Initial implementations of ks_get_kek(). Untested, and none of these

are secure (the one in ks_flash.c is a stub, and the others are for
cases where we have no secure hardware in which to store the KEK).

These are primarily for testing, since in the long run the entire
software implementation of AES-keywrap will be replaced by Verilog
which never lets software see the unwrapped key.  Or so says current
theory.  For the moment, we just need something that will let us test
the rest of the RPC and keystore mechanisms.

1 files changed, 0 insertions, 8 deletions

diff --git a/ks.c b/ks.c
index 24cafca..a856bbf 100644
--- a/ks.c
+++ b/ks.c
@@ -294,14 +294,6 @@ hal_error_t hal_ks_get_pin(const hal_user_t user,
   return HAL_OK;
 }
 
-hal_error_t hal_ks_get_kek(uint8_t *kek,
-                           size_t *kek_len,
-                           const size_t kek_max)
-{
-# warning Stub out hal_ks_get_kek() for now
-    return HAL_ERROR_IMPOSSIBLE;
-}
-
 /*
  * Local variables:
  * indent-tabs-mode: nil