[Cryptech-Commits] [sw/libhal] branch master updated: ks_flash returns all-ones instead of all-zeros for "blank" memory, cope.

[git at cryptech.is]

This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch master
in repository sw/libhal.

The following commit(s) were added to refs/heads/master by this push:
       new  c521d7f   ks_flash returns all-ones instead of all-zeros for "blank" memory, cope.
c521d7f is described below

commit c521d7f590ecafaaed378c20e03aa657361f1638
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Thu Jun 23 23:06:11 2016 -0400

    ks_flash returns all-ones instead of all-zeros for "blank" memory, cope.
    
    This will need refactoring once we have a proper test for whether the
    HSM is initializing after receiving a fresh software load.
---
 ks.c       | 26 +++++++++++++++++---------
 rpc_misc.c |  5 ++++-
 2 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/ks.c b/ks.c
index d252620..48d4751 100644
--- a/ks.c
+++ b/ks.c
@@ -371,27 +371,35 @@ hal_error_t hal_ks_get_pin(const hal_user_t user,
   default:		return HAL_ERROR_BAD_ARGUMENTS;
   }
 
+#warning Need better "Have we been initialized yet?" test
   /*
    * If we were looking for the WHEEL PIN and it appears to be
    * completely unset, return the compiled-in last-gasp PIN.  This is
-   * not a great answer, but we need some kind of bootstrapping
+   * a terrible answer, but we need some kind of bootstrapping
    * mechanism.  Feel free to suggest something better.
    *
    * We probably need some more general "have we been initialized?"
    * state somewhere, and might want to refuse to do things like
    * storing keys until we've been initialized and the appropriate
    * PINs have been set.
+   *
+   * Just to make things more fun, some drivers return all zeros for
+   * "this has never been set", some return all ones to indicate the
+   * same thing.  REALLY need a flag somewhere.
    */
 
-  if (user == HAL_USER_WHEEL && (*pin)->iterations == 0) {
-    uint8_t u = 0;
-    for (int i = 0; i < sizeof((*pin)->pin); i++)
-      u |= (*pin)->pin[i];
-    for (int i = 0; i < sizeof((*pin)->salt); i++)
-      u |= (*pin)->salt[i];
-    if (u == 0)
-      *pin = &hal_last_gasp_pin;
+  uint8_t u00 = 0x00, uFF = 0xFF;
+  for (int i = 0; i < sizeof((*pin)->pin); i++) {
+    u00 |= (*pin)->pin[i];
+    uFF &= (*pin)->pin[i];
+  }
+  for (int i = 0; i < sizeof((*pin)->salt); i++) {
+    u00 |= (*pin)->salt[i];
+    uFF &= (*pin)->salt[i];
   }
+  if (user == HAL_USER_WHEEL && ((u00 == 0x00 && (*pin)->iterations == 0x00000000) ||
+                                 (uFF == 0xFF && (*pin)->iterations == 0xFFFFFFFF)))
+    *pin = &hal_last_gasp_pin;
 
   return HAL_OK;
 }
diff --git a/rpc_misc.c b/rpc_misc.c
index 18f4083..8176c6f 100644
--- a/rpc_misc.c
+++ b/rpc_misc.c
@@ -210,7 +210,10 @@ static hal_error_t set_pin(const hal_client_handle_t client,
 
   hal_ks_pin_t p = *pp;
 
-  if (p.iterations == 0)
+  /*
+   * Another all-zeros vs all-ones disagreement between drivers.
+   */
+  if (p.iterations == 0x00000000 || p.iterations == 0xffffffff)
     p.iterations = HAL_PIN_DEFAULT_ITERATIONS;
 
   if ((err = hal_get_random(NULL, p.salt, sizeof(p.salt)))      != HAL_OK ||

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.