TLS parameter configuration 更多...
Hitls_config 的协作图:
宏定义 | |
| #define | HITLS_VERSION_TLCP11 0x0101u |
| TLCP 1.1 version | |
| #define | HITLS_TLS_ANY_VERSION 0x03ffu |
| TLS any version | |
| #define | HITLS_VERSION_SSL30 0x0300u |
| SSL3.0 version number | |
| #define | HITLS_VERSION_TLS10 0x0301u |
| TLS1.0 version number | |
| #define | HITLS_VERSION_TLS11 0x0302u |
| TLS1.1 version number | |
| #define | HITLS_VERSION_TLS12 0x0303u |
| TLS1.2 version | |
| #define | HITLS_DTLS_ANY_VERSION 0xfe00u |
| DTLS any version | |
| #define | HITLS_VERSION_DTLS12 0xfefdu |
| DTLS 1.2 version | |
| #define | HITLS_CFG_MAX_SIZE 1024 |
| Maximum size of the configuration data | |
| #define | TLS13_CIPHERSUITES_MAX_LEN 80 |
| Configure the maximum size of the TLS1_3 cipher suite | |
类型定义 | |
| typedef int32_t(* | HITLS_ClientHelloCb) (HITLS_Ctx *ctx, int32_t *alert, void *arg) |
| ClientHello callback prototype for the server to process the callback. | |
| typedef int32_t(* | HITLS_NoSecRenegotiationCb) (HITLS_Ctx *ctx) |
| Callback function when the peer end does not support security renegotiation | |
函数 | |
| HITLS_Config * | HITLS_CFG_NewDTLS12Config (void) |
| Create DTLS12 configuration items, including the default settings. The user can call the HITLS_CFG_SetXXX interface to modify the settings. | |
| HITLS_Config * | HITLS_CFG_NewTLCPConfig (void) |
| Create TLCP configuration items, including default settings. | |
| HITLS_Config * | HITLS_CFG_NewTLS12Config (void) |
| Create a TLS12 configuration item, including the default configuration. | |
| HITLS_Config * | HITLS_CFG_NewTLS13Config (void) |
| Creates the default TLS13 configuration. | |
| HITLS_Config * | HITLS_CFG_NewTLSConfig (void) |
| Create full TLS configurations. The HITLS_CFG_SetXXX interface can be used to modify the configurations. | |
| HITLS_Config * | HITLS_CFG_NewDTLSConfig (void) |
| Create full DTLS configurations. The HITLS_CFG_SetXXX interface can be called to modify the DTLS configuration. | |
| void | HITLS_CFG_FreeConfig (HITLS_Config *config) |
| Release the config file. | |
| int32_t | HITLS_CFG_UpRef (HITLS_Config *config) |
| The reference counter of config increases by 1. | |
| int32_t | HITLS_CFG_SetVersion (HITLS_Config *config, uint16_t minVersion, uint16_t maxVersion) |
| Set the supported version number range. | |
| int32_t | HITLS_CFG_SetVersionForbid (HITLS_Config *config, uint32_t noVersion) |
| Setting the disabled version number. | |
| int32_t | HITLS_CFG_SetRenegotiationSupport (HITLS_Config *config, bool support) |
| Set whether to support renegotiation. | |
| int32_t | HITLS_CFG_SetResumptionOnRenegoSupport (HITLS_Config *config, bool support) |
| Set whether to support session restoration during renegotiation.By default, session restoration is not supported. | |
| int32_t | HITLS_CFG_SetClientVerifySupport (HITLS_Config *config, bool support) |
| Sets whether to verify the client certificate. Client: This setting has no impact Server: The certificate request will be sent. | |
| int32_t | HITLS_CFG_SetNoClientCertSupport (HITLS_Config *config, bool support) |
| Sets whether to allow the client certificate to be empty. This parameter takes effect only when client certificate verification is enabled. Client: This setting has no impact Server: Check whether the certificate passes the verification when receiving an empty certificate from the client. The verification fails by default. | |
| int32_t | HITLS_CFG_SetExtenedMasterSecretSupport (HITLS_Config *config, bool support) |
| Sets whether to forcibly support extended master keys. | |
| int32_t | HITLS_CFG_SetDhAutoSupport (HITLS_Config *config, bool support) |
| Set whether the DH parameter can be automatically selected by users. | |
| int32_t | HITLS_CFG_SetTmpDh (HITLS_Config *config, HITLS_CRYPT_Key *dhPkey) |
| Set the DH parameter specified by the user. | |
| int32_t | HITLS_CFG_GetRenegotiationSupport (const HITLS_Config *config, uint8_t *isSupport) |
| Query whether renegotiation is supported. | |
| int32_t | HITLS_CFG_GetClientVerifySupport (HITLS_Config *config, uint8_t *isSupport) |
| Query whether the client certificate can be verified. | |
| int32_t | HITLS_CFG_GetNoClientCertSupport (HITLS_Config *config, uint8_t *isSupport) |
| Query whether support there is no client certificate. This parameter takes effect only when the client certificate is verified. | |
| int32_t | HITLS_CFG_GetExtenedMasterSecretSupport (HITLS_Config *config, uint8_t *isSupport) |
| Query whether extended master keys are supported. | |
| int32_t | HITLS_CFG_GetDhAutoSupport (HITLS_Config *config, uint8_t *isSupport) |
| Query whether the DH parameter can be automatically selected by the user. If yes, the DH parameter will be automatically selected based on the length of the certificate private key. | |
| int32_t | HITLS_CFG_SetPostHandshakeAuthSupport (HITLS_Config *config, bool support) |
| Setting whether to support post-handshake auth takes effect only for TLS1.3. client: If the client supports pha, the client sends pha extensions. Server: supports pha. After the handshake, the upper-layer interface HITLS_VerifyClientPostHandshake initiates certificate verification. | |
| int32_t | HITLS_CFG_GetPostHandshakeAuthSupport (HITLS_Config *config, uint8_t *isSupport) |
| Query whether the post-handshake AUTH function is supported. | |
| int32_t | HITLS_CFG_SetVerifyNoneSupport (HITLS_Config *config, bool support) |
| Sets whether to support not perform dual-ended verification | |
| int32_t | HITLS_CFG_GetVerifyNoneSupport (HITLS_Config *config, uint8_t *isSupport) |
| Query whether not perform dual-ended verification is supported | |
| int32_t | HITLS_CFG_SetClientOnceVerifySupport (HITLS_Config *config, bool support) |
| Set whether request client certificate only once is supported | |
| int32_t | HITLS_CFG_GetClientOnceVerifySupport (HITLS_Config *config, uint8_t *isSupport) |
| Query whether request client certificate only once is supported | |
| int32_t | HITLS_CFG_SetCipherSuites (HITLS_Config *config, const uint16_t *cipherSuites, uint32_t cipherSuitesSize) |
| Set the supported key suites. The sequence of the key suites affects the priority of the selected key suites. The key suite with the highest priority is the first. | |
| int32_t | HITLS_CFG_ClearTLS13CipherSuites (HITLS_Config *config) |
| Clear the TLS1.3 cipher suite. | |
| int32_t | HITLS_CFG_SetEcPointFormats (HITLS_Config *config, const uint8_t *pointFormats, uint32_t pointFormatsSize) |
| Set the format of the ec point. | |
| int32_t | HITLS_CFG_SetGroups (HITLS_Config *config, const uint16_t *groups, uint32_t groupsSize) |
| Set the group supported during key exchange. The group supported by HiTLS can be queried in HITLS_NamedGroup. | |
| int32_t | HITLS_CFG_SetSignature (HITLS_Config *config, const uint16_t *signAlgs, uint16_t signAlgsSize) |
| Set the signature algorithms supported during negotiation. The signature algorithms supported by the HiTLS can be queried in the HITLS_SignHashAlgo file. | |
| int32_t | HITLS_CFG_AddCAIndication (HITLS_Config *config, HITLS_TrustedCAType caType, const uint8_t *data, uint32_t len) |
| Add the CA indicator, which is used when the peer certificate is requested. | |
| HITLS_TrustedCAList * | HITLS_CFG_GetCAList (const HITLS_Config *config) |
| Obtain the CA list. | |
| int32_t | HITLS_CFG_SetKeyExchMode (HITLS_Config *config, uint32_t mode) |
| Set the key exchange mode, which is used by TLS1.3. | |
| uint32_t | HITLS_CFG_GetKeyExchMode (HITLS_Config *config) |
| Obtain the key exchange mode, which is used by TLS1.3. | |
| int32_t | HITLS_CFG_SetClientHelloCb (HITLS_Config *config, HITLS_ClientHelloCb callback, void *arg) |
| Set the cookie verification callback on the server. | |
| int32_t | HITLS_CFG_SetNoSecRenegotiationCb (HITLS_Config *config, HITLS_NoSecRenegotiationCb callback) |
| Set the callback function when the peer end does not support security renegotiation. | |
| int32_t | HITLS_CFG_GetMinVersion (const HITLS_Config *config, uint16_t *minVersion) |
| Obtaining the Minimum Supported Version Number | |
| int32_t | HITLS_CFG_GetMaxVersion (const HITLS_Config *config, uint16_t *maxVersion) |
| Obtaining the Maximum supported version number | |
| int32_t | HITLS_CFG_GetCipherId (const HITLS_Cipher *cipher, HITLS_CipherAlgo *cipherAlg) |
| Obtain the symmetric encryption algorithm type based on the cipher suite. | |
| int32_t | HITLS_CFG_GetHashId (const HITLS_Cipher *cipher, HITLS_HashAlgo *hashAlg) |
| Obtain the hash algorithm type based on the cipher suite. | |
| int32_t | HITLS_CFG_GetMacId (const HITLS_Cipher *cipher, HITLS_MacAlgo *macAlg) |
| Obtain the MAC algorithm type based on the cipher suite. | |
| int32_t | HITLS_CFG_GetAuthId (const HITLS_Cipher *cipher, HITLS_AuthAlgo *authAlg) |
| Obtain the server authorization algorithm type based on the cipher suite. | |
| int32_t | HITLS_CFG_GetKeyExchId (const HITLS_Cipher *cipher, HITLS_KeyExchAlgo *kxAlg) |
| Obtain the key exchange algorithm type based on the cipher suite. | |
| const uint8_t * | HITLS_CFG_GetCipherSuiteName (const HITLS_Cipher *cipher) |
| Obtain the cipher suite name based on the cipher suite. | |
| const uint8_t * | HITLS_CFG_GetCipherSuiteStdName (const HITLS_Cipher *cipher) |
| Obtain the RFC standard name of the cipher suite based on the cipher suite. | |
| int32_t | HITLS_CFG_GetDescription (const HITLS_Cipher *cipher, uint8_t *buf, int32_t len) |
| Outputs the description of the cipher suite as a string. | |
| int32_t | HITLS_CIPHER_IsAead (const HITLS_Cipher *cipher, uint8_t *isAead) |
| Determine whether to use the AEAD algorithm based on the cipher suite information. | |
| int32_t | HITLS_CFG_GetCipherVersion (const HITLS_Cipher *cipher, int32_t *version) |
| Obtain the earliest TLS version supported by the cipher suite based on the cipher suite. | |
| const HITLS_Cipher * | HITLS_CFG_GetCipherByID (uint16_t cipherSuite) |
| Obtain the cipher suite pointer based on the cipher suite ID. | |
| int32_t | HITLS_CFG_GetCipherSuite (const HITLS_Cipher *cipher, uint16_t *cipherSuite) |
| Obtain the encryption ID in the cipher suite. | |
| int32_t | HITLS_CFG_GetVersionSupport (const HITLS_Config *config, uint32_t *version) |
| Obtain the supported version number. | |
| int32_t | HITLS_CFG_SetVersionSupport (HITLS_Config *config, uint32_t version) |
| Set the supported version number. | |
| int32_t | HITLS_CFG_SetNeedCheckPmsVersion (HITLS_Config *config, bool needCheck) |
| This interface is used to verify the version in the premaster secret. This interface takes effect on the server. The version must be earlier than 1.0, including 1.0. | |
| int32_t | HITLS_CFG_SetQuietShutdown (HITLS_Config *config, int32_t mode) |
| Set the quiet disconnection mode. | |
| int32_t | HITLS_CFG_GetQuietShutdown (const HITLS_Config *config, int32_t *mode) |
| Obtain the current quiet disconnection mode. | |
| int32_t | HITLS_CFG_SetEncryptThenMac (HITLS_Config *config, uint32_t encryptThenMacType) |
| Set the Encrypt-Then-Mac mode. | |
| int32_t | HITLS_CFG_GetEncryptThenMac (const HITLS_Config *config, uint32_t *encryptThenMacType) |
| Obtain the Encrypt-Then-Mac type. | |
| int32_t | HITLS_CFG_IsDtls (const HITLS_Config *config, uint8_t *isDtls) |
| Determine whether to use DTLS. | |
| int32_t | HITLS_CFG_SetCipherServerPreference (HITLS_Config *config, bool isSupport) |
| cipher suites are preferentially selected from the list of algorithms supported by the server. | |
| int32_t | HITLS_CFG_GetCipherServerPreference (const HITLS_Config *config, bool *isSupport) |
| Obtains whether the current cipher suite supports preferential selection from the list of algorithms supported by the server. | |
| int32_t | HITLS_CFG_SetFlightTransmitSwitch (HITLS_Config *config, uint8_t isEnable) |
| Set whether to send handshake messages by route. | |
| int32_t | HITLS_CFG_GetFlightTransmitSwitch (const HITLS_Config *config, uint8_t *isEnable) |
| Obtains the status of whether to send handshake information according to the route. | |
| int32_t | HITLS_CFG_GetMiniaturizationSwitch (const HITLS_Config *config, uint8_t *isEnable) |
| Obtain whether to enable the miniaturization function. By default, the miniaturization function is disabled. | |
| int32_t | HITLS_CFG_SetMaxCertList (HITLS_Config *config, uint32_t maxSize) |
| Set the maximum size of the certificate chain that can be sent by the peer end. | |
| int32_t | HITLS_CFG_GetMaxCertList (const HITLS_Config *config, uint32_t *maxSize) |
| Obtain the maximum size of the certificate chain that can be sent by the peer end. | |
| int32_t | HITLS_CFG_SetRecordPaddingCb (HITLS_Config *config, HITLS_RecordPaddingCb callback) |
| Set the RecordPadding callback. | |
| HITLS_RecordPaddingCb | HITLS_CFG_GetRecordPaddingCb (HITLS_Config *config) |
| Obtains the RecordPadding callback function. | |
| int32_t | HITLS_CFG_SetRecordPaddingCbArg (HITLS_Config *config, void *arg) |
| Sets the parameters arg required by the RecordPadding callback function. | |
| void * | HITLS_CFG_GetRecordPaddingCbArg (HITLS_Config *config) |
| Obtains the parameter arg required by the RecordPadding callback function. | |
| int32_t | HITLS_CFG_SetCloseCheckKeyUsage (HITLS_Config *config, bool isClose) |
| Disables the verification of keyusage in the certificate. This function is enabled by default. | |
详细描述
TLS parameter configuration
