diff --git a/bdk/sec/se.c b/bdk/sec/se.c
index 3a97ddd..01d14ab 100644
--- a/bdk/sec/se.c
+++ b/bdk/sec/se.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2018 naehrwert
- * Copyright (c) 2018-2020 CTCaer
+ * Copyright (c) 2018-2021 CTCaer
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
@@ -57,17 +57,17 @@ static void _se_ll_init(se_ll_t *ll, u32 addr, u32 size)
static void _se_ll_set(se_ll_t *dst, se_ll_t *src)
{
- SE(SE_IN_LL_ADDR_REG_OFFSET) = (u32)src;
- SE(SE_OUT_LL_ADDR_REG_OFFSET) = (u32)dst;
+ SE(SE_IN_LL_ADDR_REG) = (u32)src;
+ SE(SE_OUT_LL_ADDR_REG) = (u32)dst;
}
static int _se_wait()
{
- while (!(SE(SE_INT_STATUS_REG_OFFSET) & SE_INT_OP_DONE(INT_SET)))
+ while (!(SE(SE_INT_STATUS_REG) & SE_INT_OP_DONE))
;
- if (SE(SE_INT_STATUS_REG_OFFSET) & SE_INT_ERROR(INT_SET) ||
- SE(SE_STATUS_0) & SE_STATUS_0_STATE_WAIT_IN ||
- SE(SE_ERR_STATUS_0) != SE_ERR_STATUS_0_SE_NS_ACCESS_CLEAR)
+ if (SE(SE_INT_STATUS_REG) & SE_INT_ERR_STAT ||
+ (SE(SE_STATUS_REG) & SE_STATUS_STATE_MASK) != SE_STATUS_STATE_IDLE ||
+ SE(SE_ERR_STATUS_REG) != 0)
return 0;
return 1;
}
@@ -92,12 +92,12 @@ static int _se_execute(u32 op, void *dst, u32 dst_size, const void *src, u32 src
_se_ll_set(ll_dst, ll_src);
- SE(SE_ERR_STATUS_0) = SE(SE_ERR_STATUS_0);
- SE(SE_INT_STATUS_REG_OFFSET) = SE(SE_INT_STATUS_REG_OFFSET);
+ SE(SE_ERR_STATUS_REG) = SE(SE_ERR_STATUS_REG);
+ SE(SE_INT_STATUS_REG) = SE(SE_INT_STATUS_REG);
bpmp_mmu_maintenance(BPMP_MMU_MAINT_CLN_INV_WAY, false);
- SE(SE_OPERATION_REG_OFFSET) = SE_OPERATION(op);
+ SE(SE_OPERATION_REG) = op;
if (is_oneshot)
{
@@ -146,13 +146,13 @@ static int _se_execute_one_block(u32 op, void *dst, u32 dst_size, const void *sr
if (!src || !dst)
return 0;
- u8 *block = (u8 *)malloc(0x10);
- memset(block, 0, 0x10);
+ u8 *block = (u8 *)malloc(SE_AES_BLOCK_SIZE);
+ memset(block, 0, SE_AES_BLOCK_SIZE);
- SE(SE_BLOCK_COUNT_REG_OFFSET) = 0;
+ SE(SE_CRYPTO_BLOCK_COUNT_REG) = 1 - 1;
memcpy(block, src, src_size);
- int res = _se_execute_oneshot(op, block, 0x10, block, 0x10);
+ int res = _se_execute_oneshot(op, block, SE_AES_BLOCK_SIZE, block, SE_AES_BLOCK_SIZE);
memcpy(dst, block, dst_size);
free(block);
@@ -161,68 +161,68 @@ static int _se_execute_one_block(u32 op, void *dst, u32 dst_size, const void *sr
static void _se_aes_ctr_set(void *ctr)
{
- u32 data[TEGRA_SE_AES_BLOCK_SIZE / 4];
- memcpy(data, ctr, TEGRA_SE_AES_BLOCK_SIZE);
+ u32 data[SE_AES_IV_SIZE / 4];
+ memcpy(data, ctr, SE_AES_IV_SIZE);
- for (u32 i = 0; i < (TEGRA_SE_AES_BLOCK_SIZE / 4); i++)
- SE(SE_CRYPTO_CTR_REG_OFFSET + (4 * i)) = data[i];
+ for (u32 i = 0; i < SE_CRYPTO_LINEAR_CTR_REG_COUNT; i++)
+ SE(SE_CRYPTO_LINEAR_CTR_REG + (4 * i)) = data[i];
}
void se_rsa_acc_ctrl(u32 rs, u32 flags)
{
- if (flags & SE_RSA_KEY_TBL_DIS_KEY_ALL_FLAG)
- SE(SE_RSA_KEYTABLE_ACCESS_REG_OFFSET + 4 * rs) =
- ((flags >> SE_RSA_KEY_TBL_DIS_KEYUSE_FLAG_SHIFT) & SE_RSA_KEY_TBL_DIS_KEYUSE_FLAG) |
- ((flags & SE_RSA_KEY_TBL_DIS_KEY_READ_UPDATE_FLAG) ^ SE_RSA_KEY_TBL_DIS_KEY_ALL_COMMON_FLAG);
- if (flags & SE_RSA_KEY_TBL_DIS_KEY_LOCK_FLAG)
- SE(SE_RSA_KEYTABLE_ACCESS_LOCK_OFFSET) &= ~BIT(rs);
+ if (flags & SE_RSA_KEY_TBL_DIS_KEY_ACCESS_FLAG)
+ SE(SE_RSA_KEYTABLE_ACCESS_REG + 4 * rs) =
+ (((flags >> 4) & SE_RSA_KEY_TBL_DIS_KEYUSE_FLAG) |(flags & SE_RSA_KEY_TBL_DIS_KEY_READ_UPDATE_FLAG)) ^
+ SE_RSA_KEY_TBL_DIS_KEY_READ_UPDATE_USE_FLAG;
+ if (flags & SE_RSA_KEY_LOCK_FLAG)
+ SE(SE_RSA_SECURITY_PERKEY_REG) &= ~BIT(rs);
}
void se_key_acc_ctrl(u32 ks, u32 flags)
{
if (flags & SE_KEY_TBL_DIS_KEY_ACCESS_FLAG)
- SE(SE_KEY_TABLE_ACCESS_REG_OFFSET + 4 * ks) = ~flags;
- if (flags & SE_KEY_TBL_DIS_KEY_LOCK_FLAG)
- SE(SE_KEY_TABLE_ACCESS_LOCK_OFFSET) &= ~BIT(ks);
+ SE(SE_CRYPTO_KEYTABLE_ACCESS_REG + 4 * ks) = ~flags;
+ if (flags & SE_KEY_LOCK_FLAG)
+ SE(SE_CRYPTO_SECURITY_PERKEY_REG) &= ~BIT(ks);
}
u32 se_key_acc_ctrl_get(u32 ks)
{
- return SE(SE_KEY_TABLE_ACCESS_REG_OFFSET + 4 * ks);
+ return SE(SE_CRYPTO_KEYTABLE_ACCESS_REG + 4 * ks);
}
void se_aes_key_set(u32 ks, void *key, u32 size)
{
- u32 data[TEGRA_SE_AES_MAX_KEY_SIZE / 4];
+ u32 data[SE_AES_MAX_KEY_SIZE / 4];
memcpy(data, key, size);
for (u32 i = 0; i < (size / 4); i++)
{
- SE(SE_KEYTABLE_REG_OFFSET) = SE_KEYTABLE_SLOT(ks) | i;
- SE(SE_KEYTABLE_DATA0_REG_OFFSET) = data[i];
+ SE(SE_CRYPTO_KEYTABLE_ADDR_REG) = SE_KEYTABLE_SLOT(ks) | SE_KEYTABLE_PKT(i); // QUAD is automatically set by PKT.
+ SE(SE_CRYPTO_KEYTABLE_DATA_REG) = data[i];
}
}
void se_aes_iv_set(u32 ks, void *iv)
{
- u32 data[TEGRA_SE_AES_BLOCK_SIZE / 4];
- memcpy(data, iv, TEGRA_SE_AES_BLOCK_SIZE);
+ u32 data[SE_AES_IV_SIZE / 4];
+ memcpy(data, iv, SE_AES_IV_SIZE);
- for (u32 i = 0; i < (TEGRA_SE_AES_BLOCK_SIZE / 4); i++)
+ for (u32 i = 0; i < (SE_AES_IV_SIZE / 4); i++)
{
- SE(SE_KEYTABLE_REG_OFFSET) = SE_KEYTABLE_SLOT(ks) | SE_KEYTABLE_QUAD(QUAD_ORG_IV) | i;
- SE(SE_KEYTABLE_DATA0_REG_OFFSET) = data[i];
+ SE(SE_CRYPTO_KEYTABLE_ADDR_REG) = SE_KEYTABLE_SLOT(ks) | SE_KEYTABLE_QUAD(ORIGINAL_IV) | SE_KEYTABLE_PKT(i);
+ SE(SE_CRYPTO_KEYTABLE_DATA_REG) = data[i];
}
}
void se_aes_key_get(u32 ks, void *key, u32 size)
{
- u32 data[TEGRA_SE_AES_MAX_KEY_SIZE / 4];
+ u32 data[SE_AES_MAX_KEY_SIZE / 4];
for (u32 i = 0; i < (size / 4); i++)
{
- SE(SE_KEYTABLE_REG_OFFSET) = SE_KEYTABLE_SLOT(ks) | i;
- data[i] = SE(SE_KEYTABLE_DATA0_REG_OFFSET);
+ SE(SE_CRYPTO_KEYTABLE_ADDR_REG) = SE_KEYTABLE_SLOT(ks) | SE_KEYTABLE_PKT(i); // QUAD is automatically set by PKT.
+ data[i] = SE(SE_CRYPTO_KEYTABLE_DATA_REG);
}
memcpy(key, data, size);
@@ -230,78 +230,78 @@ void se_aes_key_get(u32 ks, void *key, u32 size)
void se_aes_key_clear(u32 ks)
{
- for (u32 i = 0; i < (TEGRA_SE_AES_MAX_KEY_SIZE / 4); i++)
+ for (u32 i = 0; i < (SE_AES_MAX_KEY_SIZE / 4); i++)
{
- SE(SE_KEYTABLE_REG_OFFSET) = SE_KEYTABLE_SLOT(ks) | i;
- SE(SE_KEYTABLE_DATA0_REG_OFFSET) = 0;
+ SE(SE_CRYPTO_KEYTABLE_ADDR_REG) = SE_KEYTABLE_SLOT(ks) | SE_KEYTABLE_PKT(i); // QUAD is automatically set by PKT.
+ SE(SE_CRYPTO_KEYTABLE_DATA_REG) = 0;
}
}
void se_aes_iv_clear(u32 ks)
{
- for (u32 i = 0; i < (TEGRA_SE_AES_BLOCK_SIZE / 4); i++)
+ for (u32 i = 0; i < (SE_AES_IV_SIZE / 4); i++)
{
- SE(SE_KEYTABLE_REG_OFFSET) = SE_KEYTABLE_SLOT(ks) | SE_KEYTABLE_QUAD(QUAD_ORG_IV) | i;
- SE(SE_KEYTABLE_DATA0_REG_OFFSET) = 0;
+ SE(SE_CRYPTO_KEYTABLE_ADDR_REG) = SE_KEYTABLE_SLOT(ks) | SE_KEYTABLE_QUAD(ORIGINAL_IV) | SE_KEYTABLE_PKT(i);
+ SE(SE_CRYPTO_KEYTABLE_DATA_REG) = 0;
}
}
int se_aes_unwrap_key(u32 ks_dst, u32 ks_src, const void *input)
{
- SE(SE_CONFIG_REG_OFFSET) = SE_CONFIG_DEC_ALG(ALG_AES_DEC) | SE_CONFIG_DST(DST_KEYTAB);
- SE(SE_CRYPTO_REG_OFFSET) = SE_CRYPTO_KEY_INDEX(ks_src) | SE_CRYPTO_CORE_SEL(CORE_DECRYPT);
- SE(SE_BLOCK_COUNT_REG_OFFSET) = 0;
- SE(SE_CRYPTO_KEYTABLE_DST_REG_OFFSET) = SE_CRYPTO_KEYTABLE_DST_KEY_INDEX(ks_dst);
+ SE(SE_CONFIG_REG) = SE_CONFIG_DEC_ALG(ALG_AES_DEC) | SE_CONFIG_DST(DST_KEYTABLE);
+ SE(SE_CRYPTO_CONFIG_REG) = SE_CRYPTO_KEY_INDEX(ks_src) | SE_CRYPTO_CORE_SEL(CORE_DECRYPT);
+ SE(SE_CRYPTO_BLOCK_COUNT_REG) = 1 - 1;
+ SE(SE_CRYPTO_KEYTABLE_DST_REG) = SE_KEYTABLE_DST_KEY_INDEX(ks_dst) | SE_KEYTABLE_DST_WORD_QUAD(KEYS_0_3);
- return _se_execute_oneshot(OP_START, NULL, 0, input, 0x10);
+ return _se_execute_oneshot(SE_OP_START, NULL, 0, input, SE_KEY_128_SIZE);
}
int se_aes_crypt_ecb(u32 ks, u32 enc, void *dst, u32 dst_size, const void *src, u32 src_size)
{
if (enc)
{
- SE(SE_CONFIG_REG_OFFSET) = SE_CONFIG_ENC_ALG(ALG_AES_ENC) | SE_CONFIG_DST(DST_MEMORY);
- SE(SE_CRYPTO_REG_OFFSET) = SE_CRYPTO_KEY_INDEX(ks) | SE_CRYPTO_CORE_SEL(CORE_ENCRYPT);
+ SE(SE_CONFIG_REG) = SE_CONFIG_ENC_ALG(ALG_AES_ENC) | SE_CONFIG_DST(DST_MEMORY);
+ SE(SE_CRYPTO_CONFIG_REG) = SE_CRYPTO_KEY_INDEX(ks) | SE_CRYPTO_CORE_SEL(CORE_ENCRYPT);
}
else
{
- SE(SE_CONFIG_REG_OFFSET) = SE_CONFIG_DEC_ALG(ALG_AES_DEC) | SE_CONFIG_DST(DST_MEMORY);
- SE(SE_CRYPTO_REG_OFFSET) = SE_CRYPTO_KEY_INDEX(ks) | SE_CRYPTO_CORE_SEL(CORE_DECRYPT);
+ SE(SE_CONFIG_REG) = SE_CONFIG_DEC_ALG(ALG_AES_DEC) | SE_CONFIG_DST(DST_MEMORY);
+ SE(SE_CRYPTO_CONFIG_REG) = SE_CRYPTO_KEY_INDEX(ks) | SE_CRYPTO_CORE_SEL(CORE_DECRYPT);
}
- SE(SE_BLOCK_COUNT_REG_OFFSET) = (src_size >> 4) - 1;
- return _se_execute_oneshot(OP_START, dst, dst_size, src, src_size);
+ SE(SE_CRYPTO_BLOCK_COUNT_REG) = (src_size >> 4) - 1;
+ return _se_execute_oneshot(SE_OP_START, dst, dst_size, src, src_size);
}
int se_aes_crypt_cbc(u32 ks, u32 enc, void *dst, u32 dst_size, const void *src, u32 src_size)
{
if (enc)
{
- SE(SE_CONFIG_REG_OFFSET) = SE_CONFIG_ENC_ALG(ALG_AES_ENC) | SE_CONFIG_DST(DST_MEMORY);
- SE(SE_CRYPTO_REG_OFFSET) = SE_CRYPTO_KEY_INDEX(ks) | SE_CRYPTO_VCTRAM_SEL(VCTRAM_AESOUT) |
+ SE(SE_CONFIG_REG) = SE_CONFIG_ENC_ALG(ALG_AES_ENC) | SE_CONFIG_DST(DST_MEMORY);
+ SE(SE_CRYPTO_CONFIG_REG) = SE_CRYPTO_KEY_INDEX(ks) | SE_CRYPTO_VCTRAM_SEL(VCTRAM_AESOUT) |
SE_CRYPTO_CORE_SEL(CORE_ENCRYPT) | SE_CRYPTO_XOR_POS(XOR_TOP);
}
else
{
- SE(SE_CONFIG_REG_OFFSET) = SE_CONFIG_DEC_ALG(ALG_AES_DEC) | SE_CONFIG_DST(DST_MEMORY);
- SE(SE_CRYPTO_REG_OFFSET) = SE_CRYPTO_KEY_INDEX(ks) | SE_CRYPTO_VCTRAM_SEL(VCTRAM_PREVAHB) |
+ SE(SE_CONFIG_REG) = SE_CONFIG_DEC_ALG(ALG_AES_DEC) | SE_CONFIG_DST(DST_MEMORY);
+ SE(SE_CRYPTO_CONFIG_REG) = SE_CRYPTO_KEY_INDEX(ks) | SE_CRYPTO_VCTRAM_SEL(VCTRAM_PREVMEM) |
SE_CRYPTO_CORE_SEL(CORE_DECRYPT) | SE_CRYPTO_XOR_POS(XOR_BOTTOM);
}
- SE(SE_BLOCK_COUNT_REG_OFFSET) = (src_size >> 4) - 1;
- return _se_execute_oneshot(OP_START, dst, dst_size, src, src_size);
+ SE(SE_CRYPTO_BLOCK_COUNT_REG) = (src_size >> 4) - 1;
+ return _se_execute_oneshot(SE_OP_START, dst, dst_size, src, src_size);
}
int se_aes_crypt_block_ecb(u32 ks, u32 enc, void *dst, const void *src)
{
- return se_aes_crypt_ecb(ks, enc, dst, 0x10, src, 0x10);
+ return se_aes_crypt_ecb(ks, enc, dst, SE_AES_BLOCK_SIZE, src, SE_AES_BLOCK_SIZE);
}
int se_aes_crypt_ctr(u32 ks, void *dst, u32 dst_size, const void *src, u32 src_size, void *ctr)
{
- SE(SE_SPARE_0_REG_OFFSET) = 1;
- SE(SE_CONFIG_REG_OFFSET) = SE_CONFIG_ENC_ALG(ALG_AES_ENC) | SE_CONFIG_DST(DST_MEMORY);
- SE(SE_CRYPTO_REG_OFFSET) = SE_CRYPTO_KEY_INDEX(ks) | SE_CRYPTO_CORE_SEL(CORE_ENCRYPT) |
- SE_CRYPTO_XOR_POS(XOR_BOTTOM) | SE_CRYPTO_INPUT_SEL(INPUT_LNR_CTR) | SE_CRYPTO_CTR_VAL(1);
+ SE(SE_SPARE_REG) = SE_ECO(SE_ERRATA_FIX_ENABLE);
+ SE(SE_CONFIG_REG) = SE_CONFIG_ENC_ALG(ALG_AES_ENC) | SE_CONFIG_DST(DST_MEMORY);
+ SE(SE_CRYPTO_CONFIG_REG) = SE_CRYPTO_KEY_INDEX(ks) | SE_CRYPTO_CORE_SEL(CORE_ENCRYPT) |
+ SE_CRYPTO_XOR_POS(XOR_BOTTOM) | SE_CRYPTO_INPUT_SEL(INPUT_LNR_CTR) | SE_CRYPTO_CTR_CNTN(1);
_se_aes_ctr_set(ctr);
u32 src_size_aligned = src_size & 0xFFFFFFF0;
@@ -309,13 +309,13 @@ int se_aes_crypt_ctr(u32 ks, void *dst, u32 dst_size, const void *src, u32 src_s
if (src_size_aligned)
{
- SE(SE_BLOCK_COUNT_REG_OFFSET) = (src_size >> 4) - 1;
- if (!_se_execute_oneshot(OP_START, dst, dst_size, src, src_size_aligned))
+ SE(SE_CRYPTO_BLOCK_COUNT_REG) = (src_size >> 4) - 1;
+ if (!_se_execute_oneshot(SE_OP_START, dst, dst_size, src, src_size_aligned))
return 0;
}
if (src_size - src_size_aligned && src_size_aligned < dst_size)
- return _se_execute_one_block(OP_START, dst + src_size_aligned,
+ return _se_execute_one_block(SE_OP_START, dst + src_size_aligned,
MIN(src_size_delta, dst_size - src_size_aligned),
src + src_size_aligned, src_size_delta);
@@ -325,11 +325,11 @@ int se_aes_crypt_ctr(u32 ks, void *dst, u32 dst_size, const void *src, u32 src_s
int se_aes_xts_crypt_sec(u32 ks1, u32 ks2, u32 enc, u64 sec, void *dst, void *src, u32 secsize)
{
int res = 0;
- u8 *tweak = (u8 *)malloc(0x10);
+ u8 *tweak = (u8 *)malloc(SE_AES_BLOCK_SIZE);
u8 *pdst = (u8 *)dst;
u8 *psrc = (u8 *)src;
- //Generate tweak.
+ // Generate tweak.
for (int i = 0xF; i >= 0; i--)
{
tweak[i] = sec & 0xFF;
@@ -338,18 +338,18 @@ int se_aes_xts_crypt_sec(u32 ks1, u32 ks2, u32 enc, u64 sec, void *dst, void *sr
if (!se_aes_crypt_block_ecb(ks1, 1, tweak, tweak))
goto out;
- //We are assuming a 0x10-aligned sector size in this implementation.
- for (u32 i = 0; i < secsize / 0x10; i++)
+ // We are assuming a 0x10-aligned sector size in this implementation.
+ for (u32 i = 0; i < secsize / SE_AES_BLOCK_SIZE; i++)
{
- for (u32 j = 0; j < 0x10; j++)
+ for (u32 j = 0; j < SE_AES_BLOCK_SIZE; j++)
pdst[j] = psrc[j] ^ tweak[j];
if (!se_aes_crypt_block_ecb(ks2, enc, pdst, pdst))
goto out;
- for (u32 j = 0; j < 0x10; j++)
+ for (u32 j = 0; j < SE_AES_BLOCK_SIZE; j++)
pdst[j] = pdst[j] ^ tweak[j];
_gf256_mul_x(tweak);
- psrc += 0x10;
- pdst += 0x10;
+ psrc += SE_AES_BLOCK_SIZE;
+ pdst += SE_AES_BLOCK_SIZE;
}
res = 1;
@@ -374,62 +374,62 @@ int se_aes_xts_crypt(u32 ks1, u32 ks2, u32 enc, u64 sec, void *dst, void *src, u
int se_calc_sha256(void *hash, u32 *msg_left, const void *src, u32 src_size, u64 total_size, u32 sha_cfg, bool is_oneshot)
{
int res;
- u32 hash32[TEGRA_SE_SHA_256_SIZE / 4];
+ u32 hash32[SE_SHA_256_SIZE / 4];
//! TODO: src_size must be 512 bit aligned if continuing and not last block for SHA256.
if (src_size > 0xFFFFFF || !hash) // Max 16MB - 1 chunks and aligned x4 hash buffer.
return 0;
// Setup config for SHA256.
- SE(SE_CONFIG_REG_OFFSET) = SE_CONFIG_ENC_MODE(MODE_SHA256) | SE_CONFIG_ENC_ALG(ALG_SHA) | SE_CONFIG_DST(DST_HASHREG);
- SE(SE_SHA_CONFIG_REG_OFFSET) = sha_cfg;
- SE(SE_BLOCK_COUNT_REG_OFFSET) = 0;
+ SE(SE_CONFIG_REG) = SE_CONFIG_ENC_MODE(MODE_SHA256) | SE_CONFIG_ENC_ALG(ALG_SHA) | SE_CONFIG_DST(DST_HASHREG);
+ SE(SE_SHA_CONFIG_REG) = sha_cfg;
+ SE(SE_CRYPTO_BLOCK_COUNT_REG) = 1 - 1;
// Set total size to current buffer size if empty.
if (!total_size)
total_size = src_size;
// Set total size: BITS(src_size), up to 2 EB.
- SE(SE_SHA_MSG_LENGTH_0_REG_OFFSET) = (u32)(total_size << 3);
- SE(SE_SHA_MSG_LENGTH_1_REG_OFFSET) = (u32)(total_size >> 29);
- SE(SE_SHA_MSG_LENGTH_2_REG_OFFSET) = 0;
- SE(SE_SHA_MSG_LENGTH_3_REG_OFFSET) = 0;
+ SE(SE_SHA_MSG_LENGTH_0_REG) = (u32)(total_size << 3);
+ SE(SE_SHA_MSG_LENGTH_1_REG) = (u32)(total_size >> 29);
+ SE(SE_SHA_MSG_LENGTH_2_REG) = 0;
+ SE(SE_SHA_MSG_LENGTH_3_REG) = 0;
// Set size left to hash.
- SE(SE_SHA_MSG_LEFT_0_REG_OFFSET) = (u32)(total_size << 3);
- SE(SE_SHA_MSG_LEFT_1_REG_OFFSET) = (u32)(total_size >> 29);
- SE(SE_SHA_MSG_LEFT_2_REG_OFFSET) = 0;
- SE(SE_SHA_MSG_LEFT_3_REG_OFFSET) = 0;
+ SE(SE_SHA_MSG_LEFT_0_REG) = (u32)(total_size << 3);
+ SE(SE_SHA_MSG_LEFT_1_REG) = (u32)(total_size >> 29);
+ SE(SE_SHA_MSG_LEFT_2_REG) = 0;
+ SE(SE_SHA_MSG_LEFT_3_REG) = 0;
// If we hash in chunks, copy over the intermediate.
if (sha_cfg == SHA_CONTINUE && msg_left)
{
// Restore message left to process.
- SE(SE_SHA_MSG_LEFT_0_REG_OFFSET) = msg_left[0];
- SE(SE_SHA_MSG_LEFT_1_REG_OFFSET) = msg_left[1];
+ SE(SE_SHA_MSG_LEFT_0_REG) = msg_left[0];
+ SE(SE_SHA_MSG_LEFT_1_REG) = msg_left[1];
// Restore hash reg.
- memcpy(hash32, hash, TEGRA_SE_SHA_256_SIZE);
- for (u32 i = 0; i < (TEGRA_SE_SHA_256_SIZE / 4); i++)
- SE(SE_HASH_RESULT_REG_OFFSET + (i << 2)) = byte_swap_32(hash32[i]);
+ memcpy(hash32, hash, SE_SHA_256_SIZE);
+ for (u32 i = 0; i < (SE_SHA_256_SIZE / 4); i++)
+ SE(SE_HASH_RESULT_REG + (i * 4)) = byte_swap_32(hash32[i]);
}
// Trigger the operation.
- res = _se_execute(OP_START, NULL, 0, src, src_size, is_oneshot);
+ res = _se_execute(SE_OP_START, NULL, 0, src, src_size, is_oneshot);
if (is_oneshot)
{
// Backup message left.
if (msg_left)
{
- msg_left[0] = SE(SE_SHA_MSG_LEFT_0_REG_OFFSET);
- msg_left[1] = SE(SE_SHA_MSG_LEFT_1_REG_OFFSET);
+ msg_left[0] = SE(SE_SHA_MSG_LEFT_0_REG);
+ msg_left[1] = SE(SE_SHA_MSG_LEFT_1_REG);
}
// Copy output hash.
- for (u32 i = 0; i < (TEGRA_SE_SHA_256_SIZE / 4); i++)
- hash32[i] = byte_swap_32(SE(SE_HASH_RESULT_REG_OFFSET + (i << 2)));
- memcpy(hash, hash32, TEGRA_SE_SHA_256_SIZE);
+ for (u32 i = 0; i < (SE_SHA_256_SIZE / 4); i++)
+ hash32[i] = byte_swap_32(SE(SE_HASH_RESULT_REG + (i * 4)));
+ memcpy(hash, hash32, SE_SHA_256_SIZE);
}
return res;
@@ -442,20 +442,20 @@ int se_calc_sha256_oneshot(void *hash, const void *src, u32 src_size)
int se_calc_sha256_finalize(void *hash, u32 *msg_left)
{
- u32 hash32[TEGRA_SE_SHA_256_SIZE / 4];
+ u32 hash32[SE_SHA_256_SIZE / 4];
int res = _se_execute_finalize();
// Backup message left.
if (msg_left)
{
- msg_left[0] = SE(SE_SHA_MSG_LEFT_0_REG_OFFSET);
- msg_left[1] = SE(SE_SHA_MSG_LEFT_1_REG_OFFSET);
+ msg_left[0] = SE(SE_SHA_MSG_LEFT_0_REG);
+ msg_left[1] = SE(SE_SHA_MSG_LEFT_1_REG);
}
// Copy output hash.
- for (u32 i = 0; i < (TEGRA_SE_SHA_256_SIZE / 4); i++)
- hash32[i] = byte_swap_32(SE(SE_HASH_RESULT_REG_OFFSET + (i << 2)));
- memcpy(hash, hash32, TEGRA_SE_SHA_256_SIZE);
+ for (u32 i = 0; i < (SE_SHA_256_SIZE / 4); i++)
+ hash32[i] = byte_swap_32(SE(SE_HASH_RESULT_REG + (i * 4)));
+ memcpy(hash, hash32, SE_SHA_256_SIZE);
return res;
}
@@ -463,18 +463,17 @@ int se_calc_sha256_finalize(void *hash, u32 *msg_left)
int se_gen_prng128(void *dst)
{
// Setup config for X931 PRNG.
- SE(SE_CONFIG_REG_OFFSET) = SE_CONFIG_ENC_MODE(MODE_KEY128) | SE_CONFIG_ENC_ALG(ALG_RNG) | SE_CONFIG_DST(DST_MEMORY);
- SE(SE_CRYPTO_REG_OFFSET) = SE_CRYPTO_HASH(HASH_DISABLE) | SE_CRYPTO_XOR_POS(XOR_BYPASS) | SE_CRYPTO_INPUT_SEL(INPUT_RANDOM);
+ SE(SE_CONFIG_REG) = SE_CONFIG_ENC_MODE(MODE_KEY128) | SE_CONFIG_ENC_ALG(ALG_RNG) | SE_CONFIG_DST(DST_MEMORY);
+ SE(SE_CRYPTO_CONFIG_REG) = SE_CRYPTO_HASH(HASH_DISABLE) | SE_CRYPTO_XOR_POS(XOR_BYPASS) | SE_CRYPTO_INPUT_SEL(INPUT_RANDOM);
+ SE(SE_RNG_CONFIG_REG) = SE_RNG_CONFIG_SRC(SRC_ENTROPY) | SE_RNG_CONFIG_MODE(MODE_NORMAL);
+ //SE(SE_RNG_SRC_CONFIG_REG) =
+ // SE_RNG_SRC_CONFIG_ENTR_SRC(RO_ENTR_ENABLE) | SE_RNG_SRC_CONFIG_ENTR_SRC_LOCK(RO_ENTR_LOCK_ENABLE);
+ SE(SE_RNG_RESEED_INTERVAL_REG) = 1;
- SE(SE_RNG_CONFIG_REG_OFFSET) = SE_RNG_CONFIG_SRC(RNG_SRC_ENTROPY) | SE_RNG_CONFIG_MODE(RNG_MODE_NORMAL);
- //SE(SE_RNG_SRC_CONFIG_REG_OFFSET) =
- // SE_RNG_SRC_CONFIG_ENT_SRC(RNG_SRC_RO_ENT_ENABLE) | SE_RNG_SRC_CONFIG_ENT_SRC_LOCK(RNG_SRC_RO_ENT_LOCK_ENABLE);
- SE(SE_RNG_RESEED_INTERVAL_REG_OFFSET) = 1;
-
- SE(SE_BLOCK_COUNT_REG_OFFSET) = (16 >> 4) - 1;
+ SE(SE_CRYPTO_BLOCK_COUNT_REG) = (16 >> 4) - 1;
// Trigger the operation.
- return _se_execute_oneshot(OP_START, dst, 16, NULL, 0);
+ return _se_execute_oneshot(SE_OP_START, dst, 16, NULL, 0);
}
void se_get_aes_keys(u8 *buf, u8 *keys, u32 keysize)
@@ -482,43 +481,43 @@ void se_get_aes_keys(u8 *buf, u8 *keys, u32 keysize)
u8 *aligned_buf = (u8 *)ALIGN((u32)buf, 0x40);
// Set Secure Random Key.
- SE(SE_CONFIG_REG_OFFSET) = SE_CONFIG_ENC_MODE(MODE_KEY128) | SE_CONFIG_ENC_ALG(ALG_RNG) | SE_CONFIG_DST(DST_SRK);
- SE(SE_CRYPTO_REG_OFFSET) = SE_CRYPTO_KEY_INDEX(0) | SE_CRYPTO_CORE_SEL(CORE_ENCRYPT) | SE_CRYPTO_INPUT_SEL(INPUT_RANDOM);
- SE(SE_RNG_CONFIG_REG_OFFSET) = SE_RNG_CONFIG_SRC(RNG_SRC_ENTROPY) | SE_RNG_CONFIG_MODE(RNG_MODE_FORCE_RESEED);
+ SE(SE_CONFIG_REG) = SE_CONFIG_ENC_MODE(MODE_KEY128) | SE_CONFIG_ENC_ALG(ALG_RNG) | SE_CONFIG_DST(DST_SRK);
+ SE(SE_CRYPTO_CONFIG_REG) = SE_CRYPTO_KEY_INDEX(0) | SE_CRYPTO_CORE_SEL(CORE_ENCRYPT) | SE_CRYPTO_INPUT_SEL(INPUT_RANDOM);
+ SE(SE_RNG_CONFIG_REG) = SE_RNG_CONFIG_SRC(SRC_ENTROPY) | SE_RNG_CONFIG_MODE(MODE_FORCE_RESEED);
SE(SE_CRYPTO_LAST_BLOCK) = 0;
- _se_execute_oneshot(OP_START, NULL, 0, NULL, 0);
+ _se_execute_oneshot(SE_OP_START, NULL, 0, NULL, 0);
// Save AES keys.
- SE(SE_CONFIG_REG_OFFSET) = SE_CONFIG_ENC_MODE(MODE_KEY128) | SE_CONFIG_ENC_ALG(ALG_AES_ENC) | SE_CONFIG_DST(DST_MEMORY);
+ SE(SE_CONFIG_REG) = SE_CONFIG_ENC_MODE(MODE_KEY128) | SE_CONFIG_ENC_ALG(ALG_AES_ENC) | SE_CONFIG_DST(DST_MEMORY);
- for (u32 i = 0; i < TEGRA_SE_KEYSLOT_COUNT; i++)
+ for (u32 i = 0; i < SE_AES_KEYSLOT_COUNT; i++)
{
- SE(SE_CONTEXT_SAVE_CONFIG_REG_OFFSET) = SE_CONTEXT_SAVE_SRC(AES_KEYTABLE) |
- (i << SE_KEY_INDEX_SHIFT) | SE_CONTEXT_SAVE_WORD_QUAD(KEYS_0_3);
+ SE(SE_CONTEXT_SAVE_CONFIG_REG) = SE_CONTEXT_SRC(AES_KEYTABLE) | SE_KEYTABLE_DST_KEY_INDEX(i) |
+ SE_CONTEXT_AES_KEY_INDEX(0) | SE_CONTEXT_AES_WORD_QUAD(KEYS_0_3);
SE(SE_CRYPTO_LAST_BLOCK) = 0;
- _se_execute_oneshot(OP_CTX_SAVE, aligned_buf, 0x10, NULL, 0);
- memcpy(keys + i * keysize, aligned_buf, 0x10);
+ _se_execute_oneshot(SE_OP_CTX_SAVE, aligned_buf, SE_AES_BLOCK_SIZE, NULL, 0);
+ memcpy(keys + i * keysize, aligned_buf, SE_AES_BLOCK_SIZE);
- if (keysize > 0x10)
+ if (keysize > SE_KEY_128_SIZE)
{
- SE(SE_CONTEXT_SAVE_CONFIG_REG_OFFSET) = SE_CONTEXT_SAVE_SRC(AES_KEYTABLE) |
- (i << SE_KEY_INDEX_SHIFT) | SE_CONTEXT_SAVE_WORD_QUAD(KEYS_4_7);
+ SE(SE_CONTEXT_SAVE_CONFIG_REG) = SE_CONTEXT_SRC(AES_KEYTABLE) | SE_KEYTABLE_DST_KEY_INDEX(i) |
+ SE_CONTEXT_AES_KEY_INDEX(0) | SE_CONTEXT_AES_WORD_QUAD(KEYS_4_7);
SE(SE_CRYPTO_LAST_BLOCK) = 0;
- _se_execute_oneshot(OP_CTX_SAVE, aligned_buf, 0x10, NULL, 0);
- memcpy(keys + i * keysize + 0x10, aligned_buf, 0x10);
+ _se_execute_oneshot(SE_OP_CTX_SAVE, aligned_buf, SE_AES_BLOCK_SIZE, NULL, 0);
+ memcpy(keys + i * keysize + SE_AES_BLOCK_SIZE, aligned_buf, SE_AES_BLOCK_SIZE);
}
}
// Save SRK to PMC secure scratches.
- SE(SE_CONTEXT_SAVE_CONFIG_REG_OFFSET) = SE_CONTEXT_SAVE_SRC(SRK);
- SE(SE_CRYPTO_LAST_BLOCK) = 0;
- _se_execute_oneshot(OP_CTX_SAVE, NULL, 0, NULL, 0);
+ SE(SE_CONTEXT_SAVE_CONFIG_REG) = SE_CONTEXT_SRC(SRK);
+ SE(SE_CRYPTO_LAST_BLOCK) = 0;
+ _se_execute_oneshot(SE_OP_CTX_SAVE, NULL, 0, NULL, 0);
// End context save.
- SE(SE_CONFIG_REG_OFFSET) = 0;
- _se_execute_oneshot(OP_CTX_SAVE, NULL, 0, NULL, 0);
+ SE(SE_CONFIG_REG) = 0;
+ _se_execute_oneshot(SE_OP_CTX_SAVE, NULL, 0, NULL, 0);
// Get SRK.
u32 srk[4];
@@ -529,7 +528,7 @@ void se_get_aes_keys(u8 *buf, u8 *keys, u32 keysize)
// Decrypt context.
se_aes_key_clear(3);
- se_aes_key_set(3, srk, 0x10);
- se_aes_crypt_cbc(3, 0, keys, TEGRA_SE_KEYSLOT_COUNT * keysize, keys, TEGRA_SE_KEYSLOT_COUNT * keysize);
+ se_aes_key_set(3, srk, SE_KEY_128_SIZE);
+ se_aes_crypt_cbc(3, 0, keys, SE_AES_KEYSLOT_COUNT * keysize, keys, SE_AES_KEYSLOT_COUNT * keysize);
se_aes_key_clear(3);
}
diff --git a/bdk/sec/se.h b/bdk/sec/se.h
index 4d3a92c..3dd8df3 100644
--- a/bdk/sec/se.h
+++ b/bdk/sec/se.h
@@ -1,18 +1,19 @@
/*
-* Copyright (c) 2018 naehrwert
-*
-* This program is free software; you can redistribute it and/or modify it
-* under the terms and conditions of the GNU General Public License,
-* version 2, as published by the Free Software Foundation.
-*
-* This program is distributed in the hope it will be useful, but WITHOUT
-* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
-* more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with this program. If not, see .
-*/
+ * Copyright (c) 2018 naehrwert
+ * Copyright (c) 2019-2021 CTCaer
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
#ifndef _SE_H_
#define _SE_H_
@@ -28,14 +29,14 @@ void se_aes_iv_set(u32 ks, void *iv);
void se_aes_key_get(u32 ks, void *key, u32 size);
void se_aes_key_clear(u32 ks);
void se_aes_iv_clear(u32 ks);
-int se_aes_unwrap_key(u32 ks_dst, u32 ks_src, const void *input);
-int se_aes_crypt_cbc(u32 ks, u32 enc, void *dst, u32 dst_size, const void *src, u32 src_size);
-int se_aes_crypt_ecb(u32 ks, u32 enc, void *dst, u32 dst_size, const void *src, u32 src_size);
-int se_aes_crypt_block_ecb(u32 ks, u32 enc, void *dst, const void *src);
-int se_aes_crypt_ctr(u32 ks, void *dst, u32 dst_size, const void *src, u32 src_size, void *ctr);
-int se_calc_sha256(void *hash, u32 *msg_left, const void *src, u32 src_size, u64 total_size, u32 sha_cfg, bool is_oneshot);
-int se_calc_sha256_oneshot(void *hash, const void *src, u32 src_size);
-int se_calc_sha256_finalize(void *hash, u32 *msg_left);
-int se_gen_prng128(void *dst);
+int se_aes_unwrap_key(u32 ks_dst, u32 ks_src, const void *input);
+int se_aes_crypt_cbc(u32 ks, u32 enc, void *dst, u32 dst_size, const void *src, u32 src_size);
+int se_aes_crypt_ecb(u32 ks, u32 enc, void *dst, u32 dst_size, const void *src, u32 src_size);
+int se_aes_crypt_block_ecb(u32 ks, u32 enc, void *dst, const void *src);
+int se_aes_crypt_ctr(u32 ks, void *dst, u32 dst_size, const void *src, u32 src_size, void *ctr);
+int se_calc_sha256(void *hash, u32 *msg_left, const void *src, u32 src_size, u64 total_size, u32 sha_cfg, bool is_oneshot);
+int se_calc_sha256_oneshot(void *hash, const void *src, u32 src_size);
+int se_calc_sha256_finalize(void *hash, u32 *msg_left);
+int se_gen_prng128(void *dst);
#endif
diff --git a/bdk/sec/se_t210.h b/bdk/sec/se_t210.h
index 6fbf1b0..0233e1d 100644
--- a/bdk/sec/se_t210.h
+++ b/bdk/sec/se_t210.h
@@ -1,400 +1,323 @@
/*
-* Driver for Tegra Security Engine
-*
-* Copyright (c) 2011-2013, NVIDIA Corporation. All Rights Reserved.
-*
-* This program is free software; you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation; either version 2 of the License, or
-* (at your option) any later version.
-*
-* This program is distributed in the hope that it will be useful, but WITHOUT
-* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
-* more details.
-*
-* You should have received a copy of the GNU General Public License along
-* with this program; if not, write to the Free Software Foundation, Inc.,
-* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-*/
+ * Copyright (c) 2018 naehrwert
+ * Copyright (c) 2018-2021 CTCaer
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
-#ifndef _CRYPTO_TEGRA_SE_H
-#define _CRYPTO_TEGRA_SE_H
+#ifndef _SE_T210_H
+#define _SE_T210_H
#include
-#define TEGRA_SE_CRA_PRIORITY 300
-#define TEGRA_SE_COMPOSITE_PRIORITY 400
-#define TEGRA_SE_CRYPTO_QUEUE_LENGTH 50
-#define SE_MAX_SRC_SG_COUNT 50
-#define SE_MAX_DST_SG_COUNT 50
+#define SE_CRYPTO_QUEUE_LENGTH 50
+#define SE_MAX_SRC_SG_COUNT 50
+#define SE_MAX_DST_SG_COUNT 50
-#define TEGRA_SE_KEYSLOT_COUNT 16
-#define SE_MAX_LAST_BLOCK_SIZE 0xFFFFF
+#define SE_AES_KEYSLOT_COUNT 16
+#define SE_RSA_KEYSLOT_COUNT 2
+#define SE_MAX_LAST_BLOCK_SIZE 0xFFFFF
+
+#define SE_AES_BLOCK_SIZE 16
+#define SE_AES_IV_SIZE 16
+#define SE_AES_MIN_KEY_SIZE 16
+#define SE_AES_MAX_KEY_SIZE 32
+#define SE_KEY_128_SIZE 16
+#define SE_KEY_192_SIZE 24
+#define SE_KEY_256_SIZE 32
+#define SE_SHA_192_SIZE 24
+#define SE_SHA_256_SIZE 32
+#define SE_SHA_384_SIZE 48
+#define SE_SHA_512_SIZE 64
+#define SE_RNG_IV_SIZE 16
+#define SE_RNG_DT_SIZE 16
+#define SE_RNG_KEY_SIZE 16
+#define SE_RNG_SEED_SIZE (SE_RNG_IV_SIZE + SE_RNG_KEY_SIZE + SE_RNG_DT_SIZE)
+
+#define SE_AES_CMAC_DIGEST_SIZE 16
+#define SE_RSA512_DIGEST_SIZE 64
+#define SE_RSA1024_DIGEST_SIZE 128
+#define SE_RSA1536_DIGEST_SIZE 192
+#define SE_RSA2048_DIGEST_SIZE 256
/* SE register definitions */
-#define SE_SECURITY_0 0x000
-#define SE_KEY_SCHED_READ_SHIFT 3
+#define SE_SE_SECURITY_REG 0x000
+#define SE_HARD_SETTING BIT(0)
+#define SE_ENG_DIS BIT(1)
+#define SE_PERKEY_SETTING BIT(2)
+#define SE_SOFT_SETTING BIT(16)
-#define SE_TZRAM_SECURITY_0 0x004
+#define SE_TZRAM_SECURITY_REG 0x004
+#define SE_TZRAM_HARD_SETTING BIT(0)
+#define SE_TZRAM_ENG_DIS BIT(1)
-#define SE_CONFIG_REG_OFFSET 0x014
-#define SE_CONFIG_ENC_ALG_SHIFT 12
-#define SE_CONFIG_DEC_ALG_SHIFT 8
-#define ALG_AES_ENC 1
-#define ALG_RNG 2
-#define ALG_SHA 3
-#define ALG_RSA 4
-#define ALG_NOP 0
-#define ALG_AES_DEC 1
-#define SE_CONFIG_ENC_ALG(x) ((x) << SE_CONFIG_ENC_ALG_SHIFT)
-#define SE_CONFIG_DEC_ALG(x) ((x) << SE_CONFIG_DEC_ALG_SHIFT)
-#define SE_CONFIG_DST_SHIFT 2
-#define DST_MEMORY 0
-#define DST_HASHREG 1
-#define DST_KEYTAB 2
-#define DST_SRK 3
-#define DST_RSAREG 4
-#define SE_CONFIG_DST(x) ((x) << SE_CONFIG_DST_SHIFT)
-#define SE_CONFIG_ENC_MODE_SHIFT 24
-#define SE_CONFIG_DEC_MODE_SHIFT 16
-#define MODE_KEY128 0
-#define MODE_KEY192 1
-#define MODE_KEY256 2
-#define MODE_SHA1 0
-#define MODE_SHA224 4
-#define MODE_SHA256 5
-#define MODE_SHA384 6
-#define MODE_SHA512 7
-#define SE_CONFIG_ENC_MODE(x) ((x) << SE_CONFIG_ENC_MODE_SHIFT)
-#define SE_CONFIG_DEC_MODE(x) ((x) << SE_CONFIG_DEC_MODE_SHIFT)
+#define SE_OPERATION_REG 0x008
+#define SE_OP_ABORT 0
+#define SE_OP_START 1
+#define SE_OP_RESTART_OUT 2
+#define SE_OP_CTX_SAVE 3
+#define SE_OP_RESTART_IN 4
-#define SE_RNG_CONFIG_REG_OFFSET 0x340
-#define RNG_MODE_SHIFT 0
-#define RNG_MODE_NORMAL 0
-#define RNG_MODE_FORCE_INSTANTION 1
-#define RNG_MODE_FORCE_RESEED 2
-#define SE_RNG_CONFIG_MODE(x) ((x) << RNG_MODE_SHIFT)
-#define RNG_SRC_SHIFT 2
-#define RNG_SRC_NONE 0
-#define RNG_SRC_ENTROPY 1
-#define RNG_SRC_LFSR 2
-#define SE_RNG_CONFIG_SRC(x) ((x) << RNG_SRC_SHIFT)
+#define SE_INT_ENABLE_REG 0x00C
+#define SE_INT_STATUS_REG 0x010
+#define SE_INT_IN_LL_BUF_RD BIT(0)
+#define SE_INT_IN_DONE BIT(1)
+#define SE_INT_OUT_LL_BUF_WR BIT(2)
+#define SE_INT_OUT_DONE BIT(3)
+#define SE_INT_OP_DONE BIT(4)
+#define SE_INT_RESEED_NEEDED BIT(5)
+#define SE_INT_ERR_STAT BIT(16)
-#define SE_RNG_SRC_CONFIG_REG_OFFSET 0x344
-#define RNG_SRC_RO_ENT_SHIFT 1
-#define RNG_SRC_RO_ENT_ENABLE 1
-#define RNG_SRC_RO_ENT_DISABLE 0
-#define SE_RNG_SRC_CONFIG_ENT_SRC(x) ((x) << RNG_SRC_RO_ENT_SHIFT)
-#define RNG_SRC_RO_ENT_LOCK_SHIFT 0
-#define RNG_SRC_RO_ENT_LOCK_ENABLE 1
-#define RNG_SRC_RO_ENT_LOCK_DISABLE 0
-#define SE_RNG_SRC_CONFIG_ENT_SRC_LOCK(x) ((x) << RNG_SRC_RO_ENT_LOCK_SHIFT)
+#define SE_CONFIG_REG 0x014
+#define DST_MEMORY 0
+#define DST_HASHREG 1
+#define DST_KEYTABLE 2
+#define DST_SRK 3
+#define DST_RSAREG 4
+#define SE_CONFIG_DST(x) ((x) << 2)
+#define ALG_NOP 0
+#define ALG_AES_DEC 1
+#define SE_CONFIG_DEC_ALG(x) ((x) << 8)
+#define ALG_NOP 0
+#define ALG_AES_ENC 1
+#define ALG_RNG 2
+#define ALG_SHA 3
+#define ALG_RSA 4
+#define SE_CONFIG_ENC_ALG(x) ((x) << 12)
+#define MODE_KEY128 0
+#define MODE_KEY192 1
+#define MODE_KEY256 2
+#define MODE_SHA1 0
+#define MODE_SHA224 4
+#define MODE_SHA256 5
+#define MODE_SHA384 6
+#define MODE_SHA512 7
+#define SE_CONFIG_DEC_MODE(x) ((x) << 16)
+#define SE_CONFIG_ENC_MODE(x) ((x) << 24)
-#define SE_RNG_RESEED_INTERVAL_REG_OFFSET 0x348
+#define SE_IN_LL_ADDR_REG 0x018
+#define SE_IN_CUR_BYTE_ADDR_REG 0x01C
+#define SE_IN_CUR_LL_ID_REG 0x020
+#define SE_OUT_LL_ADDR_REG 0x024
+#define SE_OUT_CUR_BYTE_ADDR_REG 0x028
+#define SE_OUT_CUR_LL_ID_REG 0x02C
-#define SE_KEYTABLE_REG_OFFSET 0x31c
-#define SE_KEYTABLE_SLOT_SHIFT 4
-#define SE_KEYTABLE_SLOT(x) ((x) << SE_KEYTABLE_SLOT_SHIFT)
-#define SE_KEYTABLE_QUAD_SHIFT 2
-#define QUAD_KEYS_128 0
-#define QUAD_KEYS_192 1
-#define QUAD_KEYS_256 1
-#define QUAD_ORG_IV 2
-#define QUAD_UPDTD_IV 3
-#define SE_KEYTABLE_QUAD(x) ((x) << SE_KEYTABLE_QUAD_SHIFT)
-#define SE_KEYTABLE_OP_TYPE_SHIFT 9
-#define OP_READ 0
-#define OP_WRITE 1
-#define SE_KEYTABLE_OP_TYPE(x) ((x) << SE_KEYTABLE_OP_TYPE_SHIFT)
-#define SE_KEYTABLE_TABLE_SEL_SHIFT 8
-#define TABLE_KEYIV 0
-#define TABLE_SCHEDULE 1
-#define SE_KEYTABLE_TABLE_SEL(x) ((x) << SE_KEYTABLE_TABLE_SEL_SHIFT)
-#define SE_KEYTABLE_PKT_SHIFT 0
-#define SE_KEYTABLE_PKT(x) ((x) << SE_KEYTABLE_PKT_SHIFT)
+#define SE_HASH_RESULT_REG 0x030
+#define SE_HASH_RESULT_REG_COUNT 16
-#define SE_OP_DONE_SHIFT 4
-#define OP_DONE 1
-#define SE_OP_DONE(x, y) ((x) && ((y) << SE_OP_DONE_SHIFT))
+#define SE_CONTEXT_SAVE_CONFIG_REG 0x070
+#define KEYS_0_3 0
+#define KEYS_4_7 1
+#define ORIGINAL_IV 2
+#define UPDATED_IV 3
+#define SE_CONTEXT_AES_WORD_QUAD(x) ((x) << 0)
+#define SE_CONTEXT_AES_KEY_INDEX(x) ((x) << 8)
+#define KEYS_0_3 0
+#define KEYS_4_7 1
+#define KEYS_8_11 2
+#define KEYS_12_15 3
+#define SE_CONTEXT_RSA_WORD_QUAD(x) ((x) << 12)
+#define SLOT0_EXPONENT 0
+#define SLOT0_MODULUS 1
+#define SLOT1_EXPONENT 2
+#define SLOT1_MODULUS 3
+#define SE_CONTEXT_RSA_KEY_INDEX(x) ((x) << 16)
+#define STICKY_0_3 0
+#define STICKY_4_7 1
+#define SE_CONTEXT_STICKY_WORD_QUAD(x) ((x) << 24)
+#define STICKY_BITS 0
+#define RSA_KEYTABLE 1
+#define AES_KEYTABLE 2
+#define MEM 4
+#define SRK 6
+#define SE_CONTEXT_SRC(x) ((x) << 29)
-#define SE_CRYPTO_LAST_BLOCK 0x080
+#define SE_CTX_SAVE_AUTO_T210B01_REG 0x074
+#define SE_CTX_SAVE_AUTO_ENABLE BIT(0)
+#define SE_CTX_SAVE_AUTO_LOCK BIT(8)
+#define SE_CTX_SAVE_AUTO_CURR_CNT_MASK (0x3FF << 16)
-#define SE_CRYPTO_REG_OFFSET 0x304
-#define SE_CRYPTO_HASH_SHIFT 0
-#define HASH_DISABLE 0
-#define HASH_ENABLE 1
-#define SE_CRYPTO_HASH(x) ((x) << SE_CRYPTO_HASH_SHIFT)
-#define SE_CRYPTO_XOR_POS_SHIFT 1
-#define XOR_BYPASS 0
-#define XOR_TOP 2
-#define XOR_BOTTOM 3
-#define SE_CRYPTO_XOR_POS(x) ((x) << SE_CRYPTO_XOR_POS_SHIFT)
-#define SE_CRYPTO_INPUT_SEL_SHIFT 3
-#define INPUT_AHB 0
-#define INPUT_RANDOM 1
-#define INPUT_AESOUT 2
-#define INPUT_LNR_CTR 3
-#define SE_CRYPTO_INPUT_SEL(x) ((x) << SE_CRYPTO_INPUT_SEL_SHIFT)
-#define SE_CRYPTO_VCTRAM_SEL_SHIFT 5
-#define VCTRAM_AHB 0
-#define VCTRAM_AESOUT 2
-#define VCTRAM_PREVAHB 3
-#define SE_CRYPTO_VCTRAM_SEL(x) ((x) << SE_CRYPTO_VCTRAM_SEL_SHIFT)
-#define SE_CRYPTO_IV_SEL_SHIFT 7
-#define IV_ORIGINAL 0
-#define IV_UPDATED 1
-#define SE_CRYPTO_IV_SEL(x) ((x) << SE_CRYPTO_IV_SEL_SHIFT)
-#define SE_CRYPTO_CORE_SEL_SHIFT 8
-#define CORE_DECRYPT 0
-#define CORE_ENCRYPT 1
-#define SE_CRYPTO_CORE_SEL(x) ((x) << SE_CRYPTO_CORE_SEL_SHIFT)
-#define SE_CRYPTO_CTR_VAL_SHIFT 11
-#define SE_CRYPTO_CTR_VAL(x) ((x) << SE_CRYPTO_CTR_VAL_SHIFT)
-#define SE_CRYPTO_KEY_INDEX_SHIFT 24
-#define SE_CRYPTO_KEY_INDEX(x) ((x) << SE_CRYPTO_KEY_INDEX_SHIFT)
-#define SE_CRYPTO_CTR_CNTN_SHIFT 11
-#define SE_CRYPTO_CTR_CNTN(x) ((x) << SE_CRYPTO_CTR_CNTN_SHIFT)
+#define SE_CRYPTO_LAST_BLOCK 0x080
-#define SE_CRYPTO_CTR_REG_COUNT 4
-#define SE_CRYPTO_CTR_REG_OFFSET 0x308
-
-#define SE_OPERATION_REG_OFFSET 0x008
-#define SE_OPERATION_SHIFT 0
-#define OP_ABORT 0
-#define OP_START 1
-#define OP_RESTART 2
-#define OP_CTX_SAVE 3
-#define OP_RESTART_IN 4
-#define SE_OPERATION(x) ((x) << SE_OPERATION_SHIFT)
-
-#define SE_CONTEXT_SAVE_CONFIG_REG_OFFSET 0x070
-#define SE_CONTEXT_SAVE_WORD_QUAD_SHIFT 0
-#define KEYS_0_3 0
-#define KEYS_4_7 1
-#define ORIG_IV 2
-#define UPD_IV 3
-#define SE_CONTEXT_SAVE_WORD_QUAD(x) ((x) << SE_CONTEXT_SAVE_WORD_QUAD_SHIFT)
-
-#define SE_CONTEXT_SAVE_KEY_INDEX_SHIFT 8
-#define SE_CONTEXT_SAVE_KEY_INDEX(x) ((x) << SE_CONTEXT_SAVE_KEY_INDEX_SHIFT)
-
-#define SE_CONTEXT_SAVE_STICKY_WORD_QUAD_SHIFT 24
-#define STICKY_0_3 0
-#define STICKY_4_7 1
-#define SE_CONTEXT_SAVE_STICKY_WORD_QUAD(x) \
- ((x) << SE_CONTEXT_SAVE_STICKY_WORD_QUAD_SHIFT)
-
-#define SE_CONTEXT_SAVE_SRC_SHIFT 29
-#define STICKY_BITS 0
-#define KEYTABLE 2
-#define MEM 4
-#define SRK 6
-
-#define RSA_KEYTABLE 1
-#define AES_KEYTABLE 2
-#define SE_CONTEXT_SAVE_SRC(x) ((x) << SE_CONTEXT_SAVE_SRC_SHIFT)
-
-#define SE_CONTEXT_SAVE_RSA_KEY_INDEX_SHIFT 16
-#define SE_CONTEXT_SAVE_RSA_KEY_INDEX(x) \
- ((x) << SE_CONTEXT_SAVE_RSA_KEY_INDEX_SHIFT)
-
-#define SE_CONTEXT_RSA_WORD_QUAD_SHIFT 12
-#define SE_CONTEXT_RSA_WORD_QUAD(x) \
- ((x) << SE_CONTEXT_RSA_WORD_QUAD_SHIFT)
-
-#define SE_CTX_SAVE_AUTO 0x074
-#define CTX_SAVE_AUTO_ENABLE BIT(0)
-#define CTX_SAVE_AUTO_LOCK BIT(8)
-#define CTX_SAVE_AUTO_CURR_CNT_MASK (0x3FF << 16)
-
-#define SE_INT_ENABLE_REG_OFFSET 0x00c
-#define SE_INT_STATUS_REG_OFFSET 0x010
-#define INT_DISABLE 0
-#define INT_ENABLE 1
-#define INT_UNSET 0
-#define INT_SET 1
-#define SE_INT_OP_DONE_SHIFT 4
-#define SE_INT_OP_DONE(x) ((x) << SE_INT_OP_DONE_SHIFT)
-#define SE_INT_ERROR_SHIFT 16
-#define SE_INT_ERROR(x) ((x) << SE_INT_ERROR_SHIFT)
-
-#define SE_STATUS_0 0x800
-#define SE_STATUS_0_STATE_WAIT_IN 3
-
-#define SE_ERR_STATUS_0 0x804
-#define SE_ERR_STATUS_0_SE_NS_ACCESS_CLEAR 0
-
-#define SE_CRYPTO_KEYTABLE_DST_REG_OFFSET 0X330
-#define SE_CRYPTO_KEYTABLE_DST_WORD_QUAD_SHIFT 0
-#define SE_CRYPTO_KEYTABLE_DST_WORD_QUAD(x) \
- ((x) << SE_CRYPTO_KEYTABLE_DST_WORD_QUAD_SHIFT)
-
-#define SE_KEY_INDEX_SHIFT 8
-#define SE_CRYPTO_KEYTABLE_DST_KEY_INDEX(x) ((x) << SE_KEY_INDEX_SHIFT)
-
-#define SE_IN_LL_ADDR_REG_OFFSET 0x018
-#define SE_OUT_LL_ADDR_REG_OFFSET 0x024
-
-#define SE_KEYTABLE_DATA0_REG_OFFSET 0x320
-#define SE_KEYTABLE_REG_MAX_DATA 16
-
-#define SE_BLOCK_COUNT_REG_OFFSET 0x318
-
-#define SE_SPARE_0_REG_OFFSET 0x80c
-
-#define SE_SHA_CONFIG_REG_OFFSET 0x200
+#define SE_SHA_CONFIG_REG 0x200
#define SHA_CONTINUE 0
#define SHA_INIT_HASH 1
-#define SE_SHA_MSG_LENGTH_0_REG_OFFSET 0x204
-#define SE_SHA_MSG_LENGTH_1_REG_OFFSET 0x208
-#define SE_SHA_MSG_LENGTH_2_REG_OFFSET 0x20C
-#define SE_SHA_MSG_LENGTH_3_REG_OFFSET 0x210
-#define SE_SHA_MSG_LEFT_0_REG_OFFSET 0x214
-#define SE_SHA_MSG_LEFT_1_REG_OFFSET 0x218
-#define SE_SHA_MSG_LEFT_2_REG_OFFSET 0x21C
-#define SE_SHA_MSG_LEFT_3_REG_OFFSET 0x220
+#define SE_SHA_MSG_LENGTH_0_REG 0x204
+#define SE_SHA_MSG_LENGTH_1_REG 0x208
+#define SE_SHA_MSG_LENGTH_2_REG 0x20C
+#define SE_SHA_MSG_LENGTH_3_REG 0x210
+#define SE_SHA_MSG_LEFT_0_REG 0x214
+#define SE_SHA_MSG_LEFT_1_REG 0x218
+#define SE_SHA_MSG_LEFT_2_REG 0x21C
+#define SE_SHA_MSG_LEFT_3_REG 0x220
-#define SE_HASH_RESULT_REG_COUNT 16
-#define SE_HASH_RESULT_REG_OFFSET 0x030
-#define TEGRA_SE_KEY_256_SIZE 32
-#define TEGRA_SE_KEY_192_SIZE 24
-#define TEGRA_SE_KEY_128_SIZE 16
-#define TEGRA_SE_AES_BLOCK_SIZE 16
-#define TEGRA_SE_AES_MIN_KEY_SIZE 16
-#define TEGRA_SE_AES_MAX_KEY_SIZE 32
-#define TEGRA_SE_AES_IV_SIZE 16
-#define TEGRA_SE_SHA_512_SIZE 64
-#define TEGRA_SE_SHA_384_SIZE 48
-#define TEGRA_SE_SHA_256_SIZE 32
-#define TEGRA_SE_SHA_192_SIZE 24
-#define TEGRA_SE_RNG_IV_SIZE 16
-#define TEGRA_SE_RNG_DT_SIZE 16
-#define TEGRA_SE_RNG_KEY_SIZE 16
-#define TEGRA_SE_RNG_SEED_SIZE (TEGRA_SE_RNG_IV_SIZE + \
- TEGRA_SE_RNG_KEY_SIZE + \
- TEGRA_SE_RNG_DT_SIZE)
+#define SE_CRYPTO_SECURITY_PERKEY_REG 0x280
+#define SE_KEY_LOCK_FLAG 0x80
+#define SE_CRYPTO_KEYTABLE_ACCESS_REG 0x284
+#define SE_CRYPTO_KEYTABLE_ACCESS_REG_COUNT 16
+#define SE_KEY_TBL_DIS_KEYREAD_FLAG BIT(0)
+#define SE_KEY_TBL_DIS_KEYUPDATE_FLAG BIT(1)
+#define SE_KEY_TBL_DIS_OIVREAD_FLAG BIT(2)
+#define SE_KEY_TBL_DIS_OIVUPDATE_FLAG BIT(3)
+#define SE_KEY_TBL_DIS_UIVREAD_FLAG BIT(4)
+#define SE_KEY_TBL_DIS_UIVUPDATE_FLAG BIT(5)
+#define SE_KEY_TBL_DIS_KEYUSE_FLAG BIT(6)
+#define SE_KEY_TBL_DIS_KEY_ACCESS_FLAG 0x7F
-#define TEGRA_SE_AES_CMAC_DIGEST_SIZE 16
-#define TEGRA_SE_RSA512_DIGEST_SIZE 64
-#define TEGRA_SE_RSA1024_DIGEST_SIZE 128
-#define TEGRA_SE_RSA1536_DIGEST_SIZE 192
-#define TEGRA_SE_RSA2048_DIGEST_SIZE 256
+#define SE_CRYPTO_CONFIG_REG 0x304
+#define HASH_DISABLE 0
+#define HASH_ENABLE 1
+#define SE_CRYPTO_HASH(x) ((x) << 0)
+#define XOR_BYPASS 0
+#define XOR_TOP 2
+#define XOR_BOTTOM 3
+#define SE_CRYPTO_XOR_POS(x) ((x) << 1)
+#define INPUT_MEMORY 0
+#define INPUT_RANDOM 1
+#define INPUT_AESOUT 2
+#define INPUT_LNR_CTR 3
+#define SE_CRYPTO_INPUT_SEL(x) ((x) << 3)
+#define VCTRAM_MEM 0
+#define VCTRAM_AESOUT 2
+#define VCTRAM_PREVMEM 3
+#define SE_CRYPTO_VCTRAM_SEL(x) ((x) << 5)
+#define IV_ORIGINAL 0
+#define IV_UPDATED 1
+#define SE_CRYPTO_IV_SEL(x) ((x) << 7)
+#define CORE_DECRYPT 0
+#define CORE_ENCRYPT 1
+#define SE_CRYPTO_CORE_SEL(x) ((x) << 8)
+#define SE_CRYPTO_KEYSCH_BYPASS BIT(10)
+#define SE_CRYPTO_CTR_CNTN(x) ((x) << 11)
+#define SE_CRYPTO_KEY_INDEX(x) ((x) << 24)
+#define MEMIF_AHB 0
+#define MEMIF_MCCIF 1
+#define SE_CRYPTO_MEMIF(x) ((x) << 31)
-#define SE_KEY_TABLE_ACCESS_LOCK_OFFSET 0x280
-#define SE_KEY_TBL_DIS_KEY_LOCK_FLAG 0x80
+#define SE_CRYPTO_LINEAR_CTR_REG 0x308
+#define SE_CRYPTO_LINEAR_CTR_REG_COUNT 4
-#define SE_KEY_TABLE_ACCESS_REG_OFFSET 0x284
-#define SE_KEY_TBL_DIS_KEYREAD_FLAG BIT(0)
-#define SE_KEY_TBL_DIS_KEYUPDATE_FLAG BIT(1)
-#define SE_KEY_TBL_DIS_OIVREAD_FLAG BIT(2)
-#define SE_KEY_TBL_DIS_OIVUPDATE_FLAG BIT(3)
-#define SE_KEY_TBL_DIS_UIVREAD_FLAG BIT(4)
-#define SE_KEY_TBL_DIS_UIVUPDATE_FLAG BIT(5)
-#define SE_KEY_TBL_DIS_KEYUSE_FLAG BIT(6)
-#define SE_KEY_TBL_DIS_KEY_ACCESS_FLAG 0x7F
+#define SE_CRYPTO_BLOCK_COUNT_REG 0x318
-#define SE_KEY_READ_DISABLE_SHIFT 0
-#define SE_KEY_UPDATE_DISABLE_SHIFT 1
+#define SE_CRYPTO_KEYTABLE_ADDR_REG 0x31C
+#define SE_KEYTABLE_PKT(x) ((x) << 0)
+#define KEYS_0_3 0
+#define KEYS_4_7 1
+#define ORIGINAL_IV 2
+#define UPDATED_IV 3
+#define SE_KEYTABLE_QUAD(x) ((x) << 2)
+#define SE_KEYTABLE_SLOT(x) ((x) << 4)
-#define SE_CONTEXT_BUFER_SIZE 1072
-#define SE_CONTEXT_DRBG_BUFER_SIZE 2112
+#define SE_CRYPTO_KEYTABLE_DATA_REG 0x320
-#define SE_CONTEXT_SAVE_RANDOM_DATA_OFFSET 0
-#define SE_CONTEXT_SAVE_RANDOM_DATA_SIZE 16
-#define SE_CONTEXT_SAVE_STICKY_BITS_OFFSET \
- (SE_CONTEXT_SAVE_RANDOM_DATA_OFFSET + SE_CONTEXT_SAVE_RANDOM_DATA_SIZE)
-#define SE_CONTEXT_SAVE_STICKY_BITS_SIZE 16
+#define SE_CRYPTO_KEYTABLE_DST_REG 0x330
+#define KEYS_0_3 0
+#define KEYS_4_7 1
+#define ORIGINAL_IV 2
+#define UPDATED_IV 3
+#define SE_KEYTABLE_DST_WORD_QUAD(x) ((x) << 0)
+#define SE_KEYTABLE_DST_KEY_INDEX(x) ((x) << 8)
-#define SE_CONTEXT_SAVE_KEYS_OFFSET (SE_CONTEXT_SAVE_STICKY_BITS_OFFSET + \
- SE_CONTEXT_SAVE_STICKY_BITS_SIZE)
-#define SE11_CONTEXT_SAVE_KEYS_OFFSET (SE_CONTEXT_SAVE_STICKY_BITS_OFFSET + \
- SE_CONTEXT_SAVE_STICKY_BITS_SIZE + \
- SE_CONTEXT_SAVE_STICKY_BITS_SIZE)
+#define SE_RNG_CONFIG_REG 0x340
+#define MODE_NORMAL 0
+#define MODE_FORCE_INSTANTION 1
+#define MODE_FORCE_RESEED 2
+#define SE_RNG_CONFIG_MODE(x) ((x) << 0)
+#define SRC_NONE 0
+#define SRC_ENTROPY 1
+#define SRC_LFSR 2
+#define SE_RNG_CONFIG_SRC(x) ((x) << 2)
-#define SE_CONTEXT_SAVE_KEY_LENGTH 512
-#define SE_CONTEXT_ORIGINAL_IV_OFFSET (SE_CONTEXT_SAVE_KEYS_OFFSET + \
- SE_CONTEXT_SAVE_KEY_LENGTH)
-#define SE11_CONTEXT_ORIGINAL_IV_OFFSET (SE11_CONTEXT_SAVE_KEYS_OFFSET + \
- SE_CONTEXT_SAVE_KEY_LENGTH)
+#define SE_RNG_SRC_CONFIG_REG 0x344
+#define RO_ENTR_LOCK_DISABLE 0
+#define RO_ENTR_LOCK_ENABLE 1
+#define SE_RNG_SRC_CONFIG_ENTR_SRC_LOCK(x) ((x) << 0)
+#define RO_ENTR_DISABLE 0
+#define RO_ENTR_ENABLE 1
+#define SE_RNG_SRC_CONFIG_ENTR_SRC(x) ((x) << 1)
+#define RO_HW_DIS_CYA_DISABLE 0
+#define RO_HW_DIS_CYA_ENABLE 1
+#define SE_RNG_SRC_CONFIG_HW_DIS_CYA(x) ((x) << 2)
+#define SE_RNG_SRC_CONFIG_ENTR_SUBSMPL(x) ((x) << 4)
+#define SE_RNG_SRC_CONFIG_ENTR_DATA_FLUSH BIT(8)
-#define SE_CONTEXT_ORIGINAL_IV_LENGTH 256
+#define SE_RNG_RESEED_INTERVAL_REG 0x348
-#define SE_CONTEXT_UPDATED_IV_OFFSET (SE_CONTEXT_ORIGINAL_IV_OFFSET + \
- SE_CONTEXT_ORIGINAL_IV_LENGTH)
-#define SE11_CONTEXT_UPDATED_IV_OFFSET (SE11_CONTEXT_ORIGINAL_IV_OFFSET + \
- SE_CONTEXT_ORIGINAL_IV_LENGTH)
+#define SE_RSA_CONFIG 0x400
+#define RSA_KEY_SLOT_ONE 0
+#define RSA_KEY_SLOT_TW0 1
+#define RSA_KEY_SLOT(x) ((x) << 24)
-#define SE_CONTEXT_UPDATED_IV_LENGTH 256
+#define SE_RSA_KEY_SIZE_REG 0x404
+#define RSA_KEY_WIDTH_512 0
+#define RSA_KEY_WIDTH_1024 1
+#define RSA_KEY_WIDTH_1536 2
+#define RSA_KEY_WIDTH_2048 3
-#define SE_CONTEXT_SAVE_KNOWN_PATTERN_OFFSET (SE_CONTEXT_UPDATED_IV_OFFSET + \
- SE_CONTEXT_UPDATED_IV_LENGTH)
-#define SE11_CONTEXT_SAVE_KNOWN_PATTERN_OFFSET \
- (SE11_CONTEXT_UPDATED_IV_OFFSET + \
- SE_CONTEXT_UPDATED_IV_LENGTH)
+#define SE_RSA_EXP_SIZE_REG 0x408
-#define SE_CONTEXT_SAVE_RSA_KEYS_OFFSET SE11_CONTEXT_SAVE_KNOWN_PATTERN_OFFSET
+#define SE_RSA_SECURITY_PERKEY_REG 0x40C
+#define SE_RSA_KEY_LOCK_FLAG 0x80
+#define SE_RSA_KEYTABLE_ACCESS_REG 0x410
+#define SE_RSA_KEY_TBL_DIS_KEYREAD_FLAG BIT(0)
+#define SE_RSA_KEY_TBL_DIS_KEYUPDATE_FLAG BIT(1)
+#define SE_RSA_KEY_TBL_DIS_KEYUSE_FLAG BIT(2)
+#define SE_RSA_KEY_TBL_DIS_KEY_ACCESS_FLAG 0x7F
+#define SE_RSA_KEY_TBL_DIS_KEY_READ_UPDATE_FLAG (SE_RSA_KEY_TBL_DIS_KEYREAD_FLAG | SE_RSA_KEY_TBL_DIS_KEYUPDATE_FLAG)
+#define SE_RSA_KEY_TBL_DIS_KEY_READ_UPDATE_USE_FLAG (SE_RSA_KEY_TBL_DIS_KEYREAD_FLAG | SE_RSA_KEY_TBL_DIS_KEYUPDATE_FLAG | SE_RSA_KEY_TBL_DIS_KEYUSE_FLAG)
-#define SE_CONTEXT_SAVE_RSA_KEY_LENGTH 1024
+#define SE_RSA_KEYTABLE_ADDR_REG 0x420
+#define SE_RSA_KEYTABLE_PKT(x) ((x) << 0)
+#define RSA_KEY_TYPE_EXP 0
+#define RSA_KEY_TYPE_MOD 1
+#define SE_RSA_KEYTABLE_TYPE(x) ((x) << 6)
+#define RSA_KEY_NUM(x) ((x) << 7)
+#define RSA_KEY_INPUT_MODE_REG 0
+#define RSA_KEY_INPUT_MODE_DMA 1
+#define SE_RSA_KEYTABLE_INPUT_MODE(x) ((x) << 8)
+#define RSA_KEY_READ 0
+#define RSA_KEY_WRITE 1
+#define SE_RSA_KEY_OP(x) ((x) << 10)
-#define SE_CONTEXT_SAVE_RSA_KNOWN_PATTERN_OFFSET \
- (SE_CONTEXT_SAVE_RSA_KEYS_OFFSET + SE_CONTEXT_SAVE_RSA_KEY_LENGTH)
+#define SE_RSA_KEYTABLE_DATA_REG 0x424
-#define SE_CONTEXT_KNOWN_PATTERN_SIZE 16
+#define SE_RSA_OUTPUT_REG 0x428
+#define SE_RSA_OUTPUT_REG_COUNT 64
-#define TEGRA_SE_RSA_KEYSLOT_COUNT 2
+#define SE_STATUS_REG 0x800
+#define SE_STATUS_STATE_IDLE 0
+#define SE_STATUS_STATE_BUSY 1
+#define SE_STATUS_STATE_WAIT_OUT 2
+#define SE_STATUS_STATE_WAIT_IN 3
+#define SE_STATUS_STATE_MASK 3
-#define SE_RSA_KEYTABLE_ACCESS_LOCK_OFFSET 0x40C
-#define SE_RSA_KEY_TBL_DIS_KEY_LOCK_FLAG 0x80
+#define SE_ERR_STATUS_REG 0x804
+#define SE_ERR_STATUS_SE_NS_ACCESS BIT(0)
+#define SE_ERR_STATUS_BUSY_REG_WR BIT(1)
+#define SE_ERR_STATUS_DST BIT(2)
+#define SE_ERR_STATUS_SRK_USAGE_LIMIT BIT(3)
+#define SE_ERR_STATUS_TZRAM_NS_ACCESS BIT(24)
+#define SE_ERR_STATUS_TZRAM_ADDRESS BIT(25)
-#define SE_RSA_KEYTABLE_ACCESS_REG_OFFSET 0x410
-#define SE_RSA_KEY_TBL_DIS_KEYREAD_FLAG BIT(0)
-#define SE_RSA_KEY_TBL_DIS_KEYUPDATE_FLAG BIT(1)
-#define SE_RSA_KEY_TBL_DIS_KEY_READ_UPDATE_FLAG (SE_RSA_KEY_TBL_DIS_KEYREAD_FLAG | SE_RSA_KEY_TBL_DIS_KEYUPDATE_FLAG)
-#define SE_RSA_KEY_TBL_DIS_KEYUSE_FLAG BIT(2)
-#define SE_RSA_KEY_TBL_DIS_KEYUSE_FLAG_SHIFT BIT(2)
-#define SE_RSA_KEY_TBL_DIS_KEY_ALL_COMMON_FLAG 7
-#define SE_RSA_KEY_TBL_DIS_KEY_ALL_FLAG 0x7F
+#define SE_MISC_REG 0x808
+#define SE_ENTROPY_NEXT_192BIT BIT(0)
+#define SE_ENTROPY_VN_BYPASS BIT(1)
+#define SE_CLK_OVR_ON BIT(2)
-#define SE_RSA_KEYTABLE_ADDR 0x420
-#define SE_RSA_KEYTABLE_DATA 0x424
-#define SE_RSA_OUTPUT 0x428
+#define SE_SPARE_REG 0x80C
+#define SE_ERRATA_FIX_DISABLE 0
+#define SE_ERRATA_FIX_ENABLE 1
+#define SE_ECO(x) ((x) << 0)
-#define RSA_KEY_READ 0
-#define RSA_KEY_WRITE 1
-#define SE_RSA_KEY_OP_SHIFT 10
-#define SE_RSA_KEY_OP(x) ((x) << SE_RSA_KEY_OP_SHIFT)
-
-#define RSA_KEY_INPUT_MODE_REG 0
-#define RSA_KEY_INPUT_MODE_DMA 1
-#define RSA_KEY_INPUT_MODE_SHIFT 8
-#define RSA_KEY_INPUT_MODE(x) ((x) << RSA_KEY_INPUT_MODE_SHIFT)
-
-#define RSA_KEY_SLOT_ONE 0
-#define RSA_KEY_SLOT_TW0 1
-#define RSA_KEY_NUM_SHIFT 7
-#define RSA_KEY_NUM(x) ((x) << RSA_KEY_NUM_SHIFT)
-
-#define RSA_KEY_TYPE_EXP 0
-#define RSA_KEY_TYPE_MOD 1
-#define RSA_KEY_TYPE_SHIFT 6
-#define RSA_KEY_TYPE(x) ((x) << RSA_KEY_TYPE_SHIFT)
-
-#define SE_RSA_KEY_SIZE_REG_OFFSET 0x404
-#define SE_RSA_EXP_SIZE_REG_OFFSET 0x408
-
-#define RSA_KEY_SLOT_SHIFT 24
-#define RSA_KEY_SLOT(x) ((x) << RSA_KEY_SLOT_SHIFT)
-#define SE_RSA_CONFIG 0x400
-
-#define RSA_KEY_PKT_WORD_ADDR_SHIFT 0
-#define RSA_KEY_PKT_WORD_ADDR(x) ((x) << RSA_KEY_PKT_WORD_ADDR_SHIFT)
-
-#define RSA_KEY_WORD_ADDR_SHIFT 0
-#define RSA_KEY_WORD_ADDR(x) ((x) << RSA_KEY_WORD_ADDR_SHIFT)
-
-#define SE_RSA_KEYTABLE_PKT_SHIFT 0
-#define SE_RSA_KEYTABLE_PKT(x) ((x) << SE_RSA_KEYTABLE_PKT_SHIFT)
-
-#endif /* _CRYPTO_TEGRA_SE_H */
+#endif
diff --git a/bdk/sec/tsec.c b/bdk/sec/tsec.c
index b4485b1..9236dc5 100644
--- a/bdk/sec/tsec.c
+++ b/bdk/sec/tsec.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2018 naehrwert
- * Copyright (c) 2018-2019 CTCaer
+ * Copyright (c) 2018-2021 CTCaer
* Copyright (c) 2018 balika011
*
* This program is free software; you can redistribute it and/or modify it
@@ -190,7 +190,7 @@ int tsec_query(u8 *tsec_keys, u8 kb, tsec_ctxt_t *tsec_ctxt)
if (kb == KB_TSEC_FW_EMU_COMPAT)
{
u32 start = get_tmr_us();
- u32 k = se[SE_KEYTABLE_DATA0_REG_OFFSET / 4];
+ u32 k = se[SE_CRYPTO_KEYTABLE_DATA_REG / 4];
u32 key[16] = {0};
u32 kidx = 0;
@@ -198,9 +198,9 @@ int tsec_query(u8 *tsec_keys, u8 kb, tsec_ctxt_t *tsec_ctxt)
{
smmu_flush_all();
- if (k != se[SE_KEYTABLE_DATA0_REG_OFFSET / 4])
+ if (k != se[SE_CRYPTO_KEYTABLE_DATA_REG / 4])
{
- k = se[SE_KEYTABLE_DATA0_REG_OFFSET / 4];
+ k = se[SE_CRYPTO_KEYTABLE_DATA_REG / 4];
key[kidx++] = k;
}
@@ -269,7 +269,7 @@ int tsec_query(u8 *tsec_keys, u8 kb, tsec_ctxt_t *tsec_ctxt)
SOR1(SOR_NV_PDISP_SOR_TMDS_HDCP_CN_MSB) = 0;
SOR1(SOR_NV_PDISP_SOR_TMDS_HDCP_CN_LSB) = 0;
- memcpy(tsec_keys, &buf, 0x10);
+ memcpy(tsec_keys, &buf, SE_KEY_128_SIZE);
}
out_free:;
diff --git a/bdk/soc/hw_init.c b/bdk/soc/hw_init.c
index 3a35ece..d48bd70 100644
--- a/bdk/soc/hw_init.c
+++ b/bdk/soc/hw_init.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2018 naehrwert
- * Copyright (c) 2018-2020 CTCaer
+ * Copyright (c) 2018-2021 CTCaer
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
@@ -264,7 +264,7 @@ static void _config_se_brom()
FUSE(FUSE_PRIVATE_KEY3)
};
// Set SBK to slot 14.
- se_aes_key_set(14, sbk, 0x10);
+ se_aes_key_set(14, sbk, SE_KEY_128_SIZE);
// Lock SBK from being read.
se_key_acc_ctrl(14, SE_KEY_TBL_DIS_KEYREAD_FLAG);
@@ -276,7 +276,7 @@ static void _config_se_brom()
// This memset needs to happen here, else TZRAM will behave weirdly later on.
memset((void *)TZRAM_BASE, 0, 0x10000);
PMC(APBDEV_PMC_CRYPTO_OP) = PMC_CRYPTO_OP_SE_ENABLE;
- SE(SE_INT_STATUS_REG_OFFSET) = 0x1F;
+ SE(SE_INT_STATUS_REG) = 0x1F; // Clear all SE interrupts.
// Clear the boot reason to avoid problems later
PMC(APBDEV_PMC_SCRATCH200) = 0x0;
diff --git a/bootloader/frontend/fe_emmc_tools.c b/bootloader/frontend/fe_emmc_tools.c
index 9cb23d4..15364c4 100644
--- a/bootloader/frontend/fe_emmc_tools.c
+++ b/bootloader/frontend/fe_emmc_tools.c
@@ -1,7 +1,7 @@
/*
* Copyright (c) 2018 naehrwert
* Copyright (c) 2018 Rajko Stojadinovic
- * Copyright (c) 2018-2019 CTCaer
+ * Copyright (c) 2018-2021 CTCaer
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
@@ -27,6 +27,7 @@
#include
#include
#include
+#include
#include "../storage/nx_emmc.h"
#include
#include
@@ -96,7 +97,7 @@ static int _dump_emmc_verify(sdmmc_storage_t *storage, u32 lba_curr, char *outFi
se_calc_sha256_oneshot(hashEm, bufEm, num << 9);
se_calc_sha256_oneshot(hashSd, bufSd, num << 9);
- res = memcmp(hashEm, hashSd, 0x10);
+ res = memcmp(hashEm, hashSd, SE_SHA_256_SIZE / 2);
if (res)
{
diff --git a/bootloader/frontend/fe_info.c b/bootloader/frontend/fe_info.c
index d915550..a6a5d5a 100644
--- a/bootloader/frontend/fe_info.c
+++ b/bootloader/frontend/fe_info.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2018 naehrwert
- * Copyright (c) 2018-2020 CTCaer
+ * Copyright (c) 2018-2021 CTCaer
* Copyright (c) 2018 balika011
*
* This program is free software; you can redistribute it and/or modify it
@@ -27,6 +27,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -354,7 +355,7 @@ void print_tsec_key()
goto out_wait;
}
- u8 keys[0x10 * 2];
+ u8 keys[SE_KEY_128_SIZE * 2];
memset(keys, 0x00, 0x20);
tsec_ctxt.fw = (u8 *)pkg1 + pkg1_id->tsec_off;
@@ -401,14 +402,14 @@ void print_tsec_key()
if (res >= 0)
{
- for (u32 j = 0; j < 0x10; j++)
+ for (u32 j = 0; j < SE_KEY_128_SIZE; j++)
gfx_printf("%02X", keys[j]);
if (pkg1_id->kb == KB_FIRMWARE_VERSION_620)
{
gfx_printf("\n%kTSEC root: %k", 0xFF00DDFF, 0xFFCCCCCC);
- for (u32 j = 0; j < 0x10; j++)
- gfx_printf("%02X", keys[0x10 + j]);
+ for (u32 j = 0; j < SE_KEY_128_SIZE; j++)
+ gfx_printf("%02X", keys[SE_KEY_128_SIZE + j]);
}
}
else
@@ -423,7 +424,7 @@ void print_tsec_key()
{
char path[64];
emmcsn_path_impl(path, "/dumps", "tsec_keys.bin", NULL);
- if (!sd_save_to_file(keys, 0x10 * 2, path))
+ if (!sd_save_to_file(keys, SE_KEY_128_SIZE * 2, path))
gfx_puts("\nDone!\n");
sd_end();
}
diff --git a/bootloader/frontend/fe_tools.c b/bootloader/frontend/fe_tools.c
index ff51094..269bfea 100644
--- a/bootloader/frontend/fe_tools.c
+++ b/bootloader/frontend/fe_tools.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2018 naehrwert
- * Copyright (c) 2018-2019 CTCaer
+ * Copyright (c) 2018-2021 CTCaer
* Copyright (c) 2018 Reisyukaku
*
* This program is free software; you can redistribute it and/or modify it
@@ -31,6 +31,7 @@
#include
#include
#include
+#include
#include "../storage/nx_emmc.h"
#include
#include
diff --git a/bootloader/hos/hos.c b/bootloader/hos/hos.c
index b208013..44b4c5a 100644
--- a/bootloader/hos/hos.c
+++ b/bootloader/hos/hos.c
@@ -2,7 +2,7 @@
* Copyright (c) 2018 naehrwert
* Copyright (c) 2018 st4rk
* Copyright (c) 2018 Ced2911
- * Copyright (c) 2018-2020 CTCaer
+ * Copyright (c) 2018-2021 CTCaer
* Copyright (c) 2018 balika011
*
* This program is free software; you can redistribute it and/or modify it
@@ -75,7 +75,7 @@ typedef struct _secmon_mailbox_t
u32 out;
} secmon_mailbox_t;
-static const u8 keyblob_keyseeds[][0x10] = {
+static const u8 keyblob_keyseeds[][SE_KEY_128_SIZE] = {
{ 0xDF, 0x20, 0x6F, 0x59, 0x44, 0x54, 0xEF, 0xDC, 0x70, 0x74, 0x48, 0x3B, 0x0D, 0xED, 0x9F, 0xD3 }, // 1.0.0.
{ 0x0C, 0x25, 0x61, 0x5D, 0x68, 0x4C, 0xEB, 0x42, 0x1C, 0x23, 0x79, 0xEA, 0x82, 0x25, 0x12, 0xAC }, // 3.0.0.
{ 0x33, 0x76, 0x85, 0xEE, 0x88, 0x4A, 0xAE, 0x0A, 0xC2, 0x8A, 0xFD, 0x7D, 0x63, 0xC0, 0x43, 0x3B }, // 3.0.1.
@@ -84,19 +84,19 @@ static const u8 keyblob_keyseeds[][0x10] = {
{ 0xD8, 0xCC, 0xE1, 0x26, 0x6A, 0x35, 0x3F, 0xCC, 0x20, 0xF3, 0x2D, 0x3B, 0x51, 0x7D, 0xE9, 0xC0 } // 6.0.0.
};
-static const u8 cmac_keyseed[0x10] =
+static const u8 cmac_keyseed[SE_KEY_128_SIZE] =
{ 0x59, 0xC7, 0xFB, 0x6F, 0xBE, 0x9B, 0xBE, 0x87, 0x65, 0x6B, 0x15, 0xC0, 0x53, 0x73, 0x36, 0xA5 };
-static const u8 master_keyseed_retail[0x10] =
+static const u8 master_keyseed_retail[SE_KEY_128_SIZE] =
{ 0xD8, 0xA2, 0x41, 0x0A, 0xC6, 0xC5, 0x90, 0x01, 0xC6, 0x1D, 0x6A, 0x26, 0x7C, 0x51, 0x3F, 0x3C };
-static const u8 master_keyseed_4xx_5xx_610[0x10] =
+static const u8 master_keyseed_4xx_5xx_610[SE_KEY_128_SIZE] =
{ 0x2D, 0xC1, 0xF4, 0x8D, 0xF3, 0x5B, 0x69, 0x33, 0x42, 0x10, 0xAC, 0x65, 0xDA, 0x90, 0x46, 0x66 };
-static const u8 master_keyseed_620[0x10] =
+static const u8 master_keyseed_620[SE_KEY_128_SIZE] =
{ 0x37, 0x4B, 0x77, 0x29, 0x59, 0xB4, 0x04, 0x30, 0x81, 0xF6, 0xE5, 0x8C, 0x6D, 0x36, 0x17, 0x9A };
-static const u8 master_kekseed_t210b01[][0x10] = {
+static const u8 master_kekseed_t210b01[][SE_KEY_128_SIZE] = {
{ 0x77, 0x60, 0x5A, 0xD2, 0xEE, 0x6E, 0xF8, 0x3C, 0x3F, 0x72, 0xE2, 0x59, 0x9D, 0xAC, 0x5E, 0x56 }, // 6.0.0.
{ 0x1E, 0x80, 0xB8, 0x17, 0x3E, 0xC0, 0x60, 0xAA, 0x11, 0xBE, 0x1A, 0x4A, 0xA6, 0x6F, 0xE4, 0xAE }, // 6.2.0.
{ 0x94, 0x08, 0x67, 0xBD, 0x0A, 0x00, 0x38, 0x84, 0x11, 0xD3, 0x1A, 0xDB, 0xDD, 0x8D, 0xF1, 0x8A }, // 7.0.0.
@@ -105,13 +105,13 @@ static const u8 master_kekseed_t210b01[][0x10] = {
{ 0x0E, 0x44, 0x0C, 0xED, 0xB4, 0x36, 0xC0, 0x3F, 0xAA, 0x1D, 0xAE, 0xBF, 0x62, 0xB1, 0x09, 0x82 }, // 9.1.0.
};
-static const u8 console_keyseed[0x10] =
+static const u8 console_keyseed[SE_KEY_128_SIZE] =
{ 0x4F, 0x02, 0x5F, 0x0E, 0xB6, 0x6D, 0x11, 0x0E, 0xDC, 0x32, 0x7D, 0x41, 0x86, 0xC2, 0xF4, 0x78 };
-static const u8 console_keyseed_4xx_5xx[0x10] =
+static const u8 console_keyseed_4xx_5xx[SE_KEY_128_SIZE] =
{ 0x0C, 0x91, 0x09, 0xDB, 0x93, 0x93, 0x07, 0x81, 0x07, 0x3C, 0xC4, 0x16, 0x22, 0x7C, 0x6C, 0x28 };
-const u8 package2_keyseed[0x10] =
+const u8 package2_keyseed[SE_KEY_128_SIZE] =
{ 0xFB, 0x8B, 0x6A, 0x9C, 0x79, 0x00, 0xC8, 0x49, 0xEF, 0xD2, 0x4D, 0x85, 0x4D, 0x30, 0xA0, 0xC7 };
static void _hos_crit_error(const char *text)
@@ -124,30 +124,33 @@ static void _se_lock(bool lock_se)
{
if (lock_se)
{
+ // Disable aes key read.
for (u32 i = 0; i < 16; i++)
se_key_acc_ctrl(i, SE_KEY_TBL_DIS_KEYREAD_FLAG | SE_KEY_TBL_DIS_OIVREAD_FLAG | SE_KEY_TBL_DIS_UIVREAD_FLAG);
+ // Disable RSA key read.
for (u32 i = 0; i < 2; i++)
se_rsa_acc_ctrl(i, SE_RSA_KEY_TBL_DIS_KEYREAD_FLAG);
- SE(SE_TZRAM_SECURITY_0) = 0; // Make SE TZRAM secure only.
- SE(SE_KEY_TABLE_ACCESS_LOCK_OFFSET) = 0; // Make all key access regs secure only.
- SE(SE_RSA_KEYTABLE_ACCESS_LOCK_OFFSET) = 0; // Make all RSA access regs secure only.
- SE(SE_SECURITY_0) &= 0xFFFFFFFB; // Make access lock regs secure only.
+
+ SE(SE_TZRAM_SECURITY_REG) = 0; // Make SE TZRAM secure only.
+ SE(SE_CRYPTO_SECURITY_PERKEY_REG) = 0; // Make all AES keys access secure only.
+ SE(SE_RSA_SECURITY_PERKEY_REG) = 0; // Make all RSA keys access secure only.
+ SE(SE_SE_SECURITY_REG) &= ~SE_PERKEY_SETTING; // Make access lock regs secure only.
}
memset((void *)IPATCH_BASE, 0, 14 * sizeof(u32));
SB(SB_CSR) = SB_CSR_PIROM_DISABLE;
// This is useful for documenting the bits in the SE config registers, so we can keep it around.
- /*gfx_printf("SE(SE_SECURITY_0) = %08X\n", SE(SE_SECURITY_0));
+ /*gfx_printf("SE(SE_SE_SECURITY_REG) = %08X\n", SE(SE_SE_SECURITY_REG));
gfx_printf("SE(0x4) = %08X\n", SE(0x4));
- gfx_printf("SE(SE_KEY_TABLE_ACCESS_LOCK_OFFSET) = %08X\n", SE(SE_KEY_TABLE_ACCESS_LOCK_OFFSET));
- gfx_printf("SE(SE_RSA_KEYTABLE_ACCESS_LOCK_OFFSET) = %08X\n", SE(SE_RSA_KEYTABLE_ACCESS_LOCK_OFFSET));
+ gfx_printf("SE(SE_CRYPTO_SECURITY_PERKEY_REG) = %08X\n", SE(SE_CRYPTO_SECURITY_PERKEY_REG));
+ gfx_printf("SE(SE_RSA_SECURITY_PERKEY_REG) = %08X\n", SE(SE_RSA_SECURITY_PERKEY_REG));
for(u32 i = 0; i < 16; i++)
- gfx_printf("%02X ", SE(SE_KEY_TABLE_ACCESS_REG_OFFSET + i * 4) & 0xFF);
+ gfx_printf("%02X ", SE(SE_CRYPTO_KEYTABLE_ACCESS_REG + i * 4) & 0xFF);
gfx_putc('\n');
for(u32 i = 0; i < 2; i++)
- gfx_printf("%02X ", SE(SE_RSA_KEYTABLE_ACCESS_REG_OFFSET + i * 4) & 0xFF);
+ gfx_printf("%02X ", SE(SE_RSA_KEYTABLE_ACCESS_REG + i * 4) & 0xFF);
gfx_putc('\n');
gfx_hexdump(SE_BASE, (void *)SE_BASE, 0x400);*/
}
@@ -257,7 +260,7 @@ void hos_eks_save(u32 kb)
// Get keys.
u8 *keys = (u8 *)calloc(0x1000, 1);
- se_get_aes_keys(keys + 0x800, keys, 0x10);
+ se_get_aes_keys(keys + 0x800, keys, SE_KEY_128_SIZE);
// Set magic and personalized info.
h_cfg.eks->magic = HOS_EKS_MAGIC;
@@ -265,18 +268,18 @@ void hos_eks_save(u32 kb)
h_cfg.eks->lot0 = FUSE(FUSE_OPT_LOT_CODE_0);
// Copy new keys.
- memcpy(h_cfg.eks->dkg, keys + 10 * 0x10, 0x10);
- memcpy(h_cfg.eks->dkk, keys + 15 * 0x10, 0x10);
+ memcpy(h_cfg.eks->dkg, keys + 10 * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
+ memcpy(h_cfg.eks->dkk, keys + 15 * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
if (!h_cfg.aes_slots_new)
{
- memcpy(h_cfg.eks->keys[key_idx].mkk, keys + 12 * 0x10, 0x10);
- memcpy(h_cfg.eks->keys[key_idx].fdk, keys + 13 * 0x10, 0x10);
+ memcpy(h_cfg.eks->keys[key_idx].mkk, keys + 12 * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
+ memcpy(h_cfg.eks->keys[key_idx].fdk, keys + 13 * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
}
else // New sept slots.
{
- memcpy(h_cfg.eks->keys[key_idx].mkk, keys + 13 * 0x10, 0x10);
- memcpy(h_cfg.eks->keys[key_idx].fdk, keys + 12 * 0x10, 0x10);
+ memcpy(h_cfg.eks->keys[key_idx].mkk, keys + 13 * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
+ memcpy(h_cfg.eks->keys[key_idx].fdk, keys + 12 * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
}
// Encrypt EKS blob.
@@ -288,7 +291,6 @@ void hos_eks_save(u32 kb)
memcpy(mbr + 0x80, eks, sizeof(hos_eks_mbr_t));
hos_eks_rw_try(mbr, true);
-
free(eks);
free(keys);
out:
@@ -409,25 +411,25 @@ int hos_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt, launch_ctxt_t *hos_c
if (h_cfg.eks && h_cfg.eks->enabled[key_idx] >= kb)
{
// Set Device keygen key to slot 10.
- se_aes_key_set(10, h_cfg.eks->dkg, 0x10);
+ se_aes_key_set(10, h_cfg.eks->dkg, SE_KEY_128_SIZE);
// Set Device key to slot 15.
- se_aes_key_set(15, h_cfg.eks->dkk, 0x10);
+ se_aes_key_set(15, h_cfg.eks->dkk, SE_KEY_128_SIZE);
if (!h_cfg.aes_slots_new)
{
// Set Master key to slot 12.
- se_aes_key_set(12, h_cfg.eks->keys[key_idx].mkk, 0x10);
+ se_aes_key_set(12, h_cfg.eks->keys[key_idx].mkk, SE_KEY_128_SIZE);
// Set FW Device key key to slot 13.
- se_aes_key_set(13, h_cfg.eks->keys[key_idx].fdk, 0x10);
+ se_aes_key_set(13, h_cfg.eks->keys[key_idx].fdk, SE_KEY_128_SIZE);
// Lock FDK.
se_key_acc_ctrl(13, SE_KEY_TBL_DIS_KEYREAD_FLAG | SE_KEY_TBL_DIS_OIVREAD_FLAG | SE_KEY_TBL_DIS_UIVREAD_FLAG);
}
else // New exosphere.
{
// Set Master key to slot 13.
- se_aes_key_set(13, h_cfg.eks->keys[key_idx].mkk, 0x10);
+ se_aes_key_set(13, h_cfg.eks->keys[key_idx].mkk, SE_KEY_128_SIZE);
// Set FW Device key key to slot 12.
- se_aes_key_set(12, h_cfg.eks->keys[key_idx].fdk, 0x10);
+ se_aes_key_set(12, h_cfg.eks->keys[key_idx].fdk, SE_KEY_128_SIZE);
// Lock FDK.
se_key_acc_ctrl(12, SE_KEY_TBL_DIS_KEYREAD_FLAG | SE_KEY_TBL_DIS_OIVREAD_FLAG | SE_KEY_TBL_DIS_UIVREAD_FLAG);
}
@@ -439,14 +441,14 @@ int hos_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt, launch_ctxt_t *hos_c
else if (kb == KB_FIRMWARE_VERSION_620)
{
// Set TSEC key.
- se_aes_key_set(12, tmp, 0x10);
+ se_aes_key_set(12, tmp, SE_KEY_128_SIZE);
// Set TSEC root key.
- se_aes_key_set(13, tmp + 0x10, 0x10);
+ se_aes_key_set(13, tmp + SE_KEY_128_SIZE, SE_KEY_128_SIZE);
if (!(emu_cfg.enabled && !h_cfg.emummc_force_disable) && hos_ctxt->stock)
{
// Package2 key.
- se_aes_key_set(8, tmp + 0x10, 0x10);
+ se_aes_key_set(8, tmp + SE_KEY_128_SIZE, SE_KEY_128_SIZE);
se_aes_unwrap_key(8, 8, master_keyseed_620);
se_aes_unwrap_key(8, 8, master_keyseed_retail);
se_aes_unwrap_key(8, 8, package2_keyseed);
@@ -484,7 +486,7 @@ int hos_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt, launch_ctxt_t *hos_c
se_key_acc_ctrl(14, SE_KEY_TBL_DIS_KEYREAD_FLAG | SE_KEY_TBL_DIS_OIVREAD_FLAG | SE_KEY_TBL_DIS_UIVREAD_FLAG);
// Set TSEC key.
- se_aes_key_set(13, tmp, 0x10);
+ se_aes_key_set(13, tmp, SE_KEY_128_SIZE);
// Derive keyblob keys from TSEC+SBK.
se_aes_crypt_block_ecb(13, 0, tmp, keyblob_keyseeds[0]);
@@ -506,9 +508,9 @@ int hos_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt, launch_ctxt_t *hos_c
// Decrypt keyblob and set keyslots.
se_aes_crypt_ctr(13, keyblob + 0x20, 0x90, keyblob + 0x20, 0x90, keyblob + 0x10);
- se_aes_key_set(11, keyblob + 0x20 + 0x80, 0x10); // Package1 key.
- se_aes_key_set(12, keyblob + 0x20, 0x10);
- se_aes_key_set(13, keyblob + 0x20, 0x10);
+ se_aes_key_set(11, keyblob + 0x20 + 0x80, SE_KEY_128_SIZE); // Package1 key.
+ se_aes_key_set(12, keyblob + 0x20, SE_KEY_128_SIZE);
+ se_aes_key_set(13, keyblob + 0x20, SE_KEY_128_SIZE);
se_aes_crypt_block_ecb(12, 0, tmp, master_keyseed_retail);
@@ -1016,16 +1018,16 @@ int hos_launch(ini_sec_t *cfg)
case KB_FIRMWARE_VERSION_100_200:
case KB_FIRMWARE_VERSION_300:
case KB_FIRMWARE_VERSION_301:
- se_key_acc_ctrl(12, SE_KEY_TBL_DIS_KEY_ACCESS_FLAG | SE_KEY_TBL_DIS_KEY_LOCK_FLAG);
- se_key_acc_ctrl(13, SE_KEY_TBL_DIS_KEY_ACCESS_FLAG | SE_KEY_TBL_DIS_KEY_LOCK_FLAG);
+ se_key_acc_ctrl(12, SE_KEY_TBL_DIS_KEY_ACCESS_FLAG | SE_KEY_LOCK_FLAG);
+ se_key_acc_ctrl(13, SE_KEY_TBL_DIS_KEY_ACCESS_FLAG | SE_KEY_LOCK_FLAG);
bootStateDramPkg2 = 2;
bootStatePkg2Continue = 3;
break;
case KB_FIRMWARE_VERSION_400:
case KB_FIRMWARE_VERSION_500:
case KB_FIRMWARE_VERSION_600:
- se_key_acc_ctrl(12, SE_KEY_TBL_DIS_KEY_ACCESS_FLAG | SE_KEY_TBL_DIS_KEY_LOCK_FLAG);
- se_key_acc_ctrl(15, SE_KEY_TBL_DIS_KEY_ACCESS_FLAG | SE_KEY_TBL_DIS_KEY_LOCK_FLAG);
+ se_key_acc_ctrl(12, SE_KEY_TBL_DIS_KEY_ACCESS_FLAG | SE_KEY_LOCK_FLAG);
+ se_key_acc_ctrl(15, SE_KEY_TBL_DIS_KEY_ACCESS_FLAG | SE_KEY_LOCK_FLAG);
default:
bootStateDramPkg2 = 2;
bootStatePkg2Continue = 4;
diff --git a/bootloader/hos/pkg2.c b/bootloader/hos/pkg2.c
index b00c186..b08ea0f 100644
--- a/bootloader/hos/pkg2.c
+++ b/bootloader/hos/pkg2.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2018 naehrwert
- * Copyright (c) 2018-2020 CTCaer
+ * Copyright (c) 2018-2021 CTCaer
* Copyright (c) 2018 Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
@@ -27,6 +27,7 @@
#include
#include
#include
+#include
#include "../storage/emummc.h"
#include
#include
@@ -1335,7 +1336,7 @@ const char* pkg2_patch_kips(link_t *info, char* patchNames)
return NULL;
}
-static const u8 mkey_vector_8xx[][0x10] =
+static const u8 mkey_vector_8xx[][SE_KEY_128_SIZE] =
{
// Master key 8 encrypted with 9. (8.1.0 with 9.0.0)
{ 0x4D, 0xD9, 0x98, 0x42, 0x45, 0x0D, 0xB1, 0x3C, 0x52, 0x0C, 0x9A, 0x44, 0xBB, 0xAD, 0xAF, 0x80 },
@@ -1346,10 +1347,10 @@ static const u8 mkey_vector_8xx[][0x10] =
static bool _pkg2_key_unwrap_validate(pkg2_hdr_t *tmp_test, pkg2_hdr_t *hdr, u8 src_slot, u8 *mkey, const u8 *key_seed)
{
// Decrypt older encrypted mkey.
- se_aes_crypt_ecb(src_slot, 0, mkey, 0x10, key_seed, 0x10);
+ se_aes_crypt_ecb(src_slot, 0, mkey, SE_KEY_128_SIZE, key_seed, SE_KEY_128_SIZE);
// Set and unwrap pkg2 key.
se_aes_key_clear(9);
- se_aes_key_set(9, mkey, 0x10);
+ se_aes_key_set(9, mkey, SE_KEY_128_SIZE);
se_aes_unwrap_key(9, 9, package2_keyseed);
// Decrypt header.
@@ -1383,9 +1384,9 @@ pkg2_hdr_t *pkg2_decrypt(void *data, u8 kb)
// Decrypt older pkg2 via new mkeys.
if ((kb >= KB_FIRMWARE_VERSION_810) && (kb < KB_FIRMWARE_VERSION_MAX))
{
- u8 tmp_mkey[0x10];
+ u8 tmp_mkey[SE_KEY_128_SIZE];
u8 decr_slot = !h_cfg.t210b01 ? (!h_cfg.aes_slots_new ? 12 : 13) : 7; // Sept mkey or T210B01 mkey.
- u8 mkey_seeds_cnt = sizeof(mkey_vector_8xx) / 0x10;
+ u8 mkey_seeds_cnt = sizeof(mkey_vector_8xx) / SE_KEY_128_SIZE;
u8 mkey_seeds_idx = mkey_seeds_cnt; // Real index + 1.
u8 mkey_seeds_min_idx = mkey_seeds_cnt - (KB_FIRMWARE_VERSION_MAX - kb);
@@ -1405,7 +1406,7 @@ pkg2_hdr_t *pkg2_decrypt(void *data, u8 kb)
// Set current mkey in order to decrypt a lower mkey.
mkey_seeds_idx--;
se_aes_key_clear(9);
- se_aes_key_set(9, tmp_mkey, 0x10);
+ se_aes_key_set(9, tmp_mkey, SE_KEY_128_SIZE);
decr_slot = 9; // Temp key.
@@ -1439,7 +1440,7 @@ DPRINTF("sec %d has size %08X\n", i, hdr->sec_size[i]);
if (!hdr->sec_size[i])
continue;
- se_aes_crypt_ctr(pkg2_keyslot, pdata, hdr->sec_size[i], pdata, hdr->sec_size[i], &hdr->sec_ctr[i * 0x10]);
+ se_aes_crypt_ctr(pkg2_keyslot, pdata, hdr->sec_size[i], pdata, hdr->sec_size[i], &hdr->sec_ctr[i * SE_AES_IV_SIZE]);
//gfx_hexdump((u32)pdata, pdata, 0x100);
pdata += hdr->sec_size[i];
@@ -1469,7 +1470,7 @@ DPRINTF("adding kip1 '%s' @ %08X (%08X)\n", ki->kip1->name, (u32)ki->kip1, ki->s
{
hdr->sec_size[PKG2_SEC_INI1] = ini1_size;
hdr->sec_off[PKG2_SEC_INI1] = 0x14080000;
- se_aes_crypt_ctr(8, ini1, ini1_size, ini1, ini1_size, &hdr->sec_ctr[PKG2_SEC_INI1 * 0x10]);
+ se_aes_crypt_ctr(8, ini1, ini1_size, ini1, ini1_size, &hdr->sec_ctr[PKG2_SEC_INI1 * SE_AES_IV_SIZE]);
}
else
{
@@ -1526,7 +1527,7 @@ DPRINTF("%s @ %08X (%08X)\n", is_meso ? "Mesosphere": "kernel",(u32)ctxt->kernel
hdr->sec_off[PKG2_SEC_KERNEL] = 0x60000;
}
hdr->sec_size[PKG2_SEC_KERNEL] = kernel_size;
- se_aes_crypt_ctr(pkg2_keyslot, pdst, kernel_size, pdst, kernel_size, &hdr->sec_ctr[PKG2_SEC_KERNEL * 0x10]);
+ se_aes_crypt_ctr(pkg2_keyslot, pdst, kernel_size, pdst, kernel_size, &hdr->sec_ctr[PKG2_SEC_KERNEL * SE_AES_IV_SIZE]);
pdst += kernel_size;
DPRINTF("kernel encrypted\n");
@@ -1549,7 +1550,7 @@ DPRINTF("INI1 encrypted\n");
*(u32 *)hdr->ctr = 0x100 + sizeof(pkg2_hdr_t) + kernel_size + ini1_size;
hdr->ctr[4] = key_ver;
se_aes_crypt_ctr(pkg2_keyslot, hdr, sizeof(pkg2_hdr_t), hdr, sizeof(pkg2_hdr_t), hdr);
- memset(hdr->ctr, 0 , 0x10);
+ memset(hdr->ctr, 0 , SE_AES_IV_SIZE);
*(u32 *)hdr->ctr = 0x100 + sizeof(pkg2_hdr_t) + kernel_size + ini1_size;
hdr->ctr[4] = key_ver;
diff --git a/nyx/nyx_gui/hos/hos.c b/nyx/nyx_gui/hos/hos.c
index 5b571e4..dc9eb14 100644
--- a/nyx/nyx_gui/hos/hos.c
+++ b/nyx/nyx_gui/hos/hos.c
@@ -2,7 +2,7 @@
* Copyright (c) 2018 naehrwert
* Copyright (c) 2018 st4rk
* Copyright (c) 2018 Ced2911
- * Copyright (c) 2018-2020 CTCaer
+ * Copyright (c) 2018-2021 CTCaer
* Copyright (c) 2018 balika011
*
* This program is free software; you can redistribute it and/or modify it
@@ -45,7 +45,7 @@ extern hekate_config h_cfg;
static u8 *bis_keys = NULL;
-static const u8 keyblob_keyseeds[][0x10] = {
+static const u8 keyblob_keyseeds[][SE_KEY_128_SIZE] = {
{ 0xDF, 0x20, 0x6F, 0x59, 0x44, 0x54, 0xEF, 0xDC, 0x70, 0x74, 0x48, 0x3B, 0x0D, 0xED, 0x9F, 0xD3 }, // 1.0.0.
{ 0x0C, 0x25, 0x61, 0x5D, 0x68, 0x4C, 0xEB, 0x42, 0x1C, 0x23, 0x79, 0xEA, 0x82, 0x25, 0x12, 0xAC }, // 3.0.0.
{ 0x33, 0x76, 0x85, 0xEE, 0x88, 0x4A, 0xAE, 0x0A, 0xC2, 0x8A, 0xFD, 0x7D, 0x63, 0xC0, 0x43, 0x3B }, // 3.0.1.
@@ -54,19 +54,19 @@ static const u8 keyblob_keyseeds[][0x10] = {
{ 0xD8, 0xCC, 0xE1, 0x26, 0x6A, 0x35, 0x3F, 0xCC, 0x20, 0xF3, 0x2D, 0x3B, 0x51, 0x7D, 0xE9, 0xC0 } // 6.0.0.
};
-static const u8 cmac_keyseed[0x10] =
+static const u8 cmac_keyseed[SE_KEY_128_SIZE] =
{ 0x59, 0xC7, 0xFB, 0x6F, 0xBE, 0x9B, 0xBE, 0x87, 0x65, 0x6B, 0x15, 0xC0, 0x53, 0x73, 0x36, 0xA5 };
-static const u8 master_keyseed_retail[0x10] =
+static const u8 master_keyseed_retail[SE_KEY_128_SIZE] =
{ 0xD8, 0xA2, 0x41, 0x0A, 0xC6, 0xC5, 0x90, 0x01, 0xC6, 0x1D, 0x6A, 0x26, 0x7C, 0x51, 0x3F, 0x3C };
-static const u8 master_keyseed_4xx_5xx_610[0x10] =
+static const u8 master_keyseed_4xx_5xx_610[SE_KEY_128_SIZE] =
{ 0x2D, 0xC1, 0xF4, 0x8D, 0xF3, 0x5B, 0x69, 0x33, 0x42, 0x10, 0xAC, 0x65, 0xDA, 0x90, 0x46, 0x66 };
-static const u8 master_keyseed_620[0x10] =
+static const u8 master_keyseed_620[SE_KEY_128_SIZE] =
{ 0x37, 0x4B, 0x77, 0x29, 0x59, 0xB4, 0x04, 0x30, 0x81, 0xF6, 0xE5, 0x8C, 0x6D, 0x36, 0x17, 0x9A };
-static const u8 master_kekseed_t210b01[][0x10] = {
+static const u8 master_kekseed_t210b01[][SE_KEY_128_SIZE] = {
{ 0x77, 0x60, 0x5A, 0xD2, 0xEE, 0x6E, 0xF8, 0x3C, 0x3F, 0x72, 0xE2, 0x59, 0x9D, 0xAC, 0x5E, 0x56 }, // 6.0.0.
{ 0x1E, 0x80, 0xB8, 0x17, 0x3E, 0xC0, 0x60, 0xAA, 0x11, 0xBE, 0x1A, 0x4A, 0xA6, 0x6F, 0xE4, 0xAE }, // 6.2.0.
{ 0x94, 0x08, 0x67, 0xBD, 0x0A, 0x00, 0x38, 0x84, 0x11, 0xD3, 0x1A, 0xDB, 0xDD, 0x8D, 0xF1, 0x8A }, // 7.0.0.
@@ -75,16 +75,16 @@ static const u8 master_kekseed_t210b01[][0x10] = {
{ 0x0E, 0x44, 0x0C, 0xED, 0xB4, 0x36, 0xC0, 0x3F, 0xAA, 0x1D, 0xAE, 0xBF, 0x62, 0xB1, 0x09, 0x82 }, // 9.1.0.
};
-static const u8 console_keyseed[0x10] =
+static const u8 console_keyseed[SE_KEY_128_SIZE] =
{ 0x4F, 0x02, 0x5F, 0x0E, 0xB6, 0x6D, 0x11, 0x0E, 0xDC, 0x32, 0x7D, 0x41, 0x86, 0xC2, 0xF4, 0x78 };
-static const u8 console_keyseed_4xx_5xx[0x10] =
+static const u8 console_keyseed_4xx_5xx[SE_KEY_128_SIZE] =
{ 0x0C, 0x91, 0x09, 0xDB, 0x93, 0x93, 0x07, 0x81, 0x07, 0x3C, 0xC4, 0x16, 0x22, 0x7C, 0x6C, 0x28 };
-const u8 package2_keyseed[0x10] =
+const u8 package2_keyseed[SE_KEY_128_SIZE] =
{ 0xFB, 0x8B, 0x6A, 0x9C, 0x79, 0x00, 0xC8, 0x49, 0xEF, 0xD2, 0x4D, 0x85, 0x4D, 0x30, 0xA0, 0xC7 };
-static const u8 mkey_vectors[KB_FIRMWARE_VERSION_MAX + 1][0x10] = {
+static const u8 mkey_vectors[KB_FIRMWARE_VERSION_MAX + 1][SE_KEY_128_SIZE] = {
{ 0x0C, 0xF0, 0x59, 0xAC, 0x85, 0xF6, 0x26, 0x65, 0xE1, 0xE9, 0x19, 0x55, 0xE6, 0xF2, 0x67, 0x3D }, // Zeroes encrypted with mkey 00.
{ 0x29, 0x4C, 0x04, 0xC8, 0xEB, 0x10, 0xED, 0x9D, 0x51, 0x64, 0x97, 0xFB, 0xF3, 0x4D, 0x50, 0xDD }, // Mkey 00 encrypted with mkey 01.
{ 0xDE, 0xCF, 0xEB, 0xEB, 0x10, 0xAE, 0x74, 0xD8, 0xAD, 0x7C, 0xF4, 0x9E, 0x62, 0xE0, 0xE8, 0x72 }, // Mkey 01 encrypted with mkey 02.
@@ -98,7 +98,7 @@ static const u8 mkey_vectors[KB_FIRMWARE_VERSION_MAX + 1][0x10] = {
{ 0xB8, 0x96, 0x9E, 0x4A, 0x00, 0x0D, 0xD6, 0x28, 0xB3, 0xD1, 0xDB, 0x68, 0x5F, 0xFB, 0xE1, 0x2A }, // Mkey 09 encrypted with mkey 10.
};
-static const u8 new_console_keyseed[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSION_400 + 1][0x10] = {
+static const u8 new_console_keyseed[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSION_400 + 1][SE_KEY_128_SIZE] = {
{ 0x8B, 0x4E, 0x1C, 0x22, 0x42, 0x07, 0xC8, 0x73, 0x56, 0x94, 0x08, 0x8B, 0xCC, 0x47, 0x0F, 0x5D }, // 4.x New Device Key Source.
{ 0x6C, 0xEF, 0xC6, 0x27, 0x8B, 0xEC, 0x8A, 0x91, 0x99, 0xAB, 0x24, 0xAC, 0x4F, 0x1C, 0x8F, 0x1C }, // 5.x New Device Key Source.
{ 0x70, 0x08, 0x1B, 0x97, 0x44, 0x64, 0xF8, 0x91, 0x54, 0x9D, 0xC6, 0x84, 0x8F, 0x1A, 0xB2, 0xE4 }, // 6.x New Device Key Source.
@@ -109,7 +109,7 @@ static const u8 new_console_keyseed[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSIO
{ 0x14, 0xB8, 0x74, 0x12, 0xCB, 0xBD, 0x0B, 0x8F, 0x20, 0xFB, 0x30, 0xDA, 0x27, 0xE4, 0x58, 0x94 }, // 9.1.0 New Device Key Source.
};
-static const u8 new_console_kekseed[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSION_400 + 1][0x10] = {
+static const u8 new_console_kekseed[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSION_400 + 1][SE_KEY_128_SIZE] = {
{ 0x88, 0x62, 0x34, 0x6E, 0xFA, 0xF7, 0xD8, 0x3F, 0xE1, 0x30, 0x39, 0x50, 0xF0, 0xB7, 0x5D, 0x5D }, // 4.x New Device Keygen Source.
{ 0x06, 0x1E, 0x7B, 0xE9, 0x6D, 0x47, 0x8C, 0x77, 0xC5, 0xC8, 0xE7, 0x94, 0x9A, 0xA8, 0x5F, 0x2E }, // 5.x New Device Keygen Source.
{ 0x99, 0xFA, 0x98, 0xBD, 0x15, 0x1C, 0x72, 0xFD, 0x7D, 0x9A, 0xD5, 0x41, 0x00, 0xFD, 0xB2, 0xEF }, // 6.x New Device Keygen Source.
@@ -120,19 +120,19 @@ static const u8 new_console_kekseed[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSIO
{ 0xCE, 0xFE, 0x41, 0x0F, 0x46, 0x9A, 0x30, 0xD6, 0xF2, 0xE9, 0x0C, 0x6B, 0xB7, 0x15, 0x91, 0x36 }, // 9.1.0 New Device Keygen Source.
};
-static const u8 gen_keyseed[0x10] =
+static const u8 gen_keyseed[SE_KEY_128_SIZE] =
{ 0x89, 0x61, 0x5E, 0xE0, 0x5C, 0x31, 0xB6, 0x80, 0x5F, 0xE5, 0x8F, 0x3D, 0xA2, 0x4F, 0x7A, 0xA8 };
-static const u8 gen_kekseed[0x10] =
+static const u8 gen_kekseed[SE_KEY_128_SIZE] =
{ 0x4D, 0x87, 0x09, 0x86, 0xC4, 0x5D, 0x20, 0x72, 0x2F, 0xBA, 0x10, 0x53, 0xDA, 0x92, 0xE8, 0xA9 };
-static const u8 gen_keyseed_retail[0x10] =
+static const u8 gen_keyseed_retail[SE_KEY_128_SIZE] =
{ 0xE2, 0xD6, 0xB8, 0x7A, 0x11, 0x9C, 0xB8, 0x80, 0xE8, 0x22, 0x88, 0x8A, 0x46, 0xFB, 0xA1, 0x95 };
-static const u8 bis_kekseed[0x10] =
+static const u8 bis_kekseed[SE_KEY_128_SIZE] =
{ 0x34, 0xC1, 0xA0, 0xC4, 0x82, 0x58, 0xF8, 0xB4, 0xFA, 0x9E, 0x5E, 0x6A, 0xDA, 0xFC, 0x7E, 0x4F };
-static const u8 bis_keyseed[][0x10] = {
+static const u8 bis_keyseed[][SE_KEY_128_SIZE] = {
{ 0xF8, 0x3F, 0x38, 0x6E, 0x2C, 0xD2, 0xCA, 0x32, 0xA8, 0x9A, 0xB9, 0xAA, 0x29, 0xBF, 0xC7, 0x48 }, // BIS 0 Crypt seed.
{ 0x7D, 0x92, 0xB0, 0x3A, 0xA8, 0xBF, 0xDE, 0xE1, 0xA7, 0x4C, 0x3B, 0x6E, 0x35, 0xCB, 0x71, 0x06 }, // BIS 0 Tweak seed.
{ 0x41, 0x00, 0x30, 0x49, 0xDD, 0xCC, 0xC0, 0x65, 0x64, 0x7A, 0x7E, 0xB4, 0x1E, 0xED, 0x9C, 0x5F }, // BIS 1 Crypt seed.
@@ -229,7 +229,7 @@ void hos_eks_save(u32 kb)
// Get keys.
u8 *keys = (u8 *)calloc(0x1000, 1);
- se_get_aes_keys(keys + 0x800, keys, 0x10);
+ se_get_aes_keys(keys + 0x800, keys, SE_KEY_128_SIZE);
// Set magic and personalized info.
h_cfg.eks->magic = HOS_EKS_MAGIC;
@@ -237,18 +237,18 @@ void hos_eks_save(u32 kb)
h_cfg.eks->lot0 = FUSE(FUSE_OPT_LOT_CODE_0);
// Copy new keys.
- memcpy(h_cfg.eks->dkg, keys + 10 * 0x10, 0x10);
- memcpy(h_cfg.eks->dkk, keys + 15 * 0x10, 0x10);
+ memcpy(h_cfg.eks->dkg, keys + 10 * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
+ memcpy(h_cfg.eks->dkk, keys + 15 * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
if (!h_cfg.aes_slots_new)
{
- memcpy(h_cfg.eks->keys[key_idx].mkk, keys + 12 * 0x10, 0x10);
- memcpy(h_cfg.eks->keys[key_idx].fdk, keys + 13 * 0x10, 0x10);
+ memcpy(h_cfg.eks->keys[key_idx].mkk, keys + 12 * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
+ memcpy(h_cfg.eks->keys[key_idx].fdk, keys + 13 * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
}
else // New sept slots.
{
- memcpy(h_cfg.eks->keys[key_idx].mkk, keys + 13 * 0x10, 0x10);
- memcpy(h_cfg.eks->keys[key_idx].fdk, keys + 12 * 0x10, 0x10);
+ memcpy(h_cfg.eks->keys[key_idx].mkk, keys + 13 * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
+ memcpy(h_cfg.eks->keys[key_idx].fdk, keys + 12 * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
}
// Encrypt EKS blob.
@@ -260,7 +260,6 @@ void hos_eks_save(u32 kb)
memcpy(mbr + 0x80, eks, sizeof(hos_eks_mbr_t));
hos_eks_rw_try(mbr, true);
-
free(eks);
free(keys);
out:
@@ -346,14 +345,14 @@ void hos_eks_bis_save()
h_cfg.eks->lot0 = FUSE(FUSE_OPT_LOT_CODE_0);
// Copy new keys.
- memcpy(h_cfg.eks->bis_keys[0].crypt, bis_keys + (0 * 0x10), 0x10);
- memcpy(h_cfg.eks->bis_keys[0].tweak, bis_keys + (1 * 0x10), 0x10);
+ memcpy(h_cfg.eks->bis_keys[0].crypt, bis_keys + (0 * SE_KEY_128_SIZE), SE_KEY_128_SIZE);
+ memcpy(h_cfg.eks->bis_keys[0].tweak, bis_keys + (1 * SE_KEY_128_SIZE), SE_KEY_128_SIZE);
- memcpy(h_cfg.eks->bis_keys[1].crypt, bis_keys + (2 * 0x10), 0x10);
- memcpy(h_cfg.eks->bis_keys[1].tweak, bis_keys + (3 * 0x10), 0x10);
+ memcpy(h_cfg.eks->bis_keys[1].crypt, bis_keys + (2 * SE_KEY_128_SIZE), SE_KEY_128_SIZE);
+ memcpy(h_cfg.eks->bis_keys[1].tweak, bis_keys + (3 * SE_KEY_128_SIZE), SE_KEY_128_SIZE);
- memcpy(h_cfg.eks->bis_keys[2].crypt, bis_keys + (4 * 0x10), 0x10);
- memcpy(h_cfg.eks->bis_keys[2].tweak, bis_keys + (5 * 0x10), 0x10);
+ memcpy(h_cfg.eks->bis_keys[2].crypt, bis_keys + (4 * SE_KEY_128_SIZE), SE_KEY_128_SIZE);
+ memcpy(h_cfg.eks->bis_keys[2].tweak, bis_keys + (5 * SE_KEY_128_SIZE), SE_KEY_128_SIZE);
// Encrypt EKS blob.
u8 *eks = calloc(512 , 1);
@@ -473,13 +472,13 @@ int hos_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt)
if (h_cfg.eks && h_cfg.eks->enabled[key_idx] >= kb)
{
// Set Device keygen key to slot 10.
- se_aes_key_set(10, h_cfg.eks->dkg, 0x10);
+ se_aes_key_set(10, h_cfg.eks->dkg, SE_KEY_128_SIZE);
// Set Master key to slot 12.
- se_aes_key_set(12, h_cfg.eks->keys[key_idx].mkk, 0x10);
+ se_aes_key_set(12, h_cfg.eks->keys[key_idx].mkk, SE_KEY_128_SIZE);
// Set FW Device key key to slot 13.
- se_aes_key_set(13, h_cfg.eks->keys[key_idx].fdk, 0x10);
+ se_aes_key_set(13, h_cfg.eks->keys[key_idx].fdk, SE_KEY_128_SIZE);
// Set Device key to slot 15.
- se_aes_key_set(15, h_cfg.eks->dkk, 0x10);
+ se_aes_key_set(15, h_cfg.eks->dkk, SE_KEY_128_SIZE);
}
else
h_cfg.aes_slots_new = se_key_acc_ctrl_get(12) == 0x6A;
@@ -490,9 +489,9 @@ int hos_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt)
else if (kb == KB_FIRMWARE_VERSION_620)
{
// Set TSEC key.
- se_aes_key_set(12, tmp, 0x10);
+ se_aes_key_set(12, tmp, SE_KEY_128_SIZE);
// Set TSEC root key.
- se_aes_key_set(13, tmp + 0x10, 0x10);
+ se_aes_key_set(13, tmp + SE_KEY_128_SIZE, SE_KEY_128_SIZE);
// Decrypt keyblob and set keyslots
se_aes_crypt_block_ecb(12, 0, tmp + 0x20, keyblob_keyseeds[0]);
@@ -508,7 +507,7 @@ int hos_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt)
else
{
// Set TSEC key.
- se_aes_key_set(13, tmp, 0x10);
+ se_aes_key_set(13, tmp, SE_KEY_128_SIZE);
// Derive keyblob keys from TSEC+SBK.
se_aes_crypt_block_ecb(13, 0, tmp, keyblob_keyseeds[0]);
@@ -530,9 +529,9 @@ int hos_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt)
// Decrypt keyblob and set keyslots.
se_aes_crypt_ctr(13, keyblob + 0x20, 0x90, keyblob + 0x20, 0x90, keyblob + 0x10);
- se_aes_key_set(11, keyblob + 0x20 + 0x80, 0x10); // Package1 key.
- se_aes_key_set(12, keyblob + 0x20, 0x10);
- se_aes_key_set(13, keyblob + 0x20, 0x10);
+ se_aes_key_set(11, keyblob + 0x20 + 0x80, SE_KEY_128_SIZE); // Package1 key.
+ se_aes_key_set(12, keyblob + 0x20, SE_KEY_128_SIZE);
+ se_aes_key_set(13, keyblob + 0x20, SE_KEY_128_SIZE);
se_aes_crypt_block_ecb(12, 0, tmp, master_keyseed_retail);
@@ -568,18 +567,18 @@ int hos_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt)
static void _hos_validate_sept_mkey(u32 kb)
{
- u8 tmp_mkey[0x10];
- u32 mkey_idx = sizeof(mkey_vectors) / 0x10;
+ u8 tmp_mkey[SE_KEY_128_SIZE];
+ u32 mkey_idx = sizeof(mkey_vectors) / SE_KEY_128_SIZE;
u8 mkey_slot = !h_cfg.aes_slots_new ? 12 : 13;
do
{
mkey_idx--;
- se_aes_crypt_ecb(mkey_slot, 0, tmp_mkey, 0x10, mkey_vectors[mkey_idx], 0x10);
+ se_aes_crypt_ecb(mkey_slot, 0, tmp_mkey, SE_KEY_128_SIZE, mkey_vectors[mkey_idx], SE_KEY_128_SIZE);
for (u32 idx = 0; idx < mkey_idx; idx++)
{
se_aes_key_clear(2);
- se_aes_key_set(2, tmp_mkey, 0x10);
- se_aes_crypt_ecb(2, 0, tmp_mkey, 0x10, mkey_vectors[mkey_idx - 1 - idx], 0x10);
+ se_aes_key_set(2, tmp_mkey, SE_KEY_128_SIZE);
+ se_aes_crypt_ecb(2, 0, tmp_mkey, SE_KEY_128_SIZE, mkey_vectors[mkey_idx - 1 - idx], SE_KEY_128_SIZE);
}
if (!memcmp(tmp_mkey, "\x00\x00\x00\x00\x00\x00\x00\x00", 8))
@@ -597,13 +596,13 @@ static void _hos_validate_sept_mkey(u32 kb)
static void _hos_bis_print_key(u32 idx, u8 *key)
{
gfx_printf("BIS %d Crypt: ", idx);
- for (int i = 0; i < 0x10; i++)
- gfx_printf("%02X", key[((idx * 2 + 0) * 0x10) + i]);
+ for (int i = 0; i < SE_KEY_128_SIZE; i++)
+ gfx_printf("%02X", key[((idx * 2 + 0) * SE_KEY_128_SIZE) + i]);
gfx_puts("\n");
gfx_printf("BIS %d Tweak: ", idx);
- for (int i = 0; i < 0x10; i++)
- gfx_printf("%02X", key[((idx * 2 + 1) * 0x10) + i]);
+ for (int i = 0; i < SE_KEY_128_SIZE; i++)
+ gfx_printf("%02X", key[((idx * 2 + 1) * SE_KEY_128_SIZE) + i]);
gfx_puts("\n");
}
@@ -613,7 +612,7 @@ int hos_bis_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt)
u32 console_key_slot = kb >= KB_FIRMWARE_VERSION_400 ? 15 : 13;
if (!bis_keys)
- bis_keys = malloc(0x10 * 6);
+ bis_keys = malloc(SE_KEY_128_SIZE * 6);
if (!h_cfg.eks || !h_cfg.eks->enabled_bis)
{
@@ -627,8 +626,8 @@ int hos_bis_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt)
if (keygen_rev)
{
- u8 tmp_mkey[0x10];
- u32 mkey_idx = sizeof(mkey_vectors) / 0x10;
+ u8 tmp_mkey[SE_KEY_128_SIZE];
+ u32 mkey_idx = sizeof(mkey_vectors) / SE_KEY_128_SIZE;
u8 mkey_slot = kb >= KB_FIRMWARE_VERSION_700 ? (!h_cfg.aes_slots_new ? 12 : 13) : (kb == KB_FIRMWARE_VERSION_620 ? 9 : 12);
// Keygen revision uses bootloader version, which starts from 1.
@@ -642,19 +641,19 @@ int hos_bis_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt)
do
{
mkey_idx--;
- se_aes_crypt_ecb(mkey_slot, 0, tmp_mkey, 0x10, mkey_vectors[mkey_idx], 0x10);
+ se_aes_crypt_ecb(mkey_slot, 0, tmp_mkey, SE_KEY_128_SIZE, mkey_vectors[mkey_idx], SE_KEY_128_SIZE);
for (u32 idx = 0; idx < mkey_idx; idx++)
{
se_aes_key_clear(2);
- se_aes_key_set(2, tmp_mkey, 0x10);
- se_aes_crypt_ecb(2, 0, tmp_mkey, 0x10, mkey_vectors[mkey_idx - 1 - idx], 0x10);
+ se_aes_key_set(2, tmp_mkey, SE_KEY_128_SIZE);
+ se_aes_crypt_ecb(2, 0, tmp_mkey, SE_KEY_128_SIZE, mkey_vectors[mkey_idx - 1 - idx], SE_KEY_128_SIZE);
}
} while (memcmp(tmp_mkey, "\x00\x00\x00\x00\x00\x00\x00\x00", 8) != 0 && (mkey_idx - 1));
// Derive new device key.
se_aes_key_clear(1);
se_aes_unwrap_key(1, 10, new_console_keyseed[keygen_rev]); // Uses Device key 4x.
- se_aes_crypt_ecb(10, 0, tmp_mkey, 0x10, new_console_keyseed[keygen_rev], 0x10); // Uses Device key 4x.
+ se_aes_crypt_ecb(10, 0, tmp_mkey, SE_KEY_128_SIZE, new_console_keyseed[keygen_rev], SE_KEY_128_SIZE); // Uses Device key 4x.
se_aes_unwrap_key(1, 2, new_console_kekseed[keygen_rev]); // Uses Master Key 0.
se_aes_unwrap_key(1, 1, tmp_mkey);
@@ -666,11 +665,11 @@ int hos_bis_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt)
se_aes_unwrap_key(2, console_key_slot, gen_keyseed_retail);
// Clear bis keys storage.
- memset(bis_keys, 0, 0x10 * 6);
+ memset(bis_keys, 0, SE_KEY_128_SIZE * 6);
// Generate BIS 0 Keys.
- se_aes_crypt_block_ecb(2, 0, bis_keys + (0 * 0x10), bis_keyseed[0]);
- se_aes_crypt_block_ecb(2, 0, bis_keys + (1 * 0x10), bis_keyseed[1]);
+ se_aes_crypt_block_ecb(2, 0, bis_keys + (0 * SE_KEY_128_SIZE), bis_keyseed[0]);
+ se_aes_crypt_block_ecb(2, 0, bis_keys + (1 * SE_KEY_128_SIZE), bis_keyseed[1]);
// Generate generic kek.
se_aes_key_clear(2);
@@ -679,26 +678,26 @@ int hos_bis_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt)
se_aes_unwrap_key(2, 2, gen_keyseed);
// Generate BIS 1 Keys.
- se_aes_crypt_block_ecb(2, 0, bis_keys + (2 * 0x10), bis_keyseed[2]);
- se_aes_crypt_block_ecb(2, 0, bis_keys + (3 * 0x10), bis_keyseed[3]);
+ se_aes_crypt_block_ecb(2, 0, bis_keys + (2 * SE_KEY_128_SIZE), bis_keyseed[2]);
+ se_aes_crypt_block_ecb(2, 0, bis_keys + (3 * SE_KEY_128_SIZE), bis_keyseed[3]);
// Generate BIS 2/3 Keys.
- se_aes_crypt_block_ecb(2, 0, bis_keys + (4 * 0x10), bis_keyseed[4]);
- se_aes_crypt_block_ecb(2, 0, bis_keys + (5 * 0x10), bis_keyseed[5]);
+ se_aes_crypt_block_ecb(2, 0, bis_keys + (4 * SE_KEY_128_SIZE), bis_keyseed[4]);
+ se_aes_crypt_block_ecb(2, 0, bis_keys + (5 * SE_KEY_128_SIZE), bis_keyseed[5]);
if (!h_cfg.t210b01 && kb >= KB_FIRMWARE_VERSION_700)
_hos_validate_sept_mkey(kb);
}
else
{
- memcpy(bis_keys + (0 * 0x10), h_cfg.eks->bis_keys[0].crypt, 0x10);
- memcpy(bis_keys + (1 * 0x10), h_cfg.eks->bis_keys[0].tweak, 0x10);
+ memcpy(bis_keys + (0 * SE_KEY_128_SIZE), h_cfg.eks->bis_keys[0].crypt, SE_KEY_128_SIZE);
+ memcpy(bis_keys + (1 * SE_KEY_128_SIZE), h_cfg.eks->bis_keys[0].tweak, SE_KEY_128_SIZE);
- memcpy(bis_keys + (2 * 0x10), h_cfg.eks->bis_keys[1].crypt, 0x10);
- memcpy(bis_keys + (3 * 0x10), h_cfg.eks->bis_keys[1].tweak, 0x10);
+ memcpy(bis_keys + (2 * SE_KEY_128_SIZE), h_cfg.eks->bis_keys[1].crypt, SE_KEY_128_SIZE);
+ memcpy(bis_keys + (3 * SE_KEY_128_SIZE), h_cfg.eks->bis_keys[1].tweak, SE_KEY_128_SIZE);
- memcpy(bis_keys + (4 * 0x10), h_cfg.eks->bis_keys[2].crypt, 0x10);
- memcpy(bis_keys + (5 * 0x10), h_cfg.eks->bis_keys[2].tweak, 0x10);
+ memcpy(bis_keys + (4 * SE_KEY_128_SIZE), h_cfg.eks->bis_keys[2].crypt, SE_KEY_128_SIZE);
+ memcpy(bis_keys + (5 * SE_KEY_128_SIZE), h_cfg.eks->bis_keys[2].tweak, SE_KEY_128_SIZE);
}
_hos_bis_print_key(0, bis_keys);
@@ -710,14 +709,14 @@ int hos_bis_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt)
se_aes_key_clear(i);
// Set BIS keys.
- se_aes_key_set(0, bis_keys + (0 * 0x10), 0x10);
- se_aes_key_set(1, bis_keys + (1 * 0x10), 0x10);
+ se_aes_key_set(0, bis_keys + (0 * SE_KEY_128_SIZE), SE_KEY_128_SIZE);
+ se_aes_key_set(1, bis_keys + (1 * SE_KEY_128_SIZE), SE_KEY_128_SIZE);
- se_aes_key_set(2, bis_keys + (2 * 0x10), 0x10);
- se_aes_key_set(3, bis_keys + (3 * 0x10), 0x10);
+ se_aes_key_set(2, bis_keys + (2 * SE_KEY_128_SIZE), SE_KEY_128_SIZE);
+ se_aes_key_set(3, bis_keys + (3 * SE_KEY_128_SIZE), SE_KEY_128_SIZE);
- se_aes_key_set(4, bis_keys + (4 * 0x10), 0x10);
- se_aes_key_set(5, bis_keys + (5 * 0x10), 0x10);
+ se_aes_key_set(4, bis_keys + (4 * SE_KEY_128_SIZE), SE_KEY_128_SIZE);
+ se_aes_key_set(5, bis_keys + (5 * SE_KEY_128_SIZE), SE_KEY_128_SIZE);
return 1;
}
@@ -742,7 +741,7 @@ void hos_bis_keys_clear()
FUSE(FUSE_PRIVATE_KEY3)
};
// Set SBK to slot 14.
- se_aes_key_set(14, sbk, 0x10);
+ se_aes_key_set(14, sbk, SE_KEY_128_SIZE);
// Lock SBK from being read.
se_key_acc_ctrl(14, SE_KEY_TBL_DIS_KEYREAD_FLAG);
diff --git a/nyx/nyx_gui/hos/pkg2.c b/nyx/nyx_gui/hos/pkg2.c
index 93900fa..5df3885 100644
--- a/nyx/nyx_gui/hos/pkg2.c
+++ b/nyx/nyx_gui/hos/pkg2.c
@@ -24,6 +24,7 @@
#include
#include
#include
+#include
#include
#include
@@ -111,7 +112,7 @@ DPRINTF(" kip1 %d:%s @ %08X (%08X)\n", i, kip1->name, (u32)kip1, ki->size);
return true;
}
-static const u8 mkey_vector_8xx[][0x10] =
+static const u8 mkey_vector_8xx[][SE_KEY_128_SIZE] =
{
// Master key 8 encrypted with 9. (8.1.0 with 9.0.0)
{ 0x4D, 0xD9, 0x98, 0x42, 0x45, 0x0D, 0xB1, 0x3C, 0x52, 0x0C, 0x9A, 0x44, 0xBB, 0xAD, 0xAF, 0x80 },
@@ -122,10 +123,10 @@ static const u8 mkey_vector_8xx[][0x10] =
static bool _pkg2_key_unwrap_validate(pkg2_hdr_t *tmp_test, pkg2_hdr_t *hdr, u8 src_slot, u8 *mkey, const u8 *key_seed)
{
// Decrypt older encrypted mkey.
- se_aes_crypt_ecb(src_slot, 0, mkey, 0x10, key_seed, 0x10);
+ se_aes_crypt_ecb(src_slot, 0, mkey, SE_KEY_128_SIZE, key_seed, SE_KEY_128_SIZE);
// Set and unwrap pkg2 key.
se_aes_key_clear(9);
- se_aes_key_set(9, mkey, 0x10);
+ se_aes_key_set(9, mkey, SE_KEY_128_SIZE);
se_aes_unwrap_key(9, 9, package2_keyseed);
// Decrypt header.
@@ -158,9 +159,9 @@ pkg2_hdr_t *pkg2_decrypt(void *data, u8 kb)
// Decrypt older pkg2 via new mkeys.
if ((kb >= KB_FIRMWARE_VERSION_810) && (kb < KB_FIRMWARE_VERSION_MAX))
{
- u8 tmp_mkey[0x10];
+ u8 tmp_mkey[SE_KEY_128_SIZE];
u8 decr_slot = !h_cfg.t210b01 ? (!h_cfg.aes_slots_new ? 12 : 13) : 7; // Sept mkey or T210B01 mkey.
- u8 mkey_seeds_cnt = sizeof(mkey_vector_8xx) / 0x10;
+ u8 mkey_seeds_cnt = sizeof(mkey_vector_8xx) / SE_KEY_128_SIZE;
u8 mkey_seeds_idx = mkey_seeds_cnt; // Real index + 1.
u8 mkey_seeds_min_idx = mkey_seeds_cnt - (KB_FIRMWARE_VERSION_MAX - kb);
@@ -180,7 +181,7 @@ pkg2_hdr_t *pkg2_decrypt(void *data, u8 kb)
// Set current mkey in order to decrypt a lower mkey.
mkey_seeds_idx--;
se_aes_key_clear(9);
- se_aes_key_set(9, tmp_mkey, 0x10);
+ se_aes_key_set(9, tmp_mkey, SE_KEY_128_SIZE);
decr_slot = 9; // Temp key.
@@ -214,7 +215,7 @@ DPRINTF("sec %d has size %08X\n", i, hdr->sec_size[i]);
if (!hdr->sec_size[i])
continue;
- se_aes_crypt_ctr(keyslot, pdata, hdr->sec_size[i], pdata, hdr->sec_size[i], &hdr->sec_ctr[i * 0x10]);
+ se_aes_crypt_ctr(keyslot, pdata, hdr->sec_size[i], pdata, hdr->sec_size[i], &hdr->sec_ctr[i * SE_AES_IV_SIZE]);
//gfx_hexdump((u32)pdata, pdata, 0x100);
pdata += hdr->sec_size[i];