Commit graph

59 commits

Author SHA1 Message Date
Liam
0cd9d51e06 sockets: avoid locking around socket session calls 2023-08-19 23:09:35 -04:00
Liam
3e3294e1c2 core: implement GetGaiStringErrorRequest, IContextRegistrar 2023-07-22 23:29:45 -04:00
comex
0e191c2711 Updates:
- Address PR feedback.
- Add SecureTransport backend for macOS.
2023-07-01 17:27:35 -07:00
comex
d885dd5b64 PR feedback + constification 2023-06-25 19:24:49 -07:00
comex
8e703e08df Implement SSL service
This implements some missing network APIs including a large chunk of the SSL
service, enough for Mario Maker (with an appropriate mod applied) to connect to
the fan server [Open Course World](https://opencourse.world/).

Connecting to first-party servers is out of scope of this PR and is a
minefield I'd rather not step into.

 ## TLS

TLS is implemented with multiple backends depending on the system's 'native'
TLS library.  Currently there are two backends: Schannel for Windows, and
OpenSSL for Linux.  (In reality Linux is a bit of a free-for-all where there's
no one 'native' library, but OpenSSL is the closest it gets.)  On macOS the
'native' library is SecureTransport but that isn't implemented in this PR.
(Instead, all non-Windows OSes will use OpenSSL unless disabled with
`-DENABLE_OPENSSL=OFF`.)

Why have multiple backends instead of just using a single library, especially
given that Yuzu already embeds mbedtls for cryptographic algorithms?  Well, I
tried implementing this on mbedtls first, but the problem is TLS policies -
mainly trusted certificate policies, and to a lesser extent trusted algorithms,
SSL versions, etc.

...In practice, the chance that someone is going to conduct a man-in-the-middle
attack on a third-party game server is pretty low, but I'm a security nerd so I
like to do the right security things.

My base assumption is that we want to use the host system's TLS policies.  An
alternative would be to more closely emulate the Switch's TLS implementation
(which is based on NSS).  But for one thing, I don't feel like reverse
engineering it.  And I'd argue that for third-party servers such as Open Course
World, it's theoretically preferable to use the system's policies rather than
the Switch's, for two reasons

1. Someday the Switch will stop being updated, and the trusted cert list,
   algorithms, etc. will start to go stale, but users will still want to
   connect to third-party servers, and there's no reason they shouldn't have
   up-to-date security when doing so.  At that point, homebrew users on actual
   hardware may patch the TLS implementation, but for emulators it's simpler to
   just use the host's stack.

2. Also, it's good to respect any custom certificate policies the user may have
   added systemwide.  For example, they may have added custom trusted CAs in
   order to use TLS debugging tools or pass through corporate MitM middleboxes.
   Or they may have removed some CAs that are normally trusted out of paranoia.

Note that this policy wouldn't work as-is for connecting to first-party
servers, because some of them serve certificates based on Nintendo's own CA
rather than a publicly trusted one.  However, this could probably be solved
easily by using appropriate APIs to adding Nintendo's CA as an alternate
trusted cert for Yuzu's connections.  That is not implemented in this PR
because, again, first-party servers are out of scope.

(If anything I'd rather have an option to _block_ connections to Nintendo
servers, but that's not implemented here.)

To use the host's TLS policies, there are three theoretical options:

a) Import the host's trusted certificate list into a cross-platform TLS
   library (presumably mbedtls).

b) Use the native TLS library to verify certificates but use a cross-platform
   TLS library for everything else.

c) Use the native TLS library for everything.

Two problems with option a).  First, importing the trusted certificate list at
minimum requires a bunch of platform-specific code, which mbedtls does not have
built in.  Interestingly, OpenSSL recently gained the ability to import the
Windows certificate trust store... but that leads to the second problem, which
is that a list of trusted certificates is [not expressive
enough](https://bugs.archlinux.org/task/41909) to express a modern certificate
trust policy.  For example, Windows has the concept of [explicitly distrusted
certificates](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn265983(v=ws.11)),
and macOS requires Certificate Transparency validation for some certificates
with complex rules for when it's required.

Option b) (using native library just to verify certs) is probably feasible, but
it would miss aspects of TLS policy other than trusted certs (like allowed
algorithms), and in any case it might well require writing more code, not less,
compared to using the native library for everything.

So I ended up at option c), using the native library for everything.

What I'd *really* prefer would be to use a third-party library that does option
c) for me.  Rust has a good library for this,
[native-tls](https://docs.rs/native-tls/latest/native_tls/).  I did search, but
I couldn't find a good option in the C or C++ ecosystem, at least not any that
wasn't part of some much larger framework.  I was surprised - isn't this a
pretty common use case?  Well, many applications only need TLS for HTTPS, and they can
use libcurl, which has a TLS abstraction layer internally but doesn't expose
it.  Other applications only support a single TLS library, or use one of the
aforementioned larger frameworks, or are platform-specific to begin with, or of
course are written in a non-C/C++ language, most of which have some canonical
choice for TLS.  But there are also many applications that have a set of TLS
backends just like this; it's just that nobody has gone ahead and abstracted
the pattern into a library, at least not a widespread one.

Amusingly, there is one TLS abstraction layer that Yuzu already bundles: the
one in ffmpeg.  But it is missing some features that would be needed to use it
here (like reusing an existing socket rather than managing the socket itself).
Though, that does mean that the wiki's build instructions for Linux (and macOS
for some reason?) already recommend installing OpenSSL, so no need to update
those.

 ## Other APIs implemented

- Sockets:
    - GetSockOpt(`SO_ERROR`)
    - SetSockOpt(`SO_NOSIGPIPE`) (stub, I have no idea what this does on Switch)
    - `DuplicateSocket` (because the SSL sysmodule calls it internally)
    - More `PollEvents` values

- NSD:
    - `Resolve` and `ResolveEx` (stub, good enough for Open Course World and
      probably most third-party servers, but not first-party)

- SFDNSRES:
    - `GetHostByNameRequest` and `GetHostByNameRequestWithOptions`
    - `ResolverSetOptionRequest` (stub)

 ## Fixes

- Parts of the socket code were previously allocating a `sockaddr` object on
  the stack when calling functions that take a `sockaddr*` (e.g. `accept`).
  This might seem like the right thing to do to avoid illegal aliasing, but in
  fact `sockaddr` is not guaranteed to be large enough to hold any particular
  type of address, only the header.  This worked in practice because in
  practice `sockaddr` is the same size as `sockaddr_in`, but it's not how the
  API is meant to be used.  I changed this to allocate an `sockaddr_in` on the
  stack and `reinterpret_cast` it.  I could try to do something cleverer with
  `aligned_storage`, but casting is the idiomatic way to use these particular
  APIs, so it's really the system's responsibility to avoid any aliasing
  issues.

- I rewrote most of the `GetAddrInfoRequest[WithOptions]` implementation.  The
  old implementation invoked the host's getaddrinfo directly from sfdnsres.cpp,
  and directly passed through the host's socket type, protocol, etc. values
  rather than looking up the corresponding constants on the Switch.  To be
  fair, these constants don't tend to actually vary across systems, but
  still... I added a wrapper for `getaddrinfo` in
  `internal_network/network.cpp` similar to the ones for other socket APIs, and
  changed the `GetAddrInfoRequest` implementation to use it.  While I was at
  it, I rewrote the serialization to use the same approach I used to implement
  `GetHostByNameRequest`, because it reduces the number of size calculations.
  While doing so I removed `AF_INET6` support because the Switch doesn't
  support IPv6; it might be nice to support IPv6 anyway, but that would have to
  apply to all of the socket APIs.

  I also corrected the IPC wrappers for `GetAddrInfoRequest` and
  `GetAddrInfoRequestWithOptions` based on reverse engineering and hardware
  testing.  Every call to `GetAddrInfoRequestWithOptions` returns *four*
  different error codes (IPC status, getaddrinfo error code, netdb error code,
  and errno), and `GetAddrInfoRequest` returns three of those but in a
  different order, and it doesn't really matter but the existing implementation
  was a bit off, as I discovered while testing `GetHostByNameRequest`.

  - The new serialization code is based on two simple helper functions:

    ```cpp
    template <typename T> static void Append(std::vector<u8>& vec, T t);
    void AppendNulTerminated(std::vector<u8>& vec, std::string_view str);
    ```

    I was thinking there must be existing functions somewhere that assist with
    serialization/deserialization of binary data, but all I could find was the
    helper methods in `IOFile` and `HLERequestContext`, not anything that could
    be used with a generic byte buffer.  If I'm not missing something, then
    maybe I should move the above functions to a new header in `common`...
    right now they're just sitting in `sfdnsres.cpp` where they're used.

- Not a fix, but `SocketBase::Recv`/`Send` is changed to use `std::span<u8>`
  rather than `std::vector<u8>&` to avoid needing to copy the data to/from a
  vector when those methods are called from the TLS implementation.
2023-06-25 12:53:31 -07:00
Liam
65be230fdd service: move hle_ipc from kernel 2023-03-01 10:39:49 -05:00
liamwhite
97f7a560f3
Merge pull request #9832 from liamwhite/hle-mp
service: HLE multiprocess
2023-03-01 10:38:20 -05:00
Narr the Reg
39ca7b2928 core: Update service function tables to 16.0.0+ 2023-02-24 18:17:36 -06:00
Liam
a936972614 service: refactor server architecture
Converts services to have their own processes
2023-02-21 12:19:25 -05:00
ameerj
2d2522693e Revert "Merge pull request #9718 from yuzu-emu/revert-9508-hle-ipc-buffer-span"
This reverts commit 25fc5c0e11, reversing
changes made to af20e25081.
2023-02-03 00:08:45 -05:00
liamwhite
b01698775b
Revert "hle_ipc: Use std::span to avoid heap allocations/copies when calling ReadBuffer" 2023-02-02 15:53:28 -05:00
ameerj
a1490d77ac hle_ipc: Rename ReadBufferSpan to ReadBuffer 2022-12-28 18:46:54 -05:00
ameerj
7c1bf68bb4 bsd: Use std::span for read payloads
Allows the use of HLERequestContext::ReadBufferSpan
2022-12-28 18:46:54 -05:00
Andrea Pappacoda
4a493cb10f
chore: fix some typos
Fix some typos reported by Lintian
2022-09-23 13:38:23 +02:00
FearlessTobi
d92826963a core/bsd: Correctly unbind methods in destructor
Prevents yuzu from crashing when the BSD service is created a second time.
2022-08-27 03:12:12 +02:00
FearlessTobi
f80c7c4cd5 core, network: Add ability to proxy socket packets 2022-08-15 20:25:42 +02:00
FearlessTobi
705f7db84d yuzu: Add ui files for multiplayer rooms 2022-07-25 21:59:28 +02:00
Link4565
912cae21b0 Enable the use of MSG_DONTWAIT flag on RecvImpl 2022-07-16 18:30:28 +01:00
Morph
99ceb03a1c general: Convert source file copyright comments over to SPDX
This formats all copyright comments according to SPDX formatting guidelines.
Additionally, this resolves the remaining GPLv2 only licensed files by relicensing them to GPLv2.0-or-later.
2022-04-23 05:55:32 -04:00
Fernando S
4ad6bca31c
Merge pull request #8171 from tech-ticks/skyline-improvements
Improvements for game modding with Skyline, DNS resolution
2022-04-10 23:40:54 +02:00
tech-ticks
1c3983c12e service: bsd: Add keepalive socket option 2022-04-07 23:30:23 +02:00
bunnei
99770653bb hle: service: bsd: Create a service thread where appropriate. 2022-04-02 01:24:30 -04:00
ameerj
ade596121b core: Reduce unused includes 2022-03-19 02:23:32 -04:00
Valeri
9e633999d6
bsd: Allow inexact match for address length in AcceptImpl
Minecraft passes in zero for length, but this should account for all possible cases
2022-03-15 14:06:34 +03:00
ameerj
7c4b6aab2e core: Remove unused includes 2021-11-03 21:42:57 -04:00
Morph
7dd7c54add service: bsd: Stub Read
- Used by Diablo II: Resurrected
2021-09-25 08:04:33 -04:00
Morph
06f22c3d28 service: bsd: Implement Read
- Used by Diablo II: Resurrected
2021-09-24 16:46:52 -04:00
Morph
12c1766997 general: Replace RESULT_SUCCESS with ResultSuccess
Transition to PascalCase for result names.
2021-06-02 00:39:27 -04:00
Morph
8441094ba3 bsd: Avoid writing empty buffers
Silences log spam on empty buffer writes
2021-03-16 12:50:44 -04:00
Lioncash
0cd40fb523 bsd: Remove usage of optional emplace() with no arguments
Clang 12 currently falls over in the face of this.
2021-02-09 17:50:29 -05:00
Morph
ded094a340 bsd: Fix EventFd stub 2021-01-31 02:57:56 -05:00
Morph
6cc769065d bsd: Fix GetSockOpt stub 2021-01-31 01:08:56 -05:00
ameerj
ad146eca60 bsd: Stub EventFd
Used by Family Feud
2021-01-30 21:47:32 -05:00
bunnei
c0d3aef28c core: hle: kernel: Rename Thread to KThread. 2021-01-28 21:42:25 -08:00
german
659b5f8088 Stub GetSockOpt 2021-01-27 23:18:20 -06:00
bunnei
87d6588cb5 hle: service: bsd: Update to work with service threads, removing SleepClientThread. 2020-12-28 16:33:48 -08:00
Rodrigo Locatti
e94dd7e2c4
Merge pull request #5142 from comex/xx-poll-events
network, sockets: Replace `POLL_IN`, `POLL_OUT`, etc. constants with an `enum class PollEvents`
2020-12-09 03:52:20 -03:00
Lioncash
6b7320add4 core: Remove unnecessary enum casts in log calls
Follows the video core PR. fmt doesn't require casts for enum classes
anymore, so we can remove quite a few casts.
2020-12-07 23:02:23 -05:00
comex
0791082b43 network, sockets: Replace POLL_IN, POLL_OUT, etc. constants with an enum class PollEvents
Actually, two enum classes, since for some reason there are two separate
yet identical `PollFD` types used in the codebase.  I get that one is
ABI-compatible with the Switch while the other is an abstract type used
for the host, but why not use `WSAPOLLFD` directly for the latter?

Anyway, why make this change?  Because on Apple platforms, `POLL_IN`,
`POLL_OUT`, etc. (with an underscore) are defined as macros in
<sys/signal.h>.  (This is inherited from FreeBSD.)  So defining
a variable with the same name causes a compile error.

I could just rename the variables, but while I was at it I thought I
might as well switch to an enum for stronger typing.

Also, change the type used for values copied directly to/from the
`events` and `revents` fields of the host *native*
`pollfd`/`WSASPOLLFD`, from `u32` to `short`, as `short` is the correct
canonical type on both Unix and Windows.
2020-12-06 19:14:42 -05:00
Lioncash
1a954b2a59 service: Eliminate usages of the global system instance
Completely removes all usages of the global system instance within the
services code by passing in the using system instance to the services.
2020-11-26 20:03:11 -05:00
bunnei
3d592972dc
Revert "core: Fix clang build" 2020-10-20 19:07:39 -07:00
Lioncash
be1954e04c core: Fix clang build
Recent changes to the build system that made more warnings be flagged as
errors caused building via clang to break.

Fixes #4795
2020-10-17 19:50:39 -04:00
Lioncash
ff45c39578 General: Make use of std::nullopt where applicable
Allows some implementations to avoid completely zeroing out the internal
buffer of the optional, and instead only set the validity byte within
the structure.

This also makes it consistent how we return empty optionals.
2020-09-22 17:32:33 -04:00
Lioncash
40968e3993 bsd: Resolve unused value within SendToImpl
Previously the address provided to SendToImpl would never be propagated
to SendTo(). This fixes that.
2020-09-07 01:06:30 -04:00
Lioncash
cd643ab5c9 bsd: Resolve sign comparison warnings 2020-09-07 01:06:27 -04:00
ReinUsesLisp
bc699ace15 service/bsd: Handle Poll with no entries accurately
Testing shows that Poll called with zero entries returns -1 and signals
an errno of zero.
2020-07-28 01:51:47 -03:00
ReinUsesLisp
f7d59f3e0e services/bsd: Implement most of bsd:s
This implements: Socket, Poll, Accept, Bind, Connect, GetPeerName,
GetSockName, Listen, Fcntl, SetSockOpt, Shutdown, Recv, RecvFrom,
Send, SendTo, Write, and Close

The implementation was done referencing: SwIPC, switchbrew, testing
with libnx and inspecting its code, general information about bsd
sockets online, and analysing official software.

Not everything from these service calls is implemented, but everything
that is not implemented will be logged in some way.
2020-07-28 01:48:42 -03:00
Lioncash
99eaa2e6f2 service: Update function tables
Keeps the service function tables up to date.

Updated based off information on SwitchBrew.
2020-04-20 15:53:49 -04:00
bunnei
2a822f3378 bsd: Stub several more functions.
- Required for Little Town Hero to boot further.
2020-01-25 00:47:15 -05:00
Lioncash
ca96dc4676 service: Update service function tables
Updates function tables based off information from SwitchBrew.
2019-04-11 02:47:00 -04:00