tls.h File Reference

TLS (Transport Layer Security) More...

#include "os_port.h"
#include "core/crypto.h"
#include "tls_config.h"
#include "tls_legacy.h"
#include "tls13_misc.h"
#include "dtls_misc.h"
#include "mac/hmac.h"
#include "pkc/rsa.h"
#include "pkc/dsa.h"
#include "ecc/ecdsa.h"
#include "pkc/dh.h"
#include "ecc/ecdh.h"
#include "aead/gcm.h"
#include "pkix/x509_common.h"

Go to the source code of this file.

Data Structures

struct  TlsCipherSuiteInfo
 Structure describing a cipher suite. More...
 
struct  TlsSessionState
 TLS session state. More...
 
struct  TlsCache
 Session cache. More...
 
struct  TlsCertDesc
 Certificate descriptor. More...
 
struct  TlsHelloExtensions
 Hello extensions. More...
 
struct  TlsEncryptionEngine
 Encryption engine. More...
 
struct  _TlsContext
 TLS context. More...
 

Macros

#define TlsContext   struct _TlsContext
 
#define CYCLONE_SSL_VERSION_STRING   "1.9.6"
 
#define CYCLONE_SSL_MAJOR_VERSION   1
 
#define CYCLONE_SSL_MINOR_VERSION   9
 
#define CYCLONE_SSL_REV_NUMBER   6
 
#define SSL_VERSION_3_0   0x0300
 
#define TLS_VERSION_1_0   0x0301
 
#define TLS_VERSION_1_1   0x0302
 
#define TLS_VERSION_1_2   0x0303
 
#define TLS_VERSION_1_3   0x0304
 
#define TLS_SUPPORT   ENABLED
 
#define TLS_CLIENT_SUPPORT   ENABLED
 
#define TLS_SERVER_SUPPORT   ENABLED
 
#define TLS_MIN_VERSION   TLS_VERSION_1_0
 
#define TLS_MAX_VERSION   TLS_VERSION_1_2
 
#define TLS_SESSION_RESUME_SUPPORT   ENABLED
 
#define TLS_SESSION_CACHE_LIFETIME   3600000
 
#define TLS_TICKET_SUPPORT   DISABLED
 
#define TLS_TICKET_LIFETIME   3600000
 
#define TLS_SNI_SUPPORT   ENABLED
 
#define TLS_MAX_FRAG_LEN_SUPPORT   DISABLED
 
#define TLS_RECORD_SIZE_LIMIT_SUPPORT   ENABLED
 
#define TLS_ALPN_SUPPORT   DISABLED
 
#define TLS_EXT_MASTER_SECRET_SUPPORT   ENABLED
 
#define TLS_CLIENT_HELLO_PADDING_SUPPORT   ENABLED
 
#define TLS_SIGN_ALGOS_CERT_SUPPORT   DISABLED
 
#define TLS_RAW_PUBLIC_KEY_SUPPORT   DISABLED
 
#define TLS_SECURE_RENEGOTIATION_SUPPORT   DISABLED
 
#define TLS_FALLBACK_SCSV_SUPPORT   DISABLED
 
#define TLS_ECC_CALLBACK_SUPPORT   DISABLED
 
#define TLS_MAX_CERTIFICATES   3
 
#define TLS_RSA_KE_SUPPORT   ENABLED
 
#define TLS_DHE_RSA_KE_SUPPORT   ENABLED
 
#define TLS_DHE_DSS_KE_SUPPORT   DISABLED
 
#define TLS_DH_ANON_KE_SUPPORT   DISABLED
 
#define TLS_ECDHE_RSA_KE_SUPPORT   ENABLED
 
#define TLS_ECDHE_ECDSA_KE_SUPPORT   ENABLED
 
#define TLS_ECDH_ANON_KE_SUPPORT   DISABLED
 
#define TLS_PSK_KE_SUPPORT   DISABLED
 
#define TLS_RSA_PSK_KE_SUPPORT   DISABLED
 
#define TLS_DHE_PSK_KE_SUPPORT   DISABLED
 
#define TLS_ECDHE_PSK_KE_SUPPORT   DISABLED
 
#define TLS_RSA_SIGN_SUPPORT   ENABLED
 
#define TLS_RSA_PSS_SIGN_SUPPORT   ENABLED
 
#define TLS_DSA_SIGN_SUPPORT   DISABLED
 
#define TLS_ECDSA_SIGN_SUPPORT   ENABLED
 
#define TLS_EDDSA_SIGN_SUPPORT   DISABLED
 
#define TLS_NULL_CIPHER_SUPPORT   DISABLED
 
#define TLS_STREAM_CIPHER_SUPPORT   DISABLED
 
#define TLS_CBC_CIPHER_SUPPORT   ENABLED
 
#define TLS_CCM_CIPHER_SUPPORT   DISABLED
 
#define TLS_CCM_8_CIPHER_SUPPORT   DISABLED
 
#define TLS_GCM_CIPHER_SUPPORT   ENABLED
 
#define TLS_CHACHA20_POLY1305_SUPPORT   DISABLED
 
#define TLS_RC4_SUPPORT   DISABLED
 
#define TLS_IDEA_SUPPORT   DISABLED
 
#define TLS_DES_SUPPORT   DISABLED
 
#define TLS_3DES_SUPPORT   DISABLED
 
#define TLS_AES_SUPPORT   ENABLED
 
#define TLS_CAMELLIA_SUPPORT   DISABLED
 
#define TLS_SEED_SUPPORT   DISABLED
 
#define TLS_ARIA_SUPPORT   DISABLED
 
#define TLS_MD5_SUPPORT   DISABLED
 
#define TLS_SHA1_SUPPORT   ENABLED
 
#define TLS_SHA224_SUPPORT   DISABLED
 
#define TLS_SHA256_SUPPORT   ENABLED
 
#define TLS_SHA384_SUPPORT   ENABLED
 
#define TLS_SHA512_SUPPORT   DISABLED
 
#define TLS_FFDHE_SUPPORT   DISABLED
 
#define TLS_FFDHE2048_SUPPORT   ENABLED
 
#define TLS_FFDHE3072_SUPPORT   DISABLED
 
#define TLS_FFDHE4096_SUPPORT   DISABLED
 
#define TLS_SECP160K1_SUPPORT   DISABLED
 
#define TLS_SECP160R1_SUPPORT   DISABLED
 
#define TLS_SECP160R2_SUPPORT   DISABLED
 
#define TLS_SECP192K1_SUPPORT   DISABLED
 
#define TLS_SECP192R1_SUPPORT   DISABLED
 
#define TLS_SECP224K1_SUPPORT   DISABLED
 
#define TLS_SECP224R1_SUPPORT   DISABLED
 
#define TLS_SECP256K1_SUPPORT   DISABLED
 
#define TLS_SECP256R1_SUPPORT   ENABLED
 
#define TLS_SECP384R1_SUPPORT   ENABLED
 
#define TLS_SECP521R1_SUPPORT   DISABLED
 
#define TLS_BRAINPOOLP256R1_SUPPORT   DISABLED
 
#define TLS_BRAINPOOLP384R1_SUPPORT   DISABLED
 
#define TLS_BRAINPOOLP512R1_SUPPORT   DISABLED
 
#define TLS_X25519_SUPPORT   DISABLED
 
#define TLS_X448_SUPPORT   DISABLED
 
#define TLS_ED25519_SUPPORT   ENABLED
 
#define TLS_ED448_SUPPORT   DISABLED
 
#define TLS_CERT_KEY_USAGE_SUPPORT   ENABLED
 
#define TLS_KEY_LOG_SUPPORT   DISABLED
 
#define TLS_MAX_SERVER_NAME_LEN   255
 
#define TLS_MIN_DH_MODULUS_SIZE   1024
 
#define TLS_MAX_DH_MODULUS_SIZE   4096
 
#define TLS_MIN_RSA_MODULUS_SIZE   1024
 
#define TLS_MAX_RSA_MODULUS_SIZE   4096
 
#define TLS_MIN_DSA_MODULUS_SIZE   1024
 
#define TLS_MAX_DSA_MODULUS_SIZE   4096
 
#define TLS_PREMASTER_SECRET_SIZE   256
 
#define TLS_MAX_WARNING_ALERTS   0
 
#define TLS_MAX_EMPTY_RECORDS   0
 
#define TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES   0
 
#define TLS_MAX_KEY_UPDATE_MESSAGES   0
 
#define tlsAllocMem(size)   osAllocMem(size)
 
#define tlsFreeMem(p)   osFreeMem(p)
 
#define TLS_DH_SUPPORT   DISABLED
 
#define TLS_ECDH_SUPPORT   DISABLED
 
#define TLS_RSA_SUPPORT   DISABLED
 
#define TLS_PSK_SUPPORT   DISABLED
 
#define TLS_MAX_HKDF_DIGEST_SIZE   48
 
#define tlsSetSocket(context, socket)
 
#define TLS_MIN_RECORD_LENGTH   512
 
#define TLS_MAX_RECORD_LENGTH   16384
 
#define TLS_MAX_RECORD_OVERHEAD   512
 
#define TLS_RANDOM_SIZE   32
 
#define TLS_MASTER_SECRET_SIZE   48
 
#define TLS_FLAG_BREAK(c)   (TLS_FLAG_BREAK_CHAR | LSB(c))
 

Typedefs

struct {
   uint8_t   b [8]
 
TlsSequenceNumber
 Sequence number. More...
 
struct {
   uint16_t   length
 
   uint16_t   value []
 
TlsCipherSuites
 Cipher suites. More...
 
struct {
   uint8_t   length
 
   uint8_t   value []
 
TlsCompressMethods
 Compression methods. More...
 
struct {
   uint8_t   hash
 
   uint8_t   signature
 
TlsSignHashAlgo
 Signature algorithm. More...
 
struct {
   uint16_t   length
 
   TlsSignHashAlgo   value []
 
TlsSignHashAlgos
 List of signature algorithms. More...
 
struct {
   uint8_t   length [3]
 
   uint8_t   value []
 
TlsCertificateList
 List of certificates. More...
 
struct {
   uint16_t   length
 
   uint8_t   value []
 
TlsCertAuthorities
 List of certificate authorities. More...
 
struct {
   uint16_t   type
 
   uint16_t   length
 
   uint8_t   value []
 
TlsExtension
 TLS extension. More...
 
struct {
   uint16_t   length
 
   uint8_t   value []
 
TlsExtensionList
 List of TLS extensions. More...
 
struct {
   uint8_t   length
 
   uint16_t   value []
 
TlsSupportedVersionList
 List of supported versions. More...
 
struct {
   uint8_t   type
 
   uint16_t   length
 
   char_t   hostname []
 
TlsServerName
 Server name. More...
 
struct {
   uint16_t   length
 
   uint8_t   value []
 
TlsServerNameList
 List of server names. More...
 
struct {
   uint8_t   length
 
   char_t   value []
 
TlsProtocolName
 Protocol name. More...
 
struct {
   uint16_t   length
 
   uint8_t   value []
 
TlsProtocolNameList
 List of protocol names. More...
 
struct {
   uint16_t   length
 
   uint16_t   value []
 
TlsSupportedGroupList
 List of supported groups. More...
 
struct {
   uint8_t   length
 
   uint8_t   value []
 
TlsEcPointFormatList
 List of supported EC point formats. More...
 
struct {
   uint8_t   length
 
   uint8_t   value []
 
TlsCertTypeList
 List of supported certificate types. More...
 
struct {
   uint8_t   length
 
   uint8_t   value []
 
TlsRenegoInfo
 Renegotiated connection. More...
 
struct {
   uint16_t   length
 
   uint8_t   value []
 
TlsPskIdentity
 PSK identity. More...
 
struct {
   uint16_t   length
 
   uint8_t   value []
 
TlsPskIdentityHint
 PSK identity hint. More...
 
struct {
   uint16_t   length
 
   uint8_t   value []
 
TlsDigitalSignature
 Digitally-signed element (SSL 3.0, TLS 1.0 and TLS 1.1) More...
 
struct {
   TlsSignHashAlgo   algorithm
 
   uint16_t   length
 
   uint8_t   value []
 
Tls12DigitalSignature
 Digitally-signed element (TLS 1.2) More...
 
struct {
   uint8_t   type
 
   uint16_t   version
 
   uint16_t   length
 
   uint8_t   data []
 
TlsRecord
 TLS record. More...
 
struct {
   uint8_t   msgType
 
   uint8_t   length [3]
 
   uint8_t   data []
 
TlsHandshake
 TLS handshake message. More...
 
typedef void TlsHelloRequest
 HelloRequest message. More...
 
struct {
   uint16_t   clientVersion
 
   uint8_t   random [32]
 
   uint8_t   sessionIdLen
 
   uint8_t   sessionId []
 
TlsClientHello
 ClientHello message. More...
 
struct {
   uint16_t   serverVersion
 
   uint8_t   random [32]
 
   uint8_t   sessionIdLen
 
   uint8_t   sessionId []
 
TlsServerHello
 ServerHello message. More...
 
typedef void TlsCertificate
 Certificate message. More...
 
typedef void TlsServerKeyExchange
 ServerKeyExchange message. More...
 
struct {
   uint8_t   certificateTypesLen
 
   uint8_t   certificateTypes []
 
TlsCertificateRequest
 CertificateRequest message. More...
 
typedef void TlsServerHelloDone
 ServerHelloDone message. More...
 
typedef void TlsClientKeyExchange
 ClientKeyExchange message. More...
 
typedef void TlsCertificateVerify
 CertificateVerify message. More...
 
typedef void TlsFinished
 Finished message. More...
 
struct {
   uint8_t   type
 
TlsChangeCipherSpec
 ChangeCipherSpec message. More...
 
struct {
   uint8_t   level
 
   uint8_t   description
 
TlsAlert
 Alert message. More...
 
typedef void * TlsSocketHandle
 Socket handle. More...
 
typedef error_t(* TlsSocketSendCallback) (TlsSocketHandle handle, const void *data, size_t length, size_t *written, uint_t flags)
 Socket send callback function. More...
 
typedef error_t(* TlsSocketReceiveCallback) (TlsSocketHandle handle, void *data, size_t size, size_t *received, uint_t flags)
 Socket receive callback function. More...
 
typedef error_t(* TlsPskCallback) (TlsContext *context, const uint8_t *pskIdentity, size_t pskIdentityLen)
 Pre-shared key callback function. More...
 
typedef error_t(* TlsCertVerifyCallback) (TlsContext *context, const X509CertificateInfo *certInfo, uint_t pathLen, void *param)
 Certificate verification callback function. More...
 
typedef error_t(* TlsRpkVerifyCallback) (TlsContext *context, const uint8_t *rawPublicKey, size_t rawPublicKeyLen)
 Raw public key verification callback function. More...
 
typedef error_t(* TlsTicketEncryptCallback) (TlsContext *context, const uint8_t *plaintext, size_t plaintextLen, uint8_t *ciphertext, size_t *ciphertextLen, void *param)
 Ticket encryption callback function. More...
 
typedef error_t(* TlsTicketDecryptCallback) (TlsContext *context, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen, void *param)
 Ticket decryption callback function. More...
 
typedef error_t(* TlsEcdhCallback) (TlsContext *context)
 ECDH key agreement callback function. More...
 
typedef error_t(* TlsEcdsaSignCallback) (TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
 ECDSA signature generation callback function. More...
 
typedef error_t(* TlsEcdsaVerifyCallback) (TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
 ECDSA signature verification callback function. More...
 
typedef void(* TlsKeyLogCallback) (TlsContext *context, const char_t *key)
 Key logging callback function (for debugging purpose only) More...
 

Enumerations

enum  TlsTransportProtocol { TLS_TRANSPORT_PROTOCOL_STREAM = 0, TLS_TRANSPORT_PROTOCOL_DATAGRAM = 1 }
 TLS transport protocols. More...
 
enum  TlsConnectionEnd { TLS_CONNECTION_END_CLIENT = 0, TLS_CONNECTION_END_SERVER = 1 }
 TLS connection end. More...
 
enum  TlsClientAuthMode { TLS_CLIENT_AUTH_NONE = 0, TLS_CLIENT_AUTH_OPTIONAL = 1, TLS_CLIENT_AUTH_REQUIRED = 2 }
 Client authentication mode. More...
 
enum  TlsEarlyDataStatus { TLS_EARLY_DATA_REJECTED = 0, TLS_EARLY_DATA_ACCEPTED = 1 }
 Early data status. More...
 
enum  TlsFlags {
  TLS_FLAG_PEEK = 0x0200, TLS_FLAG_WAIT_ALL = 0x0800, TLS_FLAG_BREAK_CHAR = 0x1000, TLS_FLAG_BREAK_CRLF = 0x100A,
  TLS_FLAG_WAIT_ACK = 0x2000, TLS_FLAG_NO_DELAY = 0x4000, TLS_FLAG_DELAY = 0x8000
}
 Flags used by read and write functions. More...
 
enum  TlsContentType {
  TLS_TYPE_NONE = 0, TLS_TYPE_CHANGE_CIPHER_SPEC = 20, TLS_TYPE_ALERT = 21, TLS_TYPE_HANDSHAKE = 22,
  TLS_TYPE_APPLICATION_DATA = 23, TLS_TYPE_HEARTBEAT = 24, TLS_TYPE_ACK = 25
}
 Content type. More...
 
enum  TlsMessageType {
  TLS_TYPE_HELLO_REQUEST = 0, TLS_TYPE_CLIENT_HELLO = 1, TLS_TYPE_SERVER_HELLO = 2, TLS_TYPE_HELLO_VERIFY_REQUEST = 3,
  TLS_TYPE_NEW_SESSION_TICKET = 4, TLS_TYPE_END_OF_EARLY_DATA = 5, TLS_TYPE_HELLO_RETRY_REQUEST = 6, TLS_TYPE_ENCRYPTED_EXTENSIONS = 8,
  TLS_TYPE_CERTIFICATE = 11, TLS_TYPE_SERVER_KEY_EXCHANGE = 12, TLS_TYPE_CERTIFICATE_REQUEST = 13, TLS_TYPE_SERVER_HELLO_DONE = 14,
  TLS_TYPE_CERTIFICATE_VERIFY = 15, TLS_TYPE_CLIENT_KEY_EXCHANGE = 16, TLS_TYPE_FINISHED = 20, TLS_TYPE_CERTIFICATE_URL = 21,
  TLS_TYPE_CERTIFICATE_STATUS = 22, TLS_TYPE_SUPPLEMENTAL_DATA = 23, TLS_TYPE_KEY_UPDATE = 24, TLS_TYPE_MESSAGE_HASH = 254
}
 Handshake message type. More...
 
enum  TlsAlertLevel { TLS_ALERT_LEVEL_WARNING = 1, TLS_ALERT_LEVEL_FATAL = 2 }
 Alert level. More...
 
enum  TlsAlertDescription {
  TLS_ALERT_CLOSE_NOTIFY = 0, TLS_ALERT_UNEXPECTED_MESSAGE = 10, TLS_ALERT_BAD_RECORD_MAC = 20, TLS_ALERT_DECRYPTION_FAILED = 21,
  TLS_ALERT_RECORD_OVERFLOW = 22, TLS_ALERT_DECOMPRESSION_FAILURE = 30, TLS_ALERT_HANDSHAKE_FAILURE = 40, TLS_ALERT_NO_CERTIFICATE = 41,
  TLS_ALERT_BAD_CERTIFICATE = 42, TLS_ALERT_UNSUPPORTED_CERTIFICATE = 43, TLS_ALERT_CERTIFICATE_REVOKED = 44, TLS_ALERT_CERTIFICATE_EXPIRED = 45,
  TLS_ALERT_CERTIFICATE_UNKNOWN = 46, TLS_ALERT_ILLEGAL_PARAMETER = 47, TLS_ALERT_UNKNOWN_CA = 48, TLS_ALERT_ACCESS_DENIED = 49,
  TLS_ALERT_DECODE_ERROR = 50, TLS_ALERT_DECRYPT_ERROR = 51, TLS_ALERT_EXPORT_RESTRICTION = 60, TLS_ALERT_PROTOCOL_VERSION = 70,
  TLS_ALERT_INSUFFICIENT_SECURITY = 71, TLS_ALERT_INTERNAL_ERROR = 80, TLS_ALERT_INAPPROPRIATE_FALLBACK = 86, TLS_ALERT_USER_CANCELED = 90,
  TLS_ALERT_NO_RENEGOTIATION = 100, TLS_ALERT_MISSING_EXTENSION = 109, TLS_ALERT_UNSUPPORTED_EXTENSION = 110, TLS_ALERT_CERTIFICATE_UNOBTAINABLE = 111,
  TLS_ALERT_UNRECOGNIZED_NAME = 112, TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE = 113, TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE = 114, TLS_ALERT_UNKNOWN_PSK_IDENTITY = 115,
  TLS_ALERT_CERTIFICATE_REQUIRED = 116, TLS_ALERT_NO_APPLICATION_PROTOCOL = 120
}
 Alert description. More...
 
enum  TlsCompressMethod { TLS_COMPRESSION_METHOD_NULL = 0, TLS_COMPRESSION_METHOD_DEFLATE = 1 }
 Compression methods. More...
 
enum  TlsKeyExchMethod {
  TLS_KEY_EXCH_NONE = 0, TLS_KEY_EXCH_RSA = 1, TLS_KEY_EXCH_DH_RSA = 2, TLS_KEY_EXCH_DHE_RSA = 3,
  TLS_KEY_EXCH_DH_DSS = 4, TLS_KEY_EXCH_DHE_DSS = 5, TLS_KEY_EXCH_DH_ANON = 6, TLS_KEY_EXCH_ECDH_RSA = 7,
  TLS_KEY_EXCH_ECDHE_RSA = 8, TLS_KEY_EXCH_ECDH_ECDSA = 9, TLS_KEY_EXCH_ECDHE_ECDSA = 10, TLS_KEY_EXCH_ECDH_ANON = 11,
  TLS_KEY_EXCH_PSK = 12, TLS_KEY_EXCH_RSA_PSK = 13, TLS_KEY_EXCH_DHE_PSK = 14, TLS_KEY_EXCH_ECDHE_PSK = 15,
  TLS_KEY_EXCH_SRP_SHA = 16, TLS_KEY_EXCH_SRP_SHA_RSA = 17, TLS_KEY_EXCH_SRP_SHA_DSS = 18, TLS13_KEY_EXCH_DHE = 19,
  TLS13_KEY_EXCH_ECDHE = 20, TLS13_KEY_EXCH_PSK = 21, TLS13_KEY_EXCH_PSK_DHE = 22, TLS13_KEY_EXCH_PSK_ECDHE = 23
}
 Key exchange methods. More...
 
enum  TlsCertificateFormat { TLS_CERT_FORMAT_X509 = 0, TLS_CERT_FORMAT_OPEN_PGP = 1, TLS_CERT_FORMAT_RAW_PUBLIC_KEY = 2 }
 Certificate formats. More...
 
enum  TlsCertificateType {
  TLS_CERT_NONE = 0, TLS_CERT_RSA_SIGN = 1, TLS_CERT_DSS_SIGN = 2, TLS_CERT_RSA_FIXED_DH = 3,
  TLS_CERT_DSS_FIXED_DH = 4, TLS_CERT_RSA_EPHEMERAL_DH = 5, TLS_CERT_DSS_EPHEMERAL_DH = 6, TLS_CERT_FORTEZZA_DMS = 20,
  TLS_CERT_ECDSA_SIGN = 64, TLS_CERT_RSA_FIXED_ECDH = 65, TLS_CERT_ECDSA_FIXED_ECDH = 66, TLS_CERT_RSA_PSS_SIGN = 256,
  TLS_CERT_ED25519_SIGN = 257, TLS_CERT_ED448_SIGN = 258
}
 Certificate types. More...
 
enum  TlsHashAlgo {
  TLS_HASH_ALGO_NONE = 0, TLS_HASH_ALGO_MD5 = 1, TLS_HASH_ALGO_SHA1 = 2, TLS_HASH_ALGO_SHA224 = 3,
  TLS_HASH_ALGO_SHA256 = 4, TLS_HASH_ALGO_SHA384 = 5, TLS_HASH_ALGO_SHA512 = 6, TLS_HASH_ALGO_INTRINSIC = 8
}
 Hash algorithms. More...
 
enum  TlsSignatureAlgo {
  TLS_SIGN_ALGO_ANONYMOUS = 0, TLS_SIGN_ALGO_RSA = 1, TLS_SIGN_ALGO_DSA = 2, TLS_SIGN_ALGO_ECDSA = 3,
  TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA256 = 4, TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA384 = 5, TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA512 = 6, TLS_SIGN_ALGO_ED25519 = 7,
  TLS_SIGN_ALGO_ED448 = 8, TLS_SIGN_ALGO_RSA_PSS_PSS_SHA256 = 9, TLS_SIGN_ALGO_RSA_PSS_PSS_SHA384 = 10, TLS_SIGN_ALGO_RSA_PSS_PSS_SHA512 = 11,
  TLS_SIGN_ALGO_ECDSA_BRAINPOOLP256R1_TLS13_SHA256 = 26, TLS_SIGN_ALGO_ECDSA_BRAINPOOLP384R1_TLS13_SHA384 = 27, TLS_SIGN_ALGO_ECDSA_BRAINPOOLP512R1_TLS13_SHA512 = 28, TLS_SIGN_ALGO_GOSTR34102012_256 = 64,
  TLS_SIGN_ALGO_GOSTR34102012_512 = 65
}
 Signature algorithms. More...
 
enum  TlsExtensionType {
  TLS_EXT_SERVER_NAME = 0, TLS_EXT_MAX_FRAGMENT_LENGTH = 1, TLS_EXT_CLIENT_CERTIFICATE_URL = 2, TLS_EXT_TRUSTED_CA_KEYS = 3,
  TLS_EXT_TRUNCATED_HMAC = 4, TLS_EXT_STATUS_REQUEST = 5, TLS_EXT_USER_MAPPING = 6, TLS_EXT_CLIENT_AUTHZ = 7,
  TLS_EXT_SERVER_AUTHZ = 8, TLS_EXT_CERT_TYPE = 9, TLS_EXT_SUPPORTED_GROUPS = 10, TLS_EXT_EC_POINT_FORMATS = 11,
  TLS_EXT_SRP = 12, TLS_EXT_SIGNATURE_ALGORITHMS = 13, TLS_EXT_USE_SRTP = 14, TLS_EXT_HEARTBEAT = 15,
  TLS_EXT_ALPN = 16, TLS_EXT_STATUS_REQUEST_V2 = 17, TLS_EXT_SIGNED_CERT_TIMESTAMP = 18, TLS_EXT_CLIENT_CERT_TYPE = 19,
  TLS_EXT_SERVER_CERT_TYPE = 20, TLS_EXT_PADDING = 21, TLS_EXT_ENCRYPT_THEN_MAC = 22, TLS_EXT_EXTENDED_MASTER_SECRET = 23,
  TLS_EXT_CACHED_INFO = 25, TLS_EXT_RECORD_SIZE_LIMIT = 28, TLS_EXT_SESSION_TICKET = 35, TLS_EXT_PRE_SHARED_KEY = 41,
  TLS_EXT_EARLY_DATA = 42, TLS_EXT_SUPPORTED_VERSIONS = 43, TLS_EXT_COOKIE = 44, TLS_EXT_PSK_KEY_EXCHANGE_MODES = 45,
  TLS_EXT_CERTIFICATE_AUTHORITIES = 47, TLS_EXT_OID_FILTERS = 48, TLS_EXT_POST_HANDSHAKE_AUTH = 49, TLS_EXT_SIGNATURE_ALGORITHMS_CERT = 50,
  TLS_EXT_KEY_SHARE = 51, TLS_EXT_RENEGOTIATION_INFO = 65281
}
 TLS extension types. More...
 
enum  TlsNameType { TLS_NAME_TYPE_HOSTNAME = 0 }
 Name type. More...
 
enum  TlsMaxFragmentLength { TLS_MAX_FRAGMENT_LENGTH_512 = 1, TLS_MAX_FRAGMENT_LENGTH_1024 = 2, TLS_MAX_FRAGMENT_LENGTH_2048 = 3, TLS_MAX_FRAGMENT_LENGTH_4096 = 4 }
 Maximum fragment length. More...
 
enum  TlsNamedGroup {
  TLS_GROUP_NONE = 0, TLS_GROUP_SECT163K1 = 1, TLS_GROUP_SECT163R1 = 2, TLS_GROUP_SECT163R2 = 3,
  TLS_GROUP_SECT193R1 = 4, TLS_GROUP_SECT193R2 = 5, TLS_GROUP_SECT233K1 = 6, TLS_GROUP_SECT233R1 = 7,
  TLS_GROUP_SECT239K1 = 8, TLS_GROUP_SECT283K1 = 9, TLS_GROUP_SECT283R1 = 10, TLS_GROUP_SECT409K1 = 11,
  TLS_GROUP_SECT409R1 = 12, TLS_GROUP_SECT571K1 = 13, TLS_GROUP_SECT571R1 = 14, TLS_GROUP_SECP160K1 = 15,
  TLS_GROUP_SECP160R1 = 16, TLS_GROUP_SECP160R2 = 17, TLS_GROUP_SECP192K1 = 18, TLS_GROUP_SECP192R1 = 19,
  TLS_GROUP_SECP224K1 = 20, TLS_GROUP_SECP224R1 = 21, TLS_GROUP_SECP256K1 = 22, TLS_GROUP_SECP256R1 = 23,
  TLS_GROUP_SECP384R1 = 24, TLS_GROUP_SECP521R1 = 25, TLS_GROUP_BRAINPOOLP256R1 = 26, TLS_GROUP_BRAINPOOLP384R1 = 27,
  TLS_GROUP_BRAINPOOLP512R1 = 28, TLS_GROUP_ECDH_X25519 = 29, TLS_GROUP_ECDH_X448 = 30, TLS_GROUP_BRAINPOOLP256R1_TLS13 = 31,
  TLS_GROUP_BRAINPOOLP384R1_TLS13 = 32, TLS_GROUP_BRAINPOOLP512R1_TLS13 = 33, TLS_GROUP_GC256A = 34, TLS_GROUP_GC256B = 35,
  TLS_GROUP_GC256C = 36, TLS_GROUP_GC256D = 37, TLS_GROUP_GC512A = 38, TLS_GROUP_GC512B = 39,
  TLS_GROUP_GC512C = 40, TLS_GROUP_FFDHE2048 = 256, TLS_GROUP_FFDHE3072 = 257, TLS_GROUP_FFDHE4096 = 258,
  TLS_GROUP_FFDHE6144 = 259, TLS_GROUP_FFDHE8192 = 260, TLS_GROUP_FFDHE_MAX = 511, TLS_GROUP_EXPLICIT_PRIME_CURVE = 65281,
  TLS_GROUP_EXPLICIT_CHAR2_CURVE = 65282
}
 Named groups. More...
 
enum  TlsEcPointFormat { TLS_EC_POINT_FORMAT_UNCOMPRESSED = 0, TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_PRIME = 1, TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_CHAR2 = 2 }
 EC point formats. More...
 
enum  TlsEcCurveType { TLS_EC_CURVE_TYPE_EXPLICIT_PRIME = 1, TLS_EC_CURVE_TYPE_EXPLICIT_CHAR2 = 2, TLS_EC_CURVE_TYPE_NAMED_CURVE = 3 }
 EC curve types. More...
 
enum  TlsState {
  TLS_STATE_INIT = 0, TLS_STATE_CLIENT_HELLO = 1, TLS_STATE_CLIENT_HELLO_2 = 2, TLS_STATE_EARLY_DATA = 3,
  TLS_STATE_HELLO_VERIFY_REQUEST = 4, TLS_STATE_HELLO_RETRY_REQUEST = 5, TLS_STATE_SERVER_HELLO = 6, TLS_STATE_SERVER_HELLO_2 = 7,
  TLS_STATE_SERVER_HELLO_3 = 8, TLS_STATE_HANDSHAKE_TRAFFIC_KEYS = 9, TLS_STATE_ENCRYPTED_EXTENSIONS = 10, TLS_STATE_SERVER_CERTIFICATE = 11,
  TLS_STATE_SERVER_KEY_EXCHANGE = 12, TLS_STATE_SERVER_CERTIFICATE_VERIFY = 13, TLS_STATE_CERTIFICATE_REQUEST = 14, TLS_STATE_SERVER_HELLO_DONE = 15,
  TLS_STATE_CLIENT_CERTIFICATE = 16, TLS_STATE_CLIENT_KEY_EXCHANGE = 17, TLS_STATE_CLIENT_CERTIFICATE_VERIFY = 18, TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC = 19,
  TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC_2 = 20, TLS_STATE_CLIENT_FINISHED = 21, TLS_STATE_CLIENT_APP_TRAFFIC_KEYS = 22, TLS_STATE_SERVER_CHANGE_CIPHER_SPEC = 23,
  TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2 = 24, TLS_STATE_SERVER_FINISHED = 25, TLS_STATE_END_OF_EARLY_DATA = 26, TLS_STATE_SERVER_APP_TRAFFIC_KEYS = 27,
  TLS_STATE_NEW_SESSION_TICKET = 28, TLS_STATE_KEY_UPDATE = 29, TLS_STATE_APPLICATION_DATA = 30, TLS_STATE_CLOSING = 31,
  TLS_STATE_CLOSED = 32
}
 TLS FSM states. More...
 

Functions

TlsContexttlsInit (void)
 TLS context initialization. More...
 
TlsState tlsGetState (TlsContext *context)
 Retrieve current state. More...
 
error_t tlsSetSocketCallbacks (TlsContext *context, TlsSocketSendCallback socketSendCallback, TlsSocketReceiveCallback socketReceiveCallback, TlsSocketHandle handle)
 Set socket send and receive callbacks. More...
 
error_t tlsSetVersion (TlsContext *context, uint16_t versionMin, uint16_t versionMax)
 Set minimum and maximum versions permitted. More...
 
error_t tlsSetTransportProtocol (TlsContext *context, TlsTransportProtocol transportProtocol)
 Set the transport protocol to be used. More...
 
error_t tlsSetConnectionEnd (TlsContext *context, TlsConnectionEnd entity)
 Set operation mode (client or server) More...
 
error_t tlsSetPrng (TlsContext *context, const PrngAlgo *prngAlgo, void *prngContext)
 Set the pseudo-random number generator to be used. More...
 
error_t tlsSetServerName (TlsContext *context, const char_t *serverName)
 Set the server name. More...
 
const char_ttlsGetServerName (TlsContext *context)
 Get the server name. More...
 
error_t tlsSetCache (TlsContext *context, TlsCache *cache)
 Set session cache. More...
 
error_t tlsSetClientAuthMode (TlsContext *context, TlsClientAuthMode mode)
 Set client authentication mode (for servers only) More...
 
error_t tlsSetBufferSize (TlsContext *context, size_t txBufferSize, size_t rxBufferSize)
 Set TLS buffer size. More...
 
error_t tlsSetMaxFragmentLength (TlsContext *context, size_t maxFragLen)
 Set maximum fragment length. More...
 
error_t tlsSetCipherSuites (TlsContext *context, const uint16_t *cipherSuites, uint_t length)
 Specify the list of allowed cipher suites. More...
 
error_t tlsSetSupportedGroups (TlsContext *context, const uint16_t *groups, uint_t length)
 Specify the list of allowed ECDHE and FFDHE groups. More...
 
error_t tlsSetPreferredGroup (TlsContext *context, uint16_t group)
 Specify the preferred ECDHE or FFDHE group. More...
 
error_t tlsSetDhParameters (TlsContext *context, const char_t *params, size_t length)
 Import Diffie-Hellman parameters. More...
 
error_t tlsSetEcdhCallback (TlsContext *context, TlsEcdhCallback ecdhCallback)
 Register ECDH key agreement callback function. More...
 
error_t tlsSetEcdsaSignCallback (TlsContext *context, TlsEcdsaSignCallback ecdsaSignCallback)
 ECDSA signature generation callback function. More...
 
error_t tlsSetEcdsaVerifyCallback (TlsContext *context, TlsEcdsaVerifyCallback ecdsaVerifyCallback)
 Register ECDSA signature verification callback function. More...
 
error_t tlsSetKeyLogCallback (TlsContext *context, TlsKeyLogCallback keyLogCallback)
 Register key logging callback function (for debugging purpose only) More...
 
error_t tlsAllowUnknownAlpnProtocols (TlsContext *context, bool_t allowed)
 Allow unknown ALPN protocols. More...
 
error_t tlsSetAlpnProtocolList (TlsContext *context, const char_t *protocolList)
 Set the list of supported ALPN protocols. More...
 
const char_ttlsGetAlpnProtocol (TlsContext *context)
 Get the name of the selected ALPN protocol. More...
 
error_t tlsSetPsk (TlsContext *context, const uint8_t *psk, size_t length)
 Set the pre-shared key to be used. More...
 
error_t tlsSetPskIdentity (TlsContext *context, const char_t *pskIdentity)
 Set the PSK identity to be used by the client. More...
 
error_t tlsSetPskIdentityHint (TlsContext *context, const char_t *pskIdentityHint)
 Set the PSK identity hint to be used by the server. More...
 
error_t tlsSetPskCallback (TlsContext *context, TlsPskCallback pskCallback)
 Register the PSK callback function. More...
 
error_t tlsSetRpkVerifyCallback (TlsContext *context, TlsRpkVerifyCallback rpkVerifyCallback)
 Register the raw public key verification callback function. More...
 
error_t tlsSetTrustedCaList (TlsContext *context, const char_t *trustedCaList, size_t length)
 Import a trusted CA list. More...
 
error_t tlsAddCertificate (TlsContext *context, const char_t *certChain, size_t certChainLen, const char_t *privateKey, size_t privateKeyLen)
 Import a certificate and the corresponding private key. More...
 
error_t tlsSetCertificateVerifyCallback (TlsContext *context, TlsCertVerifyCallback certVerifyCallback, void *param)
 Set certificate verification callback. More...
 
error_t tlsEnableSecureRenegotiation (TlsContext *context, bool_t enabled)
 Enable secure renegotiation. More...
 
error_t tlsEnableFallbackScsv (TlsContext *context, bool_t enabled)
 Perform fallback retry (for clients only) More...
 
error_t tlsSetTicketCallbacks (TlsContext *context, TlsTicketEncryptCallback ticketEncryptCallback, TlsTicketDecryptCallback ticketDecryptCallback, void *param)
 Set ticket encryption/decryption callbacks. More...
 
error_t tlsSetPmtu (TlsContext *context, size_t pmtu)
 Set PMTU value (for DTLS only) More...
 
error_t tlsSetTimeout (TlsContext *context, systime_t timeout)
 Set timeout for blocking calls (for DTLS only) More...
 
error_t tlsSetCookieCallbacks (TlsContext *context, DtlsCookieGenerateCallback cookieGenerateCallback, DtlsCookieVerifyCallback cookieVerifyCallback, void *param)
 Set cookie generation/verification callbacks (for DTLS only) More...
 
error_t tlsEnableReplayDetection (TlsContext *context, bool_t enabled)
 Enable anti-replay mechanism (for DTLS only) More...
 
error_t tlsSetMaxEarlyDataSize (TlsContext *context, size_t maxEarlyDataSize)
 Send the maximum amount of 0-RTT data the server can accept. More...
 
error_t tlsWriteEarlyData (TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
 Send early data to the remote TLS server. More...
 
error_t tlsConnect (TlsContext *context)
 Initiate the TLS handshake. More...
 
TlsEarlyDataStatus tlsGetEarlyDataStatus (TlsContext *context)
 Check whether the server has accepted or rejected the early data. More...
 
error_t tlsWrite (TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
 Send application data to the remote host using TLS. More...
 
error_t tlsRead (TlsContext *context, void *data, size_t size, size_t *received, uint_t flags)
 Receive application data from a the remote host using TLS. More...
 
bool_t tlsIsTxReady (TlsContext *context)
 Check whether some data is ready for transmission. More...
 
bool_t tlsIsRxReady (TlsContext *context)
 Check whether some data is available in the receive buffer. More...
 
error_t tlsShutdown (TlsContext *context)
 Gracefully close TLS session. More...
 
error_t tlsShutdownEx (TlsContext *context, bool_t waitForCloseNotify)
 Gracefully close TLS session. More...
 
void tlsFree (TlsContext *context)
 Release TLS context. More...
 
error_t tlsInitSessionState (TlsSessionState *session)
 Initialize session state. More...
 
error_t tlsSaveSessionState (const TlsContext *context, TlsSessionState *session)
 Save TLS session. More...
 
error_t tlsRestoreSessionState (TlsContext *context, const TlsSessionState *session)
 Restore TLS session. More...
 
void tlsFreeSessionState (TlsSessionState *session)
 Properly dispose a session state. More...
 
TlsCachetlsInitCache (uint_t size)
 Session cache initialization. More...
 
void tlsFreeCache (TlsCache *cache)
 Properly dispose a session cache. More...
 

Detailed Description

TLS (Transport Layer Security)

License

SPDX-License-Identifier: GPL-2.0-or-later

Copyright (C) 2010-2019 Oryx Embedded SARL. All rights reserved.

This file is part of CycloneSSL Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Author
Oryx Embedded SARL (www.oryx-embedded.com)
Version
1.9.6

Definition in file tls.h.

Macro Definition Documentation

◆ CYCLONE_SSL_MAJOR_VERSION

#define CYCLONE_SSL_MAJOR_VERSION   1

Definition at line 84 of file tls.h.

◆ CYCLONE_SSL_MINOR_VERSION

#define CYCLONE_SSL_MINOR_VERSION   9

Definition at line 86 of file tls.h.

◆ CYCLONE_SSL_REV_NUMBER

#define CYCLONE_SSL_REV_NUMBER   6

Definition at line 88 of file tls.h.

◆ CYCLONE_SSL_VERSION_STRING

#define CYCLONE_SSL_VERSION_STRING   "1.9.6"

Definition at line 82 of file tls.h.

◆ SSL_VERSION_3_0

#define SSL_VERSION_3_0   0x0300

Definition at line 91 of file tls.h.

◆ TLS_3DES_SUPPORT

#define TLS_3DES_SUPPORT   DISABLED

Definition at line 428 of file tls.h.

◆ TLS_AES_SUPPORT

#define TLS_AES_SUPPORT   ENABLED

Definition at line 435 of file tls.h.

◆ TLS_ALPN_SUPPORT

#define TLS_ALPN_SUPPORT   DISABLED

Definition at line 183 of file tls.h.

◆ TLS_ARIA_SUPPORT

#define TLS_ARIA_SUPPORT   DISABLED

Definition at line 456 of file tls.h.

◆ TLS_BRAINPOOLP256R1_SUPPORT

#define TLS_BRAINPOOLP256R1_SUPPORT   DISABLED

Definition at line 610 of file tls.h.

◆ TLS_BRAINPOOLP384R1_SUPPORT

#define TLS_BRAINPOOLP384R1_SUPPORT   DISABLED

Definition at line 617 of file tls.h.

◆ TLS_BRAINPOOLP512R1_SUPPORT

#define TLS_BRAINPOOLP512R1_SUPPORT   DISABLED

Definition at line 624 of file tls.h.

◆ TLS_CAMELLIA_SUPPORT

#define TLS_CAMELLIA_SUPPORT   DISABLED

Definition at line 442 of file tls.h.

◆ TLS_CBC_CIPHER_SUPPORT

#define TLS_CBC_CIPHER_SUPPORT   ENABLED

Definition at line 372 of file tls.h.

◆ TLS_CCM_8_CIPHER_SUPPORT

#define TLS_CCM_8_CIPHER_SUPPORT   DISABLED

Definition at line 386 of file tls.h.

◆ TLS_CCM_CIPHER_SUPPORT

#define TLS_CCM_CIPHER_SUPPORT   DISABLED

Definition at line 379 of file tls.h.

◆ TLS_CERT_KEY_USAGE_SUPPORT

#define TLS_CERT_KEY_USAGE_SUPPORT   ENABLED

Definition at line 659 of file tls.h.

◆ TLS_CHACHA20_POLY1305_SUPPORT

#define TLS_CHACHA20_POLY1305_SUPPORT   DISABLED

Definition at line 400 of file tls.h.

◆ TLS_CLIENT_HELLO_PADDING_SUPPORT

#define TLS_CLIENT_HELLO_PADDING_SUPPORT   ENABLED

Definition at line 197 of file tls.h.

◆ TLS_CLIENT_SUPPORT

#define TLS_CLIENT_SUPPORT   ENABLED

Definition at line 106 of file tls.h.

◆ TLS_DES_SUPPORT

#define TLS_DES_SUPPORT   DISABLED

Definition at line 421 of file tls.h.

◆ TLS_DH_ANON_KE_SUPPORT

#define TLS_DH_ANON_KE_SUPPORT   DISABLED

Definition at line 267 of file tls.h.

◆ TLS_DH_SUPPORT

#define TLS_DH_SUPPORT   DISABLED

Definition at line 774 of file tls.h.

◆ TLS_DHE_DSS_KE_SUPPORT

#define TLS_DHE_DSS_KE_SUPPORT   DISABLED

Definition at line 260 of file tls.h.

◆ TLS_DHE_PSK_KE_SUPPORT

#define TLS_DHE_PSK_KE_SUPPORT   DISABLED

Definition at line 309 of file tls.h.

◆ TLS_DHE_RSA_KE_SUPPORT

#define TLS_DHE_RSA_KE_SUPPORT   ENABLED

Definition at line 253 of file tls.h.

◆ TLS_DSA_SIGN_SUPPORT

#define TLS_DSA_SIGN_SUPPORT   DISABLED

Definition at line 337 of file tls.h.

◆ TLS_ECC_CALLBACK_SUPPORT

#define TLS_ECC_CALLBACK_SUPPORT   DISABLED

Definition at line 232 of file tls.h.

◆ TLS_ECDH_ANON_KE_SUPPORT

#define TLS_ECDH_ANON_KE_SUPPORT   DISABLED

Definition at line 288 of file tls.h.

◆ TLS_ECDH_SUPPORT

#define TLS_ECDH_SUPPORT   DISABLED

Definition at line 786 of file tls.h.

◆ TLS_ECDHE_ECDSA_KE_SUPPORT

#define TLS_ECDHE_ECDSA_KE_SUPPORT   ENABLED

Definition at line 281 of file tls.h.

◆ TLS_ECDHE_PSK_KE_SUPPORT

#define TLS_ECDHE_PSK_KE_SUPPORT   DISABLED

Definition at line 316 of file tls.h.

◆ TLS_ECDHE_RSA_KE_SUPPORT

#define TLS_ECDHE_RSA_KE_SUPPORT   ENABLED

Definition at line 274 of file tls.h.

◆ TLS_ECDSA_SIGN_SUPPORT

#define TLS_ECDSA_SIGN_SUPPORT   ENABLED

Definition at line 344 of file tls.h.

◆ TLS_ED25519_SUPPORT

#define TLS_ED25519_SUPPORT   ENABLED

Definition at line 645 of file tls.h.

◆ TLS_ED448_SUPPORT

#define TLS_ED448_SUPPORT   DISABLED

Definition at line 652 of file tls.h.

◆ TLS_EDDSA_SIGN_SUPPORT

#define TLS_EDDSA_SIGN_SUPPORT   DISABLED

Definition at line 351 of file tls.h.

◆ TLS_EXT_MASTER_SECRET_SUPPORT

#define TLS_EXT_MASTER_SECRET_SUPPORT   ENABLED

Definition at line 190 of file tls.h.

◆ TLS_FALLBACK_SCSV_SUPPORT

#define TLS_FALLBACK_SCSV_SUPPORT   DISABLED

Definition at line 225 of file tls.h.

◆ TLS_FFDHE2048_SUPPORT

#define TLS_FFDHE2048_SUPPORT   ENABLED

Definition at line 512 of file tls.h.

◆ TLS_FFDHE3072_SUPPORT

#define TLS_FFDHE3072_SUPPORT   DISABLED

Definition at line 519 of file tls.h.

◆ TLS_FFDHE4096_SUPPORT

#define TLS_FFDHE4096_SUPPORT   DISABLED

Definition at line 526 of file tls.h.

◆ TLS_FFDHE_SUPPORT

#define TLS_FFDHE_SUPPORT   DISABLED

Definition at line 505 of file tls.h.

◆ TLS_FLAG_BREAK

#define TLS_FLAG_BREAK (   c)    (TLS_FLAG_BREAK_CHAR | LSB(c))

Definition at line 907 of file tls.h.

◆ TLS_GCM_CIPHER_SUPPORT

#define TLS_GCM_CIPHER_SUPPORT   ENABLED

Definition at line 393 of file tls.h.

◆ TLS_IDEA_SUPPORT

#define TLS_IDEA_SUPPORT   DISABLED

Definition at line 414 of file tls.h.

◆ TLS_KEY_LOG_SUPPORT

#define TLS_KEY_LOG_SUPPORT   DISABLED

Definition at line 666 of file tls.h.

◆ TLS_MASTER_SECRET_SIZE

#define TLS_MASTER_SECRET_SIZE   48

Definition at line 836 of file tls.h.

◆ TLS_MAX_CERTIFICATES

#define TLS_MAX_CERTIFICATES   3

Definition at line 239 of file tls.h.

◆ TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES

#define TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES   0

Definition at line 743 of file tls.h.

◆ TLS_MAX_DH_MODULUS_SIZE

#define TLS_MAX_DH_MODULUS_SIZE   4096

Definition at line 687 of file tls.h.

◆ TLS_MAX_DSA_MODULUS_SIZE

#define TLS_MAX_DSA_MODULUS_SIZE   4096

Definition at line 715 of file tls.h.

◆ TLS_MAX_EMPTY_RECORDS

#define TLS_MAX_EMPTY_RECORDS   0

Definition at line 736 of file tls.h.

◆ TLS_MAX_FRAG_LEN_SUPPORT

#define TLS_MAX_FRAG_LEN_SUPPORT   DISABLED

Definition at line 169 of file tls.h.

◆ TLS_MAX_HKDF_DIGEST_SIZE

#define TLS_MAX_HKDF_DIGEST_SIZE   48

Definition at line 817 of file tls.h.

◆ TLS_MAX_KEY_UPDATE_MESSAGES

#define TLS_MAX_KEY_UPDATE_MESSAGES   0

Definition at line 750 of file tls.h.

◆ TLS_MAX_RECORD_LENGTH

#define TLS_MAX_RECORD_LENGTH   16384

Definition at line 830 of file tls.h.

◆ TLS_MAX_RECORD_OVERHEAD

#define TLS_MAX_RECORD_OVERHEAD   512

Definition at line 832 of file tls.h.

◆ TLS_MAX_RSA_MODULUS_SIZE

#define TLS_MAX_RSA_MODULUS_SIZE   4096

Definition at line 701 of file tls.h.

◆ TLS_MAX_SERVER_NAME_LEN

#define TLS_MAX_SERVER_NAME_LEN   255

Definition at line 673 of file tls.h.

◆ TLS_MAX_VERSION

#define TLS_MAX_VERSION   TLS_VERSION_1_2

Definition at line 127 of file tls.h.

◆ TLS_MAX_WARNING_ALERTS

#define TLS_MAX_WARNING_ALERTS   0

Definition at line 729 of file tls.h.

◆ TLS_MD5_SUPPORT

#define TLS_MD5_SUPPORT   DISABLED

Definition at line 463 of file tls.h.

◆ TLS_MIN_DH_MODULUS_SIZE

#define TLS_MIN_DH_MODULUS_SIZE   1024

Definition at line 680 of file tls.h.

◆ TLS_MIN_DSA_MODULUS_SIZE

#define TLS_MIN_DSA_MODULUS_SIZE   1024

Definition at line 708 of file tls.h.

◆ TLS_MIN_RECORD_LENGTH

#define TLS_MIN_RECORD_LENGTH   512

Definition at line 828 of file tls.h.

◆ TLS_MIN_RSA_MODULUS_SIZE

#define TLS_MIN_RSA_MODULUS_SIZE   1024

Definition at line 694 of file tls.h.

◆ TLS_MIN_VERSION

#define TLS_MIN_VERSION   TLS_VERSION_1_0

Definition at line 120 of file tls.h.

◆ TLS_NULL_CIPHER_SUPPORT

#define TLS_NULL_CIPHER_SUPPORT   DISABLED

Definition at line 358 of file tls.h.

◆ TLS_PREMASTER_SECRET_SIZE

#define TLS_PREMASTER_SECRET_SIZE   256

Definition at line 722 of file tls.h.

◆ TLS_PSK_KE_SUPPORT

#define TLS_PSK_KE_SUPPORT   DISABLED

Definition at line 295 of file tls.h.

◆ TLS_PSK_SUPPORT

#define TLS_PSK_SUPPORT   DISABLED

Definition at line 812 of file tls.h.

◆ TLS_RANDOM_SIZE

#define TLS_RANDOM_SIZE   32

Definition at line 834 of file tls.h.

◆ TLS_RAW_PUBLIC_KEY_SUPPORT

#define TLS_RAW_PUBLIC_KEY_SUPPORT   DISABLED

Definition at line 211 of file tls.h.

◆ TLS_RC4_SUPPORT

#define TLS_RC4_SUPPORT   DISABLED

Definition at line 407 of file tls.h.

◆ TLS_RECORD_SIZE_LIMIT_SUPPORT

#define TLS_RECORD_SIZE_LIMIT_SUPPORT   ENABLED

Definition at line 176 of file tls.h.

◆ TLS_RSA_KE_SUPPORT

#define TLS_RSA_KE_SUPPORT   ENABLED

Definition at line 246 of file tls.h.

◆ TLS_RSA_PSK_KE_SUPPORT

#define TLS_RSA_PSK_KE_SUPPORT   DISABLED

Definition at line 302 of file tls.h.

◆ TLS_RSA_PSS_SIGN_SUPPORT

#define TLS_RSA_PSS_SIGN_SUPPORT   ENABLED

Definition at line 330 of file tls.h.

◆ TLS_RSA_SIGN_SUPPORT

#define TLS_RSA_SIGN_SUPPORT   ENABLED

Definition at line 323 of file tls.h.

◆ TLS_RSA_SUPPORT

#define TLS_RSA_SUPPORT   DISABLED

Definition at line 799 of file tls.h.

◆ TLS_SECP160K1_SUPPORT

#define TLS_SECP160K1_SUPPORT   DISABLED

Definition at line 533 of file tls.h.

◆ TLS_SECP160R1_SUPPORT

#define TLS_SECP160R1_SUPPORT   DISABLED

Definition at line 540 of file tls.h.

◆ TLS_SECP160R2_SUPPORT

#define TLS_SECP160R2_SUPPORT   DISABLED

Definition at line 547 of file tls.h.

◆ TLS_SECP192K1_SUPPORT

#define TLS_SECP192K1_SUPPORT   DISABLED

Definition at line 554 of file tls.h.

◆ TLS_SECP192R1_SUPPORT

#define TLS_SECP192R1_SUPPORT   DISABLED

Definition at line 561 of file tls.h.

◆ TLS_SECP224K1_SUPPORT

#define TLS_SECP224K1_SUPPORT   DISABLED

Definition at line 568 of file tls.h.

◆ TLS_SECP224R1_SUPPORT

#define TLS_SECP224R1_SUPPORT   DISABLED

Definition at line 575 of file tls.h.

◆ TLS_SECP256K1_SUPPORT

#define TLS_SECP256K1_SUPPORT   DISABLED

Definition at line 582 of file tls.h.

◆ TLS_SECP256R1_SUPPORT

#define TLS_SECP256R1_SUPPORT   ENABLED

Definition at line 589 of file tls.h.

◆ TLS_SECP384R1_SUPPORT

#define TLS_SECP384R1_SUPPORT   ENABLED

Definition at line 596 of file tls.h.

◆ TLS_SECP521R1_SUPPORT

#define TLS_SECP521R1_SUPPORT   DISABLED

Definition at line 603 of file tls.h.

◆ TLS_SECURE_RENEGOTIATION_SUPPORT

#define TLS_SECURE_RENEGOTIATION_SUPPORT   DISABLED

Definition at line 218 of file tls.h.

◆ TLS_SEED_SUPPORT

#define TLS_SEED_SUPPORT   DISABLED

Definition at line 449 of file tls.h.

◆ TLS_SERVER_SUPPORT

#define TLS_SERVER_SUPPORT   ENABLED

Definition at line 113 of file tls.h.

◆ TLS_SESSION_CACHE_LIFETIME

#define TLS_SESSION_CACHE_LIFETIME   3600000

Definition at line 141 of file tls.h.

◆ TLS_SESSION_RESUME_SUPPORT

#define TLS_SESSION_RESUME_SUPPORT   ENABLED

Definition at line 134 of file tls.h.

◆ TLS_SHA1_SUPPORT

#define TLS_SHA1_SUPPORT   ENABLED

Definition at line 470 of file tls.h.

◆ TLS_SHA224_SUPPORT

#define TLS_SHA224_SUPPORT   DISABLED

Definition at line 477 of file tls.h.

◆ TLS_SHA256_SUPPORT

#define TLS_SHA256_SUPPORT   ENABLED

Definition at line 484 of file tls.h.

◆ TLS_SHA384_SUPPORT

#define TLS_SHA384_SUPPORT   ENABLED

Definition at line 491 of file tls.h.

◆ TLS_SHA512_SUPPORT

#define TLS_SHA512_SUPPORT   DISABLED

Definition at line 498 of file tls.h.

◆ TLS_SIGN_ALGOS_CERT_SUPPORT

#define TLS_SIGN_ALGOS_CERT_SUPPORT   DISABLED

Definition at line 204 of file tls.h.

◆ TLS_SNI_SUPPORT

#define TLS_SNI_SUPPORT   ENABLED

Definition at line 162 of file tls.h.

◆ TLS_STREAM_CIPHER_SUPPORT

#define TLS_STREAM_CIPHER_SUPPORT   DISABLED

Definition at line 365 of file tls.h.

◆ TLS_SUPPORT

#define TLS_SUPPORT   ENABLED

Definition at line 99 of file tls.h.

◆ TLS_TICKET_LIFETIME

#define TLS_TICKET_LIFETIME   3600000

Definition at line 155 of file tls.h.

◆ TLS_TICKET_SUPPORT

#define TLS_TICKET_SUPPORT   DISABLED

Definition at line 148 of file tls.h.

◆ TLS_VERSION_1_0

#define TLS_VERSION_1_0   0x0301

Definition at line 92 of file tls.h.

◆ TLS_VERSION_1_1

#define TLS_VERSION_1_1   0x0302

Definition at line 93 of file tls.h.

◆ TLS_VERSION_1_2

#define TLS_VERSION_1_2   0x0303

Definition at line 94 of file tls.h.

◆ TLS_VERSION_1_3

#define TLS_VERSION_1_3   0x0304

Definition at line 95 of file tls.h.

◆ TLS_X25519_SUPPORT

#define TLS_X25519_SUPPORT   DISABLED

Definition at line 631 of file tls.h.

◆ TLS_X448_SUPPORT

#define TLS_X448_SUPPORT   DISABLED

Definition at line 638 of file tls.h.

◆ tlsAllocMem

#define tlsAllocMem (   size)    osAllocMem(size)

Definition at line 757 of file tls.h.

◆ TlsContext

#define TlsContext   struct _TlsContext

Definition at line 36 of file tls.h.

◆ tlsFreeMem

#define tlsFreeMem (   p)    osFreeMem(p)

Definition at line 762 of file tls.h.

◆ tlsSetSocket

#define tlsSetSocket (   context,
  socket 
)

Typedef Documentation

◆ Tls12DigitalSignature

typedef { ... } Tls12DigitalSignature

Digitally-signed element (TLS 1.2)

◆ TlsAlert

typedef { ... } TlsAlert

Alert message.

◆ TlsCertAuthorities

typedef { ... } TlsCertAuthorities

List of certificate authorities.

◆ TlsCertificate

typedef void TlsCertificate

Certificate message.

Definition at line 1637 of file tls.h.

◆ TlsCertificateList

typedef { ... } TlsCertificateList

List of certificates.

◆ TlsCertificateRequest

typedef { ... } TlsCertificateRequest

CertificateRequest message.

◆ TlsCertificateVerify

typedef void TlsCertificateVerify

CertificateVerify message.

Definition at line 1676 of file tls.h.

◆ TlsCertTypeList

typedef { ... } TlsCertTypeList

List of supported certificate types.

◆ TlsCertVerifyCallback

typedef error_t(* TlsCertVerifyCallback) (TlsContext *context, const X509CertificateInfo *certInfo, uint_t pathLen, void *param)

Certificate verification callback function.

Definition at line 1748 of file tls.h.

◆ TlsChangeCipherSpec

typedef { ... } TlsChangeCipherSpec

ChangeCipherSpec message.

◆ TlsCipherSuites

typedef { ... } TlsCipherSuites

Cipher suites.

◆ TlsClientHello

typedef { ... } TlsClientHello

ClientHello message.

◆ TlsClientKeyExchange

typedef void TlsClientKeyExchange

ClientKeyExchange message.

Definition at line 1669 of file tls.h.

◆ TlsCompressMethods

typedef { ... } TlsCompressMethods

Compression methods.

◆ TlsDigitalSignature

typedef { ... } TlsDigitalSignature

Digitally-signed element (SSL 3.0, TLS 1.0 and TLS 1.1)

◆ TlsEcdhCallback

typedef error_t(* TlsEcdhCallback) (TlsContext *context)

ECDH key agreement callback function.

Definition at line 1782 of file tls.h.

◆ TlsEcdsaSignCallback

typedef error_t(* TlsEcdsaSignCallback) (TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)

ECDSA signature generation callback function.

Definition at line 1789 of file tls.h.

◆ TlsEcdsaVerifyCallback

typedef error_t(* TlsEcdsaVerifyCallback) (TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)

ECDSA signature verification callback function.

Definition at line 1797 of file tls.h.

◆ TlsEcPointFormatList

typedef { ... } TlsEcPointFormatList

List of supported EC point formats.

◆ TlsExtension

typedef { ... } TlsExtension

TLS extension.

◆ TlsExtensionList

typedef { ... } TlsExtensionList

List of TLS extensions.

◆ TlsFinished

typedef void TlsFinished

Finished message.

Definition at line 1683 of file tls.h.

◆ TlsHandshake

typedef { ... } TlsHandshake

TLS handshake message.

◆ TlsHelloRequest

typedef void TlsHelloRequest

HelloRequest message.

Definition at line 1604 of file tls.h.

◆ TlsKeyLogCallback

typedef void(* TlsKeyLogCallback) (TlsContext *context, const char_t *key)

Key logging callback function (for debugging purpose only)

Definition at line 1805 of file tls.h.

◆ TlsProtocolName

typedef { ... } TlsProtocolName

Protocol name.

◆ TlsProtocolNameList

typedef { ... } TlsProtocolNameList

List of protocol names.

◆ TlsPskCallback

typedef error_t(* TlsPskCallback) (TlsContext *context, const uint8_t *pskIdentity, size_t pskIdentityLen)

Pre-shared key callback function.

Definition at line 1740 of file tls.h.

◆ TlsPskIdentity

typedef { ... } TlsPskIdentity

PSK identity.

◆ TlsPskIdentityHint

typedef { ... } TlsPskIdentityHint

PSK identity hint.

◆ TlsRecord

typedef { ... } TlsRecord

TLS record.

◆ TlsRenegoInfo

typedef { ... } TlsRenegoInfo

Renegotiated connection.

◆ TlsRpkVerifyCallback

typedef error_t(* TlsRpkVerifyCallback) (TlsContext *context, const uint8_t *rawPublicKey, size_t rawPublicKeyLen)

Raw public key verification callback function.

Definition at line 1756 of file tls.h.

◆ TlsSequenceNumber

typedef { ... } TlsSequenceNumber

Sequence number.

◆ TlsServerHello

typedef { ... } TlsServerHello

ServerHello message.

◆ TlsServerHelloDone

typedef void TlsServerHelloDone

ServerHelloDone message.

Definition at line 1662 of file tls.h.

◆ TlsServerKeyExchange

typedef void TlsServerKeyExchange

ServerKeyExchange message.

Definition at line 1644 of file tls.h.

◆ TlsServerName

typedef { ... } TlsServerName

Server name.

◆ TlsServerNameList

typedef { ... } TlsServerNameList

List of server names.

◆ TlsSignHashAlgo

typedef { ... } TlsSignHashAlgo

Signature algorithm.

◆ TlsSignHashAlgos

typedef { ... } TlsSignHashAlgos

List of signature algorithms.

◆ TlsSocketHandle

typedef void* TlsSocketHandle

Socket handle.

Definition at line 1717 of file tls.h.

◆ TlsSocketReceiveCallback

typedef error_t(* TlsSocketReceiveCallback) (TlsSocketHandle handle, void *data, size_t size, size_t *received, uint_t flags)

Socket receive callback function.

Definition at line 1732 of file tls.h.

◆ TlsSocketSendCallback

typedef error_t(* TlsSocketSendCallback) (TlsSocketHandle handle, const void *data, size_t length, size_t *written, uint_t flags)

Socket send callback function.

Definition at line 1724 of file tls.h.

◆ TlsSupportedGroupList

typedef { ... } TlsSupportedGroupList

List of supported groups.

◆ TlsSupportedVersionList

typedef { ... } TlsSupportedVersionList

List of supported versions.

◆ TlsTicketDecryptCallback

typedef error_t(* TlsTicketDecryptCallback) (TlsContext *context, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen, void *param)

Ticket decryption callback function.

Definition at line 1773 of file tls.h.

◆ TlsTicketEncryptCallback

typedef error_t(* TlsTicketEncryptCallback) (TlsContext *context, const uint8_t *plaintext, size_t plaintextLen, uint8_t *ciphertext, size_t *ciphertextLen, void *param)

Ticket encryption callback function.

Definition at line 1764 of file tls.h.

Enumeration Type Documentation

◆ TlsAlertDescription

Alert description.

Enumerator
TLS_ALERT_CLOSE_NOTIFY 
TLS_ALERT_UNEXPECTED_MESSAGE 
TLS_ALERT_BAD_RECORD_MAC 
TLS_ALERT_DECRYPTION_FAILED 
TLS_ALERT_RECORD_OVERFLOW 
TLS_ALERT_DECOMPRESSION_FAILURE 
TLS_ALERT_HANDSHAKE_FAILURE 
TLS_ALERT_NO_CERTIFICATE 
TLS_ALERT_BAD_CERTIFICATE 
TLS_ALERT_UNSUPPORTED_CERTIFICATE 
TLS_ALERT_CERTIFICATE_REVOKED 
TLS_ALERT_CERTIFICATE_EXPIRED 
TLS_ALERT_CERTIFICATE_UNKNOWN 
TLS_ALERT_ILLEGAL_PARAMETER 
TLS_ALERT_UNKNOWN_CA 
TLS_ALERT_ACCESS_DENIED 
TLS_ALERT_DECODE_ERROR 
TLS_ALERT_DECRYPT_ERROR 
TLS_ALERT_EXPORT_RESTRICTION 
TLS_ALERT_PROTOCOL_VERSION 
TLS_ALERT_INSUFFICIENT_SECURITY 
TLS_ALERT_INTERNAL_ERROR 
TLS_ALERT_INAPPROPRIATE_FALLBACK 
TLS_ALERT_USER_CANCELED 
TLS_ALERT_NO_RENEGOTIATION 
TLS_ALERT_MISSING_EXTENSION 
TLS_ALERT_UNSUPPORTED_EXTENSION 
TLS_ALERT_CERTIFICATE_UNOBTAINABLE 
TLS_ALERT_UNRECOGNIZED_NAME 
TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE 
TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE 
TLS_ALERT_UNKNOWN_PSK_IDENTITY 
TLS_ALERT_CERTIFICATE_REQUIRED 
TLS_ALERT_NO_APPLICATION_PROTOCOL 

Definition at line 970 of file tls.h.

◆ TlsAlertLevel

Alert level.

Enumerator
TLS_ALERT_LEVEL_WARNING 
TLS_ALERT_LEVEL_FATAL 

Definition at line 959 of file tls.h.

◆ TlsCertificateFormat

Certificate formats.

Enumerator
TLS_CERT_FORMAT_X509 
TLS_CERT_FORMAT_OPEN_PGP 
TLS_CERT_FORMAT_RAW_PUBLIC_KEY 

Definition at line 1057 of file tls.h.

◆ TlsCertificateType

Certificate types.

Enumerator
TLS_CERT_NONE 
TLS_CERT_RSA_SIGN 
TLS_CERT_DSS_SIGN 
TLS_CERT_RSA_FIXED_DH 
TLS_CERT_DSS_FIXED_DH 
TLS_CERT_RSA_EPHEMERAL_DH 
TLS_CERT_DSS_EPHEMERAL_DH 
TLS_CERT_FORTEZZA_DMS 
TLS_CERT_ECDSA_SIGN 
TLS_CERT_RSA_FIXED_ECDH 
TLS_CERT_ECDSA_FIXED_ECDH 
TLS_CERT_RSA_PSS_SIGN 
TLS_CERT_ED25519_SIGN 
TLS_CERT_ED448_SIGN 

Definition at line 1069 of file tls.h.

◆ TlsClientAuthMode

Client authentication mode.

Enumerator
TLS_CLIENT_AUTH_NONE 
TLS_CLIENT_AUTH_OPTIONAL 
TLS_CLIENT_AUTH_REQUIRED 

Definition at line 870 of file tls.h.

◆ TlsCompressMethod

Compression methods.

Enumerator
TLS_COMPRESSION_METHOD_NULL 
TLS_COMPRESSION_METHOD_DEFLATE 

Definition at line 1013 of file tls.h.

◆ TlsConnectionEnd

TLS connection end.

Enumerator
TLS_CONNECTION_END_CLIENT 
TLS_CONNECTION_END_SERVER 

Definition at line 859 of file tls.h.

◆ TlsContentType

Content type.

Enumerator
TLS_TYPE_NONE 
TLS_TYPE_CHANGE_CIPHER_SPEC 
TLS_TYPE_ALERT 
TLS_TYPE_HANDSHAKE 
TLS_TYPE_APPLICATION_DATA 
TLS_TYPE_HEARTBEAT 
TLS_TYPE_ACK 

Definition at line 914 of file tls.h.

◆ TlsEarlyDataStatus

Early data status.

Enumerator
TLS_EARLY_DATA_REJECTED 
TLS_EARLY_DATA_ACCEPTED 

Definition at line 882 of file tls.h.

◆ TlsEcCurveType

EC curve types.

Enumerator
TLS_EC_CURVE_TYPE_EXPLICIT_PRIME 
TLS_EC_CURVE_TYPE_EXPLICIT_CHAR2 
TLS_EC_CURVE_TYPE_NAMED_CURVE 

Definition at line 1275 of file tls.h.

◆ TlsEcPointFormat

EC point formats.

Enumerator
TLS_EC_POINT_FORMAT_UNCOMPRESSED 
TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_PRIME 
TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_CHAR2 

Definition at line 1263 of file tls.h.

◆ TlsExtensionType

TLS extension types.

Enumerator
TLS_EXT_SERVER_NAME 
TLS_EXT_MAX_FRAGMENT_LENGTH 
TLS_EXT_CLIENT_CERTIFICATE_URL 
TLS_EXT_TRUSTED_CA_KEYS 
TLS_EXT_TRUNCATED_HMAC 
TLS_EXT_STATUS_REQUEST 
TLS_EXT_USER_MAPPING 
TLS_EXT_CLIENT_AUTHZ 
TLS_EXT_SERVER_AUTHZ 
TLS_EXT_CERT_TYPE 
TLS_EXT_SUPPORTED_GROUPS 
TLS_EXT_EC_POINT_FORMATS 
TLS_EXT_SRP 
TLS_EXT_SIGNATURE_ALGORITHMS 
TLS_EXT_USE_SRTP 
TLS_EXT_HEARTBEAT 
TLS_EXT_ALPN 
TLS_EXT_STATUS_REQUEST_V2 
TLS_EXT_SIGNED_CERT_TIMESTAMP 
TLS_EXT_CLIENT_CERT_TYPE 
TLS_EXT_SERVER_CERT_TYPE 
TLS_EXT_PADDING 
TLS_EXT_ENCRYPT_THEN_MAC 
TLS_EXT_EXTENDED_MASTER_SECRET 
TLS_EXT_CACHED_INFO 
TLS_EXT_RECORD_SIZE_LIMIT 
TLS_EXT_SESSION_TICKET 
TLS_EXT_PRE_SHARED_KEY 
TLS_EXT_EARLY_DATA 
TLS_EXT_SUPPORTED_VERSIONS 
TLS_EXT_COOKIE 
TLS_EXT_PSK_KEY_EXCHANGE_MODES 
TLS_EXT_CERTIFICATE_AUTHORITIES 
TLS_EXT_OID_FILTERS 
TLS_EXT_POST_HANDSHAKE_AUTH 
TLS_EXT_SIGNATURE_ALGORITHMS_CERT 
TLS_EXT_KEY_SHARE 
TLS_EXT_RENEGOTIATION_INFO 

Definition at line 1135 of file tls.h.

◆ TlsFlags

enum TlsFlags

Flags used by read and write functions.

Enumerator
TLS_FLAG_PEEK 
TLS_FLAG_WAIT_ALL 
TLS_FLAG_BREAK_CHAR 
TLS_FLAG_BREAK_CRLF 
TLS_FLAG_WAIT_ACK 
TLS_FLAG_NO_DELAY 
TLS_FLAG_DELAY 

Definition at line 893 of file tls.h.

◆ TlsHashAlgo

Hash algorithms.

Enumerator
TLS_HASH_ALGO_NONE 
TLS_HASH_ALGO_MD5 
TLS_HASH_ALGO_SHA1 
TLS_HASH_ALGO_SHA224 
TLS_HASH_ALGO_SHA256 
TLS_HASH_ALGO_SHA384 
TLS_HASH_ALGO_SHA512 
TLS_HASH_ALGO_INTRINSIC 

Definition at line 1092 of file tls.h.

◆ TlsKeyExchMethod

Key exchange methods.

Enumerator
TLS_KEY_EXCH_NONE 
TLS_KEY_EXCH_RSA 
TLS_KEY_EXCH_DH_RSA 
TLS_KEY_EXCH_DHE_RSA 
TLS_KEY_EXCH_DH_DSS 
TLS_KEY_EXCH_DHE_DSS 
TLS_KEY_EXCH_DH_ANON 
TLS_KEY_EXCH_ECDH_RSA 
TLS_KEY_EXCH_ECDHE_RSA 
TLS_KEY_EXCH_ECDH_ECDSA 
TLS_KEY_EXCH_ECDHE_ECDSA 
TLS_KEY_EXCH_ECDH_ANON 
TLS_KEY_EXCH_PSK 
TLS_KEY_EXCH_RSA_PSK 
TLS_KEY_EXCH_DHE_PSK 
TLS_KEY_EXCH_ECDHE_PSK 
TLS_KEY_EXCH_SRP_SHA 
TLS_KEY_EXCH_SRP_SHA_RSA 
TLS_KEY_EXCH_SRP_SHA_DSS 
TLS13_KEY_EXCH_DHE 
TLS13_KEY_EXCH_ECDHE 
TLS13_KEY_EXCH_PSK 
TLS13_KEY_EXCH_PSK_DHE 
TLS13_KEY_EXCH_PSK_ECDHE 

Definition at line 1024 of file tls.h.

◆ TlsMaxFragmentLength

Maximum fragment length.

Enumerator
TLS_MAX_FRAGMENT_LENGTH_512 
TLS_MAX_FRAGMENT_LENGTH_1024 
TLS_MAX_FRAGMENT_LENGTH_2048 
TLS_MAX_FRAGMENT_LENGTH_4096 

Definition at line 1192 of file tls.h.

◆ TlsMessageType

Handshake message type.

Enumerator
TLS_TYPE_HELLO_REQUEST 
TLS_TYPE_CLIENT_HELLO 
TLS_TYPE_SERVER_HELLO 
TLS_TYPE_HELLO_VERIFY_REQUEST 
TLS_TYPE_NEW_SESSION_TICKET 
TLS_TYPE_END_OF_EARLY_DATA 
TLS_TYPE_HELLO_RETRY_REQUEST 
TLS_TYPE_ENCRYPTED_EXTENSIONS 
TLS_TYPE_CERTIFICATE 
TLS_TYPE_SERVER_KEY_EXCHANGE 
TLS_TYPE_CERTIFICATE_REQUEST 
TLS_TYPE_SERVER_HELLO_DONE 
TLS_TYPE_CERTIFICATE_VERIFY 
TLS_TYPE_CLIENT_KEY_EXCHANGE 
TLS_TYPE_FINISHED 
TLS_TYPE_CERTIFICATE_URL 
TLS_TYPE_CERTIFICATE_STATUS 
TLS_TYPE_SUPPLEMENTAL_DATA 
TLS_TYPE_KEY_UPDATE 
TLS_TYPE_MESSAGE_HASH 

Definition at line 930 of file tls.h.

◆ TlsNamedGroup

Named groups.

Enumerator
TLS_GROUP_NONE 
TLS_GROUP_SECT163K1 
TLS_GROUP_SECT163R1 
TLS_GROUP_SECT163R2 
TLS_GROUP_SECT193R1 
TLS_GROUP_SECT193R2 
TLS_GROUP_SECT233K1 
TLS_GROUP_SECT233R1 
TLS_GROUP_SECT239K1 
TLS_GROUP_SECT283K1 
TLS_GROUP_SECT283R1 
TLS_GROUP_SECT409K1 
TLS_GROUP_SECT409R1 
TLS_GROUP_SECT571K1 
TLS_GROUP_SECT571R1 
TLS_GROUP_SECP160K1 
TLS_GROUP_SECP160R1 
TLS_GROUP_SECP160R2 
TLS_GROUP_SECP192K1 
TLS_GROUP_SECP192R1 
TLS_GROUP_SECP224K1 
TLS_GROUP_SECP224R1 
TLS_GROUP_SECP256K1 
TLS_GROUP_SECP256R1 
TLS_GROUP_SECP384R1 
TLS_GROUP_SECP521R1 
TLS_GROUP_BRAINPOOLP256R1 
TLS_GROUP_BRAINPOOLP384R1 
TLS_GROUP_BRAINPOOLP512R1 
TLS_GROUP_ECDH_X25519 
TLS_GROUP_ECDH_X448 
TLS_GROUP_BRAINPOOLP256R1_TLS13 
TLS_GROUP_BRAINPOOLP384R1_TLS13 
TLS_GROUP_BRAINPOOLP512R1_TLS13 
TLS_GROUP_GC256A 
TLS_GROUP_GC256B 
TLS_GROUP_GC256C 
TLS_GROUP_GC256D 
TLS_GROUP_GC512A 
TLS_GROUP_GC512B 
TLS_GROUP_GC512C 
TLS_GROUP_FFDHE2048 
TLS_GROUP_FFDHE3072 
TLS_GROUP_FFDHE4096 
TLS_GROUP_FFDHE6144 
TLS_GROUP_FFDHE8192 
TLS_GROUP_FFDHE_MAX 
TLS_GROUP_EXPLICIT_PRIME_CURVE 
TLS_GROUP_EXPLICIT_CHAR2_CURVE 

Definition at line 1205 of file tls.h.

◆ TlsNameType

Name type.

Enumerator
TLS_NAME_TYPE_HOSTNAME 

Definition at line 1182 of file tls.h.

◆ TlsSignatureAlgo

Signature algorithms.

Enumerator
TLS_SIGN_ALGO_ANONYMOUS 
TLS_SIGN_ALGO_RSA 
TLS_SIGN_ALGO_DSA 
TLS_SIGN_ALGO_ECDSA 
TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA256 
TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA384 
TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA512 
TLS_SIGN_ALGO_ED25519 
TLS_SIGN_ALGO_ED448 
TLS_SIGN_ALGO_RSA_PSS_PSS_SHA256 
TLS_SIGN_ALGO_RSA_PSS_PSS_SHA384 
TLS_SIGN_ALGO_RSA_PSS_PSS_SHA512 
TLS_SIGN_ALGO_ECDSA_BRAINPOOLP256R1_TLS13_SHA256 
TLS_SIGN_ALGO_ECDSA_BRAINPOOLP384R1_TLS13_SHA384 
TLS_SIGN_ALGO_ECDSA_BRAINPOOLP512R1_TLS13_SHA512 
TLS_SIGN_ALGO_GOSTR34102012_256 
TLS_SIGN_ALGO_GOSTR34102012_512 

Definition at line 1109 of file tls.h.

◆ TlsState

enum TlsState

TLS FSM states.

Enumerator
TLS_STATE_INIT 
TLS_STATE_CLIENT_HELLO 
TLS_STATE_CLIENT_HELLO_2 
TLS_STATE_EARLY_DATA 
TLS_STATE_HELLO_VERIFY_REQUEST 
TLS_STATE_HELLO_RETRY_REQUEST 
TLS_STATE_SERVER_HELLO 
TLS_STATE_SERVER_HELLO_2 
TLS_STATE_SERVER_HELLO_3 
TLS_STATE_HANDSHAKE_TRAFFIC_KEYS 
TLS_STATE_ENCRYPTED_EXTENSIONS 
TLS_STATE_SERVER_CERTIFICATE 
TLS_STATE_SERVER_KEY_EXCHANGE 
TLS_STATE_SERVER_CERTIFICATE_VERIFY 
TLS_STATE_CERTIFICATE_REQUEST 
TLS_STATE_SERVER_HELLO_DONE 
TLS_STATE_CLIENT_CERTIFICATE 
TLS_STATE_CLIENT_KEY_EXCHANGE 
TLS_STATE_CLIENT_CERTIFICATE_VERIFY 
TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC 
TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC_2 
TLS_STATE_CLIENT_FINISHED 
TLS_STATE_CLIENT_APP_TRAFFIC_KEYS 
TLS_STATE_SERVER_CHANGE_CIPHER_SPEC 
TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2 
TLS_STATE_SERVER_FINISHED 
TLS_STATE_END_OF_EARLY_DATA 
TLS_STATE_SERVER_APP_TRAFFIC_KEYS 
TLS_STATE_NEW_SESSION_TICKET 
TLS_STATE_KEY_UPDATE 
TLS_STATE_APPLICATION_DATA 
TLS_STATE_CLOSING 
TLS_STATE_CLOSED 

Definition at line 1287 of file tls.h.

◆ TlsTransportProtocol

TLS transport protocols.

Enumerator
TLS_TRANSPORT_PROTOCOL_STREAM 
TLS_TRANSPORT_PROTOCOL_DATAGRAM 

Definition at line 848 of file tls.h.

Function Documentation

◆ tlsAddCertificate()

error_t tlsAddCertificate ( TlsContext context,
const char_t certChain,
size_t  certChainLen,
const char_t privateKey,
size_t  privateKeyLen 
)

Import a certificate and the corresponding private key.

Parameters
[in]contextPointer to the TLS context
[in]certChainCertificate chain (PEM format)
[in]certChainLenTotal length of the certificate chain
[in]privateKeyPrivate key (PEM format)
[in]privateKeyLenTotal length of the private key
Returns
Error code

Definition at line 1126 of file tls.c.

◆ tlsAllowUnknownAlpnProtocols()

error_t tlsAllowUnknownAlpnProtocols ( TlsContext context,
bool_t  allowed 
)

Allow unknown ALPN protocols.

Parameters
[in]contextPointer to the TLS context
[in]allowedSpecifies whether unknown ALPN protocols are allowed
Returns
Error code

Definition at line 781 of file tls.c.

◆ tlsConnect()

error_t tlsConnect ( TlsContext context)

Initiate the TLS handshake.

Parameters
[in]contextPointer to the TLS context
Returns
Error code

Definition at line 1572 of file tls.c.

◆ tlsEnableFallbackScsv()

error_t tlsEnableFallbackScsv ( TlsContext context,
bool_t  enabled 
)

Perform fallback retry (for clients only)

Parameters
[in]contextPointer to the TLS context
[in]enabledSpecifies whether FALLBACK_SCSV is enabled
Returns
Error code

Definition at line 1298 of file tls.c.

◆ tlsEnableReplayDetection()

error_t tlsEnableReplayDetection ( TlsContext context,
bool_t  enabled 
)

Enable anti-replay mechanism (for DTLS only)

Parameters
[in]contextPointer to the TLS context
[in]enabledSpecifies whether anti-replay protection is enabled
Returns
Error code

Definition at line 1452 of file tls.c.

◆ tlsEnableSecureRenegotiation()

error_t tlsEnableSecureRenegotiation ( TlsContext context,
bool_t  enabled 
)

Enable secure renegotiation.

Parameters
[in]contextPointer to the TLS context
[in]enabledSpecifies whether secure renegotiation is allowed
Returns
Error code

Definition at line 1272 of file tls.c.

◆ tlsFree()

void tlsFree ( TlsContext context)

Release TLS context.

Parameters
[in]contextPointer to the TLS context

Definition at line 2272 of file tls.c.

◆ tlsFreeCache()

void tlsFreeCache ( TlsCache cache)

Properly dispose a session cache.

Parameters
[in]cachePointer to the session cache to be released

Definition at line 313 of file tls_cache.c.

◆ tlsFreeSessionState()

void tlsFreeSessionState ( TlsSessionState session)

Properly dispose a session state.

Parameters
[in]sessionPointer to the session state to be released

Definition at line 2711 of file tls.c.

◆ tlsGetAlpnProtocol()

const char_t* tlsGetAlpnProtocol ( TlsContext context)

Get the name of the selected ALPN protocol.

Parameters
[in]contextPointer to the TLS context
Returns
Pointer to the protocol name

Definition at line 855 of file tls.c.

◆ tlsGetEarlyDataStatus()

TlsEarlyDataStatus tlsGetEarlyDataStatus ( TlsContext context)

Check whether the server has accepted or rejected the early data.

Parameters
[in]contextPointer to the TLS context
Returns
TLS_EARLY_DATA_ACCEPTED if the early data was accepted, else TLS_EARLY_DATA_REJECT if the early data was rejected

Definition at line 1620 of file tls.c.

◆ tlsGetServerName()

const char_t* tlsGetServerName ( TlsContext context)

Get the server name.

Parameters
[in]contextPointer to the TLS context
Returns
Fully qualified domain name of the server

Definition at line 413 of file tls.c.

◆ tlsGetState()

TlsState tlsGetState ( TlsContext context)

Retrieve current state.

Parameters
[in]contextPointer to the TLS context
Returns
Current TLS state

Definition at line 193 of file tls.c.

◆ tlsInit()

TlsContext* tlsInit ( void  )

TLS context initialization.

Returns
Handle referencing the fully initialized TLS context

Definition at line 65 of file tls.c.

◆ tlsInitCache()

TlsCache* tlsInitCache ( uint_t  size)

Session cache initialization.

Parameters
[in]sizeMaximum number of cache entries
Returns
Handle referencing the fully initialized session cache

Definition at line 50 of file tls_cache.c.

◆ tlsInitSessionState()

error_t tlsInitSessionState ( TlsSessionState session)

Initialize session state.

Parameters
[in]sessionPointer to the session state
Returns
Error code

Definition at line 2406 of file tls.c.

◆ tlsIsRxReady()

bool_t tlsIsRxReady ( TlsContext context)

Check whether some data is available in the receive buffer.

Parameters
[in]contextPointer to the TLS context
Returns
The function returns TRUE if some data is pending and can be read immediately without blocking. Otherwise, FALSE is returned

Definition at line 2067 of file tls.c.

◆ tlsIsTxReady()

bool_t tlsIsTxReady ( TlsContext context)

Check whether some data is ready for transmission.

Parameters
[in]contextPointer to the TLS context
Returns
The function returns TRUE if some data is ready for transmission. Otherwise, FALSE is returned

Definition at line 2034 of file tls.c.

◆ tlsRead()

error_t tlsRead ( TlsContext context,
void *  data,
size_t  size,
size_t *  received,
uint_t  flags 
)

Receive application data from a the remote host using TLS.

Parameters
[in]contextPointer to the TLS context
[out]dataBuffer into which received data will be placed
[in]sizeMaximum number of bytes that can be received
[out]receivedNumber of bytes that have been received
[in]flagsSet of flags that influences the behavior of this function
Returns
Error code

Definition at line 1798 of file tls.c.

◆ tlsRestoreSessionState()

error_t tlsRestoreSessionState ( TlsContext context,
const TlsSessionState session 
)

Restore TLS session.

Parameters
[in]contextPointer to the TLS context
[in]sessionPointer to the session state to be restored
Returns
Error code

Definition at line 2585 of file tls.c.

◆ tlsSaveSessionState()

error_t tlsSaveSessionState ( const TlsContext context,
TlsSessionState session 
)

Save TLS session.

Parameters
[in]contextPointer to the TLS context
[out]sessionPointer to the session state
Returns
Error code

Definition at line 2427 of file tls.c.

◆ tlsSetAlpnProtocolList()

error_t tlsSetAlpnProtocolList ( TlsContext context,
const char_t protocolList 
)

Set the list of supported ALPN protocols.

Parameters
[in]contextPointer to the TLS context
[in]protocolListComma-delimited list of supported protocols
Returns
Error code

Definition at line 807 of file tls.c.

◆ tlsSetBufferSize()

error_t tlsSetBufferSize ( TlsContext context,
size_t  txBufferSize,
size_t  rxBufferSize 
)

Set TLS buffer size.

Parameters
[in]contextPointer to the TLS context
[in]txBufferSizeTX buffer size
[in]rxBufferSizeRX buffer size
Returns
Error code

Definition at line 481 of file tls.c.

◆ tlsSetCache()

error_t tlsSetCache ( TlsContext context,
TlsCache cache 
)

Set session cache.

Parameters
[in]contextPointer to the TLS context
[in]cacheSession cache that will be used to save/resume TLS sessions
Returns
Error code

Definition at line 438 of file tls.c.

◆ tlsSetCertificateVerifyCallback()

error_t tlsSetCertificateVerifyCallback ( TlsContext context,
TlsCertVerifyCallback  certVerifyCallback,
void *  param 
)

Set certificate verification callback.

Parameters
[in]contextPointer to the TLS context
[in]certVerifyCallbackCertificate verification callback
[in]paramAn opaque pointer passed to the callback function
Returns
Error code

Definition at line 1247 of file tls.c.

◆ tlsSetCipherSuites()

error_t tlsSetCipherSuites ( TlsContext context,
const uint16_t *  cipherSuites,
uint_t  length 
)

Specify the list of allowed cipher suites.

Parameters
[in]contextPointer to the TLS context
[in]cipherSuitesList of allowed cipher suites (most preferred first)
[in]lengthNumber of cipher suites in the list
Returns
Error code

Definition at line 564 of file tls.c.

◆ tlsSetClientAuthMode()

error_t tlsSetClientAuthMode ( TlsContext context,
TlsClientAuthMode  mode 
)

Set client authentication mode (for servers only)

Parameters
[in]contextPointer to the TLS context
[in]modeClient authentication mode
Returns
Error code

Definition at line 459 of file tls.c.

◆ tlsSetConnectionEnd()

error_t tlsSetConnectionEnd ( TlsContext context,
TlsConnectionEnd  entity 
)

Set operation mode (client or server)

Parameters
[in]contextPointer to the TLS context
[in]entitySpecifies whether this entity is considered a client or a server
Returns
Error code

Definition at line 312 of file tls.c.

◆ tlsSetCookieCallbacks()

error_t tlsSetCookieCallbacks ( TlsContext context,
DtlsCookieGenerateCallback  cookieGenerateCallback,
DtlsCookieVerifyCallback  cookieVerifyCallback,
void *  param 
)

Set cookie generation/verification callbacks (for DTLS only)

Parameters
[in]contextPointer to the TLS context
[in]cookieGenerateCallbackCookie generation callback function
[in]cookieVerifyCallbackCookie verification callback function
[in]paramAn opaque pointer passed to the callback functions
Returns
Error code

Definition at line 1416 of file tls.c.

◆ tlsSetDhParameters()

error_t tlsSetDhParameters ( TlsContext context,
const char_t params,
size_t  length 
)

Import Diffie-Hellman parameters.

Parameters
[in]contextPointer to the TLS context
[in]paramsPEM structure that holds Diffie-Hellman parameters
[in]lengthTotal length of the DER structure
Returns
Error code

Definition at line 646 of file tls.c.

◆ tlsSetEcdhCallback()

error_t tlsSetEcdhCallback ( TlsContext context,
TlsEcdhCallback  ecdhCallback 
)

Register ECDH key agreement callback function.

Parameters
[in]contextPointer to the TLS context
[in]ecdhCallbackECDH callback function
Returns
Error code

Definition at line 674 of file tls.c.

◆ tlsSetEcdsaSignCallback()

error_t tlsSetEcdsaSignCallback ( TlsContext context,
TlsEcdsaSignCallback  ecdsaSignCallback 
)

ECDSA signature generation callback function.

Parameters
[in]contextPointer to the TLS context
[in]ecdsaSignCallbackECDSA signature generation callback function
Returns
Error code

Definition at line 700 of file tls.c.

◆ tlsSetEcdsaVerifyCallback()

error_t tlsSetEcdsaVerifyCallback ( TlsContext context,
TlsEcdsaVerifyCallback  ecdsaVerifyCallback 
)

Register ECDSA signature verification callback function.

Parameters
[in]contextPointer to the TLS context
[in]ecdsaVerifyCallbackECDSA signature verification callback function
Returns
Error code

Definition at line 727 of file tls.c.

◆ tlsSetKeyLogCallback()

error_t tlsSetKeyLogCallback ( TlsContext context,
TlsKeyLogCallback  keyLogCallback 
)

Register key logging callback function (for debugging purpose only)

Parameters
[in]contextPointer to the TLS context
[in]keyLogCallbackKey logging callback function
Returns
Error code

Definition at line 754 of file tls.c.

◆ tlsSetMaxEarlyDataSize()

error_t tlsSetMaxEarlyDataSize ( TlsContext context,
size_t  maxEarlyDataSize 
)

Send the maximum amount of 0-RTT data the server can accept.

Parameters
[in]contextPointer to the TLS context
[in]maxEarlyDataSizeMaximum amount of 0-RTT data that the client is allowed to send
Returns
Error code

Definition at line 1480 of file tls.c.

◆ tlsSetMaxFragmentLength()

error_t tlsSetMaxFragmentLength ( TlsContext context,
size_t  maxFragLen 
)

Set maximum fragment length.

Parameters
[in]contextPointer to the TLS context
[in]maxFragLenMaximum fragment length
Returns
Error code

Definition at line 529 of file tls.c.

◆ tlsSetPmtu()

error_t tlsSetPmtu ( TlsContext context,
size_t  pmtu 
)

Set PMTU value (for DTLS only)

Parameters
[in]contextPointer to the TLS context
[in]pmtuPMTU value
Returns
Error code

Definition at line 1358 of file tls.c.

◆ tlsSetPreferredGroup()

error_t tlsSetPreferredGroup ( TlsContext context,
uint16_t  group 
)

Specify the preferred ECDHE or FFDHE group.

Parameters
[in]contextPointer to the TLS context
[in]groupPreferred ECDHE or FFDHE named group
Returns
Error code

Definition at line 619 of file tls.c.

◆ tlsSetPrng()

error_t tlsSetPrng ( TlsContext context,
const PrngAlgo prngAlgo,
void *  prngContext 
)

Set the pseudo-random number generator to be used.

Parameters
[in]contextPointer to the TLS context
[in]prngAlgoPRNG algorithm
[in]prngContextPointer to the PRNG context
Returns
Error code

Definition at line 338 of file tls.c.

◆ tlsSetPsk()

error_t tlsSetPsk ( TlsContext context,
const uint8_t *  psk,
size_t  length 
)

Set the pre-shared key to be used.

Parameters
[in]contextPointer to the TLS context
[in]pskPointer to the pre-shared key
[in]lengthLength of the pre-shared key, in bytes
Returns
Error code

Definition at line 883 of file tls.c.

◆ tlsSetPskCallback()

error_t tlsSetPskCallback ( TlsContext context,
TlsPskCallback  pskCallback 
)

Register the PSK callback function.

Parameters
[in]contextPointer to the TLS context
[in]pskCallbackPSK callback function
Returns
Error code

Definition at line 1042 of file tls.c.

◆ tlsSetPskIdentity()

error_t tlsSetPskIdentity ( TlsContext context,
const char_t pskIdentity 
)

Set the PSK identity to be used by the client.

Parameters
[in]contextPointer to the TLS context
[in]pskIdentityNULL-terminated string that contains the PSK identity
Returns
Error code

Definition at line 944 of file tls.c.

◆ tlsSetPskIdentityHint()

error_t tlsSetPskIdentityHint ( TlsContext context,
const char_t pskIdentityHint 
)

Set the PSK identity hint to be used by the server.

Parameters
[in]contextPointer to the TLS context
[in]pskIdentityHintNULL-terminated string that contains the PSK identity hint
Returns
Error code

Definition at line 993 of file tls.c.

◆ tlsSetRpkVerifyCallback()

error_t tlsSetRpkVerifyCallback ( TlsContext context,
TlsRpkVerifyCallback  rpkVerifyCallback 
)

Register the raw public key verification callback function.

Parameters
[in]contextPointer to the TLS context
[in]rpkVerifyCallbackRPK verification callback function
Returns
Error code

Definition at line 1068 of file tls.c.

◆ tlsSetServerName()

error_t tlsSetServerName ( TlsContext context,
const char_t serverName 
)

Set the server name.

Parameters
[in]contextPointer to the TLS context
[in]serverNameFully qualified domain name of the server
Returns
Error code

Definition at line 365 of file tls.c.

◆ tlsSetSocketCallbacks()

error_t tlsSetSocketCallbacks ( TlsContext context,
TlsSocketSendCallback  socketSendCallback,
TlsSocketReceiveCallback  socketReceiveCallback,
TlsSocketHandle  handle 
)

Set socket send and receive callbacks.

Parameters
[in]contextPointer to the TLS context
[in]socketSendCallbackSend callback function
[in]socketReceiveCallbackReceive callback function
[in]handleSocket handle
Returns
Error code

Definition at line 217 of file tls.c.

◆ tlsSetSupportedGroups()

error_t tlsSetSupportedGroups ( TlsContext context,
const uint16_t *  groups,
uint_t  length 
)

Specify the list of allowed ECDHE and FFDHE groups.

Parameters
[in]contextPointer to the TLS context
[in]groupsList of named groups
[in]lengthNumber of named groups in the list
Returns
Error code

Definition at line 592 of file tls.c.

◆ tlsSetTicketCallbacks()

error_t tlsSetTicketCallbacks ( TlsContext context,
TlsTicketEncryptCallback  ticketEncryptCallback,
TlsTicketDecryptCallback  ticketDecryptCallback,
void *  param 
)

Set ticket encryption/decryption callbacks.

Parameters
[in]contextPointer to the TLS context
[in]ticketEncryptCallbackTicket encryption callback function
[in]ticketDecryptCallbackTicket decryption callback function
[in]paramAn opaque pointer passed to the callback functions
Returns
Error code

Definition at line 1326 of file tls.c.

◆ tlsSetTimeout()

error_t tlsSetTimeout ( TlsContext context,
systime_t  timeout 
)

Set timeout for blocking calls (for DTLS only)

Parameters
[in]contextPointer to the TLS context
[in]timeoutMaximum time to wait
Returns
Error code

Definition at line 1388 of file tls.c.

◆ tlsSetTransportProtocol()

error_t tlsSetTransportProtocol ( TlsContext context,
TlsTransportProtocol  transportProtocol 
)

Set the transport protocol to be used.

Parameters
[in]contextPointer to the TLS context
[in]transportProtocolTransport protocol to be used
Returns
Error code

Definition at line 283 of file tls.c.

◆ tlsSetTrustedCaList()

error_t tlsSetTrustedCaList ( TlsContext context,
const char_t trustedCaList,
size_t  length 
)

Import a trusted CA list.

Parameters
[in]contextPointer to the TLS context
[in]trustedCaListList of trusted CA (PEM format)
[in]lengthTotal length of the list
Returns
Error code

Definition at line 1096 of file tls.c.

◆ tlsSetVersion()

error_t tlsSetVersion ( TlsContext context,
uint16_t  versionMin,
uint16_t  versionMax 
)

Set minimum and maximum versions permitted.

Parameters
[in]contextPointer to the TLS context
[in]versionMinMinimum version accepted by the TLS implementation
[in]versionMaxMaximum version accepted by the TLS implementation
Returns
Error code

Definition at line 249 of file tls.c.

◆ tlsShutdown()

error_t tlsShutdown ( TlsContext context)

Gracefully close TLS session.

Parameters
[in]contextPointer to the TLS context

Definition at line 2112 of file tls.c.

◆ tlsShutdownEx()

error_t tlsShutdownEx ( TlsContext context,
bool_t  waitForCloseNotify 
)

Gracefully close TLS session.

Parameters
[in]contextPointer to the TLS context
[in]waitForCloseNotifyWait for the close notify alert from the peer

Definition at line 2125 of file tls.c.

◆ tlsWrite()

error_t tlsWrite ( TlsContext context,
const void *  data,
size_t  length,
size_t *  written,
uint_t  flags 
)

Send application data to the remote host using TLS.

Parameters
[in]contextPointer to the TLS context
[in]dataPointer to a buffer containing the data to be transmitted
[in]lengthNumber of bytes to be transmitted
[out]writtenActual number of bytes written (optional parameter)
[in]flagsSet of flags that influences the behavior of this function
Returns
Error code

Definition at line 1663 of file tls.c.

◆ tlsWriteEarlyData()

error_t tlsWriteEarlyData ( TlsContext context,
const void *  data,
size_t  length,
size_t *  written,
uint_t  flags 
)

Send early data to the remote TLS server.

Parameters
[in]contextPointer to the TLS context
[in]dataPointer to a buffer containing the data to be transmitted
[in]lengthNumber of bytes to be transmitted
[out]writtenActual number of bytes written (optional parameter)
[in]flagsSet of flags that influences the behavior of this function
Returns
Error code

Definition at line 1509 of file tls.c.

Variable Documentation

◆ algorithm

TlsSignHashAlgo algorithm

Definition at line 1569 of file tls.h.

◆ b

uint8_t b[8]

Definition at line 1337 of file tls.h.

◆ certificateTypes

uint8_t certificateTypes[]

Definition at line 1654 of file tls.h.

◆ certificateTypesLen

uint8_t certificateTypesLen

Definition at line 1653 of file tls.h.

◆ clientVersion

uint16_t clientVersion

Definition at line 1613 of file tls.h.

◆ data

uint8_t data[]

Definition at line 1584 of file tls.h.

◆ description

uint8_t description

Definition at line 1703 of file tls.h.

◆ hash

uint8_t hash

Definition at line 1369 of file tls.h.

◆ hostname

char_t hostname[]

Definition at line 1449 of file tls.h.

◆ length

uint8_t length[3]

Definition at line 1347 of file tls.h.

◆ level

uint8_t level

Definition at line 1702 of file tls.h.

◆ msgType

uint8_t msgType

Definition at line 1594 of file tls.h.

◆ random

uint8_t random[32]

Definition at line 1614 of file tls.h.

◆ serverVersion

uint16_t serverVersion

Definition at line 1626 of file tls.h.

◆ sessionId

uint8_t sessionId[]

Definition at line 1616 of file tls.h.

◆ sessionIdLen

uint8_t sessionIdLen

Definition at line 1615 of file tls.h.

◆ signature

uint8_t signature

Definition at line 1370 of file tls.h.

◆ type

uint8_t type

Definition at line 1413 of file tls.h.

◆ value

uint8_t value[]

Definition at line 1348 of file tls.h.

◆ version

uint16_t version

Definition at line 1582 of file tls.h.

error_t socketSend(Socket *socket, const void *data, size_t length, size_t *written, uint_t flags)
Send data to a connected socket.
Definition: socket.c:514
error_t(* TlsSocketReceiveCallback)(TlsSocketHandle handle, void *data, size_t size, size_t *received, uint_t flags)
Socket receive callback function.
Definition: tls.h:1732
error_t(* TlsSocketSendCallback)(TlsSocketHandle handle, const void *data, size_t length, size_t *written, uint_t flags)
Socket send callback function.
Definition: tls.h:1724
error_t tlsSetSocketCallbacks(TlsContext *context, TlsSocketSendCallback socketSendCallback, TlsSocketReceiveCallback socketReceiveCallback, TlsSocketHandle handle)
Set socket send and receive callbacks.
Definition: tls.c:217
error_t socketReceive(Socket *socket, void *data, size_t size, size_t *received, uint_t flags)
Receive data from a connected socket.
Definition: socket.c:609
int_t socket(int_t family, int_t type, int_t protocol)
Create a socket that is bound to a specific transport service provider.
Definition: bsd_socket.c:108
void * TlsSocketHandle
Socket handle.
Definition: tls.h:1717