loader: improve verification terminology

This commit is contained in:
Michael Scire 2020-09-08 15:34:22 -07:00
parent b7d99b732a
commit 074364753f
7 changed files with 41 additions and 41 deletions

View file

@ -19,17 +19,17 @@
namespace ams::fs { namespace ams::fs {
struct CodeInfo { struct CodeVerificationData {
u8 signature[crypto::Rsa2048PssSha256Verifier::SignatureSize]; u8 signature[crypto::Rsa2048PssSha256Verifier::SignatureSize];
u8 hash[crypto::Rsa2048PssSha256Verifier::HashSize]; u8 target_hash[crypto::Rsa2048PssSha256Verifier::HashSize];
bool is_signed; bool has_data;
u8 reserved[3]; u8 reserved[3];
}; };
static_assert(sizeof(CodeInfo) == crypto::Rsa2048PssSha256Verifier::SignatureSize + crypto::Rsa2048PssSha256Verifier::HashSize + 4); static_assert(sizeof(CodeVerificationData) == crypto::Rsa2048PssSha256Verifier::SignatureSize + crypto::Rsa2048PssSha256Verifier::HashSize + 4);
Result MountCode(CodeInfo *out, const char *name, const char *path, ncm::ProgramId program_id); Result MountCode(CodeVerificationData *out, const char *name, const char *path, ncm::ProgramId program_id);
Result MountCodeForAtmosphereWithRedirection(CodeInfo *out, const char *name, const char *path, ncm::ProgramId program_id, bool is_hbl, bool is_specific); Result MountCodeForAtmosphereWithRedirection(CodeVerificationData *out, const char *name, const char *path, ncm::ProgramId program_id, bool is_hbl, bool is_specific);
Result MountCodeForAtmosphere(CodeInfo *out, const char *name, const char *path, ncm::ProgramId program_id); Result MountCodeForAtmosphere(CodeVerificationData *out, const char *name, const char *path, ncm::ProgramId program_id);
} }

View file

@ -20,15 +20,15 @@ namespace ams::fs {
namespace { namespace {
Result OpenCodeFileSystemImpl(CodeInfo *out_code_info, std::unique_ptr<fsa::IFileSystem> *out, const char *path, ncm::ProgramId program_id) { Result OpenCodeFileSystemImpl(CodeVerificationData *out_verification_data, std::unique_ptr<fsa::IFileSystem> *out, const char *path, ncm::ProgramId program_id) {
/* Print a path suitable for the remote service. */ /* Print a path suitable for the remote service. */
fssrv::sf::Path sf_path; fssrv::sf::Path sf_path;
R_TRY(FspPathPrintf(std::addressof(sf_path), "%s", path)); R_TRY(FspPathPrintf(std::addressof(sf_path), "%s", path));
/* Open the filesystem using libnx bindings. */ /* Open the filesystem using libnx bindings. */
static_assert(sizeof(CodeInfo) == sizeof(::FsCodeInfo)); static_assert(sizeof(CodeVerificationData) == sizeof(::FsCodeInfo));
::FsFileSystem fs; ::FsFileSystem fs;
R_TRY(fsldrOpenCodeFileSystem(reinterpret_cast<::FsCodeInfo *>(out_code_info), program_id.value, sf_path.str, std::addressof(fs))); R_TRY(fsldrOpenCodeFileSystem(reinterpret_cast<::FsCodeInfo *>(out_verification_data), program_id.value, sf_path.str, std::addressof(fs)));
/* Allocate a new filesystem wrapper. */ /* Allocate a new filesystem wrapper. */
auto fsa = std::make_unique<RemoteFileSystem>(fs); auto fsa = std::make_unique<RemoteFileSystem>(fs);
@ -62,12 +62,12 @@ namespace ams::fs {
return OpenPackageFileSystemImpl(out, sf_path.str); return OpenPackageFileSystemImpl(out, sf_path.str);
} }
Result OpenSdCardCodeOrCodeFileSystemImpl(CodeInfo *out_code_info, std::unique_ptr<fsa::IFileSystem> *out, const char *path, ncm::ProgramId program_id) { Result OpenSdCardCodeOrCodeFileSystemImpl(CodeVerificationData *out_verification_data, std::unique_ptr<fsa::IFileSystem> *out, const char *path, ncm::ProgramId program_id) {
/* If we can open an sd card code fs, use it. */ /* If we can open an sd card code fs, use it. */
R_SUCCEED_IF(R_SUCCEEDED(OpenSdCardCodeFileSystemImpl(out, program_id))); R_SUCCEED_IF(R_SUCCEEDED(OpenSdCardCodeFileSystemImpl(out, program_id)));
/* Otherwise, fall back to a normal code fs. */ /* Otherwise, fall back to a normal code fs. */
return OpenCodeFileSystemImpl(out_code_info, out, path, program_id); return OpenCodeFileSystemImpl(out_verification_data, out, path, program_id);
} }
Result OpenHblCodeFileSystemImpl(std::unique_ptr<fsa::IFileSystem> *out) { Result OpenHblCodeFileSystemImpl(std::unique_ptr<fsa::IFileSystem> *out) {
@ -227,7 +227,7 @@ namespace ams::fs {
public: public:
AtmosphereCodeFileSystem() : initialized(false) { /* ... */ } AtmosphereCodeFileSystem() : initialized(false) { /* ... */ }
Result Initialize(CodeInfo *out_code_info, const char *path, ncm::ProgramId program_id, bool is_hbl, bool is_specific) { Result Initialize(CodeVerificationData *out_verification_data, const char *path, ncm::ProgramId program_id, bool is_hbl, bool is_specific) {
AMS_ABORT_UNLESS(!this->initialized); AMS_ABORT_UNLESS(!this->initialized);
/* If we're hbl, we need to open a hbl fs. */ /* If we're hbl, we need to open a hbl fs. */
@ -239,7 +239,7 @@ namespace ams::fs {
/* Open the code filesystem. */ /* Open the code filesystem. */
std::unique_ptr<fsa::IFileSystem> fsa; std::unique_ptr<fsa::IFileSystem> fsa;
R_TRY(OpenSdCardCodeOrCodeFileSystemImpl(out_code_info, std::addressof(fsa), path, program_id)); R_TRY(OpenSdCardCodeOrCodeFileSystemImpl(out_verification_data, std::addressof(fsa), path, program_id));
this->code_fs.emplace(std::move(fsa), program_id, is_specific); this->code_fs.emplace(std::move(fsa), program_id, is_specific);
this->program_id = program_id; this->program_id = program_id;
@ -275,7 +275,7 @@ namespace ams::fs {
} }
Result MountCode(CodeInfo *out, const char *name, const char *path, ncm::ProgramId program_id) { Result MountCode(CodeVerificationData *out, const char *name, const char *path, ncm::ProgramId program_id) {
/* Clear the output. */ /* Clear the output. */
std::memset(out, 0, sizeof(*out)); std::memset(out, 0, sizeof(*out));
@ -293,7 +293,7 @@ namespace ams::fs {
return fsa::Register(name, std::move(fsa)); return fsa::Register(name, std::move(fsa));
} }
Result MountCodeForAtmosphereWithRedirection(CodeInfo *out, const char *name, const char *path, ncm::ProgramId program_id, bool is_hbl, bool is_specific) { Result MountCodeForAtmosphereWithRedirection(CodeVerificationData *out, const char *name, const char *path, ncm::ProgramId program_id, bool is_hbl, bool is_specific) {
/* Clear the output. */ /* Clear the output. */
std::memset(out, 0, sizeof(*out)); std::memset(out, 0, sizeof(*out));
@ -314,7 +314,7 @@ namespace ams::fs {
return fsa::Register(name, std::move(ams_code_fs)); return fsa::Register(name, std::move(ams_code_fs));
} }
Result MountCodeForAtmosphere(CodeInfo *out, const char *name, const char *path, ncm::ProgramId program_id) { Result MountCodeForAtmosphere(CodeVerificationData *out, const char *name, const char *path, ncm::ProgramId program_id) {
/* Clear the output. */ /* Clear the output. */
std::memset(out, 0, sizeof(*out)); std::memset(out, 0, sizeof(*out));

View file

@ -58,15 +58,15 @@ namespace ams::ldr {
} }
/* Mount the atmosphere code file system. */ /* Mount the atmosphere code file system. */
R_TRY(fs::MountCodeForAtmosphereWithRedirection(std::addressof(this->ams_code_info), AtmosphereCodeMountName, content_path, loc.program_id, this->override_status.IsHbl(), this->override_status.IsProgramSpecific())); R_TRY(fs::MountCodeForAtmosphereWithRedirection(std::addressof(this->ams_code_verification_data), AtmosphereCodeMountName, content_path, loc.program_id, this->override_status.IsHbl(), this->override_status.IsProgramSpecific()));
this->mounted_ams = true; this->mounted_ams = true;
/* Mount the sd or base code file system. */ /* Mount the sd or base code file system. */
R_TRY(fs::MountCodeForAtmosphere(std::addressof(this->sd_or_base_code_info), SdOrCodeMountName, content_path, loc.program_id)); R_TRY(fs::MountCodeForAtmosphere(std::addressof(this->sd_or_base_code_verification_data), SdOrCodeMountName, content_path, loc.program_id));
this->mounted_sd_or_code = true; this->mounted_sd_or_code = true;
/* Mount the base code file system. */ /* Mount the base code file system. */
if (R_SUCCEEDED(fs::MountCode(std::addressof(this->base_code_info), CodeMountName, content_path, loc.program_id))) { if (R_SUCCEEDED(fs::MountCode(std::addressof(this->base_code_verification_data), CodeMountName, content_path, loc.program_id))) {
this->mounted_code = true; this->mounted_code = true;
} }

View file

@ -25,9 +25,9 @@ namespace ams::ldr {
private: private:
std::scoped_lock<os::Mutex> lk; std::scoped_lock<os::Mutex> lk;
cfg::OverrideStatus override_status; cfg::OverrideStatus override_status;
fs::CodeInfo ams_code_info; fs::CodeVerificationData ams_code_verification_data;
fs::CodeInfo sd_or_base_code_info; fs::CodeVerificationData sd_or_base_code_verification_data;
fs::CodeInfo base_code_info; fs::CodeVerificationData base_code_verification_data;
Result result; Result result;
bool has_status; bool has_status;
bool mounted_ams; bool mounted_ams;
@ -47,16 +47,16 @@ namespace ams::ldr {
return this->override_status; return this->override_status;
} }
const fs::CodeInfo &GetAtmosphereCodeInfo() const { const fs::CodeVerificationData &GetAtmosphereCodeVerificationData() const {
return this->ams_code_info; return this->ams_code_verification_data;
} }
const fs::CodeInfo &GetSdOrBaseCodeInfo() const { const fs::CodeVerificationData &GetSdOrBaseCodeVerificationData() const {
return this->sd_or_base_code_info; return this->sd_or_base_code_verification_data;
} }
const fs::CodeInfo &GetCodeInfo() const { const fs::CodeVerificationData &GetCodeVerificationData() const {
return this->base_code_info; return this->base_code_verification_data;
} }
private: private:
Result Initialize(const ncm::ProgramLocation &loc); Result Initialize(const ncm::ProgramLocation &loc);

View file

@ -107,7 +107,7 @@ namespace ams::ldr {
Result ValidateAcidSignature(Meta *meta) { Result ValidateAcidSignature(Meta *meta) {
/* Loader did not check signatures prior to 10.0.0. */ /* Loader did not check signatures prior to 10.0.0. */
if (hos::GetVersion() < hos::Version_10_0_0) { if (hos::GetVersion() < hos::Version_10_0_0) {
meta->is_signed = false; meta->check_verification_data = false;
return ResultSuccess(); return ResultSuccess();
} }
@ -123,7 +123,7 @@ namespace ams::ldr {
const bool is_signature_valid = crypto::VerifyRsa2048PssSha256(sig, sig_size, mod, mod_size, exp, exp_size, msg, msg_size); const bool is_signature_valid = crypto::VerifyRsa2048PssSha256(sig, sig_size, mod, mod_size, exp, exp_size, msg, msg_size);
R_UNLESS(is_signature_valid || !IsEnabledProgramVerification(), ResultInvalidAcidSignature()); R_UNLESS(is_signature_valid || !IsEnabledProgramVerification(), ResultInvalidAcidSignature());
meta->is_signed = is_signature_valid; meta->check_verification_data = is_signature_valid;
return ResultSuccess(); return ResultSuccess();
} }
@ -221,7 +221,7 @@ namespace ams::ldr {
R_TRY(LoadMetaFromFile(file, &g_original_meta_cache)); R_TRY(LoadMetaFromFile(file, &g_original_meta_cache));
R_TRY(ValidateAcidSignature(&g_original_meta_cache.meta)); R_TRY(ValidateAcidSignature(&g_original_meta_cache.meta));
meta->modulus = g_original_meta_cache.meta.modulus; meta->modulus = g_original_meta_cache.meta.modulus;
meta->is_signed = g_original_meta_cache.meta.is_signed; meta->check_verification_data = g_original_meta_cache.meta.check_verification_data;
} }
} }

View file

@ -32,7 +32,7 @@ namespace ams::ldr {
void *aci_kac; void *aci_kac;
void *modulus; void *modulus;
bool is_signed; bool check_verification_data;
}; };
/* Meta API. */ /* Meta API. */

View file

@ -210,7 +210,7 @@ namespace ams::ldr {
return ResultSuccess(); return ResultSuccess();
} }
Result ValidateMeta(const Meta *meta, const ncm::ProgramLocation &loc, const fs::CodeInfo &code_info) { Result ValidateMeta(const Meta *meta, const ncm::ProgramLocation &loc, const fs::CodeVerificationData &code_verification_data) {
/* Validate version. */ /* Validate version. */
R_TRY(ValidateProgramVersion(loc.program_id, meta->npdm->version)); R_TRY(ValidateProgramVersion(loc.program_id, meta->npdm->version));
@ -222,15 +222,15 @@ namespace ams::ldr {
R_TRY(caps::ValidateCapabilities(meta->acid_kac, meta->acid->kac_size, meta->aci_kac, meta->aci->kac_size)); R_TRY(caps::ValidateCapabilities(meta->acid_kac, meta->acid->kac_size, meta->aci_kac, meta->aci->kac_size));
/* If we have data to validate, validate it. */ /* If we have data to validate, validate it. */
if (code_info.is_signed && meta->is_signed) { if (code_verification_data.has_data && meta->check_verification_data) {
const u8 *sig = code_info.signature; const u8 *sig = code_verification_data.signature;
const size_t sig_size = sizeof(code_info.signature); const size_t sig_size = sizeof(code_verification_data.signature);
const u8 *mod = static_cast<u8 *>(meta->modulus); const u8 *mod = static_cast<u8 *>(meta->modulus);
const size_t mod_size = crypto::Rsa2048PssSha256Verifier::ModulusSize; const size_t mod_size = crypto::Rsa2048PssSha256Verifier::ModulusSize;
const u8 *exp = fssystem::GetAcidSignatureKeyPublicExponent(); const u8 *exp = fssystem::GetAcidSignatureKeyPublicExponent();
const size_t exp_size = fssystem::AcidSignatureKeyPublicExponentSize; const size_t exp_size = fssystem::AcidSignatureKeyPublicExponentSize;
const u8 *hsh = code_info.hash; const u8 *hsh = code_verification_data.target_hash;
const size_t hsh_size = sizeof(code_info.hash); const size_t hsh_size = sizeof(code_verification_data.target_hash);
const bool is_signature_valid = crypto::VerifyRsa2048PssSha256WithHash(sig, sig_size, mod, mod_size, exp, exp_size, hsh, hsh_size); const bool is_signature_valid = crypto::VerifyRsa2048PssSha256WithHash(sig, sig_size, mod, mod_size, exp, exp_size, hsh, hsh_size);
R_UNLESS(is_signature_valid, ResultInvalidNcaSignature()); R_UNLESS(is_signature_valid, ResultInvalidNcaSignature());
@ -596,7 +596,7 @@ namespace ams::ldr {
R_TRY(LoadMetaFromCache(&meta, loc, override_status)); R_TRY(LoadMetaFromCache(&meta, loc, override_status));
/* Validate meta. */ /* Validate meta. */
R_TRY(ValidateMeta(&meta, loc, mount.GetCodeInfo())); R_TRY(ValidateMeta(&meta, loc, mount.GetCodeVerificationData()));
/* Load, validate NSOs. */ /* Load, validate NSOs. */
R_TRY(LoadNsoHeaders(nso_headers, has_nso)); R_TRY(LoadNsoHeaders(nso_headers, has_nso));