Change signing errors to be warnings when they fail.

This commit is contained in:
jakcron
2022-04-16 23:48:21 +08:00
parent 2ddca9b2eb
commit 037a2f96e1
4 changed files with 55 additions and 17 deletions
+16 -8
View File
@@ -6,8 +6,8 @@
#include "desc/presets.h"
#include "desc/dev_sigdata.h"
const int RSF_RSA_DATA_LEN = 344;
const int RSF_DESC_DATA_LEN = 684;
const size_t RSF_RSA_DATA_LEN = 344;
const size_t RSF_DESC_DATA_LEN = 684;
int accessdesc_SignWithKey(exheader_settings *exhdrset);
@@ -47,12 +47,20 @@ int accessdesc_SignWithKey(exheader_settings *exhdrset)
/* Sign AccessDesc */
if (Rsa2048Key_CanSign(&exhdrset->keys->rsa.acex) == false)
{
printf("[ACEXDESC WARNING] Failed to sign access descriptor\n");
printf("[ACEXDESC WARNING] Failed to sign access descriptor (key was incomplete)\n");
memset(exhdrset->acexDesc->signature, 0xFF, 0x100);
return 0;
}
return SignAccessDesc(exhdrset->acexDesc, exhdrset->keys);
int rsa_ret = SignAccessDesc(exhdrset->acexDesc, exhdrset->keys);
if (rsa_ret != 0)
{
printf("[ACEXDESC WARNING] Failed to sign access descriptor (mbedtls error = -0x%x)\n", -rsa_ret);
memset(exhdrset->acexDesc->signature, 0xFF, 0x100);
return 0;
}
return 0;
}
int accessdesc_GetSignFromRsf(exheader_settings *exhdrset)
@@ -68,7 +76,7 @@ int accessdesc_GetSignFromRsf(exheader_settings *exhdrset)
return COMMON_HEADER_KEY_NOT_FOUND;
}
if(b64_strlen(exhdrset->rsf->CommonHeaderKey.D) != RSF_RSA_DATA_LEN){
fprintf(stderr,"[ACEXDESC ERROR] \"CommonHeaderKey/D\" has invalid length (%d)\n",b64_strlen(exhdrset->rsf->CommonHeaderKey.D));
fprintf(stderr,"[ACEXDESC ERROR] \"CommonHeaderKey/D\" has invalid length (%d)\n", (int)b64_strlen(exhdrset->rsf->CommonHeaderKey.D));
return COMMON_HEADER_KEY_NOT_FOUND;
}
@@ -77,7 +85,7 @@ int accessdesc_GetSignFromRsf(exheader_settings *exhdrset)
return COMMON_HEADER_KEY_NOT_FOUND;
}
if(b64_strlen(exhdrset->rsf->CommonHeaderKey.Modulus) != RSF_RSA_DATA_LEN){
fprintf(stderr,"[ACEXDESC ERROR] \"CommonHeaderKey/Modulus\" has invalid length (%d)\n",b64_strlen(exhdrset->rsf->CommonHeaderKey.Modulus));
fprintf(stderr,"[ACEXDESC ERROR] \"CommonHeaderKey/Modulus\" has invalid length (%d)\n", (int)b64_strlen(exhdrset->rsf->CommonHeaderKey.Modulus));
return COMMON_HEADER_KEY_NOT_FOUND;
}
@@ -86,7 +94,7 @@ int accessdesc_GetSignFromRsf(exheader_settings *exhdrset)
return COMMON_HEADER_KEY_NOT_FOUND;
}
if(b64_strlen(exhdrset->rsf->CommonHeaderKey.AccCtlDescSign) != RSF_RSA_DATA_LEN){
fprintf(stderr,"[ACEXDESC ERROR] \"CommonHeaderKey/Signature\" has invalid length (%d)\n",b64_strlen(exhdrset->rsf->CommonHeaderKey.AccCtlDescSign));
fprintf(stderr,"[ACEXDESC ERROR] \"CommonHeaderKey/Signature\" has invalid length (%d)\n", (int)b64_strlen(exhdrset->rsf->CommonHeaderKey.AccCtlDescSign));
return COMMON_HEADER_KEY_NOT_FOUND;
}
@@ -95,7 +103,7 @@ int accessdesc_GetSignFromRsf(exheader_settings *exhdrset)
return COMMON_HEADER_KEY_NOT_FOUND;
}
if(b64_strlen(exhdrset->rsf->CommonHeaderKey.AccCtlDescBin) != RSF_DESC_DATA_LEN){
fprintf(stderr,"[ACEXDESC ERROR] \"CommonHeaderKey/Descriptor\" has invalid length (%d)\n",b64_strlen(exhdrset->rsf->CommonHeaderKey.AccCtlDescBin));
fprintf(stderr,"[ACEXDESC ERROR] \"CommonHeaderKey/Descriptor\" has invalid length (%d)\n", (int)b64_strlen(exhdrset->rsf->CommonHeaderKey.AccCtlDescBin));
return COMMON_HEADER_KEY_NOT_FOUND;
}
+18 -4
View File
@@ -38,12 +38,20 @@ int SignCFA(ncch_hdr *hdr, keys_struct *keys)
{
if (Rsa2048Key_CanSign(&keys->rsa.cciCfa) == false)
{
printf("[NCCH WARNING] Failed to sign CFA header\n");
printf("[NCCH WARNING] Failed to sign CFA header (key was incomplete)\n");
memset(GetNcchHdrSig(hdr), 0xFF, 0x100);
return 0;
}
return RsaSignVerify(GetNcchHdrData(hdr), GetNcchHdrDataLen(hdr), GetNcchHdrSig(hdr), keys->rsa.cciCfa.pub, keys->rsa.cciCfa.pvt, RSA_2048_SHA256, CTR_RSA_SIGN);
int rsa_ret = RsaSignVerify(GetNcchHdrData(hdr), GetNcchHdrDataLen(hdr), GetNcchHdrSig(hdr), keys->rsa.cciCfa.pub, keys->rsa.cciCfa.pvt, RSA_2048_SHA256, CTR_RSA_SIGN);
if (rsa_ret != 0)
{
printf("[NCCH WARNING] Failed to sign CFA header (mbedtls error = -0x%x)\n", -rsa_ret);
memset(GetNcchHdrSig(hdr), 0xFF, 0x100);
return 0;
}
return 0;
}
int CheckCFASignature(ncch_hdr *hdr, keys_struct *keys)
@@ -55,12 +63,18 @@ int SignCXI(ncch_hdr *hdr, keys_struct *keys)
{
if (Rsa2048Key_CanSign(&keys->rsa.cxi) == false)
{
printf("[NCCH WARNING] Failed to sign CXI header\n");
printf("[NCCH WARNING] Failed to sign CXI header (key was incomplete)\n");
memset(GetNcchHdrSig(hdr), 0xFF, 0x100);
return 0;
}
return RsaSignVerify(GetNcchHdrData(hdr), GetNcchHdrDataLen(hdr), GetNcchHdrSig(hdr), keys->rsa.cxi.pub, keys->rsa.cxi.pvt, RSA_2048_SHA256, CTR_RSA_SIGN);
int rsa_ret = RsaSignVerify(GetNcchHdrData(hdr), GetNcchHdrDataLen(hdr), GetNcchHdrSig(hdr), keys->rsa.cxi.pub, keys->rsa.cxi.pvt, RSA_2048_SHA256, CTR_RSA_SIGN);
if (rsa_ret != 0)
{
printf("[NCCH WARNING] Failed to sign CXI header (mbedtls error = -0x%x)\n", -rsa_ret);
memset(GetNcchHdrSig(hdr), 0xFF, 0x100);
return 0;
}
}
int CheckCXISignature(ncch_hdr *hdr, u8 *pubk)
+10 -2
View File
@@ -83,12 +83,20 @@ int SignTicketHeader(buffer_struct *tik, keys_struct *keys)
if (Rsa2048Key_CanSign(&keys->rsa.xs) == false)
{
printf("[TIK WARNING] Failed to sign header\n");
printf("[TIK WARNING] Failed to sign header (key was incomplete)\n");
memset(sig->data, 0xFF, 0x100);
return 0;
}
return RsaSignVerify(data, len, sig->data, keys->rsa.xs.pub, keys->rsa.xs.pvt, RSA_2048_SHA256, CTR_RSA_SIGN);
int rsa_ret = RsaSignVerify(data, len, sig->data, keys->rsa.xs.pub, keys->rsa.xs.pvt, RSA_2048_SHA256, CTR_RSA_SIGN);
if (rsa_ret != 0)
{
printf("[TIK WARNING] Failed to sign header (mbedtls error = -0x%x)\n", -rsa_ret);
memset(sig->data, 0xFF, 0x100);
return 0;
}
return 0;
}
int CryptTitleKey(u8 *input, u8 *output, u8 *titleId, keys_struct *keys, u8 mode)
+11 -3
View File
@@ -33,7 +33,7 @@ int BuildTMD(cia_settings *ciaset)
result = SetupTMDHeader(hdr,info_record,ciaset);
if(result) return result;
result = SignTMDHeader(hdr,sig,ciaset->keys);
return 0;
return result;
}
int SetupTMDBuffer(buffer_struct *tmd)
@@ -73,12 +73,20 @@ int SignTMDHeader(tmd_hdr *hdr, tmd_signature *sig, keys_struct *keys)
if (Rsa2048Key_CanSign(&keys->rsa.cp) == false)
{
printf("[TMD WARNING] Failed to sign header\n");
printf("[TMD WARNING] Failed to sign header (key was incomplete)\n");
memset(sig->data, 0xFF, 0x100);
return 0;
}
return RsaSignVerify((u8*)hdr, sizeof(tmd_hdr), sig->data, keys->rsa.cp.pub, keys->rsa.cp.pvt, RSA_2048_SHA256, CTR_RSA_SIGN);
int rsa_ret = RsaSignVerify((u8*)hdr, sizeof(tmd_hdr), sig->data, keys->rsa.cp.pub, keys->rsa.cp.pvt, RSA_2048_SHA256, CTR_RSA_SIGN);
if (rsa_ret != 0)
{
printf("[TMD WARNING] Failed to sign header (mbedtls error = -0x%x)\n", -rsa_ret);
memset(sig->data, 0xFF, 0x100);
return 0;
}
return 0;
}
int SetupTMDInfoRecord(tmd_content_info_record *info_record, u8 *content_record, u16 ContentCount)