Secure Monitor: Difference between revisions

let's call 'em what they are pt 2
Line 60: Line 60:
| 0xC300060F || [[#PublicRsa]] || ||
| 0xC300060F || [[#PublicRsa]] || ||
|-
|-
| 0xC3000610 || [[#UnwrapPreparedAesKey]] || ||
| 0xC3000610 || [[#UnwrapRsaWrappedTitleKey]] || ||
|-
|-
| 0xC3000011 || [[#LoadPreparedAesKey]] || ||
| 0xC3000011 || [[#LoadTitleKey]] || ||
|-
|-
| 0xC3000012 || [2.0.0+] GeneratePreparedAesKek || ||
| 0xC3000012 || [2.0.0+] UnwrapAesWrappedTitleKey || ||
|}
|}


Line 78: Line 78:


Note:
Note:
The [[#CryptoUsecase|CryptoUsecase_PreparedAesKey]] represents a RSA wrapped AES key.
The [[#CryptoUsecase|CryptoUsecase_TitleKey]] represents a RSA wrapped AES key.


=== GenerateAesKek ===
=== GenerateAesKek ===
Line 101: Line 101:
Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, and a wrapped RSA private key.
Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, and a wrapped RSA private key.


The session kek must have been created with CryptoUsecase_PreparedAesKey.
The session kek must have been created with CryptoUsecase_TitleKey.


=== DecryptRsaPrivateKey ===
=== DecryptRsaPrivateKey ===
Line 120: Line 120:
Key must be set prior using the [[#LoadRsaPublicKey]] command.
Key must be set prior using the [[#LoadRsaPublicKey]] command.


=== UnwrapPreparedAesKey ===
=== UnwrapRsaWrappedTitleKey ===
Takes a session kek created with [[#GenerateAesKek]], and a wrapped RSA public key.
Takes a session kek created with [[#GenerateAesKek]], and a wrapped RSA public key.


Returns a session-unique AES key especially for use in [[#LoadPreparedAesKey]].
Returns a session-unique AES key especially for use in [[#LoadTitleKey]].


The session kek must have been created with CryptoUsecase_PreparedAesKey.
The session kek must have been created with CryptoUsecase_TitleKey.


=== LoadPreparedAesKey ===
=== LoadTitleKey ===
Takes a session-unique AES key from [[#UnwrapPreparedAesKey]].
Takes a session-unique AES key from [[#UnwrapTitleKey]].


=== enum CryptoUsecase ===
=== enum CryptoUsecase ===
Line 140: Line 140:
| 2 || CryptoUsecase_PublicRsa
| 2 || CryptoUsecase_PublicRsa
|-
|-
| 3 || CryptoUsecase_PreparedAesKey
| 3 || CryptoUsecase_TitleKey
|}
|}