nold/nstool
1
0
Fork 0
mirror of https://github.com/jakcron/nstool synced 2024-11-22 13:39:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add initial support for NCA signature key generations.

Browse source
This commit is contained in:
Jack 2020-03-10 19:02:56 +08:00
parent 74de59f6dd
commit 3851ee66c5
4 changed files with 21 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/KeyConfiguration.cpp
View file

@ -225,9 +225,21 @@ bool KeyConfiguration::getContentArchiveHeaderKey(fnd::aes::sAesXts128Key& key)
return copyOutKeyResourceIfExists(mContentArchiveHeaderKey, key, kNullAesXtsKey);
}
bool KeyConfiguration::getContentArchiveHeader0SignKey(fnd::rsa::sRsa2048Key& key) const
bool KeyConfiguration::getContentArchiveHeader0SignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const
{
return copyOutKeyResourceIfExists(mContentArchiveHeader0SignKey, key, kNullRsa2048Key);
// TODO: This needs to be changed to support multiple keys
bool keyIsFound = false;
switch (key_generation)
{
case (0x00):
keyIsFound = copyOutKeyResourceIfExists(mContentArchiveHeader0SignKey, key, kNullRsa2048Key);
break;
default:
keyIsFound = false;
}
return keyIsFound;
}
bool KeyConfiguration::getAcidSignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const

2
src/KeyConfiguration.h
View file

@ -25,7 +25,7 @@ public:
// nca keys
bool getContentArchiveHeaderKey(fnd::aes::sAesXts128Key& key) const;
bool getContentArchiveHeader0SignKey(fnd::rsa::sRsa2048Key& key) const;
bool getContentArchiveHeader0SignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const;
bool getAcidSignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const;
bool getNcaKeyAreaEncryptionKey(byte_t masterkey_index, byte_t keak_type, fnd::aes::sAes128Key& key) const;
bool getNcaKeyAreaEncryptionKeyHw(byte_t masterkey_index, byte_t keak_type, fnd::aes::sAes128Key& key) const;

7
src/NcaProcess.cpp
View file

@ -392,7 +392,7 @@ void NcaProcess::validateNcaSignatures()
{
// validate signature[0]
fnd::rsa::sRsa2048Key sign0_key;
mKeyCfg.getContentArchiveHeader0SignKey(sign0_key);
mKeyCfg.getContentArchiveHeader0SignKey(sign0_key, mHdr.getSignatureKeyGeneration());
if (fnd::rsa::pss::rsaVerify(sign0_key, fnd::sha::HASH_SHA256, mHdrHash.bytes, mHdrBlock.signature_main) != 0)
{
std::cout << "[WARNING] NCA Header Main Signature: FAIL" << std::endl;
@ -417,10 +417,12 @@ void NcaProcess::validateNcaSignatures()
MetaProcess npdm;
npdm.setInputFile(new fnd::OffsetAdjustedIFile(mPartitions[nn::hac::nca::PARTITION_CODE].reader, file.offset, file.size));
npdm.setKeyCfg(mKeyCfg);
npdm.setVerifyMode(true);
npdm.setCliOutputMode(0);
npdm.process();
if (fnd::rsa::pss::rsaVerify(npdm.getMeta().getAcid().getContentArchiveHeaderSignature2Key(), fnd::sha::HASH_SHA256, mHdrHash.bytes, mHdrBlock.signature_acid) != 0)
if (fnd::rsa::pss::rsaVerify(npdm.getMeta().getAccessControlInfoDesc().getContentArchiveHeaderSignature2Key(), fnd::sha::HASH_SHA256, mHdrHash.bytes, mHdrBlock.signature_acid) != 0)
{
std::cout << "[WARNING] NCA Header ACID Signature: FAIL" << std::endl;
}
@ -450,6 +452,7 @@ void NcaProcess::displayHeader()
std::cout << " Dist. Type: " << nn::hac::ContentArchiveUtil::getDistributionTypeAsString(mHdr.getDistributionType()) << std::endl;
std::cout << " Content Type: " << nn::hac::ContentArchiveUtil::getContentTypeAsString(mHdr.getContentType()) << std::endl;
std::cout << " Key Generation: " << std::dec << (uint32_t)mHdr.getKeyGeneration() << std::endl;
std::cout << " Sig. Generation: " << std::dec << (uint32_t)mHdr.getSignatureKeyGeneration() << std::endl;
std::cout << " Kaek Index: " << nn::hac::ContentArchiveUtil::getKeyAreaEncryptionKeyIndexAsString((nn::hac::nca::KeyAreaEncryptionKeyIndex)mHdr.getKeyAreaEncryptionKeyIndex()) << " (" << std::dec << (uint32_t)mHdr.getKeyAreaEncryptionKeyIndex() << ")" << std::endl;
std::cout << " Size: 0x" << std::hex << mHdr.getContentSize() << std::endl;
std::cout << " ProgID: 0x" << std::hex << std::setw(16) << std::setfill('0') << mHdr.getProgramId() << std::endl;

2
src/UserSettings.cpp
View file

@ -912,7 +912,7 @@ void UserSettings::dumpKeyConfig() const
std::cout << "[KeyConfiguration]" << std::endl;
std::cout << " NCA Keys:" << std::endl;
if (mKeyCfg.getContentArchiveHeader0SignKey(rsa2048_key) == true)
if (mKeyCfg.getContentArchiveHeader0SignKey(rsa2048_key, 0x00) == true)
dumpRsa2048Key(rsa2048_key, "Header Signature[0] Key", 2);
if (mKeyCfg.getContentArchiveHeaderKey(aesxts_key) == true)
dumpAesXtsKey(aesxts_key, "Header Encryption Key", 2);