diff options
author | Paul Selkirk <paul@psgd.org> | 2016-07-06 14:29:26 -0400 |
---|---|---|
committer | Paul Selkirk <paul@psgd.org> | 2016-07-06 14:29:26 -0400 |
commit | ddb9f749f109f7e9488b3d16733e0bdd53cac47e (patch) | |
tree | 63de9eaa436275bf9d88ff3a9524925e56a1f552 /ks_flash.c | |
parent | 6a9c597bc9e6b9183355de8f99ce45611ea97a95 (diff) |
Return an intelligent error from hal_ks_get_kek.
Diffstat (limited to 'ks_flash.c')
-rw-r--r-- | ks_flash.c | 10 |
1 files changed, 8 insertions, 2 deletions
@@ -324,7 +324,8 @@ hal_error_t hal_ks_get_kek(uint8_t *kek, (kek_max < bitsToBytes(256)) ? bitsToBytes(192) : bitsToBytes(256)); - if (masterkey_volatile_read(kek, len) == LIBHAL_OK) { + hal_error_t err = masterkey_volatile_read(kek, len); + if (err == LIBHAL_OK) { *kek_len = len; return LIBHAL_OK; } @@ -333,7 +334,12 @@ hal_error_t hal_ks_get_kek(uint8_t *kek, return LIBHAL_OK; } - return HAL_ERROR_KEYSTORE_ACCESS; + /* Both keystores returned an error, probably HAL_ERROR_MASTERKEY_NOT_SET. + * I could try to be clever and compare the errors, but really the volatile + * keystore is the important one (you shouldn't store the master key in + * flash), so return that error. + */ + return err; } |