ssl: add cert store

author: Liam 2024-02-24 12:49:08 -0500
committer: Liam 2024-02-24 22:56:05 -0500
commit: fd718f350ca4f13e4c2c0ca5ea4a9931255d3c13 (patch)
tree: eba5380db4c87d13c25b61c8262cb9d01ba70637 /src
parent: acc: add account manager for acc:u1 (diff)
download: yuzu-fd718f350ca4f13e4c2c0ca5ea4a9931255d3c13.tar.gz
yuzu-fd718f350ca4f13e4c2c0ca5ea4a9931255d3c13.tar.xz
yuzu-fd718f350ca4f13e4c2c0ca5ea4a9931255d3c13.zip
5 files changed, 330 insertions, 3 deletions
diff --git a/src/core/CMakeLists.txt b/src/core/CMakeLists.txt
index 1eb43d816..63a6da12e 100644
--- a/src/core/CMakeLists.txt
+++ b/src/core/CMakeLists.txt
@@ -1047,9 +1047,12 @@ add_library(core STATIC
    hle/service/spl/spl_module.h
    hle/service/spl/spl_results.h
    hle/service/spl/spl_types.h
+    hle/service/ssl/cert_store.cpp
+    hle/service/ssl/cert_store.h
    hle/service/ssl/ssl.cpp
    hle/service/ssl/ssl.h
    hle/service/ssl/ssl_backend.h
+    hle/service/ssl/ssl_types.h
    hle/service/usb/usb.cpp
    hle/service/usb/usb.h
    hle/service/vi/application_display_service.cpp
diff --git a/src/core/hle/service/ssl/cert_store.cpp b/src/core/hle/service/ssl/cert_store.cpp
new file mode 100644
index 000000000..b321e5d32
--- /dev/null
+++ b/src/core/hle/service/ssl/cert_store.cpp
@@ -0,0 +1,156 @@
+// SPDX-FileCopyrightText: Copyright 2024 yuzu Emulator Project
+// SPDX-License-Identifier: GPL-2.0-or-later
+#include "common/alignment.h"
+#include "core/core.h"
+#include "core/file_sys/content_archive.h"
+#include "core/file_sys/nca_metadata.h"
+#include "core/file_sys/registered_cache.h"
+#include "core/file_sys/romfs.h"
+#include "core/hle/service/filesystem/filesystem.h"
+#include "core/hle/service/ssl/cert_store.h"
+namespace Service::SSL {
+// https://switchbrew.org/wiki/SSL_services#CertStore
+CertStore::CertStore(Core::System& system) {
+    constexpr u64 CertStoreDataId = 0x0100000000000800ULL;
+    auto& fsc = system.GetFileSystemController();
+    // Attempt to load certificate data from storage
+    const auto nca =
+        fsc.GetSystemNANDContents()->GetEntry(CertStoreDataId, FileSys::ContentRecordType::Data);
+    if (!nca) {
+        return;
+    }
+    const auto romfs = nca->GetRomFS();
+    if (!romfs) {
+        return;
+    }
+    const auto extracted = FileSys::ExtractRomFS(romfs);
+    if (!extracted) {
+        LOG_ERROR(Service_SSL, "CertStore could not be extracted, corrupt RomFS?");
+        return;
+    }
+    const auto cert_store_file = extracted->GetFile("ssl_TrustedCerts.bdf");
+    if (!cert_store_file) {
+        LOG_ERROR(Service_SSL, "Failed to find trusted certificates in CertStore");
+        return;
+    }
+    // Read and verify the header.
+    CertStoreHeader header;
+    cert_store_file->ReadObject(std::addressof(header));
+    if (header.magic != Common::MakeMagic('s', 's', 'l', 'T')) {
+        LOG_ERROR(Service_SSL, "Invalid certificate store magic");
+        return;
+    }
+    // Ensure the file can contains the number of entries it says it does.
+    const u64 expected_size = sizeof(header) + sizeof(CertStoreEntry) * header.num_entries;
+    const u64 actual_size = cert_store_file->GetSize();
+    if (actual_size < expected_size) {
+        LOG_ERROR(Service_SSL, "Size mismatch, expected at least {} bytes, got {}", expected_size,
+                  actual_size);
+        return;
+    }
+    // Read entries.
+    std::vector<CertStoreEntry> entries(header.num_entries);
+    cert_store_file->ReadArray(entries.data(), header.num_entries, sizeof(header));
+    // Insert into memory store.
+    for (const auto& entry : entries) {
+        m_certs.emplace(entry.certificate_id,
+                        Certificate{
+                            .status = entry.certificate_status,
+                            .der_data = cert_store_file->ReadBytes(
+                                entry.der_size, entry.der_offset + sizeof(header)),
+                        });
+    }
+}
+CertStore::~CertStore() = default;
+template <typename F>
+void CertStore::ForEachCertificate(std::span<const CaCertificateId> certificate_ids, F&& f) {
+    if (certificate_ids.size() == 1 && certificate_ids.front() == CaCertificateId::All) {
+        for (const auto& entry : m_certs) {
+            f(entry);
+        }
+    } else {
+        for (const auto certificate_id : certificate_ids) {
+            const auto entry = m_certs.find(certificate_id);
+            if (entry == m_certs.end()) {
+                continue;
+            }
+            f(*entry);
+        }
+    }
+}
+Result CertStore::GetCertificates(u32* out_num_entries, std::span<u8> out_data,
+                                  std::span<const CaCertificateId> certificate_ids) {
+    // Ensure the buffer is large enough to hold the output.
+    u32 required_size;
+    R_TRY(this->GetCertificateBufSize(std::addressof(required_size), out_num_entries,
+                                      certificate_ids));
+    R_UNLESS(out_data.size_bytes() >= required_size, ResultUnknown);
+    // Make parallel arrays.
+    std::vector<BuiltInCertificateInfo> cert_infos;
+    std::vector<u8> der_datas;
+    const u32 der_data_offset = (*out_num_entries + 1) * sizeof(BuiltInCertificateInfo);
+    u32 cur_der_offset = der_data_offset;
+    // Fill output.
+    this->ForEachCertificate(certificate_ids, [&](auto& entry) {
+        const auto& [status, cur_der_data] = entry.second;
+        BuiltInCertificateInfo cert_info{
+            .cert_id = entry.first,
+            .status = status,
+            .der_size = cur_der_data.size(),
+            .der_offset = cur_der_offset,
+        };
+        cert_infos.push_back(cert_info);
+        der_datas.insert(der_datas.end(), cur_der_data.begin(), cur_der_data.end());
+        cur_der_offset += static_cast<u32>(cur_der_data.size());
+    });
+    // Append terminator entry.
+    cert_infos.push_back(BuiltInCertificateInfo{
+        .cert_id = CaCertificateId::All,
+        .status = TrustedCertStatus::Invalid,
+        .der_size = 0,
+        .der_offset = 0,
+    });
+    // Write to output span.
+    std::memcpy(out_data.data(), cert_infos.data(),
+                cert_infos.size() * sizeof(BuiltInCertificateInfo));
+    std::memcpy(out_data.data() + der_data_offset, der_datas.data(), der_datas.size());
+    R_SUCCEED();
+}
+Result CertStore::GetCertificateBufSize(u32* out_size, u32* out_num_entries,
+                                        std::span<const CaCertificateId> certificate_ids) {
+    // Output size is at least the size of the terminator entry.
+    *out_size = sizeof(BuiltInCertificateInfo);
+    *out_num_entries = 0;
+    this->ForEachCertificate(certificate_ids, [&](auto& entry) {
+        *out_size += sizeof(BuiltInCertificateInfo);
+        *out_size += Common::AlignUp(static_cast<u32>(entry.second.der_data.size()), 4);
+        (*out_num_entries)++;
+    });
+    R_SUCCEED();
+}
+} // namespace Service::SSL
diff --git a/src/core/hle/service/ssl/cert_store.h b/src/core/hle/service/ssl/cert_store.h
new file mode 100644
index 000000000..613d7b02a
--- /dev/null
+++ b/src/core/hle/service/ssl/cert_store.h
@@ -0,0 +1,42 @@
+// SPDX-FileCopyrightText: Copyright 2024 yuzu Emulator Project
+// SPDX-License-Identifier: GPL-2.0-or-later
+#pragma once
+#include <map>
+#include <span>
+#include <vector>
+#include "core/hle/result.h"
+#include "core/hle/service/ssl/ssl_types.h"
+namespace Core {
+class System;
+}
+namespace Service::SSL {
+class CertStore {
+public:
+    explicit CertStore(Core::System& system);
+    ~CertStore();
+    Result GetCertificates(u32* out_num_entries, std::span<u8> out_data,
+                           std::span<const CaCertificateId> certificate_ids);
+    Result GetCertificateBufSize(u32* out_size, u32* out_num_entries,
+                                 std::span<const CaCertificateId> certificate_ids);
+private:
+    template <typename F>
+    void ForEachCertificate(std::span<const CaCertificateId> certs, F&& f);
+private:
+    struct Certificate {
+        TrustedCertStatus status;
+        std::vector<u8> der_data;
+    };
+    std::map<CaCertificateId, Certificate> m_certs;
+};
+} // namespace Service::SSL
diff --git a/src/core/hle/service/ssl/ssl.cpp b/src/core/hle/service/ssl/ssl.cpp
index 0fbb43057..008ee4492 100644
--- a/src/core/hle/service/ssl/ssl.cpp
+++ b/src/core/hle/service/ssl/ssl.cpp
@@ -5,11 +5,13 @@
 #include "core/core.h"
 #include "core/hle/result.h"
+#include "core/hle/service/cmif_serialization.h"
 #include "core/hle/service/ipc_helpers.h"
 #include "core/hle/service/server_manager.h"
 #include "core/hle/service/service.h"
 #include "core/hle/service/sm/sm.h"
 #include "core/hle/service/sockets/bsd.h"
+#include "core/hle/service/ssl/cert_store.h"
 #include "core/hle/service/ssl/ssl.h"
 #include "core/hle/service/ssl/ssl_backend.h"
 #include "core/internal_network/network.h"
@@ -492,13 +494,14 @@ private:
 class ISslService final : public ServiceFramework<ISslService> {
 public:
-    explicit ISslService(Core::System& system_) : ServiceFramework{system_, "ssl"} {
+    explicit ISslService(Core::System& system_)
+        : ServiceFramework{system_, "ssl"}, cert_store{system} {
        // clang-format off
        static const FunctionInfo functions[] = {
            {0, &ISslService::CreateContext, "CreateContext"},
            {1, nullptr, "GetContextCount"},
-            {2, nullptr, "GetCertificates"},
+            {2, D<&ISslService::GetCertificates>, "GetCertificates"},
-            {3, nullptr, "GetCertificateBufSize"},
+            {3, D<&ISslService::GetCertificateBufSize>, "GetCertificateBufSize"},
            {4, nullptr, "DebugIoctl"},
            {5, &ISslService::SetInterfaceVersion, "SetInterfaceVersion"},
            {6, nullptr, "FlushSessionCache"},
@@ -540,6 +543,22 @@ private:
        IPC::ResponseBuilder rb{ctx, 2};
        rb.Push(ResultSuccess);
    }
+    Result GetCertificateBufSize(
+        Out<u32> out_size, InArray<CaCertificateId, BufferAttr_HipcMapAlias> certificate_ids) {
+        LOG_INFO(Service_SSL, "called");
+        u32 num_entries;
+        R_RETURN(cert_store.GetCertificateBufSize(out_size, &num_entries, certificate_ids));
+    }
+    Result GetCertificates(Out<u32> out_num_entries, OutBuffer<BufferAttr_HipcMapAlias> out_buffer,
+                           InArray<CaCertificateId, BufferAttr_HipcMapAlias> certificate_ids) {
+        LOG_INFO(Service_SSL, "called");
+        R_RETURN(cert_store.GetCertificates(out_num_entries, out_buffer, certificate_ids));
+    }
+private:
+    CertStore cert_store;
 };
 void LoopProcess(Core::System& system) {
diff --git a/src/core/hle/service/ssl/ssl_types.h b/src/core/hle/service/ssl/ssl_types.h
new file mode 100644
index 000000000..dbc3dbf64
--- /dev/null
+++ b/src/core/hle/service/ssl/ssl_types.h
@@ -0,0 +1,107 @@
+// SPDX-FileCopyrightText: Copyright 2024 yuzu Emulator Project
+// SPDX-License-Identifier: GPL-2.0-or-later
+#pragma once
+#include "common/common_types.h"
+namespace Service::SSL {
+enum class CaCertificateId : s32 {
+    All = -1,
+    NintendoCAG3 = 1,
+    NintendoClass2CAG3 = 2,
+    NintendoRootCAG4 = 3,
+    AmazonRootCA1 = 1000,
+    StarfieldServicesRootCertificateAuthorityG2 = 1001,
+    AddTrustExternalCARoot = 1002,
+    COMODOCertificationAuthority = 1003,
+    UTNDATACorpSGC = 1004,
+    UTNUSERFirstHardware = 1005,
+    BaltimoreCyberTrustRoot = 1006,
+    CybertrustGlobalRoot = 1007,
+    VerizonGlobalRootCA = 1008,
+    DigiCertAssuredIDRootCA = 1009,
+    DigiCertAssuredIDRootG2 = 1010,
+    DigiCertGlobalRootCA = 1011,
+    DigiCertGlobalRootG2 = 1012,
+    DigiCertHighAssuranceEVRootCA = 1013,
+    EntrustnetCertificationAuthority2048 = 1014,
+    EntrustRootCertificationAuthority = 1015,
+    EntrustRootCertificationAuthorityG2 = 1016,
+    GeoTrustGlobalCA2 = 1017,
+    GeoTrustGlobalCA = 1018,
+    GeoTrustPrimaryCertificationAuthorityG3 = 1019,
+    GeoTrustPrimaryCertificationAuthority = 1020,
+    GlobalSignRootCA = 1021,
+    GlobalSignRootCAR2 = 1022,
+    GlobalSignRootCAR3 = 1023,
+    GoDaddyClass2CertificationAuthority = 1024,
+    GoDaddyRootCertificateAuthorityG2 = 1025,
+    StarfieldClass2CertificationAuthority = 1026,
+    StarfieldRootCertificateAuthorityG2 = 1027,
+    thawtePrimaryRootCAG3 = 1028,
+    thawtePrimaryRootCA = 1029,
+    VeriSignClass3PublicPrimaryCertificationAuthorityG3 = 1030,
+    VeriSignClass3PublicPrimaryCertificationAuthorityG5 = 1031,
+    VeriSignUniversalRootCertificationAuthority = 1032,
+    DSTRootCAX3 = 1033,
+    USERTrustRsaCertificationAuthority = 1034,
+    ISRGRootX10 = 1035,
+    USERTrustEccCertificationAuthority = 1036,
+    COMODORsaCertificationAuthority = 1037,
+    COMODOEccCertificationAuthority = 1038,
+    AmazonRootCA2 = 1039,
+    AmazonRootCA3 = 1040,
+    AmazonRootCA4 = 1041,
+    DigiCertAssuredIDRootG3 = 1042,
+    DigiCertGlobalRootG3 = 1043,
+    DigiCertTrustedRootG4 = 1044,
+    EntrustRootCertificationAuthorityEC1 = 1045,
+    EntrustRootCertificationAuthorityG4 = 1046,
+    GlobalSignECCRootCAR4 = 1047,
+    GlobalSignECCRootCAR5 = 1048,
+    GlobalSignECCRootCAR6 = 1049,
+    GTSRootR1 = 1050,
+    GTSRootR2 = 1051,
+    GTSRootR3 = 1052,
+    GTSRootR4 = 1053,
+    SecurityCommunicationRootCA = 1054,
+    GlobalSignRootE4 = 1055,
+    GlobalSignRootR4 = 1056,
+    TTeleSecGlobalRootClass2 = 1057,
+    DigiCertTLSECCP384RootG5 = 1058,
+    DigiCertTLSRSA4096RootG5 = 1059,
+};
+enum class TrustedCertStatus : s32 {
+    Invalid = -1,
+    Removed = 0,
+    EnabledTrusted = 1,
+    EnabledNotTrusted = 2,
+    Revoked = 3,
+};
+struct BuiltInCertificateInfo {
+    CaCertificateId cert_id;
+    TrustedCertStatus status;
+    u64 der_size;
+    u64 der_offset;
+};
+static_assert(sizeof(BuiltInCertificateInfo) == 0x18, "BuiltInCertificateInfo has incorrect size.");
+struct CertStoreHeader {
+    u32 magic;
+    u32 num_entries;
+};
+static_assert(sizeof(CertStoreHeader) == 0x8, "CertStoreHeader has incorrect size.");
+struct CertStoreEntry {
+    CaCertificateId certificate_id;
+    TrustedCertStatus certificate_status;
+    u32 der_size;
+    u32 der_offset;
+};
+static_assert(sizeof(CertStoreEntry) == 0x10, "CertStoreEntry has incorrect size.");
+} // namespace Service::SSL
author	Liam	2024-02-24 12:49:08 -0500
committer	Liam	2024-02-24 22:56:05 -0500
commit	fd718f350ca4f13e4c2c0ca5ea4a9931255d3c13 (patch)
tree	eba5380db4c87d13c25b61c8262cb9d01ba70637 /src
parent	acc: add account manager for acc:u1 (diff)
download	yuzu-fd718f350ca4f13e4c2c0ca5ea4a9931255d3c13.tar.gz yuzu-fd718f350ca4f13e4c2c0ca5ea4a9931255d3c13.tar.xz yuzu-fd718f350ca4f13e4c2c0ca5ea4a9931255d3c13.zip

diff --git a/src/core/CMakeLists.txt b/src/core/CMakeLists.txt index 1eb43d816..63a6da12e 100644 --- a/src/core/CMakeLists.txt +++ b/src/core/CMakeLists.txt
@@ -1047,9 +1047,12 @@ add_library(core STATIC
1047	hle/service/spl/spl_module.h	1047	hle/service/spl/spl_module.h
1048	hle/service/spl/spl_results.h	1048	hle/service/spl/spl_results.h
1049	hle/service/spl/spl_types.h	1049	hle/service/spl/spl_types.h
		1050	hle/service/ssl/cert_store.cpp
		1051	hle/service/ssl/cert_store.h
1050	hle/service/ssl/ssl.cpp	1052	hle/service/ssl/ssl.cpp
1051	hle/service/ssl/ssl.h	1053	hle/service/ssl/ssl.h
1052	hle/service/ssl/ssl_backend.h	1054	hle/service/ssl/ssl_backend.h
		1055	hle/service/ssl/ssl_types.h
1053	hle/service/usb/usb.cpp	1056	hle/service/usb/usb.cpp
1054	hle/service/usb/usb.h	1057	hle/service/usb/usb.h
1055	hle/service/vi/application_display_service.cpp	1058	hle/service/vi/application_display_service.cpp


diff --git a/src/core/hle/service/ssl/cert_store.cpp b/src/core/hle/service/ssl/cert_store.cpp new file mode 100644 index 000000000..b321e5d32 --- /dev/null +++ b/src/core/hle/service/ssl/cert_store.cpp
@@ -0,0 +1,156 @@
		1	// SPDX-FileCopyrightText: Copyright 2024 yuzu Emulator Project
		2	// SPDX-License-Identifier: GPL-2.0-or-later
		3
		4	#include "common/alignment.h"
		5	#include "core/core.h"
		6	#include "core/file_sys/content_archive.h"
		7	#include "core/file_sys/nca_metadata.h"
		8	#include "core/file_sys/registered_cache.h"
		9	#include "core/file_sys/romfs.h"
		10	#include "core/hle/service/filesystem/filesystem.h"
		11	#include "core/hle/service/ssl/cert_store.h"
		12
		13	namespace Service::SSL {
		14
		15	// https://switchbrew.org/wiki/SSL_services#CertStore
		16
		17	CertStore::CertStore(Core::System& system) {
		18	constexpr u64 CertStoreDataId = 0x0100000000000800ULL;
		19
		20	auto& fsc = system.GetFileSystemController();
		21
		22	// Attempt to load certificate data from storage
		23	const auto nca =
		24	fsc.GetSystemNANDContents()->GetEntry(CertStoreDataId, FileSys::ContentRecordType::Data);
		25	if (!nca) {
		26	return;
		27	}
		28	const auto romfs = nca->GetRomFS();
		29	if (!romfs) {
		30	return;
		31	}
		32	const auto extracted = FileSys::ExtractRomFS(romfs);
		33	if (!extracted) {
		34	LOG_ERROR(Service_SSL, "CertStore could not be extracted, corrupt RomFS?");
		35	return;
		36	}
		37	const auto cert_store_file = extracted->GetFile("ssl_TrustedCerts.bdf");
		38	if (!cert_store_file) {
		39	LOG_ERROR(Service_SSL, "Failed to find trusted certificates in CertStore");
		40	return;
		41	}
		42
		43	// Read and verify the header.
		44	CertStoreHeader header;
		45	cert_store_file->ReadObject(std::addressof(header));
		46
		47	if (header.magic != Common::MakeMagic('s', 's', 'l', 'T')) {
		48	LOG_ERROR(Service_SSL, "Invalid certificate store magic");
		49	return;
		50	}
		51
		52	// Ensure the file can contains the number of entries it says it does.
		53	const u64 expected_size = sizeof(header) + sizeof(CertStoreEntry) * header.num_entries;
		54	const u64 actual_size = cert_store_file->GetSize();
		55	if (actual_size < expected_size) {
		56	LOG_ERROR(Service_SSL, "Size mismatch, expected at least {} bytes, got {}", expected_size,
		57	actual_size);
		58	return;
		59	}
		60
		61	// Read entries.
		62	std::vector<CertStoreEntry> entries(header.num_entries);
		63	cert_store_file->ReadArray(entries.data(), header.num_entries, sizeof(header));
		64
		65	// Insert into memory store.
		66	for (const auto& entry : entries) {
		67	m_certs.emplace(entry.certificate_id,
		68	Certificate{
		69	.status = entry.certificate_status,
		70	.der_data = cert_store_file->ReadBytes(
		71	entry.der_size, entry.der_offset + sizeof(header)),
		72	});
		73	}
		74	}
		75
		76	CertStore::~CertStore() = default;
		77
		78	template <typename F>
		79	void CertStore::ForEachCertificate(std::span<const CaCertificateId> certificate_ids, F&& f) {
		80	if (certificate_ids.size() == 1 && certificate_ids.front() == CaCertificateId::All) {
		81	for (const auto& entry : m_certs) {
		82	f(entry);
		83	}
		84	} else {
		85	for (const auto certificate_id : certificate_ids) {
		86	const auto entry = m_certs.find(certificate_id);
		87	if (entry == m_certs.end()) {
		88	continue;
		89	}
		90	f(*entry);
		91	}
		92	}
		93	}
		94
		95	Result CertStore::GetCertificates(u32* out_num_entries, std::span<u8> out_data,
		96	std::span<const CaCertificateId> certificate_ids) {
		97	// Ensure the buffer is large enough to hold the output.
		98	u32 required_size;
		99	R_TRY(this->GetCertificateBufSize(std::addressof(required_size), out_num_entries,
		100	certificate_ids));
		101	R_UNLESS(out_data.size_bytes() >= required_size, ResultUnknown);
		102
		103	// Make parallel arrays.
		104	std::vector<BuiltInCertificateInfo> cert_infos;
		105	std::vector<u8> der_datas;
		106
		107	const u32 der_data_offset = (out_num_entries + 1) sizeof(BuiltInCertificateInfo);
		108	u32 cur_der_offset = der_data_offset;
		109
		110	// Fill output.
		111	this->ForEachCertificate(certificate_ids, [&](auto& entry) {
		112	const auto& [status, cur_der_data] = entry.second;
		113	BuiltInCertificateInfo cert_info{
		114	.cert_id = entry.first,
		115	.status = status,
		116	.der_size = cur_der_data.size(),
		117	.der_offset = cur_der_offset,
		118	};
		119
		120	cert_infos.push_back(cert_info);
		121	der_datas.insert(der_datas.end(), cur_der_data.begin(), cur_der_data.end());
		122	cur_der_offset += static_cast<u32>(cur_der_data.size());
		123	});
		124
		125	// Append terminator entry.
		126	cert_infos.push_back(BuiltInCertificateInfo{
		127	.cert_id = CaCertificateId::All,
		128	.status = TrustedCertStatus::Invalid,
		129	.der_size = 0,
		130	.der_offset = 0,
		131	});
		132
		133	// Write to output span.
		134	std::memcpy(out_data.data(), cert_infos.data(),
		135	cert_infos.size() * sizeof(BuiltInCertificateInfo));
		136	std::memcpy(out_data.data() + der_data_offset, der_datas.data(), der_datas.size());
		137
		138	R_SUCCEED();
		139	}
		140
		141	Result CertStore::GetCertificateBufSize(u32* out_size, u32* out_num_entries,
		142	std::span<const CaCertificateId> certificate_ids) {
		143	// Output size is at least the size of the terminator entry.
		144	*out_size = sizeof(BuiltInCertificateInfo);
		145	*out_num_entries = 0;
		146
		147	this->ForEachCertificate(certificate_ids, [&](auto& entry) {
		148	*out_size += sizeof(BuiltInCertificateInfo);
		149	*out_size += Common::AlignUp(static_cast<u32>(entry.second.der_data.size()), 4);
		150	(*out_num_entries)++;
		151	});
		152
		153	R_SUCCEED();
		154	}
		155
		156	} // namespace Service::SSL


diff --git a/src/core/hle/service/ssl/cert_store.h b/src/core/hle/service/ssl/cert_store.h new file mode 100644 index 000000000..613d7b02a --- /dev/null +++ b/src/core/hle/service/ssl/cert_store.h
@@ -0,0 +1,42 @@
		1	// SPDX-FileCopyrightText: Copyright 2024 yuzu Emulator Project
		2	// SPDX-License-Identifier: GPL-2.0-or-later
		3
		4	#pragma once
		5
		6	#include <map>
		7	#include <span>
		8	#include <vector>
		9
		10	#include "core/hle/result.h"
		11	#include "core/hle/service/ssl/ssl_types.h"
		12
		13	namespace Core {
		14	class System;
		15	}
		16
		17	namespace Service::SSL {
		18
		19	class CertStore {
		20	public:
		21	explicit CertStore(Core::System& system);
		22	~CertStore();
		23
		24	Result GetCertificates(u32* out_num_entries, std::span<u8> out_data,
		25	std::span<const CaCertificateId> certificate_ids);
		26	Result GetCertificateBufSize(u32* out_size, u32* out_num_entries,
		27	std::span<const CaCertificateId> certificate_ids);
		28
		29	private:
		30	template <typename F>
		31	void ForEachCertificate(std::span<const CaCertificateId> certs, F&& f);
		32
		33	private:
		34	struct Certificate {
		35	TrustedCertStatus status;
		36	std::vector<u8> der_data;
		37	};
		38
		39	std::map<CaCertificateId, Certificate> m_certs;
		40	};
		41
		42	} // namespace Service::SSL


diff --git a/src/core/hle/service/ssl/ssl.cpp b/src/core/hle/service/ssl/ssl.cpp index 0fbb43057..008ee4492 100644 --- a/src/core/hle/service/ssl/ssl.cpp +++ b/src/core/hle/service/ssl/ssl.cpp
@@ -5,11 +5,13 @@
5		5
6	#include "core/core.h"	6	#include "core/core.h"
7	#include "core/hle/result.h"	7	#include "core/hle/result.h"
		8	#include "core/hle/service/cmif_serialization.h"
8	#include "core/hle/service/ipc_helpers.h"	9	#include "core/hle/service/ipc_helpers.h"
9	#include "core/hle/service/server_manager.h"	10	#include "core/hle/service/server_manager.h"
10	#include "core/hle/service/service.h"	11	#include "core/hle/service/service.h"
11	#include "core/hle/service/sm/sm.h"	12	#include "core/hle/service/sm/sm.h"
12	#include "core/hle/service/sockets/bsd.h"	13	#include "core/hle/service/sockets/bsd.h"
		14	#include "core/hle/service/ssl/cert_store.h"
13	#include "core/hle/service/ssl/ssl.h"	15	#include "core/hle/service/ssl/ssl.h"
14	#include "core/hle/service/ssl/ssl_backend.h"	16	#include "core/hle/service/ssl/ssl_backend.h"
15	#include "core/internal_network/network.h"	17	#include "core/internal_network/network.h"
@@ -492,13 +494,14 @@ private:
492		494
493	class ISslService final : public ServiceFramework<ISslService> {	495	class ISslService final : public ServiceFramework<ISslService> {
494	public:	496	public:
495	explicit ISslService(Core::System& system_) : ServiceFramework{system_, "ssl"} {	497	explicit ISslService(Core::System& system_)
		498	: ServiceFramework{system_, "ssl"}, cert_store{system} {
496	// clang-format off	499	// clang-format off
497	static const FunctionInfo functions[] = {	500	static const FunctionInfo functions[] = {
498	{0, &ISslService::CreateContext, "CreateContext"},	501	{0, &ISslService::CreateContext, "CreateContext"},
499	{1, nullptr, "GetContextCount"},	502	{1, nullptr, "GetContextCount"},
500	{2, nullptr, "GetCertificates"},	503	{2, D<&ISslService::GetCertificates>, "GetCertificates"},
501	{3, nullptr, "GetCertificateBufSize"},	504	{3, D<&ISslService::GetCertificateBufSize>, "GetCertificateBufSize"},
502	{4, nullptr, "DebugIoctl"},	505	{4, nullptr, "DebugIoctl"},
503	{5, &ISslService::SetInterfaceVersion, "SetInterfaceVersion"},	506	{5, &ISslService::SetInterfaceVersion, "SetInterfaceVersion"},
504	{6, nullptr, "FlushSessionCache"},	507	{6, nullptr, "FlushSessionCache"},
@@ -540,6 +543,22 @@ private:
540	IPC::ResponseBuilder rb{ctx, 2};	543	IPC::ResponseBuilder rb{ctx, 2};
541	rb.Push(ResultSuccess);	544	rb.Push(ResultSuccess);
542	}	545	}
		546
		547	Result GetCertificateBufSize(
		548	Out<u32> out_size, InArray<CaCertificateId, BufferAttr_HipcMapAlias> certificate_ids) {
		549	LOG_INFO(Service_SSL, "called");
		550	u32 num_entries;
		551	R_RETURN(cert_store.GetCertificateBufSize(out_size, &num_entries, certificate_ids));
		552	}
		553
		554	Result GetCertificates(Out<u32> out_num_entries, OutBuffer<BufferAttr_HipcMapAlias> out_buffer,
		555	InArray<CaCertificateId, BufferAttr_HipcMapAlias> certificate_ids) {
		556	LOG_INFO(Service_SSL, "called");
		557	R_RETURN(cert_store.GetCertificates(out_num_entries, out_buffer, certificate_ids));
		558	}
		559
		560	private:
		561	CertStore cert_store;
543	};	562	};
544		563
545	void LoopProcess(Core::System& system) {	564	void LoopProcess(Core::System& system) {


diff --git a/src/core/hle/service/ssl/ssl_types.h b/src/core/hle/service/ssl/ssl_types.h new file mode 100644 index 000000000..dbc3dbf64 --- /dev/null +++ b/src/core/hle/service/ssl/ssl_types.h
@@ -0,0 +1,107 @@
		1	// SPDX-FileCopyrightText: Copyright 2024 yuzu Emulator Project
		2	// SPDX-License-Identifier: GPL-2.0-or-later
		3
		4	#pragma once
		5
		6	#include "common/common_types.h"
		7
		8	namespace Service::SSL {
		9
		10	enum class CaCertificateId : s32 {
		11	All = -1,
		12	NintendoCAG3 = 1,
		13	NintendoClass2CAG3 = 2,
		14	NintendoRootCAG4 = 3,
		15	AmazonRootCA1 = 1000,
		16	StarfieldServicesRootCertificateAuthorityG2 = 1001,
		17	AddTrustExternalCARoot = 1002,
		18	COMODOCertificationAuthority = 1003,
		19	UTNDATACorpSGC = 1004,
		20	UTNUSERFirstHardware = 1005,
		21	BaltimoreCyberTrustRoot = 1006,
		22	CybertrustGlobalRoot = 1007,
		23	VerizonGlobalRootCA = 1008,
		24	DigiCertAssuredIDRootCA = 1009,
		25	DigiCertAssuredIDRootG2 = 1010,
		26	DigiCertGlobalRootCA = 1011,
		27	DigiCertGlobalRootG2 = 1012,
		28	DigiCertHighAssuranceEVRootCA = 1013,
		29	EntrustnetCertificationAuthority2048 = 1014,
		30	EntrustRootCertificationAuthority = 1015,
		31	EntrustRootCertificationAuthorityG2 = 1016,
		32	GeoTrustGlobalCA2 = 1017,
		33	GeoTrustGlobalCA = 1018,
		34	GeoTrustPrimaryCertificationAuthorityG3 = 1019,
		35	GeoTrustPrimaryCertificationAuthority = 1020,
		36	GlobalSignRootCA = 1021,
		37	GlobalSignRootCAR2 = 1022,
		38	GlobalSignRootCAR3 = 1023,
		39	GoDaddyClass2CertificationAuthority = 1024,
		40	GoDaddyRootCertificateAuthorityG2 = 1025,
		41	StarfieldClass2CertificationAuthority = 1026,
		42	StarfieldRootCertificateAuthorityG2 = 1027,
		43	thawtePrimaryRootCAG3 = 1028,
		44	thawtePrimaryRootCA = 1029,
		45	VeriSignClass3PublicPrimaryCertificationAuthorityG3 = 1030,
		46	VeriSignClass3PublicPrimaryCertificationAuthorityG5 = 1031,
		47	VeriSignUniversalRootCertificationAuthority = 1032,
		48	DSTRootCAX3 = 1033,
		49	USERTrustRsaCertificationAuthority = 1034,
		50	ISRGRootX10 = 1035,
		51	USERTrustEccCertificationAuthority = 1036,
		52	COMODORsaCertificationAuthority = 1037,
		53	COMODOEccCertificationAuthority = 1038,
		54	AmazonRootCA2 = 1039,
		55	AmazonRootCA3 = 1040,
		56	AmazonRootCA4 = 1041,
		57	DigiCertAssuredIDRootG3 = 1042,
		58	DigiCertGlobalRootG3 = 1043,
		59	DigiCertTrustedRootG4 = 1044,
		60	EntrustRootCertificationAuthorityEC1 = 1045,
		61	EntrustRootCertificationAuthorityG4 = 1046,
		62	GlobalSignECCRootCAR4 = 1047,
		63	GlobalSignECCRootCAR5 = 1048,
		64	GlobalSignECCRootCAR6 = 1049,
		65	GTSRootR1 = 1050,
		66	GTSRootR2 = 1051,
		67	GTSRootR3 = 1052,
		68	GTSRootR4 = 1053,
		69	SecurityCommunicationRootCA = 1054,
		70	GlobalSignRootE4 = 1055,
		71	GlobalSignRootR4 = 1056,
		72	TTeleSecGlobalRootClass2 = 1057,
		73	DigiCertTLSECCP384RootG5 = 1058,
		74	DigiCertTLSRSA4096RootG5 = 1059,
		75	};
		76
		77	enum class TrustedCertStatus : s32 {
		78	Invalid = -1,
		79	Removed = 0,
		80	EnabledTrusted = 1,
		81	EnabledNotTrusted = 2,
		82	Revoked = 3,
		83	};
		84
		85	struct BuiltInCertificateInfo {
		86	CaCertificateId cert_id;
		87	TrustedCertStatus status;
		88	u64 der_size;
		89	u64 der_offset;
		90	};
		91	static_assert(sizeof(BuiltInCertificateInfo) == 0x18, "BuiltInCertificateInfo has incorrect size.");
		92
		93	struct CertStoreHeader {
		94	u32 magic;
		95	u32 num_entries;
		96	};
		97	static_assert(sizeof(CertStoreHeader) == 0x8, "CertStoreHeader has incorrect size.");
		98
		99	struct CertStoreEntry {
		100	CaCertificateId certificate_id;
		101	TrustedCertStatus certificate_status;
		102	u32 der_size;
		103	u32 der_offset;
		104	};
		105	static_assert(sizeof(CertStoreEntry) == 0x10, "CertStoreEntry has incorrect size.");
		106
		107	} // namespace Service::SSL