mirror of
https://github.com/wiiu-env/wut.git
synced 2025-01-25 02:21:16 +01:00
400 lines
13 KiB
C
400 lines
13 KiB
C
#pragma once
|
|
#include <wut.h>
|
|
|
|
/**
|
|
* \defgroup nsysnet_nssl Nintendo SSL
|
|
* \ingroup nsysnet
|
|
*
|
|
* The NSSL library is Nintendo's interface for making SSL connections on the
|
|
* Wii U. To use NSSL directly, call NSSLInit() then NSSLCreateContext() to
|
|
* create a context. This context - after adding root CAs via NSSLAddServerPKI()
|
|
* or NSSLAddServerPKIExternal() - can be used to create connections
|
|
* (NSSLCreateConnection()) that can transfer data using NSSLRead() and
|
|
* NSSLWrite().
|
|
*
|
|
* For HTTPS connections, consider using nlibcurl.
|
|
*
|
|
* \if false
|
|
* meta: how to link to nlibcurl's Doxygen page?
|
|
* \endif
|
|
*
|
|
* @{
|
|
*/
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
//! A handle to a NSSL context created with NSSLCreateContext().
|
|
typedef int32_t NSSLContextHandle;
|
|
//! A handle to a NSSL connection created with NSSLCreateConnection().
|
|
typedef int32_t NSSLConnectionHandle;
|
|
|
|
/**
|
|
* The IDs of a system CA. These certificates are built-in to the system and can
|
|
* be added to a NSSL context with NSSLAddServerPKI().
|
|
*
|
|
* The names and fingerprints given in this documentation are taken from the
|
|
* real certificates inside the Wii U's CDN package.
|
|
*
|
|
* \if false
|
|
* Certificate list taken from 0005001B-10054000/content/certstore_metadata.txt
|
|
* \endif
|
|
*/
|
|
typedef enum NSSLServerCertId
|
|
{
|
|
//! Represents the first certificate in the Nintendo CA group.
|
|
NSSL_SERVER_CERT_GROUP_NINTENDO_FIRST = 100,
|
|
//! Nintendo CA
|
|
//! (SHA1: B5 22 94 55 DD 26 C1 F5 3C 73 06 0E 90 89 B3 91 38 9E 1F 75)
|
|
NSSL_SERVER_CERT_NINTENDO_CA = 100,
|
|
//! Nintendo CA - G2
|
|
//! (SHA1: C6 0B 2A 5C C9 0F 06 30 CC A3 30 40 DF 6B 33 78 23 9F 3B FA)
|
|
NSSL_SERVER_CERT_NINTENDO_CA_G2 = 101,
|
|
//! Nintendo CA - G3
|
|
//! (SHA1: 68 A0 77 05 CC C7 A4 08 41 6E 0E D7 AD 65 F2 EC 3F EA 98 62)
|
|
NSSL_SERVER_CERT_NINTENDO_CA_G3 = 102,
|
|
//! Nintendo Class 2 CA
|
|
//! (SHA1: AA 8E F6 6A E0 F8 07 ED B8 41 C8 89 EE 36 66 A2 59 A2 8C CC)
|
|
NSSL_SERVER_CERT_NINTENDO_CLASS2_CA = 103,
|
|
//! Nintendo Class 2 CA - G2
|
|
//! (SHA1: 03 9D E5 37 3A C6 5E 1A EE 89 8D 54 E7 56 35 76 EB BE 54 9B)
|
|
NSSL_SERVER_CERT_NINTENDO_CLASS2_CA_G2 = 104,
|
|
//! Nintendo Class 2 CA - G3
|
|
//! (SHA1: FA B5 6C 4C C7 CF F5 07 1D 40 B6 B0 07 38 61 D2 90 CA 2A 1A)
|
|
NSSL_SERVER_CERT_NINTENDO_CLASS2_CA_G3 = 105,
|
|
//! Represents the last certificate in the Nintendo CA group.
|
|
NSSL_SERVER_CERT_GROUP_NINTENDO_LAST = 105,
|
|
|
|
//! Represents the first certificate in the commercial CA group.
|
|
NSSL_SERVER_CERT_GROUP_COMMERCIAL_FIRST = 1001,
|
|
//! Baltimore CyberTrust Root
|
|
//! (SHA1: D4 DE 20 D0 5E 66 FC 53 FE 1A 50 88 2C 78 DB 28 52 CA E4 74)
|
|
NSSL_SERVER_CERT_BALTIMORE_CYBERTRUST_ROOT_CA = 1001,
|
|
//! Cybertrust Global Root
|
|
//! (SHA1: 5F 43 E5 B1 BF F8 78 8C AC 1C C7 CA 4A 9A C6 22 2B CC 34 C6)
|
|
NSSL_SERVER_CERT_CYBERTRUST_GLOBAL_ROOT_CA = 1002,
|
|
//! Verizon Global Root
|
|
//! (SHA1: 91 21 98 EE F2 3D CA C4 09 39 31 2F EE 97 DD 56 0B AE 49 B1)
|
|
NSSL_SERVER_CERT_VERIZON_GLOBAL_ROOT_CA = 1003,
|
|
//! GlobalSign Root CA
|
|
//! (SHA1: B1 BC 96 8B D4 F4 9D 62 2A A8 9A 81 F2 15 01 52 A4 1D 82 9C)
|
|
NSSL_SERVER_CERT_GLOBALSIGN_ROOT_CA = 1004,
|
|
//! GlobalSign
|
|
//! (SHA1: 75 E0 AB B6 13 85 12 27 1C 04 F8 5F DD DE 38 E4 B7 24 2E FE)
|
|
NSSL_SERVER_CERT_GLOBALSIGN_ROOT_CA_R2 = 1005,
|
|
//! GlobalSign
|
|
//! (SHA1: D6 9B 56 11 48 F0 1C 77 C5 45 78 C1 09 26 DF 5B 85 69 76 AD)
|
|
NSSL_SERVER_CERT_GLOBALSIGN_ROOT_CA_R3 = 1006,
|
|
//! VeriSign Class 3 Public Primary Certification Authority - G3
|
|
//! (SHA1: 13 2D 0D 45 53 4B 69 97 CD B2 D5 C3 39 E2 55 76 60 9B 5C C6)
|
|
NSSL_SERVER_CERT_VERISIGN_CLASS3_PUBLIC_PRIMARY_CA_G3 = 1007,
|
|
//! VeriSign Universal Root Certification Authority
|
|
//! (SHA1: 36 79 CA 35 66 87 72 30 4D 30 A5 FB 87 3B 0F A7 7B B7 0D 54)
|
|
NSSL_SERVER_CERT_VERISIGN_UNIVERSAL_ROOT_CA = 1008,
|
|
//! VeriSign Class 3 Public Primary Certification Authority - G5
|
|
//! (SHA1: 4E B6 D5 78 49 9B 1C CF 5F 58 1E AD 56 BE 3D 9B 67 44 A5 E5)
|
|
NSSL_SERVER_CERT_VERISIGN_CLASS3_PUBLIC_PRIMARY_CA_G5 = 1009,
|
|
//! thawte Primary Root CA - G3
|
|
//! (SHA1: F1 8B 53 8D 1B E9 03 B6 A6 F0 56 43 5B 17 15 89 CA F3 6B F2)
|
|
NSSL_SERVER_CERT_THAWTE_PRIMARY_ROOT_CA_G3 = 1010,
|
|
//! thawte Primary Root CA
|
|
//! (SHA1: 91 C6 D6 EE 3E 8A C8 63 84 E5 48 C2 99 29 5C 75 6C 81 7B 81)
|
|
NSSL_SERVER_CERT_THAWTE_PRIMARY_ROOT_CA = 1011,
|
|
//! GeoTrust Global CA
|
|
//! (SHA1: DE 28 F4 A4 FF E5 B9 2F A3 C5 03 D1 A3 49 A7 F9 96 2A 82 12)
|
|
NSSL_SERVER_CERT_GEOTRUST_GLOBAL_CA = 1012,
|
|
//! GeoTrust Global CA 2
|
|
//! (SHA1: A9 E9 78 08 14 37 58 88 F2 05 19 B0 6D 2B 0D 2B 60 16 90 7D)
|
|
NSSL_SERVER_CERT_GEOTRUST_GLOBAL_CA2 = 1013,
|
|
//! GeoTrust Primary Certification Authority
|
|
//! (SHA1: 32 3C 11 8E 1B F7 B8 B6 52 54 E2 E2 10 0D D6 02 90 37 F0 96)
|
|
NSSL_SERVER_CERT_GEOTRUST_PRIMARY_CA = 1014,
|
|
//! GeoTrust Primary Certification Authority - G3
|
|
//! (SHA1: 03 9E ED B8 0B E7 A0 3C 69 53 89 3B 20 D2 D9 32 3A 4C 2A FD)
|
|
NSSL_SERVER_CERT_GEOTRUST_PRIMARY_CA_G3 = 1015,
|
|
//! AddTrust External CA Root
|
|
//! (SHA1: 02 FA F3 E2 91 43 54 68 60 78 57 69 4D F5 E4 5B 68 85 18 68)
|
|
NSSL_SERVER_CERT_ADDTRUST_EXT_CA_ROOT = 1016,
|
|
//! COMODO Certification Authority
|
|
//! (SHA1: EE 86 93 87 FF FD 83 49 AB 5A D1 43 22 58 87 89 A4 57 B0 12)
|
|
NSSL_SERVER_CERT_COMODO_CA = 1017,
|
|
//! UTN - DATACorp SGC
|
|
//! (SHA1: 58 11 9F 0E 12 82 87 EA 50 FD D9 87 45 6F 4F 78 DC FA D6 D4)
|
|
NSSL_SERVER_CERT_UTN_DATACORP_SGC_CA = 1018,
|
|
//! UTN-USERFirst-Hardware
|
|
//! (SHA1: 04 83 ED 33 99 AC 36 08 05 87 22 ED BC 5E 46 00 E3 BE F9 D7)
|
|
NSSL_SERVER_CERT_UTN_USERFIRST_HARDWARE_CA = 1019,
|
|
//! DigiCert High Assurance EV Root CA
|
|
//! (SHA1: 5F B7 EE 06 33 E2 59 DB AD 0C 4C 9A E6 D3 8F 1A 61 C7 DC 25)
|
|
NSSL_SERVER_CERT_DIGICERT_HIGH_ASSURANCE_EV_ROOT_CA = 1020,
|
|
//! DigiCert Assured ID Root CA
|
|
//! (SHA1: 05 63 B8 63 0D 62 D7 5A BB C8 AB 1E 4B DF B5 A8 99 B2 4D 43)
|
|
NSSL_SERVER_CERT_DIGICERT_ASSURED_ID_ROOT_CA = 1021,
|
|
//! DigiCert Global Root CA
|
|
//! (SHA1: A8 98 5D 3A 65 E5 E5 C4 B2 D7 D6 6D 40 C6 DD 2F B1 9C 54 36)
|
|
NSSL_SERVER_CERT_DIGICERT_GLOBAL_ROOT_CA = 1022,
|
|
//! GTE CyberTrust Global Root
|
|
//! (SHA1: 97 81 79 50 D8 1C 96 70 CC 34 D8 09 CF 79 44 31 36 7E F4 74)
|
|
NSSL_SERVER_CERT_GTE_CYBERTRUST_GLOBAL_ROOT = 1023,
|
|
//! [No common name]
|
|
//! (SHA1: A1 DB 63 93 91 6F 17 E4 18 55 09 40 04 15 C7 02 40 B0 AE 6B)
|
|
NSSL_SERVER_CERT_VERISIGN_CLASS3_PUBLIC_PRIMARY_CA = 1024,
|
|
//! Thawte Premium Server CA
|
|
//! (SHA1: 62 7F 8D 78 27 65 63 99 D2 7D 7F 90 44 C9 FE B3 F3 3E FA 9A)
|
|
NSSL_SERVER_CERT_THAWTE_PREMIUM_SERVER_CA = 1025,
|
|
//! [No common name]
|
|
//! (SHA1: D2 32 09 AD 23 D3 14 23 21 74 E4 0D 7F 9D 62 13 97 86 63 3A)
|
|
NSSL_SERVER_CERT_EQUIFAX_SECURE_CA = 1026,
|
|
//! Entrust.net Secure Server Certification Authority
|
|
//! (SHA1: 99 A6 9B E6 1A FE 88 6B 4D 2B 82 00 7C B8 54 FC 31 7E 15 39)
|
|
NSSL_SERVER_CERT_ENTRUST_SECURE_SERVER_CA = 1027,
|
|
//! [No common name]
|
|
//! (SHA1: 85 37 1C A6 E5 50 14 3D CE 28 03 47 1B DE 3A 09 E8 F8 77 0F)
|
|
NSSL_SERVER_CERT_VERISIGN_CLASS3_PUBLIC_PRIMARY_CA_G2 = 1028,
|
|
//! Entrust.net Certification Authority (2048)
|
|
//! (SHA1: 50 30 06 09 1D 97 D4 F5 AE 39 F7 CB E7 92 7D 7D 65 2D 34 31)
|
|
NSSL_SERVER_CERT_ENTRUST_CA_2048 = 1029,
|
|
//! Entrust Root Certification Authority
|
|
//! (SHA1: B3 1E B1 B7 40 E3 6C 84 02 DA DC 37 D4 4D F5 D4 67 49 52 F9)
|
|
NSSL_SERVER_CERT_ENTRUST_ROOT_CA = 1030,
|
|
//! Entrust Root Certification Authority - G2
|
|
//! (SHA1: 8C F4 27 FD 79 0C 3A D1 66 06 8D E8 1E 57 EF BB 93 22 72 D4)
|
|
NSSL_SERVER_CERT_ENTRUST_ROOT_CA_G2 = 1031,
|
|
//! DigiCert Assured ID Root G2
|
|
//! (SHA1: A1 4B 48 D9 43 EE 0A 0E 40 90 4F 3C E0 A4 C0 91 93 51 5D 3F)
|
|
NSSL_SERVER_CERT_DIGICERT_ASSURED_ID_ROOT_CA_G2 = 1032,
|
|
//! DigiCert Global Root G2
|
|
//! (SHA1: DF 3C 24 F9 BF D6 66 76 1B 26 80 73 FE 06 D1 CC 8D 4F 82 A4)
|
|
NSSL_SERVER_CERT_DIGICERT_GLOBAL_ROOT_CA_G2 = 1033,
|
|
//! Represents the last certificate in the commerical CA group.
|
|
NSSL_SERVER_CERT_GROUP_COMMERCIAL_LAST = 1033,
|
|
|
|
//! Represents the first certificate in the 4096-bit commercial CA group.
|
|
NSSL_SERVER_CERT_GROUP_COMMERCIAL_4096_FIRST = 1900,
|
|
//! COMODO RSA Certification Authority
|
|
//! (SHA1: AF E5 D2 44 A8 D1 19 42 30 FF 47 9F E2 F8 97 BB CD 7A 8C B4)
|
|
NSSL_SERVER_CERT_COMODO_RSA_CA = 1900,
|
|
//! USERTrust RSA Certification Authority
|
|
//! (SHA1: 2B 8F 1B 57 33 0D BB A2 D0 7A 6C 51 F7 0E E9 0D DA B9 AD 8E)
|
|
NSSL_SERVER_CERT_USERTRUST_RSA_CA = 1901,
|
|
//! Represents the last certificate in the 4096-bit commercial CA group.
|
|
NSSL_SERVER_CERT_GROUP_COMMERCIAL_4096_LAST = 1901,
|
|
} NSSLServerCertId;
|
|
|
|
/**
|
|
* Initialises the NSSL library for use. This must be called before any other
|
|
* NSSL functions.
|
|
*
|
|
* \returns
|
|
* 0 on success, or a negative error code on failure.
|
|
*
|
|
* \sa
|
|
* - NSSLFinish()
|
|
*/
|
|
int32_t
|
|
NSSLInit();
|
|
|
|
/**
|
|
* Cleans up and finishes use of the NSSL library.
|
|
*
|
|
* \returns
|
|
* 0 on success, or -1 on error.
|
|
*/
|
|
int32_t
|
|
NSSLFinish();
|
|
|
|
/**
|
|
* Creates a context to use with the NSSL library. A context contains root CAs
|
|
* and connections.
|
|
*
|
|
* \param unk
|
|
* Unknown. A value of 0 appears to work.
|
|
*
|
|
* \returns
|
|
* A #NSSLContextHandle representing the newly created context, or a negative
|
|
* value on error.
|
|
*
|
|
* \sa
|
|
* - NSSLDestroyContext()
|
|
*/
|
|
NSSLContextHandle
|
|
NSSLCreateContext(int32_t unk);
|
|
|
|
/**
|
|
* Destroys a NSSL context.
|
|
*
|
|
* \param context
|
|
* The NSSL context to destroy.
|
|
*
|
|
* \returns
|
|
* 0 on success, or a negative value if an error occured.
|
|
*/
|
|
int32_t
|
|
NSSLDestroyContext(NSSLContextHandle context);
|
|
|
|
/**
|
|
* Add a custom root CA to the given NSSL context.
|
|
*
|
|
* \param context
|
|
* The NSSL context to add a root CA to.
|
|
*
|
|
* \param cert
|
|
* A pointer to a buffer containing the certificate data.
|
|
*
|
|
* \param length
|
|
* The length of the certificate buffer.
|
|
*
|
|
* \param unk
|
|
* Unknown.
|
|
*
|
|
* \returns
|
|
* 0 on success, or a negative value on error.
|
|
*
|
|
* \sa
|
|
* - NSSLAddServerPKI()
|
|
*
|
|
* \if false
|
|
* meta: what format does the certificate need to be? The internal ones are
|
|
* x509 in binary DER. What's a working value for unk? 0?
|
|
* \endif
|
|
*/
|
|
int32_t
|
|
NSSLAddServerPKIExternal(NSSLContextHandle context,
|
|
const void *cert,
|
|
int32_t length,
|
|
int32_t unk);
|
|
|
|
/**
|
|
* Add a system root CA (one of #NSSLServerCertId) to the given NSSL context.
|
|
*
|
|
* \param context
|
|
* The NSSL context to add a root CA to.
|
|
*
|
|
* \param pki
|
|
* The #NSSLServerCertId representing the system CA to add.
|
|
*
|
|
* \returns
|
|
* 0 on success, or a negative value on error.
|
|
*
|
|
* \sa
|
|
* - NSSLAddServerPKIExternal()
|
|
*/
|
|
int32_t
|
|
NSSLAddServerPKI(NSSLContextHandle context,
|
|
NSSLServerCertId pki);
|
|
|
|
/**
|
|
* Open an SSL connection.
|
|
*
|
|
* \param context
|
|
* The context to open the connection under.
|
|
*
|
|
* \param host
|
|
* The domain or IP of the host to connect to.
|
|
*
|
|
* \param hostLength
|
|
* The length of the "host" buffer.
|
|
*
|
|
* \param options
|
|
* Options for the underlying socket.
|
|
*
|
|
* \param socket
|
|
* An existing socket to use for the connection, or NULL.
|
|
*
|
|
* \param block
|
|
* If opening a new underlying socket, whether to open it in blocking mode.
|
|
*
|
|
* \returns
|
|
* A #NSSLConnectionHandle representing the current connection.
|
|
*
|
|
* \sa
|
|
* - NSSLRead()
|
|
* - NSSLWrite()
|
|
* - NSSLDestroyConnection()
|
|
*
|
|
* \if false
|
|
* meta: kinda guessing socket and options here, needs confirmation
|
|
* \endif
|
|
*/
|
|
NSSLConnectionHandle
|
|
NSSLCreateConnection(NSSLContextHandle context,
|
|
const char *host,
|
|
int32_t hostLength,
|
|
int32_t options,
|
|
int32_t socket,
|
|
int32_t block);
|
|
|
|
/**
|
|
* Close and destroy a NSSL connection.
|
|
*
|
|
* \param connection
|
|
* The connection to destroy.
|
|
*
|
|
* \returns
|
|
* 0 on success or a negative error value.
|
|
*/
|
|
int32_t
|
|
NSSLDestroyConnection(NSSLConnectionHandle connection);
|
|
|
|
/**
|
|
* Read data from an open NSSL connection into a given buffer.
|
|
*
|
|
* \param connection
|
|
* The connection to read data from.
|
|
*
|
|
* \param buffer
|
|
* A buffer to read decrypted data into.
|
|
*
|
|
* \param length
|
|
* The length of the given buffer.
|
|
*
|
|
* \param outBytesRead
|
|
* A pointer to write the actual number of read bytes into. This may be smaller
|
|
* than the input buffer.
|
|
*
|
|
* \returns
|
|
* 0 on success, or a negative value on error.
|
|
*
|
|
* \sa
|
|
* - NSSLWrite()
|
|
*/
|
|
int32_t
|
|
NSSLRead(NSSLConnectionHandle connection,
|
|
const void *buffer,
|
|
int32_t length,
|
|
int32_t *outBytesRead);
|
|
|
|
/**
|
|
* Write data to an open NSSL connection from a given buffer.
|
|
*
|
|
* \param connection
|
|
* The connection to write data to.
|
|
*
|
|
* \param buffer
|
|
* A buffer containing the data to be sent.
|
|
*
|
|
* \param length
|
|
* The length of the given buffer.
|
|
*
|
|
* \param outBytesWritten
|
|
* A pointer to write the actual number of written bytes into. This may be
|
|
* smaller than the input buffer.
|
|
*
|
|
* \returns
|
|
* 0 on success, or a negative value on error.
|
|
*
|
|
* \sa
|
|
* - NSSLRead()
|
|
*/
|
|
int32_t
|
|
NSSLWrite(NSSLConnectionHandle connection,
|
|
const void *buffer,
|
|
int32_t length,
|
|
int32_t *outBytesWritten);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
/** @} */
|