Source release 17.1.2
This commit is contained in:
John "Juce" Bruce
@@ -40,6 +40,31 @@ bool Derive256Key(Cmac* cmac, uint8_t counter_base, const uint8_t* ctx,
|
||||
}
|
||||
return Derive128KeyAppend(cmac, counter_base + 1, ctx, ctx_size, derived_key);
|
||||
}
|
||||
|
||||
bool NistKdf(Cmac* cmac, const std::vector<uint8_t>& label,
|
||||
const std::vector<uint8_t>& context, size_t bits,
|
||||
std::vector<uint8_t>* renewed_device_key) {
|
||||
const std::vector<uint8_t> size_bits_big_endian = {
|
||||
static_cast<uint8_t>(bits >> 24), static_cast<uint8_t>(bits >> 16),
|
||||
static_cast<uint8_t>(bits >> 8), static_cast<uint8_t>(bits)};
|
||||
const size_t kAesBlockSizeBits = 16 * 8;
|
||||
|
||||
if (bits % kAesBlockSizeBits != 0) return false;
|
||||
if (renewed_device_key == nullptr) {
|
||||
return false;
|
||||
}
|
||||
renewed_device_key->clear();
|
||||
bool res = false;
|
||||
for (size_t counter = 0; counter < bits / kAesBlockSizeBits; counter++) {
|
||||
cmac->Reset();
|
||||
res = cmac->Update(counter + 1) && cmac->Update(label) &&
|
||||
cmac->Update(0x00) && cmac->Update(context) &&
|
||||
cmac->Update(size_bits_big_endian) &&
|
||||
cmac->FinalizeAppend(renewed_device_key);
|
||||
if (!res) break;
|
||||
}
|
||||
return res;
|
||||
}
|
||||
} // namespace
|
||||
|
||||
// static
|
||||
@@ -150,5 +175,20 @@ bool KeyDeriver::DeriveEncryptionKey(
|
||||
return DeriveEncryptionKey(enc_key_context.data(), enc_key_context.size(),
|
||||
enc_key);
|
||||
}
|
||||
|
||||
bool KeyDeriver::DeriveRenewedDeviceKey(
|
||||
const std::vector<uint8_t>& context,
|
||||
std::vector<uint8_t>* renewed_device_key) {
|
||||
if (renewed_device_key == nullptr) {
|
||||
LOGE("Output key buffer is null");
|
||||
return false;
|
||||
}
|
||||
const std::string kKeyboxRenewalLabel = "Keyboxv4";
|
||||
const std::vector<uint8_t> kKeyboxRenewalLabelVec(kKeyboxRenewalLabel.begin(),
|
||||
kKeyboxRenewalLabel.end());
|
||||
|
||||
return NistKdf(cmac_.get(), kKeyboxRenewalLabelVec, context, 0x80,
|
||||
renewed_device_key);
|
||||
}
|
||||
} // namespace util
|
||||
} // namespace wvoec
|
||||
|
||||
@@ -326,6 +326,27 @@ bool RsaPublicKey::IsMatchingPrivateKey(
|
||||
return RsaKeysAreMatchingPair(GetRsaKey(), private_key.GetRsaKey());
|
||||
}
|
||||
|
||||
std::vector<uint8_t> RsaPrivateKey::GetPrivateExponent() const {
|
||||
const BIGNUM* d = RSA_get0_d(key_);
|
||||
if (d == nullptr) {
|
||||
LOGE("Private exponent must not be null");
|
||||
return {};
|
||||
}
|
||||
// Get the required length for the data.
|
||||
const size_t length = BN_num_bytes(d);
|
||||
if (length <= 0) {
|
||||
LOGE("Private exponent length must be positive");
|
||||
return {};
|
||||
}
|
||||
std::vector<uint8_t> serialized_private_exponent(length, 0);
|
||||
if (static_cast<size_t>(BN_bn2bin(d, serialized_private_exponent.data())) !=
|
||||
length) {
|
||||
LOGE("Failed to convert the private exponent");
|
||||
return {};
|
||||
}
|
||||
return serialized_private_exponent;
|
||||
}
|
||||
|
||||
OEMCryptoResult RsaPublicKey::Serialize(uint8_t* buffer,
|
||||
size_t* buffer_size) const {
|
||||
if (buffer_size == nullptr) {
|
||||
|
||||
Reference in New Issue
Block a user