mirror of
https://github.com/CTCaer/hekate.git
synced 2024-11-26 19:52:11 +00:00
hos: Fix mkey validation on BIS derivation
This commit is contained in:
parent
6159284be6
commit
564f36fc8b
1 changed files with 5 additions and 6 deletions
|
@ -558,7 +558,7 @@ static void _hos_validate_sept_mkey(u32 kb)
|
||||||
hos_eks_save(kb);
|
hos_eks_save(kb);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
} while (mkey_idx);
|
} while (mkey_idx - 1);
|
||||||
|
|
||||||
se_aes_key_clear(2);
|
se_aes_key_clear(2);
|
||||||
hos_eks_clear(kb);
|
hos_eks_clear(kb);
|
||||||
|
@ -574,7 +574,6 @@ int hos_bis_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt)
|
||||||
|
|
||||||
if (!h_cfg.eks || !h_cfg.eks->enabled_bis)
|
if (!h_cfg.eks || !h_cfg.eks->enabled_bis)
|
||||||
{
|
{
|
||||||
///////// check sept.
|
|
||||||
hos_keygen(keyblob, kb, tsec_ctxt);
|
hos_keygen(keyblob, kb, tsec_ctxt);
|
||||||
|
|
||||||
if (kb >= KB_FIRMWARE_VERSION_400)
|
if (kb >= KB_FIRMWARE_VERSION_400)
|
||||||
|
@ -599,7 +598,7 @@ int hos_bis_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt)
|
||||||
se_aes_key_set(2, tmp_mkey, 0x10);
|
se_aes_key_set(2, tmp_mkey, 0x10);
|
||||||
se_aes_crypt_ecb(2, 0, tmp_mkey, 0x10, mkey_vectors[mkey_idx - 1 - idx], 0x10);
|
se_aes_crypt_ecb(2, 0, tmp_mkey, 0x10, mkey_vectors[mkey_idx - 1 - idx], 0x10);
|
||||||
}
|
}
|
||||||
} while (memcmp(tmp_mkey, "\x00\x00\x00\x00\x00\x00\x00\x00", 8) != 0 && mkey_idx);
|
} while (memcmp(tmp_mkey, "\x00\x00\x00\x00\x00\x00\x00\x00", 8) != 0 && (mkey_idx - 1));
|
||||||
|
|
||||||
// Derive new device key.
|
// Derive new device key.
|
||||||
se_aes_key_clear(1);
|
se_aes_key_clear(1);
|
||||||
|
@ -635,6 +634,9 @@ int hos_bis_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt)
|
||||||
// Generate BIS 2/3 Keys.
|
// Generate BIS 2/3 Keys.
|
||||||
se_aes_crypt_block_ecb(2, 0, bis_keys + (4 * 0x10), bis_keyseed[4]);
|
se_aes_crypt_block_ecb(2, 0, bis_keys + (4 * 0x10), bis_keyseed[4]);
|
||||||
se_aes_crypt_block_ecb(2, 0, bis_keys + (5 * 0x10), bis_keyseed[5]);
|
se_aes_crypt_block_ecb(2, 0, bis_keys + (5 * 0x10), bis_keyseed[5]);
|
||||||
|
|
||||||
|
if (kb >= KB_FIRMWARE_VERSION_700)
|
||||||
|
_hos_validate_sept_mkey(kb);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -648,9 +650,6 @@ int hos_bis_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt)
|
||||||
memcpy(bis_keys + (5 * 0x10), h_cfg.eks->bis_keys[2].tweak, 0x10);
|
memcpy(bis_keys + (5 * 0x10), h_cfg.eks->bis_keys[2].tweak, 0x10);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (kb >= KB_FIRMWARE_VERSION_700)
|
|
||||||
_hos_validate_sept_mkey(kb);
|
|
||||||
|
|
||||||
// Clear all AES keyslots.
|
// Clear all AES keyslots.
|
||||||
for (u32 i = 0; i < 6; i++)
|
for (u32 i = 0; i < 6; i++)
|
||||||
se_aes_key_clear(i);
|
se_aes_key_clear(i);
|
||||||
|
|
Loading…
Reference in a new issue