1 | /* -*- c -*- |
2 | * Copyright (C) 2000-2016 Free Software Foundation, Inc. |
3 | * Copyright (C) 2015-2016 Red Hat, Inc. |
4 | * |
5 | * Author: Nikos Mavrogiannopoulos |
6 | * |
7 | * This file is part of GnuTLS. |
8 | * |
9 | * The GnuTLS is free software; you can redistribute it and/or |
10 | * modify it under the terms of the GNU Lesser General Public License |
11 | * as published by the Free Software Foundation; either version 2.1 of |
12 | * the License, or (at your option) any later version. |
13 | * |
14 | * This library is distributed in the hope that it will be useful, but |
15 | * WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
17 | * Lesser General Public License for more details. |
18 | * |
19 | * You should have received a copy of the GNU Lesser General Public License |
20 | * along with this program. If not, see <http://www.gnu.org/licenses/> |
21 | * |
22 | */ |
23 | |
24 | /* This file contains the types and prototypes for all the |
25 | * high level functionality of the gnutls main library. |
26 | * |
27 | * If the optional C++ binding was built, it is available in |
28 | * gnutls/gnutlsxx.h. |
29 | * |
30 | * The openssl compatibility layer (which is under the GNU GPL |
31 | * license) is in gnutls/openssl.h. |
32 | * |
33 | * The low level cipher functionality is in gnutls/crypto.h. |
34 | */ |
35 | |
36 | |
37 | #ifndef GNUTLS_H |
38 | #define GNUTLS_H |
39 | |
40 | /* Get size_t. */ |
41 | #include <stddef.h> |
42 | /* Get ssize_t. */ |
43 | #ifndef HAVE_SSIZE_T |
44 | #define HAVE_SSIZE_T |
45 | /* *INDENT-OFF* */ |
46 | #include <sys/types.h> |
47 | /* *INDENT-ON* */ |
48 | #endif |
49 | /* Get time_t. */ |
50 | #include <time.h> |
51 | |
52 | /* *INDENT-OFF* */ |
53 | #ifdef __cplusplus |
54 | extern "C" { |
55 | #endif |
56 | /* *INDENT-ON* */ |
57 | |
58 | #define GNUTLS_VERSION "3.5.18" |
59 | |
60 | #define GNUTLS_VERSION_MAJOR 3 |
61 | #define GNUTLS_VERSION_MINOR 5 |
62 | #define GNUTLS_VERSION_PATCH 18 |
63 | |
64 | #define GNUTLS_VERSION_NUMBER 0x030512 |
65 | |
66 | #define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC |
67 | #define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC |
68 | #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC |
69 | #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128 |
70 | |
71 | #if !defined(GNUTLS_INTERNAL_BUILD) && defined(_WIN32) |
72 | # define _SYM_EXPORT __declspec(dllimport) |
73 | #else |
74 | # define _SYM_EXPORT |
75 | #endif |
76 | |
77 | #ifdef __GNUC__ |
78 | # define __GNUTLS_CONST__ __attribute__((const)) |
79 | # define __GNUTLS_PURE__ __attribute__((pure)) |
80 | #else |
81 | # define __GNUTLS_CONST__ |
82 | # define __GNUTLS_PURE__ |
83 | #endif |
84 | |
85 | |
86 | /* Use the following definition globally in your program to disable |
87 | * implicit initialization of gnutls. */ |
88 | #define GNUTLS_SKIP_GLOBAL_INIT int _gnutls_global_init_skip(void); \ |
89 | int _gnutls_global_init_skip(void) {return 1;} |
90 | |
91 | /** |
92 | * gnutls_cipher_algorithm_t: |
93 | * @GNUTLS_CIPHER_UNKNOWN: Value to identify an unknown/unsupported algorithm. |
94 | * @GNUTLS_CIPHER_NULL: The NULL (identity) encryption algorithm. |
95 | * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys. |
96 | * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode. |
97 | * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys. |
98 | * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys. |
99 | * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys. |
100 | * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys. |
101 | * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys. |
102 | * @GNUTLS_CIPHER_CAMELLIA_192_CBC: Camellia in CBC mode with 192-bit keys. |
103 | * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys. |
104 | * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys. |
105 | * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys). |
106 | * @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys. |
107 | * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys. |
108 | * @GNUTLS_CIPHER_AES_128_CCM: AES in CCM mode with 128-bit keys. |
109 | * @GNUTLS_CIPHER_AES_256_CCM: AES in CCM mode with 256-bit keys. |
110 | * @GNUTLS_CIPHER_AES_128_CCM_8: AES in CCM mode with 64-bit tag and 128-bit keys. |
111 | * @GNUTLS_CIPHER_AES_256_CCM_8: AES in CCM mode with 64-bit tag and 256-bit keys. |
112 | * @GNUTLS_CIPHER_CAMELLIA_128_GCM: CAMELLIA in GCM mode with 128-bit keys. |
113 | * @GNUTLS_CIPHER_CAMELLIA_256_GCM: CAMELLIA in GCM mode with 256-bit keys. |
114 | * @GNUTLS_CIPHER_SALSA20_256: Salsa20 with 256-bit keys. |
115 | * @GNUTLS_CIPHER_ESTREAM_SALSA20_256: Estream's Salsa20 variant with 256-bit keys. |
116 | * @GNUTLS_CIPHER_CHACHA20_POLY1305: The Chacha20 cipher with the Poly1305 authenticator (AEAD). |
117 | * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode (placeholder - unsupported). |
118 | * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode (placeholder - unsupported). |
119 | * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode (placeholder - unsupported). |
120 | * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode (placeholder - unsupported). |
121 | * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit keys (placeholder - unsupported). |
122 | * @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit keys (placeholder - unsupported). |
123 | * @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit keys (placeholder - unsupported). |
124 | * @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit keys (placeholder - unsupported). |
125 | * @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB mode (placeholder - unsupported). |
126 | * |
127 | * Enumeration of different symmetric encryption algorithms. |
128 | */ |
129 | typedef enum gnutls_cipher_algorithm { |
130 | GNUTLS_CIPHER_UNKNOWN = 0, |
131 | GNUTLS_CIPHER_NULL = 1, |
132 | GNUTLS_CIPHER_ARCFOUR_128 = 2, |
133 | GNUTLS_CIPHER_3DES_CBC = 3, |
134 | GNUTLS_CIPHER_AES_128_CBC = 4, |
135 | GNUTLS_CIPHER_AES_256_CBC = 5, |
136 | GNUTLS_CIPHER_ARCFOUR_40 = 6, |
137 | GNUTLS_CIPHER_CAMELLIA_128_CBC = 7, |
138 | GNUTLS_CIPHER_CAMELLIA_256_CBC = 8, |
139 | GNUTLS_CIPHER_AES_192_CBC = 9, |
140 | GNUTLS_CIPHER_AES_128_GCM = 10, |
141 | GNUTLS_CIPHER_AES_256_GCM = 11, |
142 | GNUTLS_CIPHER_CAMELLIA_192_CBC = 12, |
143 | GNUTLS_CIPHER_SALSA20_256 = 13, |
144 | GNUTLS_CIPHER_ESTREAM_SALSA20_256 = 14, |
145 | GNUTLS_CIPHER_CAMELLIA_128_GCM = 15, |
146 | GNUTLS_CIPHER_CAMELLIA_256_GCM = 16, |
147 | GNUTLS_CIPHER_RC2_40_CBC = 17, |
148 | GNUTLS_CIPHER_DES_CBC = 18, |
149 | GNUTLS_CIPHER_AES_128_CCM = 19, |
150 | GNUTLS_CIPHER_AES_256_CCM = 20, |
151 | GNUTLS_CIPHER_AES_128_CCM_8 = 21, |
152 | GNUTLS_CIPHER_AES_256_CCM_8 = 22, |
153 | GNUTLS_CIPHER_CHACHA20_POLY1305 = 23, |
154 | |
155 | /* used only for PGP internals. Ignored in TLS/SSL |
156 | */ |
157 | GNUTLS_CIPHER_IDEA_PGP_CFB = 200, |
158 | GNUTLS_CIPHER_3DES_PGP_CFB = 201, |
159 | GNUTLS_CIPHER_CAST5_PGP_CFB = 202, |
160 | GNUTLS_CIPHER_BLOWFISH_PGP_CFB = 203, |
161 | GNUTLS_CIPHER_SAFER_SK128_PGP_CFB = 204, |
162 | GNUTLS_CIPHER_AES128_PGP_CFB = 205, |
163 | GNUTLS_CIPHER_AES192_PGP_CFB = 206, |
164 | GNUTLS_CIPHER_AES256_PGP_CFB = 207, |
165 | GNUTLS_CIPHER_TWOFISH_PGP_CFB = 208 |
166 | } gnutls_cipher_algorithm_t; |
167 | |
168 | /** |
169 | * gnutls_kx_algorithm_t: |
170 | * @GNUTLS_KX_UNKNOWN: Unknown key-exchange algorithm. |
171 | * @GNUTLS_KX_RSA: RSA key-exchange algorithm. |
172 | * @GNUTLS_KX_DHE_DSS: DHE-DSS key-exchange algorithm. |
173 | * @GNUTLS_KX_DHE_RSA: DHE-RSA key-exchange algorithm. |
174 | * @GNUTLS_KX_ECDHE_RSA: ECDHE-RSA key-exchange algorithm. |
175 | * @GNUTLS_KX_ECDHE_ECDSA: ECDHE-ECDSA key-exchange algorithm. |
176 | * @GNUTLS_KX_ANON_DH: Anon-DH key-exchange algorithm. |
177 | * @GNUTLS_KX_ANON_ECDH: Anon-ECDH key-exchange algorithm. |
178 | * @GNUTLS_KX_SRP: SRP key-exchange algorithm. |
179 | * @GNUTLS_KX_RSA_EXPORT: RSA-EXPORT key-exchange algorithm (defunc). |
180 | * @GNUTLS_KX_SRP_RSA: SRP-RSA key-exchange algorithm. |
181 | * @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm. |
182 | * @GNUTLS_KX_PSK: PSK key-exchange algorithm. |
183 | * @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm. |
184 | * @GNUTLS_KX_ECDHE_PSK: ECDHE-PSK key-exchange algorithm. |
185 | * @GNUTLS_KX_RSA_PSK: RSA-PSK key-exchange algorithm. |
186 | * |
187 | * Enumeration of different key exchange algorithms. |
188 | */ |
189 | typedef enum { |
190 | GNUTLS_KX_UNKNOWN = 0, |
191 | GNUTLS_KX_RSA = 1, |
192 | GNUTLS_KX_DHE_DSS = 2, |
193 | GNUTLS_KX_DHE_RSA = 3, |
194 | GNUTLS_KX_ANON_DH = 4, |
195 | GNUTLS_KX_SRP = 5, |
196 | GNUTLS_KX_RSA_EXPORT = 6, |
197 | GNUTLS_KX_SRP_RSA = 7, |
198 | GNUTLS_KX_SRP_DSS = 8, |
199 | GNUTLS_KX_PSK = 9, |
200 | GNUTLS_KX_DHE_PSK = 10, |
201 | GNUTLS_KX_ANON_ECDH = 11, |
202 | GNUTLS_KX_ECDHE_RSA = 12, |
203 | GNUTLS_KX_ECDHE_ECDSA = 13, |
204 | GNUTLS_KX_ECDHE_PSK = 14, |
205 | GNUTLS_KX_RSA_PSK = 15 |
206 | } gnutls_kx_algorithm_t; |
207 | |
208 | /** |
209 | * gnutls_params_type_t: |
210 | * @GNUTLS_PARAMS_RSA_EXPORT: Session RSA-EXPORT parameters (defunc). |
211 | * @GNUTLS_PARAMS_DH: Session Diffie-Hellman parameters. |
212 | * @GNUTLS_PARAMS_ECDH: Session Elliptic-Curve Diffie-Hellman parameters. |
213 | * |
214 | * Enumeration of different TLS session parameter types. |
215 | */ |
216 | typedef enum { |
217 | GNUTLS_PARAMS_RSA_EXPORT = 1, |
218 | GNUTLS_PARAMS_DH = 2, |
219 | GNUTLS_PARAMS_ECDH = 3 |
220 | } gnutls_params_type_t; |
221 | |
222 | /** |
223 | * gnutls_credentials_type_t: |
224 | * @GNUTLS_CRD_CERTIFICATE: Certificate credential. |
225 | * @GNUTLS_CRD_ANON: Anonymous credential. |
226 | * @GNUTLS_CRD_SRP: SRP credential. |
227 | * @GNUTLS_CRD_PSK: PSK credential. |
228 | * @GNUTLS_CRD_IA: IA credential. |
229 | * |
230 | * Enumeration of different credential types. |
231 | */ |
232 | typedef enum { |
233 | GNUTLS_CRD_CERTIFICATE = 1, |
234 | GNUTLS_CRD_ANON, |
235 | GNUTLS_CRD_SRP, |
236 | GNUTLS_CRD_PSK, |
237 | GNUTLS_CRD_IA |
238 | } gnutls_credentials_type_t; |
239 | |
240 | #define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1 |
241 | #define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1 |
242 | |
243 | /** |
244 | * gnutls_mac_algorithm_t: |
245 | * @GNUTLS_MAC_UNKNOWN: Unknown MAC algorithm. |
246 | * @GNUTLS_MAC_NULL: NULL MAC algorithm (empty output). |
247 | * @GNUTLS_MAC_MD5: HMAC-MD5 algorithm. |
248 | * @GNUTLS_MAC_SHA1: HMAC-SHA-1 algorithm. |
249 | * @GNUTLS_MAC_RMD160: HMAC-RMD160 algorithm. |
250 | * @GNUTLS_MAC_MD2: HMAC-MD2 algorithm. |
251 | * @GNUTLS_MAC_SHA256: HMAC-SHA-256 algorithm. |
252 | * @GNUTLS_MAC_SHA384: HMAC-SHA-384 algorithm. |
253 | * @GNUTLS_MAC_SHA512: HMAC-SHA-512 algorithm. |
254 | * @GNUTLS_MAC_SHA224: HMAC-SHA-224 algorithm. |
255 | * @GNUTLS_MAC_AEAD: MAC implicit through AEAD cipher. |
256 | * @GNUTLS_MAC_UMAC_96: The UMAC-96 MAC algorithm. |
257 | * @GNUTLS_MAC_UMAC_128: The UMAC-128 MAC algorithm. |
258 | * |
259 | * Enumeration of different Message Authentication Code (MAC) |
260 | * algorithms. |
261 | */ |
262 | typedef enum { |
263 | GNUTLS_MAC_UNKNOWN = 0, |
264 | GNUTLS_MAC_NULL = 1, |
265 | GNUTLS_MAC_MD5 = 2, |
266 | GNUTLS_MAC_SHA1 = 3, |
267 | GNUTLS_MAC_RMD160 = 4, |
268 | GNUTLS_MAC_MD2 = 5, |
269 | GNUTLS_MAC_SHA256 = 6, |
270 | GNUTLS_MAC_SHA384 = 7, |
271 | GNUTLS_MAC_SHA512 = 8, |
272 | GNUTLS_MAC_SHA224 = 9, |
273 | GNUTLS_MAC_SHA3_224 = 10, /* reserved: no implementation */ |
274 | GNUTLS_MAC_SHA3_256 = 11, /* reserved: no implementation */ |
275 | GNUTLS_MAC_SHA3_384 = 12, /* reserved: no implementation */ |
276 | GNUTLS_MAC_SHA3_512 = 13, /* reserved: no implementation */ |
277 | /* If you add anything here, make sure you align with |
278 | gnutls_digest_algorithm_t. */ |
279 | GNUTLS_MAC_AEAD = 200, /* indicates that MAC is on the cipher */ |
280 | GNUTLS_MAC_UMAC_96 = 201, |
281 | GNUTLS_MAC_UMAC_128 = 202 |
282 | } gnutls_mac_algorithm_t; |
283 | |
284 | /** |
285 | * gnutls_digest_algorithm_t: |
286 | * @GNUTLS_DIG_UNKNOWN: Unknown hash algorithm. |
287 | * @GNUTLS_DIG_NULL: NULL hash algorithm (empty output). |
288 | * @GNUTLS_DIG_MD5: MD5 algorithm. |
289 | * @GNUTLS_DIG_SHA1: SHA-1 algorithm. |
290 | * @GNUTLS_DIG_RMD160: RMD160 algorithm. |
291 | * @GNUTLS_DIG_MD2: MD2 algorithm. |
292 | * @GNUTLS_DIG_SHA256: SHA-256 algorithm. |
293 | * @GNUTLS_DIG_SHA384: SHA-384 algorithm. |
294 | * @GNUTLS_DIG_SHA512: SHA-512 algorithm. |
295 | * @GNUTLS_DIG_SHA224: SHA-224 algorithm. |
296 | * @GNUTLS_DIG_SHA3_224: SHA3-224 algorithm. |
297 | * @GNUTLS_DIG_SHA3_256: SHA3-256 algorithm. |
298 | * @GNUTLS_DIG_SHA3_384: SHA3-384 algorithm. |
299 | * @GNUTLS_DIG_SHA3_512: SHA3-512 algorithm. |
300 | * |
301 | * Enumeration of different digest (hash) algorithms. |
302 | */ |
303 | typedef enum { |
304 | GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN, |
305 | GNUTLS_DIG_NULL = GNUTLS_MAC_NULL, |
306 | GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5, |
307 | GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1, |
308 | GNUTLS_DIG_RMD160 = GNUTLS_MAC_RMD160, |
309 | GNUTLS_DIG_MD2 = GNUTLS_MAC_MD2, |
310 | GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256, |
311 | GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384, |
312 | GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512, |
313 | GNUTLS_DIG_SHA224 = GNUTLS_MAC_SHA224, |
314 | GNUTLS_DIG_SHA3_224 = GNUTLS_MAC_SHA3_224, |
315 | GNUTLS_DIG_SHA3_256 = GNUTLS_MAC_SHA3_256, |
316 | GNUTLS_DIG_SHA3_384 = GNUTLS_MAC_SHA3_384, |
317 | GNUTLS_DIG_SHA3_512 = GNUTLS_MAC_SHA3_512 |
318 | /* If you add anything here, make sure you align with |
319 | gnutls_mac_algorithm_t. */ |
320 | } gnutls_digest_algorithm_t; |
321 | |
322 | /* exported for other gnutls headers. This is the maximum number of |
323 | * algorithms (ciphers, kx or macs). |
324 | */ |
325 | #define GNUTLS_MAX_ALGORITHM_NUM 64 |
326 | #define GNUTLS_MAX_SESSION_ID_SIZE 32 |
327 | |
328 | |
329 | /** |
330 | * gnutls_compression_method_t: |
331 | * @GNUTLS_COMP_UNKNOWN: Unknown compression method. |
332 | * @GNUTLS_COMP_NULL: The NULL compression method (no compression). |
333 | * @GNUTLS_COMP_DEFLATE: The DEFLATE compression method from zlib. |
334 | * @GNUTLS_COMP_ZLIB: Same as %GNUTLS_COMP_DEFLATE. |
335 | * |
336 | * Enumeration of different TLS compression methods. |
337 | */ |
338 | typedef enum { |
339 | GNUTLS_COMP_UNKNOWN = 0, |
340 | GNUTLS_COMP_NULL = 1, |
341 | GNUTLS_COMP_DEFLATE = 2, |
342 | GNUTLS_COMP_ZLIB = GNUTLS_COMP_DEFLATE |
343 | } gnutls_compression_method_t; |
344 | |
345 | |
346 | /** |
347 | * gnutls_init_flags_t: |
348 | * |
349 | * @GNUTLS_SERVER: Connection end is a server. |
350 | * @GNUTLS_CLIENT: Connection end is a client. |
351 | * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS). Since 3.0.0. |
352 | * @GNUTLS_NONBLOCK: Connection should not block. Since 3.0.0. |
353 | * @GNUTLS_NO_SIGNAL: In systems where SIGPIPE is delivered on send, it will be disabled. That flag has effect in systems which support the MSG_NOSIGNAL sockets flag (since 3.4.2). |
354 | * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default (since 3.1.2). |
355 | * @GNUTLS_NO_REPLAY_PROTECTION: Disable any replay protection in DTLS. This must only be used if replay protection is achieved using other means. Since 3.2.2. |
356 | * @GNUTLS_ALLOW_ID_CHANGE: Allow the peer to replace its certificate, or change its ID during a rehandshake. This change is often used in attacks and thus prohibited by default. Since 3.5.0. |
357 | * @GNUTLS_ENABLE_FALSE_START: Enable the TLS false start on client side if the negotiated ciphersuites allow it. This will enable sending data prior to the handshake being complete, and may introduce a risk of crypto failure when combined with certain key exchanged; for that GnuTLS may not enable that option in ciphersuites that are known to be not safe for false start. Since 3.5.0. |
358 | * @GNUTLS_FORCE_CLIENT_CERT: When in client side and only a single cert is specified, send that certificate irrespective of the issuers expected by the server. Since 3.5.0. |
359 | * @GNUTLS_NO_TICKETS: Flag to indicate that the session should not use resumption with session tickets. |
360 | * |
361 | * Enumeration of different flags for gnutls_init() function. All the flags |
362 | * can be combined except @GNUTLS_SERVER and @GNUTLS_CLIENT which are mutually |
363 | * exclusive. |
364 | */ |
365 | typedef enum { |
366 | GNUTLS_SERVER = 1, |
367 | GNUTLS_CLIENT = (1<<1), |
368 | GNUTLS_DATAGRAM = (1<<2), |
369 | GNUTLS_NONBLOCK = (1<<3), |
370 | GNUTLS_NO_EXTENSIONS = (1<<4), |
371 | GNUTLS_NO_REPLAY_PROTECTION = (1<<5), |
372 | GNUTLS_NO_SIGNAL = (1<<6), |
373 | GNUTLS_ALLOW_ID_CHANGE = (1<<7), |
374 | GNUTLS_ENABLE_FALSE_START = (1<<8), |
375 | GNUTLS_FORCE_CLIENT_CERT = (1<<9), |
376 | GNUTLS_NO_TICKETS = (1<<10) |
377 | } gnutls_init_flags_t; |
378 | |
379 | /* compatibility defines (previous versions of gnutls |
380 | * used defines instead of enumerated values). */ |
381 | #define GNUTLS_SERVER (1) |
382 | #define GNUTLS_CLIENT (1<<1) |
383 | #define GNUTLS_DATAGRAM (1<<2) |
384 | #define GNUTLS_NONBLOCK (1<<3) |
385 | #define GNUTLS_NO_EXTENSIONS (1<<4) |
386 | #define GNUTLS_NO_REPLAY_PROTECTION (1<<5) |
387 | #define GNUTLS_NO_SIGNAL (1<<6) |
388 | #define GNUTLS_ALLOW_ID_CHANGE (1<<7) |
389 | #define GNUTLS_ENABLE_FALSE_START (1<<8) |
390 | #define GNUTLS_FORCE_CLIENT_CERT (1<<9) |
391 | #define GNUTLS_NO_TICKETS (1<<10) |
392 | |
393 | /** |
394 | * gnutls_alert_level_t: |
395 | * @GNUTLS_AL_WARNING: Alert of warning severity. |
396 | * @GNUTLS_AL_FATAL: Alert of fatal severity. |
397 | * |
398 | * Enumeration of different TLS alert severities. |
399 | */ |
400 | typedef enum { |
401 | GNUTLS_AL_WARNING = 1, |
402 | GNUTLS_AL_FATAL |
403 | } gnutls_alert_level_t; |
404 | |
405 | /** |
406 | * gnutls_alert_description_t: |
407 | * @GNUTLS_A_CLOSE_NOTIFY: Close notify. |
408 | * @GNUTLS_A_UNEXPECTED_MESSAGE: Unexpected message. |
409 | * @GNUTLS_A_BAD_RECORD_MAC: Bad record MAC. |
410 | * @GNUTLS_A_DECRYPTION_FAILED: Decryption failed. |
411 | * @GNUTLS_A_RECORD_OVERFLOW: Record overflow. |
412 | * @GNUTLS_A_DECOMPRESSION_FAILURE: Decompression failed. |
413 | * @GNUTLS_A_HANDSHAKE_FAILURE: Handshake failed. |
414 | * @GNUTLS_A_SSL3_NO_CERTIFICATE: No certificate. |
415 | * @GNUTLS_A_BAD_CERTIFICATE: Certificate is bad. |
416 | * @GNUTLS_A_UNSUPPORTED_CERTIFICATE: Certificate is not supported. |
417 | * @GNUTLS_A_CERTIFICATE_REVOKED: Certificate was revoked. |
418 | * @GNUTLS_A_CERTIFICATE_EXPIRED: Certificate is expired. |
419 | * @GNUTLS_A_CERTIFICATE_UNKNOWN: Unknown certificate. |
420 | * @GNUTLS_A_ILLEGAL_PARAMETER: Illegal parameter. |
421 | * @GNUTLS_A_UNKNOWN_CA: CA is unknown. |
422 | * @GNUTLS_A_ACCESS_DENIED: Access was denied. |
423 | * @GNUTLS_A_DECODE_ERROR: Decode error. |
424 | * @GNUTLS_A_DECRYPT_ERROR: Decrypt error. |
425 | * @GNUTLS_A_EXPORT_RESTRICTION: Export restriction. |
426 | * @GNUTLS_A_PROTOCOL_VERSION: Error in protocol version. |
427 | * @GNUTLS_A_INSUFFICIENT_SECURITY: Insufficient security. |
428 | * @GNUTLS_A_USER_CANCELED: User canceled. |
429 | * @GNUTLS_A_INTERNAL_ERROR: Internal error. |
430 | * @GNUTLS_A_INAPPROPRIATE_FALLBACK: Inappropriate fallback, |
431 | * @GNUTLS_A_NO_RENEGOTIATION: No renegotiation is allowed. |
432 | * @GNUTLS_A_CERTIFICATE_UNOBTAINABLE: Could not retrieve the |
433 | * specified certificate. |
434 | * @GNUTLS_A_UNSUPPORTED_EXTENSION: An unsupported extension was |
435 | * sent. |
436 | * @GNUTLS_A_UNRECOGNIZED_NAME: The server name sent was not |
437 | * recognized. |
438 | * @GNUTLS_A_UNKNOWN_PSK_IDENTITY: The SRP/PSK username is missing |
439 | * or not known. |
440 | * @GNUTLS_A_NO_APPLICATION_PROTOCOL: The ALPN protocol requested is |
441 | * not supported by the peer. |
442 | * |
443 | * Enumeration of different TLS alerts. |
444 | */ |
445 | typedef enum { |
446 | GNUTLS_A_CLOSE_NOTIFY, |
447 | GNUTLS_A_UNEXPECTED_MESSAGE = 10, |
448 | GNUTLS_A_BAD_RECORD_MAC = 20, |
449 | GNUTLS_A_DECRYPTION_FAILED, |
450 | GNUTLS_A_RECORD_OVERFLOW, |
451 | GNUTLS_A_DECOMPRESSION_FAILURE = 30, |
452 | GNUTLS_A_HANDSHAKE_FAILURE = 40, |
453 | GNUTLS_A_SSL3_NO_CERTIFICATE = 41, |
454 | GNUTLS_A_BAD_CERTIFICATE = 42, |
455 | GNUTLS_A_UNSUPPORTED_CERTIFICATE, |
456 | GNUTLS_A_CERTIFICATE_REVOKED, |
457 | GNUTLS_A_CERTIFICATE_EXPIRED, |
458 | GNUTLS_A_CERTIFICATE_UNKNOWN, |
459 | GNUTLS_A_ILLEGAL_PARAMETER, |
460 | GNUTLS_A_UNKNOWN_CA, |
461 | GNUTLS_A_ACCESS_DENIED, |
462 | GNUTLS_A_DECODE_ERROR = 50, |
463 | GNUTLS_A_DECRYPT_ERROR, |
464 | GNUTLS_A_EXPORT_RESTRICTION = 60, |
465 | GNUTLS_A_PROTOCOL_VERSION = 70, |
466 | GNUTLS_A_INSUFFICIENT_SECURITY, |
467 | GNUTLS_A_INTERNAL_ERROR = 80, |
468 | GNUTLS_A_INAPPROPRIATE_FALLBACK = 86, |
469 | GNUTLS_A_USER_CANCELED = 90, |
470 | GNUTLS_A_NO_RENEGOTIATION = 100, |
471 | GNUTLS_A_UNSUPPORTED_EXTENSION = 110, |
472 | GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111, |
473 | GNUTLS_A_UNRECOGNIZED_NAME = 112, |
474 | GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115, |
475 | GNUTLS_A_NO_APPLICATION_PROTOCOL = 120 |
476 | } gnutls_alert_description_t; |
477 | |
478 | /** |
479 | * gnutls_handshake_description_t: |
480 | * @GNUTLS_HANDSHAKE_HELLO_REQUEST: Hello request. |
481 | * @GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: DTLS Hello verify request. |
482 | * @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello. |
483 | * @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello. |
484 | * @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket. |
485 | * @GNUTLS_HANDSHAKE_CERTIFICATE_PKT: Certificate packet. |
486 | * @GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: Server key exchange. |
487 | * @GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: Certificate request. |
488 | * @GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: Server hello done. |
489 | * @GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: Certificate verify. |
490 | * @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange. |
491 | * @GNUTLS_HANDSHAKE_FINISHED: Finished. |
492 | * @GNUTLS_HANDSHAKE_CERTIFICATE_STATUS: Certificate status (OCSP). |
493 | * @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental. |
494 | * @GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC: Change Cipher Spec. |
495 | * @GNUTLS_HANDSHAKE_CLIENT_HELLO_V2: SSLv2 Client Hello. |
496 | * |
497 | * Enumeration of different TLS handshake packets. |
498 | */ |
499 | typedef enum { |
500 | GNUTLS_HANDSHAKE_HELLO_REQUEST = 0, |
501 | GNUTLS_HANDSHAKE_CLIENT_HELLO = 1, |
502 | GNUTLS_HANDSHAKE_SERVER_HELLO = 2, |
503 | GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST = 3, |
504 | GNUTLS_HANDSHAKE_NEW_SESSION_TICKET = 4, |
505 | GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11, |
506 | GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12, |
507 | GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = 13, |
508 | GNUTLS_HANDSHAKE_SERVER_HELLO_DONE = 14, |
509 | GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = 15, |
510 | GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = 16, |
511 | GNUTLS_HANDSHAKE_FINISHED = 20, |
512 | GNUTLS_HANDSHAKE_CERTIFICATE_STATUS = 22, |
513 | GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23, |
514 | GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC = 254, |
515 | GNUTLS_HANDSHAKE_CLIENT_HELLO_V2 = 1024 |
516 | } gnutls_handshake_description_t; |
517 | |
518 | #define GNUTLS_HANDSHAKE_ANY ((unsigned int)-1) |
519 | |
520 | const char |
521 | *gnutls_handshake_description_get_name(gnutls_handshake_description_t |
522 | type); |
523 | |
524 | /** |
525 | * gnutls_certificate_status_t: |
526 | * @GNUTLS_CERT_INVALID: The certificate is not signed by one of the |
527 | * known authorities or the signature is invalid (deprecated by the flags |
528 | * %GNUTLS_CERT_SIGNATURE_FAILURE and %GNUTLS_CERT_SIGNER_NOT_FOUND). |
529 | * @GNUTLS_CERT_SIGNATURE_FAILURE: The signature verification failed. |
530 | * @GNUTLS_CERT_REVOKED: Certificate is revoked by its authority. In X.509 this will be |
531 | * set only if CRLs are checked. |
532 | * @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known. |
533 | * This is the case if the issuer is not included in the trusted certificate list. |
534 | * @GNUTLS_CERT_SIGNER_NOT_CA: The certificate's signer was not a CA. This |
535 | * may happen if this was a version 1 certificate, which is common with |
536 | * some CAs, or a version 3 certificate without the basic constrains extension. |
537 | * @GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: The certificate's signer constraints were |
538 | * violated. |
539 | * @GNUTLS_CERT_INSECURE_ALGORITHM: The certificate was signed using an insecure |
540 | * algorithm such as MD2 or MD5. These algorithms have been broken and |
541 | * should not be trusted. |
542 | * @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated. |
543 | * @GNUTLS_CERT_EXPIRED: The certificate has expired. |
544 | * @GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: The revocation data are old and have been superseded. |
545 | * @GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: The revocation data have a future issue date. |
546 | * @GNUTLS_CERT_UNEXPECTED_OWNER: The owner is not the expected one. |
547 | * @GNUTLS_CERT_MISMATCH: The certificate presented isn't the expected one (TOFU) |
548 | * @GNUTLS_CERT_PURPOSE_MISMATCH: The certificate or an intermediate does not match the intended purpose (extended key usage). |
549 | * @GNUTLS_CERT_MISSING_OCSP_STATUS: The certificate requires the server to send the certifiate status, but no status was received. |
550 | * @GNUTLS_CERT_INVALID_OCSP_STATUS: The received OCSP status response is invalid. |
551 | * |
552 | * Enumeration of certificate status codes. Note that the status |
553 | * bits may have different meanings in OpenPGP keys and X.509 |
554 | * certificate verification. |
555 | */ |
556 | typedef enum { |
557 | GNUTLS_CERT_INVALID = 1 << 1, |
558 | GNUTLS_CERT_REVOKED = 1 << 5, |
559 | GNUTLS_CERT_SIGNER_NOT_FOUND = 1 << 6, |
560 | GNUTLS_CERT_SIGNER_NOT_CA = 1 << 7, |
561 | GNUTLS_CERT_INSECURE_ALGORITHM = 1 << 8, |
562 | GNUTLS_CERT_NOT_ACTIVATED = 1 << 9, |
563 | GNUTLS_CERT_EXPIRED = 1 << 10, |
564 | GNUTLS_CERT_SIGNATURE_FAILURE = 1 << 11, |
565 | GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED = 1 << 12, |
566 | GNUTLS_CERT_UNEXPECTED_OWNER = 1 << 14, |
567 | GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE = 1 << 15, |
568 | GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE = 1 << 16, |
569 | GNUTLS_CERT_MISMATCH = 1 << 17, |
570 | GNUTLS_CERT_PURPOSE_MISMATCH = 1 << 18, |
571 | GNUTLS_CERT_MISSING_OCSP_STATUS = 1 << 19, |
572 | GNUTLS_CERT_INVALID_OCSP_STATUS = 1 << 20 |
573 | } gnutls_certificate_status_t; |
574 | |
575 | /** |
576 | * gnutls_certificate_request_t: |
577 | * @GNUTLS_CERT_IGNORE: Ignore certificate. |
578 | * @GNUTLS_CERT_REQUEST: Request certificate. |
579 | * @GNUTLS_CERT_REQUIRE: Require certificate. |
580 | * |
581 | * Enumeration of certificate request types. |
582 | */ |
583 | typedef enum { |
584 | GNUTLS_CERT_IGNORE = 0, |
585 | GNUTLS_CERT_REQUEST = 1, |
586 | GNUTLS_CERT_REQUIRE = 2 |
587 | } gnutls_certificate_request_t; |
588 | |
589 | /** |
590 | * gnutls_openpgp_crt_status_t: |
591 | * @GNUTLS_OPENPGP_CERT: Send entire certificate. |
592 | * @GNUTLS_OPENPGP_CERT_FINGERPRINT: Send only certificate fingerprint. |
593 | * |
594 | * Enumeration of ways to send OpenPGP certificate. |
595 | */ |
596 | typedef enum { |
597 | GNUTLS_OPENPGP_CERT = 0, |
598 | GNUTLS_OPENPGP_CERT_FINGERPRINT = 1 |
599 | } gnutls_openpgp_crt_status_t; |
600 | |
601 | /** |
602 | * gnutls_close_request_t: |
603 | * @GNUTLS_SHUT_RDWR: Disallow further receives/sends. |
604 | * @GNUTLS_SHUT_WR: Disallow further sends. |
605 | * |
606 | * Enumeration of how TLS session should be terminated. See gnutls_bye(). |
607 | */ |
608 | typedef enum { |
609 | GNUTLS_SHUT_RDWR = 0, |
610 | GNUTLS_SHUT_WR = 1 |
611 | } gnutls_close_request_t; |
612 | |
613 | /** |
614 | * gnutls_protocol_t: |
615 | * @GNUTLS_SSL3: SSL version 3.0. |
616 | * @GNUTLS_TLS1_0: TLS version 1.0. |
617 | * @GNUTLS_TLS1: Same as %GNUTLS_TLS1_0. |
618 | * @GNUTLS_TLS1_1: TLS version 1.1. |
619 | * @GNUTLS_TLS1_2: TLS version 1.2. |
620 | * @GNUTLS_DTLS1_0: DTLS version 1.0. |
621 | * @GNUTLS_DTLS1_2: DTLS version 1.2. |
622 | * @GNUTLS_DTLS0_9: DTLS version 0.9 (Cisco AnyConnect / OpenSSL 0.9.8e). |
623 | * @GNUTLS_VERSION_MAX: Maps to the highest supported TLS version. |
624 | * @GNUTLS_VERSION_UNKNOWN: Unknown SSL/TLS version. |
625 | * |
626 | * Enumeration of different SSL/TLS protocol versions. |
627 | */ |
628 | typedef enum { |
629 | GNUTLS_SSL3 = 1, |
630 | GNUTLS_TLS1_0 = 2, |
631 | GNUTLS_TLS1 = GNUTLS_TLS1_0, |
632 | GNUTLS_TLS1_1 = 3, |
633 | GNUTLS_TLS1_2 = 4, |
634 | |
635 | GNUTLS_DTLS0_9 = 200, |
636 | GNUTLS_DTLS1_0 = 201, /* 201 */ |
637 | GNUTLS_DTLS1_2 = 202, |
638 | GNUTLS_DTLS_VERSION_MIN = GNUTLS_DTLS0_9, |
639 | GNUTLS_DTLS_VERSION_MAX = GNUTLS_DTLS1_2, |
640 | GNUTLS_TLS_VERSION_MAX = GNUTLS_TLS1_2, |
641 | GNUTLS_VERSION_UNKNOWN = 0xff /* change it to 0xffff */ |
642 | } gnutls_protocol_t; |
643 | |
644 | /** |
645 | * gnutls_certificate_type_t: |
646 | * @GNUTLS_CRT_UNKNOWN: Unknown certificate type. |
647 | * @GNUTLS_CRT_X509: X.509 Certificate. |
648 | * @GNUTLS_CRT_OPENPGP: OpenPGP certificate. |
649 | * @GNUTLS_CRT_RAW: Raw public key (SubjectPublicKey) |
650 | * |
651 | * Enumeration of different certificate types. |
652 | */ |
653 | typedef enum { |
654 | GNUTLS_CRT_UNKNOWN = 0, |
655 | GNUTLS_CRT_X509 = 1, |
656 | GNUTLS_CRT_OPENPGP = 2, |
657 | GNUTLS_CRT_RAW = 3 |
658 | } gnutls_certificate_type_t; |
659 | |
660 | /** |
661 | * gnutls_x509_crt_fmt_t: |
662 | * @GNUTLS_X509_FMT_DER: X.509 certificate in DER format (binary). |
663 | * @GNUTLS_X509_FMT_PEM: X.509 certificate in PEM format (text). |
664 | * |
665 | * Enumeration of different certificate encoding formats. |
666 | */ |
667 | typedef enum { |
668 | GNUTLS_X509_FMT_DER = 0, |
669 | GNUTLS_X509_FMT_PEM = 1 |
670 | } gnutls_x509_crt_fmt_t; |
671 | |
672 | /** |
673 | * gnutls_certificate_print_formats_t: |
674 | * @GNUTLS_CRT_PRINT_FULL: Full information about certificate. |
675 | * @GNUTLS_CRT_PRINT_FULL_NUMBERS: Full information about certificate and include easy to parse public key parameters. |
676 | * @GNUTLS_CRT_PRINT_COMPACT: Information about certificate name in one line, plus identification of the public key. |
677 | * @GNUTLS_CRT_PRINT_ONELINE: Information about certificate in one line. |
678 | * @GNUTLS_CRT_PRINT_UNSIGNED_FULL: All info for an unsigned certificate. |
679 | * |
680 | * Enumeration of different certificate printing variants. |
681 | */ |
682 | typedef enum gnutls_certificate_print_formats { |
683 | GNUTLS_CRT_PRINT_FULL = 0, |
684 | GNUTLS_CRT_PRINT_ONELINE = 1, |
685 | GNUTLS_CRT_PRINT_UNSIGNED_FULL = 2, |
686 | GNUTLS_CRT_PRINT_COMPACT = 3, |
687 | GNUTLS_CRT_PRINT_FULL_NUMBERS = 4 |
688 | } gnutls_certificate_print_formats_t; |
689 | |
690 | #define GNUTLS_PK_ECC GNUTLS_PK_ECDSA |
691 | #define GNUTLS_PK_EC GNUTLS_PK_ECDSA |
692 | |
693 | /** |
694 | * gnutls_pk_algorithm_t: |
695 | * @GNUTLS_PK_UNKNOWN: Unknown public-key algorithm. |
696 | * @GNUTLS_PK_RSA: RSA public-key algorithm. |
697 | * @GNUTLS_PK_DSA: DSA public-key algorithm. |
698 | * @GNUTLS_PK_DH: Diffie-Hellman algorithm. Used to generate parameters. |
699 | * @GNUTLS_PK_ECDSA: Elliptic curve algorithm. These parameters are compatible with the ECDSA and ECDH algorithm. |
700 | * @GNUTLS_PK_ECDHX: Elliptic curve algorithm, restricted to ECDH as per rfc7748. |
701 | * |
702 | * Enumeration of different public-key algorithms. |
703 | */ |
704 | typedef enum { |
705 | GNUTLS_PK_UNKNOWN = 0, |
706 | GNUTLS_PK_RSA = 1, |
707 | GNUTLS_PK_DSA = 2, |
708 | GNUTLS_PK_DH = 3, |
709 | GNUTLS_PK_ECDSA = 4, |
710 | GNUTLS_PK_ECDHX = 5 |
711 | } gnutls_pk_algorithm_t; |
712 | |
713 | |
714 | const char *gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t algorithm); |
715 | |
716 | /** |
717 | * gnutls_sign_algorithm_t: |
718 | * @GNUTLS_SIGN_UNKNOWN: Unknown signature algorithm. |
719 | * @GNUTLS_SIGN_RSA_SHA1: Digital signature algorithm RSA with SHA-1 |
720 | * @GNUTLS_SIGN_RSA_SHA: Same as %GNUTLS_SIGN_RSA_SHA1. |
721 | * @GNUTLS_SIGN_DSA_SHA1: Digital signature algorithm DSA with SHA-1 |
722 | * @GNUTLS_SIGN_DSA_SHA224: Digital signature algorithm DSA with SHA-224 |
723 | * @GNUTLS_SIGN_DSA_SHA256: Digital signature algorithm DSA with SHA-256 |
724 | * @GNUTLS_SIGN_DSA_SHA384: Digital signature algorithm DSA with SHA-384 |
725 | * @GNUTLS_SIGN_DSA_SHA512: Digital signature algorithm DSA with SHA-512 |
726 | * @GNUTLS_SIGN_DSA_SHA: Same as %GNUTLS_SIGN_DSA_SHA1. |
727 | * @GNUTLS_SIGN_RSA_MD5: Digital signature algorithm RSA with MD5. |
728 | * @GNUTLS_SIGN_RSA_MD2: Digital signature algorithm RSA with MD2. |
729 | * @GNUTLS_SIGN_RSA_RMD160: Digital signature algorithm RSA with RMD-160. |
730 | * @GNUTLS_SIGN_RSA_SHA256: Digital signature algorithm RSA with SHA-256. |
731 | * @GNUTLS_SIGN_RSA_SHA384: Digital signature algorithm RSA with SHA-384. |
732 | * @GNUTLS_SIGN_RSA_SHA512: Digital signature algorithm RSA with SHA-512. |
733 | * @GNUTLS_SIGN_RSA_SHA224: Digital signature algorithm RSA with SHA-224. |
734 | * @GNUTLS_SIGN_ECDSA_SHA1: ECDSA with SHA1. |
735 | * @GNUTLS_SIGN_ECDSA_SHA224: Digital signature algorithm ECDSA with SHA-224. |
736 | * @GNUTLS_SIGN_ECDSA_SHA256: Digital signature algorithm ECDSA with SHA-256. |
737 | * @GNUTLS_SIGN_ECDSA_SHA384: Digital signature algorithm ECDSA with SHA-384. |
738 | * @GNUTLS_SIGN_ECDSA_SHA512: Digital signature algorithm ECDSA with SHA-512. |
739 | * @GNUTLS_SIGN_ECDSA_SHA3_224: Digital signature algorithm ECDSA with SHA3-224. |
740 | * @GNUTLS_SIGN_ECDSA_SHA3_256: Digital signature algorithm ECDSA with SHA3-256. |
741 | * @GNUTLS_SIGN_ECDSA_SHA3_384: Digital signature algorithm ECDSA with SHA3-384. |
742 | * @GNUTLS_SIGN_ECDSA_SHA3_512: Digital signature algorithm ECDSA with SHA3-512. |
743 | * @GNUTLS_SIGN_DSA_SHA3_224: Digital signature algorithm DSA with SHA3-224. |
744 | * @GNUTLS_SIGN_DSA_SHA3_256: Digital signature algorithm DSA with SHA3-256. |
745 | * @GNUTLS_SIGN_DSA_SHA3_384: Digital signature algorithm DSA with SHA3-384. |
746 | * @GNUTLS_SIGN_DSA_SHA3_512: Digital signature algorithm DSA with SHA3-512. |
747 | * @GNUTLS_SIGN_RSA_SHA3_224: Digital signature algorithm RSA with SHA3-224. |
748 | * @GNUTLS_SIGN_RSA_SHA3_256: Digital signature algorithm RSA with SHA3-256. |
749 | * @GNUTLS_SIGN_RSA_SHA3_384: Digital signature algorithm RSA with SHA3-384. |
750 | * @GNUTLS_SIGN_RSA_SHA3_512: Digital signature algorithm RSA with SHA3-512. |
751 | * |
752 | * Enumeration of different digital signature algorithms. |
753 | */ |
754 | typedef enum { |
755 | GNUTLS_SIGN_UNKNOWN = 0, |
756 | GNUTLS_SIGN_RSA_SHA1 = 1, |
757 | GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1, |
758 | GNUTLS_SIGN_DSA_SHA1 = 2, |
759 | GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1, |
760 | GNUTLS_SIGN_RSA_MD5 = 3, |
761 | GNUTLS_SIGN_RSA_MD2 = 4, |
762 | GNUTLS_SIGN_RSA_RMD160 = 5, |
763 | GNUTLS_SIGN_RSA_SHA256 = 6, |
764 | GNUTLS_SIGN_RSA_SHA384 = 7, |
765 | GNUTLS_SIGN_RSA_SHA512 = 8, |
766 | GNUTLS_SIGN_RSA_SHA224 = 9, |
767 | GNUTLS_SIGN_DSA_SHA224 = 10, |
768 | GNUTLS_SIGN_DSA_SHA256 = 11, |
769 | GNUTLS_SIGN_ECDSA_SHA1 = 12, |
770 | GNUTLS_SIGN_ECDSA_SHA224 = 13, |
771 | GNUTLS_SIGN_ECDSA_SHA256 = 14, |
772 | GNUTLS_SIGN_ECDSA_SHA384 = 15, |
773 | GNUTLS_SIGN_ECDSA_SHA512 = 16, |
774 | GNUTLS_SIGN_DSA_SHA384 = 17, |
775 | GNUTLS_SIGN_DSA_SHA512 = 18, |
776 | GNUTLS_SIGN_ECDSA_SHA3_224 = 20, |
777 | GNUTLS_SIGN_ECDSA_SHA3_256 = 21, |
778 | GNUTLS_SIGN_ECDSA_SHA3_384 = 22, |
779 | GNUTLS_SIGN_ECDSA_SHA3_512 = 23, |
780 | |
781 | GNUTLS_SIGN_DSA_SHA3_224 = 24, |
782 | GNUTLS_SIGN_DSA_SHA3_256 = 25, |
783 | GNUTLS_SIGN_DSA_SHA3_384 = 26, |
784 | GNUTLS_SIGN_DSA_SHA3_512 = 27, |
785 | GNUTLS_SIGN_RSA_SHA3_224 = 28, |
786 | GNUTLS_SIGN_RSA_SHA3_256 = 29, |
787 | GNUTLS_SIGN_RSA_SHA3_384 = 30, |
788 | GNUTLS_SIGN_RSA_SHA3_512 = 31 |
789 | } gnutls_sign_algorithm_t; |
790 | |
791 | /** |
792 | * gnutls_ecc_curve_t: |
793 | * @GNUTLS_ECC_CURVE_INVALID: Cannot be known |
794 | * @GNUTLS_ECC_CURVE_SECP192R1: the SECP192R1 curve |
795 | * @GNUTLS_ECC_CURVE_SECP224R1: the SECP224R1 curve |
796 | * @GNUTLS_ECC_CURVE_SECP256R1: the SECP256R1 curve |
797 | * @GNUTLS_ECC_CURVE_SECP384R1: the SECP384R1 curve |
798 | * @GNUTLS_ECC_CURVE_SECP521R1: the SECP521R1 curve |
799 | * @GNUTLS_ECC_CURVE_X25519: the X25519 curve (ECDH only) |
800 | * |
801 | * Enumeration of ECC curves. |
802 | */ |
803 | typedef enum { |
804 | GNUTLS_ECC_CURVE_INVALID = 0, |
805 | GNUTLS_ECC_CURVE_SECP224R1, |
806 | GNUTLS_ECC_CURVE_SECP256R1, |
807 | GNUTLS_ECC_CURVE_SECP384R1, |
808 | GNUTLS_ECC_CURVE_SECP521R1, |
809 | GNUTLS_ECC_CURVE_SECP192R1, |
810 | GNUTLS_ECC_CURVE_X25519 |
811 | } gnutls_ecc_curve_t; |
812 | |
813 | /* macros to allow specifying a specific curve in gnutls_privkey_generate() |
814 | * and gnutls_x509_privkey_generate() */ |
815 | #define GNUTLS_CURVE_TO_BITS(curve) (unsigned int)(((unsigned int)1<<31)|((unsigned int)(curve))) |
816 | #define GNUTLS_BITS_TO_CURVE(bits) (((unsigned int)(bits)) & 0x7FFFFFFF) |
817 | #define GNUTLS_BITS_ARE_CURVE(bits) (((unsigned int)(bits)) & 0x80000000) |
818 | |
819 | /** |
820 | * gnutls_sec_param_t: |
821 | * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known |
822 | * @GNUTLS_SEC_PARAM_INSECURE: Less than 42 bits of security |
823 | * @GNUTLS_SEC_PARAM_EXPORT: 42 bits of security |
824 | * @GNUTLS_SEC_PARAM_VERY_WEAK: 64 bits of security |
825 | * @GNUTLS_SEC_PARAM_WEAK: 72 bits of security |
826 | * @GNUTLS_SEC_PARAM_LOW: 80 bits of security |
827 | * @GNUTLS_SEC_PARAM_LEGACY: 96 bits of security |
828 | * @GNUTLS_SEC_PARAM_MEDIUM: 112 bits of security (used to be %GNUTLS_SEC_PARAM_NORMAL) |
829 | * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security |
830 | * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security |
831 | * @GNUTLS_SEC_PARAM_FUTURE: 256 bits of security |
832 | * |
833 | * Enumeration of security parameters for passive attacks. |
834 | */ |
835 | typedef enum { |
836 | GNUTLS_SEC_PARAM_UNKNOWN = 0, |
837 | GNUTLS_SEC_PARAM_INSECURE = 5, |
838 | GNUTLS_SEC_PARAM_EXPORT = 10, |
839 | GNUTLS_SEC_PARAM_VERY_WEAK = 15, |
840 | GNUTLS_SEC_PARAM_WEAK = 20, |
841 | GNUTLS_SEC_PARAM_LOW = 25, |
842 | GNUTLS_SEC_PARAM_LEGACY = 30, |
843 | GNUTLS_SEC_PARAM_MEDIUM = 35, |
844 | GNUTLS_SEC_PARAM_HIGH = 40, |
845 | GNUTLS_SEC_PARAM_ULTRA = 45, |
846 | GNUTLS_SEC_PARAM_FUTURE = 50 |
847 | } gnutls_sec_param_t; |
848 | |
849 | /* old name */ |
850 | #define GNUTLS_SEC_PARAM_NORMAL GNUTLS_SEC_PARAM_MEDIUM |
851 | |
852 | /** |
853 | * gnutls_channel_binding_t: |
854 | * @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding |
855 | * |
856 | * Enumeration of support channel binding types. |
857 | */ |
858 | typedef enum { |
859 | GNUTLS_CB_TLS_UNIQUE |
860 | } gnutls_channel_binding_t; |
861 | |
862 | |
863 | /* If you want to change this, then also change the define in |
864 | * gnutls_int.h, and recompile. |
865 | */ |
866 | typedef void *gnutls_transport_ptr_t; |
867 | |
868 | struct gnutls_session_int; |
869 | typedef struct gnutls_session_int *gnutls_session_t; |
870 | |
871 | struct gnutls_dh_params_int; |
872 | typedef struct gnutls_dh_params_int *gnutls_dh_params_t; |
873 | |
874 | /* XXX ugly. */ |
875 | struct gnutls_x509_privkey_int; |
876 | typedef struct gnutls_x509_privkey_int *gnutls_rsa_params_t; |
877 | |
878 | struct gnutls_priority_st; |
879 | typedef struct gnutls_priority_st *gnutls_priority_t; |
880 | |
881 | typedef struct { |
882 | unsigned char *data; |
883 | unsigned int size; |
884 | } gnutls_datum_t; |
885 | |
886 | |
887 | typedef struct gnutls_params_st { |
888 | gnutls_params_type_t type; |
889 | union params { |
890 | gnutls_dh_params_t dh; |
891 | gnutls_rsa_params_t rsa_export; |
892 | } params; |
893 | int deinit; |
894 | } gnutls_params_st; |
895 | |
896 | typedef int gnutls_params_function(gnutls_session_t, gnutls_params_type_t, |
897 | gnutls_params_st *); |
898 | |
899 | /* internal functions */ |
900 | |
901 | int gnutls_init(gnutls_session_t * session, unsigned int flags); |
902 | void gnutls_deinit(gnutls_session_t session); |
903 | #define _gnutls_deinit(x) gnutls_deinit(x) |
904 | |
905 | int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how); |
906 | |
907 | int gnutls_handshake(gnutls_session_t session); |
908 | |
909 | #define GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT ((unsigned int)-1) |
910 | #define GNUTLS_INDEFINITE_TIMEOUT ((unsigned int)-2) |
911 | void gnutls_handshake_set_timeout(gnutls_session_t session, |
912 | unsigned int ms); |
913 | int gnutls_rehandshake(gnutls_session_t session); |
914 | |
915 | gnutls_alert_description_t gnutls_alert_get(gnutls_session_t session); |
916 | int gnutls_alert_send(gnutls_session_t session, |
917 | gnutls_alert_level_t level, |
918 | gnutls_alert_description_t desc); |
919 | int gnutls_alert_send_appropriate(gnutls_session_t session, int err); |
920 | const char *gnutls_alert_get_name(gnutls_alert_description_t alert); |
921 | const char *gnutls_alert_get_strname(gnutls_alert_description_t alert); |
922 | |
923 | gnutls_sec_param_t gnutls_pk_bits_to_sec_param(gnutls_pk_algorithm_t algo, |
924 | unsigned int bits); |
925 | const char *gnutls_sec_param_get_name(gnutls_sec_param_t param); |
926 | unsigned int gnutls_sec_param_to_pk_bits(gnutls_pk_algorithm_t algo, |
927 | gnutls_sec_param_t param); |
928 | unsigned int |
929 | gnutls_sec_param_to_symmetric_bits(gnutls_sec_param_t param) __GNUTLS_CONST__; |
930 | |
931 | /* Elliptic curves */ |
932 | const char * |
933 | gnutls_ecc_curve_get_name(gnutls_ecc_curve_t curve) __GNUTLS_CONST__; |
934 | const char * |
935 | gnutls_ecc_curve_get_oid(gnutls_ecc_curve_t curve) __GNUTLS_CONST__; |
936 | |
937 | int |
938 | gnutls_ecc_curve_get_size(gnutls_ecc_curve_t curve) __GNUTLS_CONST__; |
939 | gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session); |
940 | |
941 | /* get information on the current session */ |
942 | gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session); |
943 | gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session); |
944 | gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session); |
945 | gnutls_compression_method_t |
946 | gnutls_compression_get(gnutls_session_t session); |
947 | gnutls_certificate_type_t |
948 | gnutls_certificate_type_get(gnutls_session_t session); |
949 | |
950 | int gnutls_sign_algorithm_get(gnutls_session_t session); |
951 | int gnutls_sign_algorithm_get_client(gnutls_session_t session); |
952 | |
953 | int gnutls_sign_algorithm_get_requested(gnutls_session_t session, |
954 | size_t indx, |
955 | gnutls_sign_algorithm_t * algo); |
956 | |
957 | /* the name of the specified algorithms */ |
958 | const char * |
959 | gnutls_cipher_get_name(gnutls_cipher_algorithm_t algorithm) __GNUTLS_CONST__; |
960 | const char * |
961 | gnutls_mac_get_name(gnutls_mac_algorithm_t algorithm) __GNUTLS_CONST__; |
962 | |
963 | const char * |
964 | gnutls_digest_get_name(gnutls_digest_algorithm_t algorithm) __GNUTLS_CONST__; |
965 | const char * |
966 | gnutls_digest_get_oid(gnutls_digest_algorithm_t algorithm) __GNUTLS_CONST__; |
967 | |
968 | const char * |
969 | gnutls_compression_get_name(gnutls_compression_method_t |
970 | algorithm) __GNUTLS_CONST__; |
971 | const char * |
972 | gnutls_kx_get_name(gnutls_kx_algorithm_t algorithm) __GNUTLS_CONST__; |
973 | const char * |
974 | gnutls_certificate_type_get_name(gnutls_certificate_type_t |
975 | type) __GNUTLS_CONST__; |
976 | const char * |
977 | gnutls_pk_get_name(gnutls_pk_algorithm_t algorithm) __GNUTLS_CONST__; |
978 | const char * |
979 | gnutls_pk_get_oid(gnutls_pk_algorithm_t algorithm) __GNUTLS_CONST__; |
980 | |
981 | const char * |
982 | gnutls_sign_get_name(gnutls_sign_algorithm_t algorithm) __GNUTLS_CONST__; |
983 | const char * |
984 | gnutls_sign_get_oid(gnutls_sign_algorithm_t algorithm) __GNUTLS_CONST__; |
985 | |
986 | size_t |
987 | gnutls_cipher_get_key_size(gnutls_cipher_algorithm_t algorithm) __GNUTLS_CONST__; |
988 | size_t |
989 | gnutls_mac_get_key_size(gnutls_mac_algorithm_t algorithm) __GNUTLS_CONST__; |
990 | |
991 | int gnutls_sign_is_secure(gnutls_sign_algorithm_t algorithm) __GNUTLS_CONST__; |
992 | |
993 | gnutls_digest_algorithm_t |
994 | gnutls_sign_get_hash_algorithm(gnutls_sign_algorithm_t sign) __GNUTLS_CONST__; |
995 | gnutls_pk_algorithm_t |
996 | gnutls_sign_get_pk_algorithm(gnutls_sign_algorithm_t sign) __GNUTLS_CONST__; |
997 | gnutls_sign_algorithm_t |
998 | gnutls_pk_to_sign(gnutls_pk_algorithm_t pk, |
999 | gnutls_digest_algorithm_t hash) __GNUTLS_CONST__; |
1000 | |
1001 | #define gnutls_sign_algorithm_get_name gnutls_sign_get_name |
1002 | |
1003 | gnutls_mac_algorithm_t gnutls_mac_get_id(const char *name) __GNUTLS_CONST__; |
1004 | gnutls_digest_algorithm_t gnutls_digest_get_id(const char *name) __GNUTLS_CONST__; |
1005 | |
1006 | gnutls_compression_method_t |
1007 | gnutls_compression_get_id(const char *name) __GNUTLS_CONST__; |
1008 | gnutls_cipher_algorithm_t |
1009 | gnutls_cipher_get_id(const char *name) __GNUTLS_CONST__; |
1010 | |
1011 | gnutls_kx_algorithm_t |
1012 | gnutls_kx_get_id(const char *name) __GNUTLS_CONST__; |
1013 | gnutls_protocol_t |
1014 | gnutls_protocol_get_id(const char *name) __GNUTLS_CONST__; |
1015 | gnutls_certificate_type_t |
1016 | gnutls_certificate_type_get_id(const char *name) __GNUTLS_CONST__; |
1017 | gnutls_pk_algorithm_t |
1018 | gnutls_pk_get_id(const char *name) __GNUTLS_CONST__; |
1019 | gnutls_sign_algorithm_t |
1020 | gnutls_sign_get_id(const char *name) __GNUTLS_CONST__; |
1021 | gnutls_ecc_curve_t gnutls_ecc_curve_get_id(const char *name) __GNUTLS_CONST__; |
1022 | gnutls_pk_algorithm_t gnutls_ecc_curve_get_pk(gnutls_ecc_curve_t curve) __GNUTLS_CONST__; |
1023 | |
1024 | gnutls_digest_algorithm_t |
1025 | gnutls_oid_to_digest(const char *oid) __GNUTLS_CONST__; |
1026 | gnutls_mac_algorithm_t |
1027 | gnutls_oid_to_mac(const char *oid) __GNUTLS_CONST__; |
1028 | gnutls_pk_algorithm_t |
1029 | gnutls_oid_to_pk(const char *oid) __GNUTLS_CONST__; |
1030 | gnutls_sign_algorithm_t |
1031 | gnutls_oid_to_sign(const char *oid) __GNUTLS_CONST__; |
1032 | gnutls_ecc_curve_t |
1033 | gnutls_oid_to_ecc_curve(const char *oid) __GNUTLS_CONST__; |
1034 | |
1035 | /* list supported algorithms */ |
1036 | const gnutls_ecc_curve_t * |
1037 | gnutls_ecc_curve_list(void) __GNUTLS_PURE__; |
1038 | const gnutls_cipher_algorithm_t * |
1039 | gnutls_cipher_list(void) __GNUTLS_PURE__; |
1040 | const gnutls_mac_algorithm_t * |
1041 | gnutls_mac_list(void) __GNUTLS_PURE__; |
1042 | const gnutls_digest_algorithm_t * |
1043 | gnutls_digest_list(void) __GNUTLS_PURE__; |
1044 | const gnutls_compression_method_t * |
1045 | gnutls_compression_list(void) __GNUTLS_PURE__; |
1046 | const gnutls_protocol_t * |
1047 | gnutls_protocol_list(void) __GNUTLS_PURE__; |
1048 | const gnutls_certificate_type_t * |
1049 | gnutls_certificate_type_list(void) __GNUTLS_PURE__; |
1050 | const gnutls_kx_algorithm_t * |
1051 | gnutls_kx_list(void) __GNUTLS_PURE__; |
1052 | const gnutls_pk_algorithm_t * |
1053 | gnutls_pk_list(void) __GNUTLS_PURE__; |
1054 | const gnutls_sign_algorithm_t * |
1055 | gnutls_sign_list(void) __GNUTLS_PURE__; |
1056 | const char * |
1057 | gnutls_cipher_suite_info(size_t idx, |
1058 | unsigned char *cs_id, |
1059 | gnutls_kx_algorithm_t * kx, |
1060 | gnutls_cipher_algorithm_t * cipher, |
1061 | gnutls_mac_algorithm_t * mac, |
1062 | gnutls_protocol_t * min_version); |
1063 | |
1064 | /* error functions */ |
1065 | int gnutls_error_is_fatal(int error) __GNUTLS_CONST__; |
1066 | int gnutls_error_to_alert(int err, int *level); |
1067 | |
1068 | void gnutls_perror(int error); |
1069 | const char * gnutls_strerror(int error) __GNUTLS_CONST__; |
1070 | const char * gnutls_strerror_name(int error) __GNUTLS_CONST__; |
1071 | |
1072 | /* Semi-internal functions. |
1073 | */ |
1074 | void gnutls_handshake_set_private_extensions(gnutls_session_t session, |
1075 | int allow); |
1076 | int gnutls_handshake_set_random(gnutls_session_t session, |
1077 | const gnutls_datum_t * random); |
1078 | |
1079 | gnutls_handshake_description_t |
1080 | gnutls_handshake_get_last_out(gnutls_session_t session); |
1081 | gnutls_handshake_description_t |
1082 | gnutls_handshake_get_last_in(gnutls_session_t session); |
1083 | |
1084 | /* Record layer functions. |
1085 | */ |
1086 | #define GNUTLS_HEARTBEAT_WAIT 1 |
1087 | int gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size, |
1088 | unsigned int max_tries, unsigned int flags); |
1089 | int gnutls_heartbeat_pong(gnutls_session_t session, unsigned int flags); |
1090 | |
1091 | void gnutls_record_set_timeout(gnutls_session_t session, unsigned int ms); |
1092 | void gnutls_record_disable_padding(gnutls_session_t session); |
1093 | |
1094 | void gnutls_record_cork(gnutls_session_t session); |
1095 | #define GNUTLS_RECORD_WAIT 1 |
1096 | int gnutls_record_uncork(gnutls_session_t session, unsigned int flags); |
1097 | size_t gnutls_record_discard_queued(gnutls_session_t session); |
1098 | |
1099 | int |
1100 | gnutls_record_get_state(gnutls_session_t session, |
1101 | unsigned read, |
1102 | gnutls_datum_t *mac_key, |
1103 | gnutls_datum_t *IV, |
1104 | gnutls_datum_t *cipher_key, |
1105 | unsigned char seq_number[8]); |
1106 | |
1107 | int |
1108 | gnutls_record_set_state(gnutls_session_t session, |
1109 | unsigned read, |
1110 | unsigned char seq_number[8]); |
1111 | |
1112 | typedef struct { |
1113 | size_t low; |
1114 | size_t high; |
1115 | } gnutls_range_st; |
1116 | |
1117 | int gnutls_range_split(gnutls_session_t session, |
1118 | const gnutls_range_st * orig, |
1119 | gnutls_range_st * small_range, |
1120 | gnutls_range_st * rem_range); |
1121 | |
1122 | ssize_t gnutls_record_send(gnutls_session_t session, const void *data, |
1123 | size_t data_size); |
1124 | ssize_t gnutls_record_send_range(gnutls_session_t session, |
1125 | const void *data, size_t data_size, |
1126 | const gnutls_range_st * range); |
1127 | ssize_t gnutls_record_recv(gnutls_session_t session, void *data, |
1128 | size_t data_size); |
1129 | |
1130 | typedef struct mbuffer_st *gnutls_packet_t; |
1131 | |
1132 | ssize_t |
1133 | gnutls_record_recv_packet(gnutls_session_t session, |
1134 | gnutls_packet_t *packet); |
1135 | |
1136 | void gnutls_packet_get(gnutls_packet_t packet, gnutls_datum_t *data, unsigned char *sequence); |
1137 | void gnutls_packet_deinit(gnutls_packet_t packet); |
1138 | |
1139 | #define gnutls_read gnutls_record_recv |
1140 | #define gnutls_write gnutls_record_send |
1141 | ssize_t gnutls_record_recv_seq(gnutls_session_t session, void *data, |
1142 | size_t data_size, unsigned char *seq); |
1143 | |
1144 | size_t gnutls_record_overhead_size(gnutls_session_t session); |
1145 | |
1146 | size_t |
1147 | gnutls_est_record_overhead_size(gnutls_protocol_t version, |
1148 | gnutls_cipher_algorithm_t cipher, |
1149 | gnutls_mac_algorithm_t mac, |
1150 | gnutls_compression_method_t comp, |
1151 | unsigned int flags) __GNUTLS_CONST__; |
1152 | |
1153 | void gnutls_session_enable_compatibility_mode(gnutls_session_t session); |
1154 | #define gnutls_record_set_max_empty_records(session, x) |
1155 | |
1156 | int gnutls_record_can_use_length_hiding(gnutls_session_t session); |
1157 | |
1158 | int gnutls_record_get_direction(gnutls_session_t session); |
1159 | |
1160 | size_t gnutls_record_get_max_size(gnutls_session_t session); |
1161 | ssize_t gnutls_record_set_max_size(gnutls_session_t session, size_t size); |
1162 | |
1163 | size_t gnutls_record_check_pending(gnutls_session_t session); |
1164 | size_t gnutls_record_check_corked(gnutls_session_t session); |
1165 | |
1166 | void gnutls_session_force_valid(gnutls_session_t session); |
1167 | |
1168 | int gnutls_prf(gnutls_session_t session, |
1169 | size_t label_size, const char *label, |
1170 | int server_random_first, |
1171 | size_t , const char *, |
1172 | size_t outsize, char *out); |
1173 | int gnutls_prf_rfc5705(gnutls_session_t session, |
1174 | size_t label_size, const char *label, |
1175 | size_t context_size, const char *context, |
1176 | size_t outsize, char *out); |
1177 | |
1178 | int gnutls_prf_raw(gnutls_session_t session, |
1179 | size_t label_size, const char *label, |
1180 | size_t seed_size, const char *seed, |
1181 | size_t outsize, char *out); |
1182 | |
1183 | /** |
1184 | * gnutls_server_name_type_t: |
1185 | * @GNUTLS_NAME_DNS: Domain Name System name type. |
1186 | * |
1187 | * Enumeration of different server name types. |
1188 | */ |
1189 | typedef enum { |
1190 | GNUTLS_NAME_DNS = 1 |
1191 | } gnutls_server_name_type_t; |
1192 | |
1193 | int gnutls_server_name_set(gnutls_session_t session, |
1194 | gnutls_server_name_type_t type, |
1195 | const void *name, size_t name_length); |
1196 | |
1197 | int gnutls_server_name_get(gnutls_session_t session, |
1198 | void *data, size_t * data_length, |
1199 | unsigned int *type, unsigned int indx); |
1200 | |
1201 | unsigned int gnutls_heartbeat_get_timeout(gnutls_session_t session); |
1202 | void gnutls_heartbeat_set_timeouts(gnutls_session_t session, |
1203 | unsigned int retrans_timeout, |
1204 | unsigned int total_timeout); |
1205 | |
1206 | #define GNUTLS_HB_PEER_ALLOWED_TO_SEND (1) |
1207 | #define GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND (1<<1) |
1208 | |
1209 | /* Heartbeat */ |
1210 | void gnutls_heartbeat_enable(gnutls_session_t session, unsigned int type); |
1211 | |
1212 | #define GNUTLS_HB_LOCAL_ALLOWED_TO_SEND (1<<2) |
1213 | int gnutls_heartbeat_allowed(gnutls_session_t session, unsigned int type); |
1214 | |
1215 | /* Safe renegotiation */ |
1216 | unsigned gnutls_safe_renegotiation_status(gnutls_session_t session); |
1217 | unsigned gnutls_session_ext_master_secret_status(gnutls_session_t session); |
1218 | unsigned gnutls_session_etm_status(gnutls_session_t session); |
1219 | |
1220 | /** |
1221 | * gnutls_session_flags_t: |
1222 | * @GNUTLS_SFLAGS_SAFE_RENEGOTIATION: Safe renegotiation (RFC5746) was used |
1223 | * @GNUTLS_SFLAGS_EXT_MASTER_SECRET: The extended master secret (RFC7627) extension was used |
1224 | * @GNUTLS_SFLAGS_ETM: The encrypt then MAC (RFC7366) extension was used |
1225 | * @GNUTLS_SFLAGS_HB_LOCAL_SEND: The heartbeat negotiation allows the local side to send heartbeat messages |
1226 | * @GNUTLS_SFLAGS_HB_PEER_SEND: The heartbeat negotiation allows the peer to send heartbeat messages |
1227 | * @GNUTLS_SFLAGS_FALSE_START: The appdata set with gnutls_handshake_set_appdata() were sent during handshake (false start) |
1228 | * |
1229 | * Enumeration of different session parameters. |
1230 | */ |
1231 | typedef enum { |
1232 | GNUTLS_SFLAGS_SAFE_RENEGOTIATION = 1, |
1233 | GNUTLS_SFLAGS_EXT_MASTER_SECRET = 1<<1, |
1234 | GNUTLS_SFLAGS_ETM = 1<<2, |
1235 | GNUTLS_SFLAGS_HB_LOCAL_SEND = 1<<3, |
1236 | GNUTLS_SFLAGS_HB_PEER_SEND = 1<<4, |
1237 | GNUTLS_SFLAGS_FALSE_START = 1<<5 |
1238 | } gnutls_session_flags_t; |
1239 | |
1240 | unsigned gnutls_session_get_flags(gnutls_session_t session); |
1241 | |
1242 | /** |
1243 | * gnutls_supplemental_data_format_type_t: |
1244 | * @GNUTLS_SUPPLEMENTAL_UNKNOWN: Unknown data format |
1245 | * |
1246 | * Enumeration of different supplemental data types (RFC 4680). |
1247 | */ |
1248 | typedef enum { |
1249 | GNUTLS_SUPPLEMENTAL_UNKNOWN = 0, |
1250 | } gnutls_supplemental_data_format_type_t; |
1251 | |
1252 | const char |
1253 | *gnutls_supplemental_get_name(gnutls_supplemental_data_format_type_t type); |
1254 | |
1255 | /* SessionTicket, RFC 5077. */ |
1256 | int gnutls_session_ticket_key_generate(gnutls_datum_t * key); |
1257 | int gnutls_session_ticket_enable_client(gnutls_session_t session); |
1258 | int gnutls_session_ticket_enable_server(gnutls_session_t session, |
1259 | const gnutls_datum_t * key); |
1260 | |
1261 | /* SRTP, RFC 5764 */ |
1262 | |
1263 | /** |
1264 | * gnutls_srtp_profile_t: |
1265 | * @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80: 128 bit AES with a 80 bit HMAC-SHA1 |
1266 | * @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32: 128 bit AES with a 32 bit HMAC-SHA1 |
1267 | * @GNUTLS_SRTP_NULL_HMAC_SHA1_80: NULL cipher with a 80 bit HMAC-SHA1 |
1268 | * @GNUTLS_SRTP_NULL_HMAC_SHA1_32: NULL cipher with a 32 bit HMAC-SHA1 |
1269 | * |
1270 | * Enumeration of different SRTP protection profiles. |
1271 | */ |
1272 | typedef enum { |
1273 | GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80 = 0x0001, |
1274 | GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32 = 0x0002, |
1275 | GNUTLS_SRTP_NULL_HMAC_SHA1_80 = 0x0005, |
1276 | GNUTLS_SRTP_NULL_HMAC_SHA1_32 = 0x0006 |
1277 | } gnutls_srtp_profile_t; |
1278 | |
1279 | int gnutls_srtp_set_profile(gnutls_session_t session, |
1280 | gnutls_srtp_profile_t profile); |
1281 | int gnutls_srtp_set_profile_direct(gnutls_session_t session, |
1282 | const char *profiles, |
1283 | const char **err_pos); |
1284 | int gnutls_srtp_get_selected_profile(gnutls_session_t session, |
1285 | gnutls_srtp_profile_t * profile); |
1286 | |
1287 | const char *gnutls_srtp_get_profile_name(gnutls_srtp_profile_t profile); |
1288 | int gnutls_srtp_get_profile_id(const char *name, |
1289 | gnutls_srtp_profile_t * profile); |
1290 | int gnutls_srtp_get_keys(gnutls_session_t session, |
1291 | void *key_material, |
1292 | unsigned int key_material_size, |
1293 | gnutls_datum_t * client_key, |
1294 | gnutls_datum_t * client_salt, |
1295 | gnutls_datum_t * server_key, |
1296 | gnutls_datum_t * server_salt); |
1297 | |
1298 | int gnutls_srtp_set_mki(gnutls_session_t session, |
1299 | const gnutls_datum_t * mki); |
1300 | int gnutls_srtp_get_mki(gnutls_session_t session, gnutls_datum_t * mki); |
1301 | |
1302 | /* ALPN TLS extension */ |
1303 | |
1304 | /** |
1305 | * gnutls_alpn_flags_t: |
1306 | * @GNUTLS_ALPN_MANDATORY: Require ALPN negotiation. The connection will be |
1307 | * aborted if no matching ALPN protocol is found. |
1308 | * @GNUTLS_ALPN_SERVER_PRECEDENCE: The choices set by the server |
1309 | * will take precedence over the client's. |
1310 | * |
1311 | * Enumeration of different ALPN flags. These are used by gnutls_alpn_set_protocols(). |
1312 | */ |
1313 | typedef enum { |
1314 | GNUTLS_ALPN_MANDATORY = 1, |
1315 | GNUTLS_ALPN_SERVER_PRECEDENCE = (1<<1) |
1316 | } gnutls_alpn_flags_t; |
1317 | |
1318 | #define GNUTLS_ALPN_MAND GNUTLS_ALPN_MANDATORY |
1319 | int gnutls_alpn_get_selected_protocol(gnutls_session_t session, |
1320 | gnutls_datum_t * protocol); |
1321 | int gnutls_alpn_set_protocols(gnutls_session_t session, |
1322 | const gnutls_datum_t * protocols, |
1323 | unsigned protocols_size, unsigned flags); |
1324 | |
1325 | int gnutls_key_generate(gnutls_datum_t * key, unsigned int key_size); |
1326 | |
1327 | /* if you just want some defaults, use the following. |
1328 | */ |
1329 | |
1330 | int gnutls_priority_init(gnutls_priority_t * priority_cache, |
1331 | const char *priorities, const char **err_pos); |
1332 | void gnutls_priority_deinit(gnutls_priority_t priority_cache); |
1333 | int gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache, |
1334 | unsigned int idx, |
1335 | unsigned int *sidx); |
1336 | |
1337 | #define GNUTLS_PRIORITY_LIST_INIT_KEYWORDS 1 |
1338 | #define GNUTLS_PRIORITY_LIST_SPECIAL 2 |
1339 | const char * |
1340 | gnutls_priority_string_list(unsigned iter, unsigned int flags); |
1341 | |
1342 | int gnutls_priority_set(gnutls_session_t session, |
1343 | gnutls_priority_t priority); |
1344 | int gnutls_priority_set_direct(gnutls_session_t session, |
1345 | const char *priorities, |
1346 | const char **err_pos); |
1347 | |
1348 | int gnutls_priority_certificate_type_list(gnutls_priority_t pcache, |
1349 | const unsigned int **list); |
1350 | int gnutls_priority_sign_list(gnutls_priority_t pcache, |
1351 | const unsigned int **list); |
1352 | int gnutls_priority_protocol_list(gnutls_priority_t pcache, |
1353 | const unsigned int **list); |
1354 | int gnutls_priority_compression_list(gnutls_priority_t pcache, |
1355 | const unsigned int **list); |
1356 | int gnutls_priority_ecc_curve_list(gnutls_priority_t pcache, |
1357 | const unsigned int **list); |
1358 | |
1359 | int gnutls_priority_kx_list(gnutls_priority_t pcache, |
1360 | const unsigned int **list); |
1361 | int gnutls_priority_cipher_list(gnutls_priority_t pcache, |
1362 | const unsigned int **list); |
1363 | int gnutls_priority_mac_list(gnutls_priority_t pcache, |
1364 | const unsigned int **list); |
1365 | |
1366 | /* for compatibility |
1367 | */ |
1368 | int gnutls_set_default_priority(gnutls_session_t session); |
1369 | |
1370 | /* Returns the name of a cipher suite */ |
1371 | const char * |
1372 | gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t kx_algorithm, |
1373 | gnutls_cipher_algorithm_t cipher_algorithm, |
1374 | gnutls_mac_algorithm_t mac_algorithm) __GNUTLS_CONST__; |
1375 | |
1376 | /* get the currently used protocol version */ |
1377 | gnutls_protocol_t gnutls_protocol_get_version(gnutls_session_t session); |
1378 | |
1379 | const char * |
1380 | gnutls_protocol_get_name(gnutls_protocol_t version) __GNUTLS_CONST__; |
1381 | |
1382 | |
1383 | /* get/set session |
1384 | */ |
1385 | int gnutls_session_set_data(gnutls_session_t session, |
1386 | const void *session_data, |
1387 | size_t session_data_size); |
1388 | int gnutls_session_get_data(gnutls_session_t session, void *session_data, |
1389 | size_t * session_data_size); |
1390 | int gnutls_session_get_data2(gnutls_session_t session, |
1391 | gnutls_datum_t * data); |
1392 | void gnutls_session_get_random(gnutls_session_t session, |
1393 | gnutls_datum_t * client, |
1394 | gnutls_datum_t * server); |
1395 | |
1396 | void gnutls_session_get_master_secret(gnutls_session_t session, |
1397 | gnutls_datum_t * secret); |
1398 | |
1399 | char *gnutls_session_get_desc(gnutls_session_t session); |
1400 | |
1401 | typedef int gnutls_certificate_verify_function(gnutls_session_t); |
1402 | void gnutls_session_set_verify_function(gnutls_session_t session, gnutls_certificate_verify_function * func); |
1403 | |
1404 | /** |
1405 | * gnutls_vdata_types_t: |
1406 | * @GNUTLS_DT_UNKNOWN: Unknown data type. |
1407 | * @GNUTLS_DT_DNS_HOSTNAME: The data contain a null-terminated DNS hostname; the hostname will be |
1408 | * matched using the RFC6125 rules. |
1409 | * @GNUTLS_DT_RFC822NAME: The data contain a null-terminated email address; the email will be |
1410 | * matched against the RFC822Name field of the certificate, or the EMAIL DN component if the |
1411 | * former isn't available. Prior to matching the email address will be converted to ACE |
1412 | * (ASCII-compatible-encoding). |
1413 | * @GNUTLS_DT_KEY_PURPOSE_OID: The data contain a null-terminated key purpose OID. It will be matched |
1414 | * against the certificate's Extended Key Usage extension. |
1415 | * |
1416 | * Enumeration of different typed-data options. They are used as input to certificate |
1417 | * verification functions to provide information about the name and purpose of the |
1418 | * certificate. Only a single option of a type can be provided to the relevant functions. |
1419 | */ |
1420 | typedef enum { |
1421 | GNUTLS_DT_UNKNOWN = 0, |
1422 | GNUTLS_DT_DNS_HOSTNAME = 1, |
1423 | GNUTLS_DT_KEY_PURPOSE_OID = 2, |
1424 | GNUTLS_DT_RFC822NAME = 3 |
1425 | } gnutls_vdata_types_t; |
1426 | |
1427 | typedef struct { |
1428 | gnutls_vdata_types_t type; |
1429 | unsigned char *data; |
1430 | unsigned int size; |
1431 | } gnutls_typed_vdata_st; |
1432 | |
1433 | void gnutls_session_set_verify_cert(gnutls_session_t session, |
1434 | const char *hostname, unsigned flags); |
1435 | |
1436 | void |
1437 | gnutls_session_set_verify_cert2(gnutls_session_t session, |
1438 | gnutls_typed_vdata_st * data, |
1439 | unsigned elements, unsigned flags); |
1440 | |
1441 | unsigned int gnutls_session_get_verify_cert_status(gnutls_session_t); |
1442 | |
1443 | int gnutls_session_set_premaster(gnutls_session_t session, |
1444 | unsigned int entity, |
1445 | gnutls_protocol_t version, |
1446 | gnutls_kx_algorithm_t kx, |
1447 | gnutls_cipher_algorithm_t cipher, |
1448 | gnutls_mac_algorithm_t mac, |
1449 | gnutls_compression_method_t comp, |
1450 | const gnutls_datum_t * master, |
1451 | const gnutls_datum_t * session_id); |
1452 | |
1453 | /* returns the session ID */ |
1454 | #define GNUTLS_MAX_SESSION_ID 32 |
1455 | int gnutls_session_get_id(gnutls_session_t session, void *session_id, |
1456 | size_t * session_id_size); |
1457 | int gnutls_session_get_id2(gnutls_session_t session, |
1458 | gnutls_datum_t * session_id); |
1459 | |
1460 | int gnutls_session_set_id(gnutls_session_t session, |
1461 | const gnutls_datum_t * sid); |
1462 | |
1463 | int gnutls_session_channel_binding(gnutls_session_t session, |
1464 | gnutls_channel_binding_t cbtype, |
1465 | gnutls_datum_t * cb); |
1466 | |
1467 | /* checks if this session is a resumed one |
1468 | */ |
1469 | int gnutls_session_is_resumed(gnutls_session_t session); |
1470 | int gnutls_session_resumption_requested(gnutls_session_t session); |
1471 | |
1472 | typedef int (*gnutls_db_store_func) (void *, gnutls_datum_t key, |
1473 | gnutls_datum_t data); |
1474 | typedef int (*gnutls_db_remove_func) (void *, gnutls_datum_t key); |
1475 | typedef gnutls_datum_t(*gnutls_db_retr_func) (void *, gnutls_datum_t key); |
1476 | |
1477 | void gnutls_db_set_cache_expiration(gnutls_session_t session, int seconds); |
1478 | unsigned gnutls_db_get_default_cache_expiration(void); |
1479 | |
1480 | void gnutls_db_remove_session(gnutls_session_t session); |
1481 | void gnutls_db_set_retrieve_function(gnutls_session_t session, |
1482 | gnutls_db_retr_func retr_func); |
1483 | void gnutls_db_set_remove_function(gnutls_session_t session, |
1484 | gnutls_db_remove_func rem_func); |
1485 | void gnutls_db_set_store_function(gnutls_session_t session, |
1486 | gnutls_db_store_func store_func); |
1487 | void gnutls_db_set_ptr(gnutls_session_t session, void *ptr); |
1488 | void *gnutls_db_get_ptr(gnutls_session_t session); |
1489 | int gnutls_db_check_entry(gnutls_session_t session, |
1490 | gnutls_datum_t session_entry); |
1491 | time_t gnutls_db_check_entry_time(gnutls_datum_t * entry); |
1492 | |
1493 | /** |
1494 | * gnutls_handshake_hook_func: |
1495 | * @session: the current session |
1496 | * @htype: the type of the handshake message (%gnutls_handshake_description_t) |
1497 | * @post: non zero if this is a post-process/generation call and zero otherwise |
1498 | * @incoming: non zero if this is an incoming message and zero if this is an outgoing message |
1499 | * @msg: the (const) data of the handshake message without the handshake headers. |
1500 | * |
1501 | * Function prototype for handshake hooks. It is set using |
1502 | * gnutls_handshake_set_hook_function(). |
1503 | * |
1504 | * Returns: Non zero on error. |
1505 | */ |
1506 | #define GNUTLS_HOOK_POST (1) |
1507 | #define GNUTLS_HOOK_PRE (0) |
1508 | #define GNUTLS_HOOK_BOTH (-1) |
1509 | |
1510 | typedef int (*gnutls_handshake_hook_func) (gnutls_session_t, |
1511 | unsigned int htype, |
1512 | unsigned post, |
1513 | unsigned int incoming, |
1514 | const gnutls_datum_t *msg); |
1515 | void gnutls_handshake_set_hook_function(gnutls_session_t session, |
1516 | unsigned int htype, int post, |
1517 | gnutls_handshake_hook_func func); |
1518 | |
1519 | #define gnutls_handshake_post_client_hello_func gnutls_handshake_simple_hook_func |
1520 | typedef int (*gnutls_handshake_simple_hook_func) (gnutls_session_t); |
1521 | void |
1522 | gnutls_handshake_set_post_client_hello_function(gnutls_session_t session, |
1523 | gnutls_handshake_simple_hook_func func); |
1524 | |
1525 | void gnutls_handshake_set_max_packet_length(gnutls_session_t session, |
1526 | size_t max); |
1527 | |
1528 | /* returns libgnutls version (call it with a NULL argument) |
1529 | */ |
1530 | const char * gnutls_check_version(const char *req_version) __GNUTLS_CONST__; |
1531 | |
1532 | /* A macro which will allow optimizing out calls to gnutls_check_version() |
1533 | * when the version being compiled with is sufficient. |
1534 | * Used as: |
1535 | * if (gnutls_check_version_numerc(3,3,16)) { |
1536 | */ |
1537 | #define gnutls_check_version_numeric(a,b,c) \ |
1538 | ((GNUTLS_VERSION_MAJOR >= (a)) && \ |
1539 | ((GNUTLS_VERSION_NUMBER >= ( ((a) << 16) + ((b) << 8) + (c) )) || \ |
1540 | gnutls_check_version(#a "." #b "." #c))) |
1541 | |
1542 | /* Functions for setting/clearing credentials |
1543 | */ |
1544 | void gnutls_credentials_clear(gnutls_session_t session); |
1545 | |
1546 | /* cred is a structure defined by the kx algorithm |
1547 | */ |
1548 | int gnutls_credentials_set(gnutls_session_t session, |
1549 | gnutls_credentials_type_t type, void *cred); |
1550 | int gnutls_credentials_get(gnutls_session_t session, |
1551 | gnutls_credentials_type_t type, void **cred); |
1552 | #define gnutls_cred_set gnutls_credentials_set |
1553 | |
1554 | /* x.509 types */ |
1555 | |
1556 | struct gnutls_pubkey_st; |
1557 | typedef struct gnutls_pubkey_st *gnutls_pubkey_t; |
1558 | |
1559 | struct gnutls_privkey_st; |
1560 | typedef struct gnutls_privkey_st *gnutls_privkey_t; |
1561 | |
1562 | struct gnutls_x509_privkey_int; |
1563 | typedef struct gnutls_x509_privkey_int *gnutls_x509_privkey_t; |
1564 | |
1565 | struct gnutls_x509_crl_int; |
1566 | typedef struct gnutls_x509_crl_int *gnutls_x509_crl_t; |
1567 | |
1568 | struct gnutls_x509_crt_int; |
1569 | typedef struct gnutls_x509_crt_int *gnutls_x509_crt_t; |
1570 | |
1571 | struct gnutls_x509_crq_int; |
1572 | typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t; |
1573 | |
1574 | struct gnutls_openpgp_keyring_int; |
1575 | typedef struct gnutls_openpgp_keyring_int *gnutls_openpgp_keyring_t; |
1576 | |
1577 | |
1578 | /* Credential structures - used in gnutls_credentials_set(); */ |
1579 | |
1580 | struct gnutls_certificate_credentials_st; |
1581 | typedef struct gnutls_certificate_credentials_st |
1582 | *gnutls_certificate_credentials_t; |
1583 | typedef gnutls_certificate_credentials_t |
1584 | gnutls_certificate_server_credentials; |
1585 | typedef gnutls_certificate_credentials_t |
1586 | gnutls_certificate_client_credentials; |
1587 | |
1588 | typedef struct gnutls_anon_server_credentials_st |
1589 | *gnutls_anon_server_credentials_t; |
1590 | typedef struct gnutls_anon_client_credentials_st |
1591 | *gnutls_anon_client_credentials_t; |
1592 | |
1593 | void gnutls_anon_free_server_credentials(gnutls_anon_server_credentials_t |
1594 | sc); |
1595 | int |
1596 | gnutls_anon_allocate_server_credentials(gnutls_anon_server_credentials_t |
1597 | * sc); |
1598 | |
1599 | void gnutls_anon_set_server_dh_params(gnutls_anon_server_credentials_t res, |
1600 | gnutls_dh_params_t dh_params); |
1601 | |
1602 | int |
1603 | gnutls_anon_set_server_known_dh_params(gnutls_anon_server_credentials_t res, |
1604 | gnutls_sec_param_t sec_param); |
1605 | |
1606 | void |
1607 | gnutls_anon_set_server_params_function(gnutls_anon_server_credentials_t |
1608 | res, gnutls_params_function * func); |
1609 | |
1610 | void |
1611 | gnutls_anon_free_client_credentials(gnutls_anon_client_credentials_t sc); |
1612 | int |
1613 | gnutls_anon_allocate_client_credentials(gnutls_anon_client_credentials_t |
1614 | * sc); |
1615 | |
1616 | /* CERTFILE is an x509 certificate in PEM form. |
1617 | * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys). |
1618 | */ |
1619 | void |
1620 | gnutls_certificate_free_credentials(gnutls_certificate_credentials_t sc); |
1621 | int |
1622 | gnutls_certificate_allocate_credentials(gnutls_certificate_credentials_t |
1623 | * res); |
1624 | |
1625 | int |
1626 | gnutls_certificate_get_issuer(gnutls_certificate_credentials_t sc, |
1627 | gnutls_x509_crt_t cert, |
1628 | gnutls_x509_crt_t * issuer, |
1629 | unsigned int flags); |
1630 | |
1631 | int gnutls_certificate_get_crt_raw(gnutls_certificate_credentials_t sc, |
1632 | unsigned idx1, unsigned idx2, |
1633 | gnutls_datum_t * cert); |
1634 | |
1635 | int |
1636 | gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res, |
1637 | unsigned index, |
1638 | gnutls_x509_crt_t **crt_list, |
1639 | unsigned *crt_list_size); |
1640 | |
1641 | int |
1642 | gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res, |
1643 | unsigned index, |
1644 | gnutls_x509_privkey_t *key); |
1645 | |
1646 | void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc); |
1647 | void gnutls_certificate_free_cas(gnutls_certificate_credentials_t sc); |
1648 | void gnutls_certificate_free_ca_names(gnutls_certificate_credentials_t sc); |
1649 | void gnutls_certificate_free_crls(gnutls_certificate_credentials_t sc); |
1650 | |
1651 | void gnutls_certificate_set_dh_params(gnutls_certificate_credentials_t res, |
1652 | gnutls_dh_params_t dh_params); |
1653 | |
1654 | int gnutls_certificate_set_known_dh_params(gnutls_certificate_credentials_t res, |
1655 | gnutls_sec_param_t sec_param); |
1656 | void gnutls_certificate_set_verify_flags(gnutls_certificate_credentials_t |
1657 | res, unsigned int flags); |
1658 | unsigned int |
1659 | gnutls_certificate_get_verify_flags(gnutls_certificate_credentials_t res); |
1660 | |
1661 | /** |
1662 | * gnutls_certificate_flags: |
1663 | * @GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH: Skip the key and certificate matching check. |
1664 | * @GNUTLS_CERTIFICATE_API_V2: If set the gnutls_certificate_set_*key* functions will return an index of the added key pair instead of zero. |
1665 | * |
1666 | * Enumeration of different certificate credentials flags. |
1667 | */ |
1668 | typedef enum gnutls_certificate_flags { |
1669 | GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH = 1, |
1670 | GNUTLS_CERTIFICATE_API_V2 = (1<<1) |
1671 | } gnutls_certificate_flags; |
1672 | |
1673 | void gnutls_certificate_set_flags(gnutls_certificate_credentials_t, |
1674 | unsigned flags); |
1675 | |
1676 | void gnutls_certificate_set_verify_limits(gnutls_certificate_credentials_t |
1677 | res, unsigned int max_bits, |
1678 | unsigned int max_depth); |
1679 | |
1680 | unsigned int |
1681 | gnutls_certificate_get_verify_flags(gnutls_certificate_credentials_t); |
1682 | |
1683 | int |
1684 | gnutls_certificate_set_x509_system_trust(gnutls_certificate_credentials_t |
1685 | cred); |
1686 | |
1687 | int |
1688 | gnutls_certificate_set_x509_trust_file(gnutls_certificate_credentials_t |
1689 | cred, const char *cafile, |
1690 | gnutls_x509_crt_fmt_t type); |
1691 | int |
1692 | gnutls_certificate_set_x509_trust_dir(gnutls_certificate_credentials_t cred, |
1693 | const char *ca_dir, |
1694 | gnutls_x509_crt_fmt_t type); |
1695 | |
1696 | int gnutls_certificate_set_x509_trust_mem(gnutls_certificate_credentials_t |
1697 | res, const gnutls_datum_t * ca, |
1698 | gnutls_x509_crt_fmt_t type); |
1699 | |
1700 | int |
1701 | gnutls_certificate_set_x509_crl_file(gnutls_certificate_credentials_t |
1702 | res, const char *crlfile, |
1703 | gnutls_x509_crt_fmt_t type); |
1704 | int gnutls_certificate_set_x509_crl_mem(gnutls_certificate_credentials_t |
1705 | res, const gnutls_datum_t * CRL, |
1706 | gnutls_x509_crt_fmt_t type); |
1707 | |
1708 | int |
1709 | gnutls_certificate_set_x509_key_file(gnutls_certificate_credentials_t |
1710 | res, const char *certfile, |
1711 | const char *keyfile, |
1712 | gnutls_x509_crt_fmt_t type); |
1713 | |
1714 | int |
1715 | gnutls_certificate_set_x509_key_file2(gnutls_certificate_credentials_t |
1716 | res, const char *certfile, |
1717 | const char *keyfile, |
1718 | gnutls_x509_crt_fmt_t type, |
1719 | const char *pass, |
1720 | unsigned int flags); |
1721 | |
1722 | int gnutls_certificate_set_x509_key_mem(gnutls_certificate_credentials_t |
1723 | res, const gnutls_datum_t * cert, |
1724 | const gnutls_datum_t * key, |
1725 | gnutls_x509_crt_fmt_t type); |
1726 | |
1727 | int gnutls_certificate_set_x509_key_mem2(gnutls_certificate_credentials_t |
1728 | res, const gnutls_datum_t * cert, |
1729 | const gnutls_datum_t * key, |
1730 | gnutls_x509_crt_fmt_t type, |
1731 | const char *pass, |
1732 | unsigned int flags); |
1733 | |
1734 | void gnutls_certificate_send_x509_rdn_sequence(gnutls_session_t session, |
1735 | int status); |
1736 | |
1737 | int |
1738 | gnutls_certificate_set_x509_simple_pkcs12_file |
1739 | (gnutls_certificate_credentials_t res, const char *pkcs12file, |
1740 | gnutls_x509_crt_fmt_t type, const char *password); |
1741 | int |
1742 | gnutls_certificate_set_x509_simple_pkcs12_mem |
1743 | (gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob, |
1744 | gnutls_x509_crt_fmt_t type, const char *password); |
1745 | |
1746 | /* New functions to allow setting already parsed X.509 stuff. |
1747 | */ |
1748 | |
1749 | int gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res, |
1750 | gnutls_x509_crt_t * cert_list, |
1751 | int cert_list_size, |
1752 | gnutls_x509_privkey_t key); |
1753 | int gnutls_certificate_set_x509_trust(gnutls_certificate_credentials_t res, |
1754 | gnutls_x509_crt_t * ca_list, |
1755 | int ca_list_size); |
1756 | int gnutls_certificate_set_x509_crl(gnutls_certificate_credentials_t res, |
1757 | gnutls_x509_crl_t * crl_list, |
1758 | int crl_list_size); |
1759 | |
1760 | int gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res, |
1761 | unsigned index, |
1762 | gnutls_x509_privkey_t *key); |
1763 | int gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res, |
1764 | unsigned index, |
1765 | gnutls_x509_crt_t **crt_list, |
1766 | unsigned *crt_list_size); |
1767 | |
1768 | /* OCSP status request extension, RFC 6066 */ |
1769 | typedef int (*gnutls_status_request_ocsp_func) |
1770 | (gnutls_session_t session, void *ptr, gnutls_datum_t * ocsp_response); |
1771 | |
1772 | void |
1773 | gnutls_certificate_set_ocsp_status_request_function |
1774 | (gnutls_certificate_credentials_t res, |
1775 | gnutls_status_request_ocsp_func ocsp_func, void *ptr); |
1776 | |
1777 | int |
1778 | gnutls_certificate_set_ocsp_status_request_function2 |
1779 | (gnutls_certificate_credentials_t res, unsigned idx, |
1780 | gnutls_status_request_ocsp_func ocsp_func, void *ptr); |
1781 | |
1782 | int |
1783 | gnutls_certificate_set_ocsp_status_request_file |
1784 | (gnutls_certificate_credentials_t res, const char *response_file, |
1785 | unsigned idx); |
1786 | |
1787 | int gnutls_ocsp_status_request_enable_client(gnutls_session_t session, |
1788 | gnutls_datum_t * responder_id, |
1789 | size_t responder_id_size, |
1790 | gnutls_datum_t * |
1791 | request_extensions); |
1792 | |
1793 | int gnutls_ocsp_status_request_get(gnutls_session_t session, |
1794 | gnutls_datum_t * response); |
1795 | |
1796 | #define GNUTLS_OCSP_SR_IS_AVAIL 1 |
1797 | int gnutls_ocsp_status_request_is_checked(gnutls_session_t session, |
1798 | unsigned int flags); |
1799 | |
1800 | /* global state functions |
1801 | */ |
1802 | int gnutls_global_init(void); |
1803 | void gnutls_global_deinit(void); |
1804 | |
1805 | /** |
1806 | * gnutls_time_func: |
1807 | * @t: where to store time. |
1808 | * |
1809 | * Function prototype for time()-like function. Set with |
1810 | * gnutls_global_set_time_function(). |
1811 | * |
1812 | * Returns: Number of seconds since the epoch, or (time_t)-1 on errors. |
1813 | */ |
1814 | typedef time_t(*gnutls_time_func) (time_t * t); |
1815 | |
1816 | typedef int (*mutex_init_func) (void **mutex); |
1817 | typedef int (*mutex_lock_func) (void **mutex); |
1818 | typedef int (*mutex_unlock_func) (void **mutex); |
1819 | typedef int (*mutex_deinit_func) (void **mutex); |
1820 | |
1821 | void gnutls_global_set_mutex(mutex_init_func init, |
1822 | mutex_deinit_func deinit, |
1823 | mutex_lock_func lock, |
1824 | mutex_unlock_func unlock); |
1825 | |
1826 | typedef void *(*gnutls_alloc_function) (size_t); |
1827 | typedef void *(*gnutls_calloc_function) (size_t, size_t); |
1828 | typedef int (*gnutls_is_secure_function) (const void *); |
1829 | typedef void (*gnutls_free_function) (void *); |
1830 | typedef void *(*gnutls_realloc_function) (void *, size_t); |
1831 | |
1832 | void gnutls_global_set_time_function(gnutls_time_func time_func); |
1833 | |
1834 | /* For use in callbacks */ |
1835 | extern _SYM_EXPORT gnutls_alloc_function gnutls_malloc; |
1836 | extern _SYM_EXPORT gnutls_realloc_function gnutls_realloc; |
1837 | extern _SYM_EXPORT gnutls_calloc_function gnutls_calloc; |
1838 | extern _SYM_EXPORT gnutls_free_function gnutls_free; |
1839 | |
1840 | #ifdef GNUTLS_INTERNAL_BUILD |
1841 | #define gnutls_free(a) gnutls_free((void *) (a)), a=NULL |
1842 | #endif |
1843 | |
1844 | extern _SYM_EXPORT char *(*gnutls_strdup) (const char *); |
1845 | |
1846 | /* a variant of memset that doesn't get optimized out */ |
1847 | void gnutls_memset(void *data, int c, size_t size); |
1848 | |
1849 | /* constant time memcmp */ |
1850 | int gnutls_memcmp(const void *s1, const void *s2, size_t n); |
1851 | |
1852 | typedef void (*gnutls_log_func) (int, const char *); |
1853 | typedef void (*gnutls_audit_log_func) (gnutls_session_t, const char *); |
1854 | void gnutls_global_set_log_function(gnutls_log_func log_func); |
1855 | void gnutls_global_set_audit_log_function(gnutls_audit_log_func log_func); |
1856 | void gnutls_global_set_log_level(int level); |
1857 | |
1858 | /* Diffie-Hellman parameter handling. |
1859 | */ |
1860 | int gnutls_dh_params_init(gnutls_dh_params_t * dh_params); |
1861 | void gnutls_dh_params_deinit(gnutls_dh_params_t dh_params); |
1862 | int gnutls_dh_params_import_raw(gnutls_dh_params_t dh_params, |
1863 | const gnutls_datum_t * prime, |
1864 | const gnutls_datum_t * generator); |
1865 | int gnutls_dh_params_import_dsa(gnutls_dh_params_t dh_params, gnutls_x509_privkey_t key); |
1866 | int gnutls_dh_params_import_raw2(gnutls_dh_params_t dh_params, |
1867 | const gnutls_datum_t * prime, |
1868 | const gnutls_datum_t * generator, |
1869 | unsigned key_bits); |
1870 | int gnutls_dh_params_import_pkcs3(gnutls_dh_params_t params, |
1871 | const gnutls_datum_t * pkcs3_params, |
1872 | gnutls_x509_crt_fmt_t format); |
1873 | int gnutls_dh_params_generate2(gnutls_dh_params_t params, |
1874 | unsigned int bits); |
1875 | int gnutls_dh_params_export_pkcs3(gnutls_dh_params_t params, |
1876 | gnutls_x509_crt_fmt_t format, |
1877 | unsigned char *params_data, |
1878 | size_t * params_data_size); |
1879 | int gnutls_dh_params_export2_pkcs3(gnutls_dh_params_t params, |
1880 | gnutls_x509_crt_fmt_t format, |
1881 | gnutls_datum_t * out); |
1882 | int gnutls_dh_params_export_raw(gnutls_dh_params_t params, |
1883 | gnutls_datum_t * prime, |
1884 | gnutls_datum_t * generator, |
1885 | unsigned int *bits); |
1886 | int gnutls_dh_params_cpy(gnutls_dh_params_t dst, gnutls_dh_params_t src); |
1887 | |
1888 | |
1889 | |
1890 | /* Session stuff |
1891 | */ |
1892 | typedef struct { |
1893 | void *iov_base; |
1894 | size_t iov_len; |
1895 | } giovec_t; |
1896 | |
1897 | typedef ssize_t(*gnutls_pull_func) (gnutls_transport_ptr_t, void *, |
1898 | size_t); |
1899 | typedef ssize_t(*gnutls_push_func) (gnutls_transport_ptr_t, const void *, |
1900 | size_t); |
1901 | |
1902 | int gnutls_system_recv_timeout(gnutls_transport_ptr_t ptr, unsigned int ms); |
1903 | typedef int (*gnutls_pull_timeout_func) (gnutls_transport_ptr_t, |
1904 | unsigned int ms); |
1905 | |
1906 | typedef ssize_t(*gnutls_vec_push_func) (gnutls_transport_ptr_t, |
1907 | const giovec_t * iov, int iovcnt); |
1908 | |
1909 | typedef int (*gnutls_errno_func) (gnutls_transport_ptr_t); |
1910 | |
1911 | #if 0 |
1912 | /* This will be defined as macro. */ |
1913 | void gnutls_transport_set_int (gnutls_session_t session, int r); |
1914 | #endif |
1915 | |
1916 | void gnutls_transport_set_int2(gnutls_session_t session, int r, int s); |
1917 | #define gnutls_transport_set_int(s, i) gnutls_transport_set_int2(s, i, i) |
1918 | |
1919 | void gnutls_transport_get_int2(gnutls_session_t session, int *r, int *s); |
1920 | int gnutls_transport_get_int(gnutls_session_t session); |
1921 | |
1922 | void gnutls_transport_set_ptr(gnutls_session_t session, |
1923 | gnutls_transport_ptr_t ptr); |
1924 | void gnutls_transport_set_ptr2(gnutls_session_t session, |
1925 | gnutls_transport_ptr_t recv_ptr, |
1926 | gnutls_transport_ptr_t send_ptr); |
1927 | |
1928 | gnutls_transport_ptr_t gnutls_transport_get_ptr(gnutls_session_t session); |
1929 | void gnutls_transport_get_ptr2(gnutls_session_t session, |
1930 | gnutls_transport_ptr_t * recv_ptr, |
1931 | gnutls_transport_ptr_t * send_ptr); |
1932 | |
1933 | void gnutls_transport_set_vec_push_function(gnutls_session_t session, |
1934 | gnutls_vec_push_func vec_func); |
1935 | void gnutls_transport_set_push_function(gnutls_session_t session, |
1936 | gnutls_push_func push_func); |
1937 | void gnutls_transport_set_pull_function(gnutls_session_t session, |
1938 | gnutls_pull_func pull_func); |
1939 | |
1940 | void gnutls_transport_set_pull_timeout_function(gnutls_session_t session, |
1941 | gnutls_pull_timeout_func |
1942 | func); |
1943 | |
1944 | void gnutls_transport_set_errno_function(gnutls_session_t session, |
1945 | gnutls_errno_func errno_func); |
1946 | |
1947 | void gnutls_transport_set_errno(gnutls_session_t session, int err); |
1948 | |
1949 | /* session specific |
1950 | */ |
1951 | void gnutls_session_set_ptr(gnutls_session_t session, void *ptr); |
1952 | void *gnutls_session_get_ptr(gnutls_session_t session); |
1953 | |
1954 | void gnutls_openpgp_send_cert(gnutls_session_t session, |
1955 | gnutls_openpgp_crt_status_t status); |
1956 | |
1957 | /* This function returns the hash of the given data. |
1958 | */ |
1959 | int gnutls_fingerprint(gnutls_digest_algorithm_t algo, |
1960 | const gnutls_datum_t * data, void *result, |
1961 | size_t * result_size); |
1962 | |
1963 | /** |
1964 | * gnutls_random_art_t: |
1965 | * @GNUTLS_RANDOM_ART_OPENSSH: OpenSSH-style random art. |
1966 | * |
1967 | * Enumeration of different random art types. |
1968 | */ |
1969 | typedef enum gnutls_random_art { |
1970 | GNUTLS_RANDOM_ART_OPENSSH = 1 |
1971 | } gnutls_random_art_t; |
1972 | |
1973 | int gnutls_random_art(gnutls_random_art_t type, |
1974 | const char *key_type, unsigned int key_size, |
1975 | void *fpr, size_t fpr_size, gnutls_datum_t * art); |
1976 | |
1977 | /* IDNA */ |
1978 | #define GNUTLS_IDNA_FORCE_2008 (1<<1) |
1979 | int gnutls_idna_map(const char * input, unsigned ilen, gnutls_datum_t *out, unsigned flags); |
1980 | int gnutls_idna_reverse_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsigned flags); |
1981 | |
1982 | /* SRP |
1983 | */ |
1984 | |
1985 | typedef struct gnutls_srp_server_credentials_st |
1986 | *gnutls_srp_server_credentials_t; |
1987 | typedef struct gnutls_srp_client_credentials_st |
1988 | *gnutls_srp_client_credentials_t; |
1989 | |
1990 | void |
1991 | gnutls_srp_free_client_credentials(gnutls_srp_client_credentials_t sc); |
1992 | int |
1993 | gnutls_srp_allocate_client_credentials(gnutls_srp_client_credentials_t * |
1994 | sc); |
1995 | int gnutls_srp_set_client_credentials(gnutls_srp_client_credentials_t res, |
1996 | const char *username, |
1997 | const char *password); |
1998 | |
1999 | void |
2000 | gnutls_srp_free_server_credentials(gnutls_srp_server_credentials_t sc); |
2001 | int |
2002 | gnutls_srp_allocate_server_credentials(gnutls_srp_server_credentials_t * |
2003 | sc); |
2004 | int gnutls_srp_set_server_credentials_file(gnutls_srp_server_credentials_t |
2005 | res, const char *password_file, |
2006 | const char *password_conf_file); |
2007 | |
2008 | const char *gnutls_srp_server_get_username(gnutls_session_t session); |
2009 | |
2010 | void gnutls_srp_set_prime_bits(gnutls_session_t session, |
2011 | unsigned int bits); |
2012 | |
2013 | int gnutls_srp_verifier(const char *username, |
2014 | const char *password, |
2015 | const gnutls_datum_t * salt, |
2016 | const gnutls_datum_t * generator, |
2017 | const gnutls_datum_t * prime, |
2018 | gnutls_datum_t * res); |
2019 | |
2020 | /* The static parameters defined in draft-ietf-tls-srp-05 |
2021 | * Those should be used as input to gnutls_srp_verifier(). |
2022 | */ |
2023 | extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_4096_group_prime; |
2024 | extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_4096_group_generator; |
2025 | |
2026 | extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_3072_group_prime; |
2027 | extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_3072_group_generator; |
2028 | |
2029 | extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_2048_group_prime; |
2030 | extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_2048_group_generator; |
2031 | |
2032 | extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1536_group_prime; |
2033 | extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1536_group_generator; |
2034 | |
2035 | extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1024_group_prime; |
2036 | extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1024_group_generator; |
2037 | |
2038 | /* The static parameters defined in rfc7919 |
2039 | */ |
2040 | |
2041 | extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_8192_group_prime; |
2042 | extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_8192_group_generator; |
2043 | extern _SYM_EXPORT const unsigned int gnutls_ffdhe_8192_key_bits; |
2044 | |
2045 | extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_4096_group_prime; |
2046 | extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_4096_group_generator; |
2047 | extern _SYM_EXPORT const unsigned int gnutls_ffdhe_4096_key_bits; |
2048 | |
2049 | extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_3072_group_prime; |
2050 | extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_3072_group_generator; |
2051 | extern _SYM_EXPORT const unsigned int gnutls_ffdhe_3072_key_bits; |
2052 | |
2053 | extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_2048_group_prime; |
2054 | extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_2048_group_generator; |
2055 | extern _SYM_EXPORT const unsigned int gnutls_ffdhe_2048_key_bits; |
2056 | |
2057 | typedef int gnutls_srp_server_credentials_function(gnutls_session_t, |
2058 | const char *username, |
2059 | gnutls_datum_t * salt, |
2060 | gnutls_datum_t * |
2061 | verifier, |
2062 | gnutls_datum_t * |
2063 | generator, |
2064 | gnutls_datum_t * prime); |
2065 | void |
2066 | gnutls_srp_set_server_credentials_function(gnutls_srp_server_credentials_t |
2067 | cred, |
2068 | gnutls_srp_server_credentials_function |
2069 | * func); |
2070 | |
2071 | typedef int gnutls_srp_client_credentials_function(gnutls_session_t, |
2072 | char **, char **); |
2073 | void |
2074 | gnutls_srp_set_client_credentials_function(gnutls_srp_client_credentials_t |
2075 | cred, |
2076 | gnutls_srp_client_credentials_function |
2077 | * func); |
2078 | |
2079 | int gnutls_srp_base64_encode(const gnutls_datum_t * data, char *result, |
2080 | size_t * result_size); |
2081 | int gnutls_srp_base64_encode2(const gnutls_datum_t * data, |
2082 | gnutls_datum_t * result); |
2083 | |
2084 | int gnutls_srp_base64_decode(const gnutls_datum_t * b64_data, char *result, |
2085 | size_t * result_size); |
2086 | int gnutls_srp_base64_decode2(const gnutls_datum_t * b64_data, |
2087 | gnutls_datum_t * result); |
2088 | |
2089 | #define gnutls_srp_base64_encode_alloc gnutls_srp_base64_encode2 |
2090 | #define gnutls_srp_base64_decode_alloc gnutls_srp_base64_decode2 |
2091 | |
2092 | void |
2093 | gnutls_srp_set_server_fake_salt_seed(gnutls_srp_server_credentials_t |
2094 | sc, |
2095 | const gnutls_datum_t * seed, |
2096 | unsigned int salt_length); |
2097 | |
2098 | /* PSK stuff */ |
2099 | typedef struct gnutls_psk_server_credentials_st |
2100 | *gnutls_psk_server_credentials_t; |
2101 | typedef struct gnutls_psk_client_credentials_st |
2102 | *gnutls_psk_client_credentials_t; |
2103 | |
2104 | /** |
2105 | * gnutls_psk_key_flags: |
2106 | * @GNUTLS_PSK_KEY_RAW: PSK-key in raw format. |
2107 | * @GNUTLS_PSK_KEY_HEX: PSK-key in hex format. |
2108 | * |
2109 | * Enumeration of different PSK key flags. |
2110 | */ |
2111 | typedef enum gnutls_psk_key_flags { |
2112 | GNUTLS_PSK_KEY_RAW = 0, |
2113 | GNUTLS_PSK_KEY_HEX |
2114 | } gnutls_psk_key_flags; |
2115 | |
2116 | void |
2117 | gnutls_psk_free_client_credentials(gnutls_psk_client_credentials_t sc); |
2118 | int |
2119 | gnutls_psk_allocate_client_credentials(gnutls_psk_client_credentials_t * |
2120 | sc); |
2121 | int gnutls_psk_set_client_credentials(gnutls_psk_client_credentials_t res, |
2122 | const char *username, |
2123 | const gnutls_datum_t * key, |
2124 | gnutls_psk_key_flags flags); |
2125 | |
2126 | void |
2127 | gnutls_psk_free_server_credentials(gnutls_psk_server_credentials_t sc); |
2128 | int |
2129 | gnutls_psk_allocate_server_credentials(gnutls_psk_server_credentials_t * |
2130 | sc); |
2131 | int gnutls_psk_set_server_credentials_file(gnutls_psk_server_credentials_t |
2132 | res, const char *password_file); |
2133 | |
2134 | int |
2135 | gnutls_psk_set_server_credentials_hint(gnutls_psk_server_credentials_t |
2136 | res, const char *hint); |
2137 | |
2138 | const char *gnutls_psk_server_get_username(gnutls_session_t session); |
2139 | const char *gnutls_psk_client_get_hint(gnutls_session_t session); |
2140 | |
2141 | typedef int gnutls_psk_server_credentials_function(gnutls_session_t, |
2142 | const char *username, |
2143 | gnutls_datum_t * key); |
2144 | void |
2145 | gnutls_psk_set_server_credentials_function(gnutls_psk_server_credentials_t |
2146 | cred, |
2147 | gnutls_psk_server_credentials_function |
2148 | * func); |
2149 | |
2150 | typedef int gnutls_psk_client_credentials_function(gnutls_session_t, |
2151 | char **username, |
2152 | gnutls_datum_t * key); |
2153 | void |
2154 | gnutls_psk_set_client_credentials_function(gnutls_psk_client_credentials_t |
2155 | cred, |
2156 | gnutls_psk_client_credentials_function |
2157 | * func); |
2158 | |
2159 | int gnutls_hex_encode(const gnutls_datum_t * data, char *result, |
2160 | size_t * result_size); |
2161 | int gnutls_hex_decode(const gnutls_datum_t * hex_data, void *result, |
2162 | size_t * result_size); |
2163 | |
2164 | int gnutls_hex_encode2(const gnutls_datum_t * data, gnutls_datum_t *result); |
2165 | int gnutls_hex_decode2(const gnutls_datum_t * data, gnutls_datum_t *result); |
2166 | |
2167 | void |
2168 | gnutls_psk_set_server_dh_params(gnutls_psk_server_credentials_t res, |
2169 | gnutls_dh_params_t dh_params); |
2170 | |
2171 | int |
2172 | gnutls_psk_set_server_known_dh_params(gnutls_psk_server_credentials_t res, |
2173 | gnutls_sec_param_t sec_param); |
2174 | |
2175 | void |
2176 | gnutls_psk_set_server_params_function(gnutls_psk_server_credentials_t |
2177 | res, gnutls_params_function * func); |
2178 | |
2179 | /** |
2180 | * gnutls_x509_subject_alt_name_t: |
2181 | * @GNUTLS_SAN_DNSNAME: DNS-name SAN. |
2182 | * @GNUTLS_SAN_RFC822NAME: E-mail address SAN. |
2183 | * @GNUTLS_SAN_URI: URI SAN. |
2184 | * @GNUTLS_SAN_IPADDRESS: IP address SAN. |
2185 | * @GNUTLS_SAN_OTHERNAME: OtherName SAN. |
2186 | * @GNUTLS_SAN_DN: DN SAN. |
2187 | * @GNUTLS_SAN_OTHERNAME_XMPP: Virtual SAN, used by certain functions for convenience. |
2188 | * @GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL: Virtual SAN, used by certain functions for convenience. |
2189 | * |
2190 | * Enumeration of different subject alternative names types. |
2191 | */ |
2192 | typedef enum gnutls_x509_subject_alt_name_t { |
2193 | GNUTLS_SAN_DNSNAME = 1, |
2194 | GNUTLS_SAN_RFC822NAME = 2, |
2195 | GNUTLS_SAN_URI = 3, |
2196 | GNUTLS_SAN_IPADDRESS = 4, |
2197 | GNUTLS_SAN_OTHERNAME = 5, |
2198 | GNUTLS_SAN_DN = 6, |
2199 | GNUTLS_SAN_MAX = GNUTLS_SAN_DN, |
2200 | /* The following are "virtual" subject alternative name types, in |
2201 | that they are represented by an otherName value and an OID. |
2202 | Used by gnutls_x509_crt_get_subject_alt_othername_oid. */ |
2203 | GNUTLS_SAN_OTHERNAME_XMPP = 1000, |
2204 | GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL |
2205 | } gnutls_x509_subject_alt_name_t; |
2206 | |
2207 | struct gnutls_openpgp_crt_int; |
2208 | typedef struct gnutls_openpgp_crt_int *gnutls_openpgp_crt_t; |
2209 | |
2210 | struct gnutls_openpgp_privkey_int; |
2211 | typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t; |
2212 | |
2213 | struct gnutls_pkcs11_privkey_st; |
2214 | typedef struct gnutls_pkcs11_privkey_st *gnutls_pkcs11_privkey_t; |
2215 | |
2216 | /** |
2217 | * gnutls_privkey_type_t: |
2218 | * @GNUTLS_PRIVKEY_X509: X.509 private key, #gnutls_x509_privkey_t. |
2219 | * @GNUTLS_PRIVKEY_OPENPGP: OpenPGP private key, #gnutls_openpgp_privkey_t. |
2220 | * @GNUTLS_PRIVKEY_PKCS11: PKCS11 private key, #gnutls_pkcs11_privkey_t. |
2221 | * @GNUTLS_PRIVKEY_EXT: External private key, operating using callbacks. |
2222 | * |
2223 | * Enumeration of different private key types. |
2224 | */ |
2225 | typedef enum { |
2226 | GNUTLS_PRIVKEY_X509, |
2227 | GNUTLS_PRIVKEY_OPENPGP, |
2228 | GNUTLS_PRIVKEY_PKCS11, |
2229 | GNUTLS_PRIVKEY_EXT |
2230 | } gnutls_privkey_type_t; |
2231 | |
2232 | typedef struct gnutls_retr2_st { |
2233 | gnutls_certificate_type_t cert_type; |
2234 | gnutls_privkey_type_t key_type; |
2235 | |
2236 | union { |
2237 | gnutls_x509_crt_t *x509; |
2238 | gnutls_openpgp_crt_t pgp; |
2239 | } cert; |
2240 | unsigned int ncerts; /* one for pgp keys */ |
2241 | |
2242 | union { |
2243 | gnutls_x509_privkey_t x509; |
2244 | gnutls_openpgp_privkey_t pgp; |
2245 | gnutls_pkcs11_privkey_t pkcs11; |
2246 | } key; |
2247 | |
2248 | unsigned int deinit_all; /* if non zero all keys will be deinited */ |
2249 | } gnutls_retr2_st; |
2250 | |
2251 | |
2252 | /* Functions that allow auth_info_t structures handling |
2253 | */ |
2254 | |
2255 | gnutls_credentials_type_t gnutls_auth_get_type(gnutls_session_t session); |
2256 | gnutls_credentials_type_t |
2257 | gnutls_auth_server_get_type(gnutls_session_t session); |
2258 | gnutls_credentials_type_t |
2259 | gnutls_auth_client_get_type(gnutls_session_t session); |
2260 | |
2261 | /* DH */ |
2262 | |
2263 | void gnutls_dh_set_prime_bits(gnutls_session_t session, unsigned int bits); |
2264 | int gnutls_dh_get_secret_bits(gnutls_session_t session); |
2265 | int gnutls_dh_get_peers_public_bits(gnutls_session_t session); |
2266 | int gnutls_dh_get_prime_bits(gnutls_session_t session); |
2267 | |
2268 | int gnutls_dh_get_group(gnutls_session_t session, gnutls_datum_t * raw_gen, |
2269 | gnutls_datum_t * raw_prime); |
2270 | int gnutls_dh_get_pubkey(gnutls_session_t session, |
2271 | gnutls_datum_t * raw_key); |
2272 | |
2273 | /* X509PKI */ |
2274 | |
2275 | |
2276 | /* These are set on the credentials structure. |
2277 | */ |
2278 | |
2279 | /* use gnutls_certificate_set_retrieve_function2() in abstract.h |
2280 | * instead. It's much more efficient. |
2281 | */ |
2282 | |
2283 | typedef int gnutls_certificate_retrieve_function(gnutls_session_t, |
2284 | const |
2285 | gnutls_datum_t * |
2286 | req_ca_rdn, |
2287 | int nreqs, |
2288 | const |
2289 | gnutls_pk_algorithm_t |
2290 | * pk_algos, |
2291 | int |
2292 | pk_algos_length, |
2293 | gnutls_retr2_st *); |
2294 | |
2295 | |
2296 | void |
2297 | gnutls_certificate_set_retrieve_function(gnutls_certificate_credentials_t |
2298 | cred, |
2299 | gnutls_certificate_retrieve_function |
2300 | * func); |
2301 | |
2302 | void |
2303 | gnutls_certificate_set_verify_function(gnutls_certificate_credentials_t |
2304 | cred, |
2305 | gnutls_certificate_verify_function |
2306 | * func); |
2307 | |
2308 | void |
2309 | gnutls_certificate_server_set_request(gnutls_session_t session, |
2310 | gnutls_certificate_request_t req); |
2311 | |
2312 | /* get data from the session |
2313 | */ |
2314 | const gnutls_datum_t *gnutls_certificate_get_peers(gnutls_session_t |
2315 | session, unsigned int |
2316 | *list_size); |
2317 | const gnutls_datum_t *gnutls_certificate_get_ours(gnutls_session_t |
2318 | session); |
2319 | |
2320 | int gnutls_certificate_get_peers_subkey_id(gnutls_session_t session, |
2321 | gnutls_datum_t * id); |
2322 | |
2323 | time_t gnutls_certificate_activation_time_peers(gnutls_session_t session); |
2324 | time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session); |
2325 | |
2326 | int gnutls_certificate_client_get_request_status(gnutls_session_t session); |
2327 | int gnutls_certificate_verify_peers2(gnutls_session_t session, |
2328 | unsigned int *status); |
2329 | int gnutls_certificate_verify_peers3(gnutls_session_t session, |
2330 | const char *hostname, |
2331 | unsigned int *status); |
2332 | |
2333 | int |
2334 | gnutls_certificate_verify_peers(gnutls_session_t session, |
2335 | gnutls_typed_vdata_st * data, |
2336 | unsigned int elements, |
2337 | unsigned int *status); |
2338 | |
2339 | int gnutls_certificate_verification_status_print(unsigned int status, |
2340 | gnutls_certificate_type_t |
2341 | type, |
2342 | gnutls_datum_t * out, |
2343 | unsigned int flags); |
2344 | |
2345 | int gnutls_pem_base64_encode(const char *msg, const gnutls_datum_t * data, |
2346 | char *result, size_t * result_size); |
2347 | int gnutls_pem_base64_decode(const char *, |
2348 | const gnutls_datum_t * b64_data, |
2349 | unsigned char *result, size_t * result_size); |
2350 | |
2351 | int gnutls_pem_base64_encode2(const char *msg, |
2352 | const gnutls_datum_t * data, |
2353 | gnutls_datum_t * result); |
2354 | int gnutls_pem_base64_decode2(const char *, |
2355 | const gnutls_datum_t * b64_data, |
2356 | gnutls_datum_t * result); |
2357 | |
2358 | #define gnutls_pem_base64_encode_alloc gnutls_pem_base64_encode2 |
2359 | #define gnutls_pem_base64_decode_alloc gnutls_pem_base64_decode2 |
2360 | |
2361 | /* key_usage will be an OR of the following values: |
2362 | */ |
2363 | |
2364 | /* when the key is to be used for signing: */ |
2365 | #define GNUTLS_KEY_DIGITAL_SIGNATURE 128 |
2366 | #define GNUTLS_KEY_NON_REPUDIATION 64 |
2367 | /* when the key is to be used for encryption: */ |
2368 | #define GNUTLS_KEY_KEY_ENCIPHERMENT 32 |
2369 | #define GNUTLS_KEY_DATA_ENCIPHERMENT 16 |
2370 | #define GNUTLS_KEY_KEY_AGREEMENT 8 |
2371 | #define GNUTLS_KEY_KEY_CERT_SIGN 4 |
2372 | #define GNUTLS_KEY_CRL_SIGN 2 |
2373 | #define GNUTLS_KEY_ENCIPHER_ONLY 1 |
2374 | #define GNUTLS_KEY_DECIPHER_ONLY 32768 |
2375 | |
2376 | void |
2377 | gnutls_certificate_set_params_function(gnutls_certificate_credentials_t |
2378 | res, gnutls_params_function * func); |
2379 | void gnutls_anon_set_params_function(gnutls_anon_server_credentials_t res, |
2380 | gnutls_params_function * func); |
2381 | void gnutls_psk_set_params_function(gnutls_psk_server_credentials_t res, |
2382 | gnutls_params_function * func); |
2383 | |
2384 | int gnutls_hex2bin(const char *hex_data, size_t hex_size, |
2385 | void *bin_data, size_t * bin_size); |
2386 | |
2387 | /* Trust on first use (or ssh like) functions */ |
2388 | |
2389 | /* stores the provided information to a database |
2390 | */ |
2391 | typedef int (*gnutls_tdb_store_func) (const char *db_name, |
2392 | const char *host, |
2393 | const char *service, |
2394 | time_t expiration, |
2395 | const gnutls_datum_t * pubkey); |
2396 | |
2397 | typedef int (*gnutls_tdb_store_commitment_func) (const char *db_name, |
2398 | const char *host, |
2399 | const char *service, |
2400 | time_t expiration, |
2401 | gnutls_digest_algorithm_t |
2402 | hash_algo, |
2403 | const gnutls_datum_t * |
2404 | hash); |
2405 | |
2406 | /* searches for the provided host/service pair that match the |
2407 | * provided public key in the database. */ |
2408 | typedef int (*gnutls_tdb_verify_func) (const char *db_name, |
2409 | const char *host, |
2410 | const char *service, |
2411 | const gnutls_datum_t * pubkey); |
2412 | |
2413 | |
2414 | struct gnutls_tdb_int; |
2415 | typedef struct gnutls_tdb_int *gnutls_tdb_t; |
2416 | |
2417 | int gnutls_tdb_init(gnutls_tdb_t * tdb); |
2418 | void gnutls_tdb_set_store_func(gnutls_tdb_t tdb, |
2419 | gnutls_tdb_store_func store); |
2420 | void gnutls_tdb_set_store_commitment_func(gnutls_tdb_t tdb, |
2421 | gnutls_tdb_store_commitment_func |
2422 | cstore); |
2423 | void gnutls_tdb_set_verify_func(gnutls_tdb_t tdb, |
2424 | gnutls_tdb_verify_func verify); |
2425 | void gnutls_tdb_deinit(gnutls_tdb_t tdb); |
2426 | |
2427 | int gnutls_verify_stored_pubkey(const char *db_name, |
2428 | gnutls_tdb_t tdb, |
2429 | const char *host, |
2430 | const char *service, |
2431 | gnutls_certificate_type_t cert_type, |
2432 | const gnutls_datum_t * cert, |
2433 | unsigned int flags); |
2434 | |
2435 | #define GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN 1 |
2436 | int gnutls_store_commitment(const char *db_name, |
2437 | gnutls_tdb_t tdb, |
2438 | const char *host, |
2439 | const char *service, |
2440 | gnutls_digest_algorithm_t hash_algo, |
2441 | const gnutls_datum_t * hash, |
2442 | time_t expiration, unsigned int flags); |
2443 | |
2444 | int gnutls_store_pubkey(const char *db_name, |
2445 | gnutls_tdb_t tdb, |
2446 | const char *host, |
2447 | const char *service, |
2448 | gnutls_certificate_type_t cert_type, |
2449 | const gnutls_datum_t * cert, |
2450 | time_t expiration, unsigned int flags); |
2451 | |
2452 | /* Other helper functions */ |
2453 | int gnutls_load_file(const char *filename, gnutls_datum_t * data); |
2454 | |
2455 | unsigned gnutls_url_is_supported(const char *url); |
2456 | |
2457 | /* PIN callback */ |
2458 | |
2459 | /** |
2460 | * gnutls_pin_flag_t: |
2461 | * @GNUTLS_PIN_USER: The PIN for the user. |
2462 | * @GNUTLS_PIN_SO: The PIN for the security officer (admin). |
2463 | * @GNUTLS_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and key like signing. |
2464 | * @GNUTLS_PIN_FINAL_TRY: This is the final try before blocking. |
2465 | * @GNUTLS_PIN_COUNT_LOW: Few tries remain before token blocks. |
2466 | * @GNUTLS_PIN_WRONG: Last given PIN was not correct. |
2467 | * |
2468 | * Enumeration of different flags that are input to the PIN function. |
2469 | */ |
2470 | typedef enum { |
2471 | GNUTLS_PIN_USER = (1 << 0), |
2472 | GNUTLS_PIN_SO = (1 << 1), |
2473 | GNUTLS_PIN_FINAL_TRY = (1 << 2), |
2474 | GNUTLS_PIN_COUNT_LOW = (1 << 3), |
2475 | GNUTLS_PIN_CONTEXT_SPECIFIC = (1 << 4), |
2476 | GNUTLS_PIN_WRONG = (1 << 5) |
2477 | } gnutls_pin_flag_t; |
2478 | |
2479 | #define GNUTLS_PKCS11_PIN_USER GNUTLS_PIN_USER |
2480 | #define GNUTLS_PKCS11_PIN_SO GNUTLS_PIN_SO |
2481 | #define GNUTLS_PKCS11_PIN_FINAL_TRY GNUTLS_PIN_FINAL_TRY |
2482 | #define GNUTLS_PKCS11_PIN_COUNT_LOW GNUTLS_PIN_COUNT_LOW |
2483 | #define GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC GNUTLS_PIN_CONTEXT_SPECIFIC |
2484 | #define GNUTLS_PKCS11_PIN_WRONG GNUTLS_PIN_WRONG |
2485 | |
2486 | /** |
2487 | * gnutls_pin_callback_t: |
2488 | * @userdata: user-controlled data from gnutls_pkcs11_set_pin_function(). |
2489 | * @attempt: pin-attempt counter, initially 0. |
2490 | * @token_url: URL of token. |
2491 | * @token_label: label of token. |
2492 | * @flags: a #gnutls_pin_flag_t flag. |
2493 | * @pin: buffer to hold PIN, of size @pin_max. |
2494 | * @pin_max: size of @pin buffer. |
2495 | * |
2496 | * Callback function type for PKCS#11 or TPM PIN entry. It is set by |
2497 | * functions like gnutls_pkcs11_set_pin_function(). |
2498 | * |
2499 | * The callback should provides the PIN code to unlock the token with |
2500 | * label @token_label, specified by the URL @token_url. |
2501 | * |
2502 | * The PIN code, as a NUL-terminated ASCII string, should be copied |
2503 | * into the @pin buffer (of maximum size @pin_max), and return 0 to |
2504 | * indicate success. Alternatively, the callback may return a |
2505 | * negative gnutls error code to indicate failure and cancel PIN entry |
2506 | * (in which case, the contents of the @pin parameter are ignored). |
2507 | * |
2508 | * When a PIN is required, the callback will be invoked repeatedly |
2509 | * (and indefinitely) until either the returned PIN code is correct, |
2510 | * the callback returns failure, or the token refuses login (e.g. when |
2511 | * the token is locked due to too many incorrect PINs!). For the |
2512 | * first such invocation, the @attempt counter will have value zero; |
2513 | * it will increase by one for each subsequent attempt. |
2514 | * |
2515 | * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error. |
2516 | * |
2517 | * Since: 2.12.0 |
2518 | **/ |
2519 | typedef int (*gnutls_pin_callback_t) (void *userdata, int attempt, |
2520 | const char *token_url, |
2521 | const char *token_label, |
2522 | unsigned int flags, |
2523 | char *pin, size_t pin_max); |
2524 | |
2525 | void gnutls_certificate_set_pin_function(gnutls_certificate_credentials_t, |
2526 | gnutls_pin_callback_t fn, |
2527 | void *userdata); |
2528 | |
2529 | /* Public string related functions */ |
2530 | typedef struct gnutls_buffer_st *gnutls_buffer_t; |
2531 | |
2532 | int gnutls_buffer_append_data(gnutls_buffer_t, const void *data, size_t data_size); |
2533 | |
2534 | #define GNUTLS_UTF8_IGNORE_ERRS 1 |
2535 | int gnutls_utf8_password_normalize(const unsigned char *password, unsigned password_len, |
2536 | gnutls_datum_t *out, unsigned flags); |
2537 | |
2538 | /* Public extensions related functions */ |
2539 | |
2540 | typedef void *gnutls_ext_priv_data_t; |
2541 | |
2542 | void gnutls_ext_set_data(gnutls_session_t session, unsigned type, |
2543 | gnutls_ext_priv_data_t); |
2544 | int gnutls_ext_get_data(gnutls_session_t session, unsigned type, |
2545 | gnutls_ext_priv_data_t *); |
2546 | |
2547 | typedef int (*gnutls_ext_recv_func) (gnutls_session_t session, |
2548 | const unsigned char *data, |
2549 | size_t len); |
2550 | |
2551 | typedef int (*gnutls_ext_send_func) (gnutls_session_t session, |
2552 | gnutls_buffer_t extdata); |
2553 | |
2554 | typedef void (*gnutls_ext_deinit_data_func) (gnutls_ext_priv_data_t data); |
2555 | |
2556 | typedef int (*gnutls_ext_pack_func) (gnutls_ext_priv_data_t data, |
2557 | gnutls_buffer_t packed_data); |
2558 | |
2559 | typedef int (*gnutls_ext_unpack_func) (gnutls_buffer_t packed_data, |
2560 | gnutls_ext_priv_data_t *data); |
2561 | |
2562 | |
2563 | /** |
2564 | * gnutls_ext_parse_type_t: |
2565 | * @GNUTLS_EXT_NONE: Never parsed |
2566 | * @GNUTLS_EXT_ANY: Any extension type (internal use only). |
2567 | * @GNUTLS_EXT_APPLICATION: Application extension. |
2568 | * @GNUTLS_EXT_TLS: TLS-internal extension. |
2569 | * @GNUTLS_EXT_MANDATORY: Extension parsed even if resuming (or extensions are disabled). |
2570 | * |
2571 | * Enumeration of different TLS extension types. This type is |
2572 | * to indicate whether an extension is useful to application |
2573 | * level or TLS level only. This is used to parse the |
2574 | * application level extensions before the "client_hello" callback |
2575 | * is called. |
2576 | */ |
2577 | typedef enum { |
2578 | GNUTLS_EXT_ANY = 0, |
2579 | GNUTLS_EXT_APPLICATION = 1, |
2580 | GNUTLS_EXT_TLS = 2, |
2581 | GNUTLS_EXT_MANDATORY = 3, |
2582 | GNUTLS_EXT_NONE = 4 |
2583 | } gnutls_ext_parse_type_t; |
2584 | |
2585 | /** |
2586 | * gnutls_ext_flags_t: |
2587 | * @GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL: If specified the extension registered will override the internal; this does not work with extensions existing prior to 3.5.12. |
2588 | * |
2589 | * Enumeration of different TLS extension registration flags. |
2590 | */ |
2591 | typedef enum { |
2592 | GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL = 1 |
2593 | } gnutls_ext_flags_t; |
2594 | |
2595 | /* Register a custom tls extension |
2596 | */ |
2597 | int gnutls_ext_register(const char *name, int type, gnutls_ext_parse_type_t parse_type, |
2598 | gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func, |
2599 | gnutls_ext_deinit_data_func deinit_func, gnutls_ext_pack_func pack_func, |
2600 | gnutls_ext_unpack_func unpack_func); |
2601 | |
2602 | int gnutls_session_ext_register(gnutls_session_t, const char *name, int type, gnutls_ext_parse_type_t parse_type, |
2603 | gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func, |
2604 | gnutls_ext_deinit_data_func deinit_func, gnutls_ext_pack_func pack_func, |
2605 | gnutls_ext_unpack_func unpack_func, unsigned flags); |
2606 | |
2607 | const char *gnutls_ext_get_name(unsigned int ext); |
2608 | |
2609 | /* Public supplemental data related functions */ |
2610 | |
2611 | typedef int (*gnutls_supp_recv_func) (gnutls_session_t session, |
2612 | const unsigned char * data, size_t data_size); |
2613 | typedef int (*gnutls_supp_send_func) (gnutls_session_t session, |
2614 | gnutls_buffer_t buf); |
2615 | |
2616 | int gnutls_supplemental_register(const char *name, |
2617 | gnutls_supplemental_data_format_type_t type, |
2618 | gnutls_supp_recv_func supp_recv_func, |
2619 | gnutls_supp_send_func supp_send_func); |
2620 | |
2621 | int gnutls_session_supplemental_register(gnutls_session_t session, const char *name, |
2622 | gnutls_supplemental_data_format_type_t type, |
2623 | gnutls_supp_recv_func supp_recv_func, |
2624 | gnutls_supp_send_func supp_send_func, |
2625 | unsigned int flags); |
2626 | |
2627 | void gnutls_supplemental_recv(gnutls_session_t session, unsigned do_recv_supplemental); |
2628 | |
2629 | void gnutls_supplemental_send(gnutls_session_t session, unsigned do_send_supplemental); |
2630 | |
2631 | /* FIPS140-2 related functions */ |
2632 | unsigned gnutls_fips140_mode_enabled(void); |
2633 | |
2634 | /* Gnutls error codes. The mapping to a TLS alert is also shown in |
2635 | * comments. |
2636 | */ |
2637 | |
2638 | #define GNUTLS_E_SUCCESS 0 |
2639 | #define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3 |
2640 | #define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6 |
2641 | #define GNUTLS_E_LARGE_PACKET -7 |
2642 | #define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */ |
2643 | #define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */ |
2644 | #define GNUTLS_E_INVALID_SESSION -10 |
2645 | #define GNUTLS_E_FATAL_ALERT_RECEIVED -12 |
2646 | #define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */ |
2647 | #define GNUTLS_E_WARNING_ALERT_RECEIVED -16 |
2648 | #define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18 |
2649 | #define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19 |
2650 | #define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */ |
2651 | #define GNUTLS_E_UNWANTED_ALGORITHM -22 |
2652 | #define GNUTLS_E_MPI_SCAN_FAILED -23 |
2653 | #define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */ |
2654 | #define GNUTLS_E_MEMORY_ERROR -25 |
2655 | #define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */ |
2656 | #define GNUTLS_E_COMPRESSION_FAILED -27 |
2657 | #define GNUTLS_E_AGAIN -28 |
2658 | #define GNUTLS_E_EXPIRED -29 |
2659 | #define GNUTLS_E_DB_ERROR -30 |
2660 | #define GNUTLS_E_SRP_PWD_ERROR -31 |
2661 | #define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32 |
2662 | #define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */ |
2663 | #define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS |
2664 | #define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */ |
2665 | |
2666 | #define GNUTLS_E_HASH_FAILED -33 |
2667 | #define GNUTLS_E_BASE64_DECODING_ERROR -34 |
2668 | |
2669 | #define GNUTLS_E_MPI_PRINT_FAILED -35 |
2670 | #define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */ |
2671 | #define GNUTLS_E_GOT_APPLICATION_DATA -38 |
2672 | #define GNUTLS_E_RECORD_LIMIT_REACHED -39 |
2673 | #define GNUTLS_E_ENCRYPTION_FAILED -40 |
2674 | |
2675 | #define GNUTLS_E_PK_ENCRYPTION_FAILED -44 |
2676 | #define GNUTLS_E_PK_DECRYPTION_FAILED -45 |
2677 | #define GNUTLS_E_PK_SIGN_FAILED -46 |
2678 | #define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47 |
2679 | #define GNUTLS_E_KEY_USAGE_VIOLATION -48 |
2680 | #define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */ |
2681 | #define GNUTLS_E_INVALID_REQUEST -50 |
2682 | #define GNUTLS_E_SHORT_MEMORY_BUFFER -51 |
2683 | #define GNUTLS_E_INTERRUPTED -52 |
2684 | #define GNUTLS_E_PUSH_ERROR -53 |
2685 | #define GNUTLS_E_PULL_ERROR -54 |
2686 | #define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */ |
2687 | #define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56 |
2688 | #define GNUTLS_E_PKCS1_WRONG_PAD -57 |
2689 | #define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58 |
2690 | #define GNUTLS_E_INTERNAL_ERROR -59 |
2691 | #define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63 |
2692 | #define GNUTLS_E_FILE_ERROR -64 |
2693 | #define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78 |
2694 | #define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80 |
2695 | #define GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS -81 |
2696 | |
2697 | /* returned if you need to generate temporary RSA |
2698 | * parameters. These are needed for export cipher suites. |
2699 | */ |
2700 | #define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84 |
2701 | |
2702 | #define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86 |
2703 | #define GNUTLS_E_NO_CIPHER_SUITES -87 |
2704 | |
2705 | #define GNUTLS_E_OPENPGP_GETKEY_FAILED -88 |
2706 | #define GNUTLS_E_PK_SIG_VERIFY_FAILED -89 |
2707 | |
2708 | #define GNUTLS_E_ILLEGAL_SRP_USERNAME -90 |
2709 | #define GNUTLS_E_SRP_PWD_PARSING_ERROR -91 |
2710 | #define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93 |
2711 | |
2712 | /* For certificate and key stuff |
2713 | */ |
2714 | #define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67 |
2715 | #define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68 |
2716 | #define GNUTLS_E_ASN1_DER_ERROR -69 |
2717 | #define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70 |
2718 | #define GNUTLS_E_ASN1_GENERIC_ERROR -71 |
2719 | #define GNUTLS_E_ASN1_VALUE_NOT_VALID -72 |
2720 | #define GNUTLS_E_ASN1_TAG_ERROR -73 |
2721 | #define GNUTLS_E_ASN1_TAG_IMPLICIT -74 |
2722 | #define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75 |
2723 | #define GNUTLS_E_ASN1_SYNTAX_ERROR -76 |
2724 | #define GNUTLS_E_ASN1_DER_OVERFLOW -77 |
2725 | #define GNUTLS_E_OPENPGP_UID_REVOKED -79 |
2726 | #define GNUTLS_E_CERTIFICATE_ERROR -43 |
2727 | #define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR |
2728 | #define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60 |
2729 | #define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */ |
2730 | #define GNUTLS_E_X509_UNKNOWN_SAN -62 |
2731 | #define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94 |
2732 | #define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95 |
2733 | #define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96 |
2734 | #define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97 |
2735 | #define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98 |
2736 | #define GNUTLS_E_INVALID_PASSWORD -99 |
2737 | #define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */ |
2738 | #define GNUTLS_E_CONSTRAINT_ERROR -101 |
2739 | |
2740 | #define GNUTLS_E_WARNING_IA_IPHF_RECEIVED -102 |
2741 | #define GNUTLS_E_WARNING_IA_FPHF_RECEIVED -103 |
2742 | |
2743 | #define GNUTLS_E_IA_VERIFY_FAILED -104 |
2744 | #define GNUTLS_E_UNKNOWN_ALGORITHM -105 |
2745 | #define GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM -106 |
2746 | #define GNUTLS_E_SAFE_RENEGOTIATION_FAILED -107 |
2747 | #define GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED -108 |
2748 | #define GNUTLS_E_UNKNOWN_SRP_USERNAME -109 |
2749 | #define GNUTLS_E_PREMATURE_TERMINATION -110 |
2750 | |
2751 | #define GNUTLS_E_MALFORMED_CIDR -111 |
2752 | |
2753 | #define GNUTLS_E_BASE64_ENCODING_ERROR -201 |
2754 | #define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */ |
2755 | #define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202 |
2756 | #define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203 |
2757 | |
2758 | #define GNUTLS_E_OPENPGP_KEYRING_ERROR -204 |
2759 | #define GNUTLS_E_X509_UNSUPPORTED_OID -205 |
2760 | |
2761 | #define GNUTLS_E_RANDOM_FAILED -206 |
2762 | #define -207 |
2763 | |
2764 | #define GNUTLS_E_OPENPGP_SUBKEY_ERROR -208 |
2765 | |
2766 | #define GNUTLS_E_CRYPTO_ALREADY_REGISTERED GNUTLS_E_ALREADY_REGISTERED |
2767 | #define GNUTLS_E_ALREADY_REGISTERED -209 |
2768 | |
2769 | #define GNUTLS_E_HANDSHAKE_TOO_LARGE -210 |
2770 | |
2771 | #define GNUTLS_E_CRYPTODEV_IOCTL_ERROR -211 |
2772 | #define GNUTLS_E_CRYPTODEV_DEVICE_ERROR -212 |
2773 | |
2774 | #define GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE -213 |
2775 | #define GNUTLS_E_BAD_COOKIE -214 |
2776 | #define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215 |
2777 | #define GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL -216 |
2778 | #define GNUTLS_E_INSUFFICIENT_SECURITY -217 |
2779 | |
2780 | #define GNUTLS_E_HEARTBEAT_PONG_RECEIVED -292 |
2781 | #define GNUTLS_E_HEARTBEAT_PING_RECEIVED -293 |
2782 | |
2783 | #define GNUTLS_E_UNRECOGNIZED_NAME -294 |
2784 | |
2785 | /* PKCS11 related */ |
2786 | #define GNUTLS_E_PKCS11_ERROR -300 |
2787 | #define GNUTLS_E_PKCS11_LOAD_ERROR -301 |
2788 | #define GNUTLS_E_PARSING_ERROR -302 |
2789 | #define GNUTLS_E_PKCS11_PIN_ERROR -303 |
2790 | |
2791 | #define GNUTLS_E_PKCS11_SLOT_ERROR -305 |
2792 | #define GNUTLS_E_LOCKING_ERROR -306 |
2793 | #define GNUTLS_E_PKCS11_ATTRIBUTE_ERROR -307 |
2794 | #define GNUTLS_E_PKCS11_DEVICE_ERROR -308 |
2795 | #define GNUTLS_E_PKCS11_DATA_ERROR -309 |
2796 | #define GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR -310 |
2797 | #define GNUTLS_E_PKCS11_KEY_ERROR -311 |
2798 | #define GNUTLS_E_PKCS11_PIN_EXPIRED -312 |
2799 | #define GNUTLS_E_PKCS11_PIN_LOCKED -313 |
2800 | #define GNUTLS_E_PKCS11_SESSION_ERROR -314 |
2801 | #define GNUTLS_E_PKCS11_SIGNATURE_ERROR -315 |
2802 | #define GNUTLS_E_PKCS11_TOKEN_ERROR -316 |
2803 | #define GNUTLS_E_PKCS11_USER_ERROR -317 |
2804 | |
2805 | #define GNUTLS_E_CRYPTO_INIT_FAILED -318 |
2806 | #define GNUTLS_E_TIMEDOUT -319 |
2807 | #define GNUTLS_E_USER_ERROR -320 |
2808 | #define GNUTLS_E_ECC_NO_SUPPORTED_CURVES -321 |
2809 | #define GNUTLS_E_ECC_UNSUPPORTED_CURVE -322 |
2810 | #define GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE -323 |
2811 | #define GNUTLS_E_CERTIFICATE_LIST_UNSORTED -324 |
2812 | #define GNUTLS_E_ILLEGAL_PARAMETER -325 |
2813 | #define GNUTLS_E_NO_PRIORITIES_WERE_SET -326 |
2814 | #define GNUTLS_E_X509_UNSUPPORTED_EXTENSION -327 |
2815 | #define GNUTLS_E_SESSION_EOF -328 |
2816 | |
2817 | #define GNUTLS_E_TPM_ERROR -329 |
2818 | #define GNUTLS_E_TPM_KEY_PASSWORD_ERROR -330 |
2819 | #define GNUTLS_E_TPM_SRK_PASSWORD_ERROR -331 |
2820 | #define GNUTLS_E_TPM_SESSION_ERROR -332 |
2821 | #define GNUTLS_E_TPM_KEY_NOT_FOUND -333 |
2822 | #define GNUTLS_E_TPM_UNINITIALIZED -334 |
2823 | #define GNUTLS_E_TPM_NO_LIB -335 |
2824 | |
2825 | #define GNUTLS_E_NO_CERTIFICATE_STATUS -340 |
2826 | #define GNUTLS_E_OCSP_RESPONSE_ERROR -341 |
2827 | #define GNUTLS_E_RANDOM_DEVICE_ERROR -342 |
2828 | #define GNUTLS_E_AUTH_ERROR -343 |
2829 | #define GNUTLS_E_NO_APPLICATION_PROTOCOL -344 |
2830 | #define GNUTLS_E_SOCKETS_INIT_ERROR -345 |
2831 | #define GNUTLS_E_KEY_IMPORT_FAILED -346 |
2832 | #define GNUTLS_E_INAPPROPRIATE_FALLBACK -347 /*GNUTLS_A_INAPPROPRIATE_FALLBACK*/ |
2833 | #define GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR -348 |
2834 | #define GNUTLS_E_PRIVKEY_VERIFICATION_ERROR -349 |
2835 | #define GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH -350 /*GNUTLS_A_DECODE_ERROR*/ |
2836 | #define GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING -351 |
2837 | |
2838 | #define GNUTLS_E_SELF_TEST_ERROR -400 |
2839 | #define GNUTLS_E_NO_SELF_TEST -401 |
2840 | #define GNUTLS_E_LIB_IN_ERROR_STATE -402 |
2841 | #define GNUTLS_E_PK_GENERATION_ERROR -403 |
2842 | #define GNUTLS_E_IDNA_ERROR -404 |
2843 | |
2844 | #define GNUTLS_E_NEED_FALLBACK -405 |
2845 | #define GNUTLS_E_SESSION_USER_ID_CHANGED -406 |
2846 | #define GNUTLS_E_HANDSHAKE_DURING_FALSE_START -407 |
2847 | #define GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE -408 |
2848 | #define GNUTLS_E_PK_INVALID_PUBKEY -409 |
2849 | #define GNUTLS_E_PK_INVALID_PRIVKEY -410 |
2850 | #define GNUTLS_E_NOT_YET_ACTIVATED -411 |
2851 | #define GNUTLS_E_INVALID_UTF8_STRING -412 |
2852 | #define GNUTLS_E_NO_EMBEDDED_DATA -413 |
2853 | #define GNUTLS_E_INVALID_UTF8_EMAIL -414 |
2854 | #define GNUTLS_E_INVALID_PASSWORD_STRING -415 |
2855 | |
2856 | #define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250 |
2857 | |
2858 | |
2859 | |
2860 | #define GNUTLS_E_APPLICATION_ERROR_MAX -65000 |
2861 | #define GNUTLS_E_APPLICATION_ERROR_MIN -65500 |
2862 | |
2863 | /* *INDENT-OFF* */ |
2864 | #ifdef __cplusplus |
2865 | } |
2866 | #endif |
2867 | /* *INDENT-ON* */ |
2868 | |
2869 | #include <gnutls/compat.h> |
2870 | |
2871 | #endif /* GNUTLS_H */ |
2872 | |