From 0d17fd984e6ed486d6cd622edee226e263aab510 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sat, 14 Apr 2018 14:10:45 -0400 Subject: Clean up definition of HAL_KS_WRAPPED_KEYSIZE. --- hal_internal.h | 23 +++++------------------ ks.h | 4 ++++ 2 files changed, 9 insertions(+), 18 deletions(-) diff --git a/hal_internal.h b/hal_internal.h index ac51cfb..a97a8f2 100644 --- a/hal_internal.h +++ b/hal_internal.h @@ -406,30 +406,17 @@ static inline hal_crc32_t hal_crc32_finalize(hal_crc32_t crc) * EC P-384: 185 bytes * EC P-521: 240 bytes * + * Plus extra space for pre-computed speed-up factors specific to our + * Verilog implementation, which we store as fixed-length byte strings. + * * Plus we need a bit of AES-keywrap overhead, since we're storing the * wrapped form (see hal_aes_keywrap_cyphertext_length()). * - * A buffer big enough for a 8192-bit RSA key would overflow one - * sub-sector on the flash chip we're using on the Alpha. We could - * invent some more complex scheme where key blocks are allowed to - * span multiple sub-sectors, but since an 8192-bit RSA key would also - * be unusably slow with the current RSA implementation, for the - * moment we take the easy way out and cap this at 4096-bit RSA. + * Length check warning moved to ks.h since size of keystore blocks is + * internal to the keystore implementation. */ -#if 0 -#define HAL_KS_WRAPPED_KEYSIZE ((2373 + 15) & ~7) -#else -#warning Temporary test hack to HAL_KS_WRAPPED_KEYSIZE, clean this up -// -// See how much of the problem we're having with pkey support for the -// new modexpa7 components is just this buffer size being too small. -// #define HAL_KS_WRAPPED_KEYSIZE ((2373 + 6 * 4096 / 8 + 6 * 4 + 15) & ~7) -#if HAL_KS_WRAPPED_KEYSIZE + 8 > 4096 -#warning HAL_KS_WRAPPED_KEYSIZE is too big for a single 4096-octet block -#endif -#endif /* * PINs. diff --git a/ks.h b/ks.h index ae1ba1c..559e46f 100644 --- a/ks.h +++ b/ks.h @@ -49,6 +49,10 @@ #define HAL_KS_BLOCK_SIZE (4096 * 2) #endif +#if HAL_KS_WRAPPED_KEYSIZE + 8 > HAL_KS_BLOCK_SIZE +#warning HAL_KS_WRAPPED_KEYSIZE is too big for to fit in a keystore block +#endif + /* * PIN block gets the all-zeros UUID, which will never be returned by * the UUID generation code (by definition -- it's not a version 4 UUID). -- cgit v1.2.3