loader: improve verification terminology

This commit is contained in:
Michael Scire
2020-09-08 15:34:22 -07:00
parent b7d99b732a
commit 074364753f
7 changed files with 41 additions and 41 deletions

View File

@@ -58,15 +58,15 @@ namespace ams::ldr {
}
/* Mount the atmosphere code file system. */
R_TRY(fs::MountCodeForAtmosphereWithRedirection(std::addressof(this->ams_code_info), AtmosphereCodeMountName, content_path, loc.program_id, this->override_status.IsHbl(), this->override_status.IsProgramSpecific()));
R_TRY(fs::MountCodeForAtmosphereWithRedirection(std::addressof(this->ams_code_verification_data), AtmosphereCodeMountName, content_path, loc.program_id, this->override_status.IsHbl(), this->override_status.IsProgramSpecific()));
this->mounted_ams = true;
/* Mount the sd or base code file system. */
R_TRY(fs::MountCodeForAtmosphere(std::addressof(this->sd_or_base_code_info), SdOrCodeMountName, content_path, loc.program_id));
R_TRY(fs::MountCodeForAtmosphere(std::addressof(this->sd_or_base_code_verification_data), SdOrCodeMountName, content_path, loc.program_id));
this->mounted_sd_or_code = true;
/* Mount the base code file system. */
if (R_SUCCEEDED(fs::MountCode(std::addressof(this->base_code_info), CodeMountName, content_path, loc.program_id))) {
if (R_SUCCEEDED(fs::MountCode(std::addressof(this->base_code_verification_data), CodeMountName, content_path, loc.program_id))) {
this->mounted_code = true;
}

View File

@@ -25,9 +25,9 @@ namespace ams::ldr {
private:
std::scoped_lock<os::Mutex> lk;
cfg::OverrideStatus override_status;
fs::CodeInfo ams_code_info;
fs::CodeInfo sd_or_base_code_info;
fs::CodeInfo base_code_info;
fs::CodeVerificationData ams_code_verification_data;
fs::CodeVerificationData sd_or_base_code_verification_data;
fs::CodeVerificationData base_code_verification_data;
Result result;
bool has_status;
bool mounted_ams;
@@ -47,16 +47,16 @@ namespace ams::ldr {
return this->override_status;
}
const fs::CodeInfo &GetAtmosphereCodeInfo() const {
return this->ams_code_info;
const fs::CodeVerificationData &GetAtmosphereCodeVerificationData() const {
return this->ams_code_verification_data;
}
const fs::CodeInfo &GetSdOrBaseCodeInfo() const {
return this->sd_or_base_code_info;
const fs::CodeVerificationData &GetSdOrBaseCodeVerificationData() const {
return this->sd_or_base_code_verification_data;
}
const fs::CodeInfo &GetCodeInfo() const {
return this->base_code_info;
const fs::CodeVerificationData &GetCodeVerificationData() const {
return this->base_code_verification_data;
}
private:
Result Initialize(const ncm::ProgramLocation &loc);

View File

@@ -107,7 +107,7 @@ namespace ams::ldr {
Result ValidateAcidSignature(Meta *meta) {
/* Loader did not check signatures prior to 10.0.0. */
if (hos::GetVersion() < hos::Version_10_0_0) {
meta->is_signed = false;
meta->check_verification_data = false;
return ResultSuccess();
}
@@ -123,7 +123,7 @@ namespace ams::ldr {
const bool is_signature_valid = crypto::VerifyRsa2048PssSha256(sig, sig_size, mod, mod_size, exp, exp_size, msg, msg_size);
R_UNLESS(is_signature_valid || !IsEnabledProgramVerification(), ResultInvalidAcidSignature());
meta->is_signed = is_signature_valid;
meta->check_verification_data = is_signature_valid;
return ResultSuccess();
}
@@ -220,8 +220,8 @@ namespace ams::ldr {
ON_SCOPE_EXIT { fs::CloseFile(file); };
R_TRY(LoadMetaFromFile(file, &g_original_meta_cache));
R_TRY(ValidateAcidSignature(&g_original_meta_cache.meta));
meta->modulus = g_original_meta_cache.meta.modulus;
meta->is_signed = g_original_meta_cache.meta.is_signed;
meta->modulus = g_original_meta_cache.meta.modulus;
meta->check_verification_data = g_original_meta_cache.meta.check_verification_data;
}
}

View File

@@ -32,7 +32,7 @@ namespace ams::ldr {
void *aci_kac;
void *modulus;
bool is_signed;
bool check_verification_data;
};
/* Meta API. */

View File

@@ -210,7 +210,7 @@ namespace ams::ldr {
return ResultSuccess();
}
Result ValidateMeta(const Meta *meta, const ncm::ProgramLocation &loc, const fs::CodeInfo &code_info) {
Result ValidateMeta(const Meta *meta, const ncm::ProgramLocation &loc, const fs::CodeVerificationData &code_verification_data) {
/* Validate version. */
R_TRY(ValidateProgramVersion(loc.program_id, meta->npdm->version));
@@ -222,15 +222,15 @@ namespace ams::ldr {
R_TRY(caps::ValidateCapabilities(meta->acid_kac, meta->acid->kac_size, meta->aci_kac, meta->aci->kac_size));
/* If we have data to validate, validate it. */
if (code_info.is_signed && meta->is_signed) {
const u8 *sig = code_info.signature;
const size_t sig_size = sizeof(code_info.signature);
if (code_verification_data.has_data && meta->check_verification_data) {
const u8 *sig = code_verification_data.signature;
const size_t sig_size = sizeof(code_verification_data.signature);
const u8 *mod = static_cast<u8 *>(meta->modulus);
const size_t mod_size = crypto::Rsa2048PssSha256Verifier::ModulusSize;
const u8 *exp = fssystem::GetAcidSignatureKeyPublicExponent();
const size_t exp_size = fssystem::AcidSignatureKeyPublicExponentSize;
const u8 *hsh = code_info.hash;
const size_t hsh_size = sizeof(code_info.hash);
const u8 *hsh = code_verification_data.target_hash;
const size_t hsh_size = sizeof(code_verification_data.target_hash);
const bool is_signature_valid = crypto::VerifyRsa2048PssSha256WithHash(sig, sig_size, mod, mod_size, exp, exp_size, hsh, hsh_size);
R_UNLESS(is_signature_valid, ResultInvalidNcaSignature());
@@ -596,7 +596,7 @@ namespace ams::ldr {
R_TRY(LoadMetaFromCache(&meta, loc, override_status));
/* Validate meta. */
R_TRY(ValidateMeta(&meta, loc, mount.GetCodeInfo()));
R_TRY(ValidateMeta(&meta, loc, mount.GetCodeVerificationData()));
/* Load, validate NSOs. */
R_TRY(LoadNsoHeaders(nso_headers, has_nso));