Difference between revisions of "SSL services"
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
| − | =ssl= | + | = ssl = |
| + | This is "nn::ssl::sf::ISslService". | ||
| − | =Client cert+privk= | + | {| class="wikitable" border="1" |
| + | |- | ||
| + | ! Cmd || Name | ||
| + | |- | ||
| + | | 0 || CreateContext | ||
| + | |- | ||
| + | | 1 || GetContextCount | ||
| + | |- | ||
| + | | 2 || GetCertificates | ||
| + | |- | ||
| + | | 3 || GetCertificateBufSize | ||
| + | |- | ||
| + | | 4 || DebugIoctl | ||
| + | |- | ||
| + | | 5 || SetInterfaceVersion | ||
| + | |} | ||
| + | |||
| + | == ISslContext == | ||
| + | {| class="wikitable" border="1" | ||
| + | |- | ||
| + | ! Cmd || Name | ||
| + | |- | ||
| + | | 0 || SetOption | ||
| + | |- | ||
| + | | 1 || GetOption | ||
| + | |- | ||
| + | | 2 || CreateConnection | ||
| + | |- | ||
| + | | 3 || GetConnectionCount | ||
| + | |- | ||
| + | | 4 || ImportServerPki | ||
| + | |- | ||
| + | | 5 || ImportClientPki | ||
| + | |- | ||
| + | | 6 || RemoveServerPki | ||
| + | |- | ||
| + | | 7 || RemoveClientPki | ||
| + | |- | ||
| + | | 8 || RegisterInternalPki | ||
| + | |- | ||
| + | | 9 || AddPolicyOid | ||
| + | |- | ||
| + | | 10 || ImportCrl | ||
| + | |- | ||
| + | | 11 || RemoveCrl | ||
| + | |} | ||
| + | |||
| + | === ISslConnection === | ||
| + | {| class="wikitable" border="1" | ||
| + | |- | ||
| + | ! Cmd || Name | ||
| + | |- | ||
| + | | 0 || SetSocketDescriptor | ||
| + | |- | ||
| + | | 1 || SetHostName | ||
| + | |- | ||
| + | | 2 || SetVerifyOption | ||
| + | |- | ||
| + | | 3 || SetIoMode | ||
| + | |- | ||
| + | | 4 || GetSocketDescriptor | ||
| + | |- | ||
| + | | 5 || GetHostName | ||
| + | |- | ||
| + | | 6 || GetVerifyOption | ||
| + | |- | ||
| + | | 7 || GetIoMode | ||
| + | |- | ||
| + | | 8 || DoHandshake | ||
| + | |- | ||
| + | | 9 || DoHandshakeGetServerCert | ||
| + | |- | ||
| + | | 10 || Read | ||
| + | |- | ||
| + | | 11 || Write | ||
| + | |- | ||
| + | | 12 || Pending | ||
| + | |- | ||
| + | | 13 || Peek | ||
| + | |- | ||
| + | | 14 || Poll | ||
| + | |- | ||
| + | | 15 || GetVerifyCertError | ||
| + | |- | ||
| + | | 16 || GetNeededServerCertBufferSize | ||
| + | |- | ||
| + | | 17 || SetSessionCacheMode | ||
| + | |- | ||
| + | | 18 || GetSessionCacheMode | ||
| + | |- | ||
| + | | 19 || FlushSessionCache | ||
| + | |- | ||
| + | | 20 || SetRenegotiationMode | ||
| + | |- | ||
| + | | 21 || GetRenegotiationMode | ||
| + | |- | ||
| + | | 22 || SetOption | ||
| + | |- | ||
| + | | 23 || GetOption | ||
| + | |- | ||
| + | | 24 || GetVerifyCertErrors | ||
| + | |} | ||
| + | |||
| + | = Client cert+privk = | ||
SSL-sysmodule uses [[Settings_services|set:cal]] [[Settings_services#GetSslKey|GetSslKey]] and [[Settings_services#GetSslCert|GetSslCert]]. The rest of this section documents handling for the former, which can be decrypted with [[SPL_services|SPL]]. | SSL-sysmodule uses [[Settings_services|set:cal]] [[Settings_services#GetSslKey|GetSslKey]] and [[Settings_services#GetSslCert|GetSslCert]]. The rest of this section documents handling for the former, which can be decrypted with [[SPL_services|SPL]]. | ||
| Line 9: | Line 113: | ||
* 0x100+0x10: If the u32 actual_size is less than (u32)-0x11, and the last 0x10-bytes of the actual-data are all-zero, the data is copied to the output as raw plaintext. If a non-zero byte is found, it will continue with [[SPL_services|SPL]] usage, skipping over the SPL block for the devunit flag. In this case, key=key0 and the flag passed to SPL later is set to 0. | * 0x100+0x10: If the u32 actual_size is less than (u32)-0x11, and the last 0x10-bytes of the actual-data are all-zero, the data is copied to the output as raw plaintext. If a non-zero byte is found, it will continue with [[SPL_services|SPL]] usage, skipping over the SPL block for the devunit flag. In this case, key=key0 and the flag passed to SPL later is set to 0. | ||
* 0x100+0x30: Size must match this if it's not the above, otherwise error 0xC81A is returned. The flag passed to SPL later is set to 1 in this case. Runs the devunit-flag-block: uses [[SPL_services#SPL#GetDevunitFlag]]. key = key1 when out_flag!=0, key2 otherwise. | * 0x100+0x30: Size must match this if it's not the above, otherwise error 0xC81A is returned. The flag passed to SPL later is set to 1 in this case. Runs the devunit-flag-block: uses [[SPL_services#SPL#GetDevunitFlag]]. key = key1 when out_flag!=0, key2 otherwise. | ||
| + | |||
| + | [[Category:Services]] | ||
Revision as of 21:29, 24 March 2018
ssl
This is "nn::ssl::sf::ISslService".
| Cmd | Name |
|---|---|
| 0 | CreateContext |
| 1 | GetContextCount |
| 2 | GetCertificates |
| 3 | GetCertificateBufSize |
| 4 | DebugIoctl |
| 5 | SetInterfaceVersion |
ISslContext
| Cmd | Name |
|---|---|
| 0 | SetOption |
| 1 | GetOption |
| 2 | CreateConnection |
| 3 | GetConnectionCount |
| 4 | ImportServerPki |
| 5 | ImportClientPki |
| 6 | RemoveServerPki |
| 7 | RemoveClientPki |
| 8 | RegisterInternalPki |
| 9 | AddPolicyOid |
| 10 | ImportCrl |
| 11 | RemoveCrl |
ISslConnection
| Cmd | Name |
|---|---|
| 0 | SetSocketDescriptor |
| 1 | SetHostName |
| 2 | SetVerifyOption |
| 3 | SetIoMode |
| 4 | GetSocketDescriptor |
| 5 | GetHostName |
| 6 | GetVerifyOption |
| 7 | GetIoMode |
| 8 | DoHandshake |
| 9 | DoHandshakeGetServerCert |
| 10 | Read |
| 11 | Write |
| 12 | Pending |
| 13 | Peek |
| 14 | Poll |
| 15 | GetVerifyCertError |
| 16 | GetNeededServerCertBufferSize |
| 17 | SetSessionCacheMode |
| 18 | GetSessionCacheMode |
| 19 | FlushSessionCache |
| 20 | SetRenegotiationMode |
| 21 | GetRenegotiationMode |
| 22 | SetOption |
| 23 | GetOption |
| 24 | GetVerifyCertErrors |
Client cert+privk
SSL-sysmodule uses set:cal GetSslKey and GetSslCert. The rest of this section documents handling for the former, which can be decrypted with SPL.
key* below refers to the 3 0x10-byte input blocks passed to this code.
When actual_size is:
- 0x100+0x10: If the u32 actual_size is less than (u32)-0x11, and the last 0x10-bytes of the actual-data are all-zero, the data is copied to the output as raw plaintext. If a non-zero byte is found, it will continue with SPL usage, skipping over the SPL block for the devunit flag. In this case, key=key0 and the flag passed to SPL later is set to 0.
- 0x100+0x30: Size must match this if it's not the above, otherwise error 0xC81A is returned. The flag passed to SPL later is set to 1 in this case. Runs the devunit-flag-block: uses SPL_services#SPL#GetDevunitFlag. key = key1 when out_flag!=0, key2 otherwise.