Network Services API
1.40.00.04
|
TLS Abstraction Layer. More...
Typedefs | |
typedef void * | TLS_Handle |
Functions | |
TLS_Handle | TLS_create (TLS_Method method) |
Allocate and initialize a new TLS context and return its handle. More... | |
void | TLS_delete (TLS_Handle *tls) |
Destroy the TLS context instance and free the previously allocated instance object. More... | |
int | TLS_setCertFile (TLS_Handle tls, TLS_Cert_Type type, TLS_Cert_Format format, const char *filePath) |
Set the certificate files required for TLS handshake. More... | |
int | TLS_setCertBuf (TLS_Handle tls, TLS_Cert_Type type, TLS_Cert_Format format, uint8_t *buf, uint32_t buflen) |
Set the certificate buffers required for TLS handshake. More... | |
int | TLS_writeDerFile (uint8_t *buf, uint32_t buflen, TLS_Cert_Format format, const char *filePath) |
Convert and write DER encoded certificate buffers to file system. More... | |
int | TLS_writePemFile (uint8_t *buf, uint32_t buflen, TLS_Cert_Type type, TLS_Cert_Format format, const char *filePath) |
write PEM encoded certificate buffers to file system More... | |
TLS Error Codes | |
#define | TLS_EINVALIDPARAMS (-11) |
Input parameters are invalid. More... | |
#define | TLS_ENOTSUPPORTED (-12) |
This feature is not supported on the network stack. More... | |
#define | TLS_EALLOCFAIL (-13) |
Not enough heap to allocate required memory. More... | |
#define | TLS_ECERTLOADFAIL (-14) |
Loading the certificate on SSL stack failed. More... | |
#define | TLS_ECERTWRITEFAIL (-15) |
Writing the certificate to filesystem failed. More... | |
TLS Method | |
enum | TLS_Method { TLS_METHOD_CLIENT_TLSV1 = 1, TLS_METHOD_CLIENT_TLSV1_1, TLS_METHOD_CLIENT_TLSV1_2, TLS_METHOD_SERVER_TLSV1, TLS_METHOD_SERVER_TLSV1_1, TLS_METHOD_SERVER_TLSV1_2 } |
typedef enum TLS_Method | TLS_Method |
TLS Certificate Type | |
enum | TLS_Cert_Type { TLS_CERT_TYPE_CA = 1, TLS_CERT_TYPE_CERT, TLS_CERT_TYPE_KEY, TLS_CERT_TYPE_DH_KEY } |
typedef enum TLS_Cert_Type | TLS_Cert_Type |
TLS Certificate Format | |
enum | TLS_Cert_Format { TLS_CERT_FORMAT_DER = 1, TLS_CERT_FORMAT_PEM } |
typedef enum TLS_Cert_Format | TLS_Cert_Format |
TLS Abstraction Layer.
This module provides a simple portable interface to create and delete TLS contexts for various TLS layers like SimpleLink WiFi TLS and WolfSSL. These contexts can be shared with supported networking protocols like HTTP, MQTT and other protocols which require TLS and are connecting to the same host server.
The certificates can be provided either as a buffer input or as a string containing the certificate paths on the file system.
The file system based approach is supported only for TI-RTOS/SimpleLink WiFi and Linux/Sitara devices. The certificates can be set by providing the certificate file path using TLS_setCertFile().
The buffer based approach is supported only for TI-RTOS/NDK and Linux/Sitara devices. The certificates can be set by providing the certificate buffers using TLS_setCertBuf().
Additionally, for TI-RTOS/SimpleLink WiFi and Linux/Sitara devices certificate buffers can be written to file system using TLS_writeDerFile() and set using TLS_setCertFile().
A brief usage of TLS APIs is shown below as pseudo codes for different supported platforms
TI-RTOS/SimpleLink WiFi and Linux/Sitara (make sure file path is accessible):
TI-RTOS/NDK and Linux/Sitara:
#define TLS_EINVALIDPARAMS (-11) |
Input parameters are invalid.
#define TLS_ENOTSUPPORTED (-12) |
This feature is not supported on the network stack.
#define TLS_EALLOCFAIL (-13) |
Not enough heap to allocate required memory.
#define TLS_ECERTLOADFAIL (-14) |
Loading the certificate on SSL stack failed.
#define TLS_ECERTWRITEFAIL (-15) |
Writing the certificate to filesystem failed.
typedef enum TLS_Method TLS_Method |
typedef enum TLS_Cert_Type TLS_Cert_Type |
typedef enum TLS_Cert_Format TLS_Cert_Format |
typedef void* TLS_Handle |
enum TLS_Method |
enum TLS_Cert_Type |
enum TLS_Cert_Format |
TLS_Handle TLS_create | ( | TLS_Method | method | ) |
Allocate and initialize a new TLS context and return its handle.
[in] | method | TLS version (see TLS_Method) |
void TLS_delete | ( | TLS_Handle * | tls | ) |
Destroy the TLS context instance and free the previously allocated instance object.
[in] | tls | Pointer to the TLS context instance |
int TLS_setCertFile | ( | TLS_Handle | tls, |
TLS_Cert_Type | type, | ||
TLS_Cert_Format | format, | ||
const char * | filePath | ||
) |
Set the certificate files required for TLS handshake.
It takes the path to a valid certificate on the file system as input.
[in] | tls | TLS context instance |
[in] | type | Certificate type as defined in TLS_Cert_Type |
[in] | format | Certificate format as defined in TLS_Cert_Format |
[in] | filePath | Path to the certificate on the file system. Note, the string has to be persistent throughout the life-cycle of the TLS context. |
int TLS_setCertBuf | ( | TLS_Handle | tls, |
TLS_Cert_Type | type, | ||
TLS_Cert_Format | format, | ||
uint8_t * | buf, | ||
uint32_t | buflen | ||
) |
Set the certificate buffers required for TLS handshake.
It takes a valid certificate buffer as input and loads it on the TLS context.
[in] | tls | TLS context instance |
[in] | type | Certificate type as defined in TLS_Cert_Type |
[in] | format | Certificate format as defined in TLS_Cert_Format |
[in] | buf | Certificate buffer |
[in] | buflen | Length of 'buf' buffer |
int TLS_writeDerFile | ( | uint8_t * | buf, |
uint32_t | buflen, | ||
TLS_Cert_Format | format, | ||
const char * | filePath | ||
) |
Convert and write DER encoded certificate buffers to file system.
It takes a valid certificate buffer as input, converts it to DER encoding if the input buffer is in PEM encoding and writes to file system to the location provided as input.
[in] | buf | Certificate buffer |
[in] | buflen | Length of 'buf' buffer |
[in] | format | Certificate format as defined in TLS_Cert_Format |
[in] | filePath | Path to write the certificate on the file system with ".der" extension. Note, the string has to be persistent throughout the life-cycle of the TLS context. |
int TLS_writePemFile | ( | uint8_t * | buf, |
uint32_t | buflen, | ||
TLS_Cert_Type | type, | ||
TLS_Cert_Format | format, | ||
const char * | filePath | ||
) |
write PEM encoded certificate buffers to file system
It takes a valid certificate buffer in PEM format as input, and writes to file system to the location provided as input.
The PEM certificate buffer should include headers and footers. For example, the certificates should begin and end with:
-----BEGIN CERTIFICATE-----\n -----END CERTIFICATE-----\n
Each of the header, certificate data and footer line in the buffer should be terminated by a newline character.
[in] | buf | Certificate buffer |
[in] | buflen | Length of 'buf' buffer |
[in] | type | Certificate type as defined in TLS_Cert_Type |
[in] | format | Certificate format as defined in TLS_Cert_Format |
[in] | filePath | Path to write the certificate on the file system with ".pem" extension. Note, the string has to be persistent throughout the life-cycle of the TLS context. |