From 0d17fd984e6ed486d6cd622edee226e263aab510 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Sat, 14 Apr 2018 14:10:45 -0400
Subject: Clean up definition of HAL_KS_WRAPPED_KEYSIZE.

---
 hal_internal.h | 23 +++++------------------
 ks.h           |  4 ++++
 2 files changed, 9 insertions(+), 18 deletions(-)

diff --git a/hal_internal.h b/hal_internal.h
index ac51cfb..a97a8f2 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -406,30 +406,17 @@ static inline hal_crc32_t hal_crc32_finalize(hal_crc32_t crc)
  * EC P-384:             185 bytes
  * EC P-521:             240 bytes
  *
+ * Plus extra space for pre-computed speed-up factors specific to our
+ * Verilog implementation, which we store as fixed-length byte strings.
+ *
  * Plus we need a bit of AES-keywrap overhead, since we're storing the
  * wrapped form (see hal_aes_keywrap_cyphertext_length()).
  *
- * A buffer big enough for a 8192-bit RSA key would overflow one
- * sub-sector on the flash chip we're using on the Alpha.  We could
- * invent some more complex scheme where key blocks are allowed to
- * span multiple sub-sectors, but since an 8192-bit RSA key would also
- * be unusably slow with the current RSA implementation, for the
- * moment we take the easy way out and cap this at 4096-bit RSA.
+ * Length check warning moved to ks.h since size of keystore blocks is
+ * internal to the keystore implementation.
  */
 
-#if 0
-#define HAL_KS_WRAPPED_KEYSIZE  ((2373 + 15) & ~7)
-#else
-#warning Temporary test hack to HAL_KS_WRAPPED_KEYSIZE, clean this up
-//
-// See how much of the problem we're having with pkey support for the
-// new modexpa7 components is just this buffer size being too small.
-//
 #define HAL_KS_WRAPPED_KEYSIZE  ((2373 + 6 * 4096 / 8 + 6 * 4 + 15) & ~7)
-#if HAL_KS_WRAPPED_KEYSIZE + 8 > 4096
-#warning HAL_KS_WRAPPED_KEYSIZE is too big for a single 4096-octet block
-#endif
-#endif
 
 /*
  * PINs.
diff --git a/ks.h b/ks.h
index ae1ba1c..559e46f 100644
--- a/ks.h
+++ b/ks.h
@@ -49,6 +49,10 @@
 #define HAL_KS_BLOCK_SIZE       (4096 * 2)
 #endif
 
+#if HAL_KS_WRAPPED_KEYSIZE + 8 > HAL_KS_BLOCK_SIZE
+#warning HAL_KS_WRAPPED_KEYSIZE is too big for to fit in a keystore block
+#endif
+
 /*
  * PIN block gets the all-zeros UUID, which will never be returned by
  * the UUID generation code (by definition -- it's not a version 4 UUID).
-- 
cgit v1.2.3