tls.h
Go to the documentation of this file.
1 /**
2  * @file tls.h
3  * @brief TLS (Transport Layer Security)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2019 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneSSL Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 1.9.6
29  **/
30 
31 #ifndef _TLS_H
32 #define _TLS_H
33 
34 //Forward declaration of TlsContext structure
35 struct _TlsContext;
36 #define TlsContext struct _TlsContext
37 
38 //Dependencies
39 #include "os_port.h"
40 #include "core/crypto.h"
41 #include "tls_config.h"
42 #include "tls_legacy.h"
43 #include "tls13_misc.h"
44 #include "dtls_misc.h"
45 #include "mac/hmac.h"
46 #include "pkc/rsa.h"
47 #include "pkc/dsa.h"
48 #include "ecc/ecdsa.h"
49 #include "pkc/dh.h"
50 #include "ecc/ecdh.h"
51 #include "aead/gcm.h"
52 #include "pkix/x509_common.h"
53 
54 
55 /*
56  * CycloneSSL Open is licensed under GPL version 2. In particular:
57  *
58  * - If you link your program to CycloneSSL Open, the result is a derivative
59  * work that can only be distributed under the same GPL license terms.
60  *
61  * - If additions or changes to CycloneSSL Open are made, the result is a
62  * derivative work that can only be distributed under the same license terms.
63  *
64  * - The GPL license requires that you make the source code available to
65  * whoever you make the binary available to.
66  *
67  * - If you sell or distribute a hardware product that runs CycloneSSL Open,
68  * the GPL license requires you to provide public and full access to all
69  * source code on a nondiscriminatory basis.
70  *
71  * If you fully understand and accept the terms of the GPL license, then edit
72  * the os_port_config.h header and add the following directive:
73  *
74  * #define GPL_LICENSE_TERMS_ACCEPTED
75  */
76 
77 #ifndef GPL_LICENSE_TERMS_ACCEPTED
78  #error Before compiling CycloneSSL Open, you must accept the terms of the GPL license
79 #endif
80 
81 //Version string
82 #define CYCLONE_SSL_VERSION_STRING "1.9.6"
83 //Major version
84 #define CYCLONE_SSL_MAJOR_VERSION 1
85 //Minor version
86 #define CYCLONE_SSL_MINOR_VERSION 9
87 //Revision number
88 #define CYCLONE_SSL_REV_NUMBER 6
89 
90 //TLS version numbers
91 #define SSL_VERSION_3_0 0x0300
92 #define TLS_VERSION_1_0 0x0301
93 #define TLS_VERSION_1_1 0x0302
94 #define TLS_VERSION_1_2 0x0303
95 #define TLS_VERSION_1_3 0x0304
96 
97 //TLS support
98 #ifndef TLS_SUPPORT
99  #define TLS_SUPPORT ENABLED
100 #elif (TLS_SUPPORT != ENABLED && TLS_SUPPORT != DISABLED)
101  #error TLS_SUPPORT parameter is not valid
102 #endif
103 
104 //Client mode of operation
105 #ifndef TLS_CLIENT_SUPPORT
106  #define TLS_CLIENT_SUPPORT ENABLED
107 #elif (TLS_CLIENT_SUPPORT != ENABLED && TLS_CLIENT_SUPPORT != DISABLED)
108  #error TLS_CLIENT_SUPPORT parameter is not valid
109 #endif
110 
111 //Server mode of operation
112 #ifndef TLS_SERVER_SUPPORT
113  #define TLS_SERVER_SUPPORT ENABLED
114 #elif (TLS_SERVER_SUPPORT != ENABLED && TLS_SERVER_SUPPORT != DISABLED)
115  #error TLS_SERVER_SUPPORT parameter is not valid
116 #endif
117 
118 //Minimum TLS version that can be negotiated
119 #ifndef TLS_MIN_VERSION
120  #define TLS_MIN_VERSION TLS_VERSION_1_0
121 #elif (TLS_MIN_VERSION < SSL_VERSION_3_0)
122  #error TLS_MIN_VERSION parameter is not valid
123 #endif
124 
125 //Maximum TLS version that can be negotiated
126 #ifndef TLS_MAX_VERSION
127  #define TLS_MAX_VERSION TLS_VERSION_1_2
128 #elif (TLS_MAX_VERSION > TLS_VERSION_1_3 || TLS_MAX_VERSION < TLS_MIN_VERSION)
129  #error TLS_MAX_VERSION parameter is not valid
130 #endif
131 
132 //Session resumption mechanism
133 #ifndef TLS_SESSION_RESUME_SUPPORT
134  #define TLS_SESSION_RESUME_SUPPORT ENABLED
135 #elif (TLS_SESSION_RESUME_SUPPORT != ENABLED && TLS_SESSION_RESUME_SUPPORT != DISABLED)
136  #error TLS_SESSION_RESUME_SUPPORT parameter is not valid
137 #endif
138 
139 //Lifetime of session cache entries
140 #ifndef TLS_SESSION_CACHE_LIFETIME
141  #define TLS_SESSION_CACHE_LIFETIME 3600000
142 #elif (TLS_SESSION_CACHE_LIFETIME < 1000)
143  #error TLS_SESSION_CACHE_LIFETIME parameter is not valid
144 #endif
145 
146 //Session ticket mechanism
147 #ifndef TLS_TICKET_SUPPORT
148  #define TLS_TICKET_SUPPORT DISABLED
149 #elif (TLS_TICKET_SUPPORT != ENABLED && TLS_TICKET_SUPPORT != DISABLED)
150  #error TLS_TICKET_SUPPORT parameter is not valid
151 #endif
152 
153 //Lifetime of session tickets
154 #ifndef TLS_TICKET_LIFETIME
155  #define TLS_TICKET_LIFETIME 3600000
156 #elif (TLS_TICKET_LIFETIME < 0)
157  #error TLS_TICKET_LIFETIME parameter is not valid
158 #endif
159 
160 //SNI (Server Name Indication) extension
161 #ifndef TLS_SNI_SUPPORT
162  #define TLS_SNI_SUPPORT ENABLED
163 #elif (TLS_SNI_SUPPORT != ENABLED && TLS_SNI_SUPPORT != DISABLED)
164  #error TLS_SNI_SUPPORT parameter is not valid
165 #endif
166 
167 //Maximum Fragment Length extension
168 #ifndef TLS_MAX_FRAG_LEN_SUPPORT
169  #define TLS_MAX_FRAG_LEN_SUPPORT DISABLED
170 #elif (TLS_MAX_FRAG_LEN_SUPPORT != ENABLED && TLS_MAX_FRAG_LEN_SUPPORT != DISABLED)
171  #error TLS_MAX_FRAG_LEN_SUPPORT parameter is not valid
172 #endif
173 
174 //Record Size Limit extension
175 #ifndef TLS_RECORD_SIZE_LIMIT_SUPPORT
176  #define TLS_RECORD_SIZE_LIMIT_SUPPORT ENABLED
177 #elif (TLS_RECORD_SIZE_LIMIT_SUPPORT != ENABLED && TLS_RECORD_SIZE_LIMIT_SUPPORT != DISABLED)
178  #error TLS_RECORD_SIZE_LIMIT_SUPPORT parameter is not valid
179 #endif
180 
181 //ALPN (Application-Layer Protocol Negotiation) extension
182 #ifndef TLS_ALPN_SUPPORT
183  #define TLS_ALPN_SUPPORT DISABLED
184 #elif (TLS_ALPN_SUPPORT != ENABLED && TLS_ALPN_SUPPORT != DISABLED)
185  #error TLS_ALPN_SUPPORT parameter is not valid
186 #endif
187 
188 //Extended Master Secret extension
189 #ifndef TLS_EXT_MASTER_SECRET_SUPPORT
190  #define TLS_EXT_MASTER_SECRET_SUPPORT ENABLED
191 #elif (TLS_EXT_MASTER_SECRET_SUPPORT != ENABLED && TLS_EXT_MASTER_SECRET_SUPPORT != DISABLED)
192  #error TLS_EXT_MASTER_SECRET_SUPPORT parameter is not valid
193 #endif
194 
195 //ClientHello Padding extension
196 #ifndef TLS_CLIENT_HELLO_PADDING_SUPPORT
197  #define TLS_CLIENT_HELLO_PADDING_SUPPORT ENABLED
198 #elif (TLS_CLIENT_HELLO_PADDING_SUPPORT != ENABLED && TLS_CLIENT_HELLO_PADDING_SUPPORT != DISABLED)
199  #error TLS_CLIENT_HELLO_PADDING_SUPPORT parameter is not valid
200 #endif
201 
202 //Signature Algorithms Certificate extension
203 #ifndef TLS_SIGN_ALGOS_CERT_SUPPORT
204  #define TLS_SIGN_ALGOS_CERT_SUPPORT DISABLED
205 #elif (TLS_SIGN_ALGOS_CERT_SUPPORT != ENABLED && TLS_SIGN_ALGOS_CERT_SUPPORT != DISABLED)
206  #error TLS_SIGN_ALGOS_CERT_SUPPORT parameter is not valid
207 #endif
208 
209 //RPK (Raw Public Key) support
210 #ifndef TLS_RAW_PUBLIC_KEY_SUPPORT
211  #define TLS_RAW_PUBLIC_KEY_SUPPORT DISABLED
212 #elif (TLS_RAW_PUBLIC_KEY_SUPPORT != ENABLED && TLS_RAW_PUBLIC_KEY_SUPPORT != DISABLED)
213  #error TLS_RAW_PUBLIC_KEY_SUPPORT parameter is not valid
214 #endif
215 
216 //Secure renegotiation support
217 #ifndef TLS_SECURE_RENEGOTIATION_SUPPORT
218  #define TLS_SECURE_RENEGOTIATION_SUPPORT DISABLED
219 #elif (TLS_SECURE_RENEGOTIATION_SUPPORT != ENABLED && TLS_SECURE_RENEGOTIATION_SUPPORT != DISABLED)
220  #error TLS_SECURE_RENEGOTIATION_SUPPORT parameter is not valid
221 #endif
222 
223 //Fallback SCSV support
224 #ifndef TLS_FALLBACK_SCSV_SUPPORT
225  #define TLS_FALLBACK_SCSV_SUPPORT DISABLED
226 #elif (TLS_FALLBACK_SCSV_SUPPORT != ENABLED && TLS_FALLBACK_SCSV_SUPPORT != DISABLED)
227  #error TLS_FALLBACK_SCSV_SUPPORT parameter is not valid
228 #endif
229 
230 //ECC callback functions
231 #ifndef TLS_ECC_CALLBACK_SUPPORT
232  #define TLS_ECC_CALLBACK_SUPPORT DISABLED
233 #elif (TLS_ECC_CALLBACK_SUPPORT != ENABLED && TLS_ECC_CALLBACK_SUPPORT != DISABLED)
234  #error TLS_ECC_CALLBACK_SUPPORT parameter is not valid
235 #endif
236 
237 //Maximum number of certificates the end entity can load
238 #ifndef TLS_MAX_CERTIFICATES
239  #define TLS_MAX_CERTIFICATES 3
240 #elif (TLS_MAX_CERTIFICATES < 1)
241  #error TLS_MAX_CERTIFICATES parameter is not valid
242 #endif
243 
244 //RSA key exchange support
245 #ifndef TLS_RSA_KE_SUPPORT
246  #define TLS_RSA_KE_SUPPORT ENABLED
247 #elif (TLS_RSA_KE_SUPPORT != ENABLED && TLS_RSA_KE_SUPPORT != DISABLED)
248  #error TLS_RSA_KE_SUPPORT parameter is not valid
249 #endif
250 
251 //DHE_RSA key exchange support
252 #ifndef TLS_DHE_RSA_KE_SUPPORT
253  #define TLS_DHE_RSA_KE_SUPPORT ENABLED
254 #elif (TLS_DHE_RSA_KE_SUPPORT != ENABLED && TLS_DHE_RSA_KE_SUPPORT != DISABLED)
255  #error TLS_DHE_RSA_KE_SUPPORT parameter is not valid
256 #endif
257 
258 //DHE_DSS key exchange support
259 #ifndef TLS_DHE_DSS_KE_SUPPORT
260  #define TLS_DHE_DSS_KE_SUPPORT DISABLED
261 #elif (TLS_DHE_DSS_KE_SUPPORT != ENABLED && TLS_DHE_DSS_KE_SUPPORT != DISABLED)
262  #error TLS_DHE_DSS_KE_SUPPORT parameter is not valid
263 #endif
264 
265 //DH_anon key exchange support (insecure)
266 #ifndef TLS_DH_ANON_KE_SUPPORT
267  #define TLS_DH_ANON_KE_SUPPORT DISABLED
268 #elif (TLS_DH_ANON_KE_SUPPORT != ENABLED && TLS_DH_ANON_KE_SUPPORT != DISABLED)
269  #error TLS_DH_ANON_KE_SUPPORT parameter is not valid
270 #endif
271 
272 //ECDHE_RSA key exchange support
273 #ifndef TLS_ECDHE_RSA_KE_SUPPORT
274  #define TLS_ECDHE_RSA_KE_SUPPORT ENABLED
275 #elif (TLS_ECDHE_RSA_KE_SUPPORT != ENABLED && TLS_ECDHE_RSA_KE_SUPPORT != DISABLED)
276  #error TLS_ECDHE_RSA_KE_SUPPORT parameter is not valid
277 #endif
278 
279 //ECDHE_ECDSA key exchange support
280 #ifndef TLS_ECDHE_ECDSA_KE_SUPPORT
281  #define TLS_ECDHE_ECDSA_KE_SUPPORT ENABLED
282 #elif (TLS_ECDHE_ECDSA_KE_SUPPORT != ENABLED && TLS_ECDHE_ECDSA_KE_SUPPORT != DISABLED)
283  #error TLS_ECDHE_ECDSA_KE_SUPPORT parameter is not valid
284 #endif
285 
286 //ECDH_anon key exchange support (insecure)
287 #ifndef TLS_ECDH_ANON_KE_SUPPORT
288  #define TLS_ECDH_ANON_KE_SUPPORT DISABLED
289 #elif (TLS_ECDH_ANON_KE_SUPPORT != ENABLED && TLS_ECDH_ANON_KE_SUPPORT != DISABLED)
290  #error TLS_ECDH_ANON_KE_SUPPORT parameter is not valid
291 #endif
292 
293 //PSK key exchange support
294 #ifndef TLS_PSK_KE_SUPPORT
295  #define TLS_PSK_KE_SUPPORT DISABLED
296 #elif (TLS_PSK_KE_SUPPORT != ENABLED && TLS_PSK_KE_SUPPORT != DISABLED)
297  #error TLS_PSK_KE_SUPPORT parameter is not valid
298 #endif
299 
300 //RSA_PSK key exchange support
301 #ifndef TLS_RSA_PSK_KE_SUPPORT
302  #define TLS_RSA_PSK_KE_SUPPORT DISABLED
303 #elif (TLS_RSA_PSK_KE_SUPPORT != ENABLED && TLS_RSA_PSK_KE_SUPPORT != DISABLED)
304  #error TLS_RSA_PSK_KE_SUPPORT parameter is not valid
305 #endif
306 
307 //DHE_PSK key exchange support
308 #ifndef TLS_DHE_PSK_KE_SUPPORT
309  #define TLS_DHE_PSK_KE_SUPPORT DISABLED
310 #elif (TLS_DHE_PSK_KE_SUPPORT != ENABLED && TLS_DHE_PSK_KE_SUPPORT != DISABLED)
311  #error TLS_DHE_PSK_KE_SUPPORT parameter is not valid
312 #endif
313 
314 //ECDHE_PSK key exchange support
315 #ifndef TLS_ECDHE_PSK_KE_SUPPORT
316  #define TLS_ECDHE_PSK_KE_SUPPORT DISABLED
317 #elif (TLS_ECDHE_PSK_KE_SUPPORT != ENABLED && TLS_ECDHE_PSK_KE_SUPPORT != DISABLED)
318  #error TLS_ECDHE_PSK_KE_SUPPORT parameter is not valid
319 #endif
320 
321 //RSA signature capability
322 #ifndef TLS_RSA_SIGN_SUPPORT
323  #define TLS_RSA_SIGN_SUPPORT ENABLED
324 #elif (TLS_RSA_SIGN_SUPPORT != ENABLED && TLS_RSA_SIGN_SUPPORT != DISABLED)
325  #error TLS_RSA_SIGN_SUPPORT parameter is not valid
326 #endif
327 
328 //RSA-PSS signature capability
329 #ifndef TLS_RSA_PSS_SIGN_SUPPORT
330  #define TLS_RSA_PSS_SIGN_SUPPORT ENABLED
331 #elif (TLS_RSA_PSS_SIGN_SUPPORT != ENABLED && TLS_RSA_PSS_SIGN_SUPPORT != DISABLED)
332  #error TLS_RSA_PSS_SIGN_SUPPORT parameter is not valid
333 #endif
334 
335 //DSA signature capability
336 #ifndef TLS_DSA_SIGN_SUPPORT
337  #define TLS_DSA_SIGN_SUPPORT DISABLED
338 #elif (TLS_DSA_SIGN_SUPPORT != ENABLED && TLS_DSA_SIGN_SUPPORT != DISABLED)
339  #error TLS_DSA_SIGN_SUPPORT parameter is not valid
340 #endif
341 
342 //ECDSA signature capability
343 #ifndef TLS_ECDSA_SIGN_SUPPORT
344  #define TLS_ECDSA_SIGN_SUPPORT ENABLED
345 #elif (TLS_ECDSA_SIGN_SUPPORT != ENABLED && TLS_ECDSA_SIGN_SUPPORT != DISABLED)
346  #error TLS_ECDSA_SIGN_SUPPORT parameter is not valid
347 #endif
348 
349 //EdDSA signature capability
350 #ifndef TLS_EDDSA_SIGN_SUPPORT
351  #define TLS_EDDSA_SIGN_SUPPORT DISABLED
352 #elif (TLS_EDDSA_SIGN_SUPPORT != ENABLED && TLS_EDDSA_SIGN_SUPPORT != DISABLED)
353  #error TLS_EDDSA_SIGN_SUPPORT parameter is not valid
354 #endif
355 
356 //NULL cipher support (insecure)
357 #ifndef TLS_NULL_CIPHER_SUPPORT
358  #define TLS_NULL_CIPHER_SUPPORT DISABLED
359 #elif (TLS_NULL_CIPHER_SUPPORT != ENABLED && TLS_NULL_CIPHER_SUPPORT != DISABLED)
360  #error TLS_NULL_CIPHER_SUPPORT parameter is not valid
361 #endif
362 
363 //Stream cipher support
364 #ifndef TLS_STREAM_CIPHER_SUPPORT
365  #define TLS_STREAM_CIPHER_SUPPORT DISABLED
366 #elif (TLS_STREAM_CIPHER_SUPPORT != ENABLED && TLS_STREAM_CIPHER_SUPPORT != DISABLED)
367  #error TLS_STREAM_CIPHER_SUPPORT parameter is not valid
368 #endif
369 
370 //CBC block cipher support
371 #ifndef TLS_CBC_CIPHER_SUPPORT
372  #define TLS_CBC_CIPHER_SUPPORT ENABLED
373 #elif (TLS_CBC_CIPHER_SUPPORT != ENABLED && TLS_CBC_CIPHER_SUPPORT != DISABLED)
374  #error TLS_CBC_CIPHER_SUPPORT parameter is not valid
375 #endif
376 
377 //CCM AEAD support
378 #ifndef TLS_CCM_CIPHER_SUPPORT
379  #define TLS_CCM_CIPHER_SUPPORT DISABLED
380 #elif (TLS_CCM_CIPHER_SUPPORT != ENABLED && TLS_CCM_CIPHER_SUPPORT != DISABLED)
381  #error TLS_CCM_CIPHER_SUPPORT parameter is not valid
382 #endif
383 
384 //CCM_8 AEAD support
385 #ifndef TLS_CCM_8_CIPHER_SUPPORT
386  #define TLS_CCM_8_CIPHER_SUPPORT DISABLED
387 #elif (TLS_CCM_8_CIPHER_SUPPORT != ENABLED && TLS_CCM_8_CIPHER_SUPPORT != DISABLED)
388  #error TLS_CCM_8_CIPHER_SUPPORT parameter is not valid
389 #endif
390 
391 //GCM AEAD support
392 #ifndef TLS_GCM_CIPHER_SUPPORT
393  #define TLS_GCM_CIPHER_SUPPORT ENABLED
394 #elif (TLS_GCM_CIPHER_SUPPORT != ENABLED && TLS_GCM_CIPHER_SUPPORT != DISABLED)
395  #error TLS_GCM_CIPHER_SUPPORT parameter is not valid
396 #endif
397 
398 //ChaCha20Poly1305 AEAD support
399 #ifndef TLS_CHACHA20_POLY1305_SUPPORT
400  #define TLS_CHACHA20_POLY1305_SUPPORT DISABLED
401 #elif (TLS_CHACHA20_POLY1305_SUPPORT != ENABLED && TLS_CHACHA20_POLY1305_SUPPORT != DISABLED)
402  #error TLS_CHACHA20_POLY1305_SUPPORT parameter is not valid
403 #endif
404 
405 //RC4 cipher support (insecure)
406 #ifndef TLS_RC4_SUPPORT
407  #define TLS_RC4_SUPPORT DISABLED
408 #elif (TLS_RC4_SUPPORT != ENABLED && TLS_RC4_SUPPORT != DISABLED)
409  #error TLS_RC4_SUPPORT parameter is not valid
410 #endif
411 
412 //IDEA cipher support (insecure)
413 #ifndef TLS_IDEA_SUPPORT
414  #define TLS_IDEA_SUPPORT DISABLED
415 #elif (TLS_IDEA_SUPPORT != ENABLED && TLS_IDEA_SUPPORT != DISABLED)
416  #error TLS_IDEA_SUPPORT parameter is not valid
417 #endif
418 
419 //DES cipher support (insecure)
420 #ifndef TLS_DES_SUPPORT
421  #define TLS_DES_SUPPORT DISABLED
422 #elif (TLS_DES_SUPPORT != ENABLED && TLS_DES_SUPPORT != DISABLED)
423  #error TLS_DES_SUPPORT parameter is not valid
424 #endif
425 
426 //Triple DES cipher support (weak)
427 #ifndef TLS_3DES_SUPPORT
428  #define TLS_3DES_SUPPORT DISABLED
429 #elif (TLS_3DES_SUPPORT != ENABLED && TLS_3DES_SUPPORT != DISABLED)
430  #error TLS_3DES_SUPPORT parameter is not valid
431 #endif
432 
433 //AES cipher support
434 #ifndef TLS_AES_SUPPORT
435  #define TLS_AES_SUPPORT ENABLED
436 #elif (TLS_AES_SUPPORT != ENABLED && TLS_AES_SUPPORT != DISABLED)
437  #error TLS_AES_SUPPORT parameter is not valid
438 #endif
439 
440 //Camellia cipher support
441 #ifndef TLS_CAMELLIA_SUPPORT
442  #define TLS_CAMELLIA_SUPPORT DISABLED
443 #elif (TLS_CAMELLIA_SUPPORT != ENABLED && TLS_CAMELLIA_SUPPORT != DISABLED)
444  #error TLS_CAMELLIA_SUPPORT parameter is not valid
445 #endif
446 
447 //SEED cipher support
448 #ifndef TLS_SEED_SUPPORT
449  #define TLS_SEED_SUPPORT DISABLED
450 #elif (TLS_SEED_SUPPORT != ENABLED && TLS_SEED_SUPPORT != DISABLED)
451  #error TLS_SEED_SUPPORT parameter is not valid
452 #endif
453 
454 //ARIA cipher support
455 #ifndef TLS_ARIA_SUPPORT
456  #define TLS_ARIA_SUPPORT DISABLED
457 #elif (TLS_ARIA_SUPPORT != ENABLED && TLS_ARIA_SUPPORT != DISABLED)
458  #error TLS_ARIA_SUPPORT parameter is not valid
459 #endif
460 
461 //MD5 hash support (insecure)
462 #ifndef TLS_MD5_SUPPORT
463  #define TLS_MD5_SUPPORT DISABLED
464 #elif (TLS_MD5_SUPPORT != ENABLED && TLS_MD5_SUPPORT != DISABLED)
465  #error TLS_MD5_SUPPORT parameter is not valid
466 #endif
467 
468 //SHA-1 hash support (weak)
469 #ifndef TLS_SHA1_SUPPORT
470  #define TLS_SHA1_SUPPORT ENABLED
471 #elif (TLS_SHA1_SUPPORT != ENABLED && TLS_SHA1_SUPPORT != DISABLED)
472  #error TLS_SHA1_SUPPORT parameter is not valid
473 #endif
474 
475 //SHA-224 hash support (weak)
476 #ifndef TLS_SHA224_SUPPORT
477  #define TLS_SHA224_SUPPORT DISABLED
478 #elif (TLS_SHA224_SUPPORT != ENABLED && TLS_SHA224_SUPPORT != DISABLED)
479  #error TLS_SHA224_SUPPORT parameter is not valid
480 #endif
481 
482 //SHA-256 hash support
483 #ifndef TLS_SHA256_SUPPORT
484  #define TLS_SHA256_SUPPORT ENABLED
485 #elif (TLS_SHA256_SUPPORT != ENABLED && TLS_SHA256_SUPPORT != DISABLED)
486  #error TLS_SHA256_SUPPORT parameter is not valid
487 #endif
488 
489 //SHA-384 hash support
490 #ifndef TLS_SHA384_SUPPORT
491  #define TLS_SHA384_SUPPORT ENABLED
492 #elif (TLS_SHA384_SUPPORT != ENABLED && TLS_SHA384_SUPPORT != DISABLED)
493  #error TLS_SHA384_SUPPORT parameter is not valid
494 #endif
495 
496 //SHA-512 hash support
497 #ifndef TLS_SHA512_SUPPORT
498  #define TLS_SHA512_SUPPORT DISABLED
499 #elif (TLS_SHA512_SUPPORT != ENABLED && TLS_SHA512_SUPPORT != DISABLED)
500  #error TLS_SHA512_SUPPORT parameter is not valid
501 #endif
502 
503 //FFDHE key exchange mechanism
504 #ifndef TLS_FFDHE_SUPPORT
505  #define TLS_FFDHE_SUPPORT DISABLED
506 #elif (TLS_FFDHE_SUPPORT != ENABLED && TLS_FFDHE_SUPPORT != DISABLED)
507  #error TLS_FFDHE_SUPPORT parameter is not valid
508 #endif
509 
510 //ffdhe2048 group support
511 #ifndef TLS_FFDHE2048_SUPPORT
512  #define TLS_FFDHE2048_SUPPORT ENABLED
513 #elif (TLS_FFDHE2048_SUPPORT != ENABLED && TLS_FFDHE2048_SUPPORT != DISABLED)
514  #error TLS_FFDHE2048_SUPPORT parameter is not valid
515 #endif
516 
517 //ffdhe3072 group support
518 #ifndef TLS_FFDHE3072_SUPPORT
519  #define TLS_FFDHE3072_SUPPORT DISABLED
520 #elif (TLS_FFDHE3072_SUPPORT != ENABLED && TLS_FFDHE3072_SUPPORT != DISABLED)
521  #error TLS_FFDHE3072_SUPPORT parameter is not valid
522 #endif
523 
524 //ffdhe4096 group support
525 #ifndef TLS_FFDHE4096_SUPPORT
526  #define TLS_FFDHE4096_SUPPORT DISABLED
527 #elif (TLS_FFDHE4096_SUPPORT != ENABLED && TLS_FFDHE4096_SUPPORT != DISABLED)
528  #error TLS_FFDHE4096_SUPPORT parameter is not valid
529 #endif
530 
531 //secp160k1 elliptic curve support (weak)
532 #ifndef TLS_SECP160K1_SUPPORT
533  #define TLS_SECP160K1_SUPPORT DISABLED
534 #elif (TLS_SECP160K1_SUPPORT != ENABLED && TLS_SECP160K1_SUPPORT != DISABLED)
535  #error TLS_SECP160K1_SUPPORT parameter is not valid
536 #endif
537 
538 //secp160r1 elliptic curve support (weak)
539 #ifndef TLS_SECP160R1_SUPPORT
540  #define TLS_SECP160R1_SUPPORT DISABLED
541 #elif (TLS_SECP160R1_SUPPORT != ENABLED && TLS_SECP160R1_SUPPORT != DISABLED)
542  #error TLS_SECP160R1_SUPPORT parameter is not valid
543 #endif
544 
545 //secp160r2 elliptic curve support (weak)
546 #ifndef TLS_SECP160R2_SUPPORT
547  #define TLS_SECP160R2_SUPPORT DISABLED
548 #elif (TLS_SECP160R2_SUPPORT != ENABLED && TLS_SECP160R2_SUPPORT != DISABLED)
549  #error TLS_SECP160R2_SUPPORT parameter is not valid
550 #endif
551 
552 //secp192k1 elliptic curve support
553 #ifndef TLS_SECP192K1_SUPPORT
554  #define TLS_SECP192K1_SUPPORT DISABLED
555 #elif (TLS_SECP192K1_SUPPORT != ENABLED && TLS_SECP192K1_SUPPORT != DISABLED)
556  #error TLS_SECP192K1_SUPPORT parameter is not valid
557 #endif
558 
559 //secp192r1 elliptic curve support (NIST P-192)
560 #ifndef TLS_SECP192R1_SUPPORT
561  #define TLS_SECP192R1_SUPPORT DISABLED
562 #elif (TLS_SECP192R1_SUPPORT != ENABLED && TLS_SECP192R1_SUPPORT != DISABLED)
563  #error TLS_SECP192R1_SUPPORT parameter is not valid
564 #endif
565 
566 //secp224k1 elliptic curve support
567 #ifndef TLS_SECP224K1_SUPPORT
568  #define TLS_SECP224K1_SUPPORT DISABLED
569 #elif (TLS_SECP224K1_SUPPORT != ENABLED && TLS_SECP224K1_SUPPORT != DISABLED)
570  #error TLS_SECP224K1_SUPPORT parameter is not valid
571 #endif
572 
573 //secp224r1 elliptic curve support (NIST P-224)
574 #ifndef TLS_SECP224R1_SUPPORT
575  #define TLS_SECP224R1_SUPPORT DISABLED
576 #elif (TLS_SECP224R1_SUPPORT != ENABLED && TLS_SECP224R1_SUPPORT != DISABLED)
577  #error TLS_SECP224R1_SUPPORT parameter is not valid
578 #endif
579 
580 //secp256k1 elliptic curve support
581 #ifndef TLS_SECP256K1_SUPPORT
582  #define TLS_SECP256K1_SUPPORT DISABLED
583 #elif (TLS_SECP256K1_SUPPORT != ENABLED && TLS_SECP256K1_SUPPORT != DISABLED)
584  #error TLS_SECP256K1_SUPPORT parameter is not valid
585 #endif
586 
587 //secp256r1 elliptic curve support (NIST P-256)
588 #ifndef TLS_SECP256R1_SUPPORT
589  #define TLS_SECP256R1_SUPPORT ENABLED
590 #elif (TLS_SECP256R1_SUPPORT != ENABLED && TLS_SECP256R1_SUPPORT != DISABLED)
591  #error TLS_SECP256R1_SUPPORT parameter is not valid
592 #endif
593 
594 //secp384r1 elliptic curve support (NIST P-384)
595 #ifndef TLS_SECP384R1_SUPPORT
596  #define TLS_SECP384R1_SUPPORT ENABLED
597 #elif (TLS_SECP384R1_SUPPORT != ENABLED && TLS_SECP384R1_SUPPORT != DISABLED)
598  #error TLS_SECP384R1_SUPPORT parameter is not valid
599 #endif
600 
601 //secp521r1 elliptic curve support (NIST P-521)
602 #ifndef TLS_SECP521R1_SUPPORT
603  #define TLS_SECP521R1_SUPPORT DISABLED
604 #elif (TLS_SECP521R1_SUPPORT != ENABLED && TLS_SECP521R1_SUPPORT != DISABLED)
605  #error TLS_SECP521R1_SUPPORT parameter is not valid
606 #endif
607 
608 //brainpoolP256r1 elliptic curve support
609 #ifndef TLS_BRAINPOOLP256R1_SUPPORT
610  #define TLS_BRAINPOOLP256R1_SUPPORT DISABLED
611 #elif (TLS_BRAINPOOLP256R1_SUPPORT != ENABLED && TLS_BRAINPOOLP256R1_SUPPORT != DISABLED)
612  #error TLS_BRAINPOOLP256R1_SUPPORT parameter is not valid
613 #endif
614 
615 //brainpoolP384r1 elliptic curve support
616 #ifndef TLS_BRAINPOOLP384R1_SUPPORT
617  #define TLS_BRAINPOOLP384R1_SUPPORT DISABLED
618 #elif (TLS_BRAINPOOLP384R1_SUPPORT != ENABLED && TLS_BRAINPOOLP384R1_SUPPORT != DISABLED)
619  #error TLS_BRAINPOOLP384R1_SUPPORT parameter is not valid
620 #endif
621 
622 //brainpoolP512r1 elliptic curve support
623 #ifndef TLS_BRAINPOOLP512R1_SUPPORT
624  #define TLS_BRAINPOOLP512R1_SUPPORT DISABLED
625 #elif (TLS_BRAINPOOLP512R1_SUPPORT != ENABLED && TLS_BRAINPOOLP512R1_SUPPORT != DISABLED)
626  #error TLS_BRAINPOOLP512R1_SUPPORT parameter is not valid
627 #endif
628 
629 //Curve25519 elliptic curve support
630 #ifndef TLS_X25519_SUPPORT
631  #define TLS_X25519_SUPPORT DISABLED
632 #elif (TLS_X25519_SUPPORT != ENABLED && TLS_X25519_SUPPORT != DISABLED)
633  #error TLS_X25519_SUPPORT parameter is not valid
634 #endif
635 
636 //Curve448 elliptic curve support
637 #ifndef TLS_X448_SUPPORT
638  #define TLS_X448_SUPPORT DISABLED
639 #elif (TLS_X448_SUPPORT != ENABLED && TLS_X448_SUPPORT != DISABLED)
640  #error TLS_X448_SUPPORT parameter is not valid
641 #endif
642 
643 //Ed25519 elliptic curve support
644 #ifndef TLS_ED25519_SUPPORT
645  #define TLS_ED25519_SUPPORT ENABLED
646 #elif (TLS_ED25519_SUPPORT != ENABLED && TLS_ED25519_SUPPORT != DISABLED)
647  #error TLS_ED25519_SUPPORT parameter is not valid
648 #endif
649 
650 //Ed448 elliptic curve support
651 #ifndef TLS_ED448_SUPPORT
652  #define TLS_ED448_SUPPORT DISABLED
653 #elif (TLS_ED448_SUPPORT != ENABLED && TLS_ED448_SUPPORT != DISABLED)
654  #error TLS_ED448_SUPPORT parameter is not valid
655 #endif
656 
657 //Certificate key usage verification
658 #ifndef TLS_CERT_KEY_USAGE_SUPPORT
659  #define TLS_CERT_KEY_USAGE_SUPPORT ENABLED
660 #elif (TLS_CERT_KEY_USAGE_SUPPORT != ENABLED && TLS_CERT_KEY_USAGE_SUPPORT != DISABLED)
661  #error TLS_CERT_KEY_USAGE_SUPPORT parameter is not valid
662 #endif
663 
664 //Key logging (for debugging purpose only)
665 #ifndef TLS_KEY_LOG_SUPPORT
666  #define TLS_KEY_LOG_SUPPORT DISABLED
667 #elif (TLS_KEY_LOG_SUPPORT != ENABLED && TLS_KEY_LOG_SUPPORT != DISABLED)
668  #error TLS_KEY_LOG_SUPPORT parameter is not valid
669 #endif
670 
671 //Maximum acceptable length for server names
672 #ifndef TLS_MAX_SERVER_NAME_LEN
673  #define TLS_MAX_SERVER_NAME_LEN 255
674 #elif (TLS_MAX_SERVER_NAME_LEN < 1)
675  #error TLS_MAX_SERVER_NAME_LEN parameter is not valid
676 #endif
677 
678 //Minimum acceptable size for Diffie-Hellman prime modulus
679 #ifndef TLS_MIN_DH_MODULUS_SIZE
680  #define TLS_MIN_DH_MODULUS_SIZE 1024
681 #elif (TLS_MIN_DH_MODULUS_SIZE < 512)
682  #error TLS_MIN_DH_MODULUS_SIZE parameter is not valid
683 #endif
684 
685 //Maximum acceptable size for Diffie-Hellman prime modulus
686 #ifndef TLS_MAX_DH_MODULUS_SIZE
687  #define TLS_MAX_DH_MODULUS_SIZE 4096
688 #elif (TLS_MAX_DH_MODULUS_SIZE < TLS_MIN_DH_MODULUS_SIZE)
689  #error TLS_MAX_DH_MODULUS_SIZE parameter is not valid
690 #endif
691 
692 //Minimum acceptable size for RSA modulus
693 #ifndef TLS_MIN_RSA_MODULUS_SIZE
694  #define TLS_MIN_RSA_MODULUS_SIZE 1024
695 #elif (TLS_MIN_RSA_MODULUS_SIZE < 512)
696  #error TLS_MIN_RSA_MODULUS_SIZE parameter is not valid
697 #endif
698 
699 //Maximum acceptable size for RSA modulus
700 #ifndef TLS_MAX_RSA_MODULUS_SIZE
701  #define TLS_MAX_RSA_MODULUS_SIZE 4096
702 #elif (TLS_MAX_RSA_MODULUS_SIZE < TLS_MIN_RSA_MODULUS_SIZE)
703  #error TLS_MAX_RSA_MODULUS_SIZE parameter is not valid
704 #endif
705 
706 //Minimum acceptable size for DSA prime modulus
707 #ifndef TLS_MIN_DSA_MODULUS_SIZE
708  #define TLS_MIN_DSA_MODULUS_SIZE 1024
709 #elif (TLS_MIN_DSA_MODULUS_SIZE < 512)
710  #error TLS_MIN_DSA_MODULUS_SIZE parameter is not valid
711 #endif
712 
713 //Maximum acceptable size for DSA prime modulus
714 #ifndef TLS_MAX_DSA_MODULUS_SIZE
715  #define TLS_MAX_DSA_MODULUS_SIZE 4096
716 #elif (TLS_MAX_DSA_MODULUS_SIZE < TLS_MIN_DSA_MODULUS_SIZE)
717  #error TLS_MAX_DSA_MODULUS_SIZE parameter is not valid
718 #endif
719 
720 //Maximum size for premaster secret
721 #ifndef TLS_PREMASTER_SECRET_SIZE
722  #define TLS_PREMASTER_SECRET_SIZE 256
723 #elif (TLS_PREMASTER_SECRET_SIZE < 48)
724  #error TLS_PREMASTER_SECRET_SIZE parameter is not valid
725 #endif
726 
727 //Maximum number of consecutive warning alerts
728 #ifndef TLS_MAX_WARNING_ALERTS
729  #define TLS_MAX_WARNING_ALERTS 0
730 #elif (TLS_MAX_WARNING_ALERTS < 0)
731  #error TLS_MAX_WARNING_ALERTS parameter is not valid
732 #endif
733 
734 //Maximum number of consecutive empty records
735 #ifndef TLS_MAX_EMPTY_RECORDS
736  #define TLS_MAX_EMPTY_RECORDS 0
737 #elif (TLS_MAX_EMPTY_RECORDS < 0)
738  #error TLS_MAX_EMPTY_RECORDS parameter is not valid
739 #endif
740 
741 //Maximum number of consecutive ChangeCipherSpec messages
742 #ifndef TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES
743  #define TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES 0
744 #elif (TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES < 0)
745  #error TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES parameter is not valid
746 #endif
747 
748 //Maximum number of consecutive KeyUpdate messages
749 #ifndef TLS_MAX_KEY_UPDATE_MESSAGES
750  #define TLS_MAX_KEY_UPDATE_MESSAGES 0
751 #elif (TLS_MAX_KEY_UPDATE_MESSAGES < 0)
752  #error TLS_MAX_KEY_UPDATE_MESSAGES parameter is not valid
753 #endif
754 
755 //Memory allocation
756 #ifndef tlsAllocMem
757  #define tlsAllocMem(size) osAllocMem(size)
758 #endif
759 
760 //Memory deallocation
761 #ifndef tlsFreeMem
762  #define tlsFreeMem(p) osFreeMem(p)
763 #endif
764 
765 //Support for Diffie-Hellman?
766 #if ((TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
767  (TLS_DH_ANON_KE_SUPPORT == ENABLED || TLS_DHE_RSA_KE_SUPPORT == ENABLED || \
768  TLS_DHE_DSS_KE_SUPPORT == ENABLED || TLS_DHE_PSK_KE_SUPPORT == ENABLED))
769  #define TLS_DH_SUPPORT ENABLED
770 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
771  (TLS13_DHE_KE_SUPPORT == ENABLED || TLS13_PSK_DHE_KE_SUPPORT == ENABLED))
772  #define TLS_DH_SUPPORT ENABLED
773 #else
774  #define TLS_DH_SUPPORT DISABLED
775 #endif
776 
777 //Support for ECDH?
778 #if ((TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
779  (TLS_ECDH_ANON_KE_SUPPORT == ENABLED || TLS_ECDHE_RSA_KE_SUPPORT == ENABLED || \
780  TLS_ECDHE_ECDSA_KE_SUPPORT == ENABLED || TLS_ECDHE_PSK_KE_SUPPORT == ENABLED))
781  #define TLS_ECDH_SUPPORT ENABLED
782 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
783  (TLS13_ECDHE_KE_SUPPORT == ENABLED || TLS13_PSK_ECDHE_KE_SUPPORT == ENABLED))
784  #define TLS_ECDH_SUPPORT ENABLED
785 #else
786  #define TLS_ECDH_SUPPORT DISABLED
787 #endif
788 
789 //Support for RSA?
790 #if ((TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
791  (TLS_RSA_SIGN_SUPPORT == ENABLED || TLS_RSA_PSS_SIGN_SUPPORT == ENABLED || \
792  TLS_RSA_KE_SUPPORT == ENABLED || TLS_DHE_RSA_KE_SUPPORT == ENABLED || \
793  TLS_ECDHE_RSA_KE_SUPPORT == ENABLED || TLS_RSA_PSK_KE_SUPPORT == ENABLED))
794  #define TLS_RSA_SUPPORT ENABLED
795 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
796  (TLS_RSA_SIGN_SUPPORT == ENABLED || TLS_RSA_PSS_SIGN_SUPPORT == ENABLED))
797  #define TLS_RSA_SUPPORT ENABLED
798 #else
799  #define TLS_RSA_SUPPORT DISABLED
800 #endif
801 
802 //Support for PSK?
803 #if ((TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
804  (TLS_PSK_KE_SUPPORT == ENABLED || TLS_RSA_PSK_KE_SUPPORT == ENABLED || \
805  TLS_DHE_PSK_KE_SUPPORT == ENABLED || TLS_ECDHE_PSK_KE_SUPPORT == ENABLED))
806  #define TLS_PSK_SUPPORT ENABLED
807 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
808  (TLS13_PSK_KE_SUPPORT == ENABLED || TLS13_PSK_DHE_KE_SUPPORT == ENABLED || \
809  TLS13_PSK_ECDHE_KE_SUPPORT == ENABLED))
810  #define TLS_PSK_SUPPORT ENABLED
811 #else
812  #define TLS_PSK_SUPPORT DISABLED
813 #endif
814 
815 //Maximum size for HKDF digests
816 #if (TLS_SHA384_SUPPORT == ENABLED)
817  #define TLS_MAX_HKDF_DIGEST_SIZE 48
818 #else
819  #define TLS_MAX_HKDF_DIGEST_SIZE 32
820 #endif
821 
822 //Bind TLS to a particular socket
823 #define tlsSetSocket(context, socket) tlsSetSocketCallbacks(context, \
824  (TlsSocketSendCallback) socketSend, (TlsSocketReceiveCallback) socketReceive, \
825  (TlsSocketHandle) socket)
826 
827 //Minimum plaintext record length
828 #define TLS_MIN_RECORD_LENGTH 512
829 //Maximum plaintext record length
830 #define TLS_MAX_RECORD_LENGTH 16384
831 //Data overhead caused by record encryption
832 #define TLS_MAX_RECORD_OVERHEAD 512
833 //Size of client and server random values
834 #define TLS_RANDOM_SIZE 32
835 //Master secret size
836 #define TLS_MASTER_SECRET_SIZE 48
837 
838 //C++ guard
839 #ifdef __cplusplus
840 extern "C" {
841 #endif
842 
843 
844 /**
845  * @brief TLS transport protocols
846  **/
847 
848 typedef enum
849 {
853 
854 
855 /**
856  * @brief TLS connection end
857  **/
858 
859 typedef enum
860 {
864 
865 
866 /**
867  * @brief Client authentication mode
868  **/
869 
870 typedef enum
871 {
876 
877 
878 /**
879  * @brief Early data status
880  **/
881 
882 typedef enum
883 {
887 
888 
889 /**
890  * @brief Flags used by read and write functions
891  **/
892 
893 typedef enum
894 {
895  TLS_FLAG_PEEK = 0x0200,
901  TLS_FLAG_DELAY = 0x8000
902 } TlsFlags;
903 
904 
905 //The TLS_FLAG_BREAK macro causes the read function to stop reading
906 //data whenever the specified break character is encountered
907 #define TLS_FLAG_BREAK(c) (TLS_FLAG_BREAK_CHAR | LSB(c))
908 
909 
910 /**
911  * @brief Content type
912  **/
913 
914 typedef enum
915 {
922  TLS_TYPE_ACK = 25 //RFC draft
924 
925 
926 /**
927  * @brief Handshake message type
928  **/
929 
930 typedef enum
931 {
953 
954 
955 /**
956  * @brief Alert level
957  **/
958 
959 typedef enum
960 {
963 } TlsAlertLevel;
964 
965 
966 /**
967  * @brief Alert description
968  **/
969 
970 typedef enum
971 {
1007 
1008 
1009 /**
1010  * @brief Compression methods
1011  **/
1012 
1013 typedef enum
1014 {
1018 
1019 
1020 /**
1021  * @brief Key exchange methods
1022  **/
1023 
1024 typedef enum
1025 {
1051 
1052 
1053 /**
1054  * @brief Certificate formats
1055  **/
1056 
1057 typedef enum
1058 {
1063 
1064 
1065 /**
1066  * @brief Certificate types
1067  **/
1068 
1069 typedef enum
1070 {
1082  TLS_CERT_RSA_PSS_SIGN = 256, //For internal use only
1083  TLS_CERT_ED25519_SIGN = 257, //For internal use only
1084  TLS_CERT_ED448_SIGN = 258 //For internal use only
1086 
1087 
1088 /**
1089  * @brief Hash algorithms
1090  **/
1091 
1092 typedef enum
1093 {
1102 } TlsHashAlgo;
1103 
1104 
1105 /**
1106  * @brief Signature algorithms
1107  **/
1108 
1109 typedef enum
1110 {
1129 
1130 
1131 /**
1132  * @brief TLS extension types
1133  **/
1134 
1135 typedef enum
1136 {
1176 
1177 
1178 /**
1179  * @brief Name type
1180  **/
1181 
1182 typedef enum
1183 {
1185 } TlsNameType;
1186 
1187 
1188 /**
1189  * @brief Maximum fragment length
1190  **/
1191 
1192 typedef enum
1193 {
1199 
1200 
1201 /**
1202  * @brief Named groups
1203  **/
1204 
1205 typedef enum
1206 {
1208  TLS_GROUP_SECT163K1 = 1, //RFC 4492
1209  TLS_GROUP_SECT163R1 = 2, //RFC 4492
1210  TLS_GROUP_SECT163R2 = 3, //RFC 4492
1211  TLS_GROUP_SECT193R1 = 4, //RFC 4492
1212  TLS_GROUP_SECT193R2 = 5, //RFC 4492
1213  TLS_GROUP_SECT233K1 = 6, //RFC 4492
1214  TLS_GROUP_SECT233R1 = 7, //RFC 4492
1215  TLS_GROUP_SECT239K1 = 8, //RFC 4492
1216  TLS_GROUP_SECT283K1 = 9, //RFC 4492
1217  TLS_GROUP_SECT283R1 = 10, //RFC 4492
1218  TLS_GROUP_SECT409K1 = 11, //RFC 4492
1219  TLS_GROUP_SECT409R1 = 12, //RFC 4492
1220  TLS_GROUP_SECT571K1 = 13, //RFC 4492
1221  TLS_GROUP_SECT571R1 = 14, //RFC 4492
1222  TLS_GROUP_SECP160K1 = 15, //RFC 4492
1223  TLS_GROUP_SECP160R1 = 16, //RFC 4492
1224  TLS_GROUP_SECP160R2 = 17, //RFC 4492
1225  TLS_GROUP_SECP192K1 = 18, //RFC 4492
1226  TLS_GROUP_SECP192R1 = 19, //RFC 4492
1227  TLS_GROUP_SECP224K1 = 20, //RFC 4492
1228  TLS_GROUP_SECP224R1 = 21, //RFC 4492
1229  TLS_GROUP_SECP256K1 = 22, //RFC 4492
1230  TLS_GROUP_SECP256R1 = 23, //RFC 4492
1231  TLS_GROUP_SECP384R1 = 24, //RFC 4492
1232  TLS_GROUP_SECP521R1 = 25, //RFC 4492
1233  TLS_GROUP_BRAINPOOLP256R1 = 26, //RFC 7027
1234  TLS_GROUP_BRAINPOOLP384R1 = 27, //RFC 7027
1235  TLS_GROUP_BRAINPOOLP512R1 = 28, //RFC 7027
1236  TLS_GROUP_ECDH_X25519 = 29, //RFC 8422
1237  TLS_GROUP_ECDH_X448 = 30, //RFC 8422
1241  TLS_GROUP_GC256A = 34, //RFC draft
1242  TLS_GROUP_GC256B = 35, //RFC draft
1243  TLS_GROUP_GC256C = 36, //RFC draft
1244  TLS_GROUP_GC256D = 37, //RFC draft
1245  TLS_GROUP_GC512A = 38, //RFC draft
1246  TLS_GROUP_GC512B = 39, //RFC draft
1247  TLS_GROUP_GC512C = 40, //RFC draft
1248  TLS_GROUP_FFDHE2048 = 256, //RFC 7919
1249  TLS_GROUP_FFDHE3072 = 257, //RFC 7919
1250  TLS_GROUP_FFDHE4096 = 258, //RFC 7919
1251  TLS_GROUP_FFDHE6144 = 259, //RFC 7919
1252  TLS_GROUP_FFDHE8192 = 260, //RFC 7919
1253  TLS_GROUP_FFDHE_MAX = 511, //RFC 7919
1256 } TlsNamedGroup;
1257 
1258 
1259 /**
1260  * @brief EC point formats
1261  **/
1262 
1263 typedef enum
1264 {
1269 
1270 
1271 /**
1272  * @brief EC curve types
1273  **/
1274 
1275 typedef enum
1276 {
1280 } TlsEcCurveType;
1281 
1282 
1283 /**
1284  * @brief TLS FSM states
1285  **/
1286 
1287 typedef enum
1288 {
1322 } TlsState;
1323 
1324 
1325 //CodeWarrior or Win32 compiler?
1326 #if defined(__CWCC__) || defined(_WIN32)
1327  #pragma pack(push, 1)
1328 #endif
1329 
1330 
1331 /**
1332  * @brief Sequence number
1333  **/
1334 
1335 typedef __start_packed struct
1336 {
1337  uint8_t b[8];
1339 
1340 
1341 /**
1342  * @brief Cipher suites
1343  **/
1344 
1345 typedef __start_packed struct
1346 {
1347  uint16_t length; //0-1
1348  uint16_t value[]; //2
1350 
1351 
1352 /**
1353  * @brief Compression methods
1354  **/
1355 
1356 typedef __start_packed struct
1357 {
1358  uint8_t length; //0
1359  uint8_t value[]; //1
1361 
1362 
1363 /**
1364  * @brief Signature algorithm
1365  **/
1366 
1367 typedef __start_packed struct
1368 {
1369  uint8_t hash; //0
1370  uint8_t signature; //1
1372 
1373 
1374 /**
1375  * @brief List of signature algorithms
1376  **/
1377 
1378 typedef __start_packed struct
1379 {
1380  uint16_t length; //0-1
1381  TlsSignHashAlgo value[]; //2
1383 
1384 
1385 /**
1386  * @brief List of certificates
1387  **/
1388 
1389 typedef __start_packed struct
1390 {
1391  uint8_t length[3]; //0-2
1392  uint8_t value[]; //3
1394 
1395 
1396 /**
1397  * @brief List of certificate authorities
1398  **/
1399 
1400 typedef __start_packed struct
1401 {
1402  uint16_t length; //0-1
1403  uint8_t value[]; //2
1405 
1406 
1407 /**
1408  * @brief TLS extension
1409  **/
1410 
1411 typedef __start_packed struct
1412 {
1413  uint16_t type; //0-1
1414  uint16_t length; //2-3
1415  uint8_t value[]; //4
1417 
1418 
1419 /**
1420  * @brief List of TLS extensions
1421  **/
1422 
1423 typedef __start_packed struct
1424 {
1425  uint16_t length; //0-1
1426  uint8_t value[]; //2
1428 
1429 
1430 /**
1431  * @brief List of supported versions
1432  **/
1433 
1434 typedef __start_packed struct
1435 {
1436  uint8_t length; //0
1437  uint16_t value[]; //1
1439 
1440 
1441 /**
1442  * @brief Server name
1443  **/
1444 
1445 typedef __start_packed struct
1446 {
1447  uint8_t type; //0
1448  uint16_t length; //1-2
1451 
1452 
1453 /**
1454  * @brief List of server names
1455  **/
1456 
1457 typedef __start_packed struct
1458 {
1459  uint16_t length; //0-1
1460  uint8_t value[]; //2
1462 
1463 
1464 /**
1465  * @brief Protocol name
1466  **/
1467 
1468 typedef __start_packed struct
1469 {
1470  uint8_t length; //0
1471  char_t value[]; //1
1473 
1474 
1475 /**
1476  * @brief List of protocol names
1477  **/
1478 
1479 typedef __start_packed struct
1480 {
1481  uint16_t length; //0-1
1482  uint8_t value[]; //2
1484 
1485 
1486 /**
1487  * @brief List of supported groups
1488  **/
1489 
1490 typedef __start_packed struct
1491 {
1492  uint16_t length; //0-1
1493  uint16_t value[]; //2
1495 
1496 
1497 /**
1498  * @brief List of supported EC point formats
1499  **/
1500 
1501 typedef __start_packed struct
1502 {
1503  uint8_t length; //0
1504  uint8_t value[]; //1
1506 
1507 
1508 /**
1509  * @brief List of supported certificate types
1510  **/
1511 
1512 typedef __start_packed struct
1513 {
1514  uint8_t length; //0
1515  uint8_t value[]; //1
1517 
1518 
1519 /**
1520  * @brief Renegotiated connection
1521  **/
1522 
1523 typedef __start_packed struct
1524 {
1525  uint8_t length; //0
1526  uint8_t value[]; //1
1528 
1529 
1530 /**
1531  * @brief PSK identity
1532  **/
1533 
1534 typedef __start_packed struct
1535 {
1536  uint16_t length; //0-1
1537  uint8_t value[]; //2
1539 
1540 
1541 /**
1542  * @brief PSK identity hint
1543  **/
1544 
1545 typedef __start_packed struct
1546 {
1547  uint16_t length; //0-1
1548  uint8_t value[]; //2
1550 
1551 
1552 /**
1553  * @brief Digitally-signed element (SSL 3.0, TLS 1.0 and TLS 1.1)
1554  **/
1555 
1556 typedef __start_packed struct
1557 {
1558  uint16_t length; //0-1
1559  uint8_t value[]; //2
1561 
1562 
1563 /**
1564  * @brief Digitally-signed element (TLS 1.2)
1565  **/
1566 
1567 typedef __start_packed struct
1568 {
1570  uint16_t length; //2-3
1571  uint8_t value[]; //4
1573 
1574 
1575 /**
1576  * @brief TLS record
1577  **/
1578 
1579 typedef __start_packed struct
1580 {
1581  uint8_t type; //0
1582  uint16_t version; //1-2
1583  uint16_t length; //3-4
1584  uint8_t data[]; //5
1586 
1587 
1588 /**
1589  * @brief TLS handshake message
1590  **/
1591 
1592 typedef __start_packed struct
1593 {
1594  uint8_t msgType; //0
1595  uint8_t length[3]; //1-3
1596  uint8_t data[]; //4
1598 
1599 
1600 /**
1601  * @brief HelloRequest message
1602  **/
1603 
1604 typedef void TlsHelloRequest;
1605 
1606 
1607 /**
1608  * @brief ClientHello message
1609  **/
1610 
1611 typedef __start_packed struct
1612 {
1613  uint16_t clientVersion; //0-1
1614  uint8_t random[32]; //2-33
1615  uint8_t sessionIdLen; //34
1616  uint8_t sessionId[]; //35
1618 
1619 
1620 /**
1621  * @brief ServerHello message
1622  **/
1623 
1624 typedef __start_packed struct
1625 {
1626  uint16_t serverVersion; //0-1
1627  uint8_t random[32]; //2-33
1628  uint8_t sessionIdLen; //34
1629  uint8_t sessionId[]; //35
1631 
1632 
1633 /**
1634  * @brief Certificate message
1635  **/
1636 
1637 typedef void TlsCertificate;
1638 
1639 
1640 /**
1641  * @brief ServerKeyExchange message
1642  **/
1643 
1645 
1646 
1647 /**
1648  * @brief CertificateRequest message
1649  **/
1650 
1651 typedef __start_packed struct
1652 {
1653  uint8_t certificateTypesLen; //0
1654  uint8_t certificateTypes[]; //1
1656 
1657 
1658 /**
1659  * @brief ServerHelloDone message
1660  **/
1661 
1662 typedef void TlsServerHelloDone;
1663 
1664 
1665 /**
1666  * @brief ClientKeyExchange message
1667  **/
1668 
1670 
1671 
1672 /**
1673  * @brief CertificateVerify message
1674  **/
1675 
1677 
1678 
1679 /**
1680  * @brief Finished message
1681  **/
1682 
1683 typedef void TlsFinished;
1684 
1685 
1686 /**
1687  * @brief ChangeCipherSpec message
1688  **/
1689 
1690 typedef __start_packed struct
1691 {
1692  uint8_t type; //0
1694 
1695 
1696 /**
1697  * @brief Alert message
1698  **/
1699 
1700 typedef __start_packed struct
1701 {
1702  uint8_t level; //0
1703  uint8_t description; //1
1705 
1706 
1707 //CodeWarrior or Win32 compiler?
1708 #if defined(__CWCC__) || defined(_WIN32)
1709  #pragma pack(pop)
1710 #endif
1711 
1712 
1713 /**
1714  * @brief Socket handle
1715  **/
1716 
1717 typedef void *TlsSocketHandle;
1718 
1719 
1720 /**
1721  * @brief Socket send callback function
1722  **/
1723 
1725  const void *data, size_t length, size_t *written, uint_t flags);
1726 
1727 
1728 /**
1729  * @brief Socket receive callback function
1730  **/
1731 
1733  void *data, size_t size, size_t *received, uint_t flags);
1734 
1735 
1736 /**
1737  * @brief Pre-shared key callback function
1738  **/
1739 
1740 typedef error_t (*TlsPskCallback)(TlsContext *context,
1741  const uint8_t *pskIdentity, size_t pskIdentityLen);
1742 
1743 
1744 /**
1745  * @brief Certificate verification callback function
1746  **/
1747 
1749  const X509CertificateInfo *certInfo, uint_t pathLen, void *param);
1750 
1751 
1752 /**
1753  * @brief Raw public key verification callback function
1754  **/
1755 
1757  const uint8_t *rawPublicKey, size_t rawPublicKeyLen);
1758 
1759 
1760 /**
1761  * @brief Ticket encryption callback function
1762  **/
1763 
1765  const uint8_t *plaintext, size_t plaintextLen, uint8_t *ciphertext,
1766  size_t *ciphertextLen, void *param);
1767 
1768 
1769 /**
1770  * @brief Ticket decryption callback function
1771  **/
1772 
1774  const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext,
1775  size_t *plaintextLen, void *param);
1776 
1777 
1778 /**
1779  * @brief ECDH key agreement callback function
1780  **/
1781 
1782 typedef error_t (*TlsEcdhCallback)(TlsContext *context);
1783 
1784 
1785 /**
1786  * @brief ECDSA signature generation callback function
1787  **/
1788 
1790  const uint8_t *digest, size_t digestLen, EcdsaSignature *signature);
1791 
1792 
1793 /**
1794  * @brief ECDSA signature verification callback function
1795  **/
1796 
1798  const uint8_t *digest, size_t digestLen, EcdsaSignature *signature);
1799 
1800 
1801 /**
1802  * @brief Key logging callback function (for debugging purpose only)
1803  **/
1804 
1805 typedef void (*TlsKeyLogCallback)(TlsContext *context, const char_t *key);
1806 
1807 
1808 /**
1809  * @brief Structure describing a cipher suite
1810  **/
1811 
1812 typedef struct
1813 {
1814  uint16_t identifier;
1815  const char_t *name;
1821  uint8_t macKeyLen;
1822  uint8_t encKeyLen;
1823  uint8_t fixedIvLen;
1824  uint8_t recordIvLen;
1825  uint8_t authTagLen;
1826  uint8_t verifyDataLen;
1828 
1829 
1830 /**
1831  * @brief TLS session state
1832  **/
1833 
1834 typedef struct
1835 {
1836  uint16_t version; ///<TLS protocol version
1837  uint16_t cipherSuite; ///<Cipher suite identifier
1838  systime_t timestamp; ///<Time stamp to manage entry lifetime
1839  uint8_t secret[48]; ///<Master secret (TLS 1.2) or ticket PSK (TLS 1.3)
1840 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
1841  uint8_t sessionId[32]; ///<Session identifier
1842  size_t sessionIdLen; ///<Length of the session identifier
1843  bool_t extendedMasterSecret; ///<Extended master secret computation
1844 #endif
1845 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
1846  uint8_t *ticket; ///<Session ticket
1847  size_t ticketLen; ///<Length of the session ticket
1848  systime_t ticketTimestamp; ///<Timestamp to manage ticket lifetime
1849  uint32_t ticketLifetime; ///<Lifetime of the ticket
1850  uint32_t ticketAgeAdd; ///<Random value used to obscure the age of the ticket
1851  TlsHashAlgo ticketHashAlgo; ///<Hash algorithm associated with the ticket
1852  char_t *ticketAlpn; ///<ALPN protocol associated with the ticket
1853  uint32_t maxEarlyDataSize; ///<Maximum amount of 0-RTT data that the client is allowed to send
1854 #endif
1855 #if (TLS_SNI_SUPPORT == ENABLED)
1856  char_t *serverName; ///<ServerName extension
1857 #endif
1858 } TlsSessionState;
1859 
1860 
1861 /**
1862  * @brief Session cache
1863  **/
1864 
1865 typedef struct
1866 {
1867  OsMutex mutex; ///<Mutex preventing simultaneous access to the cache
1868  uint_t size; ///<Maximum number of entries
1869  TlsSessionState sessions[]; ///<Cache entries
1870 } TlsCache;
1871 
1872 
1873 /**
1874  * @brief Certificate descriptor
1875  **/
1876 
1877 typedef struct
1878 {
1879  const char_t *certChain; ///<End entity certificate chain (PEM format)
1880  size_t certChainLen; ///<Length of the certificate chain
1881  const char_t *privateKey; ///<Private key (PEM format)
1882  size_t privateKeyLen; ///<Length of the private key
1883  TlsCertificateType type; ///<End entity certificate type
1884  TlsSignatureAlgo signAlgo; ///<Signature algorithm used to sign the end entity certificate
1885  TlsHashAlgo hashAlgo; ///<Hash algorithm used to sign the end entity certificate
1886  TlsNamedGroup namedCurve; ///<Named curve used to generate the EC public key
1887 } TlsCertDesc;
1888 
1889 
1890 /**
1891  * @brief Hello extensions
1892  **/
1893 
1894 typedef struct
1895 {
1896  const TlsSupportedVersionList *supportedVersionList; ///<SupportedVersions extension (ClientHello)
1897  const uint8_t *selectedVersion; ///<SupportedVersions extension (ServerHello)
1898  const TlsServerNameList *serverNameList; ///<ServerName extension
1899  const TlsSupportedGroupList *supportedGroupList; ///<SupportedGroups extension
1900  const TlsEcPointFormatList *ecPointFormatList; ///<EcPointFormats extension
1901  const TlsSignHashAlgos *signAlgoList; ///<SignatureAlgorithms extension
1902  const TlsSignHashAlgos *certSignAlgoList; ///<SignatureAlgorithmsCert extension
1903 #if (TLS_MAX_FRAG_LEN_SUPPORT == ENABLED)
1904  const uint8_t *maxFragLen; ///<MaxFragmentLength extension
1905 #endif
1906 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
1907  const uint8_t *recordSizeLimit; ///<RecordSizeLimit extension
1908 #endif
1909 #if (TLS_ALPN_SUPPORT == ENABLED)
1910  const TlsProtocolNameList *protocolNameList; ///<ALPN extension
1911 #endif
1912 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
1913  const TlsCertTypeList *clientCertTypeList; ///<ClientCertType extension
1914  const uint8_t *clientCertType;
1915  const TlsCertTypeList *serverCertTypeList; ///<ServerCertType extension
1916  const uint8_t *serverCertType;
1917 #endif
1918 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
1919  const uint8_t *extendedMasterSecret; ///<ExtendedMasterSecret extension
1920 #endif
1921 #if (TLS_SECURE_RENEGOTIATION_SUPPORT == ENABLED)
1922  const TlsRenegoInfo *renegoInfo; ///<RenegotiationInfo extension
1923 #endif
1924 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
1925  const Tls13Cookie *cookie; ///<Cookie extension
1926  const Tls13KeyShareList *keyShareList; ///<KeyShare extension (ClientHello)
1927  const uint8_t *selectedGroup; ///<KeyShare extension (HelloRetryRequest)
1928  const Tls13KeyShareEntry *serverShare; ///<KeyShare extension (ServerHello)
1929  const Tls13PskKeModeList *pskKeModeList; ///<PskKeyExchangeModes extension
1930  const Tls13PskIdentityList *identityList; ///<PreSharedKey extension (ClientHello)
1931  const Tls13PskBinderList *binderList;
1932  const uint8_t *selectedIdentity; ///<PreSharedKey extension (ServerHello)
1933  const uint8_t *earlyDataIndication; ///<EarlyData extension
1934 #endif
1936 
1937 
1938 /**
1939  * @brief Encryption engine
1940  **/
1941 
1942 typedef struct
1943 {
1944  uint16_t version; ///<Negotiated TLS version
1945  uint8_t macKey[48]; ///<MAC key
1946  size_t macKeyLen; ///<Length of the MAC key
1947  uint8_t encKey[32]; ///<Encryption key
1948  size_t encKeyLen; ///<Length of the encryption key
1949  uint8_t iv[16]; ///<Initialization vector
1950  size_t fixedIvLen; ///<Length of the fixed part of the IV
1951  size_t recordIvLen; ///<Length of the IV
1952  size_t authTagLen; ///<Length of the authentication tag
1953  const CipherAlgo *cipherAlgo; ///<Cipher algorithm
1954  void *cipherContext; ///<Cipher context
1955  CipherMode cipherMode; ///<Cipher mode of operation
1956  const HashAlgo *hashAlgo; ///<Hash algorithm for MAC operations
1957  HmacContext *hmacContext; ///<HMAC context
1958 #if (TLS_GCM_CIPHER_SUPPORT == ENABLED)
1959  GcmContext *gcmContext; ///<GCM context
1960 #endif
1961  TlsSequenceNumber seqNum; ///<TLS sequence number
1962 #if (DTLS_SUPPORT == ENABLED)
1963  uint16_t epoch; ///<Counter value incremented on every cipher state change
1964  DtlsSequenceNumber dtlsSeqNum; ///<Record sequence number
1965 #endif
1966 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
1967  size_t recordSizeLimit; ///<Maximum size of record in octets
1968 #endif
1970 
1971 
1972 /**
1973  * @brief TLS context
1974  *
1975  * An opaque data structure that represents a TLS connection
1976  *
1977  **/
1978 
1980 {
1981  TlsState state; ///<TLS handshake finite state machine
1982  TlsTransportProtocol transportProtocol; ///<Transport protocol (stream or datagram)
1983  TlsConnectionEnd entity; ///<Client or server operation
1984 
1985  TlsSocketHandle socketHandle; ///<Socket handle
1986  TlsSocketSendCallback socketSendCallback; ///<Socket send callback function
1987  TlsSocketReceiveCallback socketReceiveCallback; ///<Socket receive callback function
1988 
1989  const PrngAlgo *prngAlgo; ///<Pseudo-random number generator to be used
1990  void *prngContext; ///<Pseudo-random number generator context
1991 
1992  const uint16_t *cipherSuites; ///<List of supported cipher suites
1993  uint_t numCipherSuites; ///<Number of cipher suites in the list
1994 
1995  const uint16_t *supportedGroups; ///<List of supported named groups
1996  uint_t numSupportedGroups; ///<Number of named groups in the list
1997 
1998  char_t *serverName; ///<Fully qualified DNS hostname of the server
1999 
2000 #if (TLS_ECC_CALLBACK_SUPPORT == ENABLED)
2004 #endif
2005 
2006  TlsCertDesc certs[TLS_MAX_CERTIFICATES]; ///<End entity certificates (PEM format)
2007  uint_t numCerts; ///<Number of certificates available
2008  const char_t *trustedCaList; ///<List of trusted CA (PEM format)
2009  size_t trustedCaListLen; ///<Number of trusted CA in the list
2010  TlsCertVerifyCallback certVerifyCallback; ///<Certificate verification callback function
2011  void *certVerifyParam; ///<Opaque pointer passed to the certificate verification callback
2012  TlsCertDesc *cert; ///<Pointer to the currently selected certificate
2013 
2014  TlsCache *cache; ///<TLS session cache
2015 
2016  uint8_t sessionId[32]; ///<Session identifier
2017  size_t sessionIdLen; ///<Length of the session identifier
2018 
2019  uint16_t clientVersion; ///<Latest version supported by the client
2020  uint16_t version; ///<Negotiated TLS version
2021  uint16_t versionMin; ///<Minimum version accepted by the implementation
2022  uint16_t versionMax; ///<Maximum version accepted by the implementation
2023 
2024  uint8_t *cookie; ///<Cookie
2025  size_t cookieLen; ///<Length of the cookie
2026 
2027  TlsCipherSuiteInfo cipherSuite; ///<Negotiated cipher suite
2028  TlsKeyExchMethod keyExchMethod; ///<Key exchange method
2029  TlsSignatureAlgo signAlgo; ///<Signature algorithm to be used
2030  TlsHashAlgo signHashAlgo; ///<Hash algorithm used for signing
2031  uint16_t namedGroup; ///<ECDHE or FFDHE named group
2032 
2033  TlsCertificateType peerCertType; ///<Peer's certificate type
2034  TlsClientAuthMode clientAuthMode; ///<Client authentication mode
2035  bool_t clientCertRequested; ///<This flag tells whether the client certificate is requested
2036 
2037  bool_t resume; ///<The connection is established by resuming a session
2038  bool_t fatalAlertSent; ///<A fatal alert message has been sent
2039  bool_t fatalAlertReceived; ///<A fatal alert message has been received from the peer
2040  bool_t closeNotifySent; ///<A closure alert has been sent
2041  bool_t closeNotifyReceived; ///<A closure alert has been received from the peer
2042 
2043  uint8_t *txBuffer; ///<TX buffer
2044  size_t txBufferSize; ///<TX buffer size
2045  size_t txBufferMaxLen; ///<Maximum number of plaintext data the TX buffer can hold
2046  TlsContentType txBufferType; ///<Type of data that resides in the TX buffer
2047  size_t txBufferLen; ///<Number of bytes that are pending to be sent
2048  size_t txBufferPos; ///<Current position in TX buffer
2049  size_t txRecordLen; ///<Length of the TLS record
2050  size_t txRecordPos; ///<Current position in the TLS record
2051 
2052  uint8_t *rxBuffer; ///<RX buffer
2053  size_t rxBufferSize; ///<RX buffer size
2054  size_t rxBufferMaxLen; ///<Maximum number of plaintext data the RX buffer can hold
2055  TlsContentType rxBufferType; ///<Type of data that resides in the RX buffer
2056  size_t rxBufferLen; ///<Number of bytes available for reading
2057  size_t rxBufferPos; ///<Current position in RX buffer
2058  size_t rxRecordLen; ///<Length of the TLS record
2059  size_t rxRecordPos; ///<Current position in the TLS record
2060 
2061  uint8_t clientRandom[TLS_RANDOM_SIZE]; ///<Client random value
2062  uint8_t serverRandom[TLS_RANDOM_SIZE]; ///<Server random value
2063  uint8_t premasterSecret[TLS_PREMASTER_SECRET_SIZE]; ///<Premaster secret
2064  size_t premasterSecretLen; ///<Length of the premaster secret
2065  uint8_t clientVerifyData[64]; ///<Client verify data
2066  size_t clientVerifyDataLen; ///<Length of the client verify data
2067  uint8_t serverVerifyData[64]; ///<Server verify data
2068  size_t serverVerifyDataLen; ///<Length of the server verify data
2069 
2070  TlsEncryptionEngine encryptionEngine; ///<Encryption engine
2071  TlsEncryptionEngine decryptionEngine; ///<Decryption engine
2072 
2073 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_0)
2074  size_t txLastRecordLen; ///<Length of the previous TLS record
2075 #endif
2076 
2077 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_1)
2078  Md5Context *transcriptMd5Context; ///<MD5 context used to compute verify data
2079 #endif
2080 
2081 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
2082  uint8_t masterSecret[TLS_MASTER_SECRET_SIZE]; ///<Master secret
2083  uint8_t keyBlock[192]; ///<Key material
2084  HmacContext hmacContext; ///<HMAC context
2085  Sha1Context *transcriptSha1Context; ///<SHA-1 context used to compute verify data
2086 #endif
2087 
2088 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
2089  HashContext *transcriptHashContext; ///<Hash context used to compute verify data
2090 #endif
2091 
2092 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
2093  uint16_t preferredGroup; ///<Preferred ECDHE or FFDHE named group
2094  systime_t timestamp; ///<Time at which the ClientHello message was sent
2095  bool_t updatedClientHelloReceived; ///<An updated ClientHello message has been received
2096  uint8_t *certRequestContext; ///<Certificate request context
2097  size_t certRequestContextLen; ///<Length of the certificate request context
2098  int_t selectedIdentity; ///<Selected PSK identity
2099 
2100  uint8_t secret[TLS_MAX_HKDF_DIGEST_SIZE];
2101  uint8_t clientEarlyTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE];
2102  uint8_t clientHsTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE];
2103  uint8_t serverHsTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE];
2104  uint8_t clientAppTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE];
2105  uint8_t serverAppTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE];
2106  uint8_t exporterMasterSecret[TLS_MAX_HKDF_DIGEST_SIZE];
2107  uint8_t resumptionMasterSecret[TLS_MAX_HKDF_DIGEST_SIZE];
2108 
2109  uint_t newSessionTicketCount; ///<Number of NewSessionTicket messages that have been sent
2110 
2111  uint8_t *ticket; ///<Session ticket
2112  size_t ticketLen; ///<Length of the session ticket
2113  uint8_t ticketPsk[TLS_MAX_HKDF_DIGEST_SIZE]; ///<PSK associated with the ticket
2114  size_t ticketPskLen; ///<Length of the PSK associated with the ticket
2115  systime_t ticketTimestamp; ///<Timestamp to manage ticket lifetime
2116  uint32_t ticketLifetime; ///<Lifetime of the ticket
2117  uint32_t ticketAgeAdd; ///<Random value used to obscure the age of the ticket
2118  uint32_t ticketNonce; ///<A per-ticket value that is unique across all tickets issued
2119  uint16_t ticketCipherSuite; ///<Cipher suite associated with the ticket
2120  TlsHashAlgo ticketHashAlgo; ///<Hash algorithm associated with the ticket
2121  char_t *ticketAlpn; ///<ALPN protocol associated with the ticket
2122 
2123  size_t maxEarlyDataSize; ///<Maximum amount of 0-RTT data that the client is allowed to send
2124  size_t earlyDataLen; ///<Total amount of 0-RTT data that have been sent by the client
2125  bool_t earlyDataEnabled; ///<EarlyData is enabled
2126  bool_t earlyDataRejected; ///<The 0-RTT data have been rejected by the server
2127  bool_t earlyDataExtReceived; ///<The EarlyData extension has been received
2128  TlsSequenceNumber earlyDataSeqNum; ///<Early data sequence number
2129 #endif
2130 
2131 #if (TLS_DH_SUPPORT == ENABLED)
2132  DhContext dhContext; ///<Diffie-Hellman context
2133 #endif
2134 
2135 #if (TLS_ECDH_SUPPORT == ENABLED)
2136  EcdhContext ecdhContext; ///<ECDH context
2137  bool_t ecPointFormatsExtReceived; ///<The EcPointFormats extension has been received
2138 #endif
2139 
2140 #if (TLS_RSA_SUPPORT == ENABLED)
2141  RsaPublicKey peerRsaPublicKey; ///<Peer's RSA public key
2142 #endif
2143 
2144 #if (TLS_DSA_SIGN_SUPPORT == ENABLED)
2145  DsaPublicKey peerDsaPublicKey; ///<Peer's DSA public key
2146 #endif
2147 
2148 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED || TLS_EDDSA_SIGN_SUPPORT == ENABLED)
2149  EcDomainParameters peerEcParams; ///<Peer's EC domain parameters
2150  EcPoint peerEcPublicKey; ///<Peer's EC public key
2151 #endif
2152 
2153 #if (TLS_PSK_SUPPORT == ENABLED)
2154  uint8_t *psk; ///<Pre-shared key
2155  size_t pskLen; ///<Length of the pre-shared key, in bytes
2156  char_t *pskIdentity; ///<PSK identity
2157  char_t *pskIdentityHint; ///<PSK identity hint
2158  TlsPskCallback pskCallback; ///<PSK callback function
2159  uint16_t pskCipherSuite; ///<Cipher suite associated with the PSK
2160  TlsHashAlgo pskHashAlgo; ///<Hash algorithm associated with the PSK
2161 #endif
2162 
2163 #if (TLS_MAX_FRAG_LEN_SUPPORT == ENABLED)
2164  size_t maxFragLen; ///<Maximum plaintext fragment length
2165  bool_t maxFragLenExtReceived; ///<The MaxFragmentLength extension has been received
2166 #endif
2167 
2168 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
2169  size_t recordSizeLimit; ///<Maximum record size the peer is willing to receive
2170  bool_t recordSizeLimitExtReceived; ///<The RecordSizeLimit extension has been received
2171 #endif
2172 
2173 #if (TLS_ALPN_SUPPORT == ENABLED)
2174  bool_t unknownProtocolsAllowed; ///<Unknown ALPN protocols allowed
2175  char_t *protocolList; ///<List of supported ALPN protocols
2176  char_t *selectedProtocol; ///<Selected ALPN protocol
2177 #endif
2178 
2179 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
2180  bool_t extendedMasterSecretExtReceived; ///<The ExtendedMasterSecret extension has been received
2181 #endif
2182 
2183 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
2184  TlsCertificateFormat certFormat; ///<Certificate format
2185  TlsCertificateFormat peerCertFormat; ///<Peer's certificate format
2186  TlsRpkVerifyCallback rpkVerifyCallback; ///<Raw public key verification callback function
2187  bool_t clientCertTypeExtReceived; ///<The ClientCertType extension has been received
2188  bool_t serverCertTypeExtReceived; ///<The ServerCertType extension has been received
2189 #endif
2190 
2191 #if (TLS_TICKET_SUPPORT == ENABLED)
2192  TlsTicketEncryptCallback ticketEncryptCallback; ///<Ticket encryption callback function
2193  TlsTicketDecryptCallback ticketDecryptCallback; ///<Ticket decryption callback function
2194  void *ticketParam; ///<Opaque pointer passed to the ticket callbacks
2195 #endif
2196 
2197 #if (TLS_SECURE_RENEGOTIATION_SUPPORT == ENABLED)
2198  bool_t secureRenegoEnabled; ///<Secure renegotiation enabled
2199  bool_t secureRenegoFlag; ///<Secure renegotiation flag
2200 #endif
2201 
2202 #if (TLS_FALLBACK_SCSV_SUPPORT == ENABLED)
2203  bool_t fallbackScsvEnabled; ///<Support for FALLBACK_SCSV
2204 #endif
2205 
2206 #if (TLS_KEY_LOG_SUPPORT == ENABLED)
2207  TlsKeyLogCallback keyLogCallback; ///<Key logging callback (for debugging purpose only)
2208 #endif
2209 
2210 #if (TLS_MAX_WARNING_ALERTS > 0)
2211  uint_t alertCount; ///<Count of consecutive warning alerts
2212 #endif
2213 
2214 #if (TLS_MAX_EMPTY_RECORDS > 0)
2215  uint_t emptyRecordCount; ///<Count of consecutive empty records
2216 #endif
2217 
2218 #if (TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES > 0)
2219  uint_t changeCipherSpecCount; ///<Count of consecutive ChangeCipherSpec messages
2220 #endif
2221 
2222 #if (TLS_MAX_KEY_UPDATE_MESSAGES > 0)
2223  uint_t keyUpdateCount; ///<Count of consecutive KeyUpdate messages
2224 #endif
2225 
2226 #if (DTLS_SUPPORT == ENABLED)
2227  size_t pmtu; ///<PMTU value
2228  systime_t timeout; ///<Timeout for blocking calls
2230 
2231  DtlsCookieGenerateCallback cookieGenerateCallback; ///<Cookie generation callback function
2232  DtlsCookieVerifyCallback cookieVerifyCallback; ///<Cookie verification callback function
2233  void *cookieParam; ///<Opaque pointer passed to the cookie callbacks
2234 
2235  uint_t retransmitCount; ///<Retransmission counter
2236  systime_t retransmitTimestamp; ///<Time at which the datagram was sent
2237  systime_t retransmitTimeout; ///<Retransmission timeout
2238 
2239  uint16_t txMsgSeq; ///<Send sequence number
2240  size_t txDatagramLen; ///<Length of the outgoing datagram, in bytes
2241 
2242  uint16_t rxMsgSeq; ///<Next receive sequence number
2243  size_t rxFragQueueLen; ///<Length of the reassembly queue
2244  size_t rxDatagramLen; ///<Length of the incoming datagram, in bytes
2246  uint16_t rxRecordVersion; ///<Version of the incoming record
2247 
2248 #if (DTLS_REPLAY_DETECTION_SUPPORT == ENABLED)
2249  bool_t replayDetectionEnabled; ///<Anti-replay mechanism enabled
2250  uint32_t replayWindow[(DTLS_REPLAY_WINDOW_SIZE + 31) / 32];
2251 #endif
2252 
2254 #endif
2255 };
2256 
2257 
2258 //TLS application programming interface (API)
2259 TlsContext *tlsInit(void);
2260 TlsState tlsGetState(TlsContext *context);
2261 
2263  TlsSocketSendCallback socketSendCallback,
2264  TlsSocketReceiveCallback socketReceiveCallback, TlsSocketHandle handle);
2265 
2266 error_t tlsSetVersion(TlsContext *context, uint16_t versionMin,
2267  uint16_t versionMax);
2268 
2270  TlsTransportProtocol transportProtocol);
2271 
2273 error_t tlsSetPrng(TlsContext *context, const PrngAlgo *prngAlgo, void *prngContext);
2274 
2275 error_t tlsSetServerName(TlsContext *context, const char_t *serverName);
2276 const char_t *tlsGetServerName(TlsContext *context);
2277 
2278 error_t tlsSetCache(TlsContext *context, TlsCache *cache);
2280 
2281 error_t tlsSetBufferSize(TlsContext *context, size_t txBufferSize,
2282  size_t rxBufferSize);
2283 
2284 error_t tlsSetMaxFragmentLength(TlsContext *context, size_t maxFragLen);
2285 
2286 error_t tlsSetCipherSuites(TlsContext *context, const uint16_t *cipherSuites,
2287  uint_t length);
2288 
2289 error_t tlsSetSupportedGroups(TlsContext *context, const uint16_t *groups,
2290  uint_t length);
2291 
2292 error_t tlsSetPreferredGroup(TlsContext *context, uint16_t group);
2293 
2294 error_t tlsSetDhParameters(TlsContext *context, const char_t *params,
2295  size_t length);
2296 
2297 error_t tlsSetEcdhCallback(TlsContext *context, TlsEcdhCallback ecdhCallback);
2298 
2300  TlsEcdsaSignCallback ecdsaSignCallback);
2301 
2303  TlsEcdsaVerifyCallback ecdsaVerifyCallback);
2304 
2306  TlsKeyLogCallback keyLogCallback);
2307 
2309 error_t tlsSetAlpnProtocolList(TlsContext *context, const char_t *protocolList);
2310 const char_t *tlsGetAlpnProtocol(TlsContext *context);
2311 
2312 error_t tlsSetPsk(TlsContext *context, const uint8_t *psk, size_t length);
2313 error_t tlsSetPskIdentity(TlsContext *context, const char_t *pskIdentity);
2314 error_t tlsSetPskIdentityHint(TlsContext *context, const char_t *pskIdentityHint);
2315 error_t tlsSetPskCallback(TlsContext *context, TlsPskCallback pskCallback);
2316 
2318  TlsRpkVerifyCallback rpkVerifyCallback);
2319 
2321  const char_t *trustedCaList, size_t length);
2322 
2323 error_t tlsAddCertificate(TlsContext *context, const char_t *certChain,
2324  size_t certChainLen, const char_t *privateKey, size_t privateKeyLen);
2325 
2327  TlsCertVerifyCallback certVerifyCallback, void *param);
2328 
2330 error_t tlsEnableFallbackScsv(TlsContext *context, bool_t enabled);
2331 
2333  TlsTicketEncryptCallback ticketEncryptCallback,
2334  TlsTicketDecryptCallback ticketDecryptCallback, void *param);
2335 
2336 error_t tlsSetPmtu(TlsContext *context, size_t pmtu);
2337 error_t tlsSetTimeout(TlsContext *context, systime_t timeout);
2338 
2340  DtlsCookieGenerateCallback cookieGenerateCallback,
2341  DtlsCookieVerifyCallback cookieVerifyCallback, void *param);
2342 
2344 
2345 error_t tlsSetMaxEarlyDataSize(TlsContext *context, size_t maxEarlyDataSize);
2346 
2347 error_t tlsWriteEarlyData(TlsContext *context, const void *data,
2348  size_t length, size_t *written, uint_t flags);
2349 
2350 error_t tlsConnect(TlsContext *context);
2351 
2353 
2354 error_t tlsWrite(TlsContext *context, const void *data,
2355  size_t length, size_t *written, uint_t flags);
2356 
2357 error_t tlsRead(TlsContext *context, void *data,
2358  size_t size, size_t *received, uint_t flags);
2359 
2360 bool_t tlsIsTxReady(TlsContext *context);
2361 bool_t tlsIsRxReady(TlsContext *context);
2362 
2363 error_t tlsShutdown(TlsContext *context);
2364 error_t tlsShutdownEx(TlsContext *context, bool_t waitForCloseNotify);
2365 
2366 void tlsFree(TlsContext *context);
2367 
2369 
2370 error_t tlsSaveSessionState(const TlsContext *context,
2371  TlsSessionState *session);
2372 
2374  const TlsSessionState *session);
2375 
2376 void tlsFreeSessionState(TlsSessionState *session);
2377 
2379 void tlsFreeCache(TlsCache *cache);
2380 
2381 //C++ guard
2382 #ifdef __cplusplus
2383 }
2384 #endif
2385 
2386 #endif
@ TLS_CERT_ECDSA_FIXED_ECDH
Definition: tls.h:1081
error_t tlsSetCertificateVerifyCallback(TlsContext *context, TlsCertVerifyCallback certVerifyCallback, void *param)
Set certificate verification callback.
Definition: tls.c:1247
@ TLS13_KEY_EXCH_PSK
Definition: tls.h:1047
TlsRpkVerifyCallback rpkVerifyCallback
Raw public key verification callback function.
Definition: tls.h:2186
@ TLS_EXT_PSK_KEY_EXCHANGE_MODES
Definition: tls.h:1168
@ TLS_GROUP_BRAINPOOLP512R1_TLS13
Definition: tls.h:1240
@ TLS_TYPE_MESSAGE_HASH
Definition: tls.h:951
@ TLS_EXT_MAX_FRAGMENT_LENGTH
Definition: tls.h:1138
@ TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA256
Definition: tls.h:1115
DTLS (Datagram Transport Layer Security)
ECDSA signature.
Definition: ecdsa.h:48
@ TLS_SIGN_ALGO_DSA
Definition: tls.h:1113
uint8_t sessionId[32]
Session identifier.
Definition: tls.h:2016
@ TLS_CERT_FORMAT_RAW_PUBLIC_KEY
Definition: tls.h:1061
X.509 common definitions.
@ TLS_ALERT_DECODE_ERROR
Definition: tls.h:988
uint32_t ticketLifetime
Lifetime of the ticket.
Definition: tls13_misc.h:337
__start_packed struct @88 TlsChangeCipherSpec
ChangeCipherSpec message.
@ TLS_GROUP_SECT163R2
Definition: tls.h:1210
size_t sessionIdLen
Length of the session identifier.
Definition: tls.h:2017
@ TLS_ALERT_UNEXPECTED_MESSAGE
Definition: tls.h:973
size_t fixedIvLen
Length of the fixed part of the IV.
Definition: tls.h:1950
@ TLS_GROUP_BRAINPOOLP256R1_TLS13
Definition: tls.h:1238
bool_t ecPointFormatsExtReceived
The EcPointFormats extension has been received.
Definition: tls.h:2137
uint16_t length
Definition: tls.h:1347
__start_packed struct @95 Tls13PskIdentityList
List of PSK identities.
@ TLS_STATE_HELLO_RETRY_REQUEST
Definition: tls.h:1294
int bool_t
Definition: compiler_port.h:49
@ TLS_SIGN_ALGO_ECDSA_BRAINPOOLP512R1_TLS13_SHA512
Definition: tls.h:1125
__start_packed struct @82 Tls12DigitalSignature
Digitally-signed element (TLS 1.2)
@ TLS_GROUP_SECP160R2
Definition: tls.h:1224
HMAC algorithm context.
Definition: hmac.h:182
uint_t numSupportedGroups
Number of named groups in the list.
Definition: tls.h:1996
__start_packed struct @69 TlsExtensionList
List of TLS extensions.
@ TLS_EXT_OID_FILTERS
Definition: tls.h:1170
@ TLS_ALERT_CERTIFICATE_REQUIRED
Definition: tls.h:1004
EcPoint peerEcPublicKey
Peer's EC public key.
Definition: tls.h:2150
error_t(* TlsTicketEncryptCallback)(TlsContext *context, const uint8_t *plaintext, size_t plaintextLen, uint8_t *ciphertext, size_t *ciphertextLen, void *param)
Ticket encryption callback function.
Definition: tls.h:1764
size_t encKeyLen
Length of the encryption key.
Definition: tls.h:1948
uint8_t * cookie
Cookie.
Definition: tls.h:2024
char_t * pskIdentity
PSK identity.
Definition: tls.h:2156
DtlsSequenceNumber dtlsSeqNum
Record sequence number.
Definition: tls.h:1964
@ TLS_ALERT_CLOSE_NOTIFY
Definition: tls.h:972
error_t tlsConnect(TlsContext *context)
Initiate the TLS handshake.
Definition: tls.c:1572
@ TLS_ALERT_NO_RENEGOTIATION
Definition: tls.h:996
@ TLS_SIGN_ALGO_ANONYMOUS
Definition: tls.h:1111
void TlsServerHelloDone
ServerHelloDone message.
Definition: tls.h:1662
bool_t secureRenegoFlag
Secure renegotiation flag.
Definition: tls.h:2199
@ TLS13_KEY_EXCH_PSK_DHE
Definition: tls.h:1048
error_t(* TlsEcdsaVerifyCallback)(TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
ECDSA signature verification callback function.
Definition: tls.h:1797
const uint8_t * serverCertType
Definition: tls.h:1916
Common interface for pseudo-random number generators.
Definition: crypto.h:1168
error_t tlsSetEcdsaSignCallback(TlsContext *context, TlsEcdsaSignCallback ecdsaSignCallback)
ECDSA signature generation callback function.
Definition: tls.c:700
signed int int_t
Definition: compiler_port.h:44
@ TLS_STATE_SERVER_KEY_EXCHANGE
Definition: tls.h:1301
@ TLS_TYPE_SERVER_HELLO_DONE
Definition: tls.h:943
size_t premasterSecretLen
Length of the premaster secret.
Definition: tls.h:2064
@ TLS_COMPRESSION_METHOD_NULL
Definition: tls.h:1015
@ TLS_SIGN_ALGO_GOSTR34102012_256
Definition: tls.h:1126
@ TLS_ALERT_ILLEGAL_PARAMETER
Definition: tls.h:985
@ TLS_GROUP_SECT571K1
Definition: tls.h:1220
TlsKeyExchMethod keyExchMethod
Key exchange method.
Definition: tls.h:2028
TlsEcPointFormat
EC point formats.
Definition: tls.h:1263
@ TLS_EXT_CLIENT_AUTHZ
Definition: tls.h:1144
@ TLS_EARLY_DATA_REJECTED
Definition: tls.h:884
TlsCache * tlsInitCache(uint_t size)
Session cache initialization.
Definition: tls_cache.c:50
error_t tlsShutdownEx(TlsContext *context, bool_t waitForCloseNotify)
Gracefully close TLS session.
Definition: tls.c:2125
@ TLS_ALERT_UNSUPPORTED_EXTENSION
Definition: tls.h:998
TlsState
TLS FSM states.
Definition: tls.h:1287
@ TLS_TYPE_CERTIFICATE_STATUS
Definition: tls.h:948
__start_packed struct @97 Tls13PskBinderList
List of PSK binders.
uint8_t clientRandom[TLS_RANDOM_SIZE]
Client random value.
Definition: tls.h:2061
size_t rxBufferSize
RX buffer size.
Definition: tls.h:2053
bool_t closeNotifySent
A closure alert has been sent.
Definition: tls.h:2040
@ TLS_EXT_SUPPORTED_VERSIONS
Definition: tls.h:1166
ECDSA (Elliptic Curve Digital Signature Algorithm)
uint16_t versionMin
Minimum version accepted by the implementation.
Definition: tls.h:2021
bool_t maxFragLenExtReceived
The MaxFragmentLength extension has been received.
Definition: tls.h:2165
TlsState tlsGetState(TlsContext *context)
Retrieve current state.
Definition: tls.c:193
@ TLS_ALERT_RECORD_OVERFLOW
Definition: tls.h:976
uint16_t version
Definition: tls.h:1582
TlsTransportProtocol transportProtocol
Transport protocol (stream or datagram)
Definition: tls.h:1982
size_t txRecordPos
Current position in the TLS record.
Definition: tls.h:2050
TlsConnectionEnd
TLS connection end.
Definition: tls.h:859
size_t rxDatagramPos
Definition: tls.h:2245
systime_t timestamp
Time stamp to manage entry lifetime.
Definition: tls.h:1838
@ TLS_GROUP_SECP256K1
Definition: tls.h:1229
uint8_t * txBuffer
TX buffer.
Definition: tls.h:2043
TlsContext * tlsInit(void)
TLS context initialization.
Definition: tls.c:65
bool_t fatalAlertSent
A fatal alert message has been sent.
Definition: tls.h:2038
HashContext * transcriptHashContext
Hash context used to compute verify data.
Definition: tls.h:2089
__start_packed struct @91 Tls13KeyShareEntry
Key share entry.
@ TLS_GROUP_EXPLICIT_CHAR2_CURVE
Definition: tls.h:1255
error_t(* DtlsCookieGenerateCallback)(TlsContext *context, const DtlsClientParameters *clientParams, uint8_t *cookie, size_t *length, void *param)
DTLS cookie generation callback function.
Definition: dtls_misc.h:235
TlsConnectionEnd entity
Client or server operation.
Definition: tls.h:1983
@ TLS_SIGN_ALGO_RSA_PSS_PSS_SHA384
Definition: tls.h:1121
TlsCertificateFormat peerCertFormat
Peer's certificate format.
Definition: tls.h:2185
@ TLS_STATE_CERTIFICATE_REQUEST
Definition: tls.h:1303
void * cookieParam
Opaque pointer passed to the cookie callbacks.
Definition: tls.h:2233
@ TLS_TYPE_CHANGE_CIPHER_SPEC
Definition: tls.h:917
size_t maxFragLen
Maximum plaintext fragment length.
Definition: tls.h:2164
const TlsProtocolNameList * protocolNameList
ALPN extension.
Definition: tls.h:1910
@ TLS_GROUP_SECP256R1
Definition: tls.h:1230
error_t tlsRestoreSessionState(TlsContext *context, const TlsSessionState *session)
Restore TLS session.
Definition: tls.c:2585
@ TLS_TYPE_HANDSHAKE
Definition: tls.h:919
error_t(* TlsSocketReceiveCallback)(TlsSocketHandle handle, void *data, size_t size, size_t *received, uint_t flags)
Socket receive callback function.
Definition: tls.h:1732
@ TLS_GROUP_SECP224K1
Definition: tls.h:1227
TlsHashAlgo hashAlgo
Hash algorithm used to sign the end entity certificate.
Definition: tls.h:1885
TlsTicketDecryptCallback ticketDecryptCallback
Ticket decryption callback function.
Definition: tls.h:2193
TlsCertificateType type
End entity certificate type.
Definition: tls.h:1883
X.509 certificate.
Definition: x509_common.h:920
@ TLS_GROUP_SECT239K1
Definition: tls.h:1215
size_t authTagLen
Length of the authentication tag.
Definition: tls.h:1952
bool_t clientCertTypeExtReceived
The ClientCertType extension has been received.
Definition: tls.h:2187
size_t pmtu
PMTU value.
Definition: tls.h:2227
@ TLS_TRANSPORT_PROTOCOL_DATAGRAM
Definition: tls.h:851
TlsSignatureAlgo signAlgo
Signature algorithm to be used.
Definition: tls.h:2029
@ TLS_ALERT_ACCESS_DENIED
Definition: tls.h:987
size_t ticketPskLen
Length of the PSK associated with the ticket.
Definition: tls13_misc.h:377
__start_packed struct @81 TlsDigitalSignature
Digitally-signed element (SSL 3.0, TLS 1.0 and TLS 1.1)
uint8_t signature
Definition: tls.h:1370
@ TLS_KEY_EXCH_SRP_SHA_RSA
Definition: tls.h:1043
@ TLS_ALERT_INSUFFICIENT_SECURITY
Definition: tls.h:992
#define DTLS_REPLAY_WINDOW_SIZE
Definition: dtls_misc.h:68
@ TLS_CERT_FORTEZZA_DMS
Definition: tls.h:1078
TlsMessageType
Handshake message type.
Definition: tls.h:930
TlsSocketHandle socketHandle
Socket handle.
Definition: tls.h:1985
const char_t * name
Definition: tls.h:1815
Structure describing a cipher suite.
Definition: tls.h:1812
@ TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE
Definition: tls.h:1002
@ TLS_HASH_ALGO_SHA1
Definition: tls.h:1096
@ TLS_STATE_APPLICATION_DATA
Definition: tls.h:1319
@ TLS_COMPRESSION_METHOD_DEFLATE
Definition: tls.h:1016
size_t txDatagramLen
Length of the outgoing datagram, in bytes.
Definition: tls.h:2240
@ TLS_GROUP_GC512A
Definition: tls.h:1245
@ TLS_ALERT_DECOMPRESSION_FAILURE
Definition: tls.h:977
const uint8_t * selectedVersion
SupportedVersions extension (ServerHello)
Definition: tls.h:1897
const TlsCertTypeList * clientCertTypeList
ClientCertType extension.
Definition: tls.h:1913
bool_t secureRenegoEnabled
Secure renegotiation enabled.
Definition: tls.h:2198
@ TLS_GROUP_GC256D
Definition: tls.h:1244
error_t tlsSetVersion(TlsContext *context, uint16_t versionMin, uint16_t versionMax)
Set minimum and maximum versions permitted.
Definition: tls.c:249
@ TLS_KEY_EXCH_DH_DSS
Definition: tls.h:1030
ECDH (Elliptic Curve Diffie-Hellman) key exchange.
TlsHashAlgo
Hash algorithms.
Definition: tls.h:1092
bool_t closeNotifyReceived
A closure alert has been received from the peer.
Definition: tls.h:2041
__start_packed struct @93 Tls13PskKeModeList
List of PSK key exchange modes.
__start_packed struct @90 Tls13Cookie
Cookie.
error_t tlsSetMaxFragmentLength(TlsContext *context, size_t maxFragLen)
Set maximum fragment length.
Definition: tls.c:529
HmacContext * hmacContext
HMAC context.
Definition: tls.h:1957
@ TLS_ALERT_CERTIFICATE_UNOBTAINABLE
Definition: tls.h:999
@ TLS_ALERT_NO_CERTIFICATE
Definition: tls.h:979
bool_t extendedMasterSecretExtReceived
The ExtendedMasterSecret extension has been received.
Definition: tls.h:2180
@ TLS_TYPE_ACK
Definition: tls.h:922
TlsEncryptionEngine prevEncryptionEngine
Definition: tls.h:2253
@ TLS13_KEY_EXCH_ECDHE
Definition: tls.h:1046
@ TLS_STATE_SERVER_APP_TRAFFIC_KEYS
Definition: tls.h:1316
@ TLS_CERT_DSS_SIGN
Definition: tls.h:1073
@ TLS_KEY_EXCH_SRP_SHA_DSS
Definition: tls.h:1044
void * prngContext
Pseudo-random number generator context.
Definition: tls.h:1990
TlsAlertDescription
Alert description.
Definition: tls.h:970
CipherMode cipherMode
Definition: tls.h:1818
error_t tlsSetAlpnProtocolList(TlsContext *context, const char_t *protocolList)
Set the list of supported ALPN protocols.
Definition: tls.c:807
uint16_t value[]
Definition: tls.h:1348
OsMutex mutex
Mutex preventing simultaneous access to the cache.
Definition: tls.h:1867
uint8_t clientVerifyData[64]
Client verify data.
Definition: tls.h:2065
@ TLS_SIGN_ALGO_RSA_PSS_PSS_SHA512
Definition: tls.h:1122
DhContext dhContext
Diffie-Hellman context.
Definition: tls.h:2132
@ TLS_EXT_SERVER_AUTHZ
Definition: tls.h:1145
@ TLS_ALERT_DECRYPT_ERROR
Definition: tls.h:989
@ TLS_KEY_EXCH_ECDH_RSA
Definition: tls.h:1033
TlsContentType txBufferType
Type of data that resides in the TX buffer.
Definition: tls.h:2046
Session cache.
Definition: tls.h:1865
TlsTicketEncryptCallback ticketEncryptCallback
Ticket encryption callback function.
Definition: tls.h:2192
const TlsSignHashAlgos * signAlgoList
SignatureAlgorithms extension.
Definition: tls.h:1901
EC domain parameters.
Definition: ec.h:63
size_t rxDatagramLen
Length of the incoming datagram, in bytes.
Definition: tls.h:2244
const TlsSupportedVersionList * supportedVersionList
SupportedVersions extension (ClientHello)
Definition: tls.h:1896
systime_t retransmitTimeout
Retransmission timeout.
Definition: tls.h:2237
size_t pskLen
Length of the pre-shared key, in bytes.
Definition: tls.h:2155
uint16_t rxMsgSeq
Next receive sequence number.
Definition: tls.h:2242
uint8_t certificateTypes[]
Definition: tls.h:1654
uint8_t * psk
Pre-shared key.
Definition: tls.h:2154
size_t recordIvLen
Length of the IV.
Definition: tls.h:1951
#define TLS_RANDOM_SIZE
Definition: tls.h:834
@ TLS_GROUP_BRAINPOOLP256R1
Definition: tls.h:1233
@ TLS_EXT_EARLY_DATA
Definition: tls.h:1165
@ TLS_EXT_TRUNCATED_HMAC
Definition: tls.h:1141
@ TLS_EXT_SESSION_TICKET
Definition: tls.h:1163
@ TLS_TYPE_END_OF_EARLY_DATA
Definition: tls.h:937
@ TLS_CERT_FORMAT_OPEN_PGP
Definition: tls.h:1060
uint8_t authTagLen
Definition: tls.h:1825
error_t(* TlsSocketSendCallback)(TlsSocketHandle handle, const void *data, size_t length, size_t *written, uint_t flags)
Socket send callback function.
Definition: tls.h:1724
@ TLS_GROUP_FFDHE6144
Definition: tls.h:1251
error_t tlsAllowUnknownAlpnProtocols(TlsContext *context, bool_t allowed)
Allow unknown ALPN protocols.
Definition: tls.c:781
@ TLS_SIGN_ALGO_ED448
Definition: tls.h:1119
@ TLS_MAX_FRAGMENT_LENGTH_4096
Definition: tls.h:1197
@ TLS_HASH_ALGO_NONE
Definition: tls.h:1094
error_t tlsSetTimeout(TlsContext *context, systime_t timeout)
Set timeout for blocking calls (for DTLS only)
Definition: tls.c:1388
TlsKeyExchMethod keyExchMethod
Definition: tls.h:1816
error_t tlsSetCache(TlsContext *context, TlsCache *cache)
Set session cache.
Definition: tls.c:438
uint8_t sessionIdLen
Definition: tls.h:1615
uint8_t serverVerifyData[64]
Server verify data.
Definition: tls.h:2067
@ TLS_STATE_CLIENT_HELLO
Definition: tls.h:1290
@ TLS_ALERT_EXPORT_RESTRICTION
Definition: tls.h:990
error_t tlsSetPsk(TlsContext *context, const uint8_t *psk, size_t length)
Set the pre-shared key to be used.
Definition: tls.c:883
uint8_t * rxBuffer
RX buffer.
Definition: tls.h:2052
TLS 1.3 helper functions.
@ TLS_EXT_SERVER_NAME
Definition: tls.h:1137
@ TLS_EXT_SIGNATURE_ALGORITHMS_CERT
Definition: tls.h:1172
uint8_t level
Definition: tls.h:1702
@ TLS_HASH_ALGO_SHA224
Definition: tls.h:1097
@ TLS_KEY_EXCH_RSA
Definition: tls.h:1027
@ TLS_EXT_CERT_TYPE
Definition: tls.h:1146
uint8_t ticketPsk[TLS13_MAX_HKDF_DIGEST_SIZE]
PSK associated with the ticket.
Definition: tls13_misc.h:378
@ TLS_TYPE_CERTIFICATE
Definition: tls.h:940
@ TLS_CERT_RSA_EPHEMERAL_DH
Definition: tls.h:1076
@ TLS_ALERT_UNKNOWN_CA
Definition: tls.h:986
void TlsFinished
Finished message.
Definition: tls.h:1683
@ TLS_STATE_SERVER_HELLO
Definition: tls.h:1295
@ TLS_STATE_HELLO_VERIFY_REQUEST
Definition: tls.h:1293
@ TLS_EXT_TRUSTED_CA_KEYS
Definition: tls.h:1140
error_t(* TlsRpkVerifyCallback)(TlsContext *context, const uint8_t *rawPublicKey, size_t rawPublicKeyLen)
Raw public key verification callback function.
Definition: tls.h:1756
const TlsCertTypeList * serverCertTypeList
ServerCertType extension.
Definition: tls.h:1915
size_t recordSizeLimit
Maximum record size the peer is willing to receive.
Definition: tls.h:2169
@ TLS_ALERT_LEVEL_WARNING
Definition: tls.h:961
size_t txBufferSize
TX buffer size.
Definition: tls.h:2044
@ TLS_HASH_ALGO_SHA512
Definition: tls.h:1100
uint16_t cipherSuite
Cipher suite identifier.
Definition: tls.h:1837
@ TLS_ALERT_UNKNOWN_PSK_IDENTITY
Definition: tls.h:1003
@ TLS_KEY_EXCH_ECDHE_ECDSA
Definition: tls.h:1036
error_t tlsSetSocketCallbacks(TlsContext *context, TlsSocketSendCallback socketSendCallback, TlsSocketReceiveCallback socketReceiveCallback, TlsSocketHandle handle)
Set socket send and receive callbacks.
Definition: tls.c:217
TlsKeyLogCallback keyLogCallback
Key logging callback (for debugging purpose only)
Definition: tls.h:2207
@ TLS_STATE_KEY_UPDATE
Definition: tls.h:1318
@ TLS_KEY_EXCH_ECDHE_RSA
Definition: tls.h:1034
const TlsEcPointFormatList * ecPointFormatList
EcPointFormats extension.
Definition: tls.h:1900
const uint8_t * maxFragLen
MaxFragmentLength extension.
Definition: tls.h:1904
uint16_t version
Negotiated TLS version.
Definition: tls.h:2020
size_t certChainLen
Length of the certificate chain.
Definition: tls.h:1880
uint16_t clientVersion
Definition: tls.h:1613
TlsSequenceNumber seqNum
TLS sequence number.
Definition: tls.h:1961
Diffie-Hellman context.
Definition: dh.h:59
__start_packed struct @62 TlsCipherSuites
Cipher suites.
@ TLS_KEY_EXCH_ECDH_ANON
Definition: tls.h:1037
uint8_t premasterSecret[TLS_PREMASTER_SECRET_SIZE]
Premaster secret.
Definition: tls.h:2063
Diffie-Hellman key exchange.
size_t rxRecordLen
Length of the TLS record.
Definition: tls.h:2058
DSA public key.
Definition: dsa.h:60
@ TLS_FLAG_PEEK
Definition: tls.h:895
__start_packed struct @65 TlsSignHashAlgos
List of signature algorithms.
const char_t * trustedCaList
List of trusted CA (PEM format)
Definition: tls.h:2008
@ TLS_GROUP_GC256B
Definition: tls.h:1242
size_t clientVerifyDataLen
Length of the client verify data.
Definition: tls.h:2066
@ TLS_GROUP_ECDH_X25519
Definition: tls.h:1236
TlsCertificateFormat
Certificate formats.
Definition: tls.h:1057
@ TLS_EXT_CLIENT_CERT_TYPE
Definition: tls.h:1156
#define TlsContext
Definition: tls.h:36
error_t
Error codes.
Definition: error.h:42
@ TLS_ALERT_BAD_RECORD_MAC
Definition: tls.h:974
error_t tlsShutdown(TlsContext *context)
Gracefully close TLS session.
Definition: tls.c:2112
size_t txRecordLen
Length of the TLS record.
Definition: tls.h:2049
@ TLS_EXT_EXTENDED_MASTER_SECRET
Definition: tls.h:1160
@ TLS_CERT_ED25519_SIGN
Definition: tls.h:1083
@ TLS_CONNECTION_END_SERVER
Definition: tls.h:862
size_t cookieLen
Length of the cookie.
Definition: tls.h:2025
void tlsFreeSessionState(TlsSessionState *session)
Properly dispose a session state.
Definition: tls.c:2711
__start_packed struct @71 TlsServerName
Server name.
TlsClientAuthMode
Client authentication mode.
Definition: tls.h:870
TlsKeyExchMethod
Key exchange methods.
Definition: tls.h:1024
@ TLS_EXT_SUPPORTED_GROUPS
Definition: tls.h:1147
bool_t fallbackScsvEnabled
Support for FALLBACK_SCSV.
Definition: tls.h:2203
error_t tlsSetSupportedGroups(TlsContext *context, const uint16_t *groups, uint_t length)
Specify the list of allowed ECDHE and FFDHE groups.
Definition: tls.c:592
error_t tlsAddCertificate(TlsContext *context, const char_t *certChain, size_t certChainLen, const char_t *privateKey, size_t privateKeyLen)
Import a certificate and the corresponding private key.
Definition: tls.c:1126
@ TLS_EXT_HEARTBEAT
Definition: tls.h:1152
@ TLS_FLAG_WAIT_ALL
Definition: tls.h:896
#define TLS_PREMASTER_SECRET_SIZE
Definition: tls.h:722
@ TLS_GROUP_NONE
Definition: tls.h:1207
@ TLS_GROUP_GC512B
Definition: tls.h:1246
void TlsCertificateVerify
CertificateVerify message.
Definition: tls.h:1676
@ TLS_KEY_EXCH_DH_ANON
Definition: tls.h:1032
error_t(* TlsEcdhCallback)(TlsContext *context)
ECDH key agreement callback function.
Definition: tls.h:1782
const CipherAlgo * cipherAlgo
Definition: tls.h:1817
size_t rxBufferPos
Current position in RX buffer.
Definition: tls.h:2057
@ TLS_EXT_RENEGOTIATION_INFO
Definition: tls.h:1174
@ TLS_GROUP_SECT283K1
Definition: tls.h:1216
@ TLS_GROUP_SECT409K1
Definition: tls.h:1218
@ TLS_GROUP_EXPLICIT_PRIME_CURVE
Definition: tls.h:1254
error_t tlsSetClientAuthMode(TlsContext *context, TlsClientAuthMode mode)
Set client authentication mode (for servers only)
Definition: tls.c:459
@ TLS13_KEY_EXCH_DHE
Definition: tls.h:1045
uint16_t epoch
Counter value incremented on every cipher state change.
Definition: tls.h:1963
TlsCertificateFormat certFormat
Certificate format.
Definition: tls.h:2184
@ TLS_HASH_ALGO_INTRINSIC
Definition: tls.h:1101
TlsEncryptionEngine decryptionEngine
Decryption engine.
Definition: tls.h:2071
@ TLS_KEY_EXCH_ECDH_ECDSA
Definition: tls.h:1035
const char_t * tlsGetAlpnProtocol(TlsContext *context)
Get the name of the selected ALPN protocol.
Definition: tls.c:855
@ TLS_EXT_ENCRYPT_THEN_MAC
Definition: tls.h:1159
@ TLS_GROUP_FFDHE4096
Definition: tls.h:1250
RSA public key.
Definition: rsa.h:48
systime_t ticketTimestamp
Timestamp to manage ticket lifetime.
Definition: tls13_misc.h:373
@ TLS_TYPE_APPLICATION_DATA
Definition: tls.h:920
@ TLS_TYPE_CLIENT_HELLO
Definition: tls.h:933
uint8_t fixedIvLen
Definition: tls.h:1823
@ TLS_STATE_SERVER_FINISHED
Definition: tls.h:1314
@ TLS_EXT_KEY_SHARE
Definition: tls.h:1173
uint16_t identifier
Definition: tls.h:1814
error_t tlsEnableReplayDetection(TlsContext *context, bool_t enabled)
Enable anti-replay mechanism (for DTLS only)
Definition: tls.c:1452
@ TLS_GROUP_SECT163K1
Definition: tls.h:1208
error_t tlsSetBufferSize(TlsContext *context, size_t txBufferSize, size_t rxBufferSize)
Set TLS buffer size.
Definition: tls.c:481
@ TLS_EC_CURVE_TYPE_EXPLICIT_PRIME
Definition: tls.h:1277
@ TLS_ALERT_UNSUPPORTED_CERTIFICATE
Definition: tls.h:981
size_t serverVerifyDataLen
Length of the server verify data.
Definition: tls.h:2068
error_t tlsSetServerName(TlsContext *context, const char_t *serverName)
Set the server name.
Definition: tls.c:365
bool_t fatalAlertReceived
A fatal alert message has been received from the peer.
Definition: tls.h:2039
@ TLS_TYPE_ALERT
Definition: tls.h:918
error_t tlsSetCookieCallbacks(TlsContext *context, DtlsCookieGenerateCallback cookieGenerateCallback, DtlsCookieVerifyCallback cookieVerifyCallback, void *param)
Set cookie generation/verification callbacks (for DTLS only)
Definition: tls.c:1416
@ TLS_STATE_EARLY_DATA
Definition: tls.h:1292
size_t txBufferPos
Current position in TX buffer.
Definition: tls.h:2048
@ TLS_TYPE_SERVER_HELLO
Definition: tls.h:934
@ TLS_HASH_ALGO_SHA384
Definition: tls.h:1099
__start_packed struct @67 TlsCertAuthorities
List of certificate authorities.
TlsClientAuthMode clientAuthMode
Client authentication mode.
Definition: tls.h:2034
@ TLS_CERT_RSA_PSS_SIGN
Definition: tls.h:1082
@ TLS_GROUP_GC256C
Definition: tls.h:1243
error_t tlsSetPrng(TlsContext *context, const PrngAlgo *prngAlgo, void *prngContext)
Set the pseudo-random number generator to be used.
Definition: tls.c:338
const char_t * tlsGetServerName(TlsContext *context)
Get the server name.
Definition: tls.c:413
@ TLS_TYPE_ENCRYPTED_EXTENSIONS
Definition: tls.h:939
@ TLS_GROUP_SECT233K1
Definition: tls.h:1213
@ TLS_MAX_FRAGMENT_LENGTH_2048
Definition: tls.h:1196
error_t tlsSetPmtu(TlsContext *context, size_t pmtu)
Set PMTU value (for DTLS only)
Definition: tls.c:1358
@ TLS_CERT_DSS_EPHEMERAL_DH
Definition: tls.h:1077
@ TLS_GROUP_SECP384R1
Definition: tls.h:1231
General definitions for cryptographic algorithms.
@ TLS_GROUP_SECP192K1
Definition: tls.h:1225
const HashAlgo * hashAlgo
Hash algorithm for MAC operations.
Definition: tls.h:1956
RSA public-key cryptography standard.
size_t rxBufferMaxLen
Maximum number of plaintext data the RX buffer can hold.
Definition: tls.h:2054
uint16_t clientVersion
Latest version supported by the client.
Definition: tls.h:2019
@ TLS_FLAG_WAIT_ACK
Definition: tls.h:899
__start_packed struct _Ipv4Header __end_packed
@ TLS_ALERT_UNRECOGNIZED_NAME
Definition: tls.h:1000
uint16_t serverVersion
Definition: tls.h:1626
const uint8_t * clientCertType
Definition: tls.h:1914
@ TLS_EXT_COOKIE
Definition: tls.h:1167
error_t tlsSaveSessionState(const TlsContext *context, TlsSessionState *session)
Save TLS session.
Definition: tls.c:2427
@ TLS_STATE_CLIENT_CERTIFICATE_VERIFY
Definition: tls.h:1307
@ TLS_TYPE_CERTIFICATE_VERIFY
Definition: tls.h:944
@ TLS_STATE_SERVER_CHANGE_CIPHER_SPEC
Definition: tls.h:1312
EcdhContext ecdhContext
ECDH context.
Definition: tls.h:2136
const TlsRenegoInfo * renegoInfo
RenegotiationInfo extension.
Definition: tls.h:1922
@ TLS_EXT_CLIENT_CERTIFICATE_URL
Definition: tls.h:1139
@ TLS_ALERT_MISSING_EXTENSION
Definition: tls.h:997
#define TLS_MAX_CERTIFICATES
Definition: tls.h:239
EcDomainParameters peerEcParams
Peer's EC domain parameters.
Definition: tls.h:2149
DsaPublicKey peerDsaPublicKey
Peer's DSA public key.
Definition: tls.h:2145
uint8_t recordIvLen
Definition: tls.h:1824
uint8_t b[8]
Definition: tls.h:1337
@ TLS_SIGN_ALGO_ED25519
Definition: tls.h:1118
MD5 algorithm context.
Definition: md5.h:58
DSA (Digital Signature Algorithm)
@ TLS_GROUP_SECT283R1
Definition: tls.h:1217
uint_t numCipherSuites
Number of cipher suites in the list.
Definition: tls.h:1993
__start_packed struct @84 TlsHandshake
TLS handshake message.
@ TLS_STATE_SERVER_HELLO_3
Definition: tls.h:1297
@ TLS_HASH_ALGO_SHA256
Definition: tls.h:1098
TlsExtensionType
TLS extension types.
Definition: tls.h:1135
@ TLS_ALERT_USER_CANCELED
Definition: tls.h:995
@ TLS_CERT_ED448_SIGN
Definition: tls.h:1084
__start_packed struct @55 DtlsSequenceNumber
Sequence number.
__start_packed struct @74 TlsProtocolNameList
List of protocol names.
@ TLS_EXT_CERTIFICATE_AUTHORITIES
Definition: tls.h:1169
@ TLS_STATE_END_OF_EARLY_DATA
Definition: tls.h:1315
@ TLS_FLAG_NO_DELAY
Definition: tls.h:900
error_t tlsSetEcdhCallback(TlsContext *context, TlsEcdhCallback ecdhCallback)
Register ECDH key agreement callback function.
Definition: tls.c:674
@ TLS_EC_CURVE_TYPE_EXPLICIT_CHAR2
Definition: tls.h:1278
@ TLS_CERT_RSA_SIGN
Definition: tls.h:1072
uint8_t certificateTypesLen
Definition: tls.h:1653
uint16_t version
Negotiated TLS version.
Definition: tls.h:1944
Elliptic curve point.
Definition: ec.h:51
@ TLS_EC_POINT_FORMAT_UNCOMPRESSED
Definition: tls.h:1265
Encryption engine.
Definition: tls.h:1942
@ TLS_KEY_EXCH_SRP_SHA
Definition: tls.h:1042
error_t tlsSetTicketCallbacks(TlsContext *context, TlsTicketEncryptCallback ticketEncryptCallback, TlsTicketDecryptCallback ticketDecryptCallback, void *param)
Set ticket encryption/decryption callbacks.
Definition: tls.c:1326
@ TLS_GROUP_SECT409R1
Definition: tls.h:1219
@ TLS_FLAG_BREAK_CRLF
Definition: tls.h:898
uint_t numCerts
Number of certificates available.
Definition: tls.h:2007
@ TLS_GROUP_BRAINPOOLP512R1
Definition: tls.h:1235
TlsSocketReceiveCallback socketReceiveCallback
Socket receive callback function.
Definition: tls.h:1987
@ TLS_GROUP_FFDHE2048
Definition: tls.h:1248
error_t tlsWrite(TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
Send application data to the remote host using TLS.
Definition: tls.c:1663
@ TLS_STATE_CLIENT_APP_TRAFFIC_KEYS
Definition: tls.h:1311
@ TLS_CLIENT_AUTH_NONE
Definition: tls.h:872
@ TLS_TYPE_HELLO_VERIFY_REQUEST
Definition: tls.h:935
@ TLS_GROUP_SECP160K1
Definition: tls.h:1222
__start_packed struct @89 TlsAlert
Alert message.
__start_packed struct @68 TlsExtension
TLS extension.
@ TLS_TYPE_CLIENT_KEY_EXCHANGE
Definition: tls.h:945
@ TLS_KEY_EXCH_DHE_PSK
Definition: tls.h:1040
Md5Context * transcriptMd5Context
MD5 context used to compute verify data.
Definition: tls.h:2078
@ TLS_STATE_NEW_SESSION_TICKET
Definition: tls.h:1317
bool_t resume
The connection is established by resuming a session.
Definition: tls.h:2037
CipherMode
Cipher operation modes.
Definition: crypto.h:1077
@ TLS_FLAG_DELAY
Definition: tls.h:901
@ TLS_EXT_STATUS_REQUEST_V2
Definition: tls.h:1154
size_t txBufferMaxLen
Maximum number of plaintext data the TX buffer can hold.
Definition: tls.h:2045
TlsMaxFragmentLength
Maximum fragment length.
Definition: tls.h:1192
@ TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC
Definition: tls.h:1308
@ TLS_EXT_EC_POINT_FORMATS
Definition: tls.h:1148
TlsCompressMethod
Compression methods.
Definition: tls.h:1013
void * ticketParam
Opaque pointer passed to the ticket callbacks.
Definition: tls.h:2194
__start_packed struct @66 TlsCertificateList
List of certificates.
@ TLS_SIGN_ALGO_GOSTR34102012_512
Definition: tls.h:1127
@ TLS_GROUP_SECP521R1
Definition: tls.h:1232
@ TLS_GROUP_SECP192R1
Definition: tls.h:1226
@ TLS_EXT_ALPN
Definition: tls.h:1153
@ TLS_GROUP_FFDHE3072
Definition: tls.h:1249
@ TLS_ALERT_PROTOCOL_VERSION
Definition: tls.h:991
Hello extensions.
Definition: tls.h:1894
@ TLS_GROUP_SECP160R1
Definition: tls.h:1223
@ TLS_ALERT_DECRYPTION_FAILED
Definition: tls.h:975
TlsCertificateType
Certificate types.
Definition: tls.h:1069
TlsCertDesc * cert
Pointer to the currently selected certificate.
Definition: tls.h:2012
TlsEncryptionEngine encryptionEngine
Encryption engine.
Definition: tls.h:2070
#define TLS_MASTER_SECRET_SIZE
Definition: tls.h:836
size_t privateKeyLen
Length of the private key.
Definition: tls.h:1882
@ TLS_GROUP_BRAINPOOLP384R1_TLS13
Definition: tls.h:1239
@ TLS_HASH_ALGO_MD5
Definition: tls.h:1095
Certificate descriptor.
Definition: tls.h:1877
uint_t size
Maximum number of entries.
Definition: tls.h:1868
TlsHashAlgo pskHashAlgo
Hash algorithm associated with the PSK.
Definition: tls.h:2160
const TlsSignHashAlgos * certSignAlgoList
SignatureAlgorithmsCert extension.
Definition: tls.h:1902
@ TLS_STATE_HANDSHAKE_TRAFFIC_KEYS
Definition: tls.h:1298
@ TLS_KEY_EXCH_RSA_PSK
Definition: tls.h:1039
@ TLS_FLAG_BREAK_CHAR
Definition: tls.h:897
Mutex object.
@ TLS_EXT_USER_MAPPING
Definition: tls.h:1143
char_t * serverName
ServerName extension.
Definition: tls.h:1856
error_t tlsSetConnectionEnd(TlsContext *context, TlsConnectionEnd entity)
Set operation mode (client or server)
Definition: tls.c:312
uint8_t hash
Definition: tls.h:1369
__start_packed struct @85 TlsClientHello
ClientHello message.
@ TLS_CLIENT_AUTH_OPTIONAL
Definition: tls.h:873
uint16_t type
Definition: tls.h:1413
error_t tlsSetMaxEarlyDataSize(TlsContext *context, size_t maxEarlyDataSize)
Send the maximum amount of 0-RTT data the server can accept.
Definition: tls.c:1480
@ TLS_TYPE_SERVER_KEY_EXCHANGE
Definition: tls.h:941
@ TLS_GROUP_GC512C
Definition: tls.h:1247
DtlsCookieGenerateCallback cookieGenerateCallback
Cookie generation callback function.
Definition: tls.h:2231
TlsPskCallback pskCallback
PSK callback function.
Definition: tls.h:2158
__start_packed struct @87 TlsCertificateRequest
CertificateRequest message.
@ TLS_EC_CURVE_TYPE_NAMED_CURVE
Definition: tls.h:1279
uint16_t group
Definition: tls13_misc.h:205
uint8_t flags
Definition: tcp.h:314
@ TLS_TYPE_NONE
Definition: tls.h:916
uint16_t namedGroup
ECDHE or FFDHE named group.
Definition: tls.h:2031
error_t(* TlsEcdsaSignCallback)(TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
ECDSA signature generation callback function.
Definition: tls.h:1789
TlsSignatureAlgo signAlgo
Signature algorithm used to sign the end entity certificate.
Definition: tls.h:1884
const uint16_t * cipherSuites
List of supported cipher suites.
Definition: tls.h:1992
char char_t
Definition: compiler_port.h:43
uint16_t txMsgSeq
Send sequence number.
Definition: tls.h:2239
@ TLS_GROUP_SECP224R1
Definition: tls.h:1228
GCM context.
Definition: gcm.h:47
const uint8_t * recordSizeLimit
RecordSizeLimit extension.
Definition: tls.h:1907
@ TLS_KEY_EXCH_NONE
Definition: tls.h:1026
TlsNameType
Name type.
Definition: tls.h:1182
@ TLS13_KEY_EXCH_PSK_ECDHE
Definition: tls.h:1049
__start_packed struct @64 TlsSignHashAlgo
Signature algorithm.
@ TLS_STATE_CLIENT_HELLO_2
Definition: tls.h:1291
@ TLS_ALERT_BAD_CERTIFICATE
Definition: tls.h:980
bool_t replayDetectionEnabled
Anti-replay mechanism enabled.
Definition: tls.h:2249
const HashAlgo * hashAlgo
Definition: tls.h:1819
TlsContentType
Content type.
Definition: tls.h:914
@ TLS_STATE_CLOSING
Definition: tls.h:1320
@ TLS_STATE_SERVER_CERTIFICATE_VERIFY
Definition: tls.h:1302
size_t rxBufferLen
Number of bytes available for reading.
Definition: tls.h:2056
@ TLS_ALERT_INAPPROPRIATE_FALLBACK
Definition: tls.h:994
@ TLS_EARLY_DATA_ACCEPTED
Definition: tls.h:885
error_t tlsSetRpkVerifyCallback(TlsContext *context, TlsRpkVerifyCallback rpkVerifyCallback)
Register the raw public key verification callback function.
Definition: tls.c:1068
void TlsClientKeyExchange
ClientKeyExchange message.
Definition: tls.h:1669
void * cipherContext
Cipher context.
Definition: tls.h:1954
@ TLS_STATE_SERVER_CERTIFICATE
Definition: tls.h:1300
TlsEcCurveType
EC curve types.
Definition: tls.h:1275
@ TLS_CLIENT_AUTH_REQUIRED
Definition: tls.h:874
@ TLS_EXT_PADDING
Definition: tls.h:1158
@ TLS_ALERT_LEVEL_FATAL
Definition: tls.h:962
TLS session state.
Definition: tls.h:1834
__start_packed struct @61 TlsSequenceNumber
Sequence number.
error_t tlsInitSessionState(TlsSessionState *session)
Initialize session state.
Definition: tls.c:2406
size_t rxFragQueueLen
Length of the reassembly queue.
Definition: tls.h:2243
@ TLS_GROUP_SECT193R2
Definition: tls.h:1212
uint16_t versionMax
Maximum version accepted by the implementation.
Definition: tls.h:2022
Galois/Counter Mode (GCM)
__start_packed struct @72 TlsServerNameList
List of server names.
__start_packed struct @77 TlsCertTypeList
List of supported certificate types.
uint32_t replayWindow[(DTLS_REPLAY_WINDOW_SIZE+31)/32]
Definition: tls.h:2250
@ TLS_STATE_CLIENT_KEY_EXCHANGE
Definition: tls.h:1306
uint8_t verifyDataLen
Definition: tls.h:1826
error_t tlsSetCipherSuites(TlsContext *context, const uint16_t *cipherSuites, uint_t length)
Specify the list of allowed cipher suites.
Definition: tls.c:564
TlsTransportProtocol
TLS transport protocols.
Definition: tls.h:848
error_t(* DtlsCookieVerifyCallback)(TlsContext *context, const DtlsClientParameters *clientParams, const uint8_t *cookie, size_t length, void *param)
DTLS cookie verification callback function.
Definition: dtls_misc.h:244
__start_packed struct @70 TlsSupportedVersionList
List of supported versions.
@ TLS_TYPE_FINISHED
Definition: tls.h:946
void TlsHelloRequest
HelloRequest message.
Definition: tls.h:1604
@ TLS_GROUP_SECT193R1
Definition: tls.h:1211
@ TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA512
Definition: tls.h:1117
bool_t serverCertTypeExtReceived
The ServerCertType extension has been received.
Definition: tls.h:2188
@ TLS_STATE_CLIENT_CERTIFICATE
Definition: tls.h:1305
TlsCertVerifyCallback certVerifyCallback
Certificate verification callback function.
Definition: tls.h:2010
void * certVerifyParam
Opaque pointer passed to the certificate verification callback.
Definition: tls.h:2011
@ TLS_SIGN_ALGO_RSA_PSS_PSS_SHA256
Definition: tls.h:1120
error_t tlsWriteEarlyData(TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
Send early data to the remote TLS server.
Definition: tls.c:1509
uint8_t msgType
Definition: tls.h:1594
@ TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC_2
Definition: tls.h:1309
error_t tlsSetDhParameters(TlsContext *context, const char_t *params, size_t length)
Import Diffie-Hellman parameters.
Definition: tls.c:646
@ TLS_ALERT_CERTIFICATE_EXPIRED
Definition: tls.h:983
__start_packed struct @86 TlsServerHello
ServerHello message.
@ TLS_STATE_ENCRYPTED_EXTENSIONS
Definition: tls.h:1299
@ TLS_EXT_SERVER_CERT_TYPE
Definition: tls.h:1157
@ TLS_KEY_EXCH_PSK
Definition: tls.h:1038
@ TLS_STATE_INIT
Definition: tls.h:1289
@ TLS_KEY_EXCH_ECDHE_PSK
Definition: tls.h:1041
@ TLS_NAME_TYPE_HOSTNAME
Definition: tls.h:1184
TlsSocketSendCallback socketSendCallback
Socket send callback function.
Definition: tls.h:1986
@ TLS_ALERT_NO_APPLICATION_PROTOCOL
Definition: tls.h:1005
uint8_t sessionId[]
Definition: tls.h:1616
const PrngAlgo * prngAlgo
Pseudo-random number generator to be used.
Definition: tls.h:1989
@ TLS_CERT_RSA_FIXED_ECDH
Definition: tls.h:1080
#define TLS_MAX_HKDF_DIGEST_SIZE
Definition: tls.h:817
@ TLS_TYPE_HEARTBEAT
Definition: tls.h:921
TlsSignatureAlgo
Signature algorithms.
Definition: tls.h:1109
uint8_t serverRandom[TLS_RANDOM_SIZE]
Server random value.
Definition: tls.h:2062
@ TLS_EXT_SRP
Definition: tls.h:1149
error_t tlsSetEcdsaVerifyCallback(TlsContext *context, TlsEcdsaVerifyCallback ecdsaVerifyCallback)
Register ECDSA signature verification callback function.
Definition: tls.c:727
@ TLS_CONNECTION_END_CLIENT
Definition: tls.h:861
char_t * pskIdentityHint
PSK identity hint.
Definition: tls.h:2157
TlsCipherSuiteInfo cipherSuite
Negotiated cipher suite.
Definition: tls.h:2027
__start_packed struct @80 TlsPskIdentityHint
PSK identity hint.
bool_t tlsIsRxReady(TlsContext *context)
Check whether some data is available in the receive buffer.
Definition: tls.c:2067
__start_packed struct @75 TlsSupportedGroupList
List of supported groups.
@ TLS_MAX_FRAGMENT_LENGTH_1024
Definition: tls.h:1195
TlsAlertLevel
Alert level.
Definition: tls.h:959
@ TLS_EXT_CACHED_INFO
Definition: tls.h:1161
Common interface for encryption algorithms.
Definition: crypto.h:1150
@ TLS_TYPE_CERTIFICATE_REQUEST
Definition: tls.h:942
uint8_t encKeyLen
Definition: tls.h:1822
@ TLS_EXT_PRE_SHARED_KEY
Definition: tls.h:1164
@ TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_PRIME
Definition: tls.h:1266
void tlsFree(TlsContext *context)
Release TLS context.
Definition: tls.c:2272
__start_packed struct @83 TlsRecord
TLS record.
@ TLS_GROUP_SECT571R1
Definition: tls.h:1221
error_t tlsRead(TlsContext *context, void *data, size_t size, size_t *received, uint_t flags)
Receive application data from a the remote host using TLS.
Definition: tls.c:1798
@ TLS_GROUP_FFDHE_MAX
Definition: tls.h:1253
TlsCache * cache
TLS session cache.
Definition: tls.h:2014
TlsState state
TLS handshake finite state machine.
Definition: tls.h:1981
TlsContentType rxBufferType
Type of data that resides in the RX buffer.
Definition: tls.h:2055
uint8_t cookie[]
Definition: dtls_misc.h:203
char_t * serverName
Fully qualified DNS hostname of the server.
Definition: tls.h:1998
@ TLS_SIGN_ALGO_RSA
Definition: tls.h:1112
size_t rxRecordPos
Current position in the TLS record.
Definition: tls.h:2059
char_t hostname[]
Definition: tls.h:1449
error_t tlsSetPskIdentity(TlsContext *context, const char_t *pskIdentity)
Set the PSK identity to be used by the client.
Definition: tls.c:944
uint16_t version
TLS protocol version.
Definition: tls.h:1836
@ TLS_TYPE_SUPPLEMENTAL_DATA
Definition: tls.h:949
SHA-1 algorithm context.
Definition: sha1.h:58
@ TLS_CERT_ECDSA_SIGN
Definition: tls.h:1079
@ TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE
Definition: tls.h:1001
systime_t startTime
Definition: tls.h:2229
__start_packed struct @63 TlsCompressMethods
Compression methods.
@ TLS_KEY_EXCH_DHE_DSS
Definition: tls.h:1031
bool_t clientCertRequested
This flag tells whether the client certificate is requested.
Definition: tls.h:2035
@ TLS_TRANSPORT_PROTOCOL_STREAM
Definition: tls.h:850
const CipherAlgo * cipherAlgo
Cipher algorithm.
Definition: tls.h:1953
uint8_t mode
Definition: ntp_common.h:149
__start_packed struct @79 TlsPskIdentity
PSK identity.
error_t tlsSetTransportProtocol(TlsContext *context, TlsTransportProtocol transportProtocol)
Set the transport protocol to be used.
Definition: tls.c:283
uint8_t ticketNonce[]
A per-ticket value that is unique across all tickets issued.
Definition: tls13_misc.h:340
uint8_t random[32]
Definition: tls.h:1614
TlsEcdhCallback ecdhCallback
Definition: tls.h:2001
const char_t * certChain
End entity certificate chain (PEM format)
Definition: tls.h:1879
bool_t recordSizeLimitExtReceived
The RecordSizeLimit extension has been received.
Definition: tls.h:2170
RsaPublicKey peerRsaPublicKey
Peer's RSA public key.
Definition: tls.h:2141
bool_t unknownProtocolsAllowed
Unknown ALPN protocols allowed.
Definition: tls.h:2174
@ TLS_EXT_SIGNATURE_ALGORITHMS
Definition: tls.h:1150
size_t macKeyLen
Length of the MAC key.
Definition: tls.h:1946
Common interface for hash algorithms.
Definition: crypto.h:1128
@ TLS_CERT_NONE
Definition: tls.h:1071
char_t * selectedProtocol
Selected ALPN protocol.
Definition: tls.h:2176
error_t(* TlsPskCallback)(TlsContext *context, const uint8_t *pskIdentity, size_t pskIdentityLen)
Pre-shared key callback function.
Definition: tls.h:1740
const TlsServerNameList * serverNameList
ServerName extension.
Definition: tls.h:1898
TlsEarlyDataStatus tlsGetEarlyDataStatus(TlsContext *context)
Check whether the server has accepted or rejected the early data.
Definition: tls.c:1620
@ TLS_GROUP_GC256A
Definition: tls.h:1241
size_t trustedCaListLen
Number of trusted CA in the list.
Definition: tls.h:2009
GcmContext * gcmContext
GCM context.
Definition: tls.h:1959
__start_packed struct @92 Tls13KeyShareList
List of key shares.
systime_t retransmitTimestamp
Time at which the datagram was sent.
Definition: tls.h:2236
@ TLS_EXT_POST_HANDSHAKE_AUTH
Definition: tls.h:1171
@ TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2
Definition: tls.h:1313
@ TLS_GROUP_SECT233R1
Definition: tls.h:1214
@ TLS_TYPE_NEW_SESSION_TICKET
Definition: tls.h:936
TlsEcdsaSignCallback ecdsaSignCallback
Definition: tls.h:2002
TlsNamedGroup
Named groups.
Definition: tls.h:1205
@ TLS_TYPE_HELLO_REQUEST
Definition: tls.h:932
const char_t * privateKey
Private key (PEM format)
Definition: tls.h:1881
error_t tlsSetPskIdentityHint(TlsContext *context, const char_t *pskIdentityHint)
Set the PSK identity hint to be used by the server.
Definition: tls.c:993
@ TLS_EXT_STATUS_REQUEST
Definition: tls.h:1142
void(* TlsKeyLogCallback)(TlsContext *context, const char_t *key)
Key logging callback function (for debugging purpose only)
Definition: tls.h:1805
@ TLS_TYPE_HELLO_RETRY_REQUEST
Definition: tls.h:938
error_t(* TlsCertVerifyCallback)(TlsContext *context, const X509CertificateInfo *certInfo, uint_t pathLen, void *param)
Certificate verification callback function.
Definition: tls.h:1748
bool_t tlsIsTxReady(TlsContext *context)
Check whether some data is ready for transmission.
Definition: tls.c:2034
unsigned int uint_t
Definition: compiler_port.h:45
error_t tlsSetPreferredGroup(TlsContext *context, uint16_t group)
Specify the preferred ECDHE or FFDHE group.
Definition: tls.c:619
TlsFlags
Flags used by read and write functions.
Definition: tls.h:893
@ TLS_GROUP_SECT163R1
Definition: tls.h:1209
TlsHashAlgo signHashAlgo
Hash algorithm used for signing.
Definition: tls.h:2030
@ TLS_ALERT_CERTIFICATE_REVOKED
Definition: tls.h:982
error_t tlsEnableSecureRenegotiation(TlsContext *context, bool_t enabled)
Enable secure renegotiation.
Definition: tls.c:1272
size_t txBufferLen
Number of bytes that are pending to be sent.
Definition: tls.h:2047
uint32_t ticketAgeAdd
Random value used to obscure the age of the ticket.
Definition: tls13_misc.h:338
uint_t retransmitCount
Retransmission counter.
Definition: tls.h:2235
uint16_t rxRecordVersion
Version of the incoming record.
Definition: tls.h:2246
@ TLS_GROUP_ECDH_X448
Definition: tls.h:1237
@ TLS_STATE_SERVER_HELLO_DONE
Definition: tls.h:1304
@ TLS_STATE_SERVER_HELLO_2
Definition: tls.h:1296
@ TLS_EXT_USE_SRTP
Definition: tls.h:1151
@ TLS_ALERT_HANDSHAKE_FAILURE
Definition: tls.h:978
@ TLS_STATE_CLIENT_FINISHED
Definition: tls.h:1310
TlsSignHashAlgo algorithm
Definition: tls.h:1569
@ TLS_SIGN_ALGO_ECDSA_BRAINPOOLP384R1_TLS13_SHA384
Definition: tls.h:1124
uint8_t macKeyLen
Definition: tls.h:1821
@ TLS_CERT_DSS_FIXED_DH
Definition: tls.h:1075
DtlsCookieVerifyCallback cookieVerifyCallback
Cookie verification callback function.
Definition: tls.h:2232
Legacy definitions.
@ TLS_ALERT_INTERNAL_ERROR
Definition: tls.h:993
@ TLS_CERT_RSA_FIXED_DH
Definition: tls.h:1074
const uint16_t * supportedGroups
List of supported named groups.
Definition: tls.h:1995
error_t tlsEnableFallbackScsv(TlsContext *context, bool_t enabled)
Perform fallback retry (for clients only)
Definition: tls.c:1298
@ TLS_SIGN_ALGO_ECDSA_BRAINPOOLP256R1_TLS13_SHA256
Definition: tls.h:1123
@ TLS_TYPE_KEY_UPDATE
Definition: tls.h:950
@ TLS_SIGN_ALGO_ECDSA
Definition: tls.h:1114
TlsCertDesc certs[TLS_MAX_CERTIFICATES]
End entity certificates (PEM format)
Definition: tls.h:2006
error_t(* TlsTicketDecryptCallback)(TlsContext *context, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen, void *param)
Ticket decryption callback function.
Definition: tls.h:1773
__start_packed struct @76 TlsEcPointFormatList
List of supported EC point formats.
const uint8_t * extendedMasterSecret
ExtendedMasterSecret extension.
Definition: tls.h:1919
RTOS abstraction layer.
size_t recordSizeLimit
Maximum size of record in octets.
Definition: tls.h:1967
@ TLS_KEY_EXCH_DHE_RSA
Definition: tls.h:1029
uint16_t pskCipherSuite
Cipher suite associated with the PSK.
Definition: tls.h:2159
__start_packed struct @73 TlsProtocolName
Protocol name.
Generic hash algorithm context.
Definition: crypto.h:1118
error_t tlsSetTrustedCaList(TlsContext *context, const char_t *trustedCaList, size_t length)
Import a trusted CA list.
Definition: tls.c:1096
CipherMode cipherMode
Cipher mode of operation.
Definition: tls.h:1955
void TlsServerKeyExchange
ServerKeyExchange message.
Definition: tls.h:1644
@ TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA384
Definition: tls.h:1116
uint32_t systime_t
Definition: compiler_port.h:46
const HashAlgo * prfHashAlgo
Definition: tls.h:1820
@ TLS_GROUP_FFDHE8192
Definition: tls.h:1252
const TlsSupportedGroupList * supportedGroupList
SupportedGroups extension.
Definition: tls.h:1899
TlsNamedGroup namedCurve
Named curve used to generate the EC public key.
Definition: tls.h:1886
ECDH context.
Definition: ecdh.h:48
__start_packed struct @78 TlsRenegoInfo
Renegotiated connection.
systime_t timeout
Timeout for blocking calls.
Definition: tls.h:2228
TlsEcdsaVerifyCallback ecdsaVerifyCallback
Definition: tls.h:2003
TlsCertificateType peerCertType
Peer's certificate type.
Definition: tls.h:2033
@ TLS_EXT_RECORD_SIZE_LIMIT
Definition: tls.h:1162
HMAC (Keyed-Hashing for Message Authentication)
error_t tlsSetPskCallback(TlsContext *context, TlsPskCallback pskCallback)
Register the PSK callback function.
Definition: tls.c:1042
@ TLS_KEY_EXCH_DH_RSA
Definition: tls.h:1028
@ TLS_CERT_FORMAT_X509
Definition: tls.h:1059
void * TlsSocketHandle
Socket handle.
Definition: tls.h:1717
TlsEarlyDataStatus
Early data status.
Definition: tls.h:882
@ TLS_GROUP_BRAINPOOLP384R1
Definition: tls.h:1234
@ TLS_EXT_SIGNED_CERT_TIMESTAMP
Definition: tls.h:1155
@ TLS_MAX_FRAGMENT_LENGTH_512
Definition: tls.h:1194
error_t tlsSetKeyLogCallback(TlsContext *context, TlsKeyLogCallback keyLogCallback)
Register key logging callback function (for debugging purpose only)
Definition: tls.c:754
@ TLS_ALERT_CERTIFICATE_UNKNOWN
Definition: tls.h:984
void TlsCertificate
Certificate message.
Definition: tls.h:1637
@ TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_CHAR2
Definition: tls.h:1267
uint8_t description
Definition: tls.h:1703
TLS context.
Definition: tls.h:1979
char_t * protocolList
List of supported ALPN protocols.
Definition: tls.h:2175
@ TLS_TYPE_CERTIFICATE_URL
Definition: tls.h:947
void tlsFreeCache(TlsCache *cache)
Properly dispose a session cache.
Definition: tls_cache.c:313
uint8_t data[]
Definition: tls.h:1584
@ TLS_STATE_CLOSED
Definition: tls.h:1321