1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
|
// SPDX-FileCopyrightText: Copyright 2024 yuzu Emulator Project
// SPDX-License-Identifier: GPL-2.0-or-later
#include "common/alignment.h"
#include "core/core.h"
#include "core/file_sys/content_archive.h"
#include "core/file_sys/nca_metadata.h"
#include "core/file_sys/registered_cache.h"
#include "core/file_sys/romfs.h"
#include "core/hle/service/filesystem/filesystem.h"
#include "core/hle/service/ssl/cert_store.h"
namespace Service::SSL {
// https://switchbrew.org/wiki/SSL_services#CertStore
CertStore::CertStore(Core::System& system) {
constexpr u64 CertStoreDataId = 0x0100000000000800ULL;
auto& fsc = system.GetFileSystemController();
// Attempt to load certificate data from storage
const auto nca =
fsc.GetSystemNANDContents()->GetEntry(CertStoreDataId, FileSys::ContentRecordType::Data);
if (!nca) {
return;
}
const auto romfs = nca->GetRomFS();
if (!romfs) {
return;
}
const auto extracted = FileSys::ExtractRomFS(romfs);
if (!extracted) {
LOG_ERROR(Service_SSL, "CertStore could not be extracted, corrupt RomFS?");
return;
}
const auto cert_store_file = extracted->GetFile("ssl_TrustedCerts.bdf");
if (!cert_store_file) {
LOG_ERROR(Service_SSL, "Failed to find trusted certificates in CertStore");
return;
}
// Read and verify the header.
CertStoreHeader header;
cert_store_file->ReadObject(std::addressof(header));
if (header.magic != Common::MakeMagic('s', 's', 'l', 'T')) {
LOG_ERROR(Service_SSL, "Invalid certificate store magic");
return;
}
// Ensure the file can contains the number of entries it says it does.
const u64 expected_size = sizeof(header) + sizeof(CertStoreEntry) * header.num_entries;
const u64 actual_size = cert_store_file->GetSize();
if (actual_size < expected_size) {
LOG_ERROR(Service_SSL, "Size mismatch, expected at least {} bytes, got {}", expected_size,
actual_size);
return;
}
// Read entries.
std::vector<CertStoreEntry> entries(header.num_entries);
cert_store_file->ReadArray(entries.data(), header.num_entries, sizeof(header));
// Insert into memory store.
for (const auto& entry : entries) {
m_certs.emplace(entry.certificate_id,
Certificate{
.status = entry.certificate_status,
.der_data = cert_store_file->ReadBytes(
entry.der_size, entry.der_offset + sizeof(header)),
});
}
}
CertStore::~CertStore() = default;
template <typename F>
void CertStore::ForEachCertificate(std::span<const CaCertificateId> certificate_ids, F&& f) {
if (certificate_ids.size() == 1 && certificate_ids.front() == CaCertificateId::All) {
for (const auto& entry : m_certs) {
f(entry);
}
} else {
for (const auto certificate_id : certificate_ids) {
const auto entry = m_certs.find(certificate_id);
if (entry == m_certs.end()) {
continue;
}
f(*entry);
}
}
}
Result CertStore::GetCertificates(u32* out_num_entries, std::span<u8> out_data,
std::span<const CaCertificateId> certificate_ids) {
// Ensure the buffer is large enough to hold the output.
u32 required_size;
R_TRY(this->GetCertificateBufSize(std::addressof(required_size), out_num_entries,
certificate_ids));
R_UNLESS(out_data.size_bytes() >= required_size, ResultUnknown);
// Make parallel arrays.
std::vector<BuiltInCertificateInfo> cert_infos;
std::vector<u8> der_datas;
const u32 der_data_offset = (*out_num_entries + 1) * sizeof(BuiltInCertificateInfo);
u32 cur_der_offset = der_data_offset;
// Fill output.
this->ForEachCertificate(certificate_ids, [&](auto& entry) {
const auto& [status, cur_der_data] = entry.second;
BuiltInCertificateInfo cert_info{
.cert_id = entry.first,
.status = status,
.der_size = cur_der_data.size(),
.der_offset = cur_der_offset,
};
cert_infos.push_back(cert_info);
der_datas.insert(der_datas.end(), cur_der_data.begin(), cur_der_data.end());
cur_der_offset += static_cast<u32>(cur_der_data.size());
});
// Append terminator entry.
cert_infos.push_back(BuiltInCertificateInfo{
.cert_id = CaCertificateId::All,
.status = TrustedCertStatus::Invalid,
.der_size = 0,
.der_offset = 0,
});
// Write to output span.
std::memcpy(out_data.data(), cert_infos.data(),
cert_infos.size() * sizeof(BuiltInCertificateInfo));
std::memcpy(out_data.data() + der_data_offset, der_datas.data(), der_datas.size());
R_SUCCEED();
}
Result CertStore::GetCertificateBufSize(u32* out_size, u32* out_num_entries,
std::span<const CaCertificateId> certificate_ids) {
// Output size is at least the size of the terminator entry.
*out_size = sizeof(BuiltInCertificateInfo);
*out_num_entries = 0;
this->ForEachCertificate(certificate_ids, [&](auto& entry) {
*out_size += sizeof(BuiltInCertificateInfo);
*out_size += Common::AlignUp(static_cast<u32>(entry.second.der_data.size()), 4);
(*out_num_entries)++;
});
R_SUCCEED();
}
} // namespace Service::SSL
|
