diff options
Diffstat (limited to 'projects/hsm/mgmt-keystore.c')
-rw-r--r-- | projects/hsm/mgmt-keystore.c | 51 |
1 files changed, 49 insertions, 2 deletions
diff --git a/projects/hsm/mgmt-keystore.c b/projects/hsm/mgmt-keystore.c index b79a5fe..9eb42da 100644 --- a/projects/hsm/mgmt-keystore.c +++ b/projects/hsm/mgmt-keystore.c @@ -50,6 +50,7 @@ #include <stdlib.h> #include <string.h> +#include <strings.h> #include <ctype.h> @@ -180,6 +181,8 @@ static int cmd_keystore_delete_key(struct cli_def *cli, const char *command, cha return CLI_OK; } +#include "ks.h" + static int show_keys(struct cli_def *cli, const char *title) { const hal_client_handle_t client = { -1 }; @@ -198,6 +201,16 @@ static int show_keys(struct cli_def *cli, const char *title) cli_print(cli, title); + size_t avail; + if ((status = hal_ks_available(hal_ks_token, &avail)) == HAL_OK) + cli_print(cli, "Token keystore: %d available", avail); + else + cli_print(cli, "Error reading token keystore: %s", hal_error_string(status)); + if ((status = hal_ks_available(hal_ks_volatile, &avail)) == HAL_OK) + cli_print(cli, "Volatile keystore: %d available", avail); + else + cli_print(cli, "Error reading volatile keystore: %s", hal_error_string(status)); + while (!done) { if ((status = hal_rpc_pkey_match(client, session, HAL_KEY_TYPE_NONE, HAL_CURVE_NONE, @@ -248,6 +261,10 @@ static int show_keys(struct cli_def *cli, const char *title) case HAL_KEY_TYPE_RSA_PUBLIC: type_name = "RSA public"; break; case HAL_KEY_TYPE_EC_PRIVATE: type_name = "EC private"; break; case HAL_KEY_TYPE_EC_PUBLIC: type_name = "EC public"; break; + case HAL_KEY_TYPE_HASHSIG_PRIVATE: type_name = "hashsig private"; break; + case HAL_KEY_TYPE_HASHSIG_PUBLIC: type_name = "hashsig public"; break; + case HAL_KEY_TYPE_HASHSIG_LMS: type_name = "hashsig lms"; break; + case HAL_KEY_TYPE_HASHSIG_LMOTS: type_name = "hashsig lmots"; break; } const char *curve_name = "unknown"; @@ -304,13 +321,34 @@ static int cmd_keystore_erase(struct cli_def *cli, const char *command, char *ar { hal_error_t err; HAL_StatusTypeDef status; + int preserve_PINs = 0; command = command; - if (argc != 1 || strcmp(argv[0], "YesIAmSure") != 0) { - cli_print(cli, "Syntax: keystore erase YesIAmSure"); + if (argc < 1 || argc > 2 || strcmp(argv[0], "YesIAmSure") != 0) { + usage: + cli_print(cli, "Syntax: keystore erase YesIAmSure [preservePINs]"); return CLI_ERROR; } + if (argc == 2) { + if (strcasecmp(argv[1], "preservePINs") != 0) + goto usage; + else + preserve_PINs = 1; + } + + hal_user_t users[3] = { HAL_USER_NORMAL, HAL_USER_SO, HAL_USER_WHEEL }; + hal_ks_pin_t pins[3]; + if (preserve_PINs) { + for (size_t i = 0; i < 3; ++i) { + const hal_ks_pin_t *pin; + if (hal_get_pin(users[i], &pin) != HAL_OK) { + cli_print(cli, "Failed to get the PINs"); + return CLI_ERROR; + } + memcpy(&pins[i], pin, sizeof(*pin)); + } + } cli_print(cli, "OK, erasing keystore, this will take about 45 seconds..."); if ((status = keystore_erase_bulk()) != CMSIS_HAL_OK) { @@ -328,6 +366,15 @@ static int cmd_keystore_erase(struct cli_def *cli, const char *command, char *ar return CLI_ERROR; } + if (preserve_PINs) { + for (size_t i = 0; i < 3; ++i) { + if (hal_set_pin(users[i], &pins[i]) != HAL_OK) { + cli_print(cli, "Failed to restore the PINs"); + return CLI_ERROR; + } + } + } + cli_print(cli, "Keystore erased"); return CLI_OK; } |