mirror of
				https://git.zaroz.cloud/nintendo-back-up/yuzu/yuzu.git
				synced 2025-05-12 00:45:25 +00:00 
			
		
		
		
	HW: add AES engine & implement AES-CCM
This commit is contained in:
		
							parent
							
								
									1bf449d752
								
							
						
					
					
						commit
						ea1ea0224c
					
				
							
								
								
									
										2
									
								
								externals/dynarmic
									
									
									
									
										vendored
									
									
								
							
							
								
								
								
								
								
								
							
						
						
									
										2
									
								
								externals/dynarmic
									
									
									
									
										vendored
									
									
								
							| @ -1 +1 @@ | ||||
| Subproject commit 459d7d1bafcf85677c989b7cb260d3789aa813e2 | ||||
| Subproject commit 358cf7c32205a5114964865c86a8455daf810732 | ||||
| @ -45,3 +45,4 @@ | ||||
| 
 | ||||
| // Sys files
 | ||||
| #define SHARED_FONT "shared_font.bin" | ||||
| #define AES_KEYS "aes_keys.txt" | ||||
|  | ||||
| @ -62,6 +62,7 @@ namespace Log { | ||||
|     SUB(HW, Memory)                                                                                \ | ||||
|     SUB(HW, LCD)                                                                                   \ | ||||
|     SUB(HW, GPU)                                                                                   \ | ||||
|     SUB(HW, AES)                                                                                   \ | ||||
|     CLS(Frontend)                                                                                  \ | ||||
|     CLS(Render)                                                                                    \ | ||||
|     SUB(Render, Software)                                                                          \ | ||||
|  | ||||
| @ -79,6 +79,7 @@ enum class Class : ClassType { | ||||
|     HW_Memory,         ///< Memory-map and address translation
 | ||||
|     HW_LCD,            ///< LCD register emulation
 | ||||
|     HW_GPU,            ///< GPU control emulation
 | ||||
|     HW_AES,            ///< AES engine emulation
 | ||||
|     Frontend,          ///< Emulator UI
 | ||||
|     Render,            ///< Emulator video output and hardware acceleration
 | ||||
|     Render_Software,   ///< Software renderer backend
 | ||||
|  | ||||
| @ -159,6 +159,9 @@ set(SRCS | ||||
|             hle/service/y2r_u.cpp | ||||
|             hle/shared_page.cpp | ||||
|             hle/svc.cpp | ||||
|             hw/aes/arithmetic128.cpp | ||||
|             hw/aes/ccm.cpp | ||||
|             hw/aes/key.cpp | ||||
|             hw/gpu.cpp | ||||
|             hw/hw.cpp | ||||
|             hw/lcd.cpp | ||||
| @ -342,6 +345,9 @@ set(HEADERS | ||||
|             hle/service/y2r_u.h | ||||
|             hle/shared_page.h | ||||
|             hle/svc.h | ||||
|             hw/aes/arithmetic128.h | ||||
|             hw/aes/ccm.h | ||||
|             hw/aes/key.h | ||||
|             hw/gpu.h | ||||
|             hw/hw.h | ||||
|             hw/lcd.h | ||||
|  | ||||
							
								
								
									
										47
									
								
								src/core/hw/aes/arithmetic128.cpp
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										47
									
								
								src/core/hw/aes/arithmetic128.cpp
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,47 @@ | ||||
| // Copyright 2017 Citra Emulator Project
 | ||||
| // Licensed under GPLv2 or any later version
 | ||||
| // Refer to the license.txt file included.
 | ||||
| 
 | ||||
| #include <algorithm> | ||||
| #include <functional> | ||||
| #include "core/hw/aes/arithmetic128.h" | ||||
| 
 | ||||
| namespace HW { | ||||
| namespace AES { | ||||
| 
 | ||||
| AESKey Lrot128(const AESKey& in, u32 rot) { | ||||
|     AESKey out; | ||||
|     rot %= 128; | ||||
|     const u32 byte_shift = rot / 8; | ||||
|     const u32 bit_shift = rot % 8; | ||||
| 
 | ||||
|     for (u32 i = 0; i < 16; i++) { | ||||
|         const u32 wrap_index_a = (i + byte_shift) % 16; | ||||
|         const u32 wrap_index_b = (i + byte_shift + 1) % 16; | ||||
|         out[i] = ((in[wrap_index_a] << bit_shift) | (in[wrap_index_b] >> (8 - bit_shift))) & 0xFF; | ||||
|     } | ||||
|     return out; | ||||
| } | ||||
| 
 | ||||
| AESKey Add128(const AESKey& a, const AESKey& b) { | ||||
|     AESKey out; | ||||
|     u32 carry = 0; | ||||
|     u32 sum = 0; | ||||
| 
 | ||||
|     for (int i = 15; i >= 0; i--) { | ||||
|         sum = a[i] + b[i] + carry; | ||||
|         carry = sum >> 8; | ||||
|         out[i] = static_cast<u8>(sum & 0xff); | ||||
|     } | ||||
| 
 | ||||
|     return out; | ||||
| } | ||||
| 
 | ||||
| AESKey Xor128(const AESKey& a, const AESKey& b) { | ||||
|     AESKey out; | ||||
|     std::transform(a.cbegin(), a.cend(), b.cbegin(), out.begin(), std::bit_xor<>()); | ||||
|     return out; | ||||
| } | ||||
| 
 | ||||
| } // namespace AES
 | ||||
| } // namespace HW
 | ||||
							
								
								
									
										17
									
								
								src/core/hw/aes/arithmetic128.h
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										17
									
								
								src/core/hw/aes/arithmetic128.h
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,17 @@ | ||||
| // Copyright 2017 Citra Emulator Project
 | ||||
| // Licensed under GPLv2 or any later version
 | ||||
| // Refer to the license.txt file included.
 | ||||
| 
 | ||||
| #pragma once | ||||
| 
 | ||||
| #include "common/common_types.h" | ||||
| #include "core/hw/aes/key.h" | ||||
| 
 | ||||
| namespace HW { | ||||
| namespace AES { | ||||
| AESKey Lrot128(const AESKey& in, u32 rot); | ||||
| AESKey Add128(const AESKey& a, const AESKey& b); | ||||
| AESKey Xor128(const AESKey& a, const AESKey& b); | ||||
| 
 | ||||
| } // namspace AES
 | ||||
| } // namespace HW
 | ||||
							
								
								
									
										95
									
								
								src/core/hw/aes/ccm.cpp
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										95
									
								
								src/core/hw/aes/ccm.cpp
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,95 @@ | ||||
| // Copyright 2017 Citra Emulator Project
 | ||||
| // Licensed under GPLv2 or any later version
 | ||||
| // Refer to the license.txt file included.
 | ||||
| 
 | ||||
| #include <algorithm> | ||||
| #include <cryptopp/aes.h> | ||||
| #include <cryptopp/ccm.h> | ||||
| #include <cryptopp/cryptlib.h> | ||||
| #include <cryptopp/filters.h> | ||||
| #include "common/alignment.h" | ||||
| #include "common/logging/log.h" | ||||
| #include "core/hw/aes/ccm.h" | ||||
| #include "core/hw/aes/key.h" | ||||
| 
 | ||||
| namespace HW { | ||||
| namespace AES { | ||||
| 
 | ||||
| namespace { | ||||
| 
 | ||||
| // 3DS uses a non-standard AES-CCM algorithm, so we need to derive a sub class from the standard one
 | ||||
| // and override with the non-standard part.
 | ||||
| using CryptoPP::lword; | ||||
| using CryptoPP::AES; | ||||
| using CryptoPP::CCM_Final; | ||||
| using CryptoPP::CCM_Base; | ||||
| template <bool T_IsEncryption> | ||||
| class CCM_3DSVariant_Final : public CCM_Final<AES, CCM_MAC_SIZE, T_IsEncryption> { | ||||
| public: | ||||
|     void UncheckedSpecifyDataLengths(lword header_length, lword message_length, | ||||
|                                      lword footer_length) override { | ||||
|         // 3DS uses the aligned size to generate B0 for authentication, instead of the original size
 | ||||
|         lword aligned_message_length = Common::AlignUp(message_length, AES_BLOCK_SIZE); | ||||
|         CCM_Base::UncheckedSpecifyDataLengths(header_length, aligned_message_length, footer_length); | ||||
|         CCM_Base::m_messageLength = message_length; // restore the actual message size
 | ||||
|     } | ||||
| }; | ||||
| 
 | ||||
| class CCM_3DSVariant { | ||||
| public: | ||||
|     using Encryption = CCM_3DSVariant_Final<true>; | ||||
|     using Decryption = CCM_3DSVariant_Final<false>; | ||||
| }; | ||||
| 
 | ||||
| } // namespace
 | ||||
| 
 | ||||
| std::vector<u8> EncryptSignCCM(const std::vector<u8>& pdata, const CCMNonce& nonce, | ||||
|                                size_t slot_id) { | ||||
|     if (!IsNormalKeyAvailable(slot_id)) { | ||||
|         LOG_ERROR(HW_AES, "Key slot %d not available. Will use zero key.", slot_id); | ||||
|     } | ||||
|     const AESKey normal = GetNormalKey(slot_id); | ||||
|     std::vector<u8> cipher(pdata.size() + CCM_MAC_SIZE); | ||||
| 
 | ||||
|     try { | ||||
|         CCM_3DSVariant::Encryption e; | ||||
|         e.SetKeyWithIV(normal.data(), AES_BLOCK_SIZE, nonce.data(), CCM_NONCE_SIZE); | ||||
|         e.SpecifyDataLengths(0, pdata.size(), 0); | ||||
|         CryptoPP::ArraySource as(pdata.data(), pdata.size(), true, | ||||
|                                  new CryptoPP::AuthenticatedEncryptionFilter( | ||||
|                                      e, new CryptoPP::ArraySink(cipher.data(), cipher.size()))); | ||||
|     } catch (const CryptoPP::Exception& e) { | ||||
|         LOG_ERROR(HW_AES, "FAILED with: %s", e.what()); | ||||
|     } | ||||
|     return cipher; | ||||
| } | ||||
| 
 | ||||
| std::vector<u8> DecryptVerifyCCM(const std::vector<u8>& cipher, const CCMNonce& nonce, | ||||
|                                  size_t slot_id) { | ||||
|     if (!IsNormalKeyAvailable(slot_id)) { | ||||
|         LOG_ERROR(HW_AES, "Key slot %d not available. Will use zero key.", slot_id); | ||||
|     } | ||||
|     const AESKey normal = GetNormalKey(slot_id); | ||||
|     const std::size_t pdata_size = cipher.size() - CCM_MAC_SIZE; | ||||
|     std::vector<u8> pdata(pdata_size); | ||||
| 
 | ||||
|     try { | ||||
|         CCM_3DSVariant::Decryption d; | ||||
|         d.SetKeyWithIV(normal.data(), AES_BLOCK_SIZE, nonce.data(), CCM_NONCE_SIZE); | ||||
|         d.SpecifyDataLengths(0, pdata_size, 0); | ||||
|         CryptoPP::AuthenticatedDecryptionFilter df( | ||||
|             d, new CryptoPP::ArraySink(pdata.data(), pdata_size)); | ||||
|         CryptoPP::ArraySource as(cipher.data(), cipher.size(), true, new CryptoPP::Redirector(df)); | ||||
|         if (!df.GetLastResult()) { | ||||
|             LOG_ERROR(HW_AES, "FAILED"); | ||||
|             return {}; | ||||
|         } | ||||
|     } catch (const CryptoPP::Exception& e) { | ||||
|         LOG_ERROR(HW_AES, "FAILED with: %s", e.what()); | ||||
|         return {}; | ||||
|     } | ||||
|     return pdata; | ||||
| } | ||||
| 
 | ||||
| } // namespace AES
 | ||||
| } // namespace HW
 | ||||
							
								
								
									
										40
									
								
								src/core/hw/aes/ccm.h
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										40
									
								
								src/core/hw/aes/ccm.h
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,40 @@ | ||||
| // Copyright 2017 Citra Emulator Project
 | ||||
| // Licensed under GPLv2 or any later version
 | ||||
| // Refer to the license.txt file included.
 | ||||
| 
 | ||||
| #pragma once | ||||
| 
 | ||||
| #include <array> | ||||
| #include <cstddef> | ||||
| #include <vector> | ||||
| #include "common/common_types.h" | ||||
| 
 | ||||
| namespace HW { | ||||
| namespace AES { | ||||
| 
 | ||||
| constexpr size_t CCM_NONCE_SIZE = 12; | ||||
| constexpr size_t CCM_MAC_SIZE = 16; | ||||
| 
 | ||||
| using CCMNonce = std::array<u8, CCM_NONCE_SIZE>; | ||||
| 
 | ||||
| /**
 | ||||
|  * Encrypts and adds a MAC to the given data using AES-CCM algorithm. | ||||
|  * @param pdata The plain text data to encrypt | ||||
|  * @param nonce The nonce data to use for encryption | ||||
|  * @param slot_id The slot ID of the key to use for encryption | ||||
|  * @returns a vector of u8 containing the encrypted data with MAC at the end | ||||
|  */ | ||||
| std::vector<u8> EncryptSignCCM(const std::vector<u8>& pdata, const CCMNonce& nonce, size_t slot_id); | ||||
| 
 | ||||
| /**
 | ||||
|  * Decrypts and verify the MAC of the given data using AES-CCM algorithm. | ||||
|  * @param cipher The cipher text data to decrypt, with MAC at the end to verify | ||||
|  * @param nonce The nonce data to use for decryption | ||||
|  * @param slot_id The slot ID of the key to use for decryption | ||||
|  * @returns a vector of u8 containing the decrypted data; an empty vector if the verification fails | ||||
|  */ | ||||
| std::vector<u8> DecryptVerifyCCM(const std::vector<u8>& cipher, const CCMNonce& nonce, | ||||
|                                  size_t slot_id); | ||||
| 
 | ||||
| } // namespace AES
 | ||||
| } // namespace HW
 | ||||
							
								
								
									
										173
									
								
								src/core/hw/aes/key.cpp
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										173
									
								
								src/core/hw/aes/key.cpp
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,173 @@ | ||||
| // Copyright 2017 Citra Emulator Project
 | ||||
| // Licensed under GPLv2 or any later version
 | ||||
| // Refer to the license.txt file included.
 | ||||
| 
 | ||||
| #include <algorithm> | ||||
| #include <exception> | ||||
| #include <sstream> | ||||
| #include <boost/optional.hpp> | ||||
| #include "common/common_paths.h" | ||||
| #include "common/file_util.h" | ||||
| #include "common/logging/log.h" | ||||
| #include "common/string_util.h" | ||||
| #include "core/hw/aes/arithmetic128.h" | ||||
| #include "core/hw/aes/key.h" | ||||
| 
 | ||||
| namespace HW { | ||||
| namespace AES { | ||||
| 
 | ||||
| namespace { | ||||
| 
 | ||||
| boost::optional<AESKey> generator_constant; | ||||
| 
 | ||||
| struct KeySlot { | ||||
|     boost::optional<AESKey> x; | ||||
|     boost::optional<AESKey> y; | ||||
|     boost::optional<AESKey> normal; | ||||
| 
 | ||||
|     void SetKeyX(const AESKey& key) { | ||||
|         x = key; | ||||
|         if (y && generator_constant) { | ||||
|             GenerateNormalKey(); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     void SetKeyY(const AESKey& key) { | ||||
|         y = key; | ||||
|         if (x && generator_constant) { | ||||
|             GenerateNormalKey(); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     void SetNormalKey(const AESKey& key) { | ||||
|         normal = key; | ||||
|     } | ||||
| 
 | ||||
|     void GenerateNormalKey() { | ||||
|         normal = Lrot128(Add128(Xor128(Lrot128(*x, 2), *y), *generator_constant), 87); | ||||
|     } | ||||
| 
 | ||||
|     void Clear() { | ||||
|         x.reset(); | ||||
|         y.reset(); | ||||
|         normal.reset(); | ||||
|     } | ||||
| }; | ||||
| 
 | ||||
| std::array<KeySlot, KeySlotID::MaxKeySlotID> key_slots; | ||||
| 
 | ||||
| void ClearAllKeys() { | ||||
|     for (KeySlot& slot : key_slots) { | ||||
|         slot.Clear(); | ||||
|     } | ||||
|     generator_constant.reset(); | ||||
| } | ||||
| 
 | ||||
| AESKey HexToKey(const std::string& hex) { | ||||
|     if (hex.size() < 32) { | ||||
|         throw std::invalid_argument("hex string is too short"); | ||||
|     } | ||||
| 
 | ||||
|     AESKey key; | ||||
|     for (size_t i = 0; i < key.size(); ++i) { | ||||
|         key[i] = static_cast<u8>(std::stoi(hex.substr(i * 2, 2), 0, 16)); | ||||
|     } | ||||
| 
 | ||||
|     return key; | ||||
| } | ||||
| 
 | ||||
| void LoadPresetKeys() { | ||||
|     const std::string filepath = FileUtil::GetUserPath(D_SYSDATA_IDX) + AES_KEYS; | ||||
|     FileUtil::CreateFullPath(filepath); // Create path if not already created
 | ||||
|     std::ifstream file; | ||||
|     OpenFStream(file, filepath, std::ios_base::in); | ||||
|     if (!file) { | ||||
|         return; | ||||
|     } | ||||
| 
 | ||||
|     while (!file.eof()) { | ||||
|         std::string line; | ||||
|         std::getline(file, line); | ||||
|         std::vector<std::string> parts; | ||||
|         Common::SplitString(line, '=', parts); | ||||
|         if (parts.size() != 2) { | ||||
|             LOG_ERROR(HW_AES, "Failed to parse %s", line.c_str()); | ||||
|             continue; | ||||
|         } | ||||
| 
 | ||||
|         const std::string& name = parts[0]; | ||||
|         AESKey key; | ||||
|         try { | ||||
|             key = HexToKey(parts[1]); | ||||
|         } catch (const std::logic_error& e) { | ||||
|             LOG_ERROR(HW_AES, "Invalid key %s: %s", parts[1].c_str(), e.what()); | ||||
|             continue; | ||||
|         } | ||||
| 
 | ||||
|         if (name == "generator") { | ||||
|             generator_constant = key; | ||||
|             continue; | ||||
|         } | ||||
| 
 | ||||
|         size_t slot_id; | ||||
|         char key_type; | ||||
|         if (std::sscanf(name.c_str(), "slot0x%zXKey%c", &slot_id, &key_type) != 2) { | ||||
|             LOG_ERROR(HW_AES, "Invalid key name %s", name.c_str()); | ||||
|             continue; | ||||
|         } | ||||
| 
 | ||||
|         if (slot_id >= MaxKeySlotID) { | ||||
|             LOG_ERROR(HW_AES, "Out of range slot ID 0x%zX", slot_id); | ||||
|             continue; | ||||
|         } | ||||
| 
 | ||||
|         switch (key_type) { | ||||
|         case 'X': | ||||
|             key_slots.at(slot_id).SetKeyX(key); | ||||
|             break; | ||||
|         case 'Y': | ||||
|             key_slots.at(slot_id).SetKeyY(key); | ||||
|             break; | ||||
|         case 'N': | ||||
|             key_slots.at(slot_id).SetNormalKey(key); | ||||
|             break; | ||||
|         default: | ||||
|             LOG_ERROR(HW_AES, "Invalid key type %c", key_type); | ||||
|             break; | ||||
|         } | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| } // namespace
 | ||||
| 
 | ||||
| void InitKeys() { | ||||
|     ClearAllKeys(); | ||||
|     LoadPresetKeys(); | ||||
| } | ||||
| 
 | ||||
| void SetGeneratorConstant(const AESKey& key) { | ||||
|     generator_constant = key; | ||||
| } | ||||
| 
 | ||||
| void SetKeyX(size_t slot_id, const AESKey& key) { | ||||
|     key_slots.at(slot_id).SetKeyX(key); | ||||
| } | ||||
| 
 | ||||
| void SetKeyY(size_t slot_id, const AESKey& key) { | ||||
|     key_slots.at(slot_id).SetKeyY(key); | ||||
| } | ||||
| 
 | ||||
| void SetNormalKey(size_t slot_id, const AESKey& key) { | ||||
|     key_slots.at(slot_id).SetNormalKey(key); | ||||
| } | ||||
| 
 | ||||
| bool IsNormalKeyAvailable(size_t slot_id) { | ||||
|     return key_slots.at(slot_id).normal.is_initialized(); | ||||
| } | ||||
| 
 | ||||
| AESKey GetNormalKey(size_t slot_id) { | ||||
|     return key_slots.at(slot_id).normal.value_or(AESKey{}); | ||||
| } | ||||
| 
 | ||||
| } // namespace AES
 | ||||
| } // namespace HW
 | ||||
							
								
								
									
										35
									
								
								src/core/hw/aes/key.h
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										35
									
								
								src/core/hw/aes/key.h
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,35 @@ | ||||
| // Copyright 2017 Citra Emulator Project
 | ||||
| // Licensed under GPLv2 or any later version
 | ||||
| // Refer to the license.txt file included.
 | ||||
| 
 | ||||
| #pragma once | ||||
| 
 | ||||
| #include <array> | ||||
| #include <cstddef> | ||||
| #include "common/common_types.h" | ||||
| 
 | ||||
| namespace HW { | ||||
| namespace AES { | ||||
| 
 | ||||
| enum KeySlotID : size_t { | ||||
|     APTWrap = 0x31, | ||||
| 
 | ||||
|     MaxKeySlotID = 0x40, | ||||
| }; | ||||
| 
 | ||||
| constexpr size_t AES_BLOCK_SIZE = 16; | ||||
| 
 | ||||
| using AESKey = std::array<u8, AES_BLOCK_SIZE>; | ||||
| 
 | ||||
| void InitKeys(); | ||||
| 
 | ||||
| void SetGeneratorConstant(const AESKey& key); | ||||
| void SetKeyX(size_t slot_id, const AESKey& key); | ||||
| void SetKeyY(size_t slot_id, const AESKey& key); | ||||
| void SetNormalKey(size_t slot_id, const AESKey& key); | ||||
| 
 | ||||
| bool IsNormalKeyAvailable(size_t slot_id); | ||||
| AESKey GetNormalKey(size_t slot_id); | ||||
| 
 | ||||
| } // namspace AES
 | ||||
| } // namespace HW
 | ||||
| @ -4,6 +4,7 @@ | ||||
| 
 | ||||
| #include "common/common_types.h" | ||||
| #include "common/logging/log.h" | ||||
| #include "core/hw/aes/key.h" | ||||
| #include "core/hw/gpu.h" | ||||
| #include "core/hw/hw.h" | ||||
| #include "core/hw/lcd.h" | ||||
| @ -85,6 +86,7 @@ void Update() {} | ||||
| 
 | ||||
| /// Initialize hardware
 | ||||
| void Init() { | ||||
|     AES::InitKeys(); | ||||
|     GPU::Init(); | ||||
|     LCD::Init(); | ||||
|     LOG_DEBUG(HW, "initialized OK"); | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 wwylele
						wwylele