diff --git a/exosphere/masterkey.c b/exosphere/masterkey.c new file mode 100644 index 000000000..284c60af7 --- /dev/null +++ b/exosphere/masterkey.c @@ -0,0 +1,90 @@ +#include + +#include "utils.h" +#include "masterkey.h" +#include "se.h" + +unsigned int g_mkey_revision = 0; +int g_determined_mkey_revision = 0; + +uint8_t g_old_masterkeys[MASTERKEY_REVISION_MAX][0x10]; + +/* TODO: Dev keys. */ + +/* TODO: Extend with new vectors, as needed. */ +const uint8_t mkey_vectors[MASTERKEY_REVISION_MAX][0x10] = +{ + {0x0C, 0xF0, 0x59, 0xAC, 0x85, 0xF6, 0x26, 0x65, 0xE1, 0xE9, 0x19, 0x55, 0xE6, 0xF2, 0x67, 0x3D}, /* Zeroes encrypted with Master Key 00. */ + {0x29, 0x4C, 0x04, 0xC8, 0xEB, 0x10, 0xED, 0x9D, 0x51, 0x64, 0x97, 0xFB, 0xF3, 0x4D, 0x50, 0xDD}, /* Master key 00 encrypted with Master key 01. */ + {0xDE, 0xCF, 0xEB, 0xEB, 0x10, 0xAE, 0x74, 0xD8, 0xAD, 0x7C, 0xF4, 0x9E, 0x62, 0xE0, 0xE8, 0x72}, /* Master key 01 encrypted with Master key 02. */ + {0x0A, 0x0D, 0xDF, 0x34, 0x22, 0x06, 0x6C, 0xA4, 0xE6, 0xB1, 0xEC, 0x71, 0x85, 0xCA, 0x4E, 0x07}, /* Master key 02 encrypted with Master key 03. */ +} + +int check_mkey_revision(unsigned int revision) { + uint8_t final_vector[0x10]; + + unsigned int check_keyslot = KEYSLOT_SWITCH_MASTERKEY; + if (revision > 0) { + /* Generate old master key array. */ + for (unsigned int i = revision; i > 0; i--) { + se_aes_ecb_decrypt_block(check_keyslot, g_old_masterkeys[i-1], 0x10, mkey_vectors[i], 0x10); + set_aes_keyslot(KEYSLOT_SWITCH_TEMPKEY, g_old_masterkeys[i-1], 0x10); + check_keyslot = KEYSLOT_SWITCH_TEMPKEY; + } + } + + se_aes_ecb_decrypt_block(check_keyslot, final_vector, 0x10, mkey_vectors[0], 0x10); + for (unsigned int i = 0; i < 0x10; i++) { + if (final_vector[i] != 0) { + return 0; + } + } + return 1; +} + +void mkey_detect_revision(void) { + if (g_determined_mkey_revision == 1) { + panic(); + } + + for (unsigned int rev = 0; rev < MASTERKEY_REVISION_MAX; rev++) { + if (check_mkey_revision(rev)) { + g_determined_mkey_revision = 1; + g_mkey_revision = rev; + break; + } + } + + /* We must have determined the master key, or we're not running on a Switch. */ + /* TODO: When panic is implemented, make this a really distinctive color. */ + /* Maybe bright red? */ + if (g_determined_mkey_revision == 0) { + panic(); + } +} + +unsigned int mkey_get_revision(void) { + if (g_determined_mkey_revision == 0) { + panic(); + } + + return g_mkey_revision; +} + +unsigned int mkey_get_keyslot(unsigned int revision) { + if (g_determined_mkey_revision == 0 || revision >= MASTERKEY_REVISION_MAX) { + panic(); + } + + if (revision > g_mkey_revision) { + panic(); + } + + if (revision == g_mkey_revision) { + return KEYSLOT_SWITCH_MASTERKEY; + } else { + /* Load into a temp keyslot. */ + set_aes_keyslot(KEYSLOT_SWITCH_TEMPKEY, g_old_masterkeys[revision], 0x10); + return KEYSLOT_SWITCH_TEMPKEY; + } +} diff --git a/exosphere/masterkey.h b/exosphere/masterkey.h new file mode 100644 index 000000000..570b796a8 --- /dev/null +++ b/exosphere/masterkey.h @@ -0,0 +1,16 @@ +#ifndef EXOSPHERE_MASTERKEY_H +#define EXOSPHERE_MASTERKEY_H + +/* This is glue code to enable master key support across versions. */ + +/* TODO: Update to 0x5 on release of new master key. */ +#define MASTERKEY_REVISION_MAX 0x4 + +/* This should be called early on in initialization. */ +void mkey_detect_revision(void); + +unsigned int mkey_get_revision(void); + +unsigned int mkey_get_keyslot(unsigned int revision); + +#endif \ No newline at end of file diff --git a/exosphere/se.h b/exosphere/se.h index ef452485e..4fdf7d3ca 100644 --- a/exosphere/se.h +++ b/exosphere/se.h @@ -6,6 +6,15 @@ /* Exosphere driver for the Tegra X1 security engine. */ +#define KEYSLOT_SWITCH_TEMPKEY 0x9 +#define KEYSLOT_SWITCH_SESSIONKEY 0xA +#define KEYSLOT_SWITCH_RNGKEY 0xB +#define KEYSLOT_SWITCH_MASTERKEY 0xC +#define KEYSLOT_SWITCH_DEVICEKEY 0xD + +/* This key was added in 4.0.0. */ +#define KEYSLOT_SWITCH_NEWDEVICEKEY 0xF + #define KEYSLOT_AES_MAX 0x10 #define KEYSLOT_RSA_MAX 0x2 diff --git a/exosphere/smc_api.c b/exosphere/smc_api.c index de493c703..4ec1bf8f7 100644 --- a/exosphere/smc_api.c +++ b/exosphere/smc_api.c @@ -108,8 +108,7 @@ uint64_t try_set_smc_callback(uint32_t (*callback)(void *, uint64_t)) { return 0; } - /* TODO: Keyslot defines. */ - se_generate_random(0xB, &key, sizeof(uint64_t)); + se_generate_random(KEYSLOT_SWITCH_RNGKEY, &key, sizeof(uint64_t)); g_smc_callback_key = key; g_smc_callback = callback; return key; diff --git a/exosphere/smc_user.c b/exosphere/smc_user.c index a2693f4e0..fd8b6945f 100644 --- a/exosphere/smc_user.c +++ b/exosphere/smc_user.c @@ -2,6 +2,7 @@ #include "utils.h" #include "cache.h" +#include "masterkey.h" #include "smc_api.h" #include "smc_user.h" #include "se.h" @@ -88,10 +89,10 @@ uint32_t user_load_aes_key(smc_args_t *args) { wrapped_key[1] = args->X[5]; /* TODO: Unseal the kek. */ - set_aes_keyslot(9, sealed_kek, 0x10); + set_aes_keyslot(KEYSLOT_SWITCH_TEMPKEY, sealed_kek, 0x10); /* Unwrap the key. */ - decrypt_data_into_keyslot(keyslot, 9, wrapped_key, 0x10); + decrypt_data_into_keyslot(keyslot, KEYSLOT_SWITCH_TEMPKEY, wrapped_key, 0x10); return 0; } @@ -221,7 +222,9 @@ uint32_t user_unwrap_rsa_wrapped_titlekey(smc_args_t *args) { void *user_modulus = (void *)args->X[2]; unsigned int master_key_rev = (unsigned int)args->X[7]; - /* TODO: Validate Master Key Revision. */ + if (master_key_rev >= MASTERKEY_REVISION_MAX) { + return 2; + } /* Copy user data into secure memory. */ if (upage_init(&page_ref, user_wrapped_key) == 0) { @@ -277,7 +280,10 @@ uint32_t user_unwrap_aes_wrapped_titlekey(smc_args_t *args) { unsigned int master_key_rev = (unsigned int)args->X[3]; - /* TODO: Validate Master Key Revision. */ + if (master_key_rev >= MASTERKEY_REVISION_MAX) { + return 2; + } + tkey_set_master_key_rev(master_key_rev); @@ -286,5 +292,4 @@ uint32_t user_unwrap_aes_wrapped_titlekey(smc_args_t *args) { args->X[1] = sealed_titlekey[0]; args->X[2] = sealed_titlekey[1]; - } \ No newline at end of file