Changes

23 bytes added ,  18:04, 27 April 2019
no edit summary
Line 142: Line 142:     
== ImportLotusKey ==
 
== ImportLotusKey ==
Wrapper for [[SMC#LoadSecureExpModKey|LoadSecureExpModKey SMC]].
+
Wrapper for [[SMC#ImportLotusKey|ImportLotusKey SMC]].
    
Takes one type-9 (X descriptor) buffer ('''enc_privk_in_buf'''), a 16-byte KEK ('''key_x'''), a 16-byte key ('''key_y''') and a u32 ('''version''').
 
Takes one type-9 (X descriptor) buffer ('''enc_privk_in_buf'''), a 16-byte KEK ('''key_x'''), a 16-byte key ('''key_y''') and a u32 ('''version''').
Line 149: Line 149:  
Decrypts '''enc_privk_in_buf''' with a key generated from '''key_x''' and '''key_y''' and imports it for later usage.
 
Decrypts '''enc_privk_in_buf''' with a key generated from '''key_x''' and '''key_y''' and imports it for later usage.
   −
[5.0.0+] This now calls [[SMC#EncryptRsaKeyForImport|EncryptRsaKeyForImport SMC]] instead.
+
[5.0.0+] This now calls [[SMC#ReEncryptRsaPrivateKey|ReEncryptRsaPrivateKey SMC]] instead.
    
== DecryptLotusMessage ==
 
== DecryptLotusMessage ==
 
Takes 3 type-9 (X descriptor) buffers ('''data_in_buf''', '''mod_in_buf''' and '''label_hash_in_buf''').
 
Takes 3 type-9 (X descriptor) buffers ('''data_in_buf''', '''mod_in_buf''' and '''label_hash_in_buf''').
   −
Uses [[SMC#SecureExpMod|SecureExpMod SMC]] to decrypt '''data_in_buf''' using the private key imported with [[#LoadSecureExpModKey]] and the supplied '''mod_in_buf''' and '''label_hash_in_buf'''.
+
Uses [[SMC#SecureExpMod|SecureExpMod SMC]] to decrypt '''data_in_buf''' using the private key imported with [[#ImportLotusKey]] and the supplied '''mod_in_buf''' and '''label_hash_in_buf'''.
 
  −
Generates and returns a 16-byte sealed titlekey.
      
== IsDevelopment ==
 
== IsDevelopment ==
Line 182: Line 180:  
Used by [[SSL_services|SSL]]-sysmodule for TLS client-privk.
 
Used by [[SSL_services|SSL]]-sysmodule for TLS client-privk.
   −
[5.0.0+] This now calls [[SMC#DecryptOrImportRsaKey|DecryptOrImportRsaKey SMC]] instead.
+
[5.0.0+] This now calls [[SMC#DecryptOrImportRsaPrivateKey|DecryptOrImportRsaPrivateKey SMC]] instead.
    
== DecryptAesKey ==
 
== DecryptAesKey ==
Line 189: Line 187:  
Decrypts (AES-ECB) '''enc_key''' with a key generated from fixed '''key_x''' and '''key_y''' set with [[SMC#LoadAesKey|LoadAesKey SMC]] and returns a 16-byte decrypted key ('''dec_key''').
 
Decrypts (AES-ECB) '''enc_key''' with a key generated from fixed '''key_x''' and '''key_y''' set with [[SMC#LoadAesKey|LoadAesKey SMC]] and returns a 16-byte decrypted key ('''dec_key''').
   −
[2.0.0+] Introduced same engine allocation code as for [[#GenerateAesKey]].
+
[2.0.0+] Introduced same keyslot allocation code as for [[#GenerateAesKey]].
    
== CryptAesCtr ==
 
== CryptAesCtr ==
 
Takes a type-0x46 (B descriptor) buffer ('''data_out_buf'''), a u32 ('''keyslot'''), a type-0x45 (A descriptor) buffer ('''data_in_buf''') and a 16-byte CTR ('''aes_ctr''').
 
Takes a type-0x46 (B descriptor) buffer ('''data_out_buf'''), a u32 ('''keyslot'''), a type-0x45 (A descriptor) buffer ('''data_in_buf''') and a 16-byte CTR ('''aes_ctr''').
   −
Uses [[SMC#CryptAes|CryptAes SMC]] to decrypt '''data_in_buf''' into '''data_out_buf''', using the key set in the specified '''keyslot'''.
+
Uses [[SMC#ComputeAes|ComputeAes SMC]] to decrypt '''data_in_buf''' into '''data_out_buf''', using the key set in the specified '''keyslot'''.
   −
[2.0.0+] Verifies the keyslot was allocated by current session.
+
[2.0.0+] Verifies the keyslot was allocated in the current session.
    
== ComputeCmac ==
 
== ComputeCmac ==
Line 205: Line 203:  
Returns a 16-byte CMAC calculated over '''data_in_buf'''.
 
Returns a 16-byte CMAC calculated over '''data_in_buf'''.
   −
[2.0.0+] Verifies the engine is locked by current session.
+
[2.0.0+] Verifies the keyslot was allocated in the current session.
    
== ImportEsKey ==
 
== ImportEsKey ==
Wrapper for [[SMC#LoadRsaOaepKey|LoadRsaOaepKey SMC]].
+
Wrapper for [[SMC#ImportEsKey|ImportEsKey SMC]].
    
Takes one type-9 (X descriptor) buffer (enc_privk_in_buf), a 16-byte KEK (key_x), a 16-byte key (key_y) and a u32 (version). version is 0 for normal keys or 1 for extended keys.
 
Takes one type-9 (X descriptor) buffer (enc_privk_in_buf), a 16-byte KEK (key_x), a 16-byte key (key_y) and a u32 (version). version is 0 for normal keys or 1 for extended keys.
    
Decrypts enc_privk_in_buf with a key generated from key_x and key_y and imports it for later usage.
 
Decrypts enc_privk_in_buf with a key generated from key_x and key_y and imports it for later usage.
 +
 +
[5.0.0+] This now calls [[SMC#ReEncryptRsaPrivateKey|ReEncryptRsaPrivateKey SMC]] instead.
    
== UnwrapTitleKey ==
 
== UnwrapTitleKey ==
Wrapper for [[SMC#UnwrapRsaOaepWrappedTitleKey|UnwrapRsaOaepWrappedTitleKey SMC]].
+
Wrapper for [[SMC#UnwrapTitleKey|UnwrapTitleKey SMC]].
    
Takes one type-10 (C descriptor) buffer ('''data_out_buf''') and 3 type-9 (X descriptor) buffers ('''data_in_buf''', '''mod_in_buf''' and '''label_hash_in_buf''').
 
Takes one type-10 (C descriptor) buffer ('''data_out_buf''') and 3 type-9 (X descriptor) buffers ('''data_in_buf''', '''mod_in_buf''' and '''label_hash_in_buf''').
   −
Decrypts '''data_in_buf''' into '''data_out_buf''' using the private key imported with [[#LoadRsaOaepKey]] and the supplied '''mod_in_buf'''. Afterwards, verifies RSA-OAEP encoding using '''label_hash_in_buf'''.
+
Decrypts '''data_in_buf''' into '''data_out_buf''' using the private key imported with [[#ImportEsKey]] and the supplied '''mod_in_buf'''. Afterwards, verifies RSA-OAEP encoding using '''label_hash_in_buf'''.
    
Returns an u32 ('''dec_data_size''').
 
Returns an u32 ('''dec_data_size''').
Line 230: Line 230:  
Sets the specified '''keyslot''' with the titlekey.
 
Sets the specified '''keyslot''' with the titlekey.
   −
[2.0.0+] Verifies the engine is locked by current session.
+
[2.0.0+] Verifies the keyslot was allocated in the current session.
    
== UnwrapCommonTitleKey ==
 
== UnwrapCommonTitleKey ==
Wrapper for [[SMC#UnwrapAesWrappedTitleKey|UnwrapAesWrappedTitleKey SMC]].
+
Wrapper for [[SMC#UnwrapCommonTitleKey|UnwrapCommonTitleKey SMC]].
    
Takes a 16-byte EKS ('''Encryption Key Source''').
 
Takes a 16-byte EKS ('''Encryption Key Source''').