Esempio n. 1
0
CFDictionaryRef device_info(int socket, CFDictionaryRef request)
{
    uint8_t dkey[40]={0};
    uint8_t emf[36]={0};

    struct HFSInfos hfsinfos={0};
    
    CFMutableDictionaryRef out  = CFDictionaryCreateMutable(kCFAllocatorDefault,
                                                            0,
                                                            &kCFTypeDictionaryKeyCallBacks,
                                                            &kCFTypeDictionaryValueCallBacks);	
    
    get_device_infos(out);
    
    getHFSInfos(&hfsinfos);
    /*
    printf("NAND block size  : %x\n", hfsinfos.blockSize);
    printf("Data volume UUID : %llx\n", CFSwapInt64BigToHost(hfsinfos.volumeUUID));
    printf("Data volume offset : %x\n", hfsinfos.dataVolumeOffset);
    */
    uint8_t* key835 = IOAES_key835();
    uint8_t* key89B = IOAES_key89B();
    
    if (!AppleEffaceableStorage__getBytes(lockers, 960))
    {
        CFDataRef lockersData = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, lockers, 960, kCFAllocatorNull);
        CFDictionaryAddValue(out, CFSTR("lockers"), lockersData);
        CFRelease(lockersData);
        
        if (!AppleEffaceableStorage__getLockerFromBytes(LOCKER_DKEY, lockers, 960, dkey, 40))
        {
            aes_key_wrap_ctx ctx;

            aes_key_wrap_set_key(&ctx, key835, 16);

            if(aes_key_unwrap(&ctx, dkey, dkey, 32/8))
                printf("FAIL unwrapping DKey with key 0x835\n");
        }
        if (!AppleEffaceableStorage__getLockerFromBytes(LOCKER_EMF, lockers, 960, emf, 36))
        {
            doAES(&emf[4], &emf[4], 32, kIOAESAcceleratorCustomMask, key89B, NULL, kIOAESAcceleratorDecrypt, 128);
        }
        else if (!AppleEffaceableStorage__getLockerFromBytes(LOCKER_LWVM, lockers, 960, lwvm, 0x50))
        {
            doAES(lwvm, lwvm, 0x50, kIOAESAcceleratorCustomMask, key89B, NULL, kIOAESAcceleratorDecrypt, 128);
            memcpy(&emf[4], &lwvm[32+16], 32);
        }
    }
    
    CFNumberRef n = CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &hfsinfos.dataVolumeOffset);
    CFDictionaryAddValue(out, CFSTR("dataVolumeOffset"), n);
    CFRelease(n);
    addHexaString(out, CFSTR("dataVolumeUUID"), (uint8_t*) &hfsinfos.volumeUUID, 8);
    addHexaString(out, CFSTR("key835"), key835, 16);
    addHexaString(out, CFSTR("key89B"), key89B, 16);
    addHexaString(out, CFSTR("EMF"), &emf[4], 32);
    addHexaString(out, CFSTR("DKey"), dkey, 32);
    
    return out;
}
Esempio n. 2
0
bool CAgentLoadBalancer::AESKeyUnwrap (
                                       int * const io_pIndex,
                                       const WRAPPED_KEY i_pAESWrappedKey,
                                       KEY o_pPlainTextKey)
{
    FATAL_ASSERT(io_pIndex);
    FATAL_ASSERT(*io_pIndex >= 0);
    FATAL_ASSERT(o_pPlainTextKey);
    FATAL_ASSERT(i_pAESWrappedKey);

    struct KWKEntry * pKWKEntry = GetKWK(GetKMAID(*io_pIndex));

    if (pKWKEntry == NULL)
    {
        Log(AGENT_LOADBALANCER_AESKEYUNWRAP_GETKWK_RETURNED_NULL,
                NULL,
                m_aCluster[*io_pIndex].m_wsApplianceNetworkAddress,
                NULL);
        *io_pIndex = CAgentLoadBalancer::AES_KEY_UNWRAP_ERROR;
        
        return false;
    }

#if defined(DEBUG) && defined(METAWARE)
    char sHexKWK[2*KMS_MAX_KEY_SIZE+1];
    ConvertBinaryToUTF8HexString( sHexKWK, pKWKEntry->m_acKWK, sizeof (pKWKEntry->m_acKWK));
    log_printf("CAgentLoadBalancer::AESKeyUnwrap(): KWK hex=%s\n",
            sHexKWK);
#endif
    
    if (aes_key_unwrap(pKWKEntry->m_acKWK,
        sizeof (pKWKEntry->m_acKWK),
        i_pAESWrappedKey,
        o_pPlainTextKey, 4) != 0)
    {
        Log(AGENT_LOADBALANCER_AESKEYUNWRAP_KEY_UNWRAP_FAILED,
                NULL,
                m_aCluster[*io_pIndex].m_wsApplianceNetworkAddress,
                NULL);
        *io_pIndex = CAgentLoadBalancer::AES_KEY_UNWRAP_ERROR;
        return false;
    }

    return true;
}