4,562
edits
Changes
Jump to navigation
Jump to search
Line 6:
Line 6: − + − + − + − + − + − + − + − + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 38:
Line 69: − + Line 58:
Line 89: + + + Line 70:
Line 104: − + Line 78:
Line 112: − + Line 117:
Line 151: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
→CertStore
! Cmd || Name
! Cmd || Name
|-
|-
| 0 || CreateContext
| 0 || [[#CreateContext]]
|-
|-
| 1 || GetContextCount
| 1 || GetContextCount
|-
|-
| 2 || GetCertificates
| 2 || [[#GetCertificates]]
|-
|-
| 3 || GetCertificateBufSize
| 3 || [[#GetCertificateBufSize]]
|-
|-
| 4 || [3.0.0+] DebugIoctl
| 4 || [3.0.0+] [[#DebugIoctl]]
|-
|-
| 5 || [3.0.0+] SetInterfaceVersion
| 5 || [3.0.0+] [[#SetInterfaceVersion]]
|-
|-
| 6 || [5.0.0+] FlushSessionCache
| 6 || [5.0.0+] FlushSessionCache
|-
|-
| 7 || [6.0.0+] SetDebugOption
| 7 || [6.0.0+] [[#SetDebugOption]]
|-
|-
| 8 || [6.0.0+] GetDebugOption
| 8 || [6.0.0+] [[#GetDebugOption]]
|}
|}
[3.0.0+] GetCertificates now returns 4-bytes of output.
== CreateContext ==
Takes a PID, an input u32 [[#SslVersion]], an input u64 pid_placeholder, and returns an output [[#ISslContext]].
== GetCertificates ==
Takes a type-0x6 output buffer and a type-0x5 input buffer containing an array of [[#CaCertificateId]].
[3.0.0+] This now returns an output u32 for actual total output entries.
The output buffer starts with an array of [[#BuiltInCertificateInfo]], with the DER cert data following afterwards.
== GetCertificateBufSize ==
Takes a type-0x5 input buffer containing an array of [[#CaCertificateId]], returns an output u32 for the size to use with [[#GetCertificates]].
== DebugIoctl ==
Stubbed on retail, just returns an error.
== SetInterfaceVersion ==
Takes an input u32 '''version''', no output.
Used by user-processes during service init.
== SetDebugOption ==
Takes an input u32 '''DebugOptionType''' and a type-0x5 input buffer, no output.
The input u32 value must be 0, and the buffer addr/size must not be 0.
The u8 at buf+0 is copied to state.
== GetDebugOption ==
Takes an input u32 '''DebugOptionType''' and a type-0x6 output buffer.
Same as [[#SetDebugOption]] except this copies state to the buffer instead.
== ISslContext ==
== ISslContext ==
| 1 || GetOption
| 1 || GetOption
|-
|-
| 2 || CreateConnection
| 2 || [[#CreateConnection]]
|-
|-
| 3 || GetConnectionCount
| 3 || GetConnectionCount
| 11 || [3.0.0+] RemoveCrl
| 11 || [3.0.0+] RemoveCrl
|}
|}
=== CreateConnection ===
No input, returns an [[#ISslConnection]].
=== ISslConnection ===
=== ISslConnection ===
| 1 || SetHostName
| 1 || SetHostName
|-
|-
| 2 || SetVerifyOption
| 2 || [[#SetVerifyOption]]
|-
|-
| 3 || SetIoMode
| 3 || SetIoMode
| 5 || GetHostName
| 5 || GetHostName
|-
|-
| 6 || GetVerifyOption
| 6 || [[#GetVerifyOption]]
|-
|-
| 7 || GetIoMode
| 7 || GetIoMode
|-
|-
| 25 || [4.0.0+] GetCipherInfo
| 25 || [4.0.0+] GetCipherInfo
|-
| 26 || [9.0.0+] SetNextAlpnProto
|-
| 27 || [9.0.0+] GetNextAlpnProto
|}
==== SetVerifyOption ====
Takes an input u32 [[#VerifyOption]], no output.
Originally ssl-sysmodule just wrote the input field to state. With newer sysvers there's now validation for the input.
==== GetVerifyOption ====
No input, returns an output u32 [[#VerifyOption]].
= SslVersion =
This is the "nn::ssl::sf::SslVersion" enum.
= BuiltInCertificateInfo =
{| class="wikitable" border="1"
|-
! Offset
! Size
! Description
|-
| 0x0
| 0x4
| [[#CaCertificateId]]
|-
| 0x4
| 0x4
| [[#BuiltinDataStatus]]
|-
| 0x8
| 0x8
| Data size
|-
| 0x10
| 0x8
| Data offset
|}
|}
This is the struct returned by [[#GetCertificates]]. Official sw converts this to "nn::ssl::BuiltInManager::BuiltInCertificateInfo" with offset converted to a ptr.
= BuiltinDataStatus =
{| class="wikitable" border="1"
|-
! Value
! Description
|-
| -1
| Invalid
|-
| 1
| Valid
|}
This is the "nn::ssl::detail::BuiltinDataInfo::BuiltinDataStatus" enum.
= CaCertificateId =
{| class="wikitable" border="1"
|-
! Value
! Description
|-
| 1
| Nintendo {...}
|-
| 2
| Nintendo {...}
|}
This is the "nn::ssl::CaCertificateId" enum.
= VerifyOption =
This is the "nn::ssl::sf::VerifyOption" enum.
= CertStore =
This is the CertStore title, which contains the following files in RomFS:
* "/ssl_CaFingerprints.bdf"
* "/ssl_Crl.bdf"
* "/ssl_TrustedCerts.bdf"
On old system-versions, this only contains "/ssl_TrustedCerts.tcf", which seems to have the same format described below.
These have the following structure:
{| class="wikitable" border="1"
|-
! Offset
! Size
! Description
|-
| 0x0 || 0x4 || Magic "sslT"
|-
| 0x4 || 0x4 || Total entries
|-
| 0x8 || 0x10*{total entries} || Array entries
|}
Array entry structure:
{| class="wikitable" border="1"
|-
! Offset
! Size
! Description
|-
| 0x0
| 0x4
| ID
|-
| 0x4
| 0x4
| ?
|-
| 0x8
| 0x4
| Data size
|-
| 0xC
| 0x4
| Data offset
|}
Data offset is relative to absolute offset 0x8.
The ID is the same one used by service commands to access these entries. For ssl_TrustedCerts, ID is [[#CaCertificateId]].
= Client cert+privk =
= Client cert+privk =