From d1012863307128061c4285a144c84ae736f3edeb Mon Sep 17 00:00:00 2001 From: Paul Selkirk Date: Tue, 12 Jul 2016 22:48:53 -0400 Subject: Make probe_cores deal with an unconfigured FPGA (and come back later). See, reading from an unconfigured FPGA returns all-1, while reading from empty cores on a configured FPGA returns all-0. The consequence of this is that the HSM was probing the FPGA once on startup, filling its core table with 0xff, rendering the FPGA useless. Along the way, I put the FPGA core table in static memory, rather than malloc'ing it, because that's not so good in an embedded environment. But I kept the linked list, because that at least tells us what to do if HAL_STATIC_CORE_STATE_BLOCKS is 0. --- Makefile | 2 ++ core.c | 31 +++++++++++++++++++++++++++++-- 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index b6597e1..190466b 100644 --- a/Makefile +++ b/Makefile @@ -30,6 +30,7 @@ # Number of static hash and HMAC state blocks to allocate. # Numbers pulled out of a hat, just testing. +STATIC_CORE_STATE_BLOCKS = 32 STATIC_HASH_STATE_BLOCKS = 10 STATIC_HMAC_STATE_BLOCKS = 4 STATIC_PKEY_STATE_BLOCKS = 6 @@ -185,6 +186,7 @@ LIBTFM_BLD ?= ${LIBTFM_SRC} # directory. CFLAGS += -g3 -Wall -std=c99 -Wno-strict-aliasing +CFLAGS += -DHAL_STATIC_CORE_STATE_BLOCKS=${STATIC_CORE_STATE_BLOCKS} CFLAGS += -DHAL_STATIC_HASH_STATE_BLOCKS=${STATIC_HASH_STATE_BLOCKS} CFLAGS += -DHAL_STATIC_HMAC_STATE_BLOCKS=${STATIC_HMAC_STATE_BLOCKS} CFLAGS += -DHAL_STATIC_PKEY_STATE_BLOCKS=${STATIC_PKEY_STATE_BLOCKS} diff --git a/core.c b/core.c index 0d7ed06..cfda754 100644 --- a/core.c +++ b/core.c @@ -52,6 +52,14 @@ struct hal_core { struct hal_core *next; }; +#ifndef HAL_STATIC_CORE_STATE_BLOCKS +#define HAL_STATIC_CORE_STATE_BLOCKS 0 +#endif + +#if HAL_STATIC_CORE_STATE_BLOCKS > 0 +static hal_core_t core_table[HAL_STATIC_CORE_STATE_BLOCKS]; +#endif + /* * Check whether a core's name matches a particular string. This is a * bit nasty due to non-null-terminated fixed-length names. @@ -91,16 +99,23 @@ static hal_core_t *probe_cores(void) if (head != NULL) return head; - hal_core_t **tail = &head; hal_core_t *core = NULL; + hal_core_t **tail = &head; hal_error_t err = HAL_OK; +#if HAL_STATIC_CORE_STATE_BLOCKS > 0 + int n = 0; +#endif for (hal_addr_t addr = CORE_MIN; addr < CORE_MAX; addr += CORE_SIZE) { +#if HAL_STATIC_CORE_STATE_BLOCKS > 0 + core = &core_table[n]; +#else if (core == NULL && (core = malloc(sizeof(hal_core_t))) == NULL) { err = HAL_ERROR_ALLOCATION_FAILURE; goto fail; } +#endif memset(core, 0, sizeof(*core)); core->info.base = addr; @@ -109,7 +124,7 @@ static hal_core_t *probe_cores(void) (err = hal_io_read(core, ADDR_VERSION, (uint8_t *) core->info.version, 4)) != HAL_OK) goto fail; - if (core->info.name[0] == '\0') + if (core->info.name[0] == 0x00 || core->info.name[0] == 0xff) continue; for (int i = 0; i < sizeof(gaps)/sizeof(*gaps); i++) { @@ -122,20 +137,32 @@ static hal_core_t *probe_cores(void) *tail = core; tail = &core->next; core = NULL; + +#if HAL_STATIC_CORE_STATE_BLOCKS > 0 + if (++n >= HAL_STATIC_CORE_STATE_BLOCKS) + break; +#endif } +#if HAL_STATIC_CORE_STATE_BLOCKS > 0 +#else if (core != NULL) free(core); +#endif return head; fail: +#if HAL_STATIC_CORE_STATE_BLOCKS > 0 + memset(core_table, 0, sizeof(core_table)); +#else if (core != NULL) free(core); while ((core = head) != NULL) { head = core->next; free(core); } +#endif return NULL; } -- cgit v1.2.3 From 9960e43c1a6b7f83b4a345acedbda56fbeaaae0c Mon Sep 17 00:00:00 2001 From: Paul Selkirk Date: Tue, 12 Jul 2016 22:51:16 -0400 Subject: Fix checking for multiple errors in one operation. err = hal_foo() || hal_bar() || hal_baz; maps all errors to 1 (HAL_ERROR_BAD_ARGUMENTS). --- masterkey.c | 48 ++++++++++++++++++++++-------------------------- 1 file changed, 22 insertions(+), 26 deletions(-) diff --git a/masterkey.c b/masterkey.c index 6425515..cc91cfd 100644 --- a/masterkey.c +++ b/masterkey.c @@ -89,22 +89,19 @@ hal_error_t masterkey_volatile_init() return HAL_ERROR_CORE_NOT_FOUND; } - err = - hal_mkmif_set_clockspeed(core, MKM_VOLATILE_SCLK_DIV) || - hal_mkmif_init(core) || - hal_mkmif_read_word(core, MKM_VOLATILE_STATUS_ADDRESS, &status); - - if (err != LIBHAL_OK) return err; + if ((err = hal_mkmif_set_clockspeed(core, MKM_VOLATILE_SCLK_DIV)) != LIBHAL_OK || + (err = hal_mkmif_init(core)) != LIBHAL_OK || + (err = hal_mkmif_read_word(core, MKM_VOLATILE_STATUS_ADDRESS, &status)) != LIBHAL_OK) + return err; if (status != MKM_STATUS_SET && status != MKM_STATUS_NOT_SET) { /* XXX Something is a bit fishy here. If we just write the status word, it reads back wrong sometimes, * while if we write the full buf too it is consistently right afterwards. */ uint8_t buf[KEK_LENGTH] = {0}; - err = - hal_mkmif_write(core, MKM_VOLATILE_STATUS_ADDRESS + 4, buf, sizeof(buf)) || - hal_mkmif_write_word(core, MKM_VOLATILE_STATUS_ADDRESS, MKM_STATUS_NOT_SET); - if (err != LIBHAL_OK) return err; + if ((err = hal_mkmif_write(core, MKM_VOLATILE_STATUS_ADDRESS + 4, buf, sizeof(buf))) != LIBHAL_OK || + (err = hal_mkmif_write_word(core, MKM_VOLATILE_STATUS_ADDRESS, MKM_STATUS_NOT_SET)) != LIBHAL_OK) + return err; } volatile_init = 1; @@ -119,11 +116,9 @@ hal_error_t masterkey_volatile_read(uint8_t *buf, size_t len) if (len && len != KEK_LENGTH) return HAL_ERROR_MASTERKEY_BAD_LENGTH; - err = - masterkey_volatile_init() || - hal_mkmif_read_word(core, MKM_VOLATILE_STATUS_ADDRESS, &status); - - if (err != LIBHAL_OK) return err; + if ((err = masterkey_volatile_init()) != LIBHAL_OK || + (err = hal_mkmif_read_word(core, MKM_VOLATILE_STATUS_ADDRESS, &status)) != LIBHAL_OK) + return err; if (buf != NULL && len) { /* Don't return the random bytes in the RAM memory in case it isn't initialized. @@ -151,12 +146,12 @@ hal_error_t masterkey_volatile_write(uint8_t *buf, size_t len) if (len != KEK_LENGTH) return HAL_ERROR_MASTERKEY_BAD_LENGTH; if (! buf) return HAL_ERROR_MASTERKEY_FAIL; - err = - masterkey_volatile_init() || - hal_mkmif_write(core, MKM_VOLATILE_STATUS_ADDRESS + 4, buf, len) || - hal_mkmif_write_word(core, MKM_VOLATILE_STATUS_ADDRESS, MKM_STATUS_SET); + if ((err = masterkey_volatile_init()) != LIBHAL_OK || + (err = hal_mkmif_write(core, MKM_VOLATILE_STATUS_ADDRESS + 4, buf, len)) != LIBHAL_OK || + (err = hal_mkmif_write_word(core, MKM_VOLATILE_STATUS_ADDRESS, MKM_STATUS_SET)) != LIBHAL_OK) + return err; - return err; + return LIBHAL_OK; } hal_error_t masterkey_volatile_erase(size_t len) @@ -166,12 +161,12 @@ hal_error_t masterkey_volatile_erase(size_t len) if (len != KEK_LENGTH) return HAL_ERROR_MASTERKEY_BAD_LENGTH; - err = - masterkey_volatile_init() || - hal_mkmif_write(core, MKM_VOLATILE_STATUS_ADDRESS + 4, buf, sizeof(buf)) || - hal_mkmif_write_word(core, MKM_VOLATILE_STATUS_ADDRESS, MKM_STATUS_NOT_SET); + if ((err = masterkey_volatile_init()) != LIBHAL_OK || + (err = hal_mkmif_write(core, MKM_VOLATILE_STATUS_ADDRESS + 4, buf, sizeof(buf))) != LIBHAL_OK || + (err = hal_mkmif_write_word(core, MKM_VOLATILE_STATUS_ADDRESS, MKM_STATUS_NOT_SET)) != LIBHAL_OK) + return err; - return err; + return LIBHAL_OK; } hal_error_t masterkey_flash_init() @@ -187,10 +182,11 @@ hal_error_t masterkey_flash_read(uint8_t *buf, size_t len) { uint8_t page[KEYSTORE_PAGE_SIZE]; uint32_t *status = (uint32_t *) page; + hal_error_t err; if (len && len != KEK_LENGTH) return HAL_ERROR_MASTERKEY_BAD_LENGTH; - if (masterkey_flash_init() != LIBHAL_OK) return HAL_ERROR_MASTERKEY_FAIL; + if ((err = masterkey_flash_init()) != LIBHAL_OK) return err; if (! keystore_read_data(MKM_FLASH_STATUS_ADDRESS, page, sizeof(page))) { memset(page, 0, sizeof(page)); -- cgit v1.2.3