Start cleaning up PIN code.

author: Rob Austein <sra@hactrn.net> 2016-05-25 21:40:18 -0400
committer: Rob Austein <sra@hactrn.net> 2016-05-25 21:40:18 -0400
commit: 083d01731ffebb348c749ad6ccdb0256571835c7 (patch)
tree: f883802139fa0938cfcb6784201dad80fd9e64fa /ks.c
parent: ce4d1c7a8103be09bcee64b055408a901d068c34 (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/ks.c b/ks.c
index 80cbda4..b6cb32f 100644
--- a/ks.c
+++ b/ks.c
@@ -38,6 +38,7 @@
 
 #include "hal.h"
 #include "hal_internal.h"
+#include "last_gasp_pin_internal.h"
 
 #define KEK_LENGTH (bitsToBytes(256))
 
@@ -327,6 +328,28 @@ hal_error_t hal_ks_get_pin(const hal_user_t user,
   default:		return HAL_ERROR_BAD_ARGUMENTS;
   }
 
+  /*
+   * If we were looking for the WHEEL PIN and it appears to be
+   * completely unset, return the compiled-in last-gasp PIN.  This is
+   * not a great answer, but we need some kind of bootstrapping
+   * mechanism.  Feel free to suggest something better.
+   *
+   * We probably need some more general "have we been initialized?"
+   * state somewhere, and might want to refuse to do things like
+   * storing keys until we've been initialized and the appropriate
+   * PINs have been set.
+   */
+
+  if (user == HAL_USER_WHEEL && (*pin)->iterations == 0) {
+    uint8_t u = 0;
+    for (int i = 0; i < sizeof((*pin)->pin); i++)
+      u |= (*pin)->pin[i];
+    for (int i = 0; i < sizeof((*pin)->salt); i++)
+      u |= (*pin)->salt[i];
+    if (u == 0)
+      *pin = &hal_last_gasp_pin;
+  }
+
   return HAL_OK;
 }
author	Rob Austein <sra@hactrn.net>	2016-05-25 21:40:18 -0400
committer	Rob Austein <sra@hactrn.net>	2016-05-25 21:40:18 -0400
commit	083d01731ffebb348c749ad6ccdb0256571835c7 (patch)
tree	f883802139fa0938cfcb6784201dad80fd9e64fa /ks.c
parent	ce4d1c7a8103be09bcee64b055408a901d068c34 (diff)