diff options
Diffstat (limited to 'src/core')
26 files changed, 379 insertions, 165 deletions
diff --git a/src/core/crypto/key_manager.cpp b/src/core/crypto/key_manager.cpp index 4ff2c50e5..e13c5cdc7 100644 --- a/src/core/crypto/key_manager.cpp +++ b/src/core/crypto/key_manager.cpp @@ -35,7 +35,6 @@ namespace Core::Crypto { namespace { constexpr u64 CURRENT_CRYPTO_REVISION = 0x5; -constexpr u64 FULL_TICKET_SIZE = 0x400; using Common::AsArray; @@ -156,6 +155,10 @@ u64 GetSignatureTypePaddingSize(SignatureType type) { UNREACHABLE(); } +bool Ticket::IsValid() const { + return !std::holds_alternative<std::monostate>(data); +} + SignatureType Ticket::GetSignatureType() const { if (const auto* ticket = std::get_if<RSA4096Ticket>(&data)) { return ticket->sig_type; @@ -210,6 +213,54 @@ Ticket Ticket::SynthesizeCommon(Key128 title_key, const std::array<u8, 16>& righ return Ticket{out}; } +Ticket Ticket::Read(const FileSys::VirtualFile& file) { + // Attempt to read up to the largest ticket size, and make sure we read at least a signature + // type. + std::array<u8, sizeof(RSA4096Ticket)> raw_data{}; + auto read_size = file->Read(raw_data.data(), raw_data.size(), 0); + if (read_size < sizeof(SignatureType)) { + LOG_WARNING(Crypto, "Attempted to read ticket file with invalid size {}.", read_size); + return Ticket{std::monostate()}; + } + return Read(std::span{raw_data}); +} + +Ticket Ticket::Read(std::span<const u8> raw_data) { + // Some tools read only 0x180 bytes of ticket data instead of 0x2C0, so + // just make sure we have at least the bare minimum of data to work with. + SignatureType sig_type; + if (raw_data.size() < sizeof(SignatureType)) { + LOG_WARNING(Crypto, "Attempted to parse ticket buffer with invalid size {}.", + raw_data.size()); + return Ticket{std::monostate()}; + } + std::memcpy(&sig_type, raw_data.data(), sizeof(sig_type)); + + switch (sig_type) { + case SignatureType::RSA_4096_SHA1: + case SignatureType::RSA_4096_SHA256: { + RSA4096Ticket ticket{}; + std::memcpy(&ticket, raw_data.data(), sizeof(ticket)); + return Ticket{ticket}; + } + case SignatureType::RSA_2048_SHA1: + case SignatureType::RSA_2048_SHA256: { + RSA2048Ticket ticket{}; + std::memcpy(&ticket, raw_data.data(), sizeof(ticket)); + return Ticket{ticket}; + } + case SignatureType::ECDSA_SHA1: + case SignatureType::ECDSA_SHA256: { + ECDSATicket ticket{}; + std::memcpy(&ticket, raw_data.data(), sizeof(ticket)); + return Ticket{ticket}; + } + default: + LOG_WARNING(Crypto, "Attempted to parse ticket buffer with invalid type {}.", sig_type); + return Ticket{std::monostate()}; + } +} + Key128 GenerateKeyEncryptionKey(Key128 source, Key128 master, Key128 kek_seed, Key128 key_seed) { Key128 out{}; @@ -290,9 +341,9 @@ void KeyManager::DeriveGeneralPurposeKeys(std::size_t crypto_revision) { } } -RSAKeyPair<2048> KeyManager::GetETicketRSAKey() const { +void KeyManager::DeriveETicketRSAKey() { if (IsAllZeroArray(eticket_extended_kek) || !HasKey(S128KeyType::ETicketRSAKek)) { - return {}; + return; } const auto eticket_final = GetKey(S128KeyType::ETicketRSAKek); @@ -304,12 +355,12 @@ RSAKeyPair<2048> KeyManager::GetETicketRSAKey() const { rsa_1.Transcode(eticket_extended_kek.data() + 0x10, eticket_extended_kek.size() - 0x10, extended_dec.data(), Op::Decrypt); - RSAKeyPair<2048> rsa_key{}; - std::memcpy(rsa_key.decryption_key.data(), extended_dec.data(), rsa_key.decryption_key.size()); - std::memcpy(rsa_key.modulus.data(), extended_dec.data() + 0x100, rsa_key.modulus.size()); - std::memcpy(rsa_key.exponent.data(), extended_dec.data() + 0x200, rsa_key.exponent.size()); - - return rsa_key; + std::memcpy(eticket_rsa_keypair.decryption_key.data(), extended_dec.data(), + eticket_rsa_keypair.decryption_key.size()); + std::memcpy(eticket_rsa_keypair.modulus.data(), extended_dec.data() + 0x100, + eticket_rsa_keypair.modulus.size()); + std::memcpy(eticket_rsa_keypair.exponent.data(), extended_dec.data() + 0x200, + eticket_rsa_keypair.exponent.size()); } Key128 DeriveKeyblobMACKey(const Key128& keyblob_key, const Key128& mac_source) { @@ -447,10 +498,12 @@ std::vector<Ticket> GetTicketblob(const Common::FS::IOFile& ticket_save) { for (std::size_t offset = 0; offset + 0x4 < buffer.size(); ++offset) { if (buffer[offset] == 0x4 && buffer[offset + 1] == 0x0 && buffer[offset + 2] == 0x1 && buffer[offset + 3] == 0x0) { - out.emplace_back(); - auto& next = out.back(); - std::memcpy(&next, buffer.data() + offset, sizeof(Ticket)); - offset += FULL_TICKET_SIZE; + // NOTE: Assumes ticket blob will only contain RSA-2048 tickets. + auto ticket = Ticket::Read(std::span{buffer.data() + offset, sizeof(RSA2048Ticket)}); + offset += sizeof(RSA2048Ticket); + if (ticket.IsValid()) { + out.push_back(ticket); + } } } @@ -503,25 +556,36 @@ static std::optional<u64> FindTicketOffset(const std::array<u8, size>& data) { return offset; } -std::optional<std::pair<Key128, Key128>> ParseTicket(const Ticket& ticket, - const RSAKeyPair<2048>& key) { +std::optional<Key128> KeyManager::ParseTicketTitleKey(const Ticket& ticket) { + if (!ticket.IsValid()) { + LOG_WARNING(Crypto, "Attempted to parse title key of invalid ticket."); + return std::nullopt; + } + + if (ticket.GetData().rights_id == Key128{}) { + LOG_WARNING(Crypto, "Attempted to parse title key of ticket with no rights ID."); + return std::nullopt; + } + const auto issuer = ticket.GetData().issuer; if (IsAllZeroArray(issuer)) { + LOG_WARNING(Crypto, "Attempted to parse title key of ticket with invalid issuer."); return std::nullopt; } + if (issuer[0] != 'R' || issuer[1] != 'o' || issuer[2] != 'o' || issuer[3] != 't') { - LOG_INFO(Crypto, "Attempting to parse ticket with non-standard certificate authority."); + LOG_WARNING(Crypto, "Parsing ticket with non-standard certificate authority."); } - Key128 rights_id = ticket.GetData().rights_id; - - if (rights_id == Key128{}) { - return std::nullopt; + if (ticket.GetData().type == TitleKeyType::Common) { + return ticket.GetData().title_key_common; } - if (!std::any_of(ticket.GetData().title_key_common_pad.begin(), - ticket.GetData().title_key_common_pad.end(), [](u8 b) { return b != 0; })) { - return std::make_pair(rights_id, ticket.GetData().title_key_common); + if (eticket_rsa_keypair == RSAKeyPair<2048>{}) { + LOG_WARNING( + Crypto, + "Skipping personalized ticket title key parsing due to missing ETicket RSA key-pair."); + return std::nullopt; } mbedtls_mpi D; // RSA Private Exponent @@ -534,9 +598,12 @@ std::optional<std::pair<Key128, Key128>> ParseTicket(const Ticket& ticket, mbedtls_mpi_init(&S); mbedtls_mpi_init(&M); - mbedtls_mpi_read_binary(&D, key.decryption_key.data(), key.decryption_key.size()); - mbedtls_mpi_read_binary(&N, key.modulus.data(), key.modulus.size()); - mbedtls_mpi_read_binary(&S, ticket.GetData().title_key_block.data(), 0x100); + const auto& title_key_block = ticket.GetData().title_key_block; + mbedtls_mpi_read_binary(&D, eticket_rsa_keypair.decryption_key.data(), + eticket_rsa_keypair.decryption_key.size()); + mbedtls_mpi_read_binary(&N, eticket_rsa_keypair.modulus.data(), + eticket_rsa_keypair.modulus.size()); + mbedtls_mpi_read_binary(&S, title_key_block.data(), title_key_block.size()); mbedtls_mpi_exp_mod(&M, &S, &D, &N, nullptr); @@ -564,8 +631,7 @@ std::optional<std::pair<Key128, Key128>> ParseTicket(const Ticket& ticket, Key128 key_temp{}; std::memcpy(key_temp.data(), m_2.data() + *offset, key_temp.size()); - - return std::make_pair(rights_id, key_temp); + return key_temp; } KeyManager::KeyManager() { @@ -669,6 +735,14 @@ void KeyManager::LoadFromFile(const std::filesystem::path& file_path, bool is_ti encrypted_keyblobs[index] = Common::HexStringToArray<0xB0>(out[1]); } else if (out[0].compare(0, 20, "eticket_extended_kek") == 0) { eticket_extended_kek = Common::HexStringToArray<576>(out[1]); + } else if (out[0].compare(0, 19, "eticket_rsa_keypair") == 0) { + const auto key_data = Common::HexStringToArray<528>(out[1]); + std::memcpy(eticket_rsa_keypair.decryption_key.data(), key_data.data(), + eticket_rsa_keypair.decryption_key.size()); + std::memcpy(eticket_rsa_keypair.modulus.data(), key_data.data() + 0x100, + eticket_rsa_keypair.modulus.size()); + std::memcpy(eticket_rsa_keypair.exponent.data(), key_data.data() + 0x200, + eticket_rsa_keypair.exponent.size()); } else { for (const auto& kv : KEYS_VARIABLE_LENGTH) { if (!ValidCryptoRevisionString(out[0], kv.second.size(), 2)) { @@ -1110,56 +1184,38 @@ void KeyManager::DeriveETicket(PartitionDataManager& data, eticket_extended_kek = data.GetETicketExtendedKek(); WriteKeyToFile(KeyCategory::Console, "eticket_extended_kek", eticket_extended_kek); + DeriveETicketRSAKey(); PopulateTickets(); } void KeyManager::PopulateTickets() { - const auto rsa_key = GetETicketRSAKey(); - - if (rsa_key == RSAKeyPair<2048>{}) { + if (ticket_databases_loaded) { return; } + ticket_databases_loaded = true; - if (!common_tickets.empty() && !personal_tickets.empty()) { - return; - } + std::vector<Ticket> tickets; const auto system_save_e1_path = Common::FS::GetYuzuPath(Common::FS::YuzuPath::NANDDir) / "system/save/80000000000000e1"; - - const Common::FS::IOFile save_e1{system_save_e1_path, Common::FS::FileAccessMode::Read, - Common::FS::FileType::BinaryFile}; + if (Common::FS::Exists(system_save_e1_path)) { + const Common::FS::IOFile save_e1{system_save_e1_path, Common::FS::FileAccessMode::Read, + Common::FS::FileType::BinaryFile}; + const auto blob1 = GetTicketblob(save_e1); + tickets.insert(tickets.end(), blob1.begin(), blob1.end()); + } const auto system_save_e2_path = Common::FS::GetYuzuPath(Common::FS::YuzuPath::NANDDir) / "system/save/80000000000000e2"; + if (Common::FS::Exists(system_save_e2_path)) { + const Common::FS::IOFile save_e2{system_save_e2_path, Common::FS::FileAccessMode::Read, + Common::FS::FileType::BinaryFile}; + const auto blob2 = GetTicketblob(save_e2); + tickets.insert(tickets.end(), blob2.begin(), blob2.end()); + } - const Common::FS::IOFile save_e2{system_save_e2_path, Common::FS::FileAccessMode::Read, - Common::FS::FileType::BinaryFile}; - - const auto blob2 = GetTicketblob(save_e2); - auto res = GetTicketblob(save_e1); - - const auto idx = res.size(); - res.insert(res.end(), blob2.begin(), blob2.end()); - - for (std::size_t i = 0; i < res.size(); ++i) { - const auto common = i < idx; - const auto pair = ParseTicket(res[i], rsa_key); - if (!pair) { - continue; - } - - const auto& [rid, key] = *pair; - u128 rights_id; - std::memcpy(rights_id.data(), rid.data(), rid.size()); - - if (common) { - common_tickets[rights_id] = res[i]; - } else { - personal_tickets[rights_id] = res[i]; - } - - SetKey(S128KeyType::Titlekey, key, rights_id[1], rights_id[0]); + for (const auto& ticket : tickets) { + AddTicket(ticket); } } @@ -1291,41 +1347,33 @@ const std::map<u128, Ticket>& KeyManager::GetPersonalizedTickets() const { return personal_tickets; } -bool KeyManager::AddTicketCommon(Ticket raw) { - const auto rsa_key = GetETicketRSAKey(); - if (rsa_key == RSAKeyPair<2048>{}) { - return false; - } - - const auto pair = ParseTicket(raw, rsa_key); - if (!pair) { +bool KeyManager::AddTicket(const Ticket& ticket) { + if (!ticket.IsValid()) { + LOG_WARNING(Crypto, "Attempted to add invalid ticket."); return false; } - const auto& [rid, key] = *pair; + const auto& rid = ticket.GetData().rights_id; u128 rights_id; std::memcpy(rights_id.data(), rid.data(), rid.size()); - common_tickets[rights_id] = raw; - SetKey(S128KeyType::Titlekey, key, rights_id[1], rights_id[0]); - return true; -} + if (ticket.GetData().type == Core::Crypto::TitleKeyType::Common) { + common_tickets[rights_id] = ticket; + } else { + personal_tickets[rights_id] = ticket; + } -bool KeyManager::AddTicketPersonalized(Ticket raw) { - const auto rsa_key = GetETicketRSAKey(); - if (rsa_key == RSAKeyPair<2048>{}) { - return false; + if (HasKey(S128KeyType::Titlekey, rights_id[1], rights_id[0])) { + LOG_DEBUG(Crypto, + "Skipping parsing title key from ticket for known rights ID {:016X}{:016X}.", + rights_id[1], rights_id[0]); + return true; } - const auto pair = ParseTicket(raw, rsa_key); - if (!pair) { + const auto key = ParseTicketTitleKey(ticket); + if (!key) { return false; } - - const auto& [rid, key] = *pair; - u128 rights_id; - std::memcpy(rights_id.data(), rid.data(), rid.size()); - common_tickets[rights_id] = raw; - SetKey(S128KeyType::Titlekey, key, rights_id[1], rights_id[0]); + SetKey(S128KeyType::Titlekey, key.value(), rights_id[1], rights_id[0]); return true; } } // namespace Core::Crypto diff --git a/src/core/crypto/key_manager.h b/src/core/crypto/key_manager.h index 8c864503b..2250eccec 100644 --- a/src/core/crypto/key_manager.h +++ b/src/core/crypto/key_manager.h @@ -7,6 +7,7 @@ #include <filesystem> #include <map> #include <optional> +#include <span> #include <string> #include <variant> @@ -29,8 +30,6 @@ enum class ResultStatus : u16; namespace Core::Crypto { -constexpr u64 TICKET_FILE_TITLEKEY_OFFSET = 0x180; - using Key128 = std::array<u8, 0x10>; using Key256 = std::array<u8, 0x20>; using SHA256Hash = std::array<u8, 0x20>; @@ -82,6 +81,7 @@ struct RSA4096Ticket { INSERT_PADDING_BYTES(0x3C); TicketData data; }; +static_assert(sizeof(RSA4096Ticket) == 0x500, "RSA4096Ticket has incorrect size."); struct RSA2048Ticket { SignatureType sig_type; @@ -89,6 +89,7 @@ struct RSA2048Ticket { INSERT_PADDING_BYTES(0x3C); TicketData data; }; +static_assert(sizeof(RSA2048Ticket) == 0x400, "RSA2048Ticket has incorrect size."); struct ECDSATicket { SignatureType sig_type; @@ -96,16 +97,41 @@ struct ECDSATicket { INSERT_PADDING_BYTES(0x40); TicketData data; }; +static_assert(sizeof(ECDSATicket) == 0x340, "ECDSATicket has incorrect size."); struct Ticket { - std::variant<RSA4096Ticket, RSA2048Ticket, ECDSATicket> data; - - SignatureType GetSignatureType() const; - TicketData& GetData(); - const TicketData& GetData() const; - u64 GetSize() const; - + std::variant<std::monostate, RSA4096Ticket, RSA2048Ticket, ECDSATicket> data; + + [[nodiscard]] bool IsValid() const; + [[nodiscard]] SignatureType GetSignatureType() const; + [[nodiscard]] TicketData& GetData(); + [[nodiscard]] const TicketData& GetData() const; + [[nodiscard]] u64 GetSize() const; + + /** + * Synthesizes a common ticket given a title key and rights ID. + * + * @param title_key Title key to store in the ticket. + * @param rights_id Rights ID the ticket is for. + * @return The synthesized common ticket. + */ static Ticket SynthesizeCommon(Key128 title_key, const std::array<u8, 0x10>& rights_id); + + /** + * Reads a ticket from a file. + * + * @param file File to read the ticket from. + * @return The read ticket. If the ticket data is invalid, Ticket::IsValid() will be false. + */ + static Ticket Read(const FileSys::VirtualFile& file); + + /** + * Reads a ticket from a memory buffer. + * + * @param raw_data Buffer to read the ticket from. + * @return The read ticket. If the ticket data is invalid, Ticket::IsValid() will be false. + */ + static Ticket Read(std::span<const u8> raw_data); }; static_assert(sizeof(Key128) == 16, "Key128 must be 128 bytes big."); @@ -264,8 +290,7 @@ public: const std::map<u128, Ticket>& GetCommonTickets() const; const std::map<u128, Ticket>& GetPersonalizedTickets() const; - bool AddTicketCommon(Ticket raw); - bool AddTicketPersonalized(Ticket raw); + bool AddTicket(const Ticket& ticket); void ReloadKeys(); bool AreKeysLoaded() const; @@ -279,10 +304,12 @@ private: // Map from rights ID to ticket std::map<u128, Ticket> common_tickets; std::map<u128, Ticket> personal_tickets; + bool ticket_databases_loaded = false; std::array<std::array<u8, 0xB0>, 0x20> encrypted_keyblobs{}; std::array<std::array<u8, 0x90>, 0x20> keyblobs{}; std::array<u8, 576> eticket_extended_kek{}; + RSAKeyPair<2048> eticket_rsa_keypair{}; bool dev_mode; void LoadFromFile(const std::filesystem::path& file_path, bool is_title_keys); @@ -293,10 +320,13 @@ private: void DeriveGeneralPurposeKeys(std::size_t crypto_revision); - RSAKeyPair<2048> GetETicketRSAKey() const; + void DeriveETicketRSAKey(); void SetKeyWrapped(S128KeyType id, Key128 key, u64 field1 = 0, u64 field2 = 0); void SetKeyWrapped(S256KeyType id, Key256 key, u64 field1 = 0, u64 field2 = 0); + + /// Parses the title key section of a ticket. + std::optional<Key128> ParseTicketTitleKey(const Ticket& ticket); }; Key128 GenerateKeyEncryptionKey(Key128 source, Key128 master, Key128 kek_seed, Key128 key_seed); @@ -311,9 +341,4 @@ Loader::ResultStatus DeriveSDKeys(std::array<Key256, 2>& sd_keys, KeyManager& ke std::vector<Ticket> GetTicketblob(const Common::FS::IOFile& ticket_save); -// Returns a pair of {rights_id, titlekey}. Fails if the ticket has no certificate authority -// (offset 0x140-0x144 is zero) -std::optional<std::pair<Key128, Key128>> ParseTicket(const Ticket& ticket, - const RSAKeyPair<2048>& eticket_extended_key); - } // namespace Core::Crypto diff --git a/src/core/file_sys/submission_package.cpp b/src/core/file_sys/submission_package.cpp index e1e89ce2d..68e8ec22f 100644 --- a/src/core/file_sys/submission_package.cpp +++ b/src/core/file_sys/submission_package.cpp @@ -164,24 +164,6 @@ VirtualFile NSP::GetNCAFile(u64 title_id, ContentRecordType type, TitleType titl return nullptr; } -std::vector<Core::Crypto::Key128> NSP::GetTitlekey() const { - if (extracted) - LOG_WARNING(Service_FS, "called on an NSP that is of type extracted."); - std::vector<Core::Crypto::Key128> out; - for (const auto& ticket_file : ticket_files) { - if (ticket_file == nullptr || - ticket_file->GetSize() < - Core::Crypto::TICKET_FILE_TITLEKEY_OFFSET + sizeof(Core::Crypto::Key128)) { - continue; - } - - out.emplace_back(); - ticket_file->Read(out.back().data(), out.back().size(), - Core::Crypto::TICKET_FILE_TITLEKEY_OFFSET); - } - return out; -} - std::vector<VirtualFile> NSP::GetFiles() const { return pfs->GetFiles(); } @@ -208,22 +190,11 @@ void NSP::SetTicketKeys(const std::vector<VirtualFile>& files) { continue; } - if (ticket_file->GetSize() < - Core::Crypto::TICKET_FILE_TITLEKEY_OFFSET + sizeof(Core::Crypto::Key128)) { + auto ticket = Core::Crypto::Ticket::Read(ticket_file); + if (!keys.AddTicket(ticket)) { + LOG_WARNING(Common_Filesystem, "Could not load NSP ticket {}", ticket_file->GetName()); continue; } - - Core::Crypto::Key128 key{}; - ticket_file->Read(key.data(), key.size(), Core::Crypto::TICKET_FILE_TITLEKEY_OFFSET); - - // We get the name without the extension in order to create the rights ID. - std::string name_only(ticket_file->GetName()); - name_only.erase(name_only.size() - 4); - - const auto rights_id_raw = Common::HexStringToArray<16>(name_only); - u128 rights_id; - std::memcpy(rights_id.data(), rights_id_raw.data(), sizeof(u128)); - keys.SetKey(Core::Crypto::S128KeyType::Titlekey, key, rights_id[1], rights_id[0]); } } diff --git a/src/core/file_sys/submission_package.h b/src/core/file_sys/submission_package.h index 27f97c725..915bffca9 100644 --- a/src/core/file_sys/submission_package.h +++ b/src/core/file_sys/submission_package.h @@ -53,7 +53,6 @@ public: TitleType title_type = TitleType::Application) const; VirtualFile GetNCAFile(u64 title_id, ContentRecordType type, TitleType title_type = TitleType::Application) const; - std::vector<Core::Crypto::Key128> GetTitlekey() const; std::vector<VirtualFile> GetFiles() const override; diff --git a/src/core/hle/kernel/k_capabilities.cpp b/src/core/hle/kernel/k_capabilities.cpp index 90e4e8fb0..e7da7a21d 100644 --- a/src/core/hle/kernel/k_capabilities.cpp +++ b/src/core/hle/kernel/k_capabilities.cpp @@ -156,7 +156,6 @@ Result KCapabilities::MapIoPage_(const u32 cap, KPageTable* page_table) { const u64 phys_addr = MapIoPage{cap}.address.Value() * PageSize; const size_t num_pages = 1; const size_t size = num_pages * PageSize; - R_UNLESS(num_pages != 0, ResultInvalidSize); R_UNLESS(phys_addr < phys_addr + size, ResultInvalidAddress); R_UNLESS(((phys_addr + size - 1) & ~PhysicalMapAllowedMask) == 0, ResultInvalidAddress); diff --git a/src/core/hle/service/am/applets/applet_mii_edit.cpp b/src/core/hle/service/am/applets/applet_mii_edit.cpp index d1f652c09..f8e2bac32 100644 --- a/src/core/hle/service/am/applets/applet_mii_edit.cpp +++ b/src/core/hle/service/am/applets/applet_mii_edit.cpp @@ -90,7 +90,7 @@ void MiiEdit::Execute() { const MiiEditCharInfo char_info{ .mii_info{applet_input_common.applet_mode == MiiEditAppletMode::EditMii ? applet_input_v4.char_info.mii_info - : mii_manager.BuildDefault(0)}, + : mii_manager.BuildBase(Mii::Gender::Male)}, }; MiiEditOutputForCharInfoEditing(MiiEditResult::Success, char_info); diff --git a/src/core/hle/service/audio/audin_u.cpp b/src/core/hle/service/audio/audin_u.cpp index 526a39130..56fee4591 100644 --- a/src/core/hle/service/audio/audin_u.cpp +++ b/src/core/hle/service/audio/audin_u.cpp @@ -220,7 +220,7 @@ AudInU::AudInU(Core::System& system_) AudInU::~AudInU() = default; void AudInU::ListAudioIns(HLERequestContext& ctx) { - using namespace AudioCore::AudioRenderer; + using namespace AudioCore::Renderer; LOG_DEBUG(Service_Audio, "called"); @@ -240,7 +240,7 @@ void AudInU::ListAudioIns(HLERequestContext& ctx) { } void AudInU::ListAudioInsAutoFiltered(HLERequestContext& ctx) { - using namespace AudioCore::AudioRenderer; + using namespace AudioCore::Renderer; LOG_DEBUG(Service_Audio, "called"); diff --git a/src/core/hle/service/audio/audout_u.cpp b/src/core/hle/service/audio/audout_u.cpp index 23f84a29f..ca683d72c 100644 --- a/src/core/hle/service/audio/audout_u.cpp +++ b/src/core/hle/service/audio/audout_u.cpp @@ -228,7 +228,7 @@ AudOutU::AudOutU(Core::System& system_) AudOutU::~AudOutU() = default; void AudOutU::ListAudioOuts(HLERequestContext& ctx) { - using namespace AudioCore::AudioRenderer; + using namespace AudioCore::Renderer; std::scoped_lock l{impl->mutex}; diff --git a/src/core/hle/service/audio/audren_u.cpp b/src/core/hle/service/audio/audren_u.cpp index b723b65c8..2f09cade5 100644 --- a/src/core/hle/service/audio/audren_u.cpp +++ b/src/core/hle/service/audio/audren_u.cpp @@ -26,7 +26,7 @@ #include "core/hle/service/ipc_helpers.h" #include "core/memory.h" -using namespace AudioCore::AudioRenderer; +using namespace AudioCore::Renderer; namespace Service::Audio { diff --git a/src/core/hle/service/audio/audren_u.h b/src/core/hle/service/audio/audren_u.h index d8e9c8719..3d7993a16 100644 --- a/src/core/hle/service/audio/audren_u.h +++ b/src/core/hle/service/audio/audren_u.h @@ -28,7 +28,7 @@ private: void GetAudioDeviceServiceWithRevisionInfo(HLERequestContext& ctx); KernelHelpers::ServiceContext service_context; - std::unique_ptr<AudioCore::AudioRenderer::Manager> impl; + std::unique_ptr<AudioCore::Renderer::Manager> impl; u32 num_audio_devices{0}; }; diff --git a/src/core/hle/service/es/es.cpp b/src/core/hle/service/es/es.cpp index 446f46b3c..9eaae4c4b 100644 --- a/src/core/hle/service/es/es.cpp +++ b/src/core/hle/service/es/es.cpp @@ -122,20 +122,18 @@ private: } void ImportTicket(HLERequestContext& ctx) { - const auto ticket = ctx.ReadBuffer(); + const auto raw_ticket = ctx.ReadBuffer(); [[maybe_unused]] const auto cert = ctx.ReadBuffer(1); - if (ticket.size() < sizeof(Core::Crypto::Ticket)) { + if (raw_ticket.size() < sizeof(Core::Crypto::Ticket)) { LOG_ERROR(Service_ETicket, "The input buffer is not large enough!"); IPC::ResponseBuilder rb{ctx, 2}; rb.Push(ERROR_INVALID_ARGUMENT); return; } - Core::Crypto::Ticket raw{}; - std::memcpy(&raw, ticket.data(), sizeof(Core::Crypto::Ticket)); - - if (!keys.AddTicketPersonalized(raw)) { + Core::Crypto::Ticket ticket = Core::Crypto::Ticket::Read(raw_ticket); + if (!keys.AddTicket(ticket)) { LOG_ERROR(Service_ETicket, "The ticket could not be imported!"); IPC::ResponseBuilder rb{ctx, 2}; rb.Push(ERROR_INVALID_ARGUMENT); diff --git a/src/core/hle/service/mii/mii_manager.cpp b/src/core/hle/service/mii/mii_manager.cpp index 46125d473..dd632df50 100644 --- a/src/core/hle/service/mii/mii_manager.cpp +++ b/src/core/hle/service/mii/mii_manager.cpp @@ -18,10 +18,9 @@ namespace { constexpr Result ERROR_CANNOT_FIND_ENTRY{ErrorModule::Mii, 4}; -constexpr std::size_t BaseMiiCount{2}; constexpr std::size_t DefaultMiiCount{RawData::DefaultMii.size()}; -constexpr MiiStoreData::Name DefaultMiiName{u'y', u'u', u'z', u'u'}; +constexpr MiiStoreData::Name DefaultMiiName{u'n', u'o', u' ', u'n', u'a', u'm', u'e'}; constexpr std::array<u8, 8> HairColorLookup{8, 1, 2, 3, 4, 5, 6, 7}; constexpr std::array<u8, 6> EyeColorLookup{8, 9, 10, 11, 12, 13}; constexpr std::array<u8, 5> MouthColorLookup{19, 20, 21, 22, 23}; @@ -404,7 +403,7 @@ u32 MiiManager::GetCount(SourceFlag source_flag) const { count += 0; } if ((source_flag & SourceFlag::Default) != SourceFlag::None) { - count += (DefaultMiiCount - BaseMiiCount); + count += DefaultMiiCount; } return static_cast<u32>(count); } @@ -422,13 +421,18 @@ CharInfo MiiManager::BuildRandom(Age age, Gender gender, Race race) { return ConvertStoreDataToInfo(BuildRandomStoreData(age, gender, race, user_id)); } +CharInfo MiiManager::BuildBase(Gender gender) { + const std::size_t index = gender == Gender::Female ? 1 : 0; + return ConvertStoreDataToInfo(BuildDefaultStoreData(RawData::BaseMii.at(index), user_id)); +} + CharInfo MiiManager::BuildDefault(std::size_t index) { return ConvertStoreDataToInfo(BuildDefaultStoreData(RawData::DefaultMii.at(index), user_id)); } CharInfo MiiManager::ConvertV3ToCharInfo(const Ver3StoreData& mii_v3) const { Service::Mii::MiiManager manager; - auto mii = manager.BuildDefault(0); + auto mii = manager.BuildBase(Mii::Gender::Male); if (!ValidateV3Info(mii_v3)) { return mii; @@ -678,7 +682,7 @@ std::vector<MiiInfoElement> MiiManager::GetDefault(SourceFlag source_flag) { return result; } - for (std::size_t index = BaseMiiCount; index < DefaultMiiCount; index++) { + for (std::size_t index = 0; index < DefaultMiiCount; index++) { result.emplace_back(BuildDefault(index), Source::Default); } diff --git a/src/core/hle/service/mii/mii_manager.h b/src/core/hle/service/mii/mii_manager.h index 45c2be3c8..0c8295ebe 100644 --- a/src/core/hle/service/mii/mii_manager.h +++ b/src/core/hle/service/mii/mii_manager.h @@ -21,6 +21,7 @@ public: u32 GetCount(SourceFlag source_flag) const; Result UpdateLatest(CharInfo* out_info, const CharInfo& info, SourceFlag source_flag); CharInfo BuildRandom(Age age, Gender gender, Race race); + CharInfo BuildBase(Gender gender); CharInfo BuildDefault(std::size_t index); CharInfo ConvertV3ToCharInfo(const Ver3StoreData& mii_v3) const; bool ValidateV3Info(const Ver3StoreData& mii_v3) const; diff --git a/src/core/hle/service/mii/raw_data.cpp b/src/core/hle/service/mii/raw_data.cpp index 1442280c8..e5245b791 100644 --- a/src/core/hle/service/mii/raw_data.cpp +++ b/src/core/hle/service/mii/raw_data.cpp @@ -5,7 +5,7 @@ namespace Service::Mii::RawData { -const std::array<Service::Mii::DefaultMii, 8> DefaultMii{ +const std::array<Service::Mii::DefaultMii, 2> BaseMii{ Service::Mii::DefaultMii{ .face_type = 0, .face_color = 0, @@ -108,6 +108,9 @@ const std::array<Service::Mii::DefaultMii, 8> DefaultMii{ .font_region = FontRegion::Standard, .type = 0, }, +}; + +const std::array<Service::Mii::DefaultMii, 6> DefaultMii{ Service::Mii::DefaultMii{ .face_type = 0, .face_color = 4, diff --git a/src/core/hle/service/mii/raw_data.h b/src/core/hle/service/mii/raw_data.h index c2bec68d4..cdd2337d6 100644 --- a/src/core/hle/service/mii/raw_data.h +++ b/src/core/hle/service/mii/raw_data.h @@ -9,7 +9,8 @@ namespace Service::Mii::RawData { -extern const std::array<Service::Mii::DefaultMii, 8> DefaultMii; +extern const std::array<Service::Mii::DefaultMii, 2> BaseMii; +extern const std::array<Service::Mii::DefaultMii, 6> DefaultMii; extern const std::array<Service::Mii::RandomMiiData4, 18> RandomMiiFaceline; extern const std::array<Service::Mii::RandomMiiData3, 6> RandomMiiFacelineColor; extern const std::array<Service::Mii::RandomMiiData4, 18> RandomMiiFacelineWrinkle; diff --git a/src/core/hle/service/nfc/common/device.cpp b/src/core/hle/service/nfc/common/device.cpp index 49446bc42..5df40f9a0 100644 --- a/src/core/hle/service/nfc/common/device.cpp +++ b/src/core/hle/service/nfc/common/device.cpp @@ -826,7 +826,7 @@ Result NfcDevice::SetRegisterInfoPrivate(const NFP::RegisterInfoPrivate& registe } Service::Mii::MiiManager manager; - const auto mii = manager.BuildDefault(0); + const auto mii = manager.BuildBase(Mii::Gender::Male); auto& settings = tag_data.settings; if (tag_data.settings.settings.amiibo_initialized == 0) { @@ -1467,7 +1467,7 @@ void NfcDevice::BuildAmiiboWithoutKeys(NFP::NTAG215File& stubbed_tag_data, SetAmiiboName(settings, {'y', 'u', 'z', 'u', 'A', 'm', 'i', 'i', 'b', 'o'}); settings.settings.font_region.Assign(0); settings.init_date = GetAmiiboDate(GetCurrentPosixTime()); - stubbed_tag_data.owner_mii = manager.BuildFromStoreData(manager.BuildDefault(0)); + stubbed_tag_data.owner_mii = manager.BuildFromStoreData(manager.BuildBase(Mii::Gender::Male)); // Admin info settings.settings.amiibo_initialized.Assign(1); diff --git a/src/core/hle/service/nvdrv/core/nvmap.cpp b/src/core/hle/service/nvdrv/core/nvmap.cpp index a51ca5444..0ca05257e 100644 --- a/src/core/hle/service/nvdrv/core/nvmap.cpp +++ b/src/core/hle/service/nvdrv/core/nvmap.cpp @@ -160,8 +160,8 @@ u32 NvMap::PinHandle(NvMap::Handle::Id handle) { u32 address{}; auto& smmu_allocator = host1x.Allocator(); auto& smmu_memory_manager = host1x.MemoryManager(); - while (!(address = - smmu_allocator.Allocate(static_cast<u32>(handle_description->aligned_size)))) { + while ((address = smmu_allocator.Allocate( + static_cast<u32>(handle_description->aligned_size))) == 0) { // Free handles until the allocation succeeds std::scoped_lock queueLock(unmap_queue_lock); if (auto freeHandleDesc{unmap_queue.front()}) { diff --git a/src/core/hle/service/ssl/ssl_backend_schannel.cpp b/src/core/hle/service/ssl/ssl_backend_schannel.cpp index d834a0c1f..212057cfc 100644 --- a/src/core/hle/service/ssl/ssl_backend_schannel.cpp +++ b/src/core/hle/service/ssl/ssl_backend_schannel.cpp @@ -477,7 +477,8 @@ public: return ResultInternalError; } PCCERT_CONTEXT some_cert = nullptr; - while ((some_cert = CertEnumCertificatesInStore(returned_cert->hCertStore, some_cert))) { + while ((some_cert = CertEnumCertificatesInStore(returned_cert->hCertStore, some_cert)) != + nullptr) { out_certs->emplace_back(static_cast<u8*>(some_cert->pbCertEncoded), static_cast<u8*>(some_cert->pbCertEncoded) + some_cert->cbCertEncoded); diff --git a/src/core/loader/loader.cpp b/src/core/loader/loader.cpp index 07c65dc1a..b6e355622 100644 --- a/src/core/loader/loader.cpp +++ b/src/core/loader/loader.cpp @@ -108,7 +108,7 @@ std::string GetFileTypeString(FileType type) { return "unknown"; } -constexpr std::array<const char*, 66> RESULT_MESSAGES{ +constexpr std::array<const char*, 68> RESULT_MESSAGES{ "The operation completed successfully.", "The loader requested to load is already loaded.", "The operation is not implemented.", @@ -175,6 +175,8 @@ constexpr std::array<const char*, 66> RESULT_MESSAGES{ "The KIP BLZ decompression of the section failed unexpectedly.", "The INI file has a bad header.", "The INI file contains more than the maximum allowable number of KIP files.", + "Integrity verification could not be performed for this file.", + "Integrity verification failed.", }; std::string GetResultStatusString(ResultStatus status) { diff --git a/src/core/loader/loader.h b/src/core/loader/loader.h index 721eb8e8c..b4828f7cd 100644 --- a/src/core/loader/loader.h +++ b/src/core/loader/loader.h @@ -3,6 +3,7 @@ #pragma once +#include <functional> #include <iosfwd> #include <memory> #include <optional> @@ -132,6 +133,8 @@ enum class ResultStatus : u16 { ErrorBLZDecompressionFailed, ErrorBadINIHeader, ErrorINITooManyKIPs, + ErrorIntegrityVerificationNotImplemented, + ErrorIntegrityVerificationFailed, }; std::string GetResultStatusString(ResultStatus status); @@ -170,6 +173,13 @@ public: virtual LoadResult Load(Kernel::KProcess& process, Core::System& system) = 0; /** + * Try to verify the integrity of the file. + */ + virtual ResultStatus VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) { + return ResultStatus::ErrorIntegrityVerificationNotImplemented; + } + + /** * Get the code (typically .code section) of the application * * @param[out] buffer Reference to buffer to store data diff --git a/src/core/loader/nca.cpp b/src/core/loader/nca.cpp index 09d40e695..4feb6968a 100644 --- a/src/core/loader/nca.cpp +++ b/src/core/loader/nca.cpp @@ -3,6 +3,8 @@ #include <utility> +#include "common/hex_util.h" +#include "common/scope_exit.h" #include "core/core.h" #include "core/file_sys/content_archive.h" #include "core/file_sys/nca_metadata.h" @@ -12,6 +14,7 @@ #include "core/hle/service/filesystem/filesystem.h" #include "core/loader/deconstructed_rom_directory.h" #include "core/loader/nca.h" +#include "mbedtls/sha256.h" namespace Loader { @@ -80,6 +83,79 @@ AppLoader_NCA::LoadResult AppLoader_NCA::Load(Kernel::KProcess& process, Core::S return load_result; } +ResultStatus AppLoader_NCA::VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) { + using namespace Common::Literals; + + constexpr size_t NcaFileNameWithHashLength = 36; + constexpr size_t NcaFileNameHashLength = 32; + constexpr size_t NcaSha256HashLength = 32; + constexpr size_t NcaSha256HalfHashLength = NcaSha256HashLength / 2; + + // Get the file name. + const auto name = file->GetName(); + + // We won't try to verify meta NCAs. + if (name.ends_with(".cnmt.nca")) { + return ResultStatus::Success; + } + + // Check if we can verify this file. NCAs should be named after their hashes. + if (!name.ends_with(".nca") || name.size() != NcaFileNameWithHashLength) { + LOG_WARNING(Loader, "Unable to validate NCA with name {}", name); + return ResultStatus::ErrorIntegrityVerificationNotImplemented; + } + + // Get the expected truncated hash of the NCA. + const auto input_hash = + Common::HexStringToVector(file->GetName().substr(0, NcaFileNameHashLength), false); + + // Declare buffer to read into. + std::vector<u8> buffer(4_MiB); + + // Initialize sha256 verification context. + mbedtls_sha256_context ctx; + mbedtls_sha256_init(&ctx); + mbedtls_sha256_starts_ret(&ctx, 0); + + // Ensure we maintain a clean state on exit. + SCOPE_EXIT({ mbedtls_sha256_free(&ctx); }); + + // Declare counters. + const size_t total_size = file->GetSize(); + size_t processed_size = 0; + + // Begin iterating the file. + while (processed_size < total_size) { + // Refill the buffer. + const size_t intended_read_size = std::min(buffer.size(), total_size - processed_size); + const size_t read_size = file->Read(buffer.data(), intended_read_size, processed_size); + + // Update the hash function with the buffer contents. + mbedtls_sha256_update_ret(&ctx, buffer.data(), read_size); + + // Update counters. + processed_size += read_size; + + // Call the progress function. + if (!progress_callback(processed_size, total_size)) { + return ResultStatus::ErrorIntegrityVerificationFailed; + } + } + + // Finalize context and compute the output hash. + std::array<u8, NcaSha256HashLength> output_hash; + mbedtls_sha256_finish_ret(&ctx, output_hash.data()); + + // Compare to expected. + if (std::memcmp(input_hash.data(), output_hash.data(), NcaSha256HalfHashLength) != 0) { + LOG_ERROR(Loader, "NCA hash mismatch detected for file {}", name); + return ResultStatus::ErrorIntegrityVerificationFailed; + } + + // File verified. + return ResultStatus::Success; +} + ResultStatus AppLoader_NCA::ReadRomFS(FileSys::VirtualFile& dir) { if (nca == nullptr) { return ResultStatus::ErrorNotInitialized; diff --git a/src/core/loader/nca.h b/src/core/loader/nca.h index cf356ce63..96779e27f 100644 --- a/src/core/loader/nca.h +++ b/src/core/loader/nca.h @@ -39,6 +39,8 @@ public: LoadResult Load(Kernel::KProcess& process, Core::System& system) override; + ResultStatus VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) override; + ResultStatus ReadRomFS(FileSys::VirtualFile& dir) override; ResultStatus ReadProgramId(u64& out_program_id) override; diff --git a/src/core/loader/nsp.cpp b/src/core/loader/nsp.cpp index f9b2549a3..fe2af1ae6 100644 --- a/src/core/loader/nsp.cpp +++ b/src/core/loader/nsp.cpp @@ -117,6 +117,42 @@ AppLoader_NSP::LoadResult AppLoader_NSP::Load(Kernel::KProcess& process, Core::S return result; } +ResultStatus AppLoader_NSP::VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) { + // Extracted-type NSPs can't be verified. + if (nsp->IsExtractedType()) { + return ResultStatus::ErrorIntegrityVerificationNotImplemented; + } + + // Get list of all NCAs. + const auto ncas = nsp->GetNCAsCollapsed(); + + size_t total_size = 0; + size_t processed_size = 0; + + // Loop over NCAs, collecting the total size to verify. + for (const auto& nca : ncas) { + total_size += nca->GetBaseFile()->GetSize(); + } + + // Loop over NCAs again, verifying each. + for (const auto& nca : ncas) { + AppLoader_NCA loader_nca(nca->GetBaseFile()); + + const auto NcaProgressCallback = [&](size_t nca_processed_size, size_t nca_total_size) { + return progress_callback(processed_size + nca_processed_size, total_size); + }; + + const auto verification_result = loader_nca.VerifyIntegrity(NcaProgressCallback); + if (verification_result != ResultStatus::Success) { + return verification_result; + } + + processed_size += nca->GetBaseFile()->GetSize(); + } + + return ResultStatus::Success; +} + ResultStatus AppLoader_NSP::ReadRomFS(FileSys::VirtualFile& out_file) { return secondary_loader->ReadRomFS(out_file); } diff --git a/src/core/loader/nsp.h b/src/core/loader/nsp.h index 79df4586a..7ce436c67 100644 --- a/src/core/loader/nsp.h +++ b/src/core/loader/nsp.h @@ -45,6 +45,8 @@ public: LoadResult Load(Kernel::KProcess& process, Core::System& system) override; + ResultStatus VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) override; + ResultStatus ReadRomFS(FileSys::VirtualFile& out_file) override; ResultStatus ReadUpdateRaw(FileSys::VirtualFile& out_file) override; ResultStatus ReadProgramId(u64& out_program_id) override; diff --git a/src/core/loader/xci.cpp b/src/core/loader/xci.cpp index 3a76bc788..12d72c380 100644 --- a/src/core/loader/xci.cpp +++ b/src/core/loader/xci.cpp @@ -85,6 +85,40 @@ AppLoader_XCI::LoadResult AppLoader_XCI::Load(Kernel::KProcess& process, Core::S return result; } +ResultStatus AppLoader_XCI::VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) { + // Verify secure partition, as it is the only thing we can process. + auto secure_partition = xci->GetSecurePartitionNSP(); + + // Get list of all NCAs. + const auto ncas = secure_partition->GetNCAsCollapsed(); + + size_t total_size = 0; + size_t processed_size = 0; + + // Loop over NCAs, collecting the total size to verify. + for (const auto& nca : ncas) { + total_size += nca->GetBaseFile()->GetSize(); + } + + // Loop over NCAs again, verifying each. + for (const auto& nca : ncas) { + AppLoader_NCA loader_nca(nca->GetBaseFile()); + + const auto NcaProgressCallback = [&](size_t nca_processed_size, size_t nca_total_size) { + return progress_callback(processed_size + nca_processed_size, total_size); + }; + + const auto verification_result = loader_nca.VerifyIntegrity(NcaProgressCallback); + if (verification_result != ResultStatus::Success) { + return verification_result; + } + + processed_size += nca->GetBaseFile()->GetSize(); + } + + return ResultStatus::Success; +} + ResultStatus AppLoader_XCI::ReadRomFS(FileSys::VirtualFile& out_file) { return nca_loader->ReadRomFS(out_file); } diff --git a/src/core/loader/xci.h b/src/core/loader/xci.h index ff05e6f62..b02e136d3 100644 --- a/src/core/loader/xci.h +++ b/src/core/loader/xci.h @@ -45,6 +45,8 @@ public: LoadResult Load(Kernel::KProcess& process, Core::System& system) override; + ResultStatus VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) override; + ResultStatus ReadRomFS(FileSys::VirtualFile& out_file) override; ResultStatus ReadUpdateRaw(FileSys::VirtualFile& out_file) override; ResultStatus ReadProgramId(u64& out_program_id) override; |