From ebbdbcd364d49db3d2a2416538bc74b10b89bff6 Mon Sep 17 00:00:00 2001 From: jakcron Date: Tue, 7 Aug 2018 16:13:18 +0800 Subject: [PATCH] Fix project files and typos. --- lib/libes/libes.vcxproj | 6 +-- lib/libes/libes.vcxproj.filters | 6 +-- lib/libpki/include/nn/pki/SignedData.h | 2 +- programs/nstool/README.md | 1 + programs/nstool/makefile | 2 +- programs/nstool/nstool.vcxproj | 8 ++-- programs/nstool/source/EsTikProcess.cpp | 46 ++++++++++----------- programs/nstool/source/EsTikProcess.h | 6 +-- programs/nstool/source/PkiCertProcess.cpp | 32 +++++++-------- programs/nstool/source/PkiCertProcess.h | 8 ++-- programs/nstool/source/PkiValidator.cpp | 50 +++++++++++------------ programs/nstool/source/PkiValidator.h | 14 +++---- programs/nstool/source/UserSettings.cpp | 22 +++++----- programs/nstool/source/UserSettings.h | 4 +- 14 files changed, 104 insertions(+), 103 deletions(-) diff --git a/lib/libes/libes.vcxproj b/lib/libes/libes.vcxproj index 2373da0..2c3482d 100644 --- a/lib/libes/libes.vcxproj +++ b/lib/libes/libes.vcxproj @@ -120,9 +120,9 @@ - - - + + + diff --git a/lib/libes/libes.vcxproj.filters b/lib/libes/libes.vcxproj.filters index f933a32..d55625c 100644 --- a/lib/libes/libes.vcxproj.filters +++ b/lib/libes/libes.vcxproj.filters @@ -18,13 +18,13 @@ - + Header Files - + Header Files - + Header Files diff --git a/lib/libpki/include/nn/pki/SignedData.h b/lib/libpki/include/nn/pki/SignedData.h index 112e9f9..0997cd4 100644 --- a/lib/libpki/include/nn/pki/SignedData.h +++ b/lib/libpki/include/nn/pki/SignedData.h @@ -136,4 +136,4 @@ namespace pki mBody = body; } } - +} \ No newline at end of file diff --git a/programs/nstool/README.md b/programs/nstool/README.md index 9fb5dab..55490fd 100644 --- a/programs/nstool/README.md +++ b/programs/nstool/README.md @@ -48,6 +48,7 @@ Usage: nstool [options... ] --titlekey Specify title key extracted from ticket. --bodykey Specify body encryption key. --tik Specify ticket to source title key. + --cert Specify certificate chain to verify ticket. --part0 Extract "partition 0" to directory. --part1 Extract "partition 1" to directory. --part2 Extract "partition 2" to directory. diff --git a/programs/nstool/makefile b/programs/nstool/makefile index 4359763..a20fbb5 100644 --- a/programs/nstool/makefile +++ b/programs/nstool/makefile @@ -3,7 +3,7 @@ SRC_DIR = source OBJS = $(foreach dir,$(SRC_DIR),$(subst .cpp,.o,$(wildcard $(dir)/*.cpp))) $(foreach dir,$(SRC_DIR),$(subst .c,.o,$(wildcard $(dir)/*.c))) # External dependencies -DEPENDS = hac-hb hac es pki crypto compress polarssl lz4 fnd +DEPENDS = hac-hb hac es pki crypto compress fnd polarssl lz4 LIB_DIR = ../../lib LIBS = $(foreach dep,$(DEPENDS), -L"$(LIB_DIR)/lib$(dep)" -l$(dep)) INCS = $(foreach dep,$(DEPENDS), -I"$(LIB_DIR)/lib$(dep)/include") diff --git a/programs/nstool/nstool.vcxproj b/programs/nstool/nstool.vcxproj index d9e7aed..9110d28 100644 --- a/programs/nstool/nstool.vcxproj +++ b/programs/nstool/nstool.vcxproj @@ -90,7 +90,7 @@ true _DEBUG;_CONSOLE;%(PreprocessorDefinitions) true - ..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libnx\include;..\..\lib\libnx-hb\include + ..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libhac\include;..\..\lib\libhac-hb\include Console @@ -105,7 +105,7 @@ true WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) true - ..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libnx\include;..\..\lib\libnx-hb\include + ..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libhac\include;..\..\lib\libhac-hb\include Console @@ -122,7 +122,7 @@ true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) true - ..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libnx\include;..\..\lib\libnx-hb\include + ..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libhac\include;..\..\lib\libhac-hb\include Console @@ -141,7 +141,7 @@ true NDEBUG;_CONSOLE;%(PreprocessorDefinitions) true - ..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libnx\include;..\..\lib\libnx-hb\include + ..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libhac\include;..\..\lib\libhac-hb\include Console diff --git a/programs/nstool/source/EsTikProcess.cpp b/programs/nstool/source/EsTikProcess.cpp index fb897de..9f98521 100644 --- a/programs/nstool/source/EsTikProcess.cpp +++ b/programs/nstool/source/EsTikProcess.cpp @@ -47,7 +47,7 @@ void EsTikProcess::setKeyset(const sKeyset* keyset) mKeyset = keyset; } -void EsTikProcess::setCertificateChain(const fnd::List>& certs) +void EsTikProcess::setCertificateChain(const fnd::List>& certs) { mCerts = certs; } @@ -80,13 +80,13 @@ void EsTikProcess::verifyTicket() PkiValidator pki_validator; fnd::Vec tik_hash; - switch (pki::sign::getHashAlgo(mTik.getSignature().getSignType())) + switch (nn::pki::sign::getHashAlgo(mTik.getSignature().getSignType())) { - case (pki::sign::HASH_ALGO_SHA1): + case (nn::pki::sign::HASH_ALGO_SHA1): tik_hash.alloc(crypto::sha::kSha1HashLen); crypto::sha::Sha1(mTik.getBody().getBytes().data(), mTik.getBody().getBytes().size(), tik_hash.data()); break; - case (pki::sign::HASH_ALGO_SHA256): + case (nn::pki::sign::HASH_ALGO_SHA256): tik_hash.alloc(crypto::sha::kSha256HashLen); crypto::sha::Sha256(mTik.getBody().getBytes().data(), mTik.getBody().getBytes().size(), tik_hash.data()); break; @@ -110,7 +110,7 @@ void EsTikProcess::displayTicket() #define _HEXDUMP_U(var, len) do { for (size_t a__a__A = 0; a__a__A < len; a__a__A++) printf("%02X", var[a__a__A]); } while(0) #define _HEXDUMP_L(var, len) do { for (size_t a__a__A = 0; a__a__A < len; a__a__A++) printf("%02x", var[a__a__A]); } while(0) - const es::TicketBody_V2& body = mTik.getBody(); + const nn::es::TicketBody_V2& body = mTik.getBody(); std::cout << "[ES Ticket]" << std::endl; @@ -124,7 +124,7 @@ void EsTikProcess::displayTicket() std::cout << " EncMode: " << getTitleKeyPersonalisationStr(body.getTitleKeyEncType()) << std::endl; std::cout << " KeyGeneration: " << std::dec << (uint32_t)body.getCommonKeyId() << std::endl; std::cout << " Data:" << std::endl; - size_t size = body.getTitleKeyEncType() == es::ticket::RSA2048 ? crypto::rsa::kRsa2048Size : crypto::aes::kAes128KeySize; + size_t size = body.getTitleKeyEncType() == nn::es::ticket::RSA2048 ? crypto::rsa::kRsa2048Size : crypto::aes::kAes128KeySize; fnd::SimpleTextOutput::hexDump(body.getEncTitleKey(), size, 0x10, 6); printf(" Version: v%d.%d.%d", _SPLIT_VER(body.getTicketVersion())); @@ -174,22 +174,22 @@ const char* EsTikProcess::getSignTypeStr(uint32_t type) const const char* str = nullptr; switch(type) { - case (pki::sign::SIGN_ID_RSA4096_SHA1): + case (nn::pki::sign::SIGN_ID_RSA4096_SHA1): str = "RSA4096-SHA1"; break; - case (pki::sign::SIGN_ID_RSA2048_SHA1): + case (nn::pki::sign::SIGN_ID_RSA2048_SHA1): str = "RSA2048-SHA1"; break; - case (pki::sign::SIGN_ID_ECDSA240_SHA1): + case (nn::pki::sign::SIGN_ID_ECDSA240_SHA1): str = "ECDSA240-SHA1"; break; - case (pki::sign::SIGN_ID_RSA4096_SHA256): + case (nn::pki::sign::SIGN_ID_RSA4096_SHA256): str = "RSA4096-SHA256"; break; - case (pki::sign::SIGN_ID_RSA2048_SHA256): + case (nn::pki::sign::SIGN_ID_RSA2048_SHA256): str = "RSA2048-SHA256"; break; - case (pki::sign::SIGN_ID_ECDSA240_SHA256): + case (nn::pki::sign::SIGN_ID_ECDSA240_SHA256): str = "ECDSA240-SHA256"; break; default: @@ -204,10 +204,10 @@ const char* EsTikProcess::getTitleKeyPersonalisationStr(byte_t flag) const const char* str = nullptr; switch(flag) { - case (es::ticket::AES128_CBC): + case (nn::es::ticket::AES128_CBC): str = "Generic (AESCBC)"; break; - case (es::ticket::RSA2048): + case (nn::es::ticket::RSA2048): str = "Personalised (RSA2048)"; break; default: @@ -222,22 +222,22 @@ const char* EsTikProcess::getLicenseTypeStr(byte_t flag) const const char* str = nullptr; switch(flag) { - case (es::ticket::LICENSE_PERMANENT): + case (nn::es::ticket::LICENSE_PERMANENT): str = "Permanent"; break; - case (es::ticket::LICENSE_DEMO): + case (nn::es::ticket::LICENSE_DEMO): str = "Demo"; break; - case (es::ticket::LICENSE_TRIAL): + case (nn::es::ticket::LICENSE_TRIAL): str = "Trial"; break; - case (es::ticket::LICENSE_RENTAL): + case (nn::es::ticket::LICENSE_RENTAL): str = "Rental"; break; - case (es::ticket::LICENSE_SUBSCRIPTION): + case (nn::es::ticket::LICENSE_SUBSCRIPTION): str = "Subscription"; break; - case (es::ticket::LICENSE_SERVICE): + case (nn::es::ticket::LICENSE_SERVICE): str = "Service"; break; default: @@ -252,13 +252,13 @@ const char* EsTikProcess::getPropertyFlagStr(byte_t flag) const const char* str = nullptr; switch(flag) { - case (es::ticket::FLAG_PRE_INSTALL): + case (nn::es::ticket::FLAG_PRE_INSTALL): str = "PreInstall"; break; - case (es::ticket::FLAG_SHARED_TITLE): + case (nn::es::ticket::FLAG_SHARED_TITLE): str = "SharedTitle"; break; - case (es::ticket::FLAG_ALLOW_ALL_CONTENT): + case (nn::es::ticket::FLAG_ALLOW_ALL_CONTENT): str = "AllContent"; break; default: diff --git a/programs/nstool/source/EsTikProcess.h b/programs/nstool/source/EsTikProcess.h index 2424156..82d82d0 100644 --- a/programs/nstool/source/EsTikProcess.h +++ b/programs/nstool/source/EsTikProcess.h @@ -18,7 +18,7 @@ public: void setInputFile(fnd::IFile* file, bool ownIFile); void setKeyset(const sKeyset* keyset); - void setCertificateChain(const fnd::List>& certs); + void setCertificateChain(const fnd::List>& certs); void setCliOutputMode(CliOutputMode mode); void setVerifyMode(bool verify); @@ -31,9 +31,9 @@ private: CliOutputMode mCliOutputMode; bool mVerify; - fnd::List> mCerts; + fnd::List> mCerts; - pki::SignedData mTik; + nn::pki::SignedData mTik; void importTicket(); void verifyTicket(); diff --git a/programs/nstool/source/PkiCertProcess.cpp b/programs/nstool/source/PkiCertProcess.cpp index 47b3267..5de3e01 100644 --- a/programs/nstool/source/PkiCertProcess.cpp +++ b/programs/nstool/source/PkiCertProcess.cpp @@ -66,7 +66,7 @@ void PkiCertProcess::importCerts() scratch.alloc(mFile->size()); mFile->read(scratch.data(), 0, scratch.size()); - pki::SignedData cert; + nn::pki::SignedData cert; for (size_t f_pos = 0; f_pos < scratch.size(); f_pos += cert.getBytes().size()) { cert.fromBytes(scratch.data() + f_pos, scratch.size() - f_pos); @@ -98,7 +98,7 @@ void PkiCertProcess::displayCerts() } } -void PkiCertProcess::displayCert(const pki::SignedData& cert) +void PkiCertProcess::displayCert(const nn::pki::SignedData& cert) { #define _SPLIT_VER(ver) ( (ver>>26) & 0x3f), ( (ver>>20) & 0x3f), ( (ver>>16) & 0xf), (ver & 0xffff) #define _HEXDUMP_U(var, len) do { for (size_t a__a__A = 0; a__a__A < len; a__a__A++) printf("%02X", var[a__a__A]); } while(0) @@ -119,7 +119,7 @@ void PkiCertProcess::displayCert(const pki::SignedData& ce std::cout << std::endl; std::cout << " CertID: 0x" << std::hex << cert.getBody().getCertId() << std::endl; - if (cert.getBody().getPublicKeyType() == pki::cert::RSA4096) + if (cert.getBody().getPublicKeyType() == nn::pki::cert::RSA4096) { std::cout << " PublicKey:" << std::endl; std::cout << " Modulus:" << std::endl; @@ -127,7 +127,7 @@ void PkiCertProcess::displayCert(const pki::SignedData& ce std::cout << " Public Exponent:" << std::endl; fnd::SimpleTextOutput::hexDump(cert.getBody().getRsa4098PublicKey().public_exponent, crypto::rsa::kRsaPublicExponentSize, 0x10, 6); } - else if (cert.getBody().getPublicKeyType() == pki::cert::RSA2048) + else if (cert.getBody().getPublicKeyType() == nn::pki::cert::RSA2048) { std::cout << " PublicKey:" << std::endl; std::cout << " Public Exponent:" << std::endl; @@ -135,7 +135,7 @@ void PkiCertProcess::displayCert(const pki::SignedData& ce std::cout << " Modulus:" << std::endl; fnd::SimpleTextOutput::hexDump(cert.getBody().getRsa2048PublicKey().public_exponent, crypto::rsa::kRsaPublicExponentSize, 0x10, 6); } - else if (cert.getBody().getPublicKeyType() == pki::cert::ECDSA240) + else if (cert.getBody().getPublicKeyType() == nn::pki::cert::ECDSA240) { std::cout << " PublicKey:" << std::endl; std::cout << " R:" << std::endl; @@ -156,27 +156,27 @@ size_t PkiCertProcess::getHexDumpLen(size_t max_size) const return _HAS_BIT(mCliOutputMode, OUTPUT_EXTENDED) ? max_size : kSmallHexDumpLen; } -const char* PkiCertProcess::getSignTypeStr(pki::sign::SignatureId type) const +const char* PkiCertProcess::getSignTypeStr(nn::pki::sign::SignatureId type) const { const char* str; switch (type) { - case (pki::sign::SIGN_ID_RSA4096_SHA1): + case (nn::pki::sign::SIGN_ID_RSA4096_SHA1): str = "RSA4096-SHA1"; break; - case (pki::sign::SIGN_ID_RSA2048_SHA1): + case (nn::pki::sign::SIGN_ID_RSA2048_SHA1): str = "RSA2048-SHA1"; break; - case (pki::sign::SIGN_ID_ECDSA240_SHA1): + case (nn::pki::sign::SIGN_ID_ECDSA240_SHA1): str = "ECDSA240-SHA1"; break; - case (pki::sign::SIGN_ID_RSA4096_SHA256): + case (nn::pki::sign::SIGN_ID_RSA4096_SHA256): str = "RSA4096-SHA256"; break; - case (pki::sign::SIGN_ID_RSA2048_SHA256): + case (nn::pki::sign::SIGN_ID_RSA2048_SHA256): str = "RSA2048-SHA256"; break; - case (pki::sign::SIGN_ID_ECDSA240_SHA256): + case (nn::pki::sign::SIGN_ID_ECDSA240_SHA256): str = "ECDSA240-SHA256"; break; default: @@ -191,18 +191,18 @@ const char* PkiCertProcess::getEndiannessStr(bool isLittleEndian) const return isLittleEndian ? "LittleEndian" : "BigEndian"; } -const char* PkiCertProcess::getPublicKeyTypeStr(pki::cert::PublicKeyType type) const +const char* PkiCertProcess::getPublicKeyTypeStr(nn::pki::cert::PublicKeyType type) const { const char* str; switch (type) { - case (pki::cert::RSA4096): + case (nn::pki::cert::RSA4096): str = "RSA4096"; break; - case (pki::cert::RSA2048): + case (nn::pki::cert::RSA2048): str = "RSA2048"; break; - case (pki::cert::ECDSA240): + case (nn::pki::cert::ECDSA240): str = "ECDSA240"; break; default: diff --git a/programs/nstool/source/PkiCertProcess.h b/programs/nstool/source/PkiCertProcess.h index b071ec6..e7dd144 100644 --- a/programs/nstool/source/PkiCertProcess.h +++ b/programs/nstool/source/PkiCertProcess.h @@ -31,15 +31,15 @@ private: CliOutputMode mCliOutputMode; bool mVerify; - fnd::List> mCert; + fnd::List> mCert; void importCerts(); void validateCerts(); void displayCerts(); - void displayCert(const pki::SignedData& cert); + void displayCert(const nn::pki::SignedData& cert); size_t getHexDumpLen(size_t max_size) const; - const char* getSignTypeStr(pki::sign::SignatureId type) const; + const char* getSignTypeStr(nn::pki::sign::SignatureId type) const; const char* getEndiannessStr(bool isLittleEndian) const; - const char* getPublicKeyTypeStr(pki::cert::PublicKeyType type) const; + const char* getPublicKeyTypeStr(nn::pki::cert::PublicKeyType type) const; }; \ No newline at end of file diff --git a/programs/nstool/source/PkiValidator.cpp b/programs/nstool/source/PkiValidator.cpp index 70f5728..971ecc7 100644 --- a/programs/nstool/source/PkiValidator.cpp +++ b/programs/nstool/source/PkiValidator.cpp @@ -12,7 +12,7 @@ PkiValidator::PkiValidator() void PkiValidator::setRootKey(const crypto::rsa::sRsa4096Key& root_key) { // save a copy of the certificate bank - fnd::List> old_certs = mCertificateBank; + fnd::List> old_certs = mCertificateBank; // clear the certificate bank mCertificateBank.clear(); @@ -27,7 +27,7 @@ void PkiValidator::setRootKey(const crypto::rsa::sRsa4096Key& root_key) } } -void PkiValidator::addCertificates(const fnd::List>& certs) +void PkiValidator::addCertificates(const fnd::List>& certs) { for (size_t i = 0; i < certs.size(); i++) { @@ -35,11 +35,11 @@ void PkiValidator::addCertificates(const fnd::List& cert) +void PkiValidator::addCertificate(const nn::pki::SignedData& cert) { std::string cert_ident; - pki::sign::SignatureAlgo cert_sign_algo; - pki::sign::HashAlgo cert_hash_algo; + nn::pki::sign::SignatureAlgo cert_sign_algo; + nn::pki::sign::HashAlgo cert_hash_algo; fnd::Vec cert_hash; try @@ -51,17 +51,17 @@ void PkiValidator::addCertificate(const pki::SignedData& c throw fnd::Exception(kModuleName, "Certificate already exists"); } - cert_sign_algo = pki::sign::getSignatureAlgo(cert.getSignature().getSignType()); - cert_hash_algo = pki::sign::getHashAlgo(cert.getSignature().getSignType()); + cert_sign_algo = nn::pki::sign::getSignatureAlgo(cert.getSignature().getSignType()); + cert_hash_algo = nn::pki::sign::getHashAlgo(cert.getSignature().getSignType()); // get cert hash switch (cert_hash_algo) { - case (pki::sign::HASH_ALGO_SHA1): + case (nn::pki::sign::HASH_ALGO_SHA1): cert_hash.alloc(crypto::sha::kSha1HashLen); crypto::sha::Sha1(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data()); break; - case (pki::sign::HASH_ALGO_SHA256): + case (nn::pki::sign::HASH_ALGO_SHA256): cert_hash.alloc(crypto::sha::kSha256HashLen); crypto::sha::Sha256(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data()); break; @@ -86,19 +86,19 @@ void PkiValidator::clearCertificates() mCertificateBank.clear(); } -void PkiValidator::validateSignature(const std::string& issuer, pki::sign::SignatureId signature_id, const fnd::Vec& signature, const fnd::Vec& hash) const +void PkiValidator::validateSignature(const std::string& issuer, nn::pki::sign::SignatureId signature_id, const fnd::Vec& signature, const fnd::Vec& hash) const { - pki::sign::SignatureAlgo sign_algo = pki::sign::getSignatureAlgo(signature_id); - pki::sign::HashAlgo hash_algo = pki::sign::getHashAlgo(signature_id); + nn::pki::sign::SignatureAlgo sign_algo = nn::pki::sign::getSignatureAlgo(signature_id); + nn::pki::sign::HashAlgo hash_algo = nn::pki::sign::getHashAlgo(signature_id); // validate signature int sig_validate_res = -1; // special case if signed by Root - if (issuer == pki::sign::kRootIssuerStr) + if (issuer == nn::pki::sign::kRootIssuerStr) { - if (sign_algo != pki::sign::SIGN_ALGO_RSA4096) + if (sign_algo != nn::pki::sign::SIGN_ALGO_RSA4096) { throw fnd::Exception(kModuleName, "Issued by Root, but does not have a RSA4096 signature"); } @@ -107,18 +107,18 @@ void PkiValidator::validateSignature(const std::string& issuer, pki::sign::Signa else { // try to find issuer cert - const pki::CertificateBody& issuer_cert = getCert(issuer).getBody(); - pki::cert::PublicKeyType issuer_pubk_type = issuer_cert.getPublicKeyType(); + const nn::pki::CertificateBody& issuer_cert = getCert(issuer).getBody(); + nn::pki::cert::PublicKeyType issuer_pubk_type = issuer_cert.getPublicKeyType(); - if (issuer_pubk_type == pki::cert::RSA4096 && sign_algo == pki::sign::SIGN_ALGO_RSA4096) + if (issuer_pubk_type == nn::pki::cert::RSA4096 && sign_algo == nn::pki::sign::SIGN_ALGO_RSA4096) { sig_validate_res = crypto::rsa::pkcs::rsaVerify(issuer_cert.getRsa4098PublicKey(), getCryptoHashAlgoFromEsSignHashAlgo(hash_algo), hash.data(), signature.data()); } - else if (issuer_pubk_type == pki::cert::RSA2048 && sign_algo == pki::sign::SIGN_ALGO_RSA2048) + else if (issuer_pubk_type == nn::pki::cert::RSA2048 && sign_algo == nn::pki::sign::SIGN_ALGO_RSA2048) { sig_validate_res = crypto::rsa::pkcs::rsaVerify(issuer_cert.getRsa2048PublicKey(), getCryptoHashAlgoFromEsSignHashAlgo(hash_algo), hash.data(), signature.data()); } - else if (issuer_pubk_type == pki::cert::ECDSA240 && sign_algo == pki::sign::SIGN_ALGO_ECDSA240) + else if (issuer_pubk_type == nn::pki::cert::ECDSA240 && sign_algo == nn::pki::sign::SIGN_ALGO_ECDSA240) { throw fnd::Exception(kModuleName, "ECDSA signatures are not supported"); } @@ -136,14 +136,14 @@ void PkiValidator::validateSignature(const std::string& issuer, pki::sign::Signa } -void PkiValidator::makeCertIdent(const pki::SignedData& cert, std::string& ident) const +void PkiValidator::makeCertIdent(const nn::pki::SignedData& cert, std::string& ident) const { makeCertIdent(cert.getBody().getIssuer(), cert.getBody().getSubject(), ident); } void PkiValidator::makeCertIdent(const std::string& issuer, const std::string& subject, std::string& ident) const { - ident = issuer + pki::sign::kIdentDelimiter + subject; + ident = issuer + nn::pki::sign::kIdentDelimiter + subject; ident = ident.substr(0, _MIN(ident.length(),64)); } @@ -164,7 +164,7 @@ bool PkiValidator::doesCertExist(const std::string& ident) const return exists; } -const pki::SignedData& PkiValidator::getCert(const std::string& ident) const +const nn::pki::SignedData& PkiValidator::getCert(const std::string& ident) const { std::string full_cert_name; for (size_t i = 0; i < mCertificateBank.size(); i++) @@ -179,16 +179,16 @@ const pki::SignedData& PkiValidator::getCert(const std::st throw fnd::Exception(kModuleName, "Issuer certificate does not exist"); } -crypto::sha::HashType PkiValidator::getCryptoHashAlgoFromEsSignHashAlgo(pki::sign::HashAlgo hash_algo) const +crypto::sha::HashType PkiValidator::getCryptoHashAlgoFromEsSignHashAlgo(nn::pki::sign::HashAlgo hash_algo) const { crypto::sha::HashType hash_type = crypto::sha::HASH_SHA1; switch (hash_algo) { - case (pki::sign::HASH_ALGO_SHA1): + case (nn::pki::sign::HASH_ALGO_SHA1): hash_type = crypto::sha::HASH_SHA1; break; - case (pki::sign::HASH_ALGO_SHA256): + case (nn::pki::sign::HASH_ALGO_SHA256): hash_type = crypto::sha::HASH_SHA256; break; }; diff --git a/programs/nstool/source/PkiValidator.h b/programs/nstool/source/PkiValidator.h index 51d383f..1183c80 100644 --- a/programs/nstool/source/PkiValidator.h +++ b/programs/nstool/source/PkiValidator.h @@ -13,22 +13,22 @@ public: PkiValidator(); void setRootKey(const crypto::rsa::sRsa4096Key& root_key); - void addCertificates(const fnd::List>& certs); - void addCertificate(const pki::SignedData& cert); + void addCertificates(const fnd::List>& certs); + void addCertificate(const nn::pki::SignedData& cert); void clearCertificates(); - void validateSignature(const std::string& issuer, pki::sign::SignatureId signature_id, const fnd::Vec& signature, const fnd::Vec& hash) const; + void validateSignature(const std::string& issuer, nn::pki::sign::SignatureId signature_id, const fnd::Vec& signature, const fnd::Vec& hash) const; private: const std::string kModuleName = "NNPkiValidator"; crypto::rsa::sRsa4096Key mRootKey; - fnd::List> mCertificateBank; + fnd::List> mCertificateBank; - void makeCertIdent(const pki::SignedData& cert, std::string& ident) const; + void makeCertIdent(const nn::pki::SignedData& cert, std::string& ident) const; void makeCertIdent(const std::string& issuer, const std::string& subject, std::string& ident) const; bool doesCertExist(const std::string& ident) const; - const pki::SignedData& getCert(const std::string& ident) const; - crypto::sha::HashType getCryptoHashAlgoFromEsSignHashAlgo(pki::sign::HashAlgo hash_algo) const; + const nn::pki::SignedData& getCert(const std::string& ident) const; + crypto::sha::HashType getCryptoHashAlgoFromEsSignHashAlgo(nn::pki::sign::HashAlgo hash_algo) const; }; \ No newline at end of file diff --git a/programs/nstool/source/UserSettings.cpp b/programs/nstool/source/UserSettings.cpp index 57b5c84..0c0cf06 100644 --- a/programs/nstool/source/UserSettings.cpp +++ b/programs/nstool/source/UserSettings.cpp @@ -189,7 +189,7 @@ const sOptional& UserSettings::getAssetNacpPath() const return mAssetNacpPath; } -const fnd::List>& UserSettings::getCertificateChain() const +const fnd::List>& UserSettings::getCertificateChain() const { return mCertChain; } @@ -555,7 +555,7 @@ void UserSettings::populateKeyset(sCmdArgs& args) { fnd::SimpleFile cert_file; fnd::Vec cert_raw; - pki::SignedData cert; + nn::pki::SignedData cert; cert_file.open(args.cert_path.var, fnd::SimpleFile::Read); cert_raw.alloc(cert_file.size()); @@ -573,7 +573,7 @@ void UserSettings::populateKeyset(sCmdArgs& args) { fnd::SimpleFile tik_file; fnd::Vec tik_raw; - pki::SignedData tik; + nn::pki::SignedData tik; // open and import ticket tik_file.open(args.ticket_path.var, fnd::SimpleFile::Read); @@ -587,13 +587,13 @@ void UserSettings::populateKeyset(sCmdArgs& args) PkiValidator pki_validator; fnd::Vec tik_hash; - switch (pki::sign::getHashAlgo(tik.getSignature().getSignType())) + switch (nn::pki::sign::getHashAlgo(tik.getSignature().getSignType())) { - case (pki::sign::HASH_ALGO_SHA1): + case (nn::pki::sign::HASH_ALGO_SHA1): tik_hash.alloc(crypto::sha::kSha1HashLen); crypto::sha::Sha1(tik.getBody().getBytes().data(), tik.getBody().getBytes().size(), tik_hash.data()); break; - case (pki::sign::HASH_ALGO_SHA256): + case (nn::pki::sign::HASH_ALGO_SHA256): tik_hash.alloc(crypto::sha::kSha256HashLen); crypto::sha::Sha256(tik.getBody().getBytes().data(), tik.getBody().getBytes().size(), tik_hash.data()); break; @@ -613,7 +613,7 @@ void UserSettings::populateKeyset(sCmdArgs& args) } // extract title key - if (tik.getBody().getTitleKeyEncType() == es::ticket::AES128_CBC) + if (tik.getBody().getTitleKeyEncType() == nn::es::ticket::AES128_CBC) { memcpy(mKeyset.nca.manual_title_key_aesctr.key, tik.getBody().getEncTitleKey(), crypto::aes::kAes128KeySize); } @@ -962,7 +962,7 @@ bool UserSettings::determineValidNacpFromSample(const fnd::Vec& sample) bool UserSettings::determineValidEsCertFromSample(const fnd::Vec& sample) const { - pki::SignatureBlock sign; + nn::pki::SignatureBlock sign; try { @@ -976,7 +976,7 @@ bool UserSettings::determineValidEsCertFromSample(const fnd::Vec& sample if (sign.isLittleEndian() == true) return false; - if (sign.getSignType() != pki::sign::SIGN_ID_RSA4096_SHA256 && sign.getSignType() != pki::sign::SIGN_ID_RSA2048_SHA256 && sign.getSignType() != pki::sign::SIGN_ID_ECDSA240_SHA256) + if (sign.getSignType() != nn::pki::sign::SIGN_ID_RSA4096_SHA256 && sign.getSignType() != nn::pki::sign::SIGN_ID_RSA2048_SHA256 && sign.getSignType() != nn::pki::sign::SIGN_ID_ECDSA240_SHA256) return false; return true; @@ -984,7 +984,7 @@ bool UserSettings::determineValidEsCertFromSample(const fnd::Vec& sample bool UserSettings::determineValidEsTikFromSample(const fnd::Vec& sample) const { - pki::SignatureBlock sign; + nn::pki::SignatureBlock sign; try { @@ -998,7 +998,7 @@ bool UserSettings::determineValidEsTikFromSample(const fnd::Vec& sample) if (sign.isLittleEndian() == false) return false; - if (sign.getSignType() != pki::sign::SIGN_ID_RSA2048_SHA256) + if (sign.getSignType() != nn::pki::sign::SIGN_ID_RSA2048_SHA256) return false; return true; diff --git a/programs/nstool/source/UserSettings.h b/programs/nstool/source/UserSettings.h index 2643243..a3fd6ed 100644 --- a/programs/nstool/source/UserSettings.h +++ b/programs/nstool/source/UserSettings.h @@ -42,7 +42,7 @@ public: const sOptional& getNcaPart3Path() const; const sOptional& getAssetIconPath() const; const sOptional& getAssetNacpPath() const; - const fnd::List>& getCertificateChain() const; + const fnd::List>& getCertificateChain() const; private: const std::string kModuleName = "UserSettings"; @@ -100,7 +100,7 @@ private: sOptional mAssetIconPath; sOptional mAssetNacpPath; - fnd::List> mCertChain; + fnd::List> mCertChain; bool mListApi; bool mListSymbols;