[Cryptech-Commits] [sw/libhal] 05/08: Checkpoint while refactoring. Almost certainly will not compile.

git at cryptech.is git at cryptech.is
Sun May 28 22:51:54 UTC 2017


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch ks9
in repository sw/libhal.

commit 5eccb3e6d7c27149a0092de48eb21baa495879cb
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Thu May 25 11:18:39 2017 -0400

    Checkpoint while refactoring.  Almost certainly will not compile.
---
 Makefile       |    2 +-
 core.c         |    2 +-
 hal_internal.h |  348 ++-----------------
 ks.c           |  275 +--------------
 ks.h           |  113 +++++-
 ks_flash.c     | 1056 +++-----------------------------------------------------
 ks_index.c     |  218 ++++++------
 ks_volatile.c  |  607 ++++++--------------------------
 8 files changed, 395 insertions(+), 2226 deletions(-)

diff --git a/Makefile b/Makefile
index 5ba5d32..e688837 100644
--- a/Makefile
+++ b/Makefile
@@ -137,7 +137,7 @@ endif
 # volatile keystore is always present, to support things like PKCS #11
 # "session" objects.
 
-KS_OBJ = ks_index.o ks_attribute.o ks_volatile.o ks_flash.o mkm.o
+KS_OBJ = ks.o ks_index.o ks_attribute.o ks_volatile.o ks_flash.o mkm.o
 
 # RPC_MODE = none | server | client-simple | client-mixed
 #   none:		Build without RPC client, use cores directly.
diff --git a/core.c b/core.c
index 1c247f0..8e9f2b2 100644
--- a/core.c
+++ b/core.c
@@ -245,7 +245,7 @@ hal_error_t hal_core_alloc(const char *name, hal_core_t **pcore)
       hal_task_yield();
     else
       break;
-  } 
+  }
 
   return err;
 }
diff --git a/hal_internal.h b/hal_internal.h
index eee2eab..89dfbbb 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -473,338 +473,30 @@ typedef struct {
    */
 } hal_pkey_slot_t;
 
-typedef struct hal_ks_driver hal_ks_driver_t;
-
-typedef struct hal_ks hal_ks_t;
-
-struct hal_ks_driver {
-
-  hal_error_t (*init)(const hal_ks_driver_t * const driver,
-                      const int alloc);
-
-  hal_error_t (*shutdown)(const hal_ks_driver_t * const driver);
-
-  hal_error_t (*open)(const hal_ks_driver_t * const driver,
-                      hal_ks_t **ks);
-
-  hal_error_t (*close)(hal_ks_t *ks);
-
-  hal_error_t (*store)(hal_ks_t *ks,
-                       hal_pkey_slot_t *slot,
-                       const uint8_t * const der,  const size_t der_len);
-
-  hal_error_t (*fetch)(hal_ks_t *ks,
-                       hal_pkey_slot_t *slot,
-                       uint8_t *der, size_t *der_len, const size_t der_max);
-
-  hal_error_t (*delete)(hal_ks_t *ks,
-                        hal_pkey_slot_t *slot);
-
-  hal_error_t (*match)(hal_ks_t *ks,
-                       const hal_client_handle_t client,
-                       const hal_session_handle_t session,
-                       const hal_key_type_t type,
-                       const hal_curve_name_t curve,
-                       const hal_key_flags_t mask,
-                       const hal_key_flags_t flags,
-                       const hal_pkey_attribute_t *attributes,
-                       const unsigned attributes_len,
-                       hal_uuid_t *result,
-                       unsigned *result_len,
-                       const unsigned result_max,
-                       const hal_uuid_t * const previous_uuid);
-
-  hal_error_t (*set_attributes)(hal_ks_t *ks,
-                                hal_pkey_slot_t *slot,
-                                const hal_pkey_attribute_t *attributes,
-                                const unsigned attributes_len);
-
-  hal_error_t (*get_attributes)(hal_ks_t *ks,
-                                hal_pkey_slot_t *slot,
-                                hal_pkey_attribute_t *attributes,
-                                const unsigned attributes_len,
-                                uint8_t *attributes_buffer,
-                                const size_t attributes_buffer_len);
-
-};
-
-
-struct hal_ks {
-  const hal_ks_driver_t *driver;
-  /*
-   * Any other common portions of hal_ks_t go here.
-   */
-
-  /*
-   * Driver-specific stuff is handled by a form of subclassing:
-   * driver module embeds this structure at the head of whatever
-   * else it needs, and performs casts as needed.
-   */
-};
-
-extern const hal_ks_driver_t
-   hal_ks_volatile_driver[1],
-   hal_ks_token_driver[1];
-
-static inline hal_error_t hal_ks_init(const hal_ks_driver_t * const driver,
-                                      const int alloc)
-{
-  if (driver == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  if (driver->init == NULL)
-    return HAL_ERROR_NOT_IMPLEMENTED;
-
-  return driver->init(driver, alloc);
-}
-
-static inline hal_error_t hal_ks_shutdown(const hal_ks_driver_t * const driver)
-{
-  if (driver == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  if (driver->shutdown == NULL)
-    return HAL_ERROR_NOT_IMPLEMENTED;
-
-  return driver->shutdown(driver);
-}
-
-static inline hal_error_t hal_ks_open(const hal_ks_driver_t * const driver,
-                                      hal_ks_t **ks)
-{
-  if (driver == NULL || ks == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  if (driver->open == NULL)
-    return HAL_ERROR_NOT_IMPLEMENTED;
-
-  return driver->open(driver, ks);
-}
-
-static inline hal_error_t hal_ks_close(hal_ks_t *ks)
-{
-  if (ks == NULL || ks->driver == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  if (ks->driver->close == NULL)
-    return HAL_ERROR_NOT_IMPLEMENTED;
-
-  return ks->driver->close(ks);
-}
-
-static inline hal_error_t hal_ks_store(hal_ks_t *ks,
-                                       hal_pkey_slot_t *slot,
-                                       const uint8_t * const der,  const size_t der_len)
-{
-  if (ks == NULL || ks->driver == NULL || slot == NULL || der == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  if (ks->driver->store == NULL)
-    return HAL_ERROR_NOT_IMPLEMENTED;
-
-  return ks->driver->store(ks, slot, der, der_len);
-}
-
-static inline hal_error_t hal_ks_fetch(hal_ks_t *ks,
-                                       hal_pkey_slot_t *slot,
-                                       uint8_t *der, size_t *der_len, const size_t der_max)
-{
-  if (ks == NULL || ks->driver == NULL || slot == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  if (ks->driver->fetch == NULL)
-    return HAL_ERROR_NOT_IMPLEMENTED;
-
-  return ks->driver->fetch(ks, slot, der, der_len, der_max);
-}
-
-static inline hal_error_t hal_ks_delete(hal_ks_t *ks,
-                                        hal_pkey_slot_t *slot)
-{
-  if (ks == NULL || ks->driver == NULL || slot == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  if (ks->driver->delete == NULL)
-    return HAL_ERROR_NOT_IMPLEMENTED;
-
-  return ks->driver->delete(ks, slot);
-}
-
-static inline hal_error_t hal_ks_match(hal_ks_t *ks,
-                                       const hal_client_handle_t client,
-                                       const hal_session_handle_t session,
-                                       const hal_key_type_t type,
-                                       const hal_curve_name_t curve,
-                                       const hal_key_flags_t mask,
-                                       const hal_key_flags_t flags,
-                                       const hal_pkey_attribute_t *attributes,
-                                       const unsigned attributes_len,
-                                       hal_uuid_t *result,
-                                       unsigned *result_len,
-                                       const unsigned result_max,
-                                       const hal_uuid_t * const previous_uuid)
-{
-  if (ks == NULL || ks->driver == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  if (ks->driver->match == NULL)
-    return HAL_ERROR_NOT_IMPLEMENTED;
-
-  return ks->driver->match(ks, client, session, type, curve, mask, flags, attributes, attributes_len,
-                           result, result_len, result_max, previous_uuid);
-}
-
-static inline  hal_error_t hal_ks_set_attributes(hal_ks_t *ks,
-                                                 hal_pkey_slot_t *slot,
-                                                 const hal_pkey_attribute_t *attributes,
-                                                 const unsigned attributes_len)
-{
-  if (ks == NULL || ks->driver == NULL || slot == NULL ||
-      attributes == NULL || attributes_len == 0)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  if (ks->driver->set_attributes == NULL)
-    return HAL_ERROR_NOT_IMPLEMENTED;
-
-  return ks->driver->set_attributes(ks, slot, attributes, attributes_len);
-}
-
-static inline hal_error_t hal_ks_get_attributes(hal_ks_t *ks,
-                                                hal_pkey_slot_t *slot,
-                                                hal_pkey_attribute_t *attributes,
-                                                const unsigned attributes_len,
-                                                uint8_t *attributes_buffer,
-                                                const size_t attributes_buffer_len)
-{
-  if (ks == NULL || ks->driver == NULL || slot == NULL ||
-      attributes == NULL || attributes_len == 0)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  if (ks->driver->get_attributes == NULL)
-    return HAL_ERROR_NOT_IMPLEMENTED;
-
-  return ks->driver->get_attributes(ks, slot, attributes, attributes_len,
-                                    attributes_buffer, attributes_buffer_len);
-}
-
 /*
- * Keystore index.  This is intended to be usable by both memory-based
- * and flash-based keystores.  Some of the features aren't really
- * necessary for memory-based keystores, but should be harmless.
- *
- * General approach is multiple arrays, all but one of which are
- * indexed by "block" numbers, where a block number might be a slot in
- * yet another static array, the number of a flash sub-sector, or
- * whatever is the appropriate unit for holding one keystore record.
- *
- * The index array contains nothing but flags and block numbers, and
- * is deliberately a small data structure so that moving data around
- * within it is relatively cheap.
- *
- * The index array is divided into two portions: the index proper, and
- * the free queue.  The index proper is ordered according to the names
- * (UUIDs) of the corresponding blocks; the free queue is a FIFO, to
- * support a simplistic form of wear leveling in flash-based keystores.
- *
- * Key names are kept in a separate array, indexed by block number.
- *
- * The all-zeros UUID, which (by definition) cannot be a valid key
- * UUID, is reserved for the (non-key) block used to stash PINs and
- * other small data which aren't really part of the keystore proper
- * but are kept with it because the keystore is the flash we have.
- *
- * Note that this API deliberately says nothing about how the keys
- * themselves are stored, that's up to the keystore driver.  This
- * portion of the API is only concerned with allocation and naming.
- */
-
-typedef struct {
-  unsigned size;                /* Array length */
-  unsigned used;                /* How many blocks are in use */
-  uint16_t *index;              /* Index/freelist array */
-  hal_uuid_t *names;            /* Keyname array */
-} hal_ks_index_t;
-
-/*
- * Finish setting up key index.  Caller must populate index, free
- * list, and name array.
- *
- * This function checks a few things then sorts the index proper.
- *
- * If driver cares about wear leveling, driver must supply the free
- * list in the desired order (FIFO); figuring out what that order is a
- * problem for the keystore driver.
- */
-extern hal_error_t hal_ks_index_setup(hal_ks_index_t *ksi);
-
-/*
- * Find a key block, return its block number.
- */
-extern hal_error_t hal_ks_index_find(hal_ks_index_t *ksi,
-                                     const hal_uuid_t * const name,
-                                     unsigned *blockno,
-                                     int *hint);
-
-/*
- * Add a key block, return its block number.
- */
-extern hal_error_t hal_ks_index_add(hal_ks_index_t *ksi,
-                                    const hal_uuid_t * const name,
-                                    unsigned *blockno,
-                                    int *hint);
-
-/*
- * Delete a key block, returns its block number (driver may need it).
+ * Keystore is an opaque type, we just pass pointers.
  */
-extern hal_error_t hal_ks_index_delete(hal_ks_index_t *ksi,
-                                       const hal_uuid_t * const name,
-                                       unsigned *blockno,
-                                       int *hint);
-
-/*
- * Replace a key block with a new one, return new block number.
- * Name of block does not change.  This is an optimization of
- * a delete immediately followed by an add for the same name.
- */
-
-extern hal_error_t hal_ks_index_replace(hal_ks_index_t *ksi,
-                                        const hal_uuid_t * const name,
-                                        unsigned *blockno,
-                                        int *hint);
 
-/*
- * Check the index for errors.  At least for the moment, this just
- * reports errors, it doesn't attempt to fix them.
- */
-
-extern hal_error_t hal_ks_index_fsck(hal_ks_index_t *ksi);
-
-/*
- * Keystore attribute utilities, for use by keystore drivers.
- */
+typedef struct hal_ks hal_ks_t;
 
-extern const size_t hal_ks_attribute_header_size;
-
-extern hal_error_t hal_ks_attribute_scan(const uint8_t * const bytes,
-                                         const size_t bytes_len,
-                                         hal_pkey_attribute_t *attributes,
-                                         const unsigned attributes_len,
-                                         size_t *total_len);
-
-extern hal_error_t hal_ks_attribute_delete(uint8_t *bytes,
-                                           const size_t bytes_len,
-                                           hal_pkey_attribute_t *attributes,
-                                           unsigned *attributes_len,
-                                           size_t *total_len,
-                                           const uint32_t type);
-
-extern hal_error_t hal_ks_attribute_insert(uint8_t *bytes, const size_t bytes_len,
-                                           hal_pkey_attribute_t *attributes,
-                                           unsigned *attributes_len,
-                                           size_t *total_len,
-                                           const uint32_t type,
-                                           const uint8_t * const value,
-                                           const size_t value_len);
+#error Minor re-think needed on keystore init
+
+// I like current hal_ks_*_init() setup method, but how does anything
+// get a handle on the keystore?  Make the keystores global variables?
+// Right now they're hidden in larger, driver-specific structures, but
+// it would be easy enough to break them out.  Have already forgotten
+// how the old API handled this, except that it involved an init
+// method via the driver.  Init is going to be special in any case,
+// since we can't dispatch through a driver pointer in the keystore
+// object, so either we expose the keystore and the driver or we
+// expose the keystore and the init function.  The latter may be
+// simpler.
+//
+// Another variation would be to keep the current nesting, add global
+// pointer variables for the keystores, and have the init functions
+// set the pointers.  Only real advantage there is that it would give
+// us an easy test for whether the keystore had been initialized...but
+// we already have several of those, not clear what value another adds.
 
 /*
  * RPC lowest-level send and receive routines. These are blocking, and
diff --git a/ks.c b/ks.c
index a93cbe1..f0c71cc 100644
--- a/ks.c
+++ b/ks.c
@@ -40,277 +40,17 @@
 #include "ks.h"
 
 /*
- * Find a block in the index, return true (found) or false (not found).
- * "where" indicates the name's position, or the position of the first free block.
- *
- * NB: This does NOT return a block number, it returns an index into
- * ks->index[].
- */
-
-static int ks_find(const hal_ks_t * const ks,
-                   const hal_uuid_t * const uuid,
-                   const int * const hint,
-                   int *where)
-{
-  if (ks == NULL || ks->index == NULL || ks->names == NULL || uuid == NULL || where == NULL)
-    return 0;
-
-  if (hint != NULL && *hint >= 0 && *hint < ks->used &&
-      hal_uuid_cmp(uuid, &ks->names[ks->index[*hint]]) == 0) {
-    *where = *hint;
-    return 1;
-  }
-
-  int lo = -1;
-  int hi = ks->used;
-
-  for (;;) {
-    int m = (lo + hi) / 2;
-    if (hi == 0 || m == lo) {
-      *where = hi;
-      return 0;
-    }
-    const int cmp = hal_uuid_cmp(uuid, &ks->names[ks->index[m]]);
-    if (cmp < 0)
-      hi = m;
-    else if (cmp > 0)
-      lo = m;
-    else {
-      *where = m;
-      return 1;
-    }
-  }
-}
-
-/*
- * Heapsort the index.  We only need to do this on setup, for other
- * operations we're just inserting or deleting a single entry in an
- * already-ordered array, which is just a search problem.  If we were
- * really crunched for space, we could use an insertion sort here, but
- * heapsort is easy and works well with data already in place.
- */
-
-static inline void ks_heapsift(hal_ks_t *ks, int parent, const int end)
-{
-  if (ks == NULL || ks->index == NULL || ks->names == NULL || parent < 0 || end < parent)
-    return;
-  for (;;) {
-    const int left_child  = parent * 2 + 1;
-    const int right_child = parent * 2 + 2;
-    int biggest = parent;
-    if (left_child  <= end && hal_uuid_cmp(&ks->names[ks->index[biggest]],
-                                           &ks->names[ks->index[left_child]])  < 0)
-      biggest = left_child;
-    if (right_child <= end && hal_uuid_cmp(&ks->names[ks->index[biggest]],
-                                           &ks->names[ks->index[right_child]]) < 0)
-      biggest = right_child;
-    if (biggest == parent)
-      return;
-    const uint16_t tmp = ks->index[biggest];
-    ks->index[biggest] = ks->index[parent];
-    ks->index[parent]  = tmp;
-    parent = biggest;
-  }
-}
-
-static inline void ks_heapsort(hal_ks_t *ks)
-{
-  if (ks == NULL || ks->index == NULL || ks->names == NULL)
-    return;
-  if (ks->used < 2)
-    return;
-  for (int i = (ks->used - 2) / 2; i >= 0; i--)
-    ks_heapsift(ks, i, ks->used - 1);
-  for (int i = ks->used - 1; i > 0; i--) {
-    const uint16_t tmp = ks->index[i];
-    ks->index[i]       = ks->index[0];
-    ks->index[0]       = tmp;
-    ks_heapsift(ks, 0, i - 1);
-  }
-}
-
-/*
- * Perform a consistency check on the index.
+ * Type safe casts.
  */
 
-#define fsck(_ks) \
-  do { hal_error_t _err = hal_ks_index_fsck(_ks); if (_err != HAL_OK) return _err; } while (0)
-
-
-hal_error_t hal_ks_index_fsck(hal_ks_t *ks)
+static inline ks_block_type_t block_get_type(const ks_block_t * const block)
 {
-  if (ks == NULL || ks->index == NULL || ks->names == NULL ||
-      ks->size == 0 || ks->used > ks->size)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  for (int i = 1; i < ks->used; i++)
-    if (hal_uuid_cmp(&ks->names[ks->index[i - 1]], &ks->names[ks->index[i]]) >= 0)
-      return HAL_ERROR_KS_INDEX_UUID_MISORDERED;
-
-  return HAL_OK;
+  return block == NULL ? HAL_KS_BLOCK_TYPE_UNKNOWN : (ks_block_type_t) block->header.block_type;
 }
 
-/*
- * Find a single block by name.
- */
-
-hal_error_t hal_ks_index_find(hal_ks_t *ks,
-                              const hal_uuid_t * const name,
-                              unsigned *blockno,
-                              int *hint)
+static inline ks_block_status_t block_get_status(const ks_block_t * const block)
 {
-  if (ks == NULL || ks->index == NULL || ks->names == NULL ||
-      ks->size == 0 || ks->used > ks->size || name == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  int where;
-
-  fsck(ks);
-
-  int ok = ks_find(ks, name, hint, &where);
-
-  if (blockno != NULL)
-    *blockno = ks->index[where];
-
-  if (hint != NULL)
-    *hint = where;
-
-  return ok ? HAL_OK : HAL_ERROR_KEY_NOT_FOUND;
-}
-
-/*
- * Add a single block to the index.
- */
-
-hal_error_t hal_ks_index_add(hal_ks_t *ks,
-                             const hal_uuid_t * const name,
-                             unsigned *blockno,
-                             int *hint)
-{
-  if (ks == NULL || ks->index == NULL || ks->names == NULL ||
-      ks->size == 0 || ks->used > ks->size || name == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  if (ks->used == ks->size)
-    return HAL_ERROR_NO_KEY_INDEX_SLOTS;
-
-  int where;
-
-  fsck(ks);
-
-  if (ks_find(ks, name, hint, &where))
-    return HAL_ERROR_KEY_NAME_IN_USE;
-
-  /*
-   * Grab first block on free list, which makes room to slide the
-   * index up by one slot so we can insert the new block number.
-   */
-
-  const size_t len = (ks->used - where) * sizeof(*ks->index);
-  const uint16_t b = ks->index[ks->used++];
-  memmove(&ks->index[where + 1], &ks->index[where], len);
-  ks->index[where] = b;
-  ks->names[b] = *name;
-
-  if (blockno != NULL)
-    *blockno = b;
-
-  if (hint != NULL)
-    *hint = where;
-
-  fsck(ks);
-
-  return HAL_OK;
-}
-
-/*
- * Delete a single block from the index.
- */
-
-hal_error_t hal_ks_index_delete(hal_ks_t *ks,
-                                const hal_uuid_t * const name,
-                                unsigned *blockno,
-                                int *hint)
-{
-  if (ks == NULL || ks->index == NULL || ks->names == NULL ||
-      ks->size == 0 || ks->used > ks->size || name == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  int where;
-
-  fsck(ks);
-
-  if (ks->used == 0 || !ks_find(ks, name, hint, &where))
-    return HAL_ERROR_KEY_NOT_FOUND;
-
-  /*
-   * Free the block and stuff it at the end of the free list.
-   */
-
-  const size_t len = (ks->size - where - 1) * sizeof(*ks->index);
-  const uint16_t b = ks->index[where];
-  memmove(&ks->index[where], &ks->index[where + 1], len);
-  ks->index[ks->size - 1] = b;
-  ks->used--;
-  memset(&ks->names[b], 0, sizeof(ks->names[b]));
-
-  if (blockno != NULL)
-    *blockno = b;
-
-  if (hint != NULL)
-    *hint = where;
-
-  fsck(ks);
-
-  return HAL_OK;
-}
-
-/*
- * Replace a single block in the index.
- */
-
-hal_error_t hal_ks_index_replace(hal_ks_t *ks,
-                                 const hal_uuid_t * const name,
-                                 unsigned *blockno,
-                                 int *hint)
-{
-  if (ks == NULL || ks->index == NULL || ks->names == NULL ||
-      ks->size == 0 || ks->used > ks->size || name == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  if (ks->used == ks->size)
-    return HAL_ERROR_NO_KEY_INDEX_SLOTS;
-
-  int where;
-
-  fsck(ks);
-
-  if (ks->used == 0 || !ks_find(ks, name, hint, &where))
-    return HAL_ERROR_KEY_NOT_FOUND;
-
-  /*
-   * Grab first block from free list, slide free list down, put old
-   * block at end of free list and replace old block with new block.
-   */
-
-  const size_t len = (ks->size - ks->used - 1) * sizeof(*ks->index);
-  const uint16_t b1 = ks->index[where];
-  const uint16_t b2 = ks->index[ks->used];
-  memmove(&ks->index[ks->used], &ks->index[ks->used + 1], len);
-  ks->index[ks->size - 1] = b1;
-  ks->index[where] = b2;
-  ks->names[b2] = *name;
-  memset(&ks->names[b1], 0, sizeof(ks->names[b1]));
-
-  if (blockno != NULL)
-    *blockno = b2;
-
-  if (hint != NULL)
-    *hint = where;
-
-  fsck(ks);
-
-  return HAL_OK;
+  return block == NULL ? HAL_KS_BLOCK_STATUS_UNKNOWN : (ks_block_status_t) block->header.block_status;
 }
 
 /*
@@ -641,7 +381,8 @@ hal_error_t hal_ks_init_common(hal_ks_t *ks, const hal_ks_driver_t * const drive
    * failure, we should never lose data.
    */
 
-  ks_heapsort(ks);
+  if ((err = hal_ks_index_heapsort(ks)) != HAL_OK)
+    return err;
 
   for (unsigned b_tomb = 0; b_tomb < ks->size; b_tomb++) {
 
@@ -666,7 +407,7 @@ hal_error_t hal_ks_init_common(hal_ks_t *ks, const hal_ks_driver_t * const drive
 
     const int matches_next = where + 1 < ks->used && !hal_uuid_cmp(&name, &ks->names[ks->index[where + 1]]);
     const int matches_prev = where - 1 >= 0       && !hal_uuid_cmp(&name, &ks->names[ks->index[where - 1]]);
-    
+
     if ((matches_prev && matches_next) ||
         (matches_prev && block_status[ks->index[b_tomb - 1]] != BLOCK_STATUS_LIVE) ||
         (matches_next && block_status[ks->index[b_tomb + 1]] != BLOCK_STATUS_LIVE))
diff --git a/ks.h b/ks.h
index 2f48738..b24f3c0 100644
--- a/ks.h
+++ b/ks.h
@@ -147,20 +147,45 @@ typedef struct {
 } hal_ks_cache_block_t;
 
 /*
- * Medium-specific driver and in-memory database.
+ * Keystore object.  hal_internal.h typedefs this to hal_ks_t.
  *
- * The top-level structure is a static variable; the arrays are
- * allocated at runtime using hal_allocate_static_memory() because
- * they can get kind of large.
+ * We expect this to be a static variable, but we expect the arrays in
+ * it to be allocated at runtime using hal_allocate_static_memory()
+ * because they can get kind of large.
  *
  * Driver-specific stuff is handled by a form of subclassing: the
  * driver embeds the hal_ks_t structure at the head of whatever else
  * it needs, and performs (controlled, type-safe) casts as needed.
+ *
+ * Core of this is the keystore index.  This is intended to be usable
+ * by both memory-based and flash-based keystores.  Some of the
+ * features aren't necessary for memory-based keystores, but should be
+ * harmless, and let us keep the drivers simple.
+ *
+ * General approach is multiple arrays, all but one of which are
+ * indexed by "block" numbers, where a block number might be a slot in
+ * yet another static array, the number of a flash sub-sector, or
+ * whatever is the appropriate unit for holding one keystore record.
+ *
+ * The index array only contains block numbers.  This is a small data
+ * structure so that moving data within it is relatively cheap.
+ *
+ * The index array is divided into two portions: the index proper, and
+ * the free queue.  The index proper is ordered according to the names
+ * (UUIDs) of the corresponding blocks; the free queue is a FIFO, to
+ * support a simplistic form of wear leveling in flash-based keystores.
+ *
+ * Key names are kept in a separate array, indexed by block number.
+ *
+ * The all-zeros UUID, which (by definition) cannot be a valid key
+ * UUID, is reserved for the (non-key) block used to stash PINs and
+ * other small data which aren't really part of the keystore proper
+ * but are kept with it because the keystore is the flash we have.
+ *
+ * Note that this API deliberately says nothing about how the keys
+ * themselves are stored, that's up to the keystore driver.
  */
 
-typedef struct hal_ks_driver    hal_ks_driver_t;
-typedef struct hal_ks           hal_ks_t;
-
 struct hal_ks {
   const hal_ks_driver_t *driver;
   unsigned size;                /* Blocks in keystore */
@@ -173,6 +198,19 @@ struct hal_ks {
   int per_session;              /* Whether objects have per-session semantics (PKCS #11, sigh) */
 };
 
+/*
+ * Keystore driver.  This is just a dispatch vector for low-level
+ * keystore operations, and the code is very repetitive.  We opt for
+ * expressing this in a terse form via C macros over expressing it
+ * as huge chunks of repetitive code: both are difficult to read, but
+ * the terse form has the advantage of fitting in a single screen.
+ * The KS_DRIVER_METHODS macro is the protein, the rest is just the
+ * machinery to expand the method definitions into a struct of typed
+ * function pointers and a set of static inline wrapper functions.
+ */
+
+typedef struct hal_ks_driver hal_ks_driver_t;
+
 #define KS_DRIVER_END_LIST
 #define KS_DRIVER_METHODS                                                                               \
   KS_DRIVER_METHOD(read,        hal_ks_t *ks, const unsigned blockno, hal_ks_block_t *block)            \
@@ -187,7 +225,7 @@ struct hal_ks {
                                 const hal_client_handle_t client, const hal_session_handle_t session)   \
   KS_DRIVER_END_LIST
 
-#define KS_DRIVER_METHOD(_name_, ...) hal_error_t (*_name_)(__VA_ARGS__)
+#define KS_DRIVER_METHOD(_name_, ...)   hal_error_t (*_name_)(__VA_ARGS__);
 struct hal_ks_driver { KS_DRIVER_METHODS };
 #undef  KS_DRIVER_METHOD
 
@@ -208,6 +246,65 @@ KS_DRIVER_METHODS
 #endif /* _KS_H_ */
 
 /*
+ * Keystore utilities.  Some or all of these may end up static within ks.c.
+ */
+
+extern hal_error_t hal_ks_alloc_common(hal_ks_t *ks,
+                                       const unsigned ks_blocks,
+                                       const unsigned cache_blocks);
+
+extern hal_error_t hal_ks_init_common(hal_ks_t *ks,
+                                      const hal_ks_driver_t * const driver);
+
+extern hal_error_t hal_ks_index_heapsort(hal_ks_t *ks);
+
+extern hal_error_t hal_ks_index_find(hal_ks_t *ks,
+                                     const hal_uuid_t * const name,
+                                     unsigned *blockno,
+                                     int *hint);
+
+extern hal_error_t hal_ks_index_add(hal_ks_t *ks,
+                                    const hal_uuid_t * const name,
+                                    unsigned *blockno,
+                                    int *hint);
+
+extern hal_error_t hal_ks_index_delete(hal_ks_t *ks,
+                                       const hal_uuid_t * const name,
+                                       unsigned *blockno,
+                                       int *hint);
+
+extern hal_error_t hal_ks_index_replace(hal_ks_t *ks,
+                                        const hal_uuid_t * const name,
+                                        unsigned *blockno,
+                                        int *hint);
+
+extern hal_error_t hal_ks_index_fsck(hal_ks_t *ks);
+
+extern const size_t hal_ks_attribute_header_size;
+
+extern hal_error_t hal_ks_attribute_scan(const uint8_t * const bytes,
+                                         const size_t bytes_len,
+                                         hal_pkey_attribute_t *attributes,
+                                         const unsigned attributes_len,
+                                         size_t *total_len);
+
+extern hal_error_t hal_ks_attribute_delete(uint8_t *bytes,
+                                           const size_t bytes_len,
+                                           hal_pkey_attribute_t *attributes,
+                                           unsigned *attributes_len,
+                                           size_t *total_len,
+                                           const uint32_t type);
+
+extern hal_error_t hal_ks_attribute_insert(uint8_t *bytes, const size_t bytes_len,
+                                           hal_pkey_attribute_t *attributes,
+                                           unsigned *attributes_len,
+                                           size_t *total_len,
+                                           const uint32_t type,
+                                           const uint8_t * const value,
+                                           const size_t value_len);
+
+
+/*
  * Local variables:
  * indent-tabs-mode: nil
  * End:
diff --git a/ks_flash.c b/ks_flash.c
index 803d81c..e5a83ea 100644
--- a/ks_flash.c
+++ b/ks_flash.c
@@ -4,7 +4,7 @@
  * Keystore implementation in flash memory.
  *
  * Authors: Rob Austein, Fredrik Thulin
- * Copyright (c) 2015-2016, NORDUnet A/S All rights reserved.
+ * Copyright (c) 2015-2017, NORDUnet A/S All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
@@ -48,6 +48,7 @@
 
 #include "hal.h"
 #include "hal_internal.h"
+#include "ks.h"
 
 #include "last_gasp_pin_internal.h"
 
@@ -55,125 +56,18 @@
 #include "stm-keystore.h"
 #undef HAL_OK
 
-/*
- * Known block states.
- *
- * C does not guarantee any particular representation for enums, so
- * including enums directly in the block header isn't safe.  Instead,
- * we use an access method which casts when reading from the header.
- * Writing to the header isn't a problem, because C does guarantee
- * that enum is compatible with *some* integer type, it just doesn't
- * specify which one.
- */
-
-typedef enum {
-  BLOCK_TYPE_ERASED  = 0xFF, /* Pristine erased block (candidate for reuse) */
-  BLOCK_TYPE_ZEROED  = 0x00, /* Zeroed block (recently used) */
-  BLOCK_TYPE_KEY     = 0x55, /* Block contains key material */
-  BLOCK_TYPE_PIN     = 0xAA, /* Block contains PINs */
-  BLOCK_TYPE_UNKNOWN = -1,   /* Internal code for "I have no clue what this is" */
-} flash_block_type_t;
-
-/*
- * Block status.
- */
-
-typedef enum {
-  BLOCK_STATUS_LIVE      = 0x66, /* This is a live flash block */
-  BLOCK_STATUS_TOMBSTONE = 0x44, /* This is a tombstone left behind during an update  */
-  BLOCK_STATUS_UNKNOWN   = -1,   /* Internal code for "I have no clue what this is" */
-} flash_block_status_t;
-
-/*
- * Common header for all flash block types.
- * A few of these fields are deliberately omitted from the CRC.
- */
-
-typedef struct {
-  uint8_t               block_type;
-  uint8_t               block_status;
-  hal_crc32_t           crc;
-} flash_block_header_t;
-
-/*
- * Key block.  Tail end of "der" field (after der_len) used for attributes.
- */
-
-typedef struct {
-  flash_block_header_t  header;
-  hal_uuid_t            name;
-  hal_key_type_t        type;
-  hal_curve_name_t      curve;
-  hal_key_flags_t       flags;
-  size_t                der_len;
-  unsigned              attributes_len;
-  uint8_t               der[];  /* Must be last field -- C99 "flexible array member" */
-} flash_key_block_t;
-
-#define SIZEOF_FLASH_KEY_BLOCK_DER \
-  (KEYSTORE_SUBSECTOR_SIZE - offsetof(flash_key_block_t, der))
-
-/*
- * PIN block.  Also includes space for backing up the KEK when
- * HAL_MKM_FLASH_BACKUP_KLUDGE is enabled.
- */
-
-typedef struct {
-  flash_block_header_t  header;
-  hal_ks_pin_t          wheel_pin;
-  hal_ks_pin_t          so_pin;
-  hal_ks_pin_t          user_pin;
-#if HAL_MKM_FLASH_BACKUP_KLUDGE
-  uint32_t              kek_set;
-  uint8_t               kek[KEK_LENGTH];
-#endif
-} flash_pin_block_t;
-
-#define FLASH_KEK_SET   0x33333333
-
-/*
- * One flash block.
- */
-
-typedef union {
-  uint8_t                       bytes[KEYSTORE_SUBSECTOR_SIZE];
-  flash_block_header_t          header;
-  flash_key_block_t             key;
-  flash_pin_block_t             pin;
-} flash_block_t;
-
-/*
- * In-memory cache.
- */
-
-typedef struct {
-  unsigned            blockno;
-  uint32_t            lru;
-  flash_block_t       block;
-} cache_block_t;
-
-/*
- * In-memory database.
- *
- * The top-level structure is a static variable; the arrays are allocated at runtime
- * using hal_allocate_static_memory() because they can get kind of large.
- */
-
 #ifndef KS_FLASH_CACHE_SIZE
 #define KS_FLASH_CACHE_SIZE 4
 #endif
 
 #define NUM_FLASH_BLOCKS        KEYSTORE_NUM_SUBSECTORS
 
-typedef struct {
+static struct db {
   hal_ks_t              ks;                  /* Must be first (C "subclassing") */
-  hal_ks_index_t        ksi;
   hal_ks_pin_t          wheel_pin;
   hal_ks_pin_t          so_pin;
   hal_ks_pin_t          user_pin;
-  uint32_t              cache_lru;
-  cache_block_t         *cache;
-} db_t;
+} db;
 
 /*
  * PIN block gets the all-zeros UUID, which will never be returned by
@@ -182,119 +76,6 @@ typedef struct {
 
 const static hal_uuid_t pin_uuid = {{0}};
 
-/*
- * The in-memory database structure itself is small, but the arrays it
- * points to are large enough that they come from SDRAM allocated at
- * startup.
- */
-
-static db_t db;
-
-/*
- * Type safe casts.
- */
-
-static inline flash_block_type_t block_get_type(const flash_block_t * const block)
-{
-  assert(block != NULL);
-  return (flash_block_type_t) block->header.block_type;
-}
-
-static inline flash_block_status_t block_get_status(const flash_block_t * const block)
-{
-  assert(block != NULL);
-  return (flash_block_status_t) block->header.block_status;
-}
-
-/*
- * Pick unused or least-recently-used slot in our in-memory cache.
- *
- * Updating lru values is caller's problem: if caller is using a cache
- * slot as a temporary buffer and there's no point in caching the
- * result, leave the lru values alone and the right thing will happen.
- */
-
-static inline flash_block_t *cache_pick_lru(void)
-{
-  uint32_t best_delta = 0;
-  int      best_index = 0;
-
-  for (int i = 0; i < KS_FLASH_CACHE_SIZE; i++) {
-
-    if (db.cache[i].blockno == ~0)
-      return &db.cache[i].block;
-
-    const uint32_t delta = db.cache_lru - db.cache[i].lru;
-    if (delta > best_delta) {
-      best_delta = delta;
-      best_index = i;
-    }
-
-  }
-
-  db.cache[best_index].blockno = ~0;
-  return &db.cache[best_index].block;
-}
-
-/*
- * Find a block in our in-memory cache; return block or NULL if not present.
- */
-
-static inline flash_block_t *cache_find_block(const unsigned blockno)
-{
-  for (int i = 0; i < KS_FLASH_CACHE_SIZE; i++)
-    if (db.cache[i].blockno == blockno)
-      return &db.cache[i].block;
-  return NULL;
-}
-
-/*
- * Mark a block in our in-memory cache as being in current use.
- */
-
-static inline void cache_mark_used(const flash_block_t * const block, const unsigned blockno)
-{
-  for (int i = 0; i < KS_FLASH_CACHE_SIZE; i++) {
-    if (&db.cache[i].block == block) {
-      db.cache[i].blockno = blockno;
-      db.cache[i].lru = ++db.cache_lru;
-      return;
-    }
-  }
-}
-
-/*
- * Release a block from the in-memory cache.
- */
-
-static inline void cache_release(const flash_block_t * const block)
-{
-  if (block != NULL)
-    cache_mark_used(block, ~0);
-}
-
-/*
- * Generate CRC-32 for a block.
- *
- * This function needs to understand the structure of
- * flash_block_header_t, so that it can skip over fields that
- * shouldn't be included in the CRC.
- */
-
-static hal_crc32_t calculate_block_crc(const flash_block_t * const block)
-{
-  assert(block != NULL);
-
-  hal_crc32_t crc = hal_crc32_init();
-
-  crc = hal_crc32_update(crc, &block->header.block_type,
-                         sizeof(block->header.block_type));
-
-  crc = hal_crc32_update(crc, block->bytes + sizeof(flash_block_header_t),
-                         sizeof(*block) - sizeof(flash_block_header_t));
-
-  return hal_crc32_finalize(crc);
-}
 
 /*
  * Calculate offset of the block in the flash address space.
@@ -312,9 +93,9 @@ static inline uint32_t block_offset(const unsigned blockno)
  * first page before reading the rest of the block.
  */
 
-static hal_error_t block_read(const unsigned blockno, flash_block_t *block)
+static hal_error_t block_read(hal_k_t *ks, const unsigned blockno, ks_block_t *block)
 {
-  if (block == NULL || blockno >= NUM_FLASH_BLOCKS || sizeof(*block) != KEYSTORE_SUBSECTOR_SIZE)
+  if (ks != &db.ks || block == NULL || blockno >= NUM_FLASH_BLOCKS || sizeof(*block) != KEYSTORE_SUBSECTOR_SIZE)
     return HAL_ERROR_IMPOSSIBLE;
 
   /* Sigh, magic numeric return codes */
@@ -355,34 +136,14 @@ static hal_error_t block_read(const unsigned blockno, flash_block_t *block)
 }
 
 /*
- * Read a block using the cache.  Marking the block as used is left
- * for the caller, so we can avoid blowing out the cache when we
- * perform a ks_match() operation.
- */
-
-static hal_error_t block_read_cached(const unsigned blockno, flash_block_t **block)
-{
-  if (block == NULL)
-    return HAL_ERROR_IMPOSSIBLE;
-
-  if ((*block = cache_find_block(blockno)) != NULL)
-    return HAL_OK;
-
-  if ((*block = cache_pick_lru()) == NULL)
-    return HAL_ERROR_IMPOSSIBLE;
-
-  return block_read(blockno, *block);
-}
-
-/*
  * Convert a live block into a tombstone.  Caller is responsible for
  * making sure that the block being converted is valid; since we don't
  * need to update the CRC for this, we just modify the first page.
  */
 
-static hal_error_t block_deprecate(const unsigned blockno)
+static hal_error_t block_deprecate(hal_k_t *ks, const unsigned blockno)
 {
-  if (blockno >= NUM_FLASH_BLOCKS)
+  if (ks != &db.ks || blockno >= NUM_FLASH_BLOCKS)
     return HAL_ERROR_IMPOSSIBLE;
 
   uint8_t page[KEYSTORE_PAGE_SIZE];
@@ -406,9 +167,9 @@ static hal_error_t block_deprecate(const unsigned blockno)
  * Zero (not erase) a flash block.  Just need to zero the first page.
  */
 
-static hal_error_t block_zero(const unsigned blockno)
+static hal_error_t block_zero(hal_k_t *ks, const unsigned blockno)
 {
-  if (blockno >= NUM_FLASH_BLOCKS)
+  if (ks != &db.ks || blockno >= NUM_FLASH_BLOCKS)
     return HAL_ERROR_IMPOSSIBLE;
 
   uint8_t page[KEYSTORE_PAGE_SIZE] = {0};
@@ -424,9 +185,9 @@ static hal_error_t block_zero(const unsigned blockno)
  * Erase a flash block.  Also see block_erase_maybe(), below.
  */
 
-static hal_error_t block_erase(const unsigned blockno)
+static hal_error_t block_erase(hal_k_t *ks, const unsigned blockno)
 {
-  if (blockno >= NUM_FLASH_BLOCKS)
+  if (ks != &db.ks || blockno >= NUM_FLASH_BLOCKS)
     return HAL_ERROR_IMPOSSIBLE;
 
   /* Sigh, magic numeric return codes */
@@ -446,9 +207,9 @@ static hal_error_t block_erase(const unsigned blockno)
  * leak information about, eg, key length, so we do constant time.
  */
 
-static hal_error_t block_erase_maybe(const unsigned blockno)
+static hal_error_t block_erase_maybe(hal_k_t *ks, const unsigned blockno)
 {
-  if (blockno >= NUM_FLASH_BLOCKS)
+  if (ks != &db.ks || blockno >= NUM_FLASH_BLOCKS)
     return HAL_ERROR_IMPOSSIBLE;
 
   uint8_t mask = 0xFF;
@@ -468,9 +229,9 @@ static hal_error_t block_erase_maybe(const unsigned blockno)
  * Write a flash block, calculating CRC when appropriate.
  */
 
-static hal_error_t block_write(const unsigned blockno, flash_block_t *block)
+static hal_error_t block_write(hal_k_t *ks, const unsigned blockno, ks_block_t *block)
 {
-  if (block == NULL || blockno >= NUM_FLASH_BLOCKS || sizeof(*block) != KEYSTORE_SUBSECTOR_SIZE)
+  if (ks != &db.ks || block == NULL || blockno >= NUM_FLASH_BLOCKS || sizeof(*block) != KEYSTORE_SUBSECTOR_SIZE)
     return HAL_ERROR_IMPOSSIBLE;
 
   hal_error_t err = block_erase_maybe(blockno);
@@ -495,308 +256,66 @@ static hal_error_t block_write(const unsigned blockno, flash_block_t *block)
 }
 
 /*
- * Update one flash block, including zombie jamboree.
+ * The token keystore doesn't implement per-session objects, so these are no-ops.
  */
 
-static hal_error_t block_update(const unsigned b1,
-                                flash_block_t *block,
-                                const hal_uuid_t * const uuid,
-                                int *hint)
+static hal_error_t block_set_owner(hal_ks_t *ks,
+                                   const unsigned blockno,
+                                   const hal_client_handle_t client,
+                                   const hal_session_handle_t session)
 {
-  if (block == NULL)
-    return HAL_ERROR_IMPOSSIBLE;
-
-  if (db.ksi.used == db.ksi.size)
-    return HAL_ERROR_NO_KEY_INDEX_SLOTS;
-
-  cache_release(block);
-
-  hal_error_t err;
-  unsigned b2;
-
-  if ((err = block_deprecate(b1))                               != HAL_OK ||
-      (err = hal_ks_index_replace(&db.ksi, uuid, &b2, hint))    != HAL_OK ||
-      (err = block_write(b2, block))                            != HAL_OK ||
-      (err = block_zero(b1))                                    != HAL_OK)
-    return err;
-
-  cache_mark_used(block, b2);
-
-  /*
-   * Erase the first block in the free list. In case of restart, this
-   * puts the block back at the head of the free list.
-   */
+  return HAL_OK;
+}
 
-  return block_erase_maybe(db.ksi.index[db.ksi.used]);
+static hal_error_t block_test_owner(hal_ks_t *ks, const
+                                    unsigned blockno,
+                                    const hal_client_handle_t client,
+                                    const hal_session_handle_t session)
+{
+  return HAL_OK;
 }
 
 /*
  * Forward reference.
  */
 
-static hal_error_t fetch_pin_block(unsigned *b, flash_block_t **block);
+static hal_error_t fetch_pin_block(unsigned *b, ks_block_t **block);
 
 /*
- * Initialize keystore.  This includes various tricky bits, some of
- * which attempt to preserve the free list ordering across reboots, to
- * improve our simplistic attempt at wear leveling, others attempt to
- * recover from unclean shutdown.
+ * Initialize keystore.
  */
 
-static inline void *gnaw(uint8_t **mem, size_t *len, const size_t size)
-{
-  if (mem == NULL || *mem == NULL || len == NULL || size > *len)
-    return NULL;
-  void *ret = *mem;
-  *mem += size;
-  *len -= size;
-  return ret;
-}
+static const hal_ks_driver_t hal_ks_token_driver[1] = {{
+  .read               	= block_read,
+  .write                = block_write,
+  .deprecate		= block_deprecate,
+  .zero                 = block_zero,
+  .erase                = block_erase,
+  .erase_maybe		= block_erase_maybe,
+  .set_owner            = block_set_owner,
+  .test_owner           = block_test_owner
+}};
 
-static hal_error_t ks_init(const hal_ks_driver_t * const driver, const int alloc)
+hal_error_t hal_ks_token_init(const int alloc)
 {
   hal_error_t err = HAL_OK;
 
   hal_ks_lock();
 
-  /*
-   * Initialize the in-memory database.
-   */
-
-  if (alloc) {
-
-    size_t len = (sizeof(*db.ksi.index) * NUM_FLASH_BLOCKS +
-                  sizeof(*db.ksi.names) * NUM_FLASH_BLOCKS +
-                  sizeof(*db.cache)     * KS_FLASH_CACHE_SIZE);
-
-    /*
-     * This is done as a single large allocation, rather than 3 smaller
-     * allocations, to make it atomic - we need all 3, so either all
-     * succeed or all fail.
-     */
-
-    uint8_t *mem = hal_allocate_static_memory(len);
-
-    if (mem == NULL) {
-      err = HAL_ERROR_ALLOCATION_FAILURE;
-      goto done;
-    }
-
-    memset(&db, 0, sizeof(db));
-    memset(mem, 0, len);
-
-    db.ksi.index = gnaw(&mem, &len, sizeof(*db.ksi.index) * NUM_FLASH_BLOCKS);
-    db.ksi.names = gnaw(&mem, &len, sizeof(*db.ksi.names) * NUM_FLASH_BLOCKS);
-    db.cache     = gnaw(&mem, &len, sizeof(*db.cache)     * KS_FLASH_CACHE_SIZE);
-    db.ksi.size  = NUM_FLASH_BLOCKS;
-  }
-
-  else {
-    memset(&db.wheel_pin, 0, sizeof(db.wheel_pin));
-    memset(&db.so_pin,    0, sizeof(db.so_pin));
-    memset(&db.user_pin,  0, sizeof(db.user_pin));
-  }
-
-  db.ksi.used  = 0;
-
-  if (db.ksi.index == NULL || db.ksi.names == NULL || db.cache == NULL) {
-    err = HAL_ERROR_IMPOSSIBLE;
-    goto done;
-  }
-
-  for (int i = 0; i < KS_FLASH_CACHE_SIZE; i++)
-    db.cache[i].blockno = ~0;
-
-  /*
-   * Scan existing content of flash to figure out what we've got.
-   * This gets a bit involved due to the need to recover from things
-   * like power failures at inconvenient times.
-   */
-
-  flash_block_type_t   block_types[NUM_FLASH_BLOCKS];
-  flash_block_status_t block_status[NUM_FLASH_BLOCKS];
-  flash_block_t *block = cache_pick_lru();
-  int first_erased = -1;
-  uint16_t n = 0;
-
-  if (block == NULL) {
-    err = HAL_ERROR_IMPOSSIBLE;
+  if (alloc && (err = hal_ks_alloc_common(&db.ks, NUM_FLASH_BLOCKS, KS_FLASH_CACHE_SIZE)) != HAL_OK)
     goto done;
-  }
-
-  for (int i = 0; i < NUM_FLASH_BLOCKS; i++) {
-
-    /*
-     * Read one block.  If the CRC is bad or the block type is
-     * unknown, it's old data we don't understand, something we were
-     * writing when we crashed, or bad flash; in any of these cases,
-     * we want the block to end up near the end of the free list.
-     */
-
-    err = block_read(i, block);
 
-    if (err == HAL_ERROR_KEYSTORE_BAD_CRC || err == HAL_ERROR_KEYSTORE_BAD_BLOCK_TYPE)
-      block_types[i] = BLOCK_TYPE_UNKNOWN;
-
-    else if (err == HAL_OK)
-      block_types[i] = block_get_type(block);
-
-    else
-      goto done;
-
-    switch (block_types[i]) {
-    case BLOCK_TYPE_KEY:
-    case BLOCK_TYPE_PIN:
-      block_status[i] = block_get_status(block);
-      break;
-    default:
-      block_status[i] = BLOCK_STATUS_UNKNOWN;
-    }
-
-    /*
-     * First erased block we see is head of the free list.
-     */
-
-    if (block_types[i] == BLOCK_TYPE_ERASED && first_erased < 0)
-      first_erased = i;
-
-    /*
-     * If it's a valid data block, include it in the index.  We remove
-     * tombstones (if any) below, for now it's easiest to include them
-     * in the index, so we can look them up by name if we must.
-     */
-
-    const hal_uuid_t *uuid = NULL;
-
-    switch (block_types[i]) {
-    case BLOCK_TYPE_KEY:        uuid = &block->key.name;        break;
-    case BLOCK_TYPE_PIN:        uuid = &pin_uuid;               break;
-    default:                    /* Keep GCC happy */            break;
-    }
-
-    if (uuid != NULL) {
-      db.ksi.names[i] = *uuid;
-      db.ksi.index[n++] = i;
-    }
-  }
-
-  db.ksi.used = n;
-
-  assert(db.ksi.used <= db.ksi.size);
-
-  /*
-   * At this point we've built the (unsorted) index from all the valid
-   * blocks.  Now we need to insert free and unrecognized blocks into
-   * the free list in our preferred order.  It's possible that there's
-   * a better way to do this than linear scan, but this is just
-   * integer comparisons in a fairly small data set, so it's probably
-   * not worth trying to optimize.
-   */
-
-  if (n < db.ksi.size)
-    for (int i = 0; i < NUM_FLASH_BLOCKS; i++)
-      if (block_types[i] == BLOCK_TYPE_ERASED)
-        db.ksi.index[n++] = i;
-
-  if (n < db.ksi.size)
-    for (int i = first_erased; i < NUM_FLASH_BLOCKS; i++)
-      if (block_types[i] == BLOCK_TYPE_ZEROED)
-        db.ksi.index[n++] = i;
-
-  if (n < db.ksi.size)
-    for (int i = 0; i < first_erased; i++)
-      if (block_types[i] == BLOCK_TYPE_ZEROED)
-        db.ksi.index[n++] = i;
-
-  if (n < db.ksi.size)
-    for (int i = 0; i < NUM_FLASH_BLOCKS; i++)
-      if (block_types[i] == BLOCK_TYPE_UNKNOWN)
-        db.ksi.index[n++] = i;
-
-  assert(n == db.ksi.size);
-
-  /*
-   * Initialize the index.
-   */
-
-  if ((err = hal_ks_index_setup(&db.ksi)) != HAL_OK)
+  if ((err = hal_ks_init_common(ks, hal_ks_token_driver)) != HAL_OK)
     goto done;
 
   /*
-   * We might want to call hal_ks_index_fsck() here, if we can figure
-   * out some safe set of recovery actions we can take.
-   */
-
-  /*
-   * Deal with tombstones, now that the index is sorted.  Tombstones
-   * are blocks left behind when something bad (like a power failure)
-   * happened while we updating.  There can be at most one tombstone
-   * and one live block for a given UUID.  If we find no live block,
-   * we need to restore it from the tombstone, after which we need to
-   * zero the tombstone in either case.  The sequence of operations
-   * while updating is designed so that, barring a bug or a hardware
-   * failure, we should never lose data.
-   */
-
-  for (unsigned b_tomb = 0; b_tomb < NUM_FLASH_BLOCKS; b_tomb++) {
-
-    if (block_status[b_tomb] != BLOCK_STATUS_TOMBSTONE)
-      continue;
-
-    hal_uuid_t name = db.ksi.names[b_tomb];
-
-    int where = -1;
-
-    if ((err = hal_ks_index_find(&db.ksi, &name, NULL, &where)) != HAL_OK)
-      goto done;
-
-    if (b_tomb != db.ksi.index[where]) {
-      if (db.ksi.used > where + 1 && b_tomb == db.ksi.index[where + 1])
-        where = where + 1;
-      else if (0     <= where - 1 && b_tomb == db.ksi.index[where - 1])
-        where = where - 1;
-      else {
-        err = HAL_ERROR_IMPOSSIBLE;
-        goto done;
-      }
-    }
-
-    const int matches_next = where + 1 < db.ksi.used && !hal_uuid_cmp(&name, &db.ksi.names[db.ksi.index[where + 1]]);
-    const int matches_prev = where - 1 >= 0          && !hal_uuid_cmp(&name, &db.ksi.names[db.ksi.index[where - 1]]);
-    
-    if ((matches_prev && matches_next) ||
-        (matches_prev && block_status[db.ksi.index[b_tomb - 1]] != BLOCK_STATUS_LIVE) ||
-        (matches_next && block_status[db.ksi.index[b_tomb + 1]] != BLOCK_STATUS_LIVE)) {
-      err = HAL_ERROR_IMPOSSIBLE;
-      goto done;
-    }
-
-    if (matches_prev || matches_next)  {
-      memmove(&db.ksi.index[where], &db.ksi.index[where + 1], (db.ksi.size - where - 1) * sizeof(*db.ksi.index));
-      db.ksi.index[db.ksi.size - 1] = b_tomb;
-    }
-
-    else {
-      unsigned b_live;
-      if ((err = block_read(b_tomb, block)) != HAL_OK)
-        goto done;
-      block->header.block_status = BLOCK_STATUS_LIVE;
-      if ((err = hal_ks_index_replace(&db.ksi, &name, &b_live, &where)) != HAL_OK ||
-          (err = block_write(b_live, block)) != HAL_OK)
-        goto done;
-      block_status[b_live] = BLOCK_STATUS_LIVE;
-    }
-
-    if ((err = block_zero(b_tomb)) != HAL_OK)
-      goto done;
-    block_types[ b_tomb] = BLOCK_TYPE_ZEROED;
-    block_status[b_tomb] = BLOCK_STATUS_UNKNOWN;
-  }
-
-  /*
    * Fetch or create the PIN block.
    */
 
+  memset(&db.wheel_pin, 0, sizeof(db.wheel_pin));
+  memset(&db.so_pin,    0, sizeof(db.so_pin));
+  memset(&db.user_pin,  0, sizeof(db.user_pin));
+
   err = fetch_pin_block(NULL, &block);
 
   if (err == HAL_OK) {
@@ -841,316 +360,6 @@ static hal_error_t ks_init(const hal_ks_driver_t * const driver, const int alloc
       goto done;
   }
 
-  /*
-   * Erase first block on free list if it's not already erased.
-   */
-
-  if (db.ksi.used < db.ksi.size &&
-      (err = block_erase_maybe(db.ksi.index[db.ksi.used])) != HAL_OK)
-    goto done;
-
-  /*
-   * And we're finally done.
-   */
-
-  db.ks.driver = driver;
-
-  err = HAL_OK;
-
- done:
-  hal_ks_unlock();
-  return err;
-}
-
-static hal_error_t ks_shutdown(const hal_ks_driver_t * const driver)
-{
-  if (db.ks.driver != driver)
-    return HAL_ERROR_KEYSTORE_ACCESS;
-  return HAL_OK;
-}
-
-static hal_error_t ks_open(const hal_ks_driver_t * const driver,
-                                    hal_ks_t **ks)
-{
-  if (driver != hal_ks_token_driver || ks == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  *ks = &db.ks;
-  return HAL_OK;
-}
-
-static hal_error_t ks_close(hal_ks_t *ks)
-{
-  if (ks != NULL && ks != &db.ks)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  return HAL_OK;
-}
-
-static inline int acceptable_key_type(const hal_key_type_t type)
-{
-  switch (type) {
-  case HAL_KEY_TYPE_RSA_PRIVATE:
-  case HAL_KEY_TYPE_EC_PRIVATE:
-  case HAL_KEY_TYPE_RSA_PUBLIC:
-  case HAL_KEY_TYPE_EC_PUBLIC:
-    return 1;
-  default:
-    return 0;
-  }
-}
-
-static hal_error_t ks_store(hal_ks_t *ks,
-                            hal_pkey_slot_t *slot,
-                            const uint8_t * const der, const size_t der_len)
-{
-  if (ks != &db.ks || slot == NULL || der == NULL || der_len == 0 || !acceptable_key_type(slot->type))
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  hal_error_t err = HAL_OK;
-  flash_block_t *block;
-  flash_key_block_t *k;
-  uint8_t kek[KEK_LENGTH];
-  size_t kek_len;
-  unsigned b;
-
-  hal_ks_lock();
-
-  if ((block = cache_pick_lru()) == NULL) {
-    err = HAL_ERROR_IMPOSSIBLE;
-    goto done;
-  }
-
-  k = &block->key;
-
-  if ((err = hal_ks_index_add(&db.ksi, &slot->name, &b, &slot->hint)) != HAL_OK)
-    goto done;
-
-  cache_mark_used(block, b);
-
-  memset(block, 0xFF, sizeof(*block));
-
-  block->header.block_type   = BLOCK_TYPE_KEY;
-  block->header.block_status = BLOCK_STATUS_LIVE;
-
-  k->name    = slot->name;
-  k->type    = slot->type;
-  k->curve   = slot->curve;
-  k->flags   = slot->flags;
-  k->der_len = SIZEOF_FLASH_KEY_BLOCK_DER;
-  k->attributes_len = 0;
-
-  if (db.ksi.used < db.ksi.size)
-    err = block_erase_maybe(db.ksi.index[db.ksi.used]);
-
-  if (err == HAL_OK)
-    err = hal_mkm_get_kek(kek, &kek_len, sizeof(kek));
-
-  if (err == HAL_OK)
-    err = hal_aes_keywrap(NULL, kek, kek_len, der, der_len, k->der, &k->der_len);
-
-  memset(kek, 0, sizeof(kek));
-
-  if (err == HAL_OK)
-    err = block_write(b, block);
-
-  if (err == HAL_OK)
-    goto done;
-
-  memset(block, 0, sizeof(*block));
-  cache_release(block);
-  (void) hal_ks_index_delete(&db.ksi, &slot->name, NULL, &slot->hint);
-
- done:
-  hal_ks_unlock();
-  return err;
-}
-
-static hal_error_t ks_fetch(hal_ks_t *ks,
-                            hal_pkey_slot_t *slot,
-                            uint8_t *der, size_t *der_len, const size_t der_max)
-{
-  if (ks != &db.ks || slot == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  hal_error_t err = HAL_OK;
-  flash_block_t *block;
-  unsigned b;
-
-  hal_ks_lock();
-
-  if ((err = hal_ks_index_find(&db.ksi, &slot->name, &b, &slot->hint))  != HAL_OK ||
-      (err = block_read_cached(b, &block))                              != HAL_OK)
-    goto done;
-
-  if (block_get_type(block) != BLOCK_TYPE_KEY) {
-    err = HAL_ERROR_KEYSTORE_WRONG_BLOCK_TYPE; /* HAL_ERROR_KEY_NOT_FOUND */
-    goto done;
-  }
-
-  cache_mark_used(block, b);
-
-  flash_key_block_t *k = &block->key;
-
-  slot->type  = k->type;
-  slot->curve = k->curve;
-  slot->flags = k->flags;
-
-  if (der == NULL && der_len != NULL)
-    *der_len = k->der_len;
-
-  if (der != NULL) {
-
-    uint8_t kek[KEK_LENGTH];
-    size_t kek_len, der_len_;
-    hal_error_t err;
-
-    if (der_len == NULL)
-      der_len = &der_len_;
-
-    *der_len = der_max;
-
-    if ((err = hal_mkm_get_kek(kek, &kek_len, sizeof(kek))) == HAL_OK)
-      err = hal_aes_keyunwrap(NULL, kek, kek_len, k->der, k->der_len, der, der_len);
-
-    memset(kek, 0, sizeof(kek));
-  }
-
- done:
-  hal_ks_unlock();
-  return err;
-}
-
-static hal_error_t ks_delete(hal_ks_t *ks,
-                             hal_pkey_slot_t *slot)
-{
-  if (ks != &db.ks || slot == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  hal_error_t err = HAL_OK;
-  unsigned b;
-
-  hal_ks_lock();
-
-  if ((err = hal_ks_index_delete(&db.ksi, &slot->name, &b, &slot->hint)) != HAL_OK)
-    goto done;
-
-  cache_release(cache_find_block(b));
-
-  if ((err = block_zero(b)) != HAL_OK)
-    goto done;
-
-  err = block_erase_maybe(db.ksi.index[db.ksi.used]);
-
- done:
-  hal_ks_unlock();
-  return err;
-}
-
-static inline hal_error_t locate_attributes(flash_block_t *block,
-                                            uint8_t **bytes, size_t *bytes_len,
-                                            unsigned **attrs_len)
-{
-  if (block == NULL || bytes == NULL || bytes_len == NULL || attrs_len == NULL)
-    return HAL_ERROR_IMPOSSIBLE;
-
-
-  if (block_get_type(block) != BLOCK_TYPE_KEY)
-    return HAL_ERROR_KEYSTORE_WRONG_BLOCK_TYPE;
-  *attrs_len = &block->key.attributes_len;
-  *bytes = block->key.der + block->key.der_len;
-  *bytes_len = SIZEOF_FLASH_KEY_BLOCK_DER - block->key.der_len;
-
-  return HAL_OK;
-}
-
-static hal_error_t ks_match(hal_ks_t *ks,
-                            const hal_client_handle_t client,
-                            const hal_session_handle_t session,
-                            const hal_key_type_t type,
-                            const hal_curve_name_t curve,
-                            const hal_key_flags_t mask,
-                            const hal_key_flags_t flags,
-                            const hal_pkey_attribute_t *attributes,
-                            const unsigned attributes_len,
-                            hal_uuid_t *result,
-                            unsigned *result_len,
-                            const unsigned result_max,
-                            const hal_uuid_t * const previous_uuid)
-{
-  if (ks == NULL || (attributes == NULL && attributes_len > 0) ||
-      result == NULL || result_len == NULL || previous_uuid == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  hal_error_t err = HAL_OK;
-  flash_block_t *block;
-  int i = -1;
-
-  hal_ks_lock();
-
-  *result_len = 0;
-
-  err = hal_ks_index_find(&db.ksi, previous_uuid, NULL, &i);
-
-  if (err == HAL_ERROR_KEY_NOT_FOUND)
-    i--;
-  else if (err != HAL_OK)
-    goto done;
-
-  while (*result_len < result_max && ++i < db.ksi.used) {
-
-    unsigned b = db.ksi.index[i];
-
-    if ((err = block_read_cached(b, &block)) != HAL_OK)
-      goto done;
-
-    if ((type  != HAL_KEY_TYPE_NONE && type  != block->key.type)  ||
-        (curve != HAL_CURVE_NONE    && curve != block->key.curve) ||
-        ((flags ^ block->key.flags) & mask)  != 0)
-      continue;
-
-    if (attributes_len > 0) {
-      uint8_t need_attr[attributes_len];
-      uint8_t *bytes = NULL;
-      size_t bytes_len = 0;
-      unsigned *attrs_len;
-      int possible = 1;
-
-      memset(need_attr, 1, sizeof(need_attr));
-
-      if ((err = locate_attributes(block, &bytes, &bytes_len, &attrs_len)) != HAL_OK)
-        goto done;
-
-      if (*attrs_len > 0) {
-        hal_pkey_attribute_t attrs[*attrs_len];
-
-        if ((err = hal_ks_attribute_scan(bytes, bytes_len, attrs, *attrs_len, NULL)) != HAL_OK)
-          goto done;
-
-        for (int j = 0; possible && j < attributes_len; j++) {
-
-          if (!need_attr[j])
-            continue;
-
-          for (hal_pkey_attribute_t *a = attrs; a < attrs + *attrs_len; a++) {
-            if (a->type != attributes[j].type)
-              continue;
-            need_attr[j] = 0;
-            possible = (a->length == attributes[j].length &&
-                        !memcmp(a->value, attributes[j].value, a->length));
-            break;
-          }
-        }
-      }
-
-      if (!possible || memchr(need_attr, 1, sizeof(need_attr)) != NULL)
-        continue;
-    }
-
-    result[*result_len] = db.ksi.names[b];
-    ++*result_len;
-  }
-
   err = HAL_OK;
 
  done:
@@ -1158,161 +367,6 @@ static hal_error_t ks_match(hal_ks_t *ks,
   return err;
 }
 
-static  hal_error_t ks_set_attributes(hal_ks_t *ks,
-                                      hal_pkey_slot_t *slot,
-                                      const hal_pkey_attribute_t *attributes,
-                                      const unsigned attributes_len)
-{
-  if (ks != &db.ks || slot == NULL || attributes == NULL || attributes_len == 0)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  hal_error_t err = HAL_OK;
-  flash_block_t *block;
-  unsigned b;
-
-  hal_ks_lock();
-
-  {
-    if ((err = hal_ks_index_find(&db.ksi, &slot->name, &b, &slot->hint))      != HAL_OK ||
-        (err = block_read_cached(b, &block))                                  != HAL_OK)
-      goto done;
-
-    cache_mark_used(block, b);
-
-    uint8_t *bytes = NULL;
-    size_t bytes_len = 0;
-    unsigned *attrs_len;
-
-    if ((err = locate_attributes(block, &bytes, &bytes_len, &attrs_len)) != HAL_OK)
-      goto done;
-
-    hal_pkey_attribute_t attrs[*attrs_len + attributes_len];
-    size_t total;
-
-    if ((err = hal_ks_attribute_scan(bytes, bytes_len, attrs, *attrs_len, &total)) != HAL_OK)
-      goto done;
-
-    for (int i = 0; err == HAL_OK && i < attributes_len; i++)
-      if (attributes[i].length == HAL_PKEY_ATTRIBUTE_NIL)
-        err = hal_ks_attribute_delete(bytes, bytes_len, attrs, attrs_len, &total,
-                                      attributes[i].type);
-      else
-        err = hal_ks_attribute_insert(bytes, bytes_len, attrs, attrs_len, &total,
-                                      attributes[i].type,
-                                      attributes[i].value,
-                                      attributes[i].length);
-
-    if (err == HAL_OK)
-      err = block_update(b, block, &slot->name, &slot->hint);
-    else
-      cache_release(block);
-  }
-
- done:
-  hal_ks_unlock();
-  return err;
-}
-
-static  hal_error_t ks_get_attributes(hal_ks_t *ks,
-                                      hal_pkey_slot_t *slot,
-                                      hal_pkey_attribute_t *attributes,
-                                      const unsigned attributes_len,
-                                      uint8_t *attributes_buffer,
-                                      const size_t attributes_buffer_len)
-{
-  if (ks != &db.ks || slot == NULL || attributes == NULL || attributes_len == 0 ||
-      attributes_buffer == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  for (int i = 0; i < attributes_len; i++) {
-    attributes[i].length = 0;
-    attributes[i].value  = NULL;
-  }
-
-  uint8_t *abuf = attributes_buffer;
-  flash_block_t *block = NULL;
-  hal_error_t err = HAL_OK;
-  unsigned found = 0;
-  unsigned b;
-
-  hal_ks_lock();
-
-  {
-    if ((err = hal_ks_index_find(&db.ksi, &slot->name, &b, &slot->hint))        != HAL_OK ||
-        (err = block_read_cached(b, &block))                                    != HAL_OK)
-      goto done;
-
-    cache_mark_used(block, b);
-
-    uint8_t *bytes = NULL;
-    size_t bytes_len = 0;
-    unsigned *attrs_len;
-
-    if ((err = locate_attributes(block, &bytes, &bytes_len, &attrs_len)) != HAL_OK)
-      goto done;
-
-    if (*attrs_len == 0) {
-      err = HAL_ERROR_ATTRIBUTE_NOT_FOUND;
-      goto done;
-    }
-
-    hal_pkey_attribute_t attrs[*attrs_len];
-
-    if ((err = hal_ks_attribute_scan(bytes, bytes_len, attrs, *attrs_len, NULL)) != HAL_OK)
-      goto done;
-
-    for (int i = 0; i < attributes_len; i++) {
-
-      if (attributes[i].length > 0)
-        continue;
-
-      int j = 0;
-      while (j < *attrs_len && attrs[j].type != attributes[i].type)
-        j++;
-      if (j >= *attrs_len)
-        continue;
-      found++;
-
-      attributes[i].length = attrs[j].length;
-
-      if (attributes_buffer_len == 0)
-        continue;
-
-      if (attrs[j].length > attributes_buffer + attributes_buffer_len - abuf) {
-        err = HAL_ERROR_RESULT_TOO_LONG;
-        goto done;
-      }
-
-      memcpy(abuf, attrs[j].value, attrs[j].length);
-      attributes[i].value  = abuf;
-      abuf += attrs[j].length;
-    }
-
-  };
-
-  if (found < attributes_len && attributes_buffer_len > 0)
-    err = HAL_ERROR_ATTRIBUTE_NOT_FOUND;
-  else
-    err = HAL_OK;
-
- done:
-  hal_ks_unlock();
-  return err;
-}
-
-const hal_ks_driver_t hal_ks_token_driver[1] = {{
-  .init                 = ks_init,
-  .shutdown             = ks_shutdown,
-  .open                 = ks_open,
-  .close                = ks_close,
-  .store                = ks_store,
-  .fetch                = ks_fetch,
-  .delete               = ks_delete,
-  .match                = ks_match,
-  .set_attributes       = ks_set_attributes,
-  .get_attributes       = ks_get_attributes
-}};
-
 /*
  * The remaining functions aren't really part of the keystore API per se,
  * but they all involve non-key data which we keep in the keystore
@@ -1331,7 +385,7 @@ const hal_ks_driver_t hal_ks_token_driver[1] = {{
 void hal_ks_init_read_only_pins_only(void)
 {
   unsigned b, best_seen = ~0;
-  flash_block_t block[1];
+  ks_block_t block[1];
 
   hal_ks_lock();
 
@@ -1389,7 +443,7 @@ hal_error_t hal_get_pin(const hal_user_t user,
  * should always sort to first slot in the index.
  */
 
-static hal_error_t fetch_pin_block(unsigned *b, flash_block_t **block)
+static hal_error_t fetch_pin_block(unsigned *b, ks_block_t **block)
 {
   if (block == NULL)
     return HAL_ERROR_IMPOSSIBLE;
@@ -1421,7 +475,7 @@ static hal_error_t fetch_pin_block(unsigned *b, flash_block_t **block)
  */
 
 static hal_error_t update_pin_block(const unsigned b,
-                                    flash_block_t *block,
+                                    ks_block_t *block,
                                     const flash_pin_block_t * const new_data)
 {
   if (block == NULL || new_data == NULL || block_get_type(block) != BLOCK_TYPE_PIN)
@@ -1444,7 +498,7 @@ hal_error_t hal_set_pin(const hal_user_t user,
   if (pin == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
 
-  flash_block_t *block;
+  ks_block_t *block;
   hal_error_t err;
   unsigned b;
 
@@ -1495,7 +549,7 @@ hal_error_t hal_mkm_flash_read_no_lock(uint8_t *buf, const size_t len)
   if (buf != NULL && len != KEK_LENGTH)
     return HAL_ERROR_MASTERKEY_BAD_LENGTH;
 
-  flash_block_t *block;
+  ks_block_t *block;
   hal_error_t err;
   unsigned b;
 
@@ -1527,7 +581,7 @@ hal_error_t hal_mkm_flash_write(const uint8_t * const buf, const size_t len)
   if (len != KEK_LENGTH)
     return HAL_ERROR_MASTERKEY_BAD_LENGTH;
 
-  flash_block_t *block;
+  ks_block_t *block;
   hal_error_t err;
   unsigned b;
 
@@ -1553,7 +607,7 @@ hal_error_t hal_mkm_flash_erase(const size_t len)
   if (len != KEK_LENGTH)
     return HAL_ERROR_MASTERKEY_BAD_LENGTH;
 
-  flash_block_t *block;
+  ks_block_t *block;
   hal_error_t err;
   unsigned b;
 
diff --git a/ks_index.c b/ks_index.c
index 806394a..ed22cfb 100644
--- a/ks_index.c
+++ b/ks_index.c
@@ -3,7 +3,7 @@
  * ----------
  * Keystore index API.  This is internal within libhal.
  *
- * Copyright (c) 2016, NORDUnet A/S All rights reserved.
+ * Copyright (c) 2016-2017, NORDUnet A/S All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
@@ -32,35 +32,37 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+#include <stddef.h>
 #include <string.h>
-#include <assert.h>
 
 #include "hal.h"
 #include "hal_internal.h"
+#include "ks.h"
 
 /*
  * Find a block in the index, return true (found) or false (not found).
  * "where" indicates the name's position, or the position of the first free block.
  *
  * NB: This does NOT return a block number, it returns an index into
- * ksi->index[].
+ * ks->index[].
  */
 
-static int ks_find(const hal_ks_index_t * const ksi,
-		   const hal_uuid_t * const uuid,
+static int ks_find(const hal_ks_t * const ks,
+                   const hal_uuid_t * const uuid,
                    const int * const hint,
-		   int *where)
+                   int *where)
 {
-  assert(ksi != NULL && ksi->index != NULL && ksi->names != NULL && uuid != NULL && where != NULL);
+  if (ks == NULL || ks->index == NULL || ks->names == NULL || uuid == NULL || where == NULL)
+    return 0;
 
-  if (hint != NULL && *hint >= 0 && *hint < ksi->used &&
-      hal_uuid_cmp(uuid, &ksi->names[ksi->index[*hint]]) == 0) {
+  if (hint != NULL && *hint >= 0 && *hint < ks->used &&
+      hal_uuid_cmp(uuid, &ks->names[ks->index[*hint]]) == 0) {
     *where = *hint;
     return 1;
   }
 
   int lo = -1;
-  int hi = ksi->used;
+  int hi = ks->used;
 
   for (;;) {
     int m = (lo + hi) / 2;
@@ -68,7 +70,7 @@ static int ks_find(const hal_ks_index_t * const ksi,
       *where = hi;
       return 0;
     }
-    const int cmp = hal_uuid_cmp(uuid, &ksi->names[ksi->index[m]]);
+    const int cmp = hal_uuid_cmp(uuid, &ks->names[ks->index[m]]);
     if (cmp < 0)
       hi = m;
     else if (cmp > 0)
@@ -88,82 +90,72 @@ static int ks_find(const hal_ks_index_t * const ksi,
  * heapsort is easy and works well with data already in place.
  */
 
-static inline void ks_heapsift(hal_ks_index_t *ksi, int parent, const int end)
+static inline hal_error_t ks_heapsift(hal_ks_t *ks, int parent, const int end)
 {
-  assert(ksi != NULL && ksi->index != NULL && ksi->names != NULL &&
-	 parent >= 0 && end >= parent);
+  if (ks == NULL || ks->index == NULL || ks->names == NULL || parent < 0 || end < parent)
+    return HAL_ERROR_IMPOSSIBLE;
+
   for (;;) {
     const int left_child  = parent * 2 + 1;
     const int right_child = parent * 2 + 2;
     int biggest = parent;
-    if (left_child  <= end && hal_uuid_cmp(&ksi->names[ksi->index[biggest]],
-                                           &ksi->names[ksi->index[left_child]])  < 0)
+    if (left_child  <= end && hal_uuid_cmp(&ks->names[ks->index[biggest]],
+                                           &ks->names[ks->index[left_child]])  < 0)
       biggest = left_child;
-    if (right_child <= end && hal_uuid_cmp(&ksi->names[ksi->index[biggest]],
-                                           &ksi->names[ksi->index[right_child]]) < 0)
+    if (right_child <= end && hal_uuid_cmp(&ks->names[ks->index[biggest]],
+                                           &ks->names[ks->index[right_child]]) < 0)
       biggest = right_child;
     if (biggest == parent)
-      return;
-    const uint16_t tmp  = ksi->index[biggest];
-    ksi->index[biggest] = ksi->index[parent];
-    ksi->index[parent] = tmp;
+      return HAL_OK;
+    const uint16_t tmp = ks->index[biggest];
+    ks->index[biggest] = ks->index[parent];
+    ks->index[parent]  = tmp;
     parent = biggest;
   }
 }
 
-static inline void ks_heapsort(hal_ks_index_t *ksi)
+hal_ks_error_t hal_ks_index_heapsort(hal_ks_t *ks)
 {
-  assert(ksi != NULL && ksi->index != NULL && ksi->names != NULL);
-  if (ksi->used < 2)
-    return;
-  for (int i = (ksi->used - 2) / 2; i >= 0; i--)
-    ks_heapsift(ksi, i, ksi->used - 1);
-  for (int i = ksi->used - 1; i > 0; i--) {
-    const uint16_t tmp = ksi->index[i];
-    ksi->index[i]      = ksi->index[0];
-    ksi->index[0]      = tmp;
-    ks_heapsift(ksi, 0, i - 1);
-  }
-}
-
-/*
- * Perform a consistency check on the index.
- */
+  if (ks == NULL || ks->index == NULL || ks->names == NULL)
+    return HAL_ERROR_IMPOSSIBLE;
 
-#define fsck(_ksi) \
-  do { hal_error_t _err = hal_ks_index_fsck(_ksi); if (_err != HAL_OK) return _err; } while (0)
+  if (ks->used < 2)
+    return HAL_OK;
 
+  hal_error_t err;
 
-hal_error_t hal_ks_index_fsck(hal_ks_index_t *ksi)
-{
-  if (ksi == NULL || ksi->index == NULL || ksi->names == NULL ||
-      ksi->size == 0 || ksi->used > ksi->size)
-    return HAL_ERROR_BAD_ARGUMENTS;
+  for (int i = (ks->used - 2) / 2; i >= 0; i--)
+    if ((err = ks_heapsift(ks, i, ks->used - 1)) != HAL_OK)
+      return err;
 
-  for (int i = 1; i < ksi->used; i++)
-    if (hal_uuid_cmp(&ksi->names[ksi->index[i - 1]], &ksi->names[ksi->index[i]]) >= 0)
-      return HAL_ERROR_KSI_INDEX_UUID_MISORDERED;
+  for (int i = ks->used - 1; i > 0; i--) {
+    const uint16_t tmp = ks->index[i];
+    ks->index[i]       = ks->index[0];
+    ks->index[0]       = tmp;
+    if ((err = ks_heapsift(ks, 0, i - 1)) != HAL_OK)
+      return err;
+  }
 
   return HAL_OK;
 }
 
 /*
- * Set up the index. Only setup task we have at the moment is sorting the index.
+ * Perform a consistency check on the index.
  */
 
-hal_error_t hal_ks_index_setup(hal_ks_index_t *ksi)
+#define fsck(_ks) \
+  do { hal_error_t _err = hal_ks_index_fsck(_ks); if (_err != HAL_OK) return _err; } while (0)
+
+
+hal_error_t hal_ks_index_fsck(hal_ks_t *ks)
 {
-  if (ksi == NULL || ksi->index == NULL || ksi->names == NULL ||
-      ksi->size == 0 || ksi->used > ksi->size)
+  if (ks == NULL || ks->index == NULL || ks->names == NULL ||
+      ks->size == 0 || ks->used > ks->size)
     return HAL_ERROR_BAD_ARGUMENTS;
 
-  ks_heapsort(ksi);
-
-  /*
-   * One might think we should fsck here, but errors in the index
-   * at this point probably relate to errors in the supplied data,
-   * which only the driver knows how to clean up.
-   */
+  for (int i = 1; i < ks->used; i++)
+    if (hal_uuid_cmp(&ks->names[ks->index[i - 1]], &ks->names[ks->index[i]]) >= 0)
+      return HAL_ERROR_KS_INDEX_UUID_MISORDERED;
 
   return HAL_OK;
 }
@@ -172,23 +164,23 @@ hal_error_t hal_ks_index_setup(hal_ks_index_t *ksi)
  * Find a single block by name.
  */
 
-hal_error_t hal_ks_index_find(hal_ks_index_t *ksi,
-			      const hal_uuid_t * const name,
-			      unsigned *blockno,
+hal_error_t hal_ks_index_find(hal_ks_t *ks,
+                              const hal_uuid_t * const name,
+                              unsigned *blockno,
                               int *hint)
 {
-  if (ksi == NULL || ksi->index == NULL || ksi->names == NULL ||
-      ksi->size == 0 || ksi->used > ksi->size || name == NULL)
+  if (ks == NULL || ks->index == NULL || ks->names == NULL ||
+      ks->size == 0 || ks->used > ks->size || name == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
 
   int where;
 
-  fsck(ksi);
+  fsck(ks);
 
-  int ok = ks_find(ksi, name, hint, &where);
+  int ok = ks_find(ks, name, hint, &where);
 
   if (blockno != NULL)
-    *blockno = ksi->index[where];
+    *blockno = ks->index[where];
 
   if (hint != NULL)
     *hint = where;
@@ -200,23 +192,23 @@ hal_error_t hal_ks_index_find(hal_ks_index_t *ksi,
  * Add a single block to the index.
  */
 
-hal_error_t hal_ks_index_add(hal_ks_index_t *ksi,
-			     const hal_uuid_t * const name,
-			     unsigned *blockno,
+hal_error_t hal_ks_index_add(hal_ks_t *ks,
+                             const hal_uuid_t * const name,
+                             unsigned *blockno,
                              int *hint)
 {
-  if (ksi == NULL || ksi->index == NULL || ksi->names == NULL ||
-      ksi->size == 0 || ksi->used > ksi->size || name == NULL)
+  if (ks == NULL || ks->index == NULL || ks->names == NULL ||
+      ks->size == 0 || ks->used > ks->size || name == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
 
-  if (ksi->used == ksi->size)
+  if (ks->used == ks->size)
     return HAL_ERROR_NO_KEY_INDEX_SLOTS;
 
   int where;
 
-  fsck(ksi);
+  fsck(ks);
 
-  if (ks_find(ksi, name, hint, &where))
+  if (ks_find(ks, name, hint, &where))
     return HAL_ERROR_KEY_NAME_IN_USE;
 
   /*
@@ -224,11 +216,11 @@ hal_error_t hal_ks_index_add(hal_ks_index_t *ksi,
    * index up by one slot so we can insert the new block number.
    */
 
-  const size_t len = (ksi->used - where) * sizeof(*ksi->index);
-  const uint16_t b = ksi->index[ksi->used++];
-  memmove(&ksi->index[where + 1], &ksi->index[where], len);
-  ksi->index[where] = b;
-  ksi->names[b] = *name;
+  const size_t len = (ks->used - where) * sizeof(*ks->index);
+  const uint16_t b = ks->index[ks->used++];
+  memmove(&ks->index[where + 1], &ks->index[where], len);
+  ks->index[where] = b;
+  ks->names[b] = *name;
 
   if (blockno != NULL)
     *blockno = b;
@@ -236,7 +228,7 @@ hal_error_t hal_ks_index_add(hal_ks_index_t *ksi,
   if (hint != NULL)
     *hint = where;
 
-  fsck(ksi);
+  fsck(ks);
 
   return HAL_OK;
 }
@@ -245,32 +237,32 @@ hal_error_t hal_ks_index_add(hal_ks_index_t *ksi,
  * Delete a single block from the index.
  */
 
-hal_error_t hal_ks_index_delete(hal_ks_index_t *ksi,
-				const hal_uuid_t * const name,
-				unsigned *blockno,
+hal_error_t hal_ks_index_delete(hal_ks_t *ks,
+                                const hal_uuid_t * const name,
+                                unsigned *blockno,
                                 int *hint)
 {
-  if (ksi == NULL || ksi->index == NULL || ksi->names == NULL ||
-      ksi->size == 0 || ksi->used > ksi->size || name == NULL)
+  if (ks == NULL || ks->index == NULL || ks->names == NULL ||
+      ks->size == 0 || ks->used > ks->size || name == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
 
   int where;
 
-  fsck(ksi);
+  fsck(ks);
 
-  if (ksi->used == 0 || !ks_find(ksi, name, hint, &where))
+  if (ks->used == 0 || !ks_find(ks, name, hint, &where))
     return HAL_ERROR_KEY_NOT_FOUND;
 
   /*
    * Free the block and stuff it at the end of the free list.
    */
 
-  const size_t len = (ksi->size - where - 1) * sizeof(*ksi->index);
-  const uint16_t b = ksi->index[where];
-  memmove(&ksi->index[where], &ksi->index[where + 1], len);
-  ksi->index[ksi->size - 1] = b;
-  ksi->used--;
-  memset(&ksi->names[b], 0, sizeof(ksi->names[b]));
+  const size_t len = (ks->size - where - 1) * sizeof(*ks->index);
+  const uint16_t b = ks->index[where];
+  memmove(&ks->index[where], &ks->index[where + 1], len);
+  ks->index[ks->size - 1] = b;
+  ks->used--;
+  memset(&ks->names[b], 0, sizeof(ks->names[b]));
 
   if (blockno != NULL)
     *blockno = b;
@@ -278,32 +270,34 @@ hal_error_t hal_ks_index_delete(hal_ks_index_t *ksi,
   if (hint != NULL)
     *hint = where;
 
-  fsck(ksi);
+  fsck(ks);
 
   return HAL_OK;
 }
 
 /*
- * Replace a single block in the index.
+ * Replace a single block with a new one, return new block number.
+ * Name of block does not change.  This is an optimization of a delete
+ * immediately followed by an add for the same name.
  */
 
-hal_error_t hal_ks_index_replace(hal_ks_index_t *ksi,
+hal_error_t hal_ks_index_replace(hal_ks_t *ks,
                                  const hal_uuid_t * const name,
                                  unsigned *blockno,
                                  int *hint)
 {
-  if (ksi == NULL || ksi->index == NULL || ksi->names == NULL ||
-      ksi->size == 0 || ksi->used > ksi->size || name == NULL)
+  if (ks == NULL || ks->index == NULL || ks->names == NULL ||
+      ks->size == 0 || ks->used > ks->size || name == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
 
-  if (ksi->used == ksi->size)
+  if (ks->used == ks->size)
     return HAL_ERROR_NO_KEY_INDEX_SLOTS;
 
   int where;
 
-  fsck(ksi);
+  fsck(ks);
 
-  if (ksi->used == 0 || !ks_find(ksi, name, hint, &where))
+  if (ks->used == 0 || !ks_find(ks, name, hint, &where))
     return HAL_ERROR_KEY_NOT_FOUND;
 
   /*
@@ -311,14 +305,14 @@ hal_error_t hal_ks_index_replace(hal_ks_index_t *ksi,
    * block at end of free list and replace old block with new block.
    */
 
-  const size_t len = (ksi->size - ksi->used - 1) * sizeof(*ksi->index);
-  const uint16_t b1 = ksi->index[where];
-  const uint16_t b2 = ksi->index[ksi->used];
-  memmove(&ksi->index[ksi->used], &ksi->index[ksi->used + 1], len);
-  ksi->index[ksi->size - 1] = b1;
-  ksi->index[where] = b2;
-  ksi->names[b2] = *name;
-  memset(&ksi->names[b1], 0, sizeof(ksi->names[b1]));
+  const size_t len = (ks->size - ks->used - 1) * sizeof(*ks->index);
+  const uint16_t b1 = ks->index[where];
+  const uint16_t b2 = ks->index[ks->used];
+  memmove(&ks->index[ks->used], &ks->index[ks->used + 1], len);
+  ks->index[ks->size - 1] = b1;
+  ks->index[where] = b2;
+  ks->names[b2] = *name;
+  memset(&ks->names[b1], 0, sizeof(ks->names[b1]));
 
   if (blockno != NULL)
     *blockno = b2;
@@ -326,7 +320,7 @@ hal_error_t hal_ks_index_replace(hal_ks_index_t *ksi,
   if (hint != NULL)
     *hint = where;
 
-  fsck(ksi);
+  fsck(ks);
 
   return HAL_OK;
 }
diff --git a/ks_volatile.c b/ks_volatile.c
index 515a8e8..e9a0ef4 100644
--- a/ks_volatile.c
+++ b/ks_volatile.c
@@ -41,591 +41,182 @@
 
 #include "hal.h"
 #include "hal_internal.h"
-
-#define KEK_LENGTH (bitsToBytes(256))
+#include "ks.h"
 
 #ifndef STATIC_KS_VOLATILE_SLOTS
 #define STATIC_KS_VOLATILE_SLOTS HAL_STATIC_PKEY_STATE_BLOCKS
 #endif
 
-#ifndef STATIC_KS_VOLATILE_ATTRIBUTE_SPACE
-#define STATIC_KS_VOLATILE_ATTRIBUTE_SPACE 4096
+#ifndef KS_VOLATILE_CACHE_SIZE
+#define KS_VOLATILE_CACHE_SIZE 4
 #endif
 
-/*
- * In-memory keystore database.  This is a bit more complicated than
- * necessary because originally I though we would want to continue
- * supporting an mmap()-based keystore as well.  Needs cleaning up.
- */
-
 typedef struct {
-  hal_key_type_t        type;
-  hal_curve_name_t      curve;
-  hal_key_flags_t       flags;
   hal_client_handle_t   client;
   hal_session_handle_t  session;
-  size_t                der_len;
-  unsigned              attributes_len;
-  uint8_t               der[HAL_KS_WRAPPED_KEYSIZE + STATIC_KS_VOLATILE_ATTRIBUTE_SPACE];
-} ks_key_t;
+  hal_ks_block_t	block;
+} volatile_key_t;
 
-typedef struct {
-  hal_ks_index_t        ksi;
-  ks_key_t              *keys;
-} db_t;
-
-/*
- * "Subclass" (well, what one can do in C) of hal_ks_t.  This is
- * separate from db_t primarily to simplify things like rewriting the
- * old ks_mmap driver to piggy-back on the ks_volatile driver: we
- * wouldn't want the hal_ks_t into the mmap()ed file.
- */
-
-typedef struct {
+static struct db {
   hal_ks_t ks;              /* Must be first */
-  db_t *db;                 /* Which memory-based keystore database */
-  int per_session;          /* Whether objects are per-session */
-} ks_t;
+  volatile_key_t *keys;
+} db;
 
 /*
- * If we also supported mmap, there would be a separate definition for
- * HAL_KS_MMAP_SLOTS above, and the bulk of the code would be under a
- * conditional testing whether either HAL_KS_*_SLOTS were nonzero.
+ * Read a block.  CRC probably not necessary for RAM.
  */
 
-#if STATIC_KS_VOLATILE_SLOTS > 0
+static hal_error_t block_read(hal_k_t *ks, const unsigned blockno, ks_block_t *block)
+{
+  if (ks != &db.ks || db.keys == NULL || block == NULL || blockno >= ks->size)
+    return HAL_ERROR_IMPOSSIBLE;
 
-static ks_t volatile_ks;
+  memcpy(block, &db.keys[blockno].block, sizeof(*block));
 
-static inline ks_t *ks_to_ksv(hal_ks_t *ks)
-{
-  return (ks_t *) ks;
+  return HAL_OK;
 }
 
 /*
- * Check whether the current session can see a particular key.  One
- * might expect this to be based on whether the session matches, and
- * indeed it would be in a sane world, but in the world of PKCS #11,
- * keys belong to sessions, are visible to other sessions, and may
- * even be modifiable by other sessions, but softly and silently
- * vanish away when the original creating session is destroyed.
- *
- * In our terms, this means that visibility of session objects is
- * determined only by the client handle, so taking the session handle
- * as an argument here isn't really necessary, but we've flipflopped
- * on that enough times that at least for now I'd prefer to leave the
- * session handle here and not have to revise all the RPC calls again.
- * Remove it at some later date and redo the RPC calls if we manage to
- * avoid revising this yet again.
+ * Convert a live block into a tombstone.
  */
 
-static inline int key_visible_to_session(const ks_t * const ksv,
-                                         const hal_client_handle_t client,
-                                         const hal_session_handle_t session,
-                                         const ks_key_t * const k)
+static hal_error_t block_deprecate(hal_k_t *ks, const unsigned blockno)
 {
-  return (!ksv->per_session ||
-          client.handle == HAL_HANDLE_NONE ||
-          k->client.handle  == client.handle ||
-          hal_rpc_is_logged_in(client, HAL_USER_WHEEL) == HAL_OK);
-}
-
-static inline void *gnaw(uint8_t **mem, size_t *len, const size_t size)
-{
-  if (mem == NULL || *mem == NULL || len == NULL || size > *len)
-    return NULL;
-  void *ret = *mem;
-  *mem += size;
-  *len -= size;
-  return ret;
-}
-
-static hal_error_t ks_init(const hal_ks_driver_t * const driver,
-                           const int per_session,
-                           ks_t *ksv,
-                           uint8_t *mem,
-                           size_t len)
-{
-  if (ksv == NULL)
-    return HAL_ERROR_IMPOSSIBLE;
-
-  if (mem != NULL) {
-    memset(ksv, 0, sizeof(*ksv));
-    memset(mem, 0, len);
-
-    ksv->db            = gnaw(&mem, &len, sizeof(*ksv->db));
-    ksv->db->ksi.index = gnaw(&mem, &len, sizeof(*ksv->db->ksi.index) * STATIC_KS_VOLATILE_SLOTS);
-    ksv->db->ksi.names = gnaw(&mem, &len, sizeof(*ksv->db->ksi.names) * STATIC_KS_VOLATILE_SLOTS);
-    ksv->db->keys      = gnaw(&mem, &len, sizeof(*ksv->db->keys)      * STATIC_KS_VOLATILE_SLOTS);
-    ksv->db->ksi.size  = STATIC_KS_VOLATILE_SLOTS;
-  }
-
-  if (ksv->db            == NULL ||
-      ksv->db->ksi.index == NULL ||
-      ksv->db->ksi.names == NULL ||
-      ksv->db->keys      == NULL)
+  if (ks != &db.ks || db.keys == NULL || blockno >= ks->size)
     return HAL_ERROR_IMPOSSIBLE;
 
-  if (mem == NULL) {
-    memset(ksv->db->ksi.index, 0, sizeof(*ksv->db->ksi.index) * STATIC_KS_VOLATILE_SLOTS);
-    memset(ksv->db->ksi.names, 0, sizeof(*ksv->db->ksi.names) * STATIC_KS_VOLATILE_SLOTS);
-    memset(ksv->db->keys,      0, sizeof(*ksv->db->keys)      * STATIC_KS_VOLATILE_SLOTS);
-  }
-
-  ksv->ks.driver     = driver;
-  ksv->per_session   = per_session;
-  ksv->db->ksi.used  = 0;
-
-  /*
-   * Set up keystore with empty index and full free list.
-   * Since this driver doesn't care about wear leveling,
-   * just populate the free list in block numerical order.
-   */
-
-  for (int i = 0; i < STATIC_KS_VOLATILE_SLOTS; i++)
-    ksv->db->ksi.index[i] = i;
+  db.keys[blockno].block.header->block_status = BLOCK_STATUS_TOMBSTONE;
 
-  return hal_ks_index_setup(&ksv->db->ksi);
+  return HAL_OK;
 }
 
-static hal_error_t ks_volatile_init(const hal_ks_driver_t * const driver, const int alloc)
-{
-  hal_error_t err = HAL_OK;
-
-  hal_ks_lock();
-
-  const size_t len = (sizeof(*volatile_ks.db) +
-                      sizeof(*volatile_ks.db->ksi.index) * STATIC_KS_VOLATILE_SLOTS +
-                      sizeof(*volatile_ks.db->ksi.names) * STATIC_KS_VOLATILE_SLOTS +
-                      sizeof(*volatile_ks.db->keys)      * STATIC_KS_VOLATILE_SLOTS);
-
-  uint8_t *mem = NULL;
+/*
+ * Zero (not erase) a flash block.
+ */
 
-  if (alloc && (mem = hal_allocate_static_memory(len)) == NULL)
-    err = HAL_ERROR_ALLOCATION_FAILURE;
-  else
-    err = ks_init(driver, 1, &volatile_ks, mem, len);
+static hal_error_t block_zero(hal_k_t *ks, const unsigned blockno)
+{
+  if (ks != &db.ks || db.keys == NULL || blockno >= ks->size)
+    return HAL_ERROR_IMPOSSIBLE;
 
-  hal_ks_unlock();
-  return err;
-}
+  memset(db.keys[blockno].block, 0x00, sizeof(db.keys[blockno].block));
+  db.keys[blockno].client.handle = HAL_HANDLE_NONE;
+  db.keys[blockno].session.handle = HAL_HANDLE_NONE;
 
-static hal_error_t ks_volatile_shutdown(const hal_ks_driver_t * const driver)
-{
-  if (volatile_ks.ks.driver != driver)
-    return HAL_ERROR_KEYSTORE_ACCESS;
   return HAL_OK;
 }
 
-static hal_error_t ks_volatile_open(const hal_ks_driver_t * const driver,
-                                    hal_ks_t **ks)
-{
-  assert(driver != NULL && ks != NULL);
-  *ks = &volatile_ks.ks;
-  return HAL_OK;
-}
+/*
+ * Erase a flash block.
+ */
 
-static hal_error_t ks_volatile_close(hal_ks_t *ks)
+static hal_error_t block_erase(hal_k_t *ks, const unsigned blockno)
 {
+  if (ks != &db.ks || db.keys == NULL || blockno >= ks->size)
+    return HAL_ERROR_IMPOSSIBLE;
+
+  memset(db.keys[blockno].block, 0xFF, sizeof(db.keys[blockno].block));
+  db.keys[blockno].client.handle = HAL_HANDLE_NONE;
+  db.keys[blockno].session.handle = HAL_HANDLE_NONE;
+
   return HAL_OK;
 }
 
-static inline int acceptable_key_type(const hal_key_type_t type)
-{
-  switch (type) {
-  case HAL_KEY_TYPE_RSA_PRIVATE:
-  case HAL_KEY_TYPE_EC_PRIVATE:
-  case HAL_KEY_TYPE_RSA_PUBLIC:
-  case HAL_KEY_TYPE_EC_PUBLIC:
-    return 1;
-  default:
-    return 0;
-  }
-}
+/*
+ * Write a flash block.  CRC probably not necessary for RAM.
+ */
 
-static hal_error_t ks_store(hal_ks_t *ks,
-                            hal_pkey_slot_t *slot,
-                            const uint8_t * const der, const size_t der_len)
+static hal_error_t block_write(hal_k_t *ks, const unsigned blockno, ks_block_t *block)
 {
-  if (ks == NULL || slot == NULL || der == NULL || der_len == 0 || !acceptable_key_type(slot->type))
-    return HAL_ERROR_BAD_ARGUMENTS;
+  if (ks != &db.ks || db.keys == NULL || block == NULL || blockno >= ks->size)
+    return HAL_ERROR_IMPOSSIBLE;
 
-  ks_t *ksv = ks_to_ksv(ks);
-  hal_error_t err = HAL_OK;
-  unsigned b;
+  memcpy(&db.keys[blockno].block, block, sizeof(*block));
 
-  hal_ks_lock();
+  return HAL_OK;
+}
 
-  if (ksv->db == NULL) {
-    err = HAL_ERROR_KEYSTORE_ACCESS;
-    goto done;
-  }
+/*
+ * Set key ownership.
+ */
 
-  if ((err = hal_ks_index_add(&ksv->db->ksi, &slot->name, &b, &slot->hint)) != HAL_OK)
-    goto done;
+static hal_error_t block_set_owner(hal_ks_t *ks,
+                                   const unsigned blockno,
+                                   const hal_client_handle_t client,
+                                   const hal_session_handle_t session)
+{
+  if (ks != &db.ks || db.keys == NULL || blockno >= ks->size)
+    return HAL_ERROR_IMPOSSIBLE;
 
-  uint8_t kek[KEK_LENGTH];
-  size_t kek_len;
-  ks_key_t k;
+  db.keys[blockno].client = client;
+  db.keys[blockno].session = session;
 
-  memset(&k, 0, sizeof(k));
-  k.der_len = sizeof(k.der);
-  k.type    = slot->type;
-  k.curve   = slot->curve;
-  k.flags   = slot->flags;
-  k.client  = slot->client_handle;
-  k.session = slot->session_handle;
+  return HAL_OK;
+}
 
-  if ((err = hal_mkm_get_kek(kek, &kek_len, sizeof(kek))) == HAL_OK)
-    err = hal_aes_keywrap(NULL, kek, kek_len, der, der_len, k.der, &k.der_len);
+/*
+ * Test key ownership.
+ */
 
-  memset(kek, 0, sizeof(kek));
+static hal_error_t block_test_owner(hal_ks_t *ks, const
+                                    unsigned blockno,
+                                    const hal_client_handle_t client,
+                                    const hal_session_handle_t session)
+{
+  if (ks != &db.ks || db.keys == NULL || blockno >= ks->size)
+    return HAL_ERROR_IMPOSSIBLE;
 
-  if (err == HAL_OK)
-    ksv->db->keys[b] = k;
+  if (db.keys[blockno].client.handle  == client.handle &&
+      db.keys[blockno].session.handle == session.handle)
+    return HAL_OK;
   else
-    (void) hal_ks_index_delete(&ksv->db->ksi, &slot->name, NULL, &slot->hint);
-
- done:
-  hal_ks_unlock();
-  return err;
+    return HAL_ERROR_KEY_NOT_FOUND;
 }
 
-static hal_error_t ks_fetch(hal_ks_t *ks,
-                            hal_pkey_slot_t *slot,
-                            uint8_t *der, size_t *der_len, const size_t der_max)
-{
-  if (ks == NULL || slot == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  ks_t *ksv = ks_to_ksv(ks);
-  hal_error_t err = HAL_OK;
-  unsigned b;
-
-  hal_ks_lock();
-
-  if (ksv->db == NULL) {
-    err = HAL_ERROR_KEYSTORE_ACCESS;
-    goto done;
-  }
-
-  if ((err = hal_ks_index_find(&ksv->db->ksi, &slot->name, &b, &slot->hint)) != HAL_OK)
-    goto done;
-
-  const ks_key_t * const k = &ksv->db->keys[b];
-
-  if (!key_visible_to_session(ksv, slot->client_handle, slot->session_handle, k)) {
-    err = HAL_ERROR_KEY_NOT_FOUND;
-    goto done;
-  }
-
-  slot->type  = k->type;
-  slot->curve = k->curve;
-  slot->flags = k->flags;
-
-  if (der == NULL && der_len != NULL)
-    *der_len = k->der_len;
-
-  if (der != NULL) {
-
-    uint8_t kek[KEK_LENGTH];
-    size_t kek_len, der_len_;
-
-    if (der_len == NULL)
-      der_len = &der_len_;
-
-    *der_len = der_max;
-
-    if ((err = hal_mkm_get_kek(kek, &kek_len, sizeof(kek))) == HAL_OK)
-      err = hal_aes_keyunwrap(NULL, kek, kek_len, k->der, k->der_len, der, der_len);
-
-    memset(kek, 0, sizeof(kek));
-  }
+/*
+ * Initialize keystore.
+ */
 
- done:
-  hal_ks_unlock();
-  return err;
-}
+static const hal_ks_driver_t hal_ks_volatile_driver[1] = {{
+  .read               	= block_read,
+  .write                = block_write,
+  .deprecate		= block_deprecate,
+  .zero                 = block_zero,
+  .erase                = block_erase,
+  .erase_maybe		= block_erase, /* sic */
+  .set_owner            = block_set_owner,
+  .test_owner           = block_test_owner
+}};
 
-static hal_error_t ks_delete(hal_ks_t *ks,
-                             hal_pkey_slot_t *slot)
+ hal_error_t hal_ks_volatile_init(const int alloc)
 {
-  if (ks == NULL || slot == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  ks_t *ksv = ks_to_ksv(ks);
   hal_error_t err = HAL_OK;
-  unsigned b;
 
   hal_ks_lock();
 
-  if (ksv->db == NULL) {
-    err = HAL_ERROR_KEYSTORE_ACCESS;
-    goto done;
-  }
-
-  if ((err = hal_ks_index_find(&ksv->db->ksi, &slot->name, &b, &slot->hint)) != HAL_OK)
-    goto done;
 
-  if (!key_visible_to_session(ksv, slot->client_handle, slot->session_handle, &ksv->db->keys[b])) {
-    err = HAL_ERROR_KEY_NOT_FOUND;
+  if (alloc && (err = hal_ks_alloc_common(&db.ks, STATIC_KS_VOLATILE_SLOTS, KS_VOLATILE_CACHE_SIZE)) != HAL_OK)
     goto done;
-  }
 
-  if ((err = hal_ks_index_delete(&ksv->db->ksi, &slot->name, &b, &slot->hint)) != HAL_OK)
+  if ((err = hal_ks_init_common(&db.ks, hal_ks_volatile_driver)) != HAL_OK)
     goto done;
 
-  memset(&ksv->db->keys[b], 0, sizeof(ksv->db->keys[b]));
-
- done:
-  hal_ks_unlock();
-  return err;
-}
-
-static hal_error_t ks_match(hal_ks_t *ks,
-                            hal_client_handle_t client,
-                            hal_session_handle_t session,
-                            const hal_key_type_t type,
-                            const hal_curve_name_t curve,
-                            const hal_key_flags_t mask,
-                            const hal_key_flags_t flags,
-                            const hal_pkey_attribute_t *attributes,
-                            const unsigned attributes_len,
-                            hal_uuid_t *result,
-                            unsigned *result_len,
-                            const unsigned result_max,
-                            const hal_uuid_t * const previous_uuid)
-{
-  if (ks == NULL || (attributes == NULL && attributes_len > 0) ||
-      result == NULL || result_len == NULL || previous_uuid == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  ks_t *ksv = ks_to_ksv(ks);
-
-  if (ksv->db == NULL)
-    return HAL_ERROR_KEYSTORE_ACCESS;
-
-  hal_error_t err = HAL_OK;
-  int i = -1;
-
-  hal_ks_lock();
-
-  *result_len = 0;
-
-  err = hal_ks_index_find(&ksv->db->ksi, previous_uuid, NULL, &i);
-
-  if (err == HAL_ERROR_KEY_NOT_FOUND)
-    i--;
-  else if (err != HAL_OK)
+  if (alloc && (db.keys = hal_allocate_static_memory(sizeof(*db.keys) * db.ks.size)) == NULL) {
+    err = HAL_ERROR_ALLOCATION_FAILURE;
     goto done;
-
-  while (*result_len < result_max && ++i < ksv->db->ksi.used) {
-
-    unsigned b = ksv->db->ksi.index[i];
-
-    if (type != HAL_KEY_TYPE_NONE && type != ksv->db->keys[b].type)
-      continue;
-
-    if (curve != HAL_CURVE_NONE && curve != ksv->db->keys[b].curve)
-      continue;
-
-    if (((flags ^ ksv->db->keys[b].flags) & mask) != 0)
-      continue;
-
-    if (!key_visible_to_session(ksv, client, session, &ksv->db->keys[b]))
-      continue;
-
-    if (attributes_len > 0) {
-      const ks_key_t * const k = &ksv->db->keys[b];
-      int ok = 1;
-
-      if (k->attributes_len == 0)
-        continue;
-
-      hal_pkey_attribute_t key_attrs[k->attributes_len];
-
-      if ((err = hal_ks_attribute_scan(k->der + k->der_len, sizeof(k->der) - k->der_len,
-                                       key_attrs, k->attributes_len, NULL)) != HAL_OK)
-        goto done;
-
-      for (const hal_pkey_attribute_t *required = attributes;
-           ok && required < attributes + attributes_len; required++) {
-
-        hal_pkey_attribute_t *present = key_attrs;
-        while (ok && present->type != required->type)
-          ok = ++present < key_attrs + k->attributes_len;
-
-        if (ok)
-          ok = (present->length == required->length &&
-                !memcmp(present->value, required->value, present->length));
-      }
-
-      if (!ok)
-        continue;
-    }
-
-    result[*result_len] = ksv->db->ksi.names[b];
-    ++*result_len;
-  }
-
-  err = HAL_OK;
-
- done:
-  hal_ks_unlock();
-  return err;
-}
-
-static hal_error_t ks_set_attributes(hal_ks_t *ks,
-                                     hal_pkey_slot_t *slot,
-                                     const hal_pkey_attribute_t *attributes,
-                                     const unsigned attributes_len)
-{
-  if (ks == NULL || slot == NULL || attributes == NULL || attributes_len == 0)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  ks_t *ksv = ks_to_ksv(ks);
-  hal_error_t err = HAL_OK;
-  unsigned b;
-
-  hal_ks_lock();
-
-  {
-    if (ksv->db == NULL) {
-      err = HAL_ERROR_KEYSTORE_ACCESS;
-      goto done;
-    }
-
-    if ((err = hal_ks_index_find(&ksv->db->ksi, &slot->name, &b, &slot->hint)) != HAL_OK)
-      goto done;
-
-    ks_key_t * const k = &ksv->db->keys[b];
-
-    if (!key_visible_to_session(ksv, slot->client_handle, slot->session_handle, k)) {
-      err = HAL_ERROR_KEY_NOT_FOUND;
-      goto done;
-    }
-
-    hal_pkey_attribute_t attrs[k->attributes_len + attributes_len];
-    uint8_t *bytes = k->der + k->der_len;
-    size_t bytes_len = sizeof(k->der) - k->der_len;
-    size_t total_len;
-
-    if ((err = hal_ks_attribute_scan(bytes, bytes_len, attrs, k->attributes_len, &total_len)) != HAL_OK)
-      goto done;
-
-    for (const hal_pkey_attribute_t *a = attributes; a < attributes + attributes_len; a++) {
-      if (a->length == HAL_PKEY_ATTRIBUTE_NIL)
-        err =  hal_ks_attribute_delete(bytes, bytes_len, attrs, &k->attributes_len, &total_len,
-                                       a->type);
-      else
-        err =  hal_ks_attribute_insert(bytes, bytes_len, attrs, &k->attributes_len, &total_len,
-                                       a->type, a->value, a->length);
-      if (err != HAL_OK)
-        goto done;
-    }
-
-    err = HAL_OK;
-
   }
 
- done:
-  hal_ks_unlock();
-  return err;
-}
-
-static hal_error_t ks_get_attributes(hal_ks_t *ks,
-                                     hal_pkey_slot_t *slot,
-                                     hal_pkey_attribute_t *attributes,
-                                     const unsigned attributes_len,
-                                     uint8_t *attributes_buffer,
-                                     const size_t attributes_buffer_len)
-{
-  if (ks == NULL || slot == NULL || attributes == NULL || attributes_len == 0 ||
-      attributes_buffer == NULL)
-    return HAL_ERROR_BAD_ARGUMENTS;
-
-  ks_t *ksv = ks_to_ksv(ks);
-  hal_error_t err = HAL_OK;
-  unsigned b;
-
-  hal_ks_lock();
-
-  {
-    if (ksv->db == NULL) {
-      err = HAL_ERROR_KEYSTORE_ACCESS;
-      goto done;
-    }
-
-    if ((err = hal_ks_index_find(&ksv->db->ksi, &slot->name, &b, &slot->hint)) != HAL_OK)
-      goto done;
-
-    const ks_key_t * const k = &ksv->db->keys[b];
-
-    if (!key_visible_to_session(ksv, slot->client_handle, slot->session_handle, k)) {
-      err = HAL_ERROR_KEY_NOT_FOUND;
-      goto done;
-    }
-
-    hal_pkey_attribute_t attrs[k->attributes_len > 0 ? k->attributes_len : 1];
-
-    if ((err = hal_ks_attribute_scan(k->der + k->der_len, sizeof(k->der) - k->der_len,
-                                     attrs, k->attributes_len, NULL)) != HAL_OK)
+  for (unsigned b = 0; b < db.ks.size; i++)
+    if ((err = block_erase(&db.ks, b)) != HAL_OK)
       goto done;
 
-    uint8_t *abuf = attributes_buffer;
-
-    for (int i = 0; i < attributes_len; i++) {
-      int j = 0;
-      while (j < k->attributes_len && attrs[j].type != attributes[i].type)
-        j++;
-      const int found = j < k->attributes_len;
-
-      if (attributes_buffer_len == 0) {
-        attributes[i].value  = NULL;
-        attributes[i].length = found ? attrs[j].length : 0;
-        continue;
-      }
-
-      if (!found) {
-        err = HAL_ERROR_ATTRIBUTE_NOT_FOUND;
-        goto done;
-      }
-
-      if (attrs[j].length > attributes_buffer + attributes_buffer_len - abuf) {
-        err = HAL_ERROR_RESULT_TOO_LONG;
-        goto done;
-      }
-
-      memcpy(abuf, attrs[j].value, attrs[j].length);
-      attributes[i].value  = abuf;
-      attributes[i].length = attrs[j].length;
-      abuf += attrs[j].length;
-    }
-
-    err = HAL_OK;
-
-  }
+  err = HAL_OK;
 
  done:
   hal_ks_unlock();
   return err;
 }
 
-const hal_ks_driver_t hal_ks_volatile_driver[1] = {{
-  .init                 = ks_volatile_init,
-  .shutdown             = ks_volatile_shutdown,
-  .open                 = ks_volatile_open,
-  .close                = ks_volatile_close,
-  .store                = ks_store,
-  .fetch                = ks_fetch,
-  .delete               = ks_delete,
-  .match                = ks_match,
-  .set_attributes       = ks_set_attributes,
-  .get_attributes       = ks_get_attributes
-}};
-
-#endif /* STATIC_KS_VOLATILE_SLOTS > 0 */
-
 /*
  * Local variables:
  * indent-tabs-mode: nil



More information about the Commits mailing list