Data Structures
struct	TEE_iSocket_s
	iSocket instance Please refer to GPD_SPE_100 specification for detailed description. Basic rules are following: More...

struct	TEE_tcpSocket_Setup_s
	TCP Setup structure. More...

struct	TEE_udpSocket_Setup_s
	UDP Setup structure. More...

struct	TEE_udpSocket_Change_s
	UDP change addr and port IOCTL structure. TEE_UDP_CHANGE* functions are implementation as synonims. Both server_addr and server_port must be provided for either call. In case of error returned Client should try to open new socket as usual. More...

struct	TEE_tlsSocket_PSK_Info_s
	Pre-Shared Key (PSK). When PSK is used, the TA needs to provide the key and a key identity to the TLS implementation. This structure holds that information Not supported. More...

struct	TEE_tlsSocket_SRP_Info_s
	Secure Remote Password (SRP). When SRP is used, the TA needs to provide the password and the user identity to the TLS implementation. This structure holds that information. Not supported. More...

struct	TEE_tlsSocket_ClientPDC_s
	This structure holds the opaque client certificate for the TA as well as the corresponding private key. This is used to provide pre-installed certificates for the TA authentication on Server. More...

struct	TEE_tlsSocket_ServerPDC_s
	If the server Root public key has been pre-distributed to the TA, this structure holds the TEE_ObjectHandle to that key. If desirable, Server Root credentials could be provided as bulkCertChain - this is GP specs extension. publicKey is used by default. More...

struct	TEE_tlsSocket_CertStorageCred_s
	Void type for future usage. Applications SHALL pass a NULL pointer. The intention is to have this structure hold handles or references to either trusted root certificates or a proper client certificate inside a future certificate storage of the TEE. More...

struct	TEE_tlsSocket_Credentials_s
	Structure holding server and client credentials. More...

union	TEE_tlsSocket_Credentials_s.__unnamed__

struct	TEE_tlsSocket_CallbackInfo_s
	Callback description structure. More...

struct	TEE_tlsSocket_Setup_s
	TLS Setup structure. More...

union	TEE_tlsSocket_Setup_s.__unnamed__

struct	TEE_tlsSocket_CB_Data_s
	IOCTL definitions. More...

Typedefs
typedef struct __TEE_iSocketHandle *	TEE_iSocketHandle
	iSocket context handle

typedef const struct TEE_iSocket_s	TEE_iSocket
	iSocket instance Please refer to GPD_SPE_100 specification for detailed description. Basic rules are following: More...

typedef enum TEE_ipSocket_ipVersion_e	TEE_ipSocket_ipVersion
	IP version.

typedef struct TEE_tcpSocket_Setup_s	TEE_tcpSocket_Setup
	TCP Setup structure.

typedef struct TEE_udpSocket_Setup_s	TEE_udpSocket_Setup
	UDP Setup structure.

typedef struct TEE_udpSocket_Change_s	TEE_udpSocket_Change
	UDP change addr and port IOCTL structure. TEE_UDP_CHANGE* functions are implementation as synonims. Both server_addr and server_port must be provided for either call. In case of error returned Client should try to open new socket as usual.

typedef struct __TEES_IwtHandle *	TEES_IwtHandle
	Handle representing active IWT connection. Must be treated as opaque structure.

typedef enum TEE_tlsSocket_tlsVersion_e	TEE_tlsSocket_tlsVersion
	TLS protocol version to use.

typedef enum TEE_tlsSocket_CipherSuites_e	TEE_tlsSocket_CipherSuites
	Cryptosuite ID definitions.

typedef struct TEE_tlsSocket_PSK_Info_s	TEE_tlsSocket_PSK_Info
	Pre-Shared Key (PSK). When PSK is used, the TA needs to provide the key and a key identity to the TLS implementation. This structure holds that information Not supported.

typedef struct TEE_tlsSocket_SRP_Info_s	TEE_tlsSocket_SRP_Info
	Secure Remote Password (SRP). When SRP is used, the TA needs to provide the password and the user identity to the TLS implementation. This structure holds that information. Not supported.

typedef struct TEE_tlsSocket_ClientPDC_s	TEE_tlsSocket_ClientPDC
	This structure holds the opaque client certificate for the TA as well as the corresponding private key. This is used to provide pre-installed certificates for the TA authentication on Server.

typedef struct TEE_tlsSocket_ServerPDC_s	TEE_tlsSocket_ServerPDC
	If the server Root public key has been pre-distributed to the TA, this structure holds the TEE_ObjectHandle to that key. If desirable, Server Root credentials could be provided as bulkCertChain - this is GP specs extension. publicKey is used by default.

typedef struct TEE_tlsSocket_CertStorageCred_s	TEE_tlsSocket_CertStorageCred
	Void type for future usage. Applications SHALL pass a NULL pointer. The intention is to have this structure hold handles or references to either trusted root certificates or a proper client certificate inside a future certificate storage of the TEE.

typedef enum TEE_tlsSocket_ClientCredentialType_e	TEE_tlsSocket_ClientCredentialType
	This specifies what kind of client credentials the TA has.

typedef enum TEE_tlsSocket_ServerCredentialType_e	TEE_tlsSocket_ServerCredentialType
	This specifies what kind of server credentials a remote node has.

typedef struct TEE_tlsSocket_Credentials_s	TEE_tlsSocket_Credentials
	Structure holding server and client credentials.

typedef enum TEE_tlsSocket_CallbackReasonType_e	TEE_tlsSocket_CallbackReasonType
	Callback types.

typedef struct TEE_tlsSocket_CallbackInfo_s	TEE_tlsSocket_CallbackInfo
	Callback description structure.

typedef TEE_Result(*	TEE_tlsCallback) (TEE_iSocketHandle ctx, TEE_tlsSocket_CallbackInfo cbInfo, void cbData, uint32_t *cbDataLength)
	Callback function. This is specification extension. Used to allow client perform custom checks of certificate chain, OCSP response. etc. cbData buffer is valid only in the callback context.

typedef enum TEE_tlsSocket_StatusRequestType_e	TEE_tlsSocket_StatusRequestType
	OCSP stapling certificate status request type.

typedef enum TEE_tlsSocket_ExtensionFlags_e	TEE_tlsSocket_ExtensionFlags
	Certificate/OCSP validation mode and callback control flags.

typedef struct TEE_tlsSocket_Setup_s	TEE_tlsSocket_Setup
	TLS Setup structure.

typedef struct TEE_tlsSocket_CB_Data_s	TEE_tlsSocket_CB_Data
	IOCTL definitions. More...

Enumerations
enum	{ TEE_ISOCKET_ERROR_PROTOCOL = 0xF1007001, TEE_ISOCKET_ERROR_REMOTE_CLOSED = 0xF1007002, TEE_ISOCKET_ERROR_TIMEOUT = 0xF1007003, TEE_ISOCKET_ERROR_OUT_OF_RESOURCES = 0xF1007004, TEE_ISOCKET_ERROR_LARGE_BUFFER = 0xF1007005, TEE_ISOCKET_WARNING_PROTOCOL = 0xF1007006, TEE_ISOCKET_ERROR_HOSTNAME = 0xF1007007 }
	iSocket common errors More...

enum	{ TEE_ISOCKET_SERVER_NAME_MAX_LENGTH = 255 }
	Maximum server IPv4 address string lemgth. More...

enum	TEE_ipSocket_ipVersion_e { TEE_IP_VERSION_DC = 0, TEE_IP_VERSION_4 = 1, TEE_IP_VERSION_6 = 2 }
	IP version. More...

enum	{ TEE_ISOCKET_TCP_API_VERSION = 0x01010000 }
	TCP iSocket API version. Used to enshure API structures matching. More...

enum	{ TEE_ISOCKET_PROTOCOLID_TCP = 0x65 }
	TCP Protocol identifier. More...

enum	{ TEE_ISOCKET_TCP_WARNING_UNKNOWN_OUT_OF_BAND = 0xF1010002 }
	TCP Instance specific errors. More...

enum	{ TEE_ISOCKET_UDP_API_VERSION = 0x01000000 }
	UDP iSocket API version. Used to enshure API structures matching. More...

enum	{ TEE_ISOCKET_PROTOCOLID_UDP = 0x66 }
	UDP Protocol identifier. More...

enum	{ TEE_ISOCKET_UDP_WARNING_UNKNOWN_OUT_OF_BAND = 0xF1020002 }
	UDP Instance specific errors. More...

enum	{ TEE_UDP_CHANGEADDR = 0x66000001, TEE_UDP_CHANGEPORT = 0x66000002 }
	UDP IOCTL codes.

enum	{ TEES_IWT_LISTENER_NAME_MAX_LENGTH = 91 }
	TEES_IWT_LISTENER_NAME_MAX_LENGTH. More...

enum	protocol_error_code { NO_ERROR = 0, TEE_ISOCKET_IWC_ERROR_CHANNEL = 0x81000000, TEE_ISOCKET_IWC_ERROR_TIMEOUT = 0x81000001, TEE_ISOCKET_IWC_ERROR_NOT_IMPLEMENTED = 0x81000002, TEE_ISOCKET_IWC_ERROR_INVALID_VERSION = 0x81000003, TEE_ISOCKET_IWC_ERROR_SWD_CLIENT_AUTH_FAILED = 0x81000004, TEE_ISOCKET_NET_ERROR_GENERIC = 0x81010000, TEE_ISOCKET_NET_ERROR_BAD_PARAMETERS = 0x81010001, TEE_ISOCKET_NET_ERROR_BUFFER_TOO_SMALL = 0x81010002, TEE_ISOCKET_NET_ERROR_LARGE_BUFFER = 0x81010003, TEE_ISOCKET_NET_ERROR_OUT_OF_RESOURCES = 0x81010004, TEE_ISOCKET_NET_ERROR_OUT_OF_MEMORY = 0x81010005, TEE_ISOCKET_NET_ERROR_HOSTNAME_UNKNOWN = 0x81010006, TEE_ISOCKET_NET_ERROR_HOSTNAME_NOTRESOLVED = 0x81010007, TEE_ISOCKET_NET_ERROR_HOSTNAME_TRYAGAIN = 0x81010008, TEE_ISOCKET_NET_ERROR_COMMUNICATION = 0x81010009, TEE_ISOCKET_NET_ERROR_CONNECTION_REFUSED = 0x8101000A, TEE_ISOCKET_NET_ERROR_NET_UNREACHABLE = 0x8101000B, TEE_ISOCKET_NET_ERROR_REMOTE_CLOSED = 0x8101000C, TEE_ISOCKET_NET_ERROR_TIMEOUT = 0x8101000D, TEE_ISOCKET_NET_ERROR_DATA_REMAIN = 0x8101000E, TEE_ISOCKET_TLS_ERROR_CERT_PARSING = 0x80000000, TEE_ISOCKET_TLS_ERROR_CRL_PARSING = 0x80000001, TEE_ISOCKET_TLS_ERROR_CERT_EXPIRED = 0x80000002, TEE_ISOCKET_TLS_ERROR_CERT_SIGN_VERIFICATION = 0x80000003, TEE_ISOCKET_TLS_ERROR_ECDHE_GEN_KEY = 0x81030010, TEE_ISOCKET_TLS_ERROR_ECDHE_SHARED_SECRET = 0x81030011, TEE_ISOCKET_TLS_ERROR_ECDHE_UNSUPPORTED_CURVE = 0x81030012, TEE_ISOCKET_TLS_ERROR_ECDHE_SERIALIZING = 0x81030013, TEE_ISOCKET_TLS_ERROR_CERT_COMMON_NAME_VERIFICATION = 0x81030014, TEE_ISOCKET_TLS_ERROR_UNEXPECTED_MESSAGE = 0x81030015, TEE_ISOCKET_TLS_ERROR_HANDSHAKE_UNEXPECTED_PARAMETER = 0x81030016, TEE_ISOCKET_TLS_ERROR_CERT_IS_TOO_LONG = 0x81030017, TEE_ISOCKET_TLS_ERROR_NO_ALERT_PRESENT = 0x81030018, TEE_ISOCKET_TLS_ERROR_ALERT_PENDING = 0x81030019, TEE_ISOCKET_TLS_ERROR_USER_CANCELED = 0x8103001A, TEE_ISOCKET_TLS_ERROR_CERT_UNKNOWN_CA = 0x8103001B, TEE_ISOCKET_TLS_ERROR_CERT_UNSUPPORTED = 0x8103001C, TEE_ISOCKET_TLS_ERROR_CERT_REVOKED = 0x8103001D, TEE_ISOCKET_TLS_ERROR_CERT_STATUS_UNKNOWN = 0x8103001E, TEE_ISOCKET_TLS_ALERT_CLOSE_NOTIFY = 0x81031000, TEE_ISOCKET_TLS_ALERT_UNEXPECTED_MSG = 0x81031010, TEE_ISOCKET_TLS_ALERT_BAD_RECORD_MAC = 0x81031020, TEE_ISOCKET_TLS_ALERT_DECRYPT_FAILED = 0x81031021, TEE_ISOCKET_TLS_ALERT_RECORD_OVERFLOW = 0x81031022, TEE_ISOCKET_TLS_ALERT_DECOMP_FAILED = 0x81031030, TEE_ISOCKET_TLS_ALERT_HANDSHAKE_FAILED = 0x81031040, TEE_ISOCKET_TLS_ALERT_NO_CERTIFICATE = 0x81031041, TEE_ISOCKET_TLS_ALERT_BAD_CERTIFICATE = 0x81031042, TEE_ISOCKET_TLS_ALERT_UNSUPPORTED_CERT = 0x81031043, TEE_ISOCKET_TLS_ALERT_CERT_REVOKED = 0x81031044, TEE_ISOCKET_TLS_ALERT_CERT_EXPIRED = 0x81031045, TEE_ISOCKET_TLS_ALERT_CERT_UNKNOWN = 0x81031046, TEE_ISOCKET_TLS_ALERT_ILLEGAL_PARAMETER = 0x81031047, TEE_ISOCKET_TLS_ALERT_UNKNOWN_CA = 0x81031048, TEE_ISOCKET_TLS_ALERT_ACCESS_DENIED = 0x81031049, TEE_ISOCKET_TLS_ALERT_DECODE_ERROR = 0x81031050, TEE_ISOCKET_TLS_ALERT_DECRYPT_ERROR = 0x81031051, TEE_ISOCKET_TLS_ALERT_EXPORT_RESTRICTED = 0x81031060, TEE_ISOCKET_TLS_ALERT_PROTOCOL_VERSION = 0x81031070, TEE_ISOCKET_TLS_ALERT_INSUFFICIENT_SECURITY = 0x81031071, TEE_ISOCKET_TLS_ALERT_INTERNAL_ERROR = 0x81031080, TEE_ISOCKET_TLS_ALERT_INAPPROPRIATE_FALLBACK = 0x81031086, TEE_ISOCKET_TLS_ALERT_USER_CANCELED = 0x81031090, TEE_ISOCKET_TLS_ALERT_NO_RENEGOTIATION = 0x81031100, TEE_ISOCKET_TLS_ALERT_MISSING_EXTENSION = 0x81031109, TEE_ISOCKET_TLS_ALERT_UNSUPPORTED_EXTENSION = 0x81031110, TEE_ISOCKET_TLS_ALERT_CERT_UNOBTAINABLE = 0x81031111, TEE_ISOCKET_TLS_ALERT_UNRECOGNIZED_NAME = 0x81031112, TEE_ISOCKET_TLS_ALERT_BAD_CERT_STATUS_RESPONSE = 0x81031113, TEE_ISOCKET_TLS_ALERT_BAD_CERT_HASH_VALUE = 0x81031114, TEE_ISOCKET_TLS_ALERT_UNKNOWN_PSK_IDENTITY = 0x81031115, TEE_ISOCKET_TLS_ALERT_CERT_REQUIRED = 0x81031116 }
	Propriate protocol specific error codes. According to GPD_SPE_010 specification, TEE error code range 0x80000000..0x8FFFFFFF is reserved for implementation specific error. In addition, TEE Socket Subsystem considers protocol errors as specification extension and includes specification ID into code: 0x8 \| 3 digit BCD spec ID \| error code. More...

enum	{ TEE_ISOCKET_TLS_API_VERSION = 0x01030000 }
	TLS iSocket API version. Used to enshure API structures matching. More...

enum	{ TEE_ISOCKET_PROTOCOLID_TLS = 0x67 }
	TLS Protocol identifier. More...

enum	{ TEE_ISOCKET_TLS_ERROR_REJECTED_SUITE = 0xF1030001, TEE_ISOCKET_TLS_ERROR_VERSION = 0xF1030002, TEE_ISOCKET_TLS_ERROR_UNSUPPORTED_SUITE = 0xF1030003, TEE_ISOCKET_TLS_ERROR_HANDSHAKE = 0xF1030004, TEE_ISOCKET_TLS_ERROR_AUTHENTICATION = 0xF1030005, TEE_ISOCKET_TLS_ERROR_DATA = 0xF1030006 }
	TLS Instance specific errors. More...

enum	TEE_tlsSocket_tlsVersion_e { TEE_TLS_VERSION_ALL = 0, TEE_TLS_VERSION_1v2 = 1 }
	TLS protocol version to use. More...

enum	TEE_tlsSocket_CipherSuites_e { TLS_NULL_WITH_NULL_NULL = 0x0000, TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016, TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F, TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032, TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033, TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035, TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038, TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039, TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C, TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B, TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B, TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C, TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D, TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F, TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090, TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091, TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093, TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094, TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095, TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C, TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3, TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8, TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9, TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA, TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB, TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC, TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD, TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE, TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF, TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2, TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3, TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6, TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014, TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A, TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B, TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C, TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D, TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E, TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F, TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020, TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021, TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030, TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034, TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035, TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036, TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037, TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038, TLS_RSA_WITH_AES_128_CCM = 0xC09C, TLS_RSA_WITH_AES_256_CCM = 0xC09D, TLS_DHE_RSA_WITH_AES_128_CCM = 0xC09E, TLS_DHE_RSA_WITH_AES_256_CCM = 0xC09F, TLS_PSK_WITH_AES_128_CCM = 0xC0A4, TLS_PSK_WITH_AES_256_CCM = 0xC0A5, TLS_DHE_PSK_WITH_AES_128_CCM = 0xC0A6, TLS_DHE_PSK_WITH_AES_256_CCM = 0xC0A7 }
	Cryptosuite ID definitions.

enum	TEE_tlsSocket_ClientCredentialType_e { TEE_TLS_CLIENT_CRED_NONE = 0, TEE_TLS_CLIENT_CRED_PDC = 1, TEE_TLS_CLIENT_CRED_CSC = 2 }
	This specifies what kind of client credentials the TA has. More...

enum	TEE_tlsSocket_ServerCredentialType_e { TEE_TLS_SERVER_CRED_PDC = 0, TEE_TLS_SERVER_CRED_CSC = 1 }
	This specifies what kind of server credentials a remote node has. More...

enum	TEE_tlsSocket_CallbackReasonType_e { TEE_ISOCKET_TLS_CB_CHECK_CERT_CHAIN = 1, TEE_ISOCKET_TLS_CB_BAD_CERT_CHAIN = 2, TEE_ISOCKET_TLS_CB_CHECK_OCSP_STATUS = 11, TEE_ISOCKET_TLS_CB_UNKNOWN_OCSP_STATUS = 12, TEE_ISOCKET_TLS_CB_REVOKED_OCSP_STATUS = 13 }
	Callback types. More...

enum	TEE_tlsSocket_StatusRequestType_e { TEE_ISOCKET_TLS_OCSP_STATUS_REQUEST_NO = 0, TEE_ISOCKET_TLS_OCSP_STATUS_REQUEST = 1 }
	OCSP stapling certificate status request type. More...

enum	TEE_tlsSocket_ExtensionFlags_e { TEE_ISOCKET_TLS_CERT_NAME_CHECK_CLIENT = 0x00000001, TEE_ISOCKET_TLS_CERT_KEYUSAGE_CHECK_CLIENT = 0x00000002, TEE_ISOCKET_TLS_CERT_NOTIFY_CLIENT = 0x00000004, TEE_ISOCKET_TLS_OCSP_CHECK_CLIENT = 0x00010000, TEE_ISOCKET_TLS_OCSP_CHECK_ADVISORY = 0x00020000, TEE_ISOCKET_TLS_OCSP_CHECK_MANDATORY = 0x00040000 }
	Certificate/OCSP validation mode and callback control flags. More...

enum	{ TEE_ISOCKET_TLS_MAX_ALPN_LIST_LENGTH = 16 }

enum	{ TEE_TLS_BINDING_INFO = 0x67000001 }
	IOCTL codes.

Functions
TEE_Result	TEES_IwtOpenChannel (const char listenerName, TEES_IwtHandle iwtCtx)
	Open interworld transport (IWT) connection (channel) to the NWd Listener "listenerName". More...

TEE_Result	TEES_IwtWrite (TEES_IwtHandle iwtCtx, const void buf, uint32_t length)
	Write `length` bytes from `buf` to the active IWT connection `iwtCtx`. More...

TEE_Result	TEES_IwtRead (TEES_IwtHandle iwtCtx, void buf, uint32_t length)
	Read `length` bytes to `buf` from the active IWT connection `iwtCtx`. More...

TEE_Result	TEES_IwtCloseChannel (TEES_IwtHandle iwtCtx)
	Close active IWT connection `iwtCtx`. More...

Variables
const TEE_iSocket *const	TEE_tcpSocket
	Public TCP instance pointer.

const TEE_iSocket *const	TEE_udpSocket
	Public UDP instance pointer.

const TEE_iSocket *const	TEE_tlsSocket
	Public TLS instance pointer.

Detailed Description

Data Structure Documentation

struct TEE_iSocket_s

iSocket instance Please refer to GPD_SPE_100 specification for detailed description. Basic rules are following:

Specific Interface instance structure is exported from its shared library by dedicated pointer (TEE_tcpSocket for TCP and TEE_tlsSocket for TLS);
Each protocol connection starts with open() and ends with close() call and is reperesented by TEE_iSocketHandle context (ctx);
ctx is [out] parameter for open() and [in] for other functions;
setup [in] is pointer to protocol specific structure (TEE_tcpSocket_Setup or TEE_tlsSocket_Setup);
buf is [in] for send(), [out] for recv() and [in,out] for ioctl(), length is [in,out] and other parameters are [in];
NULL parameters are not valide except for close();
*length = 0 is not valid for recv()/send().

Data Fields
uint32_t	TEE_iSocketVersion

uint8_t	protocolID

TEE_Result(*	open )(TEE_iSocketHandle ctx, void setup, uint32_t *protocolError)

TEE_Result(*	close )(TEE_iSocketHandle ctx)

TEE_Result(*	send )(TEE_iSocketHandle ctx, const void buf, uint32_t length, uint32_t timeout)

TEE_Result(*	recv )(TEE_iSocketHandle ctx, void buf, uint32_t length, uint32_t timeout)

uint32_t(*	error )(TEE_iSocketHandle ctx)

TEE_Result(*	ioctl )(TEE_iSocketHandle ctx, uint32_t commandCode, void buf, uint32_t length)

Field Documentation

TEE_Result(* TEE_iSocket_s::close) (TEE_iSocketHandle ctx)

used to close connection

uint32_t(* TEE_iSocket_s::error) (TEE_iSocketHandle ctx)

used to get specific protocol error in case of TEE_ISOCKET_ERROR_PROTOCOL

TEE_Result(* TEE_iSocket_s::ioctl) (TEE_iSocketHandle ctx, uint32_t commandCode, void *buf, uint32_t *length)

used to send ioctl to opened connection

TEE_Result(* TEE_iSocket_s::open) (TEE_iSocketHandle *ctx, void *setup, uint32_t *protocolError)

used to open connection

uint8_t TEE_iSocket_s::protocolID

Protocol identifier

TEE_Result(* TEE_iSocket_s::recv) (TEE_iSocketHandle ctx, void *buf, uint32_t *length, uint32_t timeout)

used to recvest data over opened connection

TEE_Result(* TEE_iSocket_s::send) (TEE_iSocketHandle ctx, const void *buf, uint32_t *length, uint32_t timeout)

used to send data over opened connection

uint32_t TEE_iSocket_s::TEE_iSocketVersion

The specification version number

struct TEE_tcpSocket_Setup_s

TCP Setup structure.

Data Fields
uint32_t	apiVersion	Must be TEE_ISOCKET_TCP_API_VERSION
TEE_ipSocket_ipVersion	ipVersion	Must be TEE_IP_VERSION_4
uint32_t	openTimeout	Connection open timeout
char *	server_addr	Pointer to IPv4 address or DNS name string e.g., "10.0.0.5", "www.samsung.com"
int	server_port	Server port

struct TEE_udpSocket_Setup_s

UDP Setup structure.

Data Fields
uint32_t	apiVersion	Must be TEE_ISOCKET_UDP_API_VERSION
TEE_ipSocket_ipVersion	ipVersion	Must be TEE_IP_VERSION_4
uint32_t	openTimeout	Connection open timeout
char *	server_addr	Pointer to IPv4 address or DNS name string e.g., "10.0.0.5", "www.samsung.com"
int	server_port	Server port

struct TEE_udpSocket_Change_s

UDP change addr and port IOCTL structure. TEE_UDP_CHANGE* functions are implementation as synonims. Both server_addr and server_port must be provided for either call. In case of error returned Client should try to open new socket as usual.

Data Fields
char	server_addr[TEE_ISOCKET_SERVER_NAME_MAX_LENGTH]	IPv4 address or DNS name string
int	server_port	Server port

struct TEE_tlsSocket_PSK_Info_s

Pre-Shared Key (PSK). When PSK is used, the TA needs to provide the key and a key identity to the TLS implementation. This structure holds that information Not supported.

Data Fields
char *	pskIdentity
TEE_ObjectHandle	pskKey

struct TEE_tlsSocket_SRP_Info_s

Secure Remote Password (SRP). When SRP is used, the TA needs to provide the password and the user identity to the TLS implementation. This structure holds that information. Not supported.

Data Fields
char *	srpIdentity
char *	srpPassword

struct TEE_tlsSocket_ClientPDC_s

This structure holds the opaque client certificate for the TA as well as the corresponding private key. This is used to provide pre-installed certificates for the TA authentication on Server.

Data Fields
char *	bulkCertChain
uint32_t	bulkSize
TEE_ObjectHandle	privateKey

struct TEE_tlsSocket_ServerPDC_s

If the server Root public key has been pre-distributed to the TA, this structure holds the TEE_ObjectHandle to that key. If desirable, Server Root credentials could be provided as bulkCertChain - this is GP specs extension. publicKey is used by default.

Data Fields
char *	bulkCertChain
uint32_t	bulkSize
TEE_ObjectHandle	publicKey

struct TEE_tlsSocket_CertStorageCred_s

Void type for future usage. Applications SHALL pass a NULL pointer. The intention is to have this structure hold handles or references to either trusted root certificates or a proper client certificate inside a future certificate storage of the TEE.

struct TEE_tlsSocket_Credentials_s

Structure holding server and client credentials.

Data Fields
union TEE_tlsSocket_Credentials_s	__unnamed__
union TEE_tlsSocket_Credentials_s	__unnamed__
TEE_tlsSocket_ClientCredentialType	clientCredType	Client credentials provisioning type
TEE_tlsSocket_ServerCredentialType	serverCredType	Server credentials provisioning type

union TEE_tlsSocket_Credentials_s.__unnamed__

Data Fields
TEE_tlsSocket_CertStorageCred *	rootCertStore	Certificate storage - for future extention
TEE_tlsSocket_ServerPDC *	serverCred	Predistributed (explicitly provided)

struct TEE_tlsSocket_CallbackInfo_s

Callback description structure.

Data Fields
uint32_t	protocolError
TEE_tlsSocket_CallbackReasonType	reason
TEE_Result	result

struct TEE_tlsSocket_Setup_s

TLS Setup structure.

Data Fields
union TEE_tlsSocket_Setup_s	__unnamed__	PSK or SRP - not supported
TEE_tlsSocket_tlsVersion	acceptServerVersion	TLS version, MUST be TEE_TLS_VERSION_1v2
TEE_tlsSocket_CipherSuites *	allowedCipherSuites	Pointer to an array of allowed cipher suites terminated by the constant 0 (TLS_NULL_WITH_NULL_NULL). If suite is not supported it will be ignored. If noone suite in the list is supported the error will be returned.
char **	alpnList	ALPN TLS extension (RFC 7301). OPTIONAL. List of maximum TEE_ISOCKET_TLS_MAX_ALPN_LIST_LENGTH null terminated strings terminated with extra NULL pointer
uint32_t	apiVersion	Must be set to TEE_ISOCKET_TLS_API_VERSION
TEE_iSocketHandle *	baseContext	Lower level connection handle. Should be pointer according to GP Spec
TEE_iSocket *	baseSocket	Pointer to the lower level protocol (TCP) instance
TEE_tlsSocket_Credentials *	credentials	Server certificate and Client certificate
TEE_tlsSocket_ExtensionFlags	extFlags	TEE TLS extension options control flags. Callback must be set as well
TEE_tlsSocket_StatusRequestType	ocspStatusType	OCSP stapling certificate status request type. The only supported type is TEE_ISOCKET_TLS_OCSP_STATUS_REQUEST (RFC 6066). The Server must support this extension else handshake will fail. To be correcly verified OCSP response should be signed with Responder certificate provided with response. Responder certificate must be marked as id-pkix-ocsp-nocheck or must be signed with the second CA from Server certificate chain or with Root certificate. Response valid age is one week. Client is responsible to verify all other response types/cases itself.
char *	serverName	Pointer to Server fully qualified DNS hostname string. OPTIONAL. Is used: 1) in Server Name Indication TLS Extension (RFC 6066); 2) to check matching with Subject IDs in Server certificate if TEE_ISOCKET_TLS_CERT_NAME_CHECK flag is set in extFlags: check order is: DNS ID, CN ID; leftmost '' label in CERTIFICATE name is supported, e.g. ".testserver.com". If Client requires other check rules than implemented, it could set this field to NULL or clear TEE_ISOCKET_TLS_CERT_NAME_CHECK flag and perform required verification in callback.
TEE_tlsCallback	tlsCallback	Callback function address (optional). Appropriate flags must be set in TEE_tlsSocket_ExtensionFlags. TEE_ISOCKET_TLS_CB_BAD_CERT_CHAIN and TEE_ISOCKET_TLS_CB_BAD_OCSP_STATUS callback reasons are informative only (hint for Client). In these cases callback return code will be ignored and handshake aborted with appropriate error. For all other callback reasons Client could return TEE_SUCCESS to continue with handshake or any TEE_ERROR_* in which case the handshake will be aborted with the USER_CANCEL like error.

union TEE_tlsSocket_Setup_s.__unnamed__

Data Fields
TEE_tlsSocket_PSK_Info *	PSKInfo	Pre-Shared secret key - not supported
TEE_tlsSocket_SRP_Info *	SRPInfo	Secure Remote Password - not supported

struct TEE_tlsSocket_CB_Data_s

IOCTL definitions.

This structure is returned in the output buffer by the ioctl function TEE_TLS_BINDING_INFO. It provides “TLS-Unique” channel binding information according to [RFC 5929].

Data Fields
uint8_t	cb_data[]
uint32_t	cb_data_size

Typedef Documentation

typedef const struct TEE_iSocket_s TEE_iSocket

#include <tee_isocket.h>

iSocket instance Please refer to GPD_SPE_100 specification for detailed description. Basic rules are following:

Specific Interface instance structure is exported from its shared library by dedicated pointer (TEE_tcpSocket for TCP and TEE_tlsSocket for TLS);
Each protocol connection starts with open() and ends with close() call and is reperesented by TEE_iSocketHandle context (ctx);
ctx is [out] parameter for open() and [in] for other functions;
setup [in] is pointer to protocol specific structure (TEE_tcpSocket_Setup or TEE_tlsSocket_Setup);
buf is [in] for send(), [out] for recv() and [in,out] for ioctl(), length is [in,out] and other parameters are [in];
NULL parameters are not valide except for close();
*length = 0 is not valid for recv()/send().

typedef struct TEE_tlsSocket_CB_Data_s TEE_tlsSocket_CB_Data

#include <tee_tlssocket.h>

IOCTL definitions.

This structure is returned in the output buffer by the ioctl function TEE_TLS_BINDING_INFO. It provides “TLS-Unique” channel binding information according to [RFC 5929].

Enumeration Type Documentation

anonymous enum

#include <tee_isocket.h>

iSocket common errors

Enumerator
TEE_ISOCKET_ERROR_PROTOCOL	Protocol specific error. Use error() function to get detailed code
TEE_ISOCKET_ERROR_REMOTE_CLOSED	The remote host has closed the connection
TEE_ISOCKET_ERROR_TIMEOUT	Timeout occures. Not fatal error
TEE_ISOCKET_ERROR_OUT_OF_RESOURCES	Failed to allocate resources for the socket
TEE_ISOCKET_ERROR_LARGE_BUFFER	Buffer is too large to be sent in one datagram
TEE_ISOCKET_WARNING_PROTOCOL	Protocol specific warning. Not fatal error. Use error() function
TEE_ISOCKET_ERROR_HOSTNAME	The provided hostname cannot be resolved

anonymous enum

#include <tee_isocket.h>

Maximum server IPv4 address string lemgth.

Enumerator
TEE_ISOCKET_SERVER_NAME_MAX_LENGTH	Maximum server IPv4 address string lemgth

anonymous enum

#include <tee_tcpsocket.h>

TCP iSocket API version. Used to enshure API structures matching.

Enumerator
TEE_ISOCKET_TCP_API_VERSION	Currently supported version

anonymous enum

#include <tee_tcpsocket.h>

TCP Protocol identifier.

Enumerator
TEE_ISOCKET_PROTOCOLID_TCP	GP TCP protocol ID

anonymous enum

#include <tee_tcpsocket.h>

TCP Instance specific errors.

Enumerator
TEE_ISOCKET_TCP_WARNING_UNKNOWN_OUT_OF_BAND	A protocol message was received that is not supported

anonymous enum

#include <tee_udpsocket.h>

UDP iSocket API version. Used to enshure API structures matching.

Enumerator
TEE_ISOCKET_UDP_API_VERSION	Currently supported version

anonymous enum

#include <tee_udpsocket.h>

UDP Protocol identifier.

Enumerator
TEE_ISOCKET_PROTOCOLID_UDP	GP UDP protocol ID

anonymous enum

#include <tee_udpsocket.h>

UDP Instance specific errors.

Enumerator
TEE_ISOCKET_UDP_WARNING_UNKNOWN_OUT_OF_BAND	A protocol message was received that is not supported

anonymous enum

#include <tees_iwt.h>

TEES_IWT_LISTENER_NAME_MAX_LENGTH.

Enumerator
TEES_IWT_LISTENER_NAME_MAX_LENGTH	The maximum allowed listener name length

anonymous enum

#include <tee_tlssocket.h>

TLS iSocket API version. Used to enshure API structures matching.

Enumerator
TEE_ISOCKET_TLS_API_VERSION	Currently supported version

anonymous enum

#include <tee_tlssocket.h>

TLS Protocol identifier.

Enumerator
TEE_ISOCKET_PROTOCOLID_TLS	GP TLS protocol ID

anonymous enum

#include <tee_tlssocket.h>

TLS Instance specific errors.

Enumerator
TEE_ISOCKET_TLS_ERROR_REJECTED_SUITE	The server rejected all the offered cipher suites
TEE_ISOCKET_TLS_ERROR_VERSION	The server only supports lower version of TLS than allowed
TEE_ISOCKET_TLS_ERROR_UNSUPPORTED_SUITE	Cryptosuite is not implemented or supported
TEE_ISOCKET_TLS_ERROR_HANDSHAKE	An error occurred during the TLS handshake
TEE_ISOCKET_TLS_ERROR_AUTHENTICATION	The server could not be authenticated
TEE_ISOCKET_TLS_ERROR_DATA	Wrong formatted or not anticipated data

enum protocol_error_code

#include <protocol_errors.h>

Propriate protocol specific error codes. According to GPD_SPE_010 specification, TEE error code range 0x80000000..0x8FFFFFFF is reserved for implementation specific error. In addition, TEE Socket Subsystem considers protocol errors as specification extension and includes specification ID into code: 0x8 | 3 digit BCD spec ID | error code.

Enumerator
TEE_ISOCKET_IWC_ERROR_CHANNEL	IWC Fatal error. Connection could not be used anymore and must be closed
TEE_ISOCKET_IWC_ERROR_TIMEOUT	IWC watchdog timeout. Fatal error. Connection must be closed
TEE_ISOCKET_IWC_ERROR_NOT_IMPLEMENTED	Proxy function is not implemented
TEE_ISOCKET_IWC_ERROR_INVALID_VERSION	Communication channel structure version mismatch
TEE_ISOCKET_IWC_ERROR_SWD_CLIENT_AUTH_FAILED	Client TA authentication failed
TEE_ISOCKET_NET_ERROR_GENERIC	Connection generic error
TEE_ISOCKET_NET_ERROR_BAD_PARAMETERS	Bad parameters
TEE_ISOCKET_NET_ERROR_BUFFER_TOO_SMALL	Buffer too small
TEE_ISOCKET_NET_ERROR_LARGE_BUFFER	Buffer too large
TEE_ISOCKET_NET_ERROR_OUT_OF_RESOURCES	Could not allocate socket resources
TEE_ISOCKET_NET_ERROR_OUT_OF_MEMORY	Not enough memory
TEE_ISOCKET_NET_ERROR_HOSTNAME_UNKNOWN	Unknown host
TEE_ISOCKET_NET_ERROR_HOSTNAME_NOTRESOLVED	Unknown host name
TEE_ISOCKET_NET_ERROR_HOSTNAME_TRYAGAIN	Host currently unavailable, try again later
TEE_ISOCKET_NET_ERROR_COMMUNICATION	Connection error EIO
TEE_ISOCKET_NET_ERROR_CONNECTION_REFUSED	Connection refused
TEE_ISOCKET_NET_ERROR_NET_UNREACHABLE	Unknown or unreachable network
TEE_ISOCKET_NET_ERROR_REMOTE_CLOSED	Remote host closed connection
TEE_ISOCKET_NET_ERROR_TIMEOUT	Connection timeout
TEE_ISOCKET_NET_ERROR_DATA_REMAIN	Data remain
TEE_ISOCKET_TLS_ERROR_CERT_PARSING	Certificate parsing error. The same as TEE_ERROR_CERT_PARSING
TEE_ISOCKET_TLS_ERROR_CRL_PARSING	Certificate parsing error. The same as TEE_ERROR_CRL_PARSING
TEE_ISOCKET_TLS_ERROR_CERT_EXPIRED	Certificate expired. The same as TEE_ERROR_CERT_EXPIRED
TEE_ISOCKET_TLS_ERROR_CERT_SIGN_VERIFICATION	Certificate sign verification error. The same as TEE_ERROR_CERT_VERIFICATION
TEE_ISOCKET_TLS_ERROR_ECDHE_GEN_KEY	ECDHE key generation error
TEE_ISOCKET_TLS_ERROR_ECDHE_SHARED_SECRET	Shared secrete calculation error
TEE_ISOCKET_TLS_ERROR_ECDHE_UNSUPPORTED_CURVE	Unsupported EC curve
TEE_ISOCKET_TLS_ERROR_ECDHE_SERIALIZING	ECDHE parameters serialization error
TEE_ISOCKET_TLS_ERROR_CERT_COMMON_NAME_VERIFICATION	Certificate Common Name verification failed
TEE_ISOCKET_TLS_ERROR_UNEXPECTED_MESSAGE	Unkown, bad formatted or unexpected TLS handshake message
TEE_ISOCKET_TLS_ERROR_HANDSHAKE_UNEXPECTED_PARAMETER	Handshake unexpected parameter
TEE_ISOCKET_TLS_ERROR_CERT_IS_TOO_LONG	Certificate is too long
TEE_ISOCKET_TLS_ERROR_NO_ALERT_PRESENT	No alert recieved from peer
TEE_ISOCKET_TLS_ERROR_ALERT_PENDING	Alert pending
TEE_ISOCKET_TLS_ERROR_USER_CANCELED	Certificate chain is rejected by Client TA
TEE_ISOCKET_TLS_ERROR_CERT_UNKNOWN_CA	Wrong CA in certificate chain
TEE_ISOCKET_TLS_ERROR_CERT_UNSUPPORTED	Certificate has not supported attributes
TEE_ISOCKET_TLS_ERROR_CERT_REVOKED	Certificate revoked
TEE_ISOCKET_TLS_ERROR_CERT_STATUS_UNKNOWN	Unknown certificate revocation status
TEE_ISOCKET_TLS_ALERT_CLOSE_NOTIFY	Connection will be closed
TEE_ISOCKET_TLS_ALERT_UNEXPECTED_MSG	Unexpected TLS handshake message
TEE_ISOCKET_TLS_ALERT_BAD_RECORD_MAC	Bad message MAC
TEE_ISOCKET_TLS_ALERT_DECRYPT_FAILED	Message decryption failed
TEE_ISOCKET_TLS_ALERT_RECORD_OVERFLOW	Record overflow
TEE_ISOCKET_TLS_ALERT_DECOMP_FAILED	Message decompression failed
TEE_ISOCKET_TLS_ALERT_HANDSHAKE_FAILED	Handshake failed
TEE_ISOCKET_TLS_ALERT_NO_CERTIFICATE	No certificate recieved
TEE_ISOCKET_TLS_ALERT_BAD_CERTIFICATE	Bad certificate recieved
TEE_ISOCKET_TLS_ALERT_UNSUPPORTED_CERT	Unsupported certificate format/parameters
TEE_ISOCKET_TLS_ALERT_CERT_REVOKED	Certificate revoked
TEE_ISOCKET_TLS_ALERT_CERT_EXPIRED	Unsupported certificate
TEE_ISOCKET_TLS_ALERT_CERT_UNKNOWN	Unknown certificate
TEE_ISOCKET_TLS_ALERT_ILLEGAL_PARAMETER	Illegal parameter
TEE_ISOCKET_TLS_ALERT_UNKNOWN_CA	Unknown certificate CA
TEE_ISOCKET_TLS_ALERT_ACCESS_DENIED	Access denied
TEE_ISOCKET_TLS_ALERT_DECODE_ERROR	Message decode error
TEE_ISOCKET_TLS_ALERT_DECRYPT_ERROR	Message decryption error
TEE_ISOCKET_TLS_ALERT_EXPORT_RESTRICTED	Export restricted
TEE_ISOCKET_TLS_ALERT_PROTOCOL_VERSION	Unsupported TLS version
TEE_ISOCKET_TLS_ALERT_INSUFFICIENT_SECURITY	Too vulnarable TLS version
TEE_ISOCKET_TLS_ALERT_INTERNAL_ERROR	Internal error
TEE_ISOCKET_TLS_ALERT_INAPPROPRIATE_FALLBACK	Invalid connection retry attempt from a client
TEE_ISOCKET_TLS_ALERT_USER_CANCELED	Canceled by user
TEE_ISOCKET_TLS_ALERT_NO_RENEGOTIATION	Renegotiation error
TEE_ISOCKET_TLS_ALERT_MISSING_EXTENSION	Missing extension
TEE_ISOCKET_TLS_ALERT_UNSUPPORTED_EXTENSION	Unsupported extension
TEE_ISOCKET_TLS_ALERT_CERT_UNOBTAINABLE	Client certificate unobtainable
TEE_ISOCKET_TLS_ALERT_UNRECOGNIZED_NAME	Wrong server name specified
TEE_ISOCKET_TLS_ALERT_BAD_CERT_STATUS_RESPONSE	Bad OCSP response
TEE_ISOCKET_TLS_ALERT_BAD_CERT_HASH_VALUE	Bar client certificate hash
TEE_ISOCKET_TLS_ALERT_UNKNOWN_PSK_IDENTITY	Unknown PSK identity
TEE_ISOCKET_TLS_ALERT_CERT_REQUIRED	Client certificate not provided

enum TEE_ipSocket_ipVersion_e

#include <tee_isocket.h>

IP version.

Enumerator
TEE_IP_VERSION_DC	Either IP version - not supported
TEE_IP_VERSION_4	IPv4 - the only supported IP protocol version
TEE_IP_VERSION_6	IPv6 - not supported

enum TEE_tlsSocket_CallbackReasonType_e

#include <tee_tlssocket.h>

Callback types.

Enumerator
TEE_ISOCKET_TLS_CB_CHECK_CERT_CHAIN	Check server certificate chain
TEE_ISOCKET_TLS_CB_BAD_CERT_CHAIN	Bad server certificate chain - informative only
TEE_ISOCKET_TLS_CB_CHECK_OCSP_STATUS	Check OCSP response
TEE_ISOCKET_TLS_CB_UNKNOWN_OCSP_STATUS	Unknown OCSP response status
TEE_ISOCKET_TLS_CB_REVOKED_OCSP_STATUS	Revoked OCSP response status obtained

enum TEE_tlsSocket_ClientCredentialType_e

#include <tee_tlssocket.h>

This specifies what kind of client credentials the TA has.

Enumerator
TEE_TLS_CLIENT_CRED_NONE	No client credentials
TEE_TLS_CLIENT_CRED_PDC	Predistributed (explicitly provided)
TEE_TLS_CLIENT_CRED_CSC	Certificate storage - for future extention

enum TEE_tlsSocket_ExtensionFlags_e

#include <tee_tlssocket.h>

Certificate/OCSP validation mode and callback control flags.

Enumerator
TEE_ISOCKET_TLS_CERT_NAME_CHECK_CLIENT	Client will perform Server name check
TEE_ISOCKET_TLS_CERT_KEYUSAGE_CHECK_CLIENT	Client will perform key usage check
TEE_ISOCKET_TLS_CERT_NOTIFY_CLIENT	Call Client callback at any case
TEE_ISOCKET_TLS_OCSP_CHECK_CLIENT	Client will perform OCSP stapling response check
TEE_ISOCKET_TLS_OCSP_CHECK_ADVISORY	Check OCSP stapling response but let Client decide
TEE_ISOCKET_TLS_OCSP_CHECK_MANDATORY	Fail if OCSP status unknown or revoked but notify Client

enum TEE_tlsSocket_ServerCredentialType_e

#include <tee_tlssocket.h>

This specifies what kind of server credentials a remote node has.

Enumerator
TEE_TLS_SERVER_CRED_PDC	Predistributed (explicitly provided)
TEE_TLS_SERVER_CRED_CSC	Certificate storage - for future extention

enum TEE_tlsSocket_StatusRequestType_e

#include <tee_tlssocket.h>

OCSP stapling certificate status request type.

Enumerator
TEE_ISOCKET_TLS_OCSP_STATUS_REQUEST_NO	No certificate status request
TEE_ISOCKET_TLS_OCSP_STATUS_REQUEST	OCSP stapling certificate status request - RFC 6066

enum TEE_tlsSocket_tlsVersion_e

#include <tee_tlssocket.h>

TLS protocol version to use.

Enumerator
TEE_TLS_VERSION_ALL	Any supported TLS protocol version. Only TLS 1.2 is supported
TEE_TLS_VERSION_1v2	TLS 1.2 protocol version - the only supported version

Function Documentation

TEE_Result TEES_IwtCloseChannel ( TEES_IwtHandle iwtCtx )

#include <tees_iwt.h>

Close active IWT connection iwtCtx.

Parameters

[in] iwtCtx Handle representing active IWT connection

Return values

TEE_SUCCESS	no error
TEE_ERROR_*	on failure

TEE_Result TEES_IwtOpenChannel	(	const char *	listenerName,
		TEES_IwtHandle *	iwtCtx
	)

#include <tees_iwt.h>

Open interworld transport (IWT) connection (channel) to the NWd Listener "listenerName".

Parameters

[in]	listenerName	Pointer to an array storing Listener name. Listener name must correspond to Listener's UNIX domain socket, which must have following name: /dev/socket/iwt/"listenerName". Listener name length must not exceed TEES_IWT_LISTENER_NAME_MAX_LENGTH
[out]	iwtCtx	Pointer to the handle representing active IWT connection

Return values

TEE_SUCCESS	no error
TEE_ERROR_*	on failure

TEE_Result TEES_IwtRead	(	TEES_IwtHandle	iwtCtx,
		void *	buf,
		uint32_t *	length
	)

#include <tees_iwt.h>

Read length bytes to buf from the active IWT connection iwtCtx.

Parameters

[in]	iwtCtx	Handle representing active IWT connection
[in]	buf	Pointer to buffer containing data to be read
[in,out]	length	pointer to data length to be read on input and actually read on output

Return values

TEE_SUCCESS	no error
TEE_ERROR_*	on failure

TEE_Result TEES_IwtWrite	(	TEES_IwtHandle	iwtCtx,
		const void *	buf,
		uint32_t *	length
	)

#include <tees_iwt.h>

Write length bytes from buf to the active IWT connection iwtCtx.

Parameters

[in]	iwtCtx	Handle representing active IWT connection
[in]	buf	Pointer to buffer containing data to be written
[in,out]	length	pointer to data length to be written on input and actually written on output

Return values

TEE_SUCCESS	no error
TEE_ERROR_*	on failure

Data Structures

Typedefs

Enumerations

Functions

Variables

Detailed Description

Data Structure Documentation

Data Fields

Field Documentation

Typedef Documentation

Enumeration Type Documentation

Function Documentation