tls.h File Reference

TLS (Transport Layer Security) More...

#include "os_port.h"
#include "core/crypto.h"
#include "tls_config.h"
#include "tls_legacy.h"
#include "tls13_misc.h"
#include "dtls_misc.h"
#include "mac/hmac.h"
#include "pkc/rsa.h"
#include "pkc/dsa.h"
#include "ecc/ecdsa.h"
#include "pkc/dh.h"
#include "ecc/ecdh.h"
#include "aead/gcm.h"

Go to the source code of this file.

Data Structures

struct  TlsCipherSuiteInfo
 Structure describing a cipher suite. More...
 
struct  TlsSessionState
 TLS session state. More...
 
struct  TlsCache
 Session cache. More...
 
struct  TlsCertDesc
 Certificate descriptor. More...
 
struct  TlsHelloExtensions
 Hello extensions. More...
 
struct  TlsEncryptionEngine
 Encryption engine. More...
 
struct  _TlsContext
 TLS context. More...
 

Macros

#define TlsContext   struct _TlsContext
 
#define SSL_VERSION_3_0   0x0300
 
#define TLS_VERSION_1_0   0x0301
 
#define TLS_VERSION_1_1   0x0302
 
#define TLS_VERSION_1_2   0x0303
 
#define TLS_VERSION_1_3_DRAFT(version)   (0x7F00 + (version))
 
#define TLS_VERSION_1_3   0x0304
 
#define TLS_SUPPORT   ENABLED
 
#define TLS_CLIENT_SUPPORT   ENABLED
 
#define TLS_SERVER_SUPPORT   ENABLED
 
#define TLS_MIN_VERSION   TLS_VERSION_1_0
 
#define TLS_MAX_VERSION   TLS_VERSION_1_2
 
#define TLS_SESSION_RESUME_SUPPORT   ENABLED
 
#define TLS_SESSION_CACHE_LIFETIME   3600000
 
#define TLS_TICKET_SUPPORT   DISABLED
 
#define TLS_TICKET_LIFETIME   3600000
 
#define TLS_SNI_SUPPORT   ENABLED
 
#define TLS_MAX_FRAG_LEN_SUPPORT   DISABLED
 
#define TLS_RECORD_SIZE_LIMIT_SUPPORT   ENABLED
 
#define TLS_ALPN_SUPPORT   DISABLED
 
#define TLS_EXT_MASTER_SECRET_SUPPORT   ENABLED
 
#define TLS_CLIENT_HELLO_PADDING_SUPPORT   ENABLED
 
#define TLS_SIGN_ALGOS_CERT_SUPPORT   DISABLED
 
#define TLS_RAW_PUBLIC_KEY_SUPPORT   DISABLED
 
#define TLS_SECURE_RENEGOTIATION_SUPPORT   DISABLED
 
#define TLS_FALLBACK_SCSV_SUPPORT   DISABLED
 
#define TLS_ECC_CALLBACK_SUPPORT   DISABLED
 
#define TLS_MAX_CERTIFICATES   3
 
#define TLS_RSA_KE_SUPPORT   ENABLED
 
#define TLS_DHE_RSA_KE_SUPPORT   ENABLED
 
#define TLS_DHE_DSS_KE_SUPPORT   DISABLED
 
#define TLS_DH_ANON_KE_SUPPORT   DISABLED
 
#define TLS_ECDHE_RSA_KE_SUPPORT   ENABLED
 
#define TLS_ECDHE_ECDSA_KE_SUPPORT   ENABLED
 
#define TLS_ECDH_ANON_KE_SUPPORT   DISABLED
 
#define TLS_PSK_KE_SUPPORT   DISABLED
 
#define TLS_RSA_PSK_KE_SUPPORT   DISABLED
 
#define TLS_DHE_PSK_KE_SUPPORT   DISABLED
 
#define TLS_ECDHE_PSK_KE_SUPPORT   DISABLED
 
#define TLS_RSA_SIGN_SUPPORT   ENABLED
 
#define TLS_RSA_PSS_SIGN_SUPPORT   ENABLED
 
#define TLS_DSA_SIGN_SUPPORT   DISABLED
 
#define TLS_ECDSA_SIGN_SUPPORT   ENABLED
 
#define TLS_EDDSA_SIGN_SUPPORT   DISABLED
 
#define TLS_NULL_CIPHER_SUPPORT   DISABLED
 
#define TLS_STREAM_CIPHER_SUPPORT   DISABLED
 
#define TLS_CBC_CIPHER_SUPPORT   ENABLED
 
#define TLS_CCM_CIPHER_SUPPORT   DISABLED
 
#define TLS_CCM_8_CIPHER_SUPPORT   DISABLED
 
#define TLS_GCM_CIPHER_SUPPORT   ENABLED
 
#define TLS_CHACHA20_POLY1305_SUPPORT   DISABLED
 
#define TLS_RC4_SUPPORT   DISABLED
 
#define TLS_IDEA_SUPPORT   DISABLED
 
#define TLS_DES_SUPPORT   DISABLED
 
#define TLS_3DES_SUPPORT   DISABLED
 
#define TLS_AES_SUPPORT   ENABLED
 
#define TLS_CAMELLIA_SUPPORT   DISABLED
 
#define TLS_SEED_SUPPORT   DISABLED
 
#define TLS_ARIA_SUPPORT   DISABLED
 
#define TLS_MD5_SUPPORT   DISABLED
 
#define TLS_SHA1_SUPPORT   ENABLED
 
#define TLS_SHA224_SUPPORT   DISABLED
 
#define TLS_SHA256_SUPPORT   ENABLED
 
#define TLS_SHA384_SUPPORT   ENABLED
 
#define TLS_SHA512_SUPPORT   DISABLED
 
#define TLS_FFDHE_SUPPORT   DISABLED
 
#define TLS_FFDHE2048_SUPPORT   ENABLED
 
#define TLS_FFDHE3072_SUPPORT   DISABLED
 
#define TLS_FFDHE4096_SUPPORT   DISABLED
 
#define TLS_SECP160K1_SUPPORT   DISABLED
 
#define TLS_SECP160R1_SUPPORT   DISABLED
 
#define TLS_SECP160R2_SUPPORT   DISABLED
 
#define TLS_SECP192K1_SUPPORT   DISABLED
 
#define TLS_SECP192R1_SUPPORT   DISABLED
 
#define TLS_SECP224K1_SUPPORT   DISABLED
 
#define TLS_SECP224R1_SUPPORT   DISABLED
 
#define TLS_SECP256K1_SUPPORT   DISABLED
 
#define TLS_SECP256R1_SUPPORT   ENABLED
 
#define TLS_SECP384R1_SUPPORT   ENABLED
 
#define TLS_SECP521R1_SUPPORT   DISABLED
 
#define TLS_BRAINPOOLP256R1_SUPPORT   DISABLED
 
#define TLS_BRAINPOOLP384R1_SUPPORT   DISABLED
 
#define TLS_BRAINPOOLP512R1_SUPPORT   DISABLED
 
#define TLS_X25519_SUPPORT   DISABLED
 
#define TLS_X448_SUPPORT   DISABLED
 
#define TLS_ED25519_SUPPORT   ENABLED
 
#define TLS_ED448_SUPPORT   DISABLED
 
#define TLS_CERT_KEY_USAGE_SUPPORT   ENABLED
 
#define TLS_KEY_LOG_SUPPORT   DISABLED
 
#define TLS_MAX_SERVER_NAME_LEN   255
 
#define TLS_MIN_DH_MODULUS_SIZE   1024
 
#define TLS_MAX_DH_MODULUS_SIZE   4096
 
#define TLS_MIN_RSA_MODULUS_SIZE   1024
 
#define TLS_MAX_RSA_MODULUS_SIZE   4096
 
#define TLS_MIN_DSA_MODULUS_SIZE   1024
 
#define TLS_MAX_DSA_MODULUS_SIZE   4096
 
#define TLS_PREMASTER_SECRET_SIZE   256
 
#define TLS_MAX_WARNING_ALERTS   0
 
#define TLS_MAX_EMPTY_RECORDS   0
 
#define TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES   0
 
#define TLS_MAX_KEY_UPDATE_MESSAGES   0
 
#define tlsAllocMem(size)   osAllocMem(size)
 
#define tlsFreeMem(p)   osFreeMem(p)
 
#define TLS_DH_SUPPORT   ENABLED
 
#define TLS_ECDH_SUPPORT   ENABLED
 
#define TLS_RSA_SUPPORT   ENABLED
 
#define TLS_PSK_SUPPORT   ENABLED
 
#define TLS_MAX_HKDF_DIGEST_SIZE   48
 
#define tlsSetSocket(context, socket)
 
#define TLS_MIN_RECORD_LENGTH   512
 
#define TLS_MAX_RECORD_LENGTH   16384
 
#define TLS_MAX_RECORD_OVERHEAD   512
 
#define TLS_MASTER_SECRET_SIZE   48
 
#define TLS_FLAG_BREAK(c)   (TLS_FLAG_BREAK_CHAR | LSB(c))
 

Typedefs

struct {
   uint8_t   b [8]
 
TlsSequenceNumber
 Sequence number. More...
 
typedef uint16_t TlsCipherSuite
 Cipher suite. More...
 
struct {
   uint16_t   length
 
   uint16_t   value []
 
TlsCipherSuites
 Cipher suites. More...
 
typedef uint8_t TlsCompressMethod
 Compression method. More...
 
struct {
   uint8_t   length
 
   uint8_t   value []
 
TlsCompressMethods
 Compression methods. More...
 
struct {
   uint8_t   hash
 
   uint8_t   signature
 
TlsSignHashAlgo
 Signature algorithm. More...
 
struct {
   uint16_t   length
 
   TlsSignHashAlgo   value []
 
TlsSignHashAlgos
 List of signature algorithms. More...
 
struct {
   uint8_t   length [3]
 
   uint8_t   value []
 
TlsCertificateList
 List of certificates. More...
 
struct {
   uint16_t   length
 
   uint8_t   value []
 
TlsCertAuthorities
 List of certificate authorities. More...
 
struct {
   uint16_t   type
 
   uint16_t   length
 
   uint8_t   value []
 
TlsExtension
 TLS extension. More...
 
struct {
   uint16_t   length
 
   uint8_t   value []
 
TlsExtensionList
 List of TLS extensions. More...
 
struct {
   uint8_t   length
 
   uint16_t   value []
 
TlsSupportedVersionList
 List of supported versions. More...
 
struct {
   uint8_t   type
 
   uint16_t   length
 
   char_t   hostname []
 
TlsServerName
 Server name. More...
 
struct {
   uint16_t   length
 
   uint8_t   value []
 
TlsServerNameList
 List of server names. More...
 
struct {
   uint8_t   length
 
   char_t   value []
 
TlsProtocolName
 Protocol name. More...
 
struct {
   uint16_t   length
 
   uint8_t   value []
 
TlsProtocolNameList
 List of protocol names. More...
 
struct {
   uint16_t   length
 
   uint16_t   value []
 
TlsSupportedGroupList
 List of supported groups. More...
 
struct {
   uint8_t   length
 
   uint8_t   value []
 
TlsEcPointFormatList
 List of supported EC point formats. More...
 
struct {
   uint8_t   length
 
   uint8_t   value []
 
TlsCertTypeList
 List of supported certificate types. More...
 
struct {
   uint8_t   length
 
   uint8_t   value []
 
TlsRenegoInfo
 Renegotiated connection. More...
 
struct {
   uint16_t   length
 
   uint8_t   value []
 
TlsPskIdentity
 PSK identity. More...
 
struct {
   uint16_t   length
 
   uint8_t   value []
 
TlsPskIdentityHint
 PSK identity hint. More...
 
struct {
   uint16_t   length
 
   uint8_t   value []
 
TlsDigitalSignature
 Digitally-signed element (SSL 3.0, TLS 1.0 and TLS 1.1) More...
 
struct {
   TlsSignHashAlgo   algorithm
 
   uint16_t   length
 
   uint8_t   value []
 
Tls12DigitalSignature
 Digitally-signed element (TLS 1.2) More...
 
struct {
   uint8_t   type
 
   uint16_t   version
 
   uint16_t   length
 
   uint8_t   data []
 
TlsRecord
 TLS record. More...
 
struct {
   uint8_t   msgType
 
   uint8_t   length [3]
 
   uint8_t   data []
 
TlsHandshake
 TLS handshake message. More...
 
typedef void TlsHelloRequest
 HelloRequest message. More...
 
struct {
   uint16_t   clientVersion
 
   uint8_t   random [32]
 
   uint8_t   sessionIdLen
 
   uint8_t   sessionId []
 
TlsClientHello
 ClientHello message. More...
 
struct {
   uint16_t   serverVersion
 
   uint8_t   random [32]
 
   uint8_t   sessionIdLen
 
   uint8_t   sessionId []
 
TlsServerHello
 ServerHello message. More...
 
typedef void TlsCertificate
 Certificate message. More...
 
typedef void TlsServerKeyExchange
 ServerKeyExchange message. More...
 
struct {
   uint8_t   certificateTypesLen
 
   uint8_t   certificateTypes []
 
TlsCertificateRequest
 CertificateRequest message. More...
 
typedef void TlsServerHelloDone
 ServerHelloDone message. More...
 
typedef void TlsClientKeyExchange
 ClientKeyExchange message. More...
 
typedef void TlsCertificateVerify
 CertificateVerify message. More...
 
typedef void TlsFinished
 Finished message. More...
 
struct {
   uint8_t   type
 
TlsChangeCipherSpec
 ChangeCipherSpec message. More...
 
struct {
   uint8_t   level
 
   uint8_t   description
 
TlsAlert
 Alert message. More...
 
typedef void * TlsSocketHandle
 Socket handle. More...
 
typedef error_t(* TlsSocketSendCallback) (TlsSocketHandle handle, const void *data, size_t length, size_t *written, uint_t flags)
 Socket send callback function. More...
 
typedef error_t(* TlsSocketReceiveCallback) (TlsSocketHandle handle, void *data, size_t size, size_t *received, uint_t flags)
 Socket receive callback function. More...
 
typedef error_t(* TlsPskCallback) (TlsContext *context, const uint8_t *pskIdentity, size_t pskIdentityLen)
 Pre-shared key callback function. More...
 
typedef error_t(* TlsRpkVerifyCallback) (TlsContext *context, const uint8_t *rawPublicKey, size_t rawPublicKeyLen)
 Raw public key verification callback function. More...
 
typedef error_t(* TlsTicketEncryptCallback) (TlsContext *context, const uint8_t *plaintext, size_t plaintextLen, uint8_t *ciphertext, size_t *ciphertextLen, void *params)
 Ticket encryption callback function. More...
 
typedef error_t(* TlsTicketDecryptCallback) (TlsContext *context, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen, void *params)
 Ticket decryption callback function. More...
 
typedef error_t(* TlsEcdhCallback) (TlsContext *context)
 ECDH key agreement callback function. More...
 
typedef error_t(* TlsEcdsaSignCallback) (TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
 ECDSA signature generation callback function. More...
 
typedef error_t(* TlsEcdsaVerifyCallback) (TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
 ECDSA signature verification callback function. More...
 
typedef void(* TlsKeyLogCallback) (TlsContext *context, const char_t *key)
 Key logging callback function (for debugging purpose only) More...
 

Enumerations

enum  TlsTransportProtocol { TLS_TRANSPORT_PROTOCOL_STREAM = 0, TLS_TRANSPORT_PROTOCOL_DATAGRAM = 1 }
 TLS transport protocols. More...
 
enum  TlsConnectionEnd { TLS_CONNECTION_END_CLIENT = 0, TLS_CONNECTION_END_SERVER = 1 }
 TLS connection end. More...
 
enum  TlsClientAuthMode { TLS_CLIENT_AUTH_NONE = 0, TLS_CLIENT_AUTH_OPTIONAL = 1, TLS_CLIENT_AUTH_REQUIRED = 2 }
 Client authentication mode. More...
 
enum  TlsEarlyDataStatus { TLS_EARLY_DATA_REJECTED = 0, TLS_EARLY_DATA_ACCEPTED = 1 }
 Early data status. More...
 
enum  TlsFlags {
  TLS_FLAG_PEEK = 0x0200, TLS_FLAG_WAIT_ALL = 0x0800, TLS_FLAG_BREAK_CHAR = 0x1000, TLS_FLAG_BREAK_CRLF = 0x100A,
  TLS_FLAG_WAIT_ACK = 0x2000, TLS_FLAG_NO_DELAY = 0x4000, TLS_FLAG_DELAY = 0x8000
}
 Flags used by read and write functions. More...
 
enum  TlsContentType {
  TLS_TYPE_NONE = 0, TLS_TYPE_CHANGE_CIPHER_SPEC = 20, TLS_TYPE_ALERT = 21, TLS_TYPE_HANDSHAKE = 22,
  TLS_TYPE_APPLICATION_DATA = 23, TLS_TYPE_HEARTBEAT = 24, TLS_TYPE_ACK = 25
}
 Content type. More...
 
enum  TlsMessageType {
  TLS_TYPE_HELLO_REQUEST = 0, TLS_TYPE_CLIENT_HELLO = 1, TLS_TYPE_SERVER_HELLO = 2, TLS_TYPE_HELLO_VERIFY_REQUEST = 3,
  TLS_TYPE_NEW_SESSION_TICKET = 4, TLS_TYPE_END_OF_EARLY_DATA = 5, TLS_TYPE_HELLO_RETRY_REQUEST = 6, TLS_TYPE_ENCRYPTED_EXTENSIONS = 8,
  TLS_TYPE_CERTIFICATE = 11, TLS_TYPE_SERVER_KEY_EXCHANGE = 12, TLS_TYPE_CERTIFICATE_REQUEST = 13, TLS_TYPE_SERVER_HELLO_DONE = 14,
  TLS_TYPE_CERTIFICATE_VERIFY = 15, TLS_TYPE_CLIENT_KEY_EXCHANGE = 16, TLS_TYPE_FINISHED = 20, TLS_TYPE_CERTIFICATE_URL = 21,
  TLS_TYPE_CERTIFICATE_STATUS = 22, TLS_TYPE_SUPPLEMENTAL_DATA = 23, TLS_TYPE_KEY_UPDATE = 24, TLS_TYPE_MESSAGE_HASH = 254
}
 Handshake message type. More...
 
enum  TlsAlertLevel { TLS_ALERT_LEVEL_WARNING = 1, TLS_ALERT_LEVEL_FATAL = 2 }
 Alert level. More...
 
enum  TlsAlertDescription {
  TLS_ALERT_CLOSE_NOTIFY = 0, TLS_ALERT_UNEXPECTED_MESSAGE = 10, TLS_ALERT_BAD_RECORD_MAC = 20, TLS_ALERT_DECRYPTION_FAILED = 21,
  TLS_ALERT_RECORD_OVERFLOW = 22, TLS_ALERT_DECOMPRESSION_FAILURE = 30, TLS_ALERT_HANDSHAKE_FAILURE = 40, TLS_ALERT_NO_CERTIFICATE = 41,
  TLS_ALERT_BAD_CERTIFICATE = 42, TLS_ALERT_UNSUPPORTED_CERTIFICATE = 43, TLS_ALERT_CERTIFICATE_REVOKED = 44, TLS_ALERT_CERTIFICATE_EXPIRED = 45,
  TLS_ALERT_CERTIFICATE_UNKNOWN = 46, TLS_ALERT_ILLEGAL_PARAMETER = 47, TLS_ALERT_UNKNOWN_CA = 48, TLS_ALERT_ACCESS_DENIED = 49,
  TLS_ALERT_DECODE_ERROR = 50, TLS_ALERT_DECRYPT_ERROR = 51, TLS_ALERT_EXPORT_RESTRICTION = 60, TLS_ALERT_PROTOCOL_VERSION = 70,
  TLS_ALERT_INSUFFICIENT_SECURITY = 71, TLS_ALERT_INTERNAL_ERROR = 80, TLS_ALERT_INAPPROPRIATE_FALLBACK = 86, TLS_ALERT_USER_CANCELED = 90,
  TLS_ALERT_NO_RENEGOTIATION = 100, TLS_ALERT_MISSING_EXTENSION = 109, TLS_ALERT_UNSUPPORTED_EXTENSION = 110, TLS_ALERT_CERTIFICATE_UNOBTAINABLE = 111,
  TLS_ALERT_UNRECOGNIZED_NAME = 112, TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE = 113, TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE = 114, TLS_ALERT_UNKNOWN_PSK_IDENTITY = 115,
  TLS_ALERT_NO_APPLICATION_PROTOCOL = 120
}
 Alert description. More...
 
enum  TlsCompressMethodList { TLS_COMPRESSION_METHOD_NULL = 0, TLS_COMPRESSION_METHOD_DEFLATE = 1 }
 Compression methods. More...
 
enum  TlsKeyExchMethod {
  TLS_KEY_EXCH_NONE = 0, TLS_KEY_EXCH_RSA = 1, TLS_KEY_EXCH_DH_RSA = 2, TLS_KEY_EXCH_DHE_RSA = 3,
  TLS_KEY_EXCH_DH_DSS = 4, TLS_KEY_EXCH_DHE_DSS = 5, TLS_KEY_EXCH_DH_ANON = 6, TLS_KEY_EXCH_ECDH_RSA = 7,
  TLS_KEY_EXCH_ECDHE_RSA = 8, TLS_KEY_EXCH_ECDH_ECDSA = 9, TLS_KEY_EXCH_ECDHE_ECDSA = 10, TLS_KEY_EXCH_ECDH_ANON = 11,
  TLS_KEY_EXCH_PSK = 12, TLS_KEY_EXCH_RSA_PSK = 13, TLS_KEY_EXCH_DHE_PSK = 14, TLS_KEY_EXCH_ECDHE_PSK = 15,
  TLS_KEY_EXCH_SRP_SHA = 16, TLS_KEY_EXCH_SRP_SHA_RSA = 17, TLS_KEY_EXCH_SRP_SHA_DSS = 18, TLS13_KEY_EXCH_DHE = 19,
  TLS13_KEY_EXCH_ECDHE = 20, TLS13_KEY_EXCH_PSK = 21, TLS13_KEY_EXCH_PSK_DHE = 22, TLS13_KEY_EXCH_PSK_ECDHE = 23
}
 Key exchange methods. More...
 
enum  TlsCertificateFormat { TLS_CERT_FORMAT_X509 = 0, TLS_CERT_FORMAT_OPEN_PGP = 1, TLS_CERT_FORMAT_RAW_PUBLIC_KEY = 2 }
 Certificate formats. More...
 
enum  TlsCertificateType {
  TLS_CERT_NONE = 0, TLS_CERT_RSA_SIGN = 1, TLS_CERT_DSS_SIGN = 2, TLS_CERT_RSA_FIXED_DH = 3,
  TLS_CERT_DSS_FIXED_DH = 4, TLS_CERT_RSA_EPHEMERAL_DH = 5, TLS_CERT_DSS_EPHEMERAL_DH = 6, TLS_CERT_FORTEZZA_DMS = 20,
  TLS_CERT_ECDSA_SIGN = 64, TLS_CERT_RSA_FIXED_ECDH = 65, TLS_CERT_ECDSA_FIXED_ECDH = 66, TLS_CERT_RSA_PSS_SIGN = 256,
  TLS_CERT_ED25519_SIGN = 257, TLS_CERT_ED448_SIGN = 258
}
 Certificate types. More...
 
enum  TlsHashAlgo {
  TLS_HASH_ALGO_NONE = 0, TLS_HASH_ALGO_MD5 = 1, TLS_HASH_ALGO_SHA1 = 2, TLS_HASH_ALGO_SHA224 = 3,
  TLS_HASH_ALGO_SHA256 = 4, TLS_HASH_ALGO_SHA384 = 5, TLS_HASH_ALGO_SHA512 = 6, TLS_HASH_ALGO_INTRINSIC = 8
}
 Hash algorithms. More...
 
enum  TlsSignatureAlgo {
  TLS_SIGN_ALGO_ANONYMOUS = 0, TLS_SIGN_ALGO_RSA = 1, TLS_SIGN_ALGO_DSA = 2, TLS_SIGN_ALGO_ECDSA = 3,
  TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA256 = 4, TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA384 = 5, TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA512 = 6, TLS_SIGN_ALGO_ED25519 = 7,
  TLS_SIGN_ALGO_ED448 = 8, TLS_SIGN_ALGO_RSA_PSS_PSS_SHA256 = 9, TLS_SIGN_ALGO_RSA_PSS_PSS_SHA384 = 10, TLS_SIGN_ALGO_RSA_PSS_PSS_SHA512 = 11
}
 Signature algorithms. More...
 
enum  TlsExtensionType {
  TLS_EXT_SERVER_NAME = 0, TLS_EXT_MAX_FRAGMENT_LENGTH = 1, TLS_EXT_CLIENT_CERTIFICATE_URL = 2, TLS_EXT_TRUSTED_CA_KEYS = 3,
  TLS_EXT_TRUNCATED_HMAC = 4, TLS_EXT_STATUS_REQUEST = 5, TLS_EXT_USER_MAPPING = 6, TLS_EXT_CLIENT_AUTHZ = 7,
  TLS_EXT_SERVER_AUTHZ = 8, TLS_EXT_CERT_TYPE = 9, TLS_EXT_SUPPORTED_GROUPS = 10, TLS_EXT_EC_POINT_FORMATS = 11,
  TLS_EXT_SRP = 12, TLS_EXT_SIGNATURE_ALGORITHMS = 13, TLS_EXT_USE_SRTP = 14, TLS_EXT_HEARTBEAT = 15,
  TLS_EXT_ALPN = 16, TLS_EXT_STATUS_REQUEST_V2 = 17, TLS_EXT_SIGNED_CERT_TIMESTAMP = 18, TLS_EXT_CLIENT_CERT_TYPE = 19,
  TLS_EXT_SERVER_CERT_TYPE = 20, TLS_EXT_PADDING = 21, TLS_EXT_ENCRYPT_THEN_MAC = 22, TLS_EXT_EXTENDED_MASTER_SECRET = 23,
  TLS_EXT_CACHED_INFO = 25, TLS_EXT_RECORD_SIZE_LIMIT = 28, TLS_EXT_SESSION_TICKET = 35, TLS_EXT_PRE_SHARED_KEY = 41,
  TLS_EXT_EARLY_DATA = 42, TLS_EXT_SUPPORTED_VERSIONS = 43, TLS_EXT_COOKIE = 44, TLS_EXT_PSK_KEY_EXCHANGE_MODES = 45,
  TLS_EXT_CERTIFICATE_AUTHORITIES = 47, TLS_EXT_OID_FILTERS = 48, TLS_EXT_POST_HANDSHAKE_AUTH = 49, TLS_EXT_SIGNATURE_ALGORITHMS_CERT = 50,
  TLS_EXT_KEY_SHARE = 51, TLS_EXT_RENEGOTIATION_INFO = 65281
}
 TLS extension types. More...
 
enum  TlsNameType { TLS_NAME_TYPE_HOSTNAME = 0 }
 Name type. More...
 
enum  TlsMaxFragmentLength { TLS_MAX_FRAGMENT_LENGTH_512 = 1, TLS_MAX_FRAGMENT_LENGTH_1024 = 2, TLS_MAX_FRAGMENT_LENGTH_2048 = 3, TLS_MAX_FRAGMENT_LENGTH_4096 = 4 }
 Maximum fragment length. More...
 
enum  TlsNamedGroup {
  TLS_GROUP_NONE = 0, TLS_GROUP_SECT163K1 = 1, TLS_GROUP_SECT163R1 = 2, TLS_GROUP_SECT163R2 = 3,
  TLS_GROUP_SECT193R1 = 4, TLS_GROUP_SECT193R2 = 5, TLS_GROUP_SECT233K1 = 6, TLS_GROUP_SECT233R1 = 7,
  TLS_GROUP_SECT239K1 = 8, TLS_GROUP_SECT283K1 = 9, TLS_GROUP_SECT283R1 = 10, TLS_GROUP_SECT409K1 = 11,
  TLS_GROUP_SECT409R1 = 12, TLS_GROUP_SECT571K1 = 13, TLS_GROUP_SECT571R1 = 14, TLS_GROUP_SECP160K1 = 15,
  TLS_GROUP_SECP160R1 = 16, TLS_GROUP_SECP160R2 = 17, TLS_GROUP_SECP192K1 = 18, TLS_GROUP_SECP192R1 = 19,
  TLS_GROUP_SECP224K1 = 20, TLS_GROUP_SECP224R1 = 21, TLS_GROUP_SECP256K1 = 22, TLS_GROUP_SECP256R1 = 23,
  TLS_GROUP_SECP384R1 = 24, TLS_GROUP_SECP521R1 = 25, TLS_GROUP_BRAINPOOLP256R1 = 26, TLS_GROUP_BRAINPOOLP384R1 = 27,
  TLS_GROUP_BRAINPOOLP512R1 = 28, TLS_GROUP_ECDH_X25519 = 29, TLS_GROUP_ECDH_X448 = 30, TLS_GROUP_FFDHE2048 = 256,
  TLS_GROUP_FFDHE3072 = 257, TLS_GROUP_FFDHE4096 = 258, TLS_GROUP_FFDHE6144 = 259, TLS_GROUP_FFDHE8192 = 260,
  TLS_GROUP_FFDHE_MAX = 511, TLS_GROUP_EXPLICIT_PRIME_CURVE = 65281, TLS_GROUP_EXPLICIT_CHAR2_CURVE = 65282
}
 Named groups. More...
 
enum  TlsEcPointFormat { TLS_EC_POINT_FORMAT_UNCOMPRESSED = 0, TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_PRIME = 1, TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_CHAR2 = 2 }
 EC point formats. More...
 
enum  TlsEcCurveType { TLS_EC_CURVE_TYPE_EXPLICIT_PRIME = 1, TLS_EC_CURVE_TYPE_EXPLICIT_CHAR2 = 2, TLS_EC_CURVE_TYPE_NAMED_CURVE = 3 }
 EC curve types. More...
 
enum  TlsState {
  TLS_STATE_INIT = 0, TLS_STATE_CLIENT_HELLO = 1, TLS_STATE_CLIENT_HELLO_2 = 2, TLS_STATE_EARLY_DATA = 3,
  TLS_STATE_HELLO_VERIFY_REQUEST = 4, TLS_STATE_HELLO_RETRY_REQUEST = 5, TLS_STATE_SERVER_HELLO = 6, TLS_STATE_SERVER_HELLO_2 = 7,
  TLS_STATE_SERVER_HELLO_3 = 8, TLS_STATE_HANDSHAKE_TRAFFIC_KEYS = 9, TLS_STATE_ENCRYPTED_EXTENSIONS = 10, TLS_STATE_SERVER_CERTIFICATE = 11,
  TLS_STATE_SERVER_KEY_EXCHANGE = 12, TLS_STATE_SERVER_CERTIFICATE_VERIFY = 13, TLS_STATE_CERTIFICATE_REQUEST = 14, TLS_STATE_SERVER_HELLO_DONE = 15,
  TLS_STATE_CLIENT_CERTIFICATE = 16, TLS_STATE_CLIENT_KEY_EXCHANGE = 17, TLS_STATE_CLIENT_CERTIFICATE_VERIFY = 18, TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC = 19,
  TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC_2 = 20, TLS_STATE_CLIENT_FINISHED = 21, TLS_STATE_CLIENT_APP_TRAFFIC_KEYS = 22, TLS_STATE_SERVER_CHANGE_CIPHER_SPEC = 23,
  TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2 = 24, TLS_STATE_SERVER_FINISHED = 25, TLS_STATE_END_OF_EARLY_DATA = 26, TLS_STATE_SERVER_APP_TRAFFIC_KEYS = 27,
  TLS_STATE_NEW_SESSION_TICKET = 28, TLS_STATE_KEY_UPDATE = 29, TLS_STATE_APPLICATION_DATA = 30, TLS_STATE_CLOSING = 31,
  TLS_STATE_CLOSED = 32
}
 TLS FSM states. More...
 

Functions

TlsContexttlsInit (void)
 TLS context initialization. More...
 
TlsState tlsGetState (TlsContext *context)
 Retrieve current state. More...
 
error_t tlsSetSocketCallbacks (TlsContext *context, TlsSocketSendCallback socketSendCallback, TlsSocketReceiveCallback socketReceiveCallback, TlsSocketHandle handle)
 Set socket send and receive callbacks. More...
 
error_t tlsSetVersion (TlsContext *context, uint16_t versionMin, uint16_t versionMax)
 Set minimum and maximum versions permitted. More...
 
error_t tlsSetTransportProtocol (TlsContext *context, TlsTransportProtocol transportProtocol)
 Set the transport protocol to be used. More...
 
error_t tlsSetConnectionEnd (TlsContext *context, TlsConnectionEnd entity)
 Set operation mode (client or server) More...
 
error_t tlsSetPrng (TlsContext *context, const PrngAlgo *prngAlgo, void *prngContext)
 Set the pseudo-random number generator to be used. More...
 
error_t tlsSetServerName (TlsContext *context, const char_t *serverName)
 Set the server name. More...
 
const char_ttlsGetServerName (TlsContext *context)
 Get the server name. More...
 
error_t tlsSetCache (TlsContext *context, TlsCache *cache)
 Set session cache. More...
 
error_t tlsSetClientAuthMode (TlsContext *context, TlsClientAuthMode mode)
 Set client authentication mode (for servers only) More...
 
error_t tlsSetBufferSize (TlsContext *context, size_t txBufferSize, size_t rxBufferSize)
 Set TLS buffer size. More...
 
error_t tlsSetMaxFragmentLength (TlsContext *context, size_t maxFragLen)
 Set maximum fragment length. More...
 
error_t tlsSetCipherSuites (TlsContext *context, const uint16_t *cipherSuites, uint_t length)
 Specify the list of allowed cipher suites. More...
 
error_t tlsSetSupportedGroups (TlsContext *context, const uint16_t *groups, uint_t length)
 Specify the list of allowed ECDHE and FFDHE groups. More...
 
error_t tlsSetPreferredGroup (TlsContext *context, uint16_t group)
 Specify the preferred ECDHE or FFDHE group. More...
 
error_t tlsSetDhParameters (TlsContext *context, const char_t *params, size_t length)
 Import Diffie-Hellman parameters. More...
 
error_t tlsSetEcdhCallback (TlsContext *context, TlsEcdhCallback ecdhCallback)
 Register ECDH key agreement callback function. More...
 
error_t tlsSetEcdsaSignCallback (TlsContext *context, TlsEcdsaSignCallback ecdsaSignCallback)
 ECDSA signature generation callback function. More...
 
error_t tlsSetEcdsaVerifyCallback (TlsContext *context, TlsEcdsaVerifyCallback ecdsaVerifyCallback)
 Register ECDSA signature verification callback function. More...
 
error_t tlsSetKeyLogCallback (TlsContext *context, TlsKeyLogCallback keyLogCallback)
 Register key logging callback function (for debugging purpose only) More...
 
error_t tlsAllowUnknownAlpnProtocols (TlsContext *context, bool_t allowed)
 Allow unknown ALPN protocols. More...
 
error_t tlsSetAlpnProtocolList (TlsContext *context, const char_t *protocolList)
 Set the list of supported ALPN protocols. More...
 
const char_ttlsGetAlpnProtocol (TlsContext *context)
 Get the name of the selected ALPN protocol. More...
 
error_t tlsSetPsk (TlsContext *context, const uint8_t *psk, size_t length)
 Set the pre-shared key to be used. More...
 
error_t tlsSetPskIdentity (TlsContext *context, const char_t *pskIdentity)
 Set the PSK identity to be used by the client. More...
 
error_t tlsSetPskIdentityHint (TlsContext *context, const char_t *pskIdentityHint)
 Set the PSK identity hint to be used by the server. More...
 
error_t tlsSetPskCallback (TlsContext *context, TlsPskCallback pskCallback)
 Register the PSK callback function. More...
 
error_t tlsSetRpkVerifyCallback (TlsContext *context, TlsRpkVerifyCallback rpkVerifyCallback)
 Register the raw public key verification callback function. More...
 
error_t tlsSetTrustedCaList (TlsContext *context, const char_t *trustedCaList, size_t length)
 Import a trusted CA list. More...
 
error_t tlsAddCertificate (TlsContext *context, const char_t *certChain, size_t certChainLen, const char_t *privateKey, size_t privateKeyLen)
 Import a certificate and the corresponding private key. More...
 
error_t tlsEnableSecureRenegotiation (TlsContext *context, bool_t enabled)
 Enable secure renegotiation. More...
 
error_t tlsEnableFallbackScsv (TlsContext *context, bool_t enabled)
 Perform fallback retry (for clients only) More...
 
error_t tlsSetTicketCallbacks (TlsContext *context, TlsTicketEncryptCallback ticketEncryptCallback, TlsTicketDecryptCallback ticketDecryptCallback, void *param)
 Set ticket encryption/decryption callbacks. More...
 
error_t tlsSetPmtu (TlsContext *context, size_t pmtu)
 Set PMTU value (for DTLS only) More...
 
error_t tlsSetTimeout (TlsContext *context, systime_t timeout)
 Set timeout for blocking calls (for DTLS only) More...
 
error_t tlsSetCookieCallbacks (TlsContext *context, DtlsCookieGenerateCallback cookieGenerateCallback, DtlsCookieVerifyCallback cookieVerifyCallback, void *param)
 Set cookie generation/verification callbacks (for DTLS only) More...
 
error_t tlsEnableReplayDetection (TlsContext *context, bool_t enabled)
 Enable anti-replay mechanism (for DTLS only) More...
 
error_t tlsSetMaxEarlyDataSize (TlsContext *context, size_t maxEarlyDataSize)
 Send the maximum amount of 0-RTT data the server can accept. More...
 
error_t tlsWriteEarlyData (TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
 Send early data to the remote TLS server. More...
 
error_t tlsConnect (TlsContext *context)
 Initiate the TLS handshake. More...
 
TlsEarlyDataStatus tlsGetEarlyDataStatus (TlsContext *context)
 Check whether the server has accepted or rejected the early data. More...
 
error_t tlsWrite (TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
 Send application data to the remote host using TLS. More...
 
error_t tlsRead (TlsContext *context, void *data, size_t size, size_t *received, uint_t flags)
 Receive application data from a the remote host using TLS. More...
 
bool_t tlsIsRxReady (TlsContext *context)
 Check whether some data is available in the receive buffer. More...
 
error_t tlsShutdown (TlsContext *context)
 Gracefully close TLS session. More...
 
error_t tlsShutdownEx (TlsContext *context, bool_t waitForCloseNotify)
 Gracefully close TLS session. More...
 
void tlsFree (TlsContext *context)
 Release TLS context. More...
 
error_t tlsInitSessionState (TlsSessionState *session)
 Initialize session state. More...
 
error_t tlsSaveSessionState (const TlsContext *context, TlsSessionState *session)
 Save TLS session. More...
 
error_t tlsRestoreSessionState (TlsContext *context, const TlsSessionState *session)
 Restore TLS session. More...
 
void tlsFreeSessionState (TlsSessionState *session)
 Properly dispose a session state. More...
 
TlsCachetlsInitCache (uint_t size)
 Session cache initialization. More...
 
void tlsFreeCache (TlsCache *cache)
 Properly dispose a session cache. More...
 

Detailed Description

TLS (Transport Layer Security)

License

Copyright (C) 2010-2018 Oryx Embedded SARL. All rights reserved.

This file is part of CycloneSSL Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Author
Oryx Embedded SARL (www.oryx-embedded.com)
Version
1.9.0

Definition in file tls.h.

Macro Definition Documentation

◆ SSL_VERSION_3_0

#define SSL_VERSION_3_0   0x0300

Definition at line 80 of file tls.h.

◆ TLS_3DES_SUPPORT

#define TLS_3DES_SUPPORT   DISABLED

Definition at line 426 of file tls.h.

◆ TLS_AES_SUPPORT

#define TLS_AES_SUPPORT   ENABLED

Definition at line 433 of file tls.h.

◆ TLS_ALPN_SUPPORT

#define TLS_ALPN_SUPPORT   DISABLED

Definition at line 181 of file tls.h.

◆ TLS_ARIA_SUPPORT

#define TLS_ARIA_SUPPORT   DISABLED

Definition at line 454 of file tls.h.

◆ TLS_BRAINPOOLP256R1_SUPPORT

#define TLS_BRAINPOOLP256R1_SUPPORT   DISABLED

Definition at line 608 of file tls.h.

◆ TLS_BRAINPOOLP384R1_SUPPORT

#define TLS_BRAINPOOLP384R1_SUPPORT   DISABLED

Definition at line 615 of file tls.h.

◆ TLS_BRAINPOOLP512R1_SUPPORT

#define TLS_BRAINPOOLP512R1_SUPPORT   DISABLED

Definition at line 622 of file tls.h.

◆ TLS_CAMELLIA_SUPPORT

#define TLS_CAMELLIA_SUPPORT   DISABLED

Definition at line 440 of file tls.h.

◆ TLS_CBC_CIPHER_SUPPORT

#define TLS_CBC_CIPHER_SUPPORT   ENABLED

Definition at line 370 of file tls.h.

◆ TLS_CCM_8_CIPHER_SUPPORT

#define TLS_CCM_8_CIPHER_SUPPORT   DISABLED

Definition at line 384 of file tls.h.

◆ TLS_CCM_CIPHER_SUPPORT

#define TLS_CCM_CIPHER_SUPPORT   DISABLED

Definition at line 377 of file tls.h.

◆ TLS_CERT_KEY_USAGE_SUPPORT

#define TLS_CERT_KEY_USAGE_SUPPORT   ENABLED

Definition at line 657 of file tls.h.

◆ TLS_CHACHA20_POLY1305_SUPPORT

#define TLS_CHACHA20_POLY1305_SUPPORT   DISABLED

Definition at line 398 of file tls.h.

◆ TLS_CLIENT_HELLO_PADDING_SUPPORT

#define TLS_CLIENT_HELLO_PADDING_SUPPORT   ENABLED

Definition at line 195 of file tls.h.

◆ TLS_CLIENT_SUPPORT

#define TLS_CLIENT_SUPPORT   ENABLED

Definition at line 104 of file tls.h.

◆ TLS_DES_SUPPORT

#define TLS_DES_SUPPORT   DISABLED

Definition at line 419 of file tls.h.

◆ TLS_DH_ANON_KE_SUPPORT

#define TLS_DH_ANON_KE_SUPPORT   DISABLED

Definition at line 265 of file tls.h.

◆ TLS_DH_SUPPORT

#define TLS_DH_SUPPORT   ENABLED

Definition at line 767 of file tls.h.

◆ TLS_DHE_DSS_KE_SUPPORT

#define TLS_DHE_DSS_KE_SUPPORT   DISABLED

Definition at line 258 of file tls.h.

◆ TLS_DHE_PSK_KE_SUPPORT

#define TLS_DHE_PSK_KE_SUPPORT   DISABLED

Definition at line 307 of file tls.h.

◆ TLS_DHE_RSA_KE_SUPPORT

#define TLS_DHE_RSA_KE_SUPPORT   ENABLED

Definition at line 251 of file tls.h.

◆ TLS_DSA_SIGN_SUPPORT

#define TLS_DSA_SIGN_SUPPORT   DISABLED

Definition at line 335 of file tls.h.

◆ TLS_ECC_CALLBACK_SUPPORT

#define TLS_ECC_CALLBACK_SUPPORT   DISABLED

Definition at line 230 of file tls.h.

◆ TLS_ECDH_ANON_KE_SUPPORT

#define TLS_ECDH_ANON_KE_SUPPORT   DISABLED

Definition at line 286 of file tls.h.

◆ TLS_ECDH_SUPPORT

#define TLS_ECDH_SUPPORT   ENABLED

Definition at line 779 of file tls.h.

◆ TLS_ECDHE_ECDSA_KE_SUPPORT

#define TLS_ECDHE_ECDSA_KE_SUPPORT   ENABLED

Definition at line 279 of file tls.h.

◆ TLS_ECDHE_PSK_KE_SUPPORT

#define TLS_ECDHE_PSK_KE_SUPPORT   DISABLED

Definition at line 314 of file tls.h.

◆ TLS_ECDHE_RSA_KE_SUPPORT

#define TLS_ECDHE_RSA_KE_SUPPORT   ENABLED

Definition at line 272 of file tls.h.

◆ TLS_ECDSA_SIGN_SUPPORT

#define TLS_ECDSA_SIGN_SUPPORT   ENABLED

Definition at line 342 of file tls.h.

◆ TLS_ED25519_SUPPORT

#define TLS_ED25519_SUPPORT   ENABLED

Definition at line 643 of file tls.h.

◆ TLS_ED448_SUPPORT

#define TLS_ED448_SUPPORT   DISABLED

Definition at line 650 of file tls.h.

◆ TLS_EDDSA_SIGN_SUPPORT

#define TLS_EDDSA_SIGN_SUPPORT   DISABLED

Definition at line 349 of file tls.h.

◆ TLS_EXT_MASTER_SECRET_SUPPORT

#define TLS_EXT_MASTER_SECRET_SUPPORT   ENABLED

Definition at line 188 of file tls.h.

◆ TLS_FALLBACK_SCSV_SUPPORT

#define TLS_FALLBACK_SCSV_SUPPORT   DISABLED

Definition at line 223 of file tls.h.

◆ TLS_FFDHE2048_SUPPORT

#define TLS_FFDHE2048_SUPPORT   ENABLED

Definition at line 510 of file tls.h.

◆ TLS_FFDHE3072_SUPPORT

#define TLS_FFDHE3072_SUPPORT   DISABLED

Definition at line 517 of file tls.h.

◆ TLS_FFDHE4096_SUPPORT

#define TLS_FFDHE4096_SUPPORT   DISABLED

Definition at line 524 of file tls.h.

◆ TLS_FFDHE_SUPPORT

#define TLS_FFDHE_SUPPORT   DISABLED

Definition at line 503 of file tls.h.

◆ TLS_FLAG_BREAK

#define TLS_FLAG_BREAK (   c)    (TLS_FLAG_BREAK_CHAR | LSB(c))

Definition at line 903 of file tls.h.

◆ TLS_GCM_CIPHER_SUPPORT

#define TLS_GCM_CIPHER_SUPPORT   ENABLED

Definition at line 391 of file tls.h.

◆ TLS_IDEA_SUPPORT

#define TLS_IDEA_SUPPORT   DISABLED

Definition at line 412 of file tls.h.

◆ TLS_KEY_LOG_SUPPORT

#define TLS_KEY_LOG_SUPPORT   DISABLED

Definition at line 664 of file tls.h.

◆ TLS_MASTER_SECRET_SIZE

#define TLS_MASTER_SECRET_SIZE   48

Definition at line 832 of file tls.h.

◆ TLS_MAX_CERTIFICATES

#define TLS_MAX_CERTIFICATES   3

Definition at line 237 of file tls.h.

◆ TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES

#define TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES   0

Definition at line 741 of file tls.h.

◆ TLS_MAX_DH_MODULUS_SIZE

#define TLS_MAX_DH_MODULUS_SIZE   4096

Definition at line 685 of file tls.h.

◆ TLS_MAX_DSA_MODULUS_SIZE

#define TLS_MAX_DSA_MODULUS_SIZE   4096

Definition at line 713 of file tls.h.

◆ TLS_MAX_EMPTY_RECORDS

#define TLS_MAX_EMPTY_RECORDS   0

Definition at line 734 of file tls.h.

◆ TLS_MAX_FRAG_LEN_SUPPORT

#define TLS_MAX_FRAG_LEN_SUPPORT   DISABLED

Definition at line 167 of file tls.h.

◆ TLS_MAX_HKDF_DIGEST_SIZE

#define TLS_MAX_HKDF_DIGEST_SIZE   48

Definition at line 815 of file tls.h.

◆ TLS_MAX_KEY_UPDATE_MESSAGES

#define TLS_MAX_KEY_UPDATE_MESSAGES   0

Definition at line 748 of file tls.h.

◆ TLS_MAX_RECORD_LENGTH

#define TLS_MAX_RECORD_LENGTH   16384

Definition at line 828 of file tls.h.

◆ TLS_MAX_RECORD_OVERHEAD

#define TLS_MAX_RECORD_OVERHEAD   512

Definition at line 830 of file tls.h.

◆ TLS_MAX_RSA_MODULUS_SIZE

#define TLS_MAX_RSA_MODULUS_SIZE   4096

Definition at line 699 of file tls.h.

◆ TLS_MAX_SERVER_NAME_LEN

#define TLS_MAX_SERVER_NAME_LEN   255

Definition at line 671 of file tls.h.

◆ TLS_MAX_VERSION

#define TLS_MAX_VERSION   TLS_VERSION_1_2

Definition at line 125 of file tls.h.

◆ TLS_MAX_WARNING_ALERTS

#define TLS_MAX_WARNING_ALERTS   0

Definition at line 727 of file tls.h.

◆ TLS_MD5_SUPPORT

#define TLS_MD5_SUPPORT   DISABLED

Definition at line 461 of file tls.h.

◆ TLS_MIN_DH_MODULUS_SIZE

#define TLS_MIN_DH_MODULUS_SIZE   1024

Definition at line 678 of file tls.h.

◆ TLS_MIN_DSA_MODULUS_SIZE

#define TLS_MIN_DSA_MODULUS_SIZE   1024

Definition at line 706 of file tls.h.

◆ TLS_MIN_RECORD_LENGTH

#define TLS_MIN_RECORD_LENGTH   512

Definition at line 826 of file tls.h.

◆ TLS_MIN_RSA_MODULUS_SIZE

#define TLS_MIN_RSA_MODULUS_SIZE   1024

Definition at line 692 of file tls.h.

◆ TLS_MIN_VERSION

#define TLS_MIN_VERSION   TLS_VERSION_1_0

Definition at line 118 of file tls.h.

◆ TLS_NULL_CIPHER_SUPPORT

#define TLS_NULL_CIPHER_SUPPORT   DISABLED

Definition at line 356 of file tls.h.

◆ TLS_PREMASTER_SECRET_SIZE

#define TLS_PREMASTER_SECRET_SIZE   256

Definition at line 720 of file tls.h.

◆ TLS_PSK_KE_SUPPORT

#define TLS_PSK_KE_SUPPORT   DISABLED

Definition at line 293 of file tls.h.

◆ TLS_PSK_SUPPORT

#define TLS_PSK_SUPPORT   ENABLED

Definition at line 804 of file tls.h.

◆ TLS_RAW_PUBLIC_KEY_SUPPORT

#define TLS_RAW_PUBLIC_KEY_SUPPORT   DISABLED

Definition at line 209 of file tls.h.

◆ TLS_RC4_SUPPORT

#define TLS_RC4_SUPPORT   DISABLED

Definition at line 405 of file tls.h.

◆ TLS_RECORD_SIZE_LIMIT_SUPPORT

#define TLS_RECORD_SIZE_LIMIT_SUPPORT   ENABLED

Definition at line 174 of file tls.h.

◆ TLS_RSA_KE_SUPPORT

#define TLS_RSA_KE_SUPPORT   ENABLED

Definition at line 244 of file tls.h.

◆ TLS_RSA_PSK_KE_SUPPORT

#define TLS_RSA_PSK_KE_SUPPORT   DISABLED

Definition at line 300 of file tls.h.

◆ TLS_RSA_PSS_SIGN_SUPPORT

#define TLS_RSA_PSS_SIGN_SUPPORT   ENABLED

Definition at line 328 of file tls.h.

◆ TLS_RSA_SIGN_SUPPORT

#define TLS_RSA_SIGN_SUPPORT   ENABLED

Definition at line 321 of file tls.h.

◆ TLS_RSA_SUPPORT

#define TLS_RSA_SUPPORT   ENABLED

Definition at line 792 of file tls.h.

◆ TLS_SECP160K1_SUPPORT

#define TLS_SECP160K1_SUPPORT   DISABLED

Definition at line 531 of file tls.h.

◆ TLS_SECP160R1_SUPPORT

#define TLS_SECP160R1_SUPPORT   DISABLED

Definition at line 538 of file tls.h.

◆ TLS_SECP160R2_SUPPORT

#define TLS_SECP160R2_SUPPORT   DISABLED

Definition at line 545 of file tls.h.

◆ TLS_SECP192K1_SUPPORT

#define TLS_SECP192K1_SUPPORT   DISABLED

Definition at line 552 of file tls.h.

◆ TLS_SECP192R1_SUPPORT

#define TLS_SECP192R1_SUPPORT   DISABLED

Definition at line 559 of file tls.h.

◆ TLS_SECP224K1_SUPPORT

#define TLS_SECP224K1_SUPPORT   DISABLED

Definition at line 566 of file tls.h.

◆ TLS_SECP224R1_SUPPORT

#define TLS_SECP224R1_SUPPORT   DISABLED

Definition at line 573 of file tls.h.

◆ TLS_SECP256K1_SUPPORT

#define TLS_SECP256K1_SUPPORT   DISABLED

Definition at line 580 of file tls.h.

◆ TLS_SECP256R1_SUPPORT

#define TLS_SECP256R1_SUPPORT   ENABLED

Definition at line 587 of file tls.h.

◆ TLS_SECP384R1_SUPPORT

#define TLS_SECP384R1_SUPPORT   ENABLED

Definition at line 594 of file tls.h.

◆ TLS_SECP521R1_SUPPORT

#define TLS_SECP521R1_SUPPORT   DISABLED

Definition at line 601 of file tls.h.

◆ TLS_SECURE_RENEGOTIATION_SUPPORT

#define TLS_SECURE_RENEGOTIATION_SUPPORT   DISABLED

Definition at line 216 of file tls.h.

◆ TLS_SEED_SUPPORT

#define TLS_SEED_SUPPORT   DISABLED

Definition at line 447 of file tls.h.

◆ TLS_SERVER_SUPPORT

#define TLS_SERVER_SUPPORT   ENABLED

Definition at line 111 of file tls.h.

◆ TLS_SESSION_CACHE_LIFETIME

#define TLS_SESSION_CACHE_LIFETIME   3600000

Definition at line 139 of file tls.h.

◆ TLS_SESSION_RESUME_SUPPORT

#define TLS_SESSION_RESUME_SUPPORT   ENABLED

Definition at line 132 of file tls.h.

◆ TLS_SHA1_SUPPORT

#define TLS_SHA1_SUPPORT   ENABLED

Definition at line 468 of file tls.h.

◆ TLS_SHA224_SUPPORT

#define TLS_SHA224_SUPPORT   DISABLED

Definition at line 475 of file tls.h.

◆ TLS_SHA256_SUPPORT

#define TLS_SHA256_SUPPORT   ENABLED

Definition at line 482 of file tls.h.

◆ TLS_SHA384_SUPPORT

#define TLS_SHA384_SUPPORT   ENABLED

Definition at line 489 of file tls.h.

◆ TLS_SHA512_SUPPORT

#define TLS_SHA512_SUPPORT   DISABLED

Definition at line 496 of file tls.h.

◆ TLS_SIGN_ALGOS_CERT_SUPPORT

#define TLS_SIGN_ALGOS_CERT_SUPPORT   DISABLED

Definition at line 202 of file tls.h.

◆ TLS_SNI_SUPPORT

#define TLS_SNI_SUPPORT   ENABLED

Definition at line 160 of file tls.h.

◆ TLS_STREAM_CIPHER_SUPPORT

#define TLS_STREAM_CIPHER_SUPPORT   DISABLED

Definition at line 363 of file tls.h.

◆ TLS_SUPPORT

#define TLS_SUPPORT   ENABLED

Definition at line 97 of file tls.h.

◆ TLS_TICKET_LIFETIME

#define TLS_TICKET_LIFETIME   3600000

Definition at line 153 of file tls.h.

◆ TLS_TICKET_SUPPORT

#define TLS_TICKET_SUPPORT   DISABLED

Definition at line 146 of file tls.h.

◆ TLS_VERSION_1_0

#define TLS_VERSION_1_0   0x0301

Definition at line 81 of file tls.h.

◆ TLS_VERSION_1_1

#define TLS_VERSION_1_1   0x0302

Definition at line 82 of file tls.h.

◆ TLS_VERSION_1_2

#define TLS_VERSION_1_2   0x0303

Definition at line 83 of file tls.h.

◆ TLS_VERSION_1_3

#define TLS_VERSION_1_3   0x0304

Definition at line 90 of file tls.h.

◆ TLS_VERSION_1_3_DRAFT

#define TLS_VERSION_1_3_DRAFT (   version)    (0x7F00 + (version))

Definition at line 86 of file tls.h.

◆ TLS_X25519_SUPPORT

#define TLS_X25519_SUPPORT   DISABLED

Definition at line 629 of file tls.h.

◆ TLS_X448_SUPPORT

#define TLS_X448_SUPPORT   DISABLED

Definition at line 636 of file tls.h.

◆ tlsAllocMem

#define tlsAllocMem (   size)    osAllocMem(size)

Definition at line 755 of file tls.h.

◆ TlsContext

#define TlsContext   struct _TlsContext

Definition at line 34 of file tls.h.

◆ tlsFreeMem

#define tlsFreeMem (   p)    osFreeMem(p)

Definition at line 760 of file tls.h.

◆ tlsSetSocket

#define tlsSetSocket (   context,
  socket 
)
Value:
error_t socketReceive(Socket *socket, void *data, size_t size, size_t *received, uint_t flags)
Receive data from a connected socket.
Definition: socket.c:584
error_t(* TlsSocketSendCallback)(TlsSocketHandle handle, const void *data, size_t length, size_t *written, uint_t flags)
Socket send callback function.
Definition: tls.h:1718
int_t socket(int_t family, int_t type, int_t protocol)
Create a socket that is bound to a specific transport service provider.
Definition: bsd_socket.c:106
error_t tlsSetSocketCallbacks(TlsContext *context, TlsSocketSendCallback socketSendCallback, TlsSocketReceiveCallback socketReceiveCallback, TlsSocketHandle handle)
Set socket send and receive callbacks.
Definition: tls.c:215
void * TlsSocketHandle
Socket handle.
Definition: tls.h:1711
error_t(* TlsSocketReceiveCallback)(TlsSocketHandle handle, void *data, size_t size, size_t *received, uint_t flags)
Socket receive callback function.
Definition: tls.h:1726
error_t socketSend(Socket *socket, const void *data, size_t length, size_t *written, uint_t flags)
Send data to a connected socket.
Definition: socket.c:490

Definition at line 821 of file tls.h.

Typedef Documentation

◆ Tls12DigitalSignature

typedef { ... } Tls12DigitalSignature

Digitally-signed element (TLS 1.2)

◆ TlsAlert

typedef { ... } TlsAlert

Alert message.

◆ TlsCertAuthorities

typedef { ... } TlsCertAuthorities

List of certificate authorities.

◆ TlsCertificate

typedef void TlsCertificate

Certificate message.

Definition at line 1631 of file tls.h.

◆ TlsCertificateList

typedef { ... } TlsCertificateList

List of certificates.

◆ TlsCertificateRequest

typedef { ... } TlsCertificateRequest

CertificateRequest message.

◆ TlsCertificateVerify

typedef void TlsCertificateVerify

CertificateVerify message.

Definition at line 1670 of file tls.h.

◆ TlsCertTypeList

typedef { ... } TlsCertTypeList

List of supported certificate types.

◆ TlsChangeCipherSpec

typedef { ... } TlsChangeCipherSpec

ChangeCipherSpec message.

◆ TlsCipherSuite

typedef uint16_t TlsCipherSuite

Cipher suite.

Definition at line 1325 of file tls.h.

◆ TlsCipherSuites

typedef { ... } TlsCipherSuites

Cipher suites.

◆ TlsClientHello

typedef { ... } TlsClientHello

ClientHello message.

◆ TlsClientKeyExchange

typedef void TlsClientKeyExchange

ClientKeyExchange message.

Definition at line 1663 of file tls.h.

◆ TlsCompressMethod

typedef uint8_t TlsCompressMethod

Compression method.

Definition at line 1343 of file tls.h.

◆ TlsCompressMethods

typedef { ... } TlsCompressMethods

Compression methods.

◆ TlsDigitalSignature

typedef { ... } TlsDigitalSignature

Digitally-signed element (SSL 3.0, TLS 1.0 and TLS 1.1)

◆ TlsEcdhCallback

typedef error_t(* TlsEcdhCallback) (TlsContext *context)

ECDH key agreement callback function.

Definition at line 1768 of file tls.h.

◆ TlsEcdsaSignCallback

typedef error_t(* TlsEcdsaSignCallback) (TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)

ECDSA signature generation callback function.

Definition at line 1775 of file tls.h.

◆ TlsEcdsaVerifyCallback

typedef error_t(* TlsEcdsaVerifyCallback) (TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)

ECDSA signature verification callback function.

Definition at line 1783 of file tls.h.

◆ TlsEcPointFormatList

typedef { ... } TlsEcPointFormatList

List of supported EC point formats.

◆ TlsExtension

typedef { ... } TlsExtension

TLS extension.

◆ TlsExtensionList

typedef { ... } TlsExtensionList

List of TLS extensions.

◆ TlsFinished

typedef void TlsFinished

Finished message.

Definition at line 1677 of file tls.h.

◆ TlsHandshake

typedef { ... } TlsHandshake

TLS handshake message.

◆ TlsHelloRequest

typedef void TlsHelloRequest

HelloRequest message.

Definition at line 1598 of file tls.h.

◆ TlsKeyLogCallback

typedef void(* TlsKeyLogCallback) (TlsContext *context, const char_t *key)

Key logging callback function (for debugging purpose only)

Definition at line 1791 of file tls.h.

◆ TlsProtocolName

typedef { ... } TlsProtocolName

Protocol name.

◆ TlsProtocolNameList

typedef { ... } TlsProtocolNameList

List of protocol names.

◆ TlsPskCallback

typedef error_t(* TlsPskCallback) (TlsContext *context, const uint8_t *pskIdentity, size_t pskIdentityLen)

Pre-shared key callback function.

Definition at line 1734 of file tls.h.

◆ TlsPskIdentity

typedef { ... } TlsPskIdentity

PSK identity.

◆ TlsPskIdentityHint

typedef { ... } TlsPskIdentityHint

PSK identity hint.

◆ TlsRecord

typedef { ... } TlsRecord

TLS record.

◆ TlsRenegoInfo

typedef { ... } TlsRenegoInfo

Renegotiated connection.

◆ TlsRpkVerifyCallback

typedef error_t(* TlsRpkVerifyCallback) (TlsContext *context, const uint8_t *rawPublicKey, size_t rawPublicKeyLen)

Raw public key verification callback function.

Definition at line 1742 of file tls.h.

◆ TlsSequenceNumber

typedef { ... } TlsSequenceNumber

Sequence number.

◆ TlsServerHello

typedef { ... } TlsServerHello

ServerHello message.

◆ TlsServerHelloDone

typedef void TlsServerHelloDone

ServerHelloDone message.

Definition at line 1656 of file tls.h.

◆ TlsServerKeyExchange

typedef void TlsServerKeyExchange

ServerKeyExchange message.

Definition at line 1638 of file tls.h.

◆ TlsServerName

typedef { ... } TlsServerName

Server name.

◆ TlsServerNameList

typedef { ... } TlsServerNameList

List of server names.

◆ TlsSignHashAlgo

typedef { ... } TlsSignHashAlgo

Signature algorithm.

◆ TlsSignHashAlgos

typedef { ... } TlsSignHashAlgos

List of signature algorithms.

◆ TlsSocketHandle

typedef void* TlsSocketHandle

Socket handle.

Definition at line 1711 of file tls.h.

◆ TlsSocketReceiveCallback

typedef error_t(* TlsSocketReceiveCallback) (TlsSocketHandle handle, void *data, size_t size, size_t *received, uint_t flags)

Socket receive callback function.

Definition at line 1726 of file tls.h.

◆ TlsSocketSendCallback

typedef error_t(* TlsSocketSendCallback) (TlsSocketHandle handle, const void *data, size_t length, size_t *written, uint_t flags)

Socket send callback function.

Definition at line 1718 of file tls.h.

◆ TlsSupportedGroupList

typedef { ... } TlsSupportedGroupList

List of supported groups.

◆ TlsSupportedVersionList

typedef { ... } TlsSupportedVersionList

List of supported versions.

◆ TlsTicketDecryptCallback

typedef error_t(* TlsTicketDecryptCallback) (TlsContext *context, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen, void *params)

Ticket decryption callback function.

Definition at line 1759 of file tls.h.

◆ TlsTicketEncryptCallback

typedef error_t(* TlsTicketEncryptCallback) (TlsContext *context, const uint8_t *plaintext, size_t plaintextLen, uint8_t *ciphertext, size_t *ciphertextLen, void *params)

Ticket encryption callback function.

Definition at line 1750 of file tls.h.

Enumeration Type Documentation

◆ TlsAlertDescription

Alert description.

Enumerator
TLS_ALERT_CLOSE_NOTIFY 
TLS_ALERT_UNEXPECTED_MESSAGE 
TLS_ALERT_BAD_RECORD_MAC 
TLS_ALERT_DECRYPTION_FAILED 
TLS_ALERT_RECORD_OVERFLOW 
TLS_ALERT_DECOMPRESSION_FAILURE 
TLS_ALERT_HANDSHAKE_FAILURE 
TLS_ALERT_NO_CERTIFICATE 
TLS_ALERT_BAD_CERTIFICATE 
TLS_ALERT_UNSUPPORTED_CERTIFICATE 
TLS_ALERT_CERTIFICATE_REVOKED 
TLS_ALERT_CERTIFICATE_EXPIRED 
TLS_ALERT_CERTIFICATE_UNKNOWN 
TLS_ALERT_ILLEGAL_PARAMETER 
TLS_ALERT_UNKNOWN_CA 
TLS_ALERT_ACCESS_DENIED 
TLS_ALERT_DECODE_ERROR 
TLS_ALERT_DECRYPT_ERROR 
TLS_ALERT_EXPORT_RESTRICTION 
TLS_ALERT_PROTOCOL_VERSION 
TLS_ALERT_INSUFFICIENT_SECURITY 
TLS_ALERT_INTERNAL_ERROR 
TLS_ALERT_INAPPROPRIATE_FALLBACK 
TLS_ALERT_USER_CANCELED 
TLS_ALERT_NO_RENEGOTIATION 
TLS_ALERT_MISSING_EXTENSION 
TLS_ALERT_UNSUPPORTED_EXTENSION 
TLS_ALERT_CERTIFICATE_UNOBTAINABLE 
TLS_ALERT_UNRECOGNIZED_NAME 
TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE 
TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE 
TLS_ALERT_UNKNOWN_PSK_IDENTITY 
TLS_ALERT_NO_APPLICATION_PROTOCOL 

Definition at line 966 of file tls.h.

◆ TlsAlertLevel

Alert level.

Enumerator
TLS_ALERT_LEVEL_WARNING 
TLS_ALERT_LEVEL_FATAL 

Definition at line 955 of file tls.h.

◆ TlsCertificateFormat

Certificate formats.

Enumerator
TLS_CERT_FORMAT_X509 
TLS_CERT_FORMAT_OPEN_PGP 
TLS_CERT_FORMAT_RAW_PUBLIC_KEY 

Definition at line 1052 of file tls.h.

◆ TlsCertificateType

Certificate types.

Enumerator
TLS_CERT_NONE 
TLS_CERT_RSA_SIGN 
TLS_CERT_DSS_SIGN 
TLS_CERT_RSA_FIXED_DH 
TLS_CERT_DSS_FIXED_DH 
TLS_CERT_RSA_EPHEMERAL_DH 
TLS_CERT_DSS_EPHEMERAL_DH 
TLS_CERT_FORTEZZA_DMS 
TLS_CERT_ECDSA_SIGN 
TLS_CERT_RSA_FIXED_ECDH 
TLS_CERT_ECDSA_FIXED_ECDH 
TLS_CERT_RSA_PSS_SIGN 
TLS_CERT_ED25519_SIGN 
TLS_CERT_ED448_SIGN 

Definition at line 1064 of file tls.h.

◆ TlsClientAuthMode

Client authentication mode.

Enumerator
TLS_CLIENT_AUTH_NONE 
TLS_CLIENT_AUTH_OPTIONAL 
TLS_CLIENT_AUTH_REQUIRED 

Definition at line 866 of file tls.h.

◆ TlsCompressMethodList

Compression methods.

Enumerator
TLS_COMPRESSION_METHOD_NULL 
TLS_COMPRESSION_METHOD_DEFLATE 

Definition at line 1008 of file tls.h.

◆ TlsConnectionEnd

TLS connection end.

Enumerator
TLS_CONNECTION_END_CLIENT 
TLS_CONNECTION_END_SERVER 

Definition at line 855 of file tls.h.

◆ TlsContentType

Content type.

Enumerator
TLS_TYPE_NONE 
TLS_TYPE_CHANGE_CIPHER_SPEC 
TLS_TYPE_ALERT 
TLS_TYPE_HANDSHAKE 
TLS_TYPE_APPLICATION_DATA 
TLS_TYPE_HEARTBEAT 
TLS_TYPE_ACK 

Definition at line 910 of file tls.h.

◆ TlsEarlyDataStatus

Early data status.

Enumerator
TLS_EARLY_DATA_REJECTED 
TLS_EARLY_DATA_ACCEPTED 

Definition at line 878 of file tls.h.

◆ TlsEcCurveType

EC curve types.

Enumerator
TLS_EC_CURVE_TYPE_EXPLICIT_PRIME 
TLS_EC_CURVE_TYPE_EXPLICIT_CHAR2 
TLS_EC_CURVE_TYPE_NAMED_CURVE 

Definition at line 1255 of file tls.h.

◆ TlsEcPointFormat

EC point formats.

Enumerator
TLS_EC_POINT_FORMAT_UNCOMPRESSED 
TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_PRIME 
TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_CHAR2 

Definition at line 1243 of file tls.h.

◆ TlsExtensionType

TLS extension types.

Enumerator
TLS_EXT_SERVER_NAME 
TLS_EXT_MAX_FRAGMENT_LENGTH 
TLS_EXT_CLIENT_CERTIFICATE_URL 
TLS_EXT_TRUSTED_CA_KEYS 
TLS_EXT_TRUNCATED_HMAC 
TLS_EXT_STATUS_REQUEST 
TLS_EXT_USER_MAPPING 
TLS_EXT_CLIENT_AUTHZ 
TLS_EXT_SERVER_AUTHZ 
TLS_EXT_CERT_TYPE 
TLS_EXT_SUPPORTED_GROUPS 
TLS_EXT_EC_POINT_FORMATS 
TLS_EXT_SRP 
TLS_EXT_SIGNATURE_ALGORITHMS 
TLS_EXT_USE_SRTP 
TLS_EXT_HEARTBEAT 
TLS_EXT_ALPN 
TLS_EXT_STATUS_REQUEST_V2 
TLS_EXT_SIGNED_CERT_TIMESTAMP 
TLS_EXT_CLIENT_CERT_TYPE 
TLS_EXT_SERVER_CERT_TYPE 
TLS_EXT_PADDING 
TLS_EXT_ENCRYPT_THEN_MAC 
TLS_EXT_EXTENDED_MASTER_SECRET 
TLS_EXT_CACHED_INFO 
TLS_EXT_RECORD_SIZE_LIMIT 
TLS_EXT_SESSION_TICKET 
TLS_EXT_PRE_SHARED_KEY 
TLS_EXT_EARLY_DATA 
TLS_EXT_SUPPORTED_VERSIONS 
TLS_EXT_COOKIE 
TLS_EXT_PSK_KEY_EXCHANGE_MODES 
TLS_EXT_CERTIFICATE_AUTHORITIES 
TLS_EXT_OID_FILTERS 
TLS_EXT_POST_HANDSHAKE_AUTH 
TLS_EXT_SIGNATURE_ALGORITHMS_CERT 
TLS_EXT_KEY_SHARE 
TLS_EXT_RENEGOTIATION_INFO 

Definition at line 1125 of file tls.h.

◆ TlsFlags

enum TlsFlags

Flags used by read and write functions.

Enumerator
TLS_FLAG_PEEK 
TLS_FLAG_WAIT_ALL 
TLS_FLAG_BREAK_CHAR 
TLS_FLAG_BREAK_CRLF 
TLS_FLAG_WAIT_ACK 
TLS_FLAG_NO_DELAY 
TLS_FLAG_DELAY 

Definition at line 889 of file tls.h.

◆ TlsHashAlgo

Hash algorithms.

Enumerator
TLS_HASH_ALGO_NONE 
TLS_HASH_ALGO_MD5 
TLS_HASH_ALGO_SHA1 
TLS_HASH_ALGO_SHA224 
TLS_HASH_ALGO_SHA256 
TLS_HASH_ALGO_SHA384 
TLS_HASH_ALGO_SHA512 
TLS_HASH_ALGO_INTRINSIC 

Definition at line 1087 of file tls.h.

◆ TlsKeyExchMethod

Key exchange methods.

Enumerator
TLS_KEY_EXCH_NONE 
TLS_KEY_EXCH_RSA 
TLS_KEY_EXCH_DH_RSA 
TLS_KEY_EXCH_DHE_RSA 
TLS_KEY_EXCH_DH_DSS 
TLS_KEY_EXCH_DHE_DSS 
TLS_KEY_EXCH_DH_ANON 
TLS_KEY_EXCH_ECDH_RSA 
TLS_KEY_EXCH_ECDHE_RSA 
TLS_KEY_EXCH_ECDH_ECDSA 
TLS_KEY_EXCH_ECDHE_ECDSA 
TLS_KEY_EXCH_ECDH_ANON 
TLS_KEY_EXCH_PSK 
TLS_KEY_EXCH_RSA_PSK 
TLS_KEY_EXCH_DHE_PSK 
TLS_KEY_EXCH_ECDHE_PSK 
TLS_KEY_EXCH_SRP_SHA 
TLS_KEY_EXCH_SRP_SHA_RSA 
TLS_KEY_EXCH_SRP_SHA_DSS 
TLS13_KEY_EXCH_DHE 
TLS13_KEY_EXCH_ECDHE 
TLS13_KEY_EXCH_PSK 
TLS13_KEY_EXCH_PSK_DHE 
TLS13_KEY_EXCH_PSK_ECDHE 

Definition at line 1019 of file tls.h.

◆ TlsMaxFragmentLength

Maximum fragment length.

Enumerator
TLS_MAX_FRAGMENT_LENGTH_512 
TLS_MAX_FRAGMENT_LENGTH_1024 
TLS_MAX_FRAGMENT_LENGTH_2048 
TLS_MAX_FRAGMENT_LENGTH_4096 

Definition at line 1182 of file tls.h.

◆ TlsMessageType

Handshake message type.

Enumerator
TLS_TYPE_HELLO_REQUEST 
TLS_TYPE_CLIENT_HELLO 
TLS_TYPE_SERVER_HELLO 
TLS_TYPE_HELLO_VERIFY_REQUEST 
TLS_TYPE_NEW_SESSION_TICKET 
TLS_TYPE_END_OF_EARLY_DATA 
TLS_TYPE_HELLO_RETRY_REQUEST 
TLS_TYPE_ENCRYPTED_EXTENSIONS 
TLS_TYPE_CERTIFICATE 
TLS_TYPE_SERVER_KEY_EXCHANGE 
TLS_TYPE_CERTIFICATE_REQUEST 
TLS_TYPE_SERVER_HELLO_DONE 
TLS_TYPE_CERTIFICATE_VERIFY 
TLS_TYPE_CLIENT_KEY_EXCHANGE 
TLS_TYPE_FINISHED 
TLS_TYPE_CERTIFICATE_URL 
TLS_TYPE_CERTIFICATE_STATUS 
TLS_TYPE_SUPPLEMENTAL_DATA 
TLS_TYPE_KEY_UPDATE 
TLS_TYPE_MESSAGE_HASH 

Definition at line 926 of file tls.h.

◆ TlsNamedGroup

Named groups.

Enumerator
TLS_GROUP_NONE 
TLS_GROUP_SECT163K1 
TLS_GROUP_SECT163R1 
TLS_GROUP_SECT163R2 
TLS_GROUP_SECT193R1 
TLS_GROUP_SECT193R2 
TLS_GROUP_SECT233K1 
TLS_GROUP_SECT233R1 
TLS_GROUP_SECT239K1 
TLS_GROUP_SECT283K1 
TLS_GROUP_SECT283R1 
TLS_GROUP_SECT409K1 
TLS_GROUP_SECT409R1 
TLS_GROUP_SECT571K1 
TLS_GROUP_SECT571R1 
TLS_GROUP_SECP160K1 
TLS_GROUP_SECP160R1 
TLS_GROUP_SECP160R2 
TLS_GROUP_SECP192K1 
TLS_GROUP_SECP192R1 
TLS_GROUP_SECP224K1 
TLS_GROUP_SECP224R1 
TLS_GROUP_SECP256K1 
TLS_GROUP_SECP256R1 
TLS_GROUP_SECP384R1 
TLS_GROUP_SECP521R1 
TLS_GROUP_BRAINPOOLP256R1 
TLS_GROUP_BRAINPOOLP384R1 
TLS_GROUP_BRAINPOOLP512R1 
TLS_GROUP_ECDH_X25519 
TLS_GROUP_ECDH_X448 
TLS_GROUP_FFDHE2048 
TLS_GROUP_FFDHE3072 
TLS_GROUP_FFDHE4096 
TLS_GROUP_FFDHE6144 
TLS_GROUP_FFDHE8192 
TLS_GROUP_FFDHE_MAX 
TLS_GROUP_EXPLICIT_PRIME_CURVE 
TLS_GROUP_EXPLICIT_CHAR2_CURVE 

Definition at line 1195 of file tls.h.

◆ TlsNameType

Name type.

Enumerator
TLS_NAME_TYPE_HOSTNAME 

Definition at line 1172 of file tls.h.

◆ TlsSignatureAlgo

Signature algorithms.

Enumerator
TLS_SIGN_ALGO_ANONYMOUS 
TLS_SIGN_ALGO_RSA 
TLS_SIGN_ALGO_DSA 
TLS_SIGN_ALGO_ECDSA 
TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA256 
TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA384 
TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA512 
TLS_SIGN_ALGO_ED25519 
TLS_SIGN_ALGO_ED448 
TLS_SIGN_ALGO_RSA_PSS_PSS_SHA256 
TLS_SIGN_ALGO_RSA_PSS_PSS_SHA384 
TLS_SIGN_ALGO_RSA_PSS_PSS_SHA512 

Definition at line 1104 of file tls.h.

◆ TlsState

enum TlsState

TLS FSM states.

Enumerator
TLS_STATE_INIT 
TLS_STATE_CLIENT_HELLO 
TLS_STATE_CLIENT_HELLO_2 
TLS_STATE_EARLY_DATA 
TLS_STATE_HELLO_VERIFY_REQUEST 
TLS_STATE_HELLO_RETRY_REQUEST 
TLS_STATE_SERVER_HELLO 
TLS_STATE_SERVER_HELLO_2 
TLS_STATE_SERVER_HELLO_3 
TLS_STATE_HANDSHAKE_TRAFFIC_KEYS 
TLS_STATE_ENCRYPTED_EXTENSIONS 
TLS_STATE_SERVER_CERTIFICATE 
TLS_STATE_SERVER_KEY_EXCHANGE 
TLS_STATE_SERVER_CERTIFICATE_VERIFY 
TLS_STATE_CERTIFICATE_REQUEST 
TLS_STATE_SERVER_HELLO_DONE 
TLS_STATE_CLIENT_CERTIFICATE 
TLS_STATE_CLIENT_KEY_EXCHANGE 
TLS_STATE_CLIENT_CERTIFICATE_VERIFY 
TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC 
TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC_2 
TLS_STATE_CLIENT_FINISHED 
TLS_STATE_CLIENT_APP_TRAFFIC_KEYS 
TLS_STATE_SERVER_CHANGE_CIPHER_SPEC 
TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2 
TLS_STATE_SERVER_FINISHED 
TLS_STATE_END_OF_EARLY_DATA 
TLS_STATE_SERVER_APP_TRAFFIC_KEYS 
TLS_STATE_NEW_SESSION_TICKET 
TLS_STATE_KEY_UPDATE 
TLS_STATE_APPLICATION_DATA 
TLS_STATE_CLOSING 
TLS_STATE_CLOSED 

Definition at line 1267 of file tls.h.

◆ TlsTransportProtocol

TLS transport protocols.

Enumerator
TLS_TRANSPORT_PROTOCOL_STREAM 
TLS_TRANSPORT_PROTOCOL_DATAGRAM 

Definition at line 844 of file tls.h.

Function Documentation

◆ tlsAddCertificate()

error_t tlsAddCertificate ( TlsContext context,
const char_t certChain,
size_t  certChainLen,
const char_t privateKey,
size_t  privateKeyLen 
)

Import a certificate and the corresponding private key.

Parameters
[in]contextPointer to the TLS context
[in]certChainCertificate chain (PEM format)
[in]certChainLenTotal length of the certificate chain
[in]privateKeyPrivate key (PEM format)
[in]privateKeyLenTotal length of the private key
Returns
Error code

Definition at line 1124 of file tls.c.

◆ tlsAllowUnknownAlpnProtocols()

error_t tlsAllowUnknownAlpnProtocols ( TlsContext context,
bool_t  allowed 
)

Allow unknown ALPN protocols.

Parameters
[in]contextPointer to the TLS context
[in]allowedSpecifies whether unknown ALPN protocols are allowed
Returns
Error code

Definition at line 779 of file tls.c.

◆ tlsConnect()

error_t tlsConnect ( TlsContext context)

Initiate the TLS handshake.

Parameters
[in]contextPointer to the TLS context
Returns
Error code

Definition at line 1531 of file tls.c.

◆ tlsEnableFallbackScsv()

error_t tlsEnableFallbackScsv ( TlsContext context,
bool_t  enabled 
)

Perform fallback retry (for clients only)

Parameters
[in]contextPointer to the TLS context
[in]enabledSpecifies whether FALLBACK_SCSV is enabled
Returns
Error code

Definition at line 1257 of file tls.c.

◆ tlsEnableReplayDetection()

error_t tlsEnableReplayDetection ( TlsContext context,
bool_t  enabled 
)

Enable anti-replay mechanism (for DTLS only)

Parameters
[in]contextPointer to the TLS context
[in]enabledSpecifies whether anti-replay protection is enabled
Returns
Error code

Definition at line 1411 of file tls.c.

◆ tlsEnableSecureRenegotiation()

error_t tlsEnableSecureRenegotiation ( TlsContext context,
bool_t  enabled 
)

Enable secure renegotiation.

Parameters
[in]contextPointer to the TLS context
[in]enabledSpecifies whether secure renegotiation is allowed
Returns
Error code

Definition at line 1231 of file tls.c.

◆ tlsFree()

void tlsFree ( TlsContext context)

Release TLS context.

Parameters
[in]contextPointer to the TLS context

Definition at line 2178 of file tls.c.

◆ tlsFreeCache()

void tlsFreeCache ( TlsCache cache)

Properly dispose a session cache.

Parameters
[in]cachePointer to the session cache to be released

Definition at line 312 of file tls_cache.c.

◆ tlsFreeSessionState()

void tlsFreeSessionState ( TlsSessionState session)

Properly dispose a session state.

Parameters
[in]sessionPointer to the session state to be released

Definition at line 2594 of file tls.c.

◆ tlsGetAlpnProtocol()

const char_t* tlsGetAlpnProtocol ( TlsContext context)

Get the name of the selected ALPN protocol.

Parameters
[in]contextPointer to the TLS context
Returns
Pointer to the protocol name

Definition at line 853 of file tls.c.

◆ tlsGetEarlyDataStatus()

TlsEarlyDataStatus tlsGetEarlyDataStatus ( TlsContext context)

Check whether the server has accepted or rejected the early data.

Parameters
[in]contextPointer to the TLS context
Returns
TLS_EARLY_DATA_ACCEPTED if the early data was accepted, else TLS_EARLY_DATA_REJECT if the early data was rejected

Definition at line 1579 of file tls.c.

◆ tlsGetServerName()

const char_t* tlsGetServerName ( TlsContext context)

Get the server name.

Parameters
[in]contextPointer to the TLS context
Returns
Fully qualified domain name of the server

Definition at line 411 of file tls.c.

◆ tlsGetState()

TlsState tlsGetState ( TlsContext context)

Retrieve current state.

Parameters
[in]contextPointer to the TLS context
Returns
Current TLS state

Definition at line 191 of file tls.c.

◆ tlsInit()

TlsContext* tlsInit ( void  )

TLS context initialization.

Returns
Handle referencing the fully initialized TLS context

Definition at line 63 of file tls.c.

◆ tlsInitCache()

TlsCache* tlsInitCache ( uint_t  size)

Session cache initialization.

Parameters
[in]sizeMaximum number of cache entries
Returns
Handle referencing the fully initialized session cache

Definition at line 48 of file tls_cache.c.

◆ tlsInitSessionState()

error_t tlsInitSessionState ( TlsSessionState session)

Initialize session state.

Parameters
[in]sessionPointer to the session state
Returns
Error code

Definition at line 2312 of file tls.c.

◆ tlsIsRxReady()

bool_t tlsIsRxReady ( TlsContext context)

Check whether some data is available in the receive buffer.

Parameters
[in]contextPointer to the TLS context
Returns
The function returns TRUE if some data is pending and can be read immediately without blocking. Otherwise, FALSE is returned

Definition at line 1976 of file tls.c.

◆ tlsRead()

error_t tlsRead ( TlsContext context,
void *  data,
size_t  size,
size_t *  received,
uint_t  flags 
)

Receive application data from a the remote host using TLS.

Parameters
[in]contextPointer to the TLS context
[out]dataBuffer into which received data will be placed
[in]sizeMaximum number of bytes that can be received
[out]receivedNumber of bytes that have been received
[in]flagsSet of flags that influences the behavior of this function
Returns
Error code

Definition at line 1740 of file tls.c.

◆ tlsRestoreSessionState()

error_t tlsRestoreSessionState ( TlsContext context,
const TlsSessionState session 
)

Restore TLS session.

Parameters
[in]contextPointer to the TLS context
[in]sessionPointer to the session state to be restored
Returns
Error code

Definition at line 2466 of file tls.c.

◆ tlsSaveSessionState()

error_t tlsSaveSessionState ( const TlsContext context,
TlsSessionState session 
)

Save TLS session.

Parameters
[in]contextPointer to the TLS context
[out]sessionPointer to the session state
Returns
Error code

Definition at line 2333 of file tls.c.

◆ tlsSetAlpnProtocolList()

error_t tlsSetAlpnProtocolList ( TlsContext context,
const char_t protocolList 
)

Set the list of supported ALPN protocols.

Parameters
[in]contextPointer to the TLS context
[in]protocolListComma-delimited list of supported protocols
Returns
Error code

Definition at line 805 of file tls.c.

◆ tlsSetBufferSize()

error_t tlsSetBufferSize ( TlsContext context,
size_t  txBufferSize,
size_t  rxBufferSize 
)

Set TLS buffer size.

Parameters
[in]contextPointer to the TLS context
[in]txBufferSizeTX buffer size
[in]rxBufferSizeRX buffer size
Returns
Error code

Definition at line 479 of file tls.c.

◆ tlsSetCache()

error_t tlsSetCache ( TlsContext context,
TlsCache cache 
)

Set session cache.

Parameters
[in]contextPointer to the TLS context
[in]cacheSession cache that will be used to save/resume TLS sessions
Returns
Error code

Definition at line 436 of file tls.c.

◆ tlsSetCipherSuites()

error_t tlsSetCipherSuites ( TlsContext context,
const uint16_t *  cipherSuites,
uint_t  length 
)

Specify the list of allowed cipher suites.

Parameters
[in]contextPointer to the TLS context
[in]cipherSuitesList of allowed cipher suites (most preferred first)
[in]lengthNumber of cipher suites in the list
Returns
Error code

Definition at line 562 of file tls.c.

◆ tlsSetClientAuthMode()

error_t tlsSetClientAuthMode ( TlsContext context,
TlsClientAuthMode  mode 
)

Set client authentication mode (for servers only)

Parameters
[in]contextPointer to the TLS context
[in]modeClient authentication mode
Returns
Error code

Definition at line 457 of file tls.c.

◆ tlsSetConnectionEnd()

error_t tlsSetConnectionEnd ( TlsContext context,
TlsConnectionEnd  entity 
)

Set operation mode (client or server)

Parameters
[in]contextPointer to the TLS context
[in]entitySpecifies whether this entity is considered a client or a server
Returns
Error code

Definition at line 310 of file tls.c.

◆ tlsSetCookieCallbacks()

error_t tlsSetCookieCallbacks ( TlsContext context,
DtlsCookieGenerateCallback  cookieGenerateCallback,
DtlsCookieVerifyCallback  cookieVerifyCallback,
void *  param 
)

Set cookie generation/verification callbacks (for DTLS only)

Parameters
[in]contextPointer to the TLS context
[in]cookieGenerateCallbackCookie generation callback function
[in]cookieVerifyCallbackCookie verification callback function
[in]paramAn opaque pointer passed to the callback functions
Returns
Error code

Definition at line 1375 of file tls.c.

◆ tlsSetDhParameters()

error_t tlsSetDhParameters ( TlsContext context,
const char_t params,
size_t  length 
)

Import Diffie-Hellman parameters.

Parameters
[in]contextPointer to the TLS context
[in]paramsPEM structure that holds Diffie-Hellman parameters
[in]lengthTotal length of the DER structure
Returns
Error code

Definition at line 644 of file tls.c.

◆ tlsSetEcdhCallback()

error_t tlsSetEcdhCallback ( TlsContext context,
TlsEcdhCallback  ecdhCallback 
)

Register ECDH key agreement callback function.

Parameters
[in]contextPointer to the TLS context
[in]ecdhCallbackECDH callback function
Returns
Error code

Definition at line 672 of file tls.c.

◆ tlsSetEcdsaSignCallback()

error_t tlsSetEcdsaSignCallback ( TlsContext context,
TlsEcdsaSignCallback  ecdsaSignCallback 
)

ECDSA signature generation callback function.

Parameters
[in]contextPointer to the TLS context
[in]ecdsaSignCallbackECDSA signature generation callback function
Returns
Error code

Definition at line 698 of file tls.c.

◆ tlsSetEcdsaVerifyCallback()

error_t tlsSetEcdsaVerifyCallback ( TlsContext context,
TlsEcdsaVerifyCallback  ecdsaVerifyCallback 
)

Register ECDSA signature verification callback function.

Parameters
[in]contextPointer to the TLS context
[in]ecdsaVerifyCallbackECDSA signature verification callback function
Returns
Error code

Definition at line 725 of file tls.c.

◆ tlsSetKeyLogCallback()

error_t tlsSetKeyLogCallback ( TlsContext context,
TlsKeyLogCallback  keyLogCallback 
)

Register key logging callback function (for debugging purpose only)

Parameters
[in]contextPointer to the TLS context
[in]keyLogCallbackKey logging callback function
Returns
Error code

Definition at line 752 of file tls.c.

◆ tlsSetMaxEarlyDataSize()

error_t tlsSetMaxEarlyDataSize ( TlsContext context,
size_t  maxEarlyDataSize 
)

Send the maximum amount of 0-RTT data the server can accept.

Parameters
[in]contextPointer to the TLS context
[in]maxEarlyDataSizeMaximum amount of 0-RTT data that the client is allowed to send
Returns
Error code

Definition at line 1439 of file tls.c.

◆ tlsSetMaxFragmentLength()

error_t tlsSetMaxFragmentLength ( TlsContext context,
size_t  maxFragLen 
)

Set maximum fragment length.

Parameters
[in]contextPointer to the TLS context
[in]maxFragLenMaximum fragment length
Returns
Error code

Definition at line 527 of file tls.c.

◆ tlsSetPmtu()

error_t tlsSetPmtu ( TlsContext context,
size_t  pmtu 
)

Set PMTU value (for DTLS only)

Parameters
[in]contextPointer to the TLS context
[in]pmtuPMTU value
Returns
Error code

Definition at line 1317 of file tls.c.

◆ tlsSetPreferredGroup()

error_t tlsSetPreferredGroup ( TlsContext context,
uint16_t  group 
)

Specify the preferred ECDHE or FFDHE group.

Parameters
[in]contextPointer to the TLS context
[in]groupPreferred ECDHE or FFDHE named group
Returns
Error code

Definition at line 617 of file tls.c.

◆ tlsSetPrng()

error_t tlsSetPrng ( TlsContext context,
const PrngAlgo prngAlgo,
void *  prngContext 
)

Set the pseudo-random number generator to be used.

Parameters
[in]contextPointer to the TLS context
[in]prngAlgoPRNG algorithm
[in]prngContextPointer to the PRNG context
Returns
Error code

Definition at line 336 of file tls.c.

◆ tlsSetPsk()

error_t tlsSetPsk ( TlsContext context,
const uint8_t *  psk,
size_t  length 
)

Set the pre-shared key to be used.

Parameters
[in]contextPointer to the TLS context
[in]pskPointer to the pre-shared key
[in]lengthLength of the pre-shared key, in bytes
Returns
Error code

Definition at line 881 of file tls.c.

◆ tlsSetPskCallback()

error_t tlsSetPskCallback ( TlsContext context,
TlsPskCallback  pskCallback 
)

Register the PSK callback function.

Parameters
[in]contextPointer to the TLS context
[in]pskCallbackPSK callback function
Returns
Error code

Definition at line 1040 of file tls.c.

◆ tlsSetPskIdentity()

error_t tlsSetPskIdentity ( TlsContext context,
const char_t pskIdentity 
)

Set the PSK identity to be used by the client.

Parameters
[in]contextPointer to the TLS context
[in]pskIdentityNULL-terminated string that contains the PSK identity
Returns
Error code

Definition at line 942 of file tls.c.

◆ tlsSetPskIdentityHint()

error_t tlsSetPskIdentityHint ( TlsContext context,
const char_t pskIdentityHint 
)

Set the PSK identity hint to be used by the server.

Parameters
[in]contextPointer to the TLS context
[in]pskIdentityHintNULL-terminated string that contains the PSK identity hint
Returns
Error code

Definition at line 991 of file tls.c.

◆ tlsSetRpkVerifyCallback()

error_t tlsSetRpkVerifyCallback ( TlsContext context,
TlsRpkVerifyCallback  rpkVerifyCallback 
)

Register the raw public key verification callback function.

Parameters
[in]contextPointer to the TLS context
[in]rpkVerifyCallbackRPK verification callback function
Returns
Error code

Definition at line 1066 of file tls.c.

◆ tlsSetServerName()

error_t tlsSetServerName ( TlsContext context,
const char_t serverName 
)

Set the server name.

Parameters
[in]contextPointer to the TLS context
[in]serverNameFully qualified domain name of the server
Returns
Error code

Definition at line 363 of file tls.c.

◆ tlsSetSocketCallbacks()

error_t tlsSetSocketCallbacks ( TlsContext context,
TlsSocketSendCallback  socketSendCallback,
TlsSocketReceiveCallback  socketReceiveCallback,
TlsSocketHandle  handle 
)

Set socket send and receive callbacks.

Parameters
[in]contextPointer to the TLS context
[in]socketSendCallbackSend callback function
[in]socketReceiveCallbackReceive callback function
[in]handleSocket handle
Returns
Error code

Definition at line 215 of file tls.c.

◆ tlsSetSupportedGroups()

error_t tlsSetSupportedGroups ( TlsContext context,
const uint16_t *  groups,
uint_t  length 
)

Specify the list of allowed ECDHE and FFDHE groups.

Parameters
[in]contextPointer to the TLS context
[in]groupsList of named groups
[in]lengthNumber of named groups in the list
Returns
Error code

Definition at line 590 of file tls.c.

◆ tlsSetTicketCallbacks()

error_t tlsSetTicketCallbacks ( TlsContext context,
TlsTicketEncryptCallback  ticketEncryptCallback,
TlsTicketDecryptCallback  ticketDecryptCallback,
void *  param 
)

Set ticket encryption/decryption callbacks.

Parameters
[in]contextPointer to the TLS context
[in]ticketEncryptCallbackTicket encryption callback function
[in]ticketDecryptCallbackTicket decryption callback function
[in]paramAn opaque pointer passed to the callback functions
Returns
Error code

Definition at line 1285 of file tls.c.

◆ tlsSetTimeout()

error_t tlsSetTimeout ( TlsContext context,
systime_t  timeout 
)

Set timeout for blocking calls (for DTLS only)

Parameters
[in]contextPointer to the TLS context
[in]timeoutMaximum time to wait
Returns
Error code

Definition at line 1347 of file tls.c.

◆ tlsSetTransportProtocol()

error_t tlsSetTransportProtocol ( TlsContext context,
TlsTransportProtocol  transportProtocol 
)

Set the transport protocol to be used.

Parameters
[in]contextPointer to the TLS context
[in]transportProtocolTransport protocol to be used
Returns
Error code

Definition at line 281 of file tls.c.

◆ tlsSetTrustedCaList()

error_t tlsSetTrustedCaList ( TlsContext context,
const char_t trustedCaList,
size_t  length 
)

Import a trusted CA list.

Parameters
[in]contextPointer to the TLS context
[in]trustedCaListList of trusted CA (PEM format)
[in]lengthTotal length of the list
Returns
Error code

Definition at line 1094 of file tls.c.

◆ tlsSetVersion()

error_t tlsSetVersion ( TlsContext context,
uint16_t  versionMin,
uint16_t  versionMax 
)

Set minimum and maximum versions permitted.

Parameters
[in]contextPointer to the TLS context
[in]versionMinMinimum version accepted by the TLS implementation
[in]versionMaxMaximum version accepted by the TLS implementation
Returns
Error code

Definition at line 247 of file tls.c.

◆ tlsShutdown()

error_t tlsShutdown ( TlsContext context)

Gracefully close TLS session.

Parameters
[in]contextPointer to the TLS context

Definition at line 2018 of file tls.c.

◆ tlsShutdownEx()

error_t tlsShutdownEx ( TlsContext context,
bool_t  waitForCloseNotify 
)

Gracefully close TLS session.

Parameters
[in]contextPointer to the TLS context
[in]waitForCloseNotifyWait for the close notify alert from the peer

Definition at line 2031 of file tls.c.

◆ tlsWrite()

error_t tlsWrite ( TlsContext context,
const void *  data,
size_t  length,
size_t *  written,
uint_t  flags 
)

Send application data to the remote host using TLS.

Parameters
[in]contextPointer to the TLS context
[in]dataPointer to a buffer containing the data to be transmitted
[in]lengthNumber of bytes to be transmitted
[out]writtenActual number of bytes written (optional parameter)
[in]flagsSet of flags that influences the behavior of this function
Returns
Error code

Definition at line 1622 of file tls.c.

◆ tlsWriteEarlyData()

error_t tlsWriteEarlyData ( TlsContext context,
const void *  data,
size_t  length,
size_t *  written,
uint_t  flags 
)

Send early data to the remote TLS server.

Parameters
[in]contextPointer to the TLS context
[in]dataPointer to a buffer containing the data to be transmitted
[in]lengthNumber of bytes to be transmitted
[out]writtenActual number of bytes written (optional parameter)
[in]flagsSet of flags that influences the behavior of this function
Returns
Error code

Definition at line 1468 of file tls.c.

Variable Documentation

◆ algorithm

TlsSignHashAlgo algorithm

Definition at line 1563 of file tls.h.

◆ b

uint8_t b[8]

Definition at line 1317 of file tls.h.

◆ certificateTypes

uint8_t certificateTypes[]

Definition at line 1648 of file tls.h.

◆ certificateTypesLen

uint8_t certificateTypesLen

Definition at line 1647 of file tls.h.

◆ clientVersion

uint16_t clientVersion

Definition at line 1607 of file tls.h.

◆ data

uint8_t data[]

Definition at line 1578 of file tls.h.

◆ description

uint8_t description

Definition at line 1697 of file tls.h.

◆ hash

uint8_t hash

Definition at line 1363 of file tls.h.

◆ hostname

char_t hostname[]

Definition at line 1443 of file tls.h.

◆ length

uint8_t length[3]

Definition at line 1334 of file tls.h.

◆ level

uint8_t level

Definition at line 1696 of file tls.h.

◆ msgType

uint8_t msgType

Definition at line 1588 of file tls.h.

◆ random

uint8_t random[32]

Definition at line 1608 of file tls.h.

◆ serverVersion

uint16_t serverVersion

Definition at line 1620 of file tls.h.

◆ sessionId

uint8_t sessionId[]

Definition at line 1610 of file tls.h.

◆ sessionIdLen

uint8_t sessionIdLen

Definition at line 1609 of file tls.h.

◆ signature

uint8_t signature

Definition at line 1364 of file tls.h.

◆ type

uint8_t type

Definition at line 1407 of file tls.h.

◆ value

uint8_t value[]

Definition at line 1335 of file tls.h.

◆ version

uint16_t version

Definition at line 1576 of file tls.h.