Commit graph

6 commits

Author SHA1 Message Date
Pablo Curiel
f376eb6db4 keys: relax mkey requirements on older firmwares.
A hardcoded table with HOS version numbers and master key indexes is now used to determine the HOS key generation at runtime, whenever possible. This allows the application to more accurately determine the key generation that's actually required by the console it's running on.

Most parts of the code that relied on the Atmosphère key generation value have been updated to use the HOS key generation value instead. If the HOS version is too high/unknown, the code will fallback to the Atmosphère key generation value.

Furthermore, if the HOS key generation value is lower than our last known key generation, the code will now try to look for the highest available master key it can use to derive all lower master keys, beginning with the last known master key and ending with the master key that matches the HOS key generation value. Previous behavior only checked the availability of the master key that matched the Atmosphère key generation, which isn't completely reliable nor accurate.

If this process fails, current master key derivation will be carried out as a last resort, which wasn't being done either under this specific scenario.

Other changes include:

* keys: add keysGetHorizonOsKeyGeneration().
* keys: move current master key derivation logic into its own function, keysDeriveCurrentMasterKey(), which is now used if both Atmosphère and HOS and up-to-date, or if a lower master key is required (as a last resort method).
2024-10-12 20:38:33 +02:00
Pablo Curiel
94c396af19 codebase: support HOS 19.0.0.
Still missing NACP changes.
2024-10-10 13:14:01 +02:00
Pablo Curiel
fc5226bfce [skip ci] Update copyright year. 2024-04-12 11:49:03 +02:00
Pablo Curiel
9e75a019a9 keys/nca: add new keydata for HOS 18.0.0. 2024-03-31 12:16:37 +02:00
Pablo Curiel
bb4608118d Update hardcoded key sources to match HOS 17.0.0 2023-10-11 07:41:58 +02:00
Pablo Curiel
f79680184d Runtime key derivation with hardcoded key sources
* aes: add aes128EcbCrypt() as a one-shot function to perform AES-128-ECB crypto. The rest of the codebase now calls this function whenever suitable.

* fs_ext: add const keyword to IPC input structs wherever suitable.

* key_sources: add hardcoded master key vectors (prod, dev); master KEK sources (Erista, Mariko); master key source; ticket common key source; SMC key type sources; SMC seal key masks; AES key generation source; NCA header KEK source; NCA header key source and NCA KAEK sources. Also fixed the hardcoded gamecard CardInfo key source for dev units (it was previously generated using retail keydata, my bad).

* keys: remove keysGetNcaMainSignatureModulus(); remove keysDecryptNcaKeyAreaEntry(); repurpose keyset struct to only hold keys that can actually be used for the current hardware type; remove KeysGameCardKeyset; remove keysIsXXModulusYYMandatory() helpers; remove keysRetrieveKeysFromProgramMemory(); remove keysDeriveSealedNcaKeyAreaEncryptionKeys(); add keysDeriveMasterKeys() and keysDerivePerGenerationKeys(); rename keysDeriveGameCardKeys() -> keysDeriveGcCardInfoKey(); add small reimplementations of GenerateAesKek, LoadAesKey and GenerateAesKey; add keysLoadAesKeyFromAesKek() and keysGenerateAesKeyFromAesKek() wrappers. Furthermore, master key derivation is now carried out manually using hardcoded key sources and the last known master key, which is loaded from the Lockpick_RCM keys file -- if the last known master key is unavailable, the key derivation algorithm will then fallback to TSEC root key / Mariko KEK based key derivation, depending on the hardware type.

* nca: add hardcoded NCA man signature moduli (prod, dev); merge ncaDecryptKeyArea() and ncaEncryptKeyArea() into ncaKeyAreaCrypt().

* nxdt_utils: add utilsIsMarikoUnit(); remove _utilsAppletModeCheck(); rename utilsAppletModeCheck() -> utilsIsAppletMode().

* services: remove spl:mig dependency (yay).

* smc: add SmcKeyType enum; add SmcSealKey enum; add SmcGenerateAesKekOption struct; add smcPrepareGenerateAesKekOption().
2023-04-08 13:38:28 +02:00