1 /*---------------------------------------------------------------------------* 2 Project: Horizon 3 File: nssl.h 4 Copyright (C)2009 Nintendo Co., Ltd. All rights reserved. 5 These coded instructions, statements, and computer programs contain 6 proprietary information of Nintendo of America Inc. and/or Nintendo 7 Company Ltd., and are protected by Federal copyright law. They may 8 not be disclosed to third parties or copied or duplicated in any form, 9 in whole or in part, without the prior written consent of Nintendo. 10 $Rev: 33107 $ 11 *--------------------------------------------------------------------------- 12 13 14 */ 15 16 #ifndef __NSSL_H__ 17 #define __NSSL_H__ 18 19 /*---------------------------------------------------------------------------* 20 * Includes 21 *---------------------------------------------------------------------------*/ 22 23 #include <nn/net/compatible/nos.h> 24 25 #ifdef __cplusplus 26 extern "C" { 27 #endif // __cplusplus 28 29 /*---------------------------------------------------------------------------* 30 * Definitions 31 *---------------------------------------------------------------------------*/ 32 #define NSSL_VERIFY_NONE 0x00 33 #define NSSL_VERIFY_COMMON_NAME 0x01 34 #define NSSL_VERIFY_ROOT_CA 0x02 35 #define NSSL_VERIFY_DATE 0x04 36 //#define NSSL_VERIFY_CHAIN 0x08 /* Removed because BSAFE verification mechanism cannot set chain verification "only" to OFF. */ 37 #define NSSL_VERIFY_SUBJECT_ALT_NAME 0x10 38 #define NSSL_VERIFY_EV 0x20 39 #define NSSL_OPTION_SESSION_CACHE 0x100 40 #define NSSL_VERIFY_IGNORE 0x200 /*Option to use certification verification, and connect without checking verification results*/ 41 #define NSSL_GET_ALL_SERVER_CERT_CHAIN 0x400 /*Option to get all data in the certificate chain*/ 42 43 #define NSSL_ERROR_BASE 0xfffff000 44 #define NSSL_ERROR_CODE(code) ((s32)(NSSL_ERROR_BASE|(code))) 45 46 /* Specify all values so that when the error code is returned as a number, the type of error can be easily understood. */ 47 enum { 48 NSSL_EFAILED = NSSL_ERROR_CODE(1), 49 NSSL_EWANT_READ = NSSL_ERROR_CODE(2), 50 NSSL_EWANT_WRITE = NSSL_ERROR_CODE(3), 51 NSSL_ESYSCALL = NSSL_ERROR_CODE(5), 52 NSSL_EZERO_RETURN = NSSL_ERROR_CODE(6), 53 NSSL_EWANT_CONNECT = NSSL_ERROR_CODE(7), 54 NSSL_ESSLID = NSSL_ERROR_CODE(8), 55 NSSL_EVERIFY_COMMON_NAME = NSSL_ERROR_CODE(9), 56 NSSL_EVERIFY_ROOT_CA = NSSL_ERROR_CODE(10), 57 NSSL_EVERIFY_CHAIN = NSSL_ERROR_CODE(11), 58 NSSL_EVERIFY_DATE = NSSL_ERROR_CODE(12), 59 NSSL_EGET_SERVER_CERT = NSSL_ERROR_CODE(13), 60 NSSL_EROOTCAID = NSSL_ERROR_CODE(14), // Not used 61 NSSL_ECLIENTCERTID = NSSL_ERROR_CODE(15), // Not used 62 NSSL_EVERIFY_REVOKED_CERT = NSSL_ERROR_CODE(16), 63 NSSL_ESTATE = NSSL_ERROR_CODE(17), 64 NSSL_EVERIFY_USER = NSSL_ERROR_CODE(18), 65 NSSL_ERANDOM = NSSL_ERROR_CODE(19), 66 NSSL_EVERIFY_SERVER_CERT = NSSL_ERROR_CODE(20), 67 NSSL_ECERT_BUF_ALREADY_SET = NSSL_ERROR_CODE(21), 68 NSSL_ENONE = 0 69 }; 70 71 /* Please see man pages for details 72 73 74 */ 75 #define NSSL_ID_MAX 6 76 77 /* Please see man pages for details 78 79 */ 80 #define CERT_SIZE 1024*2 /* Please see man pages for details */ 81 82 #define NSSL_CERTS_MAX 50 /* Please see man pages for details */ 83 #define NSSL_CERTSTORE_MAX 14 /* Please see man pages for details */ 84 #define NSSL_CERTS_PER_STORE 40 /* Please see man pages for details */ 85 86 #define NSSL_CRLS_MAX 10 /* Please see man pages for details */ 87 #define NSSL_CRLSTORE_MAX 3 /* Please see man pages for details */ 88 #define NSSL_CRLS_PER_STORE 3 /* Please see man pages for details */ 89 90 #define NSSL_EV_MAX 30 /* Please see man pages for details */ 91 /**/ 92 93 /*---------------------------------------------------------------------------* 94 * Types/Declarations 95 *---------------------------------------------------------------------------*/ 96 97 /* Please see man pages for details 98 99 100 101 102 103 */ 104 typedef struct NSSLConfig 105 { 106 /* Please see man pages for details 107 108 109 110 */ 111 void* (*alloc)(u32 name, u32 size, u32 align); 112 /* Please see man pages for details 113 114 115 */ 116 void (*free)(u32 name, void *ptr); 117 /* Please see man pages for details 118 119 120 121 122 */ 123 void* (*realloc)(void *ptr, u32 size); 124 /* Please see man pages for details 125 126 127 128 */ 129 u32 fixedHeapSize; 130 } NSSLConfig; 131 132 typedef s32 NSSLId; /* Please see man pages for details */ 133 typedef s32 NSSLCertId; /* Please see man pages for details */ 134 typedef s32 NSSLCertStoreId; /* Please see man pages for details */ 135 typedef s32 NSSLCRLId; /* Please see man pages for details */ 136 typedef s32 NSSLCRLStoreId; /* Please see man pages for details */ 137 138 /* For debugging */ 139 typedef struct NSSLResource 140 { 141 int numDescSsl; 142 u32 freeHeapSize; 143 u32 usedHeapSize; 144 u32 maxHeapSize; 145 } NSSLResource; 146 147 /*---------------------------------------------------------------------------* 148 * Cert Data 149 *---------------------------------------------------------------------------*/ 150 #define NSSL_ROOTCA_NINTENDO_0 1 151 #define NSSL_ROOTCA_NINTENDO_1 2 152 #define NSSL_ROOTCA_NINTENDO_2 3 153 154 /*---------------------------------------------------------------------------* 155 * Function Prototypes 156 *---------------------------------------------------------------------------*/ 157 s32 NSSL_Init ( const NSSLConfig* config ); 158 s32 NSSL_Finish ( void ); 159 NSSLId NSSL_NewClient ( int socket, u32 option, const char* serverName ); 160 s32 NSSL_DoHandshake ( NSSLId sslId ); 161 s32 NSSL_DoHandshakeEx ( NSSLId sslId, char* serverCertData, size_t serverCertSize, u32* serverCertNum ); 162 s32 NSSL_DoHandshakeWithGetCertInfo(NSSLId sslId, size_t* serverCertSize, u32* serverCertNum ); 163 s32 NSSL_Read ( NSSLId sslId, char* buf, size_t bufSize ); 164 s32 NSSL_Peek ( NSSLId sslId, char* buf, size_t bufSize ); 165 s32 NSSL_Write ( NSSLId sslId, const char* buf, size_t bufSize ); 166 s32 NSSL_Shutdown ( NSSLId sslId ); 167 s32 NSSL_SetServerCertStore(NSSLId sslId, NSSLCertStoreId storeId); 168 s32 NSSL_SetClientCert ( NSSLId sslId, NSSLCertId certId); 169 s32 NSSL_SetCRLStore ( NSSLId sslId, NSSLCRLStoreId storeId); 170 s32 NSSL_DisableVerifyOptionForDebug( NSSLId i_sslId, u32 i_verifyOption ); 171 172 s32 NSSL_SetUTCTime ( s64 utcTime ); 173 174 s32 NSSL_GetCipherInfo( NSSLId sslId, char** version, char** name, int* algBits, int* effectiveBits ); 175 s32 NSSL_GetCertVerifyErrors( NSSLId sslId, u32* pCertVerifyErrors); 176 s32 NSSL_SetServerCertBuffer( NSSLId sslId, u8* pBuf, size_t bufSize); 177 178 void NSSL_GetResource(NSSLResource* resource); 179 180 /* functions for certificates */ 181 NSSLCertId NSSL_RegisterCert(u8 *cert, int certSize); 182 NSSLCertId NSSL_RegisterCertWithKey(u8 *cert, int certSize, u8 *key, int keySize); 183 s32 NSSL_UnregisterCert(NSSLCertId certId); 184 BOOL NSSL_IsValidCertId(NSSLCertId id); 185 186 /* functions for certificate store */ 187 NSSLCertStoreId NSSL_CertStore_Create(void); 188 s32 NSSL_CertStore_Destroy(NSSLCertStoreId storeId); 189 void NSSL_CertStore_DestroyAll(NSSLCertStoreId storeId); 190 s32 NSSL_CertStore_AddCert(NSSLCertStoreId storeId, NSSLCertId certId); 191 s32 NSSL_CertStore_RemoveCert(NSSLCertStoreId storeId, NSSLCertId certId); 192 BOOL NSSL_CertStore_IsValidId(NSSLCertStoreId storeId); 193 194 /* functions for CRL */ 195 NSSLCRLId NSSL_RegisterCRL(u8 *crl, int len); 196 s32 NSSL_UnregisterCRL(NSSLCRLId crlId); 197 BOOL NSSL_IsValidCRLId(NSSLCRLId id); 198 199 /* functions for CRL store */ 200 NSSLCRLStoreId NSSL_CRLStore_Create(void); 201 s32 NSSL_CRLStore_Destroy(NSSLCRLStoreId storeId); 202 void NSSL_CRLStore_DestroyAll(NSSLCRLStoreId storeId); 203 s32 NSSL_CRLStore_AddCRL(NSSLCRLStoreId storeId, NSSLCRLId crlId); 204 s32 NSSL_CRLStore_RemoveCRL(NSSLCRLStoreId storeId, NSSLCRLId crlId); 205 BOOL NSSL_CRLStore_IsValidId(NSSLCRLStoreId storeId); 206 207 BOOL NSSL_IsAvailable ( void ); 208 void NSSL_GatherEntropy ( void ); 209 210 #ifdef __cplusplus 211 } 212 #endif // __cplusplus 213 #endif // __NSSL_H__ 214