aboutsummaryrefslogtreecommitdiff
path: root/ks_volatile.c
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2016-09-30 08:34:59 -0400
committerRob Austein <sra@hactrn.net>2016-09-30 08:34:59 -0400
commit378bcae718b7b8785b06c8cf82344e4f344a9215 (patch)
treef3d51e30c0d9e6ec8edff7b9ddd752e288672c0a /ks_volatile.c
parent4a2bede5881a23a69f94beefe7d5dd56a12b9985 (diff)
Multi-block object support in keystore.
The main reason for supporting multi-block objects is to allow the PKCS #11 code to attach more attributes than will fit comfortably in a single flash block. This may turn out to be unnecessary once we've fleshed out the attribute storage and retrieval code; if so, we can simplify the code, but this way the keystore won't impose arbitrary (and somewhat inscrutable) size limits on PKCS #11 attributes for large keys. This snapshot passes light testing (PKCS #11 "make test" runs), but the tombstone recovery code in ks_init() is a bit involved, and needs more testing with simulated failures (probably induced under GDB).
Diffstat (limited to 'ks_volatile.c')
-rw-r--r--ks_volatile.c16
1 files changed, 9 insertions, 7 deletions
diff --git a/ks_volatile.c b/ks_volatile.c
index 72ee1cb..29793a4 100644
--- a/ks_volatile.c
+++ b/ks_volatile.c
@@ -71,7 +71,7 @@ typedef struct {
typedef struct {
hal_ks_index_t ksi;
uint16_t _index[HAL_STATIC_KS_VOLATILE_SLOTS];
- hal_uuid_t _names[HAL_STATIC_KS_VOLATILE_SLOTS];
+ hal_ks_name_t _names[HAL_STATIC_KS_VOLATILE_SLOTS];
ks_key_t keys[HAL_STATIC_KS_VOLATILE_SLOTS];
} db_t;
@@ -176,7 +176,7 @@ static hal_error_t ks_store(hal_ks_t *ks,
if (ksv->db == NULL)
return HAL_ERROR_KEYSTORE_ACCESS;
- if ((err = hal_ks_index_add(&ksv->db->ksi, &slot->name, &b)) != HAL_OK)
+ if ((err = hal_ks_index_add(&ksv->db->ksi, &slot->name, 0, &b, NULL)) != HAL_OK)
return err;
uint8_t kek[KEK_LENGTH];
@@ -197,7 +197,7 @@ static hal_error_t ks_store(hal_ks_t *ks,
if (err == HAL_OK)
ksv->db->keys[b] = k;
else
- (void) hal_ks_index_delete(&ksv->db->ksi, &slot->name, NULL);
+ (void) hal_ks_index_delete(&ksv->db->ksi, &slot->name, 0, NULL, NULL);
return err;
}
@@ -216,7 +216,7 @@ static hal_error_t ks_fetch(hal_ks_t *ks,
if (ksv->db == NULL)
return HAL_ERROR_KEYSTORE_ACCESS;
- if ((err = hal_ks_index_find(&ksv->db->ksi, &slot->name, &b)) != HAL_OK)
+ if ((err = hal_ks_index_find(&ksv->db->ksi, &slot->name, 0, &b, NULL)) != HAL_OK)
return err;
const ks_key_t * const k = &ksv->db->keys[b];
@@ -264,7 +264,7 @@ static hal_error_t ks_delete(hal_ks_t *ks,
if (ksv->db == NULL)
return HAL_ERROR_KEYSTORE_ACCESS;
- if ((err = hal_ks_index_delete(&ksv->db->ksi, &slot->name, &b)) != HAL_OK)
+ if ((err = hal_ks_index_delete(&ksv->db->ksi, &slot->name, 0, &b, NULL)) != HAL_OK)
return err;
memset(&ksv->db->keys[b], 0, sizeof(ksv->db->keys[b]));
@@ -289,8 +289,10 @@ static hal_error_t ks_list(hal_ks_t *ks,
return HAL_ERROR_RESULT_TOO_LONG;
for (int i = 0; i < ksv->db->ksi.used; i++) {
- unsigned b = ksv->db->ksi.index[i];
- result[i].name = ksv->db->ksi.names[b];
+ unsigned b = ksv->db->ksi.index[i];
+ if (ksv->db->ksi.names[b].chunk > 0)
+ continue;
+ result[i].name = ksv->db->ksi.names[b].name;
result[i].type = ksv->db->keys[b].type;
result[i].curve = ksv->db->keys[b].curve;
result[i].flags = ksv->db->keys[b].flags;