cosmetix
[iv.d.git] / gnutls.d
blob7eaad0d7919ec25dccaafb9ddc4ef9139045b441
1 /* -*- c -*-
2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 /* This file contains the types and prototypes for all the
24 * high level functionality of the gnutls main library.
26 * If the optional C++ binding was built, it is available in
27 * gnutls/gnutlsxx.h.
29 * The openssl compatibility layer (which is under the GNU GPL
30 * license) is in gnutls/openssl.h.
32 * The low level cipher functionality is in gnutls/crypto.h.
34 module iv.gnutls /*is aliced*/;
35 pragma(lib, "gnutls");
36 pragma(lib, "gcrypt");
38 import iv.alice;
39 import core.sys.posix.sys.types : time_t;
42 extern(C) nothrow:
44 alias gnutls_params_function = int function (gnutls_session_t, gnutls_params_type_t, gnutls_params_st *);
45 alias gnutls_certificate_verify_function = int function (gnutls_session_t);
46 alias gnutls_db_store_func = int function (void *, gnutls_datum_t key, gnutls_datum_t data);
47 alias gnutls_db_remove_func = int function (void *, gnutls_datum_t key);
48 alias gnutls_db_retr_func = gnutls_datum_t function (void *, gnutls_datum_t key);
49 alias gnutls_handshake_post_client_hello_func = int function (gnutls_session_t);
50 alias gnutls_handshake_hook_func = int function (gnutls_session_t, uint htype, uint post, uint incoming, const(gnutls_datum_t)* msg);
51 alias gnutls_time_func = time_t function (time_t * t);
52 alias mutex_init_func = int function (void **mutex);
53 alias mutex_lock_func = int function (void **mutex);
54 alias mutex_unlock_func = int function (void **mutex);
55 alias mutex_deinit_func = int function (void **mutex);
56 alias gnutls_alloc_function = void * function (usize);
57 alias gnutls_calloc_function = void * function (usize, usize);
58 alias gnutls_is_secure_function = int function (const(void)* );
59 alias gnutls_free_function = void function (void *);
60 alias gnutls_realloc_function = void * function (void *, usize);
61 alias gnutls_log_func = void function (int, const(char)* );
62 alias gnutls_audit_log_func = void function (gnutls_session_t, const(char)* );
63 alias gnutls_pull_func = ssize function (gnutls_transport_ptr_t, void *, usize);
64 alias gnutls_push_func = ssize function (gnutls_transport_ptr_t, const(void)* , usize);
65 alias gnutls_pull_timeout_func = int function (gnutls_transport_ptr_t, uint ms);
66 alias gnutls_vec_push_func = ssize function (gnutls_transport_ptr_t, const(giovec_t)* iov, int iovcnt);
67 alias gnutls_errno_func = int function (gnutls_transport_ptr_t);
68 alias gnutls_srp_server_credentials_function = int function (gnutls_session_t, const(char)* username, gnutls_datum_t* salt, gnutls_datum_t* verifier, gnutls_datum_t* generator, gnutls_datum_t* prime);
69 alias gnutls_srp_client_credentials_function = int function (gnutls_session_t, char **, char **);
70 alias gnutls_psk_server_credentials_function = int function (gnutls_session_t, const(char)* username, gnutls_datum_t* key);
71 alias gnutls_psk_client_credentials_function = int function (gnutls_session_t, char** username, gnutls_datum_t* key);
72 alias gnutls_certificate_retrieve_function = int function (gnutls_session_t, const(gnutls_datum_t)* req_ca_rdn, int nreqs, const(gnutls_pk_algorithm_t)* pk_algos, int pk_algos_length, gnutls_retr2_st*);
73 alias gnutls_tdb_store_func = int function (const(char)* db_name, const(char)* host, const(char)* service, time_t expiration, const(gnutls_datum_t)* pubkey);
74 alias gnutls_tdb_store_commitment_func = int function (const(char)* db_name, const(char)* host, const(char)* service, time_t expiration, gnutls_digest_algorithm_t hash_algo, const(gnutls_datum_t)* hash);
75 alias gnutls_tdb_verify_func = int function (const(char)* db_name, const(char)* host, const(char)* service, const(gnutls_datum_t)* pubkey);
76 alias gnutls_pin_callback_t = int function (void *userdata, int attempt, const(char)* token_url, const(char)* token_label, uint flags, char* pin, usize pin_max);
77 alias gnutls_ext_recv_func = int function (gnutls_session_t session, const(ubyte)* data, usize len);
78 alias gnutls_ext_send_func = int function (gnutls_session_t session, gnutls_buffer_t extdata);
79 alias gnutls_ext_deinit_data_func = void function (gnutls_ext_priv_data_t data);
80 alias gnutls_ext_pack_func = int function (gnutls_ext_priv_data_t data, gnutls_buffer_t packed_data);
81 alias gnutls_ext_unpack_func = int function (gnutls_buffer_t packed_data, gnutls_ext_priv_data_t *data);
82 alias gnutls_supp_recv_func = int function (gnutls_session_t session, const(ubyte)* data, usize data_size);
83 alias gnutls_supp_send_func = int function (gnutls_session_t session, gnutls_buffer_t buf);
86 @nogc:
87 enum GNUTLS_VERSION = "3.4.10";
89 enum GNUTLS_VERSION_MAJOR = 3;
90 enum GNUTLS_VERSION_MINOR = 4;
91 enum GNUTLS_VERSION_PATCH = 10;
93 enum GNUTLS_VERSION_NUMBER = 0x03040a;
95 enum GNUTLS_CIPHER_RIJNDAEL_128_CBC = GNUTLS_CIPHER_AES_128_CBC;
96 enum GNUTLS_CIPHER_RIJNDAEL_256_CBC = GNUTLS_CIPHER_AES_256_CBC;
97 enum GNUTLS_CIPHER_RIJNDAEL_CBC = GNUTLS_CIPHER_AES_128_CBC;
98 enum GNUTLS_CIPHER_ARCFOUR = GNUTLS_CIPHER_ARCFOUR_128;
100 /* Use the following definition globally in your program to disable
101 * implicit initialization of gnutls. */
102 /*???
103 #define GNUTLS_SKIP_GLOBAL_INIT int _gnutls_global_init_skip() @nogc; \
104 int _gnutls_global_init_skip(void) {return 1;}
108 * gnutls_cipher_algorithm_t:
109 * @GNUTLS_CIPHER_UNKNOWN: Value to identify an unknown/unsupported algorithm.
110 * @GNUTLS_CIPHER_NULL: The NULL (identity) encryption algorithm.
111 * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys.
112 * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode.
113 * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys.
114 * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys.
115 * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.
116 * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.
117 * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.
118 * @GNUTLS_CIPHER_CAMELLIA_192_CBC: Camellia in CBC mode with 192-bit keys.
119 * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.
120 * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.
121 * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
122 * @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys.
123 * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys.
124 * @GNUTLS_CIPHER_AES_128_CCM: AES in CCM mode with 128-bit keys.
125 * @GNUTLS_CIPHER_AES_256_CCM: AES in CCM mode with 256-bit keys.
126 * @GNUTLS_CIPHER_AES_128_CCM_8: AES in CCM mode with 64-bit tag and 128-bit keys.
127 * @GNUTLS_CIPHER_AES_256_CCM_8: AES in CCM mode with 64-bit tag and 256-bit keys.
128 * @GNUTLS_CIPHER_CAMELLIA_128_GCM: CAMELLIA in GCM mode with 128-bit keys.
129 * @GNUTLS_CIPHER_CAMELLIA_256_GCM: CAMELLIA in GCM mode with 256-bit keys.
130 * @GNUTLS_CIPHER_SALSA20_256: Salsa20 with 256-bit keys.
131 * @GNUTLS_CIPHER_ESTREAM_SALSA20_256: Estream's Salsa20 variant with 256-bit keys.
132 * @GNUTLS_CIPHER_CHACHA20_POLY1305: The Chacha20 cipher with the Poly1305 authenticator (AEAD).
133 * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode (placeholder - unsupported).
134 * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode (placeholder - unsupported).
135 * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode (placeholder - unsupported).
136 * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode (placeholder - unsupported).
137 * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit keys (placeholder - unsupported).
138 * @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit keys (placeholder - unsupported).
139 * @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit keys (placeholder - unsupported).
140 * @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit keys (placeholder - unsupported).
141 * @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB mode (placeholder - unsupported).
143 * Enumeration of different symmetric encryption algorithms.
145 alias gnutls_cipher_algorithm = gnutls_cipher_algorithm_t;
146 alias gnutls_cipher_algorithm_t = int;
147 enum : int {
148 GNUTLS_CIPHER_UNKNOWN = 0,
149 GNUTLS_CIPHER_NULL = 1,
150 GNUTLS_CIPHER_ARCFOUR_128 = 2,
151 GNUTLS_CIPHER_3DES_CBC = 3,
152 GNUTLS_CIPHER_AES_128_CBC = 4,
153 GNUTLS_CIPHER_AES_256_CBC = 5,
154 GNUTLS_CIPHER_ARCFOUR_40 = 6,
155 GNUTLS_CIPHER_CAMELLIA_128_CBC = 7,
156 GNUTLS_CIPHER_CAMELLIA_256_CBC = 8,
157 GNUTLS_CIPHER_AES_192_CBC = 9,
158 GNUTLS_CIPHER_AES_128_GCM = 10,
159 GNUTLS_CIPHER_AES_256_GCM = 11,
160 GNUTLS_CIPHER_CAMELLIA_192_CBC = 12,
161 GNUTLS_CIPHER_SALSA20_256 = 13,
162 GNUTLS_CIPHER_ESTREAM_SALSA20_256 = 14,
163 GNUTLS_CIPHER_CAMELLIA_128_GCM = 15,
164 GNUTLS_CIPHER_CAMELLIA_256_GCM = 16,
165 GNUTLS_CIPHER_RC2_40_CBC = 17,
166 GNUTLS_CIPHER_DES_CBC = 18,
167 GNUTLS_CIPHER_AES_128_CCM = 19,
168 GNUTLS_CIPHER_AES_256_CCM = 20,
169 GNUTLS_CIPHER_AES_128_CCM_8 = 21,
170 GNUTLS_CIPHER_AES_256_CCM_8 = 22,
171 GNUTLS_CIPHER_CHACHA20_POLY1305 = 23,
173 /* used only for PGP internals. Ignored in TLS/SSL
175 GNUTLS_CIPHER_IDEA_PGP_CFB = 200,
176 GNUTLS_CIPHER_3DES_PGP_CFB = 201,
177 GNUTLS_CIPHER_CAST5_PGP_CFB = 202,
178 GNUTLS_CIPHER_BLOWFISH_PGP_CFB = 203,
179 GNUTLS_CIPHER_SAFER_SK128_PGP_CFB = 204,
180 GNUTLS_CIPHER_AES128_PGP_CFB = 205,
181 GNUTLS_CIPHER_AES192_PGP_CFB = 206,
182 GNUTLS_CIPHER_AES256_PGP_CFB = 207,
183 GNUTLS_CIPHER_TWOFISH_PGP_CFB = 208
187 * gnutls_kx_algorithm_t:
188 * @GNUTLS_KX_UNKNOWN: Unknown key-exchange algorithm.
189 * @GNUTLS_KX_RSA: RSA key-exchange algorithm.
190 * @GNUTLS_KX_DHE_DSS: DHE-DSS key-exchange algorithm.
191 * @GNUTLS_KX_DHE_RSA: DHE-RSA key-exchange algorithm.
192 * @GNUTLS_KX_ECDHE_RSA: ECDHE-RSA key-exchange algorithm.
193 * @GNUTLS_KX_ECDHE_ECDSA: ECDHE-ECDSA key-exchange algorithm.
194 * @GNUTLS_KX_ANON_DH: Anon-DH key-exchange algorithm.
195 * @GNUTLS_KX_ANON_ECDH: Anon-ECDH key-exchange algorithm.
196 * @GNUTLS_KX_SRP: SRP key-exchange algorithm.
197 * @GNUTLS_KX_RSA_EXPORT: RSA-EXPORT key-exchange algorithm (defunc).
198 * @GNUTLS_KX_SRP_RSA: SRP-RSA key-exchange algorithm.
199 * @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm.
200 * @GNUTLS_KX_PSK: PSK key-exchange algorithm.
201 * @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm.
202 * @GNUTLS_KX_ECDHE_PSK: ECDHE-PSK key-exchange algorithm.
203 * @GNUTLS_KX_RSA_PSK: RSA-PSK key-exchange algorithm.
205 * Enumeration of different key exchange algorithms.
207 alias gnutls_kx_algorithm_t = int;
208 enum : int {
209 GNUTLS_KX_UNKNOWN = 0,
210 GNUTLS_KX_RSA = 1,
211 GNUTLS_KX_DHE_DSS = 2,
212 GNUTLS_KX_DHE_RSA = 3,
213 GNUTLS_KX_ANON_DH = 4,
214 GNUTLS_KX_SRP = 5,
215 GNUTLS_KX_RSA_EXPORT = 6,
216 GNUTLS_KX_SRP_RSA = 7,
217 GNUTLS_KX_SRP_DSS = 8,
218 GNUTLS_KX_PSK = 9,
219 GNUTLS_KX_DHE_PSK = 10,
220 GNUTLS_KX_ANON_ECDH = 11,
221 GNUTLS_KX_ECDHE_RSA = 12,
222 GNUTLS_KX_ECDHE_ECDSA = 13,
223 GNUTLS_KX_ECDHE_PSK = 14,
224 GNUTLS_KX_RSA_PSK = 15
228 * gnutls_params_type_t:
229 * @GNUTLS_PARAMS_RSA_EXPORT: Session RSA-EXPORT parameters (defunc).
230 * @GNUTLS_PARAMS_DH: Session Diffie-Hellman parameters.
231 * @GNUTLS_PARAMS_ECDH: Session Elliptic-Curve Diffie-Hellman parameters.
233 * Enumeration of different TLS session parameter types.
235 alias gnutls_params_type_t = int;
236 enum : int {
237 GNUTLS_PARAMS_RSA_EXPORT = 1,
238 GNUTLS_PARAMS_DH = 2,
239 GNUTLS_PARAMS_ECDH = 3
243 * gnutls_credentials_type_t:
244 * @GNUTLS_CRD_CERTIFICATE: Certificate credential.
245 * @GNUTLS_CRD_ANON: Anonymous credential.
246 * @GNUTLS_CRD_SRP: SRP credential.
247 * @GNUTLS_CRD_PSK: PSK credential.
248 * @GNUTLS_CRD_IA: IA credential.
250 * Enumeration of different credential types.
252 alias gnutls_credentials_type_t = int;
253 enum : int {
254 GNUTLS_CRD_CERTIFICATE = 1,
255 GNUTLS_CRD_ANON,
256 GNUTLS_CRD_SRP,
257 GNUTLS_CRD_PSK,
258 GNUTLS_CRD_IA
261 enum GNUTLS_MAC_SHA = GNUTLS_MAC_SHA1;
262 enum GNUTLS_DIG_SHA = GNUTLS_DIG_SHA1;
265 * gnutls_mac_algorithm_t:
266 * @GNUTLS_MAC_UNKNOWN: Unknown MAC algorithm.
267 * @GNUTLS_MAC_NULL: NULL MAC algorithm (empty output).
268 * @GNUTLS_MAC_MD5: HMAC-MD5 algorithm.
269 * @GNUTLS_MAC_SHA1: HMAC-SHA-1 algorithm.
270 * @GNUTLS_MAC_RMD160: HMAC-RMD160 algorithm.
271 * @GNUTLS_MAC_MD2: HMAC-MD2 algorithm.
272 * @GNUTLS_MAC_SHA256: HMAC-SHA-256 algorithm.
273 * @GNUTLS_MAC_SHA384: HMAC-SHA-384 algorithm.
274 * @GNUTLS_MAC_SHA512: HMAC-SHA-512 algorithm.
275 * @GNUTLS_MAC_SHA224: HMAC-SHA-224 algorithm.
276 * @GNUTLS_MAC_AEAD: MAC implicit through AEAD cipher.
277 * @GNUTLS_MAC_UMAC_96: The UMAC-96 MAC algorithm.
278 * @GNUTLS_MAC_UMAC_128: The UMAC-128 MAC algorithm.
280 * Enumeration of different Message Authentication Code (MAC)
281 * algorithms.
283 alias gnutls_mac_algorithm_t = int;
284 enum : int {
285 GNUTLS_MAC_UNKNOWN = 0,
286 GNUTLS_MAC_NULL = 1,
287 GNUTLS_MAC_MD5 = 2,
288 GNUTLS_MAC_SHA1 = 3,
289 GNUTLS_MAC_RMD160 = 4,
290 GNUTLS_MAC_MD2 = 5,
291 GNUTLS_MAC_SHA256 = 6,
292 GNUTLS_MAC_SHA384 = 7,
293 GNUTLS_MAC_SHA512 = 8,
294 GNUTLS_MAC_SHA224 = 9,
295 /* If you add anything here, make sure you align with
296 gnutls_digest_algorithm_t. */
297 GNUTLS_MAC_AEAD = 200, /* indicates that MAC is on the cipher */
298 GNUTLS_MAC_UMAC_96 = 201,
299 GNUTLS_MAC_UMAC_128 = 202
303 * gnutls_digest_algorithm_t:
304 * @GNUTLS_DIG_UNKNOWN: Unknown hash algorithm.
305 * @GNUTLS_DIG_NULL: NULL hash algorithm (empty output).
306 * @GNUTLS_DIG_MD5: MD5 algorithm.
307 * @GNUTLS_DIG_SHA1: SHA-1 algorithm.
308 * @GNUTLS_DIG_RMD160: RMD160 algorithm.
309 * @GNUTLS_DIG_MD2: MD2 algorithm.
310 * @GNUTLS_DIG_SHA256: SHA-256 algorithm.
311 * @GNUTLS_DIG_SHA384: SHA-384 algorithm.
312 * @GNUTLS_DIG_SHA512: SHA-512 algorithm.
313 * @GNUTLS_DIG_SHA224: SHA-224 algorithm.
315 * Enumeration of different digest (hash) algorithms.
317 alias gnutls_digest_algorithm_t = int;
318 enum : int {
319 GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN,
320 GNUTLS_DIG_NULL = GNUTLS_MAC_NULL,
321 GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5,
322 GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1,
323 GNUTLS_DIG_RMD160 = GNUTLS_MAC_RMD160,
324 GNUTLS_DIG_MD2 = GNUTLS_MAC_MD2,
325 GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256,
326 GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384,
327 GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512,
328 GNUTLS_DIG_SHA224 = GNUTLS_MAC_SHA224
329 /* If you add anything here, make sure you align with
330 gnutls_mac_algorithm_t. */
333 /* exported for other gnutls headers. This is the maximum number of
334 * algorithms (ciphers, kx or macs).
336 enum GNUTLS_MAX_ALGORITHM_NUM = 32;
337 enum GNUTLS_MAX_SESSION_ID_SIZE = 32;
341 * gnutls_compression_method_t:
342 * @GNUTLS_COMP_UNKNOWN: Unknown compression method.
343 * @GNUTLS_COMP_NULL: The NULL compression method (no compression).
344 * @GNUTLS_COMP_DEFLATE: The DEFLATE compression method from zlib.
345 * @GNUTLS_COMP_ZLIB: Same as %GNUTLS_COMP_DEFLATE.
347 * Enumeration of different TLS compression methods.
349 alias gnutls_compression_method_t = int;
350 enum : int {
351 GNUTLS_COMP_UNKNOWN = 0,
352 GNUTLS_COMP_NULL = 1,
353 GNUTLS_COMP_DEFLATE = 2,
354 GNUTLS_COMP_ZLIB = GNUTLS_COMP_DEFLATE
358 * Flags for gnutls_init()
360 * @GNUTLS_SERVER: Connection end is a server.
361 * @GNUTLS_CLIENT: Connection end is a client.
362 * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS).
363 * @GNUTLS_NONBLOCK: Connection should not block.
364 * @GNUTLS_NO_SIGNAL: In systems where SIGPIPE is delivered on send, it will be disabled. That flag has effect in systems which support the MSG_NOSIGNAL sockets flag.
365 * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default.
366 * @GNUTLS_NO_REPLAY_PROTECTION: Disable any replay protection in DTLS.
369 enum GNUTLS_SERVER = 1;
370 enum GNUTLS_CLIENT = (1<<1);
371 enum GNUTLS_DATAGRAM = (1<<2);
372 enum GNUTLS_NONBLOCK = (1<<3);
373 enum GNUTLS_NO_EXTENSIONS = (1<<4);
374 enum GNUTLS_NO_REPLAY_PROTECTION = (1<<5);
375 enum GNUTLS_NO_SIGNAL = (1<<6);
378 * gnutls_alert_level_t:
379 * @GNUTLS_AL_WARNING: Alert of warning severity.
380 * @GNUTLS_AL_FATAL: Alert of fatal severity.
382 * Enumeration of different TLS alert severities.
384 alias gnutls_alert_level_t = int;
385 enum : int {
386 GNUTLS_AL_WARNING = 1,
387 GNUTLS_AL_FATAL
391 * gnutls_alert_description_t:
392 * @GNUTLS_A_CLOSE_NOTIFY: Close notify.
393 * @GNUTLS_A_UNEXPECTED_MESSAGE: Unexpected message.
394 * @GNUTLS_A_BAD_RECORD_MAC: Bad record MAC.
395 * @GNUTLS_A_DECRYPTION_FAILED: Decryption failed.
396 * @GNUTLS_A_RECORD_OVERFLOW: Record overflow.
397 * @GNUTLS_A_DECOMPRESSION_FAILURE: Decompression failed.
398 * @GNUTLS_A_HANDSHAKE_FAILURE: Handshake failed.
399 * @GNUTLS_A_SSL3_NO_CERTIFICATE: No certificate.
400 * @GNUTLS_A_BAD_CERTIFICATE: Certificate is bad.
401 * @GNUTLS_A_UNSUPPORTED_CERTIFICATE: Certificate is not supported.
402 * @GNUTLS_A_CERTIFICATE_REVOKED: Certificate was revoked.
403 * @GNUTLS_A_CERTIFICATE_EXPIRED: Certificate is expired.
404 * @GNUTLS_A_CERTIFICATE_UNKNOWN: Unknown certificate.
405 * @GNUTLS_A_ILLEGAL_PARAMETER: Illegal parameter.
406 * @GNUTLS_A_UNKNOWN_CA: CA is unknown.
407 * @GNUTLS_A_ACCESS_DENIED: Access was denied.
408 * @GNUTLS_A_DECODE_ERROR: Decode error.
409 * @GNUTLS_A_DECRYPT_ERROR: Decrypt error.
410 * @GNUTLS_A_EXPORT_RESTRICTION: Export restriction.
411 * @GNUTLS_A_PROTOCOL_VERSION: Error in protocol version.
412 * @GNUTLS_A_INSUFFICIENT_SECURITY: Insufficient security.
413 * @GNUTLS_A_USER_CANCELED: User canceled.
414 * @GNUTLS_A_INTERNAL_ERROR: Internal error.
415 * @GNUTLS_A_INAPPROPRIATE_FALLBACK: Inappropriate fallback,
416 * @GNUTLS_A_NO_RENEGOTIATION: No renegotiation is allowed.
417 * @GNUTLS_A_CERTIFICATE_UNOBTAINABLE: Could not retrieve the
418 * specified certificate.
419 * @GNUTLS_A_UNSUPPORTED_EXTENSION: An unsupported extension was
420 * sent.
421 * @GNUTLS_A_UNRECOGNIZED_NAME: The server name sent was not
422 * recognized.
423 * @GNUTLS_A_UNKNOWN_PSK_IDENTITY: The SRP/PSK username is missing
424 * or not known.
425 * @GNUTLS_A_NO_APPLICATION_PROTOCOL: The ALPN protocol requested is
426 * not supported by the peer.
428 * Enumeration of different TLS alerts.
430 alias gnutls_alert_description_t = int;
431 enum : int {
432 GNUTLS_A_CLOSE_NOTIFY,
433 GNUTLS_A_UNEXPECTED_MESSAGE = 10,
434 GNUTLS_A_BAD_RECORD_MAC = 20,
435 GNUTLS_A_DECRYPTION_FAILED,
436 GNUTLS_A_RECORD_OVERFLOW,
437 GNUTLS_A_DECOMPRESSION_FAILURE = 30,
438 GNUTLS_A_HANDSHAKE_FAILURE = 40,
439 GNUTLS_A_SSL3_NO_CERTIFICATE = 41,
440 GNUTLS_A_BAD_CERTIFICATE = 42,
441 GNUTLS_A_UNSUPPORTED_CERTIFICATE,
442 GNUTLS_A_CERTIFICATE_REVOKED,
443 GNUTLS_A_CERTIFICATE_EXPIRED,
444 GNUTLS_A_CERTIFICATE_UNKNOWN,
445 GNUTLS_A_ILLEGAL_PARAMETER,
446 GNUTLS_A_UNKNOWN_CA,
447 GNUTLS_A_ACCESS_DENIED,
448 GNUTLS_A_DECODE_ERROR = 50,
449 GNUTLS_A_DECRYPT_ERROR,
450 GNUTLS_A_EXPORT_RESTRICTION = 60,
451 GNUTLS_A_PROTOCOL_VERSION = 70,
452 GNUTLS_A_INSUFFICIENT_SECURITY,
453 GNUTLS_A_INTERNAL_ERROR = 80,
454 GNUTLS_A_INAPPROPRIATE_FALLBACK = 86,
455 GNUTLS_A_USER_CANCELED = 90,
456 GNUTLS_A_NO_RENEGOTIATION = 100,
457 GNUTLS_A_UNSUPPORTED_EXTENSION = 110,
458 GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111,
459 GNUTLS_A_UNRECOGNIZED_NAME = 112,
460 GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115,
461 GNUTLS_A_NO_APPLICATION_PROTOCOL = 120
465 * gnutls_handshake_description_t:
466 * @GNUTLS_HANDSHAKE_HELLO_REQUEST: Hello request.
467 * @GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: DTLS Hello verify request.
468 * @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello.
469 * @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello.
470 * @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket.
471 * @GNUTLS_HANDSHAKE_CERTIFICATE_PKT: Certificate packet.
472 * @GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: Server key exchange.
473 * @GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: Certificate request.
474 * @GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: Server hello done.
475 * @GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: Certificate verify.
476 * @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange.
477 * @GNUTLS_HANDSHAKE_FINISHED: Finished.
478 * @GNUTLS_HANDSHAKE_CERTIFICATE_STATUS: Certificate status (OCSP).
479 * @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental.
480 * @GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC: Change Cipher Spec.
481 * @GNUTLS_HANDSHAKE_CLIENT_HELLO_V2: SSLv2 Client Hello.
483 * Enumeration of different TLS handshake packets.
485 alias gnutls_handshake_description_t = int;
486 enum : int {
487 GNUTLS_HANDSHAKE_HELLO_REQUEST = 0,
488 GNUTLS_HANDSHAKE_CLIENT_HELLO = 1,
489 GNUTLS_HANDSHAKE_SERVER_HELLO = 2,
490 GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST = 3,
491 GNUTLS_HANDSHAKE_NEW_SESSION_TICKET = 4,
492 GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11,
493 GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12,
494 GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = 13,
495 GNUTLS_HANDSHAKE_SERVER_HELLO_DONE = 14,
496 GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = 15,
497 GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = 16,
498 GNUTLS_HANDSHAKE_FINISHED = 20,
499 GNUTLS_HANDSHAKE_CERTIFICATE_STATUS = 22,
500 GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23,
501 GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC = 254,
502 GNUTLS_HANDSHAKE_CLIENT_HELLO_V2 = 1024
505 enum GNUTLS_HANDSHAKE_ANY = (cast(uint)-1);
507 const(char)
508 *gnutls_handshake_description_get_name(gnutls_handshake_description_t
509 type) @nogc;
512 * gnutls_certificate_status_t:
513 * @GNUTLS_CERT_INVALID: The certificate is not signed by one of the
514 * known authorities or the signature is invalid (deprecated by the flags
515 * %GNUTLS_CERT_SIGNATURE_FAILURE and %GNUTLS_CERT_SIGNER_NOT_FOUND).
516 * @GNUTLS_CERT_SIGNATURE_FAILURE: The signature verification failed.
517 * @GNUTLS_CERT_REVOKED: Certificate is revoked by its authority. In X.509 this will be
518 * set only if CRLs are checked.
519 * @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known.
520 * This is the case if the issuer is not included in the trusted certificate list.
521 * @GNUTLS_CERT_SIGNER_NOT_CA: The certificate's signer was not a CA. This
522 * may happen if this was a version 1 certificate, which is common with
523 * some CAs, or a version 3 certificate without the basic constrains extension.
524 * @GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: The certificate's signer constraints were
525 * violated.
526 * @GNUTLS_CERT_INSECURE_ALGORITHM: The certificate was signed using an insecure
527 * algorithm such as MD2 or MD5. These algorithms have been broken and
528 * should not be trusted.
529 * @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated.
530 * @GNUTLS_CERT_EXPIRED: The certificate has expired.
531 * @GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: The revocation data are old and have been superseded.
532 * @GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: The revocation data have a future issue date.
533 * @GNUTLS_CERT_UNEXPECTED_OWNER: The owner is not the expected one.
534 * @GNUTLS_CERT_MISMATCH: The certificate presented isn't the expected one (TOFU)
535 * @GNUTLS_CERT_PURPOSE_MISMATCH: The certificate or an intermediate does not match the intended purpose (extended key usage).
537 * Enumeration of certificate status codes. Note that the status
538 * bits may have different meanings in OpenPGP keys and X.509
539 * certificate verification.
541 alias gnutls_certificate_status_t = int;
542 enum : int {
543 GNUTLS_CERT_INVALID = 1 << 1,
544 GNUTLS_CERT_REVOKED = 1 << 5,
545 GNUTLS_CERT_SIGNER_NOT_FOUND = 1 << 6,
546 GNUTLS_CERT_SIGNER_NOT_CA = 1 << 7,
547 GNUTLS_CERT_INSECURE_ALGORITHM = 1 << 8,
548 GNUTLS_CERT_NOT_ACTIVATED = 1 << 9,
549 GNUTLS_CERT_EXPIRED = 1 << 10,
550 GNUTLS_CERT_SIGNATURE_FAILURE = 1 << 11,
551 GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED = 1 << 12,
552 GNUTLS_CERT_UNEXPECTED_OWNER = 1 << 14,
553 GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE = 1 << 15,
554 GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE = 1 << 16,
555 GNUTLS_CERT_MISMATCH = 1 << 17,
556 GNUTLS_CERT_PURPOSE_MISMATCH = 1 << 18
560 * gnutls_certificate_request_t:
561 * @GNUTLS_CERT_IGNORE: Ignore certificate.
562 * @GNUTLS_CERT_REQUEST: Request certificate.
563 * @GNUTLS_CERT_REQUIRE: Require certificate.
565 * Enumeration of certificate request types.
567 alias gnutls_certificate_request_t = int;
568 enum : int {
569 GNUTLS_CERT_IGNORE = 0,
570 GNUTLS_CERT_REQUEST = 1,
571 GNUTLS_CERT_REQUIRE = 2
575 * gnutls_openpgp_crt_status_t:
576 * @GNUTLS_OPENPGP_CERT: Send entire certificate.
577 * @GNUTLS_OPENPGP_CERT_FINGERPRINT: Send only certificate fingerprint.
579 * Enumeration of ways to send OpenPGP certificate.
581 alias gnutls_openpgp_crt_status_t = int;
582 enum : int {
583 GNUTLS_OPENPGP_CERT = 0,
584 GNUTLS_OPENPGP_CERT_FINGERPRINT = 1
588 * gnutls_close_request_t:
589 * @GNUTLS_SHUT_RDWR: Disallow further receives/sends.
590 * @GNUTLS_SHUT_WR: Disallow further sends.
592 * Enumeration of how TLS session should be terminated. See gnutls_bye().
594 alias gnutls_close_request_t = int;
595 enum : int {
596 GNUTLS_SHUT_RDWR = 0,
597 GNUTLS_SHUT_WR = 1
601 * gnutls_protocol_t:
602 * @GNUTLS_SSL3: SSL version 3.0.
603 * @GNUTLS_TLS1_0: TLS version 1.0.
604 * @GNUTLS_TLS1: Same as %GNUTLS_TLS1_0.
605 * @GNUTLS_TLS1_1: TLS version 1.1.
606 * @GNUTLS_TLS1_2: TLS version 1.2.
607 * @GNUTLS_DTLS1_0: DTLS version 1.0.
608 * @GNUTLS_DTLS1_2: DTLS version 1.2.
609 * @GNUTLS_DTLS0_9: DTLS version 0.9 (Cisco AnyConnect / OpenSSL 0.9.8e).
610 * @GNUTLS_VERSION_MAX: Maps to the highest supported TLS version.
611 * @GNUTLS_VERSION_UNKNOWN: Unknown SSL/TLS version.
613 * Enumeration of different SSL/TLS protocol versions.
615 alias gnutls_protocol_t = int;
616 enum : int {
617 GNUTLS_SSL3 = 1,
618 GNUTLS_TLS1_0 = 2,
619 GNUTLS_TLS1 = GNUTLS_TLS1_0,
620 GNUTLS_TLS1_1 = 3,
621 GNUTLS_TLS1_2 = 4,
623 GNUTLS_DTLS0_9 = 200,
624 GNUTLS_DTLS1_0 = 201, /* 201 */
625 GNUTLS_DTLS1_2 = 202,
626 GNUTLS_DTLS_VERSION_MIN = GNUTLS_DTLS0_9,
627 GNUTLS_DTLS_VERSION_MAX = GNUTLS_DTLS1_2,
628 GNUTLS_TLS_VERSION_MAX = GNUTLS_TLS1_2,
629 GNUTLS_VERSION_UNKNOWN = 0xff /* change it to 0xffff */
633 * gnutls_certificate_type_t:
634 * @GNUTLS_CRT_UNKNOWN: Unknown certificate type.
635 * @GNUTLS_CRT_X509: X.509 Certificate.
636 * @GNUTLS_CRT_OPENPGP: OpenPGP certificate.
637 * @GNUTLS_CRT_RAW: Raw public key (SubjectPublicKey)
639 * Enumeration of different certificate types.
641 alias gnutls_certificate_type_t = int;
642 enum : int {
643 GNUTLS_CRT_UNKNOWN = 0,
644 GNUTLS_CRT_X509 = 1,
645 GNUTLS_CRT_OPENPGP = 2,
646 GNUTLS_CRT_RAW = 3
650 * gnutls_x509_crt_fmt_t:
651 * @GNUTLS_X509_FMT_DER: X.509 certificate in DER format (binary).
652 * @GNUTLS_X509_FMT_PEM: X.509 certificate in PEM format (text).
654 * Enumeration of different certificate encoding formats.
656 alias gnutls_x509_crt_fmt_t = int;
657 enum : int {
658 GNUTLS_X509_FMT_DER = 0,
659 GNUTLS_X509_FMT_PEM = 1
663 * gnutls_certificate_print_formats_t:
664 * @GNUTLS_CRT_PRINT_FULL: Full information about certificate.
665 * @GNUTLS_CRT_PRINT_FULL_NUMBERS: Full information about certificate and include easy to parse public key parameters.
666 * @GNUTLS_CRT_PRINT_COMPACT: Information about certificate name in one line, plus identification of the public key.
667 * @GNUTLS_CRT_PRINT_ONELINE: Information about certificate in one line.
668 * @GNUTLS_CRT_PRINT_UNSIGNED_FULL: All info for an unsigned certificate.
670 * Enumeration of different certificate printing variants.
672 alias gnutls_certificate_print_formats = gnutls_certificate_print_formats_t;
673 alias gnutls_certificate_print_formats_t = int;
674 enum : int {
675 GNUTLS_CRT_PRINT_FULL = 0,
676 GNUTLS_CRT_PRINT_ONELINE = 1,
677 GNUTLS_CRT_PRINT_UNSIGNED_FULL = 2,
678 GNUTLS_CRT_PRINT_COMPACT = 3,
679 GNUTLS_CRT_PRINT_FULL_NUMBERS = 4
682 enum GNUTLS_PK_ECC = GNUTLS_PK_EC;
684 * gnutls_pk_algorithm_t:
685 * @GNUTLS_PK_UNKNOWN: Unknown public-key algorithm.
686 * @GNUTLS_PK_RSA: RSA public-key algorithm.
687 * @GNUTLS_PK_DSA: DSA public-key algorithm.
688 * @GNUTLS_PK_DH: Diffie-Hellman algorithm. Used to generate parameters.
689 * @GNUTLS_PK_EC: Elliptic curve algorithm. Used to generate parameters.
691 * Enumeration of different public-key algorithms.
693 alias gnutls_pk_algorithm_t = int;
694 enum : int {
695 GNUTLS_PK_UNKNOWN = 0,
696 GNUTLS_PK_RSA = 1,
697 GNUTLS_PK_DSA = 2,
698 GNUTLS_PK_DH = 3,
699 GNUTLS_PK_EC = 4
702 const(char)* gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t algorithm) @nogc;
705 * gnutls_sign_algorithm_t:
706 * @GNUTLS_SIGN_UNKNOWN: Unknown signature algorithm.
707 * @GNUTLS_SIGN_RSA_SHA1: Digital signature algorithm RSA with SHA-1
708 * @GNUTLS_SIGN_RSA_SHA: Same as %GNUTLS_SIGN_RSA_SHA1.
709 * @GNUTLS_SIGN_DSA_SHA1: Digital signature algorithm DSA with SHA-1
710 * @GNUTLS_SIGN_DSA_SHA224: Digital signature algorithm DSA with SHA-224
711 * @GNUTLS_SIGN_DSA_SHA256: Digital signature algorithm DSA with SHA-256
712 * @GNUTLS_SIGN_DSA_SHA384: Digital signature algorithm DSA with SHA-384
713 * @GNUTLS_SIGN_DSA_SHA512: Digital signature algorithm DSA with SHA-512
714 * @GNUTLS_SIGN_DSA_SHA: Same as %GNUTLS_SIGN_DSA_SHA1.
715 * @GNUTLS_SIGN_RSA_MD5: Digital signature algorithm RSA with MD5.
716 * @GNUTLS_SIGN_RSA_MD2: Digital signature algorithm RSA with MD2.
717 * @GNUTLS_SIGN_RSA_RMD160: Digital signature algorithm RSA with RMD-160.
718 * @GNUTLS_SIGN_RSA_SHA256: Digital signature algorithm RSA with SHA-256.
719 * @GNUTLS_SIGN_RSA_SHA384: Digital signature algorithm RSA with SHA-384.
720 * @GNUTLS_SIGN_RSA_SHA512: Digital signature algorithm RSA with SHA-512.
721 * @GNUTLS_SIGN_RSA_SHA224: Digital signature algorithm RSA with SHA-224.
722 * @GNUTLS_SIGN_ECDSA_SHA1: ECDSA with SHA1.
723 * @GNUTLS_SIGN_ECDSA_SHA256: Digital signature algorithm ECDSA with SHA-256.
724 * @GNUTLS_SIGN_ECDSA_SHA384: Digital signature algorithm ECDSA with SHA-384.
725 * @GNUTLS_SIGN_ECDSA_SHA512: Digital signature algorithm ECDSA with SHA-512.
726 * @GNUTLS_SIGN_ECDSA_SHA224: Digital signature algorithm ECDSA with SHA-224.
728 * Enumeration of different digital signature algorithms.
730 alias gnutls_sign_algorithm_t = int;
731 enum : int {
732 GNUTLS_SIGN_UNKNOWN = 0,
733 GNUTLS_SIGN_RSA_SHA1 = 1,
734 GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1,
735 GNUTLS_SIGN_DSA_SHA1 = 2,
736 GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1,
737 GNUTLS_SIGN_RSA_MD5 = 3,
738 GNUTLS_SIGN_RSA_MD2 = 4,
739 GNUTLS_SIGN_RSA_RMD160 = 5,
740 GNUTLS_SIGN_RSA_SHA256 = 6,
741 GNUTLS_SIGN_RSA_SHA384 = 7,
742 GNUTLS_SIGN_RSA_SHA512 = 8,
743 GNUTLS_SIGN_RSA_SHA224 = 9,
744 GNUTLS_SIGN_DSA_SHA224 = 10,
745 GNUTLS_SIGN_DSA_SHA256 = 11,
746 GNUTLS_SIGN_ECDSA_SHA1 = 12,
747 GNUTLS_SIGN_ECDSA_SHA224 = 13,
748 GNUTLS_SIGN_ECDSA_SHA256 = 14,
749 GNUTLS_SIGN_ECDSA_SHA384 = 15,
750 GNUTLS_SIGN_ECDSA_SHA512 = 16,
751 GNUTLS_SIGN_DSA_SHA384 = 17,
752 GNUTLS_SIGN_DSA_SHA512 = 18
756 * gnutls_ecc_curve_t:
757 * @GNUTLS_ECC_CURVE_INVALID: Cannot be known
758 * @GNUTLS_ECC_CURVE_SECP192R1: the SECP192R1 curve
759 * @GNUTLS_ECC_CURVE_SECP224R1: the SECP224R1 curve
760 * @GNUTLS_ECC_CURVE_SECP256R1: the SECP256R1 curve
761 * @GNUTLS_ECC_CURVE_SECP384R1: the SECP384R1 curve
762 * @GNUTLS_ECC_CURVE_SECP521R1: the SECP521R1 curve
764 * Enumeration of ECC curves.
766 alias gnutls_ecc_curve_t = int;
767 enum : int {
768 GNUTLS_ECC_CURVE_INVALID = 0,
769 GNUTLS_ECC_CURVE_SECP224R1,
770 GNUTLS_ECC_CURVE_SECP256R1,
771 GNUTLS_ECC_CURVE_SECP384R1,
772 GNUTLS_ECC_CURVE_SECP521R1,
773 GNUTLS_ECC_CURVE_SECP192R1
776 /* macros to allow specifying a specific curve in gnutls_privkey_generate()
777 * and gnutls_x509_privkey_generate() */
778 uint GNUTLS_CURVE_TO_BITS() (uint curve) { return cast(uint)((1U<<31)|(cast(uint)(curve))); }
779 uint GNUTLS_BITS_TO_CURVE() (uint bits) { return ((cast(uint)(bits)) & 0x7FFFFFFFU); }
780 uint GNUTLS_BITS_ARE_CURVE() (uint bits) { return ((cast(uint)(bits)) & 0x80000000U); }
783 * gnutls_sec_param_t:
784 * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
785 * @GNUTLS_SEC_PARAM_INSECURE: Less than 42 bits of security
786 * @GNUTLS_SEC_PARAM_EXPORT: 42 bits of security
787 * @GNUTLS_SEC_PARAM_VERY_WEAK: 64 bits of security
788 * @GNUTLS_SEC_PARAM_WEAK: 72 bits of security
789 * @GNUTLS_SEC_PARAM_LOW: 80 bits of security
790 * @GNUTLS_SEC_PARAM_LEGACY: 96 bits of security
791 * @GNUTLS_SEC_PARAM_MEDIUM: 112 bits of security (used to be %GNUTLS_SEC_PARAM_NORMAL)
792 * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security
793 * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security
794 * @GNUTLS_SEC_PARAM_FUTURE: 256 bits of security
796 * Enumeration of security parameters for passive attacks.
798 alias gnutls_sec_param_t = int;
799 enum : int {
800 GNUTLS_SEC_PARAM_UNKNOWN = 0,
801 GNUTLS_SEC_PARAM_INSECURE = 5,
802 GNUTLS_SEC_PARAM_EXPORT = 10,
803 GNUTLS_SEC_PARAM_VERY_WEAK = 15,
804 GNUTLS_SEC_PARAM_WEAK = 20,
805 GNUTLS_SEC_PARAM_LOW = 25,
806 GNUTLS_SEC_PARAM_LEGACY = 30,
807 GNUTLS_SEC_PARAM_MEDIUM = 35,
808 GNUTLS_SEC_PARAM_HIGH = 40,
809 GNUTLS_SEC_PARAM_ULTRA = 45,
810 GNUTLS_SEC_PARAM_FUTURE = 50
813 /* old name */
814 enum GNUTLS_SEC_PARAM_NORMAL = GNUTLS_SEC_PARAM_MEDIUM;
817 * gnutls_channel_binding_t:
818 * @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding
820 * Enumeration of support channel binding types.
822 alias gnutls_channel_binding_t = int;
823 enum : int {
824 GNUTLS_CB_TLS_UNIQUE
828 /* If you want to change this, then also change the define in
829 * gnutls_int.h, and recompile.
831 struct gnutls_transport_ptr_t_s {}
832 alias gnutls_transport_ptr_t = gnutls_transport_ptr_t_s*;
834 struct gnutls_session_int {}
835 alias gnutls_session_t = gnutls_session_int*;
837 struct gnutls_dh_params_int {}
838 alias gnutls_dh_params_t = gnutls_dh_params_int*;
840 /* XXX ugly. */
841 struct gnutls_x509_privkey_int {}
842 alias gnutls_rsa_params_t = gnutls_x509_privkey_int*;
844 struct gnutls_priority_st {}
845 alias gnutls_priority_t = gnutls_priority_st*;
847 struct gnutls_datum_t {
848 ubyte* data;
849 uint size;
853 union gnutls_params_st_params_union {
854 gnutls_dh_params_t dh;
855 gnutls_rsa_params_t rsa_export;
858 struct gnutls_params_st {
859 gnutls_params_type_t type;
860 gnutls_params_st_params_union params;
861 int deinit;
864 //alias gnutls_params_function = int function (gnutls_session_t, gnutls_params_type_t, gnutls_params_st *) @nogc;
866 /* internal functions */
868 int gnutls_init(gnutls_session_t * session, uint flags) @nogc;
869 void gnutls_deinit(gnutls_session_t session) @nogc;
870 //#define _gnutls_deinit(x) gnutls_deinit(x)
872 int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how) @nogc;
874 int gnutls_handshake(gnutls_session_t session) @nogc;
876 enum GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT = (cast(uint)-1);
877 void gnutls_handshake_set_timeout(gnutls_session_t session,
878 uint ms) @nogc;
879 int gnutls_rehandshake(gnutls_session_t session) @nogc;
881 gnutls_alert_description_t gnutls_alert_get(gnutls_session_t session) @nogc;
882 int gnutls_alert_send(gnutls_session_t session,
883 gnutls_alert_level_t level,
884 gnutls_alert_description_t desc) @nogc;
885 int gnutls_alert_send_appropriate(gnutls_session_t session, int err) @nogc;
886 const(char)* gnutls_alert_get_name(gnutls_alert_description_t alert) @nogc;
887 const(char)* gnutls_alert_get_strname(gnutls_alert_description_t alert) @nogc;
889 gnutls_sec_param_t gnutls_pk_bits_to_sec_param(gnutls_pk_algorithm_t algo,
890 uint bits) @nogc;
891 const(char)* gnutls_sec_param_get_name(gnutls_sec_param_t param) @nogc;
892 uint gnutls_sec_param_to_pk_bits(gnutls_pk_algorithm_t algo,
893 gnutls_sec_param_t param) @nogc;
894 uint
895 gnutls_sec_param_to_symmetric_bits(gnutls_sec_param_t param) @nogc;
897 /* Elliptic curves */
898 const(char)* gnutls_ecc_curve_get_name(gnutls_ecc_curve_t curve) @nogc;
899 const(char)* gnutls_ecc_curve_get_oid(gnutls_ecc_curve_t curve) @nogc;
901 int gnutls_ecc_curve_get_size(gnutls_ecc_curve_t curve) @nogc;
902 gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session) @nogc;
904 /* get information on the current session */
905 gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session) @nogc;
906 gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session) @nogc;
907 gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session) @nogc;
908 gnutls_compression_method_t
909 gnutls_compression_get(gnutls_session_t session) @nogc;
910 gnutls_certificate_type_t
911 gnutls_certificate_type_get(gnutls_session_t session) @nogc;
913 int gnutls_sign_algorithm_get(gnutls_session_t session) @nogc;
914 int gnutls_sign_algorithm_get_client(gnutls_session_t session) @nogc;
916 int gnutls_sign_algorithm_get_requested(gnutls_session_t session,
917 usize indx,
918 gnutls_sign_algorithm_t * algo) @nogc;
920 /* the name of the specified algorithms */
921 const(char)* gnutls_cipher_get_name(gnutls_cipher_algorithm_t algorithm) @nogc;
922 const(char)* gnutls_mac_get_name(gnutls_mac_algorithm_t algorithm) @nogc;
924 const(char)* gnutls_digest_get_name(gnutls_digest_algorithm_t algorithm) @nogc;
925 const(char)* gnutls_digest_get_oid(gnutls_digest_algorithm_t algorithm) @nogc;
927 const(char)* gnutls_compression_get_name(gnutls_compression_method_t
928 algorithm) @nogc;
929 const(char)* gnutls_kx_get_name(gnutls_kx_algorithm_t algorithm) @nogc;
930 const(char)* gnutls_certificate_type_get_name(gnutls_certificate_type_t
931 type) @nogc;
932 const(char)* gnutls_pk_get_name(gnutls_pk_algorithm_t algorithm) @nogc;
933 const(char)* gnutls_pk_get_oid(gnutls_pk_algorithm_t algorithm) @nogc;
935 const(char)* gnutls_sign_get_name(gnutls_sign_algorithm_t algorithm) @nogc;
936 const(char)* gnutls_sign_get_oid(gnutls_sign_algorithm_t algorithm) @nogc;
938 usize gnutls_cipher_get_key_size(gnutls_cipher_algorithm_t algorithm) @nogc;
939 usize gnutls_mac_get_key_size(gnutls_mac_algorithm_t algorithm) @nogc;
941 int gnutls_sign_is_secure(gnutls_sign_algorithm_t algorithm) @nogc;
942 gnutls_digest_algorithm_t
943 gnutls_sign_get_hash_algorithm(gnutls_sign_algorithm_t sign) @nogc;
944 gnutls_pk_algorithm_t
945 gnutls_sign_get_pk_algorithm(gnutls_sign_algorithm_t sign) @nogc;
946 gnutls_sign_algorithm_t
947 gnutls_pk_to_sign(gnutls_pk_algorithm_t pk,
948 gnutls_digest_algorithm_t hash) @nogc;
950 //#define gnutls_sign_algorithm_get_name gnutls_sign_get_name
951 alias gnutls_sign_algorithm_get_name = gnutls_sign_get_name;
953 gnutls_mac_algorithm_t gnutls_mac_get_id(const(char)* name) @nogc;
954 gnutls_digest_algorithm_t gnutls_digest_get_id(const(char)* name) @nogc;
956 gnutls_compression_method_t gnutls_compression_get_id(const(char)* name) @nogc;
957 gnutls_cipher_algorithm_t gnutls_cipher_get_id(const(char)* name) @nogc;
958 gnutls_kx_algorithm_t gnutls_kx_get_id(const(char)* name) @nogc;
959 gnutls_protocol_t gnutls_protocol_get_id(const(char)* name) @nogc;
960 gnutls_certificate_type_t gnutls_certificate_type_get_id(const(char)* name) @nogc;
961 gnutls_pk_algorithm_t gnutls_pk_get_id(const(char)* name) @nogc;
962 gnutls_sign_algorithm_t gnutls_sign_get_id(const(char)* name) @nogc;
963 gnutls_ecc_curve_t gnutls_ecc_curve_get_id(const(char)* name) @nogc;
965 gnutls_digest_algorithm_t gnutls_oid_to_digest(const(char)* oid) @nogc;
966 gnutls_pk_algorithm_t gnutls_oid_to_pk(const(char)* oid) @nogc;
967 gnutls_sign_algorithm_t gnutls_oid_to_sign(const(char)* oid) @nogc;
968 gnutls_ecc_curve_t gnutls_oid_to_ecc_curve(const(char)* oid) @nogc;
970 /* list supported algorithms */
971 const(gnutls_ecc_curve_t)* gnutls_ecc_curve_list() @nogc;
972 const(gnutls_cipher_algorithm_t)* gnutls_cipher_list() @nogc;
973 const(gnutls_mac_algorithm_t)* gnutls_mac_list() @nogc;
974 const(gnutls_digest_algorithm_t)* gnutls_digest_list() @nogc;
975 const(gnutls_compression_method_t)* gnutls_compression_list() @nogc;
976 const(gnutls_protocol_t)* gnutls_protocol_list() @nogc;
977 const(gnutls_certificate_type_t)* gnutls_certificate_type_list() @nogc;
978 const(gnutls_kx_algorithm_t)* gnutls_kx_list() @nogc;
979 const(gnutls_pk_algorithm_t)* gnutls_pk_list() @nogc;
980 const(gnutls_sign_algorithm_t)* gnutls_sign_list() @nogc;
981 const(char)* gnutls_cipher_suite_info(usize idx,
982 ubyte *cs_id,
983 gnutls_kx_algorithm_t * kx,
984 gnutls_cipher_algorithm_t * cipher,
985 gnutls_mac_algorithm_t * mac,
986 gnutls_protocol_t * min_version) @nogc;
988 /* error functions */
989 int gnutls_error_is_fatal(int error) @nogc;
990 int gnutls_error_to_alert(int err, int *level) @nogc;
992 void gnutls_perror(int error) @nogc;
993 const(char)* gnutls_strerror(int error) @nogc;
994 const(char)* gnutls_strerror_name(int error) @nogc;
996 /* Semi-internal functions.
998 void gnutls_handshake_set_private_extensions(gnutls_session_t session,
999 int allow) @nogc;
1000 int gnutls_handshake_set_random(gnutls_session_t session,
1001 const(gnutls_datum_t)* random) @nogc;
1003 gnutls_handshake_description_t
1004 gnutls_handshake_get_last_out(gnutls_session_t session) @nogc;
1005 gnutls_handshake_description_t
1006 gnutls_handshake_get_last_in(gnutls_session_t session) @nogc;
1008 /* Record layer functions.
1010 enum GNUTLS_HEARTBEAT_WAIT = 1;
1011 int gnutls_heartbeat_ping(gnutls_session_t session, usize data_size,
1012 uint max_tries, uint flags) @nogc;
1013 int gnutls_heartbeat_pong(gnutls_session_t session, uint flags) @nogc;
1015 void gnutls_record_set_timeout(gnutls_session_t session, uint ms) @nogc;
1016 void gnutls_record_disable_padding(gnutls_session_t session) @nogc;
1018 void gnutls_record_cork(gnutls_session_t session) @nogc;
1019 enum GNUTLS_RECORD_WAIT = 1;
1020 int gnutls_record_uncork(gnutls_session_t session, uint flags) @nogc;
1021 usize gnutls_record_discard_queued(gnutls_session_t session) @nogc;
1024 gnutls_record_get_state(gnutls_session_t session,
1025 uint read,
1026 gnutls_datum_t *mac_key,
1027 gnutls_datum_t *IV,
1028 gnutls_datum_t *cipher_key,
1029 ubyte* seq_number/*[8]*/) @nogc;
1032 gnutls_record_set_state(gnutls_session_t session,
1033 uint read,
1034 ubyte* seq_number/*[8]*/) @nogc;
1036 struct gnutls_range_st {
1037 usize low;
1038 usize high;
1041 int gnutls_range_split(gnutls_session_t session,
1042 const(gnutls_range_st)* orig,
1043 gnutls_range_st * small_range,
1044 gnutls_range_st * rem_range) @nogc;
1046 ssize gnutls_record_send(gnutls_session_t session, const(void)* data,
1047 usize data_size) @nogc;
1048 ssize gnutls_record_send_range(gnutls_session_t session,
1049 const(void)* data, usize data_size,
1050 const(gnutls_range_st)* range) @nogc;
1051 ssize gnutls_record_recv(gnutls_session_t session, void *data,
1052 usize data_size) @nogc;
1054 struct mbuffer_st;
1055 alias gnutls_packet_t = mbuffer_st*;
1057 ssize
1058 gnutls_record_recv_packet(gnutls_session_t session,
1059 gnutls_packet_t *packet) @nogc;
1061 void gnutls_packet_get(gnutls_packet_t packet, gnutls_datum_t *data, ubyte *sequence) @nogc;
1062 void gnutls_packet_deinit(gnutls_packet_t packet) @nogc;
1064 alias gnutls_read = gnutls_record_recv;
1065 alias gnutls_write = gnutls_record_send;
1066 ssize gnutls_record_recv_seq(gnutls_session_t session, void *data,
1067 usize data_size, ubyte *seq) @nogc;
1069 usize gnutls_record_overhead_size(gnutls_session_t session) @nogc;
1071 usize gnutls_est_record_overhead_size(gnutls_protocol_t version_,
1072 gnutls_cipher_algorithm_t cipher,
1073 gnutls_mac_algorithm_t mac,
1074 gnutls_compression_method_t comp,
1075 uint flags) @nogc;
1077 void gnutls_session_enable_compatibility_mode(gnutls_session_t session) @nogc;
1078 //???#define gnutls_record_set_max_empty_records(session, x)
1079 void gnutls_record_set_max_empty_records(gnutls_session_t session, int x) {}
1081 int gnutls_record_can_use_length_hiding(gnutls_session_t session) @nogc;
1083 int gnutls_record_get_direction(gnutls_session_t session) @nogc;
1085 usize gnutls_record_get_max_size(gnutls_session_t session) @nogc;
1086 ssize gnutls_record_set_max_size(gnutls_session_t session, usize size) @nogc;
1088 usize gnutls_record_check_pending(gnutls_session_t session) @nogc;
1089 usize gnutls_record_check_corked(gnutls_session_t session) @nogc;
1091 void gnutls_session_force_valid(gnutls_session_t session) @nogc;
1093 int gnutls_prf(gnutls_session_t session,
1094 usize label_size, const(char)* label,
1095 int server_random_first,
1096 usize extra_size, const(char)* extra,
1097 usize outsize, char *out_) @nogc;
1098 int gnutls_prf_rfc5705(gnutls_session_t session,
1099 usize label_size, const(char)* label,
1100 usize context_size, const(char)* context,
1101 usize outsize, char *out_) @nogc;
1103 int gnutls_prf_raw(gnutls_session_t session,
1104 usize label_size, const(char)* label,
1105 usize seed_size, const(char)* seed,
1106 usize outsize, char *out_) @nogc;
1109 * gnutls_server_name_type_t:
1110 * @GNUTLS_NAME_DNS: Domain Name System name type.
1112 * Enumeration of different server name types.
1114 alias gnutls_server_name_type_t = int;
1115 enum : int {
1116 GNUTLS_NAME_DNS = 1
1119 int gnutls_server_name_set(gnutls_session_t session,
1120 gnutls_server_name_type_t type,
1121 const(void)* name, usize name_length) @nogc;
1123 int gnutls_server_name_get(gnutls_session_t session,
1124 void *data, usize * data_length,
1125 uint *type, uint indx) @nogc;
1127 uint gnutls_heartbeat_get_timeout(gnutls_session_t session) @nogc;
1128 void gnutls_heartbeat_set_timeouts(gnutls_session_t session,
1129 uint retrans_timeout,
1130 uint total_timeout) @nogc;
1132 enum GNUTLS_HB_PEER_ALLOWED_TO_SEND = (1);
1133 enum GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND = (1<<1);
1135 /* Heartbeat */
1136 void gnutls_heartbeat_enable(gnutls_session_t session, uint type) @nogc;
1138 enum GNUTLS_HB_LOCAL_ALLOWED_TO_SEND = (1<<2);
1139 int gnutls_heartbeat_allowed(gnutls_session_t session, uint type) @nogc;
1141 /* Safe renegotiation */
1142 int gnutls_safe_renegotiation_status(gnutls_session_t session) @nogc;
1143 uint gnutls_session_ext_master_secret_status(gnutls_session_t session) @nogc;
1144 uint gnutls_session_etm_status(gnutls_session_t session) @nogc;
1147 * gnutls_supplemental_data_format_type_t:
1148 * @GNUTLS_SUPPLEMENTAL_UNKNOWN: Unknown data format
1150 * Enumeration of different supplemental data types (RFC 4680).
1152 alias gnutls_supplemental_data_format_type_t = int;
1153 enum : int {
1154 GNUTLS_SUPPLEMENTAL_UNKNOWN = 0,
1157 const(char)* gnutls_supplemental_get_name(gnutls_supplemental_data_format_type_t type) @nogc;
1159 /* SessionTicket, RFC 5077. */
1160 int gnutls_session_ticket_key_generate(gnutls_datum_t * key) @nogc;
1161 int gnutls_session_ticket_enable_client(gnutls_session_t session) @nogc;
1162 int gnutls_session_ticket_enable_server(gnutls_session_t session,
1163 const(gnutls_datum_t)* key) @nogc;
1165 /* SRTP, RFC 5764 */
1168 * gnutls_srtp_profile_t:
1169 * @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80: 128 bit AES with a 80 bit HMAC-SHA1
1170 * @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32: 128 bit AES with a 32 bit HMAC-SHA1
1171 * @GNUTLS_SRTP_NULL_HMAC_SHA1_80: NULL cipher with a 80 bit HMAC-SHA1
1172 * @GNUTLS_SRTP_NULL_HMAC_SHA1_32: NULL cipher with a 32 bit HMAC-SHA1
1174 * Enumeration of different SRTP protection profiles.
1176 alias gnutls_srtp_profile_t = int;
1177 enum : int {
1178 GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80 = 0x0001,
1179 GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32 = 0x0002,
1180 GNUTLS_SRTP_NULL_HMAC_SHA1_80 = 0x0005,
1181 GNUTLS_SRTP_NULL_HMAC_SHA1_32 = 0x0006
1184 int gnutls_srtp_set_profile(gnutls_session_t session,
1185 gnutls_srtp_profile_t profile) @nogc;
1186 int gnutls_srtp_set_profile_direct(gnutls_session_t session,
1187 const(char)* profiles,
1188 const(char)* *err_pos) @nogc;
1189 int gnutls_srtp_get_selected_profile(gnutls_session_t session,
1190 gnutls_srtp_profile_t * profile) @nogc;
1192 const(char)* gnutls_srtp_get_profile_name(gnutls_srtp_profile_t profile) @nogc;
1193 int gnutls_srtp_get_profile_id(const(char)* name,
1194 gnutls_srtp_profile_t * profile) @nogc;
1195 int gnutls_srtp_get_keys(gnutls_session_t session,
1196 void *key_material,
1197 uint key_material_size,
1198 gnutls_datum_t * client_key,
1199 gnutls_datum_t * client_salt,
1200 gnutls_datum_t * server_key,
1201 gnutls_datum_t * server_salt) @nogc;
1203 int gnutls_srtp_set_mki(gnutls_session_t session,
1204 const(gnutls_datum_t)* mki) @nogc;
1205 int gnutls_srtp_get_mki(gnutls_session_t session, gnutls_datum_t * mki) @nogc;
1207 /* ALPN TLS extension */
1208 enum GNUTLS_ALPN_MAND = 1;
1209 int gnutls_alpn_get_selected_protocol(gnutls_session_t session,
1210 gnutls_datum_t * protocol) @nogc;
1211 int gnutls_alpn_set_protocols(gnutls_session_t session,
1212 const(gnutls_datum_t)* protocols,
1213 uint protocols_size, uint flags) @nogc;
1215 int gnutls_key_generate(gnutls_datum_t * key, uint key_size) @nogc;
1217 /* if you just want some defaults, use the following.
1220 int gnutls_priority_init(gnutls_priority_t * priority_cache,
1221 const(char)* priorities, const(char)* *err_pos) @nogc;
1222 void gnutls_priority_deinit(gnutls_priority_t priority_cache) @nogc;
1223 int gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache,
1224 uint idx,
1225 uint *sidx) @nogc;
1227 enum GNUTLS_PRIORITY_LIST_INIT_KEYWORDS = 1;
1228 enum GNUTLS_PRIORITY_LIST_SPECIAL = 2;
1229 const(char)*
1230 gnutls_priority_string_list(uint iter, uint flags) @nogc;
1232 int gnutls_priority_set(gnutls_session_t session,
1233 gnutls_priority_t priority) @nogc;
1234 int gnutls_priority_set_direct(gnutls_session_t session,
1235 const(char)* priorities,
1236 const(char)* *err_pos) @nogc;
1238 int gnutls_priority_certificate_type_list(gnutls_priority_t pcache,
1239 const(uint)* *list) @nogc;
1240 int gnutls_priority_sign_list(gnutls_priority_t pcache,
1241 const(uint)* *list) @nogc;
1242 int gnutls_priority_protocol_list(gnutls_priority_t pcache,
1243 const(uint)* *list) @nogc;
1244 int gnutls_priority_compression_list(gnutls_priority_t pcache,
1245 const(uint)* *list) @nogc;
1246 int gnutls_priority_ecc_curve_list(gnutls_priority_t pcache,
1247 const(uint)* *list) @nogc;
1249 int gnutls_priority_kx_list(gnutls_priority_t pcache,
1250 const(uint)* *list) @nogc;
1251 int gnutls_priority_cipher_list(gnutls_priority_t pcache,
1252 const(uint)* *list) @nogc;
1253 int gnutls_priority_mac_list(gnutls_priority_t pcache,
1254 const(uint)* *list) @nogc;
1256 /* for compatibility
1258 int gnutls_set_default_priority(gnutls_session_t session) @nogc;
1260 /* Returns the name of a cipher suite */
1261 const(char)* gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t
1262 kx_algorithm,
1263 gnutls_cipher_algorithm_t
1264 cipher_algorithm,
1265 gnutls_mac_algorithm_t
1266 mac_algorithm) @nogc;
1268 /* get the currently used protocol version */
1269 gnutls_protocol_t gnutls_protocol_get_version(gnutls_session_t session) @nogc;
1271 const(char)* gnutls_protocol_get_name(gnutls_protocol_t version_) @nogc;
1274 /* get/set session
1276 int gnutls_session_set_data(gnutls_session_t session,
1277 const(void)* session_data,
1278 usize session_data_size) @nogc;
1279 int gnutls_session_get_data(gnutls_session_t session, void *session_data,
1280 usize * session_data_size) @nogc;
1281 int gnutls_session_get_data2(gnutls_session_t session,
1282 gnutls_datum_t * data) @nogc;
1283 void gnutls_session_get_random(gnutls_session_t session,
1284 gnutls_datum_t * client,
1285 gnutls_datum_t * server) @nogc;
1286 char *gnutls_session_get_desc(gnutls_session_t session) @nogc;
1288 //alias gnutls_certificate_verify_function = int function (gnutls_session_t) @nogc;
1289 void gnutls_session_set_verify_function(gnutls_session_t session, gnutls_certificate_verify_function func) /*@nogc*/;
1292 * gnutls_vdata_types_t:
1293 * @GNUTLS_DT_UNKNOWN: Unknown data type.
1294 * @GNUTLS_DT_DNS_HOSTNAME: The data contain a null-terminated DNS hostname; the hostname will be
1295 * matched using the RFC6125 rules.
1296 * @GNUTLS_DT_RFC822NAME: The data contain a null-terminated email address; the email will be
1297 * matched against the RFC822Name field of the certificate, or the EMAIL DN component if the
1298 * former isn't available. Prior to matching the email address will be converted to ACE
1299 * (ASCII-compatible-encoding).
1300 * @GNUTLS_DT_KEY_PURPOSE_OID: The data contain a null-terminated key purpose OID. It will be matched
1301 * against the certificate's Extended Key Usage extension.
1303 * Enumeration of different typed-data options. They are used as input to certificate
1304 * verification functions to provide information about the name and purpose of the
1305 * certificate. Only a single option of a type can be provided to the relevant functions.
1307 alias gnutls_vdata_types_t = int;
1308 enum : int {
1309 GNUTLS_DT_UNKNOWN = 0,
1310 GNUTLS_DT_DNS_HOSTNAME = 1,
1311 GNUTLS_DT_KEY_PURPOSE_OID = 2,
1312 GNUTLS_DT_RFC822NAME = 3
1316 struct gnutls_typed_vdata_st {
1317 gnutls_vdata_types_t type;
1318 ubyte *data;
1319 uint size;
1322 void gnutls_session_set_verify_cert(gnutls_session_t session,
1323 const(char)* hostname, uint flags) @nogc;
1325 void
1326 gnutls_session_set_verify_cert2(gnutls_session_t session,
1327 gnutls_typed_vdata_st * data,
1328 uint elements, uint flags) @nogc;
1330 uint gnutls_session_get_verify_cert_status(gnutls_session_t) @nogc;
1332 int gnutls_session_set_premaster(gnutls_session_t session,
1333 uint entity,
1334 gnutls_protocol_t version_,
1335 gnutls_kx_algorithm_t kx,
1336 gnutls_cipher_algorithm_t cipher,
1337 gnutls_mac_algorithm_t mac,
1338 gnutls_compression_method_t comp,
1339 const(gnutls_datum_t)* master,
1340 const(gnutls_datum_t)* session_id) @nogc;
1342 /* returns the session ID */
1343 enum GNUTLS_MAX_SESSION_ID = 32;
1344 int gnutls_session_get_id(gnutls_session_t session, void *session_id,
1345 usize * session_id_size) @nogc;
1346 int gnutls_session_get_id2(gnutls_session_t session,
1347 gnutls_datum_t * session_id) @nogc;
1349 int gnutls_session_set_id(gnutls_session_t session,
1350 const(gnutls_datum_t)* sid) @nogc;
1352 int gnutls_session_channel_binding(gnutls_session_t session,
1353 gnutls_channel_binding_t cbtype,
1354 gnutls_datum_t * cb) @nogc;
1356 /* checks if this session is a resumed one
1358 int gnutls_session_is_resumed(gnutls_session_t session) @nogc;
1359 int gnutls_session_resumption_requested(gnutls_session_t session) @nogc;
1361 //alias gnutls_db_store_func = int function (void *, gnutls_datum_t key, gnutls_datum_t data) @nogc;
1362 //alias gnutls_db_remove_func = int function (void *, gnutls_datum_t key) @nogc;
1363 //alias gnutls_db_retr_func = gnutls_datum_t function (void *, gnutls_datum_t key) @nogc;
1365 void gnutls_db_set_cache_expiration(gnutls_session_t session, int seconds) @nogc;
1366 uint gnutls_db_get_default_cache_expiration() @nogc;
1368 void gnutls_db_remove_session(gnutls_session_t session) @nogc;
1369 void gnutls_db_set_retrieve_function(gnutls_session_t session,
1370 gnutls_db_retr_func retr_func) /*@nogc*/;
1371 void gnutls_db_set_remove_function(gnutls_session_t session,
1372 gnutls_db_remove_func rem_func) /*@nogc*/;
1373 void gnutls_db_set_store_function(gnutls_session_t session,
1374 gnutls_db_store_func store_func) /*@nogc*/;
1375 void gnutls_db_set_ptr(gnutls_session_t session, void *ptr) @nogc;
1376 void *gnutls_db_get_ptr(gnutls_session_t session) @nogc;
1377 int gnutls_db_check_entry(gnutls_session_t session,
1378 gnutls_datum_t session_entry) @nogc;
1379 time_t gnutls_db_check_entry_time(gnutls_datum_t * entry) @nogc;
1382 * gnutls_handshake_hook_func:
1383 * @session: the current session
1384 * @htype: the type of the handshake message (%gnutls_handshake_description_t)
1385 * @post: non zero if this is a post-process/generation call and zero otherwise
1386 * @incoming: non zero if this is an incoming message and zero if this is an outgoing message
1387 * @msg: the (const) data of the handshake message without the handshake headers.
1389 * Function prototype for handshake hooks. It is set using
1390 * gnutls_handshake_set_hook_function().
1392 * Returns: Non zero on error.
1394 enum GNUTLS_HOOK_POST = (1);
1395 enum GNUTLS_HOOK_PRE = (0);
1396 enum GNUTLS_HOOK_BOTH = (-1);
1398 //alias gnutls_handshake_hook_func = int function (gnutls_session_t, uint htype, uint post, uint incoming, const(gnutls_datum_t)* msg) @nogc;
1399 void gnutls_handshake_set_hook_function(gnutls_session_t session,
1400 uint htype, int post,
1401 gnutls_handshake_hook_func func) /*@nogc*/;
1403 //alias gnutls_handshake_post_client_hello_func = int function (gnutls_session_t) @nogc;
1404 void
1405 gnutls_handshake_set_post_client_hello_function(gnutls_session_t session,
1406 gnutls_handshake_post_client_hello_func
1407 func) /*@nogc*/;
1409 void gnutls_handshake_set_max_packet_length(gnutls_session_t session,
1410 usize max) @nogc;
1412 /* returns libgnutls version (call it with a NULL argument)
1414 const(char)* gnutls_check_version(const(char)* req_version) @nogc;
1416 /* Functions for setting/clearing credentials
1418 void gnutls_credentials_clear(gnutls_session_t session) @nogc;
1420 /* cred is a structure defined by the kx algorithm
1422 int gnutls_credentials_set(gnutls_session_t session,
1423 gnutls_credentials_type_t type, void *cred) @nogc;
1424 int gnutls_credentials_get(gnutls_session_t session,
1425 gnutls_credentials_type_t type, void **cred) @nogc;
1426 alias gnutls_cred_set = gnutls_credentials_set;
1428 /* x.509 types */
1430 struct gnutls_pubkey_st {}
1431 alias gnutls_pubkey_t = gnutls_pubkey_st*;
1433 struct gnutls_privkey_st {}
1434 alias gnutls_privkey_t = gnutls_privkey_st*;
1436 //struct gnutls_x509_privkey_int {}
1437 alias gnutls_x509_privkey_t = gnutls_x509_privkey_int*;
1439 struct gnutls_x509_crl_int {}
1440 alias gnutls_x509_crl_t = gnutls_x509_crl_int*;
1442 struct gnutls_x509_crt_int {}
1443 alias gnutls_x509_crt_t = gnutls_x509_crt_int*;
1445 struct gnutls_x509_crq_int {}
1446 alias gnutls_x509_crq_t = gnutls_x509_crq_int*;
1448 struct gnutls_openpgp_keyring_int {}
1449 alias gnutls_openpgp_keyring_t = gnutls_openpgp_keyring_int*;
1452 /* Credential structures - used in gnutls_credentials_set() @nogc; */
1454 struct gnutls_certificate_credentials_st {}
1455 alias gnutls_certificate_credentials_t = gnutls_certificate_credentials_st*;
1456 alias gnutls_certificate_server_credentials = gnutls_certificate_credentials_t;
1457 alias gnutls_certificate_client_credentials = gnutls_certificate_credentials_t;
1459 struct gnutls_anon_server_credentials_st {}
1460 struct gnutls_anon_client_credentials_st {}
1461 alias gnutls_anon_server_credentials_t = gnutls_anon_server_credentials_st*;
1462 alias gnutls_anon_client_credentials_t = gnutls_anon_client_credentials_st*;
1464 void gnutls_anon_free_server_credentials(gnutls_anon_server_credentials_t
1465 sc) @nogc;
1467 gnutls_anon_allocate_server_credentials(gnutls_anon_server_credentials_t
1468 * sc) @nogc;
1470 void gnutls_anon_set_server_dh_params(gnutls_anon_server_credentials_t res,
1471 gnutls_dh_params_t dh_params) @nogc;
1473 void
1474 gnutls_anon_set_server_params_function(gnutls_anon_server_credentials_t
1475 res, gnutls_params_function func) /*@nogc*/;
1477 void
1478 gnutls_anon_free_client_credentials(gnutls_anon_client_credentials_t sc) @nogc;
1480 gnutls_anon_allocate_client_credentials(gnutls_anon_client_credentials_t
1481 * sc) @nogc;
1483 /* CERTFILE is an x509 certificate in PEM form.
1484 * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
1486 void
1487 gnutls_certificate_free_credentials(gnutls_certificate_credentials_t sc) @nogc;
1489 gnutls_certificate_allocate_credentials(gnutls_certificate_credentials_t
1490 * res) @nogc;
1493 gnutls_certificate_get_issuer(gnutls_certificate_credentials_t sc,
1494 gnutls_x509_crt_t cert,
1495 gnutls_x509_crt_t * issuer,
1496 uint flags) @nogc;
1498 int gnutls_certificate_get_crt_raw(gnutls_certificate_credentials_t sc,
1499 uint idx1, uint idx2,
1500 gnutls_datum_t * cert) @nogc;
1503 gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res,
1504 uint index,
1505 gnutls_x509_crt_t **crt_list,
1506 uint *crt_list_size) @nogc;
1509 gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res,
1510 uint index,
1511 gnutls_x509_privkey_t *key) @nogc;
1513 void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc) @nogc;
1514 void gnutls_certificate_free_cas(gnutls_certificate_credentials_t sc) @nogc;
1515 void gnutls_certificate_free_ca_names(gnutls_certificate_credentials_t sc) @nogc;
1516 void gnutls_certificate_free_crls(gnutls_certificate_credentials_t sc) @nogc;
1518 void gnutls_certificate_set_dh_params(gnutls_certificate_credentials_t res,
1519 gnutls_dh_params_t dh_params) @nogc;
1520 void gnutls_certificate_set_verify_flags(gnutls_certificate_credentials_t
1521 res, uint flags) @nogc;
1522 uint
1523 gnutls_certificate_get_verify_flags(gnutls_certificate_credentials_t res) @nogc;
1526 * gnutls_certificate_flags:
1527 * @GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH: Skip the key and certificate matching check.
1529 * Enumeration of different certificate credentials flags.
1531 alias gnutls_certificate_flags = int;
1532 enum : int {
1533 GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH = 1
1536 void gnutls_certificate_set_flags(gnutls_certificate_credentials_t,
1537 uint flags) @nogc;
1539 void gnutls_certificate_set_verify_limits(gnutls_certificate_credentials_t
1540 res, uint max_bits,
1541 uint max_depth) @nogc;
1543 uint
1544 gnutls_certificate_get_verify_flags(gnutls_certificate_credentials_t) @nogc;
1547 gnutls_certificate_set_x509_system_trust(gnutls_certificate_credentials_t
1548 cred) @nogc;
1551 gnutls_certificate_set_x509_trust_file(gnutls_certificate_credentials_t
1552 cred, const(char)* cafile,
1553 gnutls_x509_crt_fmt_t type) @nogc;
1555 gnutls_certificate_set_x509_trust_dir(gnutls_certificate_credentials_t cred,
1556 const(char)* ca_dir,
1557 gnutls_x509_crt_fmt_t type) @nogc;
1559 int gnutls_certificate_set_x509_trust_mem(gnutls_certificate_credentials_t
1560 res, const(gnutls_datum_t)* ca,
1561 gnutls_x509_crt_fmt_t type) @nogc;
1564 gnutls_certificate_set_x509_crl_file(gnutls_certificate_credentials_t
1565 res, const(char)* crlfile,
1566 gnutls_x509_crt_fmt_t type) @nogc;
1567 int gnutls_certificate_set_x509_crl_mem(gnutls_certificate_credentials_t
1568 res, const(gnutls_datum_t)* CRL,
1569 gnutls_x509_crt_fmt_t type) @nogc;
1572 gnutls_certificate_set_x509_key_file(gnutls_certificate_credentials_t
1573 res, const(char)* certfile,
1574 const(char)* keyfile,
1575 gnutls_x509_crt_fmt_t type) @nogc;
1578 gnutls_certificate_set_x509_key_file2(gnutls_certificate_credentials_t
1579 res, const(char)* certfile,
1580 const(char)* keyfile,
1581 gnutls_x509_crt_fmt_t type,
1582 const(char)* pass,
1583 uint flags) @nogc;
1585 int gnutls_certificate_set_x509_key_mem(gnutls_certificate_credentials_t
1586 res, const(gnutls_datum_t)* cert,
1587 const(gnutls_datum_t)* key,
1588 gnutls_x509_crt_fmt_t type) @nogc;
1590 int gnutls_certificate_set_x509_key_mem2(gnutls_certificate_credentials_t
1591 res, const(gnutls_datum_t)* cert,
1592 const(gnutls_datum_t)* key,
1593 gnutls_x509_crt_fmt_t type,
1594 const(char)* pass,
1595 uint flags) @nogc;
1597 void gnutls_certificate_send_x509_rdn_sequence(gnutls_session_t session,
1598 int status) @nogc;
1601 gnutls_certificate_set_x509_simple_pkcs12_file
1602 (gnutls_certificate_credentials_t res, const(char)* pkcs12file,
1603 gnutls_x509_crt_fmt_t type, const(char)* password) @nogc;
1605 gnutls_certificate_set_x509_simple_pkcs12_mem
1606 (gnutls_certificate_credentials_t res, const(gnutls_datum_t)* p12blob,
1607 gnutls_x509_crt_fmt_t type, const(char)* password) @nogc;
1609 /* New functions to allow setting already parsed X.509 stuff.
1612 int gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res,
1613 gnutls_x509_crt_t * cert_list,
1614 int cert_list_size,
1615 gnutls_x509_privkey_t key) @nogc;
1616 int gnutls_certificate_set_x509_trust(gnutls_certificate_credentials_t res,
1617 gnutls_x509_crt_t * ca_list,
1618 int ca_list_size) @nogc;
1619 int gnutls_certificate_set_x509_crl(gnutls_certificate_credentials_t res,
1620 gnutls_x509_crl_t * crl_list,
1621 int crl_list_size) @nogc;
1623 int gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res,
1624 uint index,
1625 gnutls_x509_privkey_t *key) @nogc;
1626 int gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res,
1627 uint index,
1628 gnutls_x509_crt_t **crt_list,
1629 uint *crt_list_size) @nogc;
1631 /* OCSP status request extension, RFC 6066 */
1632 alias gnutls_status_request_ocsp_func = int function
1633 (gnutls_session_t session, void *ptr, gnutls_datum_t * ocsp_response) @nogc;
1635 void
1636 gnutls_certificate_set_ocsp_status_request_function
1637 (gnutls_certificate_credentials_t res,
1638 gnutls_status_request_ocsp_func ocsp_func, void *ptr) /*@nogc*/;
1641 gnutls_certificate_set_ocsp_status_request_file
1642 (gnutls_certificate_credentials_t res, const(char)* response_file,
1643 uint flags) @nogc;
1645 int gnutls_ocsp_status_request_enable_client(gnutls_session_t session,
1646 gnutls_datum_t * responder_id,
1647 usize responder_id_size,
1648 gnutls_datum_t *
1649 request_extensions) @nogc;
1651 int gnutls_ocsp_status_request_get(gnutls_session_t session,
1652 gnutls_datum_t * response) @nogc;
1654 enum GNUTLS_OCSP_SR_IS_AVAIL = 1;
1655 int gnutls_ocsp_status_request_is_checked(gnutls_session_t session,
1656 uint flags) @nogc;
1658 /* global state functions
1660 int gnutls_global_init() @nogc;
1661 void gnutls_global_deinit() @nogc;
1664 * gnutls_time_func:
1665 * @t: where to store time.
1667 * Function prototype for time()-like function. Set with
1668 * gnutls_global_set_time_function().
1670 * Returns: Number of seconds since the epoch, or (time_t)-1 on errors.
1672 //alias gnutls_time_func = time_t function (time_t * t) @nogc;
1674 //alias mutex_init_func = int function (void **mutex) @nogc;
1675 //alias mutex_lock_func = int function (void **mutex) @nogc;
1676 //alias mutex_unlock_func = int function (void **mutex) @nogc;
1677 //alias mutex_deinit_func = int function (void **mutex) @nogc;
1679 void gnutls_global_set_mutex(mutex_init_func init,
1680 mutex_deinit_func deinit,
1681 mutex_lock_func lock,
1682 mutex_unlock_func unlock) /*@nogc*/;
1684 //alias gnutls_alloc_function = void * function (usize) @nogc;
1685 //alias gnutls_calloc_function = void * function (usize, usize) @nogc;
1686 //alias gnutls_is_secure_function = int function (const(void)* ) @nogc;
1687 //alias gnutls_free_function = void function (void *) @nogc;
1688 //alias gnutls_realloc_function = void * function (void *, usize) @nogc;
1690 void gnutls_global_set_time_function(gnutls_time_func time_func) /*@nogc*/;
1692 /* For use in callbacks */
1693 extern __gshared /*_SYM_EXPORT*/ gnutls_alloc_function gnutls_malloc;
1694 extern __gshared /*_SYM_EXPORT*/ gnutls_realloc_function gnutls_realloc;
1695 extern __gshared /*_SYM_EXPORT*/ gnutls_calloc_function gnutls_calloc;
1696 extern __gshared /*_SYM_EXPORT*/ gnutls_free_function gnutls_free;
1698 extern __gshared /*_SYM_EXPORT*/ char * function (const(char)* ) gnutls_strdup;
1700 /* a variant of memset that doesn't get optimized out */
1701 void gnutls_memset(void *data, int c, usize size) @nogc;
1703 /* constant time memcmp */
1704 int gnutls_memcmp(const(void)* s1, const(void)* s2, usize n) @nogc;
1706 //alias gnutls_log_func = void function (int, const(char)* ) @nogc;
1707 //alias gnutls_audit_log_func = void function (gnutls_session_t, const(char)* ) @nogc;
1708 void gnutls_global_set_log_function(gnutls_log_func log_func) /*@nogc*/;
1709 void gnutls_global_set_audit_log_function(gnutls_audit_log_func log_func) /*@nogc*/;
1710 void gnutls_global_set_log_level(int level) @nogc;
1712 /* Diffie-Hellman parameter handling.
1714 int gnutls_dh_params_init(gnutls_dh_params_t * dh_params) @nogc;
1715 void gnutls_dh_params_deinit(gnutls_dh_params_t dh_params) @nogc;
1716 int gnutls_dh_params_import_raw(gnutls_dh_params_t dh_params,
1717 const(gnutls_datum_t)* prime,
1718 const(gnutls_datum_t)* generator) @nogc;
1719 int gnutls_dh_params_import_raw2(gnutls_dh_params_t dh_params,
1720 const(gnutls_datum_t)* prime,
1721 const(gnutls_datum_t)* generator,
1722 uint key_bits) @nogc;
1723 int gnutls_dh_params_import_pkcs3(gnutls_dh_params_t params,
1724 const(gnutls_datum_t)* pkcs3_params,
1725 gnutls_x509_crt_fmt_t format) @nogc;
1726 int gnutls_dh_params_generate2(gnutls_dh_params_t params,
1727 uint bits) @nogc;
1728 int gnutls_dh_params_export_pkcs3(gnutls_dh_params_t params,
1729 gnutls_x509_crt_fmt_t format,
1730 ubyte *params_data,
1731 usize * params_data_size) @nogc;
1732 int gnutls_dh_params_export2_pkcs3(gnutls_dh_params_t params,
1733 gnutls_x509_crt_fmt_t format,
1734 gnutls_datum_t * out_) @nogc;
1735 int gnutls_dh_params_export_raw(gnutls_dh_params_t params,
1736 gnutls_datum_t * prime,
1737 gnutls_datum_t * generator,
1738 uint *bits) @nogc;
1739 int gnutls_dh_params_cpy(gnutls_dh_params_t dst, gnutls_dh_params_t src) @nogc;
1743 /* Session stuff
1745 struct giovec_t {
1746 void *iov_base; /* Starting address */
1747 usize iov_len; /* Number of bytes to transfer */
1750 //alias gnutls_pull_func = ssize function (gnutls_transport_ptr_t, void *, usize) @nogc;
1751 //alias gnutls_push_func = ssize function (gnutls_transport_ptr_t, const(void)* , usize) @nogc;
1753 int gnutls_system_recv_timeout(gnutls_transport_ptr_t ptr, uint ms) @nogc;
1754 //alias gnutls_pull_timeout_func = int function (gnutls_transport_ptr_t, uint ms) @nogc;
1756 //alias gnutls_vec_push_func = ssize function (gnutls_transport_ptr_t, const(giovec_t)* iov, int iovcnt) @nogc;
1758 //alias gnutls_errno_func = int function (gnutls_transport_ptr_t) @nogc;
1761 #if 0
1762 /* This will be defined as macro. */
1763 void gnutls_transport_set_int (gnutls_session_t session, int r) @nogc;
1764 #endif
1767 void gnutls_transport_set_int2(gnutls_session_t session, int r, int s) @nogc;
1768 //#define gnutls_transport_set_int(s, i) gnutls_transport_set_int2(s, i, i)
1769 void gnutls_transport_set_int(gnutls_session_t session, int i) { gnutls_transport_set_int2(session, i, i); }
1771 void gnutls_transport_get_int2(gnutls_session_t session, int *r, int *s) @nogc;
1772 int gnutls_transport_get_int(gnutls_session_t session) @nogc;
1774 void gnutls_transport_set_ptr(gnutls_session_t session,
1775 gnutls_transport_ptr_t ptr) @nogc;
1776 void gnutls_transport_set_ptr2(gnutls_session_t session,
1777 gnutls_transport_ptr_t recv_ptr,
1778 gnutls_transport_ptr_t send_ptr) @nogc;
1780 gnutls_transport_ptr_t gnutls_transport_get_ptr(gnutls_session_t session) @nogc;
1781 void gnutls_transport_get_ptr2(gnutls_session_t session,
1782 gnutls_transport_ptr_t * recv_ptr,
1783 gnutls_transport_ptr_t * send_ptr) @nogc;
1785 void gnutls_transport_set_vec_push_function(gnutls_session_t session,
1786 gnutls_vec_push_func vec_func) /*@nogc*/;
1787 void gnutls_transport_set_push_function(gnutls_session_t session,
1788 gnutls_push_func push_func) /*@nogc*/;
1789 void gnutls_transport_set_pull_function(gnutls_session_t session,
1790 gnutls_pull_func pull_func) /*@nogc*/;
1792 void gnutls_transport_set_pull_timeout_function(gnutls_session_t session,
1793 gnutls_pull_timeout_func
1794 func) /*@nogc*/;
1796 void gnutls_transport_set_errno_function(gnutls_session_t session,
1797 gnutls_errno_func errno_func) /*@nogc*/;
1799 void gnutls_transport_set_errno(gnutls_session_t session, int err) @nogc;
1801 /* session specific
1803 void gnutls_session_set_ptr(gnutls_session_t session, void *ptr) @nogc;
1804 void *gnutls_session_get_ptr(gnutls_session_t session) @nogc;
1806 void gnutls_openpgp_send_cert(gnutls_session_t session,
1807 gnutls_openpgp_crt_status_t status) @nogc;
1809 /* This function returns the hash of the given data.
1811 int gnutls_fingerprint(gnutls_digest_algorithm_t algo,
1812 const(gnutls_datum_t)* data, void *result,
1813 usize * result_size) @nogc;
1816 * gnutls_random_art_t:
1817 * @GNUTLS_RANDOM_ART_OPENSSH: OpenSSH-style random art.
1819 * Enumeration of different random art types.
1821 //alias gnutls_random_art = gnutls_random_art_t;
1822 alias gnutls_random_art_t = int;
1823 enum : int {
1824 GNUTLS_RANDOM_ART_OPENSSH = 1
1827 int gnutls_random_art(gnutls_random_art_t type,
1828 const(char)* key_type, uint key_size,
1829 void *fpr, usize fpr_size, gnutls_datum_t * art) @nogc;
1831 /* SRP
1834 struct gnutls_srp_server_credentials_st {}
1835 struct gnutls_srp_client_credentials_st {}
1836 alias gnutls_srp_server_credentials_t = gnutls_srp_server_credentials_st*;
1837 alias gnutls_srp_client_credentials_t = gnutls_srp_client_credentials_st*;
1839 void
1840 gnutls_srp_free_client_credentials(gnutls_srp_client_credentials_t sc) @nogc;
1842 gnutls_srp_allocate_client_credentials(gnutls_srp_client_credentials_t *
1843 sc) @nogc;
1844 int gnutls_srp_set_client_credentials(gnutls_srp_client_credentials_t res,
1845 const(char)* username,
1846 const(char)* password) @nogc;
1848 void
1849 gnutls_srp_free_server_credentials(gnutls_srp_server_credentials_t sc) @nogc;
1851 gnutls_srp_allocate_server_credentials(gnutls_srp_server_credentials_t *
1852 sc) @nogc;
1853 int gnutls_srp_set_server_credentials_file(gnutls_srp_server_credentials_t
1854 res, const(char)* password_file,
1855 const(char)* password_conf_file) @nogc;
1857 const(char)* gnutls_srp_server_get_username(gnutls_session_t session) @nogc;
1859 void gnutls_srp_set_prime_bits(gnutls_session_t session,
1860 uint bits) @nogc;
1862 int gnutls_srp_verifier(const(char)* username,
1863 const(char)* password,
1864 const(gnutls_datum_t)* salt,
1865 const(gnutls_datum_t)* generator,
1866 const(gnutls_datum_t)* prime,
1867 gnutls_datum_t * res) @nogc;
1869 /* The static parameters defined in draft-ietf-tls-srp-05
1870 * Those should be used as input to gnutls_srp_verifier().
1872 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_4096_group_prime;
1873 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_4096_group_generator;
1875 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_3072_group_prime;
1876 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_3072_group_generator;
1878 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_2048_group_prime;
1879 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_2048_group_generator;
1881 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_1536_group_prime;
1882 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_1536_group_generator;
1884 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_1024_group_prime;
1885 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_1024_group_generator;
1887 /*alias gnutls_srp_server_credentials_function = int function (gnutls_session_t,
1888 const(char)* username,
1889 gnutls_datum_t * salt,
1890 gnutls_datum_t *
1891 verifier,
1892 gnutls_datum_t *
1893 generator,
1894 gnutls_datum_t * prime) @nogc;*/
1895 void
1896 gnutls_srp_set_server_credentials_function(gnutls_srp_server_credentials_t
1897 cred,
1898 gnutls_srp_server_credentials_function func) /*@nogc*/;
1900 //alias gnutls_srp_client_credentials_function = int function (gnutls_session_t, char **, char **) @nogc;
1901 void
1902 gnutls_srp_set_client_credentials_function(gnutls_srp_client_credentials_t
1903 cred,
1904 gnutls_srp_client_credentials_function func) /*@nogc*/;
1906 int gnutls_srp_base64_encode(const(gnutls_datum_t)* data, char *result,
1907 usize * result_size) @nogc;
1908 int gnutls_srp_base64_encode2(const(gnutls_datum_t)* data,
1909 gnutls_datum_t * result) @nogc;
1911 int gnutls_srp_base64_decode(const(gnutls_datum_t)* b64_data, char *result,
1912 usize * result_size) @nogc;
1913 int gnutls_srp_base64_decode2(const(gnutls_datum_t)* b64_data,
1914 gnutls_datum_t * result) @nogc;
1916 alias gnutls_srp_base64_encode_alloc = gnutls_srp_base64_encode2;
1917 alias gnutls_srp_base64_decode_alloc = gnutls_srp_base64_decode2;
1919 void
1920 gnutls_srp_set_server_fake_salt_seed(gnutls_srp_server_credentials_t
1922 const(gnutls_datum_t)* seed,
1923 uint salt_length) @nogc;
1925 /* PSK stuff */
1926 struct gnutls_psk_server_credentials_st {}
1927 struct gnutls_psk_client_credentials_st {}
1928 alias gnutls_psk_server_credentials_t = gnutls_psk_server_credentials_st*;
1929 alias gnutls_psk_client_credentials_t = gnutls_psk_client_credentials_st*;
1932 * gnutls_psk_key_flags:
1933 * @GNUTLS_PSK_KEY_RAW: PSK-key in raw format.
1934 * @GNUTLS_PSK_KEY_HEX: PSK-key in hex format.
1936 * Enumeration of different PSK key flags.
1938 alias gnutls_psk_key_flags = int;
1939 enum : int {
1940 GNUTLS_PSK_KEY_RAW = 0,
1941 GNUTLS_PSK_KEY_HEX
1944 void
1945 gnutls_psk_free_client_credentials(gnutls_psk_client_credentials_t sc) @nogc;
1947 gnutls_psk_allocate_client_credentials(gnutls_psk_client_credentials_t *
1948 sc) @nogc;
1949 int gnutls_psk_set_client_credentials(gnutls_psk_client_credentials_t res,
1950 const(char)* username,
1951 const(gnutls_datum_t)* key,
1952 gnutls_psk_key_flags flags) @nogc;
1954 void
1955 gnutls_psk_free_server_credentials(gnutls_psk_server_credentials_t sc) @nogc;
1957 gnutls_psk_allocate_server_credentials(gnutls_psk_server_credentials_t *
1958 sc) @nogc;
1959 int gnutls_psk_set_server_credentials_file(gnutls_psk_server_credentials_t
1960 res, const(char)* password_file) @nogc;
1963 gnutls_psk_set_server_credentials_hint(gnutls_psk_server_credentials_t
1964 res, const(char)* hint) @nogc;
1966 const(char)* gnutls_psk_server_get_username(gnutls_session_t session) @nogc;
1967 const(char)* gnutls_psk_client_get_hint(gnutls_session_t session) @nogc;
1969 //alias gnutls_psk_server_credentials_function = int function (gnutls_session_t, const(char)* username, gnutls_datum_t* key) @nogc;
1970 void
1971 gnutls_psk_set_server_credentials_function(gnutls_psk_server_credentials_t
1972 cred,
1973 gnutls_psk_server_credentials_function func) /*@nogc*/;
1975 //alias gnutls_psk_client_credentials_function = int function (gnutls_session_t, char** username, gnutls_datum_t* key) @nogc;
1976 void
1977 gnutls_psk_set_client_credentials_function(gnutls_psk_client_credentials_t
1978 cred,
1979 gnutls_psk_client_credentials_function func) /*@nogc*/;
1981 int gnutls_hex_encode(const(gnutls_datum_t)* data, char *result,
1982 usize * result_size) @nogc;
1983 int gnutls_hex_decode(const(gnutls_datum_t)* hex_data, void *result,
1984 usize * result_size) @nogc;
1986 int gnutls_hex_encode2(const(gnutls_datum_t)* data, gnutls_datum_t *result) @nogc;
1987 int gnutls_hex_decode2(const(gnutls_datum_t)* data, gnutls_datum_t *result) @nogc;
1989 void
1990 gnutls_psk_set_server_dh_params(gnutls_psk_server_credentials_t res,
1991 gnutls_dh_params_t dh_params) @nogc;
1993 void
1994 gnutls_psk_set_server_params_function(gnutls_psk_server_credentials_t
1995 res, gnutls_params_function func) /*@nogc*/;
1998 * gnutls_x509_subject_alt_name_t:
1999 * @GNUTLS_SAN_DNSNAME: DNS-name SAN.
2000 * @GNUTLS_SAN_RFC822NAME: E-mail address SAN.
2001 * @GNUTLS_SAN_URI: URI SAN.
2002 * @GNUTLS_SAN_IPADDRESS: IP address SAN.
2003 * @GNUTLS_SAN_OTHERNAME: OtherName SAN.
2004 * @GNUTLS_SAN_DN: DN SAN.
2005 * @GNUTLS_SAN_OTHERNAME_XMPP: Virtual SAN, used by
2006 * gnutls_x509_crt_get_subject_alt_othername_oid.
2008 * Enumeration of different subject alternative names types.
2010 alias gnutls_x509_subject_alt_name_t = int;
2011 enum : int {
2012 GNUTLS_SAN_DNSNAME = 1,
2013 GNUTLS_SAN_RFC822NAME = 2,
2014 GNUTLS_SAN_URI = 3,
2015 GNUTLS_SAN_IPADDRESS = 4,
2016 GNUTLS_SAN_OTHERNAME = 5,
2017 GNUTLS_SAN_DN = 6,
2018 /* The following are "virtual" subject alternative name types, in
2019 that they are represented by an otherName value and an OID.
2020 Used by gnutls_x509_crt_get_subject_alt_othername_oid. */
2021 GNUTLS_SAN_OTHERNAME_XMPP = 1000
2024 struct gnutls_openpgp_crt_int;
2025 alias gnutls_openpgp_crt_t = gnutls_openpgp_crt_int*;
2027 struct gnutls_openpgp_privkey_int;
2028 alias gnutls_openpgp_privkey_t = gnutls_openpgp_privkey_int*;
2030 struct gnutls_pkcs11_privkey_st;
2031 alias gnutls_pkcs11_privkey_t = gnutls_pkcs11_privkey_st*;
2034 * gnutls_privkey_type_t:
2035 * @GNUTLS_PRIVKEY_X509: X.509 private key, #gnutls_x509_privkey_t.
2036 * @GNUTLS_PRIVKEY_OPENPGP: OpenPGP private key, #gnutls_openpgp_privkey_t.
2037 * @GNUTLS_PRIVKEY_PKCS11: PKCS11 private key, #gnutls_pkcs11_privkey_t.
2038 * @GNUTLS_PRIVKEY_EXT: External private key, operating using callbacks.
2040 * Enumeration of different private key types.
2042 alias gnutls_privkey_type_t = int;
2043 enum : int {
2044 GNUTLS_PRIVKEY_X509,
2045 GNUTLS_PRIVKEY_OPENPGP,
2046 GNUTLS_PRIVKEY_PKCS11,
2047 GNUTLS_PRIVKEY_EXT
2050 union gnutls_retr2_st_cert_union {
2051 gnutls_x509_crt_t *x509;
2052 gnutls_openpgp_crt_t pgp;
2055 union gnutls_retr2_st_key_union {
2056 gnutls_x509_privkey_t x509;
2057 gnutls_openpgp_privkey_t pgp;
2058 gnutls_pkcs11_privkey_t pkcs11;
2061 struct gnutls_retr2_st {
2062 gnutls_certificate_type_t cert_type;
2063 gnutls_privkey_type_t key_type;
2065 gnutls_retr2_st_cert_union cert;
2066 uint ncerts; /* one for pgp keys */
2068 gnutls_retr2_st_key_union key;
2070 uint deinit_all; /* if non zero all keys will be deinited */
2074 /* Functions that allow auth_info_t structures handling
2077 gnutls_credentials_type_t gnutls_auth_get_type(gnutls_session_t session) @nogc;
2078 gnutls_credentials_type_t
2079 gnutls_auth_server_get_type(gnutls_session_t session) @nogc;
2080 gnutls_credentials_type_t
2081 gnutls_auth_client_get_type(gnutls_session_t session) @nogc;
2083 /* DH */
2085 void gnutls_dh_set_prime_bits(gnutls_session_t session, uint bits) @nogc;
2086 int gnutls_dh_get_secret_bits(gnutls_session_t session) @nogc;
2087 int gnutls_dh_get_peers_public_bits(gnutls_session_t session) @nogc;
2088 int gnutls_dh_get_prime_bits(gnutls_session_t session) @nogc;
2090 int gnutls_dh_get_group(gnutls_session_t session, gnutls_datum_t * raw_gen,
2091 gnutls_datum_t * raw_prime) @nogc;
2092 int gnutls_dh_get_pubkey(gnutls_session_t session,
2093 gnutls_datum_t * raw_key) @nogc;
2095 /* X509PKI */
2098 /* These are set on the credentials structure.
2101 /* use gnutls_certificate_set_retrieve_function2() in abstract.h
2102 * instead. It's much more efficient.
2105 //alias gnutls_certificate_retrieve_function = int function (gnutls_session_t, const(gnutls_datum_t)* req_ca_rdn, int nreqs, const(gnutls_pk_algorithm_t)* pk_algos, int pk_algos_length, gnutls_retr2_st*) @nogc;
2107 void
2108 gnutls_certificate_set_retrieve_function(gnutls_certificate_credentials_t
2109 cred,
2110 gnutls_certificate_retrieve_function func) /*@nogc*/;
2112 void
2113 gnutls_certificate_set_verify_function(gnutls_certificate_credentials_t
2114 cred,
2115 gnutls_certificate_verify_function func) /*@nogc*/;
2117 void
2118 gnutls_certificate_server_set_request(gnutls_session_t session,
2119 gnutls_certificate_request_t req) @nogc;
2121 /* get data from the session
2123 const(gnutls_datum_t)* gnutls_certificate_get_peers(gnutls_session_t
2124 session, uint
2125 *list_size) @nogc;
2126 const(gnutls_datum_t)* gnutls_certificate_get_ours(gnutls_session_t
2127 session) @nogc;
2129 int gnutls_certificate_get_peers_subkey_id(gnutls_session_t session,
2130 gnutls_datum_t * id) @nogc;
2132 time_t gnutls_certificate_activation_time_peers(gnutls_session_t session) @nogc;
2133 time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session) @nogc;
2135 int gnutls_certificate_client_get_request_status(gnutls_session_t session) @nogc;
2136 int gnutls_certificate_verify_peers2(gnutls_session_t session,
2137 uint *status) @nogc;
2138 int gnutls_certificate_verify_peers3(gnutls_session_t session,
2139 const(char)* hostname,
2140 uint *status) @nogc;
2143 gnutls_certificate_verify_peers(gnutls_session_t session,
2144 gnutls_typed_vdata_st * data,
2145 uint elements,
2146 uint *status) @nogc;
2148 int gnutls_certificate_verification_status_print(uint status,
2149 gnutls_certificate_type_t
2150 type,
2151 gnutls_datum_t * out_,
2152 uint flags) @nogc;
2154 int gnutls_pem_base64_encode(const(char)* msg, const(gnutls_datum_t)* data,
2155 char *result, usize * result_size) @nogc;
2156 int gnutls_pem_base64_decode(const(char)* header,
2157 const(gnutls_datum_t)* b64_data,
2158 ubyte *result, usize * result_size) @nogc;
2160 int gnutls_pem_base64_encode2(const(char)* msg,
2161 const(gnutls_datum_t)* data,
2162 gnutls_datum_t * result) @nogc;
2163 int gnutls_pem_base64_decode2(const(char)* header,
2164 const(gnutls_datum_t)* b64_data,
2165 gnutls_datum_t * result) @nogc;
2167 alias gnutls_pem_base64_encode_alloc = gnutls_pem_base64_encode2;
2168 alias gnutls_pem_base64_decode_alloc = gnutls_pem_base64_decode2;
2170 /* key_usage will be an OR of the following values:
2173 /* when the key is to be used for signing: */
2174 enum GNUTLS_KEY_DIGITAL_SIGNATURE = 128;
2175 enum GNUTLS_KEY_NON_REPUDIATION = 64;
2176 /* when the key is to be used for encryption: */
2177 enum GNUTLS_KEY_KEY_ENCIPHERMENT = 32;
2178 enum GNUTLS_KEY_DATA_ENCIPHERMENT = 16;
2179 enum GNUTLS_KEY_KEY_AGREEMENT = 8;
2180 enum GNUTLS_KEY_KEY_CERT_SIGN = 4;
2181 enum GNUTLS_KEY_CRL_SIGN = 2;
2182 enum GNUTLS_KEY_ENCIPHER_ONLY = 1;
2183 enum GNUTLS_KEY_DECIPHER_ONLY = 32768;
2185 void
2186 gnutls_certificate_set_params_function(gnutls_certificate_credentials_t
2187 res, gnutls_params_function func) /*@nogc*/;
2188 void gnutls_anon_set_params_function(gnutls_anon_server_credentials_t res,
2189 gnutls_params_function func) /*@nogc*/;
2190 void gnutls_psk_set_params_function(gnutls_psk_server_credentials_t res,
2191 gnutls_params_function func) /*@nogc*/;
2193 int gnutls_hex2bin(const(char)* hex_data, usize hex_size,
2194 void *bin_data, usize * bin_size) @nogc;
2196 /* Trust on first use (or ssh like) functions */
2198 /* stores the provided information to a database
2200 //alias gnutls_tdb_store_func = int function (const(char)* db_name, const(char)* host, const(char)* service, time_t expiration, const(gnutls_datum_t)* pubkey) @nogc;
2201 //alias gnutls_tdb_store_commitment_func = int function (const(char)* db_name, const(char)* host, const(char)* service, time_t expiration, gnutls_digest_algorithm_t hash_algo, const(gnutls_datum_t)* hash) @nogc;
2203 /* searches for the provided host/service pair that match the
2204 * provided public key in the database. */
2205 //alias gnutls_tdb_verify_func = int function (const(char)* db_name, const(char)* host, const(char)* service, const(gnutls_datum_t)* pubkey) @nogc;
2208 struct gnutls_tdb_int;
2209 alias gnutls_tdb_t = gnutls_tdb_int*;
2211 int gnutls_tdb_init(gnutls_tdb_t * tdb) @nogc;
2212 void gnutls_tdb_set_store_func(gnutls_tdb_t tdb,
2213 gnutls_tdb_store_func store) /*@nogc*/;
2214 void gnutls_tdb_set_store_commitment_func(gnutls_tdb_t tdb,
2215 gnutls_tdb_store_commitment_func
2216 cstore) /*@nogc*/;
2217 void gnutls_tdb_set_verify_func(gnutls_tdb_t tdb,
2218 gnutls_tdb_verify_func verify) /*@nogc*/;
2219 void gnutls_tdb_deinit(gnutls_tdb_t tdb) @nogc;
2221 int gnutls_verify_stored_pubkey(const(char)* db_name,
2222 gnutls_tdb_t tdb,
2223 const(char)* host,
2224 const(char)* service,
2225 gnutls_certificate_type_t cert_type,
2226 const(gnutls_datum_t)* cert,
2227 uint flags) @nogc;
2229 int gnutls_store_commitment(const(char)* db_name,
2230 gnutls_tdb_t tdb,
2231 const(char)* host,
2232 const(char)* service,
2233 gnutls_digest_algorithm_t hash_algo,
2234 const(gnutls_datum_t)* hash,
2235 time_t expiration, uint flags) @nogc;
2237 int gnutls_store_pubkey(const(char)* db_name,
2238 gnutls_tdb_t tdb,
2239 const(char)* host,
2240 const(char)* service,
2241 gnutls_certificate_type_t cert_type,
2242 const(gnutls_datum_t)* cert,
2243 time_t expiration, uint flags) @nogc;
2245 /* Other helper functions */
2246 int gnutls_load_file(const(char)* filename, gnutls_datum_t * data) @nogc;
2248 int gnutls_url_is_supported(const(char)* url) @nogc;
2250 /* PIN callback */
2253 * gnutls_pin_flag_t:
2254 * @GNUTLS_PIN_USER: The PIN for the user.
2255 * @GNUTLS_PIN_SO: The PIN for the security officer (admin).
2256 * @GNUTLS_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and key like signing.
2257 * @GNUTLS_PIN_FINAL_TRY: This is the final try before blocking.
2258 * @GNUTLS_PIN_COUNT_LOW: Few tries remain before token blocks.
2259 * @GNUTLS_PIN_WRONG: Last given PIN was not correct.
2261 * Enumeration of different flags that are input to the PIN function.
2263 alias gnutls_pin_flag_t = int;
2264 enum : int {
2265 GNUTLS_PIN_USER = (1 << 0),
2266 GNUTLS_PIN_SO = (1 << 1),
2267 GNUTLS_PIN_FINAL_TRY = (1 << 2),
2268 GNUTLS_PIN_COUNT_LOW = (1 << 3),
2269 GNUTLS_PIN_CONTEXT_SPECIFIC = (1 << 4),
2270 GNUTLS_PIN_WRONG = (1 << 5)
2273 enum GNUTLS_PKCS11_PIN_USER = GNUTLS_PIN_USER;
2274 enum GNUTLS_PKCS11_PIN_SO = GNUTLS_PIN_SO;
2275 enum GNUTLS_PKCS11_PIN_FINAL_TRY = GNUTLS_PIN_FINAL_TRY;
2276 enum GNUTLS_PKCS11_PIN_COUNT_LOW = GNUTLS_PIN_COUNT_LOW;
2277 enum GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC = GNUTLS_PIN_CONTEXT_SPECIFIC;
2278 enum GNUTLS_PKCS11_PIN_WRONG = GNUTLS_PIN_WRONG;
2281 * gnutls_pin_callback_t:
2282 * @userdata: user-controlled data from gnutls_pkcs11_set_pin_function().
2283 * @attempt: pin-attempt counter, initially 0.
2284 * @token_url: URL of token.
2285 * @token_label: label of token.
2286 * @flags: a #gnutls_pin_flag_t flag.
2287 * @pin: buffer to hold PIN, of size @pin_max.
2288 * @pin_max: size of @pin buffer.
2290 * Callback function type for PKCS#11 or TPM PIN entry. It is set by
2291 * functions like gnutls_pkcs11_set_pin_function().
2293 * The callback should provides the PIN code to unlock the token with
2294 * label @token_label, specified by the URL @token_url.
2296 * The PIN code, as a NUL-terminated ASCII string, should be copied
2297 * into the @pin buffer (of maximum size @pin_max), and return 0 to
2298 * indicate success. Alternatively, the callback may return a
2299 * negative gnutls error code to indicate failure and cancel PIN entry
2300 * (in which case, the contents of the @pin parameter are ignored).
2302 * When a PIN is required, the callback will be invoked repeatedly
2303 * (and indefinitely) until either the returned PIN code is correct,
2304 * the callback returns failure, or the token refuses login (e.g. when
2305 * the token is locked due to too many incorrect PINs!). For the
2306 * first such invocation, the @attempt counter will have value zero;
2307 * it will increase by one for each subsequent attempt.
2309 * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error.
2311 * Since: 2.12.0
2313 //alias gnutls_pin_callback_t = int function (void *userdata, int attempt, const(char)* token_url, const(char)* token_label, uint flags, char* pin, usize pin_max) @nogc;
2315 void gnutls_certificate_set_pin_function(gnutls_certificate_credentials_t,
2316 gnutls_pin_callback_t fn,
2317 void *userdata) /*@nogc*/;
2319 /* Public string related functions */
2320 struct gnutls_buffer_st {}
2321 alias gnutls_buffer_t = gnutls_buffer_st*;
2323 int gnutls_buffer_append_data(gnutls_buffer_t, const(void)* data, usize data_size) @nogc;
2325 /* Public extensions related functions */
2327 alias gnutls_ext_priv_data_t = void *;
2329 void gnutls_ext_set_data(gnutls_session_t session, uint type,
2330 gnutls_ext_priv_data_t) @nogc;
2331 int gnutls_ext_get_data(gnutls_session_t session, uint type,
2332 gnutls_ext_priv_data_t *) @nogc;
2334 //alias gnutls_ext_recv_func = int function (gnutls_session_t session, const(ubyte)* data, usize len) @nogc;
2335 //alias gnutls_ext_send_func = int function (gnutls_session_t session, gnutls_buffer_t extdata) @nogc;
2336 //alias gnutls_ext_deinit_data_func = void function (gnutls_ext_priv_data_t data) @nogc;
2337 //alias gnutls_ext_pack_func = int function (gnutls_ext_priv_data_t data, gnutls_buffer_t packed_data) @nogc;
2338 //alias gnutls_ext_unpack_func = int function (gnutls_buffer_t packed_data, gnutls_ext_priv_data_t *data) @nogc;
2341 * gnutls_ext_parse_type_t:
2342 * @GNUTLS_EXT_NONE: Never parsed
2343 * @GNUTLS_EXT_ANY: Any extension type.
2344 * @GNUTLS_EXT_APPLICATION: Application extension.
2345 * @GNUTLS_EXT_TLS: TLS-internal extension.
2346 * @GNUTLS_EXT_MANDATORY: Extension parsed even if resuming (or extensions are disabled).
2348 * Enumeration of different TLS extension types. This flag
2349 * indicates for an extension whether it is useful to application
2350 * level or TLS level only. This is (only) used to parse the
2351 * application level extensions before the "client_hello" callback
2352 * is called.
2354 alias gnutls_ext_parse_type_t = int;
2355 enum : int {
2356 GNUTLS_EXT_ANY = 0,
2357 GNUTLS_EXT_APPLICATION = 1,
2358 GNUTLS_EXT_TLS = 2,
2359 GNUTLS_EXT_MANDATORY = 3,
2360 GNUTLS_EXT_NONE = 4
2363 /* Register a custom tls extension
2365 int gnutls_ext_register(const(char)* name, int type, gnutls_ext_parse_type_t parse_type,
2366 gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func,
2367 gnutls_ext_deinit_data_func deinit_func, gnutls_ext_pack_func pack_func,
2368 gnutls_ext_unpack_func unpack_func) /*@nogc*/;
2370 /* Public supplemental data related functions */
2372 //alias gnutls_supp_recv_func = int function (gnutls_session_t session, const(ubyte)* data, usize data_size) @nogc;
2373 //alias gnutls_supp_send_func = int function (gnutls_session_t session, gnutls_buffer_t buf) @nogc;
2375 int gnutls_supplemental_register(const(char)* name,
2376 gnutls_supplemental_data_format_type_t type,
2377 gnutls_supp_recv_func supp_recv_func,
2378 gnutls_supp_send_func supp_send_func) /*@nogc*/;
2380 void gnutls_supplemental_recv(gnutls_session_t session, uint do_recv_supplemental) @nogc;
2382 void gnutls_supplemental_send(gnutls_session_t session, uint do_send_supplemental) @nogc;
2384 /* FIPS140-2 related functions */
2385 int gnutls_fips140_mode_enabled() @nogc;
2387 /* Gnutls error codes. The mapping to a TLS alert is also shown in
2388 * comments.
2391 enum GNUTLS_E_SUCCESS = 0;
2392 enum GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM = -3;
2393 enum GNUTLS_E_UNKNOWN_CIPHER_TYPE = -6;
2394 enum GNUTLS_E_LARGE_PACKET = -7;
2395 enum GNUTLS_E_UNSUPPORTED_VERSION_PACKET = -8; /* GNUTLS_A_PROTOCOL_VERSION */
2396 enum GNUTLS_E_UNEXPECTED_PACKET_LENGTH = -9; /* GNUTLS_A_RECORD_OVERFLOW */
2397 enum GNUTLS_E_INVALID_SESSION = -10;
2398 enum GNUTLS_E_FATAL_ALERT_RECEIVED = -12;
2399 enum GNUTLS_E_UNEXPECTED_PACKET = -15; /* GNUTLS_A_UNEXPECTED_MESSAGE */
2400 enum GNUTLS_E_WARNING_ALERT_RECEIVED = -16;
2401 enum GNUTLS_E_ERROR_IN_FINISHED_PACKET = -18;
2402 enum GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET = -19;
2403 enum GNUTLS_E_UNKNOWN_CIPHER_SUITE = -21; /* GNUTLS_A_HANDSHAKE_FAILURE */
2404 enum GNUTLS_E_UNWANTED_ALGORITHM = -22;
2405 enum GNUTLS_E_MPI_SCAN_FAILED = -23;
2406 enum GNUTLS_E_DECRYPTION_FAILED = -24; /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */
2407 enum GNUTLS_E_MEMORY_ERROR = -25;
2408 enum GNUTLS_E_DECOMPRESSION_FAILED = -26; /* GNUTLS_A_DECOMPRESSION_FAILURE */
2409 enum GNUTLS_E_COMPRESSION_FAILED = -27;
2410 enum GNUTLS_E_AGAIN = -28;
2411 enum GNUTLS_E_EXPIRED = -29;
2412 enum GNUTLS_E_DB_ERROR = -30;
2413 enum GNUTLS_E_SRP_PWD_ERROR = -31;
2414 enum GNUTLS_E_INSUFFICIENT_CREDENTIALS = -32;
2415 enum GNUTLS_E_INSUFICIENT_CREDENTIALS = GNUTLS_E_INSUFFICIENT_CREDENTIALS; /* for backwards compatibility only */
2416 enum GNUTLS_E_INSUFFICIENT_CRED = GNUTLS_E_INSUFFICIENT_CREDENTIALS;
2417 enum GNUTLS_E_INSUFICIENT_CRED = GNUTLS_E_INSUFFICIENT_CREDENTIALS; /* for backwards compatibility only */
2419 enum GNUTLS_E_HASH_FAILED = -33;
2420 enum GNUTLS_E_BASE64_DECODING_ERROR = -34;
2422 enum GNUTLS_E_MPI_PRINT_FAILED = -35;
2423 enum GNUTLS_E_REHANDSHAKE = -37; /* GNUTLS_A_NO_RENEGOTIATION */
2424 enum GNUTLS_E_GOT_APPLICATION_DATA = -38;
2425 enum GNUTLS_E_RECORD_LIMIT_REACHED = -39;
2426 enum GNUTLS_E_ENCRYPTION_FAILED = -40;
2428 enum GNUTLS_E_PK_ENCRYPTION_FAILED = -44;
2429 enum GNUTLS_E_PK_DECRYPTION_FAILED = -45;
2430 enum GNUTLS_E_PK_SIGN_FAILED = -46;
2431 enum GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION = -47;
2432 enum GNUTLS_E_KEY_USAGE_VIOLATION = -48;
2433 enum GNUTLS_E_NO_CERTIFICATE_FOUND = -49; /* GNUTLS_A_BAD_CERTIFICATE */
2434 enum GNUTLS_E_INVALID_REQUEST = -50;
2435 enum GNUTLS_E_SHORT_MEMORY_BUFFER = -51;
2436 enum GNUTLS_E_INTERRUPTED = -52;
2437 enum GNUTLS_E_PUSH_ERROR = -53;
2438 enum GNUTLS_E_PULL_ERROR = -54;
2439 enum GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER = -55; /* GNUTLS_A_ILLEGAL_PARAMETER */
2440 enum GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE = -56;
2441 enum GNUTLS_E_PKCS1_WRONG_PAD = -57;
2442 enum GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION = -58;
2443 enum GNUTLS_E_INTERNAL_ERROR = -59;
2444 enum GNUTLS_E_DH_PRIME_UNACCEPTABLE = -63;
2445 enum GNUTLS_E_FILE_ERROR = -64;
2446 enum GNUTLS_E_TOO_MANY_EMPTY_PACKETS = -78;
2447 enum GNUTLS_E_UNKNOWN_PK_ALGORITHM = -80;
2448 enum GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS = -81;
2450 /* returned if you need to generate temporary RSA
2451 * parameters. These are needed for export cipher suites.
2453 enum GNUTLS_E_NO_TEMPORARY_RSA_PARAMS = -84;
2455 enum GNUTLS_E_NO_COMPRESSION_ALGORITHMS = -86;
2456 enum GNUTLS_E_NO_CIPHER_SUITES = -87;
2458 enum GNUTLS_E_OPENPGP_GETKEY_FAILED = -88;
2459 enum GNUTLS_E_PK_SIG_VERIFY_FAILED = -89;
2461 enum GNUTLS_E_ILLEGAL_SRP_USERNAME = -90;
2462 enum GNUTLS_E_SRP_PWD_PARSING_ERROR = -91;
2463 enum GNUTLS_E_NO_TEMPORARY_DH_PARAMS = -93;
2465 /* For certificate and key stuff
2467 enum GNUTLS_E_ASN1_ELEMENT_NOT_FOUND = -67;
2468 enum GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND = -68;
2469 enum GNUTLS_E_ASN1_DER_ERROR = -69;
2470 enum GNUTLS_E_ASN1_VALUE_NOT_FOUND = -70;
2471 enum GNUTLS_E_ASN1_GENERIC_ERROR = -71;
2472 enum GNUTLS_E_ASN1_VALUE_NOT_VALID = -72;
2473 enum GNUTLS_E_ASN1_TAG_ERROR = -73;
2474 enum GNUTLS_E_ASN1_TAG_IMPLICIT = -74;
2475 enum GNUTLS_E_ASN1_TYPE_ANY_ERROR = -75;
2476 enum GNUTLS_E_ASN1_SYNTAX_ERROR = -76;
2477 enum GNUTLS_E_ASN1_DER_OVERFLOW = -77;
2478 enum GNUTLS_E_OPENPGP_UID_REVOKED = -79;
2479 enum GNUTLS_E_CERTIFICATE_ERROR = -43;
2480 enum GNUTLS_E_X509_CERTIFICATE_ERROR = GNUTLS_E_CERTIFICATE_ERROR;
2481 enum GNUTLS_E_CERTIFICATE_KEY_MISMATCH = -60;
2482 enum GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE = -61; /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
2483 enum GNUTLS_E_X509_UNKNOWN_SAN = -62;
2484 enum GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED = -94;
2485 enum GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE = -95;
2486 enum GNUTLS_E_UNKNOWN_HASH_ALGORITHM = -96;
2487 enum GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE = -97;
2488 enum GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE = -98;
2489 enum GNUTLS_E_INVALID_PASSWORD = -99;
2490 enum GNUTLS_E_MAC_VERIFY_FAILED = -100; /* for PKCS #12 MAC */
2491 enum GNUTLS_E_CONSTRAINT_ERROR = -101;
2493 enum GNUTLS_E_WARNING_IA_IPHF_RECEIVED = -102;
2494 enum GNUTLS_E_WARNING_IA_FPHF_RECEIVED = -103;
2496 enum GNUTLS_E_IA_VERIFY_FAILED = -104;
2497 enum GNUTLS_E_UNKNOWN_ALGORITHM = -105;
2498 enum GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM = -106;
2499 enum GNUTLS_E_SAFE_RENEGOTIATION_FAILED = -107;
2500 enum GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED = -108;
2501 enum GNUTLS_E_UNKNOWN_SRP_USERNAME = -109;
2502 enum GNUTLS_E_PREMATURE_TERMINATION = -110;
2504 enum GNUTLS_E_BASE64_ENCODING_ERROR = -201;
2505 enum GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY = -202; /* obsolete */
2506 enum GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY = -202;
2507 enum GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY = -203;
2509 enum GNUTLS_E_OPENPGP_KEYRING_ERROR = -204;
2510 enum GNUTLS_E_X509_UNSUPPORTED_OID = -205;
2512 enum GNUTLS_E_RANDOM_FAILED = -206;
2513 enum GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR = -207;
2515 enum GNUTLS_E_OPENPGP_SUBKEY_ERROR = -208;
2517 enum GNUTLS_E_CRYPTO_ALREADY_REGISTERED = GNUTLS_E_ALREADY_REGISTERED;
2518 enum GNUTLS_E_ALREADY_REGISTERED = -209;
2520 enum GNUTLS_E_HANDSHAKE_TOO_LARGE = -210;
2522 enum GNUTLS_E_CRYPTODEV_IOCTL_ERROR = -211;
2523 enum GNUTLS_E_CRYPTODEV_DEVICE_ERROR = -212;
2525 enum GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE = -213;
2526 enum GNUTLS_E_BAD_COOKIE = -214;
2527 enum GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR = -215;
2528 enum GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL = -216;
2529 enum GNUTLS_E_INSUFFICIENT_SECURITY = -217;
2531 enum GNUTLS_E_HEARTBEAT_PONG_RECEIVED = -292;
2532 enum GNUTLS_E_HEARTBEAT_PING_RECEIVED = -293;
2534 /* PKCS11 related */
2535 enum GNUTLS_E_PKCS11_ERROR = -300;
2536 enum GNUTLS_E_PKCS11_LOAD_ERROR = -301;
2537 enum GNUTLS_E_PARSING_ERROR = -302;
2538 enum GNUTLS_E_PKCS11_PIN_ERROR = -303;
2540 enum GNUTLS_E_PKCS11_SLOT_ERROR = -305;
2541 enum GNUTLS_E_LOCKING_ERROR = -306;
2542 enum GNUTLS_E_PKCS11_ATTRIBUTE_ERROR = -307;
2543 enum GNUTLS_E_PKCS11_DEVICE_ERROR = -308;
2544 enum GNUTLS_E_PKCS11_DATA_ERROR = -309;
2545 enum GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR = -310;
2546 enum GNUTLS_E_PKCS11_KEY_ERROR = -311;
2547 enum GNUTLS_E_PKCS11_PIN_EXPIRED = -312;
2548 enum GNUTLS_E_PKCS11_PIN_LOCKED = -313;
2549 enum GNUTLS_E_PKCS11_SESSION_ERROR = -314;
2550 enum GNUTLS_E_PKCS11_SIGNATURE_ERROR = -315;
2551 enum GNUTLS_E_PKCS11_TOKEN_ERROR = -316;
2552 enum GNUTLS_E_PKCS11_USER_ERROR = -317;
2554 enum GNUTLS_E_CRYPTO_INIT_FAILED = -318;
2555 enum GNUTLS_E_TIMEDOUT = -319;
2556 enum GNUTLS_E_USER_ERROR = -320;
2557 enum GNUTLS_E_ECC_NO_SUPPORTED_CURVES = -321;
2558 enum GNUTLS_E_ECC_UNSUPPORTED_CURVE = -322;
2559 enum GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE = -323;
2560 enum GNUTLS_E_CERTIFICATE_LIST_UNSORTED = -324;
2561 enum GNUTLS_E_ILLEGAL_PARAMETER = -325;
2562 enum GNUTLS_E_NO_PRIORITIES_WERE_SET = -326;
2563 enum GNUTLS_E_X509_UNSUPPORTED_EXTENSION = -327;
2564 enum GNUTLS_E_SESSION_EOF = -328;
2566 enum GNUTLS_E_TPM_ERROR = -329;
2567 enum GNUTLS_E_TPM_KEY_PASSWORD_ERROR = -330;
2568 enum GNUTLS_E_TPM_SRK_PASSWORD_ERROR = -331;
2569 enum GNUTLS_E_TPM_SESSION_ERROR = -332;
2570 enum GNUTLS_E_TPM_KEY_NOT_FOUND = -333;
2571 enum GNUTLS_E_TPM_UNINITIALIZED = -334;
2572 enum GNUTLS_E_TPM_NO_LIB = -335;
2574 enum GNUTLS_E_NO_CERTIFICATE_STATUS = -340;
2575 enum GNUTLS_E_OCSP_RESPONSE_ERROR = -341;
2576 enum GNUTLS_E_RANDOM_DEVICE_ERROR = -342;
2577 enum GNUTLS_E_AUTH_ERROR = -343;
2578 enum GNUTLS_E_NO_APPLICATION_PROTOCOL = -344;
2579 enum GNUTLS_E_SOCKETS_INIT_ERROR = -345;
2580 enum GNUTLS_E_KEY_IMPORT_FAILED = -346;
2581 enum GNUTLS_E_INAPPROPRIATE_FALLBACK = -347; /*GNUTLS_A_INAPPROPRIATE_FALLBACK*/
2582 enum GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR = -348;
2584 enum GNUTLS_E_SELF_TEST_ERROR = -400;
2585 enum GNUTLS_E_NO_SELF_TEST = -401;
2586 enum GNUTLS_E_LIB_IN_ERROR_STATE = -402;
2587 enum GNUTLS_E_PK_GENERATION_ERROR = -403;
2588 enum GNUTLS_E_IDNA_ERROR = -404;
2590 enum GNUTLS_E_NEED_FALLBACK = -405;
2592 enum GNUTLS_E_UNIMPLEMENTED_FEATURE = -1250;
2596 enum GNUTLS_E_APPLICATION_ERROR_MAX = -65000;
2597 enum GNUTLS_E_APPLICATION_ERROR_MIN = -65500;