mirrors/yuzu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

crypto: Streamline ticket loading.

Browse source 
Do not parse title key when already known, and re-use code where possible.

Offers a significant speed-up to game list population.
This commit is contained in:
Steveice10 2023-07-01 04:45:30 -07:00
commit 09956e883a
4 changed files with 53 additions and 84 deletions
Download patch file Download diff file Expand all files Collapse all files

107
src/core/crypto/key_manager.cpp
View file

@ -556,28 +556,35 @@ static std::optional<u64> FindTicketOffset(const std::array<u8, size>& data) {
return offset; return offset;
} }
std::optional<std::pair<Key128, Key128>> ParseTicket(const Ticket& ticket, std::optional<Key128> KeyManager::ParseTicketTitleKey(const Ticket& ticket) {
const RSAKeyPair<2048>& key) { if (eticket_rsa_keypair == RSAKeyPair<2048>{}) {
LOG_WARNING(Crypto,
"Skipping ticket title key parsing due to missing ETicket RSA key-pair.");
return std::nullopt;
}
if (!ticket.IsValid()) { if (!ticket.IsValid()) {
LOG_WARNING(Crypto, "Attempted to parse title key of invalid ticket.");
return std::nullopt;
}
if (ticket.GetData().rights_id == Key128{}) {
LOG_WARNING(Crypto, "Attempted to parse title key of ticket with no rights ID.");
return std::nullopt; return std::nullopt;
} }
const auto issuer = ticket.GetData().issuer; const auto issuer = ticket.GetData().issuer;
if (IsAllZeroArray(issuer)) { if (IsAllZeroArray(issuer)) {
LOG_WARNING(Crypto, "Attempted to parse title key of ticket with invalid issuer.");
return std::nullopt; return std::nullopt;
} }
if (issuer[0] != 'R' || issuer[1] != 'o' || issuer[2] != 'o' || issuer[3] != 't') { if (issuer[0] != 'R' || issuer[1] != 'o' || issuer[2] != 'o' || issuer[3] != 't') {
LOG_INFO(Crypto, "Attempting to parse ticket with non-standard certificate authority."); LOG_WARNING(Crypto, "Parsing ticket with non-standard certificate authority.");
}
Key128 rights_id = ticket.GetData().rights_id;
if (rights_id == Key128{}) {
return std::nullopt;
} }
if (ticket.GetData().type == TitleKeyType::Common) { if (ticket.GetData().type == TitleKeyType::Common) {
return std::make_pair(rights_id, ticket.GetData().title_key_common); return ticket.GetData().title_key_common;
} }
mbedtls_mpi D; // RSA Private Exponent mbedtls_mpi D; // RSA Private Exponent
@ -590,9 +597,12 @@ std::optional<std::pair<Key128, Key128>> ParseTicket(const Ticket& ticket,
mbedtls_mpi_init(&S); mbedtls_mpi_init(&S);
mbedtls_mpi_init(&M); mbedtls_mpi_init(&M);
mbedtls_mpi_read_binary(&D, key.decryption_key.data(), key.decryption_key.size()); const auto& title_key_block = ticket.GetData().title_key_block;
mbedtls_mpi_read_binary(&N, key.modulus.data(), key.modulus.size()); mbedtls_mpi_read_binary(&D, eticket_rsa_keypair.decryption_key.data(),
mbedtls_mpi_read_binary(&S, ticket.GetData().title_key_block.data(), 0x100); eticket_rsa_keypair.decryption_key.size());
mbedtls_mpi_read_binary(&N, eticket_rsa_keypair.modulus.data(),
eticket_rsa_keypair.modulus.size());
mbedtls_mpi_read_binary(&S, title_key_block.data(), title_key_block.size());
mbedtls_mpi_exp_mod(&M, &S, &D, &N, nullptr); mbedtls_mpi_exp_mod(&M, &S, &D, &N, nullptr);
@ -620,8 +630,7 @@ std::optional<std::pair<Key128, Key128>> ParseTicket(const Ticket& ticket,
Key128 key_temp{}; Key128 key_temp{};
std::memcpy(key_temp.data(), m_2.data() + *offset, key_temp.size()); std::memcpy(key_temp.data(), m_2.data() + *offset, key_temp.size());
return key_temp;
return std::make_pair(rights_id, key_temp);
} }
KeyManager::KeyManager() { KeyManager::KeyManager() {
@ -1199,30 +1208,12 @@ void KeyManager::PopulateTickets() {
const Common::FS::IOFile save_e2{system_save_e2_path, Common::FS::FileAccessMode::Read, const Common::FS::IOFile save_e2{system_save_e2_path, Common::FS::FileAccessMode::Read,
Common::FS::FileType::BinaryFile}; Common::FS::FileType::BinaryFile};
auto tickets = GetTicketblob(save_e1);
const auto blob2 = GetTicketblob(save_e2); const auto blob2 = GetTicketblob(save_e2);
auto res = GetTicketblob(save_e1); tickets.insert(tickets.end(), blob2.begin(), blob2.end());
const auto idx = res.size(); for (const auto& ticket : tickets) {
res.insert(res.end(), blob2.begin(), blob2.end()); AddTicket(ticket);
for (std::size_t i = 0; i < res.size(); ++i) {
const auto common = i < idx;
const auto pair = ParseTicket(res[i], eticket_rsa_keypair);
if (!pair) {
continue;
}
const auto& [rid, key] = *pair;
u128 rights_id;
std::memcpy(rights_id.data(), rid.data(), rid.size());
if (common) {
common_tickets[rights_id] = res[i];
} else {
personal_tickets[rights_id] = res[i];
}
SetKey(S128KeyType::Titlekey, key, rights_id[1], rights_id[0]);
} }
} }
@ -1354,39 +1345,33 @@ const std::map<u128, Ticket>& KeyManager::GetPersonalizedTickets() const {
return personal_tickets; return personal_tickets;
} }
bool KeyManager::AddTicketCommon(Ticket raw) { bool KeyManager::AddTicket(const Ticket& ticket) {
if (eticket_rsa_keypair == RSAKeyPair<2048>{}) { if (!ticket.IsValid()) {
LOG_WARNING(Crypto, "Attempted to add invalid ticket.");
return false; return false;
} }
const auto pair = ParseTicket(raw, eticket_rsa_keypair); const auto& rid = ticket.GetData().rights_id;
if (!pair) {
return false;
}
const auto& [rid, key] = *pair;
u128 rights_id; u128 rights_id;
std::memcpy(rights_id.data(), rid.data(), rid.size()); std::memcpy(rights_id.data(), rid.data(), rid.size());
common_tickets[rights_id] = raw; if (ticket.GetData().type == Core::Crypto::TitleKeyType::Common) {
SetKey(S128KeyType::Titlekey, key, rights_id[1], rights_id[0]); common_tickets[rights_id] = ticket;
return true; } else {
} personal_tickets[rights_id] = ticket;
bool KeyManager::AddTicketPersonalized(Ticket raw) {
if (eticket_rsa_keypair == RSAKeyPair<2048>{}) {
return false;
} }
const auto pair = ParseTicket(raw, eticket_rsa_keypair); if (HasKey(S128KeyType::Titlekey, rights_id[1], rights_id[0])) {
if (!pair) { LOG_DEBUG(Crypto,
return false; "Skipping parsing title key from ticket for known rights ID {:016X}{:016X}.",
rights_id[1], rights_id[0]);
return true;
} }
const auto& [rid, key] = *pair; const auto key = ParseTicketTitleKey(ticket);
u128 rights_id; if (!key) {
std::memcpy(rights_id.data(), rid.data(), rid.size()); return false;
personal_tickets[rights_id] = raw; }
SetKey(S128KeyType::Titlekey, key, rights_id[1], rights_id[0]); SetKey(S128KeyType::Titlekey, key.value(), rights_id[1], rights_id[0]);
return true; return true;
} }
} // namespace Core::Crypto } // namespace Core::Crypto

11
src/core/crypto/key_manager.h
View file

@ -290,8 +290,7 @@ public:
const std::map<u128, Ticket>& GetCommonTickets() const; const std::map<u128, Ticket>& GetCommonTickets() const;
const std::map<u128, Ticket>& GetPersonalizedTickets() const; const std::map<u128, Ticket>& GetPersonalizedTickets() const;
bool AddTicketCommon(Ticket raw); bool AddTicket(const Ticket& ticket);
bool AddTicketPersonalized(Ticket raw);
void ReloadKeys(); void ReloadKeys();
bool AreKeysLoaded() const; bool AreKeysLoaded() const;
@ -324,6 +323,9 @@ private:
void SetKeyWrapped(S128KeyType id, Key128 key, u64 field1 = 0, u64 field2 = 0); void SetKeyWrapped(S128KeyType id, Key128 key, u64 field1 = 0, u64 field2 = 0);
void SetKeyWrapped(S256KeyType id, Key256 key, u64 field1 = 0, u64 field2 = 0); void SetKeyWrapped(S256KeyType id, Key256 key, u64 field1 = 0, u64 field2 = 0);
/// Parses the title key section of a ticket.
std::optional<Key128> ParseTicketTitleKey(const Ticket& ticket);
}; };
Key128 GenerateKeyEncryptionKey(Key128 source, Key128 master, Key128 kek_seed, Key128 key_seed); Key128 GenerateKeyEncryptionKey(Key128 source, Key128 master, Key128 kek_seed, Key128 key_seed);
@ -338,9 +340,4 @@ Loader::ResultStatus DeriveSDKeys(std::array<Key256, 2>& sd_keys, KeyManager& ke
std::vector<Ticket> GetTicketblob(const Common::FS::IOFile& ticket_save); std::vector<Ticket> GetTicketblob(const Common::FS::IOFile& ticket_save);
// Returns a pair of {rights_id, titlekey}. Fails if the ticket has no certificate authority
// (offset 0x140-0x144 is zero)
std::optional<std::pair<Key128, Key128>> ParseTicket(const Ticket& ticket,
const RSAKeyPair<2048>& eticket_extended_key);
} // namespace Core::Crypto } // namespace Core::Crypto

10
src/core/file_sys/submission_package.cpp
View file

@ -191,16 +191,10 @@ void NSP::SetTicketKeys(const std::vector<VirtualFile>& files) {
} }
auto ticket = Core::Crypto::Ticket::Read(ticket_file); auto ticket = Core::Crypto::Ticket::Read(ticket_file);
if (!ticket.IsValid()) { if (!keys.AddTicket(ticket)) {
LOG_WARNING(Common_Filesystem, "Could not read NSP ticket {}", ticket_file->GetName()); LOG_WARNING(Common_Filesystem, "Could not load NSP ticket {}", ticket_file->GetName());
continue; continue;
} }
if (ticket.GetData().type == Core::Crypto::TitleKeyType::Common) {
keys.AddTicketCommon(ticket);
} else {
keys.AddTicketPersonalized(ticket);
}
} }
} }

9
src/core/hle/service/es/es.cpp
View file

@ -133,14 +133,7 @@ private:
} }
Core::Crypto::Ticket ticket = Core::Crypto::Ticket::Read(raw_ticket); Core::Crypto::Ticket ticket = Core::Crypto::Ticket::Read(raw_ticket);
if (!ticket.IsValid()) { if (!keys.AddTicket(ticket)) {
LOG_ERROR(Service_ETicket, "The ticket is invalid!");
IPC::ResponseBuilder rb{ctx, 2};
rb.Push(ERROR_INVALID_ARGUMENT);
return;
}
if (!keys.AddTicketPersonalized(ticket)) {
LOG_ERROR(Service_ETicket, "The ticket could not be imported!"); LOG_ERROR(Service_ETicket, "The ticket could not be imported!");
IPC::ResponseBuilder rb{ctx, 2}; IPC::ResponseBuilder rb{ctx, 2};
rb.Push(ERROR_INVALID_ARGUMENT); rb.Push(ERROR_INVALID_ARGUMENT);