* aes: add aes128EcbCrypt() as a one-shot function to perform AES-128-ECB crypto. The rest of the codebase now calls this function whenever suitable.
* fs_ext: add const keyword to IPC input structs wherever suitable.
* key_sources: add hardcoded master key vectors (prod, dev); master KEK sources (Erista, Mariko); master key source; ticket common key source; SMC key type sources; SMC seal key masks; AES key generation source; NCA header KEK source; NCA header key source and NCA KAEK sources. Also fixed the hardcoded gamecard CardInfo key source for dev units (it was previously generated using retail keydata, my bad).
* keys: remove keysGetNcaMainSignatureModulus(); remove keysDecryptNcaKeyAreaEntry(); repurpose keyset struct to only hold keys that can actually be used for the current hardware type; remove KeysGameCardKeyset; remove keysIsXXModulusYYMandatory() helpers; remove keysRetrieveKeysFromProgramMemory(); remove keysDeriveSealedNcaKeyAreaEncryptionKeys(); add keysDeriveMasterKeys() and keysDerivePerGenerationKeys(); rename keysDeriveGameCardKeys() -> keysDeriveGcCardInfoKey(); add small reimplementations of GenerateAesKek, LoadAesKey and GenerateAesKey; add keysLoadAesKeyFromAesKek() and keysGenerateAesKeyFromAesKek() wrappers. Furthermore, master key derivation is now carried out manually using hardcoded key sources and the last known master key, which is loaded from the Lockpick_RCM keys file -- if the last known master key is unavailable, the key derivation algorithm will then fallback to TSEC root key / Mariko KEK based key derivation, depending on the hardware type.
* nca: add hardcoded NCA man signature moduli (prod, dev); merge ncaDecryptKeyArea() and ncaEncryptKeyArea() into ncaKeyAreaCrypt().
* nxdt_utils: add utilsIsMarikoUnit(); remove _utilsAppletModeCheck(); rename utilsAppletModeCheck() -> utilsIsAppletMode().
* services: remove spl:mig dependency (yay).
* smc: add SmcKeyType enum; add SmcSealKey enum; add SmcGenerateAesKekOption struct; add smcPrepareGenerateAesKekOption().
This commit uses my yet unmerged libnx PR to update ncm_types.h.
PoC code hasn't been updated yet, so proper support for DLC updates will arrive at a later time.
Note to self: implement a way to provide access to loaded DataPatch TitleInfo entries (linked list hell).
* bktr: renamed bktrBucketInitializeSubStorageReadParams to bktrInitializeSubStorageReadParams to avoid redundancy, added debug code to dump BucketInfo and BucketTree tables if BucketTree storage initialization fails.
* cnmt: updated ContentMetaAddOnContentMetaExtendedHeader struct to its 15.x equivalent, added ContentMetaLegacyAddOnContentMetaExtendedHeader struct, added ContentMetaDataPatchMetaExtendedHeader struct, updated the cnmtGetRequiredTitleId and cnmtGetRequiredTitleVersion functions to support DataPatch titles, updated cnmtInitializeContext to support both the new AddOnContent extended header and DataPatch titles, added debug code to dump the whole CNMT if context initialization fails, updated cnmtGenerateAuthoringToolXml to support DataPatch titles.
* keys: updated block hashes to match 15.x keyset, use case-insensitive comparison while looking for entry names in keysReadKeysFromFile, make sure the eticket_rsa_kek is non-zero before proceeding in keysGetDecryptedEticketRsaDeviceKey.
* nca: updated NcaKeyGeneration enum, added reminder about updating NcaSignatureKeyGeneration if necessary, replaced ncaFsSectionCheckHashRegionAccess with ncaFsSectionCheckPlaintextHashRegionAccess, removed all extents checks on Patch RomFS and sparse sections, updated ncaGetFsSectionTypeName to reflect if a FS section holds a sparse layer or not.
* nca_storage: updated ncaStorageInitializeContext to avoid initializing a compressed storage if a sparse layer is also used (fixes issues with Them's Fightin' Herds), updated ncaStorageSetPatchOriginalSubStorage to enforce the presence of a compressed storage in a patch if the base FS holds a compressed storage.
* npdm: added reminder about updating NpdmSignatureKeyGeneration if necessary, updated NpdmFsAccessControlFlags enum, updated NpdmAccessibility enum, updated NpdmSystemCallId enum, fixed typos.
* title: updated all relevant functions that deal with NcmContentMetaType values to also handle DataPatch titles, added functions to handle DataPatchId values, removed titleConvertNcmContentSizeToU64 and titleConvertU64ToNcmContentSize functions in favor of ncmContentInfoSizeToU64 and ncmU64ToContentInfoSize from my unmerged libnx PR, updated internal arrays to match 15.x changes, renamed titleOrphanTitleInfoSortFunction to titleInfoEntrySortFunction and updated it to also sort entries by version and storage ID, updated titleGenerateTitleInfoEntriesForTitleStorage to sort TitleInfo entries, simplified titleDuplicateTitleInfo a bit by using macros.
* keysGetKeyAndValueFromFile() is now thread-safe -- may be useful for people reusing code from nxdumptool. The dynamic buffer allocated by __getline() must be freed by the caller. Furthermore, this fixes an out-of-bounds issue while writing data to the static array that was being used with fgets().
* Empty lines are now considered failures.
* keysGetKeyAndValueFromFile() now validates the value string and converts it to lowercase as well.
* Adjusted the example regex in the description for keysGetKeyAndValueFromFile() to accurately match what the function actually does.
* Added helper macros to keysReadKeysFromFile().
* Thread-safe.
* Provides getter/setter functions for the data types used by nxdumptool's configuration.
* Each setter function writes the modified JSON configuration back to the SD card.
* Configuration is validated on interface initialization. If validation fails, a default JSON template is loaded from the application's RomFS and written back to the SD card.
Other changes:
* Implement directory creation.
* Moved more preprocessor definitions to defines.h.
* Replaced strtok() calls throughout the code with strtok_r() to guarantee thread-safety.
* Added custom key sources to derive CardInfo keys at runtime using SPL.
* Implemented CardInfo area decryption.
* Implemented LAFW blob lookup in FS .data segment to retrieve the current LAFW version.
P.S.: still need to move around code to perform the LAFW version check at the places we need. But the current code is good enough for a test.
* Implemented RSA-2048-PSS + SHA256 signature verification.
* Refactored RSA-2048-OAEP decryption steps to use mbedtls function calls.
* Implemented NCA header main signature verification.
* Replaced Björn Samuelsson's CRC32 algorithm with the hardware accelerated CRC32 checksum calculation from libnx (latest commit with support for calculation in blocks).
* Rewrote mutex handling throughout the code to use a small, macro-based scoped lock implementation.
* Removed extern variables from common.h - launch path management is now completely handled in utils.c.
* Updated NpdmSystemCallId_Count to reflect changes introduced in 12.0.0.
* Added NcaMainSignatureKeyGeneration enum.
* NCA main signature moduli are now retrieved from FS .rodata at runtime.
* Simplified lock management in usb.c by using a single global mutex with scoped locks instead of three different r/w locks.
* Updated FatFs to R0.14b.
* Enabled 64-bit LBA support in FatFs to potentially support custom eMMC replacements / resized USER partitions in the future.
* Updated LZ4 to v1.9.3.
* Fixed typos.
* USB gamecard dumper PoC now only dumps the Initial Data area.
* Updated to-do list.
* Refactored keydata handling.
* Sealed NCA KAEKs are now generated at startup, and NCA key area entries are now decrypted by keysDecryptNcaKeyAreaEntry(), reducing the number of calls to spl functions.
* The eTicket RSA device key is now retrieved and decrypted at startup. RSA-OAEP wrapped titlekeys are now decrypted by keysDecryptRsaOaepWrappedTitleKey().
* Renamed titlekek -> ticket common key throughout the codebase.
* Added NcaKeyAreaEncryptionKeyIndex_Count and NcaKeyGeneration_Max enum values to nca.h.
* Proper usage of strcasecmp() in some functions.
* Moved syscall hint checks from keys.c to mem.c.
* Define illegal FS characters as an array rather than a char pointer.
* Services are now initialized before the CFW type checks.
* Fixed pcv/clkrst service initialization.
* Implemented additional thread safety and logfile output to service functions.
* Slightly tweaked running service checks.
* Added proper Markdown documentation for the USB ABI.