| b.liu | d440f9f | 2025-04-18 10:44:31 +0800 | [diff] [blame^] | 1 | /*-----------------------------------------------------------------------------------------------*/
|
| 2 | /**
|
| 3 | @file mbtk_mbedtls.h
|
| 4 | @brief MBEDTLS API
|
| 5 | */
|
| 6 | /*-----------------------------------------------------------------------------------------------*/
|
| 7 |
|
| 8 | /*-------------------------------------------------------------------------------------------------
|
| 9 | Copyright (c) 2024 mobiletek Wireless Solution, Co., Ltd. All Rights Reserved.
|
| 10 | mobiletek Wireless Solution Proprietary and Confidential.
|
| 11 | -------------------------------------------------------------------------------------------------*/
|
| 12 |
|
| 13 | /*-------------------------------------------------------------------------------------------------
|
| 14 | EDIT HISTORY
|
| 15 | This section contains comments describing changes made to the file.
|
| 16 | Notice that changes are listed in reverse chronological order.
|
| 17 | $Header: $
|
| 18 | when who what, where, why
|
| 19 | -------- --------- -----------------------------------------------------------------
|
| 20 | 20250409 yq.wang Created .
|
| 21 | -------------------------------------------------------------------------------------------------*/
|
| 22 | #ifndef __MBTK_MBEDTLS_H__
|
| 23 | #define __MBTK_MBEDTLS_H__
|
| 24 | #include <stdbool.h>
|
| 25 |
|
| 26 | #include <mbedtls/ssl.h>
|
| 27 | #include <mbedtls/entropy.h>
|
| 28 | #include <mbedtls/ctr_drbg.h>
|
| 29 | #include <mbedtls/error.h>
|
| 30 | #include <mbedtls/debug.h>
|
| 31 | #include <mbedtls/x509_crt.h>
|
| 32 | #include <mbedtls/pk.h>
|
| 33 | #include <mbedtls/ssl.h>
|
| 34 | #include <mbedtls/net_sockets.h>
|
| 35 |
|
| 36 | #define MBTK_MBEDTLS_SSL_IS_CLIENT MBEDTLS_SSL_IS_CLIENT
|
| 37 | #define MBTK_MBEDTLS_SSL_IS_SERVER MBEDTLS_SSL_IS_SERVER
|
| 38 |
|
| 39 | #define MBTK_MBEDTLS_SSL_TRANSPROT_STREAM MBEDTLS_SSL_TRANSPORT_STREAM
|
| 40 | #define MBTK_MBEDTLS_SSL_TRANSPROT_DATAGRAM MBEDTLS_SSL_TRANSPORT_DATAGRAM
|
| 41 |
|
| 42 | #define MBTK_MBEDTLS_SSL_PRESET_DEFAULT MBEDTLS_SSL_PRESET_DEFAULT
|
| 43 | #define MBTK_MBEDTLS_SSL_PRESET_SUITEB MBEDTLS_SSL_PRESET_SUITEB
|
| 44 |
|
| 45 | #define MBTK_MBEDTLS_SSL_VERIFY_NONE MBEDTLS_SSL_VERIFY_NONE
|
| 46 | #define MBTK_MBEDTLS_SSL_VERIFY_OPTIONAL MBEDTLS_SSL_VERIFY_OPTIONAL
|
| 47 | #define MBTK_MBEDTLS_SSL_VERIFY_REQUIRED MBEDTLS_SSL_VERIFY_REQUIRED
|
| 48 |
|
| 49 | #define MBTK_MBEDTLS_SSL_RENEGOTIATION_ENABLED MBEDTLS_SSL_RENEGOTIATION_ENABLED
|
| 50 | #define MBTK_MBEDTLS_SSL_RENEGOTIATION_DISABLED MBEDTLS_SSL_RENEGOTIATION_DISABLED
|
| 51 |
|
| 52 | #define MBTK_MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
|
| 53 | #define MBTK_MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
|
| 54 | #define MBTK_MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
|
| 55 |
|
| 56 | #define MBTK_MBEDTLS_SSL_MINOR_VERSION_2 MBEDTLS_SSL_MINOR_VERSION_2
|
| 57 | #define MBTK_MBEDTLS_SSL_MINOR_VERSION_3 MBEDTLS_SSL_MINOR_VERSION_3
|
| 58 | #define MBTK_MBEDTLS_SSL_MINOR_VERSION_4 MBEDTLS_SSL_MINOR_VERSION_4
|
| 59 |
|
| 60 | #define MBTK_MBEDTLS_SSL_MD_MD5 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_MD5)
|
| 61 | #define MBTK_MBEDTLS_SSL_MD_SHA1 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1)
|
| 62 | #define MBTK_MBEDTLS_SSL_MD_SHA224 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA224)
|
| 63 | #define MBTK_MBEDTLS_SSL_MD_SHA256 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA256)
|
| 64 | #define MBTK_MBEDTLS_SSL_MD_SHA384 MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384)
|
| 65 |
|
| 66 | typedef enum {
|
| 67 | MBTK_MBEDTLS_SSL_RESULT_SUCCESS = 0,
|
| 68 | MBTK_MBEDTLS_SSL_RESULT_FAIL
|
| 69 | }mbtk_mbedtls_ssl_result_e;
|
| 70 |
|
| 71 | typedef struct {
|
| 72 | int fd;
|
| 73 | mbedtls_entropy_context *entropy;
|
| 74 | mbedtls_ctr_drbg_context *ctr_drbg;
|
| 75 | mbedtls_ssl_context *ssl;
|
| 76 | mbedtls_ssl_config *conf;
|
| 77 | mbedtls_x509_crt *cacert;
|
| 78 | mbedtls_x509_crt *clientcert;
|
| 79 | mbedtls_pk_context *clientkey;
|
| 80 | } mbtk_mbedtls_ssl_info_s;
|
| 81 |
|
| 82 | typedef struct {
|
| 83 | bool load_cert; /* Whether to load the certificate */
|
| 84 | const char *ca_file; /* the file with the CA certificate(s) */
|
| 85 | const char *crt_file; /* the file with the client certificate */
|
| 86 | const char *key_file; /* the file with the client key */
|
| 87 | const unsigned char *pers_str; /* Personalized string, distinguish between different application scenarios of random number sequence */
|
| 88 | int pers_str_size; /* Personalized string length */
|
| 89 | int type; /* Client/server */
|
| 90 | int transprot; /* Transport protocol */
|
| 91 | int preset; /* The default security configuration level */
|
| 92 | int auth_mode; /* Set the certificate authentication mode for SSL/TLS connections */
|
| 93 | int renegotiation; /* Enables or disables the session renegotiation function */
|
| 94 | int allow_legacy; /* Controls whether to enable compatibility support for TLS renegotiation of earlier versions */
|
| 95 | int min_version; /* minimum protocol version accepted */
|
| 96 | int max_version; /* maximum protocol version accepted */
|
| 97 | uint32_t allowed_mds; /* List of allowed hashing algorithms (e.g. SHA-256) */
|
| 98 | }mbtk_mbedtls_ssl_options_s;
|
| 99 |
|
| 100 | mbtk_mbedtls_ssl_result_e mbtk_mbedtls_ssl_options_default(mbtk_mbedtls_ssl_options_s *opt);
|
| 101 | int mbtk_mbedtls_ssl_write(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
|
| 102 | int mbtk_mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
|
| 103 | mbtk_mbedtls_ssl_result_e mbtk_mbedtls_ssl_init(int fd , mbtk_mbedtls_ssl_options_s *opt, mbtk_mbedtls_ssl_info_s* inter_info);
|
| 104 | mbtk_mbedtls_ssl_result_e mbtk_mbedtls_ssl_deinit(mbtk_mbedtls_ssl_info_s* inter_info);
|
| 105 |
|
| 106 | #endif
|