From 90e86fa9a60ab86ea1de163b642a7fed51ddabaa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9o=20Lam?= Date: Fri, 18 May 2018 21:20:43 +0200 Subject: [PATCH] ES/Formats: Move sha1 calculation to SignedBlobReader --- Source/Core/Core/IOS/ES/ES.cpp | 11 +---------- Source/Core/Core/IOS/ES/Formats.cpp | 25 +++++++++++++++++++++++++ Source/Core/Core/IOS/ES/Formats.h | 3 +++ 3 files changed, 29 insertions(+), 10 deletions(-) diff --git a/Source/Core/Core/IOS/ES/ES.cpp b/Source/Core/Core/IOS/ES/ES.cpp index 0743dc7efa..569d130389 100644 --- a/Source/Core/Core/IOS/ES/ES.cpp +++ b/Source/Core/Core/IOS/ES/ES.cpp @@ -11,8 +11,6 @@ #include #include -#include - #include "Common/ChunkFile.h" #include "Common/Logging/Log.h" #include "Common/MsgHandler.h" @@ -950,16 +948,9 @@ ReturnCode ES::VerifyContainer(VerifyContainerType type, VerifyMode mode, return ret; } - // Calculate the SHA1 of the signed blob. - const size_t skip = type == VerifyContainerType::Device ? offsetof(SignatureECC, issuer) : - offsetof(SignatureRSA2048, issuer); - std::array sha1; - mbedtls_sha1(signed_blob.GetBytes().data() + skip, signed_blob.GetBytes().size() - skip, - sha1.data()); - // Verify the signature. const std::vector signature = signed_blob.GetSignatureData(); - ret = iosc.VerifyPublicKeySign(sha1, issuer_handle, signature.data(), PID_ES); + ret = iosc.VerifyPublicKeySign(signed_blob.GetSha1(), issuer_handle, signature.data(), PID_ES); if (ret != IPC_SUCCESS) { ERROR_LOG(IOS_ES, "VerifyContainer: IOSC_VerifyPublicKeySign failed with error %d", ret); diff --git a/Source/Core/Core/IOS/ES/Formats.cpp b/Source/Core/Core/IOS/ES/Formats.cpp index 2cc39198ea..6039cacb8c 100644 --- a/Source/Core/Core/IOS/ES/Formats.cpp +++ b/Source/Core/Core/IOS/ES/Formats.cpp @@ -16,6 +16,8 @@ #include #include +#include + #include "Common/Assert.h" #include "Common/ChunkFile.h" #include "Common/CommonTypes.h" @@ -102,6 +104,29 @@ void SignedBlobReader::SetBytes(std::vector&& bytes) m_bytes = std::move(bytes); } +static size_t GetIssuerOffset(SignatureType signature_type) +{ + switch (signature_type) + { + case SignatureType::RSA2048: + return offsetof(SignatureRSA2048, issuer); + case SignatureType::RSA4096: + return offsetof(SignatureRSA4096, issuer); + case SignatureType::ECC: + return offsetof(SignatureECC, issuer); + default: + return 0; + } +} + +std::array SignedBlobReader::GetSha1() const +{ + std::array sha1; + const size_t skip = GetIssuerOffset(GetSignatureType()); + mbedtls_sha1(m_bytes.data() + skip, m_bytes.size() - skip, sha1.data()); + return sha1; +} + bool SignedBlobReader::IsSignatureValid() const { // Too small for the certificate type. diff --git a/Source/Core/Core/IOS/ES/Formats.h b/Source/Core/Core/IOS/ES/Formats.h index 1b1c1bbcb0..6afbf3407a 100644 --- a/Source/Core/Core/IOS/ES/Formats.h +++ b/Source/Core/Core/IOS/ES/Formats.h @@ -162,6 +162,9 @@ public: void SetBytes(const std::vector& bytes); void SetBytes(std::vector&& bytes); + /// Get the SHA1 hash for this signed blob (starting at the issuer). + std::array GetSha1() const; + // Only checks whether the signature data could be parsed. The signature is not verified. bool IsSignatureValid() const;