From c1b19879e13e5717867c73b3273b0fbdeea88c01 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Wed, 24 May 2017 22:36:55 -0400 Subject: Type name cleanup, key visibility. --- ks.c | 181 ++++++++++++++++++++++++++++++++++++++++++++----------------------- ks.h | 168 +++++++++++++++++++++++--------------------------------------- 2 files changed, 180 insertions(+), 169 deletions(-) diff --git a/ks.c b/ks.c index c107eb6..89babc2 100644 --- a/ks.c +++ b/ks.c @@ -321,7 +321,7 @@ hal_error_t hal_ks_index_replace(hal_ks_t *ks, * result, leave the lru values alone and the right thing will happen. */ -static inline ks_block_t *cache_pick_lru(hal_ks_t *ks) +static inline hal_ks_block_t *cache_pick_lru(hal_ks_t *ks) { uint32_t best_delta = 0; int best_index = 0; @@ -347,7 +347,7 @@ static inline ks_block_t *cache_pick_lru(hal_ks_t *ks) * Find a block in our in-memory cache; return block or NULL if not present. */ -static inline ks_block_t *cache_find_block(const hal_ks_t * const ks, const unsigned blockno) +static inline hal_ks_block_t *cache_find_block(const hal_ks_t * const ks, const unsigned blockno) { for (int i = 0; i < ks->cache_size; i++) if (ks->cache[i].blockno == blockno) @@ -359,7 +359,7 @@ static inline ks_block_t *cache_find_block(const hal_ks_t * const ks, const unsi * Mark a block in our in-memory cache as being in current use. */ -static inline void cache_mark_used(hal_ks_t *ks, const ks_block_t * const block, const unsigned blockno) +static inline void cache_mark_used(hal_ks_t *ks, const hal_ks_block_t * const block, const unsigned blockno) { for (int i = 0; i < ks->cache_size; i++) { if (&ks->cache[i].block == block) { @@ -374,7 +374,7 @@ static inline void cache_mark_used(hal_ks_t *ks, const ks_block_t * const block, * Release a block from the in-memory cache. */ -static inline void cache_release(hal_ks_t *ks, const ks_block_t * const block) +static inline void cache_release(hal_ks_t *ks, const hal_ks_block_t * const block) { if (block != NULL) cache_mark_used(block, ~0); @@ -383,12 +383,12 @@ static inline void cache_release(hal_ks_t *ks, const ks_block_t * const block) /* * Generate CRC-32 for a block. * - * This function needs to understand the structure of - * ks_block_header_t, so that it can skip over fields that + * This function needs to understand the structure of the + * hal_ks_block_header_t, so that it can skip over fields that * shouldn't be included in the CRC. */ -static hal_crc32_t calculate_block_crc(const ks_block_t * const block) +static hal_crc32_t calculate_block_crc(const hal_ks_block_t * const block) { hal_crc32_t crc = hal_crc32_init(); @@ -398,8 +398,8 @@ static hal_crc32_t calculate_block_crc(const ks_block_t * const block) sizeof(block->header.block_type)); crc = hal_crc32_update(crc, - block->bytes + sizeof(ks_block_header_t), - sizeof(*block) - sizeof(ks_block_header_t)); + block->bytes + sizeof(hal_ks_block_header_t), + sizeof(*block) - sizeof(hal_ks_block_header_t)); } return hal_crc32_finalize(crc); @@ -408,10 +408,10 @@ static hal_crc32_t calculate_block_crc(const ks_block_t * const block) /* * Read a block using the cache. Marking the block as used is left * for the caller, so we can avoid blowing out the cache when we - * perform a ks_match() operation. + * perform a hal_ks_match() operation. */ -static hal_error_t block_read_cached(hal_ks_t *ks, const unsigned blockno, ks_block_t **block) +static hal_error_t block_read_cached(hal_ks_t *ks, const unsigned blockno, hal_ks_block_t **block) { if (block == NULL) return HAL_ERROR_IMPOSSIBLE; @@ -431,7 +431,7 @@ static hal_error_t block_read_cached(hal_ks_t *ks, const unsigned blockno, ks_bl static hal_error_t block_update(hal_ks_t *ks, const unsigned b1, - ks_block_t *block, + hal_ks_block_t *block, const hal_uuid_t * const uuid, int *hint) { @@ -479,9 +479,9 @@ static inline void *gnaw(uint8_t **mem, size_t *len, const size_t size) return ret; } -#warning Call ks_alloc_common() and ks_init_common() while holding hal_ks_lock(); ! +#warning Call hal_ks_alloc_common() and hal_ks_init_common() while holding hal_ks_lock(); ! -hal_error_t ks_alloc_common(hal_ks_t *ks, const unsigned ks_blocks, const unsigned cache_blocks) +hal_error_t hal_ks_alloc_common(hal_ks_t *ks, const unsigned ks_blocks, const unsigned cache_blocks) { /* * We allocate a single big chunk of memory rather than three @@ -511,7 +511,7 @@ hal_error_t ks_alloc_common(hal_ks_t *ks, const unsigned ks_blocks, const unsign return HAL_OK; } -hal_error_t ks_init_common(hal_ks_t *ks, const hal_ks_driver_t * const driver) +hal_error_t hal_ks_init_common(hal_ks_t *ks, const hal_ks_driver_t * const driver) { if (ks->index == NULL || ks->names == NULL || ks->cache == NULL) return HAL_ERROR_IMPOSSIBLE; @@ -527,9 +527,9 @@ hal_error_t ks_init_common(hal_ks_t *ks, const hal_ks_driver_t * const driver) * like power failures at inconvenient times. */ - ks_block_type_t block_types[ks->size]; - ks_block_status_t block_status[ks->size]; - ks_block_t *block = cache_pick_lru(ks); + hal_ks_block_type_t block_types[ks->size]; + hal_ks_block_status_t block_status[ks->size]; + hal_ks_block_t *block = cache_pick_lru(ks); int first_erased = -1; hal_error_t err; uint16_t n = 0; @@ -711,6 +711,10 @@ hal_error_t ks_init_common(hal_ks_t *ks, const hal_ks_driver_t * const driver) return HAL_OK; } +/* + * Test whether we like a particular key type. + */ + static inline int acceptable_key_type(const hal_key_type_t type) { switch (type) { @@ -724,15 +728,56 @@ static inline int acceptable_key_type(const hal_key_type_t type) } } -hal_error_t ks_store(hal_ks_t *ks, - hal_pkey_slot_t *slot, - const uint8_t * const der, const size_t der_len) +/* + * Test whether the current session can see a particular key. One + * might expect this to be based on whether the session matches, and + * indeed it would be in a sane world, but in the world of PKCS #11, + * keys belong to sessions, are visible to other sessions, and may + * even be modifiable by other sessions, but softly and silently + * vanish away when the original creating session is destroyed. + * + * In our terms, this means that visibility of session objects is + * determined only by the client handle, so taking the session handle + * as an argument here isn't really necessary, but we've flipflopped + * on that enough times that at least for now I'd prefer to leave the + * session handle here and not have to revise all the RPC calls again. + * Remove it at some later date and redo the RPC calls if we manage to + * avoid revising this yet again. + */ + +static inline hal_error_t key_visible(const hal_ks_t * const ks, + const hal_client_handle_t client, + const hal_session_handle_t session, + const unsigned blockno) +{ + if (ks == NULL) + return HAL_ERROR_IMPOSSIBLE; + + if (!ks->per_session) + return HAL_OK; + + hal_error_t err; + + if ((err = hal_ks_test_owner(ks, client, session)) != HAL_OK) + return err; + + err = hal_rpc_is_logged_in(client, HAL_USER_WHEEL); + + if (err == HAL_ERROR_FORBIDDEN) + err = HAL_ERROR_KEY_NOT_FOUND; + + return err; +} + +hal_error_t hal_ks_store(hal_ks_t *ks, + hal_pkey_slot_t *slot, + const uint8_t * const der, const size_t der_len) { if (ks == NULL || slot == NULL || der == NULL || der_len == 0 || !acceptable_key_type(slot->type)) return HAL_ERROR_BAD_ARGUMENTS; hal_error_t err = HAL_OK; - ks_block_t *block; + hal_ks_block_t *block; flash_key_block_t *k; uint8_t kek[KEK_LENGTH]; size_t kek_len; @@ -778,6 +823,9 @@ hal_error_t ks_store(hal_ks_t *ks, if (err == HAL_OK) err = block_write(ks, b, block); + if (err == HAL_OK) + err = hal_ks_set_owner(ks, b, slot->client_handle, slot->session_handle); + if (err == HAL_OK) goto done; @@ -790,21 +838,22 @@ hal_error_t ks_store(hal_ks_t *ks, return err; } -static hal_error_t ks_fetch(hal_ks_t *ks, - hal_pkey_slot_t *slot, - uint8_t *der, size_t *der_len, const size_t der_max) +hal_error_t hal_ks_fetch(hal_ks_t *ks, + hal_pkey_slot_t *slot, + uint8_t *der, size_t *der_len, const size_t der_max) { if (ks == NULL || slot == NULL) return HAL_ERROR_BAD_ARGUMENTS; hal_error_t err = HAL_OK; - ks_block_t *block; + hal_ks_block_t *block; unsigned b; hal_ks_lock(); - if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint)) != HAL_OK || - (err = block_read_cached(ks, b, &block)) != HAL_OK) + if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint)) != HAL_OK || + (err = key_visible(ks, slot->client_handle, slot->session_handle, b)) != HAL_OK || + (err = block_read_cached(ks, b, &block)) != HAL_OK) goto done; if (block_get_type(block) != BLOCK_TYPE_KEY) { @@ -845,8 +894,8 @@ static hal_error_t ks_fetch(hal_ks_t *ks, return err; } -static hal_error_t ks_delete(hal_ks_t *ks, - hal_pkey_slot_t *slot) +hal_error_t hal_ks_delete(hal_ks_t *ks, + hal_pkey_slot_t *slot) { if (ks == NULL || slot == NULL) return HAL_ERROR_BAD_ARGUMENTS; @@ -856,7 +905,8 @@ static hal_error_t ks_delete(hal_ks_t *ks, hal_ks_lock(); - if ((err = hal_ks_index_delete(ks, &slot->name, &b, &slot->hint)) != HAL_OK) + if ((err = hal_ks_index_delete(ks, &slot->name, &b, &slot->hint)) != HAL_OK || + (err = key_visible(ks, slot->client_handle, slot->session_handle, b)) != HAL_OK) goto done; cache_release(ks, cache_find_block(ks, b)); @@ -871,7 +921,7 @@ static hal_error_t ks_delete(hal_ks_t *ks, return err; } -static inline hal_error_t locate_attributes(ks_block_t *block, +static inline hal_error_t locate_attributes(hal_ks_block_t *block, uint8_t **bytes, size_t *bytes_len, unsigned **attrs_len) { @@ -888,26 +938,26 @@ static inline hal_error_t locate_attributes(ks_block_t *block, return HAL_OK; } -static hal_error_t ks_match(hal_ks_t *ks, - const hal_client_handle_t client, - const hal_session_handle_t session, - const hal_key_type_t type, - const hal_curve_name_t curve, - const hal_key_flags_t mask, - const hal_key_flags_t flags, - const hal_pkey_attribute_t *attributes, - const unsigned attributes_len, - hal_uuid_t *result, - unsigned *result_len, - const unsigned result_max, - const hal_uuid_t * const previous_uuid) +hal_error_t hal_ks_match(hal_ks_t *ks, + const hal_client_handle_t client, + const hal_session_handle_t session, + const hal_key_type_t type, + const hal_curve_name_t curve, + const hal_key_flags_t mask, + const hal_key_flags_t flags, + const hal_pkey_attribute_t *attributes, + const unsigned attributes_len, + hal_uuid_t *result, + unsigned *result_len, + const unsigned result_max, + const hal_uuid_t * const previous_uuid) { if (ks == NULL || (attributes == NULL && attributes_len > 0) || result == NULL || result_len == NULL || previous_uuid == NULL) return HAL_ERROR_BAD_ARGUMENTS; hal_error_t err = HAL_OK; - ks_block_t *block; + hal_ks_block_t *block; int i = -1; hal_ks_lock(); @@ -928,6 +978,11 @@ static hal_error_t ks_match(hal_ks_t *ks, if ((err = block_read_cached(ks, b, &block)) != HAL_OK) goto done; + if ((err = key_visible(ks, client, session, b)) == HAL_ERROR_KEY_NOT_FOUND) + continue; + else if (err != HAL_OK) + goto done; + if ((type != HAL_KEY_TYPE_NONE && type != block->key.type) || (curve != HAL_CURVE_NONE && curve != block->key.curve) || ((flags ^ block->key.flags) & mask) != 0) @@ -982,23 +1037,24 @@ static hal_error_t ks_match(hal_ks_t *ks, return err; } -static hal_error_t ks_set_attributes(hal_ks_t *ks, - hal_pkey_slot_t *slot, - const hal_pkey_attribute_t *attributes, - const unsigned attributes_len) +hal_error_t hal_ks_set_attributes(hal_ks_t *ks, + hal_pkey_slot_t *slot, + const hal_pkey_attribute_t *attributes, + const unsigned attributes_len) { if (ks == NULL || slot == NULL || attributes == NULL || attributes_len == 0) return HAL_ERROR_BAD_ARGUMENTS; hal_error_t err = HAL_OK; - ks_block_t *block; + hal_ks_block_t *block; unsigned b; hal_ks_lock(); { - if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint)) != HAL_OK || - (err = block_read_cached(ks, b, &block)) != HAL_OK) + if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint)) != HAL_OK || + (err = key_visibile(ks, slot->client_handle, slot->session_handle, b)) != HAL_OK || + (err = block_read_cached(ks, b, &block)) != HAL_OK) goto done; cache_mark_used(ks, block, b); @@ -1037,12 +1093,12 @@ static hal_error_t ks_set_attributes(hal_ks_t *ks, return err; } -static hal_error_t ks_get_attributes(hal_ks_t *ks, - hal_pkey_slot_t *slot, - hal_pkey_attribute_t *attributes, - const unsigned attributes_len, - uint8_t *attributes_buffer, - const size_t attributes_buffer_len) +hal_error_t hal_ks_get_attributes(hal_ks_t *ks, + hal_pkey_slot_t *slot, + hal_pkey_attribute_t *attributes, + const unsigned attributes_len, + uint8_t *attributes_buffer, + const size_t attributes_buffer_len) { if (ks == NULL || slot == NULL || attributes == NULL || attributes_len == 0 || attributes_buffer == NULL) @@ -1054,7 +1110,7 @@ static hal_error_t ks_get_attributes(hal_ks_t *ks, } uint8_t *abuf = attributes_buffer; - ks_block_t *block = NULL; + hal_ks_block_t *block = NULL; hal_error_t err = HAL_OK; unsigned found = 0; unsigned b; @@ -1062,8 +1118,9 @@ static hal_error_t ks_get_attributes(hal_ks_t *ks, hal_ks_lock(); { - if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint)) != HAL_OK || - (err = block_read_cached(ks, b, &block)) != HAL_OK) + if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint)) != HAL_OK || + (err = key_visibile(ks, slot->client_handle, slot->session_handle, b)) != HAL_OK || + (err = block_read_cached(ks, b, &block)) != HAL_OK) goto done; cache_mark_used(ks, block, b); diff --git a/ks.h b/ks.h index ff6d382..3db2e66 100644 --- a/ks.h +++ b/ks.h @@ -1,82 +1,36 @@ -// Notes towards unified keystore code (drivers become just low-level -// "disk" I/O and perhaps a bit of local init/shutdown). -// -// Most of the structure definitions in ks_flash.c and ks_volatile.c -// become common and go in ks.h (or wherever, but probably be enough -// stuff that separate .h file might be easier to read). -// -// We already have -// -// typedef struct hal_ks hal_ks_t; -// -// which we "subclass" to get ks_t (ks_volatile) and db_t (ks_flash). -// We can move more common stuff there. -// -// flash_block_t (etc) becomes ks_block_t (etc) as these data -// structures will be used by all keystores, not just flash. -// -// We might want to fold hal_ks_index_t into hal_ks_t as everything -// will be using it. Then again, it's relatively harmless as it is, a -// bit more verbose trading for a bit more isolation. Probably go for -// less verbose, for readability. -// -// Each keystore will still have some weird private stuff, like the -// RAM for the keys themselves in the volatile case and the PIN stuff -// in the flash case. -// -// The ks_flash cache, however, probably wants to become common code. -// Yes we could get a bit more efficient if we skipped caching in the -// volatile case, but that's not our bottleneck and there are some -// cases where the code relies on knowing that mucking with the cache -// copy is harmless until we write the block to "disk", don't want to -// mess with that, so keep the flash model for volatile. Cache size -// will need to become another hal_ks_t field. -// -// Don't remember exactly where we're doing the "subclassing" casts, -// should be easy enough to find...except that ks_flash is mostly -// ignoring that argument and using the static db variable directly. -// ks_volatile may be closer to write on this point, as it already had -// ks_to_ksv(). But most of the code will be in a driver-agnostic -// ks.c (or whatever) and will be calling functions that care through -// the driver, maybe this doesn't matter very much. -// -// Tedious though it sounds, might be simplest just to check each -// function in ks_*.c to see whether it moves to ks.[ch] or becomes -// something called by the new lower-level driver API. Need a sketch -// of the lower-level driver API, chicken and egg there but probably -// is init(), shutdown(), block_read(), block_deprecate(), -// block_zero(), block_erase(), block_erase_maybe(), block-write(). -// Possible that some of these don't really need to be driver, was -// mostly basing this on which things in ks_flash touch flash -// directly-ish via the keystore_*() functions. -// -// Would be nice if we can make the API regular enough (inline -// functions?) that user need not really care which functions are -// driver-specific and which are layered on top, but that may be -// impractical (or silly). -// -// Hmm, hal_ks_open() and hal_ks_close() don't quite fit new model, -// what was I thinking there? Not much, existing implementations just -// use that to get back a (hal_ks_t*), so really just checking the -// binding between driver and keystore object. -// -// I think this boils down to another instance of the confusion -// between what in Python would be Keystore.__new__() and -// Keystore.__init__(). This even sort of fits with the weird `alloc` -// parameter in ks_init(). -// -// Maybe we can trust C memory initialization enough to use a zeroed -// static variable as test for whether a keystore has been -// initialized, and just have the low-level (driver) methods check -// that and fail if trying to use an uninitialized keystore? -// -// Pythonesque view might be the right way to handle ks_init(0 and -// ks_shutdown() too: in most cases we have inline functions which -// call the driver function, but for these methods the subclass needs -// to extend the abstract method, which translates, in C, to the -// generic method calling the driver method of the same name at the -// right time. Not quite what Python does but close enough. - +/* + * ks.h + * ---- + * Keystore, generic parts anyway. This is internal within libhal. + * + * Copyright (c) 2015-2017, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ #ifndef _KS_H_ #define _KS_H_ @@ -107,22 +61,22 @@ */ typedef enum { - KS_BLOCK_TYPE_ERASED = 0xFF, /* Pristine erased block (candidate for reuse) */ - KS_BLOCK_TYPE_ZEROED = 0x00, /* Zeroed block (recently used) */ - KS_BLOCK_TYPE_KEY = 0x55, /* Block contains key material */ - KS_BLOCK_TYPE_PIN = 0xAA, /* Block contains PINs */ - KS_BLOCK_TYPE_UNKNOWN = -1, /* Internal code for "I have no clue what this is" */ -} ks_block_type_t; + HAL_KS_BLOCK_TYPE_ERASED = 0xFF, /* Pristine erased block (candidate for reuse) */ + HAL_KS_BLOCK_TYPE_ZEROED = 0x00, /* Zeroed block (recently used) */ + HAL_KS_BLOCK_TYPE_KEY = 0x55, /* Block contains key material */ + HAL_KS_BLOCK_TYPE_PIN = 0xAA, /* Block contains PINs */ + HAL_KS_BLOCK_TYPE_UNKNOWN = -1, /* Internal code for "I have no clue what this is" */ +} hal_ks_block_type_t; /* * Block status. */ typedef enum { - KS_BLOCK_STATUS_LIVE = 0x66, /* This is a live block */ - KS_BLOCK_STATUS_TOMBSTONE = 0x44, /* This is a tombstone left behind during an update */ - KS_BLOCK_STATUS_UNKNOWN = -1, /* Internal code for "I have no clue what this is" */ -} ks_block_status_t; + HAL_KS_BLOCK_STATUS_LIVE = 0x66, /* This is a live block */ + HAL_KS_BLOCK_STATUS_TOMBSTONE = 0x44, /* This is a tombstone left behind during an update */ + HAL_KS_BLOCK_STATUS_UNKNOWN = -1, /* Internal code for "I have no clue what this is" */ +} hal_ks_block_status_t; /* * Common header for all keystore block types. @@ -133,14 +87,14 @@ typedef struct { uint8_t block_type; uint8_t block_status; hal_crc32_t crc; -} ks_block_header_t; +} hal_ks_block_header_t; /* * Key block. Tail end of "der" field (after der_len) used for attributes. */ typedef struct { - ks_block_header_t header; + hal_ks_block_header_t header; hal_uuid_t name; hal_key_type_t type; hal_curve_name_t curve; @@ -148,10 +102,10 @@ typedef struct { size_t der_len; unsigned attributes_len; uint8_t der[]; /* Must be last field -- C99 "flexible array member" */ -} ks_blockkey_block_t; +} hal_ks_blockkey_block_t; #define SIZEOF_KS_BLOCKKEY_BLOCK_DER \ - (HAL_KS_BLOCK_SIZE - offsetof(ks_blockkey_block_t, der)) + (HAL_KS_BLOCK_SIZE - offsetof(hal_ks_blockkey_block_t, der)) /* * PIN block. Also includes space for backing up the KEK when @@ -159,7 +113,7 @@ typedef struct { */ typedef struct { - ks_block_header_t header; + hal_ks_block_header_t header; hal_ks_pin_t wheel_pin; hal_ks_pin_t so_pin; hal_ks_pin_t user_pin; @@ -167,7 +121,7 @@ typedef struct { uint32_t kek_set; uint8_t kek[KEK_LENGTH]; #endif -} ks_blockpin_block_t; +} hal_ks_blockpin_block_t; #define FLASH_KEK_SET 0x33333333 @@ -176,11 +130,11 @@ typedef struct { */ typedef union { - uint8_t bytes[HAL_KS_BLOCK_SIZE]; - ks_block_header_t header; - ks_blockkey_block_t key; - ks_blockpin_block_t pin; -} ks_block_t; + uint8_t bytes[HAL_KS_BLOCK_SIZE]; + hal_ks_block_header_t header; + hal_ks_blockkey_block_t key; + hal_ks_blockpin_block_t pin; +} hal_ks_block_t; /* * In-memory cache. @@ -189,8 +143,8 @@ typedef union { typedef struct { unsigned blockno; unsigned lru; - ks_block_t block; -} ks_cache_block_t; + hal_ks_block_t block; +} hal_ks_cache_block_t; /* * Medium-specific driver and in-memory database. @@ -215,21 +169,21 @@ struct hal_ks { hal_uuid_t *names; /* Keyname array */ unsigned cache_lru; /* Cache LRU counter */ unsigned cache_size; /* Size (how many blocks) in cache */ - ks_cache_block_t *cache; /* Cache */ + hal_ks_cache_block_t *cache; /* Cache */ int per_session; /* Whether objects have per-session semantics (PKCS #11, sigh) */ }; struct hal_ks_driver { hal_error_t (*init) (hal_ks_t *, const int alloc); hal_error_t (*shutdown) (hal_ks_t *); - hal_error_t (*read) (hal_ks_t *, const unsigned blockno, ks_block_t *); - hal_error_t (*write) (hal_ks_t *, const unsigned blockno, ks_block_t *) + hal_error_t (*read) (hal_ks_t *, const unsigned blockno, hal_ks_block_t *); + hal_error_t (*write) (hal_ks_t *, const unsigned blockno, hal_ks_block_t *) hal_error_t (*deprecate) (hal_ks_t *, const unsigned blockno); hal_error_t (*zero) (hal_ks_t *, const unsigned blockno); hal_error_t (*erase) (hal_ks_t *, const unsigned blockno); hal_error_t (*erase_maybe) (hal_ks_t *, const unsigned blockno); - hal_error_t (*get_owner) (hal_ks_t *, const unsigned blockno, hal_client_handle_t *, hal_session_handle_t *); - hal_error_t (*set_owner) (hal_ks_t *, const unsigned blockno, const hal_client_handle_t, const hal_session_handle_t); + hal_error_t (*set_owner) (hal_ks_t *, const unsigned blockno, const hal_client_handle_t, const hal_session_handle_t); + hal_error_t (*test_owner) (hal_ks_t *, const unsigned blockno, const hal_client_handle_t, const hal_session_handle_t); }; #endif /* _KS_H_ */ -- cgit v1.2.3