Add initial support for NCA signature key generations.

This commit is contained in:
Jack 2020-03-10 19:02:56 +08:00
parent 74de59f6dd
commit 3851ee66c5
4 changed files with 21 additions and 6 deletions

View file

@ -225,9 +225,21 @@ bool KeyConfiguration::getContentArchiveHeaderKey(fnd::aes::sAesXts128Key& key)
return copyOutKeyResourceIfExists(mContentArchiveHeaderKey, key, kNullAesXtsKey); return copyOutKeyResourceIfExists(mContentArchiveHeaderKey, key, kNullAesXtsKey);
} }
bool KeyConfiguration::getContentArchiveHeader0SignKey(fnd::rsa::sRsa2048Key& key) const bool KeyConfiguration::getContentArchiveHeader0SignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const
{ {
return copyOutKeyResourceIfExists(mContentArchiveHeader0SignKey, key, kNullRsa2048Key); // TODO: This needs to be changed to support multiple keys
bool keyIsFound = false;
switch (key_generation)
{
case (0x00):
keyIsFound = copyOutKeyResourceIfExists(mContentArchiveHeader0SignKey, key, kNullRsa2048Key);
break;
default:
keyIsFound = false;
}
return keyIsFound;
} }
bool KeyConfiguration::getAcidSignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const bool KeyConfiguration::getAcidSignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const

View file

@ -25,7 +25,7 @@ public:
// nca keys // nca keys
bool getContentArchiveHeaderKey(fnd::aes::sAesXts128Key& key) const; bool getContentArchiveHeaderKey(fnd::aes::sAesXts128Key& key) const;
bool getContentArchiveHeader0SignKey(fnd::rsa::sRsa2048Key& key) const; bool getContentArchiveHeader0SignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const;
bool getAcidSignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const; bool getAcidSignKey(fnd::rsa::sRsa2048Key& key, byte_t key_generation) const;
bool getNcaKeyAreaEncryptionKey(byte_t masterkey_index, byte_t keak_type, fnd::aes::sAes128Key& key) const; bool getNcaKeyAreaEncryptionKey(byte_t masterkey_index, byte_t keak_type, fnd::aes::sAes128Key& key) const;
bool getNcaKeyAreaEncryptionKeyHw(byte_t masterkey_index, byte_t keak_type, fnd::aes::sAes128Key& key) const; bool getNcaKeyAreaEncryptionKeyHw(byte_t masterkey_index, byte_t keak_type, fnd::aes::sAes128Key& key) const;

View file

@ -392,7 +392,7 @@ void NcaProcess::validateNcaSignatures()
{ {
// validate signature[0] // validate signature[0]
fnd::rsa::sRsa2048Key sign0_key; fnd::rsa::sRsa2048Key sign0_key;
mKeyCfg.getContentArchiveHeader0SignKey(sign0_key); mKeyCfg.getContentArchiveHeader0SignKey(sign0_key, mHdr.getSignatureKeyGeneration());
if (fnd::rsa::pss::rsaVerify(sign0_key, fnd::sha::HASH_SHA256, mHdrHash.bytes, mHdrBlock.signature_main) != 0) if (fnd::rsa::pss::rsaVerify(sign0_key, fnd::sha::HASH_SHA256, mHdrHash.bytes, mHdrBlock.signature_main) != 0)
{ {
std::cout << "[WARNING] NCA Header Main Signature: FAIL" << std::endl; std::cout << "[WARNING] NCA Header Main Signature: FAIL" << std::endl;
@ -417,10 +417,12 @@ void NcaProcess::validateNcaSignatures()
MetaProcess npdm; MetaProcess npdm;
npdm.setInputFile(new fnd::OffsetAdjustedIFile(mPartitions[nn::hac::nca::PARTITION_CODE].reader, file.offset, file.size)); npdm.setInputFile(new fnd::OffsetAdjustedIFile(mPartitions[nn::hac::nca::PARTITION_CODE].reader, file.offset, file.size));
npdm.setKeyCfg(mKeyCfg);
npdm.setVerifyMode(true);
npdm.setCliOutputMode(0); npdm.setCliOutputMode(0);
npdm.process(); npdm.process();
if (fnd::rsa::pss::rsaVerify(npdm.getMeta().getAcid().getContentArchiveHeaderSignature2Key(), fnd::sha::HASH_SHA256, mHdrHash.bytes, mHdrBlock.signature_acid) != 0) if (fnd::rsa::pss::rsaVerify(npdm.getMeta().getAccessControlInfoDesc().getContentArchiveHeaderSignature2Key(), fnd::sha::HASH_SHA256, mHdrHash.bytes, mHdrBlock.signature_acid) != 0)
{ {
std::cout << "[WARNING] NCA Header ACID Signature: FAIL" << std::endl; std::cout << "[WARNING] NCA Header ACID Signature: FAIL" << std::endl;
} }
@ -450,6 +452,7 @@ void NcaProcess::displayHeader()
std::cout << " Dist. Type: " << nn::hac::ContentArchiveUtil::getDistributionTypeAsString(mHdr.getDistributionType()) << std::endl; std::cout << " Dist. Type: " << nn::hac::ContentArchiveUtil::getDistributionTypeAsString(mHdr.getDistributionType()) << std::endl;
std::cout << " Content Type: " << nn::hac::ContentArchiveUtil::getContentTypeAsString(mHdr.getContentType()) << std::endl; std::cout << " Content Type: " << nn::hac::ContentArchiveUtil::getContentTypeAsString(mHdr.getContentType()) << std::endl;
std::cout << " Key Generation: " << std::dec << (uint32_t)mHdr.getKeyGeneration() << std::endl; std::cout << " Key Generation: " << std::dec << (uint32_t)mHdr.getKeyGeneration() << std::endl;
std::cout << " Sig. Generation: " << std::dec << (uint32_t)mHdr.getSignatureKeyGeneration() << std::endl;
std::cout << " Kaek Index: " << nn::hac::ContentArchiveUtil::getKeyAreaEncryptionKeyIndexAsString((nn::hac::nca::KeyAreaEncryptionKeyIndex)mHdr.getKeyAreaEncryptionKeyIndex()) << " (" << std::dec << (uint32_t)mHdr.getKeyAreaEncryptionKeyIndex() << ")" << std::endl; std::cout << " Kaek Index: " << nn::hac::ContentArchiveUtil::getKeyAreaEncryptionKeyIndexAsString((nn::hac::nca::KeyAreaEncryptionKeyIndex)mHdr.getKeyAreaEncryptionKeyIndex()) << " (" << std::dec << (uint32_t)mHdr.getKeyAreaEncryptionKeyIndex() << ")" << std::endl;
std::cout << " Size: 0x" << std::hex << mHdr.getContentSize() << std::endl; std::cout << " Size: 0x" << std::hex << mHdr.getContentSize() << std::endl;
std::cout << " ProgID: 0x" << std::hex << std::setw(16) << std::setfill('0') << mHdr.getProgramId() << std::endl; std::cout << " ProgID: 0x" << std::hex << std::setw(16) << std::setfill('0') << mHdr.getProgramId() << std::endl;

View file

@ -912,7 +912,7 @@ void UserSettings::dumpKeyConfig() const
std::cout << "[KeyConfiguration]" << std::endl; std::cout << "[KeyConfiguration]" << std::endl;
std::cout << " NCA Keys:" << std::endl; std::cout << " NCA Keys:" << std::endl;
if (mKeyCfg.getContentArchiveHeader0SignKey(rsa2048_key) == true) if (mKeyCfg.getContentArchiveHeader0SignKey(rsa2048_key, 0x00) == true)
dumpRsa2048Key(rsa2048_key, "Header Signature[0] Key", 2); dumpRsa2048Key(rsa2048_key, "Header Signature[0] Key", 2);
if (mKeyCfg.getContentArchiveHeaderKey(aesxts_key) == true) if (mKeyCfg.getContentArchiveHeaderKey(aesxts_key) == true)
dumpAesXtsKey(aesxts_key, "Header Encryption Key", 2); dumpAesXtsKey(aesxts_key, "Header Encryption Key", 2);