-
Notifications
You must be signed in to change notification settings - Fork 7k
/
esp_transport_ssl.h
199 lines (176 loc) · 7.42 KB
/
esp_transport_ssl.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
/*
* SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef _ESP_TRANSPORT_SSL_H_
#define _ESP_TRANSPORT_SSL_H_
#include "esp_transport.h"
#include "esp_tls.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Create new SSL transport, the transport handle must be release esp_transport_destroy callback
*
* @return the allocated esp_transport_handle_t, or NULL if the handle can not be allocated
*/
esp_transport_handle_t esp_transport_ssl_init(void);
/**
* @brief Set SSL certificate data (as PEM format).
* Note that, this function stores the pointer to data, rather than making a copy.
* So this data must remain valid until after the connection is cleaned up
*
* @param t ssl transport
* @param[in] data The pem data
* @param[in] len The length
*/
void esp_transport_ssl_set_cert_data(esp_transport_handle_t t, const char *data, int len);
/**
* @brief Set SSL certificate data (as DER format).
* Note that, this function stores the pointer to data, rather than making a copy.
* So this data must remain valid until after the connection is cleaned up
*
* @param t ssl transport
* @param[in] data The der data
* @param[in] len The length
*/
void esp_transport_ssl_set_cert_data_der(esp_transport_handle_t t, const char *data, int len);
/**
* @brief Enable the use of certification bundle for server verfication for
* an SSL connection.
* It must be first enabled in menuconfig.
*
* @param t ssl transport
* @param[in] crt_bundle_attach Function pointer to esp_crt_bundle_attach
*/
void esp_transport_ssl_crt_bundle_attach(esp_transport_handle_t t, esp_err_t ((*crt_bundle_attach)(void *conf)));
/**
* @brief Enable global CA store for SSL connection
*
* @param t ssl transport
*/
void esp_transport_ssl_enable_global_ca_store(esp_transport_handle_t t);
/**
* @brief Set SSL client certificate data for mutual authentication (as PEM format).
* Note that, this function stores the pointer to data, rather than making a copy.
* So this data must remain valid until after the connection is cleaned up
*
* @param t ssl transport
* @param[in] data The pem data
* @param[in] len The length
*/
void esp_transport_ssl_set_client_cert_data(esp_transport_handle_t t, const char *data, int len);
/**
* @brief Set SSL client certificate data for mutual authentication (as DER format).
* Note that, this function stores the pointer to data, rather than making a copy.
* So this data must remain valid until after the connection is cleaned up
*
* @param t ssl transport
* @param[in] data The der data
* @param[in] len The length
*/
void esp_transport_ssl_set_client_cert_data_der(esp_transport_handle_t t, const char *data, int len);
/**
* @brief Set SSL client key data for mutual authentication (as PEM format).
* Note that, this function stores the pointer to data, rather than making a copy.
* So this data must remain valid until after the connection is cleaned up
*
* @param t ssl transport
* @param[in] data The pem data
* @param[in] len The length
*/
void esp_transport_ssl_set_client_key_data(esp_transport_handle_t t, const char *data, int len);
/**
* @brief Set SSL client key password if the key is password protected. The configured
* password is passed to the underlying TLS stack to decrypt the client key
*
* @param t ssl transport
* @param[in] password Pointer to the password
* @param[in] password_len Password length
*/
void esp_transport_ssl_set_client_key_password(esp_transport_handle_t t, const char *password, int password_len);
/**
* @brief Set SSL client key data for mutual authentication (as DER format).
* Note that, this function stores the pointer to data, rather than making a copy.
* So this data must remain valid until after the connection is cleaned up
*
* @param t ssl transport
* @param[in] data The der data
* @param[in] len The length
*/
void esp_transport_ssl_set_client_key_data_der(esp_transport_handle_t t, const char *data, int len);
/**
* @brief Set the list of supported application protocols to be used with ALPN.
* Note that, this function stores the pointer to data, rather than making a copy.
* So this data must remain valid until after the connection is cleaned up
*
* @param t ssl transport
* @param[in] alpn_porot The list of ALPN protocols, the last entry must be NULL
*/
void esp_transport_ssl_set_alpn_protocol(esp_transport_handle_t t, const char **alpn_protos);
/**
* @brief Skip validation of certificate's common name field
*
* @note Skipping CN validation is not recommended
*
* @param t ssl transport
*/
void esp_transport_ssl_skip_common_name_check(esp_transport_handle_t t);
/**
* @brief Set the server certificate's common name field
*
* @note
* If non-NULL, server certificate CN must match this name,
* If NULL, server certificate CN must match hostname.
* @param t ssl transport
* common_name A string containing the common name to be set
*/
void esp_transport_ssl_set_common_name(esp_transport_handle_t t, const char *common_name);
/**
* @brief Set the ssl context to use secure element (atecc608a) for client(device) private key and certificate
*
* @note Recommended to be used with ESP32-WROOM-32SE (which has inbuilt ATECC608A a.k.a Secure Element)
*
* @param t ssl transport
*/
void esp_transport_ssl_use_secure_element(esp_transport_handle_t t);
/**
* @brief Set the ds_data handle in ssl context.(used for the digital signature operation)
*
* @param t ssl transport
* ds_data the handle for ds data params
*/
void esp_transport_ssl_set_ds_data(esp_transport_handle_t t, void *ds_data);
/**
* @brief Set PSK key and hint for PSK server/client verification in esp-tls component.
* Important notes:
* - This function stores the pointer to data, rather than making a copy.
* So this data must remain valid until after the connection is cleaned up
* - ESP_TLS_PSK_VERIFICATION config option must be enabled in menuconfig
* - certificate verification takes priority so it must not be configured
* to enable PSK method.
*
* @param t ssl transport
* @param[in] psk_hint_key psk key and hint structure defined in esp_tls.h
*/
void esp_transport_ssl_set_psk_key_hint(esp_transport_handle_t t, const psk_hint_key_t* psk_hint_key);
/**
* @brief Set keep-alive status in current ssl context
*
* @param[in] t ssl transport
* @param[in] keep_alive_cfg The handle for keep-alive configuration
*/
void esp_transport_ssl_set_keep_alive(esp_transport_handle_t t, esp_transport_keep_alive_t *keep_alive_cfg);
/**
* @brief Set name of interface that socket can be binded on
* So the data can transport on this interface
*
* @param[in] t The transport handle
* @param[in] if_name The interface name
*/
void esp_transport_ssl_set_interface_name(esp_transport_handle_t t, struct ifreq *if_name);
#ifdef __cplusplus
}
#endif
#endif /* _ESP_TRANSPORT_SSL_H_ */