Secure element data types. More...

Typedefs

typedef gos_result_t (* gos_se_load_certificate_callback_t ) ( gos_certificate_type_t type, const char *name, gos_buffer_t *cert_buffer)
Callback to retrieve certificate from a secure element. More...
typedef int(* gos_se_operation_callback_t ) ( gos_se_state_t state, va_list args)
Secure Element operation callback. More...

Enumerations

enum gos_certificate_type_t {
GOS_CERTIFICATE_CA_CERT ,
GOS_CERTIFICATE_CLIENT_CERT ,
GOS_CERTIFICATE_CLIENT_KEY ,
GOS_CERTIFICATE_TYPE_COUNT
}
TLS certificate type. More...
enum gos_se_state_t {
GOS_SE_STATE_UNKNOWN ,
GOS_SE_STATE_CLIENT_CERT_SIGN ,
GOS_SE_STATE_CLIENT_KEY_EXCHANGE ,
GOS_SE_STATE_SERVER_CERT_VERIFY
}
State of crypto library when operation is overridden. More...
enum gos_se_operation_t {
GOS_SE_OPERATION_ECDH_COMPUTE_SHARED ,
GOS_SE_OPERATION_ECDH_GEN_PUBLIC ,
GOS_SE_OPERATION_ECDSA_SIGN ,
GOS_SE_OPERATION_ECDSA_VERIFY ,
GOS_SE_OPERATION_COUNT
}
Operation that should be overridden by the secure element. More...

Detailed Description

Secure element data types.

Typedef Documentation

gos_se_load_certificate_callback_t

typedef gos_result_t (* gos_se_load_certificate_callback_t) ( gos_certificate_type_t type, const char *name, gos_buffer_t *cert_buffer)

Callback to retrieve certificate from a secure element.

This callback is invoked when Gecko OS wants to read a certificate from a secure element. This occurs before a TLS connection is invoked that has a certificate filename that is prefix with SE:: . If the certificate filename starts with SE:: and this callback is set, then before the TLS connection is opened this callback is invoked.

The type parameter specifies the certificate type, see gos_certificate_type_t The name is the specified certificate filename prefixed with SE:: .

The cert_buffer should be populated with an allocated (e.g.: malloc() ) buffer containing the certificate or key in PEM or DER format.

After this callback returns Gecko OS is responsible for cleaning up the allocated buffer.

Parameters
[in] type The certificate type, see gos_certificate_type_t
[in] name The 'name' of the certificate, should start with 'SE::'
[out] Buffer to be populated the certs data pointer and length
Returns
GOS_SUCCESS if the cert was successfully loaded, other gos_result_t for any other error

gos_se_operation_callback_t

typedef int(* gos_se_operation_callback_t) ( gos_se_state_t state, va_list args)

Secure Element operation callback.

This is a callback that is invoked by the crypto library when a specific operation should be overridden by the SE.

The arguments to the operations are stored in a va_list . The standard C macro va_arg should be used to retrieve each argument.

Parameters
[in] state The gos_se_state_t of the crypto library when the operation is invoked
[in] args Variable list of supplied arguments
Returns
INT32_MAX if the operation should NOT be overridden, i.e. the callback is invoked but the crypto library should handle the operation 0 if the operation completed successfully else error code

Enumeration Type Documentation

gos_certificate_type_t

TLS certificate type.

Enumerator
GOS_CERTIFICATE_CA_CERT

Certificate Authority (CA) public certificate.

GOS_CERTIFICATE_CLIENT_CERT

Client public certificate.

GOS_CERTIFICATE_CLIENT_KEY

Client private certificate key.

GOS_CERTIFICATE_TYPE_COUNT

Data type count.

gos_se_operation_t

Operation that should be overridden by the secure element.

Enumerator
GOS_SE_OPERATION_ECDH_COMPUTE_SHARED

ECDH computed shared, e.g.: mbedtls_ecdh_compute_shared()

GOS_SE_OPERATION_ECDH_GEN_PUBLIC

ECDH generate public key, e.g.: mbedtls_ecdh_gen_public()

GOS_SE_OPERATION_ECDSA_SIGN

ECDSA sign data, e.g.: mbedtls_ecdsa_sign()

GOS_SE_OPERATION_ECDSA_VERIFY

ECDSA verify data, e.g.: mbedtls_ecdsa_verify()

GOS_SE_OPERATION_COUNT

Count of supported operations.

gos_se_state_t

State of crypto library when operation is overridden.

Enumerator
GOS_SE_STATE_UNKNOWN

Unknown state.

GOS_SE_STATE_CLIENT_CERT_SIGN

Signing client certificate, e.g.: MBEDTLS_SSL_CERTIFICATE_VERIFY.

GOS_SE_STATE_CLIENT_KEY_EXCHANGE

Client key exchange, e.g.: MBEDTLS_SSL_CLIENT_KEY_EXCHANGE.

GOS_SE_STATE_SERVER_CERT_VERIFY

Server cert verify, e.g.: MBEDTLS_SSL_SERVER_CERTIFICATE.