1 /* 2 * This file is part of the openHiTLS project. 3 * 4 * openHiTLS is licensed under the Mulan PSL v2. 5 * You can use this software according to the terms and conditions of the Mulan PSL v2. 6 * You may obtain a copy of Mulan PSL v2 at: 7 * 8 * http://license.coscl.org.cn/MulanPSL2 9 * 10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, 11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, 12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. 13 * See the Mulan PSL v2 for more details. 14 */ 15 16 /** 17 * @defgroup hitls_config 18 * @ingroup hitls 19 * @brief TLS parameter configuration 20 */ 21 22 #ifndef HITLS_CONFIG_H 23 #define HITLS_CONFIG_H 24 25 #include <stdbool.h> 26 #include <stdint.h> 27 #include "hitls_type.h" 28 #include "hitls_crypt_type.h" 29 #include "hitls_cert_type.h" 30 31 #ifdef __cplusplus 32 extern "C" { 33 #endif 34 35 /** 36 * @ingroup hitls_config 37 * @brief (D)TLCP 1.1 version 38 */ 39 #define HITLS_VERSION_TLCP_DTLCP11 0x0101u 40 41 /** 42 * @ingroup hitls_config 43 * @brief TLS any version 44 */ 45 #define HITLS_TLS_ANY_VERSION 0x03ffu 46 47 /** 48 * @ingroup hitls_config 49 * @brief SSL3.0 version number 50 */ 51 #define HITLS_VERSION_SSL30 0x0300u 52 53 /** 54 * @ingroup hitls_config 55 * @brief TLS1.0 version number 56 */ 57 #define HITLS_VERSION_TLS10 0x0301u 58 59 /** 60 * @ingroup hitls_config 61 * @brief TLS1.1 version number 62 */ 63 #define HITLS_VERSION_TLS11 0x0302u 64 65 /** 66 * @ingroup hitls_config 67 * @brief TLS1.2 version 68 */ 69 #define HITLS_VERSION_TLS12 0x0303u 70 71 /** 72 * @ingroup config 73 * @brief TLS 1.3 version 74 */ 75 #define HITLS_VERSION_TLS13 0x0304u 76 77 /** 78 * @ingroup config 79 * @brief Prefix of SSL 3.0 or later 80 */ 81 #define HITLS_VERSION_TLS_MAJOR 0x03u 82 83 /** 84 * @ingroup hitls_config 85 * @brief DTLS any version 86 */ 87 #define HITLS_DTLS_ANY_VERSION 0xfe00u 88 89 /** 90 * @ingroup hitls_config 91 * @brief DTLS 1.2 version 92 */ 93 #define HITLS_VERSION_DTLS12 0xfefdu 94 95 /** 96 * @ingroup hitls_config 97 * @brief Maximum size of the configuration data 98 */ 99 #define HITLS_CFG_MAX_SIZE 1024 100 101 /** 102 * @ingroup hitls_config 103 * @brief Configure the maximum size of the TLS1_3 cipher suite 104 */ 105 #define TLS13_CIPHERSUITES_MAX_LEN 80 106 107 /** 108 * @ingroup hitls_config 109 * @brief enumerate ciphersuites supported by HITLS with IANA coding 110 * */ 111 typedef enum { 112 HITLS_RSA_WITH_AES_128_CBC_SHA = 0x002F, 113 HITLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032, 114 HITLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033, 115 HITLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034, 116 HITLS_RSA_WITH_AES_256_CBC_SHA = 0x0035, 117 HITLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038, 118 HITLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039, 119 HITLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A, 120 HITLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C, 121 HITLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D, 122 HITLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040, 123 HITLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067, 124 HITLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A, 125 HITLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B, 126 HITLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C, 127 HITLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D, 128 HITLS_PSK_WITH_AES_128_CBC_SHA = 0x008C, 129 HITLS_PSK_WITH_AES_256_CBC_SHA = 0x008D, 130 HITLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090, 131 HITLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091, 132 HITLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094, 133 HITLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095, 134 HITLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C, 135 HITLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D, 136 HITLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E, 137 HITLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F, 138 HITLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2, 139 HITLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3, 140 HITLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6, 141 HITLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7, 142 HITLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8, 143 HITLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9, 144 HITLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA, 145 HITLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB, 146 HITLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC, 147 HITLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD, 148 HITLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE, 149 HITLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF, 150 HITLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2, 151 HITLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3, 152 HITLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6, 153 HITLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7, 154 HITLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009, 155 HITLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A, 156 HITLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013, 157 HITLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014, 158 HITLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 0xC018, 159 HITLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 0xC019, 160 HITLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023, 161 HITLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024, 162 HITLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027, 163 HITLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028, 164 HITLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B, 165 HITLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C, 166 HITLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F, 167 HITLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030, 168 HITLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035, 169 HITLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036, 170 HITLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037, 171 HITLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038, 172 HITLS_RSA_WITH_AES_128_CCM = 0xC09C, 173 HITLS_RSA_WITH_AES_256_CCM = 0xC09D, 174 HITLS_DHE_RSA_WITH_AES_128_CCM = 0xC09E, 175 HITLS_DHE_RSA_WITH_AES_256_CCM = 0xC09F, 176 HITLS_RSA_WITH_AES_128_CCM_8 = 0xC0A0, 177 HITLS_RSA_WITH_AES_256_CCM_8 = 0xC0A1, 178 HITLS_PSK_WITH_AES_256_CCM = 0xC0A5, 179 HITLS_DHE_PSK_WITH_AES_128_CCM = 0xC0A6, 180 HITLS_DHE_PSK_WITH_AES_256_CCM = 0xC0A7, 181 HITLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xC0AC, 182 HITLS_ECDHE_ECDSA_WITH_AES_256_CCM = 0xC0AD, 183 HITLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA8, 184 HITLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA9, 185 HITLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAA, 186 HITLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAB, 187 HITLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAC, 188 HITLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAD, 189 HITLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAE, 190 HITLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 = 0xD001, 191 HITLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 = 0xD002, 192 HITLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 = 0xD005, 193 194 /* TLS1.3 cipher suite */ 195 HITLS_AES_128_GCM_SHA256 = 0x1301, 196 HITLS_AES_256_GCM_SHA384 = 0x1302, 197 HITLS_CHACHA20_POLY1305_SHA256 = 0x1303, 198 HITLS_AES_128_CCM_SHA256 = 0x1304, 199 HITLS_AES_128_CCM_8_SHA256 = 0x1305, 200 /* TLCP 1.1 cipher suite */ 201 HITLS_ECDHE_SM4_CBC_SM3 = 0xE011, 202 HITLS_ECC_SM4_CBC_SM3 = 0xE013, 203 HITLS_ECDHE_SM4_GCM_SM3 = 0xE051, 204 HITLS_ECC_SM4_GCM_SM3 = 0xE053, 205 } HITLS_CipherSuite; 206 207 /** 208 * @ingroup hitls_config 209 * @brief Create DTLS12 configuration items, including the default settings. The user can call the 210 * HITLS_CFG_SetXXX interface to modify the settings. 211 * 212 * @attention The default configuration is as follows: 213 Version number: HITLS_VERSION_DTLS12 214 Algorithm suite: HITLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, HITLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 215 HITLS_DHE_DSS_WITH_AES_256_GCM_SHA384, HITLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 216 HITLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, HITLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 217 HITLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 218 HITLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, HITLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 219 HITLS_DHE_DSS_WITH_AES_128_GCM_SHA256, HITLS_DHE_RSA_WITH_AES_128_GCM_SHA256 220 EC point format: HITLS_POINT_FORMAT_UNCOMPRESSED 221 groups:secp256r1, secp384r1, secp521r1, x25519, x448 222 Extended Master Key: Not Enabled 223 Signature algorithm: All signature algorithms in the HITLS_SignHashAlgo table 224 Dual-ended check: Disabled 225 Allow Client No Certificate: Not Allowed 226 Renegotiation: Not supported 227 This API is a version-specific API. After the configuration context is created, 228 the HITLS_SetVersion, HITLS_CFG_SetVersion, HITLS_SetVersionSupport, HITLS_CFG_SetVersionSupport, 229 HITLS_SetMinProtoVersion, or HITLS_SetMaxProtoVersion interface cannot be used to set other supported versions. 230 * @retval HITLS_Config, object pointer succeeded. 231 * @retval NULL, failed to apply for the object. 232 * @see HITLS_CFG_FreeConfig 233 */ 234 HITLS_Config *HITLS_CFG_NewDTLS12Config(void); 235 236 /** 237 * @ingroup hitls_config 238 * @brief Create DTLS12 configuration items with provider, including the default settings. Same as HITLS_CFG_NewDTLS12Config 239 * except that it requires libCtx and attribute parameters. 240 * 241 * @param[in] libCtx: The library context. 242 * @param[in] attrName: The attribute name. 243 * 244 * @retval HITLS_Config, object pointer succeeded. 245 * @retval NULL, failed to apply for the object. 246 * @see HITLS_CFG_FreeConfig 247 */ 248 HITLS_Config *HITLS_CFG_ProviderNewDTLS12Config(HITLS_Lib_Ctx *libCtx, const char *attrName); 249 250 /** 251 * @ingroup hitls_config 252 * @brief Create TLCP configuration items, including default settings. 253 * 254 * The user can call the HITLS_CFG_SetXXX interface to modify the settings. 255 * 256 * @attention The default configuration is as follows: 257 Version number: HITLS_VERSION_TLCP_DTLCP11 258 Algorithm suite: HITLS_ECDHE_SM4_CBC_SM3, HITLS_ECC_SM4_CBC_SM3, HITLS_ECDHE_SM4_GCM_SM3, HITLS_ECC_SM4_GCM_SM3 259 EC point format: HITLS_POINT_FORMAT_UNCOMPRESSED 260 groups:sm2 261 Extended Master Key: Enabled 262 Signature algorithm: All signature algorithms in the HITLS_SignHashAlgo table 263 Dual-ended check: Disabled 264 Allow Client No Certificate: Not Allowed 265 Renegotiation: Not supported 266 This API is a version-specific API. After the configuration context is created, 267 the HITLS_SetVersion, HITLS_CFG_SetVersion, HITLS_SetVersionSupport, HITLS_CFG_SetVersionSupport, 268 HITLS_SetMinProtoVersion, or HITLS_SetMaxProtoVersion interface cannot be used to set other supported versions. 269 * @retval HITLS_Config, object pointer succeeded. 270 * @retval NULL, object application failed. 271 */ 272 HITLS_Config *HITLS_CFG_NewTLCPConfig(void); 273 274 /** 275 * @ingroup hitls_config 276 * @brief Create TLCP configuration items with provider, including the default settings. Same as HITLS_CFG_NewTLCPConfig 277 * except that it requires libCtx and attribute parameters. 278 * 279 * @param[in] libCtx: The library context. 280 * @param[in] attrName: The attribute name. 281 * 282 * @retval HITLS_Config, object pointer succeeded. 283 * @retval NULL, failed to apply for the object. 284 * @see HITLS_CFG_FreeConfig 285 */ 286 HITLS_Config *HITLS_CFG_ProviderNewTLCPConfig(HITLS_Lib_Ctx *libCtx, const char *attrName); 287 288 /** 289 * @ingroup hitls_config 290 * @brief Create DTLCP configuration items, including the default settings. The user can call the 291 * HITLS_CFG_SetXXX interface to modify the settings. 292 * 293 * @attention The default configuration is as follows: 294 Version number: HITLS_VERSION_TLCP_DTLCP11 295 Algorithm suite: HITLS_ECDHE_SM4_CBC_SM3, HITLS_ECC_SM4_CBC_SM3, HITLS_ECDHE_SM4_GCM_SM3, HITLS_ECC_SM4_GCM_SM3 296 EC point format: HITLS_POINT_FORMAT_UNCOMPRESSED 297 groups:sm2 298 Extended Master Key: Enabled 299 Signature algorithm: All signature algorithms in the HITLS_SignHashAlgo table 300 Dual-ended check: Disabled 301 Allow Client No Certificate: Not Allowed 302 Renegotiation: Not supported 303 This API is a version-specific API. After the configuration context is created, 304 the HITLS_SetVersion, HITLS_CFG_SetVersion, HITLS_SetVersionSupport, HITLS_CFG_SetVersionSupport, 305 HITLS_SetMinProtoVersion, or HITLS_SetMaxProtoVersion interface cannot be used to set other supported versions. 306 * @retval HITLS_Config, object pointer succeeded. 307 * @retval NULL, object application failed. 308 */ 309 HITLS_Config *HITLS_CFG_NewDTLCPConfig(void); 310 311 /** 312 * @ingroup hitls_config 313 * @brief Create DTLCP configuration items with provider, including the default settings. Same as HITLS_CFG_NewDTLCPConfig 314 * except that it requires libCtx and attribute parameters. 315 * 316 * @param[in] libCtx: The library context. 317 * @param[in] attrName: The attribute name. 318 * 319 * @retval HITLS_Config, object pointer succeeded. 320 * @retval NULL, failed to apply for the object. 321 * @see HITLS_CFG_FreeConfig 322 */ 323 HITLS_Config *HITLS_CFG_ProviderNewDTLCPConfig(HITLS_Lib_Ctx *libCtx, const char *attrName); 324 325 /** 326 * @ingroup hitls_config 327 * @brief Create a TLS12 configuration item, including the default configuration. 328 * 329 * The user can call the HITLS_CFG_SetXXX interface to modify the configuration. 330 * 331 * @attention The default configuration is as follows: 332 Version number: HITLS_VERSION_TLS12 333 Algorithm suite: HITLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, HITLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 334 HITLS_DHE_DSS_WITH_AES_256_GCM_SHA384, HITLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 335 HITLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, HITLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 336 HITLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 337 HITLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, HITLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 338 HITLS_DHE_DSS_WITH_AES_128_GCM_SHA256, HITLS_DHE_RSA_WITH_AES_128_GCM_SHA256 339 EC point format: HITLS_POINT_FORMAT_UNCOMPRESSED 340 groups:secp256r1, secp384r1, secp521r1, x25519, x448 341 Extended Master Key: Enabled 342 Signature algorithm: All signature algorithms in the HITLS_SignHashAlgo table 343 Dual-ended check: Disabled 344 Allow Client No Certificate: Not Allowed 345 Renegotiation: Not supported 346 This API is a version-specific API. After the configuration context is created, 347 the HITLS_SetVersion, HITLS_CFG_SetVersion, HITLS_SetVersionSupport, HITLS_CFG_SetVersionSupport, 348 HITLS_SetMinProtoVersion, or HITLS_SetMaxProtoVersion interface cannot be used to set other supported versions. 349 * @retval HITLS_Config, object pointer succeeded. 350 * @retval NULL, object application failed. 351 */ 352 HITLS_Config *HITLS_CFG_NewTLS12Config(void); 353 354 /** 355 * @ingroup hitls_config 356 * @brief Create TLS12 configuration items with provider, including the default settings. Same as HITLS_CFG_NewTLS12Config 357 * except that it requires libCtx and attribute parameters. 358 * 359 * @param[in] libCtx: The library context. 360 * @param[in] attrName: The attribute name. 361 * 362 * @retval HITLS_Config, object pointer succeeded. 363 * @retval NULL, failed to apply for the object. 364 * @see HITLS_CFG_FreeConfig 365 */ 366 HITLS_Config *HITLS_CFG_ProviderNewTLS12Config(HITLS_Lib_Ctx *libCtx, const char *attrName); 367 368 /** 369 * @ingroup hitls_config 370 * @brief Creates the default TLS13 configuration. 371 * 372 * The HITLS_CFG_SetXXX interface can be used to modify the default TLS13 configuration. 373 * 374 * @attention The default configuration is as follows: 375 Version number: HITLS_VERSION_TLS13 376 Algorithm suite: HITLS_AES_128_GCM_SHA256, HITLS_CHACHA20_POLY1305_SHA256, HITLS_AES_128_GCM_SHA256 377 EC point format: HITLS_POINT_FORMAT_UNCOMPRESSED 378 groups:secp256r1, secp384r1, secp521r1, x25519, x448 379 Extended Master Key: Enabled 380 Signature algorithm: rsa, ecdsa, eddsa 381 Dual-ended check: Disabled 382 Allow Client No Certificate: Not Allowed 383 This API is a version-specific API. After the configuration context is created, 384 the HITLS_SetVersion, HITLS_CFG_SetVersion, HITLS_SetVersionSupport, 385 HITLS_CFG_SetVersionSupport, HITLS_SetMinProtoVersion, and HITLS_SetMaxProtoVersion 386 interface cannot be used to set other supported versions. 387 * @retval HITLS_Config, object pointer succeeded. 388 * @retval NULL, failed to apply for the object 389 */ 390 HITLS_Config *HITLS_CFG_NewTLS13Config(void); 391 392 /** 393 * @ingroup hitls_config 394 * @brief Create TLS13 configuration items with provider, including the default settings. Same as HITLS_CFG_NewTLS13Config 395 * except that it requires libCtx and attribute parameters. 396 * 397 * @param[in] libCtx: The library context. 398 * @param[in] attrName: The attribute name. 399 * 400 * @retval HITLS_Config, object pointer succeeded. 401 * @retval NULL, failed to apply for the object. 402 * @see HITLS_CFG_FreeConfig 403 */ 404 HITLS_Config *HITLS_CFG_ProviderNewTLS13Config(HITLS_Lib_Ctx *libCtx, const char *attrName); 405 406 /** 407 * @ingroup hitls_config 408 * @brief Create full TLS configurations. The HITLS_CFG_SetXXX interface can be used to modify the configurations. 409 * 410 * @attention The default configuration is as follows: 411 Version number: HITLS_VERSION_TLS12, HITLS_VERSION_TLS13 412 Algorithm suite: HITLS_AES_128_GCM_SHA256, HITLS_CHACHA20_POLY1305_SHA256, HITLS_AES_128_GCM_SHA256 413 HITLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, HITLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 414 HITLS_DHE_DSS_WITH_AES_256_GCM_SHA384, HITLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 415 HITLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, HITLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 416 HITLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, HITLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 417 HITLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, HITLS_DHE_DSS_WITH_AES_128_GCM_SHA256, 418 HITLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 419 HITLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, HITLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 420 HITLS_DHE_RSA_WITH_AES_256_CBC_SHA, HITLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 421 HITLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, HITLS_DHE_RSA_WITH_AES_128_CBC_SHA, 422 HITLS_RSA_WITH_AES_256_CBC_SHA, HITLS_RSA_WITH_AES_128_CBC_SHA, 423 EC point format: HITLS_POINT_FORMAT_UNCOMPRESSED 424 groups:secp256r1, secp384r1, secp521r1, x25519, x448, brainpool256r1, brainpool384r1, brainpool521r1 425 Extended Master Key: Enabled 426 Signature algorithm: All signature algorithms in the HITLS_SignHashAlgo table 427 Dual-ended check: Disabled 428 Allow Client No Certificate: Not Allowed 429 This interface is a unified configuration interface. After a configuration context is created, 430 it can be used with the HITLS_SetVersion, HITLS_CFG_SetVersion, HITLS_SetVersionSupport, 431 HITLS_CFG_SetVersionSupport, HITLS_SetMinProtoVersion, and HITLS_SetMaxProtoVersion are used together, 432 Set the supported version. However, only the TLS configuration item is configured in this interface. 433 Therefore, the DTLS version cannot be set. 434 * @retval HITLS_Config, object pointer succeeded. 435 * @retval NULL, object application failed. 436 */ 437 HITLS_Config *HITLS_CFG_NewTLSConfig(void); 438 439 /** 440 * @ingroup hitls_config 441 * @brief Create TLS configuration items with provider, including the default settings. Same as HITLS_CFG_NewTLSConfig 442 * except that it requires libCtx and attribute parameters. 443 * 444 * @param[in] libCtx: The library context. 445 * @param[in] attrName: The attribute name. 446 * 447 * @retval HITLS_Config, object pointer succeeded. 448 * @retval NULL, failed to apply for the object. 449 * @see HITLS_CFG_FreeConfig 450 */ 451 HITLS_Config *HITLS_CFG_ProviderNewTLSConfig(HITLS_Lib_Ctx *libCtx, const char *attrName); 452 453 /** 454 * @ingroup hitls_config 455 * @brief Create full DTLS configurations. The HITLS_CFG_SetXXX interface can be called 456 * to modify the DTLS configuration. 457 * 458 * @attention The default configuration is as follows: 459 Version number: HITLS_VERSION_DTLS10, HITLS_VERSION_DTLS12 460 Algorithm suite: HITLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, HITLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 461 HITLS_DHE_DSS_WITH_AES_256_GCM_SHA384, HITLS_DHE_RSA_WITH_AES_256_GCM_SHA384, 462 HITLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, HITLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 463 HITLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, HITLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 464 HITLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, HITLS_DHE_DSS_WITH_AES_128_GCM_SHA256, 465 HITLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 466 EC point format: HITLS_POINT_FORMAT_UNCOMPRESSED 467 groups:secp256r1, secp384r1, secp521r1, x25519, x448, brainpool256r1, brainpool384r1, brainpool521r1 468 Extended Master Key: Enabled 469 Signature algorithm: All signature algorithms in the HITLS_SignHashAlgo table 470 Dual-ended check: Disabled 471 Allow Client No Certificate: Not Allowed 472 This interface is a unified configuration interface. After a configuration context is created, 473 it can be used with the HITLS_SetVersion, HITLS_CFG_SetVersion, HITLS_SetVersionSupport, 474 HITLS_CFG_SetVersionSupport, HITLS_SetMinProtoVersion, and HITLS_SetMaxProtoVersion are used together, 475 Set the supported version. However, only the DTLS configuration item is configured in this interface. 476 Therefore, the TLS version cannot be set. 477 * @retval HITLS_Config, object pointer succeeded. 478 * @retval NULL, Object application failed. 479 */ 480 HITLS_Config *HITLS_CFG_NewDTLSConfig(void); 481 482 /** 483 * @ingroup hitls_config 484 * @brief Create DTLS configuration items with provider, including the default settings. Same as HITLS_CFG_NewDTLSConfig 485 * except that it requires libCtx and attribute parameters. 486 * 487 * @param[in] libCtx: The library context. 488 * @param[in] attrName: The attribute name. 489 * 490 * @retval HITLS_Config, object pointer succeeded. 491 * @retval NULL, failed to apply for the object. 492 * @see HITLS_CFG_FreeConfig 493 */ 494 HITLS_Config *HITLS_CFG_ProviderNewDTLSConfig(HITLS_Lib_Ctx *libCtx, const char *attrName); 495 496 /** 497 * @ingroup hitls_config 498 * @brief Release the config file. 499 * 500 * @param config [OUT] Config handle. 501 * @retval void 502 */ 503 void HITLS_CFG_FreeConfig(HITLS_Config *config); 504 505 /** 506 * @ingroup hitls_config 507 * @brief The reference counter of config increases by 1. 508 * 509 * @param config [OUT] Config handle. 510 * @retval HITLS_SUCCESS, if successful. 511 * @retval HITLS_NULL_INPUT, config is null. 512 */ 513 int32_t HITLS_CFG_UpRef(HITLS_Config *config); 514 515 /** 516 * @ingroup hitls_config 517 * @brief Set the supported version number range. 518 * 519 * @param config [OUT] Config handle 520 * @param minVersion [IN] Minimum version number 521 * @param maxVersion [IN] Maximum version number 522 * @attention The maximum version number and minimum version number must be both TLS and DTLS. 523 * Currently, only DTLS 1.2. 524 * HITLS_CFG_NewDTLSConfig, HITLS_CFG_NewTLSConfig can be used with full configuration interfaces. 525 * If TLS full configuration is configured, only the TLS version can be set. 526 * If DTLS full configuration is configured, only the DTLS version can be set. 527 * @retval HITLS_SUCCESS, if successful. 528 * @retval HITLS_NULL_INPUT, config is null. 529 */ 530 int32_t HITLS_CFG_SetVersion(HITLS_Config *config, uint16_t minVersion, uint16_t maxVersion); 531 532 /** 533 * @ingroup hitls_config 534 * @brief Setting the disabled version number. 535 * 536 * @param config [OUT] Config handle 537 * @param noversion [IN] Disabled version number. 538 * @retval HITLS_SUCCESS, if successful. 539 * @retval HITLS_NULL_INPUT, config is null. 540 */ 541 int32_t HITLS_CFG_SetVersionForbid(HITLS_Config *config, uint32_t noVersion); 542 543 /** 544 * @ingroup hitls_config 545 * @brief Set whether to support renegotiation. 546 * 547 * @param config [OUT] Config handle 548 * @param support [IN] Whether to support the function. The options are as follows: True: yes; False: no. 549 * @retval HITLS_SUCCESS, if successful. 550 * @retval HITLS_NULL_INPUT, config is null. 551 */ 552 int32_t HITLS_CFG_SetRenegotiationSupport(HITLS_Config *config, bool support); 553 554 /** 555 * @ingroup hitls_config 556 * @brief Set whether to allow a renegotiate request from the client 557 * @param config [OUT] Config handle 558 * @param support [IN] Whether to support the function. The options are as follows: True: yes; False: no. 559 * @retval HITLS_SUCCESS, if successful. 560 * @retval HITLS_NULL_INPUT, config is null. 561 */ 562 int32_t HITLS_CFG_SetClientRenegotiateSupport(HITLS_Config *config, bool support); 563 564 /** 565 * @ingroup hitls_config 566 * @brief Set whether to abort handshake when server doesn't support SecRenegotiation 567 * @param config [OUT] Config handle 568 * @param support [IN] Whether to support the function. The options are as follows: True: yes; False: no. 569 * @retval HITLS_SUCCESS, if successful. 570 * @retval HITLS_NULL_INPUT, config is null. 571 */ 572 int32_t HITLS_CFG_SetLegacyRenegotiateSupport(HITLS_Config *config, bool support); 573 574 /** 575 * @ingroup hitls_config 576 * @brief Set whether to support session restoration during renegotiation. 577 * By default, session restoration is not supported. 578 * @param config [OUT] Config handle 579 * @param support [IN] Whether to support the function. The options are as follows: True: yes; False: no. 580 * @retval HITLS_SUCCESS, if successful. 581 * @retval HITLS_NULL_INPUT, config is null. 582 */ 583 int32_t HITLS_CFG_SetResumptionOnRenegoSupport(HITLS_Config *config, bool support); 584 585 /** 586 * @ingroup hitls_config 587 * @brief Sets whether to verify the client certificate. 588 * Client: This setting has no impact 589 * Server: The certificate request will be sent. 590 * 591 * @param config [OUT] Config handle 592 * @param support [IN] Indicates whether the client certificate can be verified.True: yes; False: no. 593 * @retval HITLS_SUCCESS, if successful. 594 * @retval HITLS_NULL_INPUT, The config parameter is empty. 595 * @attention The settings on the client are invalid. Only the settings on the server take effect. 596 * If this parameter is not set, single-ended verification is used by default. 597 */ 598 int32_t HITLS_CFG_SetClientVerifySupport(HITLS_Config *config, bool support); 599 600 /** 601 * @ingroup hitls_config 602 * @brief Sets whether to allow the client certificate to be empty. 603 * This parameter takes effect only when client certificate verification is enabled. 604 * Client: This setting has no impact 605 * Server: Check whether the certificate passes the verification when receiving an empty 606 * certificate from the client. The verification fails by default. 607 * 608 * @param config [OUT] Config handle 609 * @param support [IN] Indicates whether the authentication is successful when no client certificate is available. 610 true: The server still passes the verification when the certificate sent by the client is empty. 611 false: The server fails to pass the verification when the certificate sent by the client is empty. 612 * @retval HITLS_SUCCESS, if successful. 613 * @retval HITLS_NULL_INPUT, The config parameter is empty. 614 */ 615 int32_t HITLS_CFG_SetNoClientCertSupport(HITLS_Config *config, bool support); 616 617 /** 618 * @ingroup hitls_config 619 * @brief Sets whether to forcibly support extended master keys. 620 * 621 * @param config [OUT] Config handle 622 * @param support [IN] Indicates whether to forcibly support extended master keys. 623 The options are as follows: True: yes; False: no. The default value is true. 624 * @retval HITLS_SUCCESS. 625 * @retval HITLS_NULL_INPUT, config is NULL 626 */ 627 int32_t HITLS_CFG_SetExtenedMasterSecretSupport(HITLS_Config *config, bool support); 628 629 /** 630 * @ingroup hitls_config 631 * @brief Set whether the DH parameter can be automatically selected by users. 632 * 633 * If the value is true, the DH parameter is automatically selected based on the length of the 634 * certificate private key. If the value is false, the DH parameter needs to be set. 635 * 636 * @param config [OUT] Config handle 637 * @param support [IN] Whether to support the function. The options are as follows: True: yes; False: no. 638 * @retval HITLS_SUCCESS, if successful. 639 * @retval HITLS_NULL_INPUT, config is null. 640 */ 641 int32_t HITLS_CFG_SetDhAutoSupport(HITLS_Config *config, bool support); 642 643 /** 644 * @ingroup hitls_config 645 * @brief Set the DH parameter specified by the user. 646 * 647 * @param config [OUT] Config handle 648 * @param dhPkey [IN] User-specified DH key. 649 * @retval HITLS_SUCCESS, if successful. 650 * @retval HITLS_NULL_INPUT, config is empty, or dhPkey is empty. 651 */ 652 int32_t HITLS_CFG_SetTmpDh(HITLS_Config *config, HITLS_CRYPT_Key *dhPkey); 653 654 /** 655 * @ingroup hitls_config 656 * @brief Query whether renegotiation is supported. 657 * 658 * @param config [IN] Config handle 659 * @param isSupport [OUT] Whether to support renegotiation 660 * @retval HITLS_SUCCESS, if successful. 661 * @retval HITLS_NULL_INPUT, config is null. 662 */ 663 int32_t HITLS_CFG_GetRenegotiationSupport(const HITLS_Config *config, uint8_t *isSupport); 664 665 666 /** 667 * @ingroup hitls_config 668 * @brief Query whether the client certificate can be verified. 669 * 670 * @param config [IN] Config handle 671 * @param isSupport [OUT] Indicates whether to verify the client certificate. 672 * @retval HITLS_SUCCESS, if successful. 673 * @retval HITLS_NULL_INPUT, config is null. 674 */ 675 int32_t HITLS_CFG_GetClientVerifySupport(HITLS_Config *config, uint8_t *isSupport); 676 677 /** 678 * @ingroup hitls_config 679 * @brief Query whether support there is no client certificate. This parameter takes effect 680 * only when the client certificate is verified. 681 * 682 * @param config [IN] Config handle 683 * @param isSupport [OUT] Indicates whether to support the function of not having a client certificate. 684 * @retval HITLS_SUCCESS, if successful. 685 * @retval HITLS_NULL_INPUT, config is null. 686 */ 687 int32_t HITLS_CFG_GetNoClientCertSupport(HITLS_Config *config, uint8_t *isSupport); 688 689 /** 690 * @ingroup hitls_config 691 * @brief Query whether extended master keys are supported. 692 * 693 * @param config [IN] Config handle 694 * @param isSupport [OUT] Indicates whether to support the extended master key. 695 * @retval HITLS_SUCCESS, if successful. 696 * @retval HITLS_NULL_INPUT, config is null. 697 */ 698 int32_t HITLS_CFG_GetExtenedMasterSecretSupport(HITLS_Config *config, uint8_t *isSupport); 699 700 /** 701 * @ingroup hitls_config 702 * @brief Query whether the DH parameter can be automatically selected by the user. If yes, 703 * the DH parameter will be automatically selected based on the length of the certificate private key. 704 * 705 * @param config [IN] Config handle 706 * @param isSupport [OUT] Indicates whether to support the function of automatically selecting the DH parameter. 707 * @retval HITLS_SUCCESS, if successful. 708 * @retval HITLS_NULL_INPUT, config is null. 709 */ 710 int32_t HITLS_CFG_GetDhAutoSupport(HITLS_Config *config, uint8_t *isSupport); 711 712 /** 713 * @ingroup hitls_config 714 * @brief Setting whether to support post-handshake auth takes effect only for TLS1.3. 715 client: If the client supports pha, the client sends pha extensions. 716 Server: supports pha. After the handshake, the upper-layer interface HITLS_VerifyClientPostHandshake 717 initiates certificate verification. 718 * 719 * @param config [OUT] Config handle 720 * @param support [IN] Whether to support pha 721 True: pha is supported. 722 False: pha is not supported. 723 * @retval HITLS_SUCCESS, if successful. 724 * @retval HITLS_NULL_INPUT, The config parameter is empty. 725 * @attention Before enabling this function on the server, enable HITLS_CFG_SetClientVerifySupport. 726 * Otherwise, the configuration does not take effect. 727 */ 728 int32_t HITLS_CFG_SetPostHandshakeAuthSupport(HITLS_Config *config, bool support); 729 730 /** 731 * @ingroup hitls_config 732 * @brief Query whether the post-handshake AUTH function is supported. 733 * 734 * @param config [IN] Config handle 735 * @param isSupport [OUT] Indicates whether to support post-handshake AUTH. 736 * @retval HITLS_SUCCESS, if successful. 737 * @retval HITLS_NULL_INPUT, config is null. 738 */ 739 int32_t HITLS_CFG_GetPostHandshakeAuthSupport(HITLS_Config *config, uint8_t *isSupport); 740 741 /** 742 * @ingroup hitls_config 743 * @brief Sets whether to support not perform dual-ended verification 744 * 745 * @param support [IN] True: yes; False: no. 746 * @retval HITLS_SUCCESS, if successful. 747 * @retval HITLS_NULL_INPUT, config is null. 748 */ 749 int32_t HITLS_CFG_SetVerifyNoneSupport(HITLS_Config *config, bool support); 750 751 /** 752 * @ingroup hitls_config 753 * @brief Query whether not perform dual-ended verification is supported 754 * 755 * @param config [IN] Config handle 756 * @param isSupport [OUT] Indicates whether not perform dual-ended verification is supported 757 * @retval HITLS_SUCCESS, if successful. 758 * @retval HITLS_NULL_INPUT, config is null. 759 */ 760 int32_t HITLS_CFG_GetVerifyNoneSupport(HITLS_Config *config, uint8_t *isSupport); 761 762 /** 763 * @ingroup hitls_config 764 * @brief Set whether request client certificate only once is supported 765 * 766 * @param config [OUT] TLS link configuration 767 * @param support [IN] True: yes; False: no. 768 * @retval HITLS_SUCCESS, if successful. 769 * @retval HITLS_NULL_INPUT, config is null. 770 */ 771 int32_t HITLS_CFG_SetClientOnceVerifySupport(HITLS_Config *config, bool support); 772 773 /** 774 * @ingroup hitls_config 775 * @brief Query whether request client certificate only once is supported 776 * 777 * @param config [IN] Config handle 778 * @param isSupport [OUT] Indicates whether the client certificate can be requested only once. 779 * @retval HITLS_SUCCESS, if successful. 780 * @retval HITLS_NULL_INPUT, config is null. 781 */ 782 int32_t HITLS_CFG_GetClientOnceVerifySupport(HITLS_Config *config, uint8_t *isSupport); 783 784 /** 785 * @ingroup hitls_config 786 * @brief Set the supported cipher suites. The sequence of the cipher suites affects the priority of the selected 787 * cipher suites. The cipher suite with the highest priority is the first. 788 * @attention This setting will automatically filter out unsupported cipher suites. 789 * @param config [OUT] Config handle. 790 * @param cipherSuites [IN] cipher suite array, corresponding to the HITLS_CipherSuite enumerated value. 791 * @param cipherSuitesSize [IN] cipher suite array length. 792 * @retval HITLS_SUCCESS, if successful. 793 * For details about other error codes, see hitls_error.h. 794 */ 795 int32_t HITLS_CFG_SetCipherSuites(HITLS_Config *config, const uint16_t *cipherSuites, uint32_t cipherSuitesSize); 796 797 /** 798 * @ingroup hitls_config 799 * @brief Clear the TLS1.3 cipher suite. 800 * 801 * @param config [IN] Config handle. 802 * @retval HITLS_SUCCESS, if successful. 803 * For details about other error codes, see hitls_error.h. 804 */ 805 int32_t HITLS_CFG_ClearTLS13CipherSuites(HITLS_Config *config); 806 807 /** 808 * @ingroup hitls_config 809 * @brief Set the format of the ec point. 810 * 811 * @attention Currently, this parameter can only be set to HITLS_ECPOINTFORMAT_UNCOMPRESSED. 812 * 813 * @param config [OUT] Config context. 814 * @param pointFormats [IN] EC point format, corresponding to the HITLS_ECPointFormat enumerated value. 815 * @param pointFormatsSize [IN] EC point format length 816 * @retval HITLS_SUCCESS, if successful. 817 * For details about other error codes, see hitls_error.h. 818 */ 819 int32_t HITLS_CFG_SetEcPointFormats(HITLS_Config *config, const uint8_t *pointFormats, uint32_t pointFormatsSize); 820 821 /** 822 * @ingroup hitls_config 823 * @brief Set the group supported during key exchange. The group supported 824 * by HiTLS can be queried in HITLS_NamedGroup. 825 * 826 * @attention If a group is not supported, an error will be reported during configuration check. 827 * @param config [OUT] Config context. 828 * @param groups [IN] Key exchange group. Corresponds to the HITLS_NamedGroup enumerated value. 829 * @param groupsSize [IN] Group length 830 * @retval HITLS_SUCCESS, if successful. 831 * For details about other error codes, see hitls_error.h. 832 */ 833 int32_t HITLS_CFG_SetGroups(HITLS_Config *config, const uint16_t *groups, uint32_t groupsSize); 834 835 /** 836 * @ingroup hitls_config 837 * @brief Set the signature algorithms supported during negotiation. The signature algorithms supported 838 * by the HiTLS can be queried in the HITLS_SignHashAlgo file. 839 * 840 * @attention If an unsupported signature algorithm is set, an error will be reported during configuration check. 841 * @param config [OUT] Config context 842 * @param signAlgs [IN] Signature algorithm array, that is, the enumerated value of HITLS_SignHashAlgo. 843 * @param signAlgsSize [IN] Signature algorithm array length 844 * @retval HITLS_SUCCESS, if successful. 845 * For details about other error codes, see hitls_error.h. 846 */ 847 int32_t HITLS_CFG_SetSignature(HITLS_Config *config, const uint16_t *signAlgs, uint16_t signAlgsSize); 848 849 /** 850 * @ingroup hitls_config 851 * @brief Add the CA indicator, which is used when the peer certificate is requested. 852 * 853 * @param config [OUT] TLS link configuration 854 * @param caType [IN] CA indication type 855 * @param data [IN] CA indication data 856 * @param len [IN] Data length 857 * @retval HITLS_SUCCESS, if successful. 858 * For other error codes, see hitls_error.h. 859 */ 860 int32_t HITLS_CFG_AddCAIndication(HITLS_Config *config, HITLS_TrustedCAType caType, const uint8_t *data, uint32_t len); 861 862 /** 863 * @ingroup hitls_config 864 * @brief Obtain the CA list. 865 * 866 * @param config [OUT] TLS link configuration 867 * @retval CA list 868 */ 869 HITLS_TrustedCAList *HITLS_CFG_GetCAList(const HITLS_Config *config); 870 871 /** 872 * @ingroup hitls_config 873 * @brief Clear the CA list. 874 * @param config [OUT] TLS link configuration 875 * @retval CA list 876 */ 877 void HITLS_CFG_ClearCAList(HITLS_Config *config); 878 879 /** 880 * @ingroup hitls_config 881 * @brief Set the key exchange mode, which is used by TLS1.3. 882 * 883 * @param config [OUT] TLS link configuration 884 * @param mode [IN] PSK key exchange mode. Currently, only TLS13_KE_MODE_PSK_ONLY and TLS13_KE_MODE_PSK_WITH_DHE 885 * are supported. The corresponding bit is set to 1. 886 * @retval HITLS_SUCCESS, if successful. 887 * For details about other error codes, see hitls_error.h. 888 */ 889 int32_t HITLS_CFG_SetKeyExchMode(HITLS_Config *config, uint32_t mode); 890 891 /** 892 * @ingroup hitls_config 893 * @brief Obtain the key exchange mode, which is used by TLS1.3. 894 * 895 * @param config [OUT] TLS link configuration 896 * @retval Key exchange mode 897 */ 898 uint32_t HITLS_CFG_GetKeyExchMode(HITLS_Config *config); 899 900 /* If the ClientHello callback is successfully executed, the handshake continues */ 901 #define HITLS_CONTINUE_HANDHSAKE 1 902 /* The ClientHello callback fails. Send an alert message and terminate the handshake */ 903 #define HITLS_ALERT_HANDSHAKE 0 904 905 /** 906 * @ingroup hitls_config 907 * @brief ClientHello callback prototype for the server to process the callback. 908 * 909 * @param ctx [IN] Ctx context 910 * @param alert [OUT] The callback that returns a failure should indicate the alert value to be sent in al. 911 * @param arg [IN] Product input context 912 * @retval HITLS_CONTINUE_HANDHSAKE: successful. Other values are considered as failure. 913 */ 914 typedef int32_t (*HITLS_ClientHelloCb)(HITLS_Ctx *ctx, int32_t *alert, void *arg); 915 916 /** 917 * @ingroup hitls_config 918 * @brief Set the ClientHello callback on the server. 919 * 920 * @param config [OUT] Config context 921 * @param callback [IN] ClientHello callback 922 * @param arg [IN] Product input context 923 * @retval HITLS_SUCCESS, if successful. 924 * For details about other error codes, see hitls_error.h. 925 */ 926 int32_t HITLS_CFG_SetClientHelloCb(HITLS_Config *config, HITLS_ClientHelloCb callback, void *arg); 927 928 /** 929 * @ingroup hitls_config 930 * @brief DTLS callback prototype for obtaining the timeout interval 931 * @param ctx [IN] Ctx context 932 * @param us [IN] Current timeout interval, Unit: microsecond 933 * @return Obtained timeout interval 934 */ 935 typedef uint32_t (*HITLS_DtlsTimerCb)(HITLS_Ctx *ctx, uint32_t us); 936 937 /** 938 * @ingroup hitls_config 939 * @brief Set the DTLS obtaining timeout interval callback. 940 * @param config [OUT] Config context 941 * @param callback [IN] DTLS callback for obtaining the timeout interval 942 * @return HITLS_SUCCESS, if successful. 943 * For details about other error codes, see hitls_error.h. 944 */ 945 int32_t HITLS_CFG_SetDtlsTimerCb(HITLS_Config *config, HITLS_DtlsTimerCb callback); 946 947 /** 948 * @ingroup hitls_config 949 * @brief Obtaining the Minimum Supported Version Number 950 * 951 * @param config [IN] Config context 952 * @param minVersion [OUT] Minimum version supported 953 * @retval HITLS_SUCCESS is obtained successfully. 954 * For details about other error codes, see hitls_error.h. 955 */ 956 int32_t HITLS_CFG_GetMinVersion(const HITLS_Config *config, uint16_t *minVersion); 957 958 /** 959 * @ingroup hitls_config 960 * @brief Obtaining the Maximum supported version number 961 * 962 * @param config [IN] Config context 963 * @param maxVersion [OUT] Maximum supported version 964 * @retval HITLS_SUCCESS is obtained successfully. 965 * For other error codes, see hitls_error.h. 966 */ 967 int32_t HITLS_CFG_GetMaxVersion(const HITLS_Config *config, uint16_t *maxVersion); 968 969 /** 970 * @ingroup hitls_config 971 * @brief Obtain the symmetric encryption algorithm type based on the cipher suite. 972 * 973 * @param cipher[IN] Cipher suite 974 * @param cipherAlg [OUT] Obtained symmetric encryption algorithm type. 975 * @retval HITLS_SUCCESS, if successful. 976 * @retval For other error codes, see hitls_error.h. 977 */ 978 int32_t HITLS_CFG_GetCipherId(const HITLS_Cipher *cipher, HITLS_CipherAlgo *cipherAlg); 979 980 /** 981 * @ingroup hitls_config 982 * @brief Obtain the hash algorithm type based on the cipher suite. 983 * 984 * @param cipher [IN] Cipher suite 985 * @param hashAlg [OUT] Obtained hash algorithm type. 986 * @retval HITLS_SUCCESS, if successful. 987 * @retval For other error codes, see hitls_error.h. 988 */ 989 int32_t HITLS_CFG_GetHashId(const HITLS_Cipher *cipher, HITLS_HashAlgo *hashAlg); 990 991 /** 992 * @ingroup hitls_config 993 * @brief Obtain the MAC algorithm type based on the cipher suite. 994 * 995 * @param cipher [IN] Cipher suite 996 * @param macAlg [OUT] Obtained MAC algorithm type. 997 * @retval HITLS_SUCCESS, if successful. 998 * @retval For other error codes, see hitls_error.h. 999 */ 1000 int32_t HITLS_CFG_GetMacId(const HITLS_Cipher *cipher, HITLS_MacAlgo *macAlg); 1001 1002 /** 1003 * @ingroup hitls_config 1004 * @brief Obtain the server authorization algorithm type based on the cipher suite. 1005 * 1006 * @param cipher [IN] Cipher suite 1007 * @param authAlg [OUT] Obtained server authorization type. 1008 * @retval HITLS_SUCCESS, if successful. 1009 * @retval For other error codes, see hitls_error.h. 1010 */ 1011 int32_t HITLS_CFG_GetAuthId(const HITLS_Cipher *cipher, HITLS_AuthAlgo *authAlg); 1012 1013 /** 1014 * @ingroup hitls_config 1015 * @brief Obtain the key exchange algorithm type based on the cipher suite. 1016 * 1017 * @param cipher [IN] Cipher suite 1018 * @param kxAlg [OUT] Obtained key exchange algorithm type. 1019 * @retval HITLS_SUCCESS, if successful. 1020 * @retval For other error codes, see hitls_error.h. 1021 */ 1022 int32_t HITLS_CFG_GetKeyExchId(const HITLS_Cipher *cipher, HITLS_KeyExchAlgo *kxAlg); 1023 1024 /** 1025 * @ingroup hitls_config 1026 * @brief Obtain the cipher suite name based on the cipher suite. 1027 * 1028 * @param cipher [IN] Cipher suite 1029 * @retval "(NONE)" Invalid cipher suite. 1030 * @retval Name of the given cipher suite 1031 */ 1032 const uint8_t* HITLS_CFG_GetCipherSuiteName(const HITLS_Cipher *cipher); 1033 1034 /** 1035 * @ingroup hitls_config 1036 * @brief Obtain the RFC standard name of the cipher suite based on the cipher suite. 1037 * 1038 * @param cipherSuite [IN] cipher suite 1039 * 1040 * @retval "(NONE)" Invalid cipher suite. 1041 * @retval RFC standard name for the given cipher suite 1042 */ 1043 const uint8_t* HITLS_CFG_GetCipherSuiteStdName(const HITLS_Cipher *cipher); 1044 1045 /** 1046 * @ingroup hitls_config 1047 * @brief Obtain the corresponding cipher suite pointer based on the RFC Standard Name. 1048 * 1049 * @param stdName [IN] RFC Standard Name 1050 * 1051 * @retval NULL. Failed to obtain the cipher suite. 1052 * @retval Pointer to the obtained cipher suite information. 1053 */ 1054 const HITLS_Cipher* HITLS_CFG_GetCipherSuiteByStdName(const uint8_t* stdName); 1055 1056 /** 1057 * @ingroup hitls_config 1058 * @brief Outputs the description of the cipher suite as a string. 1059 * 1060 * @param cipherSuite [IN] Cipher suite 1061 * @param buf [OUT] Output the description. 1062 * @param len [IN] Description length 1063 * @retval NULL, Failed to obtain the description. 1064 * @retval Description of the cipher suite 1065 */ 1066 int32_t HITLS_CFG_GetDescription(const HITLS_Cipher *cipher, uint8_t *buf, int32_t len); 1067 1068 /** 1069 * @ingroup hitls_config 1070 * @brief Determine whether to use the AEAD algorithm based on the cipher suite information. 1071 * 1072 * @param cipher [IN] Cipher suite information 1073 * @param isAead [OUT] Indicates whether to use the AEAD algorithm. 1074 * @retval HITLS_SUCCESS, obtained successfully. 1075 * HITLS_NULL_INPUT, the input parameter pointer is null. 1076 */ 1077 int32_t HITLS_CIPHER_IsAead(const HITLS_Cipher *cipher, uint8_t *isAead); 1078 1079 /** 1080 * @ingroup hitls_config 1081 * @brief Obtain the earliest TLS version supported by the cipher suite based on the cipher suite. 1082 * 1083 * @param cipher [IN] Cipher suite 1084 * @param version [OUT] Obtain the earliest TLS version supported by the cipher suite. 1085 * @retval HITLS_SUCCESS, if successful. 1086 * @retval For other error codes, see hitls_error.h. 1087 */ 1088 int32_t HITLS_CFG_GetCipherVersion(const HITLS_Cipher *cipher, int32_t *version); 1089 1090 /** 1091 * @ingroup hitls_config 1092 * @brief Obtain the cipher suite pointer based on the cipher suite ID. 1093 * 1094 * @param cipherSuite [IN] Cipher suite ID 1095 * 1096 * @retval HITLS_CONFIG_UNSUPPORT_CIPHER_SUITE, Unsupported cipher suites 1097 * @retval Pointer to the obtained cipher suite information. 1098 */ 1099 const HITLS_Cipher *HITLS_CFG_GetCipherByID(uint16_t cipherSuite); 1100 1101 /** 1102 * @ingroup hitls_config 1103 * @brief Obtain the encryption ID in the cipher suite. 1104 * 1105 * @param cipher [IN] Cipher suite. 1106 * @param cipherSuite [OUT] Cipher suite ID. 1107 * 1108 * @retval HITLS_CONFIG_UNSUPPORT_CIPHER_SUITE, Unsupported cipher suites. 1109 * @retval Minimum TLS version supported by the given cipher suite. 1110 */ 1111 int32_t HITLS_CFG_GetCipherSuite(const HITLS_Cipher *cipher, uint16_t *cipherSuite); 1112 1113 /** 1114 * @ingroup hitls_config 1115 * @brief Obtain the supported version number. 1116 * 1117 * @param config [IN] Config handle 1118 * @param version [OUT] Supported version number. 1119 * @retval HITLS_SUCCESS, if successful. 1120 * @retval HITLS_NULL_INPUT, config is null. 1121 */ 1122 int32_t HITLS_CFG_GetVersionSupport(const HITLS_Config *config, uint32_t *version); 1123 1124 /** 1125 * @ingroup hitls_config 1126 * @brief Set the supported version number. 1127 * 1128 * @param config [OUT] Config handle 1129 * @param version [IN] Supported version number. 1130 * @attention The maximum version number and minimum version number must be both TLS and DTLS. 1131 * Currently, only DTLS 1.2 is supported. This function is used together with the full configuration interfaces, 1132 * such as HITLS_CFG_NewDTLSConfig and HITLS_CFG_NewTLSConfig. 1133 * If the TLS full configuration is configured, only the TLS version can be set. 1134 * If full DTLS configuration is configured, only the DTLS version can be set. 1135 * The versions must be consecutive. By default, the minimum and maximum versions are supported. 1136 * @retval HITLS_SUCCESS, if successful. 1137 * @retval HITLS_NULL_INPUT, config is null. 1138 */ 1139 int32_t HITLS_CFG_SetVersionSupport(HITLS_Config *config, uint32_t version); 1140 1141 /** 1142 * @ingroup hitls_config 1143 * @brief This interface is used to verify the version in the premaster secret. 1144 * This interface takes effect on the server. The version must be earlier than 1.0, including 1.0. 1145 * 1146 * @param config [OUT] Config handle. 1147 * @param needCheck [IN] Indicates whether to perform verification. 1148 * @retval HITLS_SUCCESS, if successful. 1149 * @retval HITLS_NULL_INPUT, config is null. 1150 */ 1151 int32_t HITLS_CFG_SetNeedCheckPmsVersion(HITLS_Config *config, bool needCheck); 1152 1153 /** 1154 * @ingroup hitls_config 1155 * @brief Set the quiet disconnection mode. 1156 * 1157 * @param config [IN] TLS link configuration 1158 * @param mode [IN] Mode type. The value 0 indicates that the quiet disconnection mode is disabled, 1159 * and the value 1 indicates that the quiet disconnection mode is enabled. 1160 * @retval HITLS_SUCCESS, if successful. 1161 * @retval For other error codes, see hitls_error.h. 1162 */ 1163 int32_t HITLS_CFG_SetQuietShutdown(HITLS_Config *config, int32_t mode); 1164 1165 /** 1166 * @ingroup hitls_config 1167 * @brief Obtain the current quiet disconnection mode. 1168 * 1169 * @param config [IN] TLS link configuration 1170 * @param mode [OUT] Current quiet disconnection mode 1171 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1172 * @retval HITLS_SUCCESS, if successful. 1173 */ 1174 int32_t HITLS_CFG_GetQuietShutdown(const HITLS_Config *config, int32_t *mode); 1175 1176 /** 1177 * @ingroup hitls_config 1178 * @brief Set the timeout period after the DTLS over UDP connection is complete. 1179 * If the timer expires, the system does not receive the finished message resent by the peer end. 1180 * If this parameter is set to 0, the default value 240 seconds is used. 1181 * 1182 * @param config [IN] TLS link configuration 1183 * @param timeoutVal [IN] Timeout time 1184 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1185 * @retval HITLS_SUCCESS, if successful. 1186 */ 1187 int32_t HITLS_CFG_SetDtlsPostHsTimeoutVal(HITLS_Config *config, uint32_t timeoutVal); 1188 1189 /** 1190 * @ingroup hitls_config 1191 * @brief Set the Encrypt-Then-Mac mode. 1192 * 1193 * @param config [IN] TLS link configuration 1194 * @param encryptThenMacType [IN] Current Encrypt-Then-Mac mode. 1195 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1196 * @retval HITLS_SUCCESS, if successful. 1197 */ 1198 int32_t HITLS_CFG_SetEncryptThenMac(HITLS_Config *config, uint32_t encryptThenMacType); 1199 1200 /** 1201 * @ingroup hitls_config 1202 * @brief Obtain the Encrypt-Then-Mac type. 1203 * 1204 * @param config [IN] TLS link configuration 1205 * @param encryptThenMacType [OUT] Current Encrypt-Then-Mac mode 1206 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1207 * @retval HITLS_SUCCESS, if successful. 1208 */ 1209 int32_t HITLS_CFG_GetEncryptThenMac(const HITLS_Config *config, uint32_t *encryptThenMacType); 1210 1211 /** 1212 * @ingroup hitls_config 1213 * @brief Obtain the user data from the HiTLS Config object. 1214 * Generally, this function is called during the callback registered with the HiTLS. 1215 * 1216 * @attention must be called before HITLS_Connect and HITLS_Accept. 1217 * The life cycle of the user identifier must be longer than that of the TLS object. 1218 * @param config [OUT] TLS connection handle. 1219 * @param userData [IN] User identifier. 1220 * @retval HITLS_SUCCESS, if successful. 1221 * @retval HITLS_NULL_INPUT, The TLS object pointer of the input parameter is null. 1222 */ 1223 void *HITLS_CFG_GetConfigUserData(const HITLS_Config *config); 1224 1225 /** 1226 * @ingroup hitls_config 1227 * @brief User data is stored in the HiTLS Config. The user data can be obtained 1228 * from the callback registered with the HiTLS. 1229 * 1230 * @attention must be called before HITLS_Connect and HITLS_Accept. 1231 * The life cycle of the user identifier must be longer than that of the TLS object. 1232 * If the user data needs to be cleared, the HITLS_SetUserData(ctx, NULL) interface can be called directly. 1233 * The Clean interface is not provided separately. 1234 * @param config [OUT] TLS connection handle. 1235 * @param userData [IN] User identifier. 1236 * @retval HITLS_SUCCESS, if successful. 1237 * @retval HITLS_NULL_INPUT, The TLS object pointer of the input parameter is null. 1238 */ 1239 int32_t HITLS_CFG_SetConfigUserData(HITLS_Config *config, void *userData); 1240 1241 /** 1242 * @ingroup hitls_config 1243 * @brief UserData free callback 1244 */ 1245 typedef void (*HITLS_ConfigUserDataFreeCb)(void *); 1246 1247 /** 1248 * @ingroup hitls_config 1249 * @brief Sets the UserData free callback 1250 * 1251 * @param config [OUT] TLS connection handle 1252 * @param userData [IN] User Data 1253 * @retval HITLS_SUCCESS 1254 * @retval HITLS_NULL_INPUT The input pointer is null 1255 */ 1256 int32_t HITLS_CFG_SetConfigUserDataFreeCb(HITLS_Config *config, HITLS_ConfigUserDataFreeCb callback); 1257 1258 /** 1259 * @ingroup hitls_config 1260 * @brief Determine whether to use DTLS. 1261 * 1262 * @param config [IN] TLS link configuration. 1263 * @param isDtls [OUT] Indicates whether to use DTLS. 1264 * @retval HITLS_SUCCESS, obtained successfully. 1265 * HITLS_NULL_INPUT, the input parameter pointer is null. 1266 */ 1267 int32_t HITLS_CFG_IsDtls(const HITLS_Config *config, uint8_t *isDtls); 1268 1269 /** 1270 * @ingroup hitls_config 1271 * @brief cipher suites are preferentially selected from the list of algorithms supported by the server. 1272 * 1273 * @param config [IN] TLS link configuration. 1274 * @param isSupport [IN] Support or not. 1275 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1276 * @retval HITLS_SUCCESS, if successful. 1277 */ 1278 int32_t HITLS_CFG_SetCipherServerPreference(HITLS_Config *config, bool isSupport); 1279 1280 /** 1281 * @ingroup hitls_config 1282 * @brief Obtains whether the current cipher suite supports preferential selection from the list of 1283 * algorithms supported by the server. 1284 * 1285 * @param config [IN] TLS link configuration 1286 * @param isSupport [OUT] Support or not 1287 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1288 * @retval HITLS_SUCCESS, if successful. 1289 */ 1290 int32_t HITLS_CFG_GetCipherServerPreference(const HITLS_Config *config, bool *isSupport); 1291 1292 /** 1293 * @ingroup hitls_config 1294 * @brief Set whether to send handshake messages by route. 1295 * 1296 * @param config [IN/OUT] TLS link configuration 1297 * @param isEnable [IN] Indicates whether to enable the function of sending handshake information by range. 1298 * 0 indicates that the function is disabled. Other values indicate that the function is enabled. 1299 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1300 * @retval HITLS_SUCCESS, if successful. 1301 */ 1302 int32_t HITLS_CFG_SetFlightTransmitSwitch(HITLS_Config *config, uint8_t isEnable); 1303 1304 /** 1305 * @ingroup hitls_config 1306 * @brief Obtains the status of whether to send handshake information according to the route. 1307 * 1308 * @param config [IN] TLS link configuration. 1309 * @param isEnable [OUT] Indicates whether to send handshake information by route. 1310 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1311 * @retval HITLS_SUCCESS, if successful. 1312 */ 1313 int32_t HITLS_CFG_GetFlightTransmitSwitch(const HITLS_Config *config, uint8_t *isEnable); 1314 1315 /** 1316 * @ingroup hitls_config 1317 * @brief Set whether to send hello verify request message. 1318 * 1319 * @param config [IN] TLS link configuration. 1320 * @param isSupport [IN] Indicates whether to send hello verify request message. 1321 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1322 * @retval HITLS_SUCCESS, if successful. 1323 */ 1324 int32_t HITLS_CFG_SetDtlsCookieExchangeSupport(HITLS_Config *config, bool isSupport); 1325 1326 /** 1327 * @ingroup hitls_config 1328 * @brief Obtains the status of whether to send hello verify request message. 1329 * 1330 * @param config [IN] TLS link configuration. 1331 * @param isSupport [OUT] Indicates whether to send hello verify request message. 1332 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1333 * @retval HITLS_SUCCESS, if successful. 1334 */ 1335 int32_t HITLS_CFG_GetDtlsCookieExchangeSupport(const HITLS_Config *config, bool *isSupport); 1336 1337 /** 1338 * @ingroup hitls_config 1339 * @brief Set the max empty records number can be received 1340 * 1341 * @param config [IN/OUT] TLS link configuration 1342 * @param emptyNum [IN] Indicates the max number of empty records can be received 1343 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1344 * @retval HITLS_SUCCESS, if successful. 1345 */ 1346 int32_t HITLS_CFG_SetEmptyRecordsNum(HITLS_Config *config, uint32_t emptyNum); 1347 1348 /** 1349 * @ingroup hitls_config 1350 * @brief Obtain the max empty records number can be received 1351 * 1352 * @param config [IN] TLS link configuration. 1353 * @param emptyNum [OUT] Indicates the max number of empty records can be received 1354 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1355 * @retval HITLS_SUCCESS, if successful. 1356 */ 1357 int32_t HITLS_CFG_GetEmptyRecordsNum(const HITLS_Config *config, uint32_t *emptyNum); 1358 1359 /** 1360 * @ingroup hitls_config 1361 * @brief Set the maximum size of the certificate chain that can be sent by the peer end. 1362 * 1363 * @param config [IN/OUT] TLS link configuration. 1364 * @param maxSize [IN] Set the maximum size of the certificate chain that can be sent by the peer end. 1365 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1366 * @retval HITLS_SUCCESS, if successful. 1367 */ 1368 int32_t HITLS_CFG_SetMaxCertList(HITLS_Config *config, uint32_t maxSize); 1369 1370 /** 1371 * @ingroup hitls_config 1372 * @brief Obtain the maximum size of the certificate chain that can be sent by the peer end. 1373 * 1374 * @param config [IN] TLS link configuration 1375 * @param maxSize [OUT] Maximum size of the certificate chain that can be sent by the peer end. 1376 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1377 * @retval HITLS_SUCCESS, if successful. 1378 */ 1379 int32_t HITLS_CFG_GetMaxCertList(const HITLS_Config *config, uint32_t *maxSize); 1380 1381 typedef HITLS_CRYPT_Key *(*HITLS_DhTmpCb)(HITLS_Ctx *ctx, int32_t isExport, uint32_t keyLen); 1382 1383 /** 1384 * @ingroup hitls_config 1385 * @brief Set the TmpDh callback, cb can be NULL. 1386 * @param config [OUT] Config Context. 1387 * @param callback [IN] TmpDh Callback. 1388 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1389 * @retval HITLS_SUCCESS, if successful. 1390 */ 1391 int32_t HITLS_CFG_SetTmpDhCb(HITLS_Config *config, HITLS_DhTmpCb callback); 1392 1393 typedef uint64_t (*HITLS_RecordPaddingCb)(HITLS_Ctx *ctx, int32_t type, uint64_t length, void *arg); 1394 1395 /** 1396 * @ingroup hitls_config 1397 * @brief Set the RecordPadding callback. 1398 * 1399 * @param config [OUT] Config context 1400 * @param callback [IN] RecordPadding Callback 1401 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1402 * @retval HITLS_SUCCESS, if successful. 1403 */ 1404 int32_t HITLS_CFG_SetRecordPaddingCb(HITLS_Config *config, HITLS_RecordPaddingCb callback); 1405 1406 /** 1407 * @ingroup hitls_config 1408 * @brief Obtains the RecordPadding callback function. 1409 * 1410 * @param config [OUT] Config context 1411 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1412 * @retval HITLS_SUCCESS, if successful. 1413 */ 1414 HITLS_RecordPaddingCb HITLS_CFG_GetRecordPaddingCb(HITLS_Config *config); 1415 1416 /** 1417 * @ingroup hitls_config 1418 * @brief Sets the parameters arg required by the RecordPadding callback function. 1419 * 1420 * @param config [OUT] Config context 1421 * @param arg [IN] Related parameters arg 1422 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1423 * @retval HITLS_SUCCESS, if successful. 1424 */ 1425 int32_t HITLS_CFG_SetRecordPaddingCbArg(HITLS_Config *config, void *arg); 1426 1427 /** 1428 * @ingroup hitls_config 1429 * @brief Obtains the parameter arg required by the RecordPadding callback function. 1430 * 1431 * @param config [OUT] Config context 1432 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1433 * @retval HITLS_SUCCESS, if successful. 1434 */ 1435 void *HITLS_CFG_GetRecordPaddingCbArg(HITLS_Config *config); 1436 1437 /** 1438 * @ingroup hitls_config 1439 * @brief Disables the verification of keyusage in the certificate. This function is enabled by default. 1440 * 1441 * @param config [OUT] Config context 1442 * @param isCheck [IN] Sets whether to check key usage. 1443 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1444 * @retval HITLS_SUCCESS, if successful. 1445 */ 1446 int32_t HITLS_CFG_SetCheckKeyUsage(HITLS_Config *config, bool isCheck); 1447 1448 /** 1449 * @ingroup hitls_config 1450 * @brief Set read ahead flag to indicate whether read more data than user required to buffer in advance 1451 * @param config [OUT] Hitls config 1452 * @param onOff [IN] Read ahead flag, nonzero value indicates open, zero indicates close 1453 * @retval HITLS_NULL_INPUT 1454 * @retval HITLS_SUCCESS 1455 */ 1456 int32_t HITLS_CFG_SetReadAhead(HITLS_Config *config, int32_t onOff); 1457 1458 /** 1459 * @ingroup hitls_config 1460 * @brief Get whether reading ahead has been set or not 1461 * 1462 * @param config [IN] Hitls config 1463 * @param onOff [OUT] Read ahead flag 1464 * @retval HITLS_NULL_INPUT 1465 * @retval HITLS_SUCCESS 1466 */ 1467 int32_t HITLS_CFG_GetReadAhead(HITLS_Config *config, int32_t *onOff); 1468 1469 /** 1470 * @ingroup hitls_config 1471 * @brief Set the function to support the specified feature. 1472 * 1473 * @param config [OUT] Config context 1474 * @param mode [IN] Mode features to enabled. 1475 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1476 * @retval HITLS_SUCCESS, if successful. 1477 */ 1478 int32_t HITLS_CFG_SetModeSupport(HITLS_Config *config, uint32_t mode); 1479 1480 /** 1481 * @ingroup hitls_config 1482 * @brief Disable the specified feature. 1483 * 1484 * @param config [OUT] Config context 1485 * @param mode [IN] Mode features to disabled. 1486 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1487 * @retval HITLS_SUCCESS, if successful. 1488 */ 1489 int32_t HITLS_CFG_ClearModeSupport(HITLS_Config *config, uint32_t mode); 1490 1491 /** 1492 * @ingroup hitls_config 1493 * @brief Obtain the mode of the function feature in the config file. 1494 * 1495 * @param config [OUT] Config context 1496 * @param mode [OUT] Mode obtain the output parameters of the mode. 1497 * @retval HITLS_NULL_INPUT, the input parameter pointer is null. 1498 * @retval HITLS_SUCCESS, if successful. 1499 */ 1500 int32_t HITLS_CFG_GetModeSupport(const HITLS_Config *config, uint32_t *mode); 1501 1502 #ifdef __cplusplus 1503 } 1504 #endif 1505 1506 #endif /* HITLS_CONFIG_H */ 1507