Data Structures | Macros | Typedefs | Enumerations | Functions | Variables
tls.h File Reference

TLS (Transport Layer Security) More...

#include "core/crypto.h"
#include "tls_config.h"
#include "tls_legacy.h"
#include "tls13_misc.h"
#include "dtls_misc.h"
#include "mac/hmac.h"
#include "aead/aead_algorithms.h"
#include "pkc/key_exch_algorithms.h"
#include "pkc/rsa.h"
#include "pkc/dsa.h"
#include "ecc/ecdsa.h"
#include "pkix/x509_common.h"

Go to the source code of this file.

Data Structures

struct  TlsCipherSuiteInfo
 Structure describing a cipher suite. More...
 
struct  TlsSessionState
 TLS session state. More...
 
struct  TlsCache
 Session cache. More...
 
struct  TlsCertDesc
 Certificate descriptor. More...
 
struct  TlsHelloExtensions
 Hello extensions. More...
 
struct  _TlsEncryptionEngine
 Encryption engine. More...
 
struct  _TlsContext
 TLS context. More...
 

Macros

#define TlsContext   struct _TlsContext
 
#define TlsEncryptionEngine   struct _TlsEncryptionEngine
 
#define CYCLONE_SSL_VERSION_STRING   "2.4.0"
 
#define CYCLONE_SSL_MAJOR_VERSION   2
 
#define CYCLONE_SSL_MINOR_VERSION   4
 
#define CYCLONE_SSL_REV_NUMBER   0
 
#define SSL_VERSION_3_0   0x0300
 
#define TLS_VERSION_1_0   0x0301
 
#define TLS_VERSION_1_1   0x0302
 
#define TLS_VERSION_1_2   0x0303
 
#define TLS_VERSION_1_3   0x0304
 
#define TLS_SUPPORT   ENABLED
 
#define TLS_CLIENT_SUPPORT   ENABLED
 
#define TLS_SERVER_SUPPORT   ENABLED
 
#define TLS_MIN_VERSION   TLS_VERSION_1_2
 
#define TLS_MAX_VERSION   TLS_VERSION_1_3
 
#define TLS_SESSION_RESUME_SUPPORT   ENABLED
 
#define TLS_SESSION_CACHE_LIFETIME   3600000
 
#define TLS_TICKET_SUPPORT   DISABLED
 
#define TLS_MAX_TICKET_SIZE   1024
 
#define TLS_TICKET_LIFETIME   3600000
 
#define TLS_SNI_SUPPORT   ENABLED
 
#define TLS_MAX_FRAG_LEN_SUPPORT   DISABLED
 
#define TLS_RECORD_SIZE_LIMIT_SUPPORT   ENABLED
 
#define TLS_ALPN_SUPPORT   DISABLED
 
#define TLS_ENCRYPT_THEN_MAC_SUPPORT   DISABLED
 
#define TLS_EXT_MASTER_SECRET_SUPPORT   ENABLED
 
#define TLS_CLIENT_HELLO_PADDING_SUPPORT   ENABLED
 
#define TLS_CERT_AUTHORITIES_SUPPORT   DISABLED
 
#define TLS_SIGN_ALGOS_CERT_SUPPORT   DISABLED
 
#define TLS_RAW_PUBLIC_KEY_SUPPORT   DISABLED
 
#define TLS_SECURE_RENEGOTIATION_SUPPORT   ENABLED
 
#define TLS_FALLBACK_SCSV_SUPPORT   DISABLED
 
#define TLS_ECC_CALLBACK_SUPPORT   DISABLED
 
#define TLS_MAX_CERTIFICATES   3
 
#define TLS_RSA_KE_SUPPORT   ENABLED
 
#define TLS_DHE_RSA_KE_SUPPORT   ENABLED
 
#define TLS_DHE_DSS_KE_SUPPORT   DISABLED
 
#define TLS_DH_ANON_KE_SUPPORT   DISABLED
 
#define TLS_ECDHE_RSA_KE_SUPPORT   ENABLED
 
#define TLS_ECDHE_ECDSA_KE_SUPPORT   ENABLED
 
#define TLS_ECDH_ANON_KE_SUPPORT   DISABLED
 
#define TLS_PSK_KE_SUPPORT   DISABLED
 
#define TLS_RSA_PSK_KE_SUPPORT   DISABLED
 
#define TLS_DHE_PSK_KE_SUPPORT   DISABLED
 
#define TLS_ECDHE_PSK_KE_SUPPORT   DISABLED
 
#define TLS_RSA_SIGN_SUPPORT   ENABLED
 
#define TLS_RSA_PSS_SIGN_SUPPORT   ENABLED
 
#define TLS_DSA_SIGN_SUPPORT   DISABLED
 
#define TLS_ECDSA_SIGN_SUPPORT   ENABLED
 
#define TLS_SM2_SIGN_SUPPORT   DISABLED
 
#define TLS_ED25519_SIGN_SUPPORT   DISABLED
 
#define TLS_ED448_SIGN_SUPPORT   DISABLED
 
#define TLS_NULL_CIPHER_SUPPORT   DISABLED
 
#define TLS_STREAM_CIPHER_SUPPORT   DISABLED
 
#define TLS_CBC_CIPHER_SUPPORT   ENABLED
 
#define TLS_CCM_CIPHER_SUPPORT   DISABLED
 
#define TLS_CCM_8_CIPHER_SUPPORT   DISABLED
 
#define TLS_GCM_CIPHER_SUPPORT   ENABLED
 
#define TLS_CHACHA20_POLY1305_SUPPORT   DISABLED
 
#define TLS_RC4_SUPPORT   DISABLED
 
#define TLS_IDEA_SUPPORT   DISABLED
 
#define TLS_DES_SUPPORT   DISABLED
 
#define TLS_3DES_SUPPORT   DISABLED
 
#define TLS_AES_128_SUPPORT   ENABLED
 
#define TLS_AES_256_SUPPORT   ENABLED
 
#define TLS_CAMELLIA_128_SUPPORT   DISABLED
 
#define TLS_CAMELLIA_256_SUPPORT   DISABLED
 
#define TLS_ARIA_128_SUPPORT   DISABLED
 
#define TLS_ARIA_256_SUPPORT   DISABLED
 
#define TLS_SEED_SUPPORT   DISABLED
 
#define TLS_SM4_SUPPORT   DISABLED
 
#define TLS_MD5_SUPPORT   DISABLED
 
#define TLS_SHA1_SUPPORT   ENABLED
 
#define TLS_SHA224_SUPPORT   DISABLED
 
#define TLS_SHA256_SUPPORT   ENABLED
 
#define TLS_SHA384_SUPPORT   ENABLED
 
#define TLS_SHA512_SUPPORT   DISABLED
 
#define TLS_SM3_SUPPORT   DISABLED
 
#define TLS_FFDHE_SUPPORT   DISABLED
 
#define TLS_FFDHE2048_SUPPORT   ENABLED
 
#define TLS_FFDHE3072_SUPPORT   DISABLED
 
#define TLS_FFDHE4096_SUPPORT   DISABLED
 
#define TLS_SECP160K1_SUPPORT   DISABLED
 
#define TLS_SECP160R1_SUPPORT   DISABLED
 
#define TLS_SECP160R2_SUPPORT   DISABLED
 
#define TLS_SECP192K1_SUPPORT   DISABLED
 
#define TLS_SECP192R1_SUPPORT   DISABLED
 
#define TLS_SECP224K1_SUPPORT   DISABLED
 
#define TLS_SECP224R1_SUPPORT   DISABLED
 
#define TLS_SECP256K1_SUPPORT   DISABLED
 
#define TLS_SECP256R1_SUPPORT   ENABLED
 
#define TLS_SECP384R1_SUPPORT   ENABLED
 
#define TLS_SECP521R1_SUPPORT   DISABLED
 
#define TLS_BRAINPOOLP256R1_SUPPORT   DISABLED
 
#define TLS_BRAINPOOLP384R1_SUPPORT   DISABLED
 
#define TLS_BRAINPOOLP512R1_SUPPORT   DISABLED
 
#define TLS_SM2_SUPPORT   DISABLED
 
#define TLS_X25519_SUPPORT   DISABLED
 
#define TLS_X448_SUPPORT   DISABLED
 
#define TLS_CERT_KEY_USAGE_SUPPORT   ENABLED
 
#define TLS_KEY_LOG_SUPPORT   DISABLED
 
#define TLS_MAX_SERVER_NAME_LEN   255
 
#define TLS_MAX_PASSWORD_LEN   32
 
#define TLS_MIN_DH_MODULUS_SIZE   1024
 
#define TLS_MAX_DH_MODULUS_SIZE   2048
 
#define TLS_MIN_RSA_MODULUS_SIZE   1024
 
#define TLS_MAX_RSA_MODULUS_SIZE   4096
 
#define TLS_MIN_DSA_MODULUS_SIZE   1024
 
#define TLS_MAX_DSA_MODULUS_SIZE   4096
 
#define TLS_MASTER_SECRET_SIZE   48
 
#define TLS_PREMASTER_SECRET_SIZE   (TLS_MAX_DH_MODULUS_SIZE / 8)
 
#define TLS_MAX_WARNING_ALERTS   5
 
#define TLS_MAX_EMPTY_RECORDS   10
 
#define TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES   5
 
#define TLS_MAX_KEY_UPDATE_MESSAGES   5
 
#define TLS_PRIVATE_CONTEXT
 
#define TLS_PRIVATE_ENCRYPTION_ENGINE
 
#define tlsAllocMem(size)   osAllocMem(size)
 
#define tlsFreeMem(p)   osFreeMem(p)
 
#define TLS_DH_SUPPORT   ENABLED
 
#define TLS_ECDH_SUPPORT   ENABLED
 
#define TLS_RSA_SUPPORT   ENABLED
 
#define TLS_PSK_SUPPORT   ENABLED
 
#define TLS_MAX_HKDF_DIGEST_SIZE   48
 
#define tlsSetSocket(context, socket)
 
#define TLS_MIN_RECORD_LENGTH   512
 
#define TLS_MAX_RECORD_LENGTH   16384
 
#define TLS_MAX_RECORD_OVERHEAD   512
 
#define TLS_RANDOM_SIZE   32
 
#define TLS_SIGN_SCHEME(signAlgo, hashAlgo)    ((TlsSignatureScheme) (((hashAlgo) << 8) | (signAlgo)))
 
#define TLS_FLAG_BREAK(c)   (TLS_FLAG_BREAK_CHAR | LSB(c))
 

Typedefs

typedef void TlsHelloRequest
 HelloRequest message. More...
 
typedef void TlsCertificate
 Certificate message. More...
 
typedef void TlsServerKeyExchange
 ServerKeyExchange message. More...
 
typedef void TlsServerHelloDone
 ServerHelloDone message. More...
 
typedef void TlsClientKeyExchange
 ClientKeyExchange message. More...
 
typedef void TlsCertificateVerify
 CertificateVerify message. More...
 
typedef void TlsFinished
 Finished message. More...
 
typedef void * TlsSocketHandle
 Socket handle. More...
 
typedef void(* TlsStateChangeCallback) (TlsContext *context, TlsState state)
 TLS state change callback. More...
 
typedef error_t(* TlsSocketSendCallback) (TlsSocketHandle handle, const void *data, size_t length, size_t *written, uint_t flags)
 Socket send callback function. More...
 
typedef error_t(* TlsSocketReceiveCallback) (TlsSocketHandle handle, void *data, size_t size, size_t *received, uint_t flags)
 Socket receive callback function. More...
 
typedef error_t(* TlsAlpnCallback) (TlsContext *context, const char_t *selectedProtocol)
 ALPN callback function. More...
 
typedef error_t(* TlsPskCallback) (TlsContext *context, const uint8_t *pskIdentity, size_t pskIdentityLen)
 Pre-shared key callback function. More...
 
typedef error_t(* TlsCertVerifyCallback) (TlsContext *context, const X509CertInfo *certInfo, uint_t pathLen, void *param)
 Certificate verification callback function. More...
 
typedef error_t(* TlsRpkVerifyCallback) (TlsContext *context, const uint8_t *rawPublicKey, size_t rawPublicKeyLen)
 Raw public key verification callback function. More...
 
typedef error_t(* TlsTicketEncryptCallback) (TlsContext *context, const uint8_t *plaintext, size_t plaintextLen, uint8_t *ciphertext, size_t *ciphertextLen, void *param)
 Ticket encryption callback function. More...
 
typedef error_t(* TlsTicketDecryptCallback) (TlsContext *context, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen, void *param)
 Ticket decryption callback function. More...
 
typedef error_t(* TlsEcdhCallback) (TlsContext *context)
 ECDH key agreement callback function. More...
 
typedef error_t(* TlsEcdsaSignCallback) (TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
 ECDSA signature generation callback function. More...
 
typedef error_t(* TlsEcdsaVerifyCallback) (TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
 ECDSA signature verification callback function. More...
 
typedef void(* TlsKeyLogCallback) (TlsContext *context, const char_t *key)
 Key logging callback function (for debugging purpose only) More...
 

Enumerations

enum  TlsTransportProtocol { TLS_TRANSPORT_PROTOCOL_STREAM = 0 , TLS_TRANSPORT_PROTOCOL_DATAGRAM = 1 , TLS_TRANSPORT_PROTOCOL_EAP = 2 }
 TLS transport protocols. More...
 
enum  TlsConnectionEnd { TLS_CONNECTION_END_CLIENT = 0 , TLS_CONNECTION_END_SERVER = 1 }
 TLS connection end. More...
 
enum  TlsClientAuthMode { TLS_CLIENT_AUTH_NONE = 0 , TLS_CLIENT_AUTH_OPTIONAL = 1 , TLS_CLIENT_AUTH_REQUIRED = 2 }
 Client authentication mode. More...
 
enum  TlsEarlyDataStatus { TLS_EARLY_DATA_REJECTED = 0 , TLS_EARLY_DATA_ACCEPTED = 1 }
 Early data status. More...
 
enum  TlsFlags {
  TLS_FLAG_PEEK = 0x0200 , TLS_FLAG_WAIT_ALL = 0x0800 , TLS_FLAG_BREAK_CHAR = 0x1000 , TLS_FLAG_BREAK_CRLF = 0x100A ,
  TLS_FLAG_WAIT_ACK = 0x2000 , TLS_FLAG_NO_DELAY = 0x4000 , TLS_FLAG_DELAY = 0x8000
}
 Flags used by read and write functions. More...
 
enum  TlsContentType {
  TLS_TYPE_NONE = 0 , TLS_TYPE_CHANGE_CIPHER_SPEC = 20 , TLS_TYPE_ALERT = 21 , TLS_TYPE_HANDSHAKE = 22 ,
  TLS_TYPE_APPLICATION_DATA = 23 , TLS_TYPE_HEARTBEAT = 24 , TLS_TYPE_TLS12_CID = 25 , TLS_TYPE_ACK = 26
}
 Content type. More...
 
enum  TlsMessageType {
  TLS_TYPE_HELLO_REQUEST = 0 , TLS_TYPE_CLIENT_HELLO = 1 , TLS_TYPE_SERVER_HELLO = 2 , TLS_TYPE_HELLO_VERIFY_REQUEST = 3 ,
  TLS_TYPE_NEW_SESSION_TICKET = 4 , TLS_TYPE_END_OF_EARLY_DATA = 5 , TLS_TYPE_HELLO_RETRY_REQUEST = 6 , TLS_TYPE_ENCRYPTED_EXTENSIONS = 8 ,
  TLS_TYPE_REQUEST_CONNECTION_ID = 9 , TLS_TYPE_NEW_CONNECTION_ID = 10 , TLS_TYPE_CERTIFICATE = 11 , TLS_TYPE_SERVER_KEY_EXCHANGE = 12 ,
  TLS_TYPE_CERTIFICATE_REQUEST = 13 , TLS_TYPE_SERVER_HELLO_DONE = 14 , TLS_TYPE_CERTIFICATE_VERIFY = 15 , TLS_TYPE_CLIENT_KEY_EXCHANGE = 16 ,
  TLS_TYPE_FINISHED = 20 , TLS_TYPE_CERTIFICATE_URL = 21 , TLS_TYPE_CERTIFICATE_STATUS = 22 , TLS_TYPE_SUPPLEMENTAL_DATA = 23 ,
  TLS_TYPE_KEY_UPDATE = 24 , TLS_TYPE_COMPRESSED_CERTIFICATE = 25 , TLS_TYPE_EKT_KEY = 26 , TLS_TYPE_MESSAGE_HASH = 254
}
 Handshake message type. More...
 
enum  TlsAlertLevel { TLS_ALERT_LEVEL_WARNING = 1 , TLS_ALERT_LEVEL_FATAL = 2 }
 Alert level. More...
 
enum  TlsAlertDescription {
  TLS_ALERT_CLOSE_NOTIFY = 0 , TLS_ALERT_UNEXPECTED_MESSAGE = 10 , TLS_ALERT_BAD_RECORD_MAC = 20 , TLS_ALERT_DECRYPTION_FAILED = 21 ,
  TLS_ALERT_RECORD_OVERFLOW = 22 , TLS_ALERT_DECOMPRESSION_FAILURE = 30 , TLS_ALERT_HANDSHAKE_FAILURE = 40 , TLS_ALERT_NO_CERTIFICATE = 41 ,
  TLS_ALERT_BAD_CERTIFICATE = 42 , TLS_ALERT_UNSUPPORTED_CERTIFICATE = 43 , TLS_ALERT_CERTIFICATE_REVOKED = 44 , TLS_ALERT_CERTIFICATE_EXPIRED = 45 ,
  TLS_ALERT_CERTIFICATE_UNKNOWN = 46 , TLS_ALERT_ILLEGAL_PARAMETER = 47 , TLS_ALERT_UNKNOWN_CA = 48 , TLS_ALERT_ACCESS_DENIED = 49 ,
  TLS_ALERT_DECODE_ERROR = 50 , TLS_ALERT_DECRYPT_ERROR = 51 , TLS_ALERT_TOO_MANY_CIDS_REQUESTED = 52 , TLS_ALERT_EXPORT_RESTRICTION = 60 ,
  TLS_ALERT_PROTOCOL_VERSION = 70 , TLS_ALERT_INSUFFICIENT_SECURITY = 71 , TLS_ALERT_INTERNAL_ERROR = 80 , TLS_ALERT_INAPPROPRIATE_FALLBACK = 86 ,
  TLS_ALERT_USER_CANCELED = 90 , TLS_ALERT_NO_RENEGOTIATION = 100 , TLS_ALERT_MISSING_EXTENSION = 109 , TLS_ALERT_UNSUPPORTED_EXTENSION = 110 ,
  TLS_ALERT_CERTIFICATE_UNOBTAINABLE = 111 , TLS_ALERT_UNRECOGNIZED_NAME = 112 , TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE = 113 , TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE = 114 ,
  TLS_ALERT_UNKNOWN_PSK_IDENTITY = 115 , TLS_ALERT_CERTIFICATE_REQUIRED = 116 , TLS_ALERT_NO_APPLICATION_PROTOCOL = 120
}
 Alert description. More...
 
enum  TlsCompressMethod { TLS_COMPRESSION_METHOD_NULL = 0 , TLS_COMPRESSION_METHOD_DEFLATE = 1 }
 Compression methods. More...
 
enum  TlsKeyExchMethod {
  TLS_KEY_EXCH_NONE = 0 , TLS_KEY_EXCH_RSA = 1 , TLS_KEY_EXCH_DH_RSA = 2 , TLS_KEY_EXCH_DHE_RSA = 3 ,
  TLS_KEY_EXCH_DH_DSS = 4 , TLS_KEY_EXCH_DHE_DSS = 5 , TLS_KEY_EXCH_DH_ANON = 6 , TLS_KEY_EXCH_ECDH_RSA = 7 ,
  TLS_KEY_EXCH_ECDHE_RSA = 8 , TLS_KEY_EXCH_ECDH_ECDSA = 9 , TLS_KEY_EXCH_ECDHE_ECDSA = 10 , TLS_KEY_EXCH_ECDH_ANON = 11 ,
  TLS_KEY_EXCH_PSK = 12 , TLS_KEY_EXCH_RSA_PSK = 13 , TLS_KEY_EXCH_DHE_PSK = 14 , TLS_KEY_EXCH_ECDHE_PSK = 15 ,
  TLS_KEY_EXCH_SRP_SHA = 16 , TLS_KEY_EXCH_SRP_SHA_RSA = 17 , TLS_KEY_EXCH_SRP_SHA_DSS = 18 , TLS13_KEY_EXCH_DHE = 19 ,
  TLS13_KEY_EXCH_ECDHE = 20 , TLS13_KEY_EXCH_PSK = 21 , TLS13_KEY_EXCH_PSK_DHE = 22 , TLS13_KEY_EXCH_PSK_ECDHE = 23
}
 Key exchange methods. More...
 
enum  TlsCertificateFormat { TLS_CERT_FORMAT_X509 = 0 , TLS_CERT_FORMAT_OPENPGP = 1 , TLS_CERT_FORMAT_RAW_PUBLIC_KEY = 2 , TLS_CERT_FORMAT_1609DOT2 = 3 }
 Certificate formats. More...
 
enum  TlsCertificateType {
  TLS_CERT_NONE = 0 , TLS_CERT_RSA_SIGN = 1 , TLS_CERT_DSS_SIGN = 2 , TLS_CERT_RSA_FIXED_DH = 3 ,
  TLS_CERT_DSS_FIXED_DH = 4 , TLS_CERT_RSA_EPHEMERAL_DH = 5 , TLS_CERT_DSS_EPHEMERAL_DH = 6 , TLS_CERT_FORTEZZA_DMS = 20 ,
  TLS_CERT_ECDSA_SIGN = 64 , TLS_CERT_RSA_FIXED_ECDH = 65 , TLS_CERT_ECDSA_FIXED_ECDH = 66 , TLS_CERT_GOST_SIGN256 = 67 ,
  TLS_CERT_GOST_SIGN512 = 68 , TLS_CERT_RSA_PSS_SIGN = 256 , TLS_CERT_SM2_SIGN = 257 , TLS_CERT_ED25519_SIGN = 258 ,
  TLS_CERT_ED448_SIGN = 259
}
 Certificate types. More...
 
enum  TlsHashAlgo {
  TLS_HASH_ALGO_NONE = 0 , TLS_HASH_ALGO_MD5 = 1 , TLS_HASH_ALGO_SHA1 = 2 , TLS_HASH_ALGO_SHA224 = 3 ,
  TLS_HASH_ALGO_SHA256 = 4 , TLS_HASH_ALGO_SHA384 = 5 , TLS_HASH_ALGO_SHA512 = 6 , TLS_HASH_ALGO_INTRINSIC = 8 ,
  TLS_HASH_ALGO_SM3 = 256
}
 Hash algorithms. More...
 
enum  TlsSignatureAlgo {
  TLS_SIGN_ALGO_ANONYMOUS = 0 , TLS_SIGN_ALGO_RSA = 1 , TLS_SIGN_ALGO_DSA = 2 , TLS_SIGN_ALGO_ECDSA = 3 ,
  TLS_SIGN_ALGO_ED25519 = 7 , TLS_SIGN_ALGO_ED448 = 8 , TLS_SIGN_ALGO_GOSTR34102012_256 = 64 , TLS_SIGN_ALGO_GOSTR34102012_512 = 65
}
 Signature algorithms. More...
 
enum  TlsSignatureScheme {
  TLS_SIGN_SCHEME_NONE = 0x0000 , TLS_SIGN_SCHEME_RSA_PKCS1_SHA1 = 0x0201 , TLS_SIGN_SCHEME_RSA_PKCS1_SHA256 = 0x0401 , TLS_SIGN_SCHEME_RSA_PKCS1_SHA384 = 0x0501 ,
  TLS_SIGN_SCHEME_RSA_PKCS1_SHA512 = 0x0601 , TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256 = 0x0804 , TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384 = 0x0805 , TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512 = 0x0806 ,
  TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256 = 0x0809 , TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384 = 0x080A , TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512 = 0x080B , TLS_SIGN_SCHEME_ECDSA_SHA1 = 0x0203 ,
  TLS_SIGN_SCHEME_ECDSA_SECP256R1_SHA256 = 0x0403 , TLS_SIGN_SCHEME_ECDSA_SECP384R1_SHA384 = 0x0503 , TLS_SIGN_SCHEME_ECDSA_SECP521R1_SHA512 = 0x0603 , TLS_SIGN_SCHEME_ECDSA_BP256R1_TLS13_SHA256 = 0x081A ,
  TLS_SIGN_SCHEME_ECDSA_BP384R1_TLS13_SHA384 = 0x081B , TLS_SIGN_SCHEME_ECDSA_BP512R1_TLS13_SHA512 = 0x081C , TLS_SIGN_SCHEME_SM2SIG_SM3 = 0x0708 , TLS_SIGN_SCHEME_ED25519 = 0x0807 ,
  TLS_SIGN_SCHEME_ED448 = 0x0808 , TLS_SIGN_SCHEME_GOSTR34102012_256A = 0x0709 , TLS_SIGN_SCHEME_GOSTR34102012_256B = 0x070A , TLS_SIGN_SCHEME_GOSTR34102012_256C = 0x070B ,
  TLS_SIGN_SCHEME_GOSTR34102012_256D = 0x070C , TLS_SIGN_SCHEME_GOSTR34102012_512A = 0x070D , TLS_SIGN_SCHEME_GOSTR34102012_512B = 0x070E , TLS_SIGN_SCHEME_GOSTR34102012_512C = 0x070F
}
 Signature schemes. More...
 
enum  TlsExtensionType {
  TLS_EXT_SERVER_NAME = 0 , TLS_EXT_MAX_FRAGMENT_LENGTH = 1 , TLS_EXT_CLIENT_CERTIFICATE_URL = 2 , TLS_EXT_TRUSTED_CA_KEYS = 3 ,
  TLS_EXT_TRUNCATED_HMAC = 4 , TLS_EXT_STATUS_REQUEST = 5 , TLS_EXT_USER_MAPPING = 6 , TLS_EXT_CLIENT_AUTHZ = 7 ,
  TLS_EXT_SERVER_AUTHZ = 8 , TLS_EXT_CERT_TYPE = 9 , TLS_EXT_SUPPORTED_GROUPS = 10 , TLS_EXT_EC_POINT_FORMATS = 11 ,
  TLS_EXT_SRP = 12 , TLS_EXT_SIGNATURE_ALGORITHMS = 13 , TLS_EXT_USE_SRTP = 14 , TLS_EXT_HEARTBEAT = 15 ,
  TLS_EXT_ALPN = 16 , TLS_EXT_STATUS_REQUEST_V2 = 17 , TLS_EXT_SIGNED_CERT_TIMESTAMP = 18 , TLS_EXT_CLIENT_CERT_TYPE = 19 ,
  TLS_EXT_SERVER_CERT_TYPE = 20 , TLS_EXT_PADDING = 21 , TLS_EXT_ENCRYPT_THEN_MAC = 22 , TLS_EXT_EXTENDED_MASTER_SECRET = 23 ,
  TLS_EXT_TOKEN_BINDING = 24 , TLS_EXT_CACHED_INFO = 25 , TLS_EXT_COMPRESS_CERTIFICATE = 27 , TLS_EXT_RECORD_SIZE_LIMIT = 28 ,
  TLS_EXT_PWD_PROTECT = 29 , TLS_EXT_PWD_CLEAR = 30 , TLS_EXT_PASSWORD_SALT = 31 , TLS_EXT_TICKET_PINNING = 32 ,
  TLS_EXT_TLS_CERT_WITH_EXTERN_PSK = 33 , TLS_EXT_SESSION_TICKET = 35 , TLS_EXT_SUPPORTED_EKT_CIPHERS = 39 , TLS_EXT_PRE_SHARED_KEY = 41 ,
  TLS_EXT_EARLY_DATA = 42 , TLS_EXT_SUPPORTED_VERSIONS = 43 , TLS_EXT_COOKIE = 44 , TLS_EXT_PSK_KEY_EXCHANGE_MODES = 45 ,
  TLS_EXT_CERTIFICATE_AUTHORITIES = 47 , TLS_EXT_OID_FILTERS = 48 , TLS_EXT_POST_HANDSHAKE_AUTH = 49 , TLS_EXT_SIGNATURE_ALGORITHMS_CERT = 50 ,
  TLS_EXT_KEY_SHARE = 51 , TLS_EXT_TRANSPARENCY_INFO = 52 , TLS_EXT_CONNECTION_ID = 54 , TLS_EXT_EXTERNAL_ID_HASH = 55 ,
  TLS_EXT_EXTERNAL_SESSION_ID = 56 , TLS_EXT_QUIC_TRANSPORT_PARAMETERS = 57 , TLS_EXT_TICKET_REQUEST = 58 , TLS_EXT_DNSSEC_CHAIN = 59 ,
  TLS_EXT_RENEGOTIATION_INFO = 65281
}
 TLS extension types. More...
 
enum  TlsNameType { TLS_NAME_TYPE_HOSTNAME = 0 }
 Name type. More...
 
enum  TlsMaxFragmentLength { TLS_MAX_FRAGMENT_LENGTH_512 = 1 , TLS_MAX_FRAGMENT_LENGTH_1024 = 2 , TLS_MAX_FRAGMENT_LENGTH_2048 = 3 , TLS_MAX_FRAGMENT_LENGTH_4096 = 4 }
 Maximum fragment length. More...
 
enum  TlsNamedGroup {
  TLS_GROUP_NONE = 0 , TLS_GROUP_SECT163K1 = 1 , TLS_GROUP_SECT163R1 = 2 , TLS_GROUP_SECT163R2 = 3 ,
  TLS_GROUP_SECT193R1 = 4 , TLS_GROUP_SECT193R2 = 5 , TLS_GROUP_SECT233K1 = 6 , TLS_GROUP_SECT233R1 = 7 ,
  TLS_GROUP_SECT239K1 = 8 , TLS_GROUP_SECT283K1 = 9 , TLS_GROUP_SECT283R1 = 10 , TLS_GROUP_SECT409K1 = 11 ,
  TLS_GROUP_SECT409R1 = 12 , TLS_GROUP_SECT571K1 = 13 , TLS_GROUP_SECT571R1 = 14 , TLS_GROUP_SECP160K1 = 15 ,
  TLS_GROUP_SECP160R1 = 16 , TLS_GROUP_SECP160R2 = 17 , TLS_GROUP_SECP192K1 = 18 , TLS_GROUP_SECP192R1 = 19 ,
  TLS_GROUP_SECP224K1 = 20 , TLS_GROUP_SECP224R1 = 21 , TLS_GROUP_SECP256K1 = 22 , TLS_GROUP_SECP256R1 = 23 ,
  TLS_GROUP_SECP384R1 = 24 , TLS_GROUP_SECP521R1 = 25 , TLS_GROUP_BRAINPOOLP256R1 = 26 , TLS_GROUP_BRAINPOOLP384R1 = 27 ,
  TLS_GROUP_BRAINPOOLP512R1 = 28 , TLS_GROUP_ECDH_X25519 = 29 , TLS_GROUP_ECDH_X448 = 30 , TLS_GROUP_BRAINPOOLP256R1_TLS13 = 31 ,
  TLS_GROUP_BRAINPOOLP384R1_TLS13 = 32 , TLS_GROUP_BRAINPOOLP512R1_TLS13 = 33 , TLS_GROUP_GC256A = 34 , TLS_GROUP_GC256B = 35 ,
  TLS_GROUP_GC256C = 36 , TLS_GROUP_GC256D = 37 , TLS_GROUP_GC512A = 38 , TLS_GROUP_GC512B = 39 ,
  TLS_GROUP_GC512C = 40 , TLS_GROUP_SM2 = 41 , TLS_GROUP_FFDHE2048 = 256 , TLS_GROUP_FFDHE3072 = 257 ,
  TLS_GROUP_FFDHE4096 = 258 , TLS_GROUP_FFDHE6144 = 259 , TLS_GROUP_FFDHE8192 = 260 , TLS_GROUP_FFDHE_MAX = 511 ,
  TLS_GROUP_X25519_KYBER768_DRAFT00 = 25497 , TLS_GROUP_SECP256R1_KYBER768_DRAFT00 = 25498 , TLS_GROUP_EXPLICIT_PRIME_CURVE = 65281 , TLS_GROUP_EXPLICIT_CHAR2_CURVE = 65282
}
 Named groups. More...
 
enum  TlsEcPointFormat { TLS_EC_POINT_FORMAT_UNCOMPRESSED = 0 , TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_PRIME = 1 , TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_CHAR2 = 2 }
 EC point formats. More...
 
enum  TlsEcCurveType { TLS_EC_CURVE_TYPE_EXPLICIT_PRIME = 1 , TLS_EC_CURVE_TYPE_EXPLICIT_CHAR2 = 2 , TLS_EC_CURVE_TYPE_NAMED_CURVE = 3 }
 EC curve types. More...
 
enum  TlsState {
  TLS_STATE_INIT = 0 , TLS_STATE_CLIENT_HELLO = 1 , TLS_STATE_CLIENT_HELLO_2 = 2 , TLS_STATE_EARLY_DATA = 3 ,
  TLS_STATE_HELLO_VERIFY_REQUEST = 4 , TLS_STATE_HELLO_RETRY_REQUEST = 5 , TLS_STATE_SERVER_HELLO = 6 , TLS_STATE_SERVER_HELLO_2 = 7 ,
  TLS_STATE_SERVER_HELLO_3 = 8 , TLS_STATE_HANDSHAKE_TRAFFIC_KEYS = 9 , TLS_STATE_ENCRYPTED_EXTENSIONS = 10 , TLS_STATE_SERVER_CERTIFICATE = 11 ,
  TLS_STATE_SERVER_KEY_EXCHANGE = 12 , TLS_STATE_SERVER_CERTIFICATE_VERIFY = 13 , TLS_STATE_CERTIFICATE_REQUEST = 14 , TLS_STATE_SERVER_HELLO_DONE = 15 ,
  TLS_STATE_CLIENT_CERTIFICATE = 16 , TLS_STATE_CLIENT_KEY_EXCHANGE = 17 , TLS_STATE_CLIENT_CERTIFICATE_VERIFY = 18 , TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC = 19 ,
  TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC_2 = 20 , TLS_STATE_CLIENT_FINISHED = 21 , TLS_STATE_CLIENT_APP_TRAFFIC_KEYS = 22 , TLS_STATE_SERVER_CHANGE_CIPHER_SPEC = 23 ,
  TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2 = 24 , TLS_STATE_SERVER_FINISHED = 25 , TLS_STATE_END_OF_EARLY_DATA = 26 , TLS_STATE_SERVER_APP_TRAFFIC_KEYS = 27 ,
  TLS_STATE_NEW_SESSION_TICKET = 28 , TLS_STATE_KEY_UPDATE = 29 , TLS_STATE_APPLICATION_DATA = 30 , TLS_STATE_CLOSING = 31 ,
  TLS_STATE_CLOSED = 32
}
 TLS FSM states. More...
 

Functions

TlsContexttlsInit (void)
 TLS context initialization. More...
 
TlsState tlsGetState (TlsContext *context)
 Retrieve current TLS state. More...
 
error_t tlsSetStateChangeCallback (TlsContext *context, TlsStateChangeCallback stateChangeCallback)
 Register TLS state change callback. More...
 
error_t tlsSetSocketCallbacks (TlsContext *context, TlsSocketSendCallback socketSendCallback, TlsSocketReceiveCallback socketReceiveCallback, TlsSocketHandle handle)
 Set socket send and receive callbacks. More...
 
error_t tlsSetVersion (TlsContext *context, uint16_t versionMin, uint16_t versionMax)
 Set minimum and maximum versions permitted. More...
 
error_t tlsSetTransportProtocol (TlsContext *context, TlsTransportProtocol transportProtocol)
 Set the transport protocol to be used. More...
 
error_t tlsSetConnectionEnd (TlsContext *context, TlsConnectionEnd entity)
 Set operation mode (client or server) More...
 
error_t tlsSetPrng (TlsContext *context, const PrngAlgo *prngAlgo, void *prngContext)
 Set the pseudo-random number generator to be used. More...
 
error_t tlsSetServerName (TlsContext *context, const char_t *serverName)
 Set the server name. More...
 
const char_ttlsGetServerName (TlsContext *context)
 Get the server name. More...
 
error_t tlsSetCache (TlsContext *context, TlsCache *cache)
 Set session cache. More...
 
error_t tlsSetClientAuthMode (TlsContext *context, TlsClientAuthMode mode)
 Set client authentication mode (for servers only) More...
 
error_t tlsSetBufferSize (TlsContext *context, size_t txBufferSize, size_t rxBufferSize)
 Set TLS buffer size. More...
 
error_t tlsSetMaxFragmentLength (TlsContext *context, size_t maxFragLen)
 Set maximum fragment length. More...
 
error_t tlsSetCipherSuites (TlsContext *context, const uint16_t *cipherSuites, uint_t length)
 Specify the list of allowed cipher suites. More...
 
error_t tlsSetSupportedGroups (TlsContext *context, const uint16_t *groups, uint_t length)
 Specify the list of allowed ECDHE and FFDHE groups. More...
 
error_t tlsSetPreferredGroup (TlsContext *context, uint16_t group)
 Specify the preferred ECDHE or FFDHE group. More...
 
error_t tlsSetSupportedSignAlgos (TlsContext *context, const uint16_t *signAlgos, uint_t length)
 Specify the list of allowed signature algorithms. More...
 
error_t tlsSetDhParameters (TlsContext *context, const char_t *params, size_t length)
 Import Diffie-Hellman parameters. More...
 
error_t tlsSetEcdhCallback (TlsContext *context, TlsEcdhCallback ecdhCallback)
 Register ECDH key agreement callback function. More...
 
error_t tlsSetEcdsaSignCallback (TlsContext *context, TlsEcdsaSignCallback ecdsaSignCallback)
 Register ECDSA signature generation callback function. More...
 
error_t tlsSetEcdsaVerifyCallback (TlsContext *context, TlsEcdsaVerifyCallback ecdsaVerifyCallback)
 Register ECDSA signature verification callback function. More...
 
error_t tlsSetKeyLogCallback (TlsContext *context, TlsKeyLogCallback keyLogCallback)
 Register key logging callback function (for debugging purpose only) More...
 
error_t tlsAllowUnknownAlpnProtocols (TlsContext *context, bool_t allowed)
 Allow unknown ALPN protocols. More...
 
error_t tlsSetAlpnProtocolList (TlsContext *context, const char_t *protocolList)
 Set the list of supported ALPN protocols. More...
 
error_t tlsSetAlpnCallback (TlsContext *context, TlsAlpnCallback alpnCallback)
 Register ALPN callback function. More...
 
const char_ttlsGetAlpnProtocol (TlsContext *context)
 Get the name of the selected ALPN protocol. More...
 
error_t tlsSetPsk (TlsContext *context, const uint8_t *psk, size_t length)
 Set the pre-shared key to be used. More...
 
error_t tlsSetPskIdentity (TlsContext *context, const char_t *pskIdentity)
 Set the PSK identity to be used by the client. More...
 
error_t tlsSetPskIdentityHint (TlsContext *context, const char_t *pskIdentityHint)
 Set the PSK identity hint to be used by the server. More...
 
error_t tlsSetPskCallback (TlsContext *context, TlsPskCallback pskCallback)
 Register PSK callback function. More...
 
error_t tlsSetRpkVerifyCallback (TlsContext *context, TlsRpkVerifyCallback rpkVerifyCallback)
 Register the raw public key verification callback function. More...
 
error_t tlsSetTrustedCaList (TlsContext *context, const char_t *trustedCaList, size_t length)
 Import a trusted CA list. More...
 
error_t tlsAddCertificate (TlsContext *context, const char_t *certChain, size_t certChainLen, const char_t *privateKey, size_t privateKeyLen)
 Add a certificate and the corresponding private key (deprecated) More...
 
error_t tlsLoadCertificate (TlsContext *context, uint_t index, const char_t *certChain, size_t certChainLen, const char_t *privateKey, size_t privateKeyLen, const char_t *password)
 Load entity's certificate. More...
 
error_t tlsSetCertificateVerifyCallback (TlsContext *context, TlsCertVerifyCallback certVerifyCallback, void *param)
 Register certificate verification callback function. More...
 
error_t tlsEnableSessionTickets (TlsContext *context, bool_t enabled)
 Enable session ticket mechanism. More...
 
error_t tlsEnableSecureRenegotiation (TlsContext *context, bool_t enabled)
 Enable secure renegotiation. More...
 
error_t tlsEnableFallbackScsv (TlsContext *context, bool_t enabled)
 Perform fallback retry (for clients only) More...
 
error_t tlsSetTicketCallbacks (TlsContext *context, TlsTicketEncryptCallback ticketEncryptCallback, TlsTicketDecryptCallback ticketDecryptCallback, void *param)
 Set ticket encryption/decryption callbacks. More...
 
error_t tlsSetPmtu (TlsContext *context, size_t pmtu)
 Set PMTU value (for DTLS only) More...
 
error_t tlsSetTimeout (TlsContext *context, systime_t timeout)
 Set timeout for blocking calls (for DTLS only) More...
 
error_t tlsSetCookieCallbacks (TlsContext *context, DtlsCookieGenerateCallback cookieGenerateCallback, DtlsCookieVerifyCallback cookieVerifyCallback, void *param)
 Set cookie generation/verification callbacks (for DTLS only) More...
 
error_t tlsEnableReplayDetection (TlsContext *context, bool_t enabled)
 Enable anti-replay mechanism (for DTLS only) More...
 
error_t tlsSetMaxEarlyDataSize (TlsContext *context, size_t maxEarlyDataSize)
 Send the maximum amount of 0-RTT data the server can accept. More...
 
error_t tlsWriteEarlyData (TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
 Send early data to the remote TLS server. More...
 
error_t tlsConnect (TlsContext *context)
 Initiate the TLS handshake. More...
 
TlsEarlyDataStatus tlsGetEarlyDataStatus (TlsContext *context)
 Check whether the server has accepted or rejected the early data. More...
 
error_t tlsWrite (TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
 Send application data to the remote host using TLS. More...
 
error_t tlsRead (TlsContext *context, void *data, size_t size, size_t *received, uint_t flags)
 Receive application data from a the remote host using TLS. More...
 
bool_t tlsIsTxReady (TlsContext *context)
 Check whether some data is ready for transmission. More...
 
bool_t tlsIsRxReady (TlsContext *context)
 Check whether some data is available in the receive buffer. More...
 
error_t tlsShutdown (TlsContext *context)
 Gracefully close TLS session. More...
 
error_t tlsShutdownEx (TlsContext *context, bool_t waitForCloseNotify)
 Gracefully close TLS session. More...
 
void tlsFree (TlsContext *context)
 Release TLS context. More...
 
error_t tlsInitSessionState (TlsSessionState *session)
 Initialize session state. More...
 
error_t tlsSaveSessionState (const TlsContext *context, TlsSessionState *session)
 Save TLS session. More...
 
error_t tlsRestoreSessionState (TlsContext *context, const TlsSessionState *session)
 Restore TLS session. More...
 
void tlsFreeSessionState (TlsSessionState *session)
 Properly dispose a session state. More...
 
TlsCachetlsInitCache (uint_t size)
 Session cache initialization. More...
 
void tlsFreeCache (TlsCache *cache)
 Properly dispose a session cache. More...
 

Variables

typedef __packed_struct
 Sequence number. More...
 
 TlsSequenceNumber
 
uint16_t value []
 
 TlsCipherSuites
 
 TlsCompressMethods
 
 TlsSignSchemeList
 
 TlsCertList
 
 TlsCertAuthorities
 
uint16_t length
 
 TlsExtension
 
 TlsExtensionList
 
 TlsSupportedVersionList
 
char_t hostname []
 
 TlsServerName
 
 TlsServerNameList
 
 TlsProtocolName
 
 TlsProtocolNameList
 
 TlsSupportedGroupList
 
 TlsEcPointFormatList
 
 TlsCertTypeList
 
 TlsRenegoInfo
 
 TlsPskIdentity
 
 TlsPskIdentityHint
 
 TlsDigitalSignature
 
 Tls12DigitalSignature
 
uint16_t version
 
uint8_t data []
 
 TlsRecord
 
 TlsHandshake
 
uint8_t random [32]
 
uint8_t sessionIdLen
 
uint8_t sessionId []
 
 TlsClientHello
 
 TlsServerHello
 
uint8_t certificateTypes []
 
 TlsCertificateRequest
 
uint16_t ticketLen
 
uint8_t ticket []
 
 TlsNewSessionTicket
 
 TlsChangeCipherSpec
 
uint8_t description
 
 TlsAlert
 
uint16_t cipherSuite
 Cipher suite identifier. More...
 
uint8_t secret [TLS_MASTER_SECRET_SIZE]
 Master secret. More...
 
systime_t ticketTimestamp
 Timestamp to manage ticket lifetime. More...
 
uint32_t ticketLifetime
 Lifetime of the ticket. More...
 
bool_t extendedMasterSecret
 Extended master secret computation. More...
 
 TlsPlaintextSessionState
 

Detailed Description

TLS (Transport Layer Security)

License

SPDX-License-Identifier: GPL-2.0-or-later

Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.

This file is part of CycloneSSL Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Author
Oryx Embedded SARL (www.oryx-embedded.com)
Version
2.4.0

Definition in file tls.h.

Macro Definition Documentation

◆ CYCLONE_SSL_MAJOR_VERSION

#define CYCLONE_SSL_MAJOR_VERSION   2

Definition at line 86 of file tls.h.

◆ CYCLONE_SSL_MINOR_VERSION

#define CYCLONE_SSL_MINOR_VERSION   4

Definition at line 88 of file tls.h.

◆ CYCLONE_SSL_REV_NUMBER

#define CYCLONE_SSL_REV_NUMBER   0

Definition at line 90 of file tls.h.

◆ CYCLONE_SSL_VERSION_STRING

#define CYCLONE_SSL_VERSION_STRING   "2.4.0"

Definition at line 84 of file tls.h.

◆ SSL_VERSION_3_0

#define SSL_VERSION_3_0   0x0300

Definition at line 93 of file tls.h.

◆ TLS_3DES_SUPPORT

#define TLS_3DES_SUPPORT   DISABLED

Definition at line 465 of file tls.h.

◆ TLS_AES_128_SUPPORT

#define TLS_AES_128_SUPPORT   ENABLED

Definition at line 472 of file tls.h.

◆ TLS_AES_256_SUPPORT

#define TLS_AES_256_SUPPORT   ENABLED

Definition at line 479 of file tls.h.

◆ TLS_ALPN_SUPPORT

#define TLS_ALPN_SUPPORT   DISABLED

Definition at line 192 of file tls.h.

◆ TLS_ARIA_128_SUPPORT

#define TLS_ARIA_128_SUPPORT   DISABLED

Definition at line 500 of file tls.h.

◆ TLS_ARIA_256_SUPPORT

#define TLS_ARIA_256_SUPPORT   DISABLED

Definition at line 507 of file tls.h.

◆ TLS_BRAINPOOLP256R1_SUPPORT

#define TLS_BRAINPOOLP256R1_SUPPORT   DISABLED

Definition at line 682 of file tls.h.

◆ TLS_BRAINPOOLP384R1_SUPPORT

#define TLS_BRAINPOOLP384R1_SUPPORT   DISABLED

Definition at line 689 of file tls.h.

◆ TLS_BRAINPOOLP512R1_SUPPORT

#define TLS_BRAINPOOLP512R1_SUPPORT   DISABLED

Definition at line 696 of file tls.h.

◆ TLS_CAMELLIA_128_SUPPORT

#define TLS_CAMELLIA_128_SUPPORT   DISABLED

Definition at line 486 of file tls.h.

◆ TLS_CAMELLIA_256_SUPPORT

#define TLS_CAMELLIA_256_SUPPORT   DISABLED

Definition at line 493 of file tls.h.

◆ TLS_CBC_CIPHER_SUPPORT

#define TLS_CBC_CIPHER_SUPPORT   ENABLED

Definition at line 409 of file tls.h.

◆ TLS_CCM_8_CIPHER_SUPPORT

#define TLS_CCM_8_CIPHER_SUPPORT   DISABLED

Definition at line 423 of file tls.h.

◆ TLS_CCM_CIPHER_SUPPORT

#define TLS_CCM_CIPHER_SUPPORT   DISABLED

Definition at line 416 of file tls.h.

◆ TLS_CERT_AUTHORITIES_SUPPORT

#define TLS_CERT_AUTHORITIES_SUPPORT   DISABLED

Definition at line 220 of file tls.h.

◆ TLS_CERT_KEY_USAGE_SUPPORT

#define TLS_CERT_KEY_USAGE_SUPPORT   ENABLED

Definition at line 724 of file tls.h.

◆ TLS_CHACHA20_POLY1305_SUPPORT

#define TLS_CHACHA20_POLY1305_SUPPORT   DISABLED

Definition at line 437 of file tls.h.

◆ TLS_CLIENT_HELLO_PADDING_SUPPORT

#define TLS_CLIENT_HELLO_PADDING_SUPPORT   ENABLED

Definition at line 213 of file tls.h.

◆ TLS_CLIENT_SUPPORT

#define TLS_CLIENT_SUPPORT   ENABLED

Definition at line 108 of file tls.h.

◆ TLS_DES_SUPPORT

#define TLS_DES_SUPPORT   DISABLED

Definition at line 458 of file tls.h.

◆ TLS_DH_ANON_KE_SUPPORT

#define TLS_DH_ANON_KE_SUPPORT   DISABLED

Definition at line 290 of file tls.h.

◆ TLS_DH_SUPPORT

#define TLS_DH_SUPPORT   ENABLED

Definition at line 858 of file tls.h.

◆ TLS_DHE_DSS_KE_SUPPORT

#define TLS_DHE_DSS_KE_SUPPORT   DISABLED

Definition at line 283 of file tls.h.

◆ TLS_DHE_PSK_KE_SUPPORT

#define TLS_DHE_PSK_KE_SUPPORT   DISABLED

Definition at line 332 of file tls.h.

◆ TLS_DHE_RSA_KE_SUPPORT

#define TLS_DHE_RSA_KE_SUPPORT   ENABLED

Definition at line 276 of file tls.h.

◆ TLS_DSA_SIGN_SUPPORT

#define TLS_DSA_SIGN_SUPPORT   DISABLED

Definition at line 360 of file tls.h.

◆ TLS_ECC_CALLBACK_SUPPORT

#define TLS_ECC_CALLBACK_SUPPORT   DISABLED

Definition at line 255 of file tls.h.

◆ TLS_ECDH_ANON_KE_SUPPORT

#define TLS_ECDH_ANON_KE_SUPPORT   DISABLED

Definition at line 311 of file tls.h.

◆ TLS_ECDH_SUPPORT

#define TLS_ECDH_SUPPORT   ENABLED

Definition at line 870 of file tls.h.

◆ TLS_ECDHE_ECDSA_KE_SUPPORT

#define TLS_ECDHE_ECDSA_KE_SUPPORT   ENABLED

Definition at line 304 of file tls.h.

◆ TLS_ECDHE_PSK_KE_SUPPORT

#define TLS_ECDHE_PSK_KE_SUPPORT   DISABLED

Definition at line 339 of file tls.h.

◆ TLS_ECDHE_RSA_KE_SUPPORT

#define TLS_ECDHE_RSA_KE_SUPPORT   ENABLED

Definition at line 297 of file tls.h.

◆ TLS_ECDSA_SIGN_SUPPORT

#define TLS_ECDSA_SIGN_SUPPORT   ENABLED

Definition at line 367 of file tls.h.

◆ TLS_ED25519_SIGN_SUPPORT

#define TLS_ED25519_SIGN_SUPPORT   DISABLED

Definition at line 381 of file tls.h.

◆ TLS_ED448_SIGN_SUPPORT

#define TLS_ED448_SIGN_SUPPORT   DISABLED

Definition at line 388 of file tls.h.

◆ TLS_ENCRYPT_THEN_MAC_SUPPORT

#define TLS_ENCRYPT_THEN_MAC_SUPPORT   DISABLED

Definition at line 199 of file tls.h.

◆ TLS_EXT_MASTER_SECRET_SUPPORT

#define TLS_EXT_MASTER_SECRET_SUPPORT   ENABLED

Definition at line 206 of file tls.h.

◆ TLS_FALLBACK_SCSV_SUPPORT

#define TLS_FALLBACK_SCSV_SUPPORT   DISABLED

Definition at line 248 of file tls.h.

◆ TLS_FFDHE2048_SUPPORT

#define TLS_FFDHE2048_SUPPORT   ENABLED

Definition at line 584 of file tls.h.

◆ TLS_FFDHE3072_SUPPORT

#define TLS_FFDHE3072_SUPPORT   DISABLED

Definition at line 591 of file tls.h.

◆ TLS_FFDHE4096_SUPPORT

#define TLS_FFDHE4096_SUPPORT   DISABLED

Definition at line 598 of file tls.h.

◆ TLS_FFDHE_SUPPORT

#define TLS_FFDHE_SUPPORT   DISABLED

Definition at line 577 of file tls.h.

◆ TLS_FLAG_BREAK

#define TLS_FLAG_BREAK (   c)    (TLS_FLAG_BREAK_CHAR | LSB(c))

Definition at line 999 of file tls.h.

◆ TLS_GCM_CIPHER_SUPPORT

#define TLS_GCM_CIPHER_SUPPORT   ENABLED

Definition at line 430 of file tls.h.

◆ TLS_IDEA_SUPPORT

#define TLS_IDEA_SUPPORT   DISABLED

Definition at line 451 of file tls.h.

◆ TLS_KEY_LOG_SUPPORT

#define TLS_KEY_LOG_SUPPORT   DISABLED

Definition at line 731 of file tls.h.

◆ TLS_MASTER_SECRET_SIZE

#define TLS_MASTER_SECRET_SIZE   48

Definition at line 794 of file tls.h.

◆ TLS_MAX_CERTIFICATES

#define TLS_MAX_CERTIFICATES   3

Definition at line 262 of file tls.h.

◆ TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES

#define TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES   5

Definition at line 822 of file tls.h.

◆ TLS_MAX_DH_MODULUS_SIZE

#define TLS_MAX_DH_MODULUS_SIZE   2048

Definition at line 759 of file tls.h.

◆ TLS_MAX_DSA_MODULUS_SIZE

#define TLS_MAX_DSA_MODULUS_SIZE   4096

Definition at line 787 of file tls.h.

◆ TLS_MAX_EMPTY_RECORDS

#define TLS_MAX_EMPTY_RECORDS   10

Definition at line 815 of file tls.h.

◆ TLS_MAX_FRAG_LEN_SUPPORT

#define TLS_MAX_FRAG_LEN_SUPPORT   DISABLED

Definition at line 178 of file tls.h.

◆ TLS_MAX_HKDF_DIGEST_SIZE

#define TLS_MAX_HKDF_DIGEST_SIZE   48

Definition at line 906 of file tls.h.

◆ TLS_MAX_KEY_UPDATE_MESSAGES

#define TLS_MAX_KEY_UPDATE_MESSAGES   5

Definition at line 829 of file tls.h.

◆ TLS_MAX_PASSWORD_LEN

#define TLS_MAX_PASSWORD_LEN   32

Definition at line 745 of file tls.h.

◆ TLS_MAX_RECORD_LENGTH

#define TLS_MAX_RECORD_LENGTH   16384

Definition at line 919 of file tls.h.

◆ TLS_MAX_RECORD_OVERHEAD

#define TLS_MAX_RECORD_OVERHEAD   512

Definition at line 921 of file tls.h.

◆ TLS_MAX_RSA_MODULUS_SIZE

#define TLS_MAX_RSA_MODULUS_SIZE   4096

Definition at line 773 of file tls.h.

◆ TLS_MAX_SERVER_NAME_LEN

#define TLS_MAX_SERVER_NAME_LEN   255

Definition at line 738 of file tls.h.

◆ TLS_MAX_TICKET_SIZE

#define TLS_MAX_TICKET_SIZE   1024

Definition at line 157 of file tls.h.

◆ TLS_MAX_VERSION

#define TLS_MAX_VERSION   TLS_VERSION_1_3

Definition at line 129 of file tls.h.

◆ TLS_MAX_WARNING_ALERTS

#define TLS_MAX_WARNING_ALERTS   5

Definition at line 808 of file tls.h.

◆ TLS_MD5_SUPPORT

#define TLS_MD5_SUPPORT   DISABLED

Definition at line 528 of file tls.h.

◆ TLS_MIN_DH_MODULUS_SIZE

#define TLS_MIN_DH_MODULUS_SIZE   1024

Definition at line 752 of file tls.h.

◆ TLS_MIN_DSA_MODULUS_SIZE

#define TLS_MIN_DSA_MODULUS_SIZE   1024

Definition at line 780 of file tls.h.

◆ TLS_MIN_RECORD_LENGTH

#define TLS_MIN_RECORD_LENGTH   512

Definition at line 917 of file tls.h.

◆ TLS_MIN_RSA_MODULUS_SIZE

#define TLS_MIN_RSA_MODULUS_SIZE   1024

Definition at line 766 of file tls.h.

◆ TLS_MIN_VERSION

#define TLS_MIN_VERSION   TLS_VERSION_1_2

Definition at line 122 of file tls.h.

◆ TLS_NULL_CIPHER_SUPPORT

#define TLS_NULL_CIPHER_SUPPORT   DISABLED

Definition at line 395 of file tls.h.

◆ TLS_PREMASTER_SECRET_SIZE

#define TLS_PREMASTER_SECRET_SIZE   (TLS_MAX_DH_MODULUS_SIZE / 8)

Definition at line 801 of file tls.h.

◆ TLS_PRIVATE_CONTEXT

#define TLS_PRIVATE_CONTEXT

Definition at line 836 of file tls.h.

◆ TLS_PRIVATE_ENCRYPTION_ENGINE

#define TLS_PRIVATE_ENCRYPTION_ENGINE

Definition at line 841 of file tls.h.

◆ TLS_PSK_KE_SUPPORT

#define TLS_PSK_KE_SUPPORT   DISABLED

Definition at line 318 of file tls.h.

◆ TLS_PSK_SUPPORT

#define TLS_PSK_SUPPORT   ENABLED

Definition at line 895 of file tls.h.

◆ TLS_RANDOM_SIZE

#define TLS_RANDOM_SIZE   32

Definition at line 923 of file tls.h.

◆ TLS_RAW_PUBLIC_KEY_SUPPORT

#define TLS_RAW_PUBLIC_KEY_SUPPORT   DISABLED

Definition at line 234 of file tls.h.

◆ TLS_RC4_SUPPORT

#define TLS_RC4_SUPPORT   DISABLED

Definition at line 444 of file tls.h.

◆ TLS_RECORD_SIZE_LIMIT_SUPPORT

#define TLS_RECORD_SIZE_LIMIT_SUPPORT   ENABLED

Definition at line 185 of file tls.h.

◆ TLS_RSA_KE_SUPPORT

#define TLS_RSA_KE_SUPPORT   ENABLED

Definition at line 269 of file tls.h.

◆ TLS_RSA_PSK_KE_SUPPORT

#define TLS_RSA_PSK_KE_SUPPORT   DISABLED

Definition at line 325 of file tls.h.

◆ TLS_RSA_PSS_SIGN_SUPPORT

#define TLS_RSA_PSS_SIGN_SUPPORT   ENABLED

Definition at line 353 of file tls.h.

◆ TLS_RSA_SIGN_SUPPORT

#define TLS_RSA_SIGN_SUPPORT   ENABLED

Definition at line 346 of file tls.h.

◆ TLS_RSA_SUPPORT

#define TLS_RSA_SUPPORT   ENABLED

Definition at line 883 of file tls.h.

◆ TLS_SECP160K1_SUPPORT

#define TLS_SECP160K1_SUPPORT   DISABLED

Definition at line 605 of file tls.h.

◆ TLS_SECP160R1_SUPPORT

#define TLS_SECP160R1_SUPPORT   DISABLED

Definition at line 612 of file tls.h.

◆ TLS_SECP160R2_SUPPORT

#define TLS_SECP160R2_SUPPORT   DISABLED

Definition at line 619 of file tls.h.

◆ TLS_SECP192K1_SUPPORT

#define TLS_SECP192K1_SUPPORT   DISABLED

Definition at line 626 of file tls.h.

◆ TLS_SECP192R1_SUPPORT

#define TLS_SECP192R1_SUPPORT   DISABLED

Definition at line 633 of file tls.h.

◆ TLS_SECP224K1_SUPPORT

#define TLS_SECP224K1_SUPPORT   DISABLED

Definition at line 640 of file tls.h.

◆ TLS_SECP224R1_SUPPORT

#define TLS_SECP224R1_SUPPORT   DISABLED

Definition at line 647 of file tls.h.

◆ TLS_SECP256K1_SUPPORT

#define TLS_SECP256K1_SUPPORT   DISABLED

Definition at line 654 of file tls.h.

◆ TLS_SECP256R1_SUPPORT

#define TLS_SECP256R1_SUPPORT   ENABLED

Definition at line 661 of file tls.h.

◆ TLS_SECP384R1_SUPPORT

#define TLS_SECP384R1_SUPPORT   ENABLED

Definition at line 668 of file tls.h.

◆ TLS_SECP521R1_SUPPORT

#define TLS_SECP521R1_SUPPORT   DISABLED

Definition at line 675 of file tls.h.

◆ TLS_SECURE_RENEGOTIATION_SUPPORT

#define TLS_SECURE_RENEGOTIATION_SUPPORT   ENABLED

Definition at line 241 of file tls.h.

◆ TLS_SEED_SUPPORT

#define TLS_SEED_SUPPORT   DISABLED

Definition at line 514 of file tls.h.

◆ TLS_SERVER_SUPPORT

#define TLS_SERVER_SUPPORT   ENABLED

Definition at line 115 of file tls.h.

◆ TLS_SESSION_CACHE_LIFETIME

#define TLS_SESSION_CACHE_LIFETIME   3600000

Definition at line 143 of file tls.h.

◆ TLS_SESSION_RESUME_SUPPORT

#define TLS_SESSION_RESUME_SUPPORT   ENABLED

Definition at line 136 of file tls.h.

◆ TLS_SHA1_SUPPORT

#define TLS_SHA1_SUPPORT   ENABLED

Definition at line 535 of file tls.h.

◆ TLS_SHA224_SUPPORT

#define TLS_SHA224_SUPPORT   DISABLED

Definition at line 542 of file tls.h.

◆ TLS_SHA256_SUPPORT

#define TLS_SHA256_SUPPORT   ENABLED

Definition at line 549 of file tls.h.

◆ TLS_SHA384_SUPPORT

#define TLS_SHA384_SUPPORT   ENABLED

Definition at line 556 of file tls.h.

◆ TLS_SHA512_SUPPORT

#define TLS_SHA512_SUPPORT   DISABLED

Definition at line 563 of file tls.h.

◆ TLS_SIGN_ALGOS_CERT_SUPPORT

#define TLS_SIGN_ALGOS_CERT_SUPPORT   DISABLED

Definition at line 227 of file tls.h.

◆ TLS_SIGN_SCHEME

#define TLS_SIGN_SCHEME (   signAlgo,
  hashAlgo 
)     ((TlsSignatureScheme) (((hashAlgo) << 8) | (signAlgo)))

Definition at line 926 of file tls.h.

◆ TLS_SM2_SIGN_SUPPORT

#define TLS_SM2_SIGN_SUPPORT   DISABLED

Definition at line 374 of file tls.h.

◆ TLS_SM2_SUPPORT

#define TLS_SM2_SUPPORT   DISABLED

Definition at line 703 of file tls.h.

◆ TLS_SM3_SUPPORT

#define TLS_SM3_SUPPORT   DISABLED

Definition at line 570 of file tls.h.

◆ TLS_SM4_SUPPORT

#define TLS_SM4_SUPPORT   DISABLED

Definition at line 521 of file tls.h.

◆ TLS_SNI_SUPPORT

#define TLS_SNI_SUPPORT   ENABLED

Definition at line 171 of file tls.h.

◆ TLS_STREAM_CIPHER_SUPPORT

#define TLS_STREAM_CIPHER_SUPPORT   DISABLED

Definition at line 402 of file tls.h.

◆ TLS_SUPPORT

#define TLS_SUPPORT   ENABLED

Definition at line 101 of file tls.h.

◆ TLS_TICKET_LIFETIME

#define TLS_TICKET_LIFETIME   3600000

Definition at line 164 of file tls.h.

◆ TLS_TICKET_SUPPORT

#define TLS_TICKET_SUPPORT   DISABLED

Definition at line 150 of file tls.h.

◆ TLS_VERSION_1_0

#define TLS_VERSION_1_0   0x0301

Definition at line 94 of file tls.h.

◆ TLS_VERSION_1_1

#define TLS_VERSION_1_1   0x0302

Definition at line 95 of file tls.h.

◆ TLS_VERSION_1_2

#define TLS_VERSION_1_2   0x0303

Definition at line 96 of file tls.h.

◆ TLS_VERSION_1_3

#define TLS_VERSION_1_3   0x0304

Definition at line 97 of file tls.h.

◆ TLS_X25519_SUPPORT

#define TLS_X25519_SUPPORT   DISABLED

Definition at line 710 of file tls.h.

◆ TLS_X448_SUPPORT

#define TLS_X448_SUPPORT   DISABLED

Definition at line 717 of file tls.h.

◆ tlsAllocMem

#define tlsAllocMem (   size)    osAllocMem(size)

Definition at line 846 of file tls.h.

◆ TlsContext

#define TlsContext   struct _TlsContext

Definition at line 36 of file tls.h.

◆ TlsEncryptionEngine

#define TlsEncryptionEngine   struct _TlsEncryptionEngine

Definition at line 40 of file tls.h.

◆ tlsFreeMem

#define tlsFreeMem (   p)    osFreeMem(p)

Definition at line 851 of file tls.h.

◆ tlsSetSocket

#define tlsSetSocket (   context,
  socket 
)
Value:
tlsSetSocketCallbacks(context, \
(TlsSocketSendCallback) socketSend, (TlsSocketReceiveCallback) socketReceive, \
(TlsSocketHandle) socket)
socket
int_t socket(int_t family, int_t type, int_t protocol)
Create a socket that is bound to a specific transport service provider.
Definition: bsd_socket.c:65
socketReceive
error_t socketReceive(Socket *socket, void *data, size_t size, size_t *received, uint_t flags)
Receive data from a connected socket.
Definition: socket.c:1152
socketSend
error_t socketSend(Socket *socket, const void *data, size_t length, size_t *written, uint_t flags)
Send data to a connected socket.
Definition: socket.c:946
TlsSocketSendCallback
error_t(* TlsSocketSendCallback)(TlsSocketHandle handle, const void *data, size_t length, size_t *written, uint_t flags)
Socket send callback function.
Definition: tls.h:1902
TlsSocketReceiveCallback
error_t(* TlsSocketReceiveCallback)(TlsSocketHandle handle, void *data, size_t size, size_t *received, uint_t flags)
Socket receive callback function.
Definition: tls.h:1910
TlsSocketHandle
void * TlsSocketHandle
Socket handle.
Definition: tls.h:1888
tlsSetSocketCallbacks
error_t tlsSetSocketCallbacks(TlsContext *context, TlsSocketSendCallback socketSendCallback, TlsSocketReceiveCallback socketReceiveCallback, TlsSocketHandle handle)
Set socket send and receive callbacks.
Definition: tls.c:248

Definition at line 912 of file tls.h.

Typedef Documentation

◆ TlsAlpnCallback

typedef error_t(* TlsAlpnCallback) (TlsContext *context, const char_t *selectedProtocol)

ALPN callback function.

Definition at line 1918 of file tls.h.

◆ TlsCertificate

typedef void TlsCertificate

Certificate message.

Definition at line 1777 of file tls.h.

◆ TlsCertificateVerify

typedef void TlsCertificateVerify

CertificateVerify message.

Definition at line 1816 of file tls.h.

◆ TlsCertVerifyCallback

typedef error_t(* TlsCertVerifyCallback) (TlsContext *context, const X509CertInfo *certInfo, uint_t pathLen, void *param)

Certificate verification callback function.

Definition at line 1934 of file tls.h.

◆ TlsClientKeyExchange

typedef void TlsClientKeyExchange

ClientKeyExchange message.

Definition at line 1809 of file tls.h.

◆ TlsEcdhCallback

typedef error_t(* TlsEcdhCallback) (TlsContext *context)

ECDH key agreement callback function.

Definition at line 1968 of file tls.h.

◆ TlsEcdsaSignCallback

typedef error_t(* TlsEcdsaSignCallback) (TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)

ECDSA signature generation callback function.

Definition at line 1975 of file tls.h.

◆ TlsEcdsaVerifyCallback

typedef error_t(* TlsEcdsaVerifyCallback) (TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)

ECDSA signature verification callback function.

Definition at line 1983 of file tls.h.

◆ TlsFinished

typedef void TlsFinished

Finished message.

Definition at line 1835 of file tls.h.

◆ TlsHelloRequest

typedef void TlsHelloRequest

HelloRequest message.

Definition at line 1744 of file tls.h.

◆ TlsKeyLogCallback

typedef void(* TlsKeyLogCallback) (TlsContext *context, const char_t *key)

Key logging callback function (for debugging purpose only)

Definition at line 1991 of file tls.h.

◆ TlsPskCallback

typedef error_t(* TlsPskCallback) (TlsContext *context, const uint8_t *pskIdentity, size_t pskIdentityLen)

Pre-shared key callback function.

Definition at line 1926 of file tls.h.

◆ TlsRpkVerifyCallback

typedef error_t(* TlsRpkVerifyCallback) (TlsContext *context, const uint8_t *rawPublicKey, size_t rawPublicKeyLen)

Raw public key verification callback function.

Definition at line 1942 of file tls.h.

◆ TlsServerHelloDone

typedef void TlsServerHelloDone

ServerHelloDone message.

Definition at line 1802 of file tls.h.

◆ TlsServerKeyExchange

typedef void TlsServerKeyExchange

ServerKeyExchange message.

Definition at line 1784 of file tls.h.

◆ TlsSocketHandle

typedef void* TlsSocketHandle

Socket handle.

Definition at line 1888 of file tls.h.

◆ TlsSocketReceiveCallback

typedef error_t(* TlsSocketReceiveCallback) (TlsSocketHandle handle, void *data, size_t size, size_t *received, uint_t flags)

Socket receive callback function.

Definition at line 1910 of file tls.h.

◆ TlsSocketSendCallback

typedef error_t(* TlsSocketSendCallback) (TlsSocketHandle handle, const void *data, size_t length, size_t *written, uint_t flags)

Socket send callback function.

Definition at line 1902 of file tls.h.

◆ TlsStateChangeCallback

typedef void(* TlsStateChangeCallback) (TlsContext *context, TlsState state)

TLS state change callback.

Definition at line 1895 of file tls.h.

◆ TlsTicketDecryptCallback

typedef error_t(* TlsTicketDecryptCallback) (TlsContext *context, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen, void *param)

Ticket decryption callback function.

Definition at line 1959 of file tls.h.

◆ TlsTicketEncryptCallback

typedef error_t(* TlsTicketEncryptCallback) (TlsContext *context, const uint8_t *plaintext, size_t plaintextLen, uint8_t *ciphertext, size_t *ciphertextLen, void *param)

Ticket encryption callback function.

Definition at line 1950 of file tls.h.

Enumeration Type Documentation

◆ TlsAlertDescription

enum TlsAlertDescription

Alert description.

Enumerator
TLS_ALERT_CLOSE_NOTIFY 
TLS_ALERT_UNEXPECTED_MESSAGE 
TLS_ALERT_BAD_RECORD_MAC 
TLS_ALERT_DECRYPTION_FAILED 
TLS_ALERT_RECORD_OVERFLOW 
TLS_ALERT_DECOMPRESSION_FAILURE 
TLS_ALERT_HANDSHAKE_FAILURE 
TLS_ALERT_NO_CERTIFICATE 
TLS_ALERT_BAD_CERTIFICATE 
TLS_ALERT_UNSUPPORTED_CERTIFICATE 
TLS_ALERT_CERTIFICATE_REVOKED 
TLS_ALERT_CERTIFICATE_EXPIRED 
TLS_ALERT_CERTIFICATE_UNKNOWN 
TLS_ALERT_ILLEGAL_PARAMETER 
TLS_ALERT_UNKNOWN_CA 
TLS_ALERT_ACCESS_DENIED 
TLS_ALERT_DECODE_ERROR 
TLS_ALERT_DECRYPT_ERROR 
TLS_ALERT_TOO_MANY_CIDS_REQUESTED 
TLS_ALERT_EXPORT_RESTRICTION 
TLS_ALERT_PROTOCOL_VERSION 
TLS_ALERT_INSUFFICIENT_SECURITY 
TLS_ALERT_INTERNAL_ERROR 
TLS_ALERT_INAPPROPRIATE_FALLBACK 
TLS_ALERT_USER_CANCELED 
TLS_ALERT_NO_RENEGOTIATION 
TLS_ALERT_MISSING_EXTENSION 
TLS_ALERT_UNSUPPORTED_EXTENSION 
TLS_ALERT_CERTIFICATE_UNOBTAINABLE 
TLS_ALERT_UNRECOGNIZED_NAME 
TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE 
TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE 
TLS_ALERT_UNKNOWN_PSK_IDENTITY 
TLS_ALERT_CERTIFICATE_REQUIRED 
TLS_ALERT_NO_APPLICATION_PROTOCOL 

Definition at line 1067 of file tls.h.

◆ TlsAlertLevel

enum TlsAlertLevel

Alert level.

Enumerator
TLS_ALERT_LEVEL_WARNING 
TLS_ALERT_LEVEL_FATAL 

Definition at line 1056 of file tls.h.

◆ TlsCertificateFormat

enum TlsCertificateFormat

Certificate formats.

Enumerator
TLS_CERT_FORMAT_X509 
TLS_CERT_FORMAT_OPENPGP 
TLS_CERT_FORMAT_RAW_PUBLIC_KEY 
TLS_CERT_FORMAT_1609DOT2 

Definition at line 1155 of file tls.h.

◆ TlsCertificateType

enum TlsCertificateType

Certificate types.

Enumerator
TLS_CERT_NONE 
TLS_CERT_RSA_SIGN 
TLS_CERT_DSS_SIGN 
TLS_CERT_RSA_FIXED_DH 
TLS_CERT_DSS_FIXED_DH 
TLS_CERT_RSA_EPHEMERAL_DH 
TLS_CERT_DSS_EPHEMERAL_DH 
TLS_CERT_FORTEZZA_DMS 
TLS_CERT_ECDSA_SIGN 
TLS_CERT_RSA_FIXED_ECDH 
TLS_CERT_ECDSA_FIXED_ECDH 
TLS_CERT_GOST_SIGN256 
TLS_CERT_GOST_SIGN512 
TLS_CERT_RSA_PSS_SIGN 
TLS_CERT_SM2_SIGN 
TLS_CERT_ED25519_SIGN 
TLS_CERT_ED448_SIGN 

Definition at line 1168 of file tls.h.

◆ TlsClientAuthMode

enum TlsClientAuthMode

Client authentication mode.

Enumerator
TLS_CLIENT_AUTH_NONE 
TLS_CLIENT_AUTH_OPTIONAL 
TLS_CLIENT_AUTH_REQUIRED 

Definition at line 962 of file tls.h.

◆ TlsCompressMethod

enum TlsCompressMethod

Compression methods.

Enumerator
TLS_COMPRESSION_METHOD_NULL 
TLS_COMPRESSION_METHOD_DEFLATE 

Definition at line 1111 of file tls.h.

◆ TlsConnectionEnd

enum TlsConnectionEnd

TLS connection end.

Enumerator
TLS_CONNECTION_END_CLIENT 
TLS_CONNECTION_END_SERVER 

Definition at line 951 of file tls.h.

◆ TlsContentType

enum TlsContentType

Content type.

Enumerator
TLS_TYPE_NONE 
TLS_TYPE_CHANGE_CIPHER_SPEC 
TLS_TYPE_ALERT 
TLS_TYPE_HANDSHAKE 
TLS_TYPE_APPLICATION_DATA 
TLS_TYPE_HEARTBEAT 
TLS_TYPE_TLS12_CID 
TLS_TYPE_ACK 

Definition at line 1006 of file tls.h.

◆ TlsEarlyDataStatus

enum TlsEarlyDataStatus

Early data status.

Enumerator
TLS_EARLY_DATA_REJECTED 
TLS_EARLY_DATA_ACCEPTED 

Definition at line 974 of file tls.h.

◆ TlsEcCurveType

enum TlsEcCurveType

EC curve types.

Enumerator
TLS_EC_CURVE_TYPE_EXPLICIT_PRIME 
TLS_EC_CURVE_TYPE_EXPLICIT_CHAR2 
TLS_EC_CURVE_TYPE_NAMED_CURVE 

Definition at line 1424 of file tls.h.

◆ TlsEcPointFormat

enum TlsEcPointFormat

EC point formats.

Enumerator
TLS_EC_POINT_FORMAT_UNCOMPRESSED 
TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_PRIME 
TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_CHAR2 

Definition at line 1412 of file tls.h.

◆ TlsExtensionType

enum TlsExtensionType

TLS extension types.

Enumerator
TLS_EXT_SERVER_NAME 
TLS_EXT_MAX_FRAGMENT_LENGTH 
TLS_EXT_CLIENT_CERTIFICATE_URL 
TLS_EXT_TRUSTED_CA_KEYS 
TLS_EXT_TRUNCATED_HMAC 
TLS_EXT_STATUS_REQUEST 
TLS_EXT_USER_MAPPING 
TLS_EXT_CLIENT_AUTHZ 
TLS_EXT_SERVER_AUTHZ 
TLS_EXT_CERT_TYPE 
TLS_EXT_SUPPORTED_GROUPS 
TLS_EXT_EC_POINT_FORMATS 
TLS_EXT_SRP 
TLS_EXT_SIGNATURE_ALGORITHMS 
TLS_EXT_USE_SRTP 
TLS_EXT_HEARTBEAT 
TLS_EXT_ALPN 
TLS_EXT_STATUS_REQUEST_V2 
TLS_EXT_SIGNED_CERT_TIMESTAMP 
TLS_EXT_CLIENT_CERT_TYPE 
TLS_EXT_SERVER_CERT_TYPE 
TLS_EXT_PADDING 
TLS_EXT_ENCRYPT_THEN_MAC 
TLS_EXT_EXTENDED_MASTER_SECRET 
TLS_EXT_TOKEN_BINDING 
TLS_EXT_CACHED_INFO 
TLS_EXT_COMPRESS_CERTIFICATE 
TLS_EXT_RECORD_SIZE_LIMIT 
TLS_EXT_PWD_PROTECT 
TLS_EXT_PWD_CLEAR 
TLS_EXT_PASSWORD_SALT 
TLS_EXT_TICKET_PINNING 
TLS_EXT_TLS_CERT_WITH_EXTERN_PSK 
TLS_EXT_SESSION_TICKET 
TLS_EXT_SUPPORTED_EKT_CIPHERS 
TLS_EXT_PRE_SHARED_KEY 
TLS_EXT_EARLY_DATA 
TLS_EXT_SUPPORTED_VERSIONS 
TLS_EXT_COOKIE 
TLS_EXT_PSK_KEY_EXCHANGE_MODES 
TLS_EXT_CERTIFICATE_AUTHORITIES 
TLS_EXT_OID_FILTERS 
TLS_EXT_POST_HANDSHAKE_AUTH 
TLS_EXT_SIGNATURE_ALGORITHMS_CERT 
TLS_EXT_KEY_SHARE 
TLS_EXT_TRANSPARENCY_INFO 
TLS_EXT_CONNECTION_ID 
TLS_EXT_EXTERNAL_ID_HASH 
TLS_EXT_EXTERNAL_SESSION_ID 
TLS_EXT_QUIC_TRANSPORT_PARAMETERS 
TLS_EXT_TICKET_REQUEST 
TLS_EXT_DNSSEC_CHAIN 
TLS_EXT_RENEGOTIATION_INFO 

Definition at line 1266 of file tls.h.

◆ TlsFlags

enum TlsFlags

Flags used by read and write functions.

Enumerator
TLS_FLAG_PEEK 
TLS_FLAG_WAIT_ALL 
TLS_FLAG_BREAK_CHAR 
TLS_FLAG_BREAK_CRLF 
TLS_FLAG_WAIT_ACK 
TLS_FLAG_NO_DELAY 
TLS_FLAG_DELAY 

Definition at line 985 of file tls.h.

◆ TlsHashAlgo

enum TlsHashAlgo

Hash algorithms.

Enumerator
TLS_HASH_ALGO_NONE 
TLS_HASH_ALGO_MD5 
TLS_HASH_ALGO_SHA1 
TLS_HASH_ALGO_SHA224 
TLS_HASH_ALGO_SHA256 
TLS_HASH_ALGO_SHA384 
TLS_HASH_ALGO_SHA512 
TLS_HASH_ALGO_INTRINSIC 
TLS_HASH_ALGO_SM3 

Definition at line 1194 of file tls.h.

◆ TlsKeyExchMethod

enum TlsKeyExchMethod

Key exchange methods.

Enumerator
TLS_KEY_EXCH_NONE 
TLS_KEY_EXCH_RSA 
TLS_KEY_EXCH_DH_RSA 
TLS_KEY_EXCH_DHE_RSA 
TLS_KEY_EXCH_DH_DSS 
TLS_KEY_EXCH_DHE_DSS 
TLS_KEY_EXCH_DH_ANON 
TLS_KEY_EXCH_ECDH_RSA 
TLS_KEY_EXCH_ECDHE_RSA 
TLS_KEY_EXCH_ECDH_ECDSA 
TLS_KEY_EXCH_ECDHE_ECDSA 
TLS_KEY_EXCH_ECDH_ANON 
TLS_KEY_EXCH_PSK 
TLS_KEY_EXCH_RSA_PSK 
TLS_KEY_EXCH_DHE_PSK 
TLS_KEY_EXCH_ECDHE_PSK 
TLS_KEY_EXCH_SRP_SHA 
TLS_KEY_EXCH_SRP_SHA_RSA 
TLS_KEY_EXCH_SRP_SHA_DSS 
TLS13_KEY_EXCH_DHE 
TLS13_KEY_EXCH_ECDHE 
TLS13_KEY_EXCH_PSK 
TLS13_KEY_EXCH_PSK_DHE 
TLS13_KEY_EXCH_PSK_ECDHE 

Definition at line 1122 of file tls.h.

◆ TlsMaxFragmentLength

enum TlsMaxFragmentLength

Maximum fragment length.

Enumerator
TLS_MAX_FRAGMENT_LENGTH_512 
TLS_MAX_FRAGMENT_LENGTH_1024 
TLS_MAX_FRAGMENT_LENGTH_2048 
TLS_MAX_FRAGMENT_LENGTH_4096 

Definition at line 1338 of file tls.h.

◆ TlsMessageType

enum TlsMessageType

Handshake message type.

Enumerator
TLS_TYPE_HELLO_REQUEST 
TLS_TYPE_CLIENT_HELLO 
TLS_TYPE_SERVER_HELLO 
TLS_TYPE_HELLO_VERIFY_REQUEST 
TLS_TYPE_NEW_SESSION_TICKET 
TLS_TYPE_END_OF_EARLY_DATA 
TLS_TYPE_HELLO_RETRY_REQUEST 
TLS_TYPE_ENCRYPTED_EXTENSIONS 
TLS_TYPE_REQUEST_CONNECTION_ID 
TLS_TYPE_NEW_CONNECTION_ID 
TLS_TYPE_CERTIFICATE 
TLS_TYPE_SERVER_KEY_EXCHANGE 
TLS_TYPE_CERTIFICATE_REQUEST 
TLS_TYPE_SERVER_HELLO_DONE 
TLS_TYPE_CERTIFICATE_VERIFY 
TLS_TYPE_CLIENT_KEY_EXCHANGE 
TLS_TYPE_FINISHED 
TLS_TYPE_CERTIFICATE_URL 
TLS_TYPE_CERTIFICATE_STATUS 
TLS_TYPE_SUPPLEMENTAL_DATA 
TLS_TYPE_KEY_UPDATE 
TLS_TYPE_COMPRESSED_CERTIFICATE 
TLS_TYPE_EKT_KEY 
TLS_TYPE_MESSAGE_HASH 

Definition at line 1023 of file tls.h.

◆ TlsNamedGroup

enum TlsNamedGroup

Named groups.

Enumerator
TLS_GROUP_NONE 
TLS_GROUP_SECT163K1 
TLS_GROUP_SECT163R1 
TLS_GROUP_SECT163R2 
TLS_GROUP_SECT193R1 
TLS_GROUP_SECT193R2 
TLS_GROUP_SECT233K1 
TLS_GROUP_SECT233R1 
TLS_GROUP_SECT239K1 
TLS_GROUP_SECT283K1 
TLS_GROUP_SECT283R1 
TLS_GROUP_SECT409K1 
TLS_GROUP_SECT409R1 
TLS_GROUP_SECT571K1 
TLS_GROUP_SECT571R1 
TLS_GROUP_SECP160K1 
TLS_GROUP_SECP160R1 
TLS_GROUP_SECP160R2 
TLS_GROUP_SECP192K1 
TLS_GROUP_SECP192R1 
TLS_GROUP_SECP224K1 
TLS_GROUP_SECP224R1 
TLS_GROUP_SECP256K1 
TLS_GROUP_SECP256R1 
TLS_GROUP_SECP384R1 
TLS_GROUP_SECP521R1 
TLS_GROUP_BRAINPOOLP256R1 
TLS_GROUP_BRAINPOOLP384R1 
TLS_GROUP_BRAINPOOLP512R1 
TLS_GROUP_ECDH_X25519 
TLS_GROUP_ECDH_X448 
TLS_GROUP_BRAINPOOLP256R1_TLS13 
TLS_GROUP_BRAINPOOLP384R1_TLS13 
TLS_GROUP_BRAINPOOLP512R1_TLS13 
TLS_GROUP_GC256A 
TLS_GROUP_GC256B 
TLS_GROUP_GC256C 
TLS_GROUP_GC256D 
TLS_GROUP_GC512A 
TLS_GROUP_GC512B 
TLS_GROUP_GC512C 
TLS_GROUP_SM2 
TLS_GROUP_FFDHE2048 
TLS_GROUP_FFDHE3072 
TLS_GROUP_FFDHE4096 
TLS_GROUP_FFDHE6144 
TLS_GROUP_FFDHE8192 
TLS_GROUP_FFDHE_MAX 
TLS_GROUP_X25519_KYBER768_DRAFT00 
TLS_GROUP_SECP256R1_KYBER768_DRAFT00 
TLS_GROUP_EXPLICIT_PRIME_CURVE 
TLS_GROUP_EXPLICIT_CHAR2_CURVE 

Definition at line 1351 of file tls.h.

◆ TlsNameType

enum TlsNameType

Name type.

Enumerator
TLS_NAME_TYPE_HOSTNAME 

Definition at line 1328 of file tls.h.

◆ TlsSignatureAlgo

enum TlsSignatureAlgo

Signature algorithms.

Enumerator
TLS_SIGN_ALGO_ANONYMOUS 
TLS_SIGN_ALGO_RSA 
TLS_SIGN_ALGO_DSA 
TLS_SIGN_ALGO_ECDSA 
TLS_SIGN_ALGO_ED25519 
TLS_SIGN_ALGO_ED448 
TLS_SIGN_ALGO_GOSTR34102012_256 
TLS_SIGN_ALGO_GOSTR34102012_512 

Definition at line 1212 of file tls.h.

◆ TlsSignatureScheme

enum TlsSignatureScheme

Signature schemes.

Enumerator
TLS_SIGN_SCHEME_NONE 
TLS_SIGN_SCHEME_RSA_PKCS1_SHA1 
TLS_SIGN_SCHEME_RSA_PKCS1_SHA256 
TLS_SIGN_SCHEME_RSA_PKCS1_SHA384 
TLS_SIGN_SCHEME_RSA_PKCS1_SHA512 
TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256 
TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384 
TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512 
TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256 
TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384 
TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512 
TLS_SIGN_SCHEME_ECDSA_SHA1 
TLS_SIGN_SCHEME_ECDSA_SECP256R1_SHA256 
TLS_SIGN_SCHEME_ECDSA_SECP384R1_SHA384 
TLS_SIGN_SCHEME_ECDSA_SECP521R1_SHA512 
TLS_SIGN_SCHEME_ECDSA_BP256R1_TLS13_SHA256 
TLS_SIGN_SCHEME_ECDSA_BP384R1_TLS13_SHA384 
TLS_SIGN_SCHEME_ECDSA_BP512R1_TLS13_SHA512 
TLS_SIGN_SCHEME_SM2SIG_SM3 
TLS_SIGN_SCHEME_ED25519 
TLS_SIGN_SCHEME_ED448 
TLS_SIGN_SCHEME_GOSTR34102012_256A 
TLS_SIGN_SCHEME_GOSTR34102012_256B 
TLS_SIGN_SCHEME_GOSTR34102012_256C 
TLS_SIGN_SCHEME_GOSTR34102012_256D 
TLS_SIGN_SCHEME_GOSTR34102012_512A 
TLS_SIGN_SCHEME_GOSTR34102012_512B 
TLS_SIGN_SCHEME_GOSTR34102012_512C 

Definition at line 1229 of file tls.h.

◆ TlsState

enum TlsState

TLS FSM states.

Enumerator
TLS_STATE_INIT 
TLS_STATE_CLIENT_HELLO 
TLS_STATE_CLIENT_HELLO_2 
TLS_STATE_EARLY_DATA 
TLS_STATE_HELLO_VERIFY_REQUEST 
TLS_STATE_HELLO_RETRY_REQUEST 
TLS_STATE_SERVER_HELLO 
TLS_STATE_SERVER_HELLO_2 
TLS_STATE_SERVER_HELLO_3 
TLS_STATE_HANDSHAKE_TRAFFIC_KEYS 
TLS_STATE_ENCRYPTED_EXTENSIONS 
TLS_STATE_SERVER_CERTIFICATE 
TLS_STATE_SERVER_KEY_EXCHANGE 
TLS_STATE_SERVER_CERTIFICATE_VERIFY 
TLS_STATE_CERTIFICATE_REQUEST 
TLS_STATE_SERVER_HELLO_DONE 
TLS_STATE_CLIENT_CERTIFICATE 
TLS_STATE_CLIENT_KEY_EXCHANGE 
TLS_STATE_CLIENT_CERTIFICATE_VERIFY 
TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC 
TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC_2 
TLS_STATE_CLIENT_FINISHED 
TLS_STATE_CLIENT_APP_TRAFFIC_KEYS 
TLS_STATE_SERVER_CHANGE_CIPHER_SPEC 
TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2 
TLS_STATE_SERVER_FINISHED 
TLS_STATE_END_OF_EARLY_DATA 
TLS_STATE_SERVER_APP_TRAFFIC_KEYS 
TLS_STATE_NEW_SESSION_TICKET 
TLS_STATE_KEY_UPDATE 
TLS_STATE_APPLICATION_DATA 
TLS_STATE_CLOSING 
TLS_STATE_CLOSED 

Definition at line 1436 of file tls.h.

◆ TlsTransportProtocol

enum TlsTransportProtocol

TLS transport protocols.

Enumerator
TLS_TRANSPORT_PROTOCOL_STREAM 
TLS_TRANSPORT_PROTOCOL_DATAGRAM 
TLS_TRANSPORT_PROTOCOL_EAP 

Definition at line 939 of file tls.h.

Function Documentation

◆ tlsAddCertificate()

error_t tlsAddCertificate ( TlsContext context,
const char_t certChain,
size_t  certChainLen,
const char_t privateKey,
size_t  privateKeyLen 
)

Add a certificate and the corresponding private key (deprecated)

Parameters
[in]contextPointer to the TLS context
[in]certChainCertificate chain (PEM format). This parameter is taken as reference
[in]certChainLenTotal length of the certificate chain
[in]privateKeyPrivate key (PEM format). This parameter is taken as reference
[in]privateKeyLenTotal length of the private key
Returns
Error code

Definition at line 1226 of file tls.c.

◆ tlsAllowUnknownAlpnProtocols()

error_t tlsAllowUnknownAlpnProtocols ( TlsContext context,
bool_t  allowed 
)

Allow unknown ALPN protocols.

Parameters
[in]contextPointer to the TLS context
[in]allowedSpecifies whether unknown ALPN protocols are allowed
Returns
Error code

Definition at line 853 of file tls.c.

◆ tlsConnect()

error_t tlsConnect ( TlsContext context)

Initiate the TLS handshake.

Parameters
[in]contextPointer to the TLS context
Returns
Error code

Definition at line 1758 of file tls.c.

◆ tlsEnableFallbackScsv()

error_t tlsEnableFallbackScsv ( TlsContext context,
bool_t  enabled 
)

Perform fallback retry (for clients only)

Parameters
[in]contextPointer to the TLS context
[in]enabledSpecifies whether FALLBACK_SCSV is enabled
Returns
Error code

Definition at line 1484 of file tls.c.

◆ tlsEnableReplayDetection()

error_t tlsEnableReplayDetection ( TlsContext context,
bool_t  enabled 
)

Enable anti-replay mechanism (for DTLS only)

Parameters
[in]contextPointer to the TLS context
[in]enabledSpecifies whether anti-replay protection is enabled
Returns
Error code

Definition at line 1638 of file tls.c.

◆ tlsEnableSecureRenegotiation()

error_t tlsEnableSecureRenegotiation ( TlsContext context,
bool_t  enabled 
)

Enable secure renegotiation.

Parameters
[in]contextPointer to the TLS context
[in]enabledSpecifies whether secure renegotiation is allowed
Returns
Error code

Definition at line 1458 of file tls.c.

◆ tlsEnableSessionTickets()

error_t tlsEnableSessionTickets ( TlsContext context,
bool_t  enabled 
)

Enable session ticket mechanism.

Parameters
[in]contextPointer to the TLS context
[in]enabledSpecifies whether session tickets are allowed
Returns
Error code

Definition at line 1432 of file tls.c.

◆ tlsFree()

void tlsFree ( TlsContext context)

Release TLS context.

Parameters
[in]contextPointer to the TLS context

Definition at line 2464 of file tls.c.

◆ tlsFreeCache()

void tlsFreeCache ( TlsCache cache)

Properly dispose a session cache.

Parameters
[in]cachePointer to the session cache to be released

Definition at line 319 of file tls_cache.c.

◆ tlsFreeSessionState()

void tlsFreeSessionState ( TlsSessionState session)

Properly dispose a session state.

Parameters
[in]sessionPointer to the session state to be released

Definition at line 2743 of file tls.c.

◆ tlsGetAlpnProtocol()

const char_t* tlsGetAlpnProtocol ( TlsContext context)

Get the name of the selected ALPN protocol.

Parameters
[in]contextPointer to the TLS context
Returns
Pointer to the protocol name

Definition at line 953 of file tls.c.

◆ tlsGetEarlyDataStatus()

TlsEarlyDataStatus tlsGetEarlyDataStatus ( TlsContext context)

Check whether the server has accepted or rejected the early data.

Parameters
[in]contextPointer to the TLS context
Returns
TLS_EARLY_DATA_ACCEPTED if the early data was accepted, else TLS_EARLY_DATA_REJECT if the early data was rejected

Definition at line 1806 of file tls.c.

◆ tlsGetServerName()

const char_t* tlsGetServerName ( TlsContext context)

Get the server name.

Parameters
[in]contextPointer to the TLS context
Returns
Fully qualified domain name of the server

Definition at line 448 of file tls.c.

◆ tlsGetState()

TlsState tlsGetState ( TlsContext context)

Retrieve current TLS state.

Parameters
[in]contextPointer to the TLS context
Returns
Current TLS state

Definition at line 198 of file tls.c.

◆ tlsInit()

TlsContext* tlsInit ( void  )

TLS context initialization.

Returns
Handle referencing the fully initialized TLS context

Definition at line 65 of file tls.c.

◆ tlsInitCache()

TlsCache* tlsInitCache ( uint_t  size)

Session cache initialization.

Parameters
[in]sizeMaximum number of cache entries
Returns
Handle referencing the fully initialized session cache

Definition at line 50 of file tls_cache.c.

◆ tlsInitSessionState()

error_t tlsInitSessionState ( TlsSessionState session)

Initialize session state.

Parameters
[in]sessionPointer to the session state
Returns
Error code

Definition at line 2600 of file tls.c.

◆ tlsIsRxReady()

bool_t tlsIsRxReady ( TlsContext context)

Check whether some data is available in the receive buffer.

Parameters
[in]contextPointer to the TLS context
Returns
The function returns TRUE if some data is pending and can be read immediately without blocking. Otherwise, FALSE is returned

Definition at line 2257 of file tls.c.

◆ tlsIsTxReady()

bool_t tlsIsTxReady ( TlsContext context)

Check whether some data is ready for transmission.

Parameters
[in]contextPointer to the TLS context
Returns
The function returns TRUE if some data is ready for transmission. Otherwise, FALSE is returned

Definition at line 2223 of file tls.c.

◆ tlsLoadCertificate()

error_t tlsLoadCertificate ( TlsContext context,
uint_t  index,
const char_t certChain,
size_t  certChainLen,
const char_t privateKey,
size_t  privateKeyLen,
const char_t password 
)

Load entity's certificate.

Parameters
[in]contextPointer to the TLS context
[in]indexZero-based index identifying a slot
[in]certChainCertificate chain (PEM format). This parameter is taken as reference
[in]certChainLenLength of the certificate chain
[in]privateKeyPrivate key (PEM format). This parameter is taken as reference
[in]privateKeyLenLength of the private key
[in]passwordNULL-terminated string containing the password. This parameter is required if the private key is encrypted
Returns
Error code

Definition at line 1270 of file tls.c.

◆ tlsRead()

error_t tlsRead ( TlsContext context,
void *  data,
size_t  size,
size_t *  received,
uint_t  flags 
)

Receive application data from a the remote host using TLS.

Parameters
[in]contextPointer to the TLS context
[out]dataBuffer into which received data will be placed
[in]sizeMaximum number of bytes that can be received
[out]receivedNumber of bytes that have been received
[in]flagsSet of flags that influences the behavior of this function
Returns
Error code

Definition at line 1984 of file tls.c.

◆ tlsRestoreSessionState()

error_t tlsRestoreSessionState ( TlsContext context,
const TlsSessionState session 
)

Restore TLS session.

Parameters
[in]contextPointer to the TLS context
[in]sessionPointer to the session state to be restored
Returns
Error code

Definition at line 2690 of file tls.c.

◆ tlsSaveSessionState()

error_t tlsSaveSessionState ( const TlsContext context,
TlsSessionState session 
)

Save TLS session.

Parameters
[in]contextPointer to the TLS context
[out]sessionPointer to the session state
Returns
Error code

Definition at line 2621 of file tls.c.

◆ tlsSetAlpnCallback()

error_t tlsSetAlpnCallback ( TlsContext context,
TlsAlpnCallback  alpnCallback 
)

Register ALPN callback function.

Parameters
[in]contextPointer to the TLS context
[in]alpnCallbackALPN callback function
Returns
Error code

Definition at line 928 of file tls.c.

◆ tlsSetAlpnProtocolList()

error_t tlsSetAlpnProtocolList ( TlsContext context,
const char_t protocolList 
)

Set the list of supported ALPN protocols.

Parameters
[in]contextPointer to the TLS context
[in]protocolListComma-delimited list of supported protocols
Returns
Error code

Definition at line 879 of file tls.c.

◆ tlsSetBufferSize()

error_t tlsSetBufferSize ( TlsContext context,
size_t  txBufferSize,
size_t  rxBufferSize 
)

Set TLS buffer size.

Parameters
[in]contextPointer to the TLS context
[in]txBufferSizeTX buffer size
[in]rxBufferSizeRX buffer size
Returns
Error code

Definition at line 516 of file tls.c.

◆ tlsSetCache()

error_t tlsSetCache ( TlsContext context,
TlsCache cache 
)

Set session cache.

Parameters
[in]contextPointer to the TLS context
[in]cacheSession cache that will be used to save/resume TLS sessions
Returns
Error code

Definition at line 473 of file tls.c.

◆ tlsSetCertificateVerifyCallback()

error_t tlsSetCertificateVerifyCallback ( TlsContext context,
TlsCertVerifyCallback  certVerifyCallback,
void *  param 
)

Register certificate verification callback function.

Parameters
[in]contextPointer to the TLS context
[in]certVerifyCallbackCertificate verification callback function
[in]paramAn opaque pointer passed to the callback function
Returns
Error code

Definition at line 1408 of file tls.c.

◆ tlsSetCipherSuites()

error_t tlsSetCipherSuites ( TlsContext context,
const uint16_t *  cipherSuites,
uint_t  length 
)

Specify the list of allowed cipher suites.

Parameters
[in]contextPointer to the TLS context
[in]cipherSuitesList of allowed cipher suites (most preferred first). This parameter is taken as reference
[in]lengthNumber of cipher suites in the list
Returns
Error code

Definition at line 600 of file tls.c.

◆ tlsSetClientAuthMode()

error_t tlsSetClientAuthMode ( TlsContext context,
TlsClientAuthMode  mode 
)

Set client authentication mode (for servers only)

Parameters
[in]contextPointer to the TLS context
[in]modeClient authentication mode
Returns
Error code

Definition at line 494 of file tls.c.

◆ tlsSetConnectionEnd()

error_t tlsSetConnectionEnd ( TlsContext context,
TlsConnectionEnd  entity 
)

Set operation mode (client or server)

Parameters
[in]contextPointer to the TLS context
[in]entitySpecifies whether this entity is considered a client or a server
Returns
Error code

Definition at line 344 of file tls.c.

◆ tlsSetCookieCallbacks()

error_t tlsSetCookieCallbacks ( TlsContext context,
DtlsCookieGenerateCallback  cookieGenerateCallback,
DtlsCookieVerifyCallback  cookieVerifyCallback,
void *  param 
)

Set cookie generation/verification callbacks (for DTLS only)

Parameters
[in]contextPointer to the TLS context
[in]cookieGenerateCallbackCookie generation callback function
[in]cookieVerifyCallbackCookie verification callback function
[in]paramAn opaque pointer passed to the callback functions
Returns
Error code

Definition at line 1602 of file tls.c.

◆ tlsSetDhParameters()

error_t tlsSetDhParameters ( TlsContext context,
const char_t params,
size_t  length 
)

Import Diffie-Hellman parameters.

Parameters
[in]contextPointer to the TLS context
[in]paramsPEM structure that holds Diffie-Hellman parameters. This parameter is taken as reference
[in]lengthTotal length of the DER structure
Returns
Error code

Definition at line 718 of file tls.c.

◆ tlsSetEcdhCallback()

error_t tlsSetEcdhCallback ( TlsContext context,
TlsEcdhCallback  ecdhCallback 
)

Register ECDH key agreement callback function.

Parameters
[in]contextPointer to the TLS context
[in]ecdhCallbackECDH callback function
Returns
Error code

Definition at line 746 of file tls.c.

◆ tlsSetEcdsaSignCallback()

error_t tlsSetEcdsaSignCallback ( TlsContext context,
TlsEcdsaSignCallback  ecdsaSignCallback 
)

Register ECDSA signature generation callback function.

Parameters
[in]contextPointer to the TLS context
[in]ecdsaSignCallbackECDSA signature generation callback function
Returns
Error code

Definition at line 772 of file tls.c.

◆ tlsSetEcdsaVerifyCallback()

error_t tlsSetEcdsaVerifyCallback ( TlsContext context,
TlsEcdsaVerifyCallback  ecdsaVerifyCallback 
)

Register ECDSA signature verification callback function.

Parameters
[in]contextPointer to the TLS context
[in]ecdsaVerifyCallbackECDSA signature verification callback function
Returns
Error code

Definition at line 799 of file tls.c.

◆ tlsSetKeyLogCallback()

error_t tlsSetKeyLogCallback ( TlsContext context,
TlsKeyLogCallback  keyLogCallback 
)

Register key logging callback function (for debugging purpose only)

Parameters
[in]contextPointer to the TLS context
[in]keyLogCallbackKey logging callback function
Returns
Error code

Definition at line 826 of file tls.c.

◆ tlsSetMaxEarlyDataSize()

error_t tlsSetMaxEarlyDataSize ( TlsContext context,
size_t  maxEarlyDataSize 
)

Send the maximum amount of 0-RTT data the server can accept.

Parameters
[in]contextPointer to the TLS context
[in]maxEarlyDataSizeMaximum amount of 0-RTT data that the client is allowed to send
Returns
Error code

Definition at line 1666 of file tls.c.

◆ tlsSetMaxFragmentLength()

error_t tlsSetMaxFragmentLength ( TlsContext context,
size_t  maxFragLen 
)

Set maximum fragment length.

Parameters
[in]contextPointer to the TLS context
[in]maxFragLenMaximum fragment length
Returns
Error code

Definition at line 564 of file tls.c.

◆ tlsSetPmtu()

error_t tlsSetPmtu ( TlsContext context,
size_t  pmtu 
)

Set PMTU value (for DTLS only)

Parameters
[in]contextPointer to the TLS context
[in]pmtuPMTU value
Returns
Error code

Definition at line 1544 of file tls.c.

◆ tlsSetPreferredGroup()

error_t tlsSetPreferredGroup ( TlsContext context,
uint16_t  group 
)

Specify the preferred ECDHE or FFDHE group.

Parameters
[in]contextPointer to the TLS context
[in]groupPreferred ECDHE or FFDHE named group
Returns
Error code

Definition at line 656 of file tls.c.

◆ tlsSetPrng()

error_t tlsSetPrng ( TlsContext context,
const PrngAlgo prngAlgo,
void *  prngContext 
)

Set the pseudo-random number generator to be used.

Parameters
[in]contextPointer to the TLS context
[in]prngAlgoPRNG algorithm
[in]prngContextPointer to the PRNG context
Returns
Error code

Definition at line 370 of file tls.c.

◆ tlsSetPsk()

error_t tlsSetPsk ( TlsContext context,
const uint8_t *  psk,
size_t  length 
)

Set the pre-shared key to be used.

Parameters
[in]contextPointer to the TLS context
[in]pskPointer to the pre-shared key
[in]lengthLength of the pre-shared key, in bytes
Returns
Error code

Definition at line 981 of file tls.c.

◆ tlsSetPskCallback()

error_t tlsSetPskCallback ( TlsContext context,
TlsPskCallback  pskCallback 
)

Register PSK callback function.

Parameters
[in]contextPointer to the TLS context
[in]pskCallbackPSK callback function
Returns
Error code

Definition at line 1140 of file tls.c.

◆ tlsSetPskIdentity()

error_t tlsSetPskIdentity ( TlsContext context,
const char_t pskIdentity 
)

Set the PSK identity to be used by the client.

Parameters
[in]contextPointer to the TLS context
[in]pskIdentityNULL-terminated string that contains the PSK identity
Returns
Error code

Definition at line 1042 of file tls.c.

◆ tlsSetPskIdentityHint()

error_t tlsSetPskIdentityHint ( TlsContext context,
const char_t pskIdentityHint 
)

Set the PSK identity hint to be used by the server.

Parameters
[in]contextPointer to the TLS context
[in]pskIdentityHintNULL-terminated string that contains the PSK identity hint
Returns
Error code

Definition at line 1091 of file tls.c.

◆ tlsSetRpkVerifyCallback()

error_t tlsSetRpkVerifyCallback ( TlsContext context,
TlsRpkVerifyCallback  rpkVerifyCallback 
)

Register the raw public key verification callback function.

Parameters
[in]contextPointer to the TLS context
[in]rpkVerifyCallbackRPK verification callback function
Returns
Error code

Definition at line 1166 of file tls.c.

◆ tlsSetServerName()

error_t tlsSetServerName ( TlsContext context,
const char_t serverName 
)

Set the server name.

Parameters
[in]contextPointer to the TLS context
[in]serverNameFully qualified domain name of the server
Returns
Error code

Definition at line 398 of file tls.c.

◆ tlsSetSocketCallbacks()

error_t tlsSetSocketCallbacks ( TlsContext context,
TlsSocketSendCallback  socketSendCallback,
TlsSocketReceiveCallback  socketReceiveCallback,
TlsSocketHandle  handle 
)

Set socket send and receive callbacks.

Parameters
[in]contextPointer to the TLS context
[in]socketSendCallbackSend callback function
[in]socketReceiveCallbackReceive callback function
[in]handleSocket handle
Returns
Error code

Definition at line 248 of file tls.c.

◆ tlsSetStateChangeCallback()

error_t tlsSetStateChangeCallback ( TlsContext context,
TlsStateChangeCallback  stateChangeCallback 
)

Register TLS state change callback.

Parameters
[in]contextPointer to the TLS context
[in]stateChangeCallbackTLS state change callback
Returns
Error code

Definition at line 224 of file tls.c.

◆ tlsSetSupportedGroups()

error_t tlsSetSupportedGroups ( TlsContext context,
const uint16_t *  groups,
uint_t  length 
)

Specify the list of allowed ECDHE and FFDHE groups.

Parameters
[in]contextPointer to the TLS context
[in]groupsList of named groups (most preferred first). This parameter is taken as reference
[in]lengthNumber of named groups in the list
Returns
Error code

Definition at line 629 of file tls.c.

◆ tlsSetSupportedSignAlgos()

error_t tlsSetSupportedSignAlgos ( TlsContext context,
const uint16_t *  signAlgos,
uint_t  length 
)

Specify the list of allowed signature algorithms.

Parameters
[in]contextPointer to the TLS context
[in]groupsList of signature algorithms (most preferred first). This parameter is taken as reference
[in]lengthNumber of signature algorithms in the list
Returns
Error code

Definition at line 684 of file tls.c.

◆ tlsSetTicketCallbacks()

error_t tlsSetTicketCallbacks ( TlsContext context,
TlsTicketEncryptCallback  ticketEncryptCallback,
TlsTicketDecryptCallback  ticketDecryptCallback,
void *  param 
)

Set ticket encryption/decryption callbacks.

Parameters
[in]contextPointer to the TLS context
[in]ticketEncryptCallbackTicket encryption callback function
[in]ticketDecryptCallbackTicket decryption callback function
[in]paramAn opaque pointer passed to the callback functions
Returns
Error code

Definition at line 1512 of file tls.c.

◆ tlsSetTimeout()

error_t tlsSetTimeout ( TlsContext context,
systime_t  timeout 
)

Set timeout for blocking calls (for DTLS only)

Parameters
[in]contextPointer to the TLS context
[in]timeoutMaximum time to wait
Returns
Error code

Definition at line 1574 of file tls.c.

◆ tlsSetTransportProtocol()

error_t tlsSetTransportProtocol ( TlsContext context,
TlsTransportProtocol  transportProtocol 
)

Set the transport protocol to be used.

Parameters
[in]contextPointer to the TLS context
[in]transportProtocolTransport protocol to be used
Returns
Error code

Definition at line 314 of file tls.c.

◆ tlsSetTrustedCaList()

error_t tlsSetTrustedCaList ( TlsContext context,
const char_t trustedCaList,
size_t  length 
)

Import a trusted CA list.

Parameters
[in]contextPointer to the TLS context
[in]trustedCaListList of trusted CA (PEM format)
[in]lengthTotal length of the list
Returns
Error code

Definition at line 1194 of file tls.c.

◆ tlsSetVersion()

error_t tlsSetVersion ( TlsContext context,
uint16_t  versionMin,
uint16_t  versionMax 
)

Set minimum and maximum versions permitted.

Parameters
[in]contextPointer to the TLS context
[in]versionMinMinimum version accepted by the TLS implementation
[in]versionMaxMaximum version accepted by the TLS implementation
Returns
Error code

Definition at line 280 of file tls.c.

◆ tlsShutdown()

error_t tlsShutdown ( TlsContext context)

Gracefully close TLS session.

Parameters
[in]contextPointer to the TLS context

Definition at line 2302 of file tls.c.

◆ tlsShutdownEx()

error_t tlsShutdownEx ( TlsContext context,
bool_t  waitForCloseNotify 
)

Gracefully close TLS session.

Parameters
[in]contextPointer to the TLS context
[in]waitForCloseNotifyWait for the close notify alert from the peer

Definition at line 2315 of file tls.c.

◆ tlsWrite()

error_t tlsWrite ( TlsContext context,
const void *  data,
size_t  length,
size_t *  written,
uint_t  flags 
)

Send application data to the remote host using TLS.

Parameters
[in]contextPointer to the TLS context
[in]dataPointer to a buffer containing the data to be transmitted
[in]lengthNumber of bytes to be transmitted
[out]writtenActual number of bytes written (optional parameter)
[in]flagsSet of flags that influences the behavior of this function
Returns
Error code

Definition at line 1849 of file tls.c.

◆ tlsWriteEarlyData()

error_t tlsWriteEarlyData ( TlsContext context,
const void *  data,
size_t  length,
size_t *  written,
uint_t  flags 
)

Send early data to the remote TLS server.

Parameters
[in]contextPointer to the TLS context
[in]dataPointer to a buffer containing the data to be transmitted
[in]lengthNumber of bytes to be transmitted
[out]writtenActual number of bytes written (optional parameter)
[in]flagsSet of flags that influences the behavior of this function
Returns
Error code

Definition at line 1695 of file tls.c.

Variable Documentation

◆ __packed_struct

typedef __packed_struct
Initial value:
{
uint8_t b[8]
b
uint8_t b
Definition: nbns_common.h:104

Sequence number.

Session state information.

Alert message.

ChangeCipherSpec message.

NewSessionTicket message.

CertificateRequest message.

ServerHello message.

ClientHello message.

TLS handshake message.

TLS record.

Digitally-signed element (TLS 1.2)

Digitally-signed element (TLS 1.0 and TLS 1.1)

PSK identity hint.

PSK identity.

Renegotiated connection.

List of supported certificate types.

List of supported EC point formats.

List of supported groups.

List of protocol names.

Protocol name.

List of server names.

Server name.

List of supported versions.

List of TLS extensions.

TLS extension.

List of certificate authorities.

List of certificates.

List of signature schemes.

Compression methods.

Cipher suites.

Protocol version

Definition at line 1486 of file tls.h.

◆ certificateTypes

uint8_t certificateTypes[]

Definition at line 1794 of file tls.h.

◆ cipherSuite

uint16_t cipherSuite

Cipher suite identifier.

Definition at line 1866 of file tls.h.

◆ data

uint8_t data[]

Definition at line 1724 of file tls.h.

◆ description

uint8_t description

Definition at line 1855 of file tls.h.

◆ extendedMasterSecret

bool_t extendedMasterSecret

Extended master secret computation.

Definition at line 1871 of file tls.h.

◆ hostname

char_t hostname[]

Definition at line 1589 of file tls.h.

◆ length

uint8_t length[3]

Definition at line 1554 of file tls.h.

◆ random

uint8_t random

Definition at line 1754 of file tls.h.

◆ secret

uint8_t secret[TLS_MASTER_SECRET_SIZE]

Master secret.

Definition at line 1867 of file tls.h.

◆ sessionId

uint8_t sessionId

Definition at line 1756 of file tls.h.

◆ sessionIdLen

uint8_t sessionIdLen

Definition at line 1755 of file tls.h.

◆ ticket

uint8_t ticket[]

Definition at line 1827 of file tls.h.

◆ ticketLen

uint16_t ticketLen

Definition at line 1826 of file tls.h.

◆ ticketLifetime

uint32_t ticketLifetime

Lifetime of the ticket.

Definition at line 1869 of file tls.h.

◆ ticketTimestamp

systime_t ticketTimestamp

Timestamp to manage ticket lifetime.

Definition at line 1868 of file tls.h.

◆ Tls12DigitalSignature

Tls12DigitalSignature

Definition at line 1712 of file tls.h.

◆ TlsAlert

TlsAlert

Definition at line 1856 of file tls.h.

◆ TlsCertAuthorities

TlsCertAuthorities

Definition at line 1544 of file tls.h.

◆ TlsCertificateRequest

TlsCertificateRequest

Definition at line 1795 of file tls.h.

◆ TlsCertList

TlsCertList

Definition at line 1533 of file tls.h.

◆ TlsCertTypeList

TlsCertTypeList

Definition at line 1656 of file tls.h.

◆ TlsChangeCipherSpec

TlsChangeCipherSpec

Definition at line 1845 of file tls.h.

◆ TlsCipherSuites

TlsCipherSuites

Definition at line 1500 of file tls.h.

◆ TlsClientHello

TlsClientHello

Definition at line 1757 of file tls.h.

◆ TlsCompressMethods

TlsCompressMethods

Definition at line 1511 of file tls.h.

◆ TlsDigitalSignature

TlsDigitalSignature

Definition at line 1700 of file tls.h.

◆ TlsEcPointFormatList

TlsEcPointFormatList

Definition at line 1645 of file tls.h.

◆ TlsExtension

TlsExtension

Definition at line 1556 of file tls.h.

◆ TlsExtensionList

TlsExtensionList

Definition at line 1567 of file tls.h.

◆ TlsHandshake

TlsHandshake

Definition at line 1737 of file tls.h.

◆ TlsNewSessionTicket

TlsNewSessionTicket

Definition at line 1828 of file tls.h.

◆ TlsPlaintextSessionState

TlsPlaintextSessionState

Definition at line 1873 of file tls.h.

◆ TlsProtocolName

TlsProtocolName

Definition at line 1612 of file tls.h.

◆ TlsProtocolNameList

TlsProtocolNameList

Definition at line 1623 of file tls.h.

◆ TlsPskIdentity

TlsPskIdentity

Definition at line 1678 of file tls.h.

◆ TlsPskIdentityHint

TlsPskIdentityHint

Definition at line 1689 of file tls.h.

◆ TlsRecord

TlsRecord

Definition at line 1725 of file tls.h.

◆ TlsRenegoInfo

TlsRenegoInfo

Definition at line 1667 of file tls.h.

◆ TlsSequenceNumber

TlsSequenceNumber

Definition at line 1489 of file tls.h.

◆ TlsServerHello

TlsServerHello

Definition at line 1770 of file tls.h.

◆ TlsServerName

TlsServerName

Definition at line 1590 of file tls.h.

◆ TlsServerNameList

TlsServerNameList

Definition at line 1601 of file tls.h.

◆ TlsSignSchemeList

TlsSignSchemeList

Definition at line 1522 of file tls.h.

◆ TlsSupportedGroupList

TlsSupportedGroupList

Definition at line 1634 of file tls.h.

◆ TlsSupportedVersionList

TlsSupportedVersionList

Definition at line 1578 of file tls.h.

◆ value

uint8_t value[]

Definition at line 1499 of file tls.h.

◆ version

uint16_t version

Definition at line 1722 of file tls.h.