1 /* *****************************************************************
3 * Copyright 2015 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 ******************************************************************/
24 * This file contains the Security APIs for Resource Model to use.
27 #ifndef CA_SECURITY_INTERFACE_H_
28 #define CA_SECURITY_INTERFACE_H_
32 #endif //__WITH_X509__
44 * @enum CADtlsPskCredType_t
45 * Type of PSK credential required during DTLS handshake
46 * It does not make much sense in bringing in all definitions from dtls.h into here.
47 * Therefore, redefining them here.
54 } CADtlsPskCredType_t;
57 * This internal callback is used by CA layer to
58 * retrieve PSK credentials from SRM.
60 * @param[in] type type of PSK data required by CA layer during DTLS handshake set.
61 * @param[in] desc Additional request information.
62 * @param[in] desc_len The actual length of desc.
63 * @param[out] result Must be filled with the requested information.
64 * @param[in] result_length Maximum size of @p result.
66 * @return The number of bytes written to @p result or a value
67 * less than zero on error.
69 typedef int (*CAGetDTLSPskCredentialsHandler)(CADtlsPskCredType_t type,
70 const uint8_t *desc, size_t desc_len,
71 uint8_t *result, size_t result_length);
74 * Register callback to receive the result of DTLS handshake.
75 * @param[in] dtlsHandshakeCallback callback for get dtls handshake result
76 * @return ::CA_STATUS_OK
78 CAResult_t CARegisterDTLSHandshakeCallback(CAErrorCallback dtlsHandshakeCallback);
81 * Register callback to get DTLS PSK credentials.
82 * @param[in] GetDTLSCredentials GetDTLS Credetials callback.
83 * @return ::CA_STATUS_OK
85 CAResult_t CARegisterDTLSCredentialsHandler(CAGetDTLSPskCredentialsHandler GetDTLSCredentials);
87 #endif //__WITH_DTLS__
91 * Binary structure containing certificate chain and certificate credentials
96 // certificate message for DTLS
97 unsigned char certificateChain[MAX_CERT_MESSAGE_LEN];
98 // length of the certificate message
99 uint32_t certificateChainLen;
100 // number of certificates in certificate message
102 // x component of EC public key
103 uint8_t rootPublicKeyX[PUBLIC_KEY_SIZE / 2];
104 // y component of EC public key
105 uint8_t rootPublicKeyY[PUBLIC_KEY_SIZE / 2];
107 uint8_t devicePrivateKey[PRIVATE_KEY_SIZE];
112 * @brief Callback function type for getting certificate credentials.
113 * @param credInfo [OUT] Certificate credentials info. Handler has to allocate new memory for
114 * credInfo which is then freed by CA
117 typedef int (*CAGetDTLSX509CredentialsHandler)(CADtlsX509Creds_t *credInfo);
119 * @brief Callback function type for getting CRL.
120 * @param crlInfo [OUT] Certificate credentials info. Handler has to allocate new memory for
121 * credInfo which is then freed by CA
124 typedef void (*CAGetDTLSCrlHandler)(ByteArray* crlInfo);
127 * @brief Register callback to get DTLS Cert credentials.
128 * @param GetCertCredentials [IN] GetCert Credetials callback
129 * @return #CA_STATUS_OK
131 CAResult_t CARegisterDTLSX509CredentialsHandler(CAGetDTLSX509CredentialsHandler GetX509Credentials);
133 * @brief Register callback to get CRL.
134 * @param GetCrl [IN] GetCrl callback
135 * @return #CA_STATUS_OK
137 CAResult_t CARegisterDTLSCrlHandler(CAGetDTLSCrlHandler GetCrl);
138 #endif //__WITH_X509__
144 * Select the cipher suite for dtls handshake.
146 * @param[in] cipher cipher suite (Note : Make sure endianness).
147 * 0xC018 : TLS_ECDH_anon_WITH_AES_128_CBC_SHA
148 * 0xC0A8 : TLS_PSK_WITH_AES_128_CCM_8
149 * 0xC0AE : TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
151 * @retval ::CA_STATUS_OK Successful.
152 * @retval ::CA_STATUS_INVALID_PARAM Invalid input arguments.
153 * @retval ::CA_STATUS_FAILED Operation failed.
155 CAResult_t CASelectCipherSuite(const uint16_t cipher);
158 * Enable TLS_ECDH_anon_WITH_AES_128_CBC_SHA cipher suite in dtls.
160 * @param[in] enable TRUE/FALSE enables/disables anonymous cipher suite.
162 * @retval ::CA_STATUS_OK Successful.
163 * @retval ::CA_STATUS_FAILED Operation failed.
165 * @note anonymous cipher suite should only be enabled for 'JustWorks' provisioning.
167 CAResult_t CAEnableAnonECDHCipherSuite(const bool enable);
171 * Generate ownerPSK using PRF.
172 * OwnerPSK = TLS-PRF('master key' , 'oic.sec.doxm.jw',
173 * 'ID of new device(Resource Server)',
174 * 'ID of owner smart-phone(Provisioning Server)')
176 * @param[in] endpoint information of network address.
177 * @param[in] label Ownership transfer method e.g)"oic.sec.doxm.jw".
178 * @param[in] labelLen Byte length of label.
179 * @param[in] rsrcServerDeviceID ID of new device(Resource Server).
180 * @param[in] rsrcServerDeviceIDLen Byte length of rsrcServerDeviceID.
181 * @param[in] provServerDeviceID label of previous owner.
182 * @param[in] provServerDeviceIDLen byte length of provServerDeviceID.
183 * @param[in,out] ownerPSK Output buffer for owner PSK.
184 * @param[in] ownerPSKSize Byte length of the ownerPSK to be generated.
186 * @retval ::CA_STATUS_OK Successful.
187 * @retval ::CA_STATUS_FAILED Operation failed.
189 CAResult_t CAGenerateOwnerPSK(const CAEndpoint_t *endpoint,
190 const uint8_t* label, const size_t labelLen,
191 const uint8_t* rsrcServerDeviceID,
192 const size_t rsrcServerDeviceIDLen,
193 const uint8_t* provServerDeviceID,
194 const size_t provServerDeviceIDLen,
195 uint8_t* ownerPSK, const size_t ownerPSKSize);
198 * Initiate DTLS handshake with selected cipher suite.
200 * @param[in] endpoint information of network address.
202 * @retval ::CA_STATUS_OK Successful.
203 * @retval ::CA_STATUS_FAILED Operation failed.
205 CAResult_t CAInitiateHandshake(const CAEndpoint_t *endpoint);
208 * Close the DTLS session.
210 * @param[in] endpoint information of network address.
212 * @retval ::CA_STATUS_OK Successful.
213 * @retval ::CA_STATUS_FAILED Operation failed.
215 CAResult_t CACloseDtlsSession(const CAEndpoint_t *endpoint);
217 #endif /* __WITH_DTLS__ */
225 #endif /* CA_SECURITY_INTERFACE_H_ */