From 0cca558fe577987fa4aed0f1959efb1925af686e Mon Sep 17 00:00:00 2001 From: jimzrt Date: Tue, 24 Sep 2019 09:41:22 +0200 Subject: [PATCH] certSize hash verification working, calibrationDataSize todo --- source/keys/keys.c | 144 +++++++++++++++++++++++++++++++++------ source/keys/keys.h | 3 +- source/keys/sha256.c | 158 +++++++++++++++++++++++++++++++++++++++++++ source/keys/sha256.h | 35 ++++++++++ 4 files changed, 319 insertions(+), 21 deletions(-) create mode 100644 source/keys/sha256.c create mode 100644 source/keys/sha256.h diff --git a/source/keys/keys.c b/source/keys/keys.c index 80c90a2..e4a0e3e 100644 --- a/source/keys/keys.c +++ b/source/keys/keys.c @@ -47,6 +47,7 @@ #include "../libs/fatfs/diskio.h" #include +#include "sha256.h" extern bool sd_mount(); extern void sd_unmount(); @@ -374,8 +375,14 @@ void dump_keys() { se_aes_key_set(8, bis_key[0] + 0x00, 0x10); se_aes_key_set(9, bis_key[0] + 0x10, 0x10); - readData(0x180, 0x100); - + u32 length = 0x18; + u8* buffer = (u8 *)malloc(length); + readData(buffer, 0x250, length); + + gfx_hexdump(0, buffer, length); + free(buffer); + + verify(); // free(tmp_copy); @@ -593,30 +600,127 @@ static inline u32 _read_le_u32(const void *buffer, u32 offset) { // ctr[0x10-i-1] = (u8)(ofs & 0xff); // } -bool readData(u64 offset, u64 length) +bool readData(u8* buffer, u32 offset, u32 length) { + + u32 sector = (offset / NX_EMMC_BLOCKSIZE); + u32 newOffset = (offset % NX_EMMC_BLOCKSIZE); - u64 sector = (offset / NX_EMMC_BLOCKSIZE); - u64 newOffset = (offset % NX_EMMC_BLOCKSIZE); + u8 sectorCount = ((newOffset + length) / NX_EMMC_BLOCKSIZE) + 1; - bool needMultipleSectors = newOffset + length > NX_EMMC_BLOCKSIZE; + // if(length + newOffset > NX_EMMC_BLOCKSIZE * 2){ + // EPRINTF("TOO BIG!!"); + // } - u8 *tmp = (u8 *)malloc(NX_EMMC_BLOCKSIZE); - disk_read_mod(tmp, sector, 1, &storage, prodinfo_part); - if (!needTwoSectors) - { - gfx_hexdump(0, tmp + newOffset, length); - } - else - { - u64 newLength = (newOffset + length) - NX_EMMC_BLOCKSIZE; - gfx_hexdump(0, tmp + newOffset, newLength); - disk_read_mod(tmp, sector + 1, 1, &storage, prodinfo_part); - gfx_hexdump(0, tmp, length - newLength); - } + + //bool needMultipleSectors = newOffset + length > NX_EMMC_BLOCKSIZE; + + u8 *tmp = (u8 *)malloc(sectorCount * NX_EMMC_BLOCKSIZE); + disk_read_mod(tmp, sector, sectorCount, &storage, prodinfo_part); + + + // if (!needMultipleSectors) + // { + // gfx_hexdump(0, tmp + newOffset, length); + memcpy(buffer, tmp + newOffset, length); + // } + // else + // { + // u32 newLength = (newOffset + length) - NX_EMMC_BLOCKSIZE; + // memcpy(buffer, tmp + newOffset, newLength); + // disk_read_mod(tmp, sector + 1, 1, &storage, prodinfo_part); + // memcpy(buffer + newLength, tmp, length - newLength); + // } free(tmp); return true; -} \ No newline at end of file +} + + + bool verifyHash(u64 hashOffset, u64 offset, u64 sz) + { + bool result = false; + u8* buffer = (u8 *)malloc(sz);//new u8[sz]; + + if (!readData(buffer, offset, sz)) + { + EPRINTF("error: failed reading calibration data\n"); + //printf("error: failed reading calibration data\n"); + } + else + { + u8 hash1[0x20]; + u8 hash2[0x20]; + + SHA256_CTX ctx; + sha256_init(&ctx); + sha256_update(&ctx, buffer, sz); + sha256_final(&ctx, hash1); + + //se_calc_sha256(hash1, buffer, sz); + //sha256CalculateHash(hash1, buffer, sz); + + if (!readData(hash2, hashOffset, sizeof(hash2))) + { + EPRINTF("error: failed reading hash\n"); + //printf("error: failed reading hash\n"); + } + else + { + if (memcmp(hash1, hash2, sizeof(hash1))) + { + EPRINTF("error: hash verification failed\n"); + //printf("error: hash verification failed for %x %d\n", (long)offset, (long)sz); + + //print(hash1, 0x20); + //print(hash2, 0x20); + } + else + { + result = true; + } + } + + gfx_hexdump(0, hash1, 0x08); + gfx_hexdump(0, hash2, 0x08); + + } + + free(buffer); + return result; + } + + + + u32 certSize() + { + u32 buffer; + readData((u8 *)&buffer, 0x0AD0, sizeof(buffer)); + EPRINTF("certSize"); + gfx_hexdump(0, (u8 *)&buffer, sizeof(buffer)); + return buffer; + } + + u32 calibrationDataSize() + { + u32 buffer; + readData((u8 *)&buffer, 0x08, sizeof(buffer)); + EPRINTF("calSize"); + gfx_hexdump(0, (u8 *)&buffer, sizeof(buffer)); + return buffer; + } + + bool verify() + { + bool r = verifyHash(0x12E0, 0x0AE0, certSize()); // client cert hash + r &= verifyHash(0x20, 0x0040, calibrationDataSize()); // calibration hash + + return r; + } + + // u32 calibrationDataSize() + // { + // return read(0x08); + // } \ No newline at end of file diff --git a/source/keys/keys.h b/source/keys/keys.h index a96536c..9d4eaa2 100644 --- a/source/keys/keys.h +++ b/source/keys/keys.h @@ -20,6 +20,7 @@ #include "../utils/types.h" void dump_keys(); -bool readData(u64 offset, u64 length); +bool readData(u8 *buffer, u32 offset, u32 length); +bool verify(); #endif diff --git a/source/keys/sha256.c b/source/keys/sha256.c new file mode 100644 index 0000000..500d4a2 --- /dev/null +++ b/source/keys/sha256.c @@ -0,0 +1,158 @@ +/********************************************************************* +* Filename: sha256.c +* Author: Brad Conte (brad AT bradconte.com) +* Copyright: +* Disclaimer: This code is presented "as is" without any guarantees. +* Details: Implementation of the SHA-256 hashing algorithm. + SHA-256 is one of the three algorithms in the SHA2 + specification. The others, SHA-384 and SHA-512, are not + offered in this implementation. + Algorithm specification can be found here: + * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf + This implementation uses little endian u8 order. +*********************************************************************/ + +/*************************** HEADER FILES ***************************/ +#include +#include +#include "sha256.h" + +/****************************** MACROS ******************************/ +#define ROTLEFT(a,b) (((a) << (b)) | ((a) >> (32-(b)))) +#define ROTRIGHT(a,b) (((a) >> (b)) | ((a) << (32-(b)))) + +#define CH(x,y,z) (((x) & (y)) ^ (~(x) & (z))) +#define MAJ(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) +#define EP0(x) (ROTRIGHT(x,2) ^ ROTRIGHT(x,13) ^ ROTRIGHT(x,22)) +#define EP1(x) (ROTRIGHT(x,6) ^ ROTRIGHT(x,11) ^ ROTRIGHT(x,25)) +#define SIG0(x) (ROTRIGHT(x,7) ^ ROTRIGHT(x,18) ^ ((x) >> 3)) +#define SIG1(x) (ROTRIGHT(x,17) ^ ROTRIGHT(x,19) ^ ((x) >> 10)) + +/**************************** VARIABLES *****************************/ +static const u32 k[64] = { + 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5, + 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174, + 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da, + 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967, + 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85, + 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070, + 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3, + 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 +}; + +/*********************** FUNCTION DEFINITIONS ***********************/ +void sha256_transform(SHA256_CTX *ctx, const u8 data[]) +{ + u32 a, b, c, d, e, f, g, h, i, j, t1, t2, m[64]; + + for (i = 0, j = 0; i < 16; ++i, j += 4) + m[i] = (data[j] << 24) | (data[j + 1] << 16) | (data[j + 2] << 8) | (data[j + 3]); + for ( ; i < 64; ++i) + m[i] = SIG1(m[i - 2]) + m[i - 7] + SIG0(m[i - 15]) + m[i - 16]; + + a = ctx->state[0]; + b = ctx->state[1]; + c = ctx->state[2]; + d = ctx->state[3]; + e = ctx->state[4]; + f = ctx->state[5]; + g = ctx->state[6]; + h = ctx->state[7]; + + for (i = 0; i < 64; ++i) { + t1 = h + EP1(e) + CH(e,f,g) + k[i] + m[i]; + t2 = EP0(a) + MAJ(a,b,c); + h = g; + g = f; + f = e; + e = d + t1; + d = c; + c = b; + b = a; + a = t1 + t2; + } + + ctx->state[0] += a; + ctx->state[1] += b; + ctx->state[2] += c; + ctx->state[3] += d; + ctx->state[4] += e; + ctx->state[5] += f; + ctx->state[6] += g; + ctx->state[7] += h; +} + +void sha256_init(SHA256_CTX *ctx) +{ + ctx->datalen = 0; + ctx->bitlen = 0; + ctx->state[0] = 0x6a09e667; + ctx->state[1] = 0xbb67ae85; + ctx->state[2] = 0x3c6ef372; + ctx->state[3] = 0xa54ff53a; + ctx->state[4] = 0x510e527f; + ctx->state[5] = 0x9b05688c; + ctx->state[6] = 0x1f83d9ab; + ctx->state[7] = 0x5be0cd19; +} + +void sha256_update(SHA256_CTX *ctx, const u8 data[], size_t len) +{ + u32 i; + + for (i = 0; i < len; ++i) { + ctx->data[ctx->datalen] = data[i]; + ctx->datalen++; + if (ctx->datalen == 64) { + sha256_transform(ctx, ctx->data); + ctx->bitlen += 512; + ctx->datalen = 0; + } + } +} + +void sha256_final(SHA256_CTX *ctx, u8 hash[]) +{ + u32 i; + + i = ctx->datalen; + + // Pad whatever data is left in the buffer. + if (ctx->datalen < 56) { + ctx->data[i++] = 0x80; + while (i < 56) + ctx->data[i++] = 0x00; + } + else { + ctx->data[i++] = 0x80; + while (i < 64) + ctx->data[i++] = 0x00; + sha256_transform(ctx, ctx->data); + memset(ctx->data, 0, 56); + } + + // Append to the padding the total message's length in bits and transform. + ctx->bitlen += ctx->datalen * 8; + ctx->data[63] = ctx->bitlen; + ctx->data[62] = ctx->bitlen >> 8; + ctx->data[61] = ctx->bitlen >> 16; + ctx->data[60] = ctx->bitlen >> 24; + ctx->data[59] = ctx->bitlen >> 32; + ctx->data[58] = ctx->bitlen >> 40; + ctx->data[57] = ctx->bitlen >> 48; + ctx->data[56] = ctx->bitlen >> 56; + sha256_transform(ctx, ctx->data); + + // Since this implementation uses little endian u8 ordering and SHA uses big endian, + // reverse all the bytes when copying the final state to the output hash. + for (i = 0; i < 4; ++i) { + hash[i] = (ctx->state[0] >> (24 - i * 8)) & 0x000000ff; + hash[i + 4] = (ctx->state[1] >> (24 - i * 8)) & 0x000000ff; + hash[i + 8] = (ctx->state[2] >> (24 - i * 8)) & 0x000000ff; + hash[i + 12] = (ctx->state[3] >> (24 - i * 8)) & 0x000000ff; + hash[i + 16] = (ctx->state[4] >> (24 - i * 8)) & 0x000000ff; + hash[i + 20] = (ctx->state[5] >> (24 - i * 8)) & 0x000000ff; + hash[i + 24] = (ctx->state[6] >> (24 - i * 8)) & 0x000000ff; + hash[i + 28] = (ctx->state[7] >> (24 - i * 8)) & 0x000000ff; + } +} diff --git a/source/keys/sha256.h b/source/keys/sha256.h new file mode 100644 index 0000000..09323ee --- /dev/null +++ b/source/keys/sha256.h @@ -0,0 +1,35 @@ +/********************************************************************* +* Filename: sha256.h +* Author: Brad Conte (brad AT bradconte.com) +* Copyright: +* Disclaimer: This code is presented "as is" without any guarantees. +* Details: Defines the API for the corresponding SHA1 implementation. +*********************************************************************/ + +#ifndef SHA256_H +#define SHA256_H + +/*************************** HEADER FILES ***************************/ +#include +#include "../utils/types.h" + +/****************************** MACROS ******************************/ +#define SHA256_BLOCK_SIZE 32 // SHA256 outputs a 32 byte digest + +/**************************** DATA TYPES ****************************/ +//typedef unsigned char BYTE; // 8-bit byte +//typedef unsigned int WORD; // 32-bit word, change to "long" for 16-bit machines + +typedef struct { + u8 data[64]; + u32 datalen; + unsigned long long bitlen; + u32 state[8]; +} SHA256_CTX; + +/*********************** FUNCTION DECLARATIONS **********************/ +void sha256_init(SHA256_CTX *ctx); +void sha256_update(SHA256_CTX *ctx, const u8 data[], size_t len); +void sha256_final(SHA256_CTX *ctx, u8 hash[]); + +#endif // SHA256_H