2020-04-15 20:06:41 -04:00
/*
2020-07-03 05:31:22 -04:00
* keys . c
2020-04-15 20:06:41 -04:00
*
2020-07-03 05:31:22 -04:00
* Copyright ( c ) 2018 - 2020 , SciresM .
* Copyright ( c ) 2019 , shchmue .
2024-04-12 11:47:36 +02:00
* Copyright ( c ) 2020 - 2024 , DarkMatterCore < pabloacurielz @ gmail . com > .
2020-07-03 05:31:22 -04:00
*
* This file is part of nxdumptool ( https : //github.com/DarkMatterCore/nxdumptool).
*
2021-03-25 15:26:58 -04:00
* nxdumptool is free software : you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation , either version 3 of the License , or
* ( at your option ) any later version .
2020-04-15 20:06:41 -04:00
*
2021-03-25 15:26:58 -04:00
* nxdumptool is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
2020-04-15 20:06:41 -04:00
*
* You should have received a copy of the GNU General Public License
2021-03-25 15:26:58 -04:00
* along with this program . If not , see < https : //www.gnu.org/licenses/>.
2020-04-15 20:06:41 -04:00
*/
2021-03-26 00:35:14 -04:00
# include "nxdt_utils.h"
2020-04-11 01:28:26 -04:00
# include "keys.h"
# include "nca.h"
2021-05-11 02:00:33 -04:00
# include "rsa.h"
2023-04-08 13:34:53 +02:00
# include "aes.h"
# include "smc.h"
# include "key_sources.h"
2020-04-11 01:28:26 -04:00
2021-05-11 02:00:33 -04:00
# define ETICKET_RSA_DEVICE_KEY_PUBLIC_EXPONENT 0x10001
2020-04-22 16:53:20 -04:00
2020-04-16 06:13:11 -04:00
/* Type definitions. */
2020-04-11 01:28:26 -04:00
typedef struct {
2023-04-08 13:34:53 +02:00
///< AES-128-ECB key used to derive master KEKs from Erista master KEK sources.
2024-04-05 23:25:32 +02:00
///< Only available in Erista units. Retrieved from the keys file.
2023-04-08 13:34:53 +02:00
u8 tsec_root_key [ AES_128_KEY_SIZE ] ;
2020-04-11 01:28:26 -04:00
2023-04-08 13:34:53 +02:00
///< AES-128-ECB key used to derive master KEKs from Mariko master KEK sources.
2024-04-05 23:25:32 +02:00
///< Only available in Mariko units. Retrieved from the keys file -- if available, because it must be manually bruteforced on a PC after dumping keys using a BPMP payload.
2023-04-08 13:34:53 +02:00
u8 mariko_kek [ AES_128_KEY_SIZE ] ;
2020-04-11 01:28:26 -04:00
2023-04-08 13:34:53 +02:00
///< AES-128-ECB keys used to decrypt the vast majority of Switch content.
2024-04-05 23:25:32 +02:00
///< Derived at runtime using hardcoded key sources and additional keydata retrieved from the keys file.
2023-04-08 13:34:53 +02:00
u8 master_keys [ NcaKeyGeneration_Max ] [ AES_128_KEY_SIZE ] ;
2022-07-05 03:04:28 +02:00
2023-04-08 13:34:53 +02:00
///< AES-128-XTS key needed to handle NCA header crypto.
///< Generated from hardcoded key sources.
u8 nca_header_key [ AES_128_KEY_SIZE * 2 ] ;
2022-07-05 03:04:28 +02:00
2021-05-11 02:00:33 -04:00
///< AES-128-ECB keys needed to handle key area crypto from NCA headers.
2023-04-08 13:34:53 +02:00
///< Generated from hardcoded key sources and master keys.
u8 nca_kaek [ NcaKeyAreaEncryptionKeyIndex_Count ] [ NcaKeyGeneration_Max ] [ AES_128_KEY_SIZE ] ;
2022-07-05 03:04:28 +02:00
2021-05-11 02:00:33 -04:00
///< AES-128-CTR key needed to decrypt the console-specific eTicket RSA device key stored in PRODINFO.
2024-04-05 23:25:32 +02:00
///< Retrieved from the keys file. Verified by decrypting the eTicket RSA device key.
2023-04-08 13:34:53 +02:00
///< The key itself may or may not be console-specific (personalized), based on the eTicket RSA device key generation value.
u8 eticket_rsa_kek [ AES_128_KEY_SIZE ] ;
2022-07-05 03:04:28 +02:00
2021-05-11 02:00:33 -04:00
///< AES-128-ECB keys needed to decrypt titlekeys.
2023-04-08 13:34:53 +02:00
///< Generated from a hardcoded key source and master keys.
u8 ticket_common_keys [ NcaKeyGeneration_Max ] [ AES_128_KEY_SIZE ] ;
///< AES-128-CBC key needed to decrypt the CardInfo area from gamecard headers.
///< Generated from hardcoded key sources.
u8 gc_cardinfo_key [ AES_128_KEY_SIZE ] ;
} KeysNxKeyset ;
2021-05-11 02:00:33 -04:00
/// Used to parse the eTicket RSA device key retrieved from PRODINFO via setcalGetEticketDeviceKey().
/// Everything after the AES CTR is encrypted using the eTicket RSA device key encryption key.
typedef struct {
2021-05-21 09:34:43 -04:00
u8 ctr [ AES_128_KEY_SIZE ] ;
u8 private_exponent [ RSA2048_BYTES ] ;
u8 modulus [ RSA2048_BYTES ] ;
2021-05-22 04:45:40 -04:00
u32 public_exponent ; ///< Stored using big endian byte order. Must match ETICKET_RSA_DEVICE_KEY_PUBLIC_EXPONENT.
2021-05-11 02:00:33 -04:00
u8 padding [ 0x14 ] ;
u64 device_id ;
u8 ghash [ 0x10 ] ;
} EticketRsaDeviceKey ;
NXDT_ASSERT ( EticketRsaDeviceKey , 0x240 ) ;
2020-04-11 01:28:26 -04:00
2021-05-18 08:32:43 -04:00
/* Function prototypes. */
2023-04-08 13:34:53 +02:00
static bool keysIsKeyEmpty ( const void * key ) ;
2021-05-18 08:32:43 -04:00
2022-04-18 23:38:18 +02:00
static int keysGetKeyAndValueFromFile ( FILE * f , char * * line , char * * key , char * * value ) ;
2023-10-23 00:44:40 +02:00
static bool keysParseHexKey ( u8 * out , size_t out_size , const char * key , const char * value ) ;
2021-05-18 08:32:43 -04:00
static bool keysReadKeysFromFile ( void ) ;
2023-04-08 13:34:53 +02:00
static bool keysDeriveMasterKeys ( void ) ;
static bool keysDeriveNcaHeaderKey ( void ) ;
static bool keysDerivePerGenerationKeys ( void ) ;
static bool keysDeriveGcCardInfoKey ( void ) ;
2022-09-13 02:22:15 +02:00
2021-05-18 08:32:43 -04:00
static bool keysGetDecryptedEticketRsaDeviceKey ( void ) ;
static bool keysTestEticketRsaDeviceKey ( const void * e , const void * d , const void * n ) ;
2023-04-08 13:34:53 +02:00
static bool keysGenerateAesKek ( const u8 * kek_src , u8 key_generation , SmcGenerateAesKekOption option , u8 * out_kek ) ;
static bool keysLoadAesKey ( const u8 * kek , const u8 * key_src , u8 * out_key ) ;
static bool keysGenerateAesKey ( const u8 * kek , const u8 * key_src , u8 * out_key ) ;
2021-05-22 04:45:40 -04:00
2023-04-08 13:34:53 +02:00
static bool keysLoadAesKeyFromAesKek ( const u8 * kek_src , u8 key_generation , SmcGenerateAesKekOption option , const u8 * key_src , u8 * out_key ) ;
static bool keysGenerateAesKeyFromAesKek ( const u8 * kek_src , u8 key_generation , SmcGenerateAesKekOption option , const u8 * key_src , u8 * out_key ) ;
2023-03-29 23:14:21 +02:00
2020-04-16 06:13:11 -04:00
/* Global variables. */
2022-09-13 02:22:15 +02:00
static bool g_keysetLoaded = false ;
static Mutex g_keysetMutex = 0 ;
2024-04-09 02:05:44 +02:00
static u8 g_atmosphereKeyGeneration = 0 , g_currentMasterKeyIndex = 0 ;
static bool g_outdatedMasterKeyVectors = false , g_lowMasterKeyRequirement = false ;
2024-04-05 23:25:32 +02:00
2021-05-11 02:00:33 -04:00
static SetCalRsa2048DeviceKey g_eTicketRsaDeviceKey = { 0 } ;
2023-04-08 13:34:53 +02:00
static KeysNxKeyset g_nxKeyset = { 0 } ;
2021-05-11 02:00:33 -04:00
2024-04-05 23:25:32 +02:00
static bool g_tsecRootKeyAvailable = false , g_marikoKekAvailable = false ;
2022-09-13 02:22:15 +02:00
2023-11-03 02:22:47 +01:00
static bool g_wipedSetCal = false ;
2021-05-22 04:45:40 -04:00
bool keysLoadKeyset ( void )
2020-04-11 01:28:26 -04:00
{
2021-05-18 08:32:43 -04:00
bool ret = false ;
2022-07-05 03:04:28 +02:00
2021-05-22 04:45:40 -04:00
SCOPED_LOCK ( & g_keysetMutex )
2021-05-11 02:00:33 -04:00
{
2021-05-22 04:45:40 -04:00
ret = g_keysetLoaded ;
2021-05-18 08:32:43 -04:00
if ( ret ) break ;
2022-07-05 03:04:28 +02:00
2024-04-05 23:25:32 +02:00
/* Get Atmosphère's key generation. */
/* This actually represents an index, so we must be careful whenever we use it. */
g_atmosphereKeyGeneration = utilsGetAtmosphereKeyGeneration ( ) ;
2024-04-09 02:05:44 +02:00
/* Get current master key index. */
g_currentMasterKeyIndex = ( NcaKeyGeneration_Current - 1 ) ;
/* Determine if our master key vectors are outdated. */
g_outdatedMasterKeyVectors = ( g_atmosphereKeyGeneration > g_currentMasterKeyIndex ) ;
/* Determine if we're dealing with a lower master key requirement. */
g_lowMasterKeyRequirement = ( g_atmosphereKeyGeneration < g_currentMasterKeyIndex ) ;
2023-04-08 13:34:53 +02:00
/* Get eTicket RSA device key. */
Result rc = setcalGetEticketDeviceKey ( & g_eTicketRsaDeviceKey ) ;
if ( R_FAILED ( rc ) )
2021-05-18 08:32:43 -04:00
{
2023-04-08 13:34:53 +02:00
LOG_MSG_ERROR ( " setcalGetEticketDeviceKey failed! (0x%X). " , rc ) ;
2021-05-18 08:32:43 -04:00
break ;
}
2022-07-05 03:04:28 +02:00
2024-04-05 23:25:32 +02:00
/* Read data from the keys file. */
2023-04-08 13:34:53 +02:00
if ( ! keysReadKeysFromFile ( ) ) break ;
/* Derive master keys. */
2024-04-05 23:25:32 +02:00
if ( ! keysDeriveMasterKeys ( ) ) break ;
2022-07-05 03:04:28 +02:00
2021-05-18 08:32:43 -04:00
/* Derive NCA header key. */
2023-04-08 13:34:53 +02:00
if ( ! keysDeriveNcaHeaderKey ( ) ) break ;
2022-07-05 03:04:28 +02:00
2023-04-08 13:34:53 +02:00
/* Derive per-generation keys. */
if ( ! keysDerivePerGenerationKeys ( ) ) break ;
/* Derive gamecard CardInfo key */
if ( ! keysDeriveGcCardInfoKey ( ) )
2021-05-18 08:32:43 -04:00
{
2023-04-08 13:34:53 +02:00
LOG_MSG_ERROR ( " Failed to derive gamecard CardInfo key! " ) ;
2021-05-18 08:32:43 -04:00
break ;
}
2022-07-05 03:04:28 +02:00
2021-05-18 08:32:43 -04:00
/* Get decrypted eTicket RSA device key. */
if ( ! keysGetDecryptedEticketRsaDeviceKey ( ) ) break ;
2022-07-05 03:04:28 +02:00
2021-05-18 08:32:43 -04:00
/* Update flags. */
2021-05-22 04:45:40 -04:00
ret = g_keysetLoaded = true ;
2021-05-11 02:00:33 -04:00
}
2022-07-05 03:04:28 +02:00
2022-07-12 18:34:49 +02:00
# if LOG_LEVEL == LOG_LEVEL_DEBUG
2022-09-13 02:22:15 +02:00
LOG_DATA_DEBUG ( & g_eTicketRsaDeviceKey , sizeof ( SetCalRsa2048DeviceKey ) , " eTicket RSA device key dump: " ) ;
2023-04-08 13:34:53 +02:00
LOG_DATA_DEBUG ( & g_nxKeyset , sizeof ( KeysNxKeyset ) , " NX keyset dump: " ) ;
2022-07-12 18:34:49 +02:00
# endif
2022-07-05 03:04:28 +02:00
2020-05-02 19:40:50 -04:00
return ret ;
2020-04-11 01:28:26 -04:00
}
const u8 * keysGetNcaHeaderKey ( void )
{
2021-05-18 08:32:43 -04:00
const u8 * ret = NULL ;
2022-07-05 03:04:28 +02:00
2021-05-22 04:45:40 -04:00
SCOPED_LOCK ( & g_keysetMutex )
2021-05-18 08:32:43 -04:00
{
2023-04-08 13:34:53 +02:00
if ( g_keysetLoaded ) ret = ( const u8 * ) ( g_nxKeyset . nca_header_key ) ;
2021-05-21 09:34:43 -04:00
}
2022-07-05 03:04:28 +02:00
2021-05-21 09:34:43 -04:00
return ret ;
}
2023-04-08 13:34:53 +02:00
const u8 * keysGetNcaKeyAreaEncryptionKey ( u8 kaek_index , u8 key_generation )
2020-04-11 01:28:26 -04:00
{
2023-04-08 13:34:53 +02:00
const u8 * ret = NULL ;
2024-04-05 23:25:32 +02:00
const u8 mkey_index = ( key_generation ? ( key_generation - 1 ) : key_generation ) ;
2022-07-05 03:04:28 +02:00
2021-05-11 02:00:33 -04:00
if ( kaek_index > = NcaKeyAreaEncryptionKeyIndex_Count )
2020-04-11 01:28:26 -04:00
{
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " Invalid KAEK index! (0x%02X). " , kaek_index ) ;
2021-05-11 02:00:33 -04:00
goto end ;
2020-04-11 01:28:26 -04:00
}
2022-07-05 03:04:28 +02:00
Rework signature/cert/tik interfaces.
* signature: add comments to SignatureType enum entries about the exact signing algorithms and padding schemes used.
* signature: rename signatureGetSigType() -> signatureGetTypeFromSignedBlob().
* signature: rename signatureIsValidSigType() -> signatureIsValidType().
* signature: rename signatureGetSigSize() -> signatureGetSigSizeByType().
* signature: rename signatureGetBlockSize() -> signatureGetBlockSizeByType().
* signature: rename signatureGetSig() -> signatureGetSigFromSignedBlob().
* signature: rename signatureGetPayload() -> signatureGetPayloadFromSignedBlob().
* signature: add signatureGetBlockSizeFromSignedBlob().
* cert: add more comments to the code.
* cert: update code to match signature interface changes.
* cert: add CERT_RSA_PUB_EXP_SIZE macro.
* cert: change public_exponent field in CertPublicKeyBlockRsa* structs from u32 to u8 array.
* cert: add size field to CertificateChain struct.
* cert: rename certGetCommonBlock() -> certGetCommonBlockFromSignedCertBlob.
* cert: rename certGetPublicKeySize() -> certGetPublicKeySizeByType().
* cert: rename certGetPublicKeyBlockSize() -> certGetPublicKeyBlockSizeByType().
* cert: rename certIsValidCertificate() -> certIsValidSignedCertBlob().
* cert: rename certGetSignedCertificateSize() -> certGetSignedCertBlobSize().
* cert: rename certGetSignedCertificateHashAreaSize() -> certGetSignedCertBlobHashAreaSize().
* cert: remove certGetPublicKey(), certGetPublicExponent() and certCalculateRawCertificateChainSize().
* cert: add certGetPublicKeyTypeFromCommonBlock(), certGetPublicKeyTypeFromSignedCertBlob(), certGetPublicKeySizeFromSignedCertBlob(), certGetPublicKeyBlockSizeFromSignedCertBlob(), certGetPublicKeyFromSignedCertBlob(), certGetPublicExponentFromSignedCertBlob(), certIsValidCertificate() (w/diff func sig), certGetCommonBlockFromCertificate(), certGetPublicKeyTypeFromCertificate(), certGetPublicKeySizeFromCertificate(), certGetPublicKeyBlockSizeFromCertificate(), certGetPublicKeyFromCertificate(), certGetPublicExponentFromCertificate() and certGetHashAreaSizeFromCertificate() functions.
* cert: avoid byteswapping the public key type value in multiple places -- it is now only being done in certGetPublicKeyTypeFromCommonBlock().
* cert: call certFreeCertificateChain() in _certRetrieveCertificateChainBySignatureIssuer() before attempting to retrieve the certificate chain.
* cert: other minor changes and corrections.
* tik: update code to match signature interface changes.
* tik: add missing comments to TikPropertyMask enum entries.
* tik: add key_generation, enc_titlekey_str and dec_titlekey_str fields to Ticket struct.
* tik: update tikRetrieveTicketByRightsId() to also take in a key_generation argument, instead of getting it from the rights ID (which could fail if it's using a key generation lower than HOS 3.0.1) or the key_generation field from the common ticket block (which could fail if the ticket has been tampered by certain tools).
* tik: rename tikGetCommonBlock() -> tikGetCommonBlockFromSignedTicketBlob().
* tik: change function signature for tikGetTicketSectionRecordsBlockSize().
* tik: rename tikIsValidTicket() -> tikIsValidSignedTicketBlob().
* tik: rename tikGetSignedTicketSize() -> tikGetSignedTicketBlobSize().
* tik: rename tikGetSignedTicketHashAreaSize() -> tikGetSignedTicketBlobHashAreaSize().
* tik: rename tikGetEncryptedTitleKeyFromTicket() -> tikGetEncryptedTitleKey().
* tik: add tikIsValidTicket() (w/diff func sig), tikGetCommonBlockFromTicket(), tikGetHashAreaSizeFromTicket(), tikFixTamperedCommonTicket(), tikVerifyRsa2048Sha256Signature() and tikDecryptVolatileTicket() functions. Ticket signature verification is only carried out for common tickets in tikFixTamperedCommonTicket().
* tik: change argument order in tikGetTicketEntryOffsetFromTicketList() and tikRetrieveTicketEntryFromTicketBin().
* tik: add TIK_COMMON_CERT_NAME and TIK_DEV_CERT_ISSUER macros.
* tik: use a scoped lock when calling tikRetrieveTicketFromEsSaveDataByRightsId().
* tik: simplify certificate chain retrieval steps in tikConvertPersonalizedTicketToCommonTicket() by always using the XS00000020 certificate.
* tik: wipe license_type and property_mask fields in tikConvertPersonalizedTicketToCommonTicket().
* tik: other minor changes and corrections.
Other changes include:
* keys: fix key generation checks in keysGetNcaKeyAreaKeyEncryptionKey() and keysGetTicketCommonKey().
* rsa: move core logic from rsa2048VerifySha256BasedPssSignature() into a new function: rsa2048VerifySha256BasedSignature().
* rsa: add rsa2048VerifySha256BasedPkcs1v15Signature() function.
2023-10-15 17:53:46 +02:00
if ( key_generation > NcaKeyGeneration_Max )
2021-05-11 02:00:33 -04:00
{
2023-04-08 13:34:53 +02:00
LOG_MSG_ERROR ( " Invalid key generation value! (0x%02X). " , key_generation ) ;
2021-05-11 02:00:33 -04:00
goto end ;
}
2022-07-05 03:04:28 +02:00
2021-05-22 04:45:40 -04:00
SCOPED_LOCK ( & g_keysetMutex )
2021-05-11 02:00:33 -04:00
{
2021-05-22 04:45:40 -04:00
if ( ! g_keysetLoaded ) break ;
2022-07-05 03:04:28 +02:00
2024-04-05 23:25:32 +02:00
ret = ( const u8 * ) ( g_nxKeyset . nca_kaek [ kaek_index ] [ mkey_index ] ) ;
2022-07-05 03:04:28 +02:00
2023-04-08 13:34:53 +02:00
if ( keysIsKeyEmpty ( ret ) )
{
2024-04-05 23:25:32 +02:00
LOG_MSG_ERROR ( " NCA KAEK for type %02X and generation %02X unavailable. " , kaek_index , mkey_index ) ;
2023-04-08 13:34:53 +02:00
ret = NULL ;
}
2021-05-18 08:32:43 -04:00
}
2022-07-05 03:04:28 +02:00
2021-05-11 02:00:33 -04:00
end :
2021-05-18 08:32:43 -04:00
return ret ;
2020-04-11 01:28:26 -04:00
}
2021-05-11 02:00:33 -04:00
bool keysDecryptRsaOaepWrappedTitleKey ( const void * rsa_wrapped_titlekey , void * out_titlekey )
2020-04-11 01:28:26 -04:00
{
2021-05-11 02:00:33 -04:00
if ( ! rsa_wrapped_titlekey | | ! out_titlekey )
2020-04-11 01:28:26 -04:00
{
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " Invalid parameters! " ) ;
2021-05-11 02:00:33 -04:00
return false ;
2020-04-11 01:28:26 -04:00
}
2022-07-05 03:04:28 +02:00
2021-05-18 08:32:43 -04:00
bool ret = false ;
2022-07-05 03:04:28 +02:00
2021-05-22 04:45:40 -04:00
SCOPED_LOCK ( & g_keysetMutex )
2020-04-11 01:28:26 -04:00
{
2023-11-04 12:38:09 +01:00
if ( ! g_keysetLoaded | | g_wipedSetCal ) break ;
2022-07-05 03:04:28 +02:00
2021-05-18 08:32:43 -04:00
size_t out_keydata_size = 0 ;
2021-05-21 09:34:43 -04:00
u8 out_keydata [ RSA2048_BYTES ] = { 0 } ;
2022-07-05 03:04:28 +02:00
2021-05-11 02:00:33 -04:00
/* Get eTicket RSA device key. */
2021-05-18 08:32:43 -04:00
EticketRsaDeviceKey * eticket_rsa_key = ( EticketRsaDeviceKey * ) g_eTicketRsaDeviceKey . key ;
2022-07-05 03:04:28 +02:00
2021-05-11 02:00:33 -04:00
/* Perform a RSA-OAEP unwrap operation to get the encrypted titlekey. */
2021-05-21 09:34:43 -04:00
/* ES uses a NULL string as the label. */
ret = ( rsa2048OaepDecrypt ( out_keydata , sizeof ( out_keydata ) , rsa_wrapped_titlekey , eticket_rsa_key - > modulus , & ( eticket_rsa_key - > public_exponent ) , sizeof ( eticket_rsa_key - > public_exponent ) , \
eticket_rsa_key - > private_exponent , sizeof ( eticket_rsa_key - > private_exponent ) , NULL , 0 , & out_keydata_size ) & & out_keydata_size > = AES_128_KEY_SIZE ) ;
2021-05-18 08:32:43 -04:00
if ( ret )
2021-05-11 02:00:33 -04:00
{
/* Copy RSA-OAEP unwrapped titlekey. */
memcpy ( out_titlekey , out_keydata , AES_128_KEY_SIZE ) ;
} else {
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " RSA-OAEP titlekey decryption failed! " ) ;
2021-05-11 02:00:33 -04:00
}
2020-04-11 01:28:26 -04:00
}
2022-07-05 03:04:28 +02:00
2021-05-18 08:32:43 -04:00
return ret ;
2021-05-11 02:00:33 -04:00
}
const u8 * keysGetTicketCommonKey ( u8 key_generation )
{
2021-05-18 08:32:43 -04:00
const u8 * ret = NULL ;
2024-04-05 23:25:32 +02:00
const u8 mkey_index = ( key_generation ? ( key_generation - 1 ) : key_generation ) ;
2022-07-05 03:04:28 +02:00
Rework signature/cert/tik interfaces.
* signature: add comments to SignatureType enum entries about the exact signing algorithms and padding schemes used.
* signature: rename signatureGetSigType() -> signatureGetTypeFromSignedBlob().
* signature: rename signatureIsValidSigType() -> signatureIsValidType().
* signature: rename signatureGetSigSize() -> signatureGetSigSizeByType().
* signature: rename signatureGetBlockSize() -> signatureGetBlockSizeByType().
* signature: rename signatureGetSig() -> signatureGetSigFromSignedBlob().
* signature: rename signatureGetPayload() -> signatureGetPayloadFromSignedBlob().
* signature: add signatureGetBlockSizeFromSignedBlob().
* cert: add more comments to the code.
* cert: update code to match signature interface changes.
* cert: add CERT_RSA_PUB_EXP_SIZE macro.
* cert: change public_exponent field in CertPublicKeyBlockRsa* structs from u32 to u8 array.
* cert: add size field to CertificateChain struct.
* cert: rename certGetCommonBlock() -> certGetCommonBlockFromSignedCertBlob.
* cert: rename certGetPublicKeySize() -> certGetPublicKeySizeByType().
* cert: rename certGetPublicKeyBlockSize() -> certGetPublicKeyBlockSizeByType().
* cert: rename certIsValidCertificate() -> certIsValidSignedCertBlob().
* cert: rename certGetSignedCertificateSize() -> certGetSignedCertBlobSize().
* cert: rename certGetSignedCertificateHashAreaSize() -> certGetSignedCertBlobHashAreaSize().
* cert: remove certGetPublicKey(), certGetPublicExponent() and certCalculateRawCertificateChainSize().
* cert: add certGetPublicKeyTypeFromCommonBlock(), certGetPublicKeyTypeFromSignedCertBlob(), certGetPublicKeySizeFromSignedCertBlob(), certGetPublicKeyBlockSizeFromSignedCertBlob(), certGetPublicKeyFromSignedCertBlob(), certGetPublicExponentFromSignedCertBlob(), certIsValidCertificate() (w/diff func sig), certGetCommonBlockFromCertificate(), certGetPublicKeyTypeFromCertificate(), certGetPublicKeySizeFromCertificate(), certGetPublicKeyBlockSizeFromCertificate(), certGetPublicKeyFromCertificate(), certGetPublicExponentFromCertificate() and certGetHashAreaSizeFromCertificate() functions.
* cert: avoid byteswapping the public key type value in multiple places -- it is now only being done in certGetPublicKeyTypeFromCommonBlock().
* cert: call certFreeCertificateChain() in _certRetrieveCertificateChainBySignatureIssuer() before attempting to retrieve the certificate chain.
* cert: other minor changes and corrections.
* tik: update code to match signature interface changes.
* tik: add missing comments to TikPropertyMask enum entries.
* tik: add key_generation, enc_titlekey_str and dec_titlekey_str fields to Ticket struct.
* tik: update tikRetrieveTicketByRightsId() to also take in a key_generation argument, instead of getting it from the rights ID (which could fail if it's using a key generation lower than HOS 3.0.1) or the key_generation field from the common ticket block (which could fail if the ticket has been tampered by certain tools).
* tik: rename tikGetCommonBlock() -> tikGetCommonBlockFromSignedTicketBlob().
* tik: change function signature for tikGetTicketSectionRecordsBlockSize().
* tik: rename tikIsValidTicket() -> tikIsValidSignedTicketBlob().
* tik: rename tikGetSignedTicketSize() -> tikGetSignedTicketBlobSize().
* tik: rename tikGetSignedTicketHashAreaSize() -> tikGetSignedTicketBlobHashAreaSize().
* tik: rename tikGetEncryptedTitleKeyFromTicket() -> tikGetEncryptedTitleKey().
* tik: add tikIsValidTicket() (w/diff func sig), tikGetCommonBlockFromTicket(), tikGetHashAreaSizeFromTicket(), tikFixTamperedCommonTicket(), tikVerifyRsa2048Sha256Signature() and tikDecryptVolatileTicket() functions. Ticket signature verification is only carried out for common tickets in tikFixTamperedCommonTicket().
* tik: change argument order in tikGetTicketEntryOffsetFromTicketList() and tikRetrieveTicketEntryFromTicketBin().
* tik: add TIK_COMMON_CERT_NAME and TIK_DEV_CERT_ISSUER macros.
* tik: use a scoped lock when calling tikRetrieveTicketFromEsSaveDataByRightsId().
* tik: simplify certificate chain retrieval steps in tikConvertPersonalizedTicketToCommonTicket() by always using the XS00000020 certificate.
* tik: wipe license_type and property_mask fields in tikConvertPersonalizedTicketToCommonTicket().
* tik: other minor changes and corrections.
Other changes include:
* keys: fix key generation checks in keysGetNcaKeyAreaKeyEncryptionKey() and keysGetTicketCommonKey().
* rsa: move core logic from rsa2048VerifySha256BasedPssSignature() into a new function: rsa2048VerifySha256BasedSignature().
* rsa: add rsa2048VerifySha256BasedPkcs1v15Signature() function.
2023-10-15 17:53:46 +02:00
if ( key_generation > NcaKeyGeneration_Max )
2021-05-11 02:00:33 -04:00
{
2023-04-08 13:34:53 +02:00
LOG_MSG_ERROR ( " Invalid key generation value! (0x%02X). " , key_generation ) ;
2021-05-11 02:00:33 -04:00
goto end ;
}
2022-07-05 03:04:28 +02:00
2021-05-22 04:45:40 -04:00
SCOPED_LOCK ( & g_keysetMutex )
2021-05-18 08:32:43 -04:00
{
2023-04-08 13:34:53 +02:00
if ( ! g_keysetLoaded ) break ;
2024-04-05 23:25:32 +02:00
ret = ( const u8 * ) ( g_nxKeyset . ticket_common_keys [ mkey_index ] ) ;
2023-04-08 13:34:53 +02:00
if ( keysIsKeyEmpty ( ret ) )
{
2024-04-05 23:25:32 +02:00
LOG_MSG_ERROR ( " Ticket common key for generation %02X unavailable. " , mkey_index ) ;
2023-04-08 13:34:53 +02:00
ret = NULL ;
}
2021-05-18 08:32:43 -04:00
}
2022-07-05 03:04:28 +02:00
2021-05-11 02:00:33 -04:00
end :
2021-05-18 08:32:43 -04:00
return ret ;
}
2021-05-22 04:45:40 -04:00
const u8 * keysGetGameCardInfoKey ( void )
{
const u8 * ret = NULL ;
2022-07-05 03:04:28 +02:00
2021-05-22 04:45:40 -04:00
SCOPED_LOCK ( & g_keysetMutex )
{
2023-04-08 13:34:53 +02:00
if ( g_keysetLoaded ) ret = ( const u8 * ) ( g_nxKeyset . gc_cardinfo_key ) ;
2021-05-22 04:45:40 -04:00
}
2022-07-05 03:04:28 +02:00
2021-05-22 04:45:40 -04:00
return ret ;
}
2023-04-08 13:34:53 +02:00
static bool keysIsKeyEmpty ( const void * key )
2021-05-18 08:32:43 -04:00
{
2023-04-08 13:34:53 +02:00
const u8 null_key [ AES_128_KEY_SIZE ] = { 0 } ;
return ( memcmp ( key , null_key , AES_128_KEY_SIZE ) = = 0 ) ;
2021-05-11 02:00:33 -04:00
}
2020-04-11 01:28:26 -04:00
/**
* Reads a line from file f and parses out the key and value from it .
2022-04-18 23:38:18 +02:00
* The format of a line must match / ^ [ \ t ] * \ w + [ \ t ] * [ , = ] [ \ t ] * ( ? : [ A - Fa - f0 - 9 ] { 2 } ) + [ \ t ] * $ / .
2020-04-11 01:28:26 -04:00
* If a line ends in \ r , the final \ r is stripped .
* The input file is assumed to have been opened with the ' b ' flag .
* The input file is assumed to contain only ASCII .
*
2022-04-18 23:38:18 +02:00
* On success , * line will point to a dynamically allocated buffer that holds
* the read line , whilst * key and * value will be set to point to the key and
* value strings within * line , respectively . * line must be freed by the caller .
* On failure , * line , * key and * value will all be set to NULL .
* Empty lines and end of file are both considered failures .
2020-04-11 01:28:26 -04:00
*
2022-04-18 23:38:18 +02:00
* This function is thread - safe .
2020-04-11 01:28:26 -04:00
*
2022-04-18 23:38:18 +02:00
* Both key and value strings will be converted to lowercase .
* Empty key and / or value strings are both considered a parse error .
* Furthermore , a parse error will also be returned if the value string length
* is not a multiple of 2.
2020-04-11 01:28:26 -04:00
*
* This function assumes that the file can be trusted not to contain any NUL in
* the contents .
*
* Whitespace ( ' ' , ASCII 0x20 , as well as ' \t ' , ASCII 0x09 ) at the beginning of
* the line , at the end of the line as well as around = ( or , ) will be ignored .
*
* @ param f the file to read
2022-04-18 23:38:18 +02:00
* @ param line pointer to change to point to the read line
2020-04-11 01:28:26 -04:00
* @ param key pointer to change to point to the key
* @ param value pointer to change to point to the value
* @ return 0 on success ,
* 1 on end of file ,
2022-04-18 23:38:18 +02:00
* - 1 on parse error ( line malformed , empty line )
2020-04-11 01:28:26 -04:00
* - 2 on I / O error
*/
2022-04-18 23:38:18 +02:00
static int keysGetKeyAndValueFromFile ( FILE * f , char * * line , char * * key , char * * value )
2020-04-11 01:28:26 -04:00
{
2022-04-18 23:38:18 +02:00
if ( ! f | | ! line | | ! key | | ! value )
2020-04-11 01:28:26 -04:00
{
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " Invalid parameters! " ) ;
2020-04-11 01:28:26 -04:00
return - 2 ;
}
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
int ret = - 1 ;
size_t n = 0 ;
ssize_t read = 0 ;
char * l = NULL , * k = NULL , * v = NULL , * p = NULL , * e = NULL ;
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
/* Clear inputs beforehand. */
if ( * line ) free ( * line ) ;
* line = * key = * value = NULL ;
2020-04-11 01:28:26 -04:00
errno = 0 ;
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
/* Read line. */
read = __getline ( line , & n , f ) ;
if ( errno ! = 0 | | read < = 0 )
2020-04-11 01:28:26 -04:00
{
2022-04-18 23:38:18 +02:00
ret = ( ( errno = = 0 & & ( read = = 0 | | feof ( f ) ) ) ? 1 : - 2 ) ;
2022-07-12 18:34:49 +02:00
if ( ret ! = 1 ) LOG_MSG_ERROR ( " __getline failed! (0x%lX, %ld, %d, %d). " , ftell ( f ) , read , errno , ret ) ;
2022-04-18 23:38:18 +02:00
goto end ;
2020-04-11 01:28:26 -04:00
}
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
n = ( ftell ( f ) - ( size_t ) read ) ;
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
/* Check if we're dealing with an empty line. */
l = * line ;
if ( * l = = ' \n ' | | * l = = ' \r ' | | * l = = ' \0 ' )
{
2022-07-12 18:34:49 +02:00
LOG_MSG_WARNING ( " Empty line detected! (0x%lX, 0x%lX). " , n , read ) ;
2022-04-18 23:38:18 +02:00
goto end ;
}
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
/* Not finding '\r' or '\n' is not a problem. */
/* It's possible that the last line of a file isn't actually a line (i.e., does not end in '\n'). */
/* We do want to handle those. */
if ( ( p = strchr ( l , ' \r ' ) ) ! = NULL | | ( p = strchr ( l , ' \n ' ) ) ! = NULL )
2020-04-11 01:28:26 -04:00
{
2022-04-18 23:38:18 +02:00
e = p ;
2020-04-11 01:28:26 -04:00
* p = ' \0 ' ;
} else {
2022-04-18 23:38:18 +02:00
e = ( l + read + 1 ) ;
2020-04-11 01:28:26 -04:00
}
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
# define SKIP_SPACE(p) do { \
for ( ; ( * p = = ' ' | | * p = = ' \t ' ) ; + + p ) ; \
} while ( 0 ) ;
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
/* Skip leading whitespace before the key name string. */
p = l ;
2020-04-11 01:28:26 -04:00
SKIP_SPACE ( p ) ;
k = p ;
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
/* Validate key name string. */
for ( ; * p ! = ' ' & & * p ! = ' \t ' & & * p ! = ' , ' & & * p ! = ' = ' ; + + p )
2020-04-11 01:28:26 -04:00
{
2022-04-18 23:38:18 +02:00
/* Bail out if we reached the end of string. */
if ( * p = = ' \0 ' )
{
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " End of string reached while validating key name string! (#1) (0x%lX, 0x%lX, 0x%lX). " , n , read , ( size_t ) ( p - l ) ) ;
2022-04-18 23:38:18 +02:00
goto end ;
}
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
/* Convert uppercase characters to lowercase. */
2020-04-11 01:28:26 -04:00
if ( * p > = ' A ' & & * p < = ' Z ' )
{
2022-04-18 23:38:18 +02:00
* p = ( ' a ' + ( * p - ' A ' ) ) ;
2020-04-11 01:28:26 -04:00
continue ;
}
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
/* Handle unsupported characters. */
if ( * p ! = ' _ ' & & ( * p < ' 0 ' | | * p > ' 9 ' ) & & ( * p < ' a ' | | * p > ' z ' ) )
{
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " Unsupported character detected in key name string! (0x%lX, 0x%lX, 0x%lX, 0x%02X). " , n , read , ( size_t ) ( p - l ) , * p ) ;
2022-04-18 23:38:18 +02:00
goto end ;
}
2020-04-11 01:28:26 -04:00
}
2022-07-05 03:04:28 +02:00
2020-07-05 20:10:07 -04:00
/* Bail if the final ++p put us at the end of string. */
2022-04-18 23:38:18 +02:00
if ( * p = = ' \0 ' )
{
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " End of string reached while validating key name string! (#2) (0x%lX, 0x%lX, 0x%lX). " , n , read , ( size_t ) ( p - l ) ) ;
2022-04-18 23:38:18 +02:00
goto end ;
}
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
/* We should be at the end of the key name string now and either whitespace or [,=] follows. */
2020-04-11 01:28:26 -04:00
if ( * p = = ' = ' | | * p = = ' , ' )
{
* p + + = ' \0 ' ;
} else {
2022-04-18 23:38:18 +02:00
/* Skip leading whitespace before [,=]. */
2020-04-11 01:28:26 -04:00
* p + + = ' \0 ' ;
SKIP_SPACE ( p ) ;
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
if ( * p ! = ' = ' & & * p ! = ' , ' )
{
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " Unable to find expected [,=]! (0x%lX, 0x%lX, 0x%lX). " , n , read , ( size_t ) ( p - l ) ) ;
2022-04-18 23:38:18 +02:00
goto end ;
}
2022-07-05 03:04:28 +02:00
2020-04-11 01:28:26 -04:00
* p + + = ' \0 ' ;
}
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
/* Empty key name string is an error. */
if ( * k = = ' \0 ' )
{
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " Key name string empty! (0x%lX, 0x%lX). " , n , read ) ;
2022-04-18 23:38:18 +02:00
goto end ;
}
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
/* Skip trailing whitespace after [,=]. */
2020-04-11 01:28:26 -04:00
SKIP_SPACE ( p ) ;
v = p ;
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
# undef SKIP_SPACE
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
/* Validate value string. */
for ( ; p < e & & * p ! = ' ' & & * p ! = ' \t ' ; + + p )
{
/* Bail out if we reached the end of string. */
if ( * p = = ' \0 ' )
{
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " End of string reached while validating value string! (0x%lX, 0x%lX, 0x%lX, %s). " , n , read , ( size_t ) ( p - l ) , k ) ;
2022-04-18 23:38:18 +02:00
goto end ;
}
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
/* Convert uppercase characters to lowercase. */
if ( * p > = ' A ' & & * p < = ' F ' )
{
* p = ( ' a ' + ( * p - ' A ' ) ) ;
continue ;
}
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
/* Handle unsupported characters. */
if ( ( * p < ' 0 ' | | * p > ' 9 ' ) & & ( * p < ' a ' | | * p > ' f ' ) )
{
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " Unsupported character detected in value string! (0x%lX, 0x%lX, 0x%lX, 0x%02X, %s). " , n , read , ( size_t ) ( p - l ) , * p , k ) ;
2022-04-18 23:38:18 +02:00
goto end ;
}
}
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
/* We should be at the end of the value string now and whitespace may optionally follow. */
l = p ;
if ( p < e )
{
/* Skip trailing whitespace after the value string. */
/* Make sure there's no additional data after this. */
* p + + = ' \0 ' ;
for ( ; p < e & & ( * p = = ' ' | | * p = = ' \t ' ) ; + + p ) ;
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
if ( p < e )
{
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " Additional data detected after value string and before line end! (0x%lX, 0x%lX, 0x%lX, %s). " , n , read , ( size_t ) ( p - * line ) , k ) ;
2022-04-18 23:38:18 +02:00
goto end ;
}
}
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
/* Empty value string and value string length not being a multiple of 2 are both errors. */
if ( * v = = ' \0 ' | | ( ( l - v ) % 2 ) ! = 0 )
{
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " Invalid value string length! (0x%lX, 0x%lX, 0x%lX, %s). " , n , read , ( size_t ) ( l - v ) , k ) ;
2022-04-18 23:38:18 +02:00
goto end ;
}
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
/* Update pointers. */
2020-04-11 01:28:26 -04:00
* key = k ;
* value = v ;
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
/* Update return value. */
ret = 0 ;
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
end :
if ( ret ! = 0 )
{
if ( * line ) free ( * line ) ;
* line = * key = * value = NULL ;
}
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
return ret ;
2020-04-11 01:28:26 -04:00
}
2023-10-23 00:44:40 +02:00
static bool keysParseHexKey ( u8 * out , size_t out_size , const char * key , const char * value )
2020-04-11 01:28:26 -04:00
{
2023-10-23 00:44:40 +02:00
if ( ! out | | ! out_size | | ! key | | ! * key | | ! value | | ! * value )
2020-04-11 01:28:26 -04:00
{
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " Invalid parameters! " ) ;
2020-04-11 01:28:26 -04:00
return false ;
}
2022-07-05 03:04:28 +02:00
2023-10-23 00:44:40 +02:00
bool success = utilsParseHexString ( out , out_size , value , 0 ) ;
if ( ! success ) LOG_MSG_ERROR ( " Failed to parse key \" %s \" ! " , key ) ;
2022-07-05 03:04:28 +02:00
2023-10-23 00:44:40 +02:00
return success ;
2020-04-11 01:28:26 -04:00
}
static bool keysReadKeysFromFile ( void )
{
int ret = 0 ;
u32 key_count = 0 ;
FILE * keys_file = NULL ;
2022-04-18 23:38:18 +02:00
char * line = NULL , * key = NULL , * value = NULL ;
2020-04-11 01:28:26 -04:00
char test_name [ 0x40 ] = { 0 } ;
2023-04-08 13:34:53 +02:00
2022-02-10 19:05:07 +01:00
const char * keys_file_path = ( utilsIsDevelopmentUnit ( ) ? DEV_KEYS_FILE_PATH : PROD_KEYS_FILE_PATH ) ;
2024-04-05 23:25:32 +02:00
const bool is_mariko = utilsIsMarikoUnit ( ) ;
2022-07-05 03:04:28 +02:00
2024-04-05 23:25:32 +02:00
bool eticket_rsa_kek_available = false ;
const char * eticket_rsa_kek_name = ( g_eTicketRsaDeviceKey . generation > 0 ? " eticket_rsa_kek_personalized " : " eticket_rsa_kek " ) ;
2023-04-08 13:34:53 +02:00
2022-02-10 19:05:07 +01:00
keys_file = fopen ( keys_file_path , " rb " ) ;
2020-04-11 01:28:26 -04:00
if ( ! keys_file )
{
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " Unable to open \" %s \" to retrieve keys! " , keys_file_path ) ;
2020-04-11 01:28:26 -04:00
return false ;
}
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
# define PARSE_HEX_KEY(name, out, decl) \
2023-10-23 00:44:40 +02:00
if ( ! strcasecmp ( key , name ) & & keysParseHexKey ( out , sizeof ( out ) , key , value ) ) { \
2022-04-18 23:38:18 +02:00
key_count + + ; \
decl ; \
}
2022-07-05 03:04:28 +02:00
2023-04-08 13:34:53 +02:00
# define PARSE_HEX_KEY_WITH_INDEX(name, idx, out, decl) \
snprintf ( test_name , sizeof ( test_name ) , " %s_%02x " , name , idx ) ; \
PARSE_HEX_KEY ( test_name , out , decl ) ;
2022-07-05 03:04:28 +02:00
2020-04-11 01:28:26 -04:00
while ( true )
{
2022-04-18 23:38:18 +02:00
/* Get key and value strings from the current line. */
/* Break from the while loop if EOF is reached or if an I/O error occurs. */
ret = keysGetKeyAndValueFromFile ( keys_file , & line , & key , & value ) ;
if ( ret = = 1 | | ret = = - 2 ) break ;
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
/* Ignore malformed or empty lines. */
2020-04-11 01:28:26 -04:00
if ( ret ! = 0 | | ! key | | ! value ) continue ;
2022-07-05 03:04:28 +02:00
2023-04-08 13:34:53 +02:00
if ( is_mariko )
2020-04-11 01:28:26 -04:00
{
2023-04-08 13:34:53 +02:00
/* Parse Mariko KEK. */
/* This will only appear on Mariko units. */
2024-04-05 23:25:32 +02:00
if ( ! g_marikoKekAvailable )
2023-04-08 13:34:53 +02:00
{
2024-04-05 23:25:32 +02:00
PARSE_HEX_KEY ( " mariko_kek " , g_nxKeyset . mariko_kek , g_marikoKekAvailable = true ; continue ) ;
2023-04-08 13:34:53 +02:00
}
} else {
/* Parse TSEC root key. */
/* This will only appear on Erista units. */
2024-04-05 23:25:32 +02:00
if ( ! g_tsecRootKeyAvailable )
2023-04-08 13:34:53 +02:00
{
2024-04-05 23:25:32 +02:00
PARSE_HEX_KEY_WITH_INDEX ( " tsec_root_key " , TSEC_ROOT_KEY_VERSION , g_nxKeyset . tsec_root_key , g_tsecRootKeyAvailable = true ; continue ) ;
2023-04-08 13:34:53 +02:00
}
}
2022-07-05 03:04:28 +02:00
2023-04-08 13:34:53 +02:00
/* Parse eTicket RSA device KEK. */
/* The personalized entry only appears on consoles that use the new PRODINFO key generation scheme. */
if ( ! eticket_rsa_kek_available )
{
2024-04-05 23:25:32 +02:00
PARSE_HEX_KEY ( eticket_rsa_kek_name , g_nxKeyset . eticket_rsa_kek , eticket_rsa_kek_available = true ; continue ) ;
2023-04-08 13:34:53 +02:00
}
2022-07-05 03:04:28 +02:00
2024-04-09 02:05:44 +02:00
/* Parse master keys, starting with the minimum required one (if dealing with a lower master key requirement) or the last known one. */
for ( u8 i = ( g_lowMasterKeyRequirement ? g_atmosphereKeyGeneration : g_currentMasterKeyIndex ) ; i < NcaKeyGeneration_Max ; i + + )
2023-04-08 13:34:53 +02:00
{
2024-04-05 23:25:32 +02:00
PARSE_HEX_KEY_WITH_INDEX ( " master_key " , i , g_nxKeyset . master_keys [ i ] , break ) ;
2020-04-11 01:28:26 -04:00
}
}
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
# undef PARSE_HEX_KEY_WITH_INDEX
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
# undef PARSE_HEX_KEY
2022-07-05 03:04:28 +02:00
2022-04-18 23:38:18 +02:00
if ( line ) free ( line ) ;
2022-07-05 03:04:28 +02:00
2020-04-11 01:28:26 -04:00
fclose ( keys_file ) ;
2022-07-05 03:04:28 +02:00
2023-04-08 13:34:53 +02:00
/* Bail out if we didn't retrieve a single key. */
2022-04-18 23:38:18 +02:00
if ( key_count )
2020-04-11 01:28:26 -04:00
{
2022-07-12 18:34:49 +02:00
LOG_MSG_INFO ( " Loaded %u key(s) from \" %s \" . " , key_count , keys_file_path ) ;
2022-04-18 23:38:18 +02:00
} else {
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " Unable to parse keys from \" %s \" ! (keys file empty?). " , keys_file_path ) ;
2020-04-11 01:28:26 -04:00
return false ;
}
2022-07-05 03:04:28 +02:00
2024-04-05 23:25:32 +02:00
/* Bail out if we couldn't retrieve the eTicket RSA KEK. */
2020-10-21 00:27:48 -04:00
if ( ! eticket_rsa_kek_available )
{
2024-04-05 23:25:32 +02:00
LOG_MSG_ERROR ( " \" %s \" unavailable in \" %s \" ! " , eticket_rsa_kek_name , keys_file_path ) ;
2020-10-21 00:27:48 -04:00
return false ;
}
2022-07-05 03:04:28 +02:00
2020-04-11 01:28:26 -04:00
return true ;
}
2021-05-11 02:00:33 -04:00
2023-04-08 13:34:53 +02:00
static bool keysDeriveMasterKeys ( void )
2022-09-13 02:22:15 +02:00
{
2024-04-09 02:05:44 +02:00
u8 tmp [ AES_128_KEY_SIZE ] = { 0 } , current_mkey_index = g_currentMasterKeyIndex ;
const bool is_dev = utilsIsDevelopmentUnit ( ) , is_mariko = utilsIsMarikoUnit ( ) ;
bool current_mkey_available = false ;
if ( current_mkey_index ! = g_atmosphereKeyGeneration ) LOG_MSG_WARNING ( " Current key generation mismatch detected (%02X != %02X). " , current_mkey_index , g_atmosphereKeyGeneration ) ;
2024-04-05 23:25:32 +02:00
2024-04-09 02:05:44 +02:00
if ( g_outdatedMasterKeyVectors )
2024-04-05 23:25:32 +02:00
{
/* Our master key vectors are outdated. */
2024-04-09 02:05:44 +02:00
/* This means the user is running both a HOS version with a newer master key generation and an Atmosphère release with support for said HOS version. */
2024-04-05 23:25:32 +02:00
/* Not everything is lost, though. We just need to check if we parsed all master keys between the last one we know and the one Atmosphère supports (inclusive range). */
/* However, since we have no master key vectors for the additional master key(s), we can't reliably test them. */
2024-04-09 02:05:44 +02:00
current_mkey_available = true ;
2024-04-05 23:25:32 +02:00
for ( u8 i = current_mkey_index ; i < = g_atmosphereKeyGeneration ; i + + )
{
if ( keysIsKeyEmpty ( g_nxKeyset . master_keys [ i ] ) )
{
2024-04-09 02:05:44 +02:00
current_mkey_available = false ;
2024-04-05 23:25:32 +02:00
break ;
}
}
2024-04-09 02:05:44 +02:00
/* Bail out immediately if the newer master keys are unavailable. */
if ( ! current_mkey_available )
{
LOG_MSG_ERROR ( " PKG1 key generation (%02X) is higher than the last known \r \n " \
" key generation (%02X). Furthermore, one or more of the newer master keys are not \r \n " \
" available in the keys file. Please redump your console keys and get an updated \r \n " \
APP_TITLE " build before trying again. You can get newer builds at: \r \n %s \r \n %s " , \
g_atmosphereKeyGeneration , current_mkey_index , PRERELEASE_URL , DISCORD_SERVER_URL ) ;
return false ;
}
2024-04-05 23:25:32 +02:00
} else {
/* Our master key vectors are up-to-date. */
2024-04-09 02:05:44 +02:00
/* However, we may also be running under a console with an older HOS version and a lower master key generation. */
/* If this is the case, we'll need to adjust the current master key index to match Atmosphére's key generation value. */
/* There really is no point in demanding the most up-to-date master key under lower firmware versions. */
if ( g_lowMasterKeyRequirement ) current_mkey_index = g_atmosphereKeyGeneration ;
2022-09-13 02:22:15 +02:00
2024-04-09 02:05:44 +02:00
/* Now then, just checking if we have the current master key should suffice. */
current_mkey_available = ! keysIsKeyEmpty ( g_nxKeyset . master_keys [ current_mkey_index ] ) ;
/* Bail out if we're dealing with a lower master key generation and we don't have its master key. */
/* This is because current master key derivation depends on generation-specific master KEKs, and we only hardcode the last known one. */
if ( ! current_mkey_available & & g_lowMasterKeyRequirement )
2024-04-05 23:25:32 +02:00
{
2024-04-09 02:05:44 +02:00
LOG_MSG_ERROR ( " \" master_key_%02x \" unavailable! Unable to derive lower \r \n " \
" master keys. Please redump your console keys and try again. " , current_mkey_index ) ;
2024-04-05 23:25:32 +02:00
return false ;
}
2024-04-09 02:05:44 +02:00
}
2024-04-05 23:25:32 +02:00
2024-04-09 02:05:44 +02:00
/* Derive current master key if it's not populated. */
/* We should only enter this conditional block if Atmosphère's key generation matches our last known master key generation. */
if ( ! current_mkey_available )
{
LOG_MSG_WARNING ( " Current master key (%02X) unavailable. It will be derived. " , current_mkey_index ) ;
2024-04-05 23:25:32 +02:00
2024-04-09 02:05:44 +02:00
/* Derive the current master KEK. */
2024-04-05 23:25:32 +02:00
if ( is_mariko )
2022-09-13 02:22:15 +02:00
{
2024-04-05 23:25:32 +02:00
if ( ! g_marikoKekAvailable )
{
2024-04-09 02:05:44 +02:00
LOG_MSG_ERROR ( " \" mariko_kek \" unavailable! Unable to derive current \r \n " \
" master key. You may need to manually derive it using PartialAesKeyCrack, \r \n " \
" and/or redump your console keys. Please try again afterwards. " ) ;
2024-04-05 23:25:32 +02:00
return false ;
}
2024-04-09 02:05:44 +02:00
/* Derive the current master KEK using the hardcoded Mariko master KEK source and the Mariko KEK. */
2023-04-08 13:34:53 +02:00
aes128EcbCrypt ( tmp , is_dev ? g_marikoMasterKekSourceDev : g_marikoMasterKekSourceProd , g_nxKeyset . mariko_kek , false ) ;
} else {
2024-04-05 23:25:32 +02:00
if ( ! g_tsecRootKeyAvailable )
{
2024-04-09 02:05:44 +02:00
LOG_MSG_ERROR ( " \" tsec_root_key_%02x \" unavailable! Unable to derive \r \n " \
" current master key. Please redump your console keys and try again. " , TSEC_ROOT_KEY_VERSION ) ;
2024-04-05 23:25:32 +02:00
return false ;
}
2024-04-09 02:05:44 +02:00
/* Derive the current master KEK using the hardcoded Erista master KEK source and the TSEC root key. */
2023-04-08 13:34:53 +02:00
aes128EcbCrypt ( tmp , g_eristaMasterKekSource , g_nxKeyset . tsec_root_key , false ) ;
2022-09-13 02:22:15 +02:00
}
2024-04-09 02:05:44 +02:00
/* Derive the current master key using the hardcoded master key source and the current master KEK. */
2024-04-05 23:25:32 +02:00
aes128EcbCrypt ( g_nxKeyset . master_keys [ current_mkey_index ] , g_masterKeySource , tmp , false ) ;
2022-09-13 02:22:15 +02:00
}
2024-04-09 02:05:44 +02:00
/* Derive all lower master keys using the current master key and the master key vectors. */
for ( u8 i = current_mkey_index ; i > 0 ; i - - ) aes128EcbCrypt ( g_nxKeyset . master_keys [ i - 1 ] , is_dev ? g_masterKeyVectorsDev [ i ] : g_masterKeyVectorsProd [ i ] , \
g_nxKeyset . master_keys [ i ] , false ) ;
2023-04-08 13:34:53 +02:00
/* Check if we derived the right keys. */
2024-04-09 02:05:44 +02:00
aes128EcbCrypt ( tmp , is_dev ? g_masterKeyVectorsDev [ 0 ] : g_masterKeyVectorsProd [ 0 ] , g_nxKeyset . master_keys [ 0 ] , false ) ;
2023-04-08 13:34:53 +02:00
2024-04-05 23:25:32 +02:00
bool ret = keysIsKeyEmpty ( tmp ) ;
2024-04-09 02:05:44 +02:00
if ( ! ret ) LOG_MSG_ERROR ( " Derivation of %u lower master key(s) failed! Wrong keys? \r \n " \
" Please redump your console keys and try again. " , current_mkey_index ) ;
2024-04-05 23:25:32 +02:00
return ret ;
2022-09-13 02:22:15 +02:00
}
2023-04-08 13:34:53 +02:00
static bool keysDeriveNcaHeaderKey ( void )
2021-05-11 02:00:33 -04:00
{
2023-04-08 13:34:53 +02:00
u8 nca_header_kek [ AES_128_KEY_SIZE ] = { 0 } ;
2022-07-05 03:04:28 +02:00
2023-04-08 13:34:53 +02:00
SmcGenerateAesKekOption option = { 0 } ;
smcPrepareGenerateAesKekOption ( false , SmcKeyType_Default , SmcSealKey_LoadAesKey , & option ) ;
/* Derive nca_header_kek using g_ncaHeaderKekSource and master key 00. */
if ( ! keysGenerateAesKek ( g_ncaHeaderKekSource , NcaKeyGeneration_Since100NUP , option , nca_header_kek ) )
2021-05-11 02:00:33 -04:00
{
2023-04-08 13:34:53 +02:00
LOG_MSG_ERROR ( " Failed to derive NCA header KEK! " ) ;
2021-05-11 02:00:33 -04:00
return false ;
}
2022-07-05 03:04:28 +02:00
2023-04-08 13:34:53 +02:00
/* Derive nca_header_key (first half) from nca_header_kek and g_ncaHeaderKeySource. */
if ( ! keysGenerateAesKey ( nca_header_kek , g_ncaHeaderKeySource , g_nxKeyset . nca_header_key ) )
{
LOG_MSG_ERROR ( " Failed to derive NCA header key! (#1). " ) ;
return false ;
}
2022-07-05 03:04:28 +02:00
2023-04-08 13:34:53 +02:00
/* Derive nca_header_key (second half) from nca_header_kek and g_ncaHeaderKeySource. */
if ( ! keysGenerateAesKey ( nca_header_kek , g_ncaHeaderKeySource + AES_128_KEY_SIZE , g_nxKeyset . nca_header_key + AES_128_KEY_SIZE ) )
Preliminar 15.x support.
This commit uses my yet unmerged libnx PR to update ncm_types.h.
PoC code hasn't been updated yet, so proper support for DLC updates will arrive at a later time.
Note to self: implement a way to provide access to loaded DataPatch TitleInfo entries (linked list hell).
* bktr: renamed bktrBucketInitializeSubStorageReadParams to bktrInitializeSubStorageReadParams to avoid redundancy, added debug code to dump BucketInfo and BucketTree tables if BucketTree storage initialization fails.
* cnmt: updated ContentMetaAddOnContentMetaExtendedHeader struct to its 15.x equivalent, added ContentMetaLegacyAddOnContentMetaExtendedHeader struct, added ContentMetaDataPatchMetaExtendedHeader struct, updated the cnmtGetRequiredTitleId and cnmtGetRequiredTitleVersion functions to support DataPatch titles, updated cnmtInitializeContext to support both the new AddOnContent extended header and DataPatch titles, added debug code to dump the whole CNMT if context initialization fails, updated cnmtGenerateAuthoringToolXml to support DataPatch titles.
* keys: updated block hashes to match 15.x keyset, use case-insensitive comparison while looking for entry names in keysReadKeysFromFile, make sure the eticket_rsa_kek is non-zero before proceeding in keysGetDecryptedEticketRsaDeviceKey.
* nca: updated NcaKeyGeneration enum, added reminder about updating NcaSignatureKeyGeneration if necessary, replaced ncaFsSectionCheckHashRegionAccess with ncaFsSectionCheckPlaintextHashRegionAccess, removed all extents checks on Patch RomFS and sparse sections, updated ncaGetFsSectionTypeName to reflect if a FS section holds a sparse layer or not.
* nca_storage: updated ncaStorageInitializeContext to avoid initializing a compressed storage if a sparse layer is also used (fixes issues with Them's Fightin' Herds), updated ncaStorageSetPatchOriginalSubStorage to enforce the presence of a compressed storage in a patch if the base FS holds a compressed storage.
* npdm: added reminder about updating NpdmSignatureKeyGeneration if necessary, updated NpdmFsAccessControlFlags enum, updated NpdmAccessibility enum, updated NpdmSystemCallId enum, fixed typos.
* title: updated all relevant functions that deal with NcmContentMetaType values to also handle DataPatch titles, added functions to handle DataPatchId values, removed titleConvertNcmContentSizeToU64 and titleConvertU64ToNcmContentSize functions in favor of ncmContentInfoSizeToU64 and ncmU64ToContentInfoSize from my unmerged libnx PR, updated internal arrays to match 15.x changes, renamed titleOrphanTitleInfoSortFunction to titleInfoEntrySortFunction and updated it to also sort entries by version and storage ID, updated titleGenerateTitleInfoEntriesForTitleStorage to sort TitleInfo entries, simplified titleDuplicateTitleInfo a bit by using macros.
2022-10-23 16:44:47 +02:00
{
2023-04-08 13:34:53 +02:00
LOG_MSG_ERROR ( " Failed to derive NCA header key! (#2). " ) ;
Preliminar 15.x support.
This commit uses my yet unmerged libnx PR to update ncm_types.h.
PoC code hasn't been updated yet, so proper support for DLC updates will arrive at a later time.
Note to self: implement a way to provide access to loaded DataPatch TitleInfo entries (linked list hell).
* bktr: renamed bktrBucketInitializeSubStorageReadParams to bktrInitializeSubStorageReadParams to avoid redundancy, added debug code to dump BucketInfo and BucketTree tables if BucketTree storage initialization fails.
* cnmt: updated ContentMetaAddOnContentMetaExtendedHeader struct to its 15.x equivalent, added ContentMetaLegacyAddOnContentMetaExtendedHeader struct, added ContentMetaDataPatchMetaExtendedHeader struct, updated the cnmtGetRequiredTitleId and cnmtGetRequiredTitleVersion functions to support DataPatch titles, updated cnmtInitializeContext to support both the new AddOnContent extended header and DataPatch titles, added debug code to dump the whole CNMT if context initialization fails, updated cnmtGenerateAuthoringToolXml to support DataPatch titles.
* keys: updated block hashes to match 15.x keyset, use case-insensitive comparison while looking for entry names in keysReadKeysFromFile, make sure the eticket_rsa_kek is non-zero before proceeding in keysGetDecryptedEticketRsaDeviceKey.
* nca: updated NcaKeyGeneration enum, added reminder about updating NcaSignatureKeyGeneration if necessary, replaced ncaFsSectionCheckHashRegionAccess with ncaFsSectionCheckPlaintextHashRegionAccess, removed all extents checks on Patch RomFS and sparse sections, updated ncaGetFsSectionTypeName to reflect if a FS section holds a sparse layer or not.
* nca_storage: updated ncaStorageInitializeContext to avoid initializing a compressed storage if a sparse layer is also used (fixes issues with Them's Fightin' Herds), updated ncaStorageSetPatchOriginalSubStorage to enforce the presence of a compressed storage in a patch if the base FS holds a compressed storage.
* npdm: added reminder about updating NpdmSignatureKeyGeneration if necessary, updated NpdmFsAccessControlFlags enum, updated NpdmAccessibility enum, updated NpdmSystemCallId enum, fixed typos.
* title: updated all relevant functions that deal with NcmContentMetaType values to also handle DataPatch titles, added functions to handle DataPatchId values, removed titleConvertNcmContentSizeToU64 and titleConvertU64ToNcmContentSize functions in favor of ncmContentInfoSizeToU64 and ncmU64ToContentInfoSize from my unmerged libnx PR, updated internal arrays to match 15.x changes, renamed titleOrphanTitleInfoSortFunction to titleInfoEntrySortFunction and updated it to also sort entries by version and storage ID, updated titleGenerateTitleInfoEntriesForTitleStorage to sort TitleInfo entries, simplified titleDuplicateTitleInfo a bit by using macros.
2022-10-23 16:44:47 +02:00
return false ;
}
2023-04-08 13:34:53 +02:00
return true ;
}
static bool keysDerivePerGenerationKeys ( void )
{
SmcGenerateAesKekOption option = { 0 } ;
smcPrepareGenerateAesKekOption ( false , SmcKeyType_Default , SmcSealKey_LoadAesKey , & option ) ;
bool success = true ;
for ( u8 i = 1 ; i < = NcaKeyGeneration_Max ; i + + )
{
2024-04-05 23:25:32 +02:00
const u8 mkey_index = ( i - 1 ) ;
2023-04-08 13:34:53 +02:00
/* Make sure we're not dealing with an unpopulated master key entry. */
2024-04-09 02:05:44 +02:00
if ( keysIsKeyEmpty ( g_nxKeyset . master_keys [ mkey_index ] ) )
2023-04-08 13:34:53 +02:00
{
2024-04-09 02:05:44 +02:00
//LOG_MSG_DEBUG("\"master_key_%02x\" unavailable.", mkey_index);
2023-04-08 13:34:53 +02:00
continue ;
}
/* Derive NCA key area keys for this generation. */
for ( u8 j = 0 ; j < NcaKeyAreaEncryptionKeyIndex_Count ; j + + )
{
2024-04-05 23:25:32 +02:00
if ( ! keysLoadAesKeyFromAesKek ( g_ncaKeyAreaEncryptionKeySources [ j ] , i , option , g_aesKeyGenerationSource , g_nxKeyset . nca_kaek [ j ] [ mkey_index ] ) )
2023-04-08 13:34:53 +02:00
{
2024-04-05 23:25:32 +02:00
LOG_MSG_DEBUG ( " Failed to derive NCA KAEK for type %02X and generation %02X! " , j , mkey_index ) ;
2023-04-08 13:34:53 +02:00
success = false ;
break ;
}
}
if ( ! success ) break ;
/* Derive ticket common key for this generation. */
2024-04-05 23:25:32 +02:00
aes128EcbCrypt ( g_nxKeyset . ticket_common_keys [ mkey_index ] , g_ticketCommonKeySource , g_nxKeyset . master_keys [ mkey_index ] , false ) ;
2023-04-08 13:34:53 +02:00
}
return success ;
}
static bool keysDeriveGcCardInfoKey ( void )
{
SmcGenerateAesKekOption option = { 0 } ;
const u8 * key_src = ( utilsIsDevelopmentUnit ( ) ? g_gcCardInfoKeySourceDev : g_gcCardInfoKeySourceProd ) ;
smcPrepareGenerateAesKekOption ( false , SmcKeyType_Default , SmcSealKey_LoadAesKey , & option ) ;
return keysGenerateAesKeyFromAesKek ( g_gcCardInfoKekSource , NcaKeyGeneration_Since100NUP , option , key_src , g_nxKeyset . gc_cardinfo_key ) ;
}
static bool keysGetDecryptedEticketRsaDeviceKey ( void )
{
u32 public_exponent = 0 ;
Aes128CtrContext eticket_aes_ctx = { 0 } ;
EticketRsaDeviceKey * eticket_rsa_key = ( EticketRsaDeviceKey * ) g_eTicketRsaDeviceKey . key ;
2023-11-03 02:22:47 +01:00
bool success = false ;
2023-04-08 13:34:53 +02:00
2021-05-11 02:00:33 -04:00
/* Decrypt eTicket RSA device key. */
2023-04-08 13:34:53 +02:00
aes128CtrContextCreate ( & eticket_aes_ctx , g_nxKeyset . eticket_rsa_kek , eticket_rsa_key - > ctr ) ;
2021-05-21 09:34:43 -04:00
aes128CtrCrypt ( & eticket_aes_ctx , & ( eticket_rsa_key - > private_exponent ) , & ( eticket_rsa_key - > private_exponent ) , sizeof ( EticketRsaDeviceKey ) - sizeof ( eticket_rsa_key - > ctr ) ) ;
2022-07-05 03:04:28 +02:00
2021-05-11 02:00:33 -04:00
/* Public exponent value must be 0x10001. */
/* It is stored using big endian byte order. */
public_exponent = __builtin_bswap32 ( eticket_rsa_key - > public_exponent ) ;
if ( public_exponent ! = ETICKET_RSA_DEVICE_KEY_PUBLIC_EXPONENT )
{
2023-11-03 02:22:47 +01:00
if ( public_exponent = = 0 )
{
/* Bail out if we're dealing with a wiped calibration area. */
LOG_MSG_ERROR ( " eTicket RSA device key is empty! Personalized titlekey crypto won't be handled. Restore an eMMC backup or disable set:cal blanking options. " ) ;
success = g_wipedSetCal = true ;
} else {
LOG_MSG_ERROR ( " Invalid public exponent for decrypted eTicket RSA device key! Wrong keys? (0x%X). " , public_exponent ) ;
}
goto end ;
2021-05-11 02:00:33 -04:00
}
2022-07-05 03:04:28 +02:00
2021-05-11 02:00:33 -04:00
/* Test RSA key pair. */
2023-11-03 02:22:47 +01:00
success = keysTestEticketRsaDeviceKey ( & ( eticket_rsa_key - > public_exponent ) , eticket_rsa_key - > private_exponent , eticket_rsa_key - > modulus ) ;
if ( ! success ) LOG_MSG_ERROR ( " eTicket RSA device key test failed! Wrong keys? " ) ;
2022-07-05 03:04:28 +02:00
2023-11-03 02:22:47 +01:00
end :
return success ;
2021-05-11 02:00:33 -04:00
}
static bool keysTestEticketRsaDeviceKey ( const void * e , const void * d , const void * n )
{
if ( ! e | | ! d | | ! n )
{
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " Invalid parameters! " ) ;
2021-05-11 02:00:33 -04:00
return false ;
}
2022-07-05 03:04:28 +02:00
2021-05-11 02:00:33 -04:00
Result rc = 0 ;
2021-05-21 09:34:43 -04:00
u8 x [ RSA2048_BYTES ] = { 0 } , y [ RSA2048_BYTES ] = { 0 } , z [ RSA2048_BYTES ] = { 0 } ;
2022-07-05 03:04:28 +02:00
2021-05-11 02:00:33 -04:00
/* 0xCAFEBABE. */
x [ 0xFC ] = 0xCA ;
x [ 0xFD ] = 0xFE ;
x [ 0xFE ] = 0xBA ;
x [ 0xFF ] = 0xBE ;
2022-07-05 03:04:28 +02:00
2021-05-21 09:34:43 -04:00
rc = splUserExpMod ( x , n , d , RSA2048_BYTES , y ) ;
2021-05-11 02:00:33 -04:00
if ( R_FAILED ( rc ) )
{
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " splUserExpMod failed! (#1) (0x%X). " , rc ) ;
2021-05-11 02:00:33 -04:00
return false ;
}
2022-07-05 03:04:28 +02:00
2021-05-11 02:00:33 -04:00
rc = splUserExpMod ( y , n , e , 4 , z ) ;
if ( R_FAILED ( rc ) )
{
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " splUserExpMod failed! (#2) (0x%X). " , rc ) ;
2021-05-11 02:00:33 -04:00
return false ;
}
2022-07-05 03:04:28 +02:00
2021-05-21 09:34:43 -04:00
if ( memcmp ( x , z , RSA2048_BYTES ) ! = 0 )
2021-05-11 02:00:33 -04:00
{
2022-07-12 18:34:49 +02:00
LOG_MSG_ERROR ( " Invalid RSA key pair! " ) ;
2021-05-11 02:00:33 -04:00
return false ;
}
2022-07-05 03:04:28 +02:00
2021-05-11 02:00:33 -04:00
return true ;
}
2021-05-22 04:45:40 -04:00
2023-04-08 13:34:53 +02:00
/* Based on splCryptoGenerateAesKek(). Excludes key sealing and device-unique shenanigans. */
static bool keysGenerateAesKek ( const u8 * kek_src , u8 key_generation , SmcGenerateAesKekOption option , u8 * out_kek )
2021-05-22 04:45:40 -04:00
{
2024-04-05 23:25:32 +02:00
const bool is_device_unique = ( option . fields . is_device_unique = = 1 ) ;
const u8 key_type_idx = option . fields . key_type_idx , seal_key_idx = option . fields . seal_key_idx , mkey_index = ( key_generation ? ( key_generation - 1 ) : key_generation ) ;
2023-04-08 13:34:53 +02:00
if ( ! kek_src | | key_generation > NcaKeyGeneration_Max | | is_device_unique | | key_type_idx > = SmcKeyType_Count | | seal_key_idx > = SmcSealKey_Count | | \
option . fields . reserved ! = 0 | | ! out_kek )
2023-03-29 23:14:21 +02:00
{
2023-04-08 13:34:53 +02:00
LOG_MSG_ERROR ( " Invalid parameters! " ) ;
2023-03-29 23:14:21 +02:00
return false ;
}
2022-07-05 03:04:28 +02:00
2023-04-08 13:34:53 +02:00
u8 kekek_src [ AES_128_KEY_SIZE ] = { 0 } , kekek [ AES_128_KEY_SIZE ] = { 0 } ;
2024-04-05 23:25:32 +02:00
const u8 * mkey = g_nxKeyset . master_keys [ mkey_index ] ;
2023-04-08 13:34:53 +02:00
/* Make sure this master key is available. */
if ( keysIsKeyEmpty ( mkey ) )
2021-05-22 04:45:40 -04:00
{
2024-04-09 02:05:44 +02:00
LOG_MSG_ERROR ( " \" master_key_%02x \" unavailable! " , mkey_index ) ;
2021-05-22 04:45:40 -04:00
return false ;
}
2022-07-05 03:04:28 +02:00
2023-04-08 13:34:53 +02:00
/* Derive the KEKEK source using hardcoded data. */
for ( u8 i = 0 ; i < AES_128_KEY_SIZE ; i + + ) kekek_src [ i ] = ( g_smcKeyTypeSources [ key_type_idx ] [ i ] ^ g_smcSealKeyMasks [ seal_key_idx ] [ i ] ) ;
/* Derive the KEKEK using the KEKEK source and the master key. */
aes128EcbCrypt ( kekek , kekek_src , mkey , false ) ;
/* Derive the KEK using the provided KEK source and the derived KEKEK. */
aes128EcbCrypt ( out_kek , kek_src , kekek , false ) ;
2023-03-29 23:14:21 +02:00
return true ;
}
2023-04-08 13:34:53 +02:00
/* Based on splCryptoLoadAesKey(). Excludes key sealing shenanigans. */
static bool keysLoadAesKey ( const u8 * kek , const u8 * key_src , u8 * out_key )
2023-03-29 23:14:21 +02:00
{
2023-04-08 13:34:53 +02:00
if ( ! kek | | ! key_src | | ! out_key )
2023-03-29 23:14:21 +02:00
{
LOG_MSG_ERROR ( " Invalid parameters! " ) ;
return false ;
}
2023-04-08 13:34:53 +02:00
aes128EcbCrypt ( out_key , key_src , kek , false ) ;
2023-03-29 23:14:21 +02:00
2023-04-08 13:34:53 +02:00
return true ;
}
2022-07-05 03:04:28 +02:00
2023-04-08 13:34:53 +02:00
/* Based on splCryptoGenerateAesKey(). Excludes key sealing shenanigans. */
static bool keysGenerateAesKey ( const u8 * kek , const u8 * key_src , u8 * out_key )
{
if ( ! kek | | ! key_src | | ! out_key )
2021-05-22 04:45:40 -04:00
{
2023-04-08 13:34:53 +02:00
LOG_MSG_ERROR ( " Invalid parameters! " ) ;
2021-05-22 04:45:40 -04:00
return false ;
}
2022-07-05 03:04:28 +02:00
2023-04-08 13:34:53 +02:00
u8 aes_key [ AES_128_KEY_SIZE ] = { 0 } ;
keysLoadAesKey ( kek , g_aesKeyGenerationSource , aes_key ) ;
aes128EcbCrypt ( out_key , key_src , aes_key , false ) ;
2021-05-22 04:45:40 -04:00
return true ;
}
2023-04-08 13:34:53 +02:00
/* Wrapper for keysGenerateAesKek() + keysLoadAesKey() to generate a single usable AES key in one shot. */
static bool keysLoadAesKeyFromAesKek ( const u8 * kek_src , u8 key_generation , SmcGenerateAesKekOption option , const u8 * key_src , u8 * out_key )
{
u8 kek [ AES_128_KEY_SIZE ] = { 0 } ;
return ( keysGenerateAesKek ( kek_src , key_generation , option , kek ) & & keysLoadAesKey ( kek , key_src , out_key ) ) ;
}
/* Wrapper for keysGenerateAesKek() + keysGenerateAesKey() to generate a single usable AES key in one shot. */
static bool keysGenerateAesKeyFromAesKek ( const u8 * kek_src , u8 key_generation , SmcGenerateAesKekOption option , const u8 * key_src , u8 * out_key )
{
u8 kek [ AES_128_KEY_SIZE ] = { 0 } ;
return ( keysGenerateAesKek ( kek_src , key_generation , option , kek ) & & keysGenerateAesKey ( kek , key_src , out_key ) ) ;
}