RSA Registers: Difference between revisions

← Older edit

@@ Line 1: / Line 1: @@
+= Overview =
+The RSA module is essentially a hardware-accelerated modular exponentiation engine. It is specially optimized for RSA applications, so its behavior can be incoherent when RSA's invariants are broken.
+=== Observed edge cases ===
+* if 2 divides mod, output == 0
 = Registers =
 {| class="wikitable" border="1"
@@ Line 46: / Line 53: @@
 | [[#RSA_EXPFIFO|RSA_EXPFIFO]]
 | 0x1000B200
-| 0x04
+| 0x100 (can handle u32 writes to any aligned position in the FIFO)
 |
 |-
@@ Line 71: / Line 78: @@
 |-
 | 1
-| ?
+| Interrupt enable (1=enable, 0=disable)
 |-
 | 4-7
@@ Line 77: / Line 84: @@
 |-
 | 8
-| Endianness (1=Little endian, 0=Big endian)
+| Endianness (1=Little endian, 0=Big endian). Affects RSA_EXPFIFO, RSA_MOD, and RSA_TXT.
 |-
 | 9
-| Word order (1=Normal order, 0=Reversed order)
+| Word order (1=Normal order, 0=Reversed order). Affects RSA_MOD and RSA_TXT.
 |}
@@ Line 117: / Line 124: @@
 | Key write-protect, this bit is RW. (0 = no protection, 1 = protected)
 |-
-| 30-2
+| 2
+| Key read-protect, this bit is RW. (0 = no protection, 1 = protected)
+|-
+| 30-3
 | ?
 |-
 | 31
-| ?
+| Key slot protect. Makes all other bits in this reg read-only until reset
 |}
@@ Line 134: / Line 144: @@
 == RSA_MOD ==
 The RSA key modulus for the selected keyslot can be written here. When writing the RSA modulus, the modulus must align with the end of the register area.
+Writing to RSA_MOD does not change the exponent written with RSA_EXPFIFO.  An attack based on the [[wikipedia:Pohlig-Hellman algorithm|Pohlig-Hellman algorithm]] exists to "read" the contents of RSA_EXPFIFO as a result (see [[3DS System Flaws#Hardware|3DS System Flaws]]).
 == RSA_TXT ==