Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
hrydgard
GitHub Repository: hrydgard/ppsspp
 Path: blob/master/ext/libkirk/kirk_engine.c
3186 views
1
/*

2
  Draan proudly presents:

3
  

4
  With huge help from community:

5
  coyotebean, Davee, hitchhikr, kgsws, liquidzigong, Mathieulh, Proxima, SilverSpring

6
  

7
  ******************** KIRK-ENGINE ********************

8
  An Open-Source implementation of KIRK (PSP crypto engine) algorithms and keys.

9
  Includes also additional routines for hash forging.

10
  

11
  ********************

12
  

13
  This program is free software: you can redistribute it and/or modify

14
  it under the terms of the GNU General Public License as published by

15
  the Free Software Foundation, either version 3 of the License, or

16
  (at your option) any later version.

17


18
  This program is distributed in the hope that it will be useful,

19
  but WITHOUT ANY WARRANTY; without even the implied warranty of

20
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

21
  GNU General Public License for more details.

22


23
  You should have received a copy of the GNU General Public License

24
  along with this program.  If not, see <http://www.gnu.org/licenses/>.

25
*/

26


27
#include <stdio.h>

28
#include <stdlib.h>

29
#include <string.h>

30
#include <time.h>

31
#include "kirk_engine.h"

32
#include "AES.h"

33
#include "SHA1.h"

34


35
/* ------------------------- KEY VAULT ------------------------- */

36
static const unsigned char keyvault[0x80][0x10] = {

37
    {0x2C, 0x92, 0xE5, 0x90, 0x2B, 0x86, 0xC1, 0x06, 0xB7, 0x2E, 0xEA, 0x6C, 0xD4, 0xEC, 0x72, 0x48},

38
    {0x05, 0x8D, 0xC8, 0x0B, 0x33, 0xA5, 0xBF, 0x9D, 0x56, 0x98, 0xFA, 0xE0, 0xD3, 0x71, 0x5E, 0x1F},

39
    {0xB8, 0x13, 0xC3, 0x5E, 0xC6, 0x44, 0x41, 0xE3, 0xDC, 0x3C, 0x16, 0xF5, 0xB4, 0x5E, 0x64, 0x84},

40
    {0x98, 0x02, 0xC4, 0xE6, 0xEC, 0x9E, 0x9E, 0x2F, 0xFC, 0x63, 0x4C, 0xE4, 0x2F, 0xBB, 0x46, 0x68},

41
    {0x99, 0x24, 0x4C, 0xD2, 0x58, 0xF5, 0x1B, 0xCB, 0xB0, 0x61, 0x9C, 0xA7, 0x38, 0x30, 0x07, 0x5F},

42
    {0x02, 0x25, 0xD7, 0xBA, 0x63, 0xEC, 0xB9, 0x4A, 0x9D, 0x23, 0x76, 0x01, 0xB3, 0xF6, 0xAC, 0x17},

43
    {0x60, 0x99, 0xF2, 0x81, 0x70, 0x56, 0x0E, 0x5F, 0x74, 0x7C, 0xB5, 0x20, 0xC0, 0xCD, 0xC2, 0x3C},

44
    {0x76, 0x36, 0x8B, 0x43, 0x8F, 0x77, 0xD8, 0x7E, 0xFE, 0x5F, 0xB6, 0x11, 0x59, 0x39, 0x88, 0x5C},

45
    {0x14, 0xA1, 0x15, 0xEB, 0x43, 0x4A, 0x1B, 0xA4, 0x90, 0x5E, 0x03, 0xB6, 0x17, 0xA1, 0x5C, 0x04},

46
    {0xE6, 0x58, 0x03, 0xD9, 0xA7, 0x1A, 0xA8, 0x7F, 0x05, 0x9D, 0x22, 0x9D, 0xAF, 0x54, 0x53, 0xD0},

47
    {0xBA, 0x34, 0x80, 0xB4, 0x28, 0xA7, 0xCA, 0x5F, 0x21, 0x64, 0x12, 0xF7, 0x0F, 0xBB, 0x73, 0x23},

48
    {0x72, 0xAD, 0x35, 0xAC, 0x9A, 0xC3, 0x13, 0x0A, 0x77, 0x8C, 0xB1, 0x9D, 0x88, 0x55, 0x0B, 0x0C},

49
    {0x84, 0x85, 0xC8, 0x48, 0x75, 0x08, 0x43, 0xBC, 0x9B, 0x9A, 0xEC, 0xA7, 0x9C, 0x7F, 0x60, 0x18},

50
    {0xB5, 0xB1, 0x6E, 0xDE, 0x23, 0xA9, 0x7B, 0x0E, 0xA1, 0x7C, 0xDB, 0xA2, 0xDC, 0xDE, 0xC4, 0x6E},

51
    {0xC8, 0x71, 0xFD, 0xB3, 0xBC, 0xC5, 0xD2, 0xF2, 0xE2, 0xD7, 0x72, 0x9D, 0xDF, 0x82, 0x68, 0x82},

52
    {0x0A, 0xBB, 0x33, 0x6C, 0x96, 0xD4, 0xCD, 0xD8, 0xCB, 0x5F, 0x4B, 0xE0, 0xBA, 0xDB, 0x9E, 0x03},

53
    {0x32, 0x29, 0x5B, 0xD5, 0xEA, 0xF7, 0xA3, 0x42, 0x16, 0xC8, 0x8E, 0x48, 0xFF, 0x50, 0xD3, 0x71},

54
    {0x46, 0xF2, 0x5E, 0x8E, 0x4D, 0x2A, 0xA5, 0x40, 0x73, 0x0B, 0xC4, 0x6E, 0x47, 0xEE, 0x6F, 0x0A},

55
    {0x5D, 0xC7, 0x11, 0x39, 0xD0, 0x19, 0x38, 0xBC, 0x02, 0x7F, 0xDD, 0xDC, 0xB0, 0x83, 0x7D, 0x9D},

56
    {0x51, 0xDD, 0x65, 0xF0, 0x71, 0xA4, 0xE5, 0xEA, 0x6A, 0xAF, 0x12, 0x19, 0x41, 0x29, 0xB8, 0xF4},

57
    {0x03, 0x76, 0x3C, 0x68, 0x65, 0xC6, 0x9B, 0x0F, 0xFE, 0x8F, 0xD8, 0xEE, 0xA4, 0x36, 0x16, 0xA0},

58
    {0x7D, 0x50, 0xB8, 0x5C, 0xAF, 0x67, 0x69, 0xF0, 0xE5, 0x4A, 0xA8, 0x09, 0x8B, 0x0E, 0xBE, 0x1C},

59
    {0x72, 0x68, 0x4B, 0x32, 0xAC, 0x3B, 0x33, 0x2F, 0x2A, 0x7A, 0xFC, 0x9E, 0x14, 0xD5, 0x6F, 0x6B},

60
    {0x20, 0x1D, 0x31, 0x96, 0x4A, 0xD9, 0x9F, 0xBF, 0x32, 0xD5, 0xD6, 0x1C, 0x49, 0x1B, 0xD9, 0xFC},

61
    {0xF8, 0xD8, 0x44, 0x63, 0xD6, 0x10, 0xD1, 0x2A, 0x44, 0x8E, 0x96, 0x90, 0xA6, 0xBB, 0x0B, 0xAD},

62
    {0x5C, 0xD4, 0x05, 0x7F, 0xA1, 0x30, 0x60, 0x44, 0x0A, 0xD9, 0xB6, 0x74, 0x5F, 0x24, 0x4F, 0x4E},

63
    {0xF4, 0x8A, 0xD6, 0x78, 0x59, 0x9C, 0x22, 0xC1, 0xD4, 0x11, 0x93, 0x3D, 0xF8, 0x45, 0xB8, 0x93},

64
    {0xCA, 0xE7, 0xD2, 0x87, 0xA2, 0xEC, 0xC1, 0xCD, 0x94, 0x54, 0x2B, 0x5E, 0x1D, 0x94, 0x88, 0xB2},

65
    {0xDE, 0x26, 0xD3, 0x7A, 0x39, 0x95, 0x6C, 0x2A, 0xD8, 0xC3, 0xA6, 0xAF, 0x21, 0xEB, 0xB3, 0x01},

66
    {0x7C, 0xB6, 0x8B, 0x4D, 0xA3, 0x8D, 0x1D, 0xD9, 0x32, 0x67, 0x9C, 0xA9, 0x9F, 0xFB, 0x28, 0x52},

67
    {0xA0, 0xB5, 0x56, 0xB4, 0x69, 0xAB, 0x36, 0x8F, 0x36, 0xDE, 0xC9, 0x09, 0x2E, 0xCB, 0x41, 0xB1},

68
    {0x93, 0x9D, 0xE1, 0x9B, 0x72, 0x5F, 0xEE, 0xE2, 0x45, 0x2A, 0xBC, 0x17, 0x06, 0xD1, 0x47, 0x69},

69
    {0xA4, 0xA4, 0xE6, 0x21, 0x38, 0x2E, 0xF1, 0xAF, 0x7B, 0x17, 0x7A, 0xE8, 0x42, 0xAD, 0x00, 0x31},

70
    {0xC3, 0x7F, 0x13, 0xE8, 0xCF, 0x84, 0xDB, 0x34, 0x74, 0x7B, 0xC3, 0xA0, 0xF1, 0x9D, 0x3A, 0x73},

71
    {0x2B, 0xF7, 0x83, 0x8A, 0xD8, 0x98, 0xE9, 0x5F, 0xA5, 0xF9, 0x01, 0xDA, 0x61, 0xFE, 0x35, 0xBB},

72
    {0xC7, 0x04, 0x62, 0x1E, 0x71, 0x4A, 0x66, 0xEA, 0x62, 0xE0, 0x4B, 0x20, 0x3D, 0xB8, 0xC2, 0xE5},

73
    {0xC9, 0x33, 0x85, 0x9A, 0xAB, 0x00, 0xCD, 0xCE, 0x4D, 0x8B, 0x8E, 0x9F, 0x3D, 0xE6, 0xC0, 0x0F},

74
    {0x18, 0x42, 0x56, 0x1F, 0x2B, 0x5F, 0x34, 0xE3, 0x51, 0x3E, 0xB7, 0x89, 0x77, 0x43, 0x1A, 0x65},

75
    {0xDC, 0xB0, 0xA0, 0x06, 0x5A, 0x50, 0xA1, 0x4E, 0x59, 0xAC, 0x97, 0x3F, 0x17, 0x58, 0xA3, 0xA3},

76
    {0xC4, 0xDB, 0xAE, 0x83, 0xE2, 0x9C, 0xF2, 0x54, 0xA3, 0xDD, 0x37, 0x4E, 0x80, 0x7B, 0xF4, 0x25},

77
    {0xBF, 0xAE, 0xEB, 0x49, 0x82, 0x65, 0xC5, 0x7C, 0x64, 0xB8, 0xC1, 0x7E, 0x19, 0x06, 0x44, 0x09},

78
    {0x79, 0x7C, 0xEC, 0xC3, 0xB3, 0xEE, 0x0A, 0xC0, 0x3B, 0xD8, 0xE6, 0xC1, 0xE0, 0xA8, 0xB1, 0xA4},

79
    {0x75, 0x34, 0xFE, 0x0B, 0xD6, 0xD0, 0xC2, 0x8D, 0x68, 0xD4, 0xE0, 0x2A, 0xE7, 0xD5, 0xD1, 0x55},

80
    {0xFA, 0xB3, 0x53, 0x26, 0x97, 0x4F, 0x4E, 0xDF, 0xE4, 0xC3, 0xA8, 0x14, 0xC3, 0x2F, 0x0F, 0x88},

81
    {0xEC, 0x97, 0xB3, 0x86, 0xB4, 0x33, 0xC6, 0xBF, 0x4E, 0x53, 0x9D, 0x95, 0xEB, 0xB9, 0x79, 0xE4},

82
    {0xB3, 0x20, 0xA2, 0x04, 0xCF, 0x48, 0x06, 0x29, 0xB5, 0xDD, 0x8E, 0xFC, 0x98, 0xD4, 0x17, 0x7B},

83
    {0x5D, 0xFC, 0x0D, 0x4F, 0x2C, 0x39, 0xDA, 0x68, 0x4A, 0x33, 0x74, 0xED, 0x49, 0x58, 0xA7, 0x3A},

84
    {0xD7, 0x5A, 0x54, 0x22, 0xCE, 0xD9, 0xA3, 0xD6, 0x2B, 0x55, 0x7D, 0x8D, 0xE8, 0xBE, 0xC7, 0xEC},

85
    {0x6B, 0x4A, 0xEE, 0x43, 0x45, 0xAE, 0x70, 0x07, 0xCF, 0x8D, 0xCF, 0x4E, 0x4A, 0xE9, 0x3C, 0xFA},

86
    {0x2B, 0x52, 0x2F, 0x66, 0x4C, 0x2D, 0x11, 0x4C, 0xFE, 0x61, 0x31, 0x8C, 0x56, 0x78, 0x4E, 0xA6},

87
    {0x3A, 0xA3, 0x4E, 0x44, 0xC6, 0x6F, 0xAF, 0x7B, 0xFA, 0xE5, 0x53, 0x27, 0xEF, 0xCF, 0xCC, 0x24},

88
    {0x2B, 0x5C, 0x78, 0xBF, 0xC3, 0x8E, 0x49, 0x9D, 0x41, 0xC3, 0x3C, 0x5C, 0x7B, 0x27, 0x96, 0xCE},

89
    {0xF3, 0x7E, 0xEA, 0xD2, 0xC0, 0xC8, 0x23, 0x1D, 0xA9, 0x9B, 0xFA, 0x49, 0x5D, 0xB7, 0x08, 0x1B},

90
    {0x70, 0x8D, 0x4E, 0x6F, 0xD1, 0xF6, 0x6F, 0x1D, 0x1E, 0x1F, 0xCB, 0x02, 0xF9, 0xB3, 0x99, 0x26},

91
    {0x0F, 0x67, 0x16, 0xE1, 0x80, 0x69, 0x9C, 0x51, 0xFC, 0xC7, 0xAD, 0x6E, 0x4F, 0xB8, 0x46, 0xC9},

92
    {0x56, 0x0A, 0x49, 0x4A, 0x84, 0x4C, 0x8E, 0xD9, 0x82, 0xEE, 0x0B, 0x6D, 0xC5, 0x7D, 0x20, 0x8D},

93
    {0x12, 0x46, 0x8D, 0x7E, 0x1C, 0x42, 0x20, 0x9B, 0xBA, 0x54, 0x26, 0x83, 0x5E, 0xB0, 0x33, 0x03},

94
    {0xC4, 0x3B, 0xB6, 0xD6, 0x53, 0xEE, 0x67, 0x49, 0x3E, 0xA9, 0x5F, 0xBC, 0x0C, 0xED, 0x6F, 0x8A},

95
    {0x2C, 0xC3, 0xCF, 0x8C, 0x28, 0x78, 0xA5, 0xA6, 0x63, 0xE2, 0xAF, 0x2D, 0x71, 0x5E, 0x86, 0xBA},

96
    {0x83, 0x3D, 0xA7, 0x0C, 0xED, 0x6A, 0x20, 0x12, 0xD1, 0x96, 0xE6, 0xFE, 0x5C, 0x4D, 0x37, 0xC5},

97
    {0xC7, 0x43, 0xD0, 0x67, 0x42, 0xEE, 0x90, 0xB8, 0xCA, 0x75, 0x50, 0x35, 0x20, 0xAD, 0xBC, 0xCE},

98
    {0x8A, 0xE3, 0x66, 0x3F, 0x8D, 0x9E, 0x82, 0xA1, 0xED, 0xE6, 0x8C, 0x9C, 0xE8, 0x25, 0x6D, 0xAA},

99
    {0x7F, 0xC9, 0x6F, 0x0B, 0xB1, 0x48, 0x5C, 0xA5, 0x5D, 0xD3, 0x64, 0xB7, 0x7A, 0xF5, 0xE4, 0xEA},

100
    {0x91, 0xB7, 0x65, 0x78, 0x8B, 0xCB, 0x8B, 0xD4, 0x02, 0xED, 0x55, 0x3A, 0x66, 0x62, 0xD0, 0xAD},

101
    {0x28, 0x24, 0xF9, 0x10, 0x1B, 0x8D, 0x0F, 0x7B, 0x6E, 0xB2, 0x63, 0xB5, 0xB5, 0x5B, 0x2E, 0xBB},

102
    {0x30, 0xE2, 0x57, 0x5D, 0xE0, 0xA2, 0x49, 0xCE, 0xE8, 0xCF, 0x2B, 0x5E, 0x4D, 0x9F, 0x52, 0xC7},

103
    {0x5E, 0xE5, 0x04, 0x39, 0x62, 0x32, 0x02, 0xFA, 0x85, 0x39, 0x3F, 0x72, 0xBB, 0x77, 0xFD, 0x1A},

104
    {0xF8, 0x81, 0x74, 0xB1, 0xBD, 0xE9, 0xBF, 0xDD, 0x45, 0xE2, 0xF5, 0x55, 0x89, 0xCF, 0x46, 0xAB},

105
    {0x7D, 0xF4, 0x92, 0x65, 0xE3, 0xFA, 0xD6, 0x78, 0xD6, 0xFE, 0x78, 0xAD, 0xBB, 0x3D, 0xFB, 0x63},

106
    {0x74, 0x7F, 0xD6, 0x2D, 0xC7, 0xA1, 0xCA, 0x96, 0xE2, 0x7A, 0xCE, 0xFF, 0xAA, 0x72, 0x3F, 0xF7},

107
    {0x1E, 0x58, 0xEB, 0xD0, 0x65, 0xBB, 0xF1, 0x68, 0xC5, 0xBD, 0xF7, 0x46, 0xBA, 0x7B, 0xE1, 0x00},

108
    {0x24, 0x34, 0x7D, 0xAF, 0x5E, 0x4B, 0x35, 0x72, 0x7A, 0x52, 0x27, 0x6B, 0xA0, 0x54, 0x74, 0xDB},

109
    {0x09, 0xB1, 0xC7, 0x05, 0xC3, 0x5F, 0x53, 0x66, 0x77, 0xC0, 0xEB, 0x36, 0x77, 0xDF, 0x83, 0x07},

110
    {0xCC, 0xBE, 0x61, 0x5C, 0x05, 0xA2, 0x00, 0x33, 0x37, 0x8E, 0x59, 0x64, 0xA7, 0xDD, 0x70, 0x3D},

111
    {0x0D, 0x47, 0x50, 0xBB, 0xFC, 0xB0, 0x02, 0x81, 0x30, 0xE1, 0x84, 0xDE, 0xA8, 0xD4, 0x84, 0x13},

112
    {0x0C, 0xFD, 0x67, 0x9A, 0xF9, 0xB4, 0x72, 0x4F, 0xD7, 0x8D, 0xD6, 0xE9, 0x96, 0x42, 0x28, 0x8B},

113
    {0x7A, 0xD3, 0x1A, 0x8B, 0x4B, 0xEF, 0xC2, 0xC2, 0xB3, 0x99, 0x01, 0xA9, 0xFE, 0x76, 0xB9, 0x87},

114
    {0xBE, 0x78, 0x78, 0x17, 0xC7, 0xF1, 0x6F, 0x1A, 0xE0, 0xEF, 0x3B, 0xDE, 0x4C, 0xC2, 0xD7, 0x86},

115
    {0x7C, 0xD8, 0xB8, 0x91, 0x91, 0x0A, 0x43, 0x14, 0xD0, 0x53, 0x3D, 0xD8, 0x4C, 0x45, 0xBE, 0x16},

116
    {0x32, 0x72, 0x2C, 0x88, 0x07, 0xCF, 0x35, 0x7D, 0x4A, 0x2F, 0x51, 0x19, 0x44, 0xAE, 0x68, 0xDA},

117
    {0x7E, 0x6B, 0xBF, 0xF6, 0xF6, 0x87, 0xB8, 0x98, 0xEE, 0xB5, 0x1B, 0x32, 0x16, 0xE4, 0x6E, 0x5D},

118
    {0x08, 0xEA, 0x5A, 0x83, 0x49, 0xB5, 0x9D, 0xB5, 0x3E, 0x07, 0x79, 0xB1, 0x9A, 0x59, 0xA3, 0x54},

119
    {0xF3, 0x12, 0x81, 0xBF, 0xE6, 0x9F, 0x51, 0xD1, 0x64, 0x08, 0x25, 0x21, 0xFF, 0xBB, 0x22, 0x61},

120
    {0xAF, 0xFE, 0x8E, 0xB1, 0x3D, 0xD1, 0x7E, 0xD8, 0x0A, 0x61, 0x24, 0x1C, 0x95, 0x92, 0x56, 0xB6},

121
    {0x92, 0xCD, 0xB4, 0xC2, 0x5B, 0xF2, 0x35, 0x5A, 0x23, 0x09, 0xE8, 0x19, 0xC9, 0x14, 0x42, 0x35},

122
    {0xE1, 0xC6, 0x5B, 0x22, 0x6B, 0xE1, 0xDA, 0x02, 0xBA, 0x18, 0xFA, 0x21, 0x34, 0x9E, 0xF9, 0x6D},

123
    {0x14, 0xEC, 0x76, 0xCE, 0x97, 0xF3, 0x8A, 0x0A, 0x34, 0x50, 0x6C, 0x53, 0x9A, 0x5C, 0x9A, 0xB4},

124
    {0x1C, 0x9B, 0xC4, 0x90, 0xE3, 0x06, 0x64, 0x81, 0xFA, 0x59, 0xFD, 0xB6, 0x00, 0xBB, 0x28, 0x70},

125
    {0x43, 0xA5, 0xCA, 0xCC, 0x0D, 0x6C, 0x2D, 0x3F, 0x2B, 0xD9, 0x89, 0x67, 0x6B, 0x3F, 0x7F, 0x57},

126
    {0x00, 0xEF, 0xFD, 0x18, 0x08, 0xA4, 0x05, 0x89, 0x3C, 0x38, 0xFB, 0x25, 0x72, 0x70, 0x61, 0x06},

127
    {0xEE, 0xAF, 0x49, 0xE0, 0x09, 0x87, 0x9B, 0xEF, 0xAA, 0xD6, 0x32, 0x6A, 0x32, 0x13, 0xC4, 0x29},

128
    {0x8D, 0x26, 0xB9, 0x0F, 0x43, 0x1D, 0xBB, 0x08, 0xDB, 0x1D, 0xDA, 0xC5, 0xB5, 0x2C, 0x92, 0xED},

129
    {0x57, 0x7C, 0x30, 0x60, 0xAE, 0x6E, 0xBE, 0xAE, 0x3A, 0xAB, 0x18, 0x19, 0xC5, 0x71, 0x68, 0x0B},

130
    {0x11, 0x5A, 0x5D, 0x20, 0xD5, 0x3A, 0x8D, 0xD3, 0x9C, 0xC5, 0xAF, 0x41, 0x0F, 0x0F, 0x18, 0x6F},

131
    {0x0D, 0x4D, 0x51, 0xAB, 0x23, 0x79, 0xBF, 0x80, 0x3A, 0xBF, 0xB9, 0x0E, 0x75, 0xFC, 0x14, 0xBF},

132
    {0x99, 0x93, 0xDA, 0x3E, 0x7D, 0x2E, 0x5B, 0x15, 0xF2, 0x52, 0xA4, 0xE6, 0x6B, 0xB8, 0x5A, 0x98},

133
    {0xF4, 0x28, 0x30, 0xA5, 0xFB, 0x0D, 0x8D, 0x76, 0x0E, 0xA6, 0x71, 0xC2, 0x2B, 0xDE, 0x66, 0x9D},

134
    {0xFB, 0x5F, 0xEB, 0x7F, 0xC7, 0xDC, 0xDD, 0x69, 0x37, 0x01, 0x97, 0x9B, 0x29, 0x03, 0x5C, 0x47},

135
    {0x02, 0x32, 0x6A, 0xE7, 0xD3, 0x96, 0xCE, 0x7F, 0x1C, 0x41, 0x9D, 0xD6, 0x52, 0x07, 0xED, 0x09},

136
    {0x9C, 0x9B, 0x13, 0x72, 0xF8, 0xC6, 0x40, 0xCF, 0x1C, 0x62, 0xF5, 0xD5, 0x92, 0xDD, 0xB5, 0x82},

137
    {0x03, 0xB3, 0x02, 0xE8, 0x5F, 0xF3, 0x81, 0xB1, 0x3B, 0x8D, 0xAA, 0x2A, 0x90, 0xFF, 0x5E, 0x61},

138
    {0xBC, 0xD7, 0xF9, 0xD3, 0x2F, 0xAC, 0xF8, 0x47, 0xC0, 0xFB, 0x4D, 0x2F, 0x30, 0x9A, 0xBD, 0xA6},

139
    {0xF5, 0x55, 0x96, 0xE9, 0x7F, 0xAF, 0x86, 0x7F, 0xAC, 0xB3, 0x3A, 0xE6, 0x9C, 0x8B, 0x6F, 0x93},

140
    {0xEE, 0x29, 0x70, 0x93, 0xF9, 0x4E, 0x44, 0x59, 0x44, 0x17, 0x1F, 0x8E, 0x86, 0xE1, 0x70, 0xFC},

141
    {0xE4, 0x34, 0x52, 0x0C, 0xF0, 0x88, 0xCF, 0xC8, 0xCD, 0x78, 0x1B, 0x6C, 0xCF, 0x8C, 0x48, 0xC4},

142
    {0xC1, 0xBF, 0x66, 0x81, 0x8E, 0xF9, 0x53, 0xF2, 0xE1, 0x26, 0x6B, 0x6F, 0x55, 0x0C, 0xC9, 0xCD},

143
    {0x56, 0x0F, 0xFF, 0x8F, 0x3C, 0x96, 0x49, 0x14, 0x45, 0x16, 0xF1, 0xBC, 0xBF, 0xCE, 0xA3, 0x0C},

144
    {0x24, 0x08, 0xDC, 0x75, 0x37, 0x60, 0xA2, 0x9F, 0x05, 0x54, 0xB5, 0xF2, 0x43, 0x85, 0x73, 0x99},

145
    {0xDD, 0xD5, 0xB5, 0x6A, 0x59, 0xC5, 0x5A, 0xE8, 0x3B, 0x96, 0x67, 0xC7, 0x5C, 0x2A, 0xE2, 0xDC},

146
    {0xAA, 0x68, 0x67, 0x72, 0xE0, 0x2D, 0x44, 0xD5, 0xCD, 0xBB, 0x65, 0x04, 0xBC, 0xD5, 0xBF, 0x4E},

147
    {0x1F, 0x17, 0xF0, 0x14, 0xE7, 0x77, 0xA2, 0xFE, 0x4B, 0x13, 0x6B, 0x56, 0xCD, 0x7E, 0xF7, 0xE9},

148
    {0xC9, 0x35, 0x48, 0xCF, 0x55, 0x8D, 0x75, 0x03, 0x89, 0x6B, 0x2E, 0xEB, 0x61, 0x8C, 0xA9, 0x02},

149
    {0xDE, 0x34, 0xC5, 0x41, 0xE7, 0xCA, 0x86, 0xE8, 0xBE, 0xA7, 0xC3, 0x1C, 0xEC, 0xE4, 0x36, 0x0F},

150
    {0xDD, 0xE5, 0xFF, 0x55, 0x1B, 0x74, 0xF6, 0xF4, 0xE0, 0x16, 0xD7, 0xAB, 0x22, 0x31, 0x1B, 0x6A},

151
    {0xB0, 0xE9, 0x35, 0x21, 0x33, 0x3F, 0xD7, 0xBA, 0xB4, 0x76, 0x2C, 0xCB, 0x4D, 0x80, 0x08, 0xD8},

152
    {0x38, 0x14, 0x69, 0xC4, 0xC3, 0xF9, 0x1B, 0x96, 0x33, 0x63, 0x8E, 0x4D, 0x5F, 0x3D, 0xF0, 0x29},

153
    {0xFA, 0x48, 0x6A, 0xD9, 0x8E, 0x67, 0x16, 0xEF, 0x6A, 0xB0, 0x87, 0xF5, 0x89, 0x45, 0x7F, 0x2A},

154
    {0x32, 0x1A, 0x09, 0x12, 0x50, 0x14, 0x8A, 0x3E, 0x96, 0x3D, 0xEA, 0x02, 0x59, 0x32, 0xE1, 0x8F},

155
    {0x4B, 0x00, 0xBE, 0x29, 0xBC, 0xB0, 0x28, 0x64, 0xCE, 0xFD, 0x43, 0xA9, 0x6F, 0xD9, 0x5C, 0xED},

156
    {0x57, 0x7D, 0xC4, 0xFF, 0x02, 0x44, 0xE2, 0x80, 0x91, 0xF4, 0xCA, 0x0A, 0x75, 0x69, 0xFD, 0xA8},

157
    {0x83, 0x53, 0x36, 0xC6, 0x18, 0x03, 0xE4, 0x3E, 0x4E, 0xB3, 0x0F, 0x6B, 0x6E, 0x79, 0x9B, 0x7A},

158
    {0x5C, 0x92, 0x65, 0xFD, 0x7B, 0x59, 0x6A, 0xA3, 0x7A, 0x2F, 0x50, 0x9D, 0x85, 0xE9, 0x27, 0xF8},

159
    {0x9A, 0x39, 0xFB, 0x89, 0xDF, 0x55, 0xB2, 0x60, 0x14, 0x24, 0xCE, 0xA6, 0xD9, 0x65, 0x0A, 0x9D},

160
    {0x8B, 0x75, 0xBE, 0x91, 0xA8, 0xC7, 0x5A, 0xD2, 0xD7, 0xA5, 0x94, 0xA0, 0x1C, 0xBB, 0x95, 0x91},

161
    {0x95, 0xC2, 0x1B, 0x8D, 0x05, 0xAC, 0xF5, 0xEC, 0x5A, 0xEE, 0x77, 0x81, 0x23, 0x95, 0xC4, 0xD7},

162
    {0xB9, 0xA4, 0x61, 0x64, 0x36, 0x33, 0xFA, 0x5D, 0x94, 0x88, 0xE2, 0xD3, 0x28, 0x1E, 0x01, 0xA2},

163
    {0xB8, 0xB0, 0x84, 0xFB, 0x9F, 0x4C, 0xFA, 0xF7, 0x30, 0xFE, 0x73, 0x25, 0xA2, 0xAB, 0x89, 0x7D},

164
    {0x5F, 0x8C, 0x17, 0x9F, 0xC1, 0xB2, 0x1D, 0xF1, 0xF6, 0x36, 0x7A, 0x9C, 0xF7, 0xD3, 0xD4, 0x7C},

165
};

166


167
static const u8 kirk1_key[]  = {0x98, 0xC9, 0x40, 0x97, 0x5C, 0x1D, 0x10, 0xE8, 0x7F, 0xE6, 0x0E, 0xA3, 0xFD, 0x03, 0xA8, 0xBA};

168
static const u8 kirk16_key[] = {0x47, 0x5E, 0x09, 0xF4, 0xA2, 0x37, 0xDA, 0x9B, 0xEF, 0xFF, 0x3B, 0xC0, 0x77, 0x14, 0x3D, 0x8A};

169


170
/* ECC Curves for Kirk 1 and Kirk 0x11 */

171
// Common Curve paramters p and a

172
static const u8 ec_p[20] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};

173
static const u8 ec_a[20] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC}; // mon

174


175
// Kirk 0xC,0xD,0x10,0x11,(likely 0x12)- Unique curve parameters for b, N, and base point G for Kirk 0xC,0xD,0x10,0x11,(likely 0x12) service

176
// Since public key is variable, it is not specified here

177
static const u8 ec_b2[20] = {0xA6, 0x8B, 0xED, 0xC3, 0x34, 0x18, 0x02, 0x9C, 0x1D, 0x3C, 0xE3, 0x3B, 0x9A, 0x32, 0x1F, 0xCC, 0xBB, 0x9E, 0x0F, 0x0B};// mon

178
static const u8 ec_N2[21] = {0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xB5, 0xAE, 0x3C, 0x52, 0x3E, 0x63, 0x94, 0x4F, 0x21, 0x27};

179
static const u8 Gx2[20] = {0x12, 0x8E, 0xC4, 0x25, 0x64, 0x87, 0xFD, 0x8F, 0xDF, 0x64, 0xE2, 0x43, 0x7B, 0xC0, 0xA1, 0xF6, 0xD5, 0xAF, 0xDE, 0x2C };

180
static const u8 Gy2[20] = {0x59, 0x58, 0x55, 0x7E, 0xB1, 0xDB, 0x00, 0x12, 0x60, 0x42, 0x55, 0x24, 0xDB, 0xC3, 0x79, 0xD5, 0xAC, 0x5F, 0x4A, 0xDF };

181


182
// KIRK 1 - Unique curve parameters for b, N, and base point G

183
// Since public key is hard coded, it is also included

184


185
static const u8 ec_b1[20] = {0x65, 0xD1, 0x48, 0x8C, 0x03, 0x59, 0xE2, 0x34, 0xAD, 0xC9, 0x5B, 0xD3, 0x90, 0x80, 0x14, 0xBD, 0x91, 0xA5, 0x25, 0xF9};

186
static const u8 ec_N1[21] = {0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x01, 0xB5, 0xC6, 0x17, 0xF2, 0x90, 0xEA, 0xE1, 0xDB, 0xAD, 0x8F};

187
static const u8 Gx1[20] = {0x22, 0x59, 0xAC, 0xEE, 0x15, 0x48, 0x9C, 0xB0, 0x96, 0xA8, 0x82, 0xF0, 0xAE, 0x1C, 0xF9, 0xFD, 0x8E, 0xE5, 0xF8, 0xFA };

188
static const u8 Gy1[20] = {0x60, 0x43, 0x58, 0x45, 0x6D, 0x0A, 0x1C, 0xB2, 0x90, 0x8D, 0xE9, 0x0F, 0x27, 0xD7, 0x5C, 0x82, 0xBE, 0xC1, 0x08, 0xC0 };

189


190
static const u8 Px1[20] = {0xED, 0x9C, 0xE5, 0x82, 0x34, 0xE6, 0x1A, 0x53, 0xC6, 0x85, 0xD6, 0x4D, 0x51, 0xD0, 0x23, 0x6B, 0xC3, 0xB5, 0xD4, 0xB9 };

191
static const u8 Py1[20] = {0x04, 0x9D, 0xF1, 0xA0, 0x75, 0xC0, 0xE0, 0x4F, 0xB3, 0x44, 0x85, 0x8B, 0x61, 0xB7, 0x9B, 0x69, 0xA6, 0x3D, 0x2C, 0x39 };

192


193
/* ------------------------- KEY VAULT END ------------------------- */

194


195
  // Some randomly selected data for a "key" to add to each randomization

196
static const u8 random_data[0x10] = { 0xA7, 0x2E, 0x4C, 0xB6, 0xC3, 0x34, 0xDF, 0x85, 0x70, 0x01, 0x49, 0xFC, 0xC0, 0x87, 0xC4, 0x77 };

197
// Another randomly selected data for a "key" to add to each randomization

198
static const u8 random_key[0x10] = { 0x07, 0xAB, 0xEF, 0xF8, 0x96, 0x8C, 0xF3, 0xD6, 0x14, 0xE0, 0xEB, 0xB2, 0x9D, 0x8B, 0x4E, 0x74 };

199


200
/* ------------------------- INTERNAL STUFF ------------------------- */

201
typedef struct blah {

202
  u8 fuseid[8]; //0

203
  u8 mesh[0x40];  //0x8

204
} kirk16_data; //0x48

205
 

206
typedef struct header_keys {

207
  u8 AES[16];

208
  u8 CMAC[16];

209
} header_keys;  //small struct for temporary keeping AES & CMAC key from CMD1 header

210


211
/* ------------------------- INTERNAL STUFF END ------------------------- */

212


213


214
/* ------------------------- IMPLEMENTATION ------------------------- */

215


216
int kirk_CMD0(KirkState *kirk, u8* outbuff, const u8* inbuff, int size, int generate_trash)

217
{

218
  KIRK_CMD1_HEADER* header = (KIRK_CMD1_HEADER*)outbuff;

219
  header_keys *keys = (header_keys *)outbuff; //0-15 AES key, 16-31 CMAC key

220
  int chk_size;

221
  AES_ctx k1;

222
  AES_ctx cmac_key;

223
  u8 cmac_header_hash[16];

224
  u8 cmac_data_hash[16];

225
    

226
  if(kirk->is_kirk_initialized == 0) return KIRK_NOT_INITIALIZED;

227


228
  memcpy(outbuff, inbuff, size);

229
   

230
  if(header->mode != KIRK_MODE_CMD1) return KIRK_INVALID_MODE;

231
  

232
  //FILL PREDATA WITH RANDOM DATA

233
  if(generate_trash) kirk_CMD14(kirk, outbuff+sizeof(KIRK_CMD1_HEADER), header->data_offset);

234
  

235
  //Make sure data is 16 aligned

236
  chk_size = header->data_size;

237
  if(chk_size % 16) chk_size += 16 - (chk_size % 16);

238
  

239
  //ENCRYPT DATA

240
  AES_set_key(&k1, keys->AES, 128);

241
  AES_cbc_encrypt(&k1, inbuff+sizeof(KIRK_CMD1_HEADER)+header->data_offset, (u8*)outbuff+sizeof(KIRK_CMD1_HEADER)+header->data_offset, chk_size);

242
  

243
  //CMAC HASHES

244
  AES_set_key(&cmac_key, keys->CMAC, 128);

245
  AES_CMAC(&cmac_key, outbuff+0x60, 0x30, cmac_header_hash);

246
  AES_CMAC(&cmac_key, outbuff+0x60, 0x30 + chk_size + header->data_offset, cmac_data_hash);

247
  

248
  memcpy(header->CMAC_header_hash, cmac_header_hash, 16);

249
  memcpy(header->CMAC_data_hash, cmac_data_hash, 16);

250
  

251
  //ENCRYPT KEYS

252
  AES_cbc_encrypt(&kirk->aes_kirk1, inbuff, outbuff, 16*2);

253
  return KIRK_OPERATION_SUCCESS;

254
}

255


256
// This one writes to inbuff.

257
int kirk_CMD1(KirkState *kirk, u8* outbuff, u8* inbuff, int size)

258
{

259
  const KIRK_CMD1_HEADER* header = (const KIRK_CMD1_HEADER*)inbuff;

260
  header_keys keys; //0-15 AES key, 16-31 CMAC key

261
  AES_ctx k1;

262
	

263
	if(size < 0x90) return KIRK_INVALID_SIZE;

264
  if(kirk->is_kirk_initialized == 0) return KIRK_NOT_INITIALIZED;

265
  if(header->mode != KIRK_MODE_CMD1) return KIRK_INVALID_MODE;

266
  

267
  AES_cbc_decrypt(&kirk->aes_kirk1, inbuff, (u8*)&keys, 16*2); //decrypt AES & CMAC key to temp buffer

268
  

269
  if(header->ecdsa_hash == 1)

270
  {

271
  	SHA_CTX sha;

272
  	KIRK_CMD1_ECDSA_HEADER* eheader = (KIRK_CMD1_ECDSA_HEADER*) inbuff;

273
  	u8 kirk1_pub[40];

274
  	u8 header_hash[20];

275
	u8 data_hash[20];

276
  	ecdsa_set_curve(ec_p,ec_a,ec_b1,ec_N1,Gx1,Gy1);

277
  	memcpy(kirk1_pub,Px1,20);

278
  	memcpy(kirk1_pub+20,Py1,20);

279
  	ecdsa_set_pub(kirk1_pub);

280
		//Hash the Header

281
		SHAInit(&sha);

282
		SHAUpdate(&sha, (u8*)eheader+0x60, 0x30);

283
		SHAFinal(header_hash, &sha);		

284
		

285
	  if(!ecdsa_verify(header_hash,eheader->header_sig_r,eheader->header_sig_s)) {

286
	    return KIRK_HEADER_HASH_INVALID;

287
	  }

288
	  SHAInit(&sha);

289
		SHAUpdate(&sha, (u8*)eheader+0x60, size-0x60);

290
		SHAFinal(data_hash, &sha);  

291
		

292
	  if(!ecdsa_verify(data_hash,eheader->data_sig_r,eheader->data_sig_s)) {

293
	    return KIRK_DATA_HASH_INVALID;

294
	  }

295


296
  } else  {

297
    int ret = kirk_CMD10(kirk, inbuff, size);

298
    if(ret != KIRK_OPERATION_SUCCESS) return ret;

299
  }

300
  

301
  AES_set_key(&k1, keys.AES, 128);

302
  AES_cbc_decrypt(&k1, inbuff+sizeof(KIRK_CMD1_HEADER)+header->data_offset, outbuff, header->data_size);  

303
  

304
  return KIRK_OPERATION_SUCCESS;

305
}

306


307
int kirk_CMD4(KirkState *kirk, u8* outbuff, const u8* inbuff, int size)

308
{

309
  const KIRK_AES128CBC_HEADER *header = (const KIRK_AES128CBC_HEADER*)inbuff;

310
  const u8* key;

311
  AES_ctx aesKey;

312
  

313
  if(kirk->is_kirk_initialized == 0) return KIRK_NOT_INITIALIZED;

314
  if(header->mode != KIRK_MODE_ENCRYPT_CBC) return KIRK_INVALID_MODE;

315
  if(header->data_size == 0) return KIRK_DATA_SIZE_ZERO;

316
  

317
  key = kirk_4_7_get_key(header->keyseed);

318
  if(key == (u8*)KIRK_INVALID_SIZE) return KIRK_INVALID_SIZE;

319
  

320
  //Set the key

321
  AES_set_key(&aesKey, key, 128);

322
  AES_cbc_encrypt(&aesKey, inbuff+sizeof(KIRK_AES128CBC_HEADER), outbuff+sizeof(KIRK_AES128CBC_HEADER), header->data_size);

323
  

324
  return KIRK_OPERATION_SUCCESS;

325
}

326


327
void kirk4(u8* outbuff, const u8* inbuff, size_t size, int keyId)

328
{

329
  AES_ctx aesKey;

330
  const u8* key = kirk_4_7_get_key(keyId);

331
  AES_set_key(&aesKey, key, 128);

332
  AES_cbc_encrypt(&aesKey, inbuff, outbuff, (int)size);

333
}

334


335
int kirk_CMD7(KirkState *kirk, u8* outbuff, const u8* inbuff, int size)

336
{

337
  KIRK_AES128CBC_HEADER *header = (KIRK_AES128CBC_HEADER*)inbuff;

338
  const u8* key;

339
  AES_ctx aesKey;

340
  

341
  if(kirk->is_kirk_initialized == 0) return KIRK_NOT_INITIALIZED;

342
  if(header->mode != KIRK_MODE_DECRYPT_CBC) return KIRK_INVALID_MODE;

343
  if(header->data_size == 0) return KIRK_DATA_SIZE_ZERO;

344
  

345
  key = kirk_4_7_get_key(header->keyseed);

346
  if(key == (u8*)KIRK_INVALID_SIZE) return KIRK_INVALID_SIZE;

347
  

348
  //Set the key

349
  AES_set_key(&aesKey, key, 128);

350
  AES_cbc_decrypt(&aesKey, inbuff+sizeof(KIRK_AES128CBC_HEADER), outbuff, header->data_size);

351
  

352
  return KIRK_OPERATION_SUCCESS;

353
}

354


355
void kirk7(u8* outbuff, const u8* inbuff, size_t size, int keyId)

356
{

357
  AES_ctx aesKey;

358
  const u8* key = kirk_4_7_get_key(keyId);

359
  AES_set_key(&aesKey, key, 128);

360
  AES_cbc_decrypt(&aesKey, inbuff, outbuff, (int)size);

361
}

362


363
// This one works in-place.

364
int kirk_CMD10(KirkState *kirk, u8* inbuff, int insize)

365
{

366
  KIRK_CMD1_HEADER* header = (KIRK_CMD1_HEADER*)inbuff;

367
  header_keys keys; //0-15 AES key, 16-31 CMAC key

368
  u8 cmac_header_hash[16];

369
  u8 cmac_data_hash[16];

370
  AES_ctx cmac_key;

371
  int chk_size;

372
  

373
  if(kirk->is_kirk_initialized == 0) return KIRK_NOT_INITIALIZED;

374
  if(!(header->mode == KIRK_MODE_CMD1 || header->mode == KIRK_MODE_CMD2 || header->mode == KIRK_MODE_CMD3)) return KIRK_INVALID_MODE;

375
  if(header->data_size == 0) return KIRK_DATA_SIZE_ZERO;

376
  

377
  if(header->mode == KIRK_MODE_CMD1)

378
  {

379
    AES_cbc_decrypt(&kirk->aes_kirk1, inbuff, (u8*)&keys, 32); //decrypt AES & CMAC key to temp buffer

380
    AES_set_key(&cmac_key, keys.CMAC, 128);

381
    AES_CMAC(&cmac_key, inbuff+0x60, 0x30, cmac_header_hash);

382
  

383
    //Make sure data is 16 aligned

384
    chk_size = header->data_size;

385
    if(chk_size % 16) chk_size += 16 - (chk_size % 16);

386
    AES_CMAC(&cmac_key, inbuff+0x60, 0x30 + chk_size + header->data_offset, cmac_data_hash);

387
  

388
    if(memcmp(cmac_header_hash, header->CMAC_header_hash, 16) != 0) return KIRK_HEADER_HASH_INVALID;

389
    if(memcmp(cmac_data_hash, header->CMAC_data_hash, 16) != 0) return KIRK_DATA_HASH_INVALID;

390
  

391
    return KIRK_OPERATION_SUCCESS;

392
  }

393
  return KIRK_SIG_CHECK_INVALID; //Checks for cmd 2 & 3 not included right now

394
}

395


396
int kirk_CMD11(KirkState *kirk, u8* outbuff, const u8* inbuff, int size)

397
{

398
  KIRK_SHA1_HEADER *header = (KIRK_SHA1_HEADER *)inbuff;

399
  SHA_CTX sha;

400
  if(kirk->is_kirk_initialized == 0) return KIRK_NOT_INITIALIZED;

401
  if(header->data_size == 0 || size == 0) return KIRK_DATA_SIZE_ZERO;

402
  

403
	SHAInit(&sha);

404
	SHAUpdate(&sha, inbuff+sizeof(KIRK_SHA1_HEADER), header->data_size);

405
	SHAFinal(outbuff, &sha);

406
  return KIRK_OPERATION_SUCCESS;

407
}

408


409
// Generate an ECDSA Key pair

410
// offset 0 = private key (0x14 len)

411
// offset 0x14 = public key point (0x28 len)

412
int kirk_CMD12(KirkState *kirk, u8 *outbuff, int outsize) {

413
  u8 k[0x15];

414
  KIRK_CMD12_BUFFER * keypair = (KIRK_CMD12_BUFFER *) outbuff;

415


416
  if(outsize != 0x3C) return KIRK_INVALID_SIZE;

417
  ecdsa_set_curve(ec_p,ec_a,ec_b2,ec_N2,Gx2,Gy2);

418
  k[0] = 0;

419
  kirk_CMD14(kirk, k+1,0x14);

420
  ec_priv_to_pub(k, (u8*)keypair->public_key.x);

421
  memcpy(keypair->private_key,k+1,0x14);

422
  

423
  return KIRK_OPERATION_SUCCESS;

424
}

425


426
// Point multiplication

427
// offset 0 = mulitplication value (0x14 len)

428
// offset 0x14 = point to multiply (0x28 len)

429
int kirk_CMD13(KirkState *kirk, u8 * outbuff, int outsize,u8 * inbuff, int insize) {

430
  u8 k[0x15];

431
  KIRK_CMD13_BUFFER * pointmult = (KIRK_CMD13_BUFFER *) inbuff;

432
  k[0]=0;

433
  if(outsize != 0x28) return KIRK_INVALID_SIZE;

434
  if(insize != 0x3C) return KIRK_INVALID_SIZE;

435
  ecdsa_set_curve(ec_p,ec_a,ec_b2,ec_N2,Gx2,Gy2);

436
  ecdsa_set_pub((u8*)pointmult->public_key.x);

437
  memcpy(k+1,pointmult->multiplier,0x14);

438
  ec_pub_mult(k, outbuff);

439
  return KIRK_OPERATION_SUCCESS;

440
}

441


442
int kirk_CMD14(KirkState *kirk, u8 *outbuff, int outsize) {

443
  u8 temp[0x104];

444
  // This was added to mollify valgrind.

445
  memset(temp, 0xAA, sizeof(temp));

446


447
  KIRK_SHA1_HEADER *header = (KIRK_SHA1_HEADER *) temp;

448
  

449
  u32 curtime;

450
  //if(outsize != 0x14) return KIRK_INVALID_SIZE; // Need real error code

451
  if(outsize <=0) return KIRK_OPERATION_SUCCESS;

452
    

453
  memcpy(temp+4, kirk->PRNG_DATA,0x14);

454
  // This uses the standard C time function for portability.

455
  curtime = (u32)time(0);

456
  temp[0x18] = curtime &0xFF;

457
  temp[0x19] = (curtime>>8) &0xFF;

458
  temp[0x1A] = (curtime>>16) &0xFF;

459
  temp[0x1B] = (curtime>>24) &0xFF;

460
  memcpy(&temp[0x1C], random_data, 0x10);

461
  

462
  // WARNING: These next two lines of comments are no longer accurate since I added the memset above.

463
  // This leaves the remainder of the 0x100 bytes in temp to whatever remains on the stack 

464
  // in an uninitialized state. This should add unpredicableness to the results as well

465
  header->data_size=0x100;

466
  kirk_CMD11(kirk, kirk->PRNG_DATA, temp, 0x104);

467
  while(outsize)

468
  {

469
    int blockrem= outsize %0x14;

470
    int block = outsize /0x14;

471
    

472
    if(block)

473
    {

474
      memcpy(outbuff, kirk->PRNG_DATA, 0x14);

475
      outbuff+=0x14;

476
      outsize -= 0x14;

477
      kirk_CMD14(kirk, outbuff, outsize);

478
    } else {

479
      if(blockrem)

480
      {

481
        memcpy(outbuff, kirk->PRNG_DATA, blockrem);

482
        outsize -= blockrem;

483
      }

484
    }

485
    

486
  }

487
  return KIRK_OPERATION_SUCCESS;

488
}

489


490
void decrypt_kirk16_private(KirkState *kirk, u8 *dA_out, u8 *dA_enc)

491
{

492
  int i, k;

493
  kirk16_data keydata;

494
  u8 subkey_1[0x10], subkey_2[0x10];

495
  rijndael_ctx aes_ctx;

496


497
  keydata.fuseid[7] = kirk->g_fuse90 &0xFF;

498
  keydata.fuseid[6] = (kirk->g_fuse90>>8) &0xFF;

499
  keydata.fuseid[5] = (kirk->g_fuse90>>16) &0xFF;

500
  keydata.fuseid[4] = (kirk->g_fuse90>>24) &0xFF; 

501
  keydata.fuseid[3] = kirk->g_fuse94 &0xFF;

502
  keydata.fuseid[2] = (kirk->g_fuse94>>8) &0xFF;

503
  keydata.fuseid[1] = (kirk->g_fuse94>>16) &0xFF;

504
  keydata.fuseid[0] = (kirk->g_fuse94>>24) &0xFF;

505
 

506
  /* set encryption key */

507
  rijndael_set_key(&aes_ctx, kirk16_key, 128);

508
 

509
  /* set the subkeys */

510
  for (i = 0; i < 0x10; i++)

511
  {

512
    /* set to the fuseid */

513
    subkey_2[i] = subkey_1[i] = keydata.fuseid[i % 8];

514
  }

515
 

516
  /* do aes crypto */

517
  for (i = 0; i < 3; i++)

518
  {

519
    /* encrypt + decrypt */

520
    rijndael_encrypt(&aes_ctx, subkey_1, subkey_1);

521
    rijndael_decrypt(&aes_ctx, subkey_2, subkey_2);

522
  }

523
 

524
  /* set new key */

525
  rijndael_set_key(&aes_ctx, subkey_1, 128);

526
 

527
  /* now lets make the key mesh */

528
  for (i = 0; i < 3; i++)

529
  {

530
    /* do encryption in group of 3 */

531
    for (k = 0; k < 3; k++)

532
    {

533
      /* crypto */

534
      rijndael_encrypt(&aes_ctx, subkey_2, subkey_2);

535
    }

536
 

537
    /* copy to out block */

538
    memcpy(&keydata.mesh[i * 0x10], subkey_2, 0x10);

539
  }

540
 

541
  /* set the key to the mesh */

542
  rijndael_set_key(&aes_ctx, &keydata.mesh[0x20], 128);

543
 

544
  /* do the encryption routines for the aes key */

545
  for (i = 0; i < 2; i++)

546
  {

547
    /* encrypt the data */

548
    rijndael_encrypt(&aes_ctx, &keydata.mesh[0x10], &keydata.mesh[0x10]);

549
  }

550
 

551
  /* set the key to that mesh shit */

552
  rijndael_set_key(&aes_ctx, &keydata.mesh[0x10], 128);

553
 

554
  /* cbc decrypt the dA */

555
  AES_cbc_decrypt((AES_ctx *)&aes_ctx, dA_enc, dA_out, 0x20);

556
}

557
 

558
void encrypt_kirk16_private(KirkState *kirk, u8 *dA_out, u8 *dA_dec)

559
{

560
  int i, k;

561
  kirk16_data keydata;

562
  u8 subkey_1[0x10], subkey_2[0x10];

563
  rijndael_ctx aes_ctx;

564
 

565


566
  keydata.fuseid[7] = kirk->g_fuse90 &0xFF;

567
  keydata.fuseid[6] = (kirk->g_fuse90>>8) &0xFF;

568
  keydata.fuseid[5] = (kirk->g_fuse90>>16) &0xFF;

569
  keydata.fuseid[4] = (kirk->g_fuse90>>24) &0xFF; 

570
  keydata.fuseid[3] = kirk->g_fuse94 &0xFF;

571
  keydata.fuseid[2] = (kirk->g_fuse94>>8) &0xFF;

572
  keydata.fuseid[1] = (kirk->g_fuse94>>16) &0xFF;

573
  keydata.fuseid[0] = (kirk->g_fuse94>>24) &0xFF;

574
  /* set encryption key */

575
  rijndael_set_key(&aes_ctx, kirk16_key, 128);

576
 

577
  /* set the subkeys */

578
  for (i = 0; i < 0x10; i++)

579
  {

580
    /* set to the fuseid */

581
    subkey_2[i] = subkey_1[i] = keydata.fuseid[i % 8];

582
  }

583
 

584
  /* do aes crypto */

585
  for (i = 0; i < 3; i++)

586
  {

587
    /* encrypt + decrypt */

588
    rijndael_encrypt(&aes_ctx, subkey_1, subkey_1);

589
    rijndael_decrypt(&aes_ctx, subkey_2, subkey_2);

590
  }

591
 

592
  /* set new key */

593
  rijndael_set_key(&aes_ctx, subkey_1, 128);

594
 

595
  /* now lets make the key mesh */

596
  for (i = 0; i < 3; i++)

597
  {

598
    /* do encryption in group of 3 */

599
    for (k = 0; k < 3; k++)

600
    {

601
      /* crypto */

602
      rijndael_encrypt(&aes_ctx, subkey_2, subkey_2);

603
    }

604
 

605
    /* copy to out block */

606
    memcpy(&keydata.mesh[i * 0x10], subkey_2, 0x10);

607
  }

608
 

609
  /* set the key to the mesh */

610
  rijndael_set_key(&aes_ctx, &keydata.mesh[0x20], 128);

611
 

612
  /* do the encryption routines for the aes key */

613
  for (i = 0; i < 2; i++)

614
  {

615
    /* encrypt the data */

616
    rijndael_encrypt(&aes_ctx, &keydata.mesh[0x10], &keydata.mesh[0x10]);

617
  }

618
 

619
  /* set the key to that mesh shit */

620
  rijndael_set_key(&aes_ctx, &keydata.mesh[0x10], 128);

621
 

622
  /* cbc encrypt the dA */

623
  AES_cbc_encrypt((AES_ctx *)&aes_ctx, dA_dec, dA_out, 0x20);

624
}

625


626
int kirk_CMD16(KirkState *kirk, u8 * outbuff, int outsize, u8 * inbuff, int insize) {

627
	u8 dec_private[0x20];

628
	KIRK_CMD16_BUFFER * signbuf = (KIRK_CMD16_BUFFER *) inbuff;

629
	ECDSA_SIG * sig = (ECDSA_SIG *) outbuff;

630
	if(insize != 0x34) return KIRK_INVALID_SIZE;

631
	if(outsize != 0x28) return KIRK_INVALID_SIZE;

632
	decrypt_kirk16_private(kirk, dec_private,signbuf->enc_private);

633
	// Clear out the padding for safety

634
	memset(&dec_private[0x14], 0, 0xC);

635
	ecdsa_set_curve(ec_p,ec_a,ec_b2,ec_N2,Gx2,Gy2);

636
	ecdsa_set_priv(dec_private);

637
	ecdsa_sign(kirk, signbuf->message_hash,sig->r, sig->s);

638
  return KIRK_OPERATION_SUCCESS;

639
}

640


641
// ECDSA Verify

642
// inbuff structure:

643
// 00 = public key (0x28 length)

644
// 28 = message hash (0x14 length)

645
// 3C = signature R (0x14 length)

646
// 50 = signature S (0x14 length)

647
int kirk_CMD17(KirkState *kirk, const u8 * inbuff, int insize) {

648
	KIRK_CMD17_BUFFER * sig = (KIRK_CMD17_BUFFER *) inbuff;

649
  if(insize != 0x64) return KIRK_INVALID_SIZE;

650
  ecdsa_set_curve(ec_p,ec_a,ec_b2,ec_N2,Gx2,Gy2);

651
  ecdsa_set_pub(sig->public_key.x);

652
  // ecdsa_verify(u8 *hash, u8 *R, u8 *S)

653
  if(ecdsa_verify(sig->message_hash,sig->signature.r,sig->signature.s)) {

654
    return KIRK_OPERATION_SUCCESS;

655
  } else {

656
    return KIRK_SIG_CHECK_INVALID;

657
  }

658
}

659


660
int kirk_init(KirkState *kirk)

661
{

662
  return kirk_init2(kirk, (u8*)"Lazy Dev should have initialized!",33,0xBABEF00D, 0xDEADBEEF );

663
}

664


665
int kirk_init2(KirkState *kirk, u8 * rnd_seed, u32 seed_size, u32 fuseid_90, u32 fuseid_94) {

666
  u8 temp[0x104];

667
  memset(temp, 0xAA, sizeof(temp));

668
  

669
  KIRK_SHA1_HEADER *header = (KIRK_SHA1_HEADER *) temp;

670
  u32 curtime;

671


672
  //Set PRNG_DATA initially, otherwise use what ever uninitialized data is in the buffer

673
  if(seed_size > 0) {

674
    u8 * seedbuf;

675
    KIRK_SHA1_HEADER *seedheader;

676
    seedbuf=(u8*)malloc(seed_size+4);

677
    memset(seedbuf, 0, seed_size+4);

678
    seedheader = (KIRK_SHA1_HEADER *) seedbuf;

679
    seedheader->data_size = seed_size;

680
    kirk_CMD11(kirk, kirk->PRNG_DATA, seedbuf, seed_size+4);    

681
    free(seedbuf);

682
  }

683
  memcpy(temp+4, kirk->PRNG_DATA,0x14);

684
  // This uses the standard C time function for portability.

685
  curtime=(u32)time(0);

686
  temp[0x18] = curtime &0xFF;

687
  temp[0x19] = (curtime>>8) &0xFF;

688
  temp[0x1A] = (curtime>>16) &0xFF;

689
  temp[0x1B] = (curtime>>24) &0xFF;

690
  memcpy(&temp[0x1C], random_key, 0x10);

691
  //This leaves the remainder of the 0x100 bytes in temp to whatever remains on the stack 

692
  // in an uninitialized state. This should add unpredicableness to the results as well

693
  header->data_size=0x100;

694
  kirk_CMD11(kirk, kirk->PRNG_DATA, temp, 0x104);

695
  

696
  //Set Fuse ID

697
  kirk->g_fuse90=fuseid_90;

698
  kirk->g_fuse94=fuseid_94;

699
  

700
  //Set KIRK1 main key

701
  AES_set_key(&kirk->aes_kirk1, kirk1_key, 128);

702


703
  kirk->is_kirk_initialized = 1;

704
  return 0;

705
}

706


707
const u8* kirk_4_7_get_key(int key_type){

708
	if((key_type < 0) || (key_type >=0x80)) return (const u8*)KIRK_INVALID_SIZE;

709
	return keyvault[key_type];

710
}

711


712
int kirk_CMD1_ex(KirkState *kirk, u8* outbuff, u8* inbuff, int size, KIRK_CMD1_HEADER* header)

713
{

714
  u8* buffer = (u8*)malloc(size);

715
  int ret;

716
  

717
  memcpy(buffer, header, sizeof(KIRK_CMD1_HEADER));

718
  memcpy(buffer+sizeof(KIRK_CMD1_HEADER), inbuff, header->data_size);

719
  

720
  ret = kirk_CMD1(kirk, outbuff, buffer, size);

721
  free(buffer);

722
  return ret;

723
}

724


725
int kirk_sceUtilsBufferCopyWithRange(KirkState *kirk, u8* outbuff, int outsize, u8* inbuff, int insize, int cmd)

726
{

727
  // TODO: propagate const-correctness into all these functions.

728
  switch(cmd)

729
  {

730
    case KIRK_CMD_DECRYPT_PRIVATE: return kirk_CMD1(kirk, outbuff, inbuff, insize); break;  // NOTE: I think this actually trashes inbuff

731
    case KIRK_CMD_ENCRYPT_IV_0: return kirk_CMD4(kirk, outbuff, inbuff, insize); break;

732
    case KIRK_CMD_DECRYPT_IV_0: return kirk_CMD7(kirk, outbuff, inbuff, insize); break;

733
    case KIRK_CMD_PRIV_SIGN_CHECK: return kirk_CMD10(kirk, inbuff, insize); break;

734
    case KIRK_CMD_SHA1_HASH: return kirk_CMD11(kirk, outbuff, inbuff, insize); break;

735
    case KIRK_CMD_ECDSA_GEN_KEYS: return kirk_CMD12(kirk, outbuff, outsize); break;

736
    case KIRK_CMD_ECDSA_MULTIPLY_POINT: return kirk_CMD13(kirk, outbuff, outsize, inbuff, insize); break;

737
    case KIRK_CMD_PRNG: return kirk_CMD14(kirk, outbuff, outsize); break;

738
    case KIRK_CMD_ECDSA_SIGN: return kirk_CMD16(kirk, outbuff, outsize, inbuff, insize); break;

739
    case KIRK_CMD_ECDSA_VERIFY: return kirk_CMD17(kirk, inbuff, insize); break;

740
  }

741
  return -1;

742
}

743


744