The-Homebrew-Cloud/wut
2
0
Fork 0
mirror of https://github.com/wiiu-env/wut.git synced 2024-12-05 03:04:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #77 from QuarkTheAwesome/master

Browse Source 
NSSL: Add documentation, all the system CAs, and NSSLDestroyConnection
This commit is contained in:
James 2018-06-28 02:42:18 -07:00 committed by GitHub
commit ba24b4a5f5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 341 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

336
include/nsysnet/nssl.h
View File

@ -4,46 +4,318 @@
/**
* \defgroup nsysnet_nssl Nintendo SSL
* \ingroup nsysnet
*
* The NSSL library is Nintendo's interface for making SSL connections on the
* Wii U. To use NSSL directly, call NSSLInit() then NSSLCreateContext() to
* create a context. This context - after adding root CAs via NSSLAddServerPKI()
* or NSSLAddServerPKIExternal() - can be used to create connections
* (NSSLCreateConnection()) that can transfer data using NSSLRead() and
* NSSLWrite().
*
* For HTTPS connections, consider using nlibcurl.
*
* \if false
* meta: how to link to nlibcurl's Doxygen page?
* \endif
*
* @{
*/
#ifdef __cplusplus
extern "C" {
#endif
//! A handle to a NSSL context created with NSSLCreateContext().
typedef int32_t NSSLContextHandle;
//! A handle to a NSSL connection created with NSSLCreateConnection().
typedef int32_t NSSLConnectionHandle;
/**
* The IDs of a system CA. These certificates are built-in to the system and can
* be added to a NSSL context with NSSLAddServerPKI().
*
* The names and fingerprints given in this documentation are taken from the
* real certificates inside the Wii U's CDN package.
*
* \if false
* Certificate list taken from 0005001B-10054000/content/certstore_metadata.txt
* \endif
*/
typedef enum NSSLServerCertId
{
NSSL_SERVER_CERT_GROUP_0_FIRST = 100,
NSSL_SERVER_CERT_GROUP_0_LAST = 105,
//! Represents the first certificate in the Nintendo CA group.
NSSL_SERVER_CERT_GROUP_NINTENDO_FIRST = 100,
//! Nintendo CA
//! (SHA1: B5 22 94 55 DD 26 C1 F5 3C 73 06 0E 90 89 B3 91 38 9E 1F 75)
NSSL_SERVER_CERT_NINTENDO_CA = 100,
//! Nintendo CA - G2
//! (SHA1: C6 0B 2A 5C C9 0F 06 30 CC A3 30 40 DF 6B 33 78 23 9F 3B FA)
NSSL_SERVER_CERT_NINTENDO_CA_G2 = 101,
//! Nintendo CA - G3
//! (SHA1: 68 A0 77 05 CC C7 A4 08 41 6E 0E D7 AD 65 F2 EC 3F EA 98 62)
NSSL_SERVER_CERT_NINTENDO_CA_G3 = 102,
//! Nintendo Class 2 CA
//! (SHA1: AA 8E F6 6A E0 F8 07 ED B8 41 C8 89 EE 36 66 A2 59 A2 8C CC)
NSSL_SERVER_CERT_NINTENDO_CLASS2_CA = 103,
//! Nintendo Class 2 CA - G2
//! (SHA1: 03 9D E5 37 3A C6 5E 1A EE 89 8D 54 E7 56 35 76 EB BE 54 9B)
NSSL_SERVER_CERT_NINTENDO_CLASS2_CA_G2 = 104,
//! Nintendo Class 2 CA - G3
//! (SHA1: FA B5 6C 4C C7 CF F5 07 1D 40 B6 B0 07 38 61 D2 90 CA 2A 1A)
NSSL_SERVER_CERT_NINTENDO_CLASS2_CA_G3 = 105,
//! Represents the last certificate in the Nintendo CA group.
NSSL_SERVER_CERT_GROUP_NINTENDO_LAST = 105,
NSSL_SERVER_CERT_GROUP_1_FIRST = 1001,
NSSL_SERVER_CERT_GROUP_1_LAST = 1033,
//! Represents the first certificate in the commercial CA group.
NSSL_SERVER_CERT_GROUP_COMMERCIAL_FIRST = 1001,
//! Baltimore CyberTrust Root
//! (SHA1: D4 DE 20 D0 5E 66 FC 53 FE 1A 50 88 2C 78 DB 28 52 CA E4 74)
NSSL_SERVER_CERT_BALTIMORE_CYBERTRUST_ROOT_CA = 1001,
//! Cybertrust Global Root
//! (SHA1: 5F 43 E5 B1 BF F8 78 8C AC 1C C7 CA 4A 9A C6 22 2B CC 34 C6)
NSSL_SERVER_CERT_CYBERTRUST_GLOBAL_ROOT_CA = 1002,
//! Verizon Global Root
//! (SHA1: 91 21 98 EE F2 3D CA C4 09 39 31 2F EE 97 DD 56 0B AE 49 B1)
NSSL_SERVER_CERT_VERIZON_GLOBAL_ROOT_CA = 1003,
//! GlobalSign Root CA
//! (SHA1: B1 BC 96 8B D4 F4 9D 62 2A A8 9A 81 F2 15 01 52 A4 1D 82 9C)
NSSL_SERVER_CERT_GLOBALSIGN_ROOT_CA = 1004,
//! GlobalSign
//! (SHA1: 75 E0 AB B6 13 85 12 27 1C 04 F8 5F DD DE 38 E4 B7 24 2E FE)
NSSL_SERVER_CERT_GLOBALSIGN_ROOT_CA_R2 = 1005,
//! GlobalSign
//! (SHA1: D6 9B 56 11 48 F0 1C 77 C5 45 78 C1 09 26 DF 5B 85 69 76 AD)
NSSL_SERVER_CERT_GLOBALSIGN_ROOT_CA_R3 = 1006,
//! VeriSign Class 3 Public Primary Certification Authority - G3
//! (SHA1: 13 2D 0D 45 53 4B 69 97 CD B2 D5 C3 39 E2 55 76 60 9B 5C C6)
NSSL_SERVER_CERT_VERISIGN_CLASS3_PUBLIC_PRIMARY_CA_G3 = 1007,
//! VeriSign Universal Root Certification Authority
//! (SHA1: 36 79 CA 35 66 87 72 30 4D 30 A5 FB 87 3B 0F A7 7B B7 0D 54)
NSSL_SERVER_CERT_VERISIGN_UNIVERSAL_ROOT_CA = 1008,
//! VeriSign Class 3 Public Primary Certification Authority - G5
//! (SHA1: 4E B6 D5 78 49 9B 1C CF 5F 58 1E AD 56 BE 3D 9B 67 44 A5 E5)
NSSL_SERVER_CERT_VERISIGN_CLASS3_PUBLIC_PRIMARY_CA_G5 = 1009,
//! thawte Primary Root CA - G3
//! (SHA1: F1 8B 53 8D 1B E9 03 B6 A6 F0 56 43 5B 17 15 89 CA F3 6B F2)
NSSL_SERVER_CERT_THAWTE_PRIMARY_ROOT_CA_G3 = 1010,
//! thawte Primary Root CA
//! (SHA1: 91 C6 D6 EE 3E 8A C8 63 84 E5 48 C2 99 29 5C 75 6C 81 7B 81)
NSSL_SERVER_CERT_THAWTE_PRIMARY_ROOT_CA = 1011,
//! GeoTrust Global CA
//! (SHA1: DE 28 F4 A4 FF E5 B9 2F A3 C5 03 D1 A3 49 A7 F9 96 2A 82 12)
NSSL_SERVER_CERT_GEOTRUST_GLOBAL_CA = 1012,
//! GeoTrust Global CA 2
//! (SHA1: A9 E9 78 08 14 37 58 88 F2 05 19 B0 6D 2B 0D 2B 60 16 90 7D)
NSSL_SERVER_CERT_GEOTRUST_GLOBAL_CA2 = 1013,
//! GeoTrust Primary Certification Authority
//! (SHA1: 32 3C 11 8E 1B F7 B8 B6 52 54 E2 E2 10 0D D6 02 90 37 F0 96)
NSSL_SERVER_CERT_GEOTRUST_PRIMARY_CA = 1014,
//! GeoTrust Primary Certification Authority - G3
//! (SHA1: 03 9E ED B8 0B E7 A0 3C 69 53 89 3B 20 D2 D9 32 3A 4C 2A FD)
NSSL_SERVER_CERT_GEOTRUST_PRIMARY_CA_G3 = 1015,
//! AddTrust External CA Root
//! (SHA1: 02 FA F3 E2 91 43 54 68 60 78 57 69 4D F5 E4 5B 68 85 18 68)
NSSL_SERVER_CERT_ADDTRUST_EXT_CA_ROOT = 1016,
//! COMODO Certification Authority
//! (SHA1: EE 86 93 87 FF FD 83 49 AB 5A D1 43 22 58 87 89 A4 57 B0 12)
NSSL_SERVER_CERT_COMODO_CA = 1017,
//! UTN - DATACorp SGC
//! (SHA1: 58 11 9F 0E 12 82 87 EA 50 FD D9 87 45 6F 4F 78 DC FA D6 D4)
NSSL_SERVER_CERT_UTN_DATACORP_SGC_CA = 1018,
//! UTN-USERFirst-Hardware
//! (SHA1: 04 83 ED 33 99 AC 36 08 05 87 22 ED BC 5E 46 00 E3 BE F9 D7)
NSSL_SERVER_CERT_UTN_USERFIRST_HARDWARE_CA = 1019,
//! DigiCert High Assurance EV Root CA
//! (SHA1: 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25)
NSSL_SERVER_CERT_DIGICERT_HIGH_ASSURANCE_EV_ROOT_CA = 1020,
//! DigiCert Assured ID Root CA
//! (SHA1: 05 63 B8 63 0D 62 D7 5A BB C8 AB 1E 4B DF B5 A8 99 B2 4D 43)
NSSL_SERVER_CERT_DIGICERT_ASSURED_ID_ROOT_CA = 1021,
//! DigiCert Global Root CA
//! (SHA1: A8 98 5D 3A 65 E5 E5 C4 B2 D7 D6 6D 40 C6 DD 2F B1 9C 54 36)
NSSL_SERVER_CERT_DIGICERT_GLOBAL_ROOT_CA = 1022,
//! GTE CyberTrust Global Root
//! (SHA1: 97 81 79 50 D8 1C 96 70 CC 34 D8 09 CF 79 44 31 36 7E F4 74)
NSSL_SERVER_CERT_GTE_CYBERTRUST_GLOBAL_ROOT = 1023,
//! [No common name]
//! (SHA1: A1 DB 63 93 91 6F 17 E4 18 55 09 40 04 15 C7 02 40 B0 AE 6B)
NSSL_SERVER_CERT_VERISIGN_CLASS3_PUBLIC_PRIMARY_CA = 1024,
//! Thawte Premium Server CA
//! (SHA1: 62 7F 8D 78 27 65 63 99 D2 7D 7F 90 44 C9 FE B3 F3 3E FA 9A)
NSSL_SERVER_CERT_THAWTE_PREMIUM_SERVER_CA = 1025,
//! [No common name]
//! (SHA1: D2 32 09 AD 23 D3 14 23 21 74 E4 0D 7F 9D 62 13 97 86 63 3A)
NSSL_SERVER_CERT_EQUIFAX_SECURE_CA = 1026,
//! Entrust.net Secure Server Certification Authority
//! (SHA1: 99 A6 9B E6 1A FE 88 6B 4D 2B 82 00 7C B8 54 FC 31 7E 15 39)
NSSL_SERVER_CERT_ENTRUST_SECURE_SERVER_CA = 1027,
//! [No common name]
//! (SHA1: 85 37 1C A6 E5 50 14 3D CE 28 03 47 1B DE 3A 09 E8 F8 77 0F)
NSSL_SERVER_CERT_VERISIGN_CLASS3_PUBLIC_PRIMARY_CA_G2 = 1028,
//! Entrust.net Certification Authority (2048)
//! (SHA1: 50 30 06 09 1D 97 D4 F5 AE 39 F7 CB E7 92 7D 7D 65 2D 34 31)
NSSL_SERVER_CERT_ENTRUST_CA_2048 = 1029,
//! Entrust Root Certification Authority
//! (SHA1: B3 1E B1 B7 40 E3 6C 84 02 DA DC 37 D4 4D F5 D4 67 49 52 F9)
NSSL_SERVER_CERT_ENTRUST_ROOT_CA = 1030,
//! Entrust Root Certification Authority - G2
//! (SHA1: 8C F4 27 FD 79 0C 3A D1 66 06 8D E8 1E 57 EF BB 93 22 72 D4)
NSSL_SERVER_CERT_ENTRUST_ROOT_CA_G2 = 1031,
//! DigiCert Assured ID Root G2
//! (SHA1: A1 4B 48 D9 43 EE 0A 0E 40 90 4F 3C E0 A4 C0 91 93 51 5D 3F)
NSSL_SERVER_CERT_DIGICERT_ASSURED_ID_ROOT_CA_G2 = 1032,
//! DigiCert Global Root G2
//! (SHA1: DF 3C 24 F9 BF D6 66 76 1B 26 80 73 FE 06 D1 CC 8D 4F 82 A4)
NSSL_SERVER_CERT_DIGICERT_GLOBAL_ROOT_CA_G2 = 1033,
//! Represents the last certificate in the commerical CA group.
NSSL_SERVER_CERT_GROUP_COMMERCIAL_LAST = 1033,
//! Represents the first certificate in the 4096-bit commercial CA group.
NSSL_SERVER_CERT_GROUP_COMMERCIAL_4096_FIRST = 1900,
//! COMODO RSA Certification Authority
//! (SHA1: AF E5 D2 44 A8 D1 19 42 30 FF 47 9F E2 F8 97 BB CD 7A 8C B4)
NSSL_SERVER_CERT_COMODO_RSA_CA = 1900,
//! USERTrust RSA Certification Authority
//! (SHA1: 2B 8F 1B 57 33 0D BB A2 D0 7A 6C 51 F7 0E E9 0D DA B9 AD 8E)
NSSL_SERVER_CERT_USERTRUST_RSA_CA = 1901,
//! Represents the last certificate in the 4096-bit commercial CA group.
NSSL_SERVER_CERT_GROUP_COMMERCIAL_4096_LAST = 1901,
} NSSLServerCertId;
/**
* Initialises the NSSL library for use. This must be called before any other
* NSSL functions.
*
* \returns
* 0 on success, or a negative error code on failure.
*
* \sa
* - NSSLFinish()
*/
int32_t
NSSLInit();
/**
* Cleans up and finishes use of the NSSL library.
*
* \returns
* 0 on success, or -1 on error.
*/
int32_t
NSSLFinish();
/**
* Creates a context to use with the NSSL library. A context contains root CAs
* and connections.
*
* \param unk
* Unknown. A value of 0 appears to work.
*
* \returns
* A #NSSLContextHandle representing the newly created context, or a negative
* value on error.
*
* \sa
* - NSSLDestroyContext()
*/
NSSLContextHandle
NSSLCreateContext(int32_t unk);
/**
* Destroys a NSSL context.
*
* \param context
* The NSSL context to destroy.
*
* \returns
* 0 on success, or a negative value if an error occured.
*/
int32_t
NSSLDestroyContext(NSSLContextHandle context);
/**
* Add a custom root CA to the given NSSL context.
*
* \param context
* The NSSL context to add a root CA to.
*
* \param cert
* A pointer to a buffer containing the certificate data.
*
* \param length
* The length of the certificate buffer.
*
* \param unk
* Unknown.
*
* \returns
* 0 on success, or a negative value on error.
*
* \sa
* - NSSLAddServerPKI()
*
* \if false
* meta: what format does the certificate need to be? The internal ones are
* x509 in binary DER. What's a working value for unk? 0?
* \endif
*/
int32_t
NSSLAddServerPKIExternal(NSSLContextHandle context,
const void *cert,
int32_t length,
int32_t unk);
/**
* Add a system root CA (one of #NSSLServerCertId) to the given NSSL context.
*
* \param context
* The NSSL context to add a root CA to.
*
* \param pki
* The #NSSLServerCertId representing the system CA to add.
*
* \returns
* 0 on success, or a negative value on error.
*
* \sa
* - NSSLAddServerPKIExternal()
*/
int32_t
NSSLAddServerPKI(NSSLContextHandle context,
NSSLServerCertId pki);
/**
* Open an SSL connection.
*
* \param context
* The context to open the connection under.
*
* \param host
* The domain or IP of the host to connect to.
*
* \param hostLength
* The length of the "host" buffer.
*
* \param options
* Options for the underlying socket.
*
* \param socket
* An existing socket to use for the connection, or NULL.
*
* \param block
* If opening a new underlying socket, whether to open it in blocking mode.
*
* \returns
* A #NSSLConnectionHandle representing the current connection.
*
* \sa
* - NSSLRead()
* - NSSLWrite()
* - NSSLDestroyConnection()
*
* \if false
* meta: kinda guessing socket and options here, needs confirmation
* \endif
*/
NSSLConnectionHandle
NSSLCreateConnection(NSSLContextHandle context,
const char *host,
@ -52,12 +324,68 @@ NSSLCreateConnection(NSSLContextHandle context,
int32_t socket,
int32_t block);
/**
* Close and destroy a NSSL connection.
*
* \param connection
* The connection to destroy.
*
* \returns
* 0 on success or a negative error value.
*/
int32_t
NSSLDestroyConnection(NSSLConnectionHandle connection);
/**
* Read data from an open NSSL connection into a given buffer.
*
* \param connection
* The connection to read data from.
*
* \param buffer
* A buffer to read decrypted data into.
*
* \param length
* The length of the given buffer.
*
* \param outBytesRead
* A pointer to write the actual number of read bytes into. This may be smaller
* than the input buffer.
*
* \returns
* 0 on success, or a negative value on error.
*
* \sa
* - NSSLWrite()
*/
int32_t
NSSLRead(NSSLConnectionHandle connection,
const void *buffer,
int32_t length,
int32_t *outBytesRead);
/**
* Write data to an open NSSL connection from a given buffer.
*
* \param connection
* The connection to write data to.
*
* \param buffer
* A buffer containing the data to be sent.
*
* \param length
* The length of the given buffer.
*
* \param outBytesWritten
* A pointer to write the actual number of written bytes into. This may be
* smaller than the input buffer.
*
* \returns
* 0 on success, or a negative value on error.
*
* \sa
* - NSSLRead()
*/
int32_t
NSSLWrite(NSSLConnectionHandle connection,
const void *buffer,

11
samples/curl/main.c
View File

@ -113,14 +113,21 @@ main(int argc, char **argv)
goto exit;
}
for(int i = NSSL_SERVER_CERT_GROUP_0_FIRST; i <= NSSL_SERVER_CERT_GROUP_0_LAST; ++i) {
for(int i = NSSL_SERVER_CERT_GROUP_NINTENDO_FIRST; i <= NSSL_SERVER_CERT_GROUP_NINTENDO_LAST; ++i) {
ret = NSSLAddServerPKI(context, i);
if (ret < 0) {
WHBLogPrintf("NSSLAddServerPKI(context, %d) failed with error %d.", i, ret);
}
}
for(int i = NSSL_SERVER_CERT_GROUP_1_FIRST; i <= NSSL_SERVER_CERT_GROUP_1_LAST; ++i) {
for(int i = NSSL_SERVER_CERT_GROUP_COMMERCIAL_FIRST; i <= NSSL_SERVER_CERT_GROUP_COMMERCIAL_LAST; ++i) {
NSSLAddServerPKI(context, i);
if (ret < 0) {
WHBLogPrintf("NSSLAddServerPKI(context, %d) failed with error %d.", i, ret);
}
}
for(int i = NSSL_SERVER_CERT_GROUP_COMMERCIAL_4096_FIRST; i <= NSSL_SERVER_CERT_GROUP_COMMERCIAL_4096_LAST; ++i) {
NSSLAddServerPKI(context, i);
if (ret < 0) {
WHBLogPrintf("NSSLAddServerPKI(context, %d) failed with error %d.", i, ret);