int
DERImg4DecodeManifest(const DERItem *a1, TheImg4Manifest *a2)
{
int rv;
uint32_t var_14;
if (a1 == NULL || a2 == NULL) {
return DR_ParamErr;
}
if (a1->data == NULL || a1->length == 0) {
return 0;
}
rv = DERParseSequence(a1, 5, DERImg4ManifestItemSpecs, a2, 0);
if (rv) {
return rv;
}
if (DERImg4DecodeTagCompare(&a2->magic, 'IM4M')) {
return DR_UnexpectedTag;
}
rv = DERParseInteger(&a2->version, &var_14);
if (rv) {
return rv;
}
if (var_14) {
return DR_UnexpectedTag;
}
return 0;
}
int
Img4DecodeGetPayloadType(TheImg4 *img4, unsigned int *a2)
{
if (img4 == NULL || a2 == NULL) {
return DR_ParamErr;
}
if (img4->payload.imageData.data == NULL || img4->payload.imageData.length == 0) {
return DR_EndOfSequence;
}
return DERParseInteger(&img4->payload.type, a2);
}
OSStatus SecDHCreateFromParameters(const uint8_t *params,
size_t params_len, SecDHContext *pdh)
{
DERReturn drtn;
DERItem paramItem = {(DERByte *)params, params_len};
DER_DHParams decodedParams;
uint32_t l;
drtn = DERParseSequence(¶mItem,
DER_NumDHParamsItemSpecs, DER_DHParamsItemSpecs,
&decodedParams, sizeof(decodedParams));
if(drtn)
return drtn;
drtn = DERParseInteger(&decodedParams.l, &l);
if(drtn)
return drtn;
cc_size n = ccn_nof_size(decodedParams.p.length);
cc_size p_len = ccn_sizeof_n(n);
size_t context_size = ccdh_gp_size(p_len)+ccdh_full_ctx_size(p_len);
void *context = malloc(context_size);
if(context==NULL)
return errSecAllocate;
bzero(context, context_size);
ccdh_gp_t gp;
gp.gp = context;
CCDH_GP_N(gp) = n;
CCDH_GP_L(gp) = l;
if(ccn_read_uint(n, CCDH_GP_PRIME(gp), decodedParams.p.length, decodedParams.p.data))
goto errOut;
if(decodedParams.recip.length) {
if(ccn_read_uint(n+1, CCDH_GP_RECIP(gp), decodedParams.recip.length, decodedParams.recip.data))
goto errOut;
gp.zp.zp->mod_prime = cczp_mod;
} else {
cczp_init(gp.zp);
};
if(ccn_read_uint(n, CCDH_GP_G(gp), decodedParams.g.length, decodedParams.g.data))
goto errOut;
*pdh = (SecDHContext) context;
return errSecSuccess;
errOut:
SecDHDestroy(context);
*pdh = NULL;
return errSecInvalidKey;
}
int
DERImg4DecodeTagCompare(const DERItem *a1, uint32_t nameTag)
{
uint32_t var_14;
if (a1->length < 4) {
return -1;
}
if (a1->length > 4) {
return 1;
}
if (DERParseInteger(a1, &var_14)) {
return -2;
}
if (var_14 < nameTag) {
return -1;
}
if (var_14 > nameTag) {
return 1;
}
return 0;
}
OSStatus SecDHCreateFromParameters(const uint8_t *params,
size_t params_len, SecDHContext *pdh)
{
// We support DomainParameters as specified in PKCS#3
// (http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-3-diffie-hellman-key-agreement-standar.htm)
// DHParameter ::= SEQUENCE {
// prime INTEGER, -- p
// base INTEGER, -- g
// privateValueLength INTEGER OPTIONAL }
DERReturn drtn;
DERItem paramItem = {(DERByte *)params, params_len};
DER_DHParams decodedParams;
uint32_t l = 0;
drtn = DERParseSequence(¶mItem,
DER_NumDHParamsItemSpecs, DER_DHParamsItemSpecs,
&decodedParams, sizeof(decodedParams));
if(drtn)
return drtn;
if (decodedParams.l.length > 0) {
drtn = DERParseInteger(&decodedParams.l, &l);
if(drtn)
return drtn;
}
cc_size n = ccn_nof_size(decodedParams.p.length);
cc_size p_len = ccn_sizeof_n(n);
size_t context_size = ccdh_gp_size(p_len)+ccdh_full_ctx_size(p_len);
void *context = malloc(context_size);
if(context==NULL)
return errSecAllocate;
bzero(context, context_size);
ccdh_gp_t gp;
gp.gp = context;
CCDH_GP_N(gp) = n;
CCDH_GP_L(gp) = l;
if(ccn_read_uint(n, CCDH_GP_PRIME(gp), decodedParams.p.length, decodedParams.p.data))
goto errOut;
if(decodedParams.recip.length) {
if(ccn_read_uint(n+1, CCDH_GP_RECIP(gp), decodedParams.recip.length, decodedParams.recip.data))
goto errOut;
CCZP_MOD_PRIME(gp.zp) = cczp_mod;
} else {
cczp_init(gp.zp);
};
if(ccn_read_uint(n, CCDH_GP_G(gp), decodedParams.g.length, decodedParams.g.data))
goto errOut;
*pdh = (SecDHContext) context;
return errSecSuccess;
errOut:
SecDHDestroy(context);
*pdh = NULL;
return errSecInvalidKey;
}
int
main(int argc, char **argv)
{
int rv;
const char *what;
const char *filename;
const char *outname;
TheImg4 *img4;
unsigned type;
unsigned written;
unsigned char ivkey[16 + 32];
unsigned char *iv = NULL, *key = NULL;
unsigned char *output = NULL;
unsigned outlen = 0;
int outdup = 0;
DERItem item;
unsigned char *data;
size_t size;
if (argc < 4) {
fprintf(stderr, "usage: %s {-image|-extra|-keybag|-ticket} input output [ivkey]\n", argv[0]);
return 1;
}
what = argv[1];
filename = argv[2];
outname = argv[3];
if (argc > 4) {
rv = str2hex(sizeof(ivkey), ivkey, argv[4]);
if (rv == sizeof(ivkey)) {
iv = ivkey;
key = ivkey + 16;
}
}
data = read_file(filename, 0, &size);
if (data == NULL) {
fprintf(stderr, "[e] cannot read '%s'\n", filename);
return -1;
}
img4 = parse(data, size);
if (!img4) {
fprintf(stderr, "[e] cannot parse '%s'\n", filename);
free(data);
return -1;
}
rv = Img4DecodeGetPayloadType(img4, &type);
if (rv) {
fprintf(stderr, "[e] cannot identify '%s'\n", filename);
goto err;
}
printf("%c%c%c%c\n", FOURCC(type));
if (!strncmp(what, "-i", 2) || !strncmp(what, "-e", 2)) {
int decompress;
rv = Img4DecodeGetPayload(img4, &item);
if (rv) {
fprintf(stderr, "[e] cannot extract payload from '%s'\n", filename);
goto err;
}
output = item.data;
outlen = item.length;
if (iv && key) {
if (outlen & 15) {
unsigned usize = (outlen + 15) & ~15;
unsigned char *tmp = calloc(1, usize);
if (!tmp) {
fprintf(stderr, "[e] out of memory %u\n", usize);
goto err;
}
memcpy(tmp, output, outlen);
OUTSET(tmp);
}
rv = Img4DecodeGetPayloadKeybag(img4, &item);
if (rv || item.length == 0) {
fprintf(stderr, "[w] image '%s' has no keybag\n", filename);
}
#ifdef USE_CORECRYPTO
cccbc_one_shot(ccaes_cbc_decrypt_mode(), 32, key, iv, (outlen + 15) / 16, output, output);
#else
AES_KEY decryptKey;
AES_set_decrypt_key(key, 256, &decryptKey);
AES_cbc_encrypt(output, output, (outlen + 15) & ~15, &decryptKey, iv, AES_DECRYPT);
#endif
}
#ifdef iOS10
if (img4->payload.compression.data && img4->payload.compression.length) {
DERItem tmp[2];
uint32_t deco = 0;
uint64_t usize = 0;
if (DERParseSequenceContent(&img4->payload.compression, 2, DERImg4PayloadItemSpecs10c, tmp, 0) ||
DERParseInteger(&tmp[0], &deco) || DERParseInteger64(&tmp[1], &usize)) {
fprintf(stderr, "[e] cannot get decompression info\n");
goto err;
}
if (deco == 1 && what[1] == 'i') {
size_t asize = lzfse_decode_scratch_size();
unsigned char *dec, *aux = malloc(asize);
if (!aux) {
fprintf(stderr, "[e] out of memory %zu\n", asize);
goto err;
}
dec = malloc(usize + 1);
if (!dec) {
fprintf(stderr, "[e] out of memory %llu\n", usize + 1);
free(aux);
goto err;
}
outlen = lzfse_decode_buffer(dec, usize + 1, output, outlen, aux);
free(aux);
if (outlen != usize) {
fprintf(stderr, "[e] decompression error\n");
free(dec);
goto err;
}
OUTSET(dec);
}
}
#endif
decompress = (DWORD_BE(output, 0) == 'comp' && DWORD_BE(output, 4) == 'lzss');
if (decompress && what[1] == 'i') {
uint32_t csize = DWORD_BE(output, 16);
uint32_t usize = DWORD_BE(output, 12);
uint32_t adler = DWORD_BE(output, 8);
unsigned char *dec = malloc(usize);
if (outlen > 0x180 + csize) {
fprintf(stderr, "[i] extra 0x%x bytes after compressed chunk\n", outlen - 0x180 - csize);
}
if (!dec) {
fprintf(stderr, "[e] out of memory %u\n", usize);
goto err;
}
outlen = decompress_lzss(dec, output + 0x180, csize);
if (adler != lzadler32(dec, outlen)) {
fprintf(stderr, "[w] adler32 mismatch\n");
}
OUTSET(dec);
} else if (decompress) {
uint32_t csize = DWORD_BE(output, 16);
uint32_t usize = outlen - 0x180 - csize;
if (outlen > 0x180 + csize) {
unsigned char *dec = malloc(usize);
if (!dec) {
fprintf(stderr, "[e] out of memory %u\n", usize);
goto err;
}
memcpy(dec, output + 0x180 + csize, usize);
outlen = usize;
OUTSET(dec);
} else {
OUTSET(NULL);
}
} else if (what[1] == 'e') {
OUTSET(NULL);
}
if (!output) {
fprintf(stderr, "[e] nothing to do\n");
goto err;
}
}
if (!strncmp(what, "-k", 2)) {
rv = Img4DecodeGetPayloadKeybag(img4, &item);
if (rv == 0 && item.length) {
output = item.data;
outlen = item.length;
} else {
fprintf(stderr, "[e] image '%s' has no keybag\n", filename);
goto err;
}
}
if (!strncmp(what, "-t", 2)) {
bool exists = false;
rv = Img4DecodeManifestExists(img4, &exists);
if (rv == 0 && exists) {
output = img4->manifestRaw.data;
outlen = img4->manifestRaw.length;
} else {
fprintf(stderr, "[e] image '%s' has no ticket\n", filename);
goto err;
}
}
written = write_file(outname, output, outlen);
if (written != outlen) {
fprintf(stderr, "[e] cannot write '%s'\n", outname);
goto err;
}
rv = 0;
out:
if (outdup) {
free(output);
}
free(img4);
free(data);
return rv;
err:
rv = -1;
goto out;
}
