/* * SPDX-FileCopyrightText: 2021-2023 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ #pragma once /** * @brief ESP-TLS Connection Handle */ #include #include #include #include "esp_err.h" #include "esp_tls_errors.h" #ifdef CONFIG_ESP_TLS_USING_MBEDTLS #include "mbedtls/platform.h" #include "mbedtls/net_sockets.h" #include "mbedtls/esp_debug.h" #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/error.h" #ifdef CONFIG_ESP_TLS_SERVER_SESSION_TICKETS #include "mbedtls/ssl_ticket.h" #endif #ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_3 #include "psa/crypto.h" #endif #elif CONFIG_ESP_TLS_USING_WOLFSSL #include "wolfssl/wolfcrypt/settings.h" #include "wolfssl/ssl.h" #endif struct esp_tls { #ifdef CONFIG_ESP_TLS_USING_MBEDTLS mbedtls_ssl_context ssl; /*!< TLS/SSL context */ mbedtls_entropy_context entropy; /*!< mbedTLS entropy context structure */ mbedtls_ctr_drbg_context ctr_drbg; /*!< mbedTLS ctr drbg context structure. CTR_DRBG is deterministic random bit generation based on AES-256 */ mbedtls_ssl_config conf; /*!< TLS/SSL configuration to be shared between mbedtls_ssl_context structures */ mbedtls_net_context server_fd; /*!< mbedTLS wrapper type for sockets */ mbedtls_x509_crt cacert; /*!< Container for the X.509 CA certificate */ mbedtls_x509_crt *cacert_ptr; /*!< Pointer to the cacert being used. */ union { mbedtls_x509_crt clientcert; /*!< Container for the X.509 client certificate */ mbedtls_x509_crt servercert; /*!< Container for the X.509 server certificate */ }; union { mbedtls_pk_context clientkey; /*!< Container for the private key of the client certificate */ mbedtls_pk_context serverkey; /*!< Container for the private key of the server certificate */ }; #ifdef CONFIG_MBEDTLS_HARDWARE_ECDSA_SIGN bool use_ecdsa_peripheral; /*!< Use the ECDSA peripheral for the private key operations. */ uint8_t ecdsa_efuse_blk; /*!< The efuse block number where the ECDSA key is stored. */ #endif #elif CONFIG_ESP_TLS_USING_WOLFSSL void *priv_ctx; void *priv_ssl; #endif int sockfd; /*!< Underlying socket file descriptor. */ ssize_t (*read)(esp_tls_t *tls, char *data, size_t datalen); /*!< Callback function for reading data from TLS/SSL connection. */ ssize_t (*write)(esp_tls_t *tls, const char *data, size_t datalen); /*!< Callback function for writing data to TLS/SSL connection. */ esp_tls_conn_state_t conn_state; /*!< ESP-TLS Connection state */ fd_set rset; /*!< read file descriptors */ fd_set wset; /*!< write file descriptors */ bool is_tls; /*!< indicates connection type (TLS or NON-TLS) */ esp_tls_role_t role; /*!< esp-tls role - ESP_TLS_CLIENT - ESP_TLS_SERVER */ esp_tls_error_handle_t error_handle; /*!< handle to error descriptor */ }; // Function pointer for the server configuration API typedef esp_err_t (*set_server_config_func_ptr) (esp_tls_cfg_server_t *cfg, esp_tls_t *tls); // This struct contains any data that is only specific to the server session and not required by the client. typedef struct esp_tls_server_params { set_server_config_func_ptr set_server_cfg; } esp_tls_server_params_t;