AES Registers: Difference between revisions

Line 175:

== Keyslots ==

There are 0x40 keyslots, each of which stores three keys called keyX, keyY and normalkey. All keys can be set explicitly, but the normalkey can optionally be generated using a hardware key scrambler instead (see below). There is no way to read the contents of a keyslot.

{| class="wikitable" border="1"

! Keyslot

Line 234:

Line 236:

|}

=== ~~Hardware key generator~~ ===

=== Updating keydata ===

~~Unless noted otherwise~~, ~~all~~ keyslots ~~on retail units use the hardware key-scrambler~~, ~~where~~ the ~~final normal-key is generated~~ in ~~hardware using~~ the ~~input keyX and keyY~~. ~~This normal-key is then written~~ to the ~~hardware keyslot by~~ the AES engine~~, all of~~ the ~~AES engine~~ key ~~registers are write-only~~. The ~~internal normal-key keyslot~~ is ~~only updated when~~ the ~~keyY is~~ written to~~, the keyslot's normal~~-~~key is not immediately updated when~~ writing to the ~~keyX~~.

When bit26 in REG_AESCNT is enabled, keyslots can be updated by selecting a particular keyslot using REG_AESKEYCNT and then consecutively writing four words to REG_AESKEYXFIFO (keyX), REG_AESKEYYFIFO(keyY), or REG_AESKEYFIFO (normalkey).

After writing to a keyslot, the keyslot in REG_AESKEYCNT must be set again, even when writing to the same keyslot.

Writing to the key FIFOs with byte writes results in the AES engine converting the byte to a word for setting the key word, with this: word = (byteval) | (byteval<<8) | (byteval<<16) | (byteval<<24). The result is the same regardless of which FIFO register byte was written to.

The TWL keyslots 0x00-0x03 can be set directly by writing to the REG_AESKEY0-REG_AESKEY3 registers.

=== keyX ===

The ARM9 bootrom initializes the keyX for each 3DS keyslot, the ARM9 bootrom also initializes the keyY for the keyslots where NATIVE_FIRM doesn't set the keyY. In certain cases Process9 may also set the keyX.

=== ~~Updating keydata~~ ===

=== Hardware key generator ===

~~After writing~~ to a keyslot ~~when~~ the ~~keyslot~~ is ~~already selected,~~ the ~~keyslot must~~ be ~~re-selected for~~ the ~~updated keyslot key-data~~ to be used.

A dedicated hardware key generator can be used to generate a keyslot's normalkey from its keyX and keyY by enabling the corresponding bit in REG_AESKEYCNT. If enabled, the hardware key generator is triggered by writing the keyY (which also seems to be the only way to trigger it). The algorithm used for key generation is unknown.

~~Writing to~~ the key FIFOs with byte writes results in the AES engine converting the byte to a word for setting the key word, with this: word = (byteval) | (byteval<<8) | (byteval<<16) | (byteval<<24). The result is the same regardless of which FIFO register byte was written to.

Unless noted otherwise, all keyslots on retail units use the hardware key-scrambler.

=== FIRM-launch key clearing ===

Starting with [[9.0.0-20]] the Process9 FIRM-launch code now "clears" the following AES keyslots, with certain keydata by writing the normal-key: 0x15 and 0x18-0x20. These are the keyslots used by the New3DS [[FIRM]] arm9bin loader(minus keyslot 0x11), so the New3DS Process9 presumably does this too.

@@ Line 175: / Line 175: @@
 == Keyslots ==
+There are 0x40 keyslots, each of which stores three keys called keyX, keyY and normalkey. All keys can be set explicitly, but the normalkey can optionally be generated using a hardware key scrambler instead (see below). There is no way to read the contents of a keyslot.
 {| class="wikitable" border="1"
 !  Keyslot
@@ Line 234: / Line 236: @@
 |}
-=== Hardware key generator ===
+=== Updating keydata ===
-Unless noted otherwise, all keyslots on retail units use the hardware key-scrambler, where the final normal-key is generated in hardware using the input keyX and keyY. This normal-key is then written to the hardware keyslot by the AES engine, all of the AES engine key registers are write-only. The internal normal-key keyslot is only updated when the keyY is written to, the keyslot's normal-key is not immediately updated when writing to the keyX.
+When bit26 in REG_AESCNT is enabled, keyslots can be updated by selecting a particular keyslot using REG_AESKEYCNT and then consecutively writing four words to REG_AESKEYXFIFO (keyX), REG_AESKEYYFIFO(keyY), or REG_AESKEYFIFO (normalkey).
+After writing to a keyslot, the keyslot in REG_AESKEYCNT must be set again, even when writing to the same keyslot.
+Writing to the key FIFOs with byte writes results in the AES engine converting the byte to a word for setting the key word, with this: word = (byteval) | (byteval<<8) | (byteval<<16) | (byteval<<24). The result is the same regardless of which FIFO register byte was written to.
+The TWL keyslots 0x00-0x03 can be set directly by writing to the REG_AESKEY0-REG_AESKEY3 registers.
 === keyX ===
 The ARM9 bootrom initializes the keyX for each 3DS keyslot, the ARM9 bootrom also initializes the keyY for the keyslots where NATIVE_FIRM doesn't set the keyY. In certain cases Process9 may also set the keyX.
-=== Updating keydata ===
+=== Hardware key generator ===
-After writing to a keyslot when the keyslot is already selected, the keyslot must be re-selected for the updated keyslot key-data to be used.
+A dedicated hardware key generator can be used to generate a keyslot's normalkey from its keyX and keyY by enabling the corresponding bit in REG_AESKEYCNT. If enabled, the hardware key generator is triggered by writing the keyY (which also seems to be the only way to trigger it). The algorithm used for key generation is unknown.
-Writing to the key FIFOs with byte writes results in the AES engine converting the byte to a word for setting the key word, with this: word = (byteval) | (byteval<<8) | (byteval<<16) | (byteval<<24). The result is the same regardless of which FIFO register byte was written to.
+Unless noted otherwise, all keyslots on retail units use the hardware key-scrambler.
 === FIRM-launch key clearing ===
 Starting with [[9.0.0-20]] the Process9 FIRM-launch code now "clears" the following AES keyslots, with certain keydata by writing the normal-key: 0x15 and 0x18-0x20. These are the keyslots used by the New3DS [[FIRM]] arm9bin loader(minus keyslot 0x11), so the New3DS Process9 presumably does this too.