(D)TLS Credential Manager

Credentials management module for (D)TLS. More...

Detailed Description

Credentials management module for (D)TLS.

Modules

 (D)TLS Credential Manager compile configurations
 

Files

file  credman.h
 (D)TLS credentials management module definitions
 

Data Structures

struct  credman_buffer_t
 Buffer of the credential. More...
 
struct  psk_params_t
 PSK parameters. More...
 
struct  ecdsa_public_key_t
 ECDSA public keys. More...
 
struct  ecdsa_params_t
 ECDSA parameters. More...
 
struct  credman_credential_t
 Credential information. More...
 

Macros

#define CREDMAN_TAG_EMPTY   (0)
 Used to signal empty/no tag.
 

Typedefs

typedef uint16_t credman_tag_t
 Tag of the credential.
 

Enumerations

enum  credman_type_t { CREDMAN_TYPE_EMPTY = 0, CREDMAN_TYPE_PSK = 1, CREDMAN_TYPE_ECDSA = 2 }
 Credential types. More...
 
enum  {
  CREDMAN_OK = 0, CREDMAN_EXIST = -1, CREDMAN_NO_SPACE = -2, CREDMAN_NOT_FOUND = -3,
  CREDMAN_INVALID = -4, CREDMAN_TYPE_UNKNOWN = -5, CREDMAN_ERROR = -6
}
 Return values. More...
 

Functions

int credman_add (const credman_credential_t *credential)
 Adds a credential to the credential pool. More...
 
int credman_get (credman_credential_t *credential, credman_tag_t tag, credman_type_t type)
 Gets a credential from credential pool. More...
 
void credman_delete (credman_tag_t tag, credman_type_t type)
 Delete a credential from the credential pool. More...
 
int credman_get_used_count (void)
 Gets the number of credentials currently in the credential pool. More...
 
int credman_load_public_key (const void *buf, size_t buf_len, ecdsa_public_key_t *out)
 Load a public key from a buffer, as a SubjectPublicKeyInfo sequence, according to RFC5280. More...
 
int credman_load_private_key (const void *buf, size_t buf_len, credman_credential_t *cred)
 Load a private key from a buffer, as a OneAsymmetricKey sequence, according to RFC5958. More...
 
int credman_load_private_ecc_key (const void *buf, size_t buf_len, credman_credential_t *cred)
 Load an ECC private key from a buffer, as an ECPrivateKey sequence, according to RFC5915. More...
 
void credman_reset (void)
 Empties the credential pool.
 

Enumeration Type Documentation

◆ anonymous enum

anonymous enum

Return values.

Enumerator
CREDMAN_OK 

No error.

CREDMAN_EXIST 

Credential already exist in system pool.

CREDMAN_NO_SPACE 

No space in system pool for new credential.

CREDMAN_NOT_FOUND 

Credential not found in the system pool.

CREDMAN_INVALID 

Invalid input parameter(s)

CREDMAN_TYPE_UNKNOWN 

Unknown credential type.

CREDMAN_ERROR 

Other errors.

Definition at line 132 of file credman.h.

◆ credman_type_t

Credential types.

Enumerator
CREDMAN_TYPE_EMPTY 

Empty type.

Used to detect uninitialized credman_credential_t internally.

CREDMAN_TYPE_PSK 

PSK credential type.

CREDMAN_TYPE_ECDSA 

ECDSA credential type.

Definition at line 106 of file credman.h.

Function Documentation

◆ credman_add()

int credman_add ( const credman_credential_t credential)

Adds a credential to the credential pool.

Parameters
[in]credentialCredential to add.
Returns
CREDMAN_OK on success
CREDMAN_EXIST if credential of tag and type already exist
CREDMAN_NO_SPACE if credential pool is full
CREDMAN_TYPE_UNKNOWN if credential has unknown credman_credential_t::type
CREDMAN_INVALID if credential has
CREDMAN_INVALID credman_credential_t::tag with the value of CREDMAN_TAG_EMPTY
CREDMAN_INVALID credman_credential_t::type with the value of CREDMAN_TYPE_EMPTY
CREDMAN_INVALID credman_credential_t::params with invalid credential parameters i.e. the key points to NULL or has a length of 0
CREDMAN_ERROR on other errors

◆ credman_delete()

void credman_delete ( credman_tag_t  tag,
credman_type_t  type 
)

Delete a credential from the credential pool.

Does nothing if credential with credman_credential_t::tag tag and credman_credential_t::type type is not found.

Parameters
[in]tagTag of the credential
[in]typeType of the credential

◆ credman_get()

int credman_get ( credman_credential_t credential,
credman_tag_t  tag,
credman_type_t  type 
)

Gets a credential from credential pool.

Parameters
[out]credentialFound credential
[in]tagTag of credential to get
[in]typeType of credential to get
Returns
CREDMAN_OK on success
CREDMAN_NOT_FOUND if no credential with tag and type found
CREDMAN_ERROR on other errors

◆ credman_get_used_count()

int credman_get_used_count ( void  )

Gets the number of credentials currently in the credential pool.

Maximum number of allowed credentials is defined by CONFIG_CREDMAN_MAX_CREDENTIALS

Returns
number of credentials currently in the credential pool

◆ credman_load_private_ecc_key()

int credman_load_private_ecc_key ( const void *  buf,
size_t  buf_len,
credman_credential_t cred 
)

Load an ECC private key from a buffer, as an ECPrivateKey sequence, according to RFC5915.

If the optional respective public key is present, it will be loaded as well. The key should be encoded in DER format.

Precondition
buf != NULL && cred != NULL
Note
To use this functionality include the module credman_load.
Warning
This feature is experimental! This API is considered experimental and will probably change without notice!
See also
https://tools.ietf.org/html/rfc5915#section-3
Parameters
[in]bufBuffer holding the encoded private key
[in]buf_lenLength of buf
[out]credCredential to populate
Return values
CREDMAN_OKon success
CREDMAN_INVALIDif the key is not valid

◆ credman_load_private_key()

int credman_load_private_key ( const void *  buf,
size_t  buf_len,
credman_credential_t cred 
)

Load a private key from a buffer, as a OneAsymmetricKey sequence, according to RFC5958.

This is compatible with the previous version PKCS#8 (defined in RFC5208). If the optional respective public key is present, it will be loaded as well. The key should be encoded in DER format.

Precondition
buf != NULL && cred != NULL
Note
To use this functionality include the module credman_load. Credman only supports ECDSA for now.
Warning
This feature is experimental! This API is considered experimental and will probably change without notice!
See also
https://tools.ietf.org/html/rfc5958#section-2
Parameters
[in]bufBuffer holding the encoded private key
[in]buf_lenLength of buf
[out]credCredential to populate
Return values
CREDMAN_OKon success
CREDMAN_INVALIDif the key is not valid

◆ credman_load_public_key()

int credman_load_public_key ( const void *  buf,
size_t  buf_len,
ecdsa_public_key_t out 
)

Load a public key from a buffer, as a SubjectPublicKeyInfo sequence, according to RFC5280.

The key should be encoded in DER format.

Precondition
buf != NULL && out != NULL.
Note
To use this functionality include the module credman_load. Credman only supports ECDSA for now, so RFC5480 applies.
Warning
This feature is experimental! This API is considered experimental and will probably change without notice!
See also
https://tools.ietf.org/html/rfc5280#section-4.1
Parameters
[in]bufBuffer holding the encoded public key
[in]buf_lenLength of buf
[out]outECDSA public key to populate
Return values
CREDMAN_OKon success
CREDMAN_INVALIDif the key is not valid