NetBurner 3.1
ssl.h
Go to the documentation of this file.
1 /*NB_REVISION*/
2 
3 /*NB_COPYRIGHT*/
4 
16 #ifndef _SSL_H_
17 #define _SSL_H_
18 
19 #include <nettypes.h>
20 #include <predef.h>
21 #ifndef NB_SSL_SUPPORTED
22 #error SSL/TLS cannot be used without NB_SSL_SUPPORTED. Please uncomment in 'predef.h' and recompile all libraries.
23 #endif
24 
25 #include <crypto/SharkSsl.h>
26 #include <random.h>
27 
28 /* SSL Library code */
29 /*
30  * Module: SSL library
31  * Implementing SSL in an embedded system will require some knowledge of SSL
32  * certificates. Please see the NetBurner SSL overview doc for what you need
33  * to know to get started.
34  */
35 /*
36  * SSL network functions can return all of the standard TCP errors:
37  * TCP_ERR_TIMEOUT
38  * TCP_ERR_NOCON
39  * TCP_ERR_CLOSING
40  * TCP_ERR_NOSUCH_SOCKET
41  * TCP_ERR_NONE_AVAIL
42  * TCP_ERR_CON_RESET
43  * TCP_ERR_CON_ABORT
44  */
45 
51 #define SSL_ERROR_FAILED_NEGOTIATION (-256)
52 #define SSL_ERROR_HASH_FAILED (-257)
53 #define SSL_ERROR_CERTIFICATE_UNKNOWN (-258)
54 #define SSL_ERROR_WRITE_FAIL (-259)
55 #define SSL_ERROR_CERTIFICATE_NAME_FAILED (-260)
56 #define SSL_ERROR_CERTIFICATE_VERIFY_FAILED (-261)
57 #define SSL_ERROR_NO_BUFFER (-262)
58 #define SSL_ERROR_CLIENT_NOT_EN (-263)
59 #define SSL_ERROR_SERVER_NOT_EN (-264)
60 #define SSL_ERROR_HANDSHAKE_INCOMPLETE (-265)
61 #define TLS_ERROR_FAILED_NEG_NO_DHE_PARAMS (-270)
62 #define TLS_ERROR_FAILED_DHE_NO_ALG (-271)
63 
65 #ifndef SSL_LIB_REPLACEMENT
66 /* Set this to true to see the names being tested in the certificate tests */
67 extern BOOL bPrintNamesTested;
68 #endif
69 
70 /*Functions:*/
71 /*Group:SSL server function*/
72 
73 /*SSL mirror of the TCP accept function*/
97 int SSL_accept(int fdListen, IPADDR *address, uint16_t *port, uint16_t accept_timeout, uint16_t negotiation_timeout = 0);
98 
115 BOOL IsSSLfd(int fd);
116 
134 
143 int SSL_GetSocketInterface(int fd);
144 
161 uint16_t SSL_GetSocketRemotePort(int fd);
162 
180 
197 uint16_t SSL_GetSocketLocalPort(int fd);
198 
209 uint32_t SSL_TcpGetLastRxTime(int fd);
210 
219 void SSL_TcpSendKeepAlive(int fd);
220 
221 /*Group: SSL socket option functions */
233 int SSL_setsockoption(int fd, int option);
234 
246 int SSL_clrsockoption(int fd, int option);
247 
258 int SSL_getsockoption(int fd);
259 
267 int SSL_getsocketerror(int fd);
268 
269 
295 int SSL_connect(IPADDR ip,
296  uint16_t local_port,
297  uint16_t remote_port,
298  uint32_t timeout,
299  const char *common_name,
300  bool verifyPeer = false,
301  bool waitForNegotiation = true,
302  SharkSslCAList caList = nullptr);
303 
330 int SSL_makeSecure( int fds,
331  uint32_t timeout,
332  const char *common_name,
333  bool verifyPeer = false,
334  bool waitForNegotiation = true,
335  SharkSslCAList caList = nullptr,
336  bool bIsClient = true);
337 
338 
363 int SSL_negotiate(int fds,
364  uint32_t timeout,
365  const char *common_name,
366  bool reuseSessionPort = true,
367  bool verifyPeer = false,
368  SharkSslCAList caList = nullptr,
369  bool bIsClient = true);
370 
395 int SSLReadWithTimeout(int fd, char *cp, int size, uint32_t timeout);
396 
411 uint32_t SetMaxSessionReuseTime(uint32_t newLifetimeTicks);
412 
423 const char *GetCertificatePEM();
424 
435 const char *GetPrivateKeyPEM();
436 
440 bool IsSSL_CertNKeyValid(const char *keyPEM, ssize_t keylen, const char *certPEM, ssize_t certlen);
441 
450 bool SSL_SetClientCAList(SharkSslCAList *CAList);
451 
460 bool SSL_SetServerCAList(SharkSslCAList *CAList);
461 
470 uint16_t SSLGetRxBufferSpaceUsed( int fd );
471 
480 uint16_t SSLGetTxBufferAvailSpace( int fd );
481 
482 #endif /* #ifndef _SSL_H_ */
483 
IPADDR SSL_GetSocketLocalAddr(int fd)
Returns the local address of this connected socket.
int SSL_makeSecure(int fds, uint32_t timeout, const char *common_name, bool verifyPeer=false, bool waitForNegotiation=true, SharkSslCAList caList=nullptr, bool bIsClient=true)
Executes the TLS negotiation over a given socket, to establish a secure communication channel through...
const char * GetPrivateKeyPEM()
Function that returns a pointer to the compiled in server key.
Definition: SSH/SecureSerToEthFactoryApp/ssluser.cpp:161
int SSL_accept(int fdListen, IPADDR *address, uint16_t *port, uint16_t accept_timeout, uint16_t negotiation_timeout=0)
This call is a mirror of the TCP::accept() call.
BOOL IsSSLfd(int fd)
Returns whether or not a file descriptor is an SSL file descriptor.
int SSL_getsocketerror(int fd)
Returns the socket error state for the specified SSL socket.
int SSL_negotiate(int fds, uint32_t timeout, const char *common_name, bool reuseSessionPort=true, bool verifyPeer=false, SharkSslCAList caList=nullptr, bool bIsClient=true)
SSL mirror of the TCP::connect() call, but uses an existing TCP file descriptor.
void SSL_TcpSendKeepAlive(int fd)
SSL mirror of TcpSendKeepAlive().
uint32_t SSL_TcpGetLastRxTime(int fd)
SSL mirror of TcpGetLastRxTime().
Used to hold and manipulate IPv4 and IPv6 addresses in dual stack mode.
Definition: ipv6_addr.h:28
const char * GetCertificatePEM()
Function that returns a pointer to the compiled in server certificate.
Definition: SSH/SecureSerToEthFactoryApp/ssluser.cpp:181
uint16_t SSLGetTxBufferAvailSpace(int fd)
Returns the amount of data buffered to be read from the socket.
bool SSL_SetServerCAList(SharkSslCAList *CAList)
Attempts to set the Certificate Authority List for the SharkSsl serverCtx
int SSL_clrsockoption(int fd, int option)
Clear SSL TCP socket options.
int SSL_setsockoption(int fd, int option)
Set SSL TCP socket options.
int SSL_getsockoption(int fd)
Returns the options for the specified SSL TCP socket.
bool SSL_SetClientCAList(SharkSslCAList *CAList)
Attempts to set the Certificate Authority List for the SharkSsl clientCtx
int SSL_connect(IPADDR ip, uint16_t local_port, uint16_t remote_port, uint32_t timeout, const char *common_name, bool verifyPeer=false, bool waitForNegotiation=true, SharkSslCAList caList=nullptr)
SSL mirror of the TCP::connect() call.
int SSL_GetSocketInterface(int fd)
Return the network interface associated with a TCP socket.
uint16_t SSL_GetSocketLocalPort(int fd)
Returns the local port of this connected socket.
uint16_t SSL_GetSocketRemotePort(int fd)
Returns the remote port of this connected socket.
IPADDR SSL_GetSocketRemoteAddr(int fd)
Returns the remote address of this connected socket.
int SSLReadWithTimeout(int fd, char *cp, int size, uint32_t timeout)
SSL mirror of the ReadWithTiemout() function.
uint32_t SetMaxSessionReuseTime(uint32_t newLifetimeTicks)
Allows one to specify at runtime what the longest duration that an established session can be used fo...
bool IsSSL_CertNKeyValid(const char *keyPEM, ssize_t keylen, const char *certPEM, ssize_t certlen)
Validate candidate certificate and private key.
uint16_t SSLGetRxBufferSpaceUsed(int fd)
Returns the amount of data buffered to be read from the socket.