pal_plat_TLS.h

Go to the documentation of this file.

/*******************************************************************************
 * Copyright 2016, 2017 ARM Ltd.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *******************************************************************************/

#ifndef _PAL_PLAT_TLS_H_
#define _PAL_PLAT_TLS_H_
#include "pal_TLS.h"


/***************************************************/
/**** PAL DTLS internal data structures ************/
/***************************************************/
typedef enum palDTLSSide{
#ifdef PAL_TLS_SUPPORT_SERVER_MODE
    PAL_TLS_IS_SERVER,
#endif // PAL_TLS_SUPPORT_SERVER_MODE
    PAL_TLS_IS_CLIENT
} palDTLSSide_t;

typedef enum palTLSAuthMode{
    PAL_TLS_VERIFY_NONE,        
    PAL_TLS_VERIFY_OPTIONAL,    
    PAL_TLS_VERIFY_REQUIRED     
}palTLSAuthMode_t;

typedef enum palTLSSuites{
    PAL_TLS_PSK_WITH_AES_128_CCM_8,
    PAL_TLS_PSK_WITH_AES_256_CCM_8,
    PAL_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
    PAL_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    PAL_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
    PAL_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
}palTLSSuites_t;

typedef void* palTLSSocketHandle_t;
typedef void* palTimerCtx_t;

// This prototype can be re-defined by the platform side.
// Consider moving them to separate header.
typedef int (*palBIOSend_f)(palTLSSocketHandle_t socket, const unsigned char *buf, size_t len);
typedef int (*palBIORecv_f)(palTLSSocketHandle_t socket, unsigned char *buf, size_t len);
typedef int (*palVerifyCallback_f)(void *, void *, int, uint32_t *);
typedef void (*palSetTimer_f)( void *data, uint32_t intMs, uint32_t finMs );
typedef int (*palGetTimer_f)(void* data);
typedef void (*palLogFunc_f)(void *context, int debugLevel, const char *fileName, int line, const char *message);


palStatus_t pal_plat_initTLSLibrary(void);

palStatus_t pal_plat_cleanupTLS(void);

palStatus_t pal_plat_initTLSConf(palTLSConfHandle_t* confCtx, palTLSTransportMode_t transportVersion, palDTLSSide_t methodType);

palStatus_t pal_plat_tlsConfigurationFree(palTLSConfHandle_t* palTLSConf);

palStatus_t pal_plat_initTLS(palTLSConfHandle_t palTLSConf, palTLSHandle_t* palTLSHandle);

palStatus_t pal_plat_freeTLS(palTLSHandle_t* palTLSHandle);

palStatus_t pal_plat_addEntropySource(palEntropySource_f entropyCallback);

palStatus_t pal_plat_setCipherSuites(palTLSConfHandle_t sslConf, palTLSSuites_t palSuite);

palStatus_t pal_plat_sslGetVerifyResultExtended(palTLSHandle_t palTLSHandle, int32_t* verifyResult);

palStatus_t pal_plat_sslRead(palTLSHandle_t palTLSHandle, void *buffer, uint32_t len, uint32_t* actualLen);

palStatus_t pal_plat_sslWrite(palTLSHandle_t palTLSHandle, const void *buffer, uint32_t len, uint32_t *bytesWritten);

palStatus_t pal_plat_setHandShakeTimeOut(palTLSConfHandle_t palTLSConf, uint32_t minTimeout, uint32_t maxTimeout);

palStatus_t pal_plat_sslSetup(palTLSHandle_t palTLSHandle, palTLSConfHandle_t palTLSConf);

palStatus_t pal_plat_handShake(palTLSHandle_t palTLSHandle, uint64_t* serverTime);

#if PAL_USE_SECURE_TIME

palStatus_t pal_plat_renegotiate(palTLSHandle_t palTLSHandle, uint64_t serverTime);
#endif //PAL_USE_SECURE_TIME

palStatus_t pal_plat_tlsSetSocket(palTLSConfHandle_t palTLSConf, palTLSSocket_t* socket);

palStatus_t pal_plat_setOwnCertChain(palTLSConfHandle_t palTLSConf, palX509_t* ownCert);

palStatus_t pal_plat_setOwnPrivateKey(palTLSConfHandle_t palTLSConf, palPrivateKey_t* privateKey);

palStatus_t pal_plat_setCAChain(palTLSConfHandle_t palTLSConf, palX509_t* caChain, palX509CRL_t* caCRL);

palStatus_t pal_plat_setPSK(palTLSConfHandle_t sslConf, const unsigned char *identity, uint32_t maxIdentityLenInBytes, const unsigned char *psk, uint32_t maxPskLenInBytes);


palStatus_t pal_plat_setAuthenticationMode(palTLSConfHandle_t sslConf, palTLSAuthMode_t authMode);


palStatus_t pal_plat_sslSetDebugging(palTLSConfHandle_t palTLSConf, uint8_t turnOn);

palStatus_t pal_plat_sslSetIOCallBacks(palTLSConfHandle_t palTLSConf, palTLSSocket_t* palIOCtx, palBIOSend_f palBIOSend, palBIORecv_f palBIORecv);

palStatus_t pal_plat_setTimeCB(palTLSHandle_t* palTLSHandle, palTimerCtx_t timerCtx, palSetTimer_f setTimer, palGetTimer_f getTimer);

palStatus_t pal_plat_SetLoggingCb(palTLSConfHandle_t palTLSConf, palLogFunc_f palLogFunction, void *logContext);

void pal_plat_SetDTLSSocketCallback(palTLSConfHandle_t palTLSConf, palSocketCallback_f cb, void *argument);

#if (PAL_USE_SSL_SESSION_RESUME == 1)

uint8_t* pal_plat_GetSslSessionBuffer(palTLSHandle_t palTLSHandle, size_t *buffer_size);

void pal_plat_SetSslSession(palTLSHandle_t palTLSHandle, const uint8_t *session_buffer);

int32_t pal_plat_saveSslSessionBuffer(palTLSHandle_t palTLSHandle);

int32_t pal_plat_loadSslSession(palTLSHandle_t palTLSHandle);

void pal_plat_removeSslSession();

bool pal_plat_sslSessionAvailable();

const uint8_t* pal_plat_get_cid(size_t *size);

void pal_plat_set_cid(const uint8_t* context, const size_t length);

void pal_plat_set_cid_value(palTLSHandle_t palTLSHandle, const uint8_t *data_ptr, const size_t data_len);

void pal_plat_get_cid_value(palTLSHandle_t palTLSHandle, uint8_t *data_ptr, size_t *data_len);

#endif //PAL_USE_SSL_SESSION_RESUME
#endif //_PAL_PLAT_TLS_H_