diff --git a/libraries/libstratosphere/include/stratosphere/fssystem/fssystem_nca_file_system_driver.hpp b/libraries/libstratosphere/include/stratosphere/fssystem/fssystem_nca_file_system_driver.hpp index dd78929c9..f35d33307 100644 --- a/libraries/libstratosphere/include/stratosphere/fssystem/fssystem_nca_file_system_driver.hpp +++ b/libraries/libstratosphere/include/stratosphere/fssystem/fssystem_nca_file_system_driver.hpp @@ -38,7 +38,7 @@ namespace ams::fssystem { using DecryptAesCtrFunction = void (*)(void *dst, size_t dst_size, u8 key_index, u8 key_generation, const void *src_key, size_t src_key_size, const void *iv, size_t iv_size, const void *src, size_t src_size); using CryptAesXtsFunction = Result (*)(void *dst, size_t dst_size, const void *key1, const void *key2, size_t key_size, const void *iv, size_t iv_size, const void *src, size_t src_size); - using VerifySign1Function = bool (*)(const void *sig, size_t sig_size, const void *data, size_t data_size, u8 generation, const NcaCryptoConfiguration &cfg); + using VerifySign1Function = bool (*)(const void *sig, size_t sig_size, const void *data, size_t data_size, u8 generation); struct NcaCryptoConfiguration { static constexpr size_t Rsa2048KeyModulusSize = crypto::Rsa2048PssSha256Verifier::ModulusSize; diff --git a/libraries/libstratosphere/source/fs/fs_access_log.cpp b/libraries/libstratosphere/source/fs/fs_access_log.cpp index 8427e0bb3..18a760b61 100644 --- a/libraries/libstratosphere/source/fs/fs_access_log.cpp +++ b/libraries/libstratosphere/source/fs/fs_access_log.cpp @@ -253,6 +253,8 @@ namespace ams::fs::impl { ADD_ENUM_CASE(AesXts); ADD_ENUM_CASE(AesCtr); ADD_ENUM_CASE(AesCtrEx); + ADD_ENUM_CASE(AesCtrSkipLayerHash); + ADD_ENUM_CASE(AesCtrExSkipLayerHash); default: return ToValueString(static_cast(id)); } } @@ -264,6 +266,18 @@ namespace ams::fs::impl { ADD_ENUM_CASE(None); ADD_ENUM_CASE(HierarchicalSha256Hash); ADD_ENUM_CASE(HierarchicalIntegrityHash); + ADD_ENUM_CASE(AutoSha3); + ADD_ENUM_CASE(HierarchicalSha3256Hash); + ADD_ENUM_CASE(HierarchicalIntegritySha3Hash); + default: return ToValueString(static_cast(id)); + } + } + + template<> const char *IdString::ToString(fssystem::NcaFsHeader::MetaDataHashType id) { + switch (id) { + using enum fssystem::NcaFsHeader::MetaDataHashType; + ADD_ENUM_CASE(None); + ADD_ENUM_CASE(HierarchicalIntegrity); default: return ToValueString(static_cast(id)); } } diff --git a/libraries/libstratosphere/source/fssystem/fssystem_crypto_configuration.cpp b/libraries/libstratosphere/source/fssystem/fssystem_crypto_configuration.cpp index 5a3179a28..4575a0df4 100644 --- a/libraries/libstratosphere/source/fssystem/fssystem_crypto_configuration.cpp +++ b/libraries/libstratosphere/source/fssystem/fssystem_crypto_configuration.cpp @@ -214,10 +214,19 @@ namespace ams::fssystem { ComputeCtr(dst, dst_size, accessor->GetKeySlotIndex(), src, src_size, iv, iv_size); } - bool VerifySign1(const void *sig, size_t sig_size, const void *data, size_t data_size, u8 generation, const NcaCryptoConfiguration &cfg) { - const u8 *mod = cfg.header_1_sign_key_moduli[generation]; + bool VerifySign1Prod(const void *sig, size_t sig_size, const void *data, size_t data_size, u8 generation) { + const u8 *mod = g_nca_crypto_configuration_prod.header_1_sign_key_moduli[generation]; const size_t mod_size = NcaCryptoConfiguration::Rsa2048KeyModulusSize; - const u8 *exp = cfg.header_1_sign_key_public_exponent; + const u8 *exp = g_nca_crypto_configuration_prod.header_1_sign_key_public_exponent; + const size_t exp_size = NcaCryptoConfiguration::Rsa2048KeyPublicExponentSize; + + return crypto::VerifyRsa2048PssSha256(sig, sig_size, mod, mod_size, exp, exp_size, data, data_size); + } + + bool VerifySign1Dev(const void *sig, size_t sig_size, const void *data, size_t data_size, u8 generation) { + const u8 *mod = g_nca_crypto_configuration_dev.header_1_sign_key_moduli[generation]; + const size_t mod_size = NcaCryptoConfiguration::Rsa2048KeyModulusSize; + const u8 *exp = g_nca_crypto_configuration_dev.header_1_sign_key_public_exponent; const size_t exp_size = NcaCryptoConfiguration::Rsa2048KeyPublicExponentSize; return crypto::VerifyRsa2048PssSha256(sig, sig_size, mod, mod_size, exp, exp_size, data, data_size); @@ -227,7 +236,7 @@ namespace ams::fssystem { const ::ams::fssystem::NcaCryptoConfiguration *GetNcaCryptoConfiguration(bool prod) { /* Decide which configuration to use. */ - NcaCryptoConfiguration *cfg = prod ? std::addressof(g_nca_crypto_configuration_prod) : std::addressof(g_nca_crypto_configuration_dev); + NcaCryptoConfiguration * const cfg = prod ? std::addressof(g_nca_crypto_configuration_prod) : std::addressof(g_nca_crypto_configuration_dev); std::memcpy(cfg, fssrv::GetDefaultNcaCryptoConfiguration(prod), sizeof(NcaCryptoConfiguration)); /* Set the key generation functions. */ @@ -236,7 +245,7 @@ namespace ams::fssystem { cfg->encrypt_aes_xts_external = nullptr; cfg->decrypt_aes_ctr = DecryptAesCtr; cfg->decrypt_aes_ctr_external = DecryptAesCtrForPreparedKey; - cfg->verify_sign1 = VerifySign1; + cfg->verify_sign1 = prod ? VerifySign1Prod : VerifySign1Dev; cfg->is_plaintext_header_available = !prod; cfg->is_available_sw_key = true; diff --git a/libraries/libstratosphere/source/fssystem/fssystem_nca_reader.cpp b/libraries/libstratosphere/source/fssystem/fssystem_nca_reader.cpp index 3bc816f50..815fa021e 100644 --- a/libraries/libstratosphere/source/fssystem/fssystem_nca_reader.cpp +++ b/libraries/libstratosphere/source/fssystem/fssystem_nca_reader.cpp @@ -122,7 +122,7 @@ namespace ams::fssystem { const u8 *msg = static_cast(static_cast(std::addressof(m_header.magic))); const size_t msg_size = NcaHeader::Size - NcaHeader::HeaderSignSize * NcaHeader::HeaderSignCount; - m_is_header_sign1_signature_valid = crypto_cfg.verify_sign1(sig, sig_size, msg, msg_size, m_header.header1_signature_key_generation, crypto_cfg); + m_is_header_sign1_signature_valid = crypto_cfg.verify_sign1(sig, sig_size, msg, msg_size, m_header.header1_signature_key_generation); #if defined(ATMOSPHERE_BOARD_NINTENDO_NX) R_UNLESS(m_is_header_sign1_signature_valid, fs::ResultNcaHeaderSignature1VerificationFailed());