nstool/lib/libhac/source/AccessControlInfoDesc.cpp

#include <nn/hac/AccessControlInfoDesc.h>

nn::hac::AccessControlInfoDesc::AccessControlInfoDesc()
{
	clear();
}

nn::hac::AccessControlInfoDesc::AccessControlInfoDesc(const AccessControlInfoDesc & other)
{
	*this = other;
}

void nn::hac::AccessControlInfoDesc::operator=(const AccessControlInfoDesc & other)
{
	mRawBinary = other.mRawBinary;
	mNcaHeaderSignature2Key = other.mNcaHeaderSignature2Key;
	mFlags = other.mFlags;
	mProgramIdRestrict = other.mProgramIdRestrict;
	mFileSystemAccessControl = other.mFileSystemAccessControl;
	mServiceAccessControl = other.mServiceAccessControl;
	mKernelCapabilities = other.mKernelCapabilities;
}

bool nn::hac::AccessControlInfoDesc::operator==(const AccessControlInfoDesc & other) const
{
	return (mNcaHeaderSignature2Key == other.mNcaHeaderSignature2Key) \
		&& (mFlags == other.mFlags) \
		&& (mProgramIdRestrict == other.mProgramIdRestrict) \
		&& (mFileSystemAccessControl == other.mFileSystemAccessControl) \
		&& (mServiceAccessControl == other.mServiceAccessControl) \
		&& (mKernelCapabilities == other.mKernelCapabilities);
}

bool nn::hac::AccessControlInfoDesc::operator!=(const AccessControlInfoDesc & other) const
{
	return !(*this == other);
}

void nn::hac::AccessControlInfoDesc::toBytes()
{
	// serialise the sections
	mFileSystemAccessControl.toBytes();
	mServiceAccessControl.toBytes();
	mKernelCapabilities.toBytes();

	// determine section layout
	struct sLayout {
		uint32_t offset, size;
	} fac, sac, kc;

	fac.offset = (uint32_t)align(sizeof(sAciDescHeader), aci::kSectionAlignSize);
	fac.size = (uint32_t)mFileSystemAccessControl.getBytes().size();
	sac.offset = (uint32_t)align(fac.offset + fac.size, aci::kSectionAlignSize);
	sac.size = (uint32_t)mServiceAccessControl.getBytes().size();
	kc.offset = (uint32_t)align(sac.offset + sac.size, aci::kSectionAlignSize);
	kc.size = (uint32_t)mKernelCapabilities.getBytes().size();

	// get total size
	size_t total_size = _MAX(_MAX(fac.offset + fac.size, sac.offset + sac.size), kc.offset + kc.size); 

	mRawBinary.alloc(total_size);
	sAciDescHeader* hdr = (sAciDescHeader*)mRawBinary.data();

	// set rsa modulus
	memcpy(hdr->nca_rsa_signature2_modulus, mNcaHeaderSignature2Key.modulus, fnd::rsa::kRsa2048Size);

	// set type
	hdr->st_magic = aci::kAciDescStructMagic;

	// set "acid size"
	hdr->signed_size = (uint32_t)(total_size - fnd::rsa::kRsa2048Size);

	// set flags
	uint32_t flags = 0;
	for (size_t i = 0; i < mFlags.size(); i++)
		flags |= _BIT(mFlags[i]);
	hdr->flags = flags;

	// set program id restrict settings
	hdr->program_id_min = mProgramIdRestrict.min;
	hdr->program_id_max = mProgramIdRestrict.max;

	// set offset/size
	hdr->fac.offset = fac.offset;
	hdr->fac.size = fac.size;
	hdr->sac.offset = sac.offset;
	hdr->sac.size = sac.size;
	hdr->kc.offset = kc.offset;
	hdr->kc.size = kc.size;

	// write data
	memcpy(mRawBinary.data() + fac.offset, mFileSystemAccessControl.getBytes().data(), fac.size);
	memcpy(mRawBinary.data() + sac.offset, mServiceAccessControl.getBytes().data(), sac.size);
	memcpy(mRawBinary.data() + kc.offset, mKernelCapabilities.getBytes().data(), kc.size);
}

void nn::hac::AccessControlInfoDesc::fromBytes(const byte_t* data, size_t len)
{
	// check size
	if (len < sizeof(sAciDescHeader))
	{
		throw fnd::Exception(kModuleName, "AccessControlInfoDesc binary is too small");
	}
	
	// clear variables
	clear();

	// save a copy of the header
	sAciDescHeader hdr;
	memcpy((void*)&hdr, data, sizeof(sAciDescHeader));

	// check magic
	if (hdr.st_magic.get() != aci::kAciDescStructMagic)
	{
		throw fnd::Exception(kModuleName, "AccessControlInfoDesc header corrupt");
	}
	
	// get total size
	size_t total_size = _MAX(_MAX(hdr.fac.offset.get() + hdr.fac.size.get(), hdr.sac.offset.get() + hdr.sac.size.get()), hdr.kc.offset.get() + hdr.kc.size.get()); 

	// validate binary size
	if (len < total_size)
	{
		throw fnd::Exception(kModuleName, "AccessControlInfoDesc binary is too small");
	}

	// allocate memory for header
	mRawBinary.alloc(total_size);
	memcpy(mRawBinary.data(), data, mRawBinary.size());

	// save variables
	memcpy(mNcaHeaderSignature2Key.modulus, hdr.nca_rsa_signature2_modulus, fnd::rsa::kRsa2048Size);

	for (size_t i = 0; i < 32; i++)
	{
		if (_HAS_BIT(hdr.flags.get(), i))
			mFlags.addElement((aci::Flag)i);
	}

	mProgramIdRestrict.min = hdr.program_id_min.get();
	mProgramIdRestrict.max = hdr.program_id_max.get();

	mFileSystemAccessControl.fromBytes(mRawBinary.data() + hdr.fac.offset.get(), hdr.fac.size.get());
	mServiceAccessControl.fromBytes(mRawBinary.data() + hdr.sac.offset.get(), hdr.sac.size.get());
	mKernelCapabilities.fromBytes(mRawBinary.data() + hdr.kc.offset.get(), hdr.kc.size.get());
}

const fnd::Vec<byte_t>& nn::hac::AccessControlInfoDesc::getBytes() const
{
	return mRawBinary;
}

void nn::hac::AccessControlInfoDesc::generateSignature(const fnd::rsa::sRsa2048Key& key)
{
	if (mRawBinary.size() == 0)
		toBytes();

	byte_t hash[fnd::sha::kSha256HashLen];
	fnd::sha::Sha256(mRawBinary.data() + fnd::rsa::kRsa2048Size, mRawBinary.size() - fnd::rsa::kRsa2048Size, hash);

	if (fnd::rsa::pss::rsaSign(key, fnd::sha::HASH_SHA256, hash, mRawBinary.data()) != 0)
	{
		throw fnd::Exception(kModuleName, "Failed to sign Access Control Info Desc");
	}
}

void nn::hac::AccessControlInfoDesc::validateSignature(const fnd::rsa::sRsa2048Key& key) const
{
	if (mRawBinary.size() == 0)
		throw fnd::Exception(kModuleName, "No Access Control Info Desc binary exists to verify");

	byte_t hash[fnd::sha::kSha256HashLen];
	fnd::sha::Sha256(mRawBinary.data() + fnd::rsa::kRsa2048Size, mRawBinary.size() - fnd::rsa::kRsa2048Size, hash);

	if (fnd::rsa::pss::rsaVerify(key, fnd::sha::HASH_SHA256, hash, mRawBinary.data()) != 0)
	{
		throw fnd::Exception(kModuleName, "Failed to verify Access Control Info Desc");
	}
}

void nn::hac::AccessControlInfoDesc::clear()
{
	mRawBinary.clear();
	memset((void*)&mNcaHeaderSignature2Key, 0, sizeof(mNcaHeaderSignature2Key));
	mFlags.clear();
	mProgramIdRestrict.min = 0;
	mProgramIdRestrict.max = 0;
	mFileSystemAccessControl.clear();
	mServiceAccessControl.clear();
	mKernelCapabilities.clear();
}

const fnd::rsa::sRsa2048Key& nn::hac::AccessControlInfoDesc::getNcaHeaderSignature2Key() const
{
	return mNcaHeaderSignature2Key;
}

void nn::hac::AccessControlInfoDesc::setNcaHeaderSignature2Key(const fnd::rsa::sRsa2048Key& key)
{
	mNcaHeaderSignature2Key = key;
}

const fnd::List<nn::hac::aci::Flag>& nn::hac::AccessControlInfoDesc::getFlagList() const
{
	return mFlags;
}

void nn::hac::AccessControlInfoDesc::setFlagList(const fnd::List<nn::hac::aci::Flag>& flags)
{
	mFlags = flags;
}

const nn::hac::AccessControlInfoDesc::sProgramIdRestrict&  nn::hac::AccessControlInfoDesc::getProgramIdRestrict() const
{
	return mProgramIdRestrict;
}

void nn::hac::AccessControlInfoDesc::setProgramIdRestrict(const sProgramIdRestrict& pid_restrict)
{
	mProgramIdRestrict = pid_restrict;
}

const nn::hac::FileSystemAccessControlBinary& nn::hac::AccessControlInfoDesc::getFileSystemAccessControl() const
{
	return mFileSystemAccessControl;
}

void nn::hac::AccessControlInfoDesc::setFileSystemAccessControl(const nn::hac::FileSystemAccessControlBinary& fac)
{
	mFileSystemAccessControl = fac;
}

const nn::hac::ServiceAccessControlBinary& nn::hac::AccessControlInfoDesc::getServiceAccessControl() const
{
	return mServiceAccessControl;
}

void nn::hac::AccessControlInfoDesc::setServiceAccessControl(const nn::hac::ServiceAccessControlBinary& sac)
{
	mServiceAccessControl = sac;
}

const nn::hac::KernelCapabilityBinary& nn::hac::AccessControlInfoDesc::getKernelCapabilities() const
{
	return mKernelCapabilities;
}

void nn::hac::AccessControlInfoDesc::setKernelCapabilities(const nn::hac::KernelCapabilityBinary& kc)
{
	mKernelCapabilities = kc;
}