/** * @file spl.h * @brief Security Processor Liaison (spl*) service IPC wrapper. * @author SciresM * @copyright libnx Authors */ #pragma once #include "../types.h" #include "../kernel/event.h" #include "../sf/service.h" #define SPL_RSA_BUFFER_SIZE (0x100) typedef enum { SplConfigItem_DisableProgramVerification = 1, SplConfigItem_DramId = 2, SplConfigItem_SecurityEngineIrqNumber = 3, SplConfigItem_Version = 4, SplConfigItem_HardwareType = 5, SplConfigItem_IsRetail = 6, SplConfigItem_IsRecoveryBoot = 7, SplConfigItem_DeviceId = 8, SplConfigItem_BootReason = 9, SplConfigItem_MemoryArrange = 10, SplConfigItem_IsDebugMode = 11, SplConfigItem_KernelMemoryConfiguration = 12, SplConfigItem_IsChargerHiZModeEnabled = 13, SplConfigItem_IsKiosk = 14, SplConfigItem_NewHardwareType = 15, SplConfigItem_NewKeyGeneration = 16, SplConfigItem_Package2Hash = 17, } SplConfigItem; typedef enum { RsaKeyVersion_Deprecated = 0, RsaKeyVersion_Extended = 1, } RsaKeyVersion; /// Initialize 'spl:'. Result splInitialize(void); /// Exit 'spl:'. void splExit(void); /// Gets the Service object for the IGeneralInterface usable with spl*(). Service* splGetServiceSession(void); /// Initialize spl:mig. On pre-4.0.0 this just calls \ref splInitialize. Result splCryptoInitialize(void); /// Exit spl:mig. On pre-4.0.0 this just calls \ref splExit. void splCryptoExit(void); /// Gets the Service object for the IGeneralInterface usable with splCrypto*(). Service* splCryptoGetServiceSession(void); /// Initialize spl:ssl. On pre-4.0.0 this just calls \ref splInitialize. Result splSslInitialize(void); /// Exit spl:ssl. On pre-4.0.0 this just calls \ref splExit. void splSslExit(void); /// Gets the Service object for the IGeneralInterface usable with splSsl*(). Service* splSslGetServiceSession(void); /// Initialize spl:es. On pre-4.0.0 this just calls \ref splInitialize. Result splEsInitialize(void); /// Exit spl:es. On pre-4.0.0 this just calls \ref splExit. void splEsExit(void); /// Gets the Service object for the IGeneralInterface usable with splEs*(). Service* splEsGetServiceSession(void); /// Initialize spl:fs. On pre-4.0.0 this just calls \ref splInitialize. Result splFsInitialize(void); /// Exit spl:fs. On pre-4.0.0 this just calls \ref splExit. void splFsExit(void); /// Gets the Service object for the IGeneralInterface usable with splFs*(). Service* splFsGetServiceSession(void); /// Initialize spl:manu. On pre-4.0.0 this just calls \ref splInitialize. Result splManuInitialize(void); /// Exit spl:manu. On pre-4.0.0 this just calls \ref splExit. void splManuExit(void); /// Gets the Service object for the IGeneralInterface usable with splManu*(). Service* splManuGetServiceSession(void); Result splGetConfig(SplConfigItem config_item, u64 *out_config); Result splUserExpMod(const void *input, const void *modulus, const void *exp, size_t exp_size, void *dst); Result splSetConfig(SplConfigItem config_item, u64 value); Result splGetRandomBytes(void *out, size_t out_size); Result splIsDevelopment(bool *out_is_development); Result splSetBootReason(u32 value); Result splGetBootReason(u32 *out_value); Result splCryptoGenerateAesKek(const void *wrapped_kek, u32 key_generation, u32 option, void *out_sealed_kek); Result splCryptoLoadAesKey(const void *sealed_kek, const void *wrapped_key, u32 keyslot); Result splCryptoGenerateAesKey(const void *sealed_kek, const void *wrapped_key, void *out_sealed_key); Result splCryptoDecryptAesKey(const void *wrapped_key, u32 key_generation, u32 option, void *out_sealed_key); Result splCryptoCryptAesCtr(const void *input, void *output, size_t size, u32 keyslot, const void *ctr); Result splCryptoComputeCmac(const void *input, size_t size, u32 keyslot, void *out_cmac); Result splCryptoLockAesEngine(u32 *out_keyslot); Result splCryptoUnlockAesEngine(u32 keyslot); Result splCryptoGetSecurityEngineEvent(Event *out_event); Result splRsaDecryptPrivateKey(const void *sealed_kek, const void *wrapped_key, const void *wrapped_rsa_key, size_t wrapped_rsa_key_size, RsaKeyVersion version, void *dst, size_t dst_size); Result splSslLoadSecureExpModKey(const void *sealed_kek, const void *wrapped_key, const void *wrapped_rsa_key, size_t wrapped_rsa_key_size); Result splSslSecureExpMod(const void *input, const void *modulus, void *dst); Result splEsLoadRsaOaepKey(const void *sealed_kek, const void *wrapped_key, const void *wrapped_rsa_key, size_t wrapped_rsa_key_size, RsaKeyVersion version); Result splEsUnwrapRsaOaepWrappedTitlekey(const void *rsa_wrapped_titlekey, const void *modulus, const void *label_hash, size_t label_hash_size, u32 key_generation, void *out_sealed_titlekey); Result splEsUnwrapAesWrappedTitlekey(const void *aes_wrapped_titlekey, u32 key_generation, void *out_sealed_titlekey); Result splEsLoadSecureExpModKey(const void *sealed_kek, const void *wrapped_key, const void *wrapped_rsa_key, size_t wrapped_rsa_key_size); Result splEsSecureExpMod(const void *input, const void *modulus, void *dst); Result splEsUnwrapElicenseKey(const void *rsa_wrapped_elicense_key, const void *modulus, const void *label_hash, size_t label_hash_size, u32 key_generation, void *out_sealed_elicense_key); Result splEsLoadElicenseKey(const void *sealed_elicense_key, u32 keyslot); Result splFsLoadSecureExpModKey(const void *sealed_kek, const void *wrapped_key, const void *wrapped_rsa_key, size_t wrapped_rsa_key_size, RsaKeyVersion version); Result splFsSecureExpMod(const void *input, const void *modulus, void *dst); Result splFsGenerateSpecificAesKey(const void *wrapped_key, u32 key_generation, u32 option, void *out_sealed_key); Result splFsLoadTitlekey(const void *sealed_titlekey, u32 keyslot); Result splFsGetPackage2Hash(void *out_hash); Result splManuEncryptRsaKeyForImport(const void *sealed_kek_pre, const void *wrapped_key_pre, const void *sealed_kek_post, const void *wrapped_kek_post, u32 option, const void *wrapped_rsa_key, void *out_wrapped_rsa_key, size_t rsa_key_size);