From 81b874cc14b7b12cd96272813120f647d855c07c Mon Sep 17 00:00:00 2001
From: TuxSH <tuxsh@sfr.fr>
Date: Tue, 20 Feb 2018 19:29:44 +0100
Subject: [PATCH] Fix minor build issues in gcm.c, etc.

---
 exosphere/gcm.c | 75 ++++++++++++++++++++++---------------------------
 exosphere/gcm.h |  4 +--
 2 files changed, 36 insertions(+), 43 deletions(-)

diff --git a/exosphere/gcm.c b/exosphere/gcm.c
index f20ab122f..cc6ddbf7b 100644
--- a/exosphere/gcm.c
+++ b/exosphere/gcm.c
@@ -7,14 +7,14 @@
 #include "se.h"
 
 /* Shifts right a little endian 128-bit value. */
-void shr_128(uint64_t *val) {
+static void shr_128(uint64_t *val) {
     val[0] >>= 1;
     val[0] |= (val[1] & 1) << 63;
     val[1] >>= 1;
 }
 
 /* Shifts left a little endian 128-bit value. */
-void shl_128(uint64_t *val) {
+static void shl_128(uint64_t *val) {
     val[1] <<= 1;
     val[1] |= (val[0] & (1ULL << 63)) >> 63;
     val[0] <<= 1;
@@ -22,11 +22,11 @@ void shl_128(uint64_t *val) {
 
 
 /* Multiplies two 128-bit numbers X,Y in the GF(128) Galois Field. */
-void gf128_mul(uint8_t *dst, const uint8_t *x, const uint8_t *y) {
+static void gf128_mul(uint8_t *dst, const uint8_t *x, const uint8_t *y) {
     uint8_t x_work[0x10];
     uint8_t y_work[0x10];
     uint8_t dst_work[0x10];
-    
+
     uint64_t *p_x = (uint64_t *)(&x_work[0]);
     uint64_t *p_y = (uint64_t *)(&y_work[0]);
     uint64_t *p_dst = (uint64_t *)(&dst_work[0]);
@@ -37,17 +37,17 @@ void gf128_mul(uint8_t *dst, const uint8_t *x, const uint8_t *y) {
         y_work[i] = y[0xF-i];
         dst_work[i] = 0;
     }
-    
+
     /* Perform operation for each bit in y. */
     for (unsigned int round = 0; round < 0x80; round++) {
         p_dst[0] ^= p_x[0] * ((y_work[0xF] & 0x80) >> 7);
         p_dst[1] ^= p_x[1] * ((y_work[0xF] & 0x80) >> 7);
         shl_128(p_y);
-        uint8_t xor = 0xE1 * (x_work[0] & 1);
+        uint8_t xval = 0xE1 * (x_work[0] & 1);
         shr_128(p_x);
-        x_work[0xF] ^= xor;
+        x_work[0xF] ^= xval;
     }
-    
+
     for (unsigned int i = 0; i < 0x10; i++) {
         dst[i] = dst_work[0xF-i];
     }
@@ -56,50 +56,48 @@ void gf128_mul(uint8_t *dst, const uint8_t *x, const uint8_t *y) {
 
 
 /* Performs an AES-GCM GHASH operation over the data into dst. */
-void ghash(void *dst, const void *data, size_t data_size, const void *j_block, int encrypt) {
+static void ghash(void *dst, const void *data, size_t data_size, const void *j_block, int encrypt) {
     uint8_t x[0x10];
     uint8_t h[0x10];
-    
+
     uint64_t *p_x = (uint64_t *)(&x[0]);
     uint64_t *p_data = (uint64_t *)data;
-    
-    for (unsigned int i = 0; i < 0x10; i++) {
-        x[i] = 0;
-    }
-    
+
+    memset(x, 0, 0x10);
+
     /* H = aes_ecb_encrypt(zeroes) */
     se_aes_ecb_encrypt_block(KEYSLOT_SWITCH_TEMPKEY, h, 0x10, x, 0x10);
 
     size_t total_size = data_size;
-    
+
     while (data_size >= 0x10) {
         /* X = (X ^ current_block) * H */
         p_x[0] ^= p_data[0];
         p_x[1] ^= p_data[1];
 
-        gf128_mul(x, x, h)
-        
+        gf128_mul(x, x, h);
+
         /* Increment p_data by 0x10 bytes. */
         p_data += 2;
         data_size -= 0x10;
     }
-    
+
     /* Nintendo's code *discards all data in the last block* if unaligned. */
     /* And treats that block as though it were all-zero. */
     /* This is a bug, they just forget to XOR with the copy of the last block they save. */
     if (data_size & 0xF) {
-        gf128_mul(x, x, h)
+        gf128_mul(x, x, h);
     }
-    
+
     /* Due to a Nintendo bug, the wrong QWORD gets XOR'd in the "final output block" case. */
     if (encrypt) {
         p_x[1] ^= (uint64_t)(total_size << 3);
     } else {
         p_x[0] ^= (uint64_t)(total_size << 3);
     }
-    
-    gf128_mul(x, x, h)
-    
+
+    gf128_mul(x, x, h);
+
     /* If final output block, XOR with encrypted J block. */
     if (encrypt) {
         se_aes_ecb_encrypt_block(KEYSLOT_SWITCH_TEMPKEY, h, 0x10, j_block, 0x10);
@@ -107,19 +105,14 @@ void ghash(void *dst, const void *data, size_t data_size, const void *j_block, i
             x[i] ^= h[i];
         }
     }
-    
+
     /* Copy output. */
-    for (unsigned int i = 0; i < 0x10; i++) {
-        ((uint8_t *)dst)[i] = x[i];
-    }
-    
+    memcpy(dst, x, 0x10);
 }
 
 
 /* This function is a doozy. It decrypts and validates a (non-standard) AES-GCM wrapped keypair. */
-int gcm_decrypt_key(unsigned int keyslot, void *dst, size_t dst_size, const void *src, size_t src_size, const void *sealed_kek, size_t kek_size, const void *wrapped_key, size_t key_size, unsigned int usecase, int is_personalized) {
-    
-    
+size_t gcm_decrypt_key(unsigned int keyslot, void *dst, size_t dst_size, const void *src, size_t src_size, const void *sealed_kek, size_t kek_size, const void *wrapped_key, size_t key_size, unsigned int usecase, int is_personalized) {
     if (is_personalized == 0) {
         /* Devkit keys use a different keyformat without a MAC/Device ID. */
         if (src_size <= 0x10 || src_size - 0x10 > dst_size) {
@@ -130,30 +123,30 @@ int gcm_decrypt_key(unsigned int keyslot, void *dst, size_t dst_size, const void
             panic();
         }
     }
-    
+
     /* Unwrap the key */
     unseal_key(KEYSLOT_SWITCH_TEMPKEY, sealed_kek, kek_size, usecase);
     decrypt_data_into_keyslot(KEYSLOT_SWITCH_TEMPKEY, KEYSLOT_SWITCH_TEMPKEY, wrapped_key, key_size);
-    
+
     /* Decrypt the GCM keypair, AES-CTR with CTR = blob[:0x10]. */
     se_aes_ctr_crypt(KEYSLOT_SWITCH_TEMPKEY, dst, dst_size, src + 0x10, src_size - 0x10, src, 0x10);
 
-    
+
     if (is_personalized == 0) {
         /* Devkit non-personalized keys have no further authentication. */
         return src_size - 0x10;
     }
-    
+
     /* J = GHASH(CTR); */
     uint8_t j_block[0x10];
     ghash(j_block, src, 0x10, NULL, 0);
-    
+
     /* MAC = GHASH(PLAINTEXT) ^ ENCRYPT(J) */
     /* Note: That MAC is calculated over plaintext is non-standard. */
     /* It is supposed to be over the ciphertext. */
     uint8_t calc_mac[0x10];
     ghash(calc_mac, dst, src_size - 0x20, j_block, 1);
-    
+
     /* Const-time memcmp. */
     int different = 0;
     for (unsigned int i = 0; i < 0x10; i++) {
@@ -162,8 +155,8 @@ int gcm_decrypt_key(unsigned int keyslot, void *dst, size_t dst_size, const void
     if (different) {
         return 0;
     }
-    
+
     /* TODO: Validate Device ID matches in blob data from fuses. */
-    
+
     return src_size - 0x30;
-}
\ No newline at end of file
+}
diff --git a/exosphere/gcm.h b/exosphere/gcm.h
index 89fe0e1ed..bfae2a984 100644
--- a/exosphere/gcm.h
+++ b/exosphere/gcm.h
@@ -3,6 +3,6 @@
 
 #include <stdint.h>
 
-int gcm_decrypt_key(unsigned int keyslot, void *dst, size_t dst_size, const void *src, size_t src_size, const void *sealed_kek, size_t kek_size, const void *wrapped_key, size_t key_size, unsigned int usecase, int is_personalized);
+size_t gcm_decrypt_key(unsigned int keyslot, void *dst, size_t dst_size, const void *src, size_t src_size, const void *sealed_kek, size_t kek_size, const void *wrapped_key, size_t key_size, unsigned int usecase, int is_personalized);
 
-#endif
\ No newline at end of file
+#endif