Difference between revisions of "SPL services"
| Line 37: | Line 37: | ||
| 7 || [[#GetRandomBytes]] || Uses [[SMC#GetRandomBytes|GetRandomBytes SMC]]. | | 7 || [[#GetRandomBytes]] || Uses [[SMC#GetRandomBytes|GetRandomBytes SMC]]. | ||
|- | |- | ||
| − | | 9 || [[# | + | | 9 || [[#LoadSecureExpModKey]] || Speculative name. Wrapper for [[SMC#LoadSecureExpModKey|LoadSecureExpModKey SMC]]. |
|- | |- | ||
| − | | 10 || [[# | + | | 10 || [[#SecureExpMod]] || Speculative name. Uses [[SMC#SecureExpMod|SecureExpModSMC]]. |
|- | |- | ||
| 11 || [[#IsDevelopment]] || | | 11 || [[#IsDevelopment]] || | ||
| Line 53: | Line 53: | ||
| 16 || [[#ComputeCmac]] || Wrapper for [[SMC#ComputeCmac|ComputeCmac SMC]]. | | 16 || [[#ComputeCmac]] || Wrapper for [[SMC#ComputeCmac|ComputeCmac SMC]]. | ||
|- | |- | ||
| − | | 17 || [[# | + | | 17 || [[#LoadRsaOaepKey]] || Speculative name. Wrapper for [[SMC#LoadRsaOaepKey|LoadRsaOaepKey SMC]]. |
|- | |- | ||
| − | | 18 || [[# | + | | 18 || [[#UnwrapRsaOaepWrappedTitleKey]] || Speculative name. Wrapper for [[SMC#UnwrapRsaOaepWrappedTitleKey|UnwrapRsaOaepWrappedTitleKey SMC]]. |
|- | |- | ||
| 19 || [[#LoadTitleKey]] || Wrapper for [[SMC#LoadTitleKey|LoadTitleKey SMC]]. | | 19 || [[#LoadTitleKey]] || Wrapper for [[SMC#LoadTitleKey|LoadTitleKey SMC]]. | ||
| Line 203: | Line 203: | ||
Any other '''ConfigItem''', besides 13, can't be set. | Any other '''ConfigItem''', besides 13, can't be set. | ||
| − | == | + | == LoadRsaOaepKey == |
Takes one type-9 (X descriptor) buffer ('''enc_privk_in_buf'''), a 16-byte KEK ('''key_x'''), a 16-byte key ('''key_y''') and a u32 ('''version'''). | Takes one type-9 (X descriptor) buffer ('''enc_privk_in_buf'''), a 16-byte KEK ('''key_x'''), a 16-byte key ('''key_y''') and a u32 ('''version'''). | ||
'''version''' is 0 for normal keys or 1 for extended keys. | '''version''' is 0 for normal keys or 1 for extended keys. | ||
| Line 209: | Line 209: | ||
Decrypts '''enc_privk_in_buf''' with a key generated from '''key_x''' and '''key_y''' and imports it for later usage. | Decrypts '''enc_privk_in_buf''' with a key generated from '''key_x''' and '''key_y''' and imports it for later usage. | ||
| − | == | + | == UnwrapRsaOaepWrappedTitleKey == |
Takes one type-10 (C descriptor) buffer ('''data_out_buf''') and 3 type-9 (X descriptor) buffers ('''data_in_buf''', '''mod_in_buf''' and '''label_hash_in_buf'''). | Takes one type-10 (C descriptor) buffer ('''data_out_buf''') and 3 type-9 (X descriptor) buffers ('''data_in_buf''', '''mod_in_buf''' and '''label_hash_in_buf'''). | ||
| − | Decrypts '''data_in_buf''' into '''data_out_buf''' using the private key imported with [[# | + | Decrypts '''data_in_buf''' into '''data_out_buf''' using the private key imported with [[#UnwrapRsaOaepWrappedTitleKey]] and the supplied '''mod_in_buf'''. Afterwards, verifies RSA-OAEP encoding using '''label_hash_in_buf'''. |
Returns an u32 ('''dec_data_size'''). | Returns an u32 ('''dec_data_size'''). | ||
| Line 259: | Line 259: | ||
[2.0.0+] Verifies the engine is locked by current session. | [2.0.0+] Verifies the engine is locked by current session. | ||
| − | == | + | == LoadSecureExpModKey == |
Takes one type-9 (X descriptor) buffer ('''enc_privk_in_buf'''), a 16-byte KEK ('''key_x'''), a 16-byte key ('''key_y''') and a u32 ('''version'''). | Takes one type-9 (X descriptor) buffer ('''enc_privk_in_buf'''), a 16-byte KEK ('''key_x'''), a 16-byte key ('''key_y''') and a u32 ('''version'''). | ||
'''version''' is 0 for normal keys or 1 for extended keys. | '''version''' is 0 for normal keys or 1 for extended keys. | ||
| Line 265: | Line 265: | ||
Decrypts '''enc_privk_in_buf''' with a key generated from '''key_x''' and '''key_y''' and imports it for later usage. | Decrypts '''enc_privk_in_buf''' with a key generated from '''key_x''' and '''key_y''' and imports it for later usage. | ||
| − | == | + | == SecureExpMod == |
Takes 3 type-9 (X descriptor) buffers ('''data_in_buf''', '''mod_in_buf''' and '''param0_in_buf'''). | Takes 3 type-9 (X descriptor) buffers ('''data_in_buf''', '''mod_in_buf''' and '''param0_in_buf'''). | ||
| − | Decrypts '''data_in_buf''' using the private key imported with [[# | + | Decrypts '''data_in_buf''' using the private key imported with [[#LoadSecureExpModKey]] and the supplied '''mod_in_buf''' and '''param0_in_buf'''. |
Generates and returns a 16-byte sealed titlekey. | Generates and returns a 16-byte sealed titlekey. | ||
Revision as of 02:34, 21 February 2018
Contents
- 1 csrng
- 2 spl:
- 2.1 GetConfig
- 2.2 UserExpMod
- 2.3 GenerateAesKek
- 2.4 LoadAesKey
- 2.5 GenerateAesKey
- 2.6 SetConfig
- 2.7 LoadRsaOaepKey
- 2.8 UnwrapRsaOaepWrappedTitleKey
- 2.9 IsDevelopment
- 2.10 GenerateSpecificAesKey
- 2.11 DecryptPrivk
- 2.12 DecryptAesKey
- 2.13 DecryptAesCtr
- 2.14 ComputeCmac
- 2.15 LoadSecureExpModKey
- 2.16 SecureExpMod
- 2.17 LoadTitleKey
- 2.18 UnwrapAesWrappedTitleKey
- 2.19 LockAesEngine
- 2.20 UnlockAesEngine
- 2.21 GetSplWaitEvent
- 2.22 SetSharedData
- 2.23 GetSharedData
csrng
This is "nn::spl::detail::IRandomInterface".
| Cmd | Name |
|---|---|
| 0 | #GetRandomBytes |
GetRandomBytes
Takes a type-6 buffer and fills it with random data. Same command for "spl:" and "csrng" services.
spl:
This is "nn::spl::detail::IGeneralInterface".
[2.0.0+] Where previously only one AES engine was utilized, there is now support for 4 of them.
[2.0.0+] When the session closes, all AES engines that were locked are automatically unlocked.
GetConfig
Takes a u32 (ConfigItem), and returns a u64 (ConfigVal).
| ConfigItem | Name |
|---|---|
| 1 | DisableProgramVerification |
| 2 | MemoryConfiguration |
| 3 | SecurityEngineIRQNumber |
| 4 | Returns 0x02? |
| 5 | HardwareType (0=Icosa (nx-abca2), 1=Copper (nx-abcb)) |
| 6 | IsRetail |
| 7 | IsRecoveryBoot |
| 8 | DeviceId (byte7 clear) |
| 9 | BootReason |
| 10 | MemoryArrange |
| 11 | IsDebugMode |
| 12 | KernelMemoryConfiguration |
| 13 | BatteryProfile |
PM checks id1 and if non-zero, calls fsp-pr SetEnabledProgramVerification(false).
PCV configures memory profiles based on id2.
| Platform | Version @ 40800 | Revision | id2 |
|---|---|---|---|
| jetson-tx1 | 11_40800_01_V9.8.3_V1.6 | N/A | N/A |
| nx-abcb | 10_40800_NoCfgVersion_V9.8.4_V1.6 | 0 | 0 |
| nx-abca2 | 10_40800_NoCfgVersion_V9.8.7_V1.6 | 0 | 0 or 3 |
| nx-abca2 | 10_40800_NoCfgVersion_V9.8.7_V1.6 | 1 | 4 |
| nx-abca2 | 10_40800_NoCfgVersion_V9.8.7_V1.6 | 2 | 1 |
| nx-abca2 | 10_40800_NoCfgVersion_V9.8.7_V1.6 | 3 | 2 |
Hardware Types
nx-abcb is the SDEV unit. Among other differences, this has extra hardware to support HDMI output.
nx-abca2 hardware types are variations of the retail form factor.
Notes
SPL uses id3 for setting up the security engine IRQ.
NIM checks that id8 output must match the set:cal DeviceId with byte7 cleared, otherwise panic.
[3.0.0+] RO checks id11, if set then skipping NRR rsa signatures is allowed.
Kernel uses id11 to determine behavior of svcBreak positive arguments. It will break instead of just force-exiting the process which is what happens on retail. [2.0.0+] This is also used with certain debug SVCs.
Kernel reads id12 when setting up memory-related code. If bit0 is set, it will memset various allocated memory-regions with 0x58, 0x59, 0x5A ('X', 'Y', 'Z') instead of zero. This allows Nintendo devs to find uninitialized memory bugs. If bit17-16 is 0b01, the kernel assumes 6GB of DRAM instead of 4GB.
UserExpMod
Takes one type-10 (C descriptor) buffer (data_out_buf) and 3 type-9 (X descriptor) buffers (data_in_buf, exp_in_buf and mod_in_buf).
Performs asymmetric crypto with user supplied modulus and exponent.
GenerateAesKek
Takes a 16-byte EKS (Encryption Key Source) and two words (KeyGeneration and option) as input. KeyGeneration ranges from 0 to 2.
Returns a scrambled sealed KEK (Key Encryption Key used as key_x).
LoadAesKey
Takes a u32 (keyslot) and two 16-byte keys (key_x and key_y).
Sets the specified keyslot with a key generated from key_x and key_y.
[2.0.0+] Now verifies that the engine in use (0..3) is locked/owned by the current spl session, otherwise errors with 0xD21A. Previously engine was hardcoded to 0.
GenerateAesKey
Takes a 16-byte KEK (key_x) and a 16-byte encrypted key (enc_key).
Generates a new key by decrypting enc_key with a key generated from the supplied key_x and a fixed key_y.
[2.0.0+] Previously, it always used engine 0. Now it tries to allocate an engine to be used and returns 0xD01A if they're all busy. When the command is done, the engine is released.
SetConfig
Takes a u32 (ConfigItem) and a u64 (ConfigVal).
| ConfigItem | Name |
|---|---|
| 13 | BatteryProfile |
Any other ConfigItem, besides 13, can't be set.
LoadRsaOaepKey
Takes one type-9 (X descriptor) buffer (enc_privk_in_buf), a 16-byte KEK (key_x), a 16-byte key (key_y) and a u32 (version). version is 0 for normal keys or 1 for extended keys.
Decrypts enc_privk_in_buf with a key generated from key_x and key_y and imports it for later usage.
UnwrapRsaOaepWrappedTitleKey
Takes one type-10 (C descriptor) buffer (data_out_buf) and 3 type-9 (X descriptor) buffers (data_in_buf, mod_in_buf and label_hash_in_buf).
Decrypts data_in_buf into data_out_buf using the private key imported with #UnwrapRsaOaepWrappedTitleKey and the supplied mod_in_buf. Afterwards, verifies RSA-OAEP encoding using label_hash_in_buf.
Returns an u32 (dec_data_size).
IsDevelopment
No input params.
Uses #GetConfig internally with id=6. Returns true if output from that is 0, or if the SMC returned error 2.
Returns an u8 flag for whether the system is devunit. Output flag is 0 on retail.
GenerateSpecificAesKey
Takes a 16-byte seed (key_seed) and two words (KeyGeneration and option) as input. KeyGeneration ranges from 0 to 2.
Returns a scrambled key (key_a).
DecryptPrivk
Takes one type-10 (C descriptor) buffer (dec_privk_out_buf), one type-9 (X descriptor) buffer (enc_privk_in_buf), a 16-byte KEK (key_x), a 16-byte key (key_y) and a u32 (version). version is 0 for normal keys or 1 for extended keys.
Decrypts enc_privk_in_buf into dec_privk_out_buf with a key generated from key_x and key_y.
Used by SSL-sysmodule for TLS client-privk.
DecryptAesKey
Takes a 16-byte encrypted key (enc_key) and two words (KeyGeneration and option) as input. KeyGeneration ranges from 0 to 2.
Decrypts enc_key with a key generated from fixed key_x and key_y and returns a 16-byte decrypted key (dec_key).
[2.0.0+] Introduced same engine allocation code as for #GenerateAesKey.
DecryptAesCtr
Takes a type-0x46 (B descriptor) buffer (data_out_buf), a u32 (keyslot), a type-0x45 (A descriptor) buffer (data_in_buf) and a 16-byte CTR (aes_ctr).
Decrypts data_in_buf into data_out_buf using the key set in the specified keyslot.
[2.0.0+] Verifies the engine is locked by current session.
ComputeCmac
Takes one type-9 (X descriptor) buffer (data_in_buf) and a u32 (type?).
Returns a 16-byte CMAC calculated over data_in_buf.
[2.0.0+] Verifies the engine is locked by current session.
LoadSecureExpModKey
Takes one type-9 (X descriptor) buffer (enc_privk_in_buf), a 16-byte KEK (key_x), a 16-byte key (key_y) and a u32 (version). version is 0 for normal keys or 1 for extended keys.
Decrypts enc_privk_in_buf with a key generated from key_x and key_y and imports it for later usage.
SecureExpMod
Takes 3 type-9 (X descriptor) buffers (data_in_buf, mod_in_buf and param0_in_buf).
Decrypts data_in_buf using the private key imported with #LoadSecureExpModKey and the supplied mod_in_buf and param0_in_buf.
Generates and returns a 16-byte sealed titlekey.
LoadTitleKey
Takes a u32 (keyslot) and a 16-byte sealed titlekey.
Sets the specified keyslot with the titlekey.
[2.0.0+] Verifies the engine is locked by current session.
UnwrapAesWrappedTitleKey
Takes a 16-byte EKS (Encryption Key Source).
Returns a sealed titlekey.
LockAesEngine
Returns the id of the engine that was locked, or 0xD01A if all engines are busy. You need to lock an engine before using AES functions.
UnlockAesEngine
Takes a single u32 and unlocks the engine with that id. It must be owned by current session otherwise 0xD21A will be returned.
GetSplWaitEvent
Returns an event handle for synchronizing with the locked AES engine.
Sets a static dword in spl .bss to the user input u32.
[4.0.0+] returns 0xD41A if a value has been previously set without being gotten.
Returns the static dword in spl .bss that can be set via #SetSharedData.
[4.0.0+] returns 0xD61A if a value has not previously been set, and unsets the value after getting it.
