[Cryptech-Commits] [sw/stm32] branch master updated: When erasing the whole keystore, optionally preserve the login PINs.

git at cryptech.is git at cryptech.is
Wed Sep 5 16:57:23 UTC 2018

Previous message (by thread): [Cryptech-Commits] [sw/stm32] branch master updated: Make parsing and display of masterkey values consistent with one another, so the user might be able to copy and paste a generated key into the CLI for recovery.
Next message (by thread): [Cryptech-Commits] [core/pkey/ecdsa256] branch master updated (bbca088 -> ea4d251)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is an automated email from the git hooks/post-receive script.

paul at psgd.org pushed a commit to branch master
in repository sw/stm32.

The following commit(s) were added to refs/heads/master by this push:
     new 871014a  When erasing the whole keystore, optionally preserve the login PINs.
871014a is described below

commit 871014acb42815d4215cb23b8e8dd59ca0262b4b
Author: Paul Selkirk <paul at psgd.org>
AuthorDate: Wed Sep 5 12:54:59 2018 -0400

    When erasing the whole keystore, optionally preserve the login PINs.
---
 projects/hsm/mgmt-keystore.c | 35 +++++++++++++++++++++++++++++++++--
 1 file changed, 33 insertions(+), 2 deletions(-)

diff --git a/projects/hsm/mgmt-keystore.c b/projects/hsm/mgmt-keystore.c
index a7fdffe..9eb42da 100644
--- a/projects/hsm/mgmt-keystore.c
+++ b/projects/hsm/mgmt-keystore.c
@@ -50,6 +50,7 @@
 
 #include <stdlib.h>
 #include <string.h>
+#include <strings.h>
 #include <ctype.h>
 
 
@@ -320,13 +321,34 @@ static int cmd_keystore_erase(struct cli_def *cli, const char *command, char *ar
 {
     hal_error_t err;
     HAL_StatusTypeDef status;
+    int preserve_PINs = 0;
 
     command = command;
 
-    if (argc != 1 || strcmp(argv[0], "YesIAmSure") != 0) {
-	cli_print(cli, "Syntax: keystore erase YesIAmSure");
+    if (argc < 1 || argc > 2 || strcmp(argv[0], "YesIAmSure") != 0) {
+    usage:
+	cli_print(cli, "Syntax: keystore erase YesIAmSure [preservePINs]");
 	return CLI_ERROR;
     }
+    if (argc == 2) {
+        if (strcasecmp(argv[1], "preservePINs") != 0)
+            goto usage;
+        else
+            preserve_PINs = 1;
+    }
+
+    hal_user_t users[3] = { HAL_USER_NORMAL, HAL_USER_SO, HAL_USER_WHEEL };
+    hal_ks_pin_t pins[3];
+    if (preserve_PINs) {
+        for (size_t i = 0; i < 3; ++i) {
+            const hal_ks_pin_t *pin;
+            if (hal_get_pin(users[i], &pin) != HAL_OK) {
+                cli_print(cli, "Failed to get the PINs");
+                return CLI_ERROR;
+            }
+            memcpy(&pins[i], pin, sizeof(*pin));
+        }
+    }
 
     cli_print(cli, "OK, erasing keystore, this will take about 45 seconds...");
     if ((status = keystore_erase_bulk()) != CMSIS_HAL_OK) {
@@ -344,6 +366,15 @@ static int cmd_keystore_erase(struct cli_def *cli, const char *command, char *ar
 	return CLI_ERROR;
     }
 
+    if (preserve_PINs) {
+        for (size_t i = 0; i < 3; ++i) {
+            if (hal_set_pin(users[i], &pins[i]) != HAL_OK) {
+                cli_print(cli, "Failed to restore the PINs");
+                return CLI_ERROR;
+            }
+        }
+    }
+
     cli_print(cli, "Keystore erased");
     return CLI_OK;
 }

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

Previous message (by thread): [Cryptech-Commits] [sw/stm32] branch master updated: Make parsing and display of masterkey values consistent with one another, so the user might be able to copy and paste a generated key into the CLI for recovery.
Next message (by thread): [Cryptech-Commits] [core/pkey/ecdsa256] branch master updated (bbca088 -> ea4d251)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list