Difference between revisions of "/dev/crypto"
< /dev
Jump to navigation
Jump to search
m (Adding some newly found official names) |
|||
| Line 234: | Line 234: | ||
| IOSC_EncryptBlocks() | | IOSC_EncryptBlocks() | ||
| IOS_Ioctlv(FD, 0x20, 3, 1, vector); | | IOS_Ioctlv(FD, 0x20, 3, 1, vector); | ||
| − | | Used by IOS-PAD to encrypt amiibo data. | + | | Software AES encryption, this supports multiple AES-modes(AES-CTR, ...). Used by IOS-PAD to encrypt amiibo data. |
| | | | ||
|- | |- | ||
| Line 240: | Line 240: | ||
| IOSC_DecryptBlocks() | | IOSC_DecryptBlocks() | ||
| IOS_Ioctlv(FD, 0x21, 3, 1, vector); | | IOS_Ioctlv(FD, 0x21, 3, 1, vector); | ||
| − | | Used by IOS-PAD to decrypt amiibo data. | + | | Software AES decryption version of the above ioctlv. Used by IOS-PAD to decrypt amiibo data. |
| | | | ||
|- | |- | ||
Revision as of 23:35, 30 January 2016
/dev/crypto is the IOSU device node for the cryptographic engine. It can only be opened by the IOSU and it also provides a stripped down library (IOSC) that is implemented on most IOSU modules under the name "crypto_ios_interface". Requests are issued via ioctl()/ioctlv() commands which are then mapped to internal functions inside the IOS-CRYPTO process. This is done using different message queues, each one mapping a subset of commands in a jump table:
0x00: Mapped by the 3rd message queue 0x01: Mapped by the 3rd message queue 0x02: Mapped by the 4th message queue 0x03: Mapped by the 4th message queue 0x04: Mapped by the 4th message queue 0x05: Mapped by the 4th message queue 0x06: Mapped by the 3rd message queue 0x07: Mapped by the 4th message queue 0x08: Mapped by the 4th message queue 0x09: Mapped by the 3rd message queue 0x0A: Mapped by the 3rd message queue 0x0B: Mapped by the 2nd message queue | Mapped by the 4th message queue (async version) 0x0C: Mapped by the 2nd message queue 0x0D: Mapped by the 2nd message queue 0x0E: Mapped by the 4th message queue 0x0F: Mapped by the 2nd message queue | Mapped by the 4th message queue (async version) 0x10: Mapped by the 4th message queue 0x11: Mapped by the 3rd message queue 0x12: Mapped by the 4th message queue 0x13: Mapped by the 4th message queue 0x14: Mapped by the 1st message queue 0x15: Mapped by the 3rd message queue 0x16: Mapped by the 4th message queue 0x17: Mapped by the 4th message queue 0x18: Not mapped 0x19: Mapped by the 2nd message queue 0x1A: Mapped by the 2nd message queue 0x1B: Mapped by the 1st message queue 0x1C: Mapped by the 2nd message queue 0x1D: Mapped by the 1st message queue 0x1E: Mapped by the 1st message queue 0x1F: Mapped by the 4th message queue 0x20: Mapped by the 4th message queue 0x21: Mapped by the 1st message queue 0x22: Mapped by the 3rd message queue
List of functions (ioctl/ioctlv)
| Command | Function | Call | Description | Notes |
|---|---|---|---|---|
| 0x01 | IOSC_CreateObject() | IOS_Ioctl(FD, 0x01, in_buf, 0x10, out_buf, 4); | Creates a new crypto object and returns a handle for it. | |
| 0x02 | IOSC_DeleteObject() | IOS_Ioctl(FD, 0x02, in_buf, 4, 0, 0); | Deletes a crypto object. | |
| 0x03 | IOSC_ImportSecretKey() | IOS_Ioctlv(FD, 0x03, 4, 0, vector); | ||
| 0x04 | keyring_deallocate_entry() | IOS_Ioctlv(FD, 0x04, 1, 3, vector); | ||
| 0x05 | import_pub_key() | IOS_Ioctlv(FD, 0x05, 3, 0, vector); | ||
| 0x06 | export_root() | IOS_Ioctlv(FD, 0x06, 1, 3, vector); | ||
| 0x07 | compute_shared_key() | IOS_Ioctl(FD, 0x07, in_buf, 0x10, 0, 0); | ||
| 0x08 | set_device_id() | IOS_Ioctlv(FD, 0x08, 2, 0, vector); | ||
| 0x09 | get_device_id() | IOS_Ioctlv(FD, 0x09, 1, 1, vector); | ||
| 0x0A | get_key_size() | IOS_Ioctl(FD, 0x0A, in_buf, 4, out_buf, 4); | ||
| 0x0B | get_key_userdata_size() | IOS_Ioctl(FD, 0x0B, in_buf, 4, out_buf, 4); | ||
| 0x0C | IOSC_GenerateHash() / IOSC_GenerateHashAsync(); | IOS_Ioctlv(FD, 0x0C, 3, 1, vector); / IOS_IoctlvAsync(FD, 0x0C, 3, 1, vector, queueid, message); | This function has 2 different implementations, one async and the other not. | |
| 0x0D | IOSC_Encrypt() / IOSC_EncryptAsync() | IOS_Ioctlv(FD, 0x0D, 3, 1, vector); / IOS_IoctlvAsync(FD, 0x0D, 3, 1, vector, queueid, message); | This function has 2 different implementations, one async and the other not. | |
| 0x0E | IOSC_Decrypt() / IOSC_DecryptAsync() | IOS_Ioctlv(FD, 0x0E, 3, 1, vector); / IOS_IoctlvAsync(FD, 0x0E, 3, 1, vector, queueid, message); | This function has 2 different implementations, one async and the other not. | |
| 0x0F | verify_public_key_sign() | IOS_Ioctlv(FD, 0x0F, 3, 0, vector); | ||
| 0x10 | IOSC_GenerateBlockMAC() / IOSC_GenerateBlockMACAsync() | IOS_Ioctlv(FD, 0x10, 4, 1, vector); / IOS_IoctlvAsync(FD, 0x10, 4, 1, vector, queueid, message); | This function has 2 different implementations, one async and the other not. | |
| 0x11 | verify_cert() | IOS_Ioctlv(FD, 0x11, 2, 0, vector); | ||
| 0x12 | get_device_cert() | IOS_Ioctl(FD, 0x12, 0, 0, out_buf, 0x180); | ||
| 0x13 | set_title_key_ownership() | IOS_Ioctlv(FD, 0x13, 2, 0, vector); | ||
| 0x14 | get_title_key_ownership() | IOS_Ioctlv(FD, 0x14, 1, 1, vector); | ||
| 0x15 | IOSC_GenerateRand() | IOS_Ioctl(FD, 0x15, 0, 0, out_buf, out_size); | Generate random data of an arbitrary size. | |
| 0x16 | generate_secret_key() | IOS_Ioctl(FD, 0x16, in_buf, 4, 0, 0); | ||
| 0x17 | sign() | IOS_Ioctlv(FD, 0x17, 2, 1, vector); | ||
| 0x18 | IOSC_GenerateCertificate() | IOS_Ioctlv(FD, 0x18, 2, 1, vector); | ||
| 0x19 | Unknown | IOS_Ioctl(FD, 0x19, ???, ???, ???, ???); | This command is not mapped by the IOS-CRYPTO process. | |
| 0x1A | odm_encrypt() | IOS_Ioctlv(FD, 0x1A, 3, 2, vector); | ||
| 0x1B | odm_generate_session_key() | IOS_Ioctlv(FD, 0x1B, 3, 1, vector); | ||
| 0x1C | get_security_level() | IOS_Ioctl(FD, 0x1C, 0, 0, out_buf, 4); | Gets the security level flag from the OTP. | |
| 0x1D | cryptoReadHashedBlock() | IOS_Ioctlv(FD, 0x1D, 5, 1, vector); | ||
| 0x1E | read_wii_seeprom_data() | IOS_Ioctl(FD, 0x1E, 0, 0, out_buf, 0x60); | Reads the old Wii SEEPROM certificate data from OTP's bank 6. | |
| 0x1F | generate_wagonu_key() | IOS_Ioctl(FD, 0x1F, ???, ???, ???, ???); | Generates the WagonU key used to encrypt/decrypt data for Wii U to Wii U system transfers. | |
| 0x20 | IOSC_EncryptBlocks() | IOS_Ioctlv(FD, 0x20, 3, 1, vector); | Software AES encryption, this supports multiple AES-modes(AES-CTR, ...). Used by IOS-PAD to encrypt amiibo data. | |
| 0x21 | IOSC_DecryptBlocks() | IOS_Ioctlv(FD, 0x21, 3, 1, vector); | Software AES decryption version of the above ioctlv. Used by IOS-PAD to decrypt amiibo data. | |
| 0x22 | mcp_auth_unk() | IOS_Ioctl(FD, 0x22, in_buf, 4, 0, 0); | ||
| 0x23 | mcp_wagon_archive_unk() | IOS_Ioctl(FD, 0x23, in_buf, 0x10, out_buf, 0x200); |
Key object handles
The above crypto commands use key/crypto object handles. These handles can be either from IOSC_CreateObject(which can then be initialized with import_secret_key in the case of AES), or a built-in handle. The available built-in handles/keyids are listed below.
The maximum number of keyobject-handles is 0x80, hence the highest valid keyobject-handle is 0x7F. Keyobject-handles <=0x40 are reserved for built-in handles, the rest are available for user-processes. Commands which write keyobjects' keydata are only allowed to use handles with value >0x40(user-process handles).
| ID | Type | Description |
|---|---|---|
| 0x00 | ECC-233 | Unknown private key. Possibly vWii NG ECC key. |
| 0x01 | NONE | Unknown ID (0x04 bytes). Possibly vWii NG ID. |
| 0x02 | UNK | Unknown (0x10 bytes). |
| 0x03 | UNK | Unknown (0x14 bytes). |
| 0x04 | AES-128 | Old Wii common key. |
| 0x05 | UNK | Unknown (0x10 bytes). |
| 0x06 | AES-128 | Fixed key stored in IOS-CRYPTO's data. |
| 0x07 | AES-128 | Wii U SEEPROM key. |
| 0x08 | NONE | Unused. |
| 0x09 | NONE | Unused. |
| 0x0A | NONE | Unused. |
| 0x0B | UNK | Unknown (0x10 bytes). |
| 0x0C | UNK | Unknown (0x10 bytes). |
| 0x0D | AES-128 | ARM Ancast Image (this and the below one are for all ARM-ancast images launched via IOS-MCP). |
| 0x0E | RSA-2048 modulus | ARM Ancast Image (stored inside IOS-CRYPTO's data). |
| 0x0F | RSA-2048 modulus | Unknown (stored inside IOS-CRYPTO's data). |
| 0x10 | AES-128 | Wii U common key. |
| 0x11 | UNK | Unknown (0x10 bytes). |
| 0x12 | AES-128 | WagonU key. |
| 0x13 | AES-128 | Old Wii NAND key. |
| 0x14 | HMAC SHA-1 | Old Wii NAND HMAC. |
| 0x15 | AES-128 | vWii common key. |
| 0x16 | UNK | Unknown (0x10 bytes). |
| 0x17 | UNK | Unknown (0x10 bytes). |
| 0x18 | UNK | Unknown (0x10 bytes). |
| 0x19 | UNK | Unknown (0x10 bytes). |
| 0x1A | UNK | Unknown (0x10 bytes). |
| 0x1B | AES-128 | Key to encrypt/decrypt SSL RSA key. |
| 0x1C | UNK | Unknown (0x1E bytes). |
| 0x1D | UNK | Unknown (0x1E bytes). |
| 0x1E | UNK | Unknown (0x10 bytes). |
| 0x1F | UNK | Unknown (0x10 bytes). |
| 0x20 | UNK | Unknown (0x40 bytes). |
| 0x21 | UNK | Unknown (0x40 bytes). |
| 0x22 | UNK | Unknown (0x40 bytes). |
| 0x23 | UNK | Unknown (0x40 bytes). |
| 0x24 | UNK | Unknown (0x10 bytes). |
| 0x25 | UNK | Unknown (0x10 bytes). |
| 0x26 | UNK | Unknown (0x10 bytes). |
| 0x27 | UNK | Unknown (0x10 bytes). |
| 0x28 | UNK | Unknown (0x10 bytes). |
| 0x29 to 0x40 | UNK | Unused. |