Nintendo Switch Brew

SPL services: Difference between revisions

← Older edit
No edit summary
No edit summary
 
(One intermediate revision by the same user not shown)
Line 60: Line 60:
Wrapper for [[SMC#LoadAesKey|LoadAesKey SMC]].
Wrapper for [[SMC#LoadAesKey|LoadAesKey SMC]].


Takes an input u32 '''Keyslot''' , an input 16-byte '''AccessKey''' and an input 16-byte '''KeySource'''.
Takes an input u32 '''KeySlot''' , an input 16-byte '''AccessKey''' and an input 16-byte '''KeySource'''.


Sets the specified '''Keyslot''' with a key generated from '''AccessKey''' and '''KeySource'''.
Sets the specified '''KeySlot''' with a key generated from '''AccessKey''' and '''KeySource'''.


[2.0.0+] Now verifies that the keyslot in use (0..3) is allocated by the current spl session, otherwise errors with 0xD21A. Previously, keyslot was hardcoded to 0.
[2.0.0+] Now verifies that the keyslot in use (0..3) is allocated by the current spl session, otherwise errors with 0xD21A. Previously, keyslot was hardcoded to 0.
Line 80: Line 80:
Only '''ConfigItem''' 13 (IsChargerHiZModeEnabled) can be set.
Only '''ConfigItem''' 13 (IsChargerHiZModeEnabled) can be set.


== ImportLotusKey ==
== DecryptAndStoreGcKey ==
Wrapper for [[SMC#DecryptAndImportLotusKey|DecryptAndImportLotusKey SMC]].
Wrapper for [[SMC#DecryptAndImportLotusKey|DecryptAndImportLotusKey SMC]].


Line 89: Line 89:
[5.0.0+] The '''Version''' argument was removed and this now calls the [[SMC#ReencryptDeviceUniqueData|ReencryptDeviceUniqueData SMC]] instead.
[5.0.0+] The '''Version''' argument was removed and this now calls the [[SMC#ReencryptDeviceUniqueData|ReencryptDeviceUniqueData SMC]] instead.


== DecryptLotusMessage ==
== DecryptGcMessage ==
Takes 3 input type-0x9 buffers '''DataIn''', '''ModIn''' and '''LabelHashIn'''.
Takes 3 input type-0x9 buffers '''DataIn''', '''ModIn''' and '''LabelHashIn'''.


Uses the [[SMC#ModularExponentiateByStorageKey|ModularExponentiateByStorageKey SMC]] to decrypt '''DataIn''' using the private key imported with [[#ImportLotusKey]] and the supplied '''ModIn''' and '''LabelHashIn'''.
Uses the [[SMC#ModularExponentiateByStorageKey|ModularExponentiateByStorageKey SMC]] to decrypt '''DataIn''' using the private key imported with [[#DecryptAndStoreGcKey]] and the supplied '''ModIn''' and '''LabelHashIn'''.


== IsDevelopment ==
== IsDevelopment ==
Line 122: Line 122:
[2.0.0+] Introduced same keyslot allocation code as for [[#GenerateAesKey]].
[2.0.0+] Introduced same keyslot allocation code as for [[#GenerateAesKey]].


== CryptAesCtr ==
== ComputeCtr ==
Takes an output type-0x46 buffer '''DataOut''', an input u32 '''Keyslot''', an input type-0x45 buffer '''DataIn''' and an input 16-byte '''IvCtr'''.
Takes an output type-0x46 buffer '''DataOut''', an input u32 '''KeySlot''', an input type-0x45 buffer '''DataIn''' and an input 16-byte '''IvCtr'''.


Uses [[SMC#ComputeAes|ComputeAes SMC]] to decrypt '''DataIn''' into '''DataOut''' using the key set in the specified '''Keyslot'''.
Uses [[SMC#ComputeAes|ComputeAes SMC]] to decrypt '''DataIn''' into '''DataOut''' using the key set in the specified '''KeySlot'''.


[2.0.0+] Verifies the keyslot was allocated by the current session.
[2.0.0+] Verifies the keyslot was allocated by the current session.
Line 132: Line 132:
Wrapper for [[SMC#ComputeCmac|ComputeCmac SMC]].
Wrapper for [[SMC#ComputeCmac|ComputeCmac SMC]].


Takes an input type-0x9 buffer '''DataIn''' and an input u32 '''Keyslot'''. Returns an output 16-byte '''Cmac'''.
Takes an input type-0x9 buffer '''DataIn''' and an input u32 '''KeySlot'''. Returns an output 16-byte '''Cmac'''.


[2.0.0+] Verifies the keyslot was allocated by the current session.
[2.0.0+] Verifies the keyslot was allocated by the current session.


== ImportEsKey ==
== LoadEsDeviceKey ==
Wrapper for [[SMC#DecryptAndImportEsDeviceKey|DecryptAndImportEsDeviceKey SMC]].
Wrapper for [[SMC#DecryptAndImportEsDeviceKey|DecryptAndImportEsDeviceKey SMC]].


Line 145: Line 145:
[5.0.0+] The '''Version''' argument was removed and this now calls the [[SMC#ReencryptDeviceUniqueData|ReencryptDeviceUniqueData SMC]] instead.
[5.0.0+] The '''Version''' argument was removed and this now calls the [[SMC#ReencryptDeviceUniqueData|ReencryptDeviceUniqueData SMC]] instead.


== UnwrapTitleKey ==
== PrepareEsTitleKey ==
Wrapper for [[SMC#PrepareEsDeviceUniqueKey|PrepareEsDeviceUniqueKey SMC]].
Wrapper for [[SMC#PrepareEsDeviceUniqueKey|PrepareEsDeviceUniqueKey SMC]].


Line 152: Line 152:
[3.0.0+] Now takes an input u32 '''Generation'''.
[3.0.0+] Now takes an input u32 '''Generation'''.


Decrypts '''DataIn''' into '''DataOut''' using the private key imported with [[#ImportEsKey]] and the supplied '''ModIn'''. Afterwards, verifies RSA-OAEP encoding using '''LabelHashIn'''.
Decrypts '''DataIn''' into '''DataOut''' using the private key imported with [[#LoadEsDeviceKey]] and the supplied '''ModIn'''. Afterwards, verifies RSA-OAEP encoding using '''LabelHashIn'''.


== LoadTitleKey ==
== LoadPreparedAesKey ==
Wrapper for [[SMC#LoadPreparedAesKey|LoadPreparedAesKey SMC]].
Wrapper for [[SMC#LoadPreparedAesKey|LoadPreparedAesKey SMC]].


Takes an input u32 '''Keyslot''' and an input 16-byte '''AccessKey'''.
Takes an input u32 '''KeySlot''' and an input 16-byte '''AccessKey'''.


[2.0.0+] Verifies the keyslot was allocated in the current session.
[2.0.0+] Verifies the keyslot was allocated in the current session.


== UnwrapCommonTitleKey ==
== PrepareCommonEsTitleKey ==
Wrapper for [[SMC#PrepareEsCommonKey|PrepareEsCommonKey SMC]].
Wrapper for [[SMC#PrepareEsCommonKey|PrepareEsCommonKey SMC]].


Line 168: Line 168:
[3.0.0+] Now takes an input u32 '''Generation'''.
[3.0.0+] Now takes an input u32 '''Generation'''.


== AllocateAesKeyslot ==
== AllocateAesKeySlot ==
Returns an output u32 '''Keyslot'''.
Returns an output u32 '''KeySlot'''.


Returns error 0xD01A if all keyslots are taken.
Returns error 0xD01A if all keyslots are taken.


== DeallocateAesKeySlot ==
== DeallocateAesKeySlot ==
Takes an input u32 '''Keyslot'''.
Takes an input u32 '''KeySlot'''.


Returns error 0xD21A if the keyslot wasn't allocated by current session.
Returns error 0xD21A if the keyslot wasn't allocated by current session.


== GetAesKeyslotAvailableEvent ==
== GetAesKeySlotAvailableEvent ==
Returns an output event handle for synchronizing with the AES keyslots.
Returns an output event handle for synchronizing with the AES keyslots.


Line 190: Line 190:


[4.0.0+] Returns 0xD61A if a value has not previously been set and unsets the value after getting it.
[4.0.0+] Returns 0xD61A if a value has not previously been set and unsets the value after getting it.
== LoadPreparedAesKey ==
Same as [[#LoadTitleKey|LoadTitleKey]].


= spl:mig =
= spl:mig =
Line 223: Line 220:
| 14 || [[#DecryptAesKey]]
| 14 || [[#DecryptAesKey]]
|-
|-
| 15 || [[#CryptAesCtr]]
| 15 || [[#ComputeCtr]]
|-
|-
| 16 || [[#ComputeCmac]]
| 16 || [[#ComputeCmac]]
|-
|-
| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
| 21 || [2.0.0+] [[#AllocateAesKeySlot]]
|-
|-
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
|-
|-
| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
| 23 || [2.0.0+] [[#GetAesKeySlotAvailableEvent]]
|}
|}


Line 263: Line 260:
| 14 || [[#DecryptAesKey]]
| 14 || [[#DecryptAesKey]]
|-
|-
| 15 || [[#CryptAesCtr]]
| 15 || [[#ComputeCtr]]
|-
|-
| 16 || [[#ComputeCmac]]
| 16 || [[#ComputeCmac]]
|-
|-
| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
| 21 || [2.0.0+] [[#AllocateAesKeySlot]]
|-
|-
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
|-
|-
| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
| 23 || [2.0.0+] [[#GetAesKeySlotAvailableEvent]]
|-
|-
| 9 || [[#ImportLotusKey]]
| 9 || [[#DecryptAndStoreGcKey]]
|-
|-
| 10 || [[#DecryptLotusMessage]]
| 10 || [[#DecryptGcMessage]]
|-
|-
| 12 || [[#GenerateSpecificAesKey]]
| 12 || [[#GenerateSpecificAesKey]]
|-
|-
| 19 || [[#LoadTitleKey]]
| 19 || [[#LoadPreparedAesKey]]
|-
|-
| 31 || [5.0.0+] GetPackage2Hash
| 31 || [5.0.0+] GetPackage2Hash
Line 313: Line 310:
| 14 || [[#DecryptAesKey]]
| 14 || [[#DecryptAesKey]]
|-
|-
| 15 || [[#CryptAesCtr]]
| 15 || [[#ComputeCtr]]
|-
|-
| 16 || [[#ComputeCmac]]
| 16 || [[#ComputeCmac]]
|-
|-
| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
| 21 || [2.0.0+] [[#AllocateAesKeySlot]]
|-
|-
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
|-
|-
| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
| 23 || [2.0.0+] [[#GetAesKeySlotAvailableEvent]]
|-
|-
| 13 || [[#DecryptDeviceUniqueData]]
| 13 || [[#DecryptDeviceUniqueData]]
Line 359: Line 356:
| 14 || [[#DecryptAesKey]]
| 14 || [[#DecryptAesKey]]
|-
|-
| 15 || [[#CryptAesCtr]]
| 15 || [[#ComputeCtr]]
|-
|-
| 16 || [[#ComputeCmac]]
| 16 || [[#ComputeCmac]]
|-
|-
| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
| 21 || [2.0.0+] [[#AllocateAesKeySlot]]
|-
|-
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
|-
|-
| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
| 23 || [2.0.0+] [[#GetAesKeySlotAvailableEvent]]
|-
|-
| 13 || [[#DecryptDeviceUniqueData]]
| 13 || [[#DecryptDeviceUniqueData]]
|-
|-
| 17 || [[#ImportEsKey]]
| 17 || [[#LoadEsDeviceKey]]
|-
|-
| 18 || [[#UnwrapTitleKey]]
| 18 || [[#PrepareEsTitleKey]]
|-
|-
| 20 || [2.0.0+] [[#PrepareEsCommonKey]]
| 20 || [2.0.0+] [[#PrepareCommonEsTitleKey]]
|-
|-
| 28 || [5.0.0+] DecryptAndStoreDrmDeviceCertKey
| 28 || [5.0.0+] DecryptAndStoreDrmDeviceCertKey
Line 384: Line 381:
|-
|-
| 32 || [6.0.0+] [[#LoadPreparedAesKey]]
| 32 || [6.0.0+] [[#LoadPreparedAesKey]]
|-
| 33 || [18.0.0+]
|}
|}


Line 415: Line 414:
| 14 || [[#DecryptAesKey]]
| 14 || [[#DecryptAesKey]]
|-
|-
| 15 || [[#CryptAesCtr]]
| 15 || [[#ComputeCtr]]
|-
|-
| 16 || [[#ComputeCmac]]
| 16 || [[#ComputeCmac]]
|-
|-
| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
| 21 || [2.0.0+] [[#AllocateAesKeySlot]]
|-
|-
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
|-
|-
| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
| 23 || [2.0.0+] [[#GetAesKeySlotAvailableEvent]]
|-
|-
| 13 || [[#DecryptDeviceUniqueData]]
| 13 || [[#DecryptDeviceUniqueData]]
Retrieved from "https://switchbrew.org/wiki/SPL_services"