Permalink
Browse files

ES/Formats: Move sha1 calculation to SignedBlobReader

  • Loading branch information...
leoetlino committed May 18, 2018
1 parent fbf79f8 commit 90e86fa9a60ab86ea1de163b642a7fed51ddabaa
Showing with 29 additions and 10 deletions.
  1. +1 −10 Source/Core/Core/IOS/ES/ES.cpp
  2. +25 −0 Source/Core/Core/IOS/ES/Formats.cpp
  3. +3 −0 Source/Core/Core/IOS/ES/Formats.h
@@ -11,8 +11,6 @@
#include <utility>
#include <vector>
#include <mbedtls/sha1.h>
#include "Common/ChunkFile.h"
#include "Common/Logging/Log.h"
#include "Common/MsgHandler.h"
@@ -950,16 +948,9 @@ ReturnCode ES::VerifyContainer(VerifyContainerType type, VerifyMode mode,
return ret;
}
// Calculate the SHA1 of the signed blob.
const size_t skip = type == VerifyContainerType::Device ? offsetof(SignatureECC, issuer) :
offsetof(SignatureRSA2048, issuer);
std::array<u8, 20> sha1;
mbedtls_sha1(signed_blob.GetBytes().data() + skip, signed_blob.GetBytes().size() - skip,
sha1.data());
// Verify the signature.
const std::vector<u8> signature = signed_blob.GetSignatureData();
ret = iosc.VerifyPublicKeySign(sha1, issuer_handle, signature.data(), PID_ES);
ret = iosc.VerifyPublicKeySign(signed_blob.GetSha1(), issuer_handle, signature.data(), PID_ES);
if (ret != IPC_SUCCESS)
{
ERROR_LOG(IOS_ES, "VerifyContainer: IOSC_VerifyPublicKeySign failed with error %d", ret);
@@ -16,6 +16,8 @@
#include <utility>
#include <vector>
#include <mbedtls/sha1.h>
#include "Common/Assert.h"
#include "Common/ChunkFile.h"
#include "Common/CommonTypes.h"
@@ -102,6 +104,29 @@ void SignedBlobReader::SetBytes(std::vector<u8>&& bytes)
m_bytes = std::move(bytes);
}
static size_t GetIssuerOffset(SignatureType signature_type)
{
switch (signature_type)
{
case SignatureType::RSA2048:
return offsetof(SignatureRSA2048, issuer);
case SignatureType::RSA4096:
return offsetof(SignatureRSA4096, issuer);
case SignatureType::ECC:
return offsetof(SignatureECC, issuer);
default:
return 0;
}
}
std::array<u8, 20> SignedBlobReader::GetSha1() const
{
std::array<u8, 20> sha1;
const size_t skip = GetIssuerOffset(GetSignatureType());
mbedtls_sha1(m_bytes.data() + skip, m_bytes.size() - skip, sha1.data());
return sha1;
}
bool SignedBlobReader::IsSignatureValid() const
{
// Too small for the certificate type.
@@ -162,6 +162,9 @@ class SignedBlobReader
void SetBytes(const std::vector<u8>& bytes);
void SetBytes(std::vector<u8>&& bytes);
/// Get the SHA1 hash for this signed blob (starting at the issuer).
std::array<u8, 20> GetSha1() const;
// Only checks whether the signature data could be parsed. The signature is not verified.
bool IsSignatureValid() const;

0 comments on commit 90e86fa

Please sign in to comment.