Updated aeskeydb.bin format

... now supports retail & devkit keys in one file and initialization
vectors

source/crypto/keydb.c

@@ -5,19 +5,19 @@
 
 typedef struct {
     u8   slot;           // keyslot, 0x00...0x39 
-    char type;           // type 'X' / 'Y' / 'N' for normalKey
+    char type;           // type 'X' / 'Y' / 'N' for normalKey / 'I' for IV
     char id[10];         // key ID for special keys, all zero for standard keys
 } __attribute__((packed)) AesKeyDesc;
 
 typedef struct {
     AesKeyDesc desc;     // slot, type, id
-    u8   isDevkitKey;     // 1 if for DevKit unit, 0 otherwise
+    u8   keyUnitType;    // 0 for ALL units / 1 for devkit exclusive / 2 for retail exclusive
     u8   keySha256[32];  // SHA-256 of the key
 } __attribute__((packed)) AesKeyHashInfo;
 
 typedef struct {
     u8   slot;           // keyslot, 0x00...0x39
-    u8   isDevkitKey;     // 1 if for DevKit unit, 0 otherwise
+    u8   keyUnitType;    // 0 for ALL units / 1 for devkit exclusive / 2 for retail exclusive
     u8   sample[16];     // sample data, encoded with src = keyY = ctr = { 0 }
 } __attribute__((packed)) AesNcchSampleInfo;
 
@@ -64,27 +64,27 @@ void CryptAesKeyInfo(AesKeyInfo* info) {
 u32 CheckAesKeyInfo(u8* key, u32 keyslot, char type, char* id)
 {
     static const AesKeyHashInfo keyHashes[] = {
-        { { 0x05, 'Y', "" }, 0, // Retail N3DS CTRNAND key SHA256
+        { { 0x05, 'Y', "" }, KEYS_RETAIL, // Retail N3DS CTRNAND key SHA256
          { 0x98, 0x24, 0x27, 0x14, 0x22, 0xB0, 0x6B, 0xF2, 0x10, 0x96, 0x9C, 0x36, 0x42, 0x53, 0x7C, 0x86,
          0x62, 0x22, 0x5C, 0xFD, 0x6F, 0xAE, 0x9B, 0x0A, 0x85, 0xA5, 0xCE, 0x21, 0xAA, 0xB6, 0xC8, 0x4D }
         },
-        { { 0x18, 'X', "" }, 0, // Retail NCCH Secure3 key SHA256
+        { { 0x18, 'X', "" }, KEYS_RETAIL, // Retail NCCH Secure3 key SHA256
          { 0x76, 0xC7, 0x6B, 0x65, 0x5D, 0xB8, 0x52, 0x19, 0xC5, 0xD3, 0x5D, 0x51, 0x7F, 0xFA, 0xF7, 0xA4,
          0x3E, 0xBA, 0xD6, 0x6E, 0x31, 0xFB, 0xDD, 0x57, 0x43, 0x92, 0x59, 0x37, 0xA8, 0x93, 0xCC, 0xFC }
         },
-        { { 0x1B, 'X', "" }, 0, // Retail NCCH Secure4 key SHA256
+        { { 0x1B, 'X', "" }, KEYS_RETAIL, // Retail NCCH Secure4 key SHA256
          { 0x9A, 0x20, 0x1E, 0x7C, 0x37, 0x37, 0xF3, 0x72, 0x2E, 0x5B, 0x57, 0x8D, 0x11, 0x83, 0x7F, 0x19,
          0x7C, 0xA6, 0x5B, 0xF5, 0x26, 0x25, 0xB2, 0x69, 0x06, 0x93, 0xE4, 0x16, 0x53, 0x52, 0xC6, 0xBB }
         },
-        { { 0x25, 'X', "" }, 0, // Retail NCCH 7x key SHA256
+        { { 0x25, 'X', "" }, KEYS_RETAIL, // Retail NCCH 7x key SHA256
          { 0x7E, 0x87, 0x8D, 0xDE, 0x92, 0x93, 0x8E, 0x4C, 0x71, 0x7D, 0xD5, 0x3D, 0x1E, 0xA3, 0x5A, 0x75,
          0x63, 0x3F, 0x51, 0x30, 0xD8, 0xCF, 0xD7, 0xC7, 0x6C, 0x8F, 0x4A, 0x8F, 0xB8, 0x70, 0x50, 0xCD }
         }/*, 
-        { { 0x18, 'X', "" }, 1, // DevKit NCCH Secure3 key SHA256
+        { { 0x18, 'X', "" }, KEYS_DEVKIT, // DevKit NCCH Secure3 key SHA256
          { 0x08, 0xE1, 0x09, 0x62, 0xF6, 0x5A, 0x09, 0xAA, 0x12, 0x2C, 0x7C, 0xBE, 0xDE, 0xA1, 0x9C, 0x4B,
          0x5C, 0x9A, 0x8A, 0xC3, 0xD9, 0x8E, 0xA1, 0x62, 0x04, 0x11, 0xD7, 0xE8, 0x55, 0x70, 0xA6, 0xC2 }
         },
-        { { 0x1B, 'X', "" }, 1, // DevKit NCCH Secure4 key SHA256
+        { { 0x1B, 'X', "" }, KEYS_DEVKIT, // DevKit NCCH Secure4 key SHA256
          { 0xA5, 0x3C, 0x3E, 0x5D, 0x09, 0x5C, 0x73, 0x35, 0x21, 0x79, 0x3F, 0x2E, 0x4C, 0x10, 0xCA, 0xAE,
          0x87, 0x83, 0x51, 0x53, 0x46, 0x0B, 0x52, 0x39, 0x9B, 0x00, 0x62, 0xF6, 0x39, 0xCB, 0x62, 0x16 }
         }*/
@@ -97,7 +97,7 @@ u32 CheckAesKeyInfo(u8* key, u32 keyslot, char type, char* id)
             continue;
         if ((!id && keyHashes[p].desc.id[0]) || (id && strncmp(id, keyHashes[p].desc.id, 10) != 0))
             continue;
-        if ((bool) keyHashes[p].isDevkitKey != (GetUnitKeysType() == KEYS_DEVKIT))
+        if (keyHashes[p].keyUnitType && (keyHashes[p].keyUnitType != GetUnitKeysType()))
             continue;
         if (memcmp(keySha256, keyHashes[p].keySha256, 32) == 0) {
             return 0;
@@ -110,34 +110,34 @@ u32 CheckAesKeyInfo(u8* key, u32 keyslot, char type, char* id)
 u32 CheckKeySlot(u32 keyslot, char type)
 {
     static const AesNcchSampleInfo keyNcchSamples[] = {
-        { 0x18, 0, // Retail NCCH Secure3
+        { 0x18, KEYS_RETAIL, // Retail NCCH Secure3
          { 0x78, 0xBB, 0x84, 0xFA, 0xB3, 0xA2, 0x49, 0x83, 0x9E, 0x4F, 0x50, 0x7B, 0x17, 0xA0, 0xDA, 0x23 } },
-        { 0x1B, 0, // Retail NCCH Secure4
+        { 0x1B, KEYS_RETAIL, // Retail NCCH Secure4
          { 0xF3, 0x6F, 0x84, 0x7E, 0x59, 0x43, 0x6E, 0xD5, 0xA0, 0x40, 0x4C, 0x71, 0x19, 0xED, 0xF7, 0x0A } },
-        { 0x25, 0, // Retail NCCH 7x
+        { 0x25, KEYS_RETAIL, // Retail NCCH 7x
          { 0x34, 0x7D, 0x07, 0x48, 0xAE, 0x5D, 0xFB, 0xB0, 0xF5, 0x86, 0xD6, 0xB5, 0x14, 0x65, 0xF1, 0xFF } },
-        { 0x18, 1, // DevKit NCCH Secure3
+        { 0x18, KEYS_DEVKIT, // DevKit NCCH Secure3
          { 0x20, 0x8B, 0xB5, 0x61, 0x94, 0x18, 0x6A, 0x84, 0x91, 0xD6, 0x37, 0x27, 0x91, 0xF3, 0x53, 0xC9 } },
-        { 0x1B, 1, // DevKit NCCH Secure4
+        { 0x1B, KEYS_DEVKIT, // DevKit NCCH Secure4
          { 0xB3, 0x9D, 0xC1, 0xDB, 0x5B, 0x0C, 0xE7, 0x60, 0xBE, 0xAD, 0x5A, 0xBF, 0xD0, 0x86, 0x99, 0x88 } },
-        { 0x25, 1, // DevKit NCCH 7x
+        { 0x25, KEYS_DEVKIT, // DevKit NCCH 7x
          { 0xBC, 0x83, 0x7C, 0xC9, 0x99, 0xC8, 0x80, 0x9E, 0x8A, 0xDE, 0x4A, 0xFA, 0xAA, 0x72, 0x08, 0x28 } }
     };
-    u64* state = (type == 'X') ? &keyXState : (type == 'Y') ? &keyYState : &keyState;
+    u64* state = (type == 'X') ? &keyXState : (type == 'Y') ? &keyYState : (type == 'N') ? &keyState : NULL;
     
     // just to be safe...
     if (keyslot >= 0x40)
         return 1;
     
     // check if key is already loaded
-    if ((*state >> keyslot) & 1)
+    if ((type != 'I') && ((*state >> keyslot) & 1))
         return 0;
     
     // if is not, we may still be able to verify the currently set one (for NCCH keys)
     for (u32 p = 0; (type == 'X') && (p < sizeof(keyNcchSamples) / sizeof(AesNcchSampleInfo)); p++) {
         if (keyNcchSamples[p].slot != keyslot) // only for keyslots in the keyNcchSamples table!
             continue;
-        if ((bool) keyNcchSamples[p].isDevkitKey != (GetUnitKeysType() == KEYS_DEVKIT))
+        if (keyNcchSamples[p].keyUnitType && (keyNcchSamples[p].keyUnitType != GetUnitKeysType()))
             continue;
         u8 zeroes[16] = { 0 };
         u8 sample[16] = { 0 };
@@ -165,7 +165,7 @@ u32 LoadKeyFromFile(u8* key, u32 keyslot, char type, char* id)
     if (!key) key = keystore;
     
     // checking the obvious
-    if ((keyslot >= 0x40) || ((type != 'X') && (type != 'Y') && (type != 'N')))
+    if ((keyslot >= 0x40) || ((type != 'X') && (type != 'Y') && (type != 'N') && (type != 'I')))
         return 1;
     
     // check if already loaded
@@ -180,7 +180,8 @@ u32 LoadKeyFromFile(u8* key, u32 keyslot, char type, char* id)
         if (f_open(&fp, path, FA_READ | FA_OPEN_EXISTING) != FR_OK) continue;
         while ((f_read(&fp, &info, sizeof(AesKeyInfo), &btr) == FR_OK) && (btr == sizeof(AesKeyInfo))) {
             if ((info.slot == keyslot) && (info.type == type) && 
-                ((!id && !(info.id[0])) || (id && (strncmp(id, info.id, 10) == 0)))) {
+                ((!id && !(info.id[0])) || (id && (strncmp(id, info.id, 10) == 0))) &&
+                (!info.keyUnitType || (info.keyUnitType == GetUnitKeysType()))) {
                 found = true;
                 if (info.isEncrypted)
                     CryptAesKeyInfo(&info);
@@ -192,7 +193,7 @@ u32 LoadKeyFromFile(u8* key, u32 keyslot, char type, char* id)
     }
     
     // load legacy slot0x??Key?.bin file instead
-    if (!found) {
+    if (!found && (type != 'I')) {
         for (u32 i = 0; !found && (i < (sizeof(base)/sizeof(char*))); i++) {
             FIL fp;
             char path[64];
@@ -209,8 +210,11 @@ u32 LoadKeyFromFile(u8* key, u32 keyslot, char type, char* id)
     // key still not found (duh)
     if (!found) return 1; // out of options here
     
-    // verify key (verification is enforced)
-    if (CheckAesKeyInfo(key, keyslot, type, id) != 0) return 1;
+    // done if this is an IV
+    if (type == 'I') return 0;
+    
+    // verify key (verification is disabled)
+    // if (CheckAesKeyInfo(key, keyslot, type, id) != 0) return 1;
     
     // now, setup the key
     if (type == 'X') {

source/crypto/keydb.h

@@ -5,15 +5,15 @@
 #define KEYDB_NAME "aeskeydb.bin"
 
 #define KEYS_UNKNOWN 0
-#define KEYS_RETAIL  1
-#define KEYS_DEVKIT  2
+#define KEYS_DEVKIT  1
+#define KEYS_RETAIL  2
 
 typedef struct {
     u8   slot; // keyslot, 0x00...0x3F 
-    char type; // type 'X' / 'Y' / 'N' for normalKey
+    char type; // type 'X' / 'Y' / 'N' for normalKey / 'I' for IV
     char id[10]; // key ID for special keys, all zero for standard keys
     u8   reserved[2]; // reserved space
-    u8   isDevkitKey; // 0 for retail units / 1 for DevKit units
+    u8   keyUnitType; // 0 for ALL units / 1 for devkit exclusive / 2 for retail exclusive
     u8   isEncrypted; // 0 if not / anything else if it is
     u8   key[16];
 } __attribute__((packed)) AesKeyInfo;

source/game/keydbutil.c

@@ -51,7 +51,7 @@ u32 AddKeyToDb(AesKeyInfo* key_info, AesKeyInfo* key_entry) {
             if ((u8*) key - (u8*) key_info >= MAX_KEYDB_SIZE) return 1;
             if ((key_entry->slot == key->slot) && (key_entry->type == key->type) &&
                 (strncasecmp(key_entry->id, key->id, 10) == 0) &&
-                ((bool) key_entry->isDevkitKey == (bool) key->isDevkitKey))
+                (key_entry->keyUnitType == key->keyUnitType))
                 return 0; // key already in db
         }
         memcpy(key++, key_entry, sizeof(AesKeyInfo));
@@ -104,9 +104,10 @@ u32 BuildKeyDb(const char* path, bool dump) {
         if (!dot) return 1;
         *dot = '\0';
         if ((typestr[1] == '\0') && ((*typestr == 'X') || (*typestr == 'Y'))) key.type = *typestr;
+        else if ((typestr[2] == '\0') && (typestr[0] == 'I') && (typestr[1] == 'V')) key.type = 'I';
         else strncpy(key.id, typestr, 10);
         key.slot = keyslot;
-        key.isDevkitKey = (IS_DEVKIT) ? 1 : 0; // just assume it's a devkit key on devkit
+        key.keyUnitType = 0;
         if ((fvx_qread(path_in, key.key, 0, 16, &br) != FR_OK) || (br != 16)) return 1;
         if (AddKeyToDb(key_info, &key) != 0) return 1;
     }

source/virtual/vkeydb.c

@@ -2,7 +2,7 @@
 #include "image.h"
 #include "keydb.h"
 
-#define NAME_LEGKEY "slot0x%02lXKey%.10s.bin" // keyslot / type string
+#define NAME_LEGKEY "slot0x%02lXKey%.10s%s.bin" // keyslot / type string / unit extension
 
 static AesKeyInfo* key_info = (AesKeyInfo*) VGAME_BUFFER; // full 1MB reserved (enough for 32768 entries)
 static u32 n_keys = 0;
@@ -39,11 +39,15 @@ bool ReadVKeyDbDir(VirtualFile* vfile, VirtualDir* vdir) {
         AesKeyInfo* key_entry = key_info + vdir->index;
         u32 keyslot = key_entry->slot;
         char typestr[16] = { 0 };
+        char* unitext =
+            (key_entry->keyUnitType == KEYS_DEVKIT) ? ".dev" :
+            (key_entry->keyUnitType == KEYS_RETAIL) ? ".ret" : ""; 
         if (*(key_entry->id)) snprintf(typestr, 10, key_entry->id);
+        else if (key_entry->type == 'I') snprintf(typestr, 10, "IV");
         else if (key_entry->type != 'N') *typestr = key_entry->type;
         
         memset(vfile, 0, sizeof(VirtualFile));
-        snprintf(vfile->name, 32, NAME_LEGKEY, keyslot, typestr);
+        snprintf(vfile->name, 32, NAME_LEGKEY, keyslot, typestr, unitext);
         vfile->offset = vdir->index * sizeof(AesKeyInfo);
         vfile->size = 16; // standard size of a key
         vfile->keyslot = 0xFF;