Implement masterkey logic, KEYSLOT defines.

This commit is contained in:
Michael Scire 2018-02-19 23:41:27 -08:00
parent 61f8886879
commit 07f9e9500e
5 changed files with 126 additions and 7 deletions

View file

@ -2,6 +2,7 @@
#include "utils.h"
#include "cache.h"
#include "masterkey.h"
#include "smc_api.h"
#include "smc_user.h"
#include "se.h"
@ -88,10 +89,10 @@ uint32_t user_load_aes_key(smc_args_t *args) {
wrapped_key[1] = args->X[5];
/* TODO: Unseal the kek. */
set_aes_keyslot(9, sealed_kek, 0x10);
set_aes_keyslot(KEYSLOT_SWITCH_TEMPKEY, sealed_kek, 0x10);
/* Unwrap the key. */
decrypt_data_into_keyslot(keyslot, 9, wrapped_key, 0x10);
decrypt_data_into_keyslot(keyslot, KEYSLOT_SWITCH_TEMPKEY, wrapped_key, 0x10);
return 0;
}
@ -221,7 +222,9 @@ uint32_t user_unwrap_rsa_wrapped_titlekey(smc_args_t *args) {
void *user_modulus = (void *)args->X[2];
unsigned int master_key_rev = (unsigned int)args->X[7];
/* TODO: Validate Master Key Revision. */
if (master_key_rev >= MASTERKEY_REVISION_MAX) {
return 2;
}
/* Copy user data into secure memory. */
if (upage_init(&page_ref, user_wrapped_key) == 0) {
@ -277,7 +280,10 @@ uint32_t user_unwrap_aes_wrapped_titlekey(smc_args_t *args) {
unsigned int master_key_rev = (unsigned int)args->X[3];
/* TODO: Validate Master Key Revision. */
if (master_key_rev >= MASTERKEY_REVISION_MAX) {
return 2;
}
tkey_set_master_key_rev(master_key_rev);
@ -286,5 +292,4 @@ uint32_t user_unwrap_aes_wrapped_titlekey(smc_args_t *args) {
args->X[1] = sealed_titlekey[0];
args->X[2] = sealed_titlekey[1];
}