mirror of
https://github.com/DarkStore-3DS/Project_CTR.git
synced 2026-07-06 08:49:04 +00:00
[makerom] Fix encryption for production target.
This commit is contained in:
@@ -23,10 +23,7 @@ int set_AccessDesc(exheader_settings *exhdrset)
|
|||||||
return accessdesc_GetSignFromPreset(exhdrset);
|
return accessdesc_GetSignFromPreset(exhdrset);
|
||||||
else if(exhdrset->rsf->CommonHeaderKey.Found == true) // Keydata exists in RSF
|
else if(exhdrset->rsf->CommonHeaderKey.Found == true) // Keydata exists in RSF
|
||||||
return accessdesc_GetSignFromRsf(exhdrset);
|
return accessdesc_GetSignFromRsf(exhdrset);
|
||||||
else if (Rsa2048Key_CanSign(&exhdrset->keys->rsa.acex) == false) // sign using rsa key
|
return accessdesc_SignWithKey(exhdrset);
|
||||||
return accessdesc_SignWithKey(exhdrset);
|
|
||||||
|
|
||||||
return 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int accessdesc_SignWithKey(exheader_settings *exhdrset)
|
int accessdesc_SignWithKey(exheader_settings *exhdrset)
|
||||||
@@ -48,13 +45,14 @@ int accessdesc_SignWithKey(exheader_settings *exhdrset)
|
|||||||
arm11->threadPriority /= 2;
|
arm11->threadPriority /= 2;
|
||||||
|
|
||||||
/* Sign AccessDesc */
|
/* Sign AccessDesc */
|
||||||
if (SignAccessDesc(exhdrset->acexDesc, exhdrset->keys) != 0)
|
if (Rsa2048Key_CanSign(&exhdrset->keys->rsa.acex) == false)
|
||||||
{
|
{
|
||||||
printf("[ACEXDESC WARNING] Failed to sign access descriptor\n");
|
printf("[ACEXDESC WARNING] Failed to sign access descriptor\n");
|
||||||
memset(exhdrset->acexDesc->signature, 0xFF, 0x100);
|
memset(exhdrset->acexDesc->signature, 0xFF, 0x100);
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return SignAccessDesc(exhdrset->acexDesc, exhdrset->keys);
|
||||||
}
|
}
|
||||||
|
|
||||||
int accessdesc_GetSignFromRsf(exheader_settings *exhdrset)
|
int accessdesc_GetSignFromRsf(exheader_settings *exhdrset)
|
||||||
|
|||||||
+1
-1
@@ -391,5 +391,5 @@ void Rsa2048Key_Set(rsa2048_key* key, const u8* pvt, const u8* pub)
|
|||||||
bool Rsa2048Key_CanSign(const rsa2048_key* key)
|
bool Rsa2048Key_CanSign(const rsa2048_key* key)
|
||||||
{
|
{
|
||||||
static const u8 rsa2048[RSA_2048_KEY_SIZE] = { 0 };
|
static const u8 rsa2048[RSA_2048_KEY_SIZE] = { 0 };
|
||||||
return memcmp(key->pub, rsa2048, RSA_2048_KEY_SIZE) != 0 || memcmp(key->pvt, rsa2048, RSA_2048_KEY_SIZE) != 0;
|
return memcmp(key->pub, rsa2048, RSA_2048_KEY_SIZE) != 0 && memcmp(key->pvt, rsa2048, RSA_2048_KEY_SIZE) != 0;
|
||||||
}
|
}
|
||||||
@@ -30,7 +30,6 @@ typedef enum
|
|||||||
} pki_keyset;
|
} pki_keyset;
|
||||||
|
|
||||||
// Structs
|
// Structs
|
||||||
|
|
||||||
typedef struct
|
typedef struct
|
||||||
{
|
{
|
||||||
u8 *pub;
|
u8 *pub;
|
||||||
|
|||||||
+10
-6
@@ -36,27 +36,31 @@ bool IsValidProductCode(char *ProductCode, bool FreeProductCode);
|
|||||||
// Code
|
// Code
|
||||||
int SignCFA(ncch_hdr *hdr, keys_struct *keys)
|
int SignCFA(ncch_hdr *hdr, keys_struct *keys)
|
||||||
{
|
{
|
||||||
if (RsaSignVerify(GetNcchHdrData(hdr), GetNcchHdrDataLen(hdr), GetNcchHdrSig(hdr), keys->rsa.cciCfa.pub, keys->rsa.cciCfa.pvt, RSA_2048_SHA256, CTR_RSA_SIGN) != 0)
|
if (Rsa2048Key_CanSign(&keys->rsa.cciCfa) == false)
|
||||||
{
|
{
|
||||||
printf("[NCCH WARNING] Failed to sign CFA header\n");
|
printf("[NCCH WARNING] Failed to sign CFA header\n");
|
||||||
memset(GetNcchHdrSig(hdr), 0xFF, 0x100);
|
memset(GetNcchHdrSig(hdr), 0xFF, 0x100);
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
return 0;
|
|
||||||
|
return RsaSignVerify(GetNcchHdrData(hdr), GetNcchHdrDataLen(hdr), GetNcchHdrSig(hdr), keys->rsa.cciCfa.pub, keys->rsa.cciCfa.pvt, RSA_2048_SHA256, CTR_RSA_SIGN);
|
||||||
}
|
}
|
||||||
|
|
||||||
int CheckCFASignature(ncch_hdr *hdr, keys_struct *keys)
|
int CheckCFASignature(ncch_hdr *hdr, keys_struct *keys)
|
||||||
{
|
{
|
||||||
return RsaSignVerify(GetNcchHdrData(hdr),GetNcchHdrDataLen(hdr),GetNcchHdrSig(hdr),keys->rsa.cciCfa.pub,NULL,RSA_2048_SHA256,CTR_RSA_VERIFY);
|
return RsaSignVerify(GetNcchHdrData(hdr),GetNcchHdrDataLen(hdr),GetNcchHdrSig(hdr), keys->rsa.cciCfa.pub, keys->rsa.cciCfa.pvt, RSA_2048_SHA256,CTR_RSA_VERIFY);
|
||||||
}
|
}
|
||||||
|
|
||||||
int SignCXI(ncch_hdr *hdr, keys_struct *keys)
|
int SignCXI(ncch_hdr *hdr, keys_struct *keys)
|
||||||
{
|
{
|
||||||
if (RsaSignVerify(GetNcchHdrData(hdr), GetNcchHdrDataLen(hdr), GetNcchHdrSig(hdr), keys->rsa.cxi.pub, keys->rsa.cxi.pvt, RSA_2048_SHA256, CTR_RSA_SIGN) != 0)
|
if (Rsa2048Key_CanSign(&keys->rsa.cxi) == false)
|
||||||
{
|
{
|
||||||
printf("[NCCH WARNING] Failed to sign CXI header\n");
|
printf("[NCCH WARNING] Failed to sign CXI header\n");
|
||||||
memset(GetNcchHdrSig(hdr), 0xFF, 0x100);
|
memset(GetNcchHdrSig(hdr), 0xFF, 0x100);
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
return 0;
|
|
||||||
|
return RsaSignVerify(GetNcchHdrData(hdr), GetNcchHdrDataLen(hdr), GetNcchHdrSig(hdr), keys->rsa.cxi.pub, keys->rsa.cxi.pvt, RSA_2048_SHA256, CTR_RSA_SIGN);
|
||||||
}
|
}
|
||||||
|
|
||||||
int CheckCXISignature(ncch_hdr *hdr, u8 *pubk)
|
int CheckCXISignature(ncch_hdr *hdr, u8 *pubk)
|
||||||
@@ -1089,7 +1093,7 @@ bool SetNcchKeys(keys_struct *keys, ncch_hdr *hdr)
|
|||||||
return false;
|
return false;
|
||||||
|
|
||||||
if(keys->aes.ncchKeyX[ncch_keyx_index])
|
if(keys->aes.ncchKeyX[ncch_keyx_index])
|
||||||
ctr_aes_keygen(keys->aes.ncchKeyX[ncch_keyx_index], hdr->signature, keys->aes.ncchKey0);
|
ctr_aes_keygen(keys->aes.ncchKeyX[ncch_keyx_index], hdr->signature, keys->aes.ncchKey1);
|
||||||
else
|
else
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
|||||||
+4
-4
@@ -579,14 +579,14 @@ int GenCciHdr(cci_settings *set)
|
|||||||
|
|
||||||
|
|
||||||
// Sign Header
|
// Sign Header
|
||||||
if (RsaSignVerify(&hdr->magic, sizeof(cci_hdr) - RSA_2048_KEY_SIZE, hdr->signature, set->keys->rsa.cciCfa.pub, set->keys->rsa.cciCfa.pvt, RSA_2048_SHA256, CTR_RSA_SIGN) != 0)
|
if (Rsa2048Key_CanSign(&set->keys->rsa.cciCfa) == false)
|
||||||
{
|
{
|
||||||
printf("[NCSD WARNING] Failed to sign header\n");
|
printf("[NCSD WARNING] Failed to sign header\n");
|
||||||
memset(hdr->signature, 0xFF, 0x100);
|
memset(hdr->signature, 0xFF, 0x100);
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return RsaSignVerify(&hdr->magic, sizeof(cci_hdr) - RSA_2048_KEY_SIZE, hdr->signature, set->keys->rsa.cciCfa.pub, set->keys->rsa.cciCfa.pvt, RSA_2048_SHA256, CTR_RSA_SIGN);
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
char* GetMediaSizeStr(u64 mediaSize)
|
char* GetMediaSizeStr(u64 mediaSize)
|
||||||
|
|||||||
+3
-2
@@ -81,13 +81,14 @@ int SignTicketHeader(buffer_struct *tik, keys_struct *keys)
|
|||||||
clrmem(sig,sizeof(tik_signature));
|
clrmem(sig,sizeof(tik_signature));
|
||||||
u32_to_u8(sig->sigType,RSA_2048_SHA256,BE);
|
u32_to_u8(sig->sigType,RSA_2048_SHA256,BE);
|
||||||
|
|
||||||
if (RsaSignVerify(data, len, sig->data, keys->rsa.xs.pub, keys->rsa.xs.pvt, RSA_2048_SHA256, CTR_RSA_SIGN) != 0)
|
if (Rsa2048Key_CanSign(&keys->rsa.xs) == false)
|
||||||
{
|
{
|
||||||
printf("[TIK WARNING] Failed to sign header\n");
|
printf("[TIK WARNING] Failed to sign header\n");
|
||||||
memset(sig->data, 0xFF, 0x100);
|
memset(sig->data, 0xFF, 0x100);
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return RsaSignVerify(data, len, sig->data, keys->rsa.xs.pub, keys->rsa.xs.pvt, RSA_2048_SHA256, CTR_RSA_SIGN);
|
||||||
}
|
}
|
||||||
|
|
||||||
int CryptTitleKey(u8 *input, u8 *output, u8 *titleId, keys_struct *keys, u8 mode)
|
int CryptTitleKey(u8 *input, u8 *output, u8 *titleId, keys_struct *keys, u8 mode)
|
||||||
|
|||||||
+3
-2
@@ -71,13 +71,14 @@ int SignTMDHeader(tmd_hdr *hdr, tmd_signature *sig, keys_struct *keys)
|
|||||||
clrmem(sig,sizeof(tmd_signature));
|
clrmem(sig,sizeof(tmd_signature));
|
||||||
u32_to_u8(sig->sigType,RSA_2048_SHA256,BE);
|
u32_to_u8(sig->sigType,RSA_2048_SHA256,BE);
|
||||||
|
|
||||||
if (RsaSignVerify((u8*)hdr, sizeof(tmd_hdr), sig->data, keys->rsa.cp.pub, keys->rsa.cp.pvt, RSA_2048_SHA256, CTR_RSA_SIGN) != 0)
|
if (Rsa2048Key_CanSign(&keys->rsa.cp) == false)
|
||||||
{
|
{
|
||||||
printf("[TMD WARNING] Failed to sign header\n");
|
printf("[TMD WARNING] Failed to sign header\n");
|
||||||
memset(sig->data, 0xFF, 0x100);
|
memset(sig->data, 0xFF, 0x100);
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return RsaSignVerify((u8*)hdr, sizeof(tmd_hdr), sig->data, keys->rsa.cp.pub, keys->rsa.cp.pvt, RSA_2048_SHA256, CTR_RSA_SIGN);
|
||||||
}
|
}
|
||||||
|
|
||||||
int SetupTMDInfoRecord(tmd_content_info_record *info_record, u8 *content_record, u16 ContentCount)
|
int SetupTMDInfoRecord(tmd_content_info_record *info_record, u8 *content_record, u16 ContentCount)
|
||||||
|
|||||||
Reference in New Issue
Block a user