36 #define TlsContext struct _TlsContext
40 #define TlsEncryptionEngine struct _TlsEncryptionEngine
45 #include "tls_config.h"
81 #ifndef GPL_LICENSE_TERMS_ACCEPTED
82 #error Before compiling CycloneSSL Open, you must accept the terms of the GPL license
86 #define CYCLONE_SSL_VERSION_STRING "2.1.4"
88 #define CYCLONE_SSL_MAJOR_VERSION 2
90 #define CYCLONE_SSL_MINOR_VERSION 1
92 #define CYCLONE_SSL_REV_NUMBER 4
95 #define SSL_VERSION_3_0 0x0300
96 #define TLS_VERSION_1_0 0x0301
97 #define TLS_VERSION_1_1 0x0302
98 #define TLS_VERSION_1_2 0x0303
99 #define TLS_VERSION_1_3 0x0304
103 #define TLS_SUPPORT ENABLED
104 #elif (TLS_SUPPORT != ENABLED && TLS_SUPPORT != DISABLED)
105 #error TLS_SUPPORT parameter is not valid
109 #ifndef TLS_CLIENT_SUPPORT
110 #define TLS_CLIENT_SUPPORT ENABLED
111 #elif (TLS_CLIENT_SUPPORT != ENABLED && TLS_CLIENT_SUPPORT != DISABLED)
112 #error TLS_CLIENT_SUPPORT parameter is not valid
116 #ifndef TLS_SERVER_SUPPORT
117 #define TLS_SERVER_SUPPORT ENABLED
118 #elif (TLS_SERVER_SUPPORT != ENABLED && TLS_SERVER_SUPPORT != DISABLED)
119 #error TLS_SERVER_SUPPORT parameter is not valid
123 #ifndef TLS_MIN_VERSION
124 #define TLS_MIN_VERSION TLS_VERSION_1_2
125 #elif (TLS_MIN_VERSION < TLS_VERSION_1_0)
126 #error TLS_MIN_VERSION parameter is not valid
130 #ifndef TLS_MAX_VERSION
131 #define TLS_MAX_VERSION TLS_VERSION_1_3
132 #elif (TLS_MAX_VERSION > TLS_VERSION_1_3 || TLS_MAX_VERSION < TLS_MIN_VERSION)
133 #error TLS_MAX_VERSION parameter is not valid
137 #ifndef TLS_SESSION_RESUME_SUPPORT
138 #define TLS_SESSION_RESUME_SUPPORT ENABLED
139 #elif (TLS_SESSION_RESUME_SUPPORT != ENABLED && TLS_SESSION_RESUME_SUPPORT != DISABLED)
140 #error TLS_SESSION_RESUME_SUPPORT parameter is not valid
144 #ifndef TLS_SESSION_CACHE_LIFETIME
145 #define TLS_SESSION_CACHE_LIFETIME 3600000
146 #elif (TLS_SESSION_CACHE_LIFETIME < 1000)
147 #error TLS_SESSION_CACHE_LIFETIME parameter is not valid
151 #ifndef TLS_TICKET_SUPPORT
152 #define TLS_TICKET_SUPPORT DISABLED
153 #elif (TLS_TICKET_SUPPORT != ENABLED && TLS_TICKET_SUPPORT != DISABLED)
154 #error TLS_TICKET_SUPPORT parameter is not valid
158 #ifndef TLS_MAX_TICKET_SIZE
159 #define TLS_MAX_TICKET_SIZE 1024
160 #elif (TLS_MAX_TICKET_SIZE < 32)
161 #error TLS_MAX_TICKET_SIZE parameter is not valid
165 #ifndef TLS_TICKET_LIFETIME
166 #define TLS_TICKET_LIFETIME 3600000
167 #elif (TLS_TICKET_LIFETIME < 0)
168 #error TLS_TICKET_LIFETIME parameter is not valid
172 #ifndef TLS_SNI_SUPPORT
173 #define TLS_SNI_SUPPORT ENABLED
174 #elif (TLS_SNI_SUPPORT != ENABLED && TLS_SNI_SUPPORT != DISABLED)
175 #error TLS_SNI_SUPPORT parameter is not valid
179 #ifndef TLS_MAX_FRAG_LEN_SUPPORT
180 #define TLS_MAX_FRAG_LEN_SUPPORT DISABLED
181 #elif (TLS_MAX_FRAG_LEN_SUPPORT != ENABLED && TLS_MAX_FRAG_LEN_SUPPORT != DISABLED)
182 #error TLS_MAX_FRAG_LEN_SUPPORT parameter is not valid
186 #ifndef TLS_RECORD_SIZE_LIMIT_SUPPORT
187 #define TLS_RECORD_SIZE_LIMIT_SUPPORT ENABLED
188 #elif (TLS_RECORD_SIZE_LIMIT_SUPPORT != ENABLED && TLS_RECORD_SIZE_LIMIT_SUPPORT != DISABLED)
189 #error TLS_RECORD_SIZE_LIMIT_SUPPORT parameter is not valid
193 #ifndef TLS_ALPN_SUPPORT
194 #define TLS_ALPN_SUPPORT DISABLED
195 #elif (TLS_ALPN_SUPPORT != ENABLED && TLS_ALPN_SUPPORT != DISABLED)
196 #error TLS_ALPN_SUPPORT parameter is not valid
200 #ifndef TLS_EXT_MASTER_SECRET_SUPPORT
201 #define TLS_EXT_MASTER_SECRET_SUPPORT ENABLED
202 #elif (TLS_EXT_MASTER_SECRET_SUPPORT != ENABLED && TLS_EXT_MASTER_SECRET_SUPPORT != DISABLED)
203 #error TLS_EXT_MASTER_SECRET_SUPPORT parameter is not valid
207 #ifndef TLS_CLIENT_HELLO_PADDING_SUPPORT
208 #define TLS_CLIENT_HELLO_PADDING_SUPPORT ENABLED
209 #elif (TLS_CLIENT_HELLO_PADDING_SUPPORT != ENABLED && TLS_CLIENT_HELLO_PADDING_SUPPORT != DISABLED)
210 #error TLS_CLIENT_HELLO_PADDING_SUPPORT parameter is not valid
214 #ifndef TLS_SIGN_ALGOS_CERT_SUPPORT
215 #define TLS_SIGN_ALGOS_CERT_SUPPORT DISABLED
216 #elif (TLS_SIGN_ALGOS_CERT_SUPPORT != ENABLED && TLS_SIGN_ALGOS_CERT_SUPPORT != DISABLED)
217 #error TLS_SIGN_ALGOS_CERT_SUPPORT parameter is not valid
221 #ifndef TLS_RAW_PUBLIC_KEY_SUPPORT
222 #define TLS_RAW_PUBLIC_KEY_SUPPORT DISABLED
223 #elif (TLS_RAW_PUBLIC_KEY_SUPPORT != ENABLED && TLS_RAW_PUBLIC_KEY_SUPPORT != DISABLED)
224 #error TLS_RAW_PUBLIC_KEY_SUPPORT parameter is not valid
228 #ifndef TLS_SECURE_RENEGOTIATION_SUPPORT
229 #define TLS_SECURE_RENEGOTIATION_SUPPORT DISABLED
230 #elif (TLS_SECURE_RENEGOTIATION_SUPPORT != ENABLED && TLS_SECURE_RENEGOTIATION_SUPPORT != DISABLED)
231 #error TLS_SECURE_RENEGOTIATION_SUPPORT parameter is not valid
235 #ifndef TLS_FALLBACK_SCSV_SUPPORT
236 #define TLS_FALLBACK_SCSV_SUPPORT DISABLED
237 #elif (TLS_FALLBACK_SCSV_SUPPORT != ENABLED && TLS_FALLBACK_SCSV_SUPPORT != DISABLED)
238 #error TLS_FALLBACK_SCSV_SUPPORT parameter is not valid
242 #ifndef TLS_ECC_CALLBACK_SUPPORT
243 #define TLS_ECC_CALLBACK_SUPPORT DISABLED
244 #elif (TLS_ECC_CALLBACK_SUPPORT != ENABLED && TLS_ECC_CALLBACK_SUPPORT != DISABLED)
245 #error TLS_ECC_CALLBACK_SUPPORT parameter is not valid
249 #ifndef TLS_MAX_CERTIFICATES
250 #define TLS_MAX_CERTIFICATES 3
251 #elif (TLS_MAX_CERTIFICATES < 1)
252 #error TLS_MAX_CERTIFICATES parameter is not valid
256 #ifndef TLS_RSA_KE_SUPPORT
257 #define TLS_RSA_KE_SUPPORT ENABLED
258 #elif (TLS_RSA_KE_SUPPORT != ENABLED && TLS_RSA_KE_SUPPORT != DISABLED)
259 #error TLS_RSA_KE_SUPPORT parameter is not valid
263 #ifndef TLS_DHE_RSA_KE_SUPPORT
264 #define TLS_DHE_RSA_KE_SUPPORT ENABLED
265 #elif (TLS_DHE_RSA_KE_SUPPORT != ENABLED && TLS_DHE_RSA_KE_SUPPORT != DISABLED)
266 #error TLS_DHE_RSA_KE_SUPPORT parameter is not valid
270 #ifndef TLS_DHE_DSS_KE_SUPPORT
271 #define TLS_DHE_DSS_KE_SUPPORT DISABLED
272 #elif (TLS_DHE_DSS_KE_SUPPORT != ENABLED && TLS_DHE_DSS_KE_SUPPORT != DISABLED)
273 #error TLS_DHE_DSS_KE_SUPPORT parameter is not valid
277 #ifndef TLS_DH_ANON_KE_SUPPORT
278 #define TLS_DH_ANON_KE_SUPPORT DISABLED
279 #elif (TLS_DH_ANON_KE_SUPPORT != ENABLED && TLS_DH_ANON_KE_SUPPORT != DISABLED)
280 #error TLS_DH_ANON_KE_SUPPORT parameter is not valid
284 #ifndef TLS_ECDHE_RSA_KE_SUPPORT
285 #define TLS_ECDHE_RSA_KE_SUPPORT ENABLED
286 #elif (TLS_ECDHE_RSA_KE_SUPPORT != ENABLED && TLS_ECDHE_RSA_KE_SUPPORT != DISABLED)
287 #error TLS_ECDHE_RSA_KE_SUPPORT parameter is not valid
291 #ifndef TLS_ECDHE_ECDSA_KE_SUPPORT
292 #define TLS_ECDHE_ECDSA_KE_SUPPORT ENABLED
293 #elif (TLS_ECDHE_ECDSA_KE_SUPPORT != ENABLED && TLS_ECDHE_ECDSA_KE_SUPPORT != DISABLED)
294 #error TLS_ECDHE_ECDSA_KE_SUPPORT parameter is not valid
298 #ifndef TLS_ECDH_ANON_KE_SUPPORT
299 #define TLS_ECDH_ANON_KE_SUPPORT DISABLED
300 #elif (TLS_ECDH_ANON_KE_SUPPORT != ENABLED && TLS_ECDH_ANON_KE_SUPPORT != DISABLED)
301 #error TLS_ECDH_ANON_KE_SUPPORT parameter is not valid
305 #ifndef TLS_PSK_KE_SUPPORT
306 #define TLS_PSK_KE_SUPPORT DISABLED
307 #elif (TLS_PSK_KE_SUPPORT != ENABLED && TLS_PSK_KE_SUPPORT != DISABLED)
308 #error TLS_PSK_KE_SUPPORT parameter is not valid
312 #ifndef TLS_RSA_PSK_KE_SUPPORT
313 #define TLS_RSA_PSK_KE_SUPPORT DISABLED
314 #elif (TLS_RSA_PSK_KE_SUPPORT != ENABLED && TLS_RSA_PSK_KE_SUPPORT != DISABLED)
315 #error TLS_RSA_PSK_KE_SUPPORT parameter is not valid
319 #ifndef TLS_DHE_PSK_KE_SUPPORT
320 #define TLS_DHE_PSK_KE_SUPPORT DISABLED
321 #elif (TLS_DHE_PSK_KE_SUPPORT != ENABLED && TLS_DHE_PSK_KE_SUPPORT != DISABLED)
322 #error TLS_DHE_PSK_KE_SUPPORT parameter is not valid
326 #ifndef TLS_ECDHE_PSK_KE_SUPPORT
327 #define TLS_ECDHE_PSK_KE_SUPPORT DISABLED
328 #elif (TLS_ECDHE_PSK_KE_SUPPORT != ENABLED && TLS_ECDHE_PSK_KE_SUPPORT != DISABLED)
329 #error TLS_ECDHE_PSK_KE_SUPPORT parameter is not valid
333 #ifndef TLS_RSA_SIGN_SUPPORT
334 #define TLS_RSA_SIGN_SUPPORT ENABLED
335 #elif (TLS_RSA_SIGN_SUPPORT != ENABLED && TLS_RSA_SIGN_SUPPORT != DISABLED)
336 #error TLS_RSA_SIGN_SUPPORT parameter is not valid
340 #ifndef TLS_RSA_PSS_SIGN_SUPPORT
341 #define TLS_RSA_PSS_SIGN_SUPPORT ENABLED
342 #elif (TLS_RSA_PSS_SIGN_SUPPORT != ENABLED && TLS_RSA_PSS_SIGN_SUPPORT != DISABLED)
343 #error TLS_RSA_PSS_SIGN_SUPPORT parameter is not valid
347 #ifndef TLS_DSA_SIGN_SUPPORT
348 #define TLS_DSA_SIGN_SUPPORT DISABLED
349 #elif (TLS_DSA_SIGN_SUPPORT != ENABLED && TLS_DSA_SIGN_SUPPORT != DISABLED)
350 #error TLS_DSA_SIGN_SUPPORT parameter is not valid
354 #ifndef TLS_ECDSA_SIGN_SUPPORT
355 #define TLS_ECDSA_SIGN_SUPPORT ENABLED
356 #elif (TLS_ECDSA_SIGN_SUPPORT != ENABLED && TLS_ECDSA_SIGN_SUPPORT != DISABLED)
357 #error TLS_ECDSA_SIGN_SUPPORT parameter is not valid
361 #ifndef TLS_EDDSA_SIGN_SUPPORT
362 #define TLS_EDDSA_SIGN_SUPPORT DISABLED
363 #elif (TLS_EDDSA_SIGN_SUPPORT != ENABLED && TLS_EDDSA_SIGN_SUPPORT != DISABLED)
364 #error TLS_EDDSA_SIGN_SUPPORT parameter is not valid
368 #ifndef TLS_NULL_CIPHER_SUPPORT
369 #define TLS_NULL_CIPHER_SUPPORT DISABLED
370 #elif (TLS_NULL_CIPHER_SUPPORT != ENABLED && TLS_NULL_CIPHER_SUPPORT != DISABLED)
371 #error TLS_NULL_CIPHER_SUPPORT parameter is not valid
375 #ifndef TLS_STREAM_CIPHER_SUPPORT
376 #define TLS_STREAM_CIPHER_SUPPORT DISABLED
377 #elif (TLS_STREAM_CIPHER_SUPPORT != ENABLED && TLS_STREAM_CIPHER_SUPPORT != DISABLED)
378 #error TLS_STREAM_CIPHER_SUPPORT parameter is not valid
382 #ifndef TLS_CBC_CIPHER_SUPPORT
383 #define TLS_CBC_CIPHER_SUPPORT ENABLED
384 #elif (TLS_CBC_CIPHER_SUPPORT != ENABLED && TLS_CBC_CIPHER_SUPPORT != DISABLED)
385 #error TLS_CBC_CIPHER_SUPPORT parameter is not valid
389 #ifndef TLS_CCM_CIPHER_SUPPORT
390 #define TLS_CCM_CIPHER_SUPPORT DISABLED
391 #elif (TLS_CCM_CIPHER_SUPPORT != ENABLED && TLS_CCM_CIPHER_SUPPORT != DISABLED)
392 #error TLS_CCM_CIPHER_SUPPORT parameter is not valid
396 #ifndef TLS_CCM_8_CIPHER_SUPPORT
397 #define TLS_CCM_8_CIPHER_SUPPORT DISABLED
398 #elif (TLS_CCM_8_CIPHER_SUPPORT != ENABLED && TLS_CCM_8_CIPHER_SUPPORT != DISABLED)
399 #error TLS_CCM_8_CIPHER_SUPPORT parameter is not valid
403 #ifndef TLS_GCM_CIPHER_SUPPORT
404 #define TLS_GCM_CIPHER_SUPPORT ENABLED
405 #elif (TLS_GCM_CIPHER_SUPPORT != ENABLED && TLS_GCM_CIPHER_SUPPORT != DISABLED)
406 #error TLS_GCM_CIPHER_SUPPORT parameter is not valid
410 #ifndef TLS_CHACHA20_POLY1305_SUPPORT
411 #define TLS_CHACHA20_POLY1305_SUPPORT DISABLED
412 #elif (TLS_CHACHA20_POLY1305_SUPPORT != ENABLED && TLS_CHACHA20_POLY1305_SUPPORT != DISABLED)
413 #error TLS_CHACHA20_POLY1305_SUPPORT parameter is not valid
417 #ifndef TLS_RC4_SUPPORT
418 #define TLS_RC4_SUPPORT DISABLED
419 #elif (TLS_RC4_SUPPORT != ENABLED && TLS_RC4_SUPPORT != DISABLED)
420 #error TLS_RC4_SUPPORT parameter is not valid
424 #ifndef TLS_IDEA_SUPPORT
425 #define TLS_IDEA_SUPPORT DISABLED
426 #elif (TLS_IDEA_SUPPORT != ENABLED && TLS_IDEA_SUPPORT != DISABLED)
427 #error TLS_IDEA_SUPPORT parameter is not valid
431 #ifndef TLS_DES_SUPPORT
432 #define TLS_DES_SUPPORT DISABLED
433 #elif (TLS_DES_SUPPORT != ENABLED && TLS_DES_SUPPORT != DISABLED)
434 #error TLS_DES_SUPPORT parameter is not valid
438 #ifndef TLS_3DES_SUPPORT
439 #define TLS_3DES_SUPPORT DISABLED
440 #elif (TLS_3DES_SUPPORT != ENABLED && TLS_3DES_SUPPORT != DISABLED)
441 #error TLS_3DES_SUPPORT parameter is not valid
445 #ifndef TLS_AES_128_SUPPORT
446 #define TLS_AES_128_SUPPORT ENABLED
447 #elif (TLS_AES_128_SUPPORT != ENABLED && TLS_AES_128_SUPPORT != DISABLED)
448 #error TLS_AES_128_SUPPORT parameter is not valid
452 #ifndef TLS_AES_256_SUPPORT
453 #define TLS_AES_256_SUPPORT ENABLED
454 #elif (TLS_AES_256_SUPPORT != ENABLED && TLS_AES_256_SUPPORT != DISABLED)
455 #error TLS_AES_256_SUPPORT parameter is not valid
459 #ifndef TLS_CAMELLIA_128_SUPPORT
460 #define TLS_CAMELLIA_128_SUPPORT DISABLED
461 #elif (TLS_CAMELLIA_128_SUPPORT != ENABLED && TLS_CAMELLIA_128_SUPPORT != DISABLED)
462 #error TLS_CAMELLIA_128_SUPPORT parameter is not valid
466 #ifndef TLS_CAMELLIA_256_SUPPORT
467 #define TLS_CAMELLIA_256_SUPPORT DISABLED
468 #elif (TLS_CAMELLIA_256_SUPPORT != ENABLED && TLS_CAMELLIA_256_SUPPORT != DISABLED)
469 #error TLS_CAMELLIA_256_SUPPORT parameter is not valid
473 #ifndef TLS_ARIA_128_SUPPORT
474 #define TLS_ARIA_128_SUPPORT DISABLED
475 #elif (TLS_ARIA_128_SUPPORT != ENABLED && TLS_ARIA_128_SUPPORT != DISABLED)
476 #error TLS_ARIA_128_SUPPORT parameter is not valid
480 #ifndef TLS_ARIA_256_SUPPORT
481 #define TLS_ARIA_256_SUPPORT DISABLED
482 #elif (TLS_ARIA_256_SUPPORT != ENABLED && TLS_ARIA_256_SUPPORT != DISABLED)
483 #error TLS_ARIA_256_SUPPORT parameter is not valid
487 #ifndef TLS_SEED_SUPPORT
488 #define TLS_SEED_SUPPORT DISABLED
489 #elif (TLS_SEED_SUPPORT != ENABLED && TLS_SEED_SUPPORT != DISABLED)
490 #error TLS_SEED_SUPPORT parameter is not valid
494 #ifndef TLS_MD5_SUPPORT
495 #define TLS_MD5_SUPPORT DISABLED
496 #elif (TLS_MD5_SUPPORT != ENABLED && TLS_MD5_SUPPORT != DISABLED)
497 #error TLS_MD5_SUPPORT parameter is not valid
501 #ifndef TLS_SHA1_SUPPORT
502 #define TLS_SHA1_SUPPORT ENABLED
503 #elif (TLS_SHA1_SUPPORT != ENABLED && TLS_SHA1_SUPPORT != DISABLED)
504 #error TLS_SHA1_SUPPORT parameter is not valid
508 #ifndef TLS_SHA224_SUPPORT
509 #define TLS_SHA224_SUPPORT DISABLED
510 #elif (TLS_SHA224_SUPPORT != ENABLED && TLS_SHA224_SUPPORT != DISABLED)
511 #error TLS_SHA224_SUPPORT parameter is not valid
515 #ifndef TLS_SHA256_SUPPORT
516 #define TLS_SHA256_SUPPORT ENABLED
517 #elif (TLS_SHA256_SUPPORT != ENABLED && TLS_SHA256_SUPPORT != DISABLED)
518 #error TLS_SHA256_SUPPORT parameter is not valid
522 #ifndef TLS_SHA384_SUPPORT
523 #define TLS_SHA384_SUPPORT ENABLED
524 #elif (TLS_SHA384_SUPPORT != ENABLED && TLS_SHA384_SUPPORT != DISABLED)
525 #error TLS_SHA384_SUPPORT parameter is not valid
529 #ifndef TLS_SHA512_SUPPORT
530 #define TLS_SHA512_SUPPORT DISABLED
531 #elif (TLS_SHA512_SUPPORT != ENABLED && TLS_SHA512_SUPPORT != DISABLED)
532 #error TLS_SHA512_SUPPORT parameter is not valid
536 #ifndef TLS_FFDHE_SUPPORT
537 #define TLS_FFDHE_SUPPORT DISABLED
538 #elif (TLS_FFDHE_SUPPORT != ENABLED && TLS_FFDHE_SUPPORT != DISABLED)
539 #error TLS_FFDHE_SUPPORT parameter is not valid
543 #ifndef TLS_FFDHE2048_SUPPORT
544 #define TLS_FFDHE2048_SUPPORT ENABLED
545 #elif (TLS_FFDHE2048_SUPPORT != ENABLED && TLS_FFDHE2048_SUPPORT != DISABLED)
546 #error TLS_FFDHE2048_SUPPORT parameter is not valid
550 #ifndef TLS_FFDHE3072_SUPPORT
551 #define TLS_FFDHE3072_SUPPORT DISABLED
552 #elif (TLS_FFDHE3072_SUPPORT != ENABLED && TLS_FFDHE3072_SUPPORT != DISABLED)
553 #error TLS_FFDHE3072_SUPPORT parameter is not valid
557 #ifndef TLS_FFDHE4096_SUPPORT
558 #define TLS_FFDHE4096_SUPPORT DISABLED
559 #elif (TLS_FFDHE4096_SUPPORT != ENABLED && TLS_FFDHE4096_SUPPORT != DISABLED)
560 #error TLS_FFDHE4096_SUPPORT parameter is not valid
564 #ifndef TLS_SECP160K1_SUPPORT
565 #define TLS_SECP160K1_SUPPORT DISABLED
566 #elif (TLS_SECP160K1_SUPPORT != ENABLED && TLS_SECP160K1_SUPPORT != DISABLED)
567 #error TLS_SECP160K1_SUPPORT parameter is not valid
571 #ifndef TLS_SECP160R1_SUPPORT
572 #define TLS_SECP160R1_SUPPORT DISABLED
573 #elif (TLS_SECP160R1_SUPPORT != ENABLED && TLS_SECP160R1_SUPPORT != DISABLED)
574 #error TLS_SECP160R1_SUPPORT parameter is not valid
578 #ifndef TLS_SECP160R2_SUPPORT
579 #define TLS_SECP160R2_SUPPORT DISABLED
580 #elif (TLS_SECP160R2_SUPPORT != ENABLED && TLS_SECP160R2_SUPPORT != DISABLED)
581 #error TLS_SECP160R2_SUPPORT parameter is not valid
585 #ifndef TLS_SECP192K1_SUPPORT
586 #define TLS_SECP192K1_SUPPORT DISABLED
587 #elif (TLS_SECP192K1_SUPPORT != ENABLED && TLS_SECP192K1_SUPPORT != DISABLED)
588 #error TLS_SECP192K1_SUPPORT parameter is not valid
592 #ifndef TLS_SECP192R1_SUPPORT
593 #define TLS_SECP192R1_SUPPORT DISABLED
594 #elif (TLS_SECP192R1_SUPPORT != ENABLED && TLS_SECP192R1_SUPPORT != DISABLED)
595 #error TLS_SECP192R1_SUPPORT parameter is not valid
599 #ifndef TLS_SECP224K1_SUPPORT
600 #define TLS_SECP224K1_SUPPORT DISABLED
601 #elif (TLS_SECP224K1_SUPPORT != ENABLED && TLS_SECP224K1_SUPPORT != DISABLED)
602 #error TLS_SECP224K1_SUPPORT parameter is not valid
606 #ifndef TLS_SECP224R1_SUPPORT
607 #define TLS_SECP224R1_SUPPORT DISABLED
608 #elif (TLS_SECP224R1_SUPPORT != ENABLED && TLS_SECP224R1_SUPPORT != DISABLED)
609 #error TLS_SECP224R1_SUPPORT parameter is not valid
613 #ifndef TLS_SECP256K1_SUPPORT
614 #define TLS_SECP256K1_SUPPORT DISABLED
615 #elif (TLS_SECP256K1_SUPPORT != ENABLED && TLS_SECP256K1_SUPPORT != DISABLED)
616 #error TLS_SECP256K1_SUPPORT parameter is not valid
620 #ifndef TLS_SECP256R1_SUPPORT
621 #define TLS_SECP256R1_SUPPORT ENABLED
622 #elif (TLS_SECP256R1_SUPPORT != ENABLED && TLS_SECP256R1_SUPPORT != DISABLED)
623 #error TLS_SECP256R1_SUPPORT parameter is not valid
627 #ifndef TLS_SECP384R1_SUPPORT
628 #define TLS_SECP384R1_SUPPORT ENABLED
629 #elif (TLS_SECP384R1_SUPPORT != ENABLED && TLS_SECP384R1_SUPPORT != DISABLED)
630 #error TLS_SECP384R1_SUPPORT parameter is not valid
634 #ifndef TLS_SECP521R1_SUPPORT
635 #define TLS_SECP521R1_SUPPORT DISABLED
636 #elif (TLS_SECP521R1_SUPPORT != ENABLED && TLS_SECP521R1_SUPPORT != DISABLED)
637 #error TLS_SECP521R1_SUPPORT parameter is not valid
641 #ifndef TLS_BRAINPOOLP256R1_SUPPORT
642 #define TLS_BRAINPOOLP256R1_SUPPORT DISABLED
643 #elif (TLS_BRAINPOOLP256R1_SUPPORT != ENABLED && TLS_BRAINPOOLP256R1_SUPPORT != DISABLED)
644 #error TLS_BRAINPOOLP256R1_SUPPORT parameter is not valid
648 #ifndef TLS_BRAINPOOLP384R1_SUPPORT
649 #define TLS_BRAINPOOLP384R1_SUPPORT DISABLED
650 #elif (TLS_BRAINPOOLP384R1_SUPPORT != ENABLED && TLS_BRAINPOOLP384R1_SUPPORT != DISABLED)
651 #error TLS_BRAINPOOLP384R1_SUPPORT parameter is not valid
655 #ifndef TLS_BRAINPOOLP512R1_SUPPORT
656 #define TLS_BRAINPOOLP512R1_SUPPORT DISABLED
657 #elif (TLS_BRAINPOOLP512R1_SUPPORT != ENABLED && TLS_BRAINPOOLP512R1_SUPPORT != DISABLED)
658 #error TLS_BRAINPOOLP512R1_SUPPORT parameter is not valid
662 #ifndef TLS_X25519_SUPPORT
663 #define TLS_X25519_SUPPORT DISABLED
664 #elif (TLS_X25519_SUPPORT != ENABLED && TLS_X25519_SUPPORT != DISABLED)
665 #error TLS_X25519_SUPPORT parameter is not valid
669 #ifndef TLS_X448_SUPPORT
670 #define TLS_X448_SUPPORT DISABLED
671 #elif (TLS_X448_SUPPORT != ENABLED && TLS_X448_SUPPORT != DISABLED)
672 #error TLS_X448_SUPPORT parameter is not valid
676 #ifndef TLS_ED25519_SUPPORT
677 #define TLS_ED25519_SUPPORT ENABLED
678 #elif (TLS_ED25519_SUPPORT != ENABLED && TLS_ED25519_SUPPORT != DISABLED)
679 #error TLS_ED25519_SUPPORT parameter is not valid
683 #ifndef TLS_ED448_SUPPORT
684 #define TLS_ED448_SUPPORT DISABLED
685 #elif (TLS_ED448_SUPPORT != ENABLED && TLS_ED448_SUPPORT != DISABLED)
686 #error TLS_ED448_SUPPORT parameter is not valid
690 #ifndef TLS_CERT_KEY_USAGE_SUPPORT
691 #define TLS_CERT_KEY_USAGE_SUPPORT ENABLED
692 #elif (TLS_CERT_KEY_USAGE_SUPPORT != ENABLED && TLS_CERT_KEY_USAGE_SUPPORT != DISABLED)
693 #error TLS_CERT_KEY_USAGE_SUPPORT parameter is not valid
697 #ifndef TLS_KEY_LOG_SUPPORT
698 #define TLS_KEY_LOG_SUPPORT DISABLED
699 #elif (TLS_KEY_LOG_SUPPORT != ENABLED && TLS_KEY_LOG_SUPPORT != DISABLED)
700 #error TLS_KEY_LOG_SUPPORT parameter is not valid
704 #ifndef TLS_MAX_SERVER_NAME_LEN
705 #define TLS_MAX_SERVER_NAME_LEN 255
706 #elif (TLS_MAX_SERVER_NAME_LEN < 1)
707 #error TLS_MAX_SERVER_NAME_LEN parameter is not valid
711 #ifndef TLS_MIN_DH_MODULUS_SIZE
712 #define TLS_MIN_DH_MODULUS_SIZE 1024
713 #elif (TLS_MIN_DH_MODULUS_SIZE < 512)
714 #error TLS_MIN_DH_MODULUS_SIZE parameter is not valid
718 #ifndef TLS_MAX_DH_MODULUS_SIZE
719 #define TLS_MAX_DH_MODULUS_SIZE 4096
720 #elif (TLS_MAX_DH_MODULUS_SIZE < TLS_MIN_DH_MODULUS_SIZE)
721 #error TLS_MAX_DH_MODULUS_SIZE parameter is not valid
725 #ifndef TLS_MIN_RSA_MODULUS_SIZE
726 #define TLS_MIN_RSA_MODULUS_SIZE 1024
727 #elif (TLS_MIN_RSA_MODULUS_SIZE < 512)
728 #error TLS_MIN_RSA_MODULUS_SIZE parameter is not valid
732 #ifndef TLS_MAX_RSA_MODULUS_SIZE
733 #define TLS_MAX_RSA_MODULUS_SIZE 4096
734 #elif (TLS_MAX_RSA_MODULUS_SIZE < TLS_MIN_RSA_MODULUS_SIZE)
735 #error TLS_MAX_RSA_MODULUS_SIZE parameter is not valid
739 #ifndef TLS_MIN_DSA_MODULUS_SIZE
740 #define TLS_MIN_DSA_MODULUS_SIZE 1024
741 #elif (TLS_MIN_DSA_MODULUS_SIZE < 512)
742 #error TLS_MIN_DSA_MODULUS_SIZE parameter is not valid
746 #ifndef TLS_MAX_DSA_MODULUS_SIZE
747 #define TLS_MAX_DSA_MODULUS_SIZE 4096
748 #elif (TLS_MAX_DSA_MODULUS_SIZE < TLS_MIN_DSA_MODULUS_SIZE)
749 #error TLS_MAX_DSA_MODULUS_SIZE parameter is not valid
753 #ifndef TLS_PREMASTER_SECRET_SIZE
754 #define TLS_PREMASTER_SECRET_SIZE 256
755 #elif (TLS_PREMASTER_SECRET_SIZE < 48)
756 #error TLS_PREMASTER_SECRET_SIZE parameter is not valid
760 #ifndef TLS_MAX_WARNING_ALERTS
761 #define TLS_MAX_WARNING_ALERTS 0
762 #elif (TLS_MAX_WARNING_ALERTS < 0)
763 #error TLS_MAX_WARNING_ALERTS parameter is not valid
767 #ifndef TLS_MAX_EMPTY_RECORDS
768 #define TLS_MAX_EMPTY_RECORDS 0
769 #elif (TLS_MAX_EMPTY_RECORDS < 0)
770 #error TLS_MAX_EMPTY_RECORDS parameter is not valid
774 #ifndef TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES
775 #define TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES 0
776 #elif (TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES < 0)
777 #error TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES parameter is not valid
781 #ifndef TLS_MAX_KEY_UPDATE_MESSAGES
782 #define TLS_MAX_KEY_UPDATE_MESSAGES 0
783 #elif (TLS_MAX_KEY_UPDATE_MESSAGES < 0)
784 #error TLS_MAX_KEY_UPDATE_MESSAGES parameter is not valid
789 #define tlsAllocMem(size) osAllocMem(size)
794 #define tlsFreeMem(p) osFreeMem(p)
798 #if ((TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
799 (TLS_DH_ANON_KE_SUPPORT == ENABLED || TLS_DHE_RSA_KE_SUPPORT == ENABLED || \
800 TLS_DHE_DSS_KE_SUPPORT == ENABLED || TLS_DHE_PSK_KE_SUPPORT == ENABLED))
801 #define TLS_DH_SUPPORT ENABLED
802 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
803 (TLS13_DHE_KE_SUPPORT == ENABLED || TLS13_PSK_DHE_KE_SUPPORT == ENABLED))
804 #define TLS_DH_SUPPORT ENABLED
806 #define TLS_DH_SUPPORT DISABLED
810 #if ((TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
811 (TLS_ECDH_ANON_KE_SUPPORT == ENABLED || TLS_ECDHE_RSA_KE_SUPPORT == ENABLED || \
812 TLS_ECDHE_ECDSA_KE_SUPPORT == ENABLED || TLS_ECDHE_PSK_KE_SUPPORT == ENABLED))
813 #define TLS_ECDH_SUPPORT ENABLED
814 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
815 (TLS13_ECDHE_KE_SUPPORT == ENABLED || TLS13_PSK_ECDHE_KE_SUPPORT == ENABLED))
816 #define TLS_ECDH_SUPPORT ENABLED
818 #define TLS_ECDH_SUPPORT DISABLED
822 #if ((TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
823 (TLS_RSA_SIGN_SUPPORT == ENABLED || TLS_RSA_PSS_SIGN_SUPPORT == ENABLED || \
824 TLS_RSA_KE_SUPPORT == ENABLED || TLS_DHE_RSA_KE_SUPPORT == ENABLED || \
825 TLS_ECDHE_RSA_KE_SUPPORT == ENABLED || TLS_RSA_PSK_KE_SUPPORT == ENABLED))
826 #define TLS_RSA_SUPPORT ENABLED
827 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
828 (TLS_RSA_SIGN_SUPPORT == ENABLED || TLS_RSA_PSS_SIGN_SUPPORT == ENABLED))
829 #define TLS_RSA_SUPPORT ENABLED
831 #define TLS_RSA_SUPPORT DISABLED
835 #if ((TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
836 (TLS_PSK_KE_SUPPORT == ENABLED || TLS_RSA_PSK_KE_SUPPORT == ENABLED || \
837 TLS_DHE_PSK_KE_SUPPORT == ENABLED || TLS_ECDHE_PSK_KE_SUPPORT == ENABLED))
838 #define TLS_PSK_SUPPORT ENABLED
839 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
840 (TLS13_PSK_KE_SUPPORT == ENABLED || TLS13_PSK_DHE_KE_SUPPORT == ENABLED || \
841 TLS13_PSK_ECDHE_KE_SUPPORT == ENABLED))
842 #define TLS_PSK_SUPPORT ENABLED
844 #define TLS_PSK_SUPPORT DISABLED
848 #if (TLS_SHA384_SUPPORT == ENABLED)
849 #define TLS_MAX_HKDF_DIGEST_SIZE 48
851 #define TLS_MAX_HKDF_DIGEST_SIZE 32
855 #define tlsSetSocket(context, socket) tlsSetSocketCallbacks(context, \
856 (TlsSocketSendCallback) socketSend, (TlsSocketReceiveCallback) socketReceive, \
857 (TlsSocketHandle) socket)
860 #define TLS_MIN_RECORD_LENGTH 512
862 #define TLS_MAX_RECORD_LENGTH 16384
864 #define TLS_MAX_RECORD_OVERHEAD 512
866 #define TLS_RANDOM_SIZE 32
868 #define TLS_MASTER_SECRET_SIZE 48
939 #define TLS_FLAG_BREAK(c) (TLS_FLAG_BREAK_CHAR | LSB(c))
1359 #if defined(__CWCC__) || defined(_WIN32)
1360 #pragma pack(push, 1)
1368 typedef __start_packed
struct
1378 typedef __start_packed
struct
1389 typedef __start_packed
struct
1400 typedef __start_packed
struct
1411 typedef __start_packed
struct
1422 typedef __start_packed
struct
1433 typedef __start_packed
struct
1444 typedef __start_packed
struct
1456 typedef __start_packed
struct
1467 typedef __start_packed
struct
1478 typedef __start_packed
struct
1490 typedef __start_packed
struct
1501 typedef __start_packed
struct
1512 typedef __start_packed
struct
1523 typedef __start_packed
struct
1534 typedef __start_packed
struct
1545 typedef __start_packed
struct
1556 typedef __start_packed
struct
1567 typedef __start_packed
struct
1578 typedef __start_packed
struct
1589 typedef __start_packed
struct
1600 typedef __start_packed
struct
1612 typedef __start_packed
struct
1625 typedef __start_packed
struct
1644 typedef __start_packed
struct
1657 typedef __start_packed
struct
1684 typedef __start_packed
struct
1716 typedef __start_packed
struct
1735 typedef __start_packed
struct
1745 typedef __start_packed
struct
1756 typedef __start_packed
struct
1763 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
1770 #if defined(__CWCC__) || defined(_WIN32)
1803 const char_t *selectedProtocol);
1811 const uint8_t *pskIdentity,
size_t pskIdentityLen);
1827 const uint8_t *rawPublicKey,
size_t rawPublicKeyLen);
1835 const uint8_t *plaintext,
size_t plaintextLen, uint8_t *ciphertext,
1836 size_t *ciphertextLen,
void *param);
1844 const uint8_t *ciphertext,
size_t ciphertextLen, uint8_t *plaintext,
1845 size_t *plaintextLen,
void *param);
1910 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
1917 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
1925 #if (TLS_SNI_SUPPORT == ENABLED)
1973 #if (TLS_MAX_FRAG_LEN_SUPPORT == ENABLED)
1976 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
1979 #if (TLS_ALPN_SUPPORT == ENABLED)
1982 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
1988 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
1991 #if (TLS_TICKET_SUPPORT == ENABLED)
1994 #if (TLS_SECURE_RENEGOTIATION_SUPPORT == ENABLED)
1997 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
2031 #if (TLS_GCM_CIPHER_SUPPORT == ENABLED)
2035 #if (DTLS_SUPPORT == ENABLED)
2039 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
2073 #if (TLS_ECC_CALLBACK_SUPPORT == ENABLED)
2150 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_0)
2151 size_t txLastRecordLen;
2154 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_1)
2158 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
2165 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
2169 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
2205 #if (TLS_DH_SUPPORT == ENABLED)
2209 #if (TLS_ECDH_SUPPORT == ENABLED)
2214 #if (TLS_RSA_SUPPORT == ENABLED)
2218 #if (TLS_DSA_SIGN_SUPPORT == ENABLED)
2222 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED || TLS_EDDSA_SIGN_SUPPORT == ENABLED)
2227 #if (TLS_PSK_SUPPORT == ENABLED)
2237 #if (TLS_MAX_FRAG_LEN_SUPPORT == ENABLED)
2242 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
2247 #if (TLS_ALPN_SUPPORT == ENABLED)
2254 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
2258 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
2266 #if (TLS_TICKET_SUPPORT == ENABLED)
2275 #if (TLS_SECURE_RENEGOTIATION_SUPPORT == ENABLED)
2280 #if (TLS_FALLBACK_SCSV_SUPPORT == ENABLED)
2284 #if (TLS_KEY_LOG_SUPPORT == ENABLED)
2288 #if (TLS_MAX_WARNING_ALERTS > 0)
2292 #if (TLS_MAX_EMPTY_RECORDS > 0)
2296 #if (TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES > 0)
2297 uint_t changeCipherSpecCount;
2300 #if (TLS_MAX_KEY_UPDATE_MESSAGES > 0)
2304 #if (DTLS_SUPPORT == ENABLED)
2326 #if (DTLS_REPLAY_DETECTION_SUPPORT == ENABLED)
2345 uint16_t versionMax);
2362 size_t rxBufferSize);
2405 size_t certChainLen,
const char_t *privateKey,
size_t privateKeyLen);
General definitions for cryptographic algorithms.
CipherMode
Cipher operation modes.
Diffie-Hellman key exchange.
DSA (Digital Signature Algorithm)
DTLS (Datagram Transport Layer Security)
error_t(* DtlsCookieGenerateCallback)(TlsContext *context, const DtlsClientParameters *clientParams, uint8_t *cookie, size_t *length, void *param)
DTLS cookie generation callback function.
__start_packed struct @222 DtlsSequenceNumber
Sequence number.
error_t(* DtlsCookieVerifyCallback)(TlsContext *context, const DtlsClientParameters *clientParams, const uint8_t *cookie, size_t length, void *param)
DTLS cookie verification callback function.
#define DTLS_REPLAY_WINDOW_SIZE
ECDH (Elliptic Curve Diffie-Hellman) key exchange.
ECDSA (Elliptic Curve Digital Signature Algorithm)
Galois/Counter Mode (GCM)
HMAC (Keyed-Hashing for Message Authentication)
__start_packed struct _Ipv4Header __end_packed
uint32_t systime_t
System time.
RSA public-key cryptography standard.
systime_t ticketTimestamp
Timestamp to manage ticket lifetime.
bool_t resume
The connection is established by resuming a session.
bool_t sessionTicketEnabled
Session ticket mechanism enabled.
size_t maxEarlyDataSize
Maximum amount of 0-RTT data that the client is allowed to send.
size_t rxFragQueueLen
Length of the reassembly queue.
size_t maxFragLen
Maximum plaintext fragment length.
size_t trustedCaListLen
Number of trusted CA in the list.
void * ticketParam
Opaque pointer passed to the ticket callbacks.
TlsPskCallback pskCallback
PSK callback function.
TlsKeyExchMethod keyExchMethod
Key exchange method.
HashContext * transcriptHashContext
Hash context used to compute verify data.
uint_t numCerts
Number of certificates available.
TlsRpkVerifyCallback rpkVerifyCallback
Raw public key verification callback function.
bool_t ecPointFormatsExtReceived
The EcPointFormats extension has been received.
uint8_t serverHsTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
TlsSocketHandle socketHandle
Socket handle.
bool_t sessionTicketExtReceived
The SessionTicket extension has been received.
bool_t earlyDataEnabled
EarlyData is enabled.
bool_t unknownProtocolsAllowed
Unknown ALPN protocols allowed.
uint16_t rxRecordVersion
Version of the incoming record.
bool_t sessionTicketExtSent
The SessionTicket extension has been sent.
TlsCertVerifyCallback certVerifyCallback
Certificate verification callback function.
TlsAlpnCallback alpnCallback
ALPN callback function.
uint16_t versionMax
Maximum version accepted by the implementation.
size_t ticketPskLen
Length of the PSK associated with the ticket.
void * cookieParam
Opaque pointer passed to the cookie callbacks.
size_t recordSizeLimit
Maximum record size the peer is willing to receive.
bool_t maxFragLenExtReceived
The MaxFragmentLength extension has been received.
bool_t earlyDataExtReceived
The EarlyData extension has been received.
bool_t updatedClientHelloReceived
An updated ClientHello message has been received.
uint32_t replayWindow[(DTLS_REPLAY_WINDOW_SIZE+31)/32]
uint16_t namedGroup
ECDHE or FFDHE named group.
uint16_t txMsgSeq
Send sequence number.
uint8_t clientAppTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
DhContext dhContext
Diffie-Hellman context.
uint8_t sessionId[32]
Session identifier.
bool_t fatalAlertSent
A fatal alert message has been sent.
char_t * pskIdentityHint
PSK identity hint.
TlsTransportProtocol transportProtocol
Transport protocol (stream or datagram)
TlsClientAuthMode clientAuthMode
Client authentication mode.
uint8_t serverAppTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
systime_t retransmitTimeout
Retransmission timeout.
TlsCipherSuiteInfo cipherSuite
Negotiated cipher suite.
int_t selectedIdentity
Selected PSK identity.
size_t sessionIdLen
Length of the session identifier.
TlsEcdsaSignCallback ecdsaSignCallback
TlsCache * cache
TLS session cache.
size_t pskLen
Length of the pre-shared key, in bytes.
Sha1Context * transcriptSha1Context
SHA-1 context used to compute verify data.
size_t txBufferMaxLen
Maximum number of plaintext data the TX buffer can hold.
const PrngAlgo * prngAlgo
Pseudo-random number generator to be used.
bool_t secureRenegoFlag
Secure renegotiation flag.
EcDomainParameters peerEcParams
Peer's EC domain parameters.
bool_t closeNotifyReceived
A closure alert has been received from the peer.
size_t txBufferPos
Current position in TX buffer.
uint8_t masterSecret[TLS_MASTER_SECRET_SIZE]
Master secret.
size_t certRequestContextLen
Length of the certificate request context.
TlsCertificateFormat certFormat
Certificate format.
uint16_t pskCipherSuite
Cipher suite associated with the PSK.
size_t txBufferSize
TX buffer size.
TlsEncryptionEngine decryptionEngine
Decryption engine.
size_t txBufferLen
Number of bytes that are pending to be sent.
bool_t clientCertRequested
This flag tells whether the client certificate is requested.
TlsContentType txBufferType
Type of data that resides in the TX buffer.
TlsCertificateType peerCertType
Peer's certificate type.
RsaPublicKey peerRsaPublicKey
Peer's RSA public key.
TlsContentType rxBufferType
Type of data that resides in the RX buffer.
uint16_t ticketCipherSuite
Cipher suite associated with the ticket.
uint8_t * rxBuffer
RX buffer.
bool_t recordSizeLimitExtReceived
The RecordSizeLimit extension has been received.
bool_t fallbackScsvEnabled
Support for FALLBACK_SCSV.
uint_t numSupportedGroups
Number of named groups in the list.
TlsHashAlgo signHashAlgo
Hash algorithm used for signing.
size_t ticketLen
Length of the session ticket.
char_t * pskIdentity
PSK identity.
size_t earlyDataLen
Total amount of 0-RTT data that have been sent by the client.
TlsEncryptionEngine encryptionEngine
Encryption engine.
uint8_t serverRandom[TLS_RANDOM_SIZE]
Server random value.
uint8_t exporterMasterSecret[TLS_MAX_HKDF_DIGEST_SIZE]
TlsKeyLogCallback keyLogCallback
Key logging callback (for debugging purpose only)
uint16_t preferredGroup
Preferred ECDHE or FFDHE named group.
uint8_t premasterSecret[TLS_PREMASTER_SECRET_SIZE]
Premaster secret.
bool_t replayDetectionEnabled
Anti-replay mechanism enabled.
uint16_t clientVersion
Latest version supported by the client.
uint_t retransmitCount
Retransmission counter.
char_t * selectedProtocol
Selected ALPN protocol.
TlsCertDesc * cert
Pointer to the currently selected certificate.
char_t * protocolList
List of supported ALPN protocols.
bool_t emsExtReceived
The ExtendedMasterSecret extension has been received.
uint16_t versionMin
Minimum version accepted by the implementation.
DsaPublicKey peerDsaPublicKey
Peer's DSA public key.
const char_t * trustedCaList
List of trusted CA (PEM format)
TlsCertDesc certs[TLS_MAX_CERTIFICATES]
End entity certificates (PEM format)
uint32_t ticketNonce
A per-ticket value that is unique across all tickets issued.
TlsTicketDecryptCallback ticketDecryptCallback
Ticket decryption callback function.
uint8_t serverVerifyData[64]
Server verify data.
uint8_t * txBuffer
TX buffer.
size_t txRecordLen
Length of the TLS record.
bool_t clientCertTypeExtReceived
The ClientCertType extension has been received.
size_t txDatagramLen
Length of the outgoing datagram, in bytes.
uint8_t clientVerifyData[64]
Client verify data.
size_t rxBufferLen
Number of bytes available for reading.
TlsCertificateFormat peerCertFormat
Peer's certificate format.
uint8_t ticketPsk[TLS_MAX_HKDF_DIGEST_SIZE]
PSK associated with the ticket.
size_t rxBufferSize
RX buffer size.
TlsEcdsaVerifyCallback ecdsaVerifyCallback
TlsConnectionEnd entity
Client or server operation.
DtlsCookieVerifyCallback cookieVerifyCallback
Cookie verification callback function.
size_t txRecordPos
Current position in the TLS record.
TlsState state
TLS handshake finite state machine.
uint16_t version
Negotiated TLS version.
void * certVerifyParam
Opaque pointer passed to the certificate verification callback.
systime_t retransmitTimestamp
Time at which the datagram was sent.
bool_t fatalAlertReceived
A fatal alert message has been received from the peer.
systime_t timeout
Timeout for blocking calls.
size_t rxBufferPos
Current position in RX buffer.
uint8_t * ticket
Session ticket.
bool_t earlyDataRejected
The 0-RTT data have been rejected by the server.
uint8_t clientEarlyTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
uint8_t clientRandom[TLS_RANDOM_SIZE]
Client random value.
bool_t closeNotifySent
A closure alert has been sent.
size_t rxDatagramLen
Length of the incoming datagram, in bytes.
HmacContext hmacContext
HMAC context.
size_t serverVerifyDataLen
Length of the server verify data.
uint8_t secret[TLS_MAX_HKDF_DIGEST_SIZE]
const uint16_t * cipherSuites
List of supported cipher suites.
uint32_t ticketAgeAdd
Random value used to obscure the age of the ticket.
bool_t serverCertTypeExtReceived
The ServerCertType extension has been received.
size_t cookieLen
Length of the cookie.
EcdhContext ecdhContext
ECDH context.
char_t * ticketAlpn
ALPN protocol associated with the ticket.
size_t rxRecordLen
Length of the TLS record.
TlsEcdhCallback ecdhCallback
TlsSignatureAlgo signAlgo
Signature algorithm to be used.
TlsEncryptionEngine prevEncryptionEngine
bool_t secureRenegoEnabled
Secure renegotiation enabled.
TlsSocketReceiveCallback socketReceiveCallback
Socket receive callback function.
TlsTicketEncryptCallback ticketEncryptCallback
Ticket encryption callback function.
char_t * serverName
Fully qualified DNS hostname of the server.
TlsHashAlgo ticketHashAlgo
Hash algorithm associated with the ticket.
size_t clientVerifyDataLen
Length of the client verify data.
uint8_t resumptionMasterSecret[TLS_MAX_HKDF_DIGEST_SIZE]
uint32_t ticketLifetime
Lifetime of the ticket.
bool_t pskKeModeSupported
PSK key establishment supported by the client.
uint16_t rxMsgSeq
Next receive sequence number.
TlsHashAlgo pskHashAlgo
Hash algorithm associated with the PSK.
size_t premasterSecretLen
Length of the premaster secret.
uint_t numCipherSuites
Number of cipher suites in the list.
size_t rxBufferMaxLen
Maximum number of plaintext data the RX buffer can hold.
DtlsCookieGenerateCallback cookieGenerateCallback
Cookie generation callback function.
TlsSequenceNumber earlyDataSeqNum
Early data sequence number.
EcPublicKey peerEcPublicKey
Peer's EC public key.
uint8_t * psk
Pre-shared key.
uint8_t * certRequestContext
Certificate request context.
const uint16_t * supportedGroups
List of supported named groups.
TlsSocketSendCallback socketSendCallback
Socket send callback function.
systime_t clientHelloTimestamp
Time at which the ClientHello message was sent.
void * prngContext
Pseudo-random number generator context.
size_t rxRecordPos
Current position in the TLS record.
uint8_t keyBlock[192]
Key material.
uint8_t clientHsTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
uint_t newSessionTicketCount
Number of NewSessionTicket messages that have been sent.
CipherMode cipherMode
Cipher mode of operation.
GcmContext * gcmContext
GCM context.
size_t macKeyLen
Length of the MAC key.
HmacContext * hmacContext
HMAC context.
size_t recordSizeLimit
Maximum size of record in octets.
const HashAlgo * hashAlgo
Hash algorithm for MAC operations.
size_t fixedIvLen
Length of the fixed part of the IV.
uint8_t encKey[48]
Encryption key.
uint8_t iv[16]
Initialization vector.
const CipherAlgo * cipherAlgo
Cipher algorithm.
DtlsSequenceNumber dtlsSeqNum
Record sequence number.
size_t authTagLen
Length of the authentication tag.
uint16_t version
Negotiated TLS version.
TlsSequenceNumber seqNum
TLS sequence number.
void * cipherContext
Cipher context.
size_t encKeyLen
Length of the encryption key.
uint8_t macKey[48]
MAC key.
size_t recordIvLen
Length of the IV.
uint16_t epoch
Counter value incremented on every cipher state change.
Common interface for encryption algorithms.
Common interface for hash algorithms.
Common interface for pseudo-random number generators.
uint_t size
Maximum number of entries.
OsMutex mutex
Mutex preventing simultaneous access to the cache.
const char_t * privateKey
Private key (PEM format)
TlsNamedGroup namedCurve
Named curve used to generate the EC public key.
TlsHashAlgo hashAlgo
Hash algorithm used to sign the end entity certificate.
size_t privateKeyLen
Length of the private key.
size_t certChainLen
Length of the certificate chain.
const char_t * certChain
End entity certificate chain (PEM format)
TlsCertificateType type
End entity certificate type.
TlsSignatureAlgo signAlgo
Signature algorithm used to sign the end entity certificate.
Structure describing a cipher suite.
TlsKeyExchMethod keyExchMethod
const HashAlgo * hashAlgo
const CipherAlgo * cipherAlgo
const HashAlgo * prfHashAlgo
const TlsExtension * serverCertType
const TlsSupportedGroupList * supportedGroupList
SupportedGroups extension.
const Tls13KeyShareEntry * serverShare
KeyShare extension (ServerHello)
const TlsExtension * clientCertType
const TlsExtension * recordSizeLimit
RecordSizeLimit extension.
const TlsCertTypeList * serverCertTypeList
ServerCertType extension.
const TlsExtension * selectedGroup
KeyShare extension (HelloRetryRequest)
const TlsExtension * sessionTicket
SessionTicket extension.
const Tls13PskIdentityList * identityList
PreSharedKey extension (ClientHello)
const Tls13PskKeModeList * pskKeModeList
PskKeyExchangeModes extension.
const Tls13KeyShareList * keyShareList
KeyShare extension (ClientHello)
const TlsSupportedVersionList * supportedVersionList
SupportedVersions extension (ClientHello)
const Tls13PskBinderList * binderList
const Tls13Cookie * cookie
Cookie extension.
const TlsExtension * extendedMasterSecret
ExtendedMasterSecret extension.
const TlsServerNameList * serverNameList
ServerName extension.
const TlsSignHashAlgos * signAlgoList
SignatureAlgorithms extension.
const TlsExtension * earlyDataIndication
EarlyData extension.
const TlsExtension * maxFragLen
MaxFragmentLength extension.
const TlsProtocolNameList * protocolNameList
ALPN extension.
const TlsEcPointFormatList * ecPointFormatList
EcPointFormats extension.
const TlsCertTypeList * clientCertTypeList
ClientCertType extension.
const TlsExtension * selectedVersion
SupportedVersions extension (ServerHello)
const TlsRenegoInfo * renegoInfo
RenegotiationInfo extension.
const TlsExtension * selectedIdentity
PreSharedKey extension (ServerHello)
const TlsSignHashAlgos * certSignAlgoList
SignatureAlgorithmsCert extension.
systime_t ticketTimestamp
Timestamp to manage ticket lifetime.
systime_t timestamp
Time stamp to manage entry lifetime.
size_t sessionIdLen
Length of the session identifier.
size_t ticketLen
Length of the session ticket.
uint32_t maxEarlyDataSize
Maximum amount of 0-RTT data that the client is allowed to send.
uint16_t version
TLS protocol version.
uint8_t * ticket
Session ticket.
uint16_t cipherSuite
Cipher suite identifier.
uint32_t ticketAgeAdd
Random value used to obscure the age of the ticket.
char_t * ticketAlpn
ALPN protocol associated with the ticket.
char_t * serverName
ServerName extension.
TlsHashAlgo ticketHashAlgo
Hash algorithm associated with the ticket.
uint32_t ticketLifetime
Lifetime of the ticket.
bool_t extendedMasterSecret
Extended master secret computation.
TLS 1.3 helper functions.
__start_packed struct @259 Tls13Cookie
Cookie.
__start_packed struct @266 Tls13PskBinderList
List of PSK binders.
__start_packed struct @261 Tls13KeyShareList
List of key shares.
__start_packed struct @262 Tls13PskKeModeList
List of PSK key exchange modes.
__start_packed struct @260 Tls13KeyShareEntry
Key share entry.
__start_packed struct @264 Tls13PskIdentityList
List of PSK identities.
systime_t ticketTimestamp
Timestamp to manage ticket lifetime.
__start_packed struct @232 TlsSignHashAlgos
List of signature algorithms.
uint8_t secret[48]
Master secret.
@ TLS_STATE_SERVER_CHANGE_CIPHER_SPEC
@ TLS_STATE_SERVER_CERTIFICATE
@ TLS_STATE_CLIENT_CERTIFICATE_VERIFY
@ TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2
@ TLS_STATE_SERVER_CERTIFICATE_VERIFY
@ TLS_STATE_SERVER_HELLO_2
@ TLS_STATE_HELLO_VERIFY_REQUEST
@ TLS_STATE_CLIENT_FINISHED
@ TLS_STATE_CLIENT_APP_TRAFFIC_KEYS
@ TLS_STATE_SERVER_APP_TRAFFIC_KEYS
@ TLS_STATE_SERVER_FINISHED
@ TLS_STATE_CLIENT_HELLO_2
@ TLS_STATE_APPLICATION_DATA
@ TLS_STATE_SERVER_KEY_EXCHANGE
@ TLS_STATE_NEW_SESSION_TICKET
@ TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC_2
@ TLS_STATE_HELLO_RETRY_REQUEST
@ TLS_STATE_END_OF_EARLY_DATA
@ TLS_STATE_SERVER_HELLO_3
@ TLS_STATE_SERVER_HELLO_DONE
@ TLS_STATE_CERTIFICATE_REQUEST
@ TLS_STATE_HANDSHAKE_TRAFFIC_KEYS
@ TLS_STATE_CLIENT_KEY_EXCHANGE
@ TLS_STATE_CLIENT_CERTIFICATE
@ TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC
@ TLS_STATE_ENCRYPTED_EXTENSIONS
error_t tlsSetEcdsaSignCallback(TlsContext *context, TlsEcdsaSignCallback ecdsaSignCallback)
ECDSA signature generation callback function.
error_t tlsRestoreSessionState(TlsContext *context, const TlsSessionState *session)
Restore TLS session.
error_t tlsSetPskIdentity(TlsContext *context, const char_t *pskIdentity)
Set the PSK identity to be used by the client.
uint8_t certificateTypesLen
error_t tlsSetTicketCallbacks(TlsContext *context, TlsTicketEncryptCallback ticketEncryptCallback, TlsTicketDecryptCallback ticketDecryptCallback, void *param)
Set ticket encryption/decryption callbacks.
error_t tlsConnect(TlsContext *context)
Initiate the TLS handshake.
TlsKeyExchMethod
Key exchange methods.
@ TLS_KEY_EXCH_ECDHE_ECDSA
@ TLS_KEY_EXCH_SRP_SHA_DSS
@ TLS_KEY_EXCH_SRP_SHA_RSA
@ TLS_KEY_EXCH_ECDH_ECDSA
@ TLS13_KEY_EXCH_PSK_ECDHE
TlsEarlyDataStatus tlsGetEarlyDataStatus(TlsContext *context)
Check whether the server has accepted or rejected the early data.
TlsCertificateFormat
Certificate formats.
@ TLS_CERT_FORMAT_OPEN_PGP
@ TLS_CERT_FORMAT_RAW_PUBLIC_KEY
error_t tlsSaveSessionState(const TlsContext *context, TlsSessionState *session)
Save TLS session.
__start_packed struct @233 TlsCertificateList
List of certificates.
error_t tlsWrite(TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
Send application data to the remote host using TLS.
TlsAlertDescription
Alert description.
@ TLS_ALERT_CERTIFICATE_REVOKED
@ TLS_ALERT_ACCESS_DENIED
@ TLS_ALERT_BAD_CERTIFICATE
@ TLS_ALERT_UNSUPPORTED_EXTENSION
@ TLS_ALERT_UNEXPECTED_MESSAGE
@ TLS_ALERT_NO_RENEGOTIATION
@ TLS_ALERT_USER_CANCELED
@ TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE
@ TLS_ALERT_MISSING_EXTENSION
@ TLS_ALERT_NO_CERTIFICATE
@ TLS_ALERT_NO_APPLICATION_PROTOCOL
@ TLS_ALERT_CERTIFICATE_UNKNOWN
@ TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE
@ TLS_ALERT_INAPPROPRIATE_FALLBACK
@ TLS_ALERT_CERTIFICATE_REQUIRED
@ TLS_ALERT_PROTOCOL_VERSION
@ TLS_ALERT_BAD_RECORD_MAC
@ TLS_ALERT_EXPORT_RESTRICTION
@ TLS_ALERT_CERTIFICATE_EXPIRED
@ TLS_ALERT_DECOMPRESSION_FAILURE
@ TLS_ALERT_ILLEGAL_PARAMETER
@ TLS_ALERT_HANDSHAKE_FAILURE
@ TLS_ALERT_DECRYPTION_FAILED
@ TLS_ALERT_RECORD_OVERFLOW
@ TLS_ALERT_CERTIFICATE_UNOBTAINABLE
@ TLS_ALERT_INSUFFICIENT_SECURITY
@ TLS_ALERT_UNKNOWN_PSK_IDENTITY
@ TLS_ALERT_UNSUPPORTED_CERTIFICATE
@ TLS_ALERT_INTERNAL_ERROR
@ TLS_ALERT_UNRECOGNIZED_NAME
@ TLS_ALERT_DECRYPT_ERROR
error_t(* TlsCertVerifyCallback)(TlsContext *context, const X509CertificateInfo *certInfo, uint_t pathLen, void *param)
Certificate verification callback function.
error_t(* TlsEcdsaVerifyCallback)(TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
ECDSA signature verification callback function.
uint8_t certificateTypes[]
__start_packed struct @247 TlsPskIdentityHint
PSK identity hint.
__start_packed struct @258 TlsPlaintextSessionState
Session state information.
error_t tlsSetEcdhCallback(TlsContext *context, TlsEcdhCallback ecdhCallback)
Register ECDH key agreement callback function.
__start_packed struct @239 TlsServerNameList
List of server names.
#define TLS_MAX_CERTIFICATES
void TlsCertificateVerify
CertificateVerify message.
TlsTransportProtocol
TLS transport protocols.
@ TLS_TRANSPORT_PROTOCOL_STREAM
@ TLS_TRANSPORT_PROTOCOL_DATAGRAM
error_t tlsAddCertificate(TlsContext *context, const char_t *certChain, size_t certChainLen, const char_t *privateKey, size_t privateKeyLen)
Import a certificate and the corresponding private key.
__start_packed struct @255 TlsNewSessionTicket
NewSessionTicket message.
TlsCompressMethod
Compression methods.
@ TLS_COMPRESSION_METHOD_DEFLATE
@ TLS_COMPRESSION_METHOD_NULL
error_t(* TlsTicketEncryptCallback)(TlsContext *context, const uint8_t *plaintext, size_t plaintextLen, uint8_t *ciphertext, size_t *ciphertextLen, void *param)
Ticket encryption callback function.
TlsCache * tlsInitCache(uint_t size)
Session cache initialization.
__start_packed struct @228 TlsSequenceNumber
Sequence number.
error_t(* TlsAlpnCallback)(TlsContext *context, const char_t *selectedProtocol)
ALPN callback function.
error_t(* TlsSocketSendCallback)(TlsSocketHandle handle, const void *data, size_t length, size_t *written, uint_t flags)
Socket send callback function.
TlsEarlyDataStatus
Early data status.
@ TLS_EARLY_DATA_REJECTED
@ TLS_EARLY_DATA_ACCEPTED
__start_packed struct @238 TlsServerName
Server name.
void tlsFreeCache(TlsCache *cache)
Properly dispose a session cache.
error_t tlsEnableSessionTickets(TlsContext *context, bool_t enabled)
Enable session ticket mechanism.
error_t(* TlsPskCallback)(TlsContext *context, const uint8_t *pskIdentity, size_t pskIdentityLen)
Pre-shared key callback function.
__start_packed struct @234 TlsCertAuthorities
List of certificate authorities.
error_t tlsEnableReplayDetection(TlsContext *context, bool_t enabled)
Enable anti-replay mechanism (for DTLS only)
__start_packed struct @241 TlsProtocolNameList
List of protocol names.
error_t tlsSetSupportedGroups(TlsContext *context, const uint16_t *groups, uint_t length)
Specify the list of allowed ECDHE and FFDHE groups.
__start_packed struct @244 TlsCertTypeList
List of supported certificate types.
error_t(* TlsSocketReceiveCallback)(TlsSocketHandle handle, void *data, size_t size, size_t *received, uint_t flags)
Socket receive callback function.
TlsEcPointFormat
EC point formats.
@ TLS_EC_POINT_FORMAT_UNCOMPRESSED
@ TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_CHAR2
@ TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_PRIME
error_t tlsSetPrng(TlsContext *context, const PrngAlgo *prngAlgo, void *prngContext)
Set the pseudo-random number generator to be used.
error_t tlsSetCertificateVerifyCallback(TlsContext *context, TlsCertVerifyCallback certVerifyCallback, void *param)
Set certificate verification callback.
error_t tlsSetKeyLogCallback(TlsContext *context, TlsKeyLogCallback keyLogCallback)
Register key logging callback function (for debugging purpose only)
bool_t tlsIsTxReady(TlsContext *context)
Check whether some data is ready for transmission.
void TlsCertificate
Certificate message.
void * TlsSocketHandle
Socket handle.
void(* TlsKeyLogCallback)(TlsContext *context, const char_t *key)
Key logging callback function (for debugging purpose only)
__start_packed struct @242 TlsSupportedGroupList
List of supported groups.
__start_packed struct @252 TlsClientHello
ClientHello message.
void TlsHelloRequest
HelloRequest message.
TlsContext * tlsInit(void)
TLS context initialization.
void TlsFinished
Finished message.
__start_packed struct @243 TlsEcPointFormatList
List of supported EC point formats.
TlsClientAuthMode
Client authentication mode.
@ TLS_CLIENT_AUTH_REQUIRED
@ TLS_CLIENT_AUTH_OPTIONAL
__start_packed struct @236 TlsExtensionList
List of TLS extensions.
error_t tlsSetRpkVerifyCallback(TlsContext *context, TlsRpkVerifyCallback rpkVerifyCallback)
Register the raw public key verification callback function.
void TlsServerKeyExchange
ServerKeyExchange message.
error_t tlsRead(TlsContext *context, void *data, size_t size, size_t *received, uint_t flags)
Receive application data from a the remote host using TLS.
error_t tlsAllowUnknownAlpnProtocols(TlsContext *context, bool_t allowed)
Allow unknown ALPN protocols.
void tlsFreeSessionState(TlsSessionState *session)
Properly dispose a session state.
__start_packed struct @257 TlsAlert
Alert message.
error_t(* TlsEcdsaSignCallback)(TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
ECDSA signature generation callback function.
TlsContentType
Content type.
@ TLS_TYPE_CHANGE_CIPHER_SPEC
@ TLS_TYPE_APPLICATION_DATA
void TlsServerHelloDone
ServerHelloDone message.
error_t tlsSetPskIdentityHint(TlsContext *context, const char_t *pskIdentityHint)
Set the PSK identity hint to be used by the server.
error_t tlsSetVersion(TlsContext *context, uint16_t versionMin, uint16_t versionMax)
Set minimum and maximum versions permitted.
__start_packed struct @235 TlsExtension
TLS extension.
error_t tlsEnableSecureRenegotiation(TlsContext *context, bool_t enabled)
Enable secure renegotiation.
error_t tlsSetConnectionEnd(TlsContext *context, TlsConnectionEnd entity)
Set operation mode (client or server)
__start_packed struct @251 TlsHandshake
TLS handshake message.
void TlsClientKeyExchange
ClientKeyExchange message.
error_t tlsSetMaxFragmentLength(TlsContext *context, size_t maxFragLen)
Set maximum fragment length.
TlsExtensionType
TLS extension types.
@ TLS_EXT_RENEGOTIATION_INFO
@ TLS_EXT_SIGNATURE_ALGORITHMS_CERT
@ TLS_EXT_TRUSTED_CA_KEYS
@ TLS_EXT_CLIENT_CERTIFICATE_URL
@ TLS_EXT_MAX_FRAGMENT_LENGTH
@ TLS_EXT_CERTIFICATE_AUTHORITIES
@ TLS_EXT_POST_HANDSHAKE_AUTH
@ TLS_EXT_SERVER_CERT_TYPE
@ TLS_EXT_CLIENT_CERT_TYPE
@ TLS_EXT_ENCRYPT_THEN_MAC
@ TLS_EXT_SIGNATURE_ALGORITHMS
@ TLS_EXT_SUPPORTED_VERSIONS
@ TLS_EXT_EC_POINT_FORMATS
@ TLS_EXT_RECORD_SIZE_LIMIT
@ TLS_EXT_SUPPORTED_GROUPS
@ TLS_EXT_STATUS_REQUEST_V2
@ TLS_EXT_PSK_KEY_EXCHANGE_MODES
@ TLS_EXT_SIGNED_CERT_TIMESTAMP
@ TLS_EXT_EXTENDED_MASTER_SECRET
const char_t * tlsGetServerName(TlsContext *context)
Get the server name.
error_t tlsSetSocketCallbacks(TlsContext *context, TlsSocketSendCallback socketSendCallback, TlsSocketReceiveCallback socketReceiveCallback, TlsSocketHandle handle)
Set socket send and receive callbacks.
__start_packed struct @245 TlsRenegoInfo
Renegotiated connection.
__start_packed struct @250 TlsRecord
TLS record.
#define TLS_MAX_HKDF_DIGEST_SIZE
error_t tlsSetPsk(TlsContext *context, const uint8_t *psk, size_t length)
Set the pre-shared key to be used.
error_t tlsSetDhParameters(TlsContext *context, const char_t *params, size_t length)
Import Diffie-Hellman parameters.
TlsHashAlgo
Hash algorithms.
@ TLS_HASH_ALGO_INTRINSIC
TlsCertificateType
Certificate types.
@ TLS_CERT_DSS_EPHEMERAL_DH
@ TLS_CERT_ECDSA_FIXED_ECDH
@ TLS_CERT_RSA_EPHEMERAL_DH
@ TLS_CERT_RSA_FIXED_ECDH
TlsMaxFragmentLength
Maximum fragment length.
@ TLS_MAX_FRAGMENT_LENGTH_512
@ TLS_MAX_FRAGMENT_LENGTH_4096
@ TLS_MAX_FRAGMENT_LENGTH_2048
@ TLS_MAX_FRAGMENT_LENGTH_1024
__start_packed struct @254 TlsCertificateRequest
CertificateRequest message.
const char_t * tlsGetAlpnProtocol(TlsContext *context)
Get the name of the selected ALPN protocol.
error_t tlsSetPmtu(TlsContext *context, size_t pmtu)
Set PMTU value (for DTLS only)
error_t tlsShutdownEx(TlsContext *context, bool_t waitForCloseNotify)
Gracefully close TLS session.
error_t tlsEnableFallbackScsv(TlsContext *context, bool_t enabled)
Perform fallback retry (for clients only)
error_t(* TlsTicketDecryptCallback)(TlsContext *context, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen, void *param)
Ticket decryption callback function.
error_t tlsSetTrustedCaList(TlsContext *context, const char_t *trustedCaList, size_t length)
Import a trusted CA list.
error_t tlsSetEcdsaVerifyCallback(TlsContext *context, TlsEcdsaVerifyCallback ecdsaVerifyCallback)
Register ECDSA signature verification callback function.
__start_packed struct @237 TlsSupportedVersionList
List of supported versions.
__start_packed struct @253 TlsServerHello
ServerHello message.
TlsFlags
Flags used by read and write functions.
error_t tlsSetServerName(TlsContext *context, const char_t *serverName)
Set the server name.
error_t(* TlsRpkVerifyCallback)(TlsContext *context, const uint8_t *rawPublicKey, size_t rawPublicKeyLen)
Raw public key verification callback function.
#define TLS_PREMASTER_SECRET_SIZE
uint16_t version
Protocol version.
TlsState tlsGetState(TlsContext *context)
Retrieve current state.
TlsSignatureAlgo
Signature algorithms.
@ TLS_SIGN_ALGO_ECDSA_BRAINPOOLP512R1_TLS13_SHA512
@ TLS_SIGN_ALGO_RSA_PSS_PSS_SHA512
@ TLS_SIGN_ALGO_ECDSA_BRAINPOOLP256R1_TLS13_SHA256
@ TLS_SIGN_ALGO_GOSTR34102012_512
@ TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA512
@ TLS_SIGN_ALGO_ECDSA_BRAINPOOLP384R1_TLS13_SHA384
@ TLS_SIGN_ALGO_RSA_PSS_PSS_SHA256
@ TLS_SIGN_ALGO_ANONYMOUS
@ TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA256
@ TLS_SIGN_ALGO_RSA_PSS_PSS_SHA384
@ TLS_SIGN_ALGO_GOSTR34102012_256
@ TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA384
TlsSignHashAlgo algorithm
error_t tlsWriteEarlyData(TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
Send early data to the remote TLS server.
error_t tlsSetBufferSize(TlsContext *context, size_t txBufferSize, size_t rxBufferSize)
Set TLS buffer size.
error_t tlsSetPreferredGroup(TlsContext *context, uint16_t group)
Specify the preferred ECDHE or FFDHE group.
uint16_t cipherSuite
Cipher suite identifier.
error_t tlsSetCookieCallbacks(TlsContext *context, DtlsCookieGenerateCallback cookieGenerateCallback, DtlsCookieVerifyCallback cookieVerifyCallback, void *param)
Set cookie generation/verification callbacks (for DTLS only)
TlsAlertLevel
Alert level.
@ TLS_ALERT_LEVEL_WARNING
TlsConnectionEnd
TLS connection end.
@ TLS_CONNECTION_END_SERVER
@ TLS_CONNECTION_END_CLIENT
error_t(* TlsEcdhCallback)(TlsContext *context)
ECDH key agreement callback function.
__start_packed struct @231 TlsSignHashAlgo
Signature algorithm.
__start_packed struct @230 TlsCompressMethods
Compression methods.
__start_packed struct @249 Tls12DigitalSignature
Digitally-signed element (TLS 1.2)
#define TlsEncryptionEngine
__start_packed struct @240 TlsProtocolName
Protocol name.
__start_packed struct @246 TlsPskIdentity
PSK identity.
error_t tlsSetCipherSuites(TlsContext *context, const uint16_t *cipherSuites, uint_t length)
Specify the list of allowed cipher suites.
#define TLS_MASTER_SECRET_SIZE
bool_t tlsIsRxReady(TlsContext *context)
Check whether some data is available in the receive buffer.
TlsNamedGroup
Named groups.
@ TLS_GROUP_BRAINPOOLP384R1_TLS13
@ TLS_GROUP_BRAINPOOLP512R1_TLS13
@ TLS_GROUP_BRAINPOOLP512R1
@ TLS_GROUP_BRAINPOOLP256R1_TLS13
@ TLS_GROUP_BRAINPOOLP256R1
@ TLS_GROUP_EXPLICIT_CHAR2_CURVE
@ TLS_GROUP_EXPLICIT_PRIME_CURVE
@ TLS_GROUP_BRAINPOOLP384R1
error_t tlsSetClientAuthMode(TlsContext *context, TlsClientAuthMode mode)
Set client authentication mode (for servers only)
error_t tlsShutdown(TlsContext *context)
Gracefully close TLS session.
error_t tlsSetCache(TlsContext *context, TlsCache *cache)
Set session cache.
uint32_t ticketLifetime
Lifetime of the ticket.
TlsMessageType
Handshake message type.
@ TLS_TYPE_CERTIFICATE_VERIFY
@ TLS_TYPE_SUPPLEMENTAL_DATA
@ TLS_TYPE_END_OF_EARLY_DATA
@ TLS_TYPE_SERVER_HELLO_DONE
@ TLS_TYPE_SERVER_KEY_EXCHANGE
@ TLS_TYPE_CERTIFICATE_URL
@ TLS_TYPE_CERTIFICATE_STATUS
@ TLS_TYPE_CLIENT_KEY_EXCHANGE
@ TLS_TYPE_ENCRYPTED_EXTENSIONS
@ TLS_TYPE_HELLO_VERIFY_REQUEST
@ TLS_TYPE_NEW_SESSION_TICKET
@ TLS_TYPE_CERTIFICATE_REQUEST
@ TLS_TYPE_HELLO_RETRY_REQUEST
error_t tlsInitSessionState(TlsSessionState *session)
Initialize session state.
void tlsFree(TlsContext *context)
Release TLS context.
__start_packed struct @248 TlsDigitalSignature
Digitally-signed element (TLS 1.0 and TLS 1.1)
__start_packed struct @229 TlsCipherSuites
Cipher suites.
uint32_t ticketLifetimeHint
error_t tlsSetTimeout(TlsContext *context, systime_t timeout)
Set timeout for blocking calls (for DTLS only)
bool_t extendedMasterSecret
Extended master secret computation.
__start_packed struct @256 TlsChangeCipherSpec
ChangeCipherSpec message.
TlsEcCurveType
EC curve types.
@ TLS_EC_CURVE_TYPE_NAMED_CURVE
@ TLS_EC_CURVE_TYPE_EXPLICIT_PRIME
@ TLS_EC_CURVE_TYPE_EXPLICIT_CHAR2
error_t tlsSetAlpnProtocolList(TlsContext *context, const char_t *protocolList)
Set the list of supported ALPN protocols.
error_t tlsSetMaxEarlyDataSize(TlsContext *context, size_t maxEarlyDataSize)
Send the maximum amount of 0-RTT data the server can accept.
error_t tlsSetPskCallback(TlsContext *context, TlsPskCallback pskCallback)
Register PSK callback function.
error_t tlsSetTransportProtocol(TlsContext *context, TlsTransportProtocol transportProtocol)
Set the transport protocol to be used.
error_t tlsSetAlpnCallback(TlsContext *context, TlsAlpnCallback alpnCallback)
Register ALPN callback function.
Generic hash algorithm context.
X.509 common definitions.