mirror of
https://github.com/Atmosphere-NX/Atmosphere
synced 2024-12-22 20:31:14 +00:00
exo2: implement through package2 decryption
This commit is contained in:
parent
9ddcbe9dc3
commit
f391354415
11 changed files with 316 additions and 12 deletions
|
@ -29,4 +29,7 @@ namespace ams::secmon::boot {
|
|||
bool VerifyBootConfigSignature(pkg1::BootConfig &bc, const void *mod, size_t mod_size);
|
||||
bool VerifyBootConfigEcid(const pkg1::BootConfig &bc);
|
||||
|
||||
bool VerifyPackage2Signature(pkg2::Package2Header &header, const void *mod, size_t mod_size);
|
||||
void DecryptPackage2(void *dst, size_t dst_size, const void *src, size_t src_size, const void *key, size_t key_size, const void *iv, size_t iv_size, u8 key_generation);
|
||||
|
||||
}
|
|
@ -14,6 +14,7 @@
|
|||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
#include <exosphere.hpp>
|
||||
#include "../secmon_error.hpp"
|
||||
#include "secmon_boot.hpp"
|
||||
#include "secmon_boot_cache.hpp"
|
||||
#include "secmon_boot_functions.hpp"
|
||||
|
@ -43,6 +44,55 @@ namespace ams::secmon::boot {
|
|||
0x36, 0xB6, 0xD2, 0x43, 0xCF, 0x2B, 0x98, 0x1D, 0x45, 0xC9, 0xBB, 0x20, 0x42, 0xB1, 0x9D, 0x1D
|
||||
};
|
||||
|
||||
constinit const u8 Package2RsaPublicModulusProduction[se::RsaSize] = {
|
||||
0x8D, 0x13, 0xA7, 0x77, 0x6A, 0xE5, 0xDC, 0xC0, 0x3B, 0x25, 0xD0, 0x58, 0xE4, 0x20, 0x69, 0x59,
|
||||
0x55, 0x4B, 0xAB, 0x70, 0x40, 0x08, 0x28, 0x07, 0xA8, 0xA7, 0xFD, 0x0F, 0x31, 0x2E, 0x11, 0xFE,
|
||||
0x47, 0xA0, 0xF9, 0x9D, 0xDF, 0x80, 0xDB, 0x86, 0x5A, 0x27, 0x89, 0xCD, 0x97, 0x6C, 0x85, 0xC5,
|
||||
0x6C, 0x39, 0x7F, 0x41, 0xF2, 0xFF, 0x24, 0x20, 0xC3, 0x95, 0xA6, 0xF7, 0x9D, 0x4A, 0x45, 0x74,
|
||||
0x8B, 0x5D, 0x28, 0x8A, 0xC6, 0x99, 0x35, 0x68, 0x85, 0xA5, 0x64, 0x32, 0x80, 0x9F, 0xD3, 0x48,
|
||||
0x39, 0xA2, 0x1D, 0x24, 0x67, 0x69, 0xDF, 0x75, 0xAC, 0x12, 0xB5, 0xBD, 0xC3, 0x29, 0x90, 0xBE,
|
||||
0x37, 0xE4, 0xA0, 0x80, 0x9A, 0xBE, 0x36, 0xBF, 0x1F, 0x2C, 0xAB, 0x2B, 0xAD, 0xF5, 0x97, 0x32,
|
||||
0x9A, 0x42, 0x9D, 0x09, 0x8B, 0x08, 0xF0, 0x63, 0x47, 0xA3, 0xE9, 0x1B, 0x36, 0xD8, 0x2D, 0x8A,
|
||||
0xD7, 0xE1, 0x54, 0x11, 0x95, 0xE4, 0x45, 0x88, 0x69, 0x8A, 0x2B, 0x35, 0xCE, 0xD0, 0xA5, 0x0B,
|
||||
0xD5, 0x5D, 0xAC, 0xDB, 0xAF, 0x11, 0x4D, 0xCA, 0xB8, 0x1E, 0xE7, 0x01, 0x9E, 0xF4, 0x46, 0xA3,
|
||||
0x8A, 0x94, 0x6D, 0x76, 0xBD, 0x8A, 0xC8, 0x3B, 0xD2, 0x31, 0x58, 0x0C, 0x79, 0xA8, 0x26, 0xE9,
|
||||
0xD1, 0x79, 0x9C, 0xCB, 0xD4, 0x2B, 0x6A, 0x4F, 0xC6, 0xCC, 0xCF, 0x90, 0xA7, 0xB9, 0x98, 0x47,
|
||||
0xFD, 0xFA, 0x4C, 0x6C, 0x6F, 0x81, 0x87, 0x3B, 0xCA, 0xB8, 0x50, 0xF6, 0x3E, 0x39, 0x5D, 0x4D,
|
||||
0x97, 0x3F, 0x0F, 0x35, 0x39, 0x53, 0xFB, 0xFA, 0xCD, 0xAB, 0xA8, 0x7A, 0x62, 0x9A, 0x3F, 0xF2,
|
||||
0x09, 0x27, 0x96, 0x3F, 0x07, 0x9A, 0x91, 0xF7, 0x16, 0xBF, 0xC6, 0x3A, 0x82, 0x5A, 0x4B, 0xCF,
|
||||
0x49, 0x50, 0x95, 0x8C, 0x55, 0x80, 0x7E, 0x39, 0xB1, 0x48, 0x05, 0x1E, 0x21, 0xC7, 0x24, 0x4F
|
||||
};
|
||||
|
||||
constinit const u8 Package2RsaPublicModulusDevelopment[se::RsaSize] = {
|
||||
0xB3, 0x65, 0x54, 0xFB, 0x0A, 0xB0, 0x1E, 0x85, 0xA7, 0xF6, 0xCF, 0x91, 0x8E, 0xBA, 0x96, 0x99,
|
||||
0x0D, 0x8B, 0x91, 0x69, 0x2A, 0xEE, 0x01, 0x20, 0x4F, 0x34, 0x5C, 0x2C, 0x4F, 0x4E, 0x37, 0xC7,
|
||||
0xF1, 0x0B, 0xD4, 0xCD, 0xA1, 0x7F, 0x93, 0xF1, 0x33, 0x59, 0xCE, 0xB1, 0xE9, 0xDD, 0x26, 0xE6,
|
||||
0xF3, 0xBB, 0x77, 0x87, 0x46, 0x7A, 0xD6, 0x4E, 0x47, 0x4A, 0xD1, 0x41, 0xB7, 0x79, 0x4A, 0x38,
|
||||
0x06, 0x6E, 0xCF, 0x61, 0x8F, 0xCD, 0xC1, 0x40, 0x0B, 0xFA, 0x26, 0xDC, 0xC0, 0x34, 0x51, 0x83,
|
||||
0xD9, 0x3B, 0x11, 0x54, 0x3B, 0x96, 0x27, 0x32, 0x9A, 0x95, 0xBE, 0x1E, 0x68, 0x11, 0x50, 0xA0,
|
||||
0x6B, 0x10, 0xA8, 0x83, 0x8B, 0xF5, 0xFC, 0xBC, 0x90, 0x84, 0x7A, 0x5A, 0x5C, 0x43, 0x52, 0xE6,
|
||||
0xC8, 0x26, 0xE9, 0xFE, 0x06, 0xA0, 0x8B, 0x53, 0x0F, 0xAF, 0x1E, 0xC4, 0x1C, 0x0B, 0xCF, 0x50,
|
||||
0x1A, 0xA4, 0xF3, 0x5C, 0xFB, 0xF0, 0x97, 0xE4, 0xDE, 0x32, 0x0A, 0x9F, 0xE3, 0x5A, 0xAA, 0xB7,
|
||||
0x44, 0x7F, 0x5C, 0x33, 0x60, 0xB9, 0x0F, 0x22, 0x2D, 0x33, 0x2A, 0xE9, 0x69, 0x79, 0x31, 0x42,
|
||||
0x8F, 0xE4, 0x3A, 0x13, 0x8B, 0xE7, 0x26, 0xBD, 0x08, 0x87, 0x6C, 0xA6, 0xF2, 0x73, 0xF6, 0x8E,
|
||||
0xA7, 0xF2, 0xFE, 0xFB, 0x6C, 0x28, 0x66, 0x0D, 0xBD, 0xD7, 0xEB, 0x42, 0xA8, 0x78, 0xE6, 0xB8,
|
||||
0x6B, 0xAE, 0xC7, 0xA9, 0xE2, 0x40, 0x6E, 0x89, 0x20, 0x82, 0x25, 0x8E, 0x3C, 0x6A, 0x60, 0xD7,
|
||||
0xF3, 0x56, 0x8E, 0xEC, 0x8D, 0x51, 0x8A, 0x63, 0x3C, 0x04, 0x78, 0x23, 0x0E, 0x90, 0x0C, 0xB4,
|
||||
0xE7, 0x86, 0x3B, 0x4F, 0x8E, 0x13, 0x09, 0x47, 0x32, 0x0E, 0x04, 0xB8, 0x4D, 0x5B, 0xB0, 0x46,
|
||||
0x71, 0xB0, 0x5C, 0xF4, 0xAD, 0x63, 0x4F, 0xC5, 0xE2, 0xAC, 0x1E, 0xC4, 0x33, 0x96, 0x09, 0x7B
|
||||
};
|
||||
|
||||
constinit const u8 Package2AesKey[] {
|
||||
0xFB, 0x8B, 0x6A, 0x9C, 0x79, 0x00, 0xC8, 0x49, 0xEF, 0xD2, 0x4D, 0x85, 0x4D, 0x30, 0xA0, 0xC7
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
void CheckVerifyResult(bool verify_result, pkg1::ErrorInfo error_info, const char *message) {
|
||||
if (!verify_result) {
|
||||
secmon::SetError(error_info);
|
||||
AMS_ABORT(message);
|
||||
}
|
||||
}
|
||||
|
||||
void ClearIram() {
|
||||
|
@ -131,4 +181,38 @@ namespace ams::secmon::boot {
|
|||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
}
|
||||
|
||||
void UpdateBootConfigForPackage2Header(const pkg2::Package2Header &header) {
|
||||
/* Check for all-zeroes signature. */
|
||||
bool is_decrypted = header.signature[0] == 0;
|
||||
is_decrypted &= crypto::IsSameBytes(header.signature, header.signature + 1, sizeof(header.signature) - 1);
|
||||
|
||||
/* Check for valid magic. */
|
||||
is_decrypted &= crypto::IsSameBytes(header.meta.magic, pkg2::Package2Meta::Magic::String, sizeof(header.meta.magic));
|
||||
|
||||
/* Set the setting in boot config. */
|
||||
secmon::impl::GetBootConfigStorage()->signed_data.SetPackage2Decrypted(is_decrypted);
|
||||
}
|
||||
|
||||
void VerifyPackage2HeaderSignature(pkg2::Package2Header &header, bool verify) {
|
||||
if (pkg1::IsProductionForPublicKey()) {
|
||||
CheckVerifyResult(secmon::boot::VerifyPackage2Signature(header, Package2RsaPublicModulusProduction, util::size(Package2RsaPublicModulusProduction)), pkg1::ErrorInfo_InvalidPackage2Signature, "package2 header sign verification failed");
|
||||
} else if (verify) {
|
||||
CheckVerifyResult(secmon::boot::VerifyPackage2Signature(header, Package2RsaPublicModulusDevelopment, util::size(Package2RsaPublicModulusDevelopment)), pkg1::ErrorInfo_InvalidPackage2Signature, "package2 header sign verification failed");
|
||||
}
|
||||
}
|
||||
|
||||
void DecryptPackage2Header(pkg2::Package2Meta *dst, const pkg2::Package2Meta &src, bool encrypted) {
|
||||
if (encrypted) {
|
||||
constexpr int IvSize = 0x10;
|
||||
|
||||
/* Decrypt the header. */
|
||||
DecryptPackage2(dst, sizeof(*dst), std::addressof(src), sizeof(src), Package2AesKey, util::size(Package2AesKey), std::addressof(src), IvSize, src.GetKeyGeneration());
|
||||
|
||||
/* Copy back the iv, which encodes encrypted metadata. */
|
||||
std::memcpy(dst, std::addressof(src), IvSize);
|
||||
} else {
|
||||
std::memcpy(dst, std::addressof(src), sizeof(*dst));
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -29,4 +29,10 @@ namespace ams::secmon::boot {
|
|||
|
||||
void WriteGpuCarveoutMagicNumbers();
|
||||
|
||||
void UpdateBootConfigForPackage2Header(const pkg2::Package2Header &header);
|
||||
void VerifyPackage2HeaderSignature(pkg2::Package2Header &header, bool verify);
|
||||
void DecryptPackage2Header(pkg2::Package2Meta *dst, const pkg2::Package2Meta &src, bool encrypted);
|
||||
|
||||
void CheckVerifyResult(bool verify_result, pkg1::ErrorInfo error_info, const char *message);
|
||||
|
||||
}
|
|
@ -119,6 +119,32 @@ namespace ams::secmon {
|
|||
|
||||
/* Wait for NX bootloader to load Package2. */
|
||||
secmon::boot::WaitForNxBootloader(secmon_params, pkg1::BootloaderState_LoadedPackage2);
|
||||
|
||||
/* Parse and decrypt the package2 header. */
|
||||
pkg2::Package2Meta pkg2_meta;
|
||||
const uintptr_t pkg2_segments_start = MemoryRegionDramPackage2.GetAddress() + sizeof(pkg2::Package2Header);
|
||||
{
|
||||
/* Read the encrypred header. */
|
||||
pkg2::Package2Header encrypted_header;
|
||||
|
||||
const auto *dram_header = MemoryRegionDramPackage2.GetPointer<pkg2::Package2Header>();
|
||||
hw::FlushDataCache(dram_header, sizeof(*dram_header));
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
|
||||
std::memcpy(std::addressof(encrypted_header), dram_header, sizeof(encrypted_header));
|
||||
|
||||
/* Atmosphere extension: support plaintext package2, identified by all-zeroes signature and decrypted header. */
|
||||
secmon::boot::UpdateBootConfigForPackage2Header(encrypted_header);
|
||||
|
||||
/* Verify the package2 header's signature. */
|
||||
secmon::boot::VerifyPackage2HeaderSignature(encrypted_header, !bc.signed_data.IsPackage2SignatureVerificationDisabled());
|
||||
|
||||
/* Decrypt the package2 header. */
|
||||
secmon::boot::DecryptPackage2Header(std::addressof(pkg2_meta), encrypted_header.meta, !bc.signed_data.IsPackage2EncryptionDisabled());
|
||||
}
|
||||
|
||||
/* TODO */
|
||||
AMS_UNUSED(pkg2_segments_start);
|
||||
}
|
||||
|
||||
}
|
|
@ -14,9 +14,39 @@
|
|||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
#include <exosphere.hpp>
|
||||
#include "../secmon_error.hpp"
|
||||
#include "../secmon_key_storage.hpp"
|
||||
#include "secmon_boot.hpp"
|
||||
|
||||
namespace ams::secmon::boot {
|
||||
|
||||
/* TODO */
|
||||
bool VerifyPackage2Signature(pkg2::Package2Header &header, const void *mod, size_t mod_size) {
|
||||
return VerifySignature(header.signature, sizeof(header.signature), mod, mod_size, std::addressof(header.meta), sizeof(header.meta));
|
||||
}
|
||||
|
||||
void DecryptPackage2(void *dst, size_t dst_size, const void *src, size_t src_size, const void *key, size_t key_size, const void *iv, size_t iv_size, u8 key_generation) {
|
||||
/* Ensure that the SE sees consistent data. */
|
||||
hw::FlushDataCache(key, key_size);
|
||||
hw::FlushDataCache(src, src_size);
|
||||
hw::FlushDataCache(dst, dst_size);
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
|
||||
/* Load the needed master key into the temporary keyslot. */
|
||||
secmon::LoadMasterKey(pkg1::AesKeySlot_Temporary, key_generation);
|
||||
|
||||
/* Load the package2 key into the temporary keyslot. */
|
||||
se::SetEncryptedAesKey128(pkg1::AesKeySlot_Temporary, pkg1::AesKeySlot_Temporary, key, key_size);
|
||||
|
||||
/* Decrypt the data. */
|
||||
se::ComputeAes128Ctr(dst, dst_size, pkg1::AesKeySlot_Temporary, src, src_size, iv, iv_size);
|
||||
|
||||
/* Clear the keyslot we just used. */
|
||||
se::ClearAesKeySlot(pkg1::AesKeySlot_Temporary);
|
||||
|
||||
/* Ensure that the cpu sees consistent data. */
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
hw::FlushDataCache(dst, dst_size);
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
}
|
||||
|
||||
}
|
|
@ -25,6 +25,7 @@
|
|||
#include <exosphere/gic.hpp>
|
||||
#include <exosphere/wdt.hpp>
|
||||
#include <exosphere/pkg1.hpp>
|
||||
#include <exosphere/pkg2.hpp>
|
||||
#include <exosphere/tsec.hpp>
|
||||
#include <exosphere/se.hpp>
|
||||
#include <exosphere/flow.hpp>
|
||||
|
|
|
@ -122,6 +122,10 @@ namespace ams::pkg1 {
|
|||
constexpr bool IsProgramVerificationDisabled() const {
|
||||
return (this->flags1[0] & (1 << 0)) != 0;
|
||||
}
|
||||
|
||||
constexpr void SetPackage2Decrypted(bool decrypted) {
|
||||
this->flags |= decrypted ? 0x3 : 0x0;
|
||||
}
|
||||
};
|
||||
static_assert(util::is_pod<BootConfigSignedData>::value);
|
||||
static_assert(sizeof(BootConfigSignedData) == 0x100);
|
||||
|
|
81
libraries/libexosphere/include/exosphere/pkg2.hpp
Normal file
81
libraries/libexosphere/include/exosphere/pkg2.hpp
Normal file
|
@ -0,0 +1,81 @@
|
|||
/*
|
||||
* Copyright (c) 2018-2020 Atmosphère-NX
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms and conditions of the GNU General Public License,
|
||||
* version 2, as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||
* more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
#pragma once
|
||||
#include <vapours.hpp>
|
||||
|
||||
namespace ams::pkg2 {
|
||||
|
||||
constexpr inline size_t Package2SizeMax = 8_MB - 16_KB;
|
||||
constexpr inline size_t SegmentAlignment = 4;
|
||||
|
||||
constexpr inline int SegmentCount = 3;
|
||||
|
||||
constexpr inline int MinimumValidDataVersion = 0; /* We allow older package2 to load; this value is currently 0x10 in Nintendo's code. */
|
||||
constexpr inline int CurrentBootloaderVersion = 0xD;
|
||||
|
||||
struct Package2Meta {
|
||||
using Magic = util::FourCC<'P','K','2','1'>;
|
||||
|
||||
u32 package2_size;
|
||||
u8 key_generation;
|
||||
u8 header_iv_remainder[11];
|
||||
u8 segment_iv[SegmentCount][0x10];
|
||||
u8 padding_40[0x10];
|
||||
u8 magic[4];
|
||||
u32 entrypoint;
|
||||
u8 padding_58[4];
|
||||
u8 package2_version;
|
||||
u8 bootloader_version;
|
||||
u8 padding_5E[2];
|
||||
u32 segment_sizes[SegmentCount];
|
||||
u8 padding_6C[4];
|
||||
u32 segment_offsets[SegmentCount];
|
||||
u8 padding_7C[4];
|
||||
u8 segment_hashes[SegmentCount][crypto::Sha256Generator::HashSize];
|
||||
u8 padding_E0[0x20];
|
||||
|
||||
private:
|
||||
static ALWAYS_INLINE u32 ReadWord(const void *ptr, int offset) {
|
||||
return util::LoadLittleEndian(reinterpret_cast<const u32 *>(reinterpret_cast<uintptr_t>(ptr) + offset));
|
||||
}
|
||||
public:
|
||||
ALWAYS_INLINE u8 GetKeyGeneration() const {
|
||||
return std::min<u8>(0, (this->key_generation ^ this->header_iv_remainder[1] ^ this->header_iv_remainder[2]) - 1);
|
||||
}
|
||||
|
||||
ALWAYS_INLINE u32 GetSize() const {
|
||||
return this->package2_size ^ ReadWord(this->header_iv_remainder, 3) ^ ReadWord(this->header_iv_remainder, 7);
|
||||
}
|
||||
};
|
||||
static_assert(util::is_pod<Package2Meta>::value);
|
||||
static_assert(sizeof(Package2Meta) == 0x100);
|
||||
|
||||
struct Package2Header {
|
||||
u8 signature[0x100];
|
||||
Package2Meta meta;
|
||||
};
|
||||
static_assert(util::is_pod<Package2Header>::value);
|
||||
static_assert(sizeof(Package2Header) == 0x200);
|
||||
|
||||
struct StorageLayout {
|
||||
u8 boot_config[16_KB];
|
||||
Package2Header package2_header;
|
||||
u8 data[Package2SizeMax - sizeof(Package2Header)];
|
||||
};
|
||||
static_assert(util::is_pod<StorageLayout>::value);
|
||||
static_assert(sizeof(StorageLayout) == 8_MB);
|
||||
|
||||
}
|
|
@ -33,4 +33,6 @@ namespace ams::se {
|
|||
void EncryptAes128(void *dst, size_t dst_size, int slot, const void *src, size_t src_size);
|
||||
void DecryptAes128(void *dst, size_t dst_size, int slot, const void *src, size_t src_size);
|
||||
|
||||
void ComputeAes128Ctr(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, const void *iv, size_t iv_size);
|
||||
|
||||
}
|
|
@ -80,6 +80,9 @@ namespace ams::secmon {
|
|||
constexpr inline const MemoryRegion MemoryRegionDramDefaultKernelCarveout = MemoryRegion(UINT64_C(0x80060000), UINT64_C(0x1FFE0000));
|
||||
static_assert(MemoryRegionDram.Contains(MemoryRegionDramDefaultKernelCarveout));
|
||||
|
||||
constexpr inline const MemoryRegion MemoryRegionDramPackage2 = MemoryRegion(UINT64_C(0xA9800000), UINT64_C(0x07FC0000));
|
||||
static_assert(MemoryRegionDram.Contains(MemoryRegionDramPackage2));
|
||||
|
||||
constexpr inline const MemoryRegion MemoryRegionPhysicalIram = MemoryRegion(UINT64_C(0x40000000), 0x40000);
|
||||
constexpr inline const MemoryRegion MemoryRegionPhysicalTzram = MemoryRegion(UINT64_C(0x7C010000), 0x10000);
|
||||
static_assert(MemoryRegionPhysical.Contains(MemoryRegionPhysicalIram));
|
||||
|
|
|
@ -33,13 +33,21 @@ namespace ams::se {
|
|||
MemoryInterface_Mc = SE_CRYPTO_CONFIG_MEMIF_MCCIF,
|
||||
};
|
||||
|
||||
constexpr inline u32 AesConfigEcb = reg::Encode(SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 0),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, MEMORY),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, MEMORY),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, BYPASS),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, DISABLE));
|
||||
constexpr inline u32 AesConfigEcb = reg::Encode(SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 0),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, MEMORY),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, MEMORY),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, BYPASS),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, DISABLE));
|
||||
|
||||
constexpr inline u32 AesConfigCtr = reg::Encode(SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 1),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, MEMORY),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, LINEAR_CTR),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, BOTTOM),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, DISABLE));
|
||||
|
||||
void SetConfig(volatile SecurityEngineRegisters *SE, bool encrypt, SE_CONFIG_DST dst) {
|
||||
reg::Write(SE->SE_CONFIG, SE_REG_BITS_ENUM (CONFIG_ENC_MODE, AESMODE_KEY128),
|
||||
|
@ -69,6 +77,16 @@ namespace ams::se {
|
|||
// reg::ReadWrite(SE->SE_CRYPTO_CONFIG, SE_REG_BITS_VALUE(CRYPTO_CONFIG_MEMIF, memif));
|
||||
// }
|
||||
|
||||
void SetCounter(volatile SecurityEngineRegisters *SE, const void *ctr) {
|
||||
const u32 *ctr_32 = reinterpret_cast<const u32 *>(ctr);
|
||||
|
||||
/* Copy the input ctr to the linear CTR registers. */
|
||||
reg::Write(SE->SE_CRYPTO_LINEAR_CTR[0], util::LoadLittleEndian(ctr_32 + 0));
|
||||
reg::Write(SE->SE_CRYPTO_LINEAR_CTR[1], util::LoadLittleEndian(ctr_32 + 1));
|
||||
reg::Write(SE->SE_CRYPTO_LINEAR_CTR[2], util::LoadLittleEndian(ctr_32 + 2));
|
||||
reg::Write(SE->SE_CRYPTO_LINEAR_CTR[3], util::LoadLittleEndian(ctr_32 + 3));
|
||||
}
|
||||
|
||||
void SetEncryptedAesKey(int dst_slot, int kek_slot, const void *key, size_t key_size, AesMode mode) {
|
||||
AMS_ABORT_UNLESS(key_size <= AesKeySizeMax);
|
||||
AMS_ABORT_UNLESS(0 <= dst_slot && dst_slot < AesKeySlotCount);
|
||||
|
@ -206,4 +224,50 @@ namespace ams::se {
|
|||
ExecuteOperationSingleBlock(SE, dst, dst_size, src, src_size);
|
||||
}
|
||||
|
||||
void ComputeAes128Ctr(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, const void *iv, size_t iv_size) {
|
||||
/* If nothing to do, succeed. */
|
||||
if (src_size == 0) { return; }
|
||||
|
||||
/* Validate input. */
|
||||
AMS_ABORT_UNLESS(iv_size == AesBlockSize);
|
||||
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
|
||||
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Determine how many full blocks we can operate on. */
|
||||
const size_t num_blocks = src_size / AesBlockSize;
|
||||
const size_t aligned_size = num_blocks * AesBlockSize;
|
||||
const size_t fractional = src_size - aligned_size;
|
||||
|
||||
/* Here Nintendo writes 1 to SE_SPARE. It's unclear why they do this, but we will do so as well. */
|
||||
SE->SE_SPARE = 0x1;
|
||||
|
||||
/* Configure for AES-CTR encryption/decryption to memory. */
|
||||
SetConfig(SE, true, SE_CONFIG_DST_MEMORY);
|
||||
SetAesConfig(SE, slot, true, AesConfigCtr);
|
||||
|
||||
/* Set the counter. */
|
||||
SetCounter(SE, iv);
|
||||
|
||||
/* Process as many aligned blocks as we can. */
|
||||
if (aligned_size > 0) {
|
||||
/* Configure the engine to process the right number of blocks. */
|
||||
SetBlockCount(SE, num_blocks);
|
||||
|
||||
/* Execute the operation. */
|
||||
ExecuteOperation(SE, SE_OPERATION_OP_START, dst, dst_size, src, aligned_size);
|
||||
|
||||
/* Synchronize around this point. */
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
}
|
||||
|
||||
/* Process a single block to output. */
|
||||
if (fractional > 0 && dst_size > aligned_size) {
|
||||
const size_t copy_size = std::min(fractional, dst_size - aligned_size);
|
||||
|
||||
ExecuteOperationSingleBlock(SE, static_cast<u8 *>(dst) + aligned_size, copy_size, static_cast<const u8 *>(src) + aligned_size, fractional);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue