WE310F5  39.00.000
m2mb_ssl.h
Go to the documentation of this file.
1 /*===============================================================================================*/
2 /* >>> Copyright (C) Telit Communications S.p.A. Italy All Rights Reserved. <<< */
28 /* Global declarations ==========================================================================*/
29 #ifndef M2MB_SSL_H_
30 #define M2MB_SSL_H_
31 
32 #ifdef __cplusplus
33 extern "C" {
34 #endif
35 
36 
93 /*-----------------------------------------------------------------------------------------------*/
94 
99 /*-----------------------------------------------------------------------------------------------*/
100 
101 #define M2MB_SSL_INVALID_HANDLE (0)
102 #define M2MB_SSL_MAX_CIPHER_COUNT 54
103 #define M2MB_SSL_MAX_CERT_NAME_LEN 64
104 #define M2MB_SSL_MAX_SNI_NAME_LEN (64)
105 #define M2MB_SSL_CIPHER_MAX 0x003FFFFFFFFFFFFF
106 #define M2MB_MAX_CERTS 10
107 #define M2MB_SSL_MAX_CA_LIST 10
116 typedef enum M2MB_SSL_PROTOCOL_VERSION_E
117 {
118  M2MB_SSL_PROTOCOL_TLS_1_0,
119  M2MB_SSL_PROTOCOL_TLS_1_1,
120  M2MB_SSL_PROTOCOL_TLS_1_2,
121  M2MB_SSL_PROTOCOL_DTLS_1_0,
122  M2MB_SSL_PROTOCOL_DTLS_1_2,
123  M2MB_SSL_PROTOCOL_VER_MAX
124 } M2MB_SSL_PROTOCOL_VERSION_E;
125 
126 typedef enum M2MB_SSL_CONF_ID
127 {
128  M2MB_SSL_CONF_INVALID = 0,
129  M2MB_SSL_CONF_PROTOCOL = 1,
130  M2MB_SSL_CONF_CACERT = 2,
131  M2MB_SSL_CONF_CERT = 3,
132  M2MB_SSL_CONF_CIPHER = 4,
133  M2MB_SSL_CONF_TX_MAX_FRAG_LEN = 5,
134  M2MB_SSL_CONF_SNI = 6,
135  M2MB_SSL_CONF_DOMAIN = 7,
136  M2MB_SSL_CONF_MAX_FRAG_LEN = 8,
137  M2MB_SSL_CONF_SERVER_AUTH = 9,
138  M2MB_SSL_CONF_TIME_VALIDATE = 10,
139  M2MB_SSL_CONF_GET_PEEK = 11,
140  M2MB_SSL_CONF_GET_CONN_STATUS = 12,
141  M2MB_SSL_CONF_GET_CERT_LOAD_STATUS = 13,
142  M2MB_SSL_CONF_GET_CA_CERT_LOAD_STATUS = 14
143 }M2MB_SSL_CONF_ID_E;
144 
145 typedef union M2MB_SSL_CONF_PARAMS{
146  M2MB_SSL_PROTOCOL_VERSION_E protocol;
147  UINT8* cacert;
148  UINT8* cert;
149  UINT64 cipher;
150  UINT8 tx_max_frag_len;
151  UINT8* sni;
152  UINT8* domain;
153  UINT8 max_frag_len;
154  UINT8 serverAuthEn;
155  UINT8 timeValidateEn;
156  INT32 peekBytes;
157  UINT8 connStatus;
158  UINT8 certLoadStatus;
159  UINT8 caCertLoadStatus;
160 }M2MB_SSL_CONF_PARAMS_T;
161 /* Global typedefs ==============================================================================*/
162 
165 typedef HANDLE M2MB_SSL_CTXT_HANDLE;
166 
167 
169 typedef enum M2MB_SSL_CIPHER_SUITE_E
170 {
171  M2MB_TLS_PSK_WITH_RC4_128_SHA,
172  M2MB_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
173  M2MB_TLS_PSK_WITH_AES_128_CBC_SHA,
174  M2MB_TLS_PSK_WITH_AES_256_CBC_SHA,
175  M2MB_TLS_PSK_WITH_AES_128_GCM_SHA256,
176  M2MB_TLS_PSK_WITH_AES_256_GCM_SHA384,
177  M2MB_TLS_PSK_WITH_AES_128_CBC_SHA256,
178  M2MB_TLS_PSK_WITH_AES_256_CBC_SHA384,
179  M2MB_TLS_RSA_WITH_AES_128_CBC_SHA,
180  M2MB_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
181  M2MB_TLS_RSA_WITH_AES_256_CBC_SHA,
182  M2MB_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
183  M2MB_TLS_RSA_WITH_AES_128_CBC_SHA256,
184  M2MB_TLS_RSA_WITH_AES_256_CBC_SHA256,
185  M2MB_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
186  M2MB_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
187  M2MB_TLS_RSA_WITH_AES_128_GCM_SHA256,
188  M2MB_TLS_RSA_WITH_AES_256_GCM_SHA384,
189  M2MB_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
190  M2MB_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
191  M2MB_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
192  M2MB_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
193  M2MB_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
194  M2MB_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
195  M2MB_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
196  M2MB_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
197  M2MB_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
198  M2MB_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
199  M2MB_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
200  M2MB_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
201  M2MB_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
202  M2MB_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
203  M2MB_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
204  M2MB_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
205  M2MB_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
206  M2MB_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
207  M2MB_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
208  M2MB_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
209  M2MB_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
210  M2MB_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
211  M2MB_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
212  M2MB_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
213  M2MB_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
214  M2MB_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
215  M2MB_TLS_RSA_WITH_AES_128_CCM,
216  M2MB_TLS_RSA_WITH_AES_256_CCM,
217  M2MB_TLS_DHE_RSA_WITH_AES_128_CCM,
218  M2MB_TLS_DHE_RSA_WITH_AES_256_CCM,
219  M2MB_TLS_RSA_WITH_AES_128_CCM_8,
220  M2MB_TLS_RSA_WITH_AES_256_CCM_8,
221  M2MB_TLS_DHE_RSA_WITH_AES_128_CCM_8,
222  M2MB_TLS_DHE_RSA_WITH_AES_256_CCM_8,
223  M2MB_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
224  M2MB_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
225  M2MB_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
226 } M2MB_SSL_CIPHER_SUITE_E;
227 
228 
230 typedef enum M2MB_SSL_AUTH_TYPE_E
231 {
232  M2MB_SSL_AUTH_NONE,
233  M2MB_SSL_AUTH_REQUIRED,
234  M2MB_SSL_AUTH_OPTIONAL,
235 } M2MB_SSL_AUTH_TYPE_E;
236 
238 typedef enum M2MB_SSL_SSL_ROLE_E
239 {
240  M2MB_SSL_SSL_ROLE_SERVER_E = 0,
241  M2MB_SSL_SSL_ROLE_CLIENT_E = 1
242 } M2MB_SSL_SSL_ROLE_E;
243 
244 typedef struct M2MB_SSL_OPEN_PARAMS
245 {
246  M2MB_SSL_SSL_ROLE_E role;
247 }M2MB_SSL_OPEN_PARAMS_T;
248 
249 
251 typedef struct M2MB_SSL_CONFIG_VERIFY_POLICY
252 {
253  UINT8 domain ;
256  UINT8 time_Validity ;
259  UINT8 send_Alert ;
262  UINT8 match_Name[M2MB_SSL_MAX_CERT_NAME_LEN];
266  M2MB_SSL_AUTH_TYPE_E authType ;
267 } M2MB_SSL_CONFIG_VERIFY_POLICY_T;
268 
269 
271 typedef struct M2MB_SSL_CONFIG
272 {
273  M2MB_SSL_PROTOCOL_VERSION_E ProtVers ;
276  M2MB_SSL_CIPHER_SUITE_E CipherSuites[M2MB_SSL_MAX_CIPHER_COUNT];
279  UINT8 CipherSuitesNum;
280 
281  UINT16 max_frag_len;
283  UINT16 max_frag_len_tx;
286  UINT16 max_frag_len_neg_disable;
289  UINT8 send_Alert ;
292  UINT8 sni_name[M2MB_SSL_MAX_SNI_NAME_LEN];
294  uint8_t sni_enabled;
295 
296 
297  M2MB_SSL_CONFIG_VERIFY_POLICY_T policy;
298 } M2MB_SSL_CONFIG_T;
299 
300 
301 
302 
303 /* Global functions =============================================================================*/
304 /* ======================================================================= */
305 
306 
307 /*-----------------------------------------------------------------------------------------------*/
308 
348 /*-----------------------------------------------------------------------------------------------*/
349 
350 M2MB_STATUS_T m2mb_ssl_open( HANDLE *handle, M2MB_SSL_OPEN_PARAMS_T* openParams );
351 
352 
353 /*-----------------------------------------------------------------------------------------------*/
432 /*-----------------------------------------------------------------------------------------------*/
433 M2MB_STATUS_T m2mb_ssl_set_cfg(HANDLE handle, M2MB_SSL_CONF_ID_E conf_id, M2MB_SSL_CONF_PARAMS_T * conf_params);
434 
435 /*-----------------------------------------------------------------------------------------------*/
489 /*-----------------------------------------------------------------------------------------------*/
490 M2MB_STATUS_T m2mb_ssl_get_cfg( HANDLE handle, M2MB_SSL_CONF_ID_E conf_id,
491  M2MB_SSL_CONF_PARAMS_T * conf_params );
492 
493 /*-----------------------------------------------------------------------------------------------*/
494 
535 /*-----------------------------------------------------------------------------------------------*/
536 
537 M2MB_STATUS_T m2mb_ssl_close( HANDLE handle );
538 
539 /*-----------------------------------------------------------------------------------------------*/
540 
606 /*-----------------------------------------------------------------------------------------------*/
607 M2MB_STATUS_T m2mb_ssl_connect( HANDLE handle,M2MB_SOCKET_BSD_SOCKET socket_fd );
608 
609 
682 /*-----------------------------------------------------------------------------------------------*/
683 INT32 m2mb_ssl_write( HANDLE handle, void *buf, UINT32 len );
684 
758 /*-----------------------------------------------------------------------------------------------*/
759 INT32 m2mb_ssl_read( HANDLE handle, void *buf, UINT32 len );
760 
761 /*-----------------------------------------------------------------------------------------------*/
762 
763 
764 
842  /*-----------------------------------------------------------------------------------------------*/
843 
844  M2MB_STATUS_T
845  m2mb_ssl_accept( M2MB_SSL_CTXT_HANDLE sslSvrContextHndl, M2MB_SOCKET_BSD_SOCKET socket_fd,
846  M2MB_SSL_CTXT_HANDLE* sslClientCtxHndl);
847 
851 /*-----------------------------------------------------------------------------------------------*/
852 
853 #ifdef __cplusplus
854 }
855 #endif
856 #endif
857 
M2MB_SSL_CIPHER_SUITE_E
M2MB_SSL_CIPHER_SUITE_E
TLS ciphersuites enum.
Definition: m2mb_ssl.h:169
M2MB_SSL_CONF_ID
M2MB_SSL_CONF_ID
Definition: m2mb_ssl.h:126
M2MB_SSL_CONFIG::send_Alert
UINT8 send_Alert
Definition: m2mb_ssl.h:289
M2MB_SSL_CONFIG::CipherSuites
M2MB_SSL_CIPHER_SUITE_E CipherSuites[M2MB_SSL_MAX_CIPHER_COUNT]
Definition: m2mb_ssl.h:276
m2mb_ssl_set_cfg
M2MB_STATUS_T m2mb_ssl_set_cfg(HANDLE handle, M2MB_SSL_CONF_ID_E conf_id, M2MB_SSL_CONF_PARAMS_T *conf_params)
Set SSL configuration on the previously created SSL context.
UINT8
unsigned char UINT8
Definition: m2mb_types.h:86
M2MB_SSL_PROTOCOL_VERSION_E
M2MB_SSL_PROTOCOL_VERSION_E
SSL protocol SET Configuration enumeration.
Definition: m2mb_ssl.h:116
M2MB_SSL_SSL_ROLE_E
M2MB_SSL_SSL_ROLE_E
SSL object role.
Definition: m2mb_ssl.h:238
M2MB_SSL_CONF_ID_E
enum M2MB_SSL_CONF_ID M2MB_SSL_CONF_ID_E
M2MB_SSL_AUTH_TYPE_E
M2MB_SSL_AUTH_TYPE_E
SSL authentication types enum.
Definition: m2mb_ssl.h:230
M2MB_SSL_MAX_CERT_NAME_LEN
#define M2MB_SSL_MAX_CERT_NAME_LEN
Definition: m2mb_ssl.h:103
M2MB_SSL_OPEN_PARAMS::role
M2MB_SSL_SSL_ROLE_E role
Definition: m2mb_ssl.h:246
M2MB_STATUS_T
INT32 M2MB_STATUS_T
Definition: m2mb_status.h:97
M2MB_SSL_CONFIG_VERIFY_POLICY::authType
M2MB_SSL_AUTH_TYPE_E authType
Definition: m2mb_ssl.h:266
UINT16
unsigned short UINT16
Definition: m2mb_types.h:87
m2mb_ssl_read
INT32 m2mb_ssl_read(HANDLE handle, void *buf, UINT32 len)
Read len bytes from SSL connection into buf.
m2mb_ssl_close
M2MB_STATUS_T m2mb_ssl_close(HANDLE handle)
deletes an m2mb SSL context created during m2mb_ssl_open()
m2mb_ssl_connect
M2MB_STATUS_T m2mb_ssl_connect(HANDLE handle, M2MB_SOCKET_BSD_SOCKET socket_fd)
Performs SSL Client connection.
M2MB_SSL_CONFIG::ProtVers
M2MB_SSL_PROTOCOL_VERSION_E ProtVers
Definition: m2mb_ssl.h:273
M2MB_SSL_OPEN_PARAMS_T
struct M2MB_SSL_OPEN_PARAMS M2MB_SSL_OPEN_PARAMS_T
M2MB_SSL_CONFIG_VERIFY_POLICY_T
struct M2MB_SSL_CONFIG_VERIFY_POLICY M2MB_SSL_CONFIG_VERIFY_POLICY_T
Structure to specify the certificate verification policy.
M2MB_SSL_CONF_PARAMS::protocol
M2MB_SSL_PROTOCOL_VERSION_E protocol
Definition: m2mb_ssl.h:146
M2MB_SSL_CONFIG_T
struct M2MB_SSL_CONFIG M2MB_SSL_CONFIG_T
Structure to configure an SSL connection.
M2MB_SSL_MAX_SNI_NAME_LEN
#define M2MB_SSL_MAX_SNI_NAME_LEN
Definition: m2mb_ssl.h:104
M2MB_SSL_CONFIG::CipherSuitesNum
UINT8 CipherSuitesNum
Definition: m2mb_ssl.h:279
m2mb_ssl_get_cfg
M2MB_STATUS_T m2mb_ssl_get_cfg(HANDLE handle, M2MB_SSL_CONF_ID_E conf_id, M2MB_SSL_CONF_PARAMS_T *conf_params)
Get SSL configuration on the previously created SSL context.
m2mb_ssl_write
INT32 m2mb_ssl_write(HANDLE handle, void *buf, UINT32 len)
Writes data to the SSL connection.
M2MB_SSL_CONFIG::max_frag_len_tx
UINT16 max_frag_len_tx
Definition: m2mb_ssl.h:283
M2MB_SSL_CONFIG
Structure to configure an SSL connection.
Definition: m2mb_ssl.h:271
m2mb_ssl_open
M2MB_STATUS_T m2mb_ssl_open(HANDLE *handle, M2MB_SSL_OPEN_PARAMS_T *openParams)
Initialize SSL TLS context.
M2MB_SSL_CONFIG_VERIFY_POLICY::match_Name
UINT8 match_Name[M2MB_SSL_MAX_CERT_NAME_LEN]
Definition: m2mb_ssl.h:262
M2MB_SSL_MAX_CIPHER_COUNT
#define M2MB_SSL_MAX_CIPHER_COUNT
Definition: m2mb_ssl.h:102
UINT32
unsigned long int UINT32
Definition: m2mb_types.h:88
INT32
signed int INT32
Definition: m2mb_types.h:82
M2MB_SSL_CONFIG::max_frag_len
UINT16 max_frag_len
Definition: m2mb_ssl.h:281
M2MB_SSL_CTXT_HANDLE
HANDLE M2MB_SSL_CTXT_HANDLE
SSL context handle. This is obtained from m2mb_ssl_open API and then used in subsequent SSL APIs...
Definition: m2mb_ssl.h:165
M2MB_SSL_CONFIG::sni_name
UINT8 sni_name[M2MB_SSL_MAX_SNI_NAME_LEN]
Definition: m2mb_ssl.h:292
M2MB_SSL_CONFIG_VERIFY_POLICY
Structure to specify the certificate verification policy.
Definition: m2mb_ssl.h:251
HANDLE
void * HANDLE
Definition: m2mb_types.h:98
UINT64
unsigned long long UINT64
Definition: m2mb_types.h:90
M2MB_SOCKET_BSD_SOCKET
iHANDLE M2MB_SOCKET_BSD_SOCKET
Definition: m2mb_socket.h:267
M2MB_SSL_CONFIG::policy
M2MB_SSL_CONFIG_VERIFY_POLICY_T policy
Definition: m2mb_ssl.h:297
m2mb_ssl_accept
M2MB_STATUS_T m2mb_ssl_accept(M2MB_SSL_CTXT_HANDLE sslSvrContextHndl, M2MB_SOCKET_BSD_SOCKET socket_fd, M2MB_SSL_CTXT_HANDLE *sslClientCtxHndl)
Accepts an incoming SSL connection from the client.
M2MB_SSL_CONFIG::sni_enabled
uint8_t sni_enabled
Definition: m2mb_ssl.h:294
M2MB_SSL_CONF_PARAMS_T
union M2MB_SSL_CONF_PARAMS M2MB_SSL_CONF_PARAMS_T
M2MB_SSL_CONFIG::max_frag_len_neg_disable
UINT16 max_frag_len_neg_disable
Definition: m2mb_ssl.h:286