From df5b75694f5abde94ccf05fa6c7a557b1ba9079b Mon Sep 17 00:00:00 2001 From: Zach Hilman Date: Fri, 27 Jul 2018 23:55:23 -0400 Subject: Remove files that are not used --- src/core/crypto/aes_util.cpp | 6 + src/core/crypto/aes_util.h | 118 +++++++++ src/core/crypto/ctr_encryption_layer.cpp | 56 +++++ src/core/crypto/ctr_encryption_layer.h | 31 +++ src/core/crypto/encryption_layer.cpp | 42 ++++ src/core/crypto/encryption_layer.h | 30 +++ src/core/crypto/key_manager.cpp | 410 +++++++++++++++++++++++++++++++ src/core/crypto/key_manager.h | 116 +++++++++ src/core/crypto/sha_util.cpp | 5 + src/core/crypto/sha_util.h | 20 ++ 10 files changed, 834 insertions(+) create mode 100644 src/core/crypto/aes_util.cpp create mode 100644 src/core/crypto/aes_util.h create mode 100644 src/core/crypto/ctr_encryption_layer.cpp create mode 100644 src/core/crypto/ctr_encryption_layer.h create mode 100644 src/core/crypto/encryption_layer.cpp create mode 100644 src/core/crypto/encryption_layer.h create mode 100644 src/core/crypto/key_manager.cpp create mode 100644 src/core/crypto/key_manager.h create mode 100644 src/core/crypto/sha_util.cpp create mode 100644 src/core/crypto/sha_util.h (limited to 'src/core/crypto') diff --git a/src/core/crypto/aes_util.cpp b/src/core/crypto/aes_util.cpp new file mode 100644 index 000000000..46326cdec --- /dev/null +++ b/src/core/crypto/aes_util.cpp @@ -0,0 +1,6 @@ +// Copyright 2018 yuzu emulator team +// Licensed under GPLv2 or any later version +// Refer to the license.txt file included. + +namespace Crypto { +} // namespace Crypto diff --git a/src/core/crypto/aes_util.h b/src/core/crypto/aes_util.h new file mode 100644 index 000000000..9807b9234 --- /dev/null +++ b/src/core/crypto/aes_util.h @@ -0,0 +1,118 @@ +// Copyright 2018 yuzu emulator team +// Licensed under GPLv2 or any later version +// Refer to the license.txt file included. + +#pragma once + +#include "common/assert.h" +#include "core/file_sys/vfs.h" +#include "mbedtls/cipher.h" + +namespace Crypto { + +enum class Mode { + CTR = MBEDTLS_CIPHER_AES_128_CTR, + ECB = MBEDTLS_CIPHER_AES_128_ECB, + XTS = MBEDTLS_CIPHER_AES_128_XTS, +}; + +enum class Op { + ENCRYPT, + DECRYPT, +}; + +template +struct AESCipher { + static_assert(std::is_same_v>, "Key must be std::array of u8."); + static_assert(KeySize == 0x10 || KeySize == 0x20, "KeySize must be 128 or 256."); + + AESCipher(Key key, Mode mode) { + mbedtls_cipher_init(&encryption_context); + mbedtls_cipher_init(&decryption_context); + + ASSERT_MSG((mbedtls_cipher_setup( + &encryption_context, + mbedtls_cipher_info_from_type(static_cast(mode))) || + mbedtls_cipher_setup(&decryption_context, + mbedtls_cipher_info_from_type( + static_cast(mode)))) == 0, + "Failed to initialize mbedtls ciphers."); + + ASSERT( + !mbedtls_cipher_setkey(&encryption_context, key.data(), KeySize * 8, MBEDTLS_ENCRYPT)); + ASSERT( + !mbedtls_cipher_setkey(&decryption_context, key.data(), KeySize * 8, MBEDTLS_DECRYPT)); + //"Failed to set key on mbedtls ciphers."); + } + + ~AESCipher() { + mbedtls_cipher_free(&encryption_context); + mbedtls_cipher_free(&decryption_context); + } + + void SetIV(std::vector iv) { + ASSERT_MSG((mbedtls_cipher_set_iv(&encryption_context, iv.data(), iv.size()) || + mbedtls_cipher_set_iv(&decryption_context, iv.data(), iv.size())) == 0, + "Failed to set IV on mbedtls ciphers."); + } + + template + void Transcode(const Source* src, size_t size, Dest* dest, Op op) { + size_t written = 0; + + const auto context = op == Op::ENCRYPT ? &encryption_context : &decryption_context; + + mbedtls_cipher_reset(context); + + if (mbedtls_cipher_get_cipher_mode(context) == MBEDTLS_MODE_XTS) { + mbedtls_cipher_update(context, reinterpret_cast(src), size, + reinterpret_cast(dest), &written); + if (written != size) + LOG_WARNING(Crypto, "Not all data was decrypted requested={:016X}, actual={:016X}.", + size, written); + } else { + const auto block_size = mbedtls_cipher_get_block_size(context); + + for (size_t offset = 0; offset < size; offset += block_size) { + auto length = std::min(block_size, size - offset); + mbedtls_cipher_update(context, reinterpret_cast(src) + offset, length, + reinterpret_cast(dest) + offset, &written); + if (written != length) + LOG_WARNING(Crypto, + "Not all data was decrypted requested={:016X}, actual={:016X}.", + length, written); + } + } + + mbedtls_cipher_finish(context, nullptr, nullptr); + } + + template + void XTSTranscode(const Source* src, size_t size, Dest* dest, size_t sector_id, + size_t sector_size, Op op) { + if (size % sector_size > 0) { + LOG_CRITICAL(Crypto, "Data size must be a multiple of sector size."); + return; + } + + for (size_t i = 0; i < size; i += sector_size) { + SetIV(CalculateNintendoTweak(sector_id++)); + Transcode(reinterpret_cast(src) + i, sector_size, + reinterpret_cast(dest) + i, op); + } + } + +private: + mbedtls_cipher_context_t encryption_context; + mbedtls_cipher_context_t decryption_context; + + static std::vector CalculateNintendoTweak(size_t sector_id) { + std::vector out(0x10); + for (size_t i = 0xF; i <= 0xF; --i) { + out[i] = sector_id & 0xFF; + sector_id >>= 8; + } + return out; + } +}; +} // namespace Crypto diff --git a/src/core/crypto/ctr_encryption_layer.cpp b/src/core/crypto/ctr_encryption_layer.cpp new file mode 100644 index 000000000..8799496e2 --- /dev/null +++ b/src/core/crypto/ctr_encryption_layer.cpp @@ -0,0 +1,56 @@ +// Copyright 2018 yuzu emulator team +// Licensed under GPLv2 or any later version +// Refer to the license.txt file included. + +#include "common/assert.h" +#include "core/crypto/ctr_encryption_layer.h" + +namespace Crypto { +CTREncryptionLayer::CTREncryptionLayer(FileSys::VirtualFile base_, Key128 key_, size_t base_offset) + : EncryptionLayer(std::move(base_)), base_offset(base_offset), cipher(key_, Mode::CTR), + iv(16, 0) {} + +size_t CTREncryptionLayer::Read(u8* data, size_t length, size_t offset) const { + if (length == 0) + return 0; + + const auto sector_offset = offset & 0xF; + if (sector_offset == 0) { + UpdateIV(base_offset + offset); + std::vector raw = base->ReadBytes(length, offset); + if (raw.size() != length) + return Read(data, raw.size(), offset); + cipher.Transcode(raw.data(), length, data, Op::DECRYPT); + return length; + } + + // offset does not fall on block boundary (0x10) + std::vector block = base->ReadBytes(0x10, offset - sector_offset); + UpdateIV(base_offset + offset - sector_offset); + cipher.Transcode(block.data(), block.size(), block.data(), Op::DECRYPT); + size_t read = 0x10 - sector_offset; + + if (length + sector_offset < 0x10) { + memcpy_s(data, length, block.data() + sector_offset, std::min(length, read)); + return read; + } + + memcpy_s(data, length, block.data() + sector_offset, read); + return read + Read(data + read, length - read, offset + read); +} + +void CTREncryptionLayer::SetIV(std::vector iv_) { + const auto length = std::min(iv_.size(), iv.size()); + for (size_t i = 0; i < length; ++i) + iv[i] = iv_[i]; +} + +void CTREncryptionLayer::UpdateIV(size_t offset) const { + offset >>= 4; + for (size_t i = 0; i < 8; ++i) { + iv[16 - i - 1] = offset & 0xFF; + offset >>= 8; + } + cipher.SetIV(iv); +} +} // namespace Crypto diff --git a/src/core/crypto/ctr_encryption_layer.h b/src/core/crypto/ctr_encryption_layer.h new file mode 100644 index 000000000..fe53e714b --- /dev/null +++ b/src/core/crypto/ctr_encryption_layer.h @@ -0,0 +1,31 @@ +// Copyright 2018 yuzu emulator team +// Licensed under GPLv2 or any later version +// Refer to the license.txt file included. + +#pragma once + +#include "aes_util.h" +#include "encryption_layer.h" +#include "key_manager.h" + +namespace Crypto { + +// Sits on top of a VirtualFile and provides CTR-mode AES decription. +struct CTREncryptionLayer : public EncryptionLayer { + CTREncryptionLayer(FileSys::VirtualFile base, Key128 key, size_t base_offset); + + size_t Read(u8* data, size_t length, size_t offset) const override; + + void SetIV(std::vector iv); + +private: + size_t base_offset; + + // Must be mutable as operations modify cipher contexts. + mutable AESCipher cipher; + mutable std::vector iv; + + void UpdateIV(size_t offset) const; +}; + +} // namespace Crypto diff --git a/src/core/crypto/encryption_layer.cpp b/src/core/crypto/encryption_layer.cpp new file mode 100644 index 000000000..4e243051e --- /dev/null +++ b/src/core/crypto/encryption_layer.cpp @@ -0,0 +1,42 @@ +// Copyright 2018 yuzu emulator team +// Licensed under GPLv2 or any later version +// Refer to the license.txt file included. + +#include "core/crypto/encryption_layer.h" + +namespace Crypto { + +EncryptionLayer::EncryptionLayer(FileSys::VirtualFile base_) : base(std::move(base_)) {} + +std::string EncryptionLayer::GetName() const { + return base->GetName(); +} + +size_t EncryptionLayer::GetSize() const { + return base->GetSize(); +} + +bool EncryptionLayer::Resize(size_t new_size) { + return false; +} + +std::shared_ptr EncryptionLayer::GetContainingDirectory() const { + return base->GetContainingDirectory(); +} + +bool EncryptionLayer::IsWritable() const { + return false; +} + +bool EncryptionLayer::IsReadable() const { + return true; +} + +size_t EncryptionLayer::Write(const u8* data, size_t length, size_t offset) { + return 0; +} + +bool EncryptionLayer::Rename(std::string_view name) { + return base->Rename(name); +} +} // namespace Crypto diff --git a/src/core/crypto/encryption_layer.h b/src/core/crypto/encryption_layer.h new file mode 100644 index 000000000..2312870d8 --- /dev/null +++ b/src/core/crypto/encryption_layer.h @@ -0,0 +1,30 @@ +// Copyright 2018 yuzu emulator team +// Licensed under GPLv2 or any later version +// Refer to the license.txt file included. + +#pragma once +#include "core/file_sys/vfs.h" + +namespace Crypto { + +// Basically non-functional class that implements all of the methods that are irrelevant to an +// EncryptionLayer. Reduces duplicate code. +struct EncryptionLayer : public FileSys::VfsFile { + explicit EncryptionLayer(FileSys::VirtualFile base); + + size_t Read(u8* data, size_t length, size_t offset) const override = 0; + + std::string GetName() const override; + size_t GetSize() const override; + bool Resize(size_t new_size) override; + std::shared_ptr GetContainingDirectory() const override; + bool IsWritable() const override; + bool IsReadable() const override; + size_t Write(const u8* data, size_t length, size_t offset) override; + bool Rename(std::string_view name) override; + +protected: + FileSys::VirtualFile base; +}; + +} // namespace Crypto diff --git a/src/core/crypto/key_manager.cpp b/src/core/crypto/key_manager.cpp new file mode 100644 index 000000000..05c6a70a2 --- /dev/null +++ b/src/core/crypto/key_manager.cpp @@ -0,0 +1,410 @@ +// Copyright 2018 yuzu emulator team +// Licensed under GPLv2 or any later version +// Refer to the license.txt file included. + +#include +#include +#include +#include "common/assert.h" +#include "common/logging/log.h" +#include "core/crypto/key_manager.h" +#include "mbedtls/sha256.h" + +namespace Crypto { +KeyManager keys = {}; + +std::unordered_map, SHA256Hash> KeyManager::s128_hash_prod = { + {{S128KeyType::MASTER, 0, 0}, + "0EE359BE3C864BB0782E1D70A718A0342C551EED28C369754F9C4F691BECF7CA"_array32}, + {{S128KeyType::MASTER, 1, 0}, + "4FE707B7E4ABDAF727C894AAF13B1351BFE2AC90D875F73B2E20FA94B9CC661E"_array32}, + {{S128KeyType::MASTER, 2, 0}, + "79277C0237A2252EC3DFAC1F7C359C2B3D121E9DB15BB9AB4C2B4408D2F3AE09"_array32}, + {{S128KeyType::MASTER, 3, 0}, + "4F36C565D13325F65EE134073C6A578FFCB0008E02D69400836844EAB7432754"_array32}, + {{S128KeyType::MASTER, 4, 0}, + "75ff1d95d26113550ee6fcc20acb58e97edeb3a2ff52543ed5aec63bdcc3da50"_array32}, + {{S128KeyType::PACKAGE1, 0, 0}, + "4543CD1B7CAD7EE0466A3DE2086A0EF923805DCEA6C741541CDDB14F54F97B40"_array32}, + {{S128KeyType::PACKAGE1, 1, 0}, + "4A11DA019D26470C9B805F1721364830DC0096DD66EAC453B0D14455E5AF5CF8"_array32}, + {{S128KeyType::PACKAGE1, 2, 0}, + "CCA867360B3318246FBF0B8A86473176ED486DFE229772B941A02E84D50A3155"_array32}, + {{S128KeyType::PACKAGE1, 3, 0}, + "E65C383CDF526DFFAA77682868EBFA9535EE60D8075C961BBC1EDE5FBF7E3C5F"_array32}, + {{S128KeyType::PACKAGE1, 4, 0}, + "28ae73d6ae8f7206fca549e27097714e599df1208e57099416ff429b71370162"_array32}, + {{S128KeyType::PACKAGE2, 0, 0}, + "94D6F38B9D0456644E21DFF4707D092B70179B82D1AA2F5B6A76B8F9ED948264"_array32}, + {{S128KeyType::PACKAGE2, 1, 0}, + "7794F24FA879D378FEFDC8776B949B88AD89386410BE9025D463C619F1530509"_array32}, + {{S128KeyType::PACKAGE2, 2, 0}, + "5304BDDE6AC8E462961B5DB6E328B1816D245D36D6574BB78938B74D4418AF35"_array32}, + {{S128KeyType::PACKAGE2, 3, 0}, + "BE1E52C4345A979DDD4924375B91C902052C2E1CF8FBF2FAA42E8F26D5125B60"_array32}, + {{S128KeyType::PACKAGE2, 4, 0}, + "631b45d349ab8f76a050fe59512966fb8dbaf0755ef5b6903048bf036cfa611e"_array32}, + {{S128KeyType::TITLEKEK, 0, 0}, + "C2FA30CAC6AE1680466CB54750C24550E8652B3B6F38C30B49DADF067B5935E9"_array32}, + {{S128KeyType::TITLEKEK, 1, 0}, + "0D6B8F3746AD910D36438A859C11E8BE4310112425D63751D09B5043B87DE598"_array32}, + {{S128KeyType::TITLEKEK, 2, 0}, + "D09E18D3DB6BC7393536896F728528736FBEFCDD15C09D9D612FDE5C7BDCD821"_array32}, + {{S128KeyType::TITLEKEK, 3, 0}, + "47C6F9F7E99BB1F56DCDC93CDBD340EA82DCCD74DD8F3535ADA20ECF79D438ED"_array32}, + {{S128KeyType::TITLEKEK, 4, 0}, + "128610de8424cb29e08f9ee9a81c9e6ffd3c6662854aad0c8f937e0bcedc4d88"_array32}, + {{S128KeyType::ETICKET_RSA_KEK, 0, 0}, + "46cccf288286e31c931379de9efa288c95c9a15e40b00a4c563a8be244ece515"_array32}, + {{S128KeyType::KEY_AREA, 0, static_cast(KeyAreaKeyType::Application)}, + "592957F44FE5DB5EC6B095F568910E31A226D3B7FE42D64CFB9CE4051E90AEB6"_array32}, + {{S128KeyType::KEY_AREA, 1, static_cast(KeyAreaKeyType::Application)}, + "C2252A0FBF9D339ABC3D681351D00452F926E7CA0C6CA85F659078DE3FA647F3"_array32}, + {{S128KeyType::KEY_AREA, 2, static_cast(KeyAreaKeyType::Application)}, + "7C7722824B2F7C4938C40F3EA93E16CB69D3285EB133490EF8ECCD2C4B52DF41"_array32}, + {{S128KeyType::KEY_AREA, 3, static_cast(KeyAreaKeyType::Application)}, + "AFBB8EBFB2094F1CF71E330826AE06D64414FCA128C464618DF30EED92E62BE6"_array32}, + {{S128KeyType::KEY_AREA, 4, static_cast(KeyAreaKeyType::Application)}, + "5dc10eb81918da3f2fa90f69c8542511963656cfb31fb7c779581df8faf1f2f5"_array32}, + {{S128KeyType::KEY_AREA, 0, static_cast(KeyAreaKeyType::Ocean)}, + "AA2C65F0E27F730807A13F2ED5B99BE5183165B87C50B6ED48F5CAC2840687EB"_array32}, + {{S128KeyType::KEY_AREA, 1, static_cast(KeyAreaKeyType::Ocean)}, + "860185F2313A14F7006A029CB21A52750E7718C1E94FFB98C0AE2207D1A60165"_array32}, + {{S128KeyType::KEY_AREA, 2, static_cast(KeyAreaKeyType::Ocean)}, + "7283FB1EFBD42438DADF363FDB776ED355C98737A2AAE75D0E9283CE1C12A2E4"_array32}, + {{S128KeyType::KEY_AREA, 3, static_cast(KeyAreaKeyType::Ocean)}, + "9881C2D3AB70B14C8AA12016FC73ADAD93C6AD9FB59A9ECAD312B6F89E2413EC"_array32}, + {{S128KeyType::KEY_AREA, 4, static_cast(KeyAreaKeyType::Ocean)}, + "eaa6a8d242b89e174928fa9549a0f66ec1562e2576fac896f438a2b3c1fb6005"_array32}, + {{S128KeyType::KEY_AREA, 0, static_cast(KeyAreaKeyType::System)}, + "194CF6BD14554DA8D457E14CBFE04E55C8FB8CA52E0AFB3D7CB7084AE435B801"_array32}, + {{S128KeyType::KEY_AREA, 1, static_cast(KeyAreaKeyType::System)}, + "CE1DB7BB6E5962384889DB7A396AFD614F82F69DC38A33D2DEAF47F3E4B964B7"_array32}, + {{S128KeyType::KEY_AREA, 2, static_cast(KeyAreaKeyType::System)}, + "42238DE5685DEF4FDE7BE42C0097CEB92447006386D6B5D5AAA2C9AFD2E28422"_array32}, + {{S128KeyType::KEY_AREA, 3, static_cast(KeyAreaKeyType::System)}, + "1F6847F268E9D9C5D1AD4D7E226A63B833BF02071446957A962EF065521879C1"_array32}, + {{S128KeyType::KEY_AREA, 4, static_cast(KeyAreaKeyType::System)}, + "644007f9913c3602399d4d75cc34faeb7f1faad18b23e34187b16fdc45f4980f"_array32}, +}; + +std::unordered_map, SHA256Hash> KeyManager::s256_hash_prod = { + {{S256KeyType::HEADER, 0, 0}, + "8E03DE24818D96CE4F2A09B43AF979E679974F7570713A61EED8B314864A11D5"_array32}, + {{S256KeyType::SD_SAVE, 0, 0}, + "13020ee72d0f8b8f9112dc738b829fdb017102499a7c2259b52aeefc0a273f5c"_array32}, + {{S256KeyType::SD_NCA, 0, 0}, + "8a1c05b4f88bae5b04d77f632e6acfc8893c4a05fd701f53585daafc996b532a"_array32}, +}; + +// TODO(DarkLordZach): Find missing hashes for dev keys. + +std::unordered_map, SHA256Hash> KeyManager::s128_hash_dev = { + {{S128KeyType::MASTER, 0, 0}, + "779dd8b533a2fb670f27b308cb8d0151c4a107568b817429172b7f80aa592c25"_array32}, + {{S128KeyType::MASTER, 1, 0}, + "0175c8bc49771576f75527be719098db4ebaf77707206749415663aa3a9ea9cc"_array32}, + {{S128KeyType::MASTER, 2, 0}, + "4f0b4d724e5a8787268157c7ce0767c26d2e2021832aa7020f306d6e260eea42"_array32}, + {{S128KeyType::MASTER, 3, 0}, + "7b5a29586c1f84f66fbfabb94518fc45408bb8e5445253d063dda7cfef2a818c"_array32}, + {{S128KeyType::MASTER, 4, 0}, + "87a61dbb05a8755de7fe069562aab38ebfb266c9eb835f09fa62dacc89c98341"_array32}, + {{S128KeyType::PACKAGE1, 0, 0}, + "166510bc63ae50391ebe4ee4ff90ca31cd0e2dd0ff6be839a2f573ec146cc23a"_array32}, + {{S128KeyType::PACKAGE1, 1, 0}, + "f74cd01b86743139c920ec54a8116c669eea805a0be1583e13fc5bc8de68645b"_array32}, + {{S128KeyType::PACKAGE1, 2, 0}, + "d0cdecd513bb6aa3d9dc6244c977dc8a5a7ea157d0a8747d79e7581146e1f768"_array32}, + {{S128KeyType::PACKAGE1, 3, 0}, + "aa39394d626b3b79f5b7ccc07378b5996b6d09bf0eb6771b0b40c9077fbfde8c"_array32}, + {{S128KeyType::PACKAGE1, 4, 0}, + "8f4754b8988c0e673fc2bbea0534cdd6075c815c9270754ae980aef3e4f0a508"_array32}, + {{S128KeyType::PACKAGE2, 0, 0}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::PACKAGE2, 1, 0}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::PACKAGE2, 2, 0}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::PACKAGE2, 3, 0}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::PACKAGE2, 4, 0}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::TITLEKEK, 0, 0}, + "C2FA30CAC6AE1680466CB54750C24550E8652B3B6F38C30B49DADF067B5935E9"_array32}, + {{S128KeyType::TITLEKEK, 1, 0}, + "0D6B8F3746AD910D36438A859C11E8BE4310112425D63751D09B5043B87DE598"_array32}, + {{S128KeyType::TITLEKEK, 2, 0}, + "D09E18D3DB6BC7393536896F728528736FBEFCDD15C09D9D612FDE5C7BDCD821"_array32}, + {{S128KeyType::TITLEKEK, 3, 0}, + "47C6F9F7E99BB1F56DCDC93CDBD340EA82DCCD74DD8F3535ADA20ECF79D438ED"_array32}, + {{S128KeyType::TITLEKEK, 4, 0}, + "128610de8424cb29e08f9ee9a81c9e6ffd3c6662854aad0c8f937e0bcedc4d88"_array32}, + {{S128KeyType::ETICKET_RSA_KEK, 0, 0}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::KEY_AREA, 0, static_cast(KeyAreaKeyType::Application)}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::KEY_AREA, 1, static_cast(KeyAreaKeyType::Application)}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::KEY_AREA, 2, static_cast(KeyAreaKeyType::Application)}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::KEY_AREA, 3, static_cast(KeyAreaKeyType::Application)}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::KEY_AREA, 4, static_cast(KeyAreaKeyType::Application)}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::KEY_AREA, 0, static_cast(KeyAreaKeyType::Ocean)}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::KEY_AREA, 1, static_cast(KeyAreaKeyType::Ocean)}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::KEY_AREA, 2, static_cast(KeyAreaKeyType::Ocean)}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::KEY_AREA, 3, static_cast(KeyAreaKeyType::Ocean)}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::KEY_AREA, 4, static_cast(KeyAreaKeyType::Ocean)}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::KEY_AREA, 0, static_cast(KeyAreaKeyType::System)}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::KEY_AREA, 1, static_cast(KeyAreaKeyType::System)}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::KEY_AREA, 2, static_cast(KeyAreaKeyType::System)}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::KEY_AREA, 3, static_cast(KeyAreaKeyType::System)}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S128KeyType::KEY_AREA, 4, static_cast(KeyAreaKeyType::System)}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, +}; + +std::unordered_map, SHA256Hash> KeyManager::s256_hash_dev = { + {{S256KeyType::HEADER, 0, 0}, + "ecde86a76e37ac4fd7591d3aa55c00cc77d8595fc27968052ec18a177d939060"_array32}, + {{S256KeyType::SD_SAVE, 0, 0}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, + {{S256KeyType::SD_NCA, 0, 0}, + "0000000000000000000000000000000000000000000000000000000000000000"_array32}, +}; + +std::unordered_map> KeyManager::s128_file_id = { + {"master_key_00", {S128KeyType::MASTER, 0, 0}}, + {"master_key_01", {S128KeyType::MASTER, 1, 0}}, + {"master_key_02", {S128KeyType::MASTER, 2, 0}}, + {"master_key_03", {S128KeyType::MASTER, 3, 0}}, + {"master_key_04", {S128KeyType::MASTER, 4, 0}}, + {"package1_key_00", {S128KeyType::PACKAGE1, 0, 0}}, + {"package1_key_01", {S128KeyType::PACKAGE1, 1, 0}}, + {"package1_key_02", {S128KeyType::PACKAGE1, 2, 0}}, + {"package1_key_03", {S128KeyType::PACKAGE1, 3, 0}}, + {"package1_key_04", {S128KeyType::PACKAGE1, 4, 0}}, + {"package2_key_00", {S128KeyType::PACKAGE2, 0, 0}}, + {"package2_key_01", {S128KeyType::PACKAGE2, 1, 0}}, + {"package2_key_02", {S128KeyType::PACKAGE2, 2, 0}}, + {"package2_key_03", {S128KeyType::PACKAGE2, 3, 0}}, + {"package2_key_04", {S128KeyType::PACKAGE2, 4, 0}}, + {"titlekek_00", {S128KeyType::TITLEKEK, 0, 0}}, + {"titlekek_01", {S128KeyType::TITLEKEK, 1, 0}}, + {"titlekek_02", {S128KeyType::TITLEKEK, 2, 0}}, + {"titlekek_03", {S128KeyType::TITLEKEK, 3, 0}}, + {"titlekek_04", {S128KeyType::TITLEKEK, 4, 0}}, + {"eticket_rsa_kek", {S128KeyType::ETICKET_RSA_KEK, 0, 0}}, + {"key_area_key_application_00", + {S128KeyType::KEY_AREA, 0, static_cast(KeyAreaKeyType::Application)}}, + {"key_area_key_application_01", + {S128KeyType::KEY_AREA, 1, static_cast(KeyAreaKeyType::Application)}}, + {"key_area_key_application_02", + {S128KeyType::KEY_AREA, 2, static_cast(KeyAreaKeyType::Application)}}, + {"key_area_key_application_03", + {S128KeyType::KEY_AREA, 3, static_cast(KeyAreaKeyType::Application)}}, + {"key_area_key_application_04", + {S128KeyType::KEY_AREA, 4, static_cast(KeyAreaKeyType::Application)}}, + {"key_area_key_ocean_00", {S128KeyType::KEY_AREA, 0, static_cast(KeyAreaKeyType::Ocean)}}, + {"key_area_key_ocean_01", {S128KeyType::KEY_AREA, 1, static_cast(KeyAreaKeyType::Ocean)}}, + {"key_area_key_ocean_02", {S128KeyType::KEY_AREA, 2, static_cast(KeyAreaKeyType::Ocean)}}, + {"key_area_key_ocean_03", {S128KeyType::KEY_AREA, 3, static_cast(KeyAreaKeyType::Ocean)}}, + {"key_area_key_ocean_04", {S128KeyType::KEY_AREA, 4, static_cast(KeyAreaKeyType::Ocean)}}, + {"key_area_key_system_00", + {S128KeyType::KEY_AREA, 0, static_cast(KeyAreaKeyType::System)}}, + {"key_area_key_system_01", + {S128KeyType::KEY_AREA, 1, static_cast(KeyAreaKeyType::System)}}, + {"key_area_key_system_02", + {S128KeyType::KEY_AREA, 2, static_cast(KeyAreaKeyType::System)}}, + {"key_area_key_system_03", + {S128KeyType::KEY_AREA, 3, static_cast(KeyAreaKeyType::System)}}, + {"key_area_key_system_04", + {S128KeyType::KEY_AREA, 4, static_cast(KeyAreaKeyType::System)}}, +}; + +std::unordered_map> KeyManager::s256_file_id = { + {"header_key", {S256KeyType::HEADER, 0, 0}}, + {"sd_card_save_key", {S256KeyType::SD_SAVE, 0, 0}}, + {"sd_card_nca_key", {S256KeyType::SD_NCA, 0, 0}}, +}; + +static u8 ToHexNibble(char c1) { + if (c1 >= 65 && c1 <= 70) + return c1 - 55; + if (c1 >= 97 && c1 <= 102) + return c1 - 87; + if (c1 >= 48 && c1 <= 57) + return c1 - 48; + throw std::logic_error("Invalid hex digit"); +} + +template +static std::array HexStringToArray(std::string_view str) { + std::array out{}; + for (size_t i = 0; i < 2 * Size; i += 2) { + auto d1 = str[i]; + auto d2 = str[i + 1]; + out[i / 2] = (ToHexNibble(d1) << 4) | ToHexNibble(d2); + } + return out; +} + +std::array operator""_array16(const char* str, size_t len) { + if (len != 32) + throw std::logic_error("Not of correct size."); + return HexStringToArray<16>(str); +} + +std::array operator""_array32(const char* str, size_t len) { + if (len != 64) + throw std::logic_error("Not of correct size."); + return HexStringToArray<32>(str); +} + +void KeyManager::SetValidationMode(bool dev) { + dev_mode = dev; +} + +void KeyManager::LoadFromFile(std::string_view filename_, bool is_title_keys) { + const auto filename = std::string(filename_); + std::ifstream file(filename); + if (!file.is_open()) + return; + + std::string line; + while (std::getline(file, line)) { + std::vector out; + std::stringstream stream(line); + std::string item; + while (std::getline(stream, item, '=')) + out.push_back(std::move(item)); + + if (out.size() != 2) + continue; + + out[0].erase(std::remove(out[0].begin(), out[0].end(), ' '), out[0].end()); + out[1].erase(std::remove(out[1].begin(), out[1].end(), ' '), out[1].end()); + + if (is_title_keys) { + auto rights_id_raw = HexStringToArray<16>(out[0]); + u128 rights_id = *reinterpret_cast*>(&rights_id_raw); + Key128 key = HexStringToArray<16>(out[1]); + SetKey(S128KeyType::TITLEKEY, key, rights_id[1], rights_id[0]); + } else { + std::transform(out[0].begin(), out[0].end(), out[0].begin(), ::tolower); + if (s128_file_id.find(out[0]) != s128_file_id.end()) { + const auto index = s128_file_id[out[0]]; + Key128 key = HexStringToArray<16>(out[1]); + SetKey(index.type, key, index.field1, index.field2); + } else if (s256_file_id.find(out[0]) != s256_file_id.end()) { + const auto index = s256_file_id[out[0]]; + Key256 key = HexStringToArray<32>(out[1]); + SetKey(index.type, key, index.field1, index.field2); + } + } + } +} + +bool KeyManager::HasKey(S128KeyType id, u64 field1, u64 field2) { + return s128_keys.find({id, field1, field2}) != s128_keys.end(); +} + +bool KeyManager::HasKey(S256KeyType id, u64 field1, u64 field2) { + return s256_keys.find({id, field1, field2}) != s256_keys.end(); +} + +Key128 KeyManager::GetKey(S128KeyType id, u64 field1, u64 field2) { + if (!HasKey(id, field1, field2)) + return {}; + return s128_keys[{id, field1, field2}]; +} + +Key256 KeyManager::GetKey(S256KeyType id, u64 field1, u64 field2) { + if (!HasKey(id, field1, field2)) + return {}; + return s256_keys[{id, field1, field2}]; +} + +void KeyManager::SetKey(S128KeyType id, Key128 key, u64 field1, u64 field2) { + s128_keys[{id, field1, field2}] = key; +} + +void KeyManager::SetKey(S256KeyType id, Key256 key, u64 field1, u64 field2) { + s256_keys[{id, field1, field2}] = key; +} + +bool KeyManager::ValidateKey(S128KeyType key, u64 field1, u64 field2) { + auto& hash = dev_mode ? s128_hash_dev : s128_hash_prod; + + KeyIndex id = {key, field1, field2}; + if (key == S128KeyType::SD_SEED || key == S128KeyType::TITLEKEY || + hash.find(id) == hash.end()) { + LOG_WARNING(Crypto, "Could not validate [{}]", id.DebugInfo()); + return true; + } + + if (!HasKey(key, field1, field2)) { + LOG_CRITICAL(Crypto, + "System has requested validation of [{}], but user has not added it. Add this " + "key to use functionality.", + id.DebugInfo()); + return false; + } + + SHA256Hash key_hash{}; + const auto a_key = GetKey(key, field1, field2); + mbedtls_sha256(a_key.data(), a_key.size(), key_hash.data(), 0); + if (key_hash != hash[id]) { + LOG_CRITICAL(Crypto, + "The hash of the provided key for [{}] does not match the one on file. This " + "means you probably have an incorrect key. If you believe this to be in " + "error, contact the yuzu devs.", + id.DebugInfo()); + return false; + } + + return true; +} + +bool KeyManager::ValidateKey(S256KeyType key, u64 field1, u64 field2) { + auto& hash = dev_mode ? s256_hash_dev : s256_hash_prod; + + KeyIndex id = {key, field1, field2}; + if (hash.find(id) == hash.end()) { + LOG_ERROR(Crypto, "Could not validate [{}]", id.DebugInfo()); + return true; + } + + if (!HasKey(key, field1, field2)) { + LOG_ERROR(Crypto, + "System has requested validation of [{}], but user has not added it. Add this " + "key to use functionality.", + id.DebugInfo()); + return false; + } + + SHA256Hash key_hash{}; + const auto a_key = GetKey(key, field1, field2); + mbedtls_sha256(a_key.data(), a_key.size(), key_hash.data(), 0); + if (key_hash != hash[id]) { + LOG_CRITICAL(Crypto, + "The hash of the provided key for [{}] does not match the one on file. This " + "means you probably have an incorrect key. If you believe this to be in " + "error, contact the yuzu devs.", + id.DebugInfo()); + return false; + } + + return true; +} +} // namespace Crypto diff --git a/src/core/crypto/key_manager.h b/src/core/crypto/key_manager.h new file mode 100644 index 000000000..155989e46 --- /dev/null +++ b/src/core/crypto/key_manager.h @@ -0,0 +1,116 @@ +// Copyright 2018 yuzu emulator team +// Licensed under GPLv2 or any later version +// Refer to the license.txt file included. + +#pragma once +#include +#include +#include +#include "common/common_types.h" + +namespace Crypto { + +typedef std::array Key128; +typedef std::array Key256; +typedef std::array SHA256Hash; + +static_assert(sizeof(Key128) == 16, "Key128 must be 128 bytes big."); +static_assert(sizeof(Key256) == 32, "Key128 must be 128 bytes big."); + +enum class S256KeyType : u64 { + HEADER, // + SD_SAVE, // + SD_NCA, // +}; + +enum class S128KeyType : u64 { + MASTER, // f1=crypto revision + PACKAGE1, // f1=crypto revision + PACKAGE2, // f1=crypto revision + TITLEKEK, // f1=crypto revision + ETICKET_RSA_KEK, // + KEY_AREA, // f1=crypto revision f2=type {app, ocean, system} + SD_SEED, // + TITLEKEY, // f1=rights id LSB f2=rights id MSB +}; + +enum class KeyAreaKeyType : u8 { + Application, + Ocean, + System, +}; + +template +struct KeyIndex { + KeyType type; + u64 field1; + u64 field2; + + std::string DebugInfo() { + u8 key_size = 16; + if (std::is_same_v) + key_size = 32; + return fmt::format("key_size={:02X}, key={:02X}, field1={:016X}, field2={:016X}", key_size, + static_cast(type), field1, field2); + } +}; + +// The following two (== and hash) are so KeyIndex can be a key in unordered_map + +template +bool operator==(const KeyIndex& lhs, const KeyIndex& rhs) { + return lhs.type == rhs.type && lhs.field1 == rhs.field1 && lhs.field2 == rhs.field2; +} + +} // namespace Crypto + +namespace std { +template +struct hash> { + size_t operator()(const Crypto::KeyIndex& k) const { + using std::hash; + + return ((hash()(static_cast(k.type)) ^ (hash()(k.field1) << 1)) >> 1) ^ + (hash()(k.field2) << 1); + } +}; +} // namespace std + +namespace Crypto { + +std::array operator"" _array16(const char* str, size_t len); +std::array operator"" _array32(const char* str, size_t len); + +struct KeyManager { + void SetValidationMode(bool dev); + void LoadFromFile(std::string_view filename, bool is_title_keys); + + bool HasKey(S128KeyType id, u64 field1 = 0, u64 field2 = 0); + bool HasKey(S256KeyType id, u64 field1 = 0, u64 field2 = 0); + + Key128 GetKey(S128KeyType id, u64 field1 = 0, u64 field2 = 0); + Key256 GetKey(S256KeyType id, u64 field1 = 0, u64 field2 = 0); + + void SetKey(S128KeyType id, Key128 key, u64 field1 = 0, u64 field2 = 0); + void SetKey(S256KeyType id, Key256 key, u64 field1 = 0, u64 field2 = 0); + + bool ValidateKey(S128KeyType key, u64 field1 = 0, u64 field2 = 0); + bool ValidateKey(S256KeyType key, u64 field1 = 0, u64 field2 = 0); + +private: + std::unordered_map, Key128> s128_keys; + std::unordered_map, Key256> s256_keys; + + bool dev_mode = false; + + static std::unordered_map, SHA256Hash> s128_hash_prod; + static std::unordered_map, SHA256Hash> s256_hash_prod; + static std::unordered_map, SHA256Hash> s128_hash_dev; + static std::unordered_map, SHA256Hash> s256_hash_dev; + static std::unordered_map> s128_file_id; + static std::unordered_map> s256_file_id; +}; + +extern KeyManager keys; + +} // namespace Crypto diff --git a/src/core/crypto/sha_util.cpp b/src/core/crypto/sha_util.cpp new file mode 100644 index 000000000..180008a85 --- /dev/null +++ b/src/core/crypto/sha_util.cpp @@ -0,0 +1,5 @@ +// Copyright 2018 yuzu emulator team +// Licensed under GPLv2 or any later version +// Refer to the license.txt file included. + +namespace Crypto {} // namespace Crypto diff --git a/src/core/crypto/sha_util.h b/src/core/crypto/sha_util.h new file mode 100644 index 000000000..fa3fa9d33 --- /dev/null +++ b/src/core/crypto/sha_util.h @@ -0,0 +1,20 @@ +// Copyright 2018 yuzu emulator team +// Licensed under GPLv2 or any later version +// Refer to the license.txt file included. + +#pragma once + +#include "common/assert.h" +#include "core/file_sys/vfs.h" +#include "key_manager.h" +#include "mbedtls/cipher.h" + +namespace Crypto { +typedef std::array SHA256Hash; + +inline SHA256Hash operator"" _HASH(const char* data, size_t len) { + if (len != 0x40) + return {}; +} + +} // namespace Crypto -- cgit v1.2.3 From c54a10cb4f9912aa0827b8a1b007757252fc90ae Mon Sep 17 00:00:00 2001 From: Zach Hilman Date: Sat, 28 Jul 2018 14:28:14 -0400 Subject: Update mbedtls and fix compile error --- src/core/crypto/key_manager.h | 1 + 1 file changed, 1 insertion(+) (limited to 'src/core/crypto') diff --git a/src/core/crypto/key_manager.h b/src/core/crypto/key_manager.h index 155989e46..b892a83f2 100644 --- a/src/core/crypto/key_manager.h +++ b/src/core/crypto/key_manager.h @@ -6,6 +6,7 @@ #include #include #include +#include #include "common/common_types.h" namespace Crypto { -- cgit v1.2.3 From 83c3ae8be87463486239246a93f9dadf5d2b27bd Mon Sep 17 00:00:00 2001 From: Zach Hilman Date: Sat, 28 Jul 2018 14:42:16 -0400 Subject: Add missing string.h include --- src/core/crypto/ctr_encryption_layer.cpp | 1 + 1 file changed, 1 insertion(+) (limited to 'src/core/crypto') diff --git a/src/core/crypto/ctr_encryption_layer.cpp b/src/core/crypto/ctr_encryption_layer.cpp index 8799496e2..6a0d396ed 100644 --- a/src/core/crypto/ctr_encryption_layer.cpp +++ b/src/core/crypto/ctr_encryption_layer.cpp @@ -2,6 +2,7 @@ // Licensed under GPLv2 or any later version // Refer to the license.txt file included. +#include #include "common/assert.h" #include "core/crypto/ctr_encryption_layer.h" -- cgit v1.2.3 From 22342487e8fb851a9837db22408db56240aa6931 Mon Sep 17 00:00:00 2001 From: Zach Hilman Date: Sat, 28 Jul 2018 16:23:00 -0400 Subject: Extract mbedtls to cpp file --- src/core/crypto/aes_util.cpp | 102 ++++++++++++++++++++++++++++++++++++++++- src/core/crypto/aes_util.h | 106 ++++++++++--------------------------------- 2 files changed, 123 insertions(+), 85 deletions(-) (limited to 'src/core/crypto') diff --git a/src/core/crypto/aes_util.cpp b/src/core/crypto/aes_util.cpp index 46326cdec..a9646e52f 100644 --- a/src/core/crypto/aes_util.cpp +++ b/src/core/crypto/aes_util.cpp @@ -2,5 +2,103 @@ // Licensed under GPLv2 or any later version // Refer to the license.txt file included. -namespace Crypto { -} // namespace Crypto +#include "core/crypto/aes_util.h" +#include "mbedtls/cipher.h" + +namespace Core::Crypto { +static_assert(static_cast(Mode::CTR) == static_cast(MBEDTLS_CIPHER_AES_128_CTR), "CTR mode is incorrect."); +static_assert(static_cast(Mode::ECB) == static_cast(MBEDTLS_CIPHER_AES_128_ECB), "ECB mode is incorrect."); +static_assert(static_cast(Mode::XTS) == static_cast(MBEDTLS_CIPHER_AES_128_XTS), "XTS mode is incorrect."); + +template +Crypto::AESCipher::AESCipher(Key key, Mode mode) { + mbedtls_cipher_init(encryption_context.get()); + mbedtls_cipher_init(decryption_context.get()); + + ASSERT_MSG((mbedtls_cipher_setup( + encryption_context.get(), + mbedtls_cipher_info_from_type(static_cast(mode))) || + mbedtls_cipher_setup(decryption_context.get(), + mbedtls_cipher_info_from_type( + static_cast(mode)))) == 0, + "Failed to initialize mbedtls ciphers."); + + ASSERT( + !mbedtls_cipher_setkey(encryption_context.get(), key.data(), KeySize * 8, MBEDTLS_ENCRYPT)); + ASSERT( + !mbedtls_cipher_setkey(decryption_context.get(), key.data(), KeySize * 8, MBEDTLS_DECRYPT)); + //"Failed to set key on mbedtls ciphers."); +} + +template +AESCipher::~AESCipher() { + mbedtls_cipher_free(encryption_context.get()); + mbedtls_cipher_free(decryption_context.get()); +} + +template +void AESCipher::SetIV(std::vector iv) { + ASSERT_MSG((mbedtls_cipher_set_iv(encryption_context.get(), iv.data(), iv.size()) || + mbedtls_cipher_set_iv(decryption_context.get(), iv.data(), iv.size())) == 0, + "Failed to set IV on mbedtls ciphers."); +} + +template +void AESCipher::Transcode(const u8* src, size_t size, u8* dest, Op op) { + size_t written = 0; + + const auto context = op == Op::Encrypt ? encryption_context.get() : decryption_context.get(); + + mbedtls_cipher_reset(context); + + if (mbedtls_cipher_get_cipher_mode(context) == MBEDTLS_MODE_XTS) { + mbedtls_cipher_update(context, src, size, + dest, &written); + if (written != size) + LOG_WARNING(Crypto, "Not all data was decrypted requested={:016X}, actual={:016X}.", + size, written); + } else { + const auto block_size = mbedtls_cipher_get_block_size(context); + + for (size_t offset = 0; offset < size; offset += block_size) { + auto length = std::min(block_size, size - offset); + mbedtls_cipher_update(context, src + offset, length, + dest + offset, &written); + if (written != length) + LOG_WARNING(Crypto, + "Not all data was decrypted requested={:016X}, actual={:016X}.", + length, written); + } + } + + mbedtls_cipher_finish(context, nullptr, nullptr); +} + +template +void AESCipher::XTSTranscode(const u8* src, size_t size, u8* dest, size_t sector_id, size_t sector_size, + Op op) { + if (size % sector_size > 0) { + LOG_CRITICAL(Crypto, "Data size must be a multiple of sector size."); + return; + } + + for (size_t i = 0; i < size; i += sector_size) { + SetIV(CalculateNintendoTweak(sector_id++)); + Transcode(src + i, sector_size, + dest + i, op); + } +} + +template +std::vector AESCipher::CalculateNintendoTweak(size_t sector_id) { + std::vector out(0x10); + for (size_t i = 0xF; i <= 0xF; --i) { + out[i] = sector_id & 0xFF; + sector_id >>= 8; + } + return out; +} + +template class AESCipher; +template class AESCipher; +} \ No newline at end of file diff --git a/src/core/crypto/aes_util.h b/src/core/crypto/aes_util.h index 9807b9234..5c09718b2 100644 --- a/src/core/crypto/aes_util.h +++ b/src/core/crypto/aes_util.h @@ -6,113 +6,53 @@ #include "common/assert.h" #include "core/file_sys/vfs.h" -#include "mbedtls/cipher.h" -namespace Crypto { +namespace Core::Crypto { enum class Mode { - CTR = MBEDTLS_CIPHER_AES_128_CTR, - ECB = MBEDTLS_CIPHER_AES_128_ECB, - XTS = MBEDTLS_CIPHER_AES_128_XTS, + CTR = 11, + ECB = 2, + XTS = 70, }; enum class Op { - ENCRYPT, - DECRYPT, + Encrypt, + Decrypt, }; +struct mbedtls_cipher_context_t; + template -struct AESCipher { +class AESCipher { static_assert(std::is_same_v>, "Key must be std::array of u8."); static_assert(KeySize == 0x10 || KeySize == 0x20, "KeySize must be 128 or 256."); - AESCipher(Key key, Mode mode) { - mbedtls_cipher_init(&encryption_context); - mbedtls_cipher_init(&decryption_context); - - ASSERT_MSG((mbedtls_cipher_setup( - &encryption_context, - mbedtls_cipher_info_from_type(static_cast(mode))) || - mbedtls_cipher_setup(&decryption_context, - mbedtls_cipher_info_from_type( - static_cast(mode)))) == 0, - "Failed to initialize mbedtls ciphers."); - - ASSERT( - !mbedtls_cipher_setkey(&encryption_context, key.data(), KeySize * 8, MBEDTLS_ENCRYPT)); - ASSERT( - !mbedtls_cipher_setkey(&decryption_context, key.data(), KeySize * 8, MBEDTLS_DECRYPT)); - //"Failed to set key on mbedtls ciphers."); - } +public: + AESCipher(Key key, Mode mode); - ~AESCipher() { - mbedtls_cipher_free(&encryption_context); - mbedtls_cipher_free(&decryption_context); - } + ~AESCipher(); - void SetIV(std::vector iv) { - ASSERT_MSG((mbedtls_cipher_set_iv(&encryption_context, iv.data(), iv.size()) || - mbedtls_cipher_set_iv(&decryption_context, iv.data(), iv.size())) == 0, - "Failed to set IV on mbedtls ciphers."); - } + void SetIV(std::vector iv); template void Transcode(const Source* src, size_t size, Dest* dest, Op op) { - size_t written = 0; - - const auto context = op == Op::ENCRYPT ? &encryption_context : &decryption_context; - - mbedtls_cipher_reset(context); - - if (mbedtls_cipher_get_cipher_mode(context) == MBEDTLS_MODE_XTS) { - mbedtls_cipher_update(context, reinterpret_cast(src), size, - reinterpret_cast(dest), &written); - if (written != size) - LOG_WARNING(Crypto, "Not all data was decrypted requested={:016X}, actual={:016X}.", - size, written); - } else { - const auto block_size = mbedtls_cipher_get_block_size(context); - - for (size_t offset = 0; offset < size; offset += block_size) { - auto length = std::min(block_size, size - offset); - mbedtls_cipher_update(context, reinterpret_cast(src) + offset, length, - reinterpret_cast(dest) + offset, &written); - if (written != length) - LOG_WARNING(Crypto, - "Not all data was decrypted requested={:016X}, actual={:016X}.", - length, written); - } - } - - mbedtls_cipher_finish(context, nullptr, nullptr); + Transcode(reinterpret_cast(src), size, reinterpret_cast(dest), op); } + void Transcode(const u8* src, size_t size, u8* dest, Op op); + template void XTSTranscode(const Source* src, size_t size, Dest* dest, size_t sector_id, size_t sector_size, Op op) { - if (size % sector_size > 0) { - LOG_CRITICAL(Crypto, "Data size must be a multiple of sector size."); - return; - } - - for (size_t i = 0; i < size; i += sector_size) { - SetIV(CalculateNintendoTweak(sector_id++)); - Transcode(reinterpret_cast(src) + i, sector_size, - reinterpret_cast(dest) + i, op); - } + XTSTranscode(reinterpret_cast(src), size, reinterpret_cast(dest), sector_id, sector_size, op); } + void XTSTranscode(const u8* src, size_t size, u8* dest, size_t sector_id, size_t sector_size, Op op); + private: - mbedtls_cipher_context_t encryption_context; - mbedtls_cipher_context_t decryption_context; - - static std::vector CalculateNintendoTweak(size_t sector_id) { - std::vector out(0x10); - for (size_t i = 0xF; i <= 0xF; --i) { - out[i] = sector_id & 0xFF; - sector_id >>= 8; - } - return out; - } + std::unique_ptr encryption_context; + std::unique_ptr decryption_context; + + static std::vector CalculateNintendoTweak(size_t sector_id); }; } // namespace Crypto -- cgit v1.2.3 From 239a3113e4c6a53a2c7b12e67a0f21afae24b0aa Mon Sep 17 00:00:00 2001 From: Zach Hilman Date: Sat, 28 Jul 2018 21:39:42 -0400 Subject: Make XCI comply to review and style guidelines --- src/core/crypto/aes_util.cpp | 82 ++++--- src/core/crypto/aes_util.h | 13 +- src/core/crypto/ctr_encryption_layer.cpp | 20 +- src/core/crypto/ctr_encryption_layer.h | 15 +- src/core/crypto/encryption_layer.cpp | 4 +- src/core/crypto/encryption_layer.h | 5 +- src/core/crypto/key_manager.cpp | 376 ++++++------------------------- src/core/crypto/key_manager.h | 77 +++---- 8 files changed, 187 insertions(+), 405 deletions(-) (limited to 'src/core/crypto') diff --git a/src/core/crypto/aes_util.cpp b/src/core/crypto/aes_util.cpp index a9646e52f..4690af5f8 100644 --- a/src/core/crypto/aes_util.cpp +++ b/src/core/crypto/aes_util.cpp @@ -2,58 +2,69 @@ // Licensed under GPLv2 or any later version // Refer to the license.txt file included. +#include #include "core/crypto/aes_util.h" -#include "mbedtls/cipher.h" +#include "core/crypto/key_manager.h" namespace Core::Crypto { -static_assert(static_cast(Mode::CTR) == static_cast(MBEDTLS_CIPHER_AES_128_CTR), "CTR mode is incorrect."); -static_assert(static_cast(Mode::ECB) == static_cast(MBEDTLS_CIPHER_AES_128_ECB), "ECB mode is incorrect."); -static_assert(static_cast(Mode::XTS) == static_cast(MBEDTLS_CIPHER_AES_128_XTS), "XTS mode is incorrect."); -template -Crypto::AESCipher::AESCipher(Key key, Mode mode) { - mbedtls_cipher_init(encryption_context.get()); - mbedtls_cipher_init(decryption_context.get()); +static_assert(static_cast(Mode::CTR) == static_cast(MBEDTLS_CIPHER_AES_128_CTR), + "CTR has incorrect value."); +static_assert(static_cast(Mode::ECB) == static_cast(MBEDTLS_CIPHER_AES_128_ECB), + "ECB has incorrect value."); +static_assert(static_cast(Mode::XTS) == static_cast(MBEDTLS_CIPHER_AES_128_XTS), + "XTS has incorrect value."); + +// Structure to hide mbedtls types from header file +struct CipherContext { + mbedtls_cipher_context_t encryption_context; + mbedtls_cipher_context_t decryption_context; +}; + +template +Crypto::AESCipher::AESCipher(Key key, Mode mode) + : ctx(std::make_unique()) { + mbedtls_cipher_init(&ctx->encryption_context); + mbedtls_cipher_init(&ctx->decryption_context); ASSERT_MSG((mbedtls_cipher_setup( - encryption_context.get(), - mbedtls_cipher_info_from_type(static_cast(mode))) || - mbedtls_cipher_setup(decryption_context.get(), - mbedtls_cipher_info_from_type( - static_cast(mode)))) == 0, + &ctx->encryption_context, + mbedtls_cipher_info_from_type(static_cast(mode))) || + mbedtls_cipher_setup( + &ctx->decryption_context, + mbedtls_cipher_info_from_type(static_cast(mode)))) == 0, "Failed to initialize mbedtls ciphers."); ASSERT( - !mbedtls_cipher_setkey(encryption_context.get(), key.data(), KeySize * 8, MBEDTLS_ENCRYPT)); + !mbedtls_cipher_setkey(&ctx->encryption_context, key.data(), KeySize * 8, MBEDTLS_ENCRYPT)); ASSERT( - !mbedtls_cipher_setkey(decryption_context.get(), key.data(), KeySize * 8, MBEDTLS_DECRYPT)); + !mbedtls_cipher_setkey(&ctx->decryption_context, key.data(), KeySize * 8, MBEDTLS_DECRYPT)); //"Failed to set key on mbedtls ciphers."); } -template +template AESCipher::~AESCipher() { - mbedtls_cipher_free(encryption_context.get()); - mbedtls_cipher_free(decryption_context.get()); + mbedtls_cipher_free(&ctx->encryption_context); + mbedtls_cipher_free(&ctx->decryption_context); } -template +template void AESCipher::SetIV(std::vector iv) { - ASSERT_MSG((mbedtls_cipher_set_iv(encryption_context.get(), iv.data(), iv.size()) || - mbedtls_cipher_set_iv(decryption_context.get(), iv.data(), iv.size())) == 0, + ASSERT_MSG((mbedtls_cipher_set_iv(&ctx->encryption_context, iv.data(), iv.size()) || + mbedtls_cipher_set_iv(&ctx->decryption_context, iv.data(), iv.size())) == 0, "Failed to set IV on mbedtls ciphers."); } -template -void AESCipher::Transcode(const u8* src, size_t size, u8* dest, Op op) { +template +void AESCipher::Transcode(const u8* src, size_t size, u8* dest, Op op) { size_t written = 0; - const auto context = op == Op::Encrypt ? encryption_context.get() : decryption_context.get(); + const auto context = op == Op::Encrypt ? &ctx->encryption_context : &ctx->decryption_context; mbedtls_cipher_reset(context); if (mbedtls_cipher_get_cipher_mode(context) == MBEDTLS_MODE_XTS) { - mbedtls_cipher_update(context, src, size, - dest, &written); + mbedtls_cipher_update(context, src, size, dest, &written); if (written != size) LOG_WARNING(Crypto, "Not all data was decrypted requested={:016X}, actual={:016X}.", size, written); @@ -62,11 +73,9 @@ void AESCipher::Transcode(const u8* src, size_t size, u8* dest, Op for (size_t offset = 0; offset < size; offset += block_size) { auto length = std::min(block_size, size - offset); - mbedtls_cipher_update(context, src + offset, length, - dest + offset, &written); + mbedtls_cipher_update(context, src + offset, length, dest + offset, &written); if (written != length) - LOG_WARNING(Crypto, - "Not all data was decrypted requested={:016X}, actual={:016X}.", + LOG_WARNING(Crypto, "Not all data was decrypted requested={:016X}, actual={:016X}.", length, written); } } @@ -74,9 +83,9 @@ void AESCipher::Transcode(const u8* src, size_t size, u8* dest, Op mbedtls_cipher_finish(context, nullptr, nullptr); } -template -void AESCipher::XTSTranscode(const u8* src, size_t size, u8* dest, size_t sector_id, size_t sector_size, - Op op) { +template +void AESCipher::XTSTranscode(const u8* src, size_t size, u8* dest, size_t sector_id, + size_t sector_size, Op op) { if (size % sector_size > 0) { LOG_CRITICAL(Crypto, "Data size must be a multiple of sector size."); return; @@ -84,12 +93,11 @@ void AESCipher::XTSTranscode(const u8* src, size_t size, u8* dest, for (size_t i = 0; i < size; i += sector_size) { SetIV(CalculateNintendoTweak(sector_id++)); - Transcode(src + i, sector_size, - dest + i, op); + Transcode(src + i, sector_size, dest + i, op); } } -template +template std::vector AESCipher::CalculateNintendoTweak(size_t sector_id) { std::vector out(0x10); for (size_t i = 0xF; i <= 0xF; --i) { @@ -101,4 +109,4 @@ std::vector AESCipher::CalculateNintendoTweak(size_t sector_id template class AESCipher; template class AESCipher; -} \ No newline at end of file +} // namespace Core::Crypto \ No newline at end of file diff --git a/src/core/crypto/aes_util.h b/src/core/crypto/aes_util.h index 5c09718b2..fa77d5560 100644 --- a/src/core/crypto/aes_util.h +++ b/src/core/crypto/aes_util.h @@ -20,7 +20,7 @@ enum class Op { Decrypt, }; -struct mbedtls_cipher_context_t; +struct CipherContext; template class AESCipher { @@ -44,15 +44,16 @@ public: template void XTSTranscode(const Source* src, size_t size, Dest* dest, size_t sector_id, size_t sector_size, Op op) { - XTSTranscode(reinterpret_cast(src), size, reinterpret_cast(dest), sector_id, sector_size, op); + XTSTranscode(reinterpret_cast(src), size, reinterpret_cast(dest), sector_id, + sector_size, op); } - void XTSTranscode(const u8* src, size_t size, u8* dest, size_t sector_id, size_t sector_size, Op op); + void XTSTranscode(const u8* src, size_t size, u8* dest, size_t sector_id, size_t sector_size, + Op op); private: - std::unique_ptr encryption_context; - std::unique_ptr decryption_context; + std::unique_ptr ctx; static std::vector CalculateNintendoTweak(size_t sector_id); }; -} // namespace Crypto +} // namespace Core::Crypto diff --git a/src/core/crypto/ctr_encryption_layer.cpp b/src/core/crypto/ctr_encryption_layer.cpp index 6a0d396ed..5dbc257e5 100644 --- a/src/core/crypto/ctr_encryption_layer.cpp +++ b/src/core/crypto/ctr_encryption_layer.cpp @@ -6,7 +6,8 @@ #include "common/assert.h" #include "core/crypto/ctr_encryption_layer.h" -namespace Crypto { +namespace Core::Crypto { + CTREncryptionLayer::CTREncryptionLayer(FileSys::VirtualFile base_, Key128 key_, size_t base_offset) : EncryptionLayer(std::move(base_)), base_offset(base_offset), cipher(key_, Mode::CTR), iv(16, 0) {} @@ -21,29 +22,28 @@ size_t CTREncryptionLayer::Read(u8* data, size_t length, size_t offset) const { std::vector raw = base->ReadBytes(length, offset); if (raw.size() != length) return Read(data, raw.size(), offset); - cipher.Transcode(raw.data(), length, data, Op::DECRYPT); + cipher.Transcode(raw.data(), length, data, Op::Decrypt); return length; } // offset does not fall on block boundary (0x10) std::vector block = base->ReadBytes(0x10, offset - sector_offset); UpdateIV(base_offset + offset - sector_offset); - cipher.Transcode(block.data(), block.size(), block.data(), Op::DECRYPT); + cipher.Transcode(block.data(), block.size(), block.data(), Op::Decrypt); size_t read = 0x10 - sector_offset; if (length + sector_offset < 0x10) { - memcpy_s(data, length, block.data() + sector_offset, std::min(length, read)); + memcpy(data, block.data() + sector_offset, std::min(length, read)); return read; } - memcpy_s(data, length, block.data() + sector_offset, read); + memcpy(data, block.data() + sector_offset, read); return read + Read(data + read, length - read, offset + read); } -void CTREncryptionLayer::SetIV(std::vector iv_) { - const auto length = std::min(iv_.size(), iv.size()); - for (size_t i = 0; i < length; ++i) - iv[i] = iv_[i]; +void CTREncryptionLayer::SetIV(const std::vector& iv_) { + const auto length = std::min(iv_.size(), iv.size()); + iv.assign(iv_.cbegin(), iv_.cbegin() + length); } void CTREncryptionLayer::UpdateIV(size_t offset) const { @@ -54,4 +54,4 @@ void CTREncryptionLayer::UpdateIV(size_t offset) const { } cipher.SetIV(iv); } -} // namespace Crypto +} // namespace Core::Crypto diff --git a/src/core/crypto/ctr_encryption_layer.h b/src/core/crypto/ctr_encryption_layer.h index fe53e714b..697d7c6a5 100644 --- a/src/core/crypto/ctr_encryption_layer.h +++ b/src/core/crypto/ctr_encryption_layer.h @@ -4,19 +4,20 @@ #pragma once -#include "aes_util.h" -#include "encryption_layer.h" -#include "key_manager.h" +#include "core/crypto/aes_util.h" +#include "core/crypto/encryption_layer.h" +#include "core/crypto/key_manager.h" -namespace Crypto { +namespace Core::Crypto { // Sits on top of a VirtualFile and provides CTR-mode AES decription. -struct CTREncryptionLayer : public EncryptionLayer { +class CTREncryptionLayer : public EncryptionLayer { +public: CTREncryptionLayer(FileSys::VirtualFile base, Key128 key, size_t base_offset); size_t Read(u8* data, size_t length, size_t offset) const override; - void SetIV(std::vector iv); + void SetIV(const std::vector& iv); private: size_t base_offset; @@ -28,4 +29,4 @@ private: void UpdateIV(size_t offset) const; }; -} // namespace Crypto +} // namespace Core::Crypto diff --git a/src/core/crypto/encryption_layer.cpp b/src/core/crypto/encryption_layer.cpp index 4e243051e..4204527e3 100644 --- a/src/core/crypto/encryption_layer.cpp +++ b/src/core/crypto/encryption_layer.cpp @@ -4,7 +4,7 @@ #include "core/crypto/encryption_layer.h" -namespace Crypto { +namespace Core::Crypto { EncryptionLayer::EncryptionLayer(FileSys::VirtualFile base_) : base(std::move(base_)) {} @@ -39,4 +39,4 @@ size_t EncryptionLayer::Write(const u8* data, size_t length, size_t offset) { bool EncryptionLayer::Rename(std::string_view name) { return base->Rename(name); } -} // namespace Crypto +} // namespace Core::Crypto diff --git a/src/core/crypto/encryption_layer.h b/src/core/crypto/encryption_layer.h index 2312870d8..84f11bf5e 100644 --- a/src/core/crypto/encryption_layer.h +++ b/src/core/crypto/encryption_layer.h @@ -3,9 +3,10 @@ // Refer to the license.txt file included. #pragma once + #include "core/file_sys/vfs.h" -namespace Crypto { +namespace Core::Crypto { // Basically non-functional class that implements all of the methods that are irrelevant to an // EncryptionLayer. Reduces duplicate code. @@ -27,4 +28,4 @@ protected: FileSys::VirtualFile base; }; -} // namespace Crypto +} // namespace Core::Crypto diff --git a/src/core/crypto/key_manager.cpp b/src/core/crypto/key_manager.cpp index 05c6a70a2..ea20bc31b 100644 --- a/src/core/crypto/key_manager.cpp +++ b/src/core/crypto/key_manager.cpp @@ -5,238 +5,15 @@ #include #include #include +#include #include "common/assert.h" +#include "common/common_paths.h" +#include "common/file_util.h" #include "common/logging/log.h" #include "core/crypto/key_manager.h" -#include "mbedtls/sha256.h" +#include "core/settings.h" -namespace Crypto { -KeyManager keys = {}; - -std::unordered_map, SHA256Hash> KeyManager::s128_hash_prod = { - {{S128KeyType::MASTER, 0, 0}, - "0EE359BE3C864BB0782E1D70A718A0342C551EED28C369754F9C4F691BECF7CA"_array32}, - {{S128KeyType::MASTER, 1, 0}, - "4FE707B7E4ABDAF727C894AAF13B1351BFE2AC90D875F73B2E20FA94B9CC661E"_array32}, - {{S128KeyType::MASTER, 2, 0}, - "79277C0237A2252EC3DFAC1F7C359C2B3D121E9DB15BB9AB4C2B4408D2F3AE09"_array32}, - {{S128KeyType::MASTER, 3, 0}, - "4F36C565D13325F65EE134073C6A578FFCB0008E02D69400836844EAB7432754"_array32}, - {{S128KeyType::MASTER, 4, 0}, - "75ff1d95d26113550ee6fcc20acb58e97edeb3a2ff52543ed5aec63bdcc3da50"_array32}, - {{S128KeyType::PACKAGE1, 0, 0}, - "4543CD1B7CAD7EE0466A3DE2086A0EF923805DCEA6C741541CDDB14F54F97B40"_array32}, - {{S128KeyType::PACKAGE1, 1, 0}, - "4A11DA019D26470C9B805F1721364830DC0096DD66EAC453B0D14455E5AF5CF8"_array32}, - {{S128KeyType::PACKAGE1, 2, 0}, - "CCA867360B3318246FBF0B8A86473176ED486DFE229772B941A02E84D50A3155"_array32}, - {{S128KeyType::PACKAGE1, 3, 0}, - "E65C383CDF526DFFAA77682868EBFA9535EE60D8075C961BBC1EDE5FBF7E3C5F"_array32}, - {{S128KeyType::PACKAGE1, 4, 0}, - "28ae73d6ae8f7206fca549e27097714e599df1208e57099416ff429b71370162"_array32}, - {{S128KeyType::PACKAGE2, 0, 0}, - "94D6F38B9D0456644E21DFF4707D092B70179B82D1AA2F5B6A76B8F9ED948264"_array32}, - {{S128KeyType::PACKAGE2, 1, 0}, - "7794F24FA879D378FEFDC8776B949B88AD89386410BE9025D463C619F1530509"_array32}, - {{S128KeyType::PACKAGE2, 2, 0}, - "5304BDDE6AC8E462961B5DB6E328B1816D245D36D6574BB78938B74D4418AF35"_array32}, - {{S128KeyType::PACKAGE2, 3, 0}, - "BE1E52C4345A979DDD4924375B91C902052C2E1CF8FBF2FAA42E8F26D5125B60"_array32}, - {{S128KeyType::PACKAGE2, 4, 0}, - "631b45d349ab8f76a050fe59512966fb8dbaf0755ef5b6903048bf036cfa611e"_array32}, - {{S128KeyType::TITLEKEK, 0, 0}, - "C2FA30CAC6AE1680466CB54750C24550E8652B3B6F38C30B49DADF067B5935E9"_array32}, - {{S128KeyType::TITLEKEK, 1, 0}, - "0D6B8F3746AD910D36438A859C11E8BE4310112425D63751D09B5043B87DE598"_array32}, - {{S128KeyType::TITLEKEK, 2, 0}, - "D09E18D3DB6BC7393536896F728528736FBEFCDD15C09D9D612FDE5C7BDCD821"_array32}, - {{S128KeyType::TITLEKEK, 3, 0}, - "47C6F9F7E99BB1F56DCDC93CDBD340EA82DCCD74DD8F3535ADA20ECF79D438ED"_array32}, - {{S128KeyType::TITLEKEK, 4, 0}, - "128610de8424cb29e08f9ee9a81c9e6ffd3c6662854aad0c8f937e0bcedc4d88"_array32}, - {{S128KeyType::ETICKET_RSA_KEK, 0, 0}, - "46cccf288286e31c931379de9efa288c95c9a15e40b00a4c563a8be244ece515"_array32}, - {{S128KeyType::KEY_AREA, 0, static_cast(KeyAreaKeyType::Application)}, - "592957F44FE5DB5EC6B095F568910E31A226D3B7FE42D64CFB9CE4051E90AEB6"_array32}, - {{S128KeyType::KEY_AREA, 1, static_cast(KeyAreaKeyType::Application)}, - "C2252A0FBF9D339ABC3D681351D00452F926E7CA0C6CA85F659078DE3FA647F3"_array32}, - {{S128KeyType::KEY_AREA, 2, static_cast(KeyAreaKeyType::Application)}, - "7C7722824B2F7C4938C40F3EA93E16CB69D3285EB133490EF8ECCD2C4B52DF41"_array32}, - {{S128KeyType::KEY_AREA, 3, static_cast(KeyAreaKeyType::Application)}, - "AFBB8EBFB2094F1CF71E330826AE06D64414FCA128C464618DF30EED92E62BE6"_array32}, - {{S128KeyType::KEY_AREA, 4, static_cast(KeyAreaKeyType::Application)}, - "5dc10eb81918da3f2fa90f69c8542511963656cfb31fb7c779581df8faf1f2f5"_array32}, - {{S128KeyType::KEY_AREA, 0, static_cast(KeyAreaKeyType::Ocean)}, - "AA2C65F0E27F730807A13F2ED5B99BE5183165B87C50B6ED48F5CAC2840687EB"_array32}, - {{S128KeyType::KEY_AREA, 1, static_cast(KeyAreaKeyType::Ocean)}, - "860185F2313A14F7006A029CB21A52750E7718C1E94FFB98C0AE2207D1A60165"_array32}, - {{S128KeyType::KEY_AREA, 2, static_cast(KeyAreaKeyType::Ocean)}, - "7283FB1EFBD42438DADF363FDB776ED355C98737A2AAE75D0E9283CE1C12A2E4"_array32}, - {{S128KeyType::KEY_AREA, 3, static_cast(KeyAreaKeyType::Ocean)}, - "9881C2D3AB70B14C8AA12016FC73ADAD93C6AD9FB59A9ECAD312B6F89E2413EC"_array32}, - {{S128KeyType::KEY_AREA, 4, static_cast(KeyAreaKeyType::Ocean)}, - "eaa6a8d242b89e174928fa9549a0f66ec1562e2576fac896f438a2b3c1fb6005"_array32}, - {{S128KeyType::KEY_AREA, 0, static_cast(KeyAreaKeyType::System)}, - "194CF6BD14554DA8D457E14CBFE04E55C8FB8CA52E0AFB3D7CB7084AE435B801"_array32}, - {{S128KeyType::KEY_AREA, 1, static_cast(KeyAreaKeyType::System)}, - "CE1DB7BB6E5962384889DB7A396AFD614F82F69DC38A33D2DEAF47F3E4B964B7"_array32}, - {{S128KeyType::KEY_AREA, 2, static_cast(KeyAreaKeyType::System)}, - "42238DE5685DEF4FDE7BE42C0097CEB92447006386D6B5D5AAA2C9AFD2E28422"_array32}, - {{S128KeyType::KEY_AREA, 3, static_cast(KeyAreaKeyType::System)}, - "1F6847F268E9D9C5D1AD4D7E226A63B833BF02071446957A962EF065521879C1"_array32}, - {{S128KeyType::KEY_AREA, 4, static_cast(KeyAreaKeyType::System)}, - "644007f9913c3602399d4d75cc34faeb7f1faad18b23e34187b16fdc45f4980f"_array32}, -}; - -std::unordered_map, SHA256Hash> KeyManager::s256_hash_prod = { - {{S256KeyType::HEADER, 0, 0}, - "8E03DE24818D96CE4F2A09B43AF979E679974F7570713A61EED8B314864A11D5"_array32}, - {{S256KeyType::SD_SAVE, 0, 0}, - "13020ee72d0f8b8f9112dc738b829fdb017102499a7c2259b52aeefc0a273f5c"_array32}, - {{S256KeyType::SD_NCA, 0, 0}, - "8a1c05b4f88bae5b04d77f632e6acfc8893c4a05fd701f53585daafc996b532a"_array32}, -}; - -// TODO(DarkLordZach): Find missing hashes for dev keys. - -std::unordered_map, SHA256Hash> KeyManager::s128_hash_dev = { - {{S128KeyType::MASTER, 0, 0}, - "779dd8b533a2fb670f27b308cb8d0151c4a107568b817429172b7f80aa592c25"_array32}, - {{S128KeyType::MASTER, 1, 0}, - "0175c8bc49771576f75527be719098db4ebaf77707206749415663aa3a9ea9cc"_array32}, - {{S128KeyType::MASTER, 2, 0}, - "4f0b4d724e5a8787268157c7ce0767c26d2e2021832aa7020f306d6e260eea42"_array32}, - {{S128KeyType::MASTER, 3, 0}, - "7b5a29586c1f84f66fbfabb94518fc45408bb8e5445253d063dda7cfef2a818c"_array32}, - {{S128KeyType::MASTER, 4, 0}, - "87a61dbb05a8755de7fe069562aab38ebfb266c9eb835f09fa62dacc89c98341"_array32}, - {{S128KeyType::PACKAGE1, 0, 0}, - "166510bc63ae50391ebe4ee4ff90ca31cd0e2dd0ff6be839a2f573ec146cc23a"_array32}, - {{S128KeyType::PACKAGE1, 1, 0}, - "f74cd01b86743139c920ec54a8116c669eea805a0be1583e13fc5bc8de68645b"_array32}, - {{S128KeyType::PACKAGE1, 2, 0}, - "d0cdecd513bb6aa3d9dc6244c977dc8a5a7ea157d0a8747d79e7581146e1f768"_array32}, - {{S128KeyType::PACKAGE1, 3, 0}, - "aa39394d626b3b79f5b7ccc07378b5996b6d09bf0eb6771b0b40c9077fbfde8c"_array32}, - {{S128KeyType::PACKAGE1, 4, 0}, - "8f4754b8988c0e673fc2bbea0534cdd6075c815c9270754ae980aef3e4f0a508"_array32}, - {{S128KeyType::PACKAGE2, 0, 0}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::PACKAGE2, 1, 0}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::PACKAGE2, 2, 0}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::PACKAGE2, 3, 0}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::PACKAGE2, 4, 0}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::TITLEKEK, 0, 0}, - "C2FA30CAC6AE1680466CB54750C24550E8652B3B6F38C30B49DADF067B5935E9"_array32}, - {{S128KeyType::TITLEKEK, 1, 0}, - "0D6B8F3746AD910D36438A859C11E8BE4310112425D63751D09B5043B87DE598"_array32}, - {{S128KeyType::TITLEKEK, 2, 0}, - "D09E18D3DB6BC7393536896F728528736FBEFCDD15C09D9D612FDE5C7BDCD821"_array32}, - {{S128KeyType::TITLEKEK, 3, 0}, - "47C6F9F7E99BB1F56DCDC93CDBD340EA82DCCD74DD8F3535ADA20ECF79D438ED"_array32}, - {{S128KeyType::TITLEKEK, 4, 0}, - "128610de8424cb29e08f9ee9a81c9e6ffd3c6662854aad0c8f937e0bcedc4d88"_array32}, - {{S128KeyType::ETICKET_RSA_KEK, 0, 0}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::KEY_AREA, 0, static_cast(KeyAreaKeyType::Application)}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::KEY_AREA, 1, static_cast(KeyAreaKeyType::Application)}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::KEY_AREA, 2, static_cast(KeyAreaKeyType::Application)}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::KEY_AREA, 3, static_cast(KeyAreaKeyType::Application)}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::KEY_AREA, 4, static_cast(KeyAreaKeyType::Application)}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::KEY_AREA, 0, static_cast(KeyAreaKeyType::Ocean)}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::KEY_AREA, 1, static_cast(KeyAreaKeyType::Ocean)}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::KEY_AREA, 2, static_cast(KeyAreaKeyType::Ocean)}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::KEY_AREA, 3, static_cast(KeyAreaKeyType::Ocean)}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::KEY_AREA, 4, static_cast(KeyAreaKeyType::Ocean)}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::KEY_AREA, 0, static_cast(KeyAreaKeyType::System)}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::KEY_AREA, 1, static_cast(KeyAreaKeyType::System)}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::KEY_AREA, 2, static_cast(KeyAreaKeyType::System)}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::KEY_AREA, 3, static_cast(KeyAreaKeyType::System)}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S128KeyType::KEY_AREA, 4, static_cast(KeyAreaKeyType::System)}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, -}; - -std::unordered_map, SHA256Hash> KeyManager::s256_hash_dev = { - {{S256KeyType::HEADER, 0, 0}, - "ecde86a76e37ac4fd7591d3aa55c00cc77d8595fc27968052ec18a177d939060"_array32}, - {{S256KeyType::SD_SAVE, 0, 0}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, - {{S256KeyType::SD_NCA, 0, 0}, - "0000000000000000000000000000000000000000000000000000000000000000"_array32}, -}; - -std::unordered_map> KeyManager::s128_file_id = { - {"master_key_00", {S128KeyType::MASTER, 0, 0}}, - {"master_key_01", {S128KeyType::MASTER, 1, 0}}, - {"master_key_02", {S128KeyType::MASTER, 2, 0}}, - {"master_key_03", {S128KeyType::MASTER, 3, 0}}, - {"master_key_04", {S128KeyType::MASTER, 4, 0}}, - {"package1_key_00", {S128KeyType::PACKAGE1, 0, 0}}, - {"package1_key_01", {S128KeyType::PACKAGE1, 1, 0}}, - {"package1_key_02", {S128KeyType::PACKAGE1, 2, 0}}, - {"package1_key_03", {S128KeyType::PACKAGE1, 3, 0}}, - {"package1_key_04", {S128KeyType::PACKAGE1, 4, 0}}, - {"package2_key_00", {S128KeyType::PACKAGE2, 0, 0}}, - {"package2_key_01", {S128KeyType::PACKAGE2, 1, 0}}, - {"package2_key_02", {S128KeyType::PACKAGE2, 2, 0}}, - {"package2_key_03", {S128KeyType::PACKAGE2, 3, 0}}, - {"package2_key_04", {S128KeyType::PACKAGE2, 4, 0}}, - {"titlekek_00", {S128KeyType::TITLEKEK, 0, 0}}, - {"titlekek_01", {S128KeyType::TITLEKEK, 1, 0}}, - {"titlekek_02", {S128KeyType::TITLEKEK, 2, 0}}, - {"titlekek_03", {S128KeyType::TITLEKEK, 3, 0}}, - {"titlekek_04", {S128KeyType::TITLEKEK, 4, 0}}, - {"eticket_rsa_kek", {S128KeyType::ETICKET_RSA_KEK, 0, 0}}, - {"key_area_key_application_00", - {S128KeyType::KEY_AREA, 0, static_cast(KeyAreaKeyType::Application)}}, - {"key_area_key_application_01", - {S128KeyType::KEY_AREA, 1, static_cast(KeyAreaKeyType::Application)}}, - {"key_area_key_application_02", - {S128KeyType::KEY_AREA, 2, static_cast(KeyAreaKeyType::Application)}}, - {"key_area_key_application_03", - {S128KeyType::KEY_AREA, 3, static_cast(KeyAreaKeyType::Application)}}, - {"key_area_key_application_04", - {S128KeyType::KEY_AREA, 4, static_cast(KeyAreaKeyType::Application)}}, - {"key_area_key_ocean_00", {S128KeyType::KEY_AREA, 0, static_cast(KeyAreaKeyType::Ocean)}}, - {"key_area_key_ocean_01", {S128KeyType::KEY_AREA, 1, static_cast(KeyAreaKeyType::Ocean)}}, - {"key_area_key_ocean_02", {S128KeyType::KEY_AREA, 2, static_cast(KeyAreaKeyType::Ocean)}}, - {"key_area_key_ocean_03", {S128KeyType::KEY_AREA, 3, static_cast(KeyAreaKeyType::Ocean)}}, - {"key_area_key_ocean_04", {S128KeyType::KEY_AREA, 4, static_cast(KeyAreaKeyType::Ocean)}}, - {"key_area_key_system_00", - {S128KeyType::KEY_AREA, 0, static_cast(KeyAreaKeyType::System)}}, - {"key_area_key_system_01", - {S128KeyType::KEY_AREA, 1, static_cast(KeyAreaKeyType::System)}}, - {"key_area_key_system_02", - {S128KeyType::KEY_AREA, 2, static_cast(KeyAreaKeyType::System)}}, - {"key_area_key_system_03", - {S128KeyType::KEY_AREA, 3, static_cast(KeyAreaKeyType::System)}}, - {"key_area_key_system_04", - {S128KeyType::KEY_AREA, 4, static_cast(KeyAreaKeyType::System)}}, -}; - -std::unordered_map> KeyManager::s256_file_id = { - {"header_key", {S256KeyType::HEADER, 0, 0}}, - {"sd_card_save_key", {S256KeyType::SD_SAVE, 0, 0}}, - {"sd_card_nca_key", {S256KeyType::SD_NCA, 0, 0}}, -}; +namespace Core::Crypto { static u8 ToHexNibble(char c1) { if (c1 >= 65 && c1 <= 70) @@ -271,8 +48,20 @@ std::array operator""_array32(const char* str, size_t len) { return HexStringToArray<32>(str); } -void KeyManager::SetValidationMode(bool dev) { - dev_mode = dev; +KeyManager::KeyManager() { + // Initialize keys + std::string keys_dir = FileUtil::GetHactoolConfigurationPath(); + if (Settings::values.use_dev_keys) { + dev_mode = true; + if (FileUtil::Exists(keys_dir + DIR_SEP + "dev.keys")) + LoadFromFile(keys_dir + DIR_SEP + "dev.keys", false); + } else { + dev_mode = false; + if (FileUtil::Exists(keys_dir + DIR_SEP + "prod.keys")) + LoadFromFile(keys_dir + DIR_SEP + "prod.keys", false); + } + if (FileUtil::Exists(keys_dir + DIR_SEP + "title.keys")) + LoadFromFile(keys_dir + DIR_SEP + "title.keys", true); } void KeyManager::LoadFromFile(std::string_view filename_, bool is_title_keys) { @@ -299,7 +88,7 @@ void KeyManager::LoadFromFile(std::string_view filename_, bool is_title_keys) { auto rights_id_raw = HexStringToArray<16>(out[0]); u128 rights_id = *reinterpret_cast*>(&rights_id_raw); Key128 key = HexStringToArray<16>(out[1]); - SetKey(S128KeyType::TITLEKEY, key, rights_id[1], rights_id[0]); + SetKey(S128KeyType::Titlekey, key, rights_id[1], rights_id[0]); } else { std::transform(out[0].begin(), out[0].end(), out[0].begin(), ::tolower); if (s128_file_id.find(out[0]) != s128_file_id.end()) { @@ -315,24 +104,24 @@ void KeyManager::LoadFromFile(std::string_view filename_, bool is_title_keys) { } } -bool KeyManager::HasKey(S128KeyType id, u64 field1, u64 field2) { +bool KeyManager::HasKey(S128KeyType id, u64 field1, u64 field2) const { return s128_keys.find({id, field1, field2}) != s128_keys.end(); } -bool KeyManager::HasKey(S256KeyType id, u64 field1, u64 field2) { +bool KeyManager::HasKey(S256KeyType id, u64 field1, u64 field2) const { return s256_keys.find({id, field1, field2}) != s256_keys.end(); } -Key128 KeyManager::GetKey(S128KeyType id, u64 field1, u64 field2) { +Key128 KeyManager::GetKey(S128KeyType id, u64 field1, u64 field2) const { if (!HasKey(id, field1, field2)) return {}; - return s128_keys[{id, field1, field2}]; + return s128_keys.at({id, field1, field2}); } -Key256 KeyManager::GetKey(S256KeyType id, u64 field1, u64 field2) { +Key256 KeyManager::GetKey(S256KeyType id, u64 field1, u64 field2) const { if (!HasKey(id, field1, field2)) return {}; - return s256_keys[{id, field1, field2}]; + return s256_keys.at({id, field1, field2}); } void KeyManager::SetKey(S128KeyType id, Key128 key, u64 field1, u64 field2) { @@ -343,68 +132,53 @@ void KeyManager::SetKey(S256KeyType id, Key256 key, u64 field1, u64 field2) { s256_keys[{id, field1, field2}] = key; } -bool KeyManager::ValidateKey(S128KeyType key, u64 field1, u64 field2) { - auto& hash = dev_mode ? s128_hash_dev : s128_hash_prod; - - KeyIndex id = {key, field1, field2}; - if (key == S128KeyType::SD_SEED || key == S128KeyType::TITLEKEY || - hash.find(id) == hash.end()) { - LOG_WARNING(Crypto, "Could not validate [{}]", id.DebugInfo()); - return true; - } - - if (!HasKey(key, field1, field2)) { - LOG_CRITICAL(Crypto, - "System has requested validation of [{}], but user has not added it. Add this " - "key to use functionality.", - id.DebugInfo()); - return false; - } - - SHA256Hash key_hash{}; - const auto a_key = GetKey(key, field1, field2); - mbedtls_sha256(a_key.data(), a_key.size(), key_hash.data(), 0); - if (key_hash != hash[id]) { - LOG_CRITICAL(Crypto, - "The hash of the provided key for [{}] does not match the one on file. This " - "means you probably have an incorrect key. If you believe this to be in " - "error, contact the yuzu devs.", - id.DebugInfo()); - return false; - } - - return true; -} - -bool KeyManager::ValidateKey(S256KeyType key, u64 field1, u64 field2) { - auto& hash = dev_mode ? s256_hash_dev : s256_hash_prod; - - KeyIndex id = {key, field1, field2}; - if (hash.find(id) == hash.end()) { - LOG_ERROR(Crypto, "Could not validate [{}]", id.DebugInfo()); - return true; - } - - if (!HasKey(key, field1, field2)) { - LOG_ERROR(Crypto, - "System has requested validation of [{}], but user has not added it. Add this " - "key to use functionality.", - id.DebugInfo()); - return false; - } - - SHA256Hash key_hash{}; - const auto a_key = GetKey(key, field1, field2); - mbedtls_sha256(a_key.data(), a_key.size(), key_hash.data(), 0); - if (key_hash != hash[id]) { - LOG_CRITICAL(Crypto, - "The hash of the provided key for [{}] does not match the one on file. This " - "means you probably have an incorrect key. If you believe this to be in " - "error, contact the yuzu devs.", - id.DebugInfo()); - return false; - } +std::unordered_map> KeyManager::s128_file_id = { + {"master_key_00", {S128KeyType::Master, 0, 0}}, + {"master_key_01", {S128KeyType::Master, 1, 0}}, + {"master_key_02", {S128KeyType::Master, 2, 0}}, + {"master_key_03", {S128KeyType::Master, 3, 0}}, + {"master_key_04", {S128KeyType::Master, 4, 0}}, + {"package1_key_00", {S128KeyType::Package1, 0, 0}}, + {"package1_key_01", {S128KeyType::Package1, 1, 0}}, + {"package1_key_02", {S128KeyType::Package1, 2, 0}}, + {"package1_key_03", {S128KeyType::Package1, 3, 0}}, + {"package1_key_04", {S128KeyType::Package1, 4, 0}}, + {"package2_key_00", {S128KeyType::Package2, 0, 0}}, + {"package2_key_01", {S128KeyType::Package2, 1, 0}}, + {"package2_key_02", {S128KeyType::Package2, 2, 0}}, + {"package2_key_03", {S128KeyType::Package2, 3, 0}}, + {"package2_key_04", {S128KeyType::Package2, 4, 0}}, + {"titlekek_00", {S128KeyType::Titlekek, 0, 0}}, + {"titlekek_01", {S128KeyType::Titlekek, 1, 0}}, + {"titlekek_02", {S128KeyType::Titlekek, 2, 0}}, + {"titlekek_03", {S128KeyType::Titlekek, 3, 0}}, + {"titlekek_04", {S128KeyType::Titlekek, 4, 0}}, + {"eticket_rsa_kek", {S128KeyType::ETicketRSAKek, 0, 0}}, + {"key_area_key_application_00", + {S128KeyType::KeyArea, 0, static_cast(KeyAreaKeyType::Application)}}, + {"key_area_key_application_01", + {S128KeyType::KeyArea, 1, static_cast(KeyAreaKeyType::Application)}}, + {"key_area_key_application_02", + {S128KeyType::KeyArea, 2, static_cast(KeyAreaKeyType::Application)}}, + {"key_area_key_application_03", + {S128KeyType::KeyArea, 3, static_cast(KeyAreaKeyType::Application)}}, + {"key_area_key_application_04", + {S128KeyType::KeyArea, 4, static_cast(KeyAreaKeyType::Application)}}, + {"key_area_key_ocean_00", {S128KeyType::KeyArea, 0, static_cast(KeyAreaKeyType::Ocean)}}, + {"key_area_key_ocean_01", {S128KeyType::KeyArea, 1, static_cast(KeyAreaKeyType::Ocean)}}, + {"key_area_key_ocean_02", {S128KeyType::KeyArea, 2, static_cast(KeyAreaKeyType::Ocean)}}, + {"key_area_key_ocean_03", {S128KeyType::KeyArea, 3, static_cast(KeyAreaKeyType::Ocean)}}, + {"key_area_key_ocean_04", {S128KeyType::KeyArea, 4, static_cast(KeyAreaKeyType::Ocean)}}, + {"key_area_key_system_00", {S128KeyType::KeyArea, 0, static_cast(KeyAreaKeyType::System)}}, + {"key_area_key_system_01", {S128KeyType::KeyArea, 1, static_cast(KeyAreaKeyType::System)}}, + {"key_area_key_system_02", {S128KeyType::KeyArea, 2, static_cast(KeyAreaKeyType::System)}}, + {"key_area_key_system_03", {S128KeyType::KeyArea, 3, static_cast(KeyAreaKeyType::System)}}, + {"key_area_key_system_04", {S128KeyType::KeyArea, 4, static_cast(KeyAreaKeyType::System)}}, +}; - return true; -} -} // namespace Crypto +std::unordered_map> KeyManager::s256_file_id = { + {"header_key", {S256KeyType::Header, 0, 0}}, + {"sd_card_save_key", {S256KeyType::SDSave, 0, 0}}, + {"sd_card_nca_key", {S256KeyType::SDNCA, 0, 0}}, +}; +} // namespace Core::Crypto diff --git a/src/core/crypto/key_manager.h b/src/core/crypto/key_manager.h index b892a83f2..e04f1d49f 100644 --- a/src/core/crypto/key_manager.h +++ b/src/core/crypto/key_manager.h @@ -3,36 +3,37 @@ // Refer to the license.txt file included. #pragma once + #include #include #include #include #include "common/common_types.h" -namespace Crypto { +namespace Core::Crypto { -typedef std::array Key128; -typedef std::array Key256; -typedef std::array SHA256Hash; +using Key128 = std::array; +using Key256 = std::array; +using SHA256Hash = std::array; static_assert(sizeof(Key128) == 16, "Key128 must be 128 bytes big."); static_assert(sizeof(Key256) == 32, "Key128 must be 128 bytes big."); enum class S256KeyType : u64 { - HEADER, // - SD_SAVE, // - SD_NCA, // + Header, // + SDSave, // + SDNCA, // }; enum class S128KeyType : u64 { - MASTER, // f1=crypto revision - PACKAGE1, // f1=crypto revision - PACKAGE2, // f1=crypto revision - TITLEKEK, // f1=crypto revision - ETICKET_RSA_KEK, // - KEY_AREA, // f1=crypto revision f2=type {app, ocean, system} - SD_SEED, // - TITLEKEY, // f1=rights id LSB f2=rights id MSB + Master, // f1=crypto revision + Package1, // f1=crypto revision + Package2, // f1=crypto revision + Titlekek, // f1=crypto revision + ETicketRSAKek, // + KeyArea, // f1=crypto revision f2=type {app, ocean, system} + SDSeed, // + Titlekey, // f1=rights id LSB f2=rights id MSB }; enum class KeyAreaKeyType : u8 { @@ -47,7 +48,7 @@ struct KeyIndex { u64 field1; u64 field2; - std::string DebugInfo() { + std::string DebugInfo() const { u8 key_size = 16; if (std::is_same_v) key_size = 32; @@ -60,15 +61,20 @@ struct KeyIndex { template bool operator==(const KeyIndex& lhs, const KeyIndex& rhs) { - return lhs.type == rhs.type && lhs.field1 == rhs.field1 && lhs.field2 == rhs.field2; + return std::tie(lhs.type, lhs.field1, lhs.field2) == std::tie(rhs.type, rhs.field1, rhs.field2); } -} // namespace Crypto +template +bool operator!=(const KeyIndex& lhs, const KeyIndex& rhs) { + return !operator==(lhs, rhs); +} + +} // namespace Core::Crypto namespace std { template -struct hash> { - size_t operator()(const Crypto::KeyIndex& k) const { +struct hash> { + size_t operator()(const Core::Crypto::KeyIndex& k) const { using std::hash; return ((hash()(static_cast(k.type)) ^ (hash()(k.field1) << 1)) >> 1) ^ @@ -77,41 +83,32 @@ struct hash> { }; } // namespace std -namespace Crypto { +namespace Core::Crypto { std::array operator"" _array16(const char* str, size_t len); std::array operator"" _array32(const char* str, size_t len); -struct KeyManager { - void SetValidationMode(bool dev); - void LoadFromFile(std::string_view filename, bool is_title_keys); +class KeyManager { +public: + KeyManager(); - bool HasKey(S128KeyType id, u64 field1 = 0, u64 field2 = 0); - bool HasKey(S256KeyType id, u64 field1 = 0, u64 field2 = 0); + bool HasKey(S128KeyType id, u64 field1 = 0, u64 field2 = 0) const; + bool HasKey(S256KeyType id, u64 field1 = 0, u64 field2 = 0) const; - Key128 GetKey(S128KeyType id, u64 field1 = 0, u64 field2 = 0); - Key256 GetKey(S256KeyType id, u64 field1 = 0, u64 field2 = 0); + Key128 GetKey(S128KeyType id, u64 field1 = 0, u64 field2 = 0) const; + Key256 GetKey(S256KeyType id, u64 field1 = 0, u64 field2 = 0) const; void SetKey(S128KeyType id, Key128 key, u64 field1 = 0, u64 field2 = 0); void SetKey(S256KeyType id, Key256 key, u64 field1 = 0, u64 field2 = 0); - bool ValidateKey(S128KeyType key, u64 field1 = 0, u64 field2 = 0); - bool ValidateKey(S256KeyType key, u64 field1 = 0, u64 field2 = 0); - private: std::unordered_map, Key128> s128_keys; std::unordered_map, Key256> s256_keys; - bool dev_mode = false; + bool dev_mode; + void LoadFromFile(std::string_view filename, bool is_title_keys); - static std::unordered_map, SHA256Hash> s128_hash_prod; - static std::unordered_map, SHA256Hash> s256_hash_prod; - static std::unordered_map, SHA256Hash> s128_hash_dev; - static std::unordered_map, SHA256Hash> s256_hash_dev; static std::unordered_map> s128_file_id; static std::unordered_map> s256_file_id; }; - -extern KeyManager keys; - -} // namespace Crypto +} // namespace Core::Crypto -- cgit v1.2.3 From 150527ec194107f0ba5ea9bdef487782e64090ef Mon Sep 17 00:00:00 2001 From: Zach Hilman Date: Sun, 29 Jul 2018 18:42:04 -0400 Subject: Allow key loading from %YUZU_DIR%/keys in addition to ~/.switch --- src/core/crypto/key_manager.cpp | 25 ++++++++++++++++++------- src/core/crypto/key_manager.h | 2 ++ 2 files changed, 20 insertions(+), 7 deletions(-) (limited to 'src/core/crypto') diff --git a/src/core/crypto/key_manager.cpp b/src/core/crypto/key_manager.cpp index ea20bc31b..dea092b5e 100644 --- a/src/core/crypto/key_manager.cpp +++ b/src/core/crypto/key_manager.cpp @@ -12,6 +12,7 @@ #include "common/logging/log.h" #include "core/crypto/key_manager.h" #include "core/settings.h" +#include "key_manager.h" namespace Core::Crypto { @@ -50,18 +51,17 @@ std::array operator""_array32(const char* str, size_t len) { KeyManager::KeyManager() { // Initialize keys - std::string keys_dir = FileUtil::GetHactoolConfigurationPath(); + std::string hactool_keys_dir = FileUtil::GetHactoolConfigurationPath(); + std::string yuzu_keys_dir = FileUtil::GetUserPath(FileUtil::UserPath::KeysDir); if (Settings::values.use_dev_keys) { dev_mode = true; - if (FileUtil::Exists(keys_dir + DIR_SEP + "dev.keys")) - LoadFromFile(keys_dir + DIR_SEP + "dev.keys", false); + AttemptLoadKeyFile(yuzu_keys_dir, hactool_keys_dir, "dev.keys", false); } else { dev_mode = false; - if (FileUtil::Exists(keys_dir + DIR_SEP + "prod.keys")) - LoadFromFile(keys_dir + DIR_SEP + "prod.keys", false); + AttemptLoadKeyFile(yuzu_keys_dir, hactool_keys_dir, "prod.keys", false); } - if (FileUtil::Exists(keys_dir + DIR_SEP + "title.keys")) - LoadFromFile(keys_dir + DIR_SEP + "title.keys", true); + + AttemptLoadKeyFile(yuzu_keys_dir, hactool_keys_dir, "title.keys", true); } void KeyManager::LoadFromFile(std::string_view filename_, bool is_title_keys) { @@ -104,6 +104,17 @@ void KeyManager::LoadFromFile(std::string_view filename_, bool is_title_keys) { } } +void KeyManager::AttemptLoadKeyFile(std::string_view dir1_, std::string_view dir2_, + std::string_view filename_, bool title) { + std::string dir1(dir1_); + std::string dir2(dir2_); + std::string filename(filename_); + if (FileUtil::Exists(dir1 + DIR_SEP + filename)) + LoadFromFile(dir1 + DIR_SEP + filename, title); + else if (FileUtil::Exists(dir2 + DIR_SEP + filename)) + LoadFromFile(dir2 + DIR_SEP + filename, title); +} + bool KeyManager::HasKey(S128KeyType id, u64 field1, u64 field2) const { return s128_keys.find({id, field1, field2}) != s128_keys.end(); } diff --git a/src/core/crypto/key_manager.h b/src/core/crypto/key_manager.h index e04f1d49f..a52ea4cb9 100644 --- a/src/core/crypto/key_manager.h +++ b/src/core/crypto/key_manager.h @@ -107,6 +107,8 @@ private: bool dev_mode; void LoadFromFile(std::string_view filename, bool is_title_keys); + void AttemptLoadKeyFile(std::string_view dir1, std::string_view dir2, std::string_view filename, + bool title); static std::unordered_map> s128_file_id; static std::unordered_map> s256_file_id; -- cgit v1.2.3 From 03149d3e4a7f8038d9c88cbeb19dee25a39e0042 Mon Sep 17 00:00:00 2001 From: Zach Hilman Date: Sun, 29 Jul 2018 19:00:09 -0400 Subject: Add missing includes and use const where applicable --- src/core/crypto/aes_util.h | 7 +++++-- src/core/crypto/ctr_encryption_layer.cpp | 7 +++---- src/core/crypto/ctr_encryption_layer.h | 1 + src/core/crypto/encryption_layer.h | 3 ++- src/core/crypto/key_manager.cpp | 13 ++++++++----- src/core/crypto/key_manager.h | 7 ++++--- 6 files changed, 23 insertions(+), 15 deletions(-) (limited to 'src/core/crypto') diff --git a/src/core/crypto/aes_util.h b/src/core/crypto/aes_util.h index fa77d5560..5b0b02738 100644 --- a/src/core/crypto/aes_util.h +++ b/src/core/crypto/aes_util.h @@ -4,11 +4,16 @@ #pragma once +#include +#include +#include #include "common/assert.h" #include "core/file_sys/vfs.h" namespace Core::Crypto { +struct CipherContext; + enum class Mode { CTR = 11, ECB = 2, @@ -20,8 +25,6 @@ enum class Op { Decrypt, }; -struct CipherContext; - template class AESCipher { static_assert(std::is_same_v>, "Key must be std::array of u8."); diff --git a/src/core/crypto/ctr_encryption_layer.cpp b/src/core/crypto/ctr_encryption_layer.cpp index 5dbc257e5..106db02b3 100644 --- a/src/core/crypto/ctr_encryption_layer.cpp +++ b/src/core/crypto/ctr_encryption_layer.cpp @@ -2,7 +2,7 @@ // Licensed under GPLv2 or any later version // Refer to the license.txt file included. -#include +#include #include "common/assert.h" #include "core/crypto/ctr_encryption_layer.h" @@ -33,11 +33,10 @@ size_t CTREncryptionLayer::Read(u8* data, size_t length, size_t offset) const { size_t read = 0x10 - sector_offset; if (length + sector_offset < 0x10) { - memcpy(data, block.data() + sector_offset, std::min(length, read)); + std::memcpy(data, block.data() + sector_offset, std::min(length, read)); return read; } - - memcpy(data, block.data() + sector_offset, read); + std::memcpy(data, block.data() + sector_offset, read); return read + Read(data + read, length - read, offset + read); } diff --git a/src/core/crypto/ctr_encryption_layer.h b/src/core/crypto/ctr_encryption_layer.h index 697d7c6a5..11b8683c7 100644 --- a/src/core/crypto/ctr_encryption_layer.h +++ b/src/core/crypto/ctr_encryption_layer.h @@ -4,6 +4,7 @@ #pragma once +#include #include "core/crypto/aes_util.h" #include "core/crypto/encryption_layer.h" #include "core/crypto/key_manager.h" diff --git a/src/core/crypto/encryption_layer.h b/src/core/crypto/encryption_layer.h index 84f11bf5e..71bca1f23 100644 --- a/src/core/crypto/encryption_layer.h +++ b/src/core/crypto/encryption_layer.h @@ -10,7 +10,8 @@ namespace Core::Crypto { // Basically non-functional class that implements all of the methods that are irrelevant to an // EncryptionLayer. Reduces duplicate code. -struct EncryptionLayer : public FileSys::VfsFile { +class EncryptionLayer : public FileSys::VfsFile { +public: explicit EncryptionLayer(FileSys::VirtualFile base); size_t Read(u8* data, size_t length, size_t offset) const override = 0; diff --git a/src/core/crypto/key_manager.cpp b/src/core/crypto/key_manager.cpp index dea092b5e..33633de7e 100644 --- a/src/core/crypto/key_manager.cpp +++ b/src/core/crypto/key_manager.cpp @@ -2,9 +2,11 @@ // Licensed under GPLv2 or any later version // Refer to the license.txt file included. +#include #include #include #include +#include #include #include "common/assert.h" #include "common/common_paths.h" @@ -86,17 +88,18 @@ void KeyManager::LoadFromFile(std::string_view filename_, bool is_title_keys) { if (is_title_keys) { auto rights_id_raw = HexStringToArray<16>(out[0]); - u128 rights_id = *reinterpret_cast*>(&rights_id_raw); + u128 rights_id{}; + std::memcpy(rights_id.data(), rights_id_raw.data(), rights_id_raw.size()); Key128 key = HexStringToArray<16>(out[1]); SetKey(S128KeyType::Titlekey, key, rights_id[1], rights_id[0]); } else { std::transform(out[0].begin(), out[0].end(), out[0].begin(), ::tolower); if (s128_file_id.find(out[0]) != s128_file_id.end()) { - const auto index = s128_file_id[out[0]]; + const auto index = s128_file_id.at(out[0]); Key128 key = HexStringToArray<16>(out[1]); SetKey(index.type, key, index.field1, index.field2); } else if (s256_file_id.find(out[0]) != s256_file_id.end()) { - const auto index = s256_file_id[out[0]]; + const auto index = s256_file_id.at(out[0]); Key256 key = HexStringToArray<32>(out[1]); SetKey(index.type, key, index.field1, index.field2); } @@ -143,7 +146,7 @@ void KeyManager::SetKey(S256KeyType id, Key256 key, u64 field1, u64 field2) { s256_keys[{id, field1, field2}] = key; } -std::unordered_map> KeyManager::s128_file_id = { +const std::unordered_map> KeyManager::s128_file_id = { {"master_key_00", {S128KeyType::Master, 0, 0}}, {"master_key_01", {S128KeyType::Master, 1, 0}}, {"master_key_02", {S128KeyType::Master, 2, 0}}, @@ -187,7 +190,7 @@ std::unordered_map> KeyManager::s128_file_id {"key_area_key_system_04", {S128KeyType::KeyArea, 4, static_cast(KeyAreaKeyType::System)}}, }; -std::unordered_map> KeyManager::s256_file_id = { +const std::unordered_map> KeyManager::s256_file_id = { {"header_key", {S256KeyType::Header, 0, 0}}, {"sd_card_save_key", {S256KeyType::SDSave, 0, 0}}, {"sd_card_nca_key", {S256KeyType::SDNCA, 0, 0}}, diff --git a/src/core/crypto/key_manager.h b/src/core/crypto/key_manager.h index a52ea4cb9..28a560a3f 100644 --- a/src/core/crypto/key_manager.h +++ b/src/core/crypto/key_manager.h @@ -5,6 +5,7 @@ #pragma once #include +#include #include #include #include @@ -50,7 +51,7 @@ struct KeyIndex { std::string DebugInfo() const { u8 key_size = 16; - if (std::is_same_v) + if constexpr (std::is_same_v) key_size = 32; return fmt::format("key_size={:02X}, key={:02X}, field1={:016X}, field2={:016X}", key_size, static_cast(type), field1, field2); @@ -110,7 +111,7 @@ private: void AttemptLoadKeyFile(std::string_view dir1, std::string_view dir2, std::string_view filename, bool title); - static std::unordered_map> s128_file_id; - static std::unordered_map> s256_file_id; + const static std::unordered_map> s128_file_id; + const static std::unordered_map> s256_file_id; }; } // namespace Core::Crypto -- cgit v1.2.3 From 9d59b96ef907e8be2560107485f7616a2234c4a8 Mon Sep 17 00:00:00 2001 From: Zach Hilman Date: Sun, 29 Jul 2018 21:00:50 -0400 Subject: Use static const instead of const static --- src/core/crypto/key_manager.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/core/crypto') diff --git a/src/core/crypto/key_manager.h b/src/core/crypto/key_manager.h index 28a560a3f..c09a6197e 100644 --- a/src/core/crypto/key_manager.h +++ b/src/core/crypto/key_manager.h @@ -111,7 +111,7 @@ private: void AttemptLoadKeyFile(std::string_view dir1, std::string_view dir2, std::string_view filename, bool title); - const static std::unordered_map> s128_file_id; - const static std::unordered_map> s256_file_id; + static const std::unordered_map> s128_file_id; + static const std::unordered_map> s256_file_id; }; } // namespace Core::Crypto -- cgit v1.2.3 From 187d8e215fb157edaa9f3976bebba9a9a7ed103d Mon Sep 17 00:00:00 2001 From: Zach Hilman Date: Mon, 30 Jul 2018 12:46:23 -0400 Subject: Use more descriptive error codes and messages --- src/core/crypto/key_manager.cpp | 27 ++++++++++++++++++++++----- src/core/crypto/key_manager.h | 2 ++ 2 files changed, 24 insertions(+), 5 deletions(-) (limited to 'src/core/crypto') diff --git a/src/core/crypto/key_manager.cpp b/src/core/crypto/key_manager.cpp index 33633de7e..678ac5752 100644 --- a/src/core/crypto/key_manager.cpp +++ b/src/core/crypto/key_manager.cpp @@ -53,8 +53,8 @@ std::array operator""_array32(const char* str, size_t len) { KeyManager::KeyManager() { // Initialize keys - std::string hactool_keys_dir = FileUtil::GetHactoolConfigurationPath(); - std::string yuzu_keys_dir = FileUtil::GetUserPath(FileUtil::UserPath::KeysDir); + const std::string hactool_keys_dir = FileUtil::GetHactoolConfigurationPath(); + const std::string yuzu_keys_dir = FileUtil::GetUserPath(FileUtil::UserPath::KeysDir); if (Settings::values.use_dev_keys) { dev_mode = true; AttemptLoadKeyFile(yuzu_keys_dir, hactool_keys_dir, "dev.keys", false); @@ -109,9 +109,9 @@ void KeyManager::LoadFromFile(std::string_view filename_, bool is_title_keys) { void KeyManager::AttemptLoadKeyFile(std::string_view dir1_, std::string_view dir2_, std::string_view filename_, bool title) { - std::string dir1(dir1_); - std::string dir2(dir2_); - std::string filename(filename_); + const std::string dir1(dir1_); + const std::string dir2(dir2_); + const std::string filename(filename_); if (FileUtil::Exists(dir1 + DIR_SEP + filename)) LoadFromFile(dir1 + DIR_SEP + filename, title); else if (FileUtil::Exists(dir2 + DIR_SEP + filename)) @@ -146,6 +146,23 @@ void KeyManager::SetKey(S256KeyType id, Key256 key, u64 field1, u64 field2) { s256_keys[{id, field1, field2}] = key; } +bool KeyManager::KeyFileExists(bool title) { + const std::string hactool_keys_dir = FileUtil::GetHactoolConfigurationPath(); + const std::string yuzu_keys_dir = FileUtil::GetUserPath(FileUtil::UserPath::KeysDir); + if (title) { + return FileUtil::Exists(hactool_keys_dir + DIR_SEP + "title.keys") || + FileUtil::Exists(yuzu_keys_dir + DIR_SEP + "title.keys"); + } + + if (Settings::values.use_dev_keys) { + return FileUtil::Exists(hactool_keys_dir + DIR_SEP + "dev.keys") || + FileUtil::Exists(yuzu_keys_dir + DIR_SEP + "dev.keys"); + } + + return FileUtil::Exists(hactool_keys_dir + DIR_SEP + "prod.keys") || + FileUtil::Exists(yuzu_keys_dir + DIR_SEP + "prod.keys"); +} + const std::unordered_map> KeyManager::s128_file_id = { {"master_key_00", {S128KeyType::Master, 0, 0}}, {"master_key_01", {S128KeyType::Master, 1, 0}}, diff --git a/src/core/crypto/key_manager.h b/src/core/crypto/key_manager.h index c09a6197e..03152a12c 100644 --- a/src/core/crypto/key_manager.h +++ b/src/core/crypto/key_manager.h @@ -102,6 +102,8 @@ public: void SetKey(S128KeyType id, Key128 key, u64 field1 = 0, u64 field2 = 0); void SetKey(S256KeyType id, Key256 key, u64 field1 = 0, u64 field2 = 0); + static bool KeyFileExists(bool title); + private: std::unordered_map, Key128> s128_keys; std::unordered_map, Key256> s256_keys; -- cgit v1.2.3