diff options
Diffstat (limited to 'src/core')
| -rw-r--r-- | src/core/crypto/key_manager.cpp | 7 | ||||
| -rw-r--r-- | src/core/crypto/key_manager.h | 2 | ||||
| -rw-r--r-- | src/core/crypto/partition_data_manager.cpp | 12 | ||||
| -rw-r--r-- | src/core/crypto/partition_data_manager.h | 4 |
4 files changed, 15 insertions, 10 deletions
diff --git a/src/core/crypto/key_manager.cpp b/src/core/crypto/key_manager.cpp index d2ce4f5bf..fd0786068 100644 --- a/src/core/crypto/key_manager.cpp +++ b/src/core/crypto/key_manager.cpp @@ -98,7 +98,7 @@ std::array<u8, 144> DecryptKeyblob(const std::array<u8, 176>& encrypted_keyblob, return keyblob; } -void KeyManager::DeriveGeneralPurposeKeys(u8 crypto_revision) { +void KeyManager::DeriveGeneralPurposeKeys(std::size_t crypto_revision) { const auto kek_generation_source = GetKey(S128KeyType::Source, static_cast<u64>(SourceKeyType::AESKekGeneration)); const auto key_generation_source = @@ -270,6 +270,9 @@ static std::array<u8, size> operator^(const std::array<u8, size>& lhs, template <size_t target_size, size_t in_size> static std::array<u8, target_size> MGF1(const std::array<u8, in_size>& seed) { + // Avoids truncation overflow within the loop below. + static_assert(target_size <= 0xFF); + std::array<u8, in_size + 4> seed_exp{}; std::memcpy(seed_exp.data(), seed.data(), in_size); @@ -277,7 +280,7 @@ static std::array<u8, target_size> MGF1(const std::array<u8, in_size>& seed) { size_t i = 0; while (out.size() < target_size) { out.resize(out.size() + 0x20); - seed_exp[in_size + 3] = i; + seed_exp[in_size + 3] = static_cast<u8>(i); mbedtls_sha256(seed_exp.data(), seed_exp.size(), out.data() + out.size() - 0x20, 0); ++i; } diff --git a/src/core/crypto/key_manager.h b/src/core/crypto/key_manager.h index a41abbdfc..cccb3c0ae 100644 --- a/src/core/crypto/key_manager.h +++ b/src/core/crypto/key_manager.h @@ -175,7 +175,7 @@ private: void WriteKeyToFile(KeyCategory category, std::string_view keyname, const std::array<u8, Size>& key); - void DeriveGeneralPurposeKeys(u8 crypto_revision); + void DeriveGeneralPurposeKeys(std::size_t crypto_revision); void SetKeyWrapped(S128KeyType id, Key128 key, u64 field1 = 0, u64 field2 = 0); void SetKeyWrapped(S256KeyType id, Key256 key, u64 field1 = 0, u64 field2 = 0); diff --git a/src/core/crypto/partition_data_manager.cpp b/src/core/crypto/partition_data_manager.cpp index bef8cdaf0..51d89508b 100644 --- a/src/core/crypto/partition_data_manager.cpp +++ b/src/core/crypto/partition_data_manager.cpp @@ -332,7 +332,8 @@ FileSys::VirtualFile PartitionDataManager::GetBoot0Raw() const { return boot0; } -PartitionDataManager::EncryptedKeyBlob PartitionDataManager::GetEncryptedKeyblob(u8 index) const { +PartitionDataManager::EncryptedKeyBlob PartitionDataManager::GetEncryptedKeyblob( + std::size_t index) const { if (HasBoot0() && index < NUM_ENCRYPTED_KEYBLOBS) return GetEncryptedKeyblobs()[index]; return {}; @@ -389,7 +390,7 @@ std::array<u8, 16> PartitionDataManager::GetKeyblobMACKeySource() const { return FindKeyFromHex(package1_decrypted_bytes, source_hashes[0]); } -std::array<u8, 16> PartitionDataManager::GetKeyblobKeySource(u8 revision) const { +std::array<u8, 16> PartitionDataManager::GetKeyblobKeySource(std::size_t revision) const { if (keyblob_source_hashes[revision] == SHA256Hash{}) { LOG_WARNING(Crypto, "No keyblob source hash for crypto revision {:02X}! Cannot derive keys...", @@ -456,11 +457,12 @@ void PartitionDataManager::DecryptPackage2(std::array<std::array<u8, 16>, 0x20> if (file->ReadObject(&header) != sizeof(Package2Header)) return; - u8 revision = 0xFF; + std::size_t revision = 0xFF; if (header.magic != Common::MakeMagic('P', 'K', '2', '1')) { - for (size_t i = 0; i < package2_keys.size(); ++i) { - if (AttemptDecrypt(package2_keys[i], header)) + for (std::size_t i = 0; i < package2_keys.size(); ++i) { + if (AttemptDecrypt(package2_keys[i], header)) { revision = i; + } } } diff --git a/src/core/crypto/partition_data_manager.h b/src/core/crypto/partition_data_manager.h index 7c9c4410a..9e448f720 100644 --- a/src/core/crypto/partition_data_manager.h +++ b/src/core/crypto/partition_data_manager.h @@ -34,7 +34,7 @@ public: // BOOT0 bool HasBoot0() const; FileSys::VirtualFile GetBoot0Raw() const; - EncryptedKeyBlob GetEncryptedKeyblob(u8 index) const; + EncryptedKeyBlob GetEncryptedKeyblob(std::size_t index) const; EncryptedKeyBlobs GetEncryptedKeyblobs() const; std::vector<u8> GetSecureMonitor() const; std::array<u8, 0x10> GetPackage2KeySource() const; @@ -46,7 +46,7 @@ public: std::vector<u8> GetPackage1Decrypted() const; std::array<u8, 0x10> GetMasterKeySource() const; std::array<u8, 0x10> GetKeyblobMACKeySource() const; - std::array<u8, 0x10> GetKeyblobKeySource(u8 revision) const; + std::array<u8, 0x10> GetKeyblobKeySource(std::size_t revision) const; // Fuses bool HasFuses() const; |