Keystore attribute code. Not really tested.

Passes PKCS #11 "make test" but nothing uses the new attribute code yet. Refactored some of the flash block update code. Attribute code is annoyingly verbose, might be possible to refactor some of that.
author: Rob Austein <sra@hactrn.net> 2016-10-14 19:24:34 -0400
committer: Rob Austein <sra@hactrn.net> 2016-10-14 19:24:34 -0400
commit: 46e73ec4d2bb235a4905a21feb33705b696edf5f (patch)
tree: 5e6c48507fd45e4d1793a1d4688b5cc0661bd444 /ks_volatile.c
parent: 015eefa32f54f84c56bb7c6d36c0edcc104a69e8 (diff)
1 files changed, 30 insertions, 29 deletions
diff --git a/ks_volatile.c b/ks_volatile.c
index 35f1e38..df26471 100644
--- a/ks_volatile.c
+++ b/ks_volatile.c
@@ -106,6 +106,16 @@ static inline ks_t *ks_to_ksv(hal_ks_t *ks)
   return (ks_t *) ks;
 }
 
+static inline int key_visible_to_session(const ks_t * const ksv,
+                                         const hal_client_handle_t client,
+                                         const hal_session_handle_t session,
+                                         const ks_key_t * const k)
+{
+  return (!ksv->per_session || client.handle == HAL_HANDLE_NONE ||
+          (k->client.handle  == client.handle &&
+           k->session.handle == session.handle));
+}
+
 static inline void *gnaw(uint8_t **mem, size_t *len, const size_t size)
 {
   if (mem == NULL || *mem == NULL || len == NULL || size > *len)
@@ -128,20 +138,21 @@ static hal_error_t ks_init(const hal_ks_driver_t * const driver,
   memset(ksv, 0, sizeof(*ksv));
   memset(mem, 0, len);
 
-  if ((ksv->db = gnaw(&mem, &len, sizeof(*ksv->db))) == NULL ||
-      (ksv->db->ksi.index = gnaw(&mem, &len,
-                                 sizeof(*ksv->db->ksi.index) * HAL_KS_VOLATILE_SLOTS)) == NULL ||
-      (ksv->db->ksi.names = gnaw(&mem, &len,
-                                 sizeof(*ksv->db->ksi.names) * HAL_KS_VOLATILE_SLOTS)) == NULL ||
-      (ksv->db->keys      = gnaw(&mem, &len,
-                                 sizeof(*ksv->db->keys)      * HAL_KS_VOLATILE_SLOTS)) == NULL)
-    return HAL_ERROR_IMPOSSIBLE;
-
   ksv->ks.driver     = driver;
   ksv->per_session   = per_session;
+  ksv->db            = gnaw(&mem, &len, sizeof(*ksv->db));
+  ksv->db->ksi.index = gnaw(&mem, &len, sizeof(*ksv->db->ksi.index) * HAL_KS_VOLATILE_SLOTS);
+  ksv->db->ksi.names = gnaw(&mem, &len, sizeof(*ksv->db->ksi.names) * HAL_KS_VOLATILE_SLOTS);
+  ksv->db->keys      = gnaw(&mem, &len, sizeof(*ksv->db->keys)      * HAL_KS_VOLATILE_SLOTS);
   ksv->db->ksi.size  = HAL_KS_VOLATILE_SLOTS;
   ksv->db->ksi.used  = 0;
 
+  if (ksv->db            == NULL ||
+      ksv->db->ksi.index == NULL ||
+      ksv->db->ksi.names == NULL ||
+      ksv->db->keys      == NULL)
+    return HAL_ERROR_IMPOSSIBLE;
+
   /*
    * Set up keystore with empty index and full free list.
    * Since this driver doesn't care about wear leveling,
@@ -228,11 +239,8 @@ static hal_error_t ks_store(hal_ks_t *ks,
   k.type    = slot->type;
   k.curve   = slot->curve;
   k.flags   = slot->flags;
-
-  if (ksv->per_session) {
-    k.client  = slot->client_handle;
-    k.session = slot->session_handle;
-  }
+  k.client  = slot->client_handle;
+  k.session = slot->session_handle;
 
   if ((err = hal_mkm_get_kek(kek, &kek_len, sizeof(kek))) == HAL_OK)
     err = hal_aes_keywrap(NULL, kek, kek_len, der, der_len, k.der, &k.der_len);
@@ -266,8 +274,7 @@ static hal_error_t ks_fetch(hal_ks_t *ks,
 
   const ks_key_t * const k = &ksv->db->keys[b];
 
-  if (ksv->per_session && (k->client.handle  != slot->client_handle.handle ||
-                           k->session.handle != slot->session_handle.handle))
+  if (!key_visible_to_session(ksv, slot->client_handle, slot->session_handle, k))
     return HAL_ERROR_KEY_NOT_FOUND;
 
   slot->type  = k->type;
@@ -316,8 +323,7 @@ static hal_error_t ks_delete(hal_ks_t *ks,
   if ((err = hal_ks_index_find(&ksv->db->ksi, &slot->name, 0, &b, &slot->hint)) != HAL_OK)
     return err;
 
-  if (ksv->per_session && (ksv->db->keys[b].client.handle  != slot->client_handle.handle ||
-                           ksv->db->keys[b].session.handle != slot->session_handle.handle))
+  if (!key_visible_to_session(ksv, slot->client_handle, slot->session_handle, &ksv->db->keys[b]))
     return HAL_ERROR_KEY_NOT_FOUND;
 
   if ((err = hal_ks_index_delete(&ksv->db->ksi, &slot->name, 0, &b, &slot->hint)) != HAL_OK)
@@ -350,8 +356,7 @@ static hal_error_t ks_list(hal_ks_t *ks,
     unsigned b = ksv->db->ksi.index[i];
     if (ksv->db->ksi.names[b].chunk > 0)
       continue;
-    if (ksv->per_session && (ksv->db->keys[b].client.handle  != client.handle ||
-                             ksv->db->keys[b].session.handle != session.handle))
+    if (!key_visible_to_session(ksv, client, session, &ksv->db->keys[b]))
       continue;
     result[i].name  = ksv->db->ksi.names[b].name;
     result[i].type  = ksv->db->keys[b].type;
@@ -410,8 +415,7 @@ static hal_error_t ks_match(hal_ks_t *ks,
     if (curve != HAL_CURVE_NONE && curve != ksv->db->keys[b].curve)
       continue;
 
-    if (ksv->per_session && (ksv->db->keys[b].client.handle  != client.handle ||
-                             ksv->db->keys[b].session.handle != session.handle))
+    if (!key_visible_to_session(ksv, client, session, &ksv->db->keys[b]))
       continue;
 
     if (attributes_len > 0) {
@@ -443,7 +447,7 @@ static hal_error_t ks_match(hal_ks_t *ks,
         continue;
     }
 
-    result[*result_len] = ksv->db->ksi.names[b].name;
+    *previous_uuid = result[*result_len] = ksv->db->ksi.names[b].name;
     ++*result_len;
   }
 
@@ -471,8 +475,7 @@ static  hal_error_t ks_set_attribute(hal_ks_t *ks,
 
   ks_key_t * const k = &ksv->db->keys[b];
 
-  if (ksv->per_session && (k->client.handle  != slot->client_handle.handle ||
-                           k->session.handle != slot->session_handle.handle))
+  if (!key_visible_to_session(ksv, slot->client_handle, slot->session_handle, k))
     return HAL_ERROR_KEY_NOT_FOUND;
 
   hal_rpc_pkey_attribute_t attributes[k->attributes_len + 1];
@@ -511,8 +514,7 @@ static  hal_error_t ks_get_attribute(hal_ks_t *ks,
 
   const ks_key_t * const k = &ksv->db->keys[b];
 
-  if (ksv->per_session && (k->client.handle  != slot->client_handle.handle ||
-                           k->session.handle != slot->session_handle.handle))
+  if (!key_visible_to_session(ksv, slot->client_handle, slot->session_handle, k))
     return HAL_ERROR_KEY_NOT_FOUND;
 
   if (k->attributes_len == 0)
@@ -561,8 +563,7 @@ static hal_error_t ks_delete_attribute(hal_ks_t *ks,
 
   ks_key_t * const k = &ksv->db->keys[b];
 
-  if (ksv->per_session && (k->client.handle  != slot->client_handle.handle ||
-                           k->session.handle != slot->session_handle.handle))
+  if (!key_visible_to_session(ksv, slot->client_handle, slot->session_handle, k))
     return HAL_ERROR_KEY_NOT_FOUND;
 
   hal_rpc_pkey_attribute_t attributes[k->attributes_len + 1];
author	Rob Austein <sra@hactrn.net>	2016-10-14 19:24:34 -0400
committer	Rob Austein <sra@hactrn.net>	2016-10-14 19:24:34 -0400
commit	46e73ec4d2bb235a4905a21feb33705b696edf5f (patch)
tree	5e6c48507fd45e4d1793a1d4688b5cc0661bd444 /ks_volatile.c
parent	015eefa32f54f84c56bb7c6d36c0edcc104a69e8 (diff)