Commit graph

24464 commits

Author SHA1 Message Date
comex 7cc428ddf6 socket_types: Improve comment 2023-06-25 13:10:15 -07:00
comex 8e703e08df Implement SSL service
This implements some missing network APIs including a large chunk of the SSL
service, enough for Mario Maker (with an appropriate mod applied) to connect to
the fan server [Open Course World](https://opencourse.world/).

Connecting to first-party servers is out of scope of this PR and is a
minefield I'd rather not step into.

 ## TLS

TLS is implemented with multiple backends depending on the system's 'native'
TLS library.  Currently there are two backends: Schannel for Windows, and
OpenSSL for Linux.  (In reality Linux is a bit of a free-for-all where there's
no one 'native' library, but OpenSSL is the closest it gets.)  On macOS the
'native' library is SecureTransport but that isn't implemented in this PR.
(Instead, all non-Windows OSes will use OpenSSL unless disabled with
`-DENABLE_OPENSSL=OFF`.)

Why have multiple backends instead of just using a single library, especially
given that Yuzu already embeds mbedtls for cryptographic algorithms?  Well, I
tried implementing this on mbedtls first, but the problem is TLS policies -
mainly trusted certificate policies, and to a lesser extent trusted algorithms,
SSL versions, etc.

...In practice, the chance that someone is going to conduct a man-in-the-middle
attack on a third-party game server is pretty low, but I'm a security nerd so I
like to do the right security things.

My base assumption is that we want to use the host system's TLS policies.  An
alternative would be to more closely emulate the Switch's TLS implementation
(which is based on NSS).  But for one thing, I don't feel like reverse
engineering it.  And I'd argue that for third-party servers such as Open Course
World, it's theoretically preferable to use the system's policies rather than
the Switch's, for two reasons

1. Someday the Switch will stop being updated, and the trusted cert list,
   algorithms, etc. will start to go stale, but users will still want to
   connect to third-party servers, and there's no reason they shouldn't have
   up-to-date security when doing so.  At that point, homebrew users on actual
   hardware may patch the TLS implementation, but for emulators it's simpler to
   just use the host's stack.

2. Also, it's good to respect any custom certificate policies the user may have
   added systemwide.  For example, they may have added custom trusted CAs in
   order to use TLS debugging tools or pass through corporate MitM middleboxes.
   Or they may have removed some CAs that are normally trusted out of paranoia.

Note that this policy wouldn't work as-is for connecting to first-party
servers, because some of them serve certificates based on Nintendo's own CA
rather than a publicly trusted one.  However, this could probably be solved
easily by using appropriate APIs to adding Nintendo's CA as an alternate
trusted cert for Yuzu's connections.  That is not implemented in this PR
because, again, first-party servers are out of scope.

(If anything I'd rather have an option to _block_ connections to Nintendo
servers, but that's not implemented here.)

To use the host's TLS policies, there are three theoretical options:

a) Import the host's trusted certificate list into a cross-platform TLS
   library (presumably mbedtls).

b) Use the native TLS library to verify certificates but use a cross-platform
   TLS library for everything else.

c) Use the native TLS library for everything.

Two problems with option a).  First, importing the trusted certificate list at
minimum requires a bunch of platform-specific code, which mbedtls does not have
built in.  Interestingly, OpenSSL recently gained the ability to import the
Windows certificate trust store... but that leads to the second problem, which
is that a list of trusted certificates is [not expressive
enough](https://bugs.archlinux.org/task/41909) to express a modern certificate
trust policy.  For example, Windows has the concept of [explicitly distrusted
certificates](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn265983(v=ws.11)),
and macOS requires Certificate Transparency validation for some certificates
with complex rules for when it's required.

Option b) (using native library just to verify certs) is probably feasible, but
it would miss aspects of TLS policy other than trusted certs (like allowed
algorithms), and in any case it might well require writing more code, not less,
compared to using the native library for everything.

So I ended up at option c), using the native library for everything.

What I'd *really* prefer would be to use a third-party library that does option
c) for me.  Rust has a good library for this,
[native-tls](https://docs.rs/native-tls/latest/native_tls/).  I did search, but
I couldn't find a good option in the C or C++ ecosystem, at least not any that
wasn't part of some much larger framework.  I was surprised - isn't this a
pretty common use case?  Well, many applications only need TLS for HTTPS, and they can
use libcurl, which has a TLS abstraction layer internally but doesn't expose
it.  Other applications only support a single TLS library, or use one of the
aforementioned larger frameworks, or are platform-specific to begin with, or of
course are written in a non-C/C++ language, most of which have some canonical
choice for TLS.  But there are also many applications that have a set of TLS
backends just like this; it's just that nobody has gone ahead and abstracted
the pattern into a library, at least not a widespread one.

Amusingly, there is one TLS abstraction layer that Yuzu already bundles: the
one in ffmpeg.  But it is missing some features that would be needed to use it
here (like reusing an existing socket rather than managing the socket itself).
Though, that does mean that the wiki's build instructions for Linux (and macOS
for some reason?) already recommend installing OpenSSL, so no need to update
those.

 ## Other APIs implemented

- Sockets:
    - GetSockOpt(`SO_ERROR`)
    - SetSockOpt(`SO_NOSIGPIPE`) (stub, I have no idea what this does on Switch)
    - `DuplicateSocket` (because the SSL sysmodule calls it internally)
    - More `PollEvents` values

- NSD:
    - `Resolve` and `ResolveEx` (stub, good enough for Open Course World and
      probably most third-party servers, but not first-party)

- SFDNSRES:
    - `GetHostByNameRequest` and `GetHostByNameRequestWithOptions`
    - `ResolverSetOptionRequest` (stub)

 ## Fixes

- Parts of the socket code were previously allocating a `sockaddr` object on
  the stack when calling functions that take a `sockaddr*` (e.g. `accept`).
  This might seem like the right thing to do to avoid illegal aliasing, but in
  fact `sockaddr` is not guaranteed to be large enough to hold any particular
  type of address, only the header.  This worked in practice because in
  practice `sockaddr` is the same size as `sockaddr_in`, but it's not how the
  API is meant to be used.  I changed this to allocate an `sockaddr_in` on the
  stack and `reinterpret_cast` it.  I could try to do something cleverer with
  `aligned_storage`, but casting is the idiomatic way to use these particular
  APIs, so it's really the system's responsibility to avoid any aliasing
  issues.

- I rewrote most of the `GetAddrInfoRequest[WithOptions]` implementation.  The
  old implementation invoked the host's getaddrinfo directly from sfdnsres.cpp,
  and directly passed through the host's socket type, protocol, etc. values
  rather than looking up the corresponding constants on the Switch.  To be
  fair, these constants don't tend to actually vary across systems, but
  still... I added a wrapper for `getaddrinfo` in
  `internal_network/network.cpp` similar to the ones for other socket APIs, and
  changed the `GetAddrInfoRequest` implementation to use it.  While I was at
  it, I rewrote the serialization to use the same approach I used to implement
  `GetHostByNameRequest`, because it reduces the number of size calculations.
  While doing so I removed `AF_INET6` support because the Switch doesn't
  support IPv6; it might be nice to support IPv6 anyway, but that would have to
  apply to all of the socket APIs.

  I also corrected the IPC wrappers for `GetAddrInfoRequest` and
  `GetAddrInfoRequestWithOptions` based on reverse engineering and hardware
  testing.  Every call to `GetAddrInfoRequestWithOptions` returns *four*
  different error codes (IPC status, getaddrinfo error code, netdb error code,
  and errno), and `GetAddrInfoRequest` returns three of those but in a
  different order, and it doesn't really matter but the existing implementation
  was a bit off, as I discovered while testing `GetHostByNameRequest`.

  - The new serialization code is based on two simple helper functions:

    ```cpp
    template <typename T> static void Append(std::vector<u8>& vec, T t);
    void AppendNulTerminated(std::vector<u8>& vec, std::string_view str);
    ```

    I was thinking there must be existing functions somewhere that assist with
    serialization/deserialization of binary data, but all I could find was the
    helper methods in `IOFile` and `HLERequestContext`, not anything that could
    be used with a generic byte buffer.  If I'm not missing something, then
    maybe I should move the above functions to a new header in `common`...
    right now they're just sitting in `sfdnsres.cpp` where they're used.

- Not a fix, but `SocketBase::Recv`/`Send` is changed to use `std::span<u8>`
  rather than `std::vector<u8>&` to avoid needing to copy the data to/from a
  vector when those methods are called from the TLS implementation.
2023-06-25 12:53:31 -07:00
liamwhite ce191ba32b
Merge pull request #10825 from 8bitDream/vcpkg-zlib
externals: Update vcpkg to 2023.06.17
2023-06-18 09:43:12 -04:00
liamwhite 23371fa187
Merge pull request #10829 from lat9nq/remove-external-mem
vulkan_device: Remove external memory extension
2023-06-18 09:43:03 -04:00
liamwhite af7f3f078c
Merge pull request #10486 from lat9nq/vk-device-find-once
yuzu-qt: Load Vulkan device info at startup
2023-06-18 09:42:55 -04:00
liamwhite 66b8042b59
Merge pull request #10798 from vonchenplus/draw_texture_scale
video_core: drawtexture support upscale
2023-06-18 09:42:41 -04:00
liamwhite 8acf728d5d
Merge pull request #10809 from Kelebek1/reduce_vertex_bindings
Synchronize vertex buffer even when it doesn't require binding
2023-06-18 09:42:32 -04:00
bunnei 6e293be20b
Merge pull request #10797 from lat9nq/tzdb-patch
time: Various time zone fixes
2023-06-17 23:47:16 -07:00
bunnei 20db91f0fc
Merge pull request #10828 from liamwhite/somehow-still-using-llvm-14
renderer_vulkan: add missing include
2023-06-17 23:45:44 -07:00
lat9nq 8a526b2c26 vulkan_device: Remove external memory extension
Unused in yuzu. Enables yuzu to boot games in Wine using Vulkan.
2023-06-18 01:20:08 -04:00
Liam 565a1226d7 renderer_vulkan: add missing include 2023-06-17 23:57:47 -04:00
Abandoned Cart fd0ef5411c externals: Update vcpkg to 2023.06.17
Fixes for zlib and qt5
2023-06-17 21:46:09 -04:00
lat9nq b99c4dd568 time_zone_service: Always write time zone rule data
Switch firmware will initialize this data even if the given parameters
are invalid. We should do the same.
2023-06-17 20:53:39 -04:00
Morph c0fd793ef6
Merge pull request #10813 from lat9nq/no-atomic-bool
k_thread: Use a mutex and cond_var to sync bool
2023-06-17 20:29:57 -04:00
Fernando S 27a36cd51b
Merge pull request #10744 from Wollnashorn/af-for-all
video_core: Improved anisotropic filtering heuristics
2023-06-18 00:02:05 +02:00
Kelebek1 e681f5678c Synchronize vertex buffer even when it doesn't require binding 2023-06-17 17:47:00 -04:00
lat9nq e34e1b1c95 k_thread: Use a mutex and cond_var to sync bool
std::atomic<bool> is broken on MinGW and causes deadlocks there.
Use a normal cond var in its stead.
2023-06-17 15:25:36 -04:00
Wollnashorn 3e47ebe2e9 video_core: Only apply AF to 2D (array) image types 2023-06-17 14:20:44 +02:00
Wollnashorn c309a1c69b video_core: Removed AF for all mip modes option as it's default now 2023-06-17 11:19:39 +02:00
lat9nq 4cbdce17b6 nx_tzdb: Directly reference variables in if statements
Addresses review feedback.
2023-06-17 01:48:46 -04:00
bunnei ec423c6919
Merge pull request #10783 from liamwhite/memory
video_core: preallocate fewer IR blocks
2023-06-16 16:53:25 -07:00
bunnei 24e1e4dcee
Merge pull request #10808 from t895/settings-stuffs
android: Expose settings
2023-06-16 16:52:54 -07:00
bunnei 975122f4bb
Merge pull request #10807 from t895/ktlint-fixes
android: Ktlint fixes
2023-06-16 16:47:14 -07:00
liamwhite a1adcc31d3
Merge pull request #10731 from german77/misc_fixes
service: nfc: Accuracy fixes
2023-06-16 18:18:24 -04:00
Charles Lombardo 9f92104f3e android: Expose audio output engine setting 2023-06-16 16:42:56 -04:00
Charles Lombardo 330358cd16 android: Bump ktlint version to 0.47.1 2023-06-16 16:32:08 -04:00
Charles Lombardo fc6a2fe779 android: Disable import-ordering ktlint check 2023-06-16 16:31:49 -04:00
Charles Lombardo 13a4de647d android: Expose CPU debugging option 2023-06-16 16:25:06 -04:00
Charles Lombardo 3ac2c74e85 android: Expose fastmem option 2023-06-16 16:24:40 -04:00
Charles Lombardo 5aca03d0ff android: Support changing multiple settings at once 2023-06-16 15:49:49 -04:00
bunnei 4112031c81
Merge pull request #10801 from 8bitDream/fix_aspect
android: Fix aspect ratio when rotating screen
2023-06-16 11:45:32 -07:00
Abandoned Cart c89be0dfab android: Fix aspect ratio when rotating screen 2023-06-16 10:11:18 -04:00
Feng Chen b77a247e8c video_core: drawtexture support upscale 2023-06-16 20:51:15 +08:00
Wollnashorn 2dc0ff79ec video_core: Use sampler IDs instead pointers in the pipeline config
The previous approach of storing pointers returned by `GetGraphicsSampler`/`GetComputeSampler` caused UB, as these functions can cause reallocation of the sampler slot vector and therefore invalidate the pointers
2023-06-16 13:45:14 +02:00
lat9nq 1fa16bc594 cmake: Add warn about cross compiling, disable android 2023-06-16 05:38:33 -04:00
lat9nq d9e2824c4e cmake: Check for target is Windows
MinGW has issues building tzdb2nx due to the headers being Windows
specific. Download for this toolchain as well.
2023-06-16 05:32:11 -04:00
lat9nq d35c989902 cmake: Use non-conflicting variable names 2023-06-16 05:17:06 -04:00
lat9nq 7ffb96f474 cmake: Extra time zone data download checks
Extra sanitization for Windows hosts, and fail loudly when the
download fails.

cmake: Fix status code reading
2023-06-16 05:17:03 -04:00
lat9nq e9701a3cda cmake: Add option to always download time zone data 2023-06-16 04:32:31 -04:00
lat9nq b23c358e3d externals: submodule tzdb_to_nx
Fix for Flatpak being unable to download during CMake configure.
2023-06-16 04:15:19 -04:00
lat9nq cdc73498e3 nx_tzdb: Support submoduling tzdb_to_nx
Fix for flatpak having no internet access during CMake configure.
2023-06-16 04:00:19 -04:00
liamwhite c7fc5b9348
Merge pull request #10739 from zeltermann/sdl-cpuinfo
Re-enable SDL's `CPUinfo` subsystem
2023-06-16 00:08:53 -04:00
liamwhite 41295ff8fe
Merge pull request #10795 from german77/foomiibo
input_common: Add foomiibo support
2023-06-16 00:08:30 -04:00
Charles Lombardo 9dd52019a9
Merge pull request #10767 from t895/lint
android: Linting
2023-06-16 00:06:55 -04:00
lat9nq 8d8f850bd6 time_zone_manager: Compare to the correct boolean
Reference implementation does not compare the booleans as we had them.
Use the correct ones as in the reference.

Also adds an assert. I have been made aware of a crash here and am
not able to reproduce currently.
2023-06-15 23:05:41 -04:00
lat9nq 03e8d9aca7 nx_tzdb: Correct Antarctica spelling 2023-06-15 23:03:54 -04:00
Charles Lombardo d0be850f25 android: Apply ktlint codestyle 2023-06-15 22:36:54 -04:00
Charles Lombardo d85129aa17 Android: Use ktlint for Kotlin code style 2023-06-15 22:22:49 -04:00
Charles Lombardo a29fa119e0 android: Enable android linting 2023-06-15 22:19:58 -04:00
bunnei 9a04793ae8
Merge pull request #10796 from bunnei/fix-saf
android: fs: Fix Exists / IsFile for SAF.
2023-06-15 18:39:14 -07:00