23 #ifndef COAP_DTLS_HINT_LENGTH
24 #define COAP_DTLS_HINT_LENGTH 128
28 #ifndef COAP_DTLS_RETRANSMIT_MS
29 #define COAP_DTLS_RETRANSMIT_MS 1000
31 #ifndef COAP_DTLS_RETRANSMIT_TOTAL_MS
32 #define COAP_DTLS_RETRANSMIT_TOTAL_MS 60000
35 #define COAP_DTLS_RETRANSMIT_COAP_TICKS (COAP_DTLS_RETRANSMIT_MS * COAP_TICKS_PER_SECOND / 1000)
37 #define COAP_DTLS_RPK_CERT_CN "RPK"
117 const uint8_t *asn1_public_cert,
240 #define COAP_DTLS_PKI_SETUP_VERSION 1
334 #define COAP_DTLS_CPSK_SETUP_VERSION 1
421 #define COAP_DTLS_SPSK_SETUP_VERSION 1
uint64_t coap_tick_t
This data type represents internal timer ticks with COAP_TICKS_PER_SECOND resolution.
unsigned int coap_dtls_get_overhead(struct coap_session_t *coap_session)
Get DTLS overhead over cleartext PDUs.
coap_tick_t coap_dtls_get_context_timeout(void *dtls_context)
Do all pending retransmits and get next timeout.
void coap_dtls_startup(void)
Initialize the underlying (D)TLS Library layer.
int coap_dtls_receive(struct coap_session_t *coap_session, const uint8_t *data, size_t data_len)
Handling incoming data from a DTLS peer.
void * coap_dtls_new_client_session(struct coap_session_t *coap_session)
Create a new client-side session.
void * coap_dtls_new_server_session(struct coap_session_t *coap_session)
Create a new DTLS server-side session.
void coap_dtls_free_session(struct coap_session_t *coap_session)
Terminates the DTLS session (may send an ALERT if necessary) then frees the underlying TLS library ob...
void coap_dtls_handle_timeout(struct coap_session_t *coap_session)
Handle a DTLS timeout expiration.
void * coap_tls_new_client_session(struct coap_session_t *coap_session, int *connected)
Create a new TLS client-side session.
ssize_t coap_tls_write(struct coap_session_t *coap_session, const uint8_t *data, size_t data_len)
Send data to a TLS peer, with implicit flush.
coap_tick_t coap_dtls_get_timeout(struct coap_session_t *coap_session, coap_tick_t now)
Get next timeout for this session.
void * coap_tls_new_server_session(struct coap_session_t *coap_session, int *connected)
Create a TLS new server-side session.
ssize_t coap_tls_read(struct coap_session_t *coap_session, uint8_t *data, size_t data_len)
Read some data from a TLS peer.
int coap_dtls_is_context_timeout(void)
Check if timeout is handled per CoAP session or per CoAP context.
void coap_tls_free_session(struct coap_session_t *coap_session)
Terminates the TLS session (may send an ALERT if necessary) then frees the underlying TLS library obj...
int coap_dtls_send(struct coap_session_t *coap_session, const uint8_t *data, size_t data_len)
Send data to a DTLS peer.
int coap_dtls_context_set_pki_root_cas(struct coap_context_t *coap_context, const char *ca_file, const char *ca_dir)
Set the dtls context's default Root CA information for a client or server.
int coap_dtls_context_set_spsk(struct coap_context_t *coap_context, coap_dtls_spsk_t *setup_data)
Set the DTLS context's default server PSK information.
void coap_dtls_shutdown(void)
Close down the underlying (D)TLS Library layer.
int coap_dtls_hello(struct coap_session_t *coap_session, const uint8_t *data, size_t data_len)
Handling client HELLO messages from a new candiate peer.
int coap_dtls_context_check_keys_enabled(struct coap_context_t *coap_context)
Check whether one of the coap_dtls_context_set_{psk|pki}() functions have been called.
int coap_dtls_context_set_cpsk(struct coap_context_t *coap_context, coap_dtls_cpsk_t *setup_data)
Set the DTLS context's default client PSK information.
void coap_dtls_session_update_mtu(struct coap_session_t *coap_session)
Notify of a change in the CoAP session's MTU, for example after a PMTU update.
void * coap_dtls_new_context(struct coap_context_t *coap_context)
Creates a new DTLS context for the given coap_context.
void coap_dtls_free_context(void *dtls_context)
Releases the storage allocated for dtls_context.
int coap_dtls_context_set_pki(struct coap_context_t *coap_context, const coap_dtls_pki_t *setup_data, const coap_dtls_role_t role)
Set the DTLS context's default server PKI information.
@ COAP_DTLS_ROLE_SERVER
Internal function invoked for server.
@ COAP_DTLS_ROLE_CLIENT
Internal function invoked for client.
coap_dtls_key_t *(* coap_dtls_pki_sni_callback_t)(const char *sni, void *arg)
Server Name Indication (SNI) Validation callback that can be set up by coap_context_set_pki().
struct coap_dtls_cpsk_info_t coap_dtls_cpsk_info_t
The structure that holds the Client PSK information.
const coap_dtls_spsk_info_t *(* coap_dtls_psk_sni_callback_t)(const char *sni, struct coap_session_t *coap_session, void *arg)
PSK SNI callback that can be set up by coap_context_set_psk2().
struct coap_dtls_key_t coap_dtls_key_t
The structure that holds the PKI key information.
struct coap_dtls_spsk_t coap_dtls_spsk_t
The structure used for defining the Server PSK setup data to be used.
const coap_dtls_cpsk_info_t *(* coap_dtls_ih_callback_t)(struct coap_str_const_t *hint, struct coap_session_t *coap_session, void *arg)
Identity Hint Validation callback that can be set up by coap_new_client_session_psk2().
struct coap_dtls_cpsk_t coap_dtls_cpsk_t
The structure used for defining the Client PSK setup data to be used.
struct coap_pki_key_pkcs11_t coap_pki_key_pkcs11_t
The structure that holds the PKI PKCS11 definitions.
int coap_tls_is_supported(void)
Check whether TLS is available.
struct coap_tls_version_t coap_tls_version_t
The structure used for returning the underlying (D)TLS library information.
struct coap_pki_key_pem_t coap_pki_key_pem_t
The structure that holds the PKI PEM definitions.
coap_pki_key_t
The enum used for determining the PKI key formats.
coap_tls_version_t * coap_get_tls_library_version(void)
Determine the type and version of the underlying (D)TLS library.
struct coap_dtls_spsk_info_t coap_dtls_spsk_info_t
The structure that holds the Server Pre-Shared Key and Identity Hint information.
int coap_dtls_is_supported(void)
Check whether DTLS is available.
struct coap_pki_key_asn1_t coap_pki_key_asn1_t
The structure that holds the PKI ASN.1 (DER) definitions.
int(* coap_dtls_security_setup_t)(void *tls_session, struct coap_dtls_pki_t *setup_data)
Additional Security setup handler that can be set up by coap_context_set_pki().
struct coap_pki_key_pem_buf_t coap_pki_key_pem_buf_t
The structure that holds the PKI PEM buffer definitions.
coap_asn1_privatekey_type_t
The enum used for determining the provided PKI ASN.1 (DER) Private Key formats.
struct coap_dtls_pki_t coap_dtls_pki_t
The structure used for defining the PKI setup data to be used.
const coap_bin_const_t *(* coap_dtls_id_callback_t)(struct coap_bin_const_t *identity, struct coap_session_t *coap_session, void *arg)
Identity Validation callback that can be set up by coap_context_set_psk2().
int(* coap_dtls_cn_callback_t)(const char *cn, const uint8_t *asn1_public_cert, size_t asn1_length, struct coap_session_t *coap_session, unsigned int depth, int validated, void *arg)
CN Validation callback that can be set up by coap_context_set_pki().
@ COAP_PKI_KEY_PKCS11
The PKI key type is PKCS11 (DER)
@ COAP_PKI_KEY_PEM_BUF
The PKI key type is PEM buffer.
@ COAP_PKI_KEY_PEM
The PKI key type is PEM file.
@ COAP_PKI_KEY_ASN1
The PKI key type is ASN.1 (DER) buffer.
@ COAP_ASN1_PKEY_DH
DH type.
@ COAP_ASN1_PKEY_NONE
NONE.
@ COAP_ASN1_PKEY_TLS1_PRF
TLS1_PRF type.
@ COAP_ASN1_PKEY_RSA2
RSA2 type.
@ COAP_ASN1_PKEY_DSA
DSA type.
@ COAP_ASN1_PKEY_DHX
DHX type.
@ COAP_ASN1_PKEY_DSA4
DSA4 type.
@ COAP_ASN1_PKEY_DSA2
DSA2 type.
@ COAP_ASN1_PKEY_RSA
RSA type.
@ COAP_ASN1_PKEY_DSA1
DSA1 type.
@ COAP_ASN1_PKEY_HKDF
HKDF type.
@ COAP_ASN1_PKEY_EC
EC type.
@ COAP_ASN1_PKEY_DSA3
DSA3 type.
@ COAP_ASN1_PKEY_HMAC
HMAC type.
@ COAP_ASN1_PKEY_CMAC
CMAC type.
@ COAP_TLS_LIBRARY_GNUTLS
Using GnuTLS library.
@ COAP_TLS_LIBRARY_TINYDTLS
Using TinyDTLS library.
@ COAP_TLS_LIBRARY_NOTLS
No DTLS library.
@ COAP_TLS_LIBRARY_OPENSSL
Using OpenSSL library.
@ COAP_TLS_LIBRARY_MBEDTLS
Using MbedTLS library.
void coap_dtls_set_log_level(int level)
Sets the (D)TLS logging level to the specified level.
int coap_dtls_get_log_level(void)
Get the current (D)TLS logging.
CoAP binary data definition with const data.
The CoAP stack's global state is stored in a coap_context_t object.
The structure that holds the Client PSK information.
coap_bin_const_t identity
The structure used for defining the Client PSK setup data to be used.
void * ih_call_back_arg
Passed in to the Identity Hint callback function.
char * client_sni
If not NULL, SNI to use in client TLS setup.
coap_dtls_ih_callback_t validate_ih_call_back
Identity Hint check callback function.
coap_dtls_cpsk_info_t psk_info
Client PSK definition.
uint8_t reserved[7]
Set to COAP_DTLS_CPSK_SETUP_VERSION to support this version of the struct.
The structure that holds the PKI key information.
coap_pki_key_pem_t pem
for PEM file keys
coap_pki_key_pkcs11_t pkcs11
for PKCS11 keys
union coap_dtls_key_t::@1 key
coap_pki_key_pem_buf_t pem_buf
for PEM memory keys
coap_pki_key_t key_type
key format type
coap_pki_key_asn1_t asn1
for ASN.1 (DER) memory keys
The structure used for defining the PKI setup data to be used.
uint8_t allow_no_crl
1 ignore if CRL not there
void * cn_call_back_arg
Passed in to the CN callback function.
uint8_t allow_short_rsa_length
1 if small RSA keysizes are allowed
uint8_t cert_chain_validation
1 if to check cert_chain_verify_depth
uint8_t allow_bad_md_hash
1 if unsupported MD hashes are allowed
uint8_t check_cert_revocation
1 if revocation checks wanted
coap_dtls_pki_sni_callback_t validate_sni_call_back
SNI check callback function.
uint8_t cert_chain_verify_depth
recommended depth is 3
uint8_t reserved[3]
Reserved - must be set to 0 for future compatibility.
coap_dtls_security_setup_t additional_tls_setup_call_back
Additional Security callback handler that is invoked when libcoap has done the standard,...
uint8_t allow_expired_certs
1 if expired certs are allowed
uint8_t verify_peer_cert
Set to COAP_DTLS_PKI_SETUP_VERSION to support this version of the struct.
char * client_sni
If not NULL, SNI to use in client TLS setup.
uint8_t allow_self_signed
1 if self-signed certs are allowed.
void * sni_call_back_arg
Passed in to the sni callback function.
coap_dtls_cn_callback_t validate_cn_call_back
CN check callback function.
uint8_t allow_expired_crl
1 if expired crl is allowed
uint8_t is_rpk_not_cert
1 is RPK instead of Public Certificate.
uint8_t check_common_ca
1 if peer cert is to be signed by the same CA as the local cert
coap_dtls_key_t pki_key
PKI key definition.
The structure that holds the Server Pre-Shared Key and Identity Hint information.
The structure used for defining the Server PSK setup data to be used.
coap_dtls_psk_sni_callback_t validate_sni_call_back
SNI check callback function.
coap_dtls_id_callback_t validate_id_call_back
Identity check callback function.
uint8_t reserved[7]
Set to COAP_DTLS_SPSK_SETUP_VERSION to support this version of the struct.
void * id_call_back_arg
Passed in to the Identity callback function.
void * sni_call_back_arg
Passed in to the SNI callback function.
coap_dtls_spsk_info_t psk_info
Server PSK definition.
The structure that holds the PKI ASN.1 (DER) definitions.
const uint8_t * private_key
ASN1 (DER) Private Key.
coap_asn1_privatekey_type_t private_key_type
Private Key Type.
size_t public_cert_len
ASN1 Public Cert length.
size_t private_key_len
ASN1 Private Key length.
const uint8_t * ca_cert
ASN1 (DER) Common CA Cert.
size_t ca_cert_len
ASN1 CA Cert length.
const uint8_t * public_cert
ASN1 (DER) Public Cert, or Public Key if RPK.
The structure that holds the PKI PEM buffer definitions.
size_t ca_cert_len
PEM buffer CA Cert length.
const uint8_t * ca_cert
PEM buffer Common CA Cert.
size_t private_key_len
PEM buffer Private Key length.
const uint8_t * private_key
PEM buffer Private Key If RPK and 'EC PRIVATE KEY' this can be used for both the public_cert and priv...
size_t public_cert_len
PEM buffer Public Cert length.
const uint8_t * public_cert
PEM buffer Public Cert, or Public Key if RPK.
The structure that holds the PKI PEM definitions.
const char * ca_file
File location of Common CA in PEM format.
const char * public_cert
File location of Public Cert.
const char * private_key
File location of Private Key in PEM format.
The structure that holds the PKI PKCS11 definitions.
const char * private_key
pkcs11: URI for Private Key
const char * ca
pkcs11: URI for Common CA Certificate
const char * user_pin
User pin to access PKCS11.
const char * public_cert
pkcs11: URI for Public Cert
CoAP string data definition with const data.
The structure used for returning the underlying (D)TLS library information.
uint64_t built_version
(D)TLS Built against Library Version
coap_tls_library_t type
Library type.
uint64_t version
(D)TLS runtime Library Version