KIRK Crypto Engine
This page will be used to document the KIRK Crypto Engine and will be updated as new info is learned (data may change).
The KIRK Crypto Engine is a security hardware device that is embedded into the TACHYON main IC chip. It is a bus master and can DMA to/from main DDR RAM memory, operating independantly of the CPU. It is intefaced via memory mapped registers at base of 0xBDE00000 (SPOCK on the other hand is mapped to 0xBDF00000).
It is capable of performing AES encryption, SHA1 Hash, and random number generation.
KIRK Operations (set in 0xBDE00010 register):
-
// Private Sig + Cipher
-
0×01: Super-Duper decryption (no inverse)
-
0×02: Encrypt Operation (inverse of 0×03)
-
0×03: Decrypt Operation (inverse of 0×02)
-
-
// Cipher
-
0×04: Encrypt Operation (inverse of 0×07) (IV=0)
-
0×05: Encrypt Operation (inverse of 0×08) (IV=FuseID)
-
0×06: Encrypt Operation (inverse of 0×09) (IV=UserDefined)
-
0×07: Decrypt Operation (inverse of 0×04)
-
0×08: Decrypt Operation (inverse of 0×05)
-
0×09: Decrypt Operation (inverse of 0×06)
-
-
// Sig Gens
-
0x0A: Private Signature Check (checks for private SCE sig)
-
0x0B: SHA1 Hash
-
0x0C: Mul1
-
0x0D: Mul2
-
0x0E: Random Number Gen
-
0x0F: (absolutely no idea – could be KIRK initialization)
-
0×10: Signature Gen
-
-
// Sig Checks
-
0×11: Signature Check (checks for generated sigs)
-
0×12: Certificate Check (idstorage signatures)
KIRK Errors (returned in 0xBDE00014 register):
-
0×00: Operation Success, no error
-
0×01: KIRK not enabled
-
0×02: Invalid mode
-
0×03: Header check invalid
-
0×04: Data check invalid
-
0×05: Sig Check failed
-
0×06:
-
0×07:
-
0×08:
-
0×09:
-
0x0A:
-
0x0B:
-
0x0C: KIRK not initialized
-
0x0D: Invalid Operation (1-18 cmds)
-
0x0E: Invalid seed/code (cipher operations)
-
0x0F: Invalid size? (cipher operations)
-
0×10: Data Size is 0 (sig/cipher operations)
Interface to KIRK device (memory mapped to 0xBDE00000):
-
typedef volatile struct
-
{
-
u32 signature;
-
u32 version;
-
u32 error;
-
u32 proc_phase;
-
u32 command;
-
u32 result;
-
u32 unk_18;
-
u32 status;
-
u32 status_async;
-
u32 status_async_end;
-
u32 status_end;
-
u32 src_addr;
-
u32 dst_addr;
-
-
} PspKirkRegs;
-
-
#define MAKE_PHYS_ADDR(_addr) (((u32)_addr) & 0x1FFFFFFF)
-
#define SYNC() asm("sync")
-
-
#define KIRK_HW_REGISTER_ADDR ((PspKirkRegs *)0xBDE00000)
-
-
u32 DecryptKirkBlock(void *dst, const void *src)
-
{
-
sceKernelDcacheWritebackInvalidateAll();
-
-
PspKirkRegs *const kirk = KIRK_HW_REGISTER_ADDR;
-
-
kirk->command = 1; // decrypt operation
-
kirk->src_addr = MAKE_PHYS_ADDR(src);
-
kirk->dst_addr = MAKE_PHYS_ADDR(dst);
-
-
kirk->proc_phase = 1; // start processing
-
-
while((kirk->status & 0×11) == 0); // wait until processing complete
-
-
if (kirk->status & 0×10) // error occured
-
{
-
kirk->proc_phase = 2;
-
-
while((kirk->status & 2) == 0);
-
-
kirk->status_end = kirk->status;
-
SYNC();
-
return -1;
-
}
-
-
kirk->status_end = kirk->status;
-
SYNC();
-
return(kirk->result);
-
}