1 /* *****************************************************************
3 * Copyright 2016 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 ******************************************************************/
20 #ifndef CA_ADAPTER_NET_SSL_H_
21 #define CA_ADAPTER_NET_SSL_H_
28 #include "casecurityinterface.h"
31 * Currently TLS supported adapters(3) WIFI, ETHENET and BLE for linux platform.
33 #define MAX_SUPPORTED_ADAPTERS 3
35 typedef CAResult_t (*CAPacketReceivedCallback)(const CASecureEndpoint_t *sep,
36 const void *data, size_t dataLength);
38 typedef ssize_t (*CAPacketSendCallback)(CAEndpoint_t *endpoint,
39 const void *data, size_t dataLength);
42 * Select the cipher suite for dtls handshake
44 * @param[in] cipher cipher suite
45 * TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D
46 * TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C
47 * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
48 * TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
49 * TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC
50 * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
51 * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
52 * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
53 * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
54 * TLS_ECDH_anon_WITH_AES_128_CBC_SHA 0xC018
56 * @retval ::CA_STATUS_OK for success, otherwise some error value
58 CAResult_t CAsetTlsCipherSuite(const uint32_t cipher);
61 * Used set send and recv callbacks for different adapters(WIFI,EtherNet).
63 * @param[in] recvCallback packet received callback.
64 * @param[in] sendCallback packet sent callback.
65 * @param[in] type type of adapter.
68 void CAsetSslAdapterCallbacks(CAPacketReceivedCallback recvCallback,
69 CAPacketSendCallback sendCallback,
70 CATransportAdapter_t type);
73 * Register callback to get credentials types.
74 * @param[in] credTypesCallback callback to get credential types.
76 void CAsetCredentialTypesCallback(CAgetCredentialTypesHandler credTypesCallback);
78 * Register callback to get credential types.
79 * @param[in] typesCallback callback to get credential types.
81 void CAsetSslCredentialsCallback(CAgetPskCredentialsHandler credCallback);
84 * Close the TLS session
86 * @param[in] endpoint information of network address
88 * @retval ::CA_STATUS_OK for success, otherwise some error value
90 CAResult_t CAcloseSslConnection(const CAEndpoint_t *endpoint);
93 * Close the DTLS session and free endpoint.
95 * @param[in] endpoint information of network address;
96 * CAcloseSslConnectionWrapper takes ownership of endpoint
98 * @retval ::CA_STATUS_OK Successful.
99 * @retval ::CA_STATUS_FAILED Operation failed.
101 CAResult_t CAcloseSslConnectionFreeEndpoint(CAEndpoint_t *endpoint);
104 * initialize mbedTLS library and other necessary initialization.
106 * @return 0 on success otherwise a positive error value.
107 * @retval ::CA_STATUS_OK Successful.
108 * @retval ::CA_MEMORY_ALLOC_FAILED Memory allocation failed.
109 * @retval ::CA_STATUS_FAILED Operation failed.
112 CAResult_t CAinitSslAdapter();
115 * de-inits mbedTLS library and free the allocated memory.
117 void CAdeinitSslAdapter();
120 * Performs TLS encryption of the CoAP PDU.
122 * If a DTLS session does not exist yet with the @dst,
123 * a TLS handshake will be started. In case where a new TLS handshake
124 * is started, pdu info is cached to be send when session setup is finished.
126 * @param[in] endpoint address to which data will be sent.
127 * @param[in] data length of data.
128 * @param[in] dataLen length of given data
130 * @return 0 on success otherwise a positive error value.
131 * @retval ::CA_STATUS_OK Successful.
132 * @retval ::CA_STATUS_INVALID_PARAM Invalid input arguments.
133 * @retval ::CA_STATUS_FAILED Operation failed.
137 CAResult_t CAencryptSsl(const CAEndpoint_t *endpoint, void *data, uint32_t dataLen);
140 * Performs TLS decryption of the data.
142 * @param[in] sep address and flags for which data will be decrypted.
143 * @param[in] data length of data.
144 * @param[in] dataLen length of given data
146 * @return 0 on success otherwise a positive error value.
147 * @retval ::CA_STATUS_OK Successful.
148 * @retval ::CA_STATUS_INVALID_PARAM Invalid input arguments.
149 * @retval ::CA_STATUS_FAILED Operation failed.
152 CAResult_t CAdecryptSsl(const CASecureEndpoint_t *sep, uint8_t *data, uint32_t dataLen);
155 * Initiate TLS handshake with selected cipher suite.
157 * @param[in] endpoint information of network address
159 * @retval ::CA_STATUS_OK for success, otherwise some error value
161 CAResult_t CAinitiateSslHandshake(const CAEndpoint_t *endpoint);
164 * Register callback to deliver the result of TLS handshake
165 * @param[in] tlsHandshakeCallback Callback to receive the result of TLS handshake.
167 void CAsetSslHandshakeCallback(CAErrorCallback tlsHandshakeCallback);
170 * Generate ownerPSK using PRF
171 * OwnerPSK = TLS-PRF('master key' , 'oic.sec.doxm.jw',
172 * 'ID of new device(Resource Server)',
173 * 'ID of owner smart-phone(Provisioning Server)')
175 * @param[in] endpoint information of network address
176 * @param[in] label Ownership transfer method e.g)"oic.sec.doxm.jw"
177 * @param[in] labelLen Byte length of label
178 * @param[in] rsrcServerDeviceID ID of new device(Resource Server)
179 * @param[in] rsrcServerDeviceIDLen Byte length of rsrcServerDeviceID
180 * @param[in] provServerDeviceID label of previous owner
181 * @param[in] provServerDeviceIDLen byte length of provServerDeviceID
182 * @param[in,out] ownerPSK Output buffer for owner PSK
183 * @param[in] ownerPSKSize Byte length of the ownerPSK to be generated
185 * @retval ::CA_STATUS_OK for success, otherwise some error value
187 CAResult_t CAsslGenerateOwnerPsk(const CAEndpoint_t *endpoint,
188 const uint8_t* label, const size_t labelLen,
189 const uint8_t* rsrcServerDeviceId, const size_t rsrcServerDeviceIdLen,
190 const uint8_t* provServerDeviceId, const size_t provServerDeviceIdLen,
191 uint8_t* ownerPsk, const size_t ownerPskSize);
193 #ifdef MULTIPLE_OWNER
195 * Gets CA secure endpoint info corresponding for endpoint.
197 * @param[in] peer remote address
199 * @return CASecureEndpoint or NULL
201 const CASecureEndpoint_t *GetCASecureEndpointData(const CAEndpoint_t* peer);
204 bool CAIsExistSslPeer(const CAEndpoint_t *peer);
210 #endif /* CA_ADAPTER_NET_SSL_H_ */