m2mb API docs  25.30.003
m2mb API sets documentation
m2mb_ssl.h
Go to the documentation of this file.
1 /*===============================================================================================*/
2 /* >>> Copyright (C) Telit Communications S.p.A. Italy All Rights Reserved. <<< */
27 #ifndef M2M_M2MB_SSL_H
28 #define M2M_M2MB_SSL_H
29 
30 /* Global declarations ==========================================================================*/
31 
32 /* Failure return codes MUST be < 0 */
33 #define M2MB_SSL_SUCCESS 0 /* Generic Success */
34 #define M2MB_SSL_FAILURE -1 /* Generic failure */
35 #define M2MB_SSL_ARG_FAIL -6 /* Failure due to bad function param */
36 #define M2MB_SSL_PLATFORM_FAIL -7 /* Not used */
37 #define M2MB_SSL_MEM_FAIL -8 /* Not used */
38 #define M2MB_SSL_LIMIT_FAIL -9 /* Not used */
39 #define M2MB_SSL_UNSUPPORTED_FAIL -10 /* Not used */
40 #define M2MB_SSL_PROTOCOL_FAIL -12 /* A protocol error occurred */
41 #define M2MB_SSL_TIMEOUT_FAIL -13 /* A timeout occurred and MAY be an error */
42 #define M2MB_SSL_INTERRUPT_FAIL -14 /* An interrupt occurred and MAY be an error */
43 #define M2MB_SSL_WRITE_ERROR -15 /* An error occured while encoding on socket */
44 #define M2MB_SSL_READ_ERROR -16 /* An error occured while decoding from socket */
45 #define M2MB_SSL_END_OF_FILE -17 /* There is no data to read in SSL */
46 #define M2MB_SSL_CLOSE_NOTIFY -18 /* SSL connection has been closed by remote host */
47 #define M2MB_SSL_CERT_AUTH_FAIL -35 /* Authentication fails */
48 #define M2MB_SSL_FULL -50 /* Not used */
49 #define M2MB_SSL_ALERT -54 /* We've decoded an alert */
50 #define M2MB_SSL_FILE_NOT_FOUND -55 /* File not found */
51 
52 #define M2MB_SSL_MAX_CA_LIST 10
53 #define M2MB_SSL_MAX_CIPHERSUITES 8
54 
55 /* Global typedefs ==============================================================================*/
56 
57 typedef HANDLE M2MB_SSL_CTXT_HANDLE;
58 typedef HANDLE M2MB_SSL_CONFIG_HANDLE;
59 typedef uiHANDLE M2MB_SSL_CONNECTION_HANDLE;
60 
61 /* TLS protocol version */
62 typedef enum M2MB_SSL_PROTOCOL_VERSION_E
63 {
64  M2MB_SSL_PROTOCOL_TLS_1_0,
65  M2MB_SSL_PROTOCOL_TLS_1_1,
66  M2MB_SSL_PROTOCOL_TLS_1_2,
67  M2MB_SSL_PROTOCOL_TLS_1_3,
68  M2MB_SSL_PROTOCOL_DTLS_1_0,
69  M2MB_SSL_PROTOCOL_DTLS_1_2,
70  M2MB_SSL_PROTOCOL_TLS /* use highest and allow downgrade */
71 } M2MB_SSL_PROTOCOL_VERSION_E;
72 
73 /* TLS ciphersuites */
74 typedef enum M2MB_SSL_CIPHER_SUITE_E
75 {
76  M2MB_TLS_PSK_WITH_RC4_128_SHA,
77  M2MB_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
78  M2MB_TLS_PSK_WITH_AES_128_CBC_SHA,
79  M2MB_TLS_PSK_WITH_AES_256_CBC_SHA,
80  M2MB_TLS_PSK_WITH_AES_128_GCM_SHA256,
81  M2MB_TLS_PSK_WITH_AES_256_GCM_SHA384,
82  M2MB_TLS_PSK_WITH_AES_128_CBC_SHA256,
83  M2MB_TLS_PSK_WITH_AES_256_CBC_SHA384,
84  M2MB_TLS_RSA_WITH_AES_128_CBC_SHA,
85  M2MB_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
86  M2MB_TLS_RSA_WITH_AES_256_CBC_SHA,
87  M2MB_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
88  M2MB_TLS_RSA_WITH_AES_128_CBC_SHA256,
89  M2MB_TLS_RSA_WITH_AES_256_CBC_SHA256,
90  M2MB_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
91  M2MB_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
92  M2MB_TLS_RSA_WITH_AES_128_GCM_SHA256,
93  M2MB_TLS_RSA_WITH_AES_256_GCM_SHA384,
94  M2MB_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
95  M2MB_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
96  M2MB_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
97  M2MB_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
98  M2MB_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
99  M2MB_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
100  M2MB_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
101  M2MB_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
102  M2MB_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
103  M2MB_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
104  M2MB_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
105  M2MB_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
106  M2MB_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
107  M2MB_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
108  M2MB_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
109  M2MB_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
110  M2MB_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
111  M2MB_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
112  M2MB_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
113  M2MB_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
114  M2MB_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
115  M2MB_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
116  M2MB_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
117  M2MB_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
118  M2MB_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
119  M2MB_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
120  M2MB_TLS_RSA_WITH_AES_128_CCM_8,
121  M2MB_TLS_RSA_WITH_AES_256_CCM_8,
122  M2MB_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
123  M2MB_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
124  M2MB_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
125 
126  /* Additional Cipher Suites TLS v1.3*/
127  M2MB_TLS_AES_128_GCM_SHA256,
128  M2MB_TLS_AES_256_GCM_SHA384,
129  M2MB_TLS_CHACHA20_POLY1305_SHA256,
130  M2MB_TLS_AES_128_CCM_SHA256,
131  M2MB_TLS_AES_128_CCM_8_SHA256,
132 
133  /* Additional PSK Cipher Suites */
134  M2MB_TLS_PSK_WITH_AES_128_CCM_8,
135  M2MB_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
136  M2MB_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
137 } M2MB_SSL_CIPHER_SUITE_E;
138 
139 typedef enum M2MB_SSL_CERT_TYPE_E
140 {
141  M2MB_SSL_CACERT, /* root CA certificate to authenticate the server */
142  M2MB_SSL_CERT, /* client certificate and private key in case of client authentication */
143  M2MB_SSL_PSKTABLE /* PSK table in case of DTLS */
144 } M2MB_SSL_CERT_TYPE_E;
145 
146 typedef struct M2MB_SSL_PSK_TABLE_T
147 {
148  UINT32 psk_Size;
150  UINT8 *psk_Buf;
152 } M2MB_SSL_PSK_TABLE_T;
153 
154 typedef struct M2MB_SSL_CERT_T
155 {
156  UINT8 *cert_Buf;
158  UINT32 cert_Size;
160  UINT8 *key_Buf;
162  UINT32 key_Size;
164  UINT8 *pass_Key;
166 } M2MB_SSL_CERT_T;
167 
168 typedef struct M2MB_SSL_CA_INFO_T
169 {
170  UINT8 *ca_Buf;
172  UINT32 ca_Size;
174 } M2MB_SSL_CA_INFO_T;
175 
176 typedef struct M2MB_SSL_CA_LIST_T
177 {
178  UINT32 ca_Cnt;
180  M2MB_SSL_CA_INFO_T *ca_Info[M2MB_SSL_MAX_CA_LIST];
182 } M2MB_SSL_CA_LIST_T;
183 
184 typedef union
185 {
186  M2MB_SSL_CERT_T cert; /* client certificate and key */
187  M2MB_SSL_CA_LIST_T ca_List; /* CA list in case of server auth */
188  M2MB_SSL_PSK_TABLE_T psk_Tbl; /* PSK table */
189 } M2MB_SSL_SEC_INFO_U;
190 
191 typedef enum M2MB_SSL_AUTH_TYPE_E
192 {
193  M2MB_SSL_NO_AUTH,
194  M2MB_SSL_SERVER_AUTH,
195  M2MB_SSL_SERVER_CLIENT_AUTH
196 } M2MB_SSL_AUTH_TYPE_E;
197 
198 typedef struct M2MB_SSL_CONFIG_T
199 {
200  M2MB_SSL_PROTOCOL_VERSION_E ProtVers; /* SSL TLS protocol version */
201  M2MB_SSL_AUTH_TYPE_E AuthType; /* SSL TLS auth type */
202  M2MB_SSL_CIPHER_SUITE_E *CipherSuites; /* ciphersuites set */
203  UINT8 CipherSuitesNum; /* note: max 8 allowed */
204 } M2MB_SSL_CONFIG_T;
205 
206 typedef enum
207 {
208  M2MB_SSL_NAME_CHECK = 0,
209  M2MB_SSL_NAME_SNI = 1,
210  M2MB_SSL_DTLS_SET_SOCKET_NAME = 2,
211  M2MB_SSL_CONNECT_TIMEOUT = 3,
212  ENUM_TO_INT( M2MB_SSL_CONF_REQUEST_E )
213 } M2MB_SSL_CONF_REQUEST_E;
214 
215 /* Global functions =============================================================================*/
216 
217 /*-----------------------------------------------------------------------------------------------*/
218 
251 /*-----------------------------------------------------------------------------------------------*/
252 M2MB_SSL_CTXT_HANDLE m2mb_ssl_create_ctxt( void );
253 
254 /*-----------------------------------------------------------------------------------------------*/
306 /*-----------------------------------------------------------------------------------------------*/
307 M2MB_SSL_CONFIG_HANDLE m2mb_ssl_create_config( M2MB_SSL_CONFIG_T sslConfig, INT32 *result );
308 
365 /*-----------------------------------------------------------------------------------------------*/
366 INT32 m2mb_ssl_delete_config( M2MB_SSL_CONFIG_HANDLE sslConfigHndl );
367 
496 /*-----------------------------------------------------------------------------------------------*/
497 M2MB_SSL_CONNECTION_HANDLE m2mb_ssl_secure_socket( M2MB_SSL_CONFIG_HANDLE sslConfigHndl, M2MB_SSL_CTXT_HANDLE sslCtxtHndl, M2MB_SOCKET_BSD_SOCKET socket_fd, INT32 *result );
498 
534 /*-----------------------------------------------------------------------------------------------*/
535 INT32 m2mb_ssl_connect( M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle );
536 
582 /*-----------------------------------------------------------------------------------------------*/
583 INT32 m2mb_ssl_write( M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle, void *buf, UINT32 len );
584 
627 /*-----------------------------------------------------------------------------------------------*/
628 INT32 m2mb_ssl_read( M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle, void *buf, UINT32 len );
629 
665 /*-----------------------------------------------------------------------------------------------*/
666 INT32 m2mb_ssl_shutdown( M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle );
667 
748 /*-----------------------------------------------------------------------------------------------*/
749 INT32 m2mb_ssl_cert_store( M2MB_SSL_CERT_TYPE_E sslCertType, M2MB_SSL_SEC_INFO_U sslSecInfo, CHAR *name );
750 
788 /*-----------------------------------------------------------------------------------------------*/
789 
790 INT32 m2mb_ssl_cert_load( M2MB_SSL_CTXT_HANDLE sslCtxtHndl, M2MB_SSL_CERT_TYPE_E sslCertType, CHAR *name );
791 
828 /*-----------------------------------------------------------------------------------------------*/
829 INT32 m2mb_ssl_cert_delete( M2MB_SSL_CERT_TYPE_E sslCertType, CHAR *name );
830 
854 /*-----------------------------------------------------------------------------------------------*/
855 void m2mb_ssl_delete_ctxt( M2MB_SSL_CTXT_HANDLE sslCtxtHndl );
856 
915 /*-----------------------------------------------------------------------------------------------*/
916 INT32 m2mb_ssl_config( M2MB_SSL_CONFIG_HANDLE sslConfigHndl, INT32 cmd, void *argp );
917 
956 /*-----------------------------------------------------------------------------------------------*/
957 INT32 m2mb_ssl_get_pending_bytes( M2MB_SOCKET_BSD_SOCKET socket_fd, M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle );
958 
959 
960 #endif /* M2M_M2MB_SSL_H */
M2MB_SSL_CERT_T::key_Buf
UINT8 * key_Buf
Definition: m2mb_ssl.h:160
M2MB_SSL_SEC_INFO_U
Definition: m2mb_ssl.h:184
m2mb_ssl_delete_config
INT32 m2mb_ssl_delete_config(M2MB_SSL_CONFIG_HANDLE sslConfigHndl)
deletes an SSL TLS configuration
m2mb_ssl_secure_socket
M2MB_SSL_CONNECTION_HANDLE m2mb_ssl_secure_socket(M2MB_SSL_CONFIG_HANDLE sslConfigHndl, M2MB_SSL_CTXT_HANDLE sslCtxtHndl, M2MB_SOCKET_BSD_SOCKET socket_fd, INT32 *result)
creates secure socket connection
M2MB_SSL_CERT_T
Definition: m2mb_ssl.h:154
m2mb_ssl_shutdown
INT32 m2mb_ssl_shutdown(M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle)
shutdown SSL TLS connection
m2mb_ssl_create_config
M2MB_SSL_CONFIG_HANDLE m2mb_ssl_create_config(M2MB_SSL_CONFIG_T sslConfig, INT32 *result)
creates an SSL TLS configuration
M2MB_SSL_CERT_T::key_Size
UINT32 key_Size
Definition: m2mb_ssl.h:162
m2mb_ssl_get_pending_bytes
INT32 m2mb_ssl_get_pending_bytes(M2MB_SOCKET_BSD_SOCKET socket_fd, M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle)
to get pending bytes.
M2MB_SSL_PSK_TABLE_T
Definition: m2mb_ssl.h:146
M2MB_SSL_CA_INFO_T::ca_Buf
UINT8 * ca_Buf
Definition: m2mb_ssl.h:170
M2MB_SSL_CERT_T::cert_Buf
UINT8 * cert_Buf
Definition: m2mb_ssl.h:156
m2mb_ssl_cert_load
INT32 m2mb_ssl_cert_load(M2MB_SSL_CTXT_HANDLE sslCtxtHndl, M2MB_SSL_CERT_TYPE_E sslCertType, CHAR *name)
load certificates in the SSL context
m2mb_ssl_create_ctxt
M2MB_SSL_CTXT_HANDLE m2mb_ssl_create_ctxt(void)
creates SSL TLS context
M2MB_SSL_CERT_T::cert_Size
UINT32 cert_Size
Definition: m2mb_ssl.h:158
M2MB_SSL_PSK_TABLE_T::psk_Buf
UINT8 * psk_Buf
Definition: m2mb_ssl.h:150
m2mb_ssl_write
INT32 m2mb_ssl_write(M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle, void *buf, UINT32 len)
writes len bytes from buf into sslConnectionHandle SSL TLS connection
M2MB_SSL_CA_INFO_T::ca_Size
UINT32 ca_Size
Definition: m2mb_ssl.h:172
M2MB_SSL_CA_LIST_T::ca_Info
M2MB_SSL_CA_INFO_T * ca_Info[M2MB_SSL_MAX_CA_LIST]
Definition: m2mb_ssl.h:180
M2MB_SSL_CA_INFO_T
Definition: m2mb_ssl.h:168
M2MB_SSL_CERT_T::pass_Key
UINT8 * pass_Key
Definition: m2mb_ssl.h:164
M2MB_SSL_PSK_TABLE_T::psk_Size
UINT32 psk_Size
Definition: m2mb_ssl.h:148
m2mb_ssl_config
INT32 m2mb_ssl_config(M2MB_SSL_CONFIG_HANDLE sslConfigHndl, INT32 cmd, void *argp)
to configure SSL parameters
m2mb_ssl_cert_delete
INT32 m2mb_ssl_cert_delete(M2MB_SSL_CERT_TYPE_E sslCertType, CHAR *name)
delete certificates
m2mb_ssl_read
INT32 m2mb_ssl_read(M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle, void *buf, UINT32 len)
read len bytes from sslConnectionHandle SSL TLS connection into buf
m2mb_ssl_cert_store
INT32 m2mb_ssl_cert_store(M2MB_SSL_CERT_TYPE_E sslCertType, M2MB_SSL_SEC_INFO_U sslSecInfo, CHAR *name)
store certificates from buffer
M2MB_SSL_CONFIG_T
Definition: m2mb_ssl.h:198
m2mb_ssl_delete_ctxt
void m2mb_ssl_delete_ctxt(M2MB_SSL_CTXT_HANDLE sslCtxtHndl)
delete context
M2MB_SSL_CA_LIST_T
Definition: m2mb_ssl.h:176
M2MB_SSL_CA_LIST_T::ca_Cnt
UINT32 ca_Cnt
Definition: m2mb_ssl.h:178
m2mb_ssl_connect
INT32 m2mb_ssl_connect(M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle)
performs SSL TLS connection