[Cryptech-Commits] [sw/libhal] 03/08: Type name cleanup, key visibility.

git at cryptech.is git at cryptech.is
Sun May 28 22:51:52 UTC 2017


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch ks9
in repository sw/libhal.

commit c1b19879e13e5717867c73b3273b0fbdeea88c01
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Wed May 24 22:36:55 2017 -0400

    Type name cleanup, key visibility.
---
 ks.c | 181 ++++++++++++++++++++++++++++++++++++++++++++-----------------------
 ks.h | 168 +++++++++++++++++++++++---------------------------------------
 2 files changed, 180 insertions(+), 169 deletions(-)

diff --git a/ks.c b/ks.c
index c107eb6..89babc2 100644
--- a/ks.c
+++ b/ks.c
@@ -321,7 +321,7 @@ hal_error_t hal_ks_index_replace(hal_ks_t *ks,
  * result, leave the lru values alone and the right thing will happen.
  */
 
-static inline ks_block_t *cache_pick_lru(hal_ks_t *ks)
+static inline hal_ks_block_t *cache_pick_lru(hal_ks_t *ks)
 {
   uint32_t best_delta = 0;
   int      best_index = 0;
@@ -347,7 +347,7 @@ static inline ks_block_t *cache_pick_lru(hal_ks_t *ks)
  * Find a block in our in-memory cache; return block or NULL if not present.
  */
 
-static inline ks_block_t *cache_find_block(const hal_ks_t * const ks, const unsigned blockno)
+static inline hal_ks_block_t *cache_find_block(const hal_ks_t * const ks, const unsigned blockno)
 {
   for (int i = 0; i < ks->cache_size; i++)
     if (ks->cache[i].blockno == blockno)
@@ -359,7 +359,7 @@ static inline ks_block_t *cache_find_block(const hal_ks_t * const ks, const unsi
  * Mark a block in our in-memory cache as being in current use.
  */
 
-static inline void cache_mark_used(hal_ks_t *ks, const ks_block_t * const block, const unsigned blockno)
+static inline void cache_mark_used(hal_ks_t *ks, const hal_ks_block_t * const block, const unsigned blockno)
 {
   for (int i = 0; i < ks->cache_size; i++) {
     if (&ks->cache[i].block == block) {
@@ -374,7 +374,7 @@ static inline void cache_mark_used(hal_ks_t *ks, const ks_block_t * const block,
  * Release a block from the in-memory cache.
  */
 
-static inline void cache_release(hal_ks_t *ks, const ks_block_t * const block)
+static inline void cache_release(hal_ks_t *ks, const hal_ks_block_t * const block)
 {
   if (block != NULL)
     cache_mark_used(block, ~0);
@@ -383,12 +383,12 @@ static inline void cache_release(hal_ks_t *ks, const ks_block_t * const block)
 /*
  * Generate CRC-32 for a block.
  *
- * This function needs to understand the structure of
- * ks_block_header_t, so that it can skip over fields that
+ * This function needs to understand the structure of the
+ * hal_ks_block_header_t, so that it can skip over fields that
  * shouldn't be included in the CRC.
  */
 
-static hal_crc32_t calculate_block_crc(const ks_block_t * const block)
+static hal_crc32_t calculate_block_crc(const hal_ks_block_t * const block)
 {
   hal_crc32_t crc = hal_crc32_init();
 
@@ -398,8 +398,8 @@ static hal_crc32_t calculate_block_crc(const ks_block_t * const block)
                            sizeof(block->header.block_type));
 
     crc = hal_crc32_update(crc,
-                           block->bytes   + sizeof(ks_block_header_t),
-                           sizeof(*block) - sizeof(ks_block_header_t));
+                           block->bytes   + sizeof(hal_ks_block_header_t),
+                           sizeof(*block) - sizeof(hal_ks_block_header_t));
   }
 
   return hal_crc32_finalize(crc);
@@ -408,10 +408,10 @@ static hal_crc32_t calculate_block_crc(const ks_block_t * const block)
 /*
  * Read a block using the cache.  Marking the block as used is left
  * for the caller, so we can avoid blowing out the cache when we
- * perform a ks_match() operation.
+ * perform a hal_ks_match() operation.
  */
 
-static hal_error_t block_read_cached(hal_ks_t *ks, const unsigned blockno, ks_block_t **block)
+static hal_error_t block_read_cached(hal_ks_t *ks, const unsigned blockno, hal_ks_block_t **block)
 {
   if (block == NULL)
     return HAL_ERROR_IMPOSSIBLE;
@@ -431,7 +431,7 @@ static hal_error_t block_read_cached(hal_ks_t *ks, const unsigned blockno, ks_bl
 
 static hal_error_t block_update(hal_ks_t *ks,
                                 const unsigned b1,
-                                ks_block_t *block,
+                                hal_ks_block_t *block,
                                 const hal_uuid_t * const uuid,
                                 int *hint)
 {
@@ -479,9 +479,9 @@ static inline void *gnaw(uint8_t **mem, size_t *len, const size_t size)
   return ret;
 }
 
-#warning Call ks_alloc_common() and ks_init_common() while holding hal_ks_lock(); !
+#warning Call hal_ks_alloc_common() and hal_ks_init_common() while holding hal_ks_lock(); !
 
-hal_error_t ks_alloc_common(hal_ks_t *ks, const unsigned ks_blocks, const unsigned cache_blocks)
+hal_error_t hal_ks_alloc_common(hal_ks_t *ks, const unsigned ks_blocks, const unsigned cache_blocks)
 {
   /*
    * We allocate a single big chunk of memory rather than three
@@ -511,7 +511,7 @@ hal_error_t ks_alloc_common(hal_ks_t *ks, const unsigned ks_blocks, const unsign
   return HAL_OK;
 }
 
-hal_error_t ks_init_common(hal_ks_t *ks, const hal_ks_driver_t * const driver)
+hal_error_t hal_ks_init_common(hal_ks_t *ks, const hal_ks_driver_t * const driver)
 {
   if (ks->index == NULL || ks->names == NULL || ks->cache == NULL)
     return HAL_ERROR_IMPOSSIBLE;
@@ -527,9 +527,9 @@ hal_error_t ks_init_common(hal_ks_t *ks, const hal_ks_driver_t * const driver)
    * like power failures at inconvenient times.
    */
 
-  ks_block_type_t   block_types[ks->size];
-  ks_block_status_t block_status[ks->size];
-  ks_block_t *block = cache_pick_lru(ks);
+  hal_ks_block_type_t   block_types[ks->size];
+  hal_ks_block_status_t block_status[ks->size];
+  hal_ks_block_t *block = cache_pick_lru(ks);
   int first_erased = -1;
   hal_error_t err;
   uint16_t n = 0;
@@ -711,6 +711,10 @@ hal_error_t ks_init_common(hal_ks_t *ks, const hal_ks_driver_t * const driver)
   return HAL_OK;
 }
 
+/*
+ * Test whether we like a particular key type.
+ */
+
 static inline int acceptable_key_type(const hal_key_type_t type)
 {
   switch (type) {
@@ -724,15 +728,56 @@ static inline int acceptable_key_type(const hal_key_type_t type)
   }
 }
 
-hal_error_t ks_store(hal_ks_t *ks,
-                     hal_pkey_slot_t *slot,
-                     const uint8_t * const der, const size_t der_len)
+/*
+ * Test whether the current session can see a particular key.  One
+ * might expect this to be based on whether the session matches, and
+ * indeed it would be in a sane world, but in the world of PKCS #11,
+ * keys belong to sessions, are visible to other sessions, and may
+ * even be modifiable by other sessions, but softly and silently
+ * vanish away when the original creating session is destroyed.
+ *
+ * In our terms, this means that visibility of session objects is
+ * determined only by the client handle, so taking the session handle
+ * as an argument here isn't really necessary, but we've flipflopped
+ * on that enough times that at least for now I'd prefer to leave the
+ * session handle here and not have to revise all the RPC calls again.
+ * Remove it at some later date and redo the RPC calls if we manage to
+ * avoid revising this yet again.
+ */
+
+static inline hal_error_t key_visible(const hal_ks_t * const ks,
+                                      const hal_client_handle_t client,
+                                      const hal_session_handle_t session,
+                                      const unsigned blockno)
+{
+  if (ks == NULL)
+    return HAL_ERROR_IMPOSSIBLE;
+
+  if (!ks->per_session)
+    return HAL_OK;
+
+  hal_error_t err;
+
+  if ((err = hal_ks_test_owner(ks, client, session)) != HAL_OK)
+    return err;
+
+  err = hal_rpc_is_logged_in(client, HAL_USER_WHEEL);
+
+  if (err == HAL_ERROR_FORBIDDEN)
+    err = HAL_ERROR_KEY_NOT_FOUND;
+
+  return err;
+}
+
+hal_error_t hal_ks_store(hal_ks_t *ks,
+                         hal_pkey_slot_t *slot,
+                         const uint8_t * const der, const size_t der_len)
 {
   if (ks == NULL || slot == NULL || der == NULL || der_len == 0 || !acceptable_key_type(slot->type))
     return HAL_ERROR_BAD_ARGUMENTS;
 
   hal_error_t err = HAL_OK;
-  ks_block_t *block;
+  hal_ks_block_t *block;
   flash_key_block_t *k;
   uint8_t kek[KEK_LENGTH];
   size_t kek_len;
@@ -779,6 +824,9 @@ hal_error_t ks_store(hal_ks_t *ks,
     err = block_write(ks, b, block);
 
   if (err == HAL_OK)
+    err = hal_ks_set_owner(ks, b, slot->client_handle, slot->session_handle);
+
+  if (err == HAL_OK)
     goto done;
 
   memset(block, 0, sizeof(*block));
@@ -790,21 +838,22 @@ hal_error_t ks_store(hal_ks_t *ks,
   return err;
 }
 
-static hal_error_t ks_fetch(hal_ks_t *ks,
-                            hal_pkey_slot_t *slot,
-                            uint8_t *der, size_t *der_len, const size_t der_max)
+hal_error_t hal_ks_fetch(hal_ks_t *ks,
+                         hal_pkey_slot_t *slot,
+                         uint8_t *der, size_t *der_len, const size_t der_max)
 {
   if (ks == NULL || slot == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
 
   hal_error_t err = HAL_OK;
-  ks_block_t *block;
+  hal_ks_block_t *block;
   unsigned b;
 
   hal_ks_lock();
 
-  if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint)) != HAL_OK ||
-      (err = block_read_cached(ks, b, &block))                    != HAL_OK)
+  if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint))           != HAL_OK ||
+      (err = key_visible(ks, slot->client_handle, slot->session_handle, b)) != HAL_OK ||
+      (err = block_read_cached(ks, b, &block))                              != HAL_OK)
     goto done;
 
   if (block_get_type(block) != BLOCK_TYPE_KEY) {
@@ -845,8 +894,8 @@ static hal_error_t ks_fetch(hal_ks_t *ks,
   return err;
 }
 
-static hal_error_t ks_delete(hal_ks_t *ks,
-                             hal_pkey_slot_t *slot)
+hal_error_t hal_ks_delete(hal_ks_t *ks,
+                          hal_pkey_slot_t *slot)
 {
   if (ks == NULL || slot == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
@@ -856,7 +905,8 @@ static hal_error_t ks_delete(hal_ks_t *ks,
 
   hal_ks_lock();
 
-  if ((err = hal_ks_index_delete(ks, &slot->name, &b, &slot->hint)) != HAL_OK)
+  if ((err = hal_ks_index_delete(ks, &slot->name, &b, &slot->hint))         != HAL_OK ||
+      (err = key_visible(ks, slot->client_handle, slot->session_handle, b)) != HAL_OK)
     goto done;
 
   cache_release(ks, cache_find_block(ks, b));
@@ -871,7 +921,7 @@ static hal_error_t ks_delete(hal_ks_t *ks,
   return err;
 }
 
-static inline hal_error_t locate_attributes(ks_block_t *block,
+static inline hal_error_t locate_attributes(hal_ks_block_t *block,
                                             uint8_t **bytes, size_t *bytes_len,
                                             unsigned **attrs_len)
 {
@@ -888,26 +938,26 @@ static inline hal_error_t locate_attributes(ks_block_t *block,
   return HAL_OK;
 }
 
-static hal_error_t ks_match(hal_ks_t *ks,
-                            const hal_client_handle_t client,
-                            const hal_session_handle_t session,
-                            const hal_key_type_t type,
-                            const hal_curve_name_t curve,
-                            const hal_key_flags_t mask,
-                            const hal_key_flags_t flags,
-                            const hal_pkey_attribute_t *attributes,
-                            const unsigned attributes_len,
-                            hal_uuid_t *result,
-                            unsigned *result_len,
-                            const unsigned result_max,
-                            const hal_uuid_t * const previous_uuid)
+hal_error_t hal_ks_match(hal_ks_t *ks,
+                         const hal_client_handle_t client,
+                         const hal_session_handle_t session,
+                         const hal_key_type_t type,
+                         const hal_curve_name_t curve,
+                         const hal_key_flags_t mask,
+                         const hal_key_flags_t flags,
+                         const hal_pkey_attribute_t *attributes,
+                         const unsigned attributes_len,
+                         hal_uuid_t *result,
+                         unsigned *result_len,
+                         const unsigned result_max,
+                         const hal_uuid_t * const previous_uuid)
 {
   if (ks == NULL || (attributes == NULL && attributes_len > 0) ||
       result == NULL || result_len == NULL || previous_uuid == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
 
   hal_error_t err = HAL_OK;
-  ks_block_t *block;
+  hal_ks_block_t *block;
   int i = -1;
 
   hal_ks_lock();
@@ -928,6 +978,11 @@ static hal_error_t ks_match(hal_ks_t *ks,
     if ((err = block_read_cached(ks, b, &block)) != HAL_OK)
       goto done;
 
+    if ((err = key_visible(ks, client, session, b)) == HAL_ERROR_KEY_NOT_FOUND)
+      continue;
+    else if (err != HAL_OK)
+      goto done;
+
     if ((type  != HAL_KEY_TYPE_NONE && type  != block->key.type)  ||
         (curve != HAL_CURVE_NONE    && curve != block->key.curve) ||
         ((flags ^ block->key.flags) & mask)  != 0)
@@ -982,23 +1037,24 @@ static hal_error_t ks_match(hal_ks_t *ks,
   return err;
 }
 
-static  hal_error_t ks_set_attributes(hal_ks_t *ks,
-                                      hal_pkey_slot_t *slot,
-                                      const hal_pkey_attribute_t *attributes,
-                                      const unsigned attributes_len)
+hal_error_t hal_ks_set_attributes(hal_ks_t *ks,
+                                  hal_pkey_slot_t *slot,
+                                  const hal_pkey_attribute_t *attributes,
+                                  const unsigned attributes_len)
 {
   if (ks == NULL || slot == NULL || attributes == NULL || attributes_len == 0)
     return HAL_ERROR_BAD_ARGUMENTS;
 
   hal_error_t err = HAL_OK;
-  ks_block_t *block;
+  hal_ks_block_t *block;
   unsigned b;
 
   hal_ks_lock();
 
   {
-    if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint)) != HAL_OK ||
-        (err = block_read_cached(ks, b, &block))                    != HAL_OK)
+    if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint))             != HAL_OK ||
+        (err = key_visibile(ks, slot->client_handle, slot->session_handle, b))  != HAL_OK ||
+        (err = block_read_cached(ks, b, &block))                                != HAL_OK)
       goto done;
 
     cache_mark_used(ks, block, b);
@@ -1037,12 +1093,12 @@ static  hal_error_t ks_set_attributes(hal_ks_t *ks,
   return err;
 }
 
-static  hal_error_t ks_get_attributes(hal_ks_t *ks,
-                                      hal_pkey_slot_t *slot,
-                                      hal_pkey_attribute_t *attributes,
-                                      const unsigned attributes_len,
-                                      uint8_t *attributes_buffer,
-                                      const size_t attributes_buffer_len)
+hal_error_t hal_ks_get_attributes(hal_ks_t *ks,
+                                  hal_pkey_slot_t *slot,
+                                  hal_pkey_attribute_t *attributes,
+                                  const unsigned attributes_len,
+                                  uint8_t *attributes_buffer,
+                                  const size_t attributes_buffer_len)
 {
   if (ks == NULL || slot == NULL || attributes == NULL || attributes_len == 0 ||
       attributes_buffer == NULL)
@@ -1054,7 +1110,7 @@ static  hal_error_t ks_get_attributes(hal_ks_t *ks,
   }
 
   uint8_t *abuf = attributes_buffer;
-  ks_block_t *block = NULL;
+  hal_ks_block_t *block = NULL;
   hal_error_t err = HAL_OK;
   unsigned found = 0;
   unsigned b;
@@ -1062,8 +1118,9 @@ static  hal_error_t ks_get_attributes(hal_ks_t *ks,
   hal_ks_lock();
 
   {
-    if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint)) != HAL_OK ||
-        (err = block_read_cached(ks, b, &block))                    != HAL_OK)
+    if ((err = hal_ks_index_find(ks, &slot->name, &b, &slot->hint))             != HAL_OK ||
+        (err = key_visibile(ks, slot->client_handle, slot->session_handle, b))  != HAL_OK ||
+        (err = block_read_cached(ks, b, &block))                                != HAL_OK)
       goto done;
 
     cache_mark_used(ks, block, b);
diff --git a/ks.h b/ks.h
index ff6d382..3db2e66 100644
--- a/ks.h
+++ b/ks.h
@@ -1,82 +1,36 @@
-// Notes towards unified keystore code (drivers become just low-level
-// "disk" I/O and perhaps a bit of local init/shutdown).
-//
-// Most of the structure definitions in ks_flash.c and ks_volatile.c
-// become common and go in ks.h (or wherever, but probably be enough
-// stuff that separate .h file might be easier to read).
-//
-// We already have
-//
-//     typedef struct hal_ks hal_ks_t;
-//
-// which we "subclass" to get ks_t (ks_volatile) and db_t (ks_flash).
-// We can move more common stuff there.
-//
-// flash_block_t (etc) becomes ks_block_t (etc) as these data
-// structures will be used by all keystores, not just flash.
-//
-// We might want to fold hal_ks_index_t into hal_ks_t as everything
-// will be using it.  Then again, it's relatively harmless as it is, a
-// bit more verbose trading for a bit more isolation.  Probably go for
-// less verbose, for readability.
-//
-// Each keystore will still have some weird private stuff, like the
-// RAM for the keys themselves in the volatile case and the PIN stuff
-// in the flash case.
-//
-// The ks_flash cache, however, probably wants to become common code.
-// Yes we could get a bit more efficient if we skipped caching in the
-// volatile case, but that's not our bottleneck and there are some
-// cases where the code relies on knowing that mucking with the cache
-// copy is harmless until we write the block to "disk", don't want to
-// mess with that, so keep the flash model for volatile.  Cache size
-// will need to become another hal_ks_t field.
-//
-// Don't remember exactly where we're doing the "subclassing" casts,
-// should be easy enough to find...except that ks_flash is mostly
-// ignoring that argument and using the static db variable directly.
-// ks_volatile may be closer to write on this point, as it already had
-// ks_to_ksv().  But most of the code will be in a driver-agnostic
-// ks.c (or whatever) and will be calling functions that care through
-// the driver, maybe this doesn't matter very much.
-//
-// Tedious though it sounds, might be simplest just to check each
-// function in ks_*.c to see whether it moves to ks.[ch] or becomes
-// something called by the new lower-level driver API.  Need a sketch
-// of the lower-level driver API, chicken and egg there but probably
-// is init(), shutdown(), block_read(), block_deprecate(),
-// block_zero(), block_erase(), block_erase_maybe(), block-write().
-// Possible that some of these don't really need to be driver, was
-// mostly basing this on which things in ks_flash touch flash
-// directly-ish via the keystore_*() functions.
-//
-// Would be nice if we can make the API regular enough (inline
-// functions?) that user need not really care which functions are
-// driver-specific and which are layered on top, but that may be
-// impractical (or silly).
-//
-// Hmm, hal_ks_open() and hal_ks_close() don't quite fit new model,
-// what was I thinking there?  Not much, existing implementations just
-// use that to get back a (hal_ks_t*), so really just checking the
-// binding between driver and keystore object.
-//
-// I think this boils down to another instance of the confusion
-// between what in Python would be Keystore.__new__() and
-// Keystore.__init__().  This even sort of fits with the weird `alloc`
-// parameter in ks_init().
-//
-// Maybe we can trust C memory initialization enough to use a zeroed
-// static variable as test for whether a keystore has been
-// initialized, and just have the low-level (driver) methods check
-// that and fail if trying to use an uninitialized keystore?
-//
-// Pythonesque view might be the right way to handle ks_init(0 and
-// ks_shutdown() too: in most cases we have inline functions which
-// call the driver function, but for these methods the subclass needs
-// to extend the abstract method, which translates, in C, to the
-// generic method calling the driver method of the same name at the
-// right time.  Not quite what Python does but close enough.
-
+/*
+ * ks.h
+ * ----
+ * Keystore, generic parts anyway.  This is internal within libhal.
+ *
+ * Copyright (c) 2015-2017, NORDUnet A/S All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * - Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of the NORDUnet nor the names of its contributors may
+ *   be used to endorse or promote products derived from this software
+ *   without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
 
 #ifndef _KS_H_
 #define _KS_H_
@@ -107,22 +61,22 @@
  */
 
 typedef enum {
-  KS_BLOCK_TYPE_ERASED  = 0xFF, /* Pristine erased block (candidate for reuse) */
-  KS_BLOCK_TYPE_ZEROED  = 0x00, /* Zeroed block (recently used) */
-  KS_BLOCK_TYPE_KEY     = 0x55, /* Block contains key material */
-  KS_BLOCK_TYPE_PIN     = 0xAA, /* Block contains PINs */
-  KS_BLOCK_TYPE_UNKNOWN = -1,   /* Internal code for "I have no clue what this is" */
-} ks_block_type_t;
+  HAL_KS_BLOCK_TYPE_ERASED  = 0xFF, /* Pristine erased block (candidate for reuse) */
+  HAL_KS_BLOCK_TYPE_ZEROED  = 0x00, /* Zeroed block (recently used) */
+  HAL_KS_BLOCK_TYPE_KEY     = 0x55, /* Block contains key material */
+  HAL_KS_BLOCK_TYPE_PIN     = 0xAA, /* Block contains PINs */
+  HAL_KS_BLOCK_TYPE_UNKNOWN = -1,   /* Internal code for "I have no clue what this is" */
+} hal_ks_block_type_t;
 
 /*
  * Block status.
  */
 
 typedef enum {
-  KS_BLOCK_STATUS_LIVE      = 0x66, /* This is a live block */
-  KS_BLOCK_STATUS_TOMBSTONE = 0x44, /* This is a tombstone left behind during an update  */
-  KS_BLOCK_STATUS_UNKNOWN   = -1,   /* Internal code for "I have no clue what this is" */
-} ks_block_status_t;
+  HAL_KS_BLOCK_STATUS_LIVE      = 0x66, /* This is a live block */
+  HAL_KS_BLOCK_STATUS_TOMBSTONE = 0x44, /* This is a tombstone left behind during an update  */
+  HAL_KS_BLOCK_STATUS_UNKNOWN   = -1,   /* Internal code for "I have no clue what this is" */
+} hal_ks_block_status_t;
 
 /*
  * Common header for all keystore block types.
@@ -133,14 +87,14 @@ typedef struct {
   uint8_t               block_type;
   uint8_t               block_status;
   hal_crc32_t           crc;
-} ks_block_header_t;
+} hal_ks_block_header_t;
 
 /*
  * Key block.  Tail end of "der" field (after der_len) used for attributes.
  */
 
 typedef struct {
-  ks_block_header_t     header;
+  hal_ks_block_header_t	header;
   hal_uuid_t            name;
   hal_key_type_t        type;
   hal_curve_name_t      curve;
@@ -148,10 +102,10 @@ typedef struct {
   size_t                der_len;
   unsigned              attributes_len;
   uint8_t               der[];  /* Must be last field -- C99 "flexible array member" */
-} ks_blockkey_block_t;
+} hal_ks_blockkey_block_t;
 
 #define SIZEOF_KS_BLOCKKEY_BLOCK_DER \
-  (HAL_KS_BLOCK_SIZE - offsetof(ks_blockkey_block_t, der))
+  (HAL_KS_BLOCK_SIZE - offsetof(hal_ks_blockkey_block_t, der))
 
 /*
  * PIN block.  Also includes space for backing up the KEK when
@@ -159,7 +113,7 @@ typedef struct {
  */
 
 typedef struct {
-  ks_block_header_t     header;
+  hal_ks_block_header_t	header;
   hal_ks_pin_t          wheel_pin;
   hal_ks_pin_t          so_pin;
   hal_ks_pin_t          user_pin;
@@ -167,7 +121,7 @@ typedef struct {
   uint32_t              kek_set;
   uint8_t               kek[KEK_LENGTH];
 #endif
-} ks_blockpin_block_t;
+} hal_ks_blockpin_block_t;
 
 #define FLASH_KEK_SET   0x33333333
 
@@ -176,11 +130,11 @@ typedef struct {
  */
 
 typedef union {
-  uint8_t               bytes[HAL_KS_BLOCK_SIZE];
-  ks_block_header_t     header;
-  ks_blockkey_block_t   key;
-  ks_blockpin_block_t   pin;
-} ks_block_t;
+  uint8_t		    bytes[HAL_KS_BLOCK_SIZE];
+  hal_ks_block_header_t     header;
+  hal_ks_blockkey_block_t   key;
+  hal_ks_blockpin_block_t   pin;
+} hal_ks_block_t;
 
 /*
  * In-memory cache.
@@ -189,8 +143,8 @@ typedef union {
 typedef struct {
   unsigned              blockno;
   unsigned              lru;
-  ks_block_t            block;
-} ks_cache_block_t;
+  hal_ks_block_t	block;
+} hal_ks_cache_block_t;
 
 /*
  * Medium-specific driver and in-memory database.
@@ -215,21 +169,21 @@ struct hal_ks {
   hal_uuid_t *names;            /* Keyname array */
   unsigned cache_lru;           /* Cache LRU counter */
   unsigned cache_size;          /* Size (how many blocks) in cache */
-  ks_cache_block_t *cache;      /* Cache */
+  hal_ks_cache_block_t *cache;  /* Cache */
   int per_session;              /* Whether objects have per-session semantics (PKCS #11, sigh) */
 };
 
 struct hal_ks_driver {
   hal_error_t (*init)           (hal_ks_t *, const int alloc);
   hal_error_t (*shutdown)       (hal_ks_t *);
-  hal_error_t (*read)           (hal_ks_t *, const unsigned blockno, ks_block_t *);
-  hal_error_t (*write)          (hal_ks_t *, const unsigned blockno, ks_block_t *)
+  hal_error_t (*read)           (hal_ks_t *, const unsigned blockno, hal_ks_block_t *);
+  hal_error_t (*write)          (hal_ks_t *, const unsigned blockno, hal_ks_block_t *)
   hal_error_t (*deprecate)      (hal_ks_t *, const unsigned blockno);
   hal_error_t (*zero)           (hal_ks_t *, const unsigned blockno);
   hal_error_t (*erase)          (hal_ks_t *, const unsigned blockno);
   hal_error_t (*erase_maybe)    (hal_ks_t *, const unsigned blockno);
-  hal_error_t (*get_owner)      (hal_ks_t *, const unsigned blockno,       hal_client_handle_t *,       hal_session_handle_t *);
-  hal_error_t (*set_owner)      (hal_ks_t *, const unsigned blockno, const hal_client_handle_t,   const hal_session_handle_t);
+  hal_error_t (*set_owner)      (hal_ks_t *, const unsigned blockno, const hal_client_handle_t, const hal_session_handle_t);
+  hal_error_t (*test_owner)     (hal_ks_t *, const unsigned blockno, const hal_client_handle_t, const hal_session_handle_t);
 };
 
 #endif /* _KS_H_ */



More information about the Commits mailing list