dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Fix loading kcv, kenc and kmac.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-03-30 23:21:23 +02:00
parent 4651a0e224
commit 7aca7b323a
2 changed files with 26 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/hsm/dkek.c
View File

@@ -80,24 +80,40 @@ void import_dkek_share(const uint8_t *share) {
tmp_dkek[i] ^= share[i];
}
void dkek_kcv(uint8_t *kcv) { //kcv 8 bytes
int dkek_kcv(uint8_t *kcv) { //kcv 8 bytes
uint8_t hsh[32];
hash256(dkek, sizeof(dkek), hsh);
int r = load_dkek();
if (r != HSM_OK)
return r;
hash256(dkek+IV_SIZE, 32, hsh);
release_dkek();
memcpy(kcv, hsh, 8);
}
void dkek_kenc(uint8_t *kenc) { //kenc 32 bytes
int dkek_kenc(uint8_t *kenc) { //kenc 32 bytes
uint8_t buf[32+4];
memcpy(buf, dkek, sizeof(dkek));
int r = load_dkek();
if (r != HSM_OK)
return r;
memcpy(buf, dkek+IV_SIZE, 32);
release_dkek();
memcpy(buf, "\x0\x0\x0\x1", 4);
hash256(dkek, sizeof(dkek), kenc);
hash256(buf, sizeof(buf), kenc);
memset(buf, 0, sizeof(buf));
return HSM_OK;
}
void dkek_kmac(uint8_t *kmac) { //kmac 32 bytes
int dkek_kmac(uint8_t *kmac) { //kmac 32 bytes
uint8_t buf[32+4];
memcpy(buf, dkek, sizeof(dkek));
int r = load_dkek();
if (r != HSM_OK)
return r;
memcpy(buf, dkek+IV_SIZE, 32);
release_dkek();
memcpy(buf, "\x0\x0\x0\x2", 4);
hash256(dkek, sizeof(dkek), kmac);
hash256(buf, sizeof(buf), kmac);
memset(buf, 0, sizeof(buf));
return HSM_OK;
}
int dkek_encrypt(uint8_t *data, size_t len) {

3
src/hsm/dkek.h
View File

@@ -21,9 +21,10 @@
extern int load_dkek();
extern int save_dkek_key(const uint8_t *key);
extern int store_dkek_key();
extern void init_dkek();
extern void release_dkek();
extern void import_dkek_share(const uint8_t *share);
extern void dkek_kcv(uint8_t *kcv);
extern int dkek_kcv(uint8_t *kcv);
extern int dkek_encrypt(uint8_t *data, size_t len);
extern int dkek_decrypt(uint8_t *data, size_t len);
extern int dkek_encode_key(void *key_ctx, int key_type, uint8_t *out, size_t *out_len);