2 files changed, 25 insertions, 5 deletions

diff --git a/ks.c b/ks.c
index 665a2fd..a4e7498 100644
--- a/ks.c
+++ b/ks.c
@@ -130,6 +130,12 @@ hal_crc32_t hal_ks_block_calculate_crc(const hal_ks_block_t * const block)
     crc = hal_crc32_update(crc,  &block->header.block_type,
                            sizeof(block->header.block_type));
 
+    crc = hal_crc32_update(crc, &block->header.legacy_1,
+                           sizeof(block->header.legacy_1));
+
+    crc = hal_crc32_update(crc, &block->header.legacy_2,
+                           sizeof(block->header.legacy_2));
+
     crc = hal_crc32_update(crc,
                            block->bytes   + sizeof(hal_ks_block_header_t),
                            sizeof(*block) - sizeof(hal_ks_block_header_t));
@@ -310,11 +316,16 @@ hal_error_t hal_ks_init_common(hal_ks_t *ks)
     if (err == HAL_ERROR_KEYSTORE_BAD_CRC || err == HAL_ERROR_KEYSTORE_BAD_BLOCK_TYPE)
       block_types[i] = HAL_KS_BLOCK_TYPE_UNKNOWN;
 
-    else if (err == HAL_OK)
-      block_types[i] = hal_ks_block_get_type(block);
+    else if (err != HAL_OK)
+      return err;
+
+    else if ((block->header.legacy_1 != 0xFF || block->header.legacy_2 != 0xFF) &&
+             (block->header.legacy_1 != 0x01 || block->header.legacy_2 != 0x00))
+      block_types[i] = HAL_KS_BLOCK_TYPE_UNKNOWN;
 
     else
-      return err;
+      block_types[i] = hal_ks_block_get_type(block);
+
 
     switch (block_types[i]) {
     case HAL_KS_BLOCK_TYPE_KEY:
diff --git a/ks.h b/ks.h
index 1c09b53..b95216d 100644
--- a/ks.h
+++ b/ks.h
@@ -86,13 +86,22 @@ typedef enum {
 } hal_ks_block_status_t;
 
 /*
- * Common header for all keystore block types.
- * A few of these fields are deliberately omitted from the CRC.
+ * Common header for all keystore block types.  A few of these fields
+ * are deliberately omitted from the CRC.
+ *
+ * The legacy_1 and legacy_2 fields were used in the more complex
+ * "chunked" layout used in an earlier iteration of this keystore
+ * design, which proved more complex than it was worth.  At the
+ * moment, the only thing we do with these fields is include them in
+ * the CRC and check them for allowed values, to avoid gratuitously
+ * breaking backwards compatability with the earlier design.
  */
 
 typedef struct {
   uint8_t               block_type;
   uint8_t               block_status;
+  uint8_t               legacy_1;
+  uint8_t               legacy_2;
   hal_crc32_t           crc;
 } hal_ks_block_header_t;