 3fa7ef21b4
			
		
	
	
		3fa7ef21b4
		
			
		
	
	
	
	
		
			
			* implement certain servicessl functions * ssl: Implement more of SSL connection and abstract it This adds support to non blocking SSL operations and unlink the SSL implementation from the IPC logic. * Rename SslDefaultSocketConnection to SslManagedSocketConnection * Fix regression on Pokemon TV * Address gdkchan's comment * Simplify value read from previous commit * ssl: some changes - Implement builtin certificates parsing and retrieving - Fix issues with SSL version handling - Improve managed SSL socket error handling - Ensure to only return a certificate on DoHandshake when actually requested * Add missing BuiltInCertificateManager initialization call * Address gdkchan's comment * Address Ack's comment Co-authored-by: InvoxiPlayGames <webmaster@invoxiplaygames.uk>
		
			
				
	
	
		
			237 lines
		
	
	
	
		
			7.8 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
			
		
		
	
	
			237 lines
		
	
	
	
		
			7.8 KiB
		
	
	
	
		
			C#
		
	
	
	
	
	
| using LibHac;
 | |
| using LibHac.Common;
 | |
| using LibHac.Fs;
 | |
| using LibHac.Fs.Fsa;
 | |
| using LibHac.FsSystem;
 | |
| using LibHac.Tools.FsSystem;
 | |
| using LibHac.Tools.FsSystem.NcaUtils;
 | |
| using Ryujinx.Common.Configuration;
 | |
| using Ryujinx.Common.Logging;
 | |
| using Ryujinx.HLE.Exceptions;
 | |
| using Ryujinx.HLE.FileSystem;
 | |
| using Ryujinx.HLE.FileSystem.Content;
 | |
| using Ryujinx.HLE.HOS.Services.Ssl.Types;
 | |
| using System;
 | |
| using System.Collections.Generic;
 | |
| using System.IO;
 | |
| using System.Runtime.CompilerServices;
 | |
| using System.Runtime.InteropServices;
 | |
| 
 | |
| namespace Ryujinx.HLE.HOS.Services.Ssl
 | |
| {
 | |
|     class BuiltInCertificateManager
 | |
|     {
 | |
|         private const long CertStoreTitleId = 0x0100000000000800;
 | |
| 
 | |
|         private readonly string CertStoreTitleMissingErrorMessage = "CertStore system title not found! SSL CA retrieving will not work, provide the system archive to fix this error. (See https://github.com/Ryujinx/Ryujinx/wiki/Ryujinx-Setup-&-Configuration-Guide#initial-setup-continued---installation-of-firmware for more information)";
 | |
| 
 | |
|         private static BuiltInCertificateManager _instance;
 | |
| 
 | |
|         public static BuiltInCertificateManager Instance
 | |
|         {
 | |
|             get
 | |
|             {
 | |
|                 if (_instance == null)
 | |
|                 {
 | |
|                     _instance = new BuiltInCertificateManager();
 | |
|                 }
 | |
| 
 | |
|                 return _instance;
 | |
|             }
 | |
|         }
 | |
| 
 | |
|         private VirtualFileSystem   _virtualFileSystem;
 | |
|         private IntegrityCheckLevel _fsIntegrityCheckLevel;
 | |
|         private ContentManager      _contentManager;
 | |
|         private bool                _initialized;
 | |
|         private Dictionary<CaCertificateId, CertStoreEntry> _certificates;
 | |
| 
 | |
|         private object _lock = new object();
 | |
| 
 | |
|         private struct CertStoreFileHeader
 | |
|         {
 | |
|             private const uint ValidMagic = 0x546C7373;
 | |
| 
 | |
| #pragma warning disable CS0649
 | |
|             public uint Magic;
 | |
|             public uint EntriesCount;
 | |
| #pragma warning restore CS0649
 | |
| 
 | |
|             public bool IsValid()
 | |
|             {
 | |
|                 return Magic == ValidMagic;
 | |
|             }
 | |
|         }
 | |
| 
 | |
|         private struct CertStoreFileEntry
 | |
|         {
 | |
| #pragma warning disable CS0649
 | |
|             public CaCertificateId Id;
 | |
|             public TrustedCertStatus Status;
 | |
|             public uint DataSize;
 | |
|             public uint DataOffset;
 | |
| #pragma warning restore CS0649
 | |
|         }
 | |
| 
 | |
|         public class CertStoreEntry
 | |
|         {
 | |
|             public CaCertificateId Id;
 | |
|             public TrustedCertStatus Status;
 | |
|             public byte[] Data;
 | |
|         }
 | |
| 
 | |
|         public string GetCertStoreTitleContentPath()
 | |
|         {
 | |
|             return _contentManager.GetInstalledContentPath(CertStoreTitleId, StorageId.NandSystem, NcaContentType.Data);
 | |
|         }
 | |
| 
 | |
|         public bool HasCertStoreTitle()
 | |
|         {
 | |
|             return !string.IsNullOrEmpty(GetCertStoreTitleContentPath());
 | |
|         }
 | |
| 
 | |
|         private CertStoreEntry ReadCertStoreEntry(ReadOnlySpan<byte> buffer, CertStoreFileEntry entry)
 | |
|         {
 | |
|             string customCertificatePath = System.IO.Path.Join(AppDataManager.BaseDirPath, "system", "ssl", $"{entry.Id}.der");
 | |
| 
 | |
|             byte[] data;
 | |
| 
 | |
|             if (File.Exists(customCertificatePath))
 | |
|             {
 | |
|                 data = File.ReadAllBytes(customCertificatePath);
 | |
|             }
 | |
|             else
 | |
|             {
 | |
|                 data = buffer.Slice((int)entry.DataOffset, (int)entry.DataSize).ToArray();
 | |
|             }
 | |
| 
 | |
|             return new CertStoreEntry
 | |
|             {
 | |
|                 Id = entry.Id,
 | |
|                 Status = entry.Status,
 | |
|                 Data = data
 | |
|             };
 | |
|         }
 | |
| 
 | |
|         public void Initialize(Switch device)
 | |
|         {
 | |
|             lock (_lock)
 | |
|             {
 | |
|                 _certificates = new Dictionary<CaCertificateId, CertStoreEntry>();
 | |
|                 _initialized = false;
 | |
|                 _contentManager = device.System.ContentManager;
 | |
|                 _virtualFileSystem = device.FileSystem;
 | |
|                 _fsIntegrityCheckLevel = device.System.FsIntegrityCheckLevel;
 | |
| 
 | |
|                 if (HasCertStoreTitle())
 | |
|                 {
 | |
|                     using LocalStorage ncaFile = new LocalStorage(_virtualFileSystem.SwitchPathToSystemPath(GetCertStoreTitleContentPath()), FileAccess.Read, FileMode.Open);
 | |
| 
 | |
|                     Nca nca = new Nca(_virtualFileSystem.KeySet, ncaFile);
 | |
| 
 | |
|                     IFileSystem romfs = nca.OpenFileSystem(NcaSectionType.Data, _fsIntegrityCheckLevel);
 | |
| 
 | |
|                     using var trustedCertsFileRef = new UniqueRef<IFile>();
 | |
| 
 | |
|                     Result result = romfs.OpenFile(ref trustedCertsFileRef.Ref(), "/ssl_TrustedCerts.bdf".ToU8Span(), OpenMode.Read);
 | |
| 
 | |
|                     if (!result.IsSuccess())
 | |
|                     {
 | |
|                         // [1.0.0 - 2.3.0]
 | |
|                         if (ResultFs.PathNotFound.Includes(result))
 | |
|                         {
 | |
|                             result = romfs.OpenFile(ref trustedCertsFileRef.Ref(), "/ssl_TrustedCerts.tcf".ToU8Span(), OpenMode.Read);
 | |
|                         }
 | |
| 
 | |
|                         if (result.IsFailure())
 | |
|                         {
 | |
|                             Logger.Error?.Print(LogClass.ServiceSsl, CertStoreTitleMissingErrorMessage);
 | |
| 
 | |
|                             return;
 | |
|                         }
 | |
|                     }
 | |
| 
 | |
|                     using IFile trustedCertsFile = trustedCertsFileRef.Release();
 | |
| 
 | |
|                     trustedCertsFile.GetSize(out long fileSize).ThrowIfFailure();
 | |
| 
 | |
|                     Span<byte> trustedCertsRaw = new byte[fileSize];
 | |
| 
 | |
|                     trustedCertsFile.Read(out _, 0, trustedCertsRaw).ThrowIfFailure();
 | |
| 
 | |
|                     CertStoreFileHeader header = MemoryMarshal.Read<CertStoreFileHeader>(trustedCertsRaw);
 | |
| 
 | |
|                     if (!header.IsValid())
 | |
|                     {
 | |
|                         Logger.Error?.Print(LogClass.ServiceSsl, "Invalid CertStore data found, skipping!");
 | |
| 
 | |
|                         return;
 | |
|                     }
 | |
| 
 | |
|                     ReadOnlySpan<byte> trustedCertsData = trustedCertsRaw[Unsafe.SizeOf<CertStoreFileHeader>()..];
 | |
|                     ReadOnlySpan<CertStoreFileEntry> trustedCertsEntries = MemoryMarshal.Cast<byte, CertStoreFileEntry>(trustedCertsData)[..(int)header.EntriesCount];
 | |
| 
 | |
|                     foreach (CertStoreFileEntry entry in trustedCertsEntries)
 | |
|                     {
 | |
|                         _certificates.Add(entry.Id, ReadCertStoreEntry(trustedCertsData, entry));
 | |
|                     }
 | |
| 
 | |
|                     _initialized = true;
 | |
|                 }
 | |
|             }
 | |
|         }
 | |
| 
 | |
|         public bool TryGetCertificates(ReadOnlySpan<CaCertificateId> ids, out CertStoreEntry[] entries)
 | |
|         {
 | |
|             lock (_lock)
 | |
|             {
 | |
|                 if (!_initialized)
 | |
|                 {
 | |
|                     throw new InvalidSystemResourceException(CertStoreTitleMissingErrorMessage);
 | |
|                 }
 | |
| 
 | |
|                 bool hasAllCertificates = false;
 | |
| 
 | |
|                 foreach (CaCertificateId id in ids)
 | |
|                 {
 | |
|                     if (id == CaCertificateId.All)
 | |
|                     {
 | |
|                         hasAllCertificates = true;
 | |
| 
 | |
|                         break;
 | |
|                     }
 | |
|                 }
 | |
| 
 | |
|                 if (hasAllCertificates)
 | |
|                 {
 | |
|                     entries = new CertStoreEntry[_certificates.Count];
 | |
| 
 | |
|                     int i = 0;
 | |
| 
 | |
|                     foreach (CertStoreEntry entry in _certificates.Values)
 | |
|                     {
 | |
|                         entries[i++] = entry;
 | |
|                     }
 | |
| 
 | |
|                     return true;
 | |
|                 }
 | |
|                 else
 | |
|                 {
 | |
|                     entries = new CertStoreEntry[ids.Length];
 | |
| 
 | |
|                     for (int i = 0; i < ids.Length; i++)
 | |
|                     {
 | |
|                         if (!_certificates.TryGetValue(ids[i], out CertStoreEntry entry))
 | |
|                         {
 | |
|                             return false;
 | |
|                         }
 | |
| 
 | |
|                         entries[i] = entry;
 | |
|                     }
 | |
| 
 | |
|                     return true;
 | |
|                 }
 | |
|             }
 | |
|         }
 | |
|     }
 | |
| }
 |