From 7aca7b323ae1e0ec1a5ba30380a410090b31594f Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Wed, 30 Mar 2022 23:21:23 +0200
Subject: [PATCH] Fix loading kcv, kenc and kmac.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/hsm/dkek.c | 32 ++++++++++++++++++++++++--------
 src/hsm/dkek.h |  3 ++-
 2 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/src/hsm/dkek.c b/src/hsm/dkek.c
index 4247cc9..f54693a 100644
--- a/src/hsm/dkek.c
+++ b/src/hsm/dkek.c
@@ -80,24 +80,40 @@ void import_dkek_share(const uint8_t *share) {
         tmp_dkek[i] ^= share[i];
 }
 
-void dkek_kcv(uint8_t *kcv) { //kcv 8 bytes
+int dkek_kcv(uint8_t *kcv) { //kcv 8 bytes
     uint8_t hsh[32];
-    hash256(dkek, sizeof(dkek), hsh);
+    int r = load_dkek();
+    if (r != HSM_OK)
+        return r;
+    hash256(dkek+IV_SIZE, 32, hsh);
+    release_dkek();
     memcpy(kcv, hsh, 8);
 }
 
-void dkek_kenc(uint8_t *kenc) { //kenc 32 bytes
+int dkek_kenc(uint8_t *kenc) { //kenc 32 bytes
     uint8_t buf[32+4];
-    memcpy(buf, dkek, sizeof(dkek));
+    int r = load_dkek();
+    if (r != HSM_OK)
+        return r;
+    memcpy(buf, dkek+IV_SIZE, 32);
+    release_dkek();
     memcpy(buf, "\x0\x0\x0\x1", 4);
-    hash256(dkek, sizeof(dkek), kenc);
+    hash256(buf, sizeof(buf), kenc);
+    memset(buf, 0, sizeof(buf));
+    return HSM_OK;
 }
 
-void dkek_kmac(uint8_t *kmac) { //kmac 32 bytes
+int dkek_kmac(uint8_t *kmac) { //kmac 32 bytes
     uint8_t buf[32+4];
-    memcpy(buf, dkek, sizeof(dkek));
+    int r = load_dkek();
+    if (r != HSM_OK)
+        return r;
+    memcpy(buf, dkek+IV_SIZE, 32);
+    release_dkek();
     memcpy(buf, "\x0\x0\x0\x2", 4);
-    hash256(dkek, sizeof(dkek), kmac);
+    hash256(buf, sizeof(buf), kmac);
+    memset(buf, 0, sizeof(buf));
+    return HSM_OK;
 }
 
 int dkek_encrypt(uint8_t *data, size_t len) {
diff --git a/src/hsm/dkek.h b/src/hsm/dkek.h
index 8c17a7c..0fe7501 100644
--- a/src/hsm/dkek.h
+++ b/src/hsm/dkek.h
@@ -21,9 +21,10 @@
 extern int load_dkek();
 extern int save_dkek_key(const uint8_t *key);
 extern int store_dkek_key();
+extern void init_dkek();
 extern void release_dkek();
 extern void import_dkek_share(const uint8_t *share);
-extern void dkek_kcv(uint8_t *kcv);
+extern int dkek_kcv(uint8_t *kcv);
 extern int dkek_encrypt(uint8_t *data, size_t len);
 extern int dkek_decrypt(uint8_t *data, size_t len);
 extern int dkek_encode_key(void *key_ctx, int key_type, uint8_t *out, size_t *out_len);