1 /*---------------------------------------------------------------------------*
2   Project:  Horizon
3   File:     nssl.h
4 
5   Copyright (C)2009-2012 Nintendo Co., Ltd.  All rights reserved.
6 
7   These coded instructions, statements, and computer programs contain
8   proprietary information of Nintendo of America Inc. and/or Nintendo
9   Company Ltd., and are protected by Federal copyright law. They may
10   not be disclosed to third parties or copied or duplicated in any form,
11   in whole or in part, without the prior written consent of Nintendo.
12 
13   $Rev: 46347 $
14  *---------------------------------------------------------------------------*/
15 
16 #ifndef __NSSL_H__
17 #define __NSSL_H__
18 
19 /*---------------------------------------------------------------------------*
20  * Includes
21  *---------------------------------------------------------------------------*/
22 
23 #include <nn/net/compatible/nos.h>
24 
25 #ifdef  __cplusplus
26 extern "C" {
27 #endif  // __cplusplus
28 
29 /*---------------------------------------------------------------------------*
30  * Definitions
31  *---------------------------------------------------------------------------*/
32 #define NSSL_VERIFY_NONE                         0x00
33 #define NSSL_VERIFY_COMMON_NAME                  0x01
34 #define NSSL_VERIFY_ROOT_CA                      0x02
35 #define NSSL_VERIFY_DATE                         0x04
36 
37 /* Removed because with the BSAFE verification system, could not turned off the chain verification "only" */
38 /* 2011/07/29 Restored */
39 #define NSSL_VERIFY_CHAIN                        0x08
40 
41 #define NSSL_VERIFY_SUBJECT_ALT_NAME             0x10
42 #define NSSL_VERIFY_EV                           0x20
43 #define NSSL_OPTION_SESSION_CACHE                0x100
44 #define NSSL_VERIFY_IGNORE                       0x200 /*Option to verify certificate, but connect by ignoring verification results*/
45 #define NSSL_GET_ALL_SERVER_CERT_CHAIN           0x400 /*Option to get all data of the certificate chain*/
46 
47 #define NSSL_OPTION_NO_TLSv11                    0x800 /*Option to disable TLS1.1. When it is used, communications are with TLS1.0.*/
48 
49 #define NSSL_ERROR_BASE                          0xfffff000
50 #define NSSL_ERROR_CODE(code)                    ((s32)(NSSL_ERROR_BASE|(code)))
51 
52 /* Specify all values so that what error occurs can be determined when the error code is printed in numbers */
53 enum {
54     NSSL_EFAILED                                 = NSSL_ERROR_CODE(1),
55     NSSL_EWANT_READ                              = NSSL_ERROR_CODE(2),
56     NSSL_EWANT_WRITE                             = NSSL_ERROR_CODE(3),
57     NSSL_ESYSCALL                                = NSSL_ERROR_CODE(5),
58     NSSL_EZERO_RETURN                            = NSSL_ERROR_CODE(6),
59     NSSL_EWANT_CONNECT                           = NSSL_ERROR_CODE(7),
60     NSSL_ESSLID                                  = NSSL_ERROR_CODE(8),
61     NSSL_EVERIFY_COMMON_NAME                     = NSSL_ERROR_CODE(9),
62     NSSL_EVERIFY_ROOT_CA                         = NSSL_ERROR_CODE(10),
63     NSSL_EVERIFY_CHAIN                           = NSSL_ERROR_CODE(11),
64     NSSL_EVERIFY_DATE                            = NSSL_ERROR_CODE(12),
65     NSSL_EGET_SERVER_CERT                        = NSSL_ERROR_CODE(13),
66     NSSL_EROOTCAID                               = NSSL_ERROR_CODE(14), // Not used
67     NSSL_ECLIENTCERTID                           = NSSL_ERROR_CODE(15), // Not used
68     NSSL_EVERIFY_REVOKED_CERT                    = NSSL_ERROR_CODE(16),
69     NSSL_ESTATE                                  = NSSL_ERROR_CODE(17),
70     NSSL_EVERIFY_USER                            = NSSL_ERROR_CODE(18),
71     NSSL_ERANDOM                                 = NSSL_ERROR_CODE(19),
72     NSSL_EVERIFY_SERVER_CERT                     = NSSL_ERROR_CODE(20),
73     NSSL_ECERT_BUF_ALREADY_SET                   = NSSL_ERROR_CODE(21),
74     NSSL_ENOMEM                           		 = NSSL_ERROR_CODE(22), /* Support for memory allocation failure error code */
75     NSSL_ENONE                                   = 0
76 };
77 
78 /* Please see man pages for details
79 
80 
81  */
82 #define NSSL_ID_MAX                              6
83 
84 /* Please see man pages for details
85 
86  */
87 #define CERT_SIZE               1024*2  /* Please see man pages for details */
88 
89 #define NSSL_CERTS_MAX          50      /* Please see man pages for details */
90 #define NSSL_CERTSTORE_MAX      14      /* Please see man pages for details */
91 #define NSSL_CERTS_PER_STORE    40      /* Please see man pages for details */
92 
93 #define NSSL_CRLS_MAX           10      /* Please see man pages for details */
94 #define NSSL_CRLSTORE_MAX       3       /* Please see man pages for details */
95 #define NSSL_CRLS_PER_STORE     3       /* Please see man pages for details */
96 
97 #define NSSL_EV_MAX             30       /* Please see man pages for details */
98 /**/
99 
100 /*---------------------------------------------------------------------------*
101  * Types/Declarations
102  *---------------------------------------------------------------------------*/
103 
104 /* Please see man pages for details
105 
106 
107 
108 
109 
110  */
111 typedef struct NSSLConfig
112 {
113     /* Please see man pages for details
114 
115 
116 
117      */
118     void* (*alloc)(u32 name, u32 size, u32 align);
119     /* Please see man pages for details
120 
121 
122      */
123     void  (*free)(u32 name, void *ptr);
124     /* Please see man pages for details
125 
126 
127 
128 
129      */
130     void* (*realloc)(void *ptr, u32 size);
131     /* Please see man pages for details
132 
133 
134 
135      */
136     u32   fixedHeapSize;
137 } NSSLConfig;
138 
139 typedef s32 NSSLId; /* Please see man pages for details */
140 typedef s32 NSSLCertId; /* Please see man pages for details */
141 typedef s32 NSSLCertStoreId; /* Please see man pages for details */
142 typedef s32 NSSLCRLId; /* Please see man pages for details */
143 typedef s32 NSSLCRLStoreId; /* Please see man pages for details */
144 
145 /* For debugging */
146 typedef struct NSSLResource
147 {
148     int numDescSsl;
149     u32 freeHeapSize;
150     u32 usedHeapSize;
151     u32 maxHeapSize;
152 } NSSLResource;
153 
154 /*---------------------------------------------------------------------------*
155  * Cert Data
156  *---------------------------------------------------------------------------*/
157 #define NSSL_ROOTCA_NINTENDO_0                   1
158 #define NSSL_ROOTCA_NINTENDO_1                   2
159 #define NSSL_ROOTCA_NINTENDO_2                   3
160 
161 /*---------------------------------------------------------------------------*
162  * Function Prototypes
163  *---------------------------------------------------------------------------*/
164 s32             NSSL_Init            ( const NSSLConfig* config );
165 s32             NSSL_Finish          ( void );
166 NSSLId          NSSL_NewClient       ( int socket, u32 option, const char* serverName );
167 s32             NSSL_DoHandshake     ( NSSLId sslId );
168 s32             NSSL_DoHandshakeEx   ( NSSLId sslId, char* serverCertData, size_t serverCertSize, u32* serverCertNum );
169 s32             NSSL_DoHandshakeWithGetCertInfo(NSSLId sslId, size_t* serverCertSize, u32* serverCertNum );
170 s32             NSSL_Read            ( NSSLId sslId, char* buf, size_t bufSize );
171 s32             NSSL_Peek            ( NSSLId sslId, char* buf, size_t bufSize );
172 s32             NSSL_Write           ( NSSLId sslId, const char* buf, size_t bufSize );
173 s32             NSSL_Shutdown        ( NSSLId sslId );
174 s32             NSSL_SetServerCertStore(NSSLId sslId, NSSLCertStoreId storeId);
175 s32             NSSL_SetClientCert        ( NSSLId sslId, NSSLCertId certId);
176 s32             NSSL_SetCRLStore          ( NSSLId sslId, NSSLCRLStoreId storeId);
177 s32             NSSL_DisableVerifyOptionForDebug( NSSLId i_sslId, u32 i_verifyOption );
178 
179 s32             NSSL_SetUTCTime           ( s64 utcTime );
180 
181 s32             NSSL_GetCipherInfo( NSSLId sslId, char** version, char** name, int* algBits, int* effectiveBits );
182 s32             NSSL_GetCertVerifyErrors( NSSLId sslId, u32* pCertVerifyErrors);
183 s32             NSSL_SetServerCertBuffer( NSSLId sslId, u8* pBuf, size_t bufSize);
184 
185 void            NSSL_GetResource(NSSLResource* resource);
186 
187 /* functions for certificates */
188 NSSLCertId      NSSL_RegisterCert(u8 *cert, int certSize);
189 NSSLCertId      NSSL_RegisterCertWithKey(u8 *cert, int certSize, u8 *key, int keySize);
190 s32             NSSL_UnregisterCert(NSSLCertId certId);
191 BOOL            NSSL_IsValidCertId(NSSLCertId id);
192 
193 /* functions for certificate store */
194 NSSLCertStoreId NSSL_CertStore_Create(void);
195 s32             NSSL_CertStore_Destroy(NSSLCertStoreId storeId);
196 void            NSSL_CertStore_DestroyAll(NSSLCertStoreId storeId);
197 s32             NSSL_CertStore_AddCert(NSSLCertStoreId storeId, NSSLCertId certId);
198 s32             NSSL_CertStore_RemoveCert(NSSLCertStoreId storeId, NSSLCertId certId);
199 BOOL            NSSL_CertStore_IsValidId(NSSLCertStoreId storeId);
200 
201 /* functions for CRL */
202 NSSLCRLId       NSSL_RegisterCRL(u8 *crl, int len);
203 s32             NSSL_UnregisterCRL(NSSLCRLId crlId);
204 BOOL            NSSL_IsValidCRLId(NSSLCRLId id);
205 
206 /* functions for CRL store */
207 NSSLCRLStoreId  NSSL_CRLStore_Create(void);
208 s32             NSSL_CRLStore_Destroy(NSSLCRLStoreId storeId);
209 void            NSSL_CRLStore_DestroyAll(NSSLCRLStoreId storeId);
210 s32             NSSL_CRLStore_AddCRL(NSSLCRLStoreId storeId, NSSLCRLId crlId);
211 s32             NSSL_CRLStore_RemoveCRL(NSSLCRLStoreId storeId, NSSLCRLId crlId);
212 BOOL            NSSL_CRLStore_IsValidId(NSSLCRLStoreId storeId);
213 
214 BOOL            NSSL_IsAvailable     ( void );
215 void            NSSL_GatherEntropy   ( void );
216 
217 #ifdef  __cplusplus
218 }
219 #endif  // __cplusplus
220 #endif  // __NSSL_H__
221