loader: improve verification terminology

This commit is contained in:
Michael Scire 2020-09-08 15:34:22 -07:00
parent b7d99b732a
commit 074364753f
7 changed files with 41 additions and 41 deletions

View file

@ -19,17 +19,17 @@
namespace ams::fs {
struct CodeInfo {
struct CodeVerificationData {
u8 signature[crypto::Rsa2048PssSha256Verifier::SignatureSize];
u8 hash[crypto::Rsa2048PssSha256Verifier::HashSize];
bool is_signed;
u8 target_hash[crypto::Rsa2048PssSha256Verifier::HashSize];
bool has_data;
u8 reserved[3];
};
static_assert(sizeof(CodeInfo) == crypto::Rsa2048PssSha256Verifier::SignatureSize + crypto::Rsa2048PssSha256Verifier::HashSize + 4);
static_assert(sizeof(CodeVerificationData) == crypto::Rsa2048PssSha256Verifier::SignatureSize + crypto::Rsa2048PssSha256Verifier::HashSize + 4);
Result MountCode(CodeInfo *out, const char *name, const char *path, ncm::ProgramId program_id);
Result MountCode(CodeVerificationData *out, const char *name, const char *path, ncm::ProgramId program_id);
Result MountCodeForAtmosphereWithRedirection(CodeInfo *out, const char *name, const char *path, ncm::ProgramId program_id, bool is_hbl, bool is_specific);
Result MountCodeForAtmosphere(CodeInfo *out, const char *name, const char *path, ncm::ProgramId program_id);
Result MountCodeForAtmosphereWithRedirection(CodeVerificationData *out, const char *name, const char *path, ncm::ProgramId program_id, bool is_hbl, bool is_specific);
Result MountCodeForAtmosphere(CodeVerificationData *out, const char *name, const char *path, ncm::ProgramId program_id);
}

View file

@ -20,15 +20,15 @@ namespace ams::fs {
namespace {
Result OpenCodeFileSystemImpl(CodeInfo *out_code_info, std::unique_ptr<fsa::IFileSystem> *out, const char *path, ncm::ProgramId program_id) {
Result OpenCodeFileSystemImpl(CodeVerificationData *out_verification_data, std::unique_ptr<fsa::IFileSystem> *out, const char *path, ncm::ProgramId program_id) {
/* Print a path suitable for the remote service. */
fssrv::sf::Path sf_path;
R_TRY(FspPathPrintf(std::addressof(sf_path), "%s", path));
/* Open the filesystem using libnx bindings. */
static_assert(sizeof(CodeInfo) == sizeof(::FsCodeInfo));
static_assert(sizeof(CodeVerificationData) == sizeof(::FsCodeInfo));
::FsFileSystem fs;
R_TRY(fsldrOpenCodeFileSystem(reinterpret_cast<::FsCodeInfo *>(out_code_info), program_id.value, sf_path.str, std::addressof(fs)));
R_TRY(fsldrOpenCodeFileSystem(reinterpret_cast<::FsCodeInfo *>(out_verification_data), program_id.value, sf_path.str, std::addressof(fs)));
/* Allocate a new filesystem wrapper. */
auto fsa = std::make_unique<RemoteFileSystem>(fs);
@ -62,12 +62,12 @@ namespace ams::fs {
return OpenPackageFileSystemImpl(out, sf_path.str);
}
Result OpenSdCardCodeOrCodeFileSystemImpl(CodeInfo *out_code_info, std::unique_ptr<fsa::IFileSystem> *out, const char *path, ncm::ProgramId program_id) {
Result OpenSdCardCodeOrCodeFileSystemImpl(CodeVerificationData *out_verification_data, std::unique_ptr<fsa::IFileSystem> *out, const char *path, ncm::ProgramId program_id) {
/* If we can open an sd card code fs, use it. */
R_SUCCEED_IF(R_SUCCEEDED(OpenSdCardCodeFileSystemImpl(out, program_id)));
/* Otherwise, fall back to a normal code fs. */
return OpenCodeFileSystemImpl(out_code_info, out, path, program_id);
return OpenCodeFileSystemImpl(out_verification_data, out, path, program_id);
}
Result OpenHblCodeFileSystemImpl(std::unique_ptr<fsa::IFileSystem> *out) {
@ -227,7 +227,7 @@ namespace ams::fs {
public:
AtmosphereCodeFileSystem() : initialized(false) { /* ... */ }
Result Initialize(CodeInfo *out_code_info, const char *path, ncm::ProgramId program_id, bool is_hbl, bool is_specific) {
Result Initialize(CodeVerificationData *out_verification_data, const char *path, ncm::ProgramId program_id, bool is_hbl, bool is_specific) {
AMS_ABORT_UNLESS(!this->initialized);
/* If we're hbl, we need to open a hbl fs. */
@ -239,7 +239,7 @@ namespace ams::fs {
/* Open the code filesystem. */
std::unique_ptr<fsa::IFileSystem> fsa;
R_TRY(OpenSdCardCodeOrCodeFileSystemImpl(out_code_info, std::addressof(fsa), path, program_id));
R_TRY(OpenSdCardCodeOrCodeFileSystemImpl(out_verification_data, std::addressof(fsa), path, program_id));
this->code_fs.emplace(std::move(fsa), program_id, is_specific);
this->program_id = program_id;
@ -275,7 +275,7 @@ namespace ams::fs {
}
Result MountCode(CodeInfo *out, const char *name, const char *path, ncm::ProgramId program_id) {
Result MountCode(CodeVerificationData *out, const char *name, const char *path, ncm::ProgramId program_id) {
/* Clear the output. */
std::memset(out, 0, sizeof(*out));
@ -293,7 +293,7 @@ namespace ams::fs {
return fsa::Register(name, std::move(fsa));
}
Result MountCodeForAtmosphereWithRedirection(CodeInfo *out, const char *name, const char *path, ncm::ProgramId program_id, bool is_hbl, bool is_specific) {
Result MountCodeForAtmosphereWithRedirection(CodeVerificationData *out, const char *name, const char *path, ncm::ProgramId program_id, bool is_hbl, bool is_specific) {
/* Clear the output. */
std::memset(out, 0, sizeof(*out));
@ -314,7 +314,7 @@ namespace ams::fs {
return fsa::Register(name, std::move(ams_code_fs));
}
Result MountCodeForAtmosphere(CodeInfo *out, const char *name, const char *path, ncm::ProgramId program_id) {
Result MountCodeForAtmosphere(CodeVerificationData *out, const char *name, const char *path, ncm::ProgramId program_id) {
/* Clear the output. */
std::memset(out, 0, sizeof(*out));

View file

@ -58,15 +58,15 @@ namespace ams::ldr {
}
/* Mount the atmosphere code file system. */
R_TRY(fs::MountCodeForAtmosphereWithRedirection(std::addressof(this->ams_code_info), AtmosphereCodeMountName, content_path, loc.program_id, this->override_status.IsHbl(), this->override_status.IsProgramSpecific()));
R_TRY(fs::MountCodeForAtmosphereWithRedirection(std::addressof(this->ams_code_verification_data), AtmosphereCodeMountName, content_path, loc.program_id, this->override_status.IsHbl(), this->override_status.IsProgramSpecific()));
this->mounted_ams = true;
/* Mount the sd or base code file system. */
R_TRY(fs::MountCodeForAtmosphere(std::addressof(this->sd_or_base_code_info), SdOrCodeMountName, content_path, loc.program_id));
R_TRY(fs::MountCodeForAtmosphere(std::addressof(this->sd_or_base_code_verification_data), SdOrCodeMountName, content_path, loc.program_id));
this->mounted_sd_or_code = true;
/* Mount the base code file system. */
if (R_SUCCEEDED(fs::MountCode(std::addressof(this->base_code_info), CodeMountName, content_path, loc.program_id))) {
if (R_SUCCEEDED(fs::MountCode(std::addressof(this->base_code_verification_data), CodeMountName, content_path, loc.program_id))) {
this->mounted_code = true;
}

View file

@ -25,9 +25,9 @@ namespace ams::ldr {
private:
std::scoped_lock<os::Mutex> lk;
cfg::OverrideStatus override_status;
fs::CodeInfo ams_code_info;
fs::CodeInfo sd_or_base_code_info;
fs::CodeInfo base_code_info;
fs::CodeVerificationData ams_code_verification_data;
fs::CodeVerificationData sd_or_base_code_verification_data;
fs::CodeVerificationData base_code_verification_data;
Result result;
bool has_status;
bool mounted_ams;
@ -47,16 +47,16 @@ namespace ams::ldr {
return this->override_status;
}
const fs::CodeInfo &GetAtmosphereCodeInfo() const {
return this->ams_code_info;
const fs::CodeVerificationData &GetAtmosphereCodeVerificationData() const {
return this->ams_code_verification_data;
}
const fs::CodeInfo &GetSdOrBaseCodeInfo() const {
return this->sd_or_base_code_info;
const fs::CodeVerificationData &GetSdOrBaseCodeVerificationData() const {
return this->sd_or_base_code_verification_data;
}
const fs::CodeInfo &GetCodeInfo() const {
return this->base_code_info;
const fs::CodeVerificationData &GetCodeVerificationData() const {
return this->base_code_verification_data;
}
private:
Result Initialize(const ncm::ProgramLocation &loc);

View file

@ -107,7 +107,7 @@ namespace ams::ldr {
Result ValidateAcidSignature(Meta *meta) {
/* Loader did not check signatures prior to 10.0.0. */
if (hos::GetVersion() < hos::Version_10_0_0) {
meta->is_signed = false;
meta->check_verification_data = false;
return ResultSuccess();
}
@ -123,7 +123,7 @@ namespace ams::ldr {
const bool is_signature_valid = crypto::VerifyRsa2048PssSha256(sig, sig_size, mod, mod_size, exp, exp_size, msg, msg_size);
R_UNLESS(is_signature_valid || !IsEnabledProgramVerification(), ResultInvalidAcidSignature());
meta->is_signed = is_signature_valid;
meta->check_verification_data = is_signature_valid;
return ResultSuccess();
}
@ -220,8 +220,8 @@ namespace ams::ldr {
ON_SCOPE_EXIT { fs::CloseFile(file); };
R_TRY(LoadMetaFromFile(file, &g_original_meta_cache));
R_TRY(ValidateAcidSignature(&g_original_meta_cache.meta));
meta->modulus = g_original_meta_cache.meta.modulus;
meta->is_signed = g_original_meta_cache.meta.is_signed;
meta->modulus = g_original_meta_cache.meta.modulus;
meta->check_verification_data = g_original_meta_cache.meta.check_verification_data;
}
}

View file

@ -32,7 +32,7 @@ namespace ams::ldr {
void *aci_kac;
void *modulus;
bool is_signed;
bool check_verification_data;
};
/* Meta API. */

View file

@ -210,7 +210,7 @@ namespace ams::ldr {
return ResultSuccess();
}
Result ValidateMeta(const Meta *meta, const ncm::ProgramLocation &loc, const fs::CodeInfo &code_info) {
Result ValidateMeta(const Meta *meta, const ncm::ProgramLocation &loc, const fs::CodeVerificationData &code_verification_data) {
/* Validate version. */
R_TRY(ValidateProgramVersion(loc.program_id, meta->npdm->version));
@ -222,15 +222,15 @@ namespace ams::ldr {
R_TRY(caps::ValidateCapabilities(meta->acid_kac, meta->acid->kac_size, meta->aci_kac, meta->aci->kac_size));
/* If we have data to validate, validate it. */
if (code_info.is_signed && meta->is_signed) {
const u8 *sig = code_info.signature;
const size_t sig_size = sizeof(code_info.signature);
if (code_verification_data.has_data && meta->check_verification_data) {
const u8 *sig = code_verification_data.signature;
const size_t sig_size = sizeof(code_verification_data.signature);
const u8 *mod = static_cast<u8 *>(meta->modulus);
const size_t mod_size = crypto::Rsa2048PssSha256Verifier::ModulusSize;
const u8 *exp = fssystem::GetAcidSignatureKeyPublicExponent();
const size_t exp_size = fssystem::AcidSignatureKeyPublicExponentSize;
const u8 *hsh = code_info.hash;
const size_t hsh_size = sizeof(code_info.hash);
const u8 *hsh = code_verification_data.target_hash;
const size_t hsh_size = sizeof(code_verification_data.target_hash);
const bool is_signature_valid = crypto::VerifyRsa2048PssSha256WithHash(sig, sig_size, mod, mod_size, exp, exp_size, hsh, hsh_size);
R_UNLESS(is_signature_valid, ResultInvalidNcaSignature());
@ -596,7 +596,7 @@ namespace ams::ldr {
R_TRY(LoadMetaFromCache(&meta, loc, override_status));
/* Validate meta. */
R_TRY(ValidateMeta(&meta, loc, mount.GetCodeInfo()));
R_TRY(ValidateMeta(&meta, loc, mount.GetCodeVerificationData()));
/* Load, validate NSOs. */
R_TRY(LoadNsoHeaders(nso_headers, has_nso));