CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/ext/libkirk/kirk_engine.c
Views: 1401
/*1Draan proudly presents:23With huge help from community:4coyotebean, Davee, hitchhikr, kgsws, liquidzigong, Mathieulh, Proxima, SilverSpring56******************** KIRK-ENGINE ********************7An Open-Source implementation of KIRK (PSP crypto engine) algorithms and keys.8Includes also additional routines for hash forging.910********************1112This program is free software: you can redistribute it and/or modify13it under the terms of the GNU General Public License as published by14the Free Software Foundation, either version 3 of the License, or15(at your option) any later version.1617This program is distributed in the hope that it will be useful,18but WITHOUT ANY WARRANTY; without even the implied warranty of19MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the20GNU General Public License for more details.2122You should have received a copy of the GNU General Public License23along with this program. If not, see <http://www.gnu.org/licenses/>.24*/2526#include <stdio.h>27#include <stdlib.h>28#include <string.h>29#include <time.h>30#include "kirk_engine.h"31#include "AES.h"32#include "SHA1.h"3334/* ------------------------- KEY VAULT ------------------------- */35unsigned char keyvault[0x80][0x10] =36{37{0x2C, 0x92, 0xE5, 0x90, 0x2B, 0x86, 0xC1, 0x06, 0xB7, 0x2E, 0xEA, 0x6C, 0xD4, 0xEC, 0x72, 0x48},38{0x05, 0x8D, 0xC8, 0x0B, 0x33, 0xA5, 0xBF, 0x9D, 0x56, 0x98, 0xFA, 0xE0, 0xD3, 0x71, 0x5E, 0x1F},39{0xB8, 0x13, 0xC3, 0x5E, 0xC6, 0x44, 0x41, 0xE3, 0xDC, 0x3C, 0x16, 0xF5, 0xB4, 0x5E, 0x64, 0x84},40{0x98, 0x02, 0xC4, 0xE6, 0xEC, 0x9E, 0x9E, 0x2F, 0xFC, 0x63, 0x4C, 0xE4, 0x2F, 0xBB, 0x46, 0x68},41{0x99, 0x24, 0x4C, 0xD2, 0x58, 0xF5, 0x1B, 0xCB, 0xB0, 0x61, 0x9C, 0xA7, 0x38, 0x30, 0x07, 0x5F},42{0x02, 0x25, 0xD7, 0xBA, 0x63, 0xEC, 0xB9, 0x4A, 0x9D, 0x23, 0x76, 0x01, 0xB3, 0xF6, 0xAC, 0x17},43{0x60, 0x99, 0xF2, 0x81, 0x70, 0x56, 0x0E, 0x5F, 0x74, 0x7C, 0xB5, 0x20, 0xC0, 0xCD, 0xC2, 0x3C},44{0x76, 0x36, 0x8B, 0x43, 0x8F, 0x77, 0xD8, 0x7E, 0xFE, 0x5F, 0xB6, 0x11, 0x59, 0x39, 0x88, 0x5C},45{0x14, 0xA1, 0x15, 0xEB, 0x43, 0x4A, 0x1B, 0xA4, 0x90, 0x5E, 0x03, 0xB6, 0x17, 0xA1, 0x5C, 0x04},46{0xE6, 0x58, 0x03, 0xD9, 0xA7, 0x1A, 0xA8, 0x7F, 0x05, 0x9D, 0x22, 0x9D, 0xAF, 0x54, 0x53, 0xD0},47{0xBA, 0x34, 0x80, 0xB4, 0x28, 0xA7, 0xCA, 0x5F, 0x21, 0x64, 0x12, 0xF7, 0x0F, 0xBB, 0x73, 0x23},48{0x72, 0xAD, 0x35, 0xAC, 0x9A, 0xC3, 0x13, 0x0A, 0x77, 0x8C, 0xB1, 0x9D, 0x88, 0x55, 0x0B, 0x0C},49{0x84, 0x85, 0xC8, 0x48, 0x75, 0x08, 0x43, 0xBC, 0x9B, 0x9A, 0xEC, 0xA7, 0x9C, 0x7F, 0x60, 0x18},50{0xB5, 0xB1, 0x6E, 0xDE, 0x23, 0xA9, 0x7B, 0x0E, 0xA1, 0x7C, 0xDB, 0xA2, 0xDC, 0xDE, 0xC4, 0x6E},51{0xC8, 0x71, 0xFD, 0xB3, 0xBC, 0xC5, 0xD2, 0xF2, 0xE2, 0xD7, 0x72, 0x9D, 0xDF, 0x82, 0x68, 0x82},52{0x0A, 0xBB, 0x33, 0x6C, 0x96, 0xD4, 0xCD, 0xD8, 0xCB, 0x5F, 0x4B, 0xE0, 0xBA, 0xDB, 0x9E, 0x03},53{0x32, 0x29, 0x5B, 0xD5, 0xEA, 0xF7, 0xA3, 0x42, 0x16, 0xC8, 0x8E, 0x48, 0xFF, 0x50, 0xD3, 0x71},54{0x46, 0xF2, 0x5E, 0x8E, 0x4D, 0x2A, 0xA5, 0x40, 0x73, 0x0B, 0xC4, 0x6E, 0x47, 0xEE, 0x6F, 0x0A},55{0x5D, 0xC7, 0x11, 0x39, 0xD0, 0x19, 0x38, 0xBC, 0x02, 0x7F, 0xDD, 0xDC, 0xB0, 0x83, 0x7D, 0x9D},56{0x51, 0xDD, 0x65, 0xF0, 0x71, 0xA4, 0xE5, 0xEA, 0x6A, 0xAF, 0x12, 0x19, 0x41, 0x29, 0xB8, 0xF4},57{0x03, 0x76, 0x3C, 0x68, 0x65, 0xC6, 0x9B, 0x0F, 0xFE, 0x8F, 0xD8, 0xEE, 0xA4, 0x36, 0x16, 0xA0},58{0x7D, 0x50, 0xB8, 0x5C, 0xAF, 0x67, 0x69, 0xF0, 0xE5, 0x4A, 0xA8, 0x09, 0x8B, 0x0E, 0xBE, 0x1C},59{0x72, 0x68, 0x4B, 0x32, 0xAC, 0x3B, 0x33, 0x2F, 0x2A, 0x7A, 0xFC, 0x9E, 0x14, 0xD5, 0x6F, 0x6B},60{0x20, 0x1D, 0x31, 0x96, 0x4A, 0xD9, 0x9F, 0xBF, 0x32, 0xD5, 0xD6, 0x1C, 0x49, 0x1B, 0xD9, 0xFC},61{0xF8, 0xD8, 0x44, 0x63, 0xD6, 0x10, 0xD1, 0x2A, 0x44, 0x8E, 0x96, 0x90, 0xA6, 0xBB, 0x0B, 0xAD},62{0x5C, 0xD4, 0x05, 0x7F, 0xA1, 0x30, 0x60, 0x44, 0x0A, 0xD9, 0xB6, 0x74, 0x5F, 0x24, 0x4F, 0x4E},63{0xF4, 0x8A, 0xD6, 0x78, 0x59, 0x9C, 0x22, 0xC1, 0xD4, 0x11, 0x93, 0x3D, 0xF8, 0x45, 0xB8, 0x93},64{0xCA, 0xE7, 0xD2, 0x87, 0xA2, 0xEC, 0xC1, 0xCD, 0x94, 0x54, 0x2B, 0x5E, 0x1D, 0x94, 0x88, 0xB2},65{0xDE, 0x26, 0xD3, 0x7A, 0x39, 0x95, 0x6C, 0x2A, 0xD8, 0xC3, 0xA6, 0xAF, 0x21, 0xEB, 0xB3, 0x01},66{0x7C, 0xB6, 0x8B, 0x4D, 0xA3, 0x8D, 0x1D, 0xD9, 0x32, 0x67, 0x9C, 0xA9, 0x9F, 0xFB, 0x28, 0x52},67{0xA0, 0xB5, 0x56, 0xB4, 0x69, 0xAB, 0x36, 0x8F, 0x36, 0xDE, 0xC9, 0x09, 0x2E, 0xCB, 0x41, 0xB1},68{0x93, 0x9D, 0xE1, 0x9B, 0x72, 0x5F, 0xEE, 0xE2, 0x45, 0x2A, 0xBC, 0x17, 0x06, 0xD1, 0x47, 0x69},69{0xA4, 0xA4, 0xE6, 0x21, 0x38, 0x2E, 0xF1, 0xAF, 0x7B, 0x17, 0x7A, 0xE8, 0x42, 0xAD, 0x00, 0x31},70{0xC3, 0x7F, 0x13, 0xE8, 0xCF, 0x84, 0xDB, 0x34, 0x74, 0x7B, 0xC3, 0xA0, 0xF1, 0x9D, 0x3A, 0x73},71{0x2B, 0xF7, 0x83, 0x8A, 0xD8, 0x98, 0xE9, 0x5F, 0xA5, 0xF9, 0x01, 0xDA, 0x61, 0xFE, 0x35, 0xBB},72{0xC7, 0x04, 0x62, 0x1E, 0x71, 0x4A, 0x66, 0xEA, 0x62, 0xE0, 0x4B, 0x20, 0x3D, 0xB8, 0xC2, 0xE5},73{0xC9, 0x33, 0x85, 0x9A, 0xAB, 0x00, 0xCD, 0xCE, 0x4D, 0x8B, 0x8E, 0x9F, 0x3D, 0xE6, 0xC0, 0x0F},74{0x18, 0x42, 0x56, 0x1F, 0x2B, 0x5F, 0x34, 0xE3, 0x51, 0x3E, 0xB7, 0x89, 0x77, 0x43, 0x1A, 0x65},75{0xDC, 0xB0, 0xA0, 0x06, 0x5A, 0x50, 0xA1, 0x4E, 0x59, 0xAC, 0x97, 0x3F, 0x17, 0x58, 0xA3, 0xA3},76{0xC4, 0xDB, 0xAE, 0x83, 0xE2, 0x9C, 0xF2, 0x54, 0xA3, 0xDD, 0x37, 0x4E, 0x80, 0x7B, 0xF4, 0x25},77{0xBF, 0xAE, 0xEB, 0x49, 0x82, 0x65, 0xC5, 0x7C, 0x64, 0xB8, 0xC1, 0x7E, 0x19, 0x06, 0x44, 0x09},78{0x79, 0x7C, 0xEC, 0xC3, 0xB3, 0xEE, 0x0A, 0xC0, 0x3B, 0xD8, 0xE6, 0xC1, 0xE0, 0xA8, 0xB1, 0xA4},79{0x75, 0x34, 0xFE, 0x0B, 0xD6, 0xD0, 0xC2, 0x8D, 0x68, 0xD4, 0xE0, 0x2A, 0xE7, 0xD5, 0xD1, 0x55},80{0xFA, 0xB3, 0x53, 0x26, 0x97, 0x4F, 0x4E, 0xDF, 0xE4, 0xC3, 0xA8, 0x14, 0xC3, 0x2F, 0x0F, 0x88},81{0xEC, 0x97, 0xB3, 0x86, 0xB4, 0x33, 0xC6, 0xBF, 0x4E, 0x53, 0x9D, 0x95, 0xEB, 0xB9, 0x79, 0xE4},82{0xB3, 0x20, 0xA2, 0x04, 0xCF, 0x48, 0x06, 0x29, 0xB5, 0xDD, 0x8E, 0xFC, 0x98, 0xD4, 0x17, 0x7B},83{0x5D, 0xFC, 0x0D, 0x4F, 0x2C, 0x39, 0xDA, 0x68, 0x4A, 0x33, 0x74, 0xED, 0x49, 0x58, 0xA7, 0x3A},84{0xD7, 0x5A, 0x54, 0x22, 0xCE, 0xD9, 0xA3, 0xD6, 0x2B, 0x55, 0x7D, 0x8D, 0xE8, 0xBE, 0xC7, 0xEC},85{0x6B, 0x4A, 0xEE, 0x43, 0x45, 0xAE, 0x70, 0x07, 0xCF, 0x8D, 0xCF, 0x4E, 0x4A, 0xE9, 0x3C, 0xFA},86{0x2B, 0x52, 0x2F, 0x66, 0x4C, 0x2D, 0x11, 0x4C, 0xFE, 0x61, 0x31, 0x8C, 0x56, 0x78, 0x4E, 0xA6},87{0x3A, 0xA3, 0x4E, 0x44, 0xC6, 0x6F, 0xAF, 0x7B, 0xFA, 0xE5, 0x53, 0x27, 0xEF, 0xCF, 0xCC, 0x24},88{0x2B, 0x5C, 0x78, 0xBF, 0xC3, 0x8E, 0x49, 0x9D, 0x41, 0xC3, 0x3C, 0x5C, 0x7B, 0x27, 0x96, 0xCE},89{0xF3, 0x7E, 0xEA, 0xD2, 0xC0, 0xC8, 0x23, 0x1D, 0xA9, 0x9B, 0xFA, 0x49, 0x5D, 0xB7, 0x08, 0x1B},90{0x70, 0x8D, 0x4E, 0x6F, 0xD1, 0xF6, 0x6F, 0x1D, 0x1E, 0x1F, 0xCB, 0x02, 0xF9, 0xB3, 0x99, 0x26},91{0x0F, 0x67, 0x16, 0xE1, 0x80, 0x69, 0x9C, 0x51, 0xFC, 0xC7, 0xAD, 0x6E, 0x4F, 0xB8, 0x46, 0xC9},92{0x56, 0x0A, 0x49, 0x4A, 0x84, 0x4C, 0x8E, 0xD9, 0x82, 0xEE, 0x0B, 0x6D, 0xC5, 0x7D, 0x20, 0x8D},93{0x12, 0x46, 0x8D, 0x7E, 0x1C, 0x42, 0x20, 0x9B, 0xBA, 0x54, 0x26, 0x83, 0x5E, 0xB0, 0x33, 0x03},94{0xC4, 0x3B, 0xB6, 0xD6, 0x53, 0xEE, 0x67, 0x49, 0x3E, 0xA9, 0x5F, 0xBC, 0x0C, 0xED, 0x6F, 0x8A},95{0x2C, 0xC3, 0xCF, 0x8C, 0x28, 0x78, 0xA5, 0xA6, 0x63, 0xE2, 0xAF, 0x2D, 0x71, 0x5E, 0x86, 0xBA},96{0x83, 0x3D, 0xA7, 0x0C, 0xED, 0x6A, 0x20, 0x12, 0xD1, 0x96, 0xE6, 0xFE, 0x5C, 0x4D, 0x37, 0xC5},97{0xC7, 0x43, 0xD0, 0x67, 0x42, 0xEE, 0x90, 0xB8, 0xCA, 0x75, 0x50, 0x35, 0x20, 0xAD, 0xBC, 0xCE},98{0x8A, 0xE3, 0x66, 0x3F, 0x8D, 0x9E, 0x82, 0xA1, 0xED, 0xE6, 0x8C, 0x9C, 0xE8, 0x25, 0x6D, 0xAA},99{0x7F, 0xC9, 0x6F, 0x0B, 0xB1, 0x48, 0x5C, 0xA5, 0x5D, 0xD3, 0x64, 0xB7, 0x7A, 0xF5, 0xE4, 0xEA},100{0x91, 0xB7, 0x65, 0x78, 0x8B, 0xCB, 0x8B, 0xD4, 0x02, 0xED, 0x55, 0x3A, 0x66, 0x62, 0xD0, 0xAD},101{0x28, 0x24, 0xF9, 0x10, 0x1B, 0x8D, 0x0F, 0x7B, 0x6E, 0xB2, 0x63, 0xB5, 0xB5, 0x5B, 0x2E, 0xBB},102{0x30, 0xE2, 0x57, 0x5D, 0xE0, 0xA2, 0x49, 0xCE, 0xE8, 0xCF, 0x2B, 0x5E, 0x4D, 0x9F, 0x52, 0xC7},103{0x5E, 0xE5, 0x04, 0x39, 0x62, 0x32, 0x02, 0xFA, 0x85, 0x39, 0x3F, 0x72, 0xBB, 0x77, 0xFD, 0x1A},104{0xF8, 0x81, 0x74, 0xB1, 0xBD, 0xE9, 0xBF, 0xDD, 0x45, 0xE2, 0xF5, 0x55, 0x89, 0xCF, 0x46, 0xAB},105{0x7D, 0xF4, 0x92, 0x65, 0xE3, 0xFA, 0xD6, 0x78, 0xD6, 0xFE, 0x78, 0xAD, 0xBB, 0x3D, 0xFB, 0x63},106{0x74, 0x7F, 0xD6, 0x2D, 0xC7, 0xA1, 0xCA, 0x96, 0xE2, 0x7A, 0xCE, 0xFF, 0xAA, 0x72, 0x3F, 0xF7},107{0x1E, 0x58, 0xEB, 0xD0, 0x65, 0xBB, 0xF1, 0x68, 0xC5, 0xBD, 0xF7, 0x46, 0xBA, 0x7B, 0xE1, 0x00},108{0x24, 0x34, 0x7D, 0xAF, 0x5E, 0x4B, 0x35, 0x72, 0x7A, 0x52, 0x27, 0x6B, 0xA0, 0x54, 0x74, 0xDB},109{0x09, 0xB1, 0xC7, 0x05, 0xC3, 0x5F, 0x53, 0x66, 0x77, 0xC0, 0xEB, 0x36, 0x77, 0xDF, 0x83, 0x07},110{0xCC, 0xBE, 0x61, 0x5C, 0x05, 0xA2, 0x00, 0x33, 0x37, 0x8E, 0x59, 0x64, 0xA7, 0xDD, 0x70, 0x3D},111{0x0D, 0x47, 0x50, 0xBB, 0xFC, 0xB0, 0x02, 0x81, 0x30, 0xE1, 0x84, 0xDE, 0xA8, 0xD4, 0x84, 0x13},112{0x0C, 0xFD, 0x67, 0x9A, 0xF9, 0xB4, 0x72, 0x4F, 0xD7, 0x8D, 0xD6, 0xE9, 0x96, 0x42, 0x28, 0x8B},113{0x7A, 0xD3, 0x1A, 0x8B, 0x4B, 0xEF, 0xC2, 0xC2, 0xB3, 0x99, 0x01, 0xA9, 0xFE, 0x76, 0xB9, 0x87},114{0xBE, 0x78, 0x78, 0x17, 0xC7, 0xF1, 0x6F, 0x1A, 0xE0, 0xEF, 0x3B, 0xDE, 0x4C, 0xC2, 0xD7, 0x86},115{0x7C, 0xD8, 0xB8, 0x91, 0x91, 0x0A, 0x43, 0x14, 0xD0, 0x53, 0x3D, 0xD8, 0x4C, 0x45, 0xBE, 0x16},116{0x32, 0x72, 0x2C, 0x88, 0x07, 0xCF, 0x35, 0x7D, 0x4A, 0x2F, 0x51, 0x19, 0x44, 0xAE, 0x68, 0xDA},117{0x7E, 0x6B, 0xBF, 0xF6, 0xF6, 0x87, 0xB8, 0x98, 0xEE, 0xB5, 0x1B, 0x32, 0x16, 0xE4, 0x6E, 0x5D},118{0x08, 0xEA, 0x5A, 0x83, 0x49, 0xB5, 0x9D, 0xB5, 0x3E, 0x07, 0x79, 0xB1, 0x9A, 0x59, 0xA3, 0x54},119{0xF3, 0x12, 0x81, 0xBF, 0xE6, 0x9F, 0x51, 0xD1, 0x64, 0x08, 0x25, 0x21, 0xFF, 0xBB, 0x22, 0x61},120{0xAF, 0xFE, 0x8E, 0xB1, 0x3D, 0xD1, 0x7E, 0xD8, 0x0A, 0x61, 0x24, 0x1C, 0x95, 0x92, 0x56, 0xB6},121{0x92, 0xCD, 0xB4, 0xC2, 0x5B, 0xF2, 0x35, 0x5A, 0x23, 0x09, 0xE8, 0x19, 0xC9, 0x14, 0x42, 0x35},122{0xE1, 0xC6, 0x5B, 0x22, 0x6B, 0xE1, 0xDA, 0x02, 0xBA, 0x18, 0xFA, 0x21, 0x34, 0x9E, 0xF9, 0x6D},123{0x14, 0xEC, 0x76, 0xCE, 0x97, 0xF3, 0x8A, 0x0A, 0x34, 0x50, 0x6C, 0x53, 0x9A, 0x5C, 0x9A, 0xB4},124{0x1C, 0x9B, 0xC4, 0x90, 0xE3, 0x06, 0x64, 0x81, 0xFA, 0x59, 0xFD, 0xB6, 0x00, 0xBB, 0x28, 0x70},125{0x43, 0xA5, 0xCA, 0xCC, 0x0D, 0x6C, 0x2D, 0x3F, 0x2B, 0xD9, 0x89, 0x67, 0x6B, 0x3F, 0x7F, 0x57},126{0x00, 0xEF, 0xFD, 0x18, 0x08, 0xA4, 0x05, 0x89, 0x3C, 0x38, 0xFB, 0x25, 0x72, 0x70, 0x61, 0x06},127{0xEE, 0xAF, 0x49, 0xE0, 0x09, 0x87, 0x9B, 0xEF, 0xAA, 0xD6, 0x32, 0x6A, 0x32, 0x13, 0xC4, 0x29},128{0x8D, 0x26, 0xB9, 0x0F, 0x43, 0x1D, 0xBB, 0x08, 0xDB, 0x1D, 0xDA, 0xC5, 0xB5, 0x2C, 0x92, 0xED},129{0x57, 0x7C, 0x30, 0x60, 0xAE, 0x6E, 0xBE, 0xAE, 0x3A, 0xAB, 0x18, 0x19, 0xC5, 0x71, 0x68, 0x0B},130{0x11, 0x5A, 0x5D, 0x20, 0xD5, 0x3A, 0x8D, 0xD3, 0x9C, 0xC5, 0xAF, 0x41, 0x0F, 0x0F, 0x18, 0x6F},131{0x0D, 0x4D, 0x51, 0xAB, 0x23, 0x79, 0xBF, 0x80, 0x3A, 0xBF, 0xB9, 0x0E, 0x75, 0xFC, 0x14, 0xBF},132{0x99, 0x93, 0xDA, 0x3E, 0x7D, 0x2E, 0x5B, 0x15, 0xF2, 0x52, 0xA4, 0xE6, 0x6B, 0xB8, 0x5A, 0x98},133{0xF4, 0x28, 0x30, 0xA5, 0xFB, 0x0D, 0x8D, 0x76, 0x0E, 0xA6, 0x71, 0xC2, 0x2B, 0xDE, 0x66, 0x9D},134{0xFB, 0x5F, 0xEB, 0x7F, 0xC7, 0xDC, 0xDD, 0x69, 0x37, 0x01, 0x97, 0x9B, 0x29, 0x03, 0x5C, 0x47},135{0x02, 0x32, 0x6A, 0xE7, 0xD3, 0x96, 0xCE, 0x7F, 0x1C, 0x41, 0x9D, 0xD6, 0x52, 0x07, 0xED, 0x09},136{0x9C, 0x9B, 0x13, 0x72, 0xF8, 0xC6, 0x40, 0xCF, 0x1C, 0x62, 0xF5, 0xD5, 0x92, 0xDD, 0xB5, 0x82},137{0x03, 0xB3, 0x02, 0xE8, 0x5F, 0xF3, 0x81, 0xB1, 0x3B, 0x8D, 0xAA, 0x2A, 0x90, 0xFF, 0x5E, 0x61},138{0xBC, 0xD7, 0xF9, 0xD3, 0x2F, 0xAC, 0xF8, 0x47, 0xC0, 0xFB, 0x4D, 0x2F, 0x30, 0x9A, 0xBD, 0xA6},139{0xF5, 0x55, 0x96, 0xE9, 0x7F, 0xAF, 0x86, 0x7F, 0xAC, 0xB3, 0x3A, 0xE6, 0x9C, 0x8B, 0x6F, 0x93},140{0xEE, 0x29, 0x70, 0x93, 0xF9, 0x4E, 0x44, 0x59, 0x44, 0x17, 0x1F, 0x8E, 0x86, 0xE1, 0x70, 0xFC},141{0xE4, 0x34, 0x52, 0x0C, 0xF0, 0x88, 0xCF, 0xC8, 0xCD, 0x78, 0x1B, 0x6C, 0xCF, 0x8C, 0x48, 0xC4},142{0xC1, 0xBF, 0x66, 0x81, 0x8E, 0xF9, 0x53, 0xF2, 0xE1, 0x26, 0x6B, 0x6F, 0x55, 0x0C, 0xC9, 0xCD},143{0x56, 0x0F, 0xFF, 0x8F, 0x3C, 0x96, 0x49, 0x14, 0x45, 0x16, 0xF1, 0xBC, 0xBF, 0xCE, 0xA3, 0x0C},144{0x24, 0x08, 0xDC, 0x75, 0x37, 0x60, 0xA2, 0x9F, 0x05, 0x54, 0xB5, 0xF2, 0x43, 0x85, 0x73, 0x99},145{0xDD, 0xD5, 0xB5, 0x6A, 0x59, 0xC5, 0x5A, 0xE8, 0x3B, 0x96, 0x67, 0xC7, 0x5C, 0x2A, 0xE2, 0xDC},146{0xAA, 0x68, 0x67, 0x72, 0xE0, 0x2D, 0x44, 0xD5, 0xCD, 0xBB, 0x65, 0x04, 0xBC, 0xD5, 0xBF, 0x4E},147{0x1F, 0x17, 0xF0, 0x14, 0xE7, 0x77, 0xA2, 0xFE, 0x4B, 0x13, 0x6B, 0x56, 0xCD, 0x7E, 0xF7, 0xE9},148{0xC9, 0x35, 0x48, 0xCF, 0x55, 0x8D, 0x75, 0x03, 0x89, 0x6B, 0x2E, 0xEB, 0x61, 0x8C, 0xA9, 0x02},149{0xDE, 0x34, 0xC5, 0x41, 0xE7, 0xCA, 0x86, 0xE8, 0xBE, 0xA7, 0xC3, 0x1C, 0xEC, 0xE4, 0x36, 0x0F},150{0xDD, 0xE5, 0xFF, 0x55, 0x1B, 0x74, 0xF6, 0xF4, 0xE0, 0x16, 0xD7, 0xAB, 0x22, 0x31, 0x1B, 0x6A},151{0xB0, 0xE9, 0x35, 0x21, 0x33, 0x3F, 0xD7, 0xBA, 0xB4, 0x76, 0x2C, 0xCB, 0x4D, 0x80, 0x08, 0xD8},152{0x38, 0x14, 0x69, 0xC4, 0xC3, 0xF9, 0x1B, 0x96, 0x33, 0x63, 0x8E, 0x4D, 0x5F, 0x3D, 0xF0, 0x29},153{0xFA, 0x48, 0x6A, 0xD9, 0x8E, 0x67, 0x16, 0xEF, 0x6A, 0xB0, 0x87, 0xF5, 0x89, 0x45, 0x7F, 0x2A},154{0x32, 0x1A, 0x09, 0x12, 0x50, 0x14, 0x8A, 0x3E, 0x96, 0x3D, 0xEA, 0x02, 0x59, 0x32, 0xE1, 0x8F},155{0x4B, 0x00, 0xBE, 0x29, 0xBC, 0xB0, 0x28, 0x64, 0xCE, 0xFD, 0x43, 0xA9, 0x6F, 0xD9, 0x5C, 0xED},156{0x57, 0x7D, 0xC4, 0xFF, 0x02, 0x44, 0xE2, 0x80, 0x91, 0xF4, 0xCA, 0x0A, 0x75, 0x69, 0xFD, 0xA8},157{0x83, 0x53, 0x36, 0xC6, 0x18, 0x03, 0xE4, 0x3E, 0x4E, 0xB3, 0x0F, 0x6B, 0x6E, 0x79, 0x9B, 0x7A},158{0x5C, 0x92, 0x65, 0xFD, 0x7B, 0x59, 0x6A, 0xA3, 0x7A, 0x2F, 0x50, 0x9D, 0x85, 0xE9, 0x27, 0xF8},159{0x9A, 0x39, 0xFB, 0x89, 0xDF, 0x55, 0xB2, 0x60, 0x14, 0x24, 0xCE, 0xA6, 0xD9, 0x65, 0x0A, 0x9D},160{0x8B, 0x75, 0xBE, 0x91, 0xA8, 0xC7, 0x5A, 0xD2, 0xD7, 0xA5, 0x94, 0xA0, 0x1C, 0xBB, 0x95, 0x91},161{0x95, 0xC2, 0x1B, 0x8D, 0x05, 0xAC, 0xF5, 0xEC, 0x5A, 0xEE, 0x77, 0x81, 0x23, 0x95, 0xC4, 0xD7},162{0xB9, 0xA4, 0x61, 0x64, 0x36, 0x33, 0xFA, 0x5D, 0x94, 0x88, 0xE2, 0xD3, 0x28, 0x1E, 0x01, 0xA2},163{0xB8, 0xB0, 0x84, 0xFB, 0x9F, 0x4C, 0xFA, 0xF7, 0x30, 0xFE, 0x73, 0x25, 0xA2, 0xAB, 0x89, 0x7D},164{0x5F, 0x8C, 0x17, 0x9F, 0xC1, 0xB2, 0x1D, 0xF1, 0xF6, 0x36, 0x7A, 0x9C, 0xF7, 0xD3, 0xD4, 0x7C},165};166167u8 kirk1_key[] = {0x98, 0xC9, 0x40, 0x97, 0x5C, 0x1D, 0x10, 0xE8, 0x7F, 0xE6, 0x0E, 0xA3, 0xFD, 0x03, 0xA8, 0xBA};168u8 kirk16_key[] = {0x47, 0x5E, 0x09, 0xF4, 0xA2, 0x37, 0xDA, 0x9B, 0xEF, 0xFF, 0x3B, 0xC0, 0x77, 0x14, 0x3D, 0x8A};169170/* ECC Curves for Kirk 1 and Kirk 0x11 */171// Common Curve paramters p and a172static u8 ec_p[20] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};173static u8 ec_a[20] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC}; // mon174175// Kirk 0xC,0xD,0x10,0x11,(likely 0x12)- Unique curve parameters for b, N, and base point G for Kirk 0xC,0xD,0x10,0x11,(likely 0x12) service176// Since public key is variable, it is not specified here177static u8 ec_b2[20] = {0xA6, 0x8B, 0xED, 0xC3, 0x34, 0x18, 0x02, 0x9C, 0x1D, 0x3C, 0xE3, 0x3B, 0x9A, 0x32, 0x1F, 0xCC, 0xBB, 0x9E, 0x0F, 0x0B};// mon178static u8 ec_N2[21] = {0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xB5, 0xAE, 0x3C, 0x52, 0x3E, 0x63, 0x94, 0x4F, 0x21, 0x27};179static u8 Gx2[20] = {0x12, 0x8E, 0xC4, 0x25, 0x64, 0x87, 0xFD, 0x8F, 0xDF, 0x64, 0xE2, 0x43, 0x7B, 0xC0, 0xA1, 0xF6, 0xD5, 0xAF, 0xDE, 0x2C };180static u8 Gy2[20] = {0x59, 0x58, 0x55, 0x7E, 0xB1, 0xDB, 0x00, 0x12, 0x60, 0x42, 0x55, 0x24, 0xDB, 0xC3, 0x79, 0xD5, 0xAC, 0x5F, 0x4A, 0xDF };181182// KIRK 1 - Unique curve parameters for b, N, and base point G183// Since public key is hard coded, it is also included184185static u8 ec_b1[20] = {0x65, 0xD1, 0x48, 0x8C, 0x03, 0x59, 0xE2, 0x34, 0xAD, 0xC9, 0x5B, 0xD3, 0x90, 0x80, 0x14, 0xBD, 0x91, 0xA5, 0x25, 0xF9};186static u8 ec_N1[21] = {0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x01, 0xB5, 0xC6, 0x17, 0xF2, 0x90, 0xEA, 0xE1, 0xDB, 0xAD, 0x8F};187static u8 Gx1[20] = {0x22, 0x59, 0xAC, 0xEE, 0x15, 0x48, 0x9C, 0xB0, 0x96, 0xA8, 0x82, 0xF0, 0xAE, 0x1C, 0xF9, 0xFD, 0x8E, 0xE5, 0xF8, 0xFA };188static u8 Gy1[20] = {0x60, 0x43, 0x58, 0x45, 0x6D, 0x0A, 0x1C, 0xB2, 0x90, 0x8D, 0xE9, 0x0F, 0x27, 0xD7, 0x5C, 0x82, 0xBE, 0xC1, 0x08, 0xC0 };189190static u8 Px1[20] = {0xED, 0x9C, 0xE5, 0x82, 0x34, 0xE6, 0x1A, 0x53, 0xC6, 0x85, 0xD6, 0x4D, 0x51, 0xD0, 0x23, 0x6B, 0xC3, 0xB5, 0xD4, 0xB9 };191static u8 Py1[20] = {0x04, 0x9D, 0xF1, 0xA0, 0x75, 0xC0, 0xE0, 0x4F, 0xB3, 0x44, 0x85, 0x8B, 0x61, 0xB7, 0x9B, 0x69, 0xA6, 0x3D, 0x2C, 0x39 };192193/* ------------------------- KEY VAULT END ------------------------- */194195/* ------------------------- INTERNAL STUFF ------------------------- */196typedef struct blah197{198u8 fuseid[8]; //0199u8 mesh[0x40]; //0x8200} kirk16_data; //0x48201202typedef struct header_keys203{204u8 AES[16];205u8 CMAC[16];206}header_keys; //small struct for temporary keeping AES & CMAC key from CMD1 header207208209u32 g_fuse90; // This is to match FuseID HW at BC100090 and BC100094210u32 g_fuse94;211212AES_ctx aes_kirk1; //global213u8 PRNG_DATA[0x14];214215char is_kirk_initialized; //"init" emulation216217/* ------------------------- INTERNAL STUFF END ------------------------- */218219220/* ------------------------- IMPLEMENTATION ------------------------- */221222int kirk_CMD0(u8* outbuff, u8* inbuff, int size, int generate_trash)223{224KIRK_CMD1_HEADER* header = (KIRK_CMD1_HEADER*)outbuff;225header_keys *keys = (header_keys *)outbuff; //0-15 AES key, 16-31 CMAC key226int chk_size;227AES_ctx k1;228AES_ctx cmac_key;229u8 cmac_header_hash[16];230u8 cmac_data_hash[16];231232if(is_kirk_initialized == 0) return KIRK_NOT_INITIALIZED;233234memcpy(outbuff, inbuff, size);235236if(header->mode != KIRK_MODE_CMD1) return KIRK_INVALID_MODE;237238//FILL PREDATA WITH RANDOM DATA239if(generate_trash) kirk_CMD14(outbuff+sizeof(KIRK_CMD1_HEADER), header->data_offset);240241//Make sure data is 16 aligned242chk_size = header->data_size;243if(chk_size % 16) chk_size += 16 - (chk_size % 16);244245//ENCRYPT DATA246AES_set_key(&k1, keys->AES, 128);247AES_cbc_encrypt(&k1, inbuff+sizeof(KIRK_CMD1_HEADER)+header->data_offset, (u8*)outbuff+sizeof(KIRK_CMD1_HEADER)+header->data_offset, chk_size);248249//CMAC HASHES250AES_set_key(&cmac_key, keys->CMAC, 128);251AES_CMAC(&cmac_key, outbuff+0x60, 0x30, cmac_header_hash);252AES_CMAC(&cmac_key, outbuff+0x60, 0x30 + chk_size + header->data_offset, cmac_data_hash);253254memcpy(header->CMAC_header_hash, cmac_header_hash, 16);255memcpy(header->CMAC_data_hash, cmac_data_hash, 16);256257//ENCRYPT KEYS258AES_cbc_encrypt(&aes_kirk1, inbuff, outbuff, 16*2);259return KIRK_OPERATION_SUCCESS;260}261262int kirk_CMD1(u8* outbuff, u8* inbuff, int size)263{264KIRK_CMD1_HEADER* header = (KIRK_CMD1_HEADER*)inbuff;265header_keys keys; //0-15 AES key, 16-31 CMAC key266AES_ctx k1;267268if(size < 0x90) return KIRK_INVALID_SIZE;269if(is_kirk_initialized == 0) return KIRK_NOT_INITIALIZED;270if(header->mode != KIRK_MODE_CMD1) return KIRK_INVALID_MODE;271272AES_cbc_decrypt(&aes_kirk1, inbuff, (u8*)&keys, 16*2); //decrypt AES & CMAC key to temp buffer273274if(header->ecdsa_hash == 1)275{276SHA_CTX sha;277KIRK_CMD1_ECDSA_HEADER* eheader = (KIRK_CMD1_ECDSA_HEADER*) inbuff;278u8 kirk1_pub[40];279u8 header_hash[20];u8 data_hash[20];280ecdsa_set_curve(ec_p,ec_a,ec_b1,ec_N1,Gx1,Gy1);281memcpy(kirk1_pub,Px1,20);282memcpy(kirk1_pub+20,Py1,20);283ecdsa_set_pub(kirk1_pub);284//Hash the Header285SHAInit(&sha);286SHAUpdate(&sha, (u8*)eheader+0x60, 0x30);287SHAFinal(header_hash, &sha);288289if(!ecdsa_verify(header_hash,eheader->header_sig_r,eheader->header_sig_s)) {290return KIRK_HEADER_HASH_INVALID;291}292SHAInit(&sha);293SHAUpdate(&sha, (u8*)eheader+0x60, size-0x60);294SHAFinal(data_hash, &sha);295296if(!ecdsa_verify(data_hash,eheader->data_sig_r,eheader->data_sig_s)) {297return KIRK_DATA_HASH_INVALID;298}299300} else {301int ret = kirk_CMD10(inbuff, size);302if(ret != KIRK_OPERATION_SUCCESS) return ret;303}304305AES_set_key(&k1, keys.AES, 128);306AES_cbc_decrypt(&k1, inbuff+sizeof(KIRK_CMD1_HEADER)+header->data_offset, outbuff, header->data_size);307308return KIRK_OPERATION_SUCCESS;309}310311int kirk_CMD4(u8* outbuff, u8* inbuff, int size)312{313KIRK_AES128CBC_HEADER *header = (KIRK_AES128CBC_HEADER*)inbuff;314u8* key;315AES_ctx aesKey;316317if(is_kirk_initialized == 0) return KIRK_NOT_INITIALIZED;318if(header->mode != KIRK_MODE_ENCRYPT_CBC) return KIRK_INVALID_MODE;319if(header->data_size == 0) return KIRK_DATA_SIZE_ZERO;320321key = kirk_4_7_get_key(header->keyseed);322if(key == (u8*)KIRK_INVALID_SIZE) return KIRK_INVALID_SIZE;323324//Set the key325AES_set_key(&aesKey, key, 128);326AES_cbc_encrypt(&aesKey, inbuff+sizeof(KIRK_AES128CBC_HEADER), outbuff+sizeof(KIRK_AES128CBC_HEADER), header->data_size);327328return KIRK_OPERATION_SUCCESS;329}330331void kirk4(u8* outbuff, const u8* inbuff, size_t size, int keyId)332{333AES_ctx aesKey;334u8* key = kirk_4_7_get_key(keyId);335AES_set_key(&aesKey, key, 128);336AES_cbc_encrypt(&aesKey, inbuff, outbuff, (int)size);337}338339int kirk_CMD7(u8* outbuff, u8* inbuff, int size)340{341KIRK_AES128CBC_HEADER *header = (KIRK_AES128CBC_HEADER*)inbuff;342u8* key;343AES_ctx aesKey;344345if(is_kirk_initialized == 0) return KIRK_NOT_INITIALIZED;346if(header->mode != KIRK_MODE_DECRYPT_CBC) return KIRK_INVALID_MODE;347if(header->data_size == 0) return KIRK_DATA_SIZE_ZERO;348349key = kirk_4_7_get_key(header->keyseed);350if(key == (u8*)KIRK_INVALID_SIZE) return KIRK_INVALID_SIZE;351352//Set the key353AES_set_key(&aesKey, key, 128);354AES_cbc_decrypt(&aesKey, inbuff+sizeof(KIRK_AES128CBC_HEADER), outbuff, header->data_size);355356return KIRK_OPERATION_SUCCESS;357}358359void kirk7(u8* outbuff, const u8* inbuff, size_t size, int keyId)360{361AES_ctx aesKey;362u8* key = kirk_4_7_get_key(keyId);363AES_set_key(&aesKey, key, 128);364AES_cbc_decrypt(&aesKey, inbuff, outbuff, (int)size);365}366367int kirk_CMD10(u8* inbuff, int insize)368{369KIRK_CMD1_HEADER* header = (KIRK_CMD1_HEADER*)inbuff;370header_keys keys; //0-15 AES key, 16-31 CMAC key371u8 cmac_header_hash[16];372u8 cmac_data_hash[16];373AES_ctx cmac_key;374int chk_size;375376if(is_kirk_initialized == 0) return KIRK_NOT_INITIALIZED;377if(!(header->mode == KIRK_MODE_CMD1 || header->mode == KIRK_MODE_CMD2 || header->mode == KIRK_MODE_CMD3)) return KIRK_INVALID_MODE;378if(header->data_size == 0) return KIRK_DATA_SIZE_ZERO;379380if(header->mode == KIRK_MODE_CMD1)381{382AES_cbc_decrypt(&aes_kirk1, inbuff, (u8*)&keys, 32); //decrypt AES & CMAC key to temp buffer383AES_set_key(&cmac_key, keys.CMAC, 128);384AES_CMAC(&cmac_key, inbuff+0x60, 0x30, cmac_header_hash);385386//Make sure data is 16 aligned387chk_size = header->data_size;388if(chk_size % 16) chk_size += 16 - (chk_size % 16);389AES_CMAC(&cmac_key, inbuff+0x60, 0x30 + chk_size + header->data_offset, cmac_data_hash);390391if(memcmp(cmac_header_hash, header->CMAC_header_hash, 16) != 0) return KIRK_HEADER_HASH_INVALID;392if(memcmp(cmac_data_hash, header->CMAC_data_hash, 16) != 0) return KIRK_DATA_HASH_INVALID;393394return KIRK_OPERATION_SUCCESS;395}396return KIRK_SIG_CHECK_INVALID; //Checks for cmd 2 & 3 not included right now397}398399int kirk_CMD11(u8* outbuff, u8* inbuff, int size)400{401KIRK_SHA1_HEADER *header = (KIRK_SHA1_HEADER *)inbuff;402SHA_CTX sha;403if(is_kirk_initialized == 0) return KIRK_NOT_INITIALIZED;404if(header->data_size == 0 || size == 0) return KIRK_DATA_SIZE_ZERO;405406SHAInit(&sha);407SHAUpdate(&sha, inbuff+sizeof(KIRK_SHA1_HEADER), header->data_size);408SHAFinal(outbuff, &sha);409return KIRK_OPERATION_SUCCESS;410}411412// Generate an ECDSA Key pair413// offset 0 = private key (0x14 len)414// offset 0x14 = public key point (0x28 len)415int kirk_CMD12(u8 *outbuff, int outsize) {416u8 k[0x15];417KIRK_CMD12_BUFFER * keypair = (KIRK_CMD12_BUFFER *) outbuff;418419if(outsize != 0x3C) return KIRK_INVALID_SIZE;420ecdsa_set_curve(ec_p,ec_a,ec_b2,ec_N2,Gx2,Gy2);421k[0] = 0;422kirk_CMD14(k+1,0x14);423ec_priv_to_pub(k, (u8*)keypair->public_key.x);424memcpy(keypair->private_key,k+1,0x14);425426return KIRK_OPERATION_SUCCESS;427}428// Point multiplication429// offset 0 = mulitplication value (0x14 len)430// offset 0x14 = point to multiply (0x28 len)431int kirk_CMD13(u8 * outbuff, int outsize,u8 * inbuff, int insize) {432u8 k[0x15];433KIRK_CMD13_BUFFER * pointmult = (KIRK_CMD13_BUFFER *) inbuff;434k[0]=0;435if(outsize != 0x28) return KIRK_INVALID_SIZE;436if(insize != 0x3C) return KIRK_INVALID_SIZE;437ecdsa_set_curve(ec_p,ec_a,ec_b2,ec_N2,Gx2,Gy2);438ecdsa_set_pub((u8*)pointmult->public_key.x);439memcpy(k+1,pointmult->multiplier,0x14);440ec_pub_mult(k, outbuff);441return KIRK_OPERATION_SUCCESS;442}443444int kirk_CMD14(u8 *outbuff, int outsize) {445u8 temp[0x104];446// This was added to mollify valgrind.447memset(temp, 0xAA, sizeof(temp));448449KIRK_SHA1_HEADER *header = (KIRK_SHA1_HEADER *) temp;450451// Some randomly selected data for a "key" to add to each randomization452static const u8 random_data[0x10] = { 0xA7, 0x2E, 0x4C, 0xB6, 0xC3, 0x34, 0xDF, 0x85, 0x70, 0x01, 0x49, 0xFC, 0xC0, 0x87, 0xC4, 0x77 };453u32 curtime;454//if(outsize != 0x14) return KIRK_INVALID_SIZE; // Need real error code455if(outsize <=0) return KIRK_OPERATION_SUCCESS;456457memcpy(temp+4, PRNG_DATA,0x14);458// This uses the standard C time function for portability.459curtime = (u32)time(0);460temp[0x18] = curtime &0xFF;461temp[0x19] = (curtime>>8) &0xFF;462temp[0x1A] = (curtime>>16) &0xFF;463temp[0x1B] = (curtime>>24) &0xFF;464memcpy(&temp[0x1C], random_data, 0x10);465466// WARNING: These next two lines of comments are no longer accurate since I added the memset above.467// This leaves the remainder of the 0x100 bytes in temp to whatever remains on the stack468// in an uninitialized state. This should add unpredicableness to the results as well469header->data_size=0x100;470kirk_CMD11(PRNG_DATA, temp, 0x104);471while(outsize)472{473int blockrem= outsize %0x14;474int block = outsize /0x14;475476if(block)477{478memcpy(outbuff, PRNG_DATA, 0x14);479outbuff+=0x14;480outsize -= 0x14;481kirk_CMD14(outbuff, outsize);482} else {483if(blockrem)484{485memcpy(outbuff, PRNG_DATA, blockrem);486outsize -= blockrem;487}488}489490}491return KIRK_OPERATION_SUCCESS;492}493494void decrypt_kirk16_private(u8 *dA_out, u8 *dA_enc)495{496int i, k;497kirk16_data keydata;498u8 subkey_1[0x10], subkey_2[0x10];499rijndael_ctx aes_ctx;500501keydata.fuseid[7] = g_fuse90 &0xFF;502keydata.fuseid[6] = (g_fuse90>>8) &0xFF;503keydata.fuseid[5] = (g_fuse90>>16) &0xFF;504keydata.fuseid[4] = (g_fuse90>>24) &0xFF;505keydata.fuseid[3] = g_fuse94 &0xFF;506keydata.fuseid[2] = (g_fuse94>>8) &0xFF;507keydata.fuseid[1] = (g_fuse94>>16) &0xFF;508keydata.fuseid[0] = (g_fuse94>>24) &0xFF;509510/* set encryption key */511rijndael_set_key(&aes_ctx, kirk16_key, 128);512513/* set the subkeys */514for (i = 0; i < 0x10; i++)515{516/* set to the fuseid */517subkey_2[i] = subkey_1[i] = keydata.fuseid[i % 8];518}519520/* do aes crypto */521for (i = 0; i < 3; i++)522{523/* encrypt + decrypt */524rijndael_encrypt(&aes_ctx, subkey_1, subkey_1);525rijndael_decrypt(&aes_ctx, subkey_2, subkey_2);526}527528/* set new key */529rijndael_set_key(&aes_ctx, subkey_1, 128);530531/* now lets make the key mesh */532for (i = 0; i < 3; i++)533{534/* do encryption in group of 3 */535for (k = 0; k < 3; k++)536{537/* crypto */538rijndael_encrypt(&aes_ctx, subkey_2, subkey_2);539}540541/* copy to out block */542memcpy(&keydata.mesh[i * 0x10], subkey_2, 0x10);543}544545/* set the key to the mesh */546rijndael_set_key(&aes_ctx, &keydata.mesh[0x20], 128);547548/* do the encryption routines for the aes key */549for (i = 0; i < 2; i++)550{551/* encrypt the data */552rijndael_encrypt(&aes_ctx, &keydata.mesh[0x10], &keydata.mesh[0x10]);553}554555/* set the key to that mesh shit */556rijndael_set_key(&aes_ctx, &keydata.mesh[0x10], 128);557558/* cbc decrypt the dA */559AES_cbc_decrypt((AES_ctx *)&aes_ctx, dA_enc, dA_out, 0x20);560}561562void encrypt_kirk16_private(u8 *dA_out, u8 *dA_dec)563{564int i, k;565kirk16_data keydata;566u8 subkey_1[0x10], subkey_2[0x10];567rijndael_ctx aes_ctx;568569570keydata.fuseid[7] = g_fuse90 &0xFF;571keydata.fuseid[6] = (g_fuse90>>8) &0xFF;572keydata.fuseid[5] = (g_fuse90>>16) &0xFF;573keydata.fuseid[4] = (g_fuse90>>24) &0xFF;574keydata.fuseid[3] = g_fuse94 &0xFF;575keydata.fuseid[2] = (g_fuse94>>8) &0xFF;576keydata.fuseid[1] = (g_fuse94>>16) &0xFF;577keydata.fuseid[0] = (g_fuse94>>24) &0xFF;578/* set encryption key */579rijndael_set_key(&aes_ctx, kirk16_key, 128);580581/* set the subkeys */582for (i = 0; i < 0x10; i++)583{584/* set to the fuseid */585subkey_2[i] = subkey_1[i] = keydata.fuseid[i % 8];586}587588/* do aes crypto */589for (i = 0; i < 3; i++)590{591/* encrypt + decrypt */592rijndael_encrypt(&aes_ctx, subkey_1, subkey_1);593rijndael_decrypt(&aes_ctx, subkey_2, subkey_2);594}595596/* set new key */597rijndael_set_key(&aes_ctx, subkey_1, 128);598599/* now lets make the key mesh */600for (i = 0; i < 3; i++)601{602/* do encryption in group of 3 */603for (k = 0; k < 3; k++)604{605/* crypto */606rijndael_encrypt(&aes_ctx, subkey_2, subkey_2);607}608609/* copy to out block */610memcpy(&keydata.mesh[i * 0x10], subkey_2, 0x10);611}612613/* set the key to the mesh */614rijndael_set_key(&aes_ctx, &keydata.mesh[0x20], 128);615616/* do the encryption routines for the aes key */617for (i = 0; i < 2; i++)618{619/* encrypt the data */620rijndael_encrypt(&aes_ctx, &keydata.mesh[0x10], &keydata.mesh[0x10]);621}622623/* set the key to that mesh shit */624rijndael_set_key(&aes_ctx, &keydata.mesh[0x10], 128);625626/* cbc encrypt the dA */627AES_cbc_encrypt((AES_ctx *)&aes_ctx, dA_dec, dA_out, 0x20);628}629630int kirk_CMD16(u8 * outbuff, int outsize, u8 * inbuff, int insize) {631u8 dec_private[0x20];632KIRK_CMD16_BUFFER * signbuf = (KIRK_CMD16_BUFFER *) inbuff;633ECDSA_SIG * sig = (ECDSA_SIG *) outbuff;634if(insize != 0x34) return KIRK_INVALID_SIZE;635if(outsize != 0x28) return KIRK_INVALID_SIZE;636decrypt_kirk16_private(dec_private,signbuf->enc_private);637// Clear out the padding for safety638memset(&dec_private[0x14], 0, 0xC);639ecdsa_set_curve(ec_p,ec_a,ec_b2,ec_N2,Gx2,Gy2);640ecdsa_set_priv(dec_private);641ecdsa_sign(signbuf->message_hash,sig->r, sig->s);642return KIRK_OPERATION_SUCCESS;643}644645// ECDSA Verify646// inbuff structure:647// 00 = public key (0x28 length)648// 28 = message hash (0x14 length)649// 3C = signature R (0x14 length)650// 50 = signature S (0x14 length)651int kirk_CMD17(u8 * inbuff, int insize) {652KIRK_CMD17_BUFFER * sig = (KIRK_CMD17_BUFFER *) inbuff;653if(insize != 0x64) return KIRK_INVALID_SIZE;654ecdsa_set_curve(ec_p,ec_a,ec_b2,ec_N2,Gx2,Gy2);655ecdsa_set_pub(sig->public_key.x);656// ecdsa_verify(u8 *hash, u8 *R, u8 *S)657if(ecdsa_verify(sig->message_hash,sig->signature.r,sig->signature.s)) {658return KIRK_OPERATION_SUCCESS;659} else {660return KIRK_SIG_CHECK_INVALID;661}662}663664665666int kirk_init()667{668return kirk_init2((u8*)"Lazy Dev should have initialized!",33,0xBABEF00D, 0xDEADBEEF );669}670671int kirk_init2(u8 * rnd_seed, u32 seed_size, u32 fuseid_90, u32 fuseid_94) {672u8 temp[0x104];673memset(temp, 0xAA, sizeof(temp));674675KIRK_SHA1_HEADER *header = (KIRK_SHA1_HEADER *) temp;676// Another randomly selected data for a "key" to add to each randomization677static const u8 key[0x10] = {0x07, 0xAB, 0xEF, 0xF8, 0x96, 0x8C, 0xF3, 0xD6, 0x14, 0xE0, 0xEB, 0xB2, 0x9D, 0x8B, 0x4E, 0x74};678u32 curtime;679680//Set PRNG_DATA initially, otherwise use what ever uninitialized data is in the buffer681if(seed_size > 0) {682u8 * seedbuf;683KIRK_SHA1_HEADER *seedheader;684seedbuf=(u8*)malloc(seed_size+4);685memset(seedbuf, 0, seed_size+4);686seedheader = (KIRK_SHA1_HEADER *) seedbuf;687seedheader->data_size = seed_size;688kirk_CMD11(PRNG_DATA, seedbuf, seed_size+4);689free(seedbuf);690}691memcpy(temp+4, PRNG_DATA,0x14);692// This uses the standard C time function for portability.693curtime=(u32)time(0);694temp[0x18] = curtime &0xFF;695temp[0x19] = (curtime>>8) &0xFF;696temp[0x1A] = (curtime>>16) &0xFF;697temp[0x1B] = (curtime>>24) &0xFF;698memcpy(&temp[0x1C], key, 0x10);699//This leaves the remainder of the 0x100 bytes in temp to whatever remains on the stack700// in an uninitialized state. This should add unpredicableness to the results as well701header->data_size=0x100;702kirk_CMD11(PRNG_DATA, temp, 0x104);703704//Set Fuse ID705g_fuse90=fuseid_90;706g_fuse94=fuseid_94;707708//Set KIRK1 main key709AES_set_key(&aes_kirk1, kirk1_key, 128);710711712is_kirk_initialized = 1;713return 0;714}715u8* kirk_4_7_get_key(int key_type)716{717if((key_type < 0) || (key_type >=0x80)) return (u8*)KIRK_INVALID_SIZE;718return keyvault[key_type];719}720721int kirk_CMD1_ex(u8* outbuff, u8* inbuff, int size, KIRK_CMD1_HEADER* header)722{723u8* buffer = (u8*)malloc(size);724int ret;725726memcpy(buffer, header, sizeof(KIRK_CMD1_HEADER));727memcpy(buffer+sizeof(KIRK_CMD1_HEADER), inbuff, header->data_size);728729ret = kirk_CMD1(outbuff, buffer, size);730free(buffer);731return ret;732}733734int kirk_sceUtilsBufferCopyWithRange(u8* outbuff, int outsize, const u8* inbuff, int insize, int cmd)735{736// TODO: propagate const-correctness into all these functions.737switch(cmd)738{739case KIRK_CMD_DECRYPT_PRIVATE: return kirk_CMD1(outbuff, (u8 *)inbuff, insize); break;740case KIRK_CMD_ENCRYPT_IV_0: return kirk_CMD4(outbuff, (u8 *)inbuff, insize); break;741case KIRK_CMD_DECRYPT_IV_0: return kirk_CMD7(outbuff, (u8 *)inbuff, insize); break;742case KIRK_CMD_PRIV_SIGN_CHECK: return kirk_CMD10((u8 *)inbuff, insize); break;743case KIRK_CMD_SHA1_HASH: return kirk_CMD11(outbuff, (u8 *)inbuff, insize); break;744case KIRK_CMD_ECDSA_GEN_KEYS: return kirk_CMD12(outbuff, outsize); break;745case KIRK_CMD_ECDSA_MULTIPLY_POINT: return kirk_CMD13(outbuff, outsize, (u8 *)inbuff, insize); break;746case KIRK_CMD_PRNG: return kirk_CMD14(outbuff, outsize); break;747case KIRK_CMD_ECDSA_SIGN: return kirk_CMD16(outbuff, outsize, (u8 *)inbuff, insize); break;748case KIRK_CMD_ECDSA_VERIFY: return kirk_CMD17((u8 *)inbuff, insize); break;749}750return -1;751}752753754