nold/Atmosphere
1
0
Fork 0
mirror of https://github.com/Atmosphere-NX/Atmosphere synced 2024-11-09 22:56:35 +00:00
Code Issues Projects Releases Packages Wiki Activity

exo2: implement through package2 decryption

Browse source
This commit is contained in:
Michael Scire 2020-05-12 11:40:29 -07:00 committed by SciresM
parent 9ddcbe9dc3
commit f391354415
11 changed files with 316 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
exosphere2/program/source/boot/secmon_boot.hpp
View file

@ -29,4 +29,7 @@ namespace ams::secmon::boot {
bool VerifyBootConfigSignature(pkg1::BootConfig &bc, const void *mod, size_t mod_size);
bool VerifyBootConfigEcid(const pkg1::BootConfig &bc);
bool VerifyPackage2Signature(pkg2::Package2Header &header, const void *mod, size_t mod_size);
void DecryptPackage2(void *dst, size_t dst_size, const void *src, size_t src_size, const void *key, size_t key_size, const void *iv, size_t iv_size, u8 key_generation);
}

86
exosphere2/program/source/boot/secmon_boot_functions.cpp
View file

@ -14,6 +14,7 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <exosphere.hpp>
#include "../secmon_error.hpp"
#include "secmon_boot.hpp"
#include "secmon_boot_cache.hpp"
#include "secmon_boot_functions.hpp"
@ -43,6 +44,55 @@ namespace ams::secmon::boot {
0x36, 0xB6, 0xD2, 0x43, 0xCF, 0x2B, 0x98, 0x1D, 0x45, 0xC9, 0xBB, 0x20, 0x42, 0xB1, 0x9D, 0x1D
};
constinit const u8 Package2RsaPublicModulusProduction[se::RsaSize] = {
0x8D, 0x13, 0xA7, 0x77, 0x6A, 0xE5, 0xDC, 0xC0, 0x3B, 0x25, 0xD0, 0x58, 0xE4, 0x20, 0x69, 0x59,
0x55, 0x4B, 0xAB, 0x70, 0x40, 0x08, 0x28, 0x07, 0xA8, 0xA7, 0xFD, 0x0F, 0x31, 0x2E, 0x11, 0xFE,
0x47, 0xA0, 0xF9, 0x9D, 0xDF, 0x80, 0xDB, 0x86, 0x5A, 0x27, 0x89, 0xCD, 0x97, 0x6C, 0x85, 0xC5,
0x6C, 0x39, 0x7F, 0x41, 0xF2, 0xFF, 0x24, 0x20, 0xC3, 0x95, 0xA6, 0xF7, 0x9D, 0x4A, 0x45, 0x74,
0x8B, 0x5D, 0x28, 0x8A, 0xC6, 0x99, 0x35, 0x68, 0x85, 0xA5, 0x64, 0x32, 0x80, 0x9F, 0xD3, 0x48,
0x39, 0xA2, 0x1D, 0x24, 0x67, 0x69, 0xDF, 0x75, 0xAC, 0x12, 0xB5, 0xBD, 0xC3, 0x29, 0x90, 0xBE,
0x37, 0xE4, 0xA0, 0x80, 0x9A, 0xBE, 0x36, 0xBF, 0x1F, 0x2C, 0xAB, 0x2B, 0xAD, 0xF5, 0x97, 0x32,
0x9A, 0x42, 0x9D, 0x09, 0x8B, 0x08, 0xF0, 0x63, 0x47, 0xA3, 0xE9, 0x1B, 0x36, 0xD8, 0x2D, 0x8A,
0xD7, 0xE1, 0x54, 0x11, 0x95, 0xE4, 0x45, 0x88, 0x69, 0x8A, 0x2B, 0x35, 0xCE, 0xD0, 0xA5, 0x0B,
0xD5, 0x5D, 0xAC, 0xDB, 0xAF, 0x11, 0x4D, 0xCA, 0xB8, 0x1E, 0xE7, 0x01, 0x9E, 0xF4, 0x46, 0xA3,
0x8A, 0x94, 0x6D, 0x76, 0xBD, 0x8A, 0xC8, 0x3B, 0xD2, 0x31, 0x58, 0x0C, 0x79, 0xA8, 0x26, 0xE9,
0xD1, 0x79, 0x9C, 0xCB, 0xD4, 0x2B, 0x6A, 0x4F, 0xC6, 0xCC, 0xCF, 0x90, 0xA7, 0xB9, 0x98, 0x47,
0xFD, 0xFA, 0x4C, 0x6C, 0x6F, 0x81, 0x87, 0x3B, 0xCA, 0xB8, 0x50, 0xF6, 0x3E, 0x39, 0x5D, 0x4D,
0x97, 0x3F, 0x0F, 0x35, 0x39, 0x53, 0xFB, 0xFA, 0xCD, 0xAB, 0xA8, 0x7A, 0x62, 0x9A, 0x3F, 0xF2,
0x09, 0x27, 0x96, 0x3F, 0x07, 0x9A, 0x91, 0xF7, 0x16, 0xBF, 0xC6, 0x3A, 0x82, 0x5A, 0x4B, 0xCF,
0x49, 0x50, 0x95, 0x8C, 0x55, 0x80, 0x7E, 0x39, 0xB1, 0x48, 0x05, 0x1E, 0x21, 0xC7, 0x24, 0x4F
};
constinit const u8 Package2RsaPublicModulusDevelopment[se::RsaSize] = {
0xB3, 0x65, 0x54, 0xFB, 0x0A, 0xB0, 0x1E, 0x85, 0xA7, 0xF6, 0xCF, 0x91, 0x8E, 0xBA, 0x96, 0x99,
0x0D, 0x8B, 0x91, 0x69, 0x2A, 0xEE, 0x01, 0x20, 0x4F, 0x34, 0x5C, 0x2C, 0x4F, 0x4E, 0x37, 0xC7,
0xF1, 0x0B, 0xD4, 0xCD, 0xA1, 0x7F, 0x93, 0xF1, 0x33, 0x59, 0xCE, 0xB1, 0xE9, 0xDD, 0x26, 0xE6,
0xF3, 0xBB, 0x77, 0x87, 0x46, 0x7A, 0xD6, 0x4E, 0x47, 0x4A, 0xD1, 0x41, 0xB7, 0x79, 0x4A, 0x38,
0x06, 0x6E, 0xCF, 0x61, 0x8F, 0xCD, 0xC1, 0x40, 0x0B, 0xFA, 0x26, 0xDC, 0xC0, 0x34, 0x51, 0x83,
0xD9, 0x3B, 0x11, 0x54, 0x3B, 0x96, 0x27, 0x32, 0x9A, 0x95, 0xBE, 0x1E, 0x68, 0x11, 0x50, 0xA0,
0x6B, 0x10, 0xA8, 0x83, 0x8B, 0xF5, 0xFC, 0xBC, 0x90, 0x84, 0x7A, 0x5A, 0x5C, 0x43, 0x52, 0xE6,
0xC8, 0x26, 0xE9, 0xFE, 0x06, 0xA0, 0x8B, 0x53, 0x0F, 0xAF, 0x1E, 0xC4, 0x1C, 0x0B, 0xCF, 0x50,
0x1A, 0xA4, 0xF3, 0x5C, 0xFB, 0xF0, 0x97, 0xE4, 0xDE, 0x32, 0x0A, 0x9F, 0xE3, 0x5A, 0xAA, 0xB7,
0x44, 0x7F, 0x5C, 0x33, 0x60, 0xB9, 0x0F, 0x22, 0x2D, 0x33, 0x2A, 0xE9, 0x69, 0x79, 0x31, 0x42,
0x8F, 0xE4, 0x3A, 0x13, 0x8B, 0xE7, 0x26, 0xBD, 0x08, 0x87, 0x6C, 0xA6, 0xF2, 0x73, 0xF6, 0x8E,
0xA7, 0xF2, 0xFE, 0xFB, 0x6C, 0x28, 0x66, 0x0D, 0xBD, 0xD7, 0xEB, 0x42, 0xA8, 0x78, 0xE6, 0xB8,
0x6B, 0xAE, 0xC7, 0xA9, 0xE2, 0x40, 0x6E, 0x89, 0x20, 0x82, 0x25, 0x8E, 0x3C, 0x6A, 0x60, 0xD7,
0xF3, 0x56, 0x8E, 0xEC, 0x8D, 0x51, 0x8A, 0x63, 0x3C, 0x04, 0x78, 0x23, 0x0E, 0x90, 0x0C, 0xB4,
0xE7, 0x86, 0x3B, 0x4F, 0x8E, 0x13, 0x09, 0x47, 0x32, 0x0E, 0x04, 0xB8, 0x4D, 0x5B, 0xB0, 0x46,
0x71, 0xB0, 0x5C, 0xF4, 0xAD, 0x63, 0x4F, 0xC5, 0xE2, 0xAC, 0x1E, 0xC4, 0x33, 0x96, 0x09, 0x7B
};
constinit const u8 Package2AesKey[] {
0xFB, 0x8B, 0x6A, 0x9C, 0x79, 0x00, 0xC8, 0x49, 0xEF, 0xD2, 0x4D, 0x85, 0x4D, 0x30, 0xA0, 0xC7
};
}
void CheckVerifyResult(bool verify_result, pkg1::ErrorInfo error_info, const char *message) {
if (!verify_result) {
secmon::SetError(error_info);
AMS_ABORT(message);
}
}
void ClearIram() {
@ -131,4 +181,38 @@ namespace ams::secmon::boot {
hw::DataSynchronizationBarrierInnerShareable();
}
}
void UpdateBootConfigForPackage2Header(const pkg2::Package2Header &header) {
/* Check for all-zeroes signature. */
bool is_decrypted = header.signature[0] == 0;
is_decrypted &= crypto::IsSameBytes(header.signature, header.signature + 1, sizeof(header.signature) - 1);
/* Check for valid magic. */
is_decrypted &= crypto::IsSameBytes(header.meta.magic, pkg2::Package2Meta::Magic::String, sizeof(header.meta.magic));
/* Set the setting in boot config. */
secmon::impl::GetBootConfigStorage()->signed_data.SetPackage2Decrypted(is_decrypted);
}
void VerifyPackage2HeaderSignature(pkg2::Package2Header &header, bool verify) {
if (pkg1::IsProductionForPublicKey()) {
CheckVerifyResult(secmon::boot::VerifyPackage2Signature(header, Package2RsaPublicModulusProduction, util::size(Package2RsaPublicModulusProduction)), pkg1::ErrorInfo_InvalidPackage2Signature, "package2 header sign verification failed");
} else if (verify) {
CheckVerifyResult(secmon::boot::VerifyPackage2Signature(header, Package2RsaPublicModulusDevelopment, util::size(Package2RsaPublicModulusDevelopment)), pkg1::ErrorInfo_InvalidPackage2Signature, "package2 header sign verification failed");
}
}
void DecryptPackage2Header(pkg2::Package2Meta *dst, const pkg2::Package2Meta &src, bool encrypted) {
if (encrypted) {
constexpr int IvSize = 0x10;
/* Decrypt the header. */
DecryptPackage2(dst, sizeof(*dst), std::addressof(src), sizeof(src), Package2AesKey, util::size(Package2AesKey), std::addressof(src), IvSize, src.GetKeyGeneration());
/* Copy back the iv, which encodes encrypted metadata. */
std::memcpy(dst, std::addressof(src), IvSize);
} else {
std::memcpy(dst, std::addressof(src), sizeof(*dst));
}
}
}

8
exosphere2/program/source/boot/secmon_boot_functions.hpp
View file

@ -29,4 +29,10 @@ namespace ams::secmon::boot {
void WriteGpuCarveoutMagicNumbers();
}
void UpdateBootConfigForPackage2Header(const pkg2::Package2Header &header);
void VerifyPackage2HeaderSignature(pkg2::Package2Header &header, bool verify);
void DecryptPackage2Header(pkg2::Package2Meta *dst, const pkg2::Package2Meta &src, bool encrypted);
void CheckVerifyResult(bool verify_result, pkg1::ErrorInfo error_info, const char *message);
}

26
exosphere2/program/source/boot/secmon_main.cpp
View file

@ -119,6 +119,32 @@ namespace ams::secmon {
/* Wait for NX bootloader to load Package2. */
secmon::boot::WaitForNxBootloader(secmon_params, pkg1::BootloaderState_LoadedPackage2);
/* Parse and decrypt the package2 header. */
pkg2::Package2Meta pkg2_meta;
const uintptr_t pkg2_segments_start = MemoryRegionDramPackage2.GetAddress() + sizeof(pkg2::Package2Header);
{
/* Read the encrypred header. */
pkg2::Package2Header encrypted_header;
const auto *dram_header = MemoryRegionDramPackage2.GetPointer<pkg2::Package2Header>();
hw::FlushDataCache(dram_header, sizeof(*dram_header));
hw::DataSynchronizationBarrierInnerShareable();
std::memcpy(std::addressof(encrypted_header), dram_header, sizeof(encrypted_header));
/* Atmosphere extension: support plaintext package2, identified by all-zeroes signature and decrypted header. */
secmon::boot::UpdateBootConfigForPackage2Header(encrypted_header);
/* Verify the package2 header's signature. */
secmon::boot::VerifyPackage2HeaderSignature(encrypted_header, !bc.signed_data.IsPackage2SignatureVerificationDisabled());
/* Decrypt the package2 header. */
secmon::boot::DecryptPackage2Header(std::addressof(pkg2_meta), encrypted_header.meta, !bc.signed_data.IsPackage2EncryptionDisabled());
}
/* TODO */
AMS_UNUSED(pkg2_segments_start);
}
}

34
exosphere2/program/source/boot/secmon_package2.cpp
View file

@ -14,9 +14,39 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <exosphere.hpp>
#include "../secmon_error.hpp"
#include "../secmon_key_storage.hpp"
#include "secmon_boot.hpp"
namespace ams::secmon::boot {
/* TODO */
bool VerifyPackage2Signature(pkg2::Package2Header &header, const void *mod, size_t mod_size) {
return VerifySignature(header.signature, sizeof(header.signature), mod, mod_size, std::addressof(header.meta), sizeof(header.meta));
}
}
void DecryptPackage2(void *dst, size_t dst_size, const void *src, size_t src_size, const void *key, size_t key_size, const void *iv, size_t iv_size, u8 key_generation) {
/* Ensure that the SE sees consistent data. */
hw::FlushDataCache(key, key_size);
hw::FlushDataCache(src, src_size);
hw::FlushDataCache(dst, dst_size);
hw::DataSynchronizationBarrierInnerShareable();
/* Load the needed master key into the temporary keyslot. */
secmon::LoadMasterKey(pkg1::AesKeySlot_Temporary, key_generation);
/* Load the package2 key into the temporary keyslot. */
se::SetEncryptedAesKey128(pkg1::AesKeySlot_Temporary, pkg1::AesKeySlot_Temporary, key, key_size);
/* Decrypt the data. */
se::ComputeAes128Ctr(dst, dst_size, pkg1::AesKeySlot_Temporary, src, src_size, iv, iv_size);
/* Clear the keyslot we just used. */
se::ClearAesKeySlot(pkg1::AesKeySlot_Temporary);
/* Ensure that the cpu sees consistent data. */
hw::DataSynchronizationBarrierInnerShareable();
hw::FlushDataCache(dst, dst_size);
hw::DataSynchronizationBarrierInnerShareable();
}
}

1
libraries/libexosphere/include/exosphere.hpp
View file

@ -25,6 +25,7 @@
#include <exosphere/gic.hpp>
#include <exosphere/wdt.hpp>
#include <exosphere/pkg1.hpp>
#include <exosphere/pkg2.hpp>
#include <exosphere/tsec.hpp>
#include <exosphere/se.hpp>
#include <exosphere/flow.hpp>

4
libraries/libexosphere/include/exosphere/pkg1/pkg1_boot_config.hpp
View file

@ -122,6 +122,10 @@ namespace ams::pkg1 {
constexpr bool IsProgramVerificationDisabled() const {
return (this->flags1[0] & (1 << 0)) != 0;
}
constexpr void SetPackage2Decrypted(bool decrypted) {
this->flags |= decrypted ? 0x3 : 0x0;
}
};
static_assert(util::is_pod<BootConfigSignedData>::value);
static_assert(sizeof(BootConfigSignedData) == 0x100);

81
libraries/libexosphere/include/exosphere/pkg2.hpp Normal file
View file

@ -0,0 +1,81 @@
/*
* Copyright (c) 2018-2020 Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <vapours.hpp>
namespace ams::pkg2 {
constexpr inline size_t Package2SizeMax = 8_MB - 16_KB;
constexpr inline size_t SegmentAlignment = 4;
constexpr inline int SegmentCount = 3;
constexpr inline int MinimumValidDataVersion = 0; /* We allow older package2 to load; this value is currently 0x10 in Nintendo's code. */
constexpr inline int CurrentBootloaderVersion = 0xD;
struct Package2Meta {
using Magic = util::FourCC<'P','K','2','1'>;
u32 package2_size;
u8 key_generation;
u8 header_iv_remainder[11];
u8 segment_iv[SegmentCount][0x10];
u8 padding_40[0x10];
u8 magic[4];
u32 entrypoint;
u8 padding_58[4];
u8 package2_version;
u8 bootloader_version;
u8 padding_5E[2];
u32 segment_sizes[SegmentCount];
u8 padding_6C[4];
u32 segment_offsets[SegmentCount];
u8 padding_7C[4];
u8 segment_hashes[SegmentCount][crypto::Sha256Generator::HashSize];
u8 padding_E0[0x20];
private:
static ALWAYS_INLINE u32 ReadWord(const void *ptr, int offset) {
return util::LoadLittleEndian(reinterpret_cast<const u32 *>(reinterpret_cast<uintptr_t>(ptr) + offset));
}
public:
ALWAYS_INLINE u8 GetKeyGeneration() const {
return std::min<u8>(0, (this->key_generation ^ this->header_iv_remainder[1] ^ this->header_iv_remainder[2]) - 1);
}
ALWAYS_INLINE u32 GetSize() const {
return this->package2_size ^ ReadWord(this->header_iv_remainder, 3) ^ ReadWord(this->header_iv_remainder, 7);
}
};
static_assert(util::is_pod<Package2Meta>::value);
static_assert(sizeof(Package2Meta) == 0x100);
struct Package2Header {
u8 signature[0x100];
Package2Meta meta;
};
static_assert(util::is_pod<Package2Header>::value);
static_assert(sizeof(Package2Header) == 0x200);
struct StorageLayout {
u8 boot_config[16_KB];
Package2Header package2_header;
u8 data[Package2SizeMax - sizeof(Package2Header)];
};
static_assert(util::is_pod<StorageLayout>::value);
static_assert(sizeof(StorageLayout) == 8_MB);
}

4
libraries/libexosphere/include/exosphere/se/se_aes.hpp
View file

@ -33,4 +33,6 @@ namespace ams::se {
void EncryptAes128(void *dst, size_t dst_size, int slot, const void *src, size_t src_size);
void DecryptAes128(void *dst, size_t dst_size, int slot, const void *src, size_t src_size);
}
void ComputeAes128Ctr(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, const void *iv, size_t iv_size);
}

3
libraries/libexosphere/include/exosphere/secmon/secmon_memory_layout.hpp
View file

@ -80,6 +80,9 @@ namespace ams::secmon {
constexpr inline const MemoryRegion MemoryRegionDramDefaultKernelCarveout = MemoryRegion(UINT64_C(0x80060000), UINT64_C(0x1FFE0000));
static_assert(MemoryRegionDram.Contains(MemoryRegionDramDefaultKernelCarveout));
constexpr inline const MemoryRegion MemoryRegionDramPackage2 = MemoryRegion(UINT64_C(0xA9800000), UINT64_C(0x07FC0000));
static_assert(MemoryRegionDram.Contains(MemoryRegionDramPackage2));
constexpr inline const MemoryRegion MemoryRegionPhysicalIram = MemoryRegion(UINT64_C(0x40000000), 0x40000);
constexpr inline const MemoryRegion MemoryRegionPhysicalTzram = MemoryRegion(UINT64_C(0x7C010000), 0x10000);
static_assert(MemoryRegionPhysical.Contains(MemoryRegionPhysicalIram));

78
libraries/libexosphere/source/se/se_aes.cpp
View file

@ -33,13 +33,21 @@ namespace ams::se {
MemoryInterface_Mc = SE_CRYPTO_CONFIG_MEMIF_MCCIF,
};
constexpr inline u32 AesConfigEcb = reg::Encode(SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 0),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, MEMORY),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, MEMORY),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, BYPASS),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, DISABLE));
constexpr inline u32 AesConfigEcb = reg::Encode(SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 0),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, MEMORY),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, MEMORY),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, BYPASS),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, DISABLE));
constexpr inline u32 AesConfigCtr = reg::Encode(SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 1),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, MEMORY),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, LINEAR_CTR),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, BOTTOM),
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, DISABLE));
void SetConfig(volatile SecurityEngineRegisters *SE, bool encrypt, SE_CONFIG_DST dst) {
reg::Write(SE->SE_CONFIG, SE_REG_BITS_ENUM (CONFIG_ENC_MODE, AESMODE_KEY128),
@ -69,6 +77,16 @@ namespace ams::se {
// reg::ReadWrite(SE->SE_CRYPTO_CONFIG, SE_REG_BITS_VALUE(CRYPTO_CONFIG_MEMIF, memif));
// }
void SetCounter(volatile SecurityEngineRegisters *SE, const void *ctr) {
const u32 *ctr_32 = reinterpret_cast<const u32 *>(ctr);
/* Copy the input ctr to the linear CTR registers. */
reg::Write(SE->SE_CRYPTO_LINEAR_CTR[0], util::LoadLittleEndian(ctr_32 + 0));
reg::Write(SE->SE_CRYPTO_LINEAR_CTR[1], util::LoadLittleEndian(ctr_32 + 1));
reg::Write(SE->SE_CRYPTO_LINEAR_CTR[2], util::LoadLittleEndian(ctr_32 + 2));
reg::Write(SE->SE_CRYPTO_LINEAR_CTR[3], util::LoadLittleEndian(ctr_32 + 3));
}
void SetEncryptedAesKey(int dst_slot, int kek_slot, const void *key, size_t key_size, AesMode mode) {
AMS_ABORT_UNLESS(key_size <= AesKeySizeMax);
AMS_ABORT_UNLESS(0 <= dst_slot && dst_slot < AesKeySlotCount);
@ -206,4 +224,50 @@ namespace ams::se {
ExecuteOperationSingleBlock(SE, dst, dst_size, src, src_size);
}
void ComputeAes128Ctr(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, const void *iv, size_t iv_size) {
/* If nothing to do, succeed. */
if (src_size == 0) { return; }
/* Validate input. */
AMS_ABORT_UNLESS(iv_size == AesBlockSize);
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
/* Get the engine. */
auto *SE = GetRegisters();
/* Determine how many full blocks we can operate on. */
const size_t num_blocks = src_size / AesBlockSize;
const size_t aligned_size = num_blocks * AesBlockSize;
const size_t fractional = src_size - aligned_size;
/* Here Nintendo writes 1 to SE_SPARE. It's unclear why they do this, but we will do so as well. */
SE->SE_SPARE = 0x1;
/* Configure for AES-CTR encryption/decryption to memory. */
SetConfig(SE, true, SE_CONFIG_DST_MEMORY);
SetAesConfig(SE, slot, true, AesConfigCtr);
/* Set the counter. */
SetCounter(SE, iv);
/* Process as many aligned blocks as we can. */
if (aligned_size > 0) {
/* Configure the engine to process the right number of blocks. */
SetBlockCount(SE, num_blocks);
/* Execute the operation. */
ExecuteOperation(SE, SE_OPERATION_OP_START, dst, dst_size, src, aligned_size);
/* Synchronize around this point. */
hw::DataSynchronizationBarrierInnerShareable();
}
/* Process a single block to output. */
if (fractional > 0 && dst_size > aligned_size) {
const size_t copy_size = std::min(fractional, dst_size - aligned_size);
ExecuteOperationSingleBlock(SE, static_cast<u8 *>(dst) + aligned_size, copy_size, static_cast<const u8 *>(src) + aligned_size, fractional);
}
}
}