mirror of
https://github.com/jakcron/nstool.git
synced 2024-12-22 18:55:29 +00:00
Add initial support for NCA signature key generations.
This commit is contained in:
parent
74de59f6dd
commit
3851ee66c5
|
@ -225,9 +225,21 @@ bool KeyConfiguration::getContentArchiveHeaderKey(fnd::aes::sAesXts128Key& key)
|
||||||
return copyOutKeyResourceIfExists(mContentArchiveHeaderKey, key, kNullAesXtsKey);
|
return copyOutKeyResourceIfExists(mContentArchiveHeaderKey, key, kNullAesXtsKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool KeyConfiguration::getContentArchiveHeader0SignKey(fnd::rsa::sRsa2048Key& key) const
|
bool KeyConfiguration::getContentArchiveHeader0SignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const
|
||||||
{
|
{
|
||||||
return copyOutKeyResourceIfExists(mContentArchiveHeader0SignKey, key, kNullRsa2048Key);
|
// TODO: This needs to be changed to support multiple keys
|
||||||
|
|
||||||
|
bool keyIsFound = false;
|
||||||
|
switch (key_generation)
|
||||||
|
{
|
||||||
|
case (0x00):
|
||||||
|
keyIsFound = copyOutKeyResourceIfExists(mContentArchiveHeader0SignKey, key, kNullRsa2048Key);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
keyIsFound = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return keyIsFound;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool KeyConfiguration::getAcidSignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const
|
bool KeyConfiguration::getAcidSignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const
|
||||||
|
|
|
@ -25,7 +25,7 @@ public:
|
||||||
|
|
||||||
// nca keys
|
// nca keys
|
||||||
bool getContentArchiveHeaderKey(fnd::aes::sAesXts128Key& key) const;
|
bool getContentArchiveHeaderKey(fnd::aes::sAesXts128Key& key) const;
|
||||||
bool getContentArchiveHeader0SignKey(fnd::rsa::sRsa2048Key& key) const;
|
bool getContentArchiveHeader0SignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const;
|
||||||
bool getAcidSignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const;
|
bool getAcidSignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const;
|
||||||
bool getNcaKeyAreaEncryptionKey(byte_t masterkey_index, byte_t keak_type, fnd::aes::sAes128Key& key) const;
|
bool getNcaKeyAreaEncryptionKey(byte_t masterkey_index, byte_t keak_type, fnd::aes::sAes128Key& key) const;
|
||||||
bool getNcaKeyAreaEncryptionKeyHw(byte_t masterkey_index, byte_t keak_type, fnd::aes::sAes128Key& key) const;
|
bool getNcaKeyAreaEncryptionKeyHw(byte_t masterkey_index, byte_t keak_type, fnd::aes::sAes128Key& key) const;
|
||||||
|
|
|
@ -392,7 +392,7 @@ void NcaProcess::validateNcaSignatures()
|
||||||
{
|
{
|
||||||
// validate signature[0]
|
// validate signature[0]
|
||||||
fnd::rsa::sRsa2048Key sign0_key;
|
fnd::rsa::sRsa2048Key sign0_key;
|
||||||
mKeyCfg.getContentArchiveHeader0SignKey(sign0_key);
|
mKeyCfg.getContentArchiveHeader0SignKey(sign0_key, mHdr.getSignatureKeyGeneration());
|
||||||
if (fnd::rsa::pss::rsaVerify(sign0_key, fnd::sha::HASH_SHA256, mHdrHash.bytes, mHdrBlock.signature_main) != 0)
|
if (fnd::rsa::pss::rsaVerify(sign0_key, fnd::sha::HASH_SHA256, mHdrHash.bytes, mHdrBlock.signature_main) != 0)
|
||||||
{
|
{
|
||||||
std::cout << "[WARNING] NCA Header Main Signature: FAIL" << std::endl;
|
std::cout << "[WARNING] NCA Header Main Signature: FAIL" << std::endl;
|
||||||
|
@ -417,10 +417,12 @@ void NcaProcess::validateNcaSignatures()
|
||||||
|
|
||||||
MetaProcess npdm;
|
MetaProcess npdm;
|
||||||
npdm.setInputFile(new fnd::OffsetAdjustedIFile(mPartitions[nn::hac::nca::PARTITION_CODE].reader, file.offset, file.size));
|
npdm.setInputFile(new fnd::OffsetAdjustedIFile(mPartitions[nn::hac::nca::PARTITION_CODE].reader, file.offset, file.size));
|
||||||
|
npdm.setKeyCfg(mKeyCfg);
|
||||||
|
npdm.setVerifyMode(true);
|
||||||
npdm.setCliOutputMode(0);
|
npdm.setCliOutputMode(0);
|
||||||
npdm.process();
|
npdm.process();
|
||||||
|
|
||||||
if (fnd::rsa::pss::rsaVerify(npdm.getMeta().getAcid().getContentArchiveHeaderSignature2Key(), fnd::sha::HASH_SHA256, mHdrHash.bytes, mHdrBlock.signature_acid) != 0)
|
if (fnd::rsa::pss::rsaVerify(npdm.getMeta().getAccessControlInfoDesc().getContentArchiveHeaderSignature2Key(), fnd::sha::HASH_SHA256, mHdrHash.bytes, mHdrBlock.signature_acid) != 0)
|
||||||
{
|
{
|
||||||
std::cout << "[WARNING] NCA Header ACID Signature: FAIL" << std::endl;
|
std::cout << "[WARNING] NCA Header ACID Signature: FAIL" << std::endl;
|
||||||
}
|
}
|
||||||
|
@ -450,6 +452,7 @@ void NcaProcess::displayHeader()
|
||||||
std::cout << " Dist. Type: " << nn::hac::ContentArchiveUtil::getDistributionTypeAsString(mHdr.getDistributionType()) << std::endl;
|
std::cout << " Dist. Type: " << nn::hac::ContentArchiveUtil::getDistributionTypeAsString(mHdr.getDistributionType()) << std::endl;
|
||||||
std::cout << " Content Type: " << nn::hac::ContentArchiveUtil::getContentTypeAsString(mHdr.getContentType()) << std::endl;
|
std::cout << " Content Type: " << nn::hac::ContentArchiveUtil::getContentTypeAsString(mHdr.getContentType()) << std::endl;
|
||||||
std::cout << " Key Generation: " << std::dec << (uint32_t)mHdr.getKeyGeneration() << std::endl;
|
std::cout << " Key Generation: " << std::dec << (uint32_t)mHdr.getKeyGeneration() << std::endl;
|
||||||
|
std::cout << " Sig. Generation: " << std::dec << (uint32_t)mHdr.getSignatureKeyGeneration() << std::endl;
|
||||||
std::cout << " Kaek Index: " << nn::hac::ContentArchiveUtil::getKeyAreaEncryptionKeyIndexAsString((nn::hac::nca::KeyAreaEncryptionKeyIndex)mHdr.getKeyAreaEncryptionKeyIndex()) << " (" << std::dec << (uint32_t)mHdr.getKeyAreaEncryptionKeyIndex() << ")" << std::endl;
|
std::cout << " Kaek Index: " << nn::hac::ContentArchiveUtil::getKeyAreaEncryptionKeyIndexAsString((nn::hac::nca::KeyAreaEncryptionKeyIndex)mHdr.getKeyAreaEncryptionKeyIndex()) << " (" << std::dec << (uint32_t)mHdr.getKeyAreaEncryptionKeyIndex() << ")" << std::endl;
|
||||||
std::cout << " Size: 0x" << std::hex << mHdr.getContentSize() << std::endl;
|
std::cout << " Size: 0x" << std::hex << mHdr.getContentSize() << std::endl;
|
||||||
std::cout << " ProgID: 0x" << std::hex << std::setw(16) << std::setfill('0') << mHdr.getProgramId() << std::endl;
|
std::cout << " ProgID: 0x" << std::hex << std::setw(16) << std::setfill('0') << mHdr.getProgramId() << std::endl;
|
||||||
|
|
|
@ -912,7 +912,7 @@ void UserSettings::dumpKeyConfig() const
|
||||||
|
|
||||||
std::cout << "[KeyConfiguration]" << std::endl;
|
std::cout << "[KeyConfiguration]" << std::endl;
|
||||||
std::cout << " NCA Keys:" << std::endl;
|
std::cout << " NCA Keys:" << std::endl;
|
||||||
if (mKeyCfg.getContentArchiveHeader0SignKey(rsa2048_key) == true)
|
if (mKeyCfg.getContentArchiveHeader0SignKey(rsa2048_key, 0x00) == true)
|
||||||
dumpRsa2048Key(rsa2048_key, "Header Signature[0] Key", 2);
|
dumpRsa2048Key(rsa2048_key, "Header Signature[0] Key", 2);
|
||||||
if (mKeyCfg.getContentArchiveHeaderKey(aesxts_key) == true)
|
if (mKeyCfg.getContentArchiveHeaderKey(aesxts_key) == true)
|
||||||
dumpAesXtsKey(aesxts_key, "Header Encryption Key", 2);
|
dumpAesXtsKey(aesxts_key, "Header Encryption Key", 2);
|
||||||
|
|
Loading…
Reference in a new issue