EC600G/components/ql-kernel/inc/ql_ssl.h

/*================================================================
  Copyright (c) 2021, Quectel Wireless Solutions Co., Ltd. All rights reserved.
  Quectel Wireless Solutions Proprietary and Confidential.
=================================================================*/
    
#ifndef QL_SSL_H
#define QL_SSL_H

#if 1//defined(CONFIG_QUEC_PROJECT_FEATURE_SSL)

#define QL_MAX_CA_CERT_CNT        10

#define QUEC_MAX_CA_CERTEX_INDEX_NUM    6
#define QUEC_SSL_CA_CERTEX_INDEX_MIN    0
#define QUEC_SSL_CA_CERTEX_INDEX_MAX    (QUEC_MAX_CA_CERTEX_INDEX_NUM - 1)

#define QL_SSL_NEGOTIATE_TIME_DEF    300

#define QL_SSL_TLS_RSA_WITH_NULL_MD5                    0x0001   /**< Weak! */
#define QL_SSL_TLS_RSA_WITH_NULL_SHA                    0x0002   /**< Weak! */

#define QL_SSL_TLS_RSA_WITH_RC4_128_MD5                 0x0004
#define QL_SSL_TLS_RSA_WITH_RC4_128_SHA                 0x0005
#define QL_SSL_TLS_RSA_WITH_DES_CBC_SHA                 0x0009   /**< Weak! Not in TLS 1.2 */

#define QL_SSL_TLS_RSA_WITH_3DES_EDE_CBC_SHA            0x000A

#define QL_SSL_TLS_DHE_RSA_WITH_DES_CBC_SHA             0x0015   /**< Weak! Not in TLS 1.2 */
#define QL_SSL_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA        0x0016

#define QL_SSL_TLS_PSK_WITH_NULL_SHA                    0x002C   /**< Weak! */
#define QL_SSL_TLS_DHE_PSK_WITH_NULL_SHA                0x002D   /**< Weak! */
#define QL_SSL_TLS_RSA_PSK_WITH_NULL_SHA                0x002E   /**< Weak! */
#define QL_SSL_TLS_RSA_WITH_AES_128_CBC_SHA             0x002F

#define QL_SSL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA         0x0033
#define QL_SSL_TLS_RSA_WITH_AES_256_CBC_SHA             0x0035
#define QL_SSL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA         0x0039

#define QL_SSL_TLS_RSA_WITH_NULL_SHA256                 0x003B   /**< Weak! */
#define QL_SSL_TLS_RSA_WITH_AES_128_CBC_SHA256          0x003C   /**< TLS 1.2 */
#define QL_SSL_TLS_RSA_WITH_AES_256_CBC_SHA256          0x003D   /**< TLS 1.2 */

#define QL_SSL_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA        0x0041
#define QL_SSL_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA    0x0045

#define QL_SSL_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256      0x0067   /**< TLS 1.2 */
#define QL_SSL_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256      0x006B   /**< TLS 1.2 */

#define QL_SSL_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA        0x0084
#define QL_SSL_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    0x0088

#define QL_SSL_TLS_PSK_WITH_RC4_128_SHA                 0x008A
#define QL_SSL_TLS_PSK_WITH_3DES_EDE_CBC_SHA            0x008B
#define QL_SSL_TLS_PSK_WITH_AES_128_CBC_SHA             0x008C
#define QL_SSL_TLS_PSK_WITH_AES_256_CBC_SHA             0x008D

#define QL_SSL_TLS_DHE_PSK_WITH_RC4_128_SHA             0x008E
#define QL_SSL_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA        0x008F
#define QL_SSL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA         0x0090
#define QL_SSL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA         0x0091

#define QL_SSL_TLS_RSA_PSK_WITH_RC4_128_SHA             0x0092
#define QL_SSL_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA        0x0093
#define QL_SSL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA         0x0094
#define QL_SSL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA         0x0095

#define QL_SSL_TLS_RSA_WITH_AES_128_GCM_SHA256          0x009C   /**< TLS 1.2 */
#define QL_SSL_TLS_RSA_WITH_AES_256_GCM_SHA384          0x009D   /**< TLS 1.2 */
#define QL_SSL_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256      0x009E   /**< TLS 1.2 */
#define QL_SSL_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384      0x009F   /**< TLS 1.2 */

#define QL_SSL_TLS_PSK_WITH_AES_128_GCM_SHA256          0x00A8   /**< TLS 1.2 */
#define QL_SSL_TLS_PSK_WITH_AES_256_GCM_SHA384          0x00A9   /**< TLS 1.2 */
#define QL_SSL_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256      0x00AA   /**< TLS 1.2 */
#define QL_SSL_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384      0x00AB   /**< TLS 1.2 */
#define QL_SSL_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256      0x00AC   /**< TLS 1.2 */
#define QL_SSL_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384      0x00AD   /**< TLS 1.2 */

#define QL_SSL_TLS_PSK_WITH_AES_128_CBC_SHA256          0x00AE
#define QL_SSL_TLS_PSK_WITH_AES_256_CBC_SHA384          0x00AF
#define QL_SSL_TLS_PSK_WITH_NULL_SHA256                 0x00B0   /**< Weak! */
#define QL_SSL_TLS_PSK_WITH_NULL_SHA384                 0x00B1   /**< Weak! */

#define QL_SSL_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256      0x00B2
#define QL_SSL_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384      0x00B3
#define QL_SSL_TLS_DHE_PSK_WITH_NULL_SHA256             0x00B4   /**< Weak! */
#define QL_SSL_TLS_DHE_PSK_WITH_NULL_SHA384             0x00B5   /**< Weak! */

#define QL_SSL_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256      0x00B6
#define QL_SSL_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384      0x00B7
#define QL_SSL_TLS_RSA_PSK_WITH_NULL_SHA256             0x00B8   /**< Weak! */
#define QL_SSL_TLS_RSA_PSK_WITH_NULL_SHA384             0x00B9   /**< Weak! */

#define QL_SSL_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256     0x00BA   /**< TLS 1.2 */
#define QL_SSL_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x00BE   /**< TLS 1.2 */

#define QL_SSL_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256     0x00C0   /**< TLS 1.2 */
#define QL_SSL_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x00C4   /**< TLS 1.2 */

#define QL_SSL_TLS_ECDH_ECDSA_WITH_NULL_SHA             0xC001 /**< Weak! */
#define QL_SSL_TLS_ECDH_ECDSA_WITH_RC4_128_SHA          0xC002 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA     0xC003 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA      0xC004 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA      0xC005 /**< Not in SSL3! */

#define QL_SSL_TLS_ECDHE_ECDSA_WITH_NULL_SHA            0xC006 /**< Weak! */
#define QL_SSL_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA         0xC007 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA    0xC008 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA     0xC009 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA     0xC00A /**< Not in SSL3! */

#define QL_SSL_TLS_ECDH_RSA_WITH_NULL_SHA               0xC00B /**< Weak! */
#define QL_SSL_TLS_ECDH_RSA_WITH_RC4_128_SHA            0xC00C /**< Not in SSL3! */
#define QL_SSL_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA       0xC00D /**< Not in SSL3! */
#define QL_SSL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA        0xC00E /**< Not in SSL3! */
#define QL_SSL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA        0xC00F /**< Not in SSL3! */

#define QL_SSL_TLS_ECDHE_RSA_WITH_NULL_SHA              0xC010 /**< Weak! */
#define QL_SSL_TLS_ECDHE_RSA_WITH_RC4_128_SHA           0xC011 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA      0xC012 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA       0xC013 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA       0xC014 /**< Not in SSL3! */

#define QL_SSL_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256  0xC023 /**< TLS 1.2 */
#define QL_SSL_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  0xC024 /**< TLS 1.2 */
#define QL_SSL_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256   0xC025 /**< TLS 1.2 */
#define QL_SSL_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384   0xC026 /**< TLS 1.2 */
#define QL_SSL_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256    0xC027 /**< TLS 1.2 */
#define QL_SSL_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384    0xC028 /**< TLS 1.2 */
#define QL_SSL_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256     0xC029 /**< TLS 1.2 */
#define QL_SSL_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384     0xC02A /**< TLS 1.2 */

#define QL_SSL_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  0xC02B /**< TLS 1.2 */
#define QL_SSL_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  0xC02C /**< TLS 1.2 */
#define QL_SSL_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256   0xC02D /**< TLS 1.2 */
#define QL_SSL_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384   0xC02E /**< TLS 1.2 */
#define QL_SSL_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256    0xC02F /**< TLS 1.2 */
#define QL_SSL_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384    0xC030 /**< TLS 1.2 */
#define QL_SSL_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256     0xC031 /**< TLS 1.2 */
#define QL_SSL_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384     0xC032 /**< TLS 1.2 */

#define QL_SSL_TLS_ECDHE_PSK_WITH_RC4_128_SHA           0xC033 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA      0xC034 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA       0xC035 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA       0xC036 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256    0xC037 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384    0xC038 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDHE_PSK_WITH_NULL_SHA              0xC039 /**< Weak! No SSL3! */
#define QL_SSL_TLS_ECDHE_PSK_WITH_NULL_SHA256           0xC03A /**< Weak! No SSL3! */
#define QL_SSL_TLS_ECDHE_PSK_WITH_NULL_SHA384           0xC03B /**< Weak! No SSL3! */

#define QL_SSL_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  0xC074 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  0xC075 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   0xC076 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   0xC077 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    0xC078 /**< Not in SSL3! */
#define QL_SSL_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    0xC079 /**< Not in SSL3! */

#define QL_SSL_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256         0xC07A /**< TLS 1.2 */
#define QL_SSL_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384         0xC07B /**< TLS 1.2 */
#define QL_SSL_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256     0xC07C /**< TLS 1.2 */
#define QL_SSL_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384     0xC07D /**< TLS 1.2 */
#define QL_SSL_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
#define QL_SSL_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
#define QL_SSL_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256  0xC088 /**< TLS 1.2 */
#define QL_SSL_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384  0xC089 /**< TLS 1.2 */
#define QL_SSL_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256   0xC08A /**< TLS 1.2 */
#define QL_SSL_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384   0xC08B /**< TLS 1.2 */
#define QL_SSL_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256    0xC08C /**< TLS 1.2 */
#define QL_SSL_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384    0xC08D /**< TLS 1.2 */

#define QL_SSL_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256       0xC08E /**< TLS 1.2 */
#define QL_SSL_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384       0xC08F /**< TLS 1.2 */
#define QL_SSL_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256   0xC090 /**< TLS 1.2 */
#define QL_SSL_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384   0xC091 /**< TLS 1.2 */
#define QL_SSL_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256   0xC092 /**< TLS 1.2 */
#define QL_SSL_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384   0xC093 /**< TLS 1.2 */

#define QL_SSL_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256       0xC094
#define QL_SSL_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384       0xC095
#define QL_SSL_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC096
#define QL_SSL_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC097
#define QL_SSL_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC098
#define QL_SSL_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC099
#define QL_SSL_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< Not in SSL3! */
#define QL_SSL_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< Not in SSL3! */

#define QL_SSL_TLS_RSA_WITH_AES_128_CCM                0xC09C  /**< TLS 1.2 */
#define QL_SSL_TLS_RSA_WITH_AES_256_CCM                0xC09D  /**< TLS 1.2 */
#define QL_SSL_TLS_DHE_RSA_WITH_AES_128_CCM            0xC09E  /**< TLS 1.2 */
#define QL_SSL_TLS_DHE_RSA_WITH_AES_256_CCM            0xC09F  /**< TLS 1.2 */
#define QL_SSL_TLS_RSA_WITH_AES_128_CCM_8              0xC0A0  /**< TLS 1.2 */
#define QL_SSL_TLS_RSA_WITH_AES_256_CCM_8              0xC0A1  /**< TLS 1.2 */
#define QL_SSL_TLS_DHE_RSA_WITH_AES_128_CCM_8          0xC0A2  /**< TLS 1.2 */
#define QL_SSL_TLS_DHE_RSA_WITH_AES_256_CCM_8          0xC0A3  /**< TLS 1.2 */
#define QL_SSL_TLS_PSK_WITH_AES_128_CCM                0xC0A4  /**< TLS 1.2 */
#define QL_SSL_TLS_PSK_WITH_AES_256_CCM                0xC0A5  /**< TLS 1.2 */
#define QL_SSL_TLS_DHE_PSK_WITH_AES_128_CCM            0xC0A6  /**< TLS 1.2 */
#define QL_SSL_TLS_DHE_PSK_WITH_AES_256_CCM            0xC0A7  /**< TLS 1.2 */
#define QL_SSL_TLS_PSK_WITH_AES_128_CCM_8              0xC0A8  /**< TLS 1.2 */
#define QL_SSL_TLS_PSK_WITH_AES_256_CCM_8              0xC0A9  /**< TLS 1.2 */
#define QL_SSL_TLS_DHE_PSK_WITH_AES_128_CCM_8          0xC0AA  /**< TLS 1.2 */
#define QL_SSL_TLS_DHE_PSK_WITH_AES_256_CCM_8          0xC0AB  /**< TLS 1.2 */
/* The last two are named with PSK_DHE in the RFC, which looks like a typo */

#define QL_SSL_TLS_ECDHE_ECDSA_WITH_AES_128_CCM        0xC0AC  /**< TLS 1.2 */
#define QL_SSL_TLS_ECDHE_ECDSA_WITH_AES_256_CCM        0xC0AD  /**< TLS 1.2 */
#define QL_SSL_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8      0xC0AE  /**< TLS 1.2 */
#define QL_SSL_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8      0xC0AF  /**< TLS 1.2 */

#define QL_SSL_TLS_ECJPAKE_WITH_AES_128_CCM_8          0xC0FF  /**< experimental */

#define QL_SSL_TLS_CURL_SUPPORT

#define QL_SSL_TLS_SESSION_CACHE_FEATURE

#ifdef CONFIG_QUEC_PROJECT_FEATURE_SSL
//#define QL_SSL_DTLS_FEATURE
//#define QL_SSL_PSK_FEATURE
//#define QL_SSL_RENEGOTIATION_FEATURE
#endif

#ifdef QL_SSL_PSK_FEATURE
#define QL_SSL_PSK_IDENTITY_LENGTH_MAX			255
#define QL_SSL_PSK_KEY_LENGTH_MAX				255
#endif

#define ql_ssl_handshark(ssl_ctx_ptr)             ql_ssl_handshake(ssl_ctx_ptr)
#define ql_ssl_handshark_finished(ssl_ctx_ptr)    ql_ssl_handshake_finished(ssl_ctx_ptr)

typedef enum
{
 	QL_SSL_VERSION_0 = 0,         /**< SSL protocol ver. 3.0. */
  	QL_SSL_VERSION_1,             /**< TLS protocol ver. 1.0 (SSL 3.1). */
  	QL_SSL_VERSION_2,             /**< TLS protocol ver. 1.1 (SSL 3.2). */
  	QL_SSL_VERSION_3,
  	//QL_SSL_VERSION_4,
  	QL_SSL_VERSION_ALL
} ql_ssl_version_type_e;

typedef enum
{
   QL_SSL_VERIFY_NULL          = 0x0000,
   QL_SSL_VERIFY_SERVER        = 0x0001,
   QL_SSL_VERIFY_CLIENT_SERVER = 0x0002,
#ifdef QL_SSL_PSK_FEATURE   
   QL_SSL_VERIFY_PSK		   = 0x0003,
#endif   
} ql_ssl_authmode_e;


typedef enum{
	QL_SSL_TLS_PROTOCOL  = 0,
	QL_SSL_DTLS_PROTOCOL = 1,
}ql_ssl_transport_type_e;
	
typedef enum{
		QL_SSL_CLIENT_CERT_FILE  = 0,
		QL_SSL_CLIENT_CERT_BUFFER = 1,
}ql_ssl_client_cert_type_e;

#ifdef QL_SSL_DTLS_FEATURE
typedef enum
{
  QL_SSL_VER_DTLS10 = 0,			/**< DTLS protocol ver. 1.0. > */
  QL_SSL_VER_DTLS12 = 1,			/**< DTLS protocal ver. 1.2. > */
} ql_ssl_dtls_version_enum;
#endif

#ifdef QL_SSL_RENEGOTIATION_FEATURE
typedef enum{
   QL_SSL_RENEGOTIATION_DISABLED = 0,
   QL_SSL_RENEGOTIATION_ENABLED = 1,
}ql_ssl_renegotiation_type_e;
#endif

typedef int  ql_ssl_context;

typedef void(*ql_ssl_handshake_timeout_cb)(ql_ssl_context *ssl_ctx, void *arg);

/* Number of certificate checking items */
#define QL_SSL_TLS_CERT_ITEM_NUM     20

#ifdef QL_SSL_TLS_SESSION_CACHE_FEATURE
#include "mbedtls/ssl.h"
typedef struct
{
	uint8_t            		session_cache_enable;
	ip_addr_t             	remote_ip;
	uint16_t           		remote_port;
    uint8_t            		hostname_temp[256];    // save session hostname when qsslopen
    uint8_t            		session_hostname[256]; // real hostname coresponding to session cache
	mbedtls_ssl_session     ssl_session;
}ql_ssl_session;
#endif

typedef struct{
	int      	   	 ssl_version;
	int         	 transport; //0: TLS  1: DTLS
	int        		*ciphersuites;
	int              auth_mode;
	int              sni_enable;
	char            *ca_cert_path[QL_MAX_CA_CERT_CNT];
	char            *own_cert_path;
	char            *own_key_path;
	char            *own_key_pwd;
	char            *ca_cert_buffer[QL_MAX_CA_CERT_CNT];
	int              ssl_negotiate_timeout;
	ql_ssl_handshake_timeout_cb   negotiate_timeout_cb;
	void            *negotiate_timeout_cb_arg;
    int              ignore_invalid_certsign;
    uint32_t         ignore_certitem;
    int              ignore_multi_certchain_verify;
	bool             client_cert_type;
#ifdef QL_SSL_TLS_SESSION_CACHE_FEATURE	
	ql_ssl_session	 ssl_session_cache;
#endif	
#ifdef QL_SSL_DTLS_FEATURE
    int				dtls_version;
#endif

#ifdef QL_SSL_PSK_FEATURE
	char			*psk_identity;
    char			*psk_key;
#endif

#ifdef QL_SSL_RENEGOTIATION_FEATURE
	int				renegotiation;
#endif
}ql_ssl_config;



typedef enum{
	QL_SSL_CONF_VERSION        = 1,
	QL_SSL_CONF_TRANSPORT      = 2,
	QL_SSL_CONF_CIPHERSUITE    = 3,
	QL_SSL_CONF_AUTHMODE       = 4,
	QL_SSL_CONF_CACERT         = 5,
	QL_SSL_CONF_OWNCERT        = 6,
	QL_SSL_CONF_SNI            = 7,
	QL_SSL_CONF_HS_TIMEOUT     = 8,
	QL_SSL_CONF_IGNORE_LOCALTM = 9,
	QL_SSL_CONF_HS_TIMEOUT_FUNC= 10,
    QL_SSL_CONF_IGNORE_INVALID_CERT_SIGN      = 11,
    QL_SSL_CONF_IGNORE_CERT_ITEM              = 12,
    QL_SSL_CONF_IGNORE_MULTI_CERTCHAIN_VERIFY = 13,
#ifdef QL_SSL_TLS_SESSION_CACHE_FEATURE    
    QL_SSL_CONF_SESSION_CACHE  = 14,
#endif
    QL_SSL_CONF_CACERT_BUFFER  = 15,
    QL_SSL_CONF_OWNCERT_BUFFER = 16,
#ifdef QL_SSL_DTLS_FEATURE    
    QL_SSL_CONF_DTLSVERSION	   = 17, 
#endif

#ifdef QL_SSL_PSK_FEATURE
	QL_SSL_CONF_PSK_IDENTITY   = 18, 
	QL_SSL_CONF_PSK_KEY		   = 19,
#endif

#ifdef QL_SSL_RENEGOTIATION_FEATURE
	QL_SSL_CONF_RENEGOTIATION  = 20,
#endif
}ql_ssl_config_type_e;


typedef enum{
	QL_SSL_SUCCESS                = 0,
	QL_SSL_ERROR_UNKOWN           = -1,
	QL_SSL_ERROR_WOUNDBLOCK       = -2,
	QL_SSL_ERROR_INVALID_PARAM    = -3,
	QL_SSL_ERROR_OUT_OF_MEM       = -4,
	QL_SSL_ERROR_NOT_SUPPORT      = -5,
	QL_SSL_ERROR_HS_FAILURE       = -6,
	QL_SSL_ERROR_DECRYPT_FAILURE  = -7,
	QL_SSL_ERROR_ENCRYPT_FAILURE  = -8,
	QL_SSL_ERROR_HS_INPROGRESS    = -9,
	QL_SSL_ERROR_BAD_REQUEST      = -10,
	QL_SSL_ERROR_WANT_READ        = -11,
	QL_SSL_ERROR_WANT_WRITE       = -12,
	QL_SSL_ERROR_SOCKET_RESET     = -13,
}ql_ssl_error_code_e;

/*****************************************************************
* Function: ql_ssl_conf_init
*
* Description: 初始化ssl上下文配置项的结构信息
* 
* Parameters:
*	conf        [in]    ssl上下文配置项结构体指针.
*
* Return:
* 	0           成功
*	other       错误码
*
*****************************************************************/
int  ql_ssl_conf_init(ql_ssl_config *conf);

/*****************************************************************
* Function: ql_ssl_conf_set
*
* Description: 设置ssl上下文配置项中的配置参数
* 
* Parameters:
*	conf        [in]    ssl上下文配置项结构体指针.
*   type        [in]    ssl上下文配置项的参数处理类型
*
* Return:
* 	0           成功
*	other       错误码
*
*****************************************************************/
int  ql_ssl_conf_set(ql_ssl_config *conf, int type, ...);

/*****************************************************************
* Function: ql_ssl_conf_get
*
* Description: 获取已设置的ssl上下文配置项的配置参数
* 
* Parameters:
*	conf        [in]    ssl上下文配置项结构体指针.
*   type        [in]    ssl上下文中配置参数处理类型
*
* Return:
* 	0           成功
*	other       错误码
*
*****************************************************************/
int  ql_ssl_conf_get(ql_ssl_config *conf, int type, ...);

/*****************************************************************
* Function: ql_ssl_conf_set_by_id
*
* Description: 通过ssl上下文id号,设置该id对应的ssl上下文配置项的配置参数
* 
* Parameters:
*	ctx_id      [in]    ssl上下文id号.
*   type        [in]    ssl上下文中配置参数处理类型
*
* Return:
* 	0           成功
*	other       错误码
*
*****************************************************************/
int ql_ssl_conf_set_by_id(int ctx_id, int type, ...);

/*****************************************************************
* Function: ql_ssl_conf_get_by_id
*
* Description: 通过ssl上下文id号,获取该id设置的ssl上下文配置项的配置参数
* 
* Parameters:
*	ctx_id      [in]    ssl上下文id号.
*   type        [in]    ssl上下文中配置参数处理类型
*
* Return:
* 	0           成功
*	other       错误码
*
*****************************************************************/
int ql_ssl_conf_get_by_id(int ctx_id, int type, ...);

/*****************************************************************
* Function: ql_ssl_conf_free
*
* Description: 释放ssl上下文配置项结构体的内存块
* 
* Parameters:
*	conf        [in]    ssl上下文配置项结构体指针.
*
* Return:
* 	0           成功
*	other       错误码
*
*****************************************************************/
int  ql_ssl_conf_free(ql_ssl_config *conf);

/*****************************************************************
* Function: ql_ssl_new
*
* Description: 初始化ssl上下文结构
* 
* Parameters:
*	ssl        [in]    ssl上下文结构体指针.
*
* Return:
* 	0           成功
*	other       错误码
*
*****************************************************************/
int  ql_ssl_new(ql_ssl_context *ssl);

/*****************************************************************
* Function: ql_ssl_setup
*
* Description: 通过conf配置ssl上下文,ssl上下文信息确定ssl连接的属性
* 
* Parameters:
*	ssl        [in]    ssl上下文结构体指针.
*   conf       [in]    ssl上下文配置项结构体指针.
*
* Return:
* 	0           成功
*	other       错误码
*
*****************************************************************/
int  ql_ssl_setup(ql_ssl_context *ssl, ql_ssl_config *conf);

/*****************************************************************
* Function: ql_ssl_set_socket_fd
*
* Description: 关联当前ssl上下文与指定的套接字描述符,以及设置mbed bio的读写函数
* 
* Parameters:
*	ssl         [in]    ssl上下文结构体指针.
*   sock_fd     [in]    socket套接字描述符.
*
* Return:
* 	0           成功
*	other       错误码
*
*****************************************************************/
int  ql_ssl_set_socket_fd(ql_ssl_context *ssl, int sock_fd);

/*****************************************************************
* Function: ql_ssl_set_hostname
*
* Description: 
*	1. 设置远端主机名用以检查接收到的服务器证书，在调用ql_ssl_setup函数后才调用本函数。
* 	2. 保存远端主机名用以判断会话恢复。
* 
* Parameters:
*	ssl         [in]    ssl上下文结构体指针.
*   hostname    [in]    远端IP地址或域名地址
*
* Return:
* 	0           成功
*	other       错误码
*
*****************************************************************/
int  ql_ssl_set_hostname(ql_ssl_context *ssl, const char *hostname);

/*****************************************************************
* Function: ql_ssl_handshake
*
* Description: ssl握手通信,通过ssl上下文确定ssl建立连接属性
* 
* Parameters:
*	ssl        [in]    ssl上下文结构体指针.
*
* Return:
* 	0           成功
*	other       错误码
*
*****************************************************************/
int  ql_ssl_handshake(ql_ssl_context *ssl);

/*****************************************************************
* Function: ql_ssl_close_notify
*
* Description: 通知ssl连接对端连接正在关闭
* 
* Parameters:
*	ssl        [in]    ssl上下文结构体指针.
*
* Return:
* 	0           成功
*	other       错误码
*
*****************************************************************/
int  ql_ssl_close_notify(ql_ssl_context *ssl);

/*****************************************************************
* Function: ql_ssl_get_bytes_avail
*
* Description: 返回可读取的数据字节数
* 
* Parameters:
*	ssl         [in]    ssl上下文结构体指针.
*
* Return:
* 	返回读缓冲区中有多少字节可用
*
*****************************************************************/
int  ql_ssl_get_bytes_avail(ql_ssl_context *ssl);

/*****************************************************************
* Function: ql_ssl_read
*
* Description: 从缓冲区中读取len字节的数据
* 
* Parameters:
*	ssl         [in]    ssl上下文结构体指针.
*   buf         [in]    读buf缓冲区指针.
*   len         [in]    待读取数据长度.
*
* Return:
* 	大于等于0        返回当前已从缓冲区成功读取的数据字节数
*	other        错误码
*
*****************************************************************/
int  ql_ssl_read(ql_ssl_context *ssl, unsigned char *buf, size_t len);

/*****************************************************************
* Function: ql_ssl_write
*
* Description: 向缓冲区中写入len字节的数据
* 
* Parameters:
*	ssl         [in]    ssl上下文结构体指针.
*   buf         [in]    保存数据buf缓冲区指针.
*   len         [in]    待发送的数据长度.
*
* Return:
* 	大于等于0        返回当前已从缓冲区成功写入的数据字节数
*	other        错误码
*
*****************************************************************/
int  ql_ssl_write(ql_ssl_context *ssl, const unsigned char *buf, size_t len);

/*****************************************************************
* Function: ql_ssl_free
*
* Description: 释放ssl上下文,以及ssl上下文所占用的内存块
* 
* Parameters:
*	ssl         [in]    ssl上下文结构体指针.
*
* Return:
* 	0           成功
*	other       错误码
*
*****************************************************************/
int  ql_ssl_free(ql_ssl_context *ssl);

/*****************************************************************
* Function: ql_ssl_handshake_finished
*
* Description: ssl握手通信结束,更改ssl上下文状态为HANDSHAKE_OVER
* 
* Parameters:
*	ssl         [in]    ssl上下文结构体指针.
*
* Return:
* 	0           成功
*	other       错误码
*
*****************************************************************/
int  ql_ssl_handshake_finished(ql_ssl_context *ssl);

/*****************************************************************
* Function: ql_ssl_ciphersuit_is_valid
*
* Description: 判断所指定的SSL密码组是否支持
* 
* Parameters:
*	cs_id       [in]    SSL加密套件的数值id
*
* Return:
* 	0           成功
*	other       错误码
*
*****************************************************************/
int  ql_ssl_ciphersuit_is_valid(int cs_id);
#endif

#endif