aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ks.c181
-rw-r--r--ks.h168
2 files changed, 180 insertions, 169 deletions
diff --git a/ks.c b/ks.c
index c107eb6..89babc2 100644
--- a/ks.c
+++ b/ks.c
@@ -321,7 +321,7 @@ hal_error_t hal_ks_index_replace(hal_ks_t *ks,
* result, leave the lru values alone and the right thing will happen.
*/
-static inline ks_block_t *cache_pick_lru(hal_ks_t *ks)
+static inline hal_ks_block_t *cache_pick_lru(hal_ks_t *ks)
{
uint32_t best_delta = 0;
int best_index = 0;
@@ -347,7 +347,7 @@ static inline ks_block_t *cache_pick_lru(hal_ks_t *ks)
* Find a block in our in-memory cache; return block or NULL if not present.
*/
-static inline ks_block_t *cache_find_block(const hal_ks_t * const ks, const unsigned blockno)
+static inline hal_ks_block_t *cache_find_block(const hal_ks_t * const ks, const unsigned blockno)
{
for (int i = 0; i < ks->cache_size; i++)
if (ks->cache[i].blockno == blockno)
@@ -359,7 +359,7 @@ static inline ks_block_t *cache_find_block(const hal_ks_t * const ks, const unsi
* Mark a block in our in-memory cache as being in current use.
*/
-static inline void cache_mark_used(hal_ks_t *ks, const ks_block_t * const block, const unsigned blockno)
+static inline void cache_mark_used(hal_ks_t *ks, const hal_ks_block_t * const block, const unsigned blockno)
{
for (int i = 0; i < ks->cache_size; i++) {
if (&ks->cache[i].block == block) {
@@ -374,7 +374,7 @@ static inline void cache_mark_used(hal_ks_t *ks, const ks_block_t * const block,
* Release a block from the in-memory cache.
*/
-static inline void cache_release(hal_ks_t *ks, const ks_block_t * const block)
+static inline void cache_release(hal_ks_t *ks, const hal_ks_block_t * const block)
{
if (block != NULL)
cache_mark_used(block, ~0);
@@ -383,12 +383,12 @@ static inline void cache_release(hal_ks_t *ks, const ks_block_t * const block)
/*
* Generate CRC-32 for a block.
*
- * This function needs to understand the structure of
- * ks_block_header_t, so that it can skip over fields that
+ * This function needs to understand the structure of the
+ * hal_ks_block_header_t, so that it can skip over fields that
* shouldn't be included in the CRC.
*/
-static hal_crc32_t calculate_block_crc(const ks_block_t * const block)
+static hal_crc32_t calculate_block_crc(const hal_ks_block_t * const block)
{
hal_crc32_t crc = hal_crc32_init();
@@ -398,8 +398,8 @@ static hal_crc32_t calculate_block_crc(const ks_block_t * const block)
sizeof(block->header.block_type));
crc = hal_crc32_update(crc,
- block->bytes + sizeof(ks_block_header_t),
- sizeof(*block) - sizeof(ks_block_header_t));
+ block->bytes + sizeof(hal_ks_block_header_t),
+ sizeof(*block) - sizeof(hal_ks_block_header_t));
}
return hal_crc32_finalize(crc);
@@ -408,10 +408,10 @@ static hal_crc32_t calculate_block_crc(const ks_block_t * const block)
/*
* Read a block using the cache. Marking the block as used is left
* for the caller, so we can avoid blowing out the cache when we
- * perform a ks_match() operation.
+ * perform a hal_ks_match() operation.
*/
-static hal_error_t block_read_cached(hal_ks_t *ks, const unsigned blockno, ks_block_t **block)
+static hal_error_t block_read_cached(hal_ks_t *ks, const unsigned blockno, hal_ks_block_t **block)
{
if (block == NULL)
return HAL_ERROR_IMPOSSIBLE;
@@ -431,7 +431,7 @@ static hal_error_t block_read_cached(hal_ks_t *ks, const unsigned blockno, ks_bl
static hal_error_t block_update(hal_ks_t *ks,
const unsigned b1,
- ks_block_t *block,
+ hal_ks_block_t *block,
const hal_uuid_t * const uuid,
int *hint)
{
@@ -479,9 +479,9 @@ static inline void *gnaw(uint8_t **mem, size_t *len, const size_t size)
return ret;
}
-#warning Call ks_alloc_common() and ks_init_common() while holding hal_ks_lock(); !
+#warning Call hal_ks_alloc_common() and hal_ks_init_common() while holding hal_ks_lock(); !
-hal_error_t ks_alloc_common(hal_ks_t *ks, const unsigned ks_blocks, const unsigned cache_blocks)
+hal_error_t hal_ks_alloc_common(hal_ks_t *ks, const unsigned ks_blocks, const unsigned cache_blocks)
{
/*
* We allocate a single big chunk of memory rather than three
@@ -511,7 +511,7 @@ hal_error_t ks_alloc_common(hal_ks_t *ks, const unsigned ks_blocks, const unsign
return HAL_OK;
}
-hal_error_t ks_init_common(hal_ks_t *ks, const hal_ks_driver_t * const driver)
+hal_error_t hal_ks_init_common(hal_ks_t *ks, const hal_ks_driver_t * const driver)
{
if (ks->index == NULL || ks->names == NULL || ks->cache == NULL)
return HAL_ERROR_IMPOSSIBLE;
@@ -527,9 +527,9 @@ hal_error_t ks_init_common(hal_ks_t *ks, const hal_ks_driver_t * const driver)
* like power failures at inconvenient times.
*/
- ks_block_type_t block_types[ks->size];
- ks_block_status_t block_status[ks->size];
- ks_block_t *block = cache_pick_lru(ks);
+ hal_ks_block_type_t block_types[ks->size];
+ hal_ks_block_status_t block_status[ks->size];
+ hal_ks_block_t *block = cache_pick_lru(ks);
int first_erased = -1;
hal_error_t err;
uint16_t n = 0;
@@ -711,6 +711,10 @@ hal_error_t ks_init_common(hal_ks_t *ks, const hal_ks_driver_t * const driver)
return HAL_OK;
}
+/*
+ * Test whether we like a particular key type.
+ */
+
static inline int acceptable_key_type(const hal_key_type_t type)
{
switch (type) {
@@ -724,15 +728,56 @@ static inline int acceptable_key_type(const hal_key_type_t type)
}
}
-hal_error_t ks_store(hal_ks_t *ks,
- hal_pkey_slot_t *slot,
- const uint8_t * const der, const size_t der_len)
+/*
+ * Test whether the current session can see a particular key. One
+ * might expect this to be based on whether the session matches, and
+ * indeed it would be in a sane world, but in the world of PKCS #11,
+ * keys belong to sessions, are visible to other sessions, and may
+ * even be modifiable by other sessions, but softly and silently
+ * vanish away when the original creating session is destroyed.
+ *
+ * In our terms, this means that visibility of session objects is
+ * determined only by the client handle, so taking the session handle
+ * as an argument here isn't really necessary, but we've flipflopped
+ * on that enough times that at least for now I'd prefer to leave the
+ * session handle here and not have to revise all the RPC calls again.
+ * Remove it at some later date and redo the RPC calls if we manage to
+ * avoid revising this yet again.
+ */
+
+static inline hal_error_t key_visible(const hal_ks_t * const ks,
+ const hal_client_handle_t client,
+ const hal_session_handle_t session,
+ const unsigned blockno)
+{
+ if (ks == NULL)
+ return HAL_ERROR_IMPOSSIBLE;
+
+ if (!ks->per_session)
+ return HAL_OK;
+
+ hal_error_t err;
+
+ if ((err = hal_ks_test_owner(ks, client, session)) != HAL_OK)
+ return err;
+
+ err = hal_rpc_is_logged_in(client, HAL_USER_WHEEL);
+
+ if (err == HAL_ERROR_FORBIDDEN)
+ err = HAL_ERROR_KEY_NOT_FOUND;
+
+ return err;
+}
+
+hal_error_t hal_ks_store(hal_ks_t *ks,
+ hal_pkey_slot_t *slot,
+ const uint8_t * const der, const size_t der_len)
{
if (ks == NULL || slot == NULL || der == NULL || der_len == 0 || !acceptable_key_type(slot->type))
return HAL_ERROR_BAD_ARGUMENTS;
hal_error_t err = HAL_OK;
- ks_block_t *block;
+ hal_ks_block_t *block;
flash_key_block_t *k;
uint8_t kek[KEK_LENGTH];
size_t kek_len;
@@ -779,6 +824,9 @@ hal_error_t ks_store(hal_ks_t *ks,
err = block_write(ks, b, block);
if (err == HAL_OK)
+ err = hal_ks_set_owner(ks, b, slot->client_handle, slot->session_handle);
+
+ if (err == HAL_OK)
goto done;
memset(block, 0, sizeof(*block));
@@ -790,21 +838,22 @@ hal_error_t ks_store(hal_ks_t *ks,
return err;
}
-static hal_error_t ks_fetch(hal_ks_t *ks,
- hal_pkey_slot_t *slot,
- uint8_t *der, size_t *der_len, const size_t der_max)
+hal_error_t hal_ks_fetch(hal_ks_t *ks,
+ hal_pkey_slot_t *slot,
+ uint8_t *der, size_t *der_len, const size_t der_max)
{
if (ks == NULL || slot == NULL)
return HAL_ERROR_BAD_ARGUMENTS;
hal_error_t err = HAL_OK;
- ks_block_t *block;
+ hal_ks_block_t *block;
unsigned b;
hal_ks_lock();
- if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint)) != HAL_OK ||
- (err = block_read_cached(ks, b, &block)) != HAL_OK)
+ if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint)) != HAL_OK ||
+ (err = key_visible(ks, slot->client_handle, slot->session_handle, b)) != HAL_OK ||
+ (err = block_read_cached(ks, b, &block)) != HAL_OK)
goto done;
if (block_get_type(block) != BLOCK_TYPE_KEY) {
@@ -845,8 +894,8 @@ static hal_error_t ks_fetch(hal_ks_t *ks,
return err;
}
-static hal_error_t ks_delete(hal_ks_t *ks,
- hal_pkey_slot_t *slot)
+hal_error_t hal_ks_delete(hal_ks_t *ks,
+ hal_pkey_slot_t *slot)
{
if (ks == NULL || slot == NULL)
return HAL_ERROR_BAD_ARGUMENTS;
@@ -856,7 +905,8 @@ static hal_error_t ks_delete(hal_ks_t *ks,
hal_ks_lock();
- if ((err = hal_ks_index_delete(ks, &slot->name, &b, &slot->hint)) != HAL_OK)
+ if ((err = hal_ks_index_delete(ks, &slot->name, &b, &slot->hint)) != HAL_OK ||
+ (err = key_visible(ks, slot->client_handle, slot->session_handle, b)) != HAL_OK)
goto done;
cache_release(ks, cache_find_block(ks, b));
@@ -871,7 +921,7 @@ static hal_error_t ks_delete(hal_ks_t *ks,
return err;
}
-static inline hal_error_t locate_attributes(ks_block_t *block,
+static inline hal_error_t locate_attributes(hal_ks_block_t *block,
uint8_t **bytes, size_t *bytes_len,
unsigned **attrs_len)
{
@@ -888,26 +938,26 @@ static inline hal_error_t locate_attributes(ks_block_t *block,
return HAL_OK;
}
-static hal_error_t ks_match(hal_ks_t *ks,
- const hal_client_handle_t client,
- const hal_session_handle_t session,
- const hal_key_type_t type,
- const hal_curve_name_t curve,
- const hal_key_flags_t mask,
- const hal_key_flags_t flags,
- const hal_pkey_attribute_t *attributes,
- const unsigned attributes_len,
- hal_uuid_t *result,
- unsigned *result_len,
- const unsigned result_max,
- const hal_uuid_t * const previous_uuid)
+hal_error_t hal_ks_match(hal_ks_t *ks,
+ const hal_client_handle_t client,
+ const hal_session_handle_t session,
+ const hal_key_type_t type,
+ const hal_curve_name_t curve,
+ const hal_key_flags_t mask,
+ const hal_key_flags_t flags,
+ const hal_pkey_attribute_t *attributes,
+ const unsigned attributes_len,
+ hal_uuid_t *result,
+ unsigned *result_len,
+ const unsigned result_max,
+ const hal_uuid_t * const previous_uuid)
{
if (ks == NULL || (attributes == NULL && attributes_len > 0) ||
result == NULL || result_len == NULL || previous_uuid == NULL)
return HAL_ERROR_BAD_ARGUMENTS;
hal_error_t err = HAL_OK;
- ks_block_t *block;
+ hal_ks_block_t *block;
int i = -1;
hal_ks_lock();
@@ -928,6 +978,11 @@ static hal_error_t ks_match(hal_ks_t *ks,
if ((err = block_read_cached(ks, b, &block)) != HAL_OK)
goto done;
+ if ((err = key_visible(ks, client, session, b)) == HAL_ERROR_KEY_NOT_FOUND)
+ continue;
+ else if (err != HAL_OK)
+ goto done;
+
if ((type != HAL_KEY_TYPE_NONE && type != block->key.type) ||
(curve != HAL_CURVE_NONE && curve != block->key.curve) ||
((flags ^ block->key.flags) & mask) != 0)
@@ -982,23 +1037,24 @@ static hal_error_t ks_match(hal_ks_t *ks,
return err;
}
-static hal_error_t ks_set_attributes(hal_ks_t *ks,
- hal_pkey_slot_t *slot,
- const hal_pkey_attribute_t *attributes,
- const unsigned attributes_len)
+hal_error_t hal_ks_set_attributes(hal_ks_t *ks,
+ hal_pkey_slot_t *slot,
+ const hal_pkey_attribute_t *attributes,
+ const unsigned attributes_len)
{
if (ks == NULL || slot == NULL || attributes == NULL || attributes_len == 0)
return HAL_ERROR_BAD_ARGUMENTS;
hal_error_t err = HAL_OK;
- ks_block_t *block;
+ hal_ks_block_t *block;
unsigned b;
hal_ks_lock();
{
- if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint)) != HAL_OK ||
- (err = block_read_cached(ks, b, &block)) != HAL_OK)
+ if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint)) != HAL_OK ||
+ (err = key_visibile(ks, slot->client_handle, slot->session_handle, b)) != HAL_OK ||
+ (err = block_read_cached(ks, b, &block)) != HAL_OK)
goto done;
cache_mark_used(ks, block, b);
@@ -1037,12 +1093,12 @@ static hal_error_t ks_set_attributes(hal_ks_t *ks,
return err;
}
-static hal_error_t ks_get_attributes(hal_ks_t *ks,
- hal_pkey_slot_t *slot,
- hal_pkey_attribute_t *attributes,
- const unsigned attributes_len,
- uint8_t *attributes_buffer,
- const size_t attributes_buffer_len)
+hal_error_t hal_ks_get_attributes(hal_ks_t *ks,
+ hal_pkey_slot_t *slot,
+ hal_pkey_attribute_t *attributes,
+ const unsigned attributes_len,
+ uint8_t *attributes_buffer,
+ const size_t attributes_buffer_len)
{
if (ks == NULL || slot == NULL || attributes == NULL || attributes_len == 0 ||
attributes_buffer == NULL)
@@ -1054,7 +1110,7 @@ static hal_error_t ks_get_attributes(hal_ks_t *ks,
}
uint8_t *abuf = attributes_buffer;
- ks_block_t *block = NULL;
+ hal_ks_block_t *block = NULL;
hal_error_t err = HAL_OK;
unsigned found = 0;
unsigned b;
@@ -1062,8 +1118,9 @@ static hal_error_t ks_get_attributes(hal_ks_t *ks,
hal_ks_lock();
{
- if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint)) != HAL_OK ||
- (err = block_read_cached(ks, b, &block)) != HAL_OK)
+ if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint)) != HAL_OK ||
+ (err = key_visibile(ks, slot->client_handle, slot->session_handle, b)) != HAL_OK ||
+ (err = block_read_cached(ks, b, &block)) != HAL_OK)
goto done;
cache_mark_used(ks, block, b);
diff --git a/ks.h b/ks.h
index ff6d382..3db2e66 100644
--- a/ks.h
+++ b/ks.h
@@ -1,82 +1,36 @@
-// Notes towards unified keystore code (drivers become just low-level
-// "disk" I/O and perhaps a bit of local init/shutdown).
-//
-// Most of the structure definitions in ks_flash.c and ks_volatile.c
-// become common and go in ks.h (or wherever, but probably be enough
-// stuff that separate .h file might be easier to read).
-//
-// We already have
-//
-// typedef struct hal_ks hal_ks_t;
-//
-// which we "subclass" to get ks_t (ks_volatile) and db_t (ks_flash).
-// We can move more common stuff there.
-//
-// flash_block_t (etc) becomes ks_block_t (etc) as these data
-// structures will be used by all keystores, not just flash.
-//
-// We might want to fold hal_ks_index_t into hal_ks_t as everything
-// will be using it. Then again, it's relatively harmless as it is, a
-// bit more verbose trading for a bit more isolation. Probably go for
-// less verbose, for readability.
-//
-// Each keystore will still have some weird private stuff, like the
-// RAM for the keys themselves in the volatile case and the PIN stuff
-// in the flash case.
-//
-// The ks_flash cache, however, probably wants to become common code.
-// Yes we could get a bit more efficient if we skipped caching in the
-// volatile case, but that's not our bottleneck and there are some
-// cases where the code relies on knowing that mucking with the cache
-// copy is harmless until we write the block to "disk", don't want to
-// mess with that, so keep the flash model for volatile. Cache size
-// will need to become another hal_ks_t field.
-//
-// Don't remember exactly where we're doing the "subclassing" casts,
-// should be easy enough to find...except that ks_flash is mostly
-// ignoring that argument and using the static db variable directly.
-// ks_volatile may be closer to write on this point, as it already had
-// ks_to_ksv(). But most of the code will be in a driver-agnostic
-// ks.c (or whatever) and will be calling functions that care through
-// the driver, maybe this doesn't matter very much.
-//
-// Tedious though it sounds, might be simplest just to check each
-// function in ks_*.c to see whether it moves to ks.[ch] or becomes
-// something called by the new lower-level driver API. Need a sketch
-// of the lower-level driver API, chicken and egg there but probably
-// is init(), shutdown(), block_read(), block_deprecate(),
-// block_zero(), block_erase(), block_erase_maybe(), block-write().
-// Possible that some of these don't really need to be driver, was
-// mostly basing this on which things in ks_flash touch flash
-// directly-ish via the keystore_*() functions.
-//
-// Would be nice if we can make the API regular enough (inline
-// functions?) that user need not really care which functions are
-// driver-specific and which are layered on top, but that may be
-// impractical (or silly).
-//
-// Hmm, hal_ks_open() and hal_ks_close() don't quite fit new model,
-// what was I thinking there? Not much, existing implementations just
-// use that to get back a (hal_ks_t*), so really just checking the
-// binding between driver and keystore object.
-//
-// I think this boils down to another instance of the confusion
-// between what in Python would be Keystore.__new__() and
-// Keystore.__init__(). This even sort of fits with the weird `alloc`
-// parameter in ks_init().
-//
-// Maybe we can trust C memory initialization enough to use a zeroed
-// static variable as test for whether a keystore has been
-// initialized, and just have the low-level (driver) methods check
-// that and fail if trying to use an uninitialized keystore?
-//
-// Pythonesque view might be the right way to handle ks_init(0 and
-// ks_shutdown() too: in most cases we have inline functions which
-// call the driver function, but for these methods the subclass needs
-// to extend the abstract method, which translates, in C, to the
-// generic method calling the driver method of the same name at the
-// right time. Not quite what Python does but close enough.
-
+/*
+ * ks.h
+ * ----
+ * Keystore, generic parts anyway. This is internal within libhal.
+ *
+ * Copyright (c) 2015-2017, NORDUnet A/S All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of the NORDUnet nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
#ifndef _KS_H_
#define _KS_H_
@@ -107,22 +61,22 @@
*/
typedef enum {
- KS_BLOCK_TYPE_ERASED = 0xFF, /* Pristine erased block (candidate for reuse) */
- KS_BLOCK_TYPE_ZEROED = 0x00, /* Zeroed block (recently used) */
- KS_BLOCK_TYPE_KEY = 0x55, /* Block contains key material */
- KS_BLOCK_TYPE_PIN = 0xAA, /* Block contains PINs */
- KS_BLOCK_TYPE_UNKNOWN = -1, /* Internal code for "I have no clue what this is" */
-} ks_block_type_t;
+ HAL_KS_BLOCK_TYPE_ERASED = 0xFF, /* Pristine erased block (candidate for reuse) */
+ HAL_KS_BLOCK_TYPE_ZEROED = 0x00, /* Zeroed block (recently used) */
+ HAL_KS_BLOCK_TYPE_KEY = 0x55, /* Block contains key material */
+ HAL_KS_BLOCK_TYPE_PIN = 0xAA, /* Block contains PINs */
+ HAL_KS_BLOCK_TYPE_UNKNOWN = -1, /* Internal code for "I have no clue what this is" */
+} hal_ks_block_type_t;
/*
* Block status.
*/
typedef enum {
- KS_BLOCK_STATUS_LIVE = 0x66, /* This is a live block */
- KS_BLOCK_STATUS_TOMBSTONE = 0x44, /* This is a tombstone left behind during an update */
- KS_BLOCK_STATUS_UNKNOWN = -1, /* Internal code for "I have no clue what this is" */
-} ks_block_status_t;
+ HAL_KS_BLOCK_STATUS_LIVE = 0x66, /* This is a live block */
+ HAL_KS_BLOCK_STATUS_TOMBSTONE = 0x44, /* This is a tombstone left behind during an update */
+ HAL_KS_BLOCK_STATUS_UNKNOWN = -1, /* Internal code for "I have no clue what this is" */
+} hal_ks_block_status_t;
/*
* Common header for all keystore block types.
@@ -133,14 +87,14 @@ typedef struct {
uint8_t block_type;
uint8_t block_status;
hal_crc32_t crc;
-} ks_block_header_t;
+} hal_ks_block_header_t;
/*
* Key block. Tail end of "der" field (after der_len) used for attributes.
*/
typedef struct {
- ks_block_header_t header;
+ hal_ks_block_header_t header;
hal_uuid_t name;
hal_key_type_t type;
hal_curve_name_t curve;
@@ -148,10 +102,10 @@ typedef struct {
size_t der_len;
unsigned attributes_len;
uint8_t der[]; /* Must be last field -- C99 "flexible array member" */
-} ks_blockkey_block_t;
+} hal_ks_blockkey_block_t;
#define SIZEOF_KS_BLOCKKEY_BLOCK_DER \
- (HAL_KS_BLOCK_SIZE - offsetof(ks_blockkey_block_t, der))
+ (HAL_KS_BLOCK_SIZE - offsetof(hal_ks_blockkey_block_t, der))
/*
* PIN block. Also includes space for backing up the KEK when
@@ -159,7 +113,7 @@ typedef struct {
*/
typedef struct {
- ks_block_header_t header;
+ hal_ks_block_header_t header;
hal_ks_pin_t wheel_pin;
hal_ks_pin_t so_pin;
hal_ks_pin_t user_pin;
@@ -167,7 +121,7 @@ typedef struct {
uint32_t kek_set;
uint8_t kek[KEK_LENGTH];
#endif
-} ks_blockpin_block_t;
+} hal_ks_blockpin_block_t;
#define FLASH_KEK_SET 0x33333333
@@ -176,11 +130,11 @@ typedef struct {
*/
typedef union {
- uint8_t bytes[HAL_KS_BLOCK_SIZE];
- ks_block_header_t header;
- ks_blockkey_block_t key;
- ks_blockpin_block_t pin;
-} ks_block_t;
+ uint8_t bytes[HAL_KS_BLOCK_SIZE];
+ hal_ks_block_header_t header;
+ hal_ks_blockkey_block_t key;
+ hal_ks_blockpin_block_t pin;
+} hal_ks_block_t;
/*
* In-memory cache.
@@ -189,8 +143,8 @@ typedef union {
typedef struct {
unsigned blockno;
unsigned lru;
- ks_block_t block;
-} ks_cache_block_t;
+ hal_ks_block_t block;
+} hal_ks_cache_block_t;
/*
* Medium-specific driver and in-memory database.
@@ -215,21 +169,21 @@ struct hal_ks {
hal_uuid_t *names; /* Keyname array */
unsigned cache_lru; /* Cache LRU counter */
unsigned cache_size; /* Size (how many blocks) in cache */
- ks_cache_block_t *cache; /* Cache */
+ hal_ks_cache_block_t *cache; /* Cache */
int per_session; /* Whether objects have per-session semantics (PKCS #11, sigh) */
};
struct hal_ks_driver {
hal_error_t (*init) (hal_ks_t *, const int alloc);
hal_error_t (*shutdown) (hal_ks_t *);
- hal_error_t (*read) (hal_ks_t *, const unsigned blockno, ks_block_t *);
- hal_error_t (*write) (hal_ks_t *, const unsigned blockno, ks_block_t *)
+ hal_error_t (*read) (hal_ks_t *, const unsigned blockno, hal_ks_block_t *);
+ hal_error_t (*write) (hal_ks_t *, const unsigned blockno, hal_ks_block_t *)
hal_error_t (*deprecate) (hal_ks_t *, const unsigned blockno);
hal_error_t (*zero) (hal_ks_t *, const unsigned blockno);
hal_error_t (*erase) (hal_ks_t *, const unsigned blockno);
hal_error_t (*erase_maybe) (hal_ks_t *, const unsigned blockno);
- hal_error_t (*get_owner) (hal_ks_t *, const unsigned blockno, hal_client_handle_t *, hal_session_handle_t *);
- hal_error_t (*set_owner) (hal_ks_t *, const unsigned blockno, const hal_client_handle_t, const hal_session_handle_t);
+ hal_error_t (*set_owner) (hal_ks_t *, const unsigned blockno, const hal_client_handle_t, const hal_session_handle_t);
+ hal_error_t (*test_owner) (hal_ks_t *, const unsigned blockno, const hal_client_handle_t, const hal_session_handle_t);
};
#endif /* _KS_H_ */