private static HierarchicalIntegrityVerificationStorage InitIvfcForPartitionFs(NcaFsIntegrityInfoSha256 info,
IStorage pfsStorage, IntegrityCheckLevel integrityCheckLevel, bool leaveOpen)
{
Debug.Assert(info.LevelCount == 2);
IStorage hashStorage = pfsStorage.Slice(info.GetLevelOffset(0), info.GetLevelSize(0), leaveOpen);
IStorage dataStorage = pfsStorage.Slice(info.GetLevelOffset(1), info.GetLevelSize(1), leaveOpen);
var initInfo = new IntegrityVerificationInfo[3];
// Set the master hash
initInfo[0] = new IntegrityVerificationInfo
{
// todo Get hash directly from header
Data = new MemoryStorage(info.MasterHash.ToArray()),
BlockSize = 0,
Type = IntegrityStorageType.PartitionFs
};
initInfo[1] = new IntegrityVerificationInfo
{
Data = hashStorage,
BlockSize = (int)info.GetLevelSize(0),
Type = IntegrityStorageType.PartitionFs
};
initInfo[2] = new IntegrityVerificationInfo
{
Data = dataStorage,
BlockSize = info.BlockSize,
Type = IntegrityStorageType.PartitionFs
};
return(new HierarchicalIntegrityVerificationStorage(initInfo, integrityCheckLevel, leaveOpen));
}
public static Validity ValidateSectionMasterHash(this Nca nca, int index)
{
if (!nca.SectionExists(index))
{
throw new ArgumentException(nameof(index), Messages.NcaSectionMissing);
}
if (!nca.CanOpenSection(index))
{
return(Validity.MissingKey);
}
NcaFsHeader header = nca.Header.GetFsHeader(index);
// The base data is needed to validate the hash, so use a trick involving the AES-CTR extended
// encryption table to check if the decryption is invalid.
// todo: If the patch replaces the data checked by the master hash, use that directly
if (header.IsPatchSection())
{
if (header.EncryptionType != NcaEncryptionType.AesCtrEx)
{
return(Validity.Unchecked);
}
Validity ctrExValidity = ValidateCtrExDecryption(nca, index);
return(ctrExValidity == Validity.Invalid ? Validity.Invalid : Validity.Unchecked);
}
byte[] expectedHash;
long offset;
long size;
switch (header.HashType)
{
case NcaHashType.Ivfc:
NcaFsIntegrityInfoIvfc ivfcInfo = header.GetIntegrityInfoIvfc();
expectedHash = ivfcInfo.MasterHash.ToArray();
offset = ivfcInfo.GetLevelOffset(0);
size = 1 << ivfcInfo.GetLevelBlockSize(0);
break;
case NcaHashType.Sha256:
NcaFsIntegrityInfoSha256 sha256Info = header.GetIntegrityInfoSha256();
expectedHash = sha256Info.MasterHash.ToArray();
offset = sha256Info.GetLevelOffset(0);
size = sha256Info.GetLevelSize(0);
break;
default:
return(Validity.Unchecked);
}
IStorage storage = nca.OpenRawStorage(index);
var data = new byte[size];
storage.Read(offset, data).ThrowIfFailure();
var actualHash = new byte[Sha256.DigestSize];
Sha256.GenerateSha256Hash(data, actualHash);
if (Utilities.ArraysEqual(expectedHash, actualHash))
{
return(Validity.Valid);
}
return(Validity.Invalid);
}
