nold/nstool
1
0
Fork 0
mirror of https://github.com/jakcron/nstool synced 2024-11-22 21:49:30 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix project files and typos.

Browse source
This commit is contained in:
jakcron 2018-08-07 16:13:18 +08:00
parent 8954dc405f
commit ebbdbcd364
14 changed files with 104 additions and 103 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/libes/libes.vcxproj
View file

@ -120,9 +120,9 @@
<None Include="makefile" /> <None Include="makefile" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClInclude Include="include\es\SectionHeader_V2.h" /> <ClInclude Include="include\nn\es\SectionHeader_V2.h" />
<ClInclude Include="include\es\ticket.h" /> <ClInclude Include="include\nn\es\ticket.h" />
<ClInclude Include="include\es\TicketBody_V2.h" /> <ClInclude Include="include\nn\es\TicketBody_V2.h" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClCompile Include="source\SectionHeader_V2.cpp" /> <ClCompile Include="source\SectionHeader_V2.cpp" />

6
lib/libes/libes.vcxproj.filters
View file

@ -18,13 +18,13 @@
<None Include="makefile" /> <None Include="makefile" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClInclude Include="include\es\SectionHeader_V2.h"> <ClInclude Include="include\nn\es\SectionHeader_V2.h">
<Filter>Header Files</Filter> <Filter>Header Files</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="include\es\ticket.h"> <ClInclude Include="include\nn\es\ticket.h">
<Filter>Header Files</Filter> <Filter>Header Files</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="include\es\TicketBody_V2.h"> <ClInclude Include="include\nn\es\TicketBody_V2.h">
<Filter>Header Files</Filter> <Filter>Header Files</Filter>
</ClInclude> </ClInclude>
</ItemGroup> </ItemGroup>

2
lib/libpki/include/nn/pki/SignedData.h
View file

@ -136,4 +136,4 @@ namespace pki
mBody = body; mBody = body;
} }
} }
}

1
programs/nstool/README.md
View file

@ -48,6 +48,7 @@ Usage: nstool [options... ] <file>
--titlekey Specify title key extracted from ticket. --titlekey Specify title key extracted from ticket.
--bodykey Specify body encryption key. --bodykey Specify body encryption key.
--tik Specify ticket to source title key. --tik Specify ticket to source title key.
--cert Specify certificate chain to verify ticket.
--part0 Extract "partition 0" to directory. --part0 Extract "partition 0" to directory.
--part1 Extract "partition 1" to directory. --part1 Extract "partition 1" to directory.
--part2 Extract "partition 2" to directory. --part2 Extract "partition 2" to directory.

2
programs/nstool/makefile
View file

@ -3,7 +3,7 @@ SRC_DIR = source
OBJS = $(foreach dir,$(SRC_DIR),$(subst .cpp,.o,$(wildcard $(dir)/*.cpp))) $(foreach dir,$(SRC_DIR),$(subst .c,.o,$(wildcard $(dir)/*.c))) OBJS = $(foreach dir,$(SRC_DIR),$(subst .cpp,.o,$(wildcard $(dir)/*.cpp))) $(foreach dir,$(SRC_DIR),$(subst .c,.o,$(wildcard $(dir)/*.c)))
# External dependencies # External dependencies
DEPENDS = hac-hb hac es pki crypto compress polarssl lz4 fnd DEPENDS = hac-hb hac es pki crypto compress fnd polarssl lz4
LIB_DIR = ../../lib LIB_DIR = ../../lib
LIBS = $(foreach dep,$(DEPENDS), -L"$(LIB_DIR)/lib$(dep)" -l$(dep)) LIBS = $(foreach dep,$(DEPENDS), -L"$(LIB_DIR)/lib$(dep)" -l$(dep))
INCS = $(foreach dep,$(DEPENDS), -I"$(LIB_DIR)/lib$(dep)/include") INCS = $(foreach dep,$(DEPENDS), -I"$(LIB_DIR)/lib$(dep)/include")

8
programs/nstool/nstool.vcxproj
View file

@ -90,7 +90,7 @@
<SDLCheck>true</SDLCheck> <SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode> <ConformanceMode>true</ConformanceMode>
<AdditionalIncludeDirectories>..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libnx\include;..\..\lib\libnx-hb\include</AdditionalIncludeDirectories> <AdditionalIncludeDirectories>..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libhac\include;..\..\lib\libhac-hb\include</AdditionalIncludeDirectories>
</ClCompile> </ClCompile>
<Link> <Link>
<SubSystem>Console</SubSystem> <SubSystem>Console</SubSystem>
@ -105,7 +105,7 @@
<SDLCheck>true</SDLCheck> <SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode> <ConformanceMode>true</ConformanceMode>
<AdditionalIncludeDirectories>..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libnx\include;..\..\lib\libnx-hb\include</AdditionalIncludeDirectories> <AdditionalIncludeDirectories>..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libhac\include;..\..\lib\libhac-hb\include</AdditionalIncludeDirectories>
</ClCompile> </ClCompile>
<Link> <Link>
<SubSystem>Console</SubSystem> <SubSystem>Console</SubSystem>
@ -122,7 +122,7 @@
<SDLCheck>true</SDLCheck> <SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode> <ConformanceMode>true</ConformanceMode>
<AdditionalIncludeDirectories>..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libnx\include;..\..\lib\libnx-hb\include</AdditionalIncludeDirectories> <AdditionalIncludeDirectories>..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libhac\include;..\..\lib\libhac-hb\include</AdditionalIncludeDirectories>
</ClCompile> </ClCompile>
<Link> <Link>
<SubSystem>Console</SubSystem> <SubSystem>Console</SubSystem>
@ -141,7 +141,7 @@
<SDLCheck>true</SDLCheck> <SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode> <ConformanceMode>true</ConformanceMode>
<AdditionalIncludeDirectories>..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libnx\include;..\..\lib\libnx-hb\include</AdditionalIncludeDirectories> <AdditionalIncludeDirectories>..\..\lib\libpki\include;..\..\lib\libes\include;..\..\lib\libfnd\include;..\..\lib\libcompress\include;..\..\lib\libcrypto\include;..\..\lib\libhac\include;..\..\lib\libhac-hb\include</AdditionalIncludeDirectories>
</ClCompile> </ClCompile>
<Link> <Link>
<SubSystem>Console</SubSystem> <SubSystem>Console</SubSystem>

46
programs/nstool/source/EsTikProcess.cpp
View file

@ -47,7 +47,7 @@ void EsTikProcess::setKeyset(const sKeyset* keyset)
mKeyset = keyset; mKeyset = keyset;
} }
void EsTikProcess::setCertificateChain(const fnd::List<pki::SignedData<pki::CertificateBody>>& certs) void EsTikProcess::setCertificateChain(const fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>>& certs)
{ {
mCerts = certs; mCerts = certs;
} }
@ -80,13 +80,13 @@ void EsTikProcess::verifyTicket()
PkiValidator pki_validator; PkiValidator pki_validator;
fnd::Vec<byte_t> tik_hash; fnd::Vec<byte_t> tik_hash;
switch (pki::sign::getHashAlgo(mTik.getSignature().getSignType())) switch (nn::pki::sign::getHashAlgo(mTik.getSignature().getSignType()))
{ {
case (pki::sign::HASH_ALGO_SHA1): case (nn::pki::sign::HASH_ALGO_SHA1):
tik_hash.alloc(crypto::sha::kSha1HashLen); tik_hash.alloc(crypto::sha::kSha1HashLen);
crypto::sha::Sha1(mTik.getBody().getBytes().data(), mTik.getBody().getBytes().size(), tik_hash.data()); crypto::sha::Sha1(mTik.getBody().getBytes().data(), mTik.getBody().getBytes().size(), tik_hash.data());
break; break;
case (pki::sign::HASH_ALGO_SHA256): case (nn::pki::sign::HASH_ALGO_SHA256):
tik_hash.alloc(crypto::sha::kSha256HashLen); tik_hash.alloc(crypto::sha::kSha256HashLen);
crypto::sha::Sha256(mTik.getBody().getBytes().data(), mTik.getBody().getBytes().size(), tik_hash.data()); crypto::sha::Sha256(mTik.getBody().getBytes().data(), mTik.getBody().getBytes().size(), tik_hash.data());
break; break;
@ -110,7 +110,7 @@ void EsTikProcess::displayTicket()
#define _HEXDUMP_U(var, len) do { for (size_t a__a__A = 0; a__a__A < len; a__a__A++) printf("%02X", var[a__a__A]); } while(0) #define _HEXDUMP_U(var, len) do { for (size_t a__a__A = 0; a__a__A < len; a__a__A++) printf("%02X", var[a__a__A]); } while(0)
#define _HEXDUMP_L(var, len) do { for (size_t a__a__A = 0; a__a__A < len; a__a__A++) printf("%02x", var[a__a__A]); } while(0) #define _HEXDUMP_L(var, len) do { for (size_t a__a__A = 0; a__a__A < len; a__a__A++) printf("%02x", var[a__a__A]); } while(0)
const es::TicketBody_V2& body = mTik.getBody(); const nn::es::TicketBody_V2& body = mTik.getBody();
std::cout << "[ES Ticket]" << std::endl; std::cout << "[ES Ticket]" << std::endl;
@ -124,7 +124,7 @@ void EsTikProcess::displayTicket()
std::cout << " EncMode: " << getTitleKeyPersonalisationStr(body.getTitleKeyEncType()) << std::endl; std::cout << " EncMode: " << getTitleKeyPersonalisationStr(body.getTitleKeyEncType()) << std::endl;
std::cout << " KeyGeneration: " << std::dec << (uint32_t)body.getCommonKeyId() << std::endl; std::cout << " KeyGeneration: " << std::dec << (uint32_t)body.getCommonKeyId() << std::endl;
std::cout << " Data:" << std::endl; std::cout << " Data:" << std::endl;
size_t size = body.getTitleKeyEncType() == es::ticket::RSA2048 ? crypto::rsa::kRsa2048Size : crypto::aes::kAes128KeySize; size_t size = body.getTitleKeyEncType() == nn::es::ticket::RSA2048 ? crypto::rsa::kRsa2048Size : crypto::aes::kAes128KeySize;
fnd::SimpleTextOutput::hexDump(body.getEncTitleKey(), size, 0x10, 6); fnd::SimpleTextOutput::hexDump(body.getEncTitleKey(), size, 0x10, 6);
printf(" Version: v%d.%d.%d", _SPLIT_VER(body.getTicketVersion())); printf(" Version: v%d.%d.%d", _SPLIT_VER(body.getTicketVersion()));
@ -174,22 +174,22 @@ const char* EsTikProcess::getSignTypeStr(uint32_t type) const
const char* str = nullptr; const char* str = nullptr;
switch(type) switch(type)
{ {
case (pki::sign::SIGN_ID_RSA4096_SHA1): case (nn::pki::sign::SIGN_ID_RSA4096_SHA1):
str = "RSA4096-SHA1"; str = "RSA4096-SHA1";
break; break;
case (pki::sign::SIGN_ID_RSA2048_SHA1): case (nn::pki::sign::SIGN_ID_RSA2048_SHA1):
str = "RSA2048-SHA1"; str = "RSA2048-SHA1";
break; break;
case (pki::sign::SIGN_ID_ECDSA240_SHA1): case (nn::pki::sign::SIGN_ID_ECDSA240_SHA1):
str = "ECDSA240-SHA1"; str = "ECDSA240-SHA1";
break; break;
case (pki::sign::SIGN_ID_RSA4096_SHA256): case (nn::pki::sign::SIGN_ID_RSA4096_SHA256):
str = "RSA4096-SHA256"; str = "RSA4096-SHA256";
break; break;
case (pki::sign::SIGN_ID_RSA2048_SHA256): case (nn::pki::sign::SIGN_ID_RSA2048_SHA256):
str = "RSA2048-SHA256"; str = "RSA2048-SHA256";
break; break;
case (pki::sign::SIGN_ID_ECDSA240_SHA256): case (nn::pki::sign::SIGN_ID_ECDSA240_SHA256):
str = "ECDSA240-SHA256"; str = "ECDSA240-SHA256";
break; break;
default: default:
@ -204,10 +204,10 @@ const char* EsTikProcess::getTitleKeyPersonalisationStr(byte_t flag) const
const char* str = nullptr; const char* str = nullptr;
switch(flag) switch(flag)
{ {
case (es::ticket::AES128_CBC): case (nn::es::ticket::AES128_CBC):
str = "Generic (AESCBC)"; str = "Generic (AESCBC)";
break; break;
case (es::ticket::RSA2048): case (nn::es::ticket::RSA2048):
str = "Personalised (RSA2048)"; str = "Personalised (RSA2048)";
break; break;
default: default:
@ -222,22 +222,22 @@ const char* EsTikProcess::getLicenseTypeStr(byte_t flag) const
const char* str = nullptr; const char* str = nullptr;
switch(flag) switch(flag)
{ {
case (es::ticket::LICENSE_PERMANENT): case (nn::es::ticket::LICENSE_PERMANENT):
str = "Permanent"; str = "Permanent";
break; break;
case (es::ticket::LICENSE_DEMO): case (nn::es::ticket::LICENSE_DEMO):
str = "Demo"; str = "Demo";
break; break;
case (es::ticket::LICENSE_TRIAL): case (nn::es::ticket::LICENSE_TRIAL):
str = "Trial"; str = "Trial";
break; break;
case (es::ticket::LICENSE_RENTAL): case (nn::es::ticket::LICENSE_RENTAL):
str = "Rental"; str = "Rental";
break; break;
case (es::ticket::LICENSE_SUBSCRIPTION): case (nn::es::ticket::LICENSE_SUBSCRIPTION):
str = "Subscription"; str = "Subscription";
break; break;
case (es::ticket::LICENSE_SERVICE): case (nn::es::ticket::LICENSE_SERVICE):
str = "Service"; str = "Service";
break; break;
default: default:
@ -252,13 +252,13 @@ const char* EsTikProcess::getPropertyFlagStr(byte_t flag) const
const char* str = nullptr; const char* str = nullptr;
switch(flag) switch(flag)
{ {
case (es::ticket::FLAG_PRE_INSTALL): case (nn::es::ticket::FLAG_PRE_INSTALL):
str = "PreInstall"; str = "PreInstall";
break; break;
case (es::ticket::FLAG_SHARED_TITLE): case (nn::es::ticket::FLAG_SHARED_TITLE):
str = "SharedTitle"; str = "SharedTitle";
break; break;
case (es::ticket::FLAG_ALLOW_ALL_CONTENT): case (nn::es::ticket::FLAG_ALLOW_ALL_CONTENT):
str = "AllContent"; str = "AllContent";
break; break;
default: default:

6
programs/nstool/source/EsTikProcess.h
View file

@ -18,7 +18,7 @@ public:
void setInputFile(fnd::IFile* file, bool ownIFile); void setInputFile(fnd::IFile* file, bool ownIFile);
void setKeyset(const sKeyset* keyset); void setKeyset(const sKeyset* keyset);
void setCertificateChain(const fnd::List<pki::SignedData<pki::CertificateBody>>& certs); void setCertificateChain(const fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>>& certs);
void setCliOutputMode(CliOutputMode mode); void setCliOutputMode(CliOutputMode mode);
void setVerifyMode(bool verify); void setVerifyMode(bool verify);
@ -31,9 +31,9 @@ private:
CliOutputMode mCliOutputMode; CliOutputMode mCliOutputMode;
bool mVerify; bool mVerify;
fnd::List<pki::SignedData<pki::CertificateBody>> mCerts; fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>> mCerts;
pki::SignedData<es::TicketBody_V2> mTik; nn::pki::SignedData<nn::es::TicketBody_V2> mTik;
void importTicket(); void importTicket();
void verifyTicket(); void verifyTicket();

32
programs/nstool/source/PkiCertProcess.cpp
View file

@ -66,7 +66,7 @@ void PkiCertProcess::importCerts()
scratch.alloc(mFile->size()); scratch.alloc(mFile->size());
mFile->read(scratch.data(), 0, scratch.size()); mFile->read(scratch.data(), 0, scratch.size());
pki::SignedData<pki::CertificateBody> cert; nn::pki::SignedData<nn::pki::CertificateBody> cert;
for (size_t f_pos = 0; f_pos < scratch.size(); f_pos += cert.getBytes().size()) for (size_t f_pos = 0; f_pos < scratch.size(); f_pos += cert.getBytes().size())
{ {
cert.fromBytes(scratch.data() + f_pos, scratch.size() - f_pos); cert.fromBytes(scratch.data() + f_pos, scratch.size() - f_pos);
@ -98,7 +98,7 @@ void PkiCertProcess::displayCerts()
} }
} }
void PkiCertProcess::displayCert(const pki::SignedData<pki::CertificateBody>& cert) void PkiCertProcess::displayCert(const nn::pki::SignedData<nn::pki::CertificateBody>& cert)
{ {
#define _SPLIT_VER(ver) ( (ver>>26) & 0x3f), ( (ver>>20) & 0x3f), ( (ver>>16) & 0xf), (ver & 0xffff) #define _SPLIT_VER(ver) ( (ver>>26) & 0x3f), ( (ver>>20) & 0x3f), ( (ver>>16) & 0xf), (ver & 0xffff)
#define _HEXDUMP_U(var, len) do { for (size_t a__a__A = 0; a__a__A < len; a__a__A++) printf("%02X", var[a__a__A]); } while(0) #define _HEXDUMP_U(var, len) do { for (size_t a__a__A = 0; a__a__A < len; a__a__A++) printf("%02X", var[a__a__A]); } while(0)
@ -119,7 +119,7 @@ void PkiCertProcess::displayCert(const pki::SignedData<pki::CertificateBody>& ce
std::cout << std::endl; std::cout << std::endl;
std::cout << " CertID: 0x" << std::hex << cert.getBody().getCertId() << std::endl; std::cout << " CertID: 0x" << std::hex << cert.getBody().getCertId() << std::endl;
if (cert.getBody().getPublicKeyType() == pki::cert::RSA4096) if (cert.getBody().getPublicKeyType() == nn::pki::cert::RSA4096)
{ {
std::cout << " PublicKey:" << std::endl; std::cout << " PublicKey:" << std::endl;
std::cout << " Modulus:" << std::endl; std::cout << " Modulus:" << std::endl;
@ -127,7 +127,7 @@ void PkiCertProcess::displayCert(const pki::SignedData<pki::CertificateBody>& ce
std::cout << " Public Exponent:" << std::endl; std::cout << " Public Exponent:" << std::endl;
fnd::SimpleTextOutput::hexDump(cert.getBody().getRsa4098PublicKey().public_exponent, crypto::rsa::kRsaPublicExponentSize, 0x10, 6); fnd::SimpleTextOutput::hexDump(cert.getBody().getRsa4098PublicKey().public_exponent, crypto::rsa::kRsaPublicExponentSize, 0x10, 6);
} }
else if (cert.getBody().getPublicKeyType() == pki::cert::RSA2048) else if (cert.getBody().getPublicKeyType() == nn::pki::cert::RSA2048)
{ {
std::cout << " PublicKey:" << std::endl; std::cout << " PublicKey:" << std::endl;
std::cout << " Public Exponent:" << std::endl; std::cout << " Public Exponent:" << std::endl;
@ -135,7 +135,7 @@ void PkiCertProcess::displayCert(const pki::SignedData<pki::CertificateBody>& ce
std::cout << " Modulus:" << std::endl; std::cout << " Modulus:" << std::endl;
fnd::SimpleTextOutput::hexDump(cert.getBody().getRsa2048PublicKey().public_exponent, crypto::rsa::kRsaPublicExponentSize, 0x10, 6); fnd::SimpleTextOutput::hexDump(cert.getBody().getRsa2048PublicKey().public_exponent, crypto::rsa::kRsaPublicExponentSize, 0x10, 6);
} }
else if (cert.getBody().getPublicKeyType() == pki::cert::ECDSA240) else if (cert.getBody().getPublicKeyType() == nn::pki::cert::ECDSA240)
{ {
std::cout << " PublicKey:" << std::endl; std::cout << " PublicKey:" << std::endl;
std::cout << " R:" << std::endl; std::cout << " R:" << std::endl;
@ -156,27 +156,27 @@ size_t PkiCertProcess::getHexDumpLen(size_t max_size) const
return _HAS_BIT(mCliOutputMode, OUTPUT_EXTENDED) ? max_size : kSmallHexDumpLen; return _HAS_BIT(mCliOutputMode, OUTPUT_EXTENDED) ? max_size : kSmallHexDumpLen;
} }
const char* PkiCertProcess::getSignTypeStr(pki::sign::SignatureId type) const const char* PkiCertProcess::getSignTypeStr(nn::pki::sign::SignatureId type) const
{ {
const char* str; const char* str;
switch (type) switch (type)
{ {
case (pki::sign::SIGN_ID_RSA4096_SHA1): case (nn::pki::sign::SIGN_ID_RSA4096_SHA1):
str = "RSA4096-SHA1"; str = "RSA4096-SHA1";
break; break;
case (pki::sign::SIGN_ID_RSA2048_SHA1): case (nn::pki::sign::SIGN_ID_RSA2048_SHA1):
str = "RSA2048-SHA1"; str = "RSA2048-SHA1";
break; break;
case (pki::sign::SIGN_ID_ECDSA240_SHA1): case (nn::pki::sign::SIGN_ID_ECDSA240_SHA1):
str = "ECDSA240-SHA1"; str = "ECDSA240-SHA1";
break; break;
case (pki::sign::SIGN_ID_RSA4096_SHA256): case (nn::pki::sign::SIGN_ID_RSA4096_SHA256):
str = "RSA4096-SHA256"; str = "RSA4096-SHA256";
break; break;
case (pki::sign::SIGN_ID_RSA2048_SHA256): case (nn::pki::sign::SIGN_ID_RSA2048_SHA256):
str = "RSA2048-SHA256"; str = "RSA2048-SHA256";
break; break;
case (pki::sign::SIGN_ID_ECDSA240_SHA256): case (nn::pki::sign::SIGN_ID_ECDSA240_SHA256):
str = "ECDSA240-SHA256"; str = "ECDSA240-SHA256";
break; break;
default: default:
@ -191,18 +191,18 @@ const char* PkiCertProcess::getEndiannessStr(bool isLittleEndian) const
return isLittleEndian ? "LittleEndian" : "BigEndian"; return isLittleEndian ? "LittleEndian" : "BigEndian";
} }
const char* PkiCertProcess::getPublicKeyTypeStr(pki::cert::PublicKeyType type) const const char* PkiCertProcess::getPublicKeyTypeStr(nn::pki::cert::PublicKeyType type) const
{ {
const char* str; const char* str;
switch (type) switch (type)
{ {
case (pki::cert::RSA4096): case (nn::pki::cert::RSA4096):
str = "RSA4096"; str = "RSA4096";
break; break;
case (pki::cert::RSA2048): case (nn::pki::cert::RSA2048):
str = "RSA2048"; str = "RSA2048";
break; break;
case (pki::cert::ECDSA240): case (nn::pki::cert::ECDSA240):
str = "ECDSA240"; str = "ECDSA240";
break; break;
default: default:

8
programs/nstool/source/PkiCertProcess.h
View file

@ -31,15 +31,15 @@ private:
CliOutputMode mCliOutputMode; CliOutputMode mCliOutputMode;
bool mVerify; bool mVerify;
fnd::List<pki::SignedData<pki::CertificateBody>> mCert; fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>> mCert;
void importCerts(); void importCerts();
void validateCerts(); void validateCerts();
void displayCerts(); void displayCerts();
void displayCert(const pki::SignedData<pki::CertificateBody>& cert); void displayCert(const nn::pki::SignedData<nn::pki::CertificateBody>& cert);
size_t getHexDumpLen(size_t max_size) const; size_t getHexDumpLen(size_t max_size) const;
const char* getSignTypeStr(pki::sign::SignatureId type) const; const char* getSignTypeStr(nn::pki::sign::SignatureId type) const;
const char* getEndiannessStr(bool isLittleEndian) const; const char* getEndiannessStr(bool isLittleEndian) const;
const char* getPublicKeyTypeStr(pki::cert::PublicKeyType type) const; const char* getPublicKeyTypeStr(nn::pki::cert::PublicKeyType type) const;
}; };

50
programs/nstool/source/PkiValidator.cpp
View file

@ -12,7 +12,7 @@ PkiValidator::PkiValidator()
void PkiValidator::setRootKey(const crypto::rsa::sRsa4096Key& root_key) void PkiValidator::setRootKey(const crypto::rsa::sRsa4096Key& root_key)
{ {
// save a copy of the certificate bank // save a copy of the certificate bank
fnd::List<pki::SignedData<pki::CertificateBody>> old_certs = mCertificateBank; fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>> old_certs = mCertificateBank;
// clear the certificate bank // clear the certificate bank
mCertificateBank.clear(); mCertificateBank.clear();
@ -27,7 +27,7 @@ void PkiValidator::setRootKey(const crypto::rsa::sRsa4096Key& root_key)
} }
} }
void PkiValidator::addCertificates(const fnd::List<pki::SignedData<pki::CertificateBody>>& certs) void PkiValidator::addCertificates(const fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>>& certs)
{ {
for (size_t i = 0; i < certs.size(); i++) for (size_t i = 0; i < certs.size(); i++)
{ {
@ -35,11 +35,11 @@ void PkiValidator::addCertificates(const fnd::List<pki::SignedData<pki::Certific
} }
} }
void PkiValidator::addCertificate(const pki::SignedData<pki::CertificateBody>& cert) void PkiValidator::addCertificate(const nn::pki::SignedData<nn::pki::CertificateBody>& cert)
{ {
std::string cert_ident; std::string cert_ident;
pki::sign::SignatureAlgo cert_sign_algo; nn::pki::sign::SignatureAlgo cert_sign_algo;
pki::sign::HashAlgo cert_hash_algo; nn::pki::sign::HashAlgo cert_hash_algo;
fnd::Vec<byte_t> cert_hash; fnd::Vec<byte_t> cert_hash;
try try
@ -51,17 +51,17 @@ void PkiValidator::addCertificate(const pki::SignedData<pki::CertificateBody>& c
throw fnd::Exception(kModuleName, "Certificate already exists"); throw fnd::Exception(kModuleName, "Certificate already exists");
} }
cert_sign_algo = pki::sign::getSignatureAlgo(cert.getSignature().getSignType()); cert_sign_algo = nn::pki::sign::getSignatureAlgo(cert.getSignature().getSignType());
cert_hash_algo = pki::sign::getHashAlgo(cert.getSignature().getSignType()); cert_hash_algo = nn::pki::sign::getHashAlgo(cert.getSignature().getSignType());
// get cert hash // get cert hash
switch (cert_hash_algo) switch (cert_hash_algo)
{ {
case (pki::sign::HASH_ALGO_SHA1): case (nn::pki::sign::HASH_ALGO_SHA1):
cert_hash.alloc(crypto::sha::kSha1HashLen); cert_hash.alloc(crypto::sha::kSha1HashLen);
crypto::sha::Sha1(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data()); crypto::sha::Sha1(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data());
break; break;
case (pki::sign::HASH_ALGO_SHA256): case (nn::pki::sign::HASH_ALGO_SHA256):
cert_hash.alloc(crypto::sha::kSha256HashLen); cert_hash.alloc(crypto::sha::kSha256HashLen);
crypto::sha::Sha256(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data()); crypto::sha::Sha256(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data());
break; break;
@ -86,19 +86,19 @@ void PkiValidator::clearCertificates()
mCertificateBank.clear(); mCertificateBank.clear();
} }
void PkiValidator::validateSignature(const std::string& issuer, pki::sign::SignatureId signature_id, const fnd::Vec<byte_t>& signature, const fnd::Vec<byte_t>& hash) const void PkiValidator::validateSignature(const std::string& issuer, nn::pki::sign::SignatureId signature_id, const fnd::Vec<byte_t>& signature, const fnd::Vec<byte_t>& hash) const
{ {
pki::sign::SignatureAlgo sign_algo = pki::sign::getSignatureAlgo(signature_id); nn::pki::sign::SignatureAlgo sign_algo = nn::pki::sign::getSignatureAlgo(signature_id);
pki::sign::HashAlgo hash_algo = pki::sign::getHashAlgo(signature_id); nn::pki::sign::HashAlgo hash_algo = nn::pki::sign::getHashAlgo(signature_id);
// validate signature // validate signature
int sig_validate_res = -1; int sig_validate_res = -1;
// special case if signed by Root // special case if signed by Root
if (issuer == pki::sign::kRootIssuerStr) if (issuer == nn::pki::sign::kRootIssuerStr)
{ {
if (sign_algo != pki::sign::SIGN_ALGO_RSA4096) if (sign_algo != nn::pki::sign::SIGN_ALGO_RSA4096)
{ {
throw fnd::Exception(kModuleName, "Issued by Root, but does not have a RSA4096 signature"); throw fnd::Exception(kModuleName, "Issued by Root, but does not have a RSA4096 signature");
} }
@ -107,18 +107,18 @@ void PkiValidator::validateSignature(const std::string& issuer, pki::sign::Signa
else else
{ {
// try to find issuer cert // try to find issuer cert
const pki::CertificateBody& issuer_cert = getCert(issuer).getBody(); const nn::pki::CertificateBody& issuer_cert = getCert(issuer).getBody();
pki::cert::PublicKeyType issuer_pubk_type = issuer_cert.getPublicKeyType(); nn::pki::cert::PublicKeyType issuer_pubk_type = issuer_cert.getPublicKeyType();
if (issuer_pubk_type == pki::cert::RSA4096 && sign_algo == pki::sign::SIGN_ALGO_RSA4096) if (issuer_pubk_type == nn::pki::cert::RSA4096 && sign_algo == nn::pki::sign::SIGN_ALGO_RSA4096)
{ {
sig_validate_res = crypto::rsa::pkcs::rsaVerify(issuer_cert.getRsa4098PublicKey(), getCryptoHashAlgoFromEsSignHashAlgo(hash_algo), hash.data(), signature.data()); sig_validate_res = crypto::rsa::pkcs::rsaVerify(issuer_cert.getRsa4098PublicKey(), getCryptoHashAlgoFromEsSignHashAlgo(hash_algo), hash.data(), signature.data());
} }
else if (issuer_pubk_type == pki::cert::RSA2048 && sign_algo == pki::sign::SIGN_ALGO_RSA2048) else if (issuer_pubk_type == nn::pki::cert::RSA2048 && sign_algo == nn::pki::sign::SIGN_ALGO_RSA2048)
{ {
sig_validate_res = crypto::rsa::pkcs::rsaVerify(issuer_cert.getRsa2048PublicKey(), getCryptoHashAlgoFromEsSignHashAlgo(hash_algo), hash.data(), signature.data()); sig_validate_res = crypto::rsa::pkcs::rsaVerify(issuer_cert.getRsa2048PublicKey(), getCryptoHashAlgoFromEsSignHashAlgo(hash_algo), hash.data(), signature.data());
} }
else if (issuer_pubk_type == pki::cert::ECDSA240 && sign_algo == pki::sign::SIGN_ALGO_ECDSA240) else if (issuer_pubk_type == nn::pki::cert::ECDSA240 && sign_algo == nn::pki::sign::SIGN_ALGO_ECDSA240)
{ {
throw fnd::Exception(kModuleName, "ECDSA signatures are not supported"); throw fnd::Exception(kModuleName, "ECDSA signatures are not supported");
} }
@ -136,14 +136,14 @@ void PkiValidator::validateSignature(const std::string& issuer, pki::sign::Signa
} }
void PkiValidator::makeCertIdent(const pki::SignedData<pki::CertificateBody>& cert, std::string& ident) const void PkiValidator::makeCertIdent(const nn::pki::SignedData<nn::pki::CertificateBody>& cert, std::string& ident) const
{ {
makeCertIdent(cert.getBody().getIssuer(), cert.getBody().getSubject(), ident); makeCertIdent(cert.getBody().getIssuer(), cert.getBody().getSubject(), ident);
} }
void PkiValidator::makeCertIdent(const std::string& issuer, const std::string& subject, std::string& ident) const void PkiValidator::makeCertIdent(const std::string& issuer, const std::string& subject, std::string& ident) const
{ {
ident = issuer + pki::sign::kIdentDelimiter + subject; ident = issuer + nn::pki::sign::kIdentDelimiter + subject;
ident = ident.substr(0, _MIN(ident.length(),64)); ident = ident.substr(0, _MIN(ident.length(),64));
} }
@ -164,7 +164,7 @@ bool PkiValidator::doesCertExist(const std::string& ident) const
return exists; return exists;
} }
const pki::SignedData<pki::CertificateBody>& PkiValidator::getCert(const std::string& ident) const const nn::pki::SignedData<nn::pki::CertificateBody>& PkiValidator::getCert(const std::string& ident) const
{ {
std::string full_cert_name; std::string full_cert_name;
for (size_t i = 0; i < mCertificateBank.size(); i++) for (size_t i = 0; i < mCertificateBank.size(); i++)
@ -179,16 +179,16 @@ const pki::SignedData<pki::CertificateBody>& PkiValidator::getCert(const std::st
throw fnd::Exception(kModuleName, "Issuer certificate does not exist"); throw fnd::Exception(kModuleName, "Issuer certificate does not exist");
} }
crypto::sha::HashType PkiValidator::getCryptoHashAlgoFromEsSignHashAlgo(pki::sign::HashAlgo hash_algo) const crypto::sha::HashType PkiValidator::getCryptoHashAlgoFromEsSignHashAlgo(nn::pki::sign::HashAlgo hash_algo) const
{ {
crypto::sha::HashType hash_type = crypto::sha::HASH_SHA1; crypto::sha::HashType hash_type = crypto::sha::HASH_SHA1;
switch (hash_algo) switch (hash_algo)
{ {
case (pki::sign::HASH_ALGO_SHA1): case (nn::pki::sign::HASH_ALGO_SHA1):
hash_type = crypto::sha::HASH_SHA1; hash_type = crypto::sha::HASH_SHA1;
break; break;
case (pki::sign::HASH_ALGO_SHA256): case (nn::pki::sign::HASH_ALGO_SHA256):
hash_type = crypto::sha::HASH_SHA256; hash_type = crypto::sha::HASH_SHA256;
break; break;
}; };

14
programs/nstool/source/PkiValidator.h
View file

@ -13,22 +13,22 @@ public:
PkiValidator(); PkiValidator();
void setRootKey(const crypto::rsa::sRsa4096Key& root_key); void setRootKey(const crypto::rsa::sRsa4096Key& root_key);
void addCertificates(const fnd::List<pki::SignedData<pki::CertificateBody>>& certs); void addCertificates(const fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>>& certs);
void addCertificate(const pki::SignedData<pki::CertificateBody>& cert); void addCertificate(const nn::pki::SignedData<nn::pki::CertificateBody>& cert);
void clearCertificates(); void clearCertificates();
void validateSignature(const std::string& issuer, pki::sign::SignatureId signature_id, const fnd::Vec<byte_t>& signature, const fnd::Vec<byte_t>& hash) const; void validateSignature(const std::string& issuer, nn::pki::sign::SignatureId signature_id, const fnd::Vec<byte_t>& signature, const fnd::Vec<byte_t>& hash) const;
private: private:
const std::string kModuleName = "NNPkiValidator"; const std::string kModuleName = "NNPkiValidator";
crypto::rsa::sRsa4096Key mRootKey; crypto::rsa::sRsa4096Key mRootKey;
fnd::List<pki::SignedData<pki::CertificateBody>> mCertificateBank; fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>> mCertificateBank;
void makeCertIdent(const pki::SignedData<pki::CertificateBody>& cert, std::string& ident) const; void makeCertIdent(const nn::pki::SignedData<nn::pki::CertificateBody>& cert, std::string& ident) const;
void makeCertIdent(const std::string& issuer, const std::string& subject, std::string& ident) const; void makeCertIdent(const std::string& issuer, const std::string& subject, std::string& ident) const;
bool doesCertExist(const std::string& ident) const; bool doesCertExist(const std::string& ident) const;
const pki::SignedData<pki::CertificateBody>& getCert(const std::string& ident) const; const nn::pki::SignedData<nn::pki::CertificateBody>& getCert(const std::string& ident) const;
crypto::sha::HashType getCryptoHashAlgoFromEsSignHashAlgo(pki::sign::HashAlgo hash_algo) const; crypto::sha::HashType getCryptoHashAlgoFromEsSignHashAlgo(nn::pki::sign::HashAlgo hash_algo) const;
}; };

22
programs/nstool/source/UserSettings.cpp
View file

@ -189,7 +189,7 @@ const sOptional<std::string>& UserSettings::getAssetNacpPath() const
return mAssetNacpPath; return mAssetNacpPath;
} }
const fnd::List<pki::SignedData<pki::CertificateBody>>& UserSettings::getCertificateChain() const const fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>>& UserSettings::getCertificateChain() const
{ {
return mCertChain; return mCertChain;
} }
@ -555,7 +555,7 @@ void UserSettings::populateKeyset(sCmdArgs& args)
{ {
fnd::SimpleFile cert_file; fnd::SimpleFile cert_file;
fnd::Vec<byte_t> cert_raw; fnd::Vec<byte_t> cert_raw;
pki::SignedData<pki::CertificateBody> cert; nn::pki::SignedData<nn::pki::CertificateBody> cert;
cert_file.open(args.cert_path.var, fnd::SimpleFile::Read); cert_file.open(args.cert_path.var, fnd::SimpleFile::Read);
cert_raw.alloc(cert_file.size()); cert_raw.alloc(cert_file.size());
@ -573,7 +573,7 @@ void UserSettings::populateKeyset(sCmdArgs& args)
{ {
fnd::SimpleFile tik_file; fnd::SimpleFile tik_file;
fnd::Vec<byte_t> tik_raw; fnd::Vec<byte_t> tik_raw;
pki::SignedData<es::TicketBody_V2> tik; nn::pki::SignedData<nn::es::TicketBody_V2> tik;
// open and import ticket // open and import ticket
tik_file.open(args.ticket_path.var, fnd::SimpleFile::Read); tik_file.open(args.ticket_path.var, fnd::SimpleFile::Read);
@ -587,13 +587,13 @@ void UserSettings::populateKeyset(sCmdArgs& args)
PkiValidator pki_validator; PkiValidator pki_validator;
fnd::Vec<byte_t> tik_hash; fnd::Vec<byte_t> tik_hash;
switch (pki::sign::getHashAlgo(tik.getSignature().getSignType())) switch (nn::pki::sign::getHashAlgo(tik.getSignature().getSignType()))
{ {
case (pki::sign::HASH_ALGO_SHA1): case (nn::pki::sign::HASH_ALGO_SHA1):
tik_hash.alloc(crypto::sha::kSha1HashLen); tik_hash.alloc(crypto::sha::kSha1HashLen);
crypto::sha::Sha1(tik.getBody().getBytes().data(), tik.getBody().getBytes().size(), tik_hash.data()); crypto::sha::Sha1(tik.getBody().getBytes().data(), tik.getBody().getBytes().size(), tik_hash.data());
break; break;
case (pki::sign::HASH_ALGO_SHA256): case (nn::pki::sign::HASH_ALGO_SHA256):
tik_hash.alloc(crypto::sha::kSha256HashLen); tik_hash.alloc(crypto::sha::kSha256HashLen);
crypto::sha::Sha256(tik.getBody().getBytes().data(), tik.getBody().getBytes().size(), tik_hash.data()); crypto::sha::Sha256(tik.getBody().getBytes().data(), tik.getBody().getBytes().size(), tik_hash.data());
break; break;
@ -613,7 +613,7 @@ void UserSettings::populateKeyset(sCmdArgs& args)
} }
// extract title key // extract title key
if (tik.getBody().getTitleKeyEncType() == es::ticket::AES128_CBC) if (tik.getBody().getTitleKeyEncType() == nn::es::ticket::AES128_CBC)
{ {
memcpy(mKeyset.nca.manual_title_key_aesctr.key, tik.getBody().getEncTitleKey(), crypto::aes::kAes128KeySize); memcpy(mKeyset.nca.manual_title_key_aesctr.key, tik.getBody().getEncTitleKey(), crypto::aes::kAes128KeySize);
} }
@ -962,7 +962,7 @@ bool UserSettings::determineValidNacpFromSample(const fnd::Vec<byte_t>& sample)
bool UserSettings::determineValidEsCertFromSample(const fnd::Vec<byte_t>& sample) const bool UserSettings::determineValidEsCertFromSample(const fnd::Vec<byte_t>& sample) const
{ {
pki::SignatureBlock sign; nn::pki::SignatureBlock sign;
try try
{ {
@ -976,7 +976,7 @@ bool UserSettings::determineValidEsCertFromSample(const fnd::Vec<byte_t>& sample
if (sign.isLittleEndian() == true) if (sign.isLittleEndian() == true)
return false; return false;
if (sign.getSignType() != pki::sign::SIGN_ID_RSA4096_SHA256 && sign.getSignType() != pki::sign::SIGN_ID_RSA2048_SHA256 && sign.getSignType() != pki::sign::SIGN_ID_ECDSA240_SHA256) if (sign.getSignType() != nn::pki::sign::SIGN_ID_RSA4096_SHA256 && sign.getSignType() != nn::pki::sign::SIGN_ID_RSA2048_SHA256 && sign.getSignType() != nn::pki::sign::SIGN_ID_ECDSA240_SHA256)
return false; return false;
return true; return true;
@ -984,7 +984,7 @@ bool UserSettings::determineValidEsCertFromSample(const fnd::Vec<byte_t>& sample
bool UserSettings::determineValidEsTikFromSample(const fnd::Vec<byte_t>& sample) const bool UserSettings::determineValidEsTikFromSample(const fnd::Vec<byte_t>& sample) const
{ {
pki::SignatureBlock sign; nn::pki::SignatureBlock sign;
try try
{ {
@ -998,7 +998,7 @@ bool UserSettings::determineValidEsTikFromSample(const fnd::Vec<byte_t>& sample)
if (sign.isLittleEndian() == false) if (sign.isLittleEndian() == false)
return false; return false;
if (sign.getSignType() != pki::sign::SIGN_ID_RSA2048_SHA256) if (sign.getSignType() != nn::pki::sign::SIGN_ID_RSA2048_SHA256)
return false; return false;
return true; return true;

4
programs/nstool/source/UserSettings.h
View file

@ -42,7 +42,7 @@ public:
const sOptional<std::string>& getNcaPart3Path() const; const sOptional<std::string>& getNcaPart3Path() const;
const sOptional<std::string>& getAssetIconPath() const; const sOptional<std::string>& getAssetIconPath() const;
const sOptional<std::string>& getAssetNacpPath() const; const sOptional<std::string>& getAssetNacpPath() const;
const fnd::List<pki::SignedData<pki::CertificateBody>>& getCertificateChain() const; const fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>>& getCertificateChain() const;
private: private:
const std::string kModuleName = "UserSettings"; const std::string kModuleName = "UserSettings";
@ -100,7 +100,7 @@ private:
sOptional<std::string> mAssetIconPath; sOptional<std::string> mAssetIconPath;
sOptional<std::string> mAssetNacpPath; sOptional<std::string> mAssetNacpPath;
fnd::List<pki::SignedData<pki::CertificateBody>> mCertChain; fnd::List<nn::pki::SignedData<nn::pki::CertificateBody>> mCertChain;
bool mListApi; bool mListApi;
bool mListSymbols; bool mListSymbols;