feat: NSP utils - Check Ticket (#10)

* Add new config entry

* Placeholder for verifying nsp

* New Source interface

* Add new mock for Source

* Add header for bash file

* Split sources for clarity

* Rename files since better package

* Add more comments

* Cleaner way to verify nsp

* Fix lint issue

* Starting point for NSP

* Add reading file entry

* Read filename

* Add information about ticket

* Reading ticket information

* working title key comparison

* Basic retructuration

* Fix lint issues

* Add more credti

* Clean implementation for local files

* Update config

* Cleaner handle error for directory

* Beginning to add check for nfs

* Finish implementation for nfs

* Cleaner message

* Fix: issue with watcher and no directory

* Handling no ticket in nsp/nsz

* Add new config for debuging ticket

* Add new tests

* doc: Update readme

* Fix lint cyclo issue

* Change settings to reduce complexity lint

* doc: Give more explanation

Co-authored-by: DblK <admin@dblk.org>

.golangci.yml

@@ -1,6 +1,8 @@
 linters-settings:
   lll:
     line-length: 200
+  gocyclo:
+    min-complexity: 20
 
 linters:
   enable:
@@ -39,6 +41,7 @@ linters:
     - whitespace
     # - wsl
     - exportloopref
+    - golint
   disable:
     - noctx
     - scopelint
@@ -57,4 +60,6 @@ issues:
     - path: _test\.go
       linters:
         - gochecknoglobals
-        - dupl
+        - dupl
+  include:
+    - EXC0002

.vscode/settings.json

@@ -8,6 +8,8 @@
         "dupl",
         "errcheck",
         "Errorf",
+        "errorlint",
+        "ETICKET",
         "exportloopref",
         "Fatalf",
         "fsnotify",
@@ -39,6 +41,7 @@
         "nestif",
         "noctx",
         "nolintlint",
+        "nxdumptool",
         "prealloc",
         "renameio",
         "robustio",

README.md

@@ -48,6 +48,7 @@ Here is the list of all main features so far:
 - [X] You can specify custom titledb to be merged with official one
 - [X] Auto-watch for mounted directories
 - [X] Add filters path for shop
+- [X] Simple ticket check in NSP/NSZ
 
 ## Filtering
 
@@ -118,9 +119,17 @@ For other type of protection, you can whitelist your own switch and this will do
 First, download and replace the latest [`titles.US.en.json`](https://github.com/AdamK2003/titledb/releases/download/latest/titles.US.en.json) available (or delete it, it will be automatically downloaded at startup).  
 If this does not solve your issue, then you should use custom titledb entry to describe those which are missing.
 
+## Why I still get `NCA signature verification failed` error in `tinfoil` and nothing in `tinshop`?
+
+The current implementation to verify the NSP/NSZ are basic and based on the Ticket information.  
+So you might still get some error about signature failed even with `checkVerified` enabled.
+
+Maybe later, this feature will be enhanced to add additional checks on game files (PR Welcome!).
+
 # Credits
 
 I would like to give back thanks to the people who helped me with or without knowing!
 - [Bogdan Rosu Creative](https://www.iconfinder.com/icons/353439/basket_purse_shopping_cart_ecommerce_shop_buy_online_icon) for his shop icon.
 - [Dono](https://github.com/Donorhan) for his support and tests.
 - [AdamK2003](https://github.com/AdamK2003/titledb) for his up-to-date [`titles.US.en.json`](https://github.com/AdamK2003/titledb/releases/download/latest/titles.US.en.json) and his answers on discord.
+- [nxdumptool](https://github.com/DarkMatterCore/nxdumptool) for the information taken of NSP format

config.example.yaml

@@ -21,7 +21,14 @@ debug:
   nfs: false
   # Remove middleware security for retrieving index
   # DO NOT use in production (only for dev purpose)
-  noSecurity: true
+  noSecurity: false
+  # Display more information about ticket's verification
+  ticket: false
+
+# All actions related to NSP file will be stored here
+nsp:
+  # Tells if tinshop should verify the ticket inside NSP to ensure no issue with install
+  checkVerified: true
 
 # All sources where we should look for games
 # If this section is commented out, then the directory "games" will be looked at

config/config.go

@@ -21,6 +21,7 @@ import (
 type debug struct {
 	Nfs        bool
 	NoSecurity bool
+	Ticket     bool
 }
 
 type security struct {
@@ -29,6 +30,10 @@ type security struct {
 	BannedTheme []string `mapstructure:"bannedTheme"`
 }
 
+type nsp struct {
+	CheckVerified bool `mapstructure:"checkVerified"`
+}
+
 // File holds all config information
 type File struct {
 	rootShop         string
@@ -40,6 +45,7 @@ type File struct {
 	Name             string                             `mapstructure:"name"`
 	Security         security                           `mapstructure:"security"`
 	CustomTitleDB    map[string]repository.TitleDBEntry `mapstructure:"customTitledb"`
+	NSP              nsp                                `mapsstructure:"nsp"`
 	shopTemplateData repository.ShopTemplate
 }
 
@@ -181,6 +187,11 @@ func (cfg *File) Port() int {
 	return cfg.ShopPort
 }
 
+// DebugTicket tells if we should display additional log for ticket verification
+func (cfg *File) DebugTicket() bool {
+	return cfg.Debug.Ticket
+}
+
 // DebugNfs tells if we should display additional log for nfs
 func (cfg *File) DebugNfs() bool {
 	return cfg.Debug.Nfs
@@ -226,6 +237,11 @@ func (cfg *File) ShopTitle() string {
 	return cfg.Name
 }
 
+// VerifyNSP tells if we need to verify NSP
+func (cfg *File) VerifyNSP() bool {
+	return cfg.NSP.CheckVerified
+}
+
 // IsBlacklisted tells if the uid is blacklisted or not
 func (cfg *File) IsBlacklisted(uid string) bool {
 	if len(cfg.Security.Whitelist) != 0 {

config/config_test.go

@@ -270,6 +270,16 @@ var _ = Describe("Config", func() {
 			Expect(myConfig.DebugNfs()).To(BeTrue())
 		})
 	})
+	Describe("VerifyNSP", func() {
+		var myConfig = config.File{}
+		It("Test with empty object", func() {
+			Expect(myConfig.VerifyNSP()).To(BeFalse())
+		})
+		It("Test with a value", func() {
+			myConfig.NSP.CheckVerified = true
+			Expect(myConfig.VerifyNSP()).To(BeTrue())
+		})
+	})
 	Describe("DebugNoSecurity", func() {
 		var myConfig = config.File{}
 		It("Test with empty object", func() {
@@ -280,6 +290,16 @@ var _ = Describe("Config", func() {
 			Expect(myConfig.DebugNoSecurity()).To(BeTrue())
 		})
 	})
+	Describe("DebugTicket", func() {
+		var myConfig = config.File{}
+		It("Test with empty object", func() {
+			Expect(myConfig.DebugTicket()).To(BeFalse())
+		})
+		It("Test with a value", func() {
+			myConfig.Debug.Ticket = true
+			Expect(myConfig.DebugTicket()).To(BeTrue())
+		})
+	})
 	Describe("BannedTheme", func() {
 		var myConfig = config.File{}
 		It("Test with empty object", func() {

gamescollection/collection.go

@@ -7,6 +7,7 @@ package gamescollection
 
 import (
 	"encoding/json"
+	"errors"
 	"io"
 	"log"
 	"os"
@@ -223,3 +224,12 @@ func AddNewGames(newGames []repository.FileDesc) {
 	games.Files = append(games.Files, gameList...)
 	log.Printf("Added %d games in your library\n", len(gameList))
 }
+
+// GetKey return the key from the titledb
+func GetKey(gameID string) (string, error) {
+	var key = Library()[gameID].Key
+	if key == "" {
+		return "", errors.New("TitleDBKey for game " + gameID + " is not found")
+	}
+	return key, nil
+}

gamescollection/collection_test.go

@@ -168,4 +168,51 @@ var _ = Describe("Collection", func() {
 			Expect(len(filteredGames.Files)).To(Equal(1))
 		})
 	})
+	FDescribe("GetKey", func() {
+		var (
+			myMockConfig *mock_repository.MockConfig
+			ctrl         *gomock.Controller
+		)
+		BeforeEach(func() {
+			ctrl = gomock.NewController(GinkgoT())
+		})
+		JustBeforeEach(func() {
+			myMockConfig = mock_repository.NewMockConfig(ctrl)
+			customDB := make(map[string]repository.TitleDBEntry)
+			custom1 := repository.TitleDBEntry{
+				ID:  "0000000000000001",
+				Key: "My Key",
+			}
+			customDB["0000000000000001"] = custom1
+			custom2 := repository.TitleDBEntry{
+				ID:  "0000000000000002",
+				Key: "",
+			}
+			customDB["0000000000000001"] = custom1
+			customDB["0000000000000002"] = custom2
+
+			myMockConfig.EXPECT().
+				CustomDB().
+				Return(customDB).
+				AnyTimes()
+			myMockConfig.EXPECT().
+				BannedTheme().
+				Return(nil).
+				AnyTimes()
+
+			collection.OnConfigUpdate(myMockConfig)
+		})
+		It("Retrieving existing Key", func() {
+			key, err := collection.GetKey("0000000000000001")
+			Expect(err).To(BeNil())
+			Expect(key).To(Not(BeEmpty()))
+			Expect(key).To(Equal("My Key"))
+		})
+		It("Retrieving not existing Key", func() {
+			key, err := collection.GetKey("0000000000000002")
+			Expect(err).To(Not(BeNil()))
+			Expect(err.Error()).To(Equal("TitleDBKey for game 0000000000000002 is not found"))
+			Expect(key).To(BeEmpty())
+		})
+	})
 })

nsp/constant.go

@@ -0,0 +1,7 @@
+package nsp
+
+const (
+	eTicketTIKFileSize    uint64 = 704
+	eTicketTitleKeyCommon uint8  = 0
+	genericIssuer         string = "Root-CA00000003-XS00000020"
+)