Zephyr API Documentation  3.7.0
A Scalable Open Source RTOS
Loading...
Searching...
No Matches
TLS credentials management

TLS credentials management. More...

Typedefs

typedef int sec_tag_t
 Secure tag, a reference to TLS credential.
 

Enumerations

enum  tls_credential_type {
  TLS_CREDENTIAL_NONE , TLS_CREDENTIAL_CA_CERTIFICATE , TLS_CREDENTIAL_SERVER_CERTIFICATE , TLS_CREDENTIAL_PRIVATE_KEY ,
  TLS_CREDENTIAL_PSK , TLS_CREDENTIAL_PSK_ID
}
 TLS credential types. More...
 

Functions

int tls_credential_add (sec_tag_t tag, enum tls_credential_type type, const void *cred, size_t credlen)
 Add a TLS credential.
 
int tls_credential_get (sec_tag_t tag, enum tls_credential_type type, void *cred, size_t *credlen)
 Get a TLS credential.
 
int tls_credential_delete (sec_tag_t tag, enum tls_credential_type type)
 Delete a TLS credential.
 

Detailed Description

TLS credentials management.

Typedef Documentation

◆ sec_tag_t

typedef int sec_tag_t

#include <zephyr/net/tls_credentials.h>

Secure tag, a reference to TLS credential.

Secure tag can be used to reference credential after it was registered in the system.

Note
Some TLS credentials come in pairs:
  • TLS_CREDENTIAL_SERVER_CERTIFICATE with TLS_CREDENTIAL_PRIVATE_KEY,
  • TLS_CREDENTIAL_PSK with TLS_CREDENTIAL_PSK_ID. Such pairs of credentials must be assigned the same secure tag to be correctly handled in the system.
Negative values are reserved for internal use.

Enumeration Type Documentation

◆ tls_credential_type

#include <zephyr/net/tls_credentials.h>

TLS credential types.

Enumerator
TLS_CREDENTIAL_NONE 

Unspecified credential.

TLS_CREDENTIAL_CA_CERTIFICATE 

A trusted CA certificate.

Use this to authenticate remote servers. Used with certificate-based ciphersuites.

TLS_CREDENTIAL_SERVER_CERTIFICATE 

A public server certificate.

Use this to register your own server certificate. Should be registered together with a corresponding private key. Used with certificate-based ciphersuites.

TLS_CREDENTIAL_PRIVATE_KEY 

Private key.

Should be registered together with a corresponding public certificate. Used with certificate-based ciphersuites.

TLS_CREDENTIAL_PSK 

Pre-shared key.

Should be registered together with a corresponding PSK identity. Used with PSK-based ciphersuites.

TLS_CREDENTIAL_PSK_ID 

Pre-shared key identity.

Should be registered together with a corresponding PSK. Used with PSK-based ciphersuites.

Function Documentation

◆ tls_credential_add()

int tls_credential_add ( sec_tag_t  tag,
enum tls_credential_type  type,
const void *  cred,
size_t  credlen 
)

#include <zephyr/net/tls_credentials.h>

Add a TLS credential.

This function adds a TLS credential, that can be used by TLS/DTLS for authentication.

Parameters
tagA security tag that credential will be referenced with.
typeA TLS/DTLS credential type.
credA TLS/DTLS credential.
credlenA TLS/DTLS credential length.
Return values
0TLS credential successfully added.
-EACCESAccess to the TLS credential subsystem was denied.
-ENOMEMNot enough memory to add new TLS credential.
-EEXISTTLS credential of specific tag and type already exists.

◆ tls_credential_delete()

int tls_credential_delete ( sec_tag_t  tag,
enum tls_credential_type  type 
)

#include <zephyr/net/tls_credentials.h>

Delete a TLS credential.

This function removes a TLS credential, referenced by tag secure tag of type.

Parameters
tagA security tag corresponding to removed credential.
typeA TLS/DTLS credential type of removed credential.
Return values
0TLS credential successfully deleted.
-EACCESAccess to the TLS credential subsystem was denied.
-ENOENTRequested TLS credential was not found.

◆ tls_credential_get()

int tls_credential_get ( sec_tag_t  tag,
enum tls_credential_type  type,
void *  cred,
size_t credlen 
)

#include <zephyr/net/tls_credentials.h>

Get a TLS credential.

This function gets an already registered TLS credential, referenced by tag secure tag of type.

Parameters
tagA security tag of requested credential.
typeA TLS/DTLS credential type of requested credential.
credA buffer for TLS/DTLS credential.
credlenA buffer size on input. TLS/DTLS credential length on output.
Return values
0TLS credential successfully obtained.
-EACCESAccess to the TLS credential subsystem was denied.
-ENOENTRequested TLS credential was not found.
-EFBIGRequested TLS credential does not fit in the buffer provided.