[Cryptech-Commits] [sw/stm32] branch master updated: When erasing the whole keystore, optionally preserve the login PINs.
git at cryptech.is
git at cryptech.is
Wed Sep 5 16:57:23 UTC 2018
This is an automated email from the git hooks/post-receive script.
paul at psgd.org pushed a commit to branch master
in repository sw/stm32.
The following commit(s) were added to refs/heads/master by this push:
new 871014a When erasing the whole keystore, optionally preserve the login PINs.
871014a is described below
commit 871014acb42815d4215cb23b8e8dd59ca0262b4b
Author: Paul Selkirk <paul at psgd.org>
AuthorDate: Wed Sep 5 12:54:59 2018 -0400
When erasing the whole keystore, optionally preserve the login PINs.
---
projects/hsm/mgmt-keystore.c | 35 +++++++++++++++++++++++++++++++++--
1 file changed, 33 insertions(+), 2 deletions(-)
diff --git a/projects/hsm/mgmt-keystore.c b/projects/hsm/mgmt-keystore.c
index a7fdffe..9eb42da 100644
--- a/projects/hsm/mgmt-keystore.c
+++ b/projects/hsm/mgmt-keystore.c
@@ -50,6 +50,7 @@
#include <stdlib.h>
#include <string.h>
+#include <strings.h>
#include <ctype.h>
@@ -320,13 +321,34 @@ static int cmd_keystore_erase(struct cli_def *cli, const char *command, char *ar
{
hal_error_t err;
HAL_StatusTypeDef status;
+ int preserve_PINs = 0;
command = command;
- if (argc != 1 || strcmp(argv[0], "YesIAmSure") != 0) {
- cli_print(cli, "Syntax: keystore erase YesIAmSure");
+ if (argc < 1 || argc > 2 || strcmp(argv[0], "YesIAmSure") != 0) {
+ usage:
+ cli_print(cli, "Syntax: keystore erase YesIAmSure [preservePINs]");
return CLI_ERROR;
}
+ if (argc == 2) {
+ if (strcasecmp(argv[1], "preservePINs") != 0)
+ goto usage;
+ else
+ preserve_PINs = 1;
+ }
+
+ hal_user_t users[3] = { HAL_USER_NORMAL, HAL_USER_SO, HAL_USER_WHEEL };
+ hal_ks_pin_t pins[3];
+ if (preserve_PINs) {
+ for (size_t i = 0; i < 3; ++i) {
+ const hal_ks_pin_t *pin;
+ if (hal_get_pin(users[i], &pin) != HAL_OK) {
+ cli_print(cli, "Failed to get the PINs");
+ return CLI_ERROR;
+ }
+ memcpy(&pins[i], pin, sizeof(*pin));
+ }
+ }
cli_print(cli, "OK, erasing keystore, this will take about 45 seconds...");
if ((status = keystore_erase_bulk()) != CMSIS_HAL_OK) {
@@ -344,6 +366,15 @@ static int cmd_keystore_erase(struct cli_def *cli, const char *command, char *ar
return CLI_ERROR;
}
+ if (preserve_PINs) {
+ for (size_t i = 0; i < 3; ++i) {
+ if (hal_set_pin(users[i], &pins[i]) != HAL_OK) {
+ cli_print(cli, "Failed to restore the PINs");
+ return CLI_ERROR;
+ }
+ }
+ }
+
cli_print(cli, "Keystore erased");
return CLI_OK;
}
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Commits
mailing list