Revert "hoc-clk: add live vdd2, live boost clock and basic pwm dimming"
This reverts commit 15b7df8ef1.
This commit is contained in:
@@ -1,703 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) Atmosphère-NX
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms and conditions of the GNU General Public License,
|
||||
* version 2, as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||
* more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
#include <exosphere.hpp>
|
||||
#include "se_execute.hpp"
|
||||
|
||||
namespace ams::se {
|
||||
|
||||
namespace {
|
||||
|
||||
constexpr inline int AesKeySizeMax = 256 / BITSIZEOF(u8);
|
||||
|
||||
enum AesMode {
|
||||
AesMode_Aes128 = ((SE_CONFIG_ENC_MODE_AESMODE_KEY128 << SE_CONFIG_ENC_MODE_OFFSET) | (SE_CONFIG_DEC_MODE_AESMODE_KEY128 << SE_CONFIG_DEC_MODE_OFFSET)) >> SE_CONFIG_DEC_MODE_OFFSET,
|
||||
AesMode_Aes192 = ((SE_CONFIG_ENC_MODE_AESMODE_KEY192 << SE_CONFIG_ENC_MODE_OFFSET) | (SE_CONFIG_DEC_MODE_AESMODE_KEY192 << SE_CONFIG_DEC_MODE_OFFSET)) >> SE_CONFIG_DEC_MODE_OFFSET,
|
||||
AesMode_Aes256 = ((SE_CONFIG_ENC_MODE_AESMODE_KEY256 << SE_CONFIG_ENC_MODE_OFFSET) | (SE_CONFIG_DEC_MODE_AESMODE_KEY256 << SE_CONFIG_DEC_MODE_OFFSET)) >> SE_CONFIG_DEC_MODE_OFFSET,
|
||||
};
|
||||
|
||||
enum MemoryInterface {
|
||||
MemoryInterface_Ahb = SE_CRYPTO_CONFIG_MEMIF_AHB,
|
||||
MemoryInterface_Mc = SE_CRYPTO_CONFIG_MEMIF_MCCIF,
|
||||
};
|
||||
|
||||
constexpr inline u32 AesConfigEcb = reg::Encode(SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 0),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, MEMORY),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, MEMORY),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, BYPASS),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, DISABLE));
|
||||
|
||||
constexpr inline u32 AesConfigCtr = reg::Encode(SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 1),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, MEMORY),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, LINEAR_CTR),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, BOTTOM),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, DISABLE));
|
||||
|
||||
constexpr inline u32 AesConfigCmac = reg::Encode(SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 0),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, INIT_AESOUT),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, MEMORY),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, TOP),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, ENABLE));
|
||||
|
||||
constexpr inline u32 AesConfigCbcEncrypt = reg::Encode(SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 0),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, INIT_AESOUT),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, MEMORY),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, TOP),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, DISABLE));
|
||||
|
||||
constexpr inline u32 AesConfigCbcDecrypt = reg::Encode(SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 0),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, INIT_PREV_MEMORY),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, MEMORY),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, BOTTOM),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, DISABLE));
|
||||
|
||||
void SetConfig(volatile SecurityEngineRegisters *SE, bool encrypt, SE_CONFIG_DST dst) {
|
||||
reg::Write(SE->SE_CONFIG, SE_REG_BITS_ENUM (CONFIG_ENC_MODE, AESMODE_KEY128),
|
||||
SE_REG_BITS_ENUM (CONFIG_DEC_MODE, AESMODE_KEY128),
|
||||
SE_REG_BITS_ENUM_SEL(CONFIG_ENC_ALG, encrypt, AES_ENC, NOP),
|
||||
SE_REG_BITS_ENUM_SEL(CONFIG_DEC_ALG, encrypt, NOP, AES_DEC),
|
||||
SE_REG_BITS_VALUE (CONFIG_DST, dst));
|
||||
}
|
||||
|
||||
void SetAesConfig(volatile SecurityEngineRegisters *SE, int slot, bool encrypt, u32 config) {
|
||||
const u32 encoded = reg::Encode(SE_REG_BITS_ENUM (CRYPTO_CONFIG_MEMIF, AHB),
|
||||
SE_REG_BITS_VALUE (CRYPTO_CONFIG_KEY_INDEX, slot),
|
||||
SE_REG_BITS_ENUM_SEL(CRYPTO_CONFIG_CORE_SEL, encrypt, ENCRYPT, DECRYPT));
|
||||
|
||||
reg::Write(SE->SE_CRYPTO_CONFIG, (config | encoded));
|
||||
}
|
||||
|
||||
void SetBlockCount(volatile SecurityEngineRegisters *SE, int count) {
|
||||
reg::Write(SE->SE_CRYPTO_LAST_BLOCK, count - 1);
|
||||
}
|
||||
|
||||
void UpdateAesMode(volatile SecurityEngineRegisters *SE, AesMode mode) {
|
||||
reg::ReadWrite(SE->SE_CONFIG, REG_BITS_VALUE(16, 16, mode));
|
||||
}
|
||||
|
||||
void UpdateMemoryInterface(volatile SecurityEngineRegisters *SE, MemoryInterface memif) {
|
||||
reg::ReadWrite(SE->SE_CRYPTO_CONFIG, SE_REG_BITS_VALUE(CRYPTO_CONFIG_MEMIF, memif));
|
||||
}
|
||||
|
||||
void SetCounter(volatile SecurityEngineRegisters *SE, const void *ctr) {
|
||||
const u32 *ctr_32 = reinterpret_cast<const u32 *>(ctr);
|
||||
|
||||
/* Copy the input ctr to the linear CTR registers. */
|
||||
reg::Write(SE->SE_CRYPTO_LINEAR_CTR[0], util::LoadLittleEndian(ctr_32 + 0));
|
||||
reg::Write(SE->SE_CRYPTO_LINEAR_CTR[1], util::LoadLittleEndian(ctr_32 + 1));
|
||||
reg::Write(SE->SE_CRYPTO_LINEAR_CTR[2], util::LoadLittleEndian(ctr_32 + 2));
|
||||
reg::Write(SE->SE_CRYPTO_LINEAR_CTR[3], util::LoadLittleEndian(ctr_32 + 3));
|
||||
}
|
||||
|
||||
void SetAesKeyIv(volatile SecurityEngineRegisters *SE, int slot, const void *iv, size_t iv_size) {
|
||||
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
|
||||
AMS_ABORT_UNLESS(iv_size <= AesBlockSize);
|
||||
|
||||
/* Set each iv word in order. */
|
||||
const u32 *iv_u32 = static_cast<const u32 *>(iv);
|
||||
const int num_words = iv_size / sizeof(u32);
|
||||
for (int i = 0; i < num_words; ++i) {
|
||||
/* Select the keyslot. */
|
||||
reg::Write(SE->SE_CRYPTO_KEYTABLE_ADDR, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_SLOT, slot),
|
||||
SE_REG_BITS_ENUM (CRYPTO_KEYTABLE_ADDR_KEYIV_KEYIV_SEL, IV),
|
||||
SE_REG_BITS_ENUM (CRYPTO_KEYTABLE_ADDR_KEYIV_IV_SEL, ORIGINAL_IV),
|
||||
SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_WORD, i));
|
||||
|
||||
/* Set the iv word. */
|
||||
SE->SE_CRYPTO_KEYTABLE_DATA = *(iv_u32++);
|
||||
}
|
||||
}
|
||||
|
||||
void SetEncryptedAesKey(int dst_slot, int kek_slot, const void *key, size_t key_size, AesMode mode) {
|
||||
AMS_ABORT_UNLESS(key_size <= AesKeySizeMax);
|
||||
AMS_ABORT_UNLESS(0 <= dst_slot && dst_slot < AesKeySlotCount);
|
||||
AMS_ABORT_UNLESS(0 <= kek_slot && kek_slot < AesKeySlotCount);
|
||||
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Configure for single AES ECB decryption to key table. */
|
||||
SetConfig(SE, false, SE_CONFIG_DST_KEYTABLE);
|
||||
SetAesConfig(SE, kek_slot, false, AesConfigEcb);
|
||||
UpdateAesMode(SE, mode);
|
||||
SetBlockCount(SE, 1);
|
||||
|
||||
/* Select the destination keyslot. */
|
||||
reg::Write(SE->SE_CRYPTO_KEYTABLE_DST, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_DST_KEY_INDEX, dst_slot), SE_REG_BITS_ENUM(CRYPTO_KEYTABLE_DST_WORD_QUAD, KEYS_0_3));
|
||||
|
||||
/* Ensure that the se sees the keydata we want it to. */
|
||||
hw::FlushDataCache(key, key_size);
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
|
||||
/* Execute the operation. */
|
||||
ExecuteOperation(SE, SE_OPERATION_OP_START, nullptr, 0, key, key_size);
|
||||
}
|
||||
|
||||
void EncryptAes(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, AesMode mode) {
|
||||
/* If nothing to decrypt, succeed. */
|
||||
if (src_size == 0) { return; }
|
||||
|
||||
/* Validate input. */
|
||||
AMS_ABORT_UNLESS(dst_size == AesBlockSize);
|
||||
AMS_ABORT_UNLESS(src_size == AesBlockSize);
|
||||
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
|
||||
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Configure for AES-ECB encryption to memory. */
|
||||
SetConfig(SE, true, SE_CONFIG_DST_MEMORY);
|
||||
SetAesConfig(SE, slot, true, AesConfigEcb);
|
||||
UpdateAesMode(SE, mode);
|
||||
|
||||
/* Execute the operation. */
|
||||
ExecuteOperationSingleBlock(SE, dst, dst_size, src, src_size);
|
||||
}
|
||||
|
||||
void ExpandSubkey(u8 *subkey) {
|
||||
/* Shift everything left one bit. */
|
||||
u8 prev = 0;
|
||||
for (int i = AesBlockSize - 1; i >= 0; --i) {
|
||||
const u8 top = (subkey[i] >> 7);
|
||||
subkey[i] = ((subkey[i] << 1) | prev);
|
||||
prev = top;
|
||||
}
|
||||
|
||||
/* And xor with Rb if necessary. */
|
||||
if (prev != 0) {
|
||||
subkey[AesBlockSize - 1] ^= 0x87;
|
||||
}
|
||||
}
|
||||
|
||||
void ExpandSubkeyLittleEndian(u8 *subkey) {
|
||||
/* Shift everything left one bit. */
|
||||
u8 prev = 0;
|
||||
for (size_t i = 0; i < AesBlockSize; ++i) {
|
||||
const u8 top = (subkey[i] >> 7);
|
||||
subkey[i] = ((subkey[i] << 1) | prev);
|
||||
prev = top;
|
||||
}
|
||||
|
||||
/* And xor with Rb if necessary. */
|
||||
if (prev != 0) {
|
||||
subkey[0] ^= 0x87;
|
||||
}
|
||||
}
|
||||
|
||||
void GetCmacResult(volatile SecurityEngineRegisters *SE, void *dst, size_t dst_size) {
|
||||
const int num_words = dst_size / sizeof(u32);
|
||||
for (int i = 0; i < num_words; ++i) {
|
||||
reg::Write(static_cast<u32 *>(dst) + i, reg::Read(SE->SE_HASH_RESULT[i]));
|
||||
}
|
||||
}
|
||||
|
||||
void ComputeAesCmac(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, AesMode mode) {
|
||||
/* Validate input. */
|
||||
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
|
||||
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Determine mac extents. */
|
||||
const int num_blocks = util::DivideUp(src_size, AesBlockSize);
|
||||
const size_t last_block_size = (src_size == 0) ? 0 : (src_size - ((num_blocks - 1) * AesBlockSize));
|
||||
|
||||
/* Create subkey. */
|
||||
u8 subkey[AesBlockSize];
|
||||
{
|
||||
/* Encrypt zeroes. */
|
||||
std::memset(subkey, 0, sizeof(subkey));
|
||||
EncryptAes(subkey, sizeof(subkey), slot, subkey, sizeof(subkey), mode);
|
||||
|
||||
/* Expand. */
|
||||
ExpandSubkey(subkey);
|
||||
|
||||
/* Account for last block. */
|
||||
if (last_block_size != AesBlockSize) {
|
||||
ExpandSubkey(subkey);
|
||||
}
|
||||
}
|
||||
|
||||
/* Configure for AES-CMAC. */
|
||||
SetConfig(SE, true, SE_CONFIG_DST_HASH_REG);
|
||||
SetAesConfig(SE, slot, true, AesConfigCmac);
|
||||
UpdateAesMode(SE, mode);
|
||||
|
||||
/* Set the IV to zero. */
|
||||
for (int i = 0; i < 4; ++i) {
|
||||
/* Select the keyslot. */
|
||||
reg::Write(SE->SE_CRYPTO_KEYTABLE_ADDR, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_SLOT, slot),
|
||||
SE_REG_BITS_ENUM (CRYPTO_KEYTABLE_ADDR_KEYIV_KEYIV_SEL, IV),
|
||||
SE_REG_BITS_ENUM (CRYPTO_KEYTABLE_ADDR_KEYIV_IV_SEL, ORIGINAL_IV),
|
||||
SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_WORD, i));
|
||||
|
||||
/* Set the iv word. */
|
||||
SE->SE_CRYPTO_KEYTABLE_DATA = 0;
|
||||
}
|
||||
|
||||
/* Handle blocks before the last. */
|
||||
if (num_blocks > 1) {
|
||||
SetBlockCount(SE, num_blocks - 1);
|
||||
ExecuteOperation(SE, SE_OPERATION_OP_START, nullptr, 0, src, src_size);
|
||||
reg::ReadWrite(SE->SE_CRYPTO_CONFIG, SE_REG_BITS_ENUM(CRYPTO_CONFIG_IV_SELECT, UPDATED));
|
||||
}
|
||||
|
||||
/* Handle the last block. */
|
||||
{
|
||||
SetBlockCount(SE, 1);
|
||||
|
||||
/* Create the last block. */
|
||||
u8 last_block[AesBlockSize];
|
||||
if (last_block_size < sizeof(last_block)) {
|
||||
std::memset(last_block, 0, sizeof(last_block));
|
||||
last_block[last_block_size] = 0x80;
|
||||
}
|
||||
std::memcpy(last_block, static_cast<const u8 *>(src) + src_size - last_block_size, last_block_size);
|
||||
|
||||
/* Xor with the subkey. */
|
||||
for (size_t i = 0; i < AesBlockSize; ++i) {
|
||||
last_block[i] ^= subkey[i];
|
||||
}
|
||||
|
||||
/* Ensure the SE sees correct data. */
|
||||
hw::FlushDataCache(last_block, sizeof(last_block));
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
|
||||
ExecuteOperation(SE, SE_OPERATION_OP_START, nullptr, 0, last_block, sizeof(last_block));
|
||||
}
|
||||
|
||||
/* Get the output. */
|
||||
GetCmacResult(SE, dst, dst_size);
|
||||
}
|
||||
|
||||
void EncryptAesCbc(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, const void *iv, size_t iv_size, AesMode mode) {
|
||||
/* If nothing to encrypt, succeed. */
|
||||
if (src_size == 0) { return; }
|
||||
|
||||
/* Validate input. */
|
||||
AMS_ABORT_UNLESS(iv_size == AesBlockSize);
|
||||
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
|
||||
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Determine extents. */
|
||||
const size_t num_blocks = src_size / AesBlockSize;
|
||||
const size_t aligned_size = num_blocks * AesBlockSize;
|
||||
AMS_ABORT_UNLESS(src_size == aligned_size);
|
||||
|
||||
/* Configure for aes-cbc encryption. */
|
||||
SetConfig(SE, true, SE_CONFIG_DST_MEMORY);
|
||||
SetAesConfig(SE, slot, true, AesConfigCbcEncrypt);
|
||||
UpdateAesMode(SE, mode);
|
||||
|
||||
/* Set the iv. */
|
||||
SetAesKeyIv(SE, slot, iv, iv_size);
|
||||
|
||||
/* Set the block count. */
|
||||
SetBlockCount(SE, num_blocks);
|
||||
|
||||
/* Execute the operation. */
|
||||
ExecuteOperation(SE, SE_OPERATION_OP_START, dst, dst_size, src, aligned_size);
|
||||
}
|
||||
|
||||
void DecryptAesCbc(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, const void *iv, size_t iv_size, AesMode mode) {
|
||||
/* If nothing to decrypt, succeed. */
|
||||
if (src_size == 0) { return; }
|
||||
|
||||
/* Validate input. */
|
||||
AMS_ABORT_UNLESS(iv_size == AesBlockSize);
|
||||
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
|
||||
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Determine extents. */
|
||||
const size_t num_blocks = src_size / AesBlockSize;
|
||||
const size_t aligned_size = num_blocks * AesBlockSize;
|
||||
AMS_ABORT_UNLESS(src_size == aligned_size);
|
||||
|
||||
/* Configure for aes-cbc encryption. */
|
||||
SetConfig(SE, false, SE_CONFIG_DST_MEMORY);
|
||||
SetAesConfig(SE, slot, false, AesConfigCbcDecrypt);
|
||||
UpdateAesMode(SE, mode);
|
||||
|
||||
/* Set the iv. */
|
||||
SetAesKeyIv(SE, slot, iv, iv_size);
|
||||
|
||||
/* Set the block count. */
|
||||
SetBlockCount(SE, num_blocks);
|
||||
|
||||
/* Execute the operation. */
|
||||
ExecuteOperation(SE, SE_OPERATION_OP_START, dst, dst_size, src, aligned_size);
|
||||
}
|
||||
|
||||
void XorWithXtsTweak(void *dst, size_t dst_size, const void *src, size_t src_size, const void *base_tweak) {
|
||||
/* Copy tweak. */
|
||||
u8 tweak[se::AesBlockSize];
|
||||
std::memcpy(tweak, base_tweak, sizeof(tweak));
|
||||
|
||||
/* Perform xor. */
|
||||
u8 *dst_u8 = static_cast<u8 *>(dst);
|
||||
const u8 *src_u8 = static_cast<const u8 *>(src);
|
||||
|
||||
const size_t num_blocks = std::min<size_t>(dst_size, src_size) / sizeof(tweak);
|
||||
for (size_t i = 0; i < num_blocks; ++i) {
|
||||
for (size_t j = 0; j < sizeof(tweak); ++j) {
|
||||
dst_u8[j] = src_u8[j] ^ tweak[j];
|
||||
}
|
||||
|
||||
dst_u8 += sizeof(tweak);
|
||||
src_u8 += sizeof(tweak);
|
||||
|
||||
ExpandSubkeyLittleEndian(tweak);
|
||||
}
|
||||
}
|
||||
|
||||
void DecryptAesXts(void *dst, size_t dst_size, int slot_enc, int slot_tweak, const void *src, size_t src_size, size_t sector, AesMode mode) {
|
||||
/* If nothing to decrypt, succeed. */
|
||||
if (src_size == 0) { return; }
|
||||
|
||||
/* Validate input. */
|
||||
AMS_ABORT_UNLESS(util::IsAligned(dst_size, AesBlockSize));
|
||||
AMS_ABORT_UNLESS(util::IsAligned(src_size, AesBlockSize));
|
||||
AMS_ABORT_UNLESS(0 <= slot_enc && slot_enc < AesKeySlotCount);
|
||||
AMS_ABORT_UNLESS(0 <= slot_tweak && slot_tweak < AesKeySlotCount);
|
||||
|
||||
/* Generate tweak. */
|
||||
u32 base_tweak[se::AesBlockSize / sizeof(u32)] = {};
|
||||
base_tweak[util::size(base_tweak) - 1] = util::ConvertToBigEndian<u32>(static_cast<u32>(sector));
|
||||
if constexpr (sizeof(sector) > sizeof(u32)) {
|
||||
static_assert(sizeof(sector) <= sizeof(u64));
|
||||
base_tweak[util::size(base_tweak) - 2] = util::ConvertToBigEndian<u32>(static_cast<u32>(sector >> BITSIZEOF(u32)));
|
||||
}
|
||||
se::EncryptAes128(base_tweak, sizeof(base_tweak), slot_tweak, base_tweak, sizeof(base_tweak));
|
||||
|
||||
/* Xor all data. */
|
||||
XorWithXtsTweak(dst, dst_size, src, src_size, base_tweak);
|
||||
|
||||
/* Ensure the SE sees correct data. */
|
||||
hw::FlushDataCache(dst, dst_size);
|
||||
|
||||
/* Decrypt all data. */
|
||||
{
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Determine extents. */
|
||||
const size_t num_blocks = dst_size / AesBlockSize;
|
||||
|
||||
/* Configure for AES-ECB decryption to memory. */
|
||||
SetConfig(SE, false, SE_CONFIG_DST_MEMORY);
|
||||
SetAesConfig(SE, slot_enc, false, AesConfigEcb);
|
||||
UpdateAesMode(SE, mode);
|
||||
|
||||
/* Set the block count. */
|
||||
SetBlockCount(SE, num_blocks);
|
||||
|
||||
/* Execute the operation. */
|
||||
ExecuteOperation(SE, SE_OPERATION_OP_START, dst, dst_size, dst, dst_size);
|
||||
|
||||
/* Ensure the cpu sees correct data. */
|
||||
hw::InvalidateDataCache(dst, dst_size);
|
||||
}
|
||||
|
||||
/* Xor all data. */
|
||||
XorWithXtsTweak(dst, dst_size, dst, dst_size, base_tweak);
|
||||
}
|
||||
|
||||
void ComputeAes128Async(u32 out_ll_address, int slot, u32 in_ll_address, u32 size, DoneHandler handler, u32 config, bool encrypt, volatile SecurityEngineRegisters *SE) {
|
||||
/* If nothing to decrypt, succeed. */
|
||||
if (size == 0) { return; }
|
||||
|
||||
/* Validate input. */
|
||||
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
|
||||
|
||||
/* Configure for the specific operation. */
|
||||
SetConfig(SE, encrypt, SE_CONFIG_DST_MEMORY);
|
||||
SetAesConfig(SE, slot, encrypt, config);
|
||||
UpdateMemoryInterface(SE, MemoryInterface_Mc);
|
||||
|
||||
/* Configure the number of blocks. */
|
||||
const int num_blocks = size / AesBlockSize;
|
||||
SetBlockCount(SE, num_blocks);
|
||||
|
||||
/* Set the done handler. */
|
||||
SetDoneHandler(SE, handler);
|
||||
|
||||
/* Start the raw operation. */
|
||||
StartOperationRaw(SE, SE_OPERATION_OP_START, out_ll_address, in_ll_address);
|
||||
}
|
||||
|
||||
void ClearAesKeySlot(volatile SecurityEngineRegisters *SE, int slot) {
|
||||
/* Validate the key slot. */
|
||||
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
|
||||
|
||||
for (int i = 0; i < 16; ++i) {
|
||||
/* Select the keyslot. */
|
||||
reg::Write(SE->SE_CRYPTO_KEYTABLE_ADDR, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_SLOT, slot), SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_WORD, i));
|
||||
|
||||
/* Write the data. */
|
||||
SE->SE_CRYPTO_KEYTABLE_DATA = 0;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
void ClearAesKeySlot(int slot) {
|
||||
/* Clear the slot in SE1. */
|
||||
ClearAesKeySlot(GetRegisters(), slot);
|
||||
}
|
||||
|
||||
void ClearAesKeySlot2(int slot) {
|
||||
/* Clear the slot in SE2. */
|
||||
ClearAesKeySlot(GetRegisters2(), slot);
|
||||
}
|
||||
|
||||
void ClearAesKeyIv(int slot) {
|
||||
/* Validate the key slot. */
|
||||
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
|
||||
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Set each iv word in order. */
|
||||
for (int i = 0; i < 4; ++i) {
|
||||
/* Select the keyslot original iv. */
|
||||
reg::Write(SE->SE_CRYPTO_KEYTABLE_ADDR, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_SLOT, slot),
|
||||
SE_REG_BITS_ENUM (CRYPTO_KEYTABLE_ADDR_KEYIV_KEYIV_SEL, IV),
|
||||
SE_REG_BITS_ENUM (CRYPTO_KEYTABLE_ADDR_KEYIV_IV_SEL, ORIGINAL_IV),
|
||||
SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_WORD, i));
|
||||
|
||||
/* Set the iv word. */
|
||||
SE->SE_CRYPTO_KEYTABLE_DATA = 0;
|
||||
|
||||
/* Select the keyslot updated iv. */
|
||||
reg::Write(SE->SE_CRYPTO_KEYTABLE_ADDR, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_SLOT, slot),
|
||||
SE_REG_BITS_ENUM (CRYPTO_KEYTABLE_ADDR_KEYIV_KEYIV_SEL, IV),
|
||||
SE_REG_BITS_ENUM (CRYPTO_KEYTABLE_ADDR_KEYIV_IV_SEL, UPDATED_IV),
|
||||
SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_WORD, i));
|
||||
|
||||
/* Set the iv word. */
|
||||
SE->SE_CRYPTO_KEYTABLE_DATA = 0;
|
||||
}
|
||||
}
|
||||
|
||||
void LockAesKeySlot(int slot, u32 flags) {
|
||||
/* Validate the key slot. */
|
||||
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
|
||||
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Set non per-key flags. */
|
||||
if ((flags & ~KeySlotLockFlags_PerKey) != 0) {
|
||||
/* KeySlotLockFlags_DstKeyTableOnly is Mariko-only. */
|
||||
if (fuse::GetSocType() == fuse::SocType_Mariko) {
|
||||
reg::ReadWrite(SE->SE_CRYPTO_KEYTABLE_ACCESS[slot], REG_BITS_VALUE(0, 7, ~flags), REG_BITS_VALUE(7, 1, ((flags & KeySlotLockFlags_DstKeyTableOnly) != 0) ? 1 : 0));
|
||||
} else {
|
||||
reg::ReadWrite(SE->SE_CRYPTO_KEYTABLE_ACCESS[slot], REG_BITS_VALUE(0, 7, ~flags));
|
||||
}
|
||||
}
|
||||
|
||||
/* Set per-key flag. */
|
||||
if ((flags & KeySlotLockFlags_PerKey) != 0) {
|
||||
reg::ReadWrite(SE->SE_CRYPTO_SECURITY_PERKEY, REG_BITS_VALUE(slot, 1, 0));
|
||||
}
|
||||
}
|
||||
|
||||
void SetAesKey(int slot, const void *key, size_t key_size) {
|
||||
/* Validate the key slot and key size. */
|
||||
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
|
||||
AMS_ABORT_UNLESS(key_size <= AesKeySizeMax);
|
||||
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Set each key word in order. */
|
||||
const u32 *key_u32 = static_cast<const u32 *>(key);
|
||||
const int num_words = key_size / sizeof(u32);
|
||||
for (int i = 0; i < num_words; ++i) {
|
||||
/* Select the keyslot. */
|
||||
reg::Write(SE->SE_CRYPTO_KEYTABLE_ADDR, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_SLOT, slot),
|
||||
SE_REG_BITS_ENUM (CRYPTO_KEYTABLE_ADDR_KEYIV_KEYIV_SEL, KEY),
|
||||
SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_WORD, i));
|
||||
|
||||
/* Set the key word. */
|
||||
SE->SE_CRYPTO_KEYTABLE_DATA = *(key_u32++);
|
||||
}
|
||||
}
|
||||
|
||||
void SetEncryptedAesKey128(int dst_slot, int kek_slot, const void *key, size_t key_size) {
|
||||
return SetEncryptedAesKey(dst_slot, kek_slot, key, key_size, AesMode_Aes128);
|
||||
}
|
||||
|
||||
void SetEncryptedAesKey256(int dst_slot, int kek_slot, const void *key, size_t key_size) {
|
||||
return SetEncryptedAesKey(dst_slot, kek_slot, key, key_size, AesMode_Aes256);
|
||||
}
|
||||
|
||||
void EncryptAes128(void *dst, size_t dst_size, int slot, const void *src, size_t src_size) {
|
||||
return EncryptAes(dst, dst_size, slot, src, src_size, AesMode_Aes128);
|
||||
}
|
||||
|
||||
void DecryptAes128(void *dst, size_t dst_size, int slot, const void *src, size_t src_size) {
|
||||
/* If nothing to decrypt, succeed. */
|
||||
if (src_size == 0) { return; }
|
||||
|
||||
/* Validate input. */
|
||||
AMS_ABORT_UNLESS(dst_size == AesBlockSize);
|
||||
AMS_ABORT_UNLESS(src_size == AesBlockSize);
|
||||
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
|
||||
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Configure for AES-ECB decryption to memory. */
|
||||
SetConfig(SE, false, SE_CONFIG_DST_MEMORY);
|
||||
SetAesConfig(SE, slot, false, AesConfigEcb);
|
||||
|
||||
ExecuteOperationSingleBlock(SE, dst, dst_size, src, src_size);
|
||||
}
|
||||
|
||||
void ComputeAes128Ctr(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, const void *iv, size_t iv_size) {
|
||||
/* If nothing to do, succeed. */
|
||||
if (src_size == 0) { return; }
|
||||
|
||||
/* Validate input. */
|
||||
AMS_ABORT_UNLESS(iv_size == AesBlockSize);
|
||||
AMS_ABORT_UNLESS(0 <= slot && slot < AesKeySlotCount);
|
||||
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Determine how many full blocks we can operate on. */
|
||||
const size_t num_blocks = src_size / AesBlockSize;
|
||||
const size_t aligned_size = num_blocks * AesBlockSize;
|
||||
const size_t fractional = src_size - aligned_size;
|
||||
|
||||
/* Here Nintendo writes 1 to SE_SPARE. It's unclear why they do this, but we will do so as well. */
|
||||
SE->SE_SPARE = 0x1;
|
||||
|
||||
/* Configure for AES-CTR encryption/decryption to memory. */
|
||||
SetConfig(SE, true, SE_CONFIG_DST_MEMORY);
|
||||
SetAesConfig(SE, slot, true, AesConfigCtr);
|
||||
|
||||
/* Set the counter. */
|
||||
SetCounter(SE, iv);
|
||||
|
||||
/* Process as many aligned blocks as we can. */
|
||||
if (aligned_size > 0) {
|
||||
/* Configure the engine to process the right number of blocks. */
|
||||
SetBlockCount(SE, num_blocks);
|
||||
|
||||
/* Execute the operation. */
|
||||
ExecuteOperation(SE, SE_OPERATION_OP_START, dst, dst_size, src, aligned_size);
|
||||
|
||||
/* Synchronize around this point. */
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
}
|
||||
|
||||
/* Process a single block to output. */
|
||||
if (fractional > 0 && dst_size > aligned_size) {
|
||||
const size_t copy_size = std::min(fractional, dst_size - aligned_size);
|
||||
|
||||
ExecuteOperationSingleBlock(SE, static_cast<u8 *>(dst) + aligned_size, copy_size, static_cast<const u8 *>(src) + aligned_size, fractional);
|
||||
}
|
||||
}
|
||||
|
||||
void ComputeAes128Cmac(void *dst, size_t dst_size, int slot, const void *src, size_t src_size) {
|
||||
return ComputeAesCmac(dst, dst_size, slot, src, src_size, AesMode_Aes128);
|
||||
}
|
||||
|
||||
void ComputeAes256Cmac(void *dst, size_t dst_size, int slot, const void *src, size_t src_size) {
|
||||
return ComputeAesCmac(dst, dst_size, slot, src, src_size, AesMode_Aes256);
|
||||
}
|
||||
|
||||
void EncryptAes128Cbc(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, const void *iv, size_t iv_size) {
|
||||
return EncryptAesCbc(dst, dst_size, slot, src, src_size, iv, iv_size, AesMode_Aes128);
|
||||
}
|
||||
|
||||
void EncryptAes256Cbc(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, const void *iv, size_t iv_size) {
|
||||
return EncryptAesCbc(dst, dst_size, slot, src, src_size, iv, iv_size, AesMode_Aes256);
|
||||
}
|
||||
|
||||
void DecryptAes128Cbc(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, const void *iv, size_t iv_size) {
|
||||
return DecryptAesCbc(dst, dst_size, slot, src, src_size, iv, iv_size, AesMode_Aes128);
|
||||
}
|
||||
|
||||
void DecryptAes256Cbc(void *dst, size_t dst_size, int slot, const void *src, size_t src_size, const void *iv, size_t iv_size) {
|
||||
return DecryptAesCbc(dst, dst_size, slot, src, src_size, iv, iv_size, AesMode_Aes256);
|
||||
}
|
||||
|
||||
void DecryptAes128Xts(void *dst, size_t dst_size, int slot_enc, int slot_tweak, const void *src, size_t src_size, size_t sector) {
|
||||
return DecryptAesXts(dst, dst_size, slot_enc, slot_tweak, src, src_size, sector, AesMode_Aes128);
|
||||
}
|
||||
|
||||
void EncryptAes128CbcAsync(u32 out_ll_address, int slot, u32 in_ll_address, u32 size, const void *iv, size_t iv_size, DoneHandler handler) {
|
||||
/* Validate the iv. */
|
||||
AMS_ABORT_UNLESS(iv_size == AesBlockSize);
|
||||
|
||||
/* Get the registers. */
|
||||
volatile auto *SE = GetRegisters();
|
||||
|
||||
/* Set the iv. */
|
||||
SetAesKeyIv(SE, slot, iv, iv_size);
|
||||
|
||||
/* Perform the asynchronous aes operation. */
|
||||
ComputeAes128Async(out_ll_address, slot, in_ll_address, size, handler, AesConfigCbcEncrypt, true, SE);
|
||||
}
|
||||
|
||||
void DecryptAes128CbcAsync(u32 out_ll_address, int slot, u32 in_ll_address, u32 size, const void *iv, size_t iv_size, DoneHandler handler) {
|
||||
/* Validate the iv. */
|
||||
AMS_ABORT_UNLESS(iv_size == AesBlockSize);
|
||||
|
||||
/* Get the registers. */
|
||||
volatile auto *SE = GetRegisters();
|
||||
|
||||
/* Set the iv. */
|
||||
SetAesKeyIv(SE, slot, iv, iv_size);
|
||||
|
||||
/* Perform the asynchronous aes operation. */
|
||||
ComputeAes128Async(out_ll_address, slot, in_ll_address, size, handler, AesConfigCbcDecrypt, false, SE);
|
||||
}
|
||||
|
||||
void ComputeAes128CtrAsync(u32 out_ll_address, int slot, u32 in_ll_address, u32 size, const void *iv, size_t iv_size, DoneHandler handler) {
|
||||
/* Validate the iv. */
|
||||
AMS_ABORT_UNLESS(iv_size == AesBlockSize);
|
||||
|
||||
/* Get the registers. */
|
||||
volatile auto *SE = GetRegisters();
|
||||
|
||||
/* Here Nintendo writes 1 to SE_SPARE. It's unclear why they do this, but we will do so as well. */
|
||||
SE->SE_SPARE = 0x1;
|
||||
|
||||
/* Set the counter. */
|
||||
SetCounter(SE, iv);
|
||||
|
||||
/* Perform the asynchronous aes operation. */
|
||||
ComputeAes128Async(out_ll_address, slot, in_ll_address, size, handler, AesConfigCtr, true, SE);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,181 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) Atmosphère-NX
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms and conditions of the GNU General Public License,
|
||||
* version 2, as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||
* more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
#include <exosphere.hpp>
|
||||
#include "se_execute.hpp"
|
||||
|
||||
namespace ams::se {
|
||||
|
||||
namespace {
|
||||
|
||||
struct LinkedListEntry {
|
||||
u32 zero;
|
||||
u32 address;
|
||||
u32 size;
|
||||
};
|
||||
static_assert(util::is_pod<LinkedListEntry>::value);
|
||||
static_assert(sizeof(LinkedListEntry) == 0xC);
|
||||
|
||||
uintptr_t GetPhysicalAddress(const void *ptr) {
|
||||
const uintptr_t virt_address = reinterpret_cast<uintptr_t>(ptr);
|
||||
|
||||
#if defined(ATMOSPHERE_ARCH_ARM64)
|
||||
u64 phys_address;
|
||||
__asm__ __volatile__("at s1e3r, %[virt]; mrs %[phys], par_el1" : [phys]"=r"(phys_address) : [virt]"r"(virt_address) : "memory", "cc");
|
||||
return (phys_address & 0x0000FFFFFFFFF000ul) | (virt_address & 0x0000000000000FFFul);
|
||||
#elif defined(ATMOSPHERE_ARCH_ARM)
|
||||
return virt_address;
|
||||
#else
|
||||
#error "Unknown architecture for Tegra Security Engine physical address translation"
|
||||
#endif
|
||||
}
|
||||
|
||||
constexpr void SetLinkedListEntry(LinkedListEntry *entry, const void *ptr, size_t size) {
|
||||
/* Clear the zero field. */
|
||||
entry->zero = 0;
|
||||
|
||||
/* Set the address. */
|
||||
if (ptr != nullptr) {
|
||||
entry->address = GetPhysicalAddress(ptr);
|
||||
entry->size = static_cast<u32>(size);
|
||||
} else {
|
||||
entry->address = 0;
|
||||
entry->size = 0;
|
||||
}
|
||||
}
|
||||
|
||||
void StartOperation(volatile SecurityEngineRegisters *SE, SE_OPERATION_OP op) {
|
||||
/* Write back the current values of the error and interrupt status. */
|
||||
reg::Write(SE->SE_ERR_STATUS, reg::Read(SE->SE_ERR_STATUS));
|
||||
reg::Write(SE->SE_INT_STATUS, reg::Read(SE->SE_INT_STATUS));
|
||||
|
||||
/* Write the operation. */
|
||||
reg::Write(SE->SE_OPERATION, SE_REG_BITS_VALUE(OPERATION_OP, op));
|
||||
}
|
||||
|
||||
void EnsureOperationStarted(volatile SecurityEngineRegisters *SE) {
|
||||
/* Read the operation register to make sure our write takes. */
|
||||
reg::Read(SE->SE_OPERATION);
|
||||
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
}
|
||||
|
||||
void WaitForOperationComplete(volatile SecurityEngineRegisters *SE) {
|
||||
/* Spin until the operation is done. */
|
||||
while (reg::HasValue(SE->SE_INT_STATUS, SE_REG_BITS_ENUM(INT_STATUS_SE_OP_DONE, CLEAR))) { /* ... */ }
|
||||
|
||||
/* Check for operation success. */
|
||||
ValidateAesOperationResult(SE);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
void ExecuteOperation(volatile SecurityEngineRegisters *SE, SE_OPERATION_OP op, void *dst, size_t dst_size, const void *src, size_t src_size) {
|
||||
/* Set the linked list entries. */
|
||||
LinkedListEntry src_entry;
|
||||
LinkedListEntry dst_entry;
|
||||
|
||||
SetLinkedListEntry(std::addressof(src_entry), src, src_size);
|
||||
SetLinkedListEntry(std::addressof(dst_entry), dst, dst_size);
|
||||
|
||||
/* Ensure the linked list entry data is seen correctly. */
|
||||
hw::FlushDataCache(std::addressof(src_entry), sizeof(src_entry));
|
||||
hw::FlushDataCache(std::addressof(dst_entry), sizeof(dst_entry));
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
|
||||
/* Configure the linked list addresses. */
|
||||
reg::Write(SE->SE_IN_LL_ADDR, static_cast<u32>(GetPhysicalAddress(std::addressof(src_entry))));
|
||||
reg::Write(SE->SE_OUT_LL_ADDR, static_cast<u32>(GetPhysicalAddress(std::addressof(dst_entry))));
|
||||
|
||||
/* Start the operation. */
|
||||
StartOperation(SE, op);
|
||||
|
||||
/* Wait for the operation to complete. */
|
||||
WaitForOperationComplete(SE);
|
||||
}
|
||||
|
||||
void ExecuteOperationSingleBlock(volatile SecurityEngineRegisters *SE, void *dst, size_t dst_size, const void *src, size_t src_size) {
|
||||
/* Validate sizes. */
|
||||
AMS_ABORT_UNLESS(dst_size <= AesBlockSize);
|
||||
AMS_ABORT_UNLESS(src_size <= AesBlockSize);
|
||||
|
||||
/* Set the block count to 1. */
|
||||
reg::Write(SE->SE_CRYPTO_LAST_BLOCK, 0);
|
||||
|
||||
/* Create an aligned buffer. */
|
||||
util::AlignedBuffer<hw::DataCacheLineSize, AesBlockSize> aligned;
|
||||
std::memcpy(aligned, src, src_size);
|
||||
hw::FlushDataCache(aligned, AesBlockSize);
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
|
||||
/* Execute the operation. */
|
||||
ExecuteOperation(SE, SE_OPERATION_OP_START, aligned, AesBlockSize, aligned, AesBlockSize);
|
||||
|
||||
/* Ensure that the CPU will see the correct output. */
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
hw::FlushDataCache(aligned, AesBlockSize);
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
|
||||
/* Copy the output to the destination. */
|
||||
std::memcpy(dst, aligned, dst_size);
|
||||
}
|
||||
|
||||
void StartInputOperation(volatile SecurityEngineRegisters *SE, const void *src, size_t src_size) {
|
||||
/* Set the linked list entry. */
|
||||
LinkedListEntry src_entry;
|
||||
SetLinkedListEntry(std::addressof(src_entry), src, src_size);
|
||||
|
||||
/* Ensure the linked list entry data is seen correctly. */
|
||||
hw::FlushDataCache(std::addressof(src_entry), sizeof(src_entry));
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
|
||||
/* Configure the linked list addresses. */
|
||||
reg::Write(SE->SE_IN_LL_ADDR, static_cast<u32>(GetPhysicalAddress(std::addressof(src_entry))));
|
||||
|
||||
/* Start the operation. */
|
||||
StartOperation(SE, SE_OPERATION_OP_START);
|
||||
|
||||
/* Ensure the operation is started. */
|
||||
EnsureOperationStarted(SE);
|
||||
}
|
||||
|
||||
void StartOperationRaw(volatile SecurityEngineRegisters *SE, SE_OPERATION_OP op, u32 out_ll_address, u32 in_ll_address) {
|
||||
/* Configure the linked list addresses. */
|
||||
reg::Write(SE->SE_IN_LL_ADDR, in_ll_address);
|
||||
reg::Write(SE->SE_OUT_LL_ADDR, out_ll_address);
|
||||
|
||||
/* Start the operation. */
|
||||
StartOperation(SE, op);
|
||||
|
||||
/* Ensure the operation is started. */
|
||||
EnsureOperationStarted(SE);
|
||||
}
|
||||
|
||||
void ValidateAesOperationResult(volatile SecurityEngineRegisters *SE) {
|
||||
/* Ensure no error occurred. */
|
||||
AMS_ABORT_UNLESS(reg::HasValue(SE->SE_INT_STATUS, SE_REG_BITS_ENUM(INT_STATUS_ERR_STAT, CLEAR)));
|
||||
|
||||
/* Ensure the security engine is idle. */
|
||||
AMS_ABORT_UNLESS(reg::HasValue(SE->SE_STATUS, SE_REG_BITS_ENUM(STATUS_STATE, IDLE)));
|
||||
|
||||
/* Ensure there is no error status. */
|
||||
AMS_ABORT_UNLESS(reg::Read(SE->SE_ERR_STATUS) == 0);
|
||||
}
|
||||
|
||||
void ValidateAesOperationResult() {
|
||||
return ValidateAesOperationResult(GetRegisters());
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,33 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) Atmosphère-NX
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms and conditions of the GNU General Public License,
|
||||
* version 2, as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||
* more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
#include <exosphere.hpp>
|
||||
#include "se_registers.hpp"
|
||||
|
||||
namespace ams::se {
|
||||
|
||||
volatile SecurityEngineRegisters *GetRegisters();
|
||||
volatile SecurityEngineRegisters *GetRegisters2();
|
||||
|
||||
void ExecuteOperation(volatile SecurityEngineRegisters *SE, SE_OPERATION_OP op, void *dst, size_t dst_size, const void *src, size_t src_size);
|
||||
void ExecuteOperationSingleBlock(volatile SecurityEngineRegisters *SE, void *dst, size_t dst_size, const void *src, size_t src_size);
|
||||
|
||||
void StartInputOperation(volatile SecurityEngineRegisters *SE, const void *src, size_t src_size);
|
||||
void StartOperationRaw(volatile SecurityEngineRegisters *SE, SE_OPERATION_OP op, u32 out_ll_address, u32 in_ll_address);
|
||||
void SetDoneHandler(volatile SecurityEngineRegisters *SE, DoneHandler handler);
|
||||
|
||||
void ValidateAesOperationResult(volatile SecurityEngineRegisters *SE);
|
||||
|
||||
}
|
||||
@@ -1,72 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) Atmosphère-NX
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms and conditions of the GNU General Public License,
|
||||
* version 2, as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||
* more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
#include <exosphere.hpp>
|
||||
#include "se_execute.hpp"
|
||||
|
||||
namespace ams::se {
|
||||
|
||||
namespace {
|
||||
|
||||
void SetMessageSize(volatile SecurityEngineRegisters *SE, size_t src_size) {
|
||||
/* Set the message size. */
|
||||
reg::Write(SE->SE_SHA_MSG_LENGTH[0], src_size * BITSIZEOF(u8));
|
||||
reg::Write(SE->SE_SHA_MSG_LENGTH[1], 0);
|
||||
reg::Write(SE->SE_SHA_MSG_LENGTH[2], 0);
|
||||
reg::Write(SE->SE_SHA_MSG_LENGTH[3], 0);
|
||||
|
||||
/* Set the message remaining size. */
|
||||
reg::Write(SE->SE_SHA_MSG_LEFT[0], src_size * BITSIZEOF(u8));
|
||||
reg::Write(SE->SE_SHA_MSG_LEFT[1], 0);
|
||||
reg::Write(SE->SE_SHA_MSG_LEFT[2], 0);
|
||||
reg::Write(SE->SE_SHA_MSG_LEFT[3], 0);
|
||||
}
|
||||
|
||||
void GetHashResult(volatile SecurityEngineRegisters *SE, void *dst, size_t dst_size) {
|
||||
/* Copy out the words. */
|
||||
const int num_words = dst_size / sizeof(u32);
|
||||
for (int i = 0; i < num_words; ++i) {
|
||||
const u32 word = reg::Read(SE->SE_HASH_RESULT[i]);
|
||||
util::StoreBigEndian(static_cast<u32 *>(dst) + i, word);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
void CalculateSha256(Sha256Hash *dst, const void *src, size_t src_size) {
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Configure the engine to perform SHA256 "encryption". */
|
||||
reg::Write(SE->SE_CONFIG, SE_REG_BITS_ENUM(CONFIG_ENC_MODE, SHA256),
|
||||
SE_REG_BITS_ENUM(CONFIG_DEC_MODE, AESMODE_KEY128),
|
||||
SE_REG_BITS_ENUM(CONFIG_ENC_ALG, SHA),
|
||||
SE_REG_BITS_ENUM(CONFIG_DEC_ALG, NOP),
|
||||
SE_REG_BITS_ENUM(CONFIG_DST, HASH_REG));
|
||||
|
||||
/* Begin a hardware hash operation. */
|
||||
reg::Write(SE->SE_SHA_CONFIG, SE_REG_BITS_VALUE(SHA_CONFIG_HW_INIT_HASH, 1));
|
||||
|
||||
/* Set the message size. */
|
||||
SetMessageSize(SE, src_size);
|
||||
|
||||
/* Execute the operation. */
|
||||
ExecuteOperation(SE, SE_OPERATION_OP_START, nullptr, 0, src, src_size);
|
||||
|
||||
/* Get the result. */
|
||||
GetHashResult(SE, dst, sizeof(*dst));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,142 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) Atmosphère-NX
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms and conditions of the GNU General Public License,
|
||||
* version 2, as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||
* more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
#include <exosphere.hpp>
|
||||
#include "se_execute.hpp"
|
||||
|
||||
namespace ams::se {
|
||||
|
||||
namespace {
|
||||
|
||||
constinit uintptr_t g_register_address = secmon::MemoryRegionPhysicalDeviceSecurityEngine.GetAddress();
|
||||
constinit uintptr_t g_register2_address = secmon::MemoryRegionPhysicalDeviceSecurityEngine2.GetAddress();
|
||||
constinit DoneHandler g_done_handler = nullptr;
|
||||
|
||||
void SetSecure(volatile SecurityEngineRegisters *SE, bool secure) {
|
||||
/* Set the security software setting. */
|
||||
if (secure) {
|
||||
reg::ReadWrite(SE->SE_SE_SECURITY, SE_REG_BITS_ENUM(SECURITY_SOFT_SETTING, SECURE));
|
||||
} else {
|
||||
reg::ReadWrite(SE->SE_SE_SECURITY, SE_REG_BITS_ENUM(SECURITY_SOFT_SETTING, NONSECURE));
|
||||
}
|
||||
|
||||
/* Read the status register to force an update. */
|
||||
reg::Read(SE->SE_SE_SECURITY);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
volatile SecurityEngineRegisters *GetRegisters() {
|
||||
return reinterpret_cast<volatile SecurityEngineRegisters *>(g_register_address);
|
||||
}
|
||||
|
||||
volatile SecurityEngineRegisters *GetRegisters2() {
|
||||
return reinterpret_cast<volatile SecurityEngineRegisters *>(g_register2_address);
|
||||
}
|
||||
|
||||
void SetRegisterAddress(uintptr_t address, uintptr_t address2) {
|
||||
g_register_address = address;
|
||||
g_register2_address = address2;
|
||||
}
|
||||
|
||||
void Initialize() {
|
||||
auto *SE = GetRegisters();
|
||||
AMS_ABORT_UNLESS(reg::HasValue(SE->SE_STATUS, SE_REG_BITS_ENUM(STATUS_STATE, IDLE)));
|
||||
}
|
||||
|
||||
void SetSecure(bool secure) {
|
||||
/* Set security for SE1. */
|
||||
SetSecure(GetRegisters(), secure);
|
||||
|
||||
/* If SE2 is present, set security for SE2. */
|
||||
if (fuse::GetSocType() == fuse::SocType_Mariko) {
|
||||
SetSecure(GetRegisters2(), secure);
|
||||
}
|
||||
}
|
||||
|
||||
void SetTzramSecure() {
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Set the TZRAM setting to secure. */
|
||||
SE->SE_TZRAM_SECURITY = SE_TZRAM_SETTING_SECURE;
|
||||
}
|
||||
|
||||
void SetPerKeySecure() {
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Update PERKEY_SETTING to secure. */
|
||||
reg::ReadWrite(SE->SE_SE_SECURITY, SE_REG_BITS_ENUM(SECURITY_PERKEY_SETTING, SECURE));
|
||||
}
|
||||
|
||||
|
||||
void SetContextSaveSecure() {
|
||||
/* Context save lock to trustzone secure is only available on mariko. */
|
||||
if (fuse::GetSocType() == fuse::SocType_Mariko) {
|
||||
auto *SE = GetRegisters();
|
||||
auto *SE2 = GetRegisters2();
|
||||
|
||||
reg::ReadWrite(SE->SE_SE_SECURITY, SE_REG_BITS_ENUM(SECURITY_CTX_SAVE_TZ_LOCK, SECURE));
|
||||
reg::ReadWrite(SE2->SE_SE_SECURITY, SE_REG_BITS_ENUM(SECURITY_CTX_SAVE_TZ_LOCK, SECURE));
|
||||
}
|
||||
}
|
||||
|
||||
void Lockout() {
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Lock access to the AES keyslots. */
|
||||
for (int i = 0; i < AesKeySlotCount; ++i) {
|
||||
SE->SE_CRYPTO_KEYTABLE_ACCESS[i] = 0;
|
||||
}
|
||||
|
||||
/* Lock access to the RSA keyslots. */
|
||||
for (int i = 0; i < RsaKeySlotCount; ++i) {
|
||||
SE->SE_RSA_KEYTABLE_ACCESS[i] = 0;
|
||||
}
|
||||
|
||||
/* Set Per Key secure. */
|
||||
SetPerKeySecure();
|
||||
|
||||
/* Configure SE_SECURITY. */
|
||||
{
|
||||
reg::ReadWrite(SE->SE_SE_SECURITY, SE_REG_BITS_ENUM(SECURITY_HARD_SETTING, SECURE),
|
||||
SE_REG_BITS_ENUM(SECURITY_ENG_DIS, DISABLE),
|
||||
SE_REG_BITS_ENUM(SECURITY_PERKEY_SETTING, SECURE),
|
||||
SE_REG_BITS_ENUM(SECURITY_SOFT_SETTING, SECURE));
|
||||
}
|
||||
}
|
||||
|
||||
void HandleInterrupt() {
|
||||
/* Get the registers. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Disable the SE interrupt. */
|
||||
reg::Write(SE->SE_INT_ENABLE, 0);
|
||||
|
||||
/* Execute the handler if we have one. */
|
||||
if (const auto handler = g_done_handler; handler != nullptr) {
|
||||
g_done_handler = nullptr;
|
||||
handler();
|
||||
}
|
||||
}
|
||||
|
||||
void SetDoneHandler(volatile SecurityEngineRegisters *SE, DoneHandler handler) {
|
||||
/* Set the done handler. */
|
||||
g_done_handler = handler;
|
||||
|
||||
/* Configure to trigger an interrupt when done. */
|
||||
reg::Write(SE->SE_INT_ENABLE, SE_REG_BITS_ENUM(INT_ENABLE_SE_OP_DONE, ENABLE));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,122 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) Atmosphère-NX
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms and conditions of the GNU General Public License,
|
||||
* version 2, as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||
* more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
#include <exosphere.hpp>
|
||||
#include "se_execute.hpp"
|
||||
|
||||
namespace ams::se {
|
||||
|
||||
/* NOTE: This implementation is mostly copy/pasted from crypto::impl::RsaOaepImpl. */
|
||||
|
||||
namespace {
|
||||
|
||||
constexpr inline size_t HashSize = sizeof(Sha256Hash);
|
||||
|
||||
constexpr inline u8 HeadMagic = 0x00;
|
||||
|
||||
void ApplyMGF1(u8 *dst, size_t dst_size, const void *src, size_t src_size) {
|
||||
/* Check our pre-conditions. */
|
||||
AMS_ABORT_UNLESS(src_size <= RsaSize - (1 + HashSize));
|
||||
|
||||
/* Create a buffer. */
|
||||
util::AlignedBuffer<hw::DataCacheLineSize, RsaSize - (1 + HashSize) + sizeof(u32)> buf;
|
||||
u32 counter = 0;
|
||||
|
||||
while (dst_size > 0) {
|
||||
/* Setup the current hash buffer. */
|
||||
const size_t cur_size = std::min(HashSize, dst_size);
|
||||
std::memcpy(static_cast<u8 *>(buf), src, src_size);
|
||||
{
|
||||
u32 counter_be;
|
||||
util::StoreBigEndian(std::addressof(counter_be), counter++);
|
||||
std::memcpy(static_cast<u8 *>(buf) + src_size, std::addressof(counter_be), sizeof(counter_be));
|
||||
}
|
||||
|
||||
/* Ensure se sees correct data. */
|
||||
hw::FlushDataCache(buf, src_size + sizeof(u32));
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
|
||||
/* Calculate the hash. */
|
||||
Sha256Hash hash;
|
||||
se::CalculateSha256(std::addressof(hash), buf, src_size + sizeof(u32));
|
||||
|
||||
/* Mask the current output. */
|
||||
const u8 *mask = hash.bytes;
|
||||
for (size_t i = 0; i < cur_size; ++i) {
|
||||
*(dst++) ^= *(mask++);
|
||||
}
|
||||
|
||||
/* Advance. */
|
||||
dst_size -= cur_size;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
size_t DecodeRsaOaepSha256(void *dst, size_t dst_size, void *src, size_t src_size, const void *label_digest, size_t label_digest_size) {
|
||||
/* Check our preconditions. */
|
||||
AMS_ABORT_UNLESS(src_size == RsaSize);
|
||||
AMS_ABORT_UNLESS(label_digest_size == HashSize);
|
||||
|
||||
/* Get a byte-readable copy of the input. */
|
||||
u8 *buf = static_cast<u8 *>(src);
|
||||
|
||||
/* Validate sanity byte. */
|
||||
bool is_valid = buf[0] == HeadMagic;
|
||||
|
||||
/* Decrypt seed and masked db. */
|
||||
size_t db_len = src_size - HashSize - 1;
|
||||
u8 *seed = buf + 1;
|
||||
u8 *db = seed + HashSize;
|
||||
ApplyMGF1(seed, HashSize, db, db_len);
|
||||
ApplyMGF1(db, db_len, seed, HashSize);
|
||||
|
||||
/* Check the label digest. */
|
||||
is_valid &= crypto::IsSameBytes(label_digest, db, HashSize);
|
||||
|
||||
/* Skip past the label digest. */
|
||||
db += HashSize;
|
||||
db_len -= HashSize;
|
||||
|
||||
/* Verify that DB is of the form 0000...0001 < message > */
|
||||
s32 msg_ofs = 0;
|
||||
{
|
||||
int looking_for_one = 1;
|
||||
int invalid_db_padding = 0;
|
||||
int is_zero;
|
||||
int is_one;
|
||||
for (size_t i = 0; i < db_len; /* ... */) {
|
||||
is_zero = (db[i] == 0);
|
||||
is_one = (db[i] == 1);
|
||||
msg_ofs += (looking_for_one & is_one) * (static_cast<s32>(++i));
|
||||
looking_for_one &= ~is_one;
|
||||
invalid_db_padding |= (looking_for_one & ~is_zero);
|
||||
}
|
||||
|
||||
is_valid &= (invalid_db_padding == 0);
|
||||
}
|
||||
|
||||
/* If we're invalid, return zero size. */
|
||||
const size_t valid_msg_size = db_len - msg_ofs;
|
||||
const size_t msg_size = std::min(dst_size, static_cast<size_t>(is_valid) * valid_msg_size);
|
||||
|
||||
/* Copy to output. */
|
||||
std::memcpy(dst, db + msg_ofs, msg_size);
|
||||
|
||||
/* Return copied size. */
|
||||
return msg_size;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,262 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) Atmosphère-NX
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms and conditions of the GNU General Public License,
|
||||
* version 2, as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||
* more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
#include <exosphere.hpp>
|
||||
|
||||
namespace ams::se {
|
||||
|
||||
struct SecurityEngineRegisters {
|
||||
u32 SE_SE_SECURITY;
|
||||
u32 SE_TZRAM_SECURITY;
|
||||
u32 SE_OPERATION;
|
||||
u32 SE_INT_ENABLE;
|
||||
u32 SE_INT_STATUS;
|
||||
u32 SE_CONFIG;
|
||||
u32 SE_IN_LL_ADDR;
|
||||
u32 SE_IN_CUR_BYTE_ADDR;
|
||||
u32 SE_IN_CUR_LL_ID;
|
||||
u32 SE_OUT_LL_ADDR;
|
||||
u32 SE_OUT_CUR_BYTE_ADDR;
|
||||
u32 SE_OUT_CUR_LL_ID;
|
||||
u32 SE_HASH_RESULT[0x10];
|
||||
u32 SE_CTX_SAVE_CONFIG;
|
||||
u32 SE_CTX_SAVE_AUTO;
|
||||
u32 _0x78[0x62];
|
||||
u32 SE_SHA_CONFIG;
|
||||
u32 SE_SHA_MSG_LENGTH[0x4];
|
||||
u32 SE_SHA_MSG_LEFT[0x4];
|
||||
u32 _0x224[0x17];
|
||||
u32 SE_CRYPTO_SECURITY_PERKEY;
|
||||
u32 SE_CRYPTO_KEYTABLE_ACCESS[0x10];
|
||||
u32 _0x2C4[0x10];
|
||||
u32 SE_CRYPTO_CONFIG;
|
||||
u32 SE_CRYPTO_LINEAR_CTR[0x4];
|
||||
u32 SE_CRYPTO_LAST_BLOCK;
|
||||
u32 SE_CRYPTO_KEYTABLE_ADDR;
|
||||
u32 SE_CRYPTO_KEYTABLE_DATA;
|
||||
u32 _0x324[0x3];
|
||||
u32 SE_CRYPTO_KEYTABLE_DST;
|
||||
u32 _0x334[0x3];
|
||||
u32 SE_RNG_CONFIG;
|
||||
u32 SE_RNG_SRC_CONFIG;
|
||||
u32 SE_RNG_RESEED_INTERVAL;
|
||||
u32 _0x34C[0x2D];
|
||||
u32 SE_RSA_CONFIG;
|
||||
u32 SE_RSA_KEY_SIZE;
|
||||
u32 SE_RSA_EXP_SIZE;
|
||||
u32 SE_RSA_SECURITY_PERKEY;
|
||||
u32 SE_RSA_KEYTABLE_ACCESS[0x2];
|
||||
u32 _0x418[0x2];
|
||||
u32 SE_RSA_KEYTABLE_ADDR;
|
||||
u32 SE_RSA_KEYTABLE_DATA;
|
||||
u32 SE_RSA_OUTPUT[0x40];
|
||||
u32 _0x528[0x6];
|
||||
u32 SE_TZRAM_OPERATION;
|
||||
u32 _0x544[0xAF];
|
||||
u32 SE_STATUS;
|
||||
u32 SE_ERR_STATUS;
|
||||
u32 SE_MISC;
|
||||
u32 SE_SPARE;
|
||||
u32 SE_ENTROPY_DEBUG_COUNTER;
|
||||
u32 _0x814;
|
||||
u32 _0x818;
|
||||
u32 _0x81C;
|
||||
u32 _0x820[0x5F8];
|
||||
};
|
||||
static_assert(util::is_pod<SecurityEngineRegisters>::value);
|
||||
static_assert(sizeof(SecurityEngineRegisters) == secmon::MemoryRegionPhysicalDeviceSecurityEngine.GetSize());
|
||||
|
||||
static_assert(AesKeySlotCount == util::size(SecurityEngineRegisters{}.SE_CRYPTO_KEYTABLE_ACCESS));
|
||||
static_assert(RsaKeySlotCount == util::size(SecurityEngineRegisters{}.SE_RSA_KEYTABLE_ACCESS));
|
||||
|
||||
#define SE_REG_BITS_MASK(NAME) REG_NAMED_BITS_MASK (SE, NAME)
|
||||
#define SE_REG_BITS_VALUE(NAME, VALUE) REG_NAMED_BITS_VALUE (SE, NAME, VALUE)
|
||||
#define SE_REG_BITS_ENUM(NAME, ENUM) REG_NAMED_BITS_ENUM (SE, NAME, ENUM)
|
||||
#define SE_REG_BITS_ENUM_SEL(NAME, __COND__, TRUE_ENUM, FALSE_ENUM) REG_NAMED_BITS_ENUM_SEL(SE, NAME, __COND__, TRUE_ENUM, FALSE_ENUM)
|
||||
|
||||
#define DEFINE_SE_REG(NAME, __OFFSET__, __WIDTH__) REG_DEFINE_NAMED_REG (SE, NAME, __OFFSET__, __WIDTH__)
|
||||
#define DEFINE_SE_REG_BIT_ENUM(NAME, __OFFSET__, ZERO, ONE) REG_DEFINE_NAMED_BIT_ENUM (SE, NAME, __OFFSET__, ZERO, ONE)
|
||||
#define DEFINE_SE_REG_TWO_BIT_ENUM(NAME, __OFFSET__, ZERO, ONE, TWO, THREE) REG_DEFINE_NAMED_TWO_BIT_ENUM (SE, NAME, __OFFSET__, ZERO, ONE, TWO, THREE)
|
||||
#define DEFINE_SE_REG_THREE_BIT_ENUM(NAME, __OFFSET__, ZERO, ONE, TWO, THREE, FOUR, FIVE, SIX, SEVEN) REG_DEFINE_NAMED_THREE_BIT_ENUM(SE, NAME, __OFFSET__, ZERO, ONE, TWO, THREE, FOUR, FIVE, SIX, SEVEN)
|
||||
#define DEFINE_SE_REG_FOUR_BIT_ENUM(NAME, __OFFSET__, ZERO, ONE, TWO, THREE, FOUR, FIVE, SIX, SEVEN, EIGHT, NINE, TEN, ELEVEN, TWELVE, THIRTEEN, FOURTEEN, FIFTEEN) REG_DEFINE_NAMED_FOUR_BIT_ENUM (SE, NAME, __OFFSET__, ZERO, ONE, TWO, THREE, FOUR, FIVE, SIX, SEVEN, EIGHT, NINE, TEN, ELEVEN, TWELVE, THIRTEEN, FOURTEEN, FIFTEEN)
|
||||
|
||||
#define DEFINE_SE_REG_BIT_ENUM_WITH_SW_CLEAR(NAME, __OFFSET__) \
|
||||
REG_DEFINE_NAMED_REG(SE, NAME, __OFFSET__, 1); \
|
||||
\
|
||||
enum SE_##NAME { \
|
||||
SE_##NAME##_##CLEAR = 0, \
|
||||
SE_##NAME##_##ACTIVE = 1, \
|
||||
SE_##NAME##_##SW_CLEAR = 1, \
|
||||
};
|
||||
|
||||
/* SE_STATUS. */
|
||||
DEFINE_SE_REG_TWO_BIT_ENUM(STATUS_STATE, 0, IDLE, BUSY, WAIT_OUT, WAIT_IN);
|
||||
DEFINE_SE_REG_BIT_ENUM(STATUS_MEM_INTERFACE, 2, IDLE, BUSY);
|
||||
|
||||
/* SE_SECURITY */
|
||||
DEFINE_SE_REG_BIT_ENUM(SECURITY_HARD_SETTING, 0, SECURE, NONSECURE);
|
||||
DEFINE_SE_REG_BIT_ENUM(SECURITY_ENG_DIS, 1, DISABLE, ENABLE);
|
||||
DEFINE_SE_REG_BIT_ENUM(SECURITY_PERKEY_SETTING, 2, SECURE, NONSECURE);
|
||||
DEFINE_SE_REG_BIT_ENUM(SECURITY_CTX_SAVE_TZ_LOCK, 4, SECURE, NONSECURE);
|
||||
DEFINE_SE_REG_BIT_ENUM(SECURITY_CTX_TZ_LOCK_SOFT, 5, SECURE, NONSECURE);
|
||||
DEFINE_SE_REG_BIT_ENUM(SECURITY_SOFT_SETTING, 16, SECURE, NONSECURE);
|
||||
|
||||
/* SE_TZRAM_SECURITY */
|
||||
DEFINE_SE_REG(TZRAM_SETTING, 0, BITSIZEOF(u32));
|
||||
constexpr inline u32 SE_TZRAM_SETTING_SECURE = 0;
|
||||
|
||||
/* SE_TZRAM_OPERATION */
|
||||
DEFINE_SE_REG_BIT_ENUM(TZRAM_OPERATION_REQ, 0, IDLE, INITIATE);
|
||||
DEFINE_SE_REG_BIT_ENUM(TZRAM_OPERATION_MODE, 1, SAVE, RESTORE);
|
||||
DEFINE_SE_REG_BIT_ENUM(TZRAM_OPERATION_BUSY, 2, NO, YES);
|
||||
DEFINE_SE_REG(TZRAM_OPERATION_CURR_ADDR, 16, 16);
|
||||
|
||||
/* SE_OPERATION */
|
||||
DEFINE_SE_REG_THREE_BIT_ENUM(OPERATION_OP, 0, ABORT, START, RESTART_OUT, CTX_SAVE, RESTART_IN, RESERVED_5, RESERVED_6, RESERVED_7);
|
||||
|
||||
/* SE_INT_ENABLE */
|
||||
DEFINE_SE_REG_BIT_ENUM(INT_ENABLE_IN_LL_BUF_RD, 0, DISABLE, ENABLE);
|
||||
DEFINE_SE_REG_BIT_ENUM(INT_ENABLE_IN_DONE, 1, DISABLE, ENABLE);
|
||||
DEFINE_SE_REG_BIT_ENUM(INT_ENABLE_OUT_LL_BUF_WR, 2, DISABLE, ENABLE);
|
||||
DEFINE_SE_REG_BIT_ENUM(INT_ENABLE_OUT_DONE, 3, DISABLE, ENABLE);
|
||||
DEFINE_SE_REG_BIT_ENUM(INT_ENABLE_SE_OP_DONE, 4, DISABLE, ENABLE);
|
||||
DEFINE_SE_REG_BIT_ENUM(INT_ENABLE_RESEED_CNTR_EXHAUSTED, 5, DISABLE, ENABLE);
|
||||
DEFINE_SE_REG_BIT_ENUM(INT_ENABLE_ERR_STAT, 16, DISABLE, ENABLE);
|
||||
|
||||
/* SE_INT_STATUS */
|
||||
DEFINE_SE_REG_BIT_ENUM_WITH_SW_CLEAR(INT_STATUS_IN_LL_BUF_RD, 0);
|
||||
DEFINE_SE_REG_BIT_ENUM_WITH_SW_CLEAR(INT_STATUS_IN_DONE, 1);
|
||||
DEFINE_SE_REG_BIT_ENUM_WITH_SW_CLEAR(INT_STATUS_OUT_LL_BUF_WR, 2);
|
||||
DEFINE_SE_REG_BIT_ENUM_WITH_SW_CLEAR(INT_STATUS_OUT_DONE, 3);
|
||||
DEFINE_SE_REG_BIT_ENUM_WITH_SW_CLEAR(INT_STATUS_SE_OP_DONE, 4);
|
||||
DEFINE_SE_REG_BIT_ENUM_WITH_SW_CLEAR(INT_STATUS_RESEED_CNTR_EXHAUSTED, 5);
|
||||
DEFINE_SE_REG_BIT_ENUM_WITH_SW_CLEAR(INT_STATUS_ERR_STAT, 16);
|
||||
|
||||
/* SE_CONFIG */
|
||||
DEFINE_SE_REG(CONFIG_DEC_MODE, 16, 8);
|
||||
DEFINE_SE_REG(CONFIG_ENC_MODE, 24, 8);
|
||||
|
||||
DEFINE_SE_REG_THREE_BIT_ENUM(CONFIG_DST, 2, MEMORY, HASH_REG, KEYTABLE, SRK, RSA_REG, RESERVED5, RESERVED6, RESERVED7);
|
||||
DEFINE_SE_REG_FOUR_BIT_ENUM(CONFIG_DEC_ALG, 8, NOP, AES_DEC, RESERVED2, RESERVED3, RESERVED4, RESERVED5, RESERVED6, RESERVED7, RESERVED8, RESERVED9, RESERVED10, RESERVED11, RESERVED12, RESERVED13, RESERVED14, RESERVED15);
|
||||
DEFINE_SE_REG_FOUR_BIT_ENUM(CONFIG_ENC_ALG, 12, NOP, AES_ENC, RNG, SHA, RSA, RESERVED5, RESERVED6, RESERVED7, RESERVED8, RESERVED9, RESERVED10, RESERVED11, RESERVED12, RESERVED13, RESERVED14, RESERVED15);
|
||||
|
||||
enum SE_CONFIG_DEC_MODE {
|
||||
SE_CONFIG_DEC_MODE_AESMODE_KEY128 = 0,
|
||||
SE_CONFIG_DEC_MODE_AESMODE_KEY192 = 1,
|
||||
SE_CONFIG_DEC_MODE_AESMODE_KEY256 = 2,
|
||||
};
|
||||
|
||||
enum SE_CONFIG_ENC_MODE {
|
||||
SE_CONFIG_ENC_MODE_AESMODE_KEY128 = 0,
|
||||
SE_CONFIG_ENC_MODE_AESMODE_KEY192 = 1,
|
||||
SE_CONFIG_ENC_MODE_AESMODE_KEY256 = 2,
|
||||
|
||||
SE_CONFIG_ENC_MODE_SHA1 = 1,
|
||||
SE_CONFIG_ENC_MODE_SHA224 = 4,
|
||||
SE_CONFIG_ENC_MODE_SHA256 = 5,
|
||||
SE_CONFIG_ENC_MODE_SHA384 = 6,
|
||||
SE_CONFIG_ENC_MODE_SHA512 = 7,
|
||||
};
|
||||
|
||||
/* SE_CTX_SAVE_CONFIG */
|
||||
DEFINE_SE_REG_TWO_BIT_ENUM(CTX_SAVE_CONFIG_AES_WORD_QUAD, 0, KEYS_0_3, KEYS_4_7, ORIGINAL_IVS, UPDATED_IVS);
|
||||
DEFINE_SE_REG(CTX_SAVE_CONFIG_PKA1_WORD_QUAD_L, 0, 4);
|
||||
DEFINE_SE_REG(CTX_SAVE_CONFIG_AES_KEY_INDEX, 8, 4);
|
||||
DEFINE_SE_REG(CTX_SAVE_CONFIG_RSA_WORD_QUAD, 12, 4);
|
||||
DEFINE_SE_REG(CTX_SAVE_CONFIG_PKA1_WORD_QUAD_H, 12, 4);
|
||||
DEFINE_SE_REG_TWO_BIT_ENUM(CTX_SAVE_CONFIG_RSA_KEY_INDEX, 16, SLOT0_EXPONENT, SLOT0_MODULUS, SLOT1_EXPONENT, SLOT1_MODULUS);
|
||||
DEFINE_SE_REG_BIT_ENUM(CTX_SAVE_CONFIG_STICKY_WORD_QUAD, 24, WORDS_0_3, WORDS_4_7);
|
||||
DEFINE_SE_REG_THREE_BIT_ENUM(CTX_SAVE_CONFIG_SRC, 29, STICKY_BITS, RSA_KEYTABLE, AES_KEYTABLE, PKA1_STICKY_BITS, MEM, RESERVED5, SRK, PKA1_KEYTABLE);
|
||||
|
||||
/* SE_CTX_SAVE_AUTO */
|
||||
DEFINE_SE_REG_BIT_ENUM(CTX_SAVE_AUTO_ENABLE, 0, NO, YES);
|
||||
DEFINE_SE_REG_BIT_ENUM(CTX_SAVE_AUTO_LOCK, 8, NO, YES);
|
||||
DEFINE_SE_REG(CTX_SAVE_AUTO_CURR_CNT, 16, 10);
|
||||
|
||||
/* SE_SHA_CONFIG */
|
||||
DEFINE_SE_REG(SHA_CONFIG_HW_INIT_HASH, 0, 1);
|
||||
|
||||
|
||||
/* SE_CRYPTO_KEYTABLE_ADDR */
|
||||
DEFINE_SE_REG(CRYPTO_KEYTABLE_ADDR_KEYIV_WORD, 0, 4);
|
||||
DEFINE_SE_REG(CRYPTO_KEYTABLE_ADDR_KEYIV_IV_WORD, 0, 2);
|
||||
DEFINE_SE_REG(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_WORD, 0, 3);
|
||||
|
||||
enum SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD {
|
||||
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_KEY_0 = 0u,
|
||||
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_KEY_1 = 1u,
|
||||
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_KEY_2 = 2u,
|
||||
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_KEY_3 = 3u,
|
||||
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_KEY_4 = 4u,
|
||||
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_KEY_5 = 5u,
|
||||
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_KEY_6 = 6u,
|
||||
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_KEY_7 = 7u,
|
||||
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_OIV_0 = 8u,
|
||||
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_OIV_1 = 9u,
|
||||
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_OIV_2 = 10u,
|
||||
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_OIV_3 = 11u,
|
||||
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_UIV_0 = 12u,
|
||||
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_UIV_1 = 13u,
|
||||
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_UIV_2 = 14u,
|
||||
SE_CRYPTO_KEYTABLE_ADDR_KEYIV_WORD_UIV_3 = 15u,
|
||||
};
|
||||
|
||||
DEFINE_SE_REG_BIT_ENUM(CRYPTO_KEYTABLE_ADDR_KEYIV_IV_SEL, 2, ORIGINAL_IV, UPDATED_IV);
|
||||
DEFINE_SE_REG_BIT_ENUM(CRYPTO_KEYTABLE_ADDR_KEYIV_KEYIV_SEL, 3, KEY, IV);
|
||||
|
||||
DEFINE_SE_REG(CRYPTO_KEYTABLE_ADDR_KEYIV_KEY_SLOT, 4, 4);
|
||||
|
||||
/* SE_RSA_CONFIG */
|
||||
DEFINE_SE_REG(RSA_CONFIG_KEY_SLOT, 24, 1);
|
||||
|
||||
/* SE_RSA_KEYTABLE_ADDR */
|
||||
DEFINE_SE_REG(RSA_KEYTABLE_ADDR_WORD_ADDR, 0, 6);
|
||||
DEFINE_SE_REG_BIT_ENUM(RSA_KEYTABLE_ADDR_EXPMOD_SEL, 6, EXPONENT, MODULUS);
|
||||
DEFINE_SE_REG(RSA_KEYTABLE_ADDR_KEY_SLOT, 7, 1);
|
||||
DEFINE_SE_REG_BIT_ENUM(RSA_KEYTABLE_ADDR_INPUT_MODE, 8, REGISTER, MEMORY);
|
||||
|
||||
/* SE_RSA_KEYTABLE_ACCESS */
|
||||
DEFINE_SE_REG_BIT_ENUM(RSA_KEYTABLE_ACCESS_KEYREAD, 0, DISABLE, ENABLE);
|
||||
DEFINE_SE_REG_BIT_ENUM(RSA_KEYTABLE_ACCESS_KEYUPDATE, 1, DISABLE, ENABLE);
|
||||
DEFINE_SE_REG_BIT_ENUM(RSA_KEYTABLE_ACCESS_KEYUSE, 2, DISABLE, ENABLE);
|
||||
|
||||
/* SE_CRYPTO_CONFIG */
|
||||
DEFINE_SE_REG_BIT_ENUM(CRYPTO_CONFIG_HASH_ENB, 0, DISABLE, ENABLE);
|
||||
DEFINE_SE_REG_TWO_BIT_ENUM(CRYPTO_CONFIG_XOR_POS, 1, BYPASS, RESERVED, TOP, BOTTOM);
|
||||
DEFINE_SE_REG_TWO_BIT_ENUM(CRYPTO_CONFIG_INPUT_SEL, 3, MEMORY, RANDOM, INIT_AESOUT, LINEAR_CTR);
|
||||
DEFINE_SE_REG_TWO_BIT_ENUM(CRYPTO_CONFIG_VCTRAM_SEL, 5, MEMORY, RESERVED, INIT_AESOUT, INIT_PREV_MEMORY);
|
||||
DEFINE_SE_REG_BIT_ENUM(CRYPTO_CONFIG_IV_SELECT, 7, ORIGINAL, UPDATED);
|
||||
DEFINE_SE_REG_BIT_ENUM(CRYPTO_CONFIG_CORE_SEL, 8, DECRYPT, ENCRYPT);
|
||||
DEFINE_SE_REG_BIT_ENUM(CRYPTO_CONFIG_KEYSCH_BYPASS, 10, DISABLE, ENABLE);
|
||||
DEFINE_SE_REG(CRYPTO_CONFIG_CTR_CNTN, 11, 8);
|
||||
DEFINE_SE_REG(CRYPTO_CONFIG_KEY_INDEX, 24, 4);
|
||||
DEFINE_SE_REG_BIT_ENUM(CRYPTO_CONFIG_MEMIF, 31, AHB, MCCIF);
|
||||
|
||||
/* SE_CRYPTO_KEYTABLE_DST */
|
||||
DEFINE_SE_REG_TWO_BIT_ENUM(CRYPTO_KEYTABLE_DST_WORD_QUAD, 0, KEYS_0_3, KEYS_4_7, ORIGINAL_IV, UPDATED_IV);
|
||||
DEFINE_SE_REG(CRYPTO_KEYTABLE_DST_KEY_INDEX, 8, 4);
|
||||
|
||||
/* SE_RNG_CONFIG */
|
||||
DEFINE_SE_REG_TWO_BIT_ENUM(RNG_CONFIG_MODE, 0, NORMAL, FORCE_INSTANTIATION, FORCE_RESEED, RESERVED3);
|
||||
DEFINE_SE_REG_TWO_BIT_ENUM(RNG_CONFIG_SRC, 2, NONE, ENTROPY, LFSR, RESERVED3);
|
||||
|
||||
/* SE_RNG_SRC_CONFIG */
|
||||
DEFINE_SE_REG_BIT_ENUM(RNG_SRC_CONFIG_RO_ENTROPY_SOURCE_LOCK, 0, DISABLE, ENABLE);
|
||||
DEFINE_SE_REG_BIT_ENUM(RNG_SRC_CONFIG_RO_ENTROPY_SOURCE, 1, DISABLE, ENABLE);
|
||||
DEFINE_SE_REG_BIT_ENUM(RNG_SRC_CONFIG_HW_DISABLE_CYA, 2, DISABLE, ENABLE);
|
||||
DEFINE_SE_REG(RNG_SRC_CONFIG_RO_ENTROPY_SUBSAMPLE, 4, 3);
|
||||
DEFINE_SE_REG(RNG_SRC_CONFIG_RO_ENTROPY_DATA_FLUSH, 8, 1);
|
||||
|
||||
}
|
||||
@@ -1,162 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) Atmosphère-NX
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms and conditions of the GNU General Public License,
|
||||
* version 2, as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||
* more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
#include <exosphere.hpp>
|
||||
#include "se_execute.hpp"
|
||||
|
||||
namespace ams::se {
|
||||
|
||||
namespace {
|
||||
|
||||
constexpr inline int RngReseedInterval = 70001;
|
||||
|
||||
void ConfigRng(volatile SecurityEngineRegisters *SE, SE_CONFIG_DST dst, SE_RNG_CONFIG_MODE mode) {
|
||||
/* Configure the engine to do RNG encryption. */
|
||||
reg::Write(SE->SE_CONFIG, SE_REG_BITS_ENUM (CONFIG_ENC_MODE, AESMODE_KEY128),
|
||||
SE_REG_BITS_ENUM (CONFIG_DEC_MODE, AESMODE_KEY128),
|
||||
SE_REG_BITS_ENUM (CONFIG_ENC_ALG, RNG),
|
||||
SE_REG_BITS_ENUM (CONFIG_DEC_ALG, NOP),
|
||||
SE_REG_BITS_VALUE(CONFIG_DST, dst));
|
||||
|
||||
reg::Write(SE->SE_CRYPTO_CONFIG, SE_REG_BITS_ENUM (CRYPTO_CONFIG_MEMIF, AHB),
|
||||
SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 0),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_CORE_SEL, ENCRYPT),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, MEMORY),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, RANDOM),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, BYPASS),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, DISABLE));
|
||||
|
||||
/* Configure the RNG to use Entropy as source. */
|
||||
reg::Write(SE->SE_RNG_CONFIG, SE_REG_BITS_ENUM(RNG_CONFIG_SRC, ENTROPY), SE_REG_BITS_VALUE(RNG_CONFIG_MODE, mode));
|
||||
}
|
||||
|
||||
void InitializeRandom(volatile SecurityEngineRegisters *SE) {
|
||||
/* Lock the entropy source. */
|
||||
reg::Write(SE->SE_RNG_SRC_CONFIG, SE_REG_BITS_ENUM(RNG_SRC_CONFIG_RO_ENTROPY_SOURCE, ENABLE),
|
||||
SE_REG_BITS_ENUM(RNG_SRC_CONFIG_RO_ENTROPY_SOURCE_LOCK, ENABLE));
|
||||
|
||||
/* Set the reseed interval to force a reseed every 70000 blocks. */
|
||||
SE->SE_RNG_RESEED_INTERVAL = RngReseedInterval;
|
||||
|
||||
/* Initialize the DRBG. */
|
||||
{
|
||||
u8 dummy_buf[AesBlockSize];
|
||||
|
||||
/* Configure the engine to force drbg instantiation by writing random to memory. */
|
||||
ConfigRng(SE, SE_CONFIG_DST_MEMORY, SE_RNG_CONFIG_MODE_FORCE_INSTANTIATION);
|
||||
|
||||
/* Configure to do a single RNG block operation to trigger DRBG init. */
|
||||
SE->SE_CRYPTO_LAST_BLOCK = 0;
|
||||
|
||||
/* Execute the operation. */
|
||||
ExecuteOperation(SE, SE_OPERATION_OP_START, dummy_buf, sizeof(dummy_buf), nullptr, 0);
|
||||
}
|
||||
}
|
||||
|
||||
void GenerateSrk(volatile SecurityEngineRegisters *SE) {
|
||||
/* Configure the RNG to output to SRK and force a reseed. */
|
||||
ConfigRng(SE, SE_CONFIG_DST_SRK, SE_RNG_CONFIG_MODE_FORCE_RESEED);
|
||||
|
||||
/* Configure a single block operation. */
|
||||
SE->SE_CRYPTO_LAST_BLOCK = 0;
|
||||
|
||||
/* Execute the operation. */
|
||||
ExecuteOperation(SE, SE_OPERATION_OP_START, nullptr, 0, nullptr, 0);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
void InitializeRandom() {
|
||||
/* Initialize random for SE1. */
|
||||
InitializeRandom(GetRegisters());
|
||||
|
||||
/* If we have SE2, initialize random for SE2. */
|
||||
/* NOTE: Nintendo's implementation of this is incorrect. */
|
||||
if (fuse::GetSocType() == fuse::SocType_Mariko) {
|
||||
InitializeRandom(GetRegisters2());
|
||||
}
|
||||
}
|
||||
|
||||
void GenerateRandomBytes(void *dst, size_t size) {
|
||||
/* If we're not generating any bytes, there's nothing to do. */
|
||||
if (size == 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Determine how many blocks to generate. */
|
||||
const size_t num_blocks = size / AesBlockSize;
|
||||
const size_t aligned_size = num_blocks * AesBlockSize;
|
||||
const size_t fractional = size - aligned_size;
|
||||
|
||||
/* Configure the RNG to generate random to memory. */
|
||||
ConfigRng(SE, SE_CONFIG_DST_MEMORY, SE_RNG_CONFIG_MODE_NORMAL);
|
||||
|
||||
/* Generate as many aligned blocks as we can. */
|
||||
if (aligned_size > 0) {
|
||||
/* Configure the engine to generate the right number of blocks. */
|
||||
SE->SE_CRYPTO_LAST_BLOCK = num_blocks - 1;
|
||||
|
||||
/* Execute the operation. */
|
||||
ExecuteOperation(SE, SE_OPERATION_OP_START, dst, aligned_size, nullptr, 0);
|
||||
}
|
||||
|
||||
/* Generate a single block to output. */
|
||||
if (fractional > 0) {
|
||||
ExecuteOperationSingleBlock(SE, static_cast<u8 *>(dst) + aligned_size, fractional, nullptr, 0);
|
||||
}
|
||||
}
|
||||
|
||||
void SetRandomKey(int slot) {
|
||||
/* NOTE: Nintendo does not validate the destination keyslot here. */
|
||||
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Configure the RNG to output to the keytable. */
|
||||
ConfigRng(SE, SE_CONFIG_DST_KEYTABLE, SE_RNG_CONFIG_MODE_NORMAL);
|
||||
|
||||
/* Configure the keytable destination to be the low part of the key. */
|
||||
reg::Write(SE->SE_CRYPTO_KEYTABLE_DST, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_DST_KEY_INDEX, slot), SE_REG_BITS_ENUM(CRYPTO_KEYTABLE_DST_WORD_QUAD, KEYS_0_3));
|
||||
|
||||
/* Configure a single block operation. */
|
||||
SE->SE_CRYPTO_LAST_BLOCK = 0;
|
||||
|
||||
/* Execute the operation to generate a random low-part of the key. */
|
||||
ExecuteOperation(SE, SE_OPERATION_OP_START, nullptr, 0, nullptr, 0);
|
||||
|
||||
/* Configure the keytable destination to be the high part of the key. */
|
||||
reg::Write(SE->SE_CRYPTO_KEYTABLE_DST, SE_REG_BITS_VALUE(CRYPTO_KEYTABLE_DST_KEY_INDEX, slot), SE_REG_BITS_ENUM(CRYPTO_KEYTABLE_DST_WORD_QUAD, KEYS_4_7));
|
||||
|
||||
/* Execute the operation to generate a random high-part of the key. */
|
||||
ExecuteOperation(SE, SE_OPERATION_OP_START, nullptr, 0, nullptr, 0);
|
||||
}
|
||||
|
||||
void GenerateSrk() {
|
||||
/* Generate SRK for SE1. */
|
||||
GenerateSrk(GetRegisters());
|
||||
|
||||
/* If we have SE2, generate SRK for SE2. */
|
||||
/* NOTE: Nintendo's implementation of this is incorrect. */
|
||||
if (fuse::GetSocType() == fuse::SocType_Mariko) {
|
||||
GenerateSrk(GetRegisters2());
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,230 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) Atmosphère-NX
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms and conditions of the GNU General Public License,
|
||||
* version 2, as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||
* more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
#include <exosphere.hpp>
|
||||
#include "se_execute.hpp"
|
||||
|
||||
namespace ams::se {
|
||||
|
||||
namespace {
|
||||
|
||||
struct RsaKeyInfo {
|
||||
int modulus_size_val;
|
||||
int exponent_size_val;
|
||||
};
|
||||
|
||||
constinit RsaKeyInfo g_rsa_key_infos[RsaKeySlotCount] = {};
|
||||
|
||||
void ClearRsaKeySlot(volatile SecurityEngineRegisters *SE, int slot, SE_RSA_KEYTABLE_ADDR_EXPMOD_SEL expmod) {
|
||||
constexpr int NumWords = se::RsaSize / sizeof(u32);
|
||||
for (int i = 0; i < NumWords; ++i) {
|
||||
/* Select the keyslot word. */
|
||||
reg::Write(SE->SE_RSA_KEYTABLE_ADDR, SE_REG_BITS_ENUM (RSA_KEYTABLE_ADDR_INPUT_MODE, REGISTER),
|
||||
SE_REG_BITS_VALUE(RSA_KEYTABLE_ADDR_KEY_SLOT, slot),
|
||||
SE_REG_BITS_VALUE(RSA_KEYTABLE_ADDR_EXPMOD_SEL, expmod),
|
||||
SE_REG_BITS_VALUE(RSA_KEYTABLE_ADDR_WORD_ADDR, i));
|
||||
|
||||
/* Clear the keyslot word. */
|
||||
SE->SE_RSA_KEYTABLE_DATA = 0;
|
||||
}
|
||||
}
|
||||
|
||||
void SetRsaKey(volatile SecurityEngineRegisters *SE, int slot, SE_RSA_KEYTABLE_ADDR_EXPMOD_SEL expmod, const void *key, size_t key_size) {
|
||||
const int num_words = key_size / sizeof(u32);
|
||||
for (int i = 0; i < num_words; ++i) {
|
||||
/* Select the keyslot word. */
|
||||
reg::Write(SE->SE_RSA_KEYTABLE_ADDR, SE_REG_BITS_ENUM (RSA_KEYTABLE_ADDR_INPUT_MODE, REGISTER),
|
||||
SE_REG_BITS_VALUE(RSA_KEYTABLE_ADDR_KEY_SLOT, slot),
|
||||
SE_REG_BITS_VALUE(RSA_KEYTABLE_ADDR_EXPMOD_SEL, expmod),
|
||||
SE_REG_BITS_VALUE(RSA_KEYTABLE_ADDR_WORD_ADDR, i));
|
||||
|
||||
/* Get the word. */
|
||||
const u32 word = util::LoadBigEndian(static_cast<const u32 *>(key) + (num_words - 1 - i));
|
||||
|
||||
/* Write the keyslot word. */
|
||||
SE->SE_RSA_KEYTABLE_DATA = word;
|
||||
}
|
||||
}
|
||||
|
||||
void GetRsaResult(volatile SecurityEngineRegisters *SE, void *dst, size_t size) {
|
||||
/* Copy out the words. */
|
||||
const int num_words = size / sizeof(u32);
|
||||
for (int i = 0; i < num_words; ++i) {
|
||||
const u32 word = reg::Read(SE->SE_RSA_OUTPUT[i]);
|
||||
util::StoreBigEndian(static_cast<u32 *>(dst) + num_words - 1 - i, word);
|
||||
}
|
||||
}
|
||||
|
||||
void WaitForInputReadComplete(volatile SecurityEngineRegisters *SE) {
|
||||
while (reg::HasValue(SE->SE_INT_STATUS, SE_REG_BITS_ENUM(INT_STATUS_IN_DONE, CLEAR))) { /* ... */ }
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
void ClearRsaKeySlot(int slot) {
|
||||
/* Validate the key slot. */
|
||||
AMS_ABORT_UNLESS(0 <= slot && slot < RsaKeySlotCount);
|
||||
|
||||
/* Clear the info. */
|
||||
g_rsa_key_infos[slot] = {};
|
||||
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Clear the modulus. */
|
||||
ClearRsaKeySlot(SE, slot, SE_RSA_KEYTABLE_ADDR_EXPMOD_SEL_MODULUS);
|
||||
|
||||
/* Clear the exponent. */
|
||||
ClearRsaKeySlot(SE, slot, SE_RSA_KEYTABLE_ADDR_EXPMOD_SEL_EXPONENT);
|
||||
}
|
||||
|
||||
void LockRsaKeySlot(int slot, u32 flags) {
|
||||
/* Validate the key slot. */
|
||||
AMS_ABORT_UNLESS(0 <= slot && slot < RsaKeySlotCount);
|
||||
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Set non per-key flags. */
|
||||
if ((flags & ~KeySlotLockFlags_PerKey) != 0) {
|
||||
/* Pack the flags into the expected format. */
|
||||
u32 value = 0;
|
||||
value |= ((flags & KeySlotLockFlags_KeyRead) == 0) ? (1u << 0) : 0;
|
||||
value |= ((flags & KeySlotLockFlags_KeyRead) == 0) ? (1u << 1) : 0;
|
||||
value |= ((flags & KeySlotLockFlags_KeyRead) == 0) ? (1u << 2) : 0;
|
||||
|
||||
reg::Write(SE->SE_RSA_KEYTABLE_ACCESS[slot], SE_REG_BITS_ENUM_SEL(RSA_KEYTABLE_ACCESS_KEYREAD, (flags & KeySlotLockFlags_KeyRead) != 0, DISABLE, ENABLE),
|
||||
SE_REG_BITS_ENUM_SEL(RSA_KEYTABLE_ACCESS_KEYUPDATE, (flags & KeySlotLockFlags_KeyWrite) != 0, DISABLE, ENABLE),
|
||||
SE_REG_BITS_ENUM_SEL(RSA_KEYTABLE_ACCESS_KEYUSE, (flags & KeySlotLockFlags_KeyUse) != 0, DISABLE, ENABLE));
|
||||
}
|
||||
|
||||
/* Set per-key flag. */
|
||||
if ((flags & KeySlotLockFlags_PerKey) != 0) {
|
||||
reg::ReadWrite(SE->SE_RSA_SECURITY_PERKEY, REG_BITS_VALUE(slot, 1, 0));
|
||||
}
|
||||
}
|
||||
|
||||
void SetRsaKey(int slot, const void *mod, size_t mod_size, const void *exp, size_t exp_size) {
|
||||
/* Validate the key slot and sizes. */
|
||||
AMS_ABORT_UNLESS(0 <= slot && slot < RsaKeySlotCount);
|
||||
AMS_ABORT_UNLESS(mod_size <= RsaSize);
|
||||
AMS_ABORT_UNLESS(exp_size <= RsaSize);
|
||||
|
||||
/* Set the sizes in the info. */
|
||||
auto &info = g_rsa_key_infos[slot];
|
||||
info.modulus_size_val = (mod_size / 64) - 1;
|
||||
info.exponent_size_val = (exp_size / 4);
|
||||
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Set the modulus and exponent. */
|
||||
SetRsaKey(SE, slot, SE_RSA_KEYTABLE_ADDR_EXPMOD_SEL_MODULUS, mod, mod_size);
|
||||
SetRsaKey(SE, slot, SE_RSA_KEYTABLE_ADDR_EXPMOD_SEL_EXPONENT, exp, exp_size);
|
||||
}
|
||||
|
||||
void ModularExponentiate(void *dst, size_t dst_size, int slot, const void *src, size_t src_size) {
|
||||
/* Validate the slot and sizes. */
|
||||
AMS_ABORT_UNLESS(0 <= slot && slot < RsaKeySlotCount);
|
||||
AMS_ABORT_UNLESS(src_size <= RsaSize);
|
||||
AMS_ABORT_UNLESS(dst_size <= RsaSize);
|
||||
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Create a work buffer. */
|
||||
u8 work[RsaSize];
|
||||
util::ClearMemory(work, sizeof(work));
|
||||
|
||||
/* Copy the input into the work buffer (reversing endianness). */
|
||||
const u8 *src_u8 = static_cast<const u8 *>(src);
|
||||
for (size_t i = 0; i < src_size; ++i) {
|
||||
work[src_size - 1 - i] = src_u8[i];
|
||||
}
|
||||
|
||||
/* Flush the work buffer to ensure the SE sees correct results. */
|
||||
hw::FlushDataCache(work, sizeof(work));
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
|
||||
/* Configure the engine to perform RSA encryption. */
|
||||
reg::Write(SE->SE_CONFIG, SE_REG_BITS_ENUM(CONFIG_ENC_MODE, AESMODE_KEY128),
|
||||
SE_REG_BITS_ENUM(CONFIG_DEC_MODE, AESMODE_KEY128),
|
||||
SE_REG_BITS_ENUM(CONFIG_ENC_ALG, RSA),
|
||||
SE_REG_BITS_ENUM(CONFIG_DEC_ALG, NOP),
|
||||
SE_REG_BITS_ENUM(CONFIG_DST, RSA_REG));
|
||||
|
||||
/* Configure the engine to use the keyslot and correct modulus/exp sizes. */
|
||||
const auto &info = g_rsa_key_infos[slot];
|
||||
reg::Write(SE->SE_RSA_CONFIG, SE_REG_BITS_VALUE(RSA_CONFIG_KEY_SLOT, slot));
|
||||
reg::Write(SE->SE_RSA_KEY_SIZE, info.modulus_size_val);
|
||||
reg::Write(SE->SE_RSA_EXP_SIZE, info.exponent_size_val);
|
||||
|
||||
/* Execute the operation. */
|
||||
ExecuteOperation(SE, SE_OPERATION_OP_START, nullptr, 0, work, src_size);
|
||||
|
||||
/* Copy out the result. */
|
||||
GetRsaResult(SE, dst, dst_size);
|
||||
}
|
||||
|
||||
void ModularExponentiateAsync(int slot, const void *src, size_t src_size, DoneHandler handler) {
|
||||
/* Validate the slot and size. */
|
||||
AMS_ABORT_UNLESS(0 <= slot && slot < RsaKeySlotCount);
|
||||
AMS_ABORT_UNLESS(src_size <= RsaSize);
|
||||
|
||||
/* Get the engine. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Create a work buffer. */
|
||||
u8 work[RsaSize];
|
||||
util::ClearMemory(work, sizeof(work));
|
||||
|
||||
/* Copy the input into the work buffer (reversing endianness). */
|
||||
const u8 *src_u8 = static_cast<const u8 *>(src);
|
||||
for (size_t i = 0; i < src_size; ++i) {
|
||||
work[src_size - 1 - i] = src_u8[i];
|
||||
}
|
||||
|
||||
/* Flush the work buffer to ensure the SE sees correct results. */
|
||||
hw::FlushDataCache(work, sizeof(work));
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
|
||||
/* Configure the engine to perform RSA encryption. */
|
||||
reg::Write(SE->SE_CONFIG, SE_REG_BITS_ENUM(CONFIG_ENC_MODE, AESMODE_KEY128),
|
||||
SE_REG_BITS_ENUM(CONFIG_DEC_MODE, AESMODE_KEY128),
|
||||
SE_REG_BITS_ENUM(CONFIG_ENC_ALG, RSA),
|
||||
SE_REG_BITS_ENUM(CONFIG_DEC_ALG, NOP),
|
||||
SE_REG_BITS_ENUM(CONFIG_DST, RSA_REG));
|
||||
|
||||
/* Configure the engine to use the keyslot and correct modulus/exp sizes. */
|
||||
const auto &info = g_rsa_key_infos[slot];
|
||||
reg::Write(SE->SE_RSA_CONFIG, SE_REG_BITS_VALUE(RSA_CONFIG_KEY_SLOT, slot));
|
||||
reg::Write(SE->SE_RSA_KEY_SIZE, info.modulus_size_val);
|
||||
reg::Write(SE->SE_RSA_EXP_SIZE, info.exponent_size_val);
|
||||
|
||||
/* Set the done handler. */
|
||||
SetDoneHandler(SE, handler);
|
||||
|
||||
/* Trigger the input operation. */
|
||||
StartInputOperation(SE, work, src_size);
|
||||
|
||||
/* Wait for input to be read by the se. */
|
||||
WaitForInputReadComplete(SE);
|
||||
}
|
||||
|
||||
void GetRsaResult(void *dst, size_t dst_size) {
|
||||
GetRsaResult(GetRegisters(), dst, dst_size);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,354 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) Atmosphère-NX
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms and conditions of the GNU General Public License,
|
||||
* version 2, as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
||||
* more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
#include <exosphere.hpp>
|
||||
#include "se_execute.hpp"
|
||||
|
||||
namespace ams::se {
|
||||
|
||||
namespace {
|
||||
|
||||
constexpr inline size_t SE1ContextSaveOperationCount = 133;
|
||||
constexpr inline size_t SE2ContextSaveOperationCount = 646;
|
||||
static_assert(((SE1ContextSaveOperationCount - 2) + 1) * se::AesBlockSize == sizeof(se::Context));
|
||||
|
||||
constinit const u8 FixedPattern[AesBlockSize] = {
|
||||
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
|
||||
};
|
||||
|
||||
bool TestRegister(volatile u32 &r, u16 v) {
|
||||
return (static_cast<u16>(reg::Read(r))) == v;
|
||||
}
|
||||
|
||||
void ExecuteContextSaveOperation(volatile SecurityEngineRegisters *SE, void *dst, size_t dst_size, const void *src, size_t src_size) {
|
||||
/* Save the output to a temporary buffer. */
|
||||
util::AlignedBuffer<hw::DataCacheLineSize, AesBlockSize> temp;
|
||||
AMS_ABORT_UNLESS(dst_size <= AesBlockSize);
|
||||
|
||||
/* Ensure that the cpu and SE see consistent data. */
|
||||
if (src_size > 0) {
|
||||
hw::FlushDataCache(src, src_size);
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
}
|
||||
if (dst_size > 0) {
|
||||
hw::FlushDataCache(temp, AesBlockSize);
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
}
|
||||
|
||||
/* Execute the operation. */
|
||||
ExecuteOperation(SE, SE_OPERATION_OP_CTX_SAVE, temp, dst_size, src, src_size);
|
||||
|
||||
/* Copy output from the operation, if any. */
|
||||
if (dst_size > 0) {
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
hw::FlushDataCache(temp, AesBlockSize);
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
|
||||
std::memcpy(dst, temp, dst_size);
|
||||
}
|
||||
}
|
||||
|
||||
void SaveContextBlock(volatile SecurityEngineRegisters *SE, void *dst) {
|
||||
/* Configure to encrypt a single block. */
|
||||
reg::Write(SE->SE_CRYPTO_LAST_BLOCK, 0);
|
||||
|
||||
/* Execute the operation. */
|
||||
ExecuteContextSaveOperation(SE, dst, AesBlockSize, nullptr, 0);
|
||||
}
|
||||
|
||||
void ConfigureForAutomaticContextSave(volatile SecurityEngineRegisters *SE) {
|
||||
/* Configure the engine to do RNG encryption. */
|
||||
reg::Write(SE->SE_CONFIG, SE_REG_BITS_ENUM(CONFIG_ENC_MODE, AESMODE_KEY128),
|
||||
SE_REG_BITS_ENUM(CONFIG_DEC_MODE, AESMODE_KEY128),
|
||||
SE_REG_BITS_ENUM(CONFIG_ENC_ALG, RNG),
|
||||
SE_REG_BITS_ENUM(CONFIG_DEC_ALG, NOP),
|
||||
SE_REG_BITS_ENUM(CONFIG_DST, MEMORY));
|
||||
|
||||
reg::Write(SE->SE_CRYPTO_CONFIG, SE_REG_BITS_ENUM (CRYPTO_CONFIG_MEMIF, AHB),
|
||||
SE_REG_BITS_VALUE(CRYPTO_CONFIG_CTR_CNTN, 0),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_KEYSCH_BYPASS, DISABLE),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_CORE_SEL, ENCRYPT),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_IV_SELECT, ORIGINAL),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_VCTRAM_SEL, MEMORY),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_INPUT_SEL, RANDOM),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_XOR_POS, BYPASS),
|
||||
SE_REG_BITS_ENUM (CRYPTO_CONFIG_HASH_ENB, DISABLE));
|
||||
}
|
||||
|
||||
void WaitAutomaticContextSaveDone(volatile SecurityEngineRegisters *SE) {
|
||||
/* Wait for operation. */
|
||||
while (!reg::HasValue(SE->SE_INT_STATUS, SE_REG_BITS_ENUM(INT_STATUS_SE_OP_DONE, ACTIVE))) { /* ... */ }
|
||||
|
||||
/* Wait for the engine to be idle. */
|
||||
while (!reg::HasValue(SE->SE_STATUS, SE_REG_BITS_ENUM(STATUS_STATE, IDLE))) { /* ... */ }
|
||||
|
||||
/* Wait for the memory interface to be idle. */
|
||||
while (!reg::HasValue(SE->SE_STATUS, SE_REG_BITS_ENUM(STATUS_MEM_INTERFACE, IDLE))) { /* ... */ }
|
||||
}
|
||||
|
||||
void ValidateErrStatus(volatile SecurityEngineRegisters *SE) {
|
||||
/* Ensure there is no error status. */
|
||||
AMS_ABORT_UNLESS(reg::Read(SE->SE_ERR_STATUS) == 0);
|
||||
|
||||
/* Ensure no error occurred. */
|
||||
AMS_ABORT_UNLESS(reg::HasValue(SE->SE_INT_STATUS, SE_REG_BITS_ENUM(INT_STATUS_ERR_STAT, CLEAR)));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
bool ValidateStickyBits(const StickyBits &bits) {
|
||||
/* Get the registers. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Check SE_SECURITY. */
|
||||
if (!TestRegister(SE->SE_SE_SECURITY, bits.se_security)) { return false; }
|
||||
|
||||
/* Check TZRAM_SECURITY. */
|
||||
if (!TestRegister(SE->SE_TZRAM_SECURITY, bits.tzram_security)) { return false; }
|
||||
|
||||
/* Check CRYPTO_SECURITY_PERKEY. */
|
||||
if (!TestRegister(SE->SE_CRYPTO_SECURITY_PERKEY, bits.crypto_security_perkey)) { return false; }
|
||||
|
||||
/* Check CRYPTO_KEYTABLE_ACCESS. */
|
||||
for (int i = 0; i < AesKeySlotCount; ++i) {
|
||||
if (!TestRegister(SE->SE_CRYPTO_KEYTABLE_ACCESS[i], bits.crypto_keytable_access[i])) { return false; }
|
||||
}
|
||||
|
||||
/* Test RSA_SECURITY_PERKEY */
|
||||
if (!TestRegister(SE->SE_RSA_SECURITY_PERKEY, bits.rsa_security_perkey)) { return false; }
|
||||
|
||||
/* Check RSA_KEYTABLE_ACCESS. */
|
||||
for (int i = 0; i < RsaKeySlotCount; ++i) {
|
||||
if (!TestRegister(SE->SE_RSA_KEYTABLE_ACCESS[i], bits.rsa_keytable_access[i])) { return false; }
|
||||
}
|
||||
|
||||
/* All sticky bits are valid. */
|
||||
return true;
|
||||
}
|
||||
|
||||
void SaveContext(Context *dst) {
|
||||
/* Get the registers. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Generate a random srk. */
|
||||
GenerateSrk();
|
||||
|
||||
/* Save a randomly-generated block. */
|
||||
{
|
||||
util::AlignedBuffer<hw::DataCacheLineSize, AesBlockSize> random_block;
|
||||
|
||||
/* Flush the region we're about to fill to ensure consistency with the SE. */
|
||||
hw::FlushDataCache(random_block, AesBlockSize);
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
|
||||
/* Generate random bytes. */
|
||||
GenerateRandomBytes(random_block, AesBlockSize);
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
|
||||
/* Flush to ensure the CPU sees consistent data for the region. */
|
||||
hw::FlushDataCache(random_block, AesBlockSize);
|
||||
hw::DataSynchronizationBarrierInnerShareable();
|
||||
|
||||
/* Configure to encrypt the random block to memory. */
|
||||
reg::Write(SE->SE_CONFIG, SE_REG_BITS_ENUM(CONFIG_ENC_MODE, AESMODE_KEY128),
|
||||
SE_REG_BITS_ENUM(CONFIG_DEC_MODE, AESMODE_KEY128),
|
||||
SE_REG_BITS_ENUM(CONFIG_ENC_ALG, AES_ENC),
|
||||
SE_REG_BITS_ENUM(CONFIG_DEC_ALG, NOP),
|
||||
SE_REG_BITS_ENUM(CONFIG_DST, MEMORY));
|
||||
|
||||
/* Configure to context save using memory as source. */
|
||||
reg::Write(SE->SE_CTX_SAVE_CONFIG, SE_REG_BITS_ENUM(CTX_SAVE_CONFIG_SRC, MEM));
|
||||
|
||||
/* Configure to encrypt a single block. */
|
||||
reg::Write(SE->SE_CRYPTO_LAST_BLOCK, 0);
|
||||
|
||||
/* Execute the operation. */
|
||||
ExecuteContextSaveOperation(SE, dst->random, AesBlockSize, random_block, AesBlockSize);
|
||||
}
|
||||
|
||||
/* Save the sticky bits. */
|
||||
for (size_t i = 0; i < util::size(dst->sticky_bits); ++i) {
|
||||
/* Configure to encrypt the sticky bits block. */
|
||||
reg::Write(SE->SE_CTX_SAVE_CONFIG, SE_REG_BITS_ENUM (CTX_SAVE_CONFIG_SRC, STICKY_BITS),
|
||||
SE_REG_BITS_VALUE(CTX_SAVE_CONFIG_STICKY_WORD_QUAD, i));
|
||||
|
||||
/* Save the block. */
|
||||
SaveContextBlock(SE, dst->sticky_bits[i]);
|
||||
}
|
||||
|
||||
/* Save the aes keytable. */
|
||||
{
|
||||
for (size_t key = 0; key < util::size(dst->aes_key); ++key) {
|
||||
for (auto part = 0; part < AesKeySlotPartCount; ++part) {
|
||||
/* Configure to encrypt the part of the key. */
|
||||
reg::Write(SE->SE_CTX_SAVE_CONFIG, SE_REG_BITS_ENUM (CTX_SAVE_CONFIG_SRC, AES_KEYTABLE),
|
||||
SE_REG_BITS_VALUE(CTX_SAVE_CONFIG_AES_KEY_INDEX, key),
|
||||
SE_REG_BITS_VALUE(CTX_SAVE_CONFIG_AES_WORD_QUAD, part));
|
||||
|
||||
/* Save the block. */
|
||||
SaveContextBlock(SE, dst->aes_key[key][part]);
|
||||
}
|
||||
}
|
||||
|
||||
for (size_t key = 0; key < util::size(dst->aes_oiv); ++key) {
|
||||
/* Configure to encrypt the original iv. */
|
||||
reg::Write(SE->SE_CTX_SAVE_CONFIG, SE_REG_BITS_ENUM (CTX_SAVE_CONFIG_SRC, AES_KEYTABLE),
|
||||
SE_REG_BITS_VALUE(CTX_SAVE_CONFIG_AES_KEY_INDEX, key),
|
||||
SE_REG_BITS_ENUM (CTX_SAVE_CONFIG_AES_WORD_QUAD, ORIGINAL_IVS));
|
||||
|
||||
/* Save the block. */
|
||||
SaveContextBlock(SE, dst->aes_oiv[key]);
|
||||
}
|
||||
|
||||
for (size_t key = 0; key < util::size(dst->aes_uiv); ++key) {
|
||||
/* Configure to encrypt the updated iv. */
|
||||
reg::Write(SE->SE_CTX_SAVE_CONFIG, SE_REG_BITS_ENUM (CTX_SAVE_CONFIG_SRC, AES_KEYTABLE),
|
||||
SE_REG_BITS_VALUE(CTX_SAVE_CONFIG_AES_KEY_INDEX, key),
|
||||
SE_REG_BITS_ENUM (CTX_SAVE_CONFIG_AES_WORD_QUAD, UPDATED_IVS));
|
||||
|
||||
/* Save the block. */
|
||||
SaveContextBlock(SE, dst->aes_uiv[key]);
|
||||
}
|
||||
}
|
||||
|
||||
/* Save the rsa keytable. */
|
||||
for (size_t key = 0; key < util::size(dst->rsa_key); ++key) {
|
||||
for (auto part = 0; part < RsaKeySlotPartCount; ++part) {
|
||||
/* Note that the parts are done in reverse order. */
|
||||
const auto part_index = RsaKeySlotPartCount - 1 - part;
|
||||
|
||||
/* Determine a total key index. */
|
||||
const auto key_index = key * util::size(dst->rsa_key) + part_index;
|
||||
|
||||
for (size_t block = 0; block < RsaSize / AesBlockSize; ++block) {
|
||||
/* Configure to encrypt the part of the key. */
|
||||
reg::Write(SE->SE_CTX_SAVE_CONFIG, SE_REG_BITS_ENUM (CTX_SAVE_CONFIG_SRC, RSA_KEYTABLE),
|
||||
SE_REG_BITS_VALUE(CTX_SAVE_CONFIG_RSA_KEY_INDEX, key_index),
|
||||
SE_REG_BITS_VALUE(CTX_SAVE_CONFIG_RSA_WORD_QUAD, block));
|
||||
|
||||
/* Save the block. */
|
||||
SaveContextBlock(SE, dst->rsa_key[key][part][block]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Save the fixed pattern. */
|
||||
{
|
||||
/* Configure to context save using memory as source. */
|
||||
reg::Write(SE->SE_CTX_SAVE_CONFIG, SE_REG_BITS_ENUM(CTX_SAVE_CONFIG_SRC, MEM));
|
||||
|
||||
/* Configure to encrypt a single block. */
|
||||
reg::Write(SE->SE_CRYPTO_LAST_BLOCK, 0);
|
||||
|
||||
/* Execute the operation. */
|
||||
ExecuteContextSaveOperation(SE, dst->fixed_pattern, AesBlockSize, FixedPattern, AesBlockSize);
|
||||
}
|
||||
|
||||
/* Save the srk. */
|
||||
{
|
||||
/* Configure to context save using srk as source. */
|
||||
reg::Write(SE->SE_CTX_SAVE_CONFIG, SE_REG_BITS_ENUM(CTX_SAVE_CONFIG_SRC, SRK));
|
||||
|
||||
/* Configure to encrypt a single block. */
|
||||
reg::Write(SE->SE_CRYPTO_LAST_BLOCK, 0);
|
||||
|
||||
/* Execute the operation. */
|
||||
ExecuteContextSaveOperation(SE, nullptr, 0, nullptr, 0);
|
||||
}
|
||||
|
||||
/* Perform a no-op context save operation. */
|
||||
{
|
||||
/* Configure to perform no-op. */
|
||||
reg::Write(SE->SE_CONFIG, SE_REG_BITS_ENUM(CONFIG_ENC_ALG, NOP),
|
||||
SE_REG_BITS_ENUM(CONFIG_DEC_ALG, NOP));
|
||||
|
||||
/* Execute the operation. */
|
||||
ExecuteContextSaveOperation(SE, nullptr, 0, nullptr, 0);
|
||||
}
|
||||
}
|
||||
|
||||
void ConfigureAutomaticContextSave() {
|
||||
/* Get registers. */
|
||||
auto *SE = GetRegisters();
|
||||
auto *SE2 = GetRegisters2();
|
||||
|
||||
/* Automatic context save is supported only on mariko. */
|
||||
if (fuse::GetSocType() == fuse::SocType_Mariko) {
|
||||
/* Configure SE1 to do automatic context save. */
|
||||
reg::Write(SE->SE_CTX_SAVE_AUTO, SE_REG_BITS_ENUM(CTX_SAVE_AUTO_ENABLE, YES),
|
||||
SE_REG_BITS_ENUM(CTX_SAVE_AUTO_LOCK, YES));
|
||||
|
||||
/* Configure SE2 to do automatic context save. */
|
||||
reg::Write(SE2->SE_CTX_SAVE_AUTO, SE_REG_BITS_ENUM(CTX_SAVE_AUTO_ENABLE, YES),
|
||||
SE_REG_BITS_ENUM(CTX_SAVE_AUTO_LOCK, YES));
|
||||
}
|
||||
}
|
||||
|
||||
void SaveContextAutomatic() {
|
||||
/* Get registers. */
|
||||
auto *SE = GetRegisters();
|
||||
auto *SE2 = GetRegisters2();
|
||||
|
||||
/* Ensure there's no error status before or after we save context. */
|
||||
ValidateErrStatus();
|
||||
ON_SCOPE_EXIT { ValidateErrStatus(); };
|
||||
|
||||
/* Perform atomic context save. */
|
||||
{
|
||||
/* Check that context save has not already been performed. */
|
||||
AMS_ABORT_UNLESS(reg::HasValue(SE->SE_CTX_SAVE_AUTO, SE_REG_BITS_VALUE(CTX_SAVE_AUTO_CURR_CNT, 0)));
|
||||
AMS_ABORT_UNLESS(reg::HasValue(SE2->SE_CTX_SAVE_AUTO, SE_REG_BITS_VALUE(CTX_SAVE_AUTO_CURR_CNT, 0)));
|
||||
|
||||
/* Configure SE1 to do context save. */
|
||||
ConfigureForAutomaticContextSave(SE);
|
||||
ConfigureForAutomaticContextSave(SE2);
|
||||
|
||||
/* Start the context save operation. */
|
||||
reg::Write(SE->SE_OPERATION, SE_REG_BITS_ENUM(OPERATION_OP, CTX_SAVE));
|
||||
reg::Write(SE2->SE_OPERATION, SE_REG_BITS_ENUM(OPERATION_OP, CTX_SAVE));
|
||||
|
||||
/* Wait for the context save operation to complete. */
|
||||
WaitAutomaticContextSaveDone(SE);
|
||||
WaitAutomaticContextSaveDone(SE2);
|
||||
|
||||
/* Check that the correct sizes were written. */
|
||||
AMS_ABORT_UNLESS(reg::HasValue(SE->SE_CTX_SAVE_AUTO, SE_REG_BITS_VALUE(CTX_SAVE_AUTO_CURR_CNT, SE1ContextSaveOperationCount)));
|
||||
AMS_ABORT_UNLESS(reg::HasValue(SE2->SE_CTX_SAVE_AUTO, SE_REG_BITS_VALUE(CTX_SAVE_AUTO_CURR_CNT, SE2ContextSaveOperationCount)));
|
||||
}
|
||||
}
|
||||
|
||||
void SaveTzramAutomatic() {
|
||||
/* Get registers. */
|
||||
auto *SE = GetRegisters();
|
||||
|
||||
/* Begin save-to-shadow-tzram operation. */
|
||||
reg::Write(SE->SE_TZRAM_OPERATION, SE_REG_BITS_ENUM(TZRAM_OPERATION_MODE, SAVE),
|
||||
SE_REG_BITS_ENUM(TZRAM_OPERATION_REQ, INITIATE));
|
||||
|
||||
/* Wait for operation to complete. */
|
||||
while (reg::HasValue(SE->SE_TZRAM_OPERATION, SE_REG_BITS_ENUM(TZRAM_OPERATION_BUSY, YES))) { /* ... */ }
|
||||
}
|
||||
|
||||
void ValidateErrStatus() {
|
||||
/* Ensure SE has no error status. */
|
||||
ValidateErrStatus(GetRegisters());
|
||||
|
||||
/* If on mariko, ensure SE2 has no error status. */
|
||||
if (fuse::GetSocType() == fuse::SocType_Mariko) {
|
||||
ValidateErrStatus(GetRegisters2());
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user