Line 6: |
Line 6: |
| ! Cmd || Name | | ! Cmd || Name |
| |- | | |- |
− | | 0 || CreateContext | + | | 0 || [[#CreateContext]] |
| |- | | |- |
| | 1 || GetContextCount | | | 1 || GetContextCount |
| |- | | |- |
− | | 2 || GetCertificates | + | | 2 || [[#GetCertificates]] |
| |- | | |- |
− | | 3 || GetCertificateBufSize | + | | 3 || [[#GetCertificateBufSize]] |
| |- | | |- |
− | | 4 || [3.0.0+] DebugIoctl | + | | 4 || [3.0.0+] [[#DebugIoctl]] |
| |- | | |- |
− | | 5 || [3.0.0+] SetInterfaceVersion | + | | 5 || [3.0.0+] [[#SetInterfaceVersion]] |
| |- | | |- |
| | 6 || [5.0.0+] FlushSessionCache | | | 6 || [5.0.0+] FlushSessionCache |
| |- | | |- |
− | | 7 || [6.0.0+] SetDebugOption | + | | 7 || [6.0.0+] [[#SetDebugOption]] |
| |- | | |- |
− | | 8 || [6.0.0+] GetDebugOption | + | | 8 || [6.0.0+] [[#GetDebugOption]] |
| |} | | |} |
| | | |
− | [3.0.0+] GetCertificates now returns 4-bytes of output. | + | == CreateContext == |
| + | Takes a PID, an input u32 [[#SslVersion]], an input u64 pid_placeholder, and returns an output [[#ISslContext]]. |
| + | |
| + | == GetCertificates == |
| + | Takes a type-0x6 output buffer and a type-0x5 input buffer containing an array of [[#CaCertificateId]]. |
| + | |
| + | [3.0.0+] This now returns an output u32 for actual total output entries. |
| + | |
| + | The output buffer starts with an array of [[#BuiltInCertificateInfo]], with the DER cert data following afterwards. |
| + | |
| + | == GetCertificateBufSize == |
| + | Takes a type-0x5 input buffer containing an array of [[#CaCertificateId]], returns an output u32 for the size to use with [[#GetCertificates]]. |
| + | |
| + | == DebugIoctl == |
| + | Stubbed on retail, just returns an error. |
| + | |
| + | == SetInterfaceVersion == |
| + | Takes an input u32 '''version''', no output. |
| + | |
| + | Used by user-processes during service init. |
| + | |
| + | == SetDebugOption == |
| + | Takes an input u32 '''DebugOptionType''' and a type-0x5 input buffer, no output. |
| + | |
| + | The input u32 value must be 0, and the buffer addr/size must not be 0. |
| + | |
| + | The u8 at buf+0 is copied to state. |
| + | |
| + | == GetDebugOption == |
| + | Takes an input u32 '''DebugOptionType''' and a type-0x6 output buffer. |
| + | |
| + | Same as [[#SetDebugOption]] except this copies state to the buffer instead. |
| | | |
| == ISslContext == | | == ISslContext == |
Line 38: |
Line 69: |
| | 1 || GetOption | | | 1 || GetOption |
| |- | | |- |
− | | 2 || CreateConnection | + | | 2 || [[#CreateConnection]] |
| |- | | |- |
| | 3 || GetConnectionCount | | | 3 || GetConnectionCount |
Line 58: |
Line 89: |
| | 11 || [3.0.0+] RemoveCrl | | | 11 || [3.0.0+] RemoveCrl |
| |} | | |} |
| + | |
| + | === CreateConnection === |
| + | No input, returns an [[#ISslConnection]]. |
| | | |
| === ISslConnection === | | === ISslConnection === |
Line 70: |
Line 104: |
| | 1 || SetHostName | | | 1 || SetHostName |
| |- | | |- |
− | | 2 || SetVerifyOption | + | | 2 || [[#SetVerifyOption]] |
| |- | | |- |
| | 3 || SetIoMode | | | 3 || SetIoMode |
Line 78: |
Line 112: |
| | 5 || GetHostName | | | 5 || GetHostName |
| |- | | |- |
− | | 6 || GetVerifyOption | + | | 6 || [[#GetVerifyOption]] |
| |- | | |- |
| | 7 || GetIoMode | | | 7 || GetIoMode |
Line 117: |
Line 151: |
| |- | | |- |
| | 25 || [4.0.0+] GetCipherInfo | | | 25 || [4.0.0+] GetCipherInfo |
| + | |- |
| + | | 26 || [9.0.0+] SetNextAlpnProto |
| + | |- |
| + | | 27 || [9.0.0+] GetNextAlpnProto |
| + | |} |
| + | |
| + | ==== SetVerifyOption ==== |
| + | Takes an input u32 [[#VerifyOption]], no output. |
| + | |
| + | Originally ssl-sysmodule just wrote the input field to state. With newer sysvers there's now validation for the input. |
| + | |
| + | ==== GetVerifyOption ==== |
| + | No input, returns an output u32 [[#VerifyOption]]. |
| + | |
| + | = SslVersion = |
| + | This is the "nn::ssl::sf::SslVersion" enum. |
| + | |
| + | = BuiltInCertificateInfo = |
| + | {| class="wikitable" border="1" |
| + | |- |
| + | ! Offset |
| + | ! Size |
| + | ! Description |
| + | |- |
| + | | 0x0 |
| + | | 0x4 |
| + | | [[#CaCertificateId]] |
| + | |- |
| + | | 0x4 |
| + | | 0x4 |
| + | | [[#BuiltinDataStatus]] |
| + | |- |
| + | | 0x8 |
| + | | 0x8 |
| + | | Data size |
| + | |- |
| + | | 0x10 |
| + | | 0x8 |
| + | | Data offset |
| |} | | |} |
| + | |
| + | This is the struct returned by [[#GetCertificates]]. Official sw converts this to "nn::ssl::BuiltInManager::BuiltInCertificateInfo" with offset converted to a ptr. |
| + | |
| + | = BuiltinDataStatus = |
| + | {| class="wikitable" border="1" |
| + | |- |
| + | ! Value |
| + | ! Description |
| + | |- |
| + | | -1 |
| + | | Invalid |
| + | |- |
| + | | 1 |
| + | | Valid |
| + | |} |
| + | |
| + | This is the "nn::ssl::detail::BuiltinDataInfo::BuiltinDataStatus" enum. |
| + | |
| + | = CaCertificateId = |
| + | {| class="wikitable" border="1" |
| + | |- |
| + | ! Value |
| + | ! Description |
| + | |- |
| + | | 1 |
| + | | Nintendo {...} |
| + | |- |
| + | | 2 |
| + | | Nintendo {...} |
| + | |} |
| + | |
| + | This is the "nn::ssl::CaCertificateId" enum. |
| + | |
| + | = VerifyOption = |
| + | This is the "nn::ssl::sf::VerifyOption" enum. |
| + | |
| + | = CertStore = |
| + | This is the CertStore title, which contains the following files in RomFS: |
| + | * "/ssl_CaFingerprints.bdf" |
| + | * "/ssl_Crl.bdf" |
| + | * "/ssl_TrustedCerts.bdf" |
| + | |
| + | On old system-versions, this only contains "/ssl_TrustedCerts.tcf", which seems to have the same format described below. |
| + | |
| + | These have the following structure: |
| + | |
| + | {| class="wikitable" border="1" |
| + | |- |
| + | ! Offset |
| + | ! Size |
| + | ! Description |
| + | |- |
| + | | 0x0 || 0x4 || Magic "sslT" |
| + | |- |
| + | | 0x4 || 0x4 || Total entries |
| + | |- |
| + | | 0x8 || 0x10*{total entries} || Array entries |
| + | |} |
| + | |
| + | Array entry structure: |
| + | {| class="wikitable" border="1" |
| + | |- |
| + | ! Offset |
| + | ! Size |
| + | ! Description |
| + | |- |
| + | | 0x0 |
| + | | 0x4 |
| + | | ID |
| + | |- |
| + | | 0x4 |
| + | | 0x4 |
| + | | ? |
| + | |- |
| + | | 0x8 |
| + | | 0x4 |
| + | | Data size |
| + | |- |
| + | | 0xC |
| + | | 0x4 |
| + | | Data offset |
| + | |} |
| + | |
| + | Data offset is relative to absolute offset 0x8. |
| + | |
| + | The ID is the same one used by service commands to access these entries. For ssl_TrustedCerts, ID is [[#CaCertificateId]]. |
| | | |
| = Client cert+privk = | | = Client cert+privk = |