Optimize CIA hashing

The section of data between the header and ExeFS normally has to be "decrypted" to obtain the right AES state. However, we can just abuse the way CBC works and get the right IV regardless, by just reading the previous encrypted block before the ExeFS.
RetroAchievements · Nov 16, 2024 · 03fdf3c · 03fdf3c
1 parent 6b3ce04
commit 03fdf3c
Showing 1 changed file with 9 additions and 19 deletions.
diff --git a/src/rhash/hash.c b/src/rhash/hash.c
@@ -1582,7 +1582,7 @@ static int rc_hash_nintendo_3ds_ncch(md5_state_t* md5, void* file_handle, uint8_
   uint16_t ncch_version;
   uint32_t i;
   uint8_t primary_key_y[AES_KEYLEN], program_id[sizeof(uint64_t)];
-  uint8_t iv[AES_BLOCKLEN];
+  uint8_t iv[AES_BLOCKLEN], cia_iv[AES_BLOCKLEN];
   uint8_t exefs_section_name[8];
   uint64_t exefs_section_offset, exefs_section_size;
 
@@ -1710,32 +1710,22 @@ static int rc_hash_nintendo_3ds_ncch(md5_state_t* md5, void* file_handle, uint8_
 
   if (cia_aes)
   {
-    /* We have to decrypt the data between the header and the ExeFS so the CIA AES state is correct
-     * when we reach the ExeFS. This decrypted data is not included in the RetroAchievements hash */
+    /* CBC decryption works by setting the IV to the encrypted previous block.
+     * Normally this means we would need to decrypt the data between the header and the ExeFS so the CIA AES state is correct.
+     * However, we can abuse how CBC decryption works and just set the IV to last block we would otherwise decrypt.
+     * We don't care about the data betweeen the header and ExeFS, so this works fine. */
 
-    /* This should never happen in practice, but just in case */
-    if (exefs_offset > MAX_BUFFER_SIZE)
-      return rc_hash_error("Too much data required to decrypt in order to hash");
-
-    hash_buffer = (uint8_t*)malloc((uint32_t)exefs_offset);
-    if (!hash_buffer)
-    {
-      snprintf((char*)header, 0x200, "Failed to allocate %u bytes", (unsigned)exefs_offset);
-      return rc_hash_error((const char*)header);
-    }
-
-    if (rc_file_read(file_handle, hash_buffer, (uint32_t)exefs_offset) != (uint32_t)exefs_offset)
+    rc_file_seek(file_handle, (int64_t)exefs_offset - AES_BLOCKLEN, SEEK_CUR);
+    if (rc_file_read(file_handle, cia_iv, AES_BLOCKLEN) != AES_BLOCKLEN)
     {
-      free(hash_buffer);
       return rc_hash_error("Could not read NCCH data");
     }
 
-    AES_CBC_decrypt_buffer(cia_aes, hash_buffer, (uint32_t)exefs_offset);
-    free(hash_buffer);
+    AES_ctx_set_iv(cia_aes, cia_iv);
   }
   else
   {
-    /* No decryption needed, just skip over the in-between data */
+    /* No encryption present, just skip over the in-between data */
     rc_file_seek(file_handle, (int64_t)exefs_offset, SEEK_CUR);
   }