197 lines
7.0 KiB
C
197 lines
7.0 KiB
C
/**
|
|
* @file
|
|
* Application layered TCP/TLS connection API (to be used from TCPIP thread)
|
|
*
|
|
* @defgroup altcp_tls TLS layer
|
|
* @ingroup altcp
|
|
* This file contains function prototypes for a TLS layer.
|
|
* A port to ARM mbedtls is provided in the apps/ tree
|
|
* (LWIP_ALTCP_TLS_MBEDTLS option).
|
|
*/
|
|
|
|
/*
|
|
* Copyright (c) 2017 Simon Goldschmidt
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without modification,
|
|
* are permitted provided that the following conditions are met:
|
|
*
|
|
* 1. Redistributions of source code must retain the above copyright notice,
|
|
* this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright notice,
|
|
* this list of conditions and the following disclaimer in the documentation
|
|
* and/or other materials provided with the distribution.
|
|
* 3. The name of the author may not be used to endorse or promote products
|
|
* derived from this software without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
|
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
|
|
* SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
|
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
|
|
* OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
|
|
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
|
|
* OF SUCH DAMAGE.
|
|
*
|
|
* This file is part of the lwIP TCP/IP stack.
|
|
*
|
|
* Author: Simon Goldschmidt <goldsimon@gmx.de>
|
|
*
|
|
*/
|
|
#ifndef LWIP_HDR_ALTCP_TLS_H
|
|
#define LWIP_HDR_ALTCP_TLS_H
|
|
|
|
#include "lwip/opt.h"
|
|
|
|
#if LWIP_ALTCP /* don't build if not configured for use in lwipopts.h */
|
|
|
|
#if LWIP_ALTCP_TLS
|
|
|
|
#include "lwip/altcp.h"
|
|
|
|
/* check if mbedtls port is enabled */
|
|
#include "lwip/apps/altcp_tls_mbedtls_opts.h"
|
|
/* allow session structure to be fully defined when using mbedtls port */
|
|
#if LWIP_ALTCP_TLS_MBEDTLS
|
|
#include "mbedtls/ssl.h"
|
|
#endif
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
/** @ingroup altcp_tls
|
|
* ALTCP_TLS configuration handle, content depends on port (e.g. mbedtls)
|
|
*/
|
|
struct altcp_tls_config;
|
|
|
|
/** @ingroup altcp_tls
|
|
* Create an ALTCP_TLS server configuration handle prepared for multiple certificates
|
|
*/
|
|
struct altcp_tls_config *altcp_tls_create_config_server(u8_t cert_count);
|
|
|
|
/** @ingroup altcp_tls
|
|
* Add a certificate to an ALTCP_TLS server configuration handle
|
|
*/
|
|
err_t altcp_tls_config_server_add_privkey_cert(struct altcp_tls_config *config,
|
|
const u8_t *privkey, size_t privkey_len,
|
|
const u8_t *privkey_pass, size_t privkey_pass_len,
|
|
const u8_t *cert, size_t cert_len);
|
|
|
|
/** @ingroup altcp_tls
|
|
* Create an ALTCP_TLS server configuration handle with one certificate
|
|
* (short version of calling @ref altcp_tls_create_config_server and
|
|
* @ref altcp_tls_config_server_add_privkey_cert)
|
|
*/
|
|
struct altcp_tls_config *altcp_tls_create_config_server_privkey_cert(const u8_t *privkey, size_t privkey_len,
|
|
const u8_t *privkey_pass, size_t privkey_pass_len,
|
|
const u8_t *cert, size_t cert_len);
|
|
|
|
/** @ingroup altcp_tls
|
|
* Create an ALTCP_TLS client configuration handle
|
|
*/
|
|
struct altcp_tls_config *altcp_tls_create_config_client(const u8_t *cert, size_t cert_len);
|
|
|
|
/** @ingroup altcp_tls
|
|
* Create an ALTCP_TLS client configuration handle with two-way server/client authentication
|
|
*/
|
|
struct altcp_tls_config *altcp_tls_create_config_client_2wayauth(const u8_t *ca, size_t ca_len, const u8_t *privkey, size_t privkey_len,
|
|
const u8_t *privkey_pass, size_t privkey_pass_len,
|
|
const u8_t *cert, size_t cert_len);
|
|
|
|
/** @ingroup altcp_tls
|
|
* Configure ALPN TLS extension
|
|
* Example:<br>
|
|
* static const char *g_alpn_protocols[] = { "x-amzn-mqtt-ca", NULL };<br>
|
|
* tls_config = altcp_tls_create_config_client(ca, ca_len);<br>
|
|
* altcp_tls_conf_alpn_protocols(tls_config, g_alpn_protocols);<br>
|
|
*/
|
|
int altcp_tls_configure_alpn_protocols(struct altcp_tls_config *conf, const char **protos);
|
|
|
|
/** @ingroup altcp_tls
|
|
* Free an ALTCP_TLS configuration handle
|
|
*/
|
|
void altcp_tls_free_config(struct altcp_tls_config *conf);
|
|
|
|
/** @ingroup altcp_tls
|
|
* Free an ALTCP_TLS global entropy instance.
|
|
* All ALTCP_TLS configuration are linked to one altcp_tls_entropy_rng structure
|
|
* that handle an unique system entropy & ctr_drbg instance.
|
|
* This function allow application to free this altcp_tls_entropy_rng structure
|
|
* when all configuration referencing it were destroyed.
|
|
* This function does nothing if some ALTCP_TLS configuration handle are still
|
|
* active.
|
|
*/
|
|
void altcp_tls_free_entropy(void);
|
|
|
|
/** @ingroup altcp_tls
|
|
* Create new ALTCP_TLS layer wrapping an existing pcb as inner connection (e.g. TLS over TCP)
|
|
*/
|
|
struct altcp_pcb *altcp_tls_wrap(struct altcp_tls_config *config, struct altcp_pcb *inner_pcb);
|
|
|
|
/** @ingroup altcp_tls
|
|
* Create new ALTCP_TLS pcb and its inner tcp pcb
|
|
*/
|
|
struct altcp_pcb *altcp_tls_new(struct altcp_tls_config *config, u8_t ip_type);
|
|
|
|
/** @ingroup altcp_tls
|
|
* Create new ALTCP_TLS layer pcb and its inner tcp pcb.
|
|
* Same as @ref altcp_tls_new but this allocator function fits to
|
|
* @ref altcp_allocator_t / @ref altcp_new.<br>
|
|
'arg' must contain a struct altcp_tls_config *.
|
|
*/
|
|
struct altcp_pcb *altcp_tls_alloc(void *arg, u8_t ip_type);
|
|
|
|
/** @ingroup altcp_tls
|
|
* Return pointer to internal TLS context so application can tweak it.
|
|
* Real type depends on port (e.g. mbedtls)
|
|
*/
|
|
void *altcp_tls_context(struct altcp_pcb *conn);
|
|
|
|
/** @ingroup altcp_tls
|
|
* ALTCP_TLS session handle, content depends on port (e.g. mbedtls)
|
|
*/
|
|
struct altcp_tls_session
|
|
#if LWIP_ALTCP_TLS_MBEDTLS
|
|
{
|
|
mbedtls_ssl_session data;
|
|
}
|
|
#endif
|
|
;
|
|
|
|
/** @ingroup altcp_tls
|
|
* Initialise a TLS session buffer.
|
|
* Real type depends on port (e.g. mbedtls use mbedtls_ssl_session)
|
|
*/
|
|
void altcp_tls_init_session(struct altcp_tls_session *dest);
|
|
|
|
/** @ingroup altcp_tls
|
|
* Save current connected session to reuse it later. Should be called after altcp_connect() succeeded.
|
|
* Return error if saving session fail.
|
|
* Real type depends on port (e.g. mbedtls use mbedtls_ssl_session)
|
|
*/
|
|
err_t altcp_tls_get_session(struct altcp_pcb *conn, struct altcp_tls_session *dest);
|
|
|
|
/** @ingroup altcp_tls
|
|
* Restore a previously saved session. Must be called before altcp_connect().
|
|
* Return error if cannot restore session.
|
|
* Real type depends on port (e.g. mbedtls use mbedtls_ssl_session)
|
|
*/
|
|
err_t altcp_tls_set_session(struct altcp_pcb *conn, struct altcp_tls_session *from);
|
|
|
|
/** @ingroup altcp_tls
|
|
* Free allocated data inside a TLS session buffer.
|
|
* Real type depends on port (e.g. mbedtls use mbedtls_ssl_session)
|
|
*/
|
|
void altcp_tls_free_session(struct altcp_tls_session *dest);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif /* LWIP_ALTCP_TLS */
|
|
#endif /* LWIP_ALTCP */
|
|
#endif /* LWIP_HDR_ALTCP_TLS_H */
|