[Cryptech-Commits] [sw/libhal] branch master updated: Clean up definition of HAL_KS_WRAPPED_KEYSIZE.
git at cryptech.is
git at cryptech.is
Sat Apr 14 18:26:12 UTC 2018
This is an automated email from the git hooks/post-receive script.
sra at hactrn.net pushed a commit to branch master
in repository sw/libhal.
The following commit(s) were added to refs/heads/master by this push:
new 0d17fd9 Clean up definition of HAL_KS_WRAPPED_KEYSIZE.
0d17fd9 is described below
commit 0d17fd984e6ed486d6cd622edee226e263aab510
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Sat Apr 14 14:10:45 2018 -0400
Clean up definition of HAL_KS_WRAPPED_KEYSIZE.
---
hal_internal.h | 23 +++++------------------
ks.h | 4 ++++
2 files changed, 9 insertions(+), 18 deletions(-)
diff --git a/hal_internal.h b/hal_internal.h
index ac51cfb..a97a8f2 100644
--- a/hal_internal.h
+++ b/hal_internal.h
@@ -406,30 +406,17 @@ static inline hal_crc32_t hal_crc32_finalize(hal_crc32_t crc)
* EC P-384: 185 bytes
* EC P-521: 240 bytes
*
+ * Plus extra space for pre-computed speed-up factors specific to our
+ * Verilog implementation, which we store as fixed-length byte strings.
+ *
* Plus we need a bit of AES-keywrap overhead, since we're storing the
* wrapped form (see hal_aes_keywrap_cyphertext_length()).
*
- * A buffer big enough for a 8192-bit RSA key would overflow one
- * sub-sector on the flash chip we're using on the Alpha. We could
- * invent some more complex scheme where key blocks are allowed to
- * span multiple sub-sectors, but since an 8192-bit RSA key would also
- * be unusably slow with the current RSA implementation, for the
- * moment we take the easy way out and cap this at 4096-bit RSA.
+ * Length check warning moved to ks.h since size of keystore blocks is
+ * internal to the keystore implementation.
*/
-#if 0
-#define HAL_KS_WRAPPED_KEYSIZE ((2373 + 15) & ~7)
-#else
-#warning Temporary test hack to HAL_KS_WRAPPED_KEYSIZE, clean this up
-//
-// See how much of the problem we're having with pkey support for the
-// new modexpa7 components is just this buffer size being too small.
-//
#define HAL_KS_WRAPPED_KEYSIZE ((2373 + 6 * 4096 / 8 + 6 * 4 + 15) & ~7)
-#if HAL_KS_WRAPPED_KEYSIZE + 8 > 4096
-#warning HAL_KS_WRAPPED_KEYSIZE is too big for a single 4096-octet block
-#endif
-#endif
/*
* PINs.
diff --git a/ks.h b/ks.h
index ae1ba1c..559e46f 100644
--- a/ks.h
+++ b/ks.h
@@ -49,6 +49,10 @@
#define HAL_KS_BLOCK_SIZE (4096 * 2)
#endif
+#if HAL_KS_WRAPPED_KEYSIZE + 8 > HAL_KS_BLOCK_SIZE
+#warning HAL_KS_WRAPPED_KEYSIZE is too big for to fit in a keystore block
+#endif
+
/*
* PIN block gets the all-zeros UUID, which will never be returned by
* the UUID generation code (by definition -- it's not a version 4 UUID).
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Commits
mailing list