mirror of
https://github.com/jakcron/nstool.git
synced 2024-12-22 18:55:29 +00:00
Take out non-ticket code from libes into new libpki.
This commit is contained in:
parent
43270f2e80
commit
900415f49d
5
.vscode/c_cpp_properties.json
vendored
5
.vscode/c_cpp_properties.json
vendored
|
@ -9,10 +9,11 @@
|
||||||
"/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include",
|
"/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/include",
|
||||||
"/usr/include",
|
"/usr/include",
|
||||||
"${workspaceRoot}",
|
"${workspaceRoot}",
|
||||||
"${workspaceRoot}/lib/libcrypto/include",
|
"${workspaceRoot}/lib/libcrypto/include",
|
||||||
"${workspaceRoot}/lib/libcrypto/source/polarssl/libinclude",
|
"${workspaceRoot}/lib/libcrypto/source/polarssl/libinclude",
|
||||||
"${workspaceRoot}/lib/libcompress/include",
|
"${workspaceRoot}/lib/libcompress/include",
|
||||||
"${workspaceRoot}/lib/libes/include",
|
"${workspaceRoot}/lib/libes/include",
|
||||||
|
"${workspaceRoot}/lib/libpki/include",
|
||||||
"${workspaceRoot}/lib/libfnd/include",
|
"${workspaceRoot}/lib/libfnd/include",
|
||||||
"${workspaceRoot}/lib/libnx/include",
|
"${workspaceRoot}/lib/libnx/include",
|
||||||
"${workspaceRoot}/lib/libnx-hb/include"
|
"${workspaceRoot}/lib/libnx-hb/include"
|
||||||
|
|
13
README.md
13
README.md
|
@ -10,12 +10,13 @@ Tools & Libraries for NX (Nintendo Switch).
|
||||||
|
|
||||||
# Libraries
|
# Libraries
|
||||||
|
|
||||||
* __libfnd__ - Foundation library.
|
* __libfnd__ - Foundation library.
|
||||||
* __libcrypto__ - Cryptographic functions (AES,SHA,RSA). Wrapper for [mbedTLS](https://github.com/ARMmbed/mbedtls)
|
* __libcrypto__ - Cryptographic functions (AES,SHA,RSA). Wrapper for [mbedTLS](https://github.com/ARMmbed/mbedtls)
|
||||||
* __libcompress__ - Compression algorithms (LZ4). Wrapper for [lz4](https://github.com/lz4/lz4)
|
* __libcompress__ - Compression algorithms (LZ4). Wrapper for [lz4](https://github.com/lz4/lz4)
|
||||||
* __libes__ - Handling of (NX relevant) eShop file type processing. (eTickets, etc)
|
* __libpki__ - Processes Nintendo's proprietary PKI.
|
||||||
* __libnx__ - Handling of NX file types.
|
* __libes__ - Processes Nintendo's eShop file types.
|
||||||
* __libnx-hb__ - Handling of NX (homebrew extensions) file types.
|
* __libnx__ - Processes NX file types.
|
||||||
|
* __libnx-hb__ - Processes NX file types (homebrew extensions).
|
||||||
|
|
||||||
# Building
|
# Building
|
||||||
|
|
||||||
|
|
|
@ -1,14 +0,0 @@
|
||||||
#pragma once
|
|
||||||
#include <es/sign.h>
|
|
||||||
#include <crypto/sha.h>
|
|
||||||
|
|
||||||
namespace es
|
|
||||||
{
|
|
||||||
|
|
||||||
namespace sign
|
|
||||||
{
|
|
||||||
es::sign::SignatureAlgo getSignatureAlgo(es::sign::SignatureId sign_id);
|
|
||||||
es::sign::HashAlgo getHashAlgo(es::sign::SignatureId sign_id);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,45 +0,0 @@
|
||||||
#include <es/SignUtils.h>
|
|
||||||
|
|
||||||
es::sign::SignatureAlgo es::sign::getSignatureAlgo(es::sign::SignatureId sign_id)
|
|
||||||
{
|
|
||||||
SignatureAlgo sign_algo = SIGN_ALGO_RSA4096;
|
|
||||||
|
|
||||||
switch (sign_id)
|
|
||||||
{
|
|
||||||
case (es::sign::SIGN_ID_RSA4096_SHA1):
|
|
||||||
case (es::sign::SIGN_ID_RSA4096_SHA256):
|
|
||||||
sign_algo = SIGN_ALGO_RSA4096;
|
|
||||||
break;
|
|
||||||
case (es::sign::SIGN_ID_RSA2048_SHA1):
|
|
||||||
case (es::sign::SIGN_ID_RSA2048_SHA256):
|
|
||||||
sign_algo = SIGN_ALGO_RSA2048;
|
|
||||||
break;
|
|
||||||
case (es::sign::SIGN_ID_ECDSA240_SHA1):
|
|
||||||
case (es::sign::SIGN_ID_ECDSA240_SHA256):
|
|
||||||
sign_algo = SIGN_ALGO_ECDSA240;
|
|
||||||
break;
|
|
||||||
};
|
|
||||||
|
|
||||||
return sign_algo;
|
|
||||||
}
|
|
||||||
|
|
||||||
es::sign::HashAlgo es::sign::getHashAlgo(es::sign::SignatureId sign_id)
|
|
||||||
{
|
|
||||||
HashAlgo hash_algo = HASH_ALGO_SHA1;
|
|
||||||
|
|
||||||
switch (sign_id)
|
|
||||||
{
|
|
||||||
case (es::sign::SIGN_ID_RSA4096_SHA1):
|
|
||||||
case (es::sign::SIGN_ID_RSA2048_SHA1):
|
|
||||||
case (es::sign::SIGN_ID_ECDSA240_SHA1):
|
|
||||||
hash_algo = HASH_ALGO_SHA1;
|
|
||||||
break;
|
|
||||||
case (es::sign::SIGN_ID_RSA4096_SHA256):
|
|
||||||
case (es::sign::SIGN_ID_RSA2048_SHA256):
|
|
||||||
case (es::sign::SIGN_ID_ECDSA240_SHA256):
|
|
||||||
hash_algo = HASH_ALGO_SHA256;
|
|
||||||
break;
|
|
||||||
};
|
|
||||||
|
|
||||||
return hash_algo;
|
|
||||||
}
|
|
|
@ -1,9 +1,9 @@
|
||||||
#pragma once
|
#pragma once
|
||||||
#include <string>
|
#include <string>
|
||||||
#include <fnd/ISerialisable.h>
|
#include <fnd/ISerialisable.h>
|
||||||
#include <es/cert.h>
|
#include <pki/cert.h>
|
||||||
|
|
||||||
namespace es
|
namespace pki
|
||||||
{
|
{
|
||||||
class CertificateBody
|
class CertificateBody
|
||||||
: public fnd::ISerialisable
|
: public fnd::ISerialisable
|
||||||
|
@ -27,7 +27,7 @@ namespace es
|
||||||
const std::string& getIssuer() const;
|
const std::string& getIssuer() const;
|
||||||
void setIssuer(const std::string& issuer);
|
void setIssuer(const std::string& issuer);
|
||||||
|
|
||||||
es::cert::PublicKeyType getPublicKeyType() const;
|
pki::cert::PublicKeyType getPublicKeyType() const;
|
||||||
void setPublicKeyType(cert::PublicKeyType type);
|
void setPublicKeyType(cert::PublicKeyType type);
|
||||||
|
|
||||||
const std::string& getSubject() const;
|
const std::string& getSubject() const;
|
14
lib/libpki/include/pki/SignUtils.h
Normal file
14
lib/libpki/include/pki/SignUtils.h
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
#pragma once
|
||||||
|
#include <pki/sign.h>
|
||||||
|
#include <crypto/sha.h>
|
||||||
|
|
||||||
|
namespace pki
|
||||||
|
{
|
||||||
|
|
||||||
|
namespace sign
|
||||||
|
{
|
||||||
|
pki::sign::SignatureAlgo getSignatureAlgo(pki::sign::SignatureId sign_id);
|
||||||
|
pki::sign::HashAlgo getHashAlgo(pki::sign::SignatureId sign_id);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -1,9 +1,9 @@
|
||||||
#pragma once
|
#pragma once
|
||||||
#include <string>
|
#include <string>
|
||||||
#include <fnd/ISerialisable.h>
|
#include <fnd/ISerialisable.h>
|
||||||
#include <es/sign.h>
|
#include <pki/sign.h>
|
||||||
|
|
||||||
namespace es
|
namespace pki
|
||||||
{
|
{
|
||||||
class SignatureBlock
|
class SignatureBlock
|
||||||
: public fnd::ISerialisable
|
: public fnd::ISerialisable
|
||||||
|
@ -24,8 +24,8 @@ namespace es
|
||||||
// variables
|
// variables
|
||||||
void clear();
|
void clear();
|
||||||
|
|
||||||
es::sign::SignatureId getSignType() const;
|
pki::sign::SignatureId getSignType() const;
|
||||||
void setSignType(es::sign::SignatureId type);
|
void setSignType(pki::sign::SignatureId type);
|
||||||
|
|
||||||
bool isLittleEndian() const;
|
bool isLittleEndian() const;
|
||||||
void setLittleEndian(bool isLE);
|
void setLittleEndian(bool isLE);
|
||||||
|
@ -41,7 +41,7 @@ namespace es
|
||||||
fnd::Vec<byte_t> mRawBinary;
|
fnd::Vec<byte_t> mRawBinary;
|
||||||
|
|
||||||
// variables
|
// variables
|
||||||
es::sign::SignatureId mSignType;
|
pki::sign::SignatureId mSignType;
|
||||||
bool mIsLittleEndian;
|
bool mIsLittleEndian;
|
||||||
fnd::Vec<byte_t> mSignature;
|
fnd::Vec<byte_t> mSignature;
|
||||||
};
|
};
|
|
@ -1,9 +1,9 @@
|
||||||
#pragma once
|
#pragma once
|
||||||
#include <string>
|
#include <string>
|
||||||
#include <fnd/ISerialisable.h>
|
#include <fnd/ISerialisable.h>
|
||||||
#include <es/SignatureBlock.h>
|
#include <pki/SignatureBlock.h>
|
||||||
|
|
||||||
namespace es
|
namespace pki
|
||||||
{
|
{
|
||||||
template <class T>
|
template <class T>
|
||||||
class SignedData
|
class SignedData
|
||||||
|
@ -25,7 +25,7 @@ namespace es
|
||||||
// variables
|
// variables
|
||||||
void clear();
|
void clear();
|
||||||
|
|
||||||
const es::SignatureBlock& getSignature() const;
|
const pki::SignatureBlock& getSignature() const;
|
||||||
void setSignature(const SignatureBlock& signature);
|
void setSignature(const SignatureBlock& signature);
|
||||||
|
|
||||||
const T& getBody() const;
|
const T& getBody() const;
|
||||||
|
@ -111,7 +111,7 @@ namespace es
|
||||||
}
|
}
|
||||||
|
|
||||||
template <class T>
|
template <class T>
|
||||||
inline const es::SignatureBlock& SignedData<T>::getSignature() const
|
inline const pki::SignatureBlock& SignedData<T>::getSignature() const
|
||||||
{
|
{
|
||||||
return mSignature;
|
return mSignature;
|
||||||
}
|
}
|
|
@ -5,7 +5,7 @@
|
||||||
#include <crypto/rsa.h>
|
#include <crypto/rsa.h>
|
||||||
#include <crypto/ecdsa.h>
|
#include <crypto/ecdsa.h>
|
||||||
|
|
||||||
namespace es
|
namespace pki
|
||||||
{
|
{
|
||||||
namespace cert
|
namespace cert
|
||||||
{
|
{
|
|
@ -5,7 +5,7 @@
|
||||||
#include <crypto/rsa.h>
|
#include <crypto/rsa.h>
|
||||||
#include <crypto/ecdsa.h>
|
#include <crypto/ecdsa.h>
|
||||||
|
|
||||||
namespace es
|
namespace pki
|
||||||
{
|
{
|
||||||
namespace sign
|
namespace sign
|
||||||
{
|
{
|
47
lib/libpki/makefile
Normal file
47
lib/libpki/makefile
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
# Sources
|
||||||
|
SRC_DIR = source
|
||||||
|
OBJS = $(foreach dir,$(SRC_DIR),$(subst .cpp,.o,$(wildcard $(dir)/*.cpp))) $(foreach dir,$(SRC_DIR),$(subst .c,.o,$(wildcard $(dir)/*.c)))
|
||||||
|
|
||||||
|
# External dependencies
|
||||||
|
DEPENDS = fnd crypto
|
||||||
|
LIB_DIR = ..
|
||||||
|
INCS = -I"include" $(foreach dep,$(DEPENDS), -I"$(LIB_DIR)/lib$(dep)/include")
|
||||||
|
|
||||||
|
|
||||||
|
# Compiler Settings
|
||||||
|
CXXFLAGS = -std=c++11 $(INCS) -D__STDC_FORMAT_MACROS -Wall -Wno-unused-value
|
||||||
|
CFLAGS = -std=c11 $(INCS) -Wall -Wno-unused-value
|
||||||
|
ARFLAGS = cr -o
|
||||||
|
ifeq ($(OS),Windows_NT)
|
||||||
|
# Windows Only Flags/Libs
|
||||||
|
CC = x86_64-w64-mingw32-gcc
|
||||||
|
CXX = x86_64-w64-mingw32-g++
|
||||||
|
CFLAGS += -Wno-unused-but-set-variable
|
||||||
|
CXXFLAGS += -Wno-unused-but-set-variable
|
||||||
|
else
|
||||||
|
UNAME = $(shell uname -s)
|
||||||
|
ifeq ($(UNAME), Darwin)
|
||||||
|
# MacOS Only Flags/Libs
|
||||||
|
CFLAGS += -Wno-unused-private-field
|
||||||
|
CXXFLAGS += -Wno-unused-private-field
|
||||||
|
ARFLAGS = rc
|
||||||
|
else
|
||||||
|
# *nix Only Flags/Libs
|
||||||
|
CFLAGS += -Wno-unused-but-set-variable
|
||||||
|
CXXFLAGS += -Wno-unused-but-set-variable
|
||||||
|
endif
|
||||||
|
|
||||||
|
endif
|
||||||
|
|
||||||
|
# Output
|
||||||
|
OUTPUT = $(shell basename $(CURDIR)).a
|
||||||
|
|
||||||
|
main: build
|
||||||
|
|
||||||
|
rebuild: clean build
|
||||||
|
|
||||||
|
build: $(OBJS)
|
||||||
|
ar $(ARFLAGS) $(OUTPUT) $(OBJS)
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -rf $(OUTPUT) $(OBJS)
|
|
@ -1,16 +1,16 @@
|
||||||
#include <es/CertificateBody.h>
|
#include <pki/CertificateBody.h>
|
||||||
|
|
||||||
es::CertificateBody::CertificateBody()
|
pki::CertificateBody::CertificateBody()
|
||||||
{
|
{
|
||||||
clear();
|
clear();
|
||||||
}
|
}
|
||||||
|
|
||||||
es::CertificateBody::CertificateBody(const CertificateBody& other)
|
pki::CertificateBody::CertificateBody(const CertificateBody& other)
|
||||||
{
|
{
|
||||||
*this = other;
|
*this = other;
|
||||||
}
|
}
|
||||||
|
|
||||||
void es::CertificateBody::operator=(const CertificateBody& other)
|
void pki::CertificateBody::operator=(const CertificateBody& other)
|
||||||
{
|
{
|
||||||
mRawBinary = other.mRawBinary;
|
mRawBinary = other.mRawBinary;
|
||||||
mIssuer = other.mIssuer;
|
mIssuer = other.mIssuer;
|
||||||
|
@ -22,7 +22,7 @@ void es::CertificateBody::operator=(const CertificateBody& other)
|
||||||
mEcdsa240PublicKey = other.mEcdsa240PublicKey;
|
mEcdsa240PublicKey = other.mEcdsa240PublicKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool es::CertificateBody::operator==(const CertificateBody& other) const
|
bool pki::CertificateBody::operator==(const CertificateBody& other) const
|
||||||
{
|
{
|
||||||
return (mIssuer == other.mIssuer) \
|
return (mIssuer == other.mIssuer) \
|
||||||
&& (mSubject == other.mSubject) \
|
&& (mSubject == other.mSubject) \
|
||||||
|
@ -33,12 +33,12 @@ bool es::CertificateBody::operator==(const CertificateBody& other) const
|
||||||
&& (mEcdsa240PublicKey == other.mEcdsa240PublicKey);
|
&& (mEcdsa240PublicKey == other.mEcdsa240PublicKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool es::CertificateBody::operator!=(const CertificateBody& other) const
|
bool pki::CertificateBody::operator!=(const CertificateBody& other) const
|
||||||
{
|
{
|
||||||
return !(*this == other);
|
return !(*this == other);
|
||||||
}
|
}
|
||||||
|
|
||||||
void es::CertificateBody::toBytes()
|
void pki::CertificateBody::toBytes()
|
||||||
{
|
{
|
||||||
// get public key size
|
// get public key size
|
||||||
size_t pubkeySize = 0;
|
size_t pubkeySize = 0;
|
||||||
|
@ -86,7 +86,7 @@ void es::CertificateBody::toBytes()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void es::CertificateBody::fromBytes(const byte_t* src, size_t size)
|
void pki::CertificateBody::fromBytes(const byte_t* src, size_t size)
|
||||||
{
|
{
|
||||||
clear();
|
clear();
|
||||||
|
|
||||||
|
@ -155,13 +155,13 @@ void es::CertificateBody::fromBytes(const byte_t* src, size_t size)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
const fnd::Vec<byte_t>& es::CertificateBody::getBytes() const
|
const fnd::Vec<byte_t>& pki::CertificateBody::getBytes() const
|
||||||
{
|
{
|
||||||
return mRawBinary;
|
return mRawBinary;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void es::CertificateBody::clear()
|
void pki::CertificateBody::clear()
|
||||||
{
|
{
|
||||||
mIssuer.clear();
|
mIssuer.clear();
|
||||||
mSubject.clear();
|
mSubject.clear();
|
||||||
|
@ -173,12 +173,12 @@ void es::CertificateBody::clear()
|
||||||
memset(&mEcdsa240PublicKey, 0, sizeof(crypto::ecdsa::sEcdsa240Point));
|
memset(&mEcdsa240PublicKey, 0, sizeof(crypto::ecdsa::sEcdsa240Point));
|
||||||
}
|
}
|
||||||
|
|
||||||
const std::string& es::CertificateBody::getIssuer() const
|
const std::string& pki::CertificateBody::getIssuer() const
|
||||||
{
|
{
|
||||||
return mIssuer;
|
return mIssuer;
|
||||||
}
|
}
|
||||||
|
|
||||||
void es::CertificateBody::setIssuer(const std::string& issuer)
|
void pki::CertificateBody::setIssuer(const std::string& issuer)
|
||||||
{
|
{
|
||||||
if (issuer.size() > cert::kIssuerSize)
|
if (issuer.size() > cert::kIssuerSize)
|
||||||
{
|
{
|
||||||
|
@ -188,22 +188,22 @@ void es::CertificateBody::setIssuer(const std::string& issuer)
|
||||||
mIssuer = issuer;
|
mIssuer = issuer;
|
||||||
}
|
}
|
||||||
|
|
||||||
es::cert::PublicKeyType es::CertificateBody::getPublicKeyType() const
|
pki::cert::PublicKeyType pki::CertificateBody::getPublicKeyType() const
|
||||||
{
|
{
|
||||||
return mPublicKeyType;
|
return mPublicKeyType;
|
||||||
}
|
}
|
||||||
|
|
||||||
void es::CertificateBody::setPublicKeyType(cert::PublicKeyType type)
|
void pki::CertificateBody::setPublicKeyType(cert::PublicKeyType type)
|
||||||
{
|
{
|
||||||
mPublicKeyType = type;
|
mPublicKeyType = type;
|
||||||
}
|
}
|
||||||
|
|
||||||
const std::string& es::CertificateBody::getSubject() const
|
const std::string& pki::CertificateBody::getSubject() const
|
||||||
{
|
{
|
||||||
return mSubject;
|
return mSubject;
|
||||||
}
|
}
|
||||||
|
|
||||||
void es::CertificateBody::setSubject(const std::string& subject)
|
void pki::CertificateBody::setSubject(const std::string& subject)
|
||||||
{
|
{
|
||||||
if (subject.size() > cert::kSubjectSize)
|
if (subject.size() > cert::kSubjectSize)
|
||||||
{
|
{
|
||||||
|
@ -213,42 +213,42 @@ void es::CertificateBody::setSubject(const std::string& subject)
|
||||||
mSubject = subject;
|
mSubject = subject;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint32_t es::CertificateBody::getCertId() const
|
uint32_t pki::CertificateBody::getCertId() const
|
||||||
{
|
{
|
||||||
return mCertId;
|
return mCertId;
|
||||||
}
|
}
|
||||||
|
|
||||||
void es::CertificateBody::setCertId(uint32_t id)
|
void pki::CertificateBody::setCertId(uint32_t id)
|
||||||
{
|
{
|
||||||
mCertId = id;
|
mCertId = id;
|
||||||
}
|
}
|
||||||
|
|
||||||
const crypto::rsa::sRsa4096Key& es::CertificateBody::getRsa4098PublicKey() const
|
const crypto::rsa::sRsa4096Key& pki::CertificateBody::getRsa4098PublicKey() const
|
||||||
{
|
{
|
||||||
return mRsa4096PublicKey;
|
return mRsa4096PublicKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
void es::CertificateBody::setRsa4098PublicKey(const crypto::rsa::sRsa4096Key& key)
|
void pki::CertificateBody::setRsa4098PublicKey(const crypto::rsa::sRsa4096Key& key)
|
||||||
{
|
{
|
||||||
mRsa4096PublicKey = key;
|
mRsa4096PublicKey = key;
|
||||||
}
|
}
|
||||||
|
|
||||||
const crypto::rsa::sRsa2048Key& es::CertificateBody::getRsa2048PublicKey() const
|
const crypto::rsa::sRsa2048Key& pki::CertificateBody::getRsa2048PublicKey() const
|
||||||
{
|
{
|
||||||
return mRsa2048PublicKey;
|
return mRsa2048PublicKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
void es::CertificateBody::setRsa2048PublicKey(const crypto::rsa::sRsa2048Key& key)
|
void pki::CertificateBody::setRsa2048PublicKey(const crypto::rsa::sRsa2048Key& key)
|
||||||
{
|
{
|
||||||
mRsa2048PublicKey = key;
|
mRsa2048PublicKey = key;
|
||||||
}
|
}
|
||||||
|
|
||||||
const crypto::ecdsa::sEcdsa240Point& es::CertificateBody::getEcdsa240PublicKey() const
|
const crypto::ecdsa::sEcdsa240Point& pki::CertificateBody::getEcdsa240PublicKey() const
|
||||||
{
|
{
|
||||||
return mEcdsa240PublicKey;
|
return mEcdsa240PublicKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
void es::CertificateBody::setEcdsa240PublicKey(const crypto::ecdsa::sEcdsa240Point& key)
|
void pki::CertificateBody::setEcdsa240PublicKey(const crypto::ecdsa::sEcdsa240Point& key)
|
||||||
{
|
{
|
||||||
mEcdsa240PublicKey = key;
|
mEcdsa240PublicKey = key;
|
||||||
}
|
}
|
45
lib/libpki/source/SignUtils.cpp
Normal file
45
lib/libpki/source/SignUtils.cpp
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
#include <pki/SignUtils.h>
|
||||||
|
|
||||||
|
pki::sign::SignatureAlgo pki::sign::getSignatureAlgo(pki::sign::SignatureId sign_id)
|
||||||
|
{
|
||||||
|
SignatureAlgo sign_algo = SIGN_ALGO_RSA4096;
|
||||||
|
|
||||||
|
switch (sign_id)
|
||||||
|
{
|
||||||
|
case (pki::sign::SIGN_ID_RSA4096_SHA1):
|
||||||
|
case (pki::sign::SIGN_ID_RSA4096_SHA256):
|
||||||
|
sign_algo = SIGN_ALGO_RSA4096;
|
||||||
|
break;
|
||||||
|
case (pki::sign::SIGN_ID_RSA2048_SHA1):
|
||||||
|
case (pki::sign::SIGN_ID_RSA2048_SHA256):
|
||||||
|
sign_algo = SIGN_ALGO_RSA2048;
|
||||||
|
break;
|
||||||
|
case (pki::sign::SIGN_ID_ECDSA240_SHA1):
|
||||||
|
case (pki::sign::SIGN_ID_ECDSA240_SHA256):
|
||||||
|
sign_algo = SIGN_ALGO_ECDSA240;
|
||||||
|
break;
|
||||||
|
};
|
||||||
|
|
||||||
|
return sign_algo;
|
||||||
|
}
|
||||||
|
|
||||||
|
pki::sign::HashAlgo pki::sign::getHashAlgo(pki::sign::SignatureId sign_id)
|
||||||
|
{
|
||||||
|
HashAlgo hash_algo = HASH_ALGO_SHA1;
|
||||||
|
|
||||||
|
switch (sign_id)
|
||||||
|
{
|
||||||
|
case (pki::sign::SIGN_ID_RSA4096_SHA1):
|
||||||
|
case (pki::sign::SIGN_ID_RSA2048_SHA1):
|
||||||
|
case (pki::sign::SIGN_ID_ECDSA240_SHA1):
|
||||||
|
hash_algo = HASH_ALGO_SHA1;
|
||||||
|
break;
|
||||||
|
case (pki::sign::SIGN_ID_RSA4096_SHA256):
|
||||||
|
case (pki::sign::SIGN_ID_RSA2048_SHA256):
|
||||||
|
case (pki::sign::SIGN_ID_ECDSA240_SHA256):
|
||||||
|
hash_algo = HASH_ALGO_SHA256;
|
||||||
|
break;
|
||||||
|
};
|
||||||
|
|
||||||
|
return hash_algo;
|
||||||
|
}
|
|
@ -1,16 +1,16 @@
|
||||||
#include <es/SignatureBlock.h>
|
#include <pki/SignatureBlock.h>
|
||||||
|
|
||||||
es::SignatureBlock::SignatureBlock()
|
pki::SignatureBlock::SignatureBlock()
|
||||||
{
|
{
|
||||||
clear();
|
clear();
|
||||||
}
|
}
|
||||||
|
|
||||||
es::SignatureBlock::SignatureBlock(const SignatureBlock& other)
|
pki::SignatureBlock::SignatureBlock(const SignatureBlock& other)
|
||||||
{
|
{
|
||||||
*this = other;
|
*this = other;
|
||||||
}
|
}
|
||||||
|
|
||||||
void es::SignatureBlock::operator=(const SignatureBlock& other)
|
void pki::SignatureBlock::operator=(const SignatureBlock& other)
|
||||||
{
|
{
|
||||||
mRawBinary = other.mRawBinary;
|
mRawBinary = other.mRawBinary;
|
||||||
mSignType = other.mSignType;
|
mSignType = other.mSignType;
|
||||||
|
@ -18,19 +18,19 @@ void es::SignatureBlock::operator=(const SignatureBlock& other)
|
||||||
mSignature = other.mSignature;
|
mSignature = other.mSignature;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool es::SignatureBlock::operator==(const SignatureBlock& other) const
|
bool pki::SignatureBlock::operator==(const SignatureBlock& other) const
|
||||||
{
|
{
|
||||||
return (mSignType == other.mSignType) \
|
return (mSignType == other.mSignType) \
|
||||||
&& (mIsLittleEndian == other.mIsLittleEndian) \
|
&& (mIsLittleEndian == other.mIsLittleEndian) \
|
||||||
&& (mSignature == other.mSignature);
|
&& (mSignature == other.mSignature);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool es::SignatureBlock::operator!=(const SignatureBlock& other) const
|
bool pki::SignatureBlock::operator!=(const SignatureBlock& other) const
|
||||||
{
|
{
|
||||||
return !(*this == other);
|
return !(*this == other);
|
||||||
}
|
}
|
||||||
|
|
||||||
void es::SignatureBlock::toBytes()
|
void pki::SignatureBlock::toBytes()
|
||||||
{
|
{
|
||||||
size_t totalSize = 0;
|
size_t totalSize = 0;
|
||||||
size_t sigSize = 0;
|
size_t sigSize = 0;
|
||||||
|
@ -68,7 +68,7 @@ void es::SignatureBlock::toBytes()
|
||||||
memcpy(mRawBinary.data() + 4, mSignature.data(), sigSize);
|
memcpy(mRawBinary.data() + 4, mSignature.data(), sigSize);
|
||||||
}
|
}
|
||||||
|
|
||||||
void es::SignatureBlock::fromBytes(const byte_t* src, size_t size)
|
void pki::SignatureBlock::fromBytes(const byte_t* src, size_t size)
|
||||||
{
|
{
|
||||||
clear();
|
clear();
|
||||||
|
|
||||||
|
@ -138,12 +138,12 @@ void es::SignatureBlock::fromBytes(const byte_t* src, size_t size)
|
||||||
memcpy(mSignature.data(), mRawBinary.data() + 4, sigSize);
|
memcpy(mSignature.data(), mRawBinary.data() + 4, sigSize);
|
||||||
}
|
}
|
||||||
|
|
||||||
const fnd::Vec<byte_t>& es::SignatureBlock::getBytes() const
|
const fnd::Vec<byte_t>& pki::SignatureBlock::getBytes() const
|
||||||
{
|
{
|
||||||
return mRawBinary;
|
return mRawBinary;
|
||||||
}
|
}
|
||||||
|
|
||||||
void es::SignatureBlock::clear()
|
void pki::SignatureBlock::clear()
|
||||||
{
|
{
|
||||||
mRawBinary.clear();
|
mRawBinary.clear();
|
||||||
mSignType = sign::SIGN_ID_RSA4096_SHA1;
|
mSignType = sign::SIGN_ID_RSA4096_SHA1;
|
||||||
|
@ -151,32 +151,32 @@ void es::SignatureBlock::clear()
|
||||||
mSignature.clear();
|
mSignature.clear();
|
||||||
}
|
}
|
||||||
|
|
||||||
es::sign::SignatureId es::SignatureBlock::getSignType() const
|
pki::sign::SignatureId pki::SignatureBlock::getSignType() const
|
||||||
{
|
{
|
||||||
return mSignType;
|
return mSignType;
|
||||||
}
|
}
|
||||||
|
|
||||||
void es::SignatureBlock::setSignType(es::sign::SignatureId type)
|
void pki::SignatureBlock::setSignType(pki::sign::SignatureId type)
|
||||||
{
|
{
|
||||||
mSignType = type;
|
mSignType = type;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool es::SignatureBlock::isLittleEndian() const
|
bool pki::SignatureBlock::isLittleEndian() const
|
||||||
{
|
{
|
||||||
return mIsLittleEndian;
|
return mIsLittleEndian;
|
||||||
}
|
}
|
||||||
|
|
||||||
void es::SignatureBlock::setLittleEndian(bool isLE)
|
void pki::SignatureBlock::setLittleEndian(bool isLE)
|
||||||
{
|
{
|
||||||
mIsLittleEndian = isLE;
|
mIsLittleEndian = isLE;
|
||||||
}
|
}
|
||||||
|
|
||||||
const fnd::Vec<byte_t>& es::SignatureBlock::getSignature() const
|
const fnd::Vec<byte_t>& pki::SignatureBlock::getSignature() const
|
||||||
{
|
{
|
||||||
return mSignature;
|
return mSignature;
|
||||||
}
|
}
|
||||||
|
|
||||||
void es::SignatureBlock::setSignature(const fnd::Vec<byte_t>& signature)
|
void pki::SignatureBlock::setSignature(const fnd::Vec<byte_t>& signature)
|
||||||
{
|
{
|
||||||
mSignature = signature;
|
mSignature = signature;
|
||||||
}
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
LIBS = libfnd libcrypto libcompress libes libnx libnx-hb
|
LIBS = libfnd libcrypto libcompress libes libpki libnx libnx-hb
|
||||||
main: build
|
main: build
|
||||||
|
|
||||||
rebuild: clean build
|
rebuild: clean build
|
||||||
|
|
|
@ -3,7 +3,7 @@ SRC_DIR = source
|
||||||
OBJS = $(foreach dir,$(SRC_DIR),$(subst .cpp,.o,$(wildcard $(dir)/*.cpp))) $(foreach dir,$(SRC_DIR),$(subst .c,.o,$(wildcard $(dir)/*.c)))
|
OBJS = $(foreach dir,$(SRC_DIR),$(subst .cpp,.o,$(wildcard $(dir)/*.cpp))) $(foreach dir,$(SRC_DIR),$(subst .c,.o,$(wildcard $(dir)/*.c)))
|
||||||
|
|
||||||
# External dependencies
|
# External dependencies
|
||||||
DEPENDS = nx-hb nx es crypto compress fnd
|
DEPENDS = nx-hb nx es pki crypto compress fnd
|
||||||
LIB_DIR = ../../lib
|
LIB_DIR = ../../lib
|
||||||
LIBS = $(foreach dep,$(DEPENDS), -L"$(LIB_DIR)/lib$(dep)" -l$(dep))
|
LIBS = $(foreach dep,$(DEPENDS), -L"$(LIB_DIR)/lib$(dep)" -l$(dep))
|
||||||
INCS = $(foreach dep,$(DEPENDS), -I"$(LIB_DIR)/lib$(dep)/include")
|
INCS = $(foreach dep,$(DEPENDS), -I"$(LIB_DIR)/lib$(dep)/include")
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
#include <iomanip>
|
#include <iomanip>
|
||||||
|
|
||||||
#include <fnd/SimpleTextOutput.h>
|
#include <fnd/SimpleTextOutput.h>
|
||||||
#include <es/SignUtils.h>
|
#include <pki/SignUtils.h>
|
||||||
#include "OffsetAdjustedIFile.h"
|
#include "OffsetAdjustedIFile.h"
|
||||||
#include "EsCertProcess.h"
|
#include "EsCertProcess.h"
|
||||||
#include "PkiValidator.h"
|
#include "PkiValidator.h"
|
||||||
|
@ -66,7 +66,7 @@ void EsCertProcess::importCerts()
|
||||||
scratch.alloc(mFile->size());
|
scratch.alloc(mFile->size());
|
||||||
mFile->read(scratch.data(), 0, scratch.size());
|
mFile->read(scratch.data(), 0, scratch.size());
|
||||||
|
|
||||||
es::SignedData<es::CertificateBody> cert;
|
pki::SignedData<pki::CertificateBody> cert;
|
||||||
for (size_t f_pos = 0; f_pos < scratch.size(); f_pos += cert.getBytes().size())
|
for (size_t f_pos = 0; f_pos < scratch.size(); f_pos += cert.getBytes().size())
|
||||||
{
|
{
|
||||||
cert.fromBytes(scratch.data() + f_pos, scratch.size() - f_pos);
|
cert.fromBytes(scratch.data() + f_pos, scratch.size() - f_pos);
|
||||||
|
@ -98,7 +98,7 @@ void EsCertProcess::displayCerts()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void EsCertProcess::displayCert(const es::SignedData<es::CertificateBody>& cert)
|
void EsCertProcess::displayCert(const pki::SignedData<pki::CertificateBody>& cert)
|
||||||
{
|
{
|
||||||
#define _SPLIT_VER(ver) ( (ver>>26) & 0x3f), ( (ver>>20) & 0x3f), ( (ver>>16) & 0xf), (ver & 0xffff)
|
#define _SPLIT_VER(ver) ( (ver>>26) & 0x3f), ( (ver>>20) & 0x3f), ( (ver>>16) & 0xf), (ver & 0xffff)
|
||||||
#define _HEXDUMP_U(var, len) do { for (size_t a__a__A = 0; a__a__A < len; a__a__A++) printf("%02X", var[a__a__A]); } while(0)
|
#define _HEXDUMP_U(var, len) do { for (size_t a__a__A = 0; a__a__A < len; a__a__A++) printf("%02X", var[a__a__A]); } while(0)
|
||||||
|
@ -119,7 +119,7 @@ void EsCertProcess::displayCert(const es::SignedData<es::CertificateBody>& cert)
|
||||||
std::cout << std::endl;
|
std::cout << std::endl;
|
||||||
std::cout << " CertID: 0x" << std::hex << cert.getBody().getCertId() << std::endl;
|
std::cout << " CertID: 0x" << std::hex << cert.getBody().getCertId() << std::endl;
|
||||||
|
|
||||||
if (cert.getBody().getPublicKeyType() == es::cert::RSA4096)
|
if (cert.getBody().getPublicKeyType() == pki::cert::RSA4096)
|
||||||
{
|
{
|
||||||
std::cout << " PublicKey:" << std::endl;
|
std::cout << " PublicKey:" << std::endl;
|
||||||
std::cout << " Modulus:" << std::endl;
|
std::cout << " Modulus:" << std::endl;
|
||||||
|
@ -127,7 +127,7 @@ void EsCertProcess::displayCert(const es::SignedData<es::CertificateBody>& cert)
|
||||||
std::cout << " Public Exponent:" << std::endl;
|
std::cout << " Public Exponent:" << std::endl;
|
||||||
fnd::SimpleTextOutput::hexDump(cert.getBody().getRsa4098PublicKey().public_exponent, crypto::rsa::kRsaPublicExponentSize, 0x10, 6);
|
fnd::SimpleTextOutput::hexDump(cert.getBody().getRsa4098PublicKey().public_exponent, crypto::rsa::kRsaPublicExponentSize, 0x10, 6);
|
||||||
}
|
}
|
||||||
else if (cert.getBody().getPublicKeyType() == es::cert::RSA2048)
|
else if (cert.getBody().getPublicKeyType() == pki::cert::RSA2048)
|
||||||
{
|
{
|
||||||
std::cout << " PublicKey:" << std::endl;
|
std::cout << " PublicKey:" << std::endl;
|
||||||
std::cout << " Public Exponent:" << std::endl;
|
std::cout << " Public Exponent:" << std::endl;
|
||||||
|
@ -135,7 +135,7 @@ void EsCertProcess::displayCert(const es::SignedData<es::CertificateBody>& cert)
|
||||||
std::cout << " Modulus:" << std::endl;
|
std::cout << " Modulus:" << std::endl;
|
||||||
fnd::SimpleTextOutput::hexDump(cert.getBody().getRsa2048PublicKey().public_exponent, crypto::rsa::kRsaPublicExponentSize, 0x10, 6);
|
fnd::SimpleTextOutput::hexDump(cert.getBody().getRsa2048PublicKey().public_exponent, crypto::rsa::kRsaPublicExponentSize, 0x10, 6);
|
||||||
}
|
}
|
||||||
else if (cert.getBody().getPublicKeyType() == es::cert::ECDSA240)
|
else if (cert.getBody().getPublicKeyType() == pki::cert::ECDSA240)
|
||||||
{
|
{
|
||||||
std::cout << " PublicKey:" << std::endl;
|
std::cout << " PublicKey:" << std::endl;
|
||||||
std::cout << " R:" << std::endl;
|
std::cout << " R:" << std::endl;
|
||||||
|
@ -151,27 +151,27 @@ void EsCertProcess::displayCert(const es::SignedData<es::CertificateBody>& cert)
|
||||||
#undef _SPLIT_VER
|
#undef _SPLIT_VER
|
||||||
}
|
}
|
||||||
|
|
||||||
const char* EsCertProcess::getSignTypeStr(es::sign::SignatureId type) const
|
const char* EsCertProcess::getSignTypeStr(pki::sign::SignatureId type) const
|
||||||
{
|
{
|
||||||
const char* str;
|
const char* str;
|
||||||
switch (type)
|
switch (type)
|
||||||
{
|
{
|
||||||
case (es::sign::SIGN_ID_RSA4096_SHA1):
|
case (pki::sign::SIGN_ID_RSA4096_SHA1):
|
||||||
str = "RSA4096-SHA1";
|
str = "RSA4096-SHA1";
|
||||||
break;
|
break;
|
||||||
case (es::sign::SIGN_ID_RSA2048_SHA1):
|
case (pki::sign::SIGN_ID_RSA2048_SHA1):
|
||||||
str = "RSA2048-SHA1";
|
str = "RSA2048-SHA1";
|
||||||
break;
|
break;
|
||||||
case (es::sign::SIGN_ID_ECDSA240_SHA1):
|
case (pki::sign::SIGN_ID_ECDSA240_SHA1):
|
||||||
str = "ECDSA240-SHA1";
|
str = "ECDSA240-SHA1";
|
||||||
break;
|
break;
|
||||||
case (es::sign::SIGN_ID_RSA4096_SHA256):
|
case (pki::sign::SIGN_ID_RSA4096_SHA256):
|
||||||
str = "RSA4096-SHA256";
|
str = "RSA4096-SHA256";
|
||||||
break;
|
break;
|
||||||
case (es::sign::SIGN_ID_RSA2048_SHA256):
|
case (pki::sign::SIGN_ID_RSA2048_SHA256):
|
||||||
str = "RSA2048-SHA256";
|
str = "RSA2048-SHA256";
|
||||||
break;
|
break;
|
||||||
case (es::sign::SIGN_ID_ECDSA240_SHA256):
|
case (pki::sign::SIGN_ID_ECDSA240_SHA256):
|
||||||
str = "ECDSA240-SHA256";
|
str = "ECDSA240-SHA256";
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
@ -186,18 +186,18 @@ const char* EsCertProcess::getEndiannessStr(bool isLittleEndian) const
|
||||||
return isLittleEndian ? "LittleEndian" : "BigEndian";
|
return isLittleEndian ? "LittleEndian" : "BigEndian";
|
||||||
}
|
}
|
||||||
|
|
||||||
const char* EsCertProcess::getPublicKeyTypeStr(es::cert::PublicKeyType type) const
|
const char* EsCertProcess::getPublicKeyTypeStr(pki::cert::PublicKeyType type) const
|
||||||
{
|
{
|
||||||
const char* str;
|
const char* str;
|
||||||
switch (type)
|
switch (type)
|
||||||
{
|
{
|
||||||
case (es::cert::RSA4096):
|
case (pki::cert::RSA4096):
|
||||||
str = "RSA4096";
|
str = "RSA4096";
|
||||||
break;
|
break;
|
||||||
case (es::cert::RSA2048):
|
case (pki::cert::RSA2048):
|
||||||
str = "RSA2048";
|
str = "RSA2048";
|
||||||
break;
|
break;
|
||||||
case (es::cert::ECDSA240):
|
case (pki::cert::ECDSA240):
|
||||||
str = "ECDSA240";
|
str = "ECDSA240";
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
|
|
@ -4,8 +4,8 @@
|
||||||
#include <fnd/IFile.h>
|
#include <fnd/IFile.h>
|
||||||
#include <fnd/List.h>
|
#include <fnd/List.h>
|
||||||
#include <fnd/Vec.h>
|
#include <fnd/Vec.h>
|
||||||
#include <es/SignedData.h>
|
#include <pki/SignedData.h>
|
||||||
#include <es/CertificateBody.h>
|
#include <pki/CertificateBody.h>
|
||||||
#include "nstool.h"
|
#include "nstool.h"
|
||||||
|
|
||||||
class EsCertProcess
|
class EsCertProcess
|
||||||
|
@ -30,15 +30,15 @@ private:
|
||||||
CliOutputMode mCliOutputMode;
|
CliOutputMode mCliOutputMode;
|
||||||
bool mVerify;
|
bool mVerify;
|
||||||
|
|
||||||
fnd::List<es::SignedData<es::CertificateBody>> mCert;
|
fnd::List<pki::SignedData<pki::CertificateBody>> mCert;
|
||||||
|
|
||||||
void importCerts();
|
void importCerts();
|
||||||
void validateCerts();
|
void validateCerts();
|
||||||
void displayCerts();
|
void displayCerts();
|
||||||
void displayCert(const es::SignedData<es::CertificateBody>& cert);
|
void displayCert(const pki::SignedData<pki::CertificateBody>& cert);
|
||||||
|
|
||||||
|
|
||||||
const char* getSignTypeStr(es::sign::SignatureId type) const;
|
const char* getSignTypeStr(pki::sign::SignatureId type) const;
|
||||||
const char* getEndiannessStr(bool isLittleEndian) const;
|
const char* getEndiannessStr(bool isLittleEndian) const;
|
||||||
const char* getPublicKeyTypeStr(es::cert::PublicKeyType type) const;
|
const char* getPublicKeyTypeStr(pki::cert::PublicKeyType type) const;
|
||||||
};
|
};
|
|
@ -132,22 +132,22 @@ const char* EsTikProcess::getSignTypeStr(uint32_t type) const
|
||||||
const char* str = nullptr;
|
const char* str = nullptr;
|
||||||
switch(type)
|
switch(type)
|
||||||
{
|
{
|
||||||
case (es::sign::SIGN_ID_RSA4096_SHA1):
|
case (pki::sign::SIGN_ID_RSA4096_SHA1):
|
||||||
str = "RSA4096-SHA1";
|
str = "RSA4096-SHA1";
|
||||||
break;
|
break;
|
||||||
case (es::sign::SIGN_ID_RSA2048_SHA1):
|
case (pki::sign::SIGN_ID_RSA2048_SHA1):
|
||||||
str = "RSA2048-SHA1";
|
str = "RSA2048-SHA1";
|
||||||
break;
|
break;
|
||||||
case (es::sign::SIGN_ID_ECDSA240_SHA1):
|
case (pki::sign::SIGN_ID_ECDSA240_SHA1):
|
||||||
str = "ECDSA240-SHA1";
|
str = "ECDSA240-SHA1";
|
||||||
break;
|
break;
|
||||||
case (es::sign::SIGN_ID_RSA4096_SHA256):
|
case (pki::sign::SIGN_ID_RSA4096_SHA256):
|
||||||
str = "RSA4096-SHA256";
|
str = "RSA4096-SHA256";
|
||||||
break;
|
break;
|
||||||
case (es::sign::SIGN_ID_RSA2048_SHA256):
|
case (pki::sign::SIGN_ID_RSA2048_SHA256):
|
||||||
str = "RSA2048-SHA256";
|
str = "RSA2048-SHA256";
|
||||||
break;
|
break;
|
||||||
case (es::sign::SIGN_ID_ECDSA240_SHA256):
|
case (pki::sign::SIGN_ID_ECDSA240_SHA256):
|
||||||
str = "ECDSA240-SHA256";
|
str = "ECDSA240-SHA256";
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
#include <fnd/types.h>
|
#include <fnd/types.h>
|
||||||
#include <fnd/IFile.h>
|
#include <fnd/IFile.h>
|
||||||
#include <fnd/Vec.h>
|
#include <fnd/Vec.h>
|
||||||
#include <es/SignedData.h>
|
#include <pki/SignedData.h>
|
||||||
#include <es/TicketBody_V2.h>
|
#include <es/TicketBody_V2.h>
|
||||||
#include "nstool.h"
|
#include "nstool.h"
|
||||||
|
|
||||||
|
@ -29,7 +29,7 @@ private:
|
||||||
CliOutputMode mCliOutputMode;
|
CliOutputMode mCliOutputMode;
|
||||||
bool mVerify;
|
bool mVerify;
|
||||||
|
|
||||||
es::SignedData<es::TicketBody_V2> mTik;
|
pki::SignedData<es::TicketBody_V2> mTik;
|
||||||
|
|
||||||
void displayTicket();
|
void displayTicket();
|
||||||
const char* getSignTypeStr(uint32_t type) const;
|
const char* getSignTypeStr(uint32_t type) const;
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
#include <iostream>
|
#include <iostream>
|
||||||
#include <iomanip>
|
#include <iomanip>
|
||||||
#include <sstream>
|
#include <sstream>
|
||||||
#include <es/SignUtils.h>
|
#include <pki/SignUtils.h>
|
||||||
|
|
||||||
PkiValidator::PkiValidator()
|
PkiValidator::PkiValidator()
|
||||||
{
|
{
|
||||||
|
@ -12,7 +12,7 @@ PkiValidator::PkiValidator()
|
||||||
void PkiValidator::setRootKey(const crypto::rsa::sRsa4096Key& root_key)
|
void PkiValidator::setRootKey(const crypto::rsa::sRsa4096Key& root_key)
|
||||||
{
|
{
|
||||||
// save a copy of the certificate bank
|
// save a copy of the certificate bank
|
||||||
fnd::List<es::SignedData<es::CertificateBody>> old_certs = mCertificateBank;
|
fnd::List<pki::SignedData<pki::CertificateBody>> old_certs = mCertificateBank;
|
||||||
|
|
||||||
// clear the certificate bank
|
// clear the certificate bank
|
||||||
mCertificateBank.clear();
|
mCertificateBank.clear();
|
||||||
|
@ -27,7 +27,7 @@ void PkiValidator::setRootKey(const crypto::rsa::sRsa4096Key& root_key)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void PkiValidator::addCertificates(const fnd::List<es::SignedData<es::CertificateBody>>& certs)
|
void PkiValidator::addCertificates(const fnd::List<pki::SignedData<pki::CertificateBody>>& certs)
|
||||||
{
|
{
|
||||||
for (size_t i = 0; i < certs.size(); i++)
|
for (size_t i = 0; i < certs.size(); i++)
|
||||||
{
|
{
|
||||||
|
@ -35,11 +35,11 @@ void PkiValidator::addCertificates(const fnd::List<es::SignedData<es::Certificat
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void PkiValidator::addCertificate(const es::SignedData<es::CertificateBody>& cert)
|
void PkiValidator::addCertificate(const pki::SignedData<pki::CertificateBody>& cert)
|
||||||
{
|
{
|
||||||
std::string cert_ident;
|
std::string cert_ident;
|
||||||
es::sign::SignatureAlgo cert_sign_algo;
|
pki::sign::SignatureAlgo cert_sign_algo;
|
||||||
es::sign::HashAlgo cert_hash_algo;
|
pki::sign::HashAlgo cert_hash_algo;
|
||||||
fnd::Vec<byte_t> cert_hash;
|
fnd::Vec<byte_t> cert_hash;
|
||||||
|
|
||||||
try
|
try
|
||||||
|
@ -51,17 +51,17 @@ void PkiValidator::addCertificate(const es::SignedData<es::CertificateBody>& cer
|
||||||
throw fnd::Exception(kModuleName, "Certificate already exists");
|
throw fnd::Exception(kModuleName, "Certificate already exists");
|
||||||
}
|
}
|
||||||
|
|
||||||
cert_sign_algo = es::sign::getSignatureAlgo(cert.getSignature().getSignType());
|
cert_sign_algo = pki::sign::getSignatureAlgo(cert.getSignature().getSignType());
|
||||||
cert_hash_algo = es::sign::getHashAlgo(cert.getSignature().getSignType());
|
cert_hash_algo = pki::sign::getHashAlgo(cert.getSignature().getSignType());
|
||||||
|
|
||||||
// get cert hash
|
// get cert hash
|
||||||
switch (cert_hash_algo)
|
switch (cert_hash_algo)
|
||||||
{
|
{
|
||||||
case (es::sign::HASH_ALGO_SHA1):
|
case (pki::sign::HASH_ALGO_SHA1):
|
||||||
cert_hash.alloc(crypto::sha::kSha1HashLen);
|
cert_hash.alloc(crypto::sha::kSha1HashLen);
|
||||||
crypto::sha::Sha1(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data());
|
crypto::sha::Sha1(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data());
|
||||||
break;
|
break;
|
||||||
case (es::sign::HASH_ALGO_SHA256):
|
case (pki::sign::HASH_ALGO_SHA256):
|
||||||
cert_hash.alloc(crypto::sha::kSha256HashLen);
|
cert_hash.alloc(crypto::sha::kSha256HashLen);
|
||||||
crypto::sha::Sha256(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data());
|
crypto::sha::Sha256(cert.getBody().getBytes().data(), cert.getBody().getBytes().size(), cert_hash.data());
|
||||||
break;
|
break;
|
||||||
|
@ -86,19 +86,19 @@ void PkiValidator::clearCertificates()
|
||||||
mCertificateBank.clear();
|
mCertificateBank.clear();
|
||||||
}
|
}
|
||||||
|
|
||||||
void PkiValidator::validateSignature(const std::string& issuer, es::sign::SignatureId signature_id, const fnd::Vec<byte_t>& signature, const fnd::Vec<byte_t>& hash) const
|
void PkiValidator::validateSignature(const std::string& issuer, pki::sign::SignatureId signature_id, const fnd::Vec<byte_t>& signature, const fnd::Vec<byte_t>& hash) const
|
||||||
{
|
{
|
||||||
es::sign::SignatureAlgo sign_algo = es::sign::getSignatureAlgo(signature_id);
|
pki::sign::SignatureAlgo sign_algo = pki::sign::getSignatureAlgo(signature_id);
|
||||||
es::sign::HashAlgo hash_algo = es::sign::getHashAlgo(signature_id);
|
pki::sign::HashAlgo hash_algo = pki::sign::getHashAlgo(signature_id);
|
||||||
|
|
||||||
|
|
||||||
// validate signature
|
// validate signature
|
||||||
int sig_validate_res = -1;
|
int sig_validate_res = -1;
|
||||||
|
|
||||||
// special case if signed by Root
|
// special case if signed by Root
|
||||||
if (issuer == es::sign::kRootIssuerStr)
|
if (issuer == pki::sign::kRootIssuerStr)
|
||||||
{
|
{
|
||||||
if (sign_algo != es::sign::SIGN_ALGO_RSA4096)
|
if (sign_algo != pki::sign::SIGN_ALGO_RSA4096)
|
||||||
{
|
{
|
||||||
throw fnd::Exception(kModuleName, "Issued by Root, but does not have a RSA4096 signature");
|
throw fnd::Exception(kModuleName, "Issued by Root, but does not have a RSA4096 signature");
|
||||||
}
|
}
|
||||||
|
@ -107,18 +107,18 @@ void PkiValidator::validateSignature(const std::string& issuer, es::sign::Signat
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
// try to find issuer cert
|
// try to find issuer cert
|
||||||
const es::CertificateBody& issuer_cert = getCert(issuer).getBody();
|
const pki::CertificateBody& issuer_cert = getCert(issuer).getBody();
|
||||||
es::cert::PublicKeyType issuer_pubk_type = issuer_cert.getPublicKeyType();
|
pki::cert::PublicKeyType issuer_pubk_type = issuer_cert.getPublicKeyType();
|
||||||
|
|
||||||
if (issuer_pubk_type == es::cert::RSA4096 && sign_algo == es::sign::SIGN_ALGO_RSA4096)
|
if (issuer_pubk_type == pki::cert::RSA4096 && sign_algo == pki::sign::SIGN_ALGO_RSA4096)
|
||||||
{
|
{
|
||||||
sig_validate_res = crypto::rsa::pkcs::rsaVerify(issuer_cert.getRsa4098PublicKey(), getCryptoHashAlgoFromEsSignHashAlgo(hash_algo), hash.data(), signature.data());
|
sig_validate_res = crypto::rsa::pkcs::rsaVerify(issuer_cert.getRsa4098PublicKey(), getCryptoHashAlgoFromEsSignHashAlgo(hash_algo), hash.data(), signature.data());
|
||||||
}
|
}
|
||||||
else if (issuer_pubk_type == es::cert::RSA2048 && sign_algo == es::sign::SIGN_ALGO_RSA2048)
|
else if (issuer_pubk_type == pki::cert::RSA2048 && sign_algo == pki::sign::SIGN_ALGO_RSA2048)
|
||||||
{
|
{
|
||||||
sig_validate_res = crypto::rsa::pkcs::rsaVerify(issuer_cert.getRsa2048PublicKey(), getCryptoHashAlgoFromEsSignHashAlgo(hash_algo), hash.data(), signature.data());
|
sig_validate_res = crypto::rsa::pkcs::rsaVerify(issuer_cert.getRsa2048PublicKey(), getCryptoHashAlgoFromEsSignHashAlgo(hash_algo), hash.data(), signature.data());
|
||||||
}
|
}
|
||||||
else if (issuer_pubk_type == es::cert::ECDSA240 && sign_algo == es::sign::SIGN_ALGO_ECDSA240)
|
else if (issuer_pubk_type == pki::cert::ECDSA240 && sign_algo == pki::sign::SIGN_ALGO_ECDSA240)
|
||||||
{
|
{
|
||||||
throw fnd::Exception(kModuleName, "ECDSA signatures are not supported");
|
throw fnd::Exception(kModuleName, "ECDSA signatures are not supported");
|
||||||
}
|
}
|
||||||
|
@ -136,14 +136,14 @@ void PkiValidator::validateSignature(const std::string& issuer, es::sign::Signat
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void PkiValidator::makeCertIdent(const es::SignedData<es::CertificateBody>& cert, std::string& ident) const
|
void PkiValidator::makeCertIdent(const pki::SignedData<pki::CertificateBody>& cert, std::string& ident) const
|
||||||
{
|
{
|
||||||
makeCertIdent(cert.getBody().getIssuer(), cert.getBody().getSubject(), ident);
|
makeCertIdent(cert.getBody().getIssuer(), cert.getBody().getSubject(), ident);
|
||||||
}
|
}
|
||||||
|
|
||||||
void PkiValidator::makeCertIdent(const std::string& issuer, const std::string& subject, std::string& ident) const
|
void PkiValidator::makeCertIdent(const std::string& issuer, const std::string& subject, std::string& ident) const
|
||||||
{
|
{
|
||||||
ident = issuer + es::sign::kIdentDelimiter + subject;
|
ident = issuer + pki::sign::kIdentDelimiter + subject;
|
||||||
ident = ident.substr(0, _MIN(ident.length(),64));
|
ident = ident.substr(0, _MIN(ident.length(),64));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -164,7 +164,7 @@ bool PkiValidator::doesCertExist(const std::string& ident) const
|
||||||
return exists;
|
return exists;
|
||||||
}
|
}
|
||||||
|
|
||||||
const es::SignedData<es::CertificateBody>& PkiValidator::getCert(const std::string& ident) const
|
const pki::SignedData<pki::CertificateBody>& PkiValidator::getCert(const std::string& ident) const
|
||||||
{
|
{
|
||||||
std::string full_cert_name;
|
std::string full_cert_name;
|
||||||
for (size_t i = 0; i < mCertificateBank.size(); i++)
|
for (size_t i = 0; i < mCertificateBank.size(); i++)
|
||||||
|
@ -179,16 +179,16 @@ const es::SignedData<es::CertificateBody>& PkiValidator::getCert(const std::stri
|
||||||
throw fnd::Exception(kModuleName, "Issuer certificate does not exist");
|
throw fnd::Exception(kModuleName, "Issuer certificate does not exist");
|
||||||
}
|
}
|
||||||
|
|
||||||
crypto::sha::HashType PkiValidator::getCryptoHashAlgoFromEsSignHashAlgo(es::sign::HashAlgo hash_algo) const
|
crypto::sha::HashType PkiValidator::getCryptoHashAlgoFromEsSignHashAlgo(pki::sign::HashAlgo hash_algo) const
|
||||||
{
|
{
|
||||||
crypto::sha::HashType hash_type = crypto::sha::HASH_SHA1;
|
crypto::sha::HashType hash_type = crypto::sha::HASH_SHA1;
|
||||||
|
|
||||||
switch (hash_algo)
|
switch (hash_algo)
|
||||||
{
|
{
|
||||||
case (es::sign::HASH_ALGO_SHA1):
|
case (pki::sign::HASH_ALGO_SHA1):
|
||||||
hash_type = crypto::sha::HASH_SHA1;
|
hash_type = crypto::sha::HASH_SHA1;
|
||||||
break;
|
break;
|
||||||
case (es::sign::HASH_ALGO_SHA256):
|
case (pki::sign::HASH_ALGO_SHA256):
|
||||||
hash_type = crypto::sha::HASH_SHA256;
|
hash_type = crypto::sha::HASH_SHA256;
|
||||||
break;
|
break;
|
||||||
};
|
};
|
||||||
|
|
|
@ -3,8 +3,8 @@
|
||||||
#include <fnd/List.h>
|
#include <fnd/List.h>
|
||||||
#include <fnd/Vec.h>
|
#include <fnd/Vec.h>
|
||||||
#include <crypto/rsa.h>
|
#include <crypto/rsa.h>
|
||||||
#include <es/SignedData.h>
|
#include <pki/SignedData.h>
|
||||||
#include <es/CertificateBody.h>
|
#include <pki/CertificateBody.h>
|
||||||
#include <string>
|
#include <string>
|
||||||
|
|
||||||
class PkiValidator
|
class PkiValidator
|
||||||
|
@ -13,22 +13,22 @@ public:
|
||||||
PkiValidator();
|
PkiValidator();
|
||||||
|
|
||||||
void setRootKey(const crypto::rsa::sRsa4096Key& root_key);
|
void setRootKey(const crypto::rsa::sRsa4096Key& root_key);
|
||||||
void addCertificates(const fnd::List<es::SignedData<es::CertificateBody>>& certs);
|
void addCertificates(const fnd::List<pki::SignedData<pki::CertificateBody>>& certs);
|
||||||
void addCertificate(const es::SignedData<es::CertificateBody>& cert);
|
void addCertificate(const pki::SignedData<pki::CertificateBody>& cert);
|
||||||
void clearCertificates();
|
void clearCertificates();
|
||||||
|
|
||||||
void validateSignature(const std::string& issuer, es::sign::SignatureId signature_id, const fnd::Vec<byte_t>& signature, const fnd::Vec<byte_t>& hash) const;
|
void validateSignature(const std::string& issuer, pki::sign::SignatureId signature_id, const fnd::Vec<byte_t>& signature, const fnd::Vec<byte_t>& hash) const;
|
||||||
|
|
||||||
private:
|
private:
|
||||||
const std::string kModuleName = "NNPkiValidator";
|
const std::string kModuleName = "NNPkiValidator";
|
||||||
|
|
||||||
|
|
||||||
crypto::rsa::sRsa4096Key mRootKey;
|
crypto::rsa::sRsa4096Key mRootKey;
|
||||||
fnd::List<es::SignedData<es::CertificateBody>> mCertificateBank;
|
fnd::List<pki::SignedData<pki::CertificateBody>> mCertificateBank;
|
||||||
|
|
||||||
void makeCertIdent(const es::SignedData<es::CertificateBody>& cert, std::string& ident) const;
|
void makeCertIdent(const pki::SignedData<pki::CertificateBody>& cert, std::string& ident) const;
|
||||||
void makeCertIdent(const std::string& issuer, const std::string& subject, std::string& ident) const;
|
void makeCertIdent(const std::string& issuer, const std::string& subject, std::string& ident) const;
|
||||||
bool doesCertExist(const std::string& ident) const;
|
bool doesCertExist(const std::string& ident) const;
|
||||||
const es::SignedData<es::CertificateBody>& getCert(const std::string& ident) const;
|
const pki::SignedData<pki::CertificateBody>& getCert(const std::string& ident) const;
|
||||||
crypto::sha::HashType getCryptoHashAlgoFromEsSignHashAlgo(es::sign::HashAlgo hash_algo) const;
|
crypto::sha::HashType getCryptoHashAlgoFromEsSignHashAlgo(pki::sign::HashAlgo hash_algo) const;
|
||||||
};
|
};
|
|
@ -22,7 +22,7 @@
|
||||||
#include <nx/nso.h>
|
#include <nx/nso.h>
|
||||||
#include <nx/nro.h>
|
#include <nx/nro.h>
|
||||||
#include <nx/aset.h>
|
#include <nx/aset.h>
|
||||||
#include <es/SignatureBlock.h>
|
#include <pki/SignatureBlock.h>
|
||||||
|
|
||||||
UserSettings::UserSettings()
|
UserSettings::UserSettings()
|
||||||
{}
|
{}
|
||||||
|
@ -756,10 +756,10 @@ FileType UserSettings::determineFileTypeFromFile(const std::string& path)
|
||||||
// test nso
|
// test nso
|
||||||
else if (_ASSERT_SIZE(sizeof(nx::sNroHeader)) && _TYPE_PTR(nx::sNroHeader)->st_magic.get() == nx::nro::kNroStructMagic)
|
else if (_ASSERT_SIZE(sizeof(nx::sNroHeader)) && _TYPE_PTR(nx::sNroHeader)->st_magic.get() == nx::nro::kNroStructMagic)
|
||||||
file_type = FILE_NRO;
|
file_type = FILE_NRO;
|
||||||
// test es certificate
|
// test pki certificate
|
||||||
else if (determineValidEsCertFromSample(scratch))
|
else if (determineValidEsCertFromSample(scratch))
|
||||||
file_type = FILE_ES_CERT;
|
file_type = FILE_ES_CERT;
|
||||||
// test es ticket
|
// test ticket
|
||||||
else if (determineValidEsTikFromSample(scratch))
|
else if (determineValidEsTikFromSample(scratch))
|
||||||
file_type = FILE_ES_TIK;
|
file_type = FILE_ES_TIK;
|
||||||
// test hb asset
|
// test hb asset
|
||||||
|
@ -866,7 +866,7 @@ bool UserSettings::determineValidNacpFromSample(const fnd::Vec<byte_t>& sample)
|
||||||
|
|
||||||
bool UserSettings::determineValidEsCertFromSample(const fnd::Vec<byte_t>& sample) const
|
bool UserSettings::determineValidEsCertFromSample(const fnd::Vec<byte_t>& sample) const
|
||||||
{
|
{
|
||||||
es::SignatureBlock sign;
|
pki::SignatureBlock sign;
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
@ -880,7 +880,7 @@ bool UserSettings::determineValidEsCertFromSample(const fnd::Vec<byte_t>& sample
|
||||||
if (sign.isLittleEndian() == true)
|
if (sign.isLittleEndian() == true)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
if (sign.getSignType() != es::sign::SIGN_ID_RSA4096_SHA256 && sign.getSignType() != es::sign::SIGN_ID_RSA2048_SHA256 && sign.getSignType() != es::sign::SIGN_ID_ECDSA240_SHA256)
|
if (sign.getSignType() != pki::sign::SIGN_ID_RSA4096_SHA256 && sign.getSignType() != pki::sign::SIGN_ID_RSA2048_SHA256 && sign.getSignType() != pki::sign::SIGN_ID_ECDSA240_SHA256)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
@ -888,7 +888,7 @@ bool UserSettings::determineValidEsCertFromSample(const fnd::Vec<byte_t>& sample
|
||||||
|
|
||||||
bool UserSettings::determineValidEsTikFromSample(const fnd::Vec<byte_t>& sample) const
|
bool UserSettings::determineValidEsTikFromSample(const fnd::Vec<byte_t>& sample) const
|
||||||
{
|
{
|
||||||
es::SignatureBlock sign;
|
pki::SignatureBlock sign;
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
@ -902,7 +902,7 @@ bool UserSettings::determineValidEsTikFromSample(const fnd::Vec<byte_t>& sample)
|
||||||
if (sign.isLittleEndian() == false)
|
if (sign.isLittleEndian() == false)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
if (sign.getSignType() != es::sign::SIGN_ID_RSA2048_SHA256)
|
if (sign.getSignType() != pki::sign::SIGN_ID_RSA2048_SHA256)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
Loading…
Reference in a new issue