Skip to content

Instantly share code, notes, and snippets.

@leoetlino

leoetlino/fn.c

Created May 20, 2018 18:18
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save leoetlino/d962543df4662ad0d246ba1b811ef6f5 to your computer and use it in GitHub Desktop.
Save leoetlino/d962543df4662ad0d246ba1b811ef6f5 to your computer and use it in GitHub Desktop.
Download ZIP
ES_VerifySign (IOS59)
Raw
fn.c
int __fastcall ES_VerifySign(const u8 *hash, u32 hash_size, const u8 *ecc_signature, const u8 *certs, u32 certs_size)
{
uint8_t *sha1; // r10
uint8_t *hash_ctx; // r8
IOSReturnCode ret; // r4
Cert *_certs; // r0 MAPDST
uint32_t inputSize; // r5
int ap_handle; // [sp+20h] [bp-84h]
int ng_cert_handle; // [sp+24h] [bp-80h]
const char *ng_issuer; // [sp+28h] [bp-7Ch]
int ng_cert_size; // [sp+2Ch] [bp-78h]
Cert *ng_cert; // [sp+30h] [bp-74h]
const char *ap_issuer; // [sp+34h] [bp-70h]
int ap_cert_size; // [sp+38h] [bp-6Ch]
Cert *ap_cert; // [sp+3Ch] [bp-68h]
char ap[64]; // [sp+40h] [bp-64h]
ap_cert_size = 0;
ng_cert_size = 0;
ap_cert = 0;
ng_cert = 0;
ng_cert_handle = 0;
ap_handle = 0;
_certs = 0;
sha1 = 0;
hash_ctx = 0;
if ( (unsigned __int8)hash & 0x3F || !ecc_signature || !certs || !certs_size )
{
ret = ES_EINVAL;
}
else
{
memset(ap, 0, 0x40u);
strcpy(ap, "AP");
_certs = (Cert *)IOS_AllocAligned_es_(0, certs_size, 0x40u);
if ( _certs )
{
memcpy(_certs, certs, certs_size);
ret = ES_FindCert(ap, _certs, certs_size, &ap_cert, &ap_cert_size, &ap_issuer, 0);
if ( ret == IPC_SUCCESS )
{
ret = ES_FindCert(ap_issuer, _certs, certs_size, &ng_cert, &ng_cert_size, &ng_issuer, 1);
if ( ret == IPC_SUCCESS )
{
ret = IOSC_CreateObject_es_(&ng_cert_handle, IOSC_PUBLICKEY_TYPE, IOSC_ECC233_SUBTYPE);
if ( ret == IPC_SUCCESS )
{
ret = ES_VerifyContainer(
(const u8 *)ng_cert,
ng_cert_size,
ng_cert->ecc.ecc.sig,
ng_cert->ecc.ecc.issuer,
_certs,
certs_size,
0u,
0u,
0,
ng_cert_handle,
VERIFY_TYPE_ECC);
if ( ret == IPC_SUCCESS )
{
inputSize = ap_cert_size - 128;
hash_ctx = (uint8_t *)IOS_AllocAligned_es_(0, 0x60u, 0x40u);
if ( hash_ctx )
{
sha1 = (uint8_t *)IOS_AllocAligned_es_(0, 0x14u, 0x40u);
if ( sha1 )
{
ret = IOSC_GenerateHash_es_(hash_ctx, 0, 0, 0, 0);
if ( ret == IPC_SUCCESS )
{
ret = IOSC_GenerateHash_es_(hash_ctx, (const u8 *)ap_cert->ecc.ecc.issuer, inputSize, 2u, sha1);
if ( ret == IPC_SUCCESS )
{
ret = IOSC_VerifyPublicKeySign_es_(
sha1,
0x14u,
(IOSCDefaultKeyHandle)ng_cert_handle,
ap_cert->ecc.ecc.sig);
if ( ret == IPC_SUCCESS )
{
memset(hash_ctx, 0, 0x60u);
ret = IOSC_GenerateHash_es_(hash_ctx, 0, 0, 0, 0);
if ( ret == IPC_SUCCESS )
{
ret = IOSC_GenerateHash_es_(hash_ctx, hash, hash_size, 2u, sha1);
if ( ret == IPC_SUCCESS )
{
ret = IOSC_CreateObject_es_(&ap_handle, IOSC_PUBLICKEY_TYPE, IOSC_ECC233_SUBTYPE);
if ( ret == IPC_SUCCESS )
{
ret = IOSC_ImportPublicKey_es_(ap_cert->ecc.public_key, 0, ap_handle);
if ( ret == IPC_SUCCESS )
ret = IOSC_VerifyPublicKeySign_es_(
sha1,
0x14u,
(IOSCDefaultKeyHandle)ap_handle,
ecc_signature);
}
}
}
}
}
}
}
else
{
ret = ES_ENOMEM;
}
}
else
{
ret = ES_ENOMEM;
}
}
}
}
}
}
else
{
ret = ES_ENOMEM;
}
}
if ( ng_cert_handle || ap_handle )
JUMPOUT(IOSC_DeleteObject__es__0);
if ( _certs )
IOS_Free_es_(0, _certs);
if ( hash_ctx )
IOS_Free_es_(0, hash_ctx);
if ( sha1 )
IOS_Free_es_(0, sha1);
return ret;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment