tls.h
Go to the documentation of this file.
1 /**
2  * @file tls.h
3  * @brief TLS (Transport Layer Security)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2023 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneSSL Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.2.4
29  **/
30 
31 #ifndef _TLS_H
32 #define _TLS_H
33 
34 //Forward declaration of TlsContext structure
35 struct _TlsContext;
36 #define TlsContext struct _TlsContext
37 
38 //Forward declaration of TlsEncryptionEngine structure
40 #define TlsEncryptionEngine struct _TlsEncryptionEngine
41 
42 //Dependencies
43 #include "os_port.h"
44 #include "core/crypto.h"
45 #include "tls_config.h"
46 #include "tls_legacy.h"
47 #include "tls13_misc.h"
48 #include "dtls_misc.h"
49 #include "mac/hmac.h"
50 #include "aead/aead_algorithms.h"
51 #include "pkc/rsa.h"
52 #include "pkc/dsa.h"
53 #include "ecc/ecdsa.h"
54 #include "pkc/dh.h"
55 #include "ecc/ecdh.h"
56 #include "pkix/x509_common.h"
57 
58 
59 /*
60  * CycloneSSL Open is licensed under GPL version 2. In particular:
61  *
62  * - If you link your program to CycloneSSL Open, the result is a derivative
63  * work that can only be distributed under the same GPL license terms.
64  *
65  * - If additions or changes to CycloneSSL Open are made, the result is a
66  * derivative work that can only be distributed under the same license terms.
67  *
68  * - The GPL license requires that you make the source code available to
69  * whoever you make the binary available to.
70  *
71  * - If you sell or distribute a hardware product that runs CycloneSSL Open,
72  * the GPL license requires you to provide public and full access to all
73  * source code on a nondiscriminatory basis.
74  *
75  * If you fully understand and accept the terms of the GPL license, then edit
76  * the os_port_config.h header and add the following directive:
77  *
78  * #define GPL_LICENSE_TERMS_ACCEPTED
79  */
80 
81 #ifndef GPL_LICENSE_TERMS_ACCEPTED
82  #error Before compiling CycloneSSL Open, you must accept the terms of the GPL license
83 #endif
84 
85 //Version string
86 #define CYCLONE_SSL_VERSION_STRING "2.2.4"
87 //Major version
88 #define CYCLONE_SSL_MAJOR_VERSION 2
89 //Minor version
90 #define CYCLONE_SSL_MINOR_VERSION 2
91 //Revision number
92 #define CYCLONE_SSL_REV_NUMBER 4
93 
94 //TLS version numbers
95 #define SSL_VERSION_3_0 0x0300
96 #define TLS_VERSION_1_0 0x0301
97 #define TLS_VERSION_1_1 0x0302
98 #define TLS_VERSION_1_2 0x0303
99 #define TLS_VERSION_1_3 0x0304
100 
101 //TLS support
102 #ifndef TLS_SUPPORT
103  #define TLS_SUPPORT ENABLED
104 #elif (TLS_SUPPORT != ENABLED && TLS_SUPPORT != DISABLED)
105  #error TLS_SUPPORT parameter is not valid
106 #endif
107 
108 //Client mode of operation
109 #ifndef TLS_CLIENT_SUPPORT
110  #define TLS_CLIENT_SUPPORT ENABLED
111 #elif (TLS_CLIENT_SUPPORT != ENABLED && TLS_CLIENT_SUPPORT != DISABLED)
112  #error TLS_CLIENT_SUPPORT parameter is not valid
113 #endif
114 
115 //Server mode of operation
116 #ifndef TLS_SERVER_SUPPORT
117  #define TLS_SERVER_SUPPORT ENABLED
118 #elif (TLS_SERVER_SUPPORT != ENABLED && TLS_SERVER_SUPPORT != DISABLED)
119  #error TLS_SERVER_SUPPORT parameter is not valid
120 #endif
121 
122 //Minimum TLS version that can be negotiated
123 #ifndef TLS_MIN_VERSION
124  #define TLS_MIN_VERSION TLS_VERSION_1_2
125 #elif (TLS_MIN_VERSION < TLS_VERSION_1_0)
126  #error TLS_MIN_VERSION parameter is not valid
127 #endif
128 
129 //Maximum TLS version that can be negotiated
130 #ifndef TLS_MAX_VERSION
131  #define TLS_MAX_VERSION TLS_VERSION_1_3
132 #elif (TLS_MAX_VERSION > TLS_VERSION_1_3 || TLS_MAX_VERSION < TLS_MIN_VERSION)
133  #error TLS_MAX_VERSION parameter is not valid
134 #endif
135 
136 //Session resumption mechanism
137 #ifndef TLS_SESSION_RESUME_SUPPORT
138  #define TLS_SESSION_RESUME_SUPPORT ENABLED
139 #elif (TLS_SESSION_RESUME_SUPPORT != ENABLED && TLS_SESSION_RESUME_SUPPORT != DISABLED)
140  #error TLS_SESSION_RESUME_SUPPORT parameter is not valid
141 #endif
142 
143 //Lifetime of session cache entries
144 #ifndef TLS_SESSION_CACHE_LIFETIME
145  #define TLS_SESSION_CACHE_LIFETIME 3600000
146 #elif (TLS_SESSION_CACHE_LIFETIME < 1000)
147  #error TLS_SESSION_CACHE_LIFETIME parameter is not valid
148 #endif
149 
150 //Session ticket mechanism
151 #ifndef TLS_TICKET_SUPPORT
152  #define TLS_TICKET_SUPPORT DISABLED
153 #elif (TLS_TICKET_SUPPORT != ENABLED && TLS_TICKET_SUPPORT != DISABLED)
154  #error TLS_TICKET_SUPPORT parameter is not valid
155 #endif
156 
157 //Maximum size for session tickets
158 #ifndef TLS_MAX_TICKET_SIZE
159  #define TLS_MAX_TICKET_SIZE 1024
160 #elif (TLS_MAX_TICKET_SIZE < 32)
161  #error TLS_MAX_TICKET_SIZE parameter is not valid
162 #endif
163 
164 //Lifetime of session tickets
165 #ifndef TLS_TICKET_LIFETIME
166  #define TLS_TICKET_LIFETIME 3600000
167 #elif (TLS_TICKET_LIFETIME < 0)
168  #error TLS_TICKET_LIFETIME parameter is not valid
169 #endif
170 
171 //SNI (Server Name Indication) extension
172 #ifndef TLS_SNI_SUPPORT
173  #define TLS_SNI_SUPPORT ENABLED
174 #elif (TLS_SNI_SUPPORT != ENABLED && TLS_SNI_SUPPORT != DISABLED)
175  #error TLS_SNI_SUPPORT parameter is not valid
176 #endif
177 
178 //Maximum Fragment Length extension
179 #ifndef TLS_MAX_FRAG_LEN_SUPPORT
180  #define TLS_MAX_FRAG_LEN_SUPPORT DISABLED
181 #elif (TLS_MAX_FRAG_LEN_SUPPORT != ENABLED && TLS_MAX_FRAG_LEN_SUPPORT != DISABLED)
182  #error TLS_MAX_FRAG_LEN_SUPPORT parameter is not valid
183 #endif
184 
185 //Record Size Limit extension
186 #ifndef TLS_RECORD_SIZE_LIMIT_SUPPORT
187  #define TLS_RECORD_SIZE_LIMIT_SUPPORT ENABLED
188 #elif (TLS_RECORD_SIZE_LIMIT_SUPPORT != ENABLED && TLS_RECORD_SIZE_LIMIT_SUPPORT != DISABLED)
189  #error TLS_RECORD_SIZE_LIMIT_SUPPORT parameter is not valid
190 #endif
191 
192 //ALPN (Application-Layer Protocol Negotiation) extension
193 #ifndef TLS_ALPN_SUPPORT
194  #define TLS_ALPN_SUPPORT DISABLED
195 #elif (TLS_ALPN_SUPPORT != ENABLED && TLS_ALPN_SUPPORT != DISABLED)
196  #error TLS_ALPN_SUPPORT parameter is not valid
197 #endif
198 
199 //Extended Master Secret extension
200 #ifndef TLS_EXT_MASTER_SECRET_SUPPORT
201  #define TLS_EXT_MASTER_SECRET_SUPPORT ENABLED
202 #elif (TLS_EXT_MASTER_SECRET_SUPPORT != ENABLED && TLS_EXT_MASTER_SECRET_SUPPORT != DISABLED)
203  #error TLS_EXT_MASTER_SECRET_SUPPORT parameter is not valid
204 #endif
205 
206 //ClientHello Padding extension
207 #ifndef TLS_CLIENT_HELLO_PADDING_SUPPORT
208  #define TLS_CLIENT_HELLO_PADDING_SUPPORT ENABLED
209 #elif (TLS_CLIENT_HELLO_PADDING_SUPPORT != ENABLED && TLS_CLIENT_HELLO_PADDING_SUPPORT != DISABLED)
210  #error TLS_CLIENT_HELLO_PADDING_SUPPORT parameter is not valid
211 #endif
212 
213 //Certificate Authorities extension
214 #ifndef TLS_CERT_AUTHORITIES_SUPPORT
215  #define TLS_CERT_AUTHORITIES_SUPPORT DISABLED
216 #elif (TLS_CERT_AUTHORITIES_SUPPORT != ENABLED && TLS_CERT_AUTHORITIES_SUPPORT != DISABLED)
217  #error TLS_CERT_AUTHORITIES_SUPPORT parameter is not valid
218 #endif
219 
220 //Signature Algorithms Certificate extension
221 #ifndef TLS_SIGN_ALGOS_CERT_SUPPORT
222  #define TLS_SIGN_ALGOS_CERT_SUPPORT DISABLED
223 #elif (TLS_SIGN_ALGOS_CERT_SUPPORT != ENABLED && TLS_SIGN_ALGOS_CERT_SUPPORT != DISABLED)
224  #error TLS_SIGN_ALGOS_CERT_SUPPORT parameter is not valid
225 #endif
226 
227 //RPK (Raw Public Key) support
228 #ifndef TLS_RAW_PUBLIC_KEY_SUPPORT
229  #define TLS_RAW_PUBLIC_KEY_SUPPORT DISABLED
230 #elif (TLS_RAW_PUBLIC_KEY_SUPPORT != ENABLED && TLS_RAW_PUBLIC_KEY_SUPPORT != DISABLED)
231  #error TLS_RAW_PUBLIC_KEY_SUPPORT parameter is not valid
232 #endif
233 
234 //Secure renegotiation support
235 #ifndef TLS_SECURE_RENEGOTIATION_SUPPORT
236  #define TLS_SECURE_RENEGOTIATION_SUPPORT DISABLED
237 #elif (TLS_SECURE_RENEGOTIATION_SUPPORT != ENABLED && TLS_SECURE_RENEGOTIATION_SUPPORT != DISABLED)
238  #error TLS_SECURE_RENEGOTIATION_SUPPORT parameter is not valid
239 #endif
240 
241 //Fallback SCSV support
242 #ifndef TLS_FALLBACK_SCSV_SUPPORT
243  #define TLS_FALLBACK_SCSV_SUPPORT DISABLED
244 #elif (TLS_FALLBACK_SCSV_SUPPORT != ENABLED && TLS_FALLBACK_SCSV_SUPPORT != DISABLED)
245  #error TLS_FALLBACK_SCSV_SUPPORT parameter is not valid
246 #endif
247 
248 //ECC callback functions
249 #ifndef TLS_ECC_CALLBACK_SUPPORT
250  #define TLS_ECC_CALLBACK_SUPPORT DISABLED
251 #elif (TLS_ECC_CALLBACK_SUPPORT != ENABLED && TLS_ECC_CALLBACK_SUPPORT != DISABLED)
252  #error TLS_ECC_CALLBACK_SUPPORT parameter is not valid
253 #endif
254 
255 //Maximum number of certificates the end entity can load
256 #ifndef TLS_MAX_CERTIFICATES
257  #define TLS_MAX_CERTIFICATES 3
258 #elif (TLS_MAX_CERTIFICATES < 1)
259  #error TLS_MAX_CERTIFICATES parameter is not valid
260 #endif
261 
262 //RSA key exchange support
263 #ifndef TLS_RSA_KE_SUPPORT
264  #define TLS_RSA_KE_SUPPORT ENABLED
265 #elif (TLS_RSA_KE_SUPPORT != ENABLED && TLS_RSA_KE_SUPPORT != DISABLED)
266  #error TLS_RSA_KE_SUPPORT parameter is not valid
267 #endif
268 
269 //DHE_RSA key exchange support
270 #ifndef TLS_DHE_RSA_KE_SUPPORT
271  #define TLS_DHE_RSA_KE_SUPPORT ENABLED
272 #elif (TLS_DHE_RSA_KE_SUPPORT != ENABLED && TLS_DHE_RSA_KE_SUPPORT != DISABLED)
273  #error TLS_DHE_RSA_KE_SUPPORT parameter is not valid
274 #endif
275 
276 //DHE_DSS key exchange support
277 #ifndef TLS_DHE_DSS_KE_SUPPORT
278  #define TLS_DHE_DSS_KE_SUPPORT DISABLED
279 #elif (TLS_DHE_DSS_KE_SUPPORT != ENABLED && TLS_DHE_DSS_KE_SUPPORT != DISABLED)
280  #error TLS_DHE_DSS_KE_SUPPORT parameter is not valid
281 #endif
282 
283 //DH_anon key exchange support (insecure)
284 #ifndef TLS_DH_ANON_KE_SUPPORT
285  #define TLS_DH_ANON_KE_SUPPORT DISABLED
286 #elif (TLS_DH_ANON_KE_SUPPORT != ENABLED && TLS_DH_ANON_KE_SUPPORT != DISABLED)
287  #error TLS_DH_ANON_KE_SUPPORT parameter is not valid
288 #endif
289 
290 //ECDHE_RSA key exchange support
291 #ifndef TLS_ECDHE_RSA_KE_SUPPORT
292  #define TLS_ECDHE_RSA_KE_SUPPORT ENABLED
293 #elif (TLS_ECDHE_RSA_KE_SUPPORT != ENABLED && TLS_ECDHE_RSA_KE_SUPPORT != DISABLED)
294  #error TLS_ECDHE_RSA_KE_SUPPORT parameter is not valid
295 #endif
296 
297 //ECDHE_ECDSA key exchange support
298 #ifndef TLS_ECDHE_ECDSA_KE_SUPPORT
299  #define TLS_ECDHE_ECDSA_KE_SUPPORT ENABLED
300 #elif (TLS_ECDHE_ECDSA_KE_SUPPORT != ENABLED && TLS_ECDHE_ECDSA_KE_SUPPORT != DISABLED)
301  #error TLS_ECDHE_ECDSA_KE_SUPPORT parameter is not valid
302 #endif
303 
304 //ECDH_anon key exchange support (insecure)
305 #ifndef TLS_ECDH_ANON_KE_SUPPORT
306  #define TLS_ECDH_ANON_KE_SUPPORT DISABLED
307 #elif (TLS_ECDH_ANON_KE_SUPPORT != ENABLED && TLS_ECDH_ANON_KE_SUPPORT != DISABLED)
308  #error TLS_ECDH_ANON_KE_SUPPORT parameter is not valid
309 #endif
310 
311 //PSK key exchange support
312 #ifndef TLS_PSK_KE_SUPPORT
313  #define TLS_PSK_KE_SUPPORT DISABLED
314 #elif (TLS_PSK_KE_SUPPORT != ENABLED && TLS_PSK_KE_SUPPORT != DISABLED)
315  #error TLS_PSK_KE_SUPPORT parameter is not valid
316 #endif
317 
318 //RSA_PSK key exchange support
319 #ifndef TLS_RSA_PSK_KE_SUPPORT
320  #define TLS_RSA_PSK_KE_SUPPORT DISABLED
321 #elif (TLS_RSA_PSK_KE_SUPPORT != ENABLED && TLS_RSA_PSK_KE_SUPPORT != DISABLED)
322  #error TLS_RSA_PSK_KE_SUPPORT parameter is not valid
323 #endif
324 
325 //DHE_PSK key exchange support
326 #ifndef TLS_DHE_PSK_KE_SUPPORT
327  #define TLS_DHE_PSK_KE_SUPPORT DISABLED
328 #elif (TLS_DHE_PSK_KE_SUPPORT != ENABLED && TLS_DHE_PSK_KE_SUPPORT != DISABLED)
329  #error TLS_DHE_PSK_KE_SUPPORT parameter is not valid
330 #endif
331 
332 //ECDHE_PSK key exchange support
333 #ifndef TLS_ECDHE_PSK_KE_SUPPORT
334  #define TLS_ECDHE_PSK_KE_SUPPORT DISABLED
335 #elif (TLS_ECDHE_PSK_KE_SUPPORT != ENABLED && TLS_ECDHE_PSK_KE_SUPPORT != DISABLED)
336  #error TLS_ECDHE_PSK_KE_SUPPORT parameter is not valid
337 #endif
338 
339 //RSA signature capability
340 #ifndef TLS_RSA_SIGN_SUPPORT
341  #define TLS_RSA_SIGN_SUPPORT ENABLED
342 #elif (TLS_RSA_SIGN_SUPPORT != ENABLED && TLS_RSA_SIGN_SUPPORT != DISABLED)
343  #error TLS_RSA_SIGN_SUPPORT parameter is not valid
344 #endif
345 
346 //RSA-PSS signature capability
347 #ifndef TLS_RSA_PSS_SIGN_SUPPORT
348  #define TLS_RSA_PSS_SIGN_SUPPORT ENABLED
349 #elif (TLS_RSA_PSS_SIGN_SUPPORT != ENABLED && TLS_RSA_PSS_SIGN_SUPPORT != DISABLED)
350  #error TLS_RSA_PSS_SIGN_SUPPORT parameter is not valid
351 #endif
352 
353 //DSA signature capability
354 #ifndef TLS_DSA_SIGN_SUPPORT
355  #define TLS_DSA_SIGN_SUPPORT DISABLED
356 #elif (TLS_DSA_SIGN_SUPPORT != ENABLED && TLS_DSA_SIGN_SUPPORT != DISABLED)
357  #error TLS_DSA_SIGN_SUPPORT parameter is not valid
358 #endif
359 
360 //ECDSA signature capability
361 #ifndef TLS_ECDSA_SIGN_SUPPORT
362  #define TLS_ECDSA_SIGN_SUPPORT ENABLED
363 #elif (TLS_ECDSA_SIGN_SUPPORT != ENABLED && TLS_ECDSA_SIGN_SUPPORT != DISABLED)
364  #error TLS_ECDSA_SIGN_SUPPORT parameter is not valid
365 #endif
366 
367 //EdDSA signature capability
368 #ifndef TLS_EDDSA_SIGN_SUPPORT
369  #define TLS_EDDSA_SIGN_SUPPORT DISABLED
370 #elif (TLS_EDDSA_SIGN_SUPPORT != ENABLED && TLS_EDDSA_SIGN_SUPPORT != DISABLED)
371  #error TLS_EDDSA_SIGN_SUPPORT parameter is not valid
372 #endif
373 
374 //NULL cipher support (insecure)
375 #ifndef TLS_NULL_CIPHER_SUPPORT
376  #define TLS_NULL_CIPHER_SUPPORT DISABLED
377 #elif (TLS_NULL_CIPHER_SUPPORT != ENABLED && TLS_NULL_CIPHER_SUPPORT != DISABLED)
378  #error TLS_NULL_CIPHER_SUPPORT parameter is not valid
379 #endif
380 
381 //Stream cipher support
382 #ifndef TLS_STREAM_CIPHER_SUPPORT
383  #define TLS_STREAM_CIPHER_SUPPORT DISABLED
384 #elif (TLS_STREAM_CIPHER_SUPPORT != ENABLED && TLS_STREAM_CIPHER_SUPPORT != DISABLED)
385  #error TLS_STREAM_CIPHER_SUPPORT parameter is not valid
386 #endif
387 
388 //CBC block cipher support
389 #ifndef TLS_CBC_CIPHER_SUPPORT
390  #define TLS_CBC_CIPHER_SUPPORT ENABLED
391 #elif (TLS_CBC_CIPHER_SUPPORT != ENABLED && TLS_CBC_CIPHER_SUPPORT != DISABLED)
392  #error TLS_CBC_CIPHER_SUPPORT parameter is not valid
393 #endif
394 
395 //CCM AEAD support
396 #ifndef TLS_CCM_CIPHER_SUPPORT
397  #define TLS_CCM_CIPHER_SUPPORT DISABLED
398 #elif (TLS_CCM_CIPHER_SUPPORT != ENABLED && TLS_CCM_CIPHER_SUPPORT != DISABLED)
399  #error TLS_CCM_CIPHER_SUPPORT parameter is not valid
400 #endif
401 
402 //CCM_8 AEAD support
403 #ifndef TLS_CCM_8_CIPHER_SUPPORT
404  #define TLS_CCM_8_CIPHER_SUPPORT DISABLED
405 #elif (TLS_CCM_8_CIPHER_SUPPORT != ENABLED && TLS_CCM_8_CIPHER_SUPPORT != DISABLED)
406  #error TLS_CCM_8_CIPHER_SUPPORT parameter is not valid
407 #endif
408 
409 //GCM AEAD support
410 #ifndef TLS_GCM_CIPHER_SUPPORT
411  #define TLS_GCM_CIPHER_SUPPORT ENABLED
412 #elif (TLS_GCM_CIPHER_SUPPORT != ENABLED && TLS_GCM_CIPHER_SUPPORT != DISABLED)
413  #error TLS_GCM_CIPHER_SUPPORT parameter is not valid
414 #endif
415 
416 //ChaCha20Poly1305 AEAD support
417 #ifndef TLS_CHACHA20_POLY1305_SUPPORT
418  #define TLS_CHACHA20_POLY1305_SUPPORT DISABLED
419 #elif (TLS_CHACHA20_POLY1305_SUPPORT != ENABLED && TLS_CHACHA20_POLY1305_SUPPORT != DISABLED)
420  #error TLS_CHACHA20_POLY1305_SUPPORT parameter is not valid
421 #endif
422 
423 //RC4 cipher support (insecure)
424 #ifndef TLS_RC4_SUPPORT
425  #define TLS_RC4_SUPPORT DISABLED
426 #elif (TLS_RC4_SUPPORT != ENABLED && TLS_RC4_SUPPORT != DISABLED)
427  #error TLS_RC4_SUPPORT parameter is not valid
428 #endif
429 
430 //IDEA cipher support (insecure)
431 #ifndef TLS_IDEA_SUPPORT
432  #define TLS_IDEA_SUPPORT DISABLED
433 #elif (TLS_IDEA_SUPPORT != ENABLED && TLS_IDEA_SUPPORT != DISABLED)
434  #error TLS_IDEA_SUPPORT parameter is not valid
435 #endif
436 
437 //DES cipher support (insecure)
438 #ifndef TLS_DES_SUPPORT
439  #define TLS_DES_SUPPORT DISABLED
440 #elif (TLS_DES_SUPPORT != ENABLED && TLS_DES_SUPPORT != DISABLED)
441  #error TLS_DES_SUPPORT parameter is not valid
442 #endif
443 
444 //Triple DES cipher support (weak)
445 #ifndef TLS_3DES_SUPPORT
446  #define TLS_3DES_SUPPORT DISABLED
447 #elif (TLS_3DES_SUPPORT != ENABLED && TLS_3DES_SUPPORT != DISABLED)
448  #error TLS_3DES_SUPPORT parameter is not valid
449 #endif
450 
451 //AES 128-bit cipher support
452 #ifndef TLS_AES_128_SUPPORT
453  #define TLS_AES_128_SUPPORT ENABLED
454 #elif (TLS_AES_128_SUPPORT != ENABLED && TLS_AES_128_SUPPORT != DISABLED)
455  #error TLS_AES_128_SUPPORT parameter is not valid
456 #endif
457 
458 //AES 256-bit cipher support
459 #ifndef TLS_AES_256_SUPPORT
460  #define TLS_AES_256_SUPPORT ENABLED
461 #elif (TLS_AES_256_SUPPORT != ENABLED && TLS_AES_256_SUPPORT != DISABLED)
462  #error TLS_AES_256_SUPPORT parameter is not valid
463 #endif
464 
465 //Camellia 128-bit cipher support
466 #ifndef TLS_CAMELLIA_128_SUPPORT
467  #define TLS_CAMELLIA_128_SUPPORT DISABLED
468 #elif (TLS_CAMELLIA_128_SUPPORT != ENABLED && TLS_CAMELLIA_128_SUPPORT != DISABLED)
469  #error TLS_CAMELLIA_128_SUPPORT parameter is not valid
470 #endif
471 
472 //Camellia 256-bit cipher support
473 #ifndef TLS_CAMELLIA_256_SUPPORT
474  #define TLS_CAMELLIA_256_SUPPORT DISABLED
475 #elif (TLS_CAMELLIA_256_SUPPORT != ENABLED && TLS_CAMELLIA_256_SUPPORT != DISABLED)
476  #error TLS_CAMELLIA_256_SUPPORT parameter is not valid
477 #endif
478 
479 //ARIA 128-bit cipher support
480 #ifndef TLS_ARIA_128_SUPPORT
481  #define TLS_ARIA_128_SUPPORT DISABLED
482 #elif (TLS_ARIA_128_SUPPORT != ENABLED && TLS_ARIA_128_SUPPORT != DISABLED)
483  #error TLS_ARIA_128_SUPPORT parameter is not valid
484 #endif
485 
486 //ARIA 256-bit cipher support
487 #ifndef TLS_ARIA_256_SUPPORT
488  #define TLS_ARIA_256_SUPPORT DISABLED
489 #elif (TLS_ARIA_256_SUPPORT != ENABLED && TLS_ARIA_256_SUPPORT != DISABLED)
490  #error TLS_ARIA_256_SUPPORT parameter is not valid
491 #endif
492 
493 //SEED cipher support
494 #ifndef TLS_SEED_SUPPORT
495  #define TLS_SEED_SUPPORT DISABLED
496 #elif (TLS_SEED_SUPPORT != ENABLED && TLS_SEED_SUPPORT != DISABLED)
497  #error TLS_SEED_SUPPORT parameter is not valid
498 #endif
499 
500 //MD5 hash support (insecure)
501 #ifndef TLS_MD5_SUPPORT
502  #define TLS_MD5_SUPPORT DISABLED
503 #elif (TLS_MD5_SUPPORT != ENABLED && TLS_MD5_SUPPORT != DISABLED)
504  #error TLS_MD5_SUPPORT parameter is not valid
505 #endif
506 
507 //SHA-1 hash support (weak)
508 #ifndef TLS_SHA1_SUPPORT
509  #define TLS_SHA1_SUPPORT ENABLED
510 #elif (TLS_SHA1_SUPPORT != ENABLED && TLS_SHA1_SUPPORT != DISABLED)
511  #error TLS_SHA1_SUPPORT parameter is not valid
512 #endif
513 
514 //SHA-224 hash support (weak)
515 #ifndef TLS_SHA224_SUPPORT
516  #define TLS_SHA224_SUPPORT DISABLED
517 #elif (TLS_SHA224_SUPPORT != ENABLED && TLS_SHA224_SUPPORT != DISABLED)
518  #error TLS_SHA224_SUPPORT parameter is not valid
519 #endif
520 
521 //SHA-256 hash support
522 #ifndef TLS_SHA256_SUPPORT
523  #define TLS_SHA256_SUPPORT ENABLED
524 #elif (TLS_SHA256_SUPPORT != ENABLED && TLS_SHA256_SUPPORT != DISABLED)
525  #error TLS_SHA256_SUPPORT parameter is not valid
526 #endif
527 
528 //SHA-384 hash support
529 #ifndef TLS_SHA384_SUPPORT
530  #define TLS_SHA384_SUPPORT ENABLED
531 #elif (TLS_SHA384_SUPPORT != ENABLED && TLS_SHA384_SUPPORT != DISABLED)
532  #error TLS_SHA384_SUPPORT parameter is not valid
533 #endif
534 
535 //SHA-512 hash support
536 #ifndef TLS_SHA512_SUPPORT
537  #define TLS_SHA512_SUPPORT DISABLED
538 #elif (TLS_SHA512_SUPPORT != ENABLED && TLS_SHA512_SUPPORT != DISABLED)
539  #error TLS_SHA512_SUPPORT parameter is not valid
540 #endif
541 
542 //FFDHE key exchange mechanism
543 #ifndef TLS_FFDHE_SUPPORT
544  #define TLS_FFDHE_SUPPORT DISABLED
545 #elif (TLS_FFDHE_SUPPORT != ENABLED && TLS_FFDHE_SUPPORT != DISABLED)
546  #error TLS_FFDHE_SUPPORT parameter is not valid
547 #endif
548 
549 //ffdhe2048 group support
550 #ifndef TLS_FFDHE2048_SUPPORT
551  #define TLS_FFDHE2048_SUPPORT ENABLED
552 #elif (TLS_FFDHE2048_SUPPORT != ENABLED && TLS_FFDHE2048_SUPPORT != DISABLED)
553  #error TLS_FFDHE2048_SUPPORT parameter is not valid
554 #endif
555 
556 //ffdhe3072 group support
557 #ifndef TLS_FFDHE3072_SUPPORT
558  #define TLS_FFDHE3072_SUPPORT DISABLED
559 #elif (TLS_FFDHE3072_SUPPORT != ENABLED && TLS_FFDHE3072_SUPPORT != DISABLED)
560  #error TLS_FFDHE3072_SUPPORT parameter is not valid
561 #endif
562 
563 //ffdhe4096 group support
564 #ifndef TLS_FFDHE4096_SUPPORT
565  #define TLS_FFDHE4096_SUPPORT DISABLED
566 #elif (TLS_FFDHE4096_SUPPORT != ENABLED && TLS_FFDHE4096_SUPPORT != DISABLED)
567  #error TLS_FFDHE4096_SUPPORT parameter is not valid
568 #endif
569 
570 //secp160k1 elliptic curve support (weak)
571 #ifndef TLS_SECP160K1_SUPPORT
572  #define TLS_SECP160K1_SUPPORT DISABLED
573 #elif (TLS_SECP160K1_SUPPORT != ENABLED && TLS_SECP160K1_SUPPORT != DISABLED)
574  #error TLS_SECP160K1_SUPPORT parameter is not valid
575 #endif
576 
577 //secp160r1 elliptic curve support (weak)
578 #ifndef TLS_SECP160R1_SUPPORT
579  #define TLS_SECP160R1_SUPPORT DISABLED
580 #elif (TLS_SECP160R1_SUPPORT != ENABLED && TLS_SECP160R1_SUPPORT != DISABLED)
581  #error TLS_SECP160R1_SUPPORT parameter is not valid
582 #endif
583 
584 //secp160r2 elliptic curve support (weak)
585 #ifndef TLS_SECP160R2_SUPPORT
586  #define TLS_SECP160R2_SUPPORT DISABLED
587 #elif (TLS_SECP160R2_SUPPORT != ENABLED && TLS_SECP160R2_SUPPORT != DISABLED)
588  #error TLS_SECP160R2_SUPPORT parameter is not valid
589 #endif
590 
591 //secp192k1 elliptic curve support
592 #ifndef TLS_SECP192K1_SUPPORT
593  #define TLS_SECP192K1_SUPPORT DISABLED
594 #elif (TLS_SECP192K1_SUPPORT != ENABLED && TLS_SECP192K1_SUPPORT != DISABLED)
595  #error TLS_SECP192K1_SUPPORT parameter is not valid
596 #endif
597 
598 //secp192r1 elliptic curve support (NIST P-192)
599 #ifndef TLS_SECP192R1_SUPPORT
600  #define TLS_SECP192R1_SUPPORT DISABLED
601 #elif (TLS_SECP192R1_SUPPORT != ENABLED && TLS_SECP192R1_SUPPORT != DISABLED)
602  #error TLS_SECP192R1_SUPPORT parameter is not valid
603 #endif
604 
605 //secp224k1 elliptic curve support
606 #ifndef TLS_SECP224K1_SUPPORT
607  #define TLS_SECP224K1_SUPPORT DISABLED
608 #elif (TLS_SECP224K1_SUPPORT != ENABLED && TLS_SECP224K1_SUPPORT != DISABLED)
609  #error TLS_SECP224K1_SUPPORT parameter is not valid
610 #endif
611 
612 //secp224r1 elliptic curve support (NIST P-224)
613 #ifndef TLS_SECP224R1_SUPPORT
614  #define TLS_SECP224R1_SUPPORT DISABLED
615 #elif (TLS_SECP224R1_SUPPORT != ENABLED && TLS_SECP224R1_SUPPORT != DISABLED)
616  #error TLS_SECP224R1_SUPPORT parameter is not valid
617 #endif
618 
619 //secp256k1 elliptic curve support
620 #ifndef TLS_SECP256K1_SUPPORT
621  #define TLS_SECP256K1_SUPPORT DISABLED
622 #elif (TLS_SECP256K1_SUPPORT != ENABLED && TLS_SECP256K1_SUPPORT != DISABLED)
623  #error TLS_SECP256K1_SUPPORT parameter is not valid
624 #endif
625 
626 //secp256r1 elliptic curve support (NIST P-256)
627 #ifndef TLS_SECP256R1_SUPPORT
628  #define TLS_SECP256R1_SUPPORT ENABLED
629 #elif (TLS_SECP256R1_SUPPORT != ENABLED && TLS_SECP256R1_SUPPORT != DISABLED)
630  #error TLS_SECP256R1_SUPPORT parameter is not valid
631 #endif
632 
633 //secp384r1 elliptic curve support (NIST P-384)
634 #ifndef TLS_SECP384R1_SUPPORT
635  #define TLS_SECP384R1_SUPPORT ENABLED
636 #elif (TLS_SECP384R1_SUPPORT != ENABLED && TLS_SECP384R1_SUPPORT != DISABLED)
637  #error TLS_SECP384R1_SUPPORT parameter is not valid
638 #endif
639 
640 //secp521r1 elliptic curve support (NIST P-521)
641 #ifndef TLS_SECP521R1_SUPPORT
642  #define TLS_SECP521R1_SUPPORT DISABLED
643 #elif (TLS_SECP521R1_SUPPORT != ENABLED && TLS_SECP521R1_SUPPORT != DISABLED)
644  #error TLS_SECP521R1_SUPPORT parameter is not valid
645 #endif
646 
647 //brainpoolP256r1 elliptic curve support
648 #ifndef TLS_BRAINPOOLP256R1_SUPPORT
649  #define TLS_BRAINPOOLP256R1_SUPPORT DISABLED
650 #elif (TLS_BRAINPOOLP256R1_SUPPORT != ENABLED && TLS_BRAINPOOLP256R1_SUPPORT != DISABLED)
651  #error TLS_BRAINPOOLP256R1_SUPPORT parameter is not valid
652 #endif
653 
654 //brainpoolP384r1 elliptic curve support
655 #ifndef TLS_BRAINPOOLP384R1_SUPPORT
656  #define TLS_BRAINPOOLP384R1_SUPPORT DISABLED
657 #elif (TLS_BRAINPOOLP384R1_SUPPORT != ENABLED && TLS_BRAINPOOLP384R1_SUPPORT != DISABLED)
658  #error TLS_BRAINPOOLP384R1_SUPPORT parameter is not valid
659 #endif
660 
661 //brainpoolP512r1 elliptic curve support
662 #ifndef TLS_BRAINPOOLP512R1_SUPPORT
663  #define TLS_BRAINPOOLP512R1_SUPPORT DISABLED
664 #elif (TLS_BRAINPOOLP512R1_SUPPORT != ENABLED && TLS_BRAINPOOLP512R1_SUPPORT != DISABLED)
665  #error TLS_BRAINPOOLP512R1_SUPPORT parameter is not valid
666 #endif
667 
668 //Curve25519 elliptic curve support
669 #ifndef TLS_X25519_SUPPORT
670  #define TLS_X25519_SUPPORT DISABLED
671 #elif (TLS_X25519_SUPPORT != ENABLED && TLS_X25519_SUPPORT != DISABLED)
672  #error TLS_X25519_SUPPORT parameter is not valid
673 #endif
674 
675 //Curve448 elliptic curve support
676 #ifndef TLS_X448_SUPPORT
677  #define TLS_X448_SUPPORT DISABLED
678 #elif (TLS_X448_SUPPORT != ENABLED && TLS_X448_SUPPORT != DISABLED)
679  #error TLS_X448_SUPPORT parameter is not valid
680 #endif
681 
682 //Ed25519 elliptic curve support
683 #ifndef TLS_ED25519_SUPPORT
684  #define TLS_ED25519_SUPPORT ENABLED
685 #elif (TLS_ED25519_SUPPORT != ENABLED && TLS_ED25519_SUPPORT != DISABLED)
686  #error TLS_ED25519_SUPPORT parameter is not valid
687 #endif
688 
689 //Ed448 elliptic curve support
690 #ifndef TLS_ED448_SUPPORT
691  #define TLS_ED448_SUPPORT DISABLED
692 #elif (TLS_ED448_SUPPORT != ENABLED && TLS_ED448_SUPPORT != DISABLED)
693  #error TLS_ED448_SUPPORT parameter is not valid
694 #endif
695 
696 //Certificate key usage verification
697 #ifndef TLS_CERT_KEY_USAGE_SUPPORT
698  #define TLS_CERT_KEY_USAGE_SUPPORT ENABLED
699 #elif (TLS_CERT_KEY_USAGE_SUPPORT != ENABLED && TLS_CERT_KEY_USAGE_SUPPORT != DISABLED)
700  #error TLS_CERT_KEY_USAGE_SUPPORT parameter is not valid
701 #endif
702 
703 //Key logging (for debugging purpose only)
704 #ifndef TLS_KEY_LOG_SUPPORT
705  #define TLS_KEY_LOG_SUPPORT DISABLED
706 #elif (TLS_KEY_LOG_SUPPORT != ENABLED && TLS_KEY_LOG_SUPPORT != DISABLED)
707  #error TLS_KEY_LOG_SUPPORT parameter is not valid
708 #endif
709 
710 //Maximum length of server name
711 #ifndef TLS_MAX_SERVER_NAME_LEN
712  #define TLS_MAX_SERVER_NAME_LEN 255
713 #elif (TLS_MAX_SERVER_NAME_LEN < 1)
714  #error TLS_MAX_SERVER_NAME_LEN parameter is not valid
715 #endif
716 
717 //Maximum length of password
718 #ifndef TLS_MAX_PASSWORD_LEN
719  #define TLS_MAX_PASSWORD_LEN 32
720 #elif (TLS_MAX_PASSWORD_LEN < 0)
721  #error TLS_MAX_PASSWORD_LEN parameter is not valid
722 #endif
723 
724 //Minimum acceptable size for Diffie-Hellman prime modulus
725 #ifndef TLS_MIN_DH_MODULUS_SIZE
726  #define TLS_MIN_DH_MODULUS_SIZE 1024
727 #elif (TLS_MIN_DH_MODULUS_SIZE < 512)
728  #error TLS_MIN_DH_MODULUS_SIZE parameter is not valid
729 #endif
730 
731 //Maximum acceptable size for Diffie-Hellman prime modulus
732 #ifndef TLS_MAX_DH_MODULUS_SIZE
733  #define TLS_MAX_DH_MODULUS_SIZE 2048
734 #elif (TLS_MAX_DH_MODULUS_SIZE < TLS_MIN_DH_MODULUS_SIZE)
735  #error TLS_MAX_DH_MODULUS_SIZE parameter is not valid
736 #endif
737 
738 //Minimum acceptable size for RSA modulus
739 #ifndef TLS_MIN_RSA_MODULUS_SIZE
740  #define TLS_MIN_RSA_MODULUS_SIZE 1024
741 #elif (TLS_MIN_RSA_MODULUS_SIZE < 512)
742  #error TLS_MIN_RSA_MODULUS_SIZE parameter is not valid
743 #endif
744 
745 //Maximum acceptable size for RSA modulus
746 #ifndef TLS_MAX_RSA_MODULUS_SIZE
747  #define TLS_MAX_RSA_MODULUS_SIZE 4096
748 #elif (TLS_MAX_RSA_MODULUS_SIZE < TLS_MIN_RSA_MODULUS_SIZE)
749  #error TLS_MAX_RSA_MODULUS_SIZE parameter is not valid
750 #endif
751 
752 //Minimum acceptable size for DSA prime modulus
753 #ifndef TLS_MIN_DSA_MODULUS_SIZE
754  #define TLS_MIN_DSA_MODULUS_SIZE 1024
755 #elif (TLS_MIN_DSA_MODULUS_SIZE < 512)
756  #error TLS_MIN_DSA_MODULUS_SIZE parameter is not valid
757 #endif
758 
759 //Maximum acceptable size for DSA prime modulus
760 #ifndef TLS_MAX_DSA_MODULUS_SIZE
761  #define TLS_MAX_DSA_MODULUS_SIZE 4096
762 #elif (TLS_MAX_DSA_MODULUS_SIZE < TLS_MIN_DSA_MODULUS_SIZE)
763  #error TLS_MAX_DSA_MODULUS_SIZE parameter is not valid
764 #endif
765 
766 //Master secret size
767 #ifndef TLS_MASTER_SECRET_SIZE
768  #define TLS_MASTER_SECRET_SIZE 48
769 #elif (TLS_MASTER_SECRET_SIZE < 48)
770  #error TLS_MASTER_SECRET_SIZE parameter is not valid
771 #endif
772 
773 //Maximum size for premaster secret
774 #ifndef TLS_PREMASTER_SECRET_SIZE
775  #define TLS_PREMASTER_SECRET_SIZE (TLS_MAX_DH_MODULUS_SIZE / 8)
776 #elif (TLS_PREMASTER_SECRET_SIZE < 48)
777  #error TLS_PREMASTER_SECRET_SIZE parameter is not valid
778 #endif
779 
780 //Maximum number of consecutive warning alerts
781 #ifndef TLS_MAX_WARNING_ALERTS
782  #define TLS_MAX_WARNING_ALERTS 5
783 #elif (TLS_MAX_WARNING_ALERTS < 0)
784  #error TLS_MAX_WARNING_ALERTS parameter is not valid
785 #endif
786 
787 //Maximum number of consecutive empty records
788 #ifndef TLS_MAX_EMPTY_RECORDS
789  #define TLS_MAX_EMPTY_RECORDS 10
790 #elif (TLS_MAX_EMPTY_RECORDS < 0)
791  #error TLS_MAX_EMPTY_RECORDS parameter is not valid
792 #endif
793 
794 //Maximum number of consecutive ChangeCipherSpec messages
795 #ifndef TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES
796  #define TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES 5
797 #elif (TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES < 0)
798  #error TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES parameter is not valid
799 #endif
800 
801 //Maximum number of consecutive KeyUpdate messages
802 #ifndef TLS_MAX_KEY_UPDATE_MESSAGES
803  #define TLS_MAX_KEY_UPDATE_MESSAGES 5
804 #elif (TLS_MAX_KEY_UPDATE_MESSAGES < 0)
805  #error TLS_MAX_KEY_UPDATE_MESSAGES parameter is not valid
806 #endif
807 
808 //Application specific context (TLS context)
809 #ifndef TLS_PRIVATE_CONTEXT
810  #define TLS_PRIVATE_CONTEXT
811 #endif
812 
813 //Application specific context (encryption engine)
814 #ifndef TLS_PRIVATE_ENCRYPTION_ENGINE
815  #define TLS_PRIVATE_ENCRYPTION_ENGINE
816 #endif
817 
818 //Allocate memory block
819 #ifndef tlsAllocMem
820  #define tlsAllocMem(size) osAllocMem(size)
821 #endif
822 
823 //Deallocate memory block
824 #ifndef tlsFreeMem
825  #define tlsFreeMem(p) osFreeMem(p)
826 #endif
827 
828 //Support for Diffie-Hellman?
829 #if ((TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
830  (TLS_DH_ANON_KE_SUPPORT == ENABLED || TLS_DHE_RSA_KE_SUPPORT == ENABLED || \
831  TLS_DHE_DSS_KE_SUPPORT == ENABLED || TLS_DHE_PSK_KE_SUPPORT == ENABLED))
832  #define TLS_DH_SUPPORT ENABLED
833 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
834  (TLS13_DHE_KE_SUPPORT == ENABLED || TLS13_PSK_DHE_KE_SUPPORT == ENABLED))
835  #define TLS_DH_SUPPORT ENABLED
836 #else
837  #define TLS_DH_SUPPORT DISABLED
838 #endif
839 
840 //Support for ECDH?
841 #if ((TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
842  (TLS_ECDH_ANON_KE_SUPPORT == ENABLED || TLS_ECDHE_RSA_KE_SUPPORT == ENABLED || \
843  TLS_ECDHE_ECDSA_KE_SUPPORT == ENABLED || TLS_ECDHE_PSK_KE_SUPPORT == ENABLED))
844  #define TLS_ECDH_SUPPORT ENABLED
845 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
846  (TLS13_ECDHE_KE_SUPPORT == ENABLED || TLS13_PSK_ECDHE_KE_SUPPORT == ENABLED))
847  #define TLS_ECDH_SUPPORT ENABLED
848 #else
849  #define TLS_ECDH_SUPPORT DISABLED
850 #endif
851 
852 //Support for RSA?
853 #if ((TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
854  (TLS_RSA_SIGN_SUPPORT == ENABLED || TLS_RSA_PSS_SIGN_SUPPORT == ENABLED || \
855  TLS_RSA_KE_SUPPORT == ENABLED || TLS_DHE_RSA_KE_SUPPORT == ENABLED || \
856  TLS_ECDHE_RSA_KE_SUPPORT == ENABLED || TLS_RSA_PSK_KE_SUPPORT == ENABLED))
857  #define TLS_RSA_SUPPORT ENABLED
858 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
859  (TLS_RSA_SIGN_SUPPORT == ENABLED || TLS_RSA_PSS_SIGN_SUPPORT == ENABLED))
860  #define TLS_RSA_SUPPORT ENABLED
861 #else
862  #define TLS_RSA_SUPPORT DISABLED
863 #endif
864 
865 //Support for PSK?
866 #if ((TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2) && \
867  (TLS_PSK_KE_SUPPORT == ENABLED || TLS_RSA_PSK_KE_SUPPORT == ENABLED || \
868  TLS_DHE_PSK_KE_SUPPORT == ENABLED || TLS_ECDHE_PSK_KE_SUPPORT == ENABLED))
869  #define TLS_PSK_SUPPORT ENABLED
870 #elif ((TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3) && \
871  (TLS13_PSK_KE_SUPPORT == ENABLED || TLS13_PSK_DHE_KE_SUPPORT == ENABLED || \
872  TLS13_PSK_ECDHE_KE_SUPPORT == ENABLED))
873  #define TLS_PSK_SUPPORT ENABLED
874 #else
875  #define TLS_PSK_SUPPORT DISABLED
876 #endif
877 
878 //Maximum size for HKDF digests
879 #if (TLS_SHA384_SUPPORT == ENABLED)
880  #define TLS_MAX_HKDF_DIGEST_SIZE 48
881 #else
882  #define TLS_MAX_HKDF_DIGEST_SIZE 32
883 #endif
884 
885 //Bind TLS to a particular socket
886 #define tlsSetSocket(context, socket) tlsSetSocketCallbacks(context, \
887  (TlsSocketSendCallback) socketSend, (TlsSocketReceiveCallback) socketReceive, \
888  (TlsSocketHandle) socket)
889 
890 //Minimum plaintext record length
891 #define TLS_MIN_RECORD_LENGTH 512
892 //Maximum plaintext record length
893 #define TLS_MAX_RECORD_LENGTH 16384
894 //Data overhead caused by record encryption
895 #define TLS_MAX_RECORD_OVERHEAD 512
896 //Size of client and server random values
897 #define TLS_RANDOM_SIZE 32
898 
899 //C++ guard
900 #ifdef __cplusplus
901 extern "C" {
902 #endif
903 
904 
905 /**
906  * @brief TLS transport protocols
907  **/
908 
909 typedef enum
910 {
914 
915 
916 /**
917  * @brief TLS connection end
918  **/
919 
920 typedef enum
921 {
925 
926 
927 /**
928  * @brief Client authentication mode
929  **/
930 
931 typedef enum
932 {
937 
938 
939 /**
940  * @brief Early data status
941  **/
942 
943 typedef enum
944 {
948 
949 
950 /**
951  * @brief Flags used by read and write functions
952  **/
953 
954 typedef enum
955 {
956  TLS_FLAG_PEEK = 0x0200,
962  TLS_FLAG_DELAY = 0x8000
964 
965 
966 //The TLS_FLAG_BREAK macro causes the read function to stop reading
967 //data whenever the specified break character is encountered
968 #define TLS_FLAG_BREAK(c) (TLS_FLAG_BREAK_CHAR | LSB(c))
969 
970 
971 /**
972  * @brief Content type
973  **/
974 
975 typedef enum
976 {
984  TLS_TYPE_ACK = 26
986 
987 
988 /**
989  * @brief Handshake message type
990  **/
991 
992 typedef enum
993 {
1017  TLS_TYPE_MESSAGE_HASH = 254
1019 
1020 
1021 /**
1022  * @brief Alert level
1023  **/
1024 
1025 typedef enum
1026 {
1029 } TlsAlertLevel;
1030 
1031 
1032 /**
1033  * @brief Alert description
1034  **/
1035 
1036 typedef enum
1037 {
1074 
1075 
1076 /**
1077  * @brief Compression methods
1078  **/
1079 
1080 typedef enum
1081 {
1085 
1086 
1087 /**
1088  * @brief Key exchange methods
1089  **/
1090 
1091 typedef enum
1092 {
1118 
1119 
1120 /**
1121  * @brief Certificate formats
1122  **/
1123 
1124 typedef enum
1125 {
1131 
1132 
1133 /**
1134  * @brief Certificate types
1135  **/
1136 
1137 typedef enum
1138 {
1152  TLS_CERT_RSA_PSS_SIGN = 256, //For internal use only
1153  TLS_CERT_ED25519_SIGN = 257, //For internal use only
1154  TLS_CERT_ED448_SIGN = 258 //For internal use only
1156 
1157 
1158 /**
1159  * @brief Hash algorithms
1160  **/
1161 
1162 typedef enum
1163 {
1173 
1174 
1175 /**
1176  * @brief Signature algorithms
1177  **/
1178 
1179 typedef enum
1180 {
1199 
1200 
1201 /**
1202  * @brief TLS extension types
1203  **/
1204 
1205 typedef enum
1206 {
1261 
1262 
1263 /**
1264  * @brief Name type
1265  **/
1266 
1267 typedef enum
1268 {
1271 
1272 
1273 /**
1274  * @brief Maximum fragment length
1275  **/
1276 
1277 typedef enum
1278 {
1284 
1285 
1286 /**
1287  * @brief Named groups
1288  **/
1289 
1290 typedef enum
1291 {
1293  TLS_GROUP_SECT163K1 = 1, //RFC 4492
1294  TLS_GROUP_SECT163R1 = 2, //RFC 4492
1295  TLS_GROUP_SECT163R2 = 3, //RFC 4492
1296  TLS_GROUP_SECT193R1 = 4, //RFC 4492
1297  TLS_GROUP_SECT193R2 = 5, //RFC 4492
1298  TLS_GROUP_SECT233K1 = 6, //RFC 4492
1299  TLS_GROUP_SECT233R1 = 7, //RFC 4492
1300  TLS_GROUP_SECT239K1 = 8, //RFC 4492
1301  TLS_GROUP_SECT283K1 = 9, //RFC 4492
1302  TLS_GROUP_SECT283R1 = 10, //RFC 4492
1303  TLS_GROUP_SECT409K1 = 11, //RFC 4492
1304  TLS_GROUP_SECT409R1 = 12, //RFC 4492
1305  TLS_GROUP_SECT571K1 = 13, //RFC 4492
1306  TLS_GROUP_SECT571R1 = 14, //RFC 4492
1307  TLS_GROUP_SECP160K1 = 15, //RFC 4492
1308  TLS_GROUP_SECP160R1 = 16, //RFC 4492
1309  TLS_GROUP_SECP160R2 = 17, //RFC 4492
1310  TLS_GROUP_SECP192K1 = 18, //RFC 4492
1311  TLS_GROUP_SECP192R1 = 19, //RFC 4492
1312  TLS_GROUP_SECP224K1 = 20, //RFC 4492
1313  TLS_GROUP_SECP224R1 = 21, //RFC 4492
1314  TLS_GROUP_SECP256K1 = 22, //RFC 4492
1315  TLS_GROUP_SECP256R1 = 23, //RFC 4492
1316  TLS_GROUP_SECP384R1 = 24, //RFC 4492
1317  TLS_GROUP_SECP521R1 = 25, //RFC 4492
1318  TLS_GROUP_BRAINPOOLP256R1 = 26, //RFC 7027
1319  TLS_GROUP_BRAINPOOLP384R1 = 27, //RFC 7027
1320  TLS_GROUP_BRAINPOOLP512R1 = 28, //RFC 7027
1321  TLS_GROUP_ECDH_X25519 = 29, //RFC 8422
1322  TLS_GROUP_ECDH_X448 = 30, //RFC 8422
1326  TLS_GROUP_GC256A = 34, //RFC 9189
1327  TLS_GROUP_GC256B = 35, //RFC 9189
1328  TLS_GROUP_GC256C = 36, //RFC 9189
1329  TLS_GROUP_GC256D = 37, //RFC 9189
1330  TLS_GROUP_GC512A = 38, //RFC 9189
1331  TLS_GROUP_GC512B = 39, //RFC 9189
1332  TLS_GROUP_GC512C = 40, //RFC 9189
1333  TLS_GROUP_SM2 = 41, //RFC 8998
1334  TLS_GROUP_FFDHE2048 = 256, //RFC 7919
1335  TLS_GROUP_FFDHE3072 = 257, //RFC 7919
1336  TLS_GROUP_FFDHE4096 = 258, //RFC 7919
1337  TLS_GROUP_FFDHE6144 = 259, //RFC 7919
1338  TLS_GROUP_FFDHE8192 = 260, //RFC 7919
1339  TLS_GROUP_FFDHE_MAX = 511, //RFC 7919
1341  TLS_GROUP_EXPLICIT_CHAR2_CURVE = 65282 //RFC 4492
1343 
1344 
1345 /**
1346  * @brief EC point formats
1347  **/
1348 
1349 typedef enum
1350 {
1355 
1356 
1357 /**
1358  * @brief EC curve types
1359  **/
1360 
1361 typedef enum
1362 {
1367 
1368 
1369 /**
1370  * @brief TLS FSM states
1371  **/
1372 
1373 typedef enum
1374 {
1407  TLS_STATE_CLOSED = 32
1409 
1410 
1411 //CodeWarrior or Win32 compiler?
1412 #if defined(__CWCC__) || defined(_WIN32)
1413  #pragma pack(push, 1)
1414 #endif
1415 
1416 
1417 /**
1418  * @brief Sequence number
1419  **/
1420 
1421 typedef __start_packed struct
1422 {
1423  uint8_t b[8];
1425 
1426 
1427 /**
1428  * @brief Cipher suites
1429  **/
1430 
1431 typedef __start_packed struct
1432 {
1433  uint16_t length; //0-1
1434  uint16_t value[]; //2
1436 
1437 
1438 /**
1439  * @brief Compression methods
1440  **/
1441 
1442 typedef __start_packed struct
1443 {
1444  uint8_t length; //0
1445  uint8_t value[]; //1
1447 
1448 
1449 /**
1450  * @brief Signature algorithm
1451  **/
1452 
1453 typedef __start_packed struct
1454 {
1455  uint8_t hash; //0
1456  uint8_t signature; //1
1458 
1459 
1460 /**
1461  * @brief List of signature algorithms
1462  **/
1463 
1464 typedef __start_packed struct
1465 {
1466  uint16_t length; //0-1
1467  TlsSignHashAlgo value[]; //2
1469 
1470 
1471 /**
1472  * @brief List of certificates
1473  **/
1474 
1475 typedef __start_packed struct
1476 {
1477  uint8_t length[3]; //0-2
1478  uint8_t value[]; //3
1480 
1481 
1482 /**
1483  * @brief List of certificate authorities
1484  **/
1485 
1486 typedef __start_packed struct
1487 {
1488  uint16_t length; //0-1
1489  uint8_t value[]; //2
1491 
1492 
1493 /**
1494  * @brief TLS extension
1495  **/
1496 
1497 typedef __start_packed struct
1498 {
1499  uint16_t type; //0-1
1500  uint16_t length; //2-3
1501  uint8_t value[]; //4
1503 
1504 
1505 /**
1506  * @brief List of TLS extensions
1507  **/
1508 
1509 typedef __start_packed struct
1510 {
1511  uint16_t length; //0-1
1512  uint8_t value[]; //2
1514 
1515 
1516 /**
1517  * @brief List of supported versions
1518  **/
1519 
1520 typedef __start_packed struct
1521 {
1522  uint8_t length; //0
1523  uint16_t value[]; //1
1525 
1526 
1527 /**
1528  * @brief Server name
1529  **/
1530 
1531 typedef __start_packed struct
1532 {
1533  uint8_t type; //0
1534  uint16_t length; //1-2
1537 
1538 
1539 /**
1540  * @brief List of server names
1541  **/
1542 
1543 typedef __start_packed struct
1544 {
1545  uint16_t length; //0-1
1546  uint8_t value[]; //2
1548 
1549 
1550 /**
1551  * @brief Protocol name
1552  **/
1553 
1554 typedef __start_packed struct
1555 {
1556  uint8_t length; //0
1557  char_t value[]; //1
1559 
1560 
1561 /**
1562  * @brief List of protocol names
1563  **/
1564 
1565 typedef __start_packed struct
1566 {
1567  uint16_t length; //0-1
1568  uint8_t value[]; //2
1570 
1571 
1572 /**
1573  * @brief List of supported groups
1574  **/
1575 
1576 typedef __start_packed struct
1577 {
1578  uint16_t length; //0-1
1579  uint16_t value[]; //2
1581 
1582 
1583 /**
1584  * @brief List of supported EC point formats
1585  **/
1586 
1587 typedef __start_packed struct
1588 {
1589  uint8_t length; //0
1590  uint8_t value[]; //1
1592 
1593 
1594 /**
1595  * @brief List of supported certificate types
1596  **/
1597 
1598 typedef __start_packed struct
1599 {
1600  uint8_t length; //0
1601  uint8_t value[]; //1
1603 
1604 
1605 /**
1606  * @brief Renegotiated connection
1607  **/
1608 
1609 typedef __start_packed struct
1610 {
1611  uint8_t length; //0
1612  uint8_t value[]; //1
1614 
1615 
1616 /**
1617  * @brief PSK identity
1618  **/
1619 
1620 typedef __start_packed struct
1621 {
1622  uint16_t length; //0-1
1623  uint8_t value[]; //2
1625 
1626 
1627 /**
1628  * @brief PSK identity hint
1629  **/
1630 
1631 typedef __start_packed struct
1632 {
1633  uint16_t length; //0-1
1634  uint8_t value[]; //2
1636 
1637 
1638 /**
1639  * @brief Digitally-signed element (TLS 1.0 and TLS 1.1)
1640  **/
1641 
1642 typedef __start_packed struct
1643 {
1644  uint16_t length; //0-1
1645  uint8_t value[]; //2
1647 
1648 
1649 /**
1650  * @brief Digitally-signed element (TLS 1.2)
1651  **/
1652 
1653 typedef __start_packed struct
1654 {
1656  uint16_t length; //2-3
1657  uint8_t value[]; //4
1659 
1660 
1661 /**
1662  * @brief TLS record
1663  **/
1664 
1665 typedef __start_packed struct
1666 {
1667  uint8_t type; //0
1668  uint16_t version; //1-2
1669  uint16_t length; //3-4
1670  uint8_t data[]; //5
1672 
1673 
1674 /**
1675  * @brief TLS handshake message
1676  **/
1677 
1678 typedef __start_packed struct
1679 {
1680  uint8_t msgType; //0
1681  uint8_t length[3]; //1-3
1682  uint8_t data[]; //4
1684 
1685 
1686 /**
1687  * @brief HelloRequest message
1688  **/
1689 
1690 typedef void TlsHelloRequest;
1691 
1692 
1693 /**
1694  * @brief ClientHello message
1695  **/
1696 
1697 typedef __start_packed struct
1698 {
1699  uint16_t clientVersion; //0-1
1700  uint8_t random[32]; //2-33
1701  uint8_t sessionIdLen; //34
1702  uint8_t sessionId[]; //35
1704 
1705 
1706 /**
1707  * @brief ServerHello message
1708  **/
1709 
1710 typedef __start_packed struct
1711 {
1712  uint16_t serverVersion; //0-1
1713  uint8_t random[32]; //2-33
1714  uint8_t sessionIdLen; //34
1715  uint8_t sessionId[]; //35
1717 
1718 
1719 /**
1720  * @brief Certificate message
1721  **/
1722 
1723 typedef void TlsCertificate;
1724 
1725 
1726 /**
1727  * @brief ServerKeyExchange message
1728  **/
1729 
1731 
1732 
1733 /**
1734  * @brief CertificateRequest message
1735  **/
1736 
1737 typedef __start_packed struct
1738 {
1739  uint8_t certificateTypesLen; //0
1740  uint8_t certificateTypes[]; //1
1742 
1743 
1744 /**
1745  * @brief ServerHelloDone message
1746  **/
1747 
1748 typedef void TlsServerHelloDone;
1749 
1750 
1751 /**
1752  * @brief ClientKeyExchange message
1753  **/
1754 
1756 
1757 
1758 /**
1759  * @brief CertificateVerify message
1760  **/
1761 
1763 
1764 
1765 /**
1766  * @brief NewSessionTicket message
1767  **/
1768 
1769 typedef __start_packed struct
1770 {
1771  uint32_t ticketLifetimeHint; //0-3
1772  uint16_t ticketLen; //4-5
1773  uint8_t ticket[]; //6
1775 
1776 
1777 /**
1778  * @brief Finished message
1779  **/
1780 
1781 typedef void TlsFinished;
1782 
1783 
1784 /**
1785  * @brief ChangeCipherSpec message
1786  **/
1787 
1788 typedef __start_packed struct
1789 {
1790  uint8_t type; //0
1792 
1793 
1794 /**
1795  * @brief Alert message
1796  **/
1797 
1798 typedef __start_packed struct
1799 {
1800  uint8_t level; //0
1801  uint8_t description; //1
1803 
1804 
1805 /**
1806  * @brief Session state information
1807  **/
1808 
1809 typedef __start_packed struct
1810 {
1811  uint16_t version; ///<Protocol version
1812  uint16_t cipherSuite; ///<Cipher suite identifier
1813  uint8_t secret[TLS_MASTER_SECRET_SIZE]; ///<Master secret
1814  systime_t ticketTimestamp; ///<Timestamp to manage ticket lifetime
1815  uint32_t ticketLifetime; ///<Lifetime of the ticket
1816 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
1817  bool_t extendedMasterSecret; ///<Extended master secret computation
1818 #endif
1820 
1821 
1822 //CodeWarrior or Win32 compiler?
1823 #if defined(__CWCC__) || defined(_WIN32)
1824  #pragma pack(pop)
1825 #endif
1826 
1827 
1828 /**
1829  * @brief Socket handle
1830  **/
1831 
1832 typedef void *TlsSocketHandle;
1833 
1834 
1835 /**
1836  * @brief TLS state change callback
1837  **/
1838 
1839 typedef void (*TlsStateChangeCallback)(TlsContext *context, TlsState state);
1840 
1841 
1842 /**
1843  * @brief Socket send callback function
1844  **/
1845 
1847  const void *data, size_t length, size_t *written, uint_t flags);
1848 
1849 
1850 /**
1851  * @brief Socket receive callback function
1852  **/
1853 
1855  void *data, size_t size, size_t *received, uint_t flags);
1856 
1857 
1858 /**
1859  * @brief ALPN callback function
1860  **/
1861 
1862 typedef error_t (*TlsAlpnCallback)(TlsContext *context,
1863  const char_t *selectedProtocol);
1864 
1865 
1866 /**
1867  * @brief Pre-shared key callback function
1868  **/
1869 
1870 typedef error_t (*TlsPskCallback)(TlsContext *context,
1871  const uint8_t *pskIdentity, size_t pskIdentityLen);
1872 
1873 
1874 /**
1875  * @brief Certificate verification callback function
1876  **/
1877 
1879  const X509CertificateInfo *certInfo, uint_t pathLen, void *param);
1880 
1881 
1882 /**
1883  * @brief Raw public key verification callback function
1884  **/
1885 
1887  const uint8_t *rawPublicKey, size_t rawPublicKeyLen);
1888 
1889 
1890 /**
1891  * @brief Ticket encryption callback function
1892  **/
1893 
1895  const uint8_t *plaintext, size_t plaintextLen, uint8_t *ciphertext,
1896  size_t *ciphertextLen, void *param);
1897 
1898 
1899 /**
1900  * @brief Ticket decryption callback function
1901  **/
1902 
1904  const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext,
1905  size_t *plaintextLen, void *param);
1906 
1907 
1908 /**
1909  * @brief ECDH key agreement callback function
1910  **/
1911 
1912 typedef error_t (*TlsEcdhCallback)(TlsContext *context);
1913 
1914 
1915 /**
1916  * @brief ECDSA signature generation callback function
1917  **/
1918 
1920  const uint8_t *digest, size_t digestLen, EcdsaSignature *signature);
1921 
1922 
1923 /**
1924  * @brief ECDSA signature verification callback function
1925  **/
1926 
1928  const uint8_t *digest, size_t digestLen, EcdsaSignature *signature);
1929 
1930 
1931 /**
1932  * @brief Key logging callback function (for debugging purpose only)
1933  **/
1934 
1935 typedef void (*TlsKeyLogCallback)(TlsContext *context, const char_t *key);
1936 
1937 
1938 /**
1939  * @brief Structure describing a cipher suite
1940  **/
1941 
1942 typedef struct
1943 {
1944  uint16_t identifier;
1945  const char_t *name;
1951  uint8_t macKeyLen;
1952  uint8_t encKeyLen;
1953  uint8_t fixedIvLen;
1954  uint8_t recordIvLen;
1955  uint8_t authTagLen;
1956  uint8_t verifyDataLen;
1958 
1959 
1960 /**
1961  * @brief TLS session state
1962  **/
1963 
1964 typedef struct
1965 {
1966  uint16_t version; ///<TLS protocol version
1967  uint16_t cipherSuite; ///<Cipher suite identifier
1968  systime_t timestamp; ///<Time stamp to manage entry lifetime
1969  uint8_t secret[TLS_MASTER_SECRET_SIZE]; ///<Master secret (TLS 1.2) or ticket PSK (TLS 1.3)
1970 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
1971  uint8_t sessionId[32]; ///<Session identifier
1972  size_t sessionIdLen; ///<Length of the session identifier
1973  bool_t extendedMasterSecret; ///<Extended master secret computation
1974 #endif
1975  uint8_t *ticket; ///<Session ticket
1976  size_t ticketLen; ///<Length of the session ticket
1977 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
1978  systime_t ticketTimestamp; ///<Timestamp to manage ticket lifetime
1979  uint32_t ticketLifetime; ///<Lifetime of the ticket
1980  uint32_t ticketAgeAdd; ///<Random value used to obscure the age of the ticket
1981  TlsHashAlgo ticketHashAlgo; ///<Hash algorithm associated with the ticket
1982  char_t *ticketAlpn; ///<ALPN protocol associated with the ticket
1983  uint32_t maxEarlyDataSize; ///<Maximum amount of 0-RTT data that the client is allowed to send
1984 #endif
1985 #if (TLS_SNI_SUPPORT == ENABLED)
1986  char_t *serverName; ///<ServerName extension
1987 #endif
1988 } TlsSessionState;
1989 
1990 
1991 /**
1992  * @brief Session cache
1993  **/
1994 
1995 typedef struct
1996 {
1997  OsMutex mutex; ///<Mutex preventing simultaneous access to the cache
1998  uint_t size; ///<Maximum number of entries
1999  TlsSessionState sessions[]; ///<Cache entries
2000 } TlsCache;
2001 
2002 
2003 /**
2004  * @brief Certificate descriptor
2005  **/
2006 
2007 typedef struct
2008 {
2009  const char_t *certChain; ///<End entity certificate chain (PEM format)
2010  size_t certChainLen; ///<Length of the certificate chain
2011  const char_t *privateKey; ///<Private key (PEM format)
2012  size_t privateKeyLen; ///<Length of the private key
2013  char_t password[TLS_MAX_PASSWORD_LEN + 1]; ///<Password used to decrypt the private key
2014  TlsCertificateType type; ///<End entity certificate type
2015  TlsSignatureAlgo signAlgo; ///<Signature algorithm used to sign the end entity certificate
2016  TlsHashAlgo hashAlgo; ///<Hash algorithm used to sign the end entity certificate
2017  TlsNamedGroup namedCurve; ///<Named curve used to generate the EC public key
2018 } TlsCertDesc;
2019 
2020 
2021 /**
2022  * @brief Hello extensions
2023  **/
2024 
2025 typedef struct
2026 {
2027  const TlsSupportedVersionList *supportedVersionList; ///<SupportedVersions extension (ClientHello)
2028  const TlsExtension *selectedVersion; ///<SupportedVersions extension (ServerHello)
2029  const TlsServerNameList *serverNameList; ///<ServerName extension
2030  const TlsSupportedGroupList *supportedGroupList; ///<SupportedGroups extension
2031  const TlsEcPointFormatList *ecPointFormatList; ///<EcPointFormats extension
2032  const TlsSignHashAlgos *signAlgoList; ///<SignatureAlgorithms extension
2033  const TlsSignHashAlgos *certSignAlgoList; ///<SignatureAlgorithmsCert extension
2034 #if (TLS_MAX_FRAG_LEN_SUPPORT == ENABLED)
2035  const TlsExtension *maxFragLen; ///<MaxFragmentLength extension
2036 #endif
2037 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
2038  const TlsExtension *recordSizeLimit; ///<RecordSizeLimit extension
2039 #endif
2040 #if (TLS_ALPN_SUPPORT == ENABLED)
2041  const TlsProtocolNameList *protocolNameList; ///<ALPN extension
2042 #endif
2043 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
2044  const TlsCertTypeList *clientCertTypeList; ///<ClientCertType extension
2046  const TlsCertTypeList *serverCertTypeList; ///<ServerCertType extension
2048 #endif
2049 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
2050  const TlsExtension *extendedMasterSecret; ///<ExtendedMasterSecret extension
2051 #endif
2052 #if (TLS_TICKET_SUPPORT == ENABLED)
2053  const TlsExtension *sessionTicket; ///<SessionTicket extension
2054 #endif
2055 #if (TLS_SECURE_RENEGOTIATION_SUPPORT == ENABLED)
2056  const TlsRenegoInfo *renegoInfo; ///<RenegotiationInfo extension
2057 #endif
2058 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
2059  const Tls13Cookie *cookie; ///<Cookie extension
2060  const TlsCertAuthorities *certAuthorities; ///<CertificateAuthorities extension
2061  const Tls13KeyShareList *keyShareList; ///<KeyShare extension (ClientHello)
2062  const TlsExtension *selectedGroup; ///<KeyShare extension (HelloRetryRequest)
2063  const Tls13KeyShareEntry *serverShare; ///<KeyShare extension (ServerHello)
2064  const Tls13PskKeModeList *pskKeModeList; ///<PskKeyExchangeModes extension
2065  const Tls13PskIdentityList *identityList; ///<PreSharedKey extension (ClientHello)
2067  const TlsExtension *selectedIdentity; ///<PreSharedKey extension (ServerHello)
2068  const TlsExtension *earlyDataIndication; ///<EarlyData extension
2069 #endif
2071 
2072 
2073 /**
2074  * @brief Encryption engine
2075  **/
2076 
2078 {
2079  uint16_t version; ///<Negotiated TLS version
2080  uint8_t macKey[48]; ///<MAC key
2081  size_t macKeyLen; ///<Length of the MAC key
2082  uint8_t encKey[48]; ///<Encryption key
2083  size_t encKeyLen; ///<Length of the encryption key
2084  uint8_t iv[16]; ///<Initialization vector
2085  size_t fixedIvLen; ///<Length of the fixed part of the IV
2086  size_t recordIvLen; ///<Length of the IV
2087  size_t authTagLen; ///<Length of the authentication tag
2088  const CipherAlgo *cipherAlgo; ///<Cipher algorithm
2089  void *cipherContext; ///<Cipher context
2090  CipherMode cipherMode; ///<Cipher mode of operation
2091  const HashAlgo *hashAlgo; ///<Hash algorithm for MAC operations
2092  HmacContext *hmacContext; ///<HMAC context
2093 #if (TLS_GCM_CIPHER_SUPPORT == ENABLED)
2094  GcmContext *gcmContext; ///<GCM context
2095 #endif
2096  TlsSequenceNumber seqNum; ///<TLS sequence number
2097 #if (DTLS_SUPPORT == ENABLED)
2098  uint16_t epoch; ///<Counter value incremented on every cipher state change
2099  DtlsSequenceNumber dtlsSeqNum; ///<Record sequence number
2100 #endif
2101 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
2102  size_t recordSizeLimit; ///<Maximum size of record in octets
2103  TLS_PRIVATE_ENCRYPTION_ENGINE ///<Application specific context
2104 #endif
2105 };
2106 
2107 
2108 /**
2109  * @brief TLS context
2110  *
2111  * An opaque data structure that represents a TLS connection
2112  *
2113  **/
2114 
2116 {
2117  TlsState state; ///<TLS handshake finite state machine
2118  TlsTransportProtocol transportProtocol; ///<Transport protocol (stream or datagram)
2119  TlsConnectionEnd entity; ///<Client or server operation
2120 
2121  TlsStateChangeCallback stateChangeCallback; ///<TLS state change callback function
2122 
2123  TlsSocketHandle socketHandle; ///<Socket handle
2124  TlsSocketSendCallback socketSendCallback; ///<Socket send callback function
2125  TlsSocketReceiveCallback socketReceiveCallback; ///<Socket receive callback function
2126 
2127  const PrngAlgo *prngAlgo; ///<Pseudo-random number generator to be used
2128  void *prngContext; ///<Pseudo-random number generator context
2129 
2130  const uint16_t *cipherSuites; ///<List of supported cipher suites
2131  uint_t numCipherSuites; ///<Number of cipher suites in the list
2132 
2133  const uint16_t *supportedGroups; ///<List of supported named groups
2134  uint_t numSupportedGroups; ///<Number of named groups in the list
2135 
2136  char_t *serverName; ///<Fully qualified DNS hostname of the server
2137 
2138 #if (TLS_ECC_CALLBACK_SUPPORT == ENABLED)
2142 #endif
2143 
2144  TlsCertDesc certs[TLS_MAX_CERTIFICATES]; ///<End entity certificates (PEM format)
2145  uint_t numCerts; ///<Number of certificates available
2146  const char_t *trustedCaList; ///<Trusted CA list (PEM format)
2147  size_t trustedCaListLen; ///<Total length of the trusted CA list
2148  TlsCertVerifyCallback certVerifyCallback; ///<Certificate verification callback function
2149  void *certVerifyParam; ///<Opaque pointer passed to the certificate verification callback
2150  TlsCertDesc *cert; ///<Pointer to the currently selected certificate
2151 
2152  TlsCache *cache; ///<TLS session cache
2153  uint8_t sessionId[32]; ///<Session identifier
2154  size_t sessionIdLen; ///<Length of the session identifier
2155 
2156  uint16_t clientVersion; ///<Latest version supported by the client
2157  uint16_t version; ///<Negotiated TLS version
2158  uint16_t versionMin; ///<Minimum version accepted by the implementation
2159  uint16_t versionMax; ///<Maximum version accepted by the implementation
2160 
2161  uint8_t *cookie; ///<Cookie
2162  size_t cookieLen; ///<Length of the cookie
2163 
2164  uint8_t *ticket; ///<Session ticket
2165  size_t ticketLen; ///<Length of the session ticket
2166  systime_t ticketTimestamp; ///<Timestamp to manage ticket lifetime
2167  uint32_t ticketLifetime; ///<Lifetime of the ticket
2168 
2169  TlsCipherSuiteInfo cipherSuite; ///<Negotiated cipher suite
2170  TlsKeyExchMethod keyExchMethod; ///<Key exchange method
2171  TlsSignatureAlgo signAlgo; ///<Signature algorithm to be used
2172  TlsHashAlgo signHashAlgo; ///<Hash algorithm used for signing
2173  uint16_t namedGroup; ///<ECDHE or FFDHE named group
2174 
2175  TlsCertificateType peerCertType; ///<Peer's certificate type
2176  TlsClientAuthMode clientAuthMode; ///<Client authentication mode
2177  bool_t clientCertRequested; ///<This flag tells whether the client certificate is requested
2178 
2179  bool_t resume; ///<The connection is established by resuming a session
2180  bool_t fatalAlertSent; ///<A fatal alert message has been sent
2181  bool_t fatalAlertReceived; ///<A fatal alert message has been received from the peer
2182  bool_t closeNotifySent; ///<A closure alert has been sent
2183  bool_t closeNotifyReceived; ///<A closure alert has been received from the peer
2184 
2185  uint8_t *txBuffer; ///<TX buffer
2186  size_t txBufferSize; ///<TX buffer size
2187  size_t txBufferMaxLen; ///<Maximum number of plaintext data the TX buffer can hold
2188  TlsContentType txBufferType; ///<Type of data that resides in the TX buffer
2189  size_t txBufferLen; ///<Number of bytes that are pending to be sent
2190  size_t txBufferPos; ///<Current position in TX buffer
2191  size_t txRecordLen; ///<Length of the TLS record
2192  size_t txRecordPos; ///<Current position in the TLS record
2193 
2194  uint8_t *rxBuffer; ///<RX buffer
2195  size_t rxBufferSize; ///<RX buffer size
2196  size_t rxBufferMaxLen; ///<Maximum number of plaintext data the RX buffer can hold
2197  TlsContentType rxBufferType; ///<Type of data that resides in the RX buffer
2198  size_t rxBufferLen; ///<Number of bytes available for reading
2199  size_t rxBufferPos; ///<Current position in RX buffer
2200  size_t rxRecordLen; ///<Length of the TLS record
2201  size_t rxRecordPos; ///<Current position in the TLS record
2202 
2203  uint8_t clientRandom[TLS_RANDOM_SIZE]; ///<Client random value
2204  uint8_t serverRandom[TLS_RANDOM_SIZE]; ///<Server random value
2205  uint8_t premasterSecret[TLS_PREMASTER_SECRET_SIZE]; ///<Premaster secret
2206  size_t premasterSecretLen; ///<Length of the premaster secret
2207  uint8_t clientVerifyData[64]; ///<Client verify data
2208  size_t clientVerifyDataLen; ///<Length of the client verify data
2209  uint8_t serverVerifyData[64]; ///<Server verify data
2210  size_t serverVerifyDataLen; ///<Length of the server verify data
2211 
2212  TlsEncryptionEngine encryptionEngine; ///<Encryption engine
2213  TlsEncryptionEngine decryptionEngine; ///<Decryption engine
2214 
2215 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_0)
2216  size_t txLastRecordLen; ///<Length of the previous TLS record
2217 #endif
2218 
2219 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_1)
2220  Md5Context *transcriptMd5Context; ///<MD5 context used to compute verify data
2221 #endif
2222 
2223 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
2224  uint8_t masterSecret[TLS_MASTER_SECRET_SIZE]; ///<Master secret
2225  uint8_t keyBlock[192]; ///<Key material
2226  HmacContext hmacContext; ///<HMAC context
2227  Sha1Context *transcriptSha1Context; ///<SHA-1 context used to compute verify data
2228 #endif
2229 
2230 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
2231  HashContext *transcriptHashContext; ///<Hash context used to compute verify data
2232 #endif
2233 
2234 #if (TLS_MAX_VERSION >= TLS_VERSION_1_3 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
2235  uint16_t preferredGroup; ///<Preferred ECDHE or FFDHE named group
2236  systime_t clientHelloTimestamp; ///<Time at which the ClientHello message was sent
2237  bool_t updatedClientHelloReceived; ///<An updated ClientHello message has been received
2238  uint8_t *certRequestContext; ///<Certificate request context
2239  size_t certRequestContextLen; ///<Length of the certificate request context
2240  int_t selectedIdentity; ///<Selected PSK identity
2241  bool_t pskKeModeSupported; ///<PSK key establishment supported by the client
2242 
2251 
2252  uint_t newSessionTicketCount; ///<Number of NewSessionTicket messages that have been sent
2253 
2254  uint8_t ticketPsk[TLS_MAX_HKDF_DIGEST_SIZE]; ///<PSK associated with the ticket
2255  size_t ticketPskLen; ///<Length of the PSK associated with the ticket
2256  uint32_t ticketAgeAdd; ///<Random value used to obscure the age of the ticket
2257  uint32_t ticketNonce; ///<A per-ticket value that is unique across all tickets issued
2258  uint16_t ticketCipherSuite; ///<Cipher suite associated with the ticket
2259  TlsHashAlgo ticketHashAlgo; ///<Hash algorithm associated with the ticket
2260  char_t *ticketAlpn; ///<ALPN protocol associated with the ticket
2261 
2262  size_t maxEarlyDataSize; ///<Maximum amount of 0-RTT data that the client is allowed to send
2263  size_t earlyDataLen; ///<Total amount of 0-RTT data that have been sent by the client
2264  bool_t earlyDataEnabled; ///<EarlyData is enabled
2265  bool_t earlyDataRejected; ///<The 0-RTT data have been rejected by the server
2266  bool_t earlyDataExtReceived; ///<The EarlyData extension has been received
2267  TlsSequenceNumber earlyDataSeqNum; ///<Early data sequence number
2268 #endif
2269 
2270 #if (TLS_DH_SUPPORT == ENABLED)
2271  DhContext dhContext; ///<Diffie-Hellman context
2272 #endif
2273 
2274 #if (TLS_ECDH_SUPPORT == ENABLED)
2275  EcdhContext ecdhContext; ///<ECDH context
2276  bool_t ecPointFormatsExtReceived; ///<The EcPointFormats extension has been received
2277 #endif
2278 
2279 #if (TLS_RSA_SUPPORT == ENABLED)
2280  RsaPublicKey peerRsaPublicKey; ///<Peer's RSA public key
2281 #endif
2282 
2283 #if (TLS_DSA_SIGN_SUPPORT == ENABLED)
2284  DsaPublicKey peerDsaPublicKey; ///<Peer's DSA public key
2285 #endif
2286 
2287 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED || TLS_EDDSA_SIGN_SUPPORT == ENABLED)
2288  EcDomainParameters peerEcParams; ///<Peer's EC domain parameters
2289  EcPublicKey peerEcPublicKey; ///<Peer's EC public key
2290 #endif
2291 
2292 #if (TLS_PSK_SUPPORT == ENABLED)
2293  uint8_t *psk; ///<Pre-shared key
2294  size_t pskLen; ///<Length of the pre-shared key, in bytes
2295  char_t *pskIdentity; ///<PSK identity
2296  char_t *pskIdentityHint; ///<PSK identity hint
2297  TlsPskCallback pskCallback; ///<PSK callback function
2298  uint16_t pskCipherSuite; ///<Cipher suite associated with the PSK
2299  TlsHashAlgo pskHashAlgo; ///<Hash algorithm associated with the PSK
2300 #endif
2301 
2302 #if (TLS_MAX_FRAG_LEN_SUPPORT == ENABLED)
2303  size_t maxFragLen; ///<Maximum plaintext fragment length
2304  bool_t maxFragLenExtReceived; ///<The MaxFragmentLength extension has been received
2305 #endif
2306 
2307 #if (TLS_RECORD_SIZE_LIMIT_SUPPORT == ENABLED)
2308  size_t recordSizeLimit; ///<Maximum record size the peer is willing to receive
2309  bool_t recordSizeLimitExtReceived; ///<The RecordSizeLimit extension has been received
2310 #endif
2311 
2312 #if (TLS_ALPN_SUPPORT == ENABLED)
2313  bool_t unknownProtocolsAllowed; ///<Unknown ALPN protocols allowed
2314  char_t *protocolList; ///<List of supported ALPN protocols
2315  char_t *selectedProtocol; ///<Selected ALPN protocol
2316  TlsAlpnCallback alpnCallback; ///<ALPN callback function
2317 #endif
2318 
2319 #if (TLS_EXT_MASTER_SECRET_SUPPORT == ENABLED)
2320  bool_t emsExtReceived; ///<The ExtendedMasterSecret extension has been received
2321 #endif
2322 
2323 #if (TLS_RAW_PUBLIC_KEY_SUPPORT == ENABLED)
2324  TlsCertificateFormat certFormat; ///<Certificate format
2325  TlsCertificateFormat peerCertFormat; ///<Peer's certificate format
2326  TlsRpkVerifyCallback rpkVerifyCallback; ///<Raw public key verification callback function
2327  bool_t clientCertTypeExtReceived; ///<The ClientCertType extension has been received
2328  bool_t serverCertTypeExtReceived; ///<The ServerCertType extension has been received
2329 #endif
2330 
2331 #if (TLS_TICKET_SUPPORT == ENABLED)
2332  bool_t sessionTicketEnabled; ///<Session ticket mechanism enabled
2333  bool_t sessionTicketExtReceived; ///<The SessionTicket extension has been received
2334  bool_t sessionTicketExtSent; ///<The SessionTicket extension has been sent
2335  TlsTicketEncryptCallback ticketEncryptCallback; ///<Ticket encryption callback function
2336  TlsTicketDecryptCallback ticketDecryptCallback; ///<Ticket decryption callback function
2337  void *ticketParam; ///<Opaque pointer passed to the ticket callbacks
2338 #endif
2339 
2340 #if (TLS_SECURE_RENEGOTIATION_SUPPORT == ENABLED)
2341  bool_t secureRenegoEnabled; ///<Secure renegotiation enabled
2342  bool_t secureRenegoFlag; ///<Secure renegotiation flag
2343 #endif
2344 
2345 #if (TLS_FALLBACK_SCSV_SUPPORT == ENABLED)
2346  bool_t fallbackScsvEnabled; ///<Support for FALLBACK_SCSV
2347 #endif
2348 
2349 #if (TLS_KEY_LOG_SUPPORT == ENABLED)
2350  TlsKeyLogCallback keyLogCallback; ///<Key logging callback (for debugging purpose only)
2351 #endif
2352 
2353 #if (TLS_MAX_WARNING_ALERTS > 0)
2354  uint_t alertCount; ///<Count of consecutive warning alerts
2355 #endif
2356 
2357 #if (TLS_MAX_EMPTY_RECORDS > 0)
2358  uint_t emptyRecordCount; ///<Count of consecutive empty records
2359 #endif
2360 
2361 #if (TLS_MAX_CHANGE_CIPHER_SPEC_MESSAGES > 0)
2362  uint_t changeCipherSpecCount; ///<Count of consecutive ChangeCipherSpec messages
2363 #endif
2364 
2365 #if (TLS_MAX_KEY_UPDATE_MESSAGES > 0)
2366  uint_t keyUpdateCount; ///<Count of consecutive KeyUpdate messages
2367 #endif
2368 
2369 #if (DTLS_SUPPORT == ENABLED)
2370  size_t pmtu; ///<PMTU value
2371  systime_t timeout; ///<Timeout for blocking calls
2373 
2374  DtlsCookieGenerateCallback cookieGenerateCallback; ///<Cookie generation callback function
2375  DtlsCookieVerifyCallback cookieVerifyCallback; ///<Cookie verification callback function
2376  void *cookieParam; ///<Opaque pointer passed to the cookie callbacks
2377 
2378  uint_t retransmitCount; ///<Retransmission counter
2379  systime_t retransmitTimestamp; ///<Time at which the datagram was sent
2380  systime_t retransmitTimeout; ///<Retransmission timeout
2381 
2382  uint16_t txMsgSeq; ///<Send sequence number
2383  size_t txDatagramLen; ///<Length of the outgoing datagram, in bytes
2384 
2385  uint16_t rxMsgSeq; ///<Next receive sequence number
2386  size_t rxFragQueueLen; ///<Length of the reassembly queue
2387  size_t rxDatagramLen; ///<Length of the incoming datagram, in bytes
2389  uint16_t rxRecordVersion; ///<Version of the incoming record
2390 
2392 #endif
2393 
2394 #if (DTLS_SUPPORT == ENABLED && DTLS_REPLAY_DETECTION_SUPPORT == ENABLED)
2395  bool_t replayDetectionEnabled; ///<Anti-replay mechanism enabled
2396  uint32_t replayWindow[(DTLS_REPLAY_WINDOW_SIZE + 31) / 32];
2397 #endif
2398 
2399  TLS_PRIVATE_CONTEXT ///<Application specific context
2400 };
2401 
2402 
2403 //TLS application programming interface (API)
2404 TlsContext *tlsInit(void);
2405 TlsState tlsGetState(TlsContext *context);
2406 
2408  TlsStateChangeCallback stateChangeCallback);
2409 
2411  TlsSocketSendCallback socketSendCallback,
2412  TlsSocketReceiveCallback socketReceiveCallback, TlsSocketHandle handle);
2413 
2414 error_t tlsSetVersion(TlsContext *context, uint16_t versionMin,
2415  uint16_t versionMax);
2416 
2418  TlsTransportProtocol transportProtocol);
2419 
2421 
2422 error_t tlsSetPrng(TlsContext *context, const PrngAlgo *prngAlgo,
2423  void *prngContext);
2424 
2425 error_t tlsSetServerName(TlsContext *context, const char_t *serverName);
2426 const char_t *tlsGetServerName(TlsContext *context);
2427 
2428 error_t tlsSetCache(TlsContext *context, TlsCache *cache);
2430 
2431 error_t tlsSetBufferSize(TlsContext *context, size_t txBufferSize,
2432  size_t rxBufferSize);
2433 
2434 error_t tlsSetMaxFragmentLength(TlsContext *context, size_t maxFragLen);
2435 
2436 error_t tlsSetCipherSuites(TlsContext *context, const uint16_t *cipherSuites,
2437  uint_t length);
2438 
2439 error_t tlsSetSupportedGroups(TlsContext *context, const uint16_t *groups,
2440  uint_t length);
2441 
2442 error_t tlsSetPreferredGroup(TlsContext *context, uint16_t group);
2443 
2444 error_t tlsSetDhParameters(TlsContext *context, const char_t *params,
2445  size_t length);
2446 
2447 error_t tlsSetEcdhCallback(TlsContext *context, TlsEcdhCallback ecdhCallback);
2448 
2450  TlsEcdsaSignCallback ecdsaSignCallback);
2451 
2453  TlsEcdsaVerifyCallback ecdsaVerifyCallback);
2454 
2456  TlsKeyLogCallback keyLogCallback);
2457 
2459 error_t tlsSetAlpnProtocolList(TlsContext *context, const char_t *protocolList);
2460 error_t tlsSetAlpnCallback(TlsContext *context, TlsAlpnCallback alpnCallback);
2461 const char_t *tlsGetAlpnProtocol(TlsContext *context);
2462 
2463 error_t tlsSetPsk(TlsContext *context, const uint8_t *psk, size_t length);
2464 error_t tlsSetPskIdentity(TlsContext *context, const char_t *pskIdentity);
2465 error_t tlsSetPskIdentityHint(TlsContext *context, const char_t *pskIdentityHint);
2466 error_t tlsSetPskCallback(TlsContext *context, TlsPskCallback pskCallback);
2467 
2469  TlsRpkVerifyCallback rpkVerifyCallback);
2470 
2471 error_t tlsSetTrustedCaList(TlsContext *context, const char_t *trustedCaList,
2472  size_t length);
2473 
2474 error_t tlsAddCertificate(TlsContext *context, const char_t *certChain,
2475  size_t certChainLen, const char_t *privateKey, size_t privateKeyLen);
2476 
2478  const char_t *certChain, size_t certChainLen, const char_t *privateKey,
2479  size_t privateKeyLen, const char_t *password);
2480 
2482  TlsCertVerifyCallback certVerifyCallback, void *param);
2483 
2486 error_t tlsEnableFallbackScsv(TlsContext *context, bool_t enabled);
2487 
2489  TlsTicketEncryptCallback ticketEncryptCallback,
2490  TlsTicketDecryptCallback ticketDecryptCallback, void *param);
2491 
2492 error_t tlsSetPmtu(TlsContext *context, size_t pmtu);
2493 error_t tlsSetTimeout(TlsContext *context, systime_t timeout);
2494 
2496  DtlsCookieGenerateCallback cookieGenerateCallback,
2497  DtlsCookieVerifyCallback cookieVerifyCallback, void *param);
2498 
2500 
2501 error_t tlsSetMaxEarlyDataSize(TlsContext *context, size_t maxEarlyDataSize);
2502 
2503 error_t tlsWriteEarlyData(TlsContext *context, const void *data,
2504  size_t length, size_t *written, uint_t flags);
2505 
2506 error_t tlsConnect(TlsContext *context);
2507 
2509 
2510 error_t tlsWrite(TlsContext *context, const void *data,
2511  size_t length, size_t *written, uint_t flags);
2512 
2513 error_t tlsRead(TlsContext *context, void *data,
2514  size_t size, size_t *received, uint_t flags);
2515 
2516 bool_t tlsIsTxReady(TlsContext *context);
2517 bool_t tlsIsRxReady(TlsContext *context);
2518 
2519 error_t tlsShutdown(TlsContext *context);
2520 error_t tlsShutdownEx(TlsContext *context, bool_t waitForCloseNotify);
2521 
2522 void tlsFree(TlsContext *context);
2523 
2525 
2526 error_t tlsSaveSessionState(const TlsContext *context,
2527  TlsSessionState *session);
2528 
2530  const TlsSessionState *session);
2531 
2532 void tlsFreeSessionState(TlsSessionState *session);
2533 
2535 void tlsFreeCache(TlsCache *cache);
2536 
2537 //C++ guard
2538 #ifdef __cplusplus
2539 }
2540 #endif
2541 
2542 #endif
@ TLS_CERT_ECDSA_FIXED_ECDH
Definition: tls.h:1149
error_t tlsSetCertificateVerifyCallback(TlsContext *context, TlsCertVerifyCallback certVerifyCallback, void *param)
Set certificate verification callback.
Definition: tls.c:1370
@ TLS13_KEY_EXCH_PSK
Definition: tls.h:1114
__start_packed struct @14 TlsSupportedGroupList
List of supported groups.
TlsRpkVerifyCallback rpkVerifyCallback
Raw public key verification callback function.
Definition: tls.h:2326
@ TLS_EXT_PSK_KEY_EXCHANGE_MODES
Definition: tls.h:1246
@ TLS_GROUP_BRAINPOOLP512R1_TLS13
Definition: tls.h:1325
size_t ticketLen
Length of the session ticket.
Definition: tls.h:1976
@ TLS_TYPE_MESSAGE_HASH
Definition: tls.h:1017
@ TLS_EXT_MAX_FRAGMENT_LENGTH
Definition: tls.h:1208
@ TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA256
Definition: tls.h:1185
DTLS (Datagram Transport Layer Security)
ECDSA signature.
Definition: ecdsa.h:49
@ TLS_SIGN_ALGO_DSA
Definition: tls.h:1183
uint8_t sessionId[32]
Session identifier.
Definition: tls.h:2153
@ TLS_CERT_FORMAT_RAW_PUBLIC_KEY
Definition: tls.h:1128
X.509 common definitions.
uint8_t masterSecret[TLS_MASTER_SECRET_SIZE]
Master secret.
Definition: tls.h:2224
@ TLS_ALERT_DECODE_ERROR
Definition: tls.h:1054
@ TLS_GROUP_SECT163R2
Definition: tls.h:1295
size_t sessionIdLen
Length of the session identifier.
Definition: tls.h:2154
@ TLS_ALERT_UNEXPECTED_MESSAGE
Definition: tls.h:1039
EcPublicKey peerEcPublicKey
Peer's EC public key.
Definition: tls.h:2289
@ TLS_GROUP_BRAINPOOLP256R1_TLS13
Definition: tls.h:1323
bool_t ecPointFormatsExtReceived
The EcPointFormats extension has been received.
Definition: tls.h:2276
Generic hash algorithm context.
uint16_t length
Definition: tls.h:1433
TlsHashAlgo ticketHashAlgo
Hash algorithm associated with the ticket.
Definition: tls.h:2259
__start_packed struct @1 TlsCipherSuites
Cipher suites.
uint8_t secret[TLS_MAX_HKDF_DIGEST_SIZE]
Definition: tls.h:2243
@ TLS_STATE_HELLO_RETRY_REQUEST
Definition: tls.h:1380
int bool_t
Definition: compiler_port.h:53
@ TLS_SIGN_ALGO_ECDSA_BRAINPOOLP512R1_TLS13_SHA512
Definition: tls.h:1195
@ TLS_GROUP_SECP160R2
Definition: tls.h:1309
HMAC algorithm context.
Definition: hmac.h:59
uint_t numSupportedGroups
Number of named groups in the list.
Definition: tls.h:2134
uint8_t encKey[48]
Encryption key.
Definition: tls.h:2082
uint32_t ticketLifetimeHint
Definition: tls.h:1771
uint16_t cipherSuite
Cipher suite identifier.
Definition: tls.h:1812
@ TLS_EXT_OID_FILTERS
Definition: tls.h:1248
@ TLS_TYPE_NEW_CONNECTION_ID
Definition: tls.h:1003
@ TLS_ALERT_CERTIFICATE_REQUIRED
Definition: tls.h:1071
error_t(* TlsTicketEncryptCallback)(TlsContext *context, const uint8_t *plaintext, size_t plaintextLen, uint8_t *ciphertext, size_t *ciphertextLen, void *param)
Ticket encryption callback function.
Definition: tls.h:1894
uint8_t * cookie
Cookie.
Definition: tls.h:2161
char_t * pskIdentity
PSK identity.
Definition: tls.h:2295
const Tls13PskKeModeList * pskKeModeList
PskKeyExchangeModes extension.
Definition: tls.h:2064
@ TLS_ALERT_CLOSE_NOTIFY
Definition: tls.h:1038
error_t tlsConnect(TlsContext *context)
Initiate the TLS handshake.
Definition: tls.c:1720
@ TLS_ALERT_NO_RENEGOTIATION
Definition: tls.h:1063
@ TLS_SIGN_ALGO_ANONYMOUS
Definition: tls.h:1181
systime_t ticketTimestamp
Timestamp to manage ticket lifetime.
Definition: tls.h:1978
void TlsServerHelloDone
ServerHelloDone message.
Definition: tls.h:1748
bool_t secureRenegoFlag
Secure renegotiation flag.
Definition: tls.h:2342
@ TLS13_KEY_EXCH_PSK_DHE
Definition: tls.h:1115
error_t(* TlsEcdsaVerifyCallback)(TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
ECDSA signature verification callback function.
Definition: tls.h:1927
error_t tlsSetEcdsaSignCallback(TlsContext *context, TlsEcdsaSignCallback ecdsaSignCallback)
ECDSA signature generation callback function.
Definition: tls.c:731
signed int int_t
Definition: compiler_port.h:49
DtlsSequenceNumber dtlsSeqNum
Record sequence number.
Definition: tls.h:2099
#define TLS_MAX_PASSWORD_LEN
Definition: tls.h:719
@ TLS_CERT_FORMAT_OPENPGP
Definition: tls.h:1127
@ TLS_STATE_SERVER_KEY_EXCHANGE
Definition: tls.h:1387
const TlsExtension * sessionTicket
SessionTicket extension.
Definition: tls.h:2053
@ TLS_TYPE_SERVER_HELLO_DONE
Definition: tls.h:1007
size_t premasterSecretLen
Length of the premaster secret.
Definition: tls.h:2206
@ TLS_COMPRESSION_METHOD_NULL
Definition: tls.h:1082
@ TLS_SIGN_ALGO_GOSTR34102012_256
Definition: tls.h:1196
@ TLS_ALERT_ILLEGAL_PARAMETER
Definition: tls.h:1051
@ TLS_GROUP_SECT571K1
Definition: tls.h:1305
TlsKeyExchMethod keyExchMethod
Key exchange method.
Definition: tls.h:2170
TlsEcPointFormat
EC point formats.
Definition: tls.h:1350
uint8_t * ticket
Session ticket.
Definition: tls.h:1975
#define PrngAlgo
Definition: crypto.h:861
@ TLS_EXT_CLIENT_AUTHZ
Definition: tls.h:1214
@ TLS_EARLY_DATA_REJECTED
Definition: tls.h:945
uint32_t ticketLifetime
Lifetime of the ticket.
Definition: tls.h:2167
@ TLS_EXT_PWD_PROTECT
Definition: tls.h:1235
TlsCache * tlsInitCache(uint_t size)
Session cache initialization.
Definition: tls_cache.c:51
error_t tlsShutdownEx(TlsContext *context, bool_t waitForCloseNotify)
Gracefully close TLS session.
Definition: tls.c:2273
@ TLS_ALERT_UNSUPPORTED_EXTENSION
Definition: tls.h:1065
TlsState
TLS FSM states.
Definition: tls.h:1374
@ TLS_TYPE_CERTIFICATE_STATUS
Definition: tls.h:1012
const Tls13PskBinderList * binderList
Definition: tls.h:2066
uint8_t clientRandom[TLS_RANDOM_SIZE]
Client random value.
Definition: tls.h:2203
size_t rxBufferSize
RX buffer size.
Definition: tls.h:2195
bool_t closeNotifySent
A closure alert has been sent.
Definition: tls.h:2182
@ TLS_EXT_SUPPORTED_VERSIONS
Definition: tls.h:1244
ECDSA (Elliptic Curve Digital Signature Algorithm)
uint16_t versionMin
Minimum version accepted by the implementation.
Definition: tls.h:2158
bool_t maxFragLenExtReceived
The MaxFragmentLength extension has been received.
Definition: tls.h:2304
TlsState tlsGetState(TlsContext *context)
Retrieve current TLS state.
Definition: tls.c:194
@ TLS_ALERT_RECORD_OVERFLOW
Definition: tls.h:1042
uint16_t version
Protocol version.
Definition: tls.h:1668
#define TLS_PRIVATE_CONTEXT
Definition: tls.h:810
TlsTransportProtocol transportProtocol
Transport protocol (stream or datagram)
Definition: tls.h:2118
size_t txRecordPos
Current position in the TLS record.
Definition: tls.h:2192
@ TLS_EXT_EXTERNAL_ID_HASH
Definition: tls.h:1254
TlsConnectionEnd
TLS connection end.
Definition: tls.h:921
size_t rxDatagramPos
Definition: tls.h:2388
const TlsExtension * selectedGroup
KeyShare extension (HelloRetryRequest)
Definition: tls.h:2062
systime_t timestamp
Time stamp to manage entry lifetime.
Definition: tls.h:1968
@ TLS_GROUP_SECP256K1
Definition: tls.h:1314
uint8_t * txBuffer
TX buffer.
Definition: tls.h:2185
TlsContext * tlsInit(void)
TLS context initialization.
Definition: tls.c:66
error_t tlsSetStateChangeCallback(TlsContext *context, TlsStateChangeCallback stateChangeCallback)
Register TLS state change callback.
Definition: tls.c:220
bool_t fatalAlertSent
A fatal alert message has been sent.
Definition: tls.h:2180
HashContext * transcriptHashContext
Hash context used to compute verify data.
Definition: tls.h:2231
uint8_t clientHsTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
Definition: tls.h:2245
@ TLS_GROUP_EXPLICIT_CHAR2_CURVE
Definition: tls.h:1341
error_t(* DtlsCookieGenerateCallback)(TlsContext *context, const DtlsClientParameters *clientParams, uint8_t *cookie, size_t *length, void *param)
DTLS cookie generation callback function.
Definition: dtls_misc.h:236
TlsConnectionEnd entity
Client or server operation.
Definition: tls.h:2119
@ TLS_SIGN_ALGO_RSA_PSS_PSS_SHA384
Definition: tls.h:1191
@ TLS_EXT_PWD_CLEAR
Definition: tls.h:1236
TlsCertificateFormat peerCertFormat
Peer's certificate format.
Definition: tls.h:2325
@ TLS_STATE_CERTIFICATE_REQUEST
Definition: tls.h:1389
void * cookieParam
Opaque pointer passed to the cookie callbacks.
Definition: tls.h:2376
@ TLS_TYPE_CHANGE_CIPHER_SPEC
Definition: tls.h:978
size_t maxFragLen
Maximum plaintext fragment length.
Definition: tls.h:2303
const TlsProtocolNameList * protocolNameList
ALPN extension.
Definition: tls.h:2041
@ TLS_GROUP_SECP256R1
Definition: tls.h:1315
const TlsExtension * earlyDataIndication
EarlyData extension.
Definition: tls.h:2068
error_t tlsRestoreSessionState(TlsContext *context, const TlsSessionState *session)
Restore TLS session.
Definition: tls.c:2645
@ TLS_TYPE_HANDSHAKE
Definition: tls.h:980
error_t tlsSetAlpnCallback(TlsContext *context, TlsAlpnCallback alpnCallback)
Register ALPN callback function.
Definition: tls.c:887
#define TLS_PRIVATE_ENCRYPTION_ENGINE
Definition: tls.h:815
error_t(* TlsSocketReceiveCallback)(TlsSocketHandle handle, void *data, size_t size, size_t *received, uint_t flags)
Socket receive callback function.
Definition: tls.h:1854
@ TLS_GROUP_SECP224K1
Definition: tls.h:1312
TlsHashAlgo hashAlgo
Hash algorithm used to sign the end entity certificate.
Definition: tls.h:2016
@ TLS_EXT_CONNECTION_ID
Definition: tls.h:1253
TlsTicketDecryptCallback ticketDecryptCallback
Ticket decryption callback function.
Definition: tls.h:2336
TlsCertificateType type
End entity certificate type.
Definition: tls.h:2014
X.509 certificate.
Definition: x509_common.h:940
@ TLS_GROUP_SECT239K1
Definition: tls.h:1300
bool_t clientCertTypeExtReceived
The ClientCertType extension has been received.
Definition: tls.h:2327
size_t pmtu
PMTU value.
Definition: tls.h:2370
@ TLS_TRANSPORT_PROTOCOL_DATAGRAM
Definition: tls.h:912
TlsSignatureAlgo signAlgo
Signature algorithm to be used.
Definition: tls.h:2171
@ TLS_TYPE_COMPRESSED_CERTIFICATE
Definition: tls.h:1015
@ TLS_ALERT_ACCESS_DENIED
Definition: tls.h:1053
uint8_t signature
Definition: tls.h:1456
@ TLS_KEY_EXCH_SRP_SHA_RSA
Definition: tls.h:1110
@ TLS_ALERT_INSUFFICIENT_SECURITY
Definition: tls.h:1059
#define DTLS_REPLAY_WINDOW_SIZE
Definition: dtls_misc.h:69
@ TLS_CERT_FORTEZZA_DMS
Definition: tls.h:1146
HmacContext * hmacContext
HMAC context.
Definition: tls.h:2092
TlsMessageType
Handshake message type.
Definition: tls.h:993
TlsSocketHandle socketHandle
Socket handle.
Definition: tls.h:2123
const char_t * name
Definition: tls.h:1945
Structure describing a cipher suite.
Definition: tls.h:1943
@ TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE
Definition: tls.h:1069
@ TLS_HASH_ALGO_SHA1
Definition: tls.h:1166
@ TLS_STATE_APPLICATION_DATA
Definition: tls.h:1405
@ TLS_COMPRESSION_METHOD_DEFLATE
Definition: tls.h:1083
size_t txDatagramLen
Length of the outgoing datagram, in bytes.
Definition: tls.h:2383
size_t sessionIdLen
Length of the session identifier.
Definition: tls.h:1972
size_t authTagLen
Length of the authentication tag.
Definition: tls.h:2087
@ TLS_GROUP_GC512A
Definition: tls.h:1330
@ TLS_ALERT_DECOMPRESSION_FAILURE
Definition: tls.h:1043
const TlsCertTypeList * clientCertTypeList
ClientCertType extension.
Definition: tls.h:2044
bool_t secureRenegoEnabled
Secure renegotiation enabled.
Definition: tls.h:2341
@ TLS_GROUP_GC256D
Definition: tls.h:1329
error_t tlsSetVersion(TlsContext *context, uint16_t versionMin, uint16_t versionMax)
Set minimum and maximum versions permitted.
Definition: tls.c:276
@ TLS_KEY_EXCH_DH_DSS
Definition: tls.h:1097
ECDH (Elliptic Curve Diffie-Hellman) key exchange.
TlsHashAlgo
Hash algorithms.
Definition: tls.h:1163
bool_t closeNotifyReceived
A closure alert has been received from the peer.
Definition: tls.h:2183
error_t tlsSetMaxFragmentLength(TlsContext *context, size_t maxFragLen)
Set maximum fragment length.
Definition: tls.c:557
@ TLS_ALERT_CERTIFICATE_UNOBTAINABLE
Definition: tls.h:1066
const HashAlgo * hashAlgo
Hash algorithm for MAC operations.
Definition: tls.h:2091
@ TLS_ALERT_NO_CERTIFICATE
Definition: tls.h:1045
@ TLS_TYPE_ACK
Definition: tls.h:984
TlsEncryptionEngine prevEncryptionEngine
Definition: tls.h:2391
TlsAlpnCallback alpnCallback
ALPN callback function.
Definition: tls.h:2316
TlsStateChangeCallback stateChangeCallback
TLS state change callback function.
Definition: tls.h:2121
@ TLS13_KEY_EXCH_ECDHE
Definition: tls.h:1113
@ TLS_STATE_SERVER_APP_TRAFFIC_KEYS
Definition: tls.h:1402
@ TLS_CERT_DSS_SIGN
Definition: tls.h:1141
@ TLS_KEY_EXCH_SRP_SHA_DSS
Definition: tls.h:1111
void * prngContext
Pseudo-random number generator context.
Definition: tls.h:2128
TlsAlertDescription
Alert description.
Definition: tls.h:1037
CipherMode cipherMode
Definition: tls.h:1948
__start_packed struct @23 TlsHandshake
TLS handshake message.
error_t tlsSetAlpnProtocolList(TlsContext *context, const char_t *protocolList)
Set the list of supported ALPN protocols.
Definition: tls.c:838
uint16_t value[]
Definition: tls.h:1434
OsMutex mutex
Mutex preventing simultaneous access to the cache.
Definition: tls.h:1997
@ TLS_EXT_TICKET_PINNING
Definition: tls.h:1238
uint8_t clientVerifyData[64]
Client verify data.
Definition: tls.h:2207
@ TLS_SIGN_ALGO_RSA_PSS_PSS_SHA512
Definition: tls.h:1192
DhContext dhContext
Diffie-Hellman context.
Definition: tls.h:2271
@ TLS_EXT_SERVER_AUTHZ
Definition: tls.h:1215
@ TLS_GROUP_SM2
Definition: tls.h:1333
@ TLS_ALERT_DECRYPT_ERROR
Definition: tls.h:1055
@ TLS_KEY_EXCH_ECDH_RSA
Definition: tls.h:1100
char_t * ticketAlpn
ALPN protocol associated with the ticket.
Definition: tls.h:2260
TlsContentType txBufferType
Type of data that resides in the TX buffer.
Definition: tls.h:2188
Session cache.
Definition: tls.h:1996
__start_packed struct @25 TlsServerHello
ServerHello message.
TlsTicketEncryptCallback ticketEncryptCallback
Ticket encryption callback function.
Definition: tls.h:2335
const TlsSignHashAlgos * signAlgoList
SignatureAlgorithms extension.
Definition: tls.h:2032
EC domain parameters.
Definition: ec.h:76
size_t rxDatagramLen
Length of the incoming datagram, in bytes.
Definition: tls.h:2387
const TlsSupportedVersionList * supportedVersionList
SupportedVersions extension (ClientHello)
Definition: tls.h:2027
systime_t retransmitTimeout
Retransmission timeout.
Definition: tls.h:2380
size_t pskLen
Length of the pre-shared key, in bytes.
Definition: tls.h:2294
uint16_t rxMsgSeq
Next receive sequence number.
Definition: tls.h:2385
uint8_t certificateTypes[]
Definition: tls.h:1740
uint8_t * psk
Pre-shared key.
Definition: tls.h:2293
uint_t emptyRecordCount
Count of consecutive empty records.
Definition: tls.h:2358
size_t earlyDataLen
Total amount of 0-RTT data that have been sent by the client.
Definition: tls.h:2263
#define TLS_RANDOM_SIZE
Definition: tls.h:897
@ TLS_GROUP_BRAINPOOLP256R1
Definition: tls.h:1318
@ TLS_EXT_COMPRESS_CERTIFICATE
Definition: tls.h:1233
size_t fixedIvLen
Length of the fixed part of the IV.
Definition: tls.h:2085
@ TLS_EXT_EARLY_DATA
Definition: tls.h:1243
@ TLS_EXT_TRUNCATED_HMAC
Definition: tls.h:1211
@ TLS_EXT_SESSION_TICKET
Definition: tls.h:1240
@ TLS_TYPE_END_OF_EARLY_DATA
Definition: tls.h:999
uint8_t authTagLen
Definition: tls.h:1955
error_t(* TlsSocketSendCallback)(TlsSocketHandle handle, const void *data, size_t length, size_t *written, uint_t flags)
Socket send callback function.
Definition: tls.h:1846
__start_packed struct @27 TlsNewSessionTicket
NewSessionTicket message.
@ TLS_GROUP_FFDHE6144
Definition: tls.h:1337
error_t tlsAllowUnknownAlpnProtocols(TlsContext *context, bool_t allowed)
Allow unknown ALPN protocols.
Definition: tls.c:812
@ TLS_SIGN_ALGO_ED448
Definition: tls.h:1189
@ TLS_MAX_FRAGMENT_LENGTH_4096
Definition: tls.h:1282
@ TLS_HASH_ALGO_NONE
Definition: tls.h:1164
__start_packed struct @3 Tls13PskKeModeList
List of PSK key exchange modes.
error_t tlsSetTimeout(TlsContext *context, systime_t timeout)
Set timeout for blocking calls (for DTLS only)
Definition: tls.c:1536
uint16_t preferredGroup
Preferred ECDHE or FFDHE named group.
Definition: tls.h:2235
size_t maxEarlyDataSize
Maximum amount of 0-RTT data that the client is allowed to send.
Definition: tls.h:2262
const Tls13Cookie * cookie
Cookie extension.
Definition: tls.h:2059
@ TLS_EXT_QUIC_TRANSPORT_PARAMETERS
Definition: tls.h:1256
TlsKeyExchMethod keyExchMethod
Definition: tls.h:1946
error_t tlsSetCache(TlsContext *context, TlsCache *cache)
Set session cache.
Definition: tls.c:466
uint8_t sessionIdLen
Definition: tls.h:1701
uint8_t serverVerifyData[64]
Server verify data.
Definition: tls.h:2209
@ TLS_STATE_CLIENT_HELLO
Definition: tls.h:1376
bool_t extendedMasterSecret
Extended master secret computation.
Definition: tls.h:1817
@ TLS_ALERT_EXPORT_RESTRICTION
Definition: tls.h:1057
error_t tlsSetPsk(TlsContext *context, const uint8_t *psk, size_t length)
Set the pre-shared key to be used.
Definition: tls.c:940
uint8_t * rxBuffer
RX buffer.
Definition: tls.h:2194
TLS 1.3 helper functions.
const Tls13KeyShareEntry * serverShare
KeyShare extension (ServerHello)
Definition: tls.h:2063
@ TLS_EXT_SERVER_NAME
Definition: tls.h:1207
@ TLS_EXT_SIGNATURE_ALGORITHMS_CERT
Definition: tls.h:1250
uint8_t level
Definition: tls.h:1800
@ TLS_HASH_ALGO_SHA224
Definition: tls.h:1167
@ TLS_KEY_EXCH_RSA
Definition: tls.h:1094
const Tls13KeyShareList * keyShareList
KeyShare extension (ClientHello)
Definition: tls.h:2061
uint8_t resumptionMasterSecret[TLS_MAX_HKDF_DIGEST_SIZE]
Definition: tls.h:2250
CipherMode cipherMode
Cipher mode of operation.
Definition: tls.h:2090
@ TLS_EXT_CERT_TYPE
Definition: tls.h:1216
error_t(* TlsAlpnCallback)(TlsContext *context, const char_t *selectedProtocol)
ALPN callback function.
Definition: tls.h:1862
__start_packed struct @29 TlsAlert
Alert message.
@ TLS_EXT_SUPPORTED_EKT_CIPHERS
Definition: tls.h:1241
@ TLS_TYPE_CERTIFICATE
Definition: tls.h:1004
Encryption engine.
Definition: tls.h:2078
@ TLS_CERT_RSA_EPHEMERAL_DH
Definition: tls.h:1144
@ TLS_ALERT_UNKNOWN_CA
Definition: tls.h:1052
void TlsFinished
Finished message.
Definition: tls.h:1781
@ TLS_STATE_SERVER_HELLO
Definition: tls.h:1381
@ TLS_STATE_HELLO_VERIFY_REQUEST
Definition: tls.h:1379
@ TLS_EXT_TRUSTED_CA_KEYS
Definition: tls.h:1210
error_t(* TlsRpkVerifyCallback)(TlsContext *context, const uint8_t *rawPublicKey, size_t rawPublicKeyLen)
Raw public key verification callback function.
Definition: tls.h:1886
uint32_t ticketNonce
A per-ticket value that is unique across all tickets issued.
Definition: tls.h:2257
const TlsCertTypeList * serverCertTypeList
ServerCertType extension.
Definition: tls.h:2046
size_t recordSizeLimit
Maximum record size the peer is willing to receive.
Definition: tls.h:2308
@ TLS_ALERT_LEVEL_WARNING
Definition: tls.h:1027
size_t txBufferSize
TX buffer size.
Definition: tls.h:2186
@ TLS_HASH_ALGO_SHA512
Definition: tls.h:1170
uint16_t cipherSuite
Cipher suite identifier.
Definition: tls.h:1967
@ TLS_ALERT_UNKNOWN_PSK_IDENTITY
Definition: tls.h:1070
const TlsExtension * maxFragLen
MaxFragmentLength extension.
Definition: tls.h:2035
@ TLS_KEY_EXCH_ECDHE_ECDSA
Definition: tls.h:1103
error_t tlsSetSocketCallbacks(TlsContext *context, TlsSocketSendCallback socketSendCallback, TlsSocketReceiveCallback socketReceiveCallback, TlsSocketHandle handle)
Set socket send and receive callbacks.
Definition: tls.c:244
TlsKeyLogCallback keyLogCallback
Key logging callback (for debugging purpose only)
Definition: tls.h:2350
__start_packed struct @2 TlsCompressMethods
Compression methods.
@ TLS_STATE_KEY_UPDATE
Definition: tls.h:1404
@ TLS_CERT_FORMAT_1609DOT2
Definition: tls.h:1129
@ TLS_KEY_EXCH_ECDHE_RSA
Definition: tls.h:1101
const TlsEcPointFormatList * ecPointFormatList
EcPointFormats extension.
Definition: tls.h:2031
uint16_t version
Negotiated TLS version.
Definition: tls.h:2157
__start_packed struct @9 TlsSupportedVersionList
List of supported versions.
size_t certChainLen
Length of the certificate chain.
Definition: tls.h:2010
uint16_t clientVersion
Definition: tls.h:1699
Diffie-Hellman context.
Definition: dh.h:60
@ TLS_KEY_EXCH_ECDH_ANON
Definition: tls.h:1104
uint8_t premasterSecret[TLS_PREMASTER_SECRET_SIZE]
Premaster secret.
Definition: tls.h:2205
__start_packed struct @3 TlsSignHashAlgo
Signature algorithm.
__start_packed struct @7 Tls13PskBinderList
List of PSK binders.
Diffie-Hellman key exchange.
size_t rxRecordLen
Length of the TLS record.
Definition: tls.h:2200
DSA public key.
Definition: dsa.h:61
HmacContext hmacContext
HMAC context.
Definition: tls.h:2226
uint8_t serverHsTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
Definition: tls.h:2246
@ TLS_FLAG_PEEK
Definition: tls.h:956
const char_t * trustedCaList
Trusted CA list (PEM format)
Definition: tls.h:2146
uint32_t ticketAgeAdd
Random value used to obscure the age of the ticket.
Definition: tls.h:2256
uint8_t * ticket
Session ticket.
Definition: tls.h:2164
@ TLS_GROUP_GC256B
Definition: tls.h:1327
__start_packed struct @2 Tls13KeyShareList
List of key shares.
size_t clientVerifyDataLen
Length of the client verify data.
Definition: tls.h:2208
@ TLS_GROUP_ECDH_X25519
Definition: tls.h:1321
TlsCertificateFormat
Certificate formats.
Definition: tls.h:1125
@ TLS_EXT_CLIENT_CERT_TYPE
Definition: tls.h:1226
#define TlsContext
Definition: tls.h:36
error_t
Error codes.
Definition: error.h:43
@ TLS_ALERT_BAD_RECORD_MAC
Definition: tls.h:1040
error_t tlsShutdown(TlsContext *context)
Gracefully close TLS session.
Definition: tls.c:2260
size_t txRecordLen
Length of the TLS record.
Definition: tls.h:2191
@ TLS_EXT_EXTENDED_MASTER_SECRET
Definition: tls.h:1230
@ TLS_CERT_ED25519_SIGN
Definition: tls.h:1153
@ TLS_CONNECTION_END_SERVER
Definition: tls.h:923
size_t cookieLen
Length of the cookie.
Definition: tls.h:2162
void tlsFreeSessionState(TlsSessionState *session)
Properly dispose a session state.
Definition: tls.c:2698
@ TLS_EXT_TOKEN_BINDING
Definition: tls.h:1231
void(* TlsStateChangeCallback)(TlsContext *context, TlsState state)
TLS state change callback.
Definition: tls.h:1839
TlsClientAuthMode
Client authentication mode.
Definition: tls.h:932
TlsKeyExchMethod
Key exchange methods.
Definition: tls.h:1092
@ TLS_EXT_SUPPORTED_GROUPS
Definition: tls.h:1217
bool_t fallbackScsvEnabled
Support for FALLBACK_SCSV.
Definition: tls.h:2346
error_t tlsSetSupportedGroups(TlsContext *context, const uint16_t *groups, uint_t length)
Specify the list of allowed ECDHE and FFDHE groups.
Definition: tls.c:622
error_t tlsAddCertificate(TlsContext *context, const char_t *certChain, size_t certChainLen, const char_t *privateKey, size_t privateKeyLen)
Add a certificate and the corresponding private key (deprecated)
Definition: tls.c:1185
@ TLS_EXT_HEARTBEAT
Definition: tls.h:1222
@ TLS_FLAG_WAIT_ALL
Definition: tls.h:957
#define TLS_PREMASTER_SECRET_SIZE
Definition: tls.h:775
@ TLS_GROUP_NONE
Definition: tls.h:1292
@ TLS_GROUP_GC512B
Definition: tls.h:1331
void TlsCertificateVerify
CertificateVerify message.
Definition: tls.h:1762
uint8_t keyBlock[192]
Key material.
Definition: tls.h:2225
@ TLS_KEY_EXCH_DH_ANON
Definition: tls.h:1099
error_t(* TlsEcdhCallback)(TlsContext *context)
ECDH key agreement callback function.
Definition: tls.h:1912
const CipherAlgo * cipherAlgo
Definition: tls.h:1947
size_t rxBufferPos
Current position in RX buffer.
Definition: tls.h:2199
@ TLS_EXT_RENEGOTIATION_INFO
Definition: tls.h:1259
@ TLS_GROUP_SECT283K1
Definition: tls.h:1301
@ TLS_GROUP_SECT409K1
Definition: tls.h:1303
__start_packed struct @19 TlsPskIdentityHint
PSK identity hint.
@ TLS_GROUP_EXPLICIT_PRIME_CURVE
Definition: tls.h:1340
error_t tlsSetClientAuthMode(TlsContext *context, TlsClientAuthMode mode)
Set client authentication mode (for servers only)
Definition: tls.c:487
@ TLS13_KEY_EXCH_DHE
Definition: tls.h:1112
TlsCertificateFormat certFormat
Certificate format.
Definition: tls.h:2324
@ TLS_HASH_ALGO_INTRINSIC
Definition: tls.h:1171
TlsEncryptionEngine decryptionEngine
Decryption engine.
Definition: tls.h:2213
@ TLS_KEY_EXCH_ECDH_ECDSA
Definition: tls.h:1102
const char_t * tlsGetAlpnProtocol(TlsContext *context)
Get the name of the selected ALPN protocol.
Definition: tls.c:912
@ TLS_EXT_ENCRYPT_THEN_MAC
Definition: tls.h:1229
@ TLS_GROUP_FFDHE4096
Definition: tls.h:1336
RSA public key.
Definition: rsa.h:50
@ TLS_TYPE_APPLICATION_DATA
Definition: tls.h:981
@ TLS_TYPE_CLIENT_HELLO
Definition: tls.h:995
uint8_t fixedIvLen
Definition: tls.h:1953
@ TLS_CERT_GOST_SIGN256
Definition: tls.h:1150
@ TLS_STATE_SERVER_FINISHED
Definition: tls.h:1400
@ TLS_EXT_KEY_SHARE
Definition: tls.h:1251
uint16_t identifier
Definition: tls.h:1944
__start_packed struct @8 TlsExtensionList
List of TLS extensions.
error_t tlsEnableReplayDetection(TlsContext *context, bool_t enabled)
Enable anti-replay mechanism (for DTLS only)
Definition: tls.c:1600
@ TLS_GROUP_SECT163K1
Definition: tls.h:1293
__start_packed struct @0 TlsSequenceNumber
Sequence number.
error_t tlsSetBufferSize(TlsContext *context, size_t txBufferSize, size_t rxBufferSize)
Set TLS buffer size.
Definition: tls.c:509
@ TLS_EC_CURVE_TYPE_EXPLICIT_PRIME
Definition: tls.h:1363
@ TLS_ALERT_UNSUPPORTED_CERTIFICATE
Definition: tls.h:1047
size_t serverVerifyDataLen
Length of the server verify data.
Definition: tls.h:2210
error_t tlsSetServerName(TlsContext *context, const char_t *serverName)
Set the server name.
Definition: tls.c:393
@ TLS_TYPE_REQUEST_CONNECTION_ID
Definition: tls.h:1002
uint16_t epoch
Counter value incremented on every cipher state change.
Definition: tls.h:2098
bool_t fatalAlertReceived
A fatal alert message has been received from the peer.
Definition: tls.h:2181
@ TLS_TYPE_ALERT
Definition: tls.h:979
error_t tlsSetCookieCallbacks(TlsContext *context, DtlsCookieGenerateCallback cookieGenerateCallback, DtlsCookieVerifyCallback cookieVerifyCallback, void *param)
Set cookie generation/verification callbacks (for DTLS only)
Definition: tls.c:1564
@ TLS_STATE_EARLY_DATA
Definition: tls.h:1378
size_t txBufferPos
Current position in TX buffer.
Definition: tls.h:2190
@ TLS_TYPE_SERVER_HELLO
Definition: tls.h:996
@ TLS_HASH_ALGO_SHA384
Definition: tls.h:1169
TlsClientAuthMode clientAuthMode
Client authentication mode.
Definition: tls.h:2176
uint32_t ticketLifetime
Lifetime of the ticket.
Definition: tls.h:1815
@ TLS_CERT_RSA_PSS_SIGN
Definition: tls.h:1152
uint8_t ticketPsk[TLS_MAX_HKDF_DIGEST_SIZE]
PSK associated with the ticket.
Definition: tls.h:2254
@ TLS_GROUP_GC256C
Definition: tls.h:1328
error_t tlsSetPrng(TlsContext *context, const PrngAlgo *prngAlgo, void *prngContext)
Set the pseudo-random number generator to be used.
Definition: tls.c:365
const char_t * tlsGetServerName(TlsContext *context)
Get the server name.
Definition: tls.c:441
@ TLS_TYPE_ENCRYPTED_EXTENSIONS
Definition: tls.h:1001
@ TLS_GROUP_SECT233K1
Definition: tls.h:1298
TlsSequenceNumber earlyDataSeqNum
Early data sequence number.
Definition: tls.h:2267
@ TLS_MAX_FRAGMENT_LENGTH_2048
Definition: tls.h:1281
error_t tlsSetPmtu(TlsContext *context, size_t pmtu)
Set PMTU value (for DTLS only)
Definition: tls.c:1506
@ TLS_CERT_DSS_EPHEMERAL_DH
Definition: tls.h:1145
size_t ticketLen
Length of the session ticket.
Definition: tls.h:2165
@ TLS_GROUP_SECP384R1
Definition: tls.h:1316
General definitions for cryptographic algorithms.
@ TLS_GROUP_SECP192K1
Definition: tls.h:1310
__start_packed struct @4 TlsSignHashAlgos
List of signature algorithms.
uint8_t exporterMasterSecret[TLS_MAX_HKDF_DIGEST_SIZE]
Definition: tls.h:2249
RSA public-key cryptography standard.
size_t rxBufferMaxLen
Maximum number of plaintext data the RX buffer can hold.
Definition: tls.h:2196
uint16_t clientVersion
Latest version supported by the client.
Definition: tls.h:2156
@ TLS_FLAG_WAIT_ACK
Definition: tls.h:960
__start_packed struct _Ipv4Header __end_packed
@ TLS_ALERT_UNRECOGNIZED_NAME
Definition: tls.h:1067
uint16_t serverVersion
Definition: tls.h:1712
@ TLS_EXT_COOKIE
Definition: tls.h:1245
error_t tlsSaveSessionState(const TlsContext *context, TlsSessionState *session)
Save TLS session.
Definition: tls.c:2576
@ TLS_STATE_CLIENT_CERTIFICATE_VERIFY
Definition: tls.h:1393
@ TLS_TYPE_CERTIFICATE_VERIFY
Definition: tls.h:1008
@ TLS_STATE_SERVER_CHANGE_CIPHER_SPEC
Definition: tls.h:1398
EcdhContext ecdhContext
ECDH context.
Definition: tls.h:2275
const TlsRenegoInfo * renegoInfo
RenegotiationInfo extension.
Definition: tls.h:2056
@ TLS_EXT_CLIENT_CERTIFICATE_URL
Definition: tls.h:1209
@ TLS_ALERT_MISSING_EXTENSION
Definition: tls.h:1064
#define TLS_MAX_CERTIFICATES
Definition: tls.h:257
EcDomainParameters peerEcParams
Peer's EC domain parameters.
Definition: tls.h:2288
DsaPublicKey peerDsaPublicKey
Peer's DSA public key.
Definition: tls.h:2284
size_t recordSizeLimit
Maximum size of record in octets.
Definition: tls.h:2102
uint8_t recordIvLen
Definition: tls.h:1954
uint8_t b[8]
Definition: tls.h:1423
@ TLS_SIGN_ALGO_ED25519
Definition: tls.h:1188
MD5 algorithm context.
Definition: md5.h:64
DSA (Digital Signature Algorithm)
@ TLS_GROUP_SECT283R1
Definition: tls.h:1302
uint_t numCipherSuites
Number of cipher suites in the list.
Definition: tls.h:2131
__start_packed struct @28 TlsChangeCipherSpec
ChangeCipherSpec message.
@ TLS_STATE_SERVER_HELLO_3
Definition: tls.h:1383
@ TLS_HASH_ALGO_SHA256
Definition: tls.h:1168
TlsExtensionType
TLS extension types.
Definition: tls.h:1206
@ TLS_ALERT_USER_CANCELED
Definition: tls.h:1062
@ TLS_CERT_ED448_SIGN
Definition: tls.h:1154
__start_packed struct @5 TlsCertificateList
List of certificates.
__start_packed struct @6 TlsCertAuthorities
List of certificate authorities.
systime_t ticketTimestamp
Timestamp to manage ticket lifetime.
Definition: tls.h:2166
@ TLS_EXT_CERTIFICATE_AUTHORITIES
Definition: tls.h:1247
@ TLS_STATE_END_OF_EARLY_DATA
Definition: tls.h:1401
@ TLS_FLAG_NO_DELAY
Definition: tls.h:961
error_t tlsSetEcdhCallback(TlsContext *context, TlsEcdhCallback ecdhCallback)
Register ECDH key agreement callback function.
Definition: tls.c:705
bool_t pskKeModeSupported
PSK key establishment supported by the client.
Definition: tls.h:2241
@ TLS_EXT_TICKET_REQUEST
Definition: tls.h:1257
@ TLS_EC_CURVE_TYPE_EXPLICIT_CHAR2
Definition: tls.h:1364
@ TLS_CERT_RSA_SIGN
Definition: tls.h:1140
uint8_t certificateTypesLen
Definition: tls.h:1739
__start_packed struct @5 Tls13PskIdentityList
List of PSK identities.
@ TLS_EC_POINT_FORMAT_UNCOMPRESSED
Definition: tls.h:1351
@ TLS_EXT_DNSSEC_CHAIN
Definition: tls.h:1258
@ TLS_KEY_EXCH_SRP_SHA
Definition: tls.h:1109
error_t tlsSetTicketCallbacks(TlsContext *context, TlsTicketEncryptCallback ticketEncryptCallback, TlsTicketDecryptCallback ticketDecryptCallback, void *param)
Set ticket encryption/decryption callbacks.
Definition: tls.c:1474
@ TLS_GROUP_SECT409R1
Definition: tls.h:1304
@ TLS_FLAG_BREAK_CRLF
Definition: tls.h:959
uint_t numCerts
Number of certificates available.
Definition: tls.h:2145
@ TLS_GROUP_BRAINPOOLP512R1
Definition: tls.h:1320
TlsSocketReceiveCallback socketReceiveCallback
Socket receive callback function.
Definition: tls.h:2125
@ TLS_GROUP_FFDHE2048
Definition: tls.h:1334
error_t tlsWrite(TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
Send application data to the remote host using TLS.
Definition: tls.c:1811
@ TLS_STATE_CLIENT_APP_TRAFFIC_KEYS
Definition: tls.h:1397
bool_t sessionTicketEnabled
Session ticket mechanism enabled.
Definition: tls.h:2332
const TlsExtension * extendedMasterSecret
ExtendedMasterSecret extension.
Definition: tls.h:2050
@ TLS_CLIENT_AUTH_NONE
Definition: tls.h:933
@ TLS_TYPE_HELLO_VERIFY_REQUEST
Definition: tls.h:997
@ TLS_GROUP_SECP160K1
Definition: tls.h:1307
__start_packed struct @11 TlsServerNameList
List of server names.
@ TLS_TYPE_CLIENT_KEY_EXCHANGE
Definition: tls.h:1009
@ TLS_KEY_EXCH_DHE_PSK
Definition: tls.h:1107
uint_t keyUpdateCount
Count of consecutive KeyUpdate messages.
Definition: tls.h:2366
@ TLS_STATE_NEW_SESSION_TICKET
Definition: tls.h:1403
bool_t resume
The connection is established by resuming a session.
Definition: tls.h:2179
uint32_t ticketAgeAdd
Random value used to obscure the age of the ticket.
Definition: tls.h:1980
CipherMode
Cipher operation modes.
Definition: crypto.h:885
@ TLS_FLAG_DELAY
Definition: tls.h:962
systime_t ticketTimestamp
Timestamp to manage ticket lifetime.
Definition: tls.h:1814
__start_packed struct @22 TlsRecord
TLS record.
@ TLS_EXT_TRANSPARENCY_INFO
Definition: tls.h:1252
@ TLS_EXT_STATUS_REQUEST_V2
Definition: tls.h:1224
size_t txBufferMaxLen
Maximum number of plaintext data the TX buffer can hold.
Definition: tls.h:2187
TlsMaxFragmentLength
Maximum fragment length.
Definition: tls.h:1278
__start_packed struct @21 Tls12DigitalSignature
Digitally-signed element (TLS 1.2)
@ TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC
Definition: tls.h:1394
@ TLS_ALERT_TOO_MANY_CIDS_REQUESTED
Definition: tls.h:1056
@ TLS_EXT_EC_POINT_FORMATS
Definition: tls.h:1218
TlsCompressMethod
Compression methods.
Definition: tls.h:1081
void * ticketParam
Opaque pointer passed to the ticket callbacks.
Definition: tls.h:2337
@ TLS_EXT_TLS_CERT_WITH_EXTERN_PSK
Definition: tls.h:1239
@ TLS_SIGN_ALGO_GOSTR34102012_512
Definition: tls.h:1197
@ TLS_GROUP_SECP521R1
Definition: tls.h:1317
@ TLS_GROUP_SECP192R1
Definition: tls.h:1311
@ TLS_CERT_GOST_SIGN512
Definition: tls.h:1151
@ TLS_EXT_ALPN
Definition: tls.h:1223
@ TLS_GROUP_FFDHE3072
Definition: tls.h:1335
@ TLS_ALERT_PROTOCOL_VERSION
Definition: tls.h:1058
Hello extensions.
Definition: tls.h:2026
@ TLS_GROUP_SECP160R1
Definition: tls.h:1308
@ TLS_ALERT_DECRYPTION_FAILED
Definition: tls.h:1041
TlsCertificateType
Certificate types.
Definition: tls.h:1138
TlsCertDesc * cert
Pointer to the currently selected certificate.
Definition: tls.h:2150
size_t encKeyLen
Length of the encryption key.
Definition: tls.h:2083
TlsEncryptionEngine encryptionEngine
Encryption engine.
Definition: tls.h:2212
#define TLS_MASTER_SECRET_SIZE
Definition: tls.h:768
size_t privateKeyLen
Length of the private key.
Definition: tls.h:2012
@ TLS_GROUP_BRAINPOOLP384R1_TLS13
Definition: tls.h:1324
@ TLS_HASH_ALGO_MD5
Definition: tls.h:1165
Certificate descriptor.
Definition: tls.h:2008
__start_packed struct @13 TlsProtocolNameList
List of protocol names.
uint8_t secret[TLS_MASTER_SECRET_SIZE]
Master secret.
Definition: tls.h:1813
uint_t size
Maximum number of entries.
Definition: tls.h:1998
TlsHashAlgo pskHashAlgo
Hash algorithm associated with the PSK.
Definition: tls.h:2299
const TlsSignHashAlgos * certSignAlgoList
SignatureAlgorithmsCert extension.
Definition: tls.h:2033
@ TLS_STATE_HANDSHAKE_TRAFFIC_KEYS
Definition: tls.h:1384
@ TLS_KEY_EXCH_RSA_PSK
Definition: tls.h:1106
@ TLS_FLAG_BREAK_CHAR
Definition: tls.h:958
Mutex object.
__start_packed struct @1 Tls13KeyShareEntry
Key share entry.
@ TLS_EXT_USER_MAPPING
Definition: tls.h:1213
Sha1Context * transcriptSha1Context
SHA-1 context used to compute verify data.
Definition: tls.h:2227
__start_packed struct @0 DtlsSequenceNumber
Sequence number.
char_t * serverName
ServerName extension.
Definition: tls.h:1986
error_t tlsSetConnectionEnd(TlsContext *context, TlsConnectionEnd entity)
Set operation mode (client or server)
Definition: tls.c:339
uint8_t hash
Definition: tls.h:1455
uint32_t systime_t
System time.
@ TLS_CLIENT_AUTH_OPTIONAL
Definition: tls.h:934
uint16_t type
Definition: tls.h:1499
error_t tlsSetMaxEarlyDataSize(TlsContext *context, size_t maxEarlyDataSize)
Send the maximum amount of 0-RTT data the server can accept.
Definition: tls.c:1628
__start_packed struct @0 Tls13Cookie
Cookie.
EC public key.
Definition: ec.h:94
size_t ticketPskLen
Length of the PSK associated with the ticket.
Definition: tls.h:2255
@ TLS_TYPE_SERVER_KEY_EXCHANGE
Definition: tls.h:1005
@ TLS_GROUP_GC512C
Definition: tls.h:1332
DtlsCookieGenerateCallback cookieGenerateCallback
Cookie generation callback function.
Definition: tls.h:2374
TlsPskCallback pskCallback
PSK callback function.
Definition: tls.h:2297
@ TLS_EC_CURVE_TYPE_NAMED_CURVE
Definition: tls.h:1365
uint16_t group
Definition: tls13_misc.h:213
uint8_t flags
Definition: tcp.h:349
@ TLS_TYPE_NONE
Definition: tls.h:977
uint32_t maxEarlyDataSize
Maximum amount of 0-RTT data that the client is allowed to send.
Definition: tls.h:1983
const TlsExtension * selectedIdentity
PreSharedKey extension (ServerHello)
Definition: tls.h:2067
@ TLS_TYPE_EKT_KEY
Definition: tls.h:1016
uint16_t namedGroup
ECDHE or FFDHE named group.
Definition: tls.h:2173
error_t(* TlsEcdsaSignCallback)(TlsContext *context, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
ECDSA signature generation callback function.
Definition: tls.h:1919
TlsSignatureAlgo signAlgo
Signature algorithm used to sign the end entity certificate.
Definition: tls.h:2015
const uint16_t * cipherSuites
List of supported cipher suites.
Definition: tls.h:2130
char char_t
Definition: compiler_port.h:48
uint16_t ticketCipherSuite
Cipher suite associated with the ticket.
Definition: tls.h:2258
uint16_t txMsgSeq
Send sequence number.
Definition: tls.h:2382
@ TLS_GROUP_SECP224R1
Definition: tls.h:1313
uint8_t iv[16]
Initialization vector.
Definition: tls.h:2084
GCM context.
Definition: gcm.h:64
uint8_t ticket[]
Definition: tls.h:1773
@ TLS_KEY_EXCH_NONE
Definition: tls.h:1093
TlsNameType
Name type.
Definition: tls.h:1268
const TlsExtension * clientCertType
Definition: tls.h:2045
__start_packed struct @18 TlsPskIdentity
PSK identity.
@ TLS13_KEY_EXCH_PSK_ECDHE
Definition: tls.h:1116
@ TLS_STATE_CLIENT_HELLO_2
Definition: tls.h:1377
@ TLS_ALERT_BAD_CERTIFICATE
Definition: tls.h:1046
__start_packed struct @10 TlsServerName
Server name.
bool_t replayDetectionEnabled
Anti-replay mechanism enabled.
Definition: tls.h:2395
const HashAlgo * hashAlgo
Definition: tls.h:1949
TlsContentType
Content type.
Definition: tls.h:976
@ TLS_STATE_CLOSING
Definition: tls.h:1406
@ TLS_STATE_SERVER_CERTIFICATE_VERIFY
Definition: tls.h:1388
size_t rxBufferLen
Number of bytes available for reading.
Definition: tls.h:2198
@ TLS_EXT_EXTERNAL_SESSION_ID
Definition: tls.h:1255
@ TLS_ALERT_INAPPROPRIATE_FALLBACK
Definition: tls.h:1061
@ TLS_EARLY_DATA_ACCEPTED
Definition: tls.h:946
error_t tlsSetRpkVerifyCallback(TlsContext *context, TlsRpkVerifyCallback rpkVerifyCallback)
Register the raw public key verification callback function.
Definition: tls.c:1125
uint8_t macKey[48]
MAC key.
Definition: tls.h:2080
void TlsClientKeyExchange
ClientKeyExchange message.
Definition: tls.h:1755
@ TLS_STATE_SERVER_CERTIFICATE
Definition: tls.h:1386
TlsEcCurveType
EC curve types.
Definition: tls.h:1362
@ TLS_CLIENT_AUTH_REQUIRED
Definition: tls.h:935
@ TLS_EXT_PADDING
Definition: tls.h:1228
@ TLS_ALERT_LEVEL_FATAL
Definition: tls.h:1028
TLS session state.
Definition: tls.h:1965
error_t tlsInitSessionState(TlsSessionState *session)
Initialize session state.
Definition: tls.c:2555
size_t rxFragQueueLen
Length of the reassembly queue.
Definition: tls.h:2386
@ TLS_GROUP_SECT193R2
Definition: tls.h:1297
uint16_t versionMax
Maximum version accepted by the implementation.
Definition: tls.h:2159
uint32_t replayWindow[(DTLS_REPLAY_WINDOW_SIZE+31)/32]
Definition: tls.h:2396
@ TLS_STATE_CLIENT_KEY_EXCHANGE
Definition: tls.h:1392
const CipherAlgo * cipherAlgo
Cipher algorithm.
Definition: tls.h:2088
__start_packed struct @16 TlsCertTypeList
List of supported certificate types.
uint8_t verifyDataLen
Definition: tls.h:1956
error_t tlsSetCipherSuites(TlsContext *context, const uint16_t *cipherSuites, uint_t length)
Specify the list of allowed cipher suites.
Definition: tls.c:593
TlsTransportProtocol
TLS transport protocols.
Definition: tls.h:910
error_t(* DtlsCookieVerifyCallback)(TlsContext *context, const DtlsClientParameters *clientParams, const uint8_t *cookie, size_t length, void *param)
DTLS cookie verification callback function.
Definition: dtls_misc.h:245
@ TLS_TYPE_FINISHED
Definition: tls.h:1010
void TlsHelloRequest
HelloRequest message.
Definition: tls.h:1690
@ TLS_GROUP_SECT193R1
Definition: tls.h:1296
@ TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA512
Definition: tls.h:1187
bool_t serverCertTypeExtReceived
The ServerCertType extension has been received.
Definition: tls.h:2328
@ TLS_STATE_CLIENT_CERTIFICATE
Definition: tls.h:1391
TlsCertVerifyCallback certVerifyCallback
Certificate verification callback function.
Definition: tls.h:2148
void * certVerifyParam
Opaque pointer passed to the certificate verification callback.
Definition: tls.h:2149
@ TLS_SIGN_ALGO_RSA_PSS_PSS_SHA256
Definition: tls.h:1190
error_t tlsWriteEarlyData(TlsContext *context, const void *data, size_t length, size_t *written, uint_t flags)
Send early data to the remote TLS server.
Definition: tls.c:1657
uint8_t msgType
Definition: tls.h:1680
@ TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC_2
Definition: tls.h:1395
TlsHashAlgo ticketHashAlgo
Hash algorithm associated with the ticket.
Definition: tls.h:1981
uint_t alertCount
Count of consecutive warning alerts.
Definition: tls.h:2354
error_t tlsSetDhParameters(TlsContext *context, const char_t *params, size_t length)
Import Diffie-Hellman parameters.
Definition: tls.c:677
@ TLS_ALERT_CERTIFICATE_EXPIRED
Definition: tls.h:1049
@ TLS_STATE_ENCRYPTED_EXTENSIONS
Definition: tls.h:1385
@ TLS_EXT_SERVER_CERT_TYPE
Definition: tls.h:1227
@ TLS_KEY_EXCH_PSK
Definition: tls.h:1105
@ TLS_STATE_INIT
Definition: tls.h:1375
uint8_t * certRequestContext
Certificate request context.
Definition: tls.h:2238
@ TLS_EXT_PASSWORD_SALT
Definition: tls.h:1237
@ TLS_KEY_EXCH_ECDHE_PSK
Definition: tls.h:1108
@ TLS_NAME_TYPE_HOSTNAME
Definition: tls.h:1269
TlsSocketSendCallback socketSendCallback
Socket send callback function.
Definition: tls.h:2124
@ TLS_ALERT_NO_APPLICATION_PROTOCOL
Definition: tls.h:1072
uint8_t sessionId[]
Definition: tls.h:1702
const PrngAlgo * prngAlgo
Pseudo-random number generator to be used.
Definition: tls.h:2127
@ TLS_CERT_RSA_FIXED_ECDH
Definition: tls.h:1148
#define TLS_MAX_HKDF_DIGEST_SIZE
Definition: tls.h:880
@ TLS_TYPE_HEARTBEAT
Definition: tls.h:982
systime_t clientHelloTimestamp
Time at which the ClientHello message was sent.
Definition: tls.h:2236
TlsSignatureAlgo
Signature algorithms.
Definition: tls.h:1180
uint8_t serverRandom[TLS_RANDOM_SIZE]
Server random value.
Definition: tls.h:2204
size_t certRequestContextLen
Length of the certificate request context.
Definition: tls.h:2239
__start_packed struct @7 TlsExtension
TLS extension.
@ TLS_EXT_SRP
Definition: tls.h:1219
error_t tlsSetEcdsaVerifyCallback(TlsContext *context, TlsEcdsaVerifyCallback ecdsaVerifyCallback)
Register ECDSA signature verification callback function.
Definition: tls.c:758
@ TLS_CONNECTION_END_CLIENT
Definition: tls.h:922
char_t * pskIdentityHint
PSK identity hint.
Definition: tls.h:2296
TlsCipherSuiteInfo cipherSuite
Negotiated cipher suite.
Definition: tls.h:2169
bool_t tlsIsRxReady(TlsContext *context)
Check whether some data is available in the receive buffer.
Definition: tls.c:2215
uint8_t clientAppTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
Definition: tls.h:2247
@ TLS_MAX_FRAGMENT_LENGTH_1024
Definition: tls.h:1280
TlsAlertLevel
Alert level.
Definition: tls.h:1026
@ TLS_EXT_CACHED_INFO
Definition: tls.h:1232
uint_t changeCipherSpecCount
Count of consecutive ChangeCipherSpec messages.
Definition: tls.h:2362
Common interface for encryption algorithms.
Definition: crypto.h:980
__start_packed struct @15 TlsEcPointFormatList
List of supported EC point formats.
@ TLS_TYPE_CERTIFICATE_REQUEST
Definition: tls.h:1006
uint8_t encKeyLen
Definition: tls.h:1952
@ TLS_EXT_PRE_SHARED_KEY
Definition: tls.h:1242
@ TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_PRIME
Definition: tls.h:1352
void tlsFree(TlsContext *context)
Release TLS context.
Definition: tls.c:2420
@ TLS_GROUP_SECT571R1
Definition: tls.h:1306
error_t tlsRead(TlsContext *context, void *data, size_t size, size_t *received, uint_t flags)
Receive application data from a the remote host using TLS.
Definition: tls.c:1946
@ TLS_GROUP_FFDHE_MAX
Definition: tls.h:1339
TlsCache * cache
TLS session cache.
Definition: tls.h:2152
TlsState state
TLS handshake finite state machine.
Definition: tls.h:2117
TlsContentType rxBufferType
Type of data that resides in the RX buffer.
Definition: tls.h:2197
char_t * serverName
Fully qualified DNS hostname of the server.
Definition: tls.h:2136
@ TLS_SIGN_ALGO_RSA
Definition: tls.h:1182
size_t rxRecordPos
Current position in the TLS record.
Definition: tls.h:2201
char_t hostname[]
Definition: tls.h:1535
@ TLS_TYPE_TLS12_CID
Definition: tls.h:983
error_t tlsSetPskIdentity(TlsContext *context, const char_t *pskIdentity)
Set the PSK identity to be used by the client.
Definition: tls.c:1001
uint16_t version
TLS protocol version.
Definition: tls.h:1966
@ TLS_TYPE_SUPPLEMENTAL_DATA
Definition: tls.h:1013
bool_t sessionTicketExtSent
The SessionTicket extension has been sent.
Definition: tls.h:2334
SHA-1 algorithm context.
Definition: sha1.h:64
@ TLS_CERT_ECDSA_SIGN
Definition: tls.h:1147
@ TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE
Definition: tls.h:1068
const TlsExtension * recordSizeLimit
RecordSizeLimit extension.
Definition: tls.h:2038
systime_t startTime
Definition: tls.h:2372
@ TLS_KEY_EXCH_DHE_DSS
Definition: tls.h:1098
bool_t clientCertRequested
This flag tells whether the client certificate is requested.
Definition: tls.h:2177
@ TLS_TRANSPORT_PROTOCOL_STREAM
Definition: tls.h:911
uint16_t version
Negotiated TLS version.
Definition: tls.h:2079
uint8_t mode
Definition: ntp_common.h:149
uint_t newSessionTicketCount
Number of NewSessionTicket messages that have been sent.
Definition: tls.h:2252
error_t tlsSetTransportProtocol(TlsContext *context, TlsTransportProtocol transportProtocol)
Set the transport protocol to be used.
Definition: tls.c:310
uint8_t random[32]
Definition: tls.h:1700
TlsEcdhCallback ecdhCallback
Definition: tls.h:2139
bool_t earlyDataEnabled
EarlyData is enabled.
Definition: tls.h:2264
const char_t * certChain
End entity certificate chain (PEM format)
Definition: tls.h:2009
bool_t recordSizeLimitExtReceived
The RecordSizeLimit extension has been received.
Definition: tls.h:2309
RsaPublicKey peerRsaPublicKey
Peer's RSA public key.
Definition: tls.h:2280
bool_t unknownProtocolsAllowed
Unknown ALPN protocols allowed.
Definition: tls.h:2313
@ TLS_EXT_SIGNATURE_ALGORITHMS
Definition: tls.h:1220
uint32_t ticketLifetime
Lifetime of the ticket.
Definition: tls.h:1979
Common interface for hash algorithms.
Definition: crypto.h:958
@ TLS_CERT_NONE
Definition: tls.h:1139
char_t * selectedProtocol
Selected ALPN protocol.
Definition: tls.h:2315
error_t(* TlsPskCallback)(TlsContext *context, const uint8_t *pskIdentity, size_t pskIdentityLen)
Pre-shared key callback function.
Definition: tls.h:1870
const TlsServerNameList * serverNameList
ServerName extension.
Definition: tls.h:2029
TlsEarlyDataStatus tlsGetEarlyDataStatus(TlsContext *context)
Check whether the server has accepted or rejected the early data.
Definition: tls.c:1768
@ TLS_GROUP_GC256A
Definition: tls.h:1326
size_t trustedCaListLen
Total length of the trusted CA list.
Definition: tls.h:2147
systime_t retransmitTimestamp
Time at which the datagram was sent.
Definition: tls.h:2379
const TlsExtension * selectedVersion
SupportedVersions extension (ServerHello)
Definition: tls.h:2028
@ TLS_EXT_POST_HANDSHAKE_AUTH
Definition: tls.h:1249
TlsSequenceNumber seqNum
TLS sequence number.
Definition: tls.h:2096
error_t tlsLoadCertificate(TlsContext *context, uint_t index, const char_t *certChain, size_t certChainLen, const char_t *privateKey, size_t privateKeyLen, const char_t *password)
Load entity's certificate.
Definition: tls.c:1229
uint8_t clientEarlyTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
Definition: tls.h:2244
@ TLS_STATE_SERVER_CHANGE_CIPHER_SPEC_2
Definition: tls.h:1399
@ TLS_GROUP_SECT233R1
Definition: tls.h:1299
void * cipherContext
Cipher context.
Definition: tls.h:2089
@ TLS_TYPE_NEW_SESSION_TICKET
Definition: tls.h:998
TlsEcdsaSignCallback ecdsaSignCallback
Definition: tls.h:2140
TlsNamedGroup
Named groups.
Definition: tls.h:1291
@ TLS_TYPE_HELLO_REQUEST
Definition: tls.h:994
bool_t earlyDataRejected
The 0-RTT data have been rejected by the server.
Definition: tls.h:2265
uint16_t ticketLen
Definition: tls.h:1772
const char_t * privateKey
Private key (PEM format)
Definition: tls.h:2011
error_t tlsSetPskIdentityHint(TlsContext *context, const char_t *pskIdentityHint)
Set the PSK identity hint to be used by the server.
Definition: tls.c:1050
@ TLS_EXT_STATUS_REQUEST
Definition: tls.h:1212
void(* TlsKeyLogCallback)(TlsContext *context, const char_t *key)
Key logging callback function (for debugging purpose only)
Definition: tls.h:1935
__start_packed struct @12 TlsProtocolName
Protocol name.
size_t macKeyLen
Length of the MAC key.
Definition: tls.h:2081
__start_packed struct @17 TlsRenegoInfo
Renegotiated connection.
@ TLS_TYPE_HELLO_RETRY_REQUEST
Definition: tls.h:1000
bool_t updatedClientHelloReceived
An updated ClientHello message has been received.
Definition: tls.h:2237
error_t(* TlsCertVerifyCallback)(TlsContext *context, const X509CertificateInfo *certInfo, uint_t pathLen, void *param)
Certificate verification callback function.
Definition: tls.h:1878
bool_t tlsIsTxReady(TlsContext *context)
Check whether some data is ready for transmission.
Definition: tls.c:2182
unsigned int uint_t
Definition: compiler_port.h:50
GcmContext * gcmContext
GCM context.
Definition: tls.h:2094
error_t tlsSetPreferredGroup(TlsContext *context, uint16_t group)
Specify the preferred ECDHE or FFDHE group.
Definition: tls.c:649
TlsFlags
Flags used by read and write functions.
Definition: tls.h:955
@ TLS_GROUP_SECT163R1
Definition: tls.h:1294
TlsHashAlgo signHashAlgo
Hash algorithm used for signing.
Definition: tls.h:2172
@ TLS_ALERT_CERTIFICATE_REVOKED
Definition: tls.h:1048
error_t tlsEnableSecureRenegotiation(TlsContext *context, bool_t enabled)
Enable secure renegotiation.
Definition: tls.c:1420
size_t txBufferLen
Number of bytes that are pending to be sent.
Definition: tls.h:2189
uint_t retransmitCount
Retransmission counter.
Definition: tls.h:2378
uint16_t rxRecordVersion
Version of the incoming record.
Definition: tls.h:2389
@ TLS_GROUP_ECDH_X448
Definition: tls.h:1322
@ TLS_STATE_SERVER_HELLO_DONE
Definition: tls.h:1390
__start_packed struct @26 TlsCertificateRequest
CertificateRequest message.
size_t recordIvLen
Length of the IV.
Definition: tls.h:2086
@ TLS_STATE_SERVER_HELLO_2
Definition: tls.h:1382
@ TLS_EXT_USE_SRTP
Definition: tls.h:1221
@ TLS_ALERT_HANDSHAKE_FAILURE
Definition: tls.h:1044
@ TLS_STATE_CLIENT_FINISHED
Definition: tls.h:1396
__start_packed struct @30 TlsPlaintextSessionState
Session state information.
int_t selectedIdentity
Selected PSK identity.
Definition: tls.h:2240
TlsSignHashAlgo algorithm
Definition: tls.h:1655
@ TLS_SIGN_ALGO_ECDSA_BRAINPOOLP384R1_TLS13_SHA384
Definition: tls.h:1194
uint8_t macKeyLen
Definition: tls.h:1951
@ TLS_CERT_DSS_FIXED_DH
Definition: tls.h:1143
DtlsCookieVerifyCallback cookieVerifyCallback
Cookie verification callback function.
Definition: tls.h:2375
Legacy definitions.
@ TLS_ALERT_INTERNAL_ERROR
Definition: tls.h:1060
@ TLS_CERT_RSA_FIXED_DH
Definition: tls.h:1142
__start_packed struct @20 TlsDigitalSignature
Digitally-signed element (TLS 1.0 and TLS 1.1)
const uint16_t * supportedGroups
List of supported named groups.
Definition: tls.h:2133
error_t tlsEnableFallbackScsv(TlsContext *context, bool_t enabled)
Perform fallback retry (for clients only)
Definition: tls.c:1446
@ TLS_SIGN_ALGO_ECDSA_BRAINPOOLP256R1_TLS13_SHA256
Definition: tls.h:1193
@ TLS_TYPE_KEY_UPDATE
Definition: tls.h:1014
@ TLS_SIGN_ALGO_ECDSA
Definition: tls.h:1184
TlsCertDesc certs[TLS_MAX_CERTIFICATES]
End entity certificates (PEM format)
Definition: tls.h:2144
error_t(* TlsTicketDecryptCallback)(TlsContext *context, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen, void *param)
Ticket decryption callback function.
Definition: tls.h:1903
RTOS abstraction layer.
@ TLS_KEY_EXCH_DHE_RSA
Definition: tls.h:1096
__start_packed struct @24 TlsClientHello
ClientHello message.
error_t tlsEnableSessionTickets(TlsContext *context, bool_t enabled)
Enable session ticket mechanism.
Definition: tls.c:1394
#define TlsEncryptionEngine
Definition: tls.h:40
uint16_t pskCipherSuite
Cipher suite associated with the PSK.
Definition: tls.h:2298
bool_t extendedMasterSecret
Extended master secret computation.
Definition: tls.h:1973
error_t tlsSetTrustedCaList(TlsContext *context, const char_t *trustedCaList, size_t length)
Import a trusted CA list.
Definition: tls.c:1153
void TlsServerKeyExchange
ServerKeyExchange message.
Definition: tls.h:1730
@ TLS_SIGN_ALGO_RSA_PSS_RSAE_SHA384
Definition: tls.h:1186
bool_t earlyDataExtReceived
The EarlyData extension has been received.
Definition: tls.h:2266
const HashAlgo * prfHashAlgo
Definition: tls.h:1950
@ TLS_GROUP_FFDHE8192
Definition: tls.h:1338
uint8_t serverAppTrafficSecret[TLS_MAX_HKDF_DIGEST_SIZE]
Definition: tls.h:2248
const TlsSupportedGroupList * supportedGroupList
SupportedGroups extension.
Definition: tls.h:2030
TlsNamedGroup namedCurve
Named curve used to generate the EC public key.
Definition: tls.h:2017
ECDH context.
Definition: ecdh.h:59
systime_t timeout
Timeout for blocking calls.
Definition: tls.h:2371
TlsEcdsaVerifyCallback ecdsaVerifyCallback
Definition: tls.h:2141
const TlsExtension * serverCertType
Definition: tls.h:2047
TlsCertificateType peerCertType
Peer's certificate type.
Definition: tls.h:2175
@ TLS_EXT_RECORD_SIZE_LIMIT
Definition: tls.h:1234
HMAC (Keyed-Hashing for Message Authentication)
error_t tlsSetPskCallback(TlsContext *context, TlsPskCallback pskCallback)
Register PSK callback function.
Definition: tls.c:1099
bool_t sessionTicketExtReceived
The SessionTicket extension has been received.
Definition: tls.h:2333
@ TLS_KEY_EXCH_DH_RSA
Definition: tls.h:1095
@ TLS_CERT_FORMAT_X509
Definition: tls.h:1126
void * TlsSocketHandle
Socket handle.
Definition: tls.h:1832
TlsEarlyDataStatus
Early data status.
Definition: tls.h:944
@ TLS_GROUP_BRAINPOOLP384R1
Definition: tls.h:1319
@ TLS_EXT_SIGNED_CERT_TIMESTAMP
Definition: tls.h:1225
char_t * ticketAlpn
ALPN protocol associated with the ticket.
Definition: tls.h:1982
@ TLS_MAX_FRAGMENT_LENGTH_512
Definition: tls.h:1279
error_t tlsSetKeyLogCallback(TlsContext *context, TlsKeyLogCallback keyLogCallback)
Register key logging callback function (for debugging purpose only)
Definition: tls.c:785
@ TLS_ALERT_CERTIFICATE_UNKNOWN
Definition: tls.h:1050
bool_t emsExtReceived
The ExtendedMasterSecret extension has been received.
Definition: tls.h:2320
void TlsCertificate
Certificate message.
Definition: tls.h:1723
@ TLS_EC_POINT_FORMAT_ANSI_X962_COMPRESSED_CHAR2
Definition: tls.h:1353
const TlsCertAuthorities * certAuthorities
CertificateAuthorities extension.
Definition: tls.h:2060
uint8_t description
Definition: tls.h:1801
const Tls13PskIdentityList * identityList
PreSharedKey extension (ClientHello)
Definition: tls.h:2065
TLS context.
Definition: tls.h:2116
char_t * protocolList
List of supported ALPN protocols.
Definition: tls.h:2314
@ TLS_TYPE_CERTIFICATE_URL
Definition: tls.h:1011
void tlsFreeCache(TlsCache *cache)
Properly dispose a session cache.
Definition: tls_cache.c:320
uint8_t data[]
Definition: tls.h:1670
@ TLS_STATE_CLOSED
Definition: tls.h:1407