tls.h
Go to the documentation of this file.
1 /**
2  * @file tls.h
3  * @brief TLS (Transport Layer Security)
4  *
5  * @section License
6  *
7  * Copyright (C) 2010-2018 Oryx Embedded SARL. All rights reserved.
8  *
9  * This file is part of CycloneSSL Open.
10  *
11  * This program is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU General Public License
13  * as published by the Free Software Foundation; either version 2
14  * of the License, or (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software Foundation,
23  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
24  *
25  * @author Oryx Embedded SARL (www.oryx-embedded.com)
26  * @version 1.9.0
27  **/
28 
29 #ifndef _TLS_H
30 #define _TLS_H
31 
32 //Forward declaration of TlsContext structure
33 struct _TlsContext;
34 #define TlsContext struct _TlsContext
35 
36 //Dependencies
37 #include "os_port.h"
38 #include "core/crypto.h"
39 #include "tls_config.h"
40 #include "tls_legacy.h"
41 #include "tls13_misc.h"
42 #include "dtls_misc.h"
43 #include "mac/hmac.h"
44 #include "pkc/rsa.h"
45 #include "pkc/dsa.h"
46 #include "ecc/ecdsa.h"
47 #include "pkc/dh.h"
48 #include "ecc/ecdh.h"
49 #include "aead/gcm.h"
50 
51 
52 /*
53  * CycloneSSL Open is licensed under GPL version 2. In particular:
54  *
55  * - If you link your program to CycloneSSL Open, the result is a derivative
56  * work that can only be distributed under the same GPL license terms.
57  *
58  * - If additions or changes to CycloneSSL Open are made, the result is a
59  * derivative work that can only be distributed under the same license terms.
60  *
61  * - The GPL license requires that you make the source code available to
62  * whoever you make the binary available to.
63  *
64  * - If you sell or distribute a hardware product that runs CycloneSSL Open,
65  * the GPL license requires you to provide public and full access to all
66  * source code on a nondiscriminatory basis.
67  *
68  * If you fully understand and accept the terms of the GPL license, then edit
69  * the os_port_config.h header and add the following directive:
70  *
71  * #define GPL_LICENSE_TERMS_ACCEPTED
72  */
73 
74 #ifndef GPL_LICENSE_TERMS_ACCEPTED
75  #error Before compiling CycloneSSL Open, you must accept the terms of the GPL license
76 #endif
77 
78 
79 //TLS version numbers
80 #define SSL_VERSION_3_0 0x0300
81 #define TLS_VERSION_1_0 0x0301
82 #define TLS_VERSION_1_1 0x0302
83 #define TLS_VERSION_1_2 0x0303
84 
85 //TLS 1.3 draft version numbers
86 #define TLS_VERSION_1_3_DRAFT(version) (0x7F00 + (version))
87 
88 //TLS 1.3 version number
89 #ifndef TLS_VERSION_1_3
90  #define TLS_VERSION_1_3 0x0304
91 #elif (TLS_VERSION_1_3 < TLS_VERSION_1_3_DRAFT(23) || TLS_VERSION_1_3 > TLS_VERSION_1_3_DRAFT(28))
92  #error TLS_VERSION_1_3 parameter is not valid
93 #endif
94 
95 //TLS support
96 #ifndef TLS_SUPPORT
97  #define TLS_SUPPORT ENABLED
98 #elif (TLS_SUPPORT != ENABLED && TLS_SUPPORT != DISABLED)
99  #error TLS_SUPPORT parameter is not valid
100 #endif
101 
102 //Client mode of operation
103 #ifndef TLS_CLIENT_SUPPORT
104  #define TLS_CLIENT_SUPPORT ENABLED
105 #elif (TLS_CLIENT_SUPPORT != ENABLED && TLS_CLIENT_SUPPORT != DISABLED)
106  #error TLS_CLIENT_SUPPORT parameter is not valid
107 #endif
108 
109 //Server mode of operation
110 #ifndef TLS_SERVER_SUPPORT
111  #define TLS_SERVER_SUPPORT ENABLED
112 #elif (TLS_SERVER_SUPPORT != ENABLED && TLS_SERVER_SUPPORT != DISABLED)
113  #error TLS_SERVER_SUPPORT parameter is not valid
114 #endif
115 
116 //Minimum TLS version that can be negotiated
117 #ifndef TLS_MIN_VERSION
118  #define TLS_MIN_VERSION TLS_VERSION_1_0
119 #elif (TLS_MIN_VERSION < SSL_VERSION_3_0)
120  #error TLS_MIN_VERSION parameter is not valid
121 #endif
122 
123 //Maximum TLS version that can be negotiated
124 #ifndef TLS_MAX_VERSION
125  #define TLS_MAX_VERSION TLS_VERSION_1_2
126 #elif (TLS_MAX_VERSION > TLS_VERSION_1_3 || TLS_MAX_VERSION < TLS_MIN_VERSION)
127  #error TLS_MAX_VERSION parameter is not valid
128 #endif
129 
130 //Session resumption mechanism
131 #ifndef TLS_SESSION_RESUME_SUPPORT
132  #define TLS_SESSION_RESUME_SUPPORT ENABLED
133 #elif (TLS_SESSION_RESUME_SUPPORT != ENABLED && TLS_SESSION_RESUME_SUPPORT != DISABLED)
134  #error TLS_SESSION_RESUME_SUPPORT parameter is not valid
135 #endif
136 
137 //Lifetime of session cache entries
138 #ifndef TLS_SESSION_CACHE_LIFETIME
139  #define TLS_SESSION_CACHE_LIFETIME 3600000
140 #elif (TLS_SESSION_CACHE_LIFETIME < 1000)
141  #error TLS_SESSION_CACHE_LIFETIME parameter is not valid
142 #endif
143 
144 //Session ticket mechanism
145 #ifndef TLS_TICKET_SUPPORT
146  #define TLS_TICKET_SUPPORT DISABLED
147 #elif (TLS_TICKET_SUPPORT != ENABLED && TLS_TICKET_SUPPORT != DISABLED)
148  #error TLS_TICKET_SUPPORT parameter is not valid
149 #endif
150 
151 //Lifetime of session tickets
152 #ifndef TLS_TICKET_LIFETIME
153  #define TLS_TICKET_LIFETIME 3600000
154 #elif (TLS_TICKET_LIFETIME < 0)
155  #error TLS_TICKET_LIFETIME parameter is not valid
156 #endif
157 
158 //SNI (Server Name Indication) extension
159 #ifndef TLS_SNI_SUPPORT
160  #define TLS_SNI_SUPPORT ENABLED
161 #elif (TLS_SNI_SUPPORT != ENABLED && TLS_SNI_SUPPORT != DISABLED)
162  #error TLS_SNI_SUPPORT parameter is not valid
163 #endif
164 
165 //Maximum Fragment Length extension
166 #ifndef TLS_MAX_FRAG_LEN_SUPPORT
167  #define TLS_MAX_FRAG_LEN_SUPPORT DISABLED
168 #elif (TLS_MAX_FRAG_LEN_SUPPORT != ENABLED && TLS_MAX_FRAG_LEN_SUPPORT != DISABLED)
169  #error TLS_MAX_FRAG_LEN_SUPPORT parameter is not valid
170 #endif
171 
172 //Record Size Limit extension
173 #ifndef TLS_RECORD_SIZE_LIMIT_SUPPORT
174  #define TLS_RECORD_SIZE_LIMIT_SUPPORT ENABLED
175 #elif (TLS_RECORD_SIZE_LIMIT_SUPPORT != ENABLED && TLS_RECORD_SIZE_LIMIT_SUPPORT != DISABLED)
176  #error TLS_RECORD_SIZE_LIMIT_SUPPORT parameter is not valid
177 #endif
178 
179 //ALPN (Application-Layer Protocol Negotiation) extension
180 #ifndef TLS_ALPN_SUPPORT
181  #define TLS_ALPN_SUPPORT DISABLED
182 #elif (TLS_ALPN_SUPPORT != ENABLED && TLS_ALPN_SUPPORT != DISABLED)
183  #error TLS_ALPN_SUPPORT parameter is not valid
184 #endif
185 
186 //Extended Master Secret extension
187 #ifndef TLS_EXT_MASTER_SECRET_SUPPORT
188  #define TLS_EXT_MASTER_SECRET_SUPPORT ENABLED
189 #elif (TLS_EXT_MASTER_SECRET_SUPPORT != ENABLED && TLS_EXT_MASTER_SECRET_SUPPORT != DISABLED)
190  #error TLS_EXT_MASTER_SECRET_SUPPORT parameter is not valid
191 #endif
192 
193 //ClientHello Padding extension
194 #ifndef TLS_CLIENT_HELLO_PADDING_SUPPORT
195  #define TLS_CLIENT_HELLO_PADDING_SUPPORT ENABLED
196 #elif (TLS_CLIENT_HELLO_PADDING_SUPPORT != ENABLED && TLS_CLIENT_HELLO_PADDING_SUPPORT != DISABLED)
197  #error TLS_CLIENT_HELLO_PADDING_SUPPORT parameter is not valid
198 #endif
199 
200 //Signature Algorithms Certificate extension
201 #ifndef TLS_SIGN_ALGOS_CERT_SUPPORT
202  #define TLS_SIGN_ALGOS_CERT_SUPPORT DISABLED
203 #elif (TLS_SIGN_ALGOS_CERT_SUPPORT != ENABLED && TLS_SIGN_ALGOS_CERT_SUPPORT != DISABLED)
204  #error TLS_SIGN_ALGOS_CERT_SUPPORT parameter is not valid
205 #endif
206 
207 //RPK (Raw Public Key) support
208 #ifndef TLS_RAW_PUBLIC_KEY_SUPPORT
209  #define TLS_RAW_PUBLIC_KEY_SUPPORT DISABLED
210 #elif (TLS_RAW_PUBLIC_KEY_SUPPORT != ENABLED && TLS_RAW_PUBLIC_KEY_SUPPORT != DISABLED)
211  #error TLS_RAW_PUBLIC_KEY_SUPPORT parameter is not valid
212 #endif
213 
214 //Secure renegotiation support
215 #ifndef TLS_SECURE_RENEGOTIATION_SUPPORT
216  #define TLS_SECURE_RENEGOTIATION_SUPPORT DISABLED
217 #elif (TLS_SECURE_RENEGOTIATION_SUPPORT != ENABLED && TLS_SECURE_RENEGOTIATION_SUPPORT != DISABLED)
218  #error TLS_SECURE_RENEGOTIATION_SUPPORT parameter is not valid
219 #endif
220 
221 //Fallback SCSV support
222 #ifndef TLS_FALLBACK_SCSV_SUPPORT
223  #define TLS_FALLBACK_SCSV_SUPPORT DISABLED
224 #elif (TLS_FALLBACK_SCSV_SUPPORT != ENABLED && TLS_FALLBACK_SCSV_SUPPORT != DISABLED)
225  #error TLS_FALLBACK_SCSV_SUPPORT parameter is not valid
226 #endif
227 
228 //ECC callback functions
229 #ifndef TLS_ECC_CALLBACK_SUPPORT
230  #define TLS_ECC_CALLBACK_SUPPORT DISABLED
231 #elif (TLS_ECC_CALLBACK_SUPPORT != ENABLED && TLS_ECC_CALLBACK_SUPPORT != DISABLED)
232  #error TLS_ECC_CALLBACK_SUPPORT parameter is not valid
233 #endif
234 
235 //Maximum number of certificates the end entity can load
236 #ifndef TLS_MAX_CERTIFICATES
237  #define TLS_MAX_CERTIFICATES 3
238 #elif (TLS_MAX_CERTIFICATES < 1)
239  #error TLS_MAX_CERTIFICATES parameter is not valid
240 #endif
241 
242 //RSA key exchange support
243 #ifndef TLS_RSA_KE_SUPPORT
244  #define TLS_RSA_KE_SUPPORT ENABLED
245 #elif (TLS_RSA_KE_SUPPORT != ENABLED && TLS_RSA_KE_SUPPORT != DISABLED)
246  #error TLS_RSA_KE_SUPPORT parameter is not valid
247 #endif
248 
249 //DHE_RSA key exchange support
250 #ifndef TLS_DHE_RSA_KE_SUPPORT
251  #define TLS_DHE_RSA_KE_SUPPORT ENABLED
252 #elif (TLS_DHE_RSA_KE_SUPPORT != ENABLED && TLS_DHE_RSA_KE_SUPPORT != DISABLED)
253  #error TLS_DHE_RSA_KE_SUPPORT parameter is not valid
254 #endif
255 
256 //DHE_DSS key exchange support
257 #ifndef TLS_DHE_DSS_KE_SUPPORT
258  #define TLS_DHE_DSS_KE_SUPPORT DISABLED
259 #elif (TLS_DHE_DSS_KE_SUPPORT != ENABLED && TLS_DHE_DSS_KE_SUPPORT != DISABLED)
260  #error TLS_DHE_DSS_KE_SUPPORT parameter is not valid
261 #endif
262 
263 //DH_anon key exchange support (insecure)
264 #ifndef TLS_DH_ANON_KE_SUPPORT
265  #define TLS_DH_ANON_KE_SUPPORT DISABLED
266 #elif (TLS_DH_ANON_KE_SUPPORT != ENABLED && TLS_DH_ANON_KE_SUPPORT != DISABLED)
267  #error TLS_DH_ANON_KE_SUPPORT parameter is not valid
268 #endif
269 
270 //ECDHE_RSA key exchange support
271 #ifndef TLS_ECDHE_RSA_KE_SUPPORT
272  #define TLS_ECDHE_RSA_KE_SUPPORT ENABLED
273 #elif (TLS_ECDHE_RSA_KE_SUPPORT != ENABLED && TLS_ECDHE_RSA_KE_SUPPORT != DISABLED)
274  #error TLS_ECDHE_RSA_KE_SUPPORT parameter is not valid
275 #endif
276 
277 //ECDHE_ECDSA key exchange support
278 #ifndef TLS_ECDHE_ECDSA_KE_SUPPORT
279  #define TLS_ECDHE_ECDSA_KE_SUPPORT ENABLED
280 #elif (TLS_ECDHE_ECDSA_KE_SUPPORT != ENABLED && TLS_ECDHE_ECDSA_KE_SUPPORT != DISABLED)
281  #error TLS_ECDHE_ECDSA_KE_SUPPORT parameter is not valid
282 #endif
283 
284 //ECDH_anon key exchange support (insecure)
285 #ifndef TLS_ECDH_ANON_KE_SUPPORT
286  #define TLS_ECDH_ANON_KE_SUPPORT DISABLED
287 #elif (TLS_ECDH_ANON_KE_SUPPORT != ENABLED && TLS_ECDH_ANON_KE_SUPPORT != DISABLED)
288  #error TLS_ECDH_ANON_KE_SUPPORT parameter is not valid
289 #endif
290 
291 //PSK key exchange support
292 #ifndef TLS_PSK_KE_SUPPORT
293  #define TLS_PSK_KE_SUPPORT DISABLED
294 #elif (TLS_PSK_KE_SUPPORT != ENABLED && TLS_PSK_KE_SUPPORT != DISABLED)
295  #error TLS_PSK_KE_SUPPORT parameter is not valid
296 #endif
297 
298 //RSA_PSK key exchange support
299 #ifndef TLS_RSA_PSK_KE_SUPPORT
300  #define TLS_RSA_PSK_KE_SUPPORT DISABLED
301 #elif (TLS_RSA_PSK_KE_SUPPORT != ENABLED && TLS_RSA_PSK_KE_SUPPORT != DISABLED)
302  #error TLS_RSA_PSK_KE_SUPPORT parameter is not valid
303 #endif
304 
305 //DHE_PSK key exchange support
306 #ifndef TLS_DHE_PSK_KE_SUPPORT
307  #define TLS_DHE_PSK_KE_SUPPORT DISABLED
308 #elif (TLS_DHE_PSK_KE_SUPPORT != ENABLED && TLS_DHE_PSK_KE_SUPPORT != DISABLED)
309  #error TLS_DHE_PSK_KE_SUPPORT parameter is not valid
310 #endif
311 
312 //ECDHE_PSK key exchange support
313 #ifndef TLS_ECDHE_PSK_KE_SUPPORT
314  #define TLS_ECDHE_PSK_KE_SUPPORT DISABLED
315 #elif (TLS_ECDHE_PSK_KE_SUPPORT != ENABLED && TLS_ECDHE_PSK_KE_SUPPORT != DISABLED)
316  #error TLS_ECDHE_PSK_KE_SUPPORT parameter is not valid
317 #endif
318 
319 //RSA signature capability
320 #ifndef TLS_RSA_SIGN_SUPPORT
321  #define TLS_RSA_SIGN_SUPPORT ENABLED
322 #elif (TLS_RSA_SIGN_SUPPORT != ENABLED && TLS_RSA_SIGN_SUPPORT != DISABLED)
323  #error TLS_RSA_SIGN_SUPPORT parameter is not valid
324 #endif
325 
326 //RSA-PSS signature capability
327 #ifndef TLS_RSA_PSS_SIGN_SUPPORT
328  #define TLS_RSA_PSS_SIGN_SUPPORT ENABLED
329 #elif (TLS_RSA_PSS_SIGN_SUPPORT != ENABLED && TLS_RSA_PSS_SIGN_SUPPORT != DISABLED)
330  #error TLS_RSA_PSS_SIGN_SUPPORT parameter is not valid
331 #endif
332 
333 //DSA signature capability
334 #ifndef TLS_DSA_SIGN_SUPPORT
335  #define TLS_DSA_SIGN_SUPPORT DISABLED
336 #elif (TLS_DSA_SIGN_SUPPORT != ENABLED && TLS_DSA_SIGN_SUPPORT != DISABLED)
337  #error TLS_DSA_SIGN_SUPPORT parameter is not valid
338 #endif
339 
340 //ECDSA signature capability
341 #ifndef TLS_ECDSA_SIGN_SUPPORT
342  #define TLS_ECDSA_SIGN_SUPPORT ENABLED
343 #elif (TLS_ECDSA_SIGN_SUPPORT != ENABLED && TLS_ECDSA_SIGN_SUPPORT != DISABLED)
344  #error TLS_ECDSA_SIGN_SUPPORT parameter is not valid
345 #endif
346 
347 //EdDSA signature capability
348 #ifndef TLS_EDDSA_SIGN_SUPPORT
349  #define TLS_EDDSA_SIGN_SUPPORT DISABLED
350 #elif (TLS_EDDSA_SIGN_SUPPORT != ENABLED && TLS_EDDSA_SIGN_SUPPORT != DISABLED)
351  #error TLS_EDDSA_SIGN_SUPPORT parameter is not valid
352 #endif
353 
354 //NULL cipher support (insecure)
355 #ifndef TLS_NULL_CIPHER_SUPPORT
356  #define TLS_NULL_CIPHER_SUPPORT DISABLED
357 #elif (TLS_NULL_CIPHER_SUPPORT != ENABLED && TLS_NULL_CIPHER_SUPPORT != DISABLED)
358  #error TLS_NULL_CIPHER_SUPPORT parameter is not valid
359 #endif
360 
361 //Stream cipher support
362 #ifndef TLS_STREAM_CIPHER_SUPPORT
363  #define TLS_STREAM_CIPHER_SUPPORT DISABLED
364 #elif (TLS_STREAM_CIPHER_SUPPORT != ENABLED && TLS_STREAM_CIPHER_SUPPORT != DISABLED)
365  #error TLS_STREAM_CIPHER_SUPPORT parameter is not valid
366 #endif
367 
368 //CBC block cipher support
369 #ifndef TLS_CBC_CIPHER_SUPPORT
370  #define TLS_CBC_CIPHER_SUPPORT ENABLED
371 #elif (TLS_CBC_CIPHER_SUPPORT != ENABLED && TLS_CBC_CIPHER_SUPPORT != DISABLED)
372  #error TLS_CBC_CIPHER_SUPPORT parameter is not valid
373 #endif
374 
375 //CCM AEAD support
376 #ifndef TLS_CCM_CIPHER_SUPPORT
377  #define TLS_CCM_CIPHER_SUPPORT DISABLED
378 #elif (TLS_CCM_CIPHER_SUPPORT != ENABLED && TLS_CCM_CIPHER_SUPPORT != DISABLED)
379  #error TLS_CCM_CIPHER_SUPPORT parameter is not valid
380 #endif
381 
382 //CCM_8 AEAD support
383 #ifndef TLS_CCM_8_CIPHER_SUPPORT
384  #define TLS_CCM_8_CIPHER_SUPPORT DISABLED
385 #elif (TLS_CCM_8_CIPHER_SUPPORT != ENABLED && TLS_CCM_8_CIPHER_SUPPORT != DISABLED)
386  #error TLS_CCM_8_CIPHER_SUPPORT parameter is not valid
387 #endif
388 
389 //GCM AEAD support
390 #ifndef TLS_GCM_CIPHER_SUPPORT
391  #define TLS_GCM_CIPHER_SUPPORT ENABLED
392 #elif (TLS_GCM_CIPHER_SUPPORT != ENABLED && TLS_GCM_CIPHER_SUPPORT != DISABLED)
393  #error TLS_GCM_CIPHER_SUPPORT parameter is not valid
394 #endif
395 
396 //ChaCha20Poly1305 AEAD support
397 #ifndef TLS_CHACHA20_POLY1305_SUPPORT
398  #define TLS_CHACHA20_POLY1305_SUPPORT DISABLED
399 #elif (TLS_CHACHA20_POLY1305_SUPPORT != ENABLED && TLS_CHACHA20_POLY1305_SUPPORT != DISABLED)
400  #error TLS_CHACHA20_POLY1305_SUPPORT parameter is not valid
401 #endif
402 
403 //RC4 cipher support (insecure)
404 #ifndef TLS_RC4_SUPPORT
405  #define TLS_RC4_SUPPORT DISABLED
406 #elif (TLS_RC4_SUPPORT != ENABLED && TLS_RC4_SUPPORT != DISABLED)
407  #error TLS_RC4_SUPPORT parameter is not valid
408 #endif
409 
410 //IDEA cipher support (insecure)
411 #ifndef TLS_IDEA_SUPPORT
412  #define TLS_IDEA_SUPPORT DISABLED
413 #elif (TLS_IDEA_SUPPORT != ENABLED && TLS_IDEA_SUPPORT != DISABLED)
414  #error TLS_IDEA_SUPPORT parameter is not valid
415 #endif
416 
417 //DES cipher support (insecure)
418 #ifndef TLS_DES_SUPPORT
419  #define TLS_DES_SUPPORT DISABLED
420 #elif (TLS_DES_SUPPORT != ENABLED && TLS_DES_SUPPORT != DISABLED)
421  #error TLS_DES_SUPPORT parameter is not valid
422 #endif
423 
424 //Triple DES cipher support (weak)
425 #ifndef TLS_3DES_SUPPORT
426  #define TLS_3DES_SUPPORT DISABLED
427 #elif (TLS_3DES_SUPPORT != ENABLED && TLS_3DES_SUPPORT != DISABLED)
428  #error TLS_3DES_SUPPORT parameter is not valid
429 #endif
430 
431 //AES cipher support
432 #ifndef TLS_AES_SUPPORT
433  #define TLS_AES_SUPPORT ENABLED
434 #elif (TLS_AES_SUPPORT != ENABLED && TLS_AES_SUPPORT != DISABLED)
435  #error TLS_AES_SUPPORT parameter is not valid
436 #endif
437 
438 //Camellia cipher support
439 #ifndef TLS_CAMELLIA_SUPPORT
440  #define TLS_CAMELLIA_SUPPORT DISABLED
441 #elif (TLS_CAMELLIA_SUPPORT != ENABLED && TLS_CAMELLIA_SUPPORT != DISABLED)
442  #error TLS_CAMELLIA_SUPPORT parameter is not valid
443 #endif
444 
445 //SEED cipher support
446 #ifndef TLS_SEED_SUPPORT
447  #define TLS_SEED_SUPPORT DISABLED
448 #elif (TLS_SEED_SUPPORT != ENABLED && TLS_SEED_SUPPORT != DISABLED)
449  #error TLS_SEED_SUPPORT parameter is not valid
450 #endif
451 
452 //ARIA cipher support
453 #ifndef TLS_ARIA_SUPPORT
454  #define TLS_ARIA_SUPPORT DISABLED
455 #elif (TLS_ARIA_SUPPORT != ENABLED && TLS_ARIA_SUPPORT != DISABLED)
456  #error TLS_ARIA_SUPPORT parameter is not valid
457 #endif
458 
459 //MD5 hash support (insecure)
460 #ifndef TLS_MD5_SUPPORT
461  #define TLS_MD5_SUPPORT DISABLED
462 #elif (TLS_MD5_SUPPORT != ENABLED && TLS_MD5_SUPPORT != DISABLED)
463  #error TLS_MD5_SUPPORT parameter is not valid
464 #endif
465 
466 //SHA-1 hash support (weak)
467 #ifndef TLS_SHA1_SUPPORT
468  #define TLS_SHA1_SUPPORT ENABLED
469 #elif (TLS_SHA1_SUPPORT != ENABLED && TLS_SHA1_SUPPORT != DISABLED)
470  #error TLS_SHA1_SUPPORT parameter is not valid
471 #endif
472 
473 //SHA-224 hash support (weak)
474 #ifndef TLS_SHA224_SUPPORT
475  #define TLS_SHA224_SUPPORT DISABLED
476 #elif (TLS_SHA224_SUPPORT != ENABLED && TLS_SHA224_SUPPORT != DISABLED)
477  #error TLS_SHA224_SUPPORT parameter is not valid
478 #endif
479 
480 //SHA-256 hash support
481 #ifndef TLS_SHA256_SUPPORT
482  #define TLS_SHA256_SUPPORT ENABLED
483 #elif (TLS_SHA256_SUPPORT != ENABLED && TLS_SHA256_SUPPORT != DISABLED)
484  #error TLS_SHA256_SUPPORT parameter is not valid
485 #endif
486 
487 //SHA-384 hash support
488 #ifndef TLS_SHA384_SUPPORT
489  #define TLS_SHA384_SUPPORT ENABLED
490 #elif (TLS_SHA384_SUPPORT != ENABLED && TLS_SHA384_SUPPORT != DISABLED)
491  #error TLS_SHA384_SUPPORT parameter is not valid
492 #endif
493 
494 //SHA-512 hash support
495 #ifndef TLS_SHA512_SUPPORT
496  #define TLS_SHA512_SUPPORT DISABLED
497 #elif (TLS_SHA512_SUPPORT != ENABLED && TLS_SHA512_SUPPORT != DISABLED)
498  #error TLS_SHA512_SUPPORT parameter is not valid
499 #endif
500 
501 //FFDHE key exchange mechanism
502 #ifndef TLS_FFDHE_SUPPORT
503  #define TLS_FFDHE_SUPPORT DISABLED
504 #elif (TLS_FFDHE_SUPPORT != ENABLED && TLS_FFDHE_SUPPORT != DISABLED)
505  #error TLS_FFDHE_SUPPORT parameter is not valid
506 #endif
507 
508 //ffdhe2048 group support
509 #ifndef TLS_FFDHE2048_SUPPORT
510  #define TLS_FFDHE2048_SUPPORT ENABLED
511 #elif (TLS_FFDHE2048_SUPPORT != ENABLED && TLS_FFDHE2048_SUPPORT != DISABLED)
512  #error TLS_FFDHE2048_SUPPORT parameter is not valid
513 #endif
514 
515 //ffdhe3072 group support
516 #ifndef TLS_FFDHE3072_SUPPORT
517  #define TLS_FFDHE3072_SUPPORT DISABLED
518 #elif (TLS_FFDHE3072_SUPPORT != ENABLED && TLS_FFDHE3072_SUPPORT != DISABLED)
519  #error TLS_FFDHE3072_SUPPORT parameter is not valid
520 #endif
521 
522 //ffdhe4096 group support
523 #ifndef TLS_FFDHE4096_SUPPORT
524  #define TLS_FFDHE4096_SUPPORT DISABLED
525 #elif (TLS_FFDHE4096_SUPPORT != ENABLED && TLS_FFDHE4096_SUPPORT != DISABLED)
526  #error TLS_FFDHE4096_SUPPORT parameter is not valid
527 #endif
528 
529 //secp160k1 elliptic curve support (weak)
530 #ifndef TLS_SECP160K1_SUPPORT
531  #define TLS_SECP160K1_SUPPORT DISABLED
532 #elif (TLS_SECP160K1_SUPPORT != ENABLED && TLS_SECP160K1_SUPPORT != DISABLED)
533  #error TLS_SECP160K1_SUPPORT parameter is not valid
534 #endif
535 
536 //secp160r1 elliptic curve support (weak)
537 #ifndef TLS_SECP160R1_SUPPORT
538  #define TLS_SECP160R1_SUPPORT DISABLED
539 #elif (TLS_SECP160R1_SUPPORT != ENABLED && TLS_SECP160R1_SUPPORT != DISABLED)
540  #error TLS_SECP160R1_SUPPORT parameter is not valid
541 #endif
542 
543 //secp160r2 elliptic curve support (weak)
544 #ifndef TLS_SECP160R2_SUPPORT
545  #define TLS_SECP160R2_SUPPORT DISABLED
546 #elif (TLS_SECP160R2_SUPPORT != ENABLED && TLS_SECP160R2_SUPPORT != DISABLED)
547  #error TLS_SECP160R2_SUPPORT parameter is not valid
548 #endif
549 
550 //secp192k1 elliptic curve support
551 #ifndef TLS_SECP192K1_SUPPORT
552  #define TLS_SECP192K1_SUPPORT DISABLED
553 #elif (TLS_SECP192K1_SUPPORT != ENABLED && TLS_SECP192K1_SUPPORT != DISABLED)
554  #error TLS_SECP192K1_SUPPORT parameter is not valid
555 #endif
556 
557 //secp192r1 elliptic curve support (NIST P-192)
558 #ifndef TLS_SECP192R1_SUPPORT
559  #define TLS_SECP192R1_SUPPORT DISABLED
560 #elif (TLS_SECP192R1_SUPPORT != ENABLED && TLS_SECP192R1_SUPPORT != DISABLED)
561  #error TLS_SECP192R1_SUPPORT parameter is not valid
562 #endif
563 
564 //secp224k1 elliptic curve support
565 #ifndef TLS_SECP224K1_SUPPORT
566  #define TLS_SECP224K1_SUPPORT DISABLED
567 #elif (TLS_SECP224K1_SUPPORT != ENABLED && TLS_SECP224K1_SUPPORT != DISABLED)
568  #error TLS_SECP224K1_SUPPORT parameter is not valid
569 #endif
570 
571 //secp224r1 elliptic curve support (NIST P-224)
572 #ifndef TLS_SECP224R1_SUPPORT
573  #define TLS_SECP224R1_SUPPORT DISABLED
574 #elif (TLS_SECP224R1_SUPPORT != ENABLED && TLS_SECP224R1_SUPPORT != DISABLED)
575  #error TLS_SECP224R1_SUPPORT parameter is not valid
576 #endif
577 
578 //secp256k1 elliptic curve support
579 #ifndef TLS_SECP256K1_SUPPORT
580  #define TLS_SECP256K1_SUPPORT DISABLED
581 #elif (TLS_SECP256K1_SUPPORT != ENABLED && TLS_SECP256K1_SUPPORT != DISABLED)
582  #error TLS_SECP256K1_SUPPORT parameter is not valid
583 #endif
584 
585 //secp256r1 elliptic curve support (NIST P-256)
586 #ifndef TLS_SECP256R1_SUPPORT
587  #define TLS_SECP256R1_SUPPORT ENABLED
588 #elif (TLS_SECP256R1_SUPPORT != ENABLED && TLS_SECP256R1_SUPPORT != DISABLED)
589  #error TLS_SECP256R1_SUPPORT parameter is not valid
590 #endif
591 
592 //secp384r1 elliptic curve support (NIST P-384)
593 #ifndef TLS_SECP384R1_SUPPORT
594  #define TLS_SECP384R1_SUPPORT ENABLED
595 #elif (TLS_SECP384R1_SUPPORT != ENABLED && TLS_SECP384R1_SUPPORT != DISABLED)
596  #error TLS_SECP384R1_SUPPORT parameter is not valid
597 #endif
598 
599 //secp521r1 elliptic curve support (NIST P-521)
600 #ifndef TLS_SECP521R1_SUPPORT
601  #define TLS_SECP521R1_SUPPORT DISABLED
602 #elif (TLS_SECP521R1_SUPPORT != ENABLED && TLS_SECP521R1_SUPPORT != DISABLED)
603  #error TLS_SECP521R1_SUPPORT parameter is not valid
604 #endif
605 
606 //brainpoolP256r1 elliptic curve support
607 #ifndef TLS_BRAINPOOLP256R1_SUPPORT
608  #define TLS_BRAINPOOLP256R1_SUPPORT DISABLED
609 #elif (TLS_BRAINPOOLP256R1_SUPPORT != ENABLED && TLS_BRAINPOOLP256R1_SUPPORT != DISABLED)
610  #error TLS_BRAINPOOLP256R1_SUPPORT parameter is not valid
611 #endif
612 
613 //brainpoolP384r1 elliptic curve support
614 #ifndef TLS_BRAINPOOLP384R1_SUPPORT
615  #define TLS_BRAINPOOLP384R1_SUPPORT DISABLED
616 #elif (TLS_BRAINPOOLP384R1_SUPPORT != ENABLED && TLS_BRAINPOOLP384R1_SUPPORT != DISABLED)
617  #error TLS_BRAINPOOLP384R1_SUPPORT parameter is not valid
618 #endif
619 
620 //brainpoolP512r1 elliptic curve support
621 #ifndef TLS_BRAINPOOLP512R1_SUPPORT
622  #define TLS_BRAINPOOLP512R1_SUPPORT DISABLED
623 #elif (TLS_BRAINPOOLP512R1_SUPPORT != ENABLED && TLS_BRAINPOOLP512R1_SUPPORT != DISABLED)
624  #error TLS_BRAINPOOLP512R1_SUPPORT parameter is not valid
625 #endif
626 
627 //Curve25519 elliptic curve support
628 #ifndef TLS_X25519_SUPPORT
629  #define TLS_X25519_SUPPORT DISABLED
630 #elif (TLS_X25519_SUPPORT != ENABLED && TLS_X25519_SUPPORT != DISABLED)
631  #error TLS_X25519_SUPPORT parameter is not valid
632 #endif
633 
634 //Curve448 elliptic curve support
635 #ifndef TLS_X448_SUPPORT
636  #define TLS_X448_SUPPORT DISABLED
637 #elif (TLS_X448_SUPPORT != ENABLED && TLS_X448_SUPPORT != DISABLED)
638  #error TLS_X448_SUPPORT parameter is not valid
639 #endif
640 
641 //Ed25519 elliptic curve support
642 #ifndef TLS_ED25519_SUPPORT
643  #define TLS_ED25519_SUPPORT ENABLED
644 #elif (TLS_ED25519_SUPPORT != ENABLED && TLS_ED25519_SUPPORT != DISABLED)
645  #error TLS_ED25519_SUPPORT parameter is not valid
646 #endif
647 
648 //Ed448 elliptic curve support
649 #ifndef TLS_ED448_SUPPORT
650  #define TLS_ED448_SUPPORT DISABLED
651 #elif (TLS_ED448_SUPPORT != ENABLED && TLS_ED448_SUPPORT != DISABLED)
652  #error TLS_ED448_SUPPORT parameter is not valid
653 #endif
654 
655 //Certificate key usage verification
656 #ifndef TLS_CERT_KEY_USAGE_SUPPORT
657  #define TLS_CERT_KEY_USAGE_SUPPORT ENABLED
658 #elif (TLS_CERT_KEY_USAGE_SUPPORT != ENABLED && TLS_CERT_KEY_USAGE_SUPPORT != DISABLED)
659  #error TLS_CERT_KEY_USAGE_SUPPORT parameter is not valid
660 #endif
661 
662 //Key logging (for debugging purpose only)
663 #ifndef TLS_KEY_LOG_SUPPORT
664  #define TLS_KEY_LOG_SUPPORT DISABLED
665 #elif (TLS_KEY_LOG_SUPPORT != ENABLED && TLS_KEY_LOG_SUPPORT != DISABLED)
666  #error TLS_KEY_LOG_SUPPORT parameter is not valid
667 #endif
668 
669 //Maximum acceptable length for server names
670 #ifndef TLS_MAX_SERVER_NAME_LEN
671  #define TLS_MAX_SERVER_NAME_LEN 255
672 #elif (TLS_MAX_SERVER_NAME_LEN < 1)
673  #error TLS_MAX_SERVER_NAME_LEN parameter is not valid
674 #endif
675 
676 //Minimum acceptable size for Diffie-Hellman prime modulus
677 #ifndef TLS_MIN_DH_MODULUS_SIZE
678  #define TLS_MIN_DH_MODULUS_SIZE 1024
679 #elif (TLS_MIN_DH_MODULUS_SIZE < 512)
680  #error TLS_MIN_DH_MODULUS_SIZE parameter is not valid
681 #endif
682 
683 //Maximum acceptable size for Diffie-Hellman prime modulus
684 #ifndef TLS_MAX_DH_MODULUS_SIZE
685  #define TLS_MAX_DH_MODULUS_SIZE 4096
686 #elif (TLS_MAX_DH_MODULUS_SIZE < TLS_MIN_DH_MODULUS_SIZE)
687  #error TLS_MAX_DH_MODULUS_SIZE parameter is not valid
688 #endif
689 
690 //Minimum acceptable size for RSA modulus
691 #ifndef TLS_MIN_RSA_MODULUS_SIZE
692  #define TLS_MIN_RSA_MODULUS_SIZE 1024
693 #elif (TLS_MIN_RSA_MODULUS_SIZE < 512)
694  #error TLS_MIN_RSA_MODULUS_SIZE parameter is not valid
695 #endif
696 
697 //Maximum acceptable size for RSA modulus
698 #ifndef TLS_MAX_RSA_MODULUS_SIZE
699  #define TLS_MAX_RSA_MODULUS_SIZE 4096
700 #elif (TLS_MAX_RSA_MODULUS_SIZE < TLS_MIN_RSA_MODULUS_SIZE)
701  #error TLS_MAX_RSA_MODULUS_SIZE parameter is not valid
702 #endif
703 
704 //Minimum acceptable size for DSA prime modulus
705 #ifndef TLS_MIN_DSA_MODULUS_SIZE
706  #define TLS_MIN_DSA_MODULUS_SIZE 1024
707 #elif (TLS_MIN_DSA_MODULUS_SIZE < 512)
708  #error TLS_MIN_DSA_MODULUS_SIZE parameter is not valid
709 #endif
710 
711 //Maximum acceptable size for DSA prime modulus
712 #ifndef TLS_MAX_DSA_MODULUS_SIZE
713  #define TLS_MAX_DSA_MODULUS_SIZE 4096
714 #elif (TLS_MAX_DSA_MODULUS_SIZE < TLS_MIN_DSA_MODULUS_SIZE)
715  #error TLS_MAX_DSA_MODULUS_SIZE parameter is not valid
716 #endif
717 
718 //Maximum size for premaster secret
719 #ifndef TLS_PREMASTER_SECRET_SIZE
720  #define TLS_PREMASTER_SECRET_SIZE 256
721 #elif (TLS_PREMASTER_SECRET_SIZE < 48)
722  #error TLS_PREMASTER_SECRET_SIZE parameter is not valid
723 #endif
724 
725 //Maximum number of consecutive warning alerts
726 #ifndef TLS_MAX_WARNING_ALERTS
727  #define TLS_MAX_WARNING_ALERTS 0
728 #elif (TLS_MAX_WARNING_ALERTS < 0)
729  #error TLS_MAX_WARNING_ALERTS parameter is not valid
730 #endif
731 
732 //Maximum number of consecutive empty records
733 #ifndef TLS_MAX_EMPTY_RECORDS
734  #define TLS_MAX_EMPTY_RECORDS 0
735 #elif (TLS_MAX_EMPTY_RECORDS < 0)
736  #error TLS_MAX_EMPTY_RECORDS parameter is not valid
737 #endif
738 
739 //Maximum number of consecutive ChangeCipherSpec messages
740 #ifndef TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES
741  #define TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES 0
742 #elif (TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES < 0)
743  #error TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES parameter is not valid
744 #endif
745 
746 //Maximum number of consecutive KeyUpdate messages
747 #ifndef TLS_MAX_KEY_UPDATE_MESSAGES
748  #define TLS_MAX_KEY_UPDATE_MESSAGES 0
749 #elif (TLS_MAX_KEY_UPDATE_MESSAGES < 0)
750  #error TLS_MAX_KEY_UPDATE_MESSAGES parameter is not valid
751 #endif
752 
753 //Memory allocation
754 #ifndef tlsAllocMem
755  #define tlsAllocMem(size) osAllocMem(size)
756 #endif
757 
758 //Memory deallocation
759 #ifndef tlsFreeMem
760  #define tlsFreeMem(p) osFreeMem(p)
761 #endif
762 
763 //Support for Diffie-Hellman?
764 #if ((TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
765  (TLS_DH_ANON_KE_SUPPORT == ENABLED || TLS_DHE_RSA_KE_SUPPORT == ENABLED || \
766  TLS_DHE_DSS_KE_SUPPORT == ENABLED || TLS_DHE_PSK_KE_SUPPORT == ENABLED))
767  #define TLS_DH_SUPPORT ENABLED
768 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
769  (TLS13_DHE_KE_SUPPORT == ENABLED || TLS13_PSK_DHE_KE_SUPPORT == ENABLED))
770  #define TLS_DH_SUPPORT ENABLED
771 #else
772  #define TLS_DH_SUPPORT DISABLED
773 #endif
774 
775 //Support for ECDH?
776 #if ((TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
777  (TLS_ECDH_ANON_KE_SUPPORT == ENABLED || TLS_ECDHE_RSA_KE_SUPPORT == ENABLED || \
778  TLS_ECDHE_ECDSA_KE_SUPPORT == ENABLED || TLS_ECDHE_PSK_KE_SUPPORT == ENABLED))
779  #define TLS_ECDH_SUPPORT ENABLED
780 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
781  (TLS13_ECDHE_KE_SUPPORT == ENABLED || TLS13_PSK_ECDHE_KE_SUPPORT == ENABLED))
782  #define TLS_ECDH_SUPPORT ENABLED
783 #else
784  #define TLS_ECDH_SUPPORT DISABLED
785 #endif
786 
787 //Support for RSA?
788 #if ((TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
789  (TLS_RSA_SIGN_SUPPORT == ENABLED || TLS_RSA_PSS_SIGN_SUPPORT == ENABLED || \
790  TLS_RSA_KE_SUPPORT == ENABLED || TLS_DHE_RSA_KE_SUPPORT == ENABLED || \
791  TLS_ECDHE_RSA_KE_SUPPORT == ENABLED || TLS_RSA_PSK_KE_SUPPORT == ENABLED))
792  #define TLS_RSA_SUPPORT ENABLED
793 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
794  (TLS_RSA_SIGN_SUPPORT == ENABLED || TLS_RSA_PSS_SIGN_SUPPORT == ENABLED))
795  #define TLS_RSA_SUPPORT ENABLED
796 #else
797  #define TLS_RSA_SUPPORT DISABLED
798 #endif
799 
800 //Support for PSK?
801 #if ((TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
802  (TLS_PSK_KE_SUPPORT == ENABLED || TLS_RSA_PSK_KE_SUPPORT == ENABLED || \
803  TLS_DHE_PSK_KE_SUPPORT == ENABLED || TLS_ECDHE_PSK_KE_SUPPORT == ENABLED))
804  #define TLS_PSK_SUPPORT ENABLED
805 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
806  (TLS13_PSK_KE_SUPPORT == ENABLED || TLS13_PSK_DHE_KE_SUPPORT == ENABLED || \
807  TLS13_PSK_ECDHE_KE_SUPPORT == ENABLED))
808  #define TLS_PSK_SUPPORT ENABLED
809 #else
810  #define TLS_PSK_SUPPORT DISABLED
811 #endif
812 
813 //Maximum size for HKDF digests
814 #if (TLS_SHA384_SUPPORT == ENABLED)
815  #define TLS_MAX_HKDF_DIGEST_SIZE 48
816 #else
817  #define TLS_MAX_HKDF_DIGEST_SIZE 32
818 #endif
819 
820 //Bind TLS to a particular socket
821 #define tlsSetSocket(context, socket) tlsSetSocketCallbacks(context, \
822  (TlsSocketSendCallback) socketSend, (TlsSocketReceiveCallback) socketReceive, \
823  (TlsSocketHandle) socket)
824 
825 //Minimum plaintext record length
826 #define TLS_MIN_RECORD_LENGTH 512
827 //Maximum plaintext record length
828 #define TLS_MAX_RECORD_LENGTH 16384
829 //Data overhead caused by record encryption
830 #define TLS_MAX_RECORD_OVERHEAD 512
831 //Master secret size
832 #define TLS_MASTER_SECRET_SIZE 48
833 
834 //C++ guard
835 #ifdef __cplusplus
836  extern "C" {
837 #endif
838 
839 
840 /**
841  * @brief TLS transport protocols
842  **/
843 
844 typedef enum
845 {
849 
850 
851 /**
852  * @brief TLS connection end
853  **/
854 
855 typedef enum
856 {
860 
861 
862 /**
863  * @brief Client authentication mode
864  **/
865 
866 typedef enum
867 {
872 
873 
874 /**
875  * @brief Early data status
876  **/
877 
878 typedef enum
879 {
883 
884 
885 /**
886  * @brief Flags used by read and write functions
887  **/
888 
889 typedef enum
890 {
891  TLS_FLAG_PEEK = 0x0200,
897  TLS_FLAG_DELAY = 0x8000
898 } TlsFlags;
899 
900 
901 //The TLS_FLAG_BREAK macro causes the read function to stop reading
902 //data whenever the specified break character is encountered
903 #define TLS_FLAG_BREAK(c) (TLS_FLAG_BREAK_CHAR | LSB(c))
904 
905 
906 /**
907  * @brief Content type
908  **/
909 
910 typedef enum
911 {
918  TLS_TYPE_ACK = 25 //RFC draft
920 
921 
922 /**
923  * @brief Handshake message type
924  **/
925 
926 typedef enum
927 {
949 
950 
951 /**
952  * @brief Alert level
953  **/
954 
955 typedef enum
956 {
959 } TlsAlertLevel;
960 
961 
962 /**
963  * @brief Alert description
964  **/
965 
966 typedef enum
967 {
1002 
1003 
1004 /**
1005  * @brief Compression methods
1006  **/
1007 
1008 typedef enum
1009 {
1013 
1014 
1015 /**
1016  * @brief Key exchange methods
1017  **/
1018 
1019 typedef enum
1020 {
1046 
1047 
1048 /**
1049  * @brief Certificate formats
1050  **/
1051 
1052 typedef enum
1053 {
1058 
1059 
1060 /**
1061  * @brief Certificate types
1062  **/
1063 
1064 typedef enum
1065 {
1077  TLS_CERT_RSA_PSS_SIGN = 256, //For internal use only
1078  TLS_CERT_ED25519_SIGN = 257, //For internal use only
1079  TLS_CERT_ED448_SIGN = 258 //For internal use only
1081 
1082 
1083 /**
1084  * @brief Hash algorithms
1085  **/
1086 
1087 typedef enum
1088 {
1097 } TlsHashAlgo;
1098 
1099 
1100 /**
1101  * @brief Signature algorithms
1102  **/
1103 
1104 typedef enum
1105 {
1119 
1120 
1121 /**
1122  * @brief TLS extension types
1123  **/
1124 
1125 typedef enum
1126 {
1166 
1167 
1168 /**
1169  * @brief Name type
1170  **/
1171 
1172 typedef enum
1173 {
1175 } TlsNameType;
1176 
1177 
1178 /**
1179  * @brief Maximum fragment length
1180  **/
1181 
1182 typedef enum
1183 {
1189 
1190 
1191 /**
1192  * @brief Named groups
1193  **/
1194 
1195 typedef enum
1196 {
1198  TLS_GROUP_SECT163K1 = 1, //RFC 4492
1199  TLS_GROUP_SECT163R1 = 2, //RFC 4492
1200  TLS_GROUP_SECT163R2 = 3, //RFC 4492
1201  TLS_GROUP_SECT193R1 = 4, //RFC 4492
1202  TLS_GROUP_SECT193R2 = 5, //RFC 4492
1203  TLS_GROUP_SECT233K1 = 6, //RFC 4492
1204  TLS_GROUP_SECT233R1 = 7, //RFC 4492
1205  TLS_GROUP_SECT239K1 = 8, //RFC 4492
1206  TLS_GROUP_SECT283K1 = 9, //RFC 4492
1207  TLS_GROUP_SECT283R1 = 10, //RFC 4492
1208  TLS_GROUP_SECT409K1 = 11, //RFC 4492
1209  TLS_GROUP_SECT409R1 = 12, //RFC 4492
1210  TLS_GROUP_SECT571K1 = 13, //RFC 4492
1211  TLS_GROUP_SECT571R1 = 14, //RFC 4492
1212  TLS_GROUP_SECP160K1 = 15, //RFC 4492
1213  TLS_GROUP_SECP160R1 = 16, //RFC 4492
1214  TLS_GROUP_SECP160R2 = 17, //RFC 4492
1215  TLS_GROUP_SECP192K1 = 18, //RFC 4492
1216  TLS_GROUP_SECP192R1 = 19, //RFC 4492
1217  TLS_GROUP_SECP224K1 = 20, //RFC 4492
1218  TLS_GROUP_SECP224R1 = 21, //RFC 4492
1219  TLS_GROUP_SECP256K1 = 22, //RFC 4492
1220  TLS_GROUP_SECP256R1 = 23, //RFC 4492
1221  TLS_GROUP_SECP384R1 = 24, //RFC 4492
1222  TLS_GROUP_SECP521R1 = 25, //RFC 4492
1223  TLS_GROUP_BRAINPOOLP256R1 = 26, //RFC 7027
1224  TLS_GROUP_BRAINPOOLP384R1 = 27, //RFC 7027
1225  TLS_GROUP_BRAINPOOLP512R1 = 28, //RFC 7027
1226  TLS_GROUP_ECDH_X25519 = 29, //RFC 8422
1227  TLS_GROUP_ECDH_X448 = 30, //RFC 8422
1228  TLS_GROUP_FFDHE2048 = 256, //RFC 7919
1229  TLS_GROUP_FFDHE3072 = 257, //RFC 7919
1230  TLS_GROUP_FFDHE4096 = 258, //RFC 7919
1231  TLS_GROUP_FFDHE6144 = 259, //RFC 7919
1232  TLS_GROUP_FFDHE8192 = 260, //RFC 7919
1233  TLS_GROUP_FFDHE_MAX = 511, //RFC 7919
1236 } TlsNamedGroup;
1237 
1238 
1239 /**
1240  * @brief EC point formats
1241  **/
1242 
1243 typedef enum
1244 {
1249 
1250 
1251 /**
1252  * @brief EC curve types
1253  **/
1254 
1255 typedef enum
1256 {
1260 } TlsEcCurveType;
1261 
1262 
1263 /**
1264  * @brief TLS FSM states
1265  **/
1266 
1267 typedef enum
1268 {
1302 } TlsState;
1303 
1304 
1305 //CodeWarrior or Win32 compiler?
1306 #if defined(__CWCC__) || defined(_WIN32)
1307  #pragma pack(push, 1)
1308 #endif
1309 
1310 
1311 /**
1312  * @brief Sequence number
1313  **/
1314 
1315 typedef __start_packed struct
1316 {
1317  uint8_t b[8];
1319 
1320 
1321 /**
1322  * @brief Cipher suite
1323  **/
1324 
1325 typedef uint16_t TlsCipherSuite;
1326 
1327 
1328 /**
1329  * @brief Cipher suites
1330  **/
1331 
1332 typedef __start_packed struct
1333 {
1334  uint16_t length; //0-1
1335  uint16_t value[]; //2
1337 
1338 
1339 /**
1340  * @brief Compression method
1341  **/
1342 
1343 typedef uint8_t TlsCompressMethod;
1344 
1345 
1346 /**
1347  * @brief Compression methods
1348  **/
1349 
1350 typedef __start_packed struct
1351 {
1352  uint8_t length; //0
1353  uint8_t value[]; //1
1355 
1356 
1357 /**
1358  * @brief Signature algorithm
1359  **/
1360 
1361 typedef __start_packed struct
1362 {
1363  uint8_t hash; //0
1364  uint8_t signature; //1
1366 
1367 
1368 /**
1369  * @brief List of signature algorithms
1370  **/
1371 
1372 typedef __start_packed struct
1373 {
1374  uint16_t length; //0-1
1375  TlsSignHashAlgo value[]; //2
1377 
1378 
1379 /**
1380  * @brief List of certificates
1381  **/
1382 
1383 typedef __start_packed struct
1384 {
1385  uint8_t length[3]; //0-2
1386  uint8_t value[]; //3
1388 
1389 
1390 /**
1391  * @brief List of certificate authorities
1392  **/
1393 
1394 typedef __start_packed struct
1395 {
1396  uint16_t length; //0-1
1397  uint8_t value[]; //2
1399 
1400 
1401 /**
1402  * @brief TLS extension
1403  **/
1404 
1405 typedef __start_packed struct
1406 {
1407  uint16_t type; //0-1
1408  uint16_t length; //2-3
1409  uint8_t value[]; //4
1411 
1412 
1413 /**
1414  * @brief List of TLS extensions
1415  **/
1416 
1417 typedef __start_packed struct
1418 {
1419  uint16_t length; //0-1
1420  uint8_t value[]; //2
1422 
1423 
1424 /**
1425  * @brief List of supported versions
1426  **/
1427 
1428 typedef __start_packed struct
1429 {
1430  uint8_t length; //0
1431  uint16_t value[]; //1
1433 
1434 
1435 /**
1436  * @brief Server name
1437  **/
1438 
1439 typedef __start_packed struct
1440 {
1441  uint8_t type; //0
1442  uint16_t length; //1-2
1445 
1446 
1447 /**
1448  * @brief List of server names
1449  **/
1450 
1451 typedef __start_packed struct
1452 {
1453  uint16_t length; //0-1
1454  uint8_t value[]; //2
1456 
1457 
1458 /**
1459  * @brief Protocol name
1460  **/
1461 
1462 typedef __start_packed struct
1463 {
1464  uint8_t length; //0
1465  char_t value[]; //1
1467 
1468 
1469 /**
1470  * @brief List of protocol names
1471  **/
1472 
1473 typedef __start_packed struct
1474 {
1475  uint16_t length; //0-1
1476  uint8_t value[]; //2
1478 
1479 
1480 /**
1481  * @brief List of supported groups
1482  **/
1483 
1484 typedef __start_packed struct
1485 {
1486  uint16_t length; //0-1
1487  uint16_t value[]; //2
1489 
1490 
1491 /**
1492  * @brief List of supported EC point formats
1493  **/
1494 
1495 typedef __start_packed struct
1496 {
1497  uint8_t length; //0
1498  uint8_t value[]; //1
1500 
1501 
1502 /**
1503  * @brief List of supported certificate types
1504  **/
1505 
1506 typedef __start_packed struct
1507 {
1508  uint8_t length; //0
1509  uint8_t value[]; //1
1511 
1512 
1513 /**
1514  * @brief Renegotiated connection
1515  **/
1516 
1517 typedef __start_packed struct
1518 {
1519  uint8_t length; //0
1520  uint8_t value[]; //1
1522 
1523 
1524 /**
1525  * @brief PSK identity
1526  **/
1527 
1528 typedef __start_packed struct
1529 {
1530  uint16_t length; //0-1
1531  uint8_t value[]; //2
1533 
1534 
1535 /**
1536  * @brief PSK identity hint
1537  **/
1538 
1539 typedef __start_packed struct
1540 {
1541  uint16_t length; //0-1
1542  uint8_t value[]; //2
1544 
1545 
1546 /**
1547  * @brief Digitally-signed element (SSL 3.0, TLS 1.0 and TLS 1.1)
1548  **/
1549 
1550 typedef __start_packed struct
1551 {
1552  uint16_t length; //0-1
1553  uint8_t value[]; //2
1555 
1556 
1557 /**
1558  * @brief Digitally-signed element (TLS 1.2)
1559  **/
1560 
1561 typedef __start_packed struct
1562 {
1564  uint16_t length; //2-3
1565  uint8_t value[]; //4
1567 
1568 
1569 /**
1570  * @brief TLS record
1571  **/
1572 
1573 typedef __start_packed struct
1574 {
1575  uint8_t type; //0
1576  uint16_t version; //1-2
1577  uint16_t length; //3-4
1578  uint8_t data[]; //5
1580 
1581 
1582 /**
1583  * @brief TLS handshake message
1584  **/
1585 
1586 typedef __start_packed struct
1587 {
1588  uint8_t msgType; //0
1589  uint8_t length[3]; //1-3
1590  uint8_t data[]; //4
1592 
1593 
1594 /**
1595  * @brief HelloRequest message
1596  **/
1597 
1598 typedef void TlsHelloRequest;
1599 
1600 
1601 /**
1602  * @brief ClientHello message
1603  **/
1604 
1605 typedef __start_packed struct
1606 {
1607  uint16_t clientVersion; //0-1
1608  uint8_t random[32]; //2-33
1609  uint8_t sessionIdLen; //34
1610  uint8_t sessionId[]; //35
1612 
1613 
1614 /**
1615  * @brief ServerHello message
1616  **/
1617 
1618 typedef __start_packed struct
1619 {
1620  uint16_t serverVersion; //0-1
1621  uint8_t random[32]; //2-33
1622  uint8_t sessionIdLen; //34
1623  uint8_t sessionId[]; //35
1625 
1626 
1627 /**
1628  * @brief Certificate message
1629  **/
1630 
1631 typedef void TlsCertificate;
1632 
1633 
1634 /**
1635  * @brief ServerKeyExchange message
1636  **/
1637 
1639 
1640 
1641 /**
1642  * @brief CertificateRequest message
1643  **/
1644 
1645 typedef __start_packed struct
1646 {
1647  uint8_t certificateTypesLen; //0
1648  uint8_t certificateTypes[]; //1
1650 
1651 
1652 /**
1653  * @brief ServerHelloDone message
1654  **/
1655 
1656 typedef void TlsServerHelloDone;
1657 
1658 
1659 /**
1660  * @brief ClientKeyExchange message
1661  **/
1662 
1664 
1665 
1666 /**
1667  * @brief CertificateVerify message
1668  **/
1669 
1671 
1672 
1673 /**
1674  * @brief Finished message
1675  **/
1676 
1677 typedef void TlsFinished;
1678 
1679 
1680 /**
1681  * @brief ChangeCipherSpec message
1682  **/
1683 
1684 typedef __start_packed struct
1685 {
1686  uint8_t type; //0
1688 
1689 
1690 /**
1691  * @brief Alert message
1692  **/
1693 
1694 typedef __start_packed struct
1695 {
1696  uint8_t level; //0
1697  uint8_t description; //1
1699 
1700 
1701 //CodeWarrior or Win32 compiler?
1702 #if defined(__CWCC__) || defined(_WIN32)
1703  #pragma pack(pop)
1704 #endif
1705 
1706 
1707 /**
1708  * @brief Socket handle
1709  **/
1710 
1711 typedef void *TlsSocketHandle;
1712 
1713 
1714 /**
1715  * @brief Socket send callback function
1716  **/
1717 
1719  const void *data, size_t length, size_t *written, uint_t flags);
1720 
1721 
1722 /**
1723  * @brief Socket receive callback function
1724  **/
1725 
1727  void *data, size_t size, size_t *received, uint_t flags);
1728 
1729 
1730 /**
1731  * @brief Pre-shared key callback function
1732  **/
1733 
1734 typedef error_t (*TlsPskCallback)(TlsContext *context,
1735  const uint8_t *pskIdentity, size_t pskIdentityLen);
1736 
1737 
1738 /**
1739  * @brief Raw public key verification callback function
1740  **/
1741 
1743  const uint8_t *rawPublicKey, size_t rawPublicKeyLen);
1744 
1745 
1746 /**
1747  * @brief Ticket encryption callback function
1748  **/
1749 
1751  const uint8_t *plaintext, size_t plaintextLen, uint8_t *ciphertext,
1752  size_t *ciphertextLen, void *params);
1753 
1754 
1755 /**
1756  * @brief Ticket decryption callback function
1757  **/
1758 
1760  const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext,
1761  size_t *plaintextLen, void *params);
1762 
1763 
1764 /**
1765  * @brief ECDH key agreement callback function
1766  **/
1767 
1768 typedef error_t (*TlsEcdhCallback)(TlsContext *context);
1769 
1770 
1771 /**
1772  * @brief ECDSA signature generation callback function
1773  **/
1774 
1776  const uint8_t *digest, size_t digestLen, EcdsaSignature *signature);
1777 
1778 
1779 /**
1780  * @brief ECDSA signature verification callback function
1781  **/
1782 
1784  const uint8_t *digest, size_t digestLen, EcdsaSignature *signature);
1785 
1786 
1787 /**
1788  * @brief Key logging callback function (for debugging purpose only)
1789  **/
1790 
1791 typedef void (*TlsKeyLogCallback)(TlsContext *context, const char_t *key);
1792 
1793 
1794 /**
1795  * @brief Structure describing a cipher suite
1796  **/
1797 
1798 typedef struct
1799 {
1800  uint16_t identifier;
1801  const char_t *name;
1807  uint8_t macKeyLen;
1808  uint8_t encKeyLen;
1809  uint8_t fixedIvLen;
1810  uint8_t recordIvLen;
1811  uint8_t authTagLen;
1812  uint8_t verifyDataLen;
1814 
1815 
1816 /**
1817  * @brief TLS session state
1818  **/
1819 
1820 typedef struct
1821 {
1822  uint16_t version; ///<TLS protocol version
1823  uint16_t cipherSuite; ///<Cipher suite identifier
1824  uint8_t compressMethod; ///<Compression method
1825  systime_t timestamp; ///<Time stamp to manage entry lifetime
1826  uint8_t secret[48]; ///<Master secret (TLS 1.2) or ticket PSK (TLS 1.3)
1827 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
1828  uint8_t sessionId[32]; ///<Session identifier
1829  size_t sessionIdLen; ///<Length of the session identifier
1830  bool_t extendedMasterSecret; ///<Extended master secret computation
1831 #endif
1832 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
1833  uint8_t *ticket; ///<Session ticket
1834  size_t ticketLen; ///<Length of the session ticket
1835  systime_t ticketTimestamp; ///<Timestamp to manage ticket lifetime
1836  uint32_t ticketLifetime; ///<Lifetime of the ticket
1837  uint32_t ticketAgeAdd; ///<Random value used to obscure the age of the ticket
1838  TlsHashAlgo ticketHashAlgo; ///<Hash algorithm associated with the ticket
1839  char_t *ticketAlpn; ///<ALPN protocol associated with the ticket
1840  uint32_t maxEarlyDataSize; ///<Maximum amount of 0-RTT data that the client is allowed to send
1841 #endif
1842 } TlsSessionState;
1843 
1844 
1845 /**
1846  * @brief Session cache
1847  **/
1848 
1849 typedef struct
1850 {
1851  OsMutex mutex; ///<Mutex preventing simultaneous access to the cache
1852  uint_t size; ///<Maximum number of entries
1853  TlsSessionState sessions[]; ///<Cache entries
1854 } TlsCache;
1855 
1856 
1857 /**
1858  * @brief Certificate descriptor
1859  **/
1860 
1861 typedef struct
1862 {
1863  const char_t *certChain; ///<End entity certificate chain (PEM format)
1864  size_t certChainLen; ///<Length of the certificate chain
1865  const char_t *privateKey; ///<Private key (PEM format)
1866  size_t privateKeyLen; ///<Length of the private key
1867  TlsCertificateType type; ///<End entity certificate type
1868  TlsSignatureAlgo signAlgo; ///<Signature algorithm used to sign the end entity certificate
1869  TlsHashAlgo hashAlgo; ///<Hash algorithm used to sign the end entity certificate
1870  TlsNamedGroup namedCurve; ///<Named curve used to generate the EC public key
1871 } TlsCertDesc;
1872 
1873 
1874 /**
1875  * @brief Hello extensions
1876  **/
1877 
1878 typedef struct
1879 {
1880  const TlsSupportedVersionList *supportedVersionList; ///<SupportedVersions extension (ClientHello)
1881  const uint8_t *selectedVersion; ///<SupportedVersions extension (ServerHello)
1882  const TlsServerNameList *serverNameList; ///<ServerName extension
1883  const TlsSupportedGroupList *supportedGroupList; ///<SupportedGroups extension
1884  const TlsEcPointFormatList *ecPointFormatList; ///<EcPointFormats extension
1885  const TlsSignHashAlgos *signAlgoList; ///<SignatureAlgorithms extension
1886  const TlsSignHashAlgos *certSignAlgoList; ///<SignatureAlgorithmsCert extension
1887 #if (TLS_MAX_FRAG_LEN_SUPPORT == ENABLED)
1888  const uint8_t *maxFragLen; ///<MaxFragmentLength extension
1889 #endif
1890 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
1891  const uint8_t *recordSizeLimit; ///<RecordSizeLimit extension
1892 #endif
1893 #if (TLS_ALPN_SUPPORT == ENABLED)
1894  const TlsProtocolNameList *protocolNameList; ///<ALPN extension
1895 #endif
1896 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
1897  const TlsCertTypeList *clientCertTypeList; ///<ClientCertType extension
1898  const uint8_t *clientCertType;
1899  const TlsCertTypeList *serverCertTypeList; ///<ServerCertType extension
1900  const uint8_t *serverCertType;
1901 #endif
1902 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
1903  const uint8_t *extendedMasterSecret; ///<ExtendedMasterSecret extension
1904 #endif
1905 #if (TLS_SECURE_RENEGOTIATION_SUPPORT == ENABLED)
1906  const TlsRenegoInfo *renegoInfo; ///<RenegotiationInfo extension
1907 #endif
1908 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
1909  const Tls13Cookie *cookie; ///<Cookie extension
1910  const Tls13KeyShareList *keyShareList; ///<KeyShare extension (ClientHello)
1911  const uint8_t *selectedGroup; ///<KeyShare extension (HelloRetryRequest)
1912  const Tls13KeyShareEntry *serverShare; ///<KeyShare extension (ServerHello)
1913  const Tls13PskKeModeList *pskKeModeList; ///<PskKeyExchangeModes extension
1914  const Tls13PskIdentityList *identityList; ///<PreSharedKey extension (ClientHello)
1915  const Tls13PskBinderList *binderList;
1916  const uint8_t *selectedIdentity; ///<PreSharedKey extension (ServerHello)
1917  const uint8_t *earlyDataIndication; ///<EarlyData extension
1918 #endif
1920 
1921 
1922 /**
1923  * @brief Encryption engine
1924  **/
1925 
1926 typedef struct
1927 {
1928  uint16_t version; ///<Negotiated TLS version
1929  uint8_t macKey[48]; ///<MAC key
1930  size_t macKeyLen; ///<Length of the MAC key
1931  uint8_t encKey[32]; ///<Encryption key
1932  size_t encKeyLen; ///<Length of the encryption key
1933  uint8_t iv[16]; ///<Initialization vector
1934  size_t fixedIvLen; ///<Length of the fixed part of the IV
1935  size_t recordIvLen; ///<Length of the IV
1936  size_t authTagLen; ///<Length of the authentication tag
1937  const CipherAlgo *cipherAlgo; ///<Cipher algorithm
1938  void *cipherContext; ///<Cipher context
1939  CipherMode cipherMode; ///<Cipher mode of operation
1940  const HashAlgo *hashAlgo; ///<Hash algorithm for MAC operations
1941  HmacContext *hmacContext; ///<HMAC context
1942 #if (TLS_GCM_CIPHER_SUPPORT == ENABLED)
1943  GcmContext *gcmContext; ///<GCM context
1944 #endif
1945  TlsSequenceNumber seqNum; ///<TLS sequence number
1946 #if (DTLS_SUPPORT == ENABLED)
1947  uint16_t epoch; ///<Counter value incremented on every cipher state change
1948  DtlsSequenceNumber dtlsSeqNum; ///<Record sequence number
1949 #endif
1951 
1952 
1953 /**
1954  * @brief TLS context
1955  *
1956  * An opaque data structure that represents a TLS connection
1957  *
1958  **/
1959 
1961 {
1962  TlsState state; ///<TLS handshake finite state machine
1963  TlsTransportProtocol transportProtocol; ///<Transport protocol (stream or datagram)
1964  TlsConnectionEnd entity; ///<Client or server operation
1965 
1966  TlsSocketHandle socketHandle; ///<Socket handle
1967  TlsSocketSendCallback socketSendCallback; ///<Socket send callback function
1968  TlsSocketReceiveCallback socketReceiveCallback; ///<Socket receive callback function
1969 
1970  const PrngAlgo *prngAlgo; ///<Pseudo-random number generator to be used
1971  void *prngContext; ///<Pseudo-random number generator context
1972 
1973  const uint16_t *cipherSuites; ///<List of supported cipher suites
1974  uint_t numCipherSuites; ///<Number of cipher suites in the list
1975 
1976  const uint16_t *supportedGroups; ///<List of supported named groups
1977  uint_t numSupportedGroups; ///<Number of named groups in the list
1978 
1979  char_t *serverName; ///<Fully qualified DNS hostname of the server
1980 
1981 #if (TLS_ECC_CALLBACK_SUPPORT == ENABLED)
1985 #endif
1986 
1987  TlsCertDesc certs[TLS_MAX_CERTIFICATES]; //End entity certificates
1988  uint_t numCerts; //Number of certificates available
1989  TlsCertDesc *cert; //Pointer to the currently selected certificate
1990 
1991  const char_t *trustedCaList; ///<List of trusted CA (PEM format)
1992  size_t trustedCaListLen; ///<Number of trusted CA in the list
1993 
1994  TlsCache *cache; ///<TLS session cache
1995 
1996  uint8_t sessionId[32]; ///<Session identifier
1997  size_t sessionIdLen; ///<Length of the session identifier
1998 
1999  uint16_t clientVersion; ///<Latest version supported by the client
2000  uint16_t version; ///<Negotiated TLS version
2001  uint16_t versionMin; ///<Minimum version accepted by the implementation
2002  uint16_t versionMax; ///<Maximum version accepted by the implementation
2003 
2004  uint8_t *cookie; ///<Cookie
2005  size_t cookieLen; ///<Length of the cookie
2006 
2007  uint8_t compressMethod; ///<Negotiated compression algorithm
2008  TlsCipherSuiteInfo cipherSuite; ///<Negotiated cipher suite
2009  TlsKeyExchMethod keyExchMethod; ///<Key exchange method
2010  TlsSignatureAlgo signAlgo; ///<Signature algorithm to be used
2011  TlsHashAlgo signHashAlgo; ///<Hash algorithm used for signing
2012  uint16_t namedGroup; ///<ECDHE or FFDHE named group
2013 
2014  TlsCertificateType peerCertType; ///<Peer's certificate type
2015  TlsClientAuthMode clientAuthMode; ///<Client authentication mode
2016  bool_t clientCertRequested; ///<This flag tells whether the client certificate is requested
2017 
2018  bool_t resume; ///<The connection is established by resuming a session
2019  bool_t fatalAlertSent; ///<A fatal alert message has been sent
2020  bool_t fatalAlertReceived; ///<A fatal alert message has been received from the peer
2021  bool_t closeNotifySent; ///<A closure alert has been sent
2022  bool_t closeNotifyReceived; ///<A closure alert has been received from the peer
2023 
2024  uint8_t *txBuffer; ///<TX buffer
2025  size_t txBufferSize; ///<TX buffer size
2026  size_t txBufferMaxLen; ///<Maximum number of plaintext data the TX buffer can hold
2027  TlsContentType txBufferType; ///<Type of data that resides in the TX buffer
2028  size_t txBufferLen; ///<Number of bytes that are pending to be sent
2029  size_t txBufferPos; ///<Current position in TX buffer
2030  size_t txRecordLen; ///<Length of the TLS record
2031  size_t txRecordPos; ///<Current position in the TLS record
2032 
2033  uint8_t *rxBuffer; ///<RX buffer
2034  size_t rxBufferSize; ///<RX buffer size
2035  size_t rxBufferMaxLen; ///<Maximum number of plaintext data the RX buffer can hold
2036  TlsContentType rxBufferType; ///<Type of data that resides in the RX buffer
2037  size_t rxBufferLen; ///<Number of bytes available for reading
2038  size_t rxBufferPos; ///<Current position in RX buffer
2039  size_t rxRecordLen; ///<Length of the TLS record
2040  size_t rxRecordPos; ///<Current position in the TLS record
2041 
2042  union
2043  {
2044  struct
2045  {
2046  uint8_t clientRandom[32]; ///<Client random value
2047  uint8_t serverRandom[32]; ///<Server random value
2048  };
2049  uint8_t random[64];
2050  };
2051 
2052  uint8_t premasterSecret[TLS_PREMASTER_SECRET_SIZE]; ///<Premaster secret
2053  size_t premasterSecretLen; ///<Length of the premaster secret
2054  uint8_t masterSecret[TLS_MASTER_SECRET_SIZE]; ///<Master secret
2055  uint8_t keyBlock[192]; ///<Key material
2056  uint8_t clientVerifyData[64]; ///<Client verify data
2057  size_t clientVerifyDataLen; ///<Length of the client verify data
2058  uint8_t serverVerifyData[64]; ///<Server verify data
2059  size_t serverVerifyDataLen; ///<Length of the server verify data
2060 
2061  TlsEncryptionEngine encryptionEngine; ///<Encryption engine
2062  TlsEncryptionEngine decryptionEngine; ///<Decryption engine
2063 
2064 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_1)
2065  Md5Context *handshakeMd5Context; ///<MD5 context used to compute verify data
2066 #endif
2067 
2068 #if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
2069  HmacContext hmacContext; ///<HMAC context
2070  Sha1Context *handshakeSha1Context; ///<SHA-1 context used to compute verify data
2071 #endif
2072 
2073 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
2074  HashContext *handshakeHashContext; ///<Hash context used to compute verify data (TLS 1.2)
2075 #endif
2076 
2077 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
2078  uint16_t preferredGroup; ///<Preferred ECDHE or FFDHE named group
2079  systime_t timestamp; ///<Time at which the ClientHello message was sent
2080  bool_t updatedClientHelloReceived; ///<An updated ClientHello message has been received
2081  uint8_t *certRequestContext; ///<Certificate request context
2082  size_t certRequestContextLen; ///<Length of the certificate request context
2083  int_t selectedIdentity; ///<Selected PSK identity
2084 
2085  uint8_t secret[TLS_MAX_HKDF_DIGEST_SIZE];
2086  uint8_t clientEarlyTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE];
2087  uint8_t clientHsTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE];
2088  uint8_t serverHsTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE];
2089  uint8_t clientAppTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE];
2090  uint8_t serverAppTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE];
2091  uint8_t exporterMasterSecret[TLS_MAX_HKDF_DIGEST_SIZE];
2092  uint8_t resumptionMasterSecret[TLS_MAX_HKDF_DIGEST_SIZE];
2093 
2094  uint_t newSessionTicketCount; ///<Number of NewSessionTicket messages that have been sent
2095 
2096  uint8_t *ticket; ///<Session ticket
2097  size_t ticketLen; ///<Length of the session ticket
2098  uint8_t ticketPsk[TLS_MAX_HKDF_DIGEST_SIZE]; ///<PSK associated with the ticket
2099  size_t ticketPskLen; ///<Length of the PSK associated with the ticket
2100  systime_t ticketTimestamp; ///<Timestamp to manage ticket lifetime
2101  uint32_t ticketLifetime; ///<Lifetime of the ticket
2102  uint32_t ticketAgeAdd; ///<Random value used to obscure the age of the ticket
2103  uint32_t ticketNonce; ///<A per-ticket value that is unique across all tickets issued
2104  uint16_t ticketCipherSuite; ///<Cipher suite associated with the ticket
2105  TlsHashAlgo ticketHashAlgo; ///<Hash algorithm associated with the ticket
2106  char_t *ticketAlpn; ///<ALPN protocol associated with the ticket
2107 
2108  size_t maxEarlyDataSize; ///<Maximum amount of 0-RTT data that the client is allowed to send
2109  size_t earlyDataLen; ///<Total amount of 0-RTT data that have been sent by the client
2110  bool_t earlyDataEnabled; ///<EarlyData is enabled
2111  bool_t earlyDataRejected; ///<The 0-RTT data have been rejected by the server
2112  bool_t earlyDataExtReceived; ///<The EarlyData extension has been received
2113  TlsSequenceNumber earlyDataSeqNum; ///<Early data sequence number
2114 #endif
2115 
2116 #if (TLS_DH_SUPPORT == ENABLED)
2117  DhContext dhContext; ///<Diffie-Hellman context
2118 #endif
2119 
2120 #if (TLS_ECDH_SUPPORT == ENABLED)
2121  EcdhContext ecdhContext; ///<ECDH context
2122  bool_t ecPointFormatsExtReceived; ///<The EcPointFormats extension has been received
2123 #endif
2124 
2125 #if (TLS_RSA_SUPPORT == ENABLED)
2126  RsaPublicKey peerRsaPublicKey; ///<Peer's RSA public key
2127 #endif
2128 
2129 #if (TLS_DSA_SIGN_SUPPORT == ENABLED)
2130  DsaPublicKey peerDsaPublicKey; ///<Peer's DSA public key
2131 #endif
2132 
2133 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED || TLS_EDDSA_SIGN_SUPPORT == ENABLED)
2134  EcDomainParameters peerEcParams; ///<Peer's EC domain parameters
2135  EcPoint peerEcPublicKey; ///<Peer's EC public key
2136 #endif
2137 
2138 #if (TLS_PSK_SUPPORT == ENABLED)
2139  uint8_t *psk; ///<Pre-shared key
2140  size_t pskLen; ///<Length of the pre-shared key, in bytes
2141  char_t *pskIdentity; ///<PSK identity
2142  char_t *pskIdentityHint; ///<PSK identity hint
2143  TlsPskCallback pskCallback; ///<PSK callback function
2144  uint16_t pskCipherSuite; ///<Cipher suite associated with the PSK
2145  TlsHashAlgo pskHashAlgo; ///<Hash algorithm associated with the PSK
2146 #endif
2147 
2148 #if (TLS_MAX_FRAG_LEN_SUPPORT == ENABLED)
2149  size_t maxFragLen; ///<Maximum plaintext fragment length
2150  bool_t maxFragLenExtReceived; ///<The MaxFragmentLength extension has been received
2151 #endif
2152 
2153 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
2154  size_t recordSizeLimit; ///<Maximum record size the peer is willing to receive
2155  bool_t recordSizeLimitExtReceived; ///<The RecordSizeLimit extension has been received
2156 #endif
2157 
2158 #if (TLS_ALPN_SUPPORT == ENABLED)
2159  bool_t unknownProtocolsAllowed; ///<Unknown ALPN protocols allowed
2160  char_t *protocolList; ///<List of supported ALPN protocols
2161  char_t *selectedProtocol; ///<Selected ALPN protocol
2162 #endif
2163 
2164 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
2165  bool_t extendedMasterSecretExtReceived; ///<The ExtendedMasterSecret extension has been received
2166 #endif
2167 
2168 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
2169  TlsCertificateFormat certFormat; ///<Certificate format
2170  TlsCertificateFormat peerCertFormat; ///<Peer's certificate format
2171  TlsRpkVerifyCallback rpkVerifyCallback; ///<Raw public key verification callback function
2172  bool_t clientCertTypeExtReceived; ///<The ClientCertType extension has been received
2173  bool_t serverCertTypeExtReceived; ///<The ServerCertType extension has been received
2174 #endif
2175 
2176 #if (TLS_TICKET_SUPPORT == ENABLED)
2177  TlsTicketEncryptCallback ticketEncryptCallback; ///<Ticket encryption callback function
2178  TlsTicketDecryptCallback ticketDecryptCallback; ///<Ticket decryption callback function
2179  void *ticketParam; ///<Opaque pointer passed to the ticket callbacks
2180 #endif
2181 
2182 #if (TLS_SECURE_RENEGOTIATION_SUPPORT == ENABLED)
2183  bool_t secureRenegoEnabled; ///<Secure renegotiation enabled
2184  bool_t secureRenegoFlag; ///<Secure renegotiation flag
2185 #endif
2186 
2187 #if (TLS_FALLBACK_SCSV_SUPPORT == ENABLED)
2188  bool_t fallbackScsvEnabled; ///<Support for FALLBACK_SCSV
2189 #endif
2190 
2191 #if (TLS_KEY_LOG_SUPPORT == ENABLED)
2192  TlsKeyLogCallback keyLogCallback; ///<Key logging callback (for debugging purpose only)
2193 #endif
2194 
2195 #if (TLS_MAX_WARNING_ALERTS > 0)
2196  uint_t alertCount; ///<Count of consecutive warning alerts
2197 #endif
2198 
2199 #if (TLS_MAX_EMPTY_RECORDS > 0)
2200  uint_t emptyRecordCount; ///<Count of consecutive empty records
2201 #endif
2202 
2203 #if (TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES > 0)
2204  uint_t changeCipherSpecCount; ///<Count of consecutive ChangeCipherSpec messages
2205 #endif
2206 
2207 #if (TLS_MAX_KEY_UPDATE_MESSAGES > 0)
2208  uint_t keyUpdateCount; ///<Count of consecutive KeyUpdate messages
2209 #endif
2210 
2211 #if (DTLS_SUPPORT == ENABLED)
2212  size_t pmtu; ///<PMTU value
2213  systime_t timeout; ///<Timeout for blocking calls
2215 
2216  DtlsCookieGenerateCallback cookieGenerateCallback; ///<Cookie generation callback function
2217  DtlsCookieVerifyCallback cookieVerifyCallback; ///<Cookie verification callback function
2218  void *cookieParam; ///<Opaque pointer passed to the cookie callbacks
2219 
2220  uint_t retransmitCount; ///<Retransmission counter
2221  systime_t retransmitTimestamp; ///<Time at which the datagram was sent
2222  systime_t retransmitTimeout; ///<Retransmission timeout
2223 
2224  uint16_t txMsgSeq; ///<Send sequence number
2225  size_t txDatagramLen; ///<Length of the outgoing datagram, in bytes
2226 
2227  uint16_t rxMsgSeq; ///<Next receive sequence number
2228  size_t rxFragQueueLen; ///<Length of the reassembly queue
2229  size_t rxDatagramLen; ///<Length of the incoming datagram, in bytes
2231  uint16_t rxRecordVersion; ///<Version of the incoming record
2232 
2233 #if (DTLS_REPLAY_DETECTION_SUPPORT == ENABLED)
2234  bool_t replayDetectionEnabled; ///<Anti-replay mechanism enabled
2235  uint32_t replayWindow[(DTLS_REPLAY_WINDOW_SIZE + 31) / 32];
2236 #endif
2237 
2239 #endif
2240 };
2241 
2242 
2243 //TLS application programming interface (API)
2244 TlsContext *tlsInit(void);
2245 TlsState tlsGetState(TlsContext *context);
2246 
2248  TlsSocketSendCallback socketSendCallback,
2249  TlsSocketReceiveCallback socketReceiveCallback, TlsSocketHandle handle);
2250 
2251 error_t tlsSetVersion(TlsContext *context, uint16_t versionMin,
2252  uint16_t versionMax);
2253 
2255  TlsTransportProtocol transportProtocol);
2256 
2258 error_t tlsSetPrng(TlsContext *context, const PrngAlgo *prngAlgo, void *prngContext);
2259 
2260 error_t tlsSetServerName(TlsContext *context, const char_t *serverName);
2261 const char_t *tlsGetServerName(TlsContext *context);
2262 
2263 error_t tlsSetCache(TlsContext *context, TlsCache *cache);
2265 
2266 error_t tlsSetBufferSize(TlsContext *context, size_t txBufferSize,
2267  size_t rxBufferSize);
2268 
2269 error_t tlsSetMaxFragmentLength(TlsContext *context, size_t maxFragLen);
2270 
2271 error_t tlsSetCipherSuites(TlsContext *context, const uint16_t *cipherSuites,
2272  uint_t length);
2273 
2274 error_t tlsSetSupportedGroups(TlsContext *context, const uint16_t *groups,
2275  uint_t length);
2276 
2277 error_t tlsSetPreferredGroup(TlsContext *context, uint16_t group);
2278 
2279 error_t tlsSetDhParameters(TlsContext *context, const char_t *params,
2280  size_t length);
2281 
2282 error_t tlsSetEcdhCallback(TlsContext *context, TlsEcdhCallback ecdhCallback);
2283 
2285  TlsEcdsaSignCallback ecdsaSignCallback);
2286 
2288  TlsEcdsaVerifyCallback ecdsaVerifyCallback);
2289 
2291  TlsKeyLogCallback keyLogCallback);
2292 
2294 error_t tlsSetAlpnProtocolList(TlsContext *context, const char_t *protocolList);
2295 const char_t *tlsGetAlpnProtocol(TlsContext *context);
2296 
2297 error_t tlsSetPsk(TlsContext *context, const uint8_t *psk, size_t length);
2298 error_t tlsSetPskIdentity(TlsContext *context, const char_t *pskIdentity);
2299 error_t tlsSetPskIdentityHint(TlsContext *context, const char_t *pskIdentityHint);
2300 error_t tlsSetPskCallback(TlsContext *context, TlsPskCallback pskCallback);
2301 
2303  TlsRpkVerifyCallback rpkVerifyCallback);
2304 
2306  const char_t *trustedCaList, size_t length);
2307 
2308 error_t tlsAddCertificate(TlsContext *context, const char_t *certChain,
2309  size_t certChainLen, const char_t *privateKey, size_t privateKeyLen);
2310 
2312 error_t tlsEnableFallbackScsv(TlsContext *context, bool_t enabled);
2313 
2315  TlsTicketEncryptCallback ticketEncryptCallback,
2316  TlsTicketDecryptCallback ticketDecryptCallback, void *param);
2317 
2318 error_t tlsSetPmtu(TlsContext *context, size_t pmtu);
2319 error_t tlsSetTimeout(TlsContext *context, systime_t timeout);
2320 
2322  DtlsCookieGenerateCallback cookieGenerateCallback,
2323  DtlsCookieVerifyCallback cookieVerifyCallback, void *param);
2324 
2326 
2327 error_t tlsSetMaxEarlyDataSize(TlsContext *context, size_t maxEarlyDataSize);
2328 
2329 error_t tlsWriteEarlyData(TlsContext *context, const void *data,
2330  size_t length, size_t *written, uint_t flags);
2331 
2332 error_t tlsConnect(TlsContext *context);
2333 
2335 
2336 error_t tlsWrite(TlsContext *context, const void *data,
2337  size_t length, size_t *written, uint_t flags);
2338 
2339 error_t tlsRead(TlsContext *context, void *data,
2340  size_t size, size_t *received, uint_t flags);
2341 
2342 bool_t tlsIsRxReady(TlsContext *context);
2343 
2344 error_t tlsShutdown(TlsContext *context);
2345 error_t tlsShutdownEx(TlsContext *context, bool_t waitForCloseNotify);
2346 
2347 void tlsFree(TlsContext *context);
2348 
2350 
2351 error_t tlsSaveSessionState(const TlsContext *context,
2352  TlsSessionState *session);
2353 
2355  const TlsSessionState *session);
2356 
2357 void tlsFreeSessionState(TlsSessionState *session);
2358 
2360 void tlsFreeCache(TlsCache *cache);
2361 
2362 //C++ guard
2363 #ifdef __cplusplus
2364  }
2365 #endif
2366 
2367 #endif
size_t txDatagramLen
Length of the outgoing datagram, in bytes.
Definition: tls.h:2225
size_t maxFragLen
Maximum plaintext fragment length.
Definition: tls.h:2149
TlsKeyExchMethod
Key exchange methods.
Definition: tls.h:1019
void tlsFree(TlsContext *context)
Release TLS context.
Definition: tls.c:2178
uint8_t keyBlock[192]
Key material.
Definition: tls.h:2055
void * ticketParam
Opaque pointer passed to the ticket callbacks.
Definition: tls.h:2179
systime_t timeout
Timeout for blocking calls.
Definition: tls.h:2213
TlsAlertDescription
Alert description.
Definition: tls.h:966
void tlsFreeSessionState(TlsSessionState *session)
Properly dispose a session state.
Definition: tls.c:2594
#define DTLS_REPLAY_WINDOW_SIZE
Definition: dtls_misc.h:66
bool_t unknownProtocolsAllowed
Unknown ALPN protocols allowed.
Definition: tls.h:2159
size_t certChainLen
Length of the certificate chain.
Definition: tls.h:1864
error_t tlsSetTimeout(TlsContext *context, systime_t timeout)
Set timeout for blocking calls (for DTLS only)
Definition: tls.c:1347
__start_packed struct @95 Tls13KeyShareEntry
Key share entry.
__start_packed struct @78 TlsRenegoInfo
Renegotiated connection.
uint32_t systime_t
Definition: compiler_port.h:44
char_t * selectedProtocol
Selected ALPN protocol.
Definition: tls.h:2161
DtlsSequenceNumber dtlsSeqNum
Record sequence number.
Definition: tls.h:1948
TlsHashAlgo signHashAlgo
Hash algorithm used for signing.
Definition: tls.h:2011
const char_t * certChain
End entity certificate chain (PEM format)
Definition: tls.h:1863
__start_packed struct @83 TlsRecord
TLS record.
error_t tlsShutdownEx(TlsContext *context, bool_t waitForCloseNotify)
Gracefully close TLS session.
Definition: tls.c:2031
EC domain parameters.
Definition: ec.h:61
size_t rxBufferLen
Number of bytes available for reading.
Definition: tls.h:2037
void TlsServerHelloDone
ServerHelloDone message.
Definition: tls.h:1656
TlsMessageType
Handshake message type.
Definition: tls.h:926
error_t tlsSetPrng(TlsContext *context, const PrngAlgo *prngAlgo, void *prngContext)
Set the pseudo-random number generator to be used.
Definition: tls.c:336
char char_t
Definition: compiler_port.h:41
DtlsCookieGenerateCallback cookieGenerateCallback
Cookie generation callback function.
Definition: tls.h:2216
const TlsSignHashAlgos * certSignAlgoList
SignatureAlgorithmsCert extension.
Definition: tls.h:1886
TlsEcdsaSignCallback ecdsaSignCallback
Definition: tls.h:1983
uint8_t flags
Definition: tcp.h:312
size_t rxDatagramLen
Length of the incoming datagram, in bytes.
Definition: tls.h:2229
TlsState
TLS FSM states.
Definition: tls.h:1267
__start_packed struct @73 TlsProtocolName
Protocol name.
uint8_t * psk
Pre-shared key.
Definition: tls.h:2139
size_t fixedIvLen
Length of the fixed part of the IV.
Definition: tls.h:1934
size_t rxBufferMaxLen
Maximum number of plaintext data the RX buffer can hold.
Definition: tls.h:2035
error_t tlsSetPsk(TlsContext *context, const uint8_t *psk, size_t length)
Set the pre-shared key to be used.
Definition: tls.c:881
__start_packed struct @87 TlsCertificateRequest
CertificateRequest message.
size_t serverVerifyDataLen
Length of the server verify data.
Definition: tls.h:2059
systime_t ticketTimestamp
Timestamp to manage ticket lifetime.
Definition: tls13_misc.h:368
TlsCertificateFormat peerCertFormat
Peer&#39;s certificate format.
Definition: tls.h:2170
TlsContentType txBufferType
Type of data that resides in the TX buffer.
Definition: tls.h:2027
size_t encKeyLen
Length of the encryption key.
Definition: tls.h:1932
size_t txBufferMaxLen
Maximum number of plaintext data the TX buffer can hold.
Definition: tls.h:2026
DtlsCookieVerifyCallback cookieVerifyCallback
Cookie verification callback function.
Definition: tls.h:2217
Md5Context * handshakeMd5Context
MD5 context used to compute verify data.
Definition: tls.h:2065
const uint8_t * recordSizeLimit
RecordSizeLimit extension.
Definition: tls.h:1891
uint8_t * rxBuffer
RX buffer.
Definition: tls.h:2033
const char_t * name
Definition: tls.h:1801
uint8_t hash
Definition: tls.h:1363
TlsHashAlgo
Hash algorithms.
Definition: tls.h:1087
size_t trustedCaListLen
Number of trusted CA in the list.
Definition: tls.h:1992
TlsHashAlgo pskHashAlgo
Hash algorithm associated with the PSK.
Definition: tls.h:2145
error_t tlsSetCipherSuites(TlsContext *context, const uint16_t *cipherSuites, uint_t length)
Specify the list of allowed cipher suites.
Definition: tls.c:562
char_t * pskIdentityHint
PSK identity hint.
Definition: tls.h:2142
size_t rxBufferPos
Current position in RX buffer.
Definition: tls.h:2038
uint8_t sessionIdLen
Definition: tls.h:1609
uint8_t compressMethod
Negotiated compression algorithm.
Definition: tls.h:2007
TlsCertificateFormat
Certificate formats.
Definition: tls.h:1052
TlsRpkVerifyCallback rpkVerifyCallback
Raw public key verification callback function.
Definition: tls.h:2171
SHA-1 algorithm context.
Definition: sha1.h:54
void TlsHelloRequest
HelloRequest message.
Definition: tls.h:1598
const uint16_t * cipherSuites
List of supported cipher suites.
Definition: tls.h:1973
uint8_t ticketNonce[]
A per-ticket value that is unique across all tickets issued.
Definition: tls13_misc.h:335
error_t tlsRead(TlsContext *context, void *data, size_t size, size_t *received, uint_t flags)
Receive application data from a the remote host using TLS.
Definition: tls.c:1740
ECDSA (Elliptic Curve Digital Signature Algorithm)
TlsSignatureAlgo
Signature algorithms.
Definition: tls.h:1104
error_t tlsSaveSessionState(const TlsContext *context, TlsSessionState *session)
Save TLS session.
Definition: tls.c:2333
uint16_t rxRecordVersion
Version of the incoming record.
Definition: tls.h:2231
General definitions for cryptographic algorithms.
bool_t replayDetectionEnabled
Anti-replay mechanism enabled.
Definition: tls.h:2234
TlsContext * tlsInit(void)
TLS context initialization.
Definition: tls.c:63
error_t tlsSetServerName(TlsContext *context, const char_t *serverName)
Set the server name.
Definition: tls.c:363
uint8_t data[]
Definition: tls.h:1578
size_t clientVerifyDataLen
Length of the client verify data.
Definition: tls.h:2057
uint32_t replayWindow[(DTLS_REPLAY_WINDOW_SIZE+31)/32]
Definition: tls.h:2235
#define TLS_PREMASTER_SECRET_SIZE
Definition: tls.h:720
uint16_t version
Negotiated TLS version.
Definition: tls.h:2000
TlsConnectionEnd entity
Client or server operation.
Definition: tls.h:1964
Session cache.
Definition: tls.h:1849
TlsTicketEncryptCallback ticketEncryptCallback
Ticket encryption callback function.
Definition: tls.h:2177
Common interface for encryption algorithms.
Definition: crypto.h:1073
uint8_t authTagLen
Definition: tls.h:1811
const uint16_t * supportedGroups
List of supported named groups.
Definition: tls.h:1976
char_t * serverName
Fully qualified DNS hostname of the server.
Definition: tls.h:1979
error_t(* TlsEcdsaSignCallback)(TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
ECDSA signature generation callback function.
Definition: tls.h:1775
DsaPublicKey peerDsaPublicKey
Peer&#39;s DSA public key.
Definition: tls.h:2130
size_t authTagLen
Length of the authentication tag.
Definition: tls.h:1936
size_t recordIvLen
Length of the IV.
Definition: tls.h:1935
error_t(* TlsSocketSendCallback)(TlsSocketHandle handle, const void *data, size_t length, size_t *written, uint_t flags)
Socket send callback function.
Definition: tls.h:1718
error_t tlsSetPreferredGroup(TlsContext *context, uint16_t group)
Specify the preferred ECDHE or FFDHE group.
Definition: tls.c:617
uint_t numCipherSuites
Number of cipher suites in the list.
Definition: tls.h:1974
bool_t tlsIsRxReady(TlsContext *context)
Check whether some data is available in the receive buffer.
Definition: tls.c:1976
uint8_t clientRandom[32]
Client random value.
Definition: tls.h:2046
error_t tlsAllowUnknownAlpnProtocols(TlsContext *context, bool_t allowed)
Allow unknown ALPN protocols.
Definition: tls.c:779
uint8_t sessionId[]
Definition: tls.h:1610
__start_packed struct @63 TlsCompressMethods
Compression methods.
TlsEncryptionEngine decryptionEngine
Decryption engine.
Definition: tls.h:2062
bool_t closeNotifySent
A closure alert has been sent.
Definition: tls.h:2021
error_t tlsSetCookieCallbacks(TlsContext *context, DtlsCookieGenerateCallback cookieGenerateCallback, DtlsCookieVerifyCallback cookieVerifyCallback, void *param)
Set cookie generation/verification callbacks (for DTLS only)
Definition: tls.c:1375
uint16_t version
TLS protocol version.
Definition: tls.h:1822
HmacContext * hmacContext
HMAC context.
Definition: tls.h:1941
uint_t numCerts
Definition: tls.h:1988
void TlsFinished
Finished message.
Definition: tls.h:1677
uint8_t level
Definition: tls.h:1696
TLS session state.
Definition: tls.h:1820
bool_t fatalAlertReceived
A fatal alert message has been received from the peer.
Definition: tls.h:2020
error_t tlsSetConnectionEnd(TlsContext *context, TlsConnectionEnd entity)
Set operation mode (client or server)
Definition: tls.c:310
uint8_t clientVerifyData[64]
Client verify data.
Definition: tls.h:2056
CipherMode cipherMode
Definition: tls.h:1804
TlsClientAuthMode clientAuthMode
Client authentication mode.
Definition: tls.h:2015
Generic hash algorithm context.
Definition: crypto.h:1044
TlsCertificateFormat certFormat
Certificate format.
Definition: tls.h:2169
__start_packed struct @74 TlsProtocolNameList
List of protocol names.
error_t tlsSetPskIdentity(TlsContext *context, const char_t *pskIdentity)
Set the PSK identity to be used by the client.
Definition: tls.c:942
ECDH context.
Definition: ecdh.h:46
__start_packed struct @84 TlsHandshake
TLS handshake message.
TlsContentType rxBufferType
Type of data that resides in the RX buffer.
Definition: tls.h:2036
error_t tlsSetMaxEarlyDataSize(TlsContext *context, size_t maxEarlyDataSize)
Send the maximum amount of 0-RTT data the server can accept.
Definition: tls.c:1439
size_t sessionIdLen
Length of the session identifier.
Definition: tls.h:1997
__start_packed struct @65 TlsSignHashAlgos
List of signature algorithms.
TlsTransportProtocol transportProtocol
Transport protocol (stream or datagram)
Definition: tls.h:1963
const PrngAlgo * prngAlgo
Pseudo-random number generator to be used.
Definition: tls.h:1970
Diffie-Hellman context.
Definition: dh.h:57
TlsSignHashAlgo algorithm
Definition: tls.h:1563
systime_t startTime
Definition: tls.h:2214
bool_t fatalAlertSent
A fatal alert message has been sent.
Definition: tls.h:2019
__start_packed struct @66 TlsCertificateList
List of certificates.
TlsKeyExchMethod keyExchMethod
Definition: tls.h:1802
error_t tlsRestoreSessionState(TlsContext *context, const TlsSessionState *session)
Restore TLS session.
Definition: tls.c:2466
__start_packed struct @97 Tls13PskKeModeList
List of PSK key exchange modes.
__start_packed struct @75 TlsSupportedGroupList
List of supported groups.
error_t tlsSetAlpnProtocolList(TlsContext *context, const char_t *protocolList)
Set the list of supported ALPN protocols.
Definition: tls.c:805
bool_t extendedMasterSecret
Extended master secret computation.
Definition: tls.h:1830
__start_packed struct @86 TlsServerHello
ServerHello message.
error_t tlsConnect(TlsContext *context)
Initiate the TLS handshake.
Definition: tls.c:1531
__start_packed struct @89 TlsAlert
Alert message.
error_t tlsSetPskIdentityHint(TlsContext *context, const char_t *pskIdentityHint)
Set the PSK identity hint to be used by the server.
Definition: tls.c:991
bool_t secureRenegoFlag
Secure renegotiation flag.
Definition: tls.h:2184
uint16_t txMsgSeq
Send sequence number.
Definition: tls.h:2224
DSA public key.
Definition: dsa.h:46
error_t(* TlsRpkVerifyCallback)(TlsContext *context, const uint8_t *rawPublicKey, size_t rawPublicKeyLen)
Raw public key verification callback function.
Definition: tls.h:1742
error_t(* TlsPskCallback)(TlsContext *context, const uint8_t *pskIdentity, size_t pskIdentityLen)
Pre-shared key callback function.
Definition: tls.h:1734
DTLS (Datagram Transport Layer Security)
error_t tlsSetSocketCallbacks(TlsContext *context, TlsSocketSendCallback socketSendCallback, TlsSocketReceiveCallback socketReceiveCallback, TlsSocketHandle handle)
Set socket send and receive callbacks.
Definition: tls.c:215
size_t premasterSecretLen
Length of the premaster secret.
Definition: tls.h:2053
void * TlsSocketHandle
Socket handle.
Definition: tls.h:1711
void TlsCertificateVerify
CertificateVerify message.
Definition: tls.h:1670
TlsMaxFragmentLength
Maximum fragment length.
Definition: tls.h:1182
TlsNamedGroup
Named groups.
Definition: tls.h:1195
error_t(* TlsTicketEncryptCallback)(TlsContext *context, const uint8_t *plaintext, size_t plaintextLen, uint8_t *ciphertext, size_t *ciphertextLen, void *params)
Ticket encryption callback function.
Definition: tls.h:1750
error_t(* TlsEcdhCallback)(TlsContext *context)
ECDH key agreement callback function.
Definition: tls.h:1768
bool_t secureRenegoEnabled
Secure renegotiation enabled.
Definition: tls.h:2183
TlsSequenceNumber seqNum
TLS sequence number.
Definition: tls.h:1945
TlsCipherSuiteInfo cipherSuite
Negotiated cipher suite.
Definition: tls.h:2008
Elliptic curve point.
Definition: ec.h:49
const uint8_t * extendedMasterSecret
ExtendedMasterSecret extension.
Definition: tls.h:1903
const TlsServerNameList * serverNameList
ServerName extension.
Definition: tls.h:1882
__start_packed struct @101 Tls13PskBinderList
List of PSK binders.
bool_t clientCertRequested
This flag tells whether the client certificate is requested.
Definition: tls.h:2016
error_t(* DtlsCookieGenerateCallback)(TlsContext *context, const DtlsClientParameters *clientParams, uint8_t *cookie, size_t *length, void *param)
DTLS cookie generation callback function.
Definition: dtls_misc.h:226
OsMutex mutex
Mutex preventing simultaneous access to the cache.
Definition: tls.h:1851
size_t pskLen
Length of the pre-shared key, in bytes.
Definition: tls.h:2140
HMAC algorithm context.
Definition: hmac.h:180
uint16_t versionMin
Minimum version accepted by the implementation.
Definition: tls.h:2001
HMAC (Keyed-Hashing for Message Authentication)
error_t tlsEnableSecureRenegotiation(TlsContext *context, bool_t enabled)
Enable secure renegotiation.
Definition: tls.c:1231
ECDSA signature.
Definition: ecdsa.h:46
uint16_t identifier
Definition: tls.h:1800
TlsEncryptionEngine encryptionEngine
Encryption engine.
Definition: tls.h:2061
__start_packed struct @68 TlsExtension
TLS extension.
uint8_t * txBuffer
TX buffer.
Definition: tls.h:2024
GCM context.
Definition: gcm.h:45
error_t tlsSetTransportProtocol(TlsContext *context, TlsTransportProtocol transportProtocol)
Set the transport protocol to be used.
Definition: tls.c:281
void TlsClientKeyExchange
ClientKeyExchange message.
Definition: tls.h:1663
uint8_t fixedIvLen
Definition: tls.h:1809
uint32_t ticketLifetime
Lifetime of the ticket.
Definition: tls13_misc.h:332
void TlsServerKeyExchange
ServerKeyExchange message.
Definition: tls.h:1638
void * cookieParam
Opaque pointer passed to the cookie callbacks.
Definition: tls.h:2218
#define TLS_MAX_CERTIFICATES
Definition: tls.h:237
uint8_t * cookie
Cookie.
Definition: tls.h:2004
__start_packed struct @88 TlsChangeCipherSpec
ChangeCipherSpec message.
signed int int_t
Definition: compiler_port.h:42
TLS 1.3 helper functions.
TlsNameType
Name type.
Definition: tls.h:1172
RSA public key.
Definition: rsa.h:46
TlsSocketSendCallback socketSendCallback
Socket send callback function.
Definition: tls.h:1967
uint_t retransmitCount
Retransmission counter.
Definition: tls.h:2220
__start_packed struct @64 TlsSignHashAlgo
Signature algorithm.
Diffie-Hellman key exchange.
__start_packed struct @70 TlsSupportedVersionList
List of supported versions.
error_t(* TlsSocketReceiveCallback)(TlsSocketHandle handle, void *data, size_t size, size_t *received, uint_t flags)
Socket receive callback function.
Definition: tls.h:1726
uint16_t version
Negotiated TLS version.
Definition: tls.h:1928
size_t sessionIdLen
Length of the session identifier.
Definition: tls.h:1829
uint16_t type
Definition: tls.h:1407
uint16_t TlsCipherSuite
Cipher suite.
Definition: tls.h:1325
bool_t closeNotifyReceived
A closure alert has been received from the peer.
Definition: tls.h:2022
__start_packed struct @76 TlsEcPointFormatList
List of supported EC point formats.
uint8_t serverVerifyData[64]
Server verify data.
Definition: tls.h:2058
const CipherAlgo * cipherAlgo
Definition: tls.h:1803
bool_t extendedMasterSecretExtReceived
The ExtendedMasterSecret extension has been received.
Definition: tls.h:2165
const TlsSupportedGroupList * supportedGroupList
SupportedGroups extension.
Definition: tls.h:1883
uint8_t sessionId[32]
Session identifier.
Definition: tls.h:1996
uint16_t epoch
Counter value incremented on every cipher state change.
Definition: tls.h:1947
HmacContext hmacContext
HMAC context.
Definition: tls.h:2069
void * prngContext
Pseudo-random number generator context.
Definition: tls.h:1971
error_t tlsSetBufferSize(TlsContext *context, size_t txBufferSize, size_t rxBufferSize)
Set TLS buffer size.
Definition: tls.c:479
TlsSignatureAlgo signAlgo
Signature algorithm used to sign the end entity certificate.
Definition: tls.h:1868
RTOS abstraction layer.
size_t privateKeyLen
Length of the private key.
Definition: tls.h:1866
const uint8_t * serverCertType
Definition: tls.h:1900
__start_packed struct @55 DtlsSequenceNumber
Sequence number.
error_t tlsInitSessionState(TlsSessionState *session)
Initialize session state.
Definition: tls.c:2312
const HashAlgo * hashAlgo
Hash algorithm for MAC operations.
Definition: tls.h:1940
void tlsFreeCache(TlsCache *cache)
Properly dispose a session cache.
Definition: tls_cache.c:312
uint16_t length
Definition: tls.h:1334
uint8_t serverRandom[32]
Server random value.
Definition: tls.h:2047
error_t tlsSetEcdhCallback(TlsContext *context, TlsEcdhCallback ecdhCallback)
Register ECDH key agreement callback function.
Definition: tls.c:672
uint8_t TlsCompressMethod
Compression method.
Definition: tls.h:1343
TlsContentType
Content type.
Definition: tls.h:910
bool_t recordSizeLimitExtReceived
The RecordSizeLimit extension has been received.
Definition: tls.h:2155
size_t rxRecordLen
Length of the TLS record.
Definition: tls.h:2039
__start_packed struct @69 TlsExtensionList
List of TLS extensions.
MD5 algorithm context.
Definition: md5.h:54
error_t tlsSetCache(TlsContext *context, TlsCache *cache)
Set session cache.
Definition: tls.c:436
__start_packed struct @79 TlsPskIdentity
PSK identity.
bool_t fallbackScsvEnabled
Support for FALLBACK_SCSV.
Definition: tls.h:2188
uint8_t recordIvLen
Definition: tls.h:1810
uint_t size
Maximum number of entries.
Definition: tls.h:1852
error_t tlsSetPskCallback(TlsContext *context, TlsPskCallback pskCallback)
Register the PSK callback function.
Definition: tls.c:1040
systime_t retransmitTimestamp
Time at which the datagram was sent.
Definition: tls.h:2221
uint8_t signature
Definition: tls.h:1364
TlsTicketDecryptCallback ticketDecryptCallback
Ticket decryption callback function.
Definition: tls.h:2178
error_t tlsSetVersion(TlsContext *context, uint16_t versionMin, uint16_t versionMax)
Set minimum and maximum versions permitted.
Definition: tls.c:247
char_t * pskIdentity
PSK identity.
Definition: tls.h:2141
Encryption engine.
Definition: tls.h:1926
DSA (Digital Signature Algorithm)
Structure describing a cipher suite.
Definition: tls.h:1798
const TlsProtocolNameList * protocolNameList
ALPN extension.
Definition: tls.h:1894
TlsCache * tlsInitCache(uint_t size)
Session cache initialization.
Definition: tls_cache.c:48
TlsSocketReceiveCallback socketReceiveCallback
Socket receive callback function.
Definition: tls.h:1968
size_t txRecordPos
Current position in the TLS record.
Definition: tls.h:2031
size_t ticketPskLen
Length of the PSK associated with the ticket.
Definition: tls13_misc.h:372
uint16_t value[]
Definition: tls.h:1335
TlsClientAuthMode
Client authentication mode.
Definition: tls.h:866
size_t rxDatagramPos
Definition: tls.h:2230
TlsEcPointFormat
EC point formats.
Definition: tls.h:1243
size_t recordSizeLimit
Maximum record size the peer is willing to receive.
Definition: tls.h:2154
uint_t numSupportedGroups
Number of named groups in the list.
Definition: tls.h:1977
__start_packed struct @82 Tls12DigitalSignature
Digitally-signed element (TLS 1.2)
TlsCertificateType
Certificate types.
Definition: tls.h:1064
error_t tlsEnableReplayDetection(TlsContext *context, bool_t enabled)
Enable anti-replay mechanism (for DTLS only)
Definition: tls.c:1411
error_t tlsSetPmtu(TlsContext *context, size_t pmtu)
Set PMTU value (for DTLS only)
Definition: tls.c:1317
size_t rxBufferSize
RX buffer size.
Definition: tls.h:2034
systime_t retransmitTimeout
Retransmission timeout.
Definition: tls.h:2222
uint8_t cookie[]
Definition: dtls_misc.h:194
ECDH (Elliptic Curve Diffie-Hellman) key exchange.
TlsEcdhCallback ecdhCallback
Definition: tls.h:1982
TlsCertDesc certs[TLS_MAX_CERTIFICATES]
Definition: tls.h:1987
const char_t * trustedCaList
List of trusted CA (PEM format)
Definition: tls.h:1991
TlsSignatureAlgo signAlgo
Signature algorithm to be used.
Definition: tls.h:2010
TlsCertDesc * cert
Definition: tls.h:1989
__start_packed struct _Ipv4Header __end_packed
EcDomainParameters peerEcParams
Peer&#39;s EC domain parameters.
Definition: tls.h:2134
uint8_t certificateTypesLen
Definition: tls.h:1647
TlsExtensionType
TLS extension types.
Definition: tls.h:1125
uint8_t compressMethod
Compression method.
Definition: tls.h:1824
TlsHashAlgo hashAlgo
Hash algorithm used to sign the end entity certificate.
Definition: tls.h:1869
TlsEcdsaVerifyCallback ecdsaVerifyCallback
Definition: tls.h:1984
TlsState tlsGetState(TlsContext *context)
Retrieve current state.
Definition: tls.c:191
TlsTransportProtocol
TLS transport protocols.
Definition: tls.h:844
TlsCertificateType peerCertType
Peer&#39;s certificate type.
Definition: tls.h:2014
size_t pmtu
PMTU value.
Definition: tls.h:2212
error_t
Error codes.
Definition: error.h:40
TlsEncryptionEngine prevEncryptionEngine
Definition: tls.h:2238
__start_packed struct @71 TlsServerName
Server name.
uint32_t ticketAgeAdd
Random value used to obscure the age of the ticket.
Definition: tls13_misc.h:333
TlsEcCurveType
EC curve types.
Definition: tls.h:1255
uint8_t b[8]
Definition: tls.h:1317
uint16_t namedGroup
ECDHE or FFDHE named group.
Definition: tls.h:2012
uint8_t random[64]
Definition: tls.h:2049
error_t tlsSetTrustedCaList(TlsContext *context, const char_t *trustedCaList, size_t length)
Import a trusted CA list.
Definition: tls.c:1094
TlsFlags
Flags used by read and write functions.
Definition: tls.h:889
RSA public-key cryptography standard.
char_t * protocolList
List of supported ALPN protocols.
Definition: tls.h:2160
const TlsSupportedVersionList * supportedVersionList
SupportedVersions extension (ClientHello)
Definition: tls.h:1880
unsigned int uint_t
Definition: compiler_port.h:43
uint16_t serverVersion
Definition: tls.h:1620
void * cipherContext
Cipher context.
Definition: tls.h:1938
const HashAlgo * hashAlgo
Definition: tls.h:1805
__start_packed struct @99 Tls13PskIdentityList
List of PSK identities.
uint8_t masterSecret[TLS_MASTER_SECRET_SIZE]
Master secret.
Definition: tls.h:2054
__start_packed struct @67 TlsCertAuthorities
List of certificate authorities.
const TlsCertTypeList * clientCertTypeList
ClientCertType extension.
Definition: tls.h:1897
systime_t timestamp
Time stamp to manage entry lifetime.
Definition: tls.h:1825
bool_t maxFragLenExtReceived
The MaxFragmentLength extension has been received.
Definition: tls.h:2150
uint16_t clientVersion
Definition: tls.h:1607
bool_t ecPointFormatsExtReceived
The EcPointFormats extension has been received.
Definition: tls.h:2122
const uint8_t * selectedVersion
SupportedVersions extension (ServerHello)
Definition: tls.h:1881
DhContext dhContext
Diffie-Hellman context.
Definition: tls.h:2117
Common interface for pseudo-random number generators.
Definition: crypto.h:1091
__start_packed struct @62 TlsCipherSuites
Cipher suites.
__start_packed struct @61 TlsSequenceNumber
Sequence number.
error_t tlsSetSupportedGroups(TlsContext *context, const uint16_t *groups, uint_t length)
Specify the list of allowed ECDHE and FFDHE groups.
Definition: tls.c:590
TlsSocketHandle socketHandle
Socket handle.
Definition: tls.h:1966
TlsKeyLogCallback keyLogCallback
Key logging callback (for debugging purpose only)
Definition: tls.h:2192
const char_t * tlsGetServerName(TlsContext *context)
Get the server name.
Definition: tls.c:411
TlsAlertLevel
Alert level.
Definition: tls.h:955
uint8_t mode
Definition: sntp_client.h:143
TlsEarlyDataStatus
Early data status.
Definition: tls.h:878
__start_packed struct @81 TlsDigitalSignature
Digitally-signed element (SSL 3.0, TLS 1.0 and TLS 1.1)
size_t macKeyLen
Length of the MAC key.
Definition: tls.h:1930
Certificate descriptor.
Definition: tls.h:1861
uint8_t verifyDataLen
Definition: tls.h:1812
__start_packed struct @94 Tls13Cookie
Cookie.
Galois/Counter Mode (GCM)
Mutex object.
const TlsCertTypeList * serverCertTypeList
ServerCertType extension.
Definition: tls.h:1899
const uint8_t * maxFragLen
MaxFragmentLength extension.
Definition: tls.h:1888
uint8_t description
Definition: tls.h:1697
uint16_t pskCipherSuite
Cipher suite associated with the PSK.
Definition: tls.h:2144
error_t tlsSetTicketCallbacks(TlsContext *context, TlsTicketEncryptCallback ticketEncryptCallback, TlsTicketDecryptCallback ticketDecryptCallback, void *param)
Set ticket encryption/decryption callbacks.
Definition: tls.c:1285
HashContext * handshakeHashContext
Hash context used to compute verify data (TLS 1.2)
Definition: tls.h:2074
const TlsSignHashAlgos * signAlgoList
SignatureAlgorithms extension.
Definition: tls.h:1885
Hello extensions.
Definition: tls.h:1878
error_t tlsSetEcdsaSignCallback(TlsContext *context, TlsEcdsaSignCallback ecdsaSignCallback)
ECDSA signature generation callback function.
Definition: tls.c:698
error_t tlsSetEcdsaVerifyCallback(TlsContext *context, TlsEcdsaVerifyCallback ecdsaVerifyCallback)
Register ECDSA signature verification callback function.
Definition: tls.c:725
uint8_t encKeyLen
Definition: tls.h:1808
uint8_t random[32]
Definition: tls.h:1608
GcmContext * gcmContext
GCM context.
Definition: tls.h:1943
void(* TlsKeyLogCallback)(TlsContext *context, const char_t *key)
Key logging callback function (for debugging purpose only)
Definition: tls.h:1791
TLS context.
Definition: tls.h:1960
error_t tlsWrite(TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
Send application data to the remote host using TLS.
Definition: tls.c:1622
uint16_t version
Definition: tls.h:1576
TlsConnectionEnd
TLS connection end.
Definition: tls.h:855
TlsPskCallback pskCallback
PSK callback function.
Definition: tls.h:2143
TlsNamedGroup namedCurve
Named curve used to generate the EC public key.
Definition: tls.h:1870
uint16_t rxMsgSeq
Next receive sequence number.
Definition: tls.h:2227
TlsCache * cache
TLS session cache.
Definition: tls.h:1994
size_t rxRecordPos
Current position in the TLS record.
Definition: tls.h:2040
uint16_t group
Definition: tls13_misc.h:200
error_t(* TlsTicketDecryptCallback)(TlsContext *context, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen, void *params)
Ticket decryption callback function.
Definition: tls.h:1759
size_t txBufferSize
TX buffer size.
Definition: tls.h:2025
__start_packed struct @72 TlsServerNameList
List of server names.
__start_packed struct @77 TlsCertTypeList
List of supported certificate types.
Sha1Context * handshakeSha1Context
SHA-1 context used to compute verify data.
Definition: tls.h:2070
const CipherAlgo * cipherAlgo
Cipher algorithm.
Definition: tls.h:1937
char_t hostname[]
Definition: tls.h:1443
__start_packed struct @96 Tls13KeyShareList
List of key shares.
EcPoint peerEcPublicKey
Peer&#39;s EC public key.
Definition: tls.h:2135
error_t(* DtlsCookieVerifyCallback)(TlsContext *context, const DtlsClientParameters *clientParams, const uint8_t *cookie, size_t length, void *param)
DTLS cookie verification callback function.
Definition: dtls_misc.h:235
uint16_t clientVersion
Latest version supported by the client.
Definition: tls.h:1999
uint8_t ticketPsk[TLS13_MAX_HKDF_DIGEST_SIZE]
PSK associated with the ticket.
Definition: tls13_misc.h:373
bool_t clientCertTypeExtReceived
The ClientCertType extension has been received.
Definition: tls.h:2172
TlsCertificateType type
End entity certificate type.
Definition: tls.h:1867
error_t tlsAddCertificate(TlsContext *context, const char_t *certChain, size_t certChainLen, const char_t *privateKey, size_t privateKeyLen)
Import a certificate and the corresponding private key.
Definition: tls.c:1124
size_t cookieLen
Length of the cookie.
Definition: tls.h:2005
RsaPublicKey peerRsaPublicKey
Peer&#39;s RSA public key.
Definition: tls.h:2126
EcdhContext ecdhContext
ECDH context.
Definition: tls.h:2121
uint16_t cipherSuite
Cipher suite identifier.
Definition: tls.h:1823
const TlsEcPointFormatList * ecPointFormatList
EcPointFormats extension.
Definition: tls.h:1884
uint16_t versionMax
Maximum version accepted by the implementation.
Definition: tls.h:2002
const char_t * privateKey
Private key (PEM format)
Definition: tls.h:1865
error_t tlsSetClientAuthMode(TlsContext *context, TlsClientAuthMode mode)
Set client authentication mode (for servers only)
Definition: tls.c:457
#define TLS_MAX_HKDF_DIGEST_SIZE
Definition: tls.h:815
Common interface for hash algorithms.
Definition: crypto.h:1054
bool_t serverCertTypeExtReceived
The ServerCertType extension has been received.
Definition: tls.h:2173
__start_packed struct @85 TlsClientHello
ClientHello message.
const char_t * tlsGetAlpnProtocol(TlsContext *context)
Get the name of the selected ALPN protocol.
Definition: tls.c:853
size_t txRecordLen
Length of the TLS record.
Definition: tls.h:2030
const HashAlgo * prfHashAlgo
Definition: tls.h:1806
uint8_t certificateTypes[]
Definition: tls.h:1648
CipherMode
Cipher operation modes.
Definition: crypto.h:1004
error_t(* TlsEcdsaVerifyCallback)(TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
ECDSA signature verification callback function.
Definition: tls.h:1783
#define TlsContext
Definition: tls.h:34
void TlsCertificate
Certificate message.
Definition: tls.h:1631
error_t tlsSetMaxFragmentLength(TlsContext *context, size_t maxFragLen)
Set maximum fragment length.
Definition: tls.c:527
size_t txBufferLen
Number of bytes that are pending to be sent.
Definition: tls.h:2028
int bool_t
Definition: compiler_port.h:47
TlsKeyExchMethod keyExchMethod
Key exchange method.
Definition: tls.h:2009
bool_t resume
The connection is established by resuming a session.
Definition: tls.h:2018
error_t tlsSetKeyLogCallback(TlsContext *context, TlsKeyLogCallback keyLogCallback)
Register key logging callback function (for debugging purpose only)
Definition: tls.c:752
error_t tlsEnableFallbackScsv(TlsContext *context, bool_t enabled)
Perform fallback retry (for clients only)
Definition: tls.c:1257
const uint8_t * clientCertType
Definition: tls.h:1898
Legacy definitions.
const TlsRenegoInfo * renegoInfo
RenegotiationInfo extension.
Definition: tls.h:1906
error_t tlsShutdown(TlsContext *context)
Gracefully close TLS session.
Definition: tls.c:2018
error_t tlsWriteEarlyData(TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
Send early data to the remote TLS server.
Definition: tls.c:1468
uint8_t msgType
Definition: tls.h:1588
uint8_t macKeyLen
Definition: tls.h:1807
uint8_t premasterSecret[TLS_PREMASTER_SECRET_SIZE]
Premaster secret.
Definition: tls.h:2052
TlsEarlyDataStatus tlsGetEarlyDataStatus(TlsContext *context)
Check whether the server has accepted or rejected the early data.
Definition: tls.c:1579
TlsState state
TLS handshake finite state machine.
Definition: tls.h:1962
error_t tlsSetDhParameters(TlsContext *context, const char_t *params, size_t length)
Import Diffie-Hellman parameters.
Definition: tls.c:644
size_t rxFragQueueLen
Length of the reassembly queue.
Definition: tls.h:2228
CipherMode cipherMode
Cipher mode of operation.
Definition: tls.h:1939
size_t txBufferPos
Current position in TX buffer.
Definition: tls.h:2029
#define TLS_MASTER_SECRET_SIZE
Definition: tls.h:832
error_t tlsSetRpkVerifyCallback(TlsContext *context, TlsRpkVerifyCallback rpkVerifyCallback)
Register the raw public key verification callback function.
Definition: tls.c:1066
__start_packed struct @80 TlsPskIdentityHint
PSK identity hint.
TlsCompressMethodList
Compression methods.
Definition: tls.h:1008