Changes

Jump to navigation Jump to search
888 bytes added ,  00:34, 6 February 2021
Line 1: Line 1:  +
= Overview =
 +
 +
The RSA module is essentially a hardware-accelerated modular exponentiation engine. It is specially optimized for RSA applications, so its behavior can be incoherent when RSA's invariants are broken.
 +
 +
=== Observed edge cases ===
 +
* if 2 divides mod, output == 0
 +
 
= Registers =
 
= Registers =
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 46: Line 53:  
| [[#RSA_EXPFIFO|RSA_EXPFIFO]]
 
| [[#RSA_EXPFIFO|RSA_EXPFIFO]]
 
| 0x1000B200
 
| 0x1000B200
| 0x04
+
| 0x100 (can handle u32 writes to any aligned position in the FIFO)
 
|
 
|
 
|-
 
|-
Line 71: Line 78:  
|-
 
|-
 
| 1
 
| 1
| ?
+
| Interrupt enable (1=enable, 0=disable)
 
|-
 
|-
 
| 4-7
 
| 4-7
Line 77: Line 84:  
|-
 
|-
 
| 8
 
| 8
| Endianness (1=Little endian, 0=Big endian)
+
| Endianness (1=Little endian, 0=Big endian). Affects RSA_EXPFIFO, RSA_MOD, and RSA_TXT.
 
|-
 
|-
 
| 9
 
| 9
| Word order (1=Normal order, 0=Reversed order)
+
| Word order (1=Normal order, 0=Reversed order). Affects RSA_MOD and RSA_TXT.
 
|}
 
|}
    
== RSA_SLOT ==
 
== RSA_SLOT ==
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Start
+
Name
 +
!  Offset
 
!  Width
 
!  Width
!  Description
   
|-
 
|-
 +
| [[#RSA_SLOTCNT|RSA_SLOTCNT]]
 
| 0x0
 
| 0x0
 
| 0x4
 
| 0x4
| REG_RSASLOTCNT
   
|-
 
|-
 +
| [[#RSA_SLOTSIZE|RSA_SLOTSIZE]]
 
| 0x4
 
| 0x4
 
| 0x4
 
| 0x4
| REG_RSASLOTSIZE
   
|-
 
|-
 +
| ?
 
| 0x8
 
| 0x8
 
| 0x4
 
| 0x4
 +
|-
 
| ?
 
| ?
|-
   
| 0xC
 
| 0xC
 
| 0x4
 
| 0x4
| ?
   
|}
 
|}
   Line 117: Line 124:  
| Key write-protect, this bit is RW. (0 = no protection, 1 = protected)
 
| Key write-protect, this bit is RW. (0 = no protection, 1 = protected)
 
|-
 
|-
| 30-2
+
| 2
 +
| Key read-protect, this bit is RW. (0 = no protection, 1 = protected)
 +
|-
 +
| 30-3
 
| ?
 
| ?
 
|-
 
|-
 
| 31
 
| 31
| ?
+
| Key slot protect. Makes all other bits in this reg read-only until reset
 
|}
 
|}
   Line 132: Line 142:  
The 0x100-byte private or public exponent is written to this write-only FIFO.
 
The 0x100-byte private or public exponent is written to this write-only FIFO.
   −
== REG_RSAMOD ==
+
== RSA_MOD ==
 
The RSA key modulus for the selected keyslot can be written here. When writing the RSA modulus, the modulus must align with the end of the register area.
 
The RSA key modulus for the selected keyslot can be written here. When writing the RSA modulus, the modulus must align with the end of the register area.
   −
== REG_RSATXT ==
+
Writing to RSA_MOD does not change the exponent written with RSA_EXPFIFO.  An attack based on the [[wikipedia:Pohlig-Hellman algorithm|Pohlig-Hellman algorithm]] exists to "read" the contents of RSA_EXPFIFO as a result (see [[3DS System Flaws#Hardware|3DS System Flaws]]).
 +
 
 +
== RSA_TXT ==
 
The RSA signature can be written here, and the data read from here is the message. When writing the RSA signature, the signature must be prepended with zeroes until it is a multiple of 8 bytes, and the end of the signature must align with the end of the register area.
 
The RSA signature can be written here, and the data read from here is the message. When writing the RSA signature, the signature must be prepended with zeroes until it is a multiple of 8 bytes, and the end of the signature must align with the end of the register area.
  
513

edits

Navigation menu