fs: add gc validation wrappers for hac2l

This commit is contained in:
Michael Scire 2022-03-14 04:42:55 -07:00 committed by SciresM
parent 32d443977e
commit 2d984822c6
15 changed files with 939 additions and 6 deletions

View file

@ -63,6 +63,7 @@
#include <stratosphere/erpt.hpp> #include <stratosphere/erpt.hpp>
#include <stratosphere/err.hpp> #include <stratosphere/err.hpp>
#include <stratosphere/fatal.hpp> #include <stratosphere/fatal.hpp>
#include <stratosphere/gc.hpp>
#include <stratosphere/gpio.hpp> #include <stratosphere/gpio.hpp>
#include <stratosphere/hid.hpp> #include <stratosphere/hid.hpp>
#include <stratosphere/hos.hpp> #include <stratosphere/hos.hpp>

View file

@ -31,12 +31,19 @@ namespace ams::fs {
RootWriteable, RootWriteable,
}; };
enum class GameCardAttribute : u8 { enum GameCardAttribute : u8 {
AutoBootFlag = (1 << 0), GameCardAttribute_AutoBootFlag = (1 << 0),
HistoryEraseFlag = (1 << 1), GameCardAttribute_HistoryEraseFlag = (1 << 1),
RepairToolFlag = (1 << 2), GameCardAttribute_RepairToolFlag = (1 << 2),
DifferentRegionCupToTerraDeviceFlag = (1 << 3), GameCardAttribute_DifferentRegionCupToTerraDeviceFlag = (1 << 3),
DifferentRegionCupToGlobalDeviceFlag = (1 << 4), GameCardAttribute_DifferentRegionCupToGlobalDeviceFlag = (1 << 4),
GameCardAttribute_HasHeaderSign2Flag = (1 << 7),
};
enum class GameCardCompatibilityType : u8 {
Normal = 0,
Terra = 1,
}; };
using GameCardHandle = u32; using GameCardHandle = u32;

View file

@ -0,0 +1,20 @@
/*
* Copyright (c) Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <stratosphere/gc/impl/gc_types.hpp>
#include <stratosphere/gc/impl/gc_gc_crypto.hpp>
#include <stratosphere/gc/impl/gc_embedded_data_holder.hpp>

View file

@ -0,0 +1,49 @@
/*
* Copyright (c) Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <vapours.hpp>
#include <stratosphere/gc/impl/gc_gc_crypto.hpp>
namespace ams::gc::impl {
class EmbeddedDataHolder {
NON_COPYABLE(EmbeddedDataHolder);
NON_MOVEABLE(EmbeddedDataHolder);
friend class GcCrypto;
private:
struct ConcatenatedGcLibraryEmbeddedKeys {
u8 enc_hmac_key_for_cv[GcCrypto::GcHmacKeyLength];
u8 enc_hmac_key_for_key_and_iv[GcCrypto::GcHmacKeyLength];
u8 enc_cv_constant_value[GcCrypto::GcCvConstLength];
u8 enc_rsa_oaep_label_hash[GcCrypto::GcSha256HashLength];
};
static_assert(util::is_pod<ConcatenatedGcLibraryEmbeddedKeys>::value);
static_assert(sizeof(ConcatenatedGcLibraryEmbeddedKeys) == 0x70);
private:
static bool s_is_dev;
static const void *s_ca_public_exponent;
static const void *s_ca1_modulus;
static const void *s_ca9_modulus;
static const void *s_ca10_modulus;
static const void *s_ca10_certificate_modulus;
static const void *s_card_header_key;
public:
static Result SetLibraryEmbeddedKeys(bool is_dev = GcCrypto::CheckDevelopmentSpl());
private:
static Result DecryptoEmbeddedKeys(ConcatenatedGcLibraryEmbeddedKeys *out, size_t out_size, bool is_dev = GcCrypto::CheckDevelopmentSpl());
};
}

View file

@ -0,0 +1,47 @@
/*
* Copyright (c) Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <vapours.hpp>
#include <stratosphere/gc/impl/gc_types.hpp>
namespace ams::gc::impl {
class GcCrypto {
NON_COPYABLE(GcCrypto);
NON_MOVEABLE(GcCrypto);
public:
static constexpr size_t GcRsaKeyLength = crypto::Rsa2048PssSha256Verifier::ModulusSize;
static constexpr size_t GcRsaPublicExponentLength = 3;
static constexpr size_t GcAesKeyLength = crypto::AesEncryptor128::KeySize;
static constexpr size_t GcAesCbcIvLength = crypto::Aes128CbcEncryptor::IvSize;
static constexpr size_t GcHmacKeyLength = 0x20;
static constexpr size_t GcCvConstLength = 0x10;
static constexpr size_t GcSha256HashLength = crypto::Sha256Generator::HashSize;
public:
static bool CheckDevelopmentSpl();
static Result DecryptAesKeySpl(void *dst, size_t dst_size, const void *src, size_t src_size, s32 generation, u32 option);
static Result VerifyCardHeader(const void *header_buffer, size_t header_size, const void *modulus, size_t modulus_size);
static Result EncryptCardHeader(void *header, size_t header_size);
static Result DecryptCardHeader(void *header, size_t header_size);
static Result VerifyT1CardCertificate(const void *cert_buffer, size_t cert_size);
static Result VerifyCa10Certificate(const void *cert_buffer, size_t cert_size);
};
}

View file

@ -0,0 +1,144 @@
/*
* Copyright (c) Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <vapours.hpp>
namespace ams::gc::impl {
struct CardInitialDataPayload {
u8 package_id[8];
u8 reserved_8[8];
u8 auth_data[0x10];
u8 auth_mac[0x10];
u8 auth_nonce[0xC];
};
static_assert(util::is_pod<CardInitialDataPayload>::value);
static_assert(sizeof(CardInitialDataPayload) == 0x3C);
struct CardInitialData {
CardInitialDataPayload payload;
u8 padding[0x200 - sizeof(CardInitialDataPayload)];
};
static_assert(util::is_pod<CardInitialData>::value);
static_assert(sizeof(CardInitialData) == 0x200);
struct CardHeaderKeyIndex {
using KekIndex = util::BitPack8::Field<0, 4, u8>;
using TitleKeyDecIndex = util::BitPack8::Field<KekIndex::Next, 4, u8>;
static_assert(TitleKeyDecIndex::Next == BITSIZEOF(u8));
};
struct CardHeaderEncryptedData {
u32 fw_version[2];
u32 acc_ctrl_1;
u32 wait_1_time_read;
u32 wait_2_time_read;
u32 wait_1_time_write;
u32 wait_2_time_write;
u32 fw_mode;
u32 cup_version;
u8 compatibility_type;
u8 reserved_25;
u8 reserved_26;
u8 reserved_27;
u8 upp_hash[8];
u64 cup_id;
u8 reserved_38[0x38];
};
static_assert(util::is_pod<CardHeaderEncryptedData>::value);
static_assert(sizeof(CardHeaderEncryptedData) == 0x70);
enum MemoryCapacity : u8 {
MemoryCapacity_1GB = 0xFA,
MemoryCapacity_2GB = 0xF8,
MemoryCapacity_4GB = 0xF0,
MemoryCapacity_8GB = 0xE0,
MemoryCapacity_16GB = 0xE1,
MemoryCapacity_32GB = 0xE2,
};
enum AccessControl1ClockRate : u32 {
AccessControl1ClockRate_25MHz = 0x00A10011,
AccessControl1ClockRate_50MHz = 0x00A10010,
};
struct CardHeader {
static constexpr u32 Magic = util::FourCC<'H','E','A','D'>::Code;
u32 magic;
u32 rom_area_start_page;
u32 backup_area_start_page;
util::BitPack8 key_index;
u8 rom_size;
u8 version;
u8 flags;
u8 package_id[8];
u32 valid_data_end_page;
u8 reserved_11C[4];
u8 iv[crypto::Aes128CbcDecryptor::IvSize];
u64 partition_fs_header_address;
u64 partition_fs_header_size;
u8 partition_fs_header_hash[crypto::Sha256Generator::HashSize];
u8 initial_data_hash[crypto::Sha256Generator::HashSize];
u32 sel_sec;
u32 sel_t1_key;
u32 sel_key;
u32 lim_area_page;
union {
u8 raw_encrypted_data[sizeof(CardHeaderEncryptedData)];
CardHeaderEncryptedData encrypted_data;
};
};
static_assert(util::is_pod<CardHeader>::value);
static_assert(sizeof(CardHeader) == 0x100);
struct CardHeaderWithSignature {
u8 signature[crypto::Rsa2048Pkcs1Sha256Verifier::SignatureSize];
CardHeader data;
};
static_assert(util::is_pod<CardHeaderWithSignature>::value);
static_assert(sizeof(CardHeaderWithSignature) == 0x200);
static constexpr size_t CardDeviceIdLength = 0x10;
struct T1CardCertificate {
static constexpr u32 Magic = util::FourCC<'C','E','R','T'>::Code;
u8 signature[crypto::Rsa2048Pkcs1Sha256Verifier::SignatureSize];
u32 magic;
u32 version;
u8 kek_index;
u8 flags[7];
u8 t1_card_device_id[CardDeviceIdLength];
u8 iv[crypto::Aes128CtrEncryptor::IvSize];
u8 hw_key[crypto::Aes128CtrEncryptor::KeySize];
u8 reserved[0xC0];
u8 padding[0x200];
};
static_assert(util::is_pod<T1CardCertificate>::value);
static_assert(sizeof(T1CardCertificate) == 0x400);
struct Ca10Certificate {
u8 signature[crypto::Rsa2048Pkcs1Sha256Verifier::SignatureSize];
u8 unk_100[0x200];
u8 modulus[crypto::Rsa2048Pkcs1Sha256Verifier::ModulusSize];
};
static_assert(util::is_pod<Ca10Certificate>::value);
static_assert(sizeof(Ca10Certificate) == 0x400);
}

View file

@ -0,0 +1,235 @@
/*
* Copyright (c) Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stratosphere.hpp>
namespace ams::gc::impl {
namespace {
constexpr const u8 LibraryEmbeddedCa1Modulus[GcCrypto::GcRsaKeyLength] = {
0xAF, 0xB6, 0xA0, 0x1F, 0x7F, 0x8C, 0xEC, 0xD6, 0x62, 0xC9, 0xF9, 0x83, 0x69, 0x4F, 0x0E, 0x8E,
0xC3, 0x71, 0x70, 0x60, 0x63, 0xEB, 0x90, 0x2F, 0x1E, 0x3B, 0xA2, 0xCD, 0xD5, 0x7A, 0xAA, 0x45,
0x27, 0x61, 0xF9, 0x10, 0xC0, 0x0C, 0x72, 0xE7, 0xBD, 0x70, 0x2E, 0x32, 0xA0, 0xD0, 0x8A, 0x29,
0x43, 0x19, 0x12, 0x8C, 0x8D, 0x10, 0xE4, 0x04, 0xE0, 0x13, 0x7F, 0x26, 0x02, 0x1B, 0xFD, 0x44,
0xAF, 0x70, 0xD7, 0xBF, 0xDF, 0x97, 0xD2, 0x34, 0xFD, 0xBB, 0x51, 0x8D, 0x7C, 0x04, 0x9D, 0x30,
0xFF, 0xB1, 0xB4, 0xD3, 0xEF, 0x2C, 0xEE, 0xAD, 0x4C, 0x4A, 0x26, 0x94, 0x15, 0x13, 0xA9, 0xDA,
0xF4, 0xA4, 0x22, 0xE7, 0x11, 0x8A, 0xE4, 0xB0, 0xE9, 0x66, 0x23, 0xA7, 0xED, 0x7D, 0x73, 0x8B,
0x32, 0xE5, 0xE1, 0x19, 0x34, 0x15, 0x06, 0x5D, 0xA6, 0xCD, 0x80, 0xA5, 0xC0, 0xD0, 0xCE, 0x7C,
0x3E, 0x3D, 0x1F, 0x2B, 0x65, 0x26, 0xBE, 0xAE, 0x55, 0xC7, 0x03, 0xCF, 0x4A, 0xD3, 0xDA, 0x54,
0x13, 0x1F, 0x20, 0x05, 0xE9, 0x9B, 0x3F, 0xDE, 0x73, 0xD3, 0xA0, 0xFF, 0xA0, 0x7E, 0xA9, 0x6A,
0xBC, 0xF8, 0x6C, 0xF1, 0x3C, 0x72, 0x4E, 0x6F, 0xA1, 0x3C, 0x20, 0xCD, 0x3A, 0x1A, 0x65, 0xE0,
0xF0, 0xF8, 0x84, 0xEB, 0x6B, 0x38, 0x49, 0xB6, 0xF2, 0x5B, 0x81, 0x16, 0x8B, 0x1A, 0xE0, 0x4F,
0x18, 0x88, 0xF1, 0xAD, 0x66, 0xA9, 0xC8, 0xE0, 0x9D, 0xD0, 0x9B, 0xFA, 0xAD, 0xBE, 0xC9, 0x5C,
0xE5, 0x54, 0x2A, 0xF4, 0x59, 0xE2, 0xFA, 0xD4, 0xC9, 0x58, 0x1C, 0x83, 0xD9, 0x23, 0x77, 0xDC,
0x78, 0xBE, 0xCA, 0x7B, 0xC1, 0x69, 0xF3, 0x9C, 0xFE, 0xF7, 0xB9, 0x9E, 0xD6, 0x44, 0x70, 0x1C,
0x8B, 0x08, 0xB0, 0x44, 0xE5, 0x63, 0xFB, 0xB8, 0x45, 0x40, 0xDA, 0xA2, 0x3C, 0xB9, 0xFB, 0x75,
};
constexpr const u8 LibraryEmbeddedCa9Modulus[GcCrypto::GcRsaKeyLength] = {
0xCD, 0xF3, 0x2C, 0xB0, 0xF5, 0x14, 0x78, 0x34, 0xE5, 0x02, 0xD0, 0x29, 0x6A, 0xA5, 0xFD, 0x97,
0x6A, 0xE0, 0xB0, 0xBB, 0xB0, 0x3B, 0x1A, 0x80, 0xB7, 0xD7, 0x58, 0x92, 0x79, 0x84, 0xC0, 0x36,
0xB1, 0x55, 0x23, 0xD8, 0xA5, 0x60, 0x91, 0x26, 0x48, 0x1A, 0x80, 0x4A, 0xEA, 0x00, 0x98, 0x2A,
0xEC, 0x52, 0x17, 0x72, 0x92, 0x4D, 0xF5, 0x42, 0xA7, 0x8A, 0x6F, 0x7F, 0xD2, 0x48, 0x51, 0x8E,
0xDF, 0xCB, 0xBF, 0x77, 0xF6, 0x18, 0xBD, 0xE5, 0x00, 0xD9, 0x70, 0x8C, 0xEF, 0x57, 0xB2, 0x96,
0xD0, 0x36, 0x83, 0x88, 0x9C, 0xC5, 0xFB, 0xA0, 0x33, 0x81, 0xA2, 0x12, 0x23, 0xC6, 0xC7, 0x86,
0x0A, 0x98, 0x57, 0x4D, 0x2E, 0xB5, 0xAE, 0x64, 0xE4, 0x6F, 0xC2, 0xC5, 0xAC, 0x6A, 0x1D, 0xDB,
0xA5, 0xAF, 0x12, 0x22, 0xAB, 0x1F, 0x51, 0xC8, 0x0E, 0x0D, 0xC9, 0xF5, 0x03, 0xE8, 0xD2, 0xFC,
0x84, 0x62, 0x26, 0x55, 0xA4, 0xC3, 0xE2, 0xA8, 0x98, 0x05, 0x67, 0x23, 0xFD, 0xA5, 0x46, 0x40,
0x78, 0x51, 0x09, 0x3D, 0x91, 0x74, 0xD6, 0xD0, 0x54, 0x23, 0x0D, 0xA0, 0xFB, 0x07, 0xD0, 0xAA,
0x9D, 0x50, 0x4E, 0x2B, 0x26, 0x9A, 0x14, 0xE5, 0x6C, 0x73, 0x66, 0x24, 0x18, 0xA1, 0x93, 0x9C,
0x2A, 0x40, 0x40, 0x05, 0x6B, 0xF1, 0x45, 0xDF, 0x22, 0x8B, 0x40, 0x61, 0xA4, 0x11, 0x06, 0x03,
0xA5, 0x53, 0x84, 0xC0, 0x12, 0xE1, 0x88, 0x9D, 0x55, 0x55, 0x07, 0x40, 0x88, 0x01, 0x8C, 0xAB,
0xA2, 0xFD, 0xFD, 0x19, 0x48, 0x25, 0xAB, 0x59, 0x59, 0x28, 0x63, 0x68, 0x69, 0x1B, 0x99, 0x73,
0x8D, 0xAB, 0x5A, 0xFA, 0x71, 0x60, 0x1B, 0x12, 0xE7, 0x99, 0x70, 0xF1, 0x99, 0x2A, 0x50, 0x18,
0x8B, 0x6B, 0x61, 0x90, 0xE2, 0x7E, 0x8B, 0x90, 0xD4, 0xD5, 0xC0, 0xCB, 0x7C, 0x08, 0x06, 0xD9,
};
constexpr const u8 LibraryEmbeddedCaPublicExponent[GcCrypto::GcRsaPublicExponentLength] = {
0x01, 0x00, 0x01
};
constexpr const u8 LibraryEmbeddedCa10Modulus[2][GcCrypto::GcRsaKeyLength] = {
{
0x98, 0xC7, 0x26, 0xB6, 0x0D, 0x0A, 0x50, 0xA7, 0x39, 0x21, 0x0A, 0xE3, 0x2F, 0xE4, 0x3E, 0x2E,
0x5B, 0xA2, 0x86, 0x75, 0xAA, 0x5C, 0xEE, 0x34, 0xF1, 0xA3, 0x3A, 0x7E, 0xBD, 0x90, 0x4E, 0xF7,
0x8D, 0xFA, 0x17, 0xAA, 0x6B, 0xC6, 0x36, 0x6D, 0x4C, 0x9A, 0x6D, 0x57, 0x2F, 0x80, 0xA2, 0xBC,
0x38, 0x4D, 0xDA, 0x99, 0xA1, 0xD8, 0xC3, 0xE2, 0x99, 0x79, 0x36, 0x71, 0x90, 0x20, 0x25, 0x9D,
0x4D, 0x11, 0xB8, 0x2E, 0x63, 0x6B, 0x5A, 0xFA, 0x1E, 0x9C, 0x04, 0xD1, 0xC5, 0xF0, 0x9C, 0xB1,
0x0F, 0xB8, 0xC1, 0x7B, 0xBF, 0xE8, 0xB0, 0xD2, 0x2B, 0x47, 0x01, 0x22, 0x6B, 0x23, 0xC9, 0xD0,
0xBC, 0xEB, 0x75, 0x6E, 0x41, 0x7D, 0x4C, 0x26, 0xA4, 0x73, 0x21, 0xB4, 0xF0, 0x14, 0xE5, 0xD9,
0x8D, 0xB3, 0x64, 0xEE, 0xA8, 0xFA, 0x84, 0x1B, 0xB8, 0xB8, 0x7C, 0x88, 0x6B, 0xEF, 0xCC, 0x97,
0x04, 0x04, 0x9A, 0x67, 0x2F, 0xDF, 0xEC, 0x0D, 0xB2, 0x5F, 0xB5, 0xB2, 0xBD, 0xB5, 0x4B, 0xDE,
0x0E, 0x88, 0xA3, 0xBA, 0xD1, 0xB4, 0xE0, 0x91, 0x81, 0xA7, 0x84, 0xEB, 0x77, 0x85, 0x8B, 0xEF,
0xA5, 0xE3, 0x27, 0xB2, 0xF2, 0x82, 0x2B, 0x29, 0xF1, 0x75, 0x2D, 0xCE, 0xCC, 0xAE, 0x9B, 0x8D,
0xED, 0x5C, 0xF1, 0x8E, 0xDB, 0x9A, 0xD7, 0xAF, 0x42, 0x14, 0x52, 0xCD, 0xE3, 0xC5, 0xDD, 0xCE,
0x08, 0x12, 0x17, 0xD0, 0x7F, 0x1A, 0xAA, 0x1F, 0x7D, 0xE0, 0x93, 0x54, 0xC8, 0xBC, 0x73, 0x8A,
0xCB, 0xAD, 0x6E, 0x93, 0xE2, 0x19, 0x72, 0x6B, 0xD3, 0x45, 0xF8, 0x73, 0x3D, 0x2B, 0x6A, 0x55,
0xD2, 0x3A, 0x8B, 0xB0, 0x8A, 0x42, 0xE3, 0x3D, 0xF1, 0x92, 0x23, 0x42, 0x2E, 0xBA, 0xCC, 0x9C,
0x9A, 0xC1, 0xDD, 0x62, 0x86, 0x9C, 0x2E, 0xE1, 0x2D, 0x6F, 0x62, 0x67, 0x51, 0x08, 0x0E, 0xCF,
},
{
0xC8, 0x65, 0x8D, 0x9D, 0x15, 0xF4, 0xCC, 0x35, 0x7D, 0x3C, 0x7B, 0xBF, 0xA3, 0x7D, 0xA9, 0xFE,
0x93, 0xD9, 0x3A, 0x64, 0x7C, 0x12, 0x81, 0xB8, 0xA7, 0x6D, 0xE6, 0x76, 0xA5, 0x9F, 0x95, 0xB1,
0x0B, 0xC5, 0x93, 0x9F, 0x48, 0xE9, 0x4F, 0x3D, 0xD1, 0x94, 0x0F, 0x78, 0x70, 0x5A, 0x2C, 0x82,
0x6C, 0xE9, 0xB0, 0xA7, 0x6C, 0xEA, 0xB5, 0xC1, 0x20, 0xD0, 0x2A, 0x29, 0x42, 0xA6, 0x33, 0x70,
0x75, 0x53, 0x3E, 0x88, 0x4A, 0xEF, 0x35, 0x0E, 0x79, 0xE4, 0xB0, 0x0F, 0x90, 0xA2, 0xAC, 0xF8,
0x31, 0x02, 0xA3, 0x8E, 0x99, 0x7E, 0xF4, 0x72, 0x5A, 0x0B, 0xE8, 0x23, 0x4E, 0x87, 0xFB, 0x2F,
0x22, 0x22, 0x57, 0xF6, 0xE1, 0x43, 0xFD, 0x11, 0xDA, 0x2D, 0xE6, 0x25, 0x96, 0x4C, 0x6B, 0x3B,
0x54, 0x0C, 0x22, 0x8C, 0xB5, 0x82, 0xDB, 0x49, 0x5C, 0xB0, 0x36, 0x13, 0x31, 0x6F, 0x1A, 0xFF,
0xA5, 0x1F, 0x70, 0x15, 0xAC, 0xDA, 0xF5, 0xD6, 0xE5, 0x71, 0x2F, 0x47, 0x43, 0xAB, 0x00, 0x03,
0xCE, 0x9C, 0x70, 0xEB, 0x58, 0x6C, 0xE1, 0x3F, 0xC8, 0xD7, 0x43, 0xDA, 0x34, 0xDD, 0x23, 0x76,
0xE3, 0x39, 0xB6, 0x8E, 0x5D, 0x63, 0xD6, 0xDD, 0x42, 0x5B, 0xB4, 0x58, 0xCF, 0x2D, 0x47, 0x61,
0x2F, 0x3F, 0xC3, 0x20, 0xF5, 0xD6, 0xDB, 0xFD, 0x75, 0xCB, 0x06, 0xBC, 0x94, 0x4E, 0xE5, 0x3D,
0xC8, 0x70, 0xC6, 0xCB, 0xB9, 0xE0, 0x9B, 0x0F, 0x32, 0xA4, 0xC3, 0xCA, 0x46, 0x8C, 0x44, 0x2D,
0x2E, 0x71, 0xC8, 0xF0, 0x51, 0x17, 0x94, 0x5D, 0x40, 0xE2, 0x31, 0x9A, 0x24, 0x9F, 0x7C, 0xC5,
0xDC, 0xB9, 0xB4, 0x43, 0x23, 0x70, 0xF7, 0x73, 0x0A, 0x5A, 0x6B, 0x8D, 0x9C, 0x76, 0xB1, 0x23,
0x49, 0x35, 0x4E, 0x3E, 0x92, 0x22, 0xDF, 0xBB, 0x5E, 0xF4, 0x9E, 0x98, 0xCF, 0x51, 0xBE, 0xDF,
},
};
constexpr const u8 LibraryEmbeddedCa10CertificateModulus[2][GcCrypto::GcRsaKeyLength] = {
{
0xAA, 0x9B, 0x6C, 0xE2, 0x50, 0xE5, 0xEC, 0x25, 0xEE, 0x2D, 0x21, 0x9C, 0xB7, 0x4F, 0xA2, 0x72,
0x1E, 0x44, 0xB7, 0xFC, 0x65, 0x86, 0xAC, 0x81, 0xCC, 0x09, 0xDC, 0xAD, 0xB7, 0x68, 0x37, 0x52,
0x72, 0x81, 0xD5, 0xBA, 0x72, 0x11, 0x41, 0x71, 0x98, 0x46, 0xA9, 0x47, 0xF6, 0x95, 0x9D, 0x9B,
0x5E, 0xCA, 0x07, 0x5A, 0x57, 0xE0, 0xAB, 0x2E, 0xDB, 0xE5, 0xF3, 0x01, 0x3B, 0xBB, 0x2B, 0x2E,
0x44, 0x31, 0xA3, 0x0B, 0x2F, 0x3A, 0x51, 0xC4, 0x6B, 0x64, 0xD8, 0xF1, 0x01, 0x2D, 0xE9, 0xE8,
0x86, 0x30, 0xAC, 0xF8, 0x02, 0xA3, 0x5A, 0xBE, 0x60, 0xFB, 0x5C, 0x1C, 0x39, 0x7C, 0x8B, 0x4F,
0xBF, 0xE2, 0xDF, 0x1E, 0xF2, 0x69, 0x4E, 0xA3, 0x6A, 0x6C, 0x69, 0x97, 0xDD, 0xF1, 0xB2, 0x14,
0x63, 0x8F, 0xDD, 0x94, 0xC5, 0x7D, 0x73, 0xF6, 0xE1, 0xDA, 0x0C, 0xD5, 0x8B, 0x69, 0x76, 0x06,
0xC1, 0xE7, 0x61, 0x1C, 0x4B, 0xF2, 0x5B, 0x18, 0x6B, 0xB0, 0x05, 0x34, 0x2C, 0x4C, 0xAB, 0x45,
0xF3, 0x88, 0x2E, 0x71, 0xFD, 0x7A, 0x7F, 0xC3, 0x0D, 0xB4, 0xB4, 0x71, 0xDF, 0xEE, 0x9A, 0xAA,
0x1E, 0x26, 0xD5, 0x17, 0x43, 0x6A, 0x6B, 0x4E, 0x93, 0xA2, 0xEE, 0x88, 0xAB, 0x5E, 0xFB, 0x68,
0x32, 0x78, 0xB3, 0xF7, 0xA5, 0x16, 0x1C, 0x19, 0x6A, 0x66, 0xA4, 0xE3, 0x97, 0x8F, 0x7B, 0x19,
0x1D, 0xE4, 0x2D, 0x50, 0x09, 0x41, 0x4A, 0x77, 0xF7, 0xA0, 0xBD, 0xEE, 0x99, 0x18, 0x9B, 0xA7,
0x67, 0xFF, 0x67, 0xF6, 0xDA, 0xD0, 0x31, 0xEF, 0x8E, 0x4F, 0x1C, 0xC6, 0xBA, 0xC6, 0xC4, 0x3D,
0x81, 0xB9, 0xFD, 0x9F, 0x2E, 0xF0, 0x4C, 0x50, 0x05, 0x9D, 0x08, 0x45, 0xA2, 0x15, 0x35, 0xE9,
0xC2, 0xED, 0xFD, 0x2F, 0xF7, 0xD3, 0xA8, 0x39, 0xD5, 0xD2, 0xF4, 0x79, 0x58, 0x76, 0x43, 0xCB,
},
{
0xC5, 0x42, 0x7B, 0x81, 0x51, 0x70, 0x8B, 0x84, 0xBD, 0x16, 0x21, 0x37, 0x9E, 0xBC, 0x54, 0xEC,
0x97, 0xFB, 0x16, 0x81, 0x77, 0x5B, 0x67, 0x02, 0xE5, 0x7E, 0x06, 0x60, 0xC9, 0x3B, 0x4B, 0x98,
0xB1, 0xEB, 0xE2, 0xA6, 0x46, 0xA5, 0xBB, 0xD1, 0x8A, 0xF4, 0xAB, 0x6D, 0x60, 0xD0, 0xC3, 0xFD,
0xE5, 0x9F, 0x80, 0xA4, 0xA5, 0xDF, 0xD2, 0xAD, 0x64, 0x8E, 0xB4, 0x72, 0x22, 0x95, 0xDB, 0x5F,
0xB1, 0x38, 0x43, 0x1C, 0x25, 0xFE, 0x73, 0x10, 0xF4, 0xB8, 0xBD, 0xAA, 0xCF, 0x1A, 0x12, 0x1F,
0x7C, 0xED, 0x72, 0x3E, 0xCC, 0xF9, 0x75, 0x28, 0x21, 0x83, 0x74, 0x92, 0x72, 0xD4, 0xD5, 0x01,
0x59, 0x2A, 0x7A, 0x6F, 0x80, 0xA3, 0xA5, 0x63, 0xD5, 0x09, 0x36, 0xCE, 0x0C, 0x3F, 0xCF, 0x08,
0x10, 0x29, 0xEE, 0xB9, 0xB1, 0xE2, 0x79, 0x02, 0xEC, 0xE8, 0x51, 0x72, 0x4D, 0x60, 0xE4, 0xAC,
0x76, 0x23, 0x06, 0x45, 0x6F, 0x02, 0xDB, 0x7A, 0xBC, 0x46, 0xC4, 0xF8, 0x3E, 0xC2, 0x1B, 0x9C,
0x6A, 0xC3, 0x37, 0xE7, 0xC2, 0x85, 0x80, 0xA6, 0xB1, 0x41, 0xC6, 0x43, 0x2A, 0xD9, 0x45, 0x63,
0x4D, 0x8E, 0xCB, 0xA2, 0x79, 0x54, 0x94, 0x54, 0xE7, 0x34, 0xEA, 0xAD, 0xE9, 0x47, 0x52, 0x6C,
0x96, 0x22, 0xF2, 0xD6, 0xDC, 0xB7, 0x45, 0x03, 0xB6, 0xC8, 0x36, 0x92, 0x10, 0x4A, 0x40, 0x2B,
0x05, 0x34, 0x78, 0x2A, 0xAD, 0x6A, 0x8E, 0x7F, 0xA1, 0x22, 0x3A, 0xC5, 0xD1, 0x0A, 0x4D, 0xD8,
0x7A, 0x9A, 0x53, 0x9A, 0x00, 0xAF, 0x70, 0x76, 0xC1, 0xF9, 0x9C, 0x98, 0x02, 0xCB, 0x4C, 0xF5,
0x9E, 0x51, 0x29, 0x72, 0x4C, 0x13, 0x45, 0xCA, 0xB1, 0xA4, 0x4A, 0x4E, 0x32, 0xCC, 0x23, 0xA8,
0x69, 0xBE, 0x82, 0xD5, 0x86, 0x22, 0xA5, 0xEE, 0x97, 0x1A, 0xFF, 0x11, 0xF0, 0xE7, 0x66, 0x0B,
},
};
constexpr const u8 LibraryEmbeddedCardHeaderKey[2][GcCrypto::GcAesKeyLength] = {
{ 0x01, 0xC5, 0x8F, 0xE7, 0x00, 0x2D, 0x13, 0x5A, 0xB2, 0x9A, 0x3F, 0x69, 0x33, 0x95, 0x74, 0xB1, },
{ 0xCB, 0xA7, 0xB8, 0x75, 0xEB, 0x67, 0x05, 0xFB, 0x46, 0x0A, 0x33, 0xFD, 0x34, 0x09, 0x13, 0xB4, },
};
constexpr const u8 LibraryEmbeddedConcatenatedGcKeys[2][0x70] = {
{
0x98, 0x42, 0xD1, 0x45, 0x92, 0xEE, 0x79, 0xAE, 0xE3, 0xAA, 0xC9, 0xEA, 0x6A, 0x67, 0xC4, 0xB4,
0x5E, 0x18, 0x1E, 0x0C, 0xC0, 0xA2, 0x1C, 0x0E, 0x05, 0xA4, 0x49, 0x30, 0x53, 0x7F, 0xC8, 0xE2,
0xB9, 0xFB, 0x97, 0x31, 0x0A, 0x4E, 0x28, 0xE7, 0x1E, 0x69, 0x8C, 0xEE, 0xED, 0x26, 0x20, 0x14,
0x63, 0x76, 0xBC, 0x1D, 0x86, 0xED, 0x11, 0x01, 0x4D, 0xB0, 0xFC, 0x88, 0xD4, 0x64, 0x15, 0x03,
0x68, 0x95, 0x4D, 0x5A, 0x87, 0x57, 0x81, 0xB6, 0x6C, 0xD1, 0xEF, 0x40, 0x9D, 0x74, 0xF1, 0xA5,
0xDA, 0xCA, 0x1F, 0x3E, 0x78, 0x96, 0xCA, 0x2F, 0x1A, 0x47, 0xA3, 0x19, 0x47, 0x47, 0xC4, 0x54,
0x5C, 0x97, 0x02, 0x74, 0xF2, 0x69, 0xA2, 0x14, 0x46, 0xFC, 0x5B, 0x21, 0x85, 0x29, 0xCB, 0x16,
},
{
0xE8, 0x17, 0xE6, 0x0B, 0xE2, 0x6C, 0x32, 0x30, 0x45, 0xF7, 0xBA, 0x8D, 0xBD, 0x99, 0x15, 0x62,
0xD1, 0x1C, 0x1C, 0x2C, 0x42, 0xC1, 0x2E, 0x1B, 0x4A, 0xF1, 0x65, 0x3B, 0x0D, 0x37, 0xF3, 0xC6,
0x91, 0xB2, 0x5C, 0x22, 0xB9, 0x47, 0xF1, 0x15, 0xB0, 0xEE, 0x16, 0xC5, 0x3F, 0xCC, 0x58, 0xD6,
0xA6, 0xAC, 0x06, 0x47, 0x3A, 0xA0, 0x9B, 0x12, 0xE2, 0x50, 0x80, 0x13, 0x49, 0x2C, 0x3C, 0xED,
0x35, 0x5B, 0xA3, 0x6D, 0x26, 0x1E, 0xF6, 0xC9, 0xFA, 0xD2, 0x43, 0x81, 0x5A, 0xD0, 0x22, 0x75,
0x78, 0x5A, 0x92, 0xE4, 0x91, 0x49, 0xD8, 0x28, 0x57, 0x57, 0x49, 0x68, 0x01, 0x0E, 0xA4, 0x10,
0x5B, 0x05, 0x47, 0x03, 0xD1, 0x1B, 0xA7, 0xCA, 0xD9, 0x06, 0x10, 0x02, 0x85, 0xA3, 0x99, 0x26,
},
};
constexpr const u8 LibraryEmbeddedSplEncryptedKek[GcCrypto::GcAesKeyLength] = {
0x42, 0xF1, 0xEB, 0xCB, 0xDD, 0xED, 0x82, 0xAF, 0x32, 0x4E, 0x0D, 0xF4, 0x84, 0xF2, 0xAB, 0x57,
};
constexpr const u8 LibraryEmbeddedIvForKek[2][GcCrypto::GcAesCbcIvLength] = {
{ 0xC6, 0x09, 0x0A, 0x32, 0x51, 0xA5, 0x26, 0xEC, 0x8F, 0x2B, 0xA9, 0x3E, 0xCC, 0x62, 0xF0, 0x92 },
{ 0x23, 0xA6, 0xFE, 0x53, 0xE7, 0x16, 0x86, 0xFB, 0x9B, 0xB5, 0x72, 0x32, 0x42, 0x01, 0xA3, 0xC7 },
};
}
constinit bool EmbeddedDataHolder::s_is_dev = false;
constinit const void *EmbeddedDataHolder::s_ca_public_exponent = LibraryEmbeddedCaPublicExponent;
constinit const void *EmbeddedDataHolder::s_ca1_modulus = LibraryEmbeddedCa1Modulus;
constinit const void *EmbeddedDataHolder::s_ca9_modulus = LibraryEmbeddedCa9Modulus;
constinit const void *EmbeddedDataHolder::s_ca10_modulus = LibraryEmbeddedCa10Modulus[0];
constinit const void *EmbeddedDataHolder::s_ca10_certificate_modulus = LibraryEmbeddedCa10CertificateModulus[0];
constinit const void *EmbeddedDataHolder::s_card_header_key = LibraryEmbeddedCardHeaderKey[0];
Result EmbeddedDataHolder::SetLibraryEmbeddedKeys(bool is_dev) {
ConcatenatedGcLibraryEmbeddedKeys embedded_keys;
R_TRY(DecryptoEmbeddedKeys(std::addressof(embedded_keys), sizeof(embedded_keys), is_dev));
{
/* TODO: Set hmac/cv keys. */
AMS_UNUSED(embedded_keys);
}
R_SUCCEED();
}
Result EmbeddedDataHolder::DecryptoEmbeddedKeys(ConcatenatedGcLibraryEmbeddedKeys *out, size_t out_size, bool is_dev) {
/* Determine key index. */
const auto key_idx = is_dev ? 1 : 0;
/* Set global pointers. */
s_is_dev = is_dev;
s_ca10_modulus = LibraryEmbeddedCa10Modulus[key_idx];
s_ca10_certificate_modulus = LibraryEmbeddedCa10CertificateModulus[key_idx];
s_card_header_key = LibraryEmbeddedCardHeaderKey[key_idx];
/* Get the keys/iv. */
ConcatenatedGcLibraryEmbeddedKeys keys;
std::memcpy(std::addressof(keys), LibraryEmbeddedConcatenatedGcKeys[key_idx], sizeof(keys));
static_assert(sizeof(LibraryEmbeddedConcatenatedGcKeys[0]) == sizeof(*out));
const void *iv_for_kek = LibraryEmbeddedIvForKek[key_idx];
/* Generate the kek. */
u8 kek[GcCrypto::GcAesKeyLength] = {};
crypto::Aes128CtrDecryptor aes_ctr;
ON_SCOPE_EXIT {
crypto::ClearMemory(kek, sizeof(kek));
aes_ctr.Initialize(kek, sizeof(kek), iv_for_kek, GcCrypto::GcAesCbcIvLength);
};
constexpr const auto KeyGeneration = 4;
R_TRY(GcCrypto::DecryptAesKeySpl(kek, sizeof(kek), LibraryEmbeddedSplEncryptedKek, sizeof(LibraryEmbeddedSplEncryptedKek), KeyGeneration, 0));
/* Decrypt the embedded keys. */
aes_ctr.Initialize(kek, sizeof(kek), iv_for_kek, GcCrypto::GcAesCbcIvLength);
aes_ctr.Update(out, out_size, std::addressof(keys), sizeof(keys));
R_SUCCEED();
}
}

View file

@ -0,0 +1,135 @@
/*
* Copyright (c) Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stratosphere.hpp>
namespace ams::gc::impl {
bool GcCrypto::CheckDevelopmentSpl() {
return spl::IsDevelopment();
}
Result GcCrypto::DecryptAesKeySpl(void *dst, size_t dst_size, const void *src, size_t src_size, s32 generation, u32 option) {
R_UNLESS(R_SUCCEEDED(spl::DecryptAesKey(dst, dst_size, src, src_size, generation, option)), fs::ResultGameCardSplDecryptAesKeyFailure());
R_SUCCEED();
}
Result GcCrypto::VerifyCardHeader(const void *header_buffer, size_t header_size, const void *modulus, size_t modulus_size) {
/* Check pre-conditions. */
AMS_ABORT_UNLESS(header_size == sizeof(CardHeaderWithSignature));
AMS_ABORT_UNLESS(modulus_size == GcRsaKeyLength);
/* Get cert buffer as type. */
const auto * const header = static_cast<const CardHeaderWithSignature *>(header_buffer);
/* Verify the signature. */
const void *mod = modulus != nullptr ? modulus : EmbeddedDataHolder::s_ca10_modulus;
const size_t mod_size = GcRsaKeyLength;
const void *exp = EmbeddedDataHolder::s_ca_public_exponent;
const size_t exp_size = GcRsaPublicExponentLength;
const void *sig = header->signature;
const size_t sig_size = sizeof(header->signature);
const void *msg = std::addressof(header->data);
const size_t msg_size = sizeof(header->data);
const bool is_signature_valid = crypto::VerifyRsa2048Pkcs1Sha256(sig, sig_size, mod, mod_size, exp, exp_size, msg, msg_size);
R_UNLESS(is_signature_valid, fs::ResultGameCardInvalidCardHeader());
R_SUCCEED();
}
Result GcCrypto::VerifyT1CardCertificate(const void *cert_buffer, size_t cert_size) {
/* Check pre-conditions. */
AMS_ASSERT(cert_size == sizeof(T1CardCertificate));
/* Get cert buffer as type. */
const auto * const cert = static_cast<const T1CardCertificate *>(cert_buffer);
/* Verify the signature. */
const void *mod = EmbeddedDataHolder::s_ca9_modulus;
const size_t mod_size = GcRsaKeyLength;
const void *exp = EmbeddedDataHolder::s_ca_public_exponent;
const size_t exp_size = GcRsaPublicExponentLength;
const void *sig = cert->signature;
const size_t sig_size = sizeof(cert->signature);
const void *msg = reinterpret_cast<const u8 *>(cert) + sig_size;
const size_t msg_size = sizeof(*cert) - (sig_size + sizeof(cert->padding));
const bool is_signature_valid = crypto::VerifyRsa2048Pkcs1Sha256(sig, sig_size, mod, mod_size, exp, exp_size, msg, msg_size);
R_UNLESS(is_signature_valid, fs::ResultGameCardInvalidT1CardCertificate());
R_SUCCEED();
}
Result GcCrypto::VerifyCa10Certificate(const void *cert_buffer, size_t cert_size) {
/* Check pre-conditions. */
AMS_ASSERT(cert_size == sizeof(Ca10Certificate));
/* Get header buffer as type. */
const auto * const cert = static_cast<const Ca10Certificate *>(cert_buffer);
/* Verify the signature. */
const void *mod = EmbeddedDataHolder::s_ca10_certificate_modulus;
const size_t mod_size = GcRsaKeyLength;
const void *exp = EmbeddedDataHolder::s_ca_public_exponent;
const size_t exp_size = GcRsaPublicExponentLength;
const void *sig = cert->signature;
const size_t sig_size = sizeof(cert->signature);
const void *msg = reinterpret_cast<const u8 *>(cert) + sig_size;
const size_t msg_size = sizeof(*cert) - sig_size;
const bool is_signature_valid = crypto::VerifyRsa2048Pkcs1Sha256(sig, sig_size, mod, mod_size, exp, exp_size, msg, msg_size);
R_UNLESS(is_signature_valid, fs::ResultGameCardInvalidCa10Certificate());
R_SUCCEED();
}
Result GcCrypto::EncryptCardHeader(void *header_buffer, size_t header_size) {
/* Check pre-conditions. */
R_UNLESS(header_size == sizeof(CardHeader), fs::ResultGameCardPreconditionViolation());
/* Get header buffer as type. */
auto * const header = static_cast<CardHeader *>(header_buffer);
/* Construct iv. */
u8 iv[GcAesCbcIvLength];
for (size_t i = 0; i < GcAesCbcIvLength; ++i) {
iv[i] = header->iv[GcAesCbcIvLength - 1 - i];
}
/* Encrypt. */
crypto::EncryptAes128Cbc(std::addressof(header->encrypted_data), sizeof(header->encrypted_data), EmbeddedDataHolder::s_card_header_key, GcAesKeyLength, iv, GcAesCbcIvLength, std::addressof(header->encrypted_data), sizeof(header->encrypted_data));
R_SUCCEED();
}
Result GcCrypto::DecryptCardHeader(void *header_buffer, size_t header_size) {
/* Check pre-conditions. */
R_UNLESS(header_size == sizeof(CardHeader), fs::ResultGameCardPreconditionViolation());
/* Get header buffer as type. */
auto * const header = static_cast<CardHeader *>(header_buffer);
/* Construct iv. */
u8 iv[GcAesCbcIvLength];
for (size_t i = 0; i < GcAesCbcIvLength; ++i) {
iv[i] = header->iv[GcAesCbcIvLength - 1 - i];
}
/* Decrypt. */
crypto::DecryptAes128Cbc(std::addressof(header->encrypted_data), sizeof(header->encrypted_data), EmbeddedDataHolder::s_card_header_key, GcAesKeyLength, iv, GcAesCbcIvLength, std::addressof(header->encrypted_data), sizeof(header->encrypted_data));
R_SUCCEED();
}
}

View file

@ -75,6 +75,8 @@ namespace ams::spl {
} }
Result LoadAesKey(s32 slot, const AccessKey &access_key, const void *key_source, size_t key_source_size) { Result LoadAesKey(s32 slot, const AccessKey &access_key, const void *key_source, size_t key_source_size) {
EnsureInitialized();
AMS_ASSERT(key_source_size == sizeof(KeySource)); AMS_ASSERT(key_source_size == sizeof(KeySource));
AMS_UNUSED(key_source_size); AMS_UNUSED(key_source_size);
@ -82,6 +84,8 @@ namespace ams::spl {
} }
Result GenerateAesKey(void *dst, size_t dst_size, const AccessKey &access_key, const void *key_source, size_t key_source_size) { Result GenerateAesKey(void *dst, size_t dst_size, const AccessKey &access_key, const void *key_source, size_t key_source_size) {
EnsureInitialized();
AMS_ASSERT(dst_size >= sizeof(AesKey)); AMS_ASSERT(dst_size >= sizeof(AesKey));
AMS_ASSERT(key_source_size == sizeof(KeySource)); AMS_ASSERT(key_source_size == sizeof(KeySource));
AMS_UNUSED(dst_size, key_source_size); AMS_UNUSED(dst_size, key_source_size);
@ -92,6 +96,8 @@ namespace ams::spl {
} }
Result ComputeCtr(void *dst, size_t dst_size, s32 slot, const void *src, size_t src_size, const void *iv, size_t iv_size) { Result ComputeCtr(void *dst, size_t dst_size, s32 slot, const void *src, size_t src_size, const void *iv, size_t iv_size) {
EnsureInitialized();
AMS_ASSERT(iv_size >= sizeof(IvCtr)); AMS_ASSERT(iv_size >= sizeof(IvCtr));
AMS_UNUSED(iv_size); AMS_UNUSED(iv_size);
AMS_ASSERT(dst_size >= src_size); AMS_ASSERT(dst_size >= src_size);
@ -99,11 +105,27 @@ namespace ams::spl {
R_RETURN(impl::ComputeCtr(dst, dst_size, slot, src, src_size, *static_cast<const IvCtr *>(iv))); R_RETURN(impl::ComputeCtr(dst, dst_size, slot, src, src_size, *static_cast<const IvCtr *>(iv)));
} }
Result DecryptAesKey(void *dst, size_t dst_size, const void *key_source, size_t key_source_size, s32 generation, u32 option) {
EnsureInitialized();
AMS_ASSERT(dst_size >= crypto::AesEncryptor128::KeySize);
AMS_ASSERT(key_source_size == sizeof(KeySource));
AMS_UNUSED(dst_size, key_source_size);
R_RETURN(WaitAvailableKeySlotAndExecute([&]() -> Result {
R_RETURN(impl::DecryptAesKey(static_cast<AesKey *>(dst), *static_cast<const KeySource *>(key_source), static_cast<u32>(generation), option));
}));
}
Result LoadPreparedAesKey(s32 slot, const AccessKey &access_key) { Result LoadPreparedAesKey(s32 slot, const AccessKey &access_key) {
EnsureInitialized();
R_RETURN(impl::LoadPreparedAesKey(slot, access_key)); R_RETURN(impl::LoadPreparedAesKey(slot, access_key));
} }
Result PrepareCommonEsTitleKey(AccessKey *out, const void *key_source, const size_t key_source_size, int generation) { Result PrepareCommonEsTitleKey(AccessKey *out, const void *key_source, const size_t key_source_size, int generation) {
EnsureInitialized();
AMS_ASSERT(key_source_size == sizeof(KeySource)); AMS_ASSERT(key_source_size == sizeof(KeySource));
R_RETURN(impl::PrepareCommonEsTitleKey(out, *static_cast<const KeySource *>(key_source), generation)); R_RETURN(impl::PrepareCommonEsTitleKey(out, *static_cast<const KeySource *>(key_source), generation));

View file

@ -29,6 +29,7 @@
#include <vapours/crypto/crypto_aes_ctr_encryptor_decryptor.hpp> #include <vapours/crypto/crypto_aes_ctr_encryptor_decryptor.hpp>
#include <vapours/crypto/crypto_aes_xts_encryptor_decryptor.hpp> #include <vapours/crypto/crypto_aes_xts_encryptor_decryptor.hpp>
#include <vapours/crypto/crypto_aes_gcm_encryptor.hpp> #include <vapours/crypto/crypto_aes_gcm_encryptor.hpp>
#include <vapours/crypto/crypto_rsa_pkcs1_sha256_verifier.hpp>
#include <vapours/crypto/crypto_rsa_pss_sha256_verifier.hpp> #include <vapours/crypto/crypto_rsa_pss_sha256_verifier.hpp>
#include <vapours/crypto/crypto_rsa_oaep_sha256_decoder.hpp> #include <vapours/crypto/crypto_rsa_oaep_sha256_decoder.hpp>
#include <vapours/crypto/crypto_rsa_oaep_sha256_decryptor.hpp> #include <vapours/crypto/crypto_rsa_oaep_sha256_decryptor.hpp>

View file

@ -0,0 +1,53 @@
/*
* Copyright (c) Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <vapours/common.hpp>
#include <vapours/assert.hpp>
#include <vapours/util.hpp>
#include <vapours/crypto/crypto_rsa_calculator.hpp>
#include <vapours/crypto/crypto_rsa_pkcs1_verifier.hpp>
#include <vapours/crypto/crypto_sha256_generator.hpp>
namespace ams::crypto {
namespace impl {
template<size_t Bits>
using RsaNPkcs1Sha256Verifier = ::ams::crypto::RsaPkcs1Verifier<Bits / BITSIZEOF(u8), ::ams::crypto::Sha256Generator>;
}
using Rsa2048Pkcs1Sha256Verifier = ::ams::crypto::impl::RsaNPkcs1Sha256Verifier<2048>;
using Rsa4096Pkcs1Sha256Verifier = ::ams::crypto::impl::RsaNPkcs1Sha256Verifier<4096>;
inline bool VerifyRsa2048Pkcs1Sha256(const void *sig, size_t sig_size, const void *mod, size_t mod_size, const void *exp, size_t exp_size, const void *msg, size_t msg_size) {
return Rsa2048Pkcs1Sha256Verifier::Verify(sig, sig_size, mod, mod_size, exp, exp_size, msg, msg_size);
}
inline bool VerifyRsa2048Pkcs1Sha256(const void *sig, size_t sig_size, const void *mod, size_t mod_size, const void *exp, size_t exp_size, const void *msg, size_t msg_size, void *work_buf, size_t work_buf_size) {
return Rsa2048Pkcs1Sha256Verifier::Verify(sig, sig_size, mod, mod_size, exp, exp_size, msg, msg_size, work_buf, work_buf_size);
}
inline bool VerifyRsa4096Pkcs1Sha256(const void *sig, size_t sig_size, const void *mod, size_t mod_size, const void *exp, size_t exp_size, const void *msg, size_t msg_size) {
return Rsa4096Pkcs1Sha256Verifier::Verify(sig, sig_size, mod, mod_size, exp, exp_size, msg, msg_size);
}
inline bool VerifyRsa4096Pkcs1Sha256(const void *sig, size_t sig_size, const void *mod, size_t mod_size, const void *exp, size_t exp_size, const void *msg, size_t msg_size, void *work_buf, size_t work_buf_size) {
return Rsa4096Pkcs1Sha256Verifier::Verify(sig, sig_size, mod, mod_size, exp, exp_size, msg, msg_size, work_buf, work_buf_size);
}
}

View file

@ -0,0 +1,115 @@
/*
* Copyright (c) Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <vapours/common.hpp>
#include <vapours/assert.hpp>
#include <vapours/util.hpp>
#include <vapours/crypto/crypto_rsa_calculator.hpp>
#include <vapours/crypto/impl/crypto_rsa_pkcs1_impl.hpp>
namespace ams::crypto {
template<size_t _ModulusSize, impl::HashFunction Hash>
class RsaPkcs1Verifier {
NON_COPYABLE(RsaPkcs1Verifier);
NON_MOVEABLE(RsaPkcs1Verifier);
public:
static constexpr size_t HashSize = Hash::HashSize;
static constexpr size_t ModulusSize = _ModulusSize;
static constexpr size_t SignatureSize = ModulusSize;
static constexpr size_t MaximumExponentSize = 3;
static constexpr size_t RequiredWorkBufferSize = RsaCalculator<ModulusSize, MaximumExponentSize>::RequiredWorkBufferSize;
private:
enum class State {
None,
Initialized,
Done,
};
private:
RsaCalculator<ModulusSize, MaximumExponentSize> m_calculator;
Hash m_hash;
State m_state;
public:
RsaPkcs1Verifier() : m_state(State::None) { /* ... */ }
bool Initialize(const void *mod, size_t mod_size, const void *exp, size_t exp_size) {
m_hash.Initialize();
if (m_calculator.Initialize(mod, mod_size, exp, exp_size)) {
m_state = State::Initialized;
return true;
} else {
return false;
}
}
void Update(const void *data, size_t size) {
AMS_ASSERT(m_state == State::Initialized);
return m_hash.Update(data, size);
}
bool Verify(const void *signature, size_t size) {
AMS_ASSERT(m_state == State::Initialized);
AMS_ASSERT(size == SignatureSize);
AMS_UNUSED(size);
ON_SCOPE_EXIT { m_state = State::Done; };
impl::RsaPkcs1Impl<Hash> impl;
u8 message[SignatureSize];
return m_calculator.ExpMod(message, signature, SignatureSize) && impl.CheckPad(message, sizeof(message), std::addressof(m_hash));
}
bool Verify(const void *signature, size_t size, void *work_buf, size_t work_buf_size) {
AMS_ASSERT(m_state == State::Initialized);
AMS_ASSERT(size == SignatureSize);
AMS_UNUSED(size);
ON_SCOPE_EXIT { m_state = State::Done; };
impl::RsaPkcs1Impl<Hash> impl;
u8 message[SignatureSize];
return m_calculator.ExpMod(message, signature, SignatureSize, work_buf, work_buf_size) && impl.CheckPad(message, sizeof(message), std::addressof(m_hash));
}
void GetHash(void *dst, size_t dst_size) {
AMS_ASSERT(m_state == State::Done);
if (m_state == State::Done) {
m_hash.GetHash(dst, dst_size);
}
}
static bool Verify(const void *sig, size_t sig_size, const void *mod, size_t mod_size, const void *exp, size_t exp_size, const void *msg, size_t msg_size) {
RsaPkcs1Verifier<ModulusSize, Hash> verifier;
if (!verifier.Initialize(mod, mod_size, exp, exp_size)) {
return false;
}
verifier.Update(msg, msg_size);
return verifier.Verify(sig, sig_size);
}
static bool Verify(const void *sig, size_t sig_size, const void *mod, size_t mod_size, const void *exp, size_t exp_size, const void *msg, size_t msg_size, void *work_buf, size_t work_buf_size) {
RsaPkcs1Verifier<ModulusSize, Hash> verifier;
if (!verifier.Initialize(mod, mod_size, exp, exp_size)) {
return false;
}
verifier.Update(msg, msg_size);
return verifier.Verify(sig, sig_size, work_buf, work_buf_size);
}
};
}

View file

@ -59,6 +59,7 @@ namespace ams::crypto {
} }
void Update(const void *data, size_t size) { void Update(const void *data, size_t size) {
AMS_ASSERT(m_state == State::Initialized);
return m_hash.Update(data, size); return m_hash.Update(data, size);
} }

View file

@ -0,0 +1,94 @@
/*
* Copyright (c) Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <vapours/common.hpp>
#include <vapours/assert.hpp>
#include <vapours/util.hpp>
#include <vapours/crypto/impl/crypto_hash_function.hpp>
namespace ams::crypto::impl {
template<HashFunction Hash>
class RsaPkcs1Impl {
NON_COPYABLE(RsaPkcs1Impl);
NON_MOVEABLE(RsaPkcs1Impl);
public:
static constexpr size_t HashSize = Hash::HashSize;
public:
RsaPkcs1Impl() { /* ... */ }
~RsaPkcs1Impl() { /* ... */ }
void BuildPad(void *out_block, size_t block_size, Hash *hash) {
AMS_ASSERT(block_size >= 2 + 1 + sizeof(Hash::Asn1Identifier) + HashSize);
u8 *dst = static_cast<u8 *>(out_block);
*(dst++) = 0x00;
*(dst++) = 0x01;
const size_t pad_len = block_size - (2 + 1 + sizeof(Hash::Asn1Identifier) + HashSize);
std::memset(dst, 0xFF, pad_len);
dst += pad_len;
*(dst++) = 0x00;
std::memcpy(dst, Hash::Asn1Identifier, sizeof(Hash::Asn1Identifier));
dst += sizeof(Hash::Asn1Identifier);
hash->GetHash(dst, HashSize);
}
bool CheckPad(const u8 *src, size_t block_size, Hash *hash) {
/* Check that block size is minimally big enough. */
if (block_size < 2 + 1 + sizeof(Hash::Asn1Identifier) + HashSize) {
return false;
}
/* Check that the padding if correctly of form 0001FF..FF00 */
if (*(src++) != 0x00) {
return false;
}
if (*(src++) != 0x01) {
return false;
}
const size_t pad_len = block_size - (2 + 1 + sizeof(Hash::Asn1Identifier) + HashSize);
for (size_t i = 0; i < pad_len; ++i) {
if (*(src++) != 0xFF) {
return false;
}
}
if (*(src++) != 0x00) {
return false;
}
/* Check that the asn1 identifier matches. */
if (std::memcmp(src, Hash::Asn1Identifier, sizeof(Hash::Asn1Identifier)) != 0) {
return false;
}
src += sizeof(Hash::Asn1Identifier);
/* Check the hash. */
u8 calc_hash[HashSize];
hash->GetHash(calc_hash, sizeof(calc_hash));
return std::memcmp(calc_hash, src, HashSize) == 0;
}
};
}

View file

@ -48,6 +48,15 @@ namespace ams::fs {
R_DEFINE_ERROR_RESULT(SdCardNotPresent, 2001); R_DEFINE_ERROR_RESULT(SdCardNotPresent, 2001);
R_DEFINE_ERROR_RANGE(GameCardAccessFailed, 2500, 2999); R_DEFINE_ERROR_RANGE(GameCardAccessFailed, 2500, 2999);
R_DEFINE_ERROR_RESULT(GameCardPreconditionViolation, 2503);
R_DEFINE_ERROR_RANGE(GameCardCardAccessFailure, 2530, 2559);
R_DEFINE_ERROR_RESULT(GameCardInvalidCardHeader, 2554);
R_DEFINE_ERROR_RESULT(GameCardInvalidT1CardCertificate, 2555);
R_DEFINE_ERROR_RESULT(GameCardInvalidCa10Certificate, 2557);
R_DEFINE_ERROR_RANGE(GameCardSplFailure, 2665, 2669);
R_DEFINE_ERROR_RESULT(GameCardSplDecryptAesKeyFailure, 2666);
R_DEFINE_ERROR_RESULT(NotImplemented, 3001); R_DEFINE_ERROR_RESULT(NotImplemented, 3001);
R_DEFINE_ERROR_RESULT(UnsupportedVersion, 3002); R_DEFINE_ERROR_RESULT(UnsupportedVersion, 3002);