aboutsummaryrefslogtreecommitdiff
path: root/projects/hsm
diff options
context:
space:
mode:
authorPaul Selkirk <paul@psgd.org>2020-04-29 11:44:17 -0400
committerPaul Selkirk <paul@psgd.org>2020-04-29 11:44:17 -0400
commit042f99af11085a1979ca5b2670b11672ad934654 (patch)
treede540e20fc80cc66ff6a7a66cac16c952007db44 /projects/hsm
parentf09f1b8f4494e90ee672e92f3357229bdfb7d0ae (diff)
The new keywrap core now talks directly to the MKM, so there are some API changes.
Diffstat (limited to 'projects/hsm')
-rw-r--r--projects/hsm/mgmt-masterkey.c11
-rw-r--r--projects/hsm/mgmt-misc.c32
2 files changed, 8 insertions, 35 deletions
diff --git a/projects/hsm/mgmt-masterkey.c b/projects/hsm/mgmt-masterkey.c
index e63e0e0..97e62a0 100644
--- a/projects/hsm/mgmt-masterkey.c
+++ b/projects/hsm/mgmt-masterkey.c
@@ -70,7 +70,7 @@ static int cmd_masterkey_status(struct cli_def *cli, const char *command, char *
cli_print(cli, "Status of master key:\n");
- status = hal_mkm_volatile_read(NULL, 0);
+ status = hal_keywrap_mkm_status(NULL);
cli_print(cli, " volatile: %s / %s", _status2str(status), hal_error_string(status));
status = hal_mkm_flash_read(NULL, 0);
@@ -170,11 +170,16 @@ static int _masterkey_set(struct cli_def *cli, char *argv[], int argc,
return CLI_OK;
}
+static hal_error_t _mkm_volatile_write(const uint8_t *kek, const size_t kek_len)
+{
+ return hal_keywrap_mkm_write(NULL, kek, kek_len);
+}
+
static int cmd_masterkey_set(struct cli_def *cli, const char *command, char *argv[], int argc)
{
command = command;
- return _masterkey_set(cli, argv, argc, "volatile", hal_mkm_volatile_write);
+ return _masterkey_set(cli, argv, argc, "volatile", _mkm_volatile_write);
}
static int cmd_masterkey_erase(struct cli_def *cli, const char *command, char *argv[], int argc)
@@ -185,7 +190,7 @@ static int cmd_masterkey_erase(struct cli_def *cli, const char *command, char *a
argv = argv;
argc = argc;
- if ((err = hal_mkm_volatile_erase(KEK_LENGTH)) == LIBHAL_OK) {
+ if ((err = hal_keywrap_mkm_erase(NULL, KEK_LENGTH)) == LIBHAL_OK) {
cli_print(cli, "Erased master key from volatile memory");
} else {
cli_print(cli, "Failed erasing master key from volatile memory: %s", hal_error_string(err));
diff --git a/projects/hsm/mgmt-misc.c b/projects/hsm/mgmt-misc.c
index e732484..377af73 100644
--- a/projects/hsm/mgmt-misc.c
+++ b/projects/hsm/mgmt-misc.c
@@ -230,40 +230,8 @@ static int cmd_rsa_modexpng(struct cli_def *cli, const char *command, char *argv
return CLI_ERROR;
}
-static int cmd_keywrap_core(struct cli_def *cli, const char *command, char *argv[], int argc)
-{
- int onoff;
-
- if (argc != 1) {
- cli_print(cli, "Wrong number of arguments (%i).", argc);
- cli_print(cli, "Syntax: %s <on|off>", command);
- return CLI_ERROR;
- }
-
- if (strcmp(argv[0], "on") == 0)
- onoff = 1;
- else if (strcmp(argv[0], "off") == 0)
- onoff = 0;
- else {
- cli_print(cli, "Argument must be 'on' or 'off' - not '%s'", argv[0]);
- return CLI_ERROR;
- }
-
- hal_error_t err;
- if ((err = hal_aes_use_keywrap_core(onoff)) == LIBHAL_OK)
- return CLI_OK;
-
- cli_print(cli, hal_error_string(err));
- return CLI_ERROR;
-}
-
void configure_cli_misc(struct cli_def *cli)
{
- struct cli_command *c_keywrap = cli_register_command(cli, NULL, "keywrap", NULL, 0, 0, NULL);
-
- /* keywrap core */
- cli_register_command(cli, c_keywrap, "core", cmd_keywrap_core, 0, 0, "Set use of the keywrap core");
-
#ifdef DO_PROFILING
struct cli_command *c_profile = cli_register_command(cli, NULL, "profile", NULL, 0, 0, NULL);