Credentials management module for (D)TLS.
More...
Credentials management module for (D)TLS.
|
| file | credman.h |
| | (D)TLS credentials management module definitions
|
| |
|
| int | credman_add (const credman_credential_t *credential) |
| | Adds a credential to the credential pool.
|
| |
| int | credman_get (credman_credential_t *credential, credman_tag_t tag, credman_type_t type) |
| | Gets a credential from credential pool.
|
| |
| void | credman_delete (credman_tag_t tag, credman_type_t type) |
| | Delete a credential from the credential pool.
|
| |
| int | credman_get_used_count (void) |
| | Gets the number of credentials currently in the credential pool.
|
| |
| int | credman_load_public_key (const void *buf, size_t buf_len, ecdsa_public_key_t *out) |
| | Load a public key from a buffer, as a SubjectPublicKeyInfo sequence, according to RFC5280.
|
| |
| int | credman_load_private_key (const void *buf, size_t buf_len, credman_credential_t *cred) |
| | Load a private key from a buffer, as a OneAsymmetricKey sequence, according to RFC5958.
|
| |
| int | credman_load_private_ecc_key (const void *buf, size_t buf_len, credman_credential_t *cred) |
| | Load an ECC private key from a buffer, as an ECPrivateKey sequence, according to RFC5915.
|
| |
|
void | credman_reset (void) |
| | Empties the credential pool.
|
| |
◆ CREDMAN_TAG_EMPTY
| #define CREDMAN_TAG_EMPTY (0) |
Used to signal empty/no tag.
Definition at line 100 of file credman.h.
◆ credman_tag_t
Tag of the credential.
Definition at line 95 of file credman.h.
◆ anonymous enum
Return values.
| Enumerator |
|---|
| CREDMAN_OK | No error.
|
| CREDMAN_EXIST | Credential already exist in system pool.
|
| CREDMAN_NO_SPACE | No space in system pool for new credential.
|
| CREDMAN_NOT_FOUND | Credential not found in the system pool.
|
| CREDMAN_INVALID | Invalid input parameter(s)
|
| CREDMAN_TYPE_UNKNOWN | Unknown credential type.
|
| CREDMAN_ERROR | Other errors.
|
Definition at line 131 of file credman.h.
◆ credman_type_t
Credential types.
| Enumerator |
|---|
| CREDMAN_TYPE_EMPTY | Empty type.
Used to detect uninitialized credman_credential_t internally.
|
| CREDMAN_TYPE_PSK | PSK credential type.
|
| CREDMAN_TYPE_ECDSA | ECDSA credential type.
|
Definition at line 105 of file credman.h.
◆ credman_add()
Adds a credential to the credential pool.
- Parameters
-
| [in] | credential | Credential to add. |
- Returns
- CREDMAN_OK on success
-
CREDMAN_EXIST if credential of
tag and type already exist
-
CREDMAN_NO_SPACE if credential pool is full
-
CREDMAN_TYPE_UNKNOWN if
credential has unknown credman_credential_t::type
-
CREDMAN_INVALID if
credential has
-
CREDMAN_INVALID credman_credential_t::tag with the value of CREDMAN_TAG_EMPTY
-
CREDMAN_INVALID credman_credential_t::type with the value of CREDMAN_TYPE_EMPTY
-
CREDMAN_INVALID credman_credential_t::params with invalid credential parameters i.e. the key points to NULL or has a length of 0
-
CREDMAN_ERROR on other errors
◆ credman_delete()
◆ credman_get()
Gets a credential from credential pool.
- Parameters
-
| [out] | credential | Found credential |
| [in] | tag | Tag of credential to get |
| [in] | type | Type of credential to get |
- Returns
- CREDMAN_OK on success
-
CREDMAN_NOT_FOUND if no credential with
tag and type found
-
CREDMAN_ERROR on other errors
◆ credman_get_used_count()
| int credman_get_used_count |
( |
void | | ) |
|
Gets the number of credentials currently in the credential pool.
Maximum number of allowed credentials is defined by CONFIG_CREDMAN_MAX_CREDENTIALS
- Returns
- number of credentials currently in the credential pool
◆ credman_load_private_ecc_key()
Load an ECC private key from a buffer, as an ECPrivateKey sequence, according to RFC5915.
If the optional respective public key is present, it will be loaded as well. The key should be encoded in DER format.
- Precondition
buf != NULL && cred != NULL
- Note
- To use this functionality include the module
credman_load.
- Warning
- This feature is experimental!
This API is considered experimental and will probably change without notice!
- See also
- https://tools.ietf.org/html/rfc5915#section-3
- Parameters
-
| [in] | buf | Buffer holding the encoded private key |
| [in] | buf_len | Length of buf |
| [out] | cred | Credential to populate |
- Return values
-
| CREDMAN_OK | on success |
| CREDMAN_INVALID | if the key is not valid |
◆ credman_load_private_key()
Load a private key from a buffer, as a OneAsymmetricKey sequence, according to RFC5958.
This is compatible with the previous version PKCS#8 (defined in RFC5208). If the optional respective public key is present, it will be loaded as well. The key should be encoded in DER format.
- Precondition
buf != NULL && cred != NULL
- Note
- To use this functionality include the module
credman_load. Credman only supports ECDSA for now.
- Warning
- This feature is experimental!
This API is considered experimental and will probably change without notice!
- See also
- https://tools.ietf.org/html/rfc5958#section-2
- Parameters
-
| [in] | buf | Buffer holding the encoded private key |
| [in] | buf_len | Length of buf |
| [out] | cred | Credential to populate |
- Return values
-
| CREDMAN_OK | on success |
| CREDMAN_INVALID | if the key is not valid |
◆ credman_load_public_key()
| int credman_load_public_key |
( |
const void * | buf, |
|
|
size_t | buf_len, |
|
|
ecdsa_public_key_t * | out ) |
Load a public key from a buffer, as a SubjectPublicKeyInfo sequence, according to RFC5280.
The key should be encoded in DER format.
- Precondition
buf != NULL && out != NULL.
- Note
- To use this functionality include the module
credman_load. Credman only supports ECDSA for now, so RFC5480 applies.
- Warning
- This feature is experimental!
This API is considered experimental and will probably change without notice!
- See also
- https://tools.ietf.org/html/rfc5280#section-4.1
- Parameters
-
| [in] | buf | Buffer holding the encoded public key |
| [in] | buf_len | Length of buf |
| [out] | out | ECDSA public key to populate |
- Return values
-
| CREDMAN_OK | on success |
| CREDMAN_INVALID | if the key is not valid |
1.13.2