Documentation

Mistake on this page? Email us
pal_TLS.h
Go to the documentation of this file.
1 // ----------------------------------------------------------------------------
2 // Copyright 2016-2019 ARM Ltd.
3 //
4 // SPDX-License-Identifier: Apache-2.0
5 //
6 // Licensed under the Apache License, Version 2.0 (the "License");
7 // you may not use this file except in compliance with the License.
8 // You may obtain a copy of the License at
9 //
10 // http://www.apache.org/licenses/LICENSE-2.0
11 //
12 // Unless required by applicable law or agreed to in writing, software
13 // distributed under the License is distributed on an "AS IS" BASIS,
14 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 // See the License for the specific language governing permissions and
16 // limitations under the License.
17 // ----------------------------------------------------------------------------
18 
19 #ifndef _PAL_DTLS_H_
20 #define _PAL_DTLS_H_
21 
22 #ifndef _PAL_H
23  #error "Please do not include this file directly, use pal.h instead"
24 #endif
25 
33 /***************************************************/
34 /**** PAL DTLS data structures *********************/
35 /***************************************************/
36 
37 // Index in the static array of the TLSs.
38 typedef uintptr_t palTLSHandle_t;
39 typedef uintptr_t palTLSConfHandle_t;
40 
41 typedef enum palTLSTranportMode{
42 #ifdef PAL_NET_TCP_AND_TLS_SUPPORT
43  PAL_TLS_MODE, //(STREAM)
44 #endif //PAL_NET_TCP_AND_TLS_SUPPORT
45  PAL_DTLS_MODE //(DATAGRAM)
46 }palTLSTransportMode_t;
47 
48 typedef struct palTLSSocket{
49  palSocket_t socket;
50  palSocketAddress_t* socketAddress;
51  palSocketLength_t addressLength;
52  palTLSTransportMode_t transportationMode;
53 }palTLSSocket_t;
54 
55 
56 typedef struct palTLSBuffer{
57  const void* buffer;
58  uint32_t size;
59 }palTLSBuffer_t;
60 
61 typedef palTLSBuffer_t palX509_t;
62 typedef palTLSBuffer_t palX509CRL_t;
63 #ifdef MBED_CONF_MBED_CLOUD_CLIENT_PSA_SUPPORT
64 typedef uintptr_t palPrivateKey_t;
65 #else
66 typedef palTLSBuffer_t palPrivateKey_t;
67 #endif
68 
73 typedef int(*palEntropySource_f)(void *data, unsigned char *output, size_t len, size_t *olen);
74 
75 typedef void(*palSocketCallback_f)(void*);
76 
77 /***************************************************/
78 /**** PAL DTLS Client APIs *************************/
79 /***************************************************/
80 
86 palStatus_t pal_initTLSLibrary(void);
87 
93 palStatus_t pal_cleanupTLS(void);
94 
102 palStatus_t pal_initTLS(palTLSConfHandle_t palTLSConf, palTLSHandle_t* palTLSHandle, bool is_server_ping);
103 
110 palStatus_t pal_freeTLS(palTLSHandle_t* palTLSHandle);
111 
121 palStatus_t pal_addEntropySource(palEntropySource_f entropyCallback);
122 
130 palStatus_t pal_initTLSConfiguration(palTLSConfHandle_t* palTLSConf, palTLSTransportMode_t transportationMode);
131 
138 palStatus_t pal_tlsConfigurationFree(palTLSConfHandle_t* palTLSConf);
139 
147 palStatus_t pal_setOwnCertChain(palTLSConfHandle_t palTLSConf, palX509_t* ownCert);
148 
159 palStatus_t pal_initPrivateKey(const void *buf, size_t buf_size, palPrivateKey_t* privateKey);
160 
168 palStatus_t pal_setOwnPrivateKey(palTLSConfHandle_t palTLSConf, palPrivateKey_t* privateKey);
169 
178 palStatus_t pal_setCAChain(palTLSConfHandle_t palTLSConf, palX509_t* caChain, palX509CRL_t* caCRL);
179 
190 palStatus_t pal_setPSK(palTLSConfHandle_t palTLSConf, const unsigned char *identity, uint32_t maxIdentityLenInBytes, const unsigned char *psk, uint32_t maxPskLenInBytes);
191 
199 palStatus_t pal_tlsSetSocket(palTLSConfHandle_t palTLSConf, palTLSSocket_t* socket);
200 
211 palStatus_t pal_handShake(palTLSHandle_t palTLSHandle, palTLSConfHandle_t palTLSConf, bool skipResume);
212 
222 palStatus_t pal_setHandShakeTimeOut(palTLSConfHandle_t palTLSConf, uint32_t minTimeout, uint32_t maxTimeout);
223 
233 palStatus_t pal_sslGetVerifyResultExtended(palTLSHandle_t palTLSHandle, int32_t* verifyResult);
234 
244 palStatus_t pal_sslRead(palTLSHandle_t palTLSHandle, void *buffer, uint32_t len, uint32_t* actualLen);
245 
256 palStatus_t pal_sslWrite(palTLSHandle_t palTLSHandle, palTLSConfHandle_t palTLSConf, const void *buffer, uint32_t len, uint32_t *bytesWritten);
257 
266 palStatus_t pal_sslSetDebugging(palTLSConfHandle_t palTLSConf,uint8_t turnOn);
267 
275 palStatus_t pal_sslDebugging(uint8_t turnOn);
276 
280 void pal_store_cid();
281 
285 void pal_remove_cid();
286 
290 bool pal_is_cid_available();
291 
292 #if (PAL_USE_SSL_SESSION_RESUME == 1)
293 
301 void pal_enableSslSessionStoring(palTLSConfHandle_t palTLSConf, bool enable);
302 
303 #endif // PAL_USE_SSL_SESSION_RESUME
304 
314 void pal_setDTLSSocketCallback(palTLSConfHandle_t palTLSConf, palSocketCallback_f callback, void *argument);
315 
323 void pal_set_cid_value(palTLSHandle_t palTLSHandle, palTLSConfHandle_t palTLSConf, const uint8_t *data_ptr, const size_t data_len);
324 
325 #endif // _PAL_DTLS_H_
pal_store_cid
void pal_store_cid()
Stores CID context persistently for DTLS based setup.
palEntropySource_f
int(* palEntropySource_f)(void *data, unsigned char *output, size_t len, size_t *olen)
This callback is useful ONLY when mbed TLS is used as TLS platform library.
Definition: pal_TLS.h:73
pal_initTLS
palStatus_t pal_initTLS(palTLSConfHandle_t palTLSConf, palTLSHandle_t *palTLSHandle, bool is_server_ping)
Initiate a new TLS context.
pal_sslSetDebugging
palStatus_t pal_sslSetDebugging(palTLSConfHandle_t palTLSConf, uint8_t turnOn)
Turn the debugging on or off for the given TLS library configuration handle. The logs are sent via th...
pal_initTLSConfiguration
palStatus_t pal_initTLSConfiguration(palTLSConfHandle_t *palTLSConf, palTLSTransportMode_t transportationMode)
Initiate a new configuration context.
pal_sslDebugging
palStatus_t pal_sslDebugging(uint8_t turnOn)
palTLSSocket
Definition: pal_TLS.h:48
palTLSTranportMode
palTLSTranportMode
Definition: pal_TLS.h:41
palTLSConfHandle_t
uintptr_t palTLSConfHandle_t
Definition: pal_TLS.h:39
pal_setCAChain
palStatus_t pal_setCAChain(palTLSConfHandle_t palTLSConf, palX509_t *caChain, palX509CRL_t *caCRL)
Set the data required to verify the peer certificate.
palTLSHandle_t
uintptr_t palTLSHandle_t
Definition: pal_TLS.h:38
pal_initTLSLibrary
palStatus_t pal_initTLSLibrary(void)
Initiate the TLS library.
palSocketLength_t
uint32_t palSocketLength_t
The length of data.
Definition: pal_network.h:43
palTLSSocket::addressLength
palSocketLength_t addressLength
Definition: pal_TLS.h:51
pal_setHandShakeTimeOut
palStatus_t pal_setHandShakeTimeOut(palTLSConfHandle_t palTLSConf, uint32_t minTimeout, uint32_t maxTimeout)
Set the retransmit timeout values for the DTLS handshake. DTLS only, no effect on TLS...
pal_setPSK
palStatus_t pal_setPSK(palTLSConfHandle_t palTLSConf, const unsigned char *identity, uint32_t maxIdentityLenInBytes, const unsigned char *psk, uint32_t maxPskLenInBytes)
Set the Pre-Shared Key (PSK) and the expected identity name.
pal_setOwnCertChain
palStatus_t pal_setOwnCertChain(palTLSConfHandle_t palTLSConf, palX509_t *ownCert)
Set your own certificate chain.
palTLSBuffer_t
struct palTLSBuffer palTLSBuffer_t
pal_sslGetVerifyResultExtended
palStatus_t pal_sslGetVerifyResultExtended(palTLSHandle_t palTLSHandle, int32_t *verifyResult)
Return the result of the certificate verification.
palSocket_t
void * palSocket_t
PAL socket handle type.
Definition: pal_network.h:44
pal_setOwnPrivateKey
palStatus_t pal_setOwnPrivateKey(palTLSConfHandle_t palTLSConf, palPrivateKey_t *privateKey)
Set your own private key.
palTLSBuffer::buffer
const void * buffer
Definition: pal_TLS.h:57
pal_addEntropySource
palStatus_t pal_addEntropySource(palEntropySource_f entropyCallback)
Add an entropy source to the TLS/DTLS library. NOT available in all TLS/DTLS platforms, see note.
pal_initPrivateKey
palStatus_t pal_initPrivateKey(const void *buf, size_t buf_size, palPrivateKey_t *privateKey)
pal_remove_cid
void pal_remove_cid()
Removes CID context for DTLS based setup.
palTLSSocket::socketAddress
palSocketAddress_t * socketAddress
Definition: pal_TLS.h:50
palTLSBuffer
Definition: pal_TLS.h:56
palPrivateKey_t
palTLSBuffer_t palPrivateKey_t
Definition: pal_TLS.h:66
pal_sslWrite
palStatus_t pal_sslWrite(palTLSHandle_t palTLSHandle, palTLSConfHandle_t palTLSConf, const void *buffer, uint32_t len, uint32_t *bytesWritten)
Write the exact length of application data bytes.
palTLSTransportMode_t
enum palTLSTranportMode palTLSTransportMode_t
palSocketCallback_f
void(* palSocketCallback_f)(void *)
Definition: pal_TLS.h:75
palTLSSocket_t
struct palTLSSocket palTLSSocket_t
palTLSBuffer::size
uint32_t size
Definition: pal_TLS.h:58
pal_tlsSetSocket
palStatus_t pal_tlsSetSocket(palTLSConfHandle_t palTLSConf, palTLSSocket_t *socket)
Set the socket used by the TLS configuration context.
pal_cleanupTLS
palStatus_t pal_cleanupTLS(void)
Free resources for the TLS library.
pal_handShake
palStatus_t pal_handShake(palTLSHandle_t palTLSHandle, palTLSConfHandle_t palTLSConf, bool skipResume)
Perform the TLS handshake. This function is blocking.
pal_tlsConfigurationFree
palStatus_t pal_tlsConfigurationFree(palTLSConfHandle_t *palTLSConf)
Destroy and free the resources of the TLS configurtion context.
pal_setDTLSSocketCallback
void pal_setDTLSSocketCallback(palTLSConfHandle_t palTLSConf, palSocketCallback_f callback, void *argument)
Set the socket callback function pointer for the DTLS handshake retransmission. DTLS only...
pal_freeTLS
palStatus_t pal_freeTLS(palTLSHandle_t *palTLSHandle)
Destroy and free the resources of the TLS context.
palTLSSocket::socket
palSocket_t socket
Definition: pal_TLS.h:49
palTLSSocket::transportationMode
palTLSTransportMode_t transportationMode
Definition: pal_TLS.h:52
palX509_t
palTLSBuffer_t palX509_t
Definition: pal_TLS.h:61
PAL_DTLS_MODE
Definition: pal_TLS.h:45
pal_is_cid_available
bool pal_is_cid_available()
Status of CID availability in client.
palStatus_t
int32_t palStatus_t
Definition: pal_types.h:55
palX509CRL_t
palTLSBuffer_t palX509CRL_t
Definition: pal_TLS.h:62
pal_set_cid_value
void pal_set_cid_value(palTLSHandle_t palTLSHandle, palTLSConfHandle_t palTLSConf, const uint8_t *data_ptr, const size_t data_len)
Internal test function. Set CID for current tls session.
palSocketAddress
Definition: pal_network.h:48
pal_sslRead
palStatus_t pal_sslRead(palTLSHandle_t palTLSHandle, void *buffer, uint32_t len, uint32_t *actualLen)
Read the application data bytes (the max number of bytes).