keys: Handle legacy ES key generation

This commit is contained in:
shchmue 2022-02-10 08:22:36 -07:00
parent b2d970ed2a
commit 514343db9b
2 changed files with 23 additions and 9 deletions

View File

@ -94,9 +94,9 @@ static const u8 mariko_key_vectors[][0x10] __attribute__((aligned(4))) = {
// from Package1 -> Secure_Monitor // from Package1 -> Secure_Monitor
static const u8 aes_kek_generation_source[0x10] __attribute__((aligned(4))) = { static const u8 aes_kek_generation_source[0x10] __attribute__((aligned(4))) = {
0x4D, 0x87, 0x09, 0x86, 0xC4, 0x5D, 0x20, 0x72, 0x2F, 0xBA, 0x10, 0x53, 0xDA, 0x92, 0xE8, 0xA9}; 0x4D, 0x87, 0x09, 0x86, 0xC4, 0x5D, 0x20, 0x72, 0x2F, 0xBA, 0x10, 0x53, 0xDA, 0x92, 0xE8, 0xA9};
static const u8 aes_kek_seed_01[0x10] __attribute__((aligned(4))) = { static const u8 aes_seal_key_mask_decrypt_device_unique_data[0x10] __attribute__((aligned(4))) = {
0xA2, 0xAB, 0xBF, 0x9C, 0x92, 0x2F, 0xBB, 0xE3, 0x78, 0x79, 0x9B, 0xC0, 0xCC, 0xEA, 0xA5, 0x74}; 0xA2, 0xAB, 0xBF, 0x9C, 0x92, 0x2F, 0xBB, 0xE3, 0x78, 0x79, 0x9B, 0xC0, 0xCC, 0xEA, 0xA5, 0x74};
static const u8 aes_kek_seed_03[0x10] __attribute__((aligned(4))) = { static const u8 aes_seal_key_mask_import_es_device_key[0x10] __attribute__((aligned(4))) = {
0xE5, 0x4D, 0x9A, 0x02, 0xF0, 0x4F, 0x5F, 0xA8, 0xAD, 0x76, 0x0A, 0xF6, 0x32, 0x95, 0x59, 0xBB}; 0xE5, 0x4D, 0x9A, 0x02, 0xF0, 0x4F, 0x5F, 0xA8, 0xAD, 0x76, 0x0A, 0xF6, 0x32, 0x95, 0x59, 0xBB};
static const u8 package2_key_source[0x10] __attribute__((aligned(4))) = { static const u8 package2_key_source[0x10] __attribute__((aligned(4))) = {
0xFB, 0x8B, 0x6A, 0x9C, 0x79, 0x00, 0xC8, 0x49, 0xEF, 0xD2, 0x4D, 0x85, 0x4D, 0x30, 0xA0, 0xC7}; 0xFB, 0x8B, 0x6A, 0x9C, 0x79, 0x00, 0xC8, 0x49, 0xEF, 0xD2, 0x4D, 0x85, 0x4D, 0x30, 0xA0, 0xC7};
@ -161,6 +161,8 @@ static const u8 eticket_rsa_kek_source[0x10] __attribute__((aligned(4))) = {
0XDB, 0XA4, 0X51, 0X12, 0X4C, 0XA0, 0XA9, 0X83, 0X68, 0X14, 0XF5, 0XED, 0X95, 0XE3, 0X12, 0X5B}; 0XDB, 0XA4, 0X51, 0X12, 0X4C, 0XA0, 0XA9, 0X83, 0X68, 0X14, 0XF5, 0XED, 0X95, 0XE3, 0X12, 0X5B};
static const u8 eticket_rsa_kek_source_dev[0x10] __attribute__((aligned(4))) = { static const u8 eticket_rsa_kek_source_dev[0x10] __attribute__((aligned(4))) = {
0xBE, 0xC0, 0xBC, 0x8E, 0x75, 0xA0, 0xF6, 0x0C, 0x4A, 0x56, 0x64, 0x02, 0x3E, 0xD4, 0x9C, 0xD5}; 0xBE, 0xC0, 0xBC, 0x8E, 0x75, 0xA0, 0xF6, 0x0C, 0x4A, 0x56, 0x64, 0x02, 0x3E, 0xD4, 0x9C, 0xD5};
static const u8 eticket_rsa_kek_source_legacy[0x10] __attribute__((aligned(4))) = {
0x88, 0x87, 0x50, 0x90, 0xA6, 0x2F, 0x75, 0x70, 0xA2, 0xD7, 0x71, 0x51, 0xAE, 0x6D, 0x39, 0x87};
static const u8 eticket_rsa_kekek_source[0x10] __attribute__((aligned(4))) = { static const u8 eticket_rsa_kekek_source[0x10] __attribute__((aligned(4))) = {
0X46, 0X6E, 0X57, 0XB7, 0X4A, 0X44, 0X7F, 0X02, 0XF3, 0X21, 0XCD, 0XE5, 0X8F, 0X2F, 0X55, 0X35}; 0X46, 0X6E, 0X57, 0XB7, 0X4A, 0X44, 0X7F, 0X02, 0XF3, 0X21, 0XCD, 0XE5, 0X8F, 0X2F, 0X55, 0X35};

View File

@ -235,12 +235,12 @@ static void _derive_misc_keys(key_derivation_ctx_t *keys, bool is_dev) {
if (_key_exists(keys->master_key[0])) { if (_key_exists(keys->master_key[0])) {
for (u32 i = 0; i < AES_128_KEY_SIZE; i++) for (u32 i = 0; i < AES_128_KEY_SIZE; i++)
keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_kek_seed_03[i]; keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_seal_key_mask_import_es_device_key[i];
_generate_kek(8, eticket_rsa_kekek_source, keys->master_key[0], keys->temp_key, NULL); _generate_kek(8, eticket_rsa_kekek_source, keys->master_key[0], keys->temp_key, NULL);
se_aes_crypt_block_ecb(8, DECRYPT, keys->eticket_rsa_kek, is_dev ? eticket_rsa_kek_source_dev : eticket_rsa_kek_source); se_aes_crypt_block_ecb(8, DECRYPT, keys->eticket_rsa_kek, is_dev ? eticket_rsa_kek_source_dev : eticket_rsa_kek_source);
for (u32 i = 0; i < AES_128_KEY_SIZE; i++) for (u32 i = 0; i < AES_128_KEY_SIZE; i++)
keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_kek_seed_01[i]; keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_seal_key_mask_decrypt_device_unique_data[i];
_generate_kek(8, ssl_rsa_kek_source_x, keys->master_key[0], keys->temp_key, NULL); _generate_kek(8, ssl_rsa_kek_source_x, keys->master_key[0], keys->temp_key, NULL);
se_aes_crypt_block_ecb(8, DECRYPT, keys->ssl_rsa_kek, ssl_rsa_kek_source_y); se_aes_crypt_block_ecb(8, DECRYPT, keys->ssl_rsa_kek, ssl_rsa_kek_source_y);
} }
@ -483,7 +483,7 @@ static bool _derive_titlekeys(key_derivation_ctx_t *keys, titlekey_buffer_t *tit
if (keypair_generation) { if (keypair_generation) {
keypair_generation--; keypair_generation--;
for (u32 i = 0; i < AES_128_KEY_SIZE; i++) for (u32 i = 0; i < AES_128_KEY_SIZE; i++)
keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_kek_seed_03[i]; keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_seal_key_mask_import_es_device_key[i];
u32 temp_device_key[AES_128_KEY_SIZE / 4] = {0}; u32 temp_device_key[AES_128_KEY_SIZE / 4] = {0};
_get_device_key(7, keys, temp_device_key, keypair_generation); _get_device_key(7, keys, temp_device_key, keypair_generation);
_generate_kek(7, eticket_rsa_kekek_source, temp_device_key, keys->temp_key, NULL); _generate_kek(7, eticket_rsa_kekek_source, temp_device_key, keys->temp_key, NULL);
@ -497,9 +497,21 @@ static bool _derive_titlekeys(key_derivation_ctx_t *keys, titlekey_buffer_t *tit
se_aes_crypt_ctr(6, &rsa_keypair, sizeof(rsa_keypair), eticket_device_key, sizeof(rsa_keypair), eticket_iv); se_aes_crypt_ctr(6, &rsa_keypair, sizeof(rsa_keypair), eticket_device_key, sizeof(rsa_keypair), eticket_iv);
// Check public exponent is 65537 big endian // Check public exponent is 65537 big endian
if (_read_be_u32(rsa_keypair.public_exponent, 0) != 65537) {
for (u32 i = 0; i < AES_128_KEY_SIZE; i++)
keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_seal_key_mask_import_es_device_key[i];
_generate_kek(8, eticket_rsa_kekek_source, keys->master_key[0], keys->temp_key, NULL);
se_aes_crypt_block_ecb(8, DECRYPT, keys->temp_key, eticket_rsa_kek_source_legacy);
se_aes_key_set(6, keys->temp_key, sizeof(keys->temp_key));
se_aes_crypt_ctr(6, &rsa_keypair, sizeof(rsa_keypair), eticket_device_key, sizeof(rsa_keypair), eticket_iv);
if (_read_be_u32(rsa_keypair.public_exponent, 0) != 65537) { if (_read_be_u32(rsa_keypair.public_exponent, 0) != 65537) {
EPRINTF("Invalid public exponent."); EPRINTF("Invalid public exponent.");
return false; return false;
} else {
memcpy(keys->eticket_rsa_kek, keys->temp_key, sizeof(keys->eticket_rsa_kek));
}
} }
if (!_test_key_pair(rsa_keypair.public_exponent, rsa_keypair.private_exponent, rsa_keypair.modulus)) { if (!_test_key_pair(rsa_keypair.public_exponent, rsa_keypair.private_exponent, rsa_keypair.modulus)) {
@ -702,10 +714,10 @@ static void _save_keys_to_sd(key_derivation_ctx_t *keys, titlekey_buffer_t *titl
SAVE_KEY(per_console_key_source); SAVE_KEY(per_console_key_source);
SAVE_KEY(retail_specific_aes_key_source); SAVE_KEY(retail_specific_aes_key_source);
for (u32 i = 0; i < AES_128_KEY_SIZE; i++) for (u32 i = 0; i < AES_128_KEY_SIZE; i++)
keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_kek_seed_03[i]; keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_seal_key_mask_import_es_device_key[i];
SAVE_KEY_VAR(rsa_oaep_kek_generation_source, keys->temp_key); SAVE_KEY_VAR(rsa_oaep_kek_generation_source, keys->temp_key);
for (u32 i = 0; i < AES_128_KEY_SIZE; i++) for (u32 i = 0; i < AES_128_KEY_SIZE; i++)
keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_kek_seed_01[i]; keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_seal_key_mask_decrypt_device_unique_data[i];
SAVE_KEY_VAR(rsa_private_kek_generation_source, keys->temp_key); SAVE_KEY_VAR(rsa_private_kek_generation_source, keys->temp_key);
SAVE_KEY(save_mac_kek_source); SAVE_KEY(save_mac_kek_source);
SAVE_KEY_VAR(save_mac_key, keys->save_mac_key); SAVE_KEY_VAR(save_mac_key, keys->save_mac_key);