Helper functions for TLS server. More...
#include "tls.h"#include "tls_cipher_suites.h"#include "tls_server.h"#include "tls_server_extensions.h"#include "tls_server_misc.h"#include "tls_common.h"#include "tls_extensions.h"#include "tls_certificate.h"#include "tls_sign_generate.h"#include "tls_sign_misc.h"#include "tls_cache.h"#include "tls_ffdhe.h"#include "tls_record.h"#include "tls_misc.h"#include "pkix/pem_key_import.h"#include "debug.h"Go to the source code of this file.
Macros | |
| #define | TRACE_LEVEL TLS_TRACE_LEVEL |
Functions | |
| error_t | tlsFormatPskIdentityHint (TlsContext *context, uint8_t *p, size_t *written) |
| Format PSK identity hint. More... | |
| error_t | tlsFormatServerKeyParams (TlsContext *context, uint8_t *p, size_t *written) |
| Format server's key exchange parameters. More... | |
| error_t | tlsGenerateServerKeySignature (TlsContext *context, TlsDigitalSignature *signature, const uint8_t *params, size_t paramsLen, size_t *written) |
| Sign server's key exchange parameters (TLS 1.0 and TLS 1.1) More... | |
| error_t | tls12GenerateServerKeySignature (TlsContext *context, Tls12DigitalSignature *signature, const uint8_t *params, size_t paramsLen, size_t *written) |
| Sign server's key exchange parameters (TLS 1.2) More... | |
| error_t | tlsCheckSignalingCipherSuiteValues (TlsContext *context, const TlsCipherSuites *cipherSuites) |
| Check whether the ClientHello includes any SCSV cipher suites. More... | |
| error_t | tlsResumeStatefulSession (TlsContext *context, const uint8_t *sessionId, size_t sessionIdLen, const TlsCipherSuites *cipherSuites, const TlsHelloExtensions *extensions) |
| Resume TLS session via session ID. More... | |
| error_t | tlsResumeStatelessSession (TlsContext *context, const uint8_t *sessionId, size_t sessionIdLen, const TlsCipherSuites *cipherSuites, const TlsHelloExtensions *extensions) |
| Resume TLS session via session ticket. More... | |
| error_t | tlsNegotiateVersion (TlsContext *context, uint16_t clientVersion, const TlsSupportedVersionList *supportedVersionList) |
| Version negotiation. More... | |
| error_t | tlsNegotiateCipherSuite (TlsContext *context, const HashAlgo *hashAlgo, const TlsCipherSuites *cipherSuites, TlsHelloExtensions *extensions) |
| Cipher suite negotiation. More... | |
| error_t | tlsSelectGroup (TlsContext *context, const TlsSupportedGroupList *groupList) |
| Select the group to be used when performing (EC)DHE key exchange. More... | |
| error_t | tlsSelectEcdheGroup (TlsContext *context, const TlsSupportedGroupList *groupList) |
| Select the named curve to be used when performing ECDHE key exchange. More... | |
| error_t | tlsSelectCertificate (TlsContext *context, const TlsHelloExtensions *extensions) |
| Certificate selection process. More... | |
| error_t | tlsParseCompressMethods (TlsContext *context, const TlsCompressMethods *compressMethods) |
| Parse the list of compression methods supported by the client. More... | |
| error_t | tlsParsePskIdentity (TlsContext *context, const uint8_t *p, size_t length, size_t *consumed) |
| Parse PSK identity. More... | |
| error_t | tlsParseClientKeyParams (TlsContext *context, const uint8_t *p, size_t length, size_t *consumed) |
| Parse client's key exchange parameters. More... | |
Detailed Description
Helper functions for TLS server.
License
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (C) 2010-2025 Oryx Embedded SARL. All rights reserved.
This file is part of CycloneSSL Open.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- Version
- 2.5.4
Definition in file tls_server_misc.c.
Macro Definition Documentation
◆ TRACE_LEVEL
| #define TRACE_LEVEL TLS_TRACE_LEVEL |
Definition at line 32 of file tls_server_misc.c.
Function Documentation
◆ tls12GenerateServerKeySignature()
| error_t tls12GenerateServerKeySignature | ( | TlsContext * | context, |
| Tls12DigitalSignature * | signature, | ||
| const uint8_t * | params, | ||
| size_t | paramsLen, | ||
| size_t * | written | ||
| ) |
Sign server's key exchange parameters (TLS 1.2)
- Parameters
-
[in] context Pointer to the TLS context [in] signature Output stream where to write the digital signature [in] params Pointer to the server's key exchange parameters [in] paramsLen Length of the server's key exchange parameters [out] written Total number of bytes that have been written
- Returns
- Error code
Definition at line 524 of file tls_server_misc.c.
◆ tlsCheckSignalingCipherSuiteValues()
| error_t tlsCheckSignalingCipherSuiteValues | ( | TlsContext * | context, |
| const TlsCipherSuites * | cipherSuites | ||
| ) |
Check whether the ClientHello includes any SCSV cipher suites.
- Parameters
-
[in] context Pointer to the TLS context [in] cipherSuites List of cipher suites offered by the client
- Returns
- Error code
Definition at line 738 of file tls_server_misc.c.
◆ tlsFormatPskIdentityHint()
| error_t tlsFormatPskIdentityHint | ( | TlsContext * | context, |
| uint8_t * | p, | ||
| size_t * | written | ||
| ) |
Format PSK identity hint.
- Parameters
-
[in] context Pointer to the TLS context [in] p Output stream where to write the PSK identity hint [out] written Total number of bytes that have been written
- Returns
- Error code
Definition at line 64 of file tls_server_misc.c.
◆ tlsFormatServerKeyParams()
| error_t tlsFormatServerKeyParams | ( | TlsContext * | context, |
| uint8_t * | p, | ||
| size_t * | written | ||
| ) |
Format server's key exchange parameters.
- Parameters
-
[in] context Pointer to the TLS context [in] p Output stream where to write the server's key exchange parameters [out] written Total number of bytes that have been written
- Returns
- Error code
Definition at line 109 of file tls_server_misc.c.
◆ tlsGenerateServerKeySignature()
| error_t tlsGenerateServerKeySignature | ( | TlsContext * | context, |
| TlsDigitalSignature * | signature, | ||
| const uint8_t * | params, | ||
| size_t | paramsLen, | ||
| size_t * | written | ||
| ) |
Sign server's key exchange parameters (TLS 1.0 and TLS 1.1)
- Parameters
-
[in] context Pointer to the TLS context [in] signature Output stream where to write the digital signature [in] params Pointer to the server's key exchange parameters [in] paramsLen Length of the server's key exchange parameters [out] written Total number of bytes that have been written
- Returns
- Error code
Definition at line 317 of file tls_server_misc.c.
◆ tlsNegotiateCipherSuite()
| error_t tlsNegotiateCipherSuite | ( | TlsContext * | context, |
| const HashAlgo * | hashAlgo, | ||
| const TlsCipherSuites * | cipherSuites, | ||
| TlsHelloExtensions * | extensions | ||
| ) |
Cipher suite negotiation.
- Parameters
-
[in] context Pointer to the TLS context [in] hashAlgo Desired KDF hash algorithm [in] cipherSuites List of cipher suites offered by the client [in] extensions ClientHello extensions offered by the client
- Returns
- Error code
Definition at line 1309 of file tls_server_misc.c.
◆ tlsNegotiateVersion()
| error_t tlsNegotiateVersion | ( | TlsContext * | context, |
| uint16_t | clientVersion, | ||
| const TlsSupportedVersionList * | supportedVersionList | ||
| ) |
Version negotiation.
- Parameters
-
[in] context Pointer to the TLS context [in] clientVersion Highest version number supported by the client (legacy version) [in] supportedVersionList Pointer to the SupportedVersions extensions
- Returns
- Error code
Definition at line 1210 of file tls_server_misc.c.
◆ tlsParseClientKeyParams()
| error_t tlsParseClientKeyParams | ( | TlsContext * | context, |
| const uint8_t * | p, | ||
| size_t | length, | ||
| size_t * | consumed | ||
| ) |
Parse client's key exchange parameters.
- Parameters
-
[in] context Pointer to the TLS context [in] p Input stream where to read the client's key exchange parameters [in] length Number of bytes available in the input stream [out] consumed Total number of bytes that have been consumed
- Returns
- Error code
Definition at line 1890 of file tls_server_misc.c.
◆ tlsParseCompressMethods()
| error_t tlsParseCompressMethods | ( | TlsContext * | context, |
| const TlsCompressMethods * | compressMethods | ||
| ) |
Parse the list of compression methods supported by the client.
- Parameters
-
[in] context Pointer to the TLS context [in] compressMethods List of compression methods
- Returns
- Error code
Definition at line 1786 of file tls_server_misc.c.
◆ tlsParsePskIdentity()
| error_t tlsParsePskIdentity | ( | TlsContext * | context, |
| const uint8_t * | p, | ||
| size_t | length, | ||
| size_t * | consumed | ||
| ) |
Parse PSK identity.
- Parameters
-
[in] context Pointer to the TLS context [in] p Input stream where to read the PSK identity hint [in] length Number of bytes available in the input stream [out] consumed Total number of bytes that have been consumed
- Returns
- Error code
Definition at line 1839 of file tls_server_misc.c.
◆ tlsResumeStatefulSession()
| error_t tlsResumeStatefulSession | ( | TlsContext * | context, |
| const uint8_t * | sessionId, | ||
| size_t | sessionIdLen, | ||
| const TlsCipherSuites * | cipherSuites, | ||
| const TlsHelloExtensions * | extensions | ||
| ) |
Resume TLS session via session ID.
- Parameters
-
[in] context Pointer to the TLS context [in] sessionId Pointer to the session ID offered by the client [in] sessionIdLen Length of the session ID, in bytes [in] cipherSuites List of cipher suites offered by the client [in] extensions ClientHello extensions offered by the client
- Returns
- Error code
Definition at line 843 of file tls_server_misc.c.
◆ tlsResumeStatelessSession()
| error_t tlsResumeStatelessSession | ( | TlsContext * | context, |
| const uint8_t * | sessionId, | ||
| size_t | sessionIdLen, | ||
| const TlsCipherSuites * | cipherSuites, | ||
| const TlsHelloExtensions * | extensions | ||
| ) |
Resume TLS session via session ticket.
- Parameters
-
[in] context Pointer to the TLS context [in] sessionId Pointer to the session ID offered by the client [in] sessionIdLen Length of the session ID, in bytes [in] cipherSuites List of cipher suites offered by the client [in] extensions ClientHello extensions offered by the client
- Returns
- Error code
Definition at line 1006 of file tls_server_misc.c.
◆ tlsSelectCertificate()
| error_t tlsSelectCertificate | ( | TlsContext * | context, |
| const TlsHelloExtensions * | extensions | ||
| ) |
Certificate selection process.
- Parameters
-
[in] context Pointer to the TLS context [in] extensions ClientHello extensions offered by the client
- Returns
- Error code
Definition at line 1609 of file tls_server_misc.c.
◆ tlsSelectEcdheGroup()
| error_t tlsSelectEcdheGroup | ( | TlsContext * | context, |
| const TlsSupportedGroupList * | groupList | ||
| ) |
Select the named curve to be used when performing ECDHE key exchange.
- Parameters
-
[in] context Pointer to the TLS context [in] groupList List of named groups supported by the peer
- Returns
- Error code
Definition at line 1498 of file tls_server_misc.c.
◆ tlsSelectGroup()
| error_t tlsSelectGroup | ( | TlsContext * | context, |
| const TlsSupportedGroupList * | groupList | ||
| ) |
Select the group to be used when performing (EC)DHE key exchange.
- Parameters
-
[in] context Pointer to the TLS context [in] groupList List of named groups supported by the client
- Returns
- Error code
Definition at line 1444 of file tls_server_misc.c.