2020-04-16 01:06:41 +01:00
|
|
|
/*
|
2020-07-03 10:31:22 +01:00
|
|
|
* cert.c
|
2020-04-16 01:06:41 +01:00
|
|
|
*
|
2023-04-08 12:42:22 +01:00
|
|
|
* Copyright (c) 2020-2023, DarkMatterCore <pabloacurielz@gmail.com>.
|
2020-07-03 10:31:22 +01:00
|
|
|
*
|
|
|
|
* This file is part of nxdumptool (https://github.com/DarkMatterCore/nxdumptool).
|
|
|
|
*
|
2021-03-25 19:26:58 +00:00
|
|
|
* nxdumptool is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
|
|
* (at your option) any later version.
|
2020-04-16 01:06:41 +01:00
|
|
|
*
|
2021-03-25 19:26:58 +00:00
|
|
|
* nxdumptool is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2020-04-16 01:06:41 +01:00
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2021-03-25 19:26:58 +00:00
|
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
2020-04-16 01:06:41 +01:00
|
|
|
*/
|
|
|
|
|
2021-03-26 04:35:14 +00:00
|
|
|
#include "nxdt_utils.h"
|
2020-04-11 06:28:26 +01:00
|
|
|
#include "cert.h"
|
|
|
|
#include "save.h"
|
2020-07-03 10:31:22 +01:00
|
|
|
#include "gamecard.h"
|
2020-04-11 06:28:26 +01:00
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
#define CERT_SAVEFILE_PATH BIS_SYSTEM_PARTITION_MOUNT_NAME "/save/80000000000000e0"
|
2020-04-11 06:28:26 +01:00
|
|
|
#define CERT_SAVEFILE_STORAGE_BASE_PATH "/certificate/"
|
|
|
|
|
2020-07-03 10:31:22 +01:00
|
|
|
#define CERT_TYPE(sig) (pub_key_type == CertPubKeyType_Rsa4096 ? CertType_Sig##sig##_PubKeyRsa4096 : \
|
|
|
|
(pub_key_type == CertPubKeyType_Rsa2048 ? CertType_Sig##sig##_PubKeyRsa2048 : CertType_Sig##sig##_PubKeyEcc480))
|
2020-04-15 21:50:07 +01:00
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
/* Global variables. */
|
|
|
|
|
|
|
|
static save_ctx_t *g_esCertSaveCtx = NULL;
|
2020-05-03 00:40:50 +01:00
|
|
|
static Mutex g_esCertSaveMutex = 0;
|
2020-04-17 22:59:05 +01:00
|
|
|
|
2020-04-15 21:50:07 +01:00
|
|
|
/* Function prototypes. */
|
2020-04-11 06:28:26 +01:00
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
static bool certOpenEsCertSaveFile(void);
|
|
|
|
static void certCloseEsCertSaveFile(void);
|
|
|
|
|
|
|
|
static bool _certRetrieveCertificateByName(Certificate *dst, const char *name);
|
2020-07-03 10:31:22 +01:00
|
|
|
static u8 certGetCertificateType(void *data, u64 data_size);
|
2020-04-17 22:59:05 +01:00
|
|
|
|
|
|
|
static bool _certRetrieveCertificateChainBySignatureIssuer(CertificateChain *dst, const char *issuer);
|
2020-04-11 06:28:26 +01:00
|
|
|
static u32 certGetCertificateCountInSignatureIssuer(const char *issuer);
|
2020-04-17 22:59:05 +01:00
|
|
|
|
2020-04-11 06:28:26 +01:00
|
|
|
static u64 certCalculateRawCertificateChainSize(const CertificateChain *chain);
|
|
|
|
static void certCopyCertificateChainDataToMemoryBuffer(void *dst, const CertificateChain *chain);
|
|
|
|
|
|
|
|
bool certRetrieveCertificateByName(Certificate *dst, const char *name)
|
|
|
|
{
|
2020-10-15 01:06:53 +01:00
|
|
|
if (!dst || !name || !*name)
|
2020-04-11 06:28:26 +01:00
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Invalid parameters!");
|
2021-05-18 13:32:43 +01:00
|
|
|
return false;
|
2020-04-11 06:28:26 +01:00
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2021-05-18 13:32:43 +01:00
|
|
|
bool ret = false;
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2021-05-18 13:32:43 +01:00
|
|
|
SCOPED_LOCK(&g_esCertSaveMutex)
|
|
|
|
{
|
|
|
|
if (!certOpenEsCertSaveFile()) break;
|
|
|
|
ret = _certRetrieveCertificateByName(dst, name);
|
|
|
|
certCloseEsCertSaveFile();
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool certRetrieveCertificateChainBySignatureIssuer(CertificateChain *dst, const char *issuer)
|
|
|
|
{
|
2021-03-07 23:22:49 +00:00
|
|
|
if (!dst || !issuer || strncmp(issuer, "Root-", 5) != 0)
|
2020-04-11 06:28:26 +01:00
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Invalid parameters!");
|
2021-05-18 13:32:43 +01:00
|
|
|
return false;
|
2020-04-11 06:28:26 +01:00
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2021-05-18 13:32:43 +01:00
|
|
|
bool ret = false;
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2021-05-18 13:32:43 +01:00
|
|
|
SCOPED_LOCK(&g_esCertSaveMutex)
|
|
|
|
{
|
|
|
|
if (!certOpenEsCertSaveFile()) break;
|
|
|
|
ret = _certRetrieveCertificateChainBySignatureIssuer(dst, issuer);
|
|
|
|
certCloseEsCertSaveFile();
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
return ret;
|
2020-04-11 06:28:26 +01:00
|
|
|
}
|
|
|
|
|
2020-07-03 10:31:22 +01:00
|
|
|
u8 *certGenerateRawCertificateChainBySignatureIssuer(const char *issuer, u64 *out_size)
|
2020-04-19 23:44:22 +01:00
|
|
|
{
|
2020-10-15 01:06:53 +01:00
|
|
|
if (!issuer || !*issuer || !out_size)
|
2020-04-19 23:44:22 +01:00
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Invalid parameters!");
|
2020-04-19 23:44:22 +01:00
|
|
|
return NULL;
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-07-03 10:31:22 +01:00
|
|
|
CertificateChain chain = {0};
|
|
|
|
u8 *raw_chain = NULL;
|
|
|
|
u64 raw_chain_size = 0;
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-07-03 10:31:22 +01:00
|
|
|
if (!certRetrieveCertificateChainBySignatureIssuer(&chain, issuer))
|
2020-04-19 23:44:22 +01:00
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Error retrieving certificate chain for \"%s\"!", issuer);
|
2020-07-03 10:31:22 +01:00
|
|
|
return NULL;
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-07-03 10:31:22 +01:00
|
|
|
raw_chain_size = certCalculateRawCertificateChainSize(&chain);
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-07-03 10:31:22 +01:00
|
|
|
raw_chain = malloc(raw_chain_size);
|
|
|
|
if (!raw_chain)
|
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Unable to allocate memory for raw \"%s\" certificate chain! (0x%lX).", issuer, raw_chain_size);
|
2020-07-13 07:36:17 +01:00
|
|
|
goto end;
|
2020-04-19 23:44:22 +01:00
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-07-03 10:31:22 +01:00
|
|
|
certCopyCertificateChainDataToMemoryBuffer(raw_chain, &chain);
|
|
|
|
*out_size = raw_chain_size;
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-07-13 07:36:17 +01:00
|
|
|
end:
|
2020-07-03 10:31:22 +01:00
|
|
|
certFreeCertificateChain(&chain);
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-07-03 10:31:22 +01:00
|
|
|
return raw_chain;
|
2020-04-19 23:44:22 +01:00
|
|
|
}
|
|
|
|
|
2020-07-03 10:31:22 +01:00
|
|
|
u8 *certRetrieveRawCertificateChainFromGameCardByRightsId(const FsRightsId *id, u64 *out_size)
|
2020-04-11 06:28:26 +01:00
|
|
|
{
|
2020-07-03 10:31:22 +01:00
|
|
|
if (!id || !out_size)
|
2020-04-11 06:28:26 +01:00
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Invalid parameters!");
|
2020-04-11 06:28:26 +01:00
|
|
|
return NULL;
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-07-03 10:31:22 +01:00
|
|
|
char raw_chain_filename[0x30] = {0};
|
|
|
|
u64 raw_chain_offset = 0, raw_chain_size = 0;
|
2020-04-11 06:28:26 +01:00
|
|
|
u8 *raw_chain = NULL;
|
2020-07-03 10:31:22 +01:00
|
|
|
bool success = false;
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2021-05-11 23:36:15 +01:00
|
|
|
utilsGenerateHexStringFromData(raw_chain_filename, sizeof(raw_chain_filename), id->c, sizeof(id->c), false);
|
2020-07-03 10:31:22 +01:00
|
|
|
strcat(raw_chain_filename, ".cert");
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2023-05-24 20:05:34 +01:00
|
|
|
if (!gamecardGetHashFileSystemEntryInfoByName(HashFileSystemPartitionType_Secure, raw_chain_filename, &raw_chain_offset, &raw_chain_size))
|
2020-04-11 06:28:26 +01:00
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Error retrieving offset and size for \"%s\" entry in secure hash FS partition!", raw_chain_filename);
|
2020-04-11 06:28:26 +01:00
|
|
|
return NULL;
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-07-03 10:31:22 +01:00
|
|
|
if (raw_chain_size < SIGNED_CERT_MIN_SIZE)
|
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Invalid size for \"%s\"! (0x%lX).", raw_chain_filename, raw_chain_size);
|
2020-07-03 10:31:22 +01:00
|
|
|
return NULL;
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-11 06:28:26 +01:00
|
|
|
raw_chain = malloc(raw_chain_size);
|
|
|
|
if (!raw_chain)
|
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Unable to allocate memory for raw \"%s\" certificate chain! (0x%lX).", raw_chain_filename, raw_chain_size);
|
2020-07-03 10:31:22 +01:00
|
|
|
return NULL;
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-07-03 10:31:22 +01:00
|
|
|
if (!gamecardReadStorage(raw_chain, raw_chain_size, raw_chain_offset))
|
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Failed to read \"%s\" data from the inserted gamecard!", raw_chain_filename);
|
2020-07-13 07:36:17 +01:00
|
|
|
goto end;
|
2020-04-11 06:28:26 +01:00
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-11 06:28:26 +01:00
|
|
|
*out_size = raw_chain_size;
|
2020-07-03 10:31:22 +01:00
|
|
|
success = true;
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-07-13 07:36:17 +01:00
|
|
|
end:
|
2020-07-03 10:31:22 +01:00
|
|
|
if (!success && raw_chain)
|
|
|
|
{
|
|
|
|
free(raw_chain);
|
|
|
|
raw_chain = NULL;
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-11 06:28:26 +01:00
|
|
|
return raw_chain;
|
|
|
|
}
|
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
static bool certOpenEsCertSaveFile(void)
|
|
|
|
{
|
|
|
|
if (g_esCertSaveCtx) return true;
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
g_esCertSaveCtx = save_open_savefile(CERT_SAVEFILE_PATH, 0);
|
|
|
|
if (!g_esCertSaveCtx)
|
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Failed to open ES certificate system savefile!");
|
2020-04-17 22:59:05 +01:00
|
|
|
return false;
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void certCloseEsCertSaveFile(void)
|
|
|
|
{
|
2020-07-03 10:31:22 +01:00
|
|
|
if (!g_esCertSaveCtx) return;
|
|
|
|
save_close_savefile(g_esCertSaveCtx);
|
|
|
|
g_esCertSaveCtx = NULL;
|
2020-04-17 22:59:05 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
static bool _certRetrieveCertificateByName(Certificate *dst, const char *name)
|
|
|
|
{
|
2020-07-03 10:31:22 +01:00
|
|
|
if (!g_esCertSaveCtx)
|
2020-04-17 22:59:05 +01:00
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("ES certificate savefile not opened!");
|
2020-04-17 22:59:05 +01:00
|
|
|
return false;
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
u64 cert_size = 0;
|
|
|
|
char cert_path[SAVE_FS_LIST_MAX_NAME_LENGTH] = {0};
|
|
|
|
allocation_table_storage_ctx_t fat_storage = {0};
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-07-03 10:31:22 +01:00
|
|
|
snprintf(cert_path, SAVE_FS_LIST_MAX_NAME_LENGTH, CERT_SAVEFILE_STORAGE_BASE_PATH "%s", name);
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
if (!save_get_fat_storage_from_file_entry_by_path(g_esCertSaveCtx, cert_path, &fat_storage, &cert_size))
|
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Failed to locate certificate \"%s\" in ES certificate system save!", name);
|
2020-04-17 22:59:05 +01:00
|
|
|
return false;
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-07-03 10:31:22 +01:00
|
|
|
if (cert_size < SIGNED_CERT_MIN_SIZE || cert_size > SIGNED_CERT_MAX_SIZE)
|
2020-04-17 22:59:05 +01:00
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Invalid size for certificate \"%s\"! (0x%lX).", name, cert_size);
|
2020-04-17 22:59:05 +01:00
|
|
|
return false;
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
dst->size = cert_size;
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
u64 br = save_allocation_table_storage_read(&fat_storage, dst->data, 0, dst->size);
|
|
|
|
if (br != dst->size)
|
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Failed to read 0x%lX bytes from certificate \"%s\"! Read 0x%lX bytes.", dst->size, name, br);
|
2020-04-17 22:59:05 +01:00
|
|
|
return false;
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
dst->type = certGetCertificateType(dst->data, dst->size);
|
2020-04-19 23:44:22 +01:00
|
|
|
if (dst->type == CertType_None)
|
2020-04-17 22:59:05 +01:00
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Invalid certificate type for \"%s\"!", name);
|
2020-04-17 22:59:05 +01:00
|
|
|
return false;
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2020-07-03 10:31:22 +01:00
|
|
|
static u8 certGetCertificateType(void *data, u64 data_size)
|
2020-04-11 06:28:26 +01:00
|
|
|
{
|
2020-07-03 10:31:22 +01:00
|
|
|
CertCommonBlock *cert_common_block = NULL;
|
|
|
|
u32 sig_type = 0, pub_key_type = 0;
|
|
|
|
u64 signed_cert_size = 0;
|
|
|
|
u8 type = CertType_None;
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-07-03 10:31:22 +01:00
|
|
|
if (!data || data_size < SIGNED_CERT_MIN_SIZE || data_size > SIGNED_CERT_MAX_SIZE)
|
2020-04-11 06:28:26 +01:00
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Invalid parameters!");
|
2020-07-03 10:31:22 +01:00
|
|
|
return type;
|
2020-04-11 06:28:26 +01:00
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-07-03 10:31:22 +01:00
|
|
|
if (!(cert_common_block = certGetCommonBlock(data)) || !(signed_cert_size = certGetSignedCertificateSize(data)) || signed_cert_size > data_size)
|
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Input buffer doesn't hold a valid signed certificate!");
|
2020-07-03 10:31:22 +01:00
|
|
|
return type;
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-07-03 10:31:22 +01:00
|
|
|
sig_type = signatureGetSigType(data, true);
|
|
|
|
pub_key_type = __builtin_bswap32(cert_common_block->pub_key_type);
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-11 06:28:26 +01:00
|
|
|
switch(sig_type)
|
|
|
|
{
|
|
|
|
case SignatureType_Rsa4096Sha1:
|
|
|
|
case SignatureType_Rsa4096Sha256:
|
2020-07-03 10:31:22 +01:00
|
|
|
type = CERT_TYPE(Rsa4096);
|
2020-04-11 06:28:26 +01:00
|
|
|
break;
|
|
|
|
case SignatureType_Rsa2048Sha1:
|
|
|
|
case SignatureType_Rsa2048Sha256:
|
2020-07-03 10:31:22 +01:00
|
|
|
type = CERT_TYPE(Rsa2048);
|
2020-04-11 06:28:26 +01:00
|
|
|
break;
|
2020-04-29 22:11:27 +01:00
|
|
|
case SignatureType_Ecc480Sha1:
|
|
|
|
case SignatureType_Ecc480Sha256:
|
2020-07-03 10:31:22 +01:00
|
|
|
type = CERT_TYPE(Ecc480);
|
2020-04-29 22:11:27 +01:00
|
|
|
break;
|
|
|
|
case SignatureType_Hmac160Sha1:
|
2020-07-03 10:31:22 +01:00
|
|
|
type = CERT_TYPE(Hmac160);
|
2020-04-11 06:28:26 +01:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-11 06:28:26 +01:00
|
|
|
return type;
|
|
|
|
}
|
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
static bool _certRetrieveCertificateChainBySignatureIssuer(CertificateChain *dst, const char *issuer)
|
|
|
|
{
|
2020-07-03 10:31:22 +01:00
|
|
|
if (!g_esCertSaveCtx)
|
2020-04-17 22:59:05 +01:00
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("ES certificate savefile not opened!");
|
2020-04-17 22:59:05 +01:00
|
|
|
return false;
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
u32 i = 0;
|
2021-07-21 16:04:18 +01:00
|
|
|
char issuer_copy[0x40] = {0}, *pch = NULL, *state = NULL;
|
2020-04-17 22:59:05 +01:00
|
|
|
bool success = true;
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
dst->count = certGetCertificateCountInSignatureIssuer(issuer);
|
|
|
|
if (!dst->count)
|
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Invalid signature issuer string!");
|
2020-04-17 22:59:05 +01:00
|
|
|
return false;
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
dst->certs = calloc(dst->count, sizeof(Certificate));
|
|
|
|
if (!dst->certs)
|
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Unable to allocate memory for the certificate chain! (0x%lX).", dst->count * sizeof(Certificate));
|
2020-04-17 22:59:05 +01:00
|
|
|
return false;
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2021-07-21 16:04:18 +01:00
|
|
|
/* Copy string to avoid problems with strtok_r(). */
|
2020-07-06 01:10:07 +01:00
|
|
|
/* The "Root-" parent from the issuer string is skipped. */
|
2021-07-21 16:04:18 +01:00
|
|
|
snprintf(issuer_copy, sizeof(issuer_copy), "%s", issuer + 5);
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2021-07-21 16:04:18 +01:00
|
|
|
pch = strtok_r(issuer_copy, "-", &state);
|
2021-08-07 09:42:03 +01:00
|
|
|
while(pch)
|
2020-04-17 22:59:05 +01:00
|
|
|
{
|
|
|
|
if (!_certRetrieveCertificateByName(&(dst->certs[i]), pch))
|
|
|
|
{
|
2022-07-12 17:34:49 +01:00
|
|
|
LOG_MSG_ERROR("Unable to retrieve certificate \"%s\"!", pch);
|
2020-04-17 22:59:05 +01:00
|
|
|
success = false;
|
|
|
|
break;
|
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
i++;
|
2021-07-21 16:04:18 +01:00
|
|
|
pch = strtok_r(NULL, "-", &state);
|
2020-04-17 22:59:05 +01:00
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
if (!success) certFreeCertificateChain(dst);
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-17 22:59:05 +01:00
|
|
|
return success;
|
|
|
|
}
|
|
|
|
|
2020-04-11 06:28:26 +01:00
|
|
|
static u32 certGetCertificateCountInSignatureIssuer(const char *issuer)
|
|
|
|
{
|
2020-10-15 01:06:53 +01:00
|
|
|
if (!issuer || !*issuer) return 0;
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-11 06:28:26 +01:00
|
|
|
u32 count = 0;
|
2021-07-21 16:04:18 +01:00
|
|
|
char issuer_copy[0x40] = {0}, *pch = NULL, *state = NULL;
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2021-07-21 16:04:18 +01:00
|
|
|
/* Copy string to avoid problems with strtok_r(). */
|
2020-07-06 01:10:07 +01:00
|
|
|
/* The "Root-" parent from the issuer string is skipped. */
|
2021-07-21 16:04:18 +01:00
|
|
|
snprintf(issuer_copy, sizeof(issuer_copy), "%s", issuer + 5);
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2021-07-21 16:04:18 +01:00
|
|
|
pch = strtok_r(issuer_copy, "-", &state);
|
2021-08-07 09:42:03 +01:00
|
|
|
while(pch)
|
2020-04-11 06:28:26 +01:00
|
|
|
{
|
|
|
|
count++;
|
2021-07-21 16:04:18 +01:00
|
|
|
pch = strtok_r(NULL, "-", &state);
|
2020-04-11 06:28:26 +01:00
|
|
|
}
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-11 06:28:26 +01:00
|
|
|
return count;
|
|
|
|
}
|
|
|
|
|
|
|
|
static u64 certCalculateRawCertificateChainSize(const CertificateChain *chain)
|
|
|
|
{
|
|
|
|
if (!chain || !chain->count || !chain->certs) return 0;
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-11 06:28:26 +01:00
|
|
|
u64 chain_size = 0;
|
|
|
|
for(u32 i = 0; i < chain->count; i++) chain_size += chain->certs[i].size;
|
|
|
|
return chain_size;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void certCopyCertificateChainDataToMemoryBuffer(void *dst, const CertificateChain *chain)
|
|
|
|
{
|
|
|
|
if (!chain || !chain->count || !chain->certs) return;
|
2022-07-05 02:04:28 +01:00
|
|
|
|
2020-04-11 06:28:26 +01:00
|
|
|
u8 *dst_u8 = (u8*)dst;
|
|
|
|
for(u32 i = 0; i < chain->count; i++)
|
|
|
|
{
|
2020-10-14 19:58:33 +01:00
|
|
|
Certificate *cert = &(chain->certs[i]);
|
|
|
|
memcpy(dst_u8, cert->data, cert->size);
|
|
|
|
dst_u8 += cert->size;
|
2020-04-11 06:28:26 +01:00
|
|
|
}
|
|
|
|
}
|