libctru  v2.4.1
sslc.h
Go to the documentation of this file.
1 /**
2  * @file sslc.h
3  * @brief SSLC(TLS) service. https://3dbrew.org/wiki/SSL_Services
4  */
5 #pragma once
6 
7 /// sslc context.
8 typedef struct {
9  Handle servhandle; ///< Service handle.
10  u32 sslchandle; ///< SSLC handle.
11  Handle sharedmem_handle;
12 } sslcContext;
13 
14 typedef enum {
15  SSLC_DefaultRootCert_Nintendo_CA = 0x1, //"Nintendo CA"
16  SSLC_DefaultRootCert_Nintendo_CA_G2 = 0x2, //"Nintendo CA - G2"
17  SSLC_DefaultRootCert_Nintendo_CA_G3 = 0x3, //"Nintendo CA - G3"
18  SSLC_DefaultRootCert_Nintendo_Class2_CA = 0x4, //"Nintendo Class 2 CA"
19  SSLC_DefaultRootCert_Nintendo_Class2_CA_G2 = 0x5, //"Nintendo Class 2 CA - G2"
20  SSLC_DefaultRootCert_Nintendo_Class2_CA_G3 = 0x6, //"Nintendo Class 2 CA - G3"
21  SSLC_DefaultRootCert_CyberTrust = 0x7, //"GTE CyberTrust Global Root"
22  SSLC_DefaultRootCert_AddTrust_External_CA = 0x8, //"AddTrust External CA Root"
23  SSLC_DefaultRootCert_COMODO = 0x9, //"COMODO RSA Certification Authority"
24  SSLC_DefaultRootCert_USERTrust = 0xA, //"USERTrust RSA Certification Authority"
25  SSLC_DefaultRootCert_DigiCert_EV = 0xB //"DigiCert High Assurance EV Root CA"
26 } SSLC_DefaultRootCert;
27 
28 typedef enum {
29  SSLC_DefaultClientCert_ClCertA = 0x40
30 } SSLC_DefaultClientCert;
31 
32 /// sslc options. https://www.3dbrew.org/wiki/SSL_Services#SSLOpt
33 enum {
34  SSLCOPT_Default = 0,
35  SSLCOPT_DisableVerify = BIT(9), // "Disables server cert verification when set."
36  SSLCOPT_TLSv10 = BIT(11) // "Use TLSv1.0."
37 };
38 
39 /// Initializes SSLC. Normally session_handle should be 0. When non-zero this will use the specified handle for the main-service-session without using the Initialize command, instead of using srvGetServiceHandle.
40 Result sslcInit(Handle session_handle);
41 
42 /// Exits SSLC.
43 void sslcExit(void);
44 
45 /**
46  * @brief Creates a RootCertChain.
47  * @param RootCertChain_contexthandle Output contexthandle.
48  */
49 Result sslcCreateRootCertChain(u32 *RootCertChain_contexthandle);
50 
51 /**
52  * @brief Destroys a RootCertChain.
53  * @param RootCertChain_contexthandle RootCertChain contexthandle.
54  */
55 Result sslcDestroyRootCertChain(u32 RootCertChain_contexthandle);
56 
57 /**
58  * @brief Adds a trusted RootCA cert to a RootCertChain.
59  * @param RootCertChain_contexthandle RootCertChain to use.
60  * @param cert Pointer to the DER cert.
61  * @param certsize Size of the DER cert.
62  */
63 Result sslcAddTrustedRootCA(u32 RootCertChain_contexthandle, const u8 *cert, u32 certsize, u32 *cert_contexthandle);
64 
65 /**
66  * @brief Adds a default RootCA cert to a RootCertChain.
67  * @param RootCertChain_contexthandle RootCertChain to use.
68  * @param certID ID of the cert to add.
69  * @param cert_contexthandle Optional, the cert contexthandle can be written here.
70  */
71 Result sslcRootCertChainAddDefaultCert(u32 RootCertChain_contexthandle, SSLC_DefaultRootCert certID, u32 *cert_contexthandle);
72 
73 /**
74  * @brief Removes the specified cert from the RootCertChain.
75  * @param RootCertChain_contexthandle RootCertChain to use.
76  * @param cert_contexthandle Cert contexthandle to remove from the RootCertChain.
77  */
78 Result sslcRootCertChainRemoveCert(u32 RootCertChain_contexthandle, u32 cert_contexthandle);
79 
80 /**
81  * @brief Creates an unknown CertChain.
82  * @param CertChain_contexthandle Output contexthandle.
83  */
84 Result sslcCreate8CertChain(u32 *CertChain_contexthandle);
85 
86 /**
87  * @brief Destroys a CertChain from sslcCreate8CertChain().
88  * @param CertChain_contexthandle CertChain contexthandle.
89  */
90 Result sslcDestroy8CertChain(u32 CertChain_contexthandle);
91 
92 /**
93  * @brief Adds a cert to a CertChain from sslcCreate8CertChain().
94  * @param CertChain_contexthandle CertChain to use.
95  * @param cert Pointer to the cert.
96  * @param certsize Size of the cert.
97  */
98 Result sslc8CertChainAddCert(u32 CertChain_contexthandle, const u8 *cert, u32 certsize, u32 *cert_contexthandle);
99 
100 /**
101  * @brief Adds a default cert to a CertChain from sslcCreate8CertChain(). Not actually usable since no certIDs are implemented in SSL-module for this.
102  * @param CertChain_contexthandle CertChain to use.
103  * @param certID ID of the cert to add.
104  * @param cert_contexthandle Optional, the cert contexthandle can be written here.
105  */
106 Result sslc8CertChainAddDefaultCert(u32 CertChain_contexthandle, u8 certID, u32 *cert_contexthandle);
107 
108 /**
109  * @brief Removes the specified cert from the CertChain from sslcCreate8CertChain().
110  * @param CertChain_contexthandle CertChain to use.
111  * @param cert_contexthandle Cert contexthandle to remove from the CertChain.
112  */
113 Result sslc8CertChainRemoveCert(u32 CertChain_contexthandle, u32 cert_contexthandle);
114 
115 /**
116  * @brief Opens a new ClientCert-context.
117  * @param cert Pointer to the DER cert.
118  * @param certsize Size of the DER cert.
119  * @param key Pointer to the DER key.
120  * @param keysize Size of the DER key.
121  * @param ClientCert_contexthandle Output contexthandle.
122  */
123 Result sslcOpenClientCertContext(const u8 *cert, u32 certsize, const u8 *key, u32 keysize, u32 *ClientCert_contexthandle);
124 
125 /**
126  * @brief Opens a ClientCert-context with a default certID.
127  * @param certID ID of the ClientCert to use.
128  * @param ClientCert_contexthandle Output contexthandle.
129  */
130 Result sslcOpenDefaultClientCertContext(SSLC_DefaultClientCert certID, u32 *ClientCert_contexthandle);
131 
132 /**
133  * @brief Closes the specified ClientCert-context.
134  * @param ClientCert_contexthandle ClientCert-context to use.
135  */
136 Result sslcCloseClientCertContext(u32 ClientCert_contexthandle);
137 
138 /**
139  * @brief This uses ps:ps SeedRNG internally.
140  */
142 
143 /**
144  * @brief This uses ps:ps GenerateRandomData internally.
145  * @param buf Output buffer.
146  * @param size Output size.
147  */
149 
150 /**
151  * @brief Creates a sslc context.
152  * @param context sslc context.
153  * @param sockfd Socket fd, this code automatically uses the required SOC command before using the actual sslc command.
154  * @param input_opt Input sslc options bitmask.
155  * @param hostname Server hostname.
156  */
157 Result sslcCreateContext(sslcContext *context, int sockfd, u32 input_opt, const char *hostname);
158 
159 /*
160  * @brief Destroys a sslc context. The associated sockfd must be closed manually.
161  * @param context sslc context.
162  */
163 Result sslcDestroyContext(sslcContext *context);
164 
165 /*
166  * @brief Starts the TLS connection. If successful, this will not return until the connection is ready for data-transfer via sslcRead/sslcWrite.
167  * @param context sslc context.
168  * @param internal_retval Optional ptr where the internal_retval will be written. The value is only copied to here by this function when no error occurred.
169  * @param out Optional ptr where an output u32 will be written. The value is only copied to here by this function when no error occurred.
170  */
171 Result sslcStartConnection(sslcContext *context, int *internal_retval, u32 *out);
172 
173 /*
174  * @brief Receive data over the network connection.
175  * @param context sslc context.
176  * @param buf Output buffer.
177  * @param len Size to receive.
178  * @param peek When true, this is equivalent to setting the recv() MSG_PEEK flag.
179  * @return When this isn't an error-code, this is the total transferred data size.
180  */
181 Result sslcRead(sslcContext *context, void *buf, size_t len, bool peek);
182 
183 /*
184  * @brief Send data over the network connection.
185  * @param context sslc context.
186  * @param buf Input buffer.
187  * @param len Size to send.
188  * @return When this isn't an error-code, this is the total transferred data size.
189  */
190 Result sslcWrite(sslcContext *context, const void *buf, size_t len);
191 
192 /*
193  * @brief Set the RootCertChain for the specified sslc context.
194  * @param context sslc context.
195  * @param handle RootCertChain contexthandle.
196  */
197 Result sslcContextSetRootCertChain(sslcContext *context, u32 handle);
198 
199 /*
200  * @brief Set the ClientCert-context for the specified sslc context.
201  * @param context sslc context.
202  * @param handle ClientCert contexthandle.
203  */
204 Result sslcContextSetClientCert(sslcContext *context, u32 handle);
205 
206 /*
207  * @brief Set the context for a CertChain from sslcCreate8CertChain(), for the specified sslc context. This needs updated once it's known what this context is for.
208  * @param context sslc context.
209  * @param handle contexthandle.
210  */
211 Result sslcContextSetHandle8(sslcContext *context, u32 handle);
212 
213 /*
214  * @brief Clears the options field bits for the context using the specified bitmask.
215  * @param context sslc context.
216  * @param bitmask opt bitmask.
217  */
218 Result sslcContextClearOpt(sslcContext *context, u32 bitmask);
219 
220 /*
221  * @brief This copies two strings from context state to the specified output buffers. Each string is only copied if it was successfully loaded. The maxsizes include the nul-terminator. This can only be used if sslcStartConnection() was already used successfully.
222  * @param context sslc context.
223  * @param outprotocols Output buffer for a string containing all protocol versions supported by SSL-module.
224  * @param outprotocols_maxsize Max size of the above output buffer.
225  * @param outcipher Output buffer for a string containing the cipher suite currently being used.
226  * @param outcipher_maxsize Max size of the above output buffer.
227  */
228 Result sslcContextGetProtocolCipher(sslcContext *context, char *outprotocols, u32 outprotocols_maxsize, char *outcipher, u32 outcipher_maxsize);
229 
230 /*
231  * @brief This loads an u32 from the specified context state. This needs updated once it's known what this field is for.
232  * @param context sslc context.
233  * @param out Output ptr to write the value to.
234  */
235 Result sslcContextGetState(sslcContext *context, u32 *out);
236 
237 /*
238  * @brief This initializes sharedmem for the specified context.
239  * @param context sslc context.
240  * @param buf Sharedmem buffer with address aligned to 0x1000-bytes.
241  * @param size Sharedmem size aligned to 0x1000-bytes.
242  */
243 Result sslcContextInitSharedmem(sslcContext *context, u8 *buf, u32 size);
244 
245 /*
246  * @brief This loads the specified cert. This needs updated once it's known what the cert format is and what the cert is used for later.
247  * @param buf Input cert.
248  * @param size Cert size.
249  */
250 Result sslcAddCert(sslcContext *context, const u8 *buf, u32 size);
251 
Result sslcSeedRNG(void)
This uses ps:ps SeedRNG internally.
void sslcExit(void)
Exits SSLC.
Result sslcCloseClientCertContext(u32 ClientCert_contexthandle)
Closes the specified ClientCert-context.
Result sslcGenerateRandomData(u8 *buf, u32 size)
This uses ps:ps GenerateRandomData internally.
Result sslcCreateContext(sslcContext *context, int sockfd, u32 input_opt, const char *hostname)
Creates a sslc context.
Result sslcDestroy8CertChain(u32 CertChain_contexthandle)
Destroys a CertChain from sslcCreate8CertChain().
Result sslc8CertChainAddDefaultCert(u32 CertChain_contexthandle, u8 certID, u32 *cert_contexthandle)
Adds a default cert to a CertChain from sslcCreate8CertChain().
Result sslcInit(Handle session_handle)
Initializes SSLC. Normally session_handle should be 0. When non-zero this will use the specified hand...
Result sslcOpenClientCertContext(const u8 *cert, u32 certsize, const u8 *key, u32 keysize, u32 *ClientCert_contexthandle)
Opens a new ClientCert-context.
Result sslcRootCertChainAddDefaultCert(u32 RootCertChain_contexthandle, SSLC_DefaultRootCert certID, u32 *cert_contexthandle)
Adds a default RootCA cert to a RootCertChain.
Result sslcCreate8CertChain(u32 *CertChain_contexthandle)
Creates an unknown CertChain.
Result sslcCreateRootCertChain(u32 *RootCertChain_contexthandle)
Creates a RootCertChain.
Result sslcRootCertChainRemoveCert(u32 RootCertChain_contexthandle, u32 cert_contexthandle)
Removes the specified cert from the RootCertChain.
Result sslcAddTrustedRootCA(u32 RootCertChain_contexthandle, const u8 *cert, u32 certsize, u32 *cert_contexthandle)
Adds a trusted RootCA cert to a RootCertChain.
Result sslc8CertChainRemoveCert(u32 CertChain_contexthandle, u32 cert_contexthandle)
Removes the specified cert from the CertChain from sslcCreate8CertChain().
Result sslcDestroyRootCertChain(u32 RootCertChain_contexthandle)
Destroys a RootCertChain.
Result sslc8CertChainAddCert(u32 CertChain_contexthandle, const u8 *cert, u32 certsize, u32 *cert_contexthandle)
Adds a cert to a CertChain from sslcCreate8CertChain().
Result sslcOpenDefaultClientCertContext(SSLC_DefaultClientCert certID, u32 *ClientCert_contexthandle)
Opens a ClientCert-context with a default certID.
sslc context.
Definition: sslc.h:8
Handle servhandle
Service handle.
Definition: sslc.h:9
u32 sslchandle
SSLC handle.
Definition: sslc.h:10
#define BIT(n)
Creates a bitmask from a bit number.
Definition: types.h:47
uint8_t u8
would be nice if newlib had this already
Definition: types.h:21
u32 Handle
Resource handle.
Definition: types.h:41
s32 Result
Function result.
Definition: types.h:42
uint32_t u32
32-bit unsigned integer
Definition: types.h:23