Clear dek on error.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2026-04-09 17:25:51 +02:00 · 2026-01-22 12:14:12 +01:00
parent 2ce4f22622
commit 551334a447
1 changed files with 5 additions and 4 deletions
--- a/src/openpgp/openpgp.c
+++ b/src/openpgp/openpgp.c
@@ -219,6 +219,10 @@ void scan_files_openpgp() {
    low_flash_available();
 }

+void release_dek() {
+    memset(dek, 0, sizeof(dek));
+}
+
 extern bool has_pwpiv;
 extern uint8_t session_pwpiv[32];
 int load_dek() {
@@ -245,6 +249,7 @@ int load_dek() {
        r = aes_decrypt_cfb_256(session_pwpiv, dek, dek + IV_SIZE, 32);
    }
    if (r != 0) {
+        release_dek();
        return PICOKEY_EXEC_ERROR;
    }
    if (otp_key_1) {
@@ -255,10 +260,6 @@ int load_dek() {
    return PICOKEY_OK;
 }

-void release_dek() {
-    memset(dek, 0, sizeof(dek));
-}
-
 int dek_encrypt(uint8_t *data, size_t len) {
    int r;
    if ((r = load_dek()) != PICOKEY_OK) {