pal_plat_TLS.h File Reference

Server mode.

This is the list of the available cipher suites.

This code MUST be defined in the `pal_plat_TLS.c` with the proper values for the SSL platform.

Server mode.

Enumerator:

PAL_TLS_VERIFY_NONE	The peer certificate is not verified. For client mode, this is insecure!
PAL_TLS_VERIFY_OPTIONAL	The handshake continues even if the peer certificate verification fails.
PAL_TLS_VERIFY_REQUIRED	The peer certificate verification MUST pass.

Definition at line 38 of file pal_plat_TLS.h.

This is the list of the available cipher suites.

This code MUST be defined in the `pal_plat_TLS.c` with the proper values for the SSL platform.

Definition at line 49 of file pal_plat_TLS.h.

Add an entropy source to the TLS/DTLS library.

Note:

This function is available ONLY when the TLS/DTLS platform supports this functionality. In other platforms, PAL_ERR_NOT_SUPPORTED should be returned.

Parameters:

[in]

entropyCallback,:

The entropy callback to be used in the TLS/DTLS handshake.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code or PAL_ERR_NOT_SUPPORTED in case of failure.

Definition at line 282 of file pal_plat_TLS.c.

Free resources for the TLS library.

Note:

You must call this function in the general PAL cleanup function.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Try to catch the Mutex in order to prevent situation of deleteing under use mutex

Definition at line 247 of file pal_plat_TLS.c.

Destroy and release resources for the TLS context.

Parameters:

[in,out]

palTLSHandle,:

The TLS context to free.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 467 of file pal_plat_TLS.c.

Perform the TLS handshake.

Parameters:

[in]	palTLSHandle,:	The TLS context.
[out]	serverTime,:	The server time received in the server hello message during handshake.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 723 of file pal_plat_TLS.c.

Initiate a new TLS context.

Parameters:

[in]	palTLSConf,:	The TLS configuration context.
[out]	palTLSHandle,:	The index to the TLS context.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 443 of file pal_plat_TLS.c.

Initiate a new configuration context.

Parameters:

[out]	confCtx,:	The TLS configuration context.
[in]	transportVersion,:	The `palTLSTransportMode_t` type deciding the transportation version, for example tlsv1.2.
[in]	methodType,:	The `palDTLSSide_t` type deciding the endpoint type (server or client).

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 310 of file pal_plat_TLS.c.

Initiate the TLS library.

This API is not required for each TLS library. For example, for mbed TLS it will be an empty function.

Note:

You must call this function in the general PAL initialization function.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 207 of file pal_plat_TLS.c.

Perform the TLS handshake renegotiation.

Parameters:

[in]	palTLSHandle,:	The TLS context.
[in]	serverTime,:	The server time used to update the TLS time during handshake renegotiation.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

need to change the code for multi-threading mode (Erez)

Definition at line 751 of file pal_plat_TLS.c.

Set the certificate verification mode.

Parameters:

[in]	sslConf,:	The TLS configuration context.
[in]	authMode,:	The authentication mode.

Note:

In some platforms, a verification callback MAY be needed. In this case, it must be provided by the porting side.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 489 of file pal_plat_TLS.c.

Set the data required to verify a peer certificate.

Parameters:

[in]	palTLSConf,:	The TLS configuration context.
[in]	caChain,:	The trusted CA chain.
[in]	caCRL,:	The trusted CA CRLs.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 884 of file pal_plat_TLS.c.

Set the supported cipher suites to the configuration context.

Parameters:

[in]	sslConf,:	The TLS configuration context.
[in]	palSuite,:	The supported cipher suites to be added.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 516 of file pal_plat_TLS.c.

Set the retransmit timeout values for the DTLS handshake. DTLS only, no effect on TLS.

Parameters:

[in]	palTLSConf,:	The DTLS configuration context.
[in]	timeoutInMilliSec,:	The maximum timeout value in milliseconds.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

faster dividing by 2

Since mbedTLS algorithm for UDP handshake algorithm is as follow: wait 'minTimeout' ..=> 'minTimeout = 2*minTimeout' while 'minTimeout < maxTimeout' if 'minTimeout >= maxTimeout' them wait 'maxTimeout'. The whole waiting time is the sum of the different intervals waited. Therefore we need divide the 'timeoutInMilliSec' by 2 to give a close approximation of the desired 'timeoutInMilliSec' 1 + 2 + ... + 'timeoutInMilliSec/2' ~= 'timeoutInMilliSec'

Definition at line 658 of file pal_plat_TLS.c.

Set the logging function.

Parameters:

[in]	palTLSConf,:	The TLS configuration context.
[in]	palLogFunction,:	A pointer to the logging function.
[in]	logContext,:	The context for the logging function.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 980 of file pal_plat_TLS.c.

Set your own certificate chain and private key.

Parameters:

[in]	palTLSConf,:	The TLS configuration context.
[in]	ownCert,:	Your own public certificate chain.
[in]	privateKey,:	Your own private key.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 798 of file pal_plat_TLS.c.

Set your own certificate chain.

Parameters:

[in]	palTLSConf,:	The TLS configuration context.
[in]	ownCert,:	Your own public certificate chain.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 857 of file pal_plat_TLS.c.

Set your own private key.

Parameters:

[in]	palTLSConf,:	The TLS configuration context.
[in]	privateKey,:	Your own private key.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 834 of file pal_plat_TLS.c.

Set the Pre-Shared Key (PSK) and the expected identity name.

Parameters:

[in]	sslConf,:	The TLS configuration context.
[in]	identity,:	A pointer to the PSK identity.
[in]	maxIdentityLenInBytes,:	The maximum length of the identity key in bytes.
[in]	psk,:	A pointer to the PSK.
[in]	maxPskLenInBytes,:	The maximum length of the PSK in bytes.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 906 of file pal_plat_TLS.c.

Set the timer callbacks.

Parameters:

[in]	palTLSHandle,:	The TLS context.
[in]	timerCtx,:	The shared context by BIO callbacks.
[in]	setTimer,:	The set timer callback.
[in]	getTimer,:	The get timer callback.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Return the result of the certificate verification. The handshake API calls this.

Parameters:

[in]	palTLSHandle,:	The TLS context.
[out]	verifyResult,:	bitmask of errors that cause the failure. This value is relevant ONLY in case the return value of the function is `PAL_ERR_X509_CERT_VERIFY_FAILED`.

Note:

In case the platform doesn't support multipule errors for certificate verification, please return `PAL_ERR_X509_CERT_VERIFY_FAILED` and the reason should be specified in the `verifyResult`

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

please DO NOT change errors order

Definition at line 554 of file pal_plat_TLS.c.

Read at most 'len' application data bytes.

Parameters:

[in]	palTLSHandle,:	The TLS context.
[out]	buffer,:	A buffer holding the data.
[in]	len,:	The maximum number of bytes to read.
[out]	actualLen,:	The actual number of bytes read.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 602 of file pal_plat_TLS.c.

Turn the TLS library debugging on or off for the given configuration handle.

The logs are sent via the mbedTrace. In case of release mode, an error will be returned.

Parameters:

[in]	palTLSConf	: the TLS confuguraiton to modify
[in]	turnOn,:	if greater than 0 turn on debugging, otherwise turn it off

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 964 of file pal_plat_TLS.c.

Set the IO callbacks for the TLS context.

Parameters:

[in]	palTLSConf,:	The TLS configuration context.
[in]	palIOCtx,:	The shared context by BIO callbacks.
[in]	palBIOSend,:	A pointer to send BIO function.
[in]	palBIORecv,:	A pointer to receive BIO function.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 936 of file pal_plat_TLS.c.

Set up a TLS context for use.

Parameters:

[in,out]	palTLSHandle,:	The TLS context.
[in]	palTLSConf,:	The TLS configuration context.

Returns:

The function returns `palTLSHandle_t`, the index to the TLS context.

Definition at line 682 of file pal_plat_TLS.c.

Try to write exactly 'len' application data bytes.

Parameters:

[in]	palTLSHandle,:	The TLS context.
[in]	buffer,:	A buffer holding the data.
[in]	len,:	The number of bytes to be written.
[out]	bytesWritten,:	The number of bytes actually written.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 630 of file pal_plat_TLS.c.

Destroy and release resources for the TLS configuration context.

Parameters:

[in,out]

palTLSConf,:

The TLS configuration context to free.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 406 of file pal_plat_TLS.c.

Set the socket for the TLS configuration context.

Parameters:

[in]	palTLSConf,:	The TLS configuration context.
[in]	socket,:	The socket for the TLS context.

Returns:

PAL_SUCCESS on success. A negative value indicating a specific error code in case of failure.

Definition at line 928 of file pal_plat_TLS.c.