SceLibSsl

This module implements TLS for the PS Vita in most use cases (including PSN access).

SceLibSsl is a port of RSA BSAFE® Crypto-C Micro Edition. See also the unstripped binaries of RSA BSAFE® Crypto-C Micro Edition.

Notably, WebKit does not seem to use this but it shares the CA list in vs0:data/external/cert/CA_LIST.cer. CA_LIST.cer includes all the usual root CAs and in addition, 5 SCE signed ROOT CAs. Note that because the SCE root CAs are also used in WebKit and other apps (email for example), it is possible for Sony to do a MITM attack on any of their users. This is a privacy hole for users, but it seems that the same policy is in place in PSP, PS3, and likely PS4 as well. Although CA_LIST.cer is unsigned, just like in later PS3 firmwares, Sony stores the hash of all certificates in SceLibSsl (which itself is signed). This makes impossible a theoretical attack of adding a root CA on an updated PS Vita in order to extract the platform passphrase.

Module

Libraries

Known NIDs

SceSslInternal

internal_get_ca

Obtains a certificate from vs0:data/external/cert/CA_LIST.cer. If unk, buf, and unk2 are zero, then get the size of the certificate. Otherwise, load the certificate (PEM) into buf. The file offset and size in CA_LIST.cer are hardcoded into the function for each given id pair. There is also a hardcoded list of SHA1 hashes for each certificate that is checked against before returning.

int internal_get_ca(int id1, int id2, int unk, char *buf, int unk2, size_t *size);

Subroutines

SSL_CIPHER_description

char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len);

SSL_CIPHER_get_version

char *SSL_CIPHER_get_version(const SSL_CIPHER *c);

ERR_raise