Open Storm
Macros | Functions
ssl.h File Reference

Implements functions for configuring SSL/TLS. More...

#include <project.h>
Include dependency graph for ssl.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define CLIENT_CERT   "-----\032\0"
 
#define PRIVATE_KEY   "-----\032\0"
 
#define SERVER_CERT
 

Functions

uint8 modem_ssl_toggle (int enable_ssl)
 Toggle SSL Socket. More...
 
uint8 modem_ssl_sec_data (uint8 ssid, uint8 action, uint8 datatype, char *cert, char *output_str)
 Stores the security data (certificate(s) and/or private key) into the module’s NVM. More...
 
uint8 modem_ssl_sec_config (uint8 ssid, uint8 cipher_suite, uint8 auth_mode, uint8 cert_format)
 configure the communication channel according to the user’s security architecture. More...
 
uint8 modem_ssl_config (uint8 ssid, uint8 cid, int packet_size, int max_to, int def_to, int tx_to, uint8 ssl_ring_mode)
 Before opening the SSL socket, several parameters can be configured via this command: More...
 
uint8 ssl_init (uint8 edit_ssl_sec_config, uint8 edit_ssl_config)
 Initialize SSL features. More...
 

Detailed Description

Implements functions for configuring SSL/TLS.

Author
Matt Bartos and Ivan Mondragon
Version
TODO
Date
2017-06-01

Macro Definition Documentation

#define SERVER_CERT
Value:
"-----BEGIN CERTIFICATE-----\n"\
"MIIEMTCCAxmgAwIBAgIJAM099V95yUdhMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD\n"\
"VQQGEwJVUzELMAkGA1UECAwCTUkxEjAQBgNVBAcMCUFubiBBcmJvcjEfMB0GA1UE\n"\
"CgwWVW5pdmVyc2l0eSBvZiBNaWNoaWdhbjEkMCIGA1UECwwbUmVhbC10aW1lIFdh\n"\
"dGVyIFN5c3RlbXMgTGFiMRQwEgYDVQQDDAtNYXR0IEJhcnRvczEhMB8GCSqGSIb3\n"\
"DQEJARYSbWRiYXJ0b3NAdW1pY2guZWR1MB4XDTE3MDUyOTAzMjAwOVoXDTE4MDIw\n"\
"ODAzMjAwOVowga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJ\n"\
"QW5uIEFyYm9yMR8wHQYDVQQKDBZVbml2ZXJzaXR5IG9mIE1pY2hpZ2FuMSQwIgYD\n"\
"VQQLDBtSZWFsLXRpbWUgV2F0ZXIgU3lzdGVtcyBMYWIxFDASBgNVBAMMC01hdHQg\n"\
"QmFydG9zMSEwHwYJKoZIhvcNAQkBFhJtZGJhcnRvc0B1bWljaC5lZHUwggEiMA0G\n"\
"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcdIs+Nt2CwskByoqSUJi9l+H/6y20\n"\
"bZQXDu99v69JXCUGltyss5akBPtbQHWq+hVQSwCXphnYVl2ZsqwKdiz4kuEc/GhT\n"\
"Ng5XqPRWomWC8x3L0xvblvSqYK90tLz0FmzU8zVq6f/OLlTPJZwAhYC8i0mnqbS0\n"\
"KMDvXPA4FfayBhDX9bOUUQos7WoGFQmfT/K/xWlIPmQs2QOFdx6Tp4669JaxnpzZ\n"\
"wSWe7EUidblUbOzCQtKb/XeVQfuW2xdXxQQRr740mY+/w2dHVl0132lypP60nUbk\n"\
"NEVziu4s/C3Lwfb296t4HUfOg460uyzkdDWDZ6NBtSFRNXDhQjeUSs2pAgMBAAGj\n"\
"UDBOMB0GA1UdDgQWBBSJJFBLv/J+ysjgjtHN+FnfTyjIHzAfBgNVHSMEGDAWgBSJ\n"\
"JFBLv/J+ysjgjtHN+FnfTyjIHzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA\n"\
"A4IBAQBLGrM/RZKPXyQ2f6ZFA9vugU3KzVgCmV1Z62Io8jOfq8Mhrf0j6s65Yxoh\n"\
"KFqvkrozcG+I44Daz9IZbxU04AsYxhpKN5qO5W2PdS9xOXJWugAciVMrTg510WZd\n"\
"JgYRiYdCk4L72GxvdJ4UKnH1N+t6ix0vAT4e6f/CoLQg6CIhQNjOojR9wz6BkpNn\n"\
"Ra81H5kG3lfajk+o/KPbP4L6CexDnkWiYrkeKPU6SSC7RJ/KqxDHScBfqtmz9OjT\n"\
"xtvtzVID7V7pKFM3j3dON81fLrbDtQtu6XPsBpilfl78rl+hess/tMqnAEHaaqpb\n"\
"54+PblnOoiwRzbySIqKde+lDMCVb\n"\
"-----END CERTIFICATE-----\n"\
"\032\0"

Function Documentation

uint8 modem_ssl_config ( uint8  ssid,
uint8  cid,
int  packet_size,
int  max_to,
int  def_to,
int  tx_to,
uint8  ssl_ring_mode 
)

Before opening the SSL socket, several parameters can be configured via this command:

Parameters
ssidMust be set to 1. It is the only Secure Socket ID available.
cidThe PDP Context Identifier, it's value must be set to 1.
packet_sizeIs the size of the packet used by the SSL/TCP/IP stack for data sending in online mode. Small <pktSize> values introduce a higher communication overhead.
max_toIs the socket inactivity timeout. In online mode: if there’s no data exchange within this timeout period the connection is closed. Increment it if it is needed a longer idle time period.
def_toTimeout value used as default value by other SSL commands whenever their Timeout parameters are not set.
tx_toIs the time period after which data is sent even if <pktSize> is not reached (only in online mode). The parameter value must be tuned with user’s application requirements. Small <txTo> values introduce a higher communication overhead.
ssl_ring_modeIs the presentation mode of the SSLSRING unsolicited indication, which informs the user about new incoming data that can be read in command mode. It can be disabled using value 0.
Returns
1u on success, 0u otherwise.

Here is the call graph for this function:

Here is the caller graph for this function:

uint8 modem_ssl_sec_config ( uint8  ssid,
uint8  cipher_suite,
uint8  auth_mode,
uint8  cert_format 
)

configure the communication channel according to the user’s security architecture.

Parameters
ssidMust be set to 1. It is the only Secure Socket ID available
cipher_suiteSetting the value 0 all the available cipher suites are proposed to the server. It is responsibility of the remote server to select one of them:
  • 0 = TLS_RSA_WITH_RC4_128_MD5 + TLS_RSA_WITH_RC4_128_SHA + TLS_RSA_WITH_AES_256_CBC_SHA
  • 1 = TLS_RSA_WITH_RC4_128_MD5
  • 2 = TLS_RSA_WITH_RC4_128_SHA
  • 3 = TLS_RSA_WITH_AES_256_CBC_SHA Warning - the product series HE920 / UE910 V2/ DE910 do not support TLS_RSA_WITH_NULL_SHA and TLS_RSA_WITH_AES_256_CBC_SHA.
auth_modeIs the authentication mode:
  • 0 = SSL verify none: no authentication, no security data is needed at all
  • 1 = Server authentication mode: CA Certificate storage is needed (the most common case)
  • 2 = Server/Client authentication mode: CA Certificate (server), Certificate (client) and Private Key (client) are needed
cert_formatIs an optional parameter. It selects the format of the certificate to be stored via #SSLSECDATA command.
  • 0 = DER format
  • 1 = PEM format
Returns
1u on success, 0u otherwise.

Here is the call graph for this function:

Here is the caller graph for this function:

uint8 modem_ssl_sec_data ( uint8  ssid,
uint8  action,
uint8  datatype,
char *  cert,
char *  output_str 
)

Stores the security data (certificate(s) and/or private key) into the module’s NVM.

Parameters
ssidMust be set to 1. It is the only Secure Socket ID available.
actionThe action to be performed:
  • 0 = deleting
  • 1 = writing
  • 2 = reading
datatypeidentifies the certificate/key to be stored or read:
  • 0 = Certificate of the client (module). It is needed when the Server/Client authentication mode has been configured.
  • 1 = CA Certificate of the remote server, it is used to authenticate the remote server. It is needed when <auth_mode> parameter of the #SSLSECCFG command is set to 1 or 2.
  • 2 = RSA private key of the client (module). It is needed if the Server/Client authentication mode has been configured.
certThe certificate to be written to the modem.
output_strThe buffer to write the current state of the modem. ONLY USED WHEN ACTION IS READ MODE.
Returns
1u on success, 0u otherwise.

Here is the call graph for this function:

Here is the caller graph for this function:

uint8 modem_ssl_toggle ( int  enable_ssl)

Toggle SSL Socket.

Parameters
enable_sslenable flag:
  • 0 = Disabled
  • 1 = Enabled
Returns
1u on success, 0u otherwise.

Here is the call graph for this function:

Here is the caller graph for this function:

uint8 ssl_init ( uint8  edit_ssl_sec_config,
uint8  edit_ssl_config 
)

Initialize SSL features.

Parameters
edit_ssl_sec_configEnable flag: edit SSL security settings (SSLSECCFG) if desired.
edit_ssl_configEnable flag: edit general SSL configuration (SSLCFG) if desired.
Returns
1u on success, 0u otherwise.

Here is the call graph for this function:

Here is the caller graph for this function:

Generated by   doxygen 1.8.11