From ddb9f749f109f7e9488b3d16733e0bdd53cac47e Mon Sep 17 00:00:00 2001
From: Paul Selkirk <paul@psgd.org>
Date: Wed, 6 Jul 2016 14:29:26 -0400
Subject: Return an intelligent error from hal_ks_get_kek.

---
 ks_flash.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'ks_flash.c')

diff --git a/ks_flash.c b/ks_flash.c
index 159df5b..9ba342a 100644
--- a/ks_flash.c
+++ b/ks_flash.c
@@ -324,7 +324,8 @@ hal_error_t hal_ks_get_kek(uint8_t *kek,
                       (kek_max < bitsToBytes(256)) ? bitsToBytes(192) :
                       bitsToBytes(256));
 
-  if (masterkey_volatile_read(kek, len) == LIBHAL_OK) {
+  hal_error_t err = masterkey_volatile_read(kek, len);
+  if (err == LIBHAL_OK) {
       *kek_len = len;
       return LIBHAL_OK;
   }
@@ -333,7 +334,12 @@ hal_error_t hal_ks_get_kek(uint8_t *kek,
       return LIBHAL_OK;
   }
 
-  return HAL_ERROR_KEYSTORE_ACCESS;
+  /* Both keystores returned an error, probably HAL_ERROR_MASTERKEY_NOT_SET.
+   * I could try to be clever and compare the errors, but really the volatile
+   * keystore is the important one (you shouldn't store the master key in
+   * flash), so return that error.
+   */
+  return err;
 }
 
 
-- 
cgit v1.2.3