aboutsummaryrefslogtreecommitdiff
path: root/projects/hsm
diff options
context:
space:
mode:
authorPaul Selkirk <paul@psgd.org>2017-02-21 11:16:37 -0500
committerPaul Selkirk <paul@psgd.org>2017-02-21 11:16:37 -0500
commit56fcfdf3bec384a74eb9deb070f342142bbacff3 (patch)
treeacb4f5c4a91c565ef50ed11a4972dbb90c51475c /projects/hsm
parent9335ada0d5d8a2754457fc705bb04a1e8cb6e470 (diff)
Use libcli return codes where appropriate; show whether PINs are set.
Diffstat (limited to 'projects/hsm')
-rw-r--r--projects/hsm/mgmt-keystore.c45
1 files changed, 34 insertions, 11 deletions
diff --git a/projects/hsm/mgmt-keystore.c b/projects/hsm/mgmt-keystore.c
index 81965c0..4855998 100644
--- a/projects/hsm/mgmt-keystore.c
+++ b/projects/hsm/mgmt-keystore.c
@@ -3,7 +3,7 @@
* ---------------
* CLI 'keystore' commands.
*
- * Copyright (c) 2016, NORDUnet A/S All rights reserved.
+ * Copyright (c) 2016-2017, NORDUnet A/S All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
@@ -128,7 +128,7 @@ static int cmd_keystore_set_pin_iterations(struct cli_def *cli, const char *comm
return CLI_ERROR;
}
- status = hal_set_pin_default_iterations(client, strtol(argv[0], NULL, 0));
+ status = hal_set_pin_default_iterations(client, strtoul(argv[0], NULL, 0));
if (status != LIBHAL_OK) {
cli_print(cli, "Failed setting iterations: %s", hal_error_string(status));
return CLI_ERROR;
@@ -195,7 +195,7 @@ static int show_keys(struct cli_def *cli, const char *title, const hal_key_flags
qflags, NULL, 0, uuids, &n, sizeof(uuids)/sizeof(*uuids),
&previous_uuid)) != LIBHAL_OK) {
cli_print(cli, "Could not fetch UUID list: %s", hal_error_string(status));
- return 0;
+ return CLI_ERROR;
}
done = n < sizeof(uuids)/sizeof(*uuids);
@@ -208,13 +208,13 @@ static int show_keys(struct cli_def *cli, const char *title, const hal_key_flags
if ((status = hal_uuid_format(&uuids[i], key_name, sizeof(key_name))) != LIBHAL_OK) {
cli_print(cli, "Could not convert key name: %s",
hal_error_string(status));
- return 0;
+ return CLI_ERROR;
}
if ((status = hal_rpc_pkey_open(client, session, &pkey, &uuids[i], qflags)) != LIBHAL_OK) {
cli_print(cli, "Could not open key %s: %s",
key_name, hal_error_string(status));
- return 0;
+ return CLI_ERROR;
}
if ((status = hal_rpc_pkey_get_key_type(pkey, &type)) != LIBHAL_OK ||
@@ -229,7 +229,7 @@ static int show_keys(struct cli_def *cli, const char *title, const hal_key_flags
(void) hal_rpc_pkey_close(pkey);
if (status != LIBHAL_OK)
- return 0;
+ return CLI_ERROR;
const char *type_name = "unknown";
switch (type) {
@@ -253,15 +253,38 @@ static int show_keys(struct cli_def *cli, const char *title, const hal_key_flags
}
}
- return 1;
+ return CLI_OK;
+}
+
+static int show_pin(struct cli_def *cli, char *label, hal_user_t user)
+{
+ const hal_ks_pin_t *p;
+
+ if (hal_get_pin(user, &p) != HAL_OK)
+ return CLI_ERROR;
+
+ /*
+ * I'm not sure iterations is the most interesting thing to show, but
+ * it's what we had before.
+ */
+
+ cli_print(cli, "%s iterations: 0x%lx", label, p->iterations);
+ return CLI_OK;
}
static int cmd_keystore_show_keys(struct cli_def *cli, const char *command, char *argv[], int argc)
{
- int ok = 1;
- ok &= show_keys(cli, "Memory keystore:", 0);
- ok &= show_keys(cli, "Token keystore:", HAL_KEY_FLAG_TOKEN);
- return ok ? CLI_OK : CLI_ERROR;
+ int err = 0;
+
+ err |= show_keys(cli, "Memory keystore:", 0);
+ err |= show_keys(cli, "Token keystore:", HAL_KEY_FLAG_TOKEN);
+
+ cli_print(cli, "\nPins:");
+ err |= show_pin(cli, "Wheel", HAL_USER_WHEEL);
+ err |= show_pin(cli, "SO ", HAL_USER_SO);
+ err |= show_pin(cli, "User ", HAL_USER_NORMAL);
+
+ return err ? CLI_ERROR : CLI_OK;
}
static int cmd_keystore_erase(struct cli_def *cli, const char *command, char *argv[], int argc)