From 037a2f96e14cde6b6354e71f85e17d695913525d Mon Sep 17 00:00:00 2001 From: jakcron Date: Sat, 16 Apr 2022 23:48:21 +0800 Subject: [PATCH] Change signing errors to be warnings when they fail. --- makerom/src/accessdesc.c | 24 ++++++++++++++++-------- makerom/src/ncch.c | 22 ++++++++++++++++++---- makerom/src/tik.c | 12 ++++++++++-- makerom/src/tmd.c | 14 +++++++++++--- 4 files changed, 55 insertions(+), 17 deletions(-) diff --git a/makerom/src/accessdesc.c b/makerom/src/accessdesc.c index 0e44788..8da8d35 100644 --- a/makerom/src/accessdesc.c +++ b/makerom/src/accessdesc.c @@ -6,8 +6,8 @@ #include "desc/presets.h" #include "desc/dev_sigdata.h" -const int RSF_RSA_DATA_LEN = 344; -const int RSF_DESC_DATA_LEN = 684; +const size_t RSF_RSA_DATA_LEN = 344; +const size_t RSF_DESC_DATA_LEN = 684; int accessdesc_SignWithKey(exheader_settings *exhdrset); @@ -47,12 +47,20 @@ int accessdesc_SignWithKey(exheader_settings *exhdrset) /* Sign AccessDesc */ if (Rsa2048Key_CanSign(&exhdrset->keys->rsa.acex) == false) { - printf("[ACEXDESC WARNING] Failed to sign access descriptor\n"); + printf("[ACEXDESC WARNING] Failed to sign access descriptor (key was incomplete)\n"); memset(exhdrset->acexDesc->signature, 0xFF, 0x100); return 0; } - return SignAccessDesc(exhdrset->acexDesc, exhdrset->keys); + int rsa_ret = SignAccessDesc(exhdrset->acexDesc, exhdrset->keys); + if (rsa_ret != 0) + { + printf("[ACEXDESC WARNING] Failed to sign access descriptor (mbedtls error = -0x%x)\n", -rsa_ret); + memset(exhdrset->acexDesc->signature, 0xFF, 0x100); + return 0; + } + + return 0; } int accessdesc_GetSignFromRsf(exheader_settings *exhdrset) @@ -68,7 +76,7 @@ int accessdesc_GetSignFromRsf(exheader_settings *exhdrset) return COMMON_HEADER_KEY_NOT_FOUND; } if(b64_strlen(exhdrset->rsf->CommonHeaderKey.D) != RSF_RSA_DATA_LEN){ - fprintf(stderr,"[ACEXDESC ERROR] \"CommonHeaderKey/D\" has invalid length (%d)\n",b64_strlen(exhdrset->rsf->CommonHeaderKey.D)); + fprintf(stderr,"[ACEXDESC ERROR] \"CommonHeaderKey/D\" has invalid length (%d)\n", (int)b64_strlen(exhdrset->rsf->CommonHeaderKey.D)); return COMMON_HEADER_KEY_NOT_FOUND; } @@ -77,7 +85,7 @@ int accessdesc_GetSignFromRsf(exheader_settings *exhdrset) return COMMON_HEADER_KEY_NOT_FOUND; } if(b64_strlen(exhdrset->rsf->CommonHeaderKey.Modulus) != RSF_RSA_DATA_LEN){ - fprintf(stderr,"[ACEXDESC ERROR] \"CommonHeaderKey/Modulus\" has invalid length (%d)\n",b64_strlen(exhdrset->rsf->CommonHeaderKey.Modulus)); + fprintf(stderr,"[ACEXDESC ERROR] \"CommonHeaderKey/Modulus\" has invalid length (%d)\n", (int)b64_strlen(exhdrset->rsf->CommonHeaderKey.Modulus)); return COMMON_HEADER_KEY_NOT_FOUND; } @@ -86,7 +94,7 @@ int accessdesc_GetSignFromRsf(exheader_settings *exhdrset) return COMMON_HEADER_KEY_NOT_FOUND; } if(b64_strlen(exhdrset->rsf->CommonHeaderKey.AccCtlDescSign) != RSF_RSA_DATA_LEN){ - fprintf(stderr,"[ACEXDESC ERROR] \"CommonHeaderKey/Signature\" has invalid length (%d)\n",b64_strlen(exhdrset->rsf->CommonHeaderKey.AccCtlDescSign)); + fprintf(stderr,"[ACEXDESC ERROR] \"CommonHeaderKey/Signature\" has invalid length (%d)\n", (int)b64_strlen(exhdrset->rsf->CommonHeaderKey.AccCtlDescSign)); return COMMON_HEADER_KEY_NOT_FOUND; } @@ -95,7 +103,7 @@ int accessdesc_GetSignFromRsf(exheader_settings *exhdrset) return COMMON_HEADER_KEY_NOT_FOUND; } if(b64_strlen(exhdrset->rsf->CommonHeaderKey.AccCtlDescBin) != RSF_DESC_DATA_LEN){ - fprintf(stderr,"[ACEXDESC ERROR] \"CommonHeaderKey/Descriptor\" has invalid length (%d)\n",b64_strlen(exhdrset->rsf->CommonHeaderKey.AccCtlDescBin)); + fprintf(stderr,"[ACEXDESC ERROR] \"CommonHeaderKey/Descriptor\" has invalid length (%d)\n", (int)b64_strlen(exhdrset->rsf->CommonHeaderKey.AccCtlDescBin)); return COMMON_HEADER_KEY_NOT_FOUND; } diff --git a/makerom/src/ncch.c b/makerom/src/ncch.c index da77ff0..9aa9037 100644 --- a/makerom/src/ncch.c +++ b/makerom/src/ncch.c @@ -38,12 +38,20 @@ int SignCFA(ncch_hdr *hdr, keys_struct *keys) { if (Rsa2048Key_CanSign(&keys->rsa.cciCfa) == false) { - printf("[NCCH WARNING] Failed to sign CFA header\n"); + printf("[NCCH WARNING] Failed to sign CFA header (key was incomplete)\n"); memset(GetNcchHdrSig(hdr), 0xFF, 0x100); return 0; } - return RsaSignVerify(GetNcchHdrData(hdr), GetNcchHdrDataLen(hdr), GetNcchHdrSig(hdr), keys->rsa.cciCfa.pub, keys->rsa.cciCfa.pvt, RSA_2048_SHA256, CTR_RSA_SIGN); + int rsa_ret = RsaSignVerify(GetNcchHdrData(hdr), GetNcchHdrDataLen(hdr), GetNcchHdrSig(hdr), keys->rsa.cciCfa.pub, keys->rsa.cciCfa.pvt, RSA_2048_SHA256, CTR_RSA_SIGN); + if (rsa_ret != 0) + { + printf("[NCCH WARNING] Failed to sign CFA header (mbedtls error = -0x%x)\n", -rsa_ret); + memset(GetNcchHdrSig(hdr), 0xFF, 0x100); + return 0; + } + + return 0; } int CheckCFASignature(ncch_hdr *hdr, keys_struct *keys) @@ -55,12 +63,18 @@ int SignCXI(ncch_hdr *hdr, keys_struct *keys) { if (Rsa2048Key_CanSign(&keys->rsa.cxi) == false) { - printf("[NCCH WARNING] Failed to sign CXI header\n"); + printf("[NCCH WARNING] Failed to sign CXI header (key was incomplete)\n"); memset(GetNcchHdrSig(hdr), 0xFF, 0x100); return 0; } - return RsaSignVerify(GetNcchHdrData(hdr), GetNcchHdrDataLen(hdr), GetNcchHdrSig(hdr), keys->rsa.cxi.pub, keys->rsa.cxi.pvt, RSA_2048_SHA256, CTR_RSA_SIGN); + int rsa_ret = RsaSignVerify(GetNcchHdrData(hdr), GetNcchHdrDataLen(hdr), GetNcchHdrSig(hdr), keys->rsa.cxi.pub, keys->rsa.cxi.pvt, RSA_2048_SHA256, CTR_RSA_SIGN); + if (rsa_ret != 0) + { + printf("[NCCH WARNING] Failed to sign CXI header (mbedtls error = -0x%x)\n", -rsa_ret); + memset(GetNcchHdrSig(hdr), 0xFF, 0x100); + return 0; + } } int CheckCXISignature(ncch_hdr *hdr, u8 *pubk) diff --git a/makerom/src/tik.c b/makerom/src/tik.c index df95599..b1742c9 100644 --- a/makerom/src/tik.c +++ b/makerom/src/tik.c @@ -83,12 +83,20 @@ int SignTicketHeader(buffer_struct *tik, keys_struct *keys) if (Rsa2048Key_CanSign(&keys->rsa.xs) == false) { - printf("[TIK WARNING] Failed to sign header\n"); + printf("[TIK WARNING] Failed to sign header (key was incomplete)\n"); memset(sig->data, 0xFF, 0x100); return 0; } - return RsaSignVerify(data, len, sig->data, keys->rsa.xs.pub, keys->rsa.xs.pvt, RSA_2048_SHA256, CTR_RSA_SIGN); + int rsa_ret = RsaSignVerify(data, len, sig->data, keys->rsa.xs.pub, keys->rsa.xs.pvt, RSA_2048_SHA256, CTR_RSA_SIGN); + if (rsa_ret != 0) + { + printf("[TIK WARNING] Failed to sign header (mbedtls error = -0x%x)\n", -rsa_ret); + memset(sig->data, 0xFF, 0x100); + return 0; + } + + return 0; } int CryptTitleKey(u8 *input, u8 *output, u8 *titleId, keys_struct *keys, u8 mode) diff --git a/makerom/src/tmd.c b/makerom/src/tmd.c index 0b5fa83..077d8c2 100644 --- a/makerom/src/tmd.c +++ b/makerom/src/tmd.c @@ -33,7 +33,7 @@ int BuildTMD(cia_settings *ciaset) result = SetupTMDHeader(hdr,info_record,ciaset); if(result) return result; result = SignTMDHeader(hdr,sig,ciaset->keys); - return 0; + return result; } int SetupTMDBuffer(buffer_struct *tmd) @@ -73,12 +73,20 @@ int SignTMDHeader(tmd_hdr *hdr, tmd_signature *sig, keys_struct *keys) if (Rsa2048Key_CanSign(&keys->rsa.cp) == false) { - printf("[TMD WARNING] Failed to sign header\n"); + printf("[TMD WARNING] Failed to sign header (key was incomplete)\n"); memset(sig->data, 0xFF, 0x100); return 0; } - return RsaSignVerify((u8*)hdr, sizeof(tmd_hdr), sig->data, keys->rsa.cp.pub, keys->rsa.cp.pvt, RSA_2048_SHA256, CTR_RSA_SIGN); + int rsa_ret = RsaSignVerify((u8*)hdr, sizeof(tmd_hdr), sig->data, keys->rsa.cp.pub, keys->rsa.cp.pvt, RSA_2048_SHA256, CTR_RSA_SIGN); + if (rsa_ret != 0) + { + printf("[TMD WARNING] Failed to sign header (mbedtls error = -0x%x)\n", -rsa_ret); + memset(sig->data, 0xFF, 0x100); + return 0; + } + + return 0; } int SetupTMDInfoRecord(tmd_content_info_record *info_record, u8 *content_record, u16 ContentCount)