tls.h File Reference

TLS (Transport Layer Security) More...

#include "os_port.h"
#include "core/crypto.h"
#include "tls_config.h"
#include "tls_legacy.h"
#include "tls13_misc.h"
#include "dtls_misc.h"
#include "mac/hmac.h"
#include "aead/aead_algorithms.h"
#include "pkc/rsa.h"
#include "pkc/dsa.h"
#include "ecc/ecdsa.h"
#include "pkc/dh.h"
#include "ecc/ecdh.h"
#include "pkix/x509_common.h"

Go to the source code of this file.

Data Structures

struct  TlsCipherSuiteInfo
 Structure describing a cipher suite. More...
 
struct  TlsSessionState
 TLS session state. More...
 
struct  TlsCache
 Session cache. More...
 
struct  TlsCertDesc
 Certificate descriptor. More...
 
struct  TlsHelloExtensions
 Hello extensions. More...
 
struct  _TlsEncryptionEngine
 Encryption engine. More...
 
struct  _TlsContext
 TLS context. More...
 

Macros

#define TlsContext   struct _TlsContext
 
#define TlsEncryptionEngine   struct _TlsEncryptionEngine
 
#define CYCLONE_SSL_VERSION_STRING   "2.2.4"
 
#define CYCLONE_SSL_MAJOR_VERSION   2
 
#define CYCLONE_SSL_MINOR_VERSION   2
 
#define CYCLONE_SSL_REV_NUMBER   4
 
#define SSL_VERSION_3_0   0x0300
 
#define TLS_VERSION_1_0   0x0301
 
#define TLS_VERSION_1_1   0x0302
 
#define TLS_VERSION_1_2   0x0303
 
#define TLS_VERSION_1_3   0x0304
 
#define TLS_SUPPORT   ENABLED
 
#define TLS_CLIENT_SUPPORT   ENABLED
 
#define TLS_SERVER_SUPPORT   ENABLED
 
#define TLS_MIN_VERSION   TLS_VERSION_1_2
 
#define TLS_MAX_VERSION   TLS_VERSION_1_3
 
#define TLS_SESSION_RESUME_SUPPORT   ENABLED
 
#define TLS_SESSION_CACHE_LIFETIME   3600000
 
#define TLS_TICKET_SUPPORT   DISABLED
 
#define TLS_MAX_TICKET_SIZE   1024
 
#define TLS_TICKET_LIFETIME   3600000
 
#define TLS_SNI_SUPPORT   ENABLED
 
#define TLS_MAX_FRAG_LEN_SUPPORT   DISABLED
 
#define TLS_RECORD_SIZE_LIMIT_SUPPORT   ENABLED
 
#define TLS_ALPN_SUPPORT   DISABLED
 
#define TLS_EXT_MASTER_SECRET_SUPPORT   ENABLED
 
#define TLS_CLIENT_HELLO_PADDING_SUPPORT   ENABLED
 
#define TLS_CERT_AUTHORITIES_SUPPORT   DISABLED
 
#define TLS_SIGN_ALGOS_CERT_SUPPORT   DISABLED
 
#define TLS_RAW_PUBLIC_KEY_SUPPORT   DISABLED
 
#define TLS_SECURE_RENEGOTIATION_SUPPORT   DISABLED
 
#define TLS_FALLBACK_SCSV_SUPPORT   DISABLED
 
#define TLS_ECC_CALLBACK_SUPPORT   DISABLED
 
#define TLS_MAX_CERTIFICATES   3
 
#define TLS_RSA_KE_SUPPORT   ENABLED
 
#define TLS_DHE_RSA_KE_SUPPORT   ENABLED
 
#define TLS_DHE_DSS_KE_SUPPORT   DISABLED
 
#define TLS_DH_ANON_KE_SUPPORT   DISABLED
 
#define TLS_ECDHE_RSA_KE_SUPPORT   ENABLED
 
#define TLS_ECDHE_ECDSA_KE_SUPPORT   ENABLED
 
#define TLS_ECDH_ANON_KE_SUPPORT   DISABLED
 
#define TLS_PSK_KE_SUPPORT   DISABLED
 
#define TLS_RSA_PSK_KE_SUPPORT   DISABLED
 
#define TLS_DHE_PSK_KE_SUPPORT   DISABLED
 
#define TLS_ECDHE_PSK_KE_SUPPORT   DISABLED
 
#define TLS_RSA_SIGN_SUPPORT   ENABLED
 
#define TLS_RSA_PSS_SIGN_SUPPORT   ENABLED
 
#define TLS_DSA_SIGN_SUPPORT   DISABLED
 
#define TLS_ECDSA_SIGN_SUPPORT   ENABLED
 
#define TLS_EDDSA_SIGN_SUPPORT   DISABLED
 
#define TLS_NULL_CIPHER_SUPPORT   DISABLED
 
#define TLS_STREAM_CIPHER_SUPPORT   DISABLED
 
#define TLS_CBC_CIPHER_SUPPORT   ENABLED
 
#define TLS_CCM_CIPHER_SUPPORT   DISABLED
 
#define TLS_CCM_8_CIPHER_SUPPORT   DISABLED
 
#define TLS_GCM_CIPHER_SUPPORT   ENABLED
 
#define TLS_CHACHA20_POLY1305_SUPPORT   DISABLED
 
#define TLS_RC4_SUPPORT   DISABLED
 
#define TLS_IDEA_SUPPORT   DISABLED
 
#define TLS_DES_SUPPORT   DISABLED
 
#define TLS_3DES_SUPPORT   DISABLED
 
#define TLS_AES_128_SUPPORT   ENABLED
 
#define TLS_AES_256_SUPPORT   ENABLED
 
#define TLS_CAMELLIA_128_SUPPORT   DISABLED
 
#define TLS_CAMELLIA_256_SUPPORT   DISABLED
 
#define TLS_ARIA_128_SUPPORT   DISABLED
 
#define TLS_ARIA_256_SUPPORT   DISABLED
 
#define TLS_SEED_SUPPORT   DISABLED
 
#define TLS_MD5_SUPPORT   DISABLED
 
#define TLS_SHA1_SUPPORT   ENABLED
 
#define TLS_SHA224_SUPPORT   DISABLED
 
#define TLS_SHA256_SUPPORT   ENABLED
 
#define TLS_SHA384_SUPPORT   ENABLED
 
#define TLS_SHA512_SUPPORT   DISABLED
 
#define TLS_FFDHE_SUPPORT   DISABLED
 
#define TLS_FFDHE2048_SUPPORT   ENABLED
 
#define TLS_FFDHE3072_SUPPORT   DISABLED
 
#define TLS_FFDHE4096_SUPPORT   DISABLED
 
#define TLS_SECP160K1_SUPPORT   DISABLED
 
#define TLS_SECP160R1_SUPPORT   DISABLED
 
#define TLS_SECP160R2_SUPPORT   DISABLED
 
#define TLS_SECP192K1_SUPPORT   DISABLED
 
#define TLS_SECP192R1_SUPPORT   DISABLED
 
#define TLS_SECP224K1_SUPPORT   DISABLED
 
#define TLS_SECP224R1_SUPPORT   DISABLED
 
#define TLS_SECP256K1_SUPPORT   DISABLED
 
#define TLS_SECP256R1_SUPPORT   ENABLED
 
#define TLS_SECP384R1_SUPPORT   ENABLED
 
#define TLS_SECP521R1_SUPPORT   DISABLED
 
#define TLS_BRAINPOOLP256R1_SUPPORT   DISABLED
 
#define TLS_BRAINPOOLP384R1_SUPPORT   DISABLED
 
#define TLS_BRAINPOOLP512R1_SUPPORT   DISABLED
 
#define TLS_X25519_SUPPORT   DISABLED
 
#define TLS_X448_SUPPORT   DISABLED
 
#define TLS_ED25519_SUPPORT   ENABLED
 
#define TLS_ED448_SUPPORT   DISABLED
 
#define TLS_CERT_KEY_USAGE_SUPPORT   ENABLED
 
#define TLS_KEY_LOG_SUPPORT   DISABLED
 
#define TLS_MAX_SERVER_NAME_LEN   255
 
#define TLS_MAX_PASSWORD_LEN   32
 
#define TLS_MIN_DH_MODULUS_SIZE   1024
 
#define TLS_MAX_DH_MODULUS_SIZE   2048
 
#define TLS_MIN_RSA_MODULUS_SIZE   1024
 
#define TLS_MAX_RSA_MODULUS_SIZE   4096
 
#define TLS_MIN_DSA_MODULUS_SIZE   1024
 
#define TLS_MAX_DSA_MODULUS_SIZE   4096
 
#define TLS_MASTER_SECRET_SIZE   48
 
#define TLS_PREMASTER_SECRET_SIZE   (TLS_MAX_DH_MODULUS_SIZE / 8)
 
#define TLS_MAX_WARNING_ALERTS   5
 
#define TLS_MAX_EMPTY_RECORDS   10
 
#define TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES   5
 
#define TLS_MAX_KEY_UPDATE_MESSAGES   5
 
#define TLS_PRIVATE_CONTEXT
 
#define TLS_PRIVATE_ENCRYPTION_ENGINE
 
#define tlsAllocMem(size)   osAllocMem(size)
 
#define tlsFreeMem(p)   osFreeMem(p)
 
#define TLS_DH_SUPPORT   ENABLED
 
#define TLS_ECDH_SUPPORT   ENABLED
 
#define TLS_RSA_SUPPORT   ENABLED
 
#define TLS_PSK_SUPPORT   ENABLED
 
#define TLS_MAX_HKDF_DIGEST_SIZE   48
 
#define tlsSetSocket(context, socket)
 
#define TLS_MIN_RECORD_LENGTH   512
 
#define TLS_MAX_RECORD_LENGTH   16384
 
#define TLS_MAX_RECORD_OVERHEAD   512
 
#define TLS_RANDOM_SIZE   32
 
#define TLS_FLAG_BREAK(c)   (TLS_FLAG_BREAK_CHAR | LSB(c))
 

Typedefs

struct {
   char_t   type
 
   uint32_t   dataStart
 
   uint32_t   dataLength
 
   uint8_t   nameLength
 
   char_t   name []
 
   uint8_t   tokenLen: 4
 
   uint8_t   type: 2
 
   uint8_t   version: 2
 
   uint8_t   code
 
   uint16_t   mid
 
   uint8_t   token []
 
   union {
      uint8_t   b [6]
 
      uint16_t   w [3]
 
   } 
 
   uint16_t   srcPort
 
   uint16_t   destPort
 
   uint32_t   seqNum
 
   uint32_t   ackNum
 
   uint8_t   reserved1: 4
 
   uint8_t   dataOffset: 4
 
   uint8_t   flags: 6
 
   uint8_t   reserved2: 2
 
   uint16_t   window
 
   uint16_t   checksum
 
   uint16_t   urgentPointer
 
   uint8_t   options []
 
   uint16_t   length
 
   uint8_t   data []
 
   uint8_t   op
 
   uint8_t   htype
 
   uint8_t   hlen
 
   uint8_t   hops
 
   uint32_t   xid
 
   uint16_t   secs
 
   uint16_t   flags
 
   Ipv4Addr   ciaddr
 
   Ipv4Addr   yiaddr
 
   Ipv4Addr   siaddr
 
   Ipv4Addr   giaddr
 
   MacAddr   chaddr
 
   uint8_t   unused [10]
 
   uint8_t   sname [64]
 
   uint8_t   file [128]
 
   uint32_t   magicCookie
 
   uint16_t   type
 
   uint16_t   hardwareType
 
   uint32_t   time
 
   MacAddr   linkLayerAddr
 
   uint16_t   id
 
   uint8_t   rd: 1
 
   uint8_t   tc: 1
 
   uint8_t   aa: 1
 
   uint8_t   opcode: 4
 
   uint8_t   qr: 1
 
   uint8_t   rcode: 4
 
   uint8_t   z: 3
 
   uint8_t   ra: 1
 
   uint16_t   qdcount
 
   uint16_t   ancount
 
   uint16_t   nscount
 
   uint16_t   arcount
 
   uint8_t   questions []
 
   uint16_t   controlWord
 
   uint16_t   byteCount
 
   uint8_t   bLength
 
   uint8_t   bDescriptorType
 
   uint16_t   bcdUsb
 
   uint8_t   bDeviceClass
 
   uint8_t   bDeviceSubClass
 
   uint8_t   bDeviceProtocol
 
   uint8_t   bMaxPacketSize0
 
   uint16_t   idVendor
 
   uint16_t   idProduct
 
   uint16_t   bcdDevice
 
   uint8_t   iManufacturer
 
   uint8_t   iProduct
 
   uint8_t   iSerialNumber
 
   uint8_t   bNumConfigurations
 
   uint8_t   maxRespTime
 
   Ipv4Addr   groupAddr
 
   uint16_t   hrd
 
   uint16_t   pro
 
   uint8_t   hln
 
   uint8_t   pln
 
   uint16_t   op
 
   MacAddr   sha
 
   Ipv4Addr   spa
 
   MacAddr   tha
 
   Ipv4Addr   tpa
 
   uint8_t   length
 
   uint8_t   value []
 
   uint16_t   first
 
   uint16_t   last
 
   uint16_t   next
 
   union {
      uint8_t   b [16]
 
      uint16_t   w [8]
 
      uint32_t   dw [4]
 
   } 
 
   uint16_t   maxRespDelay
 
   uint16_t   reserved
 
   Ipv6Addr   multicastAddr
 
   uint32_t   reserved
 
   uint16_t   pvid
 
   uint8_t   autoNegSupportStatus
 
   uint16_t   pmdAutoNegAdvCap
 
   uint16_t   operationalMauType
 
   uint16_t   capabilities
 
   uint8_t   deviceType
 
   uint8_t   lengthH: 1
 
   uint8_t   lengthL
 
   uint8_t   t: 1
 
   uint8_t   c: 1
 
   union {
      int32_t   integer
 
      uint8_t   octetString [1]
 
      uint8_t   oid [1]
 
      uint8_t   ipAddr [4]
 
      uint32_t   counter32
 
      uint32_t   gauge32
 
      uint32_t   unsigned32
 
      uint32_t   timeTicks
 
      uint64_t   counter64
 
   } 
 
   uint16_t   transactionId
 
   uint16_t   protocolId
 
   uint8_t   unitId
 
   uint8_t   pdu []
 
   uint8_t   retain: 1
 
   uint8_t   qos: 2
 
   uint8_t   dup: 1
 
   union {
      uint8_t   all
 
      struct {
         uint8_t   topicIdType: 2
 
         uint8_t   cleanSession: 1
 
         uint8_t   will: 1
 
         uint8_t   retain: 1
 
         uint8_t   qos: 2
 
         uint8_t   dup: 1
 
      } 
 
   } 
 
   uint8_t   b: 1
 
   uint8_t   identifier
 
   uint8_t   valueSize
 
   Ipv4Addr   srcIpAddr
 
   Ipv4Addr   destIpAddr
 
   Eui64   interfaceId
 
   uint16_t   mru
 
   uint8_t   peerIdLength
 
   uint8_t   peerId []
 
   uint32_t   seconds
 
   uint32_t   fraction
 
   uint16_t   opcode
 
   char_t   filename []
 
   uint8_t   reserved: 3
 
   uint8_t   fin: 1
 
   uint8_t   payloadLen: 7
 
   uint8_t   mask: 1
 
   uint8_t   extPayloadLen []
 
   uint32_t   length
 
   uint8_t   payload []
 
   uint8_t   protocolVersionId
 
   uint8_t   bpduType
 
   StpBridgeId   rootId
 
   uint32_t   rootPathCost
 
   StpBridgeId   bridgeId
 
   uint16_t   portId
 
   uint16_t   messageAge
 
   uint16_t   maxAge
 
   uint16_t   helloTime
 
   uint16_t   forwardDelay
 
   uint8_t   version1Length
 
   uint16_t   priority
 
   MacAddr   addr
 
TlsSequenceNumber
 Sequence number. More...
 
struct {
   char_t   type
 
   uint32_t   dataStart
 
   uint32_t   dataLength
 
   uint8_t   nameLength
 
   uint8_t   length: 4
 
   uint8_t   delta: 4
 
   union {
      uint8_t   b [8]
 
      uint16_t   w [4]
 
      uint32_t   dw [2]
 
   } 
 
   uint8_t   kind
 
   uint8_t   value []
 
   uint8_t   code
 
   uint16_t   type
 
   uint32_t   enterpriseNumber
 
   uint8_t   identifier []
 
   uint16_t   qtype
 
   uint16_t   qclass
 
   uint16_t   statusWord
 
   uint16_t   byteCount
 
   uint8_t   bLength
 
   uint8_t   bDescriptorType
 
   uint16_t   wTotalLength
 
   uint8_t   bNumInterfaces
 
   uint8_t   bConfigurationValue
 
   uint8_t   iConfiguration
 
   uint8_t   bmAttributes
 
   uint8_t   bMaxPower
 
   uint8_t   type
 
   uint16_t   checksum
 
   uint8_t   parameter
 
   uint8_t   unused [3]
 
   uint8_t   data []
 
   uint32_t   parameter
 
   uint8_t   nextHeader
 
   uint8_t   hdrExtLen
 
   uint8_t   options []
 
   uint8_t   curHopLimit
 
   uint8_t   reserved: 2
 
   uint8_t   p: 1
 
   uint8_t   prf: 2
 
   uint8_t   h: 1
 
   uint8_t   o: 1
 
   uint8_t   m: 1
 
   uint16_t   routerLifetime
 
   uint32_t   reachableTime
 
   uint32_t   retransTimer
 
   uint8_t   flags
 
   uint16_t   ppvid
 
   uint8_t   mdiPowerSupport
 
   uint8_t   psePowerPair
 
   uint8_t   powerClass
 
   uint8_t   appType
 
   uint8_t   vlanIdH: 5
 
   uint8_t   x: 1
 
   uint8_t   t: 1
 
   uint8_t   u: 1
 
   uint8_t   l2PriorityH: 1
 
   uint8_t   vlanIdL: 7
 
   uint8_t   dscpValue: 6
 
   uint8_t   l2PriorityL: 2
 
   uint8_t   chassisIdSubtype
 
   uint8_t   chassisId []
 
   uint8_t   functionCode
 
   uint16_t   startingAddr
 
   uint16_t   quantityOfCoils
 
   uint16_t   length
 
   uint8_t   msgType
 
   uint16_t   flags
 
   Ipv4Addr   addr
 
   uint8_t   valueSize
 
   uint16_t   protocol
 
   uint32_t   accm
 
   uint8_t   msgLength
 
   uint8_t   message []
 
   uint8_t   mode: 3
 
   uint8_t   vn: 3
 
   uint8_t   li: 2
 
   uint8_t   stratum
 
   uint8_t   poll
 
   int8_t   precision
 
   uint32_t   rootDelay
 
   uint32_t   rootDispersion
 
   uint32_t   referenceId
 
   NtpTimestamp   referenceTimestamp
 
   NtpTimestamp   originateTimestamp
 
   NtpTimestamp   receiveTimestamp
 
   NtpTimestamp   transmitTimestamp
 
   uint16_t   opcode
 
   char_t   filename []
 
   uint16_t   value []
 
   uint16_t   group
 
   uint8_t   keyExchange []
 
   uint32_t   id
 
   uint32_t   dataLen
 
TlsCipherSuites
 Cipher suites. More...
 
struct {
   uint32_t   totalSize
 
   ResRootEntry   rootEntry
 
   MacAddr   destAddr
 
   MacAddr   srcAddr
 
   uint16_t   type
 
   uint8_t   data []
 
   uint16_t   hardwareType
 
   MacAddr   linkLayerAddr
 
   uint16_t   rtype
 
   uint16_t   rclass
 
   uint32_t   ttl
 
   uint16_t   rdlength
 
   uint8_t   rdata []
 
   uint8_t   bLength
 
   uint8_t   bDescriptorType
 
   uint8_t   bInterfaceNumber
 
   uint8_t   bAlternateSetting
 
   uint8_t   bNumEndpoints
 
   uint8_t   bInterfaceClass
 
   uint8_t   bInterfaceSubClass
 
   uint8_t   bInterfaceProtocol
 
   uint8_t   iInterface
 
   uint8_t   type
 
   uint8_t   code
 
   uint16_t   checksum
 
   uint32_t   unused
 
   uint8_t   nextHeader
 
   uint8_t   hdrExtLen
 
   uint8_t   options []
 
   uint32_t   reserved
 
   Ipv6Addr   targetAddr
 
   uint16_t   vlanId
 
   uint8_t   vlanNameLen
 
   char_t   vlanName []
 
   uint8_t   aggregationStatus
 
   uint32_t   aggregatedPortId
 
   uint8_t   locationDataFormat
 
   uint8_t   locationId []
 
   uint8_t   portIdSubtype
 
   uint8_t   portId []
 
   uint8_t   functionCode
 
   uint8_t   byteCount
 
   uint8_t   coilStatus []
 
   uint8_t   prefix
 
   uint16_t   length
 
   uint8_t   msgType
 
   uint8_t   identifier
 
   uint8_t   message []
 
   uint8_t   length
 
   Ipv4Addr   ipAddr
 
   uint16_t   protocol
 
   uint8_t   msgLength
 
   uint8_t   rejectedPacket []
 
   uint32_t   keyId
 
   uint8_t   messageDigest [16]
 
   uint16_t   opcode
 
   uint16_t   block
 
   uint16_t   value []
 
   uint8_t   value []
 
TlsCompressMethods
 Compression methods. More...
 
struct {
   uint8_t   dsap
 
   uint8_t   ssap
 
   uint8_t   control
 
   uint8_t   msgType
 
   uint8_t   transactionId [3]
 
   uint8_t   options []
 
   uint16_t   rtype
 
   uint16_t   rclass
 
   uint32_t   ttl
 
   uint16_t   rdlength
 
   uint8_t   rdata [4]
 
   uint8_t   bLength
 
   uint8_t   bDescriptorType
 
   uint8_t   bEndpointAddress
 
   uint8_t   bmAttributes
 
   uint16_t   wMaxPacketSize
 
   uint8_t   bInterval
 
   uint8_t   type
 
   uint8_t   code
 
   uint16_t   checksum
 
   uint32_t   unused
 
   uint8_t   data []
 
   uint32_t   mtu
 
   uint8_t   nextHeader
 
   uint8_t   hdrExtLen
 
   uint8_t   routingType
 
   uint8_t   segmentsLeft
 
   uint32_t   reserved
 
   Ipv6Addr   address []
 
   uint8_t   reserved1: 5
 
   uint8_t   o: 1
 
   uint8_t   s: 1
 
   uint8_t   r: 1
 
   uint8_t   reserved2 [3]
 
   Ipv6Addr   targetAddr
 
   uint8_t   protocolIdLen
 
   uint8_t   protocolId []
 
   uint16_t   maxFrameSize
 
   uint8_t   powerPriority: 4
 
   uint8_t   powerSource: 2
 
   uint8_t   powerType: 2
 
   uint16_t   powerValue
 
   uint16_t   ttl
 
   uint8_t   functionCode
 
   uint16_t   startingAddr
 
   uint16_t   quantityOfInputs
 
   uint8_t   gwId
 
   uint16_t   duration
 
   uint8_t   identifier
 
   uint16_t   length
 
   uint8_t   message []
 
   uint8_t   length
 
   Ipv4Addr   ipAddr
 
   uint16_t   protocol
 
   uint16_t   rejectedProtocol
 
   uint8_t   rejectedInfo []
 
   uint16_t   opcode
 
   uint16_t   block
 
   uint16_t   version
 
   uint16_t   epoch
 
   DtlsSequenceNumber   seqNum
 
   uint8_t   hash
 
   uint8_t   signature
 
   uint8_t   value []
 
TlsSignHashAlgo
 Signature algorithm. More...
 
struct {
   uint16_t   tci
 
   uint16_t   type
 
   uint8_t   msgType
 
   uint8_t   hopCount
 
   Ipv6Addr   linkAddress
 
   Ipv6Addr   peerAddress
 
   uint8_t   options []
 
   uint16_t   rtype
 
   uint16_t   rclass
 
   uint32_t   ttl
 
   uint16_t   rdlength
 
   uint8_t   rdata [16]
 
   uint8_t   bLength
 
   uint8_t   bDescriptorType
 
   uint16_t   bString []
 
   uint8_t   type
 
   uint8_t   code
 
   uint16_t   checksum
 
   uint8_t   pointer
 
   uint8_t   unused [3]
 
   uint8_t   data []
 
   uint32_t   unused
 
   uint8_t   nextHeader
 
   uint8_t   payloadLen
 
   uint16_t   reserved
 
   uint32_t   securityParamIndex
 
   uint32_t   sequenceNumber
 
   uint8_t   authData []
 
   uint32_t   reserved
 
   Ipv6Addr   targetAddr
 
   Ipv6Addr   destAddr
 
   uint8_t   measurements [20]
 
   uint16_t   psePowerPriceIndex
 
   uint16_t   supportedCap
 
   uint16_t   enabledCap
 
   uint8_t   functionCode
 
   uint8_t   byteCount
 
   uint8_t   inputStatus []
 
   uint8_t   radius
 
   uint8_t   length
 
   Ipv4Addr   ipAddr
 
   uint32_t   magicNumber
 
   uint8_t   identifier
 
   uint16_t   length
 
   uint16_t   opcode
 
   uint16_t   errorCode
 
   char_t   errorMsg []
 
   uint16_t   msgSeq
 
   uint8_t   fragOffset [3]
 
   uint8_t   fragLength [3]
 
   TlsSignHashAlgo   value []
 
   uint8_t   value []
 
TlsSignHashAlgos
 List of signature algorithms. More...
 
struct {
   uint16_t   code
 
   uint16_t   length
 
   uint8_t   value []
 
   uint16_t   rtype
 
   uint16_t   rclass
 
   uint32_t   ttl
 
   uint16_t   rdlength
 
   uint16_t   priority
 
   uint16_t   weight
 
   uint16_t   port
 
   uint8_t   target []
 
   uint8_t   bFunctionLength
 
   uint8_t   bDescriptorType
 
   uint8_t   bDescriptorSubtype
 
   uint16_t   bcdCdc
 
   uint8_t   type
 
   uint8_t   code
 
   uint16_t   checksum
 
   uint16_t   identifier
 
   uint16_t   sequenceNumber
 
   uint8_t   data []
 
   uint32_t   pointer
 
   uint32_t   securityParamIndex
 
   uint32_t   sequenceNumber
 
   uint8_t   payloadData []
 
   uint8_t   length
 
   uint8_t   powerPriority: 2
 
   uint8_t   pd4pid: 1
 
   uint8_t   reserved: 1
 
   uint8_t   powerSource: 2
 
   uint8_t   powerType: 2
 
   uint16_t   pdRequestedPower
 
   uint16_t   pseAllocatedPower
 
   uint8_t   mgmtAddrLen
 
   uint8_t   mgmtAddrSubtype
 
   uint8_t   mgmtAddr []
 
   uint8_t   functionCode
 
   uint16_t   startingAddr
 
   uint16_t   quantityOfRegs
 
   uint8_t   gwId
 
   uint8_t   gwAdd []
 
   Ipv4Addr   ipAddr
 
   uint8_t   identifier
 
   uint32_t   magicNumber
 
   uint16_t   serverVersion
 
   uint8_t   cookieLength
 
   uint8_t   cookie []
 
TlsCertificateList
 List of certificates. More...
 
struct {
   uint32_t   iaId
 
   uint32_t   t1
 
   uint32_t   t2
 
   uint8_t   options []
 
   uint8_t   bFunctionLength
 
   uint8_t   bDescriptorType
 
   uint8_t   bDescriptorSubtype
 
   uint8_t   bmCapabilities
 
   uint8_t   bDataInterface
 
   uint8_t   type
 
   uint8_t   code
 
   uint16_t   checksum
 
   uint16_t   identifier
 
   uint16_t   sequenceNumber
 
   uint8_t   data []
 
   uint8_t   length
 
   MacAddr   linkLayerAddr
 
   uint16_t   pdRequestedPowerA
 
   uint16_t   pdRequestedPowerB
 
   uint16_t   pseAllocatedPowerA
 
   uint16_t   pseAllocatedPowerB
 
   uint16_t   powerStatus
 
   uint8_t   systemSetup
 
   uint16_t   pseMaxAvailablePower
 
   uint8_t   autoclass
 
   uint8_t   powerDown [3]
 
   uint8_t   ifNumSubtype
 
   uint32_t   ifNum
 
   uint8_t   oidLen
 
   uint8_t   oid []
 
   uint8_t   functionCode
 
   uint8_t   byteCount
 
   uint16_t   regValue []
 
   MqttSnFlags   flags
 
   uint8_t   protocolId
 
   uint16_t   duration
 
   char_t   clientId []
 
   Ipv4Addr   ipAddr
 
   uint16_t   length
 
   uint8_t   value []
 
TlsCertAuthorities
 List of certificate authorities. More...
 
struct {
   uint32_t   iaId
 
   uint8_t   options []
 
   uint8_t   bFunctionLength
 
   uint8_t   bDescriptorType
 
   uint8_t   bDescriptorSubtype
 
   uint8_t   bmCapabilities
 
   uint8_t   type
 
   uint8_t   length
 
   uint8_t   prefixLength
 
   uint8_t   reserved1: 5
 
   uint8_t   r: 1
 
   uint8_t   a: 1
 
   uint8_t   l: 1
 
   uint32_t   validLifetime
 
   uint32_t   preferredLifetime
 
   uint32_t   reserved2
 
   Ipv6Addr   prefix
 
   uint8_t   oui [LLDP_OUI_SIZE]
 
   uint8_t   subtype
 
   uint8_t   value []
 
   uint8_t   functionCode
 
   uint16_t   startingAddr
 
   uint16_t   quantityOfRegs
 
   uint8_t   returnCode
 
   uint16_t   type
 
   uint16_t   length
 
TlsExtension
 TLS extension. More...
 
struct {
   Ipv6Addr   address
 
   uint32_t   preferredLifetime
 
   uint32_t   validLifetime
 
   uint8_t   options []
 
   uint8_t   bFunctionLength
 
   uint8_t   bDescriptorType
 
   uint8_t   bDescriptorSubtype
 
   uint8_t   bMasterInterface
 
   uint8_t   bSlaveInterface0
 
   uint8_t   type
 
   uint8_t   length
 
   uint16_t   reserved1
 
   uint32_t   reserved2
 
   uint8_t   ipPacket []
 
   uint8_t   functionCode
 
   uint8_t   byteCount
 
   uint16_t   regValue []
 
   MqttSnFlags   flags
 
   char_t   willTopic []
 
   uint16_t   length
 
   uint8_t   value []
 
TlsExtensionList
 List of TLS extensions. More...
 
struct {
   uint16_t   requestedOption [1]
 
   UsbConfigDescriptor   configDescriptor
 
   UsbInterfaceDescriptor   communicationInterfaceDescriptor
 
   CdcHeaderDescriptor   cdcHeaderDescriptor
 
   CdcCallManagementDescriptor   cdcCallManagementDescriptor
 
   CdcAcmDescriptor   cdcAcmDescriptor
 
   CdcUnionDescriptor   cdcUnionDescriptor
 
   UsbEndpointDescriptor   notificationEndpointDescriptor
 
   UsbInterfaceDescriptor   dataInterfaceDescriptor
 
   UsbEndpointDescriptor   dataOutEndpointDescriptor
 
   UsbEndpointDescriptor   dataInEndpointDescriptor
 
   uint8_t   type
 
   uint8_t   length
 
   uint16_t   reserved
 
   uint32_t   mtu
 
   uint8_t   functionCode
 
   uint16_t   outputAddr
 
   uint16_t   outputValue
 
   uint16_t   topicId
 
   uint16_t   msgId
 
   char_t   topicName []
 
   uint16_t   value []
 
   uint16_t   algorithm
 
   uint16_t   length
 
   uint8_t   value []
 
TlsSupportedVersionList
 List of supported versions. More...
 
struct {
   uint8_t   value
 
   uint8_t   type
 
   uint8_t   length
 
   uint8_t   prefixLength
 
   uint8_t   reserved2: 3
 
   uint8_t   prf: 2
 
   uint8_t   reserved1: 3
 
   uint32_t   routeLifetime
 
   Ipv6Addr   prefix
 
   uint8_t   functionCode
 
   uint16_t   outputAddr
 
   uint16_t   outputValue
 
   uint16_t   topicId
 
   uint16_t   msgId
 
   uint8_t   returnCode
 
   uint16_t   length
 
   char_t   hostname []
 
   uint16_t   serverVersion
 
   uint8_t   random [32]
 
   uint8_t   sessionIdLen
 
   uint8_t   sessionId []
 
TlsServerName
 Server name. More...
 
struct {
   uint16_t   value
 
   uint8_t   type
 
   uint8_t   length
 
   uint16_t   reserved
 
   uint32_t   lifetime
 
   Ipv6Addr   address []
 
   uint8_t   functionCode
 
   uint16_t   regAddr
 
   uint16_t   regValue
 
   MqttSnFlags   flags
 
   uint16_t   topicId
 
   uint16_t   msgId
 
   uint8_t   data []
 
   uint16_t   length
 
   uint8_t   value []
 
   uint16_t   extensionsLen
 
   uint8_t   extensions []
 
TlsServerNameList
 List of server names. More...
 
struct {
   uint8_t   protocol
 
   uint8_t   algorithm
 
   uint8_t   rdm
 
   uint8_t   replayDetection [8]
 
   uint8_t   authInfo []
 
   uint8_t   type
 
   uint8_t   length
 
   uint16_t   reserved
 
   uint32_t   lifetime
 
   uint8_t   domainNames []
 
   uint8_t   functionCode
 
   uint16_t   regAddr
 
   uint16_t   regValue
 
   uint16_t   topicId
 
   uint16_t   msgId
 
   uint8_t   returnCode
 
   char_t   value []
 
   uint32_t   ticketLifetime
 
   uint32_t   ticketAgeAdd
 
   uint8_t   ticketNonceLen
 
   uint8_t   ticketNonce []
 
TlsProtocolName
 Protocol name. More...
 
struct {
   Ipv6Addr   serverAddr
 
   uint8_t   type
 
   uint8_t   length
 
   uint8_t   contextLength
 
   uint8_t   cid: 4
 
   uint8_t   c: 1
 
   uint8_t   reserved1: 3
 
   uint16_t   reserved2
 
   uint16_t   validLifetime
 
   Ipv6Addr   contextPrefix
 
   uint8_t   functionCode
 
   uint16_t   startingAddr
 
   uint16_t   quantityOfOutputs
 
   uint8_t   byteCount
 
   uint8_t   outputValue []
 
   uint16_t   msgId
 
   uint16_t   length
 
   uint8_t   value []
 
   uint8_t   requestUpdate
 
TlsProtocolNameList
 List of protocol names. More...
 
struct {
   uint16_t   statusCode
 
   char_t   statusMessage []
 
   uint8_t   functionCode
 
   uint16_t   startingAddr
 
   uint16_t   quantityOfOutputs
 
   uint16_t   msgId
 
   uint16_t   length
 
   uint16_t   value []
 
   uint8_t   data []
 
TlsSupportedGroupList
 List of supported groups. More...
 
struct {
   uint8_t   msgType
 
   uint8_t   functionCode
 
   uint16_t   startingAddr
 
   uint16_t   quantityOfRegs
 
   uint8_t   byteCount
 
   uint16_t   regValue []
 
   uint16_t   msgId
 
   uint8_t   length
 
   uint8_t   value []
 
   uint16_t   version
 Protocol version. More...
 
   uint16_t   cipherSuite
 Cipher suite identifier. More...
 
   systime_t   ticketTimestamp
 Timestamp to manage ticket lifetime. More...
 
   uint32_t   ticketLifetime
 Lifetime of the ticket. More...
 
   uint32_t   ticketAgeAdd
 Random value used to obscure the age of the ticket. More...
 
   uint8_t   ticketNonce [4]
 A per-ticket value that is unique across all tickets issued. More...
 
   size_t   ticketPskLen
 Length of the PSK associated with the ticket. More...
 
   uint8_t   ticketPsk [TLS13_MAX_HKDF_DIGEST_SIZE]
 PSK associated with the ticket. More...
 
TlsEcPointFormatList
 List of supported EC point formats. More...
 
struct {
   Ipv6Addr   address [1]
 
   uint8_t   functionCode
 
   uint16_t   startingAddr
 
   uint16_t   quantityOfRegs
 
   MqttSnFlags   flags
 
   uint16_t   msgId
 
   char_t   topicName []
 
   uint8_t   length
 
   uint8_t   value []
 
TlsCertTypeList
 List of supported certificate types. More...
 
struct {
   uint8_t   searchList [1]
 
   uint8_t   functionCode
 
   uint16_t   referenceAddr
 
   uint16_t   andMask
 
   uint16_t   orMask
 
   MqttSnFlags   flags
 
   uint16_t   topicId
 
   uint16_t   msgId
 
   uint8_t   returnCode
 
   uint8_t   length
 
   uint8_t   value []
 
TlsRenegoInfo
 Renegotiated connection. More...
 
struct {
   uint32_t   iaId
 
   uint32_t   t1
 
   uint32_t   t2
 
   uint8_t   options []
 
   uint8_t   functionCode
 
   uint16_t   referenceAddr
 
   uint16_t   andMask
 
   uint16_t   orMask
 
   MqttSnFlags   flags
 
   uint16_t   msgId
 
   char_t   topicName []
 
   uint16_t   length
 
   uint8_t   value []
 
TlsPskIdentity
 PSK identity. More...
 
struct {
   uint32_t   preferredLifetime
 
   uint32_t   validLifetime
 
   uint8_t   prefixLen
 
   Ipv6Addr   prefix
 
   uint8_t   options []
 
   uint8_t   functionCode
 
   uint16_t   readStartingAddr
 
   uint16_t   quantityToRead
 
   uint16_t   writeStartingAddr
 
   uint16_t   quantityToWrite
 
   uint8_t   writeByteCount
 
   uint16_t   writeRegValue []
 
   uint16_t   msgId
 
   uint16_t   length
 
   uint8_t   value []
 
TlsPskIdentityHint
 PSK identity hint. More...
 
struct {
   uint8_t   s: 1
 
   uint8_t   o: 1
 
   uint8_t   n: 1
 
   uint8_t   mbz: 5
 
   uint8_t   domainName []
 
   uint8_t   functionCode
 
   uint8_t   readByteCount
 
   uint16_t   readRegValue []
 
   uint16_t   duration
 
   uint16_t   length
 
   uint8_t   value []
 
TlsDigitalSignature
 Digitally-signed element (TLS 1.0 and TLS 1.1) More...
 
struct {
   uint8_t   functionCode
 
   uint8_t   exceptionCode
 
   MqttSnFlags   flags
 
   char_t   willTopic []
 
   TlsSignHashAlgo   algorithm
 
   uint16_t   length
 
   uint8_t   value []
 
Tls12DigitalSignature
 Digitally-signed element (TLS 1.2) More...
 
struct {
   uint8_t   returnCode
 
   uint8_t   type
 
   uint16_t   version
 
   uint16_t   length
 
   uint8_t   data []
 
TlsRecord
 TLS record. More...
 
struct {
   uint8_t   returnCode
 
   uint8_t   msgType
 
   uint8_t   length [3]
 
   uint8_t   data []
 
TlsHandshake
 TLS handshake message. More...
 
typedef void TlsHelloRequest
 HelloRequest message. More...
 
struct {
   uint16_t   clientVersion
 
   uint8_t   random [32]
 
   uint8_t   sessionIdLen
 
   uint8_t   sessionId []
 
TlsClientHello
 ClientHello message. More...
 
struct {
   uint16_t   serverVersion
 
   uint8_t   random [32]
 
   uint8_t   sessionIdLen
 
   uint8_t   sessionId []
 
TlsServerHello
 ServerHello message. More...
 
typedef void TlsCertificate
 Certificate message. More...
 
typedef void TlsServerKeyExchange
 ServerKeyExchange message. More...
 
struct {
   uint8_t   certificateTypesLen
 
   uint8_t   certificateTypes []
 
TlsCertificateRequest
 CertificateRequest message. More...
 
typedef void TlsServerHelloDone
 ServerHelloDone message. More...
 
typedef void TlsClientKeyExchange
 ClientKeyExchange message. More...
 
typedef void TlsCertificateVerify
 CertificateVerify message. More...
 
struct {
   uint32_t   ticketLifetimeHint
 
   uint16_t   ticketLen
 
   uint8_t   ticket []
 
TlsNewSessionTicket
 NewSessionTicket message. More...
 
typedef void TlsFinished
 Finished message. More...
 
struct {
   uint8_t   type
 
TlsChangeCipherSpec
 ChangeCipherSpec message. More...
 
struct {
   uint8_t   level
 
   uint8_t   description
 
TlsAlert
 Alert message. More...
 
struct {
   uint16_t   version
 Protocol version. More...
 
   uint16_t   cipherSuite
 Cipher suite identifier. More...
 
   uint8_t   secret [TLS_MASTER_SECRET_SIZE]
 Master secret. More...
 
   systime_t   ticketTimestamp
 Timestamp to manage ticket lifetime. More...
 
   uint32_t   ticketLifetime
 Lifetime of the ticket. More...
 
   bool_t   extendedMasterSecret
 Extended master secret computation. More...
 
TlsPlaintextSessionState
 Session state information. More...
 
typedef void * TlsSocketHandle
 Socket handle. More...
 
typedef void(* TlsStateChangeCallback) (TlsContext *context, TlsState state)
 TLS state change callback. More...
 
typedef error_t(* TlsSocketSendCallback) (TlsSocketHandle handle, const void *data, size_t length, size_t *written, uint_t flags)
 Socket send callback function. More...
 
typedef error_t(* TlsSocketReceiveCallback) (TlsSocketHandle handle, void *data, size_t size, size_t *received, uint_t flags)
 Socket receive callback function. More...
 
typedef error_t(* TlsAlpnCallback) (TlsContext *context, const char_t *selectedProtocol)
 ALPN callback function. More...
 
typedef error_t(* TlsPskCallback) (TlsContext *context, const uint8_t *pskIdentity, size_t pskIdentityLen)
 Pre-shared key callback function. More...
 
typedef error_t(* TlsCertVerifyCallback) (TlsContext *context, const X509CertificateInfo *certInfo, uint_t pathLen, void *param)
 Certificate verification callback function. More...
 
typedef error_t(* TlsRpkVerifyCallback) (TlsContext *context, const uint8_t *rawPublicKey, size_t rawPublicKeyLen)
 Raw public key verification callback function. More...
 
typedef error_t(* TlsTicketEncryptCallback) (TlsContext *context, const uint8_t *plaintext, size_t plaintextLen, uint8_t *ciphertext, size_t *ciphertextLen, void *param)
 Ticket encryption callback function. More...
 
typedef error_t(* TlsTicketDecryptCallback) (TlsContext *context, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen, void *param)
 Ticket decryption callback function. More...
 
typedef error_t(* TlsEcdhCallback) (TlsContext *context)
 ECDH key agreement callback function. More...
 
typedef error_t(* TlsEcdsaSignCallback) (TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
 ECDSA signature generation callback function. More...
 
typedef error_t(* TlsEcdsaVerifyCallback) (TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
 ECDSA signature verification callback function. More...
 
typedef void(* TlsKeyLogCallback) (TlsContext *context, const char_t *key)
 Key logging callback function (for debugging purpose only) More...
 

Enumerations

enum  TlsTransportProtocol { TLS_TRANSPORT_PROTOCOL_STREAM = 0, TLS_TRANSPORT_PROTOCOL_DATAGRAM = 1 }
 TLS transport protocols. More...
 
enum  TlsConnectionEnd { TLS_CONNECTION_END_CLIENT = 0, TLS_CONNECTION_END_SERVER = 1 }
 TLS connection end. More...
 
enum  TlsClientAuthMode { TLS_CLIENT_AUTH_NONE = 0, TLS_CLIENT_AUTH_OPTIONAL = 1, TLS_CLIENT_AUTH_REQUIRED = 2 }
 Client authentication mode. More...
 
enum  TlsEarlyDataStatus { TLS_EARLY_DATA_REJECTED = 0, TLS_EARLY_DATA_ACCEPTED = 1 }
 Early data status. More...
 
enum  TlsFlags {
  TLS_FLAG_PEEK = 0x0200, TLS_FLAG_WAIT_ALL = 0x0800, TLS_FLAG_BREAK_CHAR = 0x1000, TLS_FLAG_BREAK_CRLF = 0x100A,
  TLS_FLAG_WAIT_ACK = 0x2000, TLS_FLAG_NO_DELAY = 0x4000, TLS_FLAG_DELAY = 0x8000
}
 Flags used by read and write functions. More...
 
enum  TlsContentType {
  TLS_TYPE_NONE = 0, TLS_TYPE_CHANGE_CIPHER_SPEC = 20, TLS_TYPE_ALERT = 21, TLS_TYPE_HANDSHAKE = 22,
  TLS_TYPE_APPLICATION_DATA = 23, TLS_TYPE_HEARTBEAT = 24, TLS_TYPE_TLS12_CID = 25, TLS_TYPE_ACK = 26
}
 Content type. More...
 
enum  TlsMessageType {
  TLS_TYPE_HELLO_REQUEST = 0, TLS_TYPE_CLIENT_HELLO = 1, TLS_TYPE_SERVER_HELLO = 2, TLS_TYPE_HELLO_VERIFY_REQUEST = 3,
  TLS_TYPE_NEW_SESSION_TICKET = 4, TLS_TYPE_END_OF_EARLY_DATA = 5, TLS_TYPE_HELLO_RETRY_REQUEST = 6, TLS_TYPE_ENCRYPTED_EXTENSIONS = 8,
  TLS_TYPE_REQUEST_CONNECTION_ID = 9, TLS_TYPE_NEW_CONNECTION_ID = 10, TLS_TYPE_CERTIFICATE = 11, TLS_TYPE_SERVER_KEY_EXCHANGE = 12,
  TLS_TYPE_CERTIFICATE_REQUEST = 13, TLS_TYPE_SERVER_HELLO_DONE = 14, TLS_TYPE_CERTIFICATE_VERIFY = 15, TLS_TYPE_CLIENT_KEY_EXCHANGE = 16,
  TLS_TYPE_FINISHED = 20, TLS_TYPE_CERTIFICATE_URL = 21, TLS_TYPE_CERTIFICATE_STATUS = 22, TLS_TYPE_SUPPLEMENTAL_DATA = 23,
  TLS_TYPE_KEY_UPDATE = 24, TLS_TYPE_COMPRESSED_CERTIFICATE = 25, TLS_TYPE_EKT_KEY = 26, TLS_TYPE_MESSAGE_HASH = 254
}
 Handshake message type. More...
 
enum  TlsAlertLevel { TLS_ALERT_LEVEL_WARNING = 1, TLS_ALERT_LEVEL_FATAL = 2 }
 Alert level. More...
 
enum  TlsAlertDescription {
  TLS_ALERT_CLOSE_NOTIFY = 0, TLS_ALERT_UNEXPECTED_MESSAGE = 10, TLS_ALERT_BAD_RECORD_MAC = 20, TLS_ALERT_DECRYPTION_FAILED = 21,
  TLS_ALERT_RECORD_OVERFLOW = 22, TLS_ALERT_DECOMPRESSION_FAILURE = 30, TLS_ALERT_HANDSHAKE_FAILURE = 40, TLS_ALERT_NO_CERTIFICATE = 41,
  TLS_ALERT_BAD_CERTIFICATE = 42, TLS_ALERT_UNSUPPORTED_CERTIFICATE = 43, TLS_ALERT_CERTIFICATE_REVOKED = 44, TLS_ALERT_CERTIFICATE_EXPIRED = 45,
  TLS_ALERT_CERTIFICATE_UNKNOWN = 46, TLS_ALERT_ILLEGAL_PARAMETER = 47, TLS_ALERT_UNKNOWN_CA = 48, TLS_ALERT_ACCESS_DENIED = 49,
  TLS_ALERT_DECODE_ERROR = 50, TLS_ALERT_DECRYPT_ERROR = 51, TLS_ALERT_TOO_MANY_CIDS_REQUESTED = 52, TLS_ALERT_EXPORT_RESTRICTION = 60,
  TLS_ALERT_PROTOCOL_VERSION = 70, TLS_ALERT_INSUFFICIENT_SECURITY = 71, TLS_ALERT_INTERNAL_ERROR = 80, TLS_ALERT_INAPPROPRIATE_FALLBACK = 86,
  TLS_ALERT_USER_CANCELED = 90, TLS_ALERT_NO_RENEGOTIATION = 100, TLS_ALERT_MISSING_EXTENSION = 109, TLS_ALERT_UNSUPPORTED_EXTENSION = 110,
  TLS_ALERT_CERTIFICATE_UNOBTAINABLE = 111, TLS_ALERT_UNRECOGNIZED_NAME = 112, TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE = 113, TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE = 114,
  TLS_ALERT_UNKNOWN_PSK_IDENTITY = 115, TLS_ALERT_CERTIFICATE_REQUIRED = 116, TLS_ALERT_NO_APPLICATION_PROTOCOL = 120
}
 Alert description. More...
 
enum  TlsCompressMethod { TLS_COMPRESSION_METHOD_NULL = 0, TLS_COMPRESSION_METHOD_DEFLATE = 1 }
 Compression methods. More...
 
enum  TlsKeyExchMethod {
  TLS_KEY_EXCH_NONE = 0, TLS_KEY_EXCH_RSA = 1, TLS_KEY_EXCH_DH_RSA = 2, TLS_KEY_EXCH_DHE_RSA = 3,
  TLS_KEY_EXCH_DH_DSS = 4, TLS_KEY_EXCH_DHE_DSS = 5, TLS_KEY_EXCH_DH_ANON = 6, TLS_KEY_EXCH_ECDH_RSA = 7,
  TLS_KEY_EXCH_ECDHE_RSA = 8, TLS_KEY_EXCH_ECDH_ECDSA = 9, TLS_KEY_EXCH_ECDHE_ECDSA = 10, TLS_KEY_EXCH_ECDH_ANON = 11,
  TLS_KEY_EXCH_PSK = 12, TLS_KEY_EXCH_RSA_PSK = 13, TLS_KEY_EXCH_DHE_PSK = 14, TLS_KEY_EXCH_ECDHE_PSK = 15,
  TLS_KEY_EXCH_SRP_SHA = 16, TLS_KEY_EXCH_SRP_SHA_RSA = 17, TLS_KEY_EXCH_SRP_SHA_DSS = 18, TLS13_KEY_EXCH_DHE = 19,
  TLS13_KEY_EXCH_ECDHE = 20, TLS13_KEY_EXCH_PSK = 21, TLS13_KEY_EXCH_PSK_DHE = 22, TLS13_KEY_EXCH_PSK_ECDHE = 23
}
 Key exchange methods. More...
 
enum  TlsCertificateFormat { TLS_CERT_FORMAT_X509 = 0, TLS_CERT_FORMAT_OPENPGP = 1, TLS_CERT_FORMAT_RAW_PUBLIC_KEY = 2, TLS_CERT_FORMAT_1609DOT2 = 3 }
 Certificate formats. More...
 
enum  TlsCertificateType {
  TLS_CERT_NONE = 0, TLS_CERT_RSA_SIGN = 1, TLS_CERT_DSS_SIGN = 2, TLS_CERT_RSA_FIXED_DH = 3,
  TLS_CERT_DSS_FIXED_DH = 4, TLS_CERT_RSA_EPHEMERAL_DH = 5, TLS_CERT_DSS_EPHEMERAL_DH = 6, TLS_CERT_FORTEZZA_DMS = 20,
  TLS_CERT_ECDSA_SIGN = 64, TLS_CERT_RSA_FIXED_ECDH = 65, TLS_CERT_ECDSA_FIXED_ECDH = 66, TLS_CERT_GOST_SIGN256 = 67,
  TLS_CERT_GOST_SIGN512 = 68, TLS_CERT_RSA_PSS_SIGN = 256, TLS_CERT_ED25519_SIGN = 257, TLS_CERT_ED448_SIGN = 258
}
 Certificate types. More...
 
enum  TlsHashAlgo {
  TLS_HASH_ALGO_NONE = 0, TLS_HASH_ALGO_MD5 = 1, TLS_HASH_ALGO_SHA1 = 2, TLS_HASH_ALGO_SHA224 = 3,
  TLS_HASH_ALGO_SHA256 = 4, TLS_HASH_ALGO_SHA384 = 5, TLS_HASH_ALGO_SHA512 = 6, TLS_HASH_ALGO_INTRINSIC = 8
}
 Hash algorithms. More...
 
enum  TlsSignatureAlgo {
  TLS_SIGN_ALGO_ANONYMOUS = 0, TLS_SIGN_ALGO_RSA = 1, TLS_SIGN_ALGO_DSA = 2, TLS_SIGN_ALGO_ECDSA = 3,
  TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA256 = 4, TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA384 = 5, TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA512 = 6, TLS_SIGN_ALGO_ED25519 = 7,
  TLS_SIGN_ALGO_ED448 = 8, TLS_SIGN_ALGO_RSA_PSS_PSS_SHA256 = 9, TLS_SIGN_ALGO_RSA_PSS_PSS_SHA384 = 10, TLS_SIGN_ALGO_RSA_PSS_PSS_SHA512 = 11,
  TLS_SIGN_ALGO_ECDSA_BRAINPOOLP256R1_TLS13_SHA256 = 26, TLS_SIGN_ALGO_ECDSA_BRAINPOOLP384R1_TLS13_SHA384 = 27, TLS_SIGN_ALGO_ECDSA_BRAINPOOLP512R1_TLS13_SHA512 = 28, TLS_SIGN_ALGO_GOSTR34102012_256 = 64,
  TLS_SIGN_ALGO_GOSTR34102012_512 = 65
}
 Signature algorithms. More...
 
enum  TlsExtensionType {
  TLS_EXT_SERVER_NAME = 0, TLS_EXT_MAX_FRAGMENT_LENGTH = 1, TLS_EXT_CLIENT_CERTIFICATE_URL = 2, TLS_EXT_TRUSTED_CA_KEYS = 3,
  TLS_EXT_TRUNCATED_HMAC = 4, TLS_EXT_STATUS_REQUEST = 5, TLS_EXT_USER_MAPPING = 6, TLS_EXT_CLIENT_AUTHZ = 7,
  TLS_EXT_SERVER_AUTHZ = 8, TLS_EXT_CERT_TYPE = 9, TLS_EXT_SUPPORTED_GROUPS = 10, TLS_EXT_EC_POINT_FORMATS = 11,
  TLS_EXT_SRP = 12, TLS_EXT_SIGNATURE_ALGORITHMS = 13, TLS_EXT_USE_SRTP = 14, TLS_EXT_HEARTBEAT = 15,
  TLS_EXT_ALPN = 16, TLS_EXT_STATUS_REQUEST_V2 = 17, TLS_EXT_SIGNED_CERT_TIMESTAMP = 18, TLS_EXT_CLIENT_CERT_TYPE = 19,
  TLS_EXT_SERVER_CERT_TYPE = 20, TLS_EXT_PADDING = 21, TLS_EXT_ENCRYPT_THEN_MAC = 22, TLS_EXT_EXTENDED_MASTER_SECRET = 23,
  TLS_EXT_TOKEN_BINDING = 24, TLS_EXT_CACHED_INFO = 25, TLS_EXT_COMPRESS_CERTIFICATE = 27, TLS_EXT_RECORD_SIZE_LIMIT = 28,
  TLS_EXT_PWD_PROTECT = 29, TLS_EXT_PWD_CLEAR = 30, TLS_EXT_PASSWORD_SALT = 31, TLS_EXT_TICKET_PINNING = 32,
  TLS_EXT_TLS_CERT_WITH_EXTERN_PSK = 33, TLS_EXT_SESSION_TICKET = 35, TLS_EXT_SUPPORTED_EKT_CIPHERS = 39, TLS_EXT_PRE_SHARED_KEY = 41,
  TLS_EXT_EARLY_DATA = 42, TLS_EXT_SUPPORTED_VERSIONS = 43, TLS_EXT_COOKIE = 44, TLS_EXT_PSK_KEY_EXCHANGE_MODES = 45,
  TLS_EXT_CERTIFICATE_AUTHORITIES = 47, TLS_EXT_OID_FILTERS = 48, TLS_EXT_POST_HANDSHAKE_AUTH = 49, TLS_EXT_SIGNATURE_ALGORITHMS_CERT = 50,
  TLS_EXT_KEY_SHARE = 51, TLS_EXT_TRANSPARENCY_INFO = 52, TLS_EXT_CONNECTION_ID = 54, TLS_EXT_EXTERNAL_ID_HASH = 55,
  TLS_EXT_EXTERNAL_SESSION_ID = 56, TLS_EXT_QUIC_TRANSPORT_PARAMETERS = 57, TLS_EXT_TICKET_REQUEST = 58, TLS_EXT_DNSSEC_CHAIN = 59,
  TLS_EXT_RENEGOTIATION_INFO = 65281
}
 TLS extension types. More...
 
enum  TlsNameType { TLS_NAME_TYPE_HOSTNAME = 0 }
 Name type. More...
 
enum  TlsMaxFragmentLength { TLS_MAX_FRAGMENT_LENGTH_512 = 1, TLS_MAX_FRAGMENT_LENGTH_1024 = 2, TLS_MAX_FRAGMENT_LENGTH_2048 = 3, TLS_MAX_FRAGMENT_LENGTH_4096 = 4 }
 Maximum fragment length. More...
 
enum  TlsNamedGroup {
  TLS_GROUP_NONE = 0, TLS_GROUP_SECT163K1 = 1, TLS_GROUP_SECT163R1 = 2, TLS_GROUP_SECT163R2 = 3,
  TLS_GROUP_SECT193R1 = 4, TLS_GROUP_SECT193R2 = 5, TLS_GROUP_SECT233K1 = 6, TLS_GROUP_SECT233R1 = 7,
  TLS_GROUP_SECT239K1 = 8, TLS_GROUP_SECT283K1 = 9, TLS_GROUP_SECT283R1 = 10, TLS_GROUP_SECT409K1 = 11,
  TLS_GROUP_SECT409R1 = 12, TLS_GROUP_SECT571K1 = 13, TLS_GROUP_SECT571R1 = 14, TLS_GROUP_SECP160K1 = 15,
  TLS_GROUP_SECP160R1 = 16, TLS_GROUP_SECP160R2 = 17, TLS_GROUP_SECP192K1 = 18, TLS_GROUP_SECP192R1 = 19,
  TLS_GROUP_SECP224K1 = 20, TLS_GROUP_SECP224R1 = 21, TLS_GROUP_SECP256K1 = 22, TLS_GROUP_SECP256R1 = 23,
  TLS_GROUP_SECP384R1 = 24, TLS_GROUP_SECP521R1 = 25, TLS_GROUP_BRAINPOOLP256R1 = 26, TLS_GROUP_BRAINPOOLP384R1 = 27,
  TLS_GROUP_BRAINPOOLP512R1 = 28, TLS_GROUP_ECDH_X25519 = 29, TLS_GROUP_ECDH_X448 = 30, TLS_GROUP_BRAINPOOLP256R1_TLS13 = 31,
  TLS_GROUP_BRAINPOOLP384R1_TLS13 = 32, TLS_GROUP_BRAINPOOLP512R1_TLS13 = 33, TLS_GROUP_GC256A = 34, TLS_GROUP_GC256B = 35,
  TLS_GROUP_GC256C = 36, TLS_GROUP_GC256D = 37, TLS_GROUP_GC512A = 38, TLS_GROUP_GC512B = 39,
  TLS_GROUP_GC512C = 40, TLS_GROUP_SM2 = 41, TLS_GROUP_FFDHE2048 = 256, TLS_GROUP_FFDHE3072 = 257,
  TLS_GROUP_FFDHE4096 = 258, TLS_GROUP_FFDHE6144 = 259, TLS_GROUP_FFDHE8192 = 260, TLS_GROUP_FFDHE_MAX = 511,
  TLS_GROUP_EXPLICIT_PRIME_CURVE = 65281, TLS_GROUP_EXPLICIT_CHAR2_CURVE = 65282
}
 Named groups. More...
 
enum  TlsEcPointFormat { TLS_EC_POINT_FORMAT_UNCOMPRESSED = 0, TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_PRIME = 1, TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_CHAR2 = 2 }
 EC point formats. More...
 
enum  TlsEcCurveType { TLS_EC_CURVE_TYPE_EXPLICIT_PRIME = 1, TLS_EC_CURVE_TYPE_EXPLICIT_CHAR2 = 2, TLS_EC_CURVE_TYPE_NAMED_CURVE = 3 }
 EC curve types. More...
 
enum  TlsState {
  TLS_STATE_INIT = 0, TLS_STATE_CLIENT_HELLO = 1, TLS_STATE_CLIENT_HELLO_2 = 2, TLS_STATE_EARLY_DATA = 3,
  TLS_STATE_HELLO_VERIFY_REQUEST = 4, TLS_STATE_HELLO_RETRY_REQUEST = 5, TLS_STATE_SERVER_HELLO = 6, TLS_STATE_SERVER_HELLO_2 = 7,
  TLS_STATE_SERVER_HELLO_3 = 8, TLS_STATE_HANDSHAKE_TRAFFIC_KEYS = 9, TLS_STATE_ENCRYPTED_EXTENSIONS = 10, TLS_STATE_SERVER_CERTIFICATE = 11,
  TLS_STATE_SERVER_KEY_EXCHANGE = 12, TLS_STATE_SERVER_CERTIFICATE_VERIFY = 13, TLS_STATE_CERTIFICATE_REQUEST = 14, TLS_STATE_SERVER_HELLO_DONE = 15,
  TLS_STATE_CLIENT_CERTIFICATE = 16, TLS_STATE_CLIENT_KEY_EXCHANGE = 17, TLS_STATE_CLIENT_CERTIFICATE_VERIFY = 18, TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC = 19,
  TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC_2 = 20, TLS_STATE_CLIENT_FINISHED = 21, TLS_STATE_CLIENT_APP_TRAFFIC_KEYS = 22, TLS_STATE_SERVER_CHANGE_CIPHER_SPEC = 23,
  TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2 = 24, TLS_STATE_SERVER_FINISHED = 25, TLS_STATE_END_OF_EARLY_DATA = 26, TLS_STATE_SERVER_APP_TRAFFIC_KEYS = 27,
  TLS_STATE_NEW_SESSION_TICKET = 28, TLS_STATE_KEY_UPDATE = 29, TLS_STATE_APPLICATION_DATA = 30, TLS_STATE_CLOSING = 31,
  TLS_STATE_CLOSED = 32
}
 TLS FSM states. More...
 

Functions

TlsContexttlsInit (void)
 TLS context initialization. More...
 
TlsState tlsGetState (TlsContext *context)
 Retrieve current TLS state. More...
 
error_t tlsSetStateChangeCallback (TlsContext *context, TlsStateChangeCallback stateChangeCallback)
 Register TLS state change callback. More...
 
error_t tlsSetSocketCallbacks (TlsContext *context, TlsSocketSendCallback socketSendCallback, TlsSocketReceiveCallback socketReceiveCallback, TlsSocketHandle handle)
 Set socket send and receive callbacks. More...
 
error_t tlsSetVersion (TlsContext *context, uint16_t versionMin, uint16_t versionMax)
 Set minimum and maximum versions permitted. More...
 
error_t tlsSetTransportProtocol (TlsContext *context, TlsTransportProtocol transportProtocol)
 Set the transport protocol to be used. More...
 
error_t tlsSetConnectionEnd (TlsContext *context, TlsConnectionEnd entity)
 Set operation mode (client or server) More...
 
error_t tlsSetPrng (TlsContext *context, const PrngAlgo *prngAlgo, void *prngContext)
 Set the pseudo-random number generator to be used. More...
 
error_t tlsSetServerName (TlsContext *context, const char_t *serverName)
 Set the server name. More...
 
const char_ttlsGetServerName (TlsContext *context)
 Get the server name. More...
 
error_t tlsSetCache (TlsContext *context, TlsCache *cache)
 Set session cache. More...
 
error_t tlsSetClientAuthMode (TlsContext *context, TlsClientAuthMode mode)
 Set client authentication mode (for servers only) More...
 
error_t tlsSetBufferSize (TlsContext *context, size_t txBufferSize, size_t rxBufferSize)
 Set TLS buffer size. More...
 
error_t tlsSetMaxFragmentLength (TlsContext *context, size_t maxFragLen)
 Set maximum fragment length. More...
 
error_t tlsSetCipherSuites (TlsContext *context, const uint16_t *cipherSuites, uint_t length)
 Specify the list of allowed cipher suites. More...
 
error_t tlsSetSupportedGroups (TlsContext *context, const uint16_t *groups, uint_t length)
 Specify the list of allowed ECDHE and FFDHE groups. More...
 
error_t tlsSetPreferredGroup (TlsContext *context, uint16_t group)
 Specify the preferred ECDHE or FFDHE group. More...
 
error_t tlsSetDhParameters (TlsContext *context, const char_t *params, size_t length)
 Import Diffie-Hellman parameters. More...
 
error_t tlsSetEcdhCallback (TlsContext *context, TlsEcdhCallback ecdhCallback)
 Register ECDH key agreement callback function. More...
 
error_t tlsSetEcdsaSignCallback (TlsContext *context, TlsEcdsaSignCallback ecdsaSignCallback)
 ECDSA signature generation callback function. More...
 
error_t tlsSetEcdsaVerifyCallback (TlsContext *context, TlsEcdsaVerifyCallback ecdsaVerifyCallback)
 Register ECDSA signature verification callback function. More...
 
error_t tlsSetKeyLogCallback (TlsContext *context, TlsKeyLogCallback keyLogCallback)
 Register key logging callback function (for debugging purpose only) More...
 
error_t tlsAllowUnknownAlpnProtocols (TlsContext *context, bool_t allowed)
 Allow unknown ALPN protocols. More...
 
error_t tlsSetAlpnProtocolList (TlsContext *context, const char_t *protocolList)
 Set the list of supported ALPN protocols. More...
 
error_t tlsSetAlpnCallback (TlsContext *context, TlsAlpnCallback alpnCallback)
 Register ALPN callback function. More...
 
const char_ttlsGetAlpnProtocol (TlsContext *context)
 Get the name of the selected ALPN protocol. More...
 
error_t tlsSetPsk (TlsContext *context, const uint8_t *psk, size_t length)
 Set the pre-shared key to be used. More...
 
error_t tlsSetPskIdentity (TlsContext *context, const char_t *pskIdentity)
 Set the PSK identity to be used by the client. More...
 
error_t tlsSetPskIdentityHint (TlsContext *context, const char_t *pskIdentityHint)
 Set the PSK identity hint to be used by the server. More...
 
error_t tlsSetPskCallback (TlsContext *context, TlsPskCallback pskCallback)
 Register PSK callback function. More...
 
error_t tlsSetRpkVerifyCallback (TlsContext *context, TlsRpkVerifyCallback rpkVerifyCallback)
 Register the raw public key verification callback function. More...
 
error_t tlsSetTrustedCaList (TlsContext *context, const char_t *trustedCaList, size_t length)
 Import a trusted CA list. More...
 
error_t tlsAddCertificate (TlsContext *context, const char_t *certChain, size_t certChainLen, const char_t *privateKey, size_t privateKeyLen)
 Add a certificate and the corresponding private key (deprecated) More...
 
error_t tlsLoadCertificate (TlsContext *context, uint_t index, const char_t *certChain, size_t certChainLen, const char_t *privateKey, size_t privateKeyLen, const char_t *password)
 Load entity's certificate. More...
 
error_t tlsSetCertificateVerifyCallback (TlsContext *context, TlsCertVerifyCallback certVerifyCallback, void *param)
 Set certificate verification callback. More...
 
error_t tlsEnableSessionTickets (TlsContext *context, bool_t enabled)
 Enable session ticket mechanism. More...
 
error_t tlsEnableSecureRenegotiation (TlsContext *context, bool_t enabled)
 Enable secure renegotiation. More...
 
error_t tlsEnableFallbackScsv (TlsContext *context, bool_t enabled)
 Perform fallback retry (for clients only) More...
 
error_t tlsSetTicketCallbacks (TlsContext *context, TlsTicketEncryptCallback ticketEncryptCallback, TlsTicketDecryptCallback ticketDecryptCallback, void *param)
 Set ticket encryption/decryption callbacks. More...
 
error_t tlsSetPmtu (TlsContext *context, size_t pmtu)
 Set PMTU value (for DTLS only) More...
 
error_t tlsSetTimeout (TlsContext *context, systime_t timeout)
 Set timeout for blocking calls (for DTLS only) More...
 
error_t tlsSetCookieCallbacks (TlsContext *context, DtlsCookieGenerateCallback cookieGenerateCallback, DtlsCookieVerifyCallback cookieVerifyCallback, void *param)
 Set cookie generation/verification callbacks (for DTLS only) More...
 
error_t tlsEnableReplayDetection (TlsContext *context, bool_t enabled)
 Enable anti-replay mechanism (for DTLS only) More...
 
error_t tlsSetMaxEarlyDataSize (TlsContext *context, size_t maxEarlyDataSize)
 Send the maximum amount of 0-RTT data the server can accept. More...
 
error_t tlsWriteEarlyData (TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
 Send early data to the remote TLS server. More...
 
error_t tlsConnect (TlsContext *context)
 Initiate the TLS handshake. More...
 
TlsEarlyDataStatus tlsGetEarlyDataStatus (TlsContext *context)
 Check whether the server has accepted or rejected the early data. More...
 
error_t tlsWrite (TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
 Send application data to the remote host using TLS. More...
 
error_t tlsRead (TlsContext *context, void *data, size_t size, size_t *received, uint_t flags)
 Receive application data from a the remote host using TLS. More...
 
bool_t tlsIsTxReady (TlsContext *context)
 Check whether some data is ready for transmission. More...
 
bool_t tlsIsRxReady (TlsContext *context)
 Check whether some data is available in the receive buffer. More...
 
error_t tlsShutdown (TlsContext *context)
 Gracefully close TLS session. More...
 
error_t tlsShutdownEx (TlsContext *context, bool_t waitForCloseNotify)
 Gracefully close TLS session. More...
 
void tlsFree (TlsContext *context)
 Release TLS context. More...
 
error_t tlsInitSessionState (TlsSessionState *session)
 Initialize session state. More...
 
error_t tlsSaveSessionState (const TlsContext *context, TlsSessionState *session)
 Save TLS session. More...
 
error_t tlsRestoreSessionState (TlsContext *context, const TlsSessionState *session)
 Restore TLS session. More...
 
void tlsFreeSessionState (TlsSessionState *session)
 Properly dispose a session state. More...
 
TlsCachetlsInitCache (uint_t size)
 Session cache initialization. More...
 
void tlsFreeCache (TlsCache *cache)
 Properly dispose a session cache. More...
 

Detailed Description

TLS (Transport Layer Security)

License

SPDX-License-Identifier: GPL-2.0-or-later

Copyright (C) 2010-2023 Oryx Embedded SARL. All rights reserved.

This file is part of CycloneSSL Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Author
Oryx Embedded SARL (www.oryx-embedded.com)
Version
2.2.4

Definition in file tls.h.

Macro Definition Documentation

◆ CYCLONE_SSL_MAJOR_VERSION

#define CYCLONE_SSL_MAJOR_VERSION   2

Definition at line 88 of file tls.h.

◆ CYCLONE_SSL_MINOR_VERSION

#define CYCLONE_SSL_MINOR_VERSION   2

Definition at line 90 of file tls.h.

◆ CYCLONE_SSL_REV_NUMBER

#define CYCLONE_SSL_REV_NUMBER   4

Definition at line 92 of file tls.h.

◆ CYCLONE_SSL_VERSION_STRING

#define CYCLONE_SSL_VERSION_STRING   "2.2.4"

Definition at line 86 of file tls.h.

◆ SSL_VERSION_3_0

#define SSL_VERSION_3_0   0x0300

Definition at line 95 of file tls.h.

◆ TLS_3DES_SUPPORT

#define TLS_3DES_SUPPORT   DISABLED

Definition at line 446 of file tls.h.

◆ TLS_AES_128_SUPPORT

#define TLS_AES_128_SUPPORT   ENABLED

Definition at line 453 of file tls.h.

◆ TLS_AES_256_SUPPORT

#define TLS_AES_256_SUPPORT   ENABLED

Definition at line 460 of file tls.h.

◆ TLS_ALPN_SUPPORT

#define TLS_ALPN_SUPPORT   DISABLED

Definition at line 194 of file tls.h.

◆ TLS_ARIA_128_SUPPORT

#define TLS_ARIA_128_SUPPORT   DISABLED

Definition at line 481 of file tls.h.

◆ TLS_ARIA_256_SUPPORT

#define TLS_ARIA_256_SUPPORT   DISABLED

Definition at line 488 of file tls.h.

◆ TLS_BRAINPOOLP256R1_SUPPORT

#define TLS_BRAINPOOLP256R1_SUPPORT   DISABLED

Definition at line 649 of file tls.h.

◆ TLS_BRAINPOOLP384R1_SUPPORT

#define TLS_BRAINPOOLP384R1_SUPPORT   DISABLED

Definition at line 656 of file tls.h.

◆ TLS_BRAINPOOLP512R1_SUPPORT

#define TLS_BRAINPOOLP512R1_SUPPORT   DISABLED

Definition at line 663 of file tls.h.

◆ TLS_CAMELLIA_128_SUPPORT

#define TLS_CAMELLIA_128_SUPPORT   DISABLED

Definition at line 467 of file tls.h.

◆ TLS_CAMELLIA_256_SUPPORT

#define TLS_CAMELLIA_256_SUPPORT   DISABLED

Definition at line 474 of file tls.h.

◆ TLS_CBC_CIPHER_SUPPORT

#define TLS_CBC_CIPHER_SUPPORT   ENABLED

Definition at line 390 of file tls.h.

◆ TLS_CCM_8_CIPHER_SUPPORT

#define TLS_CCM_8_CIPHER_SUPPORT   DISABLED

Definition at line 404 of file tls.h.

◆ TLS_CCM_CIPHER_SUPPORT

#define TLS_CCM_CIPHER_SUPPORT   DISABLED

Definition at line 397 of file tls.h.

◆ TLS_CERT_AUTHORITIES_SUPPORT

#define TLS_CERT_AUTHORITIES_SUPPORT   DISABLED

Definition at line 215 of file tls.h.

◆ TLS_CERT_KEY_USAGE_SUPPORT

#define TLS_CERT_KEY_USAGE_SUPPORT   ENABLED

Definition at line 698 of file tls.h.

◆ TLS_CHACHA20_POLY1305_SUPPORT

#define TLS_CHACHA20_POLY1305_SUPPORT   DISABLED

Definition at line 418 of file tls.h.

◆ TLS_CLIENT_HELLO_PADDING_SUPPORT

#define TLS_CLIENT_HELLO_PADDING_SUPPORT   ENABLED

Definition at line 208 of file tls.h.

◆ TLS_CLIENT_SUPPORT

#define TLS_CLIENT_SUPPORT   ENABLED

Definition at line 110 of file tls.h.

◆ TLS_DES_SUPPORT

#define TLS_DES_SUPPORT   DISABLED

Definition at line 439 of file tls.h.

◆ TLS_DH_ANON_KE_SUPPORT

#define TLS_DH_ANON_KE_SUPPORT   DISABLED

Definition at line 285 of file tls.h.

◆ TLS_DH_SUPPORT

#define TLS_DH_SUPPORT   ENABLED

Definition at line 832 of file tls.h.

◆ TLS_DHE_DSS_KE_SUPPORT

#define TLS_DHE_DSS_KE_SUPPORT   DISABLED

Definition at line 278 of file tls.h.

◆ TLS_DHE_PSK_KE_SUPPORT

#define TLS_DHE_PSK_KE_SUPPORT   DISABLED

Definition at line 327 of file tls.h.

◆ TLS_DHE_RSA_KE_SUPPORT

#define TLS_DHE_RSA_KE_SUPPORT   ENABLED

Definition at line 271 of file tls.h.

◆ TLS_DSA_SIGN_SUPPORT

#define TLS_DSA_SIGN_SUPPORT   DISABLED

Definition at line 355 of file tls.h.

◆ TLS_ECC_CALLBACK_SUPPORT

#define TLS_ECC_CALLBACK_SUPPORT   DISABLED

Definition at line 250 of file tls.h.

◆ TLS_ECDH_ANON_KE_SUPPORT

#define TLS_ECDH_ANON_KE_SUPPORT   DISABLED

Definition at line 306 of file tls.h.

◆ TLS_ECDH_SUPPORT

#define TLS_ECDH_SUPPORT   ENABLED

Definition at line 844 of file tls.h.

◆ TLS_ECDHE_ECDSA_KE_SUPPORT

#define TLS_ECDHE_ECDSA_KE_SUPPORT   ENABLED

Definition at line 299 of file tls.h.

◆ TLS_ECDHE_PSK_KE_SUPPORT

#define TLS_ECDHE_PSK_KE_SUPPORT   DISABLED

Definition at line 334 of file tls.h.

◆ TLS_ECDHE_RSA_KE_SUPPORT

#define TLS_ECDHE_RSA_KE_SUPPORT   ENABLED

Definition at line 292 of file tls.h.

◆ TLS_ECDSA_SIGN_SUPPORT

#define TLS_ECDSA_SIGN_SUPPORT   ENABLED

Definition at line 362 of file tls.h.

◆ TLS_ED25519_SUPPORT

#define TLS_ED25519_SUPPORT   ENABLED

Definition at line 684 of file tls.h.

◆ TLS_ED448_SUPPORT

#define TLS_ED448_SUPPORT   DISABLED

Definition at line 691 of file tls.h.

◆ TLS_EDDSA_SIGN_SUPPORT

#define TLS_EDDSA_SIGN_SUPPORT   DISABLED

Definition at line 369 of file tls.h.

◆ TLS_EXT_MASTER_SECRET_SUPPORT

#define TLS_EXT_MASTER_SECRET_SUPPORT   ENABLED

Definition at line 201 of file tls.h.

◆ TLS_FALLBACK_SCSV_SUPPORT

#define TLS_FALLBACK_SCSV_SUPPORT   DISABLED

Definition at line 243 of file tls.h.

◆ TLS_FFDHE2048_SUPPORT

#define TLS_FFDHE2048_SUPPORT   ENABLED

Definition at line 551 of file tls.h.

◆ TLS_FFDHE3072_SUPPORT

#define TLS_FFDHE3072_SUPPORT   DISABLED

Definition at line 558 of file tls.h.

◆ TLS_FFDHE4096_SUPPORT

#define TLS_FFDHE4096_SUPPORT   DISABLED

Definition at line 565 of file tls.h.

◆ TLS_FFDHE_SUPPORT

#define TLS_FFDHE_SUPPORT   DISABLED

Definition at line 544 of file tls.h.

◆ TLS_FLAG_BREAK

#define TLS_FLAG_BREAK (   c)    (TLS_FLAG_BREAK_CHAR | LSB(c))

Definition at line 968 of file tls.h.

◆ TLS_GCM_CIPHER_SUPPORT

#define TLS_GCM_CIPHER_SUPPORT   ENABLED

Definition at line 411 of file tls.h.

◆ TLS_IDEA_SUPPORT

#define TLS_IDEA_SUPPORT   DISABLED

Definition at line 432 of file tls.h.

◆ TLS_KEY_LOG_SUPPORT

#define TLS_KEY_LOG_SUPPORT   DISABLED

Definition at line 705 of file tls.h.

◆ TLS_MASTER_SECRET_SIZE

#define TLS_MASTER_SECRET_SIZE   48

Definition at line 768 of file tls.h.

◆ TLS_MAX_CERTIFICATES

#define TLS_MAX_CERTIFICATES   3

Definition at line 257 of file tls.h.

◆ TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES

#define TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES   5

Definition at line 796 of file tls.h.

◆ TLS_MAX_DH_MODULUS_SIZE

#define TLS_MAX_DH_MODULUS_SIZE   2048

Definition at line 733 of file tls.h.

◆ TLS_MAX_DSA_MODULUS_SIZE

#define TLS_MAX_DSA_MODULUS_SIZE   4096

Definition at line 761 of file tls.h.

◆ TLS_MAX_EMPTY_RECORDS

#define TLS_MAX_EMPTY_RECORDS   10

Definition at line 789 of file tls.h.

◆ TLS_MAX_FRAG_LEN_SUPPORT

#define TLS_MAX_FRAG_LEN_SUPPORT   DISABLED

Definition at line 180 of file tls.h.

◆ TLS_MAX_HKDF_DIGEST_SIZE

#define TLS_MAX_HKDF_DIGEST_SIZE   48

Definition at line 880 of file tls.h.

◆ TLS_MAX_KEY_UPDATE_MESSAGES

#define TLS_MAX_KEY_UPDATE_MESSAGES   5

Definition at line 803 of file tls.h.

◆ TLS_MAX_PASSWORD_LEN

#define TLS_MAX_PASSWORD_LEN   32

Definition at line 719 of file tls.h.

◆ TLS_MAX_RECORD_LENGTH

#define TLS_MAX_RECORD_LENGTH   16384

Definition at line 893 of file tls.h.

◆ TLS_MAX_RECORD_OVERHEAD

#define TLS_MAX_RECORD_OVERHEAD   512

Definition at line 895 of file tls.h.

◆ TLS_MAX_RSA_MODULUS_SIZE

#define TLS_MAX_RSA_MODULUS_SIZE   4096

Definition at line 747 of file tls.h.

◆ TLS_MAX_SERVER_NAME_LEN

#define TLS_MAX_SERVER_NAME_LEN   255

Definition at line 712 of file tls.h.

◆ TLS_MAX_TICKET_SIZE

#define TLS_MAX_TICKET_SIZE   1024

Definition at line 159 of file tls.h.

◆ TLS_MAX_VERSION

#define TLS_MAX_VERSION   TLS_VERSION_1_3

Definition at line 131 of file tls.h.

◆ TLS_MAX_WARNING_ALERTS

#define TLS_MAX_WARNING_ALERTS   5

Definition at line 782 of file tls.h.

◆ TLS_MD5_SUPPORT

#define TLS_MD5_SUPPORT   DISABLED

Definition at line 502 of file tls.h.

◆ TLS_MIN_DH_MODULUS_SIZE

#define TLS_MIN_DH_MODULUS_SIZE   1024

Definition at line 726 of file tls.h.

◆ TLS_MIN_DSA_MODULUS_SIZE

#define TLS_MIN_DSA_MODULUS_SIZE   1024

Definition at line 754 of file tls.h.

◆ TLS_MIN_RECORD_LENGTH

#define TLS_MIN_RECORD_LENGTH   512

Definition at line 891 of file tls.h.

◆ TLS_MIN_RSA_MODULUS_SIZE

#define TLS_MIN_RSA_MODULUS_SIZE   1024

Definition at line 740 of file tls.h.

◆ TLS_MIN_VERSION

#define TLS_MIN_VERSION   TLS_VERSION_1_2

Definition at line 124 of file tls.h.

◆ TLS_NULL_CIPHER_SUPPORT

#define TLS_NULL_CIPHER_SUPPORT   DISABLED

Definition at line 376 of file tls.h.

◆ TLS_PREMASTER_SECRET_SIZE

#define TLS_PREMASTER_SECRET_SIZE   (TLS_MAX_DH_MODULUS_SIZE / 8)

Definition at line 775 of file tls.h.

◆ TLS_PRIVATE_CONTEXT

#define TLS_PRIVATE_CONTEXT

Definition at line 810 of file tls.h.

◆ TLS_PRIVATE_ENCRYPTION_ENGINE

#define TLS_PRIVATE_ENCRYPTION_ENGINE

Definition at line 815 of file tls.h.

◆ TLS_PSK_KE_SUPPORT

#define TLS_PSK_KE_SUPPORT   DISABLED

Definition at line 313 of file tls.h.

◆ TLS_PSK_SUPPORT

#define TLS_PSK_SUPPORT   ENABLED

Definition at line 869 of file tls.h.

◆ TLS_RANDOM_SIZE

#define TLS_RANDOM_SIZE   32

Definition at line 897 of file tls.h.

◆ TLS_RAW_PUBLIC_KEY_SUPPORT

#define TLS_RAW_PUBLIC_KEY_SUPPORT   DISABLED

Definition at line 229 of file tls.h.

◆ TLS_RC4_SUPPORT

#define TLS_RC4_SUPPORT   DISABLED

Definition at line 425 of file tls.h.

◆ TLS_RECORD_SIZE_LIMIT_SUPPORT

#define TLS_RECORD_SIZE_LIMIT_SUPPORT   ENABLED

Definition at line 187 of file tls.h.

◆ TLS_RSA_KE_SUPPORT

#define TLS_RSA_KE_SUPPORT   ENABLED

Definition at line 264 of file tls.h.

◆ TLS_RSA_PSK_KE_SUPPORT

#define TLS_RSA_PSK_KE_SUPPORT   DISABLED

Definition at line 320 of file tls.h.

◆ TLS_RSA_PSS_SIGN_SUPPORT

#define TLS_RSA_PSS_SIGN_SUPPORT   ENABLED

Definition at line 348 of file tls.h.

◆ TLS_RSA_SIGN_SUPPORT

#define TLS_RSA_SIGN_SUPPORT   ENABLED

Definition at line 341 of file tls.h.

◆ TLS_RSA_SUPPORT

#define TLS_RSA_SUPPORT   ENABLED

Definition at line 857 of file tls.h.

◆ TLS_SECP160K1_SUPPORT

#define TLS_SECP160K1_SUPPORT   DISABLED

Definition at line 572 of file tls.h.

◆ TLS_SECP160R1_SUPPORT

#define TLS_SECP160R1_SUPPORT   DISABLED

Definition at line 579 of file tls.h.

◆ TLS_SECP160R2_SUPPORT

#define TLS_SECP160R2_SUPPORT   DISABLED

Definition at line 586 of file tls.h.

◆ TLS_SECP192K1_SUPPORT

#define TLS_SECP192K1_SUPPORT   DISABLED

Definition at line 593 of file tls.h.

◆ TLS_SECP192R1_SUPPORT

#define TLS_SECP192R1_SUPPORT   DISABLED

Definition at line 600 of file tls.h.

◆ TLS_SECP224K1_SUPPORT

#define TLS_SECP224K1_SUPPORT   DISABLED

Definition at line 607 of file tls.h.

◆ TLS_SECP224R1_SUPPORT

#define TLS_SECP224R1_SUPPORT   DISABLED

Definition at line 614 of file tls.h.

◆ TLS_SECP256K1_SUPPORT

#define TLS_SECP256K1_SUPPORT   DISABLED

Definition at line 621 of file tls.h.

◆ TLS_SECP256R1_SUPPORT

#define TLS_SECP256R1_SUPPORT   ENABLED

Definition at line 628 of file tls.h.

◆ TLS_SECP384R1_SUPPORT

#define TLS_SECP384R1_SUPPORT   ENABLED

Definition at line 635 of file tls.h.

◆ TLS_SECP521R1_SUPPORT

#define TLS_SECP521R1_SUPPORT   DISABLED

Definition at line 642 of file tls.h.

◆ TLS_SECURE_RENEGOTIATION_SUPPORT

#define TLS_SECURE_RENEGOTIATION_SUPPORT   DISABLED

Definition at line 236 of file tls.h.

◆ TLS_SEED_SUPPORT

#define TLS_SEED_SUPPORT   DISABLED

Definition at line 495 of file tls.h.

◆ TLS_SERVER_SUPPORT

#define TLS_SERVER_SUPPORT   ENABLED

Definition at line 117 of file tls.h.

◆ TLS_SESSION_CACHE_LIFETIME

#define TLS_SESSION_CACHE_LIFETIME   3600000

Definition at line 145 of file tls.h.

◆ TLS_SESSION_RESUME_SUPPORT

#define TLS_SESSION_RESUME_SUPPORT   ENABLED

Definition at line 138 of file tls.h.

◆ TLS_SHA1_SUPPORT

#define TLS_SHA1_SUPPORT   ENABLED

Definition at line 509 of file tls.h.

◆ TLS_SHA224_SUPPORT

#define TLS_SHA224_SUPPORT   DISABLED

Definition at line 516 of file tls.h.

◆ TLS_SHA256_SUPPORT

#define TLS_SHA256_SUPPORT   ENABLED

Definition at line 523 of file tls.h.

◆ TLS_SHA384_SUPPORT

#define TLS_SHA384_SUPPORT   ENABLED

Definition at line 530 of file tls.h.

◆ TLS_SHA512_SUPPORT

#define TLS_SHA512_SUPPORT   DISABLED

Definition at line 537 of file tls.h.

◆ TLS_SIGN_ALGOS_CERT_SUPPORT

#define TLS_SIGN_ALGOS_CERT_SUPPORT   DISABLED

Definition at line 222 of file tls.h.

◆ TLS_SNI_SUPPORT

#define TLS_SNI_SUPPORT   ENABLED

Definition at line 173 of file tls.h.

◆ TLS_STREAM_CIPHER_SUPPORT

#define TLS_STREAM_CIPHER_SUPPORT   DISABLED

Definition at line 383 of file tls.h.

◆ TLS_SUPPORT

#define TLS_SUPPORT   ENABLED

Definition at line 103 of file tls.h.

◆ TLS_TICKET_LIFETIME

#define TLS_TICKET_LIFETIME   3600000

Definition at line 166 of file tls.h.

◆ TLS_TICKET_SUPPORT

#define TLS_TICKET_SUPPORT   DISABLED

Definition at line 152 of file tls.h.

◆ TLS_VERSION_1_0

#define TLS_VERSION_1_0   0x0301

Definition at line 96 of file tls.h.

◆ TLS_VERSION_1_1

#define TLS_VERSION_1_1   0x0302

Definition at line 97 of file tls.h.

◆ TLS_VERSION_1_2

#define TLS_VERSION_1_2   0x0303

Definition at line 98 of file tls.h.

◆ TLS_VERSION_1_3

#define TLS_VERSION_1_3   0x0304

Definition at line 99 of file tls.h.

◆ TLS_X25519_SUPPORT

#define TLS_X25519_SUPPORT   DISABLED

Definition at line 670 of file tls.h.

◆ TLS_X448_SUPPORT

#define TLS_X448_SUPPORT   DISABLED

Definition at line 677 of file tls.h.

◆ tlsAllocMem

#define tlsAllocMem (   size)    osAllocMem(size)

Definition at line 820 of file tls.h.

◆ TlsContext

#define TlsContext   struct _TlsContext

Definition at line 36 of file tls.h.

◆ TlsEncryptionEngine

#define TlsEncryptionEngine   struct _TlsEncryptionEngine

Definition at line 40 of file tls.h.

◆ tlsFreeMem

#define tlsFreeMem (   p)    osFreeMem(p)

Definition at line 825 of file tls.h.

◆ tlsSetSocket

#define tlsSetSocket (   context,
  socket 
)

Typedef Documentation

◆ Tls12DigitalSignature

typedef { ... } Tls12DigitalSignature

Digitally-signed element (TLS 1.2)

◆ TlsAlert

typedef { ... } TlsAlert

Alert message.

◆ TlsAlpnCallback

typedef error_t(* TlsAlpnCallback) (TlsContext *context, const char_t *selectedProtocol)

ALPN callback function.

Definition at line 1862 of file tls.h.

◆ TlsCertAuthorities

typedef { ... } TlsCertAuthorities

List of certificate authorities.

◆ TlsCertificate

typedef void TlsCertificate

Certificate message.

Definition at line 1723 of file tls.h.

◆ TlsCertificateList

typedef { ... } TlsCertificateList

List of certificates.

◆ TlsCertificateRequest

typedef { ... } TlsCertificateRequest

CertificateRequest message.

◆ TlsCertificateVerify

typedef void TlsCertificateVerify

CertificateVerify message.

Definition at line 1762 of file tls.h.

◆ TlsCertTypeList

typedef { ... } TlsCertTypeList

List of supported certificate types.

◆ TlsCertVerifyCallback

typedef error_t(* TlsCertVerifyCallback) (TlsContext *context, const X509CertificateInfo *certInfo, uint_t pathLen, void *param)

Certificate verification callback function.

Definition at line 1878 of file tls.h.

◆ TlsChangeCipherSpec

typedef { ... } TlsChangeCipherSpec

ChangeCipherSpec message.

◆ TlsCipherSuites

typedef { ... } TlsCipherSuites

Cipher suites.

◆ TlsClientHello

typedef { ... } TlsClientHello

ClientHello message.

◆ TlsClientKeyExchange

typedef void TlsClientKeyExchange

ClientKeyExchange message.

Definition at line 1755 of file tls.h.

◆ TlsCompressMethods

typedef { ... } TlsCompressMethods

Compression methods.

◆ TlsDigitalSignature

typedef { ... } TlsDigitalSignature

Digitally-signed element (TLS 1.0 and TLS 1.1)

◆ TlsEcdhCallback

typedef error_t(* TlsEcdhCallback) (TlsContext *context)

ECDH key agreement callback function.

Definition at line 1912 of file tls.h.

◆ TlsEcdsaSignCallback

typedef error_t(* TlsEcdsaSignCallback) (TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)

ECDSA signature generation callback function.

Definition at line 1919 of file tls.h.

◆ TlsEcdsaVerifyCallback

typedef error_t(* TlsEcdsaVerifyCallback) (TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)

ECDSA signature verification callback function.

Definition at line 1927 of file tls.h.

◆ TlsEcPointFormatList

typedef { ... } TlsEcPointFormatList

List of supported EC point formats.

◆ TlsExtension

typedef { ... } TlsExtension

TLS extension.

◆ TlsExtensionList

typedef { ... } TlsExtensionList

List of TLS extensions.

◆ TlsFinished

typedef void TlsFinished

Finished message.

Definition at line 1781 of file tls.h.

◆ TlsHandshake

typedef { ... } TlsHandshake

TLS handshake message.

◆ TlsHelloRequest

typedef void TlsHelloRequest

HelloRequest message.

Definition at line 1690 of file tls.h.

◆ TlsKeyLogCallback

typedef void(* TlsKeyLogCallback) (TlsContext *context, const char_t *key)

Key logging callback function (for debugging purpose only)

Definition at line 1935 of file tls.h.

◆ TlsNewSessionTicket

typedef { ... } TlsNewSessionTicket

NewSessionTicket message.

◆ TlsPlaintextSessionState

typedef { ... } TlsPlaintextSessionState

Session state information.

◆ TlsProtocolName

typedef { ... } TlsProtocolName

Protocol name.

◆ TlsProtocolNameList

typedef { ... } TlsProtocolNameList

List of protocol names.

◆ TlsPskCallback

typedef error_t(* TlsPskCallback) (TlsContext *context, const uint8_t *pskIdentity, size_t pskIdentityLen)

Pre-shared key callback function.

Definition at line 1870 of file tls.h.

◆ TlsPskIdentity

typedef { ... } TlsPskIdentity

PSK identity.

◆ TlsPskIdentityHint

typedef { ... } TlsPskIdentityHint

PSK identity hint.

◆ TlsRecord

typedef { ... } TlsRecord

TLS record.

◆ TlsRenegoInfo

typedef { ... } TlsRenegoInfo

Renegotiated connection.

◆ TlsRpkVerifyCallback

typedef error_t(* TlsRpkVerifyCallback) (TlsContext *context, const uint8_t *rawPublicKey, size_t rawPublicKeyLen)

Raw public key verification callback function.

Definition at line 1886 of file tls.h.

◆ TlsSequenceNumber

typedef { ... } TlsSequenceNumber

Sequence number.

◆ TlsServerHello

typedef { ... } TlsServerHello

ServerHello message.

◆ TlsServerHelloDone

typedef void TlsServerHelloDone

ServerHelloDone message.

Definition at line 1748 of file tls.h.

◆ TlsServerKeyExchange

typedef void TlsServerKeyExchange

ServerKeyExchange message.

Definition at line 1730 of file tls.h.

◆ TlsServerName

typedef { ... } TlsServerName

Server name.

◆ TlsServerNameList

typedef { ... } TlsServerNameList

List of server names.

◆ TlsSignHashAlgo

typedef { ... } TlsSignHashAlgo

Signature algorithm.

◆ TlsSignHashAlgos

typedef { ... } TlsSignHashAlgos

List of signature algorithms.

◆ TlsSocketHandle

typedef void* TlsSocketHandle

Socket handle.

Definition at line 1832 of file tls.h.

◆ TlsSocketReceiveCallback

typedef error_t(* TlsSocketReceiveCallback) (TlsSocketHandle handle, void *data, size_t size, size_t *received, uint_t flags)

Socket receive callback function.

Definition at line 1854 of file tls.h.

◆ TlsSocketSendCallback

typedef error_t(* TlsSocketSendCallback) (TlsSocketHandle handle, const void *data, size_t length, size_t *written, uint_t flags)

Socket send callback function.

Definition at line 1846 of file tls.h.

◆ TlsStateChangeCallback

typedef void(* TlsStateChangeCallback) (TlsContext *context, TlsState state)

TLS state change callback.

Definition at line 1839 of file tls.h.

◆ TlsSupportedGroupList

typedef { ... } TlsSupportedGroupList

List of supported groups.

◆ TlsSupportedVersionList

typedef { ... } TlsSupportedVersionList

List of supported versions.

◆ TlsTicketDecryptCallback

typedef error_t(* TlsTicketDecryptCallback) (TlsContext *context, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen, void *param)

Ticket decryption callback function.

Definition at line 1903 of file tls.h.

◆ TlsTicketEncryptCallback

typedef error_t(* TlsTicketEncryptCallback) (TlsContext *context, const uint8_t *plaintext, size_t plaintextLen, uint8_t *ciphertext, size_t *ciphertextLen, void *param)

Ticket encryption callback function.

Definition at line 1894 of file tls.h.

Enumeration Type Documentation

◆ TlsAlertDescription

Alert description.

Enumerator
TLS_ALERT_CLOSE_NOTIFY 
TLS_ALERT_UNEXPECTED_MESSAGE 
TLS_ALERT_BAD_RECORD_MAC 
TLS_ALERT_DECRYPTION_FAILED 
TLS_ALERT_RECORD_OVERFLOW 
TLS_ALERT_DECOMPRESSION_FAILURE 
TLS_ALERT_HANDSHAKE_FAILURE 
TLS_ALERT_NO_CERTIFICATE 
TLS_ALERT_BAD_CERTIFICATE 
TLS_ALERT_UNSUPPORTED_CERTIFICATE 
TLS_ALERT_CERTIFICATE_REVOKED 
TLS_ALERT_CERTIFICATE_EXPIRED 
TLS_ALERT_CERTIFICATE_UNKNOWN 
TLS_ALERT_ILLEGAL_PARAMETER 
TLS_ALERT_UNKNOWN_CA 
TLS_ALERT_ACCESS_DENIED 
TLS_ALERT_DECODE_ERROR 
TLS_ALERT_DECRYPT_ERROR 
TLS_ALERT_TOO_MANY_CIDS_REQUESTED 
TLS_ALERT_EXPORT_RESTRICTION 
TLS_ALERT_PROTOCOL_VERSION 
TLS_ALERT_INSUFFICIENT_SECURITY 
TLS_ALERT_INTERNAL_ERROR 
TLS_ALERT_INAPPROPRIATE_FALLBACK 
TLS_ALERT_USER_CANCELED 
TLS_ALERT_NO_RENEGOTIATION 
TLS_ALERT_MISSING_EXTENSION 
TLS_ALERT_UNSUPPORTED_EXTENSION 
TLS_ALERT_CERTIFICATE_UNOBTAINABLE 
TLS_ALERT_UNRECOGNIZED_NAME 
TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE 
TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE 
TLS_ALERT_UNKNOWN_PSK_IDENTITY 
TLS_ALERT_CERTIFICATE_REQUIRED 
TLS_ALERT_NO_APPLICATION_PROTOCOL 

Definition at line 1036 of file tls.h.

◆ TlsAlertLevel

Alert level.

Enumerator
TLS_ALERT_LEVEL_WARNING 
TLS_ALERT_LEVEL_FATAL 

Definition at line 1025 of file tls.h.

◆ TlsCertificateFormat

Certificate formats.

Enumerator
TLS_CERT_FORMAT_X509 
TLS_CERT_FORMAT_OPENPGP 
TLS_CERT_FORMAT_RAW_PUBLIC_KEY 
TLS_CERT_FORMAT_1609DOT2 

Definition at line 1124 of file tls.h.

◆ TlsCertificateType

Certificate types.

Enumerator
TLS_CERT_NONE 
TLS_CERT_RSA_SIGN 
TLS_CERT_DSS_SIGN 
TLS_CERT_RSA_FIXED_DH 
TLS_CERT_DSS_FIXED_DH 
TLS_CERT_RSA_EPHEMERAL_DH 
TLS_CERT_DSS_EPHEMERAL_DH 
TLS_CERT_FORTEZZA_DMS 
TLS_CERT_ECDSA_SIGN 
TLS_CERT_RSA_FIXED_ECDH 
TLS_CERT_ECDSA_FIXED_ECDH 
TLS_CERT_GOST_SIGN256 
TLS_CERT_GOST_SIGN512 
TLS_CERT_RSA_PSS_SIGN 
TLS_CERT_ED25519_SIGN 
TLS_CERT_ED448_SIGN 

Definition at line 1137 of file tls.h.

◆ TlsClientAuthMode

Client authentication mode.

Enumerator
TLS_CLIENT_AUTH_NONE 
TLS_CLIENT_AUTH_OPTIONAL 
TLS_CLIENT_AUTH_REQUIRED 

Definition at line 931 of file tls.h.

◆ TlsCompressMethod

Compression methods.

Enumerator
TLS_COMPRESSION_METHOD_NULL 
TLS_COMPRESSION_METHOD_DEFLATE 

Definition at line 1080 of file tls.h.

◆ TlsConnectionEnd

TLS connection end.

Enumerator
TLS_CONNECTION_END_CLIENT 
TLS_CONNECTION_END_SERVER 

Definition at line 920 of file tls.h.

◆ TlsContentType

Content type.

Enumerator
TLS_TYPE_NONE 
TLS_TYPE_CHANGE_CIPHER_SPEC 
TLS_TYPE_ALERT 
TLS_TYPE_HANDSHAKE 
TLS_TYPE_APPLICATION_DATA 
TLS_TYPE_HEARTBEAT 
TLS_TYPE_TLS12_CID 
TLS_TYPE_ACK 

Definition at line 975 of file tls.h.

◆ TlsEarlyDataStatus

Early data status.

Enumerator
TLS_EARLY_DATA_REJECTED 
TLS_EARLY_DATA_ACCEPTED 

Definition at line 943 of file tls.h.

◆ TlsEcCurveType

EC curve types.

Enumerator
TLS_EC_CURVE_TYPE_EXPLICIT_PRIME 
TLS_EC_CURVE_TYPE_EXPLICIT_CHAR2 
TLS_EC_CURVE_TYPE_NAMED_CURVE 

Definition at line 1361 of file tls.h.

◆ TlsEcPointFormat

EC point formats.

Enumerator
TLS_EC_POINT_FORMAT_UNCOMPRESSED 
TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_PRIME 
TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_CHAR2 

Definition at line 1349 of file tls.h.

◆ TlsExtensionType

TLS extension types.

Enumerator
TLS_EXT_SERVER_NAME 
TLS_EXT_MAX_FRAGMENT_LENGTH 
TLS_EXT_CLIENT_CERTIFICATE_URL 
TLS_EXT_TRUSTED_CA_KEYS 
TLS_EXT_TRUNCATED_HMAC 
TLS_EXT_STATUS_REQUEST 
TLS_EXT_USER_MAPPING 
TLS_EXT_CLIENT_AUTHZ 
TLS_EXT_SERVER_AUTHZ 
TLS_EXT_CERT_TYPE 
TLS_EXT_SUPPORTED_GROUPS 
TLS_EXT_EC_POINT_FORMATS 
TLS_EXT_SRP 
TLS_EXT_SIGNATURE_ALGORITHMS 
TLS_EXT_USE_SRTP 
TLS_EXT_HEARTBEAT 
TLS_EXT_ALPN 
TLS_EXT_STATUS_REQUEST_V2 
TLS_EXT_SIGNED_CERT_TIMESTAMP 
TLS_EXT_CLIENT_CERT_TYPE 
TLS_EXT_SERVER_CERT_TYPE 
TLS_EXT_PADDING 
TLS_EXT_ENCRYPT_THEN_MAC 
TLS_EXT_EXTENDED_MASTER_SECRET 
TLS_EXT_TOKEN_BINDING 
TLS_EXT_CACHED_INFO 
TLS_EXT_COMPRESS_CERTIFICATE 
TLS_EXT_RECORD_SIZE_LIMIT 
TLS_EXT_PWD_PROTECT 
TLS_EXT_PWD_CLEAR 
TLS_EXT_PASSWORD_SALT 
TLS_EXT_TICKET_PINNING 
TLS_EXT_TLS_CERT_WITH_EXTERN_PSK 
TLS_EXT_SESSION_TICKET 
TLS_EXT_SUPPORTED_EKT_CIPHERS 
TLS_EXT_PRE_SHARED_KEY 
TLS_EXT_EARLY_DATA 
TLS_EXT_SUPPORTED_VERSIONS 
TLS_EXT_COOKIE 
TLS_EXT_PSK_KEY_EXCHANGE_MODES 
TLS_EXT_CERTIFICATE_AUTHORITIES 
TLS_EXT_OID_FILTERS 
TLS_EXT_POST_HANDSHAKE_AUTH 
TLS_EXT_SIGNATURE_ALGORITHMS_CERT 
TLS_EXT_KEY_SHARE 
TLS_EXT_TRANSPARENCY_INFO 
TLS_EXT_CONNECTION_ID 
TLS_EXT_EXTERNAL_ID_HASH 
TLS_EXT_EXTERNAL_SESSION_ID 
TLS_EXT_QUIC_TRANSPORT_PARAMETERS 
TLS_EXT_TICKET_REQUEST 
TLS_EXT_DNSSEC_CHAIN 
TLS_EXT_RENEGOTIATION_INFO 

Definition at line 1205 of file tls.h.

◆ TlsFlags

enum TlsFlags

Flags used by read and write functions.

Enumerator
TLS_FLAG_PEEK 
TLS_FLAG_WAIT_ALL 
TLS_FLAG_BREAK_CHAR 
TLS_FLAG_BREAK_CRLF 
TLS_FLAG_WAIT_ACK 
TLS_FLAG_NO_DELAY 
TLS_FLAG_DELAY 

Definition at line 954 of file tls.h.

◆ TlsHashAlgo

Hash algorithms.

Enumerator
TLS_HASH_ALGO_NONE 
TLS_HASH_ALGO_MD5 
TLS_HASH_ALGO_SHA1 
TLS_HASH_ALGO_SHA224 
TLS_HASH_ALGO_SHA256 
TLS_HASH_ALGO_SHA384 
TLS_HASH_ALGO_SHA512 
TLS_HASH_ALGO_INTRINSIC 

Definition at line 1162 of file tls.h.

◆ TlsKeyExchMethod

Key exchange methods.

Enumerator
TLS_KEY_EXCH_NONE 
TLS_KEY_EXCH_RSA 
TLS_KEY_EXCH_DH_RSA 
TLS_KEY_EXCH_DHE_RSA 
TLS_KEY_EXCH_DH_DSS 
TLS_KEY_EXCH_DHE_DSS 
TLS_KEY_EXCH_DH_ANON 
TLS_KEY_EXCH_ECDH_RSA 
TLS_KEY_EXCH_ECDHE_RSA 
TLS_KEY_EXCH_ECDH_ECDSA 
TLS_KEY_EXCH_ECDHE_ECDSA 
TLS_KEY_EXCH_ECDH_ANON 
TLS_KEY_EXCH_PSK 
TLS_KEY_EXCH_RSA_PSK 
TLS_KEY_EXCH_DHE_PSK 
TLS_KEY_EXCH_ECDHE_PSK 
TLS_KEY_EXCH_SRP_SHA 
TLS_KEY_EXCH_SRP_SHA_RSA 
TLS_KEY_EXCH_SRP_SHA_DSS 
TLS13_KEY_EXCH_DHE 
TLS13_KEY_EXCH_ECDHE 
TLS13_KEY_EXCH_PSK 
TLS13_KEY_EXCH_PSK_DHE 
TLS13_KEY_EXCH_PSK_ECDHE 

Definition at line 1091 of file tls.h.

◆ TlsMaxFragmentLength

Maximum fragment length.

Enumerator
TLS_MAX_FRAGMENT_LENGTH_512 
TLS_MAX_FRAGMENT_LENGTH_1024 
TLS_MAX_FRAGMENT_LENGTH_2048 
TLS_MAX_FRAGMENT_LENGTH_4096 

Definition at line 1277 of file tls.h.

◆ TlsMessageType

Handshake message type.

Enumerator
TLS_TYPE_HELLO_REQUEST 
TLS_TYPE_CLIENT_HELLO 
TLS_TYPE_SERVER_HELLO 
TLS_TYPE_HELLO_VERIFY_REQUEST 
TLS_TYPE_NEW_SESSION_TICKET 
TLS_TYPE_END_OF_EARLY_DATA 
TLS_TYPE_HELLO_RETRY_REQUEST 
TLS_TYPE_ENCRYPTED_EXTENSIONS 
TLS_TYPE_REQUEST_CONNECTION_ID 
TLS_TYPE_NEW_CONNECTION_ID 
TLS_TYPE_CERTIFICATE 
TLS_TYPE_SERVER_KEY_EXCHANGE 
TLS_TYPE_CERTIFICATE_REQUEST 
TLS_TYPE_SERVER_HELLO_DONE 
TLS_TYPE_CERTIFICATE_VERIFY 
TLS_TYPE_CLIENT_KEY_EXCHANGE 
TLS_TYPE_FINISHED 
TLS_TYPE_CERTIFICATE_URL 
TLS_TYPE_CERTIFICATE_STATUS 
TLS_TYPE_SUPPLEMENTAL_DATA 
TLS_TYPE_KEY_UPDATE 
TLS_TYPE_COMPRESSED_CERTIFICATE 
TLS_TYPE_EKT_KEY 
TLS_TYPE_MESSAGE_HASH 

Definition at line 992 of file tls.h.

◆ TlsNamedGroup

Named groups.

Enumerator
TLS_GROUP_NONE 
TLS_GROUP_SECT163K1 
TLS_GROUP_SECT163R1 
TLS_GROUP_SECT163R2 
TLS_GROUP_SECT193R1 
TLS_GROUP_SECT193R2 
TLS_GROUP_SECT233K1 
TLS_GROUP_SECT233R1 
TLS_GROUP_SECT239K1 
TLS_GROUP_SECT283K1 
TLS_GROUP_SECT283R1 
TLS_GROUP_SECT409K1 
TLS_GROUP_SECT409R1 
TLS_GROUP_SECT571K1 
TLS_GROUP_SECT571R1 
TLS_GROUP_SECP160K1 
TLS_GROUP_SECP160R1 
TLS_GROUP_SECP160R2 
TLS_GROUP_SECP192K1 
TLS_GROUP_SECP192R1 
TLS_GROUP_SECP224K1 
TLS_GROUP_SECP224R1 
TLS_GROUP_SECP256K1 
TLS_GROUP_SECP256R1 
TLS_GROUP_SECP384R1 
TLS_GROUP_SECP521R1 
TLS_GROUP_BRAINPOOLP256R1 
TLS_GROUP_BRAINPOOLP384R1 
TLS_GROUP_BRAINPOOLP512R1 
TLS_GROUP_ECDH_X25519 
TLS_GROUP_ECDH_X448 
TLS_GROUP_BRAINPOOLP256R1_TLS13 
TLS_GROUP_BRAINPOOLP384R1_TLS13 
TLS_GROUP_BRAINPOOLP512R1_TLS13 
TLS_GROUP_GC256A 
TLS_GROUP_GC256B 
TLS_GROUP_GC256C 
TLS_GROUP_GC256D 
TLS_GROUP_GC512A 
TLS_GROUP_GC512B 
TLS_GROUP_GC512C 
TLS_GROUP_SM2 
TLS_GROUP_FFDHE2048 
TLS_GROUP_FFDHE3072 
TLS_GROUP_FFDHE4096 
TLS_GROUP_FFDHE6144 
TLS_GROUP_FFDHE8192 
TLS_GROUP_FFDHE_MAX 
TLS_GROUP_EXPLICIT_PRIME_CURVE 
TLS_GROUP_EXPLICIT_CHAR2_CURVE 

Definition at line 1290 of file tls.h.

◆ TlsNameType

Name type.

Enumerator
TLS_NAME_TYPE_HOSTNAME 

Definition at line 1267 of file tls.h.

◆ TlsSignatureAlgo

Signature algorithms.

Enumerator
TLS_SIGN_ALGO_ANONYMOUS 
TLS_SIGN_ALGO_RSA 
TLS_SIGN_ALGO_DSA 
TLS_SIGN_ALGO_ECDSA 
TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA256 
TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA384 
TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA512 
TLS_SIGN_ALGO_ED25519 
TLS_SIGN_ALGO_ED448 
TLS_SIGN_ALGO_RSA_PSS_PSS_SHA256 
TLS_SIGN_ALGO_RSA_PSS_PSS_SHA384 
TLS_SIGN_ALGO_RSA_PSS_PSS_SHA512 
TLS_SIGN_ALGO_ECDSA_BRAINPOOLP256R1_TLS13_SHA256 
TLS_SIGN_ALGO_ECDSA_BRAINPOOLP384R1_TLS13_SHA384 
TLS_SIGN_ALGO_ECDSA_BRAINPOOLP512R1_TLS13_SHA512 
TLS_SIGN_ALGO_GOSTR34102012_256 
TLS_SIGN_ALGO_GOSTR34102012_512 

Definition at line 1179 of file tls.h.

◆ TlsState

enum TlsState

TLS FSM states.

Enumerator
TLS_STATE_INIT 
TLS_STATE_CLIENT_HELLO 
TLS_STATE_CLIENT_HELLO_2 
TLS_STATE_EARLY_DATA 
TLS_STATE_HELLO_VERIFY_REQUEST 
TLS_STATE_HELLO_RETRY_REQUEST 
TLS_STATE_SERVER_HELLO 
TLS_STATE_SERVER_HELLO_2 
TLS_STATE_SERVER_HELLO_3 
TLS_STATE_HANDSHAKE_TRAFFIC_KEYS 
TLS_STATE_ENCRYPTED_EXTENSIONS 
TLS_STATE_SERVER_CERTIFICATE 
TLS_STATE_SERVER_KEY_EXCHANGE 
TLS_STATE_SERVER_CERTIFICATE_VERIFY 
TLS_STATE_CERTIFICATE_REQUEST 
TLS_STATE_SERVER_HELLO_DONE 
TLS_STATE_CLIENT_CERTIFICATE 
TLS_STATE_CLIENT_KEY_EXCHANGE 
TLS_STATE_CLIENT_CERTIFICATE_VERIFY 
TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC 
TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC_2 
TLS_STATE_CLIENT_FINISHED 
TLS_STATE_CLIENT_APP_TRAFFIC_KEYS 
TLS_STATE_SERVER_CHANGE_CIPHER_SPEC 
TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2 
TLS_STATE_SERVER_FINISHED 
TLS_STATE_END_OF_EARLY_DATA 
TLS_STATE_SERVER_APP_TRAFFIC_KEYS 
TLS_STATE_NEW_SESSION_TICKET 
TLS_STATE_KEY_UPDATE 
TLS_STATE_APPLICATION_DATA 
TLS_STATE_CLOSING 
TLS_STATE_CLOSED 

Definition at line 1373 of file tls.h.

◆ TlsTransportProtocol

TLS transport protocols.

Enumerator
TLS_TRANSPORT_PROTOCOL_STREAM 
TLS_TRANSPORT_PROTOCOL_DATAGRAM 

Definition at line 909 of file tls.h.

Function Documentation

◆ tlsAddCertificate()

error_t tlsAddCertificate ( TlsContext context,
const char_t certChain,
size_t  certChainLen,
const char_t privateKey,
size_t  privateKeyLen 
)

Add a certificate and the corresponding private key (deprecated)

Parameters
[in]contextPointer to the TLS context
[in]certChainCertificate chain (PEM format). This parameter is taken as reference
[in]certChainLenTotal length of the certificate chain
[in]privateKeyPrivate key (PEM format). This parameter is taken as reference
[in]privateKeyLenTotal length of the private key
Returns
Error code

Definition at line 1185 of file tls.c.

◆ tlsAllowUnknownAlpnProtocols()

error_t tlsAllowUnknownAlpnProtocols ( TlsContext context,
bool_t  allowed 
)

Allow unknown ALPN protocols.

Parameters
[in]contextPointer to the TLS context
[in]allowedSpecifies whether unknown ALPN protocols are allowed
Returns
Error code

Definition at line 812 of file tls.c.

◆ tlsConnect()

error_t tlsConnect ( TlsContext context)

Initiate the TLS handshake.

Parameters
[in]contextPointer to the TLS context
Returns
Error code

Definition at line 1720 of file tls.c.

◆ tlsEnableFallbackScsv()

error_t tlsEnableFallbackScsv ( TlsContext context,
bool_t  enabled 
)

Perform fallback retry (for clients only)

Parameters
[in]contextPointer to the TLS context
[in]enabledSpecifies whether FALLBACK_SCSV is enabled
Returns
Error code

Definition at line 1446 of file tls.c.

◆ tlsEnableReplayDetection()

error_t tlsEnableReplayDetection ( TlsContext context,
bool_t  enabled 
)

Enable anti-replay mechanism (for DTLS only)

Parameters
[in]contextPointer to the TLS context
[in]enabledSpecifies whether anti-replay protection is enabled
Returns
Error code

Definition at line 1600 of file tls.c.

◆ tlsEnableSecureRenegotiation()

error_t tlsEnableSecureRenegotiation ( TlsContext context,
bool_t  enabled 
)

Enable secure renegotiation.

Parameters
[in]contextPointer to the TLS context
[in]enabledSpecifies whether secure renegotiation is allowed
Returns
Error code

Definition at line 1420 of file tls.c.

◆ tlsEnableSessionTickets()

error_t tlsEnableSessionTickets ( TlsContext context,
bool_t  enabled 
)

Enable session ticket mechanism.

Parameters
[in]contextPointer to the TLS context
[in]enabledSpecifies whether session tickets are allowed
Returns
Error code

Definition at line 1394 of file tls.c.

◆ tlsFree()

void tlsFree ( TlsContext context)

Release TLS context.

Parameters
[in]contextPointer to the TLS context

Definition at line 2420 of file tls.c.

◆ tlsFreeCache()

void tlsFreeCache ( TlsCache cache)

Properly dispose a session cache.

Parameters
[in]cachePointer to the session cache to be released

Definition at line 320 of file tls_cache.c.

◆ tlsFreeSessionState()

void tlsFreeSessionState ( TlsSessionState session)

Properly dispose a session state.

Parameters
[in]sessionPointer to the session state to be released

Definition at line 2698 of file tls.c.

◆ tlsGetAlpnProtocol()

const char_t* tlsGetAlpnProtocol ( TlsContext context)

Get the name of the selected ALPN protocol.

Parameters
[in]contextPointer to the TLS context
Returns
Pointer to the protocol name

Definition at line 912 of file tls.c.

◆ tlsGetEarlyDataStatus()

TlsEarlyDataStatus tlsGetEarlyDataStatus ( TlsContext context)

Check whether the server has accepted or rejected the early data.

Parameters
[in]contextPointer to the TLS context
Returns
TLS_EARLY_DATA_ACCEPTED if the early data was accepted, else TLS_EARLY_DATA_REJECT if the early data was rejected

Definition at line 1768 of file tls.c.

◆ tlsGetServerName()

const char_t* tlsGetServerName ( TlsContext context)

Get the server name.

Parameters
[in]contextPointer to the TLS context
Returns
Fully qualified domain name of the server

Definition at line 441 of file tls.c.

◆ tlsGetState()

TlsState tlsGetState ( TlsContext context)

Retrieve current TLS state.

Parameters
[in]contextPointer to the TLS context
Returns
Current TLS state

Definition at line 194 of file tls.c.

◆ tlsInit()

TlsContext* tlsInit ( void  )

TLS context initialization.

Returns
Handle referencing the fully initialized TLS context

Definition at line 66 of file tls.c.

◆ tlsInitCache()

TlsCache* tlsInitCache ( uint_t  size)

Session cache initialization.

Parameters
[in]sizeMaximum number of cache entries
Returns
Handle referencing the fully initialized session cache

Definition at line 51 of file tls_cache.c.

◆ tlsInitSessionState()

error_t tlsInitSessionState ( TlsSessionState session)

Initialize session state.

Parameters
[in]sessionPointer to the session state
Returns
Error code

Definition at line 2555 of file tls.c.

◆ tlsIsRxReady()

bool_t tlsIsRxReady ( TlsContext context)

Check whether some data is available in the receive buffer.

Parameters
[in]contextPointer to the TLS context
Returns
The function returns TRUE if some data is pending and can be read immediately without blocking. Otherwise, FALSE is returned

Definition at line 2215 of file tls.c.

◆ tlsIsTxReady()

bool_t tlsIsTxReady ( TlsContext context)

Check whether some data is ready for transmission.

Parameters
[in]contextPointer to the TLS context
Returns
The function returns TRUE if some data is ready for transmission. Otherwise, FALSE is returned

Definition at line 2182 of file tls.c.

◆ tlsLoadCertificate()

error_t tlsLoadCertificate ( TlsContext context,
uint_t  index,
const char_t certChain,
size_t  certChainLen,
const char_t privateKey,
size_t  privateKeyLen,
const char_t password 
)

Load entity's certificate.

Parameters
[in]contextPointer to the TLS context
[in]indexZero-based index identifying a slot
[in]certChainCertificate chain (PEM format). This parameter is taken as reference
[in]certChainLenLength of the certificate chain
[in]privateKeyPrivate key (PEM format). This parameter is taken as reference
[in]privateKeyLenLength of the private key
[in]passwordNULL-terminated string containing the password. This parameter is required if the private key is encrypted
Returns
Error code

Definition at line 1229 of file tls.c.

◆ tlsRead()

error_t tlsRead ( TlsContext context,
void *  data,
size_t  size,
size_t *  received,
uint_t  flags 
)

Receive application data from a the remote host using TLS.

Parameters
[in]contextPointer to the TLS context
[out]dataBuffer into which received data will be placed
[in]sizeMaximum number of bytes that can be received
[out]receivedNumber of bytes that have been received
[in]flagsSet of flags that influences the behavior of this function
Returns
Error code

Definition at line 1946 of file tls.c.

◆ tlsRestoreSessionState()

error_t tlsRestoreSessionState ( TlsContext context,
const TlsSessionState session 
)

Restore TLS session.

Parameters
[in]contextPointer to the TLS context
[in]sessionPointer to the session state to be restored
Returns
Error code

Definition at line 2645 of file tls.c.

◆ tlsSaveSessionState()

error_t tlsSaveSessionState ( const TlsContext context,
TlsSessionState session 
)

Save TLS session.

Parameters
[in]contextPointer to the TLS context
[out]sessionPointer to the session state
Returns
Error code

Definition at line 2576 of file tls.c.

◆ tlsSetAlpnCallback()

error_t tlsSetAlpnCallback ( TlsContext context,
TlsAlpnCallback  alpnCallback 
)

Register ALPN callback function.

Parameters
[in]contextPointer to the TLS context
[in]alpnCallbackALPN callback function
Returns
Error code

Definition at line 887 of file tls.c.

◆ tlsSetAlpnProtocolList()

error_t tlsSetAlpnProtocolList ( TlsContext context,
const char_t protocolList 
)

Set the list of supported ALPN protocols.

Parameters
[in]contextPointer to the TLS context
[in]protocolListComma-delimited list of supported protocols
Returns
Error code

Definition at line 838 of file tls.c.

◆ tlsSetBufferSize()

error_t tlsSetBufferSize ( TlsContext context,
size_t  txBufferSize,
size_t  rxBufferSize 
)

Set TLS buffer size.

Parameters
[in]contextPointer to the TLS context
[in]txBufferSizeTX buffer size
[in]rxBufferSizeRX buffer size
Returns
Error code

Definition at line 509 of file tls.c.

◆ tlsSetCache()

error_t tlsSetCache ( TlsContext context,
TlsCache cache 
)

Set session cache.

Parameters
[in]contextPointer to the TLS context
[in]cacheSession cache that will be used to save/resume TLS sessions
Returns
Error code

Definition at line 466 of file tls.c.

◆ tlsSetCertificateVerifyCallback()

error_t tlsSetCertificateVerifyCallback ( TlsContext context,
TlsCertVerifyCallback  certVerifyCallback,
void *  param 
)

Set certificate verification callback.

Parameters
[in]contextPointer to the TLS context
[in]certVerifyCallbackCertificate verification callback
[in]paramAn opaque pointer passed to the callback function
Returns
Error code

Definition at line 1370 of file tls.c.

◆ tlsSetCipherSuites()

error_t tlsSetCipherSuites ( TlsContext context,
const uint16_t *  cipherSuites,
uint_t  length 
)

Specify the list of allowed cipher suites.

Parameters
[in]contextPointer to the TLS context
[in]cipherSuitesList of allowed cipher suites (most preferred first). This parameter is taken as reference
[in]lengthNumber of cipher suites in the list
Returns
Error code

Definition at line 593 of file tls.c.

◆ tlsSetClientAuthMode()

error_t tlsSetClientAuthMode ( TlsContext context,
TlsClientAuthMode  mode 
)

Set client authentication mode (for servers only)

Parameters
[in]contextPointer to the TLS context
[in]modeClient authentication mode
Returns
Error code

Definition at line 487 of file tls.c.

◆ tlsSetConnectionEnd()

error_t tlsSetConnectionEnd ( TlsContext context,
TlsConnectionEnd  entity 
)

Set operation mode (client or server)

Parameters
[in]contextPointer to the TLS context
[in]entitySpecifies whether this entity is considered a client or a server
Returns
Error code

Definition at line 339 of file tls.c.

◆ tlsSetCookieCallbacks()

error_t tlsSetCookieCallbacks ( TlsContext context,
DtlsCookieGenerateCallback  cookieGenerateCallback,
DtlsCookieVerifyCallback  cookieVerifyCallback,
void *  param 
)

Set cookie generation/verification callbacks (for DTLS only)

Parameters
[in]contextPointer to the TLS context
[in]cookieGenerateCallbackCookie generation callback function
[in]cookieVerifyCallbackCookie verification callback function
[in]paramAn opaque pointer passed to the callback functions
Returns
Error code

Definition at line 1564 of file tls.c.

◆ tlsSetDhParameters()

error_t tlsSetDhParameters ( TlsContext context,
const char_t params,
size_t  length 
)

Import Diffie-Hellman parameters.

Parameters
[in]contextPointer to the TLS context
[in]paramsPEM structure that holds Diffie-Hellman parameters. This parameter is taken as reference
[in]lengthTotal length of the DER structure
Returns
Error code

Definition at line 677 of file tls.c.

◆ tlsSetEcdhCallback()

error_t tlsSetEcdhCallback ( TlsContext context,
TlsEcdhCallback  ecdhCallback 
)

Register ECDH key agreement callback function.

Parameters
[in]contextPointer to the TLS context
[in]ecdhCallbackECDH callback function
Returns
Error code

Definition at line 705 of file tls.c.

◆ tlsSetEcdsaSignCallback()

error_t tlsSetEcdsaSignCallback ( TlsContext context,
TlsEcdsaSignCallback  ecdsaSignCallback 
)

ECDSA signature generation callback function.

Parameters
[in]contextPointer to the TLS context
[in]ecdsaSignCallbackECDSA signature generation callback function
Returns
Error code

Definition at line 731 of file tls.c.

◆ tlsSetEcdsaVerifyCallback()

error_t tlsSetEcdsaVerifyCallback ( TlsContext context,
TlsEcdsaVerifyCallback  ecdsaVerifyCallback 
)

Register ECDSA signature verification callback function.

Parameters
[in]contextPointer to the TLS context
[in]ecdsaVerifyCallbackECDSA signature verification callback function
Returns
Error code

Definition at line 758 of file tls.c.

◆ tlsSetKeyLogCallback()

error_t tlsSetKeyLogCallback ( TlsContext context,
TlsKeyLogCallback  keyLogCallback 
)

Register key logging callback function (for debugging purpose only)

Parameters
[in]contextPointer to the TLS context
[in]keyLogCallbackKey logging callback function
Returns
Error code

Definition at line 785 of file tls.c.

◆ tlsSetMaxEarlyDataSize()

error_t tlsSetMaxEarlyDataSize ( TlsContext context,
size_t  maxEarlyDataSize 
)

Send the maximum amount of 0-RTT data the server can accept.

Parameters
[in]contextPointer to the TLS context
[in]maxEarlyDataSizeMaximum amount of 0-RTT data that the client is allowed to send
Returns
Error code

Definition at line 1628 of file tls.c.

◆ tlsSetMaxFragmentLength()

error_t tlsSetMaxFragmentLength ( TlsContext context,
size_t  maxFragLen 
)

Set maximum fragment length.

Parameters
[in]contextPointer to the TLS context
[in]maxFragLenMaximum fragment length
Returns
Error code

Definition at line 557 of file tls.c.

◆ tlsSetPmtu()

error_t tlsSetPmtu ( TlsContext context,
size_t  pmtu 
)

Set PMTU value (for DTLS only)

Parameters
[in]contextPointer to the TLS context
[in]pmtuPMTU value
Returns
Error code

Definition at line 1506 of file tls.c.

◆ tlsSetPreferredGroup()

error_t tlsSetPreferredGroup ( TlsContext context,
uint16_t  group 
)

Specify the preferred ECDHE or FFDHE group.

Parameters
[in]contextPointer to the TLS context
[in]groupPreferred ECDHE or FFDHE named group
Returns
Error code

Definition at line 649 of file tls.c.

◆ tlsSetPrng()

error_t tlsSetPrng ( TlsContext context,
const PrngAlgo prngAlgo,
void *  prngContext 
)

Set the pseudo-random number generator to be used.

Parameters
[in]contextPointer to the TLS context
[in]prngAlgoPRNG algorithm
[in]prngContextPointer to the PRNG context
Returns
Error code

Definition at line 365 of file tls.c.

◆ tlsSetPsk()

error_t tlsSetPsk ( TlsContext context,
const uint8_t *  psk,
size_t  length 
)

Set the pre-shared key to be used.

Parameters
[in]contextPointer to the TLS context
[in]pskPointer to the pre-shared key
[in]lengthLength of the pre-shared key, in bytes
Returns
Error code

Definition at line 940 of file tls.c.

◆ tlsSetPskCallback()

error_t tlsSetPskCallback ( TlsContext context,
TlsPskCallback  pskCallback 
)

Register PSK callback function.

Parameters
[in]contextPointer to the TLS context
[in]pskCallbackPSK callback function
Returns
Error code

Definition at line 1099 of file tls.c.

◆ tlsSetPskIdentity()

error_t tlsSetPskIdentity ( TlsContext context,
const char_t pskIdentity 
)

Set the PSK identity to be used by the client.

Parameters
[in]contextPointer to the TLS context
[in]pskIdentityNULL-terminated string that contains the PSK identity
Returns
Error code

Definition at line 1001 of file tls.c.

◆ tlsSetPskIdentityHint()

error_t tlsSetPskIdentityHint ( TlsContext context,
const char_t pskIdentityHint 
)

Set the PSK identity hint to be used by the server.

Parameters
[in]contextPointer to the TLS context
[in]pskIdentityHintNULL-terminated string that contains the PSK identity hint
Returns
Error code

Definition at line 1050 of file tls.c.

◆ tlsSetRpkVerifyCallback()

error_t tlsSetRpkVerifyCallback ( TlsContext context,
TlsRpkVerifyCallback  rpkVerifyCallback 
)

Register the raw public key verification callback function.

Parameters
[in]contextPointer to the TLS context
[in]rpkVerifyCallbackRPK verification callback function
Returns
Error code

Definition at line 1125 of file tls.c.

◆ tlsSetServerName()

error_t tlsSetServerName ( TlsContext context,
const char_t serverName 
)

Set the server name.

Parameters
[in]contextPointer to the TLS context
[in]serverNameFully qualified domain name of the server
Returns
Error code

Definition at line 393 of file tls.c.

◆ tlsSetSocketCallbacks()

error_t tlsSetSocketCallbacks ( TlsContext context,
TlsSocketSendCallback  socketSendCallback,
TlsSocketReceiveCallback  socketReceiveCallback,
TlsSocketHandle  handle 
)

Set socket send and receive callbacks.

Parameters
[in]contextPointer to the TLS context
[in]socketSendCallbackSend callback function
[in]socketReceiveCallbackReceive callback function
[in]handleSocket handle
Returns
Error code

Definition at line 244 of file tls.c.

◆ tlsSetStateChangeCallback()

error_t tlsSetStateChangeCallback ( TlsContext context,
TlsStateChangeCallback  stateChangeCallback 
)

Register TLS state change callback.

Parameters
[in]contextPointer to the TLS context
[in]stateChangeCallbackTLS state change callback
Returns
Error code

Definition at line 220 of file tls.c.

◆ tlsSetSupportedGroups()

error_t tlsSetSupportedGroups ( TlsContext context,
const uint16_t *  groups,
uint_t  length 
)

Specify the list of allowed ECDHE and FFDHE groups.

Parameters
[in]contextPointer to the TLS context
[in]groupsList of named groups (most preferred first). This parameter is taken as reference
[in]lengthNumber of named groups in the list
Returns
Error code

Definition at line 622 of file tls.c.

◆ tlsSetTicketCallbacks()

error_t tlsSetTicketCallbacks ( TlsContext context,
TlsTicketEncryptCallback  ticketEncryptCallback,
TlsTicketDecryptCallback  ticketDecryptCallback,
void *  param 
)

Set ticket encryption/decryption callbacks.

Parameters
[in]contextPointer to the TLS context
[in]ticketEncryptCallbackTicket encryption callback function
[in]ticketDecryptCallbackTicket decryption callback function
[in]paramAn opaque pointer passed to the callback functions
Returns
Error code

Definition at line 1474 of file tls.c.

◆ tlsSetTimeout()

error_t tlsSetTimeout ( TlsContext context,
systime_t  timeout 
)

Set timeout for blocking calls (for DTLS only)

Parameters
[in]contextPointer to the TLS context
[in]timeoutMaximum time to wait
Returns
Error code

Definition at line 1536 of file tls.c.

◆ tlsSetTransportProtocol()

error_t tlsSetTransportProtocol ( TlsContext context,
TlsTransportProtocol  transportProtocol 
)

Set the transport protocol to be used.

Parameters
[in]contextPointer to the TLS context
[in]transportProtocolTransport protocol to be used
Returns
Error code

Definition at line 310 of file tls.c.

◆ tlsSetTrustedCaList()

error_t tlsSetTrustedCaList ( TlsContext context,
const char_t trustedCaList,
size_t  length 
)

Import a trusted CA list.

Parameters
[in]contextPointer to the TLS context
[in]trustedCaListList of trusted CA (PEM format)
[in]lengthTotal length of the list
Returns
Error code

Definition at line 1153 of file tls.c.

◆ tlsSetVersion()

error_t tlsSetVersion ( TlsContext context,
uint16_t  versionMin,
uint16_t  versionMax 
)

Set minimum and maximum versions permitted.

Parameters
[in]contextPointer to the TLS context
[in]versionMinMinimum version accepted by the TLS implementation
[in]versionMaxMaximum version accepted by the TLS implementation
Returns
Error code

Definition at line 276 of file tls.c.

◆ tlsShutdown()

error_t tlsShutdown ( TlsContext context)

Gracefully close TLS session.

Parameters
[in]contextPointer to the TLS context

Definition at line 2260 of file tls.c.

◆ tlsShutdownEx()

error_t tlsShutdownEx ( TlsContext context,
bool_t  waitForCloseNotify 
)

Gracefully close TLS session.

Parameters
[in]contextPointer to the TLS context
[in]waitForCloseNotifyWait for the close notify alert from the peer

Definition at line 2273 of file tls.c.

◆ tlsWrite()

error_t tlsWrite ( TlsContext context,
const void *  data,
size_t  length,
size_t *  written,
uint_t  flags 
)

Send application data to the remote host using TLS.

Parameters
[in]contextPointer to the TLS context
[in]dataPointer to a buffer containing the data to be transmitted
[in]lengthNumber of bytes to be transmitted
[out]writtenActual number of bytes written (optional parameter)
[in]flagsSet of flags that influences the behavior of this function
Returns
Error code

Definition at line 1811 of file tls.c.

◆ tlsWriteEarlyData()

error_t tlsWriteEarlyData ( TlsContext context,
const void *  data,
size_t  length,
size_t *  written,
uint_t  flags 
)

Send early data to the remote TLS server.

Parameters
[in]contextPointer to the TLS context
[in]dataPointer to a buffer containing the data to be transmitted
[in]lengthNumber of bytes to be transmitted
[out]writtenActual number of bytes written (optional parameter)
[in]flagsSet of flags that influences the behavior of this function
Returns
Error code

Definition at line 1657 of file tls.c.

Variable Documentation

◆ algorithm

TlsSignHashAlgo algorithm

Definition at line 1655 of file tls.h.

◆ b

uint8_t b[8]

Definition at line 1423 of file tls.h.

◆ certificateTypes

uint8_t certificateTypes[]

Definition at line 1740 of file tls.h.

◆ certificateTypesLen

uint8_t certificateTypesLen

Definition at line 1739 of file tls.h.

◆ cipherSuite

uint16_t cipherSuite

Cipher suite identifier.

Definition at line 1812 of file tls.h.

◆ clientVersion

uint16_t clientVersion

Definition at line 1699 of file tls.h.

◆ data

uint8_t data[]

Definition at line 1670 of file tls.h.

◆ description

uint8_t description

Definition at line 1801 of file tls.h.

◆ extendedMasterSecret

bool_t extendedMasterSecret

Extended master secret computation.

Definition at line 1817 of file tls.h.

◆ hash

uint8_t hash

Definition at line 1455 of file tls.h.

◆ hostname

char_t hostname[]

Definition at line 1535 of file tls.h.

◆ length

uint8_t length[3]

Definition at line 1433 of file tls.h.

◆ level

uint8_t level

Definition at line 1800 of file tls.h.

◆ msgType

uint8_t msgType

Definition at line 1680 of file tls.h.

◆ random

uint8_t random[32]

Definition at line 1700 of file tls.h.

◆ secret

uint8_t secret[TLS_MASTER_SECRET_SIZE]

Master secret.

Definition at line 1813 of file tls.h.

◆ serverVersion

uint16_t serverVersion

Definition at line 1712 of file tls.h.

◆ sessionId

uint8_t sessionId[]

Definition at line 1702 of file tls.h.

◆ sessionIdLen

uint8_t sessionIdLen

Definition at line 1701 of file tls.h.

◆ signature

uint8_t signature

Definition at line 1456 of file tls.h.

◆ ticket

uint8_t ticket[]

Definition at line 1773 of file tls.h.

◆ ticketLen

uint16_t ticketLen

Definition at line 1772 of file tls.h.

◆ ticketLifetime

uint32_t ticketLifetime

Lifetime of the ticket.

Definition at line 1815 of file tls.h.

◆ ticketLifetimeHint

uint32_t ticketLifetimeHint

Definition at line 1771 of file tls.h.

◆ ticketTimestamp

systime_t ticketTimestamp

Timestamp to manage ticket lifetime.

Definition at line 1814 of file tls.h.

◆ type

uint8_t type

Definition at line 1499 of file tls.h.

◆ value

uint8_t value[]

Definition at line 1434 of file tls.h.

◆ version

uint16_t version

Protocol version.

Definition at line 1668 of file tls.h.

error_t socketSend(Socket *socket, const void *data, size_t length, size_t *written, uint_t flags)
Send data to a connected socket.
Definition: socket.c:760
error_t(* TlsSocketReceiveCallback)(TlsSocketHandle handle, void *data, size_t size, size_t *received, uint_t flags)
Socket receive callback function.
Definition: tls.h:1854
error_t(* TlsSocketSendCallback)(TlsSocketHandle handle, const void *data, size_t length, size_t *written, uint_t flags)
Socket send callback function.
Definition: tls.h:1846
error_t tlsSetSocketCallbacks(TlsContext *context, TlsSocketSendCallback socketSendCallback, TlsSocketReceiveCallback socketReceiveCallback, TlsSocketHandle handle)
Set socket send and receive callbacks.
Definition: tls.c:244
error_t socketReceive(Socket *socket, void *data, size_t size, size_t *received, uint_t flags)
Receive data from a connected socket.
Definition: socket.c:966
int_t socket(int_t family, int_t type, int_t protocol)
Create a socket that is bound to a specific transport service provider.
Definition: bsd_socket.c:63
void * TlsSocketHandle
Socket handle.
Definition: tls.h:1832