Secure element data types. More...

Typedefs

typedef gos_result_t(* gos_se_load_certificate_callback_t) (gos_certificate_type_t type, const char *name, gos_buffer_t *cert_buffer)
 Callback to retrieve certificate from a secure element. More...
 
typedef int(* gos_se_operation_callback_t) (gos_se_state_t state, va_list args)
 Secure Element operation callback. More...
 

Enumerations

enum  gos_certificate_type_t {
  GOS_CERTIFICATE_CA_CERT,
  GOS_CERTIFICATE_CLIENT_CERT,
  GOS_CERTIFICATE_CLIENT_KEY,
  GOS_CERTIFICATE_TYPE_COUNT
}
 TLS certificate type. More...
 
enum  gos_se_state_t {
  GOS_SE_STATE_UNKNOWN,
  GOS_SE_STATE_CLIENT_CERT_SIGN,
  GOS_SE_STATE_CLIENT_KEY_EXCHANGE,
  GOS_SE_STATE_SERVER_CERT_VERIFY
}
 State of crypto library when operation is overridden. More...
 
enum  gos_se_operation_t {
  GOS_SE_OPERATION_ECDH_COMPUTE_SHARED,
  GOS_SE_OPERATION_ECDH_GEN_PUBLIC,
  GOS_SE_OPERATION_ECDSA_SIGN,
  GOS_SE_OPERATION_ECDSA_VERIFY,
  GOS_SE_OPERATION_COUNT
}
 Operation that should be overridden by the secure element. More...
 

Detailed Description

Secure element data types.

Typedef Documentation

◆ gos_se_load_certificate_callback_t

typedef gos_result_t(* gos_se_load_certificate_callback_t) (gos_certificate_type_t type, const char *name, gos_buffer_t *cert_buffer)

Callback to retrieve certificate from a secure element.

This callback is invoked when Gecko OS wants to read a certificate from a secure element. This occurs before a TLS connection is invoked that has a certificate filename that is prefix with SE::. If the certificate filename starts with SE:: and this callback is set, then before the TLS connection is opened this callback is invoked.

The type parameter specifies the certificate type, see gos_certificate_type_t The name is the specified certificate filename prefixed with SE::.

The cert_buffer should be populated with an allocated (e.g.: malloc()) buffer containing the certificate or key in PEM or DER format.

After this callback returns Gecko OS is responsible for cleaning up the allocated buffer.

Parameters
[in]typeThe certificate type, see gos_certificate_type_t
[in]nameThe 'name' of the certificate, should start with 'SE::'
[out]Bufferto be populated the certs data pointer and length
Returns
GOS_SUCCESS if the cert was successfully loaded, other gos_result_t for any other error

◆ gos_se_operation_callback_t

typedef int(* gos_se_operation_callback_t) (gos_se_state_t state, va_list args)

Secure Element operation callback.

This is a callback that is invoked by the crypto library when a specific operation should be overridden by the SE.

The arguments to the operations are stored in a va_list. The standard C macro va_arg should be used to retrieve each argument.

Parameters
[in]stateThe gos_se_state_t of the crypto library when the operation is invoked
[in]argsVariable list of supplied arguments
Returns
INT32_MAX if the operation should NOT be overridden, i.e. the callback is invoked but the crypto library should handle the operation 0 if the operation completed successfully else error code

Enumeration Type Documentation

◆ gos_certificate_type_t

TLS certificate type.

Enumerator
GOS_CERTIFICATE_CA_CERT 

Certificate Authority (CA) public certificate.

GOS_CERTIFICATE_CLIENT_CERT 

Client public certificate.

GOS_CERTIFICATE_CLIENT_KEY 

Client private certificate key.

GOS_CERTIFICATE_TYPE_COUNT 

Data type count.

◆ gos_se_operation_t

Operation that should be overridden by the secure element.

Enumerator
GOS_SE_OPERATION_ECDH_COMPUTE_SHARED 

ECDH computed shared, e.g.: mbedtls_ecdh_compute_shared()

GOS_SE_OPERATION_ECDH_GEN_PUBLIC 

ECDH generate public key, e.g.: mbedtls_ecdh_gen_public()

GOS_SE_OPERATION_ECDSA_SIGN 

ECDSA sign data, e.g.: mbedtls_ecdsa_sign()

GOS_SE_OPERATION_ECDSA_VERIFY 

ECDSA verify data, e.g.: mbedtls_ecdsa_verify()

GOS_SE_OPERATION_COUNT 

Count of supported operations.

◆ gos_se_state_t

State of crypto library when operation is overridden.

Enumerator
GOS_SE_STATE_UNKNOWN 

Unknown state.

GOS_SE_STATE_CLIENT_CERT_SIGN 

Signing client certificate, e.g.: MBEDTLS_SSL_CERTIFICATE_VERIFY.

GOS_SE_STATE_CLIENT_KEY_EXCHANGE 

Client key exchange, e.g.: MBEDTLS_SSL_CLIENT_KEY_EXCHANGE.

GOS_SE_STATE_SERVER_CERT_VERIFY 

Server cert verify, e.g.: MBEDTLS_SSL_SERVER_CERTIFICATE.