aboutsummaryrefslogtreecommitdiff
path: root/ks_index.c
AgeCommit message (Collapse)Author
2017-05-22First pass on experimental one-size-fits-nobody keystore.Rob Austein
Support for variable-length keystore objects significantly complicates the keystore implementation, including serious some serious code bloat and a complex recovery algorithm to deal with crashes or loss of power at exactly the wrong time. Perhaps we don't really need this? So this is an experiment to see whether we can replace variable-length keystore objects with fixed-length, perhaps with a compile time option to let us make the fixed object length be 8192 bytes instead of 4096 bytes when needed to hold things like large RSA keys. First pass on this is just throwing away nearly 1,000 lines of excessively complex code. The result probably won't even compile yet, but it's already significantly easier to read.
2017-02-13Add some comments for things I figured out while reviewing code.Paul Selkirk
2016-11-10Clean out huge swacks of RPC API we don't need anymore.Rob Austein
pkey attribute API is now just set_attributes() and get_attributes().
2016-11-03Fix sign error in ks_name_cmp(), confusion in hal_ks_index_fsck().Rob Austein
ks_name_cmp() was reporting inverted order when comparing two names which differ only by chunk number. hal_ks_index_fsck() was both broken and more complex than needed.
2016-11-01hal_ks_index_fsck() and a pile of debugging code.Rob Austein
The debugging code was for tracking down what turned out to be a race condition in the Alpha's flash driver code (see sw/stm32); much of this was temporary, and will be removed in a (near) future commit, but some of the techniques were useful and belong in the repository in case we need to pull them back for something similar in the future. hal_ks_index_fsck() attempts to diagnose all the things I found wrong in the ks_flash index after one long series of errors. As presently written, it doesn't attempt to fix anything, just diagnose errors: the intent is that we can call this, before and after every modification if necessary, to poinpoint exactly which calls introduce errors. Once things stablize a bit, we may want to crank down the number of calls to this (it's a bit expensive, since it checks the entire index), and perhaps add the ability to clean up whatever errors it might find; the latter might be a good candidate for a CLI command.
2016-10-19Shake first round of bugs out of hal_rpc_pkey_match().Rob Austein
The filtering code for this function has not been tested yet.
2016-10-16Debug keystore attribute code; handle name properly in ks_index_replace().Rob Austein
hal_rpc_pkey_match() still untested.
2016-10-15Fencepost error in ks_heapsort().Rob Austein
2016-10-14Keystore attribute code. Not really tested.Rob Austein
Passes PKCS #11 "make test" but nothing uses the new attribute code yet. Refactored some of the flash block update code. Attribute code is annoyingly verbose, might be possible to refactor some of that.
2016-09-30Multi-block object support in keystore.Rob Austein
The main reason for supporting multi-block objects is to allow the PKCS #11 code to attach more attributes than will fit comfortably in a single flash block. This may turn out to be unnecessary once we've fleshed out the attribute storage and retrieval code; if so, we can simplify the code, but this way the keystore won't impose arbitrary (and somewhat inscrutable) size limits on PKCS #11 attributes for large keys. This snapshot passes light testing (PKCS #11 "make test" runs), but the tombstone recovery code in ks_init() is a bit involved, and needs more testing with simulated failures (probably induced under GDB).
2016-09-27Fix swapped memmove() arguments in hal_ks_index_replace().Rob Austein
2016-09-27Add hal_ks_index_replace().Rob Austein
2016-09-16Revised ks_flash. Compiles, not yet tested.Rob Austein
2016-09-09Portable fix for ks_find() fencepost error.Rob Austein
Binary search of an array is a notorious example of a simple algorithm which is hard to get exactly right. The variant we're using is nice because it automatically computes the correct insertion point when a key doesn't exist, but runs into one of the portability corner cases of signed integer arithemtic in C. Rather than leave a landmine waiting to explode if somebody builds this code on a platform where (-1 >> 1) != -1, we test for the corner case explictly and accept the miniscule performance hit (which will be lost in other noise anyway).
2016-09-09Fencepost error in ks_find().Rob Austein
2016-09-08New keystore index internal API. Compiles, not yet integrated or tested.Rob Austein