mirror of
https://github.com/jakcron/nstool
synced 2024-12-26 14:41:14 +00:00
Fix project files and typos.
This commit is contained in:
parent
8954dc405f
commit
ebbdbcd364
14 changed files with 104 additions and 103 deletions
|
@ -120,9 +120,9 @@
|
|||
<None Include="makefile" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="include\es\SectionHeader_V2.h" />
|
||||
<ClInclude Include="include\es\ticket.h" />
|
||||
<ClInclude Include="include\es\TicketBody_V2.h" />
|
||||
<ClInclude Include="include\nn\es\SectionHeader_V2.h" />
|
||||
<ClInclude Include="include\nn\es\ticket.h" />
|
||||
<ClInclude Include="include\nn\es\TicketBody_V2.h" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="source\SectionHeader_V2.cpp" />
|
||||
|
|
|
@ -18,13 +18,13 @@
|
|||
<None Include="makefile" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="include\es\SectionHeader_V2.h">
|
||||
<ClInclude Include="include\nn\es\SectionHeader_V2.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="include\es\ticket.h">
|
||||
<ClInclude Include="include\nn\es\ticket.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="include\es\TicketBody_V2.h">
|
||||
<ClInclude Include="include\nn\es\TicketBody_V2.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
|
|
|
@ -136,4 +136,4 @@ namespace pki
|
|||
mBody = body;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -48,6 +48,7 @@ Usage: nstool [options... ] <file>
|
|||
--titlekey Specify title key extracted from ticket.
|
||||
--bodykey Specify body encryption key.
|
||||
--tik Specify ticket to source title key.
|
||||
--cert Specify certificate chain to verify ticket.
|
||||
--part0 Extract "partition 0" to directory.
|
||||
--part1 Extract "partition 1" to directory.
|
||||
--part2 Extract "partition 2" to directory.
|
||||
|
|
|
@ -3,7 +3,7 @@ SRC_DIR = source
|
|||
OBJS = $(foreach dir,$(SRC_DIR),$(subst .cpp,.o,$(wildcard $(dir)/*.cpp))) $(foreach dir,$(SRC_DIR),$(subst .c,.o,$(wildcard $(dir)/*.c)))
|
||||
|
||||
# External dependencies
|
||||
DEPENDS = hac-hb hac es pki crypto compress polarssl lz4 fnd
|
||||
DEPENDS = hac-hb hac es pki crypto compress fnd polarssl lz4
|
||||
LIB_DIR = ../../lib
|
||||
LIBS = $(foreach dep,$(DEPENDS), -L"$(LIB_DIR)/lib$(dep)" -l$(dep))
|
||||
INCS = $(foreach dep,$(DEPENDS), -I"$(LIB_DIR)/lib$(dep)/include")
|
||||
|
|
|
@ -90,7 +90,7 @@
|
|||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<AdditionalIncludeDirectories>..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libnx\include;..\..\lib\libnx-hb\include</AdditionalIncludeDirectories>
|
||||
<AdditionalIncludeDirectories>..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libhac\include;..\..\lib\libhac-hb\include</AdditionalIncludeDirectories>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
|
@ -105,7 +105,7 @@
|
|||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<AdditionalIncludeDirectories>..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libnx\include;..\..\lib\libnx-hb\include</AdditionalIncludeDirectories>
|
||||
<AdditionalIncludeDirectories>..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libhac\include;..\..\lib\libhac-hb\include</AdditionalIncludeDirectories>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
|
@ -122,7 +122,7 @@
|
|||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<AdditionalIncludeDirectories>..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libnx\include;..\..\lib\libnx-hb\include</AdditionalIncludeDirectories>
|
||||
<AdditionalIncludeDirectories>..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libhac\include;..\..\lib\libhac-hb\include</AdditionalIncludeDirectories>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
|
@ -141,7 +141,7 @@
|
|||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<AdditionalIncludeDirectories>..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libnx\include;..\..\lib\libnx-hb\include</AdditionalIncludeDirectories>
|
||||
<AdditionalIncludeDirectories>..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libhac\include;..\..\lib\libhac-hb\include</AdditionalIncludeDirectories>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
|
|
|
@ -47,7 +47,7 @@ void EsTikProcess::setKeyset(const sKeyset* keyset)
|
|||
mKeyset = keyset;
|
||||
}
|
||||
|
||||
void EsTikProcess::setCertificateChain(const fnd::List<pki::SignedData<pki::CertificateBody>>& certs)
|
||||
void EsTikProcess::setCertificateChain(const fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>>& certs)
|
||||
{
|
||||
mCerts = certs;
|
||||
}
|
||||
|
@ -80,13 +80,13 @@ void EsTikProcess::verifyTicket()
|
|||
PkiValidator pki_validator;
|
||||
fnd::Vec<byte_t> tik_hash;
|
||||
|
||||
switch (pki::sign::getHashAlgo(mTik.getSignature().getSignType()))
|
||||
switch (nn::pki::sign::getHashAlgo(mTik.getSignature().getSignType()))
|
||||
{
|
||||
case (pki::sign::HASH_ALGO_SHA1):
|
||||
case (nn::pki::sign::HASH_ALGO_SHA1):
|
||||
tik_hash.alloc(crypto::sha::kSha1HashLen);
|
||||
crypto::sha::Sha1(mTik.getBody().getBytes().data(), mTik.getBody().getBytes().size(), tik_hash.data());
|
||||
break;
|
||||
case (pki::sign::HASH_ALGO_SHA256):
|
||||
case (nn::pki::sign::HASH_ALGO_SHA256):
|
||||
tik_hash.alloc(crypto::sha::kSha256HashLen);
|
||||
crypto::sha::Sha256(mTik.getBody().getBytes().data(), mTik.getBody().getBytes().size(), tik_hash.data());
|
||||
break;
|
||||
|
@ -110,7 +110,7 @@ void EsTikProcess::displayTicket()
|
|||
#define _HEXDUMP_U(var, len) do { for (size_t a__a__A = 0; a__a__A < len; a__a__A++) printf("%02X", var[a__a__A]); } while(0)
|
||||
#define _HEXDUMP_L(var, len) do { for (size_t a__a__A = 0; a__a__A < len; a__a__A++) printf("%02x", var[a__a__A]); } while(0)
|
||||
|
||||
const es::TicketBody_V2& body = mTik.getBody();
|
||||
const nn::es::TicketBody_V2& body = mTik.getBody();
|
||||
|
||||
std::cout << "[ES Ticket]" << std::endl;
|
||||
|
||||
|
@ -124,7 +124,7 @@ void EsTikProcess::displayTicket()
|
|||
std::cout << " EncMode: " << getTitleKeyPersonalisationStr(body.getTitleKeyEncType()) << std::endl;
|
||||
std::cout << " KeyGeneration: " << std::dec << (uint32_t)body.getCommonKeyId() << std::endl;
|
||||
std::cout << " Data:" << std::endl;
|
||||
size_t size = body.getTitleKeyEncType() == es::ticket::RSA2048 ? crypto::rsa::kRsa2048Size : crypto::aes::kAes128KeySize;
|
||||
size_t size = body.getTitleKeyEncType() == nn::es::ticket::RSA2048 ? crypto::rsa::kRsa2048Size : crypto::aes::kAes128KeySize;
|
||||
fnd::SimpleTextOutput::hexDump(body.getEncTitleKey(), size, 0x10, 6);
|
||||
|
||||
printf(" Version: v%d.%d.%d", _SPLIT_VER(body.getTicketVersion()));
|
||||
|
@ -174,22 +174,22 @@ const char* EsTikProcess::getSignTypeStr(uint32_t type) const
|
|||
const char* str = nullptr;
|
||||
switch(type)
|
||||
{
|
||||
case (pki::sign::SIGN_ID_RSA4096_SHA1):
|
||||
case (nn::pki::sign::SIGN_ID_RSA4096_SHA1):
|
||||
str = "RSA4096-SHA1";
|
||||
break;
|
||||
case (pki::sign::SIGN_ID_RSA2048_SHA1):
|
||||
case (nn::pki::sign::SIGN_ID_RSA2048_SHA1):
|
||||
str = "RSA2048-SHA1";
|
||||
break;
|
||||
case (pki::sign::SIGN_ID_ECDSA240_SHA1):
|
||||
case (nn::pki::sign::SIGN_ID_ECDSA240_SHA1):
|
||||
str = "ECDSA240-SHA1";
|
||||
break;
|
||||
case (pki::sign::SIGN_ID_RSA4096_SHA256):
|
||||
case (nn::pki::sign::SIGN_ID_RSA4096_SHA256):
|
||||
str = "RSA4096-SHA256";
|
||||
break;
|
||||
case (pki::sign::SIGN_ID_RSA2048_SHA256):
|
||||
case (nn::pki::sign::SIGN_ID_RSA2048_SHA256):
|
||||
str = "RSA2048-SHA256";
|
||||
break;
|
||||
case (pki::sign::SIGN_ID_ECDSA240_SHA256):
|
||||
case (nn::pki::sign::SIGN_ID_ECDSA240_SHA256):
|
||||
str = "ECDSA240-SHA256";
|
||||
break;
|
||||
default:
|
||||
|
@ -204,10 +204,10 @@ const char* EsTikProcess::getTitleKeyPersonalisationStr(byte_t flag) const
|
|||
const char* str = nullptr;
|
||||
switch(flag)
|
||||
{
|
||||
case (es::ticket::AES128_CBC):
|
||||
case (nn::es::ticket::AES128_CBC):
|
||||
str = "Generic (AESCBC)";
|
||||
break;
|
||||
case (es::ticket::RSA2048):
|
||||
case (nn::es::ticket::RSA2048):
|
||||
str = "Personalised (RSA2048)";
|
||||
break;
|
||||
default:
|
||||
|
@ -222,22 +222,22 @@ const char* EsTikProcess::getLicenseTypeStr(byte_t flag) const
|
|||
const char* str = nullptr;
|
||||
switch(flag)
|
||||
{
|
||||
case (es::ticket::LICENSE_PERMANENT):
|
||||
case (nn::es::ticket::LICENSE_PERMANENT):
|
||||
str = "Permanent";
|
||||
break;
|
||||
case (es::ticket::LICENSE_DEMO):
|
||||
case (nn::es::ticket::LICENSE_DEMO):
|
||||
str = "Demo";
|
||||
break;
|
||||
case (es::ticket::LICENSE_TRIAL):
|
||||
case (nn::es::ticket::LICENSE_TRIAL):
|
||||
str = "Trial";
|
||||
break;
|
||||
case (es::ticket::LICENSE_RENTAL):
|
||||
case (nn::es::ticket::LICENSE_RENTAL):
|
||||
str = "Rental";
|
||||
break;
|
||||
case (es::ticket::LICENSE_SUBSCRIPTION):
|
||||
case (nn::es::ticket::LICENSE_SUBSCRIPTION):
|
||||
str = "Subscription";
|
||||
break;
|
||||
case (es::ticket::LICENSE_SERVICE):
|
||||
case (nn::es::ticket::LICENSE_SERVICE):
|
||||
str = "Service";
|
||||
break;
|
||||
default:
|
||||
|
@ -252,13 +252,13 @@ const char* EsTikProcess::getPropertyFlagStr(byte_t flag) const
|
|||
const char* str = nullptr;
|
||||
switch(flag)
|
||||
{
|
||||
case (es::ticket::FLAG_PRE_INSTALL):
|
||||
case (nn::es::ticket::FLAG_PRE_INSTALL):
|
||||
str = "PreInstall";
|
||||
break;
|
||||
case (es::ticket::FLAG_SHARED_TITLE):
|
||||
case (nn::es::ticket::FLAG_SHARED_TITLE):
|
||||
str = "SharedTitle";
|
||||
break;
|
||||
case (es::ticket::FLAG_ALLOW_ALL_CONTENT):
|
||||
case (nn::es::ticket::FLAG_ALLOW_ALL_CONTENT):
|
||||
str = "AllContent";
|
||||
break;
|
||||
default:
|
||||
|
|
|
@ -18,7 +18,7 @@ public:
|
|||
|
||||
void setInputFile(fnd::IFile* file, bool ownIFile);
|
||||
void setKeyset(const sKeyset* keyset);
|
||||
void setCertificateChain(const fnd::List<pki::SignedData<pki::CertificateBody>>& certs);
|
||||
void setCertificateChain(const fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>>& certs);
|
||||
void setCliOutputMode(CliOutputMode mode);
|
||||
void setVerifyMode(bool verify);
|
||||
|
||||
|
@ -31,9 +31,9 @@ private:
|
|||
CliOutputMode mCliOutputMode;
|
||||
bool mVerify;
|
||||
|
||||
fnd::List<pki::SignedData<pki::CertificateBody>> mCerts;
|
||||
fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>> mCerts;
|
||||
|
||||
pki::SignedData<es::TicketBody_V2> mTik;
|
||||
nn::pki::SignedData<nn::es::TicketBody_V2> mTik;
|
||||
|
||||
void importTicket();
|
||||
void verifyTicket();
|
||||
|
|
|
@ -66,7 +66,7 @@ void PkiCertProcess::importCerts()
|
|||
scratch.alloc(mFile->size());
|
||||
mFile->read(scratch.data(), 0, scratch.size());
|
||||
|
||||
pki::SignedData<pki::CertificateBody> cert;
|
||||
nn::pki::SignedData<nn::pki::CertificateBody> cert;
|
||||
for (size_t f_pos = 0; f_pos < scratch.size(); f_pos += cert.getBytes().size())
|
||||
{
|
||||
cert.fromBytes(scratch.data() + f_pos, scratch.size() - f_pos);
|
||||
|
@ -98,7 +98,7 @@ void PkiCertProcess::displayCerts()
|
|||
}
|
||||
}
|
||||
|
||||
void PkiCertProcess::displayCert(const pki::SignedData<pki::CertificateBody>& cert)
|
||||
void PkiCertProcess::displayCert(const nn::pki::SignedData<nn::pki::CertificateBody>& cert)
|
||||
{
|
||||
#define _SPLIT_VER(ver) ( (ver>>26) & 0x3f), ( (ver>>20) & 0x3f), ( (ver>>16) & 0xf), (ver & 0xffff)
|
||||
#define _HEXDUMP_U(var, len) do { for (size_t a__a__A = 0; a__a__A < len; a__a__A++) printf("%02X", var[a__a__A]); } while(0)
|
||||
|
@ -119,7 +119,7 @@ void PkiCertProcess::displayCert(const pki::SignedData<pki::CertificateBody>& ce
|
|||
std::cout << std::endl;
|
||||
std::cout << " CertID: 0x" << std::hex << cert.getBody().getCertId() << std::endl;
|
||||
|
||||
if (cert.getBody().getPublicKeyType() == pki::cert::RSA4096)
|
||||
if (cert.getBody().getPublicKeyType() == nn::pki::cert::RSA4096)
|
||||
{
|
||||
std::cout << " PublicKey:" << std::endl;
|
||||
std::cout << " Modulus:" << std::endl;
|
||||
|
@ -127,7 +127,7 @@ void PkiCertProcess::displayCert(const pki::SignedData<pki::CertificateBody>& ce
|
|||
std::cout << " Public Exponent:" << std::endl;
|
||||
fnd::SimpleTextOutput::hexDump(cert.getBody().getRsa4098PublicKey().public_exponent, crypto::rsa::kRsaPublicExponentSize, 0x10, 6);
|
||||
}
|
||||
else if (cert.getBody().getPublicKeyType() == pki::cert::RSA2048)
|
||||
else if (cert.getBody().getPublicKeyType() == nn::pki::cert::RSA2048)
|
||||
{
|
||||
std::cout << " PublicKey:" << std::endl;
|
||||
std::cout << " Public Exponent:" << std::endl;
|
||||
|
@ -135,7 +135,7 @@ void PkiCertProcess::displayCert(const pki::SignedData<pki::CertificateBody>& ce
|
|||
std::cout << " Modulus:" << std::endl;
|
||||
fnd::SimpleTextOutput::hexDump(cert.getBody().getRsa2048PublicKey().public_exponent, crypto::rsa::kRsaPublicExponentSize, 0x10, 6);
|
||||
}
|
||||
else if (cert.getBody().getPublicKeyType() == pki::cert::ECDSA240)
|
||||
else if (cert.getBody().getPublicKeyType() == nn::pki::cert::ECDSA240)
|
||||
{
|
||||
std::cout << " PublicKey:" << std::endl;
|
||||
std::cout << " R:" << std::endl;
|
||||
|
@ -156,27 +156,27 @@ size_t PkiCertProcess::getHexDumpLen(size_t max_size) const
|
|||
return _HAS_BIT(mCliOutputMode, OUTPUT_EXTENDED) ? max_size : kSmallHexDumpLen;
|
||||
}
|
||||
|
||||
const char* PkiCertProcess::getSignTypeStr(pki::sign::SignatureId type) const
|
||||
const char* PkiCertProcess::getSignTypeStr(nn::pki::sign::SignatureId type) const
|
||||
{
|
||||
const char* str;
|
||||
switch (type)
|
||||
{
|
||||
case (pki::sign::SIGN_ID_RSA4096_SHA1):
|
||||
case (nn::pki::sign::SIGN_ID_RSA4096_SHA1):
|
||||
str = "RSA4096-SHA1";
|
||||
break;
|
||||
case (pki::sign::SIGN_ID_RSA2048_SHA1):
|
||||
case (nn::pki::sign::SIGN_ID_RSA2048_SHA1):
|
||||
str = "RSA2048-SHA1";
|
||||
break;
|
||||
case (pki::sign::SIGN_ID_ECDSA240_SHA1):
|
||||
case (nn::pki::sign::SIGN_ID_ECDSA240_SHA1):
|
||||
str = "ECDSA240-SHA1";
|
||||
break;
|
||||
case (pki::sign::SIGN_ID_RSA4096_SHA256):
|
||||
case (nn::pki::sign::SIGN_ID_RSA4096_SHA256):
|
||||
str = "RSA4096-SHA256";
|
||||
break;
|
||||
case (pki::sign::SIGN_ID_RSA2048_SHA256):
|
||||
case (nn::pki::sign::SIGN_ID_RSA2048_SHA256):
|
||||
str = "RSA2048-SHA256";
|
||||
break;
|
||||
case (pki::sign::SIGN_ID_ECDSA240_SHA256):
|
||||
case (nn::pki::sign::SIGN_ID_ECDSA240_SHA256):
|
||||
str = "ECDSA240-SHA256";
|
||||
break;
|
||||
default:
|
||||
|
@ -191,18 +191,18 @@ const char* PkiCertProcess::getEndiannessStr(bool isLittleEndian) const
|
|||
return isLittleEndian ? "LittleEndian" : "BigEndian";
|
||||
}
|
||||
|
||||
const char* PkiCertProcess::getPublicKeyTypeStr(pki::cert::PublicKeyType type) const
|
||||
const char* PkiCertProcess::getPublicKeyTypeStr(nn::pki::cert::PublicKeyType type) const
|
||||
{
|
||||
const char* str;
|
||||
switch (type)
|
||||
{
|
||||
case (pki::cert::RSA4096):
|
||||
case (nn::pki::cert::RSA4096):
|
||||
str = "RSA4096";
|
||||
break;
|
||||
case (pki::cert::RSA2048):
|
||||
case (nn::pki::cert::RSA2048):
|
||||
str = "RSA2048";
|
||||
break;
|
||||
case (pki::cert::ECDSA240):
|
||||
case (nn::pki::cert::ECDSA240):
|
||||
str = "ECDSA240";
|
||||
break;
|
||||
default:
|
||||
|
|
|
@ -31,15 +31,15 @@ private:
|
|||
CliOutputMode mCliOutputMode;
|
||||
bool mVerify;
|
||||
|
||||
fnd::List<pki::SignedData<pki::CertificateBody>> mCert;
|
||||
fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>> mCert;
|
||||
|
||||
void importCerts();
|
||||
void validateCerts();
|
||||
void displayCerts();
|
||||
void displayCert(const pki::SignedData<pki::CertificateBody>& cert);
|
||||
void displayCert(const nn::pki::SignedData<nn::pki::CertificateBody>& cert);
|
||||
|
||||
size_t getHexDumpLen(size_t max_size) const;
|
||||
const char* getSignTypeStr(pki::sign::SignatureId type) const;
|
||||
const char* getSignTypeStr(nn::pki::sign::SignatureId type) const;
|
||||
const char* getEndiannessStr(bool isLittleEndian) const;
|
||||
const char* getPublicKeyTypeStr(pki::cert::PublicKeyType type) const;
|
||||
const char* getPublicKeyTypeStr(nn::pki::cert::PublicKeyType type) const;
|
||||
};
|
|
@ -12,7 +12,7 @@ PkiValidator::PkiValidator()
|
|||
void PkiValidator::setRootKey(const crypto::rsa::sRsa4096Key& root_key)
|
||||
{
|
||||
// save a copy of the certificate bank
|
||||
fnd::List<pki::SignedData<pki::CertificateBody>> old_certs = mCertificateBank;
|
||||
fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>> old_certs = mCertificateBank;
|
||||
|
||||
// clear the certificate bank
|
||||
mCertificateBank.clear();
|
||||
|
@ -27,7 +27,7 @@ void PkiValidator::setRootKey(const crypto::rsa::sRsa4096Key& root_key)
|
|||
}
|
||||
}
|
||||
|
||||
void PkiValidator::addCertificates(const fnd::List<pki::SignedData<pki::CertificateBody>>& certs)
|
||||
void PkiValidator::addCertificates(const fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>>& certs)
|
||||
{
|
||||
for (size_t i = 0; i < certs.size(); i++)
|
||||
{
|
||||
|
@ -35,11 +35,11 @@ void PkiValidator::addCertificates(const fnd::List<pki::SignedData<pki::Certific
|
|||
}
|
||||
}
|
||||
|
||||
void PkiValidator::addCertificate(const pki::SignedData<pki::CertificateBody>& cert)
|
||||
void PkiValidator::addCertificate(const nn::pki::SignedData<nn::pki::CertificateBody>& cert)
|
||||
{
|
||||
std::string cert_ident;
|
||||
pki::sign::SignatureAlgo cert_sign_algo;
|
||||
pki::sign::HashAlgo cert_hash_algo;
|
||||
nn::pki::sign::SignatureAlgo cert_sign_algo;
|
||||
nn::pki::sign::HashAlgo cert_hash_algo;
|
||||
fnd::Vec<byte_t> cert_hash;
|
||||
|
||||
try
|
||||
|
@ -51,17 +51,17 @@ void PkiValidator::addCertificate(const pki::SignedData<pki::CertificateBody>& c
|
|||
throw fnd::Exception(kModuleName, "Certificate already exists");
|
||||
}
|
||||
|
||||
cert_sign_algo = pki::sign::getSignatureAlgo(cert.getSignature().getSignType());
|
||||
cert_hash_algo = pki::sign::getHashAlgo(cert.getSignature().getSignType());
|
||||
cert_sign_algo = nn::pki::sign::getSignatureAlgo(cert.getSignature().getSignType());
|
||||
cert_hash_algo = nn::pki::sign::getHashAlgo(cert.getSignature().getSignType());
|
||||
|
||||
// get cert hash
|
||||
switch (cert_hash_algo)
|
||||
{
|
||||
case (pki::sign::HASH_ALGO_SHA1):
|
||||
case (nn::pki::sign::HASH_ALGO_SHA1):
|
||||
cert_hash.alloc(crypto::sha::kSha1HashLen);
|
||||
crypto::sha::Sha1(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data());
|
||||
break;
|
||||
case (pki::sign::HASH_ALGO_SHA256):
|
||||
case (nn::pki::sign::HASH_ALGO_SHA256):
|
||||
cert_hash.alloc(crypto::sha::kSha256HashLen);
|
||||
crypto::sha::Sha256(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data());
|
||||
break;
|
||||
|
@ -86,19 +86,19 @@ void PkiValidator::clearCertificates()
|
|||
mCertificateBank.clear();
|
||||
}
|
||||
|
||||
void PkiValidator::validateSignature(const std::string& issuer, pki::sign::SignatureId signature_id, const fnd::Vec<byte_t>& signature, const fnd::Vec<byte_t>& hash) const
|
||||
void PkiValidator::validateSignature(const std::string& issuer, nn::pki::sign::SignatureId signature_id, const fnd::Vec<byte_t>& signature, const fnd::Vec<byte_t>& hash) const
|
||||
{
|
||||
pki::sign::SignatureAlgo sign_algo = pki::sign::getSignatureAlgo(signature_id);
|
||||
pki::sign::HashAlgo hash_algo = pki::sign::getHashAlgo(signature_id);
|
||||
nn::pki::sign::SignatureAlgo sign_algo = nn::pki::sign::getSignatureAlgo(signature_id);
|
||||
nn::pki::sign::HashAlgo hash_algo = nn::pki::sign::getHashAlgo(signature_id);
|
||||
|
||||
|
||||
// validate signature
|
||||
int sig_validate_res = -1;
|
||||
|
||||
// special case if signed by Root
|
||||
if (issuer == pki::sign::kRootIssuerStr)
|
||||
if (issuer == nn::pki::sign::kRootIssuerStr)
|
||||
{
|
||||
if (sign_algo != pki::sign::SIGN_ALGO_RSA4096)
|
||||
if (sign_algo != nn::pki::sign::SIGN_ALGO_RSA4096)
|
||||
{
|
||||
throw fnd::Exception(kModuleName, "Issued by Root, but does not have a RSA4096 signature");
|
||||
}
|
||||
|
@ -107,18 +107,18 @@ void PkiValidator::validateSignature(const std::string& issuer, pki::sign::Signa
|
|||
else
|
||||
{
|
||||
// try to find issuer cert
|
||||
const pki::CertificateBody& issuer_cert = getCert(issuer).getBody();
|
||||
pki::cert::PublicKeyType issuer_pubk_type = issuer_cert.getPublicKeyType();
|
||||
const nn::pki::CertificateBody& issuer_cert = getCert(issuer).getBody();
|
||||
nn::pki::cert::PublicKeyType issuer_pubk_type = issuer_cert.getPublicKeyType();
|
||||
|
||||
if (issuer_pubk_type == pki::cert::RSA4096 && sign_algo == pki::sign::SIGN_ALGO_RSA4096)
|
||||
if (issuer_pubk_type == nn::pki::cert::RSA4096 && sign_algo == nn::pki::sign::SIGN_ALGO_RSA4096)
|
||||
{
|
||||
sig_validate_res = crypto::rsa::pkcs::rsaVerify(issuer_cert.getRsa4098PublicKey(), getCryptoHashAlgoFromEsSignHashAlgo(hash_algo), hash.data(), signature.data());
|
||||
}
|
||||
else if (issuer_pubk_type == pki::cert::RSA2048 && sign_algo == pki::sign::SIGN_ALGO_RSA2048)
|
||||
else if (issuer_pubk_type == nn::pki::cert::RSA2048 && sign_algo == nn::pki::sign::SIGN_ALGO_RSA2048)
|
||||
{
|
||||
sig_validate_res = crypto::rsa::pkcs::rsaVerify(issuer_cert.getRsa2048PublicKey(), getCryptoHashAlgoFromEsSignHashAlgo(hash_algo), hash.data(), signature.data());
|
||||
}
|
||||
else if (issuer_pubk_type == pki::cert::ECDSA240 && sign_algo == pki::sign::SIGN_ALGO_ECDSA240)
|
||||
else if (issuer_pubk_type == nn::pki::cert::ECDSA240 && sign_algo == nn::pki::sign::SIGN_ALGO_ECDSA240)
|
||||
{
|
||||
throw fnd::Exception(kModuleName, "ECDSA signatures are not supported");
|
||||
}
|
||||
|
@ -136,14 +136,14 @@ void PkiValidator::validateSignature(const std::string& issuer, pki::sign::Signa
|
|||
|
||||
}
|
||||
|
||||
void PkiValidator::makeCertIdent(const pki::SignedData<pki::CertificateBody>& cert, std::string& ident) const
|
||||
void PkiValidator::makeCertIdent(const nn::pki::SignedData<nn::pki::CertificateBody>& cert, std::string& ident) const
|
||||
{
|
||||
makeCertIdent(cert.getBody().getIssuer(), cert.getBody().getSubject(), ident);
|
||||
}
|
||||
|
||||
void PkiValidator::makeCertIdent(const std::string& issuer, const std::string& subject, std::string& ident) const
|
||||
{
|
||||
ident = issuer + pki::sign::kIdentDelimiter + subject;
|
||||
ident = issuer + nn::pki::sign::kIdentDelimiter + subject;
|
||||
ident = ident.substr(0, _MIN(ident.length(),64));
|
||||
}
|
||||
|
||||
|
@ -164,7 +164,7 @@ bool PkiValidator::doesCertExist(const std::string& ident) const
|
|||
return exists;
|
||||
}
|
||||
|
||||
const pki::SignedData<pki::CertificateBody>& PkiValidator::getCert(const std::string& ident) const
|
||||
const nn::pki::SignedData<nn::pki::CertificateBody>& PkiValidator::getCert(const std::string& ident) const
|
||||
{
|
||||
std::string full_cert_name;
|
||||
for (size_t i = 0; i < mCertificateBank.size(); i++)
|
||||
|
@ -179,16 +179,16 @@ const pki::SignedData<pki::CertificateBody>& PkiValidator::getCert(const std::st
|
|||
throw fnd::Exception(kModuleName, "Issuer certificate does not exist");
|
||||
}
|
||||
|
||||
crypto::sha::HashType PkiValidator::getCryptoHashAlgoFromEsSignHashAlgo(pki::sign::HashAlgo hash_algo) const
|
||||
crypto::sha::HashType PkiValidator::getCryptoHashAlgoFromEsSignHashAlgo(nn::pki::sign::HashAlgo hash_algo) const
|
||||
{
|
||||
crypto::sha::HashType hash_type = crypto::sha::HASH_SHA1;
|
||||
|
||||
switch (hash_algo)
|
||||
{
|
||||
case (pki::sign::HASH_ALGO_SHA1):
|
||||
case (nn::pki::sign::HASH_ALGO_SHA1):
|
||||
hash_type = crypto::sha::HASH_SHA1;
|
||||
break;
|
||||
case (pki::sign::HASH_ALGO_SHA256):
|
||||
case (nn::pki::sign::HASH_ALGO_SHA256):
|
||||
hash_type = crypto::sha::HASH_SHA256;
|
||||
break;
|
||||
};
|
||||
|
|
|
@ -13,22 +13,22 @@ public:
|
|||
PkiValidator();
|
||||
|
||||
void setRootKey(const crypto::rsa::sRsa4096Key& root_key);
|
||||
void addCertificates(const fnd::List<pki::SignedData<pki::CertificateBody>>& certs);
|
||||
void addCertificate(const pki::SignedData<pki::CertificateBody>& cert);
|
||||
void addCertificates(const fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>>& certs);
|
||||
void addCertificate(const nn::pki::SignedData<nn::pki::CertificateBody>& cert);
|
||||
void clearCertificates();
|
||||
|
||||
void validateSignature(const std::string& issuer, pki::sign::SignatureId signature_id, const fnd::Vec<byte_t>& signature, const fnd::Vec<byte_t>& hash) const;
|
||||
void validateSignature(const std::string& issuer, nn::pki::sign::SignatureId signature_id, const fnd::Vec<byte_t>& signature, const fnd::Vec<byte_t>& hash) const;
|
||||
|
||||
private:
|
||||
const std::string kModuleName = "NNPkiValidator";
|
||||
|
||||
|
||||
crypto::rsa::sRsa4096Key mRootKey;
|
||||
fnd::List<pki::SignedData<pki::CertificateBody>> mCertificateBank;
|
||||
fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>> mCertificateBank;
|
||||
|
||||
void makeCertIdent(const pki::SignedData<pki::CertificateBody>& cert, std::string& ident) const;
|
||||
void makeCertIdent(const nn::pki::SignedData<nn::pki::CertificateBody>& cert, std::string& ident) const;
|
||||
void makeCertIdent(const std::string& issuer, const std::string& subject, std::string& ident) const;
|
||||
bool doesCertExist(const std::string& ident) const;
|
||||
const pki::SignedData<pki::CertificateBody>& getCert(const std::string& ident) const;
|
||||
crypto::sha::HashType getCryptoHashAlgoFromEsSignHashAlgo(pki::sign::HashAlgo hash_algo) const;
|
||||
const nn::pki::SignedData<nn::pki::CertificateBody>& getCert(const std::string& ident) const;
|
||||
crypto::sha::HashType getCryptoHashAlgoFromEsSignHashAlgo(nn::pki::sign::HashAlgo hash_algo) const;
|
||||
};
|
|
@ -189,7 +189,7 @@ const sOptional<std::string>& UserSettings::getAssetNacpPath() const
|
|||
return mAssetNacpPath;
|
||||
}
|
||||
|
||||
const fnd::List<pki::SignedData<pki::CertificateBody>>& UserSettings::getCertificateChain() const
|
||||
const fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>>& UserSettings::getCertificateChain() const
|
||||
{
|
||||
return mCertChain;
|
||||
}
|
||||
|
@ -555,7 +555,7 @@ void UserSettings::populateKeyset(sCmdArgs& args)
|
|||
{
|
||||
fnd::SimpleFile cert_file;
|
||||
fnd::Vec<byte_t> cert_raw;
|
||||
pki::SignedData<pki::CertificateBody> cert;
|
||||
nn::pki::SignedData<nn::pki::CertificateBody> cert;
|
||||
|
||||
cert_file.open(args.cert_path.var, fnd::SimpleFile::Read);
|
||||
cert_raw.alloc(cert_file.size());
|
||||
|
@ -573,7 +573,7 @@ void UserSettings::populateKeyset(sCmdArgs& args)
|
|||
{
|
||||
fnd::SimpleFile tik_file;
|
||||
fnd::Vec<byte_t> tik_raw;
|
||||
pki::SignedData<es::TicketBody_V2> tik;
|
||||
nn::pki::SignedData<nn::es::TicketBody_V2> tik;
|
||||
|
||||
// open and import ticket
|
||||
tik_file.open(args.ticket_path.var, fnd::SimpleFile::Read);
|
||||
|
@ -587,13 +587,13 @@ void UserSettings::populateKeyset(sCmdArgs& args)
|
|||
PkiValidator pki_validator;
|
||||
fnd::Vec<byte_t> tik_hash;
|
||||
|
||||
switch (pki::sign::getHashAlgo(tik.getSignature().getSignType()))
|
||||
switch (nn::pki::sign::getHashAlgo(tik.getSignature().getSignType()))
|
||||
{
|
||||
case (pki::sign::HASH_ALGO_SHA1):
|
||||
case (nn::pki::sign::HASH_ALGO_SHA1):
|
||||
tik_hash.alloc(crypto::sha::kSha1HashLen);
|
||||
crypto::sha::Sha1(tik.getBody().getBytes().data(), tik.getBody().getBytes().size(), tik_hash.data());
|
||||
break;
|
||||
case (pki::sign::HASH_ALGO_SHA256):
|
||||
case (nn::pki::sign::HASH_ALGO_SHA256):
|
||||
tik_hash.alloc(crypto::sha::kSha256HashLen);
|
||||
crypto::sha::Sha256(tik.getBody().getBytes().data(), tik.getBody().getBytes().size(), tik_hash.data());
|
||||
break;
|
||||
|
@ -613,7 +613,7 @@ void UserSettings::populateKeyset(sCmdArgs& args)
|
|||
}
|
||||
|
||||
// extract title key
|
||||
if (tik.getBody().getTitleKeyEncType() == es::ticket::AES128_CBC)
|
||||
if (tik.getBody().getTitleKeyEncType() == nn::es::ticket::AES128_CBC)
|
||||
{
|
||||
memcpy(mKeyset.nca.manual_title_key_aesctr.key, tik.getBody().getEncTitleKey(), crypto::aes::kAes128KeySize);
|
||||
}
|
||||
|
@ -962,7 +962,7 @@ bool UserSettings::determineValidNacpFromSample(const fnd::Vec<byte_t>& sample)
|
|||
|
||||
bool UserSettings::determineValidEsCertFromSample(const fnd::Vec<byte_t>& sample) const
|
||||
{
|
||||
pki::SignatureBlock sign;
|
||||
nn::pki::SignatureBlock sign;
|
||||
|
||||
try
|
||||
{
|
||||
|
@ -976,7 +976,7 @@ bool UserSettings::determineValidEsCertFromSample(const fnd::Vec<byte_t>& sample
|
|||
if (sign.isLittleEndian() == true)
|
||||
return false;
|
||||
|
||||
if (sign.getSignType() != pki::sign::SIGN_ID_RSA4096_SHA256 && sign.getSignType() != pki::sign::SIGN_ID_RSA2048_SHA256 && sign.getSignType() != pki::sign::SIGN_ID_ECDSA240_SHA256)
|
||||
if (sign.getSignType() != nn::pki::sign::SIGN_ID_RSA4096_SHA256 && sign.getSignType() != nn::pki::sign::SIGN_ID_RSA2048_SHA256 && sign.getSignType() != nn::pki::sign::SIGN_ID_ECDSA240_SHA256)
|
||||
return false;
|
||||
|
||||
return true;
|
||||
|
@ -984,7 +984,7 @@ bool UserSettings::determineValidEsCertFromSample(const fnd::Vec<byte_t>& sample
|
|||
|
||||
bool UserSettings::determineValidEsTikFromSample(const fnd::Vec<byte_t>& sample) const
|
||||
{
|
||||
pki::SignatureBlock sign;
|
||||
nn::pki::SignatureBlock sign;
|
||||
|
||||
try
|
||||
{
|
||||
|
@ -998,7 +998,7 @@ bool UserSettings::determineValidEsTikFromSample(const fnd::Vec<byte_t>& sample)
|
|||
if (sign.isLittleEndian() == false)
|
||||
return false;
|
||||
|
||||
if (sign.getSignType() != pki::sign::SIGN_ID_RSA2048_SHA256)
|
||||
if (sign.getSignType() != nn::pki::sign::SIGN_ID_RSA2048_SHA256)
|
||||
return false;
|
||||
|
||||
return true;
|
||||
|
|
|
@ -42,7 +42,7 @@ public:
|
|||
const sOptional<std::string>& getNcaPart3Path() const;
|
||||
const sOptional<std::string>& getAssetIconPath() const;
|
||||
const sOptional<std::string>& getAssetNacpPath() const;
|
||||
const fnd::List<pki::SignedData<pki::CertificateBody>>& getCertificateChain() const;
|
||||
const fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>>& getCertificateChain() const;
|
||||
|
||||
private:
|
||||
const std::string kModuleName = "UserSettings";
|
||||
|
@ -100,7 +100,7 @@ private:
|
|||
sOptional<std::string> mAssetIconPath;
|
||||
sOptional<std::string> mAssetNacpPath;
|
||||
|
||||
fnd::List<pki::SignedData<pki::CertificateBody>> mCertChain;
|
||||
fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>> mCertChain;
|
||||
|
||||
bool mListApi;
|
||||
bool mListSymbols;
|
||||
|
|
Loading…
Reference in a new issue