m2mb API docs  30.00.007
m2mb API sets documentation
m2mb_ssl.h
Go to the documentation of this file.
1 /*===============================================================================================*/
2 /* >>> Copyright (C) Telit Communications S.p.A. Italy All Rights Reserved. <<< */
27 #ifndef M2M_M2MB_SSL_H
28 #define M2M_M2MB_SSL_H
29 
30 /* Global declarations ==========================================================================*/
31 
32 /* Failure return codes MUST be < 0 */
33 #define M2MB_SSL_SUCCESS 0 /* Generic Success */
34 #define M2MB_SSL_FAILURE -1 /* Generic failure */
35 #define M2MB_SSL_ARG_FAIL -6 /* Failure due to bad function param */
36 #define M2MB_SSL_PLATFORM_FAIL -7 /* Not used */
37 #define M2MB_SSL_MEM_FAIL -8 /* Not used */
38 #define M2MB_SSL_LIMIT_FAIL -9 /* Not used */
39 #define M2MB_SSL_UNSUPPORTED_FAIL -10 /* Not used */
40 #define M2MB_SSL_PROTOCOL_FAIL -12 /* A protocol error occurred */
41 #define M2MB_SSL_TIMEOUT_FAIL -13 /* A timeout occurred and MAY be an error */
42 #define M2MB_SSL_INTERRUPT_FAIL -14 /* An interrupt occurred and MAY be an error */
43 #define M2MB_SSL_WRITE_ERROR -15 /* An error occured while encoding on socket */
44 #define M2MB_SSL_READ_ERROR -16 /* An error occured while decoding from socket */
45 #define M2MB_SSL_END_OF_FILE -17 /* Ther's no data to read in SSL */
46 #define M2MB_SSL_CLOSE_NOTIFY -18 /* SSL connection has been closed by remote host */
47 #define M2MB_SSL_CERT_AUTH_FAIL -35 /* Authentication fails */
48 #define M2MB_SSL_FULL -50 /* Not used */
49 #define M2MB_SSL_ALERT -54 /* We've decoded an alert */
50 #define M2MB_SSL_FILE_NOT_FOUND -55 /* File not found */
51 
52 #define M2MB_SSL_FALSE 0 /* FALSE */
53 #define M2MB__SSL_TRUE 1 /* TRUE */
54 
55 #define M2MB_SSL_MAX_CA_LIST 10
56 #define M2MB_SSL_MAX_CIPHERSUITES 8
57 
58 #define M2MB_QC_NOT_VALID_CIPHER 0
59 
60 /* Global typedefs ==============================================================================*/
61 
62 typedef HANDLE M2MB_SSL_CTXT_HANDLE;
63 typedef HANDLE M2MB_SSL_CONFIG_HANDLE;
64 typedef uiHANDLE M2MB_SSL_CONNECTION_HANDLE;
65 
66 /* TLS protocol version */
67 typedef enum M2MB_SSL_PROTOCOL_VERSION_E
68 {
69  M2MB_SSL_PROTOCOL_TLS_1_0,
70  M2MB_SSL_PROTOCOL_TLS_1_1,
71  M2MB_SSL_PROTOCOL_TLS_1_2,
72  M2MB_SSL_PROTOCOL_TLS_1_3,
73  M2MB_SSL_PROTOCOL_DTLS_1_0,
74  M2MB_SSL_PROTOCOL_DTLS_1_2,
75  M2MB_SSL_PROTOCOL_TLS /* use highest and allow downgrade */
76 } M2MB_SSL_PROTOCOL_VERSION_E;
77 
78 /* TLS ciphersuites */
79 typedef enum M2MB_SSL_CIPHER_SUITE_E
80 {
81  M2MB_TLS_PSK_WITH_RC4_128_SHA,
82  M2MB_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
83  M2MB_TLS_PSK_WITH_AES_128_CBC_SHA,
84  M2MB_TLS_PSK_WITH_AES_256_CBC_SHA,
85  M2MB_TLS_PSK_WITH_AES_128_GCM_SHA256,
86  M2MB_TLS_PSK_WITH_AES_256_GCM_SHA384,
87  M2MB_TLS_PSK_WITH_AES_128_CBC_SHA256,
88  M2MB_TLS_PSK_WITH_AES_256_CBC_SHA384,
89  M2MB_TLS_RSA_WITH_AES_128_CBC_SHA,
90  M2MB_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
91  M2MB_TLS_RSA_WITH_AES_256_CBC_SHA,
92  M2MB_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
93  M2MB_TLS_RSA_WITH_AES_128_CBC_SHA256,
94  M2MB_TLS_RSA_WITH_AES_256_CBC_SHA256,
95  M2MB_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
96  M2MB_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
97  M2MB_TLS_RSA_WITH_AES_128_GCM_SHA256,
98  M2MB_TLS_RSA_WITH_AES_256_GCM_SHA384,
99  M2MB_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
100  M2MB_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
101  M2MB_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
102  M2MB_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
103  M2MB_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
104  M2MB_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
105  M2MB_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
106  M2MB_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
107  M2MB_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
108  M2MB_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
109  M2MB_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
110  M2MB_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
111  M2MB_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
112  M2MB_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
113  M2MB_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
114  M2MB_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
115  M2MB_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
116  M2MB_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
117  M2MB_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
118  M2MB_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
119  M2MB_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
120  M2MB_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
121  M2MB_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
122  M2MB_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
123  M2MB_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
124  M2MB_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
125  M2MB_TLS_RSA_WITH_AES_128_CCM,
126  M2MB_TLS_RSA_WITH_AES_256_CCM,
127  M2MB_TLS_DHE_RSA_WITH_AES_128_CCM,
128  M2MB_TLS_DHE_RSA_WITH_AES_256_CCM,
129  M2MB_TLS_RSA_WITH_AES_128_CCM_8,
130  M2MB_TLS_RSA_WITH_AES_256_CCM_8,
131  M2MB_TLS_DHE_RSA_WITH_AES_128_CCM_8,
132  M2MB_TLS_DHE_RSA_WITH_AES_256_CCM_8,
133  M2MB_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
134  M2MB_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
135  M2MB_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
136 
137  /* Additional Cipher Suites TLS v1.3*/
138  M2MB_TLS_AES_128_GCM_SHA256,
139  M2MB_TLS_AES_256_GCM_SHA384,
140  M2MB_TLS_CHACHA20_POLY1305_SHA256,
141  M2MB_TLS_AES_128_CCM_SHA256,
142  M2MB_TLS_AES_128_CCM_8_SHA256,
143 } M2MB_SSL_CIPHER_SUITE_E;
144 
145 typedef enum M2MB_SSL_CERT_TYPE_E
146 {
147  M2MB_SSL_CACERT, /* root CA certificate to authenticate the server */
148  M2MB_SSL_CERT, /* client certificate and private key in case of client authentication */
149  M2MB_SSL_PSKTABLE /* PSK table in case of DTLS */
150 } M2MB_SSL_CERT_TYPE_E;
151 
152 typedef struct M2MB_SSL_PSK_TABLE_T
153 {
154  UINT32 psk_Size;
156  UINT8 *psk_Buf;
158 } M2MB_SSL_PSK_TABLE_T;
159 
160 typedef struct M2MB_SSL_CERT_T
161 {
162  UINT8 *cert_Buf;
164  UINT32 cert_Size;
166  UINT8 *key_Buf;
168  UINT32 key_Size;
170  UINT8 *pass_Key;
172 } M2MB_SSL_CERT_T;
173 
174 typedef struct M2MB_SSL_CA_INFO_T
175 {
176  UINT8 *ca_Buf;
178  UINT32 ca_Size;
180 } M2MB_SSL_CA_INFO_T;
181 
182 typedef struct M2MB_SSL_CA_LIST_T
183 {
184  UINT32 ca_Cnt;
186  M2MB_SSL_CA_INFO_T *ca_Info[M2MB_SSL_MAX_CA_LIST];
188 } M2MB_SSL_CA_LIST_T;
189 
190 typedef union
191 {
192  M2MB_SSL_CERT_T cert; /* client certificate and key */
193  M2MB_SSL_CA_LIST_T ca_List; /* CA list in case of server auth */
194  M2MB_SSL_PSK_TABLE_T psk_Tbl; /* PSK table */
195 } M2MB_SSL_SEC_INFO_U;
196 
197 typedef enum M2MB_SSL_AUTH_TYPE_E
198 {
199  M2MB_SSL_NO_AUTH,
200  M2MB_SSL_SERVER_AUTH,
201  M2MB_SSL_SERVER_CLIENT_AUTH
202 } M2MB_SSL_AUTH_TYPE_E;
203 
204 typedef struct M2MB_SSL_CONFIG_T
205 {
206  M2MB_SSL_PROTOCOL_VERSION_E ProtVers; /* SSL TLS protocol version */
207  M2MB_SSL_AUTH_TYPE_E AuthType; /* SSL TLS auth type */
208  M2MB_SSL_CIPHER_SUITE_E *CipherSuites; /* ciphersuites set */
209  UINT8 CipherSuitesNum; /* note: max 8 allowed */
210 } M2MB_SSL_CONFIG_T;
211 
212 typedef enum
213 {
214  M2MB_SSL_NAME_CHECK = 0,
215  M2MB_SSL_NAME_SNI = 1,
216  M2MB_SSL_DTLS_SET_SOCKET_NAME = 2,
217  ENUM_TO_INT( M2MB_SSL_CONF_REQUEST_E )
218 } M2MB_SSL_CONF_REQUEST_E;
219 
220 /* Global functions =============================================================================*/
221 
222 /*-----------------------------------------------------------------------------------------------*/
223 
255 /*-----------------------------------------------------------------------------------------------*/
256 M2MB_SSL_CTXT_HANDLE m2mb_ssl_create_ctxt( void );
257 
258 /*-----------------------------------------------------------------------------------------------*/
309 /*-----------------------------------------------------------------------------------------------*/
310 M2MB_SSL_CONFIG_HANDLE m2mb_ssl_create_config( M2MB_SSL_CONFIG_T sslConfig, INT32 *result );
311 
368 /*-----------------------------------------------------------------------------------------------*/
369 INT32 m2mb_ssl_delete_config( M2MB_SSL_CONFIG_HANDLE sslConfigHndl );
370 
494 /*-----------------------------------------------------------------------------------------------*/
495 M2MB_SSL_CONNECTION_HANDLE m2mb_ssl_secure_socket( M2MB_SSL_CONFIG_HANDLE sslConfigHndl, M2MB_SSL_CTXT_HANDLE sslCtxtHndl, M2MB_SOCKET_BSD_SOCKET socket_fd, INT32 *result );
496 
531 /*-----------------------------------------------------------------------------------------------*/
532 INT32 m2mb_ssl_connect( M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle );
533 
578 /*-----------------------------------------------------------------------------------------------*/
579 INT32 m2mb_ssl_write( M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle, void *buf, UINT32 len );
580 
622 /*-----------------------------------------------------------------------------------------------*/
623 INT32 m2mb_ssl_read( M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle, void *buf, UINT32 len );
624 
659 /*-----------------------------------------------------------------------------------------------*/
660 INT32 m2mb_ssl_shutdown( M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle );
661 
741 /*-----------------------------------------------------------------------------------------------*/
742 INT32 m2mb_ssl_cert_store( M2MB_SSL_CERT_TYPE_E sslCertType, M2MB_SSL_SEC_INFO_U sslSecInfo, CHAR *name );
743 
779 /*-----------------------------------------------------------------------------------------------*/
780 
781 INT32 m2mb_ssl_cert_load( M2MB_SSL_CTXT_HANDLE sslCtxtHndl, M2MB_SSL_CERT_TYPE_E sslCertType, CHAR *name );
782 
818 /*-----------------------------------------------------------------------------------------------*/
819 INT32 m2mb_ssl_cert_delete( M2MB_SSL_CERT_TYPE_E sslCertType, CHAR *name );
820 
844 /*-----------------------------------------------------------------------------------------------*/
845 void m2mb_ssl_delete_ctxt( M2MB_SSL_CTXT_HANDLE sslCtxtHndl );
846 
899 /*-----------------------------------------------------------------------------------------------*/
900 INT32 m2mb_ssl_config( M2MB_SSL_CONFIG_HANDLE sslConfigHndl, INT32 cmd, void *argp );
901 
902 
903 #endif /* M2M_M2MB_SSL_H */
M2MB_SSL_CERT_T::key_Buf
UINT8 * key_Buf
Definition: m2mb_ssl.h:166
M2MB_SSL_SEC_INFO_U
Definition: m2mb_ssl.h:190
m2mb_ssl_delete_config
INT32 m2mb_ssl_delete_config(M2MB_SSL_CONFIG_HANDLE sslConfigHndl)
deletes an SSL TLS configuration
m2mb_ssl_secure_socket
M2MB_SSL_CONNECTION_HANDLE m2mb_ssl_secure_socket(M2MB_SSL_CONFIG_HANDLE sslConfigHndl, M2MB_SSL_CTXT_HANDLE sslCtxtHndl, M2MB_SOCKET_BSD_SOCKET socket_fd, INT32 *result)
creates secure socket connection
M2MB_SSL_CERT_T
Definition: m2mb_ssl.h:160
m2mb_ssl_shutdown
INT32 m2mb_ssl_shutdown(M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle)
shutdown SSL TLS connection
m2mb_ssl_create_config
M2MB_SSL_CONFIG_HANDLE m2mb_ssl_create_config(M2MB_SSL_CONFIG_T sslConfig, INT32 *result)
creates an SSL TLS configuration
M2MB_SSL_CERT_T::key_Size
UINT32 key_Size
Definition: m2mb_ssl.h:168
M2MB_SSL_PSK_TABLE_T
Definition: m2mb_ssl.h:152
M2MB_SSL_CA_INFO_T::ca_Buf
UINT8 * ca_Buf
Definition: m2mb_ssl.h:176
M2MB_SSL_CERT_T::cert_Buf
UINT8 * cert_Buf
Definition: m2mb_ssl.h:162
m2mb_ssl_cert_load
INT32 m2mb_ssl_cert_load(M2MB_SSL_CTXT_HANDLE sslCtxtHndl, M2MB_SSL_CERT_TYPE_E sslCertType, CHAR *name)
load certificates in the SSL context
m2mb_ssl_create_ctxt
M2MB_SSL_CTXT_HANDLE m2mb_ssl_create_ctxt(void)
creates SSL TLS context
M2MB_SSL_CERT_T::cert_Size
UINT32 cert_Size
Definition: m2mb_ssl.h:164
M2MB_SSL_PSK_TABLE_T::psk_Buf
UINT8 * psk_Buf
Definition: m2mb_ssl.h:156
m2mb_ssl_write
INT32 m2mb_ssl_write(M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle, void *buf, UINT32 len)
writes len bytes from buf into sslConnectionHandle SSL TLS connection
M2MB_SSL_CA_INFO_T::ca_Size
UINT32 ca_Size
Definition: m2mb_ssl.h:178
M2MB_SSL_CA_LIST_T::ca_Info
M2MB_SSL_CA_INFO_T * ca_Info[M2MB_SSL_MAX_CA_LIST]
Definition: m2mb_ssl.h:186
M2MB_SSL_CA_INFO_T
Definition: m2mb_ssl.h:174
M2MB_SSL_CERT_T::pass_Key
UINT8 * pass_Key
Definition: m2mb_ssl.h:170
M2MB_SSL_PSK_TABLE_T::psk_Size
UINT32 psk_Size
Definition: m2mb_ssl.h:154
m2mb_ssl_config
INT32 m2mb_ssl_config(M2MB_SSL_CONFIG_HANDLE sslConfigHndl, INT32 cmd, void *argp)
to configure the paramaters
m2mb_ssl_cert_delete
INT32 m2mb_ssl_cert_delete(M2MB_SSL_CERT_TYPE_E sslCertType, CHAR *name)
delete certificates
m2mb_ssl_read
INT32 m2mb_ssl_read(M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle, void *buf, UINT32 len)
read len bytes from sslConnectionHandle SSL TLS connection into buf
m2mb_ssl_cert_store
INT32 m2mb_ssl_cert_store(M2MB_SSL_CERT_TYPE_E sslCertType, M2MB_SSL_SEC_INFO_U sslSecInfo, CHAR *name)
store certificates from buffer
M2MB_SSL_CONFIG_T
Definition: m2mb_ssl.h:204
m2mb_ssl_delete_ctxt
void m2mb_ssl_delete_ctxt(M2MB_SSL_CTXT_HANDLE sslCtxtHndl)
delete context
M2MB_SSL_CA_LIST_T
Definition: m2mb_ssl.h:182
M2MB_SSL_CA_LIST_T::ca_Cnt
UINT32 ca_Cnt
Definition: m2mb_ssl.h:184
m2mb_ssl_connect
INT32 m2mb_ssl_connect(M2MB_SSL_CONNECTION_HANDLE sslConnectionHandle)
performs SSL TLS connection