XDK API  3.6.0
Documentation
Data Structures | Macros | Typedefs | Enumerations | Functions
Serval_Security.h File Reference

Security configurations of the library. More...

#include <Serval_Defines.h>
#include <Serval_Msg.h>
#include <Serval_Basics.h>
#include <Serval_MsgSendingCtx.h>
+ Include dependency graph for Serval_Security.h:
+ This graph shows which files directly or indirectly include this file:

Data Structures

struct  CaData_S
 
struct  CiphersData_S
 
struct  CurrentTimeData_S
 
struct  InputBuffer_S
 
struct  OutputBuffer_S
 
struct  OwnCertificateData_S
 
struct  PeerData_S
 
struct  PeerKeyAndIdData_S
 
struct  PeerNameData_S
 
union  SecurityData_U
 
struct  SecurityToken_S
 
struct  ServerIdHintData_S
 

Macros

#define DTLS_RETRANSMISSION_MONITOR_INTERVAL   1000
 
#define SERVAL_CYCURTLS_HANDSHAKE_BUFFER_SIZE   250
 
#define SERVAL_ENABLE_DTLS_PARALLEL_HANDSHAKE   1
 
#define SERVAL_TEST_DTLS   0
 
#define UNIX_TIMESTAMP_OFFSET   2208988800
 

Typedefs

typedef struct CaData_S CaData_T
 
typedef struct CiphersData_S CiphersData_T
 
typedef struct CurrentTimeData_S CurrentTimeData_T
 
typedef struct InputBuffer_S InputBuffer_T
 
typedef struct OutputBuffer_S OutputBuffer_T
 
typedef struct OwnCertificateData_S OwnCertificateData_T
 
typedef struct PeerData_S PeerData_T
 
typedef struct PeerKeyAndIdData_S PeerKeyAndIdData_T
 
typedef struct PeerNameData_S PeerNameData_T
 
typedef retcode_t(* SecurityCallback_T )(SecurityToken_T token, SecurityData_T *tokenData)
 
typedef enum SecurityConnection_e SecurityConnection_t
 
typedef union SecurityData_U SecurityData_T
 
typedef enum SecurityDeviceRole_e SecurityDeviceRole_t
 
typedef struct SecurityToken_S SecurityToken_T
 
typedef enum SecurityTokenType_e SecurityTokenType_t
 
typedef struct ServerIdHintData_S ServerIdHintData_T
 

Enumerations

enum  SecureConnectionState_T
 
enum  SecurityConnection_e
 
enum  SecurityDeviceRole_e
 
enum  SecurityTokenType_e
 

Functions

void Security_setCallback (SecurityCallback_T securityCallback)
 
static retcode_t Serval_copyToOutputBuffer (OutputBuffer_T *buffer, const char *data, uint16_t len)
 

Detailed Description

This header contains the security configurations which the user can use to customize the security settings and resources of the library.

Macro Definition Documentation

#define DTLS_RETRANSMISSION_MONITOR_INTERVAL   1000

Set the number of retries for a particular flight until giving up. Setting this parameter to 0 disables retries completely. Note that this could lead to poor performance if packet loss is possible on the transmission link and not mitigated through other means. Defines the interval in ms with which the resource monitor checks for DTLS timeouts. Only relevant if SERVAL_DTLS_FLIGHT_MAX_RETRIES > 0 and DTLS is enabled

#define SERVAL_CYCURTLS_HANDSHAKE_BUFFER_SIZE   250
#define SERVAL_ENABLE_DTLS_PARALLEL_HANDSHAKE   1

Enable SERVAL_ENABLE_DTLS_PARALLEL_HANDSHAKE in order to enable parallel processing of multiple Handshakes. If not enabled DTLS handshakes are processed in sequential manner.

#define SERVAL_TEST_DTLS   0

Enable SERVAL_TEST_DTLS in order to enable the Datagram Transport Layer Security (dTLS) Testmode this is only temporary used and will be removed

#define UNIX_TIMESTAMP_OFFSET   2208988800

Typedef Documentation

typedef struct CaData_S CaData_T
typedef struct CiphersData_S CiphersData_T
typedef struct InputBuffer_S InputBuffer_T
typedef struct PeerData_S PeerData_T
typedef retcode_t(* SecurityCallback_T)(SecurityToken_T token, SecurityData_T *tokenData)

NOTE: this is a preliminary API implementation. This is subject to changes in future releases

Callback function used to obtain security information such as pre-shared-keys, certificates, etc.

Parameters
[in]tokenThe type of token that is requested. The token.type field determines the data type of tokenData. The other fields in token determine the validity of fields in that data type and provide additional information to the application about the type of connection involved.

The mapping of the token.type field to data types of tokenData is CIPHERS -> CiphersData_T, PSK_SERVER_ID_HINT -> ServerIdHintData_T, PSK_PEER_KEY_AND_ID -> PeerKeyAndIdData_T, CRT_PEER_NAME -> PeerNameData_T, CRT_CA -> CaData_T, CRT_OWN_CERTIFICATE -> OwnCertificateData_T,

Parameters
in/out]tokenData Token data contains additional data to help identify what to provide to the implementation as well as everything required to actually provide this data. An application implementing the callback is expected to cast token data to a type depending on the type field of the provided token.

The data that is provided in output buffers must be in a format that the underlying SSL implementation can understand. No conversion is performed.

Returns
RC_OK if the token was provided RC_DTLS_TOKEN_NOT_PROVIDED if the application does not want to provide the token (e.g. client certificate) RC_DTLS_PEER_REJECTED if the application does not want to communicate with that peer RC_DTLS_UNSUPPORTED_TOKEN if the token type cannot be provided by the application RC_DTLS_INSUFFICIENT_MEMORY if the token does not fit into the allocated space
Since
1.7

Enumeration Type Documentation

Enable SERVAL_ENABLE_DTLS_PSK in order to enable pre-shared keys key exchange/creation in DTLS. Enable SERVAL_ENABLE_DTLS_ECC in order to enable elliptic curves key exchange/creation in DTLS. define the timeout in ms for garbage collection of secure connections of DTLS server. it should be a Multiple of RESOURCE_MONITOR_PERIODE of 0, if disabled (server application must clean up by itself) Enum for DTLS Connection States (used i.e. for getSecureConnectionState() )

Enumerator
SECURE_STATE_FREE 

Connection is free

SECURE_STATE_IN_NEGOTIATION 

Connection is in negotiation handshake

SECURE_STATE_WAIT_ESTABLISHED 

Connection is established in view of cyassl, but send callback is pending

SECURE_STATE_ESTABLISHED 

Connection is established, normal app data can be send/rceived

SECURE_STATE_HALFCLOSED 

Connection is in teardown handshake

SECURE_STATE_CLOSING 

Connection teardown handshake ready but socket still not closed

Enumerator
TLS 
DTLS 
Enumerator
SERVER 
CLIENT 
Enumerator
CURRENT_TIME 
CIPHERS 
PSK_SERVER_ID_HINT 
PSK_PEER_KEY_AND_ID 
CRT_PEER_NAME 
CRT_CA 
CRT_OWN_CERTIFICATE 

Function Documentation

void Security_setCallback ( SecurityCallback_T  securityCallback)

WARNING: this is a preliminary API implementation. This is subject to changes in future releases

This function sets the security callback which is called whenever security information, such as keys, certificates, etc., must be provided to the application.

Parameters
[in]securityCallbackthe callback to be executed to ask the application for security-related information
See also
SecurityCallback_T
Since
1.7
static retcode_t Serval_copyToOutputBuffer ( OutputBuffer_T buffer,
const char *  data,
uint16_t  len 
)
inlinestatic

All rights reserved. The use is subject to the XDK SDK EULA by Bosch Connected Devices and Solutions GmbH.
This documentation file has been automatically generated on Thu Mar 14 2019 19:12:46 by doxygen 1.8.8