m2mb API docs  25.30.004.0
m2mb API sets documentation
m2mb_ssl.h
Go to the documentation of this file.
1 /* $version: 252203 */
2 /*===============================================================================================*/
3 /* >>> Copyright (C) Telit Communications S.p.A. Italy All Rights Reserved. <<< */
28 #ifndef M2M_M2MB_SSL_H
29 #define M2M_M2MB_SSL_H
30 
31 /* Global declarations ==========================================================================*/
32 
33 /* Failure return codes MUST be < 0 */
34 #define M2MB_SSL_SUCCESS 0 /* Generic Success */
35 #define M2MB_SSL_FAILURE -1 /* Generic failure */
36 #define M2MB_SSL_ARG_FAIL -6 /* Failure due to bad function param */
37 #define M2MB_SSL_PLATFORM_FAIL -7 /* Not used */
38 #define M2MB_SSL_MEM_FAIL -8 /* Not used */
39 #define M2MB_SSL_LIMIT_FAIL -9 /* Not used */
40 #define M2MB_SSL_UNSUPPORTED_FAIL -10 /* Not used */
41 #define M2MB_SSL_PROTOCOL_FAIL -12 /* A protocol error occurred */
42 #define M2MB_SSL_TIMEOUT_FAIL -13 /* A timeout occurred and MAY be an error */
43 #define M2MB_SSL_INTERRUPT_FAIL -14 /* An interrupt occurred and MAY be an error */
44 #define M2MB_SSL_WRITE_ERROR -15 /* An error occured while encoding on socket */
45 #define M2MB_SSL_READ_ERROR -16 /* An error occured while decoding from socket */
46 #define M2MB_SSL_END_OF_FILE -17 /* There is no data to read in SSL */
47 #define M2MB_SSL_CLOSE_NOTIFY -18 /* SSL connection has been closed by remote host */
48 #define M2MB_SSL_CERT_AUTH_FAIL -35 /* Authentication fails */
49 #define M2MB_SSL_FULL -50 /* Not used */
50 #define M2MB_SSL_ALERT -54 /* We've decoded an alert */
51 #define M2MB_SSL_FILE_NOT_FOUND -55 /* File not found */
52 
53 #define M2MB_SSL_MAX_CA_LIST 10
54 #define M2MB_SSL_MAX_CIPHERSUITES 8
55 
56 /* Global typedefs ==============================================================================*/
57 
58 typedef HANDLE M2MB_SSL_CTXT_HANDLE;
59 typedef HANDLE M2MB_SSL_CONFIG_HANDLE;
60 typedef uiHANDLE M2MB_SSL_CONNECTION_HANDLE;
61 
62 /* TLS protocol version */
63 typedef enum M2MB_SSL_PROTOCOL_VERSION_E
64 {
65  M2MB_SSL_PROTOCOL_TLS_1_0,
66  M2MB_SSL_PROTOCOL_TLS_1_1,
67  M2MB_SSL_PROTOCOL_TLS_1_2,
68  M2MB_SSL_PROTOCOL_TLS_1_3,
69  M2MB_SSL_PROTOCOL_DTLS_1_0,
70  M2MB_SSL_PROTOCOL_DTLS_1_2,
71  M2MB_SSL_PROTOCOL_TLS /* use highest and allow downgrade */
72 } M2MB_SSL_PROTOCOL_VERSION_E;
73 
74 /* TLS ciphersuites */
75 typedef enum M2MB_SSL_CIPHER_SUITE_E
76 {
77  M2MB_TLS_PSK_WITH_RC4_128_SHA,
78  M2MB_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
79  M2MB_TLS_PSK_WITH_AES_128_CBC_SHA,
80  M2MB_TLS_PSK_WITH_AES_256_CBC_SHA,
81  M2MB_TLS_PSK_WITH_AES_128_GCM_SHA256,
82  M2MB_TLS_PSK_WITH_AES_256_GCM_SHA384,
83  M2MB_TLS_PSK_WITH_AES_128_CBC_SHA256,
84  M2MB_TLS_PSK_WITH_AES_256_CBC_SHA384,
85  M2MB_TLS_RSA_WITH_AES_128_CBC_SHA,
86  M2MB_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
87  M2MB_TLS_RSA_WITH_AES_256_CBC_SHA,
88  M2MB_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
89  M2MB_TLS_RSA_WITH_AES_128_CBC_SHA256,
90  M2MB_TLS_RSA_WITH_AES_256_CBC_SHA256,
91  M2MB_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
92  M2MB_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
93  M2MB_TLS_RSA_WITH_AES_128_GCM_SHA256,
94  M2MB_TLS_RSA_WITH_AES_256_GCM_SHA384,
95  M2MB_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
96  M2MB_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
97  M2MB_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
98  M2MB_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
99  M2MB_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
100  M2MB_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
101  M2MB_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
102  M2MB_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
103  M2MB_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
104  M2MB_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
105  M2MB_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
106  M2MB_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
107  M2MB_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
108  M2MB_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
109  M2MB_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
110  M2MB_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
111  M2MB_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
112  M2MB_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
113  M2MB_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
114  M2MB_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
115  M2MB_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
116  M2MB_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
117  M2MB_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
118  M2MB_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
119  M2MB_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
120  M2MB_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
121  M2MB_TLS_RSA_WITH_AES_128_CCM_8,
122  M2MB_TLS_RSA_WITH_AES_256_CCM_8,
123  M2MB_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
124  M2MB_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
125  M2MB_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
126 
127  /* Additional Cipher Suites TLS v1.3*/
128  M2MB_TLS_AES_128_GCM_SHA256,
129  M2MB_TLS_AES_256_GCM_SHA384,
130  M2MB_TLS_CHACHA20_POLY1305_SHA256,
131  M2MB_TLS_AES_128_CCM_SHA256,
132  M2MB_TLS_AES_128_CCM_8_SHA256,
133 
134  /* Additional PSK Cipher Suites */
135  M2MB_TLS_PSK_WITH_AES_128_CCM_8,
136  M2MB_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
137  M2MB_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
138 } M2MB_SSL_CIPHER_SUITE_E;
139 
140 typedef enum M2MB_SSL_CERT_TYPE_E
141 {
142  M2MB_SSL_CACERT, /* root CA certificate to authenticate the server */
143  M2MB_SSL_CERT, /* client certificate and private key in case of client authentication */
144  M2MB_SSL_PSKTABLE /* PSK table in case of DTLS */
145 } M2MB_SSL_CERT_TYPE_E;
146 
147 typedef struct M2MB_SSL_PSK_TABLE_T
148 {
149  UINT32 psk_Size;
151  UINT8 *psk_Buf;
153 } M2MB_SSL_PSK_TABLE_T;
154 
155 typedef struct M2MB_SSL_CERT_T
156 {
157  UINT8 *cert_Buf;
159  UINT32 cert_Size;
161  UINT8 *key_Buf;
163  UINT32 key_Size;
165  UINT8 *pass_Key;
167 } M2MB_SSL_CERT_T;
168 
169 typedef struct M2MB_SSL_CA_INFO_T
170 {
171  UINT8 *ca_Buf;
173  UINT32 ca_Size;
175 } M2MB_SSL_CA_INFO_T;
176 
177 typedef struct M2MB_SSL_CA_LIST_T
178 {
179  UINT32 ca_Cnt;
181  M2MB_SSL_CA_INFO_T *ca_Info[M2MB_SSL_MAX_CA_LIST];
183 } M2MB_SSL_CA_LIST_T;
184 
185 typedef union
186 {
187  M2MB_SSL_CERT_T cert; /* client certificate and key */
188  M2MB_SSL_CA_LIST_T ca_List; /* CA list in case of server auth */
189  M2MB_SSL_PSK_TABLE_T psk_Tbl; /* PSK table */
190 } M2MB_SSL_SEC_INFO_U;
191 
192 typedef enum M2MB_SSL_AUTH_TYPE_E
193 {
194  M2MB_SSL_NO_AUTH,
195  M2MB_SSL_SERVER_AUTH,
196  M2MB_SSL_SERVER_CLIENT_AUTH
197 } M2MB_SSL_AUTH_TYPE_E;
198 
199 typedef struct M2MB_SSL_CONFIG_T
200 {
201  M2MB_SSL_PROTOCOL_VERSION_E ProtVers; /* SSL TLS protocol version */
202  M2MB_SSL_AUTH_TYPE_E AuthType; /* SSL TLS auth type */
203  M2MB_SSL_CIPHER_SUITE_E *CipherSuites; /* ciphersuites set */
204  UINT8 CipherSuitesNum; /* note: max 8 allowed */
205 } M2MB_SSL_CONFIG_T;
206 
207 typedef enum
208 {
209  M2MB_SSL_NAME_CHECK = 0,
210  M2MB_SSL_NAME_SNI = 1,
211  M2MB_SSL_DTLS_SET_SOCKET_NAME = 2,
212  M2MB_SSL_CONNECT_TIMEOUT = 3,
213  ENUM_TO_INT( M2MB_SSL_CONF_REQUEST_E )
214 } M2MB_SSL_CONF_REQUEST_E;
215 
216 /* Global functions =============================================================================*/
217 
218 /*-----------------------------------------------------------------------------------------------*/
219 
252 /*-----------------------------------------------------------------------------------------------*/
253 M2MB_SSL_CTXT_HANDLE m2mb_ssl_create_ctxt( void );
254 
255 /*-----------------------------------------------------------------------------------------------*/
307 /*-----------------------------------------------------------------------------------------------*/
308 M2MB_SSL_CONFIG_HANDLE m2mb_ssl_create_config( M2MB_SSL_CONFIG_T sslConfig, INT32 *result );
309 
366 /*-----------------------------------------------------------------------------------------------*/
367 INT32 m2mb_ssl_delete_config( M2MB_SSL_CONFIG_HANDLE sslConfigHndl );
368 
497 /*-----------------------------------------------------------------------------------------------*/
498 M2MB_SSL_CONNECTION_HANDLE m2mb_ssl_secure_socket( M2MB_SSL_CONFIG_HANDLE sslConfigHndl, M2MB_SSL_CTXT_HANDLE sslCtxtHndl, M2MB_SOCKET_BSD_SOCKET socket_fd, INT32 *result );
499 
535 /*-----------------------------------------------------------------------------------------------*/
536 INT32 m2mb_ssl_connect( M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle );
537 
583 /*-----------------------------------------------------------------------------------------------*/
584 INT32 m2mb_ssl_write( M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle, void *buf, UINT32 len );
585 
628 /*-----------------------------------------------------------------------------------------------*/
629 INT32 m2mb_ssl_read( M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle, void *buf, UINT32 len );
630 
666 /*-----------------------------------------------------------------------------------------------*/
667 INT32 m2mb_ssl_shutdown( M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle );
668 
749 /*-----------------------------------------------------------------------------------------------*/
750 INT32 m2mb_ssl_cert_store( M2MB_SSL_CERT_TYPE_E sslCertType, M2MB_SSL_SEC_INFO_U sslSecInfo, CHAR *name );
751 
789 /*-----------------------------------------------------------------------------------------------*/
790 
791 INT32 m2mb_ssl_cert_load( M2MB_SSL_CTXT_HANDLE sslCtxtHndl, M2MB_SSL_CERT_TYPE_E sslCertType, CHAR *name );
792 
829 /*-----------------------------------------------------------------------------------------------*/
830 INT32 m2mb_ssl_cert_delete( M2MB_SSL_CERT_TYPE_E sslCertType, CHAR *name );
831 
855 /*-----------------------------------------------------------------------------------------------*/
856 void m2mb_ssl_delete_ctxt( M2MB_SSL_CTXT_HANDLE sslCtxtHndl );
857 
916 /*-----------------------------------------------------------------------------------------------*/
917 INT32 m2mb_ssl_config( M2MB_SSL_CONFIG_HANDLE sslConfigHndl, INT32 cmd, void *argp );
918 
957 /*-----------------------------------------------------------------------------------------------*/
958 INT32 m2mb_ssl_get_pending_bytes( M2MB_SOCKET_BSD_SOCKET socket_fd, M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle );
959 
960 
961 #endif /* M2M_M2MB_SSL_H */
M2MB_SSL_CERT_T::pass_Key
UINT8 * pass_Key
Definition: m2mb_ssl.h:165
M2MB_SSL_SEC_INFO_U
Definition: m2mb_ssl.h:185
m2mb_ssl_delete_config
INT32 m2mb_ssl_delete_config(M2MB_SSL_CONFIG_HANDLE sslConfigHndl)
deletes an SSL TLS configuration
M2MB_SSL_CA_INFO_T::ca_Size
UINT32 ca_Size
Definition: m2mb_ssl.h:173
M2MB_SSL_CERT_T::cert_Size
UINT32 cert_Size
Definition: m2mb_ssl.h:159
M2MB_SSL_CERT_T::key_Buf
UINT8 * key_Buf
Definition: m2mb_ssl.h:161
m2mb_ssl_secure_socket
M2MB_SSL_CONNECTION_HANDLE m2mb_ssl_secure_socket(M2MB_SSL_CONFIG_HANDLE sslConfigHndl, M2MB_SSL_CTXT_HANDLE sslCtxtHndl, M2MB_SOCKET_BSD_SOCKET socket_fd, INT32 *result)
creates secure socket connection
M2MB_SSL_CERT_T
Definition: m2mb_ssl.h:155
m2mb_ssl_shutdown
INT32 m2mb_ssl_shutdown(M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle)
shutdown SSL TLS connection
M2MB_SSL_CERT_T::cert_Buf
UINT8 * cert_Buf
Definition: m2mb_ssl.h:157
m2mb_ssl_create_config
M2MB_SSL_CONFIG_HANDLE m2mb_ssl_create_config(M2MB_SSL_CONFIG_T sslConfig, INT32 *result)
creates an SSL TLS configuration
m2mb_ssl_get_pending_bytes
INT32 m2mb_ssl_get_pending_bytes(M2MB_SOCKET_BSD_SOCKET socket_fd, M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle)
to get pending bytes.
M2MB_SSL_PSK_TABLE_T
Definition: m2mb_ssl.h:147
M2MB_SSL_PSK_TABLE_T::psk_Buf
UINT8 * psk_Buf
Definition: m2mb_ssl.h:151
m2mb_ssl_cert_load
INT32 m2mb_ssl_cert_load(M2MB_SSL_CTXT_HANDLE sslCtxtHndl, M2MB_SSL_CERT_TYPE_E sslCertType, CHAR *name)
load certificates in the SSL context
m2mb_ssl_create_ctxt
M2MB_SSL_CTXT_HANDLE m2mb_ssl_create_ctxt(void)
creates SSL TLS context
M2MB_SSL_CERT_T::key_Size
UINT32 key_Size
Definition: m2mb_ssl.h:163
M2MB_SSL_CA_LIST_T::ca_Info
M2MB_SSL_CA_INFO_T * ca_Info[M2MB_SSL_MAX_CA_LIST]
Definition: m2mb_ssl.h:181
M2MB_SSL_CA_LIST_T::ca_Cnt
UINT32 ca_Cnt
Definition: m2mb_ssl.h:179
m2mb_ssl_write
INT32 m2mb_ssl_write(M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle, void *buf, UINT32 len)
writes len bytes from buf into sslConnectionHandle SSL TLS connection
M2MB_SSL_CA_INFO_T
Definition: m2mb_ssl.h:169
m2mb_ssl_config
INT32 m2mb_ssl_config(M2MB_SSL_CONFIG_HANDLE sslConfigHndl, INT32 cmd, void *argp)
to configure SSL parameters
m2mb_ssl_cert_delete
INT32 m2mb_ssl_cert_delete(M2MB_SSL_CERT_TYPE_E sslCertType, CHAR *name)
delete certificates
m2mb_ssl_read
INT32 m2mb_ssl_read(M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle, void *buf, UINT32 len)
read len bytes from sslConnectionHandle SSL TLS connection into buf
m2mb_ssl_cert_store
INT32 m2mb_ssl_cert_store(M2MB_SSL_CERT_TYPE_E sslCertType, M2MB_SSL_SEC_INFO_U sslSecInfo, CHAR *name)
store certificates from buffer
M2MB_SSL_CONFIG_T
Definition: m2mb_ssl.h:199
M2MB_SSL_CA_INFO_T::ca_Buf
UINT8 * ca_Buf
Definition: m2mb_ssl.h:171
m2mb_ssl_delete_ctxt
void m2mb_ssl_delete_ctxt(M2MB_SSL_CTXT_HANDLE sslCtxtHndl)
delete context
M2MB_SSL_CA_LIST_T
Definition: m2mb_ssl.h:177
M2MB_SSL_PSK_TABLE_T::psk_Size
UINT32 psk_Size
Definition: m2mb_ssl.h:149
m2mb_ssl_connect
INT32 m2mb_ssl_connect(M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle)
performs SSL TLS connection