2020-12-22 00:16:09 +01:00
|
|
|
// Copyright (C) 2014 Hykem <hykem@hotmail.com>
|
2021-05-02 10:26:32 +02:00
|
|
|
// Licensed under the terms of the GNU GPL, version 2.0 or later versions.
|
|
|
|
|
// http://www.gnu.org/licenses/gpl-2.0.txt
|
2014-10-01 15:57:44 +02:00
|
|
|
|
2017-06-18 22:47:24 +02:00
|
|
|
#include "utils.h"
|
2020-11-19 21:02:39 +01:00
|
|
|
#include "aes.h"
|
|
|
|
|
#include "sha1.h"
|
2021-07-27 11:04:46 +02:00
|
|
|
#include "key_vault.h"
|
2017-06-18 22:47:24 +02:00
|
|
|
#include <cstring>
|
|
|
|
|
#include <stdio.h>
|
2014-10-01 15:57:44 +02:00
|
|
|
#include <time.h>
|
2020-03-04 15:08:40 +01:00
|
|
|
#include "Utilities/StrUtil.h"
|
2020-09-25 08:42:41 +02:00
|
|
|
#include "Utilities/File.h"
|
2014-04-12 11:42:20 +02:00
|
|
|
|
2017-01-23 17:41:47 +01:00
|
|
|
#include <memory>
|
2020-03-04 15:08:40 +01:00
|
|
|
#include <string>
|
|
|
|
|
#include <string_view>
|
2021-05-30 16:10:46 +02:00
|
|
|
#include <span>
|
2017-01-23 17:41:47 +01:00
|
|
|
|
2019-11-28 19:18:37 +01:00
|
|
|
// Auxiliary functions (endian swap, xor).
|
2014-03-30 22:09:49 +02:00
|
|
|
|
2014-04-12 11:42:20 +02:00
|
|
|
// Hex string conversion auxiliary functions.
|
|
|
|
|
u64 hex_to_u64(const char* hex_str)
|
|
|
|
|
{
|
2019-11-28 19:18:37 +01:00
|
|
|
auto length = std::strlen(hex_str);
|
2014-04-12 11:42:20 +02:00
|
|
|
u64 tmp = 0;
|
|
|
|
|
u64 result = 0;
|
|
|
|
|
char c;
|
|
|
|
|
|
|
|
|
|
while (length--)
|
|
|
|
|
{
|
|
|
|
|
c = *hex_str++;
|
|
|
|
|
if((c >= '0') && (c <= '9'))
|
|
|
|
|
tmp = c - '0';
|
|
|
|
|
else if((c >= 'a') && (c <= 'f'))
|
|
|
|
|
tmp = c - 'a' + 10;
|
|
|
|
|
else if((c >= 'A') && (c <= 'F'))
|
|
|
|
|
tmp = c - 'A' + 10;
|
|
|
|
|
else
|
|
|
|
|
tmp = 0;
|
|
|
|
|
result |= (tmp << (length * 4));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-18 22:47:24 +02:00
|
|
|
void hex_to_bytes(unsigned char* data, const char* hex_str, unsigned int str_length)
|
2014-03-03 05:48:07 +01:00
|
|
|
{
|
2021-04-09 21:12:47 +02:00
|
|
|
const auto strn_length = (str_length > 0) ? str_length : std::strlen(hex_str);
|
2019-11-28 19:18:37 +01:00
|
|
|
auto data_length = strn_length / 2;
|
2014-03-03 05:48:07 +01:00
|
|
|
char tmp_buf[3] = {0, 0, 0};
|
|
|
|
|
|
|
|
|
|
// Don't convert if the string length is odd.
|
2017-06-18 22:47:24 +02:00
|
|
|
if ((strn_length % 2) == 0)
|
2014-03-03 05:48:07 +01:00
|
|
|
{
|
2017-06-18 22:47:24 +02:00
|
|
|
while (data_length--)
|
2014-03-03 05:48:07 +01:00
|
|
|
{
|
|
|
|
|
tmp_buf[0] = *hex_str++;
|
|
|
|
|
tmp_buf[1] = *hex_str++;
|
|
|
|
|
|
2019-11-28 19:18:37 +01:00
|
|
|
*data++ = static_cast<u8>(hex_to_u64(tmp_buf) & 0xFF);
|
2014-03-03 05:48:07 +01:00
|
|
|
}
|
|
|
|
|
}
|
2014-03-30 22:09:49 +02:00
|
|
|
}
|
|
|
|
|
|
2014-10-01 15:57:44 +02:00
|
|
|
|
2014-03-30 22:09:49 +02:00
|
|
|
// Crypto functions (AES128-CBC, AES128-ECB, SHA1-HMAC and AES-CMAC).
|
|
|
|
|
void aescbc128_decrypt(unsigned char *key, unsigned char *iv, unsigned char *in, unsigned char *out, int len)
|
|
|
|
|
{
|
|
|
|
|
aes_context ctx;
|
|
|
|
|
aes_setkey_dec(&ctx, key, 128);
|
|
|
|
|
aes_crypt_cbc(&ctx, AES_DECRYPT, len, iv, in, out);
|
|
|
|
|
|
|
|
|
|
// Reset the IV.
|
|
|
|
|
memset(iv, 0, 0x10);
|
|
|
|
|
}
|
|
|
|
|
|
2014-10-01 15:57:44 +02:00
|
|
|
void aescbc128_encrypt(unsigned char *key, unsigned char *iv, unsigned char *in, unsigned char *out, int len)
|
|
|
|
|
{
|
|
|
|
|
aes_context ctx;
|
|
|
|
|
aes_setkey_enc(&ctx, key, 128);
|
|
|
|
|
aes_crypt_cbc(&ctx, AES_ENCRYPT, len, iv, in, out);
|
|
|
|
|
|
|
|
|
|
// Reset the IV.
|
|
|
|
|
memset(iv, 0, 0x10);
|
|
|
|
|
}
|
|
|
|
|
|
2014-03-30 22:09:49 +02:00
|
|
|
void aesecb128_encrypt(unsigned char *key, unsigned char *in, unsigned char *out)
|
|
|
|
|
{
|
|
|
|
|
aes_context ctx;
|
|
|
|
|
aes_setkey_enc(&ctx, key, 128);
|
|
|
|
|
aes_crypt_ecb(&ctx, AES_ENCRYPT, in, out);
|
|
|
|
|
}
|
|
|
|
|
|
2014-10-01 15:57:44 +02:00
|
|
|
bool hmac_hash_compare(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash, int hash_len)
|
2014-03-30 22:09:49 +02:00
|
|
|
{
|
2021-04-09 21:12:47 +02:00
|
|
|
const std::unique_ptr<u8[]> out(new u8[key_len]);
|
2014-03-30 22:09:49 +02:00
|
|
|
|
2017-03-07 01:59:05 +01:00
|
|
|
sha1_hmac(key, key_len, in, in_len, out.get());
|
2014-04-12 11:42:20 +02:00
|
|
|
|
2017-03-07 01:59:05 +01:00
|
|
|
return std::memcmp(out.get(), hash, hash_len) == 0;
|
2014-03-30 22:09:49 +02:00
|
|
|
}
|
|
|
|
|
|
2014-10-01 15:57:44 +02:00
|
|
|
void hmac_hash_forge(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash)
|
|
|
|
|
{
|
|
|
|
|
sha1_hmac(key, key_len, in, in_len, hash);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool cmac_hash_compare(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash, int hash_len)
|
2014-03-30 22:09:49 +02:00
|
|
|
{
|
2021-04-09 21:12:47 +02:00
|
|
|
const std::unique_ptr<u8[]> out(new u8[key_len]);
|
2014-03-30 22:09:49 +02:00
|
|
|
|
|
|
|
|
aes_context ctx;
|
|
|
|
|
aes_setkey_enc(&ctx, key, 128);
|
2017-03-07 01:59:05 +01:00
|
|
|
aes_cmac(&ctx, in_len, in, out.get());
|
2014-04-12 11:42:20 +02:00
|
|
|
|
2017-03-07 01:59:05 +01:00
|
|
|
return std::memcmp(out.get(), hash, hash_len) == 0;
|
2014-03-30 22:09:49 +02:00
|
|
|
}
|
|
|
|
|
|
2021-03-05 20:05:37 +01:00
|
|
|
void cmac_hash_forge(unsigned char *key, int /*key_len*/, unsigned char *in, int in_len, unsigned char *hash)
|
2014-03-30 22:09:49 +02:00
|
|
|
{
|
2014-10-01 15:57:44 +02:00
|
|
|
aes_context ctx;
|
|
|
|
|
aes_setkey_enc(&ctx, key, 128);
|
|
|
|
|
aes_cmac(&ctx, in_len, in, hash);
|
2014-04-12 11:42:20 +02:00
|
|
|
}
|
2014-10-01 15:57:44 +02:00
|
|
|
|
2020-10-10 09:19:49 +02:00
|
|
|
char* extract_file_name(const char* file_path, char real_file_name[CRYPTO_MAX_PATH])
|
2014-10-01 15:57:44 +02:00
|
|
|
{
|
2020-03-04 15:08:40 +01:00
|
|
|
std::string_view v(file_path);
|
2020-03-04 21:39:50 +01:00
|
|
|
|
2021-04-09 21:12:47 +02:00
|
|
|
if (const auto pos = v.find_last_of(fs::delim); pos != umax)
|
2020-03-04 21:39:50 +01:00
|
|
|
{
|
|
|
|
|
v.remove_prefix(pos + 1);
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-30 16:10:46 +02:00
|
|
|
std::span r(real_file_name, CRYPTO_MAX_PATH);
|
2020-03-04 15:08:40 +01:00
|
|
|
strcpy_trunc(r, v);
|
2014-10-01 15:57:44 +02:00
|
|
|
return real_file_name;
|
2016-02-01 22:52:27 +01:00
|
|
|
}
|
2021-04-18 20:33:38 +02:00
|
|
|
|
|
|
|
|
void mbedtls_zeroize(void *v, size_t n)
|
|
|
|
|
{
|
|
|
|
|
static void *(*const volatile unop_memset)(void *, int, size_t) = &memset;
|
|
|
|
|
(void)unop_memset(v, 0, n);
|
|
|
|
|
}
|
2021-07-27 11:04:46 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
// SC passphrase crypto
|
|
|
|
|
|
|
|
|
|
void sc_form_key(const u8* sc_key, const std::array<u8, PASSPHRASE_KEY_LEN>& laid_paid, u8* key)
|
|
|
|
|
{
|
|
|
|
|
for (u32 i = 0; i < PASSPHRASE_KEY_LEN; i++)
|
|
|
|
|
{
|
|
|
|
|
key[i] = static_cast<u8>(sc_key[i] ^ laid_paid[i]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::array<u8, PASSPHRASE_KEY_LEN> sc_combine_laid_paid(s64 laid, s64 paid)
|
|
|
|
|
{
|
|
|
|
|
const std::string paid_laid = fmt::format("%016llx%016llx", laid, paid);
|
|
|
|
|
std::array<u8, PASSPHRASE_KEY_LEN> out{};
|
|
|
|
|
hex_to_bytes(out.data(), paid_laid.c_str(), PASSPHRASE_KEY_LEN * 2);
|
|
|
|
|
return out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::array<u8, PASSPHRASE_KEY_LEN> vtrm_get_laid_paid_from_type(int type)
|
|
|
|
|
{
|
|
|
|
|
// No idea what this type stands for
|
|
|
|
|
switch (type)
|
|
|
|
|
{
|
|
|
|
|
case 0: return sc_combine_laid_paid(0xFFFFFFFFFFFFFFFFL, 0xFFFFFFFFFFFFFFFFL);
|
|
|
|
|
case 1: return sc_combine_laid_paid(LAID_2, 0x1070000000000001L);
|
|
|
|
|
case 2: return sc_combine_laid_paid(LAID_2, 0x0000000000000000L);
|
|
|
|
|
case 3: return sc_combine_laid_paid(LAID_2, PAID_69);
|
|
|
|
|
default:
|
|
|
|
|
fmt::throw_exception("vtrm_get_laid_paid_from_type: Wrong type specified (type=%d)", type);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::array<u8, PASSPHRASE_KEY_LEN> vtrm_portability_laid_paid()
|
|
|
|
|
{
|
|
|
|
|
// 107000002A000001
|
|
|
|
|
return sc_combine_laid_paid(0x0000000000000000L, 0x0000000000000000L);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int sc_decrypt(const u8* sc_key, const std::array<u8, PASSPHRASE_KEY_LEN>& laid_paid, u8* iv, u8* input, u8* output)
|
|
|
|
|
{
|
|
|
|
|
aes_context ctx;
|
|
|
|
|
u8 key[PASSPHRASE_KEY_LEN];
|
|
|
|
|
sc_form_key(sc_key, laid_paid, key);
|
|
|
|
|
aes_setkey_dec(&ctx, key, 128);
|
|
|
|
|
return aes_crypt_cbc(&ctx, AES_DECRYPT, PASSPHRASE_OUT_LEN, iv, input, output);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int vtrm_decrypt(int type, u8* iv, u8* input, u8* output)
|
|
|
|
|
{
|
|
|
|
|
return sc_decrypt(SC_ISO_SERIES_KEY_2, vtrm_get_laid_paid_from_type(type), iv, input, output);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int vtrm_decrypt_master(s64 laid, s64 paid, u8* iv, u8* input, u8* output)
|
|
|
|
|
{
|
|
|
|
|
return sc_decrypt(SC_ISO_SERIES_INTERNAL_KEY_3, sc_combine_laid_paid(laid, paid), iv, input, output);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const u8* vtrm_portability_type_mapper(int type)
|
|
|
|
|
{
|
|
|
|
|
// No idea what this type stands for
|
|
|
|
|
switch (type)
|
|
|
|
|
{
|
|
|
|
|
//case 0: return key_for_type_1;
|
|
|
|
|
case 1: return SC_ISO_SERIES_KEY_2;
|
|
|
|
|
case 2: return SC_ISO_SERIES_KEY_1;
|
|
|
|
|
case 3: return SC_KEY_FOR_MASTER_2;
|
|
|
|
|
default:
|
|
|
|
|
fmt::throw_exception("vtrm_portability_type_mapper: Wrong type specified (type=%d)", type);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int vtrm_decrypt_with_portability(int type, u8* iv, u8* input, u8* output)
|
|
|
|
|
{
|
|
|
|
|
return sc_decrypt(vtrm_portability_type_mapper(type), vtrm_portability_laid_paid(), iv, input, output);
|
|
|
|
|
}
|
