From 378bcae718b7b8785b06c8cf82344e4f344a9215 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Fri, 30 Sep 2016 08:34:59 -0400 Subject: Multi-block object support in keystore. The main reason for supporting multi-block objects is to allow the PKCS #11 code to attach more attributes than will fit comfortably in a single flash block. This may turn out to be unnecessary once we've fleshed out the attribute storage and retrieval code; if so, we can simplify the code, but this way the keystore won't impose arbitrary (and somewhat inscrutable) size limits on PKCS #11 attributes for large keys. This snapshot passes light testing (PKCS #11 "make test" runs), but the tombstone recovery code in ks_init() is a bit involved, and needs more testing with simulated failures (probably induced under GDB). --- ks_volatile.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'ks_volatile.c') diff --git a/ks_volatile.c b/ks_volatile.c index 72ee1cb..29793a4 100644 --- a/ks_volatile.c +++ b/ks_volatile.c @@ -71,7 +71,7 @@ typedef struct { typedef struct { hal_ks_index_t ksi; uint16_t _index[HAL_STATIC_KS_VOLATILE_SLOTS]; - hal_uuid_t _names[HAL_STATIC_KS_VOLATILE_SLOTS]; + hal_ks_name_t _names[HAL_STATIC_KS_VOLATILE_SLOTS]; ks_key_t keys[HAL_STATIC_KS_VOLATILE_SLOTS]; } db_t; @@ -176,7 +176,7 @@ static hal_error_t ks_store(hal_ks_t *ks, if (ksv->db == NULL) return HAL_ERROR_KEYSTORE_ACCESS; - if ((err = hal_ks_index_add(&ksv->db->ksi, &slot->name, &b)) != HAL_OK) + if ((err = hal_ks_index_add(&ksv->db->ksi, &slot->name, 0, &b, NULL)) != HAL_OK) return err; uint8_t kek[KEK_LENGTH]; @@ -197,7 +197,7 @@ static hal_error_t ks_store(hal_ks_t *ks, if (err == HAL_OK) ksv->db->keys[b] = k; else - (void) hal_ks_index_delete(&ksv->db->ksi, &slot->name, NULL); + (void) hal_ks_index_delete(&ksv->db->ksi, &slot->name, 0, NULL, NULL); return err; } @@ -216,7 +216,7 @@ static hal_error_t ks_fetch(hal_ks_t *ks, if (ksv->db == NULL) return HAL_ERROR_KEYSTORE_ACCESS; - if ((err = hal_ks_index_find(&ksv->db->ksi, &slot->name, &b)) != HAL_OK) + if ((err = hal_ks_index_find(&ksv->db->ksi, &slot->name, 0, &b, NULL)) != HAL_OK) return err; const ks_key_t * const k = &ksv->db->keys[b]; @@ -264,7 +264,7 @@ static hal_error_t ks_delete(hal_ks_t *ks, if (ksv->db == NULL) return HAL_ERROR_KEYSTORE_ACCESS; - if ((err = hal_ks_index_delete(&ksv->db->ksi, &slot->name, &b)) != HAL_OK) + if ((err = hal_ks_index_delete(&ksv->db->ksi, &slot->name, 0, &b, NULL)) != HAL_OK) return err; memset(&ksv->db->keys[b], 0, sizeof(ksv->db->keys[b])); @@ -289,8 +289,10 @@ static hal_error_t ks_list(hal_ks_t *ks, return HAL_ERROR_RESULT_TOO_LONG; for (int i = 0; i < ksv->db->ksi.used; i++) { - unsigned b = ksv->db->ksi.index[i]; - result[i].name = ksv->db->ksi.names[b]; + unsigned b = ksv->db->ksi.index[i]; + if (ksv->db->ksi.names[b].chunk > 0) + continue; + result[i].name = ksv->db->ksi.names[b].name; result[i].type = ksv->db->keys[b].type; result[i].curve = ksv->db->keys[b].curve; result[i].flags = ksv->db->keys[b].flags; -- cgit v1.2.3