fs: update signature for VerifySign1

This commit is contained in:
Michael Scire 2022-04-01 21:06:26 -07:00
parent 2e6223d9d0
commit d7f89a0c31
4 changed files with 30 additions and 7 deletions

View File

@ -38,7 +38,7 @@ namespace ams::fssystem {
using DecryptAesCtrFunction = void (*)(void *dst, size_t dst_size, u8 key_index, u8 key_generation, const void *src_key, size_t src_key_size, const void *iv, size_t iv_size, const void *src, size_t src_size);
using CryptAesXtsFunction = Result (*)(void *dst, size_t dst_size, const void *key1, const void *key2, size_t key_size, const void *iv, size_t iv_size, const void *src, size_t src_size);
using VerifySign1Function = bool (*)(const void *sig, size_t sig_size, const void *data, size_t data_size, u8 generation, const NcaCryptoConfiguration &cfg);
using VerifySign1Function = bool (*)(const void *sig, size_t sig_size, const void *data, size_t data_size, u8 generation);
struct NcaCryptoConfiguration {
static constexpr size_t Rsa2048KeyModulusSize = crypto::Rsa2048PssSha256Verifier::ModulusSize;

View File

@ -253,6 +253,8 @@ namespace ams::fs::impl {
ADD_ENUM_CASE(AesXts);
ADD_ENUM_CASE(AesCtr);
ADD_ENUM_CASE(AesCtrEx);
ADD_ENUM_CASE(AesCtrSkipLayerHash);
ADD_ENUM_CASE(AesCtrExSkipLayerHash);
default: return ToValueString(static_cast<int>(id));
}
}
@ -264,6 +266,18 @@ namespace ams::fs::impl {
ADD_ENUM_CASE(None);
ADD_ENUM_CASE(HierarchicalSha256Hash);
ADD_ENUM_CASE(HierarchicalIntegrityHash);
ADD_ENUM_CASE(AutoSha3);
ADD_ENUM_CASE(HierarchicalSha3256Hash);
ADD_ENUM_CASE(HierarchicalIntegritySha3Hash);
default: return ToValueString(static_cast<int>(id));
}
}
template<> const char *IdString::ToString<fssystem::NcaFsHeader::MetaDataHashType>(fssystem::NcaFsHeader::MetaDataHashType id) {
switch (id) {
using enum fssystem::NcaFsHeader::MetaDataHashType;
ADD_ENUM_CASE(None);
ADD_ENUM_CASE(HierarchicalIntegrity);
default: return ToValueString(static_cast<int>(id));
}
}

View File

@ -214,10 +214,19 @@ namespace ams::fssystem {
ComputeCtr(dst, dst_size, accessor->GetKeySlotIndex(), src, src_size, iv, iv_size);
}
bool VerifySign1(const void *sig, size_t sig_size, const void *data, size_t data_size, u8 generation, const NcaCryptoConfiguration &cfg) {
const u8 *mod = cfg.header_1_sign_key_moduli[generation];
bool VerifySign1Prod(const void *sig, size_t sig_size, const void *data, size_t data_size, u8 generation) {
const u8 *mod = g_nca_crypto_configuration_prod.header_1_sign_key_moduli[generation];
const size_t mod_size = NcaCryptoConfiguration::Rsa2048KeyModulusSize;
const u8 *exp = cfg.header_1_sign_key_public_exponent;
const u8 *exp = g_nca_crypto_configuration_prod.header_1_sign_key_public_exponent;
const size_t exp_size = NcaCryptoConfiguration::Rsa2048KeyPublicExponentSize;
return crypto::VerifyRsa2048PssSha256(sig, sig_size, mod, mod_size, exp, exp_size, data, data_size);
}
bool VerifySign1Dev(const void *sig, size_t sig_size, const void *data, size_t data_size, u8 generation) {
const u8 *mod = g_nca_crypto_configuration_dev.header_1_sign_key_moduli[generation];
const size_t mod_size = NcaCryptoConfiguration::Rsa2048KeyModulusSize;
const u8 *exp = g_nca_crypto_configuration_dev.header_1_sign_key_public_exponent;
const size_t exp_size = NcaCryptoConfiguration::Rsa2048KeyPublicExponentSize;
return crypto::VerifyRsa2048PssSha256(sig, sig_size, mod, mod_size, exp, exp_size, data, data_size);
@ -227,7 +236,7 @@ namespace ams::fssystem {
const ::ams::fssystem::NcaCryptoConfiguration *GetNcaCryptoConfiguration(bool prod) {
/* Decide which configuration to use. */
NcaCryptoConfiguration *cfg = prod ? std::addressof(g_nca_crypto_configuration_prod) : std::addressof(g_nca_crypto_configuration_dev);
NcaCryptoConfiguration * const cfg = prod ? std::addressof(g_nca_crypto_configuration_prod) : std::addressof(g_nca_crypto_configuration_dev);
std::memcpy(cfg, fssrv::GetDefaultNcaCryptoConfiguration(prod), sizeof(NcaCryptoConfiguration));
/* Set the key generation functions. */
@ -236,7 +245,7 @@ namespace ams::fssystem {
cfg->encrypt_aes_xts_external = nullptr;
cfg->decrypt_aes_ctr = DecryptAesCtr;
cfg->decrypt_aes_ctr_external = DecryptAesCtrForPreparedKey;
cfg->verify_sign1 = VerifySign1;
cfg->verify_sign1 = prod ? VerifySign1Prod : VerifySign1Dev;
cfg->is_plaintext_header_available = !prod;
cfg->is_available_sw_key = true;

View File

@ -122,7 +122,7 @@ namespace ams::fssystem {
const u8 *msg = static_cast<const u8 *>(static_cast<const void *>(std::addressof(m_header.magic)));
const size_t msg_size = NcaHeader::Size - NcaHeader::HeaderSignSize * NcaHeader::HeaderSignCount;
m_is_header_sign1_signature_valid = crypto_cfg.verify_sign1(sig, sig_size, msg, msg_size, m_header.header1_signature_key_generation, crypto_cfg);
m_is_header_sign1_signature_valid = crypto_cfg.verify_sign1(sig, sig_size, msg, msg_size, m_header.header1_signature_key_generation);
#if defined(ATMOSPHERE_BOARD_NINTENDO_NX)
R_UNLESS(m_is_header_sign1_signature_valid, fs::ResultNcaHeaderSignature1VerificationFailed());