mirror of
https://github.com/Atmosphere-NX/Atmosphere
synced 2025-01-10 23:04:44 +00:00
spl: Finish implementing EsService.
This commit is contained in:
parent
0a194cb6a6
commit
99106076e6
5 changed files with 89 additions and 10 deletions
|
@ -24,13 +24,11 @@ Result EsService::ImportEsKey(InPointer<u8> src, AccessKey access_key, KeySource
|
||||||
}
|
}
|
||||||
|
|
||||||
Result EsService::UnwrapTitleKey(Out<AccessKey> out_access_key, InPointer<u8> base, InPointer<u8> mod, InPointer<u8> label_digest, u32 generation) {
|
Result EsService::UnwrapTitleKey(Out<AccessKey> out_access_key, InPointer<u8> base, InPointer<u8> mod, InPointer<u8> label_digest, u32 generation) {
|
||||||
/* TODO */
|
return this->GetSecureMonitorWrapper()->UnwrapTitleKey(out_access_key.GetPointer(), base.pointer, base.num_elements, mod.pointer, mod.num_elements, label_digest.pointer, label_digest.num_elements, generation);
|
||||||
return ResultKernelConnectionClosed;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
Result EsService::UnwrapCommonTitleKey(Out<AccessKey> out_access_key, KeySource key_source, u32 generation) {
|
Result EsService::UnwrapCommonTitleKey(Out<AccessKey> out_access_key, KeySource key_source, u32 generation) {
|
||||||
/* TODO */
|
return this->GetSecureMonitorWrapper()->UnwrapCommonTitleKey(out_access_key.GetPointer(), key_source, generation);
|
||||||
return ResultKernelConnectionClosed;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
Result EsService::ImportDrmKey(InPointer<u8> src, AccessKey access_key, KeySource key_source) {
|
Result EsService::ImportDrmKey(InPointer<u8> src, AccessKey access_key, KeySource key_source) {
|
||||||
|
@ -42,11 +40,9 @@ Result EsService::DrmExpMod(OutPointerWithClientSize<u8> out, InPointer<u8> base
|
||||||
}
|
}
|
||||||
|
|
||||||
Result EsService::UnwrapElicenseKey(Out<AccessKey> out_access_key, InPointer<u8> base, InPointer<u8> mod, InPointer<u8> label_digest, u32 generation) {
|
Result EsService::UnwrapElicenseKey(Out<AccessKey> out_access_key, InPointer<u8> base, InPointer<u8> mod, InPointer<u8> label_digest, u32 generation) {
|
||||||
/* TODO */
|
return this->GetSecureMonitorWrapper()->UnwrapElicenseKey(out_access_key.GetPointer(), base.pointer, base.num_elements, mod.pointer, mod.num_elements, label_digest.pointer, label_digest.num_elements, generation);
|
||||||
return ResultKernelConnectionClosed;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
Result EsService::LoadElicenseKey(u32 keyslot, AccessKey access_key) {
|
Result EsService::LoadElicenseKey(u32 keyslot, AccessKey access_key) {
|
||||||
/* TODO */
|
return this->GetSecureMonitorWrapper()->LoadElicenseKey(keyslot, this, access_key);
|
||||||
return ResultKernelConnectionClosed;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -107,8 +107,8 @@ int main(int argc, char **argv)
|
||||||
if (GetRuntimeFirmwareVersion() >= FirmwareVersion_400) {
|
if (GetRuntimeFirmwareVersion() >= FirmwareVersion_400) {
|
||||||
s_server_manager.AddWaitable(new ServiceServer<GeneralService, +MakeGeneralService>("spl:", 9));
|
s_server_manager.AddWaitable(new ServiceServer<GeneralService, +MakeGeneralService>("spl:", 9));
|
||||||
s_server_manager.AddWaitable(new ServiceServer<GeneralService, +MakeCryptoService>("spl:mig", 6));
|
s_server_manager.AddWaitable(new ServiceServer<GeneralService, +MakeCryptoService>("spl:mig", 6));
|
||||||
s_server_manager.AddWaitable(new ServiceServer<GeneralService, +MakeCryptoService>("spl:ssl", 2));
|
s_server_manager.AddWaitable(new ServiceServer<GeneralService, +MakeSslService>("spl:ssl", 2));
|
||||||
s_server_manager.AddWaitable(new ServiceServer<GeneralService, +MakeCryptoService>("spl:es", 2));
|
s_server_manager.AddWaitable(new ServiceServer<GeneralService, +MakeEsService>("spl:es", 2));
|
||||||
/* TODO: Other services. */
|
/* TODO: Other services. */
|
||||||
} else {
|
} else {
|
||||||
/* TODO, DeprecatedGeneralService */
|
/* TODO, DeprecatedGeneralService */
|
||||||
|
|
|
@ -31,6 +31,7 @@ constexpr size_t CryptAesSizeMax = static_cast<size_t>(CryptAesOutMapBase - Cryp
|
||||||
|
|
||||||
constexpr size_t RsaPrivateKeySize = 0x100;
|
constexpr size_t RsaPrivateKeySize = 0x100;
|
||||||
constexpr size_t RsaPrivateKeyMetaSize = 0x30;
|
constexpr size_t RsaPrivateKeyMetaSize = 0x30;
|
||||||
|
constexpr size_t LabelDigestSizeMax = 0x20;
|
||||||
|
|
||||||
/* Types. */
|
/* Types. */
|
||||||
struct SeLinkedListEntry {
|
struct SeLinkedListEntry {
|
||||||
|
@ -654,6 +655,60 @@ Result SecureMonitorWrapper::ImportEsKey(const void *src, size_t src_size, const
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Result SecureMonitorWrapper::UnwrapEsRsaOaepWrappedKey(AccessKey *out_access_key, const void *base, size_t base_size, const void *mod, size_t mod_size, const void *label_digest, size_t label_digest_size, u32 generation, EsKeyType type) {
|
||||||
|
struct UnwrapEsKeyLayout {
|
||||||
|
u8 base[0x100];
|
||||||
|
u8 mod[0x100];
|
||||||
|
};
|
||||||
|
UnwrapEsKeyLayout *layout = reinterpret_cast<UnwrapEsKeyLayout *>(g_work_buffer);
|
||||||
|
|
||||||
|
/* Validate sizes. */
|
||||||
|
if (base_size > sizeof(layout->base)) {
|
||||||
|
return ResultSplInvalidSize;
|
||||||
|
}
|
||||||
|
if (mod_size > sizeof(layout->mod)) {
|
||||||
|
return ResultSplInvalidSize;
|
||||||
|
}
|
||||||
|
if (label_digest_size > LabelDigestSizeMax) {
|
||||||
|
return ResultSplInvalidSize;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Copy data into work buffer. */
|
||||||
|
const size_t base_ofs = sizeof(layout->base) - base_size;
|
||||||
|
const size_t mod_ofs = sizeof(layout->mod) - mod_size;
|
||||||
|
std::memset(layout, 0, sizeof(*layout));
|
||||||
|
std::memcpy(layout->base + base_ofs, base, base_size);
|
||||||
|
std::memcpy(layout->mod + mod_ofs, mod, mod_size);
|
||||||
|
|
||||||
|
/* Do exp mod operation. */
|
||||||
|
armDCacheFlush(layout, sizeof(*layout));
|
||||||
|
{
|
||||||
|
std::scoped_lock<HosMutex> lk(g_async_op_lock);
|
||||||
|
AsyncOperationKey op_key;
|
||||||
|
|
||||||
|
SmcResult res = SmcWrapper::UnwrapTitleKey(&op_key, layout->base, layout->mod, label_digest, label_digest_size, SmcWrapper::GetUnwrapEsKeyOption(type, generation));
|
||||||
|
if (res != SmcResult_Success) {
|
||||||
|
return ConvertToSplResult(res);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((res = WaitGetResult(g_work_buffer, sizeof(*out_access_key), op_key)) != SmcResult_Success) {
|
||||||
|
return ConvertToSplResult(res);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
armDCacheFlush(g_work_buffer, sizeof(*out_access_key));
|
||||||
|
|
||||||
|
std::memcpy(out_access_key, g_work_buffer, sizeof(*out_access_key));
|
||||||
|
return ResultSuccess;
|
||||||
|
}
|
||||||
|
|
||||||
|
Result SecureMonitorWrapper::UnwrapTitleKey(AccessKey *out_access_key, const void *base, size_t base_size, const void *mod, size_t mod_size, const void *label_digest, size_t label_digest_size, u32 generation) {
|
||||||
|
return UnwrapEsRsaOaepWrappedKey(out_access_key, base, base_size, mod, mod_size, label_digest, label_digest_size, generation, EsKeyType_TitleKey);
|
||||||
|
}
|
||||||
|
|
||||||
|
Result SecureMonitorWrapper::UnwrapCommonTitleKey(AccessKey *out_access_key, const KeySource &key_source, u32 generation) {
|
||||||
|
return ConvertToSplResult(SmcWrapper::UnwrapCommonTitleKey(out_access_key, key_source, generation));
|
||||||
|
}
|
||||||
|
|
||||||
Result SecureMonitorWrapper::ImportDrmKey(const void *src, size_t src_size, const AccessKey &access_key, const KeySource &key_source) {
|
Result SecureMonitorWrapper::ImportDrmKey(const void *src, size_t src_size, const AccessKey &access_key, const KeySource &key_source) {
|
||||||
return ImportSecureExpModKey(src, src_size, access_key, key_source, SmcDecryptOrImportMode_ImportDrmKey);
|
return ImportSecureExpModKey(src, src_size, access_key, key_source, SmcDecryptOrImportMode_ImportDrmKey);
|
||||||
}
|
}
|
||||||
|
@ -662,6 +717,23 @@ Result SecureMonitorWrapper::DrmExpMod(void *out, size_t out_size, const void *b
|
||||||
return SecureExpMod(out, out_size, base, base_size, mod, mod_size, SmcSecureExpModMode_Drm);
|
return SecureExpMod(out, out_size, base, base_size, mod, mod_size, SmcSecureExpModMode_Drm);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Result SecureMonitorWrapper::UnwrapElicenseKey(AccessKey *out_access_key, const void *base, size_t base_size, const void *mod, size_t mod_size, const void *label_digest, size_t label_digest_size, u32 generation) {
|
||||||
|
return UnwrapEsRsaOaepWrappedKey(out_access_key, base, base_size, mod, mod_size, label_digest, label_digest_size, generation, EsKeyType_ElicenseKey);
|
||||||
|
}
|
||||||
|
|
||||||
|
Result SecureMonitorWrapper::LoadElicenseKey(u32 keyslot, const void *owner, const AccessKey &access_key) {
|
||||||
|
/* Right now, this is just literally the same function as LoadTitleKey in N's impl. */
|
||||||
|
return LoadTitleKey(keyslot, owner, access_key);
|
||||||
|
}
|
||||||
|
|
||||||
|
Result SecureMonitorWrapper::LoadTitleKey(u32 keyslot, const void *owner, const AccessKey &access_key) {
|
||||||
|
Result rc = ValidateAesKeyslot(keyslot, owner);
|
||||||
|
if (R_FAILED(rc)) {
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
return ConvertToSplResult(SmcWrapper::LoadTitleKey(keyslot, access_key));
|
||||||
|
}
|
||||||
|
|
||||||
Result SecureMonitorWrapper::FreeAesKeyslots(const void *owner) {
|
Result SecureMonitorWrapper::FreeAesKeyslots(const void *owner) {
|
||||||
for (size_t i = 0; i < GetMaxKeyslots(); i++) {
|
for (size_t i = 0; i < GetMaxKeyslots(); i++) {
|
||||||
if (this->keyslot_owners[i] == owner) {
|
if (this->keyslot_owners[i] == owner) {
|
||||||
|
|
|
@ -55,6 +55,7 @@ class SecureMonitorWrapper {
|
||||||
SmcResult DecryptAesBlock(u32 keyslot, void *dst, const void *src);
|
SmcResult DecryptAesBlock(u32 keyslot, void *dst, const void *src);
|
||||||
Result ImportSecureExpModKey(const void *src, size_t src_size, const AccessKey &access_key, const KeySource &key_source, u32 option);
|
Result ImportSecureExpModKey(const void *src, size_t src_size, const AccessKey &access_key, const KeySource &key_source, u32 option);
|
||||||
Result SecureExpMod(void *out, size_t out_size, const void *base, size_t base_size, const void *mod, size_t mod_size, u32 option);
|
Result SecureExpMod(void *out, size_t out_size, const void *base, size_t base_size, const void *mod, size_t mod_size, u32 option);
|
||||||
|
Result UnwrapEsRsaOaepWrappedKey(AccessKey *out_access_key, const void *base, size_t base_size, const void *mod, size_t mod_size, const void *label_digest, size_t label_digest_size, u32 generation, EsKeyType type);
|
||||||
public:
|
public:
|
||||||
/* General. */
|
/* General. */
|
||||||
Result GetConfig(u64 *out, SplConfigItem which);
|
Result GetConfig(u64 *out, SplConfigItem which);
|
||||||
|
@ -84,8 +85,15 @@ class SecureMonitorWrapper {
|
||||||
|
|
||||||
/* ES */
|
/* ES */
|
||||||
Result ImportEsKey(const void *src, size_t src_size, const AccessKey &access_key, const KeySource &key_source, u32 option);
|
Result ImportEsKey(const void *src, size_t src_size, const AccessKey &access_key, const KeySource &key_source, u32 option);
|
||||||
|
Result UnwrapTitleKey(AccessKey *out_access_key, const void *base, size_t base_size, const void *mod, size_t mod_size, const void *label_digest, size_t label_digest_size, u32 generation);
|
||||||
|
Result UnwrapCommonTitleKey(AccessKey *out_access_key, const KeySource &key_source, u32 generation);
|
||||||
Result ImportDrmKey(const void *src, size_t src_size, const AccessKey &access_key, const KeySource &key_source);
|
Result ImportDrmKey(const void *src, size_t src_size, const AccessKey &access_key, const KeySource &key_source);
|
||||||
Result DrmExpMod(void *out, size_t out_size, const void *base, size_t base_size, const void *mod, size_t mod_size);
|
Result DrmExpMod(void *out, size_t out_size, const void *base, size_t base_size, const void *mod, size_t mod_size);
|
||||||
|
Result UnwrapElicenseKey(AccessKey *out_access_key, const void *base, size_t base_size, const void *mod, size_t mod_size, const void *label_digest, size_t label_digest_size, u32 generation);
|
||||||
|
Result LoadElicenseKey(u32 keyslot, const void *owner, const AccessKey &access_key);
|
||||||
|
|
||||||
|
/* FS */
|
||||||
|
Result LoadTitleKey(u32 keyslot, const void *owner, const AccessKey &access_key);
|
||||||
|
|
||||||
/* Helper. */
|
/* Helper. */
|
||||||
Result FreeAesKeyslots(const void *owner);
|
Result FreeAesKeyslots(const void *owner);
|
||||||
|
|
|
@ -25,6 +25,9 @@ class SmcWrapper {
|
||||||
static inline u32 GetCryptAesMode(SmcCipherMode mode, u32 keyslot) {
|
static inline u32 GetCryptAesMode(SmcCipherMode mode, u32 keyslot) {
|
||||||
return static_cast<u32>((mode << 4) | (keyslot & 7));
|
return static_cast<u32>((mode << 4) | (keyslot & 7));
|
||||||
}
|
}
|
||||||
|
static inline u32 GetUnwrapEsKeyOption(EsKeyType type, u32 generation) {
|
||||||
|
return static_cast<u32>((type << 6) | (generation & 0x3F));
|
||||||
|
}
|
||||||
public:
|
public:
|
||||||
static SmcResult SetConfig(SplConfigItem which, const u64 *value, size_t num_qwords);
|
static SmcResult SetConfig(SplConfigItem which, const u64 *value, size_t num_qwords);
|
||||||
static SmcResult GetConfig(u64 *out, size_t num_qwords, SplConfigItem which);
|
static SmcResult GetConfig(u64 *out, size_t num_qwords, SplConfigItem which);
|
||||||
|
|
Loading…
Reference in a new issue