diff --git a/CMakeLists.txt b/CMakeLists.txt index eb403205ce..9028c1720d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -33,6 +33,8 @@ option(ENABLE_CUBEB "Enables the cubeb audio backend" ON) option(USE_DISCORD_PRESENCE "Enables Discord Rich Presence" OFF) +option(YUZU_USE_OPENSSL_CRYPTO "Use OpenSSL/libressl for cryptography backend" ON) + # Default to a Release build get_property(IS_MULTI_CONFIG GLOBAL PROPERTY GENERATOR_IS_MULTI_CONFIG) if (NOT IS_MULTI_CONFIG AND NOT CMAKE_BUILD_TYPE) diff --git a/externals/CMakeLists.txt b/externals/CMakeLists.txt index a76a3d8006..7f34218805 100644 --- a/externals/CMakeLists.txt +++ b/externals/CMakeLists.txt @@ -36,10 +36,6 @@ add_subdirectory(glad) # inih add_subdirectory(inih) -# mbedtls -add_subdirectory(mbedtls EXCLUDE_FROM_ALL) -target_include_directories(mbedtls PUBLIC ./mbedtls/include) - # MicroProfile add_library(microprofile INTERFACE) target_include_directories(microprofile INTERFACE ./microprofile) @@ -93,10 +89,11 @@ endif() # Sirit add_subdirectory(sirit) -if (ENABLE_WEB_SERVICE) +if (ENABLE_WEB_SERVICE OR YUZU_USE_OPENSSL_CRYPTO) find_package(OpenSSL 1.1) if (OPENSSL_FOUND) set(OPENSSL_LIBRARIES OpenSSL::SSL OpenSSL::Crypto) + set(YUZU_CRYPTO_BACKEND OpenSSL::Crypto PARENT_SCOPE) else() # LibreSSL set(LIBRESSL_SKIP_INSTALL ON CACHE BOOL "") @@ -107,7 +104,10 @@ if (ENABLE_WEB_SERVICE) get_directory_property(OPENSSL_LIBRARIES DIRECTORY libressl DEFINITION OPENSSL_LIBS) + target_include_directories(crypto INTERFACE ./libressl/include) + set(YUZU_CRYPTO_BACKEND crypto PARENT_SCOPE) endif() + set(YUZU_CRYPTO_DEFINITION -DYUZU_USE_OPENSSL_CRYPTO PARENT_SCOPE) # httplib add_library(httplib INTERFACE) @@ -117,6 +117,12 @@ if (ENABLE_WEB_SERVICE) if (WIN32) target_link_libraries(httplib INTERFACE crypt32 cryptui ws2_32) endif() +else() + # mbedtls + add_subdirectory(mbedtls EXCLUDE_FROM_ALL) + target_include_directories(mbedtls PUBLIC ./mbedtls/include) + set(YUZU_CRYPTO_BACKEND mbedtls PARENT_SCOPE) + set(YUZU_CRYPTO_DEFINITION -DYUZU_USE_MBEDTLS_CRYPTO PARENT_SCOPE) endif() # Opus diff --git a/src/core/CMakeLists.txt b/src/core/CMakeLists.txt index 9f0fbba2d9..a920eae2bb 100644 --- a/src/core/CMakeLists.txt +++ b/src/core/CMakeLists.txt @@ -22,8 +22,12 @@ add_library(core STATIC core_timing_util.h cpu_manager.cpp cpu_manager.h - crypto/aes_util.cpp + crypto/aes_util_mbedtls.cpp + crypto/aes_util_openssl.cpp crypto/aes_util.h + crypto/crypto.h + crypto/crypto_mbedtls.cpp + crypto/crypto_openssl.cpp crypto/encryption_layer.cpp crypto/encryption_layer.h crypto/key_manager.cpp @@ -682,7 +686,9 @@ endif() create_target_directory_groups(core) target_link_libraries(core PUBLIC common PRIVATE audio_core video_core) -target_link_libraries(core PUBLIC Boost::boost PRIVATE fmt::fmt nlohmann_json::nlohmann_json mbedtls Opus::Opus) +target_link_libraries(core PUBLIC Boost::boost PRIVATE fmt::fmt nlohmann_json::nlohmann_json ${YUZU_CRYPTO_BACKEND} Opus::Opus) + +target_compile_definitions(core PRIVATE ${YUZU_CRYPTO_DEFINITION}) if (ENABLE_WEB_SERVICE) target_compile_definitions(core PRIVATE -DENABLE_WEB_SERVICE) diff --git a/src/core/crypto/aes_util.cpp b/src/core/crypto/aes_util_mbedtls.cpp similarity index 99% rename from src/core/crypto/aes_util.cpp rename to src/core/crypto/aes_util_mbedtls.cpp index 85a666de93..39040d7863 100644 --- a/src/core/crypto/aes_util.cpp +++ b/src/core/crypto/aes_util_mbedtls.cpp @@ -2,6 +2,8 @@ // Licensed under GPLv2 or any later version // Refer to the license.txt file included. +#ifdef YUZU_USE_MBEDTLS_CRYPTO + #include #include #include "common/assert.h" @@ -128,3 +130,5 @@ void AESCipher::SetIV(std::span data) { template class AESCipher; template class AESCipher; } // namespace Core::Crypto + +#endif diff --git a/src/core/crypto/aes_util_openssl.cpp b/src/core/crypto/aes_util_openssl.cpp new file mode 100644 index 0000000000..af7ba1b3a6 --- /dev/null +++ b/src/core/crypto/aes_util_openssl.cpp @@ -0,0 +1,95 @@ +#ifdef YUZU_USE_OPENSSL_CRYPTO + +#include +#include +#include +#include "common/assert.h" +#include "common/logging/log.h" +#include "core/crypto/aes_util.h" +#include "core/crypto/key_manager.h" + +namespace Core::Crypto { +namespace { +using NintendoTweak = std::array; + +NintendoTweak CalculateNintendoTweak(std::size_t sector_id) { + NintendoTweak out{}; + for (std::size_t i = 0xF; i <= 0xF; --i) { + out[i] = sector_id & 0xFF; + sector_id >>= 8; + } + return out; +} +} // Anonymous namespace + +struct CipherContext { + const EVP_CIPHER* cipher; + EVP_CIPHER_CTX* ctx; + std::vector key; + std::vector iv; +}; + +const static std::map cipher_map = { + {Mode::CTR, EVP_aes_128_ctr}, {Mode::ECB, EVP_aes_128_ecb}, {Mode::XTS, EVP_aes_128_xts}}; + +template +Crypto::AESCipher::AESCipher(Key key, Mode mode) + : ctx(std::make_unique()) { + ctx->ctx = EVP_CIPHER_CTX_new(); + ASSERT_MSG((ctx->ctx != NULL), "Failed to initialize OpenSSL ciphers."); + ctx->cipher = cipher_map.at(mode)(); + ctx->key.resize(key.size()); + std::memcpy(ctx->key.data(), key.data(), KeySize); +} + +template +AESCipher::~AESCipher() { + EVP_CIPHER_CTX_free(ctx->ctx); +} + +template +void AESCipher::Transcode(const u8* src, std::size_t size, u8* dest, Op op) const { + EVP_CIPHER_CTX_reset(ctx->ctx); + EVP_CipherInit(ctx->ctx, ctx->cipher, ctx->key.data(), ctx->iv.data(), + op == Op::Encrypt ? 1 : 0); + EVP_CIPHER_CTX_set_padding(ctx->ctx, 0); + + int written, last_written; + if (EVP_CIPHER_mode(ctx->cipher) == EVP_CIPH_XTS_MODE) { + EVP_CipherUpdate(ctx->ctx, dest, &written, src, (int)size); + if (written != (int)size) { + LOG_WARNING(Crypto, "Not all data was decrypted requested={:016X}, actual={:016X}.", + size, written); + } + } else { + EVP_CipherUpdate(ctx->ctx, dest, &written, src, (int)size); + EVP_CipherFinal(ctx->ctx, dest + written, &last_written); + if (written + last_written != (int)size) { + LOG_WARNING(Crypto, "Not all data was decrypted requested={:016X}, actual={:016X}.", + size, written + last_written); + } + } +} + +template +void AESCipher::XTSTranscode(const u8* src, std::size_t size, u8* dest, + std::size_t sector_id, std::size_t sector_size, Op op) { + ASSERT_MSG(size % sector_size == 0, "XTS decryption size must be a multiple of sector size."); + + for (std::size_t i = 0; i < size; i += sector_size) { + SetIV(CalculateNintendoTweak(sector_id++)); + Transcode(src + i, sector_size, dest + i, op); + } +} + +template +void AESCipher::SetIV(std::span data) { + ctx->iv.resize(data.size()); + std::memcpy(ctx->iv.data(), data.data(), data.size()); +} + +template class AESCipher; +template class AESCipher; +} // namespace Core::Crypto + +#endif diff --git a/src/core/crypto/crypto.h b/src/core/crypto/crypto.h new file mode 100644 index 0000000000..aa143cdd52 --- /dev/null +++ b/src/core/crypto/crypto.h @@ -0,0 +1,22 @@ +#pragma once + +#include + +#include "common/common_types.h" + +bool CalculateHMACSHA256(u8* out, const u8* key, std::size_t key_length, const u8* data, + std::size_t data_length); + +void CalculateMD5(const u8* data, std::size_t data_length, u8* hash); + +void CalculateSHA256(const u8* data, std::size_t data_length, u8* hash); + +// CMAC with AES-128, key_length = 16 bytes +void CalculateCMAC(const u8* source, size_t size, const u8* key, u8* cmac); + +// Calculate m = (s^d) mod n +void CalculateModExp(const u8* d, std::size_t d_length, const u8* n, std::size_t n_length, + const u8* s, std::size_t s_length, u8* m, std::size_t m_length); + +void GenerateRandomBytesWithSeed(u8* out, std::size_t out_length, const u8* seed, + std::size_t seed_length); diff --git a/src/core/crypto/crypto_mbedtls.cpp b/src/core/crypto/crypto_mbedtls.cpp new file mode 100644 index 0000000000..7bea7eadb1 --- /dev/null +++ b/src/core/crypto/crypto_mbedtls.cpp @@ -0,0 +1,78 @@ +#ifdef YUZU_USE_MBEDTLS_CRYPTO + +#include +#include +#include +#include +#include +#include +#include + +#include "common/assert.h" +#include "core/crypto/crypto.h" + +bool CalculateHMACSHA256(u8* out, const u8* key, std::size_t key_length, const u8* data, + std::size_t data_length) { + mbedtls_md_context_t context; + mbedtls_md_init(&context); + + if (mbedtls_md_setup(&context, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1) || + mbedtls_md_hmac_starts(&context, key, key_length) || + mbedtls_md_hmac_update(&context, data, data_length) || + mbedtls_md_hmac_finish(&context, out)) { + mbedtls_md_free(&context); + return false; + } + + mbedtls_md_free(&context); + return true; +} + +void CalculateMD5(const u8* data, std::size_t data_length, u8* hash) { + mbedtls_md5_ret(data, data_length, hash); +} + +void CalculateSHA256(const u8* data, std::size_t data_length, u8* hash) { + mbedtls_sha256_ret(data, data_length, hash, 0); +} + +void CalculateCMAC(const u8* source, size_t size, const u8* key, u8* cmac) { + mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB), key, 128, source, + size, cmac); +} + +void CalculateModExp(const u8* d, std::size_t d_length, const u8* n, std::size_t n_length, + const u8* s, std::size_t s_length, u8* m, std::size_t m_length) { + mbedtls_mpi D; // RSA Private Exponent + mbedtls_mpi N; // RSA Modulus + mbedtls_mpi S; // Input + mbedtls_mpi M; // Output + + mbedtls_mpi_init(&D); + mbedtls_mpi_init(&N); + mbedtls_mpi_init(&S); + mbedtls_mpi_init(&M); + + mbedtls_mpi_read_binary(&D, d, d_length); + mbedtls_mpi_read_binary(&N, n, n_length); + mbedtls_mpi_read_binary(&S, s, s_length); + + mbedtls_mpi_exp_mod(&M, &S, &D, &N, nullptr); + mbedtls_mpi_write_binary(&M, m, m_length); +} + +void GenerateRandomBytesWithSeed(u8* out, std::size_t out_length, const u8* seed, + std::size_t seed_length) { + mbedtls_entropy_context entropy; + mbedtls_entropy_init(&entropy); + mbedtls_ctr_drbg_context ctr_drbg; + + mbedtls_ctr_drbg_init(&ctr_drbg); + ASSERT(mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, seed, seed_length)); + ASSERT(mbedtls_ctr_drbg_random(&ctr_drbg, out, out_length) == 0); + + mbedtls_ctr_drbg_free(&ctr_drbg); + mbedtls_entropy_free(&entropy); +} + +#endif diff --git a/src/core/crypto/crypto_openssl.cpp b/src/core/crypto/crypto_openssl.cpp new file mode 100644 index 0000000000..e399c43434 --- /dev/null +++ b/src/core/crypto/crypto_openssl.cpp @@ -0,0 +1,58 @@ +#ifdef YUZU_USE_OPENSSL_CRYPTO + +#include +#include +#include +#include +#include + +#include "common/assert.h" +#include "core/crypto/crypto.h" + +bool CalculateHMACSHA256(u8* out, const u8* key, std::size_t key_length, const u8* data, + std::size_t data_length) { + HMAC(EVP_sha256(), key, (int)key_length, data, data_length, out, NULL); + return true; +} + +void CalculateMD5(const u8* data, std::size_t data_length, u8* hash) { + EVP_Digest(data, data_length, hash, NULL, EVP_md5(), NULL); +} + +void CalculateSHA256(const u8* data, std::size_t data_length, u8* hash) { + EVP_Digest(data, data_length, hash, NULL, EVP_sha256(), NULL); +} + +void CalculateCMAC(const u8* source, size_t size, const u8* key, u8* cmac) { + size_t outlen; + CMAC_CTX* ctx = CMAC_CTX_new(); + CMAC_Init(ctx, key, 16, EVP_aes_128_cbc(), NULL); + CMAC_Update(ctx, source, size); + CMAC_Final(ctx, cmac, &outlen); + CMAC_CTX_free(ctx); +} + +void CalculateModExp(const u8* d, std::size_t d_length, const u8* n, std::size_t n_length, + const u8* s, std::size_t s_length, u8* m, std::size_t m_length) { + BN_CTX* ctx = BN_CTX_new(); + BN_CTX_start(ctx); + BIGNUM* D = BN_CTX_get(ctx); + BIGNUM* N = BN_CTX_get(ctx); + BIGNUM* S = BN_CTX_get(ctx); + BIGNUM* M = BN_CTX_get(ctx); + BN_bin2bn(d, (int)d_length, D); + BN_bin2bn(n, (int)n_length, N); + BN_bin2bn(s, (int)s_length, S); + BN_mod_exp(M, S, D, N, ctx); + BN_bn2bin(M, m); + BN_CTX_end(ctx); + BN_CTX_free(ctx); +} + +void GenerateRandomBytesWithSeed(u8* out, std::size_t out_length, const u8* seed, + std::size_t seed_length) { + RAND_seed((const void*)seed, (int)seed_length); + ASSERT(RAND_bytes(out, (int)out_length) == 1); +} + +#endif diff --git a/src/core/crypto/key_manager.cpp b/src/core/crypto/key_manager.cpp index a98daed898..01b408057b 100644 --- a/src/core/crypto/key_manager.cpp +++ b/src/core/crypto/key_manager.cpp @@ -13,10 +13,6 @@ #include #include #include -#include -#include -#include -#include #include "common/common_funcs.h" #include "common/fs/file.h" #include "common/fs/fs.h" @@ -26,6 +22,7 @@ #include "common/settings.h" #include "common/string_util.h" #include "core/crypto/aes_util.h" +#include "core/crypto/crypto.h" #include "core/crypto/key_manager.h" #include "core/crypto/partition_data_manager.h" #include "core/file_sys/content_archive.h" @@ -485,7 +482,7 @@ static std::array MGF1(const std::array& seed) { while (out.size() < target_size) { out.resize(out.size() + 0x20); seed_exp[in_size + 3] = static_cast(i); - mbedtls_sha256_ret(seed_exp.data(), seed_exp.size(), out.data() + out.size() - 0x20, 0); + CalculateSHA256(seed_exp.data(), seed_exp.size(), out.data() + out.size() - 0x20); ++i; } @@ -530,24 +527,10 @@ std::optional> ParseTicket(const Ticket& ticket, return std::make_pair(rights_id, ticket.GetData().title_key_common); } - mbedtls_mpi D; // RSA Private Exponent - mbedtls_mpi N; // RSA Modulus - mbedtls_mpi S; // Input - mbedtls_mpi M; // Output - - mbedtls_mpi_init(&D); - mbedtls_mpi_init(&N); - mbedtls_mpi_init(&S); - mbedtls_mpi_init(&M); - - mbedtls_mpi_read_binary(&D, key.decryption_key.data(), key.decryption_key.size()); - mbedtls_mpi_read_binary(&N, key.modulus.data(), key.modulus.size()); - mbedtls_mpi_read_binary(&S, ticket.GetData().title_key_block.data(), 0x100); - - mbedtls_mpi_exp_mod(&M, &S, &D, &N, nullptr); - std::array rsa_step; - mbedtls_mpi_write_binary(&M, rsa_step.data(), rsa_step.size()); + CalculateModExp(key.decryption_key.data(), key.decryption_key.size(), key.modulus.data(), + key.modulus.size(), ticket.GetData().title_key_block.data(), 0x100, + rsa_step.data(), rsa_step.size()); u8 m_0 = rsa_step[0]; std::array m_1; @@ -895,14 +878,6 @@ void KeyManager::DeriveSDSeedLazy() { } } -static Key128 CalculateCMAC(const u8* source, size_t size, const Key128& key) { - Key128 out{}; - - mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB), key.data(), - key.size() * 8, source, size, out.data()); - return out; -} - void KeyManager::DeriveBase() { if (!BaseDeriveNecessary()) { return; @@ -968,7 +943,8 @@ void KeyManager::DeriveBase() { key, GetKey(S128KeyType::Source, static_cast(SourceKeyType::KeyblobMAC))); SetKey(S128KeyType::KeyblobMAC, mac_key, i); - Key128 cmac = CalculateCMAC(encrypted_keyblobs[i].data() + 0x10, 0xA0, mac_key); + Key128 cmac; + CalculateCMAC(encrypted_keyblobs[i].data() + 0x10, 0xA0, mac_key.data(), cmac.data()); if (std::memcmp(cmac.data(), encrypted_keyblobs[i].data(), cmac.size()) != 0) { continue; } diff --git a/src/core/crypto/partition_data_manager.cpp b/src/core/crypto/partition_data_manager.cpp index 5f1c86a099..5ee2ba4f18 100644 --- a/src/core/crypto/partition_data_manager.cpp +++ b/src/core/crypto/partition_data_manager.cpp @@ -11,7 +11,6 @@ #include #include #include -#include #include "common/assert.h" #include "common/common_funcs.h" #include "common/common_types.h" @@ -19,6 +18,7 @@ #include "common/logging/log.h" #include "common/string_util.h" #include "common/swap.h" +#include "core/crypto/crypto.h" #include "core/crypto/key_manager.h" #include "core/crypto/partition_data_manager.h" #include "core/crypto/xts_encryption_layer.h" @@ -180,7 +180,7 @@ std::array FindKeyFromHex(const std::vector& binary, std::array temp{}; for (size_t i = 0; i < binary.size() - key_size; ++i) { - mbedtls_sha256_ret(binary.data() + i, key_size, temp.data(), 0); + CalculateSHA256(binary.data() + i, key_size, temp.data()); if (temp != hash) continue; @@ -208,7 +208,7 @@ static std::array FindEncryptedMasterKeyFromHex(const std::vector< AESCipher cipher(key, Mode::ECB); for (size_t i = 0; i < binary.size() - 0x10; ++i) { cipher.Transcode(binary.data() + i, dec_temp.size(), dec_temp.data(), Op::Decrypt); - mbedtls_sha256_ret(dec_temp.data(), dec_temp.size(), temp.data(), 0); + CalculateSHA256(dec_temp.data(), dec_temp.size(), temp.data()); for (size_t k = 0; k < out.size(); ++k) { if (temp == master_key_hashes[k]) { diff --git a/src/core/file_sys/registered_cache.cpp b/src/core/file_sys/registered_cache.cpp index 7a646b5f1c..28e70fd5e4 100644 --- a/src/core/file_sys/registered_cache.cpp +++ b/src/core/file_sys/registered_cache.cpp @@ -5,11 +5,11 @@ #include #include #include -#include #include "common/assert.h" #include "common/fs/path_util.h" #include "common/hex_util.h" #include "common/logging/log.h" +#include "core/crypto/crypto.h" #include "core/crypto/key_manager.h" #include "core/file_sys/card_image.h" #include "core/file_sys/common_funcs.h" @@ -64,7 +64,7 @@ static std::string GetRelativePathFromNcaID(const std::array& nca_id, bo } Core::Crypto::SHA256Hash hash{}; - mbedtls_sha256_ret(nca_id.data(), nca_id.size(), hash.data(), 0); + CalculateSHA256(nca_id.data(), nca_id.size(), hash.data()); const auto format_str = fmt::runtime(cnmt_suffix ? "/000000{:02X}/{}.cnmt.nca" : "/000000{:02X}/{}.nca"); @@ -146,7 +146,7 @@ bool PlaceholderCache::Create(const NcaID& id, u64 size) const { } Core::Crypto::SHA256Hash hash{}; - mbedtls_sha256_ret(id.data(), id.size(), hash.data(), 0); + CalculateSHA256(id.data(), id.size(), hash.data()); const auto dirname = fmt::format("000000{:02X}", hash[0]); const auto dir2 = GetOrCreateDirectoryRelative(dir, dirname); @@ -170,7 +170,7 @@ bool PlaceholderCache::Delete(const NcaID& id) const { } Core::Crypto::SHA256Hash hash{}; - mbedtls_sha256_ret(id.data(), id.size(), hash.data(), 0); + CalculateSHA256(id.data(), id.size(), hash.data()); const auto dirname = fmt::format("000000{:02X}", hash[0]); const auto dir2 = GetOrCreateDirectoryRelative(dir, dirname); @@ -652,7 +652,7 @@ InstallResult RegisteredCache::InstallEntry(const NCA& nca, TitleType type, const OptionalHeader opt_header{0, 0}; ContentRecord c_rec{{}, {}, {}, GetCRTypeFromNCAType(nca.GetType()), {}}; const auto& data = nca.GetBaseFile()->ReadBytes(0x100000); - mbedtls_sha256_ret(data.data(), data.size(), c_rec.hash.data(), 0); + CalculateSHA256(data.data(), data.size(), c_rec.hash.data()); std::memcpy(&c_rec.nca_id, &c_rec.hash, 16); const CNMT new_cnmt(header, opt_header, {c_rec}, {}); if (!RawInstallYuzuMeta(new_cnmt)) { @@ -727,7 +727,7 @@ InstallResult RegisteredCache::RawInstallNCA(const NCA& nca, const VfsCopyFuncti id = *override_id; } else { const auto& data = in->ReadBytes(0x100000); - mbedtls_sha256_ret(data.data(), data.size(), hash.data(), 0); + CalculateSHA256(data.data(), data.size(), hash.data()); memcpy(id.data(), hash.data(), 16); } diff --git a/src/core/file_sys/xts_archive.cpp b/src/core/file_sys/xts_archive.cpp index d6fe1af47e..1a35b61543 100644 --- a/src/core/file_sys/xts_archive.cpp +++ b/src/core/file_sys/xts_archive.cpp @@ -8,13 +8,11 @@ #include #include -#include -#include - #include "common/fs/path_util.h" #include "common/hex_util.h" #include "common/string_util.h" #include "core/crypto/aes_util.h" +#include "core/crypto/crypto.h" #include "core/crypto/key_manager.h" #include "core/crypto/xts_encryption_layer.h" #include "core/file_sys/content_archive.h" @@ -29,19 +27,8 @@ constexpr u64 NAX_HEADER_PADDING_SIZE = 0x4000; template static bool CalculateHMAC256(Destination* out, const SourceKey* key, std::size_t key_length, const SourceData* data, std::size_t data_length) { - mbedtls_md_context_t context; - mbedtls_md_init(&context); - - if (mbedtls_md_setup(&context, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 1) || - mbedtls_md_hmac_starts(&context, reinterpret_cast(key), key_length) || - mbedtls_md_hmac_update(&context, reinterpret_cast(data), data_length) || - mbedtls_md_hmac_finish(&context, reinterpret_cast(out))) { - mbedtls_md_free(&context); - return false; - } - - mbedtls_md_free(&context); - return true; + return CalculateHMACSHA256(reinterpret_cast(out), reinterpret_cast(key), + key_length, reinterpret_cast(data), data_length); } NAX::NAX(VirtualFile file_) @@ -66,7 +53,7 @@ NAX::NAX(VirtualFile file_, std::array nca_id) : header(std::make_unique()), file(std::move(file_)), keys{Core::Crypto::KeyManager::Instance()} { Core::Crypto::SHA256Hash hash{}; - mbedtls_sha256_ret(nca_id.data(), nca_id.size(), hash.data(), 0); + CalculateSHA256(nca_id.data(), nca_id.size(), hash.data()); status = Parse(fmt::format("/registered/000000{:02X}/{}.nca", hash[0], Common::HexToString(nca_id, false))); } diff --git a/src/core/hle/service/bcat/bcat_module.cpp b/src/core/hle/service/bcat/bcat_module.cpp index 27e9b8df81..6792845f0d 100644 --- a/src/core/hle/service/bcat/bcat_module.cpp +++ b/src/core/hle/service/bcat/bcat_module.cpp @@ -3,12 +3,12 @@ // Refer to the license.txt file included. #include -#include #include "common/hex_util.h" #include "common/logging/log.h" #include "common/settings.h" #include "common/string_util.h" #include "core/core.h" +#include "core/crypto/crypto.h" #include "core/file_sys/vfs.h" #include "core/hle/ipc_helpers.h" #include "core/hle/kernel/k_process.h" @@ -46,7 +46,7 @@ u64 GetCurrentBuildID(const Core::System::CurrentBuildProcessID& id) { BCATDigest DigestFile(const FileSys::VirtualFile& file) { BCATDigest out{}; const auto bytes = file->ReadAllBytes(); - mbedtls_md5_ret(bytes.data(), bytes.size(), out.data()); + CalculateMD5(bytes.data(), bytes.size(), out.data()); return out; } diff --git a/src/core/hle/service/ldr/ldr.cpp b/src/core/hle/service/ldr/ldr.cpp index 24b7e4435d..5931721f61 100644 --- a/src/core/hle/service/ldr/ldr.cpp +++ b/src/core/hle/service/ldr/ldr.cpp @@ -4,12 +4,12 @@ #include #include -#include #include "common/alignment.h" #include "common/hex_util.h" #include "common/scope_exit.h" #include "core/core.h" +#include "core/crypto/crypto.h" #include "core/hle/ipc_helpers.h" #include "core/hle/kernel/k_page_table.h" #include "core/hle/kernel/k_process.h" @@ -469,7 +469,7 @@ public: system.Memory().ReadBlock(nro_address, nro_data.data(), nro_size); SHA256Hash hash{}; - mbedtls_sha256_ret(nro_data.data(), nro_data.size(), hash.data(), 0); + CalculateSHA256(nro_data.data(), nro_data.size(), hash.data()); // NRO Hash is already loaded if (std::any_of(nro.begin(), nro.end(), [&hash](const std::pair& info) { diff --git a/src/core/telemetry_session.cpp b/src/core/telemetry_session.cpp index 191475f71c..6e29107eb2 100644 --- a/src/core/telemetry_session.cpp +++ b/src/core/telemetry_session.cpp @@ -4,9 +4,6 @@ #include -#include -#include - #include "common/assert.h" #include "common/common_types.h" #include "common/fs/file.h" @@ -15,6 +12,7 @@ #include "common/logging/log.h" #include "common/settings.h" +#include "core/crypto/crypto.h" #include "core/file_sys/control_metadata.h" #include "core/file_sys/patch_manager.h" #include "core/loader/loader.h" @@ -31,22 +29,11 @@ namespace Telemetry = Common::Telemetry; static u64 GenerateTelemetryId() { u64 telemetry_id{}; - - mbedtls_entropy_context entropy; - mbedtls_entropy_init(&entropy); - mbedtls_ctr_drbg_context ctr_drbg; constexpr std::array personalization{{"yuzu Telemetry ID"}}; - mbedtls_ctr_drbg_init(&ctr_drbg); - ASSERT(mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, - reinterpret_cast(personalization.data()), - personalization.size()) == 0); - ASSERT(mbedtls_ctr_drbg_random(&ctr_drbg, reinterpret_cast(&telemetry_id), - sizeof(u64)) == 0); - - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_entropy_free(&entropy); - + GenerateRandomBytesWithSeed((u8*)&telemetry_id, sizeof(u64), + reinterpret_cast(personalization.data()), + personalization.size()); return telemetry_id; }