同名ファイルの入れ替え攻撃を防ぐためフルパスをハッシュ計算に含めるように

NAND書き込み失敗時には進捗を減らすように git-svn-id: file:///Volumes/Transfer/gigaleak_20231201/2020-05-23%20-%20ctr.7z%20+%20svn_v1.068.zip/ctr/svn/ctr_Repair@158 385bec56-5757-e545-9c3a-d8741f4650f1
2025-10-31 13:51:08 -04:00 · 2011-03-25 02:59:36 +00:00 · 2011-03-25 02:59:36 +00:00 · ad42a7ae64
commit ad42a7ae64
parent af6c27869e
1 changed files with 10 additions and 3 deletions
--- a/trunk/ConsoleDataMigration/common/FileTransfer.cpp
+++ b/trunk/ConsoleDataMigration/common/FileTransfer.cpp
@ -40,7 +40,7 @@ u64 s_Progress = 0;
 }

 bool VerifyMac(nn::fs::FileInputStream* sdFile, nn::fs::FileStream* nandFile, s64 sdFileSize, s64 nandFileSize,
-        void* buf, size_t bufSize);
+        const wchar_t* nandPath, void* buf, size_t bufSize);
 bool ConfirmFile(nn::fs::FileInputStream* from_file, nn::fs::FileStream* to_file, s64 sdFileSize, s64 nandFileSize,
        void* buf, size_t bufSize, const wchar_t* sdPath, const wchar_t* tmpPath, const wchar_t* truePath);
 void AddPkcsPadding(u8* paddingSize, void* buf, size_t bufSize, s32* readSize);
@ -288,6 +288,9 @@ bool CopyDirectory(ImportDataList* fileList, const wchar_t * from_path, const wc
                            ret_value = false;
                        }

+                        // フルパスをハッシュに含める
+                        context.Update(target_from.str().c_str(), target_from.str().size() * sizeof(wchar_t));
+
                        BackupDataHeader header;
                        BackupDataHeader enc;
                        std::memset(&header, 0, sizeof(header));
@ -458,6 +461,7 @@ bool CopyDirectory(ImportDataList* fileList, const wchar_t * from_path, const wc
                                                target_from.str().c_str(), target_tmp.str().c_str(),
                                                target_to.str().c_str()))
                                        {
+                                            s_FinishedFileSize -= readsize;
                                            ret_value = false;
                                        }
                                        break;
@ -516,7 +520,7 @@ bool CalculateAndCompareCmac(nn::crypto::Sha256Context* context, bit8* sdCmac)


 bool VerifyMac(nn::fs::FileInputStream* sdFile, nn::fs::FileStream* nandFile, s64 sdFileSize, s64 nandFileSize,
-        void* buf, size_t bufSize)
+        const wchar_t* nandPath, void* buf, size_t bufSize)
 {
    nn::Result result;
    bit8 sdCmac[nn::crypto::AES_CMAC_MAC_SIZE];
@ -557,6 +561,9 @@ bool VerifyMac(nn::fs::FileInputStream* sdFile, nn::fs::FileStream* nandFile, s6
    nn::crypto::Sha256Context context;
    context.Initialize();

+    // NAND上のフルパスをハッシュに含めている
+    context.Update(nandPath, std::wcslen(nandPath) * sizeof(wchar_t));
+
    BackupDataHeader header;
    BackupDataHeader enc;
    std::memset(&header, 0, sizeof(header));
@ -616,7 +623,7 @@ bool ConfirmFile(nn::fs::FileInputStream* from_file, nn::fs::FileStream* to_file

    bool ret_value = true;
    NN_LOG("Verify CMAC %ls\n", sdPath);
-    if (!VerifyMac(from_file, to_file, sdFileSize, nandFileSize, buf, bufSize))
+    if (!VerifyMac(from_file, to_file, sdFileSize, nandFileSize, truePath, buf, bufSize))
    {
        // 検証に失敗したので削除する
        COMMON_LOGGER("**********Verification Failed %s, Delete**********\n", GetCharStr(sdPath));