108
edits
Changes
no edit summary
Line 1:
Line 1:
−
+
{{stub}}
+/dev/crypto is the IOSU device node for the cryptographic engine. It can only be opened by the IOSU and it also provides a stripped down library (IOSC) that is implemented on most IOSU modules under the name "crypto_ios_interface".
+Requests are issued via ioctl()/ioctlv() commands which are then mapped to internal functions inside the IOS-CRYPTO process. This is done using different message queues, each one mapping a subset of commands in a jump table:
+ 0x00: Mapped by the 3rd message queue
+ 0x01: Mapped by the 3rd message queue
+ 0x02: Mapped by the 4th message queue
+ 0x03: Mapped by the 4th message queue
+ 0x04: Mapped by the 4th message queue
+ 0x05: Mapped by the 4th message queue
+ 0x06: Mapped by the 3rd message queue
+ 0x07: Mapped by the 4th message queue
+ 0x08: Mapped by the 4th message queue
+ 0x09: Mapped by the 3rd message queue
+ 0x0A: Mapped by the 3rd message queue
+ 0x0B: Mapped by the 2nd message queue | Mapped by the 4th message queue (async version)
+ 0x0C: Mapped by the 2nd message queue
+ 0x0D: Mapped by the 2nd message queue
+ 0x0E: Mapped by the 4th message queue
+ 0x0F: Mapped by the 2nd message queue | Mapped by the 4th message queue (async version)
+ 0x10: Mapped by the 4th message queue
+ 0x11: Mapped by the 3rd message queue
+ 0x12: Mapped by the 4th message queue
+ 0x13: Mapped by the 4th message queue
+ 0x14: Mapped by the 1st message queue
+ 0x15: Mapped by the 3rd message queue
+ 0x16: Mapped by the 4th message queue
+ 0x17: Mapped by the 4th message queue
+ 0x18: Not mapped
+ 0x19: Mapped by the 2nd message queue
+ 0x1A: Mapped by the 2nd message queue
+ 0x1B: Mapped by the 1st message queue
+ 0x1C: Mapped by the 2nd message queue
+ 0x1D: Mapped by the 1st message queue
+ 0x1E: Mapped by the 1st message queue
+ 0x1F: Mapped by the 4th message queue
+ 0x20: Mapped by the 4th message queue
+ 0x21: Mapped by the 1st message queue
+ 0x22: Mapped by the 3rd message queue
+== List of functions (ioctl/ioctlv) ==
+{| class="wikitable sortable"
+! Command
+! Function
+! Call
+! Description
+! Notes
+|-
+| 0x01
+| IOSC_CreateObject()
+| IOS_Ioctl(FD, 0x01, in_buf, 0x10, out_buf, 4);
+| Creates a new crypto object and returns a handle for it.
+|
+|-
+| 0x02
+| IOSC_DeleteObject()
+| IOS_Ioctl(FD, 0x02, in_buf, 4, 0, 0);
+| Deletes a crypto object.
+|
+|-
+| 0x03
+| import_secret_key()
+| IOS_Ioctlv(FD, 0x03, 4, 0, vector);
+|
+|
+|-
+| 0x04
+| keyring_deallocate_entry()
+| IOS_Ioctlv(FD, 0x04, 1, 3, vector);
+|
+|
+|-
+| 0x05
+| import_pub_key()
+| IOS_Ioctlv(FD, 0x05, 3, 0, vector);
+|
+|
+|-
+| 0x06
+| export_root()
+| IOS_Ioctlv(FD, 0x06, 1, 3, vector);
+|
+|
+|-
+| 0x07
+| compute_shared_key()
+| IOS_Ioctl(FD, 0x07, in_buf, 0x10, 0, 0);
+|
+|
+|-
+| 0x08
+| set_device_id()
+| IOS_Ioctlv(FD, 0x08, 2, 0, vector);
+|
+|
+|-
+| 0x09
+| get_device_id()
+| IOS_Ioctlv(FD, 0x09, 1, 1, vector);
+|
+|
+|-
+| 0x0A
+| get_key_size()
+| IOS_Ioctl(FD, 0x0A, in_buf, 4, out_buf, 4);
+|
+|
+|-
+| 0x0B
+| get_key_userdata_size()
+| IOS_Ioctl(FD, 0x0B, in_buf, 4, out_buf, 4);
+|
+|
+|-
+| 0x0C
+| IOSC_GenerateHash() / IOSC_GenerateHashAsync();
+| IOS_Ioctlv(FD, 0x0C, 3, 1, vector); / IOS_IoctlvAsync(FD, 0x0C, 3, 1, vector, queueid, message);
+|
+| This function has 2 different implementations, one async and the other not.
+|-
+| 0x0D
+| IOSC_Encrypt() / IOSC_EncryptAsync()
+| IOS_Ioctlv(FD, 0x0D, 3, 1, vector); / IOS_IoctlvAsync(FD, 0x0D, 3, 1, vector, queueid, message);
+|
+| This function has 2 different implementations, one async and the other not.
+|-
+| 0x0E
+| IOSC_Decrypt() / IOSC_DecryptAsync()
+| IOS_Ioctlv(FD, 0x0E, 3, 1, vector); / IOS_IoctlvAsync(FD, 0x0E, 3, 1, vector, queueid, message);
+|
+| This function has 2 different implementations, one async and the other not.
+|-
+| 0x0F
+| verify_public_key_sign()
+| IOS_Ioctlv(FD, 0x0F, 3, 0, vector);
+|
+|
+|-
+| 0x10
+| hmac() / hmac_async()
+| IOS_Ioctlv(FD, 0x10, 4, 1, vector); / IOS_IoctlvAsync(FD, 0x10, 4, 1, vector, queueid, message);
+|
+| This function has 2 different implementations, one async and the other not.
+|-
+| 0x11
+| verify_cert()
+| IOS_Ioctlv(FD, 0x11, 2, 0, vector);
+|
+|
+|-
+| 0x12
+| get_device_cert()
+| IOS_Ioctl(FD, 0x12, 0, 0, out_buf, 0x180);
+|
+|
+|-
+| 0x13
+| set_title_key_ownership()
+| IOS_Ioctlv(FD, 0x13, 2, 0, vector);
+|
+|
+|-
+| 0x14
+| get_title_key_ownership()
+| IOS_Ioctlv(FD, 0x14, 1, 1, vector);
+|
+|
+|-
+| 0x15
+| IOSC_GenerateRand()
+| IOS_Ioctl(FD, 0x15, 0, 0, out_buf, out_size);
+| Generate random data of an arbitrary size.
+|
+|-
+| 0x16
+| generate_secret_key()
+| IOS_Ioctl(FD, 0x16, in_buf, 4, 0, 0);
+|
+|
+|-
+| 0x17
+| sign()
+| IOS_Ioctlv(FD, 0x17, 2, 1, vector);
+|
+|
+|-
+| 0x18
+| IOSC_GenerateCertificate()
+| IOS_Ioctlv(FD, 0x18, 2, 1, vector);
+|
+|
+|-
+| 0x19
+| Unknown
+| IOS_Ioctl(FD, 0x19, ???, ???, ???, ???);
+|
+| This command is not mapped by the IOS-CRYPTO process.
+|-
+| 0x1A
+| odm_encrypt()
+| IOS_Ioctlv(FD, 0x1A, 3, 2, vector);
+|
+|
+|-
+| 0x1B
+| odm_generate_session_key()
+| IOS_Ioctlv(FD, 0x1B, 3, 1, vector);
+|
+|
+|-
+| 0x1C
+| read_otp_bank1_word()
+| IOS_Ioctl(FD, 0x1C, 0, 0, out_buf, 4);
+| Reads the first word from OTP's bank 1.
+|
+|-
+| 0x1D
+| cryptoReadHashedBlock()
+| IOS_Ioctlv(FD, 0x1D, 5, 1, vector);
+|
+|
+|-
+| 0x1E
+| read_seeprom_data()
+| IOS_Ioctl(FD, 0x1E, 0, 0, out_buf, 0x60);
+| Reads the old Wii SEEPROM certificate data from OTP's bank 6.
+|
+|-
+| 0x1F
+| Unknown
+| IOS_Ioctl(FD, 0x1F, ???, ???, ???, ???);
+|
+|
+|-
+| 0x20
+| Unknown
+| IOS_Ioctlv(FD, 0x20, 3, 1, vector);
+|
+|
+|-
+| 0x21
+| Unknown
+| IOS_Ioctlv(FD, 0x21, 3, 1, vector);
+|
+|
+|-
+| 0x22
+| mcp_auth_unk()
+| IOS_Ioctl(FD, 0x22, in_buf, 4, 0, 0);
+|
+|
+|-
+| 0x23
+| mcp_wagon_archive_unk()
+| IOS_Ioctl(FD, 0x23, in_buf, 0x10, out_buf, 0x200);
+|
+|
+|-
+|}