Implements functions for configuring SSL/TLS.
More...
#include <device.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "modem.h"
#include "strlib.h"
#include "extern.h"
#include "ssl.h"
|
| uint8 | modem_ssl_toggle (int enable_ssl) |
| | Toggle SSL Socket. More...
|
| |
| uint8 | modem_ssl_sec_data (uint8 ssid, uint8 action, uint8 datatype, char *cert, char *output_str) |
| | Stores the security data (certificate(s) and/or private key) into the module’s NVM. More...
|
| |
| uint8 | modem_ssl_sec_config (uint8 ssid, uint8 cipher_suite, uint8 auth_mode, uint8 cert_format) |
| | configure the communication channel according to the user’s security architecture. More...
|
| |
| uint8 | modem_ssl_config (uint8 ssid, uint8 cid, int packet_size, int max_to, int def_to, int tx_to, uint8 ssl_ring_mode) |
| | Before opening the SSL socket, several parameters can be configured via this command: More...
|
| |
| uint8 | ssl_init (uint8 edit_ssl_sec_config, uint8 edit_ssl_config) |
| | Initialize SSL features. More...
|
| |
|
|
char | client_cert [] = CLIENT_CERT |
| |
|
char | private_key [] = PRIVATE_KEY |
| |
|
char | server_cert [] = SERVER_CERT |
| |
|
uint8 | ssid = 1 |
| |
|
uint8 | cipher_suite = 0 |
| |
|
uint8 | auth_mode = 1 |
| |
|
uint8 | cert_format = 1 |
| |
|
uint8 | cid = 1u |
| |
|
uint | packet_size = 1000u |
| |
|
uint | max_to = 90u |
| |
|
uint | def_to = 100u |
| |
|
uint | tx_to = 50u |
| |
|
uint8 | ssl_ring_mode = 1u |
| |
Implements functions for configuring SSL/TLS.
- Author
- Matt Bartos and Ivan Mondragon
- Version
- TODO
- Date
- 2017-06-01
| uint8 modem_ssl_config |
( |
uint8 |
ssid, |
|
|
uint8 |
cid, |
|
|
int |
packet_size, |
|
|
int |
max_to, |
|
|
int |
def_to, |
|
|
int |
tx_to, |
|
|
uint8 |
ssl_ring_mode |
|
) |
| |
Before opening the SSL socket, several parameters can be configured via this command:
- Parameters
-
| ssid | Must be set to 1. It is the only Secure Socket ID available. |
| cid | The PDP Context Identifier, it's value must be set to 1. |
| packet_size | Is the size of the packet used by the SSL/TCP/IP stack for data sending in online mode. Small <pktSize> values introduce a higher communication overhead. |
| max_to | Is the socket inactivity timeout. In online mode: if there’s no data exchange within this timeout period the connection is closed. Increment it if it is needed a longer idle time period. |
| def_to | Timeout value used as default value by other SSL commands whenever their Timeout parameters are not set. |
| tx_to | Is the time period after which data is sent even if <pktSize> is not reached (only in online mode). The parameter value must be tuned with user’s application requirements. Small <txTo> values introduce a higher communication overhead. |
| ssl_ring_mode | Is the presentation mode of the SSLSRING unsolicited indication, which informs the user about new incoming data that can be read in command mode. It can be disabled using value 0. |
- Returns
- 1u on success, 0u otherwise.
| uint8 modem_ssl_sec_config |
( |
uint8 |
ssid, |
|
|
uint8 |
cipher_suite, |
|
|
uint8 |
auth_mode, |
|
|
uint8 |
cert_format |
|
) |
| |
configure the communication channel according to the user’s security architecture.
- Parameters
-
| ssid | Must be set to 1. It is the only Secure Socket ID available |
| cipher_suite | Setting the value 0 all the available cipher suites are proposed to the server. It is responsibility of the remote server to select one of them:
- 0 = TLS_RSA_WITH_RC4_128_MD5 + TLS_RSA_WITH_RC4_128_SHA + TLS_RSA_WITH_AES_256_CBC_SHA
- 1 = TLS_RSA_WITH_RC4_128_MD5
- 2 = TLS_RSA_WITH_RC4_128_SHA
- 3 = TLS_RSA_WITH_AES_256_CBC_SHA Warning - the product series HE920 / UE910 V2/ DE910 do not support TLS_RSA_WITH_NULL_SHA and TLS_RSA_WITH_AES_256_CBC_SHA.
|
| auth_mode | Is the authentication mode:
- 0 = SSL verify none: no authentication, no security data is needed at all
- 1 = Server authentication mode: CA Certificate storage is needed (the most common case)
- 2 = Server/Client authentication mode: CA Certificate (server), Certificate (client) and Private Key (client) are needed
|
| cert_format | Is an optional parameter. It selects the format of the certificate to be stored via #SSLSECDATA command.
- 0 = DER format
- 1 = PEM format
|
- Returns
- 1u on success, 0u otherwise.
| uint8 modem_ssl_sec_data |
( |
uint8 |
ssid, |
|
|
uint8 |
action, |
|
|
uint8 |
datatype, |
|
|
char * |
cert, |
|
|
char * |
output_str |
|
) |
| |
Stores the security data (certificate(s) and/or private key) into the module’s NVM.
- Parameters
-
| ssid | Must be set to 1. It is the only Secure Socket ID available. |
| action | The action to be performed:
- 0 = deleting
- 1 = writing
- 2 = reading
|
| datatype | identifies the certificate/key to be stored or read:
- 0 = Certificate of the client (module). It is needed when the Server/Client authentication mode has been configured.
- 1 = CA Certificate of the remote server, it is used to authenticate the remote server. It is needed when <auth_mode> parameter of the #SSLSECCFG command is set to 1 or 2.
- 2 = RSA private key of the client (module). It is needed if the Server/Client authentication mode has been configured.
|
| cert | The certificate to be written to the modem. |
| output_str | The buffer to write the current state of the modem. ONLY USED WHEN ACTION IS READ MODE. |
- Returns
- 1u on success, 0u otherwise.
| uint8 modem_ssl_toggle |
( |
int |
enable_ssl | ) |
|
Toggle SSL Socket.
- Parameters
-
- Returns
- 1u on success, 0u otherwise.
| uint8 ssl_init |
( |
uint8 |
edit_ssl_sec_config, |
|
|
uint8 |
edit_ssl_config |
|
) |
| |
Initialize SSL features.
- Parameters
-
| edit_ssl_sec_config | Enable flag: edit SSL security settings (SSLSECCFG) if desired. |
| edit_ssl_config | Enable flag: edit general SSL configuration (SSLCFG) if desired. |
- Returns
- 1u on success, 0u otherwise.
1.8.11