[makerom] Fix encryption for production target.

This commit is contained in:
jakcron
2017-05-28 20:46:30 +08:00
parent d185b18f27
commit 5757ba20de
7 changed files with 25 additions and 22 deletions
+4 -6
View File
@@ -23,10 +23,7 @@ int set_AccessDesc(exheader_settings *exhdrset)
return accessdesc_GetSignFromPreset(exhdrset);
else if(exhdrset->rsf->CommonHeaderKey.Found == true) // Keydata exists in RSF
return accessdesc_GetSignFromRsf(exhdrset);
else if (Rsa2048Key_CanSign(&exhdrset->keys->rsa.acex) == false) // sign using rsa key
return accessdesc_SignWithKey(exhdrset);
return 1;
return accessdesc_SignWithKey(exhdrset);
}
int accessdesc_SignWithKey(exheader_settings *exhdrset)
@@ -48,13 +45,14 @@ int accessdesc_SignWithKey(exheader_settings *exhdrset)
arm11->threadPriority /= 2;
/* Sign AccessDesc */
if (SignAccessDesc(exhdrset->acexDesc, exhdrset->keys) != 0)
if (Rsa2048Key_CanSign(&exhdrset->keys->rsa.acex) == false)
{
printf("[ACEXDESC WARNING] Failed to sign access descriptor\n");
memset(exhdrset->acexDesc->signature, 0xFF, 0x100);
return 0;
}
return 0;
return SignAccessDesc(exhdrset->acexDesc, exhdrset->keys);
}
int accessdesc_GetSignFromRsf(exheader_settings *exhdrset)
+1 -1
View File
@@ -391,5 +391,5 @@ void Rsa2048Key_Set(rsa2048_key* key, const u8* pvt, const u8* pub)
bool Rsa2048Key_CanSign(const rsa2048_key* key)
{
static const u8 rsa2048[RSA_2048_KEY_SIZE] = { 0 };
return memcmp(key->pub, rsa2048, RSA_2048_KEY_SIZE) != 0 || memcmp(key->pvt, rsa2048, RSA_2048_KEY_SIZE) != 0;
return memcmp(key->pub, rsa2048, RSA_2048_KEY_SIZE) != 0 && memcmp(key->pvt, rsa2048, RSA_2048_KEY_SIZE) != 0;
}
-1
View File
@@ -30,7 +30,6 @@ typedef enum
} pki_keyset;
// Structs
typedef struct
{
u8 *pub;
+10 -6
View File
@@ -36,27 +36,31 @@ bool IsValidProductCode(char *ProductCode, bool FreeProductCode);
// Code
int SignCFA(ncch_hdr *hdr, keys_struct *keys)
{
if (RsaSignVerify(GetNcchHdrData(hdr), GetNcchHdrDataLen(hdr), GetNcchHdrSig(hdr), keys->rsa.cciCfa.pub, keys->rsa.cciCfa.pvt, RSA_2048_SHA256, CTR_RSA_SIGN) != 0)
if (Rsa2048Key_CanSign(&keys->rsa.cciCfa) == false)
{
printf("[NCCH WARNING] Failed to sign CFA header\n");
memset(GetNcchHdrSig(hdr), 0xFF, 0x100);
return 0;
}
return 0;
return RsaSignVerify(GetNcchHdrData(hdr), GetNcchHdrDataLen(hdr), GetNcchHdrSig(hdr), keys->rsa.cciCfa.pub, keys->rsa.cciCfa.pvt, RSA_2048_SHA256, CTR_RSA_SIGN);
}
int CheckCFASignature(ncch_hdr *hdr, keys_struct *keys)
{
return RsaSignVerify(GetNcchHdrData(hdr),GetNcchHdrDataLen(hdr),GetNcchHdrSig(hdr),keys->rsa.cciCfa.pub,NULL,RSA_2048_SHA256,CTR_RSA_VERIFY);
return RsaSignVerify(GetNcchHdrData(hdr),GetNcchHdrDataLen(hdr),GetNcchHdrSig(hdr), keys->rsa.cciCfa.pub, keys->rsa.cciCfa.pvt, RSA_2048_SHA256,CTR_RSA_VERIFY);
}
int SignCXI(ncch_hdr *hdr, keys_struct *keys)
{
if (RsaSignVerify(GetNcchHdrData(hdr), GetNcchHdrDataLen(hdr), GetNcchHdrSig(hdr), keys->rsa.cxi.pub, keys->rsa.cxi.pvt, RSA_2048_SHA256, CTR_RSA_SIGN) != 0)
if (Rsa2048Key_CanSign(&keys->rsa.cxi) == false)
{
printf("[NCCH WARNING] Failed to sign CXI header\n");
memset(GetNcchHdrSig(hdr), 0xFF, 0x100);
return 0;
}
return 0;
return RsaSignVerify(GetNcchHdrData(hdr), GetNcchHdrDataLen(hdr), GetNcchHdrSig(hdr), keys->rsa.cxi.pub, keys->rsa.cxi.pvt, RSA_2048_SHA256, CTR_RSA_SIGN);
}
int CheckCXISignature(ncch_hdr *hdr, u8 *pubk)
@@ -1089,7 +1093,7 @@ bool SetNcchKeys(keys_struct *keys, ncch_hdr *hdr)
return false;
if(keys->aes.ncchKeyX[ncch_keyx_index])
ctr_aes_keygen(keys->aes.ncchKeyX[ncch_keyx_index], hdr->signature, keys->aes.ncchKey0);
ctr_aes_keygen(keys->aes.ncchKeyX[ncch_keyx_index], hdr->signature, keys->aes.ncchKey1);
else
return false;
+4 -4
View File
@@ -579,14 +579,14 @@ int GenCciHdr(cci_settings *set)
// Sign Header
if (RsaSignVerify(&hdr->magic, sizeof(cci_hdr) - RSA_2048_KEY_SIZE, hdr->signature, set->keys->rsa.cciCfa.pub, set->keys->rsa.cciCfa.pvt, RSA_2048_SHA256, CTR_RSA_SIGN) != 0)
if (Rsa2048Key_CanSign(&set->keys->rsa.cciCfa) == false)
{
printf("[NCSD WARNING] Failed to sign header\n");
memset(hdr->signature, 0xFF, 0x100);
return 0;
}
return 0;
return RsaSignVerify(&hdr->magic, sizeof(cci_hdr) - RSA_2048_KEY_SIZE, hdr->signature, set->keys->rsa.cciCfa.pub, set->keys->rsa.cciCfa.pvt, RSA_2048_SHA256, CTR_RSA_SIGN);
}
char* GetMediaSizeStr(u64 mediaSize)
+3 -2
View File
@@ -81,13 +81,14 @@ int SignTicketHeader(buffer_struct *tik, keys_struct *keys)
clrmem(sig,sizeof(tik_signature));
u32_to_u8(sig->sigType,RSA_2048_SHA256,BE);
if (RsaSignVerify(data, len, sig->data, keys->rsa.xs.pub, keys->rsa.xs.pvt, RSA_2048_SHA256, CTR_RSA_SIGN) != 0)
if (Rsa2048Key_CanSign(&keys->rsa.xs) == false)
{
printf("[TIK WARNING] Failed to sign header\n");
memset(sig->data, 0xFF, 0x100);
return 0;
}
return 0;
return RsaSignVerify(data, len, sig->data, keys->rsa.xs.pub, keys->rsa.xs.pvt, RSA_2048_SHA256, CTR_RSA_SIGN);
}
int CryptTitleKey(u8 *input, u8 *output, u8 *titleId, keys_struct *keys, u8 mode)
+3 -2
View File
@@ -71,13 +71,14 @@ int SignTMDHeader(tmd_hdr *hdr, tmd_signature *sig, keys_struct *keys)
clrmem(sig,sizeof(tmd_signature));
u32_to_u8(sig->sigType,RSA_2048_SHA256,BE);
if (RsaSignVerify((u8*)hdr, sizeof(tmd_hdr), sig->data, keys->rsa.cp.pub, keys->rsa.cp.pvt, RSA_2048_SHA256, CTR_RSA_SIGN) != 0)
if (Rsa2048Key_CanSign(&keys->rsa.cp) == false)
{
printf("[TMD WARNING] Failed to sign header\n");
memset(sig->data, 0xFF, 0x100);
return 0;
}
return 0;
return RsaSignVerify((u8*)hdr, sizeof(tmd_hdr), sig->data, keys->rsa.cp.pub, keys->rsa.cp.pvt, RSA_2048_SHA256, CTR_RSA_SIGN);
}
int SetupTMDInfoRecord(tmd_content_info_record *info_record, u8 *content_record, u16 ContentCount)