PSPXI:EncryptDecryptAes

From 3dbrew
Revision as of 22:27, 11 December 2014 by Yellows8 (talk | contribs) (→‎Key Types)
Jump to navigation Jump to search

Request

Index Word Description
0 Header code [0x000401C4]
1 Size in bytes
2-5 IV / CTR
6 u8 Algorithm Type (0..5)
7 u8 Key Type (0..7)
8 (size<<8) | 0x4
9 Source pointer
10 (size<<8) | 0x14
11 Destination pointer

Response

Index Word Description
0 Header code [0x00040140]
1 Result code
2-5 Output IV / CTR: this is the IV/CTR which would be used if the crypto operation were to continue.

Algorithm Types

Type Description
0 CBC Encrypt
1 CBC Decrypt
2 CTR Encrypt
3 CTR Decrypt
4 CCM Encrypt
5 CCM Decrypt

Key Types

Type AES Engine Keyslot Description
0 0x0D Used to decrypt the SSL client cert/private-key stored in ClCertA.
1 0x2D Used to generate the UDS local-WLAN CCMP key.
2 0x31 This is used by NS for the APT AES-CCM Wrap/Unwrap commands. These two NS commands are used by the Mii Maker application for the encrypted Mii data in the Mii QR codes.
3 0x38 BOSS
4 0x32 ?
5 0x39 This is used by the Download Play module.
6 0x2E This is used by the StreetPass CECD module to generate the CCMP key passed to nwm::CEC commands, when beginning StreetPass communications.
7 Invalid
8 0x36 Support for this keytype was added with the NATIVE_FIRM updated with 2.2.0-X. When the running NATIVE_FIRM doesn't support this keytype, the result is the same as using keytype7. This is used by the friends module.
9 0x39 Support for this keytype was added with the NATIVE_FIRM updated with 9.3.0-X. When the running NATIVE_FIRM doesn't support this keytype, the result is the same as using keytype7. Before selecting this keyslot, Process9 writes a keyY from the Process9 .(ro)data section(keydata is different for retail/dev units) to this keyslot. Once finished with crypto, Process9 restores the original keyY to this keyslot.
>=10 Invalid, same as keytype7.

Description

This is used to encrypt/decrypt data via the AES engine. AES-CCM is not supported by this command, PSPXI:EncryptSignDecryptVerifyAesCcm must be used for AES-CCM instead.