SSL services
Jump to navigation
Jump to search
ssl
This is "nn::ssl::sf::ISslService".
Cmd | Name |
---|---|
0 | CreateContext |
1 | GetContextCount |
2 | GetCertificates |
3 | GetCertificateBufSize |
4 | [3.0.0+] DebugIoctl |
5 | [3.0.0+] SetInterfaceVersion |
6 | [5.0.0+] FlushSessionCache |
7 | [6.0.0+] #SetDebugOption |
8 | [6.0.0+] #GetDebugOption |
[3.0.0+] GetCertificates now returns 4-bytes of output.
SetDebugOption
Takes an input u32 DebugOptionType and a type-0x5 input buffer, no output.
The input u32 value must be 0, and the buffer addr/size must not be 0.
The u8 at buf+0 is copied to state.
GetDebugOption
Takes an input u32 DebugOptionType and a type-0x6 output buffer.
Same as #SetDebugOption except this copies state to the buffer instead.
ISslContext
This is "nn::ssl::sf::ISslContext".
Cmd | Name |
---|---|
0 | SetOption |
1 | GetOption |
2 | CreateConnection |
3 | GetConnectionCount |
4 | ImportServerPki |
5 | ImportClientPki |
6 | RemoveServerPki |
7 | RemoveClientPki |
8 | RegisterInternalPki |
9 | AddPolicyOid |
10 | [3.0.0+] ImportCrl |
11 | [3.0.0+] RemoveCrl |
ISslConnection
This is "nn::ssl::sf::ISslConnection".
Cmd | Name |
---|---|
0 | SetSocketDescriptor |
1 | SetHostName |
2 | SetVerifyOption |
3 | SetIoMode |
4 | GetSocketDescriptor |
5 | GetHostName |
6 | GetVerifyOption |
7 | GetIoMode |
8 | DoHandshake |
9 | DoHandshakeGetServerCert |
10 | Read |
11 | Write |
12 | Pending |
13 | Peek |
14 | Poll |
15 | GetVerifyCertError |
16 | GetNeededServerCertBufferSize |
17 | SetSessionCacheMode |
18 | GetSessionCacheMode |
19 | FlushSessionCache |
20 | SetRenegotiationMode |
21 | GetRenegotiationMode |
22 | SetOption |
23 | GetOption |
24 | GetVerifyCertErrors |
25 | [4.0.0+] GetCipherInfo |
Client cert+privk
SSL-sysmodule uses set:cal GetSslKey and GetSslCert. The rest of this section documents handling for the former, which can be decrypted with SPL.
key* below refers to the 3 0x10-byte input blocks passed to this code.
When actual_size is:
- 0x100+0x10: If the u32 actual_size is less than (u32)-0x11, and the last 0x10-bytes of the actual-data are all-zero, the data is copied to the output as raw plaintext. If a non-zero byte is found, it will continue with SPL usage, skipping over the SPL block for the devunit flag. In this case, key=key0 and the flag passed to SPL later is set to 0.
- 0x100+0x30: Size must match this if it's not the above, otherwise error 0xC81A is returned. The flag passed to SPL later is set to 1 in this case. Runs the devunit-flag-block: uses SPL_services#SPL#GetDevunitFlag. key = key1 when out_flag!=0, key2 otherwise.