///////////////////////////////////////////////////////////////////////////////
//
// Copyright (c) 2000-2017 Ericsson Telecom AB
//
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// which accompanies this distribution, and is available at
// http://www.eclipse.org/legal/epl-v10.html
///////////////////////////////////////////////////////////////////////////////
//
//  File:               TLS_Handler.ttcn
//  Description:        Type and function definition for TLS
//  Rev:                <RnXnn>
//  Prodnr:             CNL 113 839
//

module TLS_Handler {

type enumerated TLS_op_result{TLS_OK, TLS_NEED_MORE_DATA,TLS_DATA_TO_SEND,TLS_ERROR}

// Creates a new TLS/SSL object. The created object should be suplied to the 
// handshake function.
external function TLS_New_object(in TLS_descriptor descr, // The parameters of the connection
                                 out integer object_id,   // The identifier of the created TLS object
                                 in integer user_idx := -1  // Transparent user data. Can be retrieved with TLS_get_user_idx() function
                                                            // A lower layer connection index can be stored here
                                                            // For example, the IPL4 connId of the connection used to send and receive data
                                                            // Or the index of the database which holds the user data can be stored here
                                 ) return TLS_op_result;

type enumerated TLS_method { TLS_method_TLS, TLS_method_DTLS }

type enumerated TLS_Supported_proto_versions { TLS_SSL3_VERSION, TLS_TLS1_VERSION, TLS_TLS1_1_VERSION, TLS_TLS1_2_VERSION , TLS_DTLS1_VERSION, TLS_DTLS1_2_VERSION}

// Parameters of the TLS 
type record TLS_descriptor {
  TLS_method  tls_method,  // Which method to use: TLS/SSL or DTLS?
  TLS_Supported_proto_versions min_supported_version optional,  // Minimum version of the supported protocol
  TLS_Supported_proto_versions max_supported_version optional,  // Maximum version of the supported protocol
  charstring  ssl_key_file optional,
  charstring  ssl_certificate_file optional,
  charstring  ssl_trustedCAlist_file optional,
  charstring  ssl_cipher_list optional,
  charstring  ssl_password optional,  // private key file password
  boolean     ssl_verify_certificate optional
}

// Dispose the TLS/SSL object.
external function TLS_Delete_object(in integer object_id) return TLS_op_result;

// Get or set the transparent user_idx
external function TLS_get_user_idx(in integer object_id, out integer user_idx) return TLS_op_result;
external function TLS_set_user_idx(in integer object_id, in integer user_idx) return TLS_op_result;

// Handshake function.
// Should be called repetadly until the handshake is finished.
// Input stream: The data received from peer
// Output stream: The data should be sent ot the peer
//
// return values:
//    TLS_OK:  handshake finshed
//    TLS_NEED_MORE_DATA: send the output stream to the peer if len >0,
//                        call the function again with more data from peer
//    TLS_DATA_TO_SEND: send the output stream to the peer, 
//                      and call the function again
//    TLS_ERROR:  soemthing went wrong.
external function TLS_Handshake(in integer object_id, // The object_id, created by the TLS_New_object
                                in boolean is_server, // True: server side, false: client side
                                in octetstring input_stream, // The input stream, data received from peer
                                out octetstring output_stream // the output stream. Send this to the peer if needed
                                ) return TLS_op_result;


// Encrypt data to send to the peer
// Should be called repetadly until returns TLS_OK.
// User data: The user data to send
// Input stream: The data received from peer
// Output stream: The data should be sent ot the peer
//
// return values:
//    TLS_OK: All of the user data is encrypted and ready to send. Send the output_stream to peer
//    TLS_NEED_MORE_DATA: send the output stream to the peer if len >0,
//                        call the function again with data from peer
//    TLS_DATA_TO_SEND: send the output stream to the peer, and call the function again.
//    TLS_ERROR:  soemthing went wrong.
//
// If the function should be called again, call it with the same user_data as used in the first time
external function TLS_Write(in integer object_id, // The object_id, created by the TLS_New_object
                                in octetstring user_data, // The user data to be encrypted.
                                in octetstring input_stream, // The input stream, data received from peer
                                out octetstring output_stream // the output stream. Send this to the peer if needed
                                ) return TLS_op_result;


// Decrypt received data to from the peer
// Should be called repetadly until returns TLS_NEED_MORE_DATA.
// The function return TLS_OK if it succefuly decrypted a TLS record,
// but the function should be called again to make sure all of the eceived
// TLS record are processed.
// User data: The user decypted user data
// Input stream: The data received from peer
// Output stream: The data should be sent ot the peer
//
// return values:
//    TLS_OK: All of the user data is decrypted and ready to be used.
//    TLS_NEED_MORE_DATA: send the output stream to the peer if len >0,
//                        call the function again with data from peer
//    TLS_DATA_TO_SEND: send the output stream to the peer, and call the function again.
//    TLS_ERROR:  soemthing went wrong.
//

external function TLS_Read(in integer object_id, // The object_id, created by the TLS_New_object
                                out octetstring user_data, // The user data to be encrypted.
                                in octetstring input_stream, // The input stream, data received from peer
                                out octetstring output_stream // the output stream. Send this to the peer if needed
                                ) return TLS_op_result;


}