Fix loading kcv, kenc and kmac.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

src/hsm/dkek.c

@@ -80,24 +80,40 @@ void import_dkek_share(const uint8_t *share) {
         tmp_dkek[i] ^= share[i];
 }
 
-void dkek_kcv(uint8_t *kcv) { //kcv 8 bytes
+int dkek_kcv(uint8_t *kcv) { //kcv 8 bytes
     uint8_t hsh[32];
-    hash256(dkek, sizeof(dkek), hsh);
+    int r = load_dkek();
+    if (r != HSM_OK)
+        return r;
+    hash256(dkek+IV_SIZE, 32, hsh);
+    release_dkek();
     memcpy(kcv, hsh, 8);
 }
 
-void dkek_kenc(uint8_t *kenc) { //kenc 32 bytes
+int dkek_kenc(uint8_t *kenc) { //kenc 32 bytes
     uint8_t buf[32+4];
-    memcpy(buf, dkek, sizeof(dkek));
+    int r = load_dkek();
+    if (r != HSM_OK)
+        return r;
+    memcpy(buf, dkek+IV_SIZE, 32);
+    release_dkek();
     memcpy(buf, "\x0\x0\x0\x1", 4);
-    hash256(dkek, sizeof(dkek), kenc);
+    hash256(buf, sizeof(buf), kenc);
+    memset(buf, 0, sizeof(buf));
+    return HSM_OK;
 }
 
-void dkek_kmac(uint8_t *kmac) { //kmac 32 bytes
+int dkek_kmac(uint8_t *kmac) { //kmac 32 bytes
     uint8_t buf[32+4];
-    memcpy(buf, dkek, sizeof(dkek));
+    int r = load_dkek();
+    if (r != HSM_OK)
+        return r;
+    memcpy(buf, dkek+IV_SIZE, 32);
+    release_dkek();
     memcpy(buf, "\x0\x0\x0\x2", 4);
-    hash256(dkek, sizeof(dkek), kmac);
+    hash256(buf, sizeof(buf), kmac);
+    memset(buf, 0, sizeof(buf));
+    return HSM_OK;
 }
 
 int dkek_encrypt(uint8_t *data, size_t len) {

src/hsm/dkek.h

@@ -21,9 +21,10 @@
 extern int load_dkek();
 extern int save_dkek_key(const uint8_t *key);
 extern int store_dkek_key();
+extern void init_dkek();
 extern void release_dkek();
 extern void import_dkek_share(const uint8_t *share);
-extern void dkek_kcv(uint8_t *kcv);
+extern int dkek_kcv(uint8_t *kcv);
 extern int dkek_encrypt(uint8_t *data, size_t len);
 extern int dkek_decrypt(uint8_t *data, size_t len);
 extern int dkek_encode_key(void *key_ctx, int key_type, uint8_t *out, size_t *out_len);