Return an intelligent error from hal_ks_get_kek.

author: Paul Selkirk <paul@psgd.org> 2016-07-06 14:29:26 -0400
committer: Paul Selkirk <paul@psgd.org> 2016-07-06 14:29:26 -0400
commit: ddb9f749f109f7e9488b3d16733e0bdd53cac47e (patch)
tree: 63de9eaa436275bf9d88ff3a9524925e56a1f552 /ks_flash.c
parent: 6a9c597bc9e6b9183355de8f99ce45611ea97a95 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/ks_flash.c b/ks_flash.c
index 159df5b..9ba342a 100644
--- a/ks_flash.c
+++ b/ks_flash.c
@@ -324,7 +324,8 @@ hal_error_t hal_ks_get_kek(uint8_t *kek,
                       (kek_max < bitsToBytes(256)) ? bitsToBytes(192) :
                       bitsToBytes(256));
 
-  if (masterkey_volatile_read(kek, len) == LIBHAL_OK) {
+  hal_error_t err = masterkey_volatile_read(kek, len);
+  if (err == LIBHAL_OK) {
       *kek_len = len;
       return LIBHAL_OK;
   }
@@ -333,7 +334,12 @@ hal_error_t hal_ks_get_kek(uint8_t *kek,
       return LIBHAL_OK;
   }
 
-  return HAL_ERROR_KEYSTORE_ACCESS;
+  /* Both keystores returned an error, probably HAL_ERROR_MASTERKEY_NOT_SET.
+   * I could try to be clever and compare the errors, but really the volatile
+   * keystore is the important one (you shouldn't store the master key in
+   * flash), so return that error.
+   */
+  return err;
 }
author	Paul Selkirk <paul@psgd.org>	2016-07-06 14:29:26 -0400
committer	Paul Selkirk <paul@psgd.org>	2016-07-06 14:29:26 -0400
commit	ddb9f749f109f7e9488b3d16733e0bdd53cac47e (patch)
tree	63de9eaa436275bf9d88ff3a9524925e56a1f552 /ks_flash.c
parent	6a9c597bc9e6b9183355de8f99ce45611ea97a95 (diff)