1 /* *****************************************************************
3 * Copyright 2015 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 ******************************************************************/
20 #ifndef CA_ADAPTER_NET_DTLS_H_
21 #define CA_ADAPTER_NET_DTLS_H_
24 #include "uarraylist.h"
26 #include "caadapterutils.h"
27 #include "cainterface.h"
31 * Currently DTLS supported adapters(2) WIFI and ETHENET for linux platform.
33 #define MAX_SUPPORTED_ADAPTERS 2
35 typedef void (*CAPacketReceivedCallback)(const CASecureEndpoint_t *sep,
36 const void *data, uint32_t dataLength);
38 typedef void (*CAPacketSendCallback)(CAEndpoint_t *endpoint,
39 const void *data, uint32_t dataLength);
42 * Data structure for holding the send and recv callbacks.
44 typedef struct CAAdapterCallbacks
46 CAPacketReceivedCallback recvCallback; /**< Callback used to send data to upper layer. */
47 CAPacketSendCallback sendCallback; /**< Callback used to send data to socket layer. */
48 } stCAAdapterCallbacks_t;
51 * Data structure for holding the tinyDTLS interface related info.
53 typedef struct stCADtlsContext
55 u_arraylist_t *peerInfoList; /**< peerInfo list which holds the mapping between
56 peer id to it's n/w address. */
57 u_arraylist_t *cacheList; /**< PDU's are cached until DTLS session is formed. */
58 struct dtls_context_t *dtlsContext; /**< Pointer to tinyDTLS context. */
59 struct stPacketInfo *packetInfo; /**< used by callback during
60 decryption to hold address/length. */
61 dtls_handler_t callbacks; /**< Pointer to callbacks needed by tinyDTLS. */
62 stCAAdapterCallbacks_t adapterCallbacks[MAX_SUPPORTED_ADAPTERS];
66 * Data structure for holding the decrypted data address
67 * and length provided by tinyDTLS callback interface.
69 typedef struct stPacketInfo
76 * tinyDTLS library error codes.
83 DTLS_SESSION_INITIATED,
88 /** Structure to have address information which will match with DTLS session_t structure.*/
91 socklen_t size; /**< Size of address. */
98 struct sockaddr_storage st;
99 struct sockaddr_in sin;
100 struct sockaddr_in6 sin6;
101 } addr; /**< Address information. */
102 uint8_t ifIndex; /**< Holds adapter index to get callback info. */
103 } stCADtlsAddrInfo_t;
106 * structure to holds the information of cache message and address info.
108 typedef struct CACacheMessage
112 stCADtlsAddrInfo_t destSession;
113 } stCACacheMessage_t;
117 * Used set send and recv callbacks for different adapters(WIFI,EtherNet).
119 * @param[in] recvCallback packet received callback.
120 * @param[in] sendCallback packet sent callback.
121 * @param[in] type type of adapter.
124 void CADTLSSetAdapterCallbacks(CAPacketReceivedCallback recvCallback,
125 CAPacketSendCallback sendCallback,
126 CATransportAdapter_t type);
129 * Register callback to deliver the result of DTLS handshake
130 * @param[in] dtlsHandshakeCallback Callback to receive the result of DTLS handshake.
132 void CADTLSSetHandshakeCallback(CAErrorCallback dtlsHandshakeCallback);
135 * Select the cipher suite for dtls handshake
137 * @param[in] cipher cipher suite
138 * 0xC018 : TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256
139 * 0xC0A8 : TLS_PSK_WITH_AES_128_CCM_8
140 * 0xC0AE : TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
142 * @retval ::CA_STATUS_OK for success, otherwise some error value
144 CAResult_t CADtlsSelectCipherSuite(const dtls_cipher_t cipher);
147 * Enable anonymous ECDH cipher suite for dtls handshake
149 * @param[in] enable TRUE/FALSE enables/disables anonymous cipher suite
151 * @retval ::CA_STATUS_OK for success, otherwise some error value
153 CAResult_t CADtlsEnableAnonECDHCipherSuite(const bool enable);
156 * Initiate DTLS handshake with selected cipher suite
158 * @param[in] endpoint information of network address
160 * @retval ::CA_STATUS_OK for success, otherwise some error value
162 CAResult_t CADtlsInitiateHandshake(const CAEndpoint_t *endpoint);
165 * Close the DTLS session
167 * @param[in] endpoint information of network address
169 * @retval ::CA_STATUS_OK for success, otherwise some error value
171 CAResult_t CADtlsClose(const CAEndpoint_t *endpoint);
174 * Generate ownerPSK using PRF
175 * OwnerPSK = TLS-PRF('master key' , 'oic.sec.doxm.jw',
176 * 'ID of new device(Resource Server)',
177 * 'ID of owner smart-phone(Provisioning Server)')
179 * @param[in] endpoint information of network address
180 * @param[in] label Ownership transfer method e.g)"oic.sec.doxm.jw"
181 * @param[in] labelLen Byte length of label
182 * @param[in] rsrcServerDeviceID ID of new device(Resource Server)
183 * @param[in] rsrcServerDeviceIDLen Byte length of rsrcServerDeviceID
184 * @param[in] provServerDeviceID label of previous owner
185 * @param[in] provServerDeviceIDLen byte length of provServerDeviceID
186 * @param[in,out] ownerPSK Output buffer for owner PSK
187 * @param[in] ownerPSKSize Byte length of the ownerPSK to be generated
189 * @retval ::CA_STATUS_OK for success, otherwise some error value
191 CAResult_t CADtlsGenerateOwnerPSK(const CAEndpoint_t *endpoint,
192 const uint8_t* label, const size_t labelLen,
193 const uint8_t* rsrcServerDeviceID, const size_t rsrcServerDeviceIDLen,
194 const uint8_t* provServerDeviceID, const size_t provServerDeviceIDLen,
195 uint8_t* ownerPSK, const size_t ownerPSKSize);
199 * initialize tinyDTLS library and other necessary initialization.
201 * @return 0 on success otherwise a positive error value.
202 * @retval ::CA_STATUS_OK Successful.
203 * @retval ::CA_STATUS_INVALID_PARAM Invalid input arguments.
204 * @retval ::CA_STATUS_FAILED Operation failed.
207 CAResult_t CAAdapterNetDtlsInit();
210 * de-inits tinyDTLS library and free the allocated memory.
212 void CAAdapterNetDtlsDeInit();
215 * Performs DTLS encryption of the CoAP PDU. If a DTLS session does not exist yet
216 * with the @dst, a DTLS handshake will be started. In case where a new DTLS handshake
217 * is started, pdu info is cached to be send when session setup is finished.
219 * @param[in] endpoint address to which data will be sent.
220 * @param[in] port port to which data will be sent.
221 * @param[in] data length of data.
222 * @param[in] dataLen length of given data
224 * @return 0 on success otherwise a positive error value.
225 * @retval ::CA_STATUS_OK Successful.
226 * @retval ::CA_STATUS_INVALID_PARAM Invalid input arguments.
227 * @retval ::CA_STATUS_FAILED Operation failed.
231 CAResult_t CAAdapterNetDtlsEncrypt(const CAEndpoint_t *endpoint,
236 * Performs DTLS decryption of the data received on
237 * secure port. This method performs in-place decryption
238 * of the cipher-text buffer. If a DTLS handshake message
239 * is received or decryption failure happens, this method
240 * returns -1. If a valid application PDU is decrypted, it
241 * returns the length of the decrypted pdu.
243 * @return 0 on success otherwise a positive error value.
244 * @retval ::CA_STATUS_OK Successful.
245 * @retval ::CA_STATUS_INVALID_PARAM Invalid input arguments.
246 * @retval ::CA_STATUS_FAILED Operation failed.
249 CAResult_t CAAdapterNetDtlsDecrypt(const CASecureEndpoint_t *sep,
255 * API to get a secure connected peer information
256 * NOTE : This API use the mutex lock to access 'g_caDtlsContext',
257 * Please do not invoke this API for internal function of dtls adapter
259 * @param[in] peer peer information includs IP address and port.
261 * @ return secure connected peer information on success, otherwise NULL
263 CASecureEndpoint_t *CAGetSecurePeerInfo(const CAEndpoint_t *peer);
265 #endif /* CA_ADAPTER_NET_DTLS_H_ */