888
edits
Changes
Jump to navigation
Jump to search
Line 52:
Line 52: − + − + − + − + Line 98:
Line 98: − + − + − + − + − + − + − + − Encrypts using Rsa public key.+ − + + − === UnwrapRsaWrappedTitleKey ===+ − Takes a session kek created with [[#GenerateAesKek]], and a wrapped RSA public key. − − The session kek must have been created with CryptoUsecase_TitleKey. − + Line 138:
Line 136: − + − +
whoops
| 0xC300040B || [[#ComputeCmac]] || ||
| 0xC300040B || [[#ComputeCmac]] || ||
|-
|-
| 0xC300100C || [[#LoadRsaPrivateKey]] || ||
| 0xC300100C || [[#LoadRsaOaepKey]] || ||
|-
|-
| 0xC300100D || [[#DecryptRsaPrivateKey]] || ||
| 0xC300100D || [[#DecryptRsaPrivateKey]] || ||
|-
|-
| 0xC300100E || [[#LoadRsaPublicKey]] || ||
| 0xC300100E || [[#LoadSecureExpModKey]] || ||
|-
|-
| 0xC300060F || [[#PublicRsa]] || ||
| 0xC300060F || [[#SecureExpMod]] || ||
|-
|-
| 0xC3000610 || [[#UnwrapRsaWrappedTitleKey]] || ||
| 0xC3000610 || [[#UnwrapRsaOaepWrappedTitleKey]] || ||
|-
|-
| 0xC3000011 || [[#LoadTitleKey]] || ||
| 0xC3000011 || [[#LoadTitleKey]] || ||
Todo: This one seems unrelated to [[#CryptoUsecase]].
Todo: This one seems unrelated to [[#CryptoUsecase]].
=== LoadRsaPrivateKey ===
=== LoadRsaOaepKey ===
Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, and a wrapped RSA private key.
Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, and a wrapped RSA private key.
The session kek must have been created with CryptoUsecase_TitleKey.
The session kek must have been created with CryptoUsecase_RsaOaep.
=== DecryptRsaPrivateKey ===
=== DecryptRsaPrivateKey ===
Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, and a wrapped RSA private key.
Takes a session kek created with [[#GenerateAesKek]], a wrapped AES key, and a wrapped RSA private key.
The session kek must have been created with CryptoUsecase_PrivateRsa.
The session kek must have been created with CryptoUsecase_RsaPrivate.
[{Unknown version}+] The SMC handler when certain conditions pass and SMC_ID==0xC300100D now returns error 0x6 instead of calling the handler funcptr.
[{Unknown version}+] The SMC handler when certain conditions pass and SMC_ID==0xC300100D now returns error 0x6 instead of calling the handler funcptr.
=== LoadRsaPublicKey ===
=== LoadSecureExpModKey ===
Takes a session kek created with [[#GenerateAesKek]], and a wrapped RSA public key.
Takes a session kek created with [[#GenerateAesKek]], and a wrapped RSA key.
The session kek must have been created with CryptoUsecase_PublicRsa.
The session kek must have been created with CryptoUsecase_RsaSecureExpMod.
=== PublicRsa ===
=== SecureExpMod ===
Performs an Exp Mod operation using an exponent previously loaded with the [[#LoadSecureExpModKey]] command.
Key must be set prior using the [[#LoadRsaPublicKey]] command.
=== UnwrapRsaOaepWrappedTitleKey ===
Takes an Rsa-Oaep-wrapped TitleKey, an RSA Public Key, and a label hash.
Performs an Exp Mod operation using an exponent previously loaded with the [[#LoadRsaOaepKey]] command, and then validates/extracts a Titlekey from the resulting message.
Returns a session-unique AES key especially for use in [[#LoadTitleKey]].
Returns a session-unique AES key especially for use in [[#LoadTitleKey]].
=== LoadTitleKey ===
=== LoadTitleKey ===
Takes a session-unique AES key from [[#UnwrapTitleKey]].
Takes a session-unique AES key from [[#UnwrapAesWrappedTitleKey]] or [[#UnwrapRsaOaepWrappedTitleKey]].
=== enum CryptoUsecase ===
=== enum CryptoUsecase ===
| 1 || CryptoUsecase_RsaPrivate
| 1 || CryptoUsecase_RsaPrivate
|-
|-
| 2 || CryptoUsecase_RsaOaep
| 2 || CryptoUsecase_RsaSecureExpMod
|-
|-
| 3 || CryptoUsecase_RsaTitlekey
| 3 || CryptoUsecase_RsaOaep
|}
|}