TLS (Transport Layer Security) More...

#include "core/crypto.h"
#include "tls_config.h"
#include "tls_legacy.h"
#include "tls13_misc.h"
#include "dtls_misc.h"
#include "mac/hmac.h"
#include "aead/aead_algorithms.h"
#include "pkc/rsa.h"
#include "pkc/dsa.h"
#include "ecc/ecdsa.h"
#include "pkc/dh.h"
#include "ecc/ecdh.h"
#include "pkix/x509_common.h"

Data Structures
struct	TlsCipherSuiteInfo
	Structure describing a cipher suite. More...

struct	TlsSessionState
	TLS session state. More...

struct	TlsCache
	Session cache. More...

struct	TlsCertDesc
	Certificate descriptor. More...

struct	TlsHelloExtensions
	Hello extensions. More...

struct	_TlsEncryptionEngine
	Encryption engine. More...

struct	_TlsContext
	TLS context. More...

Macros
#define	TlsContext struct _TlsContext

#define	TlsEncryptionEngine struct _TlsEncryptionEngine

#define	CYCLONE_SSL_VERSION_STRING "2.3.2"

#define	CYCLONE_SSL_MAJOR_VERSION 2

#define	CYCLONE_SSL_MINOR_VERSION 3

#define	CYCLONE_SSL_REV_NUMBER 2

#define	SSL_VERSION_3_0 0x0300

#define	TLS_VERSION_1_0 0x0301

#define	TLS_VERSION_1_1 0x0302

#define	TLS_VERSION_1_2 0x0303

#define	TLS_VERSION_1_3 0x0304

#define	TLS_SUPPORT ENABLED

#define	TLS_CLIENT_SUPPORT ENABLED

#define	TLS_SERVER_SUPPORT ENABLED

#define	TLS_MIN_VERSION TLS_VERSION_1_2

#define	TLS_MAX_VERSION TLS_VERSION_1_3

#define	TLS_SESSION_RESUME_SUPPORT ENABLED

#define	TLS_SESSION_CACHE_LIFETIME 3600000

#define	TLS_TICKET_SUPPORT DISABLED

#define	TLS_MAX_TICKET_SIZE 1024

#define	TLS_TICKET_LIFETIME 3600000

#define	TLS_SNI_SUPPORT ENABLED

#define	TLS_MAX_FRAG_LEN_SUPPORT DISABLED

#define	TLS_RECORD_SIZE_LIMIT_SUPPORT ENABLED

#define	TLS_ALPN_SUPPORT DISABLED

#define	TLS_EXT_MASTER_SECRET_SUPPORT ENABLED

#define	TLS_CLIENT_HELLO_PADDING_SUPPORT ENABLED

#define	TLS_CERT_AUTHORITIES_SUPPORT DISABLED

#define	TLS_SIGN_ALGOS_CERT_SUPPORT DISABLED

#define	TLS_RAW_PUBLIC_KEY_SUPPORT DISABLED

#define	TLS_SECURE_RENEGOTIATION_SUPPORT DISABLED

#define	TLS_FALLBACK_SCSV_SUPPORT DISABLED

#define	TLS_ECC_CALLBACK_SUPPORT DISABLED

#define	TLS_MAX_CERTIFICATES 3

#define	TLS_RSA_KE_SUPPORT ENABLED

#define	TLS_DHE_RSA_KE_SUPPORT ENABLED

#define	TLS_DHE_DSS_KE_SUPPORT DISABLED

#define	TLS_DH_ANON_KE_SUPPORT DISABLED

#define	TLS_ECDHE_RSA_KE_SUPPORT ENABLED

#define	TLS_ECDHE_ECDSA_KE_SUPPORT ENABLED

#define	TLS_ECDH_ANON_KE_SUPPORT DISABLED

#define	TLS_PSK_KE_SUPPORT DISABLED

#define	TLS_RSA_PSK_KE_SUPPORT DISABLED

#define	TLS_DHE_PSK_KE_SUPPORT DISABLED

#define	TLS_ECDHE_PSK_KE_SUPPORT DISABLED

#define	TLS_RSA_SIGN_SUPPORT ENABLED

#define	TLS_RSA_PSS_SIGN_SUPPORT ENABLED

#define	TLS_DSA_SIGN_SUPPORT DISABLED

#define	TLS_ECDSA_SIGN_SUPPORT ENABLED

#define	TLS_EDDSA_SIGN_SUPPORT DISABLED

#define	TLS_NULL_CIPHER_SUPPORT DISABLED

#define	TLS_STREAM_CIPHER_SUPPORT DISABLED

#define	TLS_CBC_CIPHER_SUPPORT ENABLED

#define	TLS_CCM_CIPHER_SUPPORT DISABLED

#define	TLS_CCM_8_CIPHER_SUPPORT DISABLED

#define	TLS_GCM_CIPHER_SUPPORT ENABLED

#define	TLS_CHACHA20_POLY1305_SUPPORT DISABLED

#define	TLS_RC4_SUPPORT DISABLED

#define	TLS_IDEA_SUPPORT DISABLED

#define	TLS_DES_SUPPORT DISABLED

#define	TLS_3DES_SUPPORT DISABLED

#define	TLS_AES_128_SUPPORT ENABLED

#define	TLS_AES_256_SUPPORT ENABLED

#define	TLS_CAMELLIA_128_SUPPORT DISABLED

#define	TLS_CAMELLIA_256_SUPPORT DISABLED

#define	TLS_ARIA_128_SUPPORT DISABLED

#define	TLS_ARIA_256_SUPPORT DISABLED

#define	TLS_SEED_SUPPORT DISABLED

#define	TLS_SM4_SUPPORT DISABLED

#define	TLS_MD5_SUPPORT DISABLED

#define	TLS_SHA1_SUPPORT ENABLED

#define	TLS_SHA224_SUPPORT DISABLED

#define	TLS_SHA256_SUPPORT ENABLED

#define	TLS_SHA384_SUPPORT ENABLED

#define	TLS_SHA512_SUPPORT DISABLED

#define	TLS_SM3_SUPPORT DISABLED

#define	TLS_FFDHE_SUPPORT DISABLED

#define	TLS_FFDHE2048_SUPPORT ENABLED

#define	TLS_FFDHE3072_SUPPORT DISABLED

#define	TLS_FFDHE4096_SUPPORT DISABLED

#define	TLS_SECP160K1_SUPPORT DISABLED

#define	TLS_SECP160R1_SUPPORT DISABLED

#define	TLS_SECP160R2_SUPPORT DISABLED

#define	TLS_SECP192K1_SUPPORT DISABLED

#define	TLS_SECP192R1_SUPPORT DISABLED

#define	TLS_SECP224K1_SUPPORT DISABLED

#define	TLS_SECP224R1_SUPPORT DISABLED

#define	TLS_SECP256K1_SUPPORT DISABLED

#define	TLS_SECP256R1_SUPPORT ENABLED

#define	TLS_SECP384R1_SUPPORT ENABLED

#define	TLS_SECP521R1_SUPPORT DISABLED

#define	TLS_BRAINPOOLP256R1_SUPPORT DISABLED

#define	TLS_BRAINPOOLP384R1_SUPPORT DISABLED

#define	TLS_BRAINPOOLP512R1_SUPPORT DISABLED

#define	TLS_SM2_SUPPORT DISABLED

#define	TLS_X25519_SUPPORT DISABLED

#define	TLS_X448_SUPPORT DISABLED

#define	TLS_ED25519_SUPPORT ENABLED

#define	TLS_ED448_SUPPORT DISABLED

#define	TLS_CERT_KEY_USAGE_SUPPORT ENABLED

#define	TLS_KEY_LOG_SUPPORT DISABLED

#define	TLS_MAX_SERVER_NAME_LEN 255

#define	TLS_MAX_PASSWORD_LEN 32

#define	TLS_MIN_DH_MODULUS_SIZE 1024

#define	TLS_MAX_DH_MODULUS_SIZE 2048

#define	TLS_MIN_RSA_MODULUS_SIZE 1024

#define	TLS_MAX_RSA_MODULUS_SIZE 4096

#define	TLS_MIN_DSA_MODULUS_SIZE 1024

#define	TLS_MAX_DSA_MODULUS_SIZE 4096

#define	TLS_MASTER_SECRET_SIZE 48

#define	TLS_PREMASTER_SECRET_SIZE (TLS_MAX_DH_MODULUS_SIZE / 8)

#define	TLS_MAX_WARNING_ALERTS 5

#define	TLS_MAX_EMPTY_RECORDS 10

#define	TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES 5

#define	TLS_MAX_KEY_UPDATE_MESSAGES 5

#define	TLS_PRIVATE_CONTEXT

#define	TLS_PRIVATE_ENCRYPTION_ENGINE

#define	tlsAllocMem(size) osAllocMem(size)

#define	tlsFreeMem(p) osFreeMem(p)

#define	TLS_DH_SUPPORT ENABLED

#define	TLS_ECDH_SUPPORT ENABLED

#define	TLS_RSA_SUPPORT ENABLED

#define	TLS_PSK_SUPPORT ENABLED

#define	TLS_MAX_HKDF_DIGEST_SIZE 48

#define	tlsSetSocket(context, socket)

#define	TLS_MIN_RECORD_LENGTH 512

#define	TLS_MAX_RECORD_LENGTH 16384

#define	TLS_MAX_RECORD_OVERHEAD 512

#define	TLS_RANDOM_SIZE 32

#define	TLS_FLAG_BREAK(c) (TLS_FLAG_BREAK_CHAR \| LSB(c))

Typedefs
typedef void	TlsHelloRequest
	HelloRequest message. More...

typedef void	TlsCertificate
	Certificate message. More...

typedef void	TlsServerKeyExchange
	ServerKeyExchange message. More...

typedef void	TlsServerHelloDone
	ServerHelloDone message. More...

typedef void	TlsClientKeyExchange
	ClientKeyExchange message. More...

typedef void	TlsCertificateVerify
	CertificateVerify message. More...

typedef void	TlsFinished
	Finished message. More...

typedef void *	TlsSocketHandle
	Socket handle. More...

typedef void(*	TlsStateChangeCallback) (TlsContext *context, TlsState state)
	TLS state change callback. More...

typedef error_t(*	TlsSocketSendCallback) (TlsSocketHandle handle, const void data, size_t length, size_t written, uint_t flags)
	Socket send callback function. More...

typedef error_t(*	TlsSocketReceiveCallback) (TlsSocketHandle handle, void data, size_t size, size_t received, uint_t flags)
	Socket receive callback function. More...

typedef error_t(*	TlsAlpnCallback) (TlsContext context, const char_t selectedProtocol)
	ALPN callback function. More...

typedef error_t(*	TlsPskCallback) (TlsContext context, const uint8_t pskIdentity, size_t pskIdentityLen)
	Pre-shared key callback function. More...

typedef error_t(*	TlsCertVerifyCallback) (TlsContext context, const X509CertInfo certInfo, uint_t pathLen, void *param)
	Certificate verification callback function. More...

typedef error_t(*	TlsRpkVerifyCallback) (TlsContext context, const uint8_t rawPublicKey, size_t rawPublicKeyLen)
	Raw public key verification callback function. More...

typedef error_t(*	TlsTicketEncryptCallback) (TlsContext context, const uint8_t plaintext, size_t plaintextLen, uint8_t ciphertext, size_t ciphertextLen, void *param)
	Ticket encryption callback function. More...

typedef error_t(*	TlsTicketDecryptCallback) (TlsContext context, const uint8_t ciphertext, size_t ciphertextLen, uint8_t plaintext, size_t plaintextLen, void *param)
	Ticket decryption callback function. More...

typedef error_t(*	TlsEcdhCallback) (TlsContext *context)
	ECDH key agreement callback function. More...

typedef error_t(*	TlsEcdsaSignCallback) (TlsContext context, const uint8_t digest, size_t digestLen, EcdsaSignature *signature)
	ECDSA signature generation callback function. More...

typedef error_t(*	TlsEcdsaVerifyCallback) (TlsContext context, const uint8_t digest, size_t digestLen, EcdsaSignature *signature)
	ECDSA signature verification callback function. More...

typedef void(*	TlsKeyLogCallback) (TlsContext context, const char_t key)
	Key logging callback function (for debugging purpose only) More...

Enumerations
enum	TlsTransportProtocol { TLS_TRANSPORT_PROTOCOL_STREAM = 0 , TLS_TRANSPORT_PROTOCOL_DATAGRAM = 1 , TLS_TRANSPORT_PROTOCOL_EAP = 2 }
	TLS transport protocols. More...

enum	TlsConnectionEnd { TLS_CONNECTION_END_CLIENT = 0 , TLS_CONNECTION_END_SERVER = 1 }
	TLS connection end. More...

enum	TlsClientAuthMode { TLS_CLIENT_AUTH_NONE = 0 , TLS_CLIENT_AUTH_OPTIONAL = 1 , TLS_CLIENT_AUTH_REQUIRED = 2 }
	Client authentication mode. More...

enum	TlsEarlyDataStatus { TLS_EARLY_DATA_REJECTED = 0 , TLS_EARLY_DATA_ACCEPTED = 1 }
	Early data status. More...

enum	TlsFlags { TLS_FLAG_PEEK = 0x0200 , TLS_FLAG_WAIT_ALL = 0x0800 , TLS_FLAG_BREAK_CHAR = 0x1000 , TLS_FLAG_BREAK_CRLF = 0x100A , TLS_FLAG_WAIT_ACK = 0x2000 , TLS_FLAG_NO_DELAY = 0x4000 , TLS_FLAG_DELAY = 0x8000 }
	Flags used by read and write functions. More...

enum	TlsContentType { TLS_TYPE_NONE = 0 , TLS_TYPE_CHANGE_CIPHER_SPEC = 20 , TLS_TYPE_ALERT = 21 , TLS_TYPE_HANDSHAKE = 22 , TLS_TYPE_APPLICATION_DATA = 23 , TLS_TYPE_HEARTBEAT = 24 , TLS_TYPE_TLS12_CID = 25 , TLS_TYPE_ACK = 26 }
	Content type. More...

enum	TlsMessageType { TLS_TYPE_HELLO_REQUEST = 0 , TLS_TYPE_CLIENT_HELLO = 1 , TLS_TYPE_SERVER_HELLO = 2 , TLS_TYPE_HELLO_VERIFY_REQUEST = 3 , TLS_TYPE_NEW_SESSION_TICKET = 4 , TLS_TYPE_END_OF_EARLY_DATA = 5 , TLS_TYPE_HELLO_RETRY_REQUEST = 6 , TLS_TYPE_ENCRYPTED_EXTENSIONS = 8 , TLS_TYPE_REQUEST_CONNECTION_ID = 9 , TLS_TYPE_NEW_CONNECTION_ID = 10 , TLS_TYPE_CERTIFICATE = 11 , TLS_TYPE_SERVER_KEY_EXCHANGE = 12 , TLS_TYPE_CERTIFICATE_REQUEST = 13 , TLS_TYPE_SERVER_HELLO_DONE = 14 , TLS_TYPE_CERTIFICATE_VERIFY = 15 , TLS_TYPE_CLIENT_KEY_EXCHANGE = 16 , TLS_TYPE_FINISHED = 20 , TLS_TYPE_CERTIFICATE_URL = 21 , TLS_TYPE_CERTIFICATE_STATUS = 22 , TLS_TYPE_SUPPLEMENTAL_DATA = 23 , TLS_TYPE_KEY_UPDATE = 24 , TLS_TYPE_COMPRESSED_CERTIFICATE = 25 , TLS_TYPE_EKT_KEY = 26 , TLS_TYPE_MESSAGE_HASH = 254 }
	Handshake message type. More...

enum	TlsAlertLevel { TLS_ALERT_LEVEL_WARNING = 1 , TLS_ALERT_LEVEL_FATAL = 2 }
	Alert level. More...

enum	TlsAlertDescription { TLS_ALERT_CLOSE_NOTIFY = 0 , TLS_ALERT_UNEXPECTED_MESSAGE = 10 , TLS_ALERT_BAD_RECORD_MAC = 20 , TLS_ALERT_DECRYPTION_FAILED = 21 , TLS_ALERT_RECORD_OVERFLOW = 22 , TLS_ALERT_DECOMPRESSION_FAILURE = 30 , TLS_ALERT_HANDSHAKE_FAILURE = 40 , TLS_ALERT_NO_CERTIFICATE = 41 , TLS_ALERT_BAD_CERTIFICATE = 42 , TLS_ALERT_UNSUPPORTED_CERTIFICATE = 43 , TLS_ALERT_CERTIFICATE_REVOKED = 44 , TLS_ALERT_CERTIFICATE_EXPIRED = 45 , TLS_ALERT_CERTIFICATE_UNKNOWN = 46 , TLS_ALERT_ILLEGAL_PARAMETER = 47 , TLS_ALERT_UNKNOWN_CA = 48 , TLS_ALERT_ACCESS_DENIED = 49 , TLS_ALERT_DECODE_ERROR = 50 , TLS_ALERT_DECRYPT_ERROR = 51 , TLS_ALERT_TOO_MANY_CIDS_REQUESTED = 52 , TLS_ALERT_EXPORT_RESTRICTION = 60 , TLS_ALERT_PROTOCOL_VERSION = 70 , TLS_ALERT_INSUFFICIENT_SECURITY = 71 , TLS_ALERT_INTERNAL_ERROR = 80 , TLS_ALERT_INAPPROPRIATE_FALLBACK = 86 , TLS_ALERT_USER_CANCELED = 90 , TLS_ALERT_NO_RENEGOTIATION = 100 , TLS_ALERT_MISSING_EXTENSION = 109 , TLS_ALERT_UNSUPPORTED_EXTENSION = 110 , TLS_ALERT_CERTIFICATE_UNOBTAINABLE = 111 , TLS_ALERT_UNRECOGNIZED_NAME = 112 , TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE = 113 , TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE = 114 , TLS_ALERT_UNKNOWN_PSK_IDENTITY = 115 , TLS_ALERT_CERTIFICATE_REQUIRED = 116 , TLS_ALERT_NO_APPLICATION_PROTOCOL = 120 }
	Alert description. More...

enum	TlsCompressMethod { TLS_COMPRESSION_METHOD_NULL = 0 , TLS_COMPRESSION_METHOD_DEFLATE = 1 }
	Compression methods. More...

enum	TlsKeyExchMethod { TLS_KEY_EXCH_NONE = 0 , TLS_KEY_EXCH_RSA = 1 , TLS_KEY_EXCH_DH_RSA = 2 , TLS_KEY_EXCH_DHE_RSA = 3 , TLS_KEY_EXCH_DH_DSS = 4 , TLS_KEY_EXCH_DHE_DSS = 5 , TLS_KEY_EXCH_DH_ANON = 6 , TLS_KEY_EXCH_ECDH_RSA = 7 , TLS_KEY_EXCH_ECDHE_RSA = 8 , TLS_KEY_EXCH_ECDH_ECDSA = 9 , TLS_KEY_EXCH_ECDHE_ECDSA = 10 , TLS_KEY_EXCH_ECDH_ANON = 11 , TLS_KEY_EXCH_PSK = 12 , TLS_KEY_EXCH_RSA_PSK = 13 , TLS_KEY_EXCH_DHE_PSK = 14 , TLS_KEY_EXCH_ECDHE_PSK = 15 , TLS_KEY_EXCH_SRP_SHA = 16 , TLS_KEY_EXCH_SRP_SHA_RSA = 17 , TLS_KEY_EXCH_SRP_SHA_DSS = 18 , TLS13_KEY_EXCH_DHE = 19 , TLS13_KEY_EXCH_ECDHE = 20 , TLS13_KEY_EXCH_PSK = 21 , TLS13_KEY_EXCH_PSK_DHE = 22 , TLS13_KEY_EXCH_PSK_ECDHE = 23 }
	Key exchange methods. More...

enum	TlsCertificateFormat { TLS_CERT_FORMAT_X509 = 0 , TLS_CERT_FORMAT_OPENPGP = 1 , TLS_CERT_FORMAT_RAW_PUBLIC_KEY = 2 , TLS_CERT_FORMAT_1609DOT2 = 3 }
	Certificate formats. More...

enum	TlsCertificateType { TLS_CERT_NONE = 0 , TLS_CERT_RSA_SIGN = 1 , TLS_CERT_DSS_SIGN = 2 , TLS_CERT_RSA_FIXED_DH = 3 , TLS_CERT_DSS_FIXED_DH = 4 , TLS_CERT_RSA_EPHEMERAL_DH = 5 , TLS_CERT_DSS_EPHEMERAL_DH = 6 , TLS_CERT_FORTEZZA_DMS = 20 , TLS_CERT_ECDSA_SIGN = 64 , TLS_CERT_RSA_FIXED_ECDH = 65 , TLS_CERT_ECDSA_FIXED_ECDH = 66 , TLS_CERT_GOST_SIGN256 = 67 , TLS_CERT_GOST_SIGN512 = 68 , TLS_CERT_RSA_PSS_SIGN = 256 , TLS_CERT_ED25519_SIGN = 257 , TLS_CERT_ED448_SIGN = 258 }
	Certificate types. More...

enum	TlsHashAlgo { TLS_HASH_ALGO_NONE = 0 , TLS_HASH_ALGO_MD5 = 1 , TLS_HASH_ALGO_SHA1 = 2 , TLS_HASH_ALGO_SHA224 = 3 , TLS_HASH_ALGO_SHA256 = 4 , TLS_HASH_ALGO_SHA384 = 5 , TLS_HASH_ALGO_SHA512 = 6 , TLS_HASH_ALGO_INTRINSIC = 8 }
	Hash algorithms. More...

enum	TlsSignatureAlgo { TLS_SIGN_ALGO_ANONYMOUS = 0 , TLS_SIGN_ALGO_RSA = 1 , TLS_SIGN_ALGO_DSA = 2 , TLS_SIGN_ALGO_ECDSA = 3 , TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA256 = 4 , TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA384 = 5 , TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA512 = 6 , TLS_SIGN_ALGO_ED25519 = 7 , TLS_SIGN_ALGO_ED448 = 8 , TLS_SIGN_ALGO_RSA_PSS_PSS_SHA256 = 9 , TLS_SIGN_ALGO_RSA_PSS_PSS_SHA384 = 10 , TLS_SIGN_ALGO_RSA_PSS_PSS_SHA512 = 11 , TLS_SIGN_ALGO_ECDSA_BRAINPOOLP256R1_TLS13_SHA256 = 26 , TLS_SIGN_ALGO_ECDSA_BRAINPOOLP384R1_TLS13_SHA384 = 27 , TLS_SIGN_ALGO_ECDSA_BRAINPOOLP512R1_TLS13_SHA512 = 28 , TLS_SIGN_ALGO_GOSTR34102012_256 = 64 , TLS_SIGN_ALGO_GOSTR34102012_512 = 65 }
	Signature algorithms. More...

enum	TlsExtensionType { TLS_EXT_SERVER_NAME = 0 , TLS_EXT_MAX_FRAGMENT_LENGTH = 1 , TLS_EXT_CLIENT_CERTIFICATE_URL = 2 , TLS_EXT_TRUSTED_CA_KEYS = 3 , TLS_EXT_TRUNCATED_HMAC = 4 , TLS_EXT_STATUS_REQUEST = 5 , TLS_EXT_USER_MAPPING = 6 , TLS_EXT_CLIENT_AUTHZ = 7 , TLS_EXT_SERVER_AUTHZ = 8 , TLS_EXT_CERT_TYPE = 9 , TLS_EXT_SUPPORTED_GROUPS = 10 , TLS_EXT_EC_POINT_FORMATS = 11 , TLS_EXT_SRP = 12 , TLS_EXT_SIGNATURE_ALGORITHMS = 13 , TLS_EXT_USE_SRTP = 14 , TLS_EXT_HEARTBEAT = 15 , TLS_EXT_ALPN = 16 , TLS_EXT_STATUS_REQUEST_V2 = 17 , TLS_EXT_SIGNED_CERT_TIMESTAMP = 18 , TLS_EXT_CLIENT_CERT_TYPE = 19 , TLS_EXT_SERVER_CERT_TYPE = 20 , TLS_EXT_PADDING = 21 , TLS_EXT_ENCRYPT_THEN_MAC = 22 , TLS_EXT_EXTENDED_MASTER_SECRET = 23 , TLS_EXT_TOKEN_BINDING = 24 , TLS_EXT_CACHED_INFO = 25 , TLS_EXT_COMPRESS_CERTIFICATE = 27 , TLS_EXT_RECORD_SIZE_LIMIT = 28 , TLS_EXT_PWD_PROTECT = 29 , TLS_EXT_PWD_CLEAR = 30 , TLS_EXT_PASSWORD_SALT = 31 , TLS_EXT_TICKET_PINNING = 32 , TLS_EXT_TLS_CERT_WITH_EXTERN_PSK = 33 , TLS_EXT_SESSION_TICKET = 35 , TLS_EXT_SUPPORTED_EKT_CIPHERS = 39 , TLS_EXT_PRE_SHARED_KEY = 41 , TLS_EXT_EARLY_DATA = 42 , TLS_EXT_SUPPORTED_VERSIONS = 43 , TLS_EXT_COOKIE = 44 , TLS_EXT_PSK_KEY_EXCHANGE_MODES = 45 , TLS_EXT_CERTIFICATE_AUTHORITIES = 47 , TLS_EXT_OID_FILTERS = 48 , TLS_EXT_POST_HANDSHAKE_AUTH = 49 , TLS_EXT_SIGNATURE_ALGORITHMS_CERT = 50 , TLS_EXT_KEY_SHARE = 51 , TLS_EXT_TRANSPARENCY_INFO = 52 , TLS_EXT_CONNECTION_ID = 54 , TLS_EXT_EXTERNAL_ID_HASH = 55 , TLS_EXT_EXTERNAL_SESSION_ID = 56 , TLS_EXT_QUIC_TRANSPORT_PARAMETERS = 57 , TLS_EXT_TICKET_REQUEST = 58 , TLS_EXT_DNSSEC_CHAIN = 59 , TLS_EXT_RENEGOTIATION_INFO = 65281 }
	TLS extension types. More...

enum	TlsNameType { TLS_NAME_TYPE_HOSTNAME = 0 }
	Name type. More...

enum	TlsMaxFragmentLength { TLS_MAX_FRAGMENT_LENGTH_512 = 1 , TLS_MAX_FRAGMENT_LENGTH_1024 = 2 , TLS_MAX_FRAGMENT_LENGTH_2048 = 3 , TLS_MAX_FRAGMENT_LENGTH_4096 = 4 }
	Maximum fragment length. More...

enum	TlsNamedGroup { TLS_GROUP_NONE = 0 , TLS_GROUP_SECT163K1 = 1 , TLS_GROUP_SECT163R1 = 2 , TLS_GROUP_SECT163R2 = 3 , TLS_GROUP_SECT193R1 = 4 , TLS_GROUP_SECT193R2 = 5 , TLS_GROUP_SECT233K1 = 6 , TLS_GROUP_SECT233R1 = 7 , TLS_GROUP_SECT239K1 = 8 , TLS_GROUP_SECT283K1 = 9 , TLS_GROUP_SECT283R1 = 10 , TLS_GROUP_SECT409K1 = 11 , TLS_GROUP_SECT409R1 = 12 , TLS_GROUP_SECT571K1 = 13 , TLS_GROUP_SECT571R1 = 14 , TLS_GROUP_SECP160K1 = 15 , TLS_GROUP_SECP160R1 = 16 , TLS_GROUP_SECP160R2 = 17 , TLS_GROUP_SECP192K1 = 18 , TLS_GROUP_SECP192R1 = 19 , TLS_GROUP_SECP224K1 = 20 , TLS_GROUP_SECP224R1 = 21 , TLS_GROUP_SECP256K1 = 22 , TLS_GROUP_SECP256R1 = 23 , TLS_GROUP_SECP384R1 = 24 , TLS_GROUP_SECP521R1 = 25 , TLS_GROUP_BRAINPOOLP256R1 = 26 , TLS_GROUP_BRAINPOOLP384R1 = 27 , TLS_GROUP_BRAINPOOLP512R1 = 28 , TLS_GROUP_ECDH_X25519 = 29 , TLS_GROUP_ECDH_X448 = 30 , TLS_GROUP_BRAINPOOLP256R1_TLS13 = 31 , TLS_GROUP_BRAINPOOLP384R1_TLS13 = 32 , TLS_GROUP_BRAINPOOLP512R1_TLS13 = 33 , TLS_GROUP_GC256A = 34 , TLS_GROUP_GC256B = 35 , TLS_GROUP_GC256C = 36 , TLS_GROUP_GC256D = 37 , TLS_GROUP_GC512A = 38 , TLS_GROUP_GC512B = 39 , TLS_GROUP_GC512C = 40 , TLS_GROUP_SM2 = 41 , TLS_GROUP_FFDHE2048 = 256 , TLS_GROUP_FFDHE3072 = 257 , TLS_GROUP_FFDHE4096 = 258 , TLS_GROUP_FFDHE6144 = 259 , TLS_GROUP_FFDHE8192 = 260 , TLS_GROUP_FFDHE_MAX = 511 , TLS_GROUP_X25519_KYBER512 = 12089 , TLS_GROUP_SECP256R1_KYBER512 = 12090 , TLS_GROUP_SECP384R1_KYBER768 = 12092 , TLS_GROUP_SECP521R1_KYBER1024 = 12093 , TLS_GROUP_EXPLICIT_PRIME_CURVE = 65281 , TLS_GROUP_EXPLICIT_CHAR2_CURVE = 65282 }
	Named groups. More...

enum	TlsEcPointFormat { TLS_EC_POINT_FORMAT_UNCOMPRESSED = 0 , TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_PRIME = 1 , TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_CHAR2 = 2 }
	EC point formats. More...

enum	TlsEcCurveType { TLS_EC_CURVE_TYPE_EXPLICIT_PRIME = 1 , TLS_EC_CURVE_TYPE_EXPLICIT_CHAR2 = 2 , TLS_EC_CURVE_TYPE_NAMED_CURVE = 3 }
	EC curve types. More...

enum	TlsState { TLS_STATE_INIT = 0 , TLS_STATE_CLIENT_HELLO = 1 , TLS_STATE_CLIENT_HELLO_2 = 2 , TLS_STATE_EARLY_DATA = 3 , TLS_STATE_HELLO_VERIFY_REQUEST = 4 , TLS_STATE_HELLO_RETRY_REQUEST = 5 , TLS_STATE_SERVER_HELLO = 6 , TLS_STATE_SERVER_HELLO_2 = 7 , TLS_STATE_SERVER_HELLO_3 = 8 , TLS_STATE_HANDSHAKE_TRAFFIC_KEYS = 9 , TLS_STATE_ENCRYPTED_EXTENSIONS = 10 , TLS_STATE_SERVER_CERTIFICATE = 11 , TLS_STATE_SERVER_KEY_EXCHANGE = 12 , TLS_STATE_SERVER_CERTIFICATE_VERIFY = 13 , TLS_STATE_CERTIFICATE_REQUEST = 14 , TLS_STATE_SERVER_HELLO_DONE = 15 , TLS_STATE_CLIENT_CERTIFICATE = 16 , TLS_STATE_CLIENT_KEY_EXCHANGE = 17 , TLS_STATE_CLIENT_CERTIFICATE_VERIFY = 18 , TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC = 19 , TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC_2 = 20 , TLS_STATE_CLIENT_FINISHED = 21 , TLS_STATE_CLIENT_APP_TRAFFIC_KEYS = 22 , TLS_STATE_SERVER_CHANGE_CIPHER_SPEC = 23 , TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2 = 24 , TLS_STATE_SERVER_FINISHED = 25 , TLS_STATE_END_OF_EARLY_DATA = 26 , TLS_STATE_SERVER_APP_TRAFFIC_KEYS = 27 , TLS_STATE_NEW_SESSION_TICKET = 28 , TLS_STATE_KEY_UPDATE = 29 , TLS_STATE_APPLICATION_DATA = 30 , TLS_STATE_CLOSING = 31 , TLS_STATE_CLOSED = 32 }
	TLS FSM states. More...

Functions
TlsContext *	tlsInit (void)
	TLS context initialization. More...

TlsState	tlsGetState (TlsContext *context)
	Retrieve current TLS state. More...

error_t	tlsSetStateChangeCallback (TlsContext *context, TlsStateChangeCallback stateChangeCallback)
	Register TLS state change callback. More...

error_t	tlsSetSocketCallbacks (TlsContext *context, TlsSocketSendCallback socketSendCallback, TlsSocketReceiveCallback socketReceiveCallback, TlsSocketHandle handle)
	Set socket send and receive callbacks. More...

error_t	tlsSetVersion (TlsContext *context, uint16_t versionMin, uint16_t versionMax)
	Set minimum and maximum versions permitted. More...

error_t	tlsSetTransportProtocol (TlsContext *context, TlsTransportProtocol transportProtocol)
	Set the transport protocol to be used. More...

error_t	tlsSetConnectionEnd (TlsContext *context, TlsConnectionEnd entity)
	Set operation mode (client or server) More...

error_t	tlsSetPrng (TlsContext context, const PrngAlgo prngAlgo, void *prngContext)
	Set the pseudo-random number generator to be used. More...

error_t	tlsSetServerName (TlsContext context, const char_t serverName)
	Set the server name. More...

const char_t *	tlsGetServerName (TlsContext *context)
	Get the server name. More...

error_t	tlsSetCache (TlsContext context, TlsCache cache)
	Set session cache. More...

error_t	tlsSetClientAuthMode (TlsContext *context, TlsClientAuthMode mode)
	Set client authentication mode (for servers only) More...

error_t	tlsSetBufferSize (TlsContext *context, size_t txBufferSize, size_t rxBufferSize)
	Set TLS buffer size. More...

error_t	tlsSetMaxFragmentLength (TlsContext *context, size_t maxFragLen)
	Set maximum fragment length. More...

error_t	tlsSetCipherSuites (TlsContext context, const uint16_t cipherSuites, uint_t length)
	Specify the list of allowed cipher suites. More...

error_t	tlsSetSupportedGroups (TlsContext context, const uint16_t groups, uint_t length)
	Specify the list of allowed ECDHE and FFDHE groups. More...

error_t	tlsSetPreferredGroup (TlsContext *context, uint16_t group)
	Specify the preferred ECDHE or FFDHE group. More...

error_t	tlsSetDhParameters (TlsContext context, const char_t params, size_t length)
	Import Diffie-Hellman parameters. More...

error_t	tlsSetEcdhCallback (TlsContext *context, TlsEcdhCallback ecdhCallback)
	Register ECDH key agreement callback function. More...

error_t	tlsSetEcdsaSignCallback (TlsContext *context, TlsEcdsaSignCallback ecdsaSignCallback)
	Register ECDSA signature generation callback function. More...

error_t	tlsSetEcdsaVerifyCallback (TlsContext *context, TlsEcdsaVerifyCallback ecdsaVerifyCallback)
	Register ECDSA signature verification callback function. More...

error_t	tlsSetKeyLogCallback (TlsContext *context, TlsKeyLogCallback keyLogCallback)
	Register key logging callback function (for debugging purpose only) More...

error_t	tlsAllowUnknownAlpnProtocols (TlsContext *context, bool_t allowed)
	Allow unknown ALPN protocols. More...

error_t	tlsSetAlpnProtocolList (TlsContext context, const char_t protocolList)
	Set the list of supported ALPN protocols. More...

error_t	tlsSetAlpnCallback (TlsContext *context, TlsAlpnCallback alpnCallback)
	Register ALPN callback function. More...

const char_t *	tlsGetAlpnProtocol (TlsContext *context)
	Get the name of the selected ALPN protocol. More...

error_t	tlsSetPsk (TlsContext context, const uint8_t psk, size_t length)
	Set the pre-shared key to be used. More...

error_t	tlsSetPskIdentity (TlsContext context, const char_t pskIdentity)
	Set the PSK identity to be used by the client. More...

error_t	tlsSetPskIdentityHint (TlsContext context, const char_t pskIdentityHint)
	Set the PSK identity hint to be used by the server. More...

error_t	tlsSetPskCallback (TlsContext *context, TlsPskCallback pskCallback)
	Register PSK callback function. More...

error_t	tlsSetRpkVerifyCallback (TlsContext *context, TlsRpkVerifyCallback rpkVerifyCallback)
	Register the raw public key verification callback function. More...

error_t	tlsSetTrustedCaList (TlsContext context, const char_t trustedCaList, size_t length)
	Import a trusted CA list. More...

error_t	tlsAddCertificate (TlsContext context, const char_t certChain, size_t certChainLen, const char_t *privateKey, size_t privateKeyLen)
	Add a certificate and the corresponding private key (deprecated) More...

error_t	tlsLoadCertificate (TlsContext context, uint_t index, const char_t certChain, size_t certChainLen, const char_t privateKey, size_t privateKeyLen, const char_t password)
	Load entity's certificate. More...

error_t	tlsSetCertificateVerifyCallback (TlsContext context, TlsCertVerifyCallback certVerifyCallback, void param)
	Register certificate verification callback function. More...

error_t	tlsEnableSessionTickets (TlsContext *context, bool_t enabled)
	Enable session ticket mechanism. More...

error_t	tlsEnableSecureRenegotiation (TlsContext *context, bool_t enabled)
	Enable secure renegotiation. More...

error_t	tlsEnableFallbackScsv (TlsContext *context, bool_t enabled)
	Perform fallback retry (for clients only) More...

error_t	tlsSetTicketCallbacks (TlsContext context, TlsTicketEncryptCallback ticketEncryptCallback, TlsTicketDecryptCallback ticketDecryptCallback, void param)
	Set ticket encryption/decryption callbacks. More...

error_t	tlsSetPmtu (TlsContext *context, size_t pmtu)
	Set PMTU value (for DTLS only) More...

error_t	tlsSetTimeout (TlsContext *context, systime_t timeout)
	Set timeout for blocking calls (for DTLS only) More...

error_t	tlsSetCookieCallbacks (TlsContext context, DtlsCookieGenerateCallback cookieGenerateCallback, DtlsCookieVerifyCallback cookieVerifyCallback, void param)
	Set cookie generation/verification callbacks (for DTLS only) More...

error_t	tlsEnableReplayDetection (TlsContext *context, bool_t enabled)
	Enable anti-replay mechanism (for DTLS only) More...

error_t	tlsSetMaxEarlyDataSize (TlsContext *context, size_t maxEarlyDataSize)
	Send the maximum amount of 0-RTT data the server can accept. More...

error_t	tlsWriteEarlyData (TlsContext context, const void data, size_t length, size_t *written, uint_t flags)
	Send early data to the remote TLS server. More...

error_t	tlsConnect (TlsContext *context)
	Initiate the TLS handshake. More...

TlsEarlyDataStatus	tlsGetEarlyDataStatus (TlsContext *context)
	Check whether the server has accepted or rejected the early data. More...

error_t	tlsWrite (TlsContext context, const void data, size_t length, size_t *written, uint_t flags)
	Send application data to the remote host using TLS. More...

error_t	tlsRead (TlsContext context, void data, size_t size, size_t *received, uint_t flags)
	Receive application data from a the remote host using TLS. More...

bool_t	tlsIsTxReady (TlsContext *context)
	Check whether some data is ready for transmission. More...

bool_t	tlsIsRxReady (TlsContext *context)
	Check whether some data is available in the receive buffer. More...

error_t	tlsShutdown (TlsContext *context)
	Gracefully close TLS session. More...

error_t	tlsShutdownEx (TlsContext *context, bool_t waitForCloseNotify)
	Gracefully close TLS session. More...

void	tlsFree (TlsContext *context)
	Release TLS context. More...

error_t	tlsInitSessionState (TlsSessionState *session)
	Initialize session state. More...

error_t	tlsSaveSessionState (const TlsContext context, TlsSessionState session)
	Save TLS session. More...

error_t	tlsRestoreSessionState (TlsContext context, const TlsSessionState session)
	Restore TLS session. More...

void	tlsFreeSessionState (TlsSessionState *session)
	Properly dispose a session state. More...

TlsCache *	tlsInitCache (uint_t size)
	Session cache initialization. More...

void	tlsFreeCache (TlsCache *cache)
	Properly dispose a session cache. More...

Variables
typedef	__packed_struct
	Sequence number. More...

	TlsSequenceNumber

uint16_t	value []

	TlsCipherSuites

	TlsCompressMethods

uint8_t	signature

	TlsSignHashAlgo

	TlsSignHashAlgos

	TlsCertificateList

	TlsCertAuthorities

uint16_t	length

	TlsExtension

	TlsExtensionList

	TlsSupportedVersionList

char_t	hostname []

	TlsServerName

	TlsServerNameList

	TlsProtocolName

	TlsProtocolNameList

	TlsSupportedGroupList

	TlsEcPointFormatList

	TlsCertTypeList

	TlsRenegoInfo

	TlsPskIdentity

	TlsPskIdentityHint

	TlsDigitalSignature

	Tls12DigitalSignature

uint16_t	version

uint8_t	data []

	TlsRecord

	TlsHandshake

uint8_t	random [32]

uint8_t	sessionIdLen

uint8_t	sessionId []

	TlsClientHello

	TlsServerHello

uint8_t	certificateTypes []

	TlsCertificateRequest

uint16_t	ticketLen

uint8_t	ticket []

	TlsNewSessionTicket

	TlsChangeCipherSpec

uint8_t	description

	TlsAlert

uint16_t	cipherSuite
	Cipher suite identifier. More...

uint8_t	secret [TLS_MASTER_SECRET_SIZE]
	Master secret. More...

systime_t	ticketTimestamp
	Timestamp to manage ticket lifetime. More...

uint32_t	ticketLifetime
	Lifetime of the ticket. More...

bool_t	extendedMasterSecret
	Extended master secret computation. More...

	TlsPlaintextSessionState

Detailed Description

TLS (Transport Layer Security)

License

SPDX-License-Identifier: GPL-2.0-or-later

This file is part of CycloneSSL Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Author: Oryx Embedded SARL (www.oryx-embedded.com)

Version: 2.3.2

Definition in file tls.h.

Macro Definition Documentation

◆ CYCLONE_SSL_MAJOR_VERSION

#define CYCLONE_SSL_MAJOR_VERSION 2

Definition at line 87 of file tls.h.

◆ CYCLONE_SSL_MINOR_VERSION

#define CYCLONE_SSL_MINOR_VERSION 3

Definition at line 89 of file tls.h.

◆ CYCLONE_SSL_REV_NUMBER

#define CYCLONE_SSL_REV_NUMBER 2

Definition at line 91 of file tls.h.

◆ CYCLONE_SSL_VERSION_STRING

#define CYCLONE_SSL_VERSION_STRING "2.3.2"

Definition at line 85 of file tls.h.

◆ SSL_VERSION_3_0

#define SSL_VERSION_3_0 0x0300

Definition at line 94 of file tls.h.

◆ TLS_3DES_SUPPORT

#define TLS_3DES_SUPPORT DISABLED

Definition at line 445 of file tls.h.

◆ TLS_AES_128_SUPPORT

#define TLS_AES_128_SUPPORT ENABLED

Definition at line 452 of file tls.h.

◆ TLS_AES_256_SUPPORT

#define TLS_AES_256_SUPPORT ENABLED

Definition at line 459 of file tls.h.

◆ TLS_ALPN_SUPPORT

#define TLS_ALPN_SUPPORT DISABLED

Definition at line 193 of file tls.h.

◆ TLS_ARIA_128_SUPPORT

#define TLS_ARIA_128_SUPPORT DISABLED

Definition at line 480 of file tls.h.

◆ TLS_ARIA_256_SUPPORT

#define TLS_ARIA_256_SUPPORT DISABLED

Definition at line 487 of file tls.h.

◆ TLS_BRAINPOOLP256R1_SUPPORT

#define TLS_BRAINPOOLP256R1_SUPPORT DISABLED

Definition at line 662 of file tls.h.

◆ TLS_BRAINPOOLP384R1_SUPPORT

#define TLS_BRAINPOOLP384R1_SUPPORT DISABLED

Definition at line 669 of file tls.h.

◆ TLS_BRAINPOOLP512R1_SUPPORT

#define TLS_BRAINPOOLP512R1_SUPPORT DISABLED

Definition at line 676 of file tls.h.

◆ TLS_CAMELLIA_128_SUPPORT

#define TLS_CAMELLIA_128_SUPPORT DISABLED

Definition at line 466 of file tls.h.

◆ TLS_CAMELLIA_256_SUPPORT

#define TLS_CAMELLIA_256_SUPPORT DISABLED

Definition at line 473 of file tls.h.

◆ TLS_CBC_CIPHER_SUPPORT

#define TLS_CBC_CIPHER_SUPPORT ENABLED

Definition at line 389 of file tls.h.

◆ TLS_CCM_8_CIPHER_SUPPORT

#define TLS_CCM_8_CIPHER_SUPPORT DISABLED

Definition at line 403 of file tls.h.

◆ TLS_CCM_CIPHER_SUPPORT

#define TLS_CCM_CIPHER_SUPPORT DISABLED

Definition at line 396 of file tls.h.

◆ TLS_CERT_AUTHORITIES_SUPPORT

#define TLS_CERT_AUTHORITIES_SUPPORT DISABLED

Definition at line 214 of file tls.h.

◆ TLS_CERT_KEY_USAGE_SUPPORT

#define TLS_CERT_KEY_USAGE_SUPPORT ENABLED

Definition at line 718 of file tls.h.

◆ TLS_CHACHA20_POLY1305_SUPPORT

#define TLS_CHACHA20_POLY1305_SUPPORT DISABLED

Definition at line 417 of file tls.h.

◆ TLS_CLIENT_HELLO_PADDING_SUPPORT

#define TLS_CLIENT_HELLO_PADDING_SUPPORT ENABLED

Definition at line 207 of file tls.h.

◆ TLS_CLIENT_SUPPORT

#define TLS_CLIENT_SUPPORT ENABLED

Definition at line 109 of file tls.h.

◆ TLS_DES_SUPPORT

#define TLS_DES_SUPPORT DISABLED

Definition at line 438 of file tls.h.

◆ TLS_DH_ANON_KE_SUPPORT

#define TLS_DH_ANON_KE_SUPPORT DISABLED

Definition at line 284 of file tls.h.

◆ TLS_DH_SUPPORT

#define TLS_DH_SUPPORT ENABLED

Definition at line 852 of file tls.h.

◆ TLS_DHE_DSS_KE_SUPPORT

#define TLS_DHE_DSS_KE_SUPPORT DISABLED

Definition at line 277 of file tls.h.

◆ TLS_DHE_PSK_KE_SUPPORT

#define TLS_DHE_PSK_KE_SUPPORT DISABLED

Definition at line 326 of file tls.h.

◆ TLS_DHE_RSA_KE_SUPPORT

#define TLS_DHE_RSA_KE_SUPPORT ENABLED

Definition at line 270 of file tls.h.

◆ TLS_DSA_SIGN_SUPPORT

#define TLS_DSA_SIGN_SUPPORT DISABLED

Definition at line 354 of file tls.h.

◆ TLS_ECC_CALLBACK_SUPPORT

#define TLS_ECC_CALLBACK_SUPPORT DISABLED

Definition at line 249 of file tls.h.

◆ TLS_ECDH_ANON_KE_SUPPORT

#define TLS_ECDH_ANON_KE_SUPPORT DISABLED

Definition at line 305 of file tls.h.

◆ TLS_ECDH_SUPPORT

#define TLS_ECDH_SUPPORT ENABLED

Definition at line 864 of file tls.h.

◆ TLS_ECDHE_ECDSA_KE_SUPPORT

#define TLS_ECDHE_ECDSA_KE_SUPPORT ENABLED

Definition at line 298 of file tls.h.

◆ TLS_ECDHE_PSK_KE_SUPPORT

#define TLS_ECDHE_PSK_KE_SUPPORT DISABLED

Definition at line 333 of file tls.h.

◆ TLS_ECDHE_RSA_KE_SUPPORT

#define TLS_ECDHE_RSA_KE_SUPPORT ENABLED

Definition at line 291 of file tls.h.

◆ TLS_ECDSA_SIGN_SUPPORT

#define TLS_ECDSA_SIGN_SUPPORT ENABLED

Definition at line 361 of file tls.h.

◆ TLS_ED25519_SUPPORT

#define TLS_ED25519_SUPPORT ENABLED

Definition at line 704 of file tls.h.

◆ TLS_ED448_SUPPORT

#define TLS_ED448_SUPPORT DISABLED

Definition at line 711 of file tls.h.

◆ TLS_EDDSA_SIGN_SUPPORT

#define TLS_EDDSA_SIGN_SUPPORT DISABLED

Definition at line 368 of file tls.h.

◆ TLS_EXT_MASTER_SECRET_SUPPORT

#define TLS_EXT_MASTER_SECRET_SUPPORT ENABLED

Definition at line 200 of file tls.h.

◆ TLS_FALLBACK_SCSV_SUPPORT

#define TLS_FALLBACK_SCSV_SUPPORT DISABLED

Definition at line 242 of file tls.h.

◆ TLS_FFDHE2048_SUPPORT

#define TLS_FFDHE2048_SUPPORT ENABLED

Definition at line 564 of file tls.h.

◆ TLS_FFDHE3072_SUPPORT

#define TLS_FFDHE3072_SUPPORT DISABLED

Definition at line 571 of file tls.h.

◆ TLS_FFDHE4096_SUPPORT

#define TLS_FFDHE4096_SUPPORT DISABLED

Definition at line 578 of file tls.h.

◆ TLS_FFDHE_SUPPORT

#define TLS_FFDHE_SUPPORT DISABLED

Definition at line 557 of file tls.h.

◆ TLS_FLAG_BREAK

#define TLS_FLAG_BREAK ( c ) (TLS_FLAG_BREAK_CHAR | LSB(c))

Definition at line 989 of file tls.h.

◆ TLS_GCM_CIPHER_SUPPORT

#define TLS_GCM_CIPHER_SUPPORT ENABLED

Definition at line 410 of file tls.h.

◆ TLS_IDEA_SUPPORT

#define TLS_IDEA_SUPPORT DISABLED

Definition at line 431 of file tls.h.

◆ TLS_KEY_LOG_SUPPORT

#define TLS_KEY_LOG_SUPPORT DISABLED

Definition at line 725 of file tls.h.

◆ TLS_MASTER_SECRET_SIZE

#define TLS_MASTER_SECRET_SIZE 48

Definition at line 788 of file tls.h.

◆ TLS_MAX_CERTIFICATES

#define TLS_MAX_CERTIFICATES 3

Definition at line 256 of file tls.h.

◆ TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES

#define TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES 5

Definition at line 816 of file tls.h.

◆ TLS_MAX_DH_MODULUS_SIZE

#define TLS_MAX_DH_MODULUS_SIZE 2048

Definition at line 753 of file tls.h.

◆ TLS_MAX_DSA_MODULUS_SIZE

#define TLS_MAX_DSA_MODULUS_SIZE 4096

Definition at line 781 of file tls.h.

◆ TLS_MAX_EMPTY_RECORDS

#define TLS_MAX_EMPTY_RECORDS 10

Definition at line 809 of file tls.h.

◆ TLS_MAX_FRAG_LEN_SUPPORT

#define TLS_MAX_FRAG_LEN_SUPPORT DISABLED

Definition at line 179 of file tls.h.

◆ TLS_MAX_HKDF_DIGEST_SIZE

#define TLS_MAX_HKDF_DIGEST_SIZE 48

Definition at line 900 of file tls.h.

◆ TLS_MAX_KEY_UPDATE_MESSAGES

#define TLS_MAX_KEY_UPDATE_MESSAGES 5

Definition at line 823 of file tls.h.

◆ TLS_MAX_PASSWORD_LEN

#define TLS_MAX_PASSWORD_LEN 32

Definition at line 739 of file tls.h.

◆ TLS_MAX_RECORD_LENGTH

#define TLS_MAX_RECORD_LENGTH 16384

Definition at line 913 of file tls.h.

◆ TLS_MAX_RECORD_OVERHEAD

#define TLS_MAX_RECORD_OVERHEAD 512

Definition at line 915 of file tls.h.

◆ TLS_MAX_RSA_MODULUS_SIZE

#define TLS_MAX_RSA_MODULUS_SIZE 4096

Definition at line 767 of file tls.h.

◆ TLS_MAX_SERVER_NAME_LEN

#define TLS_MAX_SERVER_NAME_LEN 255

Definition at line 732 of file tls.h.

◆ TLS_MAX_TICKET_SIZE

#define TLS_MAX_TICKET_SIZE 1024

Definition at line 158 of file tls.h.

◆ TLS_MAX_VERSION

#define TLS_MAX_VERSION TLS_VERSION_1_3

Definition at line 130 of file tls.h.

◆ TLS_MAX_WARNING_ALERTS

#define TLS_MAX_WARNING_ALERTS 5

Definition at line 802 of file tls.h.

◆ TLS_MD5_SUPPORT

#define TLS_MD5_SUPPORT DISABLED

Definition at line 508 of file tls.h.

◆ TLS_MIN_DH_MODULUS_SIZE

#define TLS_MIN_DH_MODULUS_SIZE 1024

Definition at line 746 of file tls.h.

◆ TLS_MIN_DSA_MODULUS_SIZE

#define TLS_MIN_DSA_MODULUS_SIZE 1024

Definition at line 774 of file tls.h.

◆ TLS_MIN_RECORD_LENGTH

#define TLS_MIN_RECORD_LENGTH 512

Definition at line 911 of file tls.h.

◆ TLS_MIN_RSA_MODULUS_SIZE

#define TLS_MIN_RSA_MODULUS_SIZE 1024

Definition at line 760 of file tls.h.

◆ TLS_MIN_VERSION

#define TLS_MIN_VERSION TLS_VERSION_1_2

Definition at line 123 of file tls.h.

◆ TLS_NULL_CIPHER_SUPPORT

#define TLS_NULL_CIPHER_SUPPORT DISABLED

Definition at line 375 of file tls.h.

◆ TLS_PREMASTER_SECRET_SIZE

#define TLS_PREMASTER_SECRET_SIZE (TLS_MAX_DH_MODULUS_SIZE / 8)

Definition at line 795 of file tls.h.

◆ TLS_PRIVATE_CONTEXT

#define TLS_PRIVATE_CONTEXT

Definition at line 830 of file tls.h.

◆ TLS_PRIVATE_ENCRYPTION_ENGINE

#define TLS_PRIVATE_ENCRYPTION_ENGINE

Definition at line 835 of file tls.h.

◆ TLS_PSK_KE_SUPPORT

#define TLS_PSK_KE_SUPPORT DISABLED

Definition at line 312 of file tls.h.

◆ TLS_PSK_SUPPORT

#define TLS_PSK_SUPPORT ENABLED

Definition at line 889 of file tls.h.

◆ TLS_RANDOM_SIZE

#define TLS_RANDOM_SIZE 32

Definition at line 917 of file tls.h.

◆ TLS_RAW_PUBLIC_KEY_SUPPORT

#define TLS_RAW_PUBLIC_KEY_SUPPORT DISABLED

Definition at line 228 of file tls.h.

◆ TLS_RC4_SUPPORT

#define TLS_RC4_SUPPORT DISABLED

Definition at line 424 of file tls.h.

◆ TLS_RECORD_SIZE_LIMIT_SUPPORT

#define TLS_RECORD_SIZE_LIMIT_SUPPORT ENABLED

Definition at line 186 of file tls.h.

◆ TLS_RSA_KE_SUPPORT

#define TLS_RSA_KE_SUPPORT ENABLED

Definition at line 263 of file tls.h.

◆ TLS_RSA_PSK_KE_SUPPORT

#define TLS_RSA_PSK_KE_SUPPORT DISABLED

Definition at line 319 of file tls.h.

◆ TLS_RSA_PSS_SIGN_SUPPORT

#define TLS_RSA_PSS_SIGN_SUPPORT ENABLED

Definition at line 347 of file tls.h.

◆ TLS_RSA_SIGN_SUPPORT

#define TLS_RSA_SIGN_SUPPORT ENABLED

Definition at line 340 of file tls.h.

◆ TLS_RSA_SUPPORT

#define TLS_RSA_SUPPORT ENABLED

Definition at line 877 of file tls.h.

◆ TLS_SECP160K1_SUPPORT

#define TLS_SECP160K1_SUPPORT DISABLED

Definition at line 585 of file tls.h.

◆ TLS_SECP160R1_SUPPORT

#define TLS_SECP160R1_SUPPORT DISABLED

Definition at line 592 of file tls.h.

◆ TLS_SECP160R2_SUPPORT

#define TLS_SECP160R2_SUPPORT DISABLED

Definition at line 599 of file tls.h.

◆ TLS_SECP192K1_SUPPORT

#define TLS_SECP192K1_SUPPORT DISABLED

Definition at line 606 of file tls.h.

◆ TLS_SECP192R1_SUPPORT

#define TLS_SECP192R1_SUPPORT DISABLED

Definition at line 613 of file tls.h.

◆ TLS_SECP224K1_SUPPORT

#define TLS_SECP224K1_SUPPORT DISABLED

Definition at line 620 of file tls.h.

◆ TLS_SECP224R1_SUPPORT

#define TLS_SECP224R1_SUPPORT DISABLED

Definition at line 627 of file tls.h.

◆ TLS_SECP256K1_SUPPORT

#define TLS_SECP256K1_SUPPORT DISABLED

Definition at line 634 of file tls.h.

◆ TLS_SECP256R1_SUPPORT

#define TLS_SECP256R1_SUPPORT ENABLED

Definition at line 641 of file tls.h.

◆ TLS_SECP384R1_SUPPORT

#define TLS_SECP384R1_SUPPORT ENABLED

Definition at line 648 of file tls.h.

◆ TLS_SECP521R1_SUPPORT

#define TLS_SECP521R1_SUPPORT DISABLED

Definition at line 655 of file tls.h.

◆ TLS_SECURE_RENEGOTIATION_SUPPORT

#define TLS_SECURE_RENEGOTIATION_SUPPORT DISABLED

Definition at line 235 of file tls.h.

◆ TLS_SEED_SUPPORT

#define TLS_SEED_SUPPORT DISABLED

Definition at line 494 of file tls.h.

◆ TLS_SERVER_SUPPORT

#define TLS_SERVER_SUPPORT ENABLED

Definition at line 116 of file tls.h.

◆ TLS_SESSION_CACHE_LIFETIME

#define TLS_SESSION_CACHE_LIFETIME 3600000

Definition at line 144 of file tls.h.

◆ TLS_SESSION_RESUME_SUPPORT

#define TLS_SESSION_RESUME_SUPPORT ENABLED

Definition at line 137 of file tls.h.

◆ TLS_SHA1_SUPPORT

#define TLS_SHA1_SUPPORT ENABLED

Definition at line 515 of file tls.h.

◆ TLS_SHA224_SUPPORT

#define TLS_SHA224_SUPPORT DISABLED

Definition at line 522 of file tls.h.

◆ TLS_SHA256_SUPPORT

#define TLS_SHA256_SUPPORT ENABLED

Definition at line 529 of file tls.h.

◆ TLS_SHA384_SUPPORT

#define TLS_SHA384_SUPPORT ENABLED

Definition at line 536 of file tls.h.

◆ TLS_SHA512_SUPPORT

#define TLS_SHA512_SUPPORT DISABLED

Definition at line 543 of file tls.h.

◆ TLS_SIGN_ALGOS_CERT_SUPPORT

#define TLS_SIGN_ALGOS_CERT_SUPPORT DISABLED

Definition at line 221 of file tls.h.

◆ TLS_SM2_SUPPORT

#define TLS_SM2_SUPPORT DISABLED

Definition at line 683 of file tls.h.

◆ TLS_SM3_SUPPORT

#define TLS_SM3_SUPPORT DISABLED

Definition at line 550 of file tls.h.

◆ TLS_SM4_SUPPORT

#define TLS_SM4_SUPPORT DISABLED

Definition at line 501 of file tls.h.

◆ TLS_SNI_SUPPORT

#define TLS_SNI_SUPPORT ENABLED

Definition at line 172 of file tls.h.

◆ TLS_STREAM_CIPHER_SUPPORT

#define TLS_STREAM_CIPHER_SUPPORT DISABLED

Definition at line 382 of file tls.h.

◆ TLS_SUPPORT

#define TLS_SUPPORT ENABLED

Definition at line 102 of file tls.h.

◆ TLS_TICKET_LIFETIME

#define TLS_TICKET_LIFETIME 3600000

Definition at line 165 of file tls.h.

◆ TLS_TICKET_SUPPORT

#define TLS_TICKET_SUPPORT DISABLED

Definition at line 151 of file tls.h.

◆ TLS_VERSION_1_0

#define TLS_VERSION_1_0 0x0301

Definition at line 95 of file tls.h.

◆ TLS_VERSION_1_1

#define TLS_VERSION_1_1 0x0302

Definition at line 96 of file tls.h.

◆ TLS_VERSION_1_2

#define TLS_VERSION_1_2 0x0303

Definition at line 97 of file tls.h.

◆ TLS_VERSION_1_3

#define TLS_VERSION_1_3 0x0304

Definition at line 98 of file tls.h.

◆ TLS_X25519_SUPPORT

#define TLS_X25519_SUPPORT DISABLED

Definition at line 690 of file tls.h.

◆ TLS_X448_SUPPORT

#define TLS_X448_SUPPORT DISABLED

Definition at line 697 of file tls.h.

◆ tlsAllocMem

#define tlsAllocMem ( size ) osAllocMem(size)

Definition at line 840 of file tls.h.

◆ TlsContext

#define TlsContext struct _TlsContext

Definition at line 36 of file tls.h.

◆ TlsEncryptionEngine

#define TlsEncryptionEngine struct _TlsEncryptionEngine

Definition at line 40 of file tls.h.

◆ tlsFreeMem

#define tlsFreeMem ( p ) osFreeMem(p)

Definition at line 845 of file tls.h.

◆ tlsSetSocket

#define tlsSetSocket	(	context,
		socket
	)

Value:

   tlsSetSocketCallbacks(context, \
   (TlsSocketSendCallback) socketSend, (TlsSocketReceiveCallback) socketReceive, \
   (TlsSocketHandle) socket)

Definition at line 906 of file tls.h.

Typedef Documentation

◆ TlsAlpnCallback

typedef error_t(* TlsAlpnCallback) (TlsContext *context, const char_t *selectedProtocol)

ALPN callback function.

Definition at line 1887 of file tls.h.

◆ TlsCertificate

typedef void TlsCertificate

Certificate message.

Definition at line 1748 of file tls.h.

◆ TlsCertificateVerify

typedef void TlsCertificateVerify

CertificateVerify message.

Definition at line 1787 of file tls.h.

◆ TlsCertVerifyCallback

typedef error_t(* TlsCertVerifyCallback) (TlsContext *context, const X509CertInfo *certInfo, uint_t pathLen, void *param)

Certificate verification callback function.

Definition at line 1903 of file tls.h.

◆ TlsClientKeyExchange

typedef void TlsClientKeyExchange

ClientKeyExchange message.

Definition at line 1780 of file tls.h.

◆ TlsEcdhCallback

typedef error_t(* TlsEcdhCallback) (TlsContext *context)

ECDH key agreement callback function.

Definition at line 1937 of file tls.h.

◆ TlsEcdsaSignCallback

typedef error_t(* TlsEcdsaSignCallback) (TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)

ECDSA signature generation callback function.

Definition at line 1944 of file tls.h.

◆ TlsEcdsaVerifyCallback

typedef error_t(* TlsEcdsaVerifyCallback) (TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)

ECDSA signature verification callback function.

Definition at line 1952 of file tls.h.

◆ TlsFinished

typedef void TlsFinished

Finished message.

Definition at line 1806 of file tls.h.

◆ TlsHelloRequest

typedef void TlsHelloRequest

HelloRequest message.

Definition at line 1715 of file tls.h.

◆ TlsKeyLogCallback

typedef void(* TlsKeyLogCallback) (TlsContext *context, const char_t *key)

Key logging callback function (for debugging purpose only)

Definition at line 1960 of file tls.h.

◆ TlsPskCallback

typedef error_t(* TlsPskCallback) (TlsContext *context, const uint8_t *pskIdentity, size_t pskIdentityLen)

Pre-shared key callback function.

Definition at line 1895 of file tls.h.

◆ TlsRpkVerifyCallback

typedef error_t(* TlsRpkVerifyCallback) (TlsContext *context, const uint8_t *rawPublicKey, size_t rawPublicKeyLen)

Raw public key verification callback function.

Definition at line 1911 of file tls.h.

◆ TlsServerHelloDone

typedef void TlsServerHelloDone

ServerHelloDone message.

Definition at line 1773 of file tls.h.

◆ TlsServerKeyExchange

typedef void TlsServerKeyExchange

ServerKeyExchange message.

Definition at line 1755 of file tls.h.

◆ TlsSocketHandle

typedef void* TlsSocketHandle

Socket handle.

Definition at line 1857 of file tls.h.

◆ TlsSocketReceiveCallback

typedef error_t(* TlsSocketReceiveCallback) (TlsSocketHandle handle, void *data, size_t size, size_t *received, uint_t flags)

Socket receive callback function.

Definition at line 1879 of file tls.h.

◆ TlsSocketSendCallback

typedef error_t(* TlsSocketSendCallback) (TlsSocketHandle handle, const void *data, size_t length, size_t *written, uint_t flags)

Socket send callback function.

Definition at line 1871 of file tls.h.

◆ TlsStateChangeCallback

typedef void(* TlsStateChangeCallback) (TlsContext *context, TlsState state)

TLS state change callback.

Definition at line 1864 of file tls.h.

◆ TlsTicketDecryptCallback

typedef error_t(* TlsTicketDecryptCallback) (TlsContext *context, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen, void *param)

Ticket decryption callback function.

Definition at line 1928 of file tls.h.

◆ TlsTicketEncryptCallback

typedef error_t(* TlsTicketEncryptCallback) (TlsContext *context, const uint8_t *plaintext, size_t plaintextLen, uint8_t *ciphertext, size_t *ciphertextLen, void *param)

Ticket encryption callback function.

Definition at line 1919 of file tls.h.

Enumeration Type Documentation

◆ TlsAlertDescription

enum TlsAlertDescription

Alert description.

Enumerator
TLS_ALERT_CLOSE_NOTIFY
TLS_ALERT_UNEXPECTED_MESSAGE
TLS_ALERT_BAD_RECORD_MAC
TLS_ALERT_DECRYPTION_FAILED
TLS_ALERT_RECORD_OVERFLOW
TLS_ALERT_DECOMPRESSION_FAILURE
TLS_ALERT_HANDSHAKE_FAILURE
TLS_ALERT_NO_CERTIFICATE
TLS_ALERT_BAD_CERTIFICATE
TLS_ALERT_UNSUPPORTED_CERTIFICATE
TLS_ALERT_CERTIFICATE_REVOKED
TLS_ALERT_CERTIFICATE_EXPIRED
TLS_ALERT_CERTIFICATE_UNKNOWN
TLS_ALERT_ILLEGAL_PARAMETER
TLS_ALERT_UNKNOWN_CA
TLS_ALERT_ACCESS_DENIED
TLS_ALERT_DECODE_ERROR
TLS_ALERT_DECRYPT_ERROR
TLS_ALERT_TOO_MANY_CIDS_REQUESTED
TLS_ALERT_EXPORT_RESTRICTION
TLS_ALERT_PROTOCOL_VERSION
TLS_ALERT_INSUFFICIENT_SECURITY
TLS_ALERT_INTERNAL_ERROR
TLS_ALERT_INAPPROPRIATE_FALLBACK
TLS_ALERT_USER_CANCELED
TLS_ALERT_NO_RENEGOTIATION
TLS_ALERT_MISSING_EXTENSION
TLS_ALERT_UNSUPPORTED_EXTENSION
TLS_ALERT_CERTIFICATE_UNOBTAINABLE
TLS_ALERT_UNRECOGNIZED_NAME
TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE
TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE
TLS_ALERT_UNKNOWN_PSK_IDENTITY
TLS_ALERT_CERTIFICATE_REQUIRED
TLS_ALERT_NO_APPLICATION_PROTOCOL

Definition at line 1057 of file tls.h.

◆ TlsAlertLevel

enum TlsAlertLevel

Alert level.

Enumerator
TLS_ALERT_LEVEL_WARNING
TLS_ALERT_LEVEL_FATAL

Definition at line 1046 of file tls.h.

◆ TlsCertificateFormat

enum TlsCertificateFormat

Certificate formats.

Enumerator
TLS_CERT_FORMAT_X509
TLS_CERT_FORMAT_OPENPGP
TLS_CERT_FORMAT_RAW_PUBLIC_KEY
TLS_CERT_FORMAT_1609DOT2

Definition at line 1145 of file tls.h.

◆ TlsCertificateType

enum TlsCertificateType

Certificate types.

Enumerator
TLS_CERT_NONE
TLS_CERT_RSA_SIGN
TLS_CERT_DSS_SIGN
TLS_CERT_RSA_FIXED_DH
TLS_CERT_DSS_FIXED_DH
TLS_CERT_RSA_EPHEMERAL_DH
TLS_CERT_DSS_EPHEMERAL_DH
TLS_CERT_FORTEZZA_DMS
TLS_CERT_ECDSA_SIGN
TLS_CERT_RSA_FIXED_ECDH
TLS_CERT_ECDSA_FIXED_ECDH
TLS_CERT_GOST_SIGN256
TLS_CERT_GOST_SIGN512
TLS_CERT_RSA_PSS_SIGN
TLS_CERT_ED25519_SIGN
TLS_CERT_ED448_SIGN

Definition at line 1158 of file tls.h.

◆ TlsClientAuthMode

enum TlsClientAuthMode

Client authentication mode.

Enumerator
TLS_CLIENT_AUTH_NONE
TLS_CLIENT_AUTH_OPTIONAL
TLS_CLIENT_AUTH_REQUIRED

Definition at line 952 of file tls.h.

◆ TlsCompressMethod

enum TlsCompressMethod

Compression methods.

Enumerator
TLS_COMPRESSION_METHOD_NULL
TLS_COMPRESSION_METHOD_DEFLATE

Definition at line 1101 of file tls.h.

◆ TlsConnectionEnd

enum TlsConnectionEnd

TLS connection end.

Enumerator
TLS_CONNECTION_END_CLIENT
TLS_CONNECTION_END_SERVER

Definition at line 941 of file tls.h.

◆ TlsContentType

enum TlsContentType

Content type.

Enumerator
TLS_TYPE_NONE
TLS_TYPE_CHANGE_CIPHER_SPEC
TLS_TYPE_ALERT
TLS_TYPE_HANDSHAKE
TLS_TYPE_APPLICATION_DATA
TLS_TYPE_HEARTBEAT
TLS_TYPE_TLS12_CID
TLS_TYPE_ACK

Definition at line 996 of file tls.h.

◆ TlsEarlyDataStatus

enum TlsEarlyDataStatus

Early data status.

Enumerator
TLS_EARLY_DATA_REJECTED
TLS_EARLY_DATA_ACCEPTED

Definition at line 964 of file tls.h.

◆ TlsEcCurveType

enum TlsEcCurveType

EC curve types.

Enumerator
TLS_EC_CURVE_TYPE_EXPLICIT_PRIME
TLS_EC_CURVE_TYPE_EXPLICIT_CHAR2
TLS_EC_CURVE_TYPE_NAMED_CURVE

Definition at line 1386 of file tls.h.

◆ TlsEcPointFormat

enum TlsEcPointFormat

EC point formats.

Enumerator
TLS_EC_POINT_FORMAT_UNCOMPRESSED
TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_PRIME
TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_CHAR2

Definition at line 1374 of file tls.h.

◆ TlsExtensionType

enum TlsExtensionType

TLS extension types.

Enumerator
TLS_EXT_SERVER_NAME
TLS_EXT_MAX_FRAGMENT_LENGTH
TLS_EXT_CLIENT_CERTIFICATE_URL
TLS_EXT_TRUSTED_CA_KEYS
TLS_EXT_TRUNCATED_HMAC
TLS_EXT_STATUS_REQUEST
TLS_EXT_USER_MAPPING
TLS_EXT_CLIENT_AUTHZ
TLS_EXT_SERVER_AUTHZ
TLS_EXT_CERT_TYPE
TLS_EXT_SUPPORTED_GROUPS
TLS_EXT_EC_POINT_FORMATS
TLS_EXT_SRP
TLS_EXT_SIGNATURE_ALGORITHMS
TLS_EXT_USE_SRTP
TLS_EXT_HEARTBEAT
TLS_EXT_ALPN
TLS_EXT_STATUS_REQUEST_V2
TLS_EXT_SIGNED_CERT_TIMESTAMP
TLS_EXT_CLIENT_CERT_TYPE
TLS_EXT_SERVER_CERT_TYPE
TLS_EXT_PADDING
TLS_EXT_ENCRYPT_THEN_MAC
TLS_EXT_EXTENDED_MASTER_SECRET
TLS_EXT_TOKEN_BINDING
TLS_EXT_CACHED_INFO
TLS_EXT_COMPRESS_CERTIFICATE
TLS_EXT_RECORD_SIZE_LIMIT
TLS_EXT_PWD_PROTECT
TLS_EXT_PWD_CLEAR
TLS_EXT_PASSWORD_SALT
TLS_EXT_TICKET_PINNING
TLS_EXT_TLS_CERT_WITH_EXTERN_PSK
TLS_EXT_SESSION_TICKET
TLS_EXT_SUPPORTED_EKT_CIPHERS
TLS_EXT_PRE_SHARED_KEY
TLS_EXT_EARLY_DATA
TLS_EXT_SUPPORTED_VERSIONS
TLS_EXT_COOKIE
TLS_EXT_PSK_KEY_EXCHANGE_MODES
TLS_EXT_CERTIFICATE_AUTHORITIES
TLS_EXT_OID_FILTERS
TLS_EXT_POST_HANDSHAKE_AUTH
TLS_EXT_SIGNATURE_ALGORITHMS_CERT
TLS_EXT_KEY_SHARE
TLS_EXT_TRANSPARENCY_INFO
TLS_EXT_CONNECTION_ID
TLS_EXT_EXTERNAL_ID_HASH
TLS_EXT_EXTERNAL_SESSION_ID
TLS_EXT_QUIC_TRANSPORT_PARAMETERS
TLS_EXT_TICKET_REQUEST
TLS_EXT_DNSSEC_CHAIN
TLS_EXT_RENEGOTIATION_INFO

Definition at line 1226 of file tls.h.

◆ TlsFlags

enum TlsFlags

Flags used by read and write functions.

Enumerator
TLS_FLAG_PEEK
TLS_FLAG_WAIT_ALL
TLS_FLAG_BREAK_CHAR
TLS_FLAG_BREAK_CRLF
TLS_FLAG_WAIT_ACK
TLS_FLAG_NO_DELAY
TLS_FLAG_DELAY

Definition at line 975 of file tls.h.

◆ TlsHashAlgo

enum TlsHashAlgo

Hash algorithms.

Enumerator
TLS_HASH_ALGO_NONE
TLS_HASH_ALGO_MD5
TLS_HASH_ALGO_SHA1
TLS_HASH_ALGO_SHA224
TLS_HASH_ALGO_SHA256
TLS_HASH_ALGO_SHA384
TLS_HASH_ALGO_SHA512
TLS_HASH_ALGO_INTRINSIC

Definition at line 1183 of file tls.h.

◆ TlsKeyExchMethod

enum TlsKeyExchMethod

Key exchange methods.

Enumerator
TLS_KEY_EXCH_NONE
TLS_KEY_EXCH_RSA
TLS_KEY_EXCH_DH_RSA
TLS_KEY_EXCH_DHE_RSA
TLS_KEY_EXCH_DH_DSS
TLS_KEY_EXCH_DHE_DSS
TLS_KEY_EXCH_DH_ANON
TLS_KEY_EXCH_ECDH_RSA
TLS_KEY_EXCH_ECDHE_RSA
TLS_KEY_EXCH_ECDH_ECDSA
TLS_KEY_EXCH_ECDHE_ECDSA
TLS_KEY_EXCH_ECDH_ANON
TLS_KEY_EXCH_PSK
TLS_KEY_EXCH_RSA_PSK
TLS_KEY_EXCH_DHE_PSK
TLS_KEY_EXCH_ECDHE_PSK
TLS_KEY_EXCH_SRP_SHA
TLS_KEY_EXCH_SRP_SHA_RSA
TLS_KEY_EXCH_SRP_SHA_DSS
TLS13_KEY_EXCH_DHE
TLS13_KEY_EXCH_ECDHE
TLS13_KEY_EXCH_PSK
TLS13_KEY_EXCH_PSK_DHE
TLS13_KEY_EXCH_PSK_ECDHE

Definition at line 1112 of file tls.h.

◆ TlsMaxFragmentLength

enum TlsMaxFragmentLength

Maximum fragment length.

Enumerator
TLS_MAX_FRAGMENT_LENGTH_512
TLS_MAX_FRAGMENT_LENGTH_1024
TLS_MAX_FRAGMENT_LENGTH_2048
TLS_MAX_FRAGMENT_LENGTH_4096

Definition at line 1298 of file tls.h.

◆ TlsMessageType

enum TlsMessageType

Handshake message type.

Enumerator
TLS_TYPE_HELLO_REQUEST
TLS_TYPE_CLIENT_HELLO
TLS_TYPE_SERVER_HELLO
TLS_TYPE_HELLO_VERIFY_REQUEST
TLS_TYPE_NEW_SESSION_TICKET
TLS_TYPE_END_OF_EARLY_DATA
TLS_TYPE_HELLO_RETRY_REQUEST
TLS_TYPE_ENCRYPTED_EXTENSIONS
TLS_TYPE_REQUEST_CONNECTION_ID
TLS_TYPE_NEW_CONNECTION_ID
TLS_TYPE_CERTIFICATE
TLS_TYPE_SERVER_KEY_EXCHANGE
TLS_TYPE_CERTIFICATE_REQUEST
TLS_TYPE_SERVER_HELLO_DONE
TLS_TYPE_CERTIFICATE_VERIFY
TLS_TYPE_CLIENT_KEY_EXCHANGE
TLS_TYPE_FINISHED
TLS_TYPE_CERTIFICATE_URL
TLS_TYPE_CERTIFICATE_STATUS
TLS_TYPE_SUPPLEMENTAL_DATA
TLS_TYPE_KEY_UPDATE
TLS_TYPE_COMPRESSED_CERTIFICATE
TLS_TYPE_EKT_KEY
TLS_TYPE_MESSAGE_HASH

Definition at line 1013 of file tls.h.

◆ TlsNamedGroup

enum TlsNamedGroup

Named groups.

Enumerator
TLS_GROUP_NONE
TLS_GROUP_SECT163K1
TLS_GROUP_SECT163R1
TLS_GROUP_SECT163R2
TLS_GROUP_SECT193R1
TLS_GROUP_SECT193R2
TLS_GROUP_SECT233K1
TLS_GROUP_SECT233R1
TLS_GROUP_SECT239K1
TLS_GROUP_SECT283K1
TLS_GROUP_SECT283R1
TLS_GROUP_SECT409K1
TLS_GROUP_SECT409R1
TLS_GROUP_SECT571K1
TLS_GROUP_SECT571R1
TLS_GROUP_SECP160K1
TLS_GROUP_SECP160R1
TLS_GROUP_SECP160R2
TLS_GROUP_SECP192K1
TLS_GROUP_SECP192R1
TLS_GROUP_SECP224K1
TLS_GROUP_SECP224R1
TLS_GROUP_SECP256K1
TLS_GROUP_SECP256R1
TLS_GROUP_SECP384R1
TLS_GROUP_SECP521R1
TLS_GROUP_BRAINPOOLP256R1
TLS_GROUP_BRAINPOOLP384R1
TLS_GROUP_BRAINPOOLP512R1
TLS_GROUP_ECDH_X25519
TLS_GROUP_ECDH_X448
TLS_GROUP_BRAINPOOLP256R1_TLS13
TLS_GROUP_BRAINPOOLP384R1_TLS13
TLS_GROUP_BRAINPOOLP512R1_TLS13
TLS_GROUP_GC256A
TLS_GROUP_GC256B
TLS_GROUP_GC256C
TLS_GROUP_GC256D
TLS_GROUP_GC512A
TLS_GROUP_GC512B
TLS_GROUP_GC512C
TLS_GROUP_SM2
TLS_GROUP_FFDHE2048
TLS_GROUP_FFDHE3072
TLS_GROUP_FFDHE4096
TLS_GROUP_FFDHE6144
TLS_GROUP_FFDHE8192
TLS_GROUP_FFDHE_MAX
TLS_GROUP_X25519_KYBER512
TLS_GROUP_SECP256R1_KYBER512
TLS_GROUP_SECP384R1_KYBER768
TLS_GROUP_SECP521R1_KYBER1024
TLS_GROUP_EXPLICIT_PRIME_CURVE
TLS_GROUP_EXPLICIT_CHAR2_CURVE

Definition at line 1311 of file tls.h.

◆ TlsNameType

enum TlsNameType

Name type.

Enumerator
TLS_NAME_TYPE_HOSTNAME

Definition at line 1288 of file tls.h.

◆ TlsSignatureAlgo

enum TlsSignatureAlgo

Signature algorithms.

Enumerator
TLS_SIGN_ALGO_ANONYMOUS
TLS_SIGN_ALGO_RSA
TLS_SIGN_ALGO_DSA
TLS_SIGN_ALGO_ECDSA
TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA256
TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA384
TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA512
TLS_SIGN_ALGO_ED25519
TLS_SIGN_ALGO_ED448
TLS_SIGN_ALGO_RSA_PSS_PSS_SHA256
TLS_SIGN_ALGO_RSA_PSS_PSS_SHA384
TLS_SIGN_ALGO_RSA_PSS_PSS_SHA512
TLS_SIGN_ALGO_ECDSA_BRAINPOOLP256R1_TLS13_SHA256
TLS_SIGN_ALGO_ECDSA_BRAINPOOLP384R1_TLS13_SHA384
TLS_SIGN_ALGO_ECDSA_BRAINPOOLP512R1_TLS13_SHA512
TLS_SIGN_ALGO_GOSTR34102012_256
TLS_SIGN_ALGO_GOSTR34102012_512

Definition at line 1200 of file tls.h.

◆ TlsState

enum TlsState

TLS FSM states.

Enumerator
TLS_STATE_INIT
TLS_STATE_CLIENT_HELLO
TLS_STATE_CLIENT_HELLO_2
TLS_STATE_EARLY_DATA
TLS_STATE_HELLO_VERIFY_REQUEST
TLS_STATE_HELLO_RETRY_REQUEST
TLS_STATE_SERVER_HELLO
TLS_STATE_SERVER_HELLO_2
TLS_STATE_SERVER_HELLO_3
TLS_STATE_HANDSHAKE_TRAFFIC_KEYS
TLS_STATE_ENCRYPTED_EXTENSIONS
TLS_STATE_SERVER_CERTIFICATE
TLS_STATE_SERVER_KEY_EXCHANGE
TLS_STATE_SERVER_CERTIFICATE_VERIFY
TLS_STATE_CERTIFICATE_REQUEST
TLS_STATE_SERVER_HELLO_DONE
TLS_STATE_CLIENT_CERTIFICATE
TLS_STATE_CLIENT_KEY_EXCHANGE
TLS_STATE_CLIENT_CERTIFICATE_VERIFY
TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC
TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC_2
TLS_STATE_CLIENT_FINISHED
TLS_STATE_CLIENT_APP_TRAFFIC_KEYS
TLS_STATE_SERVER_CHANGE_CIPHER_SPEC
TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2
TLS_STATE_SERVER_FINISHED
TLS_STATE_END_OF_EARLY_DATA
TLS_STATE_SERVER_APP_TRAFFIC_KEYS
TLS_STATE_NEW_SESSION_TICKET
TLS_STATE_KEY_UPDATE
TLS_STATE_APPLICATION_DATA
TLS_STATE_CLOSING
TLS_STATE_CLOSED

Definition at line 1398 of file tls.h.

◆ TlsTransportProtocol

enum TlsTransportProtocol

TLS transport protocols.

Enumerator
TLS_TRANSPORT_PROTOCOL_STREAM
TLS_TRANSPORT_PROTOCOL_DATAGRAM
TLS_TRANSPORT_PROTOCOL_EAP

Definition at line 929 of file tls.h.

Function Documentation

◆ tlsAddCertificate()

error_t tlsAddCertificate	(	TlsContext *	context,
		const char_t *	certChain,
		size_t	certChainLen,
		const char_t *	privateKey,
		size_t	privateKeyLen
	)

Add a certificate and the corresponding private key (deprecated)

Parameters

[in]	context	Pointer to the TLS context
[in]	certChain	Certificate chain (PEM format). This parameter is taken as reference
[in]	certChainLen	Total length of the certificate chain
[in]	privateKey	Private key (PEM format). This parameter is taken as reference
[in]	privateKeyLen	Total length of the private key

Returns: Error code

Definition at line 1186 of file tls.c.

◆ tlsAllowUnknownAlpnProtocols()

error_t tlsAllowUnknownAlpnProtocols	(	TlsContext *	context,
		bool_t	allowed
	)

Allow unknown ALPN protocols.

Parameters

[in]	context	Pointer to the TLS context
[in]	allowed	Specifies whether unknown ALPN protocols are allowed

Returns: Error code

Definition at line 813 of file tls.c.

◆ tlsConnect()

error_t tlsConnect ( TlsContext * context )

Initiate the TLS handshake.

Parameters

[in] context Pointer to the TLS context

Returns: Error code

Definition at line 1721 of file tls.c.

◆ tlsEnableFallbackScsv()

error_t tlsEnableFallbackScsv	(	TlsContext *	context,
		bool_t	enabled
	)

Perform fallback retry (for clients only)

Parameters

[in]	context	Pointer to the TLS context
[in]	enabled	Specifies whether FALLBACK_SCSV is enabled

Returns: Error code

Definition at line 1447 of file tls.c.

◆ tlsEnableReplayDetection()

error_t tlsEnableReplayDetection	(	TlsContext *	context,
		bool_t	enabled
	)

Enable anti-replay mechanism (for DTLS only)

Parameters

[in]	context	Pointer to the TLS context
[in]	enabled	Specifies whether anti-replay protection is enabled

Returns: Error code

Definition at line 1601 of file tls.c.

◆ tlsEnableSecureRenegotiation()

error_t tlsEnableSecureRenegotiation	(	TlsContext *	context,
		bool_t	enabled
	)

Enable secure renegotiation.

Parameters

[in]	context	Pointer to the TLS context
[in]	enabled	Specifies whether secure renegotiation is allowed

Returns: Error code

Definition at line 1421 of file tls.c.

◆ tlsEnableSessionTickets()

error_t tlsEnableSessionTickets	(	TlsContext *	context,
		bool_t	enabled
	)

Enable session ticket mechanism.

Parameters

[in]	context	Pointer to the TLS context
[in]	enabled	Specifies whether session tickets are allowed

Returns: Error code

Definition at line 1395 of file tls.c.

◆ tlsFree()

void tlsFree ( TlsContext * context )

Release TLS context.

Parameters

[in] context Pointer to the TLS context

Definition at line 2427 of file tls.c.

◆ tlsFreeCache()

void tlsFreeCache ( TlsCache * cache )

Properly dispose a session cache.

Parameters

[in] cache Pointer to the session cache to be released

Definition at line 319 of file tls_cache.c.

◆ tlsFreeSessionState()

void tlsFreeSessionState ( TlsSessionState * session )

Properly dispose a session state.

Parameters

[in] session Pointer to the session state to be released

Definition at line 2705 of file tls.c.

◆ tlsGetAlpnProtocol()

const char_t* tlsGetAlpnProtocol ( TlsContext * context )

Get the name of the selected ALPN protocol.

Parameters

[in] context Pointer to the TLS context

Returns: Pointer to the protocol name

Definition at line 913 of file tls.c.

◆ tlsGetEarlyDataStatus()

TlsEarlyDataStatus tlsGetEarlyDataStatus ( TlsContext * context )

Check whether the server has accepted or rejected the early data.

Parameters

[in] context Pointer to the TLS context

Returns: TLS_EARLY_DATA_ACCEPTED if the early data was accepted, else TLS_EARLY_DATA_REJECT if the early data was rejected

Definition at line 1769 of file tls.c.

◆ tlsGetServerName()

const char_t* tlsGetServerName ( TlsContext * context )

Get the server name.

Parameters

[in] context Pointer to the TLS context

Returns: Fully qualified domain name of the server

Definition at line 442 of file tls.c.

◆ tlsGetState()

TlsState tlsGetState ( TlsContext * context )

Retrieve current TLS state.

Parameters

[in] context Pointer to the TLS context

Returns: Current TLS state

Definition at line 192 of file tls.c.

◆ tlsInit()

TlsContext* tlsInit ( void )

TLS context initialization.

Returns: Handle referencing the fully initialized TLS context

Definition at line 64 of file tls.c.

◆ tlsInitCache()

TlsCache* tlsInitCache ( uint_t size )

Session cache initialization.

Parameters

[in] size Maximum number of cache entries

Returns: Handle referencing the fully initialized session cache

Definition at line 50 of file tls_cache.c.

◆ tlsInitSessionState()

error_t tlsInitSessionState ( TlsSessionState * session )

Initialize session state.

Parameters

[in] session Pointer to the session state

Returns: Error code

Definition at line 2562 of file tls.c.

◆ tlsIsRxReady()

bool_t tlsIsRxReady ( TlsContext * context )

Check whether some data is available in the receive buffer.

Parameters

[in] context Pointer to the TLS context

Returns: The function returns TRUE if some data is pending and can be read immediately without blocking. Otherwise, FALSE is returned

Definition at line 2220 of file tls.c.

◆ tlsIsTxReady()

bool_t tlsIsTxReady ( TlsContext * context )

Check whether some data is ready for transmission.

Parameters

[in] context Pointer to the TLS context

Returns: The function returns TRUE if some data is ready for transmission. Otherwise, FALSE is returned

Definition at line 2186 of file tls.c.

◆ tlsLoadCertificate()

error_t tlsLoadCertificate	(	TlsContext *	context,
		uint_t	index,
		const char_t *	certChain,
		size_t	certChainLen,
		const char_t *	privateKey,
		size_t	privateKeyLen,
		const char_t *	password
	)

Load entity's certificate.

Parameters

[in]	context	Pointer to the TLS context
[in]	index	Zero-based index identifying a slot
[in]	certChain	Certificate chain (PEM format). This parameter is taken as reference
[in]	certChainLen	Length of the certificate chain
[in]	privateKey	Private key (PEM format). This parameter is taken as reference
[in]	privateKeyLen	Length of the private key
[in]	password	NULL-terminated string containing the password. This parameter is required if the private key is encrypted

Returns: Error code

Definition at line 1230 of file tls.c.

◆ tlsRead()

error_t tlsRead	(	TlsContext *	context,
		void *	data,
		size_t	size,
		size_t *	received,
		uint_t	flags
	)

Receive application data from a the remote host using TLS.

Parameters

[in]	context	Pointer to the TLS context
[out]	data	Buffer into which received data will be placed
[in]	size	Maximum number of bytes that can be received
[out]	received	Number of bytes that have been received
[in]	flags	Set of flags that influences the behavior of this function

Returns: Error code

Definition at line 1947 of file tls.c.

◆ tlsRestoreSessionState()

error_t tlsRestoreSessionState	(	TlsContext *	context,
		const TlsSessionState *	session
	)

Restore TLS session.

Parameters

[in]	context	Pointer to the TLS context
[in]	session	Pointer to the session state to be restored

Returns: Error code

Definition at line 2652 of file tls.c.

◆ tlsSaveSessionState()

error_t tlsSaveSessionState	(	const TlsContext *	context,
		TlsSessionState *	session
	)

Save TLS session.

Parameters

[in]	context	Pointer to the TLS context
[out]	session	Pointer to the session state

Returns: Error code

Definition at line 2583 of file tls.c.

◆ tlsSetAlpnCallback()

error_t tlsSetAlpnCallback	(	TlsContext *	context,
		TlsAlpnCallback	alpnCallback
	)

Register ALPN callback function.

Parameters

[in]	context	Pointer to the TLS context
[in]	alpnCallback	ALPN callback function

Returns: Error code

Definition at line 888 of file tls.c.

◆ tlsSetAlpnProtocolList()

error_t tlsSetAlpnProtocolList	(	TlsContext *	context,
		const char_t *	protocolList
	)

Set the list of supported ALPN protocols.

Parameters

[in]	context	Pointer to the TLS context
[in]	protocolList	Comma-delimited list of supported protocols

Returns: Error code

Definition at line 839 of file tls.c.

◆ tlsSetBufferSize()

error_t tlsSetBufferSize	(	TlsContext *	context,
		size_t	txBufferSize,
		size_t	rxBufferSize
	)

Set TLS buffer size.

Parameters

[in]	context	Pointer to the TLS context
[in]	txBufferSize	TX buffer size
[in]	rxBufferSize	RX buffer size

Returns: Error code

Definition at line 510 of file tls.c.

◆ tlsSetCache()

error_t tlsSetCache	(	TlsContext *	context,
		TlsCache *	cache
	)

Set session cache.

Parameters

[in]	context	Pointer to the TLS context
[in]	cache	Session cache that will be used to save/resume TLS sessions

Returns: Error code

Definition at line 467 of file tls.c.

◆ tlsSetCertificateVerifyCallback()

error_t tlsSetCertificateVerifyCallback	(	TlsContext *	context,
		TlsCertVerifyCallback	certVerifyCallback,
		void *	param
	)

Register certificate verification callback function.

Parameters

[in]	context	Pointer to the TLS context
[in]	certVerifyCallback	Certificate verification callback function
[in]	param	An opaque pointer passed to the callback function

Returns: Error code

Definition at line 1371 of file tls.c.

◆ tlsSetCipherSuites()

error_t tlsSetCipherSuites	(	TlsContext *	context,
		const uint16_t *	cipherSuites,
		uint_t	length
	)

Specify the list of allowed cipher suites.

Parameters

[in]	context	Pointer to the TLS context
[in]	cipherSuites	List of allowed cipher suites (most preferred first). This parameter is taken as reference
[in]	length	Number of cipher suites in the list

Returns: Error code

Definition at line 594 of file tls.c.

◆ tlsSetClientAuthMode()

error_t tlsSetClientAuthMode	(	TlsContext *	context,
		TlsClientAuthMode	mode
	)

Set client authentication mode (for servers only)

Parameters

[in]	context	Pointer to the TLS context
[in]	mode	Client authentication mode

Returns: Error code

Definition at line 488 of file tls.c.

◆ tlsSetConnectionEnd()

error_t tlsSetConnectionEnd	(	TlsContext *	context,
		TlsConnectionEnd	entity
	)

Set operation mode (client or server)

Parameters

[in]	context	Pointer to the TLS context
[in]	entity	Specifies whether this entity is considered a client or a server

Returns: Error code

Definition at line 338 of file tls.c.

◆ tlsSetCookieCallbacks()

error_t tlsSetCookieCallbacks	(	TlsContext *	context,
		DtlsCookieGenerateCallback	cookieGenerateCallback,
		DtlsCookieVerifyCallback	cookieVerifyCallback,
		void *	param
	)

Set cookie generation/verification callbacks (for DTLS only)

Parameters

[in]	context	Pointer to the TLS context
[in]	cookieGenerateCallback	Cookie generation callback function
[in]	cookieVerifyCallback	Cookie verification callback function
[in]	param	An opaque pointer passed to the callback functions

Returns: Error code

Definition at line 1565 of file tls.c.

◆ tlsSetDhParameters()

error_t tlsSetDhParameters	(	TlsContext *	context,
		const char_t *	params,
		size_t	length
	)

Import Diffie-Hellman parameters.

Parameters

[in]	context	Pointer to the TLS context
[in]	params	PEM structure that holds Diffie-Hellman parameters. This parameter is taken as reference
[in]	length	Total length of the DER structure

Returns: Error code

Definition at line 678 of file tls.c.

◆ tlsSetEcdhCallback()

error_t tlsSetEcdhCallback	(	TlsContext *	context,
		TlsEcdhCallback	ecdhCallback
	)

Register ECDH key agreement callback function.

Parameters

[in]	context	Pointer to the TLS context
[in]	ecdhCallback	ECDH callback function

Returns: Error code

Definition at line 706 of file tls.c.

◆ tlsSetEcdsaSignCallback()

error_t tlsSetEcdsaSignCallback	(	TlsContext *	context,
		TlsEcdsaSignCallback	ecdsaSignCallback
	)

Register ECDSA signature generation callback function.

Parameters

[in]	context	Pointer to the TLS context
[in]	ecdsaSignCallback	ECDSA signature generation callback function

Returns: Error code

Definition at line 732 of file tls.c.

◆ tlsSetEcdsaVerifyCallback()

error_t tlsSetEcdsaVerifyCallback	(	TlsContext *	context,
		TlsEcdsaVerifyCallback	ecdsaVerifyCallback
	)

Register ECDSA signature verification callback function.

Parameters

[in]	context	Pointer to the TLS context
[in]	ecdsaVerifyCallback	ECDSA signature verification callback function

Returns: Error code

Definition at line 759 of file tls.c.

◆ tlsSetKeyLogCallback()

error_t tlsSetKeyLogCallback	(	TlsContext *	context,
		TlsKeyLogCallback	keyLogCallback
	)

Register key logging callback function (for debugging purpose only)

Parameters

[in]	context	Pointer to the TLS context
[in]	keyLogCallback	Key logging callback function

Returns: Error code

Definition at line 786 of file tls.c.

◆ tlsSetMaxEarlyDataSize()

error_t tlsSetMaxEarlyDataSize	(	TlsContext *	context,
		size_t	maxEarlyDataSize
	)

Send the maximum amount of 0-RTT data the server can accept.

Parameters

[in]	context	Pointer to the TLS context
[in]	maxEarlyDataSize	Maximum amount of 0-RTT data that the client is allowed to send

Returns: Error code

Definition at line 1629 of file tls.c.

◆ tlsSetMaxFragmentLength()

error_t tlsSetMaxFragmentLength	(	TlsContext *	context,
		size_t	maxFragLen
	)

Set maximum fragment length.

Parameters

[in]	context	Pointer to the TLS context
[in]	maxFragLen	Maximum fragment length

Returns: Error code

Definition at line 558 of file tls.c.

◆ tlsSetPmtu()

error_t tlsSetPmtu	(	TlsContext *	context,
		size_t	pmtu
	)

Set PMTU value (for DTLS only)

Parameters

[in]	context	Pointer to the TLS context
[in]	pmtu	PMTU value

Returns: Error code

Definition at line 1507 of file tls.c.

◆ tlsSetPreferredGroup()

error_t tlsSetPreferredGroup	(	TlsContext *	context,
		uint16_t	group
	)

Specify the preferred ECDHE or FFDHE group.

Parameters

[in]	context	Pointer to the TLS context
[in]	group	Preferred ECDHE or FFDHE named group

Returns: Error code

Definition at line 650 of file tls.c.

◆ tlsSetPrng()

error_t tlsSetPrng	(	TlsContext *	context,
		const PrngAlgo *	prngAlgo,
		void *	prngContext
	)

Set the pseudo-random number generator to be used.

Parameters

[in]	context	Pointer to the TLS context
[in]	prngAlgo	PRNG algorithm
[in]	prngContext	Pointer to the PRNG context

Returns: Error code

Definition at line 364 of file tls.c.

◆ tlsSetPsk()

error_t tlsSetPsk	(	TlsContext *	context,
		const uint8_t *	psk,
		size_t	length
	)

Set the pre-shared key to be used.

Parameters

[in]	context	Pointer to the TLS context
[in]	psk	Pointer to the pre-shared key
[in]	length	Length of the pre-shared key, in bytes

Returns: Error code

Definition at line 941 of file tls.c.

◆ tlsSetPskCallback()

error_t tlsSetPskCallback	(	TlsContext *	context,
		TlsPskCallback	pskCallback
	)

Register PSK callback function.

Parameters

[in]	context	Pointer to the TLS context
[in]	pskCallback	PSK callback function

Returns: Error code

Definition at line 1100 of file tls.c.

◆ tlsSetPskIdentity()

error_t tlsSetPskIdentity	(	TlsContext *	context,
		const char_t *	pskIdentity
	)

Set the PSK identity to be used by the client.

Parameters

[in]	context	Pointer to the TLS context
[in]	pskIdentity	NULL-terminated string that contains the PSK identity

Returns: Error code

Definition at line 1002 of file tls.c.

◆ tlsSetPskIdentityHint()

error_t tlsSetPskIdentityHint	(	TlsContext *	context,
		const char_t *	pskIdentityHint
	)

Set the PSK identity hint to be used by the server.

Parameters

[in]	context	Pointer to the TLS context
[in]	pskIdentityHint	NULL-terminated string that contains the PSK identity hint

Returns: Error code

Definition at line 1051 of file tls.c.

◆ tlsSetRpkVerifyCallback()

error_t tlsSetRpkVerifyCallback	(	TlsContext *	context,
		TlsRpkVerifyCallback	rpkVerifyCallback
	)

Register the raw public key verification callback function.

Parameters

[in]	context	Pointer to the TLS context
[in]	rpkVerifyCallback	RPK verification callback function

Returns: Error code

Definition at line 1126 of file tls.c.

◆ tlsSetServerName()

error_t tlsSetServerName	(	TlsContext *	context,
		const char_t *	serverName
	)

Set the server name.

Parameters

[in]	context	Pointer to the TLS context
[in]	serverName	Fully qualified domain name of the server

Returns: Error code

Definition at line 392 of file tls.c.

◆ tlsSetSocketCallbacks()

error_t tlsSetSocketCallbacks	(	TlsContext *	context,
		TlsSocketSendCallback	socketSendCallback,
		TlsSocketReceiveCallback	socketReceiveCallback,
		TlsSocketHandle	handle
	)

Set socket send and receive callbacks.

Parameters

[in]	context	Pointer to the TLS context
[in]	socketSendCallback	Send callback function
[in]	socketReceiveCallback	Receive callback function
[in]	handle	Socket handle

Returns: Error code

Definition at line 242 of file tls.c.

◆ tlsSetStateChangeCallback()

error_t tlsSetStateChangeCallback	(	TlsContext *	context,
		TlsStateChangeCallback	stateChangeCallback
	)

Register TLS state change callback.

Parameters

[in]	context	Pointer to the TLS context
[in]	stateChangeCallback	TLS state change callback

Returns: Error code

Definition at line 218 of file tls.c.

◆ tlsSetSupportedGroups()

error_t tlsSetSupportedGroups	(	TlsContext *	context,
		const uint16_t *	groups,
		uint_t	length
	)

Specify the list of allowed ECDHE and FFDHE groups.

Parameters

[in]	context	Pointer to the TLS context
[in]	groups	List of named groups (most preferred first). This parameter is taken as reference
[in]	length	Number of named groups in the list

Returns: Error code

Definition at line 623 of file tls.c.

◆ tlsSetTicketCallbacks()

error_t tlsSetTicketCallbacks	(	TlsContext *	context,
		TlsTicketEncryptCallback	ticketEncryptCallback,
		TlsTicketDecryptCallback	ticketDecryptCallback,
		void *	param
	)

Set ticket encryption/decryption callbacks.

Parameters

[in]	context	Pointer to the TLS context
[in]	ticketEncryptCallback	Ticket encryption callback function
[in]	ticketDecryptCallback	Ticket decryption callback function
[in]	param	An opaque pointer passed to the callback functions

Returns: Error code

Definition at line 1475 of file tls.c.

◆ tlsSetTimeout()

error_t tlsSetTimeout	(	TlsContext *	context,
		systime_t	timeout
	)

Set timeout for blocking calls (for DTLS only)

Parameters

[in]	context	Pointer to the TLS context
[in]	timeout	Maximum time to wait

Returns: Error code

Definition at line 1537 of file tls.c.

◆ tlsSetTransportProtocol()

error_t tlsSetTransportProtocol	(	TlsContext *	context,
		TlsTransportProtocol	transportProtocol
	)

Set the transport protocol to be used.

Parameters

[in]	context	Pointer to the TLS context
[in]	transportProtocol	Transport protocol to be used

Returns: Error code

Definition at line 308 of file tls.c.

◆ tlsSetTrustedCaList()

error_t tlsSetTrustedCaList	(	TlsContext *	context,
		const char_t *	trustedCaList,
		size_t	length
	)

Import a trusted CA list.

Parameters

[in]	context	Pointer to the TLS context
[in]	trustedCaList	List of trusted CA (PEM format)
[in]	length	Total length of the list

Returns: Error code

Definition at line 1154 of file tls.c.

◆ tlsSetVersion()

error_t tlsSetVersion	(	TlsContext *	context,
		uint16_t	versionMin,
		uint16_t	versionMax
	)

Set minimum and maximum versions permitted.

Parameters

[in]	context	Pointer to the TLS context
[in]	versionMin	Minimum version accepted by the TLS implementation
[in]	versionMax	Maximum version accepted by the TLS implementation

Returns: Error code

Definition at line 274 of file tls.c.

◆ tlsShutdown()

error_t tlsShutdown ( TlsContext * context )

Gracefully close TLS session.

Parameters

[in] context Pointer to the TLS context

Definition at line 2265 of file tls.c.

◆ tlsShutdownEx()

error_t tlsShutdownEx	(	TlsContext *	context,
		bool_t	waitForCloseNotify
	)

Gracefully close TLS session.

Parameters

[in]	context	Pointer to the TLS context
[in]	waitForCloseNotify	Wait for the close notify alert from the peer

Definition at line 2278 of file tls.c.

◆ tlsWrite()

error_t tlsWrite	(	TlsContext *	context,
		const void *	data,
		size_t	length,
		size_t *	written,
		uint_t	flags
	)

Send application data to the remote host using TLS.

Parameters

[in]	context	Pointer to the TLS context
[in]	data	Pointer to a buffer containing the data to be transmitted
[in]	length	Number of bytes to be transmitted
[out]	written	Actual number of bytes written (optional parameter)
[in]	flags	Set of flags that influences the behavior of this function

Returns: Error code

Definition at line 1812 of file tls.c.

◆ tlsWriteEarlyData()

error_t tlsWriteEarlyData	(	TlsContext *	context,
		const void *	data,
		size_t	length,
		size_t *	written,
		uint_t	flags
	)

Send early data to the remote TLS server.

Parameters

[in]	context	Pointer to the TLS context
[in]	data	Pointer to a buffer containing the data to be transmitted
[in]	length	Number of bytes to be transmitted
[out]	written	Actual number of bytes written (optional parameter)
[in]	flags	Set of flags that influences the behavior of this function

Returns: Error code

Definition at line 1658 of file tls.c.

Variable Documentation

◆ __packed_struct

typedef __packed_struct

Initial value:

{

uint8_t b[8]

b

uint8_t b

Definition: nbns_common.h:102

Sequence number.

Session state information.

Alert message.

ChangeCipherSpec message.

NewSessionTicket message.

CertificateRequest message.

ServerHello message.

ClientHello message.

TLS handshake message.

TLS record.

Digitally-signed element (TLS 1.2)

Digitally-signed element (TLS 1.0 and TLS 1.1)

PSK identity hint.

PSK identity.

Renegotiated connection.

List of supported certificate types.

List of supported EC point formats.

List of supported groups.

List of protocol names.

Protocol name.

List of server names.

Server name.

List of supported versions.

List of TLS extensions.

TLS extension.

List of certificate authorities.

List of certificates.

List of signature algorithms.

Signature algorithm.

Compression methods.

Cipher suites.

Protocol version

Definition at line 1446 of file tls.h.

◆ certificateTypes

uint8_t certificateTypes[]

Definition at line 1765 of file tls.h.

◆ cipherSuite

uint16_t cipherSuite

Cipher suite identifier.

Definition at line 1837 of file tls.h.

◆ data

uint8_t data[]

Definition at line 1695 of file tls.h.

◆ description

uint8_t description

Definition at line 1826 of file tls.h.

◆ extendedMasterSecret

bool_t extendedMasterSecret

Extended master secret computation.

Definition at line 1842 of file tls.h.

◆ hostname

char_t hostname[]

Definition at line 1560 of file tls.h.

◆ length

uint8_t length[3]

Definition at line 1525 of file tls.h.

◆ random

uint8_t random

Definition at line 1725 of file tls.h.

◆ secret

uint8_t secret[TLS_MASTER_SECRET_SIZE]

Master secret.

Definition at line 1838 of file tls.h.

◆ sessionId

uint8_t sessionId

Definition at line 1727 of file tls.h.

◆ sessionIdLen

uint8_t sessionIdLen

Definition at line 1726 of file tls.h.

◆ signature

uint8_t signature

Definition at line 1481 of file tls.h.

◆ ticket

uint8_t ticket[]

Definition at line 1798 of file tls.h.

◆ ticketLen

uint16_t ticketLen

Definition at line 1797 of file tls.h.

◆ ticketLifetime

uint32_t ticketLifetime

Lifetime of the ticket.

Definition at line 1840 of file tls.h.

◆ ticketTimestamp

systime_t ticketTimestamp

Timestamp to manage ticket lifetime.

Definition at line 1839 of file tls.h.

◆ Tls12DigitalSignature

Tls12DigitalSignature

Definition at line 1683 of file tls.h.

◆ TlsAlert

TlsAlert

Definition at line 1827 of file tls.h.

◆ TlsCertAuthorities

TlsCertAuthorities

Definition at line 1515 of file tls.h.

◆ TlsCertificateList

TlsCertificateList

Definition at line 1504 of file tls.h.

◆ TlsCertificateRequest

TlsCertificateRequest

Definition at line 1766 of file tls.h.

◆ TlsCertTypeList

TlsCertTypeList

Definition at line 1627 of file tls.h.

◆ TlsChangeCipherSpec

TlsChangeCipherSpec

Definition at line 1816 of file tls.h.

◆ TlsCipherSuites

TlsCipherSuites

Definition at line 1460 of file tls.h.

◆ TlsClientHello

TlsClientHello

Definition at line 1728 of file tls.h.

◆ TlsCompressMethods

TlsCompressMethods

Definition at line 1471 of file tls.h.

◆ TlsDigitalSignature

TlsDigitalSignature

Definition at line 1671 of file tls.h.

◆ TlsEcPointFormatList

TlsEcPointFormatList

Definition at line 1616 of file tls.h.

◆ TlsExtension

TlsExtension

Definition at line 1527 of file tls.h.

◆ TlsExtensionList

TlsExtensionList

Definition at line 1538 of file tls.h.

◆ TlsHandshake

TlsHandshake

Definition at line 1708 of file tls.h.

◆ TlsNewSessionTicket

TlsNewSessionTicket

Definition at line 1799 of file tls.h.

◆ TlsPlaintextSessionState

TlsPlaintextSessionState

Definition at line 1844 of file tls.h.

◆ TlsProtocolName

TlsProtocolName

Definition at line 1583 of file tls.h.

◆ TlsProtocolNameList

TlsProtocolNameList

Definition at line 1594 of file tls.h.

◆ TlsPskIdentity

TlsPskIdentity

Definition at line 1649 of file tls.h.

◆ TlsPskIdentityHint

TlsPskIdentityHint

Definition at line 1660 of file tls.h.

◆ TlsRecord

TlsRecord

Definition at line 1696 of file tls.h.

◆ TlsRenegoInfo

TlsRenegoInfo

Definition at line 1638 of file tls.h.

◆ TlsSequenceNumber

TlsSequenceNumber

Definition at line 1449 of file tls.h.

◆ TlsServerHello

TlsServerHello

Definition at line 1741 of file tls.h.

◆ TlsServerName

TlsServerName

Definition at line 1561 of file tls.h.

◆ TlsServerNameList

TlsServerNameList

Definition at line 1572 of file tls.h.

◆ TlsSignHashAlgo

TlsSignHashAlgo

Definition at line 1482 of file tls.h.

◆ TlsSignHashAlgos

TlsSignHashAlgos

Definition at line 1493 of file tls.h.

◆ TlsSupportedGroupList

TlsSupportedGroupList

Definition at line 1605 of file tls.h.

◆ TlsSupportedVersionList

TlsSupportedVersionList

Definition at line 1549 of file tls.h.

◆ value

uint8_t value[]

Definition at line 1459 of file tls.h.

◆ version

uint16_t version

Definition at line 1693 of file tls.h.

Data Structures

Macros

Typedefs

Enumerations

Functions

Variables

Detailed Description

License

Macro Definition Documentation

◆ CYCLONE_SSL_MAJOR_VERSION

◆ CYCLONE_SSL_MINOR_VERSION

◆ CYCLONE_SSL_REV_NUMBER

◆ CYCLONE_SSL_VERSION_STRING

◆ SSL_VERSION_3_0

◆ TLS_3DES_SUPPORT

◆ TLS_AES_128_SUPPORT

◆ TLS_AES_256_SUPPORT

◆ TLS_ALPN_SUPPORT

◆ TLS_ARIA_128_SUPPORT

◆ TLS_ARIA_256_SUPPORT

◆ TLS_BRAINPOOLP256R1_SUPPORT

◆ TLS_BRAINPOOLP384R1_SUPPORT

◆ TLS_BRAINPOOLP512R1_SUPPORT

◆ TLS_CAMELLIA_128_SUPPORT

◆ TLS_CAMELLIA_256_SUPPORT

◆ TLS_CBC_CIPHER_SUPPORT

◆ TLS_CCM_8_CIPHER_SUPPORT

◆ TLS_CCM_CIPHER_SUPPORT

◆ TLS_CERT_AUTHORITIES_SUPPORT

◆ TLS_CERT_KEY_USAGE_SUPPORT

◆ TLS_CHACHA20_POLY1305_SUPPORT

◆ TLS_CLIENT_HELLO_PADDING_SUPPORT

◆ TLS_CLIENT_SUPPORT

◆ TLS_DES_SUPPORT

◆ TLS_DH_ANON_KE_SUPPORT

◆ TLS_DH_SUPPORT

◆ TLS_DHE_DSS_KE_SUPPORT

◆ TLS_DHE_PSK_KE_SUPPORT

◆ TLS_DHE_RSA_KE_SUPPORT

◆ TLS_DSA_SIGN_SUPPORT

◆ TLS_ECC_CALLBACK_SUPPORT

◆ TLS_ECDH_ANON_KE_SUPPORT

◆ TLS_ECDH_SUPPORT

◆ TLS_ECDHE_ECDSA_KE_SUPPORT

◆ TLS_ECDHE_PSK_KE_SUPPORT

◆ TLS_ECDHE_RSA_KE_SUPPORT

◆ TLS_ECDSA_SIGN_SUPPORT

◆ TLS_ED25519_SUPPORT

◆ TLS_ED448_SUPPORT

◆ TLS_EDDSA_SIGN_SUPPORT

◆ TLS_EXT_MASTER_SECRET_SUPPORT

◆ TLS_FALLBACK_SCSV_SUPPORT

◆ TLS_FFDHE2048_SUPPORT

◆ TLS_FFDHE3072_SUPPORT

◆ TLS_FFDHE4096_SUPPORT

◆ TLS_FFDHE_SUPPORT

◆ TLS_FLAG_BREAK

◆ TLS_GCM_CIPHER_SUPPORT

◆ TLS_IDEA_SUPPORT

◆ TLS_KEY_LOG_SUPPORT

◆ TLS_MASTER_SECRET_SIZE

◆ TLS_MAX_CERTIFICATES

◆ TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES

◆ TLS_MAX_DH_MODULUS_SIZE

◆ TLS_MAX_DSA_MODULUS_SIZE

◆ TLS_MAX_EMPTY_RECORDS

◆ TLS_MAX_FRAG_LEN_SUPPORT

◆ TLS_MAX_HKDF_DIGEST_SIZE

◆ TLS_MAX_KEY_UPDATE_MESSAGES

◆ TLS_MAX_PASSWORD_LEN

◆ TLS_MAX_RECORD_LENGTH

◆ TLS_MAX_RECORD_OVERHEAD

◆ TLS_MAX_RSA_MODULUS_SIZE

◆ TLS_MAX_SERVER_NAME_LEN

◆ TLS_MAX_TICKET_SIZE

◆ TLS_MAX_VERSION

◆ TLS_MAX_WARNING_ALERTS

◆ TLS_MD5_SUPPORT

◆ TLS_MIN_DH_MODULUS_SIZE

◆ TLS_MIN_DSA_MODULUS_SIZE