1 /*
2  * Copyright (c) 2018 Nordic Semiconductor ASA
3  *
4  * SPDX-License-Identifier: Apache-2.0
5  */
6 
7 /** @file
8  * @brief Internal API for fetching TLS credentials
9  */
10 
11 #ifndef __TLS_INTERNAL_H
12 #define __TLS_INTERNAL_H
13 
14 #include <zephyr/net/tls_credentials.h>
15 
16 /* Internal structure representing TLS credential. */
17 struct tls_credential {
18 	/* TLS credential type. */
19 	enum tls_credential_type type;
20 
21 	/* Secure tag that credential can be referenced with. */
22 	sec_tag_t tag;
23 
24 	/* A pointer to the credential buffer. */
25 	const void *buf;
26 
27 	/* Credential length. */
28 	size_t len;
29 };
30 
31 /*
32  * Special sec_tag value indicating none or invalid sec_tag. For internal use only for now.
33  */
34 #define TLS_SEC_TAG_NONE -1
35 
36 /* Lock TLS credential access. */
37 void credentials_lock(void);
38 
39 /* Unlock TLS credential access. */
40 void credentials_unlock(void);
41 
42 /* Function for getting credential by tag and type.
43  *
44  * Note, that to assure thread safety, credential access should be locked with
45  * credentials_lock before calling this function.
46  */
47 struct tls_credential *credential_get(sec_tag_t tag,
48 				      enum tls_credential_type type);
49 
50 /* Function for iterating over credentials by tag.
51  *
52  * Note, that to assure thread safety, credential access should be locked with
53  * credentials_lock before calling this function.
54  */
55 struct tls_credential *credential_next_get(sec_tag_t tag,
56 					   struct tls_credential *iter);
57 
58 /* Function for iterating over occupied sec tags.
59  *
60  * Returns the next occupied sec tag after the one provided, or TLS_SEC_TAG_NONE if there are no
61  * more.
62  *
63  * Provide TLS_SEC_TAG_NONE to start from the first available sec tag.
64  */
65 sec_tag_t credential_next_tag_get(sec_tag_t iter);
66 
67 /* Writes a (NULL-terminated, printable) string digest of the contents of the provided credential
68  * to the provided destination buffer.
69  *
70  * Digest format/type is up to the tls_credentials backend in use.
71  *
72  * len pointer should be set to the amount of space available in the destination buffer prior to
73  * calling, and will be set to the amount written to the destination buffer after calling
74  * (excluding the NULL terminator).
75  *
76  * Note, that to assure thread safety, credential access should be locked with
77  * credentials_lock before calling this function.
78  */
79 int credential_digest(struct tls_credential *credential, void *dest, size_t *len);
80 
81 #endif /* __TLS_INTERNAL_H */
82