1 /** 2 * @file 3 * Application layered TCP/TLS connection API (to be used from TCPIP thread) 4 * 5 * @defgroup altcp_tls TLS layer 6 * @ingroup altcp 7 * This file contains function prototypes (not implemented) for a TLS layer. 8 * You must make a port to your architecture for this to work. 9 */ 10 11 /* 12 * Copyright (c) 2017 Simon Goldschmidt 13 * All rights reserved. 14 * 15 * Redistribution and use in source and binary forms, with or without modification, 16 * are permitted provided that the following conditions are met: 17 * 18 * 1. Redistributions of source code must retain the above copyright notice, 19 * this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright notice, 21 * this list of conditions and the following disclaimer in the documentation 22 * and/or other materials provided with the distribution. 23 * 3. The name of the author may not be used to endorse or promote products 24 * derived from this software without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 27 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 28 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT 29 * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 30 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT 31 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 34 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 35 * OF SUCH DAMAGE. 36 * 37 * This file is part of the lwIP TCP/IP stack. 38 * 39 * Author: Simon Goldschmidt <goldsimon@gmx.de> 40 * 41 */ 42 #ifndef LWIP_HDR_ALTCP_TLS_H 43 #define LWIP_HDR_ALTCP_TLS_H 44 45 #include "lwip/opt.h" 46 47 #if LWIP_ALTCP /* don't build if not configured for use in lwipopts.h */ 48 49 #if LWIP_ALTCP_TLS 50 51 #include "lwip/altcp.h" 52 53 #ifdef __cplusplus 54 extern "C" { 55 #endif 56 57 /** @ingroup altcp_tls 58 * ALTCP_TLS configuration handle, content depends on port (e.g. mbedtls) 59 */ 60 struct altcp_tls_config; 61 62 /** @ingroup altcp_tls 63 * Create an ALTCP_TLS server configuration handle prepared for multiple certificates 64 */ 65 struct altcp_tls_config *altcp_tls_create_config_server(uint8_t cert_count); 66 67 /** @ingroup altcp_tls 68 * Add a certificate to an ALTCP_TLS server configuration handle 69 */ 70 err_t altcp_tls_config_server_add_privkey_cert(struct altcp_tls_config *config, 71 const u8_t *privkey, size_t privkey_len, 72 const u8_t *privkey_pass, size_t privkey_pass_len, 73 const u8_t *cert, size_t cert_len); 74 75 /** @ingroup altcp_tls 76 * Create an ALTCP_TLS server configuration handle with one certificate 77 * (short version of calling @ref altcp_tls_create_config_server and 78 * @ref altcp_tls_config_server_add_privkey_cert) 79 */ 80 struct altcp_tls_config *altcp_tls_create_config_server_privkey_cert(const u8_t *privkey, size_t privkey_len, 81 const u8_t *privkey_pass, size_t privkey_pass_len, 82 const u8_t *cert, size_t cert_len); 83 84 /** @ingroup altcp_tls 85 * Create an ALTCP_TLS client configuration handle 86 */ 87 struct altcp_tls_config *altcp_tls_create_config_client(const u8_t *cert, size_t cert_len); 88 89 /** @ingroup altcp_tls 90 * Create an ALTCP_TLS client configuration handle with two-way server/client authentication 91 */ 92 struct altcp_tls_config *altcp_tls_create_config_client_2wayauth(const u8_t *ca, size_t ca_len, const u8_t *privkey, size_t privkey_len, 93 const u8_t *privkey_pass, size_t privkey_pass_len, 94 const u8_t *cert, size_t cert_len); 95 96 /** @ingroup altcp_tls 97 * Free an ALTCP_TLS configuration handle 98 */ 99 void altcp_tls_free_config(struct altcp_tls_config *conf); 100 101 /** @ingroup altcp_tls 102 * Free an ALTCP_TLS global entropy instance. 103 * All ALTCP_TLS configuration are linked to one altcp_tls_entropy_rng structure 104 * that handle an unique system entropy & ctr_drbg instance. 105 * This function allow application to free this altcp_tls_entropy_rng structure 106 * when all configuration referencing it were destroyed. 107 * This function does nothing if some ALTCP_TLS configuration handle are still 108 * active. 109 */ 110 void altcp_tls_free_entropy(void); 111 112 /** @ingroup altcp_tls 113 * Create new ALTCP_TLS layer wrapping an existing pcb as inner connection (e.g. TLS over TCP) 114 */ 115 struct altcp_pcb *altcp_tls_wrap(struct altcp_tls_config *config, struct altcp_pcb *inner_pcb); 116 117 /** @ingroup altcp_tls 118 * Create new ALTCP_TLS pcb and its inner tcp pcb 119 */ 120 struct altcp_pcb *altcp_tls_new(struct altcp_tls_config *config, u8_t ip_type); 121 122 /** @ingroup altcp_tls 123 * Create new ALTCP_TLS layer pcb and its inner tcp pcb. 124 * Same as @ref altcp_tls_new but this allocator function fits to 125 * @ref altcp_allocator_t / @ref altcp_new.\n 126 'arg' must contain a struct altcp_tls_config *. 127 */ 128 struct altcp_pcb *altcp_tls_alloc(void *arg, u8_t ip_type); 129 130 /** @ingroup altcp_tls 131 * Return pointer to internal TLS context so application can tweak it. 132 * Real type depends on port (e.g. mbedtls) 133 */ 134 void *altcp_tls_context(struct altcp_pcb *conn); 135 136 #ifdef __cplusplus 137 } 138 #endif 139 140 #endif /* LWIP_ALTCP_TLS */ 141 #endif /* LWIP_ALTCP */ 142 #endif /* LWIP_HDR_ALTCP_TLS_H */ 143