diff options
Diffstat (limited to 'chip')
-rw-r--r-- | chip/g/dcrypto/dcrypto.h | 7 | ||||
-rw-r--r-- | chip/g/dcrypto/key_ladder.c | 29 |
2 files changed, 36 insertions, 0 deletions
diff --git a/chip/g/dcrypto/dcrypto.h b/chip/g/dcrypto/dcrypto.h index f51907f767..848373dbcb 100644 --- a/chip/g/dcrypto/dcrypto.h +++ b/chip/g/dcrypto/dcrypto.h @@ -304,6 +304,13 @@ struct APPKEY_CTX { int DCRYPTO_ladder_compute_frk2(size_t major_fw_version, uint8_t *frk2); int DCRYPTO_ladder_random(void *output); +void DCRYPTO_ladder_revoke(void); +/* + * Query whether Key Ladder is enabled. + * + * @return 1 if Key Ladder is enabled, and 0 otherwise. + */ +int DCRYPTO_ladder_is_enabled(void); int DCRYPTO_appkey_init(enum dcrypto_appid id, struct APPKEY_CTX *ctx); void DCRYPTO_appkey_finish(struct APPKEY_CTX *ctx); diff --git a/chip/g/dcrypto/key_ladder.c b/chip/g/dcrypto/key_ladder.c index 913a667417..7aca0ad2b3 100644 --- a/chip/g/dcrypto/key_ladder.c +++ b/chip/g/dcrypto/key_ladder.c @@ -287,3 +287,32 @@ int dcrypto_ladder_derive(enum dcrypto_appid appid, const uint32_t salt[8], dcrypto_release_sha_hw(); return !error; } + +void DCRYPTO_ladder_revoke(void) +{ + /* Revoke certificates */ + GWRITE(KEYMGR, CERT_REVOKE_CTRL0, 0xffffffff); + GWRITE(KEYMGR, CERT_REVOKE_CTRL1, 0xffffffff); + + /* Wipe out the hidden keys cached in AES and SHA engines. */ + GWRITE_FIELD(KEYMGR, AES_USE_HIDDEN_KEY, ENABLE, 0); + GWRITE_FIELD(KEYMGR, SHA_USE_HIDDEN_KEY, ENABLE, 0); + + /* Clear usr_ready[] */ + memset(usr_ready, 0, sizeof(usr_ready)); +} + +#define KEYMGR_CERT_REVOKE_CTRL0_DEFAULT_VAL 0xa8028a82 +#define KEYMGR_CERT_REVOKE_CTRL1_DEFAULT_VAL 0xaaaaaaaa + +int DCRYPTO_ladder_is_enabled(void) +{ + uint32_t ctrl0; + uint32_t ctrl1; + + ctrl0 = GREAD(KEYMGR, CERT_REVOKE_CTRL0); + ctrl1 = GREAD(KEYMGR, CERT_REVOKE_CTRL1); + + return ctrl0 == KEYMGR_CERT_REVOKE_CTRL0_DEFAULT_VAL && + ctrl1 == KEYMGR_CERT_REVOKE_CTRL1_DEFAULT_VAL; +} |