423e600d46
* Replaced crypotoauthlib with esp-cryptoauthlib * Added menuconfig option for esp-tls about using HSM * Added error codes for HSM in esp-tls, * Added support to select different type of ATECC608A chips * Added README, updated docs * tcp_transport: Added option to enable secure_element for ssl Closes https://github.com/espressif/esp-idf/issues/4432
163 lines
6.2 KiB
C
163 lines
6.2 KiB
C
// Copyright 2015-2018 Espressif Systems (Shanghai) PTE LTD
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
#ifndef _ESP_TRANSPORT_SSL_H_
|
|
#define _ESP_TRANSPORT_SSL_H_
|
|
|
|
#include "esp_transport.h"
|
|
#include "esp_tls.h"
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
|
|
/**
|
|
* @brief Create new SSL transport, the transport handle must be release esp_transport_destroy callback
|
|
*
|
|
* @return the allocated esp_transport_handle_t, or NULL if the handle can not be allocated
|
|
*/
|
|
esp_transport_handle_t esp_transport_ssl_init(void);
|
|
|
|
/**
|
|
* @brief Set SSL certificate data (as PEM format).
|
|
* Note that, this function stores the pointer to data, rather than making a copy.
|
|
* So this data must remain valid until after the connection is cleaned up
|
|
*
|
|
* @param t ssl transport
|
|
* @param[in] data The pem data
|
|
* @param[in] len The length
|
|
*/
|
|
void esp_transport_ssl_set_cert_data(esp_transport_handle_t t, const char *data, int len);
|
|
|
|
/**
|
|
* @brief Set SSL certificate data (as DER format).
|
|
* Note that, this function stores the pointer to data, rather than making a copy.
|
|
* So this data must remain valid until after the connection is cleaned up
|
|
*
|
|
* @param t ssl transport
|
|
* @param[in] data The der data
|
|
* @param[in] len The length
|
|
*/
|
|
void esp_transport_ssl_set_cert_data_der(esp_transport_handle_t t, const char *data, int len);
|
|
|
|
/**
|
|
* @brief Enable global CA store for SSL connection
|
|
*
|
|
* @param t ssl transport
|
|
*/
|
|
void esp_transport_ssl_enable_global_ca_store(esp_transport_handle_t t);
|
|
|
|
/**
|
|
* @brief Set SSL client certificate data for mutual authentication (as PEM format).
|
|
* Note that, this function stores the pointer to data, rather than making a copy.
|
|
* So this data must remain valid until after the connection is cleaned up
|
|
*
|
|
* @param t ssl transport
|
|
* @param[in] data The pem data
|
|
* @param[in] len The length
|
|
*/
|
|
void esp_transport_ssl_set_client_cert_data(esp_transport_handle_t t, const char *data, int len);
|
|
|
|
/**
|
|
* @brief Set SSL client certificate data for mutual authentication (as DER format).
|
|
* Note that, this function stores the pointer to data, rather than making a copy.
|
|
* So this data must remain valid until after the connection is cleaned up
|
|
*
|
|
* @param t ssl transport
|
|
* @param[in] data The der data
|
|
* @param[in] len The length
|
|
*/
|
|
void esp_transport_ssl_set_client_cert_data_der(esp_transport_handle_t t, const char *data, int len);
|
|
|
|
/**
|
|
* @brief Set SSL client key data for mutual authentication (as PEM format).
|
|
* Note that, this function stores the pointer to data, rather than making a copy.
|
|
* So this data must remain valid until after the connection is cleaned up
|
|
*
|
|
* @param t ssl transport
|
|
* @param[in] data The pem data
|
|
* @param[in] len The length
|
|
*/
|
|
void esp_transport_ssl_set_client_key_data(esp_transport_handle_t t, const char *data, int len);
|
|
|
|
/**
|
|
* @brief Set SSL client key password if the key is password protected. The configured
|
|
* password is passed to the underlying TLS stack to decrypt the client key
|
|
*
|
|
* @param t ssl transport
|
|
* @param[in] password Pointer to the password
|
|
* @param[in] password_len Password length
|
|
*/
|
|
void esp_transport_ssl_set_client_key_password(esp_transport_handle_t t, const char *password, int password_len);
|
|
|
|
/**
|
|
* @brief Set SSL client key data for mutual authentication (as DER format).
|
|
* Note that, this function stores the pointer to data, rather than making a copy.
|
|
* So this data must remain valid until after the connection is cleaned up
|
|
*
|
|
* @param t ssl transport
|
|
* @param[in] data The der data
|
|
* @param[in] len The length
|
|
*/
|
|
void esp_transport_ssl_set_client_key_data_der(esp_transport_handle_t t, const char *data, int len);
|
|
|
|
/**
|
|
* @brief Set the list of supported application protocols to be used with ALPN.
|
|
* Note that, this function stores the pointer to data, rather than making a copy.
|
|
* So this data must remain valid until after the connection is cleaned up
|
|
*
|
|
* @param t ssl transport
|
|
* @param[in] alpn_porot The list of ALPN protocols, the last entry must be NULL
|
|
*/
|
|
void esp_transport_ssl_set_alpn_protocol(esp_transport_handle_t t, const char **alpn_protos);
|
|
|
|
/**
|
|
* @brief Skip validation of certificate's common name field
|
|
*
|
|
* @note Skipping CN validation is not recommended
|
|
*
|
|
* @param t ssl transport
|
|
*/
|
|
void esp_transport_ssl_skip_common_name_check(esp_transport_handle_t t);
|
|
|
|
/**
|
|
* @brief Set the ssl context to use secure element (atecc608a) for client(device) private key and certificate
|
|
*
|
|
* @note Recommended to be used with ESP32-WROOM-32SE (which has inbuilt ATECC608A a.k.a Secure Element)
|
|
*
|
|
* @param t ssl transport
|
|
*/
|
|
void esp_transport_ssl_use_secure_element(esp_transport_handle_t t);
|
|
|
|
/**
|
|
* @brief Set PSK key and hint for PSK server/client verification in esp-tls component.
|
|
* Important notes:
|
|
* - This function stores the pointer to data, rather than making a copy.
|
|
* So this data must remain valid until after the connection is cleaned up
|
|
* - ESP_TLS_PSK_VERIFICATION config option must be enabled in menuconfig
|
|
* - certificate verification takes priority so it must not be configured
|
|
* to enable PSK method.
|
|
*
|
|
* @param t ssl transport
|
|
* @param[in] psk_hint_key psk key and hint structure defined in esp_tls.h
|
|
*/
|
|
void esp_transport_ssl_set_psk_key_hint(esp_transport_handle_t t, const psk_hint_key_t* psk_hint_key);
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
#endif /* _ESP_TRANSPORT_SSL_H_ */
|
|
|