TrustCore SDK NanoSSL API reference  version 7.0
ssl.h
Go to the documentation of this file.
1 /*
2  * ssl.h
3  *
4  * SSL Developer API
5  *
6  * Copyright 2019-2024 DigiCert, Inc. All Rights Reserved.
7  * Proprietary and Confidential Material.
8  *
9  */
10 
54 /*------------------------------------------------------------------*/
55 
56 #ifndef __SSL_HEADER__
57 #define __SSL_HEADER__
58 
59 #include "../crypto/hw_accel.h"
60 #include "../common/moc_net.h"
61 #include "../common/vlong.h"
62 #include "../common/mtcp.h"
63 
64 #include "../common/sizedbuffer.h"
65 #ifdef __ENABLE_MOCANA_OPENSSL_SHIM__
66 #include "../openssl_wrapper/openssl_shim.h"
67 #endif
68 
69 #ifndef __DISABLE_MOCANA_SSL_CERTIFICATE_CALLBACK__
70 #include "../crypto/pubcrypto.h"
71 #include "../crypto/ca_mgmt.h"
72 #include "../crypto/cert_chain.h"
73 #endif
74 
75 #ifdef __ENABLE_MOCANA_MBEDTLS_SHIM__
76 #include "../mbedtls_wrapper/mbedtls_shim.h"
77 #endif
78 
79 #ifdef __cplusplus
80 extern "C" {
81 #endif
82 
83 /* NOTE: copyed over from ike_utils.h */
84 #ifndef __ENABLE_MOCANA_IPV6__
85 
86 #define ZERO_MOC_IPADDR(a) a = 0
87 #define ISZERO_MOC_IPADDR(a) (0 == a)
88 #define SAME_MOC_IPADDR(a, b) (a == b)
89 #define COPY_MOC_IPADDR(d, s) d = s
90 #define REF_MOC_IPADDR(a) a
91 #define GET_MOC_IPADDR4(a) a
92 #define SET_MOC_IPADDR4(a, v) a = v;
93 #define LT_MOC_IPADDR4(a, b) (a < b)
94 #define LT_MOC_IPADDR LT_MOC_IPADDR4
95 #define TEST_MOC_IPADDR6(a, _c)
96 
97 #else
98 
99 #ifndef AF_INET
100 #define AF_INET 2 /* Internet IP Protocol */
101 #endif
102 
103 #ifndef AF_INET6 /* IP version 6 */
104 #if defined(__LINUX_RTOS__)
105 #define AF_INET6 10
106 #elif defined (__WIN32_RTOS__)
107 #define AF_INET6 23
108 #else
109 #error Must define AF_INET6
110 #endif
111 #endif
112 
113 #define ZERO_MOC_IPADDR(s) (s).family = 0;\
114  (s).uin.addr6[0] = (s).uin.addr6[1] =\
115  (s).uin.addr6[2] = (s).uin.addr6[3] = 0
116 #define ISZERO_MOC_IPADDR(s) (0 == (s).family)
117 #define SAME_MOC_IPADDR(a, s) ((a) && ((a)->family == (s).family) &&\
118  (((AF_INET == (a)->family) &&\
119  ((a)->uin.addr == (s).uin.addr))\
120  ||\
121  ((AF_INET6 == (a)->family) &&\
122  ((a)->uin.addr6[0] == (s).uin.addr6[0]) &&\
123  ((a)->uin.addr6[1] == (s).uin.addr6[1]) &&\
124  ((a)->uin.addr6[2] == (s).uin.addr6[2]) &&\
125  ((a)->uin.addr6[3] == (s).uin.addr6[3]))\
126  ))
127 #define COPY_MOC_IPADDR(s, a) s = *(a)
128 #define REF_MOC_IPADDR(s) &(s)
129 #define GET_MOC_IPADDR4(a) (a)->uin.addr
130 #define SET_MOC_IPADDR4(s, v) (s).family = AF_INET; (s).uin.addr = v
131 #define LT_MOC_IPADDR4(x, y) ((x).uin.addr < (y).uin.addr)
132 
133 #define TEST_MOC_IPADDR6(a, _c) if (AF_INET6 == (a)->family) _c else
134 
135 #define GET_MOC_IPADDR6(a) (ubyte *) (a)->uin.addr6
136 #define SET_MOC_IPADDR6(s, v) (s).family = AF_INET6;\
137  MOC_MEMCPY((ubyte *) (s).uin.addr6, (ubyte *)(v), 16)
138 #define LT_MOC_IPADDR6(x, y) ((GET_NTOHL((x).uin.addr6[0]) < GET_NTOHL((y).uin.addr6[0])) ||\
139  (((x).uin.addr6[0] == (y).uin.addr6[0]) &&\
140  ((GET_NTOHL((x).uin.addr6[1]) < GET_NTOHL((y).uin.addr6[1])) ||\
141  (((x).uin.addr6[1] == (y).uin.addr6[1]) &&\
142  ((GET_NTOHL((x).uin.addr6[2]) < GET_NTOHL((y).uin.addr6[2])) ||\
143  (((x).uin.addr6[2] == (y).uin.addr6[2]) &&\
144  (GET_NTOHL((x).uin.addr6[3]) < GET_NTOHL((y).uin.addr6[3]))))))))
145 #define LT_MOC_IPADDR(p, q) (((p).family != (q).family) ||\
146  ((AF_INET == (p).family) ? LT_MOC_IPADDR4(p, q) : LT_MOC_IPADDR6(p, q)))
147 
148 #endif /* __ENABLE_MOCANA_IPV6__ */
149 
150 #if defined(__ENABLE_MOCANA_TAP_OSSL_REMOTE__) || defined(__ENABLE_MOCANA_SSL_SSLCONNECT_RENAME__)
151 #define SSL_connect MOC_SSL_connect
152 #endif
153 
154 #if !defined( __ENABLE_MOCANA_SSL_CLIENT__ ) && defined( __ENABLE_MOCANA_SSL_ASYNC_CLIENT_API__ )
155 #define __ENABLE_MOCANA_SSL_CLIENT__
156 #endif
157 
158 #if !defined( __ENABLE_MOCANA_SSL_SERVER__ ) && defined( __ENABLE_MOCANA_SSL_ASYNC_SERVER_API__ )
159 #define __ENABLE_MOCANA_SSL_SERVER__
160 #endif
161 
162 /* check for possible build configuration errors */
163 #ifndef __ENABLE_MOCANA_SSL_DUAL_MODE_API__
164 #if defined(__ENABLE_MOCANA_SSL_ASYNC_CLIENT_API__) && defined(__ENABLE_MOCANA_SSL_SERVER__) && !defined(__ENABLE_MOCANA_SSL_ASYNC_SERVER_API__)
165 #error SSL build configuration error. Mixing async client w/ sync server prohibited.
166 #endif
167 
168 #if defined(__ENABLE_MOCANA_SSL_ASYNC_SERVER_API__) && defined(__ENABLE_MOCANA_SSL_CLIENT__) && !defined(__ENABLE_MOCANA_SSL_ASYNC_CLIENT_API__)
169 #error SSL build configuration error. Mixing async server w/ sync client prohibited.
170 #endif
171 #endif /* __ENABLE_MOCANA_SSL_DUAL_MODE_API__ */
172 
173 #if defined(__ENABLE_MOCANA_SSL_SERVER__) || defined(__ENABLE_MOCANA_SSL_CLIENT__)
174 
175 #ifdef _DEBUG
176 #define TIMEOUT_SSL_RECV (0)
177 #define TIMEOUT_SSL_HELLO (0)
178 #else
179 /* timeouts in milliseconds 0 means for ever */
180 #define TIMEOUT_SSL_RECV (15000)
181 #define TIMEOUT_SSL_HELLO (15000)
182 #endif
183 
184 #define TIMEOUT_DTLS_CONNECT_TIMED_WAIT (2*60*1000)
185 
186 #ifndef SSL_WRITE_FAIL_RETRY_TIME
187 #define SSL_WRITE_FAIL_RETRY_TIME (5)
188 #endif
189 
190 /* for reference */
191 #define SSL_DEFAULT_TCPIP_PORT (443)
192 
193 /* sizes */
194 #define SSL_SHA512_FINGER_PRINT_SIZE (64)
195 #define SSL_SHA_FINGER_PRINT_SIZE (20)
196 #define SSL_MD5_FINGER_PRINT_SIZE (16)
197 #ifdef __UCOS_DIRECT_RTOS__
198 #define SSL_SYNC_BUFFER_SIZE (512)
199 #else
200 #define SSL_SYNC_BUFFER_SIZE (2048)
201 #endif /* __UCOS_DIRECT_RTOS__ */
202 #define SSL_MAXSESSIONIDSIZE (32)
203 
204 #ifndef SSL_MASTERSECRETSIZE
205 #define SSL_MASTERSECRETSIZE (48)
206 #endif
207 
208 #define SSL_ALPN_MAX_SIZE (64)
209 
210 #define SSL_PSK_SERVER_IDENTITY_LENGTH (128) /* also max for SRP salt size */
211 #define SSL_PSK_MAX_LENGTH (64)
212 #define SSL_PSK_TLS13_MAX_LENGTH (64)
213 
214 #define SSL_PSK_IDENTITY_TLS13_MAX_LENGTH (32)
215 #define SSL_SESSION_TICKET_NONCE_SIZE (64)
216 #define SSL_PSK_TLS13_MIN_BINDER_LENGTH (32)
217 #define SSL_PSK_TLS13_MAX_BINDER_LENGTH (255)
218 #define SSL_TLS13_RECV_EARLY_DATA_SIZE (16384)
219 #define SSL_MAX_NUM_CIPHERS (150)
220 
221 
222 /* SSL runtime flags */
223 #define SSL_FLAG_REQUIRE_MUTUAL_AUTH (0x00000001L)
224 #define SSL_FLAG_NO_MUTUAL_AUTH_REQUEST (0x00000002L) /* for server */
225 #define SSL_FLAG_NO_MUTUAL_AUTH_REPLY (0x00000002L) /* for client */
226 #define SSL_FLAG_ENABLE_SEND_EMPTY_FRAME (0x00000004L)
227 #define SSL_FLAG_ENABLE_SEND_BUFFER (0x00000008L)
228 #define SSL_FLAG_ENABLE_RECV_BUFFER (0x00000010L)
229 #define SSL_FLAG_ENABLE_POST_HANDSHAKE_AUTH (0x00000020L)
230 #define SSL_FLAG_ALLOW_INSECURE_REHANDSHAKE (0x00000080L) /* permit legacy renegotiation */
231 
232 /* DTLS runtime flags */
233 #define DTLS_FLAG_ENABLE_SRTP_DATA_SEND (0x00001000L)
234 
235 /* SSL runtime flags: upper 2 octect for internal use only */
236 #define SSL_FLAG_INTERNAL_USE (0xFF000000L)
237 #define SSL_FLAG_VERSION_SET (0x80000000L)
238 #define SSL_FLAG_MINIMUM_FALLBACK_VERSION_SET (0x40000000L)
239 #define SSL_FLAG_SCSV_FALLBACK_VERSION_SET (0x20000000L)
240 #define SSL_PSK_EXCHANGE_MODE_FLAG_SET (0x10000000L)
241 
242 /*TLS 1.2 SUITE B minimum level of security */
243 #define SSL_TLS12_MINLOS_128 (1)
244 #define SSL_TLS12_MINLOS_192 (2)
245 
246 /* SSL ioctl settings */
247 #define SSL_SET_VERSION (1)
248 #define SSL_SET_MINIMUM_VERSION (2)
249 #define SSL_SET_SCSV_VERSION (3)
250 #define SSL_SET_RECV_TIMEOUT (4)
251 #define SSL_GET_CLIENT_RANDOM (5)
252 #define SSL_GET_SERVER_RANDOM (6)
253 
254 /* SSL_Settings_Ioctl */
255 #define SSL_SETTINGS_MAX_BYTE_COUNT (1)
256 #define SSL_SETTINGS_MAX_TIMER_COUNT (2)
257 #define SSL_SETTINGS_GET_RECV_MAX_EARLY_DATA (3)
258 #define SSL_SETTINGS_SET_RECV_MAX_EARLY_DATA (4)
259 
260 /* DTLS ioctl settings */
261 #define DTLS_SET_HANDSHAKE_RETRANSMISSION_TIMER (10)
262 #define DTLS_SET_PMTU (11)
263 #define DTLS_USE_SRTP (12)
264 #define DTLS_SET_HELLO_VERIFIED (13)
265 
266 /* TLS v1.3 Ioctl settings */
267 #define SSL_REQUEST_SESSION_TICKET (21)
268 #define SSL_PSK_KEY_EXCHANGE_MODE (22)
269 
270 #define SSL_GET_EARLY_DATA_STATUS (23)
271 #define SSL_GET_KEY_UPDATE_DATA_TYPE (24)
272 
273 #define SSL_GET_MAX_EARLY_DATA (25)
274 #define SSL_SET_MAX_EARLY_DATA (26)
275 
276 #define SSL_SET_NUM_TICKETS (27)
277 #define SSL_GET_NUM_TICKETS (28)
278 #define SSL_SET_SEND_EARLY_DATA (29)
279 
280 #define SSL_SET_USE_EXTENDED_MASTERSECRET (30)
281 
282 /* TLS v1.3 Ioctl setting */
283 #define SSL_ENABLE_TLS13_SESSION_TICKETS (31)
284 
285 #if 0
286 #define SSL_SET_BLOCK_PADDING (32)
287 #define SSL_SET_MAX_FRAGMENT_LENGTH (33)
288 #define SSL_GET_MAX_FRAGMENT_LENGTH (34)
289 #endif
290 
291 /* TLS v1.3 Ioctl setting */
292 #define SSL_SET_SESSION_TICKET_NONCE_LEN (35)
293 
294 /* SSL Record Header type */
295 #define SSL_CHANGE_CIPHER_SPEC (20)
296 #define SSL_ALERT (21)
297 #define SSL_HANDSHAKE (22)
298 #define SSL_APPLICATION_DATA (23)
299 #define SSL_INNER_APPLICATION (24)
300 /* Enumeration for SSL_INNER_APPLICATION and SSL_HEARTBEAT is same */
301 #if defined(__ENABLE_MOCANA_SSL_HEARTBEAT_RFC_6520__)
302 #define SSL_HEARTBEAT (24)
303 #endif
304 #define SSL_ACK (26)
305 
306 /* SSL Alert level */
307 #define SSLALERTLEVEL_WARNING (1)
308 #define SSLALERTLEVEL_FATAL (2)
309 
310 /* SSL Alert description */
311 #define SSL_ALERT_CLOSE_NOTIFY (0)
312 #define SSL_ALERT_UNEXPECTED_MESSAGE (10)
313 #define SSL_ALERT_BAD_RECORD_MAC (20)
314 #define SSL_ALERT_DECRYPTION_FAILED (21)
315 #define SSL_ALERT_RECORD_OVERFLOW (22)
316 #define SSL_ALERT_DECOMPRESSION_FAILURE (30)
317 #define SSL_ALERT_HANDSHAKE_FAILURE (40)
318 #define SSL_ALERT_NO_CERTIFICATE (41)
319 #define SSL_ALERT_BAD_CERTIFICATE (42)
320 #define SSL_ALERT_UNSUPPORTED_CERTIFICATE (43)
321 #define SSL_ALERT_CERTIFICATE_REVOKED (44)
322 #define SSL_ALERT_CERTIFICATE_EXPIRED (45)
323 #define SSL_ALERT_CERTIFICATE_UNKNOWN (46)
324 #define SSL_ALERT_ILLEGAL_PARAMETER (47)
325 #define SSL_ALERT_UNKNOWN_CA (48)
326 #define SSL_ALERT_ACCESS_DENIED (49)
327 #define SSL_ALERT_DECODE_ERROR (50)
328 #define SSL_ALERT_DECRYPT_ERROR (51)
329 #define SSL_ALERT_EXPORT_RESTRICTION (60)
330 #define SSL_ALERT_PROTOCOL_VERSION (70)
331 #define SSL_ALERT_INSUFFICIENT_SECURITY (71)
332 #define SSL_ALERT_INTERNAL_ERROR (80)
333 #define SSL_ALERT_INAPPROPRIATE_FALLBACK (86)
334 #define SSL_ALERT_USER_CANCELED (90)
335 #define SSL_ALERT_NO_RENEGOTIATION (100)
336 #define SSL_ALERT_MISSING_EXTENSION (109)
337 #define SSL_ALERT_UNSUPPORTED_EXTENSION (110)
338 #define SSL_ALERT_CERTIFICATE_UNOBTAINABLE (111)
339 #define SSL_ALERT_UNRECOGNIZED_NAME (112)
340 #define SSL_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE (113)
341 #define SSL_ALERT_BAD_CERTIFICATE_HASH_VALUE (114)
342 #define SSL_ALERT_UNKNOWN_PSK_IDENTITY (115)
343 #define SSL_ALERT_CERTIFICATE_REQUIRED (116)
344 #define SSL_ALERT_NO_APPLICATION_PROTOCOL (120)
345 #define SSL_ALERT_INNER_APPLICATION_FAILURE (208)
346 #define SSL_ALERT_INNER_APPLICATION_VERIFICATION (209)
347 
348 #define SSL_ALERT_DIRECTION_BIT (0x40000000)
349 
350 #define SSL_CONNECTION_RENEGOTIATE (4)
351 #define SSL_CONNECTION_OPEN (3)
352 #define SSL_CONNECTION_NEGOTIATE (2)
353 
354 #ifndef MIN_SSL_RSA_SIZE
355 #define MIN_SSL_RSA_SIZE (2048)
356 #endif
357 
358 #ifndef MIN_SSL_DH_SIZE
359 #define MIN_SSL_DH_SIZE (1024)
360 #endif
361 
362 #ifndef MAX_SSL_DH_SIZE
363 #define MAX_SSL_DH_SIZE (8192)
364 #endif
365 
366  /* default DH group size is 2048: the values allowed are defined in
367  crypto/dh.h */
368 #ifndef SSL_DEFAULT_DH_GROUP
369 #define SSL_DEFAULT_DH_GROUP DH_GROUP_14
370 #endif
371 
372 #define SSL3_MAJORVERSION (3)
373 #define SSL3_MINORVERSION (0)
374 #define TLS10_MINORVERSION (1)
375 #define TLS11_MINORVERSION (2)
376 #define TLS12_MINORVERSION (3)
377 #define TLS13_MINORVERSION (4)
378 
379 #ifdef __ENABLE_MOCANA_TLS12_MIN_VERSION__
380 #define MIN_SSL_MINORVERSION (TLS12_MINORVERSION)
381 #endif
382 
383  /* define max and min version if not specified
384  disable SSLv3 by default */
385 #ifndef MIN_SSL_MINORVERSION
386 #define MIN_SSL_MINORVERSION (TLS10_MINORVERSION)
387 #endif
388 
389 #ifndef MAX_SSL_MINORVERSION
390 #ifdef __ENABLE_MOCANA_TLS13__
391 #define MAX_SSL_MINORVERSION (TLS13_MINORVERSION)
392 #else
393 #define MAX_SSL_MINORVERSION (TLS12_MINORVERSION)
394 #endif
395 #endif
396 
397 #define VERSION_MASK_1 (0x01)
398 #define VERSION_MASK_2 (0x02)
399 #define VERSION_MASK_3 (0x03)
400 
401 #define VALID_SSL_VERSION( major, minor) (( SSL3_MAJORVERSION == major) && (MIN_SSL_MINORVERSION <= minor) && (minor <= MAX_SSL_MINORVERSION))
402 
403  /* DTLS: we should use a signed quantity for minor version and use negative numbers
404  that would prevent minimum being bigger than maximum ! */
405 #define DTLS1_MAJORVERSION (254)
406 #define DTLS10_MINORVERSION (255)
407 #define DTLS12_MINORVERSION (253)
408 #define DTLS13_MINORVERSION (252)
409 
410 #ifndef MIN_DTLS_MINORVERSION
411 #define MIN_DTLS_MINORVERSION (DTLS10_MINORVERSION)
412 #endif
413 
414 #ifndef MAX_DTLS_MINORVERSION
415 #if defined(__ENABLE_MOCANA_TLS13__) && !defined(__ENABLE_MOCANA_OPENSSL_SHIM__)
416 #define MAX_DTLS_MINORVERSION (DTLS13_MINORVERSION)
417 #else
418 #define MAX_DTLS_MINORVERSION (DTLS12_MINORVERSION)
419 #endif
420 #endif
421 
422  /* careful here since MAX_DTLS_MINORVERSION <= MIN_DTLS_MINORVERSION */
423 #if MIN_DTLS_MINORVERSION == (255)
424 #define VALID_DTLS_VERSION( major, minor) (( DTLS1_MAJORVERSION == major) && (minor >= MAX_DTLS_MINORVERSION))
425 #else
426 #define VALID_DTLS_VERSION( major, minor) (( DTLS1_MAJORVERSION == major) && ( MIN_DTLS_MINORVERSION >= minor) && (minor >= MAX_DTLS_MINORVERSION))
427 #endif
428 
429 #define MAX_PASSWORD_SIZE (128)
430 
431 #if defined(__ENABLE_MOCANA_SSL_HEARTBEAT_RFC_6520__)
432 typedef enum
433 {
434  noHeartbeatMessages = 0,
435  peerAllowedToSend,
436  peerNotAllowedToSend
437 } E_HeartbeatExtension;
438 #endif
439 
440 struct AsymmetricKey;
441 struct certStore;
442 
450 enum tlsExtensionTypes
451 {
452  tlsExt_server_name = 0,
453  tlsExt_max_fragment_length = 1,
454  tlsExt_client_certificate_url = 2,
455  tlsExt_trusted_ca_keys = 3,
456  tlsExt_truncated_hmac = 4,
457  tlsExt_status_request = 5,
458  /* In TLS 1.2 and less tlsExt_supportedEllipticCurves = 10, */
459  tlsExt_supportedGroups = 10,
460  tlsExt_ECPointFormat = 11,
461  tlsExt_SRP = 12,
462  tlsExt_supportedSignatureAlgorithms = 13,
463  dtlsExt_use_srtp = 14, /* RFC 5764 */
464  tlsExt_heartbeat = 15,
465  tlsExt_applicationLayerProtocolNegotiation = 16,
466  tlsExt_signed_certificate_timestamp = 18,
467 #ifdef __ENABLE_MOCANA_TLS13__
468  tlsExt_certificate_type = 19,
469  tlsExt_server_certificate_type = 20,
470 #endif
471  tlsExt_encrypt_then_mac = 22,
472  tlsExt_extendedMasterSecret = 23,
473  tlsExt_ticket = 35,
474 #ifdef __ENABLE_MOCANA_TLS13__
475  tlsExt_pre_shared_key = 41,
476  tlsExt_early_data = 42,
477  tlsExt_supported_versions = 43,
478  tlsExt_cookie = 44,
479  tlsExt_psk_key_exchange_modes = 45,
480  tlsExt_certificateAuthorities = 47,
481  tlsExt_oidFilters = 48,
482  tlsExt_postHandshakeAuth = 49,
483  tlsExt_signatureAlgorithmCerts = 50,
484  tlsExt_key_share = 51,
485 #endif
486  tlsExt_nextProtocolNegotiation = 13172,
487  tlsExt_innerApplication = 37703,
488  tlsExt_renegotiated_connection = 0xff01
489 };
490 
491 #ifdef __ENABLE_MOCANA_TLS13__
492 enum keyUpdateRequest
493 {
494  keyUpdateRequest_not_requested = 0,
495  keyUpdateRequest_requested = 1,
496  keyUpdate_none = 255
497 };
498 #endif
499 
506 enum tlsExtNamedCurves
507 {
508  /* Elliptic Curve Groups (ECDHE) */
509  tlsExtNamedCurves_secp192r1 = 0x0013,
510  tlsExtNamedCurves_secp224r1 = 0x0015,
511  tlsExtNamedCurves_secp256r1 = 0x0017,
512  tlsExtNamedCurves_secp384r1 = 0x0018,
513  tlsExtNamedCurves_secp521r1 = 0x0019,
514  tlsExtNamedCurves_x25519 = 0x001D,
515  tlsExtNamedCurves_x448 = 0x001E,
516 
517  /* Finite Field Groups (DHE) */
518  tlsExtNamedCurves_ffdhe2048 = 0x0100,
519  tlsExtNamedCurves_ffdhe3072 = 0x0101,
520  tlsExtNamedCurves_ffdhe4096 = 0x0102,
521  tlsExtNamedCurves_ffdhe6144 = 0x0103,
522  tlsExtNamedCurves_ffdhe8192 = 0x0104,
523 
524  /* Reserved Code Points
525  * ecdhe_private_use(0xFE00..0xFEFF) */
526  tlsExtHybrid_p256_kyber512 = 0xFE05,
527  tlsExtHybrid_p256_kyber512_90s = 0xFE06,
528  tlsExtHybrid_p256_ntru_hps_2048_677 = 0xFE07,
529  tlsExtHybrid_p256_ntru_hrss_701 = 0xFE08,
530  tlsExtHybrid_p256_lightsaber = 0xFE09,
531 
532  tlsExtHybrid_p384_kyber512_768 = 0xFE0A,
533  tlsExtHybrid_p384_kyber_768_90s = 0xFE0B,
534  tlsExtHybrid_p384_ntru_hps_4096_821 = 0xFE0C,
535  tlsExtHybrid_p384_saber = 0xFE0D,
536 
537  tlsExtHybrid_p521_kyber_1024 = 0xFE0E,
538  tlsExtHybrid_p521_kyber_1024_90s = 0xFE0F,
539  tlsExtHybrid_p521_firesaber = 0xFE10
540 };
541 
542 #ifdef __ENABLE_MOCANA_INNER_APP__
543 
547 typedef enum innerAppType
548 {
549  SSL_INNER_APPLICATION_DATA =0,
550  SSL_INNER_INTER_FINISHED =1,
551  SSL_INNER_FINAL_FINISHED =2,
552 } InnerAppType;
553 #endif
554 
559 typedef enum nameTypeSNI
560 {
561  nameTypeHostName = 0
562  /* currently only one is supported */
563 
564 } NameTypeSNI;
565 
566 /* used by OCSP */
571 typedef enum certificateStatusType
572 {
573  certStatusType_ocsp = 1
574  /* currently only one is supported */
575 } CertificateStatusType;
576 
577 /* New for TLS1.2: signature algorithms definitions */
578 typedef enum TLS_HashAlgorithm
579 {
580  TLS_NONE = 0,
581  TLS_MD5 = 1,
582  TLS_SHA1 = 2,
583  TLS_SHA224 = 3,
584  TLS_SHA256 = 4,
585  TLS_SHA384 = 5,
586  TLS_SHA512 = 6,
587  TLS_INTRINSIC = 8,
588  TLS_PRIVATE = 254,
589  TLS_HASH_MAX = 255
590 } TLS_HashAlgorithm;
591 
592 typedef struct sessionTicketStruct
593 {
594  ubyte2 cipherId;
595  ubyte masterSecret[SSL_MASTERSECRETSIZE];
596  ubyte4 lifeTimeHintInSec;
597  TimeDate startTime;
598  ubyte4 ticketLen;
599  ubyte *pTicket; /* Session ticket sent by the server */
600 } sessionTicket;
601 
613 enum tlsExtPskKeyExchangeMode
614 {
615  psk_ke = 0,/* PSK Key establishment */
616  psk_dhe_ke = 1 /* PSK with (EC)DHE Key establishment */
617 };
618 
625 typedef enum hashType
626 {
627  sha1 = 0,
628  sha224,
629  sha256,
630  sha384,
631  sha512,
632  md5,
633  intrinsic = 8 /* for eddsa */
634 } hashType;
635 
636 
637 /* Below structure is based on mentioned RFC section.
638  * TLS 1.3 RFC- 4.6.1. New Session Ticket Message.
639  */
640 
641 typedef struct tls13PskIdentities
642 {
643  ubyte4 pskIdentityLength;
644  sbyte *pskIdentity;
645  ubyte4 ticketAge;
646 } tls13PskIdentities;
647 
648 typedef struct tls13PSK
649 {
650  ubyte isExternal;
651  ubyte isPSKavailable;
652  ubyte4 pskTLS13LifetimeHint;
653  ubyte4 pskTLS13AgeAdd;
654  ubyte ticketNonce[SSL_SESSION_TICKET_NONCE_SIZE];
655  ubyte pskTLS13[SSL_PSK_TLS13_MAX_LENGTH]; /* Max PSK length is (2^16 - 1) */
656  ubyte2 pskTLS13Length;
657  ubyte* pskTLS13Identity;
658  ubyte4 pskTLS13IdentityLength;
659  ubyte4 obfuscatedTicketAge;
660  TLS_HashAlgorithm hashAlgo;
661  TimeDate startTime;
662  ubyte4 pskReceivedTimeInMS;
663  ubyte4 maxEarlyDataSize;
664  ubyte2 pSelectedTlsVersion;
665  ubyte selectedALPN[SSL_ALPN_MAX_SIZE];
666  ubyte2 selectedCipherSuiteId;
667 } tls13PSK;
668 
669 typedef struct tls13PSKList
670 {
671  tls13PSK *pPSK;
672  struct tls13PSKList *pNextPSK;
673  ubyte *pPskData;
674  ubyte4 pskDataLen;
675 }tls13PSKList;
676 
677 typedef enum
678 {
679  earlySecret = 0,
680  binderKey,
681  clientEarlyTrafficSecret,
682  earlyExporterMasterSecret,
683  handshakeSecret,
684  clientHandshakeTrafficSecret,
685  serverHandshakeTrafficSecret,
686  masterSecret,
687  clientApplicationTrafficSecret0,
688  serverApplicationTrafficSecret0,
689  exporterMasterSecret,
690  resumptionMasterSecret
691 } tls13KDFKeyType;
692 
693 /*
694  * The following enums indicate the state in which stack Rx/Tx application data
695  * clientEarlyData indicates the early_data sent by client as part of 0-RTT
696  * serverHandshakeData indicates data sent by Server following Server Finished
697  * clientHandshakeData indicates data sent by Client following Client Finished
698  */
699 typedef enum
700 {
701  clientEarlyData = 0,
702  serverHandshakeData,
703  clientHandshakeData
704 } dataState;
705 
710 typedef struct responderID
711 {
712  ubyte responderIDlen;
713  void* pResponderID;
714 } ResponderID;
715 
716 
717 #if (defined( __ENABLE_MOCANA_SSL_ECDH_SUPPORT__) || \
718  defined(__ENABLE_MOCANA_SSL_ECDHE_SUPPORT__)|| \
719  defined(__ENABLE_MOCANA_SSL_ECDH_ANON_SUPPORT__) )
720 ubyte2 SSL_getNamedCurveOfCurveId( ubyte4 curveId);
721 ubyte4 SSL_getCurveIdOfNamedCurve( ubyte2 namedCurve);
722 #endif
723 
724 /* definition needed by DTLS. however the common interfaces need this definition */
729 typedef struct peerDescr
730 {
731  void *pUdpDescr;
732  ubyte2 srcPort;
733  MOC_IP_ADDRESS_S srcAddr;
734  ubyte2 peerPort;
735  MOC_IP_ADDRESS_S peerAddr;
736 } peerDescr;
737 
741 typedef struct SrtpProfileInfo
742 {
743  ubyte2 profileId; /* profile identification */
744  ubyte supported; /* support by this implementation */
745  sbyte keySize; /* size of key */
746  sbyte saltSize; /* size of salt */
747 } SrtpProfileInfo;
748 
749 typedef MSTATUS (*funcPtrPasswordCallback)(
750  void *pCallbackInfo,
751  ubyte *pBuffer,
752  ubyte4 bufferLen,
753  ubyte4 *pOutLen
754  );
755 
767 typedef struct
768 {
769  funcPtrPasswordCallback pCallback;
770  void *pCallbackInfo;
771 } pemPasswordInfo;
772 
773 /*
774  * TAP_keyHandle is ubyte8
775  * TAP_tokenHandle is ubyte8
776  * These datatypes should be updated if TAP_keyHandle or TAP_tokenHandle change
777  */
778 typedef struct tapKeyHandle
779 {
780  ubyte8 keyHandle;
781  ubyte8 tokenHandle;
782  ubyte certSubjectHashValue[32];
783  struct tapKeyHandle *pNextHandle;
784 } tapKeyHandle;
785 
810 typedef struct sslSettings
811 {
812  ubyte isFIPSEnabled;
813 
820  ubyte4 sslListenPort;
824 #ifdef __ENABLE_MOCANA_TLS13__
825  ubyte helloCookieSecret[2][SSL_SHA512_FINGER_PRINT_SIZE];
826 #else
827  ubyte helloCookieSecret[2][SSL_SHA_FINGER_PRINT_SIZE];
828 #endif
829 
832  ubyte4 helloCookieSecretLen[2];
836  ubyte4 helloCookieSecretLastGenTime;
840  /* indicate the helloCookieSecret version currently in use.
841  * it alternates between 0 and 1 */
842  ubyte helloCookieVersion;
846  hwAccelDescr hwAccelCookie; /* hardware accelerator cookie */
853  ubyte4 sslTimeOutConnectTimedWait;
854 
855  SizedBuffer *pClientCANameList;
856  ubyte4 numClientCANames;
857  ubyte4 recvEarlyDataSize; /* The max Early data Size, a server can receive in its lifetime;
858  * This value should always be greater than or equal to maxEarlyDataSize
859  * for current and all the previous sessions (since clients may have
860  * valid session ticket with that maxEarlyDatSize)
861  */
862 
866  ubyte4 sslTimeOutReceive;
870  ubyte4 sslTimeOutHello;
871 
875  ubyte4 minRSAKeySize;
876 
880  ubyte4 minDHKeySize;
881 
885  intBoolean allowSha1SigAlg;
886 
890  intBoolean allowDSASigAlg;
891 
895  sbyte4 maxByteCount;
896 
900  sbyte4 maxTimerCountForRehandShake;
901 
927  sbyte4(*funcPtrClientRehandshakeRequest)(sbyte4 connectionInstance);
928 
954  sbyte4(*funcPtrKeyUpdateRequest)(sbyte4 connectionInstance);
955 
983  sbyte4(*funcPtrOpenStateUpcall)(sbyte4 connectionInstance, sbyte4 isRehandshake);
984 
1009  void(*funcPtrReceiveUpcall) (sbyte4 connectionInstance,
1010  ubyte *pMesg,
1011  ubyte4 mesgLen);
1012 
1036  void(*funcPtrStartTimer) (sbyte4 connectionInstance,
1037  ubyte4 msTimerExpire,
1038  sbyte4 future);
1039 
1058  sbyte4 (*funcPtrSSLHandleTimeout) (sbyte4 connectionInstance,
1059  ubyte4 *msAdjustedTime);
1060 
1092  sbyte4(*funcPtrClientOpenStateUpcall)(sbyte4 connectionInstance, sbyte4 isRehandshake);
1093 
1117  void(*funcPtrClientReceiveUpcall) (sbyte4 connectionInstance,
1118  ubyte *pMesg,
1119  ubyte4 mesgLen);
1120 
1143  void(*funcPtrClientStartTimer) (sbyte4 connectionInstance,
1144  ubyte4 msTimerExpire,
1145  sbyte4 future);
1146 
1195  sbyte4 (*funcPtrMutualAuthCertificateVerify) (sbyte4 connectionInstance, const ubyte* hash,
1196  ubyte4 hashLen, ubyte* result, ubyte4 resultLength);
1197 
1198 
1240  sbyte4 (*funcPtrGetHintPSK)(sbyte4 connectionInstance, ubyte hintPSK[SSL_PSK_SERVER_IDENTITY_LENGTH], ubyte4 *pRetHintLength);
1241 
1287  sbyte4 (*funcPtrServerSavePSK)(sbyte4 connectionInstance, ubyte *pServerName, ubyte4 serverNameLen, ubyte *pIdentityPSK, ubyte4 identityLengthPSK, ubyte *pPsk, ubyte4 pskLen);
1288 
1333  sbyte4 (*funcPtrServerDeletePSK)(sbyte4 connectionInstance, sbyte *pServerName, ubyte4 serverNameLen, ubyte *pIdentityPSK, ubyte4 identityLengthPSK, ubyte *pPskParams);
1334 
1335 
1380  sbyte4 (*funcPtrLookupPSK)(sbyte4 connectionInstance, ubyte *pIdentityPSK, ubyte4 identityLengthPSK, ubyte retPSK[SSL_PSK_MAX_LENGTH], ubyte4 *pRetLengthPSK);
1381 
1428  sbyte4 (*funcPtrLookupPSKParams)(sbyte4 connectionInstance, ubyte *pIdentityPSK,
1429  ubyte4 identityLengthPSK, ubyte **pPsk,
1430  ubyte4 *pPskLen, intBoolean *pFreeMemory);
1431 
1432  /* Stack received Application Data; This callback is used to pass the Data to the application.
1433  * The parameters are connectionInstance, Data received and length of data and an additional state */
1434  sbyte4 (*funcPtrSSLReceiveApplicationDataCallback)(sbyte4 connectoinInstance,
1435  ubyte *pData, ubyte4 dataLen,
1436  dataState state);
1437 
1438 
1488  sbyte4 (*funcPtrChoosePSK)(sbyte4 connectionInstance, ubyte *pHintPSK, ubyte4 hintLength, ubyte retPskIdentity[SSL_PSK_SERVER_IDENTITY_LENGTH], ubyte4 *pRetPskIdentity, ubyte retPSK[SSL_PSK_MAX_LENGTH], ubyte4 *pRetLengthPSK);
1489 
1534  sbyte4 (*funcPtrAlertCallback)(sbyte4 connectionInstance, sbyte4 alertId, sbyte4 alertClass);
1535 
1581  sbyte4 (*funcPtrNewHandshakeCallback)(sbyte4 connectionInstance, sbyte4 *pRetDoRehandshake, sbyte4 *pRetDoSessionResumption);
1582 
1590  sbyte4 (*funcPtrExtensionRequestCallback)(sbyte4 connectionInstance, ubyte4 extensionType, ubyte *pExtension, ubyte4 extensionLength);
1591 
1599  sbyte4 (*funcPtrPACOpaqueCallback)(sbyte4 connectionInstance, ubyte* pPACOpaque, ubyte4 pacOpaqueLen, ubyte pacKey[/*PACKEY_SIZE*/]);
1600 
1608  sbyte4 (*funcPtrInnerAppCallback)(sbyte4 connectionInstance, ubyte* data, ubyte4 dataLen);
1609 
1617  sbyte4 (*funcPtrExtensionApprovedCallback)(sbyte4 connectionInstance, ubyte4 extensionType, ubyte *pApproveExt, ubyte4 approveExtLength);
1618 
1619 
1664  sbyte4 (*funcPtrSrtpInitCallback)(sbyte4 connectionInstance, peerDescr *pChannelDescr, const SrtpProfileInfo* pProfile, void* keyMaterials, ubyte* mki);
1665 
1709  sbyte4 (*funcPtrSrtpEncodeCallback)(sbyte4 connectionInstance, peerDescr *pChannelDescr,
1710  const sbyte* pData, ubyte4 pDataLength,
1711  ubyte** encodedData, ubyte4* encodedLength);
1712 
1766  sbyte4 (*funcPtrChooseECCCurve)(sbyte4 connectionInstance, ubyte2 cipherSuiteID,
1767  const enum tlsExtNamedCurves* pECCCurvesList,
1768  ubyte4 eccCurvesListLength,
1769  enum tlsExtNamedCurves* selectedCurve);
1770 
1790  sbyte4 (*funcPtrCertStatusCallback)(sbyte4 connectionInstance, intBoolean certStatus);
1819  sbyte4 (*funcPtrSingleCertStatusCallback)(sbyte4 connectionInstance, const ubyte *pCert, ubyte4 certLen,
1820  ubyte* pOcspResp, ubyte4 ocspRespLen, sbyte4 ocspStatus);
1821 
1866  sbyte4 (*funcPtrSRPCallback)(sbyte4 connectionInstance, const ubyte* identity,
1867  ubyte4 identityLength, sbyte4* numBits,
1868  ubyte salt[SSL_PSK_SERVER_IDENTITY_LENGTH],
1869  ubyte4* saltLength,
1870  ubyte** verifier, ubyte4* verifierLength);
1871 
1872  ubyte *pDHP;
1873  ubyte4 pLen;
1874  ubyte *pDHG;
1875  ubyte4 gLen;
1876  ubyte4 lengthY;
1877 
1878  ubyte4 sslMinProtoVersion;
1879  ubyte4 sslMaxProtoVersion;
1880 
1881 } sslSettings;
1882 
1883 typedef sbyte4 (*SSLTransportSend)(sbyte4 sslId, sbyte *pBuffer, ubyte4 bufferLen, ubyte4 *pRetNumBytesSent);
1884 typedef sbyte4 (*SSLTransportRecv)(sbyte4 sslId, sbyte *pRetBuffer, ubyte4 bufferSize, ubyte4 *pNumBytesReceived, ubyte4 timeout);
1885 
1886 #if defined(__ENABLE_MOCANA_SSL_FIPS__)
1887 
1918 MOC_EXTERN sbyte4 SSL_setFIPSEnabled(ubyte isFIPSEnabled);
1919 
1948 MOC_EXTERN sbyte4 SSL_checkFIPS();
1949 #endif /* __ENABLE_MOCANA_SSL_FIPS__ */
1950 
1951 /*------------------------------------------------------------------*/
1952 
1995 MOC_EXTERN sbyte4 SSL_shutdownStack(void);
1996 
2036 MOC_EXTERN sbyte4 SSL_releaseTables(void);
2037 
2057 MOC_EXTERN sbyte4 SSL_setMinRSAKeySize(ubyte4 keySize);
2058 
2059 #if defined(__ENABLE_MOCANA_TLS12_UNSECURE_HASH__)
2060 
2080 MOC_EXTERN sbyte4 SSL_setSha1SigAlg(intBoolean setting);
2081 #endif
2082 
2083 #if ((!defined(__ENABLE_MOCANA_SSL_ASYNC_SERVER_API__) && !defined(__ENABLE_MOCANA_SSL_ASYNC_CLIENT_API__)) || \
2084  defined(__ENABLE_MOCANA_SSL_SERVER__) || defined(__ENABLE_MOCANA_SSL_CLIENT__))
2085 
2125 MOC_EXTERN sbyte4 SSL_getInstanceFromSocket(TCP_SOCKET socket);
2126 #endif
2127 
2171 MOC_EXTERN sbyte4 SSL_getCookie(sbyte4 connectionInstance, void** pCookie);
2172 
2173 /*
2174 @brief Get the TLS unique value for a connection instance.
2175 
2176 @details This function will return the TLS unique value to the caller. This
2177  function will allocate the buffer and the caller is responsible for
2178  freeing the buffer.
2179 
2180 @ingroup func_ssl_core
2181 
2182 @inc_file ssl.h
2183 
2184 @param connectionInstance Connection instance returned from SSL_connect().
2185 @param pTlsUniqueLen On return, the length in bytes of the TLS unique
2186  buffer.
2187 @param ppTlsUnique On return, a buffer which contains the TLS unique
2188  value. The caller must free this buffer.
2189  */
2190 MOC_EXTERN sbyte4 SSL_getTlsUnique(sbyte4 connectionInstance,
2191  ubyte4 *pTlsUniqueLen,
2192  ubyte **ppTlsUnique);
2193 
2236 MOC_EXTERN sbyte4 SSL_setCookie(sbyte4 connectionInstance, void* cookie);
2237 
2266 MOC_EXTERN sslSettings* SSL_sslSettings(void);
2267 
2268 #ifndef __DISABLE_SSL_GET_SOCKET_API__
2269 
2308 MOC_EXTERN sbyte4 SSL_getSocketId(sbyte4 connectionInstance, TCP_SOCKET *pRetSocket);
2309 #if (defined(__ENABLE_MOCANA_DTLS_SERVER__) || defined(__ENABLE_MOCANA_DTLS_CLIENT__))
2310 
2317 MOC_EXTERN sbyte4 SSL_getPeerDescr(sbyte4 connectionInstance, const peerDescr **ppRetPeerDescr);
2318 #endif /* (defined(__ENABLE_MOCANA_DTLS_SERVER__) || defined(__ENABLE_MOCANA_DTLS_CLIENT__)) */
2319 
2360 MOC_EXTERN sbyte4 SSL_isSessionSSL(sbyte4 connectionInstance);
2361 #endif /* __DISABLE_SSL_IS_SESSION_API__ */
2362 
2363 #if (defined(__ENABLE_MOCANA_DTLS_SERVER__) || defined(__ENABLE_MOCANA_DTLS_CLIENT__))
2364 
2405 MOC_EXTERN sbyte4 SSL_isSessionDTLS(sbyte4 connectionInstance);
2406 
2407 
2408 #if defined(__ENABLE_MOCANA_DTLS_EXT_API__)
2409 
2441 MOC_EXTERN sbyte4 SSL_DTLS_getTimeout(sbyte4 connectionInstance, void *pTime);
2442 
2472 MOC_EXTERN sbyte4 DTLS_isTimerExpired(sbyte4 connectionInstance);
2473 #endif /*__ENABLE_MOCANA_DTLS_EXT_API__ */
2474 
2475 #endif /* (defined(__ENABLE_MOCANA_DTLS_SERVER__) || defined(__ENABLE_MOCANA_DTLS_CLIENT__)) */
2476 
2477 #ifndef __DISABLE_SSL_SESSION_FLAGS_API__
2478 
2516 MOC_EXTERN sbyte4 SSL_getSessionFlags(sbyte4 connectionInstance, ubyte4 *pRetFlagsSSL);
2517 #endif /* __DISABLE_SSL_SESSION_FLAGS_API__ */
2518 
2553 MOC_EXTERN sbyte4 SSL_getSessionStatus(sbyte4 connectionInstance, ubyte4 *pRetStatusSSL);
2554 
2555 #ifndef __DISABLE_SSL_SESSION_FLAGS_API__
2556 
2608 MOC_EXTERN sbyte4 SSL_setSessionFlags(sbyte4 connectionInstance, ubyte4 flagsSSL);
2609 #endif /* __DISABLE_SSL_SESSION_FLAGS_API__ */
2610 
2611 #ifndef __DISABLE_SSL_IOCTL_API__
2612 
2651 MOC_EXTERN sbyte4
2652 SSL_Settings_Ioctl(ubyte4 setting, void *value);
2653 
2712 MOC_EXTERN sbyte4 SSL_ioctl(sbyte4 connectionInstance, ubyte4 setting, void *value);
2713 #endif /* __DISABLE_SSL_IOCTL_API__ */
2714 
2715 #ifdef __ENABLE_MOCANA_SSL_ALERTS__
2716 
2758 MOC_EXTERN sbyte4 SSL_lookupAlert(sbyte4 connectionInstance, sbyte4 lookupError, sbyte4 *pRetAlertId, sbyte4 *pAlertClass);
2759 
2798 MOC_EXTERN sbyte4 SSL_sendAlert(sbyte4 connectionInstance, sbyte4 alertId, sbyte4 alertClass);
2799 #endif /* __ENABLE_MOCANA_SSL_ALERTS__ */
2800 
2801 #ifdef __ENABLE_MOCANA_SSL_CIPHER_SUITES_SELECT__
2802 
2851 MOC_EXTERN sbyte4 SSL_enableCiphers(sbyte4 connectionInstance, const ubyte2 *pCipherSuiteList, ubyte4 listLength);
2852 
2899 MOC_EXTERN sbyte4 SSL_getCipherList(sbyte4 connectionInstance, ubyte2 **ppCipherIdList, ubyte4 *pCount);
2900 #if defined(__ENABLE_MOCANA_TLS13__)
2901 
2946 MOC_EXTERN MSTATUS
2947 SSL_setCipherAlgorithm(sbyte4 connectionInstance, ubyte2 *pList, ubyte4 listLength, ubyte4 listType);
2948 #endif
2949 
2993 MOC_EXTERN sbyte4 SSL_disableCipherHashAlgorithm(sbyte4 connectionInstance, TLS_HashAlgorithm hashId);
2994 
2995 #if defined(__ENABLE_MOCANA_SSL_DSA_SUPPORT__)
2996 
3041 MOC_EXTERN sbyte4 SSL_setDSACiphers(sbyte4 connectionInstance, ubyte enableDSACiphers);
3042 #endif
3043 
3044 #if (defined( __ENABLE_MOCANA_SSL_ECDH_SUPPORT__) || \
3045  defined(__ENABLE_MOCANA_SSL_ECDHE_SUPPORT__)|| \
3046  defined(__ENABLE_MOCANA_SSL_ECDH_ANON_SUPPORT__) )
3047 
3095 MOC_EXTERN sbyte4 SSL_enableECCCurves(sbyte4 connectionInstance,
3096  enum tlsExtNamedCurves* pECCCurvesList,
3097  ubyte4 listLength);
3098 #endif /* __ENABLE_MOCANA_SSL_CIPHER_SUITES_SELECT__ */
3099 #endif /* (defined( __ENABLE_MOCANA_SSL_ECDH_SUPPORT__) || defined(__ENABLE_MOCANA_SSL_ECDHE_SUPPORT__) || defined(__ENABLE_MOCANA_SSL_ECDH_ANON_SUPPORT__)) */
3100 
3138 MOC_EXTERN sbyte4 SSL_getCipherInfo( sbyte4 connectionInstance, ubyte2* pCipherId, ubyte4* pPeerEcCurves);
3139 
3177 MOC_EXTERN sbyte4 SSL_getSSLTLSVersion( sbyte4 connectionInstance, ubyte4* pVersion);
3178 
3218 MOC_EXTERN sbyte4 SSL_setApplicationLayerProtocol(sbyte4 connectionInstance,
3219  sbyte4 numNextProtocols,
3220  const char** nextProtocols);
3221 
3222 #if defined(__ENABLE_MOCANA_SSL_HEARTBEAT_RFC_6520__)
3223 MOC_EXTERN MSTATUS SSL_sendHeartbeatMessage(sbyte4 connectionInstance);
3224 
3225 MOC_EXTERN MSTATUS SSL_enableHeartbeatSupport(sbyte4 connectionInstance, E_HeartbeatExtension value,
3226  sbyte4 (*funcPtrHeatbeatMessageCallback)(sbyte4 connectionInstance,
3227  sbyte4 status, ubyte heartbeatType));
3228 #endif
3229 
3230 #if defined(__ENABLE_MOCANA_SSL_SERVER__)
3231 
3268 MOC_EXTERN MSTATUS SSL_setClientCAList(SizedBuffer *pClientCAList, ubyte4 numClientCANames);
3269 #endif
3270 
3271 #if defined(__ENABLE_MOCANA_OCSP_CLIENT__)
3272 MOC_EXTERN sbyte4 SSL_setCertifcateStatusRequestExtensions(sbyte4 connectionInstance,
3273  char** ppTrustedResponderCertPath,
3274  ubyte4 trustedResponderCertCount,
3275  extensions* pExts,
3276  ubyte4 extCount);
3277 MOC_EXTERN MSTATUS
3278 SSL_setOCSPCallback(sbyte4 (*funcPtrSingleCertStatusCallback)(sbyte4 connectionInstance,
3279  const ubyte *pCert, ubyte4 certLen,
3280  ubyte* pOcspResp, ubyte4 oscpRespLen,
3281  sbyte4 ocspStatus));
3282 #endif
3283 
3284 #if (defined(__ENABLE_MOCANA_DTLS_SERVER__) || defined(__ENABLE_MOCANA_DTLS_CLIENT__)) && defined(__ENABLE_MOCANA_DTLS_SRTP__) && defined(__ENABLE_MOCANA_SRTP_PROFILES_SELECT__)
3285 MOC_EXTERN sbyte4 SSL_setSrtpInitCallback(sbyte4(*cb)(sbyte4 connectionInstance, peerDescr *pChannelDescr,
3286  const SrtpProfileInfo* pProfile, void* keyMaterials, ubyte* mki));
3287 MOC_EXTERN sbyte4 SSL_setSrtpEncodeCallback(sbyte4(*cb)(sbyte4 connectionInstance, peerDescr *pChannelDescr,
3288  const sbyte* pData, ubyte4 pDataLength,
3289  ubyte** encodedData, ubyte4* encodedLength));
3290 MOC_EXTERN sbyte4 SSL_enableSrtpProfiles(sbyte4 connectionInstance, ubyte2 *pSrtpProfileList, ubyte4 listLength);
3291 #endif
3292 
3293 #if defined(__ENABLE_MOCANA_TLS13__)
3294 
3295 MOC_EXTERN MSTATUS SSL_sendKeyUpdateRequest(sbyte4 connectionInstance, ubyte updateRequest);
3296 
3297 #if (defined(__ENABLE_MOCANA_SSL_MUTUAL_AUTH_SUPPORT__) && defined(__ENABLE_MOCANA_SSL_CLIENT__)) || \
3298  defined(__ENABLE_MOCANA_SSL_SERVER__)
3299 MOC_EXTERN MSTATUS SSL_getSignatureAlgo(sbyte4 connectionInstance, ubyte2 *pSigAlg);
3300 #endif
3301 
3302 #if defined(__ENABLE_MOCANA_SSL_MUTUAL_AUTH_SUPPORT__) && defined(__ENABLE_MOCANA_SSL_SERVER__)
3303 MOC_EXTERN MSTATUS SSL_sendPosthandshakeAuthCertificateRequest(sbyte4 connectionInstance);
3304 #endif
3305 
3306 #if (defined(__ENABLE_MOCANA_TLS13_PSK__) && defined(__ENABLE_MOCANA_TLS13_0RTT__))
3307 
3346 MOC_EXTERN sbyte4 SSL_setRecvEarlyDataSize(sbyte4 connectionInstance,
3347  sbyte4 recvEarlyDataSize);
3348 
3389 MOC_EXTERN sbyte4 SSL_setMaxEarlyDataSize(sbyte4 connectionInstance,
3390  sbyte4 earlyDataSize);
3391 
3430 MOC_EXTERN sbyte4 SSL_setEarlyData(sbyte4 connectionInstance,
3431  ubyte* pEarlyData, ubyte4 earlyDataSize);
3432 
3433 #endif
3434 #endif /* __ENABLE_MOCANA_TLS13__ */
3435 
3482 MOC_EXTERN sbyte4 SSL_getSelectedApplicationProtocol( sbyte4 connectionInstance,
3483  const ubyte** selectedApplicationProtocol,
3484  ubyte4* selectedApplicationProtocolLen);
3485 
3486 #ifdef __ENABLE_MOCANA_SSL_REHANDSHAKE__
3487 
3527 MOC_EXTERN sbyte4 SSL_initiateRehandshake(sbyte4 connectionInstance);
3528 
3551 MOC_EXTERN sbyte4 SSL_isRehandshakeAllowed(sbyte4 connectionInstance, intBoolean *pRehandshake);
3552 
3588 MOC_EXTERN sbyte4 SSL_checkRehandshakeTimer(sbyte4 connectionInstance);
3589 #endif /* __ENABLE_MOCANA_SSL_REHANDSHAKE__ */
3590 
3598 MOC_EXTERN sbyte4 SSL_getSessionInfo(sbyte4 connectionInstance, ubyte* sessionIdLen, ubyte sessionId[SSL_MAXSESSIONIDSIZE], ubyte masterSecret[SSL_MASTERSECRETSIZE]);
3599 
3600 #ifdef __ENABLE_MOCANA_SSL_KEY_EXPANSION__
3601 
3608 MOC_EXTERN sbyte4 SSL_generateExpansionKey(sbyte4 connectionInstance, ubyte *pKey,ubyte2 keyLen, ubyte *keyPhrase, ubyte2 keyPhraseLen);
3616 MOC_EXTERN sbyte4 SSL_generateTLSExpansionKey(sbyte4 connectionInstance, ubyte *pKey,ubyte2 keyLen, ubyte *keyPhrase, ubyte2 keyPhraseLen);
3617 #endif
3618 
3619 #ifdef __ENABLE_MOCANA_SSL_INTERNAL_STRUCT_ACCESS__
3620 
3627 MOC_EXTERN void* SSL_returnPtrToSSLSocket(sbyte4 connectionInstance);
3628 #endif
3629 
3630 /* common client */
3631 #if defined(__ENABLE_MOCANA_SSL_CLIENT__)
3632 
3666 MOC_EXTERN sbyte4 SSL_getClientSessionInfo(sbyte4 connectionInstance,
3667  ubyte* sessionIdLen,
3668  ubyte sessionId[SSL_MAXSESSIONIDSIZE],
3669  ubyte masterSecret[SSL_MASTERSECRETSIZE]);
3670 
3671 
3672 #if defined(__ENABLE_MOCANA_MULTIPLE_COMMON_NAMES__)
3673 
3714 MOC_EXTERN sbyte4 SSL_setDNSNames( sbyte4 connectionInstance,
3715  const CNMatchInfo* cnMatchInfo);
3716 #endif /* __ENABLE_MOCANA_MULTIPLE_COMMON_NAMES__ */
3717 
3718 MOC_EXTERN sbyte4 SSL_setServerNameIndication(sbyte4 connectionInstance,
3719  const char *serverName);
3720 
3721 #if defined(__ENABLE_MOCANA_SSL_SRP__)
3722 MOC_EXTERN sbyte4 SSL_setClientSRPIdentity(sbyte4 connectionInstance,
3723  ubyte* userName,
3724  ubyte userNameLen,
3725  ubyte* password,
3726  ubyte4 passwordLen);
3727 #endif
3728 
3729 #endif /* __ENABLE_MOCANA_SSL_CLIENT__ */
3730 
3731 #if defined(__ENABLE_MOCANA_EAP_FAST__) && defined(__ENABLE_MOCANA_SSL_CLIENT__)
3732 
3739 MOC_EXTERN sbyte4 SSL_setEAPFASTParams(sbyte4 connectionInstance, ubyte* pPacOpaque, ubyte4 pacOpaqueLen, ubyte pPacKey[/*PACKEY_SIZE*/]);
3740 #endif
3741 #if defined(__ENABLE_MOCANA_EAP_FAST__)
3742 MOC_EXTERN sbyte4 SSL_getEAPFAST_CHAPChallenge(sbyte4 connectionInstance, ubyte *challenge , ubyte4 challengeLen);
3750 MOC_EXTERN sbyte4 SSL_getEAPFAST_IntermediateCompoundKey(sbyte4 connectionInstance, ubyte *s_imk, ubyte *msk, ubyte mskLen, ubyte *imk);
3758 MOC_EXTERN sbyte4 SSL_generateEAPFASTSessionKeys(sbyte4 connectionInstance, ubyte* S_IMCK, sbyte4 s_imckLen, ubyte* MSK, sbyte4 mskLen, ubyte* EMSK, sbyte4 emskLen);
3759 #endif
3760 
3761 #if (defined(__ENABLE_MOCANA_INNER_APP__))
3762 
3769 MOC_EXTERN sbyte4 SSL_setInnerApplicationExt(sbyte4 connectionInstance, ubyte4 innerAppValue);
3777 MOC_EXTERN sbyte4 SSL_sendInnerApp(sbyte4 connectionInstance, InnerAppType innerApp, ubyte* pMsg, ubyte4 msgLen,ubyte4 *retMsgLen);
3785 MOC_EXTERN sbyte4 SSL_updateInnerAppSecret(sbyte4 connectionInstance, ubyte* session_key, ubyte4 sessionKeyLen);
3793 MOC_EXTERN sbyte4 SSL_verifyInnerAppVerifyData(sbyte4 connectionInstance,ubyte *data,InnerAppType appType);
3794 #endif
3795 
3796 #if defined(__ENABLE_MOCANA_OCSP_CLIENT__)
3797 MOC_EXTERN sbyte4 SSL_setOcspResponderUrl(sbyte4 connectionInstance, const char* pUrl);
3798 #endif
3799 
3800 /* common server */
3801 #if defined(__ENABLE_MOCANA_SSL_SERVER__)
3802 
3803 #if defined(__ENABLE_MOCANA_SSL_SRP__)
3804 MOC_EXTERN sbyte4 SSL_getClientSRPIdentity(sbyte4 connectionInstance,
3805  const ubyte** identity,
3806  ubyte4* identityLength);
3807 
3808 MOC_EXTERN MSTATUS SSL_setFuncPtrSRPCallback(sbyte4(*funcPtrSRPCallback)
3809  (sbyte4 connectionInstance, const ubyte* identity,
3810  ubyte4 identityLength, sbyte4* numBits,
3811  ubyte salt[SSL_PSK_SERVER_IDENTITY_LENGTH],
3812  ubyte4* saltLength,
3813  ubyte** verifier, ubyte4* verifierLength));
3814 #endif /* __ENABLE_MOCANA_SSL_SRP__ */
3815 
3816 #endif
3817 
3818 /* common synchronous client/server */
3819 #if defined(__ENABLE_MOCANA_SSL_DUAL_MODE_API__) || ((defined(__ENABLE_MOCANA_SSL_SERVER__)) && (!defined(__ENABLE_MOCANA_SSL_ASYNC_SERVER_API__))) || ((defined(__ENABLE_MOCANA_SSL_CLIENT__)) && (!defined(__ENABLE_MOCANA_SSL_ASYNC_CLIENT_API__)))
3820 
3856 MOC_EXTERN sbyte4 SSL_init(sbyte4 numServerConnections, sbyte4 numClientConnections);
3857 
3858 #if defined(__ENABLE_MOCANA_SSL_CUSTOM_RNG__)
3859 MOC_EXTERN sbyte4 SSL_initEx(sbyte4 numServerConnections, sbyte4 numClientConnections, RNGFun rngFun, void* rngArg);
3860 #endif
3861 
3914 MOC_EXTERN sbyte4 SSL_negotiateConnection(sbyte4 connectionInstance);
3915 
3959 MOC_EXTERN sbyte4 SSL_send(sbyte4 connectionInstance, sbyte *pBuffer, sbyte4 bufferSize);
3960 
4028 MOC_EXTERN sbyte4 SSL_recv(sbyte4 connectionInstance, sbyte *pRetBuffer, sbyte4 bufferSize, sbyte4 *pNumBytesReceived, ubyte4 timeout);
4029 
4071 MOC_EXTERN sbyte4 SSL_sendPending(sbyte4 connectionInstance, sbyte4 *pNumBytesPending);
4072 
4109 MOC_EXTERN sbyte4 SSL_recvPending(sbyte4 connectionInstance, sbyte4 *pRetBooleanIsPending);
4110 
4144 MOC_EXTERN sbyte4 SSL_closeConnection(sbyte4 connectionInstance);
4145 #endif
4146 
4147 /* common asynchronous client/server */
4148 #if defined(__ENABLE_MOCANA_SSL_ASYNC_SERVER_API__) || defined(__ENABLE_MOCANA_SSL_ASYNC_CLIENT_API__)
4149 
4187 MOC_EXTERN sbyte4 SSL_ASYNC_init(sbyte4 numServerConnections, sbyte4 numClientConnections);
4188 
4189 #if defined(__ENABLE_MOCANA_SSL_CUSTOM_RNG__)
4190 MOC_EXTERN sbyte4 SSL_ASYNC_initEx(sbyte4 numServerConnections, sbyte4 numClientConnections, RNGFun rngFun, void* rngArg);
4191 #endif
4192 
4259 MOC_EXTERN sbyte4 SSL_ASYNC_recvMessage(sbyte4 connectionInstance, ubyte *pBytesReceived, ubyte4 numBytesReceived);
4260 
4306 MOC_EXTERN sbyte4 SSL_ASYNC_recvMessage2(sbyte4 connectionInstance, ubyte *pBytesReceived, ubyte4 numBytesReceived, ubyte **ppRetBytesReceived, ubyte4 *pRetNumRxBytesRemaining);
4307 
4356 MOC_EXTERN sbyte4 SSL_ASYNC_sendMessage(sbyte4 connectionInstance, sbyte *pBuffer, sbyte4 bufferSize, sbyte4 *pBytesSent);
4357 
4393 MOC_EXTERN sbyte4 SSL_ASYNC_sendMessagePending(sbyte4 connectionInstance);
4394 
4429 MOC_EXTERN sbyte4 SSL_ASYNC_closeConnection(sbyte4 connectionInstance);
4430 
4463 MOC_EXTERN sbyte4 SSL_ASYNC_getSendBuffer(sbyte4 connectionInstance, ubyte *data, ubyte4 *len);
4464 
4501 MOC_EXTERN sbyte4 SSL_ASYNC_getRecvBuffer(sbyte4 connectionInstance, ubyte **data, ubyte4 *len, ubyte4 *pRetProtocol);
4502 
4535 MOC_EXTERN sbyte4 SSL_ASYNC_getRecvPending(sbyte4 connectionInstance, sbyte4 *len);
4536 
4576 MOC_EXTERN sbyte4 SSL_ASYNC_getSendBufferZeroCopy(sbyte4 connectionInstance, ubyte **data, ubyte4 *len);
4577 
4616 MOC_EXTERN sbyte4 SSL_ASYNC_freeSendBufferZeroCopy(sbyte4 connectionInstance, ubyte4 numUnusedBytes);
4617 
4618 #if (defined(__ENABLE_MOCANA_MBEDTLS_SHIM__))
4619 
4654 MOC_EXTERN sbyte4 SSL_bindMbedtlsShimMethods(mssl_methods_t *pMeth);
4655 #endif
4656 
4657 #if (defined(__ENABLE_MOCANA_OPENSSL_SHIM__))
4658 
4692 MOC_EXTERN sbyte4 SSL_bindShimMethods(nssl_methods_t *pMeth);
4693 
4729 MOC_EXTERN sbyte4 SSL_OSSL_RSAParamsToKeyBlob(OSSL_RSAParams *pR, void **ppKeyBlob, unsigned int *pBlobLen);
4730 MOC_EXTERN sbyte4 SSL_getSessionStatusEx(sbyte4 connectionInstance, ubyte4 *pRetStatusSSL);
4731 MOC_EXTERN MSTATUS SSL_decryptPKCS8PemKey(ubyte *pContent, ubyte4 contentLength, AsymmetricKey** pKey,
4732  void *pPwInfo, intBoolean base64);
4733 MOC_EXTERN sbyte4 SSL_InitAsymmetricKey(AsymmetricKey* pAsymKey);
4734 MOC_EXTERN sbyte4 SSL_UninitAsymmetricKey(AsymmetricKey* pAsymKey);
4735 MOC_EXTERN sbyte4 SSL_initializeVersion();
4736 #if defined(__ENABLE_MOCANA_DTLS_CLIENT__)
4737 MOC_EXTERN sbyte4 SSL_DTLS_start(sbyte4 connectionInstance);
4738 #endif
4739 
4740 #if (defined(__ENABLE_MOCANA_DSA__))
4741 
4777 MOC_EXTERN sbyte4 SSL_OSSL_DSAParamsToKeyBlob(OSSL_DSAParams *pD, void **ppKeyBlob, unsigned int *pBlobLen);
4778 #endif /* __ENABLE_MOCANA_DSA__ */
4779 #if (defined(__ENABLE_MOCANA_ECC__))
4780 
4816 MOC_EXTERN sbyte4 SSL_OSSL_ECCParamsToKeyBlob(OSSL_ECCParams *pEParams, void *ppKeyBlob, unsigned int *pBlobLen);
4817 #endif /* __ENABLE_MOCANA_ECC__ */
4818 
4854 MOC_EXTERN sbyte4 SSL_OSSL_AddTrustPoint(void *pCertStore, u_int8_t *pDerBuf, int derLen);
4855 
4899 MOC_EXTERN sbyte4 SSL_OSSL_AddIdenCertChain(void *pCertStore, OSSL_SizedBuffer *certs, unsigned numCerts,
4900  const u_int8_t *pKeyBlob, unsigned keyBlobLength, ubyte *pAlias, ubyte4 aliasLen);
4901 
4902 MOC_EXTERN sbyte4 SSL_OSSL_AddIdenCertChainExtData(void *pCertStore, OSSL_SizedBuffer *certs, unsigned numCerts,
4903  const u_int8_t *pKeyBlob, unsigned keyBlobLength, ubyte *pAlias, ubyte4 aliasLen,
4904  ExtendedDataCallback extDataFunc, sbyte4 extDataIdentifier);
4905 
4937 MOC_EXTERN sbyte4 SSL_ASYNC_acceptConnectionAlt(TCP_SOCKET tempSocket, void* pCertStore);
4938 
4977 MOC_EXTERN sbyte4
4978 SSL_ASYNC_connectAlt(TCP_SOCKET tempSocket, ubyte sessionIdLen, ubyte * sessionId, ubyte * masterSecret,
4979  const sbyte* dnsName, void *certStore);
4980 
5015 MOC_EXTERN sbyte4 CERT_STORE_createStoreAlt(void **ppNewStore);
5016 
5050 MOC_EXTERN MSTATUS CERT_STORE_releaseStoreAlt(void **ppReleaseStore);
5051 #endif /* __ENABLE_MOCANA_OPENSSL_SHIM__ || __ENABLE_MOCANA_MBEDTLS_SHIM__*/
5052 #endif /* defined(__ENABLE_MOCANA_SSL_ASYNC_SERVER_API__) || defined(__ENABLE_MOCANA_SSL_ASYNC_CLIENT_API__) */
5053 
5084 MOC_EXTERN sbyte4 SSL_isSecureConnectionEstablished(sbyte4 connectionInstance);
5085 
5102 MOC_EXTERN sbyte4 SSL_getLocalState(sbyte4 connectionInstance, sbyte4 *pState);
5103 
5141 MOC_EXTERN sbyte4 SSL_getState(sbyte4 connectionInstance, sbyte4 *pState);
5142 
5175 MOC_EXTERN sbyte4 SSL_in_connect_init_moc(sbyte4 connectionInstance);
5176 
5209 MOC_EXTERN sbyte4 SSL_in_accept_init_moc(sbyte4 connectionInstance);
5210 
5241 MOC_EXTERN MSTATUS SSL_SOCK_getPeerCertificateBytes(sbyte4 connectionInstance, ubyte **ppCertBytes, ubyte4 *pCertLen);
5242 
5243 /* sync server */
5244 #if defined(__ENABLE_MOCANA_SSL_DUAL_MODE_API__) || ((defined(__ENABLE_MOCANA_SSL_SERVER__)) && (!defined(__ENABLE_MOCANA_SSL_ASYNC_SERVER_API__)))
5245 
5283 MOC_EXTERN sbyte4 SSL_acceptConnection(TCP_SOCKET tempSocket,
5284  struct certStore* pCertStore);
5285 #endif
5286 
5287 /* sync client */
5288 #if (!defined(__ENABLE_MOCANA_OPENSSL_SHIM__) || defined(ENABLE_MOCANA_TAP_OSSL_REMOTE__)) && (defined(__ENABLE_MOCANA_SSL_DUAL_MODE_API__) || ((defined(__ENABLE_MOCANA_SSL_CLIENT__)) && (!defined(__ENABLE_MOCANA_SSL_ASYNC_CLIENT_API__))))
5289 
5327 MOC_EXTERN sbyte4 SSL_connect(TCP_SOCKET tempSocket,
5328  ubyte sessionIdLen, ubyte * sessionId,
5329  ubyte * masterSecret, const sbyte* dnsName,
5330  struct certStore* certStore);
5331 
5372 MOC_EXTERN sbyte4
5373 SSL_PROXY_connect(TCP_SOCKET sslSocket, sbyte4 sslId, SSLTransportSend transportSend, SSLTransportRecv transportRecv,
5374  TCP_SOCKET tempSocket, ubyte sessionIdLen, ubyte* sessionId, ubyte* masterSecret,
5375  const sbyte* dnsName, struct certStore* certStore);
5376 
5377 #endif
5378 
5379 /* async server */
5380 #ifdef __ENABLE_MOCANA_SSL_ASYNC_SERVER_API__
5381 
5418 MOC_EXTERN sbyte4 SSL_ASYNC_acceptConnection(TCP_SOCKET tempSocket,
5419  struct certStore* pCertStore);
5420 #endif
5421 
5422 /* async client */
5423 #ifdef __ENABLE_MOCANA_SSL_ASYNC_CLIENT_API__
5424 
5460 MOC_EXTERN sbyte4 SSL_ASYNC_connect(TCP_SOCKET tempSocket, ubyte sessionIdLen,
5461  ubyte * sessionId, ubyte * masterSecret,
5462  const sbyte* dnsName,
5463  struct certStore* pCertStore);
5494 MOC_EXTERN sbyte4 SSL_ASYNC_start(sbyte4 connectionInstance);
5495 #endif
5496 
5497 #ifndef __DISABLE_MOCANA_ALPN_CALLBACK__
5498 
5527 MOC_EXTERN MSTATUS SSL_setAlpnCallback(sbyte4 connectionInstance,
5528  sbyte4 (*funcPtrAlpnCallback) (sbyte4 connectionInstance,
5529  ubyte** out[],
5530  sbyte4* outlen,
5531  ubyte* in,
5532  sbyte4 inlen));
5533 
5534 
5535 
5536 #endif /* __DISABLE_MOCANA_ALPN_CALLBACK__ */
5537 
5538 #if defined( __ENABLE_MOCANA_SSL_ALERTS__ )
5539 
5563 MOC_EXTERN MSTATUS SSL_setAlertCallback(sbyte4 connectionInstance,
5564  sbyte4 (*funcPtrAlertCallback) (sbyte4 connectionInstance,
5565  sbyte4 alertId,
5566  sbyte4 alertClass));
5567 #endif
5568 
5569 #ifndef __DISABLE_MOCANA_SSL_CERTIFICATE_CALLBACK__
5570 
5618 MOC_EXTERN MSTATUS
5619 SSL_setCertAndStatusCallback(sbyte4 connectionInstance,
5620  MSTATUS (*funcPtrGetCertAndStatusCallback) (sbyte4 connectionInstance,
5621  struct certChain* pCertChain,
5622  MSTATUS validationstatus));
5623 
5662 MOC_EXTERN MSTATUS
5663 SSL_setClientCertAuthorityCallback(sbyte4 connectionInstance,
5664  MSTATUS (*funcPtrClientCertAuthorityCallback) (sbyte4 connectionInstance,
5665  SizedBuffer *pCertAuthorities,
5666  ubyte4 certAuthorityCount));
5667 
5668 #endif /* __DISABLE_MOCANA_SSL_CERTIFICATE_CALLBACK__ */
5669 
5710 MOC_EXTERN MSTATUS
5711 SSL_setClientCertCallback(sbyte4 connInstance,
5712  MSTATUS (*funcPtrClientCertCallback)(sbyte4 connInstance,
5713  SizedBuffer **ppRetCert, ubyte4 *pRetNumCerts,
5714  ubyte **ppRetKeyBlob, ubyte4 *pRetKeyBlobLen,
5715  ubyte **ppRetCACert, ubyte4 *pRetNumCACerts));
5733 MOC_EXTERN MSTATUS
5734 SSL_setCertVerifySignCallback(sbyte4 (*funcPtrMutualAuthCertificateVerify)
5735  (sbyte4 connectionInstance,
5736  const ubyte* pHash, ubyte4 hashLen,
5737  ubyte* pResult, ubyte4 resultLength));
5738 
5739 
5780 MOC_EXTERN MSTATUS SSL_populateMutualAuthCertStore(sbyte4 connectionInstance,
5781  const SizedBuffer *pCerts, ubyte4 numCerts,
5782  ubyte *pKey, ubyte4 keyLen,
5783  const ubyte *pCACert, ubyte4 caCertLength);
5784 
5785 #ifdef __ENABLE_MOCANA_SSL_INVALID_CERTIFICATE_CALLBACK__
5786 
5827 MOC_EXTERN MSTATUS
5828 SSL_setInvalidCertCallback(sbyte4 connectionInstance,
5829  MSTATUS (*funcPtrInvalidCertCallback) (sbyte4 connectionInstance,
5830  MSTATUS validationstatus));
5831 
5832 
5833 #endif /* __ENABLE_MOCANA_SSL_INVALID_CERTIFICATE_CALLBACK__ */
5834 
5867 MOC_EXTERN MSTATUS
5868 SSL_setVersionCallback(
5869  sbyte4 connectionInstance,
5870  MSTATUS (*funcPtrVersionCallback)(ubyte4 serverVersion,
5871  ubyte4 clientVersion,
5872  MSTATUS sslStatus));
5873 
5911 MOC_EXTERN sbyte4 SSL_setDHParameters(ubyte *pP, ubyte4 pLen, ubyte *pG, ubyte4 gLen, ubyte4 lengthY);
5912 
5913 MOC_EXTERN sbyte4 SSL_setMinProtoVersion(ubyte4 version);
5914 MOC_EXTERN ubyte4 SSL_getMinProtoVersion();
5915 MOC_EXTERN sbyte4 SSL_setMaxProtoVersion(ubyte4 version);
5916 MOC_EXTERN ubyte4 SSL_getMaxProtoVersion();
5917 MOC_EXTERN sbyte4 SSL_getProtoVersion(sbyte4 connectionInstance);
5918 
5919 
5920 #ifdef __ENABLE_MOCANA_SSL_KEY_EXPANSION__
5921 
5955 MOC_EXTERN sbyte4 SSL_generateExportKeyMaterial(sbyte4 connectionInstance, ubyte *pKey, ubyte2 keyLen,
5956  ubyte *pKeyphrase, ubyte2 keyPhrase,
5957  ubyte *pContext, ubyte2 contextLen, int useContext);
5958 
6000 MOC_EXTERN sbyte4 SSL_generateEarlyExportKeyMaterial(sbyte4 connectionInstance,
6001  ubyte *pKey, ubyte2 keyLen,
6002  ubyte *pLabel, ubyte2 labelLen,
6003  ubyte *pContext, ubyte4 contextLen);
6004 #endif /* __ENABLE_MOCANA_SSL_KEY_EXPANSION__ */
6005 
6006 #if (defined(__ENABLE_MOCANA_TLS13__) && defined(__ENABLE_MOCANA_TLS13_0RTT__))
6007 
6039 MOC_EXTERN sbyte4
6040 SSL_setReceiveApplicationDataCallback(sbyte4 (*funcPtrTLS13ApplicationDataCallback)(sbyte4 connectionInstance,
6041  ubyte *pData, ubyte4 dataLen,
6042  dataState state));
6043 
6044 #endif /* (defined(__ENABLE_MOCANA_TLS13__) && defined(__ENABLE_MOCANA_TLS13_0RTT__)) */
6045 
6046 #if (defined(__ENABLE_MOCANA_SSL_CLIENT__) && defined(__ENABLE_MOCANA_SSL_MUTUAL_AUTH_SUPPORT__))
6047 
6078 MOC_EXTERN MSTATUS
6079 SSL_setMutualAuthCertificateAlias(sbyte4 connectionInstance, ubyte *pAlias, ubyte4 aliasLen);
6080 #endif
6081 
6082 #endif /* (defined(__ENABLE_MOCANA_SSL_SERVER__) || defined(__ENABLE_MOCANA_SSL_CLIENT__)) */
6083 
6084 #ifdef __cplusplus
6085 }
6086 #endif
6087 
6088 MOC_EXTERN MSTATUS SSL_setMaxTimerCountForRehandshake(ubyte4 timerCount);
6089 MOC_EXTERN MSTATUS SSL_setmaxByteCount(ubyte4 byteCount);
6090 
6091 #ifdef __ENABLE_MOCANA_SSL_REHANDSHAKE__
6092 MOC_EXTERN MSTATUS SSL_setFuncPtrClientRehandshakeRequest(sbyte4(*funcPtrClientRehandshakeRequest)
6093  (sbyte4 connectionInstance));
6094 #endif
6095 
6096 #ifdef __ENABLE_MOCANA_SSL_ALERTS__
6097 MOC_EXTERN MSTATUS SSL_setFuncPtrAlertCallback(sbyte4 (*funcPtrAlertCallback)
6098  (sbyte4 connectionInstance,
6099  sbyte4 alertId, sbyte4 alertClass));
6100 #endif
6101 
6102 #if defined(__ENABLE_MOCANA_SSL_CLIENT__) && defined(__ENABLE_MOCANA_SSL_SESSION_TICKET_RFC_5077__)
6103 MOC_EXTERN MSTATUS
6104 SSL_setClientSaveTicketCallback(sbyte4 connectionInstance,
6105  sbyte4 (*cb)(sbyte4 connectionInstance,
6106  sbyte *serverInfo, ubyte4 serverInfoLen,
6107  void *userData, ubyte *pTicket, ubyte4 ticketLen));
6108 
6109 MOC_EXTERN MSTATUS
6110 SSL_setClientRetrieveTicketCallback(sbyte4 connectionInstance,
6111  sbyte4 (*cb)(sbyte4 connectionInstance,
6112  sbyte *serverInfo, ubyte4 serverInfoLen,
6113  void *userData, ubyte **ppTicket, ubyte4 *pTicketLen,
6114  intBoolean *pFreememory));
6115 #endif
6116 
6117 #if (defined(__ENABLE_MOCANA_SSL_PSK_SUPPORT__) || defined(__ENABLE_MOCANA_TLS13_PSK__))
6118 MOC_EXTERN MSTATUS SSL_setFuncPtrLookupPSK(sbyte4 (*funcPtrLookupPSK)
6119  (sbyte4, ubyte*, ubyte4,
6120  ubyte[SSL_PSK_MAX_LENGTH],
6121  ubyte4*));
6122 
6123 MOC_EXTERN MSTATUS SSL_setFuncPtrGetHintPSK(sbyte4 (*funcPtrGetHintPSK)
6124  (sbyte4, ubyte hintPSK[SSL_PSK_SERVER_IDENTITY_LENGTH],
6125  ubyte4 *));
6126 
6127 #if defined(__ENABLE_MOCANA_TLS13_PSK__)
6128 
6178 MOC_EXTERN MSTATUS SSL_deserializePSK(ubyte *pPsk, ubyte4 pskLen, tls13PSK **ppRetPsk);
6179 
6231 MOC_EXTERN MSTATUS SSL_serializePSK(tls13PSK *pPsk, ubyte **ppPsk, ubyte4 *pPskLen);
6232 
6261 MOC_EXTERN MSTATUS SSL_freePSK(tls13PSK **ppPsk);
6262 
6263 #endif /* __ENABLE_MOCANA_TLS13_PSK__ */
6264 
6265 #if defined(__ENABLE_MOCANA_SSL_CLIENT__)
6266 MOC_EXTERN MSTATUS SSL_setFuncPtrChoosePSK(sbyte4 (*funcPtrChoosePSK)
6267  (sbyte4, ubyte *, ubyte4,
6268  ubyte retPskIdentity[SSL_PSK_SERVER_IDENTITY_LENGTH],
6269  ubyte4 *, ubyte retPSK[SSL_PSK_MAX_LENGTH], ubyte4 *));
6270 
6271 #if defined(__ENABLE_MOCANA_TLS13_PSK__)
6272 MOC_EXTERN MSTATUS
6273 SSL_setClientSavePSKCallback(sbyte4 connectionInstance,
6274  sbyte4 (*cb)(sbyte4 connectionInstance,
6275  sbyte* ServerInfo, ubyte4 serverInfoLen,
6276  void *userData, ubyte *pPsk, ubyte4 pskLen));
6277 
6278 MOC_EXTERN MSTATUS
6279 SSL_CLIENT_setRetrievePSKCallback(sbyte4 connectionInstance,
6280  sbyte4 (*cb)(sbyte4 connectionInstance,
6281  sbyte* ServerInfo, ubyte4 serverInfoLen,
6282  void *userData, void **ppPSKs,
6283  ubyte2 *pNumPSKs,ubyte* selectedIndex,
6284  intBoolean *pFreeMemory));
6285 #endif /* __ENABLE_MOCANA_TLS13_PSK__ */
6286 #endif /*__ENABLE_MOCANA_SSL_CLIENT__ */
6287 #endif /* __ENABLE_MOCANA_SSL_PSK_SUPPORT__ || __ENABLE_MOCANA_TLS13_PSK__ */
6288 
6289 #if defined(__ENABLE_MOCANA_TLS13__)
6290 
6291 MOC_EXTERN MSTATUS SSL_setFuncPtrKeyUpdateRequest(sbyte4 (*funcPtrKeyUpdate)
6292  (sbyte4 connectionInstance));
6293 #if defined(__ENABLE_MOCANA_TLS13_PSK__)
6294 #if defined(__ENABLE_MOCANA_SSL_SERVER__)
6295 MOC_EXTERN MSTATUS
6296 SSL_setServerSavePSKCallback(sbyte4 (*cb)(sbyte4 connectionInstance,
6297  ubyte* ServerInfo, ubyte4 serverInfoLen,
6298  ubyte* pIdentityPSK, ubyte4 identityLengthPSK,
6299  ubyte* pPsk, ubyte4 pskLen));
6300 
6301 MOC_EXTERN MSTATUS
6302 SSL_setServerLookupPSKCallback(sbyte4 (*cb)(sbyte4 connectionInstance,
6303  ubyte* pIdentityPSK, ubyte4 identityLengthPSK,
6304  ubyte** ppPsk, ubyte4 *pPskLen, intBoolean *pFreeMemory));
6305 
6306 MOC_EXTERN MSTATUS
6307 SSL_setServerDeletePSKCallback(sbyte4 (*cb)(sbyte4 connectionInstance,
6308  sbyte* ServerInfo, ubyte4 serverInfoLen,
6309  ubyte* pIdentityPSK, ubyte4 identityLengthPSK,
6310  ubyte* pPsk));
6311 #endif /* __ENABLE_MOCANA_SSL_SERVER__ */
6312 
6313 #endif /* __ENABLE_MOCANA_TLS13_PSK__ */
6314 #endif /* __ENABLE_MOCANA_TLS13__ */
6315 
6316 #if (defined(__ENABLE_MOCANA_SSL_CLIENT__) && defined(__ENABLE_MOCANA_SSL_SESSION_TICKET_RFC_5077__))
6317 MOC_EXTERN MSTATUS
6318 SSL_setClientSaveTicketCallback(sbyte4 connectionInstance,
6319  sbyte4 (*cb)(sbyte4 connectionInstance,
6320  sbyte *serverInfo, ubyte4 serverInfoLen,
6321  void *userData, ubyte *pTicket, ubyte4 ticketLen));
6322 
6323 MOC_EXTERN MSTATUS
6324 SSL_setClientRetrieveTicketCallback(sbyte4 connectionInstance,
6325  sbyte4 (*cb)(sbyte4 connectionInstance,
6326  sbyte *serverInfo, ubyte4 serverInfoLen,
6327  void *userData, ubyte **ppTicket, ubyte4 *pTicketLen,
6328  intBoolean *pFreememory));
6329 #endif
6330 
6331 MOC_EXTERN MSTATUS SSL_getSharedSignatureAlgorithm(sbyte4 connectionInstance, ubyte4 algoListIndex,
6332  ubyte2 *pSigAlgo, ubyte isPeer);
6333 MOC_EXTERN MSTATUS SSL_INTERNAL_setConnectionState(sbyte4 connectionInstance, sbyte4 connectionState);
6334 
6335 #if defined(__ENABLE_MOCANA_TAP__) && defined(__ENABLE_MOCANA_TAP_DEFER_UNLOADKEY__)
6336 
6353 MOC_EXTERN MSTATUS SSL_TAP_clearKeyAndToken();
6354 #endif
6355 #endif /* __SSL_HEADER__ */
tlsExtNamedCurves
tlsExtNamedCurves
Definition: ssl.h:506
sslSettings::sslTimeOutHello
ubyte4 sslTimeOutHello
Number of seconds to wait for a Hello message.
Definition: ssl.h:870
SSL_recvPending
MOC_EXTERN sbyte4 SSL_recvPending(sbyte4 connectionInstance, sbyte4 *pRetBooleanIsPending)
Test if a connection instance&#39;s SSL receive buffer contains data.
SSL_ASYNC_closeConnection
MOC_EXTERN sbyte4 SSL_ASYNC_closeConnection(sbyte4 connectionInstance)
Close an SSL session and release resources.
SSL_send
MOC_EXTERN sbyte4 SSL_send(sbyte4 connectionInstance, sbyte *pBuffer, sbyte4 bufferSize)
Send data to a connected server/client.
SSL_ASYNC_acceptConnectionAlt
MOC_EXTERN sbyte4 SSL_ASYNC_acceptConnectionAlt(TCP_SOCKET tempSocket, void *pCertStore)
Wrapper function to register a secure asynchronous SSL/TLS connection.
SSL_disableCipherHashAlgorithm
MOC_EXTERN sbyte4 SSL_disableCipherHashAlgorithm(sbyte4 connectionInstance, TLS_HashAlgorithm hashId)
Disable ciphers using the specified hash algorithm (and lower).
SSL_setAlpnCallback
MOC_EXTERN MSTATUS SSL_setAlpnCallback(sbyte4 connectionInstance, sbyte4(*funcPtrAlpnCallback)(sbyte4 connectionInstance, ubyte **out[], sbyte4 *outlen, ubyte *in, sbyte4 inlen))
Register an Application Layer Protocol Negotiation callback.
SSL_checkFIPS
MOC_EXTERN sbyte4 SSL_checkFIPS()
Check if FIPS library is loaded correctly.
sslSettings::minRSAKeySize
ubyte4 minRSAKeySize
Minimum RSA Key Size allowed.
Definition: ssl.h:875
ResponderID
Definition: ssl.h:710
NameTypeSNI
NameTypeSNI
Definition: ssl.h:559
SSL_PROXY_connect
MOC_EXTERN sbyte4 SSL_PROXY_connect(TCP_SOCKET sslSocket, sbyte4 sslId, SSLTransportSend transportSend, SSLTransportRecv transportRecv, TCP_SOCKET tempSocket, ubyte sessionIdLen, ubyte *sessionId, ubyte *masterSecret, const sbyte *dnsName, struct certStore *certStore)
Create a synchronous client connection context with transport handlers for creating a connection thro...
SSL_setCipherAlgorithm
MOC_EXTERN MSTATUS SSL_setCipherAlgorithm(sbyte4 connectionInstance, ubyte2 *pList, ubyte4 listLength, ubyte4 listType)
Set cipher, supported Groups and signature algorithm.
SSL_sendAlert
MOC_EXTERN sbyte4 SSL_sendAlert(sbyte4 connectionInstance, sbyte4 alertId, sbyte4 alertClass)
Send an SSL alert message to an SSL peer.
SSL_getSocketId
MOC_EXTERN sbyte4 SSL_getSocketId(sbyte4 connectionInstance, TCP_SOCKET *pRetSocket)
Get a connection&#39;s socket identifier.
SSL_getCipherList
MOC_EXTERN sbyte4 SSL_getCipherList(sbyte4 connectionInstance, ubyte2 **ppCipherIdList, ubyte4 *pCount)
Get the enabled ciphers.
SSL_ASYNC_sendMessage
MOC_EXTERN sbyte4 SSL_ASYNC_sendMessage(sbyte4 connectionInstance, sbyte *pBuffer, sbyte4 bufferSize, sbyte4 *pBytesSent)
Send data to a connected server/client.
SSL_bindShimMethods
MOC_EXTERN sbyte4 SSL_bindShimMethods(nssl_methods_t *pMeth)
Binds NanoSSL functions to be used by NanoSSL Shim layer.
SSL_getState
MOC_EXTERN sbyte4 SSL_getState(sbyte4 connectionInstance, sbyte4 *pState)
Return the last handshake message recived by the stack.
sslSettings::sslTimeOutConnectTimedWait
ubyte4 sslTimeOutConnectTimedWait
Number of seconds to wait for connection timeout.
Definition: ssl.h:853
sslSettings
Configuration settings and callback function pointers for NanoSSL SSL/TLS clients and NanoDTLS DTLS c...
Definition: ssl.h:810
SSL_connect
MOC_EXTERN sbyte4 SSL_connect(TCP_SOCKET tempSocket, ubyte sessionIdLen, ubyte *sessionId, ubyte *masterSecret, const sbyte *dnsName, struct certStore *certStore)
Create a synchronous client connection context.
SSL_getEAPFAST_IntermediateCompoundKey
MOC_EXTERN sbyte4 SSL_getEAPFAST_IntermediateCompoundKey(sbyte4 connectionInstance, ubyte *s_imk, ubyte *msk, ubyte mskLen, ubyte *imk)
SSL_isSessionDTLS
MOC_EXTERN sbyte4 SSL_isSessionDTLS(sbyte4 connectionInstance)
Determine whether a connection instance represents a DTLS server, a DTLS client, or an unrecognized c...
SrtpProfileInfo
Definition: ssl.h:741
SSL_setClientCertAuthorityCallback
MOC_EXTERN MSTATUS SSL_setClientCertAuthorityCallback(sbyte4 connectionInstance, MSTATUS(*funcPtrClientCertAuthorityCallback)(sbyte4 connectionInstance, SizedBuffer *pCertAuthorities, ubyte4 certAuthorityCount))
Provide certificate authorities to SSL stack for client.
SSL_generateExportKeyMaterial
MOC_EXTERN sbyte4 SSL_generateExportKeyMaterial(sbyte4 connectionInstance, ubyte *pKey, ubyte2 keyLen, ubyte *pKeyphrase, ubyte2 keyPhrase, ubyte *pContext, ubyte2 contextLen, int useContext)
Generate the export key material with the given label and context for a connection.
DTLS_isTimerExpired
MOC_EXTERN sbyte4 DTLS_isTimerExpired(sbyte4 connectionInstance)
Check if DTLS timer has expired.
sslSettings::sslTimeOutReceive
ubyte4 sslTimeOutReceive
Number of seconds to wait for a Receive message.
Definition: ssl.h:866
SSL_setEarlyData
MOC_EXTERN sbyte4 SSL_setEarlyData(sbyte4 connectionInstance, ubyte *pEarlyData, ubyte4 earlyDataSize)
Set the max early data.
SSL_generateEAPFASTSessionKeys
MOC_EXTERN sbyte4 SSL_generateEAPFASTSessionKeys(sbyte4 connectionInstance, ubyte *S_IMCK, sbyte4 s_imckLen, ubyte *MSK, sbyte4 mskLen, ubyte *EMSK, sbyte4 emskLen)
SSL_freePSK
MOC_EXTERN MSTATUS SSL_freePSK(tls13PSK **ppPsk)
Free TLS 1.3 PSK.
SSL_ASYNC_recvMessage2
MOC_EXTERN sbyte4 SSL_ASYNC_recvMessage2(sbyte4 connectionInstance, ubyte *pBytesReceived, ubyte4 numBytesReceived, ubyte **ppRetBytesReceived, ubyte4 *pRetNumRxBytesRemaining)
Get a pointer to the connection&#39;s most recently receiveed message.
SSL_setClientCertCallback
MOC_EXTERN MSTATUS SSL_setClientCertCallback(sbyte4 connInstance, MSTATUS(*funcPtrClientCertCallback)(sbyte4 connInstance, SizedBuffer **ppRetCert, ubyte4 *pRetNumCerts, ubyte **ppRetKeyBlob, ubyte4 *pRetKeyBlobLen, ubyte **ppRetCACert, ubyte4 *pRetNumCACerts))
Set Callback to request cert and key from the Application.
SSL_init
MOC_EXTERN sbyte4 SSL_init(sbyte4 numServerConnections, sbyte4 numClientConnections)
Initialize NanoSSL client or server internal structures.
SSL_ASYNC_init
MOC_EXTERN sbyte4 SSL_ASYNC_init(sbyte4 numServerConnections, sbyte4 numClientConnections)
Initialize NanoSSL client or server internal structures.
sslSettings::minDHKeySize
ubyte4 minDHKeySize
Minimum DH Key Size allowed.
Definition: ssl.h:880
SSL_getSelectedApplicationProtocol
MOC_EXTERN sbyte4 SSL_getSelectedApplicationProtocol(sbyte4 connectionInstance, const ubyte **selectedApplicationProtocol, ubyte4 *selectedApplicationProtocolLen)
Retrieve the selected Application Layer Protocol.
SSL_populateMutualAuthCertStore
MOC_EXTERN MSTATUS SSL_populateMutualAuthCertStore(sbyte4 connectionInstance, const SizedBuffer *pCerts, ubyte4 numCerts, ubyte *pKey, ubyte4 keyLen, const ubyte *pCACert, ubyte4 caCertLength)
Function to populate the mutual auth cert store.
SSL_checkRehandshakeTimer
MOC_EXTERN sbyte4 SSL_checkRehandshakeTimer(sbyte4 connectionInstance)
Timer check for rehandshaking.
SSL_enableECCCurves
MOC_EXTERN sbyte4 SSL_enableECCCurves(sbyte4 connectionInstance, enum tlsExtNamedCurves *pECCCurvesList, ubyte4 listLength)
Enable ECC curves.
SSL_setCookie
MOC_EXTERN sbyte4 SSL_setCookie(sbyte4 connectionInstance, void *cookie)
Store custom information for a connection instance.
SSL_setVersionCallback
MOC_EXTERN MSTATUS SSL_setVersionCallback(sbyte4 connectionInstance, MSTATUS(*funcPtrVersionCallback)(ubyte4 serverVersion, ubyte4 clientVersion, MSTATUS sslStatus))
Register a version callback to record the server version and client version.
SSL_setAlertCallback
MOC_EXTERN MSTATUS SSL_setAlertCallback(sbyte4 connectionInstance, sbyte4(*funcPtrAlertCallback)(sbyte4 connectionInstance, sbyte4 alertId, sbyte4 alertClass))
Register an alert msg callback function.
SSL_bindMbedtlsShimMethods
MOC_EXTERN sbyte4 SSL_bindMbedtlsShimMethods(mssl_methods_t *pMeth)
Binds NanoSSL functions to be used by NanoSSL Shim layer.
SSL_setEAPFASTParams
MOC_EXTERN sbyte4 SSL_setEAPFASTParams(sbyte4 connectionInstance, ubyte *pPacOpaque, ubyte4 pacOpaqueLen, ubyte pPacKey[])
SSL_getPeerDescr
MOC_EXTERN sbyte4 SSL_getPeerDescr(sbyte4 connectionInstance, const peerDescr **ppRetPeerDescr)
SSL_deserializePSK
MOC_EXTERN MSTATUS SSL_deserializePSK(ubyte *pPsk, ubyte4 pskLen, tls13PSK **ppRetPsk)
Deserialize TLS 1.3 PSK.
SSL_getLocalState
MOC_EXTERN sbyte4 SSL_getLocalState(sbyte4 connectionInstance, sbyte4 *pState)
Returns the last message sent.
SSL_setCertAndStatusCallback
MOC_EXTERN MSTATUS SSL_setCertAndStatusCallback(sbyte4 connectionInstance, MSTATUS(*funcPtrGetCertAndStatusCallback)(sbyte4 connectionInstance, struct certChain *pCertChain, MSTATUS validationstatus))
Provide Certificate and its validation status from the SSL stack.
SSL_getCookie
MOC_EXTERN sbyte4 SSL_getCookie(sbyte4 connectionInstance, void **pCookie)
Get custom information for a connection instance.
SSL_setCertVerifySignCallback
MOC_EXTERN MSTATUS SSL_setCertVerifySignCallback(sbyte4(*funcPtrMutualAuthCertificateVerify)(sbyte4 connectionInstance, const ubyte *pHash, ubyte4 hashLen, ubyte *pResult, ubyte4 resultLength))
API to set the callback to compute signature for certificate verify message for client authentication...
SSL_shutdownStack
MOC_EXTERN sbyte4 SSL_shutdownStack(void)
Clean up memory and mutexes and shut down the SSL stack.
SSL_setApplicationLayerProtocol
MOC_EXTERN sbyte4 SSL_setApplicationLayerProtocol(sbyte4 connectionInstance, sbyte4 numNextProtocols, const char **nextProtocols)
Set the Application Layer Protocol Negotiation information.
SSL_generateExpansionKey
MOC_EXTERN sbyte4 SSL_generateExpansionKey(sbyte4 connectionInstance, ubyte *pKey, ubyte2 keyLen, ubyte *keyPhrase, ubyte2 keyPhraseLen)
SSL_setDSACiphers
MOC_EXTERN sbyte4 SSL_setDSACiphers(sbyte4 connectionInstance, ubyte enableDSACiphers)
Enable/disable DSA ciphers.
SSL_getSSLTLSVersion
MOC_EXTERN sbyte4 SSL_getSSLTLSVersion(sbyte4 connectionInstance, ubyte4 *pVersion)
Get a connection&#39;s SSL/TLS version.
SSL_SOCK_getPeerCertificateBytes
MOC_EXTERN MSTATUS SSL_SOCK_getPeerCertificateBytes(sbyte4 connectionInstance, ubyte **ppCertBytes, ubyte4 *pCertLen)
Retrieve size and length of the peer&#39;s certificate.
SSL_getInstanceFromSocket
MOC_EXTERN sbyte4 SSL_getInstanceFromSocket(TCP_SOCKET socket)
Get a socket&#39;s connection instance.
sslSettings::sslListenPort
ubyte4 sslListenPort
Port number for the connection context.
Definition: ssl.h:820
SSL_getClientSessionInfo
MOC_EXTERN sbyte4 SSL_getClientSessionInfo(sbyte4 connectionInstance, ubyte *sessionIdLen, ubyte sessionId[SSL_MAXSESSIONIDSIZE], ubyte masterSecret[SSL_MASTERSECRETSIZE])
Get connection instance&#39;s identifying information.
SSL_setMinRSAKeySize
MOC_EXTERN sbyte4 SSL_setMinRSAKeySize(ubyte4 keySize)
Set the minimum RSA Key Size.
CERT_STORE_createStoreAlt
MOC_EXTERN sbyte4 CERT_STORE_createStoreAlt(void **ppNewStore)
Wrapper function to create and initialize a Digicert SoT Platform certificate store.
sslSettings::allowDSASigAlg
intBoolean allowDSASigAlg
Enable or disable DSA signature algorithms.
Definition: ssl.h:890
SSL_setMaxEarlyDataSize
MOC_EXTERN sbyte4 SSL_setMaxEarlyDataSize(sbyte4 connectionInstance, sbyte4 earlyDataSize)
Set the max early data size.
SSL_getSessionFlags
MOC_EXTERN sbyte4 SSL_getSessionFlags(sbyte4 connectionInstance, ubyte4 *pRetFlagsSSL)
Get a connection&#39;s context (its flags).
SSL_ASYNC_getRecvBuffer
MOC_EXTERN sbyte4 SSL_ASYNC_getRecvBuffer(sbyte4 connectionInstance, ubyte **data, ubyte4 *len, ubyte4 *pRetProtocol)
Get a pointer to the connection&#39;s receive data buffer (the socket buffer itself). ...
SSL_setFIPSEnabled
MOC_EXTERN sbyte4 SSL_setFIPSEnabled(ubyte isFIPSEnabled)
Enable FIPS at runtime.
sslSettings::helloCookieVersion
ubyte helloCookieVersion
Internal use only.
Definition: ssl.h:842
SSL_generateTLSExpansionKey
MOC_EXTERN sbyte4 SSL_generateTLSExpansionKey(sbyte4 connectionInstance, ubyte *pKey, ubyte2 keyLen, ubyte *keyPhrase, ubyte2 keyPhraseLen)
SSL_getSessionStatus
MOC_EXTERN sbyte4 SSL_getSessionStatus(sbyte4 connectionInstance, ubyte4 *pRetStatusSSL)
Get a connection&#39;s status.
SSL_OSSL_ECCParamsToKeyBlob
MOC_EXTERN sbyte4 SSL_OSSL_ECCParamsToKeyBlob(OSSL_ECCParams *pEParams, void *ppKeyBlob, unsigned int *pBlobLen)
Convert ECC private key into Mocana&#39;s internal KeyBlob format.
tlsExtensionTypes
tlsExtensionTypes
Definition: ssl.h:450
InnerAppType
InnerAppType
Definition: ssl.h:547
SSL_TAP_clearKeyAndToken
MOC_EXTERN MSTATUS SSL_TAP_clearKeyAndToken()
Unload the TAP keys in deferred mode, when the application is shutting down.
SSL_initiateRehandshake
MOC_EXTERN sbyte4 SSL_initiateRehandshake(sbyte4 connectionInstance)
Renegotiate an SSL/TLS session.
SSL_isRehandshakeAllowed
MOC_EXTERN sbyte4 SSL_isRehandshakeAllowed(sbyte4 connectionInstance, intBoolean *pRehandshake)
Check if the rehandshake is allowed for the connection.
SSL_acceptConnection
MOC_EXTERN sbyte4 SSL_acceptConnection(TCP_SOCKET tempSocket, struct certStore *pCertStore)
Create a synchronous server connection context.
SSL_setDNSNames
MOC_EXTERN sbyte4 SSL_setDNSNames(sbyte4 connectionInstance, const CNMatchInfo *cnMatchInfo)
Specify a list of DNS names acceptable to the client.
SSL_in_accept_init_moc
MOC_EXTERN sbyte4 SSL_in_accept_init_moc(sbyte4 connectionInstance)
Checks if server accepts a secure connection.
tlsExtPskKeyExchangeMode
tlsExtPskKeyExchangeMode
Definition: ssl.h:613
SSL_ASYNC_getSendBuffer
MOC_EXTERN sbyte4 SSL_ASYNC_getSendBuffer(sbyte4 connectionInstance, ubyte *data, ubyte4 *len)
Get a copy of the connection&#39;s send data buffer.
SSL_ASYNC_getSendBufferZeroCopy
MOC_EXTERN sbyte4 SSL_ASYNC_getSendBufferZeroCopy(sbyte4 connectionInstance, ubyte **data, ubyte4 *len)
Get a pointer reference to the connection&#39;s send data buffer.
SSL_setRecvEarlyDataSize
MOC_EXTERN sbyte4 SSL_setRecvEarlyDataSize(sbyte4 connectionInstance, sbyte4 recvEarlyDataSize)
Set the recv early data size.
SSL_ASYNC_start
MOC_EXTERN sbyte4 SSL_ASYNC_start(sbyte4 connectionInstance)
Start establishing a secure client-server connection.
SSL_updateInnerAppSecret
MOC_EXTERN sbyte4 SSL_updateInnerAppSecret(sbyte4 connectionInstance, ubyte *session_key, ubyte4 sessionKeyLen)
SSL_closeConnection
MOC_EXTERN sbyte4 SSL_closeConnection(sbyte4 connectionInstance)
Close an SSL session and release resources.
SSL_setDHParameters
MOC_EXTERN sbyte4 SSL_setDHParameters(ubyte *pP, ubyte4 pLen, ubyte *pG, ubyte4 gLen, ubyte4 lengthY)
Set the DH parameters to use during the SSL connection.
SSL_isSessionSSL
MOC_EXTERN sbyte4 SSL_isSessionSSL(sbyte4 connectionInstance)
Determine whether a connection instance represents an SSL/TLS server, an SSL/TLS client, or an unrecognized connection (for example, SSH).
sslSettings::helloCookieSecretLastGenTime
ubyte4 helloCookieSecretLastGenTime
Internal use only.
Definition: ssl.h:836
SSL_verifyInnerAppVerifyData
MOC_EXTERN sbyte4 SSL_verifyInnerAppVerifyData(sbyte4 connectionInstance, ubyte *data, InnerAppType appType)
sslSettings::maxByteCount
sbyte4 maxByteCount
Max number of bytes sent.
Definition: ssl.h:895
SSL_recv
MOC_EXTERN sbyte4 SSL_recv(sbyte4 connectionInstance, sbyte *pRetBuffer, sbyte4 bufferSize, sbyte4 *pNumBytesReceived, ubyte4 timeout)
Get data from a connected server/client.
SSL_releaseTables
MOC_EXTERN sbyte4 SSL_releaseTables(void)
Release memory used by internal SSL/TLS memory tables.
SSL_in_connect_init_moc
MOC_EXTERN sbyte4 SSL_in_connect_init_moc(sbyte4 connectionInstance)
Checks if the connection instance can be connected to.
sslSettings::allowSha1SigAlg
intBoolean allowSha1SigAlg
Enable or disable SHA-1 for TLS 1.2 signature algorithms.
Definition: ssl.h:885
SSL_OSSL_AddIdenCertChain
MOC_EXTERN sbyte4 SSL_OSSL_AddIdenCertChain(void *pCertStore, OSSL_SizedBuffer *certs, unsigned numCerts, const u_int8_t *pKeyBlob, unsigned keyBlobLength, ubyte *pAlias, ubyte4 aliasLen)
Add an x509v3 certificate identity to the Digicert SoT Platform certificate store.
SSL_getSessionInfo
MOC_EXTERN sbyte4 SSL_getSessionInfo(sbyte4 connectionInstance, ubyte *sessionIdLen, ubyte sessionId[SSL_MAXSESSIONIDSIZE], ubyte masterSecret[SSL_MASTERSECRETSIZE])
SSL_ASYNC_connectAlt
MOC_EXTERN sbyte4 SSL_ASYNC_connectAlt(TCP_SOCKET tempSocket, ubyte sessionIdLen, ubyte *sessionId, ubyte *masterSecret, const sbyte *dnsName, void *certStore)
Wrapper function to create an asynchronous client connection context.
SSL_setInnerApplicationExt
MOC_EXTERN sbyte4 SSL_setInnerApplicationExt(sbyte4 connectionInstance, ubyte4 innerAppValue)
SSL_ASYNC_getRecvPending
MOC_EXTERN sbyte4 SSL_ASYNC_getRecvPending(sbyte4 connectionInstance, sbyte4 *len)
Get number of bytes to read.
SSL_setMutualAuthCertificateAlias
MOC_EXTERN MSTATUS SSL_setMutualAuthCertificateAlias(sbyte4 connectionInstance, ubyte *pAlias, ubyte4 aliasLen)
Set the alias of the certificate-key pair to be used for mutual auth.
SSL_generateEarlyExportKeyMaterial
MOC_EXTERN sbyte4 SSL_generateEarlyExportKeyMaterial(sbyte4 connectionInstance, ubyte *pKey, ubyte2 keyLen, ubyte *pLabel, ubyte2 labelLen, ubyte *pContext, ubyte4 contextLen)
Generate export keying material based on the early exporter master secret, label, and context...
SSL_ASYNC_acceptConnection
MOC_EXTERN sbyte4 SSL_ASYNC_acceptConnection(TCP_SOCKET tempSocket, struct certStore *pCertStore)
Register a secure asynchronous SSL/TLS connection.
sslSettings::hwAccelCookie
hwAccelDescr hwAccelCookie
Internal use only.
Definition: ssl.h:846
peerDescr
Definition: ssl.h:729
SSL_setSha1SigAlg
MOC_EXTERN sbyte4 SSL_setSha1SigAlg(intBoolean setting)
Dynamically set support for SHA-1 signature algorithms,.
SSL_setReceiveApplicationDataCallback
MOC_EXTERN sbyte4 SSL_setReceiveApplicationDataCallback(sbyte4(*funcPtrTLS13ApplicationDataCallback)(sbyte4 connectionInstance, ubyte *pData, ubyte4 dataLen, dataState state))
Function to set the callback to pass data to the application received during the SSL handshake...
CertificateStatusType
CertificateStatusType
Definition: ssl.h:571
SSL_setInvalidCertCallback
MOC_EXTERN MSTATUS SSL_setInvalidCertCallback(sbyte4 connectionInstance, MSTATUS(*funcPtrInvalidCertCallback)(sbyte4 connectionInstance, MSTATUS validationstatus))
Provide status to application when stack receives empty certificate.
SSL_sslSettings
MOC_EXTERN sslSettings * SSL_sslSettings(void)
Get a pointer to current context&#39;s configuration settings.
SSL_ASYNC_freeSendBufferZeroCopy
MOC_EXTERN sbyte4 SSL_ASYNC_freeSendBufferZeroCopy(sbyte4 connectionInstance, ubyte4 numUnusedBytes)
Get a pointer reference to the connection&#39;s send data buffer.
SSL_enableCiphers
MOC_EXTERN sbyte4 SSL_enableCiphers(sbyte4 connectionInstance, const ubyte2 *pCipherSuiteList, ubyte4 listLength)
Enable specified ciphers.
SSL_OSSL_AddTrustPoint
MOC_EXTERN sbyte4 SSL_OSSL_AddTrustPoint(void *pCertStore, u_int8_t *pDerBuf, int derLen)
Add a trust point to a Digicert SoT Platform certificate store.
SSL_isSecureConnectionEstablished
MOC_EXTERN sbyte4 SSL_isSecureConnectionEstablished(sbyte4 connectionInstance)
Checks if a secure connection has been established.
CERT_STORE_releaseStoreAlt
MOC_EXTERN MSTATUS CERT_STORE_releaseStoreAlt(void **ppReleaseStore)
Wrapper function to release (free) memory used by a Digicert SoT Platform certificate store...
hashType
hashType
Definition: ssl.h:625
SSL_returnPtrToSSLSocket
MOC_EXTERN void * SSL_returnPtrToSSLSocket(sbyte4 connectionInstance)
SSL_ASYNC_recvMessage
MOC_EXTERN sbyte4 SSL_ASYNC_recvMessage(sbyte4 connectionInstance, ubyte *pBytesReceived, ubyte4 numBytesReceived)
Get a copy of data received from a connected server/client.
SSL_Settings_Ioctl
MOC_EXTERN sbyte4 SSL_Settings_Ioctl(ubyte4 setting, void *value)
Enable dynamic management of a connection&#39;s features.
SSL_lookupAlert
MOC_EXTERN sbyte4 SSL_lookupAlert(sbyte4 connectionInstance, sbyte4 lookupError, sbyte4 *pRetAlertId, sbyte4 *pAlertClass)
Get the SSL alert code for a Mocana error.
SSL_ASYNC_connect
MOC_EXTERN sbyte4 SSL_ASYNC_connect(TCP_SOCKET tempSocket, ubyte sessionIdLen, ubyte *sessionId, ubyte *masterSecret, const sbyte *dnsName, struct certStore *pCertStore)
Create an asynchronous client connection context.
SSL_serializePSK
MOC_EXTERN MSTATUS SSL_serializePSK(tls13PSK *pPsk, ubyte **ppPsk, ubyte4 *pPskLen)
Serialize TLS 1.3 PSK.
SSL_sendInnerApp
MOC_EXTERN sbyte4 SSL_sendInnerApp(sbyte4 connectionInstance, InnerAppType innerApp, ubyte *pMsg, ubyte4 msgLen, ubyte4 *retMsgLen)
pemPasswordInfo
Definition: ssl.h:767
SSL_OSSL_RSAParamsToKeyBlob
MOC_EXTERN sbyte4 SSL_OSSL_RSAParamsToKeyBlob(OSSL_RSAParams *pR, void **ppKeyBlob, unsigned int *pBlobLen)
Convert RSA private key into Mocana&#39;s internal KeyBlob format.
SSL_setSessionFlags
MOC_EXTERN sbyte4 SSL_setSessionFlags(sbyte4 connectionInstance, ubyte4 flagsSSL)
Store a connection&#39;s context (its flags).
SSL_negotiateConnection
MOC_EXTERN sbyte4 SSL_negotiateConnection(sbyte4 connectionInstance)
Establish a secure SSL client-server connection.
sslSettings::maxTimerCountForRehandShake
sbyte4 maxTimerCountForRehandShake
Max timer count for rehandshake.
Definition: ssl.h:900
SSL_ioctl
MOC_EXTERN sbyte4 SSL_ioctl(sbyte4 connectionInstance, ubyte4 setting, void *value)
Enable dynamic management of a connection&#39;s features.
SSL_OSSL_DSAParamsToKeyBlob
MOC_EXTERN sbyte4 SSL_OSSL_DSAParamsToKeyBlob(OSSL_DSAParams *pD, void **ppKeyBlob, unsigned int *pBlobLen)
Convert DSA private key into Mocana&#39;s internal KeyBlob format.
SSL_getCipherInfo
MOC_EXTERN sbyte4 SSL_getCipherInfo(sbyte4 connectionInstance, ubyte2 *pCipherId, ubyte4 *pPeerEcCurves)
Get a connection&#39;s ciphers and ecCurves.
SSL_DTLS_getTimeout
MOC_EXTERN sbyte4 SSL_DTLS_getTimeout(sbyte4 connectionInstance, void *pTime)
Get the time remaing until DTLS timeout.
SSL_ASYNC_sendMessagePending
MOC_EXTERN sbyte4 SSL_ASYNC_sendMessagePending(sbyte4 connectionInstance)
Determines whether there is data in a connection instance&#39;s SSL send buffer.
SSL_sendPending
MOC_EXTERN sbyte4 SSL_sendPending(sbyte4 connectionInstance, sbyte4 *pNumBytesPending)
Determines whether there is data in a connection instance&#39;s SSL send buffer.
SSL_setClientCAList
MOC_EXTERN MSTATUS SSL_setClientCAList(SizedBuffer *pClientCAList, ubyte4 numClientCANames)
Set the CA list that will be sent as part of Certificate Request message.