1 /* *****************************************************************
3 * Copyright 2015 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 ******************************************************************/
24 * This file contains the Security APIs for Resource Model to use.
27 #ifndef CA_SECURITY_INTERFACE_H_
28 #define CA_SECURITY_INTERFACE_H_
32 #include "byte_array.h"
40 * @enum CADtlsPskCredType_t
41 * Type of PSK credential required during DTLS handshake
42 * It does not make much sense in bringing in all definitions from dtls.h into here.
43 * Therefore, redefining them here.
50 } CADtlsPskCredType_t;
53 * This internal callback is used by CA layer to
54 * retrieve PSK credentials from SRM.
56 * @param[in] type type of PSK data required by CA layer during DTLS handshake set.
57 * @param[in] desc Additional request information.
58 * @param[in] desc_len The actual length of desc.
59 * @param[out] result Must be filled with the requested information.
60 * @param[in] result_length Maximum size of @p result.
62 * @return The number of bytes written to @p result or a value
63 * less than zero on error.
65 typedef int (*CAgetPskCredentialsHandler)(CADtlsPskCredType_t type,
66 const uint8_t *desc, size_t desc_len,
67 uint8_t *result, size_t result_length);
69 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
72 * API to get a secure connected peer information
74 * @param[in] peer peer information includs IP address and port.
76 * @return secure connected peer information on success, otherwise NULL
78 const CASecureEndpoint_t *CAGetSecureEndpointData(const CAEndpoint_t *peer);
79 #endif //MULTIPLE_OWNER
82 * Adds a bit to the attributes field of a secure endpoint.
84 * @param[in] peer remote address
85 * @param[in] newAttribute bit to be added to the attributes field
87 * @return true if the secure endpoint has been found, false otherwise.
89 bool CASetSecureEndpointAttribute(const CAEndpoint_t* peer, uint32_t newAttribute);
92 * Gets the attributes field of a secure endpoint.
94 * @param[in] peer remote address
95 * @param[out] allAttributes all the attributes bits for that remote address
97 * @return true if the secure endpoint has been found, false otherwise.
99 bool CAGetSecureEndpointAttributes(const CAEndpoint_t* peer, uint32_t* allAttributes);
100 #endif // #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
103 * This internal callback is used by CA layer to
104 * retrieve all credential types from SRM
106 * @param[out] list of enabled credential types for CA handshake
109 typedef void (*CAgetCredentialTypesHandler)(bool * list);
111 * Binary structure containing PKIX related info
112 * own certificate chain, public key, CA's and CRL's
116 // own certificate chain
127 * Register callback to get types of TLS suites.
128 * @param[in] getCredTypesHandler Get types of TLS suites callback.
129 * @return ::CA_STATUS_OK or appropriate error code.
131 CAResult_t CAregisterGetCredentialTypesHandler(CAgetCredentialTypesHandler getCredTypesHandler);
134 * Register callback to receive the result of TLS handshake.
135 * @param[in] tlsHandshakeCallback callback for get tls handshake result
136 * @return ::CA_STATUS_OK
138 CAResult_t CAregisterSslHandshakeCallback(CAErrorCallback tlsHandshakeCallback);
141 * Register callback to get TLS PSK credentials.
142 * @param[in] getTlsCredentials GetDTLS Credetials callback.
143 * @return ::CA_STATUS_OK
145 CAResult_t CAregisterPskCredentialsHandler(CAgetPskCredentialsHandler getTlsCredentials);
148 * @brief Callback function type for getting PKIX info
150 * @param inf[out] PKIX related info
154 typedef void (*CAgetPkixInfoHandler)(PkiInfo_t * inf);
157 * Register callback to get PKIX related info.
158 * @param[in] getPkixInfoHandler Get PKIX related info callback.
159 * @return ::CA_STATUS_OK or appropriate error code.
161 CAResult_t CAregisterPkixInfoHandler(CAgetPkixInfoHandler getPkixInfoHandler);
164 * Select the cipher suite for dtls handshake.
166 * @param[in] cipher cipher suite (Note : Make sure endianness).
167 * TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D
168 * TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C
169 * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
170 * TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
171 * TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC
172 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
173 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
174 * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
175 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
176 * TLS_ECDH_anon_WITH_AES_128_CBC_SHA 0xC018
177 * @param[in] adapter transport adapter (TCP/IP/BLE)
179 * @retval ::CA_STATUS_OK Successful.
180 * @retval ::CA_STATUS_INVALID_PARAM Invalid input arguments.
181 * @retval ::CA_STATUS_FAILED Operation failed.
183 CAResult_t CASelectCipherSuite(const uint16_t cipher, CATransportAdapter_t adapter);
186 * Enable TLS_ECDH_anon_WITH_AES_128_CBC_SHA cipher suite in dtls.
188 * @param[in] enable TRUE/FALSE enables/disables anonymous cipher suite.
190 * @retval ::CA_STATUS_OK Successful.
191 * @retval ::CA_STATUS_FAILED Operation failed.
193 * @note anonymous cipher suite should only be enabled for 'JustWorks' provisioning.
195 CAResult_t CAEnableAnonECDHCipherSuite(const bool enable);
199 * Generate ownerPSK using PRF.
200 * OwnerPSK = TLS-PRF('master key' , 'oic.sec.doxm.jw',
201 * 'ID of new device(Resource Server)',
202 * 'ID of owner smart-phone(Provisioning Server)')
204 * @param[in] endpoint information of network address.
205 * @param[in] label Ownership transfer method e.g)"oic.sec.doxm.jw".
206 * @param[in] labelLen Byte length of label.
207 * @param[in] rsrcServerDeviceID ID of new device(Resource Server).
208 * @param[in] rsrcServerDeviceIDLen Byte length of rsrcServerDeviceID.
209 * @param[in] provServerDeviceID label of previous owner.
210 * @param[in] provServerDeviceIDLen byte length of provServerDeviceID.
211 * @param[in,out] ownerPSK Output buffer for owner PSK.
212 * @param[in] ownerPskSize Byte length of the ownerPSK to be generated.
214 * @retval ::CA_STATUS_OK Successful.
215 * @retval ::CA_STATUS_FAILED Operation failed.
217 CAResult_t CAGenerateOwnerPSK(const CAEndpoint_t *endpoint,
218 const uint8_t* label, const size_t labelLen,
219 const uint8_t* rsrcServerDeviceID,
220 const size_t rsrcServerDeviceIDLen,
221 const uint8_t* provServerDeviceID,
222 const size_t provServerDeviceIDLen,
223 uint8_t* ownerPSK, const size_t ownerPskSize);
226 * Initiate DTLS handshake with selected cipher suite.
228 * @param[in] endpoint information of network address.
230 * @retval ::CA_STATUS_OK Successful.
231 * @retval ::CA_STATUS_FAILED Operation failed.
233 CAResult_t CAInitiateHandshake(const CAEndpoint_t *endpoint);
236 * Close the DTLS session.
238 * @param[in] endpoint information of network address.
240 * @retval ::CA_STATUS_OK Successful.
241 * @retval ::CA_STATUS_FAILED Operation failed.
243 CAResult_t CAcloseSslSession(const CAEndpoint_t *endpoint);
246 * Initiate TLS handshake with selected cipher suite.
248 * @param[in] endpoint information of network address.
250 * @retval ::CA_STATUS_OK Successful.
251 * @retval ::CA_STATUS_FAILED Operation failed.
253 CAResult_t CAinitiateSslHandshake(const CAEndpoint_t *endpoint);
256 * Close the DTLS session.
258 * @param[in] endpoint information of network address.
260 * @retval ::CA_STATUS_OK Successful.
261 * @retval ::CA_STATUS_FAILED Operation failed.
263 CAResult_t CAcloseSslConnection(const CAEndpoint_t *endpoint);
267 * Close All of DTLS sessions.
269 void CAcloseSslConnectionAll(CATransportAdapter_t transportType);
276 #endif /* CA_SECURITY_INTERFACE_H_ */