@@ Line 4: / Line 4: @@
 In [2.0.0+] where previously only one AES keyslot was used, there is now support for 4 of them and when the session closes, all allocated AES keyslots are automatically freed.
+[S2] The spl services were overhauled. New services were added, this appears to replace spl:mig where required for the relevant sysmodules. GenerateAesKek is no longer directly exposed, thus the Kek AccessKey and KeySource are no longer exposed.
 = csrng =
@@ Line 38: / Line 40: @@
 |-
 | 25 || [3.0.0+] [[#GetBootReason]]
+|}
+Going by spl:ldn, this likely has a new interface on [S2]:
+{| class="wikitable" border="1"
+|-
+! Cmd || Name
+|-
+| 0 || [[#GenerateRandomBytes|GenerateRandomBytes]]
+|-
+| 1 || [[#GetConfig|GetConfig]]
+|-
+| 2 ||
+|-
+| 3 ||
+|-
+| 4 ||
+|-
+| 5 || [[#GetConfigWithBuffer|GetConfigWithBuffer]]
 |}
@@ Line 51: / Line 72: @@
 Performs asymmetric crypto with user supplied modulus and exponent.
+== Cmd2 ==
+This is for the [S2] interface.
+Takes no input, returns 0x10-bytes of output.
+This returns the first 0xD-bytes from [[#GetConfigWithBuffer|GetConfigWithBuffer]] ConfigItem 8, byteswapped.
+== Cmd3 ==
+This is for the [S2] interface.
+Takes no input. Returns unknown output, usually zeros?
+== Cmd4 ==
+This is for the [S2] interface.
+Takes no input. Returns unknown output, usually zeros?
+== GetConfigWithBuffer ==
+Unofficial name.
+Some config is incomplete when accessed with [[#GetConfig|GetConfig]], this allows returning the full config.
+Takes an input u32 '''ConfigItem''' and an output type-0xA buffer.
 == GenerateAesKek ==
@@ Line 60: / Line 105: @@
 Wrapper for [[SMC#LoadAesKey|LoadAesKey SMC]].
-Takes an input u32 '''Keyslot''' , an input 16-byte '''AccessKey''' and an input 16-byte '''KeySource'''.
+Takes an input u32 '''KeySlot''' , an input 16-byte '''AccessKey''' and an input 16-byte '''KeySource'''.
-Sets the specified '''Keyslot''' with a key generated from '''AccessKey''' and '''KeySource'''.
+Sets the specified '''KeySlot''' with a key generated from '''AccessKey''' and '''KeySource'''.
 [2.0.0+] Now verifies that the keyslot in use (0..3) is allocated by the current spl session, otherwise errors with 0xD21A. Previously, keyslot was hardcoded to 0.
@@ Line 80: / Line 125: @@
 Only '''ConfigItem''' 13 (IsChargerHiZModeEnabled) can be set.
-== ImportLotusKey ==
+== DecryptAndStoreGcKey ==
 Wrapper for [[SMC#DecryptAndImportLotusKey|DecryptAndImportLotusKey SMC]].
@@ Line 89: / Line 134: @@
 [5.0.0+] The '''Version''' argument was removed and this now calls the [[SMC#ReencryptDeviceUniqueData|ReencryptDeviceUniqueData SMC]] instead.
-== DecryptLotusMessage ==
+== DecryptGcMessage ==
 Takes 3 input type-0x9 buffers '''DataIn''', '''ModIn''' and '''LabelHashIn'''.
-Uses the [[SMC#ModularExponentiateByStorageKey|ModularExponentiateByStorageKey SMC]] to decrypt '''DataIn''' using the private key imported with [[#ImportLotusKey]] and the supplied '''ModIn''' and '''LabelHashIn'''.
+Uses the [[SMC#ModularExponentiateByStorageKey|ModularExponentiateByStorageKey SMC]] to decrypt '''DataIn''' using the private key imported with [[#DecryptAndStoreGcKey]] and the supplied '''ModIn''' and '''LabelHashIn'''.
 == IsDevelopment ==
@@ Line 122: / Line 167: @@
 [2.0.0+] Introduced same keyslot allocation code as for [[#GenerateAesKey]].
-== CryptAesCtr ==
+== ComputeCtr ==
-Takes an output type-0x46 buffer '''DataOut''', an input u32 '''Keyslot''', an input type-0x45 buffer '''DataIn''' and an input 16-byte '''IvCtr'''.
+Takes an output type-0x46 buffer '''DataOut''', an input u32 '''KeySlot''', an input type-0x45 buffer '''DataIn''' and an input 16-byte '''IvCtr'''.
-Uses [[SMC#ComputeAes|ComputeAes SMC]] to decrypt '''DataIn''' into '''DataOut''' using the key set in the specified '''Keyslot'''.
+Uses [[SMC#ComputeAes|ComputeAes SMC]] to decrypt '''DataIn''' into '''DataOut''' using the key set in the specified '''KeySlot'''.
 [2.0.0+] Verifies the keyslot was allocated by the current session.
@@ Line 132: / Line 177: @@
 Wrapper for [[SMC#ComputeCmac|ComputeCmac SMC]].
-Takes an input type-0x9 buffer '''DataIn''' and an input u32 '''Keyslot'''. Returns an output 16-byte '''Cmac'''.
+Takes an input type-0x9 buffer '''DataIn''' and an input u32 '''KeySlot'''. Returns an output 16-byte '''Cmac'''.
 [2.0.0+] Verifies the keyslot was allocated by the current session.
-== ImportEsKey ==
+== LoadEsDeviceKey ==
 Wrapper for [[SMC#DecryptAndImportEsDeviceKey|DecryptAndImportEsDeviceKey SMC]].
@@ Line 145: / Line 190: @@
 [5.0.0+] The '''Version''' argument was removed and this now calls the [[SMC#ReencryptDeviceUniqueData|ReencryptDeviceUniqueData SMC]] instead.
-== UnwrapTitleKey ==
+== PrepareEsTitleKey ==
 Wrapper for [[SMC#PrepareEsDeviceUniqueKey|PrepareEsDeviceUniqueKey SMC]].
@@ Line 152: / Line 197: @@
 [3.0.0+] Now takes an input u32 '''Generation'''.
-Decrypts '''DataIn''' into '''DataOut''' using the private key imported with [[#ImportEsKey]] and the supplied '''ModIn'''. Afterwards, verifies RSA-OAEP encoding using '''LabelHashIn'''.
+Decrypts '''DataIn''' into '''DataOut''' using the private key imported with [[#LoadEsDeviceKey]] and the supplied '''ModIn'''. Afterwards, verifies RSA-OAEP encoding using '''LabelHashIn'''.
-== LoadTitleKey ==
+== LoadPreparedAesKey ==
 Wrapper for [[SMC#LoadPreparedAesKey|LoadPreparedAesKey SMC]].
-Takes an input u32 '''Keyslot''' and an input 16-byte '''AccessKey'''.
+Takes an input u32 '''KeySlot''' and an input 16-byte '''AccessKey'''.
 [2.0.0+] Verifies the keyslot was allocated in the current session.
-== UnwrapCommonTitleKey ==
+== PrepareCommonEsTitleKey ==
 Wrapper for [[SMC#PrepareEsCommonKey|PrepareEsCommonKey SMC]].
@@ Line 168: / Line 213: @@
 [3.0.0+] Now takes an input u32 '''Generation'''.
-== AllocateAesKeyslot ==
+== AllocateAesKeySlot ==
-Returns an output u32 '''Keyslot'''.
+Returns an output u32 '''KeySlot'''.
 Returns error 0xD01A if all keyslots are taken.
 == DeallocateAesKeySlot ==
-Takes an input u32 '''Keyslot'''.
+Takes an input u32 '''KeySlot'''.
 Returns error 0xD21A if the keyslot wasn't allocated by current session.
-== GetAesKeyslotAvailableEvent ==
+== GetAesKeySlotAvailableEvent ==
 Returns an output event handle for synchronizing with the AES keyslots.
@@ Line 190: / Line 235: @@
 [4.0.0+] Returns 0xD61A if a value has not previously been set and unsets the value after getting it.
-== LoadPreparedAesKey ==
-Same as [[#LoadTitleKey|LoadTitleKey]].
 = spl:mig =
@@ Line 223: / Line 265: @@
 | 14 || [[#DecryptAesKey]]
 |-
-| 15 || [[#CryptAesCtr]]
+| 15 || [[#ComputeCtr]]
 |-
 | 16 || [[#ComputeCmac]]
 |-
-| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
+| 21 || [2.0.0+] [[#AllocateAesKeySlot]]
 |-
 | 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
 |-
-| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
+| 23 || [2.0.0+] [[#GetAesKeySlotAvailableEvent]]
 |}
@@ Line 263: / Line 305: @@
 | 14 || [[#DecryptAesKey]]
 |-
-| 15 || [[#CryptAesCtr]]
+| 15 || [[#ComputeCtr]]
 |-
 | 16 || [[#ComputeCmac]]
 |-
-| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
+| 21 || [2.0.0+] [[#AllocateAesKeySlot]]
 |-
 | 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
 |-
-| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
+| 23 || [2.0.0+] [[#GetAesKeySlotAvailableEvent]]
 |-
-| 9 || [[#ImportLotusKey]]
+| 9 || [[#DecryptAndStoreGcKey]]
 |-
-| 10 || [[#DecryptLotusMessage]]
+| 10 || [[#DecryptGcMessage]]
 |-
 | 12 || [[#GenerateSpecificAesKey]]
 |-
-| 19 || [[#LoadTitleKey]]
+| 19 || [[#LoadPreparedAesKey]]
 |-
 | 31 || [5.0.0+] GetPackage2Hash
@@ Line 313: / Line 355: @@
 | 14 || [[#DecryptAesKey]]
 |-
-| 15 || [[#CryptAesCtr]]
+| 15 || [[#ComputeCtr]]
 |-
 | 16 || [[#ComputeCmac]]
 |-
-| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
+| 21 || [2.0.0+] [[#AllocateAesKeySlot]]
 |-
 | 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
 |-
-| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
+| 23 || [2.0.0+] [[#GetAesKeySlotAvailableEvent]]
 |-
 | 13 || [[#DecryptDeviceUniqueData]]
@@ Line 359: / Line 401: @@
 | 14 || [[#DecryptAesKey]]
 |-
-| 15 || [[#CryptAesCtr]]
+| 15 || [[#ComputeCtr]]
 |-
 | 16 || [[#ComputeCmac]]
 |-
-| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
+| 21 || [2.0.0+] [[#AllocateAesKeySlot]]
 |-
 | 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
 |-
-| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
+| 23 || [2.0.0+] [[#GetAesKeySlotAvailableEvent]]
 |-
 | 13 || [[#DecryptDeviceUniqueData]]
 |-
-| 17 || [[#ImportEsKey]]
+| 17 || [[#LoadEsDeviceKey]]
 |-
-| 18 || [[#UnwrapTitleKey]]
+| 18 || [[#PrepareEsTitleKey]]
 |-
-| 20 || [2.0.0+] [[#PrepareEsCommonKey]]
+| 20 || [2.0.0+] [[#PrepareCommonEsTitleKey]]
 |-
 | 28 || [5.0.0+] DecryptAndStoreDrmDeviceCertKey
@@ Line 417: / Line 459: @@
 | 14 || [[#DecryptAesKey]]
 |-
-| 15 || [[#CryptAesCtr]]
+| 15 || [[#ComputeCtr]]
 |-
 | 16 || [[#ComputeCmac]]
 |-
-| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
+| 21 || [2.0.0+] [[#AllocateAesKeySlot]]
 |-
 | 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
 |-
-| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
+| 23 || [2.0.0+] [[#GetAesKeySlotAvailableEvent]]
 |-
 | 13 || [[#DecryptDeviceUniqueData]]
@@ Line 431: / Line 473: @@
 | 30 || [5.0.0+] ReencryptDeviceUniqueData
 |}
+= (S2) spl:da =
+= (S2) spl:gc =
+= (S2) spl:nv =
+= (S2) spl:hid =
+= (S2) spl:ldn =
+This is "nn::spl::detail::ILdnInterface".
+This has IPC max_sessions 1?
+{| class="wikitable" border="1"
+|-
+! Cmd || Name
+|-
+| 0 || [[#GenerateRandomBytes|GenerateRandomBytes]]
+|-
+| 1 || [[#GetConfig|GetConfig]]
+|-
+| 2 ||
+|-
+| 3 ||
+|-
+| 4 ||
+|-
+| 5 || [[#GetConfigWithBuffer|GetConfigWithBuffer]]
+|-
+| 7000 || [[#GenerateNxAdvertiseKey|GenerateNxAdvertiseKey]]
+|-
+| 7001 || [[#GenerateNxSessionKey|GenerateNxSessionKey]]
+|-
+| 7002 || [[#GenerateNxLp2pKeyIndex1|GenerateNxLp2pKeyIndex1]]
+|-
+| 7003 || [[#GenerateNxLp2pKeyIndex2|GenerateNxLp2pKeyIndex2]]
+|-
+| 7004 || [[#GenerateOunceAdvertiseKey|GenerateOunceAdvertiseKey]]
+|-
+| 7005 || [[#GenerateOunceSessionKey|GenerateOunceSessionKey]]
+|}
+The below 7000+ cmds take a KeySource (equivalent to NX-GenerateAesKey) and an u32. Bitmask 0x1F of the u32 is the Generation, 0x20 is valid but doesn't seem to do anything. Values >=0x21 throw error. A 0x10-byte outbuf is used for the output key. Cmd7004/Cmd7005 use a 0x20-byte outbuf. These are equivalent to GenerateAesKek+GenerateAesKey combined.
+With Nx commands, valid key generations match what's expected for S1. With Ounce commands, the valid key generations on 20.x are 0/1.
+All of these use AES-ECB with the input KeySource, with the buffer as the output.
+== GenerateNxAdvertiseKey ==
+Unofficial name.
+Takes an input 16-byte '''KeySource''', an input u32, and an output type-0xA buffer '''AesKey'''.
+Generates a key using the NX-equivalent of the ldn Kek-action_keysource.
+== GenerateNxSessionKey ==
+Unofficial name.
+Takes an input 16-byte '''KeySource''', an input u32, and an output type-0xA buffer '''AesKey'''.
+Generates a key using the NX-equivalent of the ldn Kek-data_keysource.
+== GenerateNxLp2pKeyIndex1 ==
+Unofficial name.
+Takes an input 16-byte '''KeySource''', an input u32, and an output type-0xA buffer '''AesKey'''.
+Generates a key using the NX-equivalent of the lp2p Kek-Index1.
+== GenerateNxLp2pKeyIndex2 ==
+Unofficial name.
+Takes an input 16-byte '''KeySource''', an input u32, and an output type-0xA buffer '''AesKey'''.
+Generates a key using the NX-equivalent of the lp2p Kek-Index2.
+== GenerateOunceAdvertiseKey ==
+Unofficial name.
+Takes an input 32-byte '''KeySource''', an input u32, and an output type-0xA buffer '''AesKey'''.
+Ounce version of [[#GenerateNxAdvertiseKey|GenerateNxAdvertiseKey]].
+== GenerateOunceSessionKey ==
+Unofficial name.
+Takes an input 32-byte '''KeySource''', an input u32, and an output type-0xA buffer '''AesKey'''.
+Ounce version of [[#GenerateNxSessionKey|GenerateNxSessionKey]].
 [[Category:Services]]

SPL services: Difference between revisions