diff options
| author | Rob Austein <sra@hactrn.net> | 2017-06-04 12:21:45 -0400 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2017-06-04 12:21:45 -0400 |
| commit | a83d9dfba5f882ca75eaab9a166e6ad9794f2f90 (patch) | |
| tree | e2032b46e192bbb4f89f30c945e7245f712cfd95 | |
| parent | 61029eb57165c181497c09549cc2dd0fa9928f16 (diff) | |
Tweak CRC input to be backwards compatabile with ksng.
Except for torture tests, we never really used the hideously complex
multi-block capabilities of the ksng version of the flash keystore,
among other reasons because the only keys large enough to trigger the
multi-block code were slow enough to constitute torture on their own.
So we can preserve backwards compatabliity simply by including the
former *chunk fields (renamed legacy* here) in the CRC and checking
for the expected single-block key values. We probably want to include
everything in the CRC in any case except when there's an explicit
reason omit something, so, this is cheap, just a bit obscure.
At some point in the future we can phase out support for the backwards
compatible values, but there's no particular hurry about it unless we
want to reuse those fields for some other purpose.
| -rw-r--r-- | ks.c | 17 | ||||
| -rw-r--r-- | ks.h | 13 |
2 files changed, 25 insertions, 5 deletions
@@ -130,6 +130,12 @@ hal_crc32_t hal_ks_block_calculate_crc(const hal_ks_block_t * const block) crc = hal_crc32_update(crc, &block->header.block_type, sizeof(block->header.block_type)); + crc = hal_crc32_update(crc, &block->header.legacy_1, + sizeof(block->header.legacy_1)); + + crc = hal_crc32_update(crc, &block->header.legacy_2, + sizeof(block->header.legacy_2)); + crc = hal_crc32_update(crc, block->bytes + sizeof(hal_ks_block_header_t), sizeof(*block) - sizeof(hal_ks_block_header_t)); @@ -310,11 +316,16 @@ hal_error_t hal_ks_init_common(hal_ks_t *ks) if (err == HAL_ERROR_KEYSTORE_BAD_CRC || err == HAL_ERROR_KEYSTORE_BAD_BLOCK_TYPE) block_types[i] = HAL_KS_BLOCK_TYPE_UNKNOWN; - else if (err == HAL_OK) - block_types[i] = hal_ks_block_get_type(block); + else if (err != HAL_OK) + return err; + + else if ((block->header.legacy_1 != 0xFF || block->header.legacy_2 != 0xFF) && + (block->header.legacy_1 != 0x01 || block->header.legacy_2 != 0x00)) + block_types[i] = HAL_KS_BLOCK_TYPE_UNKNOWN; else - return err; + block_types[i] = hal_ks_block_get_type(block); + switch (block_types[i]) { case HAL_KS_BLOCK_TYPE_KEY: @@ -86,13 +86,22 @@ typedef enum { } hal_ks_block_status_t; /* - * Common header for all keystore block types. - * A few of these fields are deliberately omitted from the CRC. + * Common header for all keystore block types. A few of these fields + * are deliberately omitted from the CRC. + * + * The legacy_1 and legacy_2 fields were used in the more complex + * "chunked" layout used in an earlier iteration of this keystore + * design, which proved more complex than it was worth. At the + * moment, the only thing we do with these fields is include them in + * the CRC and check them for allowed values, to avoid gratuitously + * breaking backwards compatability with the earlier design. */ typedef struct { uint8_t block_type; uint8_t block_status; + uint8_t legacy_1; + uint8_t legacy_2; hal_crc32_t crc; } hal_ks_block_header_t; |