diff options
| author | Zephyron <zephyron@citron-emu.orgq> | 2025-02-28 15:27:12 +1000 |
|---|---|---|
| committer | Zephyron <zephyron@citron-emu.orgq> | 2025-02-28 15:27:12 +1000 |
| commit | a442078ee4c257e8c013a6edeec72de2267eb9da (patch) | |
| tree | 4aa2fc3a849683ad60cb01081b3023b5b35ea8af /src | |
| parent | cc610ad9b648d5d66c03d3f97be4977e9562cf5f (diff) | |
feat: Remove autogenerated key functionality
This commit removes the functionality that automatically generates and writes
keys to *_autogenerated files. The key derivation logic is preserved, but
derived keys are now only stored in memory and not written to disk.
Changes include:
- Remove loading from *_autogenerated key files
- Make WriteKeyToFile a no-op function
- Remove all file writing operations in SetKey methods
- Remove file writing for keyblobs and other derived keys
- Update copyright notices
This change improves security by not storing derived keys on disk and
simplifies the key management system.
Diffstat (limited to 'src')
| -rw-r--r-- | src/core/crypto/key_manager.cpp | 96 | ||||
| -rw-r--r-- | src/core/crypto/key_manager.h | 1 |
2 files changed, 6 insertions, 91 deletions
diff --git a/src/core/crypto/key_manager.cpp b/src/core/crypto/key_manager.cpp index d00188fad..e61a59fc9 100644 --- a/src/core/crypto/key_manager.cpp +++ b/src/core/crypto/key_manager.cpp @@ -1,4 +1,5 @@ // SPDX-FileCopyrightText: Copyright 2018 yuzu Emulator Project +// SPDX-FileCopyrightText: Copyright 2025 citron Emulator Project // SPDX-License-Identifier: GPL-2.0-or-later #include <algorithm> @@ -648,17 +649,13 @@ void KeyManager::ReloadKeys() { if (Settings::values.use_dev_keys) { dev_mode = true; - LoadFromFile(citron_keys_dir / "dev.keys_autogenerated", false); LoadFromFile(citron_keys_dir / "dev.keys", false); } else { dev_mode = false; - LoadFromFile(citron_keys_dir / "prod.keys_autogenerated", false); LoadFromFile(citron_keys_dir / "prod.keys", false); } - LoadFromFile(citron_keys_dir / "title.keys_autogenerated", true); LoadFromFile(citron_keys_dir / "title.keys", true); - LoadFromFile(citron_keys_dir / "console.keys_autogenerated", false); LoadFromFile(citron_keys_dir / "console.keys", false); } @@ -847,87 +844,15 @@ Key256 KeyManager::GetBISKey(u8 partition_id) const { template <size_t Size> void KeyManager::WriteKeyToFile(KeyCategory category, std::string_view keyname, const std::array<u8, Size>& key) { - const auto citron_keys_dir = Common::FS::GetCitronPath(Common::FS::CitronPath::KeysDir); - - std::string filename = "title.keys_autogenerated"; - - if (category == KeyCategory::Standard) { - filename = dev_mode ? "dev.keys_autogenerated" : "prod.keys_autogenerated"; - } else if (category == KeyCategory::Console) { - filename = "console.keys_autogenerated"; - } - - const auto path = citron_keys_dir / filename; - const auto add_info_text = !Common::FS::Exists(path); - - Common::FS::IOFile file{path, Common::FS::FileAccessMode::Append, - Common::FS::FileType::TextFile}; - - if (!file.IsOpen()) { - return; - } - - if (add_info_text) { - void(file.WriteString( - "# This file is autogenerated by Citron\n" - "# It serves to store keys that were automatically generated from the normal keys\n" - "# If you are experiencing issues involving keys, it may help to delete this file\n")); - } - - void(file.WriteString(fmt::format("\n{} = {}", keyname, Common::HexToString(key)))); - LoadFromFile(path, category == KeyCategory::Title); + // Function is now a no-op - keys are no longer written to autogenerated files } void KeyManager::SetKey(S128KeyType id, Key128 key, u64 field1, u64 field2) { if (s128_keys.find({id, field1, field2}) != s128_keys.end() || key == Key128{}) { return; } - if (id == S128KeyType::Titlekey) { - Key128 rights_id; - std::memcpy(rights_id.data(), &field2, sizeof(u64)); - std::memcpy(rights_id.data() + sizeof(u64), &field1, sizeof(u64)); - WriteKeyToFile(KeyCategory::Title, Common::HexToString(rights_id), key); - } - - auto category = KeyCategory::Standard; - if (id == S128KeyType::Keyblob || id == S128KeyType::KeyblobMAC || id == S128KeyType::TSEC || - id == S128KeyType::SecureBoot || id == S128KeyType::SDSeed || id == S128KeyType::BIS) { - category = KeyCategory::Console; - } - - const auto iter2 = std::find_if( - s128_file_id.begin(), s128_file_id.end(), [&id, &field1, &field2](const auto& elem) { - return std::tie(elem.second.type, elem.second.field1, elem.second.field2) == - std::tie(id, field1, field2); - }); - if (iter2 != s128_file_id.end()) { - WriteKeyToFile(category, iter2->first, key); - } - - // Variable cases - if (id == S128KeyType::KeyArea) { - static constexpr std::array<const char*, 3> kak_names = { - "key_area_key_application_{:02X}", - "key_area_key_ocean_{:02X}", - "key_area_key_system_{:02X}", - }; - WriteKeyToFile(category, fmt::format(fmt::runtime(kak_names.at(field2)), field1), key); - } else if (id == S128KeyType::Master) { - WriteKeyToFile(category, fmt::format("master_key_{:02X}", field1), key); - } else if (id == S128KeyType::Package1) { - WriteKeyToFile(category, fmt::format("package1_key_{:02X}", field1), key); - } else if (id == S128KeyType::Package2) { - WriteKeyToFile(category, fmt::format("package2_key_{:02X}", field1), key); - } else if (id == S128KeyType::Titlekek) { - WriteKeyToFile(category, fmt::format("titlekek_{:02X}", field1), key); - } else if (id == S128KeyType::Keyblob) { - WriteKeyToFile(category, fmt::format("keyblob_key_{:02X}", field1), key); - } else if (id == S128KeyType::KeyblobMAC) { - WriteKeyToFile(category, fmt::format("keyblob_mac_key_{:02X}", field1), key); - } else if (id == S128KeyType::Source && field1 == static_cast<u64>(SourceKeyType::Keyblob)) { - WriteKeyToFile(category, fmt::format("keyblob_key_source_{:02X}", field2), key); - } + // Store the key in memory but don't write to file s128_keys[{id, field1, field2}] = key; } @@ -935,14 +860,8 @@ void KeyManager::SetKey(S256KeyType id, Key256 key, u64 field1, u64 field2) { if (s256_keys.find({id, field1, field2}) != s256_keys.end() || key == Key256{}) { return; } - const auto iter = std::find_if( - s256_file_id.begin(), s256_file_id.end(), [&id, &field1, &field2](const auto& elem) { - return std::tie(elem.second.type, elem.second.field1, elem.second.field2) == - std::tie(id, field1, field2); - }); - if (iter != s256_file_id.end()) { - WriteKeyToFile(KeyCategory::Standard, iter->first, key); - } + + // Store the key in memory but don't write to file s256_keys[{id, field1, field2}] = key; } @@ -1052,8 +971,6 @@ void KeyManager::DeriveBase() { // Decrypt keyblob if (keyblobs[i] == std::array<u8, 0x90>{}) { keyblobs[i] = DecryptKeyblob(encrypted_keyblobs[i], key); - WriteKeyToFile<0x90>(KeyCategory::Console, fmt::format("keyblob_{:02X}", i), - keyblobs[i]); } Key128 package1; @@ -1183,7 +1100,6 @@ void KeyManager::DeriveETicket(PartitionDataManager& data, data.DecryptProdInfo(GetBISKey(0)); eticket_extended_kek = data.GetETicketExtendedKek(); - WriteKeyToFile(KeyCategory::Console, "eticket_extended_kek", eticket_extended_kek); DeriveETicketRSAKey(); PopulateTickets(); } @@ -1261,8 +1177,6 @@ void KeyManager::PopulateFromPartitionData(PartitionDataManager& data) { continue; } encrypted_keyblobs[i] = data.GetEncryptedKeyblob(i); - WriteKeyToFile<0xB0>(KeyCategory::Console, fmt::format("encrypted_keyblob_{:02X}", i), - encrypted_keyblobs[i]); } SetKeyWrapped(S128KeyType::Source, data.GetPackage2KeySource(), diff --git a/src/core/crypto/key_manager.h b/src/core/crypto/key_manager.h index 7de21f8a4..0adf3701f 100644 --- a/src/core/crypto/key_manager.h +++ b/src/core/crypto/key_manager.h @@ -1,4 +1,5 @@ // SPDX-FileCopyrightText: Copyright 2018 yuzu Emulator Project +// SPDX-FileCopyrightText: Copyright 2025 citron Emulator Project // SPDX-License-Identifier: GPL-2.0-or-later #pragma once |