mirror of
https://github.com/Atmosphere-NX/Atmosphere
synced 2024-12-22 20:31:14 +00:00
loader: improve verification terminology
This commit is contained in:
parent
b7d99b732a
commit
074364753f
7 changed files with 41 additions and 41 deletions
|
@ -19,17 +19,17 @@
|
||||||
|
|
||||||
namespace ams::fs {
|
namespace ams::fs {
|
||||||
|
|
||||||
struct CodeInfo {
|
struct CodeVerificationData {
|
||||||
u8 signature[crypto::Rsa2048PssSha256Verifier::SignatureSize];
|
u8 signature[crypto::Rsa2048PssSha256Verifier::SignatureSize];
|
||||||
u8 hash[crypto::Rsa2048PssSha256Verifier::HashSize];
|
u8 target_hash[crypto::Rsa2048PssSha256Verifier::HashSize];
|
||||||
bool is_signed;
|
bool has_data;
|
||||||
u8 reserved[3];
|
u8 reserved[3];
|
||||||
};
|
};
|
||||||
static_assert(sizeof(CodeInfo) == crypto::Rsa2048PssSha256Verifier::SignatureSize + crypto::Rsa2048PssSha256Verifier::HashSize + 4);
|
static_assert(sizeof(CodeVerificationData) == crypto::Rsa2048PssSha256Verifier::SignatureSize + crypto::Rsa2048PssSha256Verifier::HashSize + 4);
|
||||||
|
|
||||||
Result MountCode(CodeInfo *out, const char *name, const char *path, ncm::ProgramId program_id);
|
Result MountCode(CodeVerificationData *out, const char *name, const char *path, ncm::ProgramId program_id);
|
||||||
|
|
||||||
Result MountCodeForAtmosphereWithRedirection(CodeInfo *out, const char *name, const char *path, ncm::ProgramId program_id, bool is_hbl, bool is_specific);
|
Result MountCodeForAtmosphereWithRedirection(CodeVerificationData *out, const char *name, const char *path, ncm::ProgramId program_id, bool is_hbl, bool is_specific);
|
||||||
Result MountCodeForAtmosphere(CodeInfo *out, const char *name, const char *path, ncm::ProgramId program_id);
|
Result MountCodeForAtmosphere(CodeVerificationData *out, const char *name, const char *path, ncm::ProgramId program_id);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,15 +20,15 @@ namespace ams::fs {
|
||||||
|
|
||||||
namespace {
|
namespace {
|
||||||
|
|
||||||
Result OpenCodeFileSystemImpl(CodeInfo *out_code_info, std::unique_ptr<fsa::IFileSystem> *out, const char *path, ncm::ProgramId program_id) {
|
Result OpenCodeFileSystemImpl(CodeVerificationData *out_verification_data, std::unique_ptr<fsa::IFileSystem> *out, const char *path, ncm::ProgramId program_id) {
|
||||||
/* Print a path suitable for the remote service. */
|
/* Print a path suitable for the remote service. */
|
||||||
fssrv::sf::Path sf_path;
|
fssrv::sf::Path sf_path;
|
||||||
R_TRY(FspPathPrintf(std::addressof(sf_path), "%s", path));
|
R_TRY(FspPathPrintf(std::addressof(sf_path), "%s", path));
|
||||||
|
|
||||||
/* Open the filesystem using libnx bindings. */
|
/* Open the filesystem using libnx bindings. */
|
||||||
static_assert(sizeof(CodeInfo) == sizeof(::FsCodeInfo));
|
static_assert(sizeof(CodeVerificationData) == sizeof(::FsCodeInfo));
|
||||||
::FsFileSystem fs;
|
::FsFileSystem fs;
|
||||||
R_TRY(fsldrOpenCodeFileSystem(reinterpret_cast<::FsCodeInfo *>(out_code_info), program_id.value, sf_path.str, std::addressof(fs)));
|
R_TRY(fsldrOpenCodeFileSystem(reinterpret_cast<::FsCodeInfo *>(out_verification_data), program_id.value, sf_path.str, std::addressof(fs)));
|
||||||
|
|
||||||
/* Allocate a new filesystem wrapper. */
|
/* Allocate a new filesystem wrapper. */
|
||||||
auto fsa = std::make_unique<RemoteFileSystem>(fs);
|
auto fsa = std::make_unique<RemoteFileSystem>(fs);
|
||||||
|
@ -62,12 +62,12 @@ namespace ams::fs {
|
||||||
return OpenPackageFileSystemImpl(out, sf_path.str);
|
return OpenPackageFileSystemImpl(out, sf_path.str);
|
||||||
}
|
}
|
||||||
|
|
||||||
Result OpenSdCardCodeOrCodeFileSystemImpl(CodeInfo *out_code_info, std::unique_ptr<fsa::IFileSystem> *out, const char *path, ncm::ProgramId program_id) {
|
Result OpenSdCardCodeOrCodeFileSystemImpl(CodeVerificationData *out_verification_data, std::unique_ptr<fsa::IFileSystem> *out, const char *path, ncm::ProgramId program_id) {
|
||||||
/* If we can open an sd card code fs, use it. */
|
/* If we can open an sd card code fs, use it. */
|
||||||
R_SUCCEED_IF(R_SUCCEEDED(OpenSdCardCodeFileSystemImpl(out, program_id)));
|
R_SUCCEED_IF(R_SUCCEEDED(OpenSdCardCodeFileSystemImpl(out, program_id)));
|
||||||
|
|
||||||
/* Otherwise, fall back to a normal code fs. */
|
/* Otherwise, fall back to a normal code fs. */
|
||||||
return OpenCodeFileSystemImpl(out_code_info, out, path, program_id);
|
return OpenCodeFileSystemImpl(out_verification_data, out, path, program_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
Result OpenHblCodeFileSystemImpl(std::unique_ptr<fsa::IFileSystem> *out) {
|
Result OpenHblCodeFileSystemImpl(std::unique_ptr<fsa::IFileSystem> *out) {
|
||||||
|
@ -227,7 +227,7 @@ namespace ams::fs {
|
||||||
public:
|
public:
|
||||||
AtmosphereCodeFileSystem() : initialized(false) { /* ... */ }
|
AtmosphereCodeFileSystem() : initialized(false) { /* ... */ }
|
||||||
|
|
||||||
Result Initialize(CodeInfo *out_code_info, const char *path, ncm::ProgramId program_id, bool is_hbl, bool is_specific) {
|
Result Initialize(CodeVerificationData *out_verification_data, const char *path, ncm::ProgramId program_id, bool is_hbl, bool is_specific) {
|
||||||
AMS_ABORT_UNLESS(!this->initialized);
|
AMS_ABORT_UNLESS(!this->initialized);
|
||||||
|
|
||||||
/* If we're hbl, we need to open a hbl fs. */
|
/* If we're hbl, we need to open a hbl fs. */
|
||||||
|
@ -239,7 +239,7 @@ namespace ams::fs {
|
||||||
|
|
||||||
/* Open the code filesystem. */
|
/* Open the code filesystem. */
|
||||||
std::unique_ptr<fsa::IFileSystem> fsa;
|
std::unique_ptr<fsa::IFileSystem> fsa;
|
||||||
R_TRY(OpenSdCardCodeOrCodeFileSystemImpl(out_code_info, std::addressof(fsa), path, program_id));
|
R_TRY(OpenSdCardCodeOrCodeFileSystemImpl(out_verification_data, std::addressof(fsa), path, program_id));
|
||||||
this->code_fs.emplace(std::move(fsa), program_id, is_specific);
|
this->code_fs.emplace(std::move(fsa), program_id, is_specific);
|
||||||
|
|
||||||
this->program_id = program_id;
|
this->program_id = program_id;
|
||||||
|
@ -275,7 +275,7 @@ namespace ams::fs {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
Result MountCode(CodeInfo *out, const char *name, const char *path, ncm::ProgramId program_id) {
|
Result MountCode(CodeVerificationData *out, const char *name, const char *path, ncm::ProgramId program_id) {
|
||||||
/* Clear the output. */
|
/* Clear the output. */
|
||||||
std::memset(out, 0, sizeof(*out));
|
std::memset(out, 0, sizeof(*out));
|
||||||
|
|
||||||
|
@ -293,7 +293,7 @@ namespace ams::fs {
|
||||||
return fsa::Register(name, std::move(fsa));
|
return fsa::Register(name, std::move(fsa));
|
||||||
}
|
}
|
||||||
|
|
||||||
Result MountCodeForAtmosphereWithRedirection(CodeInfo *out, const char *name, const char *path, ncm::ProgramId program_id, bool is_hbl, bool is_specific) {
|
Result MountCodeForAtmosphereWithRedirection(CodeVerificationData *out, const char *name, const char *path, ncm::ProgramId program_id, bool is_hbl, bool is_specific) {
|
||||||
/* Clear the output. */
|
/* Clear the output. */
|
||||||
std::memset(out, 0, sizeof(*out));
|
std::memset(out, 0, sizeof(*out));
|
||||||
|
|
||||||
|
@ -314,7 +314,7 @@ namespace ams::fs {
|
||||||
return fsa::Register(name, std::move(ams_code_fs));
|
return fsa::Register(name, std::move(ams_code_fs));
|
||||||
}
|
}
|
||||||
|
|
||||||
Result MountCodeForAtmosphere(CodeInfo *out, const char *name, const char *path, ncm::ProgramId program_id) {
|
Result MountCodeForAtmosphere(CodeVerificationData *out, const char *name, const char *path, ncm::ProgramId program_id) {
|
||||||
/* Clear the output. */
|
/* Clear the output. */
|
||||||
std::memset(out, 0, sizeof(*out));
|
std::memset(out, 0, sizeof(*out));
|
||||||
|
|
||||||
|
|
|
@ -58,15 +58,15 @@ namespace ams::ldr {
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Mount the atmosphere code file system. */
|
/* Mount the atmosphere code file system. */
|
||||||
R_TRY(fs::MountCodeForAtmosphereWithRedirection(std::addressof(this->ams_code_info), AtmosphereCodeMountName, content_path, loc.program_id, this->override_status.IsHbl(), this->override_status.IsProgramSpecific()));
|
R_TRY(fs::MountCodeForAtmosphereWithRedirection(std::addressof(this->ams_code_verification_data), AtmosphereCodeMountName, content_path, loc.program_id, this->override_status.IsHbl(), this->override_status.IsProgramSpecific()));
|
||||||
this->mounted_ams = true;
|
this->mounted_ams = true;
|
||||||
|
|
||||||
/* Mount the sd or base code file system. */
|
/* Mount the sd or base code file system. */
|
||||||
R_TRY(fs::MountCodeForAtmosphere(std::addressof(this->sd_or_base_code_info), SdOrCodeMountName, content_path, loc.program_id));
|
R_TRY(fs::MountCodeForAtmosphere(std::addressof(this->sd_or_base_code_verification_data), SdOrCodeMountName, content_path, loc.program_id));
|
||||||
this->mounted_sd_or_code = true;
|
this->mounted_sd_or_code = true;
|
||||||
|
|
||||||
/* Mount the base code file system. */
|
/* Mount the base code file system. */
|
||||||
if (R_SUCCEEDED(fs::MountCode(std::addressof(this->base_code_info), CodeMountName, content_path, loc.program_id))) {
|
if (R_SUCCEEDED(fs::MountCode(std::addressof(this->base_code_verification_data), CodeMountName, content_path, loc.program_id))) {
|
||||||
this->mounted_code = true;
|
this->mounted_code = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -25,9 +25,9 @@ namespace ams::ldr {
|
||||||
private:
|
private:
|
||||||
std::scoped_lock<os::Mutex> lk;
|
std::scoped_lock<os::Mutex> lk;
|
||||||
cfg::OverrideStatus override_status;
|
cfg::OverrideStatus override_status;
|
||||||
fs::CodeInfo ams_code_info;
|
fs::CodeVerificationData ams_code_verification_data;
|
||||||
fs::CodeInfo sd_or_base_code_info;
|
fs::CodeVerificationData sd_or_base_code_verification_data;
|
||||||
fs::CodeInfo base_code_info;
|
fs::CodeVerificationData base_code_verification_data;
|
||||||
Result result;
|
Result result;
|
||||||
bool has_status;
|
bool has_status;
|
||||||
bool mounted_ams;
|
bool mounted_ams;
|
||||||
|
@ -47,16 +47,16 @@ namespace ams::ldr {
|
||||||
return this->override_status;
|
return this->override_status;
|
||||||
}
|
}
|
||||||
|
|
||||||
const fs::CodeInfo &GetAtmosphereCodeInfo() const {
|
const fs::CodeVerificationData &GetAtmosphereCodeVerificationData() const {
|
||||||
return this->ams_code_info;
|
return this->ams_code_verification_data;
|
||||||
}
|
}
|
||||||
|
|
||||||
const fs::CodeInfo &GetSdOrBaseCodeInfo() const {
|
const fs::CodeVerificationData &GetSdOrBaseCodeVerificationData() const {
|
||||||
return this->sd_or_base_code_info;
|
return this->sd_or_base_code_verification_data;
|
||||||
}
|
}
|
||||||
|
|
||||||
const fs::CodeInfo &GetCodeInfo() const {
|
const fs::CodeVerificationData &GetCodeVerificationData() const {
|
||||||
return this->base_code_info;
|
return this->base_code_verification_data;
|
||||||
}
|
}
|
||||||
private:
|
private:
|
||||||
Result Initialize(const ncm::ProgramLocation &loc);
|
Result Initialize(const ncm::ProgramLocation &loc);
|
||||||
|
|
|
@ -107,7 +107,7 @@ namespace ams::ldr {
|
||||||
Result ValidateAcidSignature(Meta *meta) {
|
Result ValidateAcidSignature(Meta *meta) {
|
||||||
/* Loader did not check signatures prior to 10.0.0. */
|
/* Loader did not check signatures prior to 10.0.0. */
|
||||||
if (hos::GetVersion() < hos::Version_10_0_0) {
|
if (hos::GetVersion() < hos::Version_10_0_0) {
|
||||||
meta->is_signed = false;
|
meta->check_verification_data = false;
|
||||||
return ResultSuccess();
|
return ResultSuccess();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -123,7 +123,7 @@ namespace ams::ldr {
|
||||||
const bool is_signature_valid = crypto::VerifyRsa2048PssSha256(sig, sig_size, mod, mod_size, exp, exp_size, msg, msg_size);
|
const bool is_signature_valid = crypto::VerifyRsa2048PssSha256(sig, sig_size, mod, mod_size, exp, exp_size, msg, msg_size);
|
||||||
R_UNLESS(is_signature_valid || !IsEnabledProgramVerification(), ResultInvalidAcidSignature());
|
R_UNLESS(is_signature_valid || !IsEnabledProgramVerification(), ResultInvalidAcidSignature());
|
||||||
|
|
||||||
meta->is_signed = is_signature_valid;
|
meta->check_verification_data = is_signature_valid;
|
||||||
return ResultSuccess();
|
return ResultSuccess();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -221,7 +221,7 @@ namespace ams::ldr {
|
||||||
R_TRY(LoadMetaFromFile(file, &g_original_meta_cache));
|
R_TRY(LoadMetaFromFile(file, &g_original_meta_cache));
|
||||||
R_TRY(ValidateAcidSignature(&g_original_meta_cache.meta));
|
R_TRY(ValidateAcidSignature(&g_original_meta_cache.meta));
|
||||||
meta->modulus = g_original_meta_cache.meta.modulus;
|
meta->modulus = g_original_meta_cache.meta.modulus;
|
||||||
meta->is_signed = g_original_meta_cache.meta.is_signed;
|
meta->check_verification_data = g_original_meta_cache.meta.check_verification_data;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -32,7 +32,7 @@ namespace ams::ldr {
|
||||||
void *aci_kac;
|
void *aci_kac;
|
||||||
|
|
||||||
void *modulus;
|
void *modulus;
|
||||||
bool is_signed;
|
bool check_verification_data;
|
||||||
};
|
};
|
||||||
|
|
||||||
/* Meta API. */
|
/* Meta API. */
|
||||||
|
|
|
@ -210,7 +210,7 @@ namespace ams::ldr {
|
||||||
return ResultSuccess();
|
return ResultSuccess();
|
||||||
}
|
}
|
||||||
|
|
||||||
Result ValidateMeta(const Meta *meta, const ncm::ProgramLocation &loc, const fs::CodeInfo &code_info) {
|
Result ValidateMeta(const Meta *meta, const ncm::ProgramLocation &loc, const fs::CodeVerificationData &code_verification_data) {
|
||||||
/* Validate version. */
|
/* Validate version. */
|
||||||
R_TRY(ValidateProgramVersion(loc.program_id, meta->npdm->version));
|
R_TRY(ValidateProgramVersion(loc.program_id, meta->npdm->version));
|
||||||
|
|
||||||
|
@ -222,15 +222,15 @@ namespace ams::ldr {
|
||||||
R_TRY(caps::ValidateCapabilities(meta->acid_kac, meta->acid->kac_size, meta->aci_kac, meta->aci->kac_size));
|
R_TRY(caps::ValidateCapabilities(meta->acid_kac, meta->acid->kac_size, meta->aci_kac, meta->aci->kac_size));
|
||||||
|
|
||||||
/* If we have data to validate, validate it. */
|
/* If we have data to validate, validate it. */
|
||||||
if (code_info.is_signed && meta->is_signed) {
|
if (code_verification_data.has_data && meta->check_verification_data) {
|
||||||
const u8 *sig = code_info.signature;
|
const u8 *sig = code_verification_data.signature;
|
||||||
const size_t sig_size = sizeof(code_info.signature);
|
const size_t sig_size = sizeof(code_verification_data.signature);
|
||||||
const u8 *mod = static_cast<u8 *>(meta->modulus);
|
const u8 *mod = static_cast<u8 *>(meta->modulus);
|
||||||
const size_t mod_size = crypto::Rsa2048PssSha256Verifier::ModulusSize;
|
const size_t mod_size = crypto::Rsa2048PssSha256Verifier::ModulusSize;
|
||||||
const u8 *exp = fssystem::GetAcidSignatureKeyPublicExponent();
|
const u8 *exp = fssystem::GetAcidSignatureKeyPublicExponent();
|
||||||
const size_t exp_size = fssystem::AcidSignatureKeyPublicExponentSize;
|
const size_t exp_size = fssystem::AcidSignatureKeyPublicExponentSize;
|
||||||
const u8 *hsh = code_info.hash;
|
const u8 *hsh = code_verification_data.target_hash;
|
||||||
const size_t hsh_size = sizeof(code_info.hash);
|
const size_t hsh_size = sizeof(code_verification_data.target_hash);
|
||||||
const bool is_signature_valid = crypto::VerifyRsa2048PssSha256WithHash(sig, sig_size, mod, mod_size, exp, exp_size, hsh, hsh_size);
|
const bool is_signature_valid = crypto::VerifyRsa2048PssSha256WithHash(sig, sig_size, mod, mod_size, exp, exp_size, hsh, hsh_size);
|
||||||
|
|
||||||
R_UNLESS(is_signature_valid, ResultInvalidNcaSignature());
|
R_UNLESS(is_signature_valid, ResultInvalidNcaSignature());
|
||||||
|
@ -596,7 +596,7 @@ namespace ams::ldr {
|
||||||
R_TRY(LoadMetaFromCache(&meta, loc, override_status));
|
R_TRY(LoadMetaFromCache(&meta, loc, override_status));
|
||||||
|
|
||||||
/* Validate meta. */
|
/* Validate meta. */
|
||||||
R_TRY(ValidateMeta(&meta, loc, mount.GetCodeInfo()));
|
R_TRY(ValidateMeta(&meta, loc, mount.GetCodeVerificationData()));
|
||||||
|
|
||||||
/* Load, validate NSOs. */
|
/* Load, validate NSOs. */
|
||||||
R_TRY(LoadNsoHeaders(nso_headers, has_nso));
|
R_TRY(LoadNsoHeaders(nso_headers, has_nso));
|
||||||
|
|
Loading…
Reference in a new issue