IOSC: Add Sign

Equivalent of IOSC_GenerateCertificate + IOSC_GeneratePublicKeySign.

This is copied from ec_wii/MakeAPSigAndCert.

Source/Core/Core/IOS/IOSC.cpp

@@ -6,6 +6,7 @@
 
 #include <algorithm>
 #include <array>
+#include <cinttypes>
 #include <cstddef>
 #include <cstring>
 #include <map>
@@ -477,6 +478,29 @@ Certificate IOSC::GetDeviceCertificate() const
   return cert;
 }
 
+void IOSC::Sign(u8* sig_out, u8* ap_cert_out, u64 title_id, const u8* data, u32 data_size) const
+{
+  std::array<u8, 20> hash{};
+  std::array<u8, 30> ap_priv{};
+
+  ap_priv[0x1d] = 1;
+  // setup random ap_priv here if desired
+  // get_rand_bytes(ap_priv, 0x1e);
+  // ap_priv[0] &= 1;
+
+  const std::string signer = StringFromFormat("Root-CA00000001-MS00000002-NG%08x", GetDeviceId());
+  const std::string name = StringFromFormat("AP%016" PRIx64, title_id);
+  const auto cert = MakeBlankSigECCert(signer.c_str(), name.c_str(), ap_priv.data(), 0);
+  std::copy(cert.begin(), cert.end(), ap_cert_out);
+
+  mbedtls_sha1(ap_cert_out + 0x80, 0x100, hash.data());
+  generate_ecdsa(ap_cert_out + 4, ap_cert_out + 34, m_key_entries[HANDLE_CONSOLE_KEY].data.data(),
+                 hash.data());
+
+  mbedtls_sha1(data, data_size, hash.data());
+  generate_ecdsa(sig_out, sig_out + 30, ap_priv.data(), hash.data());
+}
+
 constexpr std::array<u8, 512> ROOT_PUBLIC_KEY = {
     {0xF8, 0x24, 0x6C, 0x58, 0xBA, 0xE7, 0x50, 0x03, 0x01, 0xFB, 0xB7, 0xC2, 0xEB, 0xE0, 0x01,
      0x05, 0x71, 0xDA, 0x92, 0x23, 0x78, 0xF0, 0x51, 0x4E, 0xC0, 0x03, 0x1D, 0xD0, 0xD2, 0x1E,

Source/Core/Core/IOS/IOSC.h

@@ -8,6 +8,7 @@
 
 #include <array>
 #include <cstddef>
+#include <utility>
 #include <vector>
 
 #include "Common/CommonTypes.h"
@@ -201,6 +202,7 @@ public:
 
   u32 GetDeviceId() const;
   Certificate GetDeviceCertificate() const;
+  void Sign(u8* sig_out, u8* ap_cert_out, u64 title_id, const u8* data, u32 data_size) const;
 
   void DoState(PointerWrap& p);