mbedTLS: adapt Dolphin code
This commit is contained in:
Tillmann Karras
parent
ac5f56df7e
commit
f6795466e7
|
|
@ -703,16 +703,16 @@ if(USE_UPNP)
|
|||
endif()
|
||||
|
||||
if(NOT APPLE AND NOT ANDROID)
|
||||
include(FindPolarSSL)
|
||||
include(FindMbedTLS)
|
||||
endif()
|
||||
if(POLARSSL_FOUND AND POLARSSL_WORKS)
|
||||
message("Using shared PolarSSL")
|
||||
include_directories(${POLARSSL_INCLUDE_DIR})
|
||||
if(MBEDTLS_FOUND)
|
||||
message("Using shared mbed TLS")
|
||||
include_directories(${MBEDTLS_INCLUDE_DIRS})
|
||||
else()
|
||||
message("Using PolarSSL from Externals")
|
||||
set(POLARSSL_LIBRARY polarssl)
|
||||
add_subdirectory(Externals/polarssl/)
|
||||
include_directories(Externals/polarssl/include)
|
||||
message("Using static mbed TLS from Externals")
|
||||
set(MBEDTLS_LIBRARIES mbedtls mbedcrypto mbedx509)
|
||||
add_subdirectory(Externals/mbedtls/)
|
||||
include_directories(Externals/mbedtls/include)
|
||||
endif()
|
||||
|
||||
if(NOT APPLE AND NOT ANDROID)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,23 @@
|
|||
find_path(MBEDTLS_INCLUDE_DIR mbedtls/ssl.h)
|
||||
|
||||
find_library(MBEDTLS_LIBRARY mbedtls)
|
||||
find_library(MBEDX509_LIBRARY mbedx509)
|
||||
find_library(MBEDCRYPTO_LIBRARY mbedcrypto)
|
||||
|
||||
set(MBEDTLS_INCLUDE_DIRS ${MBEDTLS_INCLUDE_DIR})
|
||||
set(MBEDTLS_LIBRARIES ${MBEDTLS_LIBRARY} ${MBEDX509_LIBRARY} ${MBEDCRYPTO_LIBRARY})
|
||||
|
||||
set(CMAKE_REQUIRED_INCLUDES ${MBEDTLS_INCLUDE_DIRS})
|
||||
check_cxx_source_compiles("
|
||||
#include <mbedtls/version.h>
|
||||
#if MBEDTLS_VERSION_NUMBER < 0x02010100
|
||||
#error \"Your mbed TLS version is too old.\"
|
||||
#endif
|
||||
int main() {}"
|
||||
MBEDTLS_VERSION_OK)
|
||||
|
||||
include(FindPackageHandleStandardArgs)
|
||||
find_package_handle_standard_args(MBEDTLS DEFAULT_MSG
|
||||
MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY MBEDTLS_VERSION_OK)
|
||||
|
||||
mark_as_advanced(MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY)
|
||||
|
|
@ -1,83 +0,0 @@
|
|||
# Locate polarssl library
|
||||
# This module defines
|
||||
# POLARSSL_FOUND
|
||||
# POLARSSL_LIBRARY
|
||||
# POLARSSL_INCLUDE_DIR
|
||||
# POLARSSL_WORKS, this is true if polarssl is found and contains the methods
|
||||
# needed by dolphin-emu
|
||||
|
||||
# validate cached values (but use them as hints)
|
||||
set(POLARSSL_INCLUDE_DIR_HINT POLARSSL_INCLUDE_DIR)
|
||||
set(POLARSSL_LIBRARY_HINT POLARSSL_LIBRARY)
|
||||
unset(POLARSSL_INCLUDE_DIR CACHE)
|
||||
unset(POLARSSL_LIBRARY CACHE)
|
||||
find_path(POLARSSL_INCLUDE_DIR polarssl/ssl.h HINTS ${POLARSSL_INCLUDE_DIR_HINT})
|
||||
find_library(POLARSSL_LIBRARY polarssl HINTS ${POLARSSL_LIBRARY_HINT})
|
||||
|
||||
if(POLARSSL_INCLUDE_DIR STREQUAL POLARSSL_INCLUDE_DIR_HINT AND
|
||||
POLARSSL_LIBRARY STREQUAL POLARSSL_LIBRARY_HINT)
|
||||
# using cached values, be silent
|
||||
set(POLARSSL_FIND_QUIETLY TRUE)
|
||||
endif()
|
||||
|
||||
if (POLARSSL_INCLUDE_DIR AND POLARSSL_LIBRARY)
|
||||
set (POLARSSL_FOUND TRUE)
|
||||
endif ()
|
||||
|
||||
if (POLARSSL_FOUND)
|
||||
if (NOT POLARSSL_FIND_QUIETLY)
|
||||
message (STATUS "Found the polarssl libraries at ${POLARSSL_LIBRARY}")
|
||||
message (STATUS "Found the polarssl headers at ${POLARSSL_INCLUDE_DIR}")
|
||||
endif (NOT POLARSSL_FIND_QUIETLY)
|
||||
|
||||
set(CMAKE_REQUIRED_INCLUDES ${POLARSSL_INCLUDE_DIR})
|
||||
set(CMAKE_REQUIRED_LIBRARIES ${POLARSSL_LIBRARY})
|
||||
unset(POLARSSL_WORKS CACHE)
|
||||
check_cxx_source_compiles("
|
||||
#include <cstring>
|
||||
#include <polarssl/ctr_drbg.h>
|
||||
#include <polarssl/entropy.h>
|
||||
#include <polarssl/net.h>
|
||||
#include <polarssl/ssl.h>
|
||||
#include <polarssl/version.h>
|
||||
|
||||
#if POLARSSL_VERSION_NUMBER < 0x01030000
|
||||
#error \"Shared PolarSSL version is too old\"
|
||||
#endif
|
||||
|
||||
int main()
|
||||
{
|
||||
ssl_context ctx;
|
||||
ssl_session session;
|
||||
entropy_context entropy;
|
||||
ctr_drbg_context ctr_drbg;
|
||||
x509_crt cacert;
|
||||
x509_crt clicert;
|
||||
pk_context pk;
|
||||
|
||||
ssl_init(&ctx);
|
||||
entropy_init(&entropy);
|
||||
|
||||
const char* pers = \"dolphin-emu\";
|
||||
ctr_drbg_init(&ctr_drbg, entropy_func,
|
||||
&entropy,
|
||||
(const unsigned char*)pers,
|
||||
strlen(pers));
|
||||
|
||||
ssl_set_rng(&ctx, ctr_drbg_random, &ctr_drbg);
|
||||
ssl_set_session(&ctx, &session);
|
||||
|
||||
ssl_close_notify(&ctx);
|
||||
ssl_session_free(&session);
|
||||
ssl_free(&ctx);
|
||||
entropy_free(&entropy);
|
||||
|
||||
return 0;
|
||||
}"
|
||||
POLARSSL_WORKS)
|
||||
else ()
|
||||
message (STATUS "Could not find polarssl")
|
||||
endif ()
|
||||
|
||||
mark_as_advanced(POLARSSL_INCLUDE_DIR POLARSSL_LIBRARY)
|
||||
|
||||
|
|
@ -242,7 +242,7 @@ if(LIBUSB_FOUND)
|
|||
HW/SI_GCAdapter.cpp)
|
||||
endif(LIBUSB_FOUND)
|
||||
|
||||
set(LIBS ${LIBS} ${POLARSSL_LIBRARY})
|
||||
set(LIBS ${LIBS} ${MBEDTLS_LIBRARIES})
|
||||
|
||||
if(WIN32)
|
||||
set(SRCS ${SRCS} HW/BBA-TAP/TAP_Win32.cpp HW/WiimoteReal/IOWin.cpp)
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@ CWII_IPC_HLE_Device_net_ssl::~CWII_IPC_HLE_Device_net_ssl()
|
|||
mbedtls_ssl_close_notify(&ssl.ctx);
|
||||
mbedtls_ssl_session_free(&ssl.session);
|
||||
mbedtls_ssl_free(&ssl.ctx);
|
||||
mbedtls_ssl_config_free(&ssl.config);
|
||||
|
||||
mbedtls_x509_crt_free(&ssl.cacert);
|
||||
mbedtls_x509_crt_free(&ssl.clicert);
|
||||
|
|
@ -149,18 +150,14 @@ IPCCommandResult CWII_IPC_HLE_Device_net_ssl::IOCtlV(u32 _CommandAddress)
|
|||
{
|
||||
int sslID = freeSSL - 1;
|
||||
WII_SSL* ssl = &_SSL[sslID];
|
||||
int ret = mbedtls_ssl_init(&ssl->ctx);
|
||||
if (ret)
|
||||
{
|
||||
goto _SSL_NEW_ERROR;
|
||||
}
|
||||
|
||||
mbedtls_ssl_init(&ssl->ctx);
|
||||
mbedtls_entropy_init(&ssl->entropy);
|
||||
const char* pers = "dolphin-emu";
|
||||
ret = mbedtls_ctr_drbg_init(&ssl->ctr_drbg, mbedtls_entropy_func,
|
||||
&ssl->entropy,
|
||||
(const unsigned char*)pers,
|
||||
strlen(pers));
|
||||
mbedtls_ctr_drbg_init(&ssl->ctr_drbg);
|
||||
int ret = mbedtls_ctr_drbg_seed(&ssl->ctr_drbg, mbedtls_entropy_func,
|
||||
&ssl->entropy,
|
||||
(const unsigned char*)pers,
|
||||
strlen(pers));
|
||||
if (ret)
|
||||
{
|
||||
mbedtls_ssl_free(&ssl->ctx);
|
||||
|
|
@ -168,16 +165,18 @@ IPCCommandResult CWII_IPC_HLE_Device_net_ssl::IOCtlV(u32 _CommandAddress)
|
|||
goto _SSL_NEW_ERROR;
|
||||
}
|
||||
|
||||
mbedtls_ssl_conf_rng(&ssl->ctx, mbedtls_ctr_drbg_random, &ssl->ctr_drbg);
|
||||
mbedtls_ssl_config_init(&ssl->config);
|
||||
mbedtls_ssl_config_defaults(&ssl->config, MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
|
||||
mbedtls_ssl_conf_rng(&ssl->config, mbedtls_ctr_drbg_random, &ssl->ctr_drbg);
|
||||
|
||||
// For some reason we can't use TLSv1.2, v1.1 and below are fine!
|
||||
mbedtls_ssl_conf_max_version(&ssl->ctx, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_2);
|
||||
mbedtls_ssl_conf_max_version(&ssl->config, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_2);
|
||||
|
||||
mbedtls_ssl_set_session(&ssl->ctx, &ssl->session);
|
||||
|
||||
mbedtls_ssl_conf_endpoint(&ssl->ctx, MBEDTLS_SSL_IS_CLIENT);
|
||||
mbedtls_ssl_conf_authmode(&ssl->ctx, MBEDTLS_SSL_VERIFY_NONE);
|
||||
mbedtls_ssl_conf_renegotiation(&ssl->ctx, MBEDTLS_SSL_RENEGOTIATION_ENABLED);
|
||||
mbedtls_ssl_conf_authmode(&ssl->config, MBEDTLS_SSL_VERIFY_NONE);
|
||||
mbedtls_ssl_conf_renegotiation(&ssl->config, MBEDTLS_SSL_RENEGOTIATION_ENABLED);
|
||||
|
||||
ssl->hostname = hostname;
|
||||
mbedtls_ssl_set_hostname(&ssl->ctx, ssl->hostname.c_str());
|
||||
|
|
@ -210,6 +209,7 @@ _SSL_NEW_ERROR:
|
|||
mbedtls_ssl_close_notify(&ssl->ctx);
|
||||
mbedtls_ssl_session_free(&ssl->session);
|
||||
mbedtls_ssl_free(&ssl->ctx);
|
||||
mbedtls_ssl_config_free(&ssl->config);
|
||||
|
||||
mbedtls_entropy_free(&ssl->entropy);
|
||||
|
||||
|
|
@ -261,7 +261,7 @@ _SSL_NEW_ERROR:
|
|||
}
|
||||
else
|
||||
{
|
||||
mbedtls_ssl_conf_ca_chain(&ssl->ctx, &ssl->cacert, nullptr, ssl->hostname.c_str());
|
||||
mbedtls_ssl_conf_ca_chain(&ssl->config, &ssl->cacert, nullptr);
|
||||
Memory::Write_U32(SSL_OK, _BufferIn);
|
||||
}
|
||||
|
||||
|
|
@ -298,7 +298,7 @@ _SSL_NEW_ERROR:
|
|||
}
|
||||
else
|
||||
{
|
||||
mbedtls_ssl_conf_own_cert(&ssl->ctx, &ssl->clicert, &ssl->pk);
|
||||
mbedtls_ssl_conf_own_cert(&ssl->config, &ssl->clicert, &ssl->pk);
|
||||
Memory::Write_U32(SSL_OK, _BufferIn);
|
||||
}
|
||||
|
||||
|
|
@ -328,7 +328,7 @@ _SSL_NEW_ERROR:
|
|||
mbedtls_x509_crt_free(&ssl->clicert);
|
||||
mbedtls_pk_free(&ssl->pk);
|
||||
|
||||
mbedtls_ssl_conf_own_cert(&ssl->ctx, nullptr, nullptr);
|
||||
mbedtls_ssl_conf_own_cert(&ssl->config, nullptr, nullptr);
|
||||
Memory::Write_U32(SSL_OK, _BufferIn);
|
||||
}
|
||||
else
|
||||
|
|
@ -353,7 +353,7 @@ _SSL_NEW_ERROR:
|
|||
}
|
||||
else
|
||||
{
|
||||
mbedtls_ssl_conf_ca_chain(&ssl->ctx, &ssl->cacert, nullptr, ssl->hostname.c_str());
|
||||
mbedtls_ssl_conf_ca_chain(&ssl->config, &ssl->cacert, nullptr);
|
||||
Memory::Write_U32(SSL_OK, _BufferIn);
|
||||
}
|
||||
INFO_LOG(WII_IPC_SSL, "IOCTLV_NET_SSL_SETBUILTINROOTCA = %d", ret);
|
||||
|
|
@ -377,9 +377,11 @@ _SSL_NEW_ERROR:
|
|||
if (SSLID_VALID(sslID))
|
||||
{
|
||||
WII_SSL* ssl = &_SSL[sslID];
|
||||
mbedtls_ssl_setup(&ssl->ctx, &ssl->config);
|
||||
ssl->sockfd = Memory::Read_U32(BufferOut2);
|
||||
INFO_LOG(WII_IPC_SSL, "IOCTLV_NET_SSL_CONNECT socket = %d", ssl->sockfd);
|
||||
mbedtls_ssl_set_bio(&ssl->ctx, mbedtls_net_recv, &ssl->sockfd, mbedtls_net_send, &ssl->sockfd);
|
||||
mbedtls_ssl_set_bio(&ssl->ctx, &ssl->sockfd, mbedtls_net_send,
|
||||
mbedtls_net_recv, mbedtls_net_recv_timeout);
|
||||
Memory::Write_U32(SSL_OK, _BufferIn);
|
||||
}
|
||||
else
|
||||
|
|
|
|||
|
|
@ -57,6 +57,7 @@ enum SSL_IOCTL
|
|||
struct WII_SSL
|
||||
{
|
||||
mbedtls_ssl_context ctx;
|
||||
mbedtls_ssl_config config;
|
||||
mbedtls_ssl_session session;
|
||||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
|
|
|
|||
|
|
@ -3,7 +3,8 @@
|
|||
// Refer to the license.txt file included.
|
||||
|
||||
#include <mutex>
|
||||
#include <mbedtls/md5.h>
|
||||
#include <mbedtls/config.h>
|
||||
#include <mbedtls/md.h>
|
||||
|
||||
#include "Common/ChunkFile.h"
|
||||
#include "Common/CommonPaths.h"
|
||||
|
|
@ -1350,6 +1351,8 @@ void GetSettings()
|
|||
}
|
||||
}
|
||||
|
||||
static const mbedtls_md_info_t* s_md5_info = mbedtls_md_info_from_type(MBEDTLS_MD_MD5);
|
||||
|
||||
void CheckMD5()
|
||||
{
|
||||
for (int i = 0, n = 0; i < 16; ++i)
|
||||
|
|
@ -1363,7 +1366,7 @@ void CheckMD5()
|
|||
Core::DisplayMessage("Verifying checksum...", 2000);
|
||||
|
||||
unsigned char gameMD5[16];
|
||||
mbedtls_md5_file(SConfig::GetInstance().m_strFilename.c_str(), gameMD5);
|
||||
mbedtls_md_file(s_md5_info, SConfig::GetInstance().m_strFilename.c_str(), gameMD5);
|
||||
|
||||
if (memcmp(gameMD5,s_MD5,16) == 0)
|
||||
Core::DisplayMessage("Checksum of current game matches the recorded game.", 2000);
|
||||
|
|
@ -1375,7 +1378,7 @@ void GetMD5()
|
|||
{
|
||||
Core::DisplayMessage("Calculating checksum of game file...", 2000);
|
||||
memset(s_MD5, 0, sizeof(s_MD5));
|
||||
mbedtls_md5_file(SConfig::GetInstance().m_strFilename.c_str(), s_MD5);
|
||||
mbedtls_md_file(s_md5_info, SConfig::GetInstance().m_strFilename.c_str(), s_MD5);
|
||||
Core::DisplayMessage("Finished calculating checksum.", 2000);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue