance for Pool, but peek and poke will be undefined in that case as malloc will only be using the alignment and sizeOf functions from that.

@piyush-kurur
Copy link
Member

On Mon, Aug 12, 2013 at 10:59:41PM -0700, satvikc wrote:

I have a way of doing that by defining the Storable instance for
Pool, but peek and poke will be undefined in that case as malloc
will only be using the alignment and sizeOf functions from that.

I donot like this option see if there is some other way. For Ptrs
there is the functions allocBytesAligned

@satvikc
Copy link
Contributor Author

satvikc commented Aug 13, 2013

But that has type `Int -> Int -> (Ptr a -> IO b) -> IO b). We want to
allocate a pointer which is aligned and return it. There is no malloc
equivalent for that, even for Ptrs.

On Tue, Aug 13, 2013 at 11:49 AM, Piyush P Kurur
notifications@github.comwrote:

On Mon, Aug 12, 2013 at 10:59:41PM -0700, satvikc wrote:

I have a way of doing that by defining the Storable instance for
Pool, but peek and poke will be undefined in that case as malloc
will only be using the alignment and sizeOf functions from that.

I donot like this option see if there is some other way. For Ptrs
there is the functions allocBytesAligned


Reply to this email directly or view it on GitHubhttps://github.com/piyush-kurur/raaz/issues/50#issuecomment-22545265
.

Satvik Chauhan
Fourth Year Under Graduate Student
Deptt. of Computer Science and Engineering
Indian Institute of Technology Kanpur
Kanpur-208016, INDIA
Email: mystic.satvik@gmail.com , satvikc@iitk.ac.in

@satvikc
Copy link
Contributor Author

satvikc commented Aug 15, 2013

I have written some code for memory locking. Can you have a look. Also I am not sure how to write testcases for those.

@satvikc satvikc closed this as completed Sep 1, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@satvikc @piyush-kurur