[Cryptech-Commits] [sw/libhal] 02/05: Return an intelligent error from hal_ks_get_kek.

[git at cryptech.is]

This is an automated email from the git hooks/post-receive script.

paul at psgd.org pushed a commit to branch master
in repository sw/libhal.

commit ddb9f749f109f7e9488b3d16733e0bdd53cac47e
Author: Paul Selkirk <paul at psgd.org>
AuthorDate: Wed Jul 6 14:29:26 2016 -0400

    Return an intelligent error from hal_ks_get_kek.
---
 ks_flash.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/ks_flash.c b/ks_flash.c
index 159df5b..9ba342a 100644
--- a/ks_flash.c
+++ b/ks_flash.c
@@ -324,7 +324,8 @@ hal_error_t hal_ks_get_kek(uint8_t *kek,
                       (kek_max < bitsToBytes(256)) ? bitsToBytes(192) :
                       bitsToBytes(256));
 
-  if (masterkey_volatile_read(kek, len) == LIBHAL_OK) {
+  hal_error_t err = masterkey_volatile_read(kek, len);
+  if (err == LIBHAL_OK) {
       *kek_len = len;
       return LIBHAL_OK;
   }
@@ -333,7 +334,12 @@ hal_error_t hal_ks_get_kek(uint8_t *kek,
       return LIBHAL_OK;
   }
 
-  return HAL_ERROR_KEYSTORE_ACCESS;
+  /* Both keystores returned an error, probably HAL_ERROR_MASTERKEY_NOT_SET.
+   * I could try to be clever and compare the errors, but really the volatile
+   * keystore is the important one (you shouldn't store the master key in
+   * flash), so return that error.
+   */
+  return err;
 }