mirror of
https://github.com/Atmosphere-NX/Atmosphere
synced 2024-12-22 20:31:14 +00:00
fs: update signature for VerifySign1
This commit is contained in:
parent
2e6223d9d0
commit
d7f89a0c31
4 changed files with 30 additions and 7 deletions
|
@ -38,7 +38,7 @@ namespace ams::fssystem {
|
||||||
using DecryptAesCtrFunction = void (*)(void *dst, size_t dst_size, u8 key_index, u8 key_generation, const void *src_key, size_t src_key_size, const void *iv, size_t iv_size, const void *src, size_t src_size);
|
using DecryptAesCtrFunction = void (*)(void *dst, size_t dst_size, u8 key_index, u8 key_generation, const void *src_key, size_t src_key_size, const void *iv, size_t iv_size, const void *src, size_t src_size);
|
||||||
|
|
||||||
using CryptAesXtsFunction = Result (*)(void *dst, size_t dst_size, const void *key1, const void *key2, size_t key_size, const void *iv, size_t iv_size, const void *src, size_t src_size);
|
using CryptAesXtsFunction = Result (*)(void *dst, size_t dst_size, const void *key1, const void *key2, size_t key_size, const void *iv, size_t iv_size, const void *src, size_t src_size);
|
||||||
using VerifySign1Function = bool (*)(const void *sig, size_t sig_size, const void *data, size_t data_size, u8 generation, const NcaCryptoConfiguration &cfg);
|
using VerifySign1Function = bool (*)(const void *sig, size_t sig_size, const void *data, size_t data_size, u8 generation);
|
||||||
|
|
||||||
struct NcaCryptoConfiguration {
|
struct NcaCryptoConfiguration {
|
||||||
static constexpr size_t Rsa2048KeyModulusSize = crypto::Rsa2048PssSha256Verifier::ModulusSize;
|
static constexpr size_t Rsa2048KeyModulusSize = crypto::Rsa2048PssSha256Verifier::ModulusSize;
|
||||||
|
|
|
@ -253,6 +253,8 @@ namespace ams::fs::impl {
|
||||||
ADD_ENUM_CASE(AesXts);
|
ADD_ENUM_CASE(AesXts);
|
||||||
ADD_ENUM_CASE(AesCtr);
|
ADD_ENUM_CASE(AesCtr);
|
||||||
ADD_ENUM_CASE(AesCtrEx);
|
ADD_ENUM_CASE(AesCtrEx);
|
||||||
|
ADD_ENUM_CASE(AesCtrSkipLayerHash);
|
||||||
|
ADD_ENUM_CASE(AesCtrExSkipLayerHash);
|
||||||
default: return ToValueString(static_cast<int>(id));
|
default: return ToValueString(static_cast<int>(id));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -264,6 +266,18 @@ namespace ams::fs::impl {
|
||||||
ADD_ENUM_CASE(None);
|
ADD_ENUM_CASE(None);
|
||||||
ADD_ENUM_CASE(HierarchicalSha256Hash);
|
ADD_ENUM_CASE(HierarchicalSha256Hash);
|
||||||
ADD_ENUM_CASE(HierarchicalIntegrityHash);
|
ADD_ENUM_CASE(HierarchicalIntegrityHash);
|
||||||
|
ADD_ENUM_CASE(AutoSha3);
|
||||||
|
ADD_ENUM_CASE(HierarchicalSha3256Hash);
|
||||||
|
ADD_ENUM_CASE(HierarchicalIntegritySha3Hash);
|
||||||
|
default: return ToValueString(static_cast<int>(id));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
template<> const char *IdString::ToString<fssystem::NcaFsHeader::MetaDataHashType>(fssystem::NcaFsHeader::MetaDataHashType id) {
|
||||||
|
switch (id) {
|
||||||
|
using enum fssystem::NcaFsHeader::MetaDataHashType;
|
||||||
|
ADD_ENUM_CASE(None);
|
||||||
|
ADD_ENUM_CASE(HierarchicalIntegrity);
|
||||||
default: return ToValueString(static_cast<int>(id));
|
default: return ToValueString(static_cast<int>(id));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -214,10 +214,19 @@ namespace ams::fssystem {
|
||||||
ComputeCtr(dst, dst_size, accessor->GetKeySlotIndex(), src, src_size, iv, iv_size);
|
ComputeCtr(dst, dst_size, accessor->GetKeySlotIndex(), src, src_size, iv, iv_size);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool VerifySign1(const void *sig, size_t sig_size, const void *data, size_t data_size, u8 generation, const NcaCryptoConfiguration &cfg) {
|
bool VerifySign1Prod(const void *sig, size_t sig_size, const void *data, size_t data_size, u8 generation) {
|
||||||
const u8 *mod = cfg.header_1_sign_key_moduli[generation];
|
const u8 *mod = g_nca_crypto_configuration_prod.header_1_sign_key_moduli[generation];
|
||||||
const size_t mod_size = NcaCryptoConfiguration::Rsa2048KeyModulusSize;
|
const size_t mod_size = NcaCryptoConfiguration::Rsa2048KeyModulusSize;
|
||||||
const u8 *exp = cfg.header_1_sign_key_public_exponent;
|
const u8 *exp = g_nca_crypto_configuration_prod.header_1_sign_key_public_exponent;
|
||||||
|
const size_t exp_size = NcaCryptoConfiguration::Rsa2048KeyPublicExponentSize;
|
||||||
|
|
||||||
|
return crypto::VerifyRsa2048PssSha256(sig, sig_size, mod, mod_size, exp, exp_size, data, data_size);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool VerifySign1Dev(const void *sig, size_t sig_size, const void *data, size_t data_size, u8 generation) {
|
||||||
|
const u8 *mod = g_nca_crypto_configuration_dev.header_1_sign_key_moduli[generation];
|
||||||
|
const size_t mod_size = NcaCryptoConfiguration::Rsa2048KeyModulusSize;
|
||||||
|
const u8 *exp = g_nca_crypto_configuration_dev.header_1_sign_key_public_exponent;
|
||||||
const size_t exp_size = NcaCryptoConfiguration::Rsa2048KeyPublicExponentSize;
|
const size_t exp_size = NcaCryptoConfiguration::Rsa2048KeyPublicExponentSize;
|
||||||
|
|
||||||
return crypto::VerifyRsa2048PssSha256(sig, sig_size, mod, mod_size, exp, exp_size, data, data_size);
|
return crypto::VerifyRsa2048PssSha256(sig, sig_size, mod, mod_size, exp, exp_size, data, data_size);
|
||||||
|
@ -227,7 +236,7 @@ namespace ams::fssystem {
|
||||||
|
|
||||||
const ::ams::fssystem::NcaCryptoConfiguration *GetNcaCryptoConfiguration(bool prod) {
|
const ::ams::fssystem::NcaCryptoConfiguration *GetNcaCryptoConfiguration(bool prod) {
|
||||||
/* Decide which configuration to use. */
|
/* Decide which configuration to use. */
|
||||||
NcaCryptoConfiguration *cfg = prod ? std::addressof(g_nca_crypto_configuration_prod) : std::addressof(g_nca_crypto_configuration_dev);
|
NcaCryptoConfiguration * const cfg = prod ? std::addressof(g_nca_crypto_configuration_prod) : std::addressof(g_nca_crypto_configuration_dev);
|
||||||
std::memcpy(cfg, fssrv::GetDefaultNcaCryptoConfiguration(prod), sizeof(NcaCryptoConfiguration));
|
std::memcpy(cfg, fssrv::GetDefaultNcaCryptoConfiguration(prod), sizeof(NcaCryptoConfiguration));
|
||||||
|
|
||||||
/* Set the key generation functions. */
|
/* Set the key generation functions. */
|
||||||
|
@ -236,7 +245,7 @@ namespace ams::fssystem {
|
||||||
cfg->encrypt_aes_xts_external = nullptr;
|
cfg->encrypt_aes_xts_external = nullptr;
|
||||||
cfg->decrypt_aes_ctr = DecryptAesCtr;
|
cfg->decrypt_aes_ctr = DecryptAesCtr;
|
||||||
cfg->decrypt_aes_ctr_external = DecryptAesCtrForPreparedKey;
|
cfg->decrypt_aes_ctr_external = DecryptAesCtrForPreparedKey;
|
||||||
cfg->verify_sign1 = VerifySign1;
|
cfg->verify_sign1 = prod ? VerifySign1Prod : VerifySign1Dev;
|
||||||
cfg->is_plaintext_header_available = !prod;
|
cfg->is_plaintext_header_available = !prod;
|
||||||
cfg->is_available_sw_key = true;
|
cfg->is_available_sw_key = true;
|
||||||
|
|
||||||
|
|
|
@ -122,7 +122,7 @@ namespace ams::fssystem {
|
||||||
const u8 *msg = static_cast<const u8 *>(static_cast<const void *>(std::addressof(m_header.magic)));
|
const u8 *msg = static_cast<const u8 *>(static_cast<const void *>(std::addressof(m_header.magic)));
|
||||||
const size_t msg_size = NcaHeader::Size - NcaHeader::HeaderSignSize * NcaHeader::HeaderSignCount;
|
const size_t msg_size = NcaHeader::Size - NcaHeader::HeaderSignSize * NcaHeader::HeaderSignCount;
|
||||||
|
|
||||||
m_is_header_sign1_signature_valid = crypto_cfg.verify_sign1(sig, sig_size, msg, msg_size, m_header.header1_signature_key_generation, crypto_cfg);
|
m_is_header_sign1_signature_valid = crypto_cfg.verify_sign1(sig, sig_size, msg, msg_size, m_header.header1_signature_key_generation);
|
||||||
|
|
||||||
#if defined(ATMOSPHERE_BOARD_NINTENDO_NX)
|
#if defined(ATMOSPHERE_BOARD_NINTENDO_NX)
|
||||||
R_UNLESS(m_is_header_sign1_signature_valid, fs::ResultNcaHeaderSignature1VerificationFailed());
|
R_UNLESS(m_is_header_sign1_signature_valid, fs::ResultNcaHeaderSignature1VerificationFailed());
|
||||||
|
|
Loading…
Reference in a new issue