├── input ├── idps_hex │ └── .gitignore ├── pkgs │ └── .gitignore ├── raps │ └── .gitignore └── act_dat │ └── .gitignore ├── output ├── pkgs │ └── .gitignore └── temp │ └── .gitignore ├── source ├── pre-compiled │ ├── linux │ │ └── .gitignore │ └── windows │ │ ├── cygwin1.dll │ │ └── ps3xploit_rifgen_edatresign.exe ├── tools │ ├── ps3py_exe │ │ └── pkg_exdata.exe │ └── ps3py │ │ ├── setup.py │ │ ├── LICENSE │ │ ├── crypt.c │ │ └── pkg.py └── src │ ├── aes_omac.h │ ├── pkg2zip_aes.h │ ├── pkg2zip_aes_x86.h │ ├── aes_omac.cpp │ ├── types.h │ ├── util.h │ ├── Makefile │ ├── Makefile_macOS │ ├── pkg2zip_utils.h │ ├── sha1.h │ ├── aes.h │ ├── pkg2zip_aes_x86.c │ ├── util.cpp │ ├── sha1.c │ ├── pkg2zip_aes.c │ └── aes.c ├── .gitignore ├── README.md ├── resign_windows.bat ├── resign_mac.sh ├── resign_linux.sh └── LICENSE /input/idps_hex/.gitignore: -------------------------------------------------------------------------------- 1 | idps.hex 2 | -------------------------------------------------------------------------------- /input/pkgs/.gitignore: -------------------------------------------------------------------------------- 1 | *.pkg 2 | *.PKG 3 | -------------------------------------------------------------------------------- /input/raps/.gitignore: -------------------------------------------------------------------------------- 1 | *.rap 2 | *.RAP 3 | -------------------------------------------------------------------------------- /output/pkgs/.gitignore: -------------------------------------------------------------------------------- 1 | *.pkg 2 | *.PKG 3 | -------------------------------------------------------------------------------- /output/temp/.gitignore: -------------------------------------------------------------------------------- 1 | *.rif 2 | *.RIF 3 | -------------------------------------------------------------------------------- /input/act_dat/.gitignore: -------------------------------------------------------------------------------- 1 | act.dat 2 | signed_act.dat 3 | -------------------------------------------------------------------------------- /source/pre-compiled/linux/.gitignore: -------------------------------------------------------------------------------- 1 | ps3xploit_rifgen_edatresign 2 | -------------------------------------------------------------------------------- /source/tools/ps3py_exe/pkg_exdata.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PS3Xploit/PS3xploit-resigner/HEAD/source/tools/ps3py_exe/pkg_exdata.exe -------------------------------------------------------------------------------- /source/pre-compiled/windows/cygwin1.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PS3Xploit/PS3xploit-resigner/HEAD/source/pre-compiled/windows/cygwin1.dll -------------------------------------------------------------------------------- /source/pre-compiled/windows/ps3xploit_rifgen_edatresign.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PS3Xploit/PS3xploit-resigner/HEAD/source/pre-compiled/windows/ps3xploit_rifgen_edatresign.exe -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.d 2 | *.o 3 | *.patch 4 | *.pkg 5 | *.PKG 6 | *.rap 7 | *.RAP 8 | *.rif 9 | *.RIF 10 | *.so 11 | act.dat 12 | idps.hex 13 | ps3xploit_rifgen_edatresign 14 | signed_act.dat 15 | -------------------------------------------------------------------------------- /source/src/aes_omac.h: -------------------------------------------------------------------------------- 1 | #ifndef _AES_OMAC_H_ 2 | #define _AES_OMAC_H_ 3 | 4 | #include "types.h" 5 | 6 | #define AES_OMAC1_DIGEST_SIZE 0x10 7 | 8 | void aes_omac1(u8 *digest, u8 *input, u32 length, u8 *key, u32 keybits); 9 | 10 | #endif 11 | -------------------------------------------------------------------------------- /source/tools/ps3py/setup.py: -------------------------------------------------------------------------------- 1 | from distutils.core import setup, Extension 2 | 3 | module1 = Extension('pkgcrypt', sources = ['crypt.c']) 4 | 5 | setup (name = 'pkgcrypt', 6 | version = '1.0', 7 | description = 'C implementation of the crypt function from pkg.py', 8 | ext_modules = [module1]) 9 | -------------------------------------------------------------------------------- /source/src/pkg2zip_aes.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "pkg2zip_utils.h" 4 | 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #endif 8 | 9 | 10 | typedef struct aes128_key { 11 | uint32_t PKG_ALIGN(16) key[44]; 12 | } aes128_key; 13 | 14 | void aes128_init(aes128_key* ctx, const uint8_t* key); 15 | void aes128_init_dec(aes128_key* ctx, const uint8_t* key); 16 | 17 | void aes128_ecb_encrypt(const aes128_key* ctx, const uint8_t* input, uint8_t* output); 18 | void aes128_ecb_decrypt(const aes128_key* ctx, const uint8_t* input, uint8_t* output); 19 | 20 | void aes128_ctr_xor(const aes128_key* ctx, const uint8_t* iv, uint64_t block, uint8_t* buffer, size_t size); 21 | 22 | void aes128_cmac(const uint8_t* key, const uint8_t* buffer, uint32_t size, uint8_t* mac); 23 | 24 | void aes128_psp_decrypt(const aes128_key* ctx, const uint8_t* iv, uint32_t index, uint8_t* buffer, uint32_t size); 25 | int aes128_supported_x86(); 26 | 27 | #ifdef __cplusplus 28 | } 29 | #endif 30 | -------------------------------------------------------------------------------- /source/src/pkg2zip_aes_x86.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #ifdef __cplusplus 4 | extern "C" { 5 | #endif 6 | 7 | 8 | void aes128_init_x86(aes128_key* context, const uint8_t* key); 9 | void aes128_init_dec_x86(aes128_key* context, const uint8_t* key); 10 | void aes128_ecb_encrypt_x86(const aes128_key* context, const uint8_t* input, uint8_t* output); 11 | void aes128_ecb_decrypt_x86(const aes128_key* context, const uint8_t* input, uint8_t* output); 12 | void aes128_ctr_xor_x86(const aes128_key* context, const uint8_t* iv, uint8_t* buffer, size_t size); 13 | void aes128_cmac_process_x86(const aes128_key* ctx, uint8_t* block, const uint8_t *buffer, uint32_t size); 14 | void aes128_psp_decrypt_x86(const aes128_key* ctx, const uint8_t* prev, const uint8_t* block, uint8_t* buffer, uint32_t size); 15 | 16 | void region_xor_sse( unsigned char* dst, unsigned char* src, int block_size); 17 | void xor1_sse(unsigned char *dest, unsigned char *src1, unsigned char *src2, int size); 18 | 19 | #ifdef __cplusplus 20 | } 21 | #endif 22 | -------------------------------------------------------------------------------- /source/tools/ps3py/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2011 PSL1GHT Development Team 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in 11 | all copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 19 | THE SOFTWARE. 20 | -------------------------------------------------------------------------------- /source/src/aes_omac.cpp: -------------------------------------------------------------------------------- 1 | #include "types.h" 2 | #include "aes.h" 3 | 4 | void _gf_mul(unsigned char *pad) 5 | { 6 | unsigned int i; 7 | unsigned cxor = (pad[0] & 0x80) ? 0x87 : 0; 8 | 9 | for(i = 0; i < 15; i++) 10 | pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7); 11 | pad[15] = (pad[15] << 1) ^ cxor; 12 | } 13 | 14 | void aes_omac1(u8 *digest, u8 *input, u32 length, u8 *key, u32 keybits) 15 | { 16 | u32 i, j; 17 | u32 overflow; 18 | aes_context ctxt; 19 | unsigned char buffer1[16], buffer2[16], dbuf[16]; 20 | 21 | memset(buffer1, 0, 16); 22 | 23 | aes_setkey_enc(&ctxt, key, keybits); 24 | 25 | aes_crypt_ecb(&ctxt, AES_ENCRYPT, buffer1, buffer2); 26 | _gf_mul(buffer2); 27 | 28 | if(length > 16) 29 | { 30 | for(i = 0; i < length - 16; i += 16) 31 | { 32 | for(j = 0; j < 16; j++) 33 | dbuf[j] = buffer1[j] ^ input[i + j]; 34 | aes_crypt_ecb(&ctxt, AES_ENCRYPT, dbuf, buffer1); 35 | } 36 | } 37 | 38 | overflow = length & 0xf; 39 | if(length % 16 == 0) 40 | overflow = 16; 41 | 42 | memset(dbuf, 0, 16); 43 | memcpy(dbuf, &(input[i]), overflow); 44 | 45 | if(overflow != 16) 46 | { 47 | dbuf[overflow] = 0x80; 48 | _gf_mul(buffer2); 49 | } 50 | 51 | for(i = 0; i < 16; i++) 52 | dbuf[i] ^= buffer1[i] ^ buffer2[i]; 53 | 54 | aes_crypt_ecb(&ctxt, AES_ENCRYPT, dbuf, digest); 55 | } 56 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # PS3xploit-resigner 2 | 3 | --- 4 | 5 | ### About it: 6 | 7 | A tool to resign PSX/PS2/PS3/PSP content for use with PS3 et'HAN'ol 8 | 9 | PKG files are resigned converting from DEBUG to HAN style 10 | 11 | --- 12 | 13 | ### Notes 14 | 15 | Separate resigning for .ENC/.EDAT/CONFIG is also supported by `ps3xploit_rifgen_edatresign.exe`/`ps3xploit_rifgen_edatresign` 16 | 17 | Pre-compiled binary for Windows is found on `source/pre-compiled/windows/ps3xploit_rifgen_edatresign.exe` 18 | 19 | Linux package need build from source `cd source/src; make` output is `source/src/ps3xploit_rifgen_edatresign` 20 | 21 | --- 22 | 23 | ### Thanks to: 24 | 25 | - ***#PS3XploitTeam** for PS3Xploit-Resign* 26 | - ***#PSL1GHTDevelopmentTeam** for pkg.py* 27 | - ***@CaptainCPS-X** for original script to build a pkg* 28 | - ***@aldostools** for PS3 Tools Collection (Specially PKG Creation)* 29 | - ***@Hexcsl** for original compile rifgen and stuff* 30 | 31 | --- 32 | 33 | ### Usage: 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 |
To Resign
Input FilesPlace onOuput
RAP to RIF
act.datinput/act_dat/output/pkgs/PKG_RIF-INSTALLER.pkg_signed.pkg
idps.hexinput/idps_hex/
.rapinput/raps/
PKG
.pkginput/pkgs/output/pkgs/
66 | 67 | --- 68 | 69 | ### Run: 70 | 71 | *'resign_windows.bat' for Windows OR 'resign_linux.sh' for Linux* 72 | -------------------------------------------------------------------------------- /source/src/types.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2011-2013 by naehrwert 3 | * This file is released under the GPLv2. 4 | */ 5 | 6 | #pragma once 7 | 8 | #ifdef __cplusplus 9 | extern "C" { 10 | #endif 11 | 12 | typedef char s8; 13 | typedef unsigned char u8; 14 | typedef short s16; 15 | typedef unsigned short u16; 16 | typedef int s32; 17 | typedef unsigned int u32; 18 | #if defined(_WIN32) && defined(_MSC_VER) 19 | typedef __int64 s64; 20 | typedef unsigned __int64 u64; 21 | #else 22 | typedef long long int s64; 23 | typedef unsigned long long int u64; 24 | #endif 25 | 26 | #define BOOL int 27 | #define TRUE 1 28 | #define FALSE 0 29 | 30 | //Align. 31 | #define ALIGN(x, a) (((x) + (a) - 1) & ~((a) - 1)) 32 | 33 | //Bits <-> bytes conversion. 34 | #define BITS2BYTES(x) ((x) / 8) 35 | #define BYTES2BITS(x) ((x) * 8) 36 | 37 | //Endian swap for u16. 38 | #define _ES16(val) \ 39 | ((u16)(((((u16)val) & 0xff00) >> 8) | \ 40 | ((((u16)val) & 0x00ff) << 8))) 41 | 42 | //Endian swap for u32. 43 | #define _ES32(val) \ 44 | ((u32)(((((u32)val) & 0xff000000) >> 24) | \ 45 | ((((u32)val) & 0x00ff0000) >> 8 ) | \ 46 | ((((u32)val) & 0x0000ff00) << 8 ) | \ 47 | ((((u32)val) & 0x000000ff) << 24))) 48 | 49 | //Endian swap for u64. 50 | #define _ES64(val) \ 51 | ((u64)(((((u64)val) & 0xff00000000000000ull) >> 56) | \ 52 | ((((u64)val) & 0x00ff000000000000ull) >> 40) | \ 53 | ((((u64)val) & 0x0000ff0000000000ull) >> 24) | \ 54 | ((((u64)val) & 0x000000ff00000000ull) >> 8 ) | \ 55 | ((((u64)val) & 0x00000000ff000000ull) << 8 ) | \ 56 | ((((u64)val) & 0x0000000000ff0000ull) << 24) | \ 57 | ((((u64)val) & 0x000000000000ff00ull) << 40) | \ 58 | ((((u64)val) & 0x00000000000000ffull) << 56))) 59 | 60 | #ifdef __cplusplus 61 | } 62 | #endif 63 | 64 | -------------------------------------------------------------------------------- /source/src/util.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2011-2013 by naehrwert 3 | * This file is released under the GPLv2. 4 | */ 5 | 6 | #ifndef _UTIL_H_ 7 | #define _UTIL_H_ 8 | 9 | #include 10 | 11 | #include "types.h" 12 | #include "sha1.h" 13 | #include 14 | 15 | /*! Verbose. */ 16 | extern BOOL _verbose; 17 | #define _LOG_VERBOSE(...) _IF_VERBOSE(printf("[*] " __VA_ARGS__)) 18 | #define _IF_VERBOSE(code) \ 19 | do \ 20 | { \ 21 | if(_verbose == TRUE) \ 22 | { \ 23 | code; \ 24 | } \ 25 | } while(0) 26 | 27 | /*! Raw. */ 28 | extern BOOL _raw; 29 | #define _PRINT_RAW(fp, ...) _IF_RAW(fprintf(fp, __VA_ARGS__)) 30 | #define _IF_RAW(code) \ 31 | do \ 32 | { \ 33 | if(_raw == TRUE) \ 34 | { \ 35 | code; \ 36 | } \ 37 | } while(0) 38 | 39 | /*! ID to name entry. */ 40 | typedef struct _id_to_name 41 | { 42 | u64 id; 43 | const s8 *name; 44 | } id_to_name_t; 45 | 46 | /*! Utility functions. */ 47 | u8 *_read_buffer(const s8 *file, u32 *length); 48 | int _write_buffer(const s8 *file, u8 *buffer, u32 length); 49 | // Crypto functions (AES128-CBC, AES128-ECB, SHA1-HMAC and AES-CMAC). 50 | void aescbc128_decrypt(unsigned char *key, unsigned char *iv, unsigned char *in, unsigned char *out, int len); 51 | void aescbc128_encrypt(unsigned char *key, unsigned char *iv, unsigned char *in, unsigned char *out, int len); 52 | void aesecb128_encrypt(unsigned char *key, unsigned char *in, unsigned char *out); 53 | void get_rif_key(unsigned char* rap, unsigned char* rif); 54 | int aes128ctr(u8 *key, u8 *iv, u8 *in, u64 len, u8 *out); 55 | int aes128ctrxor(u8 *key, u8 *iv, u8 *in, u64 len, u8 *out,size_t len_start_from); 56 | 57 | bool hmac_hash_compare(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash, int hash_len); 58 | 59 | void hmac_hash_forge(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash); 60 | 61 | bool cmac_hash_compare(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash, int hash_len); 62 | 63 | void cmac_hash_forge(unsigned char *key, int key_len, unsigned char *in, uint64_t in_len, unsigned char *hash); 64 | 65 | short se16(short i); 66 | 67 | int se32(int i); 68 | 69 | u64 se64(u64 i); 70 | 71 | void xor1(unsigned char *dest, unsigned char *src1, unsigned char *src2, int size); 72 | 73 | void prng(unsigned char *dest, int size); 74 | 75 | 76 | // Hex string conversion auxiliary functions. 77 | 78 | u64 hex_to_u64(const char* hex_str); 79 | 80 | void hex_to_bytes(unsigned char *data, const char *hex_str, unsigned int str_length); 81 | 82 | bool is_hex(const char* hex_str, unsigned int str_length); 83 | 84 | #endif 85 | -------------------------------------------------------------------------------- /source/src/Makefile: -------------------------------------------------------------------------------- 1 | CC=g++ 2 | CFLAGS=-pipe -fvisibility=hidden -D_GNU_SOURCE -O3 -static -D_FILE_OFFSET_BITS=64 3 | OS_TARGET=ps3xploit_rifgen_edatresign 4 | LDFLAGS=-lcrypto -lssl 5 | OBJS=aes.o aes_omac.o main.o sha1.o util.o pkg2zip_aes.o pkg2zip_aes_x86.o 6 | .SILENT: 7 | .SUFFIXES: .c .cpp .o 8 | 9 | $(OS_TARGET): $(OBJS) 10 | ${LINK} 11 | if $(CC) $(CFLAGS) $(OBJS) -o $(OS_TARGET) $(LDFLAGS) $(LIBS); then \ 12 | ${LINK_OK}; \ 13 | else \ 14 | ${LINK_FAILED}; \ 15 | fi 16 | 17 | 18 | %aes_x86.o: %aes_x86.c 19 | @echo [C] $< 20 | gcc ${CFLAGS} -std=c99 -maes -mssse3 -MMD -c -o $@ $< 21 | 22 | %main.o: %main.cpp 23 | @echo [C] $< 24 | $(CC) ${CFLAGS} -std=c99 -c main.cpp 25 | 26 | 27 | %.o: %.c 28 | ${COMPILE_STATUS} 29 | if ${CC} ${CFLAGS} ${CFLAGS} -c -o $@ $<; then \ 30 | ${COMPILE_OK}; \ 31 | else \ 32 | ${COMPILE_FAILED}; \ 33 | fi 34 | 35 | %.o: %.cpp 36 | ${COMPILE_STATUS} 37 | if ${CC} ${CFLAGS} ${CFLAGS} -c -o $@ $<; then \ 38 | ${COMPILE_OK}; \ 39 | else \ 40 | ${COMPILE_FAILED}; \ 41 | fi 42 | 43 | clean: 44 | @printf "\033[K\033[0;32mCleaning\033[1;32m\033[0;32m...\033[0m\n" 45 | rm -rf *.o *.d $(OS_TARGET) 46 | 47 | install: 48 | @printf "\033[K\033[0;32mInstalling\033[1;32m\033[0;32m...\033[0m\n" 49 | install -m755 $(OS_TARGET) $(BINDIR) 50 | 51 | DIR_ENTER = printf "\033[K\033[0;36mEntering directory \033[1;36m$$i\033[0;36m.\033[0m\n"; cd $$i || exit 1 52 | DIR_LEAVE = printf "\033[K\033[0;36mLeaving directory \033[1;36m$$i\033[0;36m.\033[0m\n"; cd .. || exit 1 53 | DEPEND_STATUS = printf "\033[K\033[0;33mGenerating dependencies...\033[0m\r" 54 | DEPEND_OK = printf "\033[K\033[0;32mSuccessfully generated dependencies.\033[0m\n" 55 | DEPEND_FAILED = printf "\033[K\033[0;31mFailed to generate dependencies!\033[0m\n"; exit 1 56 | COMPILE_STATUS = printf "\033[K\033[0;33mCompiling \033[1;33m$<\033[0;33m...\033[0m\r" 57 | COMPILE_OK = printf "\033[K\033[0;32mSuccessfully compiled \033[1;32m$<\033[0;32m.\033[0m\n" 58 | COMPILE_FAILED = printf "\033[K\033[0;31mFailed to compile \033[1;31m$<\033[0;31m!\033[0m\n"; exit 1 59 | LINK_STATUS = printf "\033[K\033[0;33mLinking \033[1;33m$@\033[0;33m...\033[0m\r" 60 | LINK_OK = printf "\033[K\033[0;32mSuccessfully linked \033[1;32m$@\033[0;32m.\033[0m\n" 61 | LINK_FAILED = printf "\033[K\033[0;31mFailed to link \033[1;31m$@\033[0;31m!\033[0m\n"; exit 1 62 | INSTALL_STATUS = printf "\033[K\033[0;33mInstalling \033[1;33m$$i\033[0;33m...\033[0m\r" 63 | INSTALL_OK = printf "\033[K\033[0;32mSuccessfully installed \033[1;32m$$i\033[0;32m.\033[0m\n" 64 | INSTALL_FAILED = printf "\033[K\033[0;31mFailed to install \033[1;31m$$i\033[0;31m!\033[0m\n"; exit 1 65 | DELETE_OK = printf "\033[K\033[0;34mDeleted \033[1;34m$$i\033[0;34m.\033[0m\n" 66 | DELETE_FAILED = printf "\033[K\033[0;31mFailed to delete \033[1;31m$$i\033[0;31m!\033[0m\n"; exit 1 67 | 68 | -------------------------------------------------------------------------------- /source/src/Makefile_macOS: -------------------------------------------------------------------------------- 1 | CC=g++ 2 | CFLAGS=-pipe -fvisibility=hidden -D_GNU_SOURCE -O3 -D_FILE_OFFSET_BITS=64 -I/usr/local/opt/openssl/include #For macOS 10.13.5 3 | OS_TARGET=ps3xploit_rifgen_edatresign 4 | LDFLAGS=-lcrypto -lssl -L/usr/local/opt/openssl/lib #For macOS 10.13.5 5 | OBJS=aes.o aes_omac.o main.o sha1.o util.o pkg2zip_aes.o pkg2zip_aes_x86.o 6 | .SILENT: 7 | .SUFFIXES: .c .cpp .o 8 | 9 | $(OS_TARGET): $(OBJS) 10 | ${LINK} 11 | if $(CC) $(CFLAGS) $(OBJS) -o $(OS_TARGET) $(LDFLAGS) $(LIBS); then \ 12 | ${LINK_OK}; \ 13 | else \ 14 | ${LINK_FAILED}; \ 15 | fi 16 | 17 | 18 | %aes_x86.o: %aes_x86.c 19 | @echo [C] $< 20 | gcc ${CFLAGS} -std=c99 -maes -mssse3 -MMD -c -o $@ $< 21 | 22 | %main.o: %main.cpp 23 | @echo [C] $< 24 | $(CC) ${CFLAGS} -std=c99 -c main.cpp 25 | 26 | 27 | %.o: %.c 28 | ${COMPILE_STATUS} 29 | if ${CC} ${CFLAGS} ${CFLAGS} -c -o $@ $<; then \ 30 | ${COMPILE_OK}; \ 31 | else \ 32 | ${COMPILE_FAILED}; \ 33 | fi 34 | 35 | %.o: %.cpp 36 | ${COMPILE_STATUS} 37 | if ${CC} ${CFLAGS} ${CFLAGS} -c -o $@ $<; then \ 38 | ${COMPILE_OK}; \ 39 | else \ 40 | ${COMPILE_FAILED}; \ 41 | fi 42 | 43 | clean: 44 | @printf "\033[K\033[0;32mCleaning\033[1;32m\033[0;32m...\033[0m\n" 45 | rm -rf *.o *.d $(OS_TARGET) 46 | 47 | install: 48 | @printf "\033[K\033[0;32mInstalling\033[1;32m\033[0;32m...\033[0m\n" 49 | install -m755 $(OS_TARGET) $(BINDIR) 50 | 51 | DIR_ENTER = printf "\033[K\033[0;36mEntering directory \033[1;36m$$i\033[0;36m.\033[0m\n"; cd $$i || exit 1 52 | DIR_LEAVE = printf "\033[K\033[0;36mLeaving directory \033[1;36m$$i\033[0;36m.\033[0m\n"; cd .. || exit 1 53 | DEPEND_STATUS = printf "\033[K\033[0;33mGenerating dependencies...\033[0m\r" 54 | DEPEND_OK = printf "\033[K\033[0;32mSuccessfully generated dependencies.\033[0m\n" 55 | DEPEND_FAILED = printf "\033[K\033[0;31mFailed to generate dependencies!\033[0m\n"; exit 1 56 | COMPILE_STATUS = printf "\033[K\033[0;33mCompiling \033[1;33m$<\033[0;33m...\033[0m\r" 57 | COMPILE_OK = printf "\033[K\033[0;32mSuccessfully compiled \033[1;32m$<\033[0;32m.\033[0m\n" 58 | COMPILE_FAILED = printf "\033[K\033[0;31mFailed to compile \033[1;31m$<\033[0;31m!\033[0m\n"; exit 1 59 | LINK_STATUS = printf "\033[K\033[0;33mLinking \033[1;33m$@\033[0;33m...\033[0m\r" 60 | LINK_OK = printf "\033[K\033[0;32mSuccessfully linked \033[1;32m$@\033[0;32m.\033[0m\n" 61 | LINK_FAILED = printf "\033[K\033[0;31mFailed to link \033[1;31m$@\033[0;31m!\033[0m\n"; exit 1 62 | INSTALL_STATUS = printf "\033[K\033[0;33mInstalling \033[1;33m$$i\033[0;33m...\033[0m\r" 63 | INSTALL_OK = printf "\033[K\033[0;32mSuccessfully installed \033[1;32m$$i\033[0;32m.\033[0m\n" 64 | INSTALL_FAILED = printf "\033[K\033[0;31mFailed to install \033[1;31m$$i\033[0;31m!\033[0m\n"; exit 1 65 | DELETE_OK = printf "\033[K\033[0;34mDeleted \033[1;34m$$i\033[0;34m.\033[0m\n" 66 | DELETE_FAILED = printf "\033[K\033[0;31mFailed to delete \033[1;31m$$i\033[0;31m!\033[0m\n"; exit 1 67 | 68 | -------------------------------------------------------------------------------- /source/src/pkg2zip_utils.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | #if defined(_MSC_VER) 7 | # define NORETURN __declspec(noreturn) 8 | # define PKG_ALIGN(x) __declspec(align(x)) 9 | #else 10 | # define NORETURN __attribute__((noreturn)) 11 | # define PKG_ALIGN(x) __attribute__((aligned(x))) 12 | #endif 13 | 14 | static inline uint32_t min32(uint32_t a, uint32_t b) 15 | { 16 | return a < b ? a : b; 17 | } 18 | 19 | static inline uint64_t min64(uint64_t a, uint64_t b) 20 | { 21 | return a < b ? a : b; 22 | } 23 | 24 | static inline uint16_t get16le(const uint8_t* bytes) 25 | { 26 | return (bytes[0]) | (bytes[1] << 8); 27 | } 28 | 29 | static inline uint32_t get32le(const uint8_t* bytes) 30 | { 31 | return (bytes[0]) | (bytes[1] << 8) | (bytes[2] << 16) | (bytes[3] << 24); 32 | } 33 | 34 | static inline uint64_t get64le(const uint8_t* bytes) 35 | { 36 | return (uint64_t)bytes[0] 37 | | ((uint64_t)bytes[1] << 8) 38 | | ((uint64_t)bytes[2] << 16) 39 | | ((uint64_t)bytes[3] << 24) 40 | | ((uint64_t)bytes[4] << 32) 41 | | ((uint64_t)bytes[5] << 40) 42 | | ((uint64_t)bytes[6] << 48) 43 | | ((uint64_t)bytes[7] << 56); 44 | } 45 | 46 | static inline uint16_t get16be(const uint8_t* bytes) 47 | { 48 | return (bytes[1]) | (bytes[0] << 8); 49 | } 50 | 51 | static inline uint32_t get32be(const uint8_t* bytes) 52 | { 53 | return (bytes[3]) | (bytes[2] << 8) | (bytes[1] << 16) | (bytes[0] << 24); 54 | } 55 | 56 | static inline uint64_t get64be(const uint8_t* bytes) 57 | { 58 | return (uint64_t)bytes[7] 59 | | ((uint64_t)bytes[6] << 8) 60 | | ((uint64_t)bytes[5] << 16) 61 | | ((uint64_t)bytes[4] << 24) 62 | | ((uint64_t)bytes[3] << 32) 63 | | ((uint64_t)bytes[2] << 40) 64 | | ((uint64_t)bytes[1] << 48) 65 | | ((uint64_t)bytes[0] << 56); 66 | } 67 | 68 | static inline void set16le(uint8_t* bytes, uint16_t x) 69 | { 70 | bytes[0] = (uint8_t)x; 71 | bytes[1] = (uint8_t)(x >> 8); 72 | } 73 | 74 | static inline void set32le(uint8_t* bytes, uint32_t x) 75 | { 76 | bytes[0] = (uint8_t)x; 77 | bytes[1] = (uint8_t)(x >> 8); 78 | bytes[2] = (uint8_t)(x >> 16); 79 | bytes[3] = (uint8_t)(x >> 24); 80 | } 81 | 82 | static inline void set64le(uint8_t* bytes, uint64_t x) 83 | { 84 | bytes[0] = (uint8_t)x; 85 | bytes[1] = (uint8_t)(x >> 8); 86 | bytes[2] = (uint8_t)(x >> 16); 87 | bytes[3] = (uint8_t)(x >> 24); 88 | bytes[4] = (uint8_t)(x >> 32); 89 | bytes[5] = (uint8_t)(x >> 40); 90 | bytes[6] = (uint8_t)(x >> 48); 91 | bytes[7] = (uint8_t)(x >> 56); 92 | } 93 | 94 | static inline void set16be(uint8_t* bytes, uint16_t x) 95 | { 96 | bytes[0] = (uint8_t)(x >> 8); 97 | bytes[1] = (uint8_t)x; 98 | } 99 | 100 | static inline void set32be(uint8_t* bytes, uint32_t x) 101 | { 102 | bytes[0] = (uint8_t)(x >> 24); 103 | bytes[1] = (uint8_t)(x >> 16); 104 | bytes[2] = (uint8_t)(x >> 8); 105 | bytes[3] = (uint8_t)x; 106 | } 107 | 108 | static inline void set64be(uint8_t* bytes, uint64_t x) 109 | { 110 | bytes[0] = (uint8_t)(x >> 56); 111 | bytes[1] = (uint8_t)(x >> 48); 112 | bytes[2] = (uint8_t)(x >> 40); 113 | bytes[3] = (uint8_t)(x >> 32); 114 | bytes[4] = (uint8_t)(x >> 24); 115 | bytes[5] = (uint8_t)(x >> 16); 116 | bytes[6] = (uint8_t)(x >> 8); 117 | bytes[7] = (uint8_t)x; 118 | } 119 | -------------------------------------------------------------------------------- /source/src/sha1.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file sha1.h 3 | * 4 | * \brief SHA-1 cryptographic hash function 5 | * 6 | * Copyright (C) 2006-2010, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | #ifndef POLARSSL_SHA1_H 28 | #define POLARSSL_SHA1_H 29 | 30 | #include 31 | 32 | /** 33 | * \brief SHA-1 context structure 34 | */ 35 | typedef struct 36 | { 37 | unsigned long total[2]; /*!< number of bytes processed */ 38 | unsigned long state[5]; /*!< intermediate digest state */ 39 | unsigned char buffer[64]; /*!< data block being processed */ 40 | 41 | unsigned char ipad[64]; /*!< HMAC: inner padding */ 42 | unsigned char opad[64]; /*!< HMAC: outer padding */ 43 | } 44 | sha1_context; 45 | 46 | #ifdef __cplusplus 47 | extern "C" { 48 | #endif 49 | 50 | /** 51 | * \brief SHA-1 context setup 52 | * 53 | * \param ctx context to be initialized 54 | */ 55 | void sha1_starts( sha1_context *ctx ); 56 | 57 | /** 58 | * \brief SHA-1 process buffer 59 | * 60 | * \param ctx SHA-1 context 61 | * \param input buffer holding the data 62 | * \param ilen length of the input data 63 | */ 64 | void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen ); 65 | 66 | /** 67 | * \brief SHA-1 final digest 68 | * 69 | * \param ctx SHA-1 context 70 | * \param output SHA-1 checksum result 71 | */ 72 | void sha1_finish( sha1_context *ctx, unsigned char output[20] ); 73 | 74 | /** 75 | * \brief Output = SHA-1( input buffer ) 76 | * 77 | * \param input buffer holding the data 78 | * \param ilen length of the input data 79 | * \param output SHA-1 checksum result 80 | */ 81 | void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ); 82 | 83 | /** 84 | * \brief SHA-1 HMAC context setup 85 | * 86 | * \param ctx HMAC context to be initialized 87 | * \param key HMAC secret key 88 | * \param keylen length of the HMAC key 89 | */ 90 | void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keylen ); 91 | 92 | /** 93 | * \brief SHA-1 HMAC process buffer 94 | * 95 | * \param ctx HMAC context 96 | * \param input buffer holding the data 97 | * \param ilen length of the input data 98 | */ 99 | void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, size_t ilen ); 100 | 101 | /** 102 | * \brief SHA-1 HMAC final digest 103 | * 104 | * \param ctx HMAC context 105 | * \param output SHA-1 HMAC checksum result 106 | */ 107 | void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] ); 108 | 109 | /** 110 | * \brief SHA-1 HMAC context reset 111 | * 112 | * \param ctx HMAC context to be reset 113 | */ 114 | void sha1_hmac_reset( sha1_context *ctx ); 115 | 116 | /** 117 | * \brief Output = HMAC-SHA-1( hmac key, input buffer ) 118 | * 119 | * \param key HMAC secret key 120 | * \param keylen length of the HMAC key 121 | * \param input buffer holding the data 122 | * \param ilen length of the input data 123 | * \param output HMAC-SHA-1 result 124 | */ 125 | void sha1_hmac( const unsigned char *key, size_t keylen, 126 | const unsigned char *input, size_t ilen, 127 | unsigned char output[20] ); 128 | 129 | #ifdef __cplusplus 130 | } 131 | #endif 132 | 133 | #endif /* sha1.h */ 134 | -------------------------------------------------------------------------------- /source/tools/ps3py/crypt.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) 2011 PSL1GHT Development Team 2 | * 3 | * Permission is hereby granted, free of charge, to any person obtaining a copy 4 | * of this software and associated documentation files (the "Software"), to deal 5 | * in the Software without restriction, including without limitation the rights 6 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | * copies of the Software, and to permit persons to whom the Software is 8 | * furnished to do so, subject to the following conditions: 9 | * 10 | * The above copyright notice and this permission notice shall be included in 11 | * all copies or substantial portions of the Software. 12 | 13 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 19 | * THE SOFTWARE. 20 | */ 21 | 22 | #include 23 | 24 | static PyObject *sha1_callback = NULL; 25 | 26 | static void manipulate(uint8_t *key) 27 | { 28 | uint64_t temp = key[0x38] << 56| 29 | key[0x39] << 48| 30 | key[0x3a] << 40| 31 | key[0x3b] << 32| 32 | key[0x3c] << 24| 33 | key[0x3d] << 16| 34 | key[0x3e] << 8| 35 | key[0x3f]; 36 | temp++; 37 | key[0x38] = (temp >> 56) & 0xff; 38 | key[0x39] = (temp >> 48) & 0xff; 39 | key[0x3a] = (temp >> 40) & 0xff; 40 | key[0x3b] = (temp >> 32) & 0xff; 41 | key[0x3c] = (temp >> 24) & 0xff; 42 | key[0x3d] = (temp >> 16) & 0xff; 43 | key[0x3e] = (temp >> 8) & 0xff; 44 | key[0x3f] = (temp >> 0) & 0xff; 45 | } 46 | 47 | static PyObject* pkg_crypt(PyObject *self, PyObject *args) 48 | { 49 | uint8_t *key, *input, *ret; 50 | int key_length, input_length, length; 51 | int remaining, i, offset=0; 52 | 53 | PyObject *arglist; 54 | PyObject *result; 55 | 56 | if (!PyArg_ParseTuple(args, "s#s#i", &key, &key_length, &input, &input_length, &length)) 57 | return NULL; 58 | ret = malloc(length); 59 | remaining = length; 60 | 61 | while (remaining > 0) 62 | { 63 | int outHash_length; 64 | uint8_t *outHash; 65 | int bytes_to_dump = remaining; 66 | if (bytes_to_dump > 0x10) 67 | bytes_to_dump = 0x10; 68 | 69 | arglist = Py_BuildValue("(s#)", key, 0x40); 70 | result = PyObject_CallObject(sha1_callback, arglist); 71 | Py_DECREF(arglist); 72 | if (!result) 73 | return NULL; 74 | if (!PyArg_Parse(result, "s#", &outHash, &outHash_length)) 75 | return NULL; 76 | 77 | for(i = 0; i < bytes_to_dump; i++) 78 | { 79 | ret[offset] = outHash[i] ^ input[offset]; 80 | offset++; 81 | } 82 | Py_DECREF(result); 83 | manipulate(key); 84 | remaining -= bytes_to_dump; 85 | } 86 | 87 | /* Return the encrypted data */ 88 | PyObject *py_ret = Py_BuildValue("s#", ret, length); 89 | free(ret); 90 | return py_ret; 91 | } 92 | 93 | static PyObject *register_sha1_callback(PyObject *self, PyObject *args) 94 | { 95 | PyObject *result = NULL; 96 | PyObject *temp; 97 | 98 | if (PyArg_ParseTuple(args, "O:set_callback", &temp)) 99 | { 100 | if (!PyCallable_Check(temp)) 101 | { 102 | PyErr_SetString(PyExc_TypeError, "parameter must be callable"); 103 | return NULL; 104 | } 105 | Py_XINCREF(temp); /* Add a reference to new callback */ 106 | Py_XDECREF(sha1_callback); /* Dispose of previous callback */ 107 | sha1_callback = temp; /* Remember new callback */ 108 | /* Boilerplate to return "None" */ 109 | Py_INCREF(Py_None); 110 | result = Py_None; 111 | } 112 | return result; 113 | } 114 | 115 | static PyMethodDef cryptMethods[] = { 116 | {"pkgcrypt", pkg_crypt, METH_VARARGS, "C implementation of pkg.py's crypt function"}, 117 | {"register_sha1_callback", register_sha1_callback, METH_VARARGS, "Register a callback to python's SHA1 function, so we don't have to bother with creating our own implementation."}, 118 | {NULL, NULL, 0, NULL} 119 | }; 120 | 121 | PyMODINIT_FUNC initpkgcrypt(void) 122 | { 123 | (void) Py_InitModule("pkgcrypt", cryptMethods); 124 | } 125 | 126 | 127 | -------------------------------------------------------------------------------- /resign_windows.bat: -------------------------------------------------------------------------------- 1 | :: ------------------------------------------------------------------ 2 | :: Simple script to build a proper PKG using Python (by CaptainCPS-X) 3 | :: Adapted to PS3xploit-ReSigner (by Caio99BR) 4 | :: ------------------------------------------------------------------ 5 | :: Disable Debug output 6 | @echo off 7 | 8 | :: Save Current Working Dir 9 | set CURRENT_DIR=%cd% 10 | 11 | :: Go to current dir 12 | cd "%CURRENT_DIR%" 13 | 14 | :: Main Tools 15 | set TOOLS_PKG_EXDATA=source\tools\ps3py_exe\pkg_exdata.exe 16 | set TOOLS_RESIGNER=source\pre-compiled\windows\ps3xploit_rifgen_edatresign.exe 17 | 18 | :: Output Dirs 19 | set OUTPUT_PKGS_DIR=output\pkgs 20 | set OUTPUT_TEMP_DIR=output\temp 21 | 22 | :: Input Dirs 23 | set INPUT_PKGS_DIR=input\pkgs 24 | set INPUT_RAPS_DIR=input\raps 25 | 26 | :: Input Files 27 | set INPUT_ACT_DAT=input\act_dat\act.dat 28 | set INPUT_IDPS_HEX=input\idps_hex\idps.hex 29 | 30 | :: RIF Package ContentID and Name 31 | set RIF_PKG_CONTENTID=RIF000-INSTALLER_00-0000000000000000 32 | set RIF_PKG_NAME=PKG_RIF-INSTALLER.pkg 33 | 34 | :: Cleanup before everything 35 | if exist "%CURRENT_DIR%\%OUTPUT_PKGS_DIR%\*.pkg" ( 36 | echo. 37 | echo ps3xploit_resign: You have *.pkg files on output folder, keep in mind if you continue these files will be deleted. 38 | echo. 39 | echo ps3xploit_resign: Are you sure you want to continue? 40 | echo. 41 | pause 42 | del "%CURRENT_DIR%\%OUTPUT_PKGS_DIR%\*.pkg" 43 | 44 | ) 45 | if exist "%CURRENT_DIR%\%OUTPUT_PKGS_DIR%\%RIF_PKG_NAME%_signed.pkg" del "%CURRENT_DIR%\%OUTPUT_PKGS_DIR%\%RIF_PKG_NAME%_signed.pkg" 46 | 47 | :: Prevent missing dirs 48 | if not exist "%CURRENT_DIR%\%INPUT_PKGS_DIR%\" mkdir "%CURRENT_DIR%\%INPUT_PKGS_DIR%\" 49 | if not exist "%CURRENT_DIR%\%INPUT_RAPS_DIR%\" mkdir "%CURRENT_DIR%\%INPUT_RAPS_DIR%\" 50 | if not exist "%CURRENT_DIR%\%OUTPUT_TEMP_DIR%\" mkdir "%CURRENT_DIR%\%OUTPUT_TEMP_DIR%\" 51 | if not exist "%CURRENT_DIR%\%OUTPUT_PKGS_DIR%\" mkdir "%CURRENT_DIR%\%OUTPUT_PKGS_DIR%\" 52 | 53 | :: Check for RAP or PKG files 54 | if not exist "%CURRENT_DIR%\%INPUT_RAPS_DIR%\*.rap" ( 55 | echo. 56 | echo ps3xploit_resign: No '.rap' files found on '.\%INPUT_RAPS_DIR%\' 57 | echo. 58 | if exist "%CURRENT_DIR%\%INPUT_PKGS_DIR%\*.pkg" ( 59 | GOTO RESIGN_PKG_ONLY 60 | ) else ( 61 | echo. 62 | echo ps3xploit_resign: No '.pkg' files found on '.\%INPUT_PKGS_DIR%\' 63 | echo. 64 | pause 65 | exit /b 66 | ) 67 | ) 68 | 69 | :: Copy act.dat files 70 | if not exist "%CURRENT_DIR%\%INPUT_ACT_DAT%" ( 71 | echo. 72 | echo ps3xploit_resign: '.\%INPUT_ACT_DAT%' not found, exiting... 73 | echo. 74 | pause 75 | exit /b 76 | ) 77 | copy /Y "%CURRENT_DIR%\%INPUT_ACT_DAT%" "%CURRENT_DIR%\%OUTPUT_TEMP_DIR%\" 78 | 79 | :: Copy idps.hex files 80 | if not exist "%CURRENT_DIR%\%INPUT_IDPS_HEX%" ( 81 | echo. 82 | echo ps3xploit_resign: '.\%INPUT_IDPS_HEX%' not found, exiting... 83 | echo. 84 | pause 85 | exit /b 86 | ) 87 | copy /Y "%CURRENT_DIR%\%INPUT_IDPS_HEX%" "%CURRENT_DIR%\%OUTPUT_TEMP_DIR%\" 88 | 89 | :: Copy RAP files 90 | copy /Y "%CURRENT_DIR%\%INPUT_RAPS_DIR%\*.rap" "%CURRENT_DIR%\%OUTPUT_TEMP_DIR%\" 91 | 92 | :: Resign all RAP files to RIF files 93 | if exist "%CURRENT_DIR%\%OUTPUT_TEMP_DIR%\*.rif" del "%CURRENT_DIR%\%OUTPUT_TEMP_DIR%\*.rif" 94 | for %%I in ("%CURRENT_DIR%\%OUTPUT_TEMP_DIR%\*.rap") do ( 95 | cd "%CURRENT_DIR%\%OUTPUT_TEMP_DIR%\" 96 | echo y | "%CURRENT_DIR%\%TOOLS_RESIGNER%" "%%I" 97 | cd "%CURRENT_DIR%\" 98 | ) 99 | 100 | :: Delete unneed files on PKG RIF 101 | del "%CURRENT_DIR%\%OUTPUT_TEMP_DIR%\*.rap" 102 | del "%CURRENT_DIR%\%OUTPUT_TEMP_DIR%\act.dat" 103 | del "%CURRENT_DIR%\%OUTPUT_TEMP_DIR%\idps.hex" 104 | 105 | :: Move 'signed_act.dat' to 'act.dat' 106 | move "%CURRENT_DIR%\%OUTPUT_TEMP_DIR%\signed_act.dat" "%CURRENT_DIR%\%OUTPUT_TEMP_DIR%\act.dat" 107 | 108 | :: Build PKG RIF 109 | "%CURRENT_DIR%\%TOOLS_PKG_EXDATA%" --contentid %RIF_PKG_CONTENTID% %OUTPUT_TEMP_DIR%\ %OUTPUT_PKGS_DIR%\%RIF_PKG_NAME% 110 | 111 | :: Resign PKG RIF 112 | if not exist "%CURRENT_DIR%\%OUTPUT_PKGS_DIR%\%RIF_PKG_NAME%" ( 113 | echo. 114 | echo ps3xploit_resign: '.\%OUTPUT_PKGS_DIR%\%RIF_PKG_NAME%' not found, exiting... 115 | echo. 116 | pause 117 | exit /b 118 | ) 119 | echo y | "%CURRENT_DIR%\%TOOLS_RESIGNER%" "%CURRENT_DIR%\%OUTPUT_PKGS_DIR%\%RIF_PKG_NAME%" 120 | 121 | :: Cleanup 122 | del "%CURRENT_DIR%\%OUTPUT_TEMP_DIR%\*.rif" 123 | del "%CURRENT_DIR%\%OUTPUT_TEMP_DIR%\act.dat" 124 | del "%CURRENT_DIR%\%OUTPUT_PKGS_DIR%\%RIF_PKG_NAME%" 125 | 126 | :: Resign PKG files 127 | :RESIGN_PKG_ONLY 128 | for %%I in ("%CURRENT_DIR%\%INPUT_PKGS_DIR%\*.pkg") do ( 129 | echo y | "%CURRENT_DIR%\%TOOLS_RESIGNER%" "%%I" 130 | move "%%I_signed.pkg" "%CURRENT_DIR%\%OUTPUT_PKGS_DIR%\" 131 | ) 132 | 133 | :: Output header 134 | echo. 135 | echo ps3xploit_resign: Output files: 136 | 137 | :: See PKGS signed 138 | if exist "%CURRENT_DIR%\%OUTPUT_PKGS_DIR%\*.pkg" ( 139 | echo. 140 | echo. PKGS: 141 | for %%I in (%OUTPUT_PKGS_DIR%\*.pkg) do ( 142 | if "%%I" == "%OUTPUT_PKGS_DIR%\%RIF_PKG_NAME%_signed.pkg" ( 143 | echo. [RIF PKG] .\%%I 144 | ) else ( 145 | echo. .\%%I 146 | ) 147 | ) 148 | echo. 149 | ) 150 | 151 | :: Let user see everything 152 | pause 153 | -------------------------------------------------------------------------------- /source/src/aes.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file aes.h 3 | * 4 | * \brief AES block cipher 5 | * 6 | * Copyright (C) 2006-2010, Brainspark B.V. 7 | * 8 | * This file is part of PolarSSL (http://www.polarssl.org) 9 | * Lead Maintainer: Paul Bakker 10 | * 11 | * All rights reserved. 12 | * 13 | * This program is free software; you can redistribute it and/or modify 14 | * it under the terms of the GNU General Public License as published by 15 | * the Free Software Foundation; either version 2 of the License, or 16 | * (at your option) any later version. 17 | * 18 | * This program is distributed in the hope that it will be useful, 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 21 | * GNU General Public License for more details. 22 | * 23 | * You should have received a copy of the GNU General Public License along 24 | * with this program; if not, write to the Free Software Foundation, Inc., 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 26 | */ 27 | #ifndef POLARSSL_AES_H 28 | #define POLARSSL_AES_H 29 | 30 | #include 31 | 32 | #define AES_ENCRYPT 1 33 | #define AES_DECRYPT 0 34 | 35 | #define POLARSSL_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ 36 | #define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ 37 | 38 | /** 39 | * \brief AES context structure 40 | */ 41 | typedef struct 42 | { 43 | int nr; /*!< number of rounds */ 44 | unsigned long *rk; /*!< AES round keys */ 45 | unsigned long buf[68]; /*!< unaligned data */ 46 | } 47 | aes_context; 48 | 49 | #ifdef __cplusplus 50 | extern "C" { 51 | #endif 52 | 53 | /** 54 | * \brief AES key schedule (encryption) 55 | * 56 | * \param ctx AES context to be initialized 57 | * \param key encryption key 58 | * \param keysize must be 128, 192 or 256 59 | * 60 | * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH 61 | */ 62 | int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned int keysize ); 63 | 64 | /** 65 | * \brief AES key schedule (decryption) 66 | * 67 | * \param ctx AES context to be initialized 68 | * \param key decryption key 69 | * \param keysize must be 128, 192 or 256 70 | * 71 | * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH 72 | */ 73 | int aes_setkey_dec( aes_context *ctx, const unsigned char *key, unsigned int keysize ); 74 | 75 | /** 76 | * \brief AES-ECB block encryption/decryption 77 | * 78 | * \param ctx AES context 79 | * \param mode AES_ENCRYPT or AES_DECRYPT 80 | * \param input 16-byte input block 81 | * \param output 16-byte output block 82 | * 83 | * \return 0 if successful 84 | */ 85 | int aes_crypt_ecb( aes_context *ctx, 86 | int mode, 87 | const unsigned char input[16], 88 | unsigned char output[16] ); 89 | 90 | /** 91 | * \brief AES-CBC buffer encryption/decryption 92 | * Length should be a multiple of the block 93 | * size (16 bytes) 94 | * 95 | * \param ctx AES context 96 | * \param mode AES_ENCRYPT or AES_DECRYPT 97 | * \param length length of the input data 98 | * \param iv initialization vector (updated after use) 99 | * \param input buffer holding the input data 100 | * \param output buffer holding the output data 101 | * 102 | * \return 0 if successful, or POLARSSL_ERR_AES_INVALID_INPUT_LENGTH 103 | */ 104 | int aes_crypt_cbc( aes_context *ctx, 105 | int mode, 106 | size_t length, 107 | unsigned char iv[16], 108 | const unsigned char *input, 109 | unsigned char *output ); 110 | 111 | /* 112 | * \brief AES-CTR buffer encryption/decryption 113 | * 114 | * Warning: You have to keep the maximum use of your counter in mind! 115 | * 116 | * Note: Due to the nature of CTR you should use the same key schedule for 117 | * both encryption and decryption. So a context initialized with 118 | * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT. 119 | * 120 | * \param length The length of the data 121 | * \param nc_off The offset in the current stream_block (for resuming 122 | * within current cipher stream). The offset pointer to 123 | * should be 0 at the start of a stream. 124 | * \param nonce_counter The 128-bit nonce and counter. 125 | * \param stream_block The saved stream-block for resuming. Is overwritten 126 | * by the function. 127 | * \param input The input data stream 128 | * \param output The output data stream 129 | * 130 | * \return 0 if successful 131 | */ 132 | int aes_crypt_ctr( aes_context *ctx, 133 | size_t length, 134 | size_t *nc_off, 135 | unsigned char nonce_counter[16], 136 | unsigned char stream_block[16], 137 | const unsigned char *input, 138 | unsigned char *output ); 139 | 140 | 141 | int aes_crypt_ctr_xor( aes_context *ctx, 142 | size_t length, 143 | size_t *nc_off, 144 | unsigned char nonce_counter[16], 145 | unsigned char stream_block[16], 146 | const unsigned char *input, 147 | unsigned char *output , 148 | size_t len_start_from); 149 | 150 | 151 | 152 | #include 153 | void aes_cmac(aes_context *ctx, uint64_t length, unsigned char *input, unsigned char *output); 154 | 155 | #ifdef __cplusplus 156 | } 157 | #endif 158 | 159 | #endif /* aes.h */ 160 | -------------------------------------------------------------------------------- /source/src/pkg2zip_aes_x86.c: -------------------------------------------------------------------------------- 1 | #include "pkg2zip_aes.h" 2 | 3 | #include 4 | #include // AESNI 5 | #include // SSSE3 6 | #include "pkg2zip_aes_x86.h" 7 | 8 | #define AES128_INIT(ctx, x, rcon) \ 9 | { \ 10 | __m128i a, b; \ 11 | _mm_store_si128(ctx, x); \ 12 | a = _mm_aeskeygenassist_si128(x, rcon); \ 13 | a = _mm_shuffle_epi32(a, 0xff); \ 14 | b = _mm_slli_si128(x, 4); \ 15 | x = _mm_xor_si128(x, b); \ 16 | b = _mm_slli_si128(b, 4); \ 17 | x = _mm_xor_si128(x, b); \ 18 | b = _mm_slli_si128(b, 4); \ 19 | x = _mm_xor_si128(x, b); \ 20 | x = _mm_xor_si128(x, a); \ 21 | } 22 | 23 | /*void region_xor_sse(unsigned char* dst, unsigned char* src, int block_size) 24 | { 25 | __m128i* dst_ptr = (__m128i*)dst; 26 | 27 | __m128i xmm1 = _mm_load_si128((__m128i*)src); 28 | __m128i xmm2 = _mm_load_si128(dst_ptr); 29 | 30 | xmm2 = _mm_xor_si128(xmm1, xmm2); 31 | _mm_store_si128(dst_ptr, xmm2); 32 | }*/ 33 | 34 | void region_xor_sse(unsigned char* dst, unsigned char* src, int len) 35 | { 36 | unsigned char * restrict p1 = __builtin_assume_aligned(src, 16); 37 | unsigned char * restrict p2 = __builtin_assume_aligned(dst, 16); 38 | 39 | unsigned int i; 40 | for (i = 0; i < len; ++i) 41 | p2[i] = p1[i] ^ p2[i]; 42 | } 43 | 44 | void xor1_sse(unsigned char *dest, unsigned char *src1, unsigned char *src2, int size) 45 | { 46 | int i; 47 | for(i = 0; i < size; i++) 48 | { 49 | dest[i] = src1[i] ^ src2[i]; 50 | } 51 | } 52 | 53 | void aes128_init_x86(aes128_key* ctx, const uint8_t* key) 54 | { 55 | __m128i* ekey = (__m128i*)ctx->key; 56 | 57 | __m128i x = _mm_loadu_si128((const __m128i*)key); 58 | AES128_INIT(ekey + 0, x, 0x01); 59 | AES128_INIT(ekey + 1, x, 0x02); 60 | AES128_INIT(ekey + 2, x, 0x04); 61 | AES128_INIT(ekey + 3, x, 0x08); 62 | AES128_INIT(ekey + 4, x, 0x10); 63 | AES128_INIT(ekey + 5, x, 0x20); 64 | AES128_INIT(ekey + 6, x, 0x40); 65 | AES128_INIT(ekey + 7, x, 0x80); 66 | AES128_INIT(ekey + 8, x, 0x1b); 67 | AES128_INIT(ekey + 9, x, 0x36); 68 | _mm_store_si128(ekey + 10, x); 69 | } 70 | 71 | void aes128_init_dec_x86(aes128_key* ctx, const uint8_t* key) 72 | { 73 | aes128_key enc; 74 | aes128_init_x86(&enc, key); 75 | 76 | const __m128i* ekey = (__m128i*)&enc.key; 77 | __m128i* dkey = (__m128i*)&ctx->key; 78 | 79 | _mm_store_si128(dkey + 10, _mm_load_si128(ekey + 0)); 80 | for (size_t i = 1; i < 10; i++) 81 | { 82 | _mm_store_si128(dkey + 10 - i, _mm_aesimc_si128(_mm_load_si128(ekey + i))); 83 | } 84 | _mm_store_si128(dkey + 0, _mm_load_si128(ekey + 10)); 85 | } 86 | 87 | static __m128i aes128_encrypt_x86(__m128i input, const __m128i* key) 88 | { 89 | __m128i tmp = _mm_xor_si128(input, _mm_load_si128(key + 0)); 90 | tmp = _mm_aesenc_si128(tmp, _mm_load_si128(key + 1)); 91 | tmp = _mm_aesenc_si128(tmp, _mm_load_si128(key + 2)); 92 | tmp = _mm_aesenc_si128(tmp, _mm_load_si128(key + 3)); 93 | tmp = _mm_aesenc_si128(tmp, _mm_load_si128(key + 4)); 94 | tmp = _mm_aesenc_si128(tmp, _mm_load_si128(key + 5)); 95 | tmp = _mm_aesenc_si128(tmp, _mm_load_si128(key + 6)); 96 | tmp = _mm_aesenc_si128(tmp, _mm_load_si128(key + 7)); 97 | tmp = _mm_aesenc_si128(tmp, _mm_load_si128(key + 8)); 98 | tmp = _mm_aesenc_si128(tmp, _mm_load_si128(key + 9)); 99 | return _mm_aesenclast_si128(tmp, _mm_load_si128(key + 10)); 100 | } 101 | 102 | static __m128i aes128_decrypt_x86(__m128i input, const __m128i* key) 103 | { 104 | __m128i tmp = _mm_xor_si128(input, _mm_load_si128(key + 0)); 105 | tmp = _mm_aesdec_si128(tmp, _mm_load_si128(key + 1)); 106 | tmp = _mm_aesdec_si128(tmp, _mm_load_si128(key + 2)); 107 | tmp = _mm_aesdec_si128(tmp, _mm_load_si128(key + 3)); 108 | tmp = _mm_aesdec_si128(tmp, _mm_load_si128(key + 4)); 109 | tmp = _mm_aesdec_si128(tmp, _mm_load_si128(key + 5)); 110 | tmp = _mm_aesdec_si128(tmp, _mm_load_si128(key + 6)); 111 | tmp = _mm_aesdec_si128(tmp, _mm_load_si128(key + 7)); 112 | tmp = _mm_aesdec_si128(tmp, _mm_load_si128(key + 8)); 113 | tmp = _mm_aesdec_si128(tmp, _mm_load_si128(key + 9)); 114 | return _mm_aesdeclast_si128(tmp, _mm_load_si128(key + 10)); 115 | } 116 | 117 | void aes128_ecb_encrypt_x86(const aes128_key* ctx, const uint8_t* input, uint8_t* output) 118 | { 119 | const __m128i* key = (__m128i*)ctx->key; 120 | __m128i tmp = aes128_encrypt_x86(_mm_loadu_si128((const __m128i*)input), key); 121 | _mm_storeu_si128((__m128i*)output, tmp); 122 | } 123 | 124 | void aes128_ecb_decrypt_x86(const aes128_key* ctx, const uint8_t* input, uint8_t* output) 125 | { 126 | const __m128i* key = (__m128i*)ctx->key; 127 | __m128i tmp = aes128_decrypt_x86(_mm_loadu_si128((const __m128i*)input), key); 128 | _mm_storeu_si128((__m128i*)output, tmp); 129 | } 130 | 131 | static __m128i ctr_increment(__m128i counter) 132 | { 133 | __m128i swap = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); 134 | __m128i tmp = _mm_shuffle_epi8(counter, swap); 135 | tmp = _mm_add_epi64(tmp, _mm_set_epi32(0, 0, 0, 1)); 136 | return _mm_shuffle_epi8(tmp, swap); 137 | } 138 | 139 | void aes128_ctr_xor_x86(const aes128_key* ctx, const uint8_t* iv, uint8_t* buffer, size_t size) 140 | { 141 | const __m128i* key = (__m128i*)ctx->key; 142 | __m128i counter = _mm_loadu_si128((const __m128i*)iv); 143 | 144 | while (size >= 16) 145 | { 146 | __m128i block = aes128_encrypt_x86(counter, key); 147 | __m128i tmp = _mm_xor_si128(_mm_loadu_si128((const __m128i*)buffer), block); 148 | _mm_storeu_si128((__m128i*)buffer, tmp); 149 | 150 | counter = ctr_increment(counter); 151 | 152 | buffer += 16; 153 | size -= 16; 154 | } 155 | 156 | if (size != 0) 157 | { 158 | uint8_t full[16]; 159 | memcpy(full, buffer, size); 160 | memset(full + size, 0, 16 - size); 161 | 162 | __m128i block = aes128_encrypt_x86(counter, key); 163 | __m128i tmp = _mm_xor_si128(_mm_loadu_si128((const __m128i*)full), block); 164 | _mm_storeu_si128((__m128i*)full, tmp); 165 | 166 | memcpy(buffer, full, size); 167 | } 168 | } 169 | 170 | void aes128_cmac_process_x86(const aes128_key* ctx, uint8_t* block, const uint8_t* buffer, uint32_t size) 171 | { 172 | const __m128i* key = (__m128i*)ctx->key; 173 | __m128i* data = (__m128i*)buffer; 174 | 175 | __m128i tmp = _mm_loadu_si128((__m128i*)block); 176 | for (uint32_t i = 0; i < size; i += 16) 177 | { 178 | __m128i input = _mm_loadu_si128(data++); 179 | tmp = _mm_xor_si128(tmp, input); 180 | tmp = aes128_encrypt_x86(tmp, key); 181 | } 182 | _mm_storeu_si128((__m128i*)block, tmp); 183 | } 184 | 185 | void aes128_psp_decrypt_x86(const aes128_key* ctx, const uint8_t* prev, const uint8_t* block, uint8_t* buffer, uint32_t size) 186 | { 187 | const __m128i* key = (__m128i*)ctx->key; 188 | __m128i one = _mm_setr_epi32(0, 0, 0, 1); 189 | 190 | __m128i x = _mm_load_si128((__m128i*)prev); 191 | __m128i y = _mm_load_si128((__m128i*)block); 192 | 193 | __m128i* data = (__m128i*)buffer; 194 | 195 | for (uint32_t i = 0; i < size; i += 16) 196 | { 197 | y = _mm_add_epi32(y, one); 198 | 199 | __m128i out = aes128_decrypt_x86(y, key); 200 | 201 | out = _mm_xor_si128(out, _mm_loadu_si128(data)); 202 | out = _mm_xor_si128(out, x); 203 | _mm_storeu_si128(data++, out); 204 | x = y; 205 | } 206 | } 207 | -------------------------------------------------------------------------------- /resign_mac.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2018 Caio Oliveira 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | # PS3Xploit ReSign BASH Script for act.dat, PKG and RAP 19 | # Thanks to @CaptainCPS-X for script to build a proper PKG using Python 20 | function ps3xploit_resign() { 21 | 22 | # Usage: ps3xploit_resign (Resign for act.dat, PKG and RAP) 23 | echo; 24 | echo "ps3xploit_resign: PS3Xploit ReSign BASH Script for act.dat, PKG and RAP"; 25 | echo; 26 | 27 | ### 28 | ### Variables 29 | ### 30 | 31 | # Main Exports 32 | export PS3XPLOIT_RESIGNER_BINARY=; 33 | export PS3XPLOIT_PKGPY_BINARY=; 34 | export PS3XPLOIT_PYTHON_BINARY=; 35 | 36 | # Save Current Working Dir and Create a TEMPorary DIR 37 | cwd=$(pwd); 38 | 39 | # Main tools 40 | ps3py_tools_dir="${cwd}/source/tools/ps3py"; 41 | ps3xploit_resign_source_dir="${cwd}/source/src"; 42 | ps3xploit_precompiled_dir="${cwd}/source/pre-compiled/linux"; 43 | 44 | # Output dirs 45 | output_pkgs_dir="${cwd}/output/pkgs"; 46 | 47 | # Input files 48 | input_act_dat="${cwd}/input/act_dat/act.dat"; 49 | input_idps_hex="${cwd}/input/idps_hex/idps.hex"; 50 | 51 | # Input dirs 52 | input_raps_dir="${cwd}/input/raps" 53 | input_pkgs_dir="${cwd}/input/pkgs" 54 | 55 | # RIF Package ContentID and Name 56 | rif_pkg_contentid="RIF000-INSTALLER_00-0000000000000000"; 57 | rif_pkg_name="${output_pkgs_dir}/PKG_RIF-INSTALLER.pkg"; 58 | 59 | ### 60 | ### Check 61 | ### 62 | 63 | # Search for *.rap files 64 | input_raps_files=($(find "${input_raps_dir}/" -maxdepth 1 -type f \( -iname \*.rap -o -iname \*.RAP \))); 65 | input_raps_size="${#input_raps_files[@]}"; 66 | if [ "${input_raps_size}" -eq 0 ]; then 67 | echo; 68 | echo "ps3xploit_resign: No '*.rap' files found on '.${input_raps_dir##${cwd}}'"; 69 | echo; 70 | fi; 71 | 72 | # Check 'act.dat' and 'idps.hex' only when resign RAP files 73 | if [ "${input_raps_size}" -gt 0 ]; then 74 | for IFC in ${input_act_dat} ${input_idps_hex}; do 75 | if [ ! -e "${IFC}" ]; then 76 | echo; 77 | echo "ps3xploit_resign: '.${IFC##${cwd}}' not found, exiting..."; 78 | echo; 79 | return; 80 | fi; 81 | done; 82 | fi; 83 | 84 | # Search for *.pkg files 85 | input_pkgs_files=($(find "${input_pkgs_dir}/" -maxdepth 1 -name "*.pkg")); 86 | input_pkgs_size="${#input_pkgs_files[@]}"; 87 | if [ "${input_pkgs_size}" -eq 0 ]; then 88 | echo; 89 | echo "ps3xploit_resign: No '*.pkg' files found on '.${input_pkgs_dir##${cwd}}'"; 90 | echo; 91 | fi; 92 | 93 | # Nothing to do, just exit 94 | if [ "${input_raps_size}" -eq 0 -a "${input_pkgs_size}" -eq 0 ]; then 95 | return; 96 | fi; 97 | 98 | # Check source files of resign 99 | if [ -f "${ps3xploit_resign_source_dir}" ]; then 100 | echo; 101 | echo "ps3xploit_resign: Resign Dir '.${ps3xploit_resign_source_dir##${cwd}}' not found, exiting..."; 102 | echo; 103 | return; 104 | fi; 105 | 106 | ### 107 | ### Prepare Common 108 | ### 109 | 110 | # Cleanup 111 | rm -rf "${ps3xploit_precompiled_dir}/ps3xploit_rifgen_edatresign"; 112 | 113 | # Message Output 114 | echo; 115 | echo "ps3xploit_resign: Building 'ps3xploit_rifgen_edatresign'"; 116 | echo; 117 | 118 | # Go to src dir 119 | cd "${ps3xploit_resign_source_dir}"; 120 | 121 | # Clean old builds 122 | make clean; 123 | 124 | # Make 'ps3xploit_rifgen_edatresign' 125 | make; 126 | 127 | # Return back to current dir 128 | cd "${cwd}"; 129 | 130 | # Check if ps3xploit_rifgen_edatresing exists 131 | PS3XPLOIT_RESIGNER_BINARY=$(greadlink -e "${ps3xploit_resign_source_dir}/ps3xploit_rifgen_edatresign"); 132 | if [ -z "${PS3XPLOIT_RESIGNER_BINARY}" ]; then 133 | echo; 134 | echo "ps3xploit_resign: 'ps3xploit_rifgen_edatresign' not found, exiting..."; 135 | echo; 136 | return; 137 | fi; 138 | 139 | # Copy new binary to precompiled dir 140 | cp "${PS3XPLOIT_RESIGNER_BINARY}" "${ps3xploit_precompiled_dir}/"; 141 | 142 | # Go to src dir 143 | cd "${ps3xploit_resign_source_dir}"; 144 | 145 | # Clean build 146 | make clean; 147 | 148 | # Return back to current dir 149 | cd "${cwd}"; 150 | 151 | # Check Resigner binary file 152 | PS3XPLOIT_RESIGNER_BINARY=$(greadlink -e "${ps3xploit_precompiled_dir}/ps3xploit_rifgen_edatresign"); 153 | 154 | # Check 'Build ReSign for Linux' 155 | if [ -z "${PS3XPLOIT_RESIGNER_BINARY}" ]; then 156 | echo; 157 | echo "ps3xploit_resign: 'ps3xploit_rifgen_edatresign' not found, exiting..."; 158 | echo; 159 | return; 160 | fi; 161 | 162 | ### 163 | ### Start - RIF 164 | ### 165 | 166 | # Use only when resign RAP files 167 | if [ "${input_raps_size}" -gt 0 ]; then 168 | 169 | # Check 'pkg.py' 170 | PS3XPLOIT_PKGPY_BINARY=$(greadlink -e "${ps3py_tools_dir}/pkg.py"); 171 | if [ -z "${PS3XPLOIT_PKGPY_BINARY}" ]; then 172 | echo "ps3xploit_resign: 'pkg.py' not found, exiting..."; 173 | return; 174 | fi; 175 | 176 | # Cleanup 177 | rm -rf "${ps3py_tools_dir}/build" "${ps3py_tools_dir}/pkgcrypt.so"; 178 | 179 | # Check if the Python2.7 is installed 180 | PS3XPLOIT_PYTHON_BINARY=$(which python2.7); 181 | if [ -z "${PS3XPLOIT_PYTHON_BINARY}" ]; then 182 | echo; 183 | echo "ps3xploit_ps3py_all: 'python2.7' not is installed, exiting..."; 184 | echo " To continue install 'python2.7'"; 185 | echo; 186 | return; 187 | fi; 188 | 189 | # Message output 190 | echo; 191 | echo "ps3xploit_ps3py_all: Preparing 'ps3py' tools"; 192 | echo; 193 | 194 | # Go to src dir 195 | cd "${ps3py_tools_dir}"; 196 | 197 | # Setup to 'pkg.py' 198 | ${PS3XPLOIT_PYTHON_BINARY} 'setup.py' 'build'; 199 | 200 | # Return back to current dir 201 | cd "${cwd}"; 202 | 203 | # Check if the 'pkgcrypt' is builded 204 | ps3py_lib=$(greadlink -e "${ps3py_tools_dir}/build/lib."*"/pkgcrypt.so"); 205 | if [ -z "${ps3py_lib}" ]; then 206 | echo; 207 | echo "ps3xploit_ps3py_all: 'pkgcrypt.so' building failed, exiting..."; 208 | echo; 209 | return; 210 | fi; 211 | 212 | # Copy new library 213 | cp "${ps3py_lib}" "${ps3py_tools_dir}/"; 214 | 215 | # Cleanup 216 | rm -rf "${rif_pkg_name:?}" "${rif_pkg_name:?}_signed.pkg"; 217 | 218 | # Create a TEMPorary DIR 219 | temp_dir=$(mktemp -d); 220 | 221 | # Copy 'act.dat' and 'idps.hex' 222 | for IFC in ${input_act_dat} ${input_idps_hex}; do 223 | cp "${IFC}" "${temp_dir}/"; 224 | done; 225 | 226 | # Sign RIF files 227 | for ((srap=0; srap/dev/null 2>&1; echo "${?}"); 191 | if [ "${python_headers}" -ne 0 ]; then 192 | echo; 193 | echo "ps3xploit_ps3py_all: 'python-dev' not is installed, exiting..."; 194 | echo " To continue install 'python-dev'"; 195 | echo; 196 | return; 197 | fi; 198 | 199 | # Message output 200 | echo; 201 | echo "ps3xploit_ps3py_all: Preparing 'ps3py' tools"; 202 | echo; 203 | 204 | # Go to src dir 205 | cd "${ps3py_tools_dir}"; 206 | 207 | # Setup to 'pkg.py' 208 | ${PS3XPLOIT_PYTHON_BINARY} 'setup.py' 'build'; 209 | 210 | # Return back to current dir 211 | cd "${cwd}"; 212 | 213 | # Check if the 'pkgcrypt' is builded 214 | ps3py_lib=$(readlink -e "${ps3py_tools_dir}/build/lib."*"/pkgcrypt.so"); 215 | if [ -z "${ps3py_lib}" ]; then 216 | echo; 217 | echo "ps3xploit_ps3py_all: 'pkgcrypt.so' building failed, exiting..."; 218 | echo; 219 | return; 220 | fi; 221 | 222 | # Copy new library 223 | cp "${ps3py_lib}" "${ps3py_tools_dir}/"; 224 | 225 | # Cleanup 226 | rm -rf "${rif_pkg_name:?}" "${rif_pkg_name:?}_signed.pkg"; 227 | 228 | # Create a TEMPorary DIR 229 | temp_dir=$(mktemp -d); 230 | 231 | # Copy 'act.dat' and 'idps.hex' 232 | for IFC in ${input_act_dat} ${input_idps_hex}; do 233 | cp "${IFC}" "${temp_dir}/"; 234 | done; 235 | 236 | # Sign RIF files 237 | for ((srap=0; srap 7 | #include 8 | #include 9 | #include 10 | 11 | #include "types.h" 12 | #include "util.h" 13 | 14 | u8 *_read_buffer(const s8 *file, u32 *length) 15 | { 16 | FILE *fp; 17 | u32 size; 18 | 19 | if((fp = fopen(file, "rb")) == NULL) 20 | return NULL; 21 | 22 | fseek(fp, 0, SEEK_END); 23 | size = ftell(fp); 24 | fseek(fp, 0, SEEK_SET); 25 | 26 | u8 *buffer = (u8 *)malloc(sizeof(u8) * size); 27 | fread(buffer, sizeof(u8), size, fp); 28 | 29 | if(length != NULL) 30 | *length = size; 31 | 32 | fclose(fp); 33 | 34 | return buffer; 35 | } 36 | 37 | int _write_buffer(const s8 *file, u8 *buffer, u32 length) 38 | { 39 | FILE *fp; 40 | 41 | if((fp = fopen(file, "wb")) == NULL) 42 | return 0; 43 | 44 | /**/ 45 | while(length > 0) 46 | { 47 | u32 wrlen = 1024; 48 | if(length < 1024) 49 | wrlen = length; 50 | fwrite(buffer, sizeof(u8), wrlen, fp); 51 | length -= wrlen; 52 | buffer += 1024; 53 | } 54 | /**/ 55 | 56 | //fwrite(buffer, sizeof(u8), length, fp); 57 | 58 | fclose(fp); 59 | 60 | return 1; 61 | } 62 | 63 | #include "aes.h" 64 | // Crypto functions (AES128-CBC, AES128-ECB, SHA1-HMAC and AES-CMAC). 65 | void aescbc128_decrypt(unsigned char *key, unsigned char *iv, unsigned char *in, unsigned char *out, int len) 66 | { 67 | aes_context ctx; 68 | aes_setkey_dec(&ctx, key, 128); 69 | aes_crypt_cbc(&ctx, AES_DECRYPT, len, iv, in, out); 70 | 71 | // Reset the IV. 72 | memset(iv, 0, 0x10); 73 | } 74 | 75 | void aescbc128_encrypt(unsigned char *key, unsigned char *iv, unsigned char *in, unsigned char *out, int len) 76 | { 77 | aes_context ctx; 78 | aes_setkey_enc(&ctx, key, 128); 79 | aes_crypt_cbc(&ctx, AES_ENCRYPT, len, iv, in, out); 80 | 81 | // Reset the IV. 82 | memset(iv, 0, 0x10); 83 | } 84 | 85 | void aesecb128_encrypt(unsigned char *key, unsigned char *in, unsigned char *out) 86 | { 87 | aes_context ctx; 88 | aes_setkey_enc(&ctx, key, 128); 89 | aes_crypt_ecb(&ctx, AES_ENCRYPT, in, out); 90 | } 91 | 92 | int aes128ctr(u8 *key, u8 *iv, u8 *in, u64 len, u8 *out) 93 | { 94 | aes_context aes_ctx = {0}; 95 | size_t nc_off = 0; 96 | unsigned char stream_block[0x10] = {0}; 97 | int retval = -1; 98 | 99 | 100 | // validate input params 101 | if ( (key == NULL) || (iv == NULL) || (in == NULL) || (out == NULL) ) 102 | goto exit; 103 | 104 | // set the AES key context 105 | if (aes_setkey_enc(&aes_ctx, key, 128) != 0) 106 | goto exit; 107 | 108 | // do the AES-CTR crypt 109 | if (aes_crypt_ctr(&aes_ctx, (size_t)len, &nc_off, iv, stream_block, in, out) != 0) 110 | goto exit; 111 | // status success 112 | retval = 0; 113 | 114 | exit: 115 | // return status 116 | return retval; 117 | } 118 | 119 | int aes128ctrxor(u8 *key, u8 *iv, u8 *in, u64 len, u8 *out, size_t len_start_from) 120 | { 121 | aes_context aes_ctx = {0}; 122 | size_t nc_off = 0; 123 | unsigned char stream_block[0x10] = {0}; 124 | int retval = -1; 125 | 126 | 127 | // validate input params 128 | if ( (key == NULL) || (iv == NULL) || (in == NULL) || (out == NULL) ) 129 | goto exit; 130 | 131 | // set the AES key context 132 | if (aes_setkey_enc(&aes_ctx, key, 128) != 0) 133 | goto exit; 134 | 135 | // do the AES-CTR crypt 136 | if (aes_crypt_ctr_xor(&aes_ctx, (size_t)len, &nc_off, iv, stream_block, in, out, len_start_from) != 0) 137 | goto exit; 138 | // status success 139 | retval = 0; 140 | 141 | exit: 142 | // return status 143 | return retval; 144 | } 145 | 146 | unsigned char RAP_KEY[] = {0x86, 0x9F, 0x77, 0x45, 0xC1, 0x3F, 0xD8, 0x90, 0xCC, 0xF2, 0x91, 0x88, 0xE3, 0xCC, 0x3E, 0xDF}; 147 | unsigned char RAP_PBOX[] = {0x0C, 0x03, 0x06, 0x04, 0x01, 0x0B, 0x0F, 0x08, 0x02, 0x07, 0x00, 0x05, 0x0A, 0x0E, 0x0D, 0x09}; 148 | unsigned char RAP_E1[] = {0xA9, 0x3E, 0x1F, 0xD6, 0x7C, 0x55, 0xA3, 0x29, 0xB7, 0x5F, 0xDD, 0xA6, 0x2A, 0x95, 0xC7, 0xA5}; 149 | unsigned char RAP_E2[] = {0x67, 0xD4, 0x5D, 0xA3, 0x29, 0x6D, 0x00, 0x6A, 0x4E, 0x7C, 0x53, 0x7B, 0xF5, 0x53, 0x8C, 0x74}; 150 | 151 | void get_rif_key(unsigned char* rap, unsigned char* rif) 152 | { 153 | int i; 154 | int round; 155 | 156 | unsigned char key[0x10]; 157 | unsigned char iv[0x10]; 158 | memset(key, 0, 0x10); 159 | memset(iv, 0, 0x10); 160 | 161 | // Initial decrypt. 162 | aescbc128_decrypt(RAP_KEY, iv, rap, key, 0x10); 163 | 164 | // rap2rifkey round. 165 | for (round = 0; round < 5; ++round) 166 | { 167 | for (i = 0; i < 16; ++i) 168 | { 169 | int p = RAP_PBOX[i]; 170 | key[p] ^= RAP_E1[p]; 171 | } 172 | for (i = 15; i >= 1; --i) 173 | { 174 | int p = RAP_PBOX[i]; 175 | int pp = RAP_PBOX[i - 1]; 176 | key[p] ^= key[pp]; 177 | } 178 | int o = 0; 179 | for (i = 0; i < 16; ++i) 180 | { 181 | int p = RAP_PBOX[i]; 182 | unsigned char kc = key[p] - o; 183 | unsigned char ec2 = RAP_E2[p]; 184 | if (o != 1 || kc != 0xFF) 185 | { 186 | o = kc < ec2 ? 1 : 0; 187 | key[p] = kc - ec2; 188 | } 189 | else if (kc == 0xFF) 190 | { 191 | key[p] = kc - ec2; 192 | } 193 | else 194 | { 195 | key[p] = kc; 196 | } 197 | } 198 | } 199 | 200 | memcpy(rif, key, 0x10); 201 | } 202 | 203 | bool hmac_hash_compare(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash, int hash_len) 204 | 205 | { 206 | 207 | unsigned char *out = new unsigned char[key_len]; 208 | 209 | 210 | 211 | sha1_hmac(key, key_len, in, in_len, out); 212 | 213 | 214 | 215 | for (int i = 0; i < hash_len; i++) 216 | 217 | { 218 | 219 | if (out[i] != hash[i]) 220 | 221 | { 222 | 223 | delete[] out; 224 | 225 | return false; 226 | 227 | } 228 | 229 | } 230 | 231 | 232 | 233 | delete[] out; 234 | 235 | 236 | 237 | return true; 238 | 239 | } 240 | 241 | 242 | // Auxiliary functions (endian swap, xor and prng). 243 | 244 | short se16(short i) 245 | 246 | { 247 | 248 | return (((i & 0xFF00) >> 8) | ((i & 0xFF) << 8)); 249 | 250 | } 251 | 252 | 253 | 254 | int se32(int i) 255 | 256 | { 257 | 258 | return ((i & 0xFF000000) >> 24) | ((i & 0xFF0000) >> 8) | ((i & 0xFF00) << 8) | ((i & 0xFF) << 24); 259 | 260 | } 261 | 262 | 263 | 264 | u64 se64(u64 i) 265 | 266 | { 267 | 268 | return ((i & 0x00000000000000ff) << 56) | ((i & 0x000000000000ff00) << 40) | 269 | 270 | ((i & 0x0000000000ff0000) << 24) | ((i & 0x00000000ff000000) << 8) | 271 | 272 | ((i & 0x000000ff00000000) >> 8) | ((i & 0x0000ff0000000000) >> 24) | 273 | 274 | ((i & 0x00ff000000000000) >> 40) | ((i & 0xff00000000000000) >> 56); 275 | 276 | } 277 | 278 | 279 | 280 | void xor1(unsigned char *dest, unsigned char *src1, unsigned char *src2, int size) 281 | 282 | { 283 | 284 | int i; 285 | 286 | for(i = 0; i < size; i++) 287 | 288 | { 289 | 290 | dest[i] = src1[i] ^ src2[i]; 291 | 292 | } 293 | 294 | } 295 | 296 | 297 | 298 | void prng(unsigned char *dest, int size) 299 | 300 | { 301 | 302 | unsigned char *buffer = new unsigned char[size]; 303 | 304 | srand((u32)time(0)); 305 | 306 | 307 | 308 | int i; 309 | 310 | for(i = 0; i < size; i++) 311 | 312 | buffer[i] = (unsigned char)(rand() & 0xFF); 313 | 314 | 315 | 316 | memcpy(dest, buffer, size); 317 | 318 | 319 | 320 | delete[] buffer; 321 | 322 | } 323 | 324 | 325 | 326 | // Hex string conversion auxiliary functions. 327 | 328 | u64 hex_to_u64(const char* hex_str) 329 | 330 | { 331 | 332 | u32 length = strlen(hex_str); 333 | 334 | u64 tmp = 0; 335 | 336 | u64 result = 0; 337 | 338 | char c; 339 | 340 | 341 | 342 | while (length--) 343 | 344 | { 345 | 346 | c = *hex_str++; 347 | 348 | if((c >= '0') && (c <= '9')) 349 | 350 | tmp = c - '0'; 351 | 352 | else if((c >= 'a') && (c <= 'f')) 353 | 354 | tmp = c - 'a' + 10; 355 | 356 | else if((c >= 'A') && (c <= 'F')) 357 | 358 | tmp = c - 'A' + 10; 359 | 360 | else 361 | 362 | tmp = 0; 363 | 364 | result |= (tmp << (length * 4)); 365 | 366 | } 367 | 368 | 369 | 370 | return result; 371 | 372 | } 373 | 374 | 375 | 376 | void hex_to_bytes(unsigned char *data, const char *hex_str, unsigned int str_length) 377 | 378 | { 379 | 380 | u32 data_length = str_length / 2; 381 | 382 | char tmp_buf[3] = {0, 0, 0}; 383 | 384 | 385 | 386 | // Don't convert if the string length is odd. 387 | 388 | if (!(str_length % 2)) 389 | 390 | { 391 | 392 | u8 *out = (u8 *) malloc (str_length * sizeof(u8)); 393 | 394 | u8 *pos = out; 395 | 396 | 397 | 398 | while (str_length--) 399 | 400 | { 401 | 402 | tmp_buf[0] = *hex_str++; 403 | 404 | tmp_buf[1] = *hex_str++; 405 | 406 | 407 | 408 | *pos++ = (u8)(hex_to_u64(tmp_buf) & 0xFF); 409 | 410 | } 411 | 412 | 413 | 414 | // Copy back to our array. 415 | 416 | memcpy(data, out, data_length); 417 | 418 | } 419 | 420 | } 421 | 422 | 423 | 424 | bool is_hex(const char* hex_str, unsigned int str_length) 425 | 426 | { 427 | 428 | static const char hex_chars[] = "0123456789abcdefABCDEF"; 429 | 430 | 431 | 432 | if (hex_str == NULL) 433 | 434 | return false; 435 | 436 | 437 | 438 | unsigned int i; 439 | 440 | for (i = 0; i < str_length; i++) 441 | 442 | { 443 | 444 | if (strchr(hex_chars, hex_str[i]) == 0) 445 | 446 | return false; 447 | 448 | } 449 | 450 | 451 | 452 | return true; 453 | 454 | } 455 | 456 | 457 | 458 | void hmac_hash_forge(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash) 459 | 460 | { 461 | 462 | sha1_hmac(key, key_len, in, in_len, hash); 463 | 464 | } 465 | 466 | 467 | 468 | bool cmac_hash_compare(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash, int hash_len) 469 | 470 | { 471 | 472 | unsigned char *out = new unsigned char[key_len]; 473 | 474 | 475 | 476 | aes_context ctx; 477 | 478 | aes_setkey_enc(&ctx, key, 128); 479 | 480 | aes_cmac(&ctx, in_len, in, out); 481 | 482 | 483 | 484 | for (int i = 0; i < hash_len; i++) 485 | 486 | { 487 | 488 | if (out[i] != hash[i]) 489 | 490 | { 491 | 492 | delete[] out; 493 | 494 | return false; 495 | 496 | } 497 | 498 | } 499 | 500 | 501 | 502 | delete[] out; 503 | 504 | 505 | 506 | return true; 507 | 508 | } 509 | 510 | 511 | 512 | void cmac_hash_forge(unsigned char *key, int key_len, unsigned char *in, uint64_t in_len, unsigned char *hash) 513 | 514 | { 515 | 516 | aes_context ctx; 517 | 518 | aes_setkey_enc(&ctx, key, 128); 519 | 520 | aes_cmac(&ctx, in_len, in, hash); 521 | 522 | } 523 | -------------------------------------------------------------------------------- /source/src/sha1.c: -------------------------------------------------------------------------------- 1 | /* 2 | * FIPS-180-1 compliant SHA-1 implementation 3 | * 4 | * Copyright (C) 2006-2010, Brainspark B.V. 5 | * 6 | * This file is part of PolarSSL (http://www.polarssl.org) 7 | * Lead Maintainer: Paul Bakker 8 | * 9 | * All rights reserved. 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License as published by 13 | * the Free Software Foundation; either version 2 of the License, or 14 | * (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License along 22 | * with this program; if not, write to the Free Software Foundation, Inc., 23 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 24 | */ 25 | /* 26 | * The SHA-1 standard was published by NIST in 1993. 27 | * 28 | * http://www.itl.nist.gov/fipspubs/fip180-1.htm 29 | */ 30 | 31 | #include "sha1.h" 32 | 33 | /* 34 | * 32-bit integer manipulation macros (big endian) 35 | */ 36 | #ifndef GET_ULONG_BE 37 | #define GET_ULONG_BE(n,b,i) \ 38 | { \ 39 | (n) = ( (unsigned long) (b)[(i) ] << 24 ) \ 40 | | ( (unsigned long) (b)[(i) + 1] << 16 ) \ 41 | | ( (unsigned long) (b)[(i) + 2] << 8 ) \ 42 | | ( (unsigned long) (b)[(i) + 3] ); \ 43 | } 44 | #endif 45 | 46 | #ifndef PUT_ULONG_BE 47 | #define PUT_ULONG_BE(n,b,i) \ 48 | { \ 49 | (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ 50 | (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ 51 | (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ 52 | (b)[(i) + 3] = (unsigned char) ( (n) ); \ 53 | } 54 | #endif 55 | 56 | /* 57 | * SHA-1 context setup 58 | */ 59 | void sha1_starts( sha1_context *ctx ) 60 | { 61 | ctx->total[0] = 0; 62 | ctx->total[1] = 0; 63 | 64 | ctx->state[0] = 0x67452301; 65 | ctx->state[1] = 0xEFCDAB89; 66 | ctx->state[2] = 0x98BADCFE; 67 | ctx->state[3] = 0x10325476; 68 | ctx->state[4] = 0xC3D2E1F0; 69 | } 70 | 71 | static void sha1_process( sha1_context *ctx, const unsigned char data[64] ) 72 | { 73 | unsigned long temp, W[16], A, B, C, D, E; 74 | 75 | GET_ULONG_BE( W[ 0], data, 0 ); 76 | GET_ULONG_BE( W[ 1], data, 4 ); 77 | GET_ULONG_BE( W[ 2], data, 8 ); 78 | GET_ULONG_BE( W[ 3], data, 12 ); 79 | GET_ULONG_BE( W[ 4], data, 16 ); 80 | GET_ULONG_BE( W[ 5], data, 20 ); 81 | GET_ULONG_BE( W[ 6], data, 24 ); 82 | GET_ULONG_BE( W[ 7], data, 28 ); 83 | GET_ULONG_BE( W[ 8], data, 32 ); 84 | GET_ULONG_BE( W[ 9], data, 36 ); 85 | GET_ULONG_BE( W[10], data, 40 ); 86 | GET_ULONG_BE( W[11], data, 44 ); 87 | GET_ULONG_BE( W[12], data, 48 ); 88 | GET_ULONG_BE( W[13], data, 52 ); 89 | GET_ULONG_BE( W[14], data, 56 ); 90 | GET_ULONG_BE( W[15], data, 60 ); 91 | 92 | #define S(x,n) ((x << n) | ((x & 0xFFFFFFFF) >> (32 - n))) 93 | 94 | #define R(t) \ 95 | ( \ 96 | temp = W[(t - 3) & 0x0F] ^ W[(t - 8) & 0x0F] ^ \ 97 | W[(t - 14) & 0x0F] ^ W[ t & 0x0F], \ 98 | ( W[t & 0x0F] = S(temp,1) ) \ 99 | ) 100 | 101 | #define P(a,b,c,d,e,x) \ 102 | { \ 103 | e += S(a,5) + F(b,c,d) + K + x; b = S(b,30); \ 104 | } 105 | 106 | A = ctx->state[0]; 107 | B = ctx->state[1]; 108 | C = ctx->state[2]; 109 | D = ctx->state[3]; 110 | E = ctx->state[4]; 111 | 112 | #define F(x,y,z) (z ^ (x & (y ^ z))) 113 | #define K 0x5A827999 114 | 115 | P( A, B, C, D, E, W[0] ); 116 | P( E, A, B, C, D, W[1] ); 117 | P( D, E, A, B, C, W[2] ); 118 | P( C, D, E, A, B, W[3] ); 119 | P( B, C, D, E, A, W[4] ); 120 | P( A, B, C, D, E, W[5] ); 121 | P( E, A, B, C, D, W[6] ); 122 | P( D, E, A, B, C, W[7] ); 123 | P( C, D, E, A, B, W[8] ); 124 | P( B, C, D, E, A, W[9] ); 125 | P( A, B, C, D, E, W[10] ); 126 | P( E, A, B, C, D, W[11] ); 127 | P( D, E, A, B, C, W[12] ); 128 | P( C, D, E, A, B, W[13] ); 129 | P( B, C, D, E, A, W[14] ); 130 | P( A, B, C, D, E, W[15] ); 131 | P( E, A, B, C, D, R(16) ); 132 | P( D, E, A, B, C, R(17) ); 133 | P( C, D, E, A, B, R(18) ); 134 | P( B, C, D, E, A, R(19) ); 135 | 136 | #undef K 137 | #undef F 138 | 139 | #define F(x,y,z) (x ^ y ^ z) 140 | #define K 0x6ED9EBA1 141 | 142 | P( A, B, C, D, E, R(20) ); 143 | P( E, A, B, C, D, R(21) ); 144 | P( D, E, A, B, C, R(22) ); 145 | P( C, D, E, A, B, R(23) ); 146 | P( B, C, D, E, A, R(24) ); 147 | P( A, B, C, D, E, R(25) ); 148 | P( E, A, B, C, D, R(26) ); 149 | P( D, E, A, B, C, R(27) ); 150 | P( C, D, E, A, B, R(28) ); 151 | P( B, C, D, E, A, R(29) ); 152 | P( A, B, C, D, E, R(30) ); 153 | P( E, A, B, C, D, R(31) ); 154 | P( D, E, A, B, C, R(32) ); 155 | P( C, D, E, A, B, R(33) ); 156 | P( B, C, D, E, A, R(34) ); 157 | P( A, B, C, D, E, R(35) ); 158 | P( E, A, B, C, D, R(36) ); 159 | P( D, E, A, B, C, R(37) ); 160 | P( C, D, E, A, B, R(38) ); 161 | P( B, C, D, E, A, R(39) ); 162 | 163 | #undef K 164 | #undef F 165 | 166 | #define F(x,y,z) ((x & y) | (z & (x | y))) 167 | #define K 0x8F1BBCDC 168 | 169 | P( A, B, C, D, E, R(40) ); 170 | P( E, A, B, C, D, R(41) ); 171 | P( D, E, A, B, C, R(42) ); 172 | P( C, D, E, A, B, R(43) ); 173 | P( B, C, D, E, A, R(44) ); 174 | P( A, B, C, D, E, R(45) ); 175 | P( E, A, B, C, D, R(46) ); 176 | P( D, E, A, B, C, R(47) ); 177 | P( C, D, E, A, B, R(48) ); 178 | P( B, C, D, E, A, R(49) ); 179 | P( A, B, C, D, E, R(50) ); 180 | P( E, A, B, C, D, R(51) ); 181 | P( D, E, A, B, C, R(52) ); 182 | P( C, D, E, A, B, R(53) ); 183 | P( B, C, D, E, A, R(54) ); 184 | P( A, B, C, D, E, R(55) ); 185 | P( E, A, B, C, D, R(56) ); 186 | P( D, E, A, B, C, R(57) ); 187 | P( C, D, E, A, B, R(58) ); 188 | P( B, C, D, E, A, R(59) ); 189 | 190 | #undef K 191 | #undef F 192 | 193 | #define F(x,y,z) (x ^ y ^ z) 194 | #define K 0xCA62C1D6 195 | 196 | P( A, B, C, D, E, R(60) ); 197 | P( E, A, B, C, D, R(61) ); 198 | P( D, E, A, B, C, R(62) ); 199 | P( C, D, E, A, B, R(63) ); 200 | P( B, C, D, E, A, R(64) ); 201 | P( A, B, C, D, E, R(65) ); 202 | P( E, A, B, C, D, R(66) ); 203 | P( D, E, A, B, C, R(67) ); 204 | P( C, D, E, A, B, R(68) ); 205 | P( B, C, D, E, A, R(69) ); 206 | P( A, B, C, D, E, R(70) ); 207 | P( E, A, B, C, D, R(71) ); 208 | P( D, E, A, B, C, R(72) ); 209 | P( C, D, E, A, B, R(73) ); 210 | P( B, C, D, E, A, R(74) ); 211 | P( A, B, C, D, E, R(75) ); 212 | P( E, A, B, C, D, R(76) ); 213 | P( D, E, A, B, C, R(77) ); 214 | P( C, D, E, A, B, R(78) ); 215 | P( B, C, D, E, A, R(79) ); 216 | 217 | #undef K 218 | #undef F 219 | 220 | ctx->state[0] += A; 221 | ctx->state[1] += B; 222 | ctx->state[2] += C; 223 | ctx->state[3] += D; 224 | ctx->state[4] += E; 225 | } 226 | 227 | /* 228 | * SHA-1 process buffer 229 | */ 230 | void sha1_update( sha1_context *ctx, const unsigned char *input, size_t ilen ) 231 | { 232 | size_t fill; 233 | unsigned long left; 234 | 235 | if( ilen <= 0 ) 236 | return; 237 | 238 | left = ctx->total[0] & 0x3F; 239 | fill = 64 - left; 240 | 241 | ctx->total[0] += (unsigned long) ilen; 242 | ctx->total[0] &= 0xFFFFFFFF; 243 | 244 | if( ctx->total[0] < (unsigned long) ilen ) 245 | ctx->total[1]++; 246 | 247 | if( left && ilen >= fill ) 248 | { 249 | memcpy( (void *) (ctx->buffer + left), 250 | (void *) input, fill ); 251 | sha1_process( ctx, ctx->buffer ); 252 | input += fill; 253 | ilen -= fill; 254 | left = 0; 255 | } 256 | 257 | while( ilen >= 64 ) 258 | { 259 | sha1_process( ctx, input ); 260 | input += 64; 261 | ilen -= 64; 262 | } 263 | 264 | if( ilen > 0 ) 265 | { 266 | memcpy( (void *) (ctx->buffer + left), 267 | (void *) input, ilen ); 268 | } 269 | } 270 | 271 | static const unsigned char sha1_padding[64] = 272 | { 273 | 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 274 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 275 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 276 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 277 | }; 278 | 279 | /* 280 | * SHA-1 final digest 281 | */ 282 | void sha1_finish( sha1_context *ctx, unsigned char output[20] ) 283 | { 284 | unsigned long last, padn; 285 | unsigned long high, low; 286 | unsigned char msglen[8]; 287 | 288 | high = ( ctx->total[0] >> 29 ) 289 | | ( ctx->total[1] << 3 ); 290 | low = ( ctx->total[0] << 3 ); 291 | 292 | PUT_ULONG_BE( high, msglen, 0 ); 293 | PUT_ULONG_BE( low, msglen, 4 ); 294 | 295 | last = ctx->total[0] & 0x3F; 296 | padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); 297 | 298 | sha1_update( ctx, (unsigned char *) sha1_padding, padn ); 299 | sha1_update( ctx, msglen, 8 ); 300 | 301 | PUT_ULONG_BE( ctx->state[0], output, 0 ); 302 | PUT_ULONG_BE( ctx->state[1], output, 4 ); 303 | PUT_ULONG_BE( ctx->state[2], output, 8 ); 304 | PUT_ULONG_BE( ctx->state[3], output, 12 ); 305 | PUT_ULONG_BE( ctx->state[4], output, 16 ); 306 | } 307 | 308 | /* 309 | * output = SHA-1( input buffer ) 310 | */ 311 | void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ) 312 | { 313 | sha1_context ctx; 314 | 315 | sha1_starts( &ctx ); 316 | sha1_update( &ctx, input, ilen ); 317 | sha1_finish( &ctx, output ); 318 | 319 | memset( &ctx, 0, sizeof( sha1_context ) ); 320 | } 321 | 322 | /* 323 | * SHA-1 HMAC context setup 324 | */ 325 | void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keylen ) 326 | { 327 | size_t i; 328 | unsigned char sum[20]; 329 | 330 | if( keylen > 64 ) 331 | { 332 | sha1( key, keylen, sum ); 333 | keylen = 20; 334 | key = sum; 335 | } 336 | 337 | memset( ctx->ipad, 0x36, 64 ); 338 | memset( ctx->opad, 0x5C, 64 ); 339 | 340 | for( i = 0; i < keylen; i++ ) 341 | { 342 | ctx->ipad[i] = (unsigned char)( ctx->ipad[i] ^ key[i] ); 343 | ctx->opad[i] = (unsigned char)( ctx->opad[i] ^ key[i] ); 344 | } 345 | 346 | sha1_starts( ctx ); 347 | sha1_update( ctx, ctx->ipad, 64 ); 348 | 349 | memset( sum, 0, sizeof( sum ) ); 350 | } 351 | 352 | /* 353 | * SHA-1 HMAC process buffer 354 | */ 355 | void sha1_hmac_update( sha1_context *ctx, const unsigned char *input, size_t ilen ) 356 | { 357 | sha1_update( ctx, input, ilen ); 358 | } 359 | 360 | /* 361 | * SHA-1 HMAC final digest 362 | */ 363 | void sha1_hmac_finish( sha1_context *ctx, unsigned char output[20] ) 364 | { 365 | unsigned char tmpbuf[20]; 366 | 367 | sha1_finish( ctx, tmpbuf ); 368 | sha1_starts( ctx ); 369 | sha1_update( ctx, ctx->opad, 64 ); 370 | sha1_update( ctx, tmpbuf, 20 ); 371 | sha1_finish( ctx, output ); 372 | 373 | memset( tmpbuf, 0, sizeof( tmpbuf ) ); 374 | } 375 | 376 | /* 377 | * SHA1 HMAC context reset 378 | */ 379 | void sha1_hmac_reset( sha1_context *ctx ) 380 | { 381 | sha1_starts( ctx ); 382 | sha1_update( ctx, ctx->ipad, 64 ); 383 | } 384 | 385 | /* 386 | * output = HMAC-SHA-1( hmac key, input buffer ) 387 | */ 388 | void sha1_hmac( const unsigned char *key, size_t keylen, 389 | const unsigned char *input, size_t ilen, 390 | unsigned char output[20] ) 391 | { 392 | sha1_context ctx; 393 | 394 | sha1_hmac_starts( &ctx, key, keylen ); 395 | sha1_hmac_update( &ctx, input, ilen ); 396 | sha1_hmac_finish( &ctx, output ); 397 | 398 | memset( &ctx, 0, sizeof( sha1_context ) ); 399 | } 400 | -------------------------------------------------------------------------------- /source/src/pkg2zip_aes.c: -------------------------------------------------------------------------------- 1 | #include "pkg2zip_aes.h" 2 | #include "pkg2zip_utils.h" 3 | #include "pkg2zip_aes_x86.h" 4 | 5 | #include 6 | #include 7 | 8 | #if defined(_MSC_VER) 9 | #define PLATFORM_SUPPORTS_AESNI 1 10 | 11 | #include 12 | static void get_cpuid(uint32_t level, uint32_t* arr) 13 | { 14 | __cpuidex((int*)arr, level, 0); 15 | } 16 | 17 | #elif defined(__x86_64__) || defined(__i386__) 18 | #define PLATFORM_SUPPORTS_AESNI 1 19 | 20 | #include 21 | static void get_cpuid(uint32_t level, uint32_t* arr) 22 | { 23 | __cpuid_count(level, 0, arr[0], arr[1], arr[2], arr[3]); 24 | } 25 | 26 | #else 27 | #define PLATFORM_SUPPORTS_AESNI 0 28 | #endif 29 | 30 | #if PLATFORM_SUPPORTS_AESNI 31 | int aes128_supported_x86() 32 | { 33 | static int init = 0; 34 | static int supported; 35 | if (!init) 36 | { 37 | init = 1; 38 | 39 | uint32_t a[4]; 40 | get_cpuid(0, a); 41 | 42 | if (a[0] >= 1) 43 | { 44 | get_cpuid(1, a); 45 | supported = ((a[2] & (1 << 9)) && (a[2] & (1 << 25))); 46 | } 47 | } 48 | return supported; 49 | } 50 | 51 | void aes128_init_x86(aes128_key* context, const uint8_t* key); 52 | void aes128_init_dec_x86(aes128_key* context, const uint8_t* key); 53 | void aes128_ecb_encrypt_x86(const aes128_key* context, const uint8_t* input, uint8_t* output); 54 | void aes128_ecb_decrypt_x86(const aes128_key* context, const uint8_t* input, uint8_t* output); 55 | void aes128_ctr_xor_x86(const aes128_key* context, const uint8_t* iv, uint8_t* buffer, size_t size); 56 | void aes128_cmac_process_x86(const aes128_key* ctx, uint8_t* block, const uint8_t *buffer, uint32_t size); 57 | void aes128_psp_decrypt_x86(const aes128_key* ctx, const uint8_t* prev, const uint8_t* block, uint8_t* buffer, uint32_t size); 58 | #endif 59 | 60 | static const uint8_t rcon[] = { 61 | 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36, 62 | }; 63 | 64 | static const uint8_t Te[] = { 65 | 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, 66 | 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 67 | 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, 68 | 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, 69 | 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 70 | 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, 71 | 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, 72 | 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 73 | 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, 74 | 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, 75 | 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 76 | 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, 77 | 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, 78 | 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 79 | 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, 80 | 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16, 81 | }; 82 | 83 | static uint8_t Td[] = { 84 | 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, 85 | 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, 86 | 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, 87 | 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, 88 | 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, 89 | 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, 90 | 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, 91 | 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, 92 | 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, 93 | 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, 94 | 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, 95 | 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, 96 | 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, 97 | 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, 98 | 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, 99 | 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d, 100 | }; 101 | 102 | static const uint32_t TE[] = { 103 | 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554, 104 | 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d, 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, 105 | 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87, 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b, 106 | 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b, 107 | 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a, 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, 108 | 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108, 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f, 109 | 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5, 110 | 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d, 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, 111 | 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e, 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb, 112 | 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497, 113 | 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c, 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, 114 | 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b, 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a, 115 | 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594, 116 | 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81, 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, 117 | 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a, 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504, 118 | 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d, 119 | 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f, 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, 120 | 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47, 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395, 121 | 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883, 122 | 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c, 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, 123 | 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e, 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4, 124 | 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b, 125 | 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7, 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, 126 | 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25, 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818, 127 | 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651, 128 | 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21, 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85, 129 | 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa, 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12, 130 | 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9, 131 | 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133, 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, 132 | 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920, 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a, 133 | 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8, 134 | 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a, 135 | }; 136 | 137 | static const uint32_t TD[] = { 138 | 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393, 139 | 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25, 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f, 140 | 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1, 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6, 141 | 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da, 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844, 142 | 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd, 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4, 143 | 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45, 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94, 144 | 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7, 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a, 145 | 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5, 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c, 146 | 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1, 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a, 147 | 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75, 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051, 148 | 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46, 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff, 149 | 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77, 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb, 150 | 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000, 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e, 151 | 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927, 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a, 152 | 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e, 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16, 153 | 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d, 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8, 154 | 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd, 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34, 155 | 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163, 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120, 156 | 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d, 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0, 157 | 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422, 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef, 158 | 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36, 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4, 159 | 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662, 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5, 160 | 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3, 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b, 161 | 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8, 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6, 162 | 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6, 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0, 163 | 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815, 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f, 164 | 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df, 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f, 165 | 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e, 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713, 166 | 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89, 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c, 167 | 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf, 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86, 168 | 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f, 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541, 169 | 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190, 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742, 170 | }; 171 | 172 | static uint8_t byte32(uint32_t x, int n) 173 | { 174 | return (uint8_t)(x >> (8 * n)); 175 | } 176 | 177 | static uint32_t ror32(uint32_t x, int n) 178 | { 179 | return (x >> n) | (x << (32 - n)); 180 | } 181 | 182 | static uint32_t setup_mix(uint32_t x) 183 | { 184 | return (Te[byte32(x, 2)] << 24) ^ (Te[byte32(x, 1)] << 16) ^ (Te[byte32(x, 0)] << 8) ^ Te[byte32(x, 3)]; 185 | } 186 | 187 | static uint32_t setup_mix2(uint32_t x) 188 | { 189 | return TD[Te[byte32(x, 3)]] ^ ror32(TD[Te[byte32(x, 2)]], 8) ^ ror32(TD[Te[byte32(x, 1)]], 16) ^ ror32(TD[Te[byte32(x, 0)]], 24); 190 | } 191 | 192 | void aes128_init(aes128_key* ctx, const uint8_t* key) 193 | { 194 | #if PLATFORM_SUPPORTS_AESNI 195 | if (aes128_supported_x86()) 196 | { 197 | aes128_init_x86(ctx, key); 198 | return; 199 | } 200 | #endif 201 | 202 | uint32_t* ekey = ctx->key; 203 | 204 | ekey[0] = get32be(key + 0); 205 | ekey[1] = get32be(key + 4); 206 | ekey[2] = get32be(key + 8); 207 | ekey[3] = get32be(key + 12); 208 | 209 | for (size_t i=0; i<10; i++) 210 | { 211 | uint32_t temp = ekey[3]; 212 | ekey[4] = ekey[0] ^ setup_mix(temp) ^ (rcon[i] << 24); 213 | ekey[5] = ekey[1] ^ ekey[4]; 214 | ekey[6] = ekey[2] ^ ekey[5]; 215 | ekey[7] = ekey[3] ^ ekey[6]; 216 | ekey += 4; 217 | } 218 | } 219 | 220 | void aes128_init_dec(aes128_key* ctx, const uint8_t* key) 221 | { 222 | #if PLATFORM_SUPPORTS_AESNI 223 | if (aes128_supported_x86()) 224 | { 225 | aes128_init_dec_x86(ctx, key); 226 | return; 227 | } 228 | #endif 229 | 230 | aes128_key enc; 231 | aes128_init(&enc, key); 232 | 233 | uint32_t* ekey = enc.key + 40; 234 | uint32_t* dkey = ctx->key; 235 | 236 | *dkey++ = ekey[0]; 237 | *dkey++ = ekey[1]; 238 | *dkey++ = ekey[2]; 239 | *dkey++ = ekey[3]; 240 | ekey -= 4; 241 | 242 | for (size_t i = 0; i < 9; i++) 243 | { 244 | *dkey++ = setup_mix2(ekey[0]); 245 | *dkey++ = setup_mix2(ekey[1]); 246 | *dkey++ = setup_mix2(ekey[2]); 247 | *dkey++ = setup_mix2(ekey[3]); 248 | ekey -= 4; 249 | } 250 | 251 | *dkey++ = ekey[0]; 252 | *dkey++ = ekey[1]; 253 | *dkey++ = ekey[2]; 254 | *dkey++ = ekey[3]; 255 | } 256 | 257 | static void aes128_encrypt(const aes128_key* ctx, const uint8_t* input, uint8_t* output) 258 | { 259 | uint32_t t0, t1, t2, t3; 260 | const uint32_t* key = ctx->key; 261 | 262 | uint32_t s0 = get32be(input + 0) ^ *key++; 263 | uint32_t s1 = get32be(input + 4) ^ *key++; 264 | uint32_t s2 = get32be(input + 8) ^ *key++; 265 | uint32_t s3 = get32be(input + 12) ^ *key++; 266 | 267 | for (size_t i = 0; i<4; i++) 268 | { 269 | t0 = TE[byte32(s0, 3)] ^ ror32(TE[byte32(s1, 2)], 8) ^ ror32(TE[byte32(s2, 1)], 16) ^ ror32(TE[byte32(s3, 0)], 24) ^ *key++; 270 | t1 = TE[byte32(s1, 3)] ^ ror32(TE[byte32(s2, 2)], 8) ^ ror32(TE[byte32(s3, 1)], 16) ^ ror32(TE[byte32(s0, 0)], 24) ^ *key++; 271 | t2 = TE[byte32(s2, 3)] ^ ror32(TE[byte32(s3, 2)], 8) ^ ror32(TE[byte32(s0, 1)], 16) ^ ror32(TE[byte32(s1, 0)], 24) ^ *key++; 272 | t3 = TE[byte32(s3, 3)] ^ ror32(TE[byte32(s0, 2)], 8) ^ ror32(TE[byte32(s1, 1)], 16) ^ ror32(TE[byte32(s2, 0)], 24) ^ *key++; 273 | 274 | s0 = TE[byte32(t0, 3)] ^ ror32(TE[byte32(t1, 2)], 8) ^ ror32(TE[byte32(t2, 1)], 16) ^ ror32(TE[byte32(t3, 0)], 24) ^ *key++; 275 | s1 = TE[byte32(t1, 3)] ^ ror32(TE[byte32(t2, 2)], 8) ^ ror32(TE[byte32(t3, 1)], 16) ^ ror32(TE[byte32(t0, 0)], 24) ^ *key++; 276 | s2 = TE[byte32(t2, 3)] ^ ror32(TE[byte32(t3, 2)], 8) ^ ror32(TE[byte32(t0, 1)], 16) ^ ror32(TE[byte32(t1, 0)], 24) ^ *key++; 277 | s3 = TE[byte32(t3, 3)] ^ ror32(TE[byte32(t0, 2)], 8) ^ ror32(TE[byte32(t1, 1)], 16) ^ ror32(TE[byte32(t2, 0)], 24) ^ *key++; 278 | } 279 | 280 | t0 = TE[byte32(s0, 3)] ^ ror32(TE[byte32(s1, 2)], 8) ^ ror32(TE[byte32(s2, 1)], 16) ^ ror32(TE[byte32(s3, 0)], 24) ^ *key++; 281 | t1 = TE[byte32(s1, 3)] ^ ror32(TE[byte32(s2, 2)], 8) ^ ror32(TE[byte32(s3, 1)], 16) ^ ror32(TE[byte32(s0, 0)], 24) ^ *key++; 282 | t2 = TE[byte32(s2, 3)] ^ ror32(TE[byte32(s3, 2)], 8) ^ ror32(TE[byte32(s0, 1)], 16) ^ ror32(TE[byte32(s1, 0)], 24) ^ *key++; 283 | t3 = TE[byte32(s3, 3)] ^ ror32(TE[byte32(s0, 2)], 8) ^ ror32(TE[byte32(s1, 1)], 16) ^ ror32(TE[byte32(s2, 0)], 24) ^ *key++; 284 | 285 | s0 = (Te[byte32(t0, 3)] << 24) ^ (Te[byte32(t1, 2)] << 16) ^ (Te[byte32(t2, 1)] << 8) ^ Te[byte32(t3, 0)] ^ *key++; 286 | s1 = (Te[byte32(t1, 3)] << 24) ^ (Te[byte32(t2, 2)] << 16) ^ (Te[byte32(t3, 1)] << 8) ^ Te[byte32(t0, 0)] ^ *key++; 287 | s2 = (Te[byte32(t2, 3)] << 24) ^ (Te[byte32(t3, 2)] << 16) ^ (Te[byte32(t0, 1)] << 8) ^ Te[byte32(t1, 0)] ^ *key++; 288 | s3 = (Te[byte32(t3, 3)] << 24) ^ (Te[byte32(t0, 2)] << 16) ^ (Te[byte32(t1, 1)] << 8) ^ Te[byte32(t2, 0)] ^ *key++; 289 | 290 | set32be(output + 0, s0); 291 | set32be(output + 4, s1); 292 | set32be(output + 8, s2); 293 | set32be(output + 12, s3); 294 | } 295 | 296 | static void aes128_decrypt(const aes128_key* ctx, const uint8_t* input, uint8_t* output) 297 | { 298 | const uint32_t* key = ctx->key; 299 | 300 | uint32_t s0 = get32be(input + 0) ^ *key++; 301 | uint32_t s1 = get32be(input + 4) ^ *key++; 302 | uint32_t s2 = get32be(input + 8) ^ *key++; 303 | uint32_t s3 = get32be(input + 12) ^ *key++; 304 | 305 | uint32_t t0 = TD[byte32(s0, 3)] ^ ror32(TD[byte32(s3, 2)], 8) ^ ror32(TD[byte32(s2, 1)], 16) ^ ror32(TD[byte32(s1, 0)], 24) ^ *key++; 306 | uint32_t t1 = TD[byte32(s1, 3)] ^ ror32(TD[byte32(s0, 2)], 8) ^ ror32(TD[byte32(s3, 1)], 16) ^ ror32(TD[byte32(s2, 0)], 24) ^ *key++; 307 | uint32_t t2 = TD[byte32(s2, 3)] ^ ror32(TD[byte32(s1, 2)], 8) ^ ror32(TD[byte32(s0, 1)], 16) ^ ror32(TD[byte32(s3, 0)], 24) ^ *key++; 308 | uint32_t t3 = TD[byte32(s3, 3)] ^ ror32(TD[byte32(s2, 2)], 8) ^ ror32(TD[byte32(s1, 1)], 16) ^ ror32(TD[byte32(s0, 0)], 24) ^ *key++; 309 | 310 | for (size_t i = 0; i < 4; i++) 311 | { 312 | s0 = TD[byte32(t0, 3)] ^ ror32(TD[byte32(t3, 2)], 8) ^ ror32(TD[byte32(t2, 1)], 16) ^ ror32(TD[byte32(t1, 0)], 24) ^ *key++; 313 | s1 = TD[byte32(t1, 3)] ^ ror32(TD[byte32(t0, 2)], 8) ^ ror32(TD[byte32(t3, 1)], 16) ^ ror32(TD[byte32(t2, 0)], 24) ^ *key++; 314 | s2 = TD[byte32(t2, 3)] ^ ror32(TD[byte32(t1, 2)], 8) ^ ror32(TD[byte32(t0, 1)], 16) ^ ror32(TD[byte32(t3, 0)], 24) ^ *key++; 315 | s3 = TD[byte32(t3, 3)] ^ ror32(TD[byte32(t2, 2)], 8) ^ ror32(TD[byte32(t1, 1)], 16) ^ ror32(TD[byte32(t0, 0)], 24) ^ *key++; 316 | 317 | t0 = TD[byte32(s0, 3)] ^ ror32(TD[byte32(s3, 2)], 8) ^ ror32(TD[byte32(s2, 1)], 16) ^ ror32(TD[byte32(s1, 0)], 24) ^ *key++; 318 | t1 = TD[byte32(s1, 3)] ^ ror32(TD[byte32(s0, 2)], 8) ^ ror32(TD[byte32(s3, 1)], 16) ^ ror32(TD[byte32(s2, 0)], 24) ^ *key++; 319 | t2 = TD[byte32(s2, 3)] ^ ror32(TD[byte32(s1, 2)], 8) ^ ror32(TD[byte32(s0, 1)], 16) ^ ror32(TD[byte32(s3, 0)], 24) ^ *key++; 320 | t3 = TD[byte32(s3, 3)] ^ ror32(TD[byte32(s2, 2)], 8) ^ ror32(TD[byte32(s1, 1)], 16) ^ ror32(TD[byte32(s0, 0)], 24) ^ *key++; 321 | } 322 | 323 | s0 = (Td[byte32(t0, 3)] << 24) ^ (Td[byte32(t3, 2)] << 16) ^ (Td[byte32(t2, 1)] << 8) ^ Td[byte32(t1, 0)] ^ *key++; 324 | s1 = (Td[byte32(t1, 3)] << 24) ^ (Td[byte32(t0, 2)] << 16) ^ (Td[byte32(t3, 1)] << 8) ^ Td[byte32(t2, 0)] ^ *key++; 325 | s2 = (Td[byte32(t2, 3)] << 24) ^ (Td[byte32(t1, 2)] << 16) ^ (Td[byte32(t0, 1)] << 8) ^ Td[byte32(t3, 0)] ^ *key++; 326 | s3 = (Td[byte32(t3, 3)] << 24) ^ (Td[byte32(t2, 2)] << 16) ^ (Td[byte32(t1, 1)] << 8) ^ Td[byte32(t0, 0)] ^ *key++; 327 | 328 | set32be(output + 0, s0); 329 | set32be(output + 4, s1); 330 | set32be(output + 8, s2); 331 | set32be(output + 12, s3); 332 | } 333 | 334 | void aes128_ecb_encrypt(const aes128_key* ctx, const uint8_t* input, uint8_t* output) 335 | { 336 | #if PLATFORM_SUPPORTS_AESNI 337 | if (aes128_supported_x86()) 338 | { 339 | aes128_ecb_encrypt_x86(ctx, input, output); 340 | return; 341 | } 342 | #endif 343 | aes128_encrypt(ctx, input, output); 344 | } 345 | 346 | void aes128_ecb_decrypt(const aes128_key* ctx, const uint8_t* input, uint8_t* output) 347 | { 348 | #if PLATFORM_SUPPORTS_AESNI 349 | if (aes128_supported_x86()) 350 | { 351 | aes128_ecb_decrypt_x86(ctx, input, output); 352 | return; 353 | } 354 | #endif 355 | aes128_decrypt(ctx, input, output); 356 | } 357 | 358 | static void ctr_add(uint8_t* counter, uint64_t n) 359 | { 360 | for (int i=15; i>=0; i--) 361 | { 362 | n = n + counter[i]; 363 | counter[i] = (uint8_t)n; 364 | n >>= 8; 365 | } 366 | } 367 | 368 | void aes128_ctr_xor(const aes128_key* context, const uint8_t* iv, uint64_t block, uint8_t* buffer, size_t size) 369 | { 370 | uint8_t tmp[16]; 371 | uint8_t counter[16]; 372 | for (uint32_t i=0; i<16; i++) 373 | { 374 | counter[i] = iv[i]; 375 | } 376 | ctr_add(counter, block); 377 | 378 | #if PLATFORM_SUPPORTS_AESNI 379 | if (aes128_supported_x86()) 380 | { 381 | aes128_ctr_xor_x86(context, counter, buffer, size); 382 | return; 383 | } 384 | #endif 385 | 386 | while (size >= 16) 387 | { 388 | aes128_encrypt(context, counter, tmp); 389 | for (uint32_t i=0; i<16; i++) 390 | { 391 | *buffer++ ^= tmp[i]; 392 | } 393 | ctr_add(counter, 1); 394 | size -= 16; 395 | } 396 | 397 | if (size != 0) 398 | { 399 | aes128_encrypt(context, counter, tmp); 400 | for (size_t i=0; ikey, key); 440 | memset(ctx->last, 0, 16); 441 | ctx->size = 0; 442 | } 443 | 444 | static void aes128_cmac_update(aes128_cmac_ctx* ctx, const uint8_t* buffer, uint32_t size) 445 | { 446 | if (ctx->size + size <= 16) 447 | { 448 | memcpy(ctx->block + ctx->size, buffer, size); 449 | ctx->size += size; 450 | return; 451 | } 452 | 453 | if (ctx->size != 0) 454 | { 455 | uint32_t avail = 16 - ctx->size; 456 | memcpy(ctx->block + ctx->size, buffer, avail < size ? avail : size); 457 | buffer += avail; 458 | size -= avail; 459 | 460 | aes128_cmac_process(&ctx->key, ctx->last, ctx->block, 16); 461 | } 462 | 463 | if (size >= 16) 464 | { 465 | uint32_t full = (size - 1) & ~15; 466 | aes128_cmac_process(&ctx->key, ctx->last, buffer, full); 467 | buffer += full; 468 | size -= full; 469 | } 470 | 471 | memcpy(ctx->block, buffer, size); 472 | ctx->size = size; 473 | } 474 | 475 | static void cmac_gfmul(uint8_t* block) 476 | { 477 | uint8_t carry = 0; 478 | for (int i = 15; i >= 0; i--) 479 | { 480 | uint8_t x = block[i]; 481 | block[i] = (block[i] << 1) | (carry >> 7); 482 | carry = x; 483 | } 484 | 485 | block[15] ^= (carry & 0x80 ? 0x87 : 0); 486 | } 487 | 488 | static void aes128_cmac_done(aes128_cmac_ctx* ctx, uint8_t* mac) 489 | { 490 | uint8_t zero[16] = { 0 }; 491 | aes128_ecb_encrypt(&ctx->key, zero, mac); 492 | 493 | cmac_gfmul(mac); 494 | 495 | if (ctx->size != 16) 496 | { 497 | cmac_gfmul(mac); 498 | 499 | ctx->block[ctx->size] = 0x80; 500 | memset(ctx->block + ctx->size + 1, 0, 16 - (ctx->size + 1)); 501 | } 502 | 503 | for (size_t i = 0; i < 16; i++) 504 | { 505 | mac[i] ^= ctx->block[i]; 506 | } 507 | 508 | aes128_cmac_process(&ctx->key, mac, ctx->last, 16); 509 | } 510 | 511 | void aes128_cmac(const uint8_t* key, const uint8_t* buffer, uint32_t size, uint8_t* mac) 512 | { 513 | aes128_cmac_ctx ctx; 514 | aes128_cmac_init(&ctx, key); 515 | aes128_cmac_update(&ctx, buffer, size); 516 | aes128_cmac_done(&ctx, mac); 517 | } 518 | 519 | void aes128_psp_decrypt(const aes128_key* ctx, const uint8_t* iv, uint32_t index, uint8_t* buffer, uint32_t size) 520 | { 521 | assert(size % 16 == 0); 522 | 523 | uint8_t PKG_ALIGN(16) prev[16]; 524 | uint8_t PKG_ALIGN(16) block[16]; 525 | 526 | if (index == 0) 527 | { 528 | memset(prev, 0, 16); 529 | } 530 | else 531 | { 532 | memcpy(prev, iv, 12); 533 | set32le(prev + 12, index); 534 | } 535 | 536 | memcpy(block, iv, 16); 537 | set32le(block + 12, index); 538 | 539 | #if PLATFORM_SUPPORTS_AESNI 540 | if (aes128_supported_x86()) 541 | { 542 | aes128_psp_decrypt_x86(ctx, prev, block, buffer, size); 543 | return; 544 | } 545 | #endif 546 | 547 | for (uint32_t i = 0; i < size; i += 16) 548 | { 549 | set32le(block + 12, get32le(block + 12) + 1); 550 | 551 | uint8_t out[16]; 552 | aes128_ecb_decrypt(ctx, block, out); 553 | 554 | for (size_t k = 0; k < 16; k++) 555 | { 556 | *buffer++ ^= prev[k] ^ out[k]; 557 | } 558 | memcpy(prev, block, 16); 559 | } 560 | } 561 | -------------------------------------------------------------------------------- /source/tools/ps3py/pkg.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python2 2 | from __future__ import with_statement 3 | import struct, sys 4 | 5 | class StructType(tuple): 6 | def __getitem__(self, value): 7 | return [self] * value 8 | def __call__(self, value, endian='<'): 9 | if isinstance(value, str): 10 | return struct.unpack(endian + tuple.__getitem__(self, 0), value[:tuple.__getitem__(self, 1)])[0] 11 | else: 12 | return struct.pack(endian + tuple.__getitem__(self, 0), value) 13 | 14 | class Struct(object): 15 | __slots__ = ('__attrs__', '__baked__', '__defs__', '__endian__', '__next__', '__sizes__', '__values__') 16 | int8 = StructType(('b', 1)) 17 | uint8 = StructType(('B', 1)) 18 | 19 | int16 = StructType(('h', 2)) 20 | uint16 = StructType(('H', 2)) 21 | 22 | int32 = StructType(('l', 4)) 23 | uint32 = StructType(('L', 4)) 24 | 25 | int64 = StructType(('q', 8)) 26 | uint64 = StructType(('Q', 8)) 27 | 28 | float = StructType(('f', 4)) 29 | 30 | def string(cls, len, offset=0, encoding=None, stripNulls=False, value=''): 31 | return StructType(('string', (len, offset, encoding, stripNulls, value))) 32 | string = classmethod(string) 33 | 34 | LE = '<' 35 | BE = '>' 36 | __endian__ = '<' 37 | 38 | def __init__(self, func=None, unpack=None, **kwargs): 39 | self.__defs__ = [] 40 | self.__sizes__ = [] 41 | self.__attrs__ = [] 42 | self.__values__ = {} 43 | self.__next__ = True 44 | self.__baked__ = False 45 | 46 | if func == None: 47 | self.__format__() 48 | else: 49 | sys.settrace(self.__trace__) 50 | func() 51 | for name in func.func_code.co_varnames: 52 | value = self.__frame__.f_locals[name] 53 | self.__setattr__(name, value) 54 | 55 | self.__baked__ = True 56 | 57 | if unpack != None: 58 | if isinstance(unpack, tuple): 59 | self.unpack(*unpack) 60 | else: 61 | self.unpack(unpack) 62 | 63 | if len(kwargs): 64 | for name in kwargs: 65 | self.__values__[name] = kwargs[name] 66 | 67 | def __trace__(self, frame, event, arg): 68 | self.__frame__ = frame 69 | sys.settrace(None) 70 | 71 | def __setattr__(self, name, value): 72 | if name in self.__slots__: 73 | return object.__setattr__(self, name, value) 74 | 75 | if self.__baked__ == False: 76 | if not isinstance(value, list): 77 | value = [value] 78 | attrname = name 79 | else: 80 | attrname = '*' + name 81 | 82 | self.__values__[name] = None 83 | 84 | for sub in value: 85 | if isinstance(sub, Struct): 86 | sub = sub.__class__ 87 | try: 88 | if issubclass(sub, Struct): 89 | sub = ('struct', sub) 90 | except TypeError: 91 | pass 92 | type_, size = tuple(sub) 93 | if type_ == 'string': 94 | self.__defs__.append(Struct.string) 95 | self.__sizes__.append(size) 96 | self.__attrs__.append(attrname) 97 | self.__next__ = True 98 | 99 | if attrname[0] != '*': 100 | self.__values__[name] = size[3] 101 | elif self.__values__[name] == None: 102 | self.__values__[name] = [size[3] for val in value] 103 | elif type_ == 'struct': 104 | self.__defs__.append(Struct) 105 | self.__sizes__.append(size) 106 | self.__attrs__.append(attrname) 107 | self.__next__ = True 108 | 109 | if attrname[0] != '*': 110 | self.__values__[name] = size() 111 | elif self.__values__[name] == None: 112 | self.__values__[name] = [size() for val in value] 113 | else: 114 | if self.__next__: 115 | self.__defs__.append('') 116 | self.__sizes__.append(0) 117 | self.__attrs__.append([]) 118 | self.__next__ = False 119 | 120 | self.__defs__[-1] += type_ 121 | self.__sizes__[-1] += size 122 | self.__attrs__[-1].append(attrname) 123 | 124 | if attrname[0] != '*': 125 | self.__values__[name] = 0 126 | elif self.__values__[name] == None: 127 | self.__values__[name] = [0 for val in value] 128 | else: 129 | try: 130 | self.__values__[name] = value 131 | except KeyError: 132 | raise AttributeError(name) 133 | 134 | def __getattr__(self, name): 135 | if self.__baked__ == False: 136 | return name 137 | else: 138 | try: 139 | return self.__values__[name] 140 | except KeyError: 141 | raise AttributeError(name) 142 | 143 | def __len__(self): 144 | ret = 0 145 | arraypos, arrayname = None, None 146 | 147 | for i in range(len(self.__defs__)): 148 | sdef, size, attrs = self.__defs__[i], self.__sizes__[i], self.__attrs__[i] 149 | 150 | if sdef == Struct.string: 151 | size, offset, encoding, stripNulls, value = size 152 | if isinstance(size, str): 153 | size = self.__values__[size] + offset 154 | elif sdef == Struct: 155 | if attrs[0] == '*': 156 | if arrayname != attrs: 157 | arrayname = attrs 158 | arraypos = 0 159 | size = len(self.__values__[attrs[1:]][arraypos]) 160 | size = len(self.__values__[attrs]) 161 | 162 | ret += size 163 | 164 | return ret 165 | 166 | def unpack(self, data, pos=0): 167 | for name in self.__values__: 168 | if not isinstance(self.__values__[name], Struct): 169 | self.__values__[name] = None 170 | elif self.__values__[name].__class__ == list and len(self.__values__[name]) != 0: 171 | if not isinstance(self.__values__[name][0], Struct): 172 | self.__values__[name] = None 173 | 174 | arraypos, arrayname = None, None 175 | 176 | for i in range(len(self.__defs__)): 177 | sdef, size, attrs = self.__defs__[i], self.__sizes__[i], self.__attrs__[i] 178 | 179 | if sdef == Struct.string: 180 | size, offset, encoding, stripNulls, value = size 181 | if isinstance(size, str): 182 | size = self.__values__[size] + offset 183 | 184 | temp = data[pos:pos+size] 185 | if len(temp) != size: 186 | raise StructException('Expected %i byte string, got %i' % (size, len(temp))) 187 | 188 | if encoding != None: 189 | temp = temp.decode(encoding) 190 | 191 | if stripNulls: 192 | temp = temp.rstrip('\0') 193 | 194 | if attrs[0] == '*': 195 | name = attrs[1:] 196 | if self.__values__[name] == None: 197 | self.__values__[name] = [] 198 | self.__values__[name].append(temp) 199 | else: 200 | self.__values__[attrs] = temp 201 | pos += size 202 | elif sdef == Struct: 203 | if attrs[0] == '*': 204 | if arrayname != attrs: 205 | arrayname = attrs 206 | arraypos = 0 207 | name = attrs[1:] 208 | self.__values__[attrs][arraypos].unpack(data, pos) 209 | pos += len(self.__values__[attrs][arraypos]) 210 | arraypos += 1 211 | else: 212 | self.__values__[attrs].unpack(data, pos) 213 | pos += len(self.__values__[attrs]) 214 | else: 215 | values = struct.unpack(self.__endian__+sdef, data[pos:pos+size]) 216 | pos += size 217 | j = 0 218 | for name in attrs: 219 | if name[0] == '*': 220 | name = name[1:] 221 | if self.__values__[name] == None: 222 | self.__values__[name] = [] 223 | self.__values__[name].append(values[j]) 224 | else: 225 | self.__values__[name] = values[j] 226 | j += 1 227 | 228 | return self 229 | 230 | def pack(self): 231 | arraypos, arrayname = None, None 232 | 233 | ret = '' 234 | for i in range(len(self.__defs__)): 235 | sdef, size, attrs = self.__defs__[i], self.__sizes__[i], self.__attrs__[i] 236 | 237 | if sdef == Struct.string: 238 | size, offset, encoding, stripNulls, value = size 239 | if isinstance(size, str): 240 | size = self.__values__[size]+offset 241 | 242 | if attrs[0] == '*': 243 | if arrayname != attrs: 244 | arraypos = 0 245 | arrayname = attrs 246 | temp = self.__values__[attrs[1:]][arraypos] 247 | arraypos += 1 248 | else: 249 | temp = self.__values__[attrs] 250 | 251 | if encoding != None: 252 | temp = temp.encode(encoding) 253 | 254 | temp = temp[:size] 255 | ret += temp + ('\0' * (size - len(temp))) 256 | elif sdef == Struct: 257 | if attrs[0] == '*': 258 | if arrayname != attrs: 259 | arraypos = 0 260 | arrayname = attrs 261 | ret += self.__values__[attrs[1:]][arraypos].pack() 262 | arraypos += 1 263 | else: 264 | ret += self.__values__[attrs].pack() 265 | else: 266 | values = [] 267 | for name in attrs: 268 | if name[0] == '*': 269 | if arrayname != name: 270 | arraypos = 0 271 | arrayname = name 272 | values.append(self.__values__[name[1:]][arraypos]) 273 | arraypos += 1 274 | else: 275 | values.append(self.__values__[name]) 276 | 277 | ret += struct.pack(self.__endian__+sdef, *values) 278 | return ret 279 | 280 | def __getitem__(self, value): 281 | return [('struct', self.__class__)] * value 282 | 283 | class SelfHeader(Struct): 284 | __endian__ = Struct.BE 285 | def __format__(self): 286 | self.magic = Struct.uint32 287 | self.headerVer = Struct.uint32 288 | self.flags = Struct.uint16 289 | self.type = Struct.uint16 290 | self.meta = Struct.uint32 291 | self.headerSize = Struct.uint64 292 | self.encryptedSize = Struct.uint64 293 | self.unknown = Struct.uint64 294 | self.AppInfo = Struct.uint64 295 | self.elf = Struct.uint64 296 | self.phdr = Struct.uint64 297 | self.shdr = Struct.uint64 298 | self.phdrOffsets = Struct.uint64 299 | self.sceversion = Struct.uint64 300 | self.digest = Struct.uint64 301 | self.digestSize = Struct.uint64 302 | 303 | class AppInfo(Struct): 304 | __endian__ = Struct.BE 305 | def __format__(self): 306 | self.authid = Struct.uint64 307 | self.unknown = Struct.uint32 308 | self.appType = Struct.uint32 309 | self.appVersion = Struct.uint64 310 | 311 | import struct 312 | import sys 313 | import hashlib 314 | import os 315 | import getopt 316 | import ConfigParser 317 | import io 318 | import glob 319 | 320 | TYPE_NPDRMSELF = 0x1 321 | TYPE_RAW = 0x3 322 | TYPE_DIRECTORY = 0x4 323 | 324 | TYPE_OVERWRITE_ALLOWED = 0x80000000 325 | 326 | class EbootMeta(Struct): 327 | __endian__ = Struct.BE 328 | def __format__(self): 329 | self.magic = Struct.uint32 330 | self.unk1 = Struct.uint32 331 | self.drmType = Struct.uint32 332 | self.unk2 = Struct.uint32 333 | self.contentID = Struct.uint8[0x30] 334 | self.fileSHA1 = Struct.uint8[0x10] 335 | self.notSHA1 = Struct.uint8[0x10] 336 | self.notXORKLSHA1 = Struct.uint8[0x10] 337 | self.nulls = Struct.uint8[0x10] 338 | class MetaHeader(Struct): 339 | __endian__ = Struct.BE 340 | def __format__(self): 341 | self.unk1 = Struct.uint32 342 | self.unk2 = Struct.uint32 343 | self.drmType = Struct.uint32 344 | self.unk4 = Struct.uint32 345 | 346 | self.unk21 = Struct.uint32 347 | self.unk22 = Struct.uint32 348 | self.unk23 = Struct.uint32 349 | self.unk24 = Struct.uint32 350 | 351 | self.unk31 = Struct.uint32 352 | self.unk32 = Struct.uint32 353 | self.unk33 = Struct.uint32 354 | self.secondaryVersion = Struct.uint16 355 | self.unk34 = Struct.uint16 356 | 357 | self.dataSize = Struct.uint32 358 | self.unk42 = Struct.uint32 359 | self.unk43 = Struct.uint32 360 | self.packagedBy = Struct.uint16 361 | self.packageVersion = Struct.uint16 362 | class DigestBlock(Struct): 363 | __endian__ = Struct.BE 364 | def __format__(self): 365 | self.type = Struct.uint32 366 | self.size = Struct.uint32 367 | self.isNext = Struct.uint64 368 | class FileHeader(Struct): 369 | __endian__ = Struct.BE 370 | def __format__(self): 371 | self.fileNameOff = Struct.uint32 372 | self.fileNameLength = Struct.uint32 373 | self.fileOff = Struct.uint64 374 | 375 | self.fileSize = Struct.uint64 376 | self.flags = Struct.uint32 377 | self.padding = Struct.uint32 378 | def __str__(self): 379 | out = "" 380 | out += "[X] File Name: %s [" % self.fileName 381 | if self.flags & 0xFF == TYPE_NPDRMSELF: 382 | out += "NPDRM Self]" 383 | elif self.flags & 0xFF == TYPE_DIRECTORY: 384 | out += "Directory]" 385 | elif self.flags & 0xFF == TYPE_RAW: 386 | out += "Raw Data]" 387 | else: 388 | out += "Unknown]" 389 | if (self.flags & TYPE_OVERWRITE_ALLOWED ) != 0: 390 | out += " Overwrite allowed.\n" 391 | else: 392 | out += " Overwrite NOT allowed.\n" 393 | out += "\n" 394 | 395 | out += "[X] File Name offset: %08x\n" % self.fileNameOff 396 | out += "[X] File Name Length: %08x\n" % self.fileNameLength 397 | out += "[X] Offset To File Data: %016x\n" % self.fileOff 398 | 399 | out += "[X] File Size: %016x\n" % self.fileSize 400 | out += "[X] Flags: %08x\n" % self.flags 401 | out += "[X] Padding: %08x\n\n" % self.padding 402 | assert self.padding == 0, "I guess I was wrong, this is not padding." 403 | 404 | 405 | return out 406 | def __repr__(self): 407 | return self.fileName + (" Size: 0x%016x" % self.fileSize) 408 | def __init__(self): 409 | Struct.__init__(self) 410 | self.fileName = "" 411 | 412 | class Header(Struct): 413 | __endian__ = Struct.BE 414 | def __format__(self): 415 | self.magic = Struct.uint32 416 | self.type = Struct.uint32 417 | self.pkgInfoOff = Struct.uint32 418 | self.unk1 = Struct.uint32 419 | 420 | self.headSize = Struct.uint32 421 | self.itemCount = Struct.uint32 422 | self.packageSize = Struct.uint64 423 | 424 | self.dataOff = Struct.uint64 425 | self.dataSize = Struct.uint64 426 | 427 | self.contentID = Struct.uint8[0x30] 428 | self.QADigest = Struct.uint8[0x10] 429 | self.KLicensee = Struct.uint8[0x10] 430 | 431 | 432 | 433 | def __str__(self): 434 | context = keyToContext(self.QADigest) 435 | setContextNum(context, 0xFFFFFFFFFFFFFFFF) 436 | licensee = crypt(context, listToString(self.KLicensee), 0x10) 437 | 438 | out = "" 439 | out += "[X] Magic: %08x\n" % self.magic 440 | out += "[X] Type: %08x\n" % self.type 441 | out += "[X] Offset to package info: %08x\n" % self.pkgInfoOff 442 | out += "[ ] unk1: %08x\n" % self.unk1 443 | 444 | out += "[X] Head Size: %08x\n" % self.headSize 445 | out += "[X] Item Count: %08x\n" % self.itemCount 446 | out += "[X] Package Size: %016x\n" % self.packageSize 447 | 448 | out += "[X] Data Offset: %016x\n" % self.dataOff 449 | out += "[X] Data Size: %016x\n" % self.dataSize 450 | 451 | out += "[X] ContentID: '%s'\n" % (nullterm(self.contentID)) 452 | 453 | out += "[X] QA_Digest: %s\n" % (nullterm(self.QADigest, True)) 454 | out += "[X] K Licensee: %s\n" % licensee.encode('hex') 455 | 456 | 457 | return out 458 | def listToString(inlist): 459 | if isinstance(inlist, list): 460 | return ''.join(["%c" % el for el in inlist]) 461 | else: 462 | return "" 463 | def nullterm(str_plus, printhex=False): 464 | if isinstance(str_plus, list): 465 | if printhex: 466 | str_plus = ''.join(["%X" % el for el in str_plus]) 467 | else: 468 | str_plus = listToString(str_plus) 469 | z = str_plus.find('\0') 470 | if z != -1: 471 | return str_plus[:z] 472 | else: 473 | return str_plus 474 | 475 | def keyToContext(key): 476 | if isinstance(key, list): 477 | key = listToString(key) 478 | key = key[0:16] 479 | largekey = [] 480 | for i in range(0, 8): 481 | largekey.append(ord(key[i])) 482 | for i in range(0, 8): 483 | largekey.append(ord(key[i])) 484 | for i in range(0, 8): 485 | largekey.append(ord(key[i+8])) 486 | for i in range(0, 8): 487 | largekey.append(ord(key[i+8])) 488 | for i in range(0, 0x20): 489 | largekey.append(0) 490 | return largekey 491 | 492 | #Thanks to anonymous for the help with the RE of this part, 493 | # the x86 mess of ands and ors made my head go BOOM headshot. 494 | def manipulate(key): 495 | if not isinstance(key, list): 496 | return 497 | tmp = listToString(key[0x38:]) 498 | 499 | 500 | tmpnum = struct.unpack('>Q', tmp)[0] 501 | tmpnum += 1 502 | tmpnum = tmpnum & 0xFFFFFFFFFFFFFFFF 503 | setContextNum(key, tmpnum) 504 | def setContextNum(key, tmpnum): 505 | tmpchrs = struct.pack('>Q', tmpnum) 506 | 507 | key[0x38] = ord(tmpchrs[0]) 508 | key[0x39] = ord(tmpchrs[1]) 509 | key[0x3a] = ord(tmpchrs[2]) 510 | key[0x3b] = ord(tmpchrs[3]) 511 | key[0x3c] = ord(tmpchrs[4]) 512 | key[0x3d] = ord(tmpchrs[5]) 513 | key[0x3e] = ord(tmpchrs[6]) 514 | key[0x3f] = ord(tmpchrs[7]) 515 | 516 | try: 517 | import pkgcrypt 518 | except: 519 | print "" 520 | print "-----------------" 521 | print "PKG BUILD ERROR" 522 | print "-----------------" 523 | print "Couldn't make PKG file. Go into the ps3py directory, and type the following:" 524 | print "" 525 | print "python2 setup.py build" 526 | print "" 527 | print "This should create a pkgcrypt.so file in the build/ directory. Move that file" 528 | print "over to the root of the ps3py directory and try running this script again." 529 | 530 | 531 | def crypt(key, inbuf, length): 532 | if not isinstance(key, list): 533 | return "" 534 | # Call our ultra fast c implemetation 535 | #return pkgcrypt.pkgcrypt(listToString(key), inbuf, length); #Fix For macOS 10.13.5 536 | 537 | # Original python (slow) implementation 538 | ret = "" 539 | offset = 0 540 | while length > 0: 541 | bytes_to_dump = length 542 | if length > 0x10: 543 | bytes_to_dump = 0x10 544 | outhash = SHA1(listToString(key)[0:0x40]) 545 | for i in range(0, bytes_to_dump): 546 | ret += chr(ord(outhash[i]) ^ ord(inbuf[offset])) 547 | offset += 1 548 | manipulate(key) 549 | length -= bytes_to_dump 550 | return ret 551 | def SHA1(data): 552 | m = hashlib.sha1() 553 | m.update(data) 554 | return m.digest() 555 | 556 | pkgcrypt.register_sha1_callback(SHA1) 557 | 558 | def getFiles(files, folder, original): 559 | oldfolder = folder 560 | foundFiles = glob.glob( os.path.join(folder, '*') ) 561 | sortedList = [] 562 | for filepath in foundFiles: 563 | if not os.path.isdir(filepath): 564 | sortedList.append(filepath) 565 | for filepath in foundFiles: 566 | if os.path.isdir(filepath): 567 | sortedList.append(filepath) 568 | for filepath in sortedList: 569 | newpath = filepath.replace("\\", "/") 570 | newpath = newpath[len(original):] 571 | if os.path.isdir(filepath): 572 | folder = FileHeader() 573 | folder.fileName = newpath 574 | folder.fileNameOff = 0 575 | folder.fileNameLength = len(folder.fileName) 576 | folder.fileOff = 0 577 | 578 | folder.fileSize = 0 579 | folder.flags = TYPE_OVERWRITE_ALLOWED | TYPE_DIRECTORY 580 | folder.padding = 0 581 | files.append(folder) 582 | getFiles(files, filepath, original) 583 | else: 584 | file = FileHeader() 585 | file.fileName = newpath 586 | file.fileNameOff = 0 587 | file.fileNameLength = len(file.fileName) 588 | file.fileOff = 0 589 | file.fileSize = os.path.getsize(filepath) 590 | file.flags = TYPE_OVERWRITE_ALLOWED | TYPE_RAW 591 | if newpath == "USRDIR/EBOOT.BIN": 592 | file.fileSize = ((file.fileSize - 0x30 + 63) & ~63) + 0x30 593 | file.flags = TYPE_OVERWRITE_ALLOWED | TYPE_NPDRMSELF 594 | 595 | file.padding = 0 596 | files.append(file) 597 | 598 | def pack(folder, contentid, outname=None): 599 | 600 | qadigest = hashlib.sha1() 601 | 602 | header = Header() 603 | header.magic = 0x7F504B47 604 | header.type = 0x01 605 | header.pkgInfoOff = 0xC0 606 | header.unk1 = 0x05 607 | 608 | header.headSize = 0x80 609 | header.itemCount = 0 610 | header.packageSize = 0 611 | 612 | header.dataOff = 0x140 613 | header.dataSize = 0 614 | 615 | for i in range(0, 0x30): 616 | header.contentID[i] = 0 617 | 618 | for i in range(0,0x10): 619 | header.QADigest[i] = 0 620 | header.KLicensee[i] = 0 621 | 622 | #content type type name install path (on ps3) notes 623 | #0x00000004 GameData (also Patches) /dev_hdd0/game/ 624 | #0x00000005 Game_Exec /dev_hdd0/game/ 625 | #0x00000006 PS1emu /dev_hdd0/game/ 626 | #0x00000007 PSP & PCEngine /dev_hdd0/game/ 627 | #0x00000008 628 | #0x00000009 Theme /dev_hdd0/theme 629 | #0x0000000A Widget /dev_hdd0/widget 630 | #0x0000000B License /dev_hdd0/home//exdata 631 | #0x0000000C VSH Module /dev_hdd0/vsh/modules/ 632 | #0x0000000D PSN Avatar /dev_hdd0/home//psn_avatar 633 | #0x0000000E PSPgo /dev_hdd0/game/ Displayed as Unknown Album: Corrupted Data 634 | #0x0000000F Minis /dev_hdd0/game/ 635 | #0x00000010 NEOGEO /dev_hdd0/game/ 636 | #0x00000011 VMC /dev_hdd0/tmp/vmc/ 637 | #0x00000012 Seen on PS2 classic /dev_hdd0/game/ 638 | #0x00000013 639 | #0x00000014 Seen on PSP remastered /dev_hdd0/game/ 640 | #0x00000015 PSVita (PSP2GD) 641 | #0x00000016 PSVita (PSP2AC) 642 | #0x00000017 PSVita (PSP2LA) 643 | #0x00000018 644 | #0x00000019 WT (Web TV?) /dev_hdd0/game/ 645 | 646 | metaBlock = MetaHeader() 647 | metaBlock.unk1 = 1 #doesnt change output of --extract 648 | metaBlock.unk2 = 4 #doesnt change output of --extract 649 | metaBlock.drmType = 3 #1 = Network, 2 = Local, 3 = Free, anything else = unknown 650 | metaBlock.unk4 = 2 651 | 652 | metaBlock.unk21 = 4 653 | metaBlock.unk22 = 0xB #content type = 5 == gameexec, 4 == gamedata 654 | metaBlock.unk23 = 3 655 | metaBlock.unk24 = 4 656 | 657 | metaBlock.unk31 = 0xE #packageType 0x10 == patch, 0x8 == Demo&Key, 0x0 == Demo&Key (AND UserFiles = NotOverWrite), 0xE == normal, use 0xE for gamexec, and 8 for gamedata 658 | metaBlock.unk32 = 4 #when this is 5 secondary version gets used?? 659 | metaBlock.unk33 = 8 #doesnt change output of --extract 660 | metaBlock.secondaryVersion = 0 661 | metaBlock.unk34 = 0 662 | 663 | metaBlock.dataSize = 0 664 | metaBlock.unk42 = 5 665 | metaBlock.unk43 = 4 666 | metaBlock.packagedBy = 0x1061 667 | metaBlock.packageVersion = 0 668 | 669 | 670 | files = [] 671 | getFiles(files, folder, folder) 672 | header.itemCount = len(files) 673 | dataToEncrypt = "" 674 | fileDescLength = 0 675 | fileOff = 0x20 * len(files) 676 | for file in files: 677 | alignedSize = (file.fileNameLength + 0x0F) & ~0x0F 678 | file.fileNameOff = fileOff 679 | fileOff += alignedSize 680 | for file in files: 681 | file.fileOff = fileOff 682 | fileOff += (file.fileSize + 0x0F) & ~0x0F 683 | dataToEncrypt += file.pack() 684 | for file in files: 685 | alignedSize = (file.fileNameLength + 0x0F) & ~0x0F 686 | dataToEncrypt += file.fileName 687 | dataToEncrypt += "\0" * (alignedSize-file.fileNameLength) 688 | fileDescLength = len(dataToEncrypt) 689 | for file in files: 690 | if not file.flags & 0xFF == TYPE_DIRECTORY: 691 | path = os.path.join(folder, file.fileName) 692 | fp = open(path, 'rb') 693 | fileData = fp.read() 694 | qadigest.update(fileData) 695 | fileSHA1 = SHA1(fileData) 696 | fp.close() 697 | if fileData[0:9] == "SCE\0\0\0\0\x02\x80": 698 | fselfheader = SelfHeader() 699 | fselfheader.unpack(fileData[0:len(fselfheader)]) 700 | appheader = AppInfo() 701 | appheader.unpack(fileData[fselfheader.AppInfo:fselfheader.AppInfo+len(appheader)]) 702 | found = False 703 | digestOff = fselfheader.digest 704 | while not found: 705 | digest = DigestBlock() 706 | digest.unpack(fileData[digestOff:digestOff+len(digest)]) 707 | if digest.type == 3: 708 | found = True 709 | else: 710 | digestOff += digest.size 711 | if digest.isNext != 1: 712 | break 713 | digestOff += len(digest) 714 | if appheader.appType == 8 and found: 715 | dataToEncrypt += fileData[0:digestOff] 716 | 717 | meta = EbootMeta() 718 | meta.magic = 0x4E504400 719 | meta.unk1 = 1 720 | meta.drmType = metaBlock.drmType 721 | meta.unk2 = 1 722 | for i in range(0,min(len(contentid), 0x30)): 723 | meta.contentID[i] = ord(contentid[i]) 724 | for i in range(0,0x10): 725 | meta.fileSHA1[i] = ord(fileSHA1[i]) 726 | meta.notSHA1[i] = (~meta.fileSHA1[i]) & 0xFF 727 | if i == 0xF: 728 | meta.notXORKLSHA1[i] = (1 ^ meta.notSHA1[i] ^ 0xAA) & 0xFF 729 | else: 730 | meta.notXORKLSHA1[i] = (0 ^ meta.notSHA1[i] ^ 0xAA) & 0xFF 731 | meta.nulls[i] = 0 732 | dataToEncrypt += meta.pack() 733 | dataToEncrypt += fileData[digestOff + 0x80:] 734 | else: 735 | dataToEncrypt += fileData 736 | else: 737 | dataToEncrypt += fileData 738 | 739 | dataToEncrypt += '\0' * (((file.fileSize + 0x0F) & ~0x0F) - len(fileData)) 740 | header.dataSize = len(dataToEncrypt) 741 | metaBlock.dataSize = header.dataSize 742 | header.packageSize = header.dataSize + 0x1A0 743 | head = header.pack() 744 | qadigest.update(head) 745 | qadigest.update(dataToEncrypt[0:fileDescLength]) 746 | QA_Digest = qadigest.digest() 747 | 748 | for i in range(0, 0x10): 749 | header.QADigest[i] = ord(QA_Digest[i]) 750 | 751 | for i in range(0, min(len(contentid), 0x30)): 752 | header.contentID[i] = ord(contentid[i]) 753 | 754 | context = keyToContext(header.QADigest) 755 | setContextNum(context, 0xFFFFFFFFFFFFFFFF) 756 | licensee = crypt(context, listToString(header.KLicensee), 0x10) 757 | 758 | for i in range(0, min(len(contentid), 0x10)): 759 | header.KLicensee[i] = ord(licensee[i]) 760 | 761 | if outname != None: 762 | outFile = open(outname, 'wb') 763 | else: 764 | outFile = open(contentid + ".pkg", 'wb') 765 | outFile.write(header.pack()) 766 | headerSHA = SHA1(header.pack())[3:19] 767 | outFile.write(headerSHA) 768 | 769 | 770 | metaData = metaBlock.pack() 771 | metaBlockSHA = SHA1(metaData)[3:19] 772 | metaBlockSHAPad = '\0' * 0x30 773 | 774 | context = keyToContext([ord(c) for c in metaBlockSHA]) 775 | metaBlockSHAPadEnc = crypt(context, metaBlockSHAPad, 0x30) 776 | 777 | context = keyToContext([ord(c) for c in headerSHA]) 778 | metaBlockSHAPadEnc2 = crypt(context, metaBlockSHAPadEnc, 0x30) 779 | outFile.write(metaBlockSHAPadEnc2) 780 | outFile.write(metaData) 781 | outFile.write(metaBlockSHA) 782 | outFile.write(metaBlockSHAPadEnc) 783 | 784 | context = keyToContext(header.QADigest) 785 | encData = crypt(context, dataToEncrypt, header.dataSize) 786 | outFile.write(encData) 787 | outFile.write('\0' * 0x60) 788 | outFile.close() 789 | print header 790 | 791 | def usage(): 792 | print """usage: [based on revision 1061] 793 | 794 | python pkg.py target-directory [out-file] 795 | 796 | python pkg.py [options] npdrm-package 797 | -l | --list list packaged files. 798 | -x | --extract extract package. 799 | 800 | python pkg.py [options] 801 | --version print revision. 802 | --help print this message.""" 803 | 804 | def version(): 805 | print """pkg.py 0.5""" 806 | 807 | def main(): 808 | extract = False 809 | list = False 810 | contentid = None 811 | try: 812 | opts, args = getopt.getopt(sys.argv[1:], "hx:dvl:c:", ["help", "extract=", "version", "list=", "contentid="]) 813 | except getopt.GetoptError: 814 | usage() 815 | sys.exit(2) 816 | for opt, arg in opts: 817 | if opt in ("-h", "--help"): 818 | usage() 819 | sys.exit(2) 820 | elif opt in ("-v", "--version"): 821 | version() 822 | sys.exit(2) 823 | elif opt in ("-x", "--extract"): 824 | fileToExtract = arg 825 | extract = True 826 | elif opt in ("-l", "--list"): 827 | fileToList = arg 828 | list = True 829 | elif opt in ("-c", "--contentid"): 830 | contentid = arg 831 | else: 832 | usage() 833 | sys.exit(2) 834 | if extract: 835 | unpack(fileToExtract) 836 | else: 837 | if len(args) == 1 and contentid != None: 838 | pack(args[0], contentid) 839 | elif len(args) == 2 and contentid != None: 840 | pack(args[0], contentid, args[1]) 841 | else: 842 | usage() 843 | sys.exit(2) 844 | if __name__ == "__main__": 845 | main() 846 | -------------------------------------------------------------------------------- /source/src/aes.c: -------------------------------------------------------------------------------- 1 | /* 2 | * FIPS-197 compliant AES implementation 3 | * 4 | * Copyright (C) 2006-2010, Brainspark B.V. 5 | * 6 | * This file is part of PolarSSL (http://www.polarssl.org) 7 | * Lead Maintainer: Paul Bakker 8 | * 9 | * All rights reserved. 10 | * 11 | * This program is free software; you can redistribute it and/or modify 12 | * it under the terms of the GNU General Public License as published by 13 | * the Free Software Foundation; either version 2 of the License, or 14 | * (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU General Public License along 22 | * with this program; if not, write to the Free Software Foundation, Inc., 23 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 24 | */ 25 | /* 26 | * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. 27 | * 28 | * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf 29 | * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf 30 | */ 31 | 32 | #include "aes.h" 33 | 34 | /* 35 | * 32-bit integer manipulation macros (little endian) 36 | */ 37 | #ifndef GET_ULONG_LE 38 | #define GET_ULONG_LE(n,b,i) \ 39 | { \ 40 | (n) = ( (unsigned long) (b)[(i) ] ) \ 41 | | ( (unsigned long) (b)[(i) + 1] << 8 ) \ 42 | | ( (unsigned long) (b)[(i) + 2] << 16 ) \ 43 | | ( (unsigned long) (b)[(i) + 3] << 24 ); \ 44 | } 45 | #endif 46 | 47 | #ifndef PUT_ULONG_LE 48 | #define PUT_ULONG_LE(n,b,i) \ 49 | { \ 50 | (b)[(i) ] = (unsigned char) ( (n) ); \ 51 | (b)[(i) + 1] = (unsigned char) ( (n) >> 8 ); \ 52 | (b)[(i) + 2] = (unsigned char) ( (n) >> 16 ); \ 53 | (b)[(i) + 3] = (unsigned char) ( (n) >> 24 ); \ 54 | } 55 | #endif 56 | 57 | /* 58 | * Forward S-box 59 | */ 60 | static const unsigned char FSb[256] = 61 | { 62 | 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 63 | 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, 64 | 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 65 | 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, 66 | 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 67 | 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, 68 | 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 69 | 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75, 70 | 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 71 | 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, 72 | 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 73 | 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, 74 | 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 75 | 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8, 76 | 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 77 | 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, 78 | 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 79 | 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73, 80 | 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 81 | 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB, 82 | 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 83 | 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, 84 | 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 85 | 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08, 86 | 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 87 | 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A, 88 | 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 89 | 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, 90 | 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 91 | 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, 92 | 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 93 | 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 94 | }; 95 | 96 | /* 97 | * Forward tables 98 | */ 99 | #define FT \ 100 | \ 101 | V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \ 102 | V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \ 103 | V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \ 104 | V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \ 105 | V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \ 106 | V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \ 107 | V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \ 108 | V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \ 109 | V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \ 110 | V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \ 111 | V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \ 112 | V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \ 113 | V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \ 114 | V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \ 115 | V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \ 116 | V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \ 117 | V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \ 118 | V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \ 119 | V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \ 120 | V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \ 121 | V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \ 122 | V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \ 123 | V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \ 124 | V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \ 125 | V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \ 126 | V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \ 127 | V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \ 128 | V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \ 129 | V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \ 130 | V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \ 131 | V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \ 132 | V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \ 133 | V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \ 134 | V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \ 135 | V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \ 136 | V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \ 137 | V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \ 138 | V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \ 139 | V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \ 140 | V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \ 141 | V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \ 142 | V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \ 143 | V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \ 144 | V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \ 145 | V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \ 146 | V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \ 147 | V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \ 148 | V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \ 149 | V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \ 150 | V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \ 151 | V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \ 152 | V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \ 153 | V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \ 154 | V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \ 155 | V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \ 156 | V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \ 157 | V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \ 158 | V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \ 159 | V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \ 160 | V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \ 161 | V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \ 162 | V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \ 163 | V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \ 164 | V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C) 165 | 166 | #define V(a,b,c,d) 0x##a##b##c##d 167 | static const unsigned long FT0[256] = { FT }; 168 | #undef V 169 | 170 | #define V(a,b,c,d) 0x##b##c##d##a 171 | static const unsigned long FT1[256] = { FT }; 172 | #undef V 173 | 174 | #define V(a,b,c,d) 0x##c##d##a##b 175 | static const unsigned long FT2[256] = { FT }; 176 | #undef V 177 | 178 | #define V(a,b,c,d) 0x##d##a##b##c 179 | static const unsigned long FT3[256] = { FT }; 180 | #undef V 181 | 182 | #undef FT 183 | 184 | /* 185 | * Reverse S-box 186 | */ 187 | static const unsigned char RSb[256] = 188 | { 189 | 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 190 | 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB, 191 | 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 192 | 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB, 193 | 0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 194 | 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E, 195 | 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 196 | 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25, 197 | 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 198 | 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92, 199 | 0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 200 | 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84, 201 | 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 202 | 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06, 203 | 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 204 | 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B, 205 | 0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 206 | 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73, 207 | 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 208 | 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E, 209 | 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 210 | 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B, 211 | 0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 212 | 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4, 213 | 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 214 | 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F, 215 | 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 216 | 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF, 217 | 0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 218 | 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61, 219 | 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 220 | 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D 221 | }; 222 | 223 | /* 224 | * Reverse tables 225 | */ 226 | #define RT \ 227 | \ 228 | V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \ 229 | V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \ 230 | V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \ 231 | V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \ 232 | V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \ 233 | V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \ 234 | V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \ 235 | V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \ 236 | V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \ 237 | V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \ 238 | V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \ 239 | V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \ 240 | V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \ 241 | V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \ 242 | V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \ 243 | V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \ 244 | V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \ 245 | V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \ 246 | V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \ 247 | V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \ 248 | V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \ 249 | V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \ 250 | V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \ 251 | V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \ 252 | V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \ 253 | V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \ 254 | V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \ 255 | V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \ 256 | V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \ 257 | V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \ 258 | V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \ 259 | V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \ 260 | V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \ 261 | V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \ 262 | V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \ 263 | V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \ 264 | V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \ 265 | V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \ 266 | V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \ 267 | V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \ 268 | V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \ 269 | V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \ 270 | V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \ 271 | V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \ 272 | V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \ 273 | V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \ 274 | V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \ 275 | V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \ 276 | V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \ 277 | V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \ 278 | V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \ 279 | V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \ 280 | V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \ 281 | V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \ 282 | V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \ 283 | V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \ 284 | V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \ 285 | V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \ 286 | V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \ 287 | V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \ 288 | V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \ 289 | V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \ 290 | V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \ 291 | V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0) 292 | 293 | #define V(a,b,c,d) 0x##a##b##c##d 294 | static const unsigned long RT0[256] = { RT }; 295 | #undef V 296 | 297 | #define V(a,b,c,d) 0x##b##c##d##a 298 | static const unsigned long RT1[256] = { RT }; 299 | #undef V 300 | 301 | #define V(a,b,c,d) 0x##c##d##a##b 302 | static const unsigned long RT2[256] = { RT }; 303 | #undef V 304 | 305 | #define V(a,b,c,d) 0x##d##a##b##c 306 | static const unsigned long RT3[256] = { RT }; 307 | #undef V 308 | 309 | #undef RT 310 | 311 | /* 312 | * Round constants 313 | */ 314 | static const unsigned long RCON[10] = 315 | { 316 | 0x00000001, 0x00000002, 0x00000004, 0x00000008, 317 | 0x00000010, 0x00000020, 0x00000040, 0x00000080, 318 | 0x0000001B, 0x00000036 319 | }; 320 | 321 | /* 322 | * AES key schedule (encryption) 323 | */ 324 | int aes_setkey_enc( aes_context *ctx, const unsigned char *key, unsigned int keysize ) 325 | { 326 | unsigned int i; 327 | unsigned long *RK; 328 | 329 | switch( keysize ) 330 | { 331 | case 128: ctx->nr = 10; break; 332 | case 192: ctx->nr = 12; break; 333 | case 256: ctx->nr = 14; break; 334 | default : return( POLARSSL_ERR_AES_INVALID_KEY_LENGTH ); 335 | } 336 | 337 | ctx->rk = RK = ctx->buf; 338 | 339 | for( i = 0; i < (keysize >> 5); i++ ) 340 | { 341 | GET_ULONG_LE( RK[i], key, i << 2 ); 342 | } 343 | 344 | switch( ctx->nr ) 345 | { 346 | case 10: 347 | 348 | for( i = 0; i < 10; i++, RK += 4 ) 349 | { 350 | RK[4] = RK[0] ^ RCON[i] ^ 351 | ( (unsigned long) FSb[ ( RK[3] >> 8 ) & 0xFF ] ) ^ 352 | ( (unsigned long) FSb[ ( RK[3] >> 16 ) & 0xFF ] << 8 ) ^ 353 | ( (unsigned long) FSb[ ( RK[3] >> 24 ) & 0xFF ] << 16 ) ^ 354 | ( (unsigned long) FSb[ ( RK[3] ) & 0xFF ] << 24 ); 355 | 356 | RK[5] = RK[1] ^ RK[4]; 357 | RK[6] = RK[2] ^ RK[5]; 358 | RK[7] = RK[3] ^ RK[6]; 359 | } 360 | break; 361 | 362 | case 12: 363 | 364 | for( i = 0; i < 8; i++, RK += 6 ) 365 | { 366 | RK[6] = RK[0] ^ RCON[i] ^ 367 | ( (unsigned long) FSb[ ( RK[5] >> 8 ) & 0xFF ] ) ^ 368 | ( (unsigned long) FSb[ ( RK[5] >> 16 ) & 0xFF ] << 8 ) ^ 369 | ( (unsigned long) FSb[ ( RK[5] >> 24 ) & 0xFF ] << 16 ) ^ 370 | ( (unsigned long) FSb[ ( RK[5] ) & 0xFF ] << 24 ); 371 | 372 | RK[7] = RK[1] ^ RK[6]; 373 | RK[8] = RK[2] ^ RK[7]; 374 | RK[9] = RK[3] ^ RK[8]; 375 | RK[10] = RK[4] ^ RK[9]; 376 | RK[11] = RK[5] ^ RK[10]; 377 | } 378 | break; 379 | 380 | case 14: 381 | 382 | for( i = 0; i < 7; i++, RK += 8 ) 383 | { 384 | RK[8] = RK[0] ^ RCON[i] ^ 385 | ( (unsigned long) FSb[ ( RK[7] >> 8 ) & 0xFF ] ) ^ 386 | ( (unsigned long) FSb[ ( RK[7] >> 16 ) & 0xFF ] << 8 ) ^ 387 | ( (unsigned long) FSb[ ( RK[7] >> 24 ) & 0xFF ] << 16 ) ^ 388 | ( (unsigned long) FSb[ ( RK[7] ) & 0xFF ] << 24 ); 389 | 390 | RK[9] = RK[1] ^ RK[8]; 391 | RK[10] = RK[2] ^ RK[9]; 392 | RK[11] = RK[3] ^ RK[10]; 393 | 394 | RK[12] = RK[4] ^ 395 | ( (unsigned long) FSb[ ( RK[11] ) & 0xFF ] ) ^ 396 | ( (unsigned long) FSb[ ( RK[11] >> 8 ) & 0xFF ] << 8 ) ^ 397 | ( (unsigned long) FSb[ ( RK[11] >> 16 ) & 0xFF ] << 16 ) ^ 398 | ( (unsigned long) FSb[ ( RK[11] >> 24 ) & 0xFF ] << 24 ); 399 | 400 | RK[13] = RK[5] ^ RK[12]; 401 | RK[14] = RK[6] ^ RK[13]; 402 | RK[15] = RK[7] ^ RK[14]; 403 | } 404 | break; 405 | 406 | default: 407 | 408 | break; 409 | } 410 | 411 | return( 0 ); 412 | } 413 | 414 | /* 415 | * AES key schedule (decryption) 416 | */ 417 | int aes_setkey_dec( aes_context *ctx, const unsigned char *key, unsigned int keysize ) 418 | { 419 | int i, j; 420 | aes_context cty; 421 | unsigned long *RK; 422 | unsigned long *SK; 423 | int ret; 424 | 425 | switch( keysize ) 426 | { 427 | case 128: ctx->nr = 10; break; 428 | case 192: ctx->nr = 12; break; 429 | case 256: ctx->nr = 14; break; 430 | default : return( POLARSSL_ERR_AES_INVALID_KEY_LENGTH ); 431 | } 432 | 433 | ctx->rk = RK = ctx->buf; 434 | 435 | ret = aes_setkey_enc( &cty, key, keysize ); 436 | if( ret != 0 ) 437 | return( ret ); 438 | 439 | SK = cty.rk + cty.nr * 4; 440 | 441 | *RK++ = *SK++; 442 | *RK++ = *SK++; 443 | *RK++ = *SK++; 444 | *RK++ = *SK++; 445 | 446 | for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 ) 447 | { 448 | for( j = 0; j < 4; j++, SK++ ) 449 | { 450 | *RK++ = RT0[ FSb[ ( *SK ) & 0xFF ] ] ^ 451 | RT1[ FSb[ ( *SK >> 8 ) & 0xFF ] ] ^ 452 | RT2[ FSb[ ( *SK >> 16 ) & 0xFF ] ] ^ 453 | RT3[ FSb[ ( *SK >> 24 ) & 0xFF ] ]; 454 | } 455 | } 456 | 457 | *RK++ = *SK++; 458 | *RK++ = *SK++; 459 | *RK++ = *SK++; 460 | *RK++ = *SK++; 461 | 462 | memset( &cty, 0, sizeof( aes_context ) ); 463 | 464 | return( 0 ); 465 | } 466 | 467 | #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ 468 | { \ 469 | X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \ 470 | FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \ 471 | FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \ 472 | FT3[ ( Y3 >> 24 ) & 0xFF ]; \ 473 | \ 474 | X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \ 475 | FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \ 476 | FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \ 477 | FT3[ ( Y0 >> 24 ) & 0xFF ]; \ 478 | \ 479 | X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \ 480 | FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \ 481 | FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \ 482 | FT3[ ( Y1 >> 24 ) & 0xFF ]; \ 483 | \ 484 | X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \ 485 | FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \ 486 | FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \ 487 | FT3[ ( Y2 >> 24 ) & 0xFF ]; \ 488 | } 489 | 490 | #define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ 491 | { \ 492 | X0 = *RK++ ^ RT0[ ( Y0 ) & 0xFF ] ^ \ 493 | RT1[ ( Y3 >> 8 ) & 0xFF ] ^ \ 494 | RT2[ ( Y2 >> 16 ) & 0xFF ] ^ \ 495 | RT3[ ( Y1 >> 24 ) & 0xFF ]; \ 496 | \ 497 | X1 = *RK++ ^ RT0[ ( Y1 ) & 0xFF ] ^ \ 498 | RT1[ ( Y0 >> 8 ) & 0xFF ] ^ \ 499 | RT2[ ( Y3 >> 16 ) & 0xFF ] ^ \ 500 | RT3[ ( Y2 >> 24 ) & 0xFF ]; \ 501 | \ 502 | X2 = *RK++ ^ RT0[ ( Y2 ) & 0xFF ] ^ \ 503 | RT1[ ( Y1 >> 8 ) & 0xFF ] ^ \ 504 | RT2[ ( Y0 >> 16 ) & 0xFF ] ^ \ 505 | RT3[ ( Y3 >> 24 ) & 0xFF ]; \ 506 | \ 507 | X3 = *RK++ ^ RT0[ ( Y3 ) & 0xFF ] ^ \ 508 | RT1[ ( Y2 >> 8 ) & 0xFF ] ^ \ 509 | RT2[ ( Y1 >> 16 ) & 0xFF ] ^ \ 510 | RT3[ ( Y0 >> 24 ) & 0xFF ]; \ 511 | } 512 | 513 | /* 514 | * AES-ECB block encryption/decryption 515 | */ 516 | int aes_crypt_ecb( aes_context *ctx, 517 | int mode, 518 | const unsigned char input[16], 519 | unsigned char output[16] ) 520 | { 521 | int i; 522 | unsigned long *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3; 523 | 524 | RK = ctx->rk; 525 | 526 | GET_ULONG_LE( X0, input, 0 ); X0 ^= *RK++; 527 | GET_ULONG_LE( X1, input, 4 ); X1 ^= *RK++; 528 | GET_ULONG_LE( X2, input, 8 ); X2 ^= *RK++; 529 | GET_ULONG_LE( X3, input, 12 ); X3 ^= *RK++; 530 | 531 | if( mode == AES_DECRYPT ) 532 | { 533 | for( i = (ctx->nr >> 1) - 1; i > 0; i-- ) 534 | { 535 | AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); 536 | AES_RROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); 537 | } 538 | 539 | AES_RROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); 540 | 541 | X0 = *RK++ ^ \ 542 | ( (unsigned long) RSb[ ( Y0 ) & 0xFF ] ) ^ 543 | ( (unsigned long) RSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^ 544 | ( (unsigned long) RSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^ 545 | ( (unsigned long) RSb[ ( Y1 >> 24 ) & 0xFF ] << 24 ); 546 | 547 | X1 = *RK++ ^ \ 548 | ( (unsigned long) RSb[ ( Y1 ) & 0xFF ] ) ^ 549 | ( (unsigned long) RSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^ 550 | ( (unsigned long) RSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^ 551 | ( (unsigned long) RSb[ ( Y2 >> 24 ) & 0xFF ] << 24 ); 552 | 553 | X2 = *RK++ ^ \ 554 | ( (unsigned long) RSb[ ( Y2 ) & 0xFF ] ) ^ 555 | ( (unsigned long) RSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^ 556 | ( (unsigned long) RSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^ 557 | ( (unsigned long) RSb[ ( Y3 >> 24 ) & 0xFF ] << 24 ); 558 | 559 | X3 = *RK++ ^ \ 560 | ( (unsigned long) RSb[ ( Y3 ) & 0xFF ] ) ^ 561 | ( (unsigned long) RSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^ 562 | ( (unsigned long) RSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^ 563 | ( (unsigned long) RSb[ ( Y0 >> 24 ) & 0xFF ] << 24 ); 564 | } 565 | else /* AES_ENCRYPT */ 566 | { 567 | for( i = (ctx->nr >> 1) - 1; i > 0; i-- ) 568 | { 569 | AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); 570 | AES_FROUND( X0, X1, X2, X3, Y0, Y1, Y2, Y3 ); 571 | } 572 | 573 | AES_FROUND( Y0, Y1, Y2, Y3, X0, X1, X2, X3 ); 574 | 575 | X0 = *RK++ ^ \ 576 | ( (unsigned long) FSb[ ( Y0 ) & 0xFF ] ) ^ 577 | ( (unsigned long) FSb[ ( Y1 >> 8 ) & 0xFF ] << 8 ) ^ 578 | ( (unsigned long) FSb[ ( Y2 >> 16 ) & 0xFF ] << 16 ) ^ 579 | ( (unsigned long) FSb[ ( Y3 >> 24 ) & 0xFF ] << 24 ); 580 | 581 | X1 = *RK++ ^ \ 582 | ( (unsigned long) FSb[ ( Y1 ) & 0xFF ] ) ^ 583 | ( (unsigned long) FSb[ ( Y2 >> 8 ) & 0xFF ] << 8 ) ^ 584 | ( (unsigned long) FSb[ ( Y3 >> 16 ) & 0xFF ] << 16 ) ^ 585 | ( (unsigned long) FSb[ ( Y0 >> 24 ) & 0xFF ] << 24 ); 586 | 587 | X2 = *RK++ ^ \ 588 | ( (unsigned long) FSb[ ( Y2 ) & 0xFF ] ) ^ 589 | ( (unsigned long) FSb[ ( Y3 >> 8 ) & 0xFF ] << 8 ) ^ 590 | ( (unsigned long) FSb[ ( Y0 >> 16 ) & 0xFF ] << 16 ) ^ 591 | ( (unsigned long) FSb[ ( Y1 >> 24 ) & 0xFF ] << 24 ); 592 | 593 | X3 = *RK++ ^ \ 594 | ( (unsigned long) FSb[ ( Y3 ) & 0xFF ] ) ^ 595 | ( (unsigned long) FSb[ ( Y0 >> 8 ) & 0xFF ] << 8 ) ^ 596 | ( (unsigned long) FSb[ ( Y1 >> 16 ) & 0xFF ] << 16 ) ^ 597 | ( (unsigned long) FSb[ ( Y2 >> 24 ) & 0xFF ] << 24 ); 598 | } 599 | 600 | PUT_ULONG_LE( X0, output, 0 ); 601 | PUT_ULONG_LE( X1, output, 4 ); 602 | PUT_ULONG_LE( X2, output, 8 ); 603 | PUT_ULONG_LE( X3, output, 12 ); 604 | 605 | return( 0 ); 606 | } 607 | 608 | /* 609 | * AES-CBC buffer encryption/decryption 610 | */ 611 | int aes_crypt_cbc( aes_context *ctx, 612 | int mode, 613 | size_t length, 614 | unsigned char iv[16], 615 | const unsigned char *input, 616 | unsigned char *output ) 617 | { 618 | int i; 619 | unsigned char temp[16]; 620 | 621 | if( length % 16 ) 622 | return( POLARSSL_ERR_AES_INVALID_INPUT_LENGTH ); 623 | 624 | if( mode == AES_DECRYPT ) 625 | { 626 | while( length > 0 ) 627 | { 628 | memcpy( temp, input, 16 ); 629 | aes_crypt_ecb( ctx, mode, input, output ); 630 | 631 | for( i = 0; i < 16; i++ ) 632 | output[i] = (unsigned char)( output[i] ^ iv[i] ); 633 | 634 | memcpy( iv, temp, 16 ); 635 | 636 | input += 16; 637 | output += 16; 638 | length -= 16; 639 | } 640 | } 641 | else 642 | { 643 | while( length > 0 ) 644 | { 645 | for( i = 0; i < 16; i++ ) 646 | output[i] = (unsigned char)( input[i] ^ iv[i] ); 647 | 648 | aes_crypt_ecb( ctx, mode, output, output ); 649 | memcpy( iv, output, 16 ); 650 | 651 | input += 16; 652 | output += 16; 653 | length -= 16; 654 | } 655 | } 656 | 657 | return( 0 ); 658 | } 659 | 660 | /* 661 | * AES-CTR buffer encryption/decryption 662 | */ 663 | int aes_crypt_ctr( aes_context *ctx, 664 | size_t length, 665 | size_t *nc_off, 666 | unsigned char nonce_counter[16], 667 | unsigned char stream_block[16], 668 | const unsigned char *input, 669 | unsigned char *output ) 670 | { 671 | int c, i, cb; 672 | size_t n = *nc_off; 673 | 674 | while( length-- ) 675 | { 676 | if( n == 0 ) { 677 | aes_crypt_ecb( ctx, AES_ENCRYPT, nonce_counter, stream_block ); 678 | 679 | i = 15; 680 | do { 681 | nonce_counter[i]++; 682 | cb = nonce_counter[i] == 0; 683 | } while( i-- && cb ); 684 | 685 | } 686 | c = *input++; 687 | *output++ = (unsigned char)( c ^ stream_block[n] ); 688 | 689 | n = (n + 1) & 0x0F; 690 | } 691 | 692 | *nc_off = n; 693 | 694 | return( 0 ); 695 | } 696 | 697 | /* AES-CMAC */ 698 | 699 | int aes_crypt_ctr_xor( aes_context *ctx, 700 | size_t length, 701 | size_t *nc_off, 702 | unsigned char nonce_counter[16], 703 | unsigned char stream_block[16], 704 | const unsigned char *input, 705 | unsigned char *output , 706 | size_t len_start_from) 707 | { 708 | char bkp_riv[0x10]; 709 | memcpy(bkp_riv, nonce_counter, 0x10); 710 | int c, i, cb; 711 | size_t n = *nc_off; 712 | 713 | while( length--) 714 | { 715 | if( n == 0 ) { 716 | aes_crypt_ecb( ctx, AES_ENCRYPT, nonce_counter, stream_block ); 717 | 718 | i = 15; 719 | do { 720 | nonce_counter[i]++; 721 | cb = nonce_counter[i] == 0; 722 | } while( i-- && cb ); 723 | 724 | } 725 | if(len_start_from==0) 726 | { 727 | c = *input++; 728 | *output++ = (unsigned char)( c ^ stream_block[n] ); 729 | } 730 | else 731 | { 732 | length++; 733 | len_start_from--; 734 | } 735 | 736 | n = (n + 1) & 0x0F; 737 | } 738 | 739 | *nc_off = n; 740 | 741 | memcpy(nonce_counter, bkp_riv, 0x10); 742 | return( 0 ); 743 | } 744 | 745 | #include 746 | 747 | unsigned char const_Rb[16] = { 748 | 749 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 750 | 751 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 752 | 753 | }; 754 | 755 | unsigned char const_Zero[16] = { 756 | 757 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 758 | 759 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 760 | 761 | }; 762 | 763 | 764 | 765 | void leftshift_onebit(unsigned char *input, unsigned char *output) 766 | 767 | { 768 | 769 | int i; 770 | 771 | unsigned char overflow = 0; 772 | 773 | 774 | 775 | for (i = 15; i >= 0; i--) 776 | 777 | { 778 | 779 | output[i] = input[i] << 1; 780 | 781 | output[i] |= overflow; 782 | 783 | overflow = (input[i] & 0x80) ? 1 : 0; 784 | 785 | } 786 | 787 | } 788 | 789 | 790 | 791 | void xor_128(unsigned char *a, unsigned char *b, unsigned char *out) 792 | 793 | { 794 | 795 | int i; 796 | 797 | for (i = 0; i < 16; i++) 798 | 799 | out[i] = a[i] ^ b[i]; 800 | 801 | } 802 | 803 | 804 | 805 | void generate_subkey(aes_context *ctx, unsigned char *K1, unsigned char *K2) 806 | 807 | { 808 | 809 | unsigned char L[16]; 810 | 811 | unsigned char Z[16]; 812 | 813 | unsigned char tmp[16]; 814 | 815 | 816 | 817 | int i; 818 | 819 | for (i = 0; i < 16; i++) Z[i] = 0; 820 | 821 | 822 | 823 | aes_crypt_ecb(ctx, AES_ENCRYPT, Z, L); 824 | 825 | 826 | 827 | if ((L[0] & 0x80) == 0) 828 | 829 | { 830 | 831 | leftshift_onebit(L,K1); 832 | 833 | } else { 834 | 835 | leftshift_onebit(L,tmp); 836 | 837 | xor_128(tmp,const_Rb,K1); 838 | 839 | } 840 | 841 | 842 | 843 | if ((K1[0] & 0x80) == 0) 844 | 845 | { 846 | 847 | leftshift_onebit(K1,K2); 848 | 849 | } else { 850 | 851 | leftshift_onebit(K1,tmp); 852 | 853 | xor_128(tmp,const_Rb,K2); 854 | 855 | } 856 | 857 | } 858 | 859 | 860 | 861 | void padding (unsigned char *lastb, unsigned char *pad, uint64_t length) 862 | 863 | { 864 | 865 | uint64_t i; 866 | 867 | for (i = 0; i < 16; i++) 868 | 869 | { 870 | 871 | if (i < length) 872 | 873 | pad[i] = lastb[i]; 874 | 875 | else if (i == length) 876 | 877 | pad[i] = 0x80; 878 | 879 | else 880 | 881 | pad[i] = 0x00; 882 | 883 | } 884 | 885 | } 886 | 887 | 888 | 889 | void aes_cmac(aes_context *ctx, uint64_t length, unsigned char *input, unsigned char *output) 890 | 891 | { 892 | 893 | unsigned char X[16], Y[16], M_last[16], padded[16]; 894 | 895 | unsigned char K1[16], K2[16]; 896 | 897 | uint64_t n, i, flag; 898 | 899 | generate_subkey(ctx, K1, K2); 900 | 901 | 902 | 903 | n = (length + 15) / 16; 904 | 905 | if (n == 0) 906 | 907 | { 908 | 909 | n = 1; 910 | 911 | flag = 0; 912 | 913 | } else { 914 | 915 | if ((length % 16) == 0) 916 | 917 | flag = 1; 918 | 919 | else 920 | 921 | flag = 0; 922 | 923 | } 924 | 925 | 926 | 927 | if (flag) 928 | 929 | { 930 | 931 | xor_128(&input[16 * (n - 1)], K1, M_last); 932 | 933 | } else { 934 | 935 | padding(&input[16 * (n - 1)], padded, length % 16); 936 | 937 | xor_128(padded, K2, M_last); 938 | 939 | } 940 | 941 | 942 | 943 | for (i = 0; i < 16; i++) X[i] = 0; 944 | 945 | for (i = 0; i < n - 1; i++) 946 | 947 | { 948 | 949 | xor_128(X, &input[16*i], Y); 950 | 951 | aes_crypt_ecb(ctx, AES_ENCRYPT, Y, X); 952 | 953 | } 954 | 955 | 956 | 957 | xor_128(X,M_last,Y); 958 | 959 | aes_crypt_ecb(ctx, AES_ENCRYPT, Y, X); 960 | 961 | 962 | 963 | for (i = 0; i < 16; i++) 964 | 965 | output[i] = X[i]; 966 | 967 | } 968 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | END OF TERMS AND CONDITIONS 622 | 623 | How to Apply These Terms to Your New Programs 624 | 625 | If you develop a new program, and you want it to be of the greatest 626 | possible use to the public, the best way to achieve this is to make it 627 | free software which everyone can redistribute and change under these terms. 628 | 629 | To do so, attach the following notices to the program. It is safest 630 | to attach them to the start of each source file to most effectively 631 | state the exclusion of warranty; and each file should have at least 632 | the "copyright" line and a pointer to where the full notice is found. 633 | 634 | 635 | Copyright (C) 636 | 637 | This program is free software: you can redistribute it and/or modify 638 | it under the terms of the GNU General Public License as published by 639 | the Free Software Foundation, either version 3 of the License, or 640 | (at your option) any later version. 641 | 642 | This program is distributed in the hope that it will be useful, 643 | but WITHOUT ANY WARRANTY; without even the implied warranty of 644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 645 | GNU General Public License for more details. 646 | 647 | You should have received a copy of the GNU General Public License 648 | along with this program. If not, see . 649 | 650 | Also add information on how to contact you by electronic and paper mail. 651 | 652 | If the program does terminal interaction, make it output a short 653 | notice like this when it starts in an interactive mode: 654 | 655 | Copyright (C) 656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 657 | This is free software, and you are welcome to redistribute it 658 | under certain conditions; type `show c' for details. 659 | 660 | The hypothetical commands `show w' and `show c' should show the appropriate 661 | parts of the General Public License. Of course, your program's commands 662 | might be different; for a GUI interface, you would use an "about box". 663 | 664 | You should also get your employer (if you work as a programmer) or school, 665 | if any, to sign a "copyright disclaimer" for the program, if necessary. 666 | For more information on this, and how to apply and follow the GNU GPL, see 667 | . 668 | 669 | The GNU General Public License does not permit incorporating your program 670 | into proprietary programs. If your program is a subroutine library, you 671 | may consider it more useful to permit linking proprietary applications with 672 | the library. If this is what you want to do, use the GNU Lesser General 673 | Public License instead of this License. But first, please read 674 | . 675 | --------------------------------------------------------------------------------