From 900415f49d3468f848029274cfab42379c3c91ea Mon Sep 17 00:00:00 2001 From: jakcron Date: Mon, 6 Aug 2018 16:59:56 +0800 Subject: [PATCH] Take out non-ticket code from libes into new libpki. --- .vscode/c_cpp_properties.json | 5 +- README.md | 13 ++--- lib/libes/include/es/SignUtils.h | 14 ----- lib/libes/source/SignUtils.cpp | 45 ---------------- .../include/pki}/CertificateBody.h | 6 +-- lib/libpki/include/pki/SignUtils.h | 14 +++++ .../include/pki}/SignatureBlock.h | 10 ++-- .../es => libpki/include/pki}/SignedData.h | 8 +-- .../include/es => libpki/include/pki}/cert.h | 2 +- .../include/es => libpki/include/pki}/sign.h | 2 +- lib/libpki/makefile | 47 +++++++++++++++++ .../source/CertificateBody.cpp | 48 ++++++++--------- lib/libpki/source/SignUtils.cpp | 45 ++++++++++++++++ .../source/SignatureBlock.cpp | 32 ++++++------ lib/makefile | 2 +- programs/nstool/makefile | 2 +- programs/nstool/source/EsCertProcess.cpp | 34 ++++++------ programs/nstool/source/EsCertProcess.h | 12 ++--- programs/nstool/source/EsTikProcess.cpp | 12 ++--- programs/nstool/source/EsTikProcess.h | 4 +- programs/nstool/source/PkiValidator.cpp | 52 +++++++++---------- programs/nstool/source/PkiValidator.h | 18 +++---- programs/nstool/source/UserSettings.cpp | 14 ++--- 23 files changed, 245 insertions(+), 196 deletions(-) delete mode 100644 lib/libes/include/es/SignUtils.h delete mode 100644 lib/libes/source/SignUtils.cpp rename lib/{libes/include/es => libpki/include/pki}/CertificateBody.h (94%) create mode 100644 lib/libpki/include/pki/SignUtils.h rename lib/{libes/include/es => libpki/include/pki}/SignatureBlock.h (84%) rename lib/{libes/include/es => libpki/include/pki}/SignedData.h (94%) rename lib/{libes/include/es => libpki/include/pki}/cert.h (98%) rename lib/{libes/include/es => libpki/include/pki}/sign.h (98%) create mode 100644 lib/libpki/makefile rename lib/{libes => libpki}/source/CertificateBody.cpp (78%) create mode 100644 lib/libpki/source/SignUtils.cpp rename lib/{libes => libpki}/source/SignatureBlock.cpp (78%) diff --git a/.vscode/c_cpp_properties.json b/.vscode/c_cpp_properties.json index 174c73a..e996876 100644 --- a/.vscode/c_cpp_properties.json +++ b/.vscode/c_cpp_properties.json @@ -9,10 +9,11 @@ "/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include", "/usr/include", "${workspaceRoot}", - "${workspaceRoot}/lib/libcrypto/include", - "${workspaceRoot}/lib/libcrypto/source/polarssl/libinclude", + "${workspaceRoot}/lib/libcrypto/include", + "${workspaceRoot}/lib/libcrypto/source/polarssl/libinclude", "${workspaceRoot}/lib/libcompress/include", "${workspaceRoot}/lib/libes/include", + "${workspaceRoot}/lib/libpki/include", "${workspaceRoot}/lib/libfnd/include", "${workspaceRoot}/lib/libnx/include", "${workspaceRoot}/lib/libnx-hb/include" diff --git a/README.md b/README.md index 1bb4f5a..377b1a2 100644 --- a/README.md +++ b/README.md @@ -10,12 +10,13 @@ Tools & Libraries for NX (Nintendo Switch). # Libraries -* __libfnd__ - Foundation library. -* __libcrypto__ - Cryptographic functions (AES,SHA,RSA). Wrapper for [mbedTLS](https://github.com/ARMmbed/mbedtls) -* __libcompress__ - Compression algorithms (LZ4). Wrapper for [lz4](https://github.com/lz4/lz4) -* __libes__ - Handling of (NX relevant) eShop file type processing. (eTickets, etc) -* __libnx__ - Handling of NX file types. -* __libnx-hb__ - Handling of NX (homebrew extensions) file types. +* __libfnd__ - Foundation library. +* __libcrypto__ - Cryptographic functions (AES,SHA,RSA). Wrapper for [mbedTLS](https://github.com/ARMmbed/mbedtls) +* __libcompress__ - Compression algorithms (LZ4). Wrapper for [lz4](https://github.com/lz4/lz4) +* __libpki__ - Processes Nintendo's proprietary PKI. +* __libes__ - Processes Nintendo's eShop file types. +* __libnx__ - Processes NX file types. +* __libnx-hb__ - Processes NX file types (homebrew extensions). # Building diff --git a/lib/libes/include/es/SignUtils.h b/lib/libes/include/es/SignUtils.h deleted file mode 100644 index 26996a2..0000000 --- a/lib/libes/include/es/SignUtils.h +++ /dev/null @@ -1,14 +0,0 @@ -#pragma once -#include -#include - -namespace es -{ - -namespace sign -{ - es::sign::SignatureAlgo getSignatureAlgo(es::sign::SignatureId sign_id); - es::sign::HashAlgo getHashAlgo(es::sign::SignatureId sign_id); -} - -} \ No newline at end of file diff --git a/lib/libes/source/SignUtils.cpp b/lib/libes/source/SignUtils.cpp deleted file mode 100644 index 29b594d..0000000 --- a/lib/libes/source/SignUtils.cpp +++ /dev/null @@ -1,45 +0,0 @@ -#include - -es::sign::SignatureAlgo es::sign::getSignatureAlgo(es::sign::SignatureId sign_id) -{ - SignatureAlgo sign_algo = SIGN_ALGO_RSA4096; - - switch (sign_id) - { - case (es::sign::SIGN_ID_RSA4096_SHA1): - case (es::sign::SIGN_ID_RSA4096_SHA256): - sign_algo = SIGN_ALGO_RSA4096; - break; - case (es::sign::SIGN_ID_RSA2048_SHA1): - case (es::sign::SIGN_ID_RSA2048_SHA256): - sign_algo = SIGN_ALGO_RSA2048; - break; - case (es::sign::SIGN_ID_ECDSA240_SHA1): - case (es::sign::SIGN_ID_ECDSA240_SHA256): - sign_algo = SIGN_ALGO_ECDSA240; - break; - }; - - return sign_algo; -} - -es::sign::HashAlgo es::sign::getHashAlgo(es::sign::SignatureId sign_id) -{ - HashAlgo hash_algo = HASH_ALGO_SHA1; - - switch (sign_id) - { - case (es::sign::SIGN_ID_RSA4096_SHA1): - case (es::sign::SIGN_ID_RSA2048_SHA1): - case (es::sign::SIGN_ID_ECDSA240_SHA1): - hash_algo = HASH_ALGO_SHA1; - break; - case (es::sign::SIGN_ID_RSA4096_SHA256): - case (es::sign::SIGN_ID_RSA2048_SHA256): - case (es::sign::SIGN_ID_ECDSA240_SHA256): - hash_algo = HASH_ALGO_SHA256; - break; - }; - - return hash_algo; -} \ No newline at end of file diff --git a/lib/libes/include/es/CertificateBody.h b/lib/libpki/include/pki/CertificateBody.h similarity index 94% rename from lib/libes/include/es/CertificateBody.h rename to lib/libpki/include/pki/CertificateBody.h index 20cbbe9..c02494c 100644 --- a/lib/libes/include/es/CertificateBody.h +++ b/lib/libpki/include/pki/CertificateBody.h @@ -1,9 +1,9 @@ #pragma once #include #include -#include +#include -namespace es +namespace pki { class CertificateBody : public fnd::ISerialisable @@ -27,7 +27,7 @@ namespace es const std::string& getIssuer() const; void setIssuer(const std::string& issuer); - es::cert::PublicKeyType getPublicKeyType() const; + pki::cert::PublicKeyType getPublicKeyType() const; void setPublicKeyType(cert::PublicKeyType type); const std::string& getSubject() const; diff --git a/lib/libpki/include/pki/SignUtils.h b/lib/libpki/include/pki/SignUtils.h new file mode 100644 index 0000000..dc71e2a --- /dev/null +++ b/lib/libpki/include/pki/SignUtils.h @@ -0,0 +1,14 @@ +#pragma once +#include +#include + +namespace pki +{ + +namespace sign +{ + pki::sign::SignatureAlgo getSignatureAlgo(pki::sign::SignatureId sign_id); + pki::sign::HashAlgo getHashAlgo(pki::sign::SignatureId sign_id); +} + +} \ No newline at end of file diff --git a/lib/libes/include/es/SignatureBlock.h b/lib/libpki/include/pki/SignatureBlock.h similarity index 84% rename from lib/libes/include/es/SignatureBlock.h rename to lib/libpki/include/pki/SignatureBlock.h index 111d5d7..1fcad69 100644 --- a/lib/libes/include/es/SignatureBlock.h +++ b/lib/libpki/include/pki/SignatureBlock.h @@ -1,9 +1,9 @@ #pragma once #include #include -#include +#include -namespace es +namespace pki { class SignatureBlock : public fnd::ISerialisable @@ -24,8 +24,8 @@ namespace es // variables void clear(); - es::sign::SignatureId getSignType() const; - void setSignType(es::sign::SignatureId type); + pki::sign::SignatureId getSignType() const; + void setSignType(pki::sign::SignatureId type); bool isLittleEndian() const; void setLittleEndian(bool isLE); @@ -41,7 +41,7 @@ namespace es fnd::Vec mRawBinary; // variables - es::sign::SignatureId mSignType; + pki::sign::SignatureId mSignType; bool mIsLittleEndian; fnd::Vec mSignature; }; diff --git a/lib/libes/include/es/SignedData.h b/lib/libpki/include/pki/SignedData.h similarity index 94% rename from lib/libes/include/es/SignedData.h rename to lib/libpki/include/pki/SignedData.h index 366b350..abe38d6 100644 --- a/lib/libes/include/es/SignedData.h +++ b/lib/libpki/include/pki/SignedData.h @@ -1,9 +1,9 @@ #pragma once #include #include -#include +#include -namespace es +namespace pki { template class SignedData @@ -25,7 +25,7 @@ namespace es // variables void clear(); - const es::SignatureBlock& getSignature() const; + const pki::SignatureBlock& getSignature() const; void setSignature(const SignatureBlock& signature); const T& getBody() const; @@ -111,7 +111,7 @@ namespace es } template - inline const es::SignatureBlock& SignedData::getSignature() const + inline const pki::SignatureBlock& SignedData::getSignature() const { return mSignature; } diff --git a/lib/libes/include/es/cert.h b/lib/libpki/include/pki/cert.h similarity index 98% rename from lib/libes/include/es/cert.h rename to lib/libpki/include/pki/cert.h index ab4ec0a..c7e3b52 100644 --- a/lib/libes/include/es/cert.h +++ b/lib/libpki/include/pki/cert.h @@ -5,7 +5,7 @@ #include #include -namespace es +namespace pki { namespace cert { diff --git a/lib/libes/include/es/sign.h b/lib/libpki/include/pki/sign.h similarity index 98% rename from lib/libes/include/es/sign.h rename to lib/libpki/include/pki/sign.h index 47b4d3d..27442cc 100644 --- a/lib/libes/include/es/sign.h +++ b/lib/libpki/include/pki/sign.h @@ -5,7 +5,7 @@ #include #include -namespace es +namespace pki { namespace sign { diff --git a/lib/libpki/makefile b/lib/libpki/makefile new file mode 100644 index 0000000..ba0b6e8 --- /dev/null +++ b/lib/libpki/makefile @@ -0,0 +1,47 @@ +# Sources +SRC_DIR = source +OBJS = $(foreach dir,$(SRC_DIR),$(subst .cpp,.o,$(wildcard $(dir)/*.cpp))) $(foreach dir,$(SRC_DIR),$(subst .c,.o,$(wildcard $(dir)/*.c))) + +# External dependencies +DEPENDS = fnd crypto +LIB_DIR = .. +INCS = -I"include" $(foreach dep,$(DEPENDS), -I"$(LIB_DIR)/lib$(dep)/include") + + +# Compiler Settings +CXXFLAGS = -std=c++11 $(INCS) -D__STDC_FORMAT_MACROS -Wall -Wno-unused-value +CFLAGS = -std=c11 $(INCS) -Wall -Wno-unused-value +ARFLAGS = cr -o +ifeq ($(OS),Windows_NT) + # Windows Only Flags/Libs + CC = x86_64-w64-mingw32-gcc + CXX = x86_64-w64-mingw32-g++ + CFLAGS += -Wno-unused-but-set-variable + CXXFLAGS += -Wno-unused-but-set-variable +else + UNAME = $(shell uname -s) + ifeq ($(UNAME), Darwin) + # MacOS Only Flags/Libs + CFLAGS += -Wno-unused-private-field + CXXFLAGS += -Wno-unused-private-field + ARFLAGS = rc + else + # *nix Only Flags/Libs + CFLAGS += -Wno-unused-but-set-variable + CXXFLAGS += -Wno-unused-but-set-variable + endif + +endif + +# Output +OUTPUT = $(shell basename $(CURDIR)).a + +main: build + +rebuild: clean build + +build: $(OBJS) + ar $(ARFLAGS) $(OUTPUT) $(OBJS) + +clean: + rm -rf $(OUTPUT) $(OBJS) \ No newline at end of file diff --git a/lib/libes/source/CertificateBody.cpp b/lib/libpki/source/CertificateBody.cpp similarity index 78% rename from lib/libes/source/CertificateBody.cpp rename to lib/libpki/source/CertificateBody.cpp index 6219a21..d844101 100644 --- a/lib/libes/source/CertificateBody.cpp +++ b/lib/libpki/source/CertificateBody.cpp @@ -1,16 +1,16 @@ -#include +#include -es::CertificateBody::CertificateBody() +pki::CertificateBody::CertificateBody() { clear(); } -es::CertificateBody::CertificateBody(const CertificateBody& other) +pki::CertificateBody::CertificateBody(const CertificateBody& other) { *this = other; } -void es::CertificateBody::operator=(const CertificateBody& other) +void pki::CertificateBody::operator=(const CertificateBody& other) { mRawBinary = other.mRawBinary; mIssuer = other.mIssuer; @@ -22,7 +22,7 @@ void es::CertificateBody::operator=(const CertificateBody& other) mEcdsa240PublicKey = other.mEcdsa240PublicKey; } -bool es::CertificateBody::operator==(const CertificateBody& other) const +bool pki::CertificateBody::operator==(const CertificateBody& other) const { return (mIssuer == other.mIssuer) \ && (mSubject == other.mSubject) \ @@ -33,12 +33,12 @@ bool es::CertificateBody::operator==(const CertificateBody& other) const && (mEcdsa240PublicKey == other.mEcdsa240PublicKey); } -bool es::CertificateBody::operator!=(const CertificateBody& other) const +bool pki::CertificateBody::operator!=(const CertificateBody& other) const { return !(*this == other); } -void es::CertificateBody::toBytes() +void pki::CertificateBody::toBytes() { // get public key size size_t pubkeySize = 0; @@ -86,7 +86,7 @@ void es::CertificateBody::toBytes() } } -void es::CertificateBody::fromBytes(const byte_t* src, size_t size) +void pki::CertificateBody::fromBytes(const byte_t* src, size_t size) { clear(); @@ -155,13 +155,13 @@ void es::CertificateBody::fromBytes(const byte_t* src, size_t size) } } -const fnd::Vec& es::CertificateBody::getBytes() const +const fnd::Vec& pki::CertificateBody::getBytes() const { return mRawBinary; } -void es::CertificateBody::clear() +void pki::CertificateBody::clear() { mIssuer.clear(); mSubject.clear(); @@ -173,12 +173,12 @@ void es::CertificateBody::clear() memset(&mEcdsa240PublicKey, 0, sizeof(crypto::ecdsa::sEcdsa240Point)); } -const std::string& es::CertificateBody::getIssuer() const +const std::string& pki::CertificateBody::getIssuer() const { return mIssuer; } -void es::CertificateBody::setIssuer(const std::string& issuer) +void pki::CertificateBody::setIssuer(const std::string& issuer) { if (issuer.size() > cert::kIssuerSize) { @@ -188,22 +188,22 @@ void es::CertificateBody::setIssuer(const std::string& issuer) mIssuer = issuer; } -es::cert::PublicKeyType es::CertificateBody::getPublicKeyType() const +pki::cert::PublicKeyType pki::CertificateBody::getPublicKeyType() const { return mPublicKeyType; } -void es::CertificateBody::setPublicKeyType(cert::PublicKeyType type) +void pki::CertificateBody::setPublicKeyType(cert::PublicKeyType type) { mPublicKeyType = type; } -const std::string& es::CertificateBody::getSubject() const +const std::string& pki::CertificateBody::getSubject() const { return mSubject; } -void es::CertificateBody::setSubject(const std::string& subject) +void pki::CertificateBody::setSubject(const std::string& subject) { if (subject.size() > cert::kSubjectSize) { @@ -213,42 +213,42 @@ void es::CertificateBody::setSubject(const std::string& subject) mSubject = subject; } -uint32_t es::CertificateBody::getCertId() const +uint32_t pki::CertificateBody::getCertId() const { return mCertId; } -void es::CertificateBody::setCertId(uint32_t id) +void pki::CertificateBody::setCertId(uint32_t id) { mCertId = id; } -const crypto::rsa::sRsa4096Key& es::CertificateBody::getRsa4098PublicKey() const +const crypto::rsa::sRsa4096Key& pki::CertificateBody::getRsa4098PublicKey() const { return mRsa4096PublicKey; } -void es::CertificateBody::setRsa4098PublicKey(const crypto::rsa::sRsa4096Key& key) +void pki::CertificateBody::setRsa4098PublicKey(const crypto::rsa::sRsa4096Key& key) { mRsa4096PublicKey = key; } -const crypto::rsa::sRsa2048Key& es::CertificateBody::getRsa2048PublicKey() const +const crypto::rsa::sRsa2048Key& pki::CertificateBody::getRsa2048PublicKey() const { return mRsa2048PublicKey; } -void es::CertificateBody::setRsa2048PublicKey(const crypto::rsa::sRsa2048Key& key) +void pki::CertificateBody::setRsa2048PublicKey(const crypto::rsa::sRsa2048Key& key) { mRsa2048PublicKey = key; } -const crypto::ecdsa::sEcdsa240Point& es::CertificateBody::getEcdsa240PublicKey() const +const crypto::ecdsa::sEcdsa240Point& pki::CertificateBody::getEcdsa240PublicKey() const { return mEcdsa240PublicKey; } -void es::CertificateBody::setEcdsa240PublicKey(const crypto::ecdsa::sEcdsa240Point& key) +void pki::CertificateBody::setEcdsa240PublicKey(const crypto::ecdsa::sEcdsa240Point& key) { mEcdsa240PublicKey = key; } \ No newline at end of file diff --git a/lib/libpki/source/SignUtils.cpp b/lib/libpki/source/SignUtils.cpp new file mode 100644 index 0000000..43cfb1e --- /dev/null +++ b/lib/libpki/source/SignUtils.cpp @@ -0,0 +1,45 @@ +#include + +pki::sign::SignatureAlgo pki::sign::getSignatureAlgo(pki::sign::SignatureId sign_id) +{ + SignatureAlgo sign_algo = SIGN_ALGO_RSA4096; + + switch (sign_id) + { + case (pki::sign::SIGN_ID_RSA4096_SHA1): + case (pki::sign::SIGN_ID_RSA4096_SHA256): + sign_algo = SIGN_ALGO_RSA4096; + break; + case (pki::sign::SIGN_ID_RSA2048_SHA1): + case (pki::sign::SIGN_ID_RSA2048_SHA256): + sign_algo = SIGN_ALGO_RSA2048; + break; + case (pki::sign::SIGN_ID_ECDSA240_SHA1): + case (pki::sign::SIGN_ID_ECDSA240_SHA256): + sign_algo = SIGN_ALGO_ECDSA240; + break; + }; + + return sign_algo; +} + +pki::sign::HashAlgo pki::sign::getHashAlgo(pki::sign::SignatureId sign_id) +{ + HashAlgo hash_algo = HASH_ALGO_SHA1; + + switch (sign_id) + { + case (pki::sign::SIGN_ID_RSA4096_SHA1): + case (pki::sign::SIGN_ID_RSA2048_SHA1): + case (pki::sign::SIGN_ID_ECDSA240_SHA1): + hash_algo = HASH_ALGO_SHA1; + break; + case (pki::sign::SIGN_ID_RSA4096_SHA256): + case (pki::sign::SIGN_ID_RSA2048_SHA256): + case (pki::sign::SIGN_ID_ECDSA240_SHA256): + hash_algo = HASH_ALGO_SHA256; + break; + }; + + return hash_algo; +} \ No newline at end of file diff --git a/lib/libes/source/SignatureBlock.cpp b/lib/libpki/source/SignatureBlock.cpp similarity index 78% rename from lib/libes/source/SignatureBlock.cpp rename to lib/libpki/source/SignatureBlock.cpp index b568e7c..bf19b20 100644 --- a/lib/libes/source/SignatureBlock.cpp +++ b/lib/libpki/source/SignatureBlock.cpp @@ -1,16 +1,16 @@ -#include +#include -es::SignatureBlock::SignatureBlock() +pki::SignatureBlock::SignatureBlock() { clear(); } -es::SignatureBlock::SignatureBlock(const SignatureBlock& other) +pki::SignatureBlock::SignatureBlock(const SignatureBlock& other) { *this = other; } -void es::SignatureBlock::operator=(const SignatureBlock& other) +void pki::SignatureBlock::operator=(const SignatureBlock& other) { mRawBinary = other.mRawBinary; mSignType = other.mSignType; @@ -18,19 +18,19 @@ void es::SignatureBlock::operator=(const SignatureBlock& other) mSignature = other.mSignature; } -bool es::SignatureBlock::operator==(const SignatureBlock& other) const +bool pki::SignatureBlock::operator==(const SignatureBlock& other) const { return (mSignType == other.mSignType) \ && (mIsLittleEndian == other.mIsLittleEndian) \ && (mSignature == other.mSignature); } -bool es::SignatureBlock::operator!=(const SignatureBlock& other) const +bool pki::SignatureBlock::operator!=(const SignatureBlock& other) const { return !(*this == other); } -void es::SignatureBlock::toBytes() +void pki::SignatureBlock::toBytes() { size_t totalSize = 0; size_t sigSize = 0; @@ -68,7 +68,7 @@ void es::SignatureBlock::toBytes() memcpy(mRawBinary.data() + 4, mSignature.data(), sigSize); } -void es::SignatureBlock::fromBytes(const byte_t* src, size_t size) +void pki::SignatureBlock::fromBytes(const byte_t* src, size_t size) { clear(); @@ -138,12 +138,12 @@ void es::SignatureBlock::fromBytes(const byte_t* src, size_t size) memcpy(mSignature.data(), mRawBinary.data() + 4, sigSize); } -const fnd::Vec& es::SignatureBlock::getBytes() const +const fnd::Vec& pki::SignatureBlock::getBytes() const { return mRawBinary; } -void es::SignatureBlock::clear() +void pki::SignatureBlock::clear() { mRawBinary.clear(); mSignType = sign::SIGN_ID_RSA4096_SHA1; @@ -151,32 +151,32 @@ void es::SignatureBlock::clear() mSignature.clear(); } -es::sign::SignatureId es::SignatureBlock::getSignType() const +pki::sign::SignatureId pki::SignatureBlock::getSignType() const { return mSignType; } -void es::SignatureBlock::setSignType(es::sign::SignatureId type) +void pki::SignatureBlock::setSignType(pki::sign::SignatureId type) { mSignType = type; } -bool es::SignatureBlock::isLittleEndian() const +bool pki::SignatureBlock::isLittleEndian() const { return mIsLittleEndian; } -void es::SignatureBlock::setLittleEndian(bool isLE) +void pki::SignatureBlock::setLittleEndian(bool isLE) { mIsLittleEndian = isLE; } -const fnd::Vec& es::SignatureBlock::getSignature() const +const fnd::Vec& pki::SignatureBlock::getSignature() const { return mSignature; } -void es::SignatureBlock::setSignature(const fnd::Vec& signature) +void pki::SignatureBlock::setSignature(const fnd::Vec& signature) { mSignature = signature; } diff --git a/lib/makefile b/lib/makefile index 89636d0..7928e45 100644 --- a/lib/makefile +++ b/lib/makefile @@ -1,4 +1,4 @@ -LIBS = libfnd libcrypto libcompress libes libnx libnx-hb +LIBS = libfnd libcrypto libcompress libes libpki libnx libnx-hb main: build rebuild: clean build diff --git a/programs/nstool/makefile b/programs/nstool/makefile index 517a561..ddbdcd3 100644 --- a/programs/nstool/makefile +++ b/programs/nstool/makefile @@ -3,7 +3,7 @@ SRC_DIR = source OBJS = $(foreach dir,$(SRC_DIR),$(subst .cpp,.o,$(wildcard $(dir)/*.cpp))) $(foreach dir,$(SRC_DIR),$(subst .c,.o,$(wildcard $(dir)/*.c))) # External dependencies -DEPENDS = nx-hb nx es crypto compress fnd +DEPENDS = nx-hb nx es pki crypto compress fnd LIB_DIR = ../../lib LIBS = $(foreach dep,$(DEPENDS), -L"$(LIB_DIR)/lib$(dep)" -l$(dep)) INCS = $(foreach dep,$(DEPENDS), -I"$(LIB_DIR)/lib$(dep)/include") diff --git a/programs/nstool/source/EsCertProcess.cpp b/programs/nstool/source/EsCertProcess.cpp index 9f65bf0..bd15514 100644 --- a/programs/nstool/source/EsCertProcess.cpp +++ b/programs/nstool/source/EsCertProcess.cpp @@ -2,7 +2,7 @@ #include #include -#include +#include #include "OffsetAdjustedIFile.h" #include "EsCertProcess.h" #include "PkiValidator.h" @@ -66,7 +66,7 @@ void EsCertProcess::importCerts() scratch.alloc(mFile->size()); mFile->read(scratch.data(), 0, scratch.size()); - es::SignedData cert; + pki::SignedData cert; for (size_t f_pos = 0; f_pos < scratch.size(); f_pos += cert.getBytes().size()) { cert.fromBytes(scratch.data() + f_pos, scratch.size() - f_pos); @@ -98,7 +98,7 @@ void EsCertProcess::displayCerts() } } -void EsCertProcess::displayCert(const es::SignedData& cert) +void EsCertProcess::displayCert(const pki::SignedData& cert) { #define _SPLIT_VER(ver) ( (ver>>26) & 0x3f), ( (ver>>20) & 0x3f), ( (ver>>16) & 0xf), (ver & 0xffff) #define _HEXDUMP_U(var, len) do { for (size_t a__a__A = 0; a__a__A < len; a__a__A++) printf("%02X", var[a__a__A]); } while(0) @@ -119,7 +119,7 @@ void EsCertProcess::displayCert(const es::SignedData& cert) std::cout << std::endl; std::cout << " CertID: 0x" << std::hex << cert.getBody().getCertId() << std::endl; - if (cert.getBody().getPublicKeyType() == es::cert::RSA4096) + if (cert.getBody().getPublicKeyType() == pki::cert::RSA4096) { std::cout << " PublicKey:" << std::endl; std::cout << " Modulus:" << std::endl; @@ -127,7 +127,7 @@ void EsCertProcess::displayCert(const es::SignedData& cert) std::cout << " Public Exponent:" << std::endl; fnd::SimpleTextOutput::hexDump(cert.getBody().getRsa4098PublicKey().public_exponent, crypto::rsa::kRsaPublicExponentSize, 0x10, 6); } - else if (cert.getBody().getPublicKeyType() == es::cert::RSA2048) + else if (cert.getBody().getPublicKeyType() == pki::cert::RSA2048) { std::cout << " PublicKey:" << std::endl; std::cout << " Public Exponent:" << std::endl; @@ -135,7 +135,7 @@ void EsCertProcess::displayCert(const es::SignedData& cert) std::cout << " Modulus:" << std::endl; fnd::SimpleTextOutput::hexDump(cert.getBody().getRsa2048PublicKey().public_exponent, crypto::rsa::kRsaPublicExponentSize, 0x10, 6); } - else if (cert.getBody().getPublicKeyType() == es::cert::ECDSA240) + else if (cert.getBody().getPublicKeyType() == pki::cert::ECDSA240) { std::cout << " PublicKey:" << std::endl; std::cout << " R:" << std::endl; @@ -151,27 +151,27 @@ void EsCertProcess::displayCert(const es::SignedData& cert) #undef _SPLIT_VER } -const char* EsCertProcess::getSignTypeStr(es::sign::SignatureId type) const +const char* EsCertProcess::getSignTypeStr(pki::sign::SignatureId type) const { const char* str; switch (type) { - case (es::sign::SIGN_ID_RSA4096_SHA1): + case (pki::sign::SIGN_ID_RSA4096_SHA1): str = "RSA4096-SHA1"; break; - case (es::sign::SIGN_ID_RSA2048_SHA1): + case (pki::sign::SIGN_ID_RSA2048_SHA1): str = "RSA2048-SHA1"; break; - case (es::sign::SIGN_ID_ECDSA240_SHA1): + case (pki::sign::SIGN_ID_ECDSA240_SHA1): str = "ECDSA240-SHA1"; break; - case (es::sign::SIGN_ID_RSA4096_SHA256): + case (pki::sign::SIGN_ID_RSA4096_SHA256): str = "RSA4096-SHA256"; break; - case (es::sign::SIGN_ID_RSA2048_SHA256): + case (pki::sign::SIGN_ID_RSA2048_SHA256): str = "RSA2048-SHA256"; break; - case (es::sign::SIGN_ID_ECDSA240_SHA256): + case (pki::sign::SIGN_ID_ECDSA240_SHA256): str = "ECDSA240-SHA256"; break; default: @@ -186,18 +186,18 @@ const char* EsCertProcess::getEndiannessStr(bool isLittleEndian) const return isLittleEndian ? "LittleEndian" : "BigEndian"; } -const char* EsCertProcess::getPublicKeyTypeStr(es::cert::PublicKeyType type) const +const char* EsCertProcess::getPublicKeyTypeStr(pki::cert::PublicKeyType type) const { const char* str; switch (type) { - case (es::cert::RSA4096): + case (pki::cert::RSA4096): str = "RSA4096"; break; - case (es::cert::RSA2048): + case (pki::cert::RSA2048): str = "RSA2048"; break; - case (es::cert::ECDSA240): + case (pki::cert::ECDSA240): str = "ECDSA240"; break; default: diff --git a/programs/nstool/source/EsCertProcess.h b/programs/nstool/source/EsCertProcess.h index ae88555..5ef7551 100644 --- a/programs/nstool/source/EsCertProcess.h +++ b/programs/nstool/source/EsCertProcess.h @@ -4,8 +4,8 @@ #include #include #include -#include -#include +#include +#include #include "nstool.h" class EsCertProcess @@ -30,15 +30,15 @@ private: CliOutputMode mCliOutputMode; bool mVerify; - fnd::List> mCert; + fnd::List> mCert; void importCerts(); void validateCerts(); void displayCerts(); - void displayCert(const es::SignedData& cert); + void displayCert(const pki::SignedData& cert); - const char* getSignTypeStr(es::sign::SignatureId type) const; + const char* getSignTypeStr(pki::sign::SignatureId type) const; const char* getEndiannessStr(bool isLittleEndian) const; - const char* getPublicKeyTypeStr(es::cert::PublicKeyType type) const; + const char* getPublicKeyTypeStr(pki::cert::PublicKeyType type) const; }; \ No newline at end of file diff --git a/programs/nstool/source/EsTikProcess.cpp b/programs/nstool/source/EsTikProcess.cpp index 4ef721e..6476bd9 100644 --- a/programs/nstool/source/EsTikProcess.cpp +++ b/programs/nstool/source/EsTikProcess.cpp @@ -132,22 +132,22 @@ const char* EsTikProcess::getSignTypeStr(uint32_t type) const const char* str = nullptr; switch(type) { - case (es::sign::SIGN_ID_RSA4096_SHA1): + case (pki::sign::SIGN_ID_RSA4096_SHA1): str = "RSA4096-SHA1"; break; - case (es::sign::SIGN_ID_RSA2048_SHA1): + case (pki::sign::SIGN_ID_RSA2048_SHA1): str = "RSA2048-SHA1"; break; - case (es::sign::SIGN_ID_ECDSA240_SHA1): + case (pki::sign::SIGN_ID_ECDSA240_SHA1): str = "ECDSA240-SHA1"; break; - case (es::sign::SIGN_ID_RSA4096_SHA256): + case (pki::sign::SIGN_ID_RSA4096_SHA256): str = "RSA4096-SHA256"; break; - case (es::sign::SIGN_ID_RSA2048_SHA256): + case (pki::sign::SIGN_ID_RSA2048_SHA256): str = "RSA2048-SHA256"; break; - case (es::sign::SIGN_ID_ECDSA240_SHA256): + case (pki::sign::SIGN_ID_ECDSA240_SHA256): str = "ECDSA240-SHA256"; break; default: diff --git a/programs/nstool/source/EsTikProcess.h b/programs/nstool/source/EsTikProcess.h index edbe38d..f05e0b7 100644 --- a/programs/nstool/source/EsTikProcess.h +++ b/programs/nstool/source/EsTikProcess.h @@ -3,7 +3,7 @@ #include #include #include -#include +#include #include #include "nstool.h" @@ -29,7 +29,7 @@ private: CliOutputMode mCliOutputMode; bool mVerify; - es::SignedData mTik; + pki::SignedData mTik; void displayTicket(); const char* getSignTypeStr(uint32_t type) const; diff --git a/programs/nstool/source/PkiValidator.cpp b/programs/nstool/source/PkiValidator.cpp index 623f938..00b2088 100644 --- a/programs/nstool/source/PkiValidator.cpp +++ b/programs/nstool/source/PkiValidator.cpp @@ -2,7 +2,7 @@ #include #include #include -#include +#include PkiValidator::PkiValidator() { @@ -12,7 +12,7 @@ PkiValidator::PkiValidator() void PkiValidator::setRootKey(const crypto::rsa::sRsa4096Key& root_key) { // save a copy of the certificate bank - fnd::List> old_certs = mCertificateBank; + fnd::List> old_certs = mCertificateBank; // clear the certificate bank mCertificateBank.clear(); @@ -27,7 +27,7 @@ void PkiValidator::setRootKey(const crypto::rsa::sRsa4096Key& root_key) } } -void PkiValidator::addCertificates(const fnd::List>& certs) +void PkiValidator::addCertificates(const fnd::List>& certs) { for (size_t i = 0; i < certs.size(); i++) { @@ -35,11 +35,11 @@ void PkiValidator::addCertificates(const fnd::List& cert) +void PkiValidator::addCertificate(const pki::SignedData& cert) { std::string cert_ident; - es::sign::SignatureAlgo cert_sign_algo; - es::sign::HashAlgo cert_hash_algo; + pki::sign::SignatureAlgo cert_sign_algo; + pki::sign::HashAlgo cert_hash_algo; fnd::Vec cert_hash; try @@ -51,17 +51,17 @@ void PkiValidator::addCertificate(const es::SignedData& cer throw fnd::Exception(kModuleName, "Certificate already exists"); } - cert_sign_algo = es::sign::getSignatureAlgo(cert.getSignature().getSignType()); - cert_hash_algo = es::sign::getHashAlgo(cert.getSignature().getSignType()); + cert_sign_algo = pki::sign::getSignatureAlgo(cert.getSignature().getSignType()); + cert_hash_algo = pki::sign::getHashAlgo(cert.getSignature().getSignType()); // get cert hash switch (cert_hash_algo) { - case (es::sign::HASH_ALGO_SHA1): + case (pki::sign::HASH_ALGO_SHA1): cert_hash.alloc(crypto::sha::kSha1HashLen); crypto::sha::Sha1(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data()); break; - case (es::sign::HASH_ALGO_SHA256): + case (pki::sign::HASH_ALGO_SHA256): cert_hash.alloc(crypto::sha::kSha256HashLen); crypto::sha::Sha256(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data()); break; @@ -86,19 +86,19 @@ void PkiValidator::clearCertificates() mCertificateBank.clear(); } -void PkiValidator::validateSignature(const std::string& issuer, es::sign::SignatureId signature_id, const fnd::Vec& signature, const fnd::Vec& hash) const +void PkiValidator::validateSignature(const std::string& issuer, pki::sign::SignatureId signature_id, const fnd::Vec& signature, const fnd::Vec& hash) const { - es::sign::SignatureAlgo sign_algo = es::sign::getSignatureAlgo(signature_id); - es::sign::HashAlgo hash_algo = es::sign::getHashAlgo(signature_id); + pki::sign::SignatureAlgo sign_algo = pki::sign::getSignatureAlgo(signature_id); + pki::sign::HashAlgo hash_algo = pki::sign::getHashAlgo(signature_id); // validate signature int sig_validate_res = -1; // special case if signed by Root - if (issuer == es::sign::kRootIssuerStr) + if (issuer == pki::sign::kRootIssuerStr) { - if (sign_algo != es::sign::SIGN_ALGO_RSA4096) + if (sign_algo != pki::sign::SIGN_ALGO_RSA4096) { throw fnd::Exception(kModuleName, "Issued by Root, but does not have a RSA4096 signature"); } @@ -107,18 +107,18 @@ void PkiValidator::validateSignature(const std::string& issuer, es::sign::Signat else { // try to find issuer cert - const es::CertificateBody& issuer_cert = getCert(issuer).getBody(); - es::cert::PublicKeyType issuer_pubk_type = issuer_cert.getPublicKeyType(); + const pki::CertificateBody& issuer_cert = getCert(issuer).getBody(); + pki::cert::PublicKeyType issuer_pubk_type = issuer_cert.getPublicKeyType(); - if (issuer_pubk_type == es::cert::RSA4096 && sign_algo == es::sign::SIGN_ALGO_RSA4096) + if (issuer_pubk_type == pki::cert::RSA4096 && sign_algo == pki::sign::SIGN_ALGO_RSA4096) { sig_validate_res = crypto::rsa::pkcs::rsaVerify(issuer_cert.getRsa4098PublicKey(), getCryptoHashAlgoFromEsSignHashAlgo(hash_algo), hash.data(), signature.data()); } - else if (issuer_pubk_type == es::cert::RSA2048 && sign_algo == es::sign::SIGN_ALGO_RSA2048) + else if (issuer_pubk_type == pki::cert::RSA2048 && sign_algo == pki::sign::SIGN_ALGO_RSA2048) { sig_validate_res = crypto::rsa::pkcs::rsaVerify(issuer_cert.getRsa2048PublicKey(), getCryptoHashAlgoFromEsSignHashAlgo(hash_algo), hash.data(), signature.data()); } - else if (issuer_pubk_type == es::cert::ECDSA240 && sign_algo == es::sign::SIGN_ALGO_ECDSA240) + else if (issuer_pubk_type == pki::cert::ECDSA240 && sign_algo == pki::sign::SIGN_ALGO_ECDSA240) { throw fnd::Exception(kModuleName, "ECDSA signatures are not supported"); } @@ -136,14 +136,14 @@ void PkiValidator::validateSignature(const std::string& issuer, es::sign::Signat } -void PkiValidator::makeCertIdent(const es::SignedData& cert, std::string& ident) const +void PkiValidator::makeCertIdent(const pki::SignedData& cert, std::string& ident) const { makeCertIdent(cert.getBody().getIssuer(), cert.getBody().getSubject(), ident); } void PkiValidator::makeCertIdent(const std::string& issuer, const std::string& subject, std::string& ident) const { - ident = issuer + es::sign::kIdentDelimiter + subject; + ident = issuer + pki::sign::kIdentDelimiter + subject; ident = ident.substr(0, _MIN(ident.length(),64)); } @@ -164,7 +164,7 @@ bool PkiValidator::doesCertExist(const std::string& ident) const return exists; } -const es::SignedData& PkiValidator::getCert(const std::string& ident) const +const pki::SignedData& PkiValidator::getCert(const std::string& ident) const { std::string full_cert_name; for (size_t i = 0; i < mCertificateBank.size(); i++) @@ -179,16 +179,16 @@ const es::SignedData& PkiValidator::getCert(const std::stri throw fnd::Exception(kModuleName, "Issuer certificate does not exist"); } -crypto::sha::HashType PkiValidator::getCryptoHashAlgoFromEsSignHashAlgo(es::sign::HashAlgo hash_algo) const +crypto::sha::HashType PkiValidator::getCryptoHashAlgoFromEsSignHashAlgo(pki::sign::HashAlgo hash_algo) const { crypto::sha::HashType hash_type = crypto::sha::HASH_SHA1; switch (hash_algo) { - case (es::sign::HASH_ALGO_SHA1): + case (pki::sign::HASH_ALGO_SHA1): hash_type = crypto::sha::HASH_SHA1; break; - case (es::sign::HASH_ALGO_SHA256): + case (pki::sign::HASH_ALGO_SHA256): hash_type = crypto::sha::HASH_SHA256; break; }; diff --git a/programs/nstool/source/PkiValidator.h b/programs/nstool/source/PkiValidator.h index c585c41..217dfad 100644 --- a/programs/nstool/source/PkiValidator.h +++ b/programs/nstool/source/PkiValidator.h @@ -3,8 +3,8 @@ #include #include #include -#include -#include +#include +#include #include class PkiValidator @@ -13,22 +13,22 @@ public: PkiValidator(); void setRootKey(const crypto::rsa::sRsa4096Key& root_key); - void addCertificates(const fnd::List>& certs); - void addCertificate(const es::SignedData& cert); + void addCertificates(const fnd::List>& certs); + void addCertificate(const pki::SignedData& cert); void clearCertificates(); - void validateSignature(const std::string& issuer, es::sign::SignatureId signature_id, const fnd::Vec& signature, const fnd::Vec& hash) const; + void validateSignature(const std::string& issuer, pki::sign::SignatureId signature_id, const fnd::Vec& signature, const fnd::Vec& hash) const; private: const std::string kModuleName = "NNPkiValidator"; crypto::rsa::sRsa4096Key mRootKey; - fnd::List> mCertificateBank; + fnd::List> mCertificateBank; - void makeCertIdent(const es::SignedData& cert, std::string& ident) const; + void makeCertIdent(const pki::SignedData& cert, std::string& ident) const; void makeCertIdent(const std::string& issuer, const std::string& subject, std::string& ident) const; bool doesCertExist(const std::string& ident) const; - const es::SignedData& getCert(const std::string& ident) const; - crypto::sha::HashType getCryptoHashAlgoFromEsSignHashAlgo(es::sign::HashAlgo hash_algo) const; + const pki::SignedData& getCert(const std::string& ident) const; + crypto::sha::HashType getCryptoHashAlgoFromEsSignHashAlgo(pki::sign::HashAlgo hash_algo) const; }; \ No newline at end of file diff --git a/programs/nstool/source/UserSettings.cpp b/programs/nstool/source/UserSettings.cpp index 00e33cb..412fa70 100644 --- a/programs/nstool/source/UserSettings.cpp +++ b/programs/nstool/source/UserSettings.cpp @@ -22,7 +22,7 @@ #include #include #include -#include +#include UserSettings::UserSettings() {} @@ -756,10 +756,10 @@ FileType UserSettings::determineFileTypeFromFile(const std::string& path) // test nso else if (_ASSERT_SIZE(sizeof(nx::sNroHeader)) && _TYPE_PTR(nx::sNroHeader)->st_magic.get() == nx::nro::kNroStructMagic) file_type = FILE_NRO; - // test es certificate + // test pki certificate else if (determineValidEsCertFromSample(scratch)) file_type = FILE_ES_CERT; - // test es ticket + // test ticket else if (determineValidEsTikFromSample(scratch)) file_type = FILE_ES_TIK; // test hb asset @@ -866,7 +866,7 @@ bool UserSettings::determineValidNacpFromSample(const fnd::Vec& sample) bool UserSettings::determineValidEsCertFromSample(const fnd::Vec& sample) const { - es::SignatureBlock sign; + pki::SignatureBlock sign; try { @@ -880,7 +880,7 @@ bool UserSettings::determineValidEsCertFromSample(const fnd::Vec& sample if (sign.isLittleEndian() == true) return false; - if (sign.getSignType() != es::sign::SIGN_ID_RSA4096_SHA256 && sign.getSignType() != es::sign::SIGN_ID_RSA2048_SHA256 && sign.getSignType() != es::sign::SIGN_ID_ECDSA240_SHA256) + if (sign.getSignType() != pki::sign::SIGN_ID_RSA4096_SHA256 && sign.getSignType() != pki::sign::SIGN_ID_RSA2048_SHA256 && sign.getSignType() != pki::sign::SIGN_ID_ECDSA240_SHA256) return false; return true; @@ -888,7 +888,7 @@ bool UserSettings::determineValidEsCertFromSample(const fnd::Vec& sample bool UserSettings::determineValidEsTikFromSample(const fnd::Vec& sample) const { - es::SignatureBlock sign; + pki::SignatureBlock sign; try { @@ -902,7 +902,7 @@ bool UserSettings::determineValidEsTikFromSample(const fnd::Vec& sample) if (sign.isLittleEndian() == false) return false; - if (sign.getSignType() != es::sign::SIGN_ID_RSA2048_SHA256) + if (sign.getSignType() != pki::sign::SIGN_ID_RSA2048_SHA256) return false; return true;