36 #define TlsContext struct _TlsContext
40 #define TlsEncryptionEngine struct _TlsEncryptionEngine
44 #include "tls_config.h"
79 #ifndef GPL_LICENSE_TERMS_ACCEPTED
80 #error Before compiling CycloneSSL Open, you must accept the terms of the GPL license
84 #define CYCLONE_SSL_VERSION_STRING "2.4.0"
86 #define CYCLONE_SSL_MAJOR_VERSION 2
88 #define CYCLONE_SSL_MINOR_VERSION 4
90 #define CYCLONE_SSL_REV_NUMBER 0
93 #define SSL_VERSION_3_0 0x0300
94 #define TLS_VERSION_1_0 0x0301
95 #define TLS_VERSION_1_1 0x0302
96 #define TLS_VERSION_1_2 0x0303
97 #define TLS_VERSION_1_3 0x0304
101 #define TLS_SUPPORT ENABLED
102 #elif (TLS_SUPPORT != ENABLED && TLS_SUPPORT != DISABLED)
103 #error TLS_SUPPORT parameter is not valid
107 #ifndef TLS_CLIENT_SUPPORT
108 #define TLS_CLIENT_SUPPORT ENABLED
109 #elif (TLS_CLIENT_SUPPORT != ENABLED && TLS_CLIENT_SUPPORT != DISABLED)
110 #error TLS_CLIENT_SUPPORT parameter is not valid
114 #ifndef TLS_SERVER_SUPPORT
115 #define TLS_SERVER_SUPPORT ENABLED
116 #elif (TLS_SERVER_SUPPORT != ENABLED && TLS_SERVER_SUPPORT != DISABLED)
117 #error TLS_SERVER_SUPPORT parameter is not valid
121 #ifndef TLS_MIN_VERSION
122 #define TLS_MIN_VERSION TLS_VERSION_1_2
123 #elif (TLS_MIN_VERSION < TLS_VERSION_1_0)
124 #error TLS_MIN_VERSION parameter is not valid
128 #ifndef TLS_MAX_VERSION
129 #define TLS_MAX_VERSION TLS_VERSION_1_3
130 #elif (TLS_MAX_VERSION > TLS_VERSION_1_3 || TLS_MAX_VERSION < TLS_MIN_VERSION)
131 #error TLS_MAX_VERSION parameter is not valid
135 #ifndef TLS_SESSION_RESUME_SUPPORT
136 #define TLS_SESSION_RESUME_SUPPORT ENABLED
137 #elif (TLS_SESSION_RESUME_SUPPORT != ENABLED && TLS_SESSION_RESUME_SUPPORT != DISABLED)
138 #error TLS_SESSION_RESUME_SUPPORT parameter is not valid
142 #ifndef TLS_SESSION_CACHE_LIFETIME
143 #define TLS_SESSION_CACHE_LIFETIME 3600000
144 #elif (TLS_SESSION_CACHE_LIFETIME < 1000)
145 #error TLS_SESSION_CACHE_LIFETIME parameter is not valid
149 #ifndef TLS_TICKET_SUPPORT
150 #define TLS_TICKET_SUPPORT DISABLED
151 #elif (TLS_TICKET_SUPPORT != ENABLED && TLS_TICKET_SUPPORT != DISABLED)
152 #error TLS_TICKET_SUPPORT parameter is not valid
156 #ifndef TLS_MAX_TICKET_SIZE
157 #define TLS_MAX_TICKET_SIZE 1024
158 #elif (TLS_MAX_TICKET_SIZE < 32)
159 #error TLS_MAX_TICKET_SIZE parameter is not valid
163 #ifndef TLS_TICKET_LIFETIME
164 #define TLS_TICKET_LIFETIME 3600000
165 #elif (TLS_TICKET_LIFETIME < 0)
166 #error TLS_TICKET_LIFETIME parameter is not valid
170 #ifndef TLS_SNI_SUPPORT
171 #define TLS_SNI_SUPPORT ENABLED
172 #elif (TLS_SNI_SUPPORT != ENABLED && TLS_SNI_SUPPORT != DISABLED)
173 #error TLS_SNI_SUPPORT parameter is not valid
177 #ifndef TLS_MAX_FRAG_LEN_SUPPORT
178 #define TLS_MAX_FRAG_LEN_SUPPORT DISABLED
179 #elif (TLS_MAX_FRAG_LEN_SUPPORT != ENABLED && TLS_MAX_FRAG_LEN_SUPPORT != DISABLED)
180 #error TLS_MAX_FRAG_LEN_SUPPORT parameter is not valid
184 #ifndef TLS_RECORD_SIZE_LIMIT_SUPPORT
185 #define TLS_RECORD_SIZE_LIMIT_SUPPORT ENABLED
186 #elif (TLS_RECORD_SIZE_LIMIT_SUPPORT != ENABLED && TLS_RECORD_SIZE_LIMIT_SUPPORT != DISABLED)
187 #error TLS_RECORD_SIZE_LIMIT_SUPPORT parameter is not valid
191 #ifndef TLS_ALPN_SUPPORT
192 #define TLS_ALPN_SUPPORT DISABLED
193 #elif (TLS_ALPN_SUPPORT != ENABLED && TLS_ALPN_SUPPORT != DISABLED)
194 #error TLS_ALPN_SUPPORT parameter is not valid
198 #ifndef TLS_ENCRYPT_THEN_MAC_SUPPORT
199 #define TLS_ENCRYPT_THEN_MAC_SUPPORT DISABLED
200 #elif (TLS_ENCRYPT_THEN_MAC_SUPPORT != ENABLED && TLS_ENCRYPT_THEN_MAC_SUPPORT != DISABLED)
201 #error TLS_ENCRYPT_THEN_MAC_SUPPORT parameter is not valid
205 #ifndef TLS_EXT_MASTER_SECRET_SUPPORT
206 #define TLS_EXT_MASTER_SECRET_SUPPORT ENABLED
207 #elif (TLS_EXT_MASTER_SECRET_SUPPORT != ENABLED && TLS_EXT_MASTER_SECRET_SUPPORT != DISABLED)
208 #error TLS_EXT_MASTER_SECRET_SUPPORT parameter is not valid
212 #ifndef TLS_CLIENT_HELLO_PADDING_SUPPORT
213 #define TLS_CLIENT_HELLO_PADDING_SUPPORT ENABLED
214 #elif (TLS_CLIENT_HELLO_PADDING_SUPPORT != ENABLED && TLS_CLIENT_HELLO_PADDING_SUPPORT != DISABLED)
215 #error TLS_CLIENT_HELLO_PADDING_SUPPORT parameter is not valid
219 #ifndef TLS_CERT_AUTHORITIES_SUPPORT
220 #define TLS_CERT_AUTHORITIES_SUPPORT DISABLED
221 #elif (TLS_CERT_AUTHORITIES_SUPPORT != ENABLED && TLS_CERT_AUTHORITIES_SUPPORT != DISABLED)
222 #error TLS_CERT_AUTHORITIES_SUPPORT parameter is not valid
226 #ifndef TLS_SIGN_ALGOS_CERT_SUPPORT
227 #define TLS_SIGN_ALGOS_CERT_SUPPORT DISABLED
228 #elif (TLS_SIGN_ALGOS_CERT_SUPPORT != ENABLED && TLS_SIGN_ALGOS_CERT_SUPPORT != DISABLED)
229 #error TLS_SIGN_ALGOS_CERT_SUPPORT parameter is not valid
233 #ifndef TLS_RAW_PUBLIC_KEY_SUPPORT
234 #define TLS_RAW_PUBLIC_KEY_SUPPORT DISABLED
235 #elif (TLS_RAW_PUBLIC_KEY_SUPPORT != ENABLED && TLS_RAW_PUBLIC_KEY_SUPPORT != DISABLED)
236 #error TLS_RAW_PUBLIC_KEY_SUPPORT parameter is not valid
240 #ifndef TLS_SECURE_RENEGOTIATION_SUPPORT
241 #define TLS_SECURE_RENEGOTIATION_SUPPORT ENABLED
242 #elif (TLS_SECURE_RENEGOTIATION_SUPPORT != ENABLED && TLS_SECURE_RENEGOTIATION_SUPPORT != DISABLED)
243 #error TLS_SECURE_RENEGOTIATION_SUPPORT parameter is not valid
247 #ifndef TLS_FALLBACK_SCSV_SUPPORT
248 #define TLS_FALLBACK_SCSV_SUPPORT DISABLED
249 #elif (TLS_FALLBACK_SCSV_SUPPORT != ENABLED && TLS_FALLBACK_SCSV_SUPPORT != DISABLED)
250 #error TLS_FALLBACK_SCSV_SUPPORT parameter is not valid
254 #ifndef TLS_ECC_CALLBACK_SUPPORT
255 #define TLS_ECC_CALLBACK_SUPPORT DISABLED
256 #elif (TLS_ECC_CALLBACK_SUPPORT != ENABLED && TLS_ECC_CALLBACK_SUPPORT != DISABLED)
257 #error TLS_ECC_CALLBACK_SUPPORT parameter is not valid
261 #ifndef TLS_MAX_CERTIFICATES
262 #define TLS_MAX_CERTIFICATES 3
263 #elif (TLS_MAX_CERTIFICATES < 1)
264 #error TLS_MAX_CERTIFICATES parameter is not valid
268 #ifndef TLS_RSA_KE_SUPPORT
269 #define TLS_RSA_KE_SUPPORT ENABLED
270 #elif (TLS_RSA_KE_SUPPORT != ENABLED && TLS_RSA_KE_SUPPORT != DISABLED)
271 #error TLS_RSA_KE_SUPPORT parameter is not valid
275 #ifndef TLS_DHE_RSA_KE_SUPPORT
276 #define TLS_DHE_RSA_KE_SUPPORT ENABLED
277 #elif (TLS_DHE_RSA_KE_SUPPORT != ENABLED && TLS_DHE_RSA_KE_SUPPORT != DISABLED)
278 #error TLS_DHE_RSA_KE_SUPPORT parameter is not valid
282 #ifndef TLS_DHE_DSS_KE_SUPPORT
283 #define TLS_DHE_DSS_KE_SUPPORT DISABLED
284 #elif (TLS_DHE_DSS_KE_SUPPORT != ENABLED && TLS_DHE_DSS_KE_SUPPORT != DISABLED)
285 #error TLS_DHE_DSS_KE_SUPPORT parameter is not valid
289 #ifndef TLS_DH_ANON_KE_SUPPORT
290 #define TLS_DH_ANON_KE_SUPPORT DISABLED
291 #elif (TLS_DH_ANON_KE_SUPPORT != ENABLED && TLS_DH_ANON_KE_SUPPORT != DISABLED)
292 #error TLS_DH_ANON_KE_SUPPORT parameter is not valid
296 #ifndef TLS_ECDHE_RSA_KE_SUPPORT
297 #define TLS_ECDHE_RSA_KE_SUPPORT ENABLED
298 #elif (TLS_ECDHE_RSA_KE_SUPPORT != ENABLED && TLS_ECDHE_RSA_KE_SUPPORT != DISABLED)
299 #error TLS_ECDHE_RSA_KE_SUPPORT parameter is not valid
303 #ifndef TLS_ECDHE_ECDSA_KE_SUPPORT
304 #define TLS_ECDHE_ECDSA_KE_SUPPORT ENABLED
305 #elif (TLS_ECDHE_ECDSA_KE_SUPPORT != ENABLED && TLS_ECDHE_ECDSA_KE_SUPPORT != DISABLED)
306 #error TLS_ECDHE_ECDSA_KE_SUPPORT parameter is not valid
310 #ifndef TLS_ECDH_ANON_KE_SUPPORT
311 #define TLS_ECDH_ANON_KE_SUPPORT DISABLED
312 #elif (TLS_ECDH_ANON_KE_SUPPORT != ENABLED && TLS_ECDH_ANON_KE_SUPPORT != DISABLED)
313 #error TLS_ECDH_ANON_KE_SUPPORT parameter is not valid
317 #ifndef TLS_PSK_KE_SUPPORT
318 #define TLS_PSK_KE_SUPPORT DISABLED
319 #elif (TLS_PSK_KE_SUPPORT != ENABLED && TLS_PSK_KE_SUPPORT != DISABLED)
320 #error TLS_PSK_KE_SUPPORT parameter is not valid
324 #ifndef TLS_RSA_PSK_KE_SUPPORT
325 #define TLS_RSA_PSK_KE_SUPPORT DISABLED
326 #elif (TLS_RSA_PSK_KE_SUPPORT != ENABLED && TLS_RSA_PSK_KE_SUPPORT != DISABLED)
327 #error TLS_RSA_PSK_KE_SUPPORT parameter is not valid
331 #ifndef TLS_DHE_PSK_KE_SUPPORT
332 #define TLS_DHE_PSK_KE_SUPPORT DISABLED
333 #elif (TLS_DHE_PSK_KE_SUPPORT != ENABLED && TLS_DHE_PSK_KE_SUPPORT != DISABLED)
334 #error TLS_DHE_PSK_KE_SUPPORT parameter is not valid
338 #ifndef TLS_ECDHE_PSK_KE_SUPPORT
339 #define TLS_ECDHE_PSK_KE_SUPPORT DISABLED
340 #elif (TLS_ECDHE_PSK_KE_SUPPORT != ENABLED && TLS_ECDHE_PSK_KE_SUPPORT != DISABLED)
341 #error TLS_ECDHE_PSK_KE_SUPPORT parameter is not valid
345 #ifndef TLS_RSA_SIGN_SUPPORT
346 #define TLS_RSA_SIGN_SUPPORT ENABLED
347 #elif (TLS_RSA_SIGN_SUPPORT != ENABLED && TLS_RSA_SIGN_SUPPORT != DISABLED)
348 #error TLS_RSA_SIGN_SUPPORT parameter is not valid
352 #ifndef TLS_RSA_PSS_SIGN_SUPPORT
353 #define TLS_RSA_PSS_SIGN_SUPPORT ENABLED
354 #elif (TLS_RSA_PSS_SIGN_SUPPORT != ENABLED && TLS_RSA_PSS_SIGN_SUPPORT != DISABLED)
355 #error TLS_RSA_PSS_SIGN_SUPPORT parameter is not valid
359 #ifndef TLS_DSA_SIGN_SUPPORT
360 #define TLS_DSA_SIGN_SUPPORT DISABLED
361 #elif (TLS_DSA_SIGN_SUPPORT != ENABLED && TLS_DSA_SIGN_SUPPORT != DISABLED)
362 #error TLS_DSA_SIGN_SUPPORT parameter is not valid
366 #ifndef TLS_ECDSA_SIGN_SUPPORT
367 #define TLS_ECDSA_SIGN_SUPPORT ENABLED
368 #elif (TLS_ECDSA_SIGN_SUPPORT != ENABLED && TLS_ECDSA_SIGN_SUPPORT != DISABLED)
369 #error TLS_ECDSA_SIGN_SUPPORT parameter is not valid
373 #ifndef TLS_SM2_SIGN_SUPPORT
374 #define TLS_SM2_SIGN_SUPPORT DISABLED
375 #elif (TLS_SM2_SIGN_SUPPORT != ENABLED && TLS_SM2_SIGN_SUPPORT != DISABLED)
376 #error TLS_SM2_SIGN_SUPPORT parameter is not valid
380 #ifndef TLS_ED25519_SIGN_SUPPORT
381 #define TLS_ED25519_SIGN_SUPPORT DISABLED
382 #elif (TLS_ED25519_SIGN_SUPPORT != ENABLED && TLS_ED25519_SIGN_SUPPORT != DISABLED)
383 #error TLS_ED25519_SIGN_SUPPORT parameter is not valid
387 #ifndef TLS_ED448_SIGN_SUPPORT
388 #define TLS_ED448_SIGN_SUPPORT DISABLED
389 #elif (TLS_ED448_SIGN_SUPPORT != ENABLED && TLS_ED448_SIGN_SUPPORT != DISABLED)
390 #error TLS_ED448_SIGN_SUPPORT parameter is not valid
394 #ifndef TLS_NULL_CIPHER_SUPPORT
395 #define TLS_NULL_CIPHER_SUPPORT DISABLED
396 #elif (TLS_NULL_CIPHER_SUPPORT != ENABLED && TLS_NULL_CIPHER_SUPPORT != DISABLED)
397 #error TLS_NULL_CIPHER_SUPPORT parameter is not valid
401 #ifndef TLS_STREAM_CIPHER_SUPPORT
402 #define TLS_STREAM_CIPHER_SUPPORT DISABLED
403 #elif (TLS_STREAM_CIPHER_SUPPORT != ENABLED && TLS_STREAM_CIPHER_SUPPORT != DISABLED)
404 #error TLS_STREAM_CIPHER_SUPPORT parameter is not valid
408 #ifndef TLS_CBC_CIPHER_SUPPORT
409 #define TLS_CBC_CIPHER_SUPPORT ENABLED
410 #elif (TLS_CBC_CIPHER_SUPPORT != ENABLED && TLS_CBC_CIPHER_SUPPORT != DISABLED)
411 #error TLS_CBC_CIPHER_SUPPORT parameter is not valid
415 #ifndef TLS_CCM_CIPHER_SUPPORT
416 #define TLS_CCM_CIPHER_SUPPORT DISABLED
417 #elif (TLS_CCM_CIPHER_SUPPORT != ENABLED && TLS_CCM_CIPHER_SUPPORT != DISABLED)
418 #error TLS_CCM_CIPHER_SUPPORT parameter is not valid
422 #ifndef TLS_CCM_8_CIPHER_SUPPORT
423 #define TLS_CCM_8_CIPHER_SUPPORT DISABLED
424 #elif (TLS_CCM_8_CIPHER_SUPPORT != ENABLED && TLS_CCM_8_CIPHER_SUPPORT != DISABLED)
425 #error TLS_CCM_8_CIPHER_SUPPORT parameter is not valid
429 #ifndef TLS_GCM_CIPHER_SUPPORT
430 #define TLS_GCM_CIPHER_SUPPORT ENABLED
431 #elif (TLS_GCM_CIPHER_SUPPORT != ENABLED && TLS_GCM_CIPHER_SUPPORT != DISABLED)
432 #error TLS_GCM_CIPHER_SUPPORT parameter is not valid
436 #ifndef TLS_CHACHA20_POLY1305_SUPPORT
437 #define TLS_CHACHA20_POLY1305_SUPPORT DISABLED
438 #elif (TLS_CHACHA20_POLY1305_SUPPORT != ENABLED && TLS_CHACHA20_POLY1305_SUPPORT != DISABLED)
439 #error TLS_CHACHA20_POLY1305_SUPPORT parameter is not valid
443 #ifndef TLS_RC4_SUPPORT
444 #define TLS_RC4_SUPPORT DISABLED
445 #elif (TLS_RC4_SUPPORT != ENABLED && TLS_RC4_SUPPORT != DISABLED)
446 #error TLS_RC4_SUPPORT parameter is not valid
450 #ifndef TLS_IDEA_SUPPORT
451 #define TLS_IDEA_SUPPORT DISABLED
452 #elif (TLS_IDEA_SUPPORT != ENABLED && TLS_IDEA_SUPPORT != DISABLED)
453 #error TLS_IDEA_SUPPORT parameter is not valid
457 #ifndef TLS_DES_SUPPORT
458 #define TLS_DES_SUPPORT DISABLED
459 #elif (TLS_DES_SUPPORT != ENABLED && TLS_DES_SUPPORT != DISABLED)
460 #error TLS_DES_SUPPORT parameter is not valid
464 #ifndef TLS_3DES_SUPPORT
465 #define TLS_3DES_SUPPORT DISABLED
466 #elif (TLS_3DES_SUPPORT != ENABLED && TLS_3DES_SUPPORT != DISABLED)
467 #error TLS_3DES_SUPPORT parameter is not valid
471 #ifndef TLS_AES_128_SUPPORT
472 #define TLS_AES_128_SUPPORT ENABLED
473 #elif (TLS_AES_128_SUPPORT != ENABLED && TLS_AES_128_SUPPORT != DISABLED)
474 #error TLS_AES_128_SUPPORT parameter is not valid
478 #ifndef TLS_AES_256_SUPPORT
479 #define TLS_AES_256_SUPPORT ENABLED
480 #elif (TLS_AES_256_SUPPORT != ENABLED && TLS_AES_256_SUPPORT != DISABLED)
481 #error TLS_AES_256_SUPPORT parameter is not valid
485 #ifndef TLS_CAMELLIA_128_SUPPORT
486 #define TLS_CAMELLIA_128_SUPPORT DISABLED
487 #elif (TLS_CAMELLIA_128_SUPPORT != ENABLED && TLS_CAMELLIA_128_SUPPORT != DISABLED)
488 #error TLS_CAMELLIA_128_SUPPORT parameter is not valid
492 #ifndef TLS_CAMELLIA_256_SUPPORT
493 #define TLS_CAMELLIA_256_SUPPORT DISABLED
494 #elif (TLS_CAMELLIA_256_SUPPORT != ENABLED && TLS_CAMELLIA_256_SUPPORT != DISABLED)
495 #error TLS_CAMELLIA_256_SUPPORT parameter is not valid
499 #ifndef TLS_ARIA_128_SUPPORT
500 #define TLS_ARIA_128_SUPPORT DISABLED
501 #elif (TLS_ARIA_128_SUPPORT != ENABLED && TLS_ARIA_128_SUPPORT != DISABLED)
502 #error TLS_ARIA_128_SUPPORT parameter is not valid
506 #ifndef TLS_ARIA_256_SUPPORT
507 #define TLS_ARIA_256_SUPPORT DISABLED
508 #elif (TLS_ARIA_256_SUPPORT != ENABLED && TLS_ARIA_256_SUPPORT != DISABLED)
509 #error TLS_ARIA_256_SUPPORT parameter is not valid
513 #ifndef TLS_SEED_SUPPORT
514 #define TLS_SEED_SUPPORT DISABLED
515 #elif (TLS_SEED_SUPPORT != ENABLED && TLS_SEED_SUPPORT != DISABLED)
516 #error TLS_SEED_SUPPORT parameter is not valid
520 #ifndef TLS_SM4_SUPPORT
521 #define TLS_SM4_SUPPORT DISABLED
522 #elif (TLS_SM4_SUPPORT != ENABLED && TLS_SM4_SUPPORT != DISABLED)
523 #error TLS_SM4_SUPPORT parameter is not valid
527 #ifndef TLS_MD5_SUPPORT
528 #define TLS_MD5_SUPPORT DISABLED
529 #elif (TLS_MD5_SUPPORT != ENABLED && TLS_MD5_SUPPORT != DISABLED)
530 #error TLS_MD5_SUPPORT parameter is not valid
534 #ifndef TLS_SHA1_SUPPORT
535 #define TLS_SHA1_SUPPORT ENABLED
536 #elif (TLS_SHA1_SUPPORT != ENABLED && TLS_SHA1_SUPPORT != DISABLED)
537 #error TLS_SHA1_SUPPORT parameter is not valid
541 #ifndef TLS_SHA224_SUPPORT
542 #define TLS_SHA224_SUPPORT DISABLED
543 #elif (TLS_SHA224_SUPPORT != ENABLED && TLS_SHA224_SUPPORT != DISABLED)
544 #error TLS_SHA224_SUPPORT parameter is not valid
548 #ifndef TLS_SHA256_SUPPORT
549 #define TLS_SHA256_SUPPORT ENABLED
550 #elif (TLS_SHA256_SUPPORT != ENABLED && TLS_SHA256_SUPPORT != DISABLED)
551 #error TLS_SHA256_SUPPORT parameter is not valid
555 #ifndef TLS_SHA384_SUPPORT
556 #define TLS_SHA384_SUPPORT ENABLED
557 #elif (TLS_SHA384_SUPPORT != ENABLED && TLS_SHA384_SUPPORT != DISABLED)
558 #error TLS_SHA384_SUPPORT parameter is not valid
562 #ifndef TLS_SHA512_SUPPORT
563 #define TLS_SHA512_SUPPORT DISABLED
564 #elif (TLS_SHA512_SUPPORT != ENABLED && TLS_SHA512_SUPPORT != DISABLED)
565 #error TLS_SHA512_SUPPORT parameter is not valid
569 #ifndef TLS_SM3_SUPPORT
570 #define TLS_SM3_SUPPORT DISABLED
571 #elif (TLS_SM3_SUPPORT != ENABLED && TLS_SM3_SUPPORT != DISABLED)
572 #error TLS_SM3_SUPPORT parameter is not valid
576 #ifndef TLS_FFDHE_SUPPORT
577 #define TLS_FFDHE_SUPPORT DISABLED
578 #elif (TLS_FFDHE_SUPPORT != ENABLED && TLS_FFDHE_SUPPORT != DISABLED)
579 #error TLS_FFDHE_SUPPORT parameter is not valid
583 #ifndef TLS_FFDHE2048_SUPPORT
584 #define TLS_FFDHE2048_SUPPORT ENABLED
585 #elif (TLS_FFDHE2048_SUPPORT != ENABLED && TLS_FFDHE2048_SUPPORT != DISABLED)
586 #error TLS_FFDHE2048_SUPPORT parameter is not valid
590 #ifndef TLS_FFDHE3072_SUPPORT
591 #define TLS_FFDHE3072_SUPPORT DISABLED
592 #elif (TLS_FFDHE3072_SUPPORT != ENABLED && TLS_FFDHE3072_SUPPORT != DISABLED)
593 #error TLS_FFDHE3072_SUPPORT parameter is not valid
597 #ifndef TLS_FFDHE4096_SUPPORT
598 #define TLS_FFDHE4096_SUPPORT DISABLED
599 #elif (TLS_FFDHE4096_SUPPORT != ENABLED && TLS_FFDHE4096_SUPPORT != DISABLED)
600 #error TLS_FFDHE4096_SUPPORT parameter is not valid
604 #ifndef TLS_SECP160K1_SUPPORT
605 #define TLS_SECP160K1_SUPPORT DISABLED
606 #elif (TLS_SECP160K1_SUPPORT != ENABLED && TLS_SECP160K1_SUPPORT != DISABLED)
607 #error TLS_SECP160K1_SUPPORT parameter is not valid
611 #ifndef TLS_SECP160R1_SUPPORT
612 #define TLS_SECP160R1_SUPPORT DISABLED
613 #elif (TLS_SECP160R1_SUPPORT != ENABLED && TLS_SECP160R1_SUPPORT != DISABLED)
614 #error TLS_SECP160R1_SUPPORT parameter is not valid
618 #ifndef TLS_SECP160R2_SUPPORT
619 #define TLS_SECP160R2_SUPPORT DISABLED
620 #elif (TLS_SECP160R2_SUPPORT != ENABLED && TLS_SECP160R2_SUPPORT != DISABLED)
621 #error TLS_SECP160R2_SUPPORT parameter is not valid
625 #ifndef TLS_SECP192K1_SUPPORT
626 #define TLS_SECP192K1_SUPPORT DISABLED
627 #elif (TLS_SECP192K1_SUPPORT != ENABLED && TLS_SECP192K1_SUPPORT != DISABLED)
628 #error TLS_SECP192K1_SUPPORT parameter is not valid
632 #ifndef TLS_SECP192R1_SUPPORT
633 #define TLS_SECP192R1_SUPPORT DISABLED
634 #elif (TLS_SECP192R1_SUPPORT != ENABLED && TLS_SECP192R1_SUPPORT != DISABLED)
635 #error TLS_SECP192R1_SUPPORT parameter is not valid
639 #ifndef TLS_SECP224K1_SUPPORT
640 #define TLS_SECP224K1_SUPPORT DISABLED
641 #elif (TLS_SECP224K1_SUPPORT != ENABLED && TLS_SECP224K1_SUPPORT != DISABLED)
642 #error TLS_SECP224K1_SUPPORT parameter is not valid
646 #ifndef TLS_SECP224R1_SUPPORT
647 #define TLS_SECP224R1_SUPPORT DISABLED
648 #elif (TLS_SECP224R1_SUPPORT != ENABLED && TLS_SECP224R1_SUPPORT != DISABLED)
649 #error TLS_SECP224R1_SUPPORT parameter is not valid
653 #ifndef TLS_SECP256K1_SUPPORT
654 #define TLS_SECP256K1_SUPPORT DISABLED
655 #elif (TLS_SECP256K1_SUPPORT != ENABLED && TLS_SECP256K1_SUPPORT != DISABLED)
656 #error TLS_SECP256K1_SUPPORT parameter is not valid
660 #ifndef TLS_SECP256R1_SUPPORT
661 #define TLS_SECP256R1_SUPPORT ENABLED
662 #elif (TLS_SECP256R1_SUPPORT != ENABLED && TLS_SECP256R1_SUPPORT != DISABLED)
663 #error TLS_SECP256R1_SUPPORT parameter is not valid
667 #ifndef TLS_SECP384R1_SUPPORT
668 #define TLS_SECP384R1_SUPPORT ENABLED
669 #elif (TLS_SECP384R1_SUPPORT != ENABLED && TLS_SECP384R1_SUPPORT != DISABLED)
670 #error TLS_SECP384R1_SUPPORT parameter is not valid
674 #ifndef TLS_SECP521R1_SUPPORT
675 #define TLS_SECP521R1_SUPPORT DISABLED
676 #elif (TLS_SECP521R1_SUPPORT != ENABLED && TLS_SECP521R1_SUPPORT != DISABLED)
677 #error TLS_SECP521R1_SUPPORT parameter is not valid
681 #ifndef TLS_BRAINPOOLP256R1_SUPPORT
682 #define TLS_BRAINPOOLP256R1_SUPPORT DISABLED
683 #elif (TLS_BRAINPOOLP256R1_SUPPORT != ENABLED && TLS_BRAINPOOLP256R1_SUPPORT != DISABLED)
684 #error TLS_BRAINPOOLP256R1_SUPPORT parameter is not valid
688 #ifndef TLS_BRAINPOOLP384R1_SUPPORT
689 #define TLS_BRAINPOOLP384R1_SUPPORT DISABLED
690 #elif (TLS_BRAINPOOLP384R1_SUPPORT != ENABLED && TLS_BRAINPOOLP384R1_SUPPORT != DISABLED)
691 #error TLS_BRAINPOOLP384R1_SUPPORT parameter is not valid
695 #ifndef TLS_BRAINPOOLP512R1_SUPPORT
696 #define TLS_BRAINPOOLP512R1_SUPPORT DISABLED
697 #elif (TLS_BRAINPOOLP512R1_SUPPORT != ENABLED && TLS_BRAINPOOLP512R1_SUPPORT != DISABLED)
698 #error TLS_BRAINPOOLP512R1_SUPPORT parameter is not valid
702 #ifndef TLS_SM2_SUPPORT
703 #define TLS_SM2_SUPPORT DISABLED
704 #elif (TLS_SM2_SUPPORT != ENABLED && TLS_SM2_SUPPORT != DISABLED)
705 #error TLS_SM2_SUPPORT parameter is not valid
709 #ifndef TLS_X25519_SUPPORT
710 #define TLS_X25519_SUPPORT DISABLED
711 #elif (TLS_X25519_SUPPORT != ENABLED && TLS_X25519_SUPPORT != DISABLED)
712 #error TLS_X25519_SUPPORT parameter is not valid
716 #ifndef TLS_X448_SUPPORT
717 #define TLS_X448_SUPPORT DISABLED
718 #elif (TLS_X448_SUPPORT != ENABLED && TLS_X448_SUPPORT != DISABLED)
719 #error TLS_X448_SUPPORT parameter is not valid
723 #ifndef TLS_CERT_KEY_USAGE_SUPPORT
724 #define TLS_CERT_KEY_USAGE_SUPPORT ENABLED
725 #elif (TLS_CERT_KEY_USAGE_SUPPORT != ENABLED && TLS_CERT_KEY_USAGE_SUPPORT != DISABLED)
726 #error TLS_CERT_KEY_USAGE_SUPPORT parameter is not valid
730 #ifndef TLS_KEY_LOG_SUPPORT
731 #define TLS_KEY_LOG_SUPPORT DISABLED
732 #elif (TLS_KEY_LOG_SUPPORT != ENABLED && TLS_KEY_LOG_SUPPORT != DISABLED)
733 #error TLS_KEY_LOG_SUPPORT parameter is not valid
737 #ifndef TLS_MAX_SERVER_NAME_LEN
738 #define TLS_MAX_SERVER_NAME_LEN 255
739 #elif (TLS_MAX_SERVER_NAME_LEN < 1)
740 #error TLS_MAX_SERVER_NAME_LEN parameter is not valid
744 #ifndef TLS_MAX_PASSWORD_LEN
745 #define TLS_MAX_PASSWORD_LEN 32
746 #elif (TLS_MAX_PASSWORD_LEN < 0)
747 #error TLS_MAX_PASSWORD_LEN parameter is not valid
751 #ifndef TLS_MIN_DH_MODULUS_SIZE
752 #define TLS_MIN_DH_MODULUS_SIZE 1024
753 #elif (TLS_MIN_DH_MODULUS_SIZE < 512)
754 #error TLS_MIN_DH_MODULUS_SIZE parameter is not valid
758 #ifndef TLS_MAX_DH_MODULUS_SIZE
759 #define TLS_MAX_DH_MODULUS_SIZE 2048
760 #elif (TLS_MAX_DH_MODULUS_SIZE < TLS_MIN_DH_MODULUS_SIZE)
761 #error TLS_MAX_DH_MODULUS_SIZE parameter is not valid
765 #ifndef TLS_MIN_RSA_MODULUS_SIZE
766 #define TLS_MIN_RSA_MODULUS_SIZE 1024
767 #elif (TLS_MIN_RSA_MODULUS_SIZE < 512)
768 #error TLS_MIN_RSA_MODULUS_SIZE parameter is not valid
772 #ifndef TLS_MAX_RSA_MODULUS_SIZE
773 #define TLS_MAX_RSA_MODULUS_SIZE 4096
774 #elif (TLS_MAX_RSA_MODULUS_SIZE < TLS_MIN_RSA_MODULUS_SIZE)
775 #error TLS_MAX_RSA_MODULUS_SIZE parameter is not valid
779 #ifndef TLS_MIN_DSA_MODULUS_SIZE
780 #define TLS_MIN_DSA_MODULUS_SIZE 1024
781 #elif (TLS_MIN_DSA_MODULUS_SIZE < 512)
782 #error TLS_MIN_DSA_MODULUS_SIZE parameter is not valid
786 #ifndef TLS_MAX_DSA_MODULUS_SIZE
787 #define TLS_MAX_DSA_MODULUS_SIZE 4096
788 #elif (TLS_MAX_DSA_MODULUS_SIZE < TLS_MIN_DSA_MODULUS_SIZE)
789 #error TLS_MAX_DSA_MODULUS_SIZE parameter is not valid
793 #ifndef TLS_MASTER_SECRET_SIZE
794 #define TLS_MASTER_SECRET_SIZE 48
795 #elif (TLS_MASTER_SECRET_SIZE < 48)
796 #error TLS_MASTER_SECRET_SIZE parameter is not valid
800 #ifndef TLS_PREMASTER_SECRET_SIZE
801 #define TLS_PREMASTER_SECRET_SIZE (TLS_MAX_DH_MODULUS_SIZE / 8)
802 #elif (TLS_PREMASTER_SECRET_SIZE < 48)
803 #error TLS_PREMASTER_SECRET_SIZE parameter is not valid
807 #ifndef TLS_MAX_WARNING_ALERTS
808 #define TLS_MAX_WARNING_ALERTS 5
809 #elif (TLS_MAX_WARNING_ALERTS < 0)
810 #error TLS_MAX_WARNING_ALERTS parameter is not valid
814 #ifndef TLS_MAX_EMPTY_RECORDS
815 #define TLS_MAX_EMPTY_RECORDS 10
816 #elif (TLS_MAX_EMPTY_RECORDS < 0)
817 #error TLS_MAX_EMPTY_RECORDS parameter is not valid
821 #ifndef TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES
822 #define TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES 5
823 #elif (TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES < 0)
824 #error TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES parameter is not valid
828 #ifndef TLS_MAX_KEY_UPDATE_MESSAGES
829 #define TLS_MAX_KEY_UPDATE_MESSAGES 5
830 #elif (TLS_MAX_KEY_UPDATE_MESSAGES < 0)
831 #error TLS_MAX_KEY_UPDATE_MESSAGES parameter is not valid
835 #ifndef TLS_PRIVATE_CONTEXT
836 #define TLS_PRIVATE_CONTEXT
840 #ifndef TLS_PRIVATE_ENCRYPTION_ENGINE
841 #define TLS_PRIVATE_ENCRYPTION_ENGINE
846 #define tlsAllocMem(size) osAllocMem(size)
851 #define tlsFreeMem(p) osFreeMem(p)
855 #if ((TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
856 (TLS_DH_ANON_KE_SUPPORT == ENABLED || TLS_DHE_RSA_KE_SUPPORT == ENABLED || \
857 TLS_DHE_DSS_KE_SUPPORT == ENABLED || TLS_DHE_PSK_KE_SUPPORT == ENABLED))
858 #define TLS_DH_SUPPORT ENABLED
859 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
860 (TLS13_DHE_KE_SUPPORT == ENABLED || TLS13_PSK_DHE_KE_SUPPORT == ENABLED))
861 #define TLS_DH_SUPPORT ENABLED
863 #define TLS_DH_SUPPORT DISABLED
867 #if ((TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
868 (TLS_ECDH_ANON_KE_SUPPORT == ENABLED || TLS_ECDHE_RSA_KE_SUPPORT == ENABLED || \
869 TLS_ECDHE_ECDSA_KE_SUPPORT == ENABLED || TLS_ECDHE_PSK_KE_SUPPORT == ENABLED))
870 #define TLS_ECDH_SUPPORT ENABLED
871 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
872 (TLS13_ECDHE_KE_SUPPORT == ENABLED || TLS13_PSK_ECDHE_KE_SUPPORT == ENABLED))
873 #define TLS_ECDH_SUPPORT ENABLED
875 #define TLS_ECDH_SUPPORT DISABLED
879 #if ((TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
880 (TLS_RSA_SIGN_SUPPORT == ENABLED || TLS_RSA_PSS_SIGN_SUPPORT == ENABLED || \
881 TLS_RSA_KE_SUPPORT == ENABLED || TLS_DHE_RSA_KE_SUPPORT == ENABLED || \
882 TLS_ECDHE_RSA_KE_SUPPORT == ENABLED || TLS_RSA_PSK_KE_SUPPORT == ENABLED))
883 #define TLS_RSA_SUPPORT ENABLED
884 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
885 (TLS_RSA_SIGN_SUPPORT == ENABLED || TLS_RSA_PSS_SIGN_SUPPORT == ENABLED))
886 #define TLS_RSA_SUPPORT ENABLED
888 #define TLS_RSA_SUPPORT DISABLED
892 #if ((TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
893 (TLS_PSK_KE_SUPPORT == ENABLED || TLS_RSA_PSK_KE_SUPPORT == ENABLED || \
894 TLS_DHE_PSK_KE_SUPPORT == ENABLED || TLS_ECDHE_PSK_KE_SUPPORT == ENABLED))
895 #define TLS_PSK_SUPPORT ENABLED
896 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
897 (TLS13_PSK_KE_SUPPORT == ENABLED || TLS13_PSK_DHE_KE_SUPPORT == ENABLED || \
898 TLS13_PSK_ECDHE_KE_SUPPORT == ENABLED))
899 #define TLS_PSK_SUPPORT ENABLED
901 #define TLS_PSK_SUPPORT DISABLED
905 #if (TLS_SHA384_SUPPORT == ENABLED)
906 #define TLS_MAX_HKDF_DIGEST_SIZE 48
908 #define TLS_MAX_HKDF_DIGEST_SIZE 32
912 #define tlsSetSocket(context, socket) tlsSetSocketCallbacks(context, \
913 (TlsSocketSendCallback) socketSend, (TlsSocketReceiveCallback) socketReceive, \
914 (TlsSocketHandle) socket)
917 #define TLS_MIN_RECORD_LENGTH 512
919 #define TLS_MAX_RECORD_LENGTH 16384
921 #define TLS_MAX_RECORD_OVERHEAD 512
923 #define TLS_RANDOM_SIZE 32
926 #define TLS_SIGN_SCHEME(signAlgo, hashAlgo) \
927 ((TlsSignatureScheme) (((hashAlgo) << 8) | (signAlgo)))
999 #define TLS_FLAG_BREAK(c) (TLS_FLAG_BREAK_CHAR | LSB(c))
1475 #if defined(__CCRX__)
1477 #elif defined(__CWCC__) || defined(_WIN32)
1478 #pragma pack(push, 1)
1753 uint16_t clientVersion;
1766 uint16_t serverVersion;
1793 uint8_t certificateTypesLen;
1825 uint32_t ticketLifetimeHint;
1870 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
1877 #if defined(__CCRX__)
1879 #elif defined(__CWCC__) || defined(_WIN32)
1919 const char_t *selectedProtocol);
1927 const uint8_t *pskIdentity,
size_t pskIdentityLen);
1943 const uint8_t *rawPublicKey,
size_t rawPublicKeyLen);
1951 const uint8_t *plaintext,
size_t plaintextLen, uint8_t *ciphertext,
1952 size_t *ciphertextLen,
void *param);
1960 const uint8_t *ciphertext,
size_t ciphertextLen, uint8_t *plaintext,
1961 size_t *plaintextLen,
void *param);
1976 const uint8_t *digest,
size_t digestLen,
EcdsaSignature *signature);
1984 const uint8_t *digest,
size_t digestLen,
EcdsaSignature *signature);
2026 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
2033 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
2041 #if (TLS_SNI_SUPPORT == ENABLED)
2089 #if (TLS_MAX_FRAG_LEN_SUPPORT == ENABLED)
2092 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
2095 #if (TLS_ALPN_SUPPORT == ENABLED)
2098 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
2104 #if (TLS_ENCRYPT_THEN_MAC_SUPPORT == ENABLED)
2107 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
2110 #if (TLS_TICKET_SUPPORT == ENABLED)
2113 #if (TLS_SECURE_RENEGOTIATION_SUPPORT == ENABLED)
2116 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
2151 #if (TLS_GCM_CIPHER_SUPPORT == ENABLED)
2155 #if (DTLS_SUPPORT == ENABLED)
2159 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
2162 #if (TLS_ENCRYPT_THEN_MAC_SUPPORT == ENABLED)
2199 #if (TLS_ECC_CALLBACK_SUPPORT == ENABLED)
2276 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_0)
2277 size_t txLastRecordLen;
2280 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_1)
2284 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
2291 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
2298 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
2334 #if (TLS_DH_SUPPORT == ENABLED)
2338 #if (TLS_ECDH_SUPPORT == ENABLED)
2343 #if (TLS_RSA_SUPPORT == ENABLED)
2347 #if (TLS_DSA_SIGN_SUPPORT == ENABLED)
2351 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED || TLS_SM2_SIGN_SUPPORT == ENABLED || \
2352 TLS_ED25519_SIGN_SUPPORT == ENABLED || TLS_ED448_SIGN_SUPPORT == ENABLED)
2357 #if (TLS_PSK_SUPPORT == ENABLED)
2367 #if (TLS_MAX_FRAG_LEN_SUPPORT == ENABLED)
2372 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
2377 #if (TLS_ALPN_SUPPORT == ENABLED)
2384 #if (TLS_ENCRYPT_THEN_MAC_SUPPORT == ENABLED)
2388 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
2392 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
2400 #if (TLS_TICKET_SUPPORT == ENABLED)
2409 #if (TLS_SECURE_RENEGOTIATION_SUPPORT == ENABLED)
2414 #if (TLS_FALLBACK_SCSV_SUPPORT == ENABLED)
2418 #if (TLS_KEY_LOG_SUPPORT == ENABLED)
2422 #if (TLS_MAX_WARNING_ALERTS > 0)
2426 #if (TLS_MAX_EMPTY_RECORDS > 0)
2430 #if (TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES > 0)
2434 #if (TLS_MAX_KEY_UPDATE_MESSAGES > 0)
2438 #if (DTLS_SUPPORT == ENABLED)
2463 #if (DTLS_SUPPORT == ENABLED && DTLS_REPLAY_DETECTION_SUPPORT == ENABLED)
2484 uint16_t versionMax);
2501 size_t rxBufferSize);
2547 size_t certChainLen,
const char_t *privateKey,
size_t privateKeyLen);
2550 const char_t *certChain,
size_t certChainLen,
const char_t *privateKey,
2551 size_t privateKeyLen,
const char_t *password);
General definitions for cryptographic algorithms.
CipherMode
Cipher operation modes.
DSA (Digital Signature Algorithm)
DTLS (Datagram Transport Layer Security)
error_t(* DtlsCookieGenerateCallback)(TlsContext *context, const DtlsClientParameters *clientParams, uint8_t *cookie, size_t *length, void *param)
DTLS cookie generation callback function.
error_t(* DtlsCookieVerifyCallback)(TlsContext *context, const DtlsClientParameters *clientParams, const uint8_t *cookie, size_t length, void *param)
DTLS cookie verification callback function.
#define DTLS_REPLAY_WINDOW_SIZE
ECDSA (Elliptic Curve Digital Signature Algorithm)
HMAC (Keyed-Hashing for Message Authentication)
Collection of key exchange algorithms.
uint32_t systime_t
System time.
RSA public-key cryptography standard.
systime_t ticketTimestamp
Timestamp to manage ticket lifetime.
bool_t resume
The connection is established by resuming a session.
bool_t sessionTicketEnabled
Session ticket mechanism enabled.
size_t maxEarlyDataSize
Maximum amount of 0-RTT data that the client is allowed to send.
size_t rxFragQueueLen
Length of the reassembly queue.
size_t maxFragLen
Maximum plaintext fragment length.
uint_t cipherSuiteTypes
Types of cipher suites proposed by the client.
size_t trustedCaListLen
Total length of the trusted CA list.
void * ticketParam
Opaque pointer passed to the ticket callbacks.
TlsStateChangeCallback stateChangeCallback
TLS state change callback function.
TlsPskCallback pskCallback
PSK callback function.
TlsKeyExchMethod keyExchMethod
Key exchange method.
uint_t keyUpdateCount
Count of consecutive KeyUpdate messages.
HashContext * transcriptHashContext
Hash context used to compute verify data.
uint_t numCerts
Number of certificates available.
TlsRpkVerifyCallback rpkVerifyCallback
Raw public key verification callback function.
bool_t ecPointFormatsExtReceived
The EcPointFormats extension has been received.
uint8_t serverHsTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
TlsSocketHandle socketHandle
Socket handle.
bool_t sessionTicketExtReceived
The SessionTicket extension has been received.
bool_t earlyDataEnabled
EarlyData is enabled.
bool_t unknownProtocolsAllowed
Unknown ALPN protocols allowed.
bool_t etmExtReceived
The EncryptThenMac extension has been received.
uint16_t rxRecordVersion
Version of the incoming record.
TlsSignatureScheme signScheme
Signature scheme to be used.
bool_t sessionTicketExtSent
The SessionTicket extension has been sent.
TlsCertVerifyCallback certVerifyCallback
Certificate verification callback function.
TlsAlpnCallback alpnCallback
ALPN callback function.
uint16_t versionMax
Maximum version accepted by the implementation.
size_t ticketPskLen
Length of the PSK associated with the ticket.
void * cookieParam
Opaque pointer passed to the cookie callbacks.
size_t recordSizeLimit
Maximum record size the peer is willing to receive.
bool_t maxFragLenExtReceived
The MaxFragmentLength extension has been received.
bool_t earlyDataExtReceived
The EarlyData extension has been received.
bool_t updatedClientHelloReceived
An updated ClientHello message has been received.
uint32_t replayWindow[(DTLS_REPLAY_WINDOW_SIZE+31)/32]
uint16_t namedGroup
ECDHE or FFDHE named group.
uint16_t txMsgSeq
Send sequence number.
uint8_t clientAppTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
DhContext dhContext
Diffie-Hellman context.
const uint16_t * supportedSignAlgos
List of supported signature algorithms.
uint8_t sessionId[32]
Session identifier.
bool_t fatalAlertSent
A fatal alert message has been sent.
char_t * pskIdentityHint
PSK identity hint.
TlsTransportProtocol transportProtocol
Transport protocol (stream or datagram)
TlsClientAuthMode clientAuthMode
Client authentication mode.
uint8_t serverAppTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
systime_t retransmitTimeout
Retransmission timeout.
TlsCipherSuiteInfo cipherSuite
Negotiated cipher suite.
int_t selectedIdentity
Selected PSK identity.
size_t sessionIdLen
Length of the session identifier.
TlsEcdsaSignCallback ecdsaSignCallback
TlsCache * cache
TLS session cache.
size_t pskLen
Length of the pre-shared key, in bytes.
Sha1Context * transcriptSha1Context
SHA-1 context used to compute verify data.
size_t txBufferMaxLen
Maximum number of plaintext data the TX buffer can hold.
const PrngAlgo * prngAlgo
Pseudo-random number generator to be used.
bool_t secureRenegoFlag
Secure renegotiation flag.
EcDomainParameters peerEcParams
Peer's EC domain parameters.
bool_t closeNotifyReceived
A closure alert has been received from the peer.
size_t txBufferPos
Current position in TX buffer.
uint8_t masterSecret[TLS_MASTER_SECRET_SIZE]
Master secret.
size_t certRequestContextLen
Length of the certificate request context.
TlsCertificateFormat certFormat
Certificate format.
uint16_t pskCipherSuite
Cipher suite associated with the PSK.
size_t txBufferSize
TX buffer size.
TlsEncryptionEngine decryptionEngine
Decryption engine.
size_t txBufferLen
Number of bytes that are pending to be sent.
bool_t clientCertRequested
This flag tells whether the client certificate is requested.
TlsContentType txBufferType
Type of data that resides in the TX buffer.
TlsCertificateType peerCertType
Peer's certificate type.
RsaPublicKey peerRsaPublicKey
Peer's RSA public key.
TlsContentType rxBufferType
Type of data that resides in the RX buffer.
uint16_t ticketCipherSuite
Cipher suite associated with the ticket.
uint8_t * rxBuffer
RX buffer.
uint_t alertCount
Count of consecutive warning alerts.
bool_t recordSizeLimitExtReceived
The RecordSizeLimit extension has been received.
bool_t fallbackScsvEnabled
Support for FALLBACK_SCSV.
uint_t numSupportedGroups
Number of named groups in the list.
size_t ticketLen
Length of the session ticket.
char_t * pskIdentity
PSK identity.
size_t earlyDataLen
Total amount of 0-RTT data that have been sent by the client.
TlsEncryptionEngine encryptionEngine
Encryption engine.
uint8_t serverRandom[TLS_RANDOM_SIZE]
Server random value.
uint8_t exporterMasterSecret[TLS_MAX_HKDF_DIGEST_SIZE]
TlsKeyLogCallback keyLogCallback
Key logging callback (for debugging purpose only)
uint16_t preferredGroup
Preferred ECDHE or FFDHE named group.
uint8_t premasterSecret[TLS_PREMASTER_SECRET_SIZE]
Premaster secret.
bool_t replayDetectionEnabled
Anti-replay mechanism enabled.
uint16_t clientVersion
Latest version supported by the client.
uint_t retransmitCount
Retransmission counter.
char_t * selectedProtocol
Selected ALPN protocol.
TlsCertDesc * cert
Pointer to the currently selected certificate.
char_t * protocolList
List of supported ALPN protocols.
bool_t emsExtReceived
The ExtendedMasterSecret extension has been received.
uint16_t versionMin
Minimum version accepted by the implementation.
DsaPublicKey peerDsaPublicKey
Peer's DSA public key.
const char_t * trustedCaList
Trusted CA list (PEM format)
TlsCertDesc certs[TLS_MAX_CERTIFICATES]
End entity certificates (PEM format)
uint32_t ticketNonce
A per-ticket value that is unique across all tickets issued.
TlsTicketDecryptCallback ticketDecryptCallback
Ticket decryption callback function.
uint8_t serverVerifyData[64]
Server verify data.
uint8_t * txBuffer
TX buffer.
size_t txRecordLen
Length of the TLS record.
bool_t clientCertTypeExtReceived
The ClientCertType extension has been received.
uint_t changeCipherSpecCount
Count of consecutive ChangeCipherSpec messages.
size_t txDatagramLen
Length of the outgoing datagram, in bytes.
uint8_t clientVerifyData[64]
Client verify data.
size_t rxBufferLen
Number of bytes available for reading.
TlsCertificateFormat peerCertFormat
Peer's certificate format.
uint8_t ticketPsk[TLS_MAX_HKDF_DIGEST_SIZE]
PSK associated with the ticket.
size_t rxBufferSize
RX buffer size.
TlsEcdsaVerifyCallback ecdsaVerifyCallback
TlsConnectionEnd entity
Client or server operation.
DtlsCookieVerifyCallback cookieVerifyCallback
Cookie verification callback function.
size_t txRecordPos
Current position in the TLS record.
TlsState state
TLS handshake finite state machine.
uint16_t version
Negotiated TLS version.
void * certVerifyParam
Opaque pointer passed to the certificate verification callback.
systime_t retransmitTimestamp
Time at which the datagram was sent.
bool_t fatalAlertReceived
A fatal alert message has been received from the peer.
systime_t timeout
Timeout for blocking calls.
size_t rxBufferPos
Current position in RX buffer.
uint8_t * ticket
Session ticket.
uint_t emptyRecordCount
Count of consecutive empty records.
bool_t earlyDataRejected
The 0-RTT data have been rejected by the server.
uint8_t clientEarlyTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
uint8_t clientRandom[TLS_RANDOM_SIZE]
Client random value.
bool_t closeNotifySent
A closure alert has been sent.
size_t rxDatagramLen
Length of the incoming datagram, in bytes.
HmacContext hmacContext
HMAC context.
size_t serverVerifyDataLen
Length of the server verify data.
uint8_t secret[TLS_MAX_HKDF_DIGEST_SIZE]
const uint16_t * cipherSuites
List of supported cipher suites.
uint32_t ticketAgeAdd
Random value used to obscure the age of the ticket.
bool_t serverCertTypeExtReceived
The ServerCertType extension has been received.
size_t cookieLen
Length of the cookie.
EcdhContext ecdhContext
ECDH context.
char_t * ticketAlpn
ALPN protocol associated with the ticket.
size_t rxRecordLen
Length of the TLS record.
TlsEcdhCallback ecdhCallback
TlsEncryptionEngine prevEncryptionEngine
bool_t secureRenegoEnabled
Secure renegotiation enabled.
TlsSocketReceiveCallback socketReceiveCallback
Socket receive callback function.
TlsTicketEncryptCallback ticketEncryptCallback
Ticket encryption callback function.
char_t * serverName
Fully qualified DNS hostname of the server.
TlsHashAlgo ticketHashAlgo
Hash algorithm associated with the ticket.
uint_t numSupportedSignAlgos
Number of signature algorithms in the list.
size_t clientVerifyDataLen
Length of the client verify data.
uint8_t resumptionMasterSecret[TLS_MAX_HKDF_DIGEST_SIZE]
uint32_t ticketLifetime
Lifetime of the ticket.
bool_t pskKeModeSupported
PSK key establishment supported by the client.
uint16_t rxMsgSeq
Next receive sequence number.
TlsHashAlgo pskHashAlgo
Hash algorithm associated with the PSK.
size_t premasterSecretLen
Length of the premaster secret.
uint_t numCipherSuites
Number of cipher suites in the list.
size_t rxBufferMaxLen
Maximum number of plaintext data the RX buffer can hold.
DtlsCookieGenerateCallback cookieGenerateCallback
Cookie generation callback function.
TlsSequenceNumber earlyDataSeqNum
Early data sequence number.
EcPublicKey peerEcPublicKey
Peer's EC public key.
uint8_t * psk
Pre-shared key.
uint8_t * certRequestContext
Certificate request context.
const uint16_t * supportedGroups
List of supported named groups.
TlsSocketSendCallback socketSendCallback
Socket send callback function.
systime_t clientHelloTimestamp
Time at which the ClientHello message was sent.
void * prngContext
Pseudo-random number generator context.
size_t rxRecordPos
Current position in the TLS record.
uint8_t keyBlock[192]
Key material.
uint8_t clientHsTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
uint_t newSessionTicketCount
Number of NewSessionTicket messages that have been sent.
CipherMode cipherMode
Cipher mode of operation.
bool_t encryptThenMac
Encrypt-then-MAC construction.
GcmContext * gcmContext
GCM context.
size_t macKeyLen
Length of the MAC key.
HmacContext * hmacContext
HMAC context.
size_t recordSizeLimit
Maximum size of record in octets.
const HashAlgo * hashAlgo
Hash algorithm for MAC operations.
size_t fixedIvLen
Length of the fixed part of the IV.
uint8_t encKey[48]
Encryption key.
uint8_t iv[16]
Initialization vector.
const CipherAlgo * cipherAlgo
Cipher algorithm.
DtlsSequenceNumber dtlsSeqNum
Record sequence number.
size_t authTagLen
Length of the authentication tag.
uint16_t version
Negotiated TLS version.
TlsSequenceNumber seqNum
TLS sequence number.
void * cipherContext
Cipher context.
size_t encKeyLen
Length of the encryption key.
uint8_t macKey[48]
MAC key.
size_t recordIvLen
Length of the IV.
uint16_t epoch
Counter value incremented on every cipher state change.
Common interface for encryption algorithms.
Common interface for hash algorithms.
uint_t size
Maximum number of entries.
OsMutex mutex
Mutex preventing simultaneous access to the cache.
const char_t * privateKey
Private key (PEM format)
TlsSignatureScheme signScheme
Signature scheme used to sign the end entity certificate.
TlsNamedGroup namedCurve
Named curve used to generate the EC public key.
size_t privateKeyLen
Length of the private key.
size_t certChainLen
Length of the certificate chain.
const char_t * certChain
End entity certificate chain (PEM format)
TlsCertificateType type
End entity certificate type.
Structure describing a cipher suite.
TlsKeyExchMethod keyExchMethod
const HashAlgo * hashAlgo
const CipherAlgo * cipherAlgo
const HashAlgo * prfHashAlgo
const TlsExtension * serverCertType
const TlsSupportedGroupList * supportedGroupList
SupportedGroups extension.
const Tls13KeyShareEntry * serverShare
KeyShare extension (ServerHello)
const TlsSignSchemeList * signAlgoList
SignatureAlgorithms extension.
const TlsExtension * clientCertType
const TlsExtension * recordSizeLimit
RecordSizeLimit extension.
const TlsCertTypeList * serverCertTypeList
ServerCertType extension.
const TlsExtension * selectedGroup
KeyShare extension (HelloRetryRequest)
const TlsExtension * sessionTicket
SessionTicket extension.
const Tls13PskIdentityList * identityList
PreSharedKey extension (ClientHello)
const Tls13PskKeModeList * pskKeModeList
PskKeyExchangeModes extension.
const Tls13KeyShareList * keyShareList
KeyShare extension (ClientHello)
const TlsExtension * encryptThenMac
EncryptThenMac extension.
const TlsSupportedVersionList * supportedVersionList
SupportedVersions extension (ClientHello)
const Tls13PskBinderList * binderList
const TlsSignSchemeList * certSignAlgoList
SignatureAlgorithmsCert extension.
const Tls13Cookie * cookie
Cookie extension.
const TlsExtension * extendedMasterSecret
ExtendedMasterSecret extension.
const TlsServerNameList * serverNameList
ServerName extension.
const TlsCertAuthorities * certAuthorities
CertificateAuthorities extension.
const TlsExtension * earlyDataIndication
EarlyData extension.
const TlsExtension * maxFragLen
MaxFragmentLength extension.
const TlsProtocolNameList * protocolNameList
ALPN extension.
const TlsEcPointFormatList * ecPointFormatList
EcPointFormats extension.
const TlsCertTypeList * clientCertTypeList
ClientCertType extension.
const TlsExtension * selectedVersion
SupportedVersions extension (ServerHello)
const TlsRenegoInfo * renegoInfo
RenegotiationInfo extension.
const TlsExtension * selectedIdentity
PreSharedKey extension (ServerHello)
systime_t ticketTimestamp
Timestamp to manage ticket lifetime.
systime_t timestamp
Time stamp to manage entry lifetime.
size_t sessionIdLen
Length of the session identifier.
size_t ticketLen
Length of the session ticket.
uint32_t maxEarlyDataSize
Maximum amount of 0-RTT data that the client is allowed to send.
uint16_t version
TLS protocol version.
uint8_t * ticket
Session ticket.
uint16_t cipherSuite
Cipher suite identifier.
uint32_t ticketAgeAdd
Random value used to obscure the age of the ticket.
char_t * ticketAlpn
ALPN protocol associated with the ticket.
char_t * serverName
ServerName extension.
TlsHashAlgo ticketHashAlgo
Hash algorithm associated with the ticket.
uint32_t ticketLifetime
Lifetime of the ticket.
bool_t extendedMasterSecret
Extended master secret computation.
TLS 1.3 helper functions.
systime_t ticketTimestamp
Timestamp to manage ticket lifetime.
@ TLS_STATE_SERVER_CHANGE_CIPHER_SPEC
@ TLS_STATE_SERVER_CERTIFICATE
@ TLS_STATE_CLIENT_CERTIFICATE_VERIFY
@ TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2
@ TLS_STATE_SERVER_CERTIFICATE_VERIFY
@ TLS_STATE_SERVER_HELLO_2
@ TLS_STATE_HELLO_VERIFY_REQUEST
@ TLS_STATE_CLIENT_FINISHED
@ TLS_STATE_CLIENT_APP_TRAFFIC_KEYS
@ TLS_STATE_SERVER_APP_TRAFFIC_KEYS
@ TLS_STATE_SERVER_FINISHED
@ TLS_STATE_CLIENT_HELLO_2
@ TLS_STATE_APPLICATION_DATA
@ TLS_STATE_SERVER_KEY_EXCHANGE
@ TLS_STATE_NEW_SESSION_TICKET
@ TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC_2
@ TLS_STATE_HELLO_RETRY_REQUEST
@ TLS_STATE_END_OF_EARLY_DATA
@ TLS_STATE_SERVER_HELLO_3
@ TLS_STATE_SERVER_HELLO_DONE
@ TLS_STATE_CERTIFICATE_REQUEST
@ TLS_STATE_HANDSHAKE_TRAFFIC_KEYS
@ TLS_STATE_CLIENT_KEY_EXCHANGE
@ TLS_STATE_CLIENT_CERTIFICATE
@ TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC
@ TLS_STATE_ENCRYPTED_EXTENSIONS
error_t tlsSetEcdsaSignCallback(TlsContext *context, TlsEcdsaSignCallback ecdsaSignCallback)
Register ECDSA signature generation callback function.
error_t tlsRestoreSessionState(TlsContext *context, const TlsSessionState *session)
Restore TLS session.
error_t tlsSetPskIdentity(TlsContext *context, const char_t *pskIdentity)
Set the PSK identity to be used by the client.
error_t tlsSetTicketCallbacks(TlsContext *context, TlsTicketEncryptCallback ticketEncryptCallback, TlsTicketDecryptCallback ticketDecryptCallback, void *param)
Set ticket encryption/decryption callbacks.
error_t tlsConnect(TlsContext *context)
Initiate the TLS handshake.
TlsKeyExchMethod
Key exchange methods.
@ TLS_KEY_EXCH_ECDHE_ECDSA
@ TLS_KEY_EXCH_SRP_SHA_DSS
@ TLS_KEY_EXCH_SRP_SHA_RSA
@ TLS_KEY_EXCH_ECDH_ECDSA
@ TLS13_KEY_EXCH_PSK_ECDHE
TlsEarlyDataStatus tlsGetEarlyDataStatus(TlsContext *context)
Check whether the server has accepted or rejected the early data.
TlsCertificateFormat
Certificate formats.
@ TLS_CERT_FORMAT_RAW_PUBLIC_KEY
@ TLS_CERT_FORMAT_OPENPGP
@ TLS_CERT_FORMAT_1609DOT2
error_t tlsSaveSessionState(const TlsContext *context, TlsSessionState *session)
Save TLS session.
error_t tlsWrite(TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
Send application data to the remote host using TLS.
TlsAlertDescription
Alert description.
@ TLS_ALERT_CERTIFICATE_REVOKED
@ TLS_ALERT_ACCESS_DENIED
@ TLS_ALERT_BAD_CERTIFICATE
@ TLS_ALERT_UNSUPPORTED_EXTENSION
@ TLS_ALERT_UNEXPECTED_MESSAGE
@ TLS_ALERT_NO_RENEGOTIATION
@ TLS_ALERT_USER_CANCELED
@ TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE
@ TLS_ALERT_MISSING_EXTENSION
@ TLS_ALERT_NO_CERTIFICATE
@ TLS_ALERT_NO_APPLICATION_PROTOCOL
@ TLS_ALERT_CERTIFICATE_UNKNOWN
@ TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE
@ TLS_ALERT_INAPPROPRIATE_FALLBACK
@ TLS_ALERT_CERTIFICATE_REQUIRED
@ TLS_ALERT_PROTOCOL_VERSION
@ TLS_ALERT_BAD_RECORD_MAC
@ TLS_ALERT_EXPORT_RESTRICTION
@ TLS_ALERT_TOO_MANY_CIDS_REQUESTED
@ TLS_ALERT_CERTIFICATE_EXPIRED
@ TLS_ALERT_DECOMPRESSION_FAILURE
@ TLS_ALERT_ILLEGAL_PARAMETER
@ TLS_ALERT_HANDSHAKE_FAILURE
@ TLS_ALERT_DECRYPTION_FAILED
@ TLS_ALERT_RECORD_OVERFLOW
@ TLS_ALERT_CERTIFICATE_UNOBTAINABLE
@ TLS_ALERT_INSUFFICIENT_SECURITY
@ TLS_ALERT_UNKNOWN_PSK_IDENTITY
@ TLS_ALERT_UNSUPPORTED_CERTIFICATE
@ TLS_ALERT_INTERNAL_ERROR
@ TLS_ALERT_UNRECOGNIZED_NAME
@ TLS_ALERT_DECRYPT_ERROR
error_t(* TlsEcdsaVerifyCallback)(TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
ECDSA signature verification callback function.
uint8_t certificateTypes[]
error_t tlsSetEcdhCallback(TlsContext *context, TlsEcdhCallback ecdhCallback)
Register ECDH key agreement callback function.
#define TLS_MAX_CERTIFICATES
void TlsCertificateVerify
CertificateVerify message.
TlsTransportProtocol
TLS transport protocols.
@ TLS_TRANSPORT_PROTOCOL_STREAM
@ TLS_TRANSPORT_PROTOCOL_DATAGRAM
@ TLS_TRANSPORT_PROTOCOL_EAP
error_t tlsAddCertificate(TlsContext *context, const char_t *certChain, size_t certChainLen, const char_t *privateKey, size_t privateKeyLen)
Add a certificate and the corresponding private key (deprecated)
TlsCompressMethod
Compression methods.
@ TLS_COMPRESSION_METHOD_DEFLATE
@ TLS_COMPRESSION_METHOD_NULL
error_t(* TlsTicketEncryptCallback)(TlsContext *context, const uint8_t *plaintext, size_t plaintextLen, uint8_t *ciphertext, size_t *ciphertextLen, void *param)
Ticket encryption callback function.
TlsCache * tlsInitCache(uint_t size)
Session cache initialization.
error_t(* TlsAlpnCallback)(TlsContext *context, const char_t *selectedProtocol)
ALPN callback function.
error_t(* TlsSocketSendCallback)(TlsSocketHandle handle, const void *data, size_t length, size_t *written, uint_t flags)
Socket send callback function.
uint8_t secret[TLS_MASTER_SECRET_SIZE]
Master secret.
TlsEarlyDataStatus
Early data status.
@ TLS_EARLY_DATA_REJECTED
@ TLS_EARLY_DATA_ACCEPTED
void tlsFreeCache(TlsCache *cache)
Properly dispose a session cache.
error_t tlsEnableSessionTickets(TlsContext *context, bool_t enabled)
Enable session ticket mechanism.
error_t(* TlsPskCallback)(TlsContext *context, const uint8_t *pskIdentity, size_t pskIdentityLen)
Pre-shared key callback function.
error_t tlsEnableReplayDetection(TlsContext *context, bool_t enabled)
Enable anti-replay mechanism (for DTLS only)
error_t tlsLoadCertificate(TlsContext *context, uint_t index, const char_t *certChain, size_t certChainLen, const char_t *privateKey, size_t privateKeyLen, const char_t *password)
Load entity's certificate.
error_t tlsSetSupportedGroups(TlsContext *context, const uint16_t *groups, uint_t length)
Specify the list of allowed ECDHE and FFDHE groups.
error_t(* TlsSocketReceiveCallback)(TlsSocketHandle handle, void *data, size_t size, size_t *received, uint_t flags)
Socket receive callback function.
TlsEcPointFormat
EC point formats.
@ TLS_EC_POINT_FORMAT_UNCOMPRESSED
@ TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_CHAR2
@ TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_PRIME
error_t tlsSetPrng(TlsContext *context, const PrngAlgo *prngAlgo, void *prngContext)
Set the pseudo-random number generator to be used.
error_t tlsSetCertificateVerifyCallback(TlsContext *context, TlsCertVerifyCallback certVerifyCallback, void *param)
Register certificate verification callback function.
error_t tlsSetKeyLogCallback(TlsContext *context, TlsKeyLogCallback keyLogCallback)
Register key logging callback function (for debugging purpose only)
#define TLS_MAX_PASSWORD_LEN
bool_t tlsIsTxReady(TlsContext *context)
Check whether some data is ready for transmission.
void TlsCertificate
Certificate message.
void * TlsSocketHandle
Socket handle.
void(* TlsKeyLogCallback)(TlsContext *context, const char_t *key)
Key logging callback function (for debugging purpose only)
void TlsHelloRequest
HelloRequest message.
TlsContext * tlsInit(void)
TLS context initialization.
void TlsFinished
Finished message.
TlsClientAuthMode
Client authentication mode.
@ TLS_CLIENT_AUTH_REQUIRED
@ TLS_CLIENT_AUTH_OPTIONAL
error_t tlsSetRpkVerifyCallback(TlsContext *context, TlsRpkVerifyCallback rpkVerifyCallback)
Register the raw public key verification callback function.
void TlsServerKeyExchange
ServerKeyExchange message.
error_t tlsRead(TlsContext *context, void *data, size_t size, size_t *received, uint_t flags)
Receive application data from a the remote host using TLS.
error_t tlsAllowUnknownAlpnProtocols(TlsContext *context, bool_t allowed)
Allow unknown ALPN protocols.
void tlsFreeSessionState(TlsSessionState *session)
Properly dispose a session state.
error_t(* TlsEcdsaSignCallback)(TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
ECDSA signature generation callback function.
TlsContentType
Content type.
@ TLS_TYPE_CHANGE_CIPHER_SPEC
@ TLS_TYPE_APPLICATION_DATA
#define TLS_PRIVATE_ENCRYPTION_ENGINE
void TlsServerHelloDone
ServerHelloDone message.
TlsSignatureScheme
Signature schemes.
@ TLS_SIGN_SCHEME_GOSTR34102012_512A
@ TLS_SIGN_SCHEME_ECDSA_SHA1
@ TLS_SIGN_SCHEME_ECDSA_BP384R1_TLS13_SHA384
@ TLS_SIGN_SCHEME_GOSTR34102012_256D
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256
@ TLS_SIGN_SCHEME_ECDSA_SECP521R1_SHA512
@ TLS_SIGN_SCHEME_GOSTR34102012_256C
@ TLS_SIGN_SCHEME_ECDSA_SECP384R1_SHA384
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA512
@ TLS_SIGN_SCHEME_ECDSA_BP256R1_TLS13_SHA256
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA384
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA1
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA256
@ TLS_SIGN_SCHEME_GOSTR34102012_512C
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512
@ TLS_SIGN_SCHEME_ECDSA_SECP256R1_SHA256
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384
@ TLS_SIGN_SCHEME_SM2SIG_SM3
@ TLS_SIGN_SCHEME_ED25519
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512
@ TLS_SIGN_SCHEME_GOSTR34102012_512B
@ TLS_SIGN_SCHEME_GOSTR34102012_256B
@ TLS_SIGN_SCHEME_GOSTR34102012_256A
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256
@ TLS_SIGN_SCHEME_ECDSA_BP512R1_TLS13_SHA512
error_t tlsSetPskIdentityHint(TlsContext *context, const char_t *pskIdentityHint)
Set the PSK identity hint to be used by the server.
error_t tlsSetVersion(TlsContext *context, uint16_t versionMin, uint16_t versionMax)
Set minimum and maximum versions permitted.
error_t tlsEnableSecureRenegotiation(TlsContext *context, bool_t enabled)
Enable secure renegotiation.
error_t tlsSetConnectionEnd(TlsContext *context, TlsConnectionEnd entity)
Set operation mode (client or server)
void(* TlsStateChangeCallback)(TlsContext *context, TlsState state)
TLS state change callback.
void TlsClientKeyExchange
ClientKeyExchange message.
error_t tlsSetMaxFragmentLength(TlsContext *context, size_t maxFragLen)
Set maximum fragment length.
TlsExtensionType
TLS extension types.
@ TLS_EXT_RENEGOTIATION_INFO
@ TLS_EXT_SIGNATURE_ALGORITHMS_CERT
@ TLS_EXT_TRUSTED_CA_KEYS
@ TLS_EXT_CLIENT_CERTIFICATE_URL
@ TLS_EXT_MAX_FRAGMENT_LENGTH
@ TLS_EXT_CERTIFICATE_AUTHORITIES
@ TLS_EXT_POST_HANDSHAKE_AUTH
@ TLS_EXT_QUIC_TRANSPORT_PARAMETERS
@ TLS_EXT_SERVER_CERT_TYPE
@ TLS_EXT_EXTERNAL_SESSION_ID
@ TLS_EXT_CLIENT_CERT_TYPE
@ TLS_EXT_EXTERNAL_ID_HASH
@ TLS_EXT_ENCRYPT_THEN_MAC
@ TLS_EXT_SIGNATURE_ALGORITHMS
@ TLS_EXT_SUPPORTED_VERSIONS
@ TLS_EXT_EC_POINT_FORMATS
@ TLS_EXT_TLS_CERT_WITH_EXTERN_PSK
@ TLS_EXT_RECORD_SIZE_LIMIT
@ TLS_EXT_TRANSPARENCY_INFO
@ TLS_EXT_SUPPORTED_EKT_CIPHERS
@ TLS_EXT_COMPRESS_CERTIFICATE
@ TLS_EXT_SUPPORTED_GROUPS
@ TLS_EXT_STATUS_REQUEST_V2
@ TLS_EXT_PSK_KEY_EXCHANGE_MODES
@ TLS_EXT_SIGNED_CERT_TIMESTAMP
@ TLS_EXT_EXTENDED_MASTER_SECRET
const char_t * tlsGetServerName(TlsContext *context)
Get the server name.
error_t tlsSetSocketCallbacks(TlsContext *context, TlsSocketSendCallback socketSendCallback, TlsSocketReceiveCallback socketReceiveCallback, TlsSocketHandle handle)
Set socket send and receive callbacks.
#define TLS_MAX_HKDF_DIGEST_SIZE
error_t tlsSetPsk(TlsContext *context, const uint8_t *psk, size_t length)
Set the pre-shared key to be used.
error_t tlsSetDhParameters(TlsContext *context, const char_t *params, size_t length)
Import Diffie-Hellman parameters.
TlsHashAlgo
Hash algorithms.
@ TLS_HASH_ALGO_INTRINSIC
TlsCertificateType
Certificate types.
@ TLS_CERT_DSS_EPHEMERAL_DH
@ TLS_CERT_ECDSA_FIXED_ECDH
@ TLS_CERT_RSA_EPHEMERAL_DH
@ TLS_CERT_RSA_FIXED_ECDH
TlsMaxFragmentLength
Maximum fragment length.
@ TLS_MAX_FRAGMENT_LENGTH_512
@ TLS_MAX_FRAGMENT_LENGTH_4096
@ TLS_MAX_FRAGMENT_LENGTH_2048
@ TLS_MAX_FRAGMENT_LENGTH_1024
const char_t * tlsGetAlpnProtocol(TlsContext *context)
Get the name of the selected ALPN protocol.
error_t tlsSetStateChangeCallback(TlsContext *context, TlsStateChangeCallback stateChangeCallback)
Register TLS state change callback.
error_t tlsSetPmtu(TlsContext *context, size_t pmtu)
Set PMTU value (for DTLS only)
error_t tlsShutdownEx(TlsContext *context, bool_t waitForCloseNotify)
Gracefully close TLS session.
error_t tlsEnableFallbackScsv(TlsContext *context, bool_t enabled)
Perform fallback retry (for clients only)
error_t(* TlsTicketDecryptCallback)(TlsContext *context, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen, void *param)
Ticket decryption callback function.
error_t tlsSetTrustedCaList(TlsContext *context, const char_t *trustedCaList, size_t length)
Import a trusted CA list.
error_t tlsSetEcdsaVerifyCallback(TlsContext *context, TlsEcdsaVerifyCallback ecdsaVerifyCallback)
Register ECDSA signature verification callback function.
TlsFlags
Flags used by read and write functions.
error_t tlsSetServerName(TlsContext *context, const char_t *serverName)
Set the server name.
error_t(* TlsRpkVerifyCallback)(TlsContext *context, const uint8_t *rawPublicKey, size_t rawPublicKeyLen)
Raw public key verification callback function.
#define TLS_PREMASTER_SECRET_SIZE
TlsState tlsGetState(TlsContext *context)
Retrieve current TLS state.
TlsSignatureAlgo
Signature algorithms.
@ TLS_SIGN_ALGO_GOSTR34102012_512
@ TLS_SIGN_ALGO_ANONYMOUS
@ TLS_SIGN_ALGO_GOSTR34102012_256
error_t tlsWriteEarlyData(TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
Send early data to the remote TLS server.
error_t tlsSetBufferSize(TlsContext *context, size_t txBufferSize, size_t rxBufferSize)
Set TLS buffer size.
error_t tlsSetPreferredGroup(TlsContext *context, uint16_t group)
Specify the preferred ECDHE or FFDHE group.
uint16_t cipherSuite
Cipher suite identifier.
error_t tlsSetCookieCallbacks(TlsContext *context, DtlsCookieGenerateCallback cookieGenerateCallback, DtlsCookieVerifyCallback cookieVerifyCallback, void *param)
Set cookie generation/verification callbacks (for DTLS only)
typedef __packed_struct
Sequence number.
TlsAlertLevel
Alert level.
@ TLS_ALERT_LEVEL_WARNING
TlsConnectionEnd
TLS connection end.
@ TLS_CONNECTION_END_SERVER
@ TLS_CONNECTION_END_CLIENT
error_t(* TlsEcdhCallback)(TlsContext *context)
ECDH key agreement callback function.
error_t tlsSetSupportedSignAlgos(TlsContext *context, const uint16_t *signAlgos, uint_t length)
Specify the list of allowed signature algorithms.
#define TlsEncryptionEngine
error_t tlsSetCipherSuites(TlsContext *context, const uint16_t *cipherSuites, uint_t length)
Specify the list of allowed cipher suites.
#define TLS_MASTER_SECRET_SIZE
bool_t tlsIsRxReady(TlsContext *context)
Check whether some data is available in the receive buffer.
TlsNamedGroup
Named groups.
@ TLS_GROUP_BRAINPOOLP384R1_TLS13
@ TLS_GROUP_SECP256R1_KYBER768_DRAFT00
@ TLS_GROUP_BRAINPOOLP512R1_TLS13
@ TLS_GROUP_BRAINPOOLP512R1
@ TLS_GROUP_BRAINPOOLP256R1_TLS13
@ TLS_GROUP_BRAINPOOLP256R1
@ TLS_GROUP_X25519_KYBER768_DRAFT00
@ TLS_GROUP_EXPLICIT_CHAR2_CURVE
@ TLS_GROUP_EXPLICIT_PRIME_CURVE
@ TLS_GROUP_BRAINPOOLP384R1
error_t tlsSetClientAuthMode(TlsContext *context, TlsClientAuthMode mode)
Set client authentication mode (for servers only)
error_t tlsShutdown(TlsContext *context)
Gracefully close TLS session.
error_t(* TlsCertVerifyCallback)(TlsContext *context, const X509CertInfo *certInfo, uint_t pathLen, void *param)
Certificate verification callback function.
error_t tlsSetCache(TlsContext *context, TlsCache *cache)
Set session cache.
uint32_t ticketLifetime
Lifetime of the ticket.
TlsMessageType
Handshake message type.
@ TLS_TYPE_REQUEST_CONNECTION_ID
@ TLS_TYPE_CERTIFICATE_VERIFY
@ TLS_TYPE_SUPPLEMENTAL_DATA
@ TLS_TYPE_END_OF_EARLY_DATA
@ TLS_TYPE_NEW_CONNECTION_ID
@ TLS_TYPE_SERVER_HELLO_DONE
@ TLS_TYPE_SERVER_KEY_EXCHANGE
@ TLS_TYPE_CERTIFICATE_URL
@ TLS_TYPE_CERTIFICATE_STATUS
@ TLS_TYPE_CLIENT_KEY_EXCHANGE
@ TLS_TYPE_COMPRESSED_CERTIFICATE
@ TLS_TYPE_ENCRYPTED_EXTENSIONS
@ TLS_TYPE_HELLO_VERIFY_REQUEST
@ TLS_TYPE_NEW_SESSION_TICKET
@ TLS_TYPE_CERTIFICATE_REQUEST
@ TLS_TYPE_HELLO_RETRY_REQUEST
error_t tlsInitSessionState(TlsSessionState *session)
Initialize session state.
#define TLS_PRIVATE_CONTEXT
void tlsFree(TlsContext *context)
Release TLS context.
error_t tlsSetTimeout(TlsContext *context, systime_t timeout)
Set timeout for blocking calls (for DTLS only)
bool_t extendedMasterSecret
Extended master secret computation.
TlsEcCurveType
EC curve types.
@ TLS_EC_CURVE_TYPE_NAMED_CURVE
@ TLS_EC_CURVE_TYPE_EXPLICIT_PRIME
@ TLS_EC_CURVE_TYPE_EXPLICIT_CHAR2
error_t tlsSetAlpnProtocolList(TlsContext *context, const char_t *protocolList)
Set the list of supported ALPN protocols.
error_t tlsSetMaxEarlyDataSize(TlsContext *context, size_t maxEarlyDataSize)
Send the maximum amount of 0-RTT data the server can accept.
error_t tlsSetPskCallback(TlsContext *context, TlsPskCallback pskCallback)
Register PSK callback function.
error_t tlsSetTransportProtocol(TlsContext *context, TlsTransportProtocol transportProtocol)
Set the transport protocol to be used.
error_t tlsSetAlpnCallback(TlsContext *context, TlsAlpnCallback alpnCallback)
Register ALPN callback function.
Generic hash algorithm context.
X.509 common definitions.