diff --git a/src/KeyConfiguration.cpp b/src/KeyConfiguration.cpp index 68af5b2..5a2edf8 100644 --- a/src/KeyConfiguration.cpp +++ b/src/KeyConfiguration.cpp @@ -225,9 +225,21 @@ bool KeyConfiguration::getContentArchiveHeaderKey(fnd::aes::sAesXts128Key& key) return copyOutKeyResourceIfExists(mContentArchiveHeaderKey, key, kNullAesXtsKey); } -bool KeyConfiguration::getContentArchiveHeader0SignKey(fnd::rsa::sRsa2048Key& key) const +bool KeyConfiguration::getContentArchiveHeader0SignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const { - return copyOutKeyResourceIfExists(mContentArchiveHeader0SignKey, key, kNullRsa2048Key); + // TODO: This needs to be changed to support multiple keys + + bool keyIsFound = false; + switch (key_generation) + { + case (0x00): + keyIsFound = copyOutKeyResourceIfExists(mContentArchiveHeader0SignKey, key, kNullRsa2048Key); + break; + default: + keyIsFound = false; + } + + return keyIsFound; } bool KeyConfiguration::getAcidSignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const diff --git a/src/KeyConfiguration.h b/src/KeyConfiguration.h index 8849787..58245b6 100644 --- a/src/KeyConfiguration.h +++ b/src/KeyConfiguration.h @@ -25,7 +25,7 @@ public: // nca keys bool getContentArchiveHeaderKey(fnd::aes::sAesXts128Key& key) const; - bool getContentArchiveHeader0SignKey(fnd::rsa::sRsa2048Key& key) const; + bool getContentArchiveHeader0SignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const; bool getAcidSignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const; bool getNcaKeyAreaEncryptionKey(byte_t masterkey_index, byte_t keak_type, fnd::aes::sAes128Key& key) const; bool getNcaKeyAreaEncryptionKeyHw(byte_t masterkey_index, byte_t keak_type, fnd::aes::sAes128Key& key) const; diff --git a/src/NcaProcess.cpp b/src/NcaProcess.cpp index 334af7b..1d383c7 100644 --- a/src/NcaProcess.cpp +++ b/src/NcaProcess.cpp @@ -392,7 +392,7 @@ void NcaProcess::validateNcaSignatures() { // validate signature[0] fnd::rsa::sRsa2048Key sign0_key; - mKeyCfg.getContentArchiveHeader0SignKey(sign0_key); + mKeyCfg.getContentArchiveHeader0SignKey(sign0_key, mHdr.getSignatureKeyGeneration()); if (fnd::rsa::pss::rsaVerify(sign0_key, fnd::sha::HASH_SHA256, mHdrHash.bytes, mHdrBlock.signature_main) != 0) { std::cout << "[WARNING] NCA Header Main Signature: FAIL" << std::endl; @@ -417,10 +417,12 @@ void NcaProcess::validateNcaSignatures() MetaProcess npdm; npdm.setInputFile(new fnd::OffsetAdjustedIFile(mPartitions[nn::hac::nca::PARTITION_CODE].reader, file.offset, file.size)); + npdm.setKeyCfg(mKeyCfg); + npdm.setVerifyMode(true); npdm.setCliOutputMode(0); npdm.process(); - if (fnd::rsa::pss::rsaVerify(npdm.getMeta().getAcid().getContentArchiveHeaderSignature2Key(), fnd::sha::HASH_SHA256, mHdrHash.bytes, mHdrBlock.signature_acid) != 0) + if (fnd::rsa::pss::rsaVerify(npdm.getMeta().getAccessControlInfoDesc().getContentArchiveHeaderSignature2Key(), fnd::sha::HASH_SHA256, mHdrHash.bytes, mHdrBlock.signature_acid) != 0) { std::cout << "[WARNING] NCA Header ACID Signature: FAIL" << std::endl; } @@ -450,6 +452,7 @@ void NcaProcess::displayHeader() std::cout << " Dist. Type: " << nn::hac::ContentArchiveUtil::getDistributionTypeAsString(mHdr.getDistributionType()) << std::endl; std::cout << " Content Type: " << nn::hac::ContentArchiveUtil::getContentTypeAsString(mHdr.getContentType()) << std::endl; std::cout << " Key Generation: " << std::dec << (uint32_t)mHdr.getKeyGeneration() << std::endl; + std::cout << " Sig. Generation: " << std::dec << (uint32_t)mHdr.getSignatureKeyGeneration() << std::endl; std::cout << " Kaek Index: " << nn::hac::ContentArchiveUtil::getKeyAreaEncryptionKeyIndexAsString((nn::hac::nca::KeyAreaEncryptionKeyIndex)mHdr.getKeyAreaEncryptionKeyIndex()) << " (" << std::dec << (uint32_t)mHdr.getKeyAreaEncryptionKeyIndex() << ")" << std::endl; std::cout << " Size: 0x" << std::hex << mHdr.getContentSize() << std::endl; std::cout << " ProgID: 0x" << std::hex << std::setw(16) << std::setfill('0') << mHdr.getProgramId() << std::endl; diff --git a/src/UserSettings.cpp b/src/UserSettings.cpp index 955dd97..16542d5 100644 --- a/src/UserSettings.cpp +++ b/src/UserSettings.cpp @@ -912,7 +912,7 @@ void UserSettings::dumpKeyConfig() const std::cout << "[KeyConfiguration]" << std::endl; std::cout << " NCA Keys:" << std::endl; - if (mKeyCfg.getContentArchiveHeader0SignKey(rsa2048_key) == true) + if (mKeyCfg.getContentArchiveHeader0SignKey(rsa2048_key, 0x00) == true) dumpRsa2048Key(rsa2048_key, "Header Signature[0] Key", 2); if (mKeyCfg.getContentArchiveHeaderKey(aesxts_key) == true) dumpAesXtsKey(aesxts_key, "Header Encryption Key", 2);