Merge pull request #11456 from liamwhite/worse-integrity-verification

core: implement basic integrity verification
author: liamwhite 2023-09-10 13:40:39 -0400
committer: GitHub 2023-09-10 13:40:39 -0400
commit: 64130d9f01c15bc021d3802e484b5a480911e5cc (patch)
tree: 88a1905a2dce48c34c77fc258b47b4aea66107a9 /src/core/loader
parent: Merge pull request #11465 from Kelebek1/skip_remaining_reset (diff)
parent: core: implement basic integrity verification (diff)
download: yuzu-64130d9f01c15bc021d3802e484b5a480911e5cc.tar.gz
yuzu-64130d9f01c15bc021d3802e484b5a480911e5cc.tar.xz
yuzu-64130d9f01c15bc021d3802e484b5a480911e5cc.zip
8 files changed, 165 insertions, 1 deletions
diff --git a/src/core/loader/loader.cpp b/src/core/loader/loader.cpp
index 07c65dc1a..b6e355622 100644
--- a/src/core/loader/loader.cpp
+++ b/src/core/loader/loader.cpp
@@ -108,7 +108,7 @@ std::string GetFileTypeString(FileType type) {
    return "unknown";
 }
-constexpr std::array<const char*, 66> RESULT_MESSAGES{
+constexpr std::array<const char*, 68> RESULT_MESSAGES{
    "The operation completed successfully.",
    "The loader requested to load is already loaded.",
    "The operation is not implemented.",
@@ -175,6 +175,8 @@ constexpr std::array<const char*, 66> RESULT_MESSAGES{
    "The KIP BLZ decompression of the section failed unexpectedly.",
    "The INI file has a bad header.",
    "The INI file contains more than the maximum allowable number of KIP files.",
+    "Integrity verification could not be performed for this file.",
+    "Integrity verification failed.",
 };
 std::string GetResultStatusString(ResultStatus status) {
diff --git a/src/core/loader/loader.h b/src/core/loader/loader.h
index 721eb8e8c..b4828f7cd 100644
--- a/src/core/loader/loader.h
+++ b/src/core/loader/loader.h
@@ -3,6 +3,7 @@
 #pragma once
+#include <functional>
 #include <iosfwd>
 #include <memory>
 #include <optional>
@@ -132,6 +133,8 @@ enum class ResultStatus : u16 {
    ErrorBLZDecompressionFailed,
    ErrorBadINIHeader,
    ErrorINITooManyKIPs,
+    ErrorIntegrityVerificationNotImplemented,
+    ErrorIntegrityVerificationFailed,
 };
 std::string GetResultStatusString(ResultStatus status);
@@ -170,6 +173,13 @@ public:
    virtual LoadResult Load(Kernel::KProcess& process, Core::System& system) = 0;
    /**
+     * Try to verify the integrity of the file.
+     */
+    virtual ResultStatus VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) {
+        return ResultStatus::ErrorIntegrityVerificationNotImplemented;
+    }
+    /**
     * Get the code (typically .code section) of the application
     *
     * @param[out] buffer Reference to buffer to store data
diff --git a/src/core/loader/nca.cpp b/src/core/loader/nca.cpp
index 09d40e695..4feb6968a 100644
--- a/src/core/loader/nca.cpp
+++ b/src/core/loader/nca.cpp
@@ -3,6 +3,8 @@
 #include <utility>
+#include "common/hex_util.h"
+#include "common/scope_exit.h"
 #include "core/core.h"
 #include "core/file_sys/content_archive.h"
 #include "core/file_sys/nca_metadata.h"
@@ -12,6 +14,7 @@
 #include "core/hle/service/filesystem/filesystem.h"
 #include "core/loader/deconstructed_rom_directory.h"
 #include "core/loader/nca.h"
+#include "mbedtls/sha256.h"
 namespace Loader {
@@ -80,6 +83,79 @@ AppLoader_NCA::LoadResult AppLoader_NCA::Load(Kernel::KProcess& process, Core::S
    return load_result;
 }
+ResultStatus AppLoader_NCA::VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) {
+    using namespace Common::Literals;
+    constexpr size_t NcaFileNameWithHashLength = 36;
+    constexpr size_t NcaFileNameHashLength = 32;
+    constexpr size_t NcaSha256HashLength = 32;
+    constexpr size_t NcaSha256HalfHashLength = NcaSha256HashLength / 2;
+    // Get the file name.
+    const auto name = file->GetName();
+    // We won't try to verify meta NCAs.
+    if (name.ends_with(".cnmt.nca")) {
+        return ResultStatus::Success;
+    }
+    // Check if we can verify this file. NCAs should be named after their hashes.
+    if (!name.ends_with(".nca") || name.size() != NcaFileNameWithHashLength) {
+        LOG_WARNING(Loader, "Unable to validate NCA with name {}", name);
+        return ResultStatus::ErrorIntegrityVerificationNotImplemented;
+    }
+    // Get the expected truncated hash of the NCA.
+    const auto input_hash =
+        Common::HexStringToVector(file->GetName().substr(0, NcaFileNameHashLength), false);
+    // Declare buffer to read into.
+    std::vector<u8> buffer(4_MiB);
+    // Initialize sha256 verification context.
+    mbedtls_sha256_context ctx;
+    mbedtls_sha256_init(&ctx);
+    mbedtls_sha256_starts_ret(&ctx, 0);
+    // Ensure we maintain a clean state on exit.
+    SCOPE_EXIT({ mbedtls_sha256_free(&ctx); });
+    // Declare counters.
+    const size_t total_size = file->GetSize();
+    size_t processed_size = 0;
+    // Begin iterating the file.
+    while (processed_size < total_size) {
+        // Refill the buffer.
+        const size_t intended_read_size = std::min(buffer.size(), total_size - processed_size);
+        const size_t read_size = file->Read(buffer.data(), intended_read_size, processed_size);
+        // Update the hash function with the buffer contents.
+        mbedtls_sha256_update_ret(&ctx, buffer.data(), read_size);
+        // Update counters.
+        processed_size += read_size;
+        // Call the progress function.
+        if (!progress_callback(processed_size, total_size)) {
+            return ResultStatus::ErrorIntegrityVerificationFailed;
+        }
+    }
+    // Finalize context and compute the output hash.
+    std::array<u8, NcaSha256HashLength> output_hash;
+    mbedtls_sha256_finish_ret(&ctx, output_hash.data());
+    // Compare to expected.
+    if (std::memcmp(input_hash.data(), output_hash.data(), NcaSha256HalfHashLength) != 0) {
+        LOG_ERROR(Loader, "NCA hash mismatch detected for file {}", name);
+        return ResultStatus::ErrorIntegrityVerificationFailed;
+    }
+    // File verified.
+    return ResultStatus::Success;
+}
 ResultStatus AppLoader_NCA::ReadRomFS(FileSys::VirtualFile& dir) {
    if (nca == nullptr) {
        return ResultStatus::ErrorNotInitialized;
diff --git a/src/core/loader/nca.h b/src/core/loader/nca.h
index cf356ce63..96779e27f 100644
--- a/src/core/loader/nca.h
+++ b/src/core/loader/nca.h
@@ -39,6 +39,8 @@ public:
    LoadResult Load(Kernel::KProcess& process, Core::System& system) override;
+    ResultStatus VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) override;
    ResultStatus ReadRomFS(FileSys::VirtualFile& dir) override;
    ResultStatus ReadProgramId(u64& out_program_id) override;
diff --git a/src/core/loader/nsp.cpp b/src/core/loader/nsp.cpp
index f9b2549a3..fe2af1ae6 100644
--- a/src/core/loader/nsp.cpp
+++ b/src/core/loader/nsp.cpp
@@ -117,6 +117,42 @@ AppLoader_NSP::LoadResult AppLoader_NSP::Load(Kernel::KProcess& process, Core::S
    return result;
 }
+ResultStatus AppLoader_NSP::VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) {
+    // Extracted-type NSPs can't be verified.
+    if (nsp->IsExtractedType()) {
+        return ResultStatus::ErrorIntegrityVerificationNotImplemented;
+    }
+    // Get list of all NCAs.
+    const auto ncas = nsp->GetNCAsCollapsed();
+    size_t total_size = 0;
+    size_t processed_size = 0;
+    // Loop over NCAs, collecting the total size to verify.
+    for (const auto& nca : ncas) {
+        total_size += nca->GetBaseFile()->GetSize();
+    }
+    // Loop over NCAs again, verifying each.
+    for (const auto& nca : ncas) {
+        AppLoader_NCA loader_nca(nca->GetBaseFile());
+        const auto NcaProgressCallback = [&](size_t nca_processed_size, size_t nca_total_size) {
+            return progress_callback(processed_size + nca_processed_size, total_size);
+        };
+        const auto verification_result = loader_nca.VerifyIntegrity(NcaProgressCallback);
+        if (verification_result != ResultStatus::Success) {
+            return verification_result;
+        }
+        processed_size += nca->GetBaseFile()->GetSize();
+    }
+    return ResultStatus::Success;
+}
 ResultStatus AppLoader_NSP::ReadRomFS(FileSys::VirtualFile& out_file) {
    return secondary_loader->ReadRomFS(out_file);
 }
diff --git a/src/core/loader/nsp.h b/src/core/loader/nsp.h
index 79df4586a..7ce436c67 100644
--- a/src/core/loader/nsp.h
+++ b/src/core/loader/nsp.h
@@ -45,6 +45,8 @@ public:
    LoadResult Load(Kernel::KProcess& process, Core::System& system) override;
+    ResultStatus VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) override;
    ResultStatus ReadRomFS(FileSys::VirtualFile& out_file) override;
    ResultStatus ReadUpdateRaw(FileSys::VirtualFile& out_file) override;
    ResultStatus ReadProgramId(u64& out_program_id) override;
diff --git a/src/core/loader/xci.cpp b/src/core/loader/xci.cpp
index 3a76bc788..12d72c380 100644
--- a/src/core/loader/xci.cpp
+++ b/src/core/loader/xci.cpp
@@ -85,6 +85,40 @@ AppLoader_XCI::LoadResult AppLoader_XCI::Load(Kernel::KProcess& process, Core::S
    return result;
 }
+ResultStatus AppLoader_XCI::VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) {
+    // Verify secure partition, as it is the only thing we can process.
+    auto secure_partition = xci->GetSecurePartitionNSP();
+    // Get list of all NCAs.
+    const auto ncas = secure_partition->GetNCAsCollapsed();
+    size_t total_size = 0;
+    size_t processed_size = 0;
+    // Loop over NCAs, collecting the total size to verify.
+    for (const auto& nca : ncas) {
+        total_size += nca->GetBaseFile()->GetSize();
+    }
+    // Loop over NCAs again, verifying each.
+    for (const auto& nca : ncas) {
+        AppLoader_NCA loader_nca(nca->GetBaseFile());
+        const auto NcaProgressCallback = [&](size_t nca_processed_size, size_t nca_total_size) {
+            return progress_callback(processed_size + nca_processed_size, total_size);
+        };
+        const auto verification_result = loader_nca.VerifyIntegrity(NcaProgressCallback);
+        if (verification_result != ResultStatus::Success) {
+            return verification_result;
+        }
+        processed_size += nca->GetBaseFile()->GetSize();
+    }
+    return ResultStatus::Success;
+}
 ResultStatus AppLoader_XCI::ReadRomFS(FileSys::VirtualFile& out_file) {
    return nca_loader->ReadRomFS(out_file);
 }
diff --git a/src/core/loader/xci.h b/src/core/loader/xci.h
index ff05e6f62..b02e136d3 100644
--- a/src/core/loader/xci.h
+++ b/src/core/loader/xci.h
@@ -45,6 +45,8 @@ public:
    LoadResult Load(Kernel::KProcess& process, Core::System& system) override;
+    ResultStatus VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) override;
    ResultStatus ReadRomFS(FileSys::VirtualFile& out_file) override;
    ResultStatus ReadUpdateRaw(FileSys::VirtualFile& out_file) override;
    ResultStatus ReadProgramId(u64& out_program_id) override;
author	liamwhite	2023-09-10 13:40:39 -0400
committer	GitHub	2023-09-10 13:40:39 -0400
commit	64130d9f01c15bc021d3802e484b5a480911e5cc (patch)
tree	88a1905a2dce48c34c77fc258b47b4aea66107a9 /src/core/loader
parent	Merge pull request #11465 from Kelebek1/skip_remaining_reset (diff)
parent	core: implement basic integrity verification (diff)
download	yuzu-64130d9f01c15bc021d3802e484b5a480911e5cc.tar.gz yuzu-64130d9f01c15bc021d3802e484b5a480911e5cc.tar.xz yuzu-64130d9f01c15bc021d3802e484b5a480911e5cc.zip

diff --git a/src/core/loader/loader.cpp b/src/core/loader/loader.cpp index 07c65dc1a..b6e355622 100644 --- a/src/core/loader/loader.cpp +++ b/src/core/loader/loader.cpp
@@ -108,7 +108,7 @@ std::string GetFileTypeString(FileType type) {
108	return "unknown";	108	return "unknown";
109	}	109	}
110		110
111	constexpr std::array<const char*, 66> RESULT_MESSAGES{	111	constexpr std::array<const char*, 68> RESULT_MESSAGES{
112	"The operation completed successfully.",	112	"The operation completed successfully.",
113	"The loader requested to load is already loaded.",	113	"The loader requested to load is already loaded.",
114	"The operation is not implemented.",	114	"The operation is not implemented.",
@@ -175,6 +175,8 @@ constexpr std::array<const char*, 66> RESULT_MESSAGES{
175	"The KIP BLZ decompression of the section failed unexpectedly.",	175	"The KIP BLZ decompression of the section failed unexpectedly.",
176	"The INI file has a bad header.",	176	"The INI file has a bad header.",
177	"The INI file contains more than the maximum allowable number of KIP files.",	177	"The INI file contains more than the maximum allowable number of KIP files.",
		178	"Integrity verification could not be performed for this file.",
		179	"Integrity verification failed.",
178	};	180	};
179		181
180	std::string GetResultStatusString(ResultStatus status) {	182	std::string GetResultStatusString(ResultStatus status) {


diff --git a/src/core/loader/loader.h b/src/core/loader/loader.h index 721eb8e8c..b4828f7cd 100644 --- a/src/core/loader/loader.h +++ b/src/core/loader/loader.h
@@ -3,6 +3,7 @@
3		3
4	#pragma once	4	#pragma once
5		5
		6	#include <functional>
6	#include <iosfwd>	7	#include <iosfwd>
7	#include <memory>	8	#include <memory>
8	#include <optional>	9	#include <optional>
@@ -132,6 +133,8 @@ enum class ResultStatus : u16 {
132	ErrorBLZDecompressionFailed,	133	ErrorBLZDecompressionFailed,
133	ErrorBadINIHeader,	134	ErrorBadINIHeader,
134	ErrorINITooManyKIPs,	135	ErrorINITooManyKIPs,
		136	ErrorIntegrityVerificationNotImplemented,
		137	ErrorIntegrityVerificationFailed,
135	};	138	};
136		139
137	std::string GetResultStatusString(ResultStatus status);	140	std::string GetResultStatusString(ResultStatus status);
@@ -170,6 +173,13 @@ public:
170	virtual LoadResult Load(Kernel::KProcess& process, Core::System& system) = 0;	173	virtual LoadResult Load(Kernel::KProcess& process, Core::System& system) = 0;
171		174
172	/**	175	/**
		176	* Try to verify the integrity of the file.
		177	*/
		178	virtual ResultStatus VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) {
		179	return ResultStatus::ErrorIntegrityVerificationNotImplemented;
		180	}
		181
		182	/**
173	* Get the code (typically .code section) of the application	183	* Get the code (typically .code section) of the application
174	*	184	*
175	* @param[out] buffer Reference to buffer to store data	185	* @param[out] buffer Reference to buffer to store data


diff --git a/src/core/loader/nca.cpp b/src/core/loader/nca.cpp index 09d40e695..4feb6968a 100644 --- a/src/core/loader/nca.cpp +++ b/src/core/loader/nca.cpp
@@ -3,6 +3,8 @@
3		3
4	#include <utility>	4	#include <utility>
5		5
		6	#include "common/hex_util.h"
		7	#include "common/scope_exit.h"
6	#include "core/core.h"	8	#include "core/core.h"
7	#include "core/file_sys/content_archive.h"	9	#include "core/file_sys/content_archive.h"
8	#include "core/file_sys/nca_metadata.h"	10	#include "core/file_sys/nca_metadata.h"
@@ -12,6 +14,7 @@
12	#include "core/hle/service/filesystem/filesystem.h"	14	#include "core/hle/service/filesystem/filesystem.h"
13	#include "core/loader/deconstructed_rom_directory.h"	15	#include "core/loader/deconstructed_rom_directory.h"
14	#include "core/loader/nca.h"	16	#include "core/loader/nca.h"
		17	#include "mbedtls/sha256.h"
15		18
16	namespace Loader {	19	namespace Loader {
17		20
@@ -80,6 +83,79 @@ AppLoader_NCA::LoadResult AppLoader_NCA::Load(Kernel::KProcess& process, Core::S
80	return load_result;	83	return load_result;
81	}	84	}
82		85
		86	ResultStatus AppLoader_NCA::VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) {
		87	using namespace Common::Literals;
		88
		89	constexpr size_t NcaFileNameWithHashLength = 36;
		90	constexpr size_t NcaFileNameHashLength = 32;
		91	constexpr size_t NcaSha256HashLength = 32;
		92	constexpr size_t NcaSha256HalfHashLength = NcaSha256HashLength / 2;
		93
		94	// Get the file name.
		95	const auto name = file->GetName();
		96
		97	// We won't try to verify meta NCAs.
		98	if (name.ends_with(".cnmt.nca")) {
		99	return ResultStatus::Success;
		100	}
		101
		102	// Check if we can verify this file. NCAs should be named after their hashes.
		103	if (!name.ends_with(".nca") \|\| name.size() != NcaFileNameWithHashLength) {
		104	LOG_WARNING(Loader, "Unable to validate NCA with name {}", name);
		105	return ResultStatus::ErrorIntegrityVerificationNotImplemented;
		106	}
		107
		108	// Get the expected truncated hash of the NCA.
		109	const auto input_hash =
		110	Common::HexStringToVector(file->GetName().substr(0, NcaFileNameHashLength), false);
		111
		112	// Declare buffer to read into.
		113	std::vector<u8> buffer(4_MiB);
		114
		115	// Initialize sha256 verification context.
		116	mbedtls_sha256_context ctx;
		117	mbedtls_sha256_init(&ctx);
		118	mbedtls_sha256_starts_ret(&ctx, 0);
		119
		120	// Ensure we maintain a clean state on exit.
		121	SCOPE_EXIT({ mbedtls_sha256_free(&ctx); });
		122
		123	// Declare counters.
		124	const size_t total_size = file->GetSize();
		125	size_t processed_size = 0;
		126
		127	// Begin iterating the file.
		128	while (processed_size < total_size) {
		129	// Refill the buffer.
		130	const size_t intended_read_size = std::min(buffer.size(), total_size - processed_size);
		131	const size_t read_size = file->Read(buffer.data(), intended_read_size, processed_size);
		132
		133	// Update the hash function with the buffer contents.
		134	mbedtls_sha256_update_ret(&ctx, buffer.data(), read_size);
		135
		136	// Update counters.
		137	processed_size += read_size;
		138
		139	// Call the progress function.
		140	if (!progress_callback(processed_size, total_size)) {
		141	return ResultStatus::ErrorIntegrityVerificationFailed;
		142	}
		143	}
		144
		145	// Finalize context and compute the output hash.
		146	std::array<u8, NcaSha256HashLength> output_hash;
		147	mbedtls_sha256_finish_ret(&ctx, output_hash.data());
		148
		149	// Compare to expected.
		150	if (std::memcmp(input_hash.data(), output_hash.data(), NcaSha256HalfHashLength) != 0) {
		151	LOG_ERROR(Loader, "NCA hash mismatch detected for file {}", name);
		152	return ResultStatus::ErrorIntegrityVerificationFailed;
		153	}
		154
		155	// File verified.
		156	return ResultStatus::Success;
		157	}
		158
83	ResultStatus AppLoader_NCA::ReadRomFS(FileSys::VirtualFile& dir) {	159	ResultStatus AppLoader_NCA::ReadRomFS(FileSys::VirtualFile& dir) {
84	if (nca == nullptr) {	160	if (nca == nullptr) {
85	return ResultStatus::ErrorNotInitialized;	161	return ResultStatus::ErrorNotInitialized;


diff --git a/src/core/loader/nca.h b/src/core/loader/nca.h index cf356ce63..96779e27f 100644 --- a/src/core/loader/nca.h +++ b/src/core/loader/nca.h
@@ -39,6 +39,8 @@ public:
39		39
40	LoadResult Load(Kernel::KProcess& process, Core::System& system) override;	40	LoadResult Load(Kernel::KProcess& process, Core::System& system) override;
41		41
		42	ResultStatus VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) override;
		43
42	ResultStatus ReadRomFS(FileSys::VirtualFile& dir) override;	44	ResultStatus ReadRomFS(FileSys::VirtualFile& dir) override;
43	ResultStatus ReadProgramId(u64& out_program_id) override;	45	ResultStatus ReadProgramId(u64& out_program_id) override;
44		46


diff --git a/src/core/loader/nsp.cpp b/src/core/loader/nsp.cpp index f9b2549a3..fe2af1ae6 100644 --- a/src/core/loader/nsp.cpp +++ b/src/core/loader/nsp.cpp
@@ -117,6 +117,42 @@ AppLoader_NSP::LoadResult AppLoader_NSP::Load(Kernel::KProcess& process, Core::S
117	return result;	117	return result;
118	}	118	}
119		119
		120	ResultStatus AppLoader_NSP::VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) {
		121	// Extracted-type NSPs can't be verified.
		122	if (nsp->IsExtractedType()) {
		123	return ResultStatus::ErrorIntegrityVerificationNotImplemented;
		124	}
		125
		126	// Get list of all NCAs.
		127	const auto ncas = nsp->GetNCAsCollapsed();
		128
		129	size_t total_size = 0;
		130	size_t processed_size = 0;
		131
		132	// Loop over NCAs, collecting the total size to verify.
		133	for (const auto& nca : ncas) {
		134	total_size += nca->GetBaseFile()->GetSize();
		135	}
		136
		137	// Loop over NCAs again, verifying each.
		138	for (const auto& nca : ncas) {
		139	AppLoader_NCA loader_nca(nca->GetBaseFile());
		140
		141	const auto NcaProgressCallback = [&](size_t nca_processed_size, size_t nca_total_size) {
		142	return progress_callback(processed_size + nca_processed_size, total_size);
		143	};
		144
		145	const auto verification_result = loader_nca.VerifyIntegrity(NcaProgressCallback);
		146	if (verification_result != ResultStatus::Success) {
		147	return verification_result;
		148	}
		149
		150	processed_size += nca->GetBaseFile()->GetSize();
		151	}
		152
		153	return ResultStatus::Success;
		154	}
		155
120	ResultStatus AppLoader_NSP::ReadRomFS(FileSys::VirtualFile& out_file) {	156	ResultStatus AppLoader_NSP::ReadRomFS(FileSys::VirtualFile& out_file) {
121	return secondary_loader->ReadRomFS(out_file);	157	return secondary_loader->ReadRomFS(out_file);
122	}	158	}


diff --git a/src/core/loader/nsp.h b/src/core/loader/nsp.h index 79df4586a..7ce436c67 100644 --- a/src/core/loader/nsp.h +++ b/src/core/loader/nsp.h
@@ -45,6 +45,8 @@ public:
45		45
46	LoadResult Load(Kernel::KProcess& process, Core::System& system) override;	46	LoadResult Load(Kernel::KProcess& process, Core::System& system) override;
47		47
		48	ResultStatus VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) override;
		49
48	ResultStatus ReadRomFS(FileSys::VirtualFile& out_file) override;	50	ResultStatus ReadRomFS(FileSys::VirtualFile& out_file) override;
49	ResultStatus ReadUpdateRaw(FileSys::VirtualFile& out_file) override;	51	ResultStatus ReadUpdateRaw(FileSys::VirtualFile& out_file) override;
50	ResultStatus ReadProgramId(u64& out_program_id) override;	52	ResultStatus ReadProgramId(u64& out_program_id) override;


diff --git a/src/core/loader/xci.cpp b/src/core/loader/xci.cpp index 3a76bc788..12d72c380 100644 --- a/src/core/loader/xci.cpp +++ b/src/core/loader/xci.cpp
@@ -85,6 +85,40 @@ AppLoader_XCI::LoadResult AppLoader_XCI::Load(Kernel::KProcess& process, Core::S
85	return result;	85	return result;
86	}	86	}
87		87
		88	ResultStatus AppLoader_XCI::VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) {
		89	// Verify secure partition, as it is the only thing we can process.
		90	auto secure_partition = xci->GetSecurePartitionNSP();
		91
		92	// Get list of all NCAs.
		93	const auto ncas = secure_partition->GetNCAsCollapsed();
		94
		95	size_t total_size = 0;
		96	size_t processed_size = 0;
		97
		98	// Loop over NCAs, collecting the total size to verify.
		99	for (const auto& nca : ncas) {
		100	total_size += nca->GetBaseFile()->GetSize();
		101	}
		102
		103	// Loop over NCAs again, verifying each.
		104	for (const auto& nca : ncas) {
		105	AppLoader_NCA loader_nca(nca->GetBaseFile());
		106
		107	const auto NcaProgressCallback = [&](size_t nca_processed_size, size_t nca_total_size) {
		108	return progress_callback(processed_size + nca_processed_size, total_size);
		109	};
		110
		111	const auto verification_result = loader_nca.VerifyIntegrity(NcaProgressCallback);
		112	if (verification_result != ResultStatus::Success) {
		113	return verification_result;
		114	}
		115
		116	processed_size += nca->GetBaseFile()->GetSize();
		117	}
		118
		119	return ResultStatus::Success;
		120	}
		121
88	ResultStatus AppLoader_XCI::ReadRomFS(FileSys::VirtualFile& out_file) {	122	ResultStatus AppLoader_XCI::ReadRomFS(FileSys::VirtualFile& out_file) {
89	return nca_loader->ReadRomFS(out_file);	123	return nca_loader->ReadRomFS(out_file);
90	}	124	}


diff --git a/src/core/loader/xci.h b/src/core/loader/xci.h index ff05e6f62..b02e136d3 100644 --- a/src/core/loader/xci.h +++ b/src/core/loader/xci.h
@@ -45,6 +45,8 @@ public:
45		45
46	LoadResult Load(Kernel::KProcess& process, Core::System& system) override;	46	LoadResult Load(Kernel::KProcess& process, Core::System& system) override;
47		47
		48	ResultStatus VerifyIntegrity(std::function<bool(size_t, size_t)> progress_callback) override;
		49
48	ResultStatus ReadRomFS(FileSys::VirtualFile& out_file) override;	50	ResultStatus ReadRomFS(FileSys::VirtualFile& out_file) override;
49	ResultStatus ReadUpdateRaw(FileSys::VirtualFile& out_file) override;	51	ResultStatus ReadUpdateRaw(FileSys::VirtualFile& out_file) override;
50	ResultStatus ReadProgramId(u64& out_program_id) override;	52	ResultStatus ReadProgramId(u64& out_program_id) override;