Use libtommath to do rsa

2019-03-11 18:39:22 +01:00 · 2019-03-11 18:39:22 +01:00 · 017f6a2e7a
parent 4ac647253e
commit 017f6a2e7a
8 changed files with 154 additions and 1586 deletions
--- a/build/win32/libtomcrypt_VS2008.vcxproj
+++ b/build/win32/libtomcrypt_VS2008.vcxproj
@ -70,14 +70,14 @@
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\$(ProjectName)</IntDir>
    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
    <CodeAnalysisRules />
    <CodeAnalysisRuleAssemblies />
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\$(ProjectName)</IntDir>
    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
    <CodeAnalysisRules />
    <CodeAnalysisRuleAssemblies />
--- a/build/win32/libtommath_VS2008.vcxproj
+++ b/build/win32/libtommath_VS2008.vcxproj
@ -70,7 +70,7 @@
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\$(ProjectName)</IntDir>
    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
    <CodeAnalysisRules />
    <CodeAnalysisRuleAssemblies />
@ -84,7 +84,7 @@
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
+    <IntDir>$(Configuration)\$(ProjectName)</IntDir>
    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
    <CodeAnalysisRules />
    <CodeAnalysisRuleAssemblies />
--- a/src/common/crypto/EmuRsa.cpp
+++ b/src/common/crypto/EmuRsa.cpp
--- a/src/common/crypto/EmuRsa.h
+++ b/src/common/crypto/EmuRsa.h
@ -17,7 +17,7 @@
 // *  If not, write to the Free Software Foundation, Inc.,
 // *  59 Temple Place - Suite 330, Bostom, MA 02111-1307, USA.
 // *
-// *  (c) 2018 ergo720
+// *  (c) 2018-2019 ergo720
 // *
 // *  All rights reserved
 // *
@ -28,27 +28,26 @@

 #pragma pack(4)

-typedef struct _RSA_PUBLIC_KEY
+typedef union _RSA_PUBLIC_KEY
 {
-	union
-	{
-		unsigned char Default[284];
-		struct {
-			char Magic[4];  		     // "RSA1"
-			unsigned int Bloblen; 		 // 264 (Modulus + Exponent + Modulussize)
-			unsigned char Bitlen[4];  	 // 2048
-			unsigned int ModulusSize;	 // 255 (bytes in the Modulus)
-			unsigned char Exponent[4];
-			unsigned char Modulus[256];  // Bit endian style
-			unsigned char Unknown[8];    // ?
-		}KeyData;
-	};
+	unsigned char Default[284];
+	struct {
+		char Magic[4];               // "RSA1"
+		unsigned int Bloblen;        // 264 (Modulus + Exponent + Modulussize)
+		unsigned char Bitlen[4];     // 2048
+		unsigned int ModulusSize;    // 255 (bytes in the Modulus)
+		unsigned char Exponent[4];   // Public exponent
+		unsigned char Modulus[256];  // Bit endian style
+		unsigned char Unknown[8];    // ?
+	}KeyData;
 } RSA_PUBLIC_KEY;

 #pragma pack()

-void ModExp(unsigned char* a_number, const unsigned char* b_number, unsigned int b_len, const unsigned char* c_number, unsigned int c_len, const unsigned char* d_number, unsigned int d_len);
-void RSAdecrypt(const unsigned char* c_number, unsigned char* cryptbuffer, RSA_PUBLIC_KEY key);
-bool Verifyhash(const unsigned char* hash, const unsigned char* decryptBuffer, RSA_PUBLIC_KEY key);
+void init_tom_lib();
+bool xbox_exp_mod(unsigned char* pA, const unsigned char* pB, const unsigned char* pC, const unsigned char* pD,
+	size_t b_size, size_t c_size, size_t d_size);
+bool xbox_rsa_public(const unsigned char* in_buf, unsigned char* out_buf, RSA_PUBLIC_KEY key);
+bool verify_hash(const unsigned char* hash, const unsigned char* decryptBuffer, RSA_PUBLIC_KEY key);

 #endif
--- a/src/common/util/CxbxUtil.cpp
+++ b/src/common/util/CxbxUtil.cpp
@ -26,7 +26,34 @@
 // ******************************************************************

 // Acknowledgment: some of the functions present are from XQEMU (GPLv2)
-// https://xqemu.com/
+// https://xqemu.com/
+
+// swap_endianess is extracted from mbedtls_mpi_read_binary used in the file bignum.h of ReactOS
+
+/**
+* \file bignum.h
+*
+* \brief  Multi-precision integer library
+*
+*  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+*  SPDX-License-Identifier: GPL-2.0
+*
+*  This program is free software; you can redistribute it and/or modify
+*  it under the terms of the GNU General Public License as published by
+*  the Free Software Foundation; either version 2 of the License, or
+*  (at your option) any later version.
+*
+*  This program is distributed in the hope that it will be useful,
+*  but WITHOUT ANY WARRANTY; without even the implied warranty of
+*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*  GNU General Public License for more details.
+*
+*  You should have received a copy of the GNU General Public License along
+*  with this program; if not, write to the Free Software Foundation, Inc.,
+*  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*
+*  This file is part of mbed TLS (https://tls.mbed.org)
+*/

 // The intent of this file is to add general functions which are not kernel specific (for those CxbxKrnl.h should be used instead)

@ -235,3 +262,19 @@ void unix2dos(std::string& string)
 		position += 2;
 	}
 }
+
+void swap_endianess(const unsigned char* in_buf, unsigned char* out_buf, size_t size)
+{
+	size_t i, j, n;
+	uint32_t* out_buf_uint = (uint32_t*)out_buf;
+
+	memset(out_buf_uint, 0, size);
+
+	for (n = 0; n < size; n++)
+		if (in_buf[n] != 0)
+			break;
+
+	for (i = size, j = 0; i > n; i--, j++) {
+		out_buf_uint[j / 4] |= ((uint32_t)in_buf[i - 1]) << ((j % 4) << 3);
+	}
+}
--- a/src/common/util/CxbxUtil.h
+++ b/src/common/util/CxbxUtil.h
@ -85,5 +85,7 @@ static uint32 RoundUp(uint32 dwValue, uint32 dwMult)

 	return dwValue + dwMult - remainder;
 }
+
+void swap_endianess(const unsigned char* in_buf, unsigned char* out_buf, size_t size);

 #endif
--- a/src/common/xbe/Xbe.cpp
+++ b/src/common/xbe/Xbe.cpp
@ -780,12 +780,14 @@ bool Xbe::CheckXbeSignature()
 {
 	// Workaround for nxdk (and possibly oxdk?): xbe's built with nxdk have the digital signature set to all zeros, which will lead
 	// to a crash during its decryption in RSAdecrypt. Detect this condition and skip the check if true
-	{
-		UCHAR Dummy[256] = { 0 };
-		if (memcmp(m_Header.pbDigitalSignature, Dummy, 256) == 0) {
-			return false;
-		}
-	}
+	//{
+	//	UCHAR Dummy[256] = { 0 };
+	//	if (memcmp(m_Header.pbDigitalSignature, Dummy, 256) == 0) {
+	//		return false;
+	//	}
+	//}
+
+	init_tom_lib();

 	DWORD HeaderDigestSize = m_Header.dwSizeofHeaders - (sizeof(m_Header.dwMagic) + sizeof(m_Header.pbDigitalSignature));
 	UCHAR SHADigest[A_SHA_DIGEST_LEN];
@ -800,11 +802,12 @@ bool Xbe::CheckXbeSignature()
 	// TODO: memcpy(keys[3].Default, (void*)xboxkrnl::XePublicKeyDataDebug, 284);

 	for (int i = 0; i < keys.size(); i++) {
-		RSAdecrypt(m_Header.pbDigitalSignature, crypt_buffer, keys[i]);
-		if (Verifyhash(SHADigest, crypt_buffer, keys[i])) {
-			// Load the successful key into XboxKrnl::XePublicKeyData for application use
-			memcpy(xboxkrnl::XePublicKeyData, keys[i].Default, 284);
-			return true; // success
+		if (xbox_rsa_public(m_Header.pbDigitalSignature, crypt_buffer, keys[i])) {
+			if (verify_hash(SHADigest, crypt_buffer, keys[i])) {
+				// Load the successful key into XboxKrnl::XePublicKeyData for application use
+				memcpy(xboxkrnl::XePublicKeyData, keys[i].Default, 284);
+				return true; // success
+			}
 		}
 	}

--- a/src/core/kernel/exports/EmuKrnlXc.cpp
+++ b/src/core/kernel/exports/EmuKrnlXc.cpp
@ -21,7 +21,8 @@
 // *
 // *  (c) 2002-2003 Aaron Robinson <caustik@caustik.com>
 // *  (c) 2016 Patrick van Logchem <pvanlogchem@gmail.com>
-// *  (c) 2019 Jannik Vogel
+// *  (c) 2019 Jannik Vogel
+// *  (c) 2018-2019 ergo720
 // *
 // *  All rights reserved
 // *
@ -213,13 +214,13 @@ xboxkrnl::ULONG NTAPI JumpedModExp
 	xboxkrnl::LPDWORD pD,
 	xboxkrnl::ULONG dwN
 )
-{
-	ULONG ret = 1;
-
+{
 	unsigned int len = dwN * 4;
-	ModExp((unsigned char*)pA, (const unsigned char*)pB, len, (const unsigned char*)pC, len, (const unsigned char*)pD, len);
+	if (xbox_exp_mod((unsigned char*)pA, (const unsigned char*)pB, (const unsigned char*)pC, (const unsigned char*)pD, len, len, len)) {
+		return 1;
+	}

-	return ret;
+	return 0;
 }

 xboxkrnl::VOID NTAPI JumpedDESKeyParity