2021-09-28 11:15:54 +00:00
# pragma once
# include <string>
# include <vector>
# include <array>
# include <map>
# include <tc/Optional.h>
# include <tc/io.h>
2021-10-01 09:39:34 +00:00
# include <nn/pki/SignUtils.h>
2021-09-28 11:15:54 +00:00
# include <nn/hac/define/types.h>
# include <nn/hac/define/nca.h>
namespace nstool {
struct KeyBag
{
using aes128_key_t = nn : : hac : : detail : : aes128_key_t ;
using aes128_xtskey_t = nn : : hac : : detail : : aes128_xtskey_t ;
using rsa_key_t = tc : : crypto : : RsaKey ;
2021-09-30 11:40:27 +00:00
//using ecc_key_t = tc::crypto::EccKey;
2021-09-28 11:15:54 +00:00
using rights_id_t = nn : : hac : : detail : : rights_id_t ;
using key_generation_t = byte_t ;
using broadon_issuer_t = std : : string ;
static const size_t kNcaKeakNum = nn : : hac : : nca : : kKeyAreaEncryptionKeyNum ;
// acid
std : : map < key_generation_t , rsa_key_t > acid_sign_key ;
// pkg1 and pkg2
std : : map < key_generation_t , aes128_key_t > pkg1_key ;
std : : map < key_generation_t , aes128_key_t > pkg2_key ;
tc : : Optional < rsa_key_t > pkg2_sign_key ;
// nca
tc : : Optional < aes128_xtskey_t > nca_header_key ;
std : : map < key_generation_t , rsa_key_t > nca_header_sign0_key ;
std : : array < std : : map < key_generation_t , aes128_key_t > , kNcaKeakNum > nca_key_area_encryption_key ;
std : : array < std : : map < key_generation_t , aes128_key_t > , kNcaKeakNum > nca_key_area_encryption_key_hw ;
// external content keys (nca<->ticket)
std : : map < rights_id_t , aes128_key_t > external_content_keys ;
tc : : Optional < aes128_key_t > fallback_enc_content_key ; // encrypted content key to be used when external_content_keys does not have the required content key (usually taken raw from ticket)
tc : : Optional < aes128_key_t > fallback_content_key ; // content key to be used when external_content_keys does not have the required content key (usually already decrypted from ticket)
// nrr
std : : map < key_generation_t , rsa_key_t > nrr_certificate_sign_key ;
// xci
tc : : Optional < rsa_key_t > xci_header_sign_key ;
std : : map < byte_t , aes128_key_t > xci_header_key ;
2021-10-08 09:59:27 +00:00
std : : map < byte_t , aes128_key_t > xci_initial_data_kek ;
2021-10-02 04:08:34 +00:00
tc : : Optional < rsa_key_t > xci_cert_sign_key ;
2021-09-28 11:15:54 +00:00
// ticket
std : : map < key_generation_t , aes128_key_t > etik_common_key ;
// BroadOn signer profiles (for es cert and es tik)
2021-09-30 11:40:27 +00:00
// BroadOn Keys
struct BroadOnSignerProfile
2021-09-28 11:15:54 +00:00
{
tc : : ByteData certificate ;
2021-09-30 11:40:27 +00:00
nn : : pki : : sign : : SignatureAlgo key_type ;
rsa_key_t rsa_key ;
// ecc_key_t ecc_key;
2021-09-28 11:15:54 +00:00
} ;
2021-09-30 11:40:27 +00:00
std : : map < broadon_issuer_t , BroadOnSignerProfile > broadon_signer ;
2021-09-28 11:15:54 +00:00
} ;
class KeyBagInitializer : public KeyBag
{
public :
KeyBagInitializer ( bool isDev , const tc : : Optional < tc : : io : : Path > & keyfile_path , const tc : : Optional < tc : : io : : Path > & tik_path , const tc : : Optional < tc : : io : : Path > & cert_path ) ;
private :
KeyBagInitializer ( ) ;
void importBaseKeyFile ( const tc : : io : : Path & keyfile_path , bool isDev ) ;
void importTitleKeyFile ( const tc : : io : : Path & keyfile_path ) ;
void importCertificateChain ( const tc : : io : : Path & cert_path ) ;
void importTicket ( const tc : : io : : Path & tik_path ) ;
2021-10-02 04:08:34 +00:00
void importKnownKeys ( bool isDev ) ;
2021-09-28 11:15:54 +00:00
} ;
}