diff --git a/src/core/crypto/aes_util.cpp b/src/core/crypto/aes_util.cpp
index a9646e52f3a5f2d67b2f8ba44fd0c3e58f3a7ddb..4690af5f831be2ab2e75c56e680e6ea1042312d9 100644
--- a/src/core/crypto/aes_util.cpp
+++ b/src/core/crypto/aes_util.cpp
@@ -2,58 +2,69 @@
// Licensed under GPLv2 or any later version
// Refer to the license.txt file included.
+#include <mbedtls/cipher.h>
#include "core/crypto/aes_util.h"
-#include "mbedtls/cipher.h"
+#include "core/crypto/key_manager.h"
namespace Core::Crypto {
-static_assert(static_cast<size_t>(Mode::CTR) == static_cast<size_t>(MBEDTLS_CIPHER_AES_128_CTR), "CTR mode is incorrect.");
-static_assert(static_cast<size_t>(Mode::ECB) == static_cast<size_t>(MBEDTLS_CIPHER_AES_128_ECB), "ECB mode is incorrect.");
-static_assert(static_cast<size_t>(Mode::XTS) == static_cast<size_t>(MBEDTLS_CIPHER_AES_128_XTS), "XTS mode is incorrect.");
-template<typename Key, size_t KeySize>
-Crypto::AESCipher<Key, KeySize>::AESCipher(Key key, Mode mode) {
- mbedtls_cipher_init(encryption_context.get());
- mbedtls_cipher_init(decryption_context.get());
+static_assert(static_cast<size_t>(Mode::CTR) == static_cast<size_t>(MBEDTLS_CIPHER_AES_128_CTR),
+ "CTR has incorrect value.");
+static_assert(static_cast<size_t>(Mode::ECB) == static_cast<size_t>(MBEDTLS_CIPHER_AES_128_ECB),
+ "ECB has incorrect value.");
+static_assert(static_cast<size_t>(Mode::XTS) == static_cast<size_t>(MBEDTLS_CIPHER_AES_128_XTS),
+ "XTS has incorrect value.");
+
+// Structure to hide mbedtls types from header file
+struct CipherContext {
+ mbedtls_cipher_context_t encryption_context;
+ mbedtls_cipher_context_t decryption_context;
+};
+
+template <typename Key, size_t KeySize>
+Crypto::AESCipher<Key, KeySize>::AESCipher(Key key, Mode mode)
+ : ctx(std::make_unique<CipherContext>()) {
+ mbedtls_cipher_init(&ctx->encryption_context);
+ mbedtls_cipher_init(&ctx->decryption_context);
ASSERT_MSG((mbedtls_cipher_setup(
- encryption_context.get(),
- mbedtls_cipher_info_from_type(static_cast<mbedtls_cipher_type_t>(mode))) ||
- mbedtls_cipher_setup(decryption_context.get(),
- mbedtls_cipher_info_from_type(
- static_cast<mbedtls_cipher_type_t>(mode)))) == 0,
+ &ctx->encryption_context,
+ mbedtls_cipher_info_from_type(static_cast<mbedtls_cipher_type_t>(mode))) ||
+ mbedtls_cipher_setup(
+ &ctx->decryption_context,
+ mbedtls_cipher_info_from_type(static_cast<mbedtls_cipher_type_t>(mode)))) == 0,
"Failed to initialize mbedtls ciphers.");
ASSERT(
- !mbedtls_cipher_setkey(encryption_context.get(), key.data(), KeySize * 8, MBEDTLS_ENCRYPT));
+ !mbedtls_cipher_setkey(&ctx->encryption_context, key.data(), KeySize * 8, MBEDTLS_ENCRYPT));
ASSERT(
- !mbedtls_cipher_setkey(decryption_context.get(), key.data(), KeySize * 8, MBEDTLS_DECRYPT));
+ !mbedtls_cipher_setkey(&ctx->decryption_context, key.data(), KeySize * 8, MBEDTLS_DECRYPT));
//"Failed to set key on mbedtls ciphers.");
}
-template<typename Key, size_t KeySize>
+template <typename Key, size_t KeySize>
AESCipher<Key, KeySize>::~AESCipher() {
- mbedtls_cipher_free(encryption_context.get());
- mbedtls_cipher_free(decryption_context.get());
+ mbedtls_cipher_free(&ctx->encryption_context);
+ mbedtls_cipher_free(&ctx->decryption_context);
}
-template<typename Key, size_t KeySize>
+template <typename Key, size_t KeySize>
void AESCipher<Key, KeySize>::SetIV(std::vector<u8> iv) {
- ASSERT_MSG((mbedtls_cipher_set_iv(encryption_context.get(), iv.data(), iv.size()) ||
- mbedtls_cipher_set_iv(decryption_context.get(), iv.data(), iv.size())) == 0,
+ ASSERT_MSG((mbedtls_cipher_set_iv(&ctx->encryption_context, iv.data(), iv.size()) ||
+ mbedtls_cipher_set_iv(&ctx->decryption_context, iv.data(), iv.size())) == 0,
"Failed to set IV on mbedtls ciphers.");
}
-template<typename Key, size_t KeySize>
-void AESCipher<Key, KeySize>::Transcode(const u8* src, size_t size, u8* dest, Op op) {
+template <typename Key, size_t KeySize>
+void AESCipher<Key, KeySize>::Transcode(const u8* src, size_t size, u8* dest, Op op) {
size_t written = 0;
- const auto context = op == Op::Encrypt ? encryption_context.get() : decryption_context.get();
+ const auto context = op == Op::Encrypt ? &ctx->encryption_context : &ctx->decryption_context;
mbedtls_cipher_reset(context);
if (mbedtls_cipher_get_cipher_mode(context) == MBEDTLS_MODE_XTS) {
- mbedtls_cipher_update(context, src, size,
- dest, &written);
+ mbedtls_cipher_update(context, src, size, dest, &written);
if (written != size)
LOG_WARNING(Crypto, "Not all data was decrypted requested={:016X}, actual={:016X}.",
size, written);
@@ -62,11 +73,9 @@ void AESCipher<Key, KeySize>::Transcode(const u8* src, size_t size, u8* dest, Op
for (size_t offset = 0; offset < size; offset += block_size) {
auto length = std::min<size_t>(block_size, size - offset);
- mbedtls_cipher_update(context, src + offset, length,
- dest + offset, &written);
+ mbedtls_cipher_update(context, src + offset, length, dest + offset, &written);
if (written != length)
- LOG_WARNING(Crypto,
- "Not all data was decrypted requested={:016X}, actual={:016X}.",
+ LOG_WARNING(Crypto, "Not all data was decrypted requested={:016X}, actual={:016X}.",
length, written);
}
}
@@ -74,9 +83,9 @@ void AESCipher<Key, KeySize>::Transcode(const u8* src, size_t size, u8* dest, Op
mbedtls_cipher_finish(context, nullptr, nullptr);
}
-template<typename Key, size_t KeySize>
-void AESCipher<Key, KeySize>::XTSTranscode(const u8* src, size_t size, u8* dest, size_t sector_id, size_t sector_size,
- Op op) {
+template <typename Key, size_t KeySize>
+void AESCipher<Key, KeySize>::XTSTranscode(const u8* src, size_t size, u8* dest, size_t sector_id,
+ size_t sector_size, Op op) {
if (size % sector_size > 0) {
LOG_CRITICAL(Crypto, "Data size must be a multiple of sector size.");
return;
@@ -84,12 +93,11 @@ void AESCipher<Key, KeySize>::XTSTranscode(const u8* src, size_t size, u8* dest,
for (size_t i = 0; i < size; i += sector_size) {
SetIV(CalculateNintendoTweak(sector_id++));
- Transcode<u8, u8>(src + i, sector_size,
- dest + i, op);
+ Transcode<u8, u8>(src + i, sector_size, dest + i, op);
}
}
-template<typename Key, size_t KeySize>
+template <typename Key, size_t KeySize>
std::vector<u8> AESCipher<Key, KeySize>::CalculateNintendoTweak(size_t sector_id) {
std::vector<u8> out(0x10);
for (size_t i = 0xF; i <= 0xF; --i) {
@@ -101,4 +109,4 @@ std::vector<u8> AESCipher<Key, KeySize>::CalculateNintendoTweak(size_t sector_id
template class AESCipher<Key128>;
template class AESCipher<Key256>;
-}
\ No newline at end of file
+} // namespace Core::Crypto
\ No newline at end of file
diff --git a/src/core/crypto/aes_util.h b/src/core/crypto/aes_util.h
index 5c09718b22db9befbbf6efcf46dc50e86502d0c6..fa77d55601ced5be93a1c2ebbc062e06a9643a41 100644
--- a/src/core/crypto/aes_util.h
+++ b/src/core/crypto/aes_util.h
@@ -20,7 +20,7 @@ enum class Op {
Decrypt,
};
-struct mbedtls_cipher_context_t;
+struct CipherContext;
template <typename Key, size_t KeySize = sizeof(Key)>
class AESCipher {
@@ -44,15 +44,16 @@ public:
template <typename Source, typename Dest>
void XTSTranscode(const Source* src, size_t size, Dest* dest, size_t sector_id,
size_t sector_size, Op op) {
- XTSTranscode(reinterpret_cast<const u8*>(src), size, reinterpret_cast<u8*>(dest), sector_id, sector_size, op);
+ XTSTranscode(reinterpret_cast<const u8*>(src), size, reinterpret_cast<u8*>(dest), sector_id,
+ sector_size, op);
}
- void XTSTranscode(const u8* src, size_t size, u8* dest, size_t sector_id, size_t sector_size, Op op);
+ void XTSTranscode(const u8* src, size_t size, u8* dest, size_t sector_id, size_t sector_size,
+ Op op);
private:
- std::unique_ptr<mbedtls_cipher_context_t> encryption_context;
- std::unique_ptr<mbedtls_cipher_context_t> decryption_context;
+ std::unique_ptr<CipherContext> ctx;
static std::vector<u8> CalculateNintendoTweak(size_t sector_id);
};
-} // namespace Crypto
+} // namespace Core::Crypto
diff --git a/src/core/crypto/ctr_encryption_layer.cpp b/src/core/crypto/ctr_encryption_layer.cpp
index 6a0d396ed1a0b011c31ceb55d693c929687995b4..5dbc257e5e38c670bcc6ad8afb4d5c471ffd0472 100644
--- a/src/core/crypto/ctr_encryption_layer.cpp
+++ b/src/core/crypto/ctr_encryption_layer.cpp
@@ -6,7 +6,8 @@
#include "common/assert.h"
#include "core/crypto/ctr_encryption_layer.h"
-namespace Crypto {
+namespace Core::Crypto {
+
CTREncryptionLayer::CTREncryptionLayer(FileSys::VirtualFile base_, Key128 key_, size_t base_offset)
: EncryptionLayer(std::move(base_)), base_offset(base_offset), cipher(key_, Mode::CTR),
iv(16, 0) {}
@@ -21,29 +22,28 @@ size_t CTREncryptionLayer::Read(u8* data, size_t length, size_t offset) const {
std::vector<u8> raw = base->ReadBytes(length, offset);
if (raw.size() != length)
return Read(data, raw.size(), offset);
- cipher.Transcode(raw.data(), length, data, Op::DECRYPT);
+ cipher.Transcode(raw.data(), length, data, Op::Decrypt);
return length;
}
// offset does not fall on block boundary (0x10)
std::vector<u8> block = base->ReadBytes(0x10, offset - sector_offset);
UpdateIV(base_offset + offset - sector_offset);
- cipher.Transcode(block.data(), block.size(), block.data(), Op::DECRYPT);
+ cipher.Transcode(block.data(), block.size(), block.data(), Op::Decrypt);
size_t read = 0x10 - sector_offset;
if (length + sector_offset < 0x10) {
- memcpy_s(data, length, block.data() + sector_offset, std::min<u64>(length, read));
+ memcpy(data, block.data() + sector_offset, std::min<u64>(length, read));
return read;
}
- memcpy_s(data, length, block.data() + sector_offset, read);
+ memcpy(data, block.data() + sector_offset, read);
return read + Read(data + read, length - read, offset + read);
}
-void CTREncryptionLayer::SetIV(std::vector<u8> iv_) {
- const auto length = std::min<size_t>(iv_.size(), iv.size());
- for (size_t i = 0; i < length; ++i)
- iv[i] = iv_[i];
+void CTREncryptionLayer::SetIV(const std::vector<u8>& iv_) {
+ const auto length = std::min(iv_.size(), iv.size());
+ iv.assign(iv_.cbegin(), iv_.cbegin() + length);
}
void CTREncryptionLayer::UpdateIV(size_t offset) const {
@@ -54,4 +54,4 @@ void CTREncryptionLayer::UpdateIV(size_t offset) const {
}
cipher.SetIV(iv);
}
-} // namespace Crypto
+} // namespace Core::Crypto
diff --git a/src/core/crypto/ctr_encryption_layer.h b/src/core/crypto/ctr_encryption_layer.h
index fe53e714b1ad1304d31690f6b14e0d8661a0030b..697d7c6a56c8ed1e3b7f0515f3f611a69d31fe32 100644
--- a/src/core/crypto/ctr_encryption_layer.h
+++ b/src/core/crypto/ctr_encryption_layer.h
@@ -4,19 +4,20 @@
#pragma once
-#include "aes_util.h"
-#include "encryption_layer.h"
-#include "key_manager.h"
+#include "core/crypto/aes_util.h"
+#include "core/crypto/encryption_layer.h"
+#include "core/crypto/key_manager.h"
-namespace Crypto {
+namespace Core::Crypto {
// Sits on top of a VirtualFile and provides CTR-mode AES decription.
-struct CTREncryptionLayer : public EncryptionLayer {
+class CTREncryptionLayer : public EncryptionLayer {
+public:
CTREncryptionLayer(FileSys::VirtualFile base, Key128 key, size_t base_offset);
size_t Read(u8* data, size_t length, size_t offset) const override;
- void SetIV(std::vector<u8> iv);
+ void SetIV(const std::vector<u8>& iv);
private:
size_t base_offset;
@@ -28,4 +29,4 @@ private:
void UpdateIV(size_t offset) const;
};
-} // namespace Crypto
+} // namespace Core::Crypto
diff --git a/src/core/crypto/encryption_layer.cpp b/src/core/crypto/encryption_layer.cpp
index 4e243051e273cbf67fe03a1d506c41852bcd15d0..4204527e3386a774790d51562e49ae7c74743ee7 100644
--- a/src/core/crypto/encryption_layer.cpp
+++ b/src/core/crypto/encryption_layer.cpp
@@ -4,7 +4,7 @@
#include "core/crypto/encryption_layer.h"
-namespace Crypto {
+namespace Core::Crypto {
EncryptionLayer::EncryptionLayer(FileSys::VirtualFile base_) : base(std::move(base_)) {}
@@ -39,4 +39,4 @@ size_t EncryptionLayer::Write(const u8* data, size_t length, size_t offset) {
bool EncryptionLayer::Rename(std::string_view name) {
return base->Rename(name);
}
-} // namespace Crypto
+} // namespace Core::Crypto
diff --git a/src/core/crypto/encryption_layer.h b/src/core/crypto/encryption_layer.h
index 2312870d83b2a528541615d0e3fabe83df7d819b..84f11bf5e11ee166b5a305b7e4bd20a2b7982774 100644
--- a/src/core/crypto/encryption_layer.h
+++ b/src/core/crypto/encryption_layer.h
@@ -3,9 +3,10 @@
// Refer to the license.txt file included.
#pragma once
+
#include "core/file_sys/vfs.h"
-namespace Crypto {
+namespace Core::Crypto {
// Basically non-functional class that implements all of the methods that are irrelevant to an
// EncryptionLayer. Reduces duplicate code.
@@ -27,4 +28,4 @@ protected:
FileSys::VirtualFile base;
};
-} // namespace Crypto
+} // namespace Core::Crypto
diff --git a/src/core/crypto/key_manager.cpp b/src/core/crypto/key_manager.cpp
index 05c6a70a2450441504b181f53037525601f2dcdd..ea20bc31ba37658d7a65336d8c75848560809816 100644
--- a/src/core/crypto/key_manager.cpp
+++ b/src/core/crypto/key_manager.cpp
@@ -5,238 +5,15 @@
#include <fstream>
#include <locale>
#include <sstream>
+#include <mbedtls/sha256.h>
#include "common/assert.h"
+#include "common/common_paths.h"
+#include "common/file_util.h"
#include "common/logging/log.h"
#include "core/crypto/key_manager.h"
-#include "mbedtls/sha256.h"
+#include "core/settings.h"
-namespace Crypto {
-KeyManager keys = {};
-
-std::unordered_map<KeyIndex<S128KeyType>, SHA256Hash> KeyManager::s128_hash_prod = {
- {{S128KeyType::MASTER, 0, 0},
- "0EE359BE3C864BB0782E1D70A718A0342C551EED28C369754F9C4F691BECF7CA"_array32},
- {{S128KeyType::MASTER, 1, 0},
- "4FE707B7E4ABDAF727C894AAF13B1351BFE2AC90D875F73B2E20FA94B9CC661E"_array32},
- {{S128KeyType::MASTER, 2, 0},
- "79277C0237A2252EC3DFAC1F7C359C2B3D121E9DB15BB9AB4C2B4408D2F3AE09"_array32},
- {{S128KeyType::MASTER, 3, 0},
- "4F36C565D13325F65EE134073C6A578FFCB0008E02D69400836844EAB7432754"_array32},
- {{S128KeyType::MASTER, 4, 0},
- "75ff1d95d26113550ee6fcc20acb58e97edeb3a2ff52543ed5aec63bdcc3da50"_array32},
- {{S128KeyType::PACKAGE1, 0, 0},
- "4543CD1B7CAD7EE0466A3DE2086A0EF923805DCEA6C741541CDDB14F54F97B40"_array32},
- {{S128KeyType::PACKAGE1, 1, 0},
- "4A11DA019D26470C9B805F1721364830DC0096DD66EAC453B0D14455E5AF5CF8"_array32},
- {{S128KeyType::PACKAGE1, 2, 0},
- "CCA867360B3318246FBF0B8A86473176ED486DFE229772B941A02E84D50A3155"_array32},
- {{S128KeyType::PACKAGE1, 3, 0},
- "E65C383CDF526DFFAA77682868EBFA9535EE60D8075C961BBC1EDE5FBF7E3C5F"_array32},
- {{S128KeyType::PACKAGE1, 4, 0},
- "28ae73d6ae8f7206fca549e27097714e599df1208e57099416ff429b71370162"_array32},
- {{S128KeyType::PACKAGE2, 0, 0},
- "94D6F38B9D0456644E21DFF4707D092B70179B82D1AA2F5B6A76B8F9ED948264"_array32},
- {{S128KeyType::PACKAGE2, 1, 0},
- "7794F24FA879D378FEFDC8776B949B88AD89386410BE9025D463C619F1530509"_array32},
- {{S128KeyType::PACKAGE2, 2, 0},
- "5304BDDE6AC8E462961B5DB6E328B1816D245D36D6574BB78938B74D4418AF35"_array32},
- {{S128KeyType::PACKAGE2, 3, 0},
- "BE1E52C4345A979DDD4924375B91C902052C2E1CF8FBF2FAA42E8F26D5125B60"_array32},
- {{S128KeyType::PACKAGE2, 4, 0},
- "631b45d349ab8f76a050fe59512966fb8dbaf0755ef5b6903048bf036cfa611e"_array32},
- {{S128KeyType::TITLEKEK, 0, 0},
- "C2FA30CAC6AE1680466CB54750C24550E8652B3B6F38C30B49DADF067B5935E9"_array32},
- {{S128KeyType::TITLEKEK, 1, 0},
- "0D6B8F3746AD910D36438A859C11E8BE4310112425D63751D09B5043B87DE598"_array32},
- {{S128KeyType::TITLEKEK, 2, 0},
- "D09E18D3DB6BC7393536896F728528736FBEFCDD15C09D9D612FDE5C7BDCD821"_array32},
- {{S128KeyType::TITLEKEK, 3, 0},
- "47C6F9F7E99BB1F56DCDC93CDBD340EA82DCCD74DD8F3535ADA20ECF79D438ED"_array32},
- {{S128KeyType::TITLEKEK, 4, 0},
- "128610de8424cb29e08f9ee9a81c9e6ffd3c6662854aad0c8f937e0bcedc4d88"_array32},
- {{S128KeyType::ETICKET_RSA_KEK, 0, 0},
- "46cccf288286e31c931379de9efa288c95c9a15e40b00a4c563a8be244ece515"_array32},
- {{S128KeyType::KEY_AREA, 0, static_cast<u64>(KeyAreaKeyType::Application)},
- "592957F44FE5DB5EC6B095F568910E31A226D3B7FE42D64CFB9CE4051E90AEB6"_array32},
- {{S128KeyType::KEY_AREA, 1, static_cast<u64>(KeyAreaKeyType::Application)},
- "C2252A0FBF9D339ABC3D681351D00452F926E7CA0C6CA85F659078DE3FA647F3"_array32},
- {{S128KeyType::KEY_AREA, 2, static_cast<u64>(KeyAreaKeyType::Application)},
- "7C7722824B2F7C4938C40F3EA93E16CB69D3285EB133490EF8ECCD2C4B52DF41"_array32},
- {{S128KeyType::KEY_AREA, 3, static_cast<u64>(KeyAreaKeyType::Application)},
- "AFBB8EBFB2094F1CF71E330826AE06D64414FCA128C464618DF30EED92E62BE6"_array32},
- {{S128KeyType::KEY_AREA, 4, static_cast<u64>(KeyAreaKeyType::Application)},
- "5dc10eb81918da3f2fa90f69c8542511963656cfb31fb7c779581df8faf1f2f5"_array32},
- {{S128KeyType::KEY_AREA, 0, static_cast<u64>(KeyAreaKeyType::Ocean)},
- "AA2C65F0E27F730807A13F2ED5B99BE5183165B87C50B6ED48F5CAC2840687EB"_array32},
- {{S128KeyType::KEY_AREA, 1, static_cast<u64>(KeyAreaKeyType::Ocean)},
- "860185F2313A14F7006A029CB21A52750E7718C1E94FFB98C0AE2207D1A60165"_array32},
- {{S128KeyType::KEY_AREA, 2, static_cast<u64>(KeyAreaKeyType::Ocean)},
- "7283FB1EFBD42438DADF363FDB776ED355C98737A2AAE75D0E9283CE1C12A2E4"_array32},
- {{S128KeyType::KEY_AREA, 3, static_cast<u64>(KeyAreaKeyType::Ocean)},
- "9881C2D3AB70B14C8AA12016FC73ADAD93C6AD9FB59A9ECAD312B6F89E2413EC"_array32},
- {{S128KeyType::KEY_AREA, 4, static_cast<u64>(KeyAreaKeyType::Ocean)},
- "eaa6a8d242b89e174928fa9549a0f66ec1562e2576fac896f438a2b3c1fb6005"_array32},
- {{S128KeyType::KEY_AREA, 0, static_cast<u64>(KeyAreaKeyType::System)},
- "194CF6BD14554DA8D457E14CBFE04E55C8FB8CA52E0AFB3D7CB7084AE435B801"_array32},
- {{S128KeyType::KEY_AREA, 1, static_cast<u64>(KeyAreaKeyType::System)},
- "CE1DB7BB6E5962384889DB7A396AFD614F82F69DC38A33D2DEAF47F3E4B964B7"_array32},
- {{S128KeyType::KEY_AREA, 2, static_cast<u64>(KeyAreaKeyType::System)},
- "42238DE5685DEF4FDE7BE42C0097CEB92447006386D6B5D5AAA2C9AFD2E28422"_array32},
- {{S128KeyType::KEY_AREA, 3, static_cast<u64>(KeyAreaKeyType::System)},
- "1F6847F268E9D9C5D1AD4D7E226A63B833BF02071446957A962EF065521879C1"_array32},
- {{S128KeyType::KEY_AREA, 4, static_cast<u64>(KeyAreaKeyType::System)},
- "644007f9913c3602399d4d75cc34faeb7f1faad18b23e34187b16fdc45f4980f"_array32},
-};
-
-std::unordered_map<KeyIndex<S256KeyType>, SHA256Hash> KeyManager::s256_hash_prod = {
- {{S256KeyType::HEADER, 0, 0},
- "8E03DE24818D96CE4F2A09B43AF979E679974F7570713A61EED8B314864A11D5"_array32},
- {{S256KeyType::SD_SAVE, 0, 0},
- "13020ee72d0f8b8f9112dc738b829fdb017102499a7c2259b52aeefc0a273f5c"_array32},
- {{S256KeyType::SD_NCA, 0, 0},
- "8a1c05b4f88bae5b04d77f632e6acfc8893c4a05fd701f53585daafc996b532a"_array32},
-};
-
-// TODO(DarkLordZach): Find missing hashes for dev keys.
-
-std::unordered_map<KeyIndex<S128KeyType>, SHA256Hash> KeyManager::s128_hash_dev = {
- {{S128KeyType::MASTER, 0, 0},
- "779dd8b533a2fb670f27b308cb8d0151c4a107568b817429172b7f80aa592c25"_array32},
- {{S128KeyType::MASTER, 1, 0},
- "0175c8bc49771576f75527be719098db4ebaf77707206749415663aa3a9ea9cc"_array32},
- {{S128KeyType::MASTER, 2, 0},
- "4f0b4d724e5a8787268157c7ce0767c26d2e2021832aa7020f306d6e260eea42"_array32},
- {{S128KeyType::MASTER, 3, 0},
- "7b5a29586c1f84f66fbfabb94518fc45408bb8e5445253d063dda7cfef2a818c"_array32},
- {{S128KeyType::MASTER, 4, 0},
- "87a61dbb05a8755de7fe069562aab38ebfb266c9eb835f09fa62dacc89c98341"_array32},
- {{S128KeyType::PACKAGE1, 0, 0},
- "166510bc63ae50391ebe4ee4ff90ca31cd0e2dd0ff6be839a2f573ec146cc23a"_array32},
- {{S128KeyType::PACKAGE1, 1, 0},
- "f74cd01b86743139c920ec54a8116c669eea805a0be1583e13fc5bc8de68645b"_array32},
- {{S128KeyType::PACKAGE1, 2, 0},
- "d0cdecd513bb6aa3d9dc6244c977dc8a5a7ea157d0a8747d79e7581146e1f768"_array32},
- {{S128KeyType::PACKAGE1, 3, 0},
- "aa39394d626b3b79f5b7ccc07378b5996b6d09bf0eb6771b0b40c9077fbfde8c"_array32},
- {{S128KeyType::PACKAGE1, 4, 0},
- "8f4754b8988c0e673fc2bbea0534cdd6075c815c9270754ae980aef3e4f0a508"_array32},
- {{S128KeyType::PACKAGE2, 0, 0},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::PACKAGE2, 1, 0},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::PACKAGE2, 2, 0},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::PACKAGE2, 3, 0},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::PACKAGE2, 4, 0},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::TITLEKEK, 0, 0},
- "C2FA30CAC6AE1680466CB54750C24550E8652B3B6F38C30B49DADF067B5935E9"_array32},
- {{S128KeyType::TITLEKEK, 1, 0},
- "0D6B8F3746AD910D36438A859C11E8BE4310112425D63751D09B5043B87DE598"_array32},
- {{S128KeyType::TITLEKEK, 2, 0},
- "D09E18D3DB6BC7393536896F728528736FBEFCDD15C09D9D612FDE5C7BDCD821"_array32},
- {{S128KeyType::TITLEKEK, 3, 0},
- "47C6F9F7E99BB1F56DCDC93CDBD340EA82DCCD74DD8F3535ADA20ECF79D438ED"_array32},
- {{S128KeyType::TITLEKEK, 4, 0},
- "128610de8424cb29e08f9ee9a81c9e6ffd3c6662854aad0c8f937e0bcedc4d88"_array32},
- {{S128KeyType::ETICKET_RSA_KEK, 0, 0},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::KEY_AREA, 0, static_cast<u64>(KeyAreaKeyType::Application)},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::KEY_AREA, 1, static_cast<u64>(KeyAreaKeyType::Application)},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::KEY_AREA, 2, static_cast<u64>(KeyAreaKeyType::Application)},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::KEY_AREA, 3, static_cast<u64>(KeyAreaKeyType::Application)},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::KEY_AREA, 4, static_cast<u64>(KeyAreaKeyType::Application)},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::KEY_AREA, 0, static_cast<u64>(KeyAreaKeyType::Ocean)},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::KEY_AREA, 1, static_cast<u64>(KeyAreaKeyType::Ocean)},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::KEY_AREA, 2, static_cast<u64>(KeyAreaKeyType::Ocean)},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::KEY_AREA, 3, static_cast<u64>(KeyAreaKeyType::Ocean)},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::KEY_AREA, 4, static_cast<u64>(KeyAreaKeyType::Ocean)},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::KEY_AREA, 0, static_cast<u64>(KeyAreaKeyType::System)},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::KEY_AREA, 1, static_cast<u64>(KeyAreaKeyType::System)},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::KEY_AREA, 2, static_cast<u64>(KeyAreaKeyType::System)},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::KEY_AREA, 3, static_cast<u64>(KeyAreaKeyType::System)},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S128KeyType::KEY_AREA, 4, static_cast<u64>(KeyAreaKeyType::System)},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
-};
-
-std::unordered_map<KeyIndex<S256KeyType>, SHA256Hash> KeyManager::s256_hash_dev = {
- {{S256KeyType::HEADER, 0, 0},
- "ecde86a76e37ac4fd7591d3aa55c00cc77d8595fc27968052ec18a177d939060"_array32},
- {{S256KeyType::SD_SAVE, 0, 0},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
- {{S256KeyType::SD_NCA, 0, 0},
- "0000000000000000000000000000000000000000000000000000000000000000"_array32},
-};
-
-std::unordered_map<std::string, KeyIndex<S128KeyType>> KeyManager::s128_file_id = {
- {"master_key_00", {S128KeyType::MASTER, 0, 0}},
- {"master_key_01", {S128KeyType::MASTER, 1, 0}},
- {"master_key_02", {S128KeyType::MASTER, 2, 0}},
- {"master_key_03", {S128KeyType::MASTER, 3, 0}},
- {"master_key_04", {S128KeyType::MASTER, 4, 0}},
- {"package1_key_00", {S128KeyType::PACKAGE1, 0, 0}},
- {"package1_key_01", {S128KeyType::PACKAGE1, 1, 0}},
- {"package1_key_02", {S128KeyType::PACKAGE1, 2, 0}},
- {"package1_key_03", {S128KeyType::PACKAGE1, 3, 0}},
- {"package1_key_04", {S128KeyType::PACKAGE1, 4, 0}},
- {"package2_key_00", {S128KeyType::PACKAGE2, 0, 0}},
- {"package2_key_01", {S128KeyType::PACKAGE2, 1, 0}},
- {"package2_key_02", {S128KeyType::PACKAGE2, 2, 0}},
- {"package2_key_03", {S128KeyType::PACKAGE2, 3, 0}},
- {"package2_key_04", {S128KeyType::PACKAGE2, 4, 0}},
- {"titlekek_00", {S128KeyType::TITLEKEK, 0, 0}},
- {"titlekek_01", {S128KeyType::TITLEKEK, 1, 0}},
- {"titlekek_02", {S128KeyType::TITLEKEK, 2, 0}},
- {"titlekek_03", {S128KeyType::TITLEKEK, 3, 0}},
- {"titlekek_04", {S128KeyType::TITLEKEK, 4, 0}},
- {"eticket_rsa_kek", {S128KeyType::ETICKET_RSA_KEK, 0, 0}},
- {"key_area_key_application_00",
- {S128KeyType::KEY_AREA, 0, static_cast<u64>(KeyAreaKeyType::Application)}},
- {"key_area_key_application_01",
- {S128KeyType::KEY_AREA, 1, static_cast<u64>(KeyAreaKeyType::Application)}},
- {"key_area_key_application_02",
- {S128KeyType::KEY_AREA, 2, static_cast<u64>(KeyAreaKeyType::Application)}},
- {"key_area_key_application_03",
- {S128KeyType::KEY_AREA, 3, static_cast<u64>(KeyAreaKeyType::Application)}},
- {"key_area_key_application_04",
- {S128KeyType::KEY_AREA, 4, static_cast<u64>(KeyAreaKeyType::Application)}},
- {"key_area_key_ocean_00", {S128KeyType::KEY_AREA, 0, static_cast<u64>(KeyAreaKeyType::Ocean)}},
- {"key_area_key_ocean_01", {S128KeyType::KEY_AREA, 1, static_cast<u64>(KeyAreaKeyType::Ocean)}},
- {"key_area_key_ocean_02", {S128KeyType::KEY_AREA, 2, static_cast<u64>(KeyAreaKeyType::Ocean)}},
- {"key_area_key_ocean_03", {S128KeyType::KEY_AREA, 3, static_cast<u64>(KeyAreaKeyType::Ocean)}},
- {"key_area_key_ocean_04", {S128KeyType::KEY_AREA, 4, static_cast<u64>(KeyAreaKeyType::Ocean)}},
- {"key_area_key_system_00",
- {S128KeyType::KEY_AREA, 0, static_cast<u64>(KeyAreaKeyType::System)}},
- {"key_area_key_system_01",
- {S128KeyType::KEY_AREA, 1, static_cast<u64>(KeyAreaKeyType::System)}},
- {"key_area_key_system_02",
- {S128KeyType::KEY_AREA, 2, static_cast<u64>(KeyAreaKeyType::System)}},
- {"key_area_key_system_03",
- {S128KeyType::KEY_AREA, 3, static_cast<u64>(KeyAreaKeyType::System)}},
- {"key_area_key_system_04",
- {S128KeyType::KEY_AREA, 4, static_cast<u64>(KeyAreaKeyType::System)}},
-};
-
-std::unordered_map<std::string, KeyIndex<S256KeyType>> KeyManager::s256_file_id = {
- {"header_key", {S256KeyType::HEADER, 0, 0}},
- {"sd_card_save_key", {S256KeyType::SD_SAVE, 0, 0}},
- {"sd_card_nca_key", {S256KeyType::SD_NCA, 0, 0}},
-};
+namespace Core::Crypto {
static u8 ToHexNibble(char c1) {
if (c1 >= 65 && c1 <= 70)
@@ -271,8 +48,20 @@ std::array<u8, 32> operator""_array32(const char* str, size_t len) {
return HexStringToArray<32>(str);
}
-void KeyManager::SetValidationMode(bool dev) {
- dev_mode = dev;
+KeyManager::KeyManager() {
+ // Initialize keys
+ std::string keys_dir = FileUtil::GetHactoolConfigurationPath();
+ if (Settings::values.use_dev_keys) {
+ dev_mode = true;
+ if (FileUtil::Exists(keys_dir + DIR_SEP + "dev.keys"))
+ LoadFromFile(keys_dir + DIR_SEP + "dev.keys", false);
+ } else {
+ dev_mode = false;
+ if (FileUtil::Exists(keys_dir + DIR_SEP + "prod.keys"))
+ LoadFromFile(keys_dir + DIR_SEP + "prod.keys", false);
+ }
+ if (FileUtil::Exists(keys_dir + DIR_SEP + "title.keys"))
+ LoadFromFile(keys_dir + DIR_SEP + "title.keys", true);
}
void KeyManager::LoadFromFile(std::string_view filename_, bool is_title_keys) {
@@ -299,7 +88,7 @@ void KeyManager::LoadFromFile(std::string_view filename_, bool is_title_keys) {
auto rights_id_raw = HexStringToArray<16>(out[0]);
u128 rights_id = *reinterpret_cast<std::array<u64, 2>*>(&rights_id_raw);
Key128 key = HexStringToArray<16>(out[1]);
- SetKey(S128KeyType::TITLEKEY, key, rights_id[1], rights_id[0]);
+ SetKey(S128KeyType::Titlekey, key, rights_id[1], rights_id[0]);
} else {
std::transform(out[0].begin(), out[0].end(), out[0].begin(), ::tolower);
if (s128_file_id.find(out[0]) != s128_file_id.end()) {
@@ -315,24 +104,24 @@ void KeyManager::LoadFromFile(std::string_view filename_, bool is_title_keys) {
}
}
-bool KeyManager::HasKey(S128KeyType id, u64 field1, u64 field2) {
+bool KeyManager::HasKey(S128KeyType id, u64 field1, u64 field2) const {
return s128_keys.find({id, field1, field2}) != s128_keys.end();
}
-bool KeyManager::HasKey(S256KeyType id, u64 field1, u64 field2) {
+bool KeyManager::HasKey(S256KeyType id, u64 field1, u64 field2) const {
return s256_keys.find({id, field1, field2}) != s256_keys.end();
}
-Key128 KeyManager::GetKey(S128KeyType id, u64 field1, u64 field2) {
+Key128 KeyManager::GetKey(S128KeyType id, u64 field1, u64 field2) const {
if (!HasKey(id, field1, field2))
return {};
- return s128_keys[{id, field1, field2}];
+ return s128_keys.at({id, field1, field2});
}
-Key256 KeyManager::GetKey(S256KeyType id, u64 field1, u64 field2) {
+Key256 KeyManager::GetKey(S256KeyType id, u64 field1, u64 field2) const {
if (!HasKey(id, field1, field2))
return {};
- return s256_keys[{id, field1, field2}];
+ return s256_keys.at({id, field1, field2});
}
void KeyManager::SetKey(S128KeyType id, Key128 key, u64 field1, u64 field2) {
@@ -343,68 +132,53 @@ void KeyManager::SetKey(S256KeyType id, Key256 key, u64 field1, u64 field2) {
s256_keys[{id, field1, field2}] = key;
}
-bool KeyManager::ValidateKey(S128KeyType key, u64 field1, u64 field2) {
- auto& hash = dev_mode ? s128_hash_dev : s128_hash_prod;
-
- KeyIndex<S128KeyType> id = {key, field1, field2};
- if (key == S128KeyType::SD_SEED || key == S128KeyType::TITLEKEY ||
- hash.find(id) == hash.end()) {
- LOG_WARNING(Crypto, "Could not validate [{}]", id.DebugInfo());
- return true;
- }
-
- if (!HasKey(key, field1, field2)) {
- LOG_CRITICAL(Crypto,
- "System has requested validation of [{}], but user has not added it. Add this "
- "key to use functionality.",
- id.DebugInfo());
- return false;
- }
-
- SHA256Hash key_hash{};
- const auto a_key = GetKey(key, field1, field2);
- mbedtls_sha256(a_key.data(), a_key.size(), key_hash.data(), 0);
- if (key_hash != hash[id]) {
- LOG_CRITICAL(Crypto,
- "The hash of the provided key for [{}] does not match the one on file. This "
- "means you probably have an incorrect key. If you believe this to be in "
- "error, contact the yuzu devs.",
- id.DebugInfo());
- return false;
- }
-
- return true;
-}
-
-bool KeyManager::ValidateKey(S256KeyType key, u64 field1, u64 field2) {
- auto& hash = dev_mode ? s256_hash_dev : s256_hash_prod;
-
- KeyIndex<S256KeyType> id = {key, field1, field2};
- if (hash.find(id) == hash.end()) {
- LOG_ERROR(Crypto, "Could not validate [{}]", id.DebugInfo());
- return true;
- }
-
- if (!HasKey(key, field1, field2)) {
- LOG_ERROR(Crypto,
- "System has requested validation of [{}], but user has not added it. Add this "
- "key to use functionality.",
- id.DebugInfo());
- return false;
- }
-
- SHA256Hash key_hash{};
- const auto a_key = GetKey(key, field1, field2);
- mbedtls_sha256(a_key.data(), a_key.size(), key_hash.data(), 0);
- if (key_hash != hash[id]) {
- LOG_CRITICAL(Crypto,
- "The hash of the provided key for [{}] does not match the one on file. This "
- "means you probably have an incorrect key. If you believe this to be in "
- "error, contact the yuzu devs.",
- id.DebugInfo());
- return false;
- }
+std::unordered_map<std::string, KeyIndex<S128KeyType>> KeyManager::s128_file_id = {
+ {"master_key_00", {S128KeyType::Master, 0, 0}},
+ {"master_key_01", {S128KeyType::Master, 1, 0}},
+ {"master_key_02", {S128KeyType::Master, 2, 0}},
+ {"master_key_03", {S128KeyType::Master, 3, 0}},
+ {"master_key_04", {S128KeyType::Master, 4, 0}},
+ {"package1_key_00", {S128KeyType::Package1, 0, 0}},
+ {"package1_key_01", {S128KeyType::Package1, 1, 0}},
+ {"package1_key_02", {S128KeyType::Package1, 2, 0}},
+ {"package1_key_03", {S128KeyType::Package1, 3, 0}},
+ {"package1_key_04", {S128KeyType::Package1, 4, 0}},
+ {"package2_key_00", {S128KeyType::Package2, 0, 0}},
+ {"package2_key_01", {S128KeyType::Package2, 1, 0}},
+ {"package2_key_02", {S128KeyType::Package2, 2, 0}},
+ {"package2_key_03", {S128KeyType::Package2, 3, 0}},
+ {"package2_key_04", {S128KeyType::Package2, 4, 0}},
+ {"titlekek_00", {S128KeyType::Titlekek, 0, 0}},
+ {"titlekek_01", {S128KeyType::Titlekek, 1, 0}},
+ {"titlekek_02", {S128KeyType::Titlekek, 2, 0}},
+ {"titlekek_03", {S128KeyType::Titlekek, 3, 0}},
+ {"titlekek_04", {S128KeyType::Titlekek, 4, 0}},
+ {"eticket_rsa_kek", {S128KeyType::ETicketRSAKek, 0, 0}},
+ {"key_area_key_application_00",
+ {S128KeyType::KeyArea, 0, static_cast<u64>(KeyAreaKeyType::Application)}},
+ {"key_area_key_application_01",
+ {S128KeyType::KeyArea, 1, static_cast<u64>(KeyAreaKeyType::Application)}},
+ {"key_area_key_application_02",
+ {S128KeyType::KeyArea, 2, static_cast<u64>(KeyAreaKeyType::Application)}},
+ {"key_area_key_application_03",
+ {S128KeyType::KeyArea, 3, static_cast<u64>(KeyAreaKeyType::Application)}},
+ {"key_area_key_application_04",
+ {S128KeyType::KeyArea, 4, static_cast<u64>(KeyAreaKeyType::Application)}},
+ {"key_area_key_ocean_00", {S128KeyType::KeyArea, 0, static_cast<u64>(KeyAreaKeyType::Ocean)}},
+ {"key_area_key_ocean_01", {S128KeyType::KeyArea, 1, static_cast<u64>(KeyAreaKeyType::Ocean)}},
+ {"key_area_key_ocean_02", {S128KeyType::KeyArea, 2, static_cast<u64>(KeyAreaKeyType::Ocean)}},
+ {"key_area_key_ocean_03", {S128KeyType::KeyArea, 3, static_cast<u64>(KeyAreaKeyType::Ocean)}},
+ {"key_area_key_ocean_04", {S128KeyType::KeyArea, 4, static_cast<u64>(KeyAreaKeyType::Ocean)}},
+ {"key_area_key_system_00", {S128KeyType::KeyArea, 0, static_cast<u64>(KeyAreaKeyType::System)}},
+ {"key_area_key_system_01", {S128KeyType::KeyArea, 1, static_cast<u64>(KeyAreaKeyType::System)}},
+ {"key_area_key_system_02", {S128KeyType::KeyArea, 2, static_cast<u64>(KeyAreaKeyType::System)}},
+ {"key_area_key_system_03", {S128KeyType::KeyArea, 3, static_cast<u64>(KeyAreaKeyType::System)}},
+ {"key_area_key_system_04", {S128KeyType::KeyArea, 4, static_cast<u64>(KeyAreaKeyType::System)}},
+};
- return true;
-}
-} // namespace Crypto
+std::unordered_map<std::string, KeyIndex<S256KeyType>> KeyManager::s256_file_id = {
+ {"header_key", {S256KeyType::Header, 0, 0}},
+ {"sd_card_save_key", {S256KeyType::SDSave, 0, 0}},
+ {"sd_card_nca_key", {S256KeyType::SDNCA, 0, 0}},
+};
+} // namespace Core::Crypto
diff --git a/src/core/crypto/key_manager.h b/src/core/crypto/key_manager.h
index b892a83f2c0a27086beaca4aa3174b83d74747a5..e04f1d49f5496295eb3b7a063776882355b1c52c 100644
--- a/src/core/crypto/key_manager.h
+++ b/src/core/crypto/key_manager.h
@@ -3,36 +3,37 @@
// Refer to the license.txt file included.
#pragma once
+
#include <array>
#include <unordered_map>
#include <vector>
#include <fmt/format.h>
#include "common/common_types.h"
-namespace Crypto {
+namespace Core::Crypto {
-typedef std::array<u8, 0x10> Key128;
-typedef std::array<u8, 0x20> Key256;
-typedef std::array<u8, 0x20> SHA256Hash;
+using Key128 = std::array<u8, 0x10>;
+using Key256 = std::array<u8, 0x20>;
+using SHA256Hash = std::array<u8, 0x20>;
static_assert(sizeof(Key128) == 16, "Key128 must be 128 bytes big.");
static_assert(sizeof(Key256) == 32, "Key128 must be 128 bytes big.");
enum class S256KeyType : u64 {
- HEADER, //
- SD_SAVE, //
- SD_NCA, //
+ Header, //
+ SDSave, //
+ SDNCA, //
};
enum class S128KeyType : u64 {
- MASTER, // f1=crypto revision
- PACKAGE1, // f1=crypto revision
- PACKAGE2, // f1=crypto revision
- TITLEKEK, // f1=crypto revision
- ETICKET_RSA_KEK, //
- KEY_AREA, // f1=crypto revision f2=type {app, ocean, system}
- SD_SEED, //
- TITLEKEY, // f1=rights id LSB f2=rights id MSB
+ Master, // f1=crypto revision
+ Package1, // f1=crypto revision
+ Package2, // f1=crypto revision
+ Titlekek, // f1=crypto revision
+ ETicketRSAKek, //
+ KeyArea, // f1=crypto revision f2=type {app, ocean, system}
+ SDSeed, //
+ Titlekey, // f1=rights id LSB f2=rights id MSB
};
enum class KeyAreaKeyType : u8 {
@@ -47,7 +48,7 @@ struct KeyIndex {
u64 field1;
u64 field2;
- std::string DebugInfo() {
+ std::string DebugInfo() const {
u8 key_size = 16;
if (std::is_same_v<KeyType, S256KeyType>)
key_size = 32;
@@ -60,15 +61,20 @@ struct KeyIndex {
template <typename KeyType>
bool operator==(const KeyIndex<KeyType>& lhs, const KeyIndex<KeyType>& rhs) {
- return lhs.type == rhs.type && lhs.field1 == rhs.field1 && lhs.field2 == rhs.field2;
+ return std::tie(lhs.type, lhs.field1, lhs.field2) == std::tie(rhs.type, rhs.field1, rhs.field2);
}
-} // namespace Crypto
+template <typename KeyType>
+bool operator!=(const KeyIndex<KeyType>& lhs, const KeyIndex<KeyType>& rhs) {
+ return !operator==(lhs, rhs);
+}
+
+} // namespace Core::Crypto
namespace std {
template <typename KeyType>
-struct hash<Crypto::KeyIndex<KeyType>> {
- size_t operator()(const Crypto::KeyIndex<KeyType>& k) const {
+struct hash<Core::Crypto::KeyIndex<KeyType>> {
+ size_t operator()(const Core::Crypto::KeyIndex<KeyType>& k) const {
using std::hash;
return ((hash<u64>()(static_cast<u64>(k.type)) ^ (hash<u64>()(k.field1) << 1)) >> 1) ^
@@ -77,41 +83,32 @@ struct hash<Crypto::KeyIndex<KeyType>> {
};
} // namespace std
-namespace Crypto {
+namespace Core::Crypto {
std::array<u8, 0x10> operator"" _array16(const char* str, size_t len);
std::array<u8, 0x20> operator"" _array32(const char* str, size_t len);
-struct KeyManager {
- void SetValidationMode(bool dev);
- void LoadFromFile(std::string_view filename, bool is_title_keys);
+class KeyManager {
+public:
+ KeyManager();
- bool HasKey(S128KeyType id, u64 field1 = 0, u64 field2 = 0);
- bool HasKey(S256KeyType id, u64 field1 = 0, u64 field2 = 0);
+ bool HasKey(S128KeyType id, u64 field1 = 0, u64 field2 = 0) const;
+ bool HasKey(S256KeyType id, u64 field1 = 0, u64 field2 = 0) const;
- Key128 GetKey(S128KeyType id, u64 field1 = 0, u64 field2 = 0);
- Key256 GetKey(S256KeyType id, u64 field1 = 0, u64 field2 = 0);
+ Key128 GetKey(S128KeyType id, u64 field1 = 0, u64 field2 = 0) const;
+ Key256 GetKey(S256KeyType id, u64 field1 = 0, u64 field2 = 0) const;
void SetKey(S128KeyType id, Key128 key, u64 field1 = 0, u64 field2 = 0);
void SetKey(S256KeyType id, Key256 key, u64 field1 = 0, u64 field2 = 0);
- bool ValidateKey(S128KeyType key, u64 field1 = 0, u64 field2 = 0);
- bool ValidateKey(S256KeyType key, u64 field1 = 0, u64 field2 = 0);
-
private:
std::unordered_map<KeyIndex<S128KeyType>, Key128> s128_keys;
std::unordered_map<KeyIndex<S256KeyType>, Key256> s256_keys;
- bool dev_mode = false;
+ bool dev_mode;
+ void LoadFromFile(std::string_view filename, bool is_title_keys);
- static std::unordered_map<KeyIndex<S128KeyType>, SHA256Hash> s128_hash_prod;
- static std::unordered_map<KeyIndex<S256KeyType>, SHA256Hash> s256_hash_prod;
- static std::unordered_map<KeyIndex<S128KeyType>, SHA256Hash> s128_hash_dev;
- static std::unordered_map<KeyIndex<S256KeyType>, SHA256Hash> s256_hash_dev;
static std::unordered_map<std::string, KeyIndex<S128KeyType>> s128_file_id;
static std::unordered_map<std::string, KeyIndex<S256KeyType>> s256_file_id;
};
-
-extern KeyManager keys;
-
-} // namespace Crypto
+} // namespace Core::Crypto
diff --git a/src/core/file_sys/card_image.cpp b/src/core/file_sys/card_image.cpp
index 5ff09a362f603fa5a35cf162c0ccf61c69e6e1d0..3c1dbf46ce47a5e62bb25bf8f19cd135ec809bd4 100644
--- a/src/core/file_sys/card_image.cpp
+++ b/src/core/file_sys/card_image.cpp
@@ -30,8 +30,8 @@ XCI::XCI(VirtualFile file_) : file(std::move(file_)), partitions(0x4) {
return;
}
- const static std::array<std::string, 0x4> partition_names = {"update", "normal", "secure",
- "logo"};
+ static constexpr std::array<const char*, 0x4> partition_names = {"update", "normal", "secure",
+ "logo"};
for (XCIPartition partition :
{XCIPartition::Update, XCIPartition::Normal, XCIPartition::Secure, XCIPartition::Logo}) {
@@ -93,12 +93,9 @@ VirtualDir XCI::GetLogoPartition() const {
}
std::shared_ptr<NCA> XCI::GetNCAByType(NCAContentType type) const {
- for (const auto& nca : ncas) {
- if (nca->GetType() == type)
- return nca;
- }
-
- return nullptr;
+ auto iter = std::find_if(ncas.begin(), ncas.end(),
+ [type](std::shared_ptr<NCA> nca) { return nca->GetType() == type; });
+ return iter == ncas.end() ? nullptr : *iter;
}
VirtualFile XCI::GetNCAFileByType(NCAContentType type) const {
@@ -133,7 +130,7 @@ Loader::ResultStatus XCI::AddNCAFromPartition(XCIPartition part) {
return Loader::ResultStatus::ErrorInvalidFormat;
}
- for (VirtualFile file : partitions[static_cast<size_t>(part)]->GetFiles()) {
+ for (const VirtualFile& file : partitions[static_cast<size_t>(part)]->GetFiles()) {
if (file->GetExtension() != "nca")
continue;
auto nca = std::make_shared<NCA>(file);
diff --git a/src/core/file_sys/content_archive.cpp b/src/core/file_sys/content_archive.cpp
index add01974e24ec93de780e5eb850ed42cb45ca7da..952dc70683e9267fe9f62eb21ed09b76873fe61d 100644
--- a/src/core/file_sys/content_archive.cpp
+++ b/src/core/file_sys/content_archive.cpp
@@ -9,10 +9,9 @@
#include "core/crypto/aes_util.h"
#include "core/crypto/ctr_encryption_layer.h"
#include "core/file_sys/content_archive.h"
+#include "core/file_sys/romfs.h"
#include "core/file_sys/vfs_offset.h"
#include "core/loader/loader.h"
-#include "mbedtls/cipher.h"
-#include "romfs.h"
namespace FileSys {
@@ -77,7 +76,7 @@ bool IsValidNCA(const NCAHeader& header) {
return header.magic == Common::MakeMagic('N', 'C', 'A', '3');
}
-Crypto::Key128 NCA::GetKeyAreaKey(NCASectionCryptoType type) {
+Core::Crypto::Key128 NCA::GetKeyAreaKey(NCASectionCryptoType type) {
u8 master_key_id = header.crypto_type;
if (header.crypto_type_2 > master_key_id)
master_key_id = header.crypto_type_2;
@@ -85,16 +84,12 @@ Crypto::Key128 NCA::GetKeyAreaKey(NCASectionCryptoType type) {
--master_key_id;
std::vector<u8> key_area(header.key_area.begin(), header.key_area.end());
- if (!Crypto::keys.ValidateKey(Crypto::S128KeyType::KEY_AREA, master_key_id, header.key_index)) {
- status = Loader::ResultStatus::ErrorEncrypted;
- return {};
- }
- Crypto::AESCipher<Crypto::Key128> cipher(
- Crypto::keys.GetKey(Crypto::S128KeyType::KEY_AREA, master_key_id, header.key_index),
- Crypto::Mode::ECB);
- cipher.Transcode(key_area.data(), key_area.size(), key_area.data(), Crypto::Op::DECRYPT);
+ Core::Crypto::AESCipher<Core::Crypto::Key128> cipher(
+ keys.GetKey(Core::Crypto::S128KeyType::KeyArea, master_key_id, header.key_index),
+ Core::Crypto::Mode::ECB);
+ cipher.Transcode(key_area.data(), key_area.size(), key_area.data(), Core::Crypto::Op::Decrypt);
- Crypto::Key128 out;
+ Core::Crypto::Key128 out;
if (type == NCASectionCryptoType::XTS)
std::copy(key_area.begin(), key_area.begin() + 0x10, out.begin());
else if (type == NCASectionCryptoType::CTR)
@@ -102,8 +97,8 @@ Crypto::Key128 NCA::GetKeyAreaKey(NCASectionCryptoType type) {
else
LOG_CRITICAL(Crypto, "Called GetKeyAreaKey on invalid NCASectionCryptoType type={:02X}",
static_cast<u8>(type));
-
- u128 out_128 = *reinterpret_cast<u128*>(&out);
+ u128 out_128{};
+ memcpy(out_128.data(), out.data(), 16);
LOG_DEBUG(Crypto, "called with crypto_rev={:02X}, kak_index={:02X}, key={:016X}{:016X}",
master_key_id, header.key_index, out_128[1], out_128[0]);
@@ -121,9 +116,9 @@ VirtualFile NCA::Decrypt(NCASectionHeader header, VirtualFile in, u64 starting_o
case NCASectionCryptoType::CTR:
LOG_DEBUG(Crypto, "called with mode=CTR, starting_offset={:016X}", starting_offset);
{
- auto out = std::make_shared<Crypto::CTREncryptionLayer>(
+ auto out = std::make_shared<Core::Crypto::CTREncryptionLayer>(
std::move(in), GetKeyAreaKey(NCASectionCryptoType::CTR), starting_offset);
- std::vector<u8> iv(16, 0);
+ std::vector<u8> iv(16);
for (u8 i = 0; i < 8; ++i)
iv[i] = header.raw.section_ctr[0x8 - i - 1];
out->SetIV(iv);
@@ -146,13 +141,10 @@ NCA::NCA(VirtualFile file_) : file(std::move(file_)) {
if (!IsValidNCA(header)) {
NCAHeader dec_header{};
- if (!Crypto::keys.ValidateKey(Crypto::S256KeyType::HEADER)) {
- status = Loader::ResultStatus::ErrorEncrypted;
- return;
- }
- Crypto::AESCipher<Crypto::Key256> cipher(Crypto::keys.GetKey(Crypto::S256KeyType::HEADER),
- Crypto::Mode::XTS);
- cipher.XTSTranscode(&header, sizeof(NCAHeader), &dec_header, 0, 0x200, Crypto::Op::DECRYPT);
+ Core::Crypto::AESCipher<Core::Crypto::Key256> cipher(
+ keys.GetKey(Core::Crypto::S256KeyType::Header), Core::Crypto::Mode::XTS);
+ cipher.XTSTranscode(&header, sizeof(NCAHeader), &dec_header, 0, 0x200,
+ Core::Crypto::Op::Decrypt);
if (IsValidNCA(dec_header)) {
header = dec_header;
encrypted = true;
@@ -171,14 +163,10 @@ NCA::NCA(VirtualFile file_) : file(std::move(file_)) {
if (encrypted) {
auto raw = file->ReadBytes(length_sections, SECTION_HEADER_OFFSET);
- if (!Crypto::keys.ValidateKey(Crypto::S256KeyType::HEADER)) {
- status = Loader::ResultStatus::ErrorEncrypted;
- return;
- }
- Crypto::AESCipher<Crypto::Key256> cipher(Crypto::keys.GetKey(Crypto::S256KeyType::HEADER),
- Crypto::Mode::XTS);
+ Core::Crypto::AESCipher<Core::Crypto::Key256> cipher(
+ keys.GetKey(Core::Crypto::S256KeyType::Header), Core::Crypto::Mode::XTS);
cipher.XTSTranscode(raw.data(), length_sections, sections.data(), 2, SECTION_HEADER_SIZE,
- Crypto::Op::DECRYPT);
+ Core::Crypto::Op::Decrypt);
} else {
file->ReadBytes(sections.data(), length_sections, SECTION_HEADER_OFFSET);
}
diff --git a/src/core/file_sys/content_archive.h b/src/core/file_sys/content_archive.h
index d9ad3bf7ed72e1d2bab0e8e9574683e6615ebe4a..153142b06a84ac1eee0ae393b676f4fed118b272 100644
--- a/src/core/file_sys/content_archive.h
+++ b/src/core/file_sys/content_archive.h
@@ -9,12 +9,12 @@
#include <string>
#include <vector>
-#include "core/loader/loader.h"
#include "common/common_funcs.h"
#include "common/common_types.h"
#include "common/swap.h"
#include "core/crypto/key_manager.h"
#include "core/file_sys/partition_filesystem.h"
+#include "core/loader/loader.h"
namespace FileSys {
enum class NCAContentType : u8 {
@@ -107,7 +107,8 @@ private:
bool encrypted;
- Crypto::Key128 GetKeyAreaKey(NCASectionCryptoType type);
+ Core::Crypto::KeyManager keys;
+ Core::Crypto::Key128 GetKeyAreaKey(NCASectionCryptoType type);
VirtualFile Decrypt(NCASectionHeader header, VirtualFile in, u64 starting_offset);
};
diff --git a/src/core/file_sys/vfs.cpp b/src/core/file_sys/vfs.cpp
index 57d0aeb854f66b431a51e517a17d315794759336..dae1c16ef020ef0d1cf553513d445c204e40a511 100644
--- a/src/core/file_sys/vfs.cpp
+++ b/src/core/file_sys/vfs.cpp
@@ -297,10 +297,9 @@ bool DeepEquals(const VirtualFile& file1, const VirtualFile& file2, size_t block
if (f1_vs != f2_vs)
return false;
- for (size_t j = 0; j < f1_vs; ++j) {
- if (f1_v[j] != f2_v[j])
- return false;
- }
+ auto iters = std::mismatch(f1_v.begin(), f1_v.end(), f2_v.begin(), f2_v.end());
+ if (iters.first != f1_v.end() && iters.second != f2_v.end())
+ return false;
}
return true;
diff --git a/src/core/loader/xci.cpp b/src/core/loader/xci.cpp
index 9759e33d1e1f31919b78d6d9f29134ea095482a3..b4de5bd1697fc42e6248f0de7621cd766a5c6c20 100644
--- a/src/core/loader/xci.cpp
+++ b/src/core/loader/xci.cpp
@@ -28,14 +28,17 @@ AppLoader_XCI::AppLoader_XCI(FileSys::VirtualFile file)
nca_loader(std::make_unique<AppLoader_NCA>(
xci->GetNCAFileByType(FileSys::NCAContentType::Program))) {}
+AppLoader_XCI::~AppLoader_XCI() = default;
+
FileType AppLoader_XCI::IdentifyType(const FileSys::VirtualFile& file) {
FileSys::XCI xci(file);
if (xci.GetStatus() == ResultStatus::Success &&
xci.GetNCAByType(FileSys::NCAContentType::Program) != nullptr &&
AppLoader_NCA::IdentifyType(xci.GetNCAFileByType(FileSys::NCAContentType::Program)) ==
- FileType::NCA)
+ FileType::NCA) {
return FileType::XCI;
+ }
return FileType::Error;
}
@@ -62,6 +65,4 @@ ResultStatus AppLoader_XCI::ReadProgramId(u64& out_program_id) {
return nca_loader->ReadProgramId(out_program_id);
}
-AppLoader_XCI::~AppLoader_XCI() = default;
-
} // namespace Loader
diff --git a/src/core/loader/xci.h b/src/core/loader/xci.h
index a9cee1ca35733780eac2e40a6e4998b633bbbdac..2a09caa5f859c1371747577664182010176f2946 100644
--- a/src/core/loader/xci.h
+++ b/src/core/loader/xci.h
@@ -13,6 +13,7 @@ namespace Loader {
class AppLoader_XCI final : public AppLoader {
public:
explicit AppLoader_XCI(FileSys::VirtualFile file);
+ ~AppLoader_XCI();
/**
* Returns the type of the file
@@ -30,8 +31,6 @@ public:
ResultStatus ReadRomFS(FileSys::VirtualFile& dir) override;
ResultStatus ReadProgramId(u64& out_program_id) override;
- ~AppLoader_XCI();
-
private:
FileSys::ProgramMetadata metadata;
diff --git a/src/yuzu/main.cpp b/src/yuzu/main.cpp
index d3523e6ac2601c1a95dfc1e107ec8596d8531d3c..c274e5e2bd3950584c5c859e77731eea350b5db9 100644
--- a/src/yuzu/main.cpp
+++ b/src/yuzu/main.cpp
@@ -13,7 +13,6 @@
#include <QMessageBox>
#include <QtGui>
#include <QtWidgets>
-#include <core/crypto/key_manager.h>
#include "common/common_paths.h"
#include "common/logging/backend.h"
#include "common/logging/filter.h"
@@ -24,6 +23,7 @@
#include "common/scope_exit.h"
#include "common/string_util.h"
#include "core/core.h"
+#include "core/crypto/key_manager.h"
#include "core/gdbstub/gdbstub.h"
#include "core/loader/loader.h"
#include "core/settings.h"
@@ -89,19 +89,6 @@ GMainWindow::GMainWindow() : config(new Config()), emu_thread(nullptr) {
ui.setupUi(this);
statusBar()->hide();
- // Initialize keys
- std::string keys_dir = FileUtil::GetHactoolConfigurationPath();
- if (Settings::values.use_dev_keys) {
- Crypto::keys.SetValidationMode(true);
- if (FileUtil::Exists(keys_dir + DIR_SEP + "dev.keys"))
- Crypto::keys.LoadFromFile(keys_dir + DIR_SEP + "dev.keys", false);
- } else {
- if (FileUtil::Exists(keys_dir + DIR_SEP + "prod.keys"))
- Crypto::keys.LoadFromFile(keys_dir + DIR_SEP + "prod.keys", false);
- }
- if (FileUtil::Exists(keys_dir + DIR_SEP + "title.keys"))
- Crypto::keys.LoadFromFile(keys_dir + DIR_SEP + "title.keys", true);
-
default_theme_paths = QIcon::themeSearchPaths();
UpdateUITheme();
diff --git a/src/yuzu_cmd/yuzu.cpp b/src/yuzu_cmd/yuzu.cpp
index 955e2ba14085aa918662b4cc5f82d75e4e5736e0..97a8e13f01be38118c56668e2c001187db6fe32e 100644
--- a/src/yuzu_cmd/yuzu.cpp
+++ b/src/yuzu_cmd/yuzu.cpp
@@ -73,19 +73,6 @@ static void InitializeLogging() {
int main(int argc, char** argv) {
Config config;
- // Initialize keys
- std::string keys_dir = FileUtil::GetHactoolConfigurationPath();
- if (Settings::values.use_dev_keys) {
- Crypto::keys.SetValidationMode(true);
- if (FileUtil::Exists(keys_dir + DIR_SEP + "dev.keys"))
- Crypto::keys.LoadFromFile(keys_dir + DIR_SEP + "dev.keys", false);
- } else {
- if (FileUtil::Exists(keys_dir + DIR_SEP + "prod.keys"))
- Crypto::keys.LoadFromFile(keys_dir + DIR_SEP + "prod.keys", false);
- }
- if (FileUtil::Exists(keys_dir + DIR_SEP + "title.keys"))
- Crypto::keys.LoadFromFile(keys_dir + DIR_SEP + "title.keys", true);
-
int option_index = 0;
bool use_gdbstub = Settings::values.use_gdbstub;
u32 gdb_port = static_cast<u32>(Settings::values.gdbstub_port);