New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IOS/ES: Add signature verification #5612
Conversation
Source/Core/Core/ConfigManager.cpp
Outdated
@@ -608,6 +609,7 @@ void SConfig::LoadCoreSettings(IniFile& ini) | |||
core->Get("EnableCustomRTC", &bEnableCustomRTC, false); | |||
// Default to seconds between 1.1.1970 and 1.1.2000 | |||
core->Get("CustomRTCValue", &m_customRTCValue, 946684800); | |||
core->Get("DisableSignatureChecks", &m_disable_signature_checks, false); |
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
Source/Core/UICommon/WiiUtils.cpp
Outdated
{ | ||
if (!checks_disabled && ret == IOS::HLE::IOSC_FAIL_CHECKVALUE && | ||
AskYesNoT("This WAD does not have a valid signature. Continue to import?")) |
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
Source/Core/Core/IOS/ES/ES.cpp
Outdated
if (certs.find(cert.GetName()) != certs.end()) | ||
return IPC_SUCCESS; | ||
|
||
store_file.Seek(0, SEEK_END); |
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
Source/Core/Core/IOS/ES/ES.cpp
Outdated
// IOS assumes that the CA cert will always be signed by the root certificate, | ||
// and that the issuer is signed by the CA. | ||
IOSC& iosc = m_ios.GetIOSC(); | ||
IOSC::Handle handle, issuer_handle; |
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
context.title_import.tmd, cert_store); | ||
if (ret != IPC_SUCCESS) | ||
{ | ||
context.title_import.tmd.SetBytes({}); |
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
7778c28
to
b6327f1
Compare
Source/Core/Core/IOS/ES/ES.cpp
Outdated
const IOS::ES::SignedBlobReader& signed_blob, | ||
const std::vector<u8>& cert_chain, u32 iosc_handle) | ||
{ | ||
if (SConfig::GetInstance().m_enable_signature_checks) |
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
b6327f1
to
e5023d4
Compare
Source/Core/Core/IOS/ES/ES.cpp
Outdated
if (mode == VerifyMode::UpdateCertStore) | ||
{ | ||
ret = WriteNewCertToStore(issuer_cert); | ||
ret = WriteNewCertToStore(ca_cert); |
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
e5023d4
to
e42bd19
Compare
-1027 is used when ES cannot find the issuer of a certificate. -1012 is used when the signature type is invalid.
03401d7
to
c321ff8
Compare
Will be used from several functions to verify the signatures for different containers (TMDs, tickets, device signed blobs). An option was added to disable signature checks, because that could be useful for people trying to import unsigned stuff.
Something that IOS does and that Dolphin doesn't, for whatever reason.
We probably don't want to verify containers there because it might result in patched/custom games failing the check.
Improves usability with signature checks.
c321ff8
to
6249244
Compare
This adds signature verification to ES. Required for #5610 as we can't use HTTPS when downloading metadata or contents from NUS.
Note that signature checks are intentionally omitted from ES_DiVerify, as we don't want to block unsigned disc images.