2020-05-04 23:33:16 -07:00
|
|
|
/*
|
|
|
|
* Copyright (c) 2018-2020 Atmosphère-NX
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms and conditions of the GNU General Public License,
|
|
|
|
* version 2, as published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope it will be useful, but WITHOUT
|
|
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
|
|
|
* more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
#include <exosphere.hpp>
|
|
|
|
#include "se_execute.hpp"
|
|
|
|
|
|
|
|
namespace ams::se {
|
|
|
|
|
|
|
|
namespace {
|
|
|
|
|
|
|
|
constexpr inline int RngReseedInterval = 70001;
|
|
|
|
|
|
|
|
void ConfigRng(volatile SecurityEngineRegisters *SE, SE_CONFIG_DST dst, SE_RNG_CONFIG_MODE mode) {
|
|
|
|
/* Configure the engine to do RNG encryption. */
|
|
|
|
reg::Write(SE->SE_CONFIG, SE_REG_BITS_ENUM (CONFIG_ENC_MODE, AESMODE_KEY128),
|
|
|
|
SE_REG_BITS_ENUM (CONFIG_DEC_MODE, AESMODE_KEY128),
|
|
|
|
SE_REG_BITS_ENUM (CONFIG_ENC_ALG, RNG),
|
|
|
|
SE_REG_BITS_ENUM (CONFIG_DEC_ALG, NOP),
|
|
|
|
SE_REG_BITS_VALUE(CONFIG_DST, dst));
|
|
|
|
|
|
|
|
reg::Write(SE->SE_CRYPTO_CONFIG, SE_REG_BITS_ENUM (CRYPTO_CONFIG_MEMIF, AHB),
|
|
|
|
SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 0),
|
|
|
|
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
|
|
|
|
SE_REG_BITS_ENUM (CRYPTO_CONFIG_CORE_SEL, ENCRYPT),
|
|
|
|
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
|
|
|
|
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, MEMORY),
|
|
|
|
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, RANDOM),
|
|
|
|
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, BYPASS),
|
|
|
|
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, DISABLE));
|
|
|
|
|
|
|
|
/* Configure the RNG to use Entropy as source. */
|
|
|
|
reg::Write(SE->SE_RNG_CONFIG, SE_REG_BITS_ENUM(RNG_CONFIG_SRC, ENTROPY), SE_REG_BITS_VALUE(RNG_CONFIG_MODE, mode));
|
|
|
|
}
|
|
|
|
|
2020-06-28 21:11:29 -07:00
|
|
|
void InitializeRandom(volatile SecurityEngineRegisters *SE) {
|
|
|
|
/* Lock the entropy source. */
|
|
|
|
reg::Write(SE->SE_RNG_SRC_CONFIG, SE_REG_BITS_ENUM(RNG_SRC_CONFIG_RO_ENTROPY_SOURCE, ENABLE),
|
|
|
|
SE_REG_BITS_ENUM(RNG_SRC_CONFIG_RO_ENTROPY_SOURCE_LOCK, ENABLE));
|
2020-05-04 23:33:16 -07:00
|
|
|
|
2020-06-28 21:11:29 -07:00
|
|
|
/* Set the reseed interval to force a reseed every 70000 blocks. */
|
|
|
|
SE->SE_RNG_RESEED_INTERVAL = RngReseedInterval;
|
|
|
|
|
|
|
|
/* Initialize the DRBG. */
|
|
|
|
{
|
|
|
|
u8 dummy_buf[AesBlockSize];
|
2020-05-04 23:33:16 -07:00
|
|
|
|
2020-06-28 21:11:29 -07:00
|
|
|
/* Configure the engine to force drbg instantiation by writing random to memory. */
|
|
|
|
ConfigRng(SE, SE_CONFIG_DST_MEMORY, SE_RNG_CONFIG_MODE_FORCE_INSTANTIATION);
|
2020-05-04 23:33:16 -07:00
|
|
|
|
2020-06-28 21:11:29 -07:00
|
|
|
/* Configure to do a single RNG block operation to trigger DRBG init. */
|
|
|
|
SE->SE_CRYPTO_LAST_BLOCK = 0;
|
2020-05-04 23:33:16 -07:00
|
|
|
|
2020-06-28 21:11:29 -07:00
|
|
|
/* Execute the operation. */
|
|
|
|
ExecuteOperation(SE, SE_OPERATION_OP_START, dummy_buf, sizeof(dummy_buf), nullptr, 0);
|
|
|
|
}
|
|
|
|
}
|
2020-05-04 23:33:16 -07:00
|
|
|
|
2020-06-28 21:11:29 -07:00
|
|
|
void GenerateSrk(volatile SecurityEngineRegisters *SE) {
|
|
|
|
/* Configure the RNG to output to SRK and force a reseed. */
|
|
|
|
ConfigRng(SE, SE_CONFIG_DST_SRK, SE_RNG_CONFIG_MODE_FORCE_RESEED);
|
2020-05-04 23:33:16 -07:00
|
|
|
|
2020-06-28 21:11:29 -07:00
|
|
|
/* Configure a single block operation. */
|
2020-05-04 23:33:16 -07:00
|
|
|
SE->SE_CRYPTO_LAST_BLOCK = 0;
|
|
|
|
|
|
|
|
/* Execute the operation. */
|
2020-06-28 21:11:29 -07:00
|
|
|
ExecuteOperation(SE, SE_OPERATION_OP_START, nullptr, 0, nullptr, 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
void InitializeRandom() {
|
|
|
|
/* Initialize random for SE1. */
|
|
|
|
InitializeRandom(GetRegisters());
|
|
|
|
|
|
|
|
/* If we have SE2, initialize random for SE2. */
|
|
|
|
/* NOTE: Nintendo's implementation of this is incorrect. */
|
|
|
|
if (fuse::GetSocType() == fuse::SocType_Mariko) {
|
|
|
|
InitializeRandom(GetRegisters2());
|
2020-05-04 23:33:16 -07:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void GenerateRandomBytes(void *dst, size_t size) {
|
|
|
|
/* If we're not generating any bytes, there's nothing to do. */
|
|
|
|
if (size == 0) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Get the engine. */
|
|
|
|
auto *SE = GetRegisters();
|
|
|
|
|
|
|
|
/* Determine how many blocks to generate. */
|
|
|
|
const size_t num_blocks = size / AesBlockSize;
|
|
|
|
const size_t aligned_size = num_blocks * AesBlockSize;
|
|
|
|
const size_t fractional = size - aligned_size;
|
|
|
|
|
|
|
|
/* Configure the RNG to generate random to memory. */
|
|
|
|
ConfigRng(SE, SE_CONFIG_DST_MEMORY, SE_RNG_CONFIG_MODE_NORMAL);
|
|
|
|
|
|
|
|
/* Generate as many aligned blocks as we can. */
|
|
|
|
if (aligned_size > 0) {
|
|
|
|
/* Configure the engine to generate the right number of blocks. */
|
|
|
|
SE->SE_CRYPTO_LAST_BLOCK = num_blocks - 1;
|
|
|
|
|
|
|
|
/* Execute the operation. */
|
|
|
|
ExecuteOperation(SE, SE_OPERATION_OP_START, dst, aligned_size, nullptr, 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Generate a single block to output. */
|
|
|
|
if (fractional > 0) {
|
|
|
|
ExecuteOperationSingleBlock(SE, static_cast<u8 *>(dst) + aligned_size, fractional, nullptr, 0);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void SetRandomKey(int slot) {
|
|
|
|
/* NOTE: Nintendo does not validate the destination keyslot here. */
|
|
|
|
|
|
|
|
/* Get the engine. */
|
|
|
|
auto *SE = GetRegisters();
|
|
|
|
|
|
|
|
/* Configure the RNG to output to the keytable. */
|
|
|
|
ConfigRng(SE, SE_CONFIG_DST_KEYTABLE, SE_RNG_CONFIG_MODE_NORMAL);
|
|
|
|
|
|
|
|
/* Configure the keytable destination to be the low part of the key. */
|
|
|
|
reg::Write(SE->SE_CRYPTO_KEYTABLE_DST, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_DST_KEY_INDEX, slot), SE_REG_BITS_ENUM(CRYPTO_KEYTABLE_DST_WORD_QUAD, KEYS_0_3));
|
|
|
|
|
|
|
|
/* Configure a single block operation. */
|
|
|
|
SE->SE_CRYPTO_LAST_BLOCK = 0;
|
|
|
|
|
|
|
|
/* Execute the operation to generate a random low-part of the key. */
|
|
|
|
ExecuteOperation(SE, SE_OPERATION_OP_START, nullptr, 0, nullptr, 0);
|
|
|
|
|
|
|
|
/* Configure the keytable destination to be the high part of the key. */
|
|
|
|
reg::Write(SE->SE_CRYPTO_KEYTABLE_DST, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_DST_KEY_INDEX, slot), SE_REG_BITS_ENUM(CRYPTO_KEYTABLE_DST_WORD_QUAD, KEYS_4_7));
|
|
|
|
|
|
|
|
/* Execute the operation to generate a random high-part of the key. */
|
|
|
|
ExecuteOperation(SE, SE_OPERATION_OP_START, nullptr, 0, nullptr, 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
void GenerateSrk() {
|
2020-06-28 21:11:29 -07:00
|
|
|
/* Generate SRK for SE1. */
|
|
|
|
GenerateSrk(GetRegisters());
|
2020-05-04 23:33:16 -07:00
|
|
|
|
2020-06-28 21:11:29 -07:00
|
|
|
/* If we have SE2, generate SRK for SE2. */
|
|
|
|
/* NOTE: Nintendo's implementation of this is incorrect. */
|
|
|
|
if (fuse::GetSocType() == fuse::SocType_Mariko) {
|
|
|
|
GenerateSrk(GetRegisters2());
|
|
|
|
}
|
2020-05-04 23:33:16 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
}
|