Changes

Jump to navigation Jump to search

SPL services (view source)

Revision as of 18:44, 12 May 2020

1,305 bytes added ,  18:44, 12 May 2020
no edit summary
Line 1: Line 1:  +
SPL ("Secure Platform services") is responsible for handling all cryptographic operations within the system and relaying them to the [[SMC|Secure Monitor]] when necessary.
 +
 +
During [1.0.0-3.0.2], the only existing services were "csrng" and "spl:". However, in [4.0.0+] the "spl:" service was refactored and split into new services with different permission levels. Each service exposes the IPC command list differently in order to prevent cryptographic operations to take place in the wrong context.
 +
 +
In [2.0.0+] where previously only one AES keyslot was used, there is now support for 4 of them and when the session closes, all allocated AES keyslots are automatically freed.
 +
 
= csrng =
 
= csrng =
 
This is "nn::spl::detail::IRandomInterface".
 
This is "nn::spl::detail::IRandomInterface".
Line 6: Line 12:  
! Cmd || Name
 
! Cmd || Name
 
|-
 
|-
| 0 || [[#GetRandomBytes]]
+
| 0 || [[#GenerateRandomBytes]]
 
|}
 
|}
   −
== GetRandomBytes ==
+
== GenerateRandomBytes ==
Takes a type-6 buffer and fills it with random data. Same command for "spl:" and "csrng" services.
+
Takes an output type-0xA buffer and fills it with random data from [[SMC#GenerateRandomBytes|GenerateRandomBytes SMC]]. Same command for "spl:" and "csrng" services, except for buffer-type.
    
= spl: =
 
= spl: =
 
This is "nn::spl::detail::IGeneralInterface".
 
This is "nn::spl::detail::IGeneralInterface".
  −
[2.0.0+] Where previously only one AES engine was utilized, there is now support for 4 of them.
  −
  −
[2.0.0+] When the session closes, all AES engines that were locked are automatically unlocked.
      
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Cmd || Name || Notes
+
! Cmd || Name
|-
  −
| 0 || [[#GetConfig]] || Wrapper for [[SMC#GetConfig|GetConfig SMC]].
  −
|-
  −
| 1 || [[#UserExpMod]] || Speculative name. Wrapper for [[SMC#ExpMod|ExpMod SMC]].
  −
|-
  −
| 2 || [[#GenerateAesKek]] || Wrapper for [[SMC#GenerateAesKek|GenerateAesKek SMC]].
  −
|-
  −
| 3 || [[#LoadAesKey]] || Wrapper for [[SMC#LoadAesKey|LoadAesKey SMC]].
  −
|-
  −
| 4 || [[#GenerateAesKey]] || Decrypts 0x10 bytes using AES ECB and uses [[SMC#LoadAesKey|LoadAesKey SMC]] with a fixed Y.
  −
|-
  −
| 5 || [[#SetConfig]] || Wrapper for [[SMC#SetConfig|SetConfig SMC]].
  −
|-
  −
| 7 || [[#GetRandomBytes]] || Uses [[SMC#GetRandomBytes|GetRandomBytes SMC]].
  −
|-
  −
| 9 || [[#LoadSecureExpModKey]] || Speculative name. Wrapper for [[SMC#LoadSecureExpModKey|LoadSecureExpModKey SMC]].
  −
|-
  −
| 10 || [[#SecureExpMod]] || Speculative name. Uses [[SMC#SecureExpMod|SecureExpModSMC]].
  −
|-
  −
| 11 || [[#IsDevelopment]] ||
   
|-
 
|-
| 12 || [[#GenerateSpecificAesKey]] || Wrapper for [[SMC#GenerateSpecificAesKey|GenerateSpecificAesKey SMC]].
+
| 0 || [[#GetConfig]]
 
|-
 
|-
| 13 || [[#DecryptPrivk]] || Speculative name. Wrapper for [[SMC#PrivateRsa|PrivateRsa SMC]].
+
| 1 || [[#ModularExponentiate]]
 
|-
 
|-
| 14 || [[#DecryptAesKey]] || Decrypts 0x10 bytes using AES ECB and uses [[SMC#LoadAesKey|LoadAesKey SMC]] with fixed X and Y.
+
| 5 || [[#SetConfig]]
 
|-
 
|-
| 15 || [[#DecryptAesCtr]] || Wrapper for [[SMC#CryptAes|CryptAes SMC]].
+
| 7 || [[#GenerateRandomBytes]]
 
|-
 
|-
| 16 || [[#ComputeCmac]] || Wrapper for [[SMC#ComputeCmac|ComputeCmac SMC]].
+
| 11 || [[#IsDevelopment]]
 
|-
 
|-
| 17 || [[#LoadRsaOaepKey]] || Speculative name. Wrapper for [[SMC#LoadRsaOaepKey|LoadRsaOaepKey SMC]].
+
| 24 || [3.0.0+] [[#SetBootReason]]
 
|-
 
|-
| 18 || [[#UnwrapRsaOaepWrappedTitleKey]] || Speculative name. Wrapper for [[SMC#UnwrapRsaOaepWrappedTitleKey|UnwrapRsaOaepWrappedTitleKey SMC]].
+
| 25 || [3.0.0+] [[#GetBootReason]]
|-
  −
| 19 || [[#LoadTitleKey]] || Wrapper for [[SMC#LoadTitleKey|LoadTitleKey SMC]].
  −
|-
  −
| 20 || [2.0.0+] [[#UnwrapAesWrappedTitleKey ]] || Wrapper for [[SMC#UnwrapAesWrappedTitleKey|UnwrapAesWrappedTitleKey SMC]].
  −
|-
  −
| 21 || [2.0.0+] [[#LockAesEngine]] ||
  −
|-
  −
| 22 || [2.0.0+] [[#UnlockAesEngine]] ||
  −
|-
  −
| 23 || [2.0.0+] [[#GetSplWaitEvent]] ||
  −
|-
  −
| 24 || [3.0.0+] [[#SetSharedData]] ||
  −
|-
  −
| 25 || [3.0.0+] [[#GetSharedData]] ||
   
|}
 
|}
    
== GetConfig ==
 
== GetConfig ==
Takes a u32 ('''ConfigItem'''), and returns a u64 ('''ConfigVal''').
+
Wrapper for [[SMC#GetConfig|GetConfig SMC]].
 +
 
 +
Takes an input u32 '''ConfigItem'''. Returns one or more output u64s '''ConfigValue'''.
   −
{| class="wikitable" border="1"
+
== ModularExponentiate ==
|-
+
Wrapper for [[SMC#ModularExponentiate|ModularExponentiate SMC]].
! ConfigItem || Name
+
 
|-
+
Takes an output type-0xA buffer '''DataOut''' and 3 input type-0x9 buffers '''DataIn''', '''ExpIn''' and '''ModIn'''.
| 1 || DisableProgramVerification
+
 
|-
+
Performs asymmetric crypto with user supplied modulus and exponent.
| 2 || MemoryConfiguration
+
 
|-
+
== GenerateAesKek ==
| 3 || SecurityEngineIRQNumber
+
Wrapper for [[SMC#GenerateAesKek|GenerateAesKek SMC]].
|-
+
 
| 4 || Version (returns the current [[Package2#Versions|Package1 Maxver Constant]] - 1).
+
Takes an input 16-byte '''KeySource''' and two input u32s '''Generation''' and '''Option'''. Returns an output 16-byte '''AccessKey'''.
|-
+
 
| 5 || HardwareType (0=Icosa (nx-abca2), 1=Copper (nx-abcb))
+
== LoadAesKey ==
|-
+
Wrapper for [[SMC#LoadAesKey|LoadAesKey SMC]].
| 6 || IsRetail
+
 
|-
+
Takes an input u32 '''Keyslot''' , an input 16-byte '''AccessKey''' and an input 16-byte '''KeySource'''.
| 7 || IsRecoveryBoot
+
 
|-
+
Sets the specified '''Keyslot''' with a key generated from '''AccessKey''' and '''KeySource'''.
| 8 || DeviceId (byte7 clear)
+
 
|-
+
[2.0.0+] Now verifies that the keyslot in use (0..3) is allocated by the current spl session, otherwise errors with 0xD21A. Previously, keyslot was hardcoded to 0.
| 9 || BootReason
+
 
|-
+
== GenerateAesKey ==
| 10 || MemoryArrange
+
Takes an input 16-byte '''AccessKey''' and an input 16-byte '''KeySource'''. Returns an output 16-byte '''AesKey'''.
|-
+
 
| 11 || IsDebugMode
+
Generates a new key by decrypting (AES-ECB) '''KeySource''' with a key generated from the supplied '''AccessKey''' and the key set with [[SMC#LoadAesKey|LoadAesKey SMC]].
|-
  −
| 12 || KernelMemoryConfiguration
  −
|-
  −
| 13 || BatteryProfile
  −
|}
     −
[[Process Manager services|PM]] checks id1 and if non-zero, calls fsp-pr SetEnabledProgramVerification(false).
+
[2.0.0+] Previously, it always used keyslot 0. Now it tries to allocate a keyslot to be used and returns 0xD01A if they're all busy. When the command is done, the keyslot is released.
   −
[[PCV_services|PCV]] configures memory profiles based on id2.
+
== SetConfig ==
{| class="wikitable" border="1"
+
Wrapper for [[SMC#SetConfig|SetConfig SMC]].
|-
  −
!  Platform
  −
!  Version @ 40800
  −
!  Revision
  −
!  id2
  −
|-
  −
|  jetson-tx1
  −
|  11_40800_01_V9.8.3_V1.6
  −
|  N/A
  −
|  N/A
  −
|-
  −
|  nx-abcb
  −
|  10_40800_NoCfgVersion_V9.8.4_V1.6
  −
|  0
  −
|  0
  −
|-
  −
|  nx-abca2
  −
|  10_40800_NoCfgVersion_V9.8.7_V1.6
  −
|  0
  −
|  0 or 3
  −
|-
  −
|  nx-abca2
  −
|  10_40800_NoCfgVersion_V9.8.7_V1.6
  −
|  1
  −
|  4
  −
|-
  −
|  nx-abca2
  −
|  10_40800_NoCfgVersion_V9.8.7_V1.6
  −
|  2
  −
|  1
  −
|-
  −
|  nx-abca2
  −
|  10_40800_NoCfgVersion_V9.8.7_V1.6
  −
|  3
  −
|  2
  −
|-
  −
|}
     −
=== Hardware Types ===
+
Takes an input u32 '''ConfigItem''' and an input u64 '''ConfigValue'''.
   −
nx-abcb is the SDEV unit. Among other differences, this has extra hardware to support HDMI output.
+
Only '''ConfigItem''' 13 (IsChargerHiZModeEnabled) can be set.
   −
nx-abca2 hardware types are variations of the retail form factor.
+
== ImportLotusKey ==
 +
Wrapper for [[SMC#DecryptAndImportLotusKey|DecryptAndImportLotusKey SMC]].
   −
=== Notes ===
+
Takes an input type-0x9 buffer '''DataIn''', an input 16-byte '''AccessKey''', an input 16-byte '''KeySource''' and an input u32 '''Version''' (0 for normal keys or 1 for extended keys).
   −
SPL uses id3 for setting up the security engine IRQ.
+
Decrypts '''DataIn''' with a key generated from '''AccessKey''' and '''KeySource''' and imports it for later usage.
   −
[[NIM_services|NIM]] checks that id8 output must match the [[Settings_services|set:cal]] DeviceId with byte7 cleared, otherwise panic.
+
[5.0.0+] The '''Version''' argument was removed and this now calls the [[SMC#ReencryptDeviceUniqueData|ReencryptDeviceUniqueData SMC]] instead.
   −
[3.0.0+] [[Loader services|RO]] checks id11, if set then skipping NRR rsa signatures is allowed.
+
== DecryptLotusMessage ==
 +
Takes 3 input type-0x9 buffers '''DataIn''', '''ModIn''' and '''LabelHashIn'''.
   −
Kernel uses id11 to determine behavior of svcBreak positive arguments. It will break instead of just force-exiting the process which is what happens on retail. [2.0.0+] This is also used with certain debug [[SVC|SVCs]].
+
Uses the [[SMC#ModularExponentiateByStorageKey|ModularExponentiateByStorageKey SMC]] to decrypt '''DataIn''' using the private key imported with [[#ImportLotusKey]] and the supplied '''ModIn''' and '''LabelHashIn'''.
   −
Kernel reads id12 when setting up memory-related code. If bit0 is set, it will memset various allocated memory-regions with 0x58, 0x59, 0x5A ('X', 'Y', 'Z') instead of zero. This allows Nintendo devs to find uninitialized memory bugs. If bit17-16 is 0b01, the kernel assumes 6GB of DRAM instead of 4GB.
+
== IsDevelopment ==
 +
No input. Returns an output u8 bool.
   −
== UserExpMod ==
+
Uses [[#GetConfig]] internally.
Takes one type-10 (C descriptor) buffer ('''data_out_buf''') and 3 type-9 (X descriptor) buffers ('''data_in_buf''', '''exp_in_buf''' and '''mod_in_buf''').
     −
Performs asymmetric crypto with user supplied modulus and exponent.
+
== GenerateSpecificAesKey ==
 +
Wrapper for [[SMC#GenerateSpecificAesKey|GenerateSpecificAesKey SMC]].
   −
== GenerateAesKek ==
+
Takes an input 16-byte '''KeySource''' and two input u32s '''Generation''' and '''Option'''. Returns an output 16-byte '''AesKey'''.
Takes a 16-byte EKS ('''Encryption Key Source''') and two words ('''KeyGeneration''' and '''option''') as input.
  −
'''KeyGeneration''' ranges from 0 to 2.
     −
Returns a scrambled sealed KEK ('''Key Encryption Key''' used as '''key_x''').
+
== DecryptDeviceUniqueData ==
 +
Wrapper for [[SMC#DecryptDeviceUniqueData|DecryptDeviceUniqueData SMC]].
   −
== LoadAesKey ==
+
Takes an output type-0xA buffer '''DataOut''', an input type-0x9 '''DataIn''', an input 16-byte '''AccessKey''', an input 16-byte '''KeySource''' and an input u32 '''Version''' (0 for normal keys or 1 for extended keys).
Takes a u32 ('''keyslot''') and two 16-byte keys ('''key_x''' and '''key_y''').
     −
Sets the specified '''keyslot''' with a key generated from '''key_x''' and '''key_y'''.
+
Decrypts '''DataIn''' into '''DataOut''' with a key generated from '''AccessKey''' and '''KeySource'''.
   −
[2.0.0+] Now verifies that the engine in use (0..3) is locked/owned by the current spl session, otherwise errors with 0xD21A. Previously engine was hardcoded to 0.
+
Used by [[SSL_services|SSL]] for TLS client-privk.
   −
== GenerateAesKey ==
+
[5.0.0+] The '''Version''' argument was removed.
Takes a 16-byte KEK ('''key_x''') and a 16-byte encrypted key ('''enc_key''').
     −
Generates a new key by decrypting '''enc_key''' with a key generated from the supplied '''key_x''' and a fixed '''key_y'''.
+
== DecryptAesKey ==
 +
Takes an input 16-byte '''KeySource''' and two input u32s '''Generation''' and '''Option'''. Returns an output 16-byte '''AesKey'''.
   −
[2.0.0+] Previously, it always used engine 0. Now it tries to allocate an engine to be used and returns 0xD01A if they're all busy. When the command is done, the engine is released.
+
Decrypts (AES-ECB) '''KeySource''' with a key set with [[SMC#LoadAesKey|LoadAesKey SMC]].
   −
== SetConfig ==
+
[2.0.0+] Introduced same keyslot allocation code as for [[#GenerateAesKey]].
Takes a u32 ('''ConfigItem''') and a u64 ('''ConfigVal''').
     −
{| class="wikitable" border="1"
+
== CryptAesCtr ==
|-
+
Takes an output type-0x46 buffer '''DataOut''', an input u32 '''Keyslot''', an input type-0x45 buffer '''DataIn''' and an input 16-byte '''IvCtr'''.
! ConfigItem || Name
  −
|-
  −
| 13 || BatteryProfile
  −
|}
     −
Any other '''ConfigItem''', besides 13, can't be set.
+
Uses [[SMC#ComputeAes|ComputeAes SMC]] to decrypt '''DataIn''' into '''DataOut''' using the key set in the specified '''Keyslot'''.
   −
== LoadRsaOaepKey ==
+
[2.0.0+] Verifies the keyslot was allocated by the current session.
Takes one type-9 (X descriptor) buffer ('''enc_privk_in_buf'''), a 16-byte KEK ('''key_x'''), a 16-byte key ('''key_y''') and a u32 ('''version''').
  −
'''version''' is 0 for normal keys or 1 for extended keys.
     −
Decrypts '''enc_privk_in_buf''' with a key generated from '''key_x''' and '''key_y''' and imports it for later usage.
+
== ComputeCmac ==
 +
Wrapper for [[SMC#ComputeCmac|ComputeCmac SMC]].
   −
== UnwrapRsaOaepWrappedTitleKey ==
+
Takes an input type-0x9 buffer '''DataIn''' and an input u32 '''Keyslot'''. Returns an output 16-byte '''Cmac'''.
Takes one type-10 (C descriptor) buffer ('''data_out_buf''') and 3 type-9 (X descriptor) buffers ('''data_in_buf''', '''mod_in_buf''' and '''label_hash_in_buf''').
     −
Decrypts '''data_in_buf''' into '''data_out_buf''' using the private key imported with [[#UnwrapRsaOaepWrappedTitleKey]] and the supplied '''mod_in_buf'''. Afterwards, verifies RSA-OAEP encoding using '''label_hash_in_buf'''.
+
[2.0.0+] Verifies the keyslot was allocated by the current session.
   −
Returns an u32 ('''dec_data_size''').
+
== ImportEsKey ==
 +
Wrapper for [[SMC#DecryptAndImportEsDeviceKey|DecryptAndImportEsDeviceKey SMC]].
   −
== IsDevelopment ==
+
Takes an input type-0x9 buffer '''DataIn''', an input 16-byte '''AccessKey''', an input 16-byte '''KeySource''' and an input u32 '''Version''' (0 for normal keys or 1 for extended keys).
No input params.
     −
Uses [[#GetConfig]] internally with id=6. Returns true if output from that is 0, or if the SMC returned error 2.
+
Decrypts '''DataIn''' with a key generated from '''AccessKey''' and '''KeySource''' and imports it for later usage.
   −
Returns an u8 flag for whether the system is devunit. Output flag is 0 on retail.
+
[5.0.0+] The '''Version''' argument was removed and this now calls the [[SMC#ReencryptDeviceUniqueData|ReencryptDeviceUniqueData SMC]] instead.
   −
== GenerateSpecificAesKey ==
+
== UnwrapTitleKey ==
Takes a 16-byte seed ('''key_seed''') and two words ('''KeyGeneration''' and '''option''') as input.
+
Wrapper for [[SMC#PrepareEsDeviceUniqueKey|PrepareEsDeviceUniqueKey SMC]].
'''KeyGeneration''' ranges from 0 to 2.
     −
Returns a scrambled key ('''key_a''').
+
Takes an output type-0xA buffer '''DataOut''' and 3 input type-0x9 buffers '''DataIn''', '''ModIn''' and '''LabelHashIn'''. Returns an output u32 '''DataOutSize'''.
   −
== DecryptPrivk ==
+
[3.0.0+] Now takes an input u32 '''Generation'''.
Takes one type-10 (C descriptor) buffer ('''dec_privk_out_buf'''), one type-9 (X descriptor) buffer ('''enc_privk_in_buf'''), a 16-byte KEK ('''key_x'''), a 16-byte key ('''key_y''') and a u32 ('''version''').
  −
'''version''' is 0 for normal keys or 1 for extended keys.
     −
Decrypts '''enc_privk_in_buf''' into '''dec_privk_out_buf''' with a key generated from '''key_x''' and '''key_y'''.
+
Decrypts '''DataIn''' into '''DataOut''' using the private key imported with [[#ImportEsKey]] and the supplied '''ModIn'''. Afterwards, verifies RSA-OAEP encoding using '''LabelHashIn'''.
   −
Used by [[SSL_services|SSL]]-sysmodule for TLS client-privk.
+
== LoadTitleKey ==
 +
Wrapper for [[SMC#LoadPreparedAesKey|LoadPreparedAesKey SMC]].
   −
== DecryptAesKey ==
+
Takes an input u32 '''Keyslot''' and an input 16-byte '''AccessKey'''.
Takes a 16-byte encrypted key ('''enc_key''') and two words ('''KeyGeneration''' and '''option''') as input.
  −
'''KeyGeneration''' ranges from 0 to 2.
     −
Decrypts '''enc_key''' with a key generated from fixed '''key_x''' and '''key_y''' and returns a 16-byte decrypted key ('''dec_key''').
+
[2.0.0+] Verifies the keyslot was allocated in the current session.
   −
[2.0.0+] Introduced same engine allocation code as for [[#GenerateAesKey]].
+
== UnwrapCommonTitleKey ==
 +
Wrapper for [[SMC#PrepareEsCommonKey|PrepareEsCommonKey SMC]].
   −
== DecryptAesCtr ==
+
Takes an input 16-byte '''KeySource'''. Returns an output 16-byte '''AccessKey'''.
Takes a type-0x46 (B descriptor) buffer ('''data_out_buf'''), a u32 ('''keyslot'''), a type-0x45 (A descriptor) buffer ('''data_in_buf''') and a 16-byte CTR ('''aes_ctr''').
     −
Decrypts '''data_in_buf''' into '''data_out_buf''' using the key set in the specified '''keyslot'''.
+
[3.0.0+] Now takes an input u32 '''Generation'''.
   −
[2.0.0+] Verifies the engine is locked by current session.
+
== AllocateAesKeyslot ==
 +
Returns an output u32 '''Keyslot'''.
   −
== ComputeCmac ==
+
Returns error 0xD01A if all keyslots are taken.
Takes one type-9 (X descriptor) buffer ('''data_in_buf''') and a u32 ('''type?''').
     −
Returns a 16-byte CMAC calculated over '''data_in_buf'''.
+
== DeallocateAesKeySlot ==
 +
Takes an input u32 '''Keyslot'''.
   −
[2.0.0+] Verifies the engine is locked by current session.
+
Returns error 0xD21A if the keyslot wasn't allocated by current session.
   −
== LoadSecureExpModKey ==
+
== GetAesKeyslotAvailableEvent ==
Takes one type-9 (X descriptor) buffer ('''enc_privk_in_buf'''), a 16-byte KEK ('''key_x'''), a 16-byte key ('''key_y''') and a u32 ('''version''').
+
Returns an output event handle for synchronizing with the AES keyslots.
'''version''' is 0 for normal keys or 1 for extended keys.
     −
Decrypts '''enc_privk_in_buf''' with a key generated from '''key_x''' and '''key_y''' and imports it for later usage.
+
== SetBootReason ==
 +
Takes an input u32 '''BootReason'''.
   −
== SecureExpMod ==
+
[4.0.0+] Returns 0xD41A if a value has been previously set without being [[#GetBootReason|gotten]].
Takes 3 type-9 (X descriptor) buffers ('''data_in_buf''', '''mod_in_buf''' and '''param0_in_buf''').
     −
Decrypts '''data_in_buf''' using the private key imported with [[#LoadSecureExpModKey]] and the supplied '''mod_in_buf''' and '''param0_in_buf'''.
+
== GetBootReason ==
 +
Returns an output u32 '''BootReason'''.
   −
Generates and returns a 16-byte sealed titlekey.
+
[4.0.0+] Returns 0xD61A if a value has not previously been set and unsets the value after getting it.
   −
== LoadTitleKey ==
+
== LoadPreparedAesKey ==
Takes a u32 ('''keyslot''') and a 16-byte sealed titlekey.
+
Same as [[#LoadTitleKey|LoadTitleKey]].
   −
Sets the specified '''keyslot''' with the titlekey.
+
= spl:mig =
 +
This is "nn::spl::detail::ICryptoInterface".
   −
[2.0.0+] Verifies the engine is locked by current session.
+
{| class="wikitable" border="1"
 +
|-
 +
! Cmd || Name
 +
|-
 +
| 0 || [[#GetConfig]]
 +
|-
 +
| 1 || [[#ModularExponentiate]]
 +
|-
 +
| 5 || [[#SetConfig]]
 +
|-
 +
| 7 || [[#GenerateRandomBytes]]
 +
|-
 +
| 11 || [[#IsDevelopment]]
 +
|-
 +
| 24 || [3.0.0+] [[#SetBootReason]]
 +
|-
 +
| 25 || [3.0.0+] [[#GetBootReason]]
 +
|-
 +
| 2 || [[#GenerateAesKek]]
 +
|-
 +
| 3 || [[#LoadAesKey]]
 +
|-
 +
| 4 || [[#GenerateAesKey]]
 +
|-
 +
| 14 || [[#DecryptAesKey]]
 +
|-
 +
| 15 || [[#CryptAesCtr]]
 +
|-
 +
| 16 || [[#ComputeCmac]]
 +
|-
 +
| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
 +
|-
 +
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
 +
|-
 +
| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
 +
|}
   −
== UnwrapAesWrappedTitleKey ==
+
= spl:fs =
Takes a 16-byte EKS ('''Encryption Key Source''').
+
This is "nn::spl::detail::IFsInterface".
   −
Returns a sealed titlekey.
+
{| class="wikitable" border="1"
 +
|-
 +
! Cmd || Name
 +
|-
 +
| 0 || [[#GetConfig]]
 +
|-
 +
| 1 || [[#ModularExponentiate]]
 +
|-
 +
| 5 || [[#SetConfig]]
 +
|-
 +
| 7 || [[#GenerateRandomBytes]]
 +
|-
 +
| 11 || [[#IsDevelopment]]
 +
|-
 +
| 24 || [3.0.0+] [[#SetBootReason]]
 +
|-
 +
| 25 || [3.0.0+] [[#GetBootReason]]
 +
|-
 +
| 2 || [[#GenerateAesKek]]
 +
|-
 +
| 3 || [[#LoadAesKey]]
 +
|-
 +
| 4 || [[#GenerateAesKey]]
 +
|-
 +
| 14 || [[#DecryptAesKey]]
 +
|-
 +
| 15 || [[#CryptAesCtr]]
 +
|-
 +
| 16 || [[#ComputeCmac]]
 +
|-
 +
| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
 +
|-
 +
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
 +
|-
 +
| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
 +
|-
 +
| 9 || [[#ImportLotusKey]]
 +
|-
 +
| 10 || [[#DecryptLotusMessage]]
 +
|-
 +
| 12 || [[#GenerateSpecificAesKey]]
 +
|-
 +
| 19 || [[#LoadTitleKey]]
 +
|-
 +
| 31 || [5.0.0+] GetPackage2Hash
 +
|}
   −
== LockAesEngine ==
+
= spl:ssl =
Returns the id of the engine that was locked, or 0xD01A if all engines are busy. You need to lock an engine before using AES functions.
+
This is "nn::spl::detail::ISslInterface".
   −
== UnlockAesEngine ==
+
{| class="wikitable" border="1"
Takes a single u32 and unlocks the engine with that id. It must be owned by current session otherwise 0xD21A will be returned.
+
|-
 +
! Cmd || Name
 +
|-
 +
| 0 || [[#GetConfig]]
 +
|-
 +
| 1 || [[#ModularExponentiate]]
 +
|-
 +
| 5 || [[#SetConfig]]
 +
|-
 +
| 7 || [[#GenerateRandomBytes]]
 +
|-
 +
| 11 || [[#IsDevelopment]]
 +
|-
 +
| 24 || [3.0.0+] [[#SetBootReason]]
 +
|-
 +
| 25 || [3.0.0+] [[#GetBootReason]]
 +
|-
 +
| 2 || [[#GenerateAesKek]]
 +
|-
 +
| 3 || [[#LoadAesKey]]
 +
|-
 +
| 4 || [[#GenerateAesKey]]
 +
|-
 +
| 14 || [[#DecryptAesKey]]
 +
|-
 +
| 15 || [[#CryptAesCtr]]
 +
|-
 +
| 16 || [[#ComputeCmac]]
 +
|-
 +
| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
 +
|-
 +
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
 +
|-
 +
| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
 +
|-
 +
| 13 || [[#DecryptDeviceUniqueData]]
 +
|-
 +
| 26 || [5.0.0+] DecryptAndStoreSslClientCertKey
 +
|-
 +
| 27 || [5.0.0+] ModularExponentiateWithSslClientCertKey
 +
|}
   −
== GetSplWaitEvent ==
+
= spl:es =
Returns an event handle for synchronizing with the locked AES engine.
+
This is "nn::spl::detail::IEsInterface".
   −
== SetSharedData ==
+
{| class="wikitable" border="1"
Sets a static dword in spl .bss to the user input u32.
+
|-
 +
! Cmd || Name
 +
|-
 +
| 0 || [[#GetConfig]]
 +
|-
 +
| 1 || [[#ModularExponentiate]]
 +
|-
 +
| 5 || [[#SetConfig]]
 +
|-
 +
| 7 || [[#GenerateRandomBytes]]
 +
|-
 +
| 11 || [[#IsDevelopment]]
 +
|-
 +
| 24 || [3.0.0+] [[#SetBootReason]]
 +
|-
 +
| 25 || [3.0.0+] [[#GetBootReason]]
 +
|-
 +
| 2 || [[#GenerateAesKek]]
 +
|-
 +
| 3 || [[#LoadAesKey]]
 +
|-
 +
| 4 || [[#GenerateAesKey]]
 +
|-
 +
| 14 || [[#DecryptAesKey]]
 +
|-
 +
| 15 || [[#CryptAesCtr]]
 +
|-
 +
| 16 || [[#ComputeCmac]]
 +
|-
 +
| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
 +
|-
 +
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
 +
|-
 +
| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
 +
|-
 +
| 13 || [[#DecryptDeviceUniqueData]]
 +
|-
 +
| 17 || [[#ImportEsKey]]
 +
|-
 +
| 18 || [[#UnwrapTitleKey]]
 +
|-
 +
| 20 || [2.0.0+] [[#PrepareEsCommonKey]]
 +
|-
 +
| 28 || [5.0.0+] DecryptAndStoreDrmDeviceCertKey
 +
|-
 +
| 29 || [5.0.0+] ModularExponentiateWithDrmDeviceCertKey
 +
|-
 +
| 31 || [6.0.0+] PrepareEsArchiveKey
 +
|-
 +
| 32 || [6.0.0+] [[#LoadPreparedAesKey]]
 +
|}
   −
[4.0.0+] returns 0xD41A if a value has been previously set without being [[#GetSharedData|gotten]].
+
= spl:manu =
 +
This is "nn::spl::detail::IManuInterface".
   −
== GetSharedData ==
+
{| class="wikitable" border="1"
Returns the static dword in spl .bss that can be set via [[#SetSharedData]].
+
|-
 +
! Cmd || Name
 +
|-
 +
| 0 || [[#GetConfig]]
 +
|-
 +
| 1 || [[#ModularExponentiate]]
 +
|-
 +
| 5 || [[#SetConfig]]
 +
|-
 +
| 7 || [[#GenerateRandomBytes]]
 +
|-
 +
| 11 || [[#IsDevelopment]]
 +
|-
 +
| 24 || [3.0.0+] [[#SetBootReason]]
 +
|-
 +
| 25 || [3.0.0+] [[#GetBootReason]]
 +
|-
 +
| 2 || [[#GenerateAesKek]]
 +
|-
 +
| 3 || [[#LoadAesKey]]
 +
|-
 +
| 4 || [[#GenerateAesKey]]
 +
|-
 +
| 14 || [[#DecryptAesKey]]
 +
|-
 +
| 15 || [[#CryptAesCtr]]
 +
|-
 +
| 16 || [[#ComputeCmac]]
 +
|-
 +
| 21 || [2.0.0+] [[#AllocateAesKeyslot]]
 +
|-
 +
| 22 || [2.0.0+] [[#DeallocateAesKeySlot]]
 +
|-
 +
| 23 || [2.0.0+] [[#GetAesKeyslotAvailableEvent]]
 +
|-
 +
| 13 || [[#DecryptDeviceUniqueData]]
 +
|-
 +
| 30 || [5.0.0+] ReencryptDeviceUniqueData
 +
|}
   −
[4.0.0+] returns 0xD61A if a value has not previously been set, and unsets the value after getting it.
+
[[Category:Services]]
Retrieved from "https://switchbrew.org/wiki/Special:MobileDiff/3842...9473"

Navigation menu