Sergey Pastor / 1

Webserver+3d print

Dependents:   Nucleo

cyclone_ssl/tls.h@0:8918a71cdbe9, 2017-02-04 (annotated)

Committer:
Sergunb
Date:
Sat Feb 04 18:15:49 2017 +0000
Revision:
0:8918a71cdbe9
nothing else

Who changed what in which revision?

UserRevisionLine numberNew contents of line
Sergunb 0:8918a71cdbe9 1 /**
Sergunb 0:8918a71cdbe9 2 * @file tls.h
Sergunb 0:8918a71cdbe9 3 * @brief TLS (Transport Layer Security)
Sergunb 0:8918a71cdbe9 4 *
Sergunb 0:8918a71cdbe9 5 * @section License
Sergunb 0:8918a71cdbe9 6 *
Sergunb 0:8918a71cdbe9 7 * Copyright (C) 2010-2017 Oryx Embedded SARL. All rights reserved.
Sergunb 0:8918a71cdbe9 8 *
Sergunb 0:8918a71cdbe9 9 * This file is part of CycloneSSL Open.
Sergunb 0:8918a71cdbe9 10 *
Sergunb 0:8918a71cdbe9 11 * This program is free software; you can redistribute it and/or
Sergunb 0:8918a71cdbe9 12 * modify it under the terms of the GNU General Public License
Sergunb 0:8918a71cdbe9 13 * as published by the Free Software Foundation; either version 2
Sergunb 0:8918a71cdbe9 14 * of the License, or (at your option) any later version.
Sergunb 0:8918a71cdbe9 15 *
Sergunb 0:8918a71cdbe9 16 * This program is distributed in the hope that it will be useful,
Sergunb 0:8918a71cdbe9 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
Sergunb 0:8918a71cdbe9 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Sergunb 0:8918a71cdbe9 19 * GNU General Public License for more details.
Sergunb 0:8918a71cdbe9 20 *
Sergunb 0:8918a71cdbe9 21 * You should have received a copy of the GNU General Public License
Sergunb 0:8918a71cdbe9 22 * along with this program; if not, write to the Free Software Foundation,
Sergunb 0:8918a71cdbe9 23 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Sergunb 0:8918a71cdbe9 24 *
Sergunb 0:8918a71cdbe9 25 * @author Oryx Embedded SARL (www.oryx-embedded.com)
Sergunb 0:8918a71cdbe9 26 * @version 1.7.6
Sergunb 0:8918a71cdbe9 27 **/
Sergunb 0:8918a71cdbe9 28
Sergunb 0:8918a71cdbe9 29 #ifndef _TLS_H
Sergunb 0:8918a71cdbe9 30 #define _TLS_H
Sergunb 0:8918a71cdbe9 31
Sergunb 0:8918a71cdbe9 32 //Dependencies
Sergunb 0:8918a71cdbe9 33 #include "os_port.h"
Sergunb 0:8918a71cdbe9 34 #include "crypto.h"
Sergunb 0:8918a71cdbe9 35 #include "tls_config.h"
Sergunb 0:8918a71cdbe9 36 #include "hmac.h"
Sergunb 0:8918a71cdbe9 37 #include "rsa.h"
Sergunb 0:8918a71cdbe9 38 #include "dsa.h"
Sergunb 0:8918a71cdbe9 39 #include "ecdsa.h"
Sergunb 0:8918a71cdbe9 40 #include "dh.h"
Sergunb 0:8918a71cdbe9 41 #include "ecdh.h"
Sergunb 0:8918a71cdbe9 42 #include "cipher_mode_gcm.h"
Sergunb 0:8918a71cdbe9 43
Sergunb 0:8918a71cdbe9 44 //TLS version numbers
Sergunb 0:8918a71cdbe9 45 #define SSL_VERSION_3_0 0x0300
Sergunb 0:8918a71cdbe9 46 #define TLS_VERSION_1_0 0x0301
Sergunb 0:8918a71cdbe9 47 #define TLS_VERSION_1_1 0x0302
Sergunb 0:8918a71cdbe9 48 #define TLS_VERSION_1_2 0x0303
Sergunb 0:8918a71cdbe9 49
Sergunb 0:8918a71cdbe9 50 //Enable SSL/TLS support
Sergunb 0:8918a71cdbe9 51 #ifndef TLS_SUPPORT
Sergunb 0:8918a71cdbe9 52 #define TLS_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 53 #elif (TLS_SUPPORT != ENABLED && TLS_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 54 #error TLS_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 55 #endif
Sergunb 0:8918a71cdbe9 56
Sergunb 0:8918a71cdbe9 57 //Client mode of operation
Sergunb 0:8918a71cdbe9 58 #ifndef TLS_CLIENT_SUPPORT
Sergunb 0:8918a71cdbe9 59 #define TLS_CLIENT_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 60 #elif (TLS_CLIENT_SUPPORT != ENABLED && TLS_CLIENT_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 61 #error TLS_CLIENT_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 62 #endif
Sergunb 0:8918a71cdbe9 63
Sergunb 0:8918a71cdbe9 64 //Server mode of operation
Sergunb 0:8918a71cdbe9 65 #ifndef TLS_SERVER_SUPPORT
Sergunb 0:8918a71cdbe9 66 #define TLS_SERVER_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 67 #elif (TLS_SERVER_SUPPORT != ENABLED && TLS_SERVER_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 68 #error TLS_SERVER_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 69 #endif
Sergunb 0:8918a71cdbe9 70
Sergunb 0:8918a71cdbe9 71 //Minimum version that can be negotiated
Sergunb 0:8918a71cdbe9 72 #ifndef TLS_MIN_VERSION
Sergunb 0:8918a71cdbe9 73 #define TLS_MIN_VERSION TLS_VERSION_1_0
Sergunb 0:8918a71cdbe9 74 #elif (TLS_MIN_VERSION < SSL_VERSION_3_0)
Sergunb 0:8918a71cdbe9 75 #error TLS_MIN_VERSION parameter is not valid
Sergunb 0:8918a71cdbe9 76 #endif
Sergunb 0:8918a71cdbe9 77
Sergunb 0:8918a71cdbe9 78 //Maximum version that can be negotiated
Sergunb 0:8918a71cdbe9 79 #ifndef TLS_MAX_VERSION
Sergunb 0:8918a71cdbe9 80 #define TLS_MAX_VERSION TLS_VERSION_1_2
Sergunb 0:8918a71cdbe9 81 #elif (TLS_MAX_VERSION > TLS_VERSION_1_2 || TLS_MAX_VERSION < TLS_MIN_VERSION)
Sergunb 0:8918a71cdbe9 82 #error TLS_MAX_VERSION parameter is not valid
Sergunb 0:8918a71cdbe9 83 #endif
Sergunb 0:8918a71cdbe9 84
Sergunb 0:8918a71cdbe9 85 //Session resumption mechanism
Sergunb 0:8918a71cdbe9 86 #ifndef TLS_SESSION_RESUME_SUPPORT
Sergunb 0:8918a71cdbe9 87 #define TLS_SESSION_RESUME_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 88 #elif (TLS_SESSION_RESUME_SUPPORT != ENABLED && TLS_SESSION_RESUME_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 89 #error TLS_SESSION_RESUME_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 90 #endif
Sergunb 0:8918a71cdbe9 91
Sergunb 0:8918a71cdbe9 92 //Lifetime of session cache entries
Sergunb 0:8918a71cdbe9 93 #ifndef TLS_SESSION_CACHE_LIFETIME
Sergunb 0:8918a71cdbe9 94 #define TLS_SESSION_CACHE_LIFETIME 3600000
Sergunb 0:8918a71cdbe9 95 #elif (TLS_SESSION_CACHE_LIFETIME < 1000)
Sergunb 0:8918a71cdbe9 96 #error TLS_SESSION_CACHE_LIFETIME parameter is not valid
Sergunb 0:8918a71cdbe9 97 #endif
Sergunb 0:8918a71cdbe9 98
Sergunb 0:8918a71cdbe9 99 //SNI (Server Name Indication) extension
Sergunb 0:8918a71cdbe9 100 #ifndef TLS_SNI_SUPPORT
Sergunb 0:8918a71cdbe9 101 #define TLS_SNI_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 102 #elif (TLS_SNI_SUPPORT != ENABLED && TLS_SNI_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 103 #error TLS_SNI_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 104 #endif
Sergunb 0:8918a71cdbe9 105
Sergunb 0:8918a71cdbe9 106 //ALPN (Application-Layer Protocol Negotiation) extension
Sergunb 0:8918a71cdbe9 107 #ifndef TLS_ALPN_SUPPORT
Sergunb 0:8918a71cdbe9 108 #define TLS_ALPN_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 109 #elif (TLS_ALPN_SUPPORT != ENABLED && TLS_ALPN_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 110 #error TLS_ALPN_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 111 #endif
Sergunb 0:8918a71cdbe9 112
Sergunb 0:8918a71cdbe9 113 //Maximum number of certificates the end entity can load
Sergunb 0:8918a71cdbe9 114 #ifndef TLS_MAX_CERTIFICATES
Sergunb 0:8918a71cdbe9 115 #define TLS_MAX_CERTIFICATES 3
Sergunb 0:8918a71cdbe9 116 #elif (TLS_MAX_CERTIFICATES < 1)
Sergunb 0:8918a71cdbe9 117 #error TLS_MAX_CERTIFICATES parameter is not valid
Sergunb 0:8918a71cdbe9 118 #endif
Sergunb 0:8918a71cdbe9 119
Sergunb 0:8918a71cdbe9 120 //RSA key exchange support
Sergunb 0:8918a71cdbe9 121 #ifndef TLS_RSA_SUPPORT
Sergunb 0:8918a71cdbe9 122 #define TLS_RSA_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 123 #elif (TLS_RSA_SUPPORT != ENABLED && TLS_RSA_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 124 #error TLS_RSA_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 125 #endif
Sergunb 0:8918a71cdbe9 126
Sergunb 0:8918a71cdbe9 127 //DHE_RSA key exchange support
Sergunb 0:8918a71cdbe9 128 #ifndef TLS_DHE_RSA_SUPPORT
Sergunb 0:8918a71cdbe9 129 #define TLS_DHE_RSA_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 130 #elif (TLS_DHE_RSA_SUPPORT != ENABLED && TLS_DHE_RSA_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 131 #error TLS_DHE_RSA_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 132 #endif
Sergunb 0:8918a71cdbe9 133
Sergunb 0:8918a71cdbe9 134 //DHE_DSS key exchange support
Sergunb 0:8918a71cdbe9 135 #ifndef TLS_DHE_DSS_SUPPORT
Sergunb 0:8918a71cdbe9 136 #define TLS_DHE_DSS_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 137 #elif (TLS_DHE_DSS_SUPPORT != ENABLED && TLS_DHE_DSS_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 138 #error TLS_DHE_DSS_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 139 #endif
Sergunb 0:8918a71cdbe9 140
Sergunb 0:8918a71cdbe9 141 //DH_anon key exchange support
Sergunb 0:8918a71cdbe9 142 #ifndef TLS_DH_ANON_SUPPORT
Sergunb 0:8918a71cdbe9 143 #define TLS_DH_ANON_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 144 #elif (TLS_DH_ANON_SUPPORT != ENABLED && TLS_DH_ANON_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 145 #error TLS_DH_ANON_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 146 #endif
Sergunb 0:8918a71cdbe9 147
Sergunb 0:8918a71cdbe9 148 //ECDHE_RSA key exchange support
Sergunb 0:8918a71cdbe9 149 #ifndef TLS_ECDHE_RSA_SUPPORT
Sergunb 0:8918a71cdbe9 150 #define TLS_ECDHE_RSA_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 151 #elif (TLS_ECDHE_RSA_SUPPORT != ENABLED && TLS_ECDHE_RSA_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 152 #error TLS_ECDHE_RSA_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 153 #endif
Sergunb 0:8918a71cdbe9 154
Sergunb 0:8918a71cdbe9 155 //ECDHE_ECDSA key exchange support
Sergunb 0:8918a71cdbe9 156 #ifndef TLS_ECDHE_ECDSA_SUPPORT
Sergunb 0:8918a71cdbe9 157 #define TLS_ECDHE_ECDSA_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 158 #elif (TLS_ECDHE_ECDSA_SUPPORT != ENABLED && TLS_ECDHE_ECDSA_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 159 #error TLS_ECDHE_ECDSA_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 160 #endif
Sergunb 0:8918a71cdbe9 161
Sergunb 0:8918a71cdbe9 162 //ECDH_anon key exchange support
Sergunb 0:8918a71cdbe9 163 #ifndef TLS_ECDH_ANON_SUPPORT
Sergunb 0:8918a71cdbe9 164 #define TLS_ECDH_ANON_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 165 #elif (TLS_ECDH_ANON_SUPPORT != ENABLED && TLS_ECDH_ANON_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 166 #error TLS_ECDH_ANON_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 167 #endif
Sergunb 0:8918a71cdbe9 168
Sergunb 0:8918a71cdbe9 169 //PSK key exchange support
Sergunb 0:8918a71cdbe9 170 #ifndef TLS_PSK_SUPPORT
Sergunb 0:8918a71cdbe9 171 #define TLS_PSK_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 172 #elif (TLS_PSK_SUPPORT != ENABLED && TLS_PSK_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 173 #error TLS_PSK_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 174 #endif
Sergunb 0:8918a71cdbe9 175
Sergunb 0:8918a71cdbe9 176 //RSA_PSK key exchange support
Sergunb 0:8918a71cdbe9 177 #ifndef TLS_RSA_PSK_SUPPORT
Sergunb 0:8918a71cdbe9 178 #define TLS_RSA_PSK_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 179 #elif (TLS_RSA_PSK_SUPPORT != ENABLED && TLS_RSA_PSK_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 180 #error TLS_RSA_PSK_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 181 #endif
Sergunb 0:8918a71cdbe9 182
Sergunb 0:8918a71cdbe9 183 //DHE_PSK key exchange support
Sergunb 0:8918a71cdbe9 184 #ifndef TLS_DHE_PSK_SUPPORT
Sergunb 0:8918a71cdbe9 185 #define TLS_DHE_PSK_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 186 #elif (TLS_DHE_PSK_SUPPORT != ENABLED && TLS_DHE_PSK_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 187 #error TLS_DHE_PSK_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 188 #endif
Sergunb 0:8918a71cdbe9 189
Sergunb 0:8918a71cdbe9 190 //ECDHE_PSK key exchange support
Sergunb 0:8918a71cdbe9 191 #ifndef TLS_ECDHE_PSK_SUPPORT
Sergunb 0:8918a71cdbe9 192 #define TLS_ECDHE_PSK_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 193 #elif (TLS_ECDHE_PSK_SUPPORT != ENABLED && TLS_ECDHE_PSK_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 194 #error TLS_ECDHE_PSK_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 195 #endif
Sergunb 0:8918a71cdbe9 196
Sergunb 0:8918a71cdbe9 197 //RSA signature capability
Sergunb 0:8918a71cdbe9 198 #ifndef TLS_RSA_SIGN_SUPPORT
Sergunb 0:8918a71cdbe9 199 #define TLS_RSA_SIGN_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 200 #elif (TLS_RSA_SIGN_SUPPORT != ENABLED && TLS_RSA_SIGN_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 201 #error TLS_RSA_SIGN_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 202 #endif
Sergunb 0:8918a71cdbe9 203
Sergunb 0:8918a71cdbe9 204 //DSA signature capability
Sergunb 0:8918a71cdbe9 205 #ifndef TLS_DSA_SIGN_SUPPORT
Sergunb 0:8918a71cdbe9 206 #define TLS_DSA_SIGN_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 207 #elif (TLS_DSA_SIGN_SUPPORT != ENABLED && TLS_DSA_SIGN_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 208 #error TLS_DSA_SIGN_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 209 #endif
Sergunb 0:8918a71cdbe9 210
Sergunb 0:8918a71cdbe9 211 //ECDSA signature capability
Sergunb 0:8918a71cdbe9 212 #ifndef TLS_ECDSA_SIGN_SUPPORT
Sergunb 0:8918a71cdbe9 213 #define TLS_ECDSA_SIGN_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 214 #elif (TLS_ECDSA_SIGN_SUPPORT != ENABLED && TLS_ECDSA_SIGN_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 215 #error TLS_ECDSA_SIGN_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 216 #endif
Sergunb 0:8918a71cdbe9 217
Sergunb 0:8918a71cdbe9 218 //Stream cipher support
Sergunb 0:8918a71cdbe9 219 #ifndef TLS_STREAM_CIPHER_SUPPORT
Sergunb 0:8918a71cdbe9 220 #define TLS_STREAM_CIPHER_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 221 #elif (TLS_STREAM_CIPHER_SUPPORT != ENABLED && TLS_STREAM_CIPHER_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 222 #error TLS_STREAM_CIPHER_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 223 #endif
Sergunb 0:8918a71cdbe9 224
Sergunb 0:8918a71cdbe9 225 //CBC block cipher support
Sergunb 0:8918a71cdbe9 226 #ifndef TLS_CBC_CIPHER_SUPPORT
Sergunb 0:8918a71cdbe9 227 #define TLS_CBC_CIPHER_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 228 #elif (TLS_CBC_CIPHER_SUPPORT != ENABLED && TLS_CBC_CIPHER_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 229 #error TLS_CBC_CIPHER_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 230 #endif
Sergunb 0:8918a71cdbe9 231
Sergunb 0:8918a71cdbe9 232 //CCM AEAD support
Sergunb 0:8918a71cdbe9 233 #ifndef TLS_CCM_CIPHER_SUPPORT
Sergunb 0:8918a71cdbe9 234 #define TLS_CCM_CIPHER_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 235 #elif (TLS_CCM_CIPHER_SUPPORT != ENABLED && TLS_CCM_CIPHER_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 236 #error TLS_CCM_CIPHER_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 237 #endif
Sergunb 0:8918a71cdbe9 238
Sergunb 0:8918a71cdbe9 239 //CCM_8 AEAD support
Sergunb 0:8918a71cdbe9 240 #ifndef TLS_CCM_8_CIPHER_SUPPORT
Sergunb 0:8918a71cdbe9 241 #define TLS_CCM_8_CIPHER_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 242 #elif (TLS_CCM_8_CIPHER_SUPPORT != ENABLED && TLS_CCM_8_CIPHER_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 243 #error TLS_CCM_8_CIPHER_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 244 #endif
Sergunb 0:8918a71cdbe9 245
Sergunb 0:8918a71cdbe9 246 //GCM AEAD support
Sergunb 0:8918a71cdbe9 247 #ifndef TLS_GCM_CIPHER_SUPPORT
Sergunb 0:8918a71cdbe9 248 #define TLS_GCM_CIPHER_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 249 #elif (TLS_GCM_CIPHER_SUPPORT != ENABLED && TLS_GCM_CIPHER_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 250 #error TLS_GCM_CIPHER_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 251 #endif
Sergunb 0:8918a71cdbe9 252
Sergunb 0:8918a71cdbe9 253 //ChaCha20Poly1305 AEAD support
Sergunb 0:8918a71cdbe9 254 #ifndef TLS_CHACHA20_POLY1305_SUPPORT
Sergunb 0:8918a71cdbe9 255 #define TLS_CHACHA20_POLY1305_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 256 #elif (TLS_CHACHA20_POLY1305_SUPPORT != ENABLED && TLS_CHACHA20_POLY1305_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 257 #error TLS_CHACHA20_POLY1305_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 258 #endif
Sergunb 0:8918a71cdbe9 259
Sergunb 0:8918a71cdbe9 260 //RC4 cipher support
Sergunb 0:8918a71cdbe9 261 #ifndef TLS_RC4_SUPPORT
Sergunb 0:8918a71cdbe9 262 #define TLS_RC4_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 263 #elif (TLS_RC4_SUPPORT != ENABLED && TLS_RC4_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 264 #error TLS_RC4_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 265 #endif
Sergunb 0:8918a71cdbe9 266
Sergunb 0:8918a71cdbe9 267 //IDEA cipher support
Sergunb 0:8918a71cdbe9 268 #ifndef TLS_IDEA_SUPPORT
Sergunb 0:8918a71cdbe9 269 #define TLS_IDEA_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 270 #elif (TLS_IDEA_SUPPORT != ENABLED && TLS_IDEA_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 271 #error TLS_IDEA_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 272 #endif
Sergunb 0:8918a71cdbe9 273
Sergunb 0:8918a71cdbe9 274 //DES cipher support
Sergunb 0:8918a71cdbe9 275 #ifndef TLS_DES_SUPPORT
Sergunb 0:8918a71cdbe9 276 #define TLS_DES_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 277 #elif (TLS_DES_SUPPORT != ENABLED && TLS_DES_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 278 #error TLS_DES_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 279 #endif
Sergunb 0:8918a71cdbe9 280
Sergunb 0:8918a71cdbe9 281 //Triple DES cipher support
Sergunb 0:8918a71cdbe9 282 #ifndef TLS_3DES_SUPPORT
Sergunb 0:8918a71cdbe9 283 #define TLS_3DES_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 284 #elif (TLS_3DES_SUPPORT != ENABLED && TLS_3DES_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 285 #error TLS_3DES_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 286 #endif
Sergunb 0:8918a71cdbe9 287
Sergunb 0:8918a71cdbe9 288 //AES cipher support
Sergunb 0:8918a71cdbe9 289 #ifndef TLS_AES_SUPPORT
Sergunb 0:8918a71cdbe9 290 #define TLS_AES_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 291 #elif (TLS_AES_SUPPORT != ENABLED && TLS_AES_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 292 #error TLS_AES_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 293 #endif
Sergunb 0:8918a71cdbe9 294
Sergunb 0:8918a71cdbe9 295 //Camellia cipher support
Sergunb 0:8918a71cdbe9 296 #ifndef TLS_CAMELLIA_SUPPORT
Sergunb 0:8918a71cdbe9 297 #define TLS_CAMELLIA_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 298 #elif (TLS_CAMELLIA_SUPPORT != ENABLED && TLS_CAMELLIA_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 299 #error TLS_CAMELLIA_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 300 #endif
Sergunb 0:8918a71cdbe9 301
Sergunb 0:8918a71cdbe9 302 //SEED cipher support
Sergunb 0:8918a71cdbe9 303 #ifndef TLS_SEED_SUPPORT
Sergunb 0:8918a71cdbe9 304 #define TLS_SEED_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 305 #elif (TLS_SEED_SUPPORT != ENABLED && TLS_SEED_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 306 #error TLS_SEED_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 307 #endif
Sergunb 0:8918a71cdbe9 308
Sergunb 0:8918a71cdbe9 309 //ARIA cipher support
Sergunb 0:8918a71cdbe9 310 #ifndef TLS_ARIA_SUPPORT
Sergunb 0:8918a71cdbe9 311 #define TLS_ARIA_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 312 #elif (TLS_ARIA_SUPPORT != ENABLED && TLS_ARIA_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 313 #error TLS_ARIA_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 314 #endif
Sergunb 0:8918a71cdbe9 315
Sergunb 0:8918a71cdbe9 316 //MD5 hash support
Sergunb 0:8918a71cdbe9 317 #ifndef TLS_MD5_SUPPORT
Sergunb 0:8918a71cdbe9 318 #define TLS_MD5_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 319 #elif (TLS_MD5_SUPPORT != ENABLED && TLS_MD5_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 320 #error TLS_MD5_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 321 #endif
Sergunb 0:8918a71cdbe9 322
Sergunb 0:8918a71cdbe9 323 //SHA-1 hash support
Sergunb 0:8918a71cdbe9 324 #ifndef TLS_SHA1_SUPPORT
Sergunb 0:8918a71cdbe9 325 #define TLS_SHA1_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 326 #elif (TLS_SHA1_SUPPORT != ENABLED && TLS_SHA1_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 327 #error TLS_SHA1_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 328 #endif
Sergunb 0:8918a71cdbe9 329
Sergunb 0:8918a71cdbe9 330 //SHA-224 hash support
Sergunb 0:8918a71cdbe9 331 #ifndef TLS_SHA224_SUPPORT
Sergunb 0:8918a71cdbe9 332 #define TLS_SHA224_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 333 #elif (TLS_SHA224_SUPPORT != ENABLED && TLS_SHA224_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 334 #error TLS_SHA224_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 335 #endif
Sergunb 0:8918a71cdbe9 336
Sergunb 0:8918a71cdbe9 337 //SHA-256 hash support
Sergunb 0:8918a71cdbe9 338 #ifndef TLS_SHA256_SUPPORT
Sergunb 0:8918a71cdbe9 339 #define TLS_SHA256_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 340 #elif (TLS_SHA256_SUPPORT != ENABLED && TLS_SHA256_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 341 #error TLS_SHA256_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 342 #endif
Sergunb 0:8918a71cdbe9 343
Sergunb 0:8918a71cdbe9 344 //SHA-384 hash support
Sergunb 0:8918a71cdbe9 345 #ifndef TLS_SHA384_SUPPORT
Sergunb 0:8918a71cdbe9 346 #define TLS_SHA384_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 347 #elif (TLS_SHA384_SUPPORT != ENABLED && TLS_SHA384_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 348 #error TLS_SHA384_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 349 #endif
Sergunb 0:8918a71cdbe9 350
Sergunb 0:8918a71cdbe9 351 //SHA-512 hash support
Sergunb 0:8918a71cdbe9 352 #ifndef TLS_SHA512_SUPPORT
Sergunb 0:8918a71cdbe9 353 #define TLS_SHA512_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 354 #elif (TLS_SHA512_SUPPORT != ENABLED && TLS_SHA512_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 355 #error TLS_SHA512_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 356 #endif
Sergunb 0:8918a71cdbe9 357
Sergunb 0:8918a71cdbe9 358 //secp160k1 elliptic curve support
Sergunb 0:8918a71cdbe9 359 #ifndef TLS_SECP160K1_SUPPORT
Sergunb 0:8918a71cdbe9 360 #define TLS_SECP160K1_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 361 #elif (TLS_SECP160K1_SUPPORT != ENABLED && TLS_SECP160K1_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 362 #error TLS_SECP160K1_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 363 #endif
Sergunb 0:8918a71cdbe9 364
Sergunb 0:8918a71cdbe9 365 //secp160r1 elliptic curve support
Sergunb 0:8918a71cdbe9 366 #ifndef TLS_SECP160R1_SUPPORT
Sergunb 0:8918a71cdbe9 367 #define TLS_SECP160R1_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 368 #elif (TLS_SECP160R1_SUPPORT != ENABLED && TLS_SECP160R1_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 369 #error TLS_SECP160R1_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 370 #endif
Sergunb 0:8918a71cdbe9 371
Sergunb 0:8918a71cdbe9 372 //secp160r2 elliptic curve support
Sergunb 0:8918a71cdbe9 373 #ifndef TLS_SECP160R2_SUPPORT
Sergunb 0:8918a71cdbe9 374 #define TLS_SECP160R2_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 375 #elif (TLS_SECP160R2_SUPPORT != ENABLED && TLS_SECP160R2_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 376 #error TLS_SECP160R2_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 377 #endif
Sergunb 0:8918a71cdbe9 378
Sergunb 0:8918a71cdbe9 379 //secp192k1 elliptic curve support
Sergunb 0:8918a71cdbe9 380 #ifndef TLS_SECP192K1_SUPPORT
Sergunb 0:8918a71cdbe9 381 #define TLS_SECP192K1_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 382 #elif (TLS_SECP192K1_SUPPORT != ENABLED && TLS_SECP192K1_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 383 #error TLS_SECP192K1_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 384 #endif
Sergunb 0:8918a71cdbe9 385
Sergunb 0:8918a71cdbe9 386 //secp192r1 elliptic curve support
Sergunb 0:8918a71cdbe9 387 #ifndef TLS_SECP192R1_SUPPORT
Sergunb 0:8918a71cdbe9 388 #define TLS_SECP192R1_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 389 #elif (TLS_SECP192R1_SUPPORT != ENABLED && TLS_SECP192R1_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 390 #error TLS_SECP192R1_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 391 #endif
Sergunb 0:8918a71cdbe9 392
Sergunb 0:8918a71cdbe9 393 //secp224k1 elliptic curve support
Sergunb 0:8918a71cdbe9 394 #ifndef TLS_SECP224K1_SUPPORT
Sergunb 0:8918a71cdbe9 395 #define TLS_SECP224K1_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 396 #elif (TLS_SECP224K1_SUPPORT != ENABLED && TLS_SECP224K1_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 397 #error TLS_SECP224K1_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 398 #endif
Sergunb 0:8918a71cdbe9 399
Sergunb 0:8918a71cdbe9 400 //secp224r1 elliptic curve support
Sergunb 0:8918a71cdbe9 401 #ifndef TLS_SECP224R1_SUPPORT
Sergunb 0:8918a71cdbe9 402 #define TLS_SECP224R1_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 403 #elif (TLS_SECP224R1_SUPPORT != ENABLED && TLS_SECP224R1_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 404 #error TLS_SECP224R1_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 405 #endif
Sergunb 0:8918a71cdbe9 406
Sergunb 0:8918a71cdbe9 407 //secp256k1 elliptic curve support
Sergunb 0:8918a71cdbe9 408 #ifndef TLS_SECP256K1_SUPPORT
Sergunb 0:8918a71cdbe9 409 #define TLS_SECP256K1_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 410 #elif (TLS_SECP256K1_SUPPORT != ENABLED && TLS_SECP256K1_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 411 #error TLS_SECP256K1_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 412 #endif
Sergunb 0:8918a71cdbe9 413
Sergunb 0:8918a71cdbe9 414 //secp256r1 elliptic curve support
Sergunb 0:8918a71cdbe9 415 #ifndef TLS_SECP256R1_SUPPORT
Sergunb 0:8918a71cdbe9 416 #define TLS_SECP256R1_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 417 #elif (TLS_SECP256R1_SUPPORT != ENABLED && TLS_SECP256R1_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 418 #error TLS_SECP256R1_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 419 #endif
Sergunb 0:8918a71cdbe9 420
Sergunb 0:8918a71cdbe9 421 //secp384r1 elliptic curve support
Sergunb 0:8918a71cdbe9 422 #ifndef TLS_SECP384R1_SUPPORT
Sergunb 0:8918a71cdbe9 423 #define TLS_SECP384R1_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 424 #elif (TLS_SECP384R1_SUPPORT != ENABLED && TLS_SECP384R1_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 425 #error TLS_SECP384R1_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 426 #endif
Sergunb 0:8918a71cdbe9 427
Sergunb 0:8918a71cdbe9 428 //secp521r1 elliptic curve support
Sergunb 0:8918a71cdbe9 429 #ifndef TLS_SECP521R1_SUPPORT
Sergunb 0:8918a71cdbe9 430 #define TLS_SECP521R1_SUPPORT ENABLED
Sergunb 0:8918a71cdbe9 431 #elif (TLS_SECP521R1_SUPPORT != ENABLED && TLS_SECP521R1_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 432 #error TLS_SECP521R1_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 433 #endif
Sergunb 0:8918a71cdbe9 434
Sergunb 0:8918a71cdbe9 435 //brainpoolP256r1 elliptic curve support
Sergunb 0:8918a71cdbe9 436 #ifndef TLS_BRAINPOOLP256R1_SUPPORT
Sergunb 0:8918a71cdbe9 437 #define TLS_BRAINPOOLP256R1_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 438 #elif (TLS_BRAINPOOLP256R1_SUPPORT != ENABLED && TLS_BRAINPOOLP256R1_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 439 #error TLS_BRAINPOOLP256R1_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 440 #endif
Sergunb 0:8918a71cdbe9 441
Sergunb 0:8918a71cdbe9 442 //brainpoolP384r1 elliptic curve support
Sergunb 0:8918a71cdbe9 443 #ifndef TLS_BRAINPOOLP384R1_SUPPORT
Sergunb 0:8918a71cdbe9 444 #define TLS_BRAINPOOLP384R1_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 445 #elif (TLS_BRAINPOOLP384R1_SUPPORT != ENABLED && TLS_BRAINPOOLP384R1_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 446 #error TLS_BRAINPOOLP384R1_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 447 #endif
Sergunb 0:8918a71cdbe9 448
Sergunb 0:8918a71cdbe9 449 //brainpoolP512r1 elliptic curve support
Sergunb 0:8918a71cdbe9 450 #ifndef TLS_BRAINPOOLP512R1_SUPPORT
Sergunb 0:8918a71cdbe9 451 #define TLS_BRAINPOOLP512R1_SUPPORT DISABLED
Sergunb 0:8918a71cdbe9 452 #elif (TLS_BRAINPOOLP512R1_SUPPORT != ENABLED && TLS_BRAINPOOLP512R1_SUPPORT != DISABLED)
Sergunb 0:8918a71cdbe9 453 #error TLS_BRAINPOOLP512R1_SUPPORT parameter is not valid
Sergunb 0:8918a71cdbe9 454 #endif
Sergunb 0:8918a71cdbe9 455
Sergunb 0:8918a71cdbe9 456 //Minimum acceptable size for Diffie-Hellman prime modulus
Sergunb 0:8918a71cdbe9 457 #ifndef TLS_MIN_DH_MODULUS_SIZE
Sergunb 0:8918a71cdbe9 458 #define TLS_MIN_DH_MODULUS_SIZE 1024
Sergunb 0:8918a71cdbe9 459 #elif (TLS_MIN_DH_MODULUS_SIZE < 512)
Sergunb 0:8918a71cdbe9 460 #error TLS_MIN_DH_MODULUS_SIZE parameter is not valid
Sergunb 0:8918a71cdbe9 461 #endif
Sergunb 0:8918a71cdbe9 462
Sergunb 0:8918a71cdbe9 463 //Maximum acceptable size for Diffie-Hellman prime modulus
Sergunb 0:8918a71cdbe9 464 #ifndef TLS_MAX_DH_MODULUS_SIZE
Sergunb 0:8918a71cdbe9 465 #define TLS_MAX_DH_MODULUS_SIZE 4096
Sergunb 0:8918a71cdbe9 466 #elif (TLS_MAX_DH_MODULUS_SIZE < TLS_MIN_DH_MODULUS_SIZE)
Sergunb 0:8918a71cdbe9 467 #error TLS_MAX_DH_MODULUS_SIZE parameter is not valid
Sergunb 0:8918a71cdbe9 468 #endif
Sergunb 0:8918a71cdbe9 469
Sergunb 0:8918a71cdbe9 470 //Minimum acceptable size for RSA modulus
Sergunb 0:8918a71cdbe9 471 #ifndef TLS_MIN_RSA_MODULUS_SIZE
Sergunb 0:8918a71cdbe9 472 #define TLS_MIN_RSA_MODULUS_SIZE 1024
Sergunb 0:8918a71cdbe9 473 #elif (TLS_MIN_RSA_MODULUS_SIZE < 512)
Sergunb 0:8918a71cdbe9 474 #error TLS_MIN_RSA_MODULUS_SIZE parameter is not valid
Sergunb 0:8918a71cdbe9 475 #endif
Sergunb 0:8918a71cdbe9 476
Sergunb 0:8918a71cdbe9 477 //Maximum acceptable size for RSA modulus
Sergunb 0:8918a71cdbe9 478 #ifndef TLS_MAX_RSA_MODULUS_SIZE
Sergunb 0:8918a71cdbe9 479 #define TLS_MAX_RSA_MODULUS_SIZE 4096
Sergunb 0:8918a71cdbe9 480 #elif (TLS_MAX_RSA_MODULUS_SIZE < TLS_MIN_RSA_MODULUS_SIZE)
Sergunb 0:8918a71cdbe9 481 #error TLS_MAX_RSA_MODULUS_SIZE parameter is not valid
Sergunb 0:8918a71cdbe9 482 #endif
Sergunb 0:8918a71cdbe9 483
Sergunb 0:8918a71cdbe9 484 //Minimum acceptable size for DSA prime modulus
Sergunb 0:8918a71cdbe9 485 #ifndef TLS_MIN_DSA_MODULUS_SIZE
Sergunb 0:8918a71cdbe9 486 #define TLS_MIN_DSA_MODULUS_SIZE 1024
Sergunb 0:8918a71cdbe9 487 #elif (TLS_MIN_DSA_MODULUS_SIZE < 512)
Sergunb 0:8918a71cdbe9 488 #error TLS_MIN_DSA_MODULUS_SIZE parameter is not valid
Sergunb 0:8918a71cdbe9 489 #endif
Sergunb 0:8918a71cdbe9 490
Sergunb 0:8918a71cdbe9 491 //Maximum acceptable size for DSA prime modulus
Sergunb 0:8918a71cdbe9 492 #ifndef TLS_MAX_DSA_MODULUS_SIZE
Sergunb 0:8918a71cdbe9 493 #define TLS_MAX_DSA_MODULUS_SIZE 4096
Sergunb 0:8918a71cdbe9 494 #elif (TLS_MAX_DSA_MODULUS_SIZE < TLS_MIN_DSA_MODULUS_SIZE)
Sergunb 0:8918a71cdbe9 495 #error TLS_MAX_DSA_MODULUS_SIZE parameter is not valid
Sergunb 0:8918a71cdbe9 496 #endif
Sergunb 0:8918a71cdbe9 497
Sergunb 0:8918a71cdbe9 498 //Maximum size for premaster secret
Sergunb 0:8918a71cdbe9 499 #ifndef TLS_MAX_PREMASTER_SECRET_SIZE
Sergunb 0:8918a71cdbe9 500 #define TLS_MAX_PREMASTER_SECRET_SIZE 256
Sergunb 0:8918a71cdbe9 501 #elif (TLS_MAX_PREMASTER_SECRET_SIZE < 48)
Sergunb 0:8918a71cdbe9 502 #error TLS_MAX_PREMASTER_SECRET_SIZE parameter is not valid
Sergunb 0:8918a71cdbe9 503 #endif
Sergunb 0:8918a71cdbe9 504
Sergunb 0:8918a71cdbe9 505 //Memory allocation
Sergunb 0:8918a71cdbe9 506 #ifndef tlsAllocMem
Sergunb 0:8918a71cdbe9 507 #define tlsAllocMem(size) osAllocMem(size)
Sergunb 0:8918a71cdbe9 508 #endif
Sergunb 0:8918a71cdbe9 509
Sergunb 0:8918a71cdbe9 510 //Memory deallocation
Sergunb 0:8918a71cdbe9 511 #ifndef tlsFreeMem
Sergunb 0:8918a71cdbe9 512 #define tlsFreeMem(p) osFreeMem(p)
Sergunb 0:8918a71cdbe9 513 #endif
Sergunb 0:8918a71cdbe9 514
Sergunb 0:8918a71cdbe9 515 //Bind TLS to a particular socket
Sergunb 0:8918a71cdbe9 516 #define tlsSetSocket(context, socket) tlsSetIoCallbacks(context, (TlsIoHandle) socket, \
Sergunb 0:8918a71cdbe9 517 (TlsIoSendCallback) socketSend, (TlsIoReceiveCallback) socketReceive)
Sergunb 0:8918a71cdbe9 518
Sergunb 0:8918a71cdbe9 519 //Maximum plaintext record length
Sergunb 0:8918a71cdbe9 520 #define TLS_MAX_RECORD_LENGTH 16384
Sergunb 0:8918a71cdbe9 521 //Data overhead caused by record encryption
Sergunb 0:8918a71cdbe9 522 #define TLS_MAX_RECORD_OVERHEAD 512
Sergunb 0:8918a71cdbe9 523
Sergunb 0:8918a71cdbe9 524 //Forward declaration of TlsContext structure
Sergunb 0:8918a71cdbe9 525 struct _TlsContext;
Sergunb 0:8918a71cdbe9 526 #define TlsContext struct _TlsContext
Sergunb 0:8918a71cdbe9 527
Sergunb 0:8918a71cdbe9 528
Sergunb 0:8918a71cdbe9 529 /**
Sergunb 0:8918a71cdbe9 530 * @brief TLS connection end
Sergunb 0:8918a71cdbe9 531 **/
Sergunb 0:8918a71cdbe9 532
Sergunb 0:8918a71cdbe9 533 typedef enum
Sergunb 0:8918a71cdbe9 534 {
Sergunb 0:8918a71cdbe9 535 TLS_CONNECTION_END_CLIENT = 0,
Sergunb 0:8918a71cdbe9 536 TLS_CONNECTION_END_SERVER = 1
Sergunb 0:8918a71cdbe9 537 } TlsConnectionEnd;
Sergunb 0:8918a71cdbe9 538
Sergunb 0:8918a71cdbe9 539
Sergunb 0:8918a71cdbe9 540 /**
Sergunb 0:8918a71cdbe9 541 * @brief Client authentication mode
Sergunb 0:8918a71cdbe9 542 **/
Sergunb 0:8918a71cdbe9 543
Sergunb 0:8918a71cdbe9 544 typedef enum
Sergunb 0:8918a71cdbe9 545 {
Sergunb 0:8918a71cdbe9 546 TLS_CLIENT_AUTH_NONE = 0,
Sergunb 0:8918a71cdbe9 547 TLS_CLIENT_AUTH_OPTIONAL = 1,
Sergunb 0:8918a71cdbe9 548 TLS_CLIENT_AUTH_REQUIRED = 2
Sergunb 0:8918a71cdbe9 549 } TlsClientAuthMode;
Sergunb 0:8918a71cdbe9 550
Sergunb 0:8918a71cdbe9 551
Sergunb 0:8918a71cdbe9 552 /**
Sergunb 0:8918a71cdbe9 553 * @brief Flags used by read and write functions
Sergunb 0:8918a71cdbe9 554 **/
Sergunb 0:8918a71cdbe9 555
Sergunb 0:8918a71cdbe9 556 typedef enum
Sergunb 0:8918a71cdbe9 557 {
Sergunb 0:8918a71cdbe9 558 TLS_FLAG_WAIT_ALL = 0x0800,
Sergunb 0:8918a71cdbe9 559 TLS_FLAG_BREAK_CHAR = 0x1000,
Sergunb 0:8918a71cdbe9 560 TLS_FLAG_BREAK_CRLF = 0x100A,
Sergunb 0:8918a71cdbe9 561 TLS_FLAG_WAIT_ACK = 0x2000,
Sergunb 0:8918a71cdbe9 562 TLS_FLAG_BUFFER = 0x4000
Sergunb 0:8918a71cdbe9 563 } TlsFlags;
Sergunb 0:8918a71cdbe9 564
Sergunb 0:8918a71cdbe9 565
Sergunb 0:8918a71cdbe9 566 //The TLS_FLAG_BREAK macro causes the read function to stop reading
Sergunb 0:8918a71cdbe9 567 //data whenever the specified break character is encountered
Sergunb 0:8918a71cdbe9 568 #define TLS_FLAG_BREAK(c) (TLS_FLAG_BREAK_CHAR | LSB(c))
Sergunb 0:8918a71cdbe9 569
Sergunb 0:8918a71cdbe9 570
Sergunb 0:8918a71cdbe9 571 /**
Sergunb 0:8918a71cdbe9 572 * @brief Content type
Sergunb 0:8918a71cdbe9 573 **/
Sergunb 0:8918a71cdbe9 574
Sergunb 0:8918a71cdbe9 575 typedef enum
Sergunb 0:8918a71cdbe9 576 {
Sergunb 0:8918a71cdbe9 577 TLS_TYPE_NONE = 0,
Sergunb 0:8918a71cdbe9 578 TLS_TYPE_CHANGE_CIPHER_SPEC = 20,
Sergunb 0:8918a71cdbe9 579 TLS_TYPE_ALERT = 21,
Sergunb 0:8918a71cdbe9 580 TLS_TYPE_HANDSHAKE = 22,
Sergunb 0:8918a71cdbe9 581 TLS_TYPE_APPLICATION_DATA = 23,
Sergunb 0:8918a71cdbe9 582 TLS_TYPE_HEARTBEAT = 24
Sergunb 0:8918a71cdbe9 583 } TlsContentType;
Sergunb 0:8918a71cdbe9 584
Sergunb 0:8918a71cdbe9 585
Sergunb 0:8918a71cdbe9 586 /**
Sergunb 0:8918a71cdbe9 587 * @brief Handshake message type
Sergunb 0:8918a71cdbe9 588 **/
Sergunb 0:8918a71cdbe9 589
Sergunb 0:8918a71cdbe9 590 typedef enum
Sergunb 0:8918a71cdbe9 591 {
Sergunb 0:8918a71cdbe9 592 TLS_TYPE_HELLO_REQUEST = 0,
Sergunb 0:8918a71cdbe9 593 TLS_TYPE_CLIENT_HELLO = 1,
Sergunb 0:8918a71cdbe9 594 TLS_TYPE_SERVER_HELLO = 2,
Sergunb 0:8918a71cdbe9 595 TLS_TYPE_HELLO_VERIFY_REQUEST = 3,
Sergunb 0:8918a71cdbe9 596 TLS_TYPE_NEW_SESSION_TICKET = 4,
Sergunb 0:8918a71cdbe9 597 TLS_TYPE_CERTIFICATE = 11,
Sergunb 0:8918a71cdbe9 598 TLS_TYPE_SERVER_KEY_EXCHANGE = 12,
Sergunb 0:8918a71cdbe9 599 TLS_TYPE_CERTIFICATE_REQUEST = 13,
Sergunb 0:8918a71cdbe9 600 TLS_TYPE_SERVER_HELLO_DONE = 14,
Sergunb 0:8918a71cdbe9 601 TLS_TYPE_CERTIFICATE_VERIFY = 15,
Sergunb 0:8918a71cdbe9 602 TLS_TYPE_CLIENT_KEY_EXCHANGE = 16,
Sergunb 0:8918a71cdbe9 603 TLS_TYPE_FINISHED = 20,
Sergunb 0:8918a71cdbe9 604 TLS_TYPE_CERTIFICATE_URL = 21,
Sergunb 0:8918a71cdbe9 605 TLS_TYPE_CERTIFICATE_STATUS = 22,
Sergunb 0:8918a71cdbe9 606 TLS_TYPE_SUPPLEMENTAL_DATA = 23
Sergunb 0:8918a71cdbe9 607 } TlsMessageType;
Sergunb 0:8918a71cdbe9 608
Sergunb 0:8918a71cdbe9 609
Sergunb 0:8918a71cdbe9 610 /**
Sergunb 0:8918a71cdbe9 611 * @brief Alert level
Sergunb 0:8918a71cdbe9 612 **/
Sergunb 0:8918a71cdbe9 613
Sergunb 0:8918a71cdbe9 614 typedef enum
Sergunb 0:8918a71cdbe9 615 {
Sergunb 0:8918a71cdbe9 616 TLS_ALERT_LEVEL_WARNING = 1,
Sergunb 0:8918a71cdbe9 617 TLS_ALERT_LEVEL_FATAL = 2,
Sergunb 0:8918a71cdbe9 618 } TlsAlertLevel;
Sergunb 0:8918a71cdbe9 619
Sergunb 0:8918a71cdbe9 620
Sergunb 0:8918a71cdbe9 621 /**
Sergunb 0:8918a71cdbe9 622 * @brief Alert description
Sergunb 0:8918a71cdbe9 623 **/
Sergunb 0:8918a71cdbe9 624
Sergunb 0:8918a71cdbe9 625 typedef enum
Sergunb 0:8918a71cdbe9 626 {
Sergunb 0:8918a71cdbe9 627 TLS_ALERT_CLOSE_NOTIFY = 0,
Sergunb 0:8918a71cdbe9 628 TLS_ALERT_UNEXPECTED_MESSAGE = 10,
Sergunb 0:8918a71cdbe9 629 TLS_ALERT_BAD_RECORD_MAC = 20,
Sergunb 0:8918a71cdbe9 630 TLS_ALERT_DECRYPTION_FAILED = 21,
Sergunb 0:8918a71cdbe9 631 TLS_ALERT_RECORD_OVERFLOW = 22,
Sergunb 0:8918a71cdbe9 632 TLS_ALERT_DECOMPRESSION_FAILURE = 30,
Sergunb 0:8918a71cdbe9 633 TLS_ALERT_HANDSHAKE_FAILURE = 40,
Sergunb 0:8918a71cdbe9 634 TLS_ALERT_NO_CERTIFICATE = 41,
Sergunb 0:8918a71cdbe9 635 TLS_ALERT_BAD_CERTIFICATE = 42,
Sergunb 0:8918a71cdbe9 636 TLS_ALERT_UNSUPPORTED_CERTIFICATE = 43,
Sergunb 0:8918a71cdbe9 637 TLS_ALERT_CERTIFICATE_REVOKED = 44,
Sergunb 0:8918a71cdbe9 638 TLS_ALERT_CERTIFICATE_EXPIRED = 45,
Sergunb 0:8918a71cdbe9 639 TLS_ALERT_CERTIFICATE_UNKNOWN = 46,
Sergunb 0:8918a71cdbe9 640 TLS_ALERT_ILLEGAL_PARAMETER = 47,
Sergunb 0:8918a71cdbe9 641 TLS_ALERT_UNKNOWN_CA = 48,
Sergunb 0:8918a71cdbe9 642 TLS_ALERT_ACCESS_DENIED = 49,
Sergunb 0:8918a71cdbe9 643 TLS_ALERT_DECODE_ERROR = 50,
Sergunb 0:8918a71cdbe9 644 TLS_ALERT_DECRYPT_ERROR = 51,
Sergunb 0:8918a71cdbe9 645 TLS_ALERT_EXPORT_RESTRICTION = 60,
Sergunb 0:8918a71cdbe9 646 TLS_ALERT_PROTOCOL_VERSION = 70,
Sergunb 0:8918a71cdbe9 647 TLS_ALERT_INSUFFICIENT_SECURITY = 71,
Sergunb 0:8918a71cdbe9 648 TLS_ALERT_INTERNAL_ERROR = 80,
Sergunb 0:8918a71cdbe9 649 TLS_ALERT_INAPPROPRIATE_FALLBACK = 86,
Sergunb 0:8918a71cdbe9 650 TLS_ALERT_USER_CANCELED = 90,
Sergunb 0:8918a71cdbe9 651 TLS_ALERT_NO_RENEGOTIATION = 100,
Sergunb 0:8918a71cdbe9 652 TLS_ALERT_UNSUPPORTED_EXTENSION = 110,
Sergunb 0:8918a71cdbe9 653 TLS_ALERT_CERTIFICATE_UNOBTAINABLE = 111,
Sergunb 0:8918a71cdbe9 654 TLS_ALERT_UNRECOGNIZED_NAME = 112,
Sergunb 0:8918a71cdbe9 655 TLS_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE = 113,
Sergunb 0:8918a71cdbe9 656 TLS_ALERT_BAD_CERTIFICATE_HASH_VALUE = 114,
Sergunb 0:8918a71cdbe9 657 TLS_ALERT_UNKNOWN_PSK_IDENTITY = 115
Sergunb 0:8918a71cdbe9 658 } TlsAlertDescription;
Sergunb 0:8918a71cdbe9 659
Sergunb 0:8918a71cdbe9 660
Sergunb 0:8918a71cdbe9 661 /**
Sergunb 0:8918a71cdbe9 662 * @brief Compression methods
Sergunb 0:8918a71cdbe9 663 **/
Sergunb 0:8918a71cdbe9 664
Sergunb 0:8918a71cdbe9 665 typedef enum
Sergunb 0:8918a71cdbe9 666 {
Sergunb 0:8918a71cdbe9 667 TLS_COMPRESSION_METHOD_NULL = 0,
Sergunb 0:8918a71cdbe9 668 TLS_COMPRESSION_METHOD_DEFLATE = 1
Sergunb 0:8918a71cdbe9 669 } TlsCompressionMethodList;
Sergunb 0:8918a71cdbe9 670
Sergunb 0:8918a71cdbe9 671
Sergunb 0:8918a71cdbe9 672 /**
Sergunb 0:8918a71cdbe9 673 * @brief Key exchange methods
Sergunb 0:8918a71cdbe9 674 **/
Sergunb 0:8918a71cdbe9 675
Sergunb 0:8918a71cdbe9 676 typedef enum
Sergunb 0:8918a71cdbe9 677 {
Sergunb 0:8918a71cdbe9 678 TLS_KEY_EXCH_NONE = 0,
Sergunb 0:8918a71cdbe9 679 TLS_KEY_EXCH_RSA = 1,
Sergunb 0:8918a71cdbe9 680 TLS_KEY_EXCH_DH_RSA = 2,
Sergunb 0:8918a71cdbe9 681 TLS_KEY_EXCH_DHE_RSA = 3,
Sergunb 0:8918a71cdbe9 682 TLS_KEY_EXCH_DH_DSS = 4,
Sergunb 0:8918a71cdbe9 683 TLS_KEY_EXCH_DHE_DSS = 5,
Sergunb 0:8918a71cdbe9 684 TLS_KEY_EXCH_DH_ANON = 6,
Sergunb 0:8918a71cdbe9 685 TLS_KEY_EXCH_ECDH_RSA = 7,
Sergunb 0:8918a71cdbe9 686 TLS_KEY_EXCH_ECDHE_RSA = 8,
Sergunb 0:8918a71cdbe9 687 TLS_KEY_EXCH_ECDH_ECDSA = 9,
Sergunb 0:8918a71cdbe9 688 TLS_KEY_EXCH_ECDHE_ECDSA = 10,
Sergunb 0:8918a71cdbe9 689 TLS_KEY_EXCH_ECDH_ANON = 11,
Sergunb 0:8918a71cdbe9 690 TLS_KEY_EXCH_PSK = 12,
Sergunb 0:8918a71cdbe9 691 TLS_KEY_EXCH_RSA_PSK = 13,
Sergunb 0:8918a71cdbe9 692 TLS_KEY_EXCH_DHE_PSK = 14,
Sergunb 0:8918a71cdbe9 693 TLS_KEY_EXCH_ECDHE_PSK = 15,
Sergunb 0:8918a71cdbe9 694 TLS_KEY_EXCH_SRP_SHA = 16,
Sergunb 0:8918a71cdbe9 695 TLS_KEY_EXCH_SRP_SHA_RSA = 17,
Sergunb 0:8918a71cdbe9 696 TLS_KEY_EXCH_SRP_SHA_DSS = 18
Sergunb 0:8918a71cdbe9 697 } TlsKeyExchMethod;
Sergunb 0:8918a71cdbe9 698
Sergunb 0:8918a71cdbe9 699
Sergunb 0:8918a71cdbe9 700 /**
Sergunb 0:8918a71cdbe9 701 * @brief Certificate types
Sergunb 0:8918a71cdbe9 702 **/
Sergunb 0:8918a71cdbe9 703
Sergunb 0:8918a71cdbe9 704 typedef enum
Sergunb 0:8918a71cdbe9 705 {
Sergunb 0:8918a71cdbe9 706 TLS_CERT_NONE = 0,
Sergunb 0:8918a71cdbe9 707 TLS_CERT_RSA_SIGN = 1,
Sergunb 0:8918a71cdbe9 708 TLS_CERT_DSS_SIGN = 2,
Sergunb 0:8918a71cdbe9 709 TLS_CERT_RSA_FIXED_DH = 3,
Sergunb 0:8918a71cdbe9 710 TLS_CERT_DSS_FIXED_DH = 4,
Sergunb 0:8918a71cdbe9 711 TLS_CERT_RSA_EPHEMERAL_DH = 5,
Sergunb 0:8918a71cdbe9 712 TLS_CERT_DSS_EPHEMERAL_DH = 6,
Sergunb 0:8918a71cdbe9 713 TLS_CERT_FORTEZZA_DMS = 20,
Sergunb 0:8918a71cdbe9 714 TLS_CERT_ECDSA_SIGN = 64,
Sergunb 0:8918a71cdbe9 715 TLS_CERT_RSA_FIXED_ECDH = 65,
Sergunb 0:8918a71cdbe9 716 TLS_CERT_ECDSA_FIXED_ECDH = 66
Sergunb 0:8918a71cdbe9 717 } TlsCertificateType;
Sergunb 0:8918a71cdbe9 718
Sergunb 0:8918a71cdbe9 719
Sergunb 0:8918a71cdbe9 720 /**
Sergunb 0:8918a71cdbe9 721 * @brief Hash algorithms
Sergunb 0:8918a71cdbe9 722 **/
Sergunb 0:8918a71cdbe9 723
Sergunb 0:8918a71cdbe9 724 typedef enum
Sergunb 0:8918a71cdbe9 725 {
Sergunb 0:8918a71cdbe9 726 TLS_HASH_ALGO_NONE = 0,
Sergunb 0:8918a71cdbe9 727 TLS_HASH_ALGO_MD5 = 1,
Sergunb 0:8918a71cdbe9 728 TLS_HASH_ALGO_SHA1 = 2,
Sergunb 0:8918a71cdbe9 729 TLS_HASH_ALGO_SHA224 = 3,
Sergunb 0:8918a71cdbe9 730 TLS_HASH_ALGO_SHA256 = 4,
Sergunb 0:8918a71cdbe9 731 TLS_HASH_ALGO_SHA384 = 5,
Sergunb 0:8918a71cdbe9 732 TLS_HASH_ALGO_SHA512 = 6
Sergunb 0:8918a71cdbe9 733 } TlsHashAlgo;
Sergunb 0:8918a71cdbe9 734
Sergunb 0:8918a71cdbe9 735
Sergunb 0:8918a71cdbe9 736 /**
Sergunb 0:8918a71cdbe9 737 * @brief Signature algorithms
Sergunb 0:8918a71cdbe9 738 **/
Sergunb 0:8918a71cdbe9 739
Sergunb 0:8918a71cdbe9 740 typedef enum
Sergunb 0:8918a71cdbe9 741 {
Sergunb 0:8918a71cdbe9 742 TLS_SIGN_ALGO_ANONYMOUS = 0,
Sergunb 0:8918a71cdbe9 743 TLS_SIGN_ALGO_RSA = 1,
Sergunb 0:8918a71cdbe9 744 TLS_SIGN_ALGO_DSA = 2,
Sergunb 0:8918a71cdbe9 745 TLS_SIGN_ALGO_ECDSA = 3
Sergunb 0:8918a71cdbe9 746 } TlsSignatureAlgo;
Sergunb 0:8918a71cdbe9 747
Sergunb 0:8918a71cdbe9 748
Sergunb 0:8918a71cdbe9 749 /**
Sergunb 0:8918a71cdbe9 750 * @brief TLS extension types
Sergunb 0:8918a71cdbe9 751 **/
Sergunb 0:8918a71cdbe9 752
Sergunb 0:8918a71cdbe9 753 typedef enum
Sergunb 0:8918a71cdbe9 754 {
Sergunb 0:8918a71cdbe9 755 TLS_EXT_SERVER_NAME = 0,
Sergunb 0:8918a71cdbe9 756 TLS_EXT_MAX_FRAGMENT_LENGTH = 1,
Sergunb 0:8918a71cdbe9 757 TLS_EXT_CLIENT_CERTIFICATE_URL = 2,
Sergunb 0:8918a71cdbe9 758 TLS_EXT_TRUSTED_CA_KEYS = 3,
Sergunb 0:8918a71cdbe9 759 TLS_EXT_TRUNCATED_HMAC = 4,
Sergunb 0:8918a71cdbe9 760 TLS_EXT_STATUS_REQUEST = 5,
Sergunb 0:8918a71cdbe9 761 TLS_EXT_USER_MAPPING = 6,
Sergunb 0:8918a71cdbe9 762 TLS_EXT_CLIENT_AUTHZ = 7,
Sergunb 0:8918a71cdbe9 763 TLS_EXT_SERVER_AUTHZ = 8,
Sergunb 0:8918a71cdbe9 764 TLS_EXT_CERT_TYPE = 9,
Sergunb 0:8918a71cdbe9 765 TLS_EXT_ELLIPTIC_CURVES = 10,
Sergunb 0:8918a71cdbe9 766 TLS_EXT_EC_POINT_FORMATS = 11,
Sergunb 0:8918a71cdbe9 767 TLS_EXT_SRP = 12,
Sergunb 0:8918a71cdbe9 768 TLS_EXT_SIGNATURE_ALGORITHMS = 13,
Sergunb 0:8918a71cdbe9 769 TLS_EXT_USE_SRTP = 14,
Sergunb 0:8918a71cdbe9 770 TLS_EXT_HEARTBEAT = 15,
Sergunb 0:8918a71cdbe9 771 TLS_EXT_ALPN = 16,
Sergunb 0:8918a71cdbe9 772 TLS_EXT_SESSION_TICKET = 35,
Sergunb 0:8918a71cdbe9 773 TLS_EXT_RENEGOTIATION_INFO = 65281
Sergunb 0:8918a71cdbe9 774 } TlsExtensionType;
Sergunb 0:8918a71cdbe9 775
Sergunb 0:8918a71cdbe9 776
Sergunb 0:8918a71cdbe9 777 /**
Sergunb 0:8918a71cdbe9 778 * @brief Name type
Sergunb 0:8918a71cdbe9 779 **/
Sergunb 0:8918a71cdbe9 780
Sergunb 0:8918a71cdbe9 781 typedef enum
Sergunb 0:8918a71cdbe9 782 {
Sergunb 0:8918a71cdbe9 783 TLS_NAME_TYPE_HOSTNAME = 0
Sergunb 0:8918a71cdbe9 784 } TlsNameType;
Sergunb 0:8918a71cdbe9 785
Sergunb 0:8918a71cdbe9 786
Sergunb 0:8918a71cdbe9 787 /**
Sergunb 0:8918a71cdbe9 788 * @brief EC named curves
Sergunb 0:8918a71cdbe9 789 **/
Sergunb 0:8918a71cdbe9 790
Sergunb 0:8918a71cdbe9 791 typedef enum
Sergunb 0:8918a71cdbe9 792 {
Sergunb 0:8918a71cdbe9 793 TLS_EC_CURVE_NONE = 0,
Sergunb 0:8918a71cdbe9 794 TLS_EC_CURVE_SECT163K1 = 1, //RFC 4492
Sergunb 0:8918a71cdbe9 795 TLS_EC_CURVE_SECT163R1 = 2, //RFC 4492
Sergunb 0:8918a71cdbe9 796 TLS_EC_CURVE_SECT163R2 = 3, //RFC 4492
Sergunb 0:8918a71cdbe9 797 TLS_EC_CURVE_SECT193R1 = 4, //RFC 4492
Sergunb 0:8918a71cdbe9 798 TLS_EC_CURVE_SECT193R2 = 5, //RFC 4492
Sergunb 0:8918a71cdbe9 799 TLS_EC_CURVE_SECT233K1 = 6, //RFC 4492
Sergunb 0:8918a71cdbe9 800 TLS_EC_CURVE_SECT233R1 = 7, //RFC 4492
Sergunb 0:8918a71cdbe9 801 TLS_EC_CURVE_SECT239K1 = 8, //RFC 4492
Sergunb 0:8918a71cdbe9 802 TLS_EC_CURVE_SECT283K1 = 9, //RFC 4492
Sergunb 0:8918a71cdbe9 803 TLS_EC_CURVE_SECT283R1 = 10, //RFC 4492
Sergunb 0:8918a71cdbe9 804 TLS_EC_CURVE_SECT409K1 = 11, //RFC 4492
Sergunb 0:8918a71cdbe9 805 TLS_EC_CURVE_SECT409R1 = 12, //RFC 4492
Sergunb 0:8918a71cdbe9 806 TLS_EC_CURVE_SECT571K1 = 13, //RFC 4492
Sergunb 0:8918a71cdbe9 807 TLS_EC_CURVE_SECT571R1 = 14, //RFC 4492
Sergunb 0:8918a71cdbe9 808 TLS_EC_CURVE_SECP160K1 = 15, //RFC 4492
Sergunb 0:8918a71cdbe9 809 TLS_EC_CURVE_SECP160R1 = 16, //RFC 4492
Sergunb 0:8918a71cdbe9 810 TLS_EC_CURVE_SECP160R2 = 17, //RFC 4492
Sergunb 0:8918a71cdbe9 811 TLS_EC_CURVE_SECP192K1 = 18, //RFC 4492
Sergunb 0:8918a71cdbe9 812 TLS_EC_CURVE_SECP192R1 = 19, //RFC 4492
Sergunb 0:8918a71cdbe9 813 TLS_EC_CURVE_SECP224K1 = 20, //RFC 4492
Sergunb 0:8918a71cdbe9 814 TLS_EC_CURVE_SECP224R1 = 21, //RFC 4492
Sergunb 0:8918a71cdbe9 815 TLS_EC_CURVE_SECP256K1 = 22, //RFC 4492
Sergunb 0:8918a71cdbe9 816 TLS_EC_CURVE_SECP256R1 = 23, //RFC 4492
Sergunb 0:8918a71cdbe9 817 TLS_EC_CURVE_SECP384R1 = 24, //RFC 4492
Sergunb 0:8918a71cdbe9 818 TLS_EC_CURVE_SECP521R1 = 25, //RFC 4492
Sergunb 0:8918a71cdbe9 819 TLS_EC_CURVE_BRAINPOOLP256R1 = 26, //RFC 7027
Sergunb 0:8918a71cdbe9 820 TLS_EC_CURVE_BRAINPOOLP384R1 = 27, //RFC 7027
Sergunb 0:8918a71cdbe9 821 TLS_EC_CURVE_BRAINPOOLP512R1 = 28, //RFC 7027
Sergunb 0:8918a71cdbe9 822 TLS_EC_CURVE_ECDH_X25519 = 29, //RFC draft
Sergunb 0:8918a71cdbe9 823 TLS_EC_CURVE_ECDH_X448 = 30, //RFC draft
Sergunb 0:8918a71cdbe9 824 TLS_EC_CURVE_FFDHE2048 = 256, //RFC 7919
Sergunb 0:8918a71cdbe9 825 TLS_EC_CURVE_FFDHE3072 = 257, //RFC 7919
Sergunb 0:8918a71cdbe9 826 TLS_EC_CURVE_FFDHE4096 = 258, //RFC 7919
Sergunb 0:8918a71cdbe9 827 TLS_EC_CURVE_FFDHE6144 = 259, //RFC 7919
Sergunb 0:8918a71cdbe9 828 TLS_EC_CURVE_FFDHE8192 = 260, //RFC 7919
Sergunb 0:8918a71cdbe9 829 TLS_EC_CURVE_ARBITRARY_EXPLICIT_PRIME = 65281, //RFC 4492
Sergunb 0:8918a71cdbe9 830 TLS_EC_CURVE_ARBITRARY_EXPLICIT_CHAR2 = 65282 //RFC 4492
Sergunb 0:8918a71cdbe9 831 } TlsEcNamedCurve;
Sergunb 0:8918a71cdbe9 832
Sergunb 0:8918a71cdbe9 833
Sergunb 0:8918a71cdbe9 834 /**
Sergunb 0:8918a71cdbe9 835 * @brief EC point formats
Sergunb 0:8918a71cdbe9 836 **/
Sergunb 0:8918a71cdbe9 837
Sergunb 0:8918a71cdbe9 838 typedef enum
Sergunb 0:8918a71cdbe9 839 {
Sergunb 0:8918a71cdbe9 840 TLS_EC_POINT_FORMAT_UNCOMPRESSED = 0,
Sergunb 0:8918a71cdbe9 841 TLS_EC_POINT_FORMAT_ANSIX962_COMPRESSED_PRIME = 1,
Sergunb 0:8918a71cdbe9 842 TLS_EC_POINT_FORMAT_ANSIX962_COMPRESSED_CHAR2 = 2
Sergunb 0:8918a71cdbe9 843 } TlsEcPointFormat;
Sergunb 0:8918a71cdbe9 844
Sergunb 0:8918a71cdbe9 845
Sergunb 0:8918a71cdbe9 846 /**
Sergunb 0:8918a71cdbe9 847 * @brief EC curve types
Sergunb 0:8918a71cdbe9 848 **/
Sergunb 0:8918a71cdbe9 849
Sergunb 0:8918a71cdbe9 850 typedef enum
Sergunb 0:8918a71cdbe9 851 {
Sergunb 0:8918a71cdbe9 852 TLS_EC_CURVE_TYPE_EXPLICIT_PRIME = 1,
Sergunb 0:8918a71cdbe9 853 TLS_EC_CURVE_TYPE_EXPLICIT_CHAR2 = 2,
Sergunb 0:8918a71cdbe9 854 TLS_EC_CURVE_TYPE_NAMED_CURVE = 3
Sergunb 0:8918a71cdbe9 855 } TlsEcCurveType;
Sergunb 0:8918a71cdbe9 856
Sergunb 0:8918a71cdbe9 857
Sergunb 0:8918a71cdbe9 858 /**
Sergunb 0:8918a71cdbe9 859 * @brief TLS FSM states
Sergunb 0:8918a71cdbe9 860 **/
Sergunb 0:8918a71cdbe9 861
Sergunb 0:8918a71cdbe9 862 typedef enum
Sergunb 0:8918a71cdbe9 863 {
Sergunb 0:8918a71cdbe9 864 TLS_STATE_INIT = 0,
Sergunb 0:8918a71cdbe9 865 TLS_STATE_CLIENT_HELLO = 1,
Sergunb 0:8918a71cdbe9 866 TLS_STATE_SERVER_HELLO = 2,
Sergunb 0:8918a71cdbe9 867 TLS_STATE_SERVER_CERTIFICATE = 3,
Sergunb 0:8918a71cdbe9 868 TLS_STATE_SERVER_KEY_EXCHANGE = 4,
Sergunb 0:8918a71cdbe9 869 TLS_STATE_CERTIFICATE_REQUEST = 5,
Sergunb 0:8918a71cdbe9 870 TLS_STATE_SERVER_HELLO_DONE = 6,
Sergunb 0:8918a71cdbe9 871 TLS_STATE_CLIENT_CERTIFICATE = 7,
Sergunb 0:8918a71cdbe9 872 TLS_STATE_CLIENT_KEY_EXCHANGE = 8,
Sergunb 0:8918a71cdbe9 873 TLS_STATE_CERTIFICATE_VERIFY = 9,
Sergunb 0:8918a71cdbe9 874 TLS_STATE_CLIENT_CHANGE_CIPHER_SPEC = 10,
Sergunb 0:8918a71cdbe9 875 TLS_STATE_CLIENT_FINISHED = 11,
Sergunb 0:8918a71cdbe9 876 TLS_STATE_SERVER_CHANGE_CIPHER_SPEC = 12,
Sergunb 0:8918a71cdbe9 877 TLS_STATE_SERVER_FINISHED = 13,
Sergunb 0:8918a71cdbe9 878 TLS_STATE_APPLICATION_DATA = 14,
Sergunb 0:8918a71cdbe9 879 TLS_STATE_CLOSING = 15,
Sergunb 0:8918a71cdbe9 880 TLS_STATE_CLOSED = 16
Sergunb 0:8918a71cdbe9 881 } TlsState;
Sergunb 0:8918a71cdbe9 882
Sergunb 0:8918a71cdbe9 883
Sergunb 0:8918a71cdbe9 884 //CodeWarrior or Win32 compiler?
Sergunb 0:8918a71cdbe9 885 #if defined(__CWCC__) || defined(_WIN32)
Sergunb 0:8918a71cdbe9 886 #pragma pack(push, 1)
Sergunb 0:8918a71cdbe9 887 #endif
Sergunb 0:8918a71cdbe9 888
Sergunb 0:8918a71cdbe9 889
Sergunb 0:8918a71cdbe9 890 /**
Sergunb 0:8918a71cdbe9 891 * @brief Random structure
Sergunb 0:8918a71cdbe9 892 **/
Sergunb 0:8918a71cdbe9 893
Sergunb 0:8918a71cdbe9 894 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 895 {
Sergunb 0:8918a71cdbe9 896 uint32_t gmtUnixTime; //0-3
Sergunb 0:8918a71cdbe9 897 uint8_t randomBytes[28]; //4-31
Sergunb 0:8918a71cdbe9 898 } __end_packed TlsRandom;
Sergunb 0:8918a71cdbe9 899
Sergunb 0:8918a71cdbe9 900
Sergunb 0:8918a71cdbe9 901 /**
Sergunb 0:8918a71cdbe9 902 * @brief Cipher suite
Sergunb 0:8918a71cdbe9 903 **/
Sergunb 0:8918a71cdbe9 904
Sergunb 0:8918a71cdbe9 905 typedef uint16_t TlsCipherSuite;
Sergunb 0:8918a71cdbe9 906
Sergunb 0:8918a71cdbe9 907
Sergunb 0:8918a71cdbe9 908 /**
Sergunb 0:8918a71cdbe9 909 * @brief Cipher suites
Sergunb 0:8918a71cdbe9 910 **/
Sergunb 0:8918a71cdbe9 911
Sergunb 0:8918a71cdbe9 912 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 913 {
Sergunb 0:8918a71cdbe9 914 uint16_t length; //0-1
Sergunb 0:8918a71cdbe9 915 uint16_t value[]; //2
Sergunb 0:8918a71cdbe9 916 } __end_packed TlsCipherSuites;
Sergunb 0:8918a71cdbe9 917
Sergunb 0:8918a71cdbe9 918
Sergunb 0:8918a71cdbe9 919 /**
Sergunb 0:8918a71cdbe9 920 * @brief Compression method
Sergunb 0:8918a71cdbe9 921 **/
Sergunb 0:8918a71cdbe9 922
Sergunb 0:8918a71cdbe9 923 typedef uint8_t TlsCompressionMethod;
Sergunb 0:8918a71cdbe9 924
Sergunb 0:8918a71cdbe9 925
Sergunb 0:8918a71cdbe9 926 /**
Sergunb 0:8918a71cdbe9 927 * @brief Compression methods
Sergunb 0:8918a71cdbe9 928 **/
Sergunb 0:8918a71cdbe9 929
Sergunb 0:8918a71cdbe9 930 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 931 {
Sergunb 0:8918a71cdbe9 932 uint8_t length; //0
Sergunb 0:8918a71cdbe9 933 uint8_t value[]; //1
Sergunb 0:8918a71cdbe9 934 } __end_packed TlsCompressionMethods;
Sergunb 0:8918a71cdbe9 935
Sergunb 0:8918a71cdbe9 936
Sergunb 0:8918a71cdbe9 937 /**
Sergunb 0:8918a71cdbe9 938 * @brief Signature algorithm
Sergunb 0:8918a71cdbe9 939 **/
Sergunb 0:8918a71cdbe9 940
Sergunb 0:8918a71cdbe9 941 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 942 {
Sergunb 0:8918a71cdbe9 943 uint8_t hash; //0
Sergunb 0:8918a71cdbe9 944 uint8_t signature; //1
Sergunb 0:8918a71cdbe9 945 } __end_packed TlsSignHashAlgo;
Sergunb 0:8918a71cdbe9 946
Sergunb 0:8918a71cdbe9 947
Sergunb 0:8918a71cdbe9 948 /**
Sergunb 0:8918a71cdbe9 949 * @brief List of signature algorithms
Sergunb 0:8918a71cdbe9 950 **/
Sergunb 0:8918a71cdbe9 951
Sergunb 0:8918a71cdbe9 952 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 953 {
Sergunb 0:8918a71cdbe9 954 uint16_t length; //0-1
Sergunb 0:8918a71cdbe9 955 TlsSignHashAlgo value[]; //2
Sergunb 0:8918a71cdbe9 956 } __end_packed TlsSignHashAlgos;
Sergunb 0:8918a71cdbe9 957
Sergunb 0:8918a71cdbe9 958
Sergunb 0:8918a71cdbe9 959 /**
Sergunb 0:8918a71cdbe9 960 * @brief List of certificate authorities
Sergunb 0:8918a71cdbe9 961 **/
Sergunb 0:8918a71cdbe9 962
Sergunb 0:8918a71cdbe9 963 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 964 {
Sergunb 0:8918a71cdbe9 965 uint16_t length; //0-1
Sergunb 0:8918a71cdbe9 966 uint8_t value[]; //2
Sergunb 0:8918a71cdbe9 967 } __end_packed TlsCertAuthorities;
Sergunb 0:8918a71cdbe9 968
Sergunb 0:8918a71cdbe9 969
Sergunb 0:8918a71cdbe9 970 /**
Sergunb 0:8918a71cdbe9 971 * @brief TLS extension
Sergunb 0:8918a71cdbe9 972 **/
Sergunb 0:8918a71cdbe9 973
Sergunb 0:8918a71cdbe9 974 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 975 {
Sergunb 0:8918a71cdbe9 976 uint16_t type; //0-1
Sergunb 0:8918a71cdbe9 977 uint16_t length; //2-3
Sergunb 0:8918a71cdbe9 978 uint8_t value[]; //4
Sergunb 0:8918a71cdbe9 979 } __end_packed TlsExtension;
Sergunb 0:8918a71cdbe9 980
Sergunb 0:8918a71cdbe9 981
Sergunb 0:8918a71cdbe9 982 /**
Sergunb 0:8918a71cdbe9 983 * @brief List of TLS extensions
Sergunb 0:8918a71cdbe9 984 **/
Sergunb 0:8918a71cdbe9 985
Sergunb 0:8918a71cdbe9 986 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 987 {
Sergunb 0:8918a71cdbe9 988 uint16_t length; //0-1
Sergunb 0:8918a71cdbe9 989 uint8_t value[]; //2
Sergunb 0:8918a71cdbe9 990 } __end_packed TlsExtensions;
Sergunb 0:8918a71cdbe9 991
Sergunb 0:8918a71cdbe9 992
Sergunb 0:8918a71cdbe9 993 /**
Sergunb 0:8918a71cdbe9 994 * @brief Server name
Sergunb 0:8918a71cdbe9 995 **/
Sergunb 0:8918a71cdbe9 996
Sergunb 0:8918a71cdbe9 997 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 998 {
Sergunb 0:8918a71cdbe9 999 uint8_t type; //0
Sergunb 0:8918a71cdbe9 1000 uint16_t length; //1-2
Sergunb 0:8918a71cdbe9 1001 char_t hostname[]; //2
Sergunb 0:8918a71cdbe9 1002 } __end_packed TlsServerName;
Sergunb 0:8918a71cdbe9 1003
Sergunb 0:8918a71cdbe9 1004
Sergunb 0:8918a71cdbe9 1005 /**
Sergunb 0:8918a71cdbe9 1006 * @brief List of server names
Sergunb 0:8918a71cdbe9 1007 **/
Sergunb 0:8918a71cdbe9 1008
Sergunb 0:8918a71cdbe9 1009 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1010 {
Sergunb 0:8918a71cdbe9 1011 uint16_t length; //0-1
Sergunb 0:8918a71cdbe9 1012 uint8_t value[]; //2
Sergunb 0:8918a71cdbe9 1013 } __end_packed TlsServerNameList;
Sergunb 0:8918a71cdbe9 1014
Sergunb 0:8918a71cdbe9 1015
Sergunb 0:8918a71cdbe9 1016 /**
Sergunb 0:8918a71cdbe9 1017 * @brief Protocol name
Sergunb 0:8918a71cdbe9 1018 **/
Sergunb 0:8918a71cdbe9 1019
Sergunb 0:8918a71cdbe9 1020 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1021 {
Sergunb 0:8918a71cdbe9 1022 uint8_t length; //0
Sergunb 0:8918a71cdbe9 1023 char_t value[]; //1
Sergunb 0:8918a71cdbe9 1024 } __end_packed TlsProtocolName;
Sergunb 0:8918a71cdbe9 1025
Sergunb 0:8918a71cdbe9 1026
Sergunb 0:8918a71cdbe9 1027 /**
Sergunb 0:8918a71cdbe9 1028 * @brief List of protocol names
Sergunb 0:8918a71cdbe9 1029 **/
Sergunb 0:8918a71cdbe9 1030
Sergunb 0:8918a71cdbe9 1031 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1032 {
Sergunb 0:8918a71cdbe9 1033 uint16_t length; //0-1
Sergunb 0:8918a71cdbe9 1034 uint8_t value[]; //2
Sergunb 0:8918a71cdbe9 1035 } __end_packed TlsProtocolNameList;
Sergunb 0:8918a71cdbe9 1036
Sergunb 0:8918a71cdbe9 1037
Sergunb 0:8918a71cdbe9 1038 /**
Sergunb 0:8918a71cdbe9 1039 * @brief List of supported elliptic curves
Sergunb 0:8918a71cdbe9 1040 **/
Sergunb 0:8918a71cdbe9 1041
Sergunb 0:8918a71cdbe9 1042 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1043 {
Sergunb 0:8918a71cdbe9 1044 uint16_t length; //0-1
Sergunb 0:8918a71cdbe9 1045 uint16_t value[]; //2
Sergunb 0:8918a71cdbe9 1046 } __end_packed TlsEllipticCurveList;
Sergunb 0:8918a71cdbe9 1047
Sergunb 0:8918a71cdbe9 1048
Sergunb 0:8918a71cdbe9 1049 /**
Sergunb 0:8918a71cdbe9 1050 * @brief List of supported EC point formats
Sergunb 0:8918a71cdbe9 1051 **/
Sergunb 0:8918a71cdbe9 1052
Sergunb 0:8918a71cdbe9 1053 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1054 {
Sergunb 0:8918a71cdbe9 1055 uint8_t length; //0
Sergunb 0:8918a71cdbe9 1056 uint8_t value[]; //1
Sergunb 0:8918a71cdbe9 1057 } __end_packed TlsEcPointFormatList;
Sergunb 0:8918a71cdbe9 1058
Sergunb 0:8918a71cdbe9 1059
Sergunb 0:8918a71cdbe9 1060 /**
Sergunb 0:8918a71cdbe9 1061 * @brief PSK identity
Sergunb 0:8918a71cdbe9 1062 **/
Sergunb 0:8918a71cdbe9 1063
Sergunb 0:8918a71cdbe9 1064 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1065 {
Sergunb 0:8918a71cdbe9 1066 uint16_t length; //0-1
Sergunb 0:8918a71cdbe9 1067 uint8_t value[]; //2
Sergunb 0:8918a71cdbe9 1068 } __end_packed TlsPskIdentity;
Sergunb 0:8918a71cdbe9 1069
Sergunb 0:8918a71cdbe9 1070
Sergunb 0:8918a71cdbe9 1071 /**
Sergunb 0:8918a71cdbe9 1072 * @brief PSK identity hint
Sergunb 0:8918a71cdbe9 1073 **/
Sergunb 0:8918a71cdbe9 1074
Sergunb 0:8918a71cdbe9 1075 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1076 {
Sergunb 0:8918a71cdbe9 1077 uint16_t length; //0-1
Sergunb 0:8918a71cdbe9 1078 uint8_t value[]; //2
Sergunb 0:8918a71cdbe9 1079 } __end_packed TlsPskIdentityHint;
Sergunb 0:8918a71cdbe9 1080
Sergunb 0:8918a71cdbe9 1081
Sergunb 0:8918a71cdbe9 1082 /**
Sergunb 0:8918a71cdbe9 1083 * @brief Digitally-signed element (SSL 3.0, TLS 1.0 and TLS 1.1)
Sergunb 0:8918a71cdbe9 1084 **/
Sergunb 0:8918a71cdbe9 1085
Sergunb 0:8918a71cdbe9 1086 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1087 {
Sergunb 0:8918a71cdbe9 1088 uint16_t length; //0-1
Sergunb 0:8918a71cdbe9 1089 uint8_t value[]; //2
Sergunb 0:8918a71cdbe9 1090 } __end_packed TlsDigitalSignature;
Sergunb 0:8918a71cdbe9 1091
Sergunb 0:8918a71cdbe9 1092
Sergunb 0:8918a71cdbe9 1093 /**
Sergunb 0:8918a71cdbe9 1094 * @brief Digitally-signed element (TLS 1.2)
Sergunb 0:8918a71cdbe9 1095 **/
Sergunb 0:8918a71cdbe9 1096
Sergunb 0:8918a71cdbe9 1097 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1098 {
Sergunb 0:8918a71cdbe9 1099 TlsSignHashAlgo algorithm; //0-1
Sergunb 0:8918a71cdbe9 1100 uint16_t length; //2-3
Sergunb 0:8918a71cdbe9 1101 uint8_t value[]; //4
Sergunb 0:8918a71cdbe9 1102 } __end_packed TlsDigitalSignature2;
Sergunb 0:8918a71cdbe9 1103
Sergunb 0:8918a71cdbe9 1104
Sergunb 0:8918a71cdbe9 1105 /**
Sergunb 0:8918a71cdbe9 1106 * @brief General format of TLS records
Sergunb 0:8918a71cdbe9 1107 **/
Sergunb 0:8918a71cdbe9 1108
Sergunb 0:8918a71cdbe9 1109 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1110 {
Sergunb 0:8918a71cdbe9 1111 uint8_t type; //0
Sergunb 0:8918a71cdbe9 1112 uint16_t version; //1-2
Sergunb 0:8918a71cdbe9 1113 uint16_t length; //3-4
Sergunb 0:8918a71cdbe9 1114 uint8_t data[]; //5
Sergunb 0:8918a71cdbe9 1115 } __end_packed TlsRecord;
Sergunb 0:8918a71cdbe9 1116
Sergunb 0:8918a71cdbe9 1117
Sergunb 0:8918a71cdbe9 1118 /**
Sergunb 0:8918a71cdbe9 1119 * @brief Handshake message
Sergunb 0:8918a71cdbe9 1120 **/
Sergunb 0:8918a71cdbe9 1121
Sergunb 0:8918a71cdbe9 1122 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1123 {
Sergunb 0:8918a71cdbe9 1124 uint8_t msgType; //0
Sergunb 0:8918a71cdbe9 1125 uint8_t length[3]; //1-3
Sergunb 0:8918a71cdbe9 1126 uint8_t data[]; //4
Sergunb 0:8918a71cdbe9 1127 } __end_packed TlsHandshake;
Sergunb 0:8918a71cdbe9 1128
Sergunb 0:8918a71cdbe9 1129
Sergunb 0:8918a71cdbe9 1130 /**
Sergunb 0:8918a71cdbe9 1131 * @brief ClientHello message
Sergunb 0:8918a71cdbe9 1132 **/
Sergunb 0:8918a71cdbe9 1133
Sergunb 0:8918a71cdbe9 1134 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1135 {
Sergunb 0:8918a71cdbe9 1136 uint8_t msgType; //0
Sergunb 0:8918a71cdbe9 1137 uint8_t length[3]; //1-3
Sergunb 0:8918a71cdbe9 1138 uint16_t clientVersion; //4-5
Sergunb 0:8918a71cdbe9 1139 TlsRandom random; //6-37
Sergunb 0:8918a71cdbe9 1140 uint8_t sessionIdLength; //38
Sergunb 0:8918a71cdbe9 1141 uint8_t sessionId[]; //39
Sergunb 0:8918a71cdbe9 1142 } __end_packed TlsClientHello;
Sergunb 0:8918a71cdbe9 1143
Sergunb 0:8918a71cdbe9 1144
Sergunb 0:8918a71cdbe9 1145 /**
Sergunb 0:8918a71cdbe9 1146 * @brief ServerHello message
Sergunb 0:8918a71cdbe9 1147 **/
Sergunb 0:8918a71cdbe9 1148
Sergunb 0:8918a71cdbe9 1149 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1150 {
Sergunb 0:8918a71cdbe9 1151 uint8_t msgType; //0
Sergunb 0:8918a71cdbe9 1152 uint8_t length[3]; //1-3
Sergunb 0:8918a71cdbe9 1153 uint16_t serverVersion; //4-5
Sergunb 0:8918a71cdbe9 1154 TlsRandom random; //6-37
Sergunb 0:8918a71cdbe9 1155 uint8_t sessionIdLength; //38
Sergunb 0:8918a71cdbe9 1156 uint8_t sessionId[]; //39
Sergunb 0:8918a71cdbe9 1157 } __end_packed TlsServerHello;
Sergunb 0:8918a71cdbe9 1158
Sergunb 0:8918a71cdbe9 1159
Sergunb 0:8918a71cdbe9 1160 /**
Sergunb 0:8918a71cdbe9 1161 * @brief Certificate message
Sergunb 0:8918a71cdbe9 1162 **/
Sergunb 0:8918a71cdbe9 1163
Sergunb 0:8918a71cdbe9 1164 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1165 {
Sergunb 0:8918a71cdbe9 1166 uint8_t msgType; //0
Sergunb 0:8918a71cdbe9 1167 uint8_t length[3]; //1-3
Sergunb 0:8918a71cdbe9 1168 uint8_t certificateListLength[3]; //4-6
Sergunb 0:8918a71cdbe9 1169 uint8_t certificateList[]; //7
Sergunb 0:8918a71cdbe9 1170 } __end_packed TlsCertificate;
Sergunb 0:8918a71cdbe9 1171
Sergunb 0:8918a71cdbe9 1172
Sergunb 0:8918a71cdbe9 1173 /**
Sergunb 0:8918a71cdbe9 1174 * @brief ServerKeyExchange message
Sergunb 0:8918a71cdbe9 1175 **/
Sergunb 0:8918a71cdbe9 1176
Sergunb 0:8918a71cdbe9 1177 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1178 {
Sergunb 0:8918a71cdbe9 1179 uint8_t msgType; //0
Sergunb 0:8918a71cdbe9 1180 uint8_t length[3]; //1-3
Sergunb 0:8918a71cdbe9 1181 uint8_t data[]; //4
Sergunb 0:8918a71cdbe9 1182 } __end_packed TlsServerKeyExchange;
Sergunb 0:8918a71cdbe9 1183
Sergunb 0:8918a71cdbe9 1184
Sergunb 0:8918a71cdbe9 1185 /**
Sergunb 0:8918a71cdbe9 1186 * @brief CertificateRequest message
Sergunb 0:8918a71cdbe9 1187 **/
Sergunb 0:8918a71cdbe9 1188
Sergunb 0:8918a71cdbe9 1189 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1190 {
Sergunb 0:8918a71cdbe9 1191 uint8_t msgType; //0
Sergunb 0:8918a71cdbe9 1192 uint8_t length[3]; //1-3
Sergunb 0:8918a71cdbe9 1193 uint8_t certificateTypesLength; //4
Sergunb 0:8918a71cdbe9 1194 uint8_t certificateTypes[]; //5
Sergunb 0:8918a71cdbe9 1195 } __end_packed TlsCertificateRequest;
Sergunb 0:8918a71cdbe9 1196
Sergunb 0:8918a71cdbe9 1197
Sergunb 0:8918a71cdbe9 1198 /**
Sergunb 0:8918a71cdbe9 1199 * @brief ServerHelloDone message
Sergunb 0:8918a71cdbe9 1200 **/
Sergunb 0:8918a71cdbe9 1201
Sergunb 0:8918a71cdbe9 1202 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1203 {
Sergunb 0:8918a71cdbe9 1204 uint8_t msgType; //0
Sergunb 0:8918a71cdbe9 1205 uint8_t length[3]; //1-3
Sergunb 0:8918a71cdbe9 1206 } __end_packed TlsServerHelloDone;
Sergunb 0:8918a71cdbe9 1207
Sergunb 0:8918a71cdbe9 1208
Sergunb 0:8918a71cdbe9 1209 /**
Sergunb 0:8918a71cdbe9 1210 * @brief ClientKeyExchange message
Sergunb 0:8918a71cdbe9 1211 **/
Sergunb 0:8918a71cdbe9 1212
Sergunb 0:8918a71cdbe9 1213 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1214 {
Sergunb 0:8918a71cdbe9 1215 uint8_t msgType; //0
Sergunb 0:8918a71cdbe9 1216 uint8_t length[3]; //1-3
Sergunb 0:8918a71cdbe9 1217 uint8_t data[]; //4
Sergunb 0:8918a71cdbe9 1218 } __end_packed TlsClientKeyExchange;
Sergunb 0:8918a71cdbe9 1219
Sergunb 0:8918a71cdbe9 1220
Sergunb 0:8918a71cdbe9 1221 /**
Sergunb 0:8918a71cdbe9 1222 * @brief CertificateVerify message
Sergunb 0:8918a71cdbe9 1223 **/
Sergunb 0:8918a71cdbe9 1224
Sergunb 0:8918a71cdbe9 1225 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1226 {
Sergunb 0:8918a71cdbe9 1227 uint8_t msgType; //0
Sergunb 0:8918a71cdbe9 1228 uint8_t length[3]; //1-3
Sergunb 0:8918a71cdbe9 1229 uint8_t signature[]; //4
Sergunb 0:8918a71cdbe9 1230 } __end_packed TlsCertificateVerify;
Sergunb 0:8918a71cdbe9 1231
Sergunb 0:8918a71cdbe9 1232
Sergunb 0:8918a71cdbe9 1233 /**
Sergunb 0:8918a71cdbe9 1234 * @brief Finished message
Sergunb 0:8918a71cdbe9 1235 **/
Sergunb 0:8918a71cdbe9 1236
Sergunb 0:8918a71cdbe9 1237 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1238 {
Sergunb 0:8918a71cdbe9 1239 uint8_t msgType; //0
Sergunb 0:8918a71cdbe9 1240 uint8_t length[3]; //1-3
Sergunb 0:8918a71cdbe9 1241 uint8_t verifyData[]; //4
Sergunb 0:8918a71cdbe9 1242 } __end_packed TlsFinished;
Sergunb 0:8918a71cdbe9 1243
Sergunb 0:8918a71cdbe9 1244
Sergunb 0:8918a71cdbe9 1245 /**
Sergunb 0:8918a71cdbe9 1246 * @brief ChangeCipherSpec message
Sergunb 0:8918a71cdbe9 1247 **/
Sergunb 0:8918a71cdbe9 1248
Sergunb 0:8918a71cdbe9 1249 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1250 {
Sergunb 0:8918a71cdbe9 1251 uint8_t type; //0
Sergunb 0:8918a71cdbe9 1252 } __end_packed TlsChangeCipherSpec;
Sergunb 0:8918a71cdbe9 1253
Sergunb 0:8918a71cdbe9 1254
Sergunb 0:8918a71cdbe9 1255 /**
Sergunb 0:8918a71cdbe9 1256 * @brief Alert message
Sergunb 0:8918a71cdbe9 1257 **/
Sergunb 0:8918a71cdbe9 1258
Sergunb 0:8918a71cdbe9 1259 typedef __start_packed struct
Sergunb 0:8918a71cdbe9 1260 {
Sergunb 0:8918a71cdbe9 1261 uint8_t level; //0
Sergunb 0:8918a71cdbe9 1262 uint8_t description; //1
Sergunb 0:8918a71cdbe9 1263 } __end_packed TlsAlert;
Sergunb 0:8918a71cdbe9 1264
Sergunb 0:8918a71cdbe9 1265
Sergunb 0:8918a71cdbe9 1266 //CodeWarrior or Win32 compiler?
Sergunb 0:8918a71cdbe9 1267 #if defined(__CWCC__) || defined(_WIN32)
Sergunb 0:8918a71cdbe9 1268 #pragma pack(pop)
Sergunb 0:8918a71cdbe9 1269 #endif
Sergunb 0:8918a71cdbe9 1270
Sergunb 0:8918a71cdbe9 1271
Sergunb 0:8918a71cdbe9 1272 /**
Sergunb 0:8918a71cdbe9 1273 * @brief Sequence number
Sergunb 0:8918a71cdbe9 1274 **/
Sergunb 0:8918a71cdbe9 1275
Sergunb 0:8918a71cdbe9 1276 typedef uint8_t TlsSequenceNumber[8];
Sergunb 0:8918a71cdbe9 1277
Sergunb 0:8918a71cdbe9 1278
Sergunb 0:8918a71cdbe9 1279 /**
Sergunb 0:8918a71cdbe9 1280 * @brief Handle for I/O operations
Sergunb 0:8918a71cdbe9 1281 **/
Sergunb 0:8918a71cdbe9 1282
Sergunb 0:8918a71cdbe9 1283 typedef void *TlsIoHandle;
Sergunb 0:8918a71cdbe9 1284
Sergunb 0:8918a71cdbe9 1285
Sergunb 0:8918a71cdbe9 1286 /**
Sergunb 0:8918a71cdbe9 1287 * @brief Send callback function
Sergunb 0:8918a71cdbe9 1288 **/
Sergunb 0:8918a71cdbe9 1289
Sergunb 0:8918a71cdbe9 1290 typedef error_t (*TlsIoSendCallback)(TlsIoHandle handle,
Sergunb 0:8918a71cdbe9 1291 const void *data, size_t length, size_t *written, uint_t flags);
Sergunb 0:8918a71cdbe9 1292
Sergunb 0:8918a71cdbe9 1293
Sergunb 0:8918a71cdbe9 1294 /**
Sergunb 0:8918a71cdbe9 1295 * @brief Receive callback function
Sergunb 0:8918a71cdbe9 1296 **/
Sergunb 0:8918a71cdbe9 1297
Sergunb 0:8918a71cdbe9 1298 typedef error_t (*TlsIoReceiveCallback)(TlsIoHandle handle,
Sergunb 0:8918a71cdbe9 1299 void *data, size_t size, size_t *received, uint_t flags);
Sergunb 0:8918a71cdbe9 1300
Sergunb 0:8918a71cdbe9 1301
Sergunb 0:8918a71cdbe9 1302 /**
Sergunb 0:8918a71cdbe9 1303 * @brief Pre-shared key callback function
Sergunb 0:8918a71cdbe9 1304 **/
Sergunb 0:8918a71cdbe9 1305
Sergunb 0:8918a71cdbe9 1306 typedef error_t (*TlsPskCallback)(TlsContext *context,
Sergunb 0:8918a71cdbe9 1307 const char_t *pskIdentity);
Sergunb 0:8918a71cdbe9 1308
Sergunb 0:8918a71cdbe9 1309
Sergunb 0:8918a71cdbe9 1310 /**
Sergunb 0:8918a71cdbe9 1311 * @brief Structure describing a cipher suite
Sergunb 0:8918a71cdbe9 1312 **/
Sergunb 0:8918a71cdbe9 1313
Sergunb 0:8918a71cdbe9 1314 typedef struct
Sergunb 0:8918a71cdbe9 1315 {
Sergunb 0:8918a71cdbe9 1316 uint16_t identifier;
Sergunb 0:8918a71cdbe9 1317 const char_t *name;
Sergunb 0:8918a71cdbe9 1318 TlsKeyExchMethod keyExchMethod;
Sergunb 0:8918a71cdbe9 1319 const CipherAlgo *cipherAlgo;
Sergunb 0:8918a71cdbe9 1320 CipherMode cipherMode;
Sergunb 0:8918a71cdbe9 1321 const HashAlgo *hashAlgo;
Sergunb 0:8918a71cdbe9 1322 const HashAlgo *prfHashAlgo;
Sergunb 0:8918a71cdbe9 1323 uint8_t macKeyLen;
Sergunb 0:8918a71cdbe9 1324 uint8_t encKeyLen;
Sergunb 0:8918a71cdbe9 1325 uint8_t fixedIvLen;
Sergunb 0:8918a71cdbe9 1326 uint8_t recordIvLen;
Sergunb 0:8918a71cdbe9 1327 uint8_t authTagLen;
Sergunb 0:8918a71cdbe9 1328 uint8_t verifyDataLen;
Sergunb 0:8918a71cdbe9 1329 } TlsCipherSuiteInfo;
Sergunb 0:8918a71cdbe9 1330
Sergunb 0:8918a71cdbe9 1331
Sergunb 0:8918a71cdbe9 1332 /**
Sergunb 0:8918a71cdbe9 1333 * @brief TLS session
Sergunb 0:8918a71cdbe9 1334 **/
Sergunb 0:8918a71cdbe9 1335
Sergunb 0:8918a71cdbe9 1336 typedef struct
Sergunb 0:8918a71cdbe9 1337 {
Sergunb 0:8918a71cdbe9 1338 uint8_t id[32]; ///<Session identifier
Sergunb 0:8918a71cdbe9 1339 size_t idLength; ///<Length of the session identifier
Sergunb 0:8918a71cdbe9 1340 systime_t timestamp; ///<Time stamp to manage entry lifetime
Sergunb 0:8918a71cdbe9 1341 uint16_t cipherSuite; ///<Cipher suite identifier
Sergunb 0:8918a71cdbe9 1342 uint8_t compressionMethod; ///<Compression method
Sergunb 0:8918a71cdbe9 1343 uint8_t masterSecret[48]; ///<Master secret
Sergunb 0:8918a71cdbe9 1344 } TlsSession;
Sergunb 0:8918a71cdbe9 1345
Sergunb 0:8918a71cdbe9 1346
Sergunb 0:8918a71cdbe9 1347 /**
Sergunb 0:8918a71cdbe9 1348 * @brief Session cache
Sergunb 0:8918a71cdbe9 1349 **/
Sergunb 0:8918a71cdbe9 1350
Sergunb 0:8918a71cdbe9 1351 typedef struct
Sergunb 0:8918a71cdbe9 1352 {
Sergunb 0:8918a71cdbe9 1353 OsMutex mutex; ///<Mutex preventing simultaneous access to the cache
Sergunb 0:8918a71cdbe9 1354 uint_t size; ///<Maximum number of entries
Sergunb 0:8918a71cdbe9 1355 TlsSession sessions[]; ///<Cache entries
Sergunb 0:8918a71cdbe9 1356 } TlsCache;
Sergunb 0:8918a71cdbe9 1357
Sergunb 0:8918a71cdbe9 1358
Sergunb 0:8918a71cdbe9 1359 /**
Sergunb 0:8918a71cdbe9 1360 * @brief Certificate descriptor
Sergunb 0:8918a71cdbe9 1361 **/
Sergunb 0:8918a71cdbe9 1362
Sergunb 0:8918a71cdbe9 1363 typedef struct
Sergunb 0:8918a71cdbe9 1364 {
Sergunb 0:8918a71cdbe9 1365 const char_t *certChain; ///<End entity certificate chain (PEM format)
Sergunb 0:8918a71cdbe9 1366 size_t certChainLength; ///<Length of the certificate chain
Sergunb 0:8918a71cdbe9 1367 const char_t *privateKey; ///<Private key (PEM format)
Sergunb 0:8918a71cdbe9 1368 size_t privateKeyLength; ///<Length of the private key
Sergunb 0:8918a71cdbe9 1369 TlsCertificateType type; ///<End entity certificate type
Sergunb 0:8918a71cdbe9 1370 TlsSignatureAlgo signAlgo; ///<Signature algorithm used to sign the end entity certificate
Sergunb 0:8918a71cdbe9 1371 TlsHashAlgo hashAlgo; ///<Hash algorithm used to sign the end entity certificate
Sergunb 0:8918a71cdbe9 1372 TlsEcNamedCurve namedCurve; ///<Named curve used to generate the EC public key
Sergunb 0:8918a71cdbe9 1373 } TlsCertDesc;
Sergunb 0:8918a71cdbe9 1374
Sergunb 0:8918a71cdbe9 1375
Sergunb 0:8918a71cdbe9 1376 /**
Sergunb 0:8918a71cdbe9 1377 * @brief TLS context
Sergunb 0:8918a71cdbe9 1378 *
Sergunb 0:8918a71cdbe9 1379 * An opaque data structure that represents a TLS connection
Sergunb 0:8918a71cdbe9 1380 *
Sergunb 0:8918a71cdbe9 1381 **/
Sergunb 0:8918a71cdbe9 1382
Sergunb 0:8918a71cdbe9 1383 struct _TlsContext
Sergunb 0:8918a71cdbe9 1384 {
Sergunb 0:8918a71cdbe9 1385 TlsState state; ///<TLS handshake finite state machine
Sergunb 0:8918a71cdbe9 1386 TlsConnectionEnd entity; ///<Client or server operation
Sergunb 0:8918a71cdbe9 1387
Sergunb 0:8918a71cdbe9 1388 TlsIoHandle handle; ///<Handle for I/O operations
Sergunb 0:8918a71cdbe9 1389 TlsIoSendCallback sendCallback; ///<Send callback function
Sergunb 0:8918a71cdbe9 1390 TlsIoReceiveCallback receiveCallback; ///<Receive callback function
Sergunb 0:8918a71cdbe9 1391 const PrngAlgo *prngAlgo; ///<Pseudo-random number generator to be used
Sergunb 0:8918a71cdbe9 1392 void *prngContext; ///<Pseudo-random number generator context
Sergunb 0:8918a71cdbe9 1393
Sergunb 0:8918a71cdbe9 1394 const uint16_t *cipherSuites; ///<List of supported cipher suites
Sergunb 0:8918a71cdbe9 1395 uint_t numCipherSuites; ///<Number of cipher suites in the list
Sergunb 0:8918a71cdbe9 1396
Sergunb 0:8918a71cdbe9 1397 char_t *serverName; ///<Fully qualified DNS hostname of the server
Sergunb 0:8918a71cdbe9 1398
Sergunb 0:8918a71cdbe9 1399 #if (TLS_ALPN_SUPPORT == ENABLED)
Sergunb 0:8918a71cdbe9 1400 char_t *protocolList; ///<List of supported ALPN protocols
Sergunb 0:8918a71cdbe9 1401 #endif
Sergunb 0:8918a71cdbe9 1402
Sergunb 0:8918a71cdbe9 1403 #if (TLS_PSK_SUPPORT == ENABLED || TLS_RSA_PSK_SUPPORT == ENABLED || \
Sergunb 0:8918a71cdbe9 1404 TLS_DHE_PSK_SUPPORT == ENABLED || TLS_ECDHE_PSK_SUPPORT == ENABLED)
Sergunb 0:8918a71cdbe9 1405 char_t *psk; ///<Pre-shared key
Sergunb 0:8918a71cdbe9 1406 size_t pskLen; ///<Length of the pre-shared key, in bytes
Sergunb 0:8918a71cdbe9 1407 char_t *pskIdentity; ///<PSK identity
Sergunb 0:8918a71cdbe9 1408 char_t *pskIdentityHint; ///<PSK identity hint
Sergunb 0:8918a71cdbe9 1409 TlsPskCallback pskCallback; ///<PSK callback function
Sergunb 0:8918a71cdbe9 1410 #endif
Sergunb 0:8918a71cdbe9 1411
Sergunb 0:8918a71cdbe9 1412 #if (TLS_DH_ANON_SUPPORT == ENABLED || TLS_DHE_RSA_SUPPORT == ENABLED || \
Sergunb 0:8918a71cdbe9 1413 TLS_DHE_DSS_SUPPORT == ENABLED || TLS_DHE_PSK_SUPPORT == ENABLED)
Sergunb 0:8918a71cdbe9 1414 DhContext dhContext; ///<Diffie-Hellman context
Sergunb 0:8918a71cdbe9 1415 #endif
Sergunb 0:8918a71cdbe9 1416
Sergunb 0:8918a71cdbe9 1417 #if (TLS_ECDH_ANON_SUPPORT == ENABLED || TLS_ECDHE_RSA_SUPPORT == ENABLED || \
Sergunb 0:8918a71cdbe9 1418 TLS_ECDHE_ECDSA_SUPPORT == ENABLED || TLS_ECDHE_PSK_SUPPORT == ENABLED)
Sergunb 0:8918a71cdbe9 1419 EcdhContext ecdhContext; ///<ECDH context
Sergunb 0:8918a71cdbe9 1420 #endif
Sergunb 0:8918a71cdbe9 1421
Sergunb 0:8918a71cdbe9 1422 TlsCertDesc certs[TLS_MAX_CERTIFICATES]; //End entity certificates
Sergunb 0:8918a71cdbe9 1423 uint_t numCerts; //Number of certificates available
Sergunb 0:8918a71cdbe9 1424 TlsCertDesc *cert; //Pointer to the currently selected certificate
Sergunb 0:8918a71cdbe9 1425
Sergunb 0:8918a71cdbe9 1426 const char_t *trustedCaList; ///<List of trusted CA (PEM format)
Sergunb 0:8918a71cdbe9 1427 size_t trustedCaListLen; ///<Number of trusted CA in the list
Sergunb 0:8918a71cdbe9 1428
Sergunb 0:8918a71cdbe9 1429 TlsCertificateType peerCertType; ///<Peer's certificate type
Sergunb 0:8918a71cdbe9 1430
Sergunb 0:8918a71cdbe9 1431 #if (TLS_RSA_SIGN_SUPPORT == ENABLED || TLS_RSA_SUPPORT == ENABLED || \
Sergunb 0:8918a71cdbe9 1432 TLS_DHE_RSA_SUPPORT == ENABLED || TLS_ECDHE_RSA_SUPPORT == ENABLED)
Sergunb 0:8918a71cdbe9 1433 RsaPublicKey peerRsaPublicKey; ///<Peer's RSA public key
Sergunb 0:8918a71cdbe9 1434 #endif
Sergunb 0:8918a71cdbe9 1435
Sergunb 0:8918a71cdbe9 1436 #if (TLS_DSA_SIGN_SUPPORT == ENABLED || TLS_DHE_DSS_SUPPORT == ENABLED)
Sergunb 0:8918a71cdbe9 1437 DsaPublicKey peerDsaPublicKey; ///<Peer's DSA public key
Sergunb 0:8918a71cdbe9 1438 #endif
Sergunb 0:8918a71cdbe9 1439
Sergunb 0:8918a71cdbe9 1440 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED || TLS_ECDHE_ECDSA_SUPPORT == ENABLED)
Sergunb 0:8918a71cdbe9 1441 EcDomainParameters peerEcParams; ///<Peer's EC domain parameters
Sergunb 0:8918a71cdbe9 1442 EcPoint peerEcPublicKey; ///<Peer's EC public key
Sergunb 0:8918a71cdbe9 1443 #endif
Sergunb 0:8918a71cdbe9 1444
Sergunb 0:8918a71cdbe9 1445 TlsCache *cache; ///<TLS session cache
Sergunb 0:8918a71cdbe9 1446
Sergunb 0:8918a71cdbe9 1447 uint8_t sessionId[32]; ///<Session identifier
Sergunb 0:8918a71cdbe9 1448 size_t sessionIdLen; ///<Length of the session identifier
Sergunb 0:8918a71cdbe9 1449
Sergunb 0:8918a71cdbe9 1450 uint16_t clientVersion; ///<Latest version supported by the client
Sergunb 0:8918a71cdbe9 1451 uint16_t version; ///<Negotiated TLS version
Sergunb 0:8918a71cdbe9 1452 uint16_t cipherSuite; ///<Negotiated cipher suite
Sergunb 0:8918a71cdbe9 1453 uint8_t compressionMethod; ///<Negotiated compression algorithm
Sergunb 0:8918a71cdbe9 1454 uint16_t namedCurve; ///<Named curve
Sergunb 0:8918a71cdbe9 1455
Sergunb 0:8918a71cdbe9 1456 TlsHashAlgo signHashAlgo; ///<Hash algorithm used for signing
Sergunb 0:8918a71cdbe9 1457 TlsKeyExchMethod keyExchMethod; ///<Key exchange method
Sergunb 0:8918a71cdbe9 1458 const CipherAlgo *cipherAlgo; ///<Bulk cipher algorithm
Sergunb 0:8918a71cdbe9 1459 CipherMode cipherMode; ///<Cipher mode of operation
Sergunb 0:8918a71cdbe9 1460 const HashAlgo *hashAlgo; ///<Hash algorithm for MAC operations
Sergunb 0:8918a71cdbe9 1461 const HashAlgo *prfHashAlgo; ///<Hash algorithm for PRF operations
Sergunb 0:8918a71cdbe9 1462 size_t macKeyLen; ///<Number of bytes that are used for generating MAC keys
Sergunb 0:8918a71cdbe9 1463 size_t encKeyLen; ///<Number of bytes that are used for generating encryption keys
Sergunb 0:8918a71cdbe9 1464 size_t fixedIvLen; ///<Amount of data needed to be generated for the IV
Sergunb 0:8918a71cdbe9 1465 size_t recordIvLen; ///<Length of the IV
Sergunb 0:8918a71cdbe9 1466 size_t authTagLen; ///<Length of the authentication tag
Sergunb 0:8918a71cdbe9 1467 size_t verifyDataLen; ///<Length of the verify data
Sergunb 0:8918a71cdbe9 1468
Sergunb 0:8918a71cdbe9 1469 //#if (TLS_MAX_VERSION >= SSL_VERSION_3_0 && TLS_MIN_VERSION <= TLS_VERSION_1_1)
Sergunb 0:8918a71cdbe9 1470 Md5Context *handshakeMd5Context; ///<MD5 context used to compute verify data
Sergunb 0:8918a71cdbe9 1471 Sha1Context *handshakeSha1Context; ///<SHA-1 context used to compute verify data
Sergunb 0:8918a71cdbe9 1472 //#endif
Sergunb 0:8918a71cdbe9 1473
Sergunb 0:8918a71cdbe9 1474 //#if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_2)
Sergunb 0:8918a71cdbe9 1475 HashContext *handshakeHashContext; ///<Hash context used to compute verify data (TLS 1.2)
Sergunb 0:8918a71cdbe9 1476 //#endif
Sergunb 0:8918a71cdbe9 1477
Sergunb 0:8918a71cdbe9 1478 uint8_t verifyData[64]; ///<Verify data
Sergunb 0:8918a71cdbe9 1479
Sergunb 0:8918a71cdbe9 1480 bool_t ecPointFormatExtFound; ///<The EcPointFormats extension has been received
Sergunb 0:8918a71cdbe9 1481
Sergunb 0:8918a71cdbe9 1482 TlsClientAuthMode clientAuthMode; ///<Client authentication mode
Sergunb 0:8918a71cdbe9 1483 bool_t clientCertRequested; ///<This flag tells whether the client certificate is requested
Sergunb 0:8918a71cdbe9 1484
Sergunb 0:8918a71cdbe9 1485 bool_t resume; ///<The connection is established by resuming a session
Sergunb 0:8918a71cdbe9 1486 bool_t changeCipherSpecSent; ///<A ChangeCipherSpec message has been sent
Sergunb 0:8918a71cdbe9 1487 bool_t changeCipherSpecReceived; ///<A ChangeCipherSpec message has been received from the peer
Sergunb 0:8918a71cdbe9 1488 bool_t fatalAlertSent; ///<A fatal alert message has been sent
Sergunb 0:8918a71cdbe9 1489 bool_t fatalAlertReceived; ///<A fatal alert message has been received from the peer
Sergunb 0:8918a71cdbe9 1490 bool_t closeNotifySent; ///<A closure alert has been sent
Sergunb 0:8918a71cdbe9 1491 bool_t closeNotifyReceived; ///<A closure alert has been received from the peer
Sergunb 0:8918a71cdbe9 1492
Sergunb 0:8918a71cdbe9 1493 HmacContext hmacContext; ///<HMAC context
Sergunb 0:8918a71cdbe9 1494 void *writeCipherContext; ///<Bulk cipher context for write operations
Sergunb 0:8918a71cdbe9 1495 void *readCipherContext; ///<Bulk cipher context for read operations
Sergunb 0:8918a71cdbe9 1496 #if (TLS_GCM_CIPHER_SUPPORT == ENABLED)
Sergunb 0:8918a71cdbe9 1497 GcmContext *writeGcmContext; ///<GCM context for write operations
Sergunb 0:8918a71cdbe9 1498 GcmContext *readGcmContext; ///<GCM context for read operations
Sergunb 0:8918a71cdbe9 1499 #endif
Sergunb 0:8918a71cdbe9 1500
Sergunb 0:8918a71cdbe9 1501 uint8_t *txBuffer; ///<TX buffer
Sergunb 0:8918a71cdbe9 1502 size_t txBufferSize; ///<TX buffer size
Sergunb 0:8918a71cdbe9 1503 TlsContentType txBufferType; ///<Type of data that resides in the TX buffer
Sergunb 0:8918a71cdbe9 1504 size_t txBufferLen; ///<Number of bytes that are pending to be sent
Sergunb 0:8918a71cdbe9 1505 size_t txBufferPos; ///<Current position in TX buffer
Sergunb 0:8918a71cdbe9 1506 size_t txRecordMaxLen; ///<Maximum plaintext fragment length
Sergunb 0:8918a71cdbe9 1507 size_t txRecordLen; ///<Length of the TLS record
Sergunb 0:8918a71cdbe9 1508 size_t txRecordPos; ///<Current position in the TLS record
Sergunb 0:8918a71cdbe9 1509
Sergunb 0:8918a71cdbe9 1510 uint8_t *rxBuffer; ///<RX buffer
Sergunb 0:8918a71cdbe9 1511 size_t rxBufferSize; ///<RX buffer size
Sergunb 0:8918a71cdbe9 1512 TlsContentType rxBufferType; ///<Type of data that resides in the RX buffer
Sergunb 0:8918a71cdbe9 1513 size_t rxBufferLen; ///<Number of bytes available for reading
Sergunb 0:8918a71cdbe9 1514 size_t rxBufferPos; ///<Current position in RX buffer
Sergunb 0:8918a71cdbe9 1515 size_t rxRecordMaxLen; ///<Maximum plaintext fragment length
Sergunb 0:8918a71cdbe9 1516 size_t rxRecordLen; ///<Length of the TLS record
Sergunb 0:8918a71cdbe9 1517 size_t rxRecordPos; ///<Current position in the TLS record
Sergunb 0:8918a71cdbe9 1518
Sergunb 0:8918a71cdbe9 1519 union
Sergunb 0:8918a71cdbe9 1520 {
Sergunb 0:8918a71cdbe9 1521 struct
Sergunb 0:8918a71cdbe9 1522 {
Sergunb 0:8918a71cdbe9 1523 TlsRandom clientRandom; ///<Client random value
Sergunb 0:8918a71cdbe9 1524 TlsRandom serverRandom; ///<Server random value
Sergunb 0:8918a71cdbe9 1525 };
Sergunb 0:8918a71cdbe9 1526 uint8_t random[64];
Sergunb 0:8918a71cdbe9 1527 };
Sergunb 0:8918a71cdbe9 1528
Sergunb 0:8918a71cdbe9 1529 uint8_t premasterSecret[TLS_MAX_PREMASTER_SECRET_SIZE]; ///<Premaster secret
Sergunb 0:8918a71cdbe9 1530 size_t premasterSecretLen; ///<Length of the premaster secret
Sergunb 0:8918a71cdbe9 1531 uint8_t masterSecret[48]; ///<Master secret
Sergunb 0:8918a71cdbe9 1532 uint8_t keyBlock[192]; ///<Key material
Sergunb 0:8918a71cdbe9 1533 uint8_t *writeMacKey; ///<Write MAC key
Sergunb 0:8918a71cdbe9 1534 uint8_t *readMacKey; ///<Read MAC key
Sergunb 0:8918a71cdbe9 1535 uint8_t *writeEncKey; ///<Encryption key that serves for write operations
Sergunb 0:8918a71cdbe9 1536 uint8_t *readEncKey; ///<Encryption key that serves for read operations
Sergunb 0:8918a71cdbe9 1537 uint8_t *writeIv; ///<Write IV
Sergunb 0:8918a71cdbe9 1538 uint8_t *readIv; ///<Read IV
Sergunb 0:8918a71cdbe9 1539
Sergunb 0:8918a71cdbe9 1540 TlsSequenceNumber writeSeqNum; ///<Write sequence number
Sergunb 0:8918a71cdbe9 1541 TlsSequenceNumber readSeqNum; ///<Read sequence number
Sergunb 0:8918a71cdbe9 1542 };
Sergunb 0:8918a71cdbe9 1543
Sergunb 0:8918a71cdbe9 1544
Sergunb 0:8918a71cdbe9 1545 //TLS application programming interface (API)
Sergunb 0:8918a71cdbe9 1546 TlsContext *tlsInit(void);
Sergunb 0:8918a71cdbe9 1547
Sergunb 0:8918a71cdbe9 1548 error_t tlsSetIoCallbacks(TlsContext *context, TlsIoHandle handle,
Sergunb 0:8918a71cdbe9 1549 TlsIoSendCallback sendCallback, TlsIoReceiveCallback receiveCallback);
Sergunb 0:8918a71cdbe9 1550
Sergunb 0:8918a71cdbe9 1551 error_t tlsSetConnectionEnd(TlsContext *context, TlsConnectionEnd entity);
Sergunb 0:8918a71cdbe9 1552 error_t tlsSetPrng(TlsContext *context, const PrngAlgo *prngAlgo, void *prngContext);
Sergunb 0:8918a71cdbe9 1553 error_t tlsSetServerName(TlsContext *context, const char_t *serverName);
Sergunb 0:8918a71cdbe9 1554 error_t tlsSetCache(TlsContext *context, TlsCache *cache);
Sergunb 0:8918a71cdbe9 1555 error_t tlsSetClientAuthMode(TlsContext *context, TlsClientAuthMode mode);
Sergunb 0:8918a71cdbe9 1556
Sergunb 0:8918a71cdbe9 1557 error_t tlsSetBufferSize(TlsContext *context,
Sergunb 0:8918a71cdbe9 1558 size_t txBufferSize, size_t rxBufferSize);
Sergunb 0:8918a71cdbe9 1559
Sergunb 0:8918a71cdbe9 1560 error_t tlsSetCipherSuites(TlsContext *context,
Sergunb 0:8918a71cdbe9 1561 const uint16_t *cipherSuites, uint_t length);
Sergunb 0:8918a71cdbe9 1562
Sergunb 0:8918a71cdbe9 1563 error_t tlsSetDhParameters(TlsContext *context,
Sergunb 0:8918a71cdbe9 1564 const char_t *params, size_t length);
Sergunb 0:8918a71cdbe9 1565
Sergunb 0:8918a71cdbe9 1566 error_t tlsSetAlpnProtocolList(TlsContext *context, const char_t *protocolList);
Sergunb 0:8918a71cdbe9 1567 const char_t *tlsGetAlpnProtocol(TlsContext *context);
Sergunb 0:8918a71cdbe9 1568
Sergunb 0:8918a71cdbe9 1569 error_t tlsSetPsk(TlsContext *context, const uint8_t *psk, size_t pskLength);
Sergunb 0:8918a71cdbe9 1570 error_t tlsSetPskIdentity(TlsContext *context, const char_t *pskIdentity);
Sergunb 0:8918a71cdbe9 1571 error_t tlsSetPskIdentityHint(TlsContext *context, const char_t *pskIdentityHint);
Sergunb 0:8918a71cdbe9 1572 error_t tlsSetPskCallback(TlsContext *context, TlsPskCallback pskCallback);
Sergunb 0:8918a71cdbe9 1573
Sergunb 0:8918a71cdbe9 1574 error_t tlsSetTrustedCaList(TlsContext *context,
Sergunb 0:8918a71cdbe9 1575 const char_t *trustedCaList, size_t length);
Sergunb 0:8918a71cdbe9 1576
Sergunb 0:8918a71cdbe9 1577 error_t tlsAddCertificate(TlsContext *context, const char_t *certChain,
Sergunb 0:8918a71cdbe9 1578 size_t certChainLength, const char_t *privateKey, size_t privateKeyLength);
Sergunb 0:8918a71cdbe9 1579
Sergunb 0:8918a71cdbe9 1580 error_t tlsConnect(TlsContext *context);
Sergunb 0:8918a71cdbe9 1581
Sergunb 0:8918a71cdbe9 1582 error_t tlsWrite(TlsContext *context, const void *data,
Sergunb 0:8918a71cdbe9 1583 size_t length, size_t *written, uint_t flags);
Sergunb 0:8918a71cdbe9 1584
Sergunb 0:8918a71cdbe9 1585 error_t tlsRead(TlsContext *context, void *data,
Sergunb 0:8918a71cdbe9 1586 size_t size, size_t *received, uint_t flags);
Sergunb 0:8918a71cdbe9 1587
Sergunb 0:8918a71cdbe9 1588 error_t tlsShutdown(TlsContext *context);
Sergunb 0:8918a71cdbe9 1589 error_t tlsShutdownEx(TlsContext *context, bool_t waitForCloseNotify);
Sergunb 0:8918a71cdbe9 1590
Sergunb 0:8918a71cdbe9 1591 void tlsFree(TlsContext *context);
Sergunb 0:8918a71cdbe9 1592
Sergunb 0:8918a71cdbe9 1593 error_t tlsSaveSession(const TlsContext *context, TlsSession *session);
Sergunb 0:8918a71cdbe9 1594 error_t tlsRestoreSession(TlsContext *context, const TlsSession *session);
Sergunb 0:8918a71cdbe9 1595
Sergunb 0:8918a71cdbe9 1596 TlsCache *tlsInitCache(uint_t size);
Sergunb 0:8918a71cdbe9 1597 void tlsFreeCache(TlsCache *cache);
Sergunb 0:8918a71cdbe9 1598
Sergunb 0:8918a71cdbe9 1599 #endif
Sergunb 0:8918a71cdbe9 1600