bartoszek/zephyr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bf8efdbf5b
zephyr/include/net/tls_credentials.h
Robert Lubos d09cbcaf6f net: tls: Add credential management subsystem 
Add TLS credential management subsystem that enables to register TLS
credentials in the system. Once specific credentials are registered in
the system, they will be available for TLS secure sockets to use.

To use a TLS credential with a socket, the following steps have to be
taken:
1. TLS credential has to be registered in a system-wide pool, using the
API provided in "net/tls_credentials.h" header file.
2. TLS credential (and other TLS parameters) should be set on a socket
using setsockopt().

Note, that there is no need to repeat step 1 for different sockets using
the same credentials. Once TLS credential is registered in the system,
it can be used with mulitple sockets, as long as it's not deleted.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2018-07-26 12:13:15 -04:00

112 lines
3.2 KiB
C
Raw Blame History

/*
* Copyright (c) 2018 Nordic Semiconductor ASA
*
* SPDX-License-Identifier: Apache-2.0
*/
/** @file
* @brief TLS credentials management
*
* An API for applications to configure TLS credentials.
*/
#ifndef __TLS_CREDENTIAL_H
#define __TLS_CREDENTIAL_H
/**
* @brief TLS credentials management
* @defgroup tls_credentials TLS credentials management
* @ingroup networking
* @{
*/
#ifdef __cplusplus
extern "C" {
#endif
/** TLS credential types */
enum tls_credential_type {
TLS_CREDENTIAL_NONE,
TLS_CREDENTIAL_CA_CERTIFICATE,
TLS_CREDENTIAL_SERVER_CERTIFICATE,
TLS_CREDENTIAL_PRIVATE_KEY,
TLS_CREDENTIAL_PSK,
TLS_CREDENTIAL_PSK_ID
};
/** Secure tag, a reference to TLS credential
*
* Secure tag can be used to reference credential after it was registered
* in the system.
*
* @note Some TLS credentials come in pairs:
* - TLS_CREDENTIAL_SERVER_CERTIFICATE with TLS_CREDENTIAL_PRIVATE_KEY,
* - TLS_CREDENTIAL_PSK with TLS_CREDENTIAL_PSK_ID.
* Such pairs of credentials must be assigned the same secure tag to be
* correctly handled in the system.
*/
typedef int sec_tag_t;
/**
* @brief Add a TLS credential.
*
* @details This function adds a TLS credential, that can be used
* by TLS/DTLS for authentication.
*
* @param tag A security tag that credential will be referenced with.
* @param type A TLS/DTLS credential type.
* @param cred A TLS/DTLS credential.
* @param credlen A TLS/DTLS credential length.
*
* @retval 0 TLS credential successfully added.
* @retval -EACCES Access to the TLS credential subsystem was denied.
* @retval -ENOMEM Not enough memory to add new TLS credential.
* @retval -EEXIST TLS credential of specific tag and type already exists.
*/
int tls_credential_add(sec_tag_t tag, enum tls_credential_type type,
const void *cred, size_t credlen);
/**
* @brief Get a TLS credential.
*
* @details This function gets an already registered TLS credential,
* referenced by @p tag secure tag of @p type.
*
* @param tag A security tag of requested credential.
* @param type A TLS/DTLS credential type of requested credential.
* @param cred A buffer for TLS/DTLS credential.
* @param credlen A buffer size on input. TLS/DTLS credential length on output.
*
* @retval 0 TLS credential successfully obtained.
* @retval -EACCES Access to the TLS credential subsystem was denied.
* @retval -ENOENT Requested TLS credential was not found.
* @retval -EFBIG Requested TLS credential does not fit in the buffer provided.
*/
int tls_credential_get(sec_tag_t tag, enum tls_credential_type type,
void *cred, size_t *credlen);
/**
* @brief Delete a TLS credential.
*
* @details This function removes a TLS credential, referenced by @p tag
* secure tag of @p type.
*
* @param tag A security tag corresponding to removed credential.
* @param type A TLS/DTLS credential type of removed credential.
*
* @retval 0 TLS credential successfully deleted.
* @retval -EACCES Access to the TLS credential subsystem was denied.
* @retval -ENOENT Requested TLS credential was not found.
*/
int tls_credential_delete(sec_tag_t tag, enum tls_credential_type type);
#ifdef __cplusplus
}
#endif
/**
* @}
*/
#endif /* __TLS_CREDENTIAL_H */
Reference in New Issue View Git Blame Copy Permalink